Mar 17, 2023 · Mar 16, 2023 · Mar 16, 2023 · Mar 16, 2023 · Mar 17, 2023 · Mar 17, 2023
diff --git a/c/cert/src/qlpack.yml b/c/cert/src/qlpack.yml
 name: codeql/cert-c-coding-standards
 version: 2.15.0
 version: 2.15.1
 description: CERT C 2016
 suites: codeql-suites
 license: MIT
diff --git a/c/cert/test/qlpack.yml b/c/cert/test/qlpack.yml
 name: codeql/cert-c-coding-standards-tests
 version: 2.15.0
 version: 2.15.1
 extractor: cpp
 license: MIT
 dependencies:
diff --git a/c/common/src/qlpack.yml b/c/common/src/qlpack.yml
 name: codeql/common-c-coding-standards
 version: 2.15.0
 version: 2.15.1
 license: MIT
 dependencies:
  codeql/common-cpp-coding-standards: '*'
diff --git a/c/common/test/qlpack.yml b/c/common/test/qlpack.yml
 name: codeql/common-c-coding-standards-tests
 version: 2.15.0
 version: 2.15.1
 extractor: cpp
 license: MIT
 dependencies:
diff --git a/c/misra/src/codingstandards/c/misra/EssentialTypes.qll b/c/misra/src/codingstandards/c/misra/EssentialTypes.qll
  }
 }

 /**
 * An expression in the program that evaluates to a compile time constant signed or unsigned integer.
 */
 private class ConstantIntegerExpr extends Expr {
  pragma[noinline]
  ConstantIntegerExpr() {
    getEssentialTypeCategory(this.getType()) =
      [
        EssentiallyUnsignedType().(EssentialTypeCategory),
        EssentiallySignedType().(EssentialTypeCategory)
      ] and
    exists(this.getValue().toFloat()) and
    not this instanceof Conversion
  }
 }

 /** A `float` which represents an integer constant in the program. */
 private class IntegerConstantAsFloat extends float {
  IntegerConstantAsFloat() { exists(ConstantIntegerExpr ce | this = ce.getValue().toFloat()) }
 }

 /**
 * Identifies which integral types from which type categories can represent a given integer constant
 * in the program.
 */
 pragma[nomagic]
 private predicate isCandidateIntegralType(
  EssentialTypeCategory cat, IntegralType it, IntegerConstantAsFloat c
 ) {
  getEssentialTypeCategory(it) = cat and
  c = any(ConstantIntegerExpr ce).getValue().toFloat() and
  // As with range analysis, we assume two's complement representation
  typeLowerBound(it) <= c and
  typeUpperBound(it) >= c
 }

 /**
 * Gets the unsigned type of lowest rank that can represent the value of the given expression,
 * assuming that the expression is essentially unsigned.
 */
 private IntegralType utlr(Expr const) {
 pragma[nomagic]
 private IntegralType utlr(ConstantIntegerExpr const) {
  getEssentialTypeCategory(const.getType()) = EssentiallyUnsignedType() and
 getEssentialTypeCategory(result) =EssentiallyUnsignedType() and
  exists(float c | c = const.getValue().toFloat() |
    // As with range analysis, we assume two's complement representation
    typeLowerBound(result) <= c and
   typeUpperBound(result) >= c and
   forall(IntegralType it |
     getEssentialTypeCategory(it) = EssentiallyUnsignedType() and
      typeLowerBound(it) <= c and
      typeUpperBound(it) >= c
  |
    result.getSize() <= it.getSize()
    )
  result =utlr_c(const.getValue().toFloat())
 }

 /**
 * Given an integer constant that appears in the program, gets the unsigned type of lowest rank
 * that can hold it.
 */
 pragma[nomagic]
 private IntegralType utlr_c(IntegerConstantAsFloat c) {
 isCandidateIntegralType(EssentiallyUnsignedType(), result, c) and
 forall(IntegralType it | isCandidateIntegralType(EssentiallyUnsignedType(), it, c) |
 result.getSize() <= it.getSize()
  )
 }

 /**
 * Gets the signed type of lowest rank that can represent the value of the given expression,
 * assuming that the expression is essentially signed.
 */
 private IntegralType stlr(Expr const) {
 pragma[nomagic]
 private IntegralType stlr(ConstantIntegerExpr const) {
  getEssentialTypeCategory(const.getType()) = EssentiallySignedType() and
 getEssentialTypeCategory(result) =EssentiallySignedType() and
  exists(float c | c = const.getValue().toFloat() |
    // As with range analysis, we assume two's complement representation
    typeLowerBound(result) <= c and
   typeUpperBound(result) >= c and
   forall(IntegralType it |
     getEssentialTypeCategory(it) = EssentiallySignedType() and
      typeLowerBound(it) <= c and
      typeUpperBound(it) >= c
  |
    result.getSize() <= it.getSize()
    )
  result =stlr_c(const.getValue().toFloat())
 }

 /**
 * Given an integer constant that appears in the program, gets the signed type of lowest rank
 * that can hold it.
 */
 pragma[nomagic]
 private IntegralType stlr_c(IntegerConstantAsFloat c) {
 isCandidateIntegralType(EssentiallySignedType(), result, c) and
 forall(IntegralType it | isCandidateIntegralType(EssentiallySignedType(), it, c) |
 result.getSize() <= it.getSize()
  )
 }

 /**
 * Gets the essential type of the given expression `e`, considering any explicit conversions.
 */
 pragma[nomagic]
 Type getEssentialType(Expr e) {
  if e.hasExplicitConversion()
  then
diff --git a/c/misra/src/qlpack.yml b/c/misra/src/qlpack.yml
 name: codeql/misra-c-coding-standards
 version: 2.15.0
 version: 2.15.1
 description: MISRA C 2012
 suites: codeql-suites
 license: MIT
diff --git a/c/misra/src/rules/RULE-10-5/InappropriateEssentialTypeCast.ql b/c/misra/src/rules/RULE-10-5/InappropriateEssentialTypeCast.ql
    ]
 }

 predicate isCastTypes(
  Cast c, Type essentialFromType, Type essentialToType, EssentialTypeCategory fromCategory,
  EssentialTypeCategory toCategory
 ) {
  essentialFromType = getEssentialTypeBeforeConversions(c.getExpr()) and
  essentialToType = c.getType() and
  fromCategory = getEssentialTypeCategory(essentialFromType) and
  toCategory = getEssentialTypeCategory(essentialToType)
 }

