Merge pull request #697 from github/michaelrfairhurst/fix-A1-1-2-suppress-individual-warnings-flag

Fix #689, false negatives for A1-1-2 thinking -Wno-foo is compliant.

Author: lcartey

change_notes/2024-09-18-handle-warning-suppresion-flags

@@ -0,0 +1,2 @@
+- `A1-1-2` - `CompilerWarningLevelNotInCompliance.ql`:
+  - Fixes #689 false negatives where '-Wno-foo' was treated as enabling, rather than disabling warnings.

cpp/autosar/src/rules/A1-1-2/CompilerWarningLevelNotInCompliance.ql

@@ -18,14 +18,56 @@
 import cpp
 import codingstandards.cpp.autosar
 
+predicate hasResponseFileArgument(Compilation c) { c.getAnArgument().matches("@%") }
+
 class CompilationWithNoWarnings extends Compilation {
   CompilationWithNoWarnings() {
-    getAnArgument() = "-w" or
-    not getAnArgument().regexpMatch("-W[\\w=-]+")
+    getAnArgument() = "-w"
+    or
+    not exists(EnableWarningFlag enableFlag |
+      this.getAnArgument() = enableFlag and
+      not exists(DisableWarningFlag disableFlag |
+        this.getAnArgument() = disableFlag and
+        enableFlag.getWarningType() = disableFlag.getWarningType()
+      )
+    )
   }
 }
 
-predicate hasResponseFileArgument(Compilation c) { c.getAnArgument().matches("@%") }
+class CompilationArgument extends string {
+  Compilation compilation;
+
+  CompilationArgument() { this = compilation.getAnArgument() }
+}
+
+/**
+ * Compiler flags of type -Wfoo or -Wfoo=bar, which enables the `foo` warning.
+ */
+class EnableWarningFlag extends CompilationArgument {
+  string warningType;
+
+  EnableWarningFlag() {
+    warningType = regexpCapture("^-W([\\w-]+)(=.*)?$", 1) and
+    not this instanceof DisableWarningFlag
+  }
+
+  string getWarningType() { result = warningType }
+}
+
+/**
+ * Compiler flags of type -Wno-foo or -Wfoo=0, which disables the `foo` warning
+ * and overrules -Wfoo.
+ */
+class DisableWarningFlag extends CompilationArgument {
+  string warningType;
+
+  DisableWarningFlag() {
+    warningType = regexpCapture("^-Wno-([\\w-]+)", 1) or
+    warningType = regexpCapture("^-W([\\w-]+)=0", 1)
+  }
+
+  string getWarningType() { result = warningType }
+}
 
 from File f
 where

cpp/autosar/test/rules/A1-1-2.4/CompilerWarningLevelNotInCompliance.expected

@@ -0,0 +1 @@
+| Wformat=0-Wno-format-security.cpp:0:0:0:0 | Wformat=0-Wno-format-security.cpp | No warning-level options were used in the compilation of 'Wformat=0-Wno-format-security.cpp'. |

cpp/autosar/test/rules/A1-1-2.4/CompilerWarningLevelNotInCompliance.qlref

@@ -0,0 +1 @@
+rules/A1-1-2/CompilerWarningLevelNotInCompliance.ql

cpp/autosar/test/rules/A1-1-2.4/Wformat=0-Wno-format-security.cpp

@@ -0,0 +1,2 @@
+// semmle-extractor-options: --clang -std=c++14 -Wformat=0 -Wno-format-security
+// NON_COMPLIANT

cpp/autosar/test/rules/A1-1-2.4/options.clang

@@ -0,0 +1 @@
+-Wformat=0 -Wno-format-security

cpp/autosar/test/rules/A1-1-2.4/options.gcc

@@ -0,0 +1 @@
+-Wformat=0 -Wno-format-security

cpp/autosar/test/rules/A1-1-2.4/options.qcc

@@ -0,0 +1 @@
+-Wno-format -Wno-format-security

cpp/autosar/test/rules/A1-1-2.5/CompilerWarningLevelNotInCompliance.expected

@@ -0,0 +1 @@
+| Wall-Wno-format.cpp:0:0:0:0 | Wall-Wno-format.cpp | No warning-level options were used in the compilation of 'Wall-Wno-format.cpp'. |

cpp/autosar/test/rules/A1-1-2.5/CompilerWarningLevelNotInCompliance.expected.clang

@@ -0,0 +1 @@
+| Wall-Wno-format.cpp:0:0:0:0 | Wall-Wno-format.cpp | No warning-level options were used in the compilation of 'Wall-Wno-format.cpp'. |

cpp/autosar/test/rules/A1-1-2.5/CompilerWarningLevelNotInCompliance.expected.gcc

@@ -0,0 +1 @@
+rules/A1-1-2/CompilerWarningLevelNotInCompliance.ql

cpp/autosar/test/rules/A1-1-2.5/CompilerWarningLevelNotInCompliance.expected.qcc

@@ -0,0 +1,14 @@
+// semmle-extractor-options: --clang -std=c++14 -Wall -Wno-format
+// COMPLIANT
+
+// NOTE: When tested with `codeql test run`, the test extractor provides `-w`
+// which overrides `-Wcast-function-type` and causes this test case to be
+// non-compliant.
+//
+// However, when tested with our compiler matrix tests, this test db is built
+// via `codeql database create --command="..."`, and the `-w` flag will NOT be
+// used. This means the `-Wcast-function-type` flag is active and the test case
+// is compliant.
+//
+// Therefore, the .expected file for this test expects non-compliance, and the
+// .expected.gcc and .expected.clang files expect this test to be compliant.

cpp/autosar/test/rules/A1-1-2.5/CompilerWarningLevelNotInCompliance.qlref

@@ -0,0 +1 @@
+-Wall -Wno-format

cpp/autosar/test/rules/A1-1-2.5/Wall-Wno-format.cpp

@@ -0,0 +1 @@
+-Wall -Wno-format

cpp/autosar/test/rules/A1-1-2.5/options.clang

@@ -0,0 +1 @@
+-Wall -Wno-format

cpp/autosar/test/rules/A1-1-2.5/options.gcc

@@ -1 +1 @@
-| Wall.cpp:0:0:0:0 | Wall.cpp | No warning-level options were used in the compilation of 'Wall.cpp'. |
+| Wall.cpp:0:0:0:0 | Wall.cpp | No warning-level options were used in the compilation of 'Wall.cpp'. |