From 57661d534dc0026813911627bfb942268c946445 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Thu, 6 Mar 2025 13:52:09 +0100 Subject: [PATCH 001/104] Update expected test results after frontend update --- .../rules/INT31-C/IntegerConversionCausesDataLoss.expected | 2 ++ c/cert/test/rules/INT31-C/test.c | 6 +++--- .../UserDefinedConversionOperatorsShouldNotBeUsed.expected | 2 +- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/c/cert/test/rules/INT31-C/IntegerConversionCausesDataLoss.expected b/c/cert/test/rules/INT31-C/IntegerConversionCausesDataLoss.expected index ee18410a48..f7e4454342 100644 --- a/c/cert/test/rules/INT31-C/IntegerConversionCausesDataLoss.expected +++ b/c/cert/test/rules/INT31-C/IntegerConversionCausesDataLoss.expected @@ -2,6 +2,8 @@ | test.c:17:3:17:17 | (unsigned int)... | Conversion from signed int to unsigned int may cause data loss (casting from range -2147483648...2147483647 to range 0...4294967295). | | test.c:34:3:34:17 | (signed short)... | Conversion from signed int to signed short may cause data loss (casting from range -2147483648...2147483647 to range -32768...32767). | | test.c:51:3:51:19 | (unsigned short)... | Conversion from unsigned int to unsigned short may cause data loss (casting from range 0...4294967295 to range 0...65535). | +| test.c:74:14:74:15 | (unsigned int)... | Conversion from int to unsigned int may cause data loss (casting from range -1...-1 to range 0...4294967295). | +| test.c:77:14:77:23 | (time_t)... | Conversion from int to unsigned int may cause data loss (casting from range -1...-1 to range 0...4294967295). | | test.c:89:3:89:19 | (unsigned char)... | Conversion from signed int to unsigned char may cause data loss (casting from range 100000...100000 to range 0...255). | | test.c:92:3:92:19 | (unsigned char)... | Conversion from signed int to unsigned char may cause data loss (casting from range -129...-129 to range 0...255). | | test.c:93:3:93:19 | (unsigned char)... | Conversion from signed int to unsigned char may cause data loss (casting from range 256...256 to range 0...255). | diff --git a/c/cert/test/rules/INT31-C/test.c b/c/cert/test/rules/INT31-C/test.c index 08b09cf6b8..5988e5cc43 100644 --- a/c/cert/test/rules/INT31-C/test.c +++ b/c/cert/test/rules/INT31-C/test.c @@ -71,10 +71,10 @@ time_t time(time_t *seconds); void test_time_t_check_against_zero(time_t x) { time_t now = time(0); - if (now != -1) { // NON_COMPLIANT[FALSE_NEGATIVE] - there is no conversion - // here in our model + if (now != -1) { // NON_COMPLIANT } - if (now != (time_t)-1) { // COMPLIANT + + if (now != (time_t)-1) { // COMPLIANT[FALSE_POSITIVE] } } diff --git a/cpp/autosar/test/rules/A13-5-3/UserDefinedConversionOperatorsShouldNotBeUsed.expected b/cpp/autosar/test/rules/A13-5-3/UserDefinedConversionOperatorsShouldNotBeUsed.expected index 14e68ab4a9..e757cdf984 100644 --- a/cpp/autosar/test/rules/A13-5-3/UserDefinedConversionOperatorsShouldNotBeUsed.expected +++ b/cpp/autosar/test/rules/A13-5-3/UserDefinedConversionOperatorsShouldNotBeUsed.expected @@ -1,4 +1,4 @@ | test.cpp:33:7:33:7 | call to operator A | User-defined conversion operators should not be used. | | test.cpp:35:24:35:24 | call to operator A * | User-defined conversion operators should not be used. | -| test.cpp:37:15:37:15 | call to operator A (*)[3] | User-defined conversion operators should not be used. | +| test.cpp:37:15:37:15 | call to operator B::array_A * | User-defined conversion operators should not be used. | | test.cpp:41:7:41:7 | call to operator A * | User-defined conversion operators should not be used. | From 6abda061c3dc7fac1cedc4e6eb71c4d2875c4793 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Fri, 27 Jun 2025 11:20:00 +0200 Subject: [PATCH 002/104] Update MISRA queries and tests after merging location tables --- c/misra/test/rules/RULE-2-4/UnusedTagDeclaration.expected | 1 - c/misra/test/rules/RULE-2-4/test.c | 6 +++--- cpp/common/src/codingstandards/cpp/Loops.qll | 3 ++- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/c/misra/test/rules/RULE-2-4/UnusedTagDeclaration.expected b/c/misra/test/rules/RULE-2-4/UnusedTagDeclaration.expected index abd602e9c8..4028c67366 100644 --- a/c/misra/test/rules/RULE-2-4/UnusedTagDeclaration.expected +++ b/c/misra/test/rules/RULE-2-4/UnusedTagDeclaration.expected @@ -3,5 +3,4 @@ | test.c:17:6:17:7 | E1 | struct E1 has an unused tag. | | test.c:31:10:31:11 | S7 | struct S7 has an unused tag. | | test.c:50:8:50:10 | S10 | struct S10 has an unused tag. | -| test.c:66:3:66:14 | S13 | struct S13 has an unused tag. | | test.c:79:8:79:10 | s14 | struct s14 has an unused tag. | diff --git a/c/misra/test/rules/RULE-2-4/test.c b/c/misra/test/rules/RULE-2-4/test.c index 64d05a1cc2..30cce2d224 100644 --- a/c/misra/test/rules/RULE-2-4/test.c +++ b/c/misra/test/rules/RULE-2-4/test.c @@ -63,9 +63,9 @@ struct S12 { // COMPLIANT }; void testMacroNameUsed() { - STRUCT_MACRO // COMPLIANT[FALSE_POSITIVE] - although the struct generated by - // the macro is never used in this expansion, it may be used in - // other expansions, so we don't want to report it as unused + STRUCT_MACRO // COMPLIANT - although the struct generated by the macro is + // never used in this expansion, it may be used in other + // expansions, so we don't want to report it as unused } void testMacroNameNotUsed() { diff --git a/cpp/common/src/codingstandards/cpp/Loops.qll b/cpp/common/src/codingstandards/cpp/Loops.qll index 1086355638..ddf99a50dd 100644 --- a/cpp/common/src/codingstandards/cpp/Loops.qll +++ b/cpp/common/src/codingstandards/cpp/Loops.qll @@ -339,7 +339,8 @@ predicate isInvalidLoop(ForStmt forLoop, string reason, Locatable reasonLocation isForLoopWithMulipleCounters(forLoop) and reason = "it uses multiple loop counters$@" and reasonLabel = "" and - reasonLocation.getLocation() instanceof UnknownExprLocation + reasonLocation instanceof File and + reasonLocation.getLocation() instanceof UnknownLocation or isForLoopWithFloatingPointCounters(forLoop, reasonLocation) and reason = "it uses a loop counter '$@' of type floating-point" and From 57c41800fa91760035f2c4eb22daf543e7e0faed Mon Sep 17 00:00:00 2001 From: idrissrio Date: Mon, 30 Jun 2025 12:31:14 +0200 Subject: [PATCH 003/104] C++: accept new test results after QL changes --- .../UseCanonicalOrderForMemberInit.expected | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/cpp/common/test/rules/usecanonicalorderformemberinit/UseCanonicalOrderForMemberInit.expected b/cpp/common/test/rules/usecanonicalorderformemberinit/UseCanonicalOrderForMemberInit.expected index d74c29ed83..bff253bc38 100644 --- a/cpp/common/test/rules/usecanonicalorderformemberinit/UseCanonicalOrderForMemberInit.expected +++ b/cpp/common/test/rules/usecanonicalorderformemberinit/UseCanonicalOrderForMemberInit.expected @@ -1,13 +1,13 @@ -| test.cpp:7:30:7:36 | (no string representation) | The initializer Base1(...) for $@ in the constructor DirectDerived(...) is initialized before $@, but appears after $@ in the initialization list. | test.cpp:2:7:2:11 | Base1 | class Base1 | test.cpp:3:7:3:11 | Base2 | class Base2 | test.cpp:7:21:7:27 | (no string representation) | Base2(...) | -| test.cpp:8:45:8:51 | (no string representation) | The initializer Base2(...) for $@ in the constructor DirectDerived(...) is initialized before $@, but appears after $@ in the initialization list. | test.cpp:3:7:3:11 | Base2 | class Base2 | test.cpp:4:7:4:11 | Base3 | class Base3 | test.cpp:8:27:8:33 | (no string representation) | Base3(...) | +| test.cpp:7:30:7:36 | constructor init | The initializer Base1(...) for $@ in the constructor DirectDerived(...) is initialized before $@, but appears after $@ in the initialization list. | test.cpp:2:7:2:11 | Base1 | class Base1 | test.cpp:3:7:3:11 | Base2 | class Base2 | test.cpp:7:21:7:27 | constructor init | Base2(...) | +| test.cpp:8:45:8:51 | constructor init | The initializer Base2(...) for $@ in the constructor DirectDerived(...) is initialized before $@, but appears after $@ in the initialization list. | test.cpp:3:7:3:11 | Base2 | class Base2 | test.cpp:4:7:4:11 | Base3 | class Base3 | test.cpp:8:27:8:33 | constructor init | Base3(...) | | test.cpp:27:38:27:41 | constructor init of field u1 | The initializer u1(...) for $@ in the constructor MemberOrder(...) is initialized before $@, but appears after $@ in the initialization list. | test.cpp:16:9:16:10 | u1 | field u1 | test.cpp:22:7:22:8 | i2 | field i2 | test.cpp:27:32:27:35 | constructor init of field i2 | i2(...) | | test.cpp:27:44:27:47 | constructor init of field i1 | The initializer i1(...) for $@ in the constructor MemberOrder(...) is initialized before $@, but appears after $@ in the initialization list. | test.cpp:14:7:14:8 | i1 | field i1 | test.cpp:16:9:16:10 | u1 | field u1 | test.cpp:27:38:27:41 | constructor init of field u1 | u1(...) | | test.cpp:28:43:28:46 | constructor init of field l1 | The initializer l1(...) for $@ in the constructor MemberOrder(...) is initialized before $@, but appears after $@ in the initialization list. | test.cpp:18:12:18:13 | l1 | field l1 | test.cpp:22:7:22:8 | i2 | field i2 | test.cpp:28:37:28:40 | constructor init of field i2 | i2(...) | | test.cpp:28:49:28:52 | constructor init of field i1 | The initializer i1(...) for $@ in the constructor MemberOrder(...) is initialized before $@, but appears after $@ in the initialization list. | test.cpp:14:7:14:8 | i1 | field i1 | test.cpp:18:12:18:13 | l1 | field l1 | test.cpp:28:43:28:46 | constructor init of field l1 | l1(...) | | test.cpp:29:48:29:51 | constructor init of field d1 | The initializer d1(...) for $@ in the constructor MemberOrder(...) is initialized before $@, but appears after $@ in the initialization list. | test.cpp:19:14:19:15 | d1 | field d1 | test.cpp:22:7:22:8 | i2 | field i2 | test.cpp:29:42:29:45 | constructor init of field i2 | i2(...) | | test.cpp:29:54:29:57 | constructor init of field i1 | The initializer i1(...) for $@ in the constructor MemberOrder(...) is initialized before $@, but appears after $@ in the initialization list. | test.cpp:14:7:14:8 | i1 | field i1 | test.cpp:19:14:19:15 | d1 | field d1 | test.cpp:29:48:29:51 | constructor init of field d1 | d1(...) | -| test.cpp:48:9:48:27 | (no string representation) | The initializer VirtualBaseClass1(...) for $@ in the constructor Derived3(...) is initialized before $@, but appears after $@ in the initialization list. | test.cpp:32:7:32:23 | VirtualBaseClass1 | class VirtualBaseClass1 | test.cpp:33:7:33:23 | VirtualBaseClass2 | class VirtualBaseClass2 | test.cpp:47:30:47:48 | (no string representation) | VirtualBaseClass2(...) | -| test.cpp:53:9:53:27 | (no string representation) | The initializer VirtualBaseClass2(...) for $@ in the constructor Derived3(...) is initialized before $@, but appears after $@ in the initialization list. | test.cpp:33:7:33:23 | VirtualBaseClass2 | class VirtualBaseClass2 | test.cpp:36:7:36:14 | Derived1 | class Derived1 | test.cpp:51:9:51:18 | call to Derived1 | Derived1(...) | -| test.cpp:63:29:63:46 | (no string representation) | The initializer MixedVirtualBase(...) for $@ in the constructor Mixed(...) is initialized before $@, but appears after $@ in the initialization list. | test.cpp:57:7:57:22 | MixedVirtualBase | class MixedVirtualBase | test.cpp:56:7:56:15 | MixedBase | class MixedBase | test.cpp:63:16:63:26 | (no string representation) | MixedBase(...) | -| test.cpp:64:28:64:38 | (no string representation) | The initializer MixedBase(...) for $@ in the constructor Mixed(...) is initialized before $@, but appears after $@ in the initialization list. | test.cpp:56:7:56:15 | MixedBase | class MixedBase | test.cpp:61:7:61:9 | m_i | field m_i | test.cpp:64:21:64:25 | constructor init of field m_i | m_i(...) | -| test.cpp:64:41:64:58 | (no string representation) | The initializer MixedVirtualBase(...) for $@ in the constructor Mixed(...) is initialized before $@, but appears after $@ in the initialization list. | test.cpp:57:7:57:22 | MixedVirtualBase | class MixedVirtualBase | test.cpp:56:7:56:15 | MixedBase | class MixedBase | test.cpp:64:28:64:38 | (no string representation) | MixedBase(...) | +| test.cpp:48:9:48:27 | constructor init | The initializer VirtualBaseClass1(...) for $@ in the constructor Derived3(...) is initialized before $@, but appears after $@ in the initialization list. | test.cpp:32:7:32:23 | VirtualBaseClass1 | class VirtualBaseClass1 | test.cpp:33:7:33:23 | VirtualBaseClass2 | class VirtualBaseClass2 | test.cpp:47:30:47:48 | constructor init | VirtualBaseClass2(...) | +| test.cpp:53:9:53:27 | constructor init | The initializer VirtualBaseClass2(...) for $@ in the constructor Derived3(...) is initialized before $@, but appears after $@ in the initialization list. | test.cpp:33:7:33:23 | VirtualBaseClass2 | class VirtualBaseClass2 | test.cpp:36:7:36:14 | Derived1 | class Derived1 | test.cpp:51:9:51:18 | call to Derived1 | Derived1(...) | +| test.cpp:63:29:63:46 | constructor init | The initializer MixedVirtualBase(...) for $@ in the constructor Mixed(...) is initialized before $@, but appears after $@ in the initialization list. | test.cpp:57:7:57:22 | MixedVirtualBase | class MixedVirtualBase | test.cpp:56:7:56:15 | MixedBase | class MixedBase | test.cpp:63:16:63:26 | constructor init | MixedBase(...) | +| test.cpp:64:28:64:38 | constructor init | The initializer MixedBase(...) for $@ in the constructor Mixed(...) is initialized before $@, but appears after $@ in the initialization list. | test.cpp:56:7:56:15 | MixedBase | class MixedBase | test.cpp:61:7:61:9 | m_i | field m_i | test.cpp:64:21:64:25 | constructor init of field m_i | m_i(...) | +| test.cpp:64:41:64:58 | constructor init | The initializer MixedVirtualBase(...) for $@ in the constructor Mixed(...) is initialized before $@, but appears after $@ in the initialization list. | test.cpp:57:7:57:22 | MixedVirtualBase | class MixedVirtualBase | test.cpp:56:7:56:15 | MixedBase | class MixedBase | test.cpp:64:28:64:38 | constructor init | MixedBase(...) | From a3d85dd784efbec4818a93d94428b7818518d518 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 7 Jul 2025 14:16:49 +0200 Subject: [PATCH 004/104] Comvert ARR37-C to use the new dataflow library --- ...interArithmeticOnNonArrayObjectPointers.ql | 2 +- ...rithmeticOnNonArrayObjectPointers.expected | 21 +++++++++---------- 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/c/cert/src/rules/ARR37-C/DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql b/c/cert/src/rules/ARR37-C/DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql index 635d9d5c03..39e15c7ad3 100644 --- a/c/cert/src/rules/ARR37-C/DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql +++ b/c/cert/src/rules/ARR37-C/DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql @@ -18,7 +18,7 @@ import cpp import codingstandards.c.cert -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import NonArrayPointerToArrayIndexingExprFlow::PathGraph /** diff --git a/c/cert/test/rules/ARR37-C/DoNotUsePointerArithmeticOnNonArrayObjectPointers.expected b/c/cert/test/rules/ARR37-C/DoNotUsePointerArithmeticOnNonArrayObjectPointers.expected index fb0074e0e6..adabbcf759 100644 --- a/c/cert/test/rules/ARR37-C/DoNotUsePointerArithmeticOnNonArrayObjectPointers.expected +++ b/c/cert/test/rules/ARR37-C/DoNotUsePointerArithmeticOnNonArrayObjectPointers.expected @@ -1,22 +1,21 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql:28,60-68) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql:29,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql:41,20-28) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql:49,26-34) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql:70,3-11) edges -| test.c:14:38:14:39 | p1 | test.c:18:10:18:11 | v1 | provenance | | -| test.c:14:38:14:39 | p1 | test.c:19:10:19:11 | v2 | provenance | | +| test.c:14:38:14:39 | p1 | test.c:16:13:16:14 | p1 | provenance | | +| test.c:14:38:14:39 | p1 | test.c:17:13:17:14 | p1 | provenance | | | test.c:14:38:14:39 | p1 | test.c:20:10:20:11 | p1 | provenance | | | test.c:14:38:14:39 | p1 | test.c:21:10:21:11 | p1 | provenance | | | test.c:14:38:14:39 | p1 | test.c:22:9:22:10 | p1 | provenance | | | test.c:14:38:14:39 | p1 | test.c:23:13:23:14 | p1 | provenance | | | test.c:14:38:14:39 | p1 | test.c:24:9:24:10 | p1 | provenance | | | test.c:14:38:14:39 | p1 | test.c:25:9:25:10 | p1 | provenance | | +| test.c:16:13:16:14 | p1 | test.c:18:10:18:13 | ... ++ | provenance | | +| test.c:17:13:17:14 | p1 | test.c:19:10:19:13 | ... -- | provenance | | | test.c:51:30:51:38 | & ... | test.c:14:38:14:39 | p1 | provenance | | nodes | test.c:14:38:14:39 | p1 | semmle.label | p1 | -| test.c:18:10:18:11 | v1 | semmle.label | v1 | -| test.c:19:10:19:11 | v2 | semmle.label | v2 | +| test.c:16:13:16:14 | p1 | semmle.label | p1 | +| test.c:17:13:17:14 | p1 | semmle.label | p1 | +| test.c:18:10:18:13 | ... ++ | semmle.label | ... ++ | +| test.c:19:10:19:13 | ... -- | semmle.label | ... -- | | test.c:20:10:20:11 | p1 | semmle.label | p1 | | test.c:21:10:21:11 | p1 | semmle.label | p1 | | test.c:22:9:22:10 | p1 | semmle.label | p1 | @@ -32,8 +31,8 @@ nodes | test.c:51:30:51:38 | & ... | semmle.label | & ... | subpaths #select -| test.c:18:10:18:11 | v1 | test.c:51:30:51:38 | & ... | test.c:18:10:18:11 | v1 | Pointer arithmetic on non-array object pointer. | -| test.c:19:10:19:11 | v2 | test.c:51:30:51:38 | & ... | test.c:19:10:19:11 | v2 | Pointer arithmetic on non-array object pointer. | +| test.c:18:10:18:13 | ... ++ | test.c:51:30:51:38 | & ... | test.c:18:10:18:13 | ... ++ | Pointer arithmetic on non-array object pointer. | +| test.c:19:10:19:13 | ... -- | test.c:51:30:51:38 | & ... | test.c:19:10:19:13 | ... -- | Pointer arithmetic on non-array object pointer. | | test.c:20:10:20:11 | p1 | test.c:51:30:51:38 | & ... | test.c:20:10:20:11 | p1 | Pointer arithmetic on non-array object pointer. | | test.c:21:10:21:11 | p1 | test.c:51:30:51:38 | & ... | test.c:21:10:21:11 | p1 | Pointer arithmetic on non-array object pointer. | | test.c:22:9:22:10 | p1 | test.c:51:30:51:38 | & ... | test.c:22:9:22:10 | p1 | Pointer arithmetic on non-array object pointer. | From 3f2ae9e55814c37cac675d2c61c8ffc472f09c23 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 7 Jul 2025 14:19:48 +0200 Subject: [PATCH 005/104] Conver ARR39-C to the new dataflow library Observe that `sizeof(...)` might not occur as a dataflow node if it has a parent node with a concrete value. That value will be a dataflow node instead. Hence, the query has be changed to check for expressions where `sizeof(...)` is a child of an expression with a concrete value. --- .../DoNotAddOrSubtractAScaledIntegerToAPointer.ql | 8 +++++--- ...NotAddOrSubtractAScaledIntegerToAPointer.expected | 12 ++++++------ 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/c/cert/src/rules/ARR39-C/DoNotAddOrSubtractAScaledIntegerToAPointer.ql b/c/cert/src/rules/ARR39-C/DoNotAddOrSubtractAScaledIntegerToAPointer.ql index c3ebd6ede6..18631f579a 100644 --- a/c/cert/src/rules/ARR39-C/DoNotAddOrSubtractAScaledIntegerToAPointer.ql +++ b/c/cert/src/rules/ARR39-C/DoNotAddOrSubtractAScaledIntegerToAPointer.ql @@ -19,7 +19,7 @@ import cpp import codingstandards.c.cert import codingstandards.cpp.types.Pointers -import semmle.code.cpp.dataflow.TaintTracking +import semmle.code.cpp.dataflow.new.TaintTracking import ScaledIntegerPointerArithmeticFlow::PathGraph /** @@ -61,9 +61,11 @@ class ScaledIntegerExpr extends Expr { ScaledIntegerExpr() { not this.getParent*() instanceof ArrayCountOfExpr and ( - this.(SizeofExprOperator).getExprOperand().getType().getSize() > 1 + exists(this.getValue()) and + this.getAChild*().(SizeofExprOperator).getExprOperand().getType().getSize() > 1 or - this.(SizeofTypeOperator).getTypeOperand().getSize() > 1 + exists(this.getValue()) and + this.getAChild*().(SizeofTypeOperator).getTypeOperand().getSize() > 1 or this instanceof OffsetOfExpr ) diff --git a/c/cert/test/rules/ARR39-C/DoNotAddOrSubtractAScaledIntegerToAPointer.expected b/c/cert/test/rules/ARR39-C/DoNotAddOrSubtractAScaledIntegerToAPointer.expected index 0a6471deac..7a7f740547 100644 --- a/c/cert/test/rules/ARR39-C/DoNotAddOrSubtractAScaledIntegerToAPointer.expected +++ b/c/cert/test/rules/ARR39-C/DoNotAddOrSubtractAScaledIntegerToAPointer.expected @@ -1,22 +1,22 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotAddOrSubtractAScaledIntegerToAPointer.ql:77,56-64) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotAddOrSubtractAScaledIntegerToAPointer.ql:78,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotAddOrSubtractAScaledIntegerToAPointer.ql:80,20-28) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotAddOrSubtractAScaledIntegerToAPointer.ql:89,45-53) edges | test.c:7:13:7:14 | p1 | test.c:9:9:9:10 | p1 | provenance | | +| test.c:16:19:16:41 | ... - ... | test.c:16:19:16:41 | ... - ... | provenance | | | test.c:16:19:16:41 | ... - ... | test.c:18:26:18:31 | offset | provenance | | | test.c:16:19:16:41 | ... - ... | test.c:29:6:29:11 | offset | provenance | | +| test.c:17:17:17:26 | sizeof() | test.c:17:17:17:26 | sizeof() | provenance | | | test.c:17:17:17:26 | sizeof() | test.c:23:9:23:12 | size | provenance | | | test.c:29:6:29:11 | offset | test.c:7:13:7:14 | p1 | provenance | | nodes | test.c:7:13:7:14 | p1 | semmle.label | p1 | | test.c:9:9:9:10 | p1 | semmle.label | p1 | | test.c:16:19:16:41 | ... - ... | semmle.label | ... - ... | +| test.c:16:19:16:41 | ... - ... | semmle.label | ... - ... | +| test.c:17:17:17:26 | sizeof() | semmle.label | sizeof() | | test.c:17:17:17:26 | sizeof() | semmle.label | sizeof() | | test.c:18:26:18:31 | offset | semmle.label | offset | | test.c:23:9:23:12 | size | semmle.label | size | | test.c:25:9:25:18 | sizeof() | semmle.label | sizeof() | -| test.c:27:17:27:26 | sizeof() | semmle.label | sizeof() | +| test.c:27:12:27:26 | ... / ... | semmle.label | ... / ... | | test.c:29:6:29:11 | offset | semmle.label | offset | subpaths #select @@ -24,4 +24,4 @@ subpaths | test.c:18:26:18:31 | offset | test.c:16:19:16:41 | ... - ... | test.c:18:26:18:31 | offset | Scaled integer used in pointer arithmetic. | | test.c:23:9:23:12 | size | test.c:17:17:17:26 | sizeof() | test.c:23:9:23:12 | size | Scaled integer used in pointer arithmetic. | | test.c:25:9:25:18 | sizeof() | test.c:25:9:25:18 | sizeof() | test.c:25:9:25:18 | sizeof() | Scaled integer used in pointer arithmetic. | -| test.c:27:17:27:26 | sizeof() | test.c:27:17:27:26 | sizeof() | test.c:27:17:27:26 | sizeof() | Scaled integer used in pointer arithmetic. | +| test.c:27:12:27:26 | ... / ... | test.c:27:12:27:26 | ... / ... | test.c:27:12:27:26 | ... / ... | Scaled integer used in pointer arithmetic. | From 46af73df5e537a9dfc323bb34bf2a79af4db694b Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 7 Jul 2025 14:23:50 +0200 Subject: [PATCH 006/104] Convert ERR30-C to use the new dataflow library --- c/cert/src/rules/ERR30-C/ErrnoReadBeforeReturn.ql | 2 +- c/cert/src/rules/ERR30-C/SetlocaleMightSetErrno.ql | 2 +- c/cert/test/rules/ERR30-C/ErrnoReadBeforeReturn.expected | 1 - c/cert/test/rules/ERR30-C/SetlocaleMightSetErrno.expected | 1 - 4 files changed, 2 insertions(+), 4 deletions(-) diff --git a/c/cert/src/rules/ERR30-C/ErrnoReadBeforeReturn.ql b/c/cert/src/rules/ERR30-C/ErrnoReadBeforeReturn.ql index 13f7e40303..bea6ae3ec8 100644 --- a/c/cert/src/rules/ERR30-C/ErrnoReadBeforeReturn.ql +++ b/c/cert/src/rules/ERR30-C/ErrnoReadBeforeReturn.ql @@ -19,7 +19,7 @@ import cpp import codingstandards.c.cert import codingstandards.c.Errno -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow /** * A call to an `OutOfBandErrnoSettingFunction` diff --git a/c/cert/src/rules/ERR30-C/SetlocaleMightSetErrno.ql b/c/cert/src/rules/ERR30-C/SetlocaleMightSetErrno.ql index a7ccf8c041..eaecf29a85 100644 --- a/c/cert/src/rules/ERR30-C/SetlocaleMightSetErrno.ql +++ b/c/cert/src/rules/ERR30-C/SetlocaleMightSetErrno.ql @@ -18,7 +18,7 @@ import cpp import codingstandards.c.cert import codingstandards.c.Errno -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow class SetlocaleFunctionCall extends FunctionCall { SetlocaleFunctionCall() { this.getTarget().hasGlobalName("setlocale") } diff --git a/c/cert/test/rules/ERR30-C/ErrnoReadBeforeReturn.expected b/c/cert/test/rules/ERR30-C/ErrnoReadBeforeReturn.expected index 125f55118b..b6d7caa513 100644 --- a/c/cert/test/rules/ERR30-C/ErrnoReadBeforeReturn.expected +++ b/c/cert/test/rules/ERR30-C/ErrnoReadBeforeReturn.expected @@ -1,4 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ErrnoReadBeforeReturn.ql:46,7-15) | test.c:69:7:69:11 | * ... | Do not read `errno` before checking the return value of function $@. | test.c:68:3:68:7 | call to ftell | call to ftell | | test.c:69:7:69:11 | call to __errno_location | Do not read `errno` before checking the return value of function $@. | test.c:68:3:68:7 | call to ftell | call to ftell | | test.c:70:5:70:10 | call to perror | Do not read `errno` before checking the return value of function $@. | test.c:68:3:68:7 | call to ftell | call to ftell | diff --git a/c/cert/test/rules/ERR30-C/SetlocaleMightSetErrno.expected b/c/cert/test/rules/ERR30-C/SetlocaleMightSetErrno.expected index 20a7ff60b1..9ab88a3395 100644 --- a/c/cert/test/rules/ERR30-C/SetlocaleMightSetErrno.expected +++ b/c/cert/test/rules/ERR30-C/SetlocaleMightSetErrno.expected @@ -1,3 +1,2 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (SetlocaleMightSetErrno.ql:70,7-15) | test.c:98:3:98:11 | call to setlocale | Do not read `errno` before checking the return value of a call to `setlocale`. | | test.c:104:7:104:15 | call to setlocale | The value of `errno` may be different than `0` when `setlocale` is called. The following `errno` check might be invalid. | From e2ac35de878a26688d56edbece7721e419774b4a Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 7 Jul 2025 14:27:50 +0200 Subject: [PATCH 007/104] Convert FIO45-C to use the new dataflow library --- .../rules/FIO45-C/ToctouRaceConditionsWhileAccessingFiles.ql | 2 +- .../FIO45-C/ToctouRaceConditionsWhileAccessingFiles.expected | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/c/cert/src/rules/FIO45-C/ToctouRaceConditionsWhileAccessingFiles.ql b/c/cert/src/rules/FIO45-C/ToctouRaceConditionsWhileAccessingFiles.ql index 85369b502e..0500294b9b 100644 --- a/c/cert/src/rules/FIO45-C/ToctouRaceConditionsWhileAccessingFiles.ql +++ b/c/cert/src/rules/FIO45-C/ToctouRaceConditionsWhileAccessingFiles.ql @@ -19,7 +19,7 @@ import cpp import codingstandards.c.cert import codingstandards.cpp.standardlibrary.FileAccess -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import semmle.code.cpp.valuenumbering.GlobalValueNumbering /** diff --git a/c/cert/test/rules/FIO45-C/ToctouRaceConditionsWhileAccessingFiles.expected b/c/cert/test/rules/FIO45-C/ToctouRaceConditionsWhileAccessingFiles.expected index a211aa4002..1b2923b780 100644 --- a/c/cert/test/rules/FIO45-C/ToctouRaceConditionsWhileAccessingFiles.expected +++ b/c/cert/test/rules/FIO45-C/ToctouRaceConditionsWhileAccessingFiles.expected @@ -1,3 +1,2 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ToctouRaceConditionsWhileAccessingFiles.ql:32,35-43) | test.c:4:13:4:17 | call to fopen | This call is trying to prevent an existing file from being overwritten by $@. An attacker might be able to exploit the race window between the two calls. | test.c:11:9:11:13 | call to fopen | another call | | test.c:88:13:88:17 | call to fopen | This call is trying to prevent an existing file from being overwritten by $@. An attacker might be able to exploit the race window between the two calls. | test.c:95:9:95:13 | call to fopen | another call | From 43d5bf8315096e6b604d3bed6895f0b74263d965 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 7 Jul 2025 14:29:48 +0200 Subject: [PATCH 008/104] Convert EXP36-C to the new datafow library Note that we now properly report the offending cast instead of the expression that is being cast. --- ...PointerToMoreStrictlyAlignedPointerType.ql | 2 +- ...rToMoreStrictlyAlignedPointerType.expected | 479 +++++++++--------- 2 files changed, 247 insertions(+), 234 deletions(-) diff --git a/c/cert/src/rules/EXP36-C/DoNotCastPointerToMoreStrictlyAlignedPointerType.ql b/c/cert/src/rules/EXP36-C/DoNotCastPointerToMoreStrictlyAlignedPointerType.ql index 0d294e48b1..7b428a7eee 100644 --- a/c/cert/src/rules/EXP36-C/DoNotCastPointerToMoreStrictlyAlignedPointerType.ql +++ b/c/cert/src/rules/EXP36-C/DoNotCastPointerToMoreStrictlyAlignedPointerType.ql @@ -19,7 +19,7 @@ import cpp import codingstandards.c.cert import codingstandards.cpp.Alignment -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis import ExprWithAlignmentToCStyleCastFlow::PathGraph diff --git a/c/cert/test/rules/EXP36-C/DoNotCastPointerToMoreStrictlyAlignedPointerType.expected b/c/cert/test/rules/EXP36-C/DoNotCastPointerToMoreStrictlyAlignedPointerType.expected index eb7642ae28..381f2b053c 100644 --- a/c/cert/test/rules/EXP36-C/DoNotCastPointerToMoreStrictlyAlignedPointerType.expected +++ b/c/cert/test/rules/EXP36-C/DoNotCastPointerToMoreStrictlyAlignedPointerType.expected @@ -1,277 +1,290 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotCastPointerToMoreStrictlyAlignedPointerType.ql:103,86-94) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotCastPointerToMoreStrictlyAlignedPointerType.ql:125,3-11) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotCastPointerToMoreStrictlyAlignedPointerType.ql:127,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotCastPointerToMoreStrictlyAlignedPointerType.ql:132,20-28) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotCastPointerToMoreStrictlyAlignedPointerType.ql:138,3-11) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotCastPointerToMoreStrictlyAlignedPointerType.ql:144,55-63) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotCastPointerToMoreStrictlyAlignedPointerType.ql:145,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotCastPointerToMoreStrictlyAlignedPointerType.ql:147,20-28) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotCastPointerToMoreStrictlyAlignedPointerType.ql:154,26-34) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotCastPointerToMoreStrictlyAlignedPointerType.ql:169,44-52) edges -| test.c:75:14:75:16 | & ... | test.c:76:11:76:12 | v1 | provenance | | -| test.c:75:14:75:16 | & ... | test.c:77:12:77:13 | v1 | provenance | | -| test.c:75:14:75:16 | & ... | test.c:78:10:78:11 | v1 | provenance | | -| test.c:75:14:75:16 | & ... | test.c:79:12:79:13 | v1 | provenance | | -| test.c:75:14:75:16 | & ... | test.c:80:11:80:12 | v1 | provenance | | -| test.c:75:14:75:16 | & ... | test.c:81:13:81:14 | v1 | provenance | | -| test.c:84:14:84:16 | & ... | test.c:85:11:85:12 | v2 | provenance | | -| test.c:84:14:84:16 | & ... | test.c:86:12:86:13 | v2 | provenance | | -| test.c:84:14:84:16 | & ... | test.c:87:10:87:11 | v2 | provenance | | -| test.c:84:14:84:16 | & ... | test.c:88:12:88:13 | v2 | provenance | | -| test.c:84:14:84:16 | & ... | test.c:89:11:89:12 | v2 | provenance | | -| test.c:84:14:84:16 | & ... | test.c:90:13:90:14 | v2 | provenance | | -| test.c:93:14:93:16 | & ... | test.c:94:11:94:12 | v3 | provenance | | -| test.c:93:14:93:16 | & ... | test.c:95:12:95:13 | v3 | provenance | | -| test.c:93:14:93:16 | & ... | test.c:96:10:96:11 | v3 | provenance | | -| test.c:93:14:93:16 | & ... | test.c:97:12:97:13 | v3 | provenance | | -| test.c:93:14:93:16 | & ... | test.c:98:11:98:12 | v3 | provenance | | -| test.c:93:14:93:16 | & ... | test.c:99:13:99:14 | v3 | provenance | | -| test.c:102:14:102:16 | & ... | test.c:103:11:103:12 | v4 | provenance | | -| test.c:102:14:102:16 | & ... | test.c:104:12:104:13 | v4 | provenance | | -| test.c:102:14:102:16 | & ... | test.c:105:10:105:11 | v4 | provenance | | -| test.c:102:14:102:16 | & ... | test.c:106:12:106:13 | v4 | provenance | | -| test.c:102:14:102:16 | & ... | test.c:107:11:107:12 | v4 | provenance | | -| test.c:102:14:102:16 | & ... | test.c:108:13:108:14 | v4 | provenance | | -| test.c:111:14:111:16 | & ... | test.c:112:11:112:12 | v5 | provenance | | -| test.c:111:14:111:16 | & ... | test.c:113:12:113:13 | v5 | provenance | | -| test.c:111:14:111:16 | & ... | test.c:114:10:114:11 | v5 | provenance | | -| test.c:111:14:111:16 | & ... | test.c:115:12:115:13 | v5 | provenance | | -| test.c:111:14:111:16 | & ... | test.c:116:11:116:12 | v5 | provenance | | -| test.c:111:14:111:16 | & ... | test.c:117:13:117:14 | v5 | provenance | | -| test.c:120:14:120:16 | & ... | test.c:121:11:121:12 | v6 | provenance | | -| test.c:120:14:120:16 | & ... | test.c:122:12:122:13 | v6 | provenance | | -| test.c:120:14:120:16 | & ... | test.c:123:10:123:11 | v6 | provenance | | -| test.c:120:14:120:16 | & ... | test.c:124:12:124:13 | v6 | provenance | | -| test.c:120:14:120:16 | & ... | test.c:125:11:125:12 | v6 | provenance | | -| test.c:120:14:120:16 | & ... | test.c:126:13:126:14 | v6 | provenance | | -| test.c:129:22:129:22 | v | test.c:130:17:130:17 | v | provenance | | -| test.c:135:21:135:23 | & ... | test.c:129:22:129:22 | v | provenance | | -| test.c:138:21:138:23 | & ... | test.c:129:22:129:22 | v | provenance | | -| test.c:166:24:166:29 | call to malloc | test.c:167:13:167:15 | & ... | provenance | | -| test.c:166:24:166:29 | call to malloc | test.c:168:16:168:17 | s1 | provenance | | -| test.c:166:24:166:29 | call to malloc | test.c:169:13:169:14 | s1 | provenance | | -| test.c:166:24:166:29 | call to malloc | test.c:169:13:169:14 | s1 | provenance | | +| test.c:75:14:75:16 | & ... | test.c:75:14:75:16 | & ... | provenance | | +| test.c:75:14:75:16 | & ... | test.c:76:3:76:12 | v1 | provenance | | +| test.c:75:14:75:16 | & ... | test.c:77:3:77:13 | v1 | provenance | | +| test.c:75:14:75:16 | & ... | test.c:78:3:78:11 | v1 | provenance | | +| test.c:75:14:75:16 | & ... | test.c:79:3:79:13 | v1 | provenance | | +| test.c:75:14:75:16 | & ... | test.c:80:3:80:12 | v1 | provenance | | +| test.c:75:14:75:16 | & ... | test.c:81:3:81:14 | v1 | provenance | | +| test.c:84:14:84:16 | & ... | test.c:84:14:84:16 | & ... | provenance | | +| test.c:84:14:84:16 | & ... | test.c:85:3:85:12 | v2 | provenance | | +| test.c:84:14:84:16 | & ... | test.c:86:3:86:13 | v2 | provenance | | +| test.c:84:14:84:16 | & ... | test.c:87:3:87:11 | v2 | provenance | | +| test.c:84:14:84:16 | & ... | test.c:88:3:88:13 | v2 | provenance | | +| test.c:84:14:84:16 | & ... | test.c:89:3:89:12 | v2 | provenance | | +| test.c:84:14:84:16 | & ... | test.c:90:3:90:14 | v2 | provenance | | +| test.c:93:14:93:16 | & ... | test.c:93:14:93:16 | & ... | provenance | | +| test.c:93:14:93:16 | & ... | test.c:94:3:94:12 | v3 | provenance | | +| test.c:93:14:93:16 | & ... | test.c:95:3:95:13 | v3 | provenance | | +| test.c:93:14:93:16 | & ... | test.c:96:3:96:11 | v3 | provenance | | +| test.c:93:14:93:16 | & ... | test.c:97:3:97:13 | v3 | provenance | | +| test.c:93:14:93:16 | & ... | test.c:98:3:98:12 | v3 | provenance | | +| test.c:93:14:93:16 | & ... | test.c:99:3:99:14 | v3 | provenance | | +| test.c:102:14:102:16 | & ... | test.c:102:14:102:16 | & ... | provenance | | +| test.c:102:14:102:16 | & ... | test.c:103:3:103:12 | v4 | provenance | | +| test.c:102:14:102:16 | & ... | test.c:104:3:104:13 | v4 | provenance | | +| test.c:102:14:102:16 | & ... | test.c:105:3:105:11 | v4 | provenance | | +| test.c:102:14:102:16 | & ... | test.c:106:3:106:13 | v4 | provenance | | +| test.c:102:14:102:16 | & ... | test.c:107:3:107:12 | v4 | provenance | | +| test.c:102:14:102:16 | & ... | test.c:108:3:108:14 | v4 | provenance | | +| test.c:111:14:111:16 | & ... | test.c:111:14:111:16 | & ... | provenance | | +| test.c:111:14:111:16 | & ... | test.c:112:3:112:12 | v5 | provenance | | +| test.c:111:14:111:16 | & ... | test.c:113:3:113:13 | v5 | provenance | | +| test.c:111:14:111:16 | & ... | test.c:114:3:114:11 | v5 | provenance | | +| test.c:111:14:111:16 | & ... | test.c:115:3:115:13 | v5 | provenance | | +| test.c:111:14:111:16 | & ... | test.c:116:3:116:12 | v5 | provenance | | +| test.c:111:14:111:16 | & ... | test.c:117:3:117:14 | v5 | provenance | | +| test.c:120:14:120:16 | & ... | test.c:120:14:120:16 | & ... | provenance | | +| test.c:120:14:120:16 | & ... | test.c:121:3:121:12 | v6 | provenance | | +| test.c:120:14:120:16 | & ... | test.c:122:3:122:13 | v6 | provenance | | +| test.c:120:14:120:16 | & ... | test.c:123:3:123:11 | v6 | provenance | | +| test.c:120:14:120:16 | & ... | test.c:124:3:124:13 | v6 | provenance | | +| test.c:120:14:120:16 | & ... | test.c:125:3:125:12 | v6 | provenance | | +| test.c:120:14:120:16 | & ... | test.c:126:3:126:14 | v6 | provenance | | +| test.c:129:22:129:22 | v | test.c:130:10:130:17 | v | provenance | | +| test.c:135:13:135:23 | & ... | test.c:129:22:129:22 | v | provenance | | +| test.c:138:13:138:23 | & ... | test.c:129:22:129:22 | v | provenance | | +| test.c:166:15:166:33 | call to malloc | test.c:166:15:166:33 | call to malloc | provenance | | +| test.c:166:15:166:33 | call to malloc | test.c:168:3:168:17 | s1 | provenance | | +| test.c:166:15:166:33 | call to malloc | test.c:169:13:169:14 | s1 | provenance | | +| test.c:166:15:166:33 | call to malloc | test.c:169:13:169:14 | s1 | provenance | | | test.c:169:13:169:14 | s1 | test.c:129:22:129:22 | v | provenance | | | test.c:174:13:174:14 | s2 | test.c:129:22:129:22 | v | provenance | | | test.c:179:13:179:14 | s3 | test.c:129:22:129:22 | v | provenance | | -| test.c:183:14:183:26 | call to aligned_alloc | test.c:184:11:184:12 | v1 | provenance | | -| test.c:183:14:183:26 | call to aligned_alloc | test.c:185:10:185:11 | v1 | provenance | | -| test.c:183:14:183:26 | call to aligned_alloc | test.c:186:13:186:14 | v1 | provenance | | +| test.c:183:14:183:26 | call to aligned_alloc | test.c:183:14:183:26 | call to aligned_alloc | provenance | | +| test.c:183:14:183:26 | call to aligned_alloc | test.c:184:3:184:12 | v1 | provenance | | +| test.c:183:14:183:26 | call to aligned_alloc | test.c:185:3:185:11 | v1 | provenance | | +| test.c:183:14:183:26 | call to aligned_alloc | test.c:186:3:186:14 | v1 | provenance | | | test.c:183:14:183:26 | call to aligned_alloc | test.c:187:13:187:14 | v1 | provenance | | | test.c:187:13:187:14 | v1 | test.c:129:22:129:22 | v | provenance | | +| test.c:189:14:189:26 | call to aligned_alloc | test.c:189:14:189:26 | call to aligned_alloc | provenance | | | test.c:189:14:189:26 | call to aligned_alloc | test.c:190:13:190:14 | v2 | provenance | | | test.c:190:13:190:14 | v2 | test.c:129:22:129:22 | v | provenance | | -| test.c:222:8:222:9 | p2 | test.c:223:11:223:12 | v1 | provenance | | -| test.c:222:8:222:9 | p2 | test.c:224:12:224:13 | v1 | provenance | | -| test.c:222:8:222:9 | p2 | test.c:225:10:225:11 | v1 | provenance | | -| test.c:222:8:222:9 | p2 | test.c:226:12:226:13 | v1 | provenance | | -| test.c:222:8:222:9 | p2 | test.c:227:11:227:12 | v1 | provenance | | -| test.c:222:8:222:9 | p2 | test.c:228:13:228:14 | v1 | provenance | | +| test.c:222:3:222:9 | ... = ... | test.c:223:3:223:12 | v1 | provenance | | +| test.c:222:3:222:9 | ... = ... | test.c:224:3:224:13 | v1 | provenance | | +| test.c:222:3:222:9 | ... = ... | test.c:225:3:225:11 | v1 | provenance | | +| test.c:222:3:222:9 | ... = ... | test.c:226:3:226:13 | v1 | provenance | | +| test.c:222:3:222:9 | ... = ... | test.c:227:3:227:12 | v1 | provenance | | +| test.c:222:3:222:9 | ... = ... | test.c:228:3:228:14 | v1 | provenance | | +| test.c:222:8:222:9 | p2 | test.c:222:3:222:9 | ... = ... | provenance | | +| test.c:238:13:238:14 | & ... | test.c:238:13:238:14 | & ... | provenance | | | test.c:238:13:238:14 | & ... | test.c:244:12:244:13 | ip | provenance | | -| test.c:241:15:241:18 | & ... | test.c:247:9:247:12 | & ... | provenance | | -| test.c:252:16:252:18 | & ... | test.c:254:11:254:13 | ps1 | provenance | | -| test.c:252:16:252:18 | & ... | test.c:256:10:256:12 | ps1 | provenance | | +| test.c:240:16:240:19 | & ... | test.c:246:9:246:12 | & ... | provenance | | +| test.c:252:16:252:18 | & ... | test.c:252:16:252:18 | & ... | provenance | | +| test.c:252:16:252:18 | & ... | test.c:254:3:254:13 | ps1 | provenance | | +| test.c:252:16:252:18 | & ... | test.c:256:3:256:12 | ps1 | provenance | | nodes -| test.c:7:11:7:13 | & ... | semmle.label | & ... | -| test.c:8:12:8:14 | & ... | semmle.label | & ... | -| test.c:9:10:9:12 | & ... | semmle.label | & ... | -| test.c:10:11:10:13 | & ... | semmle.label | & ... | -| test.c:11:12:11:14 | & ... | semmle.label | & ... | -| test.c:12:13:12:15 | & ... | semmle.label | & ... | -| test.c:15:11:15:13 | & ... | semmle.label | & ... | -| test.c:16:12:16:14 | & ... | semmle.label | & ... | -| test.c:17:10:17:12 | & ... | semmle.label | & ... | -| test.c:18:11:18:13 | & ... | semmle.label | & ... | -| test.c:19:12:19:14 | & ... | semmle.label | & ... | -| test.c:20:13:20:15 | & ... | semmle.label | & ... | -| test.c:23:11:23:13 | & ... | semmle.label | & ... | -| test.c:24:12:24:14 | & ... | semmle.label | & ... | -| test.c:25:10:25:12 | & ... | semmle.label | & ... | -| test.c:26:12:26:14 | & ... | semmle.label | & ... | -| test.c:27:11:27:13 | & ... | semmle.label | & ... | -| test.c:28:13:28:15 | & ... | semmle.label | & ... | -| test.c:31:11:31:13 | & ... | semmle.label | & ... | -| test.c:32:12:32:14 | & ... | semmle.label | & ... | -| test.c:33:10:33:12 | & ... | semmle.label | & ... | -| test.c:34:12:34:14 | & ... | semmle.label | & ... | -| test.c:35:11:35:13 | & ... | semmle.label | & ... | -| test.c:36:13:36:15 | & ... | semmle.label | & ... | -| test.c:39:11:39:13 | & ... | semmle.label | & ... | -| test.c:40:12:40:14 | & ... | semmle.label | & ... | -| test.c:41:10:41:12 | & ... | semmle.label | & ... | -| test.c:42:12:42:14 | & ... | semmle.label | & ... | -| test.c:43:11:43:13 | & ... | semmle.label | & ... | -| test.c:44:13:44:15 | & ... | semmle.label | & ... | -| test.c:47:11:47:13 | & ... | semmle.label | & ... | -| test.c:48:12:48:14 | & ... | semmle.label | & ... | -| test.c:49:10:49:12 | & ... | semmle.label | & ... | -| test.c:50:12:50:14 | & ... | semmle.label | & ... | -| test.c:51:11:51:13 | & ... | semmle.label | & ... | -| test.c:52:13:52:15 | & ... | semmle.label | & ... | -| test.c:57:11:57:13 | & ... | semmle.label | & ... | -| test.c:58:12:58:14 | & ... | semmle.label | & ... | -| test.c:59:10:59:12 | & ... | semmle.label | & ... | -| test.c:60:12:60:14 | & ... | semmle.label | & ... | -| test.c:61:11:61:13 | & ... | semmle.label | & ... | -| test.c:62:13:62:15 | & ... | semmle.label | & ... | -| test.c:65:11:65:13 | & ... | semmle.label | & ... | -| test.c:66:12:66:14 | & ... | semmle.label | & ... | -| test.c:67:10:67:12 | & ... | semmle.label | & ... | -| test.c:68:12:68:14 | & ... | semmle.label | & ... | -| test.c:69:11:69:13 | & ... | semmle.label | & ... | -| test.c:70:13:70:15 | & ... | semmle.label | & ... | +| test.c:7:3:7:13 | & ... | semmle.label | & ... | +| test.c:8:3:8:14 | & ... | semmle.label | & ... | +| test.c:9:3:9:12 | & ... | semmle.label | & ... | +| test.c:10:3:10:13 | & ... | semmle.label | & ... | +| test.c:11:3:11:14 | & ... | semmle.label | & ... | +| test.c:12:3:12:15 | & ... | semmle.label | & ... | +| test.c:15:3:15:13 | & ... | semmle.label | & ... | +| test.c:16:3:16:14 | & ... | semmle.label | & ... | +| test.c:17:3:17:12 | & ... | semmle.label | & ... | +| test.c:18:3:18:13 | & ... | semmle.label | & ... | +| test.c:19:3:19:14 | & ... | semmle.label | & ... | +| test.c:20:3:20:15 | & ... | semmle.label | & ... | +| test.c:23:3:23:13 | & ... | semmle.label | & ... | +| test.c:24:3:24:14 | & ... | semmle.label | & ... | +| test.c:25:3:25:12 | & ... | semmle.label | & ... | +| test.c:26:3:26:14 | & ... | semmle.label | & ... | +| test.c:27:3:27:13 | & ... | semmle.label | & ... | +| test.c:28:3:28:15 | & ... | semmle.label | & ... | +| test.c:31:3:31:13 | & ... | semmle.label | & ... | +| test.c:32:3:32:14 | & ... | semmle.label | & ... | +| test.c:33:3:33:12 | & ... | semmle.label | & ... | +| test.c:34:3:34:14 | & ... | semmle.label | & ... | +| test.c:35:3:35:13 | & ... | semmle.label | & ... | +| test.c:36:3:36:15 | & ... | semmle.label | & ... | +| test.c:39:3:39:13 | & ... | semmle.label | & ... | +| test.c:40:3:40:14 | & ... | semmle.label | & ... | +| test.c:41:3:41:12 | & ... | semmle.label | & ... | +| test.c:42:3:42:14 | & ... | semmle.label | & ... | +| test.c:43:3:43:13 | & ... | semmle.label | & ... | +| test.c:44:3:44:15 | & ... | semmle.label | & ... | +| test.c:47:3:47:13 | & ... | semmle.label | & ... | +| test.c:48:3:48:14 | & ... | semmle.label | & ... | +| test.c:49:3:49:12 | & ... | semmle.label | & ... | +| test.c:50:3:50:14 | & ... | semmle.label | & ... | +| test.c:51:3:51:13 | & ... | semmle.label | & ... | +| test.c:52:3:52:15 | & ... | semmle.label | & ... | +| test.c:57:3:57:13 | & ... | semmle.label | & ... | +| test.c:58:3:58:14 | & ... | semmle.label | & ... | +| test.c:59:3:59:12 | & ... | semmle.label | & ... | +| test.c:60:3:60:14 | & ... | semmle.label | & ... | +| test.c:61:3:61:13 | & ... | semmle.label | & ... | +| test.c:62:3:62:15 | & ... | semmle.label | & ... | +| test.c:65:3:65:13 | & ... | semmle.label | & ... | +| test.c:66:3:66:14 | & ... | semmle.label | & ... | +| test.c:67:3:67:12 | & ... | semmle.label | & ... | +| test.c:68:3:68:14 | & ... | semmle.label | & ... | +| test.c:69:3:69:13 | & ... | semmle.label | & ... | +| test.c:70:3:70:15 | & ... | semmle.label | & ... | | test.c:75:14:75:16 | & ... | semmle.label | & ... | | test.c:75:14:75:16 | & ... | semmle.label | & ... | -| test.c:76:11:76:12 | v1 | semmle.label | v1 | -| test.c:77:12:77:13 | v1 | semmle.label | v1 | -| test.c:78:10:78:11 | v1 | semmle.label | v1 | -| test.c:79:12:79:13 | v1 | semmle.label | v1 | -| test.c:80:11:80:12 | v1 | semmle.label | v1 | -| test.c:81:13:81:14 | v1 | semmle.label | v1 | +| test.c:75:14:75:16 | & ... | semmle.label | & ... | +| test.c:76:3:76:12 | v1 | semmle.label | v1 | +| test.c:77:3:77:13 | v1 | semmle.label | v1 | +| test.c:78:3:78:11 | v1 | semmle.label | v1 | +| test.c:79:3:79:13 | v1 | semmle.label | v1 | +| test.c:80:3:80:12 | v1 | semmle.label | v1 | +| test.c:81:3:81:14 | v1 | semmle.label | v1 | +| test.c:84:14:84:16 | & ... | semmle.label | & ... | | test.c:84:14:84:16 | & ... | semmle.label | & ... | | test.c:84:14:84:16 | & ... | semmle.label | & ... | -| test.c:85:11:85:12 | v2 | semmle.label | v2 | -| test.c:86:12:86:13 | v2 | semmle.label | v2 | -| test.c:87:10:87:11 | v2 | semmle.label | v2 | -| test.c:88:12:88:13 | v2 | semmle.label | v2 | -| test.c:89:11:89:12 | v2 | semmle.label | v2 | -| test.c:90:13:90:14 | v2 | semmle.label | v2 | +| test.c:85:3:85:12 | v2 | semmle.label | v2 | +| test.c:86:3:86:13 | v2 | semmle.label | v2 | +| test.c:87:3:87:11 | v2 | semmle.label | v2 | +| test.c:88:3:88:13 | v2 | semmle.label | v2 | +| test.c:89:3:89:12 | v2 | semmle.label | v2 | +| test.c:90:3:90:14 | v2 | semmle.label | v2 | +| test.c:93:14:93:16 | & ... | semmle.label | & ... | | test.c:93:14:93:16 | & ... | semmle.label | & ... | | test.c:93:14:93:16 | & ... | semmle.label | & ... | -| test.c:94:11:94:12 | v3 | semmle.label | v3 | -| test.c:95:12:95:13 | v3 | semmle.label | v3 | -| test.c:96:10:96:11 | v3 | semmle.label | v3 | -| test.c:97:12:97:13 | v3 | semmle.label | v3 | -| test.c:98:11:98:12 | v3 | semmle.label | v3 | -| test.c:99:13:99:14 | v3 | semmle.label | v3 | +| test.c:94:3:94:12 | v3 | semmle.label | v3 | +| test.c:95:3:95:13 | v3 | semmle.label | v3 | +| test.c:96:3:96:11 | v3 | semmle.label | v3 | +| test.c:97:3:97:13 | v3 | semmle.label | v3 | +| test.c:98:3:98:12 | v3 | semmle.label | v3 | +| test.c:99:3:99:14 | v3 | semmle.label | v3 | | test.c:102:14:102:16 | & ... | semmle.label | & ... | | test.c:102:14:102:16 | & ... | semmle.label | & ... | -| test.c:103:11:103:12 | v4 | semmle.label | v4 | -| test.c:104:12:104:13 | v4 | semmle.label | v4 | -| test.c:105:10:105:11 | v4 | semmle.label | v4 | -| test.c:106:12:106:13 | v4 | semmle.label | v4 | -| test.c:107:11:107:12 | v4 | semmle.label | v4 | -| test.c:108:13:108:14 | v4 | semmle.label | v4 | +| test.c:102:14:102:16 | & ... | semmle.label | & ... | +| test.c:103:3:103:12 | v4 | semmle.label | v4 | +| test.c:104:3:104:13 | v4 | semmle.label | v4 | +| test.c:105:3:105:11 | v4 | semmle.label | v4 | +| test.c:106:3:106:13 | v4 | semmle.label | v4 | +| test.c:107:3:107:12 | v4 | semmle.label | v4 | +| test.c:108:3:108:14 | v4 | semmle.label | v4 | +| test.c:111:14:111:16 | & ... | semmle.label | & ... | | test.c:111:14:111:16 | & ... | semmle.label | & ... | | test.c:111:14:111:16 | & ... | semmle.label | & ... | -| test.c:112:11:112:12 | v5 | semmle.label | v5 | -| test.c:113:12:113:13 | v5 | semmle.label | v5 | -| test.c:114:10:114:11 | v5 | semmle.label | v5 | -| test.c:115:12:115:13 | v5 | semmle.label | v5 | -| test.c:116:11:116:12 | v5 | semmle.label | v5 | -| test.c:117:13:117:14 | v5 | semmle.label | v5 | +| test.c:112:3:112:12 | v5 | semmle.label | v5 | +| test.c:113:3:113:13 | v5 | semmle.label | v5 | +| test.c:114:3:114:11 | v5 | semmle.label | v5 | +| test.c:115:3:115:13 | v5 | semmle.label | v5 | +| test.c:116:3:116:12 | v5 | semmle.label | v5 | +| test.c:117:3:117:14 | v5 | semmle.label | v5 | +| test.c:120:14:120:16 | & ... | semmle.label | & ... | | test.c:120:14:120:16 | & ... | semmle.label | & ... | | test.c:120:14:120:16 | & ... | semmle.label | & ... | -| test.c:121:11:121:12 | v6 | semmle.label | v6 | -| test.c:122:12:122:13 | v6 | semmle.label | v6 | -| test.c:123:10:123:11 | v6 | semmle.label | v6 | -| test.c:124:12:124:13 | v6 | semmle.label | v6 | -| test.c:125:11:125:12 | v6 | semmle.label | v6 | -| test.c:126:13:126:14 | v6 | semmle.label | v6 | +| test.c:121:3:121:12 | v6 | semmle.label | v6 | +| test.c:122:3:122:13 | v6 | semmle.label | v6 | +| test.c:123:3:123:11 | v6 | semmle.label | v6 | +| test.c:124:3:124:13 | v6 | semmle.label | v6 | +| test.c:125:3:125:12 | v6 | semmle.label | v6 | +| test.c:126:3:126:14 | v6 | semmle.label | v6 | | test.c:129:22:129:22 | v | semmle.label | v | -| test.c:130:17:130:17 | v | semmle.label | v | -| test.c:135:21:135:23 | & ... | semmle.label | & ... | -| test.c:135:21:135:23 | & ... | semmle.label | & ... | -| test.c:138:21:138:23 | & ... | semmle.label | & ... | -| test.c:138:21:138:23 | & ... | semmle.label | & ... | -| test.c:158:13:158:20 | & ... | semmle.label | & ... | -| test.c:161:13:161:20 | & ... | semmle.label | & ... | -| test.c:162:16:162:18 | & ... | semmle.label | & ... | -| test.c:166:24:166:29 | call to malloc | semmle.label | call to malloc | -| test.c:166:24:166:29 | call to malloc | semmle.label | call to malloc | -| test.c:167:13:167:15 | & ... | semmle.label | & ... | -| test.c:168:16:168:17 | s1 | semmle.label | s1 | +| test.c:130:10:130:17 | v | semmle.label | v | +| test.c:135:13:135:23 | & ... | semmle.label | & ... | +| test.c:135:13:135:23 | & ... | semmle.label | & ... | +| test.c:138:13:138:23 | & ... | semmle.label | & ... | +| test.c:138:13:138:23 | & ... | semmle.label | & ... | +| test.c:158:3:158:20 | & ... | semmle.label | & ... | +| test.c:161:3:161:20 | & ... | semmle.label | & ... | +| test.c:162:3:162:18 | & ... | semmle.label | & ... | +| test.c:166:15:166:33 | call to malloc | semmle.label | call to malloc | +| test.c:166:15:166:33 | call to malloc | semmle.label | call to malloc | +| test.c:166:15:166:33 | call to malloc | semmle.label | call to malloc | +| test.c:167:3:167:15 | & ... | semmle.label | & ... | +| test.c:168:3:168:17 | s1 | semmle.label | s1 | | test.c:169:13:169:14 | s1 | semmle.label | s1 | | test.c:169:13:169:14 | s1 | semmle.label | s1 | -| test.c:172:11:172:12 | s2 | semmle.label | s2 | -| test.c:173:13:173:14 | s2 | semmle.label | s2 | +| test.c:172:3:172:12 | s2 | semmle.label | s2 | +| test.c:173:3:173:14 | s2 | semmle.label | s2 | | test.c:174:13:174:14 | s2 | semmle.label | s2 | | test.c:174:13:174:14 | s2 | semmle.label | s2 | -| test.c:177:11:177:12 | s3 | semmle.label | s3 | -| test.c:178:13:178:14 | s3 | semmle.label | s3 | +| test.c:177:3:177:12 | s3 | semmle.label | s3 | +| test.c:178:3:178:14 | s3 | semmle.label | s3 | | test.c:179:13:179:14 | s3 | semmle.label | s3 | | test.c:179:13:179:14 | s3 | semmle.label | s3 | | test.c:183:14:183:26 | call to aligned_alloc | semmle.label | call to aligned_alloc | -| test.c:184:11:184:12 | v1 | semmle.label | v1 | -| test.c:185:10:185:11 | v1 | semmle.label | v1 | -| test.c:186:13:186:14 | v1 | semmle.label | v1 | +| test.c:183:14:183:26 | call to aligned_alloc | semmle.label | call to aligned_alloc | +| test.c:184:3:184:12 | v1 | semmle.label | v1 | +| test.c:185:3:185:11 | v1 | semmle.label | v1 | +| test.c:186:3:186:14 | v1 | semmle.label | v1 | | test.c:187:13:187:14 | v1 | semmle.label | v1 | | test.c:189:14:189:26 | call to aligned_alloc | semmle.label | call to aligned_alloc | +| test.c:189:14:189:26 | call to aligned_alloc | semmle.label | call to aligned_alloc | | test.c:190:13:190:14 | v2 | semmle.label | v2 | -| test.c:214:11:214:12 | p2 | semmle.label | p2 | -| test.c:215:12:215:13 | p2 | semmle.label | p2 | -| test.c:216:10:216:11 | p2 | semmle.label | p2 | -| test.c:217:11:217:12 | p2 | semmle.label | p2 | -| test.c:218:12:218:13 | p2 | semmle.label | p2 | -| test.c:219:13:219:14 | p2 | semmle.label | p2 | +| test.c:214:3:214:12 | p2 | semmle.label | p2 | +| test.c:215:3:215:13 | p2 | semmle.label | p2 | +| test.c:216:3:216:11 | p2 | semmle.label | p2 | +| test.c:217:3:217:12 | p2 | semmle.label | p2 | +| test.c:218:3:218:13 | p2 | semmle.label | p2 | +| test.c:219:3:219:14 | p2 | semmle.label | p2 | +| test.c:222:3:222:9 | ... = ... | semmle.label | ... = ... | | test.c:222:8:222:9 | p2 | semmle.label | p2 | | test.c:222:8:222:9 | p2 | semmle.label | p2 | -| test.c:223:11:223:12 | v1 | semmle.label | v1 | -| test.c:224:12:224:13 | v1 | semmle.label | v1 | -| test.c:225:10:225:11 | v1 | semmle.label | v1 | -| test.c:226:12:226:13 | v1 | semmle.label | v1 | -| test.c:227:11:227:12 | v1 | semmle.label | v1 | -| test.c:228:13:228:14 | v1 | semmle.label | v1 | +| test.c:223:3:223:12 | v1 | semmle.label | v1 | +| test.c:224:3:224:13 | v1 | semmle.label | v1 | +| test.c:225:3:225:11 | v1 | semmle.label | v1 | +| test.c:226:3:226:13 | v1 | semmle.label | v1 | +| test.c:227:3:227:12 | v1 | semmle.label | v1 | +| test.c:228:3:228:14 | v1 | semmle.label | v1 | +| test.c:238:13:238:14 | & ... | semmle.label | & ... | | test.c:238:13:238:14 | & ... | semmle.label | & ... | | test.c:240:16:240:19 | & ... | semmle.label | & ... | -| test.c:241:15:241:18 | & ... | semmle.label | & ... | +| test.c:240:16:240:19 | & ... | semmle.label | & ... | | test.c:241:15:241:18 | & ... | semmle.label | & ... | | test.c:244:12:244:13 | ip | semmle.label | ip | | test.c:246:9:246:12 | & ... | semmle.label | & ... | | test.c:247:9:247:12 | & ... | semmle.label | & ... | | test.c:252:16:252:18 | & ... | semmle.label | & ... | -| test.c:254:11:254:13 | ps1 | semmle.label | ps1 | -| test.c:255:11:255:13 | & ... | semmle.label | & ... | -| test.c:256:10:256:12 | ps1 | semmle.label | ps1 | -| test.c:257:10:257:12 | & ... | semmle.label | & ... | +| test.c:252:16:252:18 | & ... | semmle.label | & ... | +| test.c:254:3:254:13 | ps1 | semmle.label | ps1 | +| test.c:255:3:255:13 | & ... | semmle.label | & ... | +| test.c:256:3:256:12 | ps1 | semmle.label | ps1 | +| test.c:257:3:257:12 | & ... | semmle.label | & ... | subpaths #select -| test.c:8:3:8:14 | (short *)... | test.c:8:12:8:14 | & ... | test.c:8:12:8:14 | & ... | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type short with 2-byte alignment. | test.c:8:12:8:14 | & ... | address-of expression | -| test.c:9:3:9:12 | (int *)... | test.c:9:10:9:12 | & ... | test.c:9:10:9:12 | & ... | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:9:10:9:12 | & ... | address-of expression | -| test.c:10:3:10:13 | (long *)... | test.c:10:11:10:13 | & ... | test.c:10:11:10:13 | & ... | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:10:11:10:13 | & ... | address-of expression | -| test.c:11:3:11:14 | (float *)... | test.c:11:12:11:14 | & ... | test.c:11:12:11:14 | & ... | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type float with 4-byte alignment. | test.c:11:12:11:14 | & ... | address-of expression | -| test.c:12:3:12:15 | (double *)... | test.c:12:13:12:15 | & ... | test.c:12:13:12:15 | & ... | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:12:13:12:15 | & ... | address-of expression | -| test.c:17:3:17:12 | (int *)... | test.c:17:10:17:12 | & ... | test.c:17:10:17:12 | & ... | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:17:10:17:12 | & ... | address-of expression | -| test.c:18:3:18:13 | (long *)... | test.c:18:11:18:13 | & ... | test.c:18:11:18:13 | & ... | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:18:11:18:13 | & ... | address-of expression | -| test.c:19:3:19:14 | (float *)... | test.c:19:12:19:14 | & ... | test.c:19:12:19:14 | & ... | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type float with 4-byte alignment. | test.c:19:12:19:14 | & ... | address-of expression | -| test.c:20:3:20:15 | (double *)... | test.c:20:13:20:15 | & ... | test.c:20:13:20:15 | & ... | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:20:13:20:15 | & ... | address-of expression | -| test.c:27:3:27:13 | (long *)... | test.c:27:11:27:13 | & ... | test.c:27:11:27:13 | & ... | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:27:11:27:13 | & ... | address-of expression | -| test.c:28:3:28:15 | (double *)... | test.c:28:13:28:15 | & ... | test.c:28:13:28:15 | & ... | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:28:13:28:15 | & ... | address-of expression | -| test.c:35:3:35:13 | (long *)... | test.c:35:11:35:13 | & ... | test.c:35:11:35:13 | & ... | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:35:11:35:13 | & ... | address-of expression | -| test.c:36:3:36:15 | (double *)... | test.c:36:13:36:15 | & ... | test.c:36:13:36:15 | & ... | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:36:13:36:15 | & ... | address-of expression | -| test.c:61:3:61:13 | (long *)... | test.c:61:11:61:13 | & ... | test.c:61:11:61:13 | & ... | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:61:11:61:13 | & ... | address-of expression | -| test.c:62:3:62:15 | (double *)... | test.c:62:13:62:15 | & ... | test.c:62:13:62:15 | & ... | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:62:13:62:15 | & ... | address-of expression | -| test.c:77:3:77:13 | (short *)... | test.c:75:14:75:16 | & ... | test.c:77:12:77:13 | v1 | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type short with 2-byte alignment. | test.c:75:14:75:16 | & ... | address-of expression | -| test.c:78:3:78:11 | (int *)... | test.c:75:14:75:16 | & ... | test.c:78:10:78:11 | v1 | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:75:14:75:16 | & ... | address-of expression | -| test.c:79:3:79:13 | (float *)... | test.c:75:14:75:16 | & ... | test.c:79:12:79:13 | v1 | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type float with 4-byte alignment. | test.c:75:14:75:16 | & ... | address-of expression | -| test.c:80:3:80:12 | (long *)... | test.c:75:14:75:16 | & ... | test.c:80:11:80:12 | v1 | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:75:14:75:16 | & ... | address-of expression | -| test.c:81:3:81:14 | (double *)... | test.c:75:14:75:16 | & ... | test.c:81:13:81:14 | v1 | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:75:14:75:16 | & ... | address-of expression | -| test.c:87:3:87:11 | (int *)... | test.c:84:14:84:16 | & ... | test.c:87:10:87:11 | v2 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:84:14:84:16 | & ... | address-of expression | -| test.c:88:3:88:13 | (float *)... | test.c:84:14:84:16 | & ... | test.c:88:12:88:13 | v2 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type float with 4-byte alignment. | test.c:84:14:84:16 | & ... | address-of expression | -| test.c:89:3:89:12 | (long *)... | test.c:84:14:84:16 | & ... | test.c:89:11:89:12 | v2 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:84:14:84:16 | & ... | address-of expression | -| test.c:90:3:90:14 | (double *)... | test.c:84:14:84:16 | & ... | test.c:90:13:90:14 | v2 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:84:14:84:16 | & ... | address-of expression | -| test.c:98:3:98:12 | (long *)... | test.c:93:14:93:16 | & ... | test.c:98:11:98:12 | v3 | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:93:14:93:16 | & ... | address-of expression | -| test.c:99:3:99:14 | (double *)... | test.c:93:14:93:16 | & ... | test.c:99:13:99:14 | v3 | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:93:14:93:16 | & ... | address-of expression | -| test.c:107:3:107:12 | (long *)... | test.c:102:14:102:16 | & ... | test.c:107:11:107:12 | v4 | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:102:14:102:16 | & ... | address-of expression | -| test.c:108:3:108:14 | (double *)... | test.c:102:14:102:16 | & ... | test.c:108:13:108:14 | v4 | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:102:14:102:16 | & ... | address-of expression | -| test.c:130:10:130:17 | (int *)... | test.c:135:21:135:23 | & ... | test.c:130:17:130:17 | v | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:135:21:135:23 | & ... | address-of expression | -| test.c:130:10:130:17 | (int *)... | test.c:174:13:174:14 | s2 | test.c:130:17:130:17 | v | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:174:13:174:14 | s2 | pointer base type short | -| test.c:130:10:130:17 | (int *)... | test.c:179:13:179:14 | s3 | test.c:130:17:130:17 | v | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:179:13:179:14 | s3 | pointer base type short | -| test.c:130:10:130:17 | (int *)... | test.c:189:14:189:26 | call to aligned_alloc | test.c:130:17:130:17 | v | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:189:14:189:26 | call to aligned_alloc | call to aligned_alloc | -| test.c:158:3:158:20 | (size_t *)... | test.c:158:13:158:20 | & ... | test.c:158:13:158:20 | & ... | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type unsigned long with 8-byte alignment. | test.c:158:13:158:20 | & ... | address-of expression | -| test.c:162:3:162:18 | (S3 *)... | test.c:162:16:162:18 | & ... | test.c:162:16:162:18 | & ... | Cast from pointer with 8-byte alignment (defined by $@) to pointer with base type S3 with 64-byte alignment. | test.c:162:16:162:18 | & ... | address-of expression | -| test.c:168:3:168:17 | (S3 *)... | test.c:166:24:166:29 | call to malloc | test.c:168:16:168:17 | s1 | Cast from pointer with 16-byte alignment (defined by $@) to pointer with base type S3 with 64-byte alignment. | test.c:166:24:166:29 | call to malloc | call to malloc | -| test.c:173:3:173:14 | (size_t *)... | test.c:173:13:173:14 | s2 | test.c:173:13:173:14 | s2 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type unsigned long with 8-byte alignment. | test.c:173:13:173:14 | s2 | pointer base type short | -| test.c:178:3:178:14 | (size_t *)... | test.c:178:13:178:14 | s3 | test.c:178:13:178:14 | s3 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type unsigned long with 8-byte alignment. | test.c:178:13:178:14 | s3 | pointer base type short | -| test.c:186:3:186:14 | (size_t *)... | test.c:183:14:183:26 | call to aligned_alloc | test.c:186:13:186:14 | v1 | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type unsigned long with 8-byte alignment. | test.c:183:14:183:26 | call to aligned_alloc | call to aligned_alloc | -| test.c:216:3:216:11 | (int *)... | test.c:216:10:216:11 | p2 | test.c:216:10:216:11 | p2 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:216:10:216:11 | p2 | pointer base type short | -| test.c:217:3:217:12 | (long *)... | test.c:217:11:217:12 | p2 | test.c:217:11:217:12 | p2 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:217:11:217:12 | p2 | pointer base type short | -| test.c:218:3:218:13 | (float *)... | test.c:218:12:218:13 | p2 | test.c:218:12:218:13 | p2 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type float with 4-byte alignment. | test.c:218:12:218:13 | p2 | pointer base type short | -| test.c:219:3:219:14 | (double *)... | test.c:219:13:219:14 | p2 | test.c:219:13:219:14 | p2 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:219:13:219:14 | p2 | pointer base type short | -| test.c:225:3:225:11 | (int *)... | test.c:222:8:222:9 | p2 | test.c:225:10:225:11 | v1 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:222:8:222:9 | p2 | pointer base type short | -| test.c:226:3:226:13 | (float *)... | test.c:222:8:222:9 | p2 | test.c:226:12:226:13 | v1 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type float with 4-byte alignment. | test.c:222:8:222:9 | p2 | pointer base type short | -| test.c:227:3:227:12 | (long *)... | test.c:222:8:222:9 | p2 | test.c:227:11:227:12 | v1 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:222:8:222:9 | p2 | pointer base type short | -| test.c:228:3:228:14 | (double *)... | test.c:222:8:222:9 | p2 | test.c:228:13:228:14 | v1 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:222:8:222:9 | p2 | pointer base type short | -| test.c:256:3:256:12 | (int *)... | test.c:252:16:252:18 | & ... | test.c:256:10:256:12 | ps1 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:252:16:252:18 | & ... | address-of expression | -| test.c:257:3:257:12 | (int *)... | test.c:257:10:257:12 | & ... | test.c:257:10:257:12 | & ... | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:257:10:257:12 | & ... | address-of expression | +| test.c:8:3:8:14 | (short *)... | test.c:8:3:8:14 | & ... | test.c:8:3:8:14 | & ... | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type short with 2-byte alignment. | test.c:8:12:8:14 | & ... | address-of expression | +| test.c:9:3:9:12 | (int *)... | test.c:9:3:9:12 | & ... | test.c:9:3:9:12 | & ... | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:9:10:9:12 | & ... | address-of expression | +| test.c:10:3:10:13 | (long *)... | test.c:10:3:10:13 | & ... | test.c:10:3:10:13 | & ... | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:10:11:10:13 | & ... | address-of expression | +| test.c:11:3:11:14 | (float *)... | test.c:11:3:11:14 | & ... | test.c:11:3:11:14 | & ... | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type float with 4-byte alignment. | test.c:11:12:11:14 | & ... | address-of expression | +| test.c:12:3:12:15 | (double *)... | test.c:12:3:12:15 | & ... | test.c:12:3:12:15 | & ... | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:12:13:12:15 | & ... | address-of expression | +| test.c:17:3:17:12 | (int *)... | test.c:17:3:17:12 | & ... | test.c:17:3:17:12 | & ... | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:17:10:17:12 | & ... | address-of expression | +| test.c:18:3:18:13 | (long *)... | test.c:18:3:18:13 | & ... | test.c:18:3:18:13 | & ... | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:18:11:18:13 | & ... | address-of expression | +| test.c:19:3:19:14 | (float *)... | test.c:19:3:19:14 | & ... | test.c:19:3:19:14 | & ... | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type float with 4-byte alignment. | test.c:19:12:19:14 | & ... | address-of expression | +| test.c:20:3:20:15 | (double *)... | test.c:20:3:20:15 | & ... | test.c:20:3:20:15 | & ... | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:20:13:20:15 | & ... | address-of expression | +| test.c:27:3:27:13 | (long *)... | test.c:27:3:27:13 | & ... | test.c:27:3:27:13 | & ... | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:27:11:27:13 | & ... | address-of expression | +| test.c:28:3:28:15 | (double *)... | test.c:28:3:28:15 | & ... | test.c:28:3:28:15 | & ... | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:28:13:28:15 | & ... | address-of expression | +| test.c:35:3:35:13 | (long *)... | test.c:35:3:35:13 | & ... | test.c:35:3:35:13 | & ... | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:35:11:35:13 | & ... | address-of expression | +| test.c:36:3:36:15 | (double *)... | test.c:36:3:36:15 | & ... | test.c:36:3:36:15 | & ... | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:36:13:36:15 | & ... | address-of expression | +| test.c:61:3:61:13 | (long *)... | test.c:61:3:61:13 | & ... | test.c:61:3:61:13 | & ... | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:61:11:61:13 | & ... | address-of expression | +| test.c:62:3:62:15 | (double *)... | test.c:62:3:62:15 | & ... | test.c:62:3:62:15 | & ... | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:62:13:62:15 | & ... | address-of expression | +| test.c:77:3:77:13 | (short *)... | test.c:75:14:75:16 | & ... | test.c:77:3:77:13 | v1 | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type short with 2-byte alignment. | test.c:75:14:75:16 | & ... | address-of expression | +| test.c:78:3:78:11 | (int *)... | test.c:75:14:75:16 | & ... | test.c:78:3:78:11 | v1 | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:75:14:75:16 | & ... | address-of expression | +| test.c:79:3:79:13 | (float *)... | test.c:75:14:75:16 | & ... | test.c:79:3:79:13 | v1 | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type float with 4-byte alignment. | test.c:75:14:75:16 | & ... | address-of expression | +| test.c:80:3:80:12 | (long *)... | test.c:75:14:75:16 | & ... | test.c:80:3:80:12 | v1 | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:75:14:75:16 | & ... | address-of expression | +| test.c:81:3:81:14 | (double *)... | test.c:75:14:75:16 | & ... | test.c:81:3:81:14 | v1 | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:75:14:75:16 | & ... | address-of expression | +| test.c:87:3:87:11 | (int *)... | test.c:84:14:84:16 | & ... | test.c:87:3:87:11 | v2 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:84:14:84:16 | & ... | address-of expression | +| test.c:88:3:88:13 | (float *)... | test.c:84:14:84:16 | & ... | test.c:88:3:88:13 | v2 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type float with 4-byte alignment. | test.c:84:14:84:16 | & ... | address-of expression | +| test.c:89:3:89:12 | (long *)... | test.c:84:14:84:16 | & ... | test.c:89:3:89:12 | v2 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:84:14:84:16 | & ... | address-of expression | +| test.c:90:3:90:14 | (double *)... | test.c:84:14:84:16 | & ... | test.c:90:3:90:14 | v2 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:84:14:84:16 | & ... | address-of expression | +| test.c:98:3:98:12 | (long *)... | test.c:93:14:93:16 | & ... | test.c:98:3:98:12 | v3 | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:93:14:93:16 | & ... | address-of expression | +| test.c:99:3:99:14 | (double *)... | test.c:93:14:93:16 | & ... | test.c:99:3:99:14 | v3 | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:93:14:93:16 | & ... | address-of expression | +| test.c:107:3:107:12 | (long *)... | test.c:102:14:102:16 | & ... | test.c:107:3:107:12 | v4 | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:102:14:102:16 | & ... | address-of expression | +| test.c:108:3:108:14 | (double *)... | test.c:102:14:102:16 | & ... | test.c:108:3:108:14 | v4 | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:102:14:102:16 | & ... | address-of expression | +| test.c:130:10:130:17 | (int *)... | test.c:135:13:135:23 | & ... | test.c:130:10:130:17 | v | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:135:21:135:23 | & ... | address-of expression | +| test.c:130:10:130:17 | (int *)... | test.c:174:13:174:14 | s2 | test.c:130:10:130:17 | v | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:174:13:174:14 | s2 | pointer base type short | +| test.c:130:10:130:17 | (int *)... | test.c:179:13:179:14 | s3 | test.c:130:10:130:17 | v | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:179:13:179:14 | s3 | pointer base type short | +| test.c:130:10:130:17 | (int *)... | test.c:189:14:189:26 | call to aligned_alloc | test.c:130:10:130:17 | v | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:189:14:189:26 | call to aligned_alloc | call to aligned_alloc | +| test.c:158:3:158:20 | (size_t *)... | test.c:158:3:158:20 | & ... | test.c:158:3:158:20 | & ... | Cast from pointer with 1-byte alignment (defined by $@) to pointer with base type unsigned long with 8-byte alignment. | test.c:158:13:158:20 | & ... | address-of expression | +| test.c:162:3:162:18 | (S3 *)... | test.c:162:3:162:18 | & ... | test.c:162:3:162:18 | & ... | Cast from pointer with 8-byte alignment (defined by $@) to pointer with base type S3 with 64-byte alignment. | test.c:162:16:162:18 | & ... | address-of expression | +| test.c:168:3:168:17 | (S3 *)... | test.c:166:15:166:33 | call to malloc | test.c:168:3:168:17 | s1 | Cast from pointer with 16-byte alignment (defined by $@) to pointer with base type S3 with 64-byte alignment. | test.c:166:24:166:29 | call to malloc | call to malloc | +| test.c:173:3:173:14 | (size_t *)... | test.c:173:3:173:14 | s2 | test.c:173:3:173:14 | s2 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type unsigned long with 8-byte alignment. | test.c:173:13:173:14 | s2 | pointer base type short | +| test.c:178:3:178:14 | (size_t *)... | test.c:178:3:178:14 | s3 | test.c:178:3:178:14 | s3 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type unsigned long with 8-byte alignment. | test.c:178:13:178:14 | s3 | pointer base type short | +| test.c:186:3:186:14 | (size_t *)... | test.c:183:14:183:26 | call to aligned_alloc | test.c:186:3:186:14 | v1 | Cast from pointer with 4-byte alignment (defined by $@) to pointer with base type unsigned long with 8-byte alignment. | test.c:183:14:183:26 | call to aligned_alloc | call to aligned_alloc | +| test.c:216:3:216:11 | (int *)... | test.c:216:3:216:11 | p2 | test.c:216:3:216:11 | p2 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:216:10:216:11 | p2 | pointer base type short | +| test.c:217:3:217:12 | (long *)... | test.c:217:3:217:12 | p2 | test.c:217:3:217:12 | p2 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:217:11:217:12 | p2 | pointer base type short | +| test.c:218:3:218:13 | (float *)... | test.c:218:3:218:13 | p2 | test.c:218:3:218:13 | p2 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type float with 4-byte alignment. | test.c:218:12:218:13 | p2 | pointer base type short | +| test.c:219:3:219:14 | (double *)... | test.c:219:3:219:14 | p2 | test.c:219:3:219:14 | p2 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:219:13:219:14 | p2 | pointer base type short | +| test.c:225:3:225:11 | (int *)... | test.c:222:8:222:9 | p2 | test.c:225:3:225:11 | v1 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:222:8:222:9 | p2 | pointer base type short | +| test.c:226:3:226:13 | (float *)... | test.c:222:8:222:9 | p2 | test.c:226:3:226:13 | v1 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type float with 4-byte alignment. | test.c:222:8:222:9 | p2 | pointer base type short | +| test.c:227:3:227:12 | (long *)... | test.c:222:8:222:9 | p2 | test.c:227:3:227:12 | v1 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type long with 8-byte alignment. | test.c:222:8:222:9 | p2 | pointer base type short | +| test.c:228:3:228:14 | (double *)... | test.c:222:8:222:9 | p2 | test.c:228:3:228:14 | v1 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type double with 8-byte alignment. | test.c:222:8:222:9 | p2 | pointer base type short | +| test.c:256:3:256:12 | (int *)... | test.c:252:16:252:18 | & ... | test.c:256:3:256:12 | ps1 | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:252:16:252:18 | & ... | address-of expression | +| test.c:257:3:257:12 | (int *)... | test.c:257:3:257:12 | & ... | test.c:257:3:257:12 | & ... | Cast from pointer with 2-byte alignment (defined by $@) to pointer with base type int with 4-byte alignment. | test.c:257:10:257:12 | & ... | address-of expression | From 10b9266fa49a8e8d71e1b1c88bd1fdf22addb681 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 7 Jul 2025 14:52:09 +0200 Subject: [PATCH 009/104] Convert MSC33-C to the new dataflow library As it is the dataflow used by `asctime` that is relevant, and not the pointer, use the indirect expression. --- .../DoNotPassInvalidDataToTheAsctimeFunction.ql | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/c/cert/src/rules/MSC33-C/DoNotPassInvalidDataToTheAsctimeFunction.ql b/c/cert/src/rules/MSC33-C/DoNotPassInvalidDataToTheAsctimeFunction.ql index 67fa83e852..6342bcbd68 100644 --- a/c/cert/src/rules/MSC33-C/DoNotPassInvalidDataToTheAsctimeFunction.ql +++ b/c/cert/src/rules/MSC33-C/DoNotPassInvalidDataToTheAsctimeFunction.ql @@ -19,7 +19,7 @@ import cpp import codingstandards.c.cert -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow /** * The argument of a call to `asctime` @@ -29,6 +29,8 @@ class AsctimeArg extends Expr { this = any(FunctionCall f | f.getTarget().hasGlobalName(["asctime", "asctime_r"])).getArgument(0) } + + DataFlow::Node asSink() { this = result.asIndirectExpr() } } /** @@ -37,13 +39,13 @@ class AsctimeArg extends Expr { */ module TmStructSafeConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node src) { - src.asExpr() + src.asIndirectExpr() .