Merge branch 'main' into lcartey/language-extensions-improvements

Author: nicolaswill

.github/workflows/codeql_unit_tests.yml

@@ -160,9 +160,16 @@ jobs:
 
   validate-test-results:
     name: Validate test results
+    if: ${{ always() }}
     needs: run-test-suites
     runs-on: ubuntu-22.04
     steps:
+      - name: Check if run-test-suites job failed to complete, if so fail
+        if: ${{ needs.run-test-suites.result == 'failure' }}
+        uses: actions/github-script@v3
+        with:
+          script: |
+            core.setFailed('Test run job failed')
       - name: Collect test results
         uses: actions/download-artifact@v3
 

.github/workflows/dispatch-matrix-check.yml

@@ -20,11 +20,20 @@ jobs:
         with:
           minimum-permission: "write"
 
+      - name: Generate token
+        id: generate-token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ vars.AUTOMATION_APP_ID }}
+          private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
+          owner: ${{ github.repository_owner }}
+          repositories: "codeql-coding-standards-release-engineering"
+
       - name: Dispatch Matrix Testing Job
         if: steps.check-write-permission.outputs.has-permission
         uses: peter-evans/repository-dispatch@v2
         with:
-          token: ${{ secrets.RELEASE_ENGINEERING_TOKEN }}
+          token: ${{ steps.generate-token.outputs.token }}
           repository: github/codeql-coding-standards-release-engineering
           event-type: matrix-test
           client-payload: '{"pr": "${{ github.event.number }}"}'

.github/workflows/dispatch-matrix-test-on-comment.yml

@@ -17,11 +17,20 @@ jobs:
         with:
           minimum-permission: "write"
 
+      - name: Generate token
+        id: generate-token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ vars.AUTOMATION_APP_ID }}
+          private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
+          owner: ${{ github.repository_owner }}
+          repositories: "codeql-coding-standards-release-engineering"
+
       - name: Dispatch Matrix Testing Job
         if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-matrix') && steps.check-write-permission.outputs.has-permission }}
         uses: peter-evans/repository-dispatch@v2
         with:
-          token: ${{ secrets.RELEASE_ENGINEERING_TOKEN }}
+          token: ${{ steps.generate-token.outputs.token }}
           repository: github/codeql-coding-standards-release-engineering
           event-type: matrix-test
           client-payload: '{"pr": "${{ github.event.issue.number }}"}'

.github/workflows/dispatch-release-performance-check.yml

@@ -17,11 +17,20 @@ jobs:
         with:
           minimum-permission: "write"
 
+      - name: Generate token
+        id: generate-token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ vars.AUTOMATION_APP_ID }}
+          private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
+          owner: ${{ github.repository_owner }}
+          repositories: "codeql-coding-standards-release-engineering"
+
       - name: Dispatch Performance Testing Job
         if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-performance') && steps.check-write-permission.outputs.has-permission }}
         uses: peter-evans/repository-dispatch@v2
         with:
-          token: ${{ secrets.RELEASE_ENGINEERING_TOKEN }}
+          token: ${{ steps.generate-token.outputs.token }}
           repository: github/codeql-coding-standards-release-engineering
           event-type: performance-test
           client-payload: '{"pr": "${{ github.event.issue.number }}"}'

.github/workflows/finalize-release.yml

@@ -103,7 +103,7 @@ jobs:
       - name: Generate token
         if: env.HOTFIX_RELEASE == 'false'
         id: generate-token
-        uses: actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e
+        uses: actions/create-github-app-token@v1
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}
           private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}

.github/workflows/prepare-release.yml

@@ -143,7 +143,7 @@ jobs:
 
       - name: Generate token
         id: generate-token
-        uses: actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e
+        uses: actions/create-github-app-token@v1
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}
           private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}

.github/workflows/update-release.yml

@@ -43,7 +43,7 @@ jobs:
 
       - name: Generate token
         id: generate-token
-        uses: actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e
+        uses: actions/create-github-app-token@v1
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}
           private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}

.github/workflows/validate-package-files.yml

@@ -56,4 +56,10 @@ jobs:
           find rule_packages/$LANGUAGE -name \*.json -exec basename {} .json \; | xargs python scripts/generate_rules/generate_package_files.py $LANGUAGE
           git diff
           git diff --compact-summary
-          git diff --quiet
+          git diff --quiet
+
+      - name: Validate Amendments
+        env:
+          LANGUAGE: ${{ matrix.language }}
+        run: |
+          python scripts/validate-amendments-csv.py $LANGUAGE

.github/workflows/validate-release.yml

@@ -40,7 +40,7 @@ jobs:
     steps:
       - name: Generate token
         id: generate-token
-        uses: actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e
+        uses: actions/create-github-app-token@v1
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}
           private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
@@ -108,7 +108,7 @@ jobs:
     steps:
       - name: Generate token
         id: generate-token
-        uses: actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e
+        uses: actions/create-github-app-token@v1
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}
           private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}

README.md

@@ -18,7 +18,11 @@ The following coding standards are supported:
 
 ## :construction: Standards under development :construction:
 
-- [MISRA C++ 2023](https://misra.org.uk/product/misra-cpp2023/) - under development _scheduled for release 2024 Q4_.
+The following standards are under active development:
+
+- [MISRA C++ 2023](https://misra.org.uk/product/misra-cpp2023/) - under development - _scheduled for release 2025 Q1_
+- [MISRA C 2023](https://misra.org.uk/product/misra-c2023/) - under development - _scheduled for release 2025 Q1_
+  - This includes the development of [MISRA C 2012 Amendment 3](https://misra.org.uk/app/uploads/2021/06/MISRA-C-2012-AMD3.pdf) and [MISRA C 2012 Amendment 4](https://misra.org.uk/app/uploads/2021/06/MISRA-C-2012-AMD4.pdf), which are incorporated into MISRA C 2023.
 
 ## How do I use the CodeQL Coding Standards Queries?
 

amendments.csv

@@ -0,0 +1,49 @@
+language,standard,amendment,rule_id,supportable,implementation_category,implemented,difficulty
+c,MISRA-C-2012,Amendment3,DIR-4-6,Yes,Expand,No,Easy
+c,MISRA-C-2012,Amendment3,DIR-4-9,Yes,Refine,No,Easy
+c,MISRA-C-2012,Amendment3,DIR-4-11,Yes,Refine,No,Import
+c,MISRA-C-2012,Amendment3,RULE-1-4,Yes,Replace,No,Easy
+c,MISRA-C-2012,Amendment3,RULE-10-1,Yes,Replace,No,Easy
+c,MISRA-C-2012,Amendment3,RULE-10-3,Yes,Refine,No,Easy
+c,MISRA-C-2012,Amendment3,RULE-10-4,Yes,Refine,No,Import
+c,MISRA-C-2012,Amendment3,RULE-10-5,Yes,Expand,No,Easy
+c,MISRA-C-2012,Amendment3,RULE-10-7,Yes,Refine,No,Import
+c,MISRA-C-2012,Amendment3,RULE-10-8,Yes,Refine,No,Import
+c,MISRA-C-2012,Amendment3,RULE-21-11,Yes,Clarification,No,Import
+c,MISRA-C-2012,Amendment3,RULE-21-12,Yes,Replace,No,Easy
+c,MISRA-C-2012,Amendment4,RULE-11-3,Yes,Expand,No,Easy
+c,MISRA-C-2012,Amendment4,RULE-11-8,Yes,Expand,No,Easy
+c,MISRA-C-2012,Amendment4,RULE-13-2,Yes,Expand,No,Very Hard
+c,MISRA-C-2012,Amendment4,RULE-18-6,Yes,Expand,No,Medium
+c,MISRA-C-2012,Amendment4,RULE-18-8,Yes,Split,No,Easy
+c,MISRA-C-2012,Corrigendum2,RULE-2-2,Yes,Clarification,No,Import
+c,MISRA-C-2012,Corrigendum2,RULE-2-7,Yes,Clarification,No,Import
+c,MISRA-C-2012,Corrigendum2,RULE-3-1,Yes,Refine,No,Easy
+c,MISRA-C-2012,Corrigendum2,RULE-8-6,Yes,Clarification,No,Import
+c,MISRA-C-2012,Corrigendum2,RULE-8-9,Yes,Clarification,No,Import
+c,MISRA-C-2012,Corrigendum2,RULE-9-4,Yes,Clarification,No,Import
+c,MISRA-C-2012,Corrigendum2,RULE-10-1,Yes,Clarification,No,Import
+c,MISRA-C-2012,Corrigendum2,RULE-18-3,Yes,Clarification,No,Import
+c,MISRA-C-2012,Corrigendum2,RULE-1-4,Yes,Replace,No,Easy
+c,MISRA-C-2012,Corrigendum2,RULE-9-1,Yes,Refine,No,Easy
+c,MISRA-C-2012,Corrigendum2,RULE-9-2,Yes,Refine,No,Import
+c,MISRA-C-2012,Corrigendum2,DIR-4-10,Yes,Clarification,No,Import
+c,MISRA-C-2012,Corrigendum2,RULE-7-4,Yes,Refine,No,Easy
+c,MISRA-C-2012,Corrigendum2,RULE-8-2,Yes,Clarification,No,Import
+c,MISRA-C-2012,Corrigendum2,RULE-8-3,Yes,Refine,No,Easy
+c,MISRA-C-2012,Corrigendum2,RULE-8-7,Yes,Clarification,No,Import
+c,MISRA-C-2012,Corrigendum2,RULE-10-2,Yes,Refine,No,Easy
+c,MISRA-C-2012,Corrigendum2,RULE-10-3,Yes,Clarification,No,Import
+c,MISRA-C-2012,Corrigendum2,RULE-11-3,Yes,Clarification,No,Import
+c,MISRA-C-2012,Corrigendum2,RULE-11-6,Yes,Clarification,No,Import
+c,MISRA-C-2012,Corrigendum2,RULE-13-2,Yes,Clarification,No,Import
+c,MISRA-C-2012,Corrigendum2,RULE-13-6,Yes,Clarification,No,Import
+c,MISRA-C-2012,Corrigendum2,RULE-14-3,Yes,Refine,No,Easy
+c,MISRA-C-2012,Corrigendum2,RULE-15-7,Yes,Clarification,No,Import
+c,MISRA-C-2012,Corrigendum2,RULE-17-4,Yes,Clarification,No,Import
+c,MISRA-C-2012,Corrigendum2,RULE-17-5,Yes,Clarification,No,Import
+c,MISRA-C-2012,Corrigendum2,RULE-18-1,Yes,Refine,No,Easy
+c,MISRA-C-2012,Corrigendum2,RULE-20-14,No,Clarification,No,Import
+c,MISRA-C-2012,Corrigendum2,RULE-21-19,Yes,Clarification,No,Import
+c,MISRA-C-2012,Corrigendum2,RULE-21-20,Yes,Refine,No,Easy
+c,MISRA-C-2012,Corrigendum2,RULE-22-9,Yes,Clarification,No,Import

