Skip to content

v2.45.0

Latest
Latest
Compare
Choose a tag to compare
@github-actions github-actions released this 21 May 18:06
v2.45.0
3b16880
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Release summary

  • New queries added for the following rule packages: FloatingPoint
  • The following changes have been made for this release:
    • RULE-1-4 - EmergentLanguageFeaturesUsed.ql:
      • Allow usage of atomics, thread.h, and _Thread_local as per Misra C 2012 Amendment 4.
    • RULE-21-22, RULE-21-23 - TgMathArgumentWithInvalidEssentialType.ql, TgMathArgumentsWithDifferingStandardType.ql
      • Change type-generic macro analysis for finding macro parameters to be compatible with gcc, by ignoring early arguments inserted by gcc.
      • Change explicit conversion logic to ignore the explicit casts inserted in macro bodies by clang, which previously overruled the argument essential type.
    • RULE-13-2 - UnsequencedAtomicReads.ql:
      • Handle statement expression implementation of atomic operations in gcc.
    • RULE-21-25 - InvalidMemoryOrderArgument.ql:
      • Handle case of where the enum memory_order is declared via a typedef as an anonymous enum.
      • Rewrite how atomically sequenced operations are found; no longer look for builtins or internal functions, instead look for macros with the exact expected name and analyze the macro bodies for the memory sequence parameter.
    • RULE-9-7 - UninitializedAtomicArgument.ql:
      • Handle gcc case where atomic_init is defined is a call to atomic_store, and take a more flexible approach to finding the initialized atomic variable.
    • DIR-4-15 - PossibleMisuseOfUndetectedInfinity.ql, PossibleMisuseOfUndetectedNaN.ql:
      • Fix issue when analyzing clang/gcc implementations of floating point classification macros, where analysis incorrectly determined that x in isinf(x) was guaranteed to be infinite at the call site itself, affecting later analysis involving x.
    • The following query suites have been added or modified for CERT C:
      • A new query suite has been created cert-c-default.qls to avoid confusion with the CERT C++ query suites. The cert-default.qls suite has been deprecated, and will be removed in a future releases, and is replaced by the cert-c-default.qls suite.
        • The cert-c-default.qls suite has been specified as the default for the pack, and will include our most up-to-date coverage for CERT C.
      • One new query suite, cert-c-recommended.qls has been added to enable running CERT recommendations (as opposed to rules) that will be added in the future.
      • The default query suite, cert-c-default.qls has been set to exclude CERT recommendations (as opposed to rules) that will be added in the future.
    • The following query suites have been added or modified for CERT C++:
      • A new query suite has been created cert-cpp-default.qls to avoid confusion with the CERT C query suites. The cert-default.qls suite has been deprecated, and will be removed in a future releases, and is replaced by the cert-cpp-default.qls suite.
        • The cert-cpp-default.qls suite has been specified as the default for the pack, and will include our most up-to-date coverage for CERT C.
      • A new query suite has been created cert-cpp-single-translation-unit.qls to avoid confusion with the CERT C query suites. The cert-single-translation-unit.qls suite has been deprecated, and will be removed in a future releases, and is replaced by the cert-cpp-single-translation-unit.qls suite.
    • DIR-4-15 - PossibleMisuseOfUndetectedInfinity.ql, PossibleMisuseOfUndetectedNaN.ql:
      • Add logic to suppress NaNs from the CodeQL extractor in the new restricted range analysis, which can have unexpected downstream effects.
      • Alter the behavior of floating point class guards (such as isinf, isfinite, isnan) to more correctly reflect the branches that have been guarded.
      • Query files have been moved/refactored to share logic across MISRA-C and MISRA-C++; no observable change in behavior from this is expected.
    • All CERT rules now include additional tags to represent the Risk Assessment properties specified on CERT rules.
      • In addition, new query suites are included which allow the selection of queries that represent CERT Rules (not Recommendations) for each of the Levels (1-3). These are called cert-<lang>-<level>.qls and can be used either directly in the CodeQL CLI, or via the CodeQL Action.
    • Support for MISRA C 2023 is now completed.
      • The default query suites for MISRA C now target MISRA C 2023.
      • The user manual has been updated to list MISRA C 2023 as completed.
      • The misra-c-2012-third-edition-with-amendment-2.qls query suite can be used to run the queries present in MISRA C 2012 (3rd Edition) and Amendment 2.

Supported versions

  • The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
  • The Code Scanning pack is supported when:
    • Using the CodeQL CLI version 2.19.4 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.19.4.
    • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.19.4.

Appendix: MISRA-C++-2023 new queries

New queries added to cover the following rules:

  • DIR-0-3-1 - PossibleMisuseOfInfiniteFloatingPointValue.ql, PossibleMisuseOfNaNFloatingPointValue.ql
Assets 9
Loading