diff --git a/c/cert/src/qlpack.yml b/c/cert/src/qlpack.yml index f5ab2b9706..55a6333b43 100644 --- a/c/cert/src/qlpack.yml +++ b/c/cert/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cert-c-coding-standards -version: 2.15.0 +version: 2.15.1 description: CERT C 2016 suites: codeql-suites license: MIT diff --git a/c/cert/test/qlpack.yml b/c/cert/test/qlpack.yml index a24192d7e4..79a2734e3a 100644 --- a/c/cert/test/qlpack.yml +++ b/c/cert/test/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cert-c-coding-standards-tests -version: 2.15.0 +version: 2.15.1 extractor: cpp license: MIT dependencies: diff --git a/c/common/src/qlpack.yml b/c/common/src/qlpack.yml index ef9ff32df1..0d885c03b0 100644 --- a/c/common/src/qlpack.yml +++ b/c/common/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/common-c-coding-standards -version: 2.15.0 +version: 2.15.1 license: MIT dependencies: codeql/common-cpp-coding-standards: '*' diff --git a/c/common/test/qlpack.yml b/c/common/test/qlpack.yml index a25a79e940..0aa943e037 100644 --- a/c/common/test/qlpack.yml +++ b/c/common/test/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/common-c-coding-standards-tests -version: 2.15.0 +version: 2.15.1 extractor: cpp license: MIT dependencies: diff --git a/c/misra/src/codingstandards/c/misra/EssentialTypes.qll b/c/misra/src/codingstandards/c/misra/EssentialTypes.qll index 697a24513f..9bec0e518f 100644 --- a/c/misra/src/codingstandards/c/misra/EssentialTypes.qll +++ b/c/misra/src/codingstandards/c/misra/EssentialTypes.qll @@ -31,24 +31,61 @@ class EssentialTypeCategory extends TEssentialTypeCategory { } } +/** + * An expression in the program that evaluates to a compile time constant signed or unsigned integer. + */ +private class ConstantIntegerExpr extends Expr { + pragma[noinline] + ConstantIntegerExpr() { + getEssentialTypeCategory(this.getType()) = + [ + EssentiallyUnsignedType().(EssentialTypeCategory), + EssentiallySignedType().(EssentialTypeCategory) + ] and + exists(this.getValue().toFloat()) and + not this instanceof Conversion + } +} + +/** A `float` which represents an integer constant in the program. */ +private class IntegerConstantAsFloat extends float { + IntegerConstantAsFloat() { exists(ConstantIntegerExpr ce | this = ce.getValue().toFloat()) } +} + +/** + * Identifies which integral types from which type categories can represent a given integer constant + * in the program. + */ +pragma[nomagic] +private predicate isCandidateIntegralType( + EssentialTypeCategory cat, IntegralType it, IntegerConstantAsFloat c +) { + getEssentialTypeCategory(it) = cat and + c = any(ConstantIntegerExpr ce).getValue().toFloat() and + // As with range analysis, we assume two's complement representation + typeLowerBound(it) <= c and + typeUpperBound(it) >= c +} + /** * Gets the unsigned type of lowest rank that can represent the value of the given expression, * assuming that the expression is essentially unsigned. */ -private IntegralType utlr(Expr const) { +pragma[nomagic] +private IntegralType utlr(ConstantIntegerExpr const) { getEssentialTypeCategory(const.getType()) = EssentiallyUnsignedType() and - getEssentialTypeCategory(result) = EssentiallyUnsignedType() and - exists(float c | c = const.getValue().toFloat() | - // As with range analysis, we assume two's complement representation - typeLowerBound(result) <= c and - typeUpperBound(result) >= c and - forall(IntegralType it | - getEssentialTypeCategory(it) = EssentiallyUnsignedType() and - typeLowerBound(it) <= c and - typeUpperBound(it) >= c - | - result.getSize() <= it.getSize() - ) + result = utlr_c(const.getValue().toFloat()) +} + +/** + * Given an integer constant that appears in the program, gets the unsigned type of lowest rank + * that can hold it. + */ +pragma[nomagic] +private IntegralType utlr_c(IntegerConstantAsFloat c) { + isCandidateIntegralType(EssentiallyUnsignedType(), result, c) and + forall(IntegralType it | isCandidateIntegralType(EssentiallyUnsignedType(), it, c) | + result.getSize() <= it.getSize() ) } @@ -56,20 +93,21 @@ private IntegralType utlr(Expr const) { * Gets