A5-2-2: Exclude results in uninstantiated templates, explain limitations

[lcartey]

Description

The scope of this rule is intended to be so-called "c-style" casts. Unfortunately, our query for this rule has both false positives and false negatives due the way such casts are modelled in CodeQL.

Firstly, the CStyleCast CodeQL class includes "function notation" casts such as:

int(x);
A(x); // where `A` is some type with a suitable single argument constructor

I don't believe these are intended to part of the AUTOSAR rule, as they are not legal C casts, and therefore I don't think they count as "C-Style". Furthermore, the distinction is lost at the database schema level, so there's no universal query-level approach to distinguish between c-style and functional notation casts.

Secondly, if a c-style (or functional notation) cast results in a constructor call to a single argument constructor, the CStyleCast is not added to the database, and instead is replaced with the direct ConstructorCall. Again, at a database schema level, there is no universal way to determine if a particular constructor call was created from a cast, as the information has been lost.

As a consequence this query:

• Produces false positives when primitive types are cast using the "functional notation" syntax.
• Produces false negatives when a C-style cast is converted to a ConstructorCall e.g. when the argument type is compatible with a single-argument constructor.

This PR:

• Adds the clarifications above to the query, the tests and the implementation_scope.
• Addresses one small edge case that we can control, by not reporting casts on template parameters, and instead relying on reporting casts in the specific instantiations of the class. This avoid false positives where the functional notation cast is used to "call" a constructor e.g. T(x), and where in the instantiation the cast will be replaced with a ConstructorCall and therefore not reported. In practice, I believe this will remove the most common cause of false positives.

Change request type

• Release or process automation (GitHub workflows, internal scripts)
• Internal documentation
• External documentation
• Query files (.ql, .qll, .qls or unit tests)
• External scripts (analysis report or other code shipped as part of a release)

Rules with added or modified queries

• No rules added
• Queries have been added for the following rules:
  • rule number here
• Queries have been modified for the following rules:
  • A5-2-2

Release change checklist

A change note (development_handbook.md#change-notes) is required for any pull request which modifies:

• The structure or layout of the release artifacts.
• The evaluation performance (memory, execution time) of an existing query.
• The results of an existing query in any circumstance.

If you are only adding new rule queries, a change note is not required.

Author: Is a change note required?

• Yes
• No

🚨🚨🚨
Reviewer: Confirm that format of shared queries (not the .qll file, the
.ql file that imports it) is valid by running them within VS Code.

• Confirmed

Reviewer: Confirm that either a change note is not required or the change note is required and has been added.

• Confirmed

Query development review checklist

For PRs that add new queries or modify existing queries, the following checklist should be completed by both the author and reviewer:

Author

• Have all the relevant rule package description files been checked in?
• Have you verified that the metadata properties of each new query is set appropriately?
• Do all the unit tests contain both "COMPLIANT" and "NON_COMPLIANT" cases?
• Are the alert messages properly formatted and consistent with the style guide?
• Have you run the queries on OpenPilot and verified that the performance and results are acceptable?
  As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.
• Does the query have an appropriate level of in-query comments/documentation?
• Have you considered/identified possible edge cases?
• Does the query not reinvent features in the standard library?
• Can the query be simplified further (not golfed!)

Reviewer

• Have all the relevant rule package description files been checked in?
• Have you verified that the metadata properties of each new query is set appropriately?
• Do all the unit tests contain both "COMPLIANT" and "NON_COMPLIANT" cases?
• Are the alert messages properly formatted and consistent with the style guide?
• Have you run the queries on OpenPilot and verified that the performance and results are acceptable?
  As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.
• Does the query have an appropriate level of in-query comments/documentation?
• Have you considered/identified possible edge cases?
• Does the query not reinvent features in the standard library?
• Can the query be simplified further (not golfed!)

[jsinglet]

Note for author and reviewer: https://en.cppreference.com/w/cpp/language/explicit_cast

Take a look at the "Ambiguity Resolution" section -- there are some interesting cases that look probable.

[mbaluda]

Note for author and reviewer: https://en.cppreference.com/w/cpp/language/explicit_cast
Take a look at the "Ambiguity Resolution" section -- there are some interesting cases that look probable.

These are good examples to test the extractor but do not seem directly useful for this query.
I created a DB and confirmed that ill-formed statements do not compile, and that function and object declarations don't get mixed up.

[mbaluda]

LGTM

[github-actions]

🤖 Beep Boop! Matrix Testing for this PR has been initiated. Please check back later for results.

