Update CodeQL to 2.9.4

* Bump codeql submodule
* Update test expectations for new flow paths
* Fix braced initialization detection in A8-5-3
* Update symbol location in expected test output
* Fix M0-1-4 to ignore compiler-generated accesses
* Fix A0-1-5 performance issue with CodeQL 2.9.4
* Fix performance for A10-2-1 and M10-2-1 with QL 2.9.4

Co-authored-by: Jeroen Ketema <jketema@github.com>

Author: mbaluda

change_notes/2022-08-31-update-to-CodeQL-2.9.4.md

@@ -0,0 +1,8 @@
+- `M0-1-4` - `SingleUsePODVariable.ql`
+  - This rule no longer considers compiler-generated access to a variable when determining if the variable has a single use.
+- `A8-5-3` - `AvoidAutoWithBracedInitialization.ql`:
+  - Fix regression where `auto x{0}` was no longer detected as a braced initialization with type `auto` with the latest CodeQL versions.
+  - No longer falsely detect cases where braced initialization was not used, but where the inferred type would be `std::initializer_list`.
+- `A7-3-1` - `DefinitionNotConsideredForUnqualifiedLookup.ql`
+  - The locations reported for names occurring in using-declarations has improved in the latest CodeQL versions.
+- Updated the CodeQL version to `2.9.4`.

codeql_modules/codeql

@@ -29,8 +29,8 @@ where
   not f instanceof Operator and
   (
     exists(MemberFunction shadowingFunction |
-      getPublicOrPrivateDerivedClass+(f.getDeclaringType()) = shadowingFunction.getDeclaringType() and
-      f.getName() = shadowingFunction.getName() and
+      getPublicOrPrivateDerivedClass+(f.getDeclaringType()) = subclass and
+      f.getName() = pragma[only_bind_out](shadowingFunction.getName()) and
       e = shadowingFunction and
       description = "this member function" and
       subclass = shadowingFunction.getDeclaringType()

cpp/autosar/src/rules/A10-2-1/NonVirtualPublicOrProtectedFunctionsRedefined.ql

@@ -21,5 +21,5 @@ from Variable v
 where
   not isExcluded(v, InitializationPackage::avoidAutoWithBracedInitializationQuery()) and
   v.getTypeWithAuto().getUnspecifiedType() instanceof AutoType and
-  v.getType().getUnspecifiedType().(Class).hasQualifiedName("std", "initializer_list")
+  v.getInitializer().isBraced()
 select v, "Variable " + v.getName() + " of type auto uses braced initialization."

cpp/autosar/src/rules/A8-5-3/AvoidAutoWithBracedInitialization.ql

@@ -10,8 +10,9 @@ int getUseCount(Variable v) {
     // We enforce that it's a POD type variable, so if it has an initializer it is explicit
     (if v.hasInitializer() then initializers = 1 else initializers = 0) and
     result =
-      initializers + count(v.getAnAccess()) +
-        count(UserProvidedConstructorFieldInit cfi | cfi.getTarget() = v)
+      initializers +
+        count(VariableAccess access | access = v.getAnAccess() and not access.isCompilerGenerated())
+        + count(UserProvidedConstructorFieldInit cfi | cfi.getTarget() = v)
   )
 }
 
@@ -23,7 +24,9 @@ Element getSingleUse(Variable v) {
     or
     result = any(UserProvidedConstructorFieldInit cfi | cfi.getTarget() = v)
     or
-    result = v.getAnAccess()
+    exists(VariableAccess access |
+      access = v.getAnAccess() and not access.isCompilerGenerated() and result = access
+    )
   )
 }
 

cpp/autosar/src/rules/M0-1-4/SingleUsePODVariable.qll

@@ -54,8 +54,8 @@ where
   // and the declaring types of both declarations are not in the same inheritance hierarchy
   not decl1.getDeclaringType().getABaseClass*() = decl2.getDeclaringType().getABaseClass*() and
   // and both declarations are accessible from 'derived'
-  decl1.isAccessibleFromClass(derived) and
-  decl2.isAccessibleFromClass(derived) and
+  pragma[only_bind_into](decl1).isAccessibleFromClass(derived) and
+  pragma[only_bind_into](decl2).isAccessibleFromClass(derived) and
   // and the declaring type name (DTN) of decl1 is less than the DTN of decl2 (remove permutations)
   decl1 =
     rank[1](MemberEntityDeclaration decl |

cpp/autosar/src/rules/M10-2-1/UniqueAccessibleEntityNamesInMultipleInheritance.ql

@@ -1 +1 @@
-| test.cpp:42:6:42:7 | declaration of f1 | Definition for 'f1' is not available for unqualified lookup because it is declared after $@ | test.cpp:39:1:39:13 | using f1 | using-declaration |
+| test.cpp:42:6:42:7 | declaration of f1 | Definition for 'f1' is not available for unqualified lookup because it is declared after $@ | test.cpp:39:12:39:13 | using f1 | using-declaration |

cpp/autosar/test/rules/A7-3-1/DefinitionNotConsideredForUnqualifiedLookup.expected