(FunctionCall) .getTarget() .hasGlobalName(["localtime", "localtime_r", "localtime_s", "gmtime", "gmtime_r", "gmtime_s"]) } - predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof AsctimeArg } + predicate isSink(DataFlow::Node sink) { exists(AsctimeArg arg | arg.asSink() = sink) } } module TmStructSafeFlow = DataFlow::Global; @@ -51,6 +53,6 @@ module TmStructSafeFlow = DataFlow::Global; from AsctimeArg fc where not isExcluded(fc, Contracts7Package::doNotPassInvalidDataToTheAsctimeFunctionQuery()) and - not TmStructSafeFlow::flowToExpr(fc) + not TmStructSafeFlow::flowTo(fc.asSink()) select fc, "The function `asctime` and `asctime_r` should be discouraged. Unsanitized input can overflow the output buffer." From e0b79248bec06338a9833163bb52e2e72ad30c7b Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 7 Jul 2025 15:07:39 +0200 Subject: [PATCH 010/104] Convert MSC51-CPP to the new dataflow library --- .../src/rules/MSC51-CPP/BadlySeededRandomNumberGenerator.ql | 2 +- .../rules/MSC51-CPP/BadlySeededRandomNumberGenerator.expected | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/cpp/cert/src/rules/MSC51-CPP/BadlySeededRandomNumberGenerator.ql b/cpp/cert/src/rules/MSC51-CPP/BadlySeededRandomNumberGenerator.ql index 5322fbbde3..2c015aa680 100644 --- a/cpp/cert/src/rules/MSC51-CPP/BadlySeededRandomNumberGenerator.ql +++ b/cpp/cert/src/rules/MSC51-CPP/BadlySeededRandomNumberGenerator.ql @@ -20,7 +20,7 @@ import cpp import codingstandards.cpp.cert import codingstandards.cpp.standardlibrary.Random -import semmle.code.cpp.dataflow.TaintTracking +import semmle.code.cpp.dataflow.new.TaintTracking from RandomNumberEngineCreation createRandomNumberEngine, string seedSource where diff --git a/cpp/cert/test/rules/MSC51-CPP/BadlySeededRandomNumberGenerator.expected b/cpp/cert/test/rules/MSC51-CPP/BadlySeededRandomNumberGenerator.expected index 606ccbff2b..0128221ffc 100644 --- a/cpp/cert/test/rules/MSC51-CPP/BadlySeededRandomNumberGenerator.expected +++ b/cpp/cert/test/rules/MSC51-CPP/BadlySeededRandomNumberGenerator.expected @@ -1,4 +1,3 @@ -WARNING: module 'TaintTracking' has been deprecated and may be removed in future (BadlySeededRandomNumberGenerator.ql:42,7-20) | test.cpp:9:33:9:33 | call to linear_congruential_engine | Random number generator linear_congruential_engine is default-initialized and is therefore not properly seeded. | | test.cpp:10:30:10:31 | call to linear_congruential_engine | Random number generator linear_congruential_engine is default-initialized and is therefore not properly seeded. | | test.cpp:11:21:11:22 | call to linear_congruential_engine | Random number generator linear_congruential_engine is default-initialized and is therefore not properly seeded. | From b6c26eed29083cae33dbe29b0f7e0666d29bd60d Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 7 Jul 2025 15:16:22 +0200 Subject: [PATCH 011/104] Convert CTR56-CPP to the new dataflow library --- .../DoNotUsePointerArithmeticOnPolymorphicObjects.ql | 2 +- ...DoNotUsePointerArithmeticOnPolymorphicObjects.expected | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/cpp/cert/src/rules/CTR56-CPP/DoNotUsePointerArithmeticOnPolymorphicObjects.ql b/cpp/cert/src/rules/CTR56-CPP/DoNotUsePointerArithmeticOnPolymorphicObjects.ql index b4ac267225..2522f6c5e5 100644 --- a/cpp/cert/src/rules/CTR56-CPP/DoNotUsePointerArithmeticOnPolymorphicObjects.ql +++ b/cpp/cert/src/rules/CTR56-CPP/DoNotUsePointerArithmeticOnPolymorphicObjects.ql @@ -18,7 +18,7 @@ import cpp import codingstandards.cpp.cert -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import NonFinalClassToPointerArithmeticExprFlow::PathGraph class ArrayAccessOrPointerArith extends Expr { diff --git a/cpp/cert/test/rules/CTR56-CPP/DoNotUsePointerArithmeticOnPolymorphicObjects.expected b/cpp/cert/test/rules/CTR56-CPP/DoNotUsePointerArithmeticOnPolymorphicObjects.expected index 51ef13412c..1477f314ae 100644 --- a/cpp/cert/test/rules/CTR56-CPP/DoNotUsePointerArithmeticOnPolymorphicObjects.expected +++ b/cpp/cert/test/rules/CTR56-CPP/DoNotUsePointerArithmeticOnPolymorphicObjects.expected @@ -1,13 +1,11 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotUsePointerArithmeticOnPolymorphicObjects.ql:46,62-70) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotUsePointerArithmeticOnPolymorphicObjects.ql:47,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotUsePointerArithmeticOnPolymorphicObjects.ql:56,20-28) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotUsePointerArithmeticOnPolymorphicObjects.ql:62,3-11) edges | test.cpp:15:19:15:21 | foo | test.cpp:16:24:16:26 | foo | provenance | | | test.cpp:15:19:15:21 | foo | test.cpp:16:51:16:53 | foo | provenance | | | test.cpp:27:19:27:21 | foo | test.cpp:29:18:29:20 | foo | provenance | | +| test.cpp:40:12:40:19 | new | test.cpp:40:12:40:19 | new | provenance | | | test.cpp:40:12:40:19 | new | test.cpp:43:6:43:7 | l1 | provenance | | | test.cpp:40:12:40:19 | new | test.cpp:44:6:44:7 | l1 | provenance | | +| test.cpp:42:12:42:14 | & ... | test.cpp:42:12:42:14 | & ... | provenance | | | test.cpp:42:12:42:14 | & ... | test.cpp:45:6:45:7 | l3 | provenance | | | test.cpp:42:12:42:14 | & ... | test.cpp:46:6:46:7 | l3 | provenance | | | test.cpp:43:6:43:7 | l1 | test.cpp:15:19:15:21 | foo | provenance | | @@ -21,6 +19,8 @@ nodes | test.cpp:27:19:27:21 | foo | semmle.label | foo | | test.cpp:29:18:29:20 | foo | semmle.label | foo | | test.cpp:40:12:40:19 | new | semmle.label | new | +| test.cpp:40:12:40:19 | new | semmle.label | new | +| test.cpp:42:12:42:14 | & ... | semmle.label | & ... | | test.cpp:42:12:42:14 | & ... | semmle.label | & ... | | test.cpp:43:6:43:7 | l1 | semmle.label | l1 | | test.cpp:44:6:44:7 | l1 | semmle.label | l1 | From c478eadc18674e92fbf495fede975afdb11602ec Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 7 Jul 2025 15:32:52 +0200 Subject: [PATCH 012/104] Conver M3-9-3 to use the new dataflow library --- .../UnderlyingBitRepresentationsOfFloatingPointValuesUsed.ql | 2 +- ...erlyingBitRepresentationsOfFloatingPointValuesUsed.expected | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/cpp/autosar/src/rules/M3-9-3/UnderlyingBitRepresentationsOfFloatingPointValuesUsed.ql b/cpp/autosar/src/rules/M3-9-3/UnderlyingBitRepresentationsOfFloatingPointValuesUsed.ql index 279ad08f3c..820efffaeb 100644 --- a/cpp/autosar/src/rules/M3-9-3/UnderlyingBitRepresentationsOfFloatingPointValuesUsed.ql +++ b/cpp/autosar/src/rules/M3-9-3/UnderlyingBitRepresentationsOfFloatingPointValuesUsed.ql @@ -14,7 +14,7 @@ import cpp import codingstandards.cpp.autosar -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow predicate pointeeIsModified(PointerDereferenceExpr e, Expr m) { exists(Assignment a | a.getLValue() = e and m = a) diff --git a/cpp/autosar/test/rules/M3-9-3/UnderlyingBitRepresentationsOfFloatingPointValuesUsed.expected b/cpp/autosar/test/rules/M3-9-3/UnderlyingBitRepresentationsOfFloatingPointValuesUsed.expected index d0fe6416ca..9aec2314da 100644 --- a/cpp/autosar/test/rules/M3-9-3/UnderlyingBitRepresentationsOfFloatingPointValuesUsed.expected +++ b/cpp/autosar/test/rules/M3-9-3/UnderlyingBitRepresentationsOfFloatingPointValuesUsed.expected @@ -1,5 +1,2 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (UnderlyingBitRepresentationsOfFloatingPointValuesUsed.ql:27,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (UnderlyingBitRepresentationsOfFloatingPointValuesUsed.ql:36,10-18) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (UnderlyingBitRepresentationsOfFloatingPointValuesUsed.ql:37,5-13) | test.cpp:5:3:5:20 | ... &= ... | Modification of bit-representation of float originated at $@ | test.cpp:4:24:4:60 | reinterpret_cast... | cast | | test.cpp:12:3:12:14 | ... &= ... | Modification of bit-representation of float originated at $@ | test.cpp:11:18:11:30 | (uint8_t *)... | cast | From 081719755beef148d0f79508158b5bfa0f09779d Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 7 Jul 2025 15:42:37 +0200 Subject: [PATCH 013/104] Convert A9-3-1 to use the new dataflow library --- ...sNonConstRawPointersOrReferencesToPrivateOrProtectedData.ql | 2 +- ...nstRawPointersOrReferencesToPrivateOrProtectedData.expected | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/cpp/autosar/src/rules/A9-3-1/ReturnsNonConstRawPointersOrReferencesToPrivateOrProtectedData.ql b/cpp/autosar/src/rules/A9-3-1/ReturnsNonConstRawPointersOrReferencesToPrivateOrProtectedData.ql index 478f8dcdf0..458382c909 100644 --- a/cpp/autosar/src/rules/A9-3-1/ReturnsNonConstRawPointersOrReferencesToPrivateOrProtectedData.ql +++ b/cpp/autosar/src/rules/A9-3-1/ReturnsNonConstRawPointersOrReferencesToPrivateOrProtectedData.ql @@ -15,7 +15,7 @@ import cpp import codingstandards.cpp.autosar import codingstandards.cpp.CommonTypes as CommonTypes -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow class AccessAwareMemberFunction extends MemberFunction { Class c; diff --git a/cpp/autosar/test/rules/A9-3-1/ReturnsNonConstRawPointersOrReferencesToPrivateOrProtectedData.expected b/cpp/autosar/test/rules/A9-3-1/ReturnsNonConstRawPointersOrReferencesToPrivateOrProtectedData.expected index 70892c12c8..04c1f35a45 100644 --- a/cpp/autosar/test/rules/A9-3-1/ReturnsNonConstRawPointersOrReferencesToPrivateOrProtectedData.expected +++ b/cpp/autosar/test/rules/A9-3-1/ReturnsNonConstRawPointersOrReferencesToPrivateOrProtectedData.expected @@ -1,6 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ReturnsNonConstRawPointersOrReferencesToPrivateOrProtectedData.ql:73,3-11) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ReturnsNonConstRawPointersOrReferencesToPrivateOrProtectedData.ql:73,23-31) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ReturnsNonConstRawPointersOrReferencesToPrivateOrProtectedData.ql:73,46-54) | test.cpp:20:8:20:12 | getB2 | Member function A::getB2 $@ a non-const raw pointer or reference to a private or protected $@. | test.cpp:20:25:20:25 | b | returns | test.cpp:54:7:54:7 | b | field | | test.cpp:22:8:22:12 | getB3 | Member function A::getB3 $@ a non-const raw pointer or reference to a private or protected $@. | test.cpp:22:25:22:26 | & ... | returns | test.cpp:54:7:54:7 | b | field | | test.cpp:24:8:24:13 | getB33 | Member function A::getB33 $@ a non-const raw pointer or reference to a private or protected $@. | test.cpp:26:12:26:13 | bb | returns | test.cpp:54:7:54:7 | b | field | From 51295f161c792afa795208873b5a3bfb88409e25 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 7 Jul 2025 15:51:49 +0200 Subject: [PATCH 014/104] Convert A27-0-4 to use the new dataflow library --- cpp/autosar/src/rules/A27-0-4/CStyleStringsUsed.ql | 2 +- cpp/autosar/test/rules/A27-0-4/CStyleStringsUsed.expected | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/cpp/autosar/src/rules/A27-0-4/CStyleStringsUsed.ql b/cpp/autosar/src/rules/A27-0-4/CStyleStringsUsed.ql index b24a4a96cf..5ad2e9ee0a 100644 --- a/cpp/autosar/src/rules/A27-0-4/CStyleStringsUsed.ql +++ b/cpp/autosar/src/rules/A27-0-4/CStyleStringsUsed.ql @@ -14,7 +14,7 @@ import cpp import codingstandards.cpp.autosar -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow class InstanceOfCStyleString extends Expr { InstanceOfCStyleString() { diff --git a/cpp/autosar/test/rules/A27-0-4/CStyleStringsUsed.expected b/cpp/autosar/test/rules/A27-0-4/CStyleStringsUsed.expected index 555cb412b8..6184aad74e 100644 --- a/cpp/autosar/test/rules/A27-0-4/CStyleStringsUsed.expected +++ b/cpp/autosar/test/rules/A27-0-4/CStyleStringsUsed.expected @@ -1,6 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (CStyleStringsUsed.ql:39,3-11) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (CStyleStringsUsed.ql:39,23-31) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (CStyleStringsUsed.ql:39,47-55) | test.cpp:7:20:7:27 | CodeQL | Usage of C-style string in $@. | test.cpp:7:20:7:27 | CodeQL | expression | | test.cpp:7:20:7:27 | CodeQL | Usage of C-style string in $@. | test.cpp:16:16:16:17 | a1 | expression | | test.cpp:8:22:8:26 | call to c_str | Usage of C-style string in $@. | test.cpp:8:22:8:26 | call to c_str | expression | From 8933de94c4cb5f41a3a7525ebe52428b1fbc67ca Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 7 Jul 2025 15:54:04 +0200 Subject: [PATCH 015/104] Convert A5-0-4 to use the new dataflow library --- .../PointerArithmeticUsedWithPointersToNonFinalClasses.ql | 2 +- ...erArithmeticUsedWithPointersToNonFinalClasses.expected | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/cpp/autosar/src/rules/A5-0-4/PointerArithmeticUsedWithPointersToNonFinalClasses.ql b/cpp/autosar/src/rules/A5-0-4/PointerArithmeticUsedWithPointersToNonFinalClasses.ql index ac2375f6aa..eb818204ba 100644 --- a/cpp/autosar/src/rules/A5-0-4/PointerArithmeticUsedWithPointersToNonFinalClasses.ql +++ b/cpp/autosar/src/rules/A5-0-4/PointerArithmeticUsedWithPointersToNonFinalClasses.ql @@ -17,7 +17,7 @@ import cpp import codingstandards.cpp.autosar import codingstandards.cpp.Type -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import NonFinalClassToPointerArithmeticExprFlow::PathGraph class ArrayAccessOrPointerArith extends Expr { diff --git a/cpp/autosar/test/rules/A5-0-4/PointerArithmeticUsedWithPointersToNonFinalClasses.expected b/cpp/autosar/test/rules/A5-0-4/PointerArithmeticUsedWithPointersToNonFinalClasses.expected index e2b51e5fb9..fc29955b25 100644 --- a/cpp/autosar/test/rules/A5-0-4/PointerArithmeticUsedWithPointersToNonFinalClasses.expected +++ b/cpp/autosar/test/rules/A5-0-4/PointerArithmeticUsedWithPointersToNonFinalClasses.expected @@ -1,13 +1,11 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (PointerArithmeticUsedWithPointersToNonFinalClasses.ql:45,62-70) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (PointerArithmeticUsedWithPointersToNonFinalClasses.ql:46,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (PointerArithmeticUsedWithPointersToNonFinalClasses.ql:55,20-28) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (PointerArithmeticUsedWithPointersToNonFinalClasses.ql:61,3-11) edges | test.cpp:10:18:10:20 | foo | test.cpp:11:23:11:25 | foo | provenance | | | test.cpp:10:18:10:20 | foo | test.cpp:11:50:11:52 | foo | provenance | | | test.cpp:22:18:22:20 | foo | test.cpp:24:18:24:20 | foo | provenance | | +| test.cpp:35:11:35:17 | new | test.cpp:35:11:35:17 | new | provenance | | | test.cpp:35:11:35:17 | new | test.cpp:38:6:38:7 | l1 | provenance | | | test.cpp:35:11:35:17 | new | test.cpp:39:6:39:7 | l1 | provenance | | +| test.cpp:37:11:37:13 | & ... | test.cpp:37:11:37:13 | & ... | provenance | | | test.cpp:37:11:37:13 | & ... | test.cpp:40:6:40:7 | l3 | provenance | | | test.cpp:37:11:37:13 | & ... | test.cpp:41:6:41:7 | l3 | provenance | | | test.cpp:38:6:38:7 | l1 | test.cpp:10:18:10:20 | foo | provenance | | @@ -21,6 +19,8 @@ nodes | test.cpp:22:18:22:20 | foo | semmle.label | foo | | test.cpp:24:18:24:20 | foo | semmle.label | foo | | test.cpp:35:11:35:17 | new | semmle.label | new | +| test.cpp:35:11:35:17 | new | semmle.label | new | +| test.cpp:37:11:37:13 | & ... | semmle.label | & ... | | test.cpp:37:11:37:13 | & ... | semmle.label | & ... | | test.cpp:38:6:38:7 | l1 | semmle.label | l1 | | test.cpp:39:6:39:7 | l1 | semmle.label | l1 | From aa7d8273b570e7c308e5389ae35df48ebf495d98 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 7 Jul 2025 16:45:10 +0200 Subject: [PATCH 016/104] Update expected test results for MSC33-C --- .../MSC33-C/DoNotPassInvalidDataToTheAsctimeFunction.expected | 4 ---- 1 file changed, 4 deletions(-) diff --git a/c/cert/test/rules/MSC33-C/DoNotPassInvalidDataToTheAsctimeFunction.expected b/c/cert/test/rules/MSC33-C/DoNotPassInvalidDataToTheAsctimeFunction.expected index 7ebeb7a8c1..70d60c528a 100644 --- a/c/cert/test/rules/MSC33-C/DoNotPassInvalidDataToTheAsctimeFunction.expected +++ b/c/cert/test/rules/MSC33-C/DoNotPassInvalidDataToTheAsctimeFunction.expected @@ -1,5 +1 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotPassInvalidDataToTheAsctimeFunction.ql:38,38-46) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotPassInvalidDataToTheAsctimeFunction.ql:39,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotPassInvalidDataToTheAsctimeFunction.ql:46,20-28) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotPassInvalidDataToTheAsctimeFunction.ql:49,27-35) | test.c:6:24:6:30 | time_tm | The function `asctime` and `asctime_r` should be discouraged. Unsanitized input can overflow the output buffer. | From f737a940b1cc539bf73af065e3d4cc65bce0009c Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 7 Jul 2025 16:48:05 +0200 Subject: [PATCH 017/104] Create temporary copies of parts of the concurrency library These use the new dataflow library --- .../codingstandards/cpp/ConcurrencyNew.qll | 15 ++ .../cpp/concurrency/LockingOperationNew.qll | 235 +++++++++++++++++ .../concurrency/ThreadDependentMutexNew.qll | 246 ++++++++++++++++++ .../concurrency/ThreadSpecificStorageNew.qll | 59 +++++ 4 files changed, 555 insertions(+) create mode 100644 cpp/common/src/codingstandards/cpp/ConcurrencyNew.qll create mode 100644 cpp/common/src/codingstandards/cpp/concurrency/LockingOperationNew.qll create mode 100644 cpp/common/src/codingstandards/cpp/concurrency/ThreadDependentMutexNew.qll create mode 100644 cpp/common/src/codingstandards/cpp/concurrency/ThreadSpecificStorageNew.qll diff --git a/cpp/common/src/codingstandards/cpp/ConcurrencyNew.qll b/cpp/common/src/codingstandards/cpp/ConcurrencyNew.qll new file mode 100644 index 0000000000..37aea01889 --- /dev/null +++ b/cpp/common/src/codingstandards/cpp/ConcurrencyNew.qll @@ -0,0 +1,15 @@ +import cpp +import semmle.code.cpp.dataflow.new.TaintTracking +import codingstandards.cpp.concurrency.Atomic +import codingstandards.cpp.concurrency.CConditionOperation +import codingstandards.cpp.concurrency.ControlFlow +import codingstandards.cpp.concurrency.ConditionalWait +import codingstandards.cpp.concurrency.LockingOperationNew +import codingstandards.cpp.concurrency.LockProtectedControlFlow +import codingstandards.cpp.concurrency.MutexDestroyer +import codingstandards.cpp.concurrency.ThreadCreation +import codingstandards.cpp.concurrency.ThreadedFunction +import codingstandards.cpp.concurrency.ThreadDependentMutexNew +import codingstandards.cpp.concurrency.ThreadSpecificStorageNew +import codingstandards.cpp.concurrency.ThreadWaitDetach +import codingstandards.cpp.concurrency.Types diff --git a/cpp/common/src/codingstandards/cpp/concurrency/LockingOperationNew.qll b/cpp/common/src/codingstandards/cpp/concurrency/LockingOperationNew.qll new file mode 100644 index 0000000000..114b569204 --- /dev/null +++ b/cpp/common/src/codingstandards/cpp/concurrency/LockingOperationNew.qll @@ -0,0 +1,235 @@ +import cpp +import semmle.code.cpp.dataflow.new.TaintTracking + +abstract class LockingOperation extends FunctionCall { + /** + * Returns the target of the lock underlying this RAII-style lock. + */ + abstract Variable getLock(); + + /** + * Returns the lock underlying this RAII-style lock. + */ + abstract Expr getLockExpr(); + + /** + * Holds if this is a lock operation + */ + abstract predicate isLock(); + + /** + * Holds if this is an unlock operation + */ + abstract predicate isUnlock(); + + /** + * Holds if this locking operation is really a locking operation within a + * designated locking operation. This library assumes the underlying locking + * operations are implemented correctly in that calling a `LockingOperation` + * results in the creation of a singular lock. + */ + predicate isLockingOperationWithinLockingOperation(LockingOperation inner) { + exists(LockingOperation outer | outer.getTarget() = inner.getEnclosingFunction()) + } +} + +/** + * Common base class providing an interface into function call + * based mutex locks. + */ +abstract class MutexFunctionCall extends LockingOperation { + abstract predicate isRecursive(); + + abstract predicate isSpeculativeLock(); + + abstract predicate unlocks(MutexFunctionCall fc); +} + +/** + * Models calls to various mutex types found in CPP. + */ +class CPPMutexFunctionCall extends MutexFunctionCall { + VariableAccess var; + + CPPMutexFunctionCall() { + getTarget() + .(MemberFunction) + .getDeclaringType() + .hasQualifiedName("std", + ["mutex", "timed_mutex", "shared_timed_mutex", "recursive_mutex", "recursive_timed_mutex"]) and + var = getQualifier() + } + + /** + * Holds if this mutex is a recursive mutex. + */ + override predicate isRecursive() { + getTarget() + .(MemberFunction) + .getDeclaringType() + .hasQualifiedName("std", ["recursive_mutex", "recursive_timed_mutex"]) + } + + /** + * Holds if this `CPPMutexFunctionCall` is a lock. + */ + override predicate isLock() { + not isLockingOperationWithinLockingOperation(this) and + getTarget().getName() = "lock" + } + + /** + * Holds if this `CPPMutexFunctionCall` is a speculative lock, defined as calling + * one of the speculative locking functions such as `try_lock`. + */ + override predicate isSpeculativeLock() { + getTarget().getName() in [ + "try_lock", "try_lock_for", "try_lock_until", "try_lock_shared_for", "try_lock_shared_until" + ] + } + + /** + * Returns the lock to which this `CPPMutexFunctionCall` refers to. + */ + override Variable getLock() { result = getQualifier().(VariableAccess).getTarget() } + + /** + * Returns the qualifier for this `CPPMutexFunctionCall`. + */ + override Expr getLockExpr() { result = var } + + /** + * Holds if this is a `unlock` and *may* unlock the previously locked `MutexFunctionCall`. + * This predicate does not check that the mutex is currently locked. + */ + override predicate unlocks(MutexFunctionCall fc) { + isUnlock() and + fc.getQualifier().(VariableAccess).getTarget() = getQualifier().(VariableAccess).getTarget() + } + + /** + * Holds if this is an unlock call. + */ + override predicate isUnlock() { getTarget().getName() = "unlock" } +} + +/** + * Models calls to various mutex types specialized to C code. + */ +class CMutexFunctionCall extends MutexFunctionCall { + Expr arg; + + CMutexFunctionCall() { + // the non recursive kinds + getTarget().getName() = ["mtx_lock", "mtx_unlock", "mtx_timedlock", "mtx_trylock"] and + arg = getArgument(0) + } + + /** + * Holds if this mutex is a recursive mutex. + */ + override predicate isRecursive() { none() } + + /** + * Holds if this `CMutexFunctionCall` is a lock. + */ + override predicate isLock() { + not isLockingOperationWithinLockingOperation(this) and + getTarget().getName() = ["mtx_lock", "mtx_timedlock", "mtx_trylock"] + } + + /** + * Holds if this `CMutexFunctionCall` is a speculative lock, defined as calling + * one of the speculative locking functions such as `try_lock`. + */ + override predicate isSpeculativeLock() { + getTarget().getName() in ["mtx_timedlock", "mtx_trylock"] + } + + /** + * Returns the `Variable` to which this `CMutexFunctionCall` refers to. For this + * style of lock it can reference a number of different variables. + */ + override Variable getLock() { + exists(VariableAccess va | + TaintTracking::localTaint(DataFlow::exprNode(va), DataFlow::exprNode(getLockExpr())) and + result = va.getTarget() + ) + } + + /** + * Returns the expression for this `CMutexFunctionCall`. + */ + override Expr getLockExpr() { result = arg } + + /** + * Holds if this is a `unlock` and *may* unlock the previously locked `CMutexFunctionCall`. + * This predicate does not check that the mutex is currently locked. + */ + override predicate unlocks(MutexFunctionCall fc) { + isUnlock() and + fc.getLock() = getLock() + } + + /** + * Holds if this is an unlock call. + */ + override predicate isUnlock() { getTarget().getName() = "mtx_unlock" } +} + +/** + * Models a RAII-Style lock. + */ +class RAIIStyleLock extends LockingOperation { + VariableAccess lock; + + RAIIStyleLock() { + ( + getTarget().getDeclaringType().hasQualifiedName("std", "lock_guard") or + getTarget().getDeclaringType().hasQualifiedName("std", "unique_lock") or + getTarget().getDeclaringType().hasQualifiedName("std", "scoped_lock") + ) and + ( + lock = getArgument(0).getAChild*() + or + this instanceof DestructorCall and + exists(RAIIStyleLock constructor | + constructor = getQualifier().(VariableAccess).getTarget().getInitializer().getExpr() and + lock = constructor.getArgument(0).getAChild*() + ) + ) + } + + /** + * Holds if this is a lock operation + */ + override predicate isLock() { + not isLockingOperationWithinLockingOperation(this) and + this instanceof ConstructorCall and + lock = getArgument(0).getAChild*() and + // defer_locks don't cause a lock + not exists(Expr exp | + exp = getArgument(1) and + exp.(VariableAccess) + .getTarget() + .getUnderlyingType() + .(Class) + .hasQualifiedName("std", "defer_lock_t") + ) + } + + /** + * Holds if this is an unlock operation + */ + override predicate isUnlock() { this instanceof DestructorCall } + + /** + * Returns the target of the lock underlying this RAII-style lock. + */ + override Variable getLock() { result = lock.getTarget() } + + /** + * Returns the lock underlying this RAII-style lock. + */ + override Expr getLockExpr() { result = lock } +} diff --git a/cpp/common/src/codingstandards/cpp/concurrency/ThreadDependentMutexNew.qll b/cpp/common/src/codingstandards/cpp/concurrency/ThreadDependentMutexNew.qll new file mode 100644 index 0000000000..c761e2b1be --- /dev/null +++ b/cpp/common/src/codingstandards/cpp/concurrency/ThreadDependentMutexNew.qll @@ -0,0 +1,246 @@ +import cpp +import semmle.code.cpp.dataflow.new.TaintTracking +private import codingstandards.cpp.concurrency.ControlFlow +private import codingstandards.cpp.concurrency.ThreadedFunction + +abstract class MutexSource extends FunctionCall { } + +/** + * Models a C++ style mutex. + */ +class CPPMutexSource extends MutexSource, ConstructorCall { + CPPMutexSource() { getTarget().getDeclaringType().hasQualifiedName("std", "mutex") } +} + +/** + * Models a C11 style mutex. + */ +class C11MutexSource extends MutexSource, FunctionCall { + C11MutexSource() { getTarget().hasName("mtx_init") } + + Expr getMutexExpr() { result = getArgument(0) } + + Expr getMutexTypeExpr() { result = getArgument(1) } + + predicate isRecursive() { + exists(EnumConstantAccess recursive | + recursive = getMutexTypeExpr().getAChild*() and + recursive.getTarget().hasName("mtx_recursive") + ) + } +} + +/** + * Models a thread dependent mutex. A thread dependent mutex is a mutex + * that is used by a thread. This dependency is established either by directly + * passing in a mutex or by referencing a mutex that is in the local scope. The utility + * of this class is it captures the `DataFlow::Node` source at which the mutex + * came from. For example, if it is passed in from a local function to a thread. + * This functionality is critical, since it allows one to inspect how the thread + * behaves with respect to the owner of a resource. + * + * To model the myriad ways this can happen, the subclasses of this class are + * responsible for implementing the various usage patterns. + */ +abstract class ThreadDependentMutex extends DataFlow::Node { + DataFlow::Node sink; + + DataFlow::Node getASource() { + // the source is either the thing that declared + // the mutex + result = this + or + // or the thread we are using it in + result = getAThreadSource() + } + + /** + * Gets the dataflow nodes corresponding to thread local usages of the + * dependent mutex. + */ + DataFlow::Node getAThreadSource() { + // here we line up the actual parameter at the thread creation + // site with the formal parameter in the target thread. + // Note that there are differences between the C and C++ versions + // of the argument ordering in the thread creation function. However, + // since the C version only takes one parameter (as opposed to multiple) + // we can simplify this search by considering only the first argument. + exists(FunctionCall fc, Function f, int n | + // Get the argument to which the mutex flowed. + fc.getArgument(n) = sink.asExpr() and + // Get the thread function we are calling. + f = fc.getArgument(0).(FunctionAccess).getTarget() and + // in C++, there is an extra argument to the `std::thread` call + // so we must subtract 1 since this is not passed to the thread. + ( + result = DataFlow::exprNode(f.getParameter(n - 1).getAnAccess()) + or + // In C, only one argument is allowed. Thus IF the flow predicate holds, + // it will be to the first argument + result = DataFlow::exprNode(f.getParameter(0).getAnAccess()) + ) + ) + } + + /** + * Produces the set of dataflow nodes to thread creation for threads + * that are dependent on this mutex. + */ + DataFlow::Node getADependentThreadCreationExpr() { + exists(FunctionCall fc | + fc.getAnArgument() = sink.asExpr() and + result = DataFlow::exprNode(fc) + ) + } + + /** + * Gets a set of usages of this mutex in both the local and thread scope. + * In the case of scoped usage, this also captures typical accesses of variables. + */ + DataFlow::Node getAUsage() { TaintTracking::localTaint(getASource(), result) } +} + +/** + * This class models the type of thread/mutex dependency that is established + * through the typical parameter passing mechanisms found in C++. + */ +class FlowBasedThreadDependentMutex extends ThreadDependentMutex { + FlowBasedThreadDependentMutex() { + // some sort of dataflow, likely through parameter passing. + ThreadDependentMutexFlow::flow(this, sink) + } +} + +/** + * This class models the type of thread/mutex dependency that is established by + * either scope based accesses (e.g., global variables) or block scope differences. + */ +class AccessBasedThreadDependentMutex extends ThreadDependentMutex { + Variable variableSource; + + AccessBasedThreadDependentMutex() { + // encapsulates usages from outside scopes not directly expressed + // in dataflow. + exists(MutexSource mutexSrc, ThreadedFunction f | + DataFlow::exprNode(mutexSrc) = this and + // find a variable that was assigned the mutex + TaintTracking::localTaint(DataFlow::exprNode(mutexSrc), + DataFlow::exprNode(variableSource.getAnAssignedValue())) and + // find all subsequent accesses of that variable that are within a + // function and set those to the sink + exists(VariableAccess va | + va = variableSource.getAnAccess() and + va.getEnclosingFunction() = f and + sink = DataFlow::exprNode(va) + ) + ) + } + + override DataFlow::Node getAUsage() { DataFlow::exprNode(variableSource.getAnAccess()) = result } +} + +/** + * In the typical C thread model, a mutex is a created by a function that is not responsible + * for creating the variable. Thus this class encodes a slightly different semantics + * wherein the usage pattern is that of variables that have been both initialized + * and then subsequently passed into a thread directly. + */ +class DeclarationInitBasedThreadDependentMutex extends ThreadDependentMutex { + Variable variableSource; + + DeclarationInitBasedThreadDependentMutex() { + exists(MutexSource ms, ThreadCreationFunction tcf | + this = DataFlow::exprNode(ms) and + // accessed as a mutex source + TaintTracking::localTaint(DataFlow::exprNode(variableSource.getAnAccess()), + DataFlow::exprNode(ms.getAnArgument())) and + // subsequently passed to a thread creation function (order not strictly + // enforced for performance reasons) + sink = DataFlow::exprNode(tcf.getAnArgument()) and + TaintTracking::localTaint(DataFlow::exprNode(variableSource.getAnAccess()), sink) + ) + } + + override DataFlow::Node getAUsage() { + TaintTracking::localTaint(getASource(), result) or + DataFlow::exprNode(variableSource.getAnAccess()) = result + } + + override DataFlow::Node getASource() { + // the source is either the thing that declared + // the mutex + result = this + or + // or the thread we are using it in + result = getAThreadSource() + } + + DataFlow::Node getSink() { result = sink } + + /** + * Gets the dataflow nodes corresponding to thread local usages of the + * dependent mutex. + */ + override DataFlow::Node getAThreadSource() { + // here we line up the actual parameter at the thread creation + // site with the formal parameter in the target thread. + // Note that there are differences between the C and C++ versions + // of the argument ordering in the thread creation function. However, + // since the C version only takes one parameter (as opposed to multiple) + // we can simplify this search by considering only the first argument. + exists( + FunctionCall fc, Function f, int n // CPP Version + | + fc.getArgument(n) = sink.asExpr() and + f = fc.getArgument(0).