 from
  Cast c, Type essentialFromType, Type essentialToType, EssentialTypeCategory fromCategory,
  EssentialTypeCategory toCategory, string message
 where
  not isExcluded(c, EssentialTypesPackage::inappropriateEssentialTypeCastQuery()) and
  not c.isImplicit() and
  essentialFromType = getEssentialTypeBeforeConversions(c.getExpr()) and
  essentialToType = c.getType() and
  fromCategory = getEssentialTypeCategory(essentialFromType) and
  toCategory = getEssentialTypeCategory(essentialToType) and
  isCastTypes(c, essentialFromType, essentialToType, fromCategory, toCategory) and
  isIncompatibleEssentialTypeCast(fromCategory, toCategory) and
  (
    if fromCategory = EssentiallyEnumType() and toCategory = EssentiallyEnumType()
diff --git a/c/misra/test/qlpack.yml b/c/misra/test/qlpack.yml
 name: codeql/misra-c-coding-standards-tests
 version: 2.15.0
 version: 2.15.1
 extractor: cpp
 license: MIT
 dependencies:
diff --git a/change_notes/2023-03-16-essential-types-performance.md b/change_notes/2023-03-16-essential-types-performance.md
 * The performance of the following queries related to essential types have been improved:
   * `Rule 10.1`
   * `Rule 10.2`
   * `Rule 10.3`
   * `Rule 10.4`
   * `Rule 10.5`
   * `Rule 10.6`
   * `Rule 10.7`
   * `Rule 10.8`
   * `Rule 14.1`
   * `Rule 21.14`
   * `Rule 21.16`
diff --git a/cpp/autosar/src/qlpack.yml b/cpp/autosar/src/qlpack.yml
 name: codeql/autosar-cpp-coding-standards
 version: 2.15.0
 version: 2.15.1
 description: AUTOSAR C++14 Guidelines 20-11
 suites: codeql-suites
 license: MIT
diff --git a/cpp/autosar/test/qlpack.yml b/cpp/autosar/test/qlpack.yml
 name: codeql/autosar-cpp-coding-standards-tests
 version: 2.15.0
 version: 2.15.1
 extractor: cpp
 license: MIT
 dependencies:
diff --git a/cpp/cert/src/qlpack.yml b/cpp/cert/src/qlpack.yml
 name: codeql/cert-cpp-coding-standards
 version: 2.15.0
 version: 2.15.1
 description: CERT C++ 2016
 suites: codeql-suites
 license: MIT
diff --git a/cpp/cert/test/qlpack.yml b/cpp/cert/test/qlpack.yml
 name: codeql/cert-cpp-coding-standards-tests
 version: 2.15.0
 version: 2.15.1
 extractor: cpp
 license: MIT
 dependencies:
diff --git a/cpp/common/src/qlpack.yml b/cpp/common/src/qlpack.yml
 name: codeql/common-cpp-coding-standards
 version: 2.15.0
 version: 2.15.1
 license: MIT
 dependencies:
  codeql/cpp-all: 0.3.5
diff --git a/cpp/common/test/qlpack.yml b/cpp/common/test/qlpack.yml
 name: codeql/common-cpp-coding-standards-tests
 version: 2.15.0
 version: 2.15.1
 extractor: cpp
 license: MIT
 dependencies:
diff --git a/cpp/misra/src/qlpack.yml b/cpp/misra/src/qlpack.yml
 name:codeql/misra-cpp-coding-standards
 version:2.15.0
 version:2.15.1
 description:MISRA C++ 2008
 suites:codeql-suites
 license:MIT
diff --git a/cpp/misra/test/qlpack.yml b/cpp/misra/test/qlpack.yml
 name: codeql/misra-cpp-coding-standards-tests
 version: 2.15.0
 version: 2.15.1
 extractor: cpp
 license: MIT
 dependencies:
diff --git a/cpp/report/src/qlpack.yml b/cpp/report/src/qlpack.yml
 name: codeql/report-cpp-coding-standards
 version: 2.15.0
 version: 2.15.1
 license: MIT
 dependencies:
  codeql/cpp-all: 0.3.5
diff --git a/docs/user_manual.md b/docs/user_manual.md
 This user manual documents release `2.10.0` of the coding standards located at https://github.com/github/codeql-coding-standards/releases/tag/v2.10.0 .
 The release page documents the release notes and contains the following artifacts part of the release:

