Merge branch 'main' into automation/version-bump-2.11.0-dev

Author: lcartey

.github/workflows/bump-version.yml

@@ -10,7 +10,7 @@ on:
 jobs:
 
   apply-version-bump:
-    runs-on: ubuntu-latest 
+    runs-on: ubuntu-22.04
     name: Apply Version Bump
     steps:
         - name: Checkout 

.github/workflows/code-scanning-pack-gen.yml

@@ -19,7 +19,7 @@ env:
 jobs:
   prepare-code-scanning-pack-matrix:
     name: Prepare CodeQL Code Scanning pack matrix
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     outputs:
       matrix: ${{ steps.export-code-scanning-pack-matrix.outputs.matrix }}
     steps:

.github/workflows/codeql_unit_tests.yml

@@ -14,7 +14,7 @@ on:
 jobs:
   prepare-unit-test-matrix:
     name: Prepare CodeQL unit test matrix
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     outputs:
       matrix: ${{ steps.export-unit-test-matrix.outputs.matrix }}
     steps:
@@ -157,7 +157,7 @@ jobs:
   validate-test-results:
     name: Validate test results
     needs: [run-test-suites]
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Collect test results
         uses: actions/download-artifact@v2

.github/workflows/create-draft-release.yml

@@ -21,7 +21,7 @@ on:
 jobs:
   create-draft-release:
     name: Create draft release
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     env:      
       # AWS CONFIGURATION
       AWS_EC2_INSTANCE_TYPE: ${{ github.event.inputs.aws_ec2_instance_type }}

.github/workflows/generate-html-docs.yml

@@ -15,7 +15,7 @@ on:
 jobs:
   generate-html-doc:
     name: Generate HTML documentation
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Checkout
         uses: actions/checkout@v2

.github/workflows/standard_library_upgrade_tests.yml

@@ -14,7 +14,7 @@ on:
 jobs:
   prepare-unit-test-matrix:
     name: Prepare CodeQL unit test matrix
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     outputs:
       matrix: ${{ steps.export-unit-test-matrix.outputs.matrix }}
     steps:
@@ -154,7 +154,7 @@ jobs:
   validate-test-results:
     name: Validate test results
     needs: [run-test-suites]
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Install Python
         uses: actions/setup-python@v4

.github/workflows/upgrade_codeql_dependencies.yml

@@ -20,7 +20,7 @@ jobs:
     env:
       CODEQL_CLI_VERSION: ${{ github.event.inputs.codeql_cli_version }}
       CODEQL_LIB_COMMIT: ${{ github.event.inputs.codeql_standard_library_commit }}
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Checkout
         uses: actions/checkout@v2

.github/workflows/validate-coding-standards.yml

@@ -18,7 +18,7 @@ env:
 jobs:
   validate-package-files:
     name: Validate Package Files
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -63,7 +63,7 @@ jobs:
 
   validate-codeql-format:
     name: "Validate CodeQL Format"
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -94,7 +94,7 @@ jobs:
 
   validate-query-help-files:
     name: Validate Query Help Files
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -129,7 +129,7 @@ jobs:
 
   validate-cpp-test-files:
     name: Validate C++ Test Files
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -152,7 +152,7 @@ jobs:
 
   validate-c-test-files:
     name: Validate C Test Files
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Checkout
         uses: actions/checkout@v2

c/cert/src/rules/ERR30-C/ErrnoNotSetToZero.md

@@ -0,0 +1,50 @@
+/**
+ * @id c/cert/errno-not-set-to-zero
+ * @name ERR30-C: Errno is not set to zero prior to an errno-setting call
+ * @description Set errno to zero prior to each call to an errno-setting function. Failing to do so
+ *              might end in spurious errno values.
+ * @kind problem
+ * @precision high
+ * @problem.severity error
+ * @tags external/cert/id/err30-c
+ *       correctness
+ *       external/cert/obligation/rule
+ */
+
+import cpp
+import codingstandards.c.cert
+import codingstandards.c.Errno
+
+/**
+ * CFG nodes preceding a `ErrnoSettingFunctionCall`
+ */
+ControlFlowNode notZeroedPriorToErrnoSet(InBandErrnoSettingFunctionCall fc) {
+  result = fc
+  or
+  exists(ControlFlowNode mid |
+    result = mid.getAPredecessor() and
+    mid = notZeroedPriorToErrnoSet(fc) and
+    // stop recursion when `errno` is set to zero
+    not result instanceof ErrnoZeroed and
+    not result = any(ErrnoGuard g).getZeroedSuccessor()
+  )
+}
+
+from InBandErrnoSettingFunctionCall fc, ControlFlowNode cause
+where
+  not isExcluded(cause, Contracts4Package::errnoNotSetToZeroQuery()) and
+  cause = notZeroedPriorToErrnoSet(fc) and
+  (
+    // `errno` is not reset anywhere in the function
+    cause = fc.getEnclosingFunction().getBlock()
+    or
+    // `errno` is not reset after a call to an errno-setting function
+    cause = any(InBandErrnoSettingFunctionCall ec | ec != fc)
+    or
+    // `errno` is not reset after a call to a function
+    cause = any(FunctionCall fc2 | fc2 != fc)
+    or
+    // `errno` value is known to be != 0
+    cause = any(ErrnoGuard g).getNonZeroedSuccessor()
+  )
+select fc, "The value of `errno` may be different than `0` when this function is called."