Merge branch 'main' into lcartey/update-supported-docs

Author: lcartey

.vscode/tasks.json

@@ -140,6 +140,28 @@
             },
             "problemMatcher": []
         },
+        {
+            "label": "🧪 Standards Automation: Build Case Test DB from test file",
+            "type": "shell",
+            "windows": {
+                "command": ".${pathSeparator}scripts${pathSeparator}.venv${pathSeparator}Scripts${pathSeparator}python.exe scripts${pathSeparator}build_test_database.py ${file}"
+            },
+            "linux": {
+                "command": ".${pathSeparator}scripts${pathSeparator}.venv${pathSeparator}bin${pathSeparator}python3 scripts${pathSeparator}build_test_database.py ${file}"
+            },
+            "osx": {
+                "command": ".${pathSeparator}scripts${pathSeparator}.venv${pathSeparator}bin${pathSeparator}python3 scripts${pathSeparator}build_test_database.py ${file}"
+            },
+            "presentation": {
+                "reveal": "always",
+                "panel": "new",
+                "focus": true
+            },
+            "runOptions": {
+                "reevaluateOnRerun": false
+            },
+            "problemMatcher": []
+        },
         {
             "label": "📝 Standards Automation: Format CodeQL",
             "type": "shell",

c/misra/src/rules/RULE-20-8/ControllingExpressionIfDirective.ql

@@ -14,40 +14,35 @@
 
 import cpp
 import codingstandards.c.misra
+import codingstandards.cpp.PreprocessorDirective
 
 /*  A controlling expression is evaluated if it is not excluded (guarded by another controlling expression that is not taken). This translates to it either being taken or not taken.  */
 predicate isEvaluated(PreprocessorBranch b) { b.wasTaken() or b.wasNotTaken() }
 
-class IfOrElifPreprocessorBranch extends PreprocessorBranch {
-  IfOrElifPreprocessorBranch() {
-    this instanceof PreprocessorIf or this instanceof PreprocessorElif
-  }
-}
-
 /**
  * Looks like it contains a single macro, which may be undefined
  */
-class SimpleMacroPreprocessorBranch extends IfOrElifPreprocessorBranch {
+class SimpleMacroPreprocessorBranch extends PreprocessorIfOrElif {
   SimpleMacroPreprocessorBranch() { this.getHead().regexpMatch("[a-zA-Z_][a-zA-Z0-9_]+") }
 }
 
-class SimpleNumericPreprocessorBranch extends IfOrElifPreprocessorBranch {
+class SimpleNumericPreprocessorBranch extends PreprocessorIfOrElif {
   SimpleNumericPreprocessorBranch() { this.getHead().regexpMatch("[0-9]+") }
 }
 
 class ZeroOrOnePreprocessorBranch extends SimpleNumericPreprocessorBranch {
   ZeroOrOnePreprocessorBranch() { this.getHead().regexpMatch("[0|1]") }
 }
 
-predicate containsOnlySafeOperators(IfOrElifPreprocessorBranch b) {
+predicate containsOnlySafeOperators(PreprocessorIfOrElif b) {
   containsOnlyDefinedOperator(b)
   or
   //logic: comparison operators eval last, so they make it safe?
   b.getHead().regexpMatch(".*[\\&\\&|\\|\\||>|<|==].*")
 }
 
 //all defined operators is definitely safe
-predicate containsOnlyDefinedOperator(IfOrElifPreprocessorBranch b) {
+predicate containsOnlyDefinedOperator(PreprocessorIfOrElif b) {
   forall(string portion |
     portion =
       b.getHead()
@@ -65,7 +60,7 @@ class BinaryValuedMacro extends Macro {
   BinaryValuedMacro() { this.getBody().regexpMatch("\\(?(0|1)\\)?") }
 }
 
-from IfOrElifPreprocessorBranch b, string msg
+from PreprocessorIfOrElif b, string msg
 where
   not isExcluded(b, Preprocessor3Package::controllingExpressionIfDirectiveQuery()) and
   isEvaluated(b) and

change_notes/2023-10-04-aggregate-literals-from-variadic-templates.md

@@ -0,0 +1,2 @@
+ `M8-5-2` - `AggregateLiteralEnhancements.qll`:
+   - recognise aggregate literals initialized with parameters from variadic templates.

