Merge branch 'main' into rvermeulen/fix-384

Author: knewbury01

.vscode/tasks.json

@@ -140,6 +140,28 @@
             },
             "problemMatcher": []
         },
+        {
+            "label": "🧪 Standards Automation: Build Case Test DB from test file",
+            "type": "shell",
+            "windows": {
+                "command": ".${pathSeparator}scripts${pathSeparator}.venv${pathSeparator}Scripts${pathSeparator}python.exe scripts${pathSeparator}build_test_database.py ${file}"
+            },
+            "linux": {
+                "command": ".${pathSeparator}scripts${pathSeparator}.venv${pathSeparator}bin${pathSeparator}python3 scripts${pathSeparator}build_test_database.py ${file}"
+            },
+            "osx": {
+                "command": ".${pathSeparator}scripts${pathSeparator}.venv${pathSeparator}bin${pathSeparator}python3 scripts${pathSeparator}build_test_database.py ${file}"
+            },
+            "presentation": {
+                "reveal": "always",
+                "panel": "new",
+                "focus": true
+            },
+            "runOptions": {
+                "reevaluateOnRerun": false
+            },
+            "problemMatcher": []
+        },
         {
             "label": "📝 Standards Automation: Format CodeQL",
             "type": "shell",

change_notes/2023-10-04-aggregate-literals-from-variadic-templates.md

@@ -0,0 +1,2 @@
+ `M8-5-2` - `AggregateLiteralEnhancements.qll`:
+   - recognise aggregate literals initialized with parameters from variadic templates.

change_notes/2023-11-03-identifier-hiding-improvements.md

@@ -0,0 +1,3 @@
+ - `A2-10-1`, `RULE-5-3`:
+   - Reduce false positives by considering point of declaration for local variables.
+   - Reduce false negatives by considering catch block parameters to be in scope in the catch block.

change_notes/2023-11-05-m6-5-5-const-refs.md

@@ -0,0 +1,3 @@
+ - `M6-5-5`:
+   - Reduce false positives by no longer considering the taking of a const reference as a modification.
+   - Improve detection of non-local modification of loop iteration variables to reduce false positives.

change_notes/2024-01-16-m5-2-10-arith-only.md

@@ -0,0 +1,2 @@
+ `M5-2-10` - `IncrementAndDecrementOperatorsMixedWithOtherOperatorsInExpression.ql`:
+   - only report use of the increment and decrement operations in conjunction with arithmetic operators, as specified by the rule. Notably we no longer report the expressions of the form `*p++`, which combine increment and dereferencing operations.

change_notes/2024-02-12-exclusion-A2-10-4.md

@@ -0,0 +1,2 @@
+- `A2-10-4` - `IdentifierNameOfStaticNonMemberObjectReusedInNamespace.ql`:
+    - Fix FP reported in #385. Addresses incorrect detection of partially specialized template variables as conflicting reuses.

change_notes/2024-02-12-improve-a18-0-1.md

@@ -0,0 +1,2 @@
+- `A18-0-1` - `CLibraryFacilitiesNotAccessedThroughCPPLibraryHeaders.ql`:
+    - Fix issue #7 - improve query logic to only match on exact standard library names (e.g., now excludes sys/header.h type headers from the results as those are not C standard libraries).

change_notes/2024-02-13-fix-fp-a15-4-4.md

@@ -0,0 +1,2 @@
+-`A15-4-4` - `MissingNoExcept.ql`:
+    - Fix FP reported in #424. Exclude functions calling `std::string::reserve` or `std::string::append` that may throw even if their signatures don't specify it.

change_notes/2024-02-14-fix-fp-m0-1-4.md

@@ -0,0 +1,4 @@
+- `M0-1-4` - `SingleUseMemberPODVariable.ql`:
+  - Address FP reported in #388. Include aggregrate initialization as a use of a member.
+  - Include indirect initialization of members. For example, casting a pointer to a buffer to a struct pointer.
+  - Reformat the alert message to adhere to the style-guide.

cpp/autosar/src/rules/A18-0-1/CLibraryFacilitiesNotAccessedThroughCPPLibraryHeaders.ql

@@ -28,7 +28,7 @@ where
    *    not use any of 'signal.h's facilities, for example.
    */
 
