Releases: github/codeql-coding-standards
v2.40.0
Release summary
- New queries added for the following rule packages: Contracts
- The following changes have been made for this release:
M0-3-2
- the alert messages now include the name of the called function.
A3-1-5
-TrivialOrTemplateFunctionDefinedOutsideClassDefinition.ql
:- Query deleted - rule was never intended to cover this case (see https://forum.misra.org.uk/archive/index.php?thread-1588.html).
A3-1-5
-NonTrivialNonTemplateFunctionDefinedInsideClassDefinition.ql
:- Removed false positives caused by flagging member functions in template instantiations
STR34-C
-CastCharBeforeConvertingToLargerSizes.ql
:- Fixes #576. Do not consider integer type aliases in templates.
A3-9-1
-VariableWidthIntegerTypesUsed.ql
:- Reduce false positives by not considering variables from template instantiations.
Supported versions
- The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
- The Code Scanning pack is supported when:
- Using the CodeQL CLI version
2.18.4
in conjunction with a copy of the CodeQL standard library for C++ (github/codeql
) set to the tagcodeql-cli/v2.18.4
. - Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.18.4.
- Using the CodeQL CLI version
Appendix: MISRA-C-2012 new queries
New queries added to cover the following rules:
- DIR-4-7 -
FunctionErrorInformationUntested.ql
- DIR-4-11 -
CheckMathLibraryFunctionParameters.ql
Appendix: CERT-C new queries
New queries added to cover the following rules:
- MSC40-C -
DoNotViolateInLineLinkageConstraints.ql
v2.39.0
Release summary
- New queries added for the following rule packages: Alignment, InvalidMemory3
- The following changes have been made for this release:
RULE-18-8
-VariableLengthArrayTypesUsed.ql
:- Implement changes declared in MISRA C 2012 Amendment 4. This rule now only bans the use of VLA objects. Rules restricting the use of VLA types -- specifically, pointers to VLA types -- are now implemented in
RULE-18-10
.
- Implement changes declared in MISRA C 2012 Amendment 4. This rule now only bans the use of VLA objects. Rules restricting the use of VLA types -- specifically, pointers to VLA types -- are now implemented in
EXP-35-C
-DoNotModifyObjectsWithTemporaryLifetime.ql
- Refactor component into a shared library, should not have any effect on rule results.
M5-0-3
,M5-0-7
,M5-0-8
,M5-0-9
-CvalueExpressionConvertedToDifferentUnderlyingType.ql
,ExplicitFloatingIntegralConversionOfACValueExpr.ql
,ExplicitWideningConversionOfACValueExpr.ql
,ExplicitSignedness.ql
:- Reduce false positives from misidentifying an explicitly casted expression used as a function argument or return value as a
cvalue
.
- Reduce false positives from misidentifying an explicitly casted expression used as a function argument or return value as a
A7-1-2
-VariableMissingConstexpr.ql
:- Do not report on member variables if the class has un-instantiated member function(s).
- Check a call's qualifier as well whether it can be compile time evaluated or not.
A13-3-1
-FunctionThatContainsForwardingReferenceAsItsArgumentOverloaded.ql
:- Reduce false positives by explicitly checking that the locations of overloaded functions are different.
- Updated the CodeQL version to
2.18.4
. A12-8-6
-CopyAndMoveNotDeclaredProtected.ql
:- Implicitly created copy and move constructors will no longer be flagged in tenplate instantiations when they are unused, or trivial (tracked at #811).
A2-10-1
-IdentifierHiding.ql
:- Improved evaluation performance.
- Addressed false negatives where nested loops used the same variable name.
- Exclude cases where a variable declared in a lambda expression shadowed a global or namespace variable that did not appear in the same translation unit.
RULE-5-3
-IdentifierHidingC.ql
:- Improved evaluation performance.
- Addressed false negatives where nested loops used the same variable name.
Supported versions
- The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
- The Code Scanning pack is supported when:
- Using the CodeQL CLI version
2.18.4
in conjunction with a copy of the CodeQL standard library for C++ (github/codeql
) set to the tagcodeql-cli/v2.18.4
. - Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.18.4.
- Using the CodeQL CLI version
Appendix: MISRA-C-2012 new queries
New queries added to cover the following rules:
- RULE-8-15 -
RedeclarationOfObjectWithoutAlignment.ql
,RedeclarationOfObjectWithUnmatchedAlignment.ql
- RULE-8-16 -
AlignmentWithSizeZero.ql
- RULE-8-17 -
MoreThanOneAlignmentSpecifierOnDeclaration.ql
- RULE-18-9 -
ArrayToPointerConversionOfTemporaryObject.ql
,ModifiableLValueSubscriptedWithTemporaryLifetime.ql
- RULE-18-10 -
PointersToVariablyModifiedArrayTypesUsed.ql
v2.38.0
Release summary
- New queries added for the following rule packages: Language4
- The following changes have been made for this release:
M6-5-3
-Loops.qll
:- Fixes #755. Specifies that the access to the loop counter must be via non-const address.
A7-1-7
-IdentifierDeclarationAndInitializationNotOnSeparateLines.ql
- Fixes #629. Adds brackets, excluding expressions statements in macros.
Supported versions
- The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
- The Code Scanning pack is supported when:
- Using the CodeQL CLI version
2.16.6
in conjunction with a copy of the CodeQL standard library for C++ (github/codeql
) set to the tagcodeql-cli/v2.16.6
. - Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.16.6.
- Using the CodeQL CLI version
Appendix: MISRA-C-2012 new queries
New queries added to cover the following rules:
- RULE-1-5 -
MissingStaticSpecifierFuncRedeclarationObsolete.ql
,MissingStaticSpecifierObjectRedeclarationObsolete.ql
,FunctionTypesNotInPrototypeFormObsolete.ql
,UseOfObsoleteMacroAtomicVarInit.ql
,InvalidDefineOrUndefOfStdBoolMacro.ql
,CallToObsolescentFunctionGets.ql
,UngetcCallOnStreamPositionZero.ql
,SizeInReallocCallMayBeZero.ql
,SizeInReallocCallIsZero.ql
v2.37.1
Release summary
- The performance of the following queries have been improved:
DCL40-C
RULE-5-1
RULE-8-3
RULE-8-4
MSC39-C
Supported versions
- The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
- The Code Scanning pack is supported when:
- Using the CodeQL CLI version
2.16.6
in conjunction with a copy of the CodeQL standard library for C++ (github/codeql
) set to the tagcodeql-cli/v2.16.6
. - Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.16.6.
- Using the CodeQL CLI version
v2.37.0
Release summary
- No new queries were added for this release
- The following changes have been made for this release:
A13-3-1
-FunctionThatContainsForwardingReferenceAsItsArgumentOverloaded.ql
:- Fixes #406. Exclude detection of overloaded implicit copy/move constructors.
- Updated the CodeQL version to
2.16.6
. M0-1-2
-InfeasiblePath.ql
:- This query may now report additional results within templates where a relational operation is performed which has a constant value given the specified arguments.
A5-2-6
-OperandsOfAlogicalAndOrNotParenthesized.ql
:- Remove false positives where the operator is identical.
- Improve alert message to clarify which expression needs to be parenthesized.
5.13.4
-UnsignedLiteralsNotAppropriatelySuffixed.ql
:- Expand detection to binary literals.
M2-13-3
-MissingUSuffix.ql
:- Expand detection to binary literals.
A12-1-1
,RULE-15-1-2
-InitializeAllVirtualBaseClasses.ql
,ExplicitConstructorBaseClassInitialization.ql
:- Remove false positives for deleted member functions.
RULE-8-13
-PointerShouldPointToConstTypeWhenPossible.ql
- Exclude false positives where a variable occurs in a file compiled multiple times, but where it may only be const in some of those scenarios.
- Exclude results for local scope variables in functions that use assembly code, as CodeQL cannot determine the impact of the assembly.
- Exclude false positives when an assignment is made to a struct field.
- Exclude false positives where the object pointed to by the variable is modified using
*p++ = ...
. - Exclude false positives for functions without bodies.
- Rules that rely on the determination of side-effects of an expression may change as a result of considering
*p++ = ...
as having a side-effect onp
. RULE-1-3
-OccurrenceOfUndefinedBehavior.ql
:- Improve alert message to report the undefined behavior triggered.
- Address both false positives and false negatives in identifying standard compliant main methods. Previously,
void main()
was considered permitted andint main(void)
banned. In addition, we now detect main methods as standard compliant if they use typedefs, and if arrays are used in the definition ofargv
.
RULE-5-4
-MacroIdentifiersNotDistinct.ql
:- Exclude false positives related to conditional compilation, where a macro may be defined twice, but not within the same compilation.
- Improve alert message in the case the 63 char limit is not relevant by using the form "Definition of macro
<MACRO_NAME>
is not distinct from alternative definition of<MACRO_NAME>
in<relative_file_path>
.
RULE-2-5
-UnusedMacroDeclaration.ql
:- Exclude false positives where a macro was used before definition, for example a header guard.
- Modifications to the release artifacts:
- New CodeQL pack release artifacts have been created. These release artifacts can be downloaded from the release, and will be published to the GitHub registry under the
codeql
org for ease of deployment. - The user manual has been updated to describe how to use the CodeQL packs.
- New CodeQL pack release artifacts have been created. These release artifacts can be downloaded from the release, and will be published to the GitHub registry under the
- We no longer require a separate download of the CodeQL Standard Library for C++ - all queries have been pre-compiled and linked with the appropriate standard library.
Supported versions
- The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
- The Code Scanning pack is supported when:
- Using the CodeQL CLI version
2.16.6
in conjunction with a copy of the CodeQL standard library for C++ (github/codeql
) set to the tagcodeql-cli/v2.16.6
. - Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.16.6.
- Using the CodeQL CLI version
v2.36.0
Release summary
- New queries added for the following rule packages: Banned2, BitfieldTypes2, FunctionTypes, NoReturn, Types2, DeadCode
- The following changes have been made for this release:
RULE-1-2
-LanguageExtensionsShouldNotBeUsed.ql
:- Improve reporting by describing which language extensions are used.
- Improve reporting by aggregating results generated from a macro expansion at the generating macro location.
- Reduce false positives for the variable length array check by permitting those extensions which are included in the C99 standard.
M0-1-9
-DeadCode.ql
- Remove false positives for statements where the enclosing function is compiled multiple times, either as part of different targets or a different template instantiations. Previously we would see false positives where a statement was dead in one instance of the code, but not other instances. We now only consider a statement dead if it is dead in all instances of that code.
RULE-2-2
-DeadCode.ql
:- Query has been rewritten to report only operations that are considered dead, not statements. This should reduce false positives.
- Remove false positives for operations where the enclosing function is compiled multiple times, either as part of different targets or a different template instantiations. Previously we would see false positives where a operation was dead in one instance of the code, but not other instances. We now only consider a operation dead if it is dead in all instances of that code.
A7-6-1
,MSC53-CPP
,RULE-9-6-4
-FunctionNoReturnAttbrituteCondition.qll
- Analysis expanded from functions with "noreturn" attribute, now includes the "noreturn" specifier as well to handle new c rules. No difference in C++ results expected.
- Exclude compiler generated functions from being reported.
RULE-10-7
-ImplicitConversionOfCompositeExpression.ql
:- Improved performance on larger codebases.
SIG31-C
-DoNotAccessSharedObjectsInSignalHandlers.ql
:- Improved performance on larger codebases.
M0-1-10
-UnusedFunction.ql
:- Fixes #711. Excludes constexpr functions, considers functions from GoogleTest as an EntryPoint and does not consider special member functions. Another query called UnusedSplMemberFunction.ql is created that reports unused special member functions. This is done so as to enable deviations to be applied to this case.
- The following query suites have been added or modified for MISRA C:
- A new query suite has been created
misra-c-default.qls
to avoid confusion with the MISRA C++ query suites. Themisra-default.qls
suite has been deprecated, and will be removed in a future releases, and is replaced by themisra-c-default.qls
suite.- The
misra-c-default.qls
suite has been specified as the default for the pack, and will include our most up-to-date coverage for MISRA C.
- The
- A new query suite
misra-c-2012-third-edition-with-amendment-2.qls
has been created to represent our previous MISRA C coverage. Note: this query suite will run the rules that were present in MISRA C 2012, Third Edition, First Revision and Amendment 2. The interpretation of those rules may be updated to reflect changes in more recent MISRA standards. - Three new query suites,
misra-c-mandatory.qls
,misra-c-required.qls
andmisra-c-advisory.qls
, have been added to enable running mandatory, required or advisory queries.
- A new query suite has been created
- The following query suites have been added or modified for MISRA C++:
- A new query suite has been created
misra-cpp-default.qls
to avoid confusion with the MISRA C query suites. Themisra-default.qls
suite has been deprecated, and will be removed in a future releases, and is replaced by themisra-cpp-default.qls
suite.- The
misra-cpp-default.qls
suite has been specified as the default for the pack, and will include our most up-to-date coverage for MISRA C.
- The
- A new query suite has been created
misra-cpp-single-translation-unit.qls
to avoid confusion with the MISRA C query suites. Themisra-single-translation-unit.qls
suite has been deprecated, and will be removed in a future releases, and is replaced by themisra-cpp-single-translation-unit.qls
suite. - Three new query suites,
misra-cpp-mandatory.qls
,misra-c-required.qls
andmisra-c-advisory.qls
, have been added to enable running mandatory, required or advisory queries.
- A new query suite has been created
A0-1-1
-UselessAssignments.qll
:- Remove (dead code) useless assignment false positive when integer constant expression is used to define the size of an array.
- Updated the CodeQL version to
2.15.5
. RULE-11-3
,RULE-11-4
,RULE-11-5
,RULE-11-7
-CastBetweenObjectPointerAndDifferentObjectType.ql
,ConversionBetweenPointerToObjectAndIntegerType.ql
,ConversionFromPointerToVoidIntoPointerToObject.ql
,CastBetweenPointerToObjectAndNonIntArithmeticType.ql
:- Removed false positives where casts involved a specified void type pointer, e.g.
const void*
, which should not be considered as a pointer to object.
- Removed false positives where casts involved a specified void type pointer, e.g.
RULE-11-5
-ConversionFromPointerToVoidIntoPointerToObject.ql
:- Addressed false negatives where the pointer-to-void was specified.
A7-1-3
-CvQualifiersNotPlacedOnTheRightHandSide.ql
:- Removed false positives where a correctly CV-qualified typedef variable type was also referenced in the initializer.
A14-5-2
-NonTemplateMemberDefinedInTemplate.ql
- Fixes #739. Correctly detect template parameters specified in using alias base types, e.g.
using T1 = some_type<T>::Type;
.
- Fixes #739. Correctly detect template parameters specified in using alias base types, e.g.
RULE-10-4
-OperandswithMismatchedEssentialTypeCategory.ql
:- Removed false positives where a specified or typedef'd enum type was compared to an enum constant type.
EssentialType
- for all queries related to essential types:\n
and other control characters are now correctly deduced as essentially char type, instead of an essentially integer type.- Enum constants for anonymous enums are now correctly deduced as an essentially signed integer type instead of essentially enum.
Supported versions
- The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
- The Code Scanning pack is supported when:
- Using the CodeQL CLI version
2.15.5
in conjunction with a copy of the CodeQL standard library for C++ (github/codeql
) set to the tagcodeql-cli/v2.15.5
. - Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.15.5.
- Using the CodeQL CLI version
Appendix: AUTOSAR new queries
New queries added to cover the following rules:
- M0-1-10 -
UnusedSplMemberFunction.ql
Appendix: MISRA-C-2012 new queries
New queries added to cover the following rules:
- RULE-6-3 -
BitFieldDeclaredAsMemberOfAUnion.ql
- RULE-7-5 -
InvalidIntegerConstantMacroArgument.ql
,InvalidLiteralForIntegerConstantMacroArgument.ql
,IntegerConstantMacroArgumentUsesSuffix.ql
,IncorrectlySizedIntegerConstantMacroArgument.ql
- RULE-7-6 -
UseOfBannedSmallIntegerConstantMacro.ql
- RULE-17-9 -
ReturnStatementInNoreturnFunction.ql
- RULE-17-10 -
NonVoidReturnTypeOfNoreturnFunction.ql
- RULE-17-11 -
FunctionWithNoReturningBranchShouldBeNoreturn.ql
- RULE-17-12 -
FunctionAddressesShouldAddressOperator.ql
- RULE-21-24 -
CallToBannedRandomFunction.ql
v2.35.0
Release summary
-
No new queries were added for this release
-
The following changes have been made for this release:
RULE-11-1
-ConversionBetweenFunctionPointerAndOtherType.ql
:- Fixed issue #331 - consider
0
a null pointer constant.
- Fixed issue #331 - consider
RULE-11-4
-ConversionBetweenPointerToObjectAndIntegerType.ql
:- Fixed issue #331 - consider
0
a null pointer constant. - Improve reporting of the order of the cast and the actual types involved.
- Improve reporting where the result is expanded from a macro by either reporting the macro itself (if it is not dependent on the context) or by including a link to the macro in the alert message.
- Fixed issue #331 - consider
RULE-11-5
-ConversionFromPointerToVoidIntoPointerToObject.ql
:- Fixed issue #331 - consider
0
a null pointer constant.
- Fixed issue #331 - consider
RULE-11-6
-CastBetweenPointerToVoidAndArithmeticType.ql
:- Fixed issue #331 - accept integer constant expressions with value
0
instead of null pointer constants.
- Fixed issue #331 - accept integer constant expressions with value
RULE-11-9
-MacroNullNotUsedAsIntegerNullPointerConstant.ql
:- Remove false positives in branches of ternary expressions, where
0
was used correctly.
- Remove false positives in branches of ternary expressions, where
-
A2-7-3
-UndocumentedUserDefinedType.ql
:- Fixes #606. Fix false positive relating to friend functions in template classes.
-
M0-1-3
-UnusedLocalVariable.ql
:- Fixes #658. Considers usage of const/constexpr variables in array size and function parameters that are used in arguments of template functions.
-
RULE-12-2
-RightHandOperandOfAShiftRange.ql
:- Reduce false positives related to ranges determined by
%=
. - Reduce false positives for integer constants with explicit size suffix were incorrectly identified as smaller types.
- Improve explanation of results, providing additional information on types and size ranges.
- Combine results stemming from the expansion of a macro, where the result is not dependent on the context.
- Reduce false positives related to ranges determined by
-
RULE-5-8
-IdentifiersWithExternalLinkageNotUnique.ql
- Remove false positives where conflicting declarations do not appear in the same link target.
-
RULE-10-1
-OperandsOfAnInappropriateEssentialType.ql
- Reduce false negatives by supporting operands to the
~
operator with the incorrect essential type. - Reduce false positives by identifying the essential type of
!<expr>
as essentially boolean type. - Improve clarity reporting by reporting the violating operand, instead of the operator, and addressing message typos.
- Reduce false negatives by supporting operands to the
-
M0-1-9
-DeadCode.qll
:- Fixes #678. Remove dead code false positive when integer constant expression is used to define the size of an array.
-
RULE-8-3
-DeclarationsOfAnObjectSameNameAndType.ql
- Remove false positives where two conflicting declarations are never linked together.
-
M3-4-1
-UnnecessaryExposedIdentifierDeclarationShared.qll
:- Fixes #665. Exclude variables that are constexpr and coming from template instantiations.
-
RULE-7-2
-UOrUSuffixRepresentedInUnsignedType.ql
- Remove false positives where integer constants are generated from macros.
- Remove false positives where a signed integer is implicitly converted to unsigned, which is permitted by the standard.
-
A1-1-2
-CompilerWarningLevelNotInCompliance.ql
:- Report non-compliance for compilations that use the error-suppressing
-w
flag.
- Report non-compliance for compilations that use the error-suppressing
Supported versions
- The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
- The Code Scanning pack is supported when:
- Using the CodeQL CLI version
2.14.6
in conjunction with a copy of the CodeQL standard library for C++ (github/codeql
) set to the tagcodeql-cli/v2.14.6
. - Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.14.6.
- Using the CodeQL CLI version
v2.34.0
Release summary
- New queries added for the following rule packages: Representation
- The following changes have been made for this release:
M0-2-1
-DoNotPassAliasedPointerToRestrictQualifiedParam.ql
:- Fixes #119. Adds shared query to cover missing detection of overlapping arrays or pointers in specific list of functions that list undefined behaviour when their parameters overlap.
Supported versions
- The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
- The Code Scanning pack is supported when:
- Using the CodeQL CLI version
2.14.6
in conjunction with a copy of the CodeQL standard library for C++ (github/codeql
) set to the tagcodeql-cli/v2.14.6
. - Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.14.6.
- Using the CodeQL CLI version
Appendix: AUTOSAR new queries
New queries added to cover the following rules:
- M0-2-1 -
DoNotPassAliasedPointerToParam.ql
v2.33.0
Release summary
- New queries added for the following rule packages: ImportMisra23
- The following changes have been made for this release:
A7-2-1
- fix typo in some alert messages.
MISRA C++ 2023
:- Extend the project structure and provide initial support for query writing.
A2-7-3
-UndocumentedUserDefinedType.ql
:- Fixes #391. Declarations for which a Doxygen comment group provides documentation will no longer produce results.
M0-1-10
-EncapsulatingFunctions.qll
:- Fixes #646. Consider typedef'd
int
return types formain()
function as MainFunction.
- Fixes #646. Consider typedef'd
PRE32-C
-MacroOrFunctionArgsContainHashToken.ql
:- Fixes #650. Correctly identifies presence of preprocessor directives in function calls.
Supported versions
- The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
- The Code Scanning pack is supported when:
- Using the CodeQL CLI version
2.14.6
in conjunction with a copy of the CodeQL standard library for C++ (github/codeql
) set to the tagcodeql-cli/v2.14.6
. - Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.14.6.
- Using the CodeQL CLI version
Appendix: MISRA-C++-2023 new queries
New queries added to cover the following rules:
- DIR-5-7-2 -
SectionsOfCodeShouldNotBeCommentedOut.ql
- DIR-15-8-1 -
CopyAndMoveAssignmentsShallHandleSelfAssignment.ql
