Add comments where intention was unclear

Author: MichaelRFairhurst

c/cert/src/rules/CON34-C/AppropriateThreadObjectStorageDurations.ql

@@ -39,7 +39,11 @@ where
       )
     )
     or
-    // TODO: Remove/replace with tss_t type check, see #801.
+    // TODO: This case is handling threadlocals in a useful way that's not intended to be covered
+    // by the rule. See issue #801. The actual rule should expect no tss_t objects is used, and
+    // this check that this is initialized doesn't seem to belong here. However, it is a useful
+    // check in and of itself, so we should figure out if this is part of an optional rule we
+    // haven't yet implemented and move this behavior there.
     exists(TSSGetFunctionCall tsg |
       TaintTracking::localTaint(DataFlow::exprNode(tsg), DataFlow::exprNode(arg)) and
       not exists(TSSSetFunctionCall tss, DataFlow::Node src |

c/common/src/codingstandards/c/Objects.qll

@@ -106,9 +106,14 @@ abstract class ObjectIdentityBase extends Element {
     exists(Expr subobject |
       subobject = getASubobjectAccess() and
       (
+        // Holds for address-of expressions.
         result = any(AddressOfExpr e | e.getOperand() = subobject)
         or
+        // Holds for array-to-pointer conversions, which evaluate to a usable subobject address.
         exists(ArrayToPointerConversion c | c.getExpr() = subobject) and
+        // Note that `arr[x]` has an array-to-pointer conversion, and returns the `x`th item by
+        // value, not the address of the `x`th item. Therefore, exclude `arr` if `arr` is part of
+        // an expression `arr[x]`.
         not exists(ArrayExpr a | a.getArrayBase() = subobject) and
         result = subobject
       )