v2.34.0

Release summary

• New queries added for the following rule packages: Representation
• The following changes have been made for this release:
• M0-2-1 - DoNotPassAliasedPointerToRestrictQualifiedParam.ql:
  • Fixes #119. Adds shared query to cover missing detection of overlapping arrays or pointers in specific list of functions that list undefined behaviour when their parameters overlap.

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.14.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.14.6.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.14.6.

Appendix: AUTOSAR new queries

New queries added to cover the following rules:

• M0-2-1 - DoNotPassAliasedPointerToParam.ql

v2.33.0

Release summary

• New queries added for the following rule packages: ImportMisra23
• The following changes have been made for this release:
  • A7-2-1 - fix typo in some alert messages.
• MISRA C++ 2023:
  • Extend the project structure and provide initial support for query writing.
• A2-7-3 - UndocumentedUserDefinedType.ql:
  • Fixes #391. Declarations for which a Doxygen comment group provides documentation will no longer produce results.
• M0-1-10 - EncapsulatingFunctions.qll:
  • Fixes #646. Consider typedef'd int return types for main() function as MainFunction.
• PRE32-C - MacroOrFunctionArgsContainHashToken.ql:
  • Fixes #650. Correctly identifies presence of preprocessor directives in function calls.

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.14.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.14.6.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.14.6.

Appendix: MISRA-C++-2023 new queries

New queries added to cover the following rules:

• DIR-5-7-2 - SectionsOfCodeShouldNotBeCommentedOut.ql
• DIR-15-8-1 - CopyAndMoveAssignmentsShallHandleSelfAssignment.ql
• RULE-5-7-1 - CharacterSequenceUsedWithinACStyleComment.ql
• RULE-5-7-3 - LineSplicingUsedInComments.ql
• RULE-5-13-1 - BackslashCharacterMisuse.ql
• RULE-5-13-2 - NonTerminatedEscapeSequences.ql
• RULE-5-13-3 - OctalConstantsUsed.ql
• RULE-5-13-4 - UnsignedIntegerLiteralsNotAppropriatelySuffixed.ql
• RULE-5-13-5 - LowercaseLStartsInLiteralSuffix.ql
• RULE-6-0-3 - GlobalNamespaceDeclarations.ql
• RULE-6-0-4 - NonGlobalFunctionMain.ql
• RULE-6-2-1 - OneDefinitionRuleViolated.ql
• RULE-6-4-1 - VariableDeclaredInInnerScopeHidesOuterScope.ql
• RULE-6-4-2 - InheritedNonOverridableMemberFunction.ql, InheritedOverridableMemberFunction.ql, DefinitionShallBeConsideredForUnqualifiedLookup.ql
• RULE-6-4-3 - NameShallBeReferredUsingAQualifiedIdOrThis.ql, NameShallBeReferredUsingAQualifiedIdOrThisAudit.ql
• RULE-6-8-1 - ObjectAccessedBeforeLifetimeMisra.ql, ObjectAccessedAfterLifetimeMisra.ql
• RULE-6-8-2 - ReturnReferenceOrPointerToAutomaticLocalVariable.ql
• RULE-7-11-1 - NullptrNotTheOnlyFormOfTheNullPointerConstant.ql
• RULE-7-11-2 - ArrayPassedAsFunctionArgumentDecayToAPointer.ql
• RULE-8-2-3 - CastRemovesConstOrVolatileFromPointerOrReference.ql
• RULE-8-2-4 - CastsBetweenAPointerToFunctionAndAnyOtherType.ql
• RULE-8-2-5 - ReinterpretCastShallNotBeUsed.ql
• RULE-8-2-10 - FunctionsCallThemselvesEitherDirectlyOrIndirectly.ql
• RULE-8-3-1 - BuiltInUnaryOperatorAppliedToUnsignedExpression.ql
• RULE-8-18-2 - ResultOfAnAssignmentOperatorShouldNotBeUsed.ql
• RULE-8-19-1 - CommaOperatorShouldNotBeUsed.ql
• RULE-8-20-1 - UnsignedOperationWithConstantOperandsWraps.ql
• RULE-9-3-1 - SwitchBodyCompoundCondition.ql, LoopBodyCompoundCondition.ql
• RULE-9-4-1 - IfElseIfEndCondition.ql
• RULE-9-6-1 - GotoStatementShouldNotBeUsed.ql
• RULE-9-6-2 - GotoReferenceALabelInSurroundingBlock.ql
• RULE-9-6-3 - GotoShallJumpToLabelDeclaredLaterInTheFunction.ql
• RULE-9-6-4 - FunctionDeclaredWithTheNoreturnAttributeReturn.ql
• RULE-9-6-5 - NonVoidFunctionShallReturnAValueOnAllPaths.ql
• RULE-10-0-1 - UseSingleLocalDeclarators.ql, UseSingleGlobalOrMemberDeclarators.ql
• RULE-10-2-1 - EnumerationNotDefinedWithAnExplicitUnderlyingType.ql
• RULE-10-4-1 - AsmDeclarationShallNotBeUsed.ql
• RULE-11-3-2 - DeclarationOfAnObjectIndirectionsLevel.ql
• RULE-11-6-3 - NonUniqueEnumerationConstant.ql
• RULE-12-2-2 - BitFieldShallHaveAnAppropriateType.ql
• RULE-12-2-3 - SignedIntegerNamedBitFieldHaveALengthOfOneBit.ql
• RULE-13-1-2 - VirtualAndNonVirtualClassInTheHierarchy.ql
• RULE-13-3-2 - OverridingShallSpecifyDifferentDefaultArguments.ql
• RULE-13-3-4 - PotentiallyVirtualPointerOnlyComparesToNullptr.ql
• RULE-15-1-1 - ObjectsDynamicTypeUsedFromConstructorOrDestructor.ql
• RULE-15-1-2 - InitializeAllVirtualBaseClasses.ql
• RULE-15-1-5 - InitializerListConstructorIsTheOnlyConstructor.ql
• RULE-16-5-2 - AddressOfOperatorOverloaded.ql
• RULE-17-8-1 - FunctionTemplatesExplicitlySpecialized.ql
• RULE-18-1-1 - ExceptionObjectHavePointerType.ql
• RULE-18-1-2 - EmptyThrowOnlyWithinACatchHandler.ql
• RULE-18-3-3 - HandlersReferToNonStaticMembersFromTheirClass.ql
• RULE-18-5-1 - NoexceptFunctionShouldNotPropagateToTheCaller.ql
• RULE-19-0-2 - FunctionLikeMacrosDefined.ql
• RULE-19-0-3 - IncludeDirectivesPrecededByPreprocessorDirectives.ql
• RULE-19-1-3 - IdentifiersUsedInTheControllingExpressionOf.ql
• RULE-19-2-3 - CharsThatShouldNotOccurInHeaderFileName.ql
• RULE-19-3-1 - AndPreprocessorOperatorsShouldNotBeUsed.ql
• RULE-19-3-2 - MacroParameterFollowingHash.ql
• RULE-19-3-3 - AMixedUseMacroArgumentSubjectToExpansion.ql
• RULE-19-3-5 - TokensThatLookLikeDirectivesInAMacroArgument.ql
• RULE-21-2-1 - AtofAtoiAtolAndAtollUsed.ql
• RULE-21-2-4 - MacroOffsetofShallNotBeUsed.ql
• RULE-21-6-4 - GlobalSizedOperatorDeleteShallBeDefined.ql, GlobalUnsizedOperatorDeleteShallBeDefined.ql
• RULE-21-6-5 - PointerToAnIncompleteClassTypeDeleted.ql
• RULE-21-10-3 - CsignalFacilitiesUsed.ql, CsignalTypesShallNotBeUsed.ql
• RULE-25-5-2 - PointersReturnedByLocaleFunctionsMustBeUsedAsConst.ql
• RULE-25-5-3 - CallToSetlocaleInvalidatesOldPointersMisra.ql, CallToSetlocaleInvalidatesOldPointersWarnMisra.ql
• RULE-26-3-1 - VectorShouldNotBeSpecializedWithBool.ql
• RULE-28-6-2 - ForwardingReferencesAndForwardNotUsedTogether.ql
• RULE-28-6-3 - ObjectUsedWhileInPotentiallyMovedFromState.ql
• RULE-30-0-1 - CstdioFunctionsShallNotBeUsed.ql, CstdioMacrosShallNotBeUsed.ql, CstdioTypesShallNotBeUsed.ql
• RULE-30-0-2 - ReadsAndWritesOnStreamNotSeparatedByPositioning.ql

v2.32.0

Release summary

• No new queries were added for this release
• The following changes have been made for this release:
• A0-4-4,FLP32-C - UncheckedRangeDomainPoleErrors.ql:
  • Fixes #193. Adds missing cases for domain errors, an unspecified result case and pole error cases.
• M0-1-3 - UnusedGlobalOrNamespaceVariable.ql
  • Reduces false positives by excluding compiler generated variables, and variables in uninstantiated templates.
• A3-9-1 - VariableWidthIntegerTypesUsed.ql:
  • Fixes #614. Excludes post increment and decrement operators.
• M9-3-3 - MemberFunctionStaticIfPossible.ql:
  • Fixes #616. Exclude uninstantiated templates.
• RULE-8-3 - DeclarationsOfAnObjectSameNameAndType.ql:
  • Fixes #618. Consider anonymous structs.
• A3-1-5 - NonTrivialNonTemplateFunctionDefinedInsideClassDefinition.ql, TrivialOrTemplateFunctionDefinedOutsideClassDefinition.ql:
  • Fixes #611. Relax definition of trivial length of trivial member function to 10 LOC.
• A7-1-1 - DeclarationUnmodifiedObjectMissingConstSpecifier.ql:
  • Fixes #621. Exclude template instantiations that come from constexpr templates.
• A7-1-7 - IdentifierDeclarationAndInitializationNotOnSeparateLines.ql:
  • Fixes #628. Excludes Functions.
  • Fixes #630. Excludes struct identifiers and variables on the same line when a typedef is used.

