v2.35.0

Release summary

• No new queries were added for this release

• The following changes have been made for this release:

  • RULE-11-1 - ConversionBetweenFunctionPointerAndOtherType.ql:
    • Fixed issue #331 - consider 0 a null pointer constant.
  • RULE-11-4 - ConversionBetweenPointerToObjectAndIntegerType.ql:
    • Fixed issue #331 - consider 0 a null pointer constant.
    • Improve reporting of the order of the cast and the actual types involved.
    • Improve reporting where the result is expanded from a macro by either reporting the macro itself (if it is not dependent on the context) or by including a link to the macro in the alert message.
  • RULE-11-5 - ConversionFromPointerToVoidIntoPointerToObject.ql:
    • Fixed issue #331 - consider 0 a null pointer constant.
  • RULE-11-6 - CastBetweenPointerToVoidAndArithmeticType.ql:
    • Fixed issue #331 - accept integer constant expressions with value 0 instead of null pointer constants.
  • RULE-11-9 - MacroNullNotUsedAsIntegerNullPointerConstant.ql:
    • Remove false positives in branches of ternary expressions, where 0 was used correctly.

• A2-7-3 - UndocumentedUserDefinedType.ql:

  • Fixes #606. Fix false positive relating to friend functions in template classes.

• M0-1-3 - UnusedLocalVariable.ql:

  • Fixes #658. Considers usage of const/constexpr variables in array size and function parameters that are used in arguments of template functions.

• RULE-12-2 - RightHandOperandOfAShiftRange.ql:

  • Reduce false positives related to ranges determined by %=.
  • Reduce false positives for integer constants with explicit size suffix were incorrectly identified as smaller types.
  • Improve explanation of results, providing additional information on types and size ranges.
  • Combine results stemming from the expansion of a macro, where the result is not dependent on the context.

• RULE-5-8 - IdentifiersWithExternalLinkageNotUnique.ql

  • Remove false positives where conflicting declarations do not appear in the same link target.

• RULE-10-1 - OperandsOfAnInappropriateEssentialType.ql

  • Reduce false negatives by supporting operands to the ~ operator with the incorrect essential type.
  • Reduce false positives by identifying the essential type of !<expr> as essentially boolean type.
  • Improve clarity reporting by reporting the violating operand, instead of the operator, and addressing message typos.

• M0-1-9 - DeadCode.qll:

  • Fixes #678. Remove dead code false positive when integer constant expression is used to define the size of an array.

• RULE-8-3 - DeclarationsOfAnObjectSameNameAndType.ql

  • Remove false positives where two conflicting declarations are never linked together.

• M3-4-1 - UnnecessaryExposedIdentifierDeclarationShared.qll:

  • Fixes #665. Exclude variables that are constexpr and coming from template instantiations.

• RULE-7-2 - UOrUSuffixRepresentedInUnsignedType.ql

  • Remove false positives where integer constants are generated from macros.
  • Remove false positives where a signed integer is implicitly converted to unsigned, which is permitted by the standard.

• A1-1-2 - CompilerWarningLevelNotInCompliance.ql:

  • Report non-compliance for compilations that use the error-suppressing -w flag.

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.14.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.14.6.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.14.6.

v2.34.0

Release summary

• New queries added for the following rule packages: Representation
• The following changes have been made for this release:
• M0-2-1 - DoNotPassAliasedPointerToRestrictQualifiedParam.ql:
  • Fixes #119. Adds shared query to cover missing detection of overlapping arrays or pointers in specific list of functions that list undefined behaviour when their parameters overlap.

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.14.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.14.6.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.14.6.

Appendix: AUTOSAR new queries

New queries added to cover the following rules:

• M0-2-1 - DoNotPassAliasedPointerToParam.ql

v2.33.0

Release summary

• New queries added for the following rule packages: ImportMisra23
• The following changes have been made for this release:
  • A7-2-1 - fix typo in some alert messages.
• MISRA C++ 2023:
  • Extend the project structure and provide initial support for query writing.
• A2-7-3 - UndocumentedUserDefinedType.ql:
  • Fixes #391. Declarations for which a Doxygen comment group provides documentation will no longer produce results.
• M0-1-10 - EncapsulatingFunctions.qll:
  • Fixes #646. Consider typedef'd int return types for main() function as MainFunction.
• PRE32-C - MacroOrFunctionArgsContainHashToken.ql:
  • Fixes #650. Correctly identifies presence of preprocessor directives in function calls.

