Merge branch 'main' into knewbury01/Declarations4

Author: knewbury01

.github/workflows/bump-version.yml

@@ -10,7 +10,7 @@ on:
 jobs:
 
   apply-version-bump:
-    runs-on: ubuntu-latest 
+    runs-on: ubuntu-22.04
     name: Apply Version Bump
     steps:
         - name: Checkout 

.github/workflows/code-scanning-pack-gen.yml

@@ -19,7 +19,7 @@ env:
 jobs:
   prepare-code-scanning-pack-matrix:
     name: Prepare CodeQL Code Scanning pack matrix
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     outputs:
       matrix: ${{ steps.export-code-scanning-pack-matrix.outputs.matrix }}
     steps:

.github/workflows/codeql_unit_tests.yml

@@ -14,7 +14,7 @@ on:
 jobs:
   prepare-unit-test-matrix:
     name: Prepare CodeQL unit test matrix
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     outputs:
       matrix: ${{ steps.export-unit-test-matrix.outputs.matrix }}
     steps:
@@ -157,7 +157,7 @@ jobs:
   validate-test-results:
     name: Validate test results
     needs: [run-test-suites]
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Collect test results
         uses: actions/download-artifact@v2

.github/workflows/create-draft-release.yml

@@ -21,7 +21,7 @@ on:
 jobs:
   create-draft-release:
     name: Create draft release
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     env:      
       # AWS CONFIGURATION
       AWS_EC2_INSTANCE_TYPE: ${{ github.event.inputs.aws_ec2_instance_type }}

.github/workflows/generate-html-docs.yml

@@ -15,7 +15,7 @@ on:
 jobs:
   generate-html-doc:
     name: Generate HTML documentation
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Checkout
         uses: actions/checkout@v2

.github/workflows/standard_library_upgrade_tests.yml

@@ -14,7 +14,7 @@ on:
 jobs:
   prepare-unit-test-matrix:
     name: Prepare CodeQL unit test matrix
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     outputs:
       matrix: ${{ steps.export-unit-test-matrix.outputs.matrix }}
     steps:
@@ -154,7 +154,7 @@ jobs:
   validate-test-results:
     name: Validate test results
     needs: [run-test-suites]
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Install Python
         uses: actions/setup-python@v4

.github/workflows/upgrade_codeql_dependencies.yml

@@ -20,7 +20,7 @@ jobs:
     env:
       CODEQL_CLI_VERSION: ${{ github.event.inputs.codeql_cli_version }}
       CODEQL_LIB_COMMIT: ${{ github.event.inputs.codeql_standard_library_commit }}
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Checkout
         uses: actions/checkout@v2

.github/workflows/validate-coding-standards.yml

@@ -18,7 +18,7 @@ env:
 jobs:
   validate-package-files:
     name: Validate Package Files
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -63,7 +63,7 @@ jobs:
 
   validate-codeql-format:
     name: "Validate CodeQL Format"
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -94,7 +94,7 @@ jobs:
 
   validate-query-help-files:
     name: Validate Query Help Files
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -129,7 +129,7 @@ jobs:
 
   validate-cpp-test-files:
     name: Validate C++ Test Files
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -152,7 +152,7 @@ jobs:
 
   validate-c-test-files:
     name: Validate C Test Files
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Checkout
         uses: actions/checkout@v2

.github/workflows/validate-rules-csv.yml

@@ -0,0 +1,28 @@
+name: ⚙️ Validate Rules CSV
+
+on:
+  push:
+    branches:
+      - main
+      - "rc/**"
+      - next
+  pull_request:
+    branches:
+      - main
+      - "rc/**"
+      - next
+
+
+jobs:
+  validate-rules-csv:
+    name: Validate Rules CSV 
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Check Rules 
+        shell: pwsh
+        run: scripts/util/Get-DuplicateRules.ps1 -Language 'all' -CIMode
+
+      

.vscode/tasks.json

@@ -185,6 +185,7 @@
             "type": "pickString",
             "options": [
                 "Allocations",
+                "Banned",
                 "BannedFunctions",
                 "BannedLibraries",
                 "BannedSyntax",
@@ -222,6 +223,7 @@
                 "Invariants",
                 "Iterators",
                 "Lambdas",
+                "Language1",
                 "Literals",
                 "Loops",
                 "Macros",

c/cert/src/qlpack.yml

@@ -1,4 +1,4 @@
 name: cert-c-coding-standards
-version: 2.9.0-dev
+version: 2.11.0-dev
 suites: codeql-suites
 libraryPathDependencies: common-c-coding-standards

c/cert/src/rules/CON39-C/ThreadWasPreviouslyJoinedOrDetached.md

@@ -0,0 +1,98 @@
+# CON39-C: Do not join or detach a thread that was previously joined or detached
+
+This query implements the CERT-C rule CON39-C:
+
+> Do not join or detach a thread that was previously joined or detached
+
+
+## Description
+
+The C Standard, 7.26.5.6 \[[ISO/IEC 9899:2011](https://wiki.sei.cmu.edu/confluence/display/c/AA.+Bibliography#AA.Bibliography-ISO-IEC9899-2011)\], states that a thread shall not be joined once it was previously joined or detached. Similarly, subclause 7.26.5.3 states that a thread shall not be detached once it was previously joined or detached. Violating either of these subclauses results in [undefined behavior](https://wiki.sei.cmu.edu/confluence/display/c/BB.+Definitions#BB.Definitions-undefinedbehavior).
+
+## Noncompliant Code Example
+
+This noncompliant code example detaches a thread that is later joined.
+
+```cpp
+#include <stddef.h>
+#include <threads.h>
+ 
+int thread_func(void *arg) {
+  /* Do work */
+  thrd_detach(thrd_current());
+  return 0;
+}
+
+int main(void) {
+  thrd_t t;
+
+  if (thrd_success != thrd_create(&t, thread_func, NULL)) {
+    /* Handle error */
+    return 0;
+  }
+
+  if (thrd_success != thrd_join(t, 0)) {
+    /* Handle error */
+    return 0;
+  }
+  return 0;
+}
+```
+
+## Compliant Solution
+
+This compliant solution does not detach the thread. Its resources are released upon successfully joining with the main thread:
+
+```cpp
+#include <stddef.h>
+#include <threads.h>
+  
+int thread_func(void *arg) {
+  /* Do work */
+  return 0;
+}
+
+int main(void) {
+  thrd_t t;
+
+  if (thrd_success != thrd_create(&t, thread_func, NULL)) {
+    /* Handle error */
+    return 0;
+  }
+
+  if (thrd_success != thrd_join(t, 0)) {
+    /* Handle error */
+    return 0;
+  }
+  return 0;
+} 
+```
+
+## Risk Assessment
+
+Joining or detaching a previously joined or detached thread is [undefined behavior](https://wiki.sei.cmu.edu/confluence/display/c/BB.+Definitions#BB.Definitions-undefinedbehavior).
+
+<table> <tbody> <tr> <th> Rule </th> <th> Severity </th> <th> Likelihood </th> <th> Remediation Cost </th> <th> Priority </th> <th> Level </th> </tr> <tr> <td> CON39-C </td> <td> Low </td> <td> Likely </td> <td> Medium </td> <td> <strong>P6</strong> </td> <td> <strong>L2</strong> </td> </tr> </tbody> </table>
+
+
+## Automated Detection
+
+<table> <tbody> <tr> <th> Tool </th> <th> Version </th> <th> Checker </th> <th> Description </th> </tr> <tr> <td> <a> Astrée </a> </td> <td> 22.04 </td> <td> </td> <td> Supported, but no explicit checker </td> </tr> <tr> <td> <a> CodeSonar </a> </td> <td> 7.1p0 </td> <td> <strong>CONCURRENCY.TNJ</strong> </td> <td> Thread is not Joinable </td> </tr> <tr> <td> <a> Helix QAC </a> </td> <td> 2022.3 </td> <td> <strong>C1776</strong> </td> <td> </td> </tr> <tr> <td> <a> Parasoft C/C++test </a> </td> <td> 2022.1 </td> <td> <strong>CERT_C-CON39-a</strong> </td> <td> Do not join or detach a thread that was previously joined or detached </td> </tr> <tr> <td> <a> Polyspace Bug Finder </a> </td> <td> R2022b </td> <td> <a> CERT C: Rule CON39-C </a> </td> <td> Checks for join or detach of a joined or detached thread (rule fully covered) </td> </tr> </tbody> </table>
+
+
+## Related Vulnerabilities
+
+Search for [vulnerabilities](https://wiki.sei.cmu.edu/confluence/display/c/BB.+Definitions#BB.Definitions-vulnerability) resulting from the violation of this rule on the [CERT website](https://www.kb.cert.org/vulnotes/bymetric?searchview&query=FIELD+KEYWORDS+contains+CON39-C).
+
+## Bibliography
+
+<table> <tbody> <tr> <td> \[ <a> ISO/IEC 9899:2011 </a> \] </td> <td> Subclause 7.26.5.3, "The <code>thrd_detach</code> Function" Subclause 7.26.5.6, "The <code>thrd_join</code> Function" </td> </tr> </tbody> </table>
+
+
+## Implementation notes
+
+This query considers problematic usages of join and detach irrespective of the execution of the program and other synchronization and interprocess communication mechanisms that may be used.
+
+## References
+
+* CERT-C: [CON39-C: Do not join or detach a thread that was previously joined or detached](https://wiki.sei.cmu.edu/confluence/display/c)

