Merge branch 'main' into rc/2.11

Author: jsinglet

.github/touch

@@ -86,7 +86,7 @@ jobs:
           codeql query compile --search-path c --search-path cpp --threads 0 c
 
           cd ..
-          zip -r codeql-coding-standards/code-scanning-cpp-query-pack.zip codeql-coding-standards/c/ codeql-coding-standards/cpp/ codeql-coding-standards/.codeqlmanifest.json codeql-coding-standards/supported_codeql_configs.json codeql-coding-standards/scripts/deviations codeql-coding-standards/scripts/reports
+          zip -r codeql-coding-standards/code-scanning-cpp-query-pack.zip codeql-coding-standards/c/ codeql-coding-standards/cpp/ codeql-coding-standards/.codeqlmanifest.json codeql-coding-standards/supported_codeql_configs.json codeql-coding-standards/scripts/configuration codeql-coding-standards/scripts/reports codeql-coding-standards/scripts/shared codeql-coding-standards/scripts/guideline_recategorization codeql-coding-standards/scripts/shared codeql-coding-standards/scripts/schemas
 
       - name: Upload GHAS Query Pack
         uses: actions/upload-artifact@v2

.github/workflows/code-scanning-pack-gen.yml

@@ -0,0 +1,91 @@
+name: 🧰 Tooling unit tests
+
+on:
+  push:
+    branches:
+      - main
+      - "rc/**"
+      - next
+  pull_request:
+    branches:
+      - main
+      - "rc/**"
+      - next
+
+jobs:
+  prepare-supported-codeql-env-matrix:
+    name: Prepare supported CodeQL environment matrix
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.export-supported-codeql-env-matrix.outputs.matrix }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Export supported CodeQL environment matrix
+        id: export-supported-codeql-env-matrix
+        run: |
+          echo "::set-output name=matrix::$(
+            jq --compact-output '.supported_environment | {include: .}' supported_codeql_configs.json
+          )"
+
+  analysis-report-tests:
+    name: Run analysis report tests
+    needs: prepare-supported-codeql-env-matrix
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix: ${{ fromJSON(needs.prepare-supported-codeql-env-matrix.outputs.matrix) }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Install Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.9"
+
+      - name: Install Python dependencies
+        run: pip install -r scripts/reports/requirements.txt
+
+      - name: Cache CodeQL
+        id: cache-codeql
+        uses: actions/[email protected]
+        with:
+          path: ${{ github.workspace }}/codeql_home
+          key: codeql-home-${{ matrix.os }}-${{ matrix.codeql_cli }}-${{ matrix.codeql_standard_library }}
+
+      - name: Install CodeQL
+        if: steps.cache-codeql.outputs.cache-hit != 'true'
+        uses: ./.github/actions/install-codeql
+        with:
+          codeql-cli-version: ${{ matrix.codeql_cli }}
+          codeql-stdlib-version: ${{ matrix.codeql_standard_library }}
+          codeql-home: ${{ github.workspace }}/codeql_home
+          add-to-path: false
+
+      - name: Run PyTest
+        env:
+          CODEQL_HOME: ${{ github.workspace }}/codeql_home
+        run: |
+          PATH=$PATH:$CODEQL_HOME/codeql
+          pytest scripts/reports/analysis_report_test.py
+
+  recategorization-tests:
+    name: Run Guideline Recategorization tests
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Install Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.9"
+
+      - name: Install Python dependencies
+        run: pip install -r scripts/guideline_recategorization/requirements.txt
+
+      - name: Run PyTest
+        run: |
+          pytest scripts/guideline_recategorization/recategorize_test.py

.github/workflows/tooling-unit-tests.yml

@@ -28,6 +28,15 @@ jobs:
         with:
           python-version: "3.9"
 
+      - name: Install CodeQL
+        run: |
+          VERSION="v$( jq -r '.supported_environment | .[0] | .codeql_cli' supported_codeql_configs.json)"
+          gh extensions install github/gh-codeql
+          gh codeql set-version "$VERSION"
+          gh codeql install-stub
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+
       - name: Install generate_package_files.py dependencies
         run: pip install -r scripts/requirements.txt
 