(FunctionAccess).getTarget() and + // in C++, there is an extra argument to the `std::thread` call + // so we must subtract 1 since this is not passed to the thread. + result = DataFlow::exprNode(f.getParameter(n - 1).getAnAccess()) + ) + or + exists( + FunctionCall fc, Function f // C Version + | + fc.getAnArgument() = sink.asExpr() and + // in C, the second argument is the function + f = fc.getArgument(1).(FunctionAccess).getTarget() and + // in C, the passed argument is always the zeroth argument + result = DataFlow::exprNode(f.getParameter(0).getAnAccess()) + ) + } +} + +/** + * In the typical C model, another way to use mutexes is to work with global variables + * that can be initialized at various points -- one of which must be inside a thread. + * This class encapsulates this pattern. + */ +class DeclarationInitAccessBasedThreadDependentMutex extends ThreadDependentMutex { + Variable variableSource; + + DeclarationInitAccessBasedThreadDependentMutex() { + exists(MutexSource ms, ThreadedFunction tf, VariableAccess va | + this = DataFlow::exprNode(ms) and + // accessed as a mutex source + TaintTracking::localTaint(DataFlow::exprNode(variableSource.getAnAccess()), + DataFlow::exprNode(ms.getAnArgument())) and + // is accessed somewhere else + va = variableSource.getAnAccess() and + sink = DataFlow::exprNode(va) and + // one of which must be a thread + va.getEnclosingFunction() = tf + ) + } + + override DataFlow::Node getAUsage() { result = DataFlow::exprNode(variableSource.getAnAccess()) } +} + +module ThreadDependentMutexConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node.asExpr() instanceof MutexSource } + + predicate isSink(DataFlow::Node node) { + exists(ThreadCreationFunction f | f.getAnArgument() = node.asExpr()) + } +} + +module ThreadDependentMutexFlow = TaintTracking::Global; diff --git a/cpp/common/src/codingstandards/cpp/concurrency/ThreadSpecificStorageNew.qll b/cpp/common/src/codingstandards/cpp/concurrency/ThreadSpecificStorageNew.qll new file mode 100644 index 0000000000..6dcb169250 --- /dev/null +++ b/cpp/common/src/codingstandards/cpp/concurrency/ThreadSpecificStorageNew.qll @@ -0,0 +1,59 @@ +import cpp +private import semmle.code.cpp.dataflow.new.DataFlow +private import codingstandards.cpp.concurrency.ThreadCreation + +/** + * Models calls to thread specific storage function calls. + */ +abstract class ThreadSpecificStorageFunctionCall extends FunctionCall { + /** + * Gets the key to which this call references. + */ + Expr getKey() { getArgument(0) = result } +} + +/** + * Models calls to `tss_get`. + */ +class TSSGetFunctionCall extends ThreadSpecificStorageFunctionCall { + TSSGetFunctionCall() { getTarget().getName() = "tss_get" } +} + +/** + * Models calls to `tss_set`. + */ +class TSSSetFunctionCall extends ThreadSpecificStorageFunctionCall { + TSSSetFunctionCall() { getTarget().getName() = "tss_set" } +} + +/** + * Models calls to `tss_create` + */ +class TSSCreateFunctionCall extends ThreadSpecificStorageFunctionCall { + TSSCreateFunctionCall() { getTarget().getName() = "tss_create" } + + predicate hasDeallocator() { + not exists(MacroInvocation mi, NullMacro nm | + getArgument(1) = mi.getExpr() and + mi = nm.getAnInvocation() + ) + } +} + +/** + * Models calls to `tss_delete` + */ +class TSSDeleteFunctionCall extends ThreadSpecificStorageFunctionCall { + TSSDeleteFunctionCall() { getTarget().getName() = "tss_delete" } +} + +/** + * Gets a call to `DeallocationExpr` that deallocates memory owned by thread specific + * storage. + */ +predicate getAThreadSpecificStorageDeallocationCall(C11ThreadCreateCall tcc, DeallocationExpr dexp) { + exists(TSSGetFunctionCall tsg | + tcc.getFunction().getEntryPoint().getASuccessor*() = tsg and + DataFlow::localFlow(DataFlow::exprNode(tsg), DataFlow::exprNode(dexp.getFreedExpr())) + ) +} From f6c3c4c8f135a71d4b5f03a0cefe58bc6fa43d10 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 7 Jul 2025 16:50:27 +0200 Subject: [PATCH 018/104] Convert CON30-C to use the new dataflow library --- c/cert/src/rules/CON30-C/CleanUpThreadSpecificStorage.ql | 4 ++-- .../rules/CON30-C/CleanUpThreadSpecificStorage.expected | 6 ------ 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/c/cert/src/rules/CON30-C/CleanUpThreadSpecificStorage.ql b/c/cert/src/rules/CON30-C/CleanUpThreadSpecificStorage.ql index 1e03c089e8..afa664448a 100644 --- a/c/cert/src/rules/CON30-C/CleanUpThreadSpecificStorage.ql +++ b/c/cert/src/rules/CON30-C/CleanUpThreadSpecificStorage.ql @@ -19,8 +19,8 @@ import cpp import codingstandards.c.cert -import codingstandards.cpp.Concurrency -import semmle.code.cpp.dataflow.DataFlow +import codingstandards.cpp.ConcurrencyNew +import semmle.code.cpp.dataflow.new.DataFlow module TssCreateToTssDeleteConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node node) { diff --git a/c/cert/test/rules/CON30-C/CleanUpThreadSpecificStorage.expected b/c/cert/test/rules/CON30-C/CleanUpThreadSpecificStorage.expected index f3ea87136a..e03b665a1c 100644 --- a/c/cert/test/rules/CON30-C/CleanUpThreadSpecificStorage.expected +++ b/c/cert/test/rules/CON30-C/CleanUpThreadSpecificStorage.expected @@ -1,9 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (CleanUpThreadSpecificStorage.ql:25,46-54) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (CleanUpThreadSpecificStorage.ql:26,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (CleanUpThreadSpecificStorage.ql:35,20-28) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (CleanUpThreadSpecificStorage.ql:45,35-43) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (CleanUpThreadSpecificStorage.ql:53,36-44) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (CleanUpThreadSpecificStorage.ql:55,36-44) | test.c:27:3:27:12 | call to tss_create | Resources used by thread specific storage may not be cleaned up. | | test.c:49:3:49:12 | call to tss_create | Resources used by thread specific storage may not be cleaned up. | | test.c:71:3:71:12 | call to tss_create | Resources used by thread specific storage may not be cleaned up. | From 9e12e5e250cea3022d0fef80e0ad3cbe2c85e39c Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Tue, 8 Jul 2025 11:17:40 +0200 Subject: [PATCH 019/104] Convert CON34-C to the new dataflow library Since the new dataflow library uses use-use dataflow and not def-use dataflow, we now need to check for definitions. Note that these queries can probably be improved by using a dataflow configuration - possibly limited to the local context of a function by including `DataFlow::FeatureEqualSourceSinkCallContext` --- .../AppropriateThreadObjectStorageDurations.ql | 5 +++-- .../ThreadObjectStorageDurationsNotInitialized.ql | 7 ++++--- ...AppropriateThreadObjectStorageDurations.expected | 13 ------------- ...eadObjectStorageDurationsNotInitialized.expected | 5 ----- 4 files changed, 7 insertions(+), 23 deletions(-) diff --git a/c/cert/src/rules/CON34-C/AppropriateThreadObjectStorageDurations.ql b/c/cert/src/rules/CON34-C/AppropriateThreadObjectStorageDurations.ql index 4fb034406b..10cdec5c73 100644 --- a/c/cert/src/rules/CON34-C/AppropriateThreadObjectStorageDurations.ql +++ b/c/cert/src/rules/CON34-C/AppropriateThreadObjectStorageDurations.ql @@ -20,8 +20,8 @@ import cpp import codingstandards.c.cert import codingstandards.c.Objects -import codingstandards.cpp.Concurrency -import semmle.code.cpp.dataflow.DataFlow +import codingstandards.cpp.ConcurrencyNew +import semmle.code.cpp.dataflow.new.DataFlow import semmle.code.cpp.commons.Alloc from C11ThreadCreateCall tcc, Expr arg @@ -53,6 +53,7 @@ where not exists(TSSSetFunctionCall tss, DataFlow::Node src | // there should be dataflow from somewhere (the same somewhere) // into each of the first arguments + exists(Expr e | e = src.asDefinition() or e = src.asDefiningArgument()) and DataFlow::localFlow(src, DataFlow::exprNode(tsg.getArgument(0))) and DataFlow::localFlow(src, DataFlow::exprNode(tss.getArgument(0))) ) diff --git a/c/cert/src/rules/CON34-C/ThreadObjectStorageDurationsNotInitialized.ql b/c/cert/src/rules/CON34-C/ThreadObjectStorageDurationsNotInitialized.ql index 07b114d6ca..40acc1e3ea 100644 --- a/c/cert/src/rules/CON34-C/ThreadObjectStorageDurationsNotInitialized.ql +++ b/c/cert/src/rules/CON34-C/ThreadObjectStorageDurationsNotInitialized.ql @@ -20,8 +20,8 @@ import cpp import codingstandards.c.cert -import codingstandards.cpp.Concurrency -import semmle.code.cpp.dataflow.DataFlow +import codingstandards.cpp.ConcurrencyNew +import semmle.code.cpp.dataflow.new.DataFlow from TSSGetFunctionCall tsg, ThreadedFunction tf where @@ -31,7 +31,8 @@ where // however, there does not exist a proper sequencing. not exists(TSSSetFunctionCall tss, DataFlow::Node src | // there should be dataflow from somewhere (the same somewhere) - // into each of the first arguments + // into each of the first argument + exists(Expr e | e = src.asDefinition() or e = src.asDefiningArgument()) and DataFlow::localFlow(src, DataFlow::exprNode(tsg.getArgument(0))) and DataFlow::localFlow(src, DataFlow::exprNode(tss.getArgument(0))) ) diff --git a/c/cert/test/rules/CON34-C/AppropriateThreadObjectStorageDurations.expected b/c/cert/test/rules/CON34-C/AppropriateThreadObjectStorageDurations.expected index 2cd844f81b..c3cdc8bd7b 100644 --- a/c/cert/test/rules/CON34-C/AppropriateThreadObjectStorageDurations.expected +++ b/c/cert/test/rules/CON34-C/AppropriateThreadObjectStorageDurations.expected @@ -1,16 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (AppropriateThreadObjectStorageDurations.ql:35,14-22) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (AppropriateThreadObjectStorageDurations.ql:37,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (AppropriateThreadObjectStorageDurations.ql:39,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (AppropriateThreadObjectStorageDurations.ql:42,45-53) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (AppropriateThreadObjectStorageDurations.ql:52,33-41) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (AppropriateThreadObjectStorageDurations.ql:52,58-66) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (AppropriateThreadObjectStorageDurations.ql:53,42-50) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (AppropriateThreadObjectStorageDurations.ql:56,9-17) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (AppropriateThreadObjectStorageDurations.ql:56,34-42) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (AppropriateThreadObjectStorageDurations.ql:57,9-17) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (AppropriateThreadObjectStorageDurations.ql:57,34-42) -WARNING: module 'TaintTracking' has been deprecated and may be removed in future (AppropriateThreadObjectStorageDurations.ql:42,9-22) -WARNING: module 'TaintTracking' has been deprecated and may be removed in future (AppropriateThreadObjectStorageDurations.ql:52,7-20) | test.c:23:3:23:13 | call to thrd_create | $@ not declared with appropriate storage duration | test.c:23:24:23:29 | & ... | Shared object | | test.c:74:3:74:13 | call to thrd_create | $@ not declared with appropriate storage duration | test.c:74:24:74:24 | p | Shared object | | test.c:85:3:85:13 | call to thrd_create | $@ not declared with appropriate storage duration | test.c:85:24:85:24 | p | Shared object | diff --git a/c/cert/test/rules/CON34-C/ThreadObjectStorageDurationsNotInitialized.expected b/c/cert/test/rules/CON34-C/ThreadObjectStorageDurationsNotInitialized.expected index b2ac853fbf..95d0a20041 100644 --- a/c/cert/test/rules/CON34-C/ThreadObjectStorageDurationsNotInitialized.expected +++ b/c/cert/test/rules/CON34-C/ThreadObjectStorageDurationsNotInitialized.expected @@ -1,6 +1 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ThreadObjectStorageDurationsNotInitialized.ql:32,38-46) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ThreadObjectStorageDurationsNotInitialized.ql:35,5-13) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ThreadObjectStorageDurationsNotInitialized.ql:35,30-38) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ThreadObjectStorageDurationsNotInitialized.ql:36,5-13) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ThreadObjectStorageDurationsNotInitialized.ql:36,30-38) | test.c:14:7:14:13 | call to tss_get | Call to a thread specific storage function from within a threaded context on an object that may not be owned by this thread. | From ef96540dc9c89f7223d214b997e4abe8ff93bd4e Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Tue, 8 Jul 2025 12:46:28 +0200 Subject: [PATCH 020/104] Move queries not depending on dataflow over to `ConcurrencyNew` --- .../CON33-C/RaceConditionsWhenUsingLibraryFunctions.ql | 2 +- .../rules/CON37-C/DoNotCallSignalInMultithreadedProgram.ql | 2 +- c/cert/src/rules/CON40-C/AtomicVariableTwiceInExpression.ql | 2 +- .../CON41-C/WrapFunctionsThatCanFailSpuriouslyInLoop.ql | 2 +- .../c/initialization/GlobalInitializationAnalysis.qll | 2 +- c/misra/src/rules/DIR-5-1/PossibleDataRaceBetweenThreads.ql | 6 +++--- c/misra/src/rules/DIR-5-3/BannedDynamicThreadCreation.ql | 2 +- c/misra/src/rules/DIR-5-3/ThreadCreatedByThread.ql | 2 +- .../ThreadLocalObjectAddressCopiedToGlobalObject.ql | 2 +- .../src/rules/RULE-22-12/NonstandardUseOfThreadingObject.ql | 2 +- .../RULE-22-13/ThreadingObjectWithInvalidStorageDuration.ql | 2 +- .../src/rules/RULE-22-14/MutexInitWithInvalidMutexType.ql | 2 +- .../src/rules/RULE-22-14/MutexInitializedInsideThread.ql | 2 +- .../src/rules/RULE-22-14/MutexNotInitializedBeforeUse.ql | 2 +- .../RULE-22-15/ThreadResourceDisposedBeforeThreadsJoined.ql | 2 +- .../src/rules/RULE-22-17/InvalidOperationOnUnlockedMutex.ql | 2 +- .../rules/RULE-22-18/NonRecursiveMutexRecursivelyLocked.ql | 2 +- .../RULE-22-18/NonRecursiveMutexRecursivelyLockedAudit.ql | 2 +- .../RULE-22-19/ConditionVariableUsedWithMultipleMutexes.ql | 2 +- .../RULE-22-20/ThreadStorageNotInitializedBeforeUse.ql | 2 +- .../ThreadStoragePointerInitializedInsideThread.ql | 2 +- .../DoNotSpeculativelyLockALockedNonRecursiveMutex.ql | 2 +- .../rules/CON56-CPP/LockedALockedNonRecursiveMutexAudit.ql | 2 +- .../rules/guardaccesstobitfields/GuardAccessToBitFields.qll | 2 +- .../JoinOrDetachThreadOnlyOnce.qll | 2 +- .../PreserveSafetyWhenUsingConditionVariables.qll | 2 +- .../PreventDeadlockByLockingInPredefinedOrder.qll | 2 +- .../WrapSpuriousFunctionInLoop.qll | 2 +- 28 files changed, 30 insertions(+), 30 deletions(-) diff --git a/c/cert/src/rules/CON33-C/RaceConditionsWhenUsingLibraryFunctions.ql b/c/cert/src/rules/CON33-C/RaceConditionsWhenUsingLibraryFunctions.ql index c9bcaa6bd2..dadb21985e 100644 --- a/c/cert/src/rules/CON33-C/RaceConditionsWhenUsingLibraryFunctions.ql +++ b/c/cert/src/rules/CON33-C/RaceConditionsWhenUsingLibraryFunctions.ql @@ -18,7 +18,7 @@ import cpp import codingstandards.c.cert -import codingstandards.cpp.Concurrency +import codingstandards.cpp.ConcurrencyNew from ThreadedCFN node where diff --git a/c/cert/src/rules/CON37-C/DoNotCallSignalInMultithreadedProgram.ql b/c/cert/src/rules/CON37-C/DoNotCallSignalInMultithreadedProgram.ql index 17691f24dd..72fe5b5923 100644 --- a/c/cert/src/rules/CON37-C/DoNotCallSignalInMultithreadedProgram.ql +++ b/c/cert/src/rules/CON37-C/DoNotCallSignalInMultithreadedProgram.ql @@ -19,7 +19,7 @@ import cpp import codingstandards.c.cert -import codingstandards.cpp.Concurrency +import codingstandards.cpp.ConcurrencyNew from FunctionCall fc // This should only be applied in the context of a multi-threaded program (since diff --git a/c/cert/src/rules/CON40-C/AtomicVariableTwiceInExpression.ql b/c/cert/src/rules/CON40-C/AtomicVariableTwiceInExpression.ql index 0ec195868f..cc85cd9d1c 100644 --- a/c/cert/src/rules/CON40-C/AtomicVariableTwiceInExpression.ql +++ b/c/cert/src/rules/CON40-C/AtomicVariableTwiceInExpression.ql @@ -19,7 +19,7 @@ import cpp import codingstandards.c.cert -import codingstandards.cpp.Concurrency +import codingstandards.cpp.ConcurrencyNew from MacroInvocation mi, Variable v, Locatable whereFound where diff --git a/c/cert/src/rules/CON41-C/WrapFunctionsThatCanFailSpuriouslyInLoop.ql b/c/cert/src/rules/CON41-C/WrapFunctionsThatCanFailSpuriouslyInLoop.ql index 57be1bc488..d7754973fe 100644 --- a/c/cert/src/rules/CON41-C/WrapFunctionsThatCanFailSpuriouslyInLoop.ql +++ b/c/cert/src/rules/CON41-C/WrapFunctionsThatCanFailSpuriouslyInLoop.ql @@ -19,7 +19,7 @@ import cpp import codingstandards.c.cert -import codingstandards.cpp.Concurrency +import codingstandards.cpp.ConcurrencyNew from AtomicCompareExchange ace where diff --git a/c/common/src/codingstandards/c/initialization/GlobalInitializationAnalysis.qll b/c/common/src/codingstandards/c/initialization/GlobalInitializationAnalysis.qll index 2906883ae9..cf32f9bdc6 100644 --- a/c/common/src/codingstandards/c/initialization/GlobalInitializationAnalysis.qll +++ b/c/common/src/codingstandards/c/initialization/GlobalInitializationAnalysis.qll @@ -1,6 +1,6 @@ import cpp import codingstandards.c.Objects -import codingstandards.cpp.Concurrency +import codingstandards.cpp.ConcurrencyNew import codingstandards.cpp.Type signature module GlobalInitializationAnalysisConfigSig { diff --git a/c/misra/src/rules/DIR-5-1/PossibleDataRaceBetweenThreads.ql b/c/misra/src/rules/DIR-5-1/PossibleDataRaceBetweenThreads.ql index 187c926278..5bcea0c5c6 100644 --- a/c/misra/src/rules/DIR-5-1/PossibleDataRaceBetweenThreads.ql +++ b/c/misra/src/rules/DIR-5-1/PossibleDataRaceBetweenThreads.ql @@ -15,9 +15,9 @@ import cpp import codingstandards.c.misra -import codingstandards.c.Objects as CObjects -import codingstandards.c.SubObjects as CSubObjects -import codingstandards.cpp.rules.possibledataracebetweenthreadsshared.PossibleDataRaceBetweenThreadsShared +import codingstandards.c.Objects +import codingstandards.c.SubObjects +import codingstandards.cpp.ConcurrencyNew module PossibleDataRaceBetweenThreadsConfig implements PossibleDataRaceBetweenThreadsSharedConfigSig { diff --git a/c/misra/src/rules/DIR-5-3/BannedDynamicThreadCreation.ql b/c/misra/src/rules/DIR-5-3/BannedDynamicThreadCreation.ql index 4bb526306b..cb12a8156b 100644 --- a/c/misra/src/rules/DIR-5-3/BannedDynamicThreadCreation.ql +++ b/c/misra/src/rules/DIR-5-3/BannedDynamicThreadCreation.ql @@ -18,7 +18,7 @@ import cpp import codingstandards.c.misra -import codingstandards.cpp.Concurrency +import codingstandards.cpp.ConcurrencyNew from CThreadCreateCall tc, Function enclosingFunction where diff --git a/c/misra/src/rules/DIR-5-3/ThreadCreatedByThread.ql b/c/misra/src/rules/DIR-5-3/ThreadCreatedByThread.ql index 207e763fa7..11f76de7ae 100644 --- a/c/misra/src/rules/DIR-5-3/ThreadCreatedByThread.ql +++ b/c/misra/src/rules/DIR-5-3/ThreadCreatedByThread.ql @@ -17,7 +17,7 @@ import cpp import codingstandards.c.misra -import codingstandards.cpp.Concurrency +import codingstandards.cpp.ConcurrencyNew class CThreadRoot extends Function { CThreadCreateCall threadCreate; diff --git a/c/misra/src/rules/RULE-18-6/ThreadLocalObjectAddressCopiedToGlobalObject.ql b/c/misra/src/rules/RULE-18-6/ThreadLocalObjectAddressCopiedToGlobalObject.ql index 6a520447d1..a8fea9558e 100644 --- a/c/misra/src/rules/RULE-18-6/ThreadLocalObjectAddressCopiedToGlobalObject.ql +++ b/c/misra/src/rules/RULE-18-6/ThreadLocalObjectAddressCopiedToGlobalObject.ql @@ -16,7 +16,7 @@ import cpp import codingstandards.c.misra import codingstandards.c.Objects -import codingstandards.cpp.Concurrency +import codingstandards.cpp.ConcurrencyNew from AssignExpr assignment, Element threadLocal, ObjectIdentity static where diff --git a/c/misra/src/rules/RULE-22-12/NonstandardUseOfThreadingObject.ql b/c/misra/src/rules/RULE-22-12/NonstandardUseOfThreadingObject.ql index d92b4ccea6..15a437e7ed 100644 --- a/c/misra/src/rules/RULE-22-12/NonstandardUseOfThreadingObject.ql +++ b/c/misra/src/rules/RULE-22-12/NonstandardUseOfThreadingObject.ql @@ -15,7 +15,7 @@ import cpp import codingstandards.c.misra -import codingstandards.cpp.Concurrency +import codingstandards.cpp.ConcurrencyNew import codingstandards.cpp.Type predicate isThreadingObject(Type t) { t instanceof PossiblySpecified::Type } diff --git a/c/misra/src/rules/RULE-22-13/ThreadingObjectWithInvalidStorageDuration.ql b/c/misra/src/rules/RULE-22-13/ThreadingObjectWithInvalidStorageDuration.ql index 066cf3c295..18f3671202 100644 --- a/c/misra/src/rules/RULE-22-13/ThreadingObjectWithInvalidStorageDuration.ql +++ b/c/misra/src/rules/RULE-22-13/ThreadingObjectWithInvalidStorageDuration.ql @@ -16,7 +16,7 @@ import cpp import codingstandards.c.misra import codingstandards.c.Objects -import codingstandards.cpp.Concurrency +import codingstandards.cpp.ConcurrencyNew import codingstandards.cpp.Type from ObjectIdentity obj, StorageDuration storageDuration, Type type diff --git a/c/misra/src/rules/RULE-22-14/MutexInitWithInvalidMutexType.ql b/c/misra/src/rules/RULE-22-14/MutexInitWithInvalidMutexType.ql index a122a0bec4..cda50fbf73 100644 --- a/c/misra/src/rules/RULE-22-14/MutexInitWithInvalidMutexType.ql +++ b/c/misra/src/rules/RULE-22-14/MutexInitWithInvalidMutexType.ql @@ -14,7 +14,7 @@ import cpp import codingstandards.c.misra -import codingstandards.cpp.Concurrency +import codingstandards.cpp.ConcurrencyNew predicate isBaseMutexType(EnumConstantAccess access) { access.getTarget().hasName(["mtx_plain", "mtx_timed"]) diff --git a/c/misra/src/rules/RULE-22-14/MutexInitializedInsideThread.ql b/c/misra/src/rules/RULE-22-14/MutexInitializedInsideThread.ql index 497fdaf14d..4b6afe9f5f 100644 --- a/c/misra/src/rules/RULE-22-14/MutexInitializedInsideThread.ql +++ b/c/misra/src/rules/RULE-22-14/MutexInitializedInsideThread.ql @@ -16,7 +16,7 @@ import cpp import codingstandards.c.misra -import codingstandards.cpp.Concurrency +import codingstandards.cpp.ConcurrencyNew from C11MutexSource mutexCreate, ThreadedFunction thread where diff --git a/c/misra/src/rules/RULE-22-14/MutexNotInitializedBeforeUse.ql b/c/misra/src/rules/RULE-22-14/MutexNotInitializedBeforeUse.ql index f78c25f981..7df3a2dc4d 100644 --- a/c/misra/src/rules/RULE-22-14/MutexNotInitializedBeforeUse.ql +++ b/c/misra/src/rules/RULE-22-14/MutexNotInitializedBeforeUse.ql @@ -16,7 +16,7 @@ import cpp import codingstandards.c.misra import codingstandards.c.Objects -import codingstandards.cpp.Concurrency +import codingstandards.cpp.ConcurrencyNew import codingstandards.cpp.Type import codingstandards.c.initialization.GlobalInitializationAnalysis diff --git a/c/misra/src/rules/RULE-22-15/ThreadResourceDisposedBeforeThreadsJoined.ql b/c/misra/src/rules/RULE-22-15/ThreadResourceDisposedBeforeThreadsJoined.ql index ec4631ef1b..9f06f441d1 100644 --- a/c/misra/src/rules/RULE-22-15/ThreadResourceDisposedBeforeThreadsJoined.ql +++ b/c/misra/src/rules/RULE-22-15/ThreadResourceDisposedBeforeThreadsJoined.ql @@ -16,7 +16,7 @@ import cpp import codingstandards.c.misra import codingstandards.c.SubObjects -import codingstandards.cpp.Concurrency +import codingstandards.cpp.ConcurrencyNew newtype TThreadKind = TSpawned(C11ThreadCreateCall tcc) or diff --git a/c/misra/src/rules/RULE-22-17/InvalidOperationOnUnlockedMutex.ql b/c/misra/src/rules/RULE-22-17/InvalidOperationOnUnlockedMutex.ql index d85183a831..f2bb0a519c 100644 --- a/c/misra/src/rules/RULE-22-17/InvalidOperationOnUnlockedMutex.ql +++ b/c/misra/src/rules/RULE-22-17/InvalidOperationOnUnlockedMutex.ql @@ -16,7 +16,7 @@ import cpp import codingstandards.c.misra import codingstandards.c.SubObjects -import codingstandards.cpp.Concurrency +import codingstandards.cpp.ConcurrencyNew import codingstandards.cpp.dominance.BehavioralSet /* A call to mtx_unlock() or cnd_wait() or cnd_timedwait(), which require a locked mutex */ diff --git a/c/misra/src/rules/RULE-22-18/NonRecursiveMutexRecursivelyLocked.ql b/c/misra/src/rules/RULE-22-18/NonRecursiveMutexRecursivelyLocked.ql index 17762b3eee..c1ace4489b 100644 --- a/c/misra/src/rules/RULE-22-18/NonRecursiveMutexRecursivelyLocked.ql +++ b/c/misra/src/rules/RULE-22-18/NonRecursiveMutexRecursivelyLocked.ql @@ -16,7 +16,7 @@ import cpp import codingstandards.c.misra import codingstandards.c.SubObjects -import codingstandards.cpp.Concurrency +import codingstandards.cpp.ConcurrencyNew import codingstandards.cpp.Type from diff --git a/c/misra/src/rules/RULE-22-18/NonRecursiveMutexRecursivelyLockedAudit.ql b/c/misra/src/rules/RULE-22-18/NonRecursiveMutexRecursivelyLockedAudit.ql index 7e002585b6..1df7c03825 100644 --- a/c/misra/src/rules/RULE-22-18/NonRecursiveMutexRecursivelyLockedAudit.ql +++ b/c/misra/src/rules/RULE-22-18/NonRecursiveMutexRecursivelyLockedAudit.ql @@ -18,7 +18,7 @@ import cpp import codeql.util.Boolean import codingstandards.c.misra import codingstandards.c.SubObjects -import codingstandards.cpp.Concurrency +import codingstandards.cpp.ConcurrencyNew import codingstandards.cpp.Type predicate isTrackableMutex(CMutexFunctionCall lockCall, Boolean recursive) { diff --git a/c/misra/src/rules/RULE-22-19/ConditionVariableUsedWithMultipleMutexes.ql b/c/misra/src/rules/RULE-22-19/ConditionVariableUsedWithMultipleMutexes.ql index 0d5aa5399f..ce05c2dc74 100644 --- a/c/misra/src/rules/RULE-22-19/ConditionVariableUsedWithMultipleMutexes.ql +++ b/c/misra/src/rules/RULE-22-19/ConditionVariableUsedWithMultipleMutexes.ql @@ -16,7 +16,7 @@ import cpp import codingstandards.c.misra import codingstandards.c.SubObjects -import codingstandards.cpp.Concurrency +import codingstandards.cpp.ConcurrencyNew bindingset[cond, mutex] int countMutexesForConditionVariable(SubObject cond, SubObject mutex) { diff --git a/c/misra/src/rules/RULE-22-20/ThreadStorageNotInitializedBeforeUse.ql b/c/misra/src/rules/RULE-22-20/ThreadStorageNotInitializedBeforeUse.ql index 1edf4aa9c3..9a9d924247 100644 --- a/c/misra/src/rules/RULE-22-20/ThreadStorageNotInitializedBeforeUse.ql +++ b/c/misra/src/rules/RULE-22-20/ThreadStorageNotInitializedBeforeUse.ql @@ -16,7 +16,7 @@ import cpp import codingstandards.c.misra import codingstandards.c.Objects -import codingstandards.cpp.Concurrency +import codingstandards.cpp.ConcurrencyNew import codingstandards.cpp.Type import codingstandards.c.initialization.GlobalInitializationAnalysis diff --git a/c/misra/src/rules/RULE-22-20/ThreadStoragePointerInitializedInsideThread.ql b/c/misra/src/rules/RULE-22-20/ThreadStoragePointerInitializedInsideThread.ql index 3c40ea7116..4b7c64d914 100644 --- a/c/misra/src/rules/RULE-22-20/ThreadStoragePointerInitializedInsideThread.ql +++ b/c/misra/src/rules/RULE-22-20/ThreadStoragePointerInitializedInsideThread.ql @@ -16,7 +16,7 @@ import cpp import codingstandards.c.misra -import codingstandards.cpp.Concurrency +import codingstandards.cpp.ConcurrencyNew from TSSCreateFunctionCall tssCreate, ThreadedFunction thread where diff --git a/cpp/cert/src/rules/CON56-CPP/DoNotSpeculativelyLockALockedNonRecursiveMutex.ql b/cpp/cert/src/rules/CON56-CPP/DoNotSpeculativelyLockALockedNonRecursiveMutex.ql index 67edf2fc22..a462e60edb 100644 --- a/cpp/cert/src/rules/CON56-CPP/DoNotSpeculativelyLockALockedNonRecursiveMutex.ql +++ b/cpp/cert/src/rules/CON56-CPP/DoNotSpeculativelyLockALockedNonRecursiveMutex.ql @@ -19,7 +19,7 @@ import cpp import codingstandards.cpp.cert -import codingstandards.cpp.Concurrency +import codingstandards.cpp.ConcurrencyNew from LockProtectedControlFlowNode n where diff --git a/cpp/cert/src/rules/CON56-CPP/LockedALockedNonRecursiveMutexAudit.ql b/cpp/cert/src/rules/CON56-CPP/LockedALockedNonRecursiveMutexAudit.ql index 09ec2fa3d5..99ad966efa 100644 --- a/cpp/cert/src/rules/CON56-CPP/LockedALockedNonRecursiveMutexAudit.ql +++ b/cpp/cert/src/rules/CON56-CPP/LockedALockedNonRecursiveMutexAudit.ql @@ -19,7 +19,7 @@ import cpp import codingstandards.cpp.cert -import codingstandards.cpp.Concurrency +import codingstandards.cpp.ConcurrencyNew from LockProtectedControlFlowNode n where diff --git a/cpp/common/src/codingstandards/cpp/rules/guardaccesstobitfields/GuardAccessToBitFields.qll b/cpp/common/src/codingstandards/cpp/rules/guardaccesstobitfields/GuardAccessToBitFields.qll index 5b03a4f8bd..8bac7e15ee 100644 --- a/cpp/common/src/codingstandards/cpp/rules/guardaccesstobitfields/GuardAccessToBitFields.qll +++ b/cpp/common/src/codingstandards/cpp/rules/guardaccesstobitfields/GuardAccessToBitFields.qll @@ -6,7 +6,7 @@ import cpp import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions -import codingstandards.cpp.Concurrency +import codingstandards.cpp.ConcurrencyNew abstract class GuardAccessToBitFieldsSharedQuery extends Query { } diff --git a/cpp/common/src/codingstandards/cpp/rules/joinordetachthreadonlyonce/JoinOrDetachThreadOnlyOnce.qll b/cpp/common/src/codingstandards/cpp/rules/joinordetachthreadonlyonce/JoinOrDetachThreadOnlyOnce.qll index 5ccbe83c72..4b09e85873 100644 --- a/cpp/common/src/codingstandards/cpp/rules/joinordetachthreadonlyonce/JoinOrDetachThreadOnlyOnce.qll +++ b/cpp/common/src/codingstandards/cpp/rules/joinordetachthreadonlyonce/JoinOrDetachThreadOnlyOnce.qll @@ -7,7 +7,7 @@ import cpp import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions -import codingstandards.cpp.Concurrency +import codingstandards.cpp.ConcurrencyNew abstract class JoinOrDetachThreadOnlyOnceSharedQuery extends Query { } diff --git a/cpp/common/src/codingstandards/cpp/rules/preservesafetywhenusingconditionvariables/PreserveSafetyWhenUsingConditionVariables.qll b/cpp/common/src/codingstandards/cpp/rules/preservesafetywhenusingconditionvariables/PreserveSafetyWhenUsingConditionVariables.qll index 94d9d201c4..0851fe980a 100644 --- a/cpp/common/src/codingstandards/cpp/rules/preservesafetywhenusingconditionvariables/PreserveSafetyWhenUsingConditionVariables.qll +++ b/cpp/common/src/codingstandards/cpp/rules/preservesafetywhenusingconditionvariables/PreserveSafetyWhenUsingConditionVariables.qll @@ -6,7 +6,7 @@ import cpp import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions -import codingstandards.cpp.Concurrency +import codingstandards.cpp.ConcurrencyNew abstract class PreserveSafetyWhenUsingConditionVariablesSharedQuery extends Query { } diff --git a/cpp/common/src/codingstandards/cpp/rules/preventdeadlockbylockinginpredefinedorder/PreventDeadlockByLockingInPredefinedOrder.qll b/cpp/common/src/codingstandards/cpp/rules/preventdeadlockbylockinginpredefinedorder/PreventDeadlockByLockingInPredefinedOrder.qll index db755293c6..25e169b139 100644 --- a/cpp/common/src/codingstandards/cpp/rules/preventdeadlockbylockinginpredefinedorder/PreventDeadlockByLockingInPredefinedOrder.qll +++ b/cpp/common/src/codingstandards/cpp/rules/preventdeadlockbylockinginpredefinedorder/PreventDeadlockByLockingInPredefinedOrder.qll @@ -6,7 +6,7 @@ import cpp import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions -import codingstandards.cpp.Concurrency +import codingstandards.cpp.ConcurrencyNew import semmle.code.cpp.controlflow.Dominance abstract class PreventDeadlockByLockingInPredefinedOrderSharedQuery extends Query { } diff --git a/cpp/common/src/codingstandards/cpp/rules/wrapspuriousfunctioninloop/WrapSpuriousFunctionInLoop.qll b/cpp/common/src/codingstandards/cpp/rules/wrapspuriousfunctioninloop/WrapSpuriousFunctionInLoop.qll index 99bdbeee5d..382cda1ae8 100644 --- a/cpp/common/src/codingstandards/cpp/rules/wrapspuriousfunctioninloop/WrapSpuriousFunctionInLoop.qll +++ b/cpp/common/src/codingstandards/cpp/rules/wrapspuriousfunctioninloop/WrapSpuriousFunctionInLoop.qll @@ -6,7 +6,7 @@ import cpp import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions -import codingstandards.cpp.Concurrency +import codingstandards.cpp.ConcurrencyNew abstract class WrapSpuriousFunctionInLoopSharedQuery extends Query { } From cb6ab90bcf0b7799f76af6e051c31d0c72f8ecf2 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Tue, 8 Jul 2025 16:01:51 +0200 Subject: [PATCH 021/104] Convert UseOnlyArrayIndexingForPointerArithmetic to use the new dataflow library --- .../UseOnlyArrayIndexingForPointerArithmetic.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/common/src/codingstandards/cpp/rules/useonlyarrayindexingforpointerarithmetic/UseOnlyArrayIndexingForPointerArithmetic.qll b/cpp/common/src/codingstandards/cpp/rules/useonlyarrayindexingforpointerarithmetic/UseOnlyArrayIndexingForPointerArithmetic.qll index 3b0abbad0d..f9ffb4fc9a 100644 --- a/cpp/common/src/codingstandards/cpp/rules/useonlyarrayindexingforpointerarithmetic/UseOnlyArrayIndexingForPointerArithmetic.qll +++ b/cpp/common/src/codingstandards/cpp/rules/useonlyarrayindexingforpointerarithmetic/UseOnlyArrayIndexingForPointerArithmetic.qll @@ -6,7 +6,7 @@ import cpp import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow abstract class UseOnlyArrayIndexingForPointerArithmeticSharedQuery extends Query { } From 30a36350ba7f0ee69833dec491d8c9d934613e40 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Tue, 8 Jul 2025 16:02:57 +0200 Subject: [PATCH 022/104] Convert StringNumberConversionMissingErrorCheck to use the new dataflow library --- .../StringNumberConversionMissingErrorCheck.