the signed type of lowest rank that can represent the value of the given expression, * assuming that the expression is essentially signed. */ -private IntegralType stlr(Expr const) { +pragma[nomagic] +private IntegralType stlr(ConstantIntegerExpr const) { getEssentialTypeCategory(const.getType()) = EssentiallySignedType() and - getEssentialTypeCategory(result) = EssentiallySignedType() and - exists(float c | c = const.getValue().toFloat() | - // As with range analysis, we assume two's complement representation - typeLowerBound(result) <= c and - typeUpperBound(result) >= c and - forall(IntegralType it | - getEssentialTypeCategory(it) = EssentiallySignedType() and - typeLowerBound(it) <= c and - typeUpperBound(it) >= c - | - result.getSize() <= it.getSize() - ) + result = stlr_c(const.getValue().toFloat()) +} + +/** + * Given an integer constant that appears in the program, gets the signed type of lowest rank + * that can hold it. + */ +pragma[nomagic] +private IntegralType stlr_c(IntegerConstantAsFloat c) { + isCandidateIntegralType(EssentiallySignedType(), result, c) and + forall(IntegralType it | isCandidateIntegralType(EssentiallySignedType(), it, c) | + result.getSize() <= it.getSize() ) } @@ -108,6 +146,7 @@ EssentialTypeCategory getEssentialTypeCategory(Type type) { /** * Gets the essential type of the given expression `e`, considering any explicit conversions. */ +pragma[nomagic] Type getEssentialType(Expr e) { if e.hasExplicitConversion() then diff --git a/c/misra/src/qlpack.yml b/c/misra/src/qlpack.yml index 7599858679..d05a95b63e 100644 --- a/c/misra/src/qlpack.yml +++ b/c/misra/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/misra-c-coding-standards -version: 2.15.0 +version: 2.15.1 description: MISRA C 2012 suites: codeql-suites license: MIT diff --git a/c/misra/src/rules/RULE-10-5/InappropriateEssentialTypeCast.ql b/c/misra/src/rules/RULE-10-5/InappropriateEssentialTypeCast.ql index 10d54c4fff..1ff8374e97 100644 --- a/c/misra/src/rules/RULE-10-5/InappropriateEssentialTypeCast.ql +++ b/c/misra/src/rules/RULE-10-5/InappropriateEssentialTypeCast.ql @@ -49,16 +49,23 @@ predicate isIncompatibleEssentialTypeCast(EssentialTypeCategory fromCat, Essenti ] } +predicate isCastTypes( + Cast c, Type essentialFromType, Type essentialToType, EssentialTypeCategory fromCategory, + EssentialTypeCategory toCategory +) { + essentialFromType = getEssentialTypeBeforeConversions(c.getExpr()) and + essentialToType = c.getType() and + fromCategory = getEssentialTypeCategory(essentialFromType) and + toCategory = getEssentialTypeCategory(essentialToType) +} + from Cast c, Type essentialFromType, Type essentialToType, EssentialTypeCategory fromCategory, EssentialTypeCategory toCategory, string message where not isExcluded(c, EssentialTypesPackage::inappropriateEssentialTypeCastQuery()) and not c.isImplicit() and - essentialFromType = getEssentialTypeBeforeConversions(c.getExpr()) and - essentialToType = c.getType() and - fromCategory = getEssentialTypeCategory(essentialFromType) and - toCategory = getEssentialTypeCategory(essentialToType) and + isCastTypes(c, essentialFromType, essentialToType, fromCategory, toCategory) and isIncompatibleEssentialTypeCast(fromCategory, toCategory) and ( if fromCategory = EssentiallyEnumType() and toCategory = EssentiallyEnumType() diff --git a/c/misra/test/qlpack.yml b/c/misra/test/qlpack.yml index 19ce15363f..3f7ed31588 100644 --- a/c/misra/test/qlpack.yml +++ b/c/misra/test/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/misra-c-coding-standards-tests -version: 2.15.0 +version: 2.15.1 extractor: cpp license: MIT dependencies: diff --git a/change_notes/2023-03-16-essential-types-performance.md b/change_notes/2023-03-16-essential-types-performance.md new file mode 100644 index 0000000000..115c162e89 --- /dev/null +++ b/change_notes/2023-03-16-essential-types-performance.md @@ -0,0 +1,12 @@ + * The performance of the following queries related to essential types have been improved: + * `Rule 10.1` + * `Rule 10.2` + * `Rule 10.3` + * `Rule 10.4` + * `Rule 10.5` + * `Rule 10.6` + * `Rule 10.7` + * `Rule 10.8` + * `Rule 14.1` + * `Rule 21.14` + * `Rule 21.16` \ No newline at end of file diff --git a/cpp/autosar/src/qlpack.yml b/cpp/autosar/src/qlpack.yml index 378d6b4dad..5632893bcc 100644 --- a/cpp/autosar/src/qlpack.yml +++ b/cpp/autosar/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/autosar-cpp-coding-standards -version: 2.15.0 +version: 2.15.1 description: AUTOSAR C++14 Guidelines 20-11 suites: codeql-suites license: MIT diff --git a/cpp/autosar/test/qlpack.yml b/cpp/autosar/test/qlpack.yml index 874b5cb7b2..71dde260c1 100644 --- a/cpp/autosar/test/qlpack.yml +++ b/cpp/autosar/test/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/autosar-cpp-coding-standards-tests -version: 2.15.0 +version: 2.15.1 extractor: cpp license: MIT dependencies: diff --git a/cpp/cert/src/qlpack.yml b/cpp/cert/src/qlpack.yml index b96cc31cb2..723b67ca7a 100644 --- a/cpp/cert/src/qlpack.yml +++ b/cpp/cert/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cert-cpp-coding-standards -version: 2.15.0 +version: 2.15.1 description: CERT C++ 2016 suites: codeql-suites license: MIT diff --git a/cpp/cert/test/qlpack.yml b/cpp/cert/test/qlpack.yml index 743ebe3d42..ca0c308a9a 100644 --- a/cpp/cert/test/qlpack.yml +++ b/cpp/cert/test/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cert-cpp-coding-standards-tests -version: 2.15.0 +version: 2.15.1 extractor: cpp license: MIT dependencies: diff --git a/cpp/common/src/qlpack.yml b/cpp/common/src/qlpack.yml index d38ba93dc4..de29fe4115 100644 --- a/cpp/common/src/qlpack.yml +++ b/cpp/common/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/common-cpp-coding-standards -version: 2.15.0 +version: 2.15.1 license: MIT dependencies: codeql/cpp-all: 0.3.5 diff --git a/cpp/common/test/qlpack.yml b/cpp/common/test/qlpack.yml index 3b83e9e385..57f59f7bc6 100644 --- a/cpp/common/test/qlpack.yml +++ b/cpp/common/test/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/common-cpp-coding-standards-tests -version: 2.15.0 +version: 2.15.1 extractor: cpp license: MIT dependencies: diff --git a/cpp/misra/src/qlpack.yml b/cpp/misra/src/qlpack.yml index c3d9730438..51961339a3 100644 --- a/cpp/misra/src/qlpack.yml +++ b/cpp/misra/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/misra-cpp-coding-standards -version: 2.15.0 +version: 2.15.1 description: MISRA C++ 2008 suites: codeql-suites license: MIT diff --git a/cpp/misra/test/qlpack.yml b/cpp/misra/test/qlpack.yml index 2020e6c4d6..9c6b0868e7 100644 --- a/cpp/misra/test/qlpack.yml +++ b/cpp/misra/test/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/misra-cpp-coding-standards-tests -version: 2.15.0 +version: 2.15.1 extractor: cpp license: MIT dependencies: diff --git a/cpp/report/src/qlpack.yml b/cpp/report/src/qlpack.yml index 7d46724e46..ac8b7a364f 100644 --- a/cpp/report/src/qlpack.yml +++ b/cpp/report/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/report-cpp-coding-standards -version: 2.15.0 +version: 2.15.1 license: MIT dependencies: codeql/cpp-all: 0.3.5 diff --git a/docs/user_manual.md b/docs/user_manual.md index c8cfc9793e..c8472fca11 100644 --- a/docs/user_manual.md +++ b/docs/user_manual.md @@ -26,10 +26,10 @@ This user manual documents release `2.10.0` of the coding standards located at https://github.com/github/codeql-coding-standards/releases/tag/v2.10.0 . The release page documents the release notes and contains the following artifacts part of the release: -- `code-scanning-cpp-query-pack-anon-2.15.0.zip`: coding standard queries and scripts to be used with GitHub Code Scanning or the CodeQL CLI as documented in the section _Operating manual_. -- `supported_rules_list_2.15.0.csv`: A Comma Separated File (CSV) containing the supported rules per standard and the queries that implement the rule. +- `code-scanning-cpp-query-pack-anon-2.15.1.zip`: coding standard queries and scripts to be used with GitHub Code Scanning or the CodeQL CLI as documented in the section _Operating manual_. +- `supported_rules_list_2.15.1.csv`: A Comma Separated File (CSV) containing the supported rules per standard and the queries that