Skip to content

v2.43.0

Latest
Latest
Compare
Choose a tag to compare
@github-actions github-actions released this 24 Mar 18:30
v2.43.0
cf2b300
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Release summary

  • New queries added for the following rule packages: Declarations9, SideEffects3
  • The following changes have been made for this release:
    • RULE-11-3 - CastBetweenObjectPointerAndDifferentObjectType.ql
      • Constrain exception that pointer types to may be cast to char types, so that it does not apply to atomic pointer types, in compliance with MISRA-C 2012 Amendment 4.
    • RULE-11-8 - CastRemovesConstOrVolatileQualification.ql
      • Query expanded to detect cases of removing _Atomic qualification, in compliance with MISRA-C 2012 Amendment 4.
    • EXP33-C, RULE-9-1, A8-5-0, EXP53-CPP - DoNotReadUninitializedMemory.ql, ObjectWithAutoStorageDurationReadBeforeInit.ql, MemoryNotInitializedBeforeItIsRead.ql, DoNotReadUninitializedMemory.ql
      • Atomic local variables excluded from query results, in compliance with MISRA-C 2012 Amendment 4, and to reduce false positives in the other standards.
    • RULE-13-2 - UnsequencedAtomicReads.ql
      • New query to find expressions which read an atomic variable more than once between sequence points, to address new case from MISRA-C 2012 Amendment 4.
    • RULE-3-1 - CharacterSequencesAndUsedWithinAComment.ql
      • Add exception allowing URLs inside of cpp-style /* ... */ comments, in compliance with MISRA-C 2012 Amendment 4.
      • No longer report cases of //*some comment in this rule.
    • A new in code deviation format has been introduced, using the C/C++ attribute syntax: 
      [[codeql::<standard>_deviation("<code-identifier>")]]
      This can be applied to functions, statements and variables to apply a deviation from the Coding Standards configuration file. The user manual has been updated to describe the new format.
    • For those codebases that cannot use standard attributes, we have also introduced a comment based syntax 
      // codeql::<standard>_deviation(<code-identifier>)
// codeql::<standard>_deviation_next_line(<code-identifier>)
// codeql::<standard>_deviation_begin(<code-identifier>)
// codeql::<standard>_deviation_end(<code-identifier>)
      Further information is available in the user manual.
    • RULE-8-7 - ShouldNotBeDefinedWithExternalLinkage.ql:
      • Remove false positives where the declaration is not defined in the database.
      • Remove false positives where the definition and reference are in different translation units.
      • Remove false positives where the reference occurs in a header file.
    • RULE-8-3 - DeclarationsOfAFunctionSameNameAndType.ql:
      • Implement new exception, unnamed parameters are not covered by this rule.
    • RULE-10-2 - AdditionSubtractionOnEssentiallyCharType.ql:
      • Disallow + and - operations with an essentially char type and other types larger than int type.
      • Note, this change affects the essential type of such expressions, which may affect other essential types rules.
    • RULE-18-1, M5-0-16 - PointerAndDerivedPointerMustAddressSameArray.ql, PointerAndDerivedPointerAccessDifferentArray.ql:
      • Treat casts to byte pointers as pointers to arrays of the size of the pointed-to type.
      • Fix typo in report message, "passed" replaced with "past."
      • Suppress results where range analysis appears potentially unreliable.
    • RULE-21-10, RULE-25-5-3, ENV34-C - CallToSetlocaleInvalidatesOldPointers.ql, CallToSetlocaleInvalidatesOldPointersMisra.ql, DoNotStorePointersReturnedByEnvFunctions.ql:
      • Report usage of returned pointers from asctime, ctime, during a call to either of the former.
      • Report usage of returned pointers from gmtime, localtime, during a call to either of the former.

Supported versions

  • The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
  • The Code Scanning pack is supported when:
    • Using the CodeQL CLI version 2.19.4 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.19.4.
    • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.19.4.

Appendix: MISRA-C-2012 new queries

New queries added to cover the following rules:

  • RULE-11-10 - AtomicQualifierAppliedToVoid.ql
  • RULE-13-2 - UnsequencedAtomicReads.ql
Assets 9
Loading