Skip to content

v2.36.0
Compare
Choose a tag to compare
@github-actions github-actions released this 18 Oct 21:55
v2.36.0
199631a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Release summary

  • New queries added for the following rule packages: Banned2, BitfieldTypes2, FunctionTypes, NoReturn, Types2, DeadCode
  • The following changes have been made for this release:
    • RULE-1-2 - LanguageExtensionsShouldNotBeUsed.ql:
      • Improve reporting by describing which language extensions are used.
      • Improve reporting by aggregating results generated from a macro expansion at the generating macro location.
      • Reduce false positives for the variable length array check by permitting those extensions which are included in the C99 standard.
    • M0-1-9 - DeadCode.ql
      • Remove false positives for statements where the enclosing function is compiled multiple times, either as part of different targets or a different template instantiations. Previously we would see false positives where a statement was dead in one instance of the code, but not other instances. We now only consider a statement dead if it is dead in all instances of that code.
  • RULE-2-2 - DeadCode.ql:
    • Query has been rewritten to report only operations that are considered dead, not statements. This should reduce false positives.
    • Remove false positives for operations where the enclosing function is compiled multiple times, either as part of different targets or a different template instantiations. Previously we would see false positives where a operation was dead in one instance of the code, but not other instances. We now only consider a operation dead if it is dead in all instances of that code.
  • A7-6-1, MSC53-CPP, RULE-9-6-4 - FunctionNoReturnAttbrituteCondition.qll
    • Analysis expanded from functions with "noreturn" attribute, now includes the "noreturn" specifier as well to handle new c rules. No difference in C++ results expected.
    • Exclude compiler generated functions from being reported.
  • RULE-10-7 - ImplicitConversionOfCompositeExpression.ql:
    • Improved performance on larger codebases.
  • SIG31-C - DoNotAccessSharedObjectsInSignalHandlers.ql:
    • Improved performance on larger codebases.
  • M0-1-10 - UnusedFunction.ql:
    • Fixes #711. Excludes constexpr functions, considers functions from GoogleTest as an EntryPoint and does not consider special member functions. Another query called UnusedSplMemberFunction.ql is created that reports unused special member functions. This is done so as to enable deviations to be applied to this case.
  • The following query suites have been added or modified for MISRA C:
    • A new query suite has been created misra-c-default.qls to avoid confusion with the MISRA C++ query suites. The misra-default.qls suite has been deprecated, and will be removed in a future releases, and is replaced by the misra-c-default.qls suite.
      • The misra-c-default.qls suite has been specified as the default for the pack, and will include our most up-to-date coverage for MISRA C.
    • A new query suite misra-c-2012-third-edition-with-amendment-2.qls has been created to represent our previous MISRA C coverage. Note: this query suite will run the rules that were present in MISRA C 2012, Third Edition, First Revision and Amendment 2. The interpretation of those rules may be updated to reflect changes in more recent MISRA standards.
    • Three new query suites, misra-c-mandatory.qls, misra-c-required.qls and misra-c-advisory.qls, have been added to enable running mandatory, required or advisory queries.
  • The following query suites have been added or modified for MISRA C++:
    • A new query suite has been created misra-cpp-default.qls to avoid confusion with the MISRA C query suites. The misra-default.qls suite has been deprecated, and will be removed in a future releases, and is replaced by the misra-cpp-default.qls suite.
      • The misra-cpp-default.qls suite has been specified as the default for the pack, and will include our most up-to-date coverage for MISRA C.
    • A new query suite has been created misra-cpp-single-translation-unit.qls to avoid confusion with the MISRA C query suites. The misra-single-translation-unit.qls suite has been deprecated, and will be removed in a future releases, and is replaced by the misra-cpp-single-translation-unit.qls suite.
    • Three new query suites, misra-cpp-mandatory.qls, misra-c-required.qls and misra-c-advisory.qls, have been added to enable running mandatory, required or advisory queries.
  • A0-1-1 - UselessAssignments.qll:
    • Remove (dead code) useless assignment false positive when integer constant expression is used to define the size of an array.
  • Updated the CodeQL version to 2.15.5.
  • RULE-11-3, RULE-11-4, RULE-11-5, RULE-11-7 - CastBetweenObjectPointerAndDifferentObjectType.ql, ConversionBetweenPointerToObjectAndIntegerType.ql, ConversionFromPointerToVoidIntoPointerToObject.ql, CastBetweenPointerToObjectAndNonIntArithmeticType.ql:
    • Removed false positives where casts involved a specified void type pointer, e.g. const void*, which should not be considered as a pointer to object.
  • RULE-11-5 - ConversionFromPointerToVoidIntoPointerToObject.ql:
    • Addressed false negatives where the pointer-to-void was specified.
  • A7-1-3 - CvQualifiersNotPlacedOnTheRightHandSide.ql:
    • Removed false positives where a correctly CV-qualified typedef variable type was also referenced in the initializer.
  • A14-5-2 - NonTemplateMemberDefinedInTemplate.ql
    • Fixes #739. Correctly detect template parameters specified in using alias base types, e.g. using T1 = some_type<T>::Type;.
  • RULE-10-4 - OperandswithMismatchedEssentialTypeCategory.ql:
    • Removed false positives where a specified or typedef'd enum type was compared to an enum constant type.
  • EssentialType - for all queries related to essential types:
    • \n and other control characters are now correctly deduced as essentially char type, instead of an essentially integer type.
    • Enum constants for anonymous enums are now correctly deduced as an essentially signed integer type instead of essentially enum.

Supported versions

  • The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
  • The Code Scanning pack is supported when:
    • Using the CodeQL CLI version 2.15.5 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.15.5.
    • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.15.5.

Appendix: AUTOSAR new queries

New queries added to cover the following rules:

  • M0-1-10 - UnusedSplMemberFunction.ql

Appendix: MISRA-C-2012 new queries

New queries added to cover the following rules:

  • RULE-6-3 - BitFieldDeclaredAsMemberOfAUnion.ql
  • RULE-7-5 - InvalidIntegerConstantMacroArgument.ql, InvalidLiteralForIntegerConstantMacroArgument.ql, IntegerConstantMacroArgumentUsesSuffix.ql, IncorrectlySizedIntegerConstantMacroArgument.ql
  • RULE-7-6 - UseOfBannedSmallIntegerConstantMacro.ql
  • RULE-17-9 - ReturnStatementInNoreturnFunction.ql
  • RULE-17-10 - NonVoidReturnTypeOfNoreturnFunction.ql
  • RULE-17-11 - FunctionWithNoReturningBranchShouldBeNoreturn.ql
  • RULE-17-12 - FunctionAddressesShouldAddressOperator.ql
  • RULE-21-24 - CallToBannedRandomFunction.ql
Assets 8
Loading