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.14.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.14.6.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.14.6.

Appendix: MISRA-C++-2023 new queries

New queries added to cover the following rules:

• DIR-5-7-2 - SectionsOfCodeShouldNotBeCommentedOut.ql
• DIR-15-8-1 - CopyAndMoveAssignmentsShallHandleSelfAssignment.ql
• RULE-5-7-1 - CharacterSequenceUsedWithinACStyleComment.ql
• RULE-5-7-3 - LineSplicingUsedInComments.ql
• RULE-5-13-1 - BackslashCharacterMisuse.ql
• RULE-5-13-2 - NonTerminatedEscapeSequences.ql
• RULE-5-13-3 - OctalConstantsUsed.ql
• RULE-5-13-4 - UnsignedIntegerLiteralsNotAppropriatelySuffixed.ql
• RULE-5-13-5 - LowercaseLStartsInLiteralSuffix.ql
• RULE-6-0-3 - GlobalNamespaceDeclarations.ql
• RULE-6-0-4 - NonGlobalFunctionMain.ql
• RULE-6-2-1 - OneDefinitionRuleViolated.ql
• RULE-6-4-1 - VariableDeclaredInInnerScopeHidesOuterScope.ql
• RULE-6-4-2 - InheritedNonOverridableMemberFunction.ql, InheritedOverridableMemberFunction.ql, DefinitionShallBeConsideredForUnqualifiedLookup.ql
• RULE-6-4-3 - NameShallBeReferredUsingAQualifiedIdOrThis.ql, NameShallBeReferredUsingAQualifiedIdOrThisAudit.ql
• RULE-6-8-1 - ObjectAccessedBeforeLifetimeMisra.ql, ObjectAccessedAfterLifetimeMisra.ql
• RULE-6-8-2 - ReturnReferenceOrPointerToAutomaticLocalVariable.ql
• RULE-7-11-1 - NullptrNotTheOnlyFormOfTheNullPointerConstant.ql
• RULE-7-11-2 - ArrayPassedAsFunctionArgumentDecayToAPointer.ql
• RULE-8-2-3 - CastRemovesConstOrVolatileFromPointerOrReference.ql
• RULE-8-2-4 - CastsBetweenAPointerToFunctionAndAnyOtherType.ql
• RULE-8-2-5 - ReinterpretCastShallNotBeUsed.ql
• RULE-8-2-10 - FunctionsCallThemselvesEitherDirectlyOrIndirectly.ql
• RULE-8-3-1 - BuiltInUnaryOperatorAppliedToUnsignedExpression.ql
• RULE-8-18-2 - ResultOfAnAssignmentOperatorShouldNotBeUsed.ql
• RULE-8-19-1 - CommaOperatorShouldNotBeUsed.ql
• RULE-8-20-1 - UnsignedOperationWithConstantOperandsWraps.ql
• RULE-9-3-1 - SwitchBodyCompoundCondition.ql, LoopBodyCompoundCondition.ql
• RULE-9-4-1 - IfElseIfEndCondition.ql
• RULE-9-6-1 - GotoStatementShouldNotBeUsed.ql
• RULE-9-6-2 - GotoReferenceALabelInSurroundingBlock.ql
• RULE-9-6-3 - GotoShallJumpToLabelDeclaredLaterInTheFunction.ql
• RULE-9-6-4 - FunctionDeclaredWithTheNoreturnAttributeReturn.ql
• RULE-9-6-5 - NonVoidFunctionShallReturnAValueOnAllPaths.ql
• RULE-10-0-1 - UseSingleLocalDeclarators.ql, UseSingleGlobalOrMemberDeclarators.ql