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.14.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.14.6.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.14.6.

v2.31.0

Release summary

• No new queries were added for this release
• The following changes have been made for this release:
• M0-1-2 - InfeasiblePath.ql:
  • Fixes #376. For template functions we now only report when a path is infeasible regardless of instantiations present.

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.14.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.14.6.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.14.6.

v2.30.0

Release summary

• No new queries were added for this release
• The following changes have been made for this release:
• A18-5-8 - UnnecessaryUseOfDynamicStorage.ql:
  • Address FP reported in #20. Add model of flow from MakeSharedOrUnique to return expression to capture copy/move elision case NRVO.
• A7-1-2 - VariableMissingConstexpr.ql:
  • Fixes #607. Remove false positives for compiler generated variables and in uninstantiated templates

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.14.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.14.6.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.14.6.

v2.29.0

Release summary

• No new queries were added for this release
• The following changes have been made for this release:
• STR32-C - NonNullTerminatedToFunctionThatExpectsAString.ql:
  • Fixes #31. Realloc was not modelled previously.
• A2-10-1, RULE-5-3 - IdentifierHiding.ql, IdentifierHidingC.ql:
  • Revert some changes previously made in PR #546 (addressing issue #118). Revert expansion to function identifiers.

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.14.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.14.6.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.14.6.

v2.28.0

Release summary

• No new queries were added for this release
• The following changes have been made for this release:
• A2-10-1, RULE-5-3 - IdentifierHiding.ql, IdentifierHidingC.ql:
  • Address FN reported in #118. Rule was missing detection of functions. Additionally omitted class template instantiations.
  • Fix FP for identifiers in nested namespaces.
    M9-3-3: MemberFunctionConstIfPossible.ql:
    • Fix FP reported in 381. Omit member functions that return nonconst reference types.
• A13-2-2 - BinaryOperatorAndBitwiseOperatorReturnAPrvalue.ql:
  • Replaced the usage of getIdentityString() with toString() to avoid expensive computation to display the Operator names which were causing crashes on production code.

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.14.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.14.6.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.14.6.

v2.27.1 [Certified]

This release of CodeQL Coding Standards is certified as a software tool suitable for use in safety-related development projects according to ISO26262:2018 for any ASIL.

Release summary

• No new queries were added for this release
• Add precompiled queries

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.14.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.14.6.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.14.6.

v2.27.0

Release summary

• No new queries were added for this release
• The following changes have been made for this release:
• A3-3-1 - ExternalLinkageNotDeclaredInHeaderFile.ql:
  • Adjust the alert message to comply with the style guide.
• CTR55-CPP - DoNotUseAnAdditiveOperatorOnAnIterator.ql:
  • Address reported FP in #374. Improve logic on valid end checks and size checks on iterators.
• RULE-6-1 - BitFieldsShallOnlyBeDeclaredWithAnAppropriateType.ql:
  • Address FP reported in #318. Add support for implementation specific bitfield types for Clang and Gcc.

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.14.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.14.6.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.14.6.

v2.26.0

Release summary

• No new queries were added for this release
• The following changes have been made for this release:
  A0-4-1 - FloatingPointImplementationShallComplyWithIeeeStandard.ql:
  • May return more results due to improvements to underlying getATypeUse.
• A12-4-1 - DestructorOfABaseClassNotPublicVirtual.ql:
  • Fix FP reported in #392. Improve base class detection for template classes.
  • Update the alert message to prevent duplicate alerts for base classes that are both derived and abstract.
• A12-8-6 - CopyAndMoveNotDeclaredProtected.ql:
  • Fix FP reported in #392. Improve base class detection for template classes.
  • Update the alert message to prevent duplicate alerts for base classes that are both derived and abstract.
• A8-4-7 - InParametersForCheapToCopyTypesNotPassedByValue.ql, InParametersForCheapToCopyTypesNotPassedByReference.ql:
  • Fixes #89. Accidental floor rounding was applying to type size calculations.

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.14.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.14.6.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.14.6.