Releases: github/codeql-coding-standards


30 Sep 15:30
Release summary

  • No new queries were added for this release

  • The following changes have been made for this release:

    • RULE-11-1 - ConversionBetweenFunctionPointerAndOtherType.ql:
      • Fixed issue #331 - consider 0 a null pointer constant.
    • RULE-11-4 - ConversionBetweenPointerToObjectAndIntegerType.ql:
      • Fixed issue #331 - consider 0 a null pointer constant.
      • Improve reporting of the order of the cast and the actual types involved.
      • Improve reporting where the result is expanded from a macro by either reporting the macro itself (if it is not dependent on the context) or by including a link to the macro in the alert message.
    • RULE-11-5 - ConversionFromPointerToVoidIntoPointerToObject.ql:
      • Fixed issue #331 - consider 0 a null pointer constant.
    • RULE-11-6 - CastBetweenPointerToVoidAndArithmeticType.ql:
      • Fixed issue #331 - accept integer constant expressions with value 0 instead of null pointer constants.
    • RULE-11-9 - MacroNullNotUsedAsIntegerNullPointerConstant.ql:
      • Remove false positives in branches of ternary expressions, where 0 was used correctly.
  • A2-7-3 - UndocumentedUserDefinedType.ql:

    • Fixes #606. Fix false positive relating to friend functions in template classes.
  • M0-1-3 - UnusedLocalVariable.ql:

    • Fixes #658. Considers usage of const/constexpr variables in array size and function parameters that are used in arguments of template functions.
  • RULE-12-2 - RightHandOperandOfAShiftRange.ql:

    • Reduce false positives related to ranges determined by %=.
    • Reduce false positives for integer constants with explicit size suffix were incorrectly identified as smaller types.
    • Improve explanation of results, providing additional information on types and size ranges.
    • Combine results stemming from the expansion of a macro, where the result is not dependent on the context.
  • RULE-5-8 - IdentifiersWithExternalLinkageNotUnique.ql

    • Remove false positives where conflicting declarations do not appear in the same link target.
  • RULE-10-1 - OperandsOfAnInappropriateEssentialType.ql

    • Reduce false negatives by supporting operands to the ~ operator with the incorrect essential type.
    • Reduce false positives by identifying the essential type of !<expr> as essentially boolean type.
    • Improve clarity reporting by reporting the violating operand, instead of the operator, and addressing message typos.
  • M0-1-9 - DeadCode.qll:

    • Fixes #678. Remove dead code false positive when integer constant expression is used to define the size of an array.
  • RULE-8-3 - DeclarationsOfAnObjectSameNameAndType.ql

    • Remove false positives where two conflicting declarations are never linked together.
  • M3-4-1 - UnnecessaryExposedIdentifierDeclarationShared.qll:

    • Fixes #665. Exclude variables that are constexpr and coming from template instantiations.
  • RULE-7-2 - UOrUSuffixRepresentedInUnsignedType.ql

    • Remove false positives where integer constants are generated from macros.
    • Remove false positives where a signed integer is implicitly converted to unsigned, which is permitted by the standard.
  • A1-1-2 - CompilerWarningLevelNotInCompliance.ql:

    • Report non-compliance for compilations that use the error-suppressing -w flag.

Supported versions

  • The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
  • The Code Scanning pack is supported when:
    • Using the CodeQL CLI version 2.14.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.14.6.
    • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.14.6.


27 Aug 13:32
Release summary

  • New queries added for the following rule packages: Representation
  • The following changes have been made for this release:
  • M0-2-1 - DoNotPassAliasedPointerToRestrictQualifiedParam.ql:
    • Fixes #119. Adds shared query to cover missing detection of overlapping arrays or pointers in specific list of functions that list undefined behaviour when their parameters overlap.