• RULE-10-2-1 - EnumerationNotDefinedWithAnExplicitUnderlyingType.ql
• RULE-10-4-1 - AsmDeclarationShallNotBeUsed.ql
• RULE-11-3-2 - DeclarationOfAnObjectIndirectionsLevel.ql
• RULE-11-6-3 - NonUniqueEnumerationConstant.ql
• RULE-12-2-2 - BitFieldShallHaveAnAppropriateType.ql
• RULE-12-2-3 - SignedIntegerNamedBitFieldHaveALengthOfOneBit.ql
• RULE-13-1-2 - VirtualAndNonVirtualClassInTheHierarchy.ql
• RULE-13-3-2 - OverridingShallSpecifyDifferentDefaultArguments.ql
• RULE-13-3-4 - PotentiallyVirtualPointerOnlyComparesToNullptr.ql
• RULE-15-1-1 - ObjectsDynamicTypeUsedFromConstructorOrDestructor.ql
• RULE-15-1-2 - InitializeAllVirtualBaseClasses.ql
• RULE-15-1-5 - InitializerListConstructorIsTheOnlyConstructor.ql
• RULE-16-5-2 - AddressOfOperatorOverloaded.ql
• RULE-17-8-1 - FunctionTemplatesExplicitlySpecialized.ql
• RULE-18-1-1 - ExceptionObjectHavePointerType.ql
• RULE-18-1-2 - EmptyThrowOnlyWithinACatchHandler.ql
• RULE-18-3-3 - HandlersReferToNonStaticMembersFromTheirClass.ql
• RULE-18-5-1 - NoexceptFunctionShouldNotPropagateToTheCaller.ql
• RULE-19-0-2 - FunctionLikeMacrosDefined.ql
• RULE-19-0-3 - IncludeDirectivesPrecededByPreprocessorDirectives.ql
• RULE-19-1-3 - IdentifiersUsedInTheControllingExpressionOf.ql
• RULE-19-2-3 - CharsThatShouldNotOccurInHeaderFileName.ql
• RULE-19-3-1 - AndPreprocessorOperatorsShouldNotBeUsed.ql
• RULE-19-3-2 - MacroParameterFollowingHash.ql
• RULE-19-3-3 - AMixedUseMacroArgumentSubjectToExpansion.ql
• RULE-19-3-5 - TokensThatLookLikeDirectivesInAMacroArgument.ql
• RULE-21-2-1 - AtofAtoiAtolAndAtollUsed.ql
• RULE-21-2-4 - MacroOffsetofShallNotBeUsed.ql
• RULE-21-6-4 - GlobalSizedOperatorDeleteShallBeDefined.ql, GlobalUnsizedOperatorDeleteShallBeDefined.ql
• RULE-21-6-5 - PointerToAnIncompleteClassTypeDeleted.ql
• RULE-21-10-3 - CsignalFacilitiesUsed.ql, CsignalTypesShallNotBeUsed.ql
• RULE-25-5-2 - PointersReturnedByLocaleFunctionsMustBeUsedAsConst.ql
• RULE-25-5-3 - CallToSetlocaleInvalidatesOldPointersMisra.ql, CallToSetlocaleInvalidatesOldPointersWarnMisra.ql
• RULE-26-3-1 - VectorShouldNotBeSpecializedWithBool.ql
• RULE-28-6-2 - ForwardingReferencesAndForwardNotUsedTogether.ql
• RULE-28-6-3 - ObjectUsedWhileInPotentiallyMovedFromState.ql
• RULE-30-0-1 - CstdioFunctionsShallNotBeUsed.ql, CstdioMacrosShallNotBeUsed.ql, CstdioTypesShallNotBeUsed.ql
• RULE-30-0-2 - ReadsAndWritesOnStreamNotSeparatedByPositioning.ql