c/cert/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cert-c-coding-standards
-version: 2.35.0-dev
+version: 2.36.0-dev
 description: CERT C 2016
 suites: codeql-suites
 license: MIT

c/cert/src/rules/SIG31-C/DoNotAccessSharedObjectsInSignalHandlers.ql

@@ -21,18 +21,19 @@ import codingstandards.c.Signal
  */
 class UnsafeSharedVariableAccess extends VariableAccess {
   UnsafeSharedVariableAccess() {
-    // static or thread local storage duration
-    (
-      this.getTarget() instanceof StaticStorageDurationVariable or
-      this.getTarget().isThreadLocal()
-    ) and
     // excluding `volatile sig_atomic_t` type
     not this.getType().(SigAtomicType).isVolatile() and
-    // excluding lock-free atomic objects
-    not exists(MacroInvocation mi, VariableAccess va |
-      mi.getMacroName() = "atomic_is_lock_free" and
-      mi.getExpr().getChild(0) = va.getEnclosingElement*() and
-      va.getTarget() = this.getTarget()
+    exists(Variable target | target = this.getTarget() |
+      // static or thread local storage duration
+      (
+        target instanceof StaticStorageDurationVariable or
+        target.isThreadLocal()
+      ) and
+      // excluding lock-free atomic objects
+      not exists(MacroInvocation mi, VariableAccess va | va.getTarget() = target |
+        mi.getMacroName() = "atomic_is_lock_free" and
+        mi.getExpr().getChild(0) = va.getEnclosingElement*()
+      )
     )
   }
 }

c/cert/test/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cert-c-coding-standards-tests
-version: 2.35.0-dev
+version: 2.36.0-dev
 extractor: cpp
 license: MIT
 dependencies:

c/common/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/common-c-coding-standards
-version: 2.35.0-dev
+version: 2.36.0-dev
 license: MIT
 dependencies:
   codeql/common-cpp-coding-standards: '*'

c/common/test/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/common-c-coding-standards-tests
-version: 2.35.0-dev
+version: 2.36.0-dev
 extractor: cpp
 license: MIT
 dependencies:

c/common/test/rules/functionnoreturnattributecondition/FunctionNoReturnAttributeCondition.expected