Appendix: AUTOSAR new queries

New queries added to cover the following rules:

  • M0-2-1 - DoNotPassAliasedPointerToParam.ql


02 Aug 17:13
Release summary

  • New queries added for the following rule packages: ImportMisra23
  • The following changes have been made for this release:
    • A7-2-1 - fix typo in some alert messages.
  • MISRA C++ 2023:
    • Extend the project structure and provide initial support for query writing.
  • A2-7-3 - UndocumentedUserDefinedType.ql:
    • Fixes #391. Declarations for which a Doxygen comment group provides documentation will no longer produce results.
  • M0-1-10 - EncapsulatingFunctions.qll:
    • Fixes #646. Consider typedef'd int return types for main() function as MainFunction.
  • PRE32-C - MacroOrFunctionArgsContainHashToken.ql:
    • Fixes #650. Correctly identifies presence of preprocessor directives in function calls.

Appendix: MISRA-C++-2023 new queries

New queries added to cover the following rules:

  • DIR-5-7-2 - SectionsOfCodeShouldNotBeCommentedOut.ql
  • DIR-15-8-1 - CopyAndMoveAssignmentsShallHandleSelfAssignment.ql
  • RULE-5-7-1 - CharacterSequenceUsedWithinACStyleComment.ql
  • RULE-5-7-3 - LineSplicingUsedInComments.ql
  • RULE-5-13-1 - BackslashCharacterMisuse.ql
  • RULE-5-13-2 - NonTerminatedEscapeSequences.ql
  • RULE-5-13-3 - OctalConstantsUsed.ql
  • RULE-5-13-4 - UnsignedIntegerLiteralsNotAppropriatelySuffixed.ql
  • RULE-5-13-5 - LowercaseLStartsInLiteralSuffix.ql
  • RULE-6-0-3 - GlobalNamespaceDeclarations.ql
  • RULE-6-0-4 - NonGlobalFunctionMain.ql
  • RULE-6-2-1 - OneDefinitionRuleViolated.ql
  • RULE-6-4-1 - VariableDeclaredInInnerScopeHidesOuterScope.ql
  • RULE-6-4-2 - InheritedNonOverridableMemberFunction.ql, InheritedOverridableMemberFunction.ql, DefinitionShallBeConsideredForUnqualifiedLookup.ql
  • RULE-6-4-3 - NameShallBeReferredUsingAQualifiedIdOrThis.ql, NameShallBeReferredUsingAQualifiedIdOrThisAudit.ql
  • RULE-6-8-1 - ObjectAccessedBeforeLifetimeMisra.ql, ObjectAccessedAfterLifetimeMisra.ql
  • RULE-6-8-2 - ReturnReferenceOrPointerToAutomaticLocalVariable.ql
  • RULE-7-11-1 - NullptrNotTheOnlyFormOfTheNullPointerConstant.ql
  • RULE-7-11-2 - ArrayPassedAsFunctionArgumentDecayToAPointer.ql
  • RULE-8-2-3 - CastRemovesConstOrVolatileFromPointerOrReference.ql
  • RULE-8-2-4 - CastsBetweenAPointerToFunctionAndAnyOtherType.ql
  • RULE-8-2-5 - ReinterpretCastShallNotBeUsed.ql
  • RULE-8-2-10 - FunctionsCallThemselvesEitherDirectlyOrIndirectly.ql
  • RULE-8-3-1 - BuiltInUnaryOperatorAppliedToUnsignedExpression.ql
  • RULE-8-18-2 - ResultOfAnAssignmentOperatorShouldNotBeUsed.ql
  • RULE-8-19-1 - CommaOperatorShouldNotBeUsed.ql
  • RULE-8-20-1 - UnsignedOperationWithConstantOperandsWraps.ql
  • RULE-9-3-1 - SwitchBodyCompoundCondition.ql, LoopBodyCompoundCondition.ql
  • RULE-9-4-1 - IfElseIfEndCondition.ql