v2.32.0

Release summary

• No new queries were added for this release
• The following changes have been made for this release:
• A0-4-4,FLP32-C - UncheckedRangeDomainPoleErrors.ql:
  • Fixes #193. Adds missing cases for domain errors, an unspecified result case and pole error cases.
• M0-1-3 - UnusedGlobalOrNamespaceVariable.ql
  • Reduces false positives by excluding compiler generated variables, and variables in uninstantiated templates.
• A3-9-1 - VariableWidthIntegerTypesUsed.ql:
  • Fixes #614. Excludes post increment and decrement operators.
• M9-3-3 - MemberFunctionStaticIfPossible.ql:
  • Fixes #616. Exclude uninstantiated templates.
• RULE-8-3 - DeclarationsOfAnObjectSameNameAndType.ql:
  • Fixes #618. Consider anonymous structs.
• A3-1-5 - NonTrivialNonTemplateFunctionDefinedInsideClassDefinition.ql, TrivialOrTemplateFunctionDefinedOutsideClassDefinition.ql:
  • Fixes #611. Relax definition of trivial length of trivial member function to 10 LOC.
• A7-1-1 - DeclarationUnmodifiedObjectMissingConstSpecifier.ql:
  • Fixes #621. Exclude template instantiations that come from constexpr templates.
• A7-1-7 - IdentifierDeclarationAndInitializationNotOnSeparateLines.ql:
  • Fixes #628. Excludes Functions.
  • Fixes #630. Excludes struct identifiers and variables on the same line when a typedef is used.

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.14.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.14.6.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.14.6.

v2.31.0

Release summary

• No new queries were added for this release
• The following changes have been made for this release:
• M0-1-2 - InfeasiblePath.ql:
  • Fixes #376. For template functions we now only report when a path is infeasible regardless of instantiations present.

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.14.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.14.6.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.14.6.

v2.30.0

Release summary

• No new queries were added for this release
• The following changes have been made for this release:
• A18-5-8 - UnnecessaryUseOfDynamicStorage.ql:
  • Address FP reported in #20. Add model of flow from MakeSharedOrUnique to return expression to capture copy/move elision case NRVO.
• A7-1-2 - VariableMissingConstexpr.ql:
  • Fixes #607. Remove false positives for compiler generated variables and in uninstantiated templates

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.14.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.14.6.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.14.6.

v2.29.0

Release summary

• No new queries were added for this release
• The following changes have been made for this release:
• STR32-C - NonNullTerminatedToFunctionThatExpectsAString.ql:
  • Fixes #31. Realloc was not modelled previously.
• A2-10-1, RULE-5-3 - IdentifierHiding.ql, IdentifierHidingC.ql:
  • Revert some changes previously made in PR #546 (addressing issue #118). Revert expansion to function identifiers.

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.14.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.14.6.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.14.6.

v2.28.0

Release summary

• No new queries were added for this release
• The following changes have been made for this release:
• A2-10-1, RULE-5-3 - IdentifierHiding.ql, IdentifierHidingC.ql:
  • Address FN reported in #118. Rule was missing detection of functions. Additionally omitted class template instantiations.
  • Fix FP for identifiers in nested namespaces.
    M9-3-3: MemberFunctionConstIfPossible.ql:
    • Fix FP reported in 381. Omit member functions that return nonconst reference types.
• A13-2-2 - BinaryOperatorAndBitwiseOperatorReturnAPrvalue.ql:
  • Replaced the usage of getIdentityString() with toString() to avoid expensive computation to display the Operator names which were causing crashes on production code.

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.14.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.14.6.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.14.6.

v2.27.1 [Certified]

This release of CodeQL Coding Standards is certified as a software tool suitable for use in safety-related development projects according to ISO26262:2018 for any ASIL.

Release summary

• No new queries were added for this release
• Add precompiled queries

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.14.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.14.6.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.14.6.

v2.27.0

Release summary

• No new queries were added for this release
• The following changes have been made for this release:
• A3-3-1 - ExternalLinkageNotDeclaredInHeaderFile.ql:
  • Adjust the alert message to comply with the style guide.
• CTR55-CPP - DoNotUseAnAdditiveOperatorOnAnIterator.ql:
  • Address reported FP in #374. Improve logic on valid end checks and size checks on iterators.
• RULE-6-1 - BitFieldsShallOnlyBeDeclaredWithAnAppropriateType.ql:
  • Address FP reported in #318. Add support for implementation specific bitfield types for Clang and Gcc.

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.14.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.14.6.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.14.6.