implement the rule. - `upported_rules_list_2.15.0-dev.md`: A Markdown formatted file with a table containing the supported rules per standard and the queries that implement the rule. -- `user_manual_2.15.0.md`: This user manual. +- `user_manual_2.15.1.md`: This user manual. - `Source Code (zip)`: A zip archive containing the contents of https://github.com/github/codeql-coding-standards - `Source Code (tar.gz)`: A GZip compressed tar archive containing the contents of https://github.com/github/codeql-coding-standards - `checksums.txt`: A text file containing sha256 checksums for the aforementioned artifacts. @@ -457,7 +457,7 @@ This section describes known failure modes for "CodeQL Coding Standards" and des | | Ouf of space | Less output. Some files may be only be partially analyzed, or not analyzed at all. | Error reported on the command line. | Increase space. If it remains an issue report space consumption issues via the CodeQL Coding Standards [bug tracker](https://github.com/github/codeql-coding-standards/issues). | | | False positives | More output. Results are reported which are not violations of the guidelines. | All reported results must be reviewed. | Report false positive issues via the CodeQL Coding Standards [bug tracker](https://github.com/github/codeql-coding-standards/issues). | | | False negatives | Less output. Violations of the guidelines are not reported. | Other validation and verification processes during software development should be used to complement the analysis performed by CodeQL Coding Standards. | Report false negative issues via the CodeQL Coding Standards [bug tracker](https://github.com/github/codeql-coding-standards/issues). | -| | Modifying coding standard suite | More or less output. If queries are added to the query set more result can be reported. If queries are removed less results might be reported. | All queries supported by the CodeQL Coding Standards are listed in the release artifacts `supported_rules_list_2.15.0.csv` where VERSION is replaced with the used release. The rules in the resulting Sarif file must be cross-referenced with the expected rules in this list to determine the validity of the used CodeQL suite. | Ensure that the CodeQL Coding Standards are not modified in ways that are not documented as supported modifications. | +| | Modifying coding standard suite | More or less output. If queries are added to the query set more result can be reported. If queries are removed less results might be reported. | All queries supported by the CodeQL Coding Standards are listed in the release artifacts `supported_rules_list_2.15.1.csv` where VERSION is replaced with the used release. The rules in the resulting Sarif file must be cross-referenced with the expected rules in this list to determine the validity of the used CodeQL suite. | Ensure that the CodeQL Coding Standards are not modified in ways that are not documented as supported modifications. | | | Incorrect deviation record specification | More output. Results are reported for guidelines for which a deviation is assigned. | Analysis integrity report lists all deviations and incorrectly specified deviation records with a reason. Ensure that all deviation records are correctly specified. | Ensure that the deviation record is specified according to the specification in the user manual. | | | Incorrect deviation permit specification | More output. Results are reported for guidelines for which a deviation is assigned. | Analysis integrity report lists all deviations and incorrectly specified deviation permits with a reason. Ensure that all deviation permits are correctly specified. | Ensure that the deviation record is specified according to the specification in the user manual. | | | Unapproved use of a deviation record | Less output. Results for guideline violations are not reported. | Validate that the deviation record use is approved by verifying the approved-by attribute of the deviation record specification. | Ensure that each raised deviation record is approved by an independent approver through an auditable process. |