change_notes/2023-11-03-identifier-hiding-improvements.md

@@ -0,0 +1,3 @@
+ - `A2-10-1`, `RULE-5-3`:
+   - Reduce false positives by considering point of declaration for local variables.
+   - Reduce false negatives by considering catch block parameters to be in scope in the catch block.

change_notes/2023-11-05-m6-5-5-const-refs.md

@@ -0,0 +1,3 @@
+ - `M6-5-5`:
+   - Reduce false positives by no longer considering the taking of a const reference as a modification.
+   - Improve detection of non-local modification of loop iteration variables to reduce false positives.

change_notes/2023-11-22-remove-parameters-a7-1-1.md

@@ -0,0 +1 @@
+ * `A7-1-1` - no longer report parameters as contravening this rule. This is inline with the rule intent as described in the referenced C++ Core Guidelines rule [CON.1](https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines#con1-by-default-make-objects-immutable), which states "To avoid confusion and lots of false positives, don’t enforce this rule for function parameters."

change_notes/2023-11-24-a2-7-3-remove-function-scope.md

@@ -0,0 +1,3 @@
+ * `A2-7-3` - `UndocumentedUserDefinedType.ql`:
+   - Excluding declarations in function scope. The rationale is that these declarations are not exposed outside the scope of the function.
+   

change_notes/2023-12-06-m16-1-1-perf.md

@@ -0,0 +1,4 @@
+ - `M16-1-1` - `DefinedPreProcessorOperatorGeneratedFromExpansionFound.ql`:
+   - Optimize query to improve performance
+   - Improve detection of macros whose body contains the `defined` operator after the start of the macro (e.g. `#define X Y || defined(Z)`).
+   - Enable exclusions to be applied for this rule.

change_notes/2024-01-14-m5-3-3-exclude-binary.md

@@ -0,0 +1,2 @@
+`M5-3-3` - `UnaryOperatorOverloaded.ql`:
+  - Exclude binary user defined `operator&` from this rule.

change_notes/2024-01-16-m5-2-10-arith-only.md

@@ -0,0 +1,2 @@
+ `M5-2-10` - `IncrementAndDecrementOperatorsMixedWithOtherOperatorsInExpression.ql`:
+   - only report use of the increment and decrement operations in conjunction with arithmetic operators, as specified by the rule. Notably we no longer report the expressions of the form `*p++`, which combine increment and dereferencing operations.

change_notes/2024-01-17-a4-7-1-exclude-pointers.md

@@ -0,0 +1 @@
+ * `A4-7-1` - exclude pointer increment and decrement operators from this rule.

change_notes/2024-01-24-throwing-functions-exclude-noexcept.md

@@ -0,0 +1,6 @@
+ * Exceptions are no longer propagated from calls to `noexcept` functions, or calls functions with dynamic exception specifications where the exception is not permitted. This is consistent with the default behaviour specified in `[expect.spec]` which indicates that `std::terminate` is called. This has the following impact:
+   - `A15-4-2`, `ERR55-CPP` - reduce false positives for `noexcept` functions which call other `noexcept` function which may throw.
+   - `A15-2-2` - reduce false positives for constructors which call `noexcept` functions.
+   - `A15-4-5` - reduce false positives for checked exceptions that are thrown from `noexcept` functions called by the original function.
+   - `DCL57-CPP` - do not report exceptions thrown from `noexcept` functions called by deallocation functions or destructors.
+   - `A15-5-1`, `M15-3-1` - do not report exceptions thrown from `noexcept` functions called by special functions.

change_notes/2024-01-25-exclusion-m9-3-3.md

@@ -0,0 +1,2 @@
+`M9-3-3` - `MemberFunctionConstIfPossible.ql`, `MemberFunctionStaticIfPossible.ql`:
+    - Fixes #413. Exclude deleted member functions.