@@ -49,14 +58,14 @@ jobs:
 
       - name: Validate Package Files (CPP)
         run: |
-          find rule_packages/cpp -name \*.json -exec basename {} .json \; | xargs --max-procs "$XARGS_MAX_PROCS" --max-args 1 python scripts/generate_rules/generate_package_files.py cpp
+          find rule_packages/cpp -name \*.json -exec basename {} .json \; | xargs python scripts/generate_rules/generate_package_files.py cpp
           git diff
           git diff --compact-summary
           git diff --quiet
 
       - name: Validate Package Files (C)
         run: |
-          find rule_packages/c -name \*.json -exec basename {} .json \; | xargs --max-procs "$XARGS_MAX_PROCS" --max-args 1 python scripts/generate_rules/generate_package_files.py c
+          find rule_packages/c -name \*.json -exec basename {} .json \; | xargs python scripts/generate_rules/generate_package_files.py c
           git diff
           git diff --compact-summary
           git diff --quiet
@@ -68,25 +77,26 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v2
 
-      - name: Fetch CodeQL
+      - name: Install CodeQL
         run: |
-          TAG="v$( jq -r '.supported_environment | .[0] | .codeql_cli' supported_codeql_configs.json)"
-          gh release download $TAG --repo https://github.com/github/codeql-cli-binaries --pattern codeql-linux64.zip
-          unzip -q codeql-linux64.zip
+          VERSION="v$( jq -r '.supported_environment | .[0] | .codeql_cli' supported_codeql_configs.json)"
+          gh extensions install github/gh-codeql
+          gh codeql set-version "$VERSION"
+          gh codeql install-stub
         env:
           GITHUB_TOKEN: ${{ github.token }}
 
       - name: Validate CodeQL Format (CPP)
         run: |
-          find cpp -name \*.ql -or -name \*.qll -print0 | xargs -0 --max-procs "$XARGS_MAX_PROCS" codeql/codeql query format --in-place
+          find cpp -name \*.ql -or -name \*.qll -print0 | xargs -0 --max-procs "$XARGS_MAX_PROCS" codeql query format --in-place
 
           git diff
           git diff --compact-summary
           git diff --quiet
 
       - name: Validate CodeQL Format (C)
         run: |
-          find c -name \*.ql -or -name \*.qll -print0 | xargs -0 --max-procs "$XARGS_MAX_PROCS" codeql/codeql query format --in-place
+          find c -name \*.ql -or -name \*.qll -print0 | xargs -0 --max-procs "$XARGS_MAX_PROCS" codeql query format --in-place
 
           git diff
           git diff --compact-summary

.github/workflows/validate-coding-standards.yml

@@ -222,6 +222,7 @@
                 "Iterators",
                 "Lambdas",
                 "Language1",
+                "Language2",
                 "Literals",
                 "Loops",
                 "Macros",
@@ -253,6 +254,7 @@
                 "Preprocessor3",
                 "Preprocessor4",
                 "Preprocessor5",
+                "Preprocessor6",
                 "IntegerConversion",
                 "Expressions",
                 "DeadCode",

.vscode/tasks.json

@@ -1,4 +1,4 @@
 name: cert-c-coding-standards
-version: 2.11.0
+version: 2.13.0-dev
 suites: codeql-suites
 libraryPathDependencies: common-c-coding-standards

c/cert/src/qlpack.yml

@@ -16,7 +16,7 @@ import codingstandards.c.cert
 import codingstandards.cpp.SideEffect
 import semmle.code.cpp.dataflow.DataFlow
 import semmle.code.cpp.dataflow.TaintTracking
-import semmle.code.cpp.valuenumbering.GlobalValueNumberingImpl
+import semmle.code.cpp.valuenumbering.GlobalValueNumbering
 