  • RULE-9-6-1 - GotoStatementShouldNotBeUsed.ql
  • RULE-9-6-2 - GotoReferenceALabelInSurroundingBlock.ql
  • RULE-9-6-3 - GotoShallJumpToLabelDeclaredLaterInTheFunction.ql
  • RULE-9-6-4 - FunctionDeclaredWithTheNoreturnAttributeReturn.ql
  • RULE-9-6-5 - NonVoidFunctionShallReturnAValueOnAllPaths.ql
  • RULE-10-0-1 - UseSingleLocalDeclarators.ql, UseSingleGlobalOrMemberDeclarators.ql
  • RULE-10-2-1 - EnumerationNotDefinedWithAnExplicitUnderlyingType.ql
  • RULE-10-4-1 - AsmDeclarationShallNotBeUsed.ql
  • RULE-11-3-2 - DeclarationOfAnObjectIndirectionsLevel.ql
  • RULE-11-6-3 - NonUniqueEnumerationConstant.ql
  • RULE-12-2-2 - BitFieldShallHaveAnAppropriateType.ql
  • RULE-12-2-3 - SignedIntegerNamedBitFieldHaveALengthOfOneBit.ql
  • RULE-13-1-2 - VirtualAndNonVirtualClassInTheHierarchy.ql
  • RULE-13-3-2 - OverridingShallSpecifyDifferentDefaultArguments.ql
  • RULE-13-3-4 - PotentiallyVirtualPointerOnlyComparesToNullptr.ql
  • RULE-15-1-1 - ObjectsDynamicTypeUsedFromConstructorOrDestructor.ql
  • RULE-15-1-2 - InitializeAllVirtualBaseClasses.ql
  • RULE-15-1-5 - InitializerListConstructorIsTheOnlyConstructor.ql
  • RULE-16-5-2 - AddressOfOperatorOverloaded.ql
  • RULE-17-8-1 - FunctionTemplatesExplicitlySpecialized.ql
  • RULE-18-1-1 - ExceptionObjectHavePointerType.ql
  • RULE-18-1-2 - EmptyThrowOnlyWithinACatchHandler.ql
  • RULE-18-3-3 - HandlersReferToNonStaticMembersFromTheirClass.ql
  • RULE-18-5-1 - NoexceptFunctionShouldNotPropagateToTheCaller.ql
  • RULE-19-0-2 - FunctionLikeMacrosDefined.ql
  • RULE-19-0-3 - IncludeDirectivesPrecededByPreprocessorDirectives.ql
  • RULE-19-1-3 - IdentifiersUsedInTheControllingExpressionOf.ql
  • RULE-19-2-3 - CharsThatShouldNotOccurInHeaderFileName.ql
  • RULE-19-3-1 - AndPreprocessorOperatorsShouldNotBeUsed.ql
  • RULE-19-3-2 - MacroParameterFollowingHash.ql
  • RULE-19-3-3 - AMixedUseMacroArgumentSubjectToExpansion.ql
  • RULE-19-3-5 - TokensThatLookLikeDirectivesInAMacroArgument.ql
  • RULE-21-2-1 - AtofAtoiAtolAndAtollUsed.ql
  • RULE-21-2-4 - MacroOffsetofShallNotBeUsed.ql
  • RULE-21-6-4 - GlobalSizedOperatorDeleteShallBeDefined.ql, GlobalUnsizedOperatorDeleteShallBeDefined.ql
  • RULE-21-6-5 - PointerToAnIncompleteClassTypeDeleted.ql
  • RULE-21-10-3 - CsignalFacilitiesUsed.ql, CsignalTypesShallNotBeUsed.ql
  • RULE-25-5-2 - PointersReturnedByLocaleFunctionsMustBeUsedAsConst.ql
  • RULE-25-5-3 - CallToSetlocaleInvalidatesOldPointersMisra.ql, CallToSetlocaleInvalidatesOldPointersWarnMisra.ql
  • RULE-26-3-1 - VectorShouldNotBeSpecializedWithBool.ql
  • RULE-28-6-2 - ForwardingReferencesAndForwardNotUsedTogether.ql
  • RULE-28-6-3 - ObjectUsedWhileInPotentiallyMovedFromState.ql
  • RULE-30-0-1 - CstdioFunctionsShallNotBeUsed.ql, CstdioMacrosShallNotBeUsed.ql, CstdioTypesShallNotBeUsed.ql
  • RULE-30-0-2 - ReadsAndWritesOnStreamNotSeparatedByPositioning.ql