-  filename = i.getIncludedFile().getBaseName() and
+  filename = i.getIncludeText().substring(1, i.getIncludeText().length() - 1) and
   filename in [
       "assert.h", "ctype.h", "errno.h", "fenv.h", "float.h", "inttypes.h", "limits.h", "locale.h",
       "math.h", "setjmp.h", "signal.h", "stdarg.h", "stddef.h", "stdint.h", "stdio.h", "stdlib.h",

cpp/autosar/src/rules/A2-10-4/IdentifierNameOfStaticNonMemberObjectReusedInNamespace.ql

@@ -20,7 +20,9 @@ class CandidateVariable extends Variable {
   CandidateVariable() {
     hasDefinition() and
     isStatic() and
-    not this instanceof MemberVariable
+    not this instanceof MemberVariable and
+    //exclude partially specialized template variables
+    not exists(TemplateVariable v | this = v.getAnInstantiation())
   }
 }
 

cpp/autosar/src/rules/M0-1-4/SingleUseMemberPODVariable.ql

@@ -24,5 +24,5 @@ where
   not isExcluded(v, DeadCodePackage::singleUseMemberPODVariableQuery()) and
   isSingleUseNonVolatilePODVariable(v)
 select v,
-  "Member POD variable " + v.getName() + " in " + v.getDeclaringType().getName() + " is only $@.",
-  getSingleUse(v), "used once"
+  "Member POD variable '" + v.getName() + "' in '" + v.getDeclaringType().getName() +
+    "' is only $@.", getSingleUse(v), "used once"

cpp/autosar/src/rules/M0-1-4/SingleUsePODVariable.qll

@@ -10,23 +10,68 @@ private string getConstExprValue(Variable v) {
   v.isConstexpr()
 }
 
+/**
+ * Gets the number of uses of variable `v` in an opaque assignment, where an opaqua assignment for example a cast from one type to the other and `v` is assumed to be a member of the resulting type.
+ * e.g.,
+ * struct foo {
+ *  int bar;
+ * }
+ *
+ * struct foo * v = (struct foo*)buffer;
+ */
+Expr getIndirectSubObjectAssignedValue(MemberVariable subobject) {
+  // struct foo * ptr = (struct foo*)buffer;
+  exists(Struct someStruct, Variable instanceOfSomeStruct | someStruct.getAMember() = subobject |
+    instanceOfSomeStruct.getType().(PointerType).getBaseType() = someStruct and
+    exists(Cast assignedValue |
+      // Exclude cases like struct foo * v = nullptr;
+      not assignedValue.isImplicit() and
+      // `v` is a subobject of another type that reinterprets another object. We count that as a use of `v`.
+      assignedValue.getExpr() = instanceOfSomeStruct.getAnAssignedValue() and
+      result = assignedValue
+    )
+    or
+    // struct foo; read(..., (char *)&foo);
+    instanceOfSomeStruct.getType() = someStruct and
+    exists(Call externalInitializerCall, Cast castToCharPointer, int n |
+      externalInitializerCall.getArgument(n).(AddressOfExpr).getOperand() =
+        instanceOfSomeStruct.getAnAccess() and
+      externalInitializerCall.getArgument(n) = castToCharPointer.getExpr() and
+      castToCharPointer.getType().(PointerType).getBaseType().getUnspecifiedType() instanceof
+        CharType and
+      result = externalInitializerCall
+    )
+    or
+    // the object this subject is part of is initialized and we assumes this initializes the subobject.
+    instanceOfSomeStruct.getType() = someStruct and
+    result = instanceOfSomeStruct.getInitializer().getExpr()
+  )
+}
+
 /** Gets a "use" count according to rule M0-1-4. */
 int getUseCount(Variable v) {
-  exists(int initializers |
-    // We enforce that it's a POD type variable, so if it has an initializer it is explicit
-    (if v.hasInitializer() then initializers = 1 else initializers = 0) and
-    result =
-      initializers +
-        count(VariableAccess access | access = v.getAnAccess() and not access.isCompilerGenerated())
-        + count(UserProvidedConstructorFieldInit cfi | cfi.getTarget() = v) +
-        // For constexpr variables used as template arguments, we don't see accesses (just the
-        // appropriate literals). We therefore take a conservative approach and count the number of
-        // template instantiations that use the given constant, and consider each one to be a use
-        // of the variable
-        count(ClassTemplateInstantiation cti |
-          cti.getTemplateArgument(_).(Expr).getValue() = getConstExprValue(v)
-        )
-  )
+  // We enforce that it's a POD type variable, so if it has an initializer it is explicit
+  result =
+    count(getAUserInitializedValue(v)) +
+      count(VariableAccess access | access = v.getAnAccess() and not access.isCompilerGenerated()) +
+      // For constexpr variables used as template arguments, we don't see accesses (just the
+      // appropriate literals). We therefore take a conservative approach and count the number of
+      // template instantiations that use the given constant, and consider each one to be a use
+      // of the variable
+      count(ClassTemplateInstantiation cti |
+        cti.getTemplateArgument(_).(Expr).getValue() = getConstExprValue(v)
+      ) + count(getIndirectSubObjectAssignedValue(v))
+}
+
+Expr getAUserInitializedValue(Variable v) {
+  (
+    result = v.getInitializer().getExpr()
+    or
+    exists(UserProvidedConstructorFieldInit cfi | cfi.getTarget() = v and result = cfi.getExpr())
+    or
+    exists(ClassAggregateLiteral l | not l.isCompilerGenerated() | result = l.getAFieldExpr(v))
+  ) and
+  not result.isCompilerGenerated()
 }
 