 /** Holds if the function's return value is derived from the `AliasParamter` p. */
 predicate returnValueDependsOnAliasParameter(AliasParameter p) {

c/cert/src/rules/EXP30-C/DependenceOnOrderOfFunctionArgumentsForSideEffects.ql

@@ -1,4 +1,4 @@
 name: cert-c-coding-standards-tests
-version: 2.11.0
+version: 2.13.0-dev
 libraryPathDependencies: cert-c-coding-standards
 extractor: cpp

c/cert/test/qlpack.yml

@@ -0,0 +1,58 @@
+import cpp
+import codingstandards.cpp.Macro
+import codingstandards.cpp.Naming
+
+/**
+ * Macros that cannot be replaced by functions
+ */
+abstract class IrreplaceableFunctionLikeMacro extends FunctionLikeMacro { }
+
+/** A function like macro that contains the use of a stringize or tokenize operator should not be replaced by a function. */
+private class StringizeOrTokenizeMacro extends IrreplaceableFunctionLikeMacro {
+  StringizeOrTokenizeMacro() {
+    exists(TokenPastingOperator t | t.getMacro() = this) or
+    exists(StringizingOperator s | s.getMacro() = this)
+  }
+}
+
+/** A standard library function like macro that should not be replaced by a function. */
+private class StandardLibraryFunctionLikeMacro extends IrreplaceableFunctionLikeMacro {
+  StandardLibraryFunctionLikeMacro() { Naming::Cpp14::hasStandardLibraryMacroName(this.getName()) }
+}
+
+/** A function like macro invocation as an `asm` argument cannot be replaced by a function. */
+private class AsmArgumentInvoked extends IrreplaceableFunctionLikeMacro {
+  AsmArgumentInvoked() {
+    any(AsmStmt s).getLocation().subsumes(this.getAnInvocation().getLocation())
+  }
+}
+
+/** A macro that is only invoked with constant arguments is more likely to be compile-time evaluated than a function call so do not suggest replacement. */
+private class OnlyConstantArgsInvoked extends IrreplaceableFunctionLikeMacro {
+  OnlyConstantArgsInvoked() {
+    forex(MacroInvocation mi | mi = this.getAnInvocation() |
+      //int/float literals
+      mi.getUnexpandedArgument(_).regexpMatch("\\d+")
+      or
+      //char literal or string literal, which is a literal surrounded by single quotes or double quotes
+      mi.getUnexpandedArgument(_).regexpMatch("('[^']*'|\"[^\"]*\")")
+    )
+  }
+}
+
+/** A function like macro invoked to initialize an object with static storage that cannot be replaced with a function call. */
+private class UsedToStaticInitialize extends IrreplaceableFunctionLikeMacro {
+  UsedToStaticInitialize() {
+    any(StaticStorageDurationVariable v).getInitializer().getExpr() =
+      this.getAnInvocation().getExpr()
+  }
+}
+
+/** A function like macro that is called with an argument that is an operator that cannot be replaced with a function call. */
+private class FunctionLikeMacroWithOperatorArgument extends IrreplaceableFunctionLikeMacro {
+  FunctionLikeMacroWithOperatorArgument() {
+    exists(MacroInvocation mi | mi.getMacro() = this |
+      mi.getUnexpandedArgument(_) = any(Operation op).getOperator()
+    )
+  }
+}

c/common/src/codingstandards/c/IrreplaceableFunctionLikeMacro.qll

@@ -1,3 +1,3 @@
 name: common-c-coding-standards
-version: 2.11.0
+version: 2.13.0-dev
 libraryPathDependencies: common-cpp-coding-standards

c/common/src/qlpack.yml

@@ -1,4 +1,4 @@
 name: common-c-coding-standards-tests
-version: 2.11.0
+version: 2.13.0-dev
 libraryPathDependencies: common-c-coding-standards
 extractor: cpp

c/common/test/qlpack.yml

@@ -1,4 +1,4 @@
 name: misra-c-coding-standards
-version: 2.11.0
+version: 2.13.0-dev
 suites: codeql-suites
 libraryPathDependencies: common-c-coding-standards