 - `code-scanning-cpp-query-pack-anon-2.15.0.zip`: coding standard queries and scripts to be used with GitHub Code Scanning or the CodeQL CLI as documented in the section _Operating manual_.
 - `supported_rules_list_2.15.0.csv`: A Comma Separated File (CSV) containing the supported rules per standard and the queries that implement the rule.
 - `code-scanning-cpp-query-pack-anon-2.15.1.zip`: coding standard queries and scripts to be used with GitHub Code Scanning or the CodeQL CLI as documented in the section _Operating manual_.
 - `supported_rules_list_2.15.1.csv`: A Comma Separated File (CSV) containing the supported rules per standard and the queries that implement the rule.
 - `upported_rules_list_2.15.0-dev.md`: A Markdown formatted file with a table containing the supported rules per standard and the queries that implement the rule.
 - `user_manual_2.15.0.md`: This user manual.
 - `user_manual_2.15.1.md`: This user manual.
 - `Source Code (zip)`: A zip archive containing the contents of https://github.com/github/codeql-coding-standards
 - `Source Code (tar.gz)`: A GZip compressed tar archive containing the contents of https://github.com/github/codeql-coding-standards
 - `checksums.txt`: A text file containing sha256 checksums for the aforementioned artifacts.
 |                              | Ouf of space                                                                                                                                                       | Less output. Some files may be only be partially analyzed, or not analyzed at all.                                                                        | Error reported on the command line.                                                                                                                                                                                                                                                                                                  | Increase space. If it remains an issue report space consumption issues via the CodeQL Coding Standards [bug tracker](https://github.com/github/codeql-coding-standards/issues).                                                                                                                                                                                            |
 |                              | False positives                                                                                                                                                    | More output. Results are reported which are not violations of the guidelines.                                                                             | All reported results must be reviewed.                                                                                                                                                                                                                                                                                               | Report false positive issues via the CodeQL Coding Standards [bug tracker](https://github.com/github/codeql-coding-standards/issues).                                                                                                                                                                                                                                      |
 |                              | False negatives                                                                                                                                                    | Less output. Violations of the guidelines are not reported.                                                                                               | Other validation and verification processes during software development should be used to complement the analysis performed by CodeQL Coding Standards.                                                                                                                                                                              | Report false negative issues via the CodeQL Coding Standards [bug tracker](https://github.com/github/codeql-coding-standards/issues).                                                                                                                                                                                                                                      |
 |                              | Modifying coding standard suite                                                                                                                                    | More or less output. If queries are added to the query set more result can be reported. If queries are removed less results might be reported.            | All queries supported by the CodeQL Coding Standards are listed in the release artifacts `supported_rules_list_2.15.0.csv` where VERSION is replaced with the used release. The rules in the resulting Sarif file must be cross-referenced with the expected rules in this list to determine the validity of the used CodeQL suite. | Ensure that the CodeQL Coding Standards are not modified in ways that are not documented as supported modifications.                                                                                                                                                                                                                                                       |
 |                              | Modifying coding standard suite                                                                                                                                    | More or less output. If queries are added to the query set more result can be reported. If queries are removed less results might be reported.            | All queries supported by the CodeQL Coding Standards are listed in the release artifacts `supported_rules_list_2.15.1.csv` where VERSION is replaced with the used release. The rules in the resulting Sarif file must be cross-referenced with the expected rules in this list to determine the validity of the used CodeQL suite. | Ensure that the CodeQL Coding Standards are not modified in ways that are not documented as supported modifications.                                                                                                                                                                                                                                                       |
 |                              | Incorrect deviation record specification                                                                                                                           | More output. Results are reported for guidelines for which a deviation is assigned.                                                                       | Analysis integrity report lists all deviations and incorrectly specified deviation records with a reason. Ensure that all deviation records are correctly specified.                                                                                                                                                                 | Ensure that the deviation record is specified according to the specification in the user manual.                                                                                                                                                                                                                                                                           |
 |                              | Incorrect deviation permit specification                                                                                                                           | More output. Results are reported for guidelines for which a deviation is assigned.                                                                       | Analysis integrity report lists all deviations and incorrectly specified deviation permits with a reason. Ensure that all deviation permits are correctly specified.                                                                                                                                                                 | Ensure that the deviation record is specified according to the specification in the user manual.                                                                                                                                                                                                                                                                           |
 |                              | Unapproved use of a deviation record                                                                                                                               | Less output. Results for guideline violations are not reported.                                                                                           | Validate that the deviation record use is approved by verifying the approved-by attribute of the deviation record specification.                                                                                                                                                                                                     | Ensure that each raised deviation record is approved by an independent approver through an auditable process.                                                                                                                                                                                                                                                              |
Original file line number	Diff line number	Diff line change
		@@ -1,5 +1,5 @@
		name: codeql/cert-c-coding-standards
		version: 2.15.0
		version: 2.15.1
		description: CERT C 2016
		suites: codeql-suites
		license: MIT
Expand Down
Original file line number	Diff line number	Diff line change
		@@ -1,5 +1,5 @@
		name: codeql/cert-c-coding-standards-tests
		version: 2.15.0
		version: 2.15.1
		extractor: cpp
		license: MIT
		dependencies:
Expand Down
Original file line number	Diff line number	Diff line change
		@@ -1,5 +1,5 @@
		name: codeql/common-c-coding-standards
		version: 2.15.0
		version: 2.15.1
		license: MIT
		dependencies:
		codeql/common-cpp-coding-standards: '*'
Expand Down
Original file line number	Diff line number	Diff line change
		@@ -1,5 +1,5 @@
		name: codeql/common-c-coding-standards-tests
		version: 2.15.0
		version: 2.15.1
		extractor: cpp
		license: MIT
		dependencies:
Expand Down
Original file line number	Diff line number	Diff line change
Expand Up		@@ -31,45 +31,83 @@ class EssentialTypeCategory extends TEssentialTypeCategory {
		}
		}