 /** Gets a single use of `v`, if `isSingleUseNonVolatilePODVariable` holds. */

cpp/autosar/src/rules/M3-9-1/TypesNotIdenticalInReturnDeclarations.ql

@@ -15,8 +15,6 @@
 
 import cpp
 import codingstandards.cpp.autosar
-import cpp
-import codingstandards.cpp.autosar
 
 from FunctionDeclarationEntry f1, FunctionDeclarationEntry f2
 where

cpp/autosar/src/rules/M5-2-10/IncrementAndDecrementOperatorsMixedWithOtherOperatorsInExpression.ql

@@ -16,8 +16,9 @@
 
 import cpp
 import codingstandards.cpp.autosar
+import codingstandards.cpp.Expr
 
-from CrementOperation cop, Operation op, string name
+from CrementOperation cop, ArithmeticOperation op, string name
 where
   not isExcluded(cop) and
   not isExcluded(op,

cpp/autosar/test/rules/A15-4-4/test.cpp

@@ -43,4 +43,17 @@ void test_swap_wrapper() noexcept {
   int a = 0;
   int b = 1;
   swap_wrapper(&a, &b);
+}
+
+#include <stdexcept>
+#include <string>
+
+std::string test_fp_reported_in_424(
+    const std::string &s1,
+    const std::string &s2) { // COMPLIANT - `reserve` and `append` may throw.
+  std::string s3;
+  s3.reserve(s1.size() + s2.size());
+  s3.append(s1.c_str(), s1.size());
+  s3.append(s2.c_str(), s2.size());
+  return s3;
 }

cpp/autosar/test/rules/A18-0-1/CLibraryFacilitiesNotAccessedThroughCPPLibraryHeaders.expected

@@ -19,3 +19,4 @@
 | test.cpp:19:1:19:18 | #include <uchar.h> | C library "uchar.h" is included instead of the corresponding C++ library <cuchar>. |
 | test.cpp:20:1:20:18 | #include <wchar.h> | C library "wchar.h" is included instead of the corresponding C++ library <cwchar>. |
 | test.cpp:21:1:21:19 | #include <wctype.h> | C library "wctype.h" is included instead of the corresponding C++ library <cwctype>. |
+| test.cpp:45:1:45:17 | #include "time.h" | C library "time.h" is included instead of the corresponding C++ library <ctime>. |

cpp/autosar/test/rules/A18-0-1/lib/example.h

@@ -0,0 +1,4 @@
+#ifndef LIB_EXAMPLE_H_
+#define LIB_EXAMPLE_H_
+
+#endif

cpp/autosar/test/rules/A18-0-1/test.cpp

@@ -39,4 +39,7 @@
 #include <ctime>     // COMPLIANT
 #include <cuchar>    // COMPLIANT
 #include <cwchar>    // COMPLIANT
-#include <cwctype>   // COMPLIANT
+#include <cwctype>   // COMPLIANT
+
+#include "lib/example.h" // COMPLIANT
+#include "time.h"        // NON_COMPLIANT

