Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

M7-3-6: Refine detection of using within function/class scope #400

Closed
lcartey opened this issue Oct 5, 2023 · 2 comments · Fixed by #533
Closed

M7-3-6: Refine detection of using within function/class scope #400

lcartey opened this issue Oct 5, 2023 · 2 comments · Fixed by #533
Assignees
@rvermeulen
Labels
Difficulty-Low A false positive or false negative report which is expected to take <1 day effort to address false positive/false negative An issue related to observed false positives or false negatives. Impact-Medium user-report Issue reported by an end user of CodeQL Coding Standards

Comments

@lcartey
Copy link
Collaborator

lcartey commented Oct 5, 2023
edited
Loading

Affected rules

  • M7-3-6

Description

The rule states:

using-directives and using-declarations (excluding class scope or function scope using-declarations) shall not be used in header files.

However, we currently permit both using declarations and using directives in function/class scope - we should refine this.

In addition, some using directives/declarations appear to be "orphaned" in our model - i.e. be located within a function or class, but with a fake parent which is not otherwise connected to the AST. We should exclude these to avoid false positives.

Example

template<typename T>
void foo(T& t){
  using some_namespace::func; // COMPLIANT[FALSE_POSITIVE] - not directly reproducible today
  func(t);
}

template<typename T>
class base{
protected:
  void foo(T);
};

template<typename T>
class derived: base<T> {
public:
  using base::foo; // COMPLIANT[FALSE_POSITIVE]
  void foo(T,T);
};
@lcartey lcartey added Difficulty-Low A false positive or false negative report which is expected to take <1 day effort to address false positive/false negative An issue related to observed false positives or false negatives. Impact-Medium user-report Issue reported by an end user of CodeQL Coding Standards labels Oct 5, 2023
@lcartey lcartey changed the title M7-3-6: Exclude using declarations in function scope M7-3-6: Exclude using declarations in function and class scope Oct 5, 2023
@lcartey lcartey changed the title M7-3-6: Exclude using declarations in function and class scope M7-3-6: Exclude orphaned using directives/declarations Oct 6, 2023
@lcartey lcartey changed the title M7-3-6: Exclude orphaned using directives/declarations M7-3-6: Refine detection of using within function/class scope Oct 6, 2023
@rvermeulen rvermeulen self-assigned this Feb 8, 2024
rvermeulen added a commit to rvermeulen/codeql-coding-standards that referenced this issue Feb 13, 2024
@rvermeulen
Address FN reported in github#400
02bab28 
Only using-declaratons are exempt from class- and
function-scope use.
@rvermeulen rvermeulen mentioned this issue Feb 13, 2024
Merged
30 tasks
@rvermeulen
Copy link
Collaborator

Resolved FN, but couldn't reproduce FPs in provided test case. No FPs were found in OpenPilot. Anymore information to construct a test case to trigger the second FP?

@knewbury01
Copy link
Contributor

@lcartey thoughts on FP reproduction? I saw a note that you were able to reproduce the FP in the template class at least?

I was thinking maybe it was lack of instantiations in that, but adding this bit still did not allow for recreation

template class derived<int>;
extern derived<int> d;
void use_fun(){
  d.foo(1);
}

github-merge-queue bot pushed a commit that referenced this issue Feb 14, 2024
@knewbury01
Merge pull request #533 from rvermeulen/rvermeulen/fix-400
e204fc4 
Address FN reported in #400
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rvermeulen rvermeulen

Labels
Difficulty-Low A false positive or false negative report which is expected to take <1 day effort to address false positive/false negative An issue related to observed false positives or false negatives. Impact-Medium user-report Issue reported by an end user of CodeQL Coding Standards
Projects
Coding Standards Public Development Board
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Address FN reported in #400 rvermeulen/codeql-coding-standards
3 participants
@rvermeulen @lcartey @knewbury01