16 Jul 22:37
Release summary

  • No new queries were added for this release
  • The following changes have been made for this release:
  • A0-4-4,FLP32-C - UncheckedRangeDomainPoleErrors.ql:
    • Fixes #193. Adds missing cases for domain errors, an unspecified result case and pole error cases.
  • M0-1-3 - UnusedGlobalOrNamespaceVariable.ql
    • Reduces false positives by excluding compiler generated variables, and variables in uninstantiated templates.
  • A3-9-1 - VariableWidthIntegerTypesUsed.ql:
    • Fixes #614. Excludes post increment and decrement operators.
  • M9-3-3 - MemberFunctionStaticIfPossible.ql:
    • Fixes #616. Exclude uninstantiated templates.
  • RULE-8-3 - DeclarationsOfAnObjectSameNameAndType.ql:
    • Fixes #618. Consider anonymous structs.
  • A3-1-5 - NonTrivialNonTemplateFunctionDefinedInsideClassDefinition.ql, TrivialOrTemplateFunctionDefinedOutsideClassDefinition.ql:
    • Fixes #611. Relax definition of trivial length of trivial member function to 10 LOC.
  • A7-1-1 - DeclarationUnmodifiedObjectMissingConstSpecifier.ql:
    • Fixes #621. Exclude template instantiations that come from constexpr templates.
  • A7-1-7 - IdentifierDeclarationAndInitializationNotOnSeparateLines.ql:
    • Fixes #628. Excludes Functions.
    • Fixes #630. Excludes struct identifiers and variables on the same line when a typedef is used.

17 Jun 18:42
Release summary

  • No new queries were added for this release
  • The following changes have been made for this release:
  • M0-1-2 - InfeasiblePath.ql:
    • Fixes #376. For template functions we now only report when a path is infeasible regardless of instantiations present.

06 Jun 20:09
Release summary

  • No new queries were added for this release
  • The following changes have been made for this release:
  • A18-5-8 - UnnecessaryUseOfDynamicStorage.ql:
    • Address FP reported in #20. Add model of flow from MakeSharedOrUnique to return expression to capture copy/move elision case NRVO.
  • A7-1-2 - VariableMissingConstexpr.ql:
    • Fixes #607. Remove false positives for compiler generated variables and in uninstantiated templates

28 May 17:07
Release summary

  • No new queries were added for this release
  • The following changes have been made for this release:
  • STR32-C - NonNullTerminatedToFunctionThatExpectsAString.ql:
    • Fixes #31. Realloc was not modelled previously.
  • A2-10-1, RULE-5-3 - IdentifierHiding.ql, IdentifierHidingC.ql:
    • Revert some changes previously made in PR #546 (addressing issue #118). Revert expansion to function identifiers.

08 May 20:19
Release summary

  • No new queries were added for this release
  • The following changes have been made for this release:
  • A2-10-1, RULE-5-3 - IdentifierHiding.ql, IdentifierHidingC.ql:
    • Address FN reported in #118. Rule was missing detection of functions. Additionally omitted class template instantiations.
    • Fix FP for identifiers in nested namespaces.
      M9-3-3: MemberFunctionConstIfPossible.ql:
      • Fix FP reported in 381. Omit member functions that return nonconst reference types.
  • A13-2-2 - BinaryOperatorAndBitwiseOperatorReturnAPrvalue.ql:
    • Replaced the usage of getIdentityString() with toString() to avoid expensive computation to display the Operator names which were causing crashes on production code.

26 Apr 23:37
Release summary

  • No new queries were added for this release
  • Add precompiled queries

09 Apr 22:16
Release summary

  • No new queries were added for this release
  • The following changes have been made for this release:
  • A3-3-1 - ExternalLinkageNotDeclaredInHeaderFile.ql:
    • Adjust the alert message to comply with the style guide.
  • CTR55-CPP - DoNotUseAnAdditiveOperatorOnAnIterator.ql:
    • Address reported FP in #374. Improve logic on valid end checks and size checks on iterators.
  • RULE-6-1 - BitFieldsShallOnlyBeDeclaredWithAnAppropriateType.ql:
    • Address FP reported in #318. Add support for implementation specific bitfield types for Clang and Gcc.