cpp/autosar/test/rules/A18-0-1/time.h

@@ -0,0 +1,4 @@
+#ifndef LIB_TIME_EXAMPLE_H_
+#define LIB_TIME_EXAMPLE_H_
+// may be a user lib or a std lib checked into a project
+#endif

cpp/autosar/test/rules/A2-10-4/test1a.cpp

@@ -13,4 +13,10 @@ namespace ns3 {
 static void f1() {}
 
 void f2() {}
+
+// Variable templates can cause false positives
+template <int x> static int number_one = 0; // COMPLIANT
+
+template <> static int number_one<1> = 1; // COMPLIANT
+template <> static int number_one<2> = 2; // COMPLIANT
 } // namespace ns3

cpp/autosar/test/rules/M0-1-4/SingleUseMemberPODVariable.expected

@@ -1,9 +1,9 @@
-| test_global_or_namespace.cpp:16:7:16:7 | x | Member POD variable x in GA is only $@. | test_global_or_namespace.cpp:38:6:38:6 | x | used once |
-| test_global_or_namespace.cpp:54:7:54:7 | x | Member POD variable x in N1A is only $@. | test_global_or_namespace.cpp:76:6:76:6 | x | used once |
-| test_member.cpp:5:7:5:8 | m2 | Member POD variable m2 in A is only $@. | test_member.cpp:9:21:9:25 | constructor init of field m2 | used once |
-| test_member.cpp:6:7:6:8 | m3 | Member POD variable m3 in A is only $@. | test_member.cpp:10:23:10:24 | m3 | used once |
-| test_member.cpp:7:7:7:8 | m4 | Member POD variable m4 in A is only $@. | test_member.cpp:14:23:14:24 | m4 | used once |
-| test_member.cpp:18:9:18:11 | sm1 | Member POD variable sm1 in s1 is only $@. | test_member.cpp:23:6:23:8 | sm1 | used once |
-| test_member.cpp:36:7:36:8 | m1 | Member POD variable m1 in C is only $@. | test_member.cpp:39:21:39:22 | m1 | used once |
-| test_member.cpp:37:7:37:8 | m2 | Member POD variable m2 in C is only $@. | test_member.cpp:46:5:46:6 | m2 | used once |
-| test_member.cpp:55:5:55:6 | m3 | Member POD variable m3 in E<B> is only $@. | test_member.cpp:56:27:56:32 | constructor init of field m3 | used once |
+| test_global_or_namespace.cpp:16:7:16:7 | x | Member POD variable 'x' in 'GA' is only $@. | test_global_or_namespace.cpp:38:6:38:6 | x | used once |
+| test_global_or_namespace.cpp:54:7:54:7 | x | Member POD variable 'x' in 'N1A' is only $@. | test_global_or_namespace.cpp:76:6:76:6 | x | used once |
+| test_member.cpp:5:7:5:8 | m2 | Member POD variable 'm2' in 'A' is only $@. | test_member.cpp:9:21:9:25 | constructor init of field m2 | used once |
+| test_member.cpp:6:7:6:8 | m3 | Member POD variable 'm3' in 'A' is only $@. | test_member.cpp:10:23:10:24 | m3 | used once |
+| test_member.cpp:7:7:7:8 | m4 | Member POD variable 'm4' in 'A' is only $@. | test_member.cpp:14:23:14:24 | m4 | used once |
+| test_member.cpp:18:9:18:11 | sm1 | Member POD variable 'sm1' in 's1' is only $@. | test_member.cpp:23:6:23:8 | sm1 | used once |
+| test_member.cpp:36:7:36:8 | m1 | Member POD variable 'm1' in 'C' is only $@. | test_member.cpp:39:21:39:22 | m1 | used once |
+| test_member.cpp:37:7:37:8 | m2 | Member POD variable 'm2' in 'C' is only $@. | test_member.cpp:46:5:46:6 | m2 | used once |
+| test_member.cpp:55:5:55:6 | m3 | Member POD variable 'm3' in 'E<B>' is only $@. | test_member.cpp:56:27:56:32 | constructor init of field m3 | used once |

cpp/autosar/test/rules/M0-1-4/test_member.cpp

@@ -72,4 +72,62 @@ void test_e() { // Ensure that the template E is fully instantiated
   e2.getT();
 }
 