💡 If you do not hear back from me please check my status! I will report even if this PR does not contain files eligible for matrix testing.

[jsinglet]

🤖 Beep Boop! gcc/c/x86_64 Matrix Testing for this PR has been completed but I didn't find anything to test!

[jsinglet]

🤖 Beep Boop! clang/c/x86_64 Matrix Testing for this PR has been completed but I didn't find anything to test!

[github-actions]

🤖 Beep Boop! Matrix Testing for this PR has been initiated. Please check back later for results.

💡 If you do not hear back from me please check my status! I will report even if this PR does not contain files eligible for matrix testing.

[jsinglet]

🤖 Beep Boop! clang/cpp/x86_64 Matrix Testing for this PR has been completed. See below for the results!

QUERY                : TraditionalCStyleCastsUsed
RULE                 : A5-2-2
TEST_DIFFERENCE      : 
SUITE                : AUTOSAR
COMPILE_PASS         : False
COMPILE_ERROR_OUTPUT : [2023-03-06 20:35:28] [build-stderr] /__w/codeql-coding-standards-release-engineering/codeql-coding-standards-release-engineering/codeql-coding-standards/cpp/autosar/test/rules/A5-2-2/test.cpp:74:10: fatal error: 'macro_c_style_casts.h' file not found
                       [2023-03-06 20:35:28] [build-stderr] #include "macro_c_style_casts.h"
                       [2023-03-06 20:35:28] [build-stderr]          ^~~~~~~~~~~~~~~~~~~~~~~
                       [2023-03-06 20:35:28] [build-stderr] 1 error generated.
                       [2023-03-06 20:35:28] [ERROR] Spawned process exited abnormally (code 1; tried to run: [/__w/codeql-coding-standards-release-engineering/codeql-coding-standards-release-engineering/codeql/tools/linux64/preload_tracer, clang++, -std=c++14, -fsyntax-only, /__w/codeql-coding-standards-release-engineering/codeql-coding-standards-release-engineering/codeql-coding-standards/cpp/autosar/test/rules/A5-2-2/test.cpp])
                       
TEST_PASS            : False
PACKAGE              : BannedSyntax

[jsinglet]

🤖 Beep Boop! clang/c/x86_64 Matrix Testing for this PR has been completed but I didn't find anything to test!

[jsinglet]

🤖 Beep Boop! gcc/c/x86_64 Matrix Testing for this PR has been completed but I didn't find anything to test!

[jsinglet]

🤖 Beep Boop! gcc/cpp/x86_64 Matrix Testing for this PR has been completed. See below for the results!

TEST_PASS            : False
SUITE                : AUTOSAR
QUERY                : TraditionalCStyleCastsUsed
PACKAGE              : BannedSyntax
COMPILE_PASS         : False
RULE                 : A5-2-2
COMPILE_ERROR_OUTPUT : [2023-03-06 20:37:27] [build-stderr] /__w/codeql-coding-standards-release-engineering/codeql-coding-standards-release-engineering/codeql-coding-standards/cpp/autosar/test/rules/A5-2-2/test.cpp:74:10: fatal error: macro_c_style_casts.h: No such file or directory
                       [2023-03-06 20:37:27] [build-stderr]  #include "macro_c_style_casts.h"
                       [2023-03-06 20:37:27] [build-stderr]           ^~~~~~~~~~~~~~~~~~~~~~~
                       [2023-03-06 20:37:27] [build-stderr] compilation terminated.
                       [2023-03-06 20:37:28] [ERROR] Spawned process exited abnormally (code 1; tried to run: [/__w/codeql-coding-standards-release-engineering/codeql-coding-standards-release-engineering/codeql/tools/linux64/preload_tracer, g++, -std=c++14, -fsyntax-only, /__w/codeql-coding-standards-release-engineering/codeql-coding-standards-release-engineering/codeql-coding-standards/cpp/autosar/test/rules/A5-2-2/test.cpp])
                       
TEST_DIFFERENCE      : 

[jsinglet]

🤖 Beep Boop! clang/cpp/x86_64 Matrix Testing for this PR has been completed. See below for the results!