@@ -0,0 +1,3 @@
+| test.c:9:16:9:31 | test_noreturn_f2 | The function test_noreturn_f2 declared with attribute _Noreturn returns a value. |
+| test.c:34:16:34:31 | test_noreturn_f5 | The function test_noreturn_f5 declared with attribute _Noreturn returns a value. |
+| test.c:49:32:49:47 | test_noreturn_f7 | The function test_noreturn_f7 declared with attribute _Noreturn returns a value. |

c/common/test/rules/functionnoreturnattributecondition/FunctionNoReturnAttributeCondition.ql

@@ -0,0 +1,4 @@
+// GENERATED FILE - DO NOT MODIFY
+import codingstandards.cpp.rules.functionnoreturnattributecondition.FunctionNoReturnAttributeCondition
+
+class TestFileQuery extends FunctionNoReturnAttributeConditionSharedQuery, TestQuery { }

c/common/test/rules/functionnoreturnattributecondition/test.c

@@ -0,0 +1,88 @@
+#include "setjmp.h"
+#include "stdlib.h"
+#include "threads.h"
+
+_Noreturn void test_noreturn_f1(int i) { // COMPLIANT
+  abort();
+}
+
+_Noreturn void test_noreturn_f2(int i) { // NON_COMPLIANT
+  if (i > 0) {
+    abort();
+  }
+  if (i < 0) {
+    abort();
+  }
+}
+
+_Noreturn void test_noreturn_f3(int i) { // COMPLIANT
+  if (i > 0) {
+    abort();
+  }
+  exit(1);
+}
+
+void test_noreturn_f4(int i) { // COMPLIANT
+  if (i > 0) {
+    abort();
+  }
+  if (i < 0) {
+    abort();
+  }
+}
+
+_Noreturn void test_noreturn_f5(int i) { // NON_COMPLIANT
+  if (i > 0) {
+    abort();
+  }
+}
+
+_Noreturn void test_noreturn_f6(int i) { // COMPLIANT
+  if (i > 0) {
+    abort();
+  }
+  while (1) {
+    i = 5;
+  }
+}
+
+__attribute__((noreturn)) void test_noreturn_f7(int i) { // NON_COMPLIANT
+  if (i > 0) {
+    abort();
+  }
+}
+
+__attribute__((noreturn)) void test_noreturn_f8(int i) { // COMPLIANT
+  abort();
+}
+
+_Noreturn void test_noreturn_f9(int i) { // COMPLIANT
+  test_noreturn_f1(i);
+}
+
+_Noreturn void test_noreturn_f10(int i) { // COMPLIANT
+  switch (i) {
+  case 0:
+    abort();
+    break;
+  case 1:
+    exit(0);
+    break;
+  case 2:
+    _Exit(0);
+    break;
+  case 3:
+    quick_exit(0);
+    break;
+  case 4:
+    thrd_exit(0);
+    break;
+  default:
+    jmp_buf jb;
+    longjmp(jb, 0);
+  }
+}
+
+_Noreturn void test_noreturn_f11(int i) { // COMPLIANT
+  return test_noreturn_f11(i);
+}

c/misra/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/misra-c-coding-standards
-version: 2.35.0-dev
+version: 2.36.0-dev
 description: MISRA C 2012
 suites: codeql-suites
 license: MIT

c/misra/src/rules/RULE-10-7/ImplicitConversionOfCompositeExpression.ql

@@ -18,6 +18,12 @@ import codingstandards.c.misra
 import codingstandards.c.misra.EssentialTypes
 import codingstandards.c.misra.MisraExpressions
 
+bindingset[essentialTypeLeft, essentialTypeRight]
+pragma[inline_late]
+predicate isSameEssentialTypeCategory(Type essentialTypeLeft, Type essentialTypeRight) {
+  getEssentialTypeCategory(essentialTypeLeft) = getEssentialTypeCategory(essentialTypeRight)
+}
+
 from
   OperationWithUsualArithmeticConversions arith, CompositeExpression compositeOp, Expr otherOp,
   Type compositeEssentialType, Type otherOpEssentialType
@@ -32,7 +38,7 @@ where
   // Operands of a different type category in an operation with the usual arithmetic conversions is
   // prohibited by Rule 10.4, so we only report cases here where the essential type categories are
   // the same
-  getEssentialTypeCategory(compositeEssentialType) = getEssentialTypeCategory(otherOpEssentialType)
+  isSameEssentialTypeCategory(compositeEssentialType, otherOpEssentialType)
 select arith,
   "Implicit conversion of $@ from " + compositeEssentialType + " to " + otherOpEssentialType,
   compositeOp, "composite op"