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/common/src/codingstandards/cpp/rules/stringnumberconversionmissingerrorcheck/StringNumberConversionMissingErrorCheck.qll b/cpp/common/src/codingstandards/cpp/rules/stringnumberconversionmissingerrorcheck/StringNumberConversionMissingErrorCheck.qll index fd56f5d899..cb0bc765e6 100644 --- a/cpp/common/src/codingstandards/cpp/rules/stringnumberconversionmissingerrorcheck/StringNumberConversionMissingErrorCheck.qll +++ b/cpp/common/src/codingstandards/cpp/rules/stringnumberconversionmissingerrorcheck/StringNumberConversionMissingErrorCheck.qll @@ -7,7 +7,7 @@ import cpp import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions import semmle.code.cpp.valuenumbering.GlobalValueNumbering -import semmle.code.cpp.dataflow.TaintTracking +import semmle.code.cpp.dataflow.new.TaintTracking import codingstandards.cpp.standardlibrary.CharStreams abstract class StringNumberConversionMissingErrorCheckSharedQuery extends Query { } From ce08d1e042e591172e8b317388668ffb301e48aa Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Tue, 8 Jul 2025 16:03:30 +0200 Subject: [PATCH 023/104] Convert FgetsErrorManagement to use the new dataflow library --- .../FIO37-C/SuccessfulFgetsOrFgetwsMayReturnAnEmptyString.ql | 2 +- .../rules/FIO40-C/ResetStringsOnFgetsOrFgetwsFailure.expected | 3 --- cpp/common/src/codingstandards/cpp/FgetsErrorManagement.qll | 2 +- 3 files changed, 2 insertions(+), 5 deletions(-) diff --git a/c/cert/src/rules/FIO37-C/SuccessfulFgetsOrFgetwsMayReturnAnEmptyString.ql b/c/cert/src/rules/FIO37-C/SuccessfulFgetsOrFgetwsMayReturnAnEmptyString.ql index ad3a2c8192..d9b96d3c86 100644 --- a/c/cert/src/rules/FIO37-C/SuccessfulFgetsOrFgetwsMayReturnAnEmptyString.ql +++ b/c/cert/src/rules/FIO37-C/SuccessfulFgetsOrFgetwsMayReturnAnEmptyString.ql @@ -19,7 +19,7 @@ import cpp import codingstandards.c.cert import codingstandards.cpp.FgetsErrorManagement import codingstandards.cpp.Dereferenced -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow /* * CFG nodes that follows a successful call to `fgets` diff --git a/c/cert/test/rules/FIO40-C/ResetStringsOnFgetsOrFgetwsFailure.expected b/c/cert/test/rules/FIO40-C/ResetStringsOnFgetsOrFgetwsFailure.expected index 52cb85e5c4..20c108cfa0 100644 --- a/c/cert/test/rules/FIO40-C/ResetStringsOnFgetsOrFgetwsFailure.expected +++ b/c/cert/test/rules/FIO40-C/ResetStringsOnFgetsOrFgetwsFailure.expected @@ -1,6 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ResetStringsOnFgetsOrFgetwsFailure.ql:48,11-19) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ResetStringsOnFgetsOrFgetwsFailure.ql:48,31-39) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ResetStringsOnFgetsOrFgetwsFailure.ql:49,13-21) | test.c:20:10:20:12 | buf | The buffer is not reset before being referenced following a failed $@. | test.c:15:7:15:11 | call to fgets | call to fgets | | test.c:57:10:57:12 | buf | The buffer is not reset before being referenced following a failed $@. | test.c:52:7:52:11 | call to fgets | call to fgets | | test.c:66:18:66:20 | buf | The buffer is not reset before being referenced following a failed $@. | test.c:61:7:61:11 | call to fgets | call to fgets | diff --git a/cpp/common/src/codingstandards/cpp/FgetsErrorManagement.qll b/cpp/common/src/codingstandards/cpp/FgetsErrorManagement.qll index 026fd93045..7342b92f32 100644 --- a/cpp/common/src/codingstandards/cpp/FgetsErrorManagement.qll +++ b/cpp/common/src/codingstandards/cpp/FgetsErrorManagement.qll @@ -4,7 +4,7 @@ */ import cpp -private import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import semmle.code.cpp.controlflow.Guards /* From 88ef34fc9678181e831a9d10a66b4eeaa6f8b8a1 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Tue, 8 Jul 2025 17:05:19 +0200 Subject: [PATCH 024/104] Convert RULE-22-3 to use the new dataflow library --- .../RULE-22-3/FileOpenForReadAndWriteOnDifferentStreams.ql | 2 +- .../FileOpenForReadAndWriteOnDifferentStreams.expected | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/c/misra/src/rules/RULE-22-3/FileOpenForReadAndWriteOnDifferentStreams.ql b/c/misra/src/rules/RULE-22-3/FileOpenForReadAndWriteOnDifferentStreams.ql index 642813bbab..581439c629 100644 --- a/c/misra/src/rules/RULE-22-3/FileOpenForReadAndWriteOnDifferentStreams.ql +++ b/c/misra/src/rules/RULE-22-3/FileOpenForReadAndWriteOnDifferentStreams.ql @@ -15,7 +15,7 @@ import cpp import codingstandards.c.misra import codingstandards.cpp.standardlibrary.FileAccess -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import semmle.code.cpp.valuenumbering.GlobalValueNumbering import semmle.code.cpp.controlflow.SubBasicBlocks diff --git a/c/misra/test/rules/RULE-22-3/FileOpenForReadAndWriteOnDifferentStreams.expected b/c/misra/test/rules/RULE-22-3/FileOpenForReadAndWriteOnDifferentStreams.expected index 0365f4980d..6111072ba8 100644 --- a/c/misra/test/rules/RULE-22-3/FileOpenForReadAndWriteOnDifferentStreams.expected +++ b/c/misra/test/rules/RULE-22-3/FileOpenForReadAndWriteOnDifferentStreams.expected @@ -1,4 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (FileOpenForReadAndWriteOnDifferentStreams.ql:39,9-17) | test.c:6:14:6:18 | call to fopen | The same file was already opened $@. Files should not be read and written at the same time using different streams. | test.c:5:14:5:18 | call to fopen | here | | test.c:17:14:17:18 | call to fopen | The same file was already opened $@. Files should not be read and written at the same time using different streams. | test.c:16:14:16:18 | call to fopen | here | | test.c:33:14:33:18 | call to fopen | The same file was already opened $@. Files should not be read and written at the same time using different streams. | test.c:32:14:32:18 | call to fopen | here | From fdf1923adc818f598ee320fa40a639af082d2623 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Tue, 8 Jul 2025 17:07:11 +0200 Subject: [PATCH 025/104] Convert RULE-22-4 to use the new dataflow library --- .../src/rules/RULE-22-4/AttemptToWriteToAReadOnlyStream.ql | 2 +- .../RULE-22-4/AttemptToWriteToAReadOnlyStream.expected | 6 ------ 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/c/misra/src/rules/RULE-22-4/AttemptToWriteToAReadOnlyStream.ql b/c/misra/src/rules/RULE-22-4/AttemptToWriteToAReadOnlyStream.ql index 2439d4ca47..2468caa61e 100644 --- a/c/misra/src/rules/RULE-22-4/AttemptToWriteToAReadOnlyStream.ql +++ b/c/misra/src/rules/RULE-22-4/AttemptToWriteToAReadOnlyStream.ql @@ -14,7 +14,7 @@ import cpp import codingstandards.c.misra import codingstandards.cpp.standardlibrary.FileAccess -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow module FileDFConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { diff --git a/c/misra/test/rules/RULE-22-4/AttemptToWriteToAReadOnlyStream.expected b/c/misra/test/rules/RULE-22-4/AttemptToWriteToAReadOnlyStream.expected index dbf08e3d3d..0bfce133c5 100644 --- a/c/misra/test/rules/RULE-22-4/AttemptToWriteToAReadOnlyStream.expected +++ b/c/misra/test/rules/RULE-22-4/AttemptToWriteToAReadOnlyStream.expected @@ -1,8 +1,2 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (AttemptToWriteToAReadOnlyStream.ql:19,32-40) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (AttemptToWriteToAReadOnlyStream.ql:20,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (AttemptToWriteToAReadOnlyStream.ql:25,20-28) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (AttemptToWriteToAReadOnlyStream.ql:31,21-29) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (AttemptToWriteToAReadOnlyStream.ql:33,6-14) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (AttemptToWriteToAReadOnlyStream.ql:36,28-36) | test.c:10:3:10:9 | call to fprintf | Attempt to write to a $@ opened as read-only. | test.c:9:14:9:18 | call to fopen | stream | | test.c:15:3:15:9 | call to fprintf | Attempt to write to a $@ opened as read-only. | test.c:18:14:18:18 | call to fopen | stream | From 8ea39d81c848224eea63879530dd745f762da48b Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Tue, 8 Jul 2025 17:38:05 +0200 Subject: [PATCH 026/104] Convert A7-5-1 to use the new dataflow library --- cpp/autosar/src/rules/A7-5-1/InvalidFunctionReturnType.ql | 2 +- .../test/rules/A7-5-1/InvalidFunctionReturnType.expected | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/cpp/autosar/src/rules/A7-5-1/InvalidFunctionReturnType.ql b/cpp/autosar/src/rules/A7-5-1/InvalidFunctionReturnType.ql index c36bda6cdd..6b94c68cff 100644 --- a/cpp/autosar/src/rules/A7-5-1/InvalidFunctionReturnType.ql +++ b/cpp/autosar/src/rules/A7-5-1/InvalidFunctionReturnType.ql @@ -16,7 +16,7 @@ import cpp import codingstandards.cpp.autosar -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow from Parameter p, ReturnStmt ret where diff --git a/cpp/autosar/test/rules/A7-5-1/InvalidFunctionReturnType.expected b/cpp/autosar/test/rules/A7-5-1/InvalidFunctionReturnType.expected index 3287ba88d1..b6d9490803 100644 --- a/cpp/autosar/test/rules/A7-5-1/InvalidFunctionReturnType.expected +++ b/cpp/autosar/test/rules/A7-5-1/InvalidFunctionReturnType.expected @@ -1,5 +1,2 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (InvalidFunctionReturnType.ql:27,3-11) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (InvalidFunctionReturnType.ql:27,23-31) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (InvalidFunctionReturnType.ql:27,51-59) | test.cpp:5:3:5:11 | return ... | Function test_refconst_return returns a reference or a pointer to $@ that is passed by reference to const. | test.cpp:4:44:4:44 | x | parameter | | test.cpp:8:3:8:14 | return ... | Function test_ptrconst_return returns a reference or a pointer to $@ that is passed by reference to const. | test.cpp:7:44:7:44 | x | parameter | From b3cffdb98fc8829bace33de588f657a84c8752c6 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Tue, 8 Jul 2025 17:54:03 +0200 Subject: [PATCH 027/104] Convert DoNotSubtractPointersAddressingDifferentArrays to use new dataflow library --- ...PointersAddressingDifferentArrays.expected | 28 ++++++++++++------- .../PointerSubtractionOnDifferentArrays.ql | 4 ++- ...tractPointersAddressingDifferentArrays.qll | 4 ++- ...PointersAddressingDifferentArrays.expected | 28 ++++++++++++------- 4 files changed, 42 insertions(+), 22 deletions(-) diff --git a/c/common/test/rules/donotsubtractpointersaddressingdifferentarrays/DoNotSubtractPointersAddressingDifferentArrays.expected b/c/common/test/rules/donotsubtractpointersaddressingdifferentarrays/DoNotSubtractPointersAddressingDifferentArrays.expected index 75866b8503..f9fe72c2a4 100644 --- a/c/common/test/rules/donotsubtractpointersaddressingdifferentarrays/DoNotSubtractPointersAddressingDifferentArrays.expected +++ b/c/common/test/rules/donotsubtractpointersaddressingdifferentarrays/DoNotSubtractPointersAddressingDifferentArrays.expected @@ -4,19 +4,27 @@ problems | test.c:13:10:13:11 | p4 | test.c:5:14:5:15 | l2 | test.c:13:10:13:11 | p4 | Subtraction between left operand pointing to array $@ and other operand pointing to array $@. | test.c:3:7:3:8 | l2 | l2 | test.c:2:7:2:8 | l1 | l1 | | test.c:13:15:13:16 | l1 | test.c:13:15:13:16 | l1 | test.c:13:15:13:16 | l1 | Subtraction between right operand pointing to array $@ and other operand pointing to array $@. | test.c:2:7:2:8 | l1 | l1 | test.c:3:7:3:8 | l2 | l2 | edges -| test.c:4:14:4:15 | l1 | test.c:4:14:4:18 | access to array | provenance | Config | -| test.c:4:14:4:18 | access to array | test.c:10:10:10:11 | p1 | provenance | | -| test.c:4:14:4:18 | access to array | test.c:12:10:12:11 | p1 | provenance | | -| test.c:5:14:5:15 | l2 | test.c:5:14:5:19 | access to array | provenance | Config | -| test.c:5:14:5:19 | access to array | test.c:11:10:11:11 | p2 | provenance | | -| test.c:5:14:5:19 | access to array | test.c:12:15:12:16 | p2 | provenance | | -| test.c:5:14:5:19 | access to array | test.c:13:10:13:11 | p4 | provenance | | -| test.c:5:14:5:19 | access to array | test.c:14:10:14:11 | p4 | provenance | | +| test.c:4:13:4:18 | & ... | test.c:4:13:4:18 | & ... | provenance | | +| test.c:4:13:4:18 | & ... | test.c:10:10:10:11 | p1 | provenance | | +| test.c:4:13:4:18 | & ... | test.c:12:10:12:11 | p1 | provenance | | +| test.c:4:14:4:15 | l1 | test.c:4:13:4:18 | & ... | provenance | Config | +| test.c:5:13:5:19 | & ... | test.c:5:13:5:19 | & ... | provenance | | +| test.c:5:13:5:19 | & ... | test.c:6:13:6:14 | p2 | provenance | | +| test.c:5:13:5:19 | & ... | test.c:11:10:11:11 | p2 | provenance | | +| test.c:5:13:5:19 | & ... | test.c:12:15:12:16 | p2 | provenance | | +| test.c:5:14:5:15 | l2 | test.c:5:13:5:19 | & ... | provenance | Config | +| test.c:6:13:6:14 | p2 | test.c:7:13:7:14 | p3 | provenance | | +| test.c:7:13:7:14 | p3 | test.c:13:10:13:11 | p4 | provenance | | +| test.c:7:13:7:14 | p3 | test.c:14:10:14:11 | p4 | provenance | | nodes +| test.c:4:13:4:18 | & ... | semmle.label | & ... | +| test.c:4:13:4:18 | & ... | semmle.label | & ... | | test.c:4:14:4:15 | l1 | semmle.label | l1 | -| test.c:4:14:4:18 | access to array | semmle.label | access to array | +| test.c:5:13:5:19 | & ... | semmle.label | & ... | +| test.c:5:13:5:19 | & ... | semmle.label | & ... | | test.c:5:14:5:15 | l2 | semmle.label | l2 | -| test.c:5:14:5:19 | access to array | semmle.label | access to array | +| test.c:6:13:6:14 | p2 | semmle.label | p2 | +| test.c:7:13:7:14 | p3 | semmle.label | p3 | | test.c:10:10:10:11 | p1 | semmle.label | p1 | | test.c:10:15:10:16 | l1 | semmle.label | l1 | | test.c:11:10:11:11 | p2 | semmle.label | p2 | diff --git a/cpp/autosar/src/rules/M5-0-17/PointerSubtractionOnDifferentArrays.ql b/cpp/autosar/src/rules/M5-0-17/PointerSubtractionOnDifferentArrays.ql index d6d4f6130a..29feaa22d5 100644 --- a/cpp/autosar/src/rules/M5-0-17/PointerSubtractionOnDifferentArrays.ql +++ b/cpp/autosar/src/rules/M5-0-17/PointerSubtractionOnDifferentArrays.ql @@ -15,7 +15,7 @@ import cpp import codingstandards.cpp.autosar -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import ArrayToPointerDiffOperandFlow::PathGraph module ArrayToPointerDiffOperandConfig implements DataFlow::ConfigSig { @@ -34,6 +34,8 @@ module ArrayToPointerDiffOperandConfig implements DataFlow::ConfigSig { // Add a flow step from the base to the array expression to track pointers to elements of the array. exists(ArrayExpr e | e.getArrayBase() = pred.asExpr() and e = succ.asExpr()) } + + predicate isBarrierIn(DataFlow::Node node) { isSource(node) } } module ArrayToPointerDiffOperandFlow = DataFlow::Global; diff --git a/cpp/common/src/codingstandards/cpp/rules/donotsubtractpointersaddressingdifferentarrays/DoNotSubtractPointersAddressingDifferentArrays.qll b/cpp/common/src/codingstandards/cpp/rules/donotsubtractpointersaddressingdifferentarrays/DoNotSubtractPointersAddressingDifferentArrays.qll index adb9785814..16f9638294 100644 --- a/cpp/common/src/codingstandards/cpp/rules/donotsubtractpointersaddressingdifferentarrays/DoNotSubtractPointersAddressingDifferentArrays.qll +++ b/cpp/common/src/codingstandards/cpp/rules/donotsubtractpointersaddressingdifferentarrays/DoNotSubtractPointersAddressingDifferentArrays.qll @@ -6,7 +6,7 @@ import cpp import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import ArrayToPointerDiffOperandFlow::PathGraph module ArrayToPointerDiffOperandConfig implements DataFlow::ConfigSig { @@ -25,6 +25,8 @@ module ArrayToPointerDiffOperandConfig implements DataFlow::ConfigSig { // Add a flow step from the base to the array expression to track pointers to elements of the array. exists(ArrayExpr e | e.getArrayBase() = pred.asExpr() and e = succ.asExpr()) } + + predicate isBarrierIn(DataFlow::Node node) { isSource(node) } } module ArrayToPointerDiffOperandFlow = DataFlow::Global; diff --git a/cpp/common/test/rules/donotsubtractpointersaddressingdifferentarrays/DoNotSubtractPointersAddressingDifferentArrays.expected b/cpp/common/test/rules/donotsubtractpointersaddressingdifferentarrays/DoNotSubtractPointersAddressingDifferentArrays.expected index 2d293e6928..89f6cec56a 100644 --- a/cpp/common/test/rules/donotsubtractpointersaddressingdifferentarrays/DoNotSubtractPointersAddressingDifferentArrays.expected +++ b/cpp/common/test/rules/donotsubtractpointersaddressingdifferentarrays/DoNotSubtractPointersAddressingDifferentArrays.expected @@ -4,19 +4,27 @@ problems | test.cpp:13:10:13:11 | p4 | test.cpp:5:14:5:15 | l2 | test.cpp:13:10:13:11 | p4 | Subtraction between left operand pointing to array $@ and other operand pointing to array $@. | test.cpp:3:7:3:8 | l2 | l2 | test.cpp:2:7:2:8 | l1 | l1 | | test.cpp:13:15:13:16 | l1 | test.cpp:13:15:13:16 | l1 | test.cpp:13:15:13:16 | l1 | Subtraction between right operand pointing to array $@ and other operand pointing to array $@. | test.cpp:2:7:2:8 | l1 | l1 | test.cpp:3:7:3:8 | l2 | l2 | edges -| test.cpp:4:14:4:15 | l1 | test.cpp:4:14:4:18 | access to array | provenance | Config | -| test.cpp:4:14:4:18 | access to array | test.cpp:10:10:10:11 | p1 | provenance | | -| test.cpp:4:14:4:18 | access to array | test.cpp:12:10:12:11 | p1 | provenance | | -| test.cpp:5:14:5:15 | l2 | test.cpp:5:14:5:19 | access to array | provenance | Config | -| test.cpp:5:14:5:19 | access to array | test.cpp:11:10:11:11 | p2 | provenance | | -| test.cpp:5:14:5:19 | access to array | test.cpp:12:15:12:16 | p2 | provenance | | -| test.cpp:5:14:5:19 | access to array | test.cpp:13:10:13:11 | p4 | provenance | | -| test.cpp:5:14:5:19 | access to array | test.cpp:14:10:14:11 | p4 | provenance | | +| test.cpp:4:13:4:18 | & ... | test.cpp:4:13:4:18 | & ... | provenance | | +| test.cpp:4:13:4:18 | & ... | test.cpp:10:10:10:11 | p1 | provenance | | +| test.cpp:4:13:4:18 | & ... | test.cpp:12:10:12:11 | p1 | provenance | | +| test.cpp:4:14:4:15 | l1 | test.cpp:4:13:4:18 | & ... | provenance | Config | +| test.cpp:5:13:5:19 | & ... | test.cpp:5:13:5:19 | & ... | provenance | | +| test.cpp:5:13:5:19 | & ... | test.cpp:6:13:6:14 | p2 | provenance | | +| test.cpp:5:13:5:19 | & ... | test.cpp:11:10:11:11 | p2 | provenance | | +| test.cpp:5:13:5:19 | & ... | test.cpp:12:15:12:16 | p2 | provenance | | +| test.cpp:5:14:5:15 | l2 | test.cpp:5:13:5:19 | & ... | provenance | Config | +| test.cpp:6:13:6:14 | p2 | test.cpp:7:13:7:14 | p3 | provenance | | +| test.cpp:7:13:7:14 | p3 | test.cpp:13:10:13:11 | p4 | provenance | | +| test.cpp:7:13:7:14 | p3 | test.cpp:14:10:14:11 | p4 | provenance | | nodes +| test.cpp:4:13:4:18 | & ... | semmle.label | & ... | +| test.cpp:4:13:4:18 | & ... | semmle.label | & ... | | test.cpp:4:14:4:15 | l1 | semmle.label | l1 | -| test.cpp:4:14:4:18 | access to array | semmle.label | access to array | +| test.cpp:5:13:5:19 | & ... | semmle.label | & ... | +| test.cpp:5:13:5:19 | & ... | semmle.label | & ... | | test.cpp:5:14:5:15 | l2 | semmle.label | l2 | -| test.cpp:5:14:5:19 | access to array | semmle.label | access to array | +| test.cpp:6:13:6:14 | p2 | semmle.label | p2 | +| test.cpp:7:13:7:14 | p3 | semmle.label | p3 | | test.cpp:10:10:10:11 | p1 | semmle.label | p1 | | test.cpp:10:15:10:16 | l1 | semmle.label | l1 | | test.cpp:11:10:11:11 | p2 | semmle.label | p2 | From 0afdf3246eba6f8963662421abca77bf9b445bef Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Tue, 8 Jul 2025 17:55:39 +0200 Subject: [PATCH 028/104] Remove unused dataflow import from IOFstreamMissingPositioning --- .../iofstreammissingpositioning/IOFstreamMissingPositioning.qll | 1 - 1 file changed, 1 deletion(-) diff --git a/cpp/common/src/codingstandards/cpp/rules/iofstreammissingpositioning/IOFstreamMissingPositioning.qll b/cpp/common/src/codingstandards/cpp/rules/iofstreammissingpositioning/IOFstreamMissingPositioning.qll index b26421c72c..b11050e491 100644 --- a/cpp/common/src/codingstandards/cpp/rules/iofstreammissingpositioning/IOFstreamMissingPositioning.qll +++ b/cpp/common/src/codingstandards/cpp/rules/iofstreammissingpositioning/IOFstreamMissingPositioning.qll @@ -5,7 +5,6 @@ */ import cpp -import semmle.code.cpp.dataflow.TaintTracking import codingstandards.cpp.Exclusions import codingstandards.cpp.standardlibrary.FileStreams import codingstandards.cpp.standardlibrary.FileAccess From 241ec6302f3149cc3ea2d45cbf9aeb5f5f9b0e88 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Tue, 8 Jul 2025 18:01:38 +0200 Subject: [PATCH 029/104] Convert DanglingCaptureWhenReturningLambdaObject to use new dataflow library --- .../DanglingCaptureWhenReturningLambdaObject.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/common/src/codingstandards/cpp/rules/danglingcapturewhenreturninglambdaobject/DanglingCaptureWhenReturningLambdaObject.qll b/cpp/common/src/codingstandards/cpp/rules/danglingcapturewhenreturninglambdaobject/DanglingCaptureWhenReturningLambdaObject.qll index 4ab01520f6..412a571fe4 100644 --- a/cpp/common/src/codingstandards/cpp/rules/danglingcapturewhenreturninglambdaobject/DanglingCaptureWhenReturningLambdaObject.qll +++ b/cpp/common/src/codingstandards/cpp/rules/danglingcapturewhenreturninglambdaobject/DanglingCaptureWhenReturningLambdaObject.qll @@ -5,7 +5,7 @@ */ import cpp -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions From 5887113e181a71929ff09946dde7d34baaab1dd2 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Tue, 8 Jul 2025 20:11:27 +0200 Subject: [PATCH 030/104] Revert "Convert DanglingCaptureWhenReturningLambdaObject to use new dataflow library" This reverts commit b18c7b4625d35af8e4411b3d5a3531eee81b4f90. This change broke some tests. --- .../DanglingCaptureWhenReturningLambdaObject.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/common/src/codingstandards/cpp/rules/danglingcapturewhenreturninglambdaobject/DanglingCaptureWhenReturningLambdaObject.qll b/cpp/common/src/codingstandards/cpp/rules/danglingcapturewhenreturninglambdaobject/DanglingCaptureWhenReturningLambdaObject.qll index 412a571fe4..4ab01520f6 100644 --- a/cpp/common/src/codingstandards/cpp/rules/danglingcapturewhenreturninglambdaobject/DanglingCaptureWhenReturningLambdaObject.qll +++ b/cpp/common/src/codingstandards/cpp/rules/danglingcapturewhenreturninglambdaobject/DanglingCaptureWhenReturningLambdaObject.qll @@ -5,7 +5,7 @@ */ import cpp -import semmle.code.cpp.dataflow.new.DataFlow +import semmle.code.cpp.dataflow.DataFlow import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions From 5e3f1dc4b8133375e40a722df0426dc3facd9c13 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Thu, 10 Jul 2025 13:25:22 +0200 Subject: [PATCH 031/104] Fix FIO40-C regression after incorrectly solving a merge conflict --- c/cert/src/rules/FIO40-C/ResetStringsOnFgetsOrFgetwsFailure.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/c/cert/src/rules/FIO40-C/ResetStringsOnFgetsOrFgetwsFailure.ql b/c/cert/src/rules/FIO40-C/ResetStringsOnFgetsOrFgetwsFailure.ql index 9b0882ac66..b853adba99 100644 --- a/c/cert/src/rules/FIO40-C/ResetStringsOnFgetsOrFgetwsFailure.ql +++ b/c/cert/src/rules/FIO40-C/ResetStringsOnFgetsOrFgetwsFailure.ql @@ -21,7 +21,7 @@ import cpp import codingstandards.cpp.FgetsErrorManagement import codingstandards.cpp.Dereferenced import codingstandards.c.cert -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow /* * Models calls to `memcpy` `strcpy` `strncpy` and their wrappers From d997db1f06e4a3a73aa6798c056d57713ef13d08 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Thu, 10 Jul 2025 14:19:35 +0200 Subject: [PATCH 032/104] Conver ARR32-C to use the new dataflow library --- .../src/rules/ARR32-C/VariableLengthArraySizeNotInValidRange.ql | 2 +- .../ARR32-C/VariableLengthArraySizeNotInValidRange.expected | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/c/cert/src/rules/ARR32-C/VariableLengthArraySizeNotInValidRange.ql b/c/cert/src/rules/ARR32-C/VariableLengthArraySizeNotInValidRange.ql index 1356777e5f..9fd4aae3b4 100644 --- a/c/cert/src/rules/ARR32-C/VariableLengthArraySizeNotInValidRange.ql +++ b/c/cert/src/rules/ARR32-C/VariableLengthArraySizeNotInValidRange.ql @@ -20,7 +20,7 @@ import cpp import codingstandards.c.cert import codingstandards.cpp.Overflow -import semmle.code.cpp.dataflow.TaintTracking +import semmle.code.cpp.dataflow.new.TaintTracking /** * Gets the maximum size (in bytes) a variable-length array diff --git a/c/cert/test/rules/ARR32-C/VariableLengthArraySizeNotInValidRange.expected b/c/cert/test/rules/ARR32-C/VariableLengthArraySizeNotInValidRange.expected index 1617571bbe..25153f195b 100644 --- a/c/cert/test/rules/ARR32-C/VariableLengthArraySizeNotInValidRange.expected +++ b/c/cert/test/rules/ARR32-C/VariableLengthArraySizeNotInValidRange.expected @@ -1,5 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (VariableLengthArraySizeNotInValidRange.ql:110,11-19) -WARNING: module 'TaintTracking' has been deprecated and may be removed in future (VariableLengthArraySizeNotInValidRange.ql:93,5-18) | test.c:14:8:14:8 | VLA declaration | Variable-length array dimension size may be in an invalid range. | | test.c:15:8:15:8 | VLA declaration | Variable-length array dimension size may be in an invalid range. | | test.c:16:8:16:8 | VLA declaration | Variable-length array dimension size may be in an invalid range. | From fbb5d043c20e98567969c8e90ece8e1d56855c32 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Thu, 10 Jul 2025 16:07:39 +0200 Subject: [PATCH 033/104] Convert DCL30-C to the new dataflow library Observe that this change moves the alert location from the last assignment of an output parameter to the paramter itself, which seems a non-critical change. --- .../DCL30-C/AppropriateStorageDurationsFunctionReturn.ql | 4 ++-- .../AppropriateStorageDurationsFunctionReturn.expected | 7 +------ 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/c/cert/src/rules/DCL30-C/AppropriateStorageDurationsFunctionReturn.ql b/c/cert/src/rules/DCL30-C/AppropriateStorageDurationsFunctionReturn.ql index 2e1064ee9d..3cbcb30113 100644 --- a/c/cert/src/rules/DCL30-C/AppropriateStorageDurationsFunctionReturn.ql +++ b/c/cert/src/rules/DCL30-C/AppropriateStorageDurationsFunctionReturn.ql @@ -19,7 +19,7 @@ import cpp import codingstandards.c.cert import codingstandards.c.Objects -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow class Source extends Expr { ObjectIdentity rootObject; @@ -34,7 +34,7 @@ class Sink extends DataFlow::Node { Sink() { //output parameter exists(Parameter f | - f.getAnAccess() = this.(DataFlow::PostUpdateNode).getPreUpdateNode().asExpr() and + this.isFinalValueOfParameter(f) and f.getUnderlyingType() instanceof PointerType ) or diff --git a/c/cert/test/rules/DCL30-C/AppropriateStorageDurationsFunctionReturn.expected b/c/cert/test/rules/DCL30-C/AppropriateStorageDurationsFunctionReturn.expected index a4359d7000..e193e8c8eb 100644 --- a/c/cert/test/rules/DCL30-C/AppropriateStorageDurationsFunctionReturn.expected +++ b/c/cert/test/rules/DCL30-C/AppropriateStorageDurationsFunctionReturn.expected @@ -1,7 +1,2 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (AppropriateStorageDurationsFunctionReturn.ql:33,20-28) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (AppropriateStorageDurationsFunctionReturn.ql:37,31-39) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (AppropriateStorageDurationsFunctionReturn.ql:50,6-14) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (AppropriateStorageDurationsFunctionReturn.ql:50,26-34) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (AppropriateStorageDurationsFunctionReturn.ql:56,3-11) | test.c:3:10:3:10 | a | $@ with automatic storage may be accessible outside of its lifetime. | test.c:3:10:3:10 | a | a | -| test.c:15:4:15:8 | param [inner post update] | $@ with automatic storage may be accessible outside of its lifetime. | test.c:15:12:15:13 | a2 | a2 | +| test.c:12:16:12:20 | *param | $@ with automatic storage may be accessible outside of its lifetime. | test.c:15:12:15:13 | a2 | a2 | From 6b8b5f5fb716128966f92d6333692867ee8725ef Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Thu, 10 Jul 2025 16:11:43 +0200 Subject: [PATCH 034/104] Convert ERR32-C to use the new dataflow library --- .../rules/ERR32-C/DoNotRelyOnIndeterminateValuesOfErrno.ql | 2 +- .../ERR32-C/DoNotRelyOnIndeterminateValuesOfErrno.expected | 4 ---- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/c/cert/src/rules/ERR32-C/DoNotRelyOnIndeterminateValuesOfErrno.ql b/c/cert/src/rules/ERR32-C/DoNotRelyOnIndeterminateValuesOfErrno.ql index 146d0cb30f..3686895c79 100644 --- a/c/cert/src/rules/ERR32-C/DoNotRelyOnIndeterminateValuesOfErrno.ql +++ b/c/cert/src/rules/ERR32-C/DoNotRelyOnIndeterminateValuesOfErrno.ql @@ -20,7 +20,7 @@ import codingstandards.c.cert import codingstandards.c.Errno import codingstandards.c.Signal import semmle.code.cpp.controlflow.Guards -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow /** * A check on `signal` call return value diff --git a/c/cert/test/rules/ERR32-C/DoNotRelyOnIndeterminateValuesOfErrno.expected b/c/cert/test/rules/ERR32-C/DoNotRelyOnIndeterminateValuesOfErrno.expected index b79a17ca35..da9122cfd4 100644 --- a/c/cert/test/rules/ERR32-C/DoNotRelyOnIndeterminateValuesOfErrno.expected +++ b/c/cert/test/rules/ERR32-C/DoNotRelyOnIndeterminateValuesOfErrno.expected @@ -1,7 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotRelyOnIndeterminateValuesOfErrno.ql:56,7-15) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotRelyOnIndeterminateValuesOfErrno.ql:56,27-35) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotRelyOnIndeterminateValuesOfErrno.ql:57,9-17) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotRelyOnIndeterminateValuesOfErrno.ql:60,9-17) | test.c:12:5:12:10 | call to perror | `errno` has indeterminate value after this $@. | test.c:10:21:10:26 | call to signal | call to signal | | test.c:30:5:30:10 | call to perror | `errno` has indeterminate value after this $@. | test.c:26:21:26:26 | call to signal | call to signal | | test.c:49:5:49:10 | call to perror | `errno` has indeterminate value after this $@. | test.c:45:21:45:26 | call to signal | call to signal | From 9830abcb516f9562d8b47e3251740daf5b308ee1 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Thu, 10 Jul 2025 16:14:21 +0200 Subject: [PATCH 035/104] Convert ERR33-C to use the new dataflow library --- .../src/rules/ERR33-C/DetectAndHandleStandardLibraryErrors.ql | 2 +- .../rules/ERR33-C/DetectAndHandleStandardLibraryErrors.expected | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/c/cert/src/rules/ERR33-C/DetectAndHandleStandardLibraryErrors.ql b/c/cert/src/rules/ERR33-C/DetectAndHandleStandardLibraryErrors.ql index 5e473b226e..f41222999c 100644 --- a/c/cert/src/rules/ERR33-C/DetectAndHandleStandardLibraryErrors.ql +++ b/c/cert/src/rules/ERR33-C/DetectAndHandleStandardLibraryErrors.ql @@ -20,7 +20,7 @@ import cpp import codingstandards.c.cert import semmle.code.cpp.commons.NULL import codingstandards.cpp.ReadErrorsAndEOF -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow ComparisonOperation getAValidComparison(string spec) { spec = "=0" and result.(EqualityOperation).getAnOperand().getValue() = "0" diff --git a/c/cert/test/rules/ERR33-C/DetectAndHandleStandardLibraryErrors.expected b/c/cert/test/rules/ERR33-C/DetectAndHandleStandardLibraryErrors.expected index f4006c013e..fbcc44b856 100644 --- a/c/cert/test/rules/ERR33-C/DetectAndHandleStandardLibraryErrors.expected +++ b/c/cert/test/rules/ERR33-C/DetectAndHandleStandardLibraryErrors.expected @@ -1,4 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DetectAndHandleStandardLibraryErrors.ql:459,5-13) | test.c:18:3:18:11 | call to setlocale | Missing error detection for the call to function `setlocale`. | | test.c:24:23:24:31 | call to setlocale | Missing error detection for the call to function `setlocale`. | | test.c:29:22:29:27 | call to calloc | Missing error detection for the call to function `calloc`. | From 135cb7aff96c27916d66edd2d8d4e511c81ad0cd Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Thu, 10 Jul 2025 16:52:08 +0200 Subject: [PATCH 036/104] Convert EXP37-C to the new dataflow library --- ...CallFunctionPointerWithIncompatibleType.ql | 5 +- ...nctionPointerWithIncompatibleType.expected | 48 ++++++++++++------- 2 files changed, 33 insertions(+), 20 deletions(-) diff --git a/c/cert/src/rules/EXP37-C/DoNotCallFunctionPointerWithIncompatibleType.ql b/c/cert/src/rules/EXP37-C/DoNotCallFunctionPointerWithIncompatibleType.ql index 6d223dab72..b7f751b6bf 100644 --- a/c/cert/src/rules/EXP37-C/DoNotCallFunctionPointerWithIncompatibleType.ql +++ b/c/cert/src/rules/EXP37-C/DoNotCallFunctionPointerWithIncompatibleType.ql @@ -18,7 +18,7 @@ import cpp import codingstandards.c.cert -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import SuspectFunctionPointerToCallFlow::PathGraph /** @@ -61,7 +61,8 @@ where not isExcluded(src.getNode().asExpr(), ExpressionsPackage::doNotCallFunctionPointerWithIncompatibleTypeQuery()) and access = src.getNode().asExpr() and - SuspectFunctionPointerToCallFlow::flowPath(src, sink) + SuspectFunctionPointerToCallFlow::flowPath(src, sink) and + not src.getNode().asExpr().getType() = sink.getNode().asExpr().getFullyConverted().getType() select src, src, sink, "Incompatible function $@ assigned to function pointer is eventually called through the pointer.", access.getTarget(), access.getTarget().getName() diff --git a/c/cert/test/rules/EXP37-C/DoNotCallFunctionPointerWithIncompatibleType.expected b/c/cert/test/rules/EXP37-C/DoNotCallFunctionPointerWithIncompatibleType.expected index 8daaf8361a..aa5018cdb9 100644 --- a/c/cert/test/rules/EXP37-C/DoNotCallFunctionPointerWithIncompatibleType.expected +++ b/c/cert/test/rules/EXP37-C/DoNotCallFunctionPointerWithIncompatibleType.expected @@ -1,28 +1,40 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotCallFunctionPointerWithIncompatibleType.ql:45,54-62) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotCallFunctionPointerWithIncompatibleType.ql:46,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotCallFunctionPointerWithIncompatibleType.ql:50,20-28) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotCallFunctionPointerWithIncompatibleType.ql:55,43-51) edges -| test.c:48:68:48:70 | fns [f1] | test.c:49:3:49:5 | fns [f1] | provenance | | -| test.c:49:3:49:5 | fns [f1] | test.c:49:8:49:9 | f1 | provenance | | -| test.c:61:28:61:29 | f2 | test.c:62:3:62:11 | v1_called | provenance | | -| test.c:73:3:73:5 | fns [post update] [f1] | test.c:75:45:75:48 | & ... [f1] | provenance | | -| test.c:73:3:73:13 | ... = ... | test.c:73:3:73:5 | fns [post update] [f1] | provenance | | +| test.c:48:68:48:70 | *fns [f1] | test.c:49:3:49:5 | *fns [f1] | provenance | | +| test.c:48:68:48:70 | *fns [f2] | test.c:50:3:50:5 | *fns [f2] | provenance | | +| test.c:49:3:49:5 | *fns [f1] | test.c:49:8:49:9 | f1 | provenance | | +| test.c:50:3:50:5 | *fns [f2] | test.c:50:8:50:9 | f2 | provenance | | +| test.c:61:3:61:29 | ... = ... | test.c:62:3:62:11 | v1_called | provenance | | +| test.c:61:15:61:29 | f2 | test.c:61:3:61:29 | ... = ... | provenance | | +| test.c:73:3:73:5 | *fns [post update] [f1] | test.c:74:3:74:5 | *fns [f1] | provenance | | +| test.c:73:3:73:13 | ... = ... | test.c:73:3:73:5 | *fns [post update] [f1] | provenance | | | test.c:73:12:73:13 | v2 | test.c:73:3:73:13 | ... = ... | provenance | | -| test.c:75:45:75:48 | & ... [f1] | test.c:48:68:48:70 | fns [f1] | provenance | | +| test.c:73:12:73:13 | v2 | test.c:74:3:74:13 | ... = ... | provenance | | +| test.c:74:3:74:5 | *fns [f1] | test.c:75:45:75:48 | *& ... [f1] | provenance | | +| test.c:74:3:74:5 | *fns [post update] [f2] | test.c:75:45:75:48 | *& ... [f2] | provenance | | +| test.c:74:3:74:13 | ... = ... | test.c:74:3:74:5 | *fns [post update] [f2] | provenance | | +| test.c:75:45:75:48 | *& ... [f1] | test.c:48:68:48:70 | *fns [f1] | provenance | | +| test.c:75:45:75:48 | *& ... [f2] | test.c:48:68:48:70 | *fns [f2] | provenance | | nodes -| test.c:48:68:48:70 | fns [f1] | semmle.label | fns [f1] | -| test.c:49:3:49:5 | fns [f1] | semmle.label | fns [f1] | +| test.c:48:68:48:70 | *fns [f1] | semmle.label | *fns [f1] | +| test.c:48:68:48:70 | *fns [f2] | semmle.label | *fns [f2] | +| test.c:49:3:49:5 | *fns [f1] | semmle.label | *fns [f1] | | test.c:49:8:49:9 | f1 | semmle.label | f1 | -| test.c:61:28:61:29 | f2 | semmle.label | f2 | +| test.c:50:3:50:5 | *fns [f2] | semmle.label | *fns [f2] | +| test.c:50:8:50:9 | f2 | semmle.label | f2 | +| test.c:61:3:61:29 | ... = ... | semmle.label | ... = ... | +| test.c:61:15:61:29 | f2 | semmle.label | f2 | | test.c:62:3:62:11 | v1_called | semmle.label | v1_called | -| test.c:70:9:70:17 | v3_called | semmle.label | v3_called | -| test.c:73:3:73:5 | fns [post update] [f1] | semmle.label | fns [post update] [f1] | +| test.c:70:4:70:17 | v3_called | semmle.label | v3_called | +| test.c:73:3:73:5 | *fns [post update] [f1] | semmle.label | *fns [post update] [f1] | | test.c:73:3:73:13 | ... = ... | semmle.label | ... = ... | | test.c:73:12:73:13 | v2 | semmle.label | v2 | -| test.c:75:45:75:48 | & ... [f1] | semmle.label | & ... [f1] | +| test.c:74:3:74:5 | *fns [f1] | semmle.label | *fns [f1] | +| test.c:74:3:74:5 | *fns [post update] [f2] | semmle.label | *fns [post update] [f2] | +| test.c:74:3:74:13 | ... = ... | semmle.label | ... = ... | +| test.c:75:45:75:48 | *& ... [f1] | semmle.label | *& ... [f1] | +| test.c:75:45:75:48 | *& ... [f2] | semmle.label | *& ... [f2] | subpaths #select -| test.c:61:28:61:29 | f2 | test.c:61:28:61:29 | f2 | test.c:62:3:62:11 | v1_called | Incompatible function $@ assigned to function pointer is eventually called through the pointer. | test.c:41:13:41:14 | f2 | f2 | -| test.c:70:9:70:17 | v3_called | test.c:70:9:70:17 | v3_called | test.c:70:9:70:17 | v3_called | Incompatible function $@ assigned to function pointer is eventually called through the pointer. | test.c:58:7:58:15 | v3_called | v3_called | +| test.c:61:15:61:29 | f2 | test.c:61:15:61:29 | f2 | test.c:62:3:62:11 | v1_called | Incompatible function $@ assigned to function pointer is eventually called through the pointer. | test.c:41:13:41:14 | f2 | f2 | +| test.c:70:4:70:17 | v3_called | test.c:70:4:70:17 | v3_called | test.c:70:4:70:17 | v3_called | Incompatible function $@ assigned to function pointer is eventually called through the pointer. | test.c:58:7:58:15 | v3_called | v3_called | | test.c:73:12:73:13 | v2 | test.c:73:12:73:13 | v2 | test.c:49:8:49:9 | f1 | Incompatible function $@ assigned to function pointer is eventually called through the pointer. | test.c:56:7:56:8 | v2 | v2 | From bb5e033f989b02abebe12c56966c8a0d3dd64e61 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Thu, 10 Jul 2025 23:46:19 +0200 Subject: [PATCH 037/104] Convert EXP40-C to the new dataflow library --- .../EXP40-C/DoNotModifyConstantObjects.ql | 2 +- .../DoNotModifyConstantObjects.expected | 45 +++++++++++-------- 2 files changed, 27 insertions(+), 20 deletions(-) diff --git a/c/cert/src/rules/EXP40-C/DoNotModifyConstantObjects.ql b/c/cert/src/rules/EXP40-C/DoNotModifyConstantObjects.ql index 9d8e4b16d4..49b65091f1 100644 --- a/c/cert/src/rules/EXP40-C/DoNotModifyConstantObjects.ql +++ b/c/cert/src/rules/EXP40-C/DoNotModifyConstantObjects.ql @@ -17,7 +17,7 @@ import cpp import codingstandards.c.cert -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import CastFlow::PathGraph import codingstandards.cpp.SideEffect diff --git a/c/cert/test/rules/EXP40-C/DoNotModifyConstantObjects.expected b/c/cert/test/rules/EXP40-C/DoNotModifyConstantObjects.expected index 2ac874e770..9c668408a5 100644 --- a/c/cert/test/rules/EXP40-C/DoNotModifyConstantObjects.expected +++ b/c/cert/test/rules/EXP40-C/DoNotModifyConstantObjects.expected @@ -1,33 +1,40 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotModifyConstantObjects.ql:40,30-38) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotModifyConstantObjects.ql:41,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotModifyConstantObjects.ql:47,20-28) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotModifyConstantObjects.ql:52,19-27) edges -| test.c:5:8:5:9 | & ... | test.c:6:4:6:5 | aa | provenance | | -| test.c:26:15:26:15 | a | test.c:27:4:27:4 | a | provenance | | +| test.c:5:3:5:9 | ... = ... | test.c:6:3:6:5 | * ... | provenance | | +| test.c:5:8:5:9 | & ... | test.c:5:3:5:9 | ... = ... | provenance | | +| test.c:26:15:26:15 | a | test.c:27:3:27:4 | * ... | provenance | | +| test.c:34:13:34:14 | & ... | test.c:34:13:34:14 | & ... | provenance | | +| test.c:34:13:34:14 | & ... | test.c:37:3:37:10 | ... = ... | provenance | | | test.c:34:13:34:14 | & ... | test.c:39:7:39:8 | p1 | provenance | | +| test.c:37:3:37:10 | ... = ... | test.c:40:7:40:9 | * ... | provenance | | | test.c:39:7:39:8 | p1 | test.c:26:15:26:15 | a | provenance | | | test.c:40:7:40:9 | * ... | test.c:26:15:26:15 | a | provenance | | -| test.c:59:7:59:8 | & ... | test.c:60:4:60:4 | p | provenance | | -| test.c:79:11:79:16 | call to strchr | test.c:81:6:81:12 | ... ++ | provenance | | +| test.c:59:3:59:8 | ... = ... | test.c:60:3:60:4 | * ... | provenance | | +| test.c:59:7:59:8 | & ... | test.c:59:3:59:8 | ... = ... | provenance | | +| test.c:79:3:79:31 | ... = ... | test.c:81:5:81:12 | * ... | provenance | | +| test.c:79:11:79:16 | call to strchr | test.c:79:3:79:31 | ... = ... | provenance | | nodes +| test.c:5:3:5:9 | ... = ... | semmle.label | ... = ... | | test.c:5:8:5:9 | & ... | semmle.label | & ... | -| test.c:6:4:6:5 | aa | semmle.label | aa | +| test.c:6:3:6:5 | * ... | semmle.label | * ... | | test.c:26:15:26:15 | a | semmle.label | a | -| test.c:27:4:27:4 | a | semmle.label | a | +| test.c:27:3:27:4 | * ... | semmle.label | * ... | | test.c:34:13:34:14 | & ... | semmle.label | & ... | +| test.c:34:13:34:14 | & ... | semmle.label | & ... | +| test.c:37:3:37:10 | ... = ... | semmle.label | ... = ... | | test.c:39:7:39:8 | p1 | semmle.label | p1 | | test.c:40:7:40:9 | * ... | semmle.label | * ... | +| test.c:59:3:59:8 | ... = ... | semmle.label | ... = ... | | test.c:59:7:59:8 | & ... | semmle.label | & ... | -| test.c:60:4:60:4 | p | semmle.label | p | -| test.c:74:12:74:12 | s | semmle.label | s | +| test.c:60:3:60:4 | * ... | semmle.label | * ... | +| test.c:74:3:74:12 | * ... | semmle.label | * ... | +| test.c:79:3:79:31 | ... = ... | semmle.label | ... = ... | | test.c:79:11:79:16 | call to strchr | semmle.label | call to strchr | -| test.c:81:6:81:12 | ... ++ | semmle.label | ... ++ | +| test.c:81:5:81:12 | * ... | semmle.label | * ... | subpaths #select -| test.c:6:4:6:5 | aa | test.c:5:8:5:9 | & ... | test.c:6:4:6:5 | aa | Const variable assigned with non const-value. | -| test.c:27:4:27:4 | a | test.c:34:13:34:14 | & ... | test.c:27:4:27:4 | a | Const variable assigned with non const-value. | -| test.c:27:4:27:4 | a | test.c:40:7:40:9 | * ... | test.c:27:4:27:4 | a | Const variable assigned with non const-value. | -| test.c:60:4:60:4 | p | test.c:59:7:59:8 | & ... | test.c:60:4:60:4 | p | Const variable assigned with non const-value. | -| test.c:74:12:74:12 | s | test.c:74:12:74:12 | s | test.c:74:12:74:12 | s | Const variable assigned with non const-value. | -| test.c:81:6:81:12 | ... ++ | test.c:79:11:79:16 | call to strchr | test.c:81:6:81:12 | ... ++ | Const variable assigned with non const-value. | +| test.c:6:3:6:5 | * ... | test.c:5:8:5:9 | & ... | test.c:6:3:6:5 | * ... | Const variable assigned with non const-value. | +| test.c:27:3:27:4 | * ... | test.c:34:13:34:14 | & ... | test.c:27:3:27:4 | * ... | Const variable assigned with non const-value. | +| test.c:27:3:27:4 | * ... | test.c:40:7:40:9 | * ... | test.c:27:3:27:4 | * ... | Const variable assigned with non const-value. | +| test.c:60:3:60:4 | * ... | test.c:59:7:59:8 | & ... | test.c:60:3:60:4 | * ... | Const variable assigned with non const-value. | +| test.c:74:3:74:12 | * ... | test.c:74:3:74:12 | * ... | test.c:74:3:74:12 | * ... | Const variable assigned with non const-value. | +| test.c:81:5:81:12 | * ... | test.c:79:11:79:16 | call to strchr | test.c:81:5:81:12 | * ... | Const variable assigned with non const-value. | From a5a186529acb79ba4cc7fe21a64b5e6d6b96d540 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Thu, 10 Jul 2025 23:57:15 +0200 Subject: [PATCH 038/104] Convert FIO44-C to the new dataflow library --- .../OnlyUseValuesForFsetposThatAreReturnedFromFgetpos.ql | 8 ++++---- ...UseValuesForFsetposThatAreReturnedFromFgetpos.expected | 5 ----- 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/c/cert/src/rules/FIO44-C/OnlyUseValuesForFsetposThatAreReturnedFromFgetpos.ql b/c/cert/src/rules/FIO44-C/OnlyUseValuesForFsetposThatAreReturnedFromFgetpos.ql index bc0a417bd0..700aaf2cf5 100644 --- a/c/cert/src/rules/FIO44-C/OnlyUseValuesForFsetposThatAreReturnedFromFgetpos.ql +++ b/c/cert/src/rules/FIO44-C/OnlyUseValuesForFsetposThatAreReturnedFromFgetpos.ql @@ -17,7 +17,7 @@ import cpp import codingstandards.c.cert -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow class FgetposCall extends FunctionCall { FgetposCall() { this.getTarget().hasGlobalOrStdName("fgetpos") } @@ -30,12 +30,12 @@ class FsetposCall extends FunctionCall { module FposDFConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { // source must be the second parameter of a FgetposCall call - source = DataFlow::definitionByReferenceNodeFromArgument(any(FgetposCall c).getArgument(1)) + source.asDefiningArgument() = any(FgetposCall c).getArgument(1) } predicate isSink(DataFlow::Node sink) { // sink must be the second parameter of a FsetposCall call - sink.asExpr() = any(FsetposCall c).getArgument(1) + sink.asIndirectExpr() = any(FsetposCall c).getArgument(1) } } @@ -45,6 +45,6 @@ from FsetposCall fsetpos where not isExcluded(fsetpos.getArgument(1), IO2Package::onlyUseValuesForFsetposThatAreReturnedFromFgetposQuery()) and - not FposDFFlow::flowToExpr(fsetpos.getArgument(1)) + not exists(DataFlow::Node n | n.asIndirectExpr() = fsetpos.getArgument(1) | FposDFFlow::flowTo(n)) select fsetpos.getArgument(1), "The position argument of a call to `fsetpos()` should be obtained from a call to `fgetpos()`." diff --git a/c/cert/test/rules/FIO44-C/OnlyUseValuesForFsetposThatAreReturnedFromFgetpos.expected b/c/cert/test/rules/FIO44-C/OnlyUseValuesForFsetposThatAreReturnedFromFgetpos.expected index ec05727161..8074710738 100644 --- a/c/cert/test/rules/FIO44-C/OnlyUseValuesForFsetposThatAreReturnedFromFgetpos.expected +++ b/c/cert/test/rules/FIO44-C/OnlyUseValuesForFsetposThatAreReturnedFromFgetpos.expected @@ -1,7 +1,2 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (OnlyUseValuesForFsetposThatAreReturnedFromFgetpos.ql:30,32-40) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (OnlyUseValuesForFsetposThatAreReturnedFromFgetpos.ql:31,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (OnlyUseValuesForFsetposThatAreReturnedFromFgetpos.ql:33,14-22) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (OnlyUseValuesForFsetposThatAreReturnedFromFgetpos.ql:36,20-28) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (OnlyUseValuesForFsetposThatAreReturnedFromFgetpos.ql:42,21-29) | test.c:7:24:7:30 | & ... | The position argument of a call to `fsetpos()` should be obtained from a call to `fgetpos()`. | | test.c:33:24:33:30 | & ... | The position argument of a call to `fsetpos()` should be obtained from a call to `fgetpos()`. | From 3e69bf61cae206567cff65fd1ab0103e417e43cf Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Fri, 11 Jul 2025 00:03:28 +0200 Subject: [PATCH 039/104] Convert MEM35-C to the new dataflow library --- .../src/rules/MEM35-C/InsufficientMemoryAllocatedForObject.ql | 2 +- .../rules/MEM35-C/InsufficientMemoryAllocatedForObject.expected | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/c/cert/src/rules/MEM35-C/InsufficientMemoryAllocatedForObject.ql b/c/cert/src/rules/MEM35-C/InsufficientMemoryAllocatedForObject.ql index 06fd267560..2f937607e3 100644 --- a/c/cert/src/rules/MEM35-C/InsufficientMemoryAllocatedForObject.ql +++ b/c/cert/src/rules/MEM35-C/InsufficientMemoryAllocatedForObject.ql @@ -21,7 +21,7 @@ import cpp import codingstandards.c.cert import codingstandards.cpp.Overflow import semmle.code.cpp.controlflow.Guards -import semmle.code.cpp.dataflow.TaintTracking +import semmle.code.cpp.dataflow.new.TaintTracking import semmle.code.cpp.models.Models /** diff --git a/c/cert/test/rules/MEM35-C/InsufficientMemoryAllocatedForObject.expected b/c/cert/test/rules/MEM35-C/InsufficientMemoryAllocatedForObject.expected index 86bdeedf5f..30dece9299 100644 --- a/c/cert/test/rules/MEM35-C/InsufficientMemoryAllocatedForObject.expected +++ b/c/cert/test/rules/MEM35-C/InsufficientMemoryAllocatedForObject.expected @@ -1,5 +1,3 @@ -WARNING: module 'TaintTracking' has been deprecated and may be removed in future (InsufficientMemoryAllocatedForObject.ql:90,5-18) -WARNING: module 'TaintTracking' has been deprecated and may be removed in future (InsufficientMemoryAllocatedForObject.ql:148,5-18) | test.c:12:19:12:24 | call to malloc | Allocation size (32 bytes) is not a multiple of the size of 'S1' (36 bytes). | test.c:12:26:12:32 | 32 | | | test.c:15:19:15:24 | call to malloc | Allocation size calculated from the size of a different type ($@). | test.c:15:26:15:35 | sizeof() | sizeof(S1 *) | | test.c:20:19:20:24 | call to malloc | Allocation size (128 bytes) is not a multiple of the size of 'S1' (36 bytes). | test.c:20:26:20:36 | ... * ... | | From ba281e2a608847bbee98fbcda563ee8322d0d063 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Fri, 11 Jul 2025 00:08:38 +0200 Subject: [PATCH 040/104] Convert MEM36-C to the new dataflow library --- ...DoNotModifyAlignmentOfMemoryWithRealloc.ql | 2 +- ...odifyAlignmentOfMemoryWithRealloc.expected | 19 +++++++++++-------- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/c/cert/src/rules/MEM36-C/DoNotModifyAlignmentOfMemoryWithRealloc.ql b/c/cert/src/rules/MEM36-C/DoNotModifyAlignmentOfMemoryWithRealloc.ql index 90c34a44a2..e6d7cfe07d 100644 --- a/c/cert/src/rules/MEM36-C/DoNotModifyAlignmentOfMemoryWithRealloc.ql +++ b/c/cert/src/rules/MEM36-C/DoNotModifyAlignmentOfMemoryWithRealloc.ql @@ -20,7 +20,7 @@ import cpp import codingstandards.c.cert import codingstandards.cpp.Alignment -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import AlignedAllocToReallocFlow::PathGraph int getStatedValue(Expr e) { diff --git a/c/cert/test/rules/MEM36-C/DoNotModifyAlignmentOfMemoryWithRealloc.expected b/c/cert/test/rules/MEM36-C/DoNotModifyAlignmentOfMemoryWithRealloc.expected index 587ae786d1..6b71a8a76c 100644 --- a/c/cert/test/rules/MEM36-C/DoNotModifyAlignmentOfMemoryWithRealloc.expected +++ b/c/cert/test/rules/MEM36-C/DoNotModifyAlignmentOfMemoryWithRealloc.expected @@ -1,20 +1,23 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotModifyAlignmentOfMemoryWithRealloc.ql:31,36-44) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotModifyAlignmentOfMemoryWithRealloc.ql:45,47-55) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotModifyAlignmentOfMemoryWithRealloc.ql:46,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotModifyAlignmentOfMemoryWithRealloc.ql:50,20-28) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotModifyAlignmentOfMemoryWithRealloc.ql:55,36-44) edges -| test.c:5:10:5:22 | call to aligned_alloc | test.c:15:8:15:28 | call to aligned_alloc_wrapper | provenance | | +| test.c:4:7:4:27 | *aligned_alloc_wrapper | test.c:15:8:15:28 | call to aligned_alloc_wrapper | provenance | | +| test.c:5:10:5:22 | call to aligned_alloc | test.c:4:7:4:27 | *aligned_alloc_wrapper | provenance | | +| test.c:5:10:5:22 | call to aligned_alloc | test.c:5:10:5:22 | call to aligned_alloc | provenance | | | test.c:8:29:8:31 | ptr | test.c:8:64:8:66 | ptr | provenance | | -| test.c:15:8:15:28 | call to aligned_alloc_wrapper | test.c:16:24:16:25 | v1 | provenance | | +| test.c:15:3:15:36 | ... = ... | test.c:16:24:16:25 | v1 | provenance | | +| test.c:15:8:15:28 | call to aligned_alloc_wrapper | test.c:15:3:15:36 | ... = ... | provenance | | | test.c:16:24:16:25 | v1 | test.c:8:29:8:31 | ptr | provenance | | -| test.c:22:8:22:20 | call to aligned_alloc | test.c:23:16:23:17 | v3 | provenance | | +| test.c:22:3:22:28 | ... = ... | test.c:23:16:23:17 | v3 | provenance | | +| test.c:22:8:22:20 | call to aligned_alloc | test.c:22:3:22:28 | ... = ... | provenance | | nodes +| test.c:4:7:4:27 | *aligned_alloc_wrapper | semmle.label | *aligned_alloc_wrapper | +| test.c:5:10:5:22 | call to aligned_alloc | semmle.label | call to aligned_alloc | | test.c:5:10:5:22 | call to aligned_alloc | semmle.label | call to aligned_alloc | | test.c:8:29:8:31 | ptr | semmle.label | ptr | | test.c:8:64:8:66 | ptr | semmle.label | ptr | +| test.c:15:3:15:36 | ... = ... | semmle.label | ... = ... | | test.c:15:8:15:28 | call to aligned_alloc_wrapper | semmle.label | call to aligned_alloc_wrapper | | test.c:16:24:16:25 | v1 | semmle.label | v1 | +| test.c:22:3:22:28 | ... = ... | semmle.label | ... = ... | | test.c:22:8:22:20 | call to aligned_alloc | semmle.label | call to aligned_alloc | | test.c:23:16:23:17 | v3 | semmle.label | v3 | subpaths From d385a769b043bdce6bb8d652d781c7c0d860769f Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Fri, 11 Jul 2025 00:17:33 +0200 Subject: [PATCH 041/104] Convert SIG30-C to the new dataflow library --- .../CallOnlyAsyncSafeFunctionsWithinSignalHandlers.ql | 2 +- ...nlyAsyncSafeFunctionsWithinSignalHandlers.expected | 11 ++++------- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/c/cert/src/rules/SIG30-C/CallOnlyAsyncSafeFunctionsWithinSignalHandlers.ql b/c/cert/src/rules/SIG30-C/CallOnlyAsyncSafeFunctionsWithinSignalHandlers.ql index e5dc33f817..643f4af729 100644 --- a/c/cert/src/rules/SIG30-C/CallOnlyAsyncSafeFunctionsWithinSignalHandlers.ql +++ b/c/cert/src/rules/SIG30-C/CallOnlyAsyncSafeFunctionsWithinSignalHandlers.ql @@ -19,7 +19,7 @@ import cpp import codingstandards.c.cert import codingstandards.c.Signal -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow /** * Does not access an external variable except diff --git a/c/cert/test/rules/SIG30-C/CallOnlyAsyncSafeFunctionsWithinSignalHandlers.expected b/c/cert/test/rules/SIG30-C/CallOnlyAsyncSafeFunctionsWithinSignalHandlers.expected index ce13ee69a7..a601fe63f4 100644 --- a/c/cert/test/rules/SIG30-C/CallOnlyAsyncSafeFunctionsWithinSignalHandlers.expected +++ b/c/cert/test/rules/SIG30-C/CallOnlyAsyncSafeFunctionsWithinSignalHandlers.expected @@ -1,7 +1,4 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (CallOnlyAsyncSafeFunctionsWithinSignalHandlers.ql:110,11-19) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (CallOnlyAsyncSafeFunctionsWithinSignalHandlers.ql:110,31-39) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (CallOnlyAsyncSafeFunctionsWithinSignalHandlers.ql:111,9-17) -| test.c:10:3:10:18 | call to log_local_unsafe | Asynchronous-unsafe function calls within a $@ can lead to undefined behavior. | test.c:16:7:16:12 | call to signal | signal handler | -| test.c:11:3:11:6 | call to free | Asynchronous-unsafe function calls within a $@ can lead to undefined behavior. | test.c:16:7:16:12 | call to signal | signal handler | -| test.c:46:3:46:9 | call to longjmp | Asynchronous-unsafe function calls within a $@ can lead to undefined behavior. | test.c:50:7:50:12 | call to signal | signal handler | -| test.c:76:7:76:11 | call to raise | Asynchronous-unsafe function calls within a $@ can lead to undefined behavior. | test.c:91:7:91:12 | call to signal | signal handler | +| test.c:10:3:10:18 | call to log_local_unsafe | Asyncronous-unsafe function calls within a $@ can lead to undefined behavior. | test.c:16:7:16:12 | call to signal | signal handler | +| test.c:11:3:11:6 | call to free | Asyncronous-unsafe function calls within a $@ can lead to undefined behavior. | test.c:16:7:16:12 | call to signal | signal handler | +| test.c:46:3:46:9 | call to longjmp | Asyncronous-unsafe function calls within a $@ can lead to undefined behavior. | test.c:50:7:50:12 | call to signal | signal handler | +| test.c:76:7:76:11 | call to raise | Asyncronous-unsafe function calls within a $@ can lead to undefined behavior. | test.c:91:7:91:12 | call to signal | signal handler | From 099f35894ef92d81148e748a204b1dd832ac0eed Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Fri, 11 Jul 2025 00:26:46 +0200 Subject: [PATCH 042/104] Convert SIG35-C to the new dataflow library --- .../SIG35-C/DoNotReturnFromAComputationalExceptionHandler.ql | 2 +- .../DoNotReturnFromAComputationalExceptionHandler.expected | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/c/cert/src/rules/SIG35-C/DoNotReturnFromAComputationalExceptionHandler.ql b/c/cert/src/rules/SIG35-C/DoNotReturnFromAComputationalExceptionHandler.ql index bd65019f98..b00fb33844 100644 --- a/c/cert/src/rules/SIG35-C/DoNotReturnFromAComputationalExceptionHandler.ql +++ b/c/cert/src/rules/SIG35-C/DoNotReturnFromAComputationalExceptionHandler.ql @@ -19,7 +19,7 @@ import cpp import codingstandards.c.cert import codingstandards.c.Signal -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow /** * CFG nodes preceeding a `ReturnStmt` diff --git a/c/cert/test/rules/SIG35-C/DoNotReturnFromAComputationalExceptionHandler.expected b/c/cert/test/rules/SIG35-C/DoNotReturnFromAComputationalExceptionHandler.expected index fb78049d25..31412c466a 100644 --- a/c/cert/test/rules/SIG35-C/DoNotReturnFromAComputationalExceptionHandler.expected +++ b/c/cert/test/rules/SIG35-C/DoNotReturnFromAComputationalExceptionHandler.expected @@ -1,2 +1 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotReturnFromAComputationalExceptionHandler.ql:44,5-13) | test.c:10:1:10:1 | return ... | Do not return from a $@ signal handler. | test.c:13:10:13:15 | SIGFPE | computational exception | From 2a8277cfa3687bce3503181188750fe11ff9daa6 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Fri, 11 Jul 2025 00:30:06 +0200 Subject: [PATCH 043/104] Convert Signal library to the new data flow library The `getReassertingCall` predicate is only used by SIG34-C, whose tests still pass. --- c/common/src/codingstandards/c/Signal.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/c/common/src/codingstandards/c/Signal.qll b/c/common/src/codingstandards/c/Signal.qll index 2a570b654f..2f7844ab11 100644 --- a/c/common/src/codingstandards/c/Signal.qll +++ b/c/common/src/codingstandards/c/Signal.qll @@ -1,5 +1,5 @@ import cpp -private import semmle.code.cpp.dataflow.DataFlow +private import semmle.code.cpp.dataflow.new.DataFlow /** * A signal corresponding to a computational exception From 69c6bf7490b0de498f7bbb08d2cf5894db54ab67 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Fri, 11 Jul 2025 15:12:37 +0200 Subject: [PATCH 044/104] Convert RULE-13-2 to the new dataflow library --- c/misra/src/rules/RULE-13-2/UnsequencedAtomicReads.ql | 2 +- c/misra/test/rules/RULE-13-2/UnsequencedAtomicReads.expected | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/c/misra/src/rules/RULE-13-2/UnsequencedAtomicReads.ql b/c/misra/src/rules/RULE-13-2/UnsequencedAtomicReads.ql index 012b4877c5..99c9021040 100644 --- a/c/misra/src/rules/RULE-13-2/UnsequencedAtomicReads.ql +++ b/c/misra/src/rules/RULE-13-2/UnsequencedAtomicReads.ql @@ -13,7 +13,7 @@ */ import cpp -import semmle.code.cpp.dataflow.TaintTracking +import semmle.code.cpp.dataflow.new.TaintTracking import codingstandards.c.misra import codingstandards.c.Ordering import codingstandards.c.orderofevaluation.VariableAccessOrdering diff --git a/c/misra/test/rules/RULE-13-2/UnsequencedAtomicReads.expected b/c/misra/test/rules/RULE-13-2/UnsequencedAtomicReads.expected index 276db0040e..0b8d5daca8 100644 --- a/c/misra/test/rules/RULE-13-2/UnsequencedAtomicReads.expected +++ b/c/misra/test/rules/RULE-13-2/UnsequencedAtomicReads.expected @@ -1,5 +1,2 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (UnsequencedAtomicReads.ql:114,31-39) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (UnsequencedAtomicReads.ql:114,67-75) -WARNING: module 'TaintTracking' has been deprecated and may be removed in future (UnsequencedAtomicReads.ql:114,5-18) | test.c:44:12:44:18 | ... + ... | Atomic variable $@ has a $@ that is unsequenced with $@. | test.c:42:15:42:16 | a1 | a1 | test.c:44:12:44:13 | a1 | previous read | test.c:44:17:44:18 | a1 | another read | | test.c:46:3:46:37 | ... + ... | Atomic variable $@ has a $@ that is unsequenced with $@. | test.c:42:15:42:16 | a1 | a1 | test.c:46:16:46:17 | a1 | previous read | test.c:46:35:46:36 | a1 | another read | From 9e8e4298a981155cdbd7e748e5ae1bf731fe307a Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Fri, 11 Jul 2025 17:02:04 +0200 Subject: [PATCH 045/104] Convert RULE-21-14 to the new dataflow library Observe that the special case for global variables is no longer needed, as these are properly handled in the new dataflow library. --- ...emcmpUsedToCompareNullTerminatedStrings.ql | 22 ++--- ...sedToCompareNullTerminatedStrings.expected | 88 ++++++++++++------- 2 files changed, 61 insertions(+), 49 deletions(-) diff --git a/c/misra/src/rules/RULE-21-14/MemcmpUsedToCompareNullTerminatedStrings.ql b/c/misra/src/rules/RULE-21-14/MemcmpUsedToCompareNullTerminatedStrings.ql index b487f5b9b5..f5f5e134fd 100644 --- a/c/misra/src/rules/RULE-21-14/MemcmpUsedToCompareNullTerminatedStrings.ql +++ b/c/misra/src/rules/RULE-21-14/MemcmpUsedToCompareNullTerminatedStrings.ql @@ -16,13 +16,13 @@ import cpp import codingstandards.c.misra import codingstandards.c.misra.EssentialTypes -import semmle.code.cpp.dataflow.TaintTracking +import semmle.code.cpp.dataflow.new.TaintTracking import NullTerminatedStringToMemcmpFlow::PathGraph // Data flow from a StringLiteral or from an array of characters, to a memcmp call module NullTerminatedStringToMemcmpConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { - source.asExpr() instanceof StringLiteral + source.asIndirectExpr(1) instanceof StringLiteral or exists(Variable v, ArrayAggregateLiteral aal | aal = v.getInitializer().getExpr() and @@ -31,26 +31,14 @@ module NullTerminatedStringToMemcmpConfig implements DataFlow::ConfigSig { // Includes a null terminator somewhere in the array initializer aal.getAnElementExpr(_).getValue().toInt() = 0 | - // For local variables, use the array aggregate literal as the source aal = source.asExpr() - or - // ArrayAggregateLiterals used as initializers for global variables are not viable sources - // for global data flow, so we instead report variable accesses as sources, where the variable - // is constant or is not assigned in the program - v instanceof GlobalVariable and - source.asExpr() = v.getAnAccess() and - ( - v.isConst() - or - not exists(Expr e | e = v.getAnAssignedValue() and not e = aal) - ) ) } predicate isSink(DataFlow::Node sink) { exists(FunctionCall memcmp | memcmp.getTarget().hasGlobalOrStdName("memcmp") and - sink.asExpr() = memcmp.getArgument([0, 1]) + sink.asIndirectExpr() = memcmp.getArgument([0, 1]) ) } } @@ -67,8 +55,8 @@ from where not isExcluded(memcmp, EssentialTypesPackage::memcmpUsedToCompareNullTerminatedStringsQuery()) and memcmp.getTarget().hasGlobalOrStdName("memcmp") and - arg1.getNode().asExpr() = memcmp.getArgument(0) and - arg2.getNode().asExpr() = memcmp.getArgument(1) and + arg1.getNode().asIndirectExpr(1) = memcmp.getArgument(0) and + arg2.getNode().asIndirectExpr(1) = memcmp.getArgument(1) and // There is a path from a null-terminated string to each argument NullTerminatedStringToMemcmpFlow::flowPath(source1, arg1) and NullTerminatedStringToMemcmpFlow::flowPath(source2, arg2) and diff --git a/c/misra/test/rules/RULE-21-14/MemcmpUsedToCompareNullTerminatedStrings.expected b/c/misra/test/rules/RULE-21-14/MemcmpUsedToCompareNullTerminatedStrings.expected index 5ae49919a9..7fbb4e322a 100644 --- a/c/misra/test/rules/RULE-21-14/MemcmpUsedToCompareNullTerminatedStrings.expected +++ b/c/misra/test/rules/RULE-21-14/MemcmpUsedToCompareNullTerminatedStrings.expected @@ -1,38 +1,62 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (MemcmpUsedToCompareNullTerminatedStrings.ql:23,54-62) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (MemcmpUsedToCompareNullTerminatedStrings.ql:24,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (MemcmpUsedToCompareNullTerminatedStrings.ql:50,20-28) -WARNING: module 'TaintTracking' has been deprecated and may be removed in future (MemcmpUsedToCompareNullTerminatedStrings.ql:58,43-56) edges -| test.c:12:13:12:15 | a | test.c:14:10:14:10 | a | provenance | | -| test.c:12:13:12:15 | a | test.c:23:13:23:13 | a | provenance | | -| test.c:12:13:12:15 | a | test.c:24:10:24:10 | a | provenance | | -| test.c:13:13:13:15 | b | test.c:14:13:14:13 | b | provenance | | -| test.c:18:15:18:28 | {...} | test.c:21:10:21:10 | e | provenance | | -| test.c:19:15:19:28 | {...} | test.c:21:13:21:13 | f | provenance | | +| test.c:6:6:6:6 | *c | test.c:6:15:6:17 | 97 | provenance | | +| test.c:6:6:6:6 | *c | test.c:16:10:16:10 | *c | provenance | | +| test.c:6:6:6:6 | *c | test.c:26:13:26:13 | *c | provenance | | +| test.c:6:6:6:6 | *c | test.c:27:10:27:10 | *c | provenance | | +| test.c:6:14:6:26 | {...} | test.c:6:6:6:6 | *c | provenance | | +| test.c:6:15:6:17 | 97 | test.c:6:20:6:22 | 98 | provenance | | +| test.c:6:20:6:22 | 98 | test.c:6:25:6:25 | {...} | provenance | | +| test.c:6:25:6:25 | {...} | test.c:6:14:6:26 | {...} | provenance | | +| test.c:7:6:7:6 | *d | test.c:7:15:7:17 | 97 | provenance | | +| test.c:7:6:7:6 | *d | test.c:16:13:16:13 | *d | provenance | | +| test.c:7:14:7:26 | {...} | test.c:7:6:7:6 | *d | provenance | | +| test.c:7:15:7:17 | 97 | test.c:7:20:7:22 | 98 | provenance | | +| test.c:7:20:7:22 | 98 | test.c:7:25:7:25 | {...} | provenance | | +| test.c:7:25:7:25 | {...} | test.c:7:14:7:26 | {...} | provenance | | +| test.c:12:13:12:15 | *a | test.c:14:10:14:10 | *a | provenance | DataFlowFunction | +| test.c:12:13:12:15 | *a | test.c:23:13:23:13 | *a | provenance | DataFlowFunction | +| test.c:12:13:12:15 | *a | test.c:24:10:24:10 | *a | provenance | DataFlowFunction | +| test.c:13:13:13:15 | *b | test.c:14:13:14:13 | *b | provenance | DataFlowFunction | +| test.c:18:15:18:28 | {...} | test.c:21:10:21:10 | *e | provenance | | +| test.c:18:27:18:27 | {...} | test.c:18:15:18:28 | {...} | provenance | | +| test.c:19:15:19:28 | {...} | test.c:21:13:21:13 | *f | provenance | | +| test.c:19:27:19:27 | {...} | test.c:19:15:19:28 | {...} | provenance | | nodes -| test.c:10:10:10:12 | a | semmle.label | a | -| test.c:10:15:10:17 | b | semmle.label | b | -| test.c:12:13:12:15 | a | semmle.label | a | -| test.c:13:13:13:15 | b | semmle.label | b | -| test.c:14:10:14:10 | a | semmle.label | a | -| test.c:14:13:14:13 | b | semmle.label | b | -| test.c:16:10:16:10 | c | semmle.label | c | -| test.c:16:13:16:13 | d | semmle.label | d | +| test.c:6:6:6:6 | *c | semmle.label | *c | +| test.c:6:14:6:26 | {...} | semmle.label | {...} | +| test.c:6:15:6:17 | 97 | semmle.label | 97 | +| test.c:6:20:6:22 | 98 | semmle.label | 98 | +| test.c:6:25:6:25 | {...} | semmle.label | {...} | +| test.c:7:6:7:6 | *d | semmle.label | *d | +| test.c:7:14:7:26 | {...} | semmle.label | {...} | +| test.c:7:15:7:17 | 97 | semmle.label | 97 | +| test.c:7:20:7:22 | 98 | semmle.label | 98 | +| test.c:7:25:7:25 | {...} | semmle.label | {...} | +| test.c:10:10:10:12 | *a | semmle.label | *a | +| test.c:10:15:10:17 | *b | semmle.label | *b | +| test.c:12:13:12:15 | *a | semmle.label | *a | +| test.c:13:13:13:15 | *b | semmle.label | *b | +| test.c:14:10:14:10 | *a | semmle.label | *a | +| test.c:14:13:14:13 | *b | semmle.label | *b | +| test.c:16:10:16:10 | *c | semmle.label | *c | +| test.c:16:13:16:13 | *d | semmle.label | *d | | test.c:18:15:18:28 | {...} | semmle.label | {...} | +| test.c:18:27:18:27 | {...} | semmle.label | {...} | | test.c:19:15:19:28 | {...} | semmle.label | {...} | -| test.c:21:10:21:10 | e | semmle.label | e | -| test.c:21:13:21:13 | f | semmle.label | f | -| test.c:23:13:23:13 | a | semmle.label | a | -| test.c:24:10:24:10 | a | semmle.label | a | -| test.c:26:13:26:13 | c | semmle.label | c | -| test.c:27:10:27:10 | c | semmle.label | c | +| test.c:19:27:19:27 | {...} | semmle.label | {...} | +| test.c:21:10:21:10 | *e | semmle.label | *e | +| test.c:21:13:21:13 | *f | semmle.label | *f | +| test.c:23:13:23:13 | *a | semmle.label | *a | +| test.c:24:10:24:10 | *a | semmle.label | *a | +| test.c:26:13:26:13 | *c | semmle.label | *c | +| test.c:27:10:27:10 | *c | semmle.label | *c | subpaths #select -| test.c:10:3:10:8 | call to memcmp | test.c:10:10:10:12 | a | test.c:10:10:10:12 | a | memcmp used to compare $@ with $@. | test.c:10:10:10:12 | a | null-terminated string | test.c:10:15:10:17 | b | null-terminated string | -| test.c:10:3:10:8 | call to memcmp | test.c:10:15:10:17 | b | test.c:10:15:10:17 | b | memcmp used to compare $@ with $@. | test.c:10:10:10:12 | a | null-terminated string | test.c:10:15:10:17 | b | null-terminated string | -| test.c:14:3:14:8 | call to memcmp | test.c:12:13:12:15 | a | test.c:14:10:14:10 | a | memcmp used to compare $@ with $@. | test.c:12:13:12:15 | a | null-terminated string | test.c:13:13:13:15 | b | null-terminated string | -| test.c:14:3:14:8 | call to memcmp | test.c:13:13:13:15 | b | test.c:14:13:14:13 | b | memcmp used to compare $@ with $@. | test.c:12:13:12:15 | a | null-terminated string | test.c:13:13:13:15 | b | null-terminated string | -| test.c:16:3:16:8 | call to memcmp | test.c:16:10:16:10 | c | test.c:16:10:16:10 | c | memcmp used to compare $@ with $@. | test.c:16:10:16:10 | c | null-terminated string | test.c:16:13:16:13 | d | null-terminated string | -| test.c:16:3:16:8 | call to memcmp | test.c:16:13:16:13 | d | test.c:16:13:16:13 | d | memcmp used to compare $@ with $@. | test.c:16:10:16:10 | c | null-terminated string | test.c:16:13:16:13 | d | null-terminated string | -| test.c:21:3:21:8 | call to memcmp | test.c:18:15:18:28 | {...} | test.c:21:10:21:10 | e | memcmp used to compare $@ with $@. | test.c:18:15:18:28 | {...} | null-terminated string | test.c:19:15:19:28 | {...} | null-terminated string | -| test.c:21:3:21:8 | call to memcmp | test.c:19:15:19:28 | {...} | test.c:21:13:21:13 | f | memcmp used to compare $@ with $@. | test.c:18:15:18:28 | {...} | null-terminated string | test.c:19:15:19:28 | {...} | null-terminated string | +| test.c:10:3:10:8 | call to memcmp | test.c:10:10:10:12 | *a | test.c:10:10:10:12 | *a | memcmp used to compare $@ with $@. | test.c:10:10:10:12 | *a | null-terminated string | test.c:10:15:10:17 | *b | null-terminated string | +| test.c:10:3:10:8 | call to memcmp | test.c:10:15:10:17 | *b | test.c:10:15:10:17 | *b | memcmp used to compare $@ with $@. | test.c:10:10:10:12 | *a | null-terminated string | test.c:10:15:10:17 | *b | null-terminated string | +| test.c:14:3:14:8 | call to memcmp | test.c:12:13:12:15 | *a | test.c:14:10:14:10 | *a | memcmp used to compare $@ with $@. | test.c:12:13:12:15 | *a | null-terminated string | test.c:13:13:13:15 | *b | null-terminated string | +| test.c:14:3:14:8 | call to memcmp | test.c:13:13:13:15 | *b | test.c:14:13:14:13 | *b | memcmp used to compare $@ with $@. | test.c:12:13:12:15 | *a | null-terminated string | test.c:13:13:13:15 | *b | null-terminated string | +| test.c:16:3:16:8 | call to memcmp | test.c:6:25:6:25 | {...} | test.c:16:10:16:10 | *c | memcmp used to compare $@ with $@. | test.c:6:25:6:25 | {...} | null-terminated string | test.c:7:25:7:25 | {...} | null-terminated string | +| test.c:16:3:16:8 | call to memcmp | test.c:7:25:7:25 | {...} | test.c:16:13:16:13 | *d | memcmp used to compare $@ with $@. | test.c:6:25:6:25 | {...} | null-terminated string | test.c:7:25:7:25 | {...} | null-terminated string | +| test.c:21:3:21:8 | call to memcmp | test.c:18:27:18:27 | {...} | test.c:21:10:21:10 | *e | memcmp used to compare $@ with $@. | test.c:18:27:18:27 | {...} | null-terminated string | test.c:19:27:19:27 | {...} | null-terminated string | +| test.c:21:3:21:8 | call to memcmp | test.c:19:27:19:27 | {...} | test.c:21:13:21:13 | *f | memcmp used to compare $@ with $@. | test.c:18:27:18:27 | {...} | null-terminated string | test.c:19:27:19:27 | {...} | null-terminated string | From cee7cef4eef499ce6a768d9805f3ff3b26d43bf2 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Fri, 11 Jul 2025 17:05:13 +0200 Subject: [PATCH 046/104] Convert RULE-22-7 to the new dataflow library --- .../EofShallBeComparedWithUnmodifiedReturnValues.ql | 2 +- .../EofShallBeComparedWithUnmodifiedReturnValues.expected | 8 -------- 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/c/misra/src/rules/RULE-22-7/EofShallBeComparedWithUnmodifiedReturnValues.ql b/c/misra/src/rules/RULE-22-7/EofShallBeComparedWithUnmodifiedReturnValues.ql index 1da495ca28..44bc22620d 100644 --- a/c/misra/src/rules/RULE-22-7/EofShallBeComparedWithUnmodifiedReturnValues.ql +++ b/c/misra/src/rules/RULE-22-7/EofShallBeComparedWithUnmodifiedReturnValues.ql @@ -15,7 +15,7 @@ import cpp import codingstandards.c.misra import codingstandards.cpp.ReadErrorsAndEOF -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow /** * The getchar() return value propagates directly to a check against EOF macro diff --git a/c/misra/test/rules/RULE-22-7/EofShallBeComparedWithUnmodifiedReturnValues.expected b/c/misra/test/rules/RULE-22-7/EofShallBeComparedWithUnmodifiedReturnValues.expected index 210a3a9218..709d8b002c 100644 --- a/c/misra/test/rules/RULE-22-7/EofShallBeComparedWithUnmodifiedReturnValues.expected +++ b/c/misra/test/rules/RULE-22-7/EofShallBeComparedWithUnmodifiedReturnValues.expected @@ -1,10 +1,2 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (EofShallBeComparedWithUnmodifiedReturnValues.ql:24,28-36) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (EofShallBeComparedWithUnmodifiedReturnValues.ql:25,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (EofShallBeComparedWithUnmodifiedReturnValues.ql:29,20-28) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (EofShallBeComparedWithUnmodifiedReturnValues.ql:38,23-31) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (EofShallBeComparedWithUnmodifiedReturnValues.ql:43,17-25) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (EofShallBeComparedWithUnmodifiedReturnValues.ql:52,5-13) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (EofShallBeComparedWithUnmodifiedReturnValues.ql:60,20-28) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (EofShallBeComparedWithUnmodifiedReturnValues.ql:60,46-54) | test.c:6:7:6:20 | ... != ... | The check is not reliable as the type of the return value of $@ is converted. | test.c:5:14:5:20 | call to getchar | call to getchar | | test.c:13:7:13:15 | ... != ... | The check is not reliable as the type of the return value of $@ is converted. | test.c:12:14:12:20 | call to getchar | call to getchar | From fcbb620fc9eb44620497d56d1615938a8e59a15a Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Fri, 11 Jul 2025 17:13:29 +0200 Subject: [PATCH 047/104] Convert A13-1-3 to the new dataflow library --- ...alsOperatorsShallOnlyPerformConversionOfPassedParameters.ql | 2 +- ...ratorsShallOnlyPerformConversionOfPassedParameters.expected | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/cpp/autosar/src/rules/A13-1-3/UserDefinedLiteralsOperatorsShallOnlyPerformConversionOfPassedParameters.ql b/cpp/autosar/src/rules/A13-1-3/UserDefinedLiteralsOperatorsShallOnlyPerformConversionOfPassedParameters.ql index a4e652269e..1e281385eb 100644 --- a/cpp/autosar/src/rules/A13-1-3/UserDefinedLiteralsOperatorsShallOnlyPerformConversionOfPassedParameters.ql +++ b/cpp/autosar/src/rules/A13-1-3/UserDefinedLiteralsOperatorsShallOnlyPerformConversionOfPassedParameters.ql @@ -14,7 +14,7 @@ */ import cpp -import semmle.code.cpp.dataflow.TaintTracking +import semmle.code.cpp.dataflow.new.TaintTracking import codingstandards.cpp.autosar import codingstandards.cpp.UserDefinedLiteral as udl import codingstandards.cpp.SideEffect diff --git a/cpp/autosar/test/rules/A13-1-3/UserDefinedLiteralsOperatorsShallOnlyPerformConversionOfPassedParameters.expected b/cpp/autosar/test/rules/A13-1-3/UserDefinedLiteralsOperatorsShallOnlyPerformConversionOfPassedParameters.expected index 5d1d6022b5..53dc884023 100644 --- a/cpp/autosar/test/rules/A13-1-3/UserDefinedLiteralsOperatorsShallOnlyPerformConversionOfPassedParameters.expected +++ b/cpp/autosar/test/rules/A13-1-3/UserDefinedLiteralsOperatorsShallOnlyPerformConversionOfPassedParameters.expected @@ -1,4 +1 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (UserDefinedLiteralsOperatorsShallOnlyPerformConversionOfPassedParameters.ql:27,33-41) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (UserDefinedLiteralsOperatorsShallOnlyPerformConversionOfPassedParameters.ql:28,5-13) -WARNING: module 'TaintTracking' has been deprecated and may be removed in future (UserDefinedLiteralsOperatorsShallOnlyPerformConversionOfPassedParameters.ql:27,7-20) | test.cpp:47:8:47:23 | operator ""_uds5 | User defined literal operator returns $@, which is not converted from a passed parameter | test.cpp:48:10:48:12 | 0.0 | expression | From def97cca11c95aac2d60bd5cd7fc11a2a05fe34f Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Fri, 11 Jul 2025 17:18:23 +0200 Subject: [PATCH 048/104] Convert A13-2-1 to the new dataflow library --- cpp/autosar/src/rules/A13-2-1/AssignmentOperatorReturnThis.ql | 2 +- .../test/rules/A13-2-1/AssignmentOperatorReturnThis.expected | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/cpp/autosar/src/rules/A13-2-1/AssignmentOperatorReturnThis.ql b/cpp/autosar/src/rules/A13-2-1/AssignmentOperatorReturnThis.ql index 4e6b7d6f0c..c7583373c3 100644 --- a/cpp/autosar/src/rules/A13-2-1/AssignmentOperatorReturnThis.ql +++ b/cpp/autosar/src/rules/A13-2-1/AssignmentOperatorReturnThis.ql @@ -16,7 +16,7 @@ import cpp import codingstandards.cpp.autosar import codingstandards.cpp.Operator -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow predicate returnsThisPointer(UserAssignmentOperator o) { exists(PointerDereferenceExpr p, ThisExpr t, ReturnStmt r | diff --git a/cpp/autosar/test/rules/A13-2-1/AssignmentOperatorReturnThis.expected b/cpp/autosar/test/rules/A13-2-1/AssignmentOperatorReturnThis.expected index 9c0d50ca86..e9929173b0 100644 --- a/cpp/autosar/test/rules/A13-2-1/AssignmentOperatorReturnThis.expected +++ b/cpp/autosar/test/rules/A13-2-1/AssignmentOperatorReturnThis.expected @@ -1,4 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (AssignmentOperatorReturnThis.ql:25,5-13) | test.cpp:10:12:10:20 | operator= | User-defined assignment operator $@ does not return *this | test.cpp:10:12:10:20 | operator= | user defined assignment operator | | test.cpp:17:11:17:19 | operator= | User-defined assignment operator $@ does not return *this | test.cpp:17:11:17:19 | operator= | user defined assignment operator | | test.cpp:24:12:24:20 | operator= | User-defined assignment operator $@ does not return *this | test.cpp:24:12:24:20 | operator= | user defined assignment operator | From 3b6a12407a1a124f3c39788e71d144f51464389a Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Fri, 11 Jul 2025 17:22:01 +0200 Subject: [PATCH 049/104] Convert A15-1-3 to the new dataflow library --- cpp/autosar/src/rules/A15-1-3/ThrownExceptionsShouldBeUnique.ql | 2 +- .../test/rules/A15-1-3/ThrownExceptionsShouldBeUnique.expected | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/cpp/autosar/src/rules/A15-1-3/ThrownExceptionsShouldBeUnique.ql b/cpp/autosar/src/rules/A15-1-3/ThrownExceptionsShouldBeUnique.ql index 97e9133a7a..abcd503670 100644 --- a/cpp/autosar/src/rules/A15-1-3/ThrownExceptionsShouldBeUnique.ql +++ b/cpp/autosar/src/rules/A15-1-3/ThrownExceptionsShouldBeUnique.ql @@ -16,7 +16,7 @@ import cpp import codingstandards.cpp.autosar import codingstandards.cpp.exceptions.ExceptionFlow -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import semmle.code.cpp.valuenumbering.HashCons /** Find a value which defines the exception thrown by the `DirectThrowExpr`, if any. */ diff --git a/cpp/autosar/test/rules/A15-1-3/ThrownExceptionsShouldBeUnique.expected b/cpp/autosar/test/rules/A15-1-3/ThrownExceptionsShouldBeUnique.expected index 5db0f83985..b085736659 100644 --- a/cpp/autosar/test/rules/A15-1-3/ThrownExceptionsShouldBeUnique.expected +++ b/cpp/autosar/test/rules/A15-1-3/ThrownExceptionsShouldBeUnique.expected @@ -1,4 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ThrownExceptionsShouldBeUnique.ql:24,3-11) | test.cpp:6:5:6:26 | throw ... | The $@ thrown here is a possible duplicate of the $@ thrown $@. | test.cpp:6:5:6:26 | call to exception | std::exception exception | test.cpp:14:5:14:26 | call to exception | exception | test.cpp:14:5:14:26 | throw ... | here | | test.cpp:8:5:8:53 | throw ... | The $@ thrown here is a possible duplicate of the $@ thrown $@. | test.cpp:8:5:8:53 | call to runtime_error | std::runtime_error exception | test.cpp:16:5:16:53 | call to runtime_error | exception | test.cpp:16:5:16:53 | throw ... | here | | test.cpp:14:5:14:26 | throw ... | The $@ thrown here is a possible duplicate of the $@ thrown $@. | test.cpp:14:5:14:26 | call to exception | std::exception exception | test.cpp:6:5:6:26 | call to exception | exception | test.cpp:6:5:6:26 | throw ... | here | From c06f22a6eb6b81463ae6ecc451a32f69bfc2e0f9 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Fri, 11 Jul 2025 19:34:45 +0200 Subject: [PATCH 050/104] Address review comment --- .../EXP37-C/DoNotCallFunctionPointerWithIncompatibleType.