COMPILE_PASS         : False
PACKAGE              : BannedSyntax
QUERY                : TraditionalCStyleCastsUsed
RULE                 : A5-2-2
COMPILE_ERROR_OUTPUT : [2023-03-06 20:37:31] [build-stderr] /__w/codeql-coding-standards-release-engineering/codeql-coding-standards-release-engineering/codeql-coding-standards/cpp/autosar/test/rules/A5-2-2/test.cpp:74:10: fatal error: 'macro_c_style_casts.h' file not found
                       [2023-03-06 20:37:31] [build-stderr] #include "macro_c_style_casts.h"
                       [2023-03-06 20:37:31] [build-stderr]          ^~~~~~~~~~~~~~~~~~~~~~~
                       [2023-03-06 20:37:31] [build-stderr] 1 error generated.
                       [2023-03-06 20:37:32] [ERROR] Spawned process exited abnormally (code 1; tried to run: [/__w/codeql-coding-standards-release-engineering/codeql-coding-standards-release-engineering/codeql/tools/linux64/preload_tracer, clang++, -std=c++14, -fsyntax-only, /__w/codeql-coding-standards-release-engineering/codeql-coding-standards-release-engineering/codeql-coding-standards/cpp/autosar/test/rules/A5-2-2/test.cpp])
                       
TEST_PASS            : False
SUITE                : AUTOSAR
TEST_DIFFERENCE      : 

[jsinglet]

🤖 Beep Boop! gcc/cpp/x86_64 Matrix Testing for this PR has been completed. See below for the results!

PACKAGE              : BannedSyntax
QUERY                : TraditionalCStyleCastsUsed
SUITE                : AUTOSAR
RULE                 : A5-2-2
COMPILE_PASS         : False
COMPILE_ERROR_OUTPUT : [2023-03-06 20:37:46] [build-stderr] /__w/codeql-coding-standards-release-engineering/codeql-coding-standards-release-engineering/codeql-coding-standards/cpp/autosar/test/rules/A5-2-2/test.cpp:74:10: fatal error: macro_c_style_casts.h: No such file or directory
                       [2023-03-06 20:37:46] [build-stderr]  #include "macro_c_style_casts.h"
                       [2023-03-06 20:37:46] [build-stderr]           ^~~~~~~~~~~~~~~~~~~~~~~
                       [2023-03-06 20:37:46] [build-stderr] compilation terminated.
                       [2023-03-06 20:37:46] [ERROR] Spawned process exited abnormally (code 1; tried to run: [/__w/codeql-coding-standards-release-engineering/codeql-coding-standards-release-engineering/codeql/tools/linux64/preload_tracer, g++, -std=c++14, -fsyntax-only, /__w/codeql-coding-standards-release-engineering/codeql-coding-standards-release-engineering/codeql-coding-standards/cpp/autosar/test/rules/A5-2-2/test.cpp])
                       
TEST_DIFFERENCE      : 
TEST_PASS            : False

[jsinglet]

🤖 Beep Boop! Matrix Testing for this PR has been completed. If no reports were posted it means this PR does not contain things that need matrix testing!

[jsinglet]

🤖 Beep Boop! Matrix Testing for this PR has been completed. If no reports were posted it means this PR does not contain things that need matrix testing!

[github-actions]

🤖 Beep Boop! Matrix Testing for this PR has been initiated. Please check back later for results.

💡 If you do not hear back from me please check my status! I will report even if this PR does not contain files eligible for matrix testing.

[jsinglet]

🤖 Beep Boop! gcc/c/x86_64 Matrix Testing for this PR has been completed but I didn't find anything to test!

[jsinglet]

🤖 Beep Boop! clang/c/x86_64 Matrix Testing for this PR has been completed but I didn't find anything to test!

[jsinglet]

🤖 Beep Boop! clang/cpp/x86_64 Matrix Testing for this PR has been completed. See below for the results!

RULE                 : A5-2-2
QUERY                : TraditionalCStyleCastsUsed
COMPILE_PASS         : True
TEST_DIFFERENCE      : 
TEST_PASS            : True
PACKAGE              : BannedSyntax
SUITE                : AUTOSAR
COMPILE_ERROR_OUTPUT : 

[jsinglet]

🤖 Beep Boop! gcc/cpp/x86_64 Matrix Testing for this PR has been completed. See below for the results!

SUITE                : AUTOSAR
TEST_DIFFERENCE      : 
COMPILE_PASS         : True
COMPILE_ERROR_OUTPUT : 
QUERY                : TraditionalCStyleCastsUsed
PACKAGE              : BannedSyntax
RULE                 : A5-2-2
TEST_PASS            : True

[jsinglet]

🤖 Beep Boop! Matrix Testing for this PR has been completed. If no reports were posted it means this PR does not contain things that need matrix testing!