Skip to content

v2.43.0
Compare
Choose a tag to compare
@github-actions github-actions released this 24 Mar 18:30
v2.43.0
cf2b300
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Release summary

  • New queries added for the following rule packages: Declarations9, SideEffects3
  • The following changes have been made for this release:
    • RULE-11-3 - CastBetweenObjectPointerAndDifferentObjectType.ql
      • Constrain exception that pointer types to may be cast to char types, so that it does not apply to atomic pointer types, in compliance with MISRA-C 2012 Amendment 4.
    • RULE-11-8 - CastRemovesConstOrVolatileQualification.ql
      • Query expanded to detect cases of removing _Atomic qualification, in compliance with MISRA-C 2012 Amendment 4.
    • EXP33-C, RULE-9-1, A8-5-0, EXP53-CPP - DoNotReadUninitializedMemory.ql, ObjectWithAutoStorageDurationReadBeforeInit.ql, MemoryNotInitializedBeforeItIsRead.ql, DoNotReadUninitializedMemory.ql
      • Atomic local variables excluded from query results, in compliance with MISRA-C 2012 Amendment 4, and to reduce false positives in the other standards.
    • RULE-13-2 - UnsequencedAtomicReads.ql
      • New query to find expressions which read an atomic variable more than once between sequence points, to address new case from MISRA-C 2012 Amendment 4.
    • RULE-3-1 - CharacterSequencesAndUsedWithinAComment.ql
      • Add exception allowing URLs inside of cpp-style /* ... */ comments, in compliance with MISRA-C 2012 Amendment 4.
      • No longer report cases of //*some comment in this rule.
    • A new in code deviation format has been introduced, using the C/C++ attribute syntax: 
      [[codeql::<standard>_deviation("<code-identifier>")]]
      This can be applied to functions, statements and variables to apply a deviation from the Coding Standards configuration file. The user manual has been updated to describe the new format.
    • For those codebases that cannot use standard attributes, we have also introduced a comment based syntax 
      // codeql::<standard>_deviation(<code-identifier>)
// codeql::<standard>_deviation_next_line(<code-identifier>)
// codeql::<standard>_deviation_begin(<code-identifier>)
// codeql::<standard>_deviation_end(<code-identifier>)
      Further information is available in the user manual.
    • RULE-8-7 - ShouldNotBeDefinedWithExternalLinkage.ql:
      • Remove false positives where the declaration is not defined in the database.
      • Remove false positives where the definition and reference are in different translation units.
      • Remove false positives where the reference occurs in a header file.
    • RULE-8-3 - DeclarationsOfAFunctionSameNameAndType.ql:
      • Implement new exception, unnamed parameters are not covered by this rule.
    • RULE-10-2 - AdditionSubtractionOnEssentiallyCharType.ql:
      • Disallow + and - operations with an essentially char type and other types larger than int type.
      • Note, this change affects the essential type of such expressions, which may affect other essential types rules.
    • RULE-18-1, M5-0-16 - PointerAndDerivedPointerMustAddressSameArray.ql, PointerAndDerivedPointerAccessDifferentArray.ql:
      • Treat casts to byte pointers as pointers to arrays of the size of the pointed-to type.
      • Fix typo in report message, "passed" replaced with "past."
      • Suppress results where range analysis appears potentially unreliable.
    • RULE-21-10, RULE-25-5-3, ENV34-C - CallToSetlocaleInvalidatesOldPointers.ql, CallToSetlocaleInvalidatesOldPointersMisra.ql, DoNotStorePointersReturnedByEnvFunctions.ql:
      • Report usage of returned pointers from asctime, ctime, during a call to either of the former.
      • Report usage of returned pointers from gmtime, localtime, during a call to either of the former.

Supported versions

  • The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
  • The Code Scanning pack is supported when:
    • Using the CodeQL CLI version 2.19.4 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.19.4.
    • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.19.4.

Appendix: MISRA-C-2012 new queries

New queries added to cover the following rules:

  • RULE-11-10 - AtomicQualifierAppliedToVoid.ql
  • RULE-13-2 - UnsequencedAtomicReads.ql
Assets 9
Loading
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy