Skip to content

DO NOT MERGE test misra23 #587

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 9 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 7 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,15 @@ This repository contains CodeQL queries and libraries which support various Codi

The following coding standards are supported:
- [AUTOSAR - Guidelines for the use of C++14 language in critical and safety-related systems (Releases R22-11, R20-11, R19-11 and R19-03)](https://www.autosar.org/fileadmin/standards/R22-11/AP/AUTOSAR_RS_CPP14Guidelines.pdf).
- [MISRA C++:2008](https://www.misra.org.uk) (support limited to the rules specified in AUTOSAR).
- [SEI CERT C++ Coding Standard: Rules for Developing Safe, Reliable, and Secure Systems (2016 Edition)](https://resources.sei.cmu.edu/library/asset-view.cfm?assetID=494932)
- [SEI CERT C Coding Standard: Rules for Developing Safe, Reliable, and Secure Systems (2016 Edition)](https://resources.sei.cmu.edu/downloads/secure-coding/assets/sei-cert-c-coding-standard-2016-v01.pdf)
- [MISRA C 2012](https://www.misra.org.uk/product/misra-c2012-third-edition-first-revision/).
- [MISRA C 2012, 3rd Edition, 1st revision](https://www.misra.org.uk/product/misra-c2012-third-edition-first-revision/) (incoporating Amendment 1 & Technical Corrigendum 1). In addition, we support the following additional amendments and technical corrigendums:
- [MISRA C 2012 Amendment 2](https://misra.org.uk/app/uploads/2021/06/MISRA-C-2012-AMD2.pdf)
- [MISRA C 2012 Technical Corrigendum 2](https://misra.org.uk/app/uploads/2022/04/MISRA-C-2012-TC2.pdf)

## :construction: Standards under development :construction:

- [MISRA C++ 2023](https://misra.org.uk/product/misra-cpp2023/) - under development _scheduled for release 2024 Q4_.

## How do I use the CodeQL Coding Standards Queries?

Expand Down
19 changes: 18 additions & 1 deletion cpp/common/src/codingstandards/cpp/exclusions/cpp/DeadCode.qll
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,8 @@ newtype DeadCodeQuery =
TSingleUseLocalPODVariableQuery() or
TSingleUseGlobalOrNamespacePODVariableQuery() or
TSingleUseMemberPODVariableQuery() or
TDeadCodeQuery()
TDeadCodeQuery() or
TFunctionContainUnreachableStatementsQuery()

predicate isDeadCodeQueryMetadata(Query query, string queryId, string ruleId, string category) {
query =
Expand Down Expand Up @@ -165,6 +166,15 @@ predicate isDeadCodeQueryMetadata(Query query, string queryId, string ruleId, st
"cpp/autosar/dead-code" and
ruleId = "M0-1-9" and
category = "required"
or
query =
// `Query` instance for the `functionContainUnreachableStatements` query
DeadCodePackage::functionContainUnreachableStatementsQuery() and
queryId =
// `@id` for the `functionContainUnreachableStatements` query
"cpp/misra/function-contain-unreachable-statements" and
ruleId = "RULE-0-0-1" and
category = "required"
}

module DeadCodePackage {
Expand Down Expand Up @@ -279,4 +289,11 @@ module DeadCodePackage {
// `Query` type for `deadCode` query
TQueryCPP(TDeadCodePackageQuery(TDeadCodeQuery()))
}

Query functionContainUnreachableStatementsQuery() {
//autogenerate `Query` type
result =
// `Query` type for `functionContainUnreachableStatements` query
TQueryCPP(TDeadCodePackageQuery(TFunctionContainUnreachableStatementsQuery()))
}
}
1 change: 1 addition & 0 deletions cpp/common/test/options
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
semmle-extractor-options:--clang -std=c++17 -nostdinc++ -I../../../../common/test/includes/standard-library -I../../../../common/test/includes/custom-library
10 changes: 10 additions & 0 deletions cpp/misra/src/codeql-suites/misra-default.qls
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
- description: MISRA C++ 2023 (Default)
- qlpack: codeql/misra-cpp-coding-standards
- include:
kind:
- problem
- path-problem
- exclude:
tags contain:
- external/misra/audit
- external/misra/default-disabled
12 changes: 12 additions & 0 deletions cpp/misra/src/codeql-suites/misra-single-translation-unit.qls
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
- description: MISRA C++ 2023 (Single Translation Unit)
- qlpack: codeql/misra-cpp-coding-standards
- include:
kind:
- problem
- path-problem
tags contain:
- scope/single-translation-unit
- exclude:
tags contain:
- external/misra/audit
- external/misra/default-disabled
4 changes: 4 additions & 0 deletions cpp/misra/src/codingstandards/cpp/misra.qll
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
import cpp
import misra.Customizations
import codingstandards.cpp.CodingStandards
import codingstandards.cpp.exclusions.cpp.RuleMetadata
8 changes: 8 additions & 0 deletions cpp/misra/src/codingstandards/cpp/misra/Customizations.qll
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
/**
* Contains customizations to the MISRA C++ query rules.
*
* This module is imported by `misra.qll`, so any customizations defined here
* automatically apply to all MISRA C++ queries.
*/

import cpp
4 changes: 2 additions & 2 deletions cpp/misra/src/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
name: codeql/misra-cpp-coding-standards
version: 2.29.0-dev
description: MISRA C++ 2008
version: 2.28.0-dev
description: MISRA C++ 2023
suites: codeql-suites
license: MIT
dependencies:
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
/**
* @id cpp/misra/function-contain-unreachable-statements
* @name RULE-0-0-1: A function shall not contain unreachable statements
* @description Unreachable statements can indicate a mistake on the part of the programmer.
* @kind problem
* @precision high
* @problem.severity error
* @tags external/misra/id/rule-0-0-1
* scope/single-translation-unit
* readability
* maintainability
* external/misra/enforcement/decidable
* external/misra/obligation/required
*/

import cpp
import codingstandards.cpp.misra

from Expr x
where not isExcluded(x, DeadCodePackage::functionContainUnreachableStatementsQuery())
select x, "none"
1 change: 1 addition & 0 deletions cpp/misra/test/options
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
semmle-extractor-options:--clang -std=c++17 -nostdinc++ -I../../../../common/test/includes/standard-library -I../../../../common/test/includes/custom-library
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
| test.cpp:1:26:1:28 | arg | none |
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
rules/RULE-0-0-1/FunctionContainUnreachableStatements.ql
1 change: 1 addition & 0 deletions cpp/misra/test/rules/RULE-0-0-1/test.cpp
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
int f1(int arg) { return arg; }
2 changes: 1 addition & 1 deletion docs/design/guideline_recategorization.md
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,7 @@ The *effective category* is the category whose policy is applied during the eval
The policy of a category dictates if a result can be deviated from and implements the effect described in the design section.
The existing exclusion mechanism implemented in the predicate `isExcluded` defined in the `Exclusions.qll` library will be updated to consider the applicable policy of a guideline.

Note: This changes the behavior of deviations which will no longer have an impact on Mandatory guidelines! However, this will only affect MISRA C rules because there are no MISRA C++ Guidelines with a Mandatory category.
Note: This changes the behavior of deviations which will no longer have an impact on Mandatory MISRA guidelines!

### Specification validation

Expand Down
10 changes: 2 additions & 8 deletions docs/development_handbook.md
Original file line number Diff line number Diff line change
Expand Up @@ -39,17 +39,11 @@
| 0.29.1 | 2023-10-11 | Remco Vermeulen | Address Markdown linter problems. |
| 0.30.0 | 2023-11-14 | Remco Vermeulen | Clarify release steps in case of a hotfix release. |
| 0.31.0 | 2024-02-23 | Remco Vermeulen | Clarify the required use of Python version 3.9 |
| 0.32.0 | 2024-05-01 | Luke Cartey | Refer to the user manual for the list of supported standards. |

## Scope of work

A *coding standard* is a set of rules or guidelines which restrict or prohibit the use of certain dangerous or confusing coding patterns or language features. This repository contains CodeQL queries (and supporting processes) which implement a number of different coding standards. The currently supported standards are:

| Standard | Version | Total rules | Total supportable rules | Status | Notes |
| -------------------------------------------------------------------------------------------------------------------- | ------- | ----------- | ----------------------- | -------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- |
| [AUTOSAR C++](https://www.autosar.org/fileadmin/standards/R22-11/AP/AUTOSAR_RS_CPP14Guidelines.pdf) | R22-11, R21-11, R20-11, R19-11, R19-03 | 397 | 375 | Implemented | |
| [CERT-C++](https://resources.sei.cmu.edu/downloads/secure-coding/assets/sei-cert-cpp-coding-standard-2016-v01.pdf) | 2016 | 83 | 83 | Implemented | AUTOSAR includes a sub-set of rules take from MISRA C++ 2008, which can be purchased for a small fee from [the MISRA website](https://misra.org.uk/shop). |
| [CERT-C](https://resources.sei.cmu.edu/downloads/secure-coding/assets/sei-cert-c-coding-standard-2016-v01.pdf) | 2016 | 120 | 99 | In development | The implementation excludes rules not part of 2016, but that are added to the [CERT-C wiki](https://wiki.sei.cmu.edu/confluence/display/c/) |
| [MISRA C](https://www.misra.org.uk/product/misra-c2012-third-edition-first-revision/ ) | 2012 | 172 | 172 | In development | This includes the [MISRA C:2012 Amendment 2](https://www.misra.org.uk/app/uploads/2021/06/MISRA-C-2012-AMD2.pdf) |
A *coding standard* is a set of rules or guidelines which restrict or prohibit the use of certain dangerous or confusing coding patterns or language features. This repository contains CodeQL queries (and supporting processes) which implement a number of different coding standards. The currently supported standards are documented in the [user manual](user_manual.md).

Each coding standard consists of a list of "guidelines", however not all the guidelines in all the standards will be amenable to automated static analysis. The AUTOSAR C++ standard categorizes the guidelines according to enforcement by static analysis tools in section *5.1.3 Rule classification according to enforcement by static analysis* of the standard. The CERT-C++ standard does not provide such categorization, but frequently has a [documented](https://wiki.sei.cmu.edu/confluence/display/cplusplus/How+this+Coding+Standard+Is+Organized#HowthisCodingStandardIsOrganized-AutomatedDetection) automated detection section for guidelines that documents tools, including their limitations, that can verify the guidelines in question. We have therefore carefully reviewed each supported standard. For each guidelines that is not categorized as automatic enforceable we have determined,in conjunction with end users, what parts of the guideline can be supported in which capacity with CodeQL.

Expand Down
11 changes: 7 additions & 4 deletions docs/user_manual.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
| 0.18.0 | 2024-01-30 | Luke Cartey | Update product description and coverage table. |
| 0.19.0 | 2024-02-23 | Remco Vermeulen | Clarify the required use of Python version 3.9. |
| 0.20.0 | 2024-02-23 | Remco Vermeulen | Add table describing the permitted guideline re-categorizations. |
| 0.21.0 | 2024-05-01 | Luke Cartey | Add MISRA C++ 2023 as under development, and clarify MISRA C 2012 coverage. |

## Release information

Expand Down Expand Up @@ -54,10 +55,11 @@ The _CodeQL Coding Standards_ product is a set of CodeQL queries for identifying

| Standard | Version | Rules | Supportable rules | Implemented rules | Status |
| -------------------------------------------------------------------------------------------------------------------- | ------- | ----------- | ----------------------- | ----------------- | ------- |
| [AUTOSAR C++](https://www.autosar.org/fileadmin/standards/R22-11/AP/AUTOSAR_RS_CPP14Guidelines.pdf) | [^1] R22-11, R21-11, R20-11, R19-11, R19-03 | 397 | 372 | 370[^2] | Implemented |
| [CERT-C++](https://resources.sei.cmu.edu/downloads/secure-coding/assets/sei-cert-cpp-coding-standard-2016-v01.pdf) | 2016 | 83 | 82 | 82 | Implemented |
| [CERT C](https://resources.sei.cmu.edu/downloads/secure-coding/assets/sei-cert-c-coding-standard-2016-v01.pdf) | 2016 | 99 | 97 | 97 | Implemented |
| [MISRA C](https://www.misra.org.uk/product/misra-c2012-third-edition-first-revision/) | 2012 | 175 | 164 | 162[^3] | Implemented |
| AUTOSAR C++ | [^1] [R22-11](https://www.autosar.org/fileadmin/standards/R22-11/AP/AUTOSAR_RS_CPP14Guidelines.pdf), R21-11, R20-11, R19-11, R19-03 | 397 | 372 | 370[^2] | Implemented |
| CERT-C++ | [2016](https://resources.sei.cmu.edu/downloads/secure-coding/assets/sei-cert-cpp-coding-standard-2016-v01.pdf) | 83 | 82 | 82 | Implemented |
| CERT C | [2016](https://resources.sei.cmu.edu/downloads/secure-coding/assets/sei-cert-c-coding-standard-2016-v01.pdf) | 99 | 97 | 97 | Implemented |
| MISRA C | [2012 Third Edition, First Revision](](https://www.misra.org.uk/product/misra-c2012-third-edition-first-revision/)), and [Amendment 2](https://misra.org.uk/app/uploads/2021/06/MISRA-C-2012-AMD2.pdf) and TC2 | 175 | 164 | 162[^3] | Implemented |
| MISRA C++ | [2023](https://misra.org.uk/product/misra-cpp2023/) | 179 | 176[^4] | 0 | Under development |

Not all rules in these standards are amenable to static analysis by CodeQL - some rules require external or domain specific knowledge to validate, or refer to properties which are not present in our representation of the codebase under analysis. In addition, some rules are natively enforced by the supported compilers. As CodeQL requires that the program under analysis compiles, we are unable to implement queries for these rules, and doing so would be redundant.

Expand All @@ -73,6 +75,7 @@ The datasheet _"CodeQL Coding Standards: supported rules"_, provided with each r
[^1]: AUTOSAR C++ versions R22-11, R21-11, R20-11, R19-11 and R19-03 are all identical as indicated in the document change history.
[^2]: The unimplemented supportable AUTOSAR rules are `A7-1-8` and `A8-2-1`. These rules require additional support in the CodeQL CLI to ensure the required information is available in the CodeQL database to identify violations of these rules.
[^3]: The unimplemented supportable MISRA C 2012 rules are `Rule 9.5` and `Dir 4.14`. `Rule 9.5` requires additional support in the CodeQL CLI to ensure the required information is available in the CodeQL database to identify violations of these rules. `Dir 4.14` is covered by the default CodeQL queries, which identify potential security vulnerabilities caused by not validating external input.
[^4]: The rules 5.13.7, 19.0.1 and 19.1.2 are not planned to be implemented by CodeQL as they are compiler checked in all supported compilers.

## Supported environment

Expand Down
26 changes: 25 additions & 1 deletion rule_packages/cpp/DeadCode.json
Original file line number Diff line number Diff line change
Expand Up @@ -349,5 +349,29 @@
],
"title": "There shall be no dead code."
}
},
"MISRA-C++-2023": {
"RULE-0-0-1": {
"properties": {
"enforcement": "decidable",
"obligation": "required"
},
"queries": [
{
"description": "Unreachable statements can indicate a mistake on the part of the programmer.",
"kind": "problem",
"name": "A function shall not contain unreachable statements",
"precision": "high",
"severity": "error",
"short_name": "FunctionContainUnreachableStatements",
"tags": [
"scope/single-translation-unit",
"readability",
"maintainability"
]
}
],
"title": "A function shall not contain unreachable statements"
}
}
}
}
Loading
Loading