change_notes/2024-01-25-fix-reported-fp-for-a8-4-7.md

@@ -0,0 +1,3 @@
+`A8-4-7` - `InParametersForCheapToCopyTypesNotPassedByValue.ql`, `InParametersForNotCheapToCopyTypesNotPassedByReference.ql`:
+    - Fixes #397. Exclude user defined operators and move constructors.`
+    - Exclude parameters for instantiated templates because the declaration location of the function does not contain enough information about the type used in the instantiation to make an actionable alert. 

change_notes/2024-01-26-exclusion-a5-0-2.md

@@ -0,0 +1,2 @@
+`A5-0-2` - `NonBooleanIfStmt.qll`, `NonBooleanIterationStmt.qll`:
+    - Exclude compiler generated conditions.

change_notes/2024-01-30-exclusion-a13-3-1.md

@@ -0,0 +1,2 @@
+`A13-3-1` - `FunctionThatContainsForwardingReferenceAsItsArgumentOverloaded.ql`:
+    - Fixes #399. Exclude functions that have different number of parameters.

change_notes/2024-01-30-fix-fp-for-a4-7-1.md

@@ -0,0 +1,2 @@
+`A4-7-1`: `IntegerExpressionLeadToDataLoss.ql`
+ - Fix #368: Incorrectly reporting `/=` as a cause for data loss.

change_notes/2024-01-30-fix-fp-for-a8-4-8.md

@@ -0,0 +1,7 @@
+- `A8-4-8` - `OutParametersUsed.ql`
+  - Fixes #370 - Non-member user-defined assignment operator and stream insertion/extraction parameters that are required to be out parameters are excluded.
+  - Broadens the definition of out parameter by considering assignment and crement operators as modifications to an out parameter candidate.
+- `FIO51-CPP` - `CloseFilesWhenTheyAreNoLongerNeeded.ql`:
+  - Broadened definition of `IStream` and `OStream` types may result in reduced false negatives.
+- `A5-1-1` - `LiteralValueUsedOutsideTypeInit.ql`:
+  - Broadened definition of `IStream` types may result in reduced false positives because more file stream function calls may be detected as logging operations that will be excluded from the results.

change_notes/2024-01-31-exclusion-a16-0-1.md

@@ -0,0 +1,2 @@
+`A16-0-1` - `PreProcessorShallOnlyBeUsedForCertainDirectivesPatterns.ql`:
+    - Exclude all preprocessor elses and also consider elifs separately (ie do not affect valid ifs) but not valid if not meeting the same criteria as an ifdef etc.

change_notes/2024-01-31-fix-fp-a4-5-1.md

@@ -0,0 +1,4 @@
+`A4-5-1`: `EnumUsedInArithmeticContexts.ql`:
+    - Address incorrect exclusion of the binary operator `&`.
+    - Address incorrect inclusion of the unary operator `&`.
+    - Fix FP reported in #366.

change_notes/2024-01-31-fix-fp-a7-1-2.md

@@ -0,0 +1,2 @@
+`A7-1-2` - `VariableMissingConstexpr.ql`:
+    - Fix FP reported in #466. Addresses incorrect assumption that calls to `constexpr` functions are always compile-time evaluated.

change_notes/2024-01-31-fix-fp-m9-3-3.md

@@ -0,0 +1,2 @@
+`M9-3-3`: `MemberFunctionConstIfPossible.ql`:
+    - Fix FP reported in 467. Excluding candidates in uninstantiated templates.

change_notes/2024-02-01-fix-fp-reported-for-a7-1-1.md

@@ -0,0 +1,2 @@
+`A7-1-1` - `DeclarationUnmodifiedObjectMissingConstSpecifier.ql`
+    - Fix FP reported in #372. Exclude compiler generated variables.

change_notes/2024-02-12-exclusion-A2-10-4.md

@@ -0,0 +1,2 @@
+- `A2-10-4` - `IdentifierNameOfStaticNonMemberObjectReusedInNamespace.ql`:
+    - Fix FP reported in #385. Addresses incorrect detection of partially specialized template variables as conflicting reuses.

change_notes/2024-02-12-improve-a18-0-1.md

@@ -0,0 +1,2 @@
+- `A18-0-1` - `CLibraryFacilitiesNotAccessedThroughCPPLibraryHeaders.ql`:
+    - Fix issue #7 - improve query logic to only match on exact standard library names (e.g., now excludes sys/header.h type headers from the results as those are not C standard libraries).