+void test_fp_reported_in_388() {
+  struct s1 {
+    int m1; // COMPLIANT
+  };
+
+  s1 l1 = {1}; // m1 is used here
+  l1.m1;
+}
+
+void test_array_initialized_members() {
+  struct s1 {
+    int m1; // COMPLIANT
+  };
+
+  struct s1 l1[] = {
+      {.m1 = 1},
+      {.m1 = 2},
+  };
+
+  l1[0].m1;
+}
+
+void test_indirect_assigned_members(void *opaque) {
+  struct s1 {
+    int m1; // COMPLIANT
+  };
+
+  struct s1 *p = (struct s1 *)opaque;
+  p->m1;
+
+  struct s2 {
+    int m1; // COMPLIANT
+  };
+
+  char buffer[sizeof(struct s2) + 8] = {0};
+  struct s2 *l2 = (struct s2 *)&buffer[8];
+  l2->m1;
+}
+
+void test_external_assigned_members(void (*fp)(unsigned char *)) {
+
+  struct s1 {
+    int m1; // COMPLIANT
+  };
+
+  struct s1 l1;
+  fp((unsigned char *)&l1);
+  l1.m1;
+
+  struct s2 {
+    int m1; // COMPLIANT
+  };
+
+  struct s2 (*copy_init)();
+  struct s2 l2 = copy_init();
+  l2.m1;
+}
+
 } // namespace test

cpp/autosar/test/rules/M5-2-10/test.cpp

@@ -6,4 +6,6 @@ void f1() {
   ++l1;             // COMPLIANT
   --l2;             // COMPLIANT
   l3 = l1 * l2;
+  int *p;
+  *p++; // COMPLIANT - * is not an arithmetic operator
 }

cpp/autosar/test/rules/M6-5-5/LoopControlVariableModifiedInLoopExpression.expected

@@ -1 +1,2 @@
 | test.cpp:24:8:24:15 | testFlag | Loop control variable testFlag is modified in the loop update expression. |
+| test.cpp:47:12:47:12 | y | Loop control variable y is modified in the loop update expression. |

cpp/autosar/test/rules/M6-5-5/test.cpp

@@ -24,3 +24,27 @@ void test_loop_control_variable_modified_in_expression() {
        testFlag = updateFlagWithIncrement(++x)) { // NON_COMPLIANT
   }
 }
+
+#include <vector>
+
+void test_const_refs(std::vector<int> v) {
+  std::vector<int>::iterator first = v.begin();
+  std::vector<int>::iterator last = v.end();
+  // call to operator!= passes a const reference to first
+  for (; first != last; first++) { // COMPLIANT
+  }
+}
+
+void update(std::vector<int>::iterator &f, const int &x, int &y) {}
+
+void test_const_refs_update(std::vector<int> v) {
+  std::vector<int>::iterator last = v.end();
+  int x = 0;
+  int y = 0;
+  // call to operator!= passes a const reference to first
+  for (std::vector<int>::iterator first = v.begin(); first != last; update(
+           first, x, // COMPLIANT - first is a loop counter, so can be modified
+           y)) {     // NON_COMPLIANT - y is modified and is not a loop counter
+    first + 1;
+  }
+}

cpp/autosar/test/rules/M8-5-2/test.cpp

@@ -55,4 +55,13 @@ void test() {
   Bar b2{{0}};      // NON_COMPLIANT - missing explicit init, nested zero init
   StructNested n{}; // COMPLIANT
   StructNested n1 = {}; // COMPLIANT
-}
+}
+
+#include <initializer_list>
+template <class T> bool all_of(std::initializer_list<T>);
+
+template <typename... Args> constexpr bool all_of(Args... args) noexcept {
+  return all_of({args...}); // COMPLIANT - explicitly initialized via varargs
+}
+
+void test_all_of() { all_of(true, false, false); }