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/c/cert/src/rules/EXP37-C/DoNotCallFunctionPointerWithIncompatibleType.ql b/c/cert/src/rules/EXP37-C/DoNotCallFunctionPointerWithIncompatibleType.ql index b7f751b6bf..cea415350c 100644 --- a/c/cert/src/rules/EXP37-C/DoNotCallFunctionPointerWithIncompatibleType.ql +++ b/c/cert/src/rules/EXP37-C/DoNotCallFunctionPointerWithIncompatibleType.ql @@ -62,7 +62,7 @@ where ExpressionsPackage::doNotCallFunctionPointerWithIncompatibleTypeQuery()) and access = src.getNode().asExpr() and SuspectFunctionPointerToCallFlow::flowPath(src, sink) and - not src.getNode().asExpr().getType() = sink.getNode().asExpr().getFullyConverted().getType() + not access.getType() = sink.getNode().asExpr().getFullyConverted().getType() select src, src, sink, "Incompatible function $@ assigned to function pointer is eventually called through the pointer.", access.getTarget(), access.getTarget().getName() From 1d15367b51d41e0394b9b5967cbda6d017b91a57 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Mon, 14 Jul 2025 16:44:20 +0100 Subject: [PATCH 051/104] C++: Accept path changes caused by codeql#20040. --- .../MemcmpUsedToCompareNullTerminatedStrings.expected | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/c/misra/test/rules/RULE-21-14/MemcmpUsedToCompareNullTerminatedStrings.expected b/c/misra/test/rules/RULE-21-14/MemcmpUsedToCompareNullTerminatedStrings.expected index 7fbb4e322a..38eeb4b42b 100644 --- a/c/misra/test/rules/RULE-21-14/MemcmpUsedToCompareNullTerminatedStrings.expected +++ b/c/misra/test/rules/RULE-21-14/MemcmpUsedToCompareNullTerminatedStrings.expected @@ -1,17 +1,11 @@ edges -| test.c:6:6:6:6 | *c | test.c:6:15:6:17 | 97 | provenance | | | test.c:6:6:6:6 | *c | test.c:16:10:16:10 | *c | provenance | | | test.c:6:6:6:6 | *c | test.c:26:13:26:13 | *c | provenance | | | test.c:6:6:6:6 | *c | test.c:27:10:27:10 | *c | provenance | | | test.c:6:14:6:26 | {...} | test.c:6:6:6:6 | *c | provenance | | -| test.c:6:15:6:17 | 97 | test.c:6:20:6:22 | 98 | provenance | | -| test.c:6:20:6:22 | 98 | test.c:6:25:6:25 | {...} | provenance | | | test.c:6:25:6:25 | {...} | test.c:6:14:6:26 | {...} | provenance | | -| test.c:7:6:7:6 | *d | test.c:7:15:7:17 | 97 | provenance | | | test.c:7:6:7:6 | *d | test.c:16:13:16:13 | *d | provenance | | | test.c:7:14:7:26 | {...} | test.c:7:6:7:6 | *d | provenance | | -| test.c:7:15:7:17 | 97 | test.c:7:20:7:22 | 98 | provenance | | -| test.c:7:20:7:22 | 98 | test.c:7:25:7:25 | {...} | provenance | | | test.c:7:25:7:25 | {...} | test.c:7:14:7:26 | {...} | provenance | | | test.c:12:13:12:15 | *a | test.c:14:10:14:10 | *a | provenance | DataFlowFunction | | test.c:12:13:12:15 | *a | test.c:23:13:23:13 | *a | provenance | DataFlowFunction | @@ -24,13 +18,9 @@ edges nodes | test.c:6:6:6:6 | *c | semmle.label | *c | | test.c:6:14:6:26 | {...} | semmle.label | {...} | -| test.c:6:15:6:17 | 97 | semmle.label | 97 | -| test.c:6:20:6:22 | 98 | semmle.label | 98 | | test.c:6:25:6:25 | {...} | semmle.label | {...} | | test.c:7:6:7:6 | *d | semmle.label | *d | | test.c:7:14:7:26 | {...} | semmle.label | {...} | -| test.c:7:15:7:17 | 97 | semmle.label | 97 | -| test.c:7:20:7:22 | 98 | semmle.label | 98 | | test.c:7:25:7:25 | {...} | semmle.label | {...} | | test.c:10:10:10:12 | *a | semmle.label | *a | | test.c:10:15:10:17 | *b | semmle.label | *b | From de0357aeddb50e9e21abce31d3102daf8179fffa Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Tue, 15 Jul 2025 13:46:07 +0200 Subject: [PATCH 052/104] Convert RULE-17-5 to the new dataflow library --- .../RULE-17-5/ArrayFunctionArgumentNumberOfElements.ql | 8 ++++---- .../ArrayFunctionArgumentNumberOfElements.expected | 6 ------ 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/c/misra/src/rules/RULE-17-5/ArrayFunctionArgumentNumberOfElements.ql b/c/misra/src/rules/RULE-17-5/ArrayFunctionArgumentNumberOfElements.ql index 1a142ddb22..279003f6ff 100644 --- a/c/misra/src/rules/RULE-17-5/ArrayFunctionArgumentNumberOfElements.ql +++ b/c/misra/src/rules/RULE-17-5/ArrayFunctionArgumentNumberOfElements.ql @@ -14,7 +14,7 @@ import cpp import codingstandards.c.misra -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow /** * Models a function parameter of type array with specified size @@ -49,7 +49,7 @@ module SmallArrayConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node src) { src.asExpr() instanceof ArrayAggregateLiteral } predicate isSink(DataFlow::Node sink) { - sink.asExpr() = any(ArrayParameter p).getAMatchingArgument() + sink.asIndirectExpr() = any(ArrayParameter p).getAMatchingArgument() } } @@ -68,8 +68,8 @@ where or // the argument is a pointer and its value does not come from a literal of the correct arg.getType() instanceof PointerType and - not exists(ArrayAggregateLiteral l | - SmallArrayFlow::flow(DataFlow::exprNode(l), DataFlow::exprNode(arg)) and + not exists(ArrayAggregateLiteral l, DataFlow::Node arg_node | arg_node.asIndirectExpr() = arg | + SmallArrayFlow::flow(DataFlow::exprNode(l), arg_node) and countElements(l) >= p.getArraySize() ) ) diff --git a/c/misra/test/rules/RULE-17-5/ArrayFunctionArgumentNumberOfElements.expected b/c/misra/test/rules/RULE-17-5/ArrayFunctionArgumentNumberOfElements.expected index 174c6aa40f..913f6f1c34 100644 --- a/c/misra/test/rules/RULE-17-5/ArrayFunctionArgumentNumberOfElements.expected +++ b/c/misra/test/rules/RULE-17-5/ArrayFunctionArgumentNumberOfElements.expected @@ -1,9 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ArrayFunctionArgumentNumberOfElements.ql:48,36-44) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ArrayFunctionArgumentNumberOfElements.ql:49,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ArrayFunctionArgumentNumberOfElements.ql:51,20-28) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ArrayFunctionArgumentNumberOfElements.ql:56,25-33) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ArrayFunctionArgumentNumberOfElements.ql:72,28-36) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ArrayFunctionArgumentNumberOfElements.ql:72,51-59) | test.c:18:6:18:6 | 0 | The function argument does not have a sufficient number or elements declared in the $@. | test.c:1:13:1:14 | ar | parameter | | test.c:19:6:19:7 | ar | The function argument does not have a sufficient number or elements declared in the $@. | test.c:1:13:1:14 | ar | parameter | | test.c:21:6:21:9 | ar2p | The function argument does not have a sufficient number or elements declared in the $@. | test.c:1:13:1:14 | ar | parameter | From 8a2f016579469091f2685826a58538409d8e9776 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Tue, 15 Jul 2025 15:06:50 +0200 Subject: [PATCH 053/104] Convert A15-2-2 to use the new dataflow library Observe that field flow requires global flow with the new library, so a dataflow configuration is introduced. --- ...ConstructorErrorLeavesObjectInInvalidState.ql | 16 ++++++++++++++-- ...uctorErrorLeavesObjectInInvalidState.expected | 9 --------- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/cpp/autosar/src/rules/A15-2-2/ConstructorErrorLeavesObjectInInvalidState.ql b/cpp/autosar/src/rules/A15-2-2/ConstructorErrorLeavesObjectInInvalidState.ql index 1b3a3cfed2..bf8f76923b 100644 --- a/cpp/autosar/src/rules/A15-2-2/ConstructorErrorLeavesObjectInInvalidState.ql +++ b/cpp/autosar/src/rules/A15-2-2/ConstructorErrorLeavesObjectInInvalidState.ql @@ -15,7 +15,7 @@ */ import cpp -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import codingstandards.cpp.autosar import codingstandards.cpp.exceptions.ExceptionFlow import codingstandards.cpp.exceptions.ExceptionSpecifications @@ -98,6 +98,18 @@ class ExceptionThrownInConstructor extends ExceptionThrowingExpr { Constructor getConstructor() { result = c } } +module NewDeleteConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node src) { src.asExpr() instanceof NewAllocationExpr } + + predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof DeletedExpr } + + DataFlow::FlowFeature getAFeature() { + result instanceof DataFlow::FeatureEqualSourceSinkCallContext + } +} + +module NewDeleteFlow = DataFlow::Global; + from ExceptionThrowingConstructor c, ExceptionThrownInConstructor throwingExpr, NewAllocationExpr newExpr, ExceptionFlowNode exceptionSource, @@ -127,7 +139,7 @@ where not exists(DeletedExpr deletedExpr | deletedExpr.getEnclosingFunction() = c and // Deletes the same memory location that was new'd - DataFlow::localFlow(DataFlow::exprNode(newExpr), DataFlow::exprNode(deletedExpr)) and + NewDeleteFlow::flow(DataFlow::exprNode(newExpr), DataFlow::exprNode(deletedExpr)) and newExpr.getASuccessor+() = deletedExpr and deletedExpr.getASuccessor+() = throwingExpr ) and diff --git a/cpp/autosar/test/rules/A15-2-2/ConstructorErrorLeavesObjectInInvalidState.expected b/cpp/autosar/test/rules/A15-2-2/ConstructorErrorLeavesObjectInInvalidState.expected index 529a7ccf99..941771dada 100644 --- a/cpp/autosar/test/rules/A15-2-2/ConstructorErrorLeavesObjectInInvalidState.expected +++ b/cpp/autosar/test/rules/A15-2-2/ConstructorErrorLeavesObjectInInvalidState.expected @@ -1,12 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ConstructorErrorLeavesObjectInInvalidState.ql:47,12-20) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ConstructorErrorLeavesObjectInInvalidState.ql:48,30-38) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ConstructorErrorLeavesObjectInInvalidState.ql:48,57-65) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ConstructorErrorLeavesObjectInInvalidState.ql:74,5-13) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ConstructorErrorLeavesObjectInInvalidState.ql:74,25-33) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ConstructorErrorLeavesObjectInInvalidState.ql:75,7-15) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ConstructorErrorLeavesObjectInInvalidState.ql:130,5-13) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ConstructorErrorLeavesObjectInInvalidState.ql:130,25-33) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ConstructorErrorLeavesObjectInInvalidState.ql:130,54-62) edges | test.cpp:12:16:12:27 | new [bad_alloc] | test.cpp:14:33:16:5 | { ... } [bad_alloc] | | test.cpp:13:7:13:28 | throw ... [exception] | test.cpp:14:33:16:5 | { ... } [exception] | From bebac733be33a879ecbd020d365b1136991e7790 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Tue, 15 Jul 2025 15:54:57 +0200 Subject: [PATCH 054/104] Convert A18-9-4 to use the new dataflow library The query seemed to depend on a bug in the old dataflow library before, where `asDefiningArgument` could return the function call instead of its argument. --- .../src/rules/A18-9-4/ArgumentToForwardSubsequentlyUsed.ql | 4 ++-- .../rules/A18-9-4/ArgumentToForwardSubsequentlyUsed.expected | 3 --- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/cpp/autosar/src/rules/A18-9-4/ArgumentToForwardSubsequentlyUsed.ql b/cpp/autosar/src/rules/A18-9-4/ArgumentToForwardSubsequentlyUsed.ql index a3acf916ec..923a024a46 100644 --- a/cpp/autosar/src/rules/A18-9-4/ArgumentToForwardSubsequentlyUsed.ql +++ b/cpp/autosar/src/rules/A18-9-4/ArgumentToForwardSubsequentlyUsed.ql @@ -14,13 +14,13 @@ import cpp import codingstandards.cpp.autosar import codingstandards.cpp.standardlibrary.Utility -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow from StdForwardCall f, Access a where not isExcluded(a, MoveForwardPackage::movedFromObjectReadAccessedQuery()) and exists(DataFlow::DefinitionByReferenceNode def | - def.asDefiningArgument() = f and + def.asDefiningArgument() = f.getArgument(0) and DataFlow::localFlow(def, DataFlow::exprNode(a)) ) select a, "The argument $@ of `std::forward` may be indeterminate when accessed at this location.", diff --git a/cpp/autosar/test/rules/A18-9-4/ArgumentToForwardSubsequentlyUsed.expected b/cpp/autosar/test/rules/A18-9-4/ArgumentToForwardSubsequentlyUsed.expected index 9e1cf41d3d..1c72dd7bf3 100644 --- a/cpp/autosar/test/rules/A18-9-4/ArgumentToForwardSubsequentlyUsed.expected +++ b/cpp/autosar/test/rules/A18-9-4/ArgumentToForwardSubsequentlyUsed.expected @@ -1,4 +1 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ArgumentToForwardSubsequentlyUsed.ql:22,10-18) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ArgumentToForwardSubsequentlyUsed.ql:24,5-13) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ArgumentToForwardSubsequentlyUsed.ql:24,30-38) | test.cpp:8:5:8:6 | t2 | The argument $@ of `std::forward` may be indeterminate when accessed at this location. | test.cpp:7:45:7:46 | t2 | t2 | From c12d2946dd596ca9eb418436160dd3853e4a9ef9 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Tue, 15 Jul 2025 16:19:44 +0200 Subject: [PATCH 055/104] Convert A20-8-4 to use the new dataflow library --- .../A20-8-4/SharedPointerUsedWithNoOwnershipSharing.ql | 8 ++++++-- .../SharedPointerUsedWithNoOwnershipSharing.expected | 1 - 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/cpp/autosar/src/rules/A20-8-4/SharedPointerUsedWithNoOwnershipSharing.ql b/cpp/autosar/src/rules/A20-8-4/SharedPointerUsedWithNoOwnershipSharing.ql index 0294bfe2e6..47f879a585 100644 --- a/cpp/autosar/src/rules/A20-8-4/SharedPointerUsedWithNoOwnershipSharing.ql +++ b/cpp/autosar/src/rules/A20-8-4/SharedPointerUsedWithNoOwnershipSharing.ql @@ -16,7 +16,7 @@ import cpp import codingstandards.cpp.autosar import codingstandards.cpp.SmartPointers -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow /* * Finds `std::shared_ptr` local variables which are not copy or move initialized, and are not used in @@ -44,7 +44,11 @@ from AutosarSharedPointerLocalScopeVariable var, SharedPointerLocalAllocInitiali where not isExcluded(var, SmartPointers1Package::sharedPointerUsedWithNoOwnershipSharingQuery()) and var.getAnAssignedValue() = src and - not DataFlow::localExprFlow(src, varOwnershipSharingExpr(var.getType(), var.getFunction())) + not exists(DataFlow::Node n | + n.asIndirectExpr() = varOwnershipSharingExpr(var.getType(), var.getFunction()) + | + DataFlow::localFlow(DataFlow::exprNode(src), n) + ) select var, "The ownership of shared_ptr $@ is not shared within or passed out of the local scope of function $@.", var, var.getName(), var.getFunction(), var.getFunction().getQualifiedName() diff --git a/cpp/autosar/test/rules/A20-8-4/SharedPointerUsedWithNoOwnershipSharing.expected b/cpp/autosar/test/rules/A20-8-4/SharedPointerUsedWithNoOwnershipSharing.expected index 5b770a1925..f15f142b3b 100644 --- a/cpp/autosar/test/rules/A20-8-4/SharedPointerUsedWithNoOwnershipSharing.expected +++ b/cpp/autosar/test/rules/A20-8-4/SharedPointerUsedWithNoOwnershipSharing.expected @@ -1,4 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (SharedPointerUsedWithNoOwnershipSharing.ql:47,7-15) | test.cpp:14:24:14:26 | sp3 | The ownership of shared_ptr $@ is not shared within or passed out of the local scope of function $@. | test.cpp:14:24:14:26 | sp3 | sp3 | test.cpp:11:22:11:23 | f1 | f1 | | test.cpp:16:24:16:26 | sp5 | The ownership of shared_ptr $@ is not shared within or passed out of the local scope of function $@. | test.cpp:16:24:16:26 | sp5 | sp5 | test.cpp:11:22:11:23 | f1 | f1 | | test.cpp:17:24:17:26 | sp6 | The ownership of shared_ptr $@ is not shared within or passed out of the local scope of function $@. | test.cpp:17:24:17:26 | sp6 | sp6 | test.cpp:11:22:11:23 | f1 | f1 | From 2c4414d8929a573d9406b558c0326fc1ad71f97e Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Tue, 15 Jul 2025 20:56:54 +0200 Subject: [PATCH 056/104] Convert A5-1-7 to use the new dataflow library --- .../rules/A5-1-7/LambdaPassedToDecltype.ql | 2 +- .../src/rules/A5-1-7/LambdaPassedToTypeid.ql | 6 ++++-- .../A5-1-7/LambdaPassedToDecltype.expected | 6 ------ .../A5-1-7/LambdaPassedToTypeid.expected | 20 +++++++++---------- 4 files changed, 15 insertions(+), 19 deletions(-) diff --git a/cpp/autosar/src/rules/A5-1-7/LambdaPassedToDecltype.ql b/cpp/autosar/src/rules/A5-1-7/LambdaPassedToDecltype.ql index 971d3b9259..a2b8bf5608 100644 --- a/cpp/autosar/src/rules/A5-1-7/LambdaPassedToDecltype.ql +++ b/cpp/autosar/src/rules/A5-1-7/LambdaPassedToDecltype.ql @@ -15,7 +15,7 @@ import cpp import codingstandards.cpp.autosar -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow module LambdaExpressionToInitializerConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source.asExpr() instanceof LambdaExpression } diff --git a/cpp/autosar/src/rules/A5-1-7/LambdaPassedToTypeid.ql b/cpp/autosar/src/rules/A5-1-7/LambdaPassedToTypeid.ql index 56952dace9..492b352ad1 100644 --- a/cpp/autosar/src/rules/A5-1-7/LambdaPassedToTypeid.ql +++ b/cpp/autosar/src/rules/A5-1-7/LambdaPassedToTypeid.ql @@ -14,14 +14,16 @@ */ import cpp -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import codingstandards.cpp.autosar import LambdaExpressionToTypeidFlow::PathGraph module LambdaExpressionToTypeidConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source.asExpr() instanceof LambdaExpression } - predicate isSink(DataFlow::Node sink) { exists(TypeidOperator op | op.getExpr() = sink.asExpr()) } + predicate isSink(DataFlow::Node sink) { + exists(TypeidOperator op | op.getExpr() = sink.asIndirectExpr()) + } } module LambdaExpressionToTypeidFlow = DataFlow::Global; diff --git a/cpp/autosar/test/rules/A5-1-7/LambdaPassedToDecltype.expected b/cpp/autosar/test/rules/A5-1-7/LambdaPassedToDecltype.expected index 56896d69fd..8f6447a96b 100644 --- a/cpp/autosar/test/rules/A5-1-7/LambdaPassedToDecltype.expected +++ b/cpp/autosar/test/rules/A5-1-7/LambdaPassedToDecltype.expected @@ -1,7 +1 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (LambdaPassedToDecltype.ql:20,55-63) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (LambdaPassedToDecltype.ql:21,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (LambdaPassedToDecltype.ql:23,20-28) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (LambdaPassedToDecltype.ql:28,44-52) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (LambdaPassedToDecltype.ql:39,47-55) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (LambdaPassedToDecltype.ql:40,9-17) | test.cpp:14:23:14:24 | decltype(...) | Lambda $@ passed as operand to decltype. | test.cpp:5:13:5:30 | [...](...){...} | expression | diff --git a/cpp/autosar/test/rules/A5-1-7/LambdaPassedToTypeid.expected b/cpp/autosar/test/rules/A5-1-7/LambdaPassedToTypeid.expected index 8f86a87616..dc0f2658a0 100644 --- a/cpp/autosar/test/rules/A5-1-7/LambdaPassedToTypeid.expected +++ b/cpp/autosar/test/rules/A5-1-7/LambdaPassedToTypeid.expected @@ -1,16 +1,16 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (LambdaPassedToTypeid.ql:21,50-58) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (LambdaPassedToTypeid.ql:22,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (LambdaPassedToTypeid.ql:24,20-28) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (LambdaPassedToTypeid.ql:27,39-47) edges -| test.cpp:5:13:5:30 | [...](...){...} | test.cpp:8:38:8:39 | l1 | provenance | | -| test.cpp:6:13:6:30 | [...](...){...} | test.cpp:9:38:9:39 | l2 | provenance | | +| test.cpp:5:13:5:30 | [...](...){...} | test.cpp:5:13:5:30 | [...](...){...} | provenance | | +| test.cpp:5:13:5:30 | [...](...){...} | test.cpp:8:38:8:39 | *l1 | provenance | | +| test.cpp:6:13:6:30 | [...](...){...} | test.cpp:6:13:6:30 | [...](...){...} | provenance | | +| test.cpp:6:13:6:30 | [...](...){...} | test.cpp:9:38:9:39 | *l2 | provenance | | nodes | test.cpp:5:13:5:30 | [...](...){...} | semmle.label | [...](...){...} | +| test.cpp:5:13:5:30 | [...](...){...} | semmle.label | [...](...){...} | +| test.cpp:6:13:6:30 | [...](...){...} | semmle.label | [...](...){...} | | test.cpp:6:13:6:30 | [...](...){...} | semmle.label | [...](...){...} | -| test.cpp:8:38:8:39 | l1 | semmle.label | l1 | -| test.cpp:9:38:9:39 | l2 | semmle.label | l2 | +| test.cpp:8:38:8:39 | *l1 | semmle.label | *l1 | +| test.cpp:9:38:9:39 | *l2 | semmle.label | *l2 | subpaths #select -| test.cpp:8:38:8:39 | l1 | test.cpp:5:13:5:30 | [...](...){...} | test.cpp:8:38:8:39 | l1 | Lambda $@ passed as operand to typeid operator. | test.cpp:5:13:5:30 | [...](...){...} | expression | -| test.cpp:9:38:9:39 | l2 | test.cpp:6:13:6:30 | [...](...){...} | test.cpp:9:38:9:39 | l2 | Lambda $@ passed as operand to typeid operator. | test.cpp:6:13:6:30 | [...](...){...} | expression | +| test.cpp:8:38:8:39 | *l1 | test.cpp:5:13:5:30 | [...](...){...} | test.cpp:8:38:8:39 | *l1 | Lambda $@ passed as operand to typeid operator. | test.cpp:5:13:5:30 | [...](...){...} | expression | +| test.cpp:9:38:9:39 | *l2 | test.cpp:6:13:6:30 | [...](...){...} | test.cpp:9:38:9:39 | *l2 | Lambda $@ passed as operand to typeid operator. | test.cpp:6:13:6:30 | [...](...){...} | expression | From 8dc6dcfbe931f10bcc338bd7e56318aa25f2cd9e Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Tue, 15 Jul 2025 21:00:26 +0200 Subject: [PATCH 057/104] Convert A8-4-12 to use the new dataflow library --- .../A8-4-12/UniquePtrPassedToFunctionWithImproperSemantics.ql | 2 +- .../UniquePtrPassedToFunctionWithImproperSemantics.expected | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/cpp/autosar/src/rules/A8-4-12/UniquePtrPassedToFunctionWithImproperSemantics.ql b/cpp/autosar/src/rules/A8-4-12/UniquePtrPassedToFunctionWithImproperSemantics.ql index 3cd310b59b..b18e89c343 100644 --- a/cpp/autosar/src/rules/A8-4-12/UniquePtrPassedToFunctionWithImproperSemantics.ql +++ b/cpp/autosar/src/rules/A8-4-12/UniquePtrPassedToFunctionWithImproperSemantics.ql @@ -18,7 +18,7 @@ import cpp import codingstandards.cpp.autosar import codingstandards.cpp.SmartPointers import codingstandards.cpp.standardlibrary.Utility -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow Expr underlyingObjectAffectingUniquePointerExpr(Function f) { result = diff --git a/cpp/autosar/test/rules/A8-4-12/UniquePtrPassedToFunctionWithImproperSemantics.expected b/cpp/autosar/test/rules/A8-4-12/UniquePtrPassedToFunctionWithImproperSemantics.expected index 0a8ead4af8..a01b93335d 100644 --- a/cpp/autosar/test/rules/A8-4-12/UniquePtrPassedToFunctionWithImproperSemantics.expected +++ b/cpp/autosar/test/rules/A8-4-12/UniquePtrPassedToFunctionWithImproperSemantics.expected @@ -1,5 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (UniquePtrPassedToFunctionWithImproperSemantics.ql:41,3-11) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (UniquePtrPassedToFunctionWithImproperSemantics.ql:51,5-13) | test.cpp:13:55:13:56 | v1 | Parameter of type std::unique_ptr passed as lvalue reference but not used to modify underlying object. | | test.cpp:17:47:17:48 | v1 | Parameter of type std::unique_ptr passed as lvalue reference but not used to modify underlying object. | | test.cpp:22:27:22:28 | v1 | Parameter of type std::unique_ptr passed as lvalue reference but not used to modify underlying object. | From 447a3bba6fd67646ec829d11f0fb0d6575ca47bf Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Tue, 15 Jul 2025 21:08:18 +0200 Subject: [PATCH 058/104] Convert CTR52-CPP to the new dataflow library --- .../GuaranteeGenericCppLibraryFunctionsDoNotOverflow.ql | 2 +- ...anteeGenericCppLibraryFunctionsDoNotOverflow.expected | 9 --------- 2 files changed, 1 insertion(+), 10 deletions(-) diff --git a/cpp/cert/src/rules/CTR52-CPP/GuaranteeGenericCppLibraryFunctionsDoNotOverflow.ql b/cpp/cert/src/rules/CTR52-CPP/GuaranteeGenericCppLibraryFunctionsDoNotOverflow.ql index ad905d5cc6..fe864515a2 100644 --- a/cpp/cert/src/rules/CTR52-CPP/GuaranteeGenericCppLibraryFunctionsDoNotOverflow.ql +++ b/cpp/cert/src/rules/CTR52-CPP/GuaranteeGenericCppLibraryFunctionsDoNotOverflow.ql @@ -21,7 +21,7 @@ import codingstandards.cpp.cert import codingstandards.cpp.standardlibrary.Iterators import codingstandards.cpp.rules.containeraccesswithoutrangecheck.ContainerAccessWithoutRangeCheck as ContainerAccessWithoutRangeCheck import semmle.code.cpp.controlflow.Guards -import semmle.code.cpp.dataflow.TaintTracking +import semmle.code.cpp.dataflow.new.TaintTracking import semmle.code.cpp.valuenumbering.GlobalValueNumbering /** diff --git a/cpp/cert/test/rules/CTR52-CPP/GuaranteeGenericCppLibraryFunctionsDoNotOverflow.expected b/cpp/cert/test/rules/CTR52-CPP/GuaranteeGenericCppLibraryFunctionsDoNotOverflow.expected index 6be9fd55cc..4e87d1436c 100644 --- a/cpp/cert/test/rules/CTR52-CPP/GuaranteeGenericCppLibraryFunctionsDoNotOverflow.expected +++ b/cpp/cert/test/rules/CTR52-CPP/GuaranteeGenericCppLibraryFunctionsDoNotOverflow.expected @@ -1,12 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (GuaranteeGenericCppLibraryFunctionsDoNotOverflow.ql:93,7-15) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (GuaranteeGenericCppLibraryFunctionsDoNotOverflow.ql:93,27-35) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (GuaranteeGenericCppLibraryFunctionsDoNotOverflow.ql:94,9-17) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (GuaranteeGenericCppLibraryFunctionsDoNotOverflow.ql:98,9-17) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (GuaranteeGenericCppLibraryFunctionsDoNotOverflow.ql:98,29-37) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (GuaranteeGenericCppLibraryFunctionsDoNotOverflow.ql:99,11-19) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (GuaranteeGenericCppLibraryFunctionsDoNotOverflow.ql:109,35-43) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (GuaranteeGenericCppLibraryFunctionsDoNotOverflow.ql:110,11-19) -WARNING: module 'TaintTracking' has been deprecated and may be removed in future (GuaranteeGenericCppLibraryFunctionsDoNotOverflow.ql:109,9-22) | test.cpp:8:42:8:46 | call to begin | Output iterator for $@ is not guaranteed to be large enough for the input iterator. | test.cpp:8:3:8:11 | call to copy | call to copy | | test.cpp:17:42:17:46 | call to begin | Output iterator for $@ is not guaranteed to be large enough for the input iterator. | test.cpp:17:3:17:11 | call to copy | call to copy | | test.cpp:55:42:55:46 | call to begin | Output iterator for $@ is not guaranteed to be large enough for the input iterator. | test.cpp:55:3:55:11 | call to copy | call to copy | From 04da91f5333ba1fb3c685d1c6f825597a2f83b50 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Tue, 15 Jul 2025 21:10:55 +0200 Subject: [PATCH 059/104] Convert CTR53-CPP to the new dataflow library --- cpp/cert/src/rules/CTR53-CPP/UseValidIteratorRanges.ql | 4 ++-- .../test/rules/CTR53-CPP/UseValidIteratorRanges.expected | 6 ------ 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/cpp/cert/src/rules/CTR53-CPP/UseValidIteratorRanges.ql b/cpp/cert/src/rules/CTR53-CPP/UseValidIteratorRanges.ql index 4ba3307213..58a7d20bed 100644 --- a/cpp/cert/src/rules/CTR53-CPP/UseValidIteratorRanges.ql +++ b/cpp/cert/src/rules/CTR53-CPP/UseValidIteratorRanges.ql @@ -18,8 +18,8 @@ import cpp import codingstandards.cpp.cert -import codingstandards.cpp.standardlibrary.Iterators -import semmle.code.cpp.dataflow.DataFlow +import codingstandards.cpp.Iterators +import semmle.code.cpp.dataflow.new.DataFlow predicate startEndArgumentsDoNotPointToTheSameContainer( IteratorRangeFunctionCall fc, Expr arg, string reason diff --git a/cpp/cert/test/rules/CTR53-CPP/UseValidIteratorRanges.expected b/cpp/cert/test/rules/CTR53-CPP/UseValidIteratorRanges.expected index d25d23185a..61260a0579 100644 --- a/cpp/cert/test/rules/CTR53-CPP/UseValidIteratorRanges.expected +++ b/cpp/cert/test/rules/CTR53-CPP/UseValidIteratorRanges.expected @@ -1,9 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (UseValidIteratorRanges.ql:29,5-13) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (UseValidIteratorRanges.ql:29,25-33) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (UseValidIteratorRanges.ql:30,7-15) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (UseValidIteratorRanges.ql:36,5-13) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (UseValidIteratorRanges.ql:36,25-33) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (UseValidIteratorRanges.ql:37,7-15) | test.cpp:7:3:7:15 | call to for_each | The $@ of iterator range function does not point to the end of an iterator. | test.cpp:7:28:7:32 | call to begin | argument | | test.cpp:7:3:7:15 | call to for_each | The $@ of iterator range function does not point to the start of an iterator. | test.cpp:7:19:7:21 | call to end | argument | | test.cpp:8:3:8:15 | call to for_each | The $@ of iterator range function does not point to the end of an iterator. | test.cpp:8:30:8:34 | call to begin | argument | From cc0d1c86e611c0ffdaba534b79d1f9a5e47fa147 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 25 Jul 2025 17:35:26 +0100 Subject: [PATCH 060/104] C++: Block flow into thread-specific storage creating functions (i.e., *almost* the sources of the query) to remove false negatives. --- .../CON30-C/CleanUpThreadSpecificStorage.ql | 29 ++++++++++++++----- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/c/cert/src/rules/CON30-C/CleanUpThreadSpecificStorage.ql b/c/cert/src/rules/CON30-C/CleanUpThreadSpecificStorage.ql index afa664448a..50ed7f0ff3 100644 --- a/c/cert/src/rules/CON30-C/CleanUpThreadSpecificStorage.ql +++ b/c/cert/src/rules/CON30-C/CleanUpThreadSpecificStorage.ql @@ -22,15 +22,28 @@ import codingstandards.c.cert import codingstandards.cpp.ConcurrencyNew import semmle.code.cpp.dataflow.new.DataFlow +newtype Direction = + Incoming() or + Outgoing() + +predicate isSource(DataFlow::Node node, Direction d) { + exists(TSSCreateFunctionCall tsc, Expr e | + // the only requirement of the source is that at some point + // it refers to the key of a create statement + e.getParent*() = tsc.getKey() + | + d = Outgoing() and + e = [node.asExpr(), node.asDefiningArgument()] + or + d = Incoming() and + e = [node.asExpr(), node.asIndirectArgument()] + ) +} + module TssCreateToTssDeleteConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node node) { - exists(TSSCreateFunctionCall tsc, Expr e | - // the only requirement of the source is that at some point - // it refers to the key of a create statement - e.getParent*() = tsc.getKey() and - (e = node.asDefiningArgument() or e = node.asExpr()) - ) - } + predicate isSource(DataFlow::Node node) { isSource(node, Outgoing()) } + + predicate isBarrierIn(DataFlow::Node node) { isSource(node, Incoming()) } predicate isSink(DataFlow::Node node) { exists(TSSDeleteFunctionCall tsd, Expr e | From 3a7a99b542cde5e9f65fa0c92d3059e66fad97b1 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 25 Jul 2025 17:36:05 +0100 Subject: [PATCH 061/104] C++: Accept test changes to another query. --- ...TimedlockOnInappropriateMutexType.expected | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/c/misra/test/rules/RULE-21-26/TimedlockOnInappropriateMutexType.expected b/c/misra/test/rules/RULE-21-26/TimedlockOnInappropriateMutexType.expected index 0a4c0a496a..34b92fee9e 100644 --- a/c/misra/test/rules/RULE-21-26/TimedlockOnInappropriateMutexType.expected +++ b/c/misra/test/rules/RULE-21-26/TimedlockOnInappropriateMutexType.expected @@ -1,11 +1,25 @@ edges +| test.c:3:7:3:8 | *g1 | test.c:3:7:3:8 | *g1 | provenance | | +| test.c:3:7:3:8 | *g1 | test.c:14:17:14:19 | *& ... | provenance | | +| test.c:3:7:3:8 | *g1 | test.c:15:14:15:16 | *& ... | provenance | | +| test.c:4:7:4:8 | *g2 | test.c:4:7:4:8 | *g2 | provenance | | +| test.c:4:7:4:8 | *g2 | test.c:18:17:18:19 | *& ... | provenance | | +| test.c:4:7:4:8 | *g2 | test.c:19:14:19:16 | *& ... | provenance | | +| test.c:10:24:10:24 | *m | test.c:10:24:10:24 | *m | provenance | | | test.c:10:24:10:24 | *m | test.c:10:43:10:43 | *m | provenance | | +| test.c:10:24:10:24 | *m | test.c:10:43:10:43 | *m | provenance | | +| test.c:13:12:13:14 | mtx_init output argument | test.c:3:7:3:8 | *g1 | provenance | | | test.c:13:12:13:14 | mtx_init output argument | test.c:14:17:14:19 | *& ... | provenance | | | test.c:13:12:13:14 | mtx_init output argument | test.c:15:14:15:16 | *& ... | provenance | | | test.c:15:14:15:16 | *& ... | test.c:10:24:10:24 | *m | provenance | | +| test.c:15:14:15:16 | *& ... | test.c:15:14:15:16 | doTimeLock output argument | provenance | | +| test.c:15:14:15:16 | doTimeLock output argument | test.c:3:7:3:8 | *g1 | provenance | | +| test.c:17:12:17:14 | mtx_init output argument | test.c:4:7:4:8 | *g2 | provenance | | | test.c:17:12:17:14 | mtx_init output argument | test.c:18:17:18:19 | *& ... | provenance | | | test.c:17:12:17:14 | mtx_init output argument | test.c:19:14:19:16 | *& ... | provenance | | | test.c:19:14:19:16 | *& ... | test.c:10:24:10:24 | *m | provenance | | +| test.c:19:14:19:16 | *& ... | test.c:19:14:19:16 | doTimeLock output argument | provenance | | +| test.c:19:14:19:16 | doTimeLock output argument | test.c:4:7:4:8 | *g2 | provenance | | | test.c:30:12:30:14 | mtx_init output argument | test.c:31:17:31:19 | *& ... | provenance | | | test.c:30:12:30:14 | mtx_init output argument | test.c:32:14:32:16 | *& ... | provenance | | | test.c:32:14:32:16 | *& ... | test.c:10:24:10:24 | *m | provenance | | @@ -16,14 +30,20 @@ edges | test.c:44:14:44:18 | *& ... | test.c:10:24:10:24 | *m | provenance | | | test.c:44:15:44:16 | *l3 [m] | test.c:44:14:44:18 | *& ... | provenance | | nodes +| test.c:3:7:3:8 | *g1 | semmle.label | *g1 | +| test.c:4:7:4:8 | *g2 | semmle.label | *g2 | +| test.c:10:24:10:24 | *m | semmle.label | *m | +| test.c:10:24:10:24 | *m | semmle.label | *m | | test.c:10:24:10:24 | *m | semmle.label | *m | | test.c:10:43:10:43 | *m | semmle.label | *m | | test.c:13:12:13:14 | mtx_init output argument | semmle.label | mtx_init output argument | | test.c:14:17:14:19 | *& ... | semmle.label | *& ... | | test.c:15:14:15:16 | *& ... | semmle.label | *& ... | +| test.c:15:14:15:16 | doTimeLock output argument | semmle.label | doTimeLock output argument | | test.c:17:12:17:14 | mtx_init output argument | semmle.label | mtx_init output argument | | test.c:18:17:18:19 | *& ... | semmle.label | *& ... | | test.c:19:14:19:16 | *& ... | semmle.label | *& ... | +| test.c:19:14:19:16 | doTimeLock output argument | semmle.label | doTimeLock output argument | | test.c:30:12:30:14 | mtx_init output argument | semmle.label | mtx_init output argument | | test.c:31:17:31:19 | *& ... | semmle.label | *& ... | | test.c:32:14:32:16 | *& ... | semmle.label | *& ... | @@ -34,6 +54,8 @@ nodes | test.c:44:14:44:18 | *& ... | semmle.label | *& ... | | test.c:44:15:44:16 | *l3 [m] | semmle.label | *l3 [m] | subpaths +| test.c:15:14:15:16 | *& ... | test.c:10:24:10:24 | *m | test.c:10:24:10:24 | *m | test.c:15:14:15:16 | doTimeLock output argument | +| test.c:19:14:19:16 | *& ... | test.c:10:24:10:24 | *m | test.c:10:24:10:24 | *m | test.c:19:14:19:16 | doTimeLock output argument | #select | test.c:10:43:10:43 | *m | test.c:13:12:13:14 | mtx_init output argument | test.c:10:43:10:43 | *m | Call to mtx_timedlock with mutex which is $@ without flag 'mtx_timed'. | test.c:13:12:13:14 | mtx_init output argument | initialized | | test.c:10:43:10:43 | *m | test.c:17:12:17:14 | mtx_init output argument | test.c:10:43:10:43 | *m | Call to mtx_timedlock with mutex which is $@ without flag 'mtx_timed'. | test.c:17:12:17:14 | mtx_init output argument | initialized | From 88d909e2e64b7651ddc6ca4e625fdd82e0521bb0 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Fri, 15 Aug 2025 16:41:41 +0200 Subject: [PATCH 062/104] Convert `ThrowingOperatorNewReturnsNull` to the new dataflow library --- .../ThrowingOperatorNewReturnsNull.qll | 2 +- .../ThrowingOperatorNewReturnsNull.expected | 8 +++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/cpp/common/src/codingstandards/cpp/rules/throwingoperatornewreturnsnull/ThrowingOperatorNewReturnsNull.qll b/cpp/common/src/codingstandards/cpp/rules/throwingoperatornewreturnsnull/ThrowingOperatorNewReturnsNull.qll index 09fbcb6316..5505a9f0b2 100644 --- a/cpp/common/src/codingstandards/cpp/rules/throwingoperatornewreturnsnull/ThrowingOperatorNewReturnsNull.qll +++ b/cpp/common/src/codingstandards/cpp/rules/throwingoperatornewreturnsnull/ThrowingOperatorNewReturnsNull.qll @@ -4,7 +4,7 @@ */ import cpp -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import codingstandards.cpp.allocations.CustomOperatorNewDelete import codingstandards.cpp.exceptions.ExceptionSpecifications import codingstandards.cpp.Customizations diff --git a/cpp/common/test/rules/throwingoperatornewreturnsnull/ThrowingOperatorNewReturnsNull.expected b/cpp/common/test/rules/throwingoperatornewreturnsnull/ThrowingOperatorNewReturnsNull.expected index 5e047a77da..5b77245dbd 100644 --- a/cpp/common/test/rules/throwingoperatornewreturnsnull/ThrowingOperatorNewReturnsNull.expected +++ b/cpp/common/test/rules/throwingoperatornewreturnsnull/ThrowingOperatorNewReturnsNull.expected @@ -3,10 +3,16 @@ problems | test.cpp:12:5:12:19 | return ... | test.cpp:12:12:12:18 | 0 | test.cpp:12:12:12:18 | 0 | operator new(size_t) may return null instead of throwing a std::bad_alloc exception. | | test.cpp:14:5:14:33 | return ... | test.cpp:4:10:4:23 | call to operator new | test.cpp:14:12:14:26 | call to can_return_null | operator new(size_t) may return null instead of throwing a std::bad_alloc exception. | edges -| test.cpp:4:10:4:23 | call to operator new | test.cpp:14:12:14:26 | call to can_return_null | provenance | | +| test.cpp:3:7:3:21 | *can_return_null | test.cpp:14:12:14:26 | call to can_return_null | provenance | | +| test.cpp:4:10:4:23 | call to operator new | test.cpp:3:7:3:21 | *can_return_null | provenance | | +| test.cpp:4:10:4:23 | call to operator new | test.cpp:4:10:4:23 | call to operator new | provenance | | +| test.cpp:8:23:8:23 | 0 | test.cpp:8:23:8:23 | 0 | provenance | | | test.cpp:8:23:8:23 | 0 | test.cpp:10:12:10:24 | localVariable | provenance | | nodes +| test.cpp:3:7:3:21 | *can_return_null | semmle.label | *can_return_null | | test.cpp:4:10:4:23 | call to operator new | semmle.label | call to operator new | +| test.cpp:4:10:4:23 | call to operator new | semmle.label | call to operator new | +| test.cpp:8:23:8:23 | 0 | semmle.label | 0 | | test.cpp:8:23:8:23 | 0 | semmle.label | 0 | | test.cpp:10:12:10:24 | localVariable | semmle.label | localVariable | | test.cpp:12:12:12:18 | 0 | semmle.label | 0 | From 65cf74de3c385dc5ddbca61821c7815fdd9b7ee8 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Fri, 15 Aug 2025 16:43:04 +0200 Subject: [PATCH 063/104] Convert `PredicateFunctionObjectsShouldNotBeMutable` to the new dataflow library --- .../PredicateFunctionObjectsShouldNotBeMutable.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/common/src/codingstandards/cpp/rules/predicatefunctionobjectsshouldnotbemutable/PredicateFunctionObjectsShouldNotBeMutable.qll b/cpp/common/src/codingstandards/cpp/rules/predicatefunctionobjectsshouldnotbemutable/PredicateFunctionObjectsShouldNotBeMutable.qll index ba2f6ed82a..7e3732fab0 100644 --- a/cpp/common/src/codingstandards/cpp/rules/predicatefunctionobjectsshouldnotbemutable/PredicateFunctionObjectsShouldNotBeMutable.qll +++ b/cpp/common/src/codingstandards/cpp/rules/predicatefunctionobjectsshouldnotbemutable/PredicateFunctionObjectsShouldNotBeMutable.qll @@ -9,7 +9,7 @@ import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions import codingstandards.cpp.SideEffect import codingstandards.cpp.sideeffect.DefaultEffects -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow abstract class PredicateFunctionObjectsShouldNotBeMutableSharedQuery extends Query { } From 01841f3031b2fb1d8db92887507af1bc3a951c12 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Fri, 15 Aug 2025 16:43:45 +0200 Subject: [PATCH 064/104] Remove redundant dataflow import --- .../PlacementNewInsufficientStorage.qll | 1 - .../PlacementNewNotProperlyAligned.qll | 1 - 2 files changed, 2 deletions(-) diff --git a/cpp/common/src/codingstandards/cpp/rules/placementnewinsufficientstorage/PlacementNewInsufficientStorage.qll b/cpp/common/src/codingstandards/cpp/rules/placementnewinsufficientstorage/PlacementNewInsufficientStorage.qll index 6b2c6c87c9..6eda89ed0b 100644 --- a/cpp/common/src/codingstandards/cpp/rules/placementnewinsufficientstorage/PlacementNewInsufficientStorage.qll +++ b/cpp/common/src/codingstandards/cpp/rules/placementnewinsufficientstorage/PlacementNewInsufficientStorage.qll @@ -7,7 +7,6 @@ import cpp import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions import codingstandards.cpp.allocations.PlacementNew -import semmle.code.cpp.dataflow.DataFlow import PlacementNewOriginFlow::PathGraph abstract class PlacementNewInsufficientStorageSharedQuery extends Query { } diff --git a/cpp/common/src/codingstandards/cpp/rules/placementnewnotproperlyaligned/PlacementNewNotProperlyAligned.qll b/cpp/common/src/codingstandards/cpp/rules/placementnewnotproperlyaligned/PlacementNewNotProperlyAligned.qll index d250061a23..edbb5b8979 100644 --- a/cpp/common/src/codingstandards/cpp/rules/placementnewnotproperlyaligned/PlacementNewNotProperlyAligned.qll +++ b/cpp/common/src/codingstandards/cpp/rules/placementnewnotproperlyaligned/PlacementNewNotProperlyAligned.qll @@ -7,7 +7,6 @@ import cpp import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions import codingstandards.cpp.allocations.PlacementNew -import semmle.code.cpp.dataflow.DataFlow import PlacementNewOriginFlow::PathGraph abstract class PlacementNewNotProperlyAlignedSharedQuery extends Query { } From 15eef22564c3a82fc742be8db6323ad44b427cf3 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Fri, 15 Aug 2025 16:44:54 +0200 Subject: [PATCH 065/104] Convert `OnlyFreeMemoryAllocatedDynamicallyShared` to the new dataflow library --- .../OnlyFreeMemoryAllocatedDynamicallyShared.expected | 6 +++++- .../OnlyFreeMemoryAllocatedDynamicallyShared.qll | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/c/common/test/rules/onlyfreememoryallocateddynamicallyshared/OnlyFreeMemoryAllocatedDynamicallyShared.expected b/c/common/test/rules/onlyfreememoryallocateddynamicallyshared/OnlyFreeMemoryAllocatedDynamicallyShared.expected index a6c41a6d75..cdfabea26c 100644 --- a/c/common/test/rules/onlyfreememoryallocateddynamicallyshared/OnlyFreeMemoryAllocatedDynamicallyShared.expected +++ b/c/common/test/rules/onlyfreememoryallocateddynamicallyshared/OnlyFreeMemoryAllocatedDynamicallyShared.expected @@ -7,8 +7,10 @@ problems | test.c:26:8:26:8 | p | test.c:25:13:25:14 | & ... | test.c:26:8:26:8 | p | Free expression frees memory which was not dynamically allocated. | edges | test.c:18:24:18:26 | ptr | test.c:18:36:18:38 | ptr | provenance | | +| test.c:25:13:25:14 | & ... | test.c:25:13:25:14 | & ... | provenance | | | test.c:25:13:25:14 | & ... | test.c:26:8:26:8 | p | provenance | | -| test.c:27:7:27:8 | & ... | test.c:28:15:28:15 | p | provenance | | +| test.c:27:3:27:8 | ... = ... | test.c:28:15:28:15 | p | provenance | | +| test.c:27:7:27:8 | & ... | test.c:27:3:27:8 | ... = ... | provenance | | | test.c:28:15:28:15 | p | test.c:18:24:18:26 | ptr | provenance | | nodes | test.c:8:8:8:10 | g_p | semmle.label | g_p | @@ -18,7 +20,9 @@ nodes | test.c:18:24:18:26 | ptr | semmle.label | ptr | | test.c:18:36:18:38 | ptr | semmle.label | ptr | | test.c:25:13:25:14 | & ... | semmle.label | & ... | +| test.c:25:13:25:14 | & ... | semmle.label | & ... | | test.c:26:8:26:8 | p | semmle.label | p | +| test.c:27:3:27:8 | ... = ... | semmle.label | ... = ... | | test.c:27:7:27:8 | & ... | semmle.label | & ... | | test.c:28:15:28:15 | p | semmle.label | p | subpaths diff --git a/cpp/common/src/codingstandards/cpp/rules/onlyfreememoryallocateddynamicallyshared/OnlyFreeMemoryAllocatedDynamicallyShared.qll b/cpp/common/src/codingstandards/cpp/rules/onlyfreememoryallocateddynamicallyshared/OnlyFreeMemoryAllocatedDynamicallyShared.qll index 89c732ff5a..d89755c999 100644 --- a/cpp/common/src/codingstandards/cpp/rules/onlyfreememoryallocateddynamicallyshared/OnlyFreeMemoryAllocatedDynamicallyShared.qll +++ b/cpp/common/src/codingstandards/cpp/rules/onlyfreememoryallocateddynamicallyshared/OnlyFreeMemoryAllocatedDynamicallyShared.qll @@ -7,7 +7,7 @@ import cpp import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions import codingstandards.cpp.Allocations -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import NonDynamicPointerToFreeFlow::PathGraph /** From 68956c9e44919635b5de6eedd1f53aee39466e93 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Fri, 15 Aug 2025 16:45:40 +0200 Subject: [PATCH 066/104] Convert `InvalidatedEnvStringPointers` to the new dataflow library --- .../InvalidatedEnvStringPointers.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/common/src/codingstandards/cpp/rules/invalidatedenvstringpointers/InvalidatedEnvStringPointers.qll b/cpp/common/src/codingstandards/cpp/rules/invalidatedenvstringpointers/InvalidatedEnvStringPointers.qll index 50b27d819d..38215c602f 100644 --- a/cpp/common/src/codingstandards/cpp/rules/invalidatedenvstringpointers/InvalidatedEnvStringPointers.qll +++ b/cpp/common/src/codingstandards/cpp/rules/invalidatedenvstringpointers/InvalidatedEnvStringPointers.qll @@ -6,7 +6,7 @@ import cpp import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow abstract class InvalidatedEnvStringPointersSharedQuery extends Query { } From 635eca04613f5002af5d1e4ae021262ec99fc1d8 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 18 Aug 2025 11:20:34 +0200 Subject: [PATCH 067/104] Convert `FunctionErroneousReturnValueNotTested` to the new dataflow library --- .../FunctionErroneousReturnValueNotTested.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/common/src/codingstandards/cpp/rules/functionerroneousreturnvaluenottested/FunctionErroneousReturnValueNotTested.qll b/cpp/common/src/codingstandards/cpp/rules/functionerroneousreturnvaluenottested/FunctionErroneousReturnValueNotTested.qll index 93177e4f46..e7e25cf7b0 100644 --- a/cpp/common/src/codingstandards/cpp/rules/functionerroneousreturnvaluenottested/FunctionErroneousReturnValueNotTested.qll +++ b/cpp/common/src/codingstandards/cpp/rules/functionerroneousreturnvaluenottested/FunctionErroneousReturnValueNotTested.qll @@ -4,7 +4,7 @@ import cpp import codingstandards.cpp.Customizations -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import semmle.code.cpp.controlflow.Guards import codingstandards.cpp.Exclusions From 76642a8f5bb0f298eff8267b88c084db44a8086a Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 18 Aug 2025 11:33:39 +0200 Subject: [PATCH 068/104] Update `DoNotPassAliasedPointerToRestrictQualifiedParamShared` to the new dataflow library --- .../DoNotPassAliasedPointerToRestrictQualifiedParamShared.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/common/src/codingstandards/cpp/rules/donotpassaliasedpointertorestrictqualifiedparamshared/DoNotPassAliasedPointerToRestrictQualifiedParamShared.qll b/cpp/common/src/codingstandards/cpp/rules/donotpassaliasedpointertorestrictqualifiedparamshared/DoNotPassAliasedPointerToRestrictQualifiedParamShared.qll index 79eda7714d..edd3e8305e 100644 --- a/cpp/common/src/codingstandards/cpp/rules/donotpassaliasedpointertorestrictqualifiedparamshared/DoNotPassAliasedPointerToRestrictQualifiedParamShared.qll +++ b/cpp/common/src/codingstandards/cpp/rules/donotpassaliasedpointertorestrictqualifiedparamshared/DoNotPassAliasedPointerToRestrictQualifiedParamShared.qll @@ -7,7 +7,7 @@ import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions import codingstandards.cpp.types.Pointers import codingstandards.cpp.Variable -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import semmle.code.cpp.pointsto.PointsTo import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis From 6edece65714fc07e73a622e39167b9270c40cf8d Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Tue, 19 Aug 2025 11:42:36 +0200 Subject: [PATCH 069/104] Convert M9-3-1 to the new dataflow library --- .../ConstMemberFunctionReturnsNonConstPointer.ql | 14 ++++++++------ ...stMemberFunctionReturnsNonConstPointer.expected | 2 -- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/cpp/autosar/src/rules/M9-3-1/ConstMemberFunctionReturnsNonConstPointer.ql b/cpp/autosar/src/rules/M9-3-1/ConstMemberFunctionReturnsNonConstPointer.ql index 559b41527c..322430fa5b 100644 --- a/cpp/autosar/src/rules/M9-3-1/ConstMemberFunctionReturnsNonConstPointer.ql +++ b/cpp/autosar/src/rules/M9-3-1/ConstMemberFunctionReturnsNonConstPointer.ql @@ -18,7 +18,7 @@ import cpp import codingstandards.cpp.autosar -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow class ReferenceTypeWithNonConstBaseType extends ReferenceType { ReferenceTypeWithNonConstBaseType() { not this.getBaseType().isConst() } @@ -46,14 +46,16 @@ class ConstMemberFunctionWithRetNonConst extends ConstMemberFunction { from ConstMemberFunctionWithRetNonConst fun, Locatable f where not isExcluded(fun, ConstPackage::constMemberFunctionReturnsNonConstPointerQuery()) and - exists(ReturnStmt ret | + exists(ReturnStmt ret, DataFlow::Node vaNode, DataFlow::Node retNode | ret.getEnclosingFunction() = fun and + retNode.asIndirectExpr() = ret.getExpr() and ( - f.(MemberVariable).getDeclaringType() = fun.getDeclaringType() and - DataFlow::localExprFlow(f.(MemberVariable).getAnAccess(), ret.getExpr()) + vaNode.asIndirectExpr() = f.(MemberVariable).getAnAccess() and + f.(MemberVariable).getDeclaringType() = fun.getDeclaringType() or - DataFlow::localExprFlow(f.(ThisExpr), ret.getExpr()) - ) + vaNode.asIndirectExpr() = f.(ThisExpr) + ) and + DataFlow::localFlow(vaNode, retNode) ) select fun, "Const member function returns a " + fun.getReturnTypeCategory() + " to class data $@.", f, f.toString() diff --git a/cpp/autosar/test/rules/M9-3-1/ConstMemberFunctionReturnsNonConstPointer.expected b/cpp/autosar/test/rules/M9-3-1/ConstMemberFunctionReturnsNonConstPointer.expected index af7e9efc36..ee9652f505 100644 --- a/cpp/autosar/test/rules/M9-3-1/ConstMemberFunctionReturnsNonConstPointer.expected +++ b/cpp/autosar/test/rules/M9-3-1/ConstMemberFunctionReturnsNonConstPointer.expected @@ -1,5 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ConstMemberFunctionReturnsNonConstPointer.ql:53,7-15) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ConstMemberFunctionReturnsNonConstPointer.ql:55,7-15) | test.cpp:8:8:8:11 | getA | Const member function returns a pointer to class data $@. | test.cpp:3:8:3:8 | a | a | | test.cpp:9:8:9:11 | getB | Const member function returns a pointer to class data $@. | test.cpp:4:8:4:8 | b | b | | test.cpp:11:6:11:12 | getThis | Const member function returns a pointer to class data $@. | test.cpp:11:36:11:39 | this | this | From 5b035595e1f17f6fdec4a3c95c49b8132e3aa181 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Tue, 19 Aug 2025 11:46:25 +0200 Subject: [PATCH 070/104] Convert A8-4-9 to the new dataflow library --- .../src/rules/A8-4-9/InOutParametersDeclaredAsTNotModified.ql | 2 +- .../rules/A8-4-9/InOutParametersDeclaredAsTNotModified.expected | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/cpp/autosar/src/rules/A8-4-9/InOutParametersDeclaredAsTNotModified.ql b/cpp/autosar/src/rules/A8-4-9/InOutParametersDeclaredAsTNotModified.ql index 3b30eb676a..a6df2fd5e5 100644 --- a/cpp/autosar/src/rules/A8-4-9/InOutParametersDeclaredAsTNotModified.ql +++ b/cpp/autosar/src/rules/A8-4-9/InOutParametersDeclaredAsTNotModified.ql @@ -21,7 +21,7 @@ import codingstandards.cpp.autosar import codingstandards.cpp.FunctionParameter import codingstandards.cpp.ConstHelpers import codingstandards.cpp.Operator -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow /** * Non-const T& `Parameter`s to `Function`s diff --git a/cpp/autosar/test/rules/A8-4-9/InOutParametersDeclaredAsTNotModified.expected b/cpp/autosar/test/rules/A8-4-9/InOutParametersDeclaredAsTNotModified.expected index 25fe77d9a5..e3cfa71bb7 100644 --- a/cpp/autosar/test/rules/A8-4-9/InOutParametersDeclaredAsTNotModified.expected +++ b/cpp/autosar/test/rules/A8-4-9/InOutParametersDeclaredAsTNotModified.expected @@ -1,5 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (InOutParametersDeclaredAsTNotModified.ql:50,7-15) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (InOutParametersDeclaredAsTNotModified.ql:64,7-15) | test.cpp:4:13:4:13 | i | In-out parameter i that is not written to. | | test.cpp:7:22:7:24 | str | In-out parameter str that is not read from. | | test.cpp:18:14:18:14 | i | In-out parameter i that is not read from. | From aa1c3af8fa6a414e8364a3293a58f14e8726a49d Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Tue, 19 Aug 2025 11:50:04 +0200 Subject: [PATCH 071/104] Conver A8-4-11 to the new dataflow library --- .../A8-4-11/SmartPointerAsParameterWithoutLifetimeSemantics.ql | 2 +- .../SmartPointerAsParameterWithoutLifetimeSemantics.expected | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/cpp/autosar/src/rules/A8-4-11/SmartPointerAsParameterWithoutLifetimeSemantics.ql b/cpp/autosar/src/rules/A8-4-11/SmartPointerAsParameterWithoutLifetimeSemantics.ql index 0bf42ce4ca..83c73902db 100644 --- a/cpp/autosar/src/rules/A8-4-11/SmartPointerAsParameterWithoutLifetimeSemantics.ql +++ b/cpp/autosar/src/rules/A8-4-11/SmartPointerAsParameterWithoutLifetimeSemantics.ql @@ -16,7 +16,7 @@ import cpp import codingstandards.cpp.autosar import codingstandards.cpp.SmartPointers -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import codingstandards.cpp.standardlibrary.Utility Expr lifetimeAffectingSmartPointerExpr(Function f) { diff --git a/cpp/autosar/test/rules/A8-4-11/SmartPointerAsParameterWithoutLifetimeSemantics.expected b/cpp/autosar/test/rules/A8-4-11/SmartPointerAsParameterWithoutLifetimeSemantics.expected index 2ce56fdce9..b751d81835 100644 --- a/cpp/autosar/test/rules/A8-4-11/SmartPointerAsParameterWithoutLifetimeSemantics.expected +++ b/cpp/autosar/test/rules/A8-4-11/SmartPointerAsParameterWithoutLifetimeSemantics.expected @@ -1,5 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (SmartPointerAsParameterWithoutLifetimeSemantics.ql:47,3-11) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (SmartPointerAsParameterWithoutLifetimeSemantics.ql:56,5-13) | test.cpp:7:41:7:43 | up1 | Function $@ takes smart pointer parameter 'up1' but does not implement any lifetime-affecting operations. | test.cpp:7:6:7:18 | smart_ptr_get | smart_ptr_get | | test.cpp:16:53:16:55 | sp1 | Function $@ takes smart pointer parameter 'sp1' but does not implement any lifetime-affecting operations. | test.cpp:16:6:16:29 | smart_ptr_ref_assign_ref | smart_ptr_ref_assign_ref | | test.cpp:28:55:28:57 | sp1 | Function $@ takes smart pointer parameter 'sp1' but does not implement any lifetime-affecting operations. | test.cpp:28:6:28:31 | smart_ptr_ref_noncompliant | smart_ptr_ref_noncompliant | From 0ae008727c55e25cd0138d1ba11c94b0b2c7daa8 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Tue, 19 Aug 2025 13:41:50 +0200 Subject: [PATCH 072/104] Convert STR31-C to the new dataflow library --- .../StringsHasSufficientSpaceForTheNullTerminator.ql | 2 +- .../StringsHasSufficientSpaceForTheNullTerminator.expected | 6 ------ 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/c/cert/src/rules/STR31-C/StringsHasSufficientSpaceForTheNullTerminator.ql b/c/cert/src/rules/STR31-C/StringsHasSufficientSpaceForTheNullTerminator.ql index 437b13f7f9..15d895c1f0 100644 --- a/c/cert/src/rules/STR31-C/StringsHasSufficientSpaceForTheNullTerminator.ql +++ b/c/cert/src/rules/STR31-C/StringsHasSufficientSpaceForTheNullTerminator.ql @@ -20,7 +20,7 @@ import cpp import codingstandards.c.cert -import semmle.code.cpp.dataflow.TaintTracking +import semmle.code.cpp.dataflow.new.TaintTracking import codingstandards.cpp.PossiblyUnsafeStringOperation /** diff --git a/c/cert/test/rules/STR31-C/StringsHasSufficientSpaceForTheNullTerminator.expected b/c/cert/test/rules/STR31-C/StringsHasSufficientSpaceForTheNullTerminator.expected index 9a87a6775b..71e713d120 100644 --- a/c/cert/test/rules/STR31-C/StringsHasSufficientSpaceForTheNullTerminator.expected +++ b/c/cert/test/rules/STR31-C/StringsHasSufficientSpaceForTheNullTerminator.expected @@ -1,9 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (StringsHasSufficientSpaceForTheNullTerminator.ql:62,31-39) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (StringsHasSufficientSpaceForTheNullTerminator.ql:62,55-63) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (StringsHasSufficientSpaceForTheNullTerminator.ql:68,31-39) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (StringsHasSufficientSpaceForTheNullTerminator.ql:68,54-62) -WARNING: module 'TaintTracking' has been deprecated and may be removed in future (StringsHasSufficientSpaceForTheNullTerminator.ql:62,5-18) -WARNING: module 'TaintTracking' has been deprecated and may be removed in future (StringsHasSufficientSpaceForTheNullTerminator.ql:68,5-18) | test.c:10:20:10:24 | Cod | Expression produces or consumes a string that may not have sufficient space for a null-terminator. | | test.c:16:3:16:9 | call to strncpy | Expression produces or consumes a string that may not have sufficient space for a null-terminator. | | test.c:26:3:26:10 | call to snprintf | Expression produces or consumes a string that may not have sufficient space for a null-terminator. | From d3dbc96c04302f8bb0ff03e18d51dc371c64ccc2 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Tue, 19 Aug 2025 19:59:53 +0200 Subject: [PATCH 073/104] Convert `FileStreams.qll` to the new dataflow library --- .../src/codingstandards/cpp/standardlibrary/FileStreams.qll | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cpp/common/src/codingstandards/cpp/standardlibrary/FileStreams.qll b/cpp/common/src/codingstandards/cpp/standardlibrary/FileStreams.qll index 99eec1f5e0..4714fde6a2 100644 --- a/cpp/common/src/codingstandards/cpp/standardlibrary/FileStreams.qll +++ b/cpp/common/src/codingstandards/cpp/standardlibrary/FileStreams.qll @@ -10,8 +10,8 @@ */ import cpp -private import semmle.code.cpp.dataflow.DataFlow -private import semmle.code.cpp.dataflow.TaintTracking +private import semmle.code.cpp.dataflow.new.DataFlow +private import semmle.code.cpp.dataflow.new.TaintTracking private import codingstandards.cpp.Operator /** From 404692bf1e872a4772c2ce8e40c64b1e2c7d920c Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Tue, 19 Aug 2025 20:00:30 +0200 Subject: [PATCH 074/104] Convert `DoNotAccessAClosedFile` to the new dataflow library --- .../donotaccessaclosedfile/DoNotAccessAClosedFile.qll | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/cpp/common/src/codingstandards/cpp/rules/donotaccessaclosedfile/DoNotAccessAClosedFile.qll b/cpp/common/src/codingstandards/cpp/rules/donotaccessaclosedfile/DoNotAccessAClosedFile.qll index 83266ed524..86f50c7538 100644 --- a/cpp/common/src/codingstandards/cpp/rules/donotaccessaclosedfile/DoNotAccessAClosedFile.qll +++ b/cpp/common/src/codingstandards/cpp/rules/donotaccessaclosedfile/DoNotAccessAClosedFile.qll @@ -6,7 +6,7 @@ import cpp import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import codingstandards.cpp.standardlibrary.FileAccess import semmle.code.cpp.controlflow.SubBasicBlocks @@ -40,9 +40,10 @@ SubBasicBlock followsFileClose(SubBasicBlock source, Expr closedFile) { // the argument of a call to function `fclose(FILE*)` is subsequently accessed predicate closedFileAccess(Expr closedFile, Expr fileAccess) { - exists(DataFlow::DefinitionByReferenceNode def | + exists(DataFlow::DefinitionByReferenceNode def, DataFlow::Node va | + va.asIndirectExpr() = fileAccess.(VariableAccess) and def.asDefiningArgument() = closedFile and - DataFlow::localFlow(def, DataFlow::exprNode(fileAccess.(VariableAccess))) + DataFlow::localFlow(def, va) ) } From 8d8cedc64f15ca8a4c32986677e923956ff36730 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Thu, 21 Aug 2025 11:36:51 +0200 Subject: [PATCH 075/104] Update `OwnedPointerValueStoredInUnrelatedSmartPointer` to the new dataflow library Note this introduces some new results. This seems to be correct, as before the update the query seemed to have missed problems with code like the following: ```cpp void f3(int *v1) { int *v2 = v1; std::shared_ptr p1(v1); // NON_COMPLIANT new std::shared_ptr(p1.get()); // NON_COMPLIANT new std::shared_ptr(v2); // NON_COMPLIANT } void f4() { f3(new int(0)); } ``` --- ...nterValueStoredInUnrelatedSmartPointer.qll | 2 +- ...alueStoredInUnrelatedSmartPointer.expected | 42 ++++++++++++++----- 2 files changed, 32 insertions(+), 12 deletions(-) diff --git a/cpp/common/src/codingstandards/cpp/rules/ownedpointervaluestoredinunrelatedsmartpointer/OwnedPointerValueStoredInUnrelatedSmartPointer.qll b/cpp/common/src/codingstandards/cpp/rules/ownedpointervaluestoredinunrelatedsmartpointer/OwnedPointerValueStoredInUnrelatedSmartPointer.qll index 2ee92b1611..677271db44 100644 --- a/cpp/common/src/codingstandards/cpp/rules/ownedpointervaluestoredinunrelatedsmartpointer/OwnedPointerValueStoredInUnrelatedSmartPointer.qll +++ b/cpp/common/src/codingstandards/cpp/rules/ownedpointervaluestoredinunrelatedsmartpointer/OwnedPointerValueStoredInUnrelatedSmartPointer.qll @@ -8,7 +8,7 @@ import cpp import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions import codingstandards.cpp.SmartPointers -import semmle.code.cpp.dataflow.TaintTracking +import semmle.code.cpp.dataflow.new.TaintTracking import PointerToSmartPointerConstructorFlowFlow::PathGraph abstract class OwnedPointerValueStoredInUnrelatedSmartPointerSharedQuery extends Query { } diff --git a/cpp/common/test/rules/ownedpointervaluestoredinunrelatedsmartpointer/OwnedPointerValueStoredInUnrelatedSmartPointer.expected b/cpp/common/test/rules/ownedpointervaluestoredinunrelatedsmartpointer/OwnedPointerValueStoredInUnrelatedSmartPointer.expected index 7790582443..00f3128a8b 100644 --- a/cpp/common/test/rules/ownedpointervaluestoredinunrelatedsmartpointer/OwnedPointerValueStoredInUnrelatedSmartPointer.expected +++ b/cpp/common/test/rules/ownedpointervaluestoredinunrelatedsmartpointer/OwnedPointerValueStoredInUnrelatedSmartPointer.expected @@ -1,44 +1,64 @@ problems +| test.cpp:5:27:5:28 | v1 | test.cpp:4:13:4:14 | v1 | test.cpp:5:27:5:28 | v1 | Raw pointer flows to initialize multiple unrelated smart pointers. | | test.cpp:5:27:5:28 | v1 | test.cpp:16:13:16:22 | new | test.cpp:5:27:5:28 | v1 | Raw pointer flows to initialize multiple unrelated smart pointers. | +| test.cpp:6:31:6:33 | call to get | test.cpp:4:13:4:14 | v1 | test.cpp:6:31:6:33 | call to get | Raw pointer flows to initialize multiple unrelated smart pointers. | | test.cpp:6:31:6:33 | call to get | test.cpp:16:13:16:22 | new | test.cpp:6:31:6:33 | call to get | Raw pointer flows to initialize multiple unrelated smart pointers. | +| test.cpp:7:28:7:29 | v2 | test.cpp:4:13:4:14 | v1 | test.cpp:7:28:7:29 | v2 | Raw pointer flows to initialize multiple unrelated smart pointers. | | test.cpp:7:28:7:29 | v2 | test.cpp:16:13:16:22 | new | test.cpp:7:28:7:29 | v2 | Raw pointer flows to initialize multiple unrelated smart pointers. | | test.cpp:11:28:11:29 | v2 | test.cpp:10:8:10:17 | new | test.cpp:11:28:11:29 | v2 | Raw pointer flows to initialize multiple unrelated smart pointers. | | test.cpp:12:28:12:29 | v2 | test.cpp:10:8:10:17 | new | test.cpp:12:28:12:29 | v2 | Raw pointer flows to initialize multiple unrelated smart pointers. | | test.cpp:17:27:17:28 | v1 | test.cpp:16:13:16:22 | new | test.cpp:17:27:17:28 | v1 | Raw pointer flows to initialize multiple unrelated smart pointers. | edges +| test.cpp:3:14:3:15 | v1 | test.cpp:4:13:4:14 | v1 | provenance | | | test.cpp:3:14:3:15 | v1 | test.cpp:5:27:5:28 | v1 | provenance | | | test.cpp:3:14:3:15 | v1 | test.cpp:5:27:5:28 | v1 | provenance | | -| test.cpp:3:14:3:15 | v1 | test.cpp:7:28:7:29 | v2 | provenance | | +| test.cpp:4:13:4:14 | v1 | test.cpp:4:13:4:14 | v1 | provenance | | +| test.cpp:4:13:4:14 | v1 | test.cpp:5:27:5:28 | v1 | provenance | | +| test.cpp:4:13:4:14 | v1 | test.cpp:5:27:5:28 | v1 | provenance | | | test.cpp:4:13:4:14 | v1 | test.cpp:7:28:7:29 | v2 | provenance | | -| test.cpp:5:27:5:28 | v1 | test.cpp:5:27:5:29 | call to shared_ptr | provenance | | -| test.cpp:5:27:5:28 | v1 | test.cpp:5:27:5:29 | call to shared_ptr | provenance | Config | -| test.cpp:5:27:5:29 | call to shared_ptr | test.cpp:6:28:6:29 | p1 | provenance | | -| test.cpp:5:27:5:29 | call to shared_ptr | test.cpp:6:28:6:29 | p1 | provenance | | +| test.cpp:4:13:4:14 | v1 | test.cpp:7:28:7:29 | v2 | provenance | | +| test.cpp:5:24:5:25 | call to shared_ptr | test.cpp:6:28:6:29 | p1 | provenance | | +| test.cpp:5:24:5:25 | call to shared_ptr | test.cpp:6:28:6:29 | p1 | provenance | | +| test.cpp:5:27:5:28 | v1 | test.cpp:5:24:5:25 | call to shared_ptr | provenance | Config | +| test.cpp:5:27:5:28 | v1 | test.cpp:5:24:5:25 | call to shared_ptr | provenance | Config | | test.cpp:6:28:6:29 | p1 | test.cpp:6:31:6:33 | call to get | provenance | Config | | test.cpp:6:28:6:29 | p1 | test.cpp:6:31:6:33 | call to get | provenance | Config | -| test.cpp:8:8:8:14 | 0 | test.cpp:9:28:9:29 | v2 | provenance | | -| test.cpp:10:8:10:17 | new | test.cpp:11:28:11:29 | v2 | provenance | | -| test.cpp:10:8:10:17 | new | test.cpp:12:28:12:29 | v2 | provenance | | +| test.cpp:8:3:8:14 | ... = ... | test.cpp:9:28:9:29 | v2 | provenance | | +| test.cpp:8:8:8:14 | 0 | test.cpp:8:3:8:14 | ... = ... | provenance | | +| test.cpp:10:3:10:17 | ... = ... | test.cpp:11:28:11:29 | v2 | provenance | | +| test.cpp:10:3:10:17 | ... = ... | test.cpp:11:28:11:29 | v2 | provenance | | +| test.cpp:10:8:10:17 | new | test.cpp:10:3:10:17 | ... = ... | provenance | | +| test.cpp:11:28:11:29 | v2 | test.cpp:12:28:12:29 | v2 | provenance | | +| test.cpp:16:13:16:22 | new | test.cpp:16:13:16:22 | new | provenance | | +| test.cpp:16:13:16:22 | new | test.cpp:17:27:17:28 | v1 | provenance | | | test.cpp:16:13:16:22 | new | test.cpp:17:27:17:28 | v1 | provenance | | -| test.cpp:16:13:16:22 | new | test.cpp:19:6:19:7 | v1 | provenance | | +| test.cpp:17:27:17:28 | v1 | test.cpp:19:6:19:7 | v1 | provenance | | | test.cpp:19:6:19:7 | v1 | test.cpp:3:14:3:15 | v1 | provenance | | nodes | test.cpp:3:14:3:15 | v1 | semmle.label | v1 | | test.cpp:4:13:4:14 | v1 | semmle.label | v1 | +| test.cpp:4:13:4:14 | v1 | semmle.label | v1 | +| test.cpp:4:13:4:14 | v1 | semmle.label | v1 | +| test.cpp:5:24:5:25 | call to shared_ptr | semmle.label | call to shared_ptr | +| test.cpp:5:24:5:25 | call to shared_ptr | semmle.label | call to shared_ptr | +| test.cpp:5:27:5:28 | v1 | semmle.label | v1 | | test.cpp:5:27:5:28 | v1 | semmle.label | v1 | | test.cpp:5:27:5:28 | v1 | semmle.label | v1 | -| test.cpp:5:27:5:29 | call to shared_ptr | semmle.label | call to shared_ptr | -| test.cpp:5:27:5:29 | call to shared_ptr | semmle.label | call to shared_ptr | | test.cpp:6:28:6:29 | p1 | semmle.label | p1 | | test.cpp:6:28:6:29 | p1 | semmle.label | p1 | | test.cpp:6:31:6:33 | call to get | semmle.label | call to get | | test.cpp:7:28:7:29 | v2 | semmle.label | v2 | +| test.cpp:8:3:8:14 | ... = ... | semmle.label | ... = ... | | test.cpp:8:8:8:14 | 0 | semmle.label | 0 | | test.cpp:9:28:9:29 | v2 | semmle.label | v2 | +| test.cpp:10:3:10:17 | ... = ... | semmle.label | ... = ... | | test.cpp:10:8:10:17 | new | semmle.label | new | | test.cpp:11:28:11:29 | v2 | semmle.label | v2 | +| test.cpp:11:28:11:29 | v2 | semmle.label | v2 | | test.cpp:12:28:12:29 | v2 | semmle.label | v2 | | test.cpp:16:13:16:22 | new | semmle.label | new | +| test.cpp:16:13:16:22 | new | semmle.label | new | +| test.cpp:17:27:17:28 | v1 | semmle.label | v1 | | test.cpp:17:27:17:28 | v1 | semmle.label | v1 | | test.cpp:19:6:19:7 | v1 | semmle.label | v1 | subpaths From 75c526358d7d6990b7919bd92f20ac9ce88774d7 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Thu, 21 Aug 2025 13:44:22 +0200 Subject: [PATCH 076/104] Update `MovedFromObjectsUnspecifiedState` to the new dataflow library --- .../MovedFromObjectsUnspecifiedState.qll | 9 +++++---- .../MovedFromObjectsUnspecifiedState.expected | 2 +- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/cpp/common/src/codingstandards/cpp/rules/movedfromobjectsunspecifiedstate/MovedFromObjectsUnspecifiedState.qll b/cpp/common/src/codingstandards/cpp/rules/movedfromobjectsunspecifiedstate/MovedFromObjectsUnspecifiedState.qll index f17da7e457..ad1d9f009f 100644 --- a/cpp/common/src/codingstandards/cpp/rules/movedfromobjectsunspecifiedstate/MovedFromObjectsUnspecifiedState.qll +++ b/cpp/common/src/codingstandards/cpp/rules/movedfromobjectsunspecifiedstate/MovedFromObjectsUnspecifiedState.qll @@ -4,7 +4,7 @@ */ import cpp -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import codingstandards.cpp.Exclusions import codingstandards.cpp.standardlibrary.Utility @@ -75,9 +75,10 @@ query predicate problems(Expr e, string message, StdMoveCall f, string argDesc) not e instanceof ReassignedExpression and // object moved to safe functions are preserved not exists(SafeRead safe | f = safe.getArgument(0)) and - exists(DataFlow::DefinitionByReferenceNode def | - def.asDefiningArgument() = f and - DataFlow::localFlow(def, DataFlow::exprNode(e)) + exists(DataFlow::DefinitionByReferenceNode def, DataFlow::Node n | + f.getArgument