@@ -1,11 +1,12 @@
 #include <initializer_list>
 
 void test() {
-  auto a1(1);       // COMPLIANT
-  auto a2{1};       // NON_COMPLIANT
-  auto a3 = 1;      // COMPLIANT
-  auto a4 = {1};    // NON_COMPLIANT
-  int a5 = {1};     // COMPLIANT
-  const auto a6(1); // COMPLIANT
-  const auto a7{1}; // NON_COMPLIANT
+  auto a1(1);                             // COMPLIANT
+  auto a2{1};                             // NON_COMPLIANT
+  auto a3 = 1;                            // COMPLIANT
+  auto a4 = {1};                          // NON_COMPLIANT
+  int a5 = {1};                           // COMPLIANT
+  const auto a6(1);                       // COMPLIANT
+  const auto a7{1};                       // NON_COMPLIANT
+  auto a8 = std::initializer_list<int>(); // COMPLIANT
 }

cpp/autosar/test/rules/A8-5-3/test.cpp

@@ -66,7 +66,7 @@ private newtype TParameterEquivalenceClass =
  */
 class ParameterEquivalenceClass extends TParameterEquivalenceClass {
   /** Gets a `Function` whose `Parameter` at `index` is part of the equivalence class. */
-  pragma[noinline]
+  pragma[nomagic]
   private Function getAFunction(int index) {
     exists(string qualifiedName, string typeSig |
       functionSignature(result, qualifiedName, typeSig) and

cpp/common/src/codingstandards/cpp/FunctionEquivalence.qll

@@ -11,21 +11,14 @@ edges
 | test.cpp:3:14:3:15 | v1 | test.cpp:6:31:6:33 | call to get |
 | test.cpp:3:14:3:15 | v1 | test.cpp:7:28:7:29 | v2 |
 | test.cpp:4:13:4:14 | v1 | test.cpp:7:28:7:29 | v2 |
-| test.cpp:5:27:5:28 | v1 | ../../includes/standard-library/memory.h:76:17:76:19 | ptr |
 | test.cpp:5:27:5:29 | call to shared_ptr | test.cpp:6:31:6:33 | call to get |
-| test.cpp:6:31:6:33 | call to get | ../../includes/standard-library/memory.h:76:17:76:19 | ptr |
-| test.cpp:6:31:6:33 | call to get | ../../includes/standard-library/memory.h:76:17:76:19 | ptr |
-| test.cpp:7:28:7:29 | v2 | ../../includes/standard-library/memory.h:76:17:76:19 | ptr |
-| test.cpp:7:28:7:29 | v2 | ../../includes/standard-library/memory.h:76:17:76:19 | ptr |
 | test.cpp:8:8:8:14 | 0 | test.cpp:9:28:9:29 | v2 |
-| test.cpp:9:28:9:29 | v2 | ../../includes/standard-library/memory.h:76:17:76:19 | ptr |
 | test.cpp:10:8:10:17 | new | test.cpp:11:28:11:29 | v2 |
 | test.cpp:10:8:10:17 | new | test.cpp:11:28:11:29 | v2 |
 | test.cpp:10:8:10:17 | new | test.cpp:12:28:12:29 | v2 |
 | test.cpp:11:28:11:29 | ref arg v2 | test.cpp:12:28:12:29 | v2 |
 | test.cpp:11:28:11:29 | v2 | ../../includes/standard-library/memory.h:76:17:76:19 | ptr |
 | test.cpp:11:28:11:29 | v2 | test.cpp:11:28:11:29 | ref arg v2 |
-| test.cpp:12:28:12:29 | v2 | ../../includes/standard-library/memory.h:76:17:76:19 | ptr |
 | test.cpp:16:13:16:22 | new | test.cpp:17:27:17:28 | v1 |
 | test.cpp:16:13:16:22 | new | test.cpp:17:27:17:28 | v1 |
 | test.cpp:16:13:16:22 | new | test.cpp:19:6:19:7 | v1 |

cpp/common/test/rules/ownedpointervaluestoredinunrelatedsmartpointer/OwnedPointerValueStoredInUnrelatedSmartPointer.expected

@@ -1,9 +1,9 @@
 {
   "supported_environment": [
     {
-      "codeql_cli": "2.7.6",
-      "codeql_standard_library": "codeql-cli/v2.7.6",
-      "codeql_cli_bundle": "codeql-bundle-20220120"
+      "codeql_cli": "2.9.4",
+      "codeql_standard_library": "codeql-cli/v2.9.4",
+      "codeql_cli_bundle": "codeql-bundle-20220615"
     }
   ], 
   "supported_language" : [