- RULE-5-7-1 -
CharacterSequenceUsedWithinACStyleComment.ql
- RULE-5-7-3 -
LineSplicingUsedInComments.ql
- RULE-5-13-1 -
BackslashCharacterMisuse.ql
- RULE-5-13-2 -
NonTerminatedEscapeSequences.ql
- RULE-5-13-3 -
OctalConstantsUsed.ql
- RULE-5-13-4 -
UnsignedIntegerLiteralsNotAppropriatelySuffixed.ql
- RULE-5-13-5 -
LowercaseLStartsInLiteralSuffix.ql
- RULE-6-0-3 -
GlobalNamespaceDeclarations.ql
- RULE-6-0-4 -
NonGlobalFunctionMain.ql
- RULE-6-2-1 -
OneDefinitionRuleViolated.ql
- RULE-6-4-1 -
VariableDeclaredInInnerScopeHidesOuterScope.ql
- RULE-6-4-2 -
InheritedNonOverridableMemberFunction.ql
,InheritedOverridableMemberFunction.ql
,DefinitionShallBeConsideredForUnqualifiedLookup.ql
- RULE-6-4-3 -
NameShallBeReferredUsingAQualifiedIdOrThis.ql
,NameShallBeReferredUsingAQualifiedIdOrThisAudit.ql
- RULE-6-8-1 -
ObjectAccessedBeforeLifetimeMisra.ql
,ObjectAccessedAfterLifetimeMisra.ql
- RULE-6-8-2 -
ReturnReferenceOrPointerToAutomaticLocalVariable.ql
- RULE-7-11-1 -
NullptrNotTheOnlyFormOfTheNullPointerConstant.ql
- RULE-7-11-2 -
ArrayPassedAsFunctionArgumentDecayToAPointer.ql
- RULE-8-2-3 -
CastRemovesConstOrVolatileFromPointerOrReference.ql
- RULE-8-2-4 -
CastsBetweenAPointerToFunctionAndAnyOtherType.ql
- RULE-8-2-5 -
ReinterpretCastShallNotBeUsed.ql
- RULE-8-2-10 -
FunctionsCallThemselvesEitherDirectlyOrIndirectly.ql
- RULE-8-3-1 -
BuiltInUnaryOperatorAppliedToUnsignedExpression.ql
- RULE-8-18-2 -
ResultOfAnAssignmentOperatorShouldNotBeUsed.ql
- RULE-8-19-1 -
CommaOperatorShouldNotBeUsed.ql
- RULE-8-20-1 -
UnsignedOperationWithConstantOperandsWraps.ql
- RULE-9-3-1 -
SwitchBodyCompoundCondition.ql
,LoopBodyCompoundCondition.ql
- RULE-9-4-1 -
IfElseIfEndCondition.ql
- RULE-9-6-1 -
GotoStatementShouldNotBeUsed.ql
- RULE-9-6-2 -
GotoReferenceALabelInSurroundingBlock.ql
- RULE-9-6-3 -
GotoShallJumpToLabelDeclaredLaterInTheFunction.ql
- RULE-9-6-4 -
FunctionDeclaredWithTheNoreturnAttributeReturn.ql
- RULE-9-6-5 -
NonVoidFunctionShallReturnAValueOnAllPaths.ql
- RULE-10-0-1 -
UseSingleLocalDeclarators.ql
,UseSingleGlobalOrMemberDeclarators.ql
- RULE-10-2-1 -
EnumerationNotDefinedWithAnExplicitUnderlyingType.ql
- RULE-10-4-1 -
AsmDeclarationShallNotBeUsed.ql
- RULE-11-3-2 -
DeclarationOfAnObjectIndirectionsLevel.ql
- RULE-11-6-3 -
NonUniqueEnumerationConstant.ql
- RULE-12-2-2 -
BitFieldShallHaveAnAppropriateType.ql
- RULE-12-2-3 -
SignedIntegerNamedBitFieldHaveALengthOfOneBit.ql
- RULE-13-1-2 -
VirtualAndNonVirtualClassInTheHierarchy.ql
- RULE-13-3-2 -
OverridingShallSpecifyDifferentDefaultArguments.ql
- RULE-13-3-4 -
PotentiallyVirtualPointerOnlyComparesToNullptr.ql
- RULE-15-1-1 -
ObjectsDynamicTypeUsedFromConstructorOrDestructor.ql
- RULE-15-1-2 -
InitializeAllVirtualBaseClasses.ql
- RULE-15-1-5 -
InitializerListConstructorIsTheOnlyConstructor.ql
- RULE-16-5-2 -
AddressOfOperatorOverloaded.ql
- RULE-17-8-1 -
FunctionTemplatesExplicitlySpecialized.ql
- RULE-18-1-1 -
ExceptionObjectHavePointerType.ql
- RULE-18-1-2 -
EmptyThrowOnlyWithinACatchHandler.ql