		/**
		* An expression in the program that evaluates to a compile time constant signed or unsigned integer.
		*/
		private class ConstantIntegerExpr extends Expr {
		pragma[noinline]
		ConstantIntegerExpr() {
		getEssentialTypeCategory(this.getType()) =
		[
		EssentiallyUnsignedType().(EssentialTypeCategory),
		EssentiallySignedType().(EssentialTypeCategory)
		] and
		exists(this.getValue().toFloat()) and
		not this instanceof Conversion
		}
		}

		/** A `float` which represents an integer constant in the program. */
		private class IntegerConstantAsFloat extends float {
		IntegerConstantAsFloat() { exists(ConstantIntegerExpr ce \| this = ce.getValue().toFloat()) }
		}

		/**
		* Identifies which integral types from which type categories can represent a given integer constant
		* in the program.
		*/
		pragma[nomagic]
		private predicate isCandidateIntegralType(
		EssentialTypeCategory cat, IntegralType it, IntegerConstantAsFloat c
		) {
		getEssentialTypeCategory(it) = cat and
		c = any(ConstantIntegerExpr ce).getValue().toFloat() and
		// As with range analysis, we assume two's complement representation
		typeLowerBound(it) <= c and
		typeUpperBound(it) >= c
		}

		/**
		* Gets the unsigned type of lowest rank that can represent the value of the given expression,
		* assuming that the expression is essentially unsigned.
		*/
		private IntegralType utlr(Expr const) {
		pragma[nomagic]
		private IntegralType utlr(ConstantIntegerExpr const) {
		getEssentialTypeCategory(const.getType()) = EssentiallyUnsignedType() and
		getEssentialTypeCategory(result) =EssentiallyUnsignedType() and
		exists(float c \| c = const.getValue().toFloat() \|
		// As with range analysis, we assume two's complement representation
		typeLowerBound(result) <= c and
		typeUpperBound(result) >= c and
		forall(IntegralType it \|
		getEssentialTypeCategory(it) = EssentiallyUnsignedType() and
		typeLowerBound(it) <= c and
		typeUpperBound(it) >= c
		\|
		result.getSize() <= it.getSize()
		)
		result =utlr_c(const.getValue().toFloat())
		}

		/**
		* Given an integer constant that appears in the program, gets the unsigned type of lowest rank
		* that can hold it.
		*/
		pragma[nomagic]
		private IntegralType utlr_c(IntegerConstantAsFloat c) {
		isCandidateIntegralType(EssentiallyUnsignedType(), result, c) and
		forall(IntegralType it \| isCandidateIntegralType(EssentiallyUnsignedType(), it, c) \|
		result.getSize() <= it.getSize()
		)
		}

		/**
		* Gets the signed type of lowest rank that can represent the value of the given expression,
		* assuming that the expression is essentially signed.
		*/
		private IntegralType stlr(Expr const) {
		pragma[nomagic]
		private IntegralType stlr(ConstantIntegerExpr const) {
		getEssentialTypeCategory(const.getType()) = EssentiallySignedType() and
		getEssentialTypeCategory(result) =EssentiallySignedType() and
		exists(float c \| c = const.getValue().toFloat() \|
		// As with range analysis, we assume two's complement representation
		typeLowerBound(result) <= c and
		typeUpperBound(result) >= c and
		forall(IntegralType it \|
		getEssentialTypeCategory(it) = EssentiallySignedType() and
		typeLowerBound(it) <= c and
		typeUpperBound(it) >= c
		\|
		result.getSize() <= it.getSize()
		)
		result =stlr_c(const.getValue().toFloat())
		}