c/misra/src/qlpack.yml

@@ -0,0 +1,22 @@
+/**
+ * @id c/misra/usage-of-assembly-language-should-be-documented
+ * @name DIR-4-2: All usage of assembly language should be documented
+ * @description Assembly language is not portable and should be documented.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity warning
+ * @tags external/misra/id/dir-4-2
+ *       maintainability
+ *       readability
+ *       external/misra/obligation/advisory
+ */
+
+import cpp
+import codingstandards.c.misra
+import codingstandards.cpp.rules.usageofassemblernotdocumented.UsageOfAssemblerNotDocumented
+
+class UsageOfAssemblyLanguageShouldBeDocumentedQuery extends UsageOfAssemblerNotDocumentedSharedQuery {
+  UsageOfAssemblyLanguageShouldBeDocumentedQuery() {
+    this = Language2Package::usageOfAssemblyLanguageShouldBeDocumentedQuery()
+  }
+}

c/misra/src/rules/DIR-4-2/UsageOfAssemblyLanguageShouldBeDocumented.ql

@@ -0,0 +1,36 @@
+/**
+ * @id c/misra/function-over-function-like-macro
+ * @name DIR-4-9: A function should be used in preference to a function-like macro where they are interchangeable
+ * @description Using a function-like macro instead of a function can lead to unexpected program
+ *              behaviour.
+ * @kind problem
+ * @precision medium
+ * @problem.severity recommendation
+ * @tags external/misra/id/dir-4-9
+ *       external/misra/audit
+ *       maintainability
+ *       readability
+ *       external/misra/obligation/advisory
+ */
+
+import cpp
+import codingstandards.c.misra
+import codingstandards.c.IrreplaceableFunctionLikeMacro
+
+predicate partOfConstantExpr(MacroInvocation i) {
+  exists(Expr e |
+    e.isConstant() and
+    not i.getExpr() = e and
+    i.getExpr().getParent+() = e
+  )
+}
+
+from FunctionLikeMacro m
+where
+  not isExcluded(m, Preprocessor6Package::functionOverFunctionLikeMacroQuery()) and
+  not m instanceof IrreplaceableFunctionLikeMacro and
+  //macros can have empty body
+  not m.getBody().length() = 0 and
+  //function call not allowed in a constant expression (where constant expr is parent)
+  forall(MacroInvocation i | i = m.getAnInvocation() | not partOfConstantExpr(i))
+select m, "Macro used instead of a function."

c/misra/src/rules/DIR-4-9/FunctionOverFunctionLikeMacro.ql

@@ -0,0 +1,21 @@
+/**
+ * @id c/misra/emergent-language-features-used
+ * @name RULE-1-4: Emergent language features shall not be used
+ * @description Emergent language features may have unpredictable behavior and should not be used.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity warning
+ * @tags external/misra/id/rule-1-4
+ *       maintainability
+ *       readability
+ *       external/misra/obligation/required
+ */
+
+import cpp
+import codingstandards.c.misra
+import codingstandards.cpp.Emergent
+
+from C11::EmergentLanguageFeature ef
+where not isExcluded(ef, Language2Package::emergentLanguageFeaturesUsedQuery())
+select ef, "Usage of emergent language feature."
+

c/misra/src/rules/RULE-1-4/EmergentLanguageFeaturesUsed.ql

@@ -1,4 +1,4 @@
 name: misra-c-coding-standards-tests
-version: 2.11.0
+version: 2.13.0-dev
 libraryPathDependencies: misra-c-coding-standards
 extractor: cpp

c/misra/test/qlpack.yml

@@ -0,0 +1 @@
+cpp/common/test/rules/usageofassemblernotdocumented/UsageOfAssemblerNotDocumented.ql

c/misra/test/rules/DIR-4-2/UsageOfAssemblyLanguageShouldBeDocumented.testref

@@ -0,0 +1,2 @@
+| test.c:6:1:6:25 | #define MACRO4(x) (x + 1) | Macro used instead of a function. |
+| test.c:11:1:11:48 | #define MACRO9() printf_custom("output = %d", 7) | Macro used instead of a function. |

c/misra/test/rules/DIR-4-9/FunctionOverFunctionLikeMacro.expected

@@ -0,0 +1 @@
+rules/DIR-4-9/FunctionOverFunctionLikeMacro.ql