- RULE-18-3-3 -
HandlersReferToNonStaticMembersFromTheirClass.ql
- RULE-18-5-1 -
NoexceptFunctionShouldNotPropagateToTheCaller.ql
- RULE-19-0-2 -
FunctionLikeMacrosDefined.ql
- RULE-19-0-3 -
IncludeDirectivesPrecededByPreprocessorDirectives.ql
- RULE-19-1-3 -
IdentifiersUsedInTheControllingExpressionOf.ql
- RULE-19-2-3 -
CharsThatShouldNotOccurInHeaderFileName.ql
- RULE-19-3-1 -
AndPreprocessorOperatorsShouldNotBeUsed.ql
- RULE-19-3-2 -
MacroParameterFollowingHash.ql
- RULE-19-3-3 -
AMixedUseMacroArgumentSubjectToExpansion.ql
- RULE-19-3-5 -
TokensThatLookLikeDirectivesInAMacroArgument.ql
- RULE-21-2-1 -
AtofAtoiAtolAndAtollUsed.ql
- RULE-21-2-4 -
MacroOffsetofShallNotBeUsed.ql
- RULE-21-6-4 -
GlobalSizedOperatorDeleteShallBeDefined.ql
,GlobalUnsizedOperatorDeleteShallBeDefined.ql
- RULE-21-6-5 -
PointerToAnIncompleteClassTypeDeleted.ql
- RULE-21-10-3 -
CsignalFacilitiesUsed.ql
,CsignalTypesShallNotBeUsed.ql
- RULE-25-5-2 -
PointersReturnedByLocaleFunctionsMustBeUsedAsConst.ql
- RULE-25-5-3 -
CallToSetlocaleInvalidatesOldPointersMisra.ql
,CallToSetlocaleInvalidatesOldPointersWarnMisra.ql
- RULE-26-3-1 -
VectorShouldNotBeSpecializedWithBool.ql
- RULE-28-6-2 -
ForwardingReferencesAndForwardNotUsedTogether.ql
- RULE-28-6-3 -
ObjectUsedWhileInPotentiallyMovedFromState.ql
- RULE-30-0-1 -
CstdioFunctionsShallNotBeUsed.ql
,CstdioMacrosShallNotBeUsed.ql
,CstdioTypesShallNotBeUsed.ql
- RULE-30-0-2 -
ReadsAndWritesOnStreamNotSeparatedByPositioning.ql
v2.32.0
Release summary
- No new queries were added for this release
- The following changes have been made for this release:
A0-4-4
,FLP32-C
-UncheckedRangeDomainPoleErrors.ql
:- Fixes #193. Adds missing cases for domain errors, an unspecified result case and pole error cases.
M0-1-3
-UnusedGlobalOrNamespaceVariable.ql
- Reduces false positives by excluding compiler generated variables, and variables in uninstantiated templates.
A3-9-1
-VariableWidthIntegerTypesUsed.ql
:- Fixes #614. Excludes post increment and decrement operators.
M9-3-3
-MemberFunctionStaticIfPossible.ql
:- Fixes #616. Exclude uninstantiated templates.
RULE-8-3
-DeclarationsOfAnObjectSameNameAndType.ql
:- Fixes #618. Consider anonymous structs.
A3-1-5
-NonTrivialNonTemplateFunctionDefinedInsideClassDefinition.ql
,TrivialOrTemplateFunctionDefinedOutsideClassDefinition.ql
:- Fixes #611. Relax definition of trivial length of trivial member function to 10 LOC.
A7-1-1
-DeclarationUnmodifiedObjectMissingConstSpecifier.ql
:- Fixes #621. Exclude template instantiations that come from constexpr templates.
A7-1-7
-IdentifierDeclarationAndInitializationNotOnSeparateLines.ql
:
Supported versions
- The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
- The Code Scanning pack is supported when:
- Using the CodeQL CLI version
2.14.6
in conjunction with a copy of the CodeQL standard library for C++ (github/codeql
) set to the tagcodeql-cli/v2.14.6
. - Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.14.6.
- Using the CodeQL CLI version