		/**
		* Given an integer constant that appears in the program, gets the signed type of lowest rank
		* that can hold it.
		*/
		pragma[nomagic]
		private IntegralType stlr_c(IntegerConstantAsFloat c) {
		isCandidateIntegralType(EssentiallySignedType(), result, c) and
		forall(IntegralType it \| isCandidateIntegralType(EssentiallySignedType(), it, c) \|
		result.getSize() <= it.getSize()
		)
		}

Expand DownExpand Up		@@ -108,6 +146,7 @@ EssentialTypeCategory getEssentialTypeCategory(Type type) {
		/**
		* Gets the essential type of the given expression `e`, considering any explicit conversions.
		*/
		pragma[nomagic]
		Type getEssentialType(Expr e) {
		if e.hasExplicitConversion()
		then
Expand Down
Original file line number	Diff line number	Diff line change
		@@ -1,5 +1,5 @@
		name: codeql/misra-c-coding-standards
		version: 2.15.0
		version: 2.15.1
		description: MISRA C 2012
		suites: codeql-suites
		license: MIT
Expand Down
Original file line number	Diff line number	Diff line change
Expand Up		@@ -49,16 +49,23 @@ predicate isIncompatibleEssentialTypeCast(EssentialTypeCategory fromCat, Essenti
		]
		}

		predicate isCastTypes(
		Cast c, Type essentialFromType, Type essentialToType, EssentialTypeCategory fromCategory,
		EssentialTypeCategory toCategory
		) {
		essentialFromType = getEssentialTypeBeforeConversions(c.getExpr()) and
		essentialToType = c.getType() and
		fromCategory = getEssentialTypeCategory(essentialFromType) and
		toCategory = getEssentialTypeCategory(essentialToType)
		}

		from
		Cast c, Type essentialFromType, Type essentialToType, EssentialTypeCategory fromCategory,
		EssentialTypeCategory toCategory, string message
		where
		not isExcluded(c, EssentialTypesPackage::inappropriateEssentialTypeCastQuery()) and
		not c.isImplicit() and
		essentialFromType = getEssentialTypeBeforeConversions(c.getExpr()) and
		essentialToType = c.getType() and
		fromCategory = getEssentialTypeCategory(essentialFromType) and
		toCategory = getEssentialTypeCategory(essentialToType) and
		isCastTypes(c, essentialFromType, essentialToType, fromCategory, toCategory) and
		isIncompatibleEssentialTypeCast(fromCategory, toCategory) and
		(
		if fromCategory = EssentiallyEnumType() and toCategory = EssentiallyEnumType()
Expand Down
Original file line number	Diff line number	Diff line change
		@@ -1,5 +1,5 @@
		name: codeql/misra-c-coding-standards-tests
		version: 2.15.0
		version: 2.15.1
		extractor: cpp
		license: MIT
		dependencies:
Expand Down
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,12 @@
		* The performance of the following queries related to essential types have been improved:
		* `Rule 10.1`
		* `Rule 10.2`
		* `Rule 10.3`
		* `Rule 10.4`
		* `Rule 10.5`
		* `Rule 10.6`
		* `Rule 10.7`
		* `Rule 10.8`
		* `Rule 14.1`
		* `Rule 21.14`
		* `Rule 21.16`
Original file line number	Diff line number	Diff line change
		@@ -1,5 +1,5 @@
		name: codeql/autosar-cpp-coding-standards
		version: 2.15.0
		version: 2.15.1
		description: AUTOSAR C++14 Guidelines 20-11
		suites: codeql-suites
		license: MIT
Expand Down