change_notes/2024-02-13-fix-fn-M7-3-6.md

@@ -0,0 +1,2 @@
+- `M7-3-6` - `UsingDeclarationsUsedInHeaderFiles.ql`:
+  - Address FN reported in #400. Only using-declarations are exempted from class- and function-scope.

change_notes/2024-02-13-fix-fp-a15-4-4.md

@@ -0,0 +1,2 @@
+-`A15-4-4` - `MissingNoExcept.ql`:
+    - Fix FP reported in #424. Exclude functions calling `std::string::reserve` or `std::string::append` that may throw even if their signatures don't specify it.

change_notes/2024-02-14-fix-fp-m0-1-4.md

@@ -0,0 +1,4 @@
+- `M0-1-4` - `SingleUseMemberPODVariable.ql`:
+  - Address FP reported in #388. Include aggregrate initialization as a use of a member.
+  - Include indirect initialization of members. For example, casting a pointer to a buffer to a struct pointer.
+  - Reformat the alert message to adhere to the style-guide.

change_notes/2024-02-15-fix-fp-m0-1-3.md

@@ -0,0 +1,4 @@
+- `M0-1-3` - `UnusedMemberVariable.ql`, `UnusedGlobalOrNamespaceVariable.ql`:
+  - Address FP reported in #384. Exclude variables with compile time values that may have been used as a template argument.
+  - Exclude uninstantiated template members.
+  - Reformat the alert message to adhere to the style-guide.

cpp/autosar/src/rules/A13-3-1/FunctionThatContainsForwardingReferenceAsItsArgumentOverloaded.ql

@@ -21,10 +21,36 @@ class Candidate extends TemplateFunction {
   }
 }
 
-from Candidate c, Function f
+from
+  Candidate c, Function f, Function overload, Function overloaded, string msg,
+  string firstMsgSegment
 where
   not isExcluded(f,
     OperatorsPackage::functionThatContainsForwardingReferenceAsItsArgumentOverloadedQuery()) and
   not f.isDeleted() and
-  f = c.getAnOverload()
-select f, "Function overloads a $@ with a forwarding reference parameter.", c, "function"
+  f = c.getAnOverload() and
+  // allow for overloading with different number of parameters, because there is no
+  // confusion on what function will be called.
+  f.getNumberOfParameters() = c.getNumberOfParameters() and
+  //build a dynamic select statement that guarantees to read that the overloading function is the explicit one
+  if
+    (f instanceof CopyConstructor or f instanceof MoveConstructor) and
+    f.isCompilerGenerated()
+  then (
+    (
+      f instanceof CopyConstructor and
+      msg = "implicit copy constructor"
+      or
+      f instanceof MoveConstructor and
+      msg = "implicit move constructor"
+    ) and
+    firstMsgSegment = " with a forwarding reference parameter " and
+    overloaded = f and
+    overload = c
+  ) else (
+    msg = "function with a forwarding reference parameter" and
+    firstMsgSegment = " " and
+    overloaded = c and
+    overload = f
+  )
+select overload, "Function" + firstMsgSegment + "overloads a $@.", overloaded, msg

cpp/autosar/src/rules/A16-0-1/PreProcessorShallOnlyBeUsedForCertainDirectivesPatterns.ql

@@ -21,13 +21,26 @@ import cpp
 import codingstandards.cpp.autosar
 import codingstandards.cpp.FunctionLikeMacro
 
+class PermittedInnerDirectiveType extends PreprocessorDirective {
+  PermittedInnerDirectiveType() {
+    //permissive listing for directives that can be used in a valid wrapper
+    this instanceof MacroWrapper or
+    this instanceof PreprocessorEndif or
+    this instanceof Include or
+    this instanceof PermittedMacro or
+    this instanceof PreprocessorElif or
+    this instanceof PreprocessorElse
+  }
+}
+
 class PermittedDirectiveType extends PreprocessorDirective {
   PermittedDirectiveType() {
     //permissive listing in case directive types modelled in ql ever expands (example non valid directives)
     this instanceof MacroWrapper or
     this instanceof PreprocessorEndif or
     this instanceof Include or
-    this instanceof PermittedMacro
+    this instanceof PermittedMacro or
+    this instanceof PreprocessorElse
   }
 }
 
@@ -40,9 +53,9 @@ pragma[noinline]
 predicate isPreprocConditionalRange(
   PreprocessorBranch pb, string filepath, int startLine, int endLine
 ) {
-  exists(PreprocessorEndif end | pb.getEndIf() = end |
-    isPreprocFileAndLine(pb, filepath, startLine) and
-    isPreprocFileAndLine(end, filepath, endLine)
+  isPreprocFileAndLine(pb, filepath, startLine) and
+  exists(PreprocessorDirective end |
+    pb.getNext() = end and isPreprocFileAndLine(end, filepath, endLine)
   )
 }
 
@@ -73,7 +86,7 @@ class MacroWrapper extends PreprocessorIfndef {
 class AcceptableWrapper extends PreprocessorBranch {
   AcceptableWrapper() {
     forall(Element inner | not inner instanceof Comment and this = getAGuard(inner) |
-      inner instanceof PermittedDirectiveType
+      inner instanceof PermittedInnerDirectiveType
     )
   }
 }

cpp/autosar/src/rules/A18-0-1/CLibraryFacilitiesNotAccessedThroughCPPLibraryHeaders.ql

@@ -28,7 +28,7 @@ where
    *    not use any of 'signal.h's facilities, for example.
    */
 
-  filename = i.getIncludedFile().getBaseName() and
+  filename = i.getIncludeText().substring(1, i.getIncludeText().length() - 1) and
   filename in [
       "assert.h", "ctype.h", "errno.h", "fenv.h", "float.h", "inttypes.h", "limits.h", "locale.h",
       "math.h", "setjmp.h", "signal.h", "stdarg.h", "stddef.h", "stdint.h", "stdio.h", "stdlib.h",

cpp/autosar/src/rules/A2-10-4/IdentifierNameOfStaticNonMemberObjectReusedInNamespace.ql

@@ -20,7 +20,9 @@ class CandidateVariable extends Variable {
   CandidateVariable() {
     hasDefinition() and
     isStatic() and
-    not this instanceof MemberVariable
+    not this instanceof MemberVariable and
+    //exclude partially specialized template variables
+    not exists(TemplateVariable v | this = v.getAnInstantiation())
   }
 }
 

cpp/autosar/src/rules/A2-7-3/UndocumentedUserDefinedType.ql

@@ -17,6 +17,14 @@
 import cpp
 import codingstandards.cpp.autosar
 
+private predicate isInFunctionScope(Declaration d) {
+  // Type declared in function
+  exists(d.(UserType).getEnclosingFunction())
+  or
+  // Member declared in type which is in function scope
+  isInFunctionScope(d.getDeclaringType())
+}
+
 /**
  * A declaration which is required to be preceded by documentation by AUTOSAR A2-7-3.
  */
@@ -42,10 +50,8 @@ class DocumentableDeclaration extends Declaration {
     declarationType = "member variable" and
     // Exclude memeber variables in instantiated templates, which cannot reasonably be documented.
     not this.(MemberVariable).isFromTemplateInstantiation(_) and
-    // Exclude anonymous lambda functions.
-    // TODO: replace with the following when support is added.
-    // not this.(MemberVariable).isCompilerGenerated()
-    not exists(LambdaExpression lc | lc.getACapture().getField() = this)
+    // Exclude compiler generated variables, such as those for anonymous lambda functions
+    not this.(MemberVariable).isCompilerGenerated()
   }
 
   /** Gets a `DeclarationEntry` for this declaration that should be documented. */
@@ -96,6 +102,7 @@ from DocumentableDeclaration d, DeclarationEntry de
 where
   not isExcluded(de, CommentsPackage::undocumentedUserDefinedTypeQuery()) and
   not isExcluded(d, CommentsPackage::undocumentedUserDefinedTypeQuery()) and
+  not isInFunctionScope(d) and
   d.getAnUndocumentedDeclarationEntry() = de
 select de,
   "Declaration entry for " + d.getDeclarationType() + " " + d.getName() +