c/cert/src/rules/CON39-C/ThreadWasPreviouslyJoinedOrDetached.ql

@@ -0,0 +1,50 @@
+/**
+ * @id c/cert/thread-was-previously-joined-or-detached
+ * @name CON39-C: Do not join or detach a thread that was previously joined or detached
+ * @description Joining or detaching a previously joined or detached thread can lead to undefined
+ *              program behavior.
+ * @kind problem
+ * @precision high
+ * @problem.severity error
+ * @tags external/cert/id/con39-c
+ *       correctness
+ *       concurrency
+ *       external/cert/obligation/rule
+ */
+
+import cpp
+import codingstandards.c.cert
+import codingstandards.cpp.Concurrency
+
+// OK
+// 1) Thread calls detach parent DOES NOT call join
+// 2) Parent calls join, thread does NOT call detach()
+// NOT OK
+// 1) Thread calls detach, parent calls join
+// 2) Thread calls detach twice, parent does not call join
+// 3) Parent calls join twice, thread does not call detach
+from C11ThreadCreateCall tcc
+where
+  not isExcluded(tcc, Concurrency5Package::threadWasPreviouslyJoinedOrDetachedQuery()) and
+  // Note: These cases can be simplified but they are presented like this for clarity
+  // case 1 - calls to `thrd_join` and `thrd_detach` within the parent or
+  // within the parent / child CFG.
+  exists(C11ThreadWait tw, C11ThreadDetach dt |
+    tw = getAThreadContextAwareSuccessor(tcc) and
+    dt = getAThreadContextAwareSuccessor(tcc)
+  )
+  or
+  // case 2 - multiple calls to `thrd_detach` within the threaded CFG.
+  exists(C11ThreadDetach dt1, C11ThreadDetach dt2 |
+    dt1 = getAThreadContextAwareSuccessor(tcc) and
+    dt2 = getAThreadContextAwareSuccessor(tcc) and
+    not dt1 = dt2
+  )
+  or
+  // case 3 - multiple calls to `thrd_join` within the threaded CFG.
+  exists(C11ThreadWait tw1, C11ThreadWait tw2 |
+    tw1 = getAThreadContextAwareSuccessor(tcc) and
+    tw2 = getAThreadContextAwareSuccessor(tcc) and
+    not tw1 = tw2
+  )
+select tcc, "Thread may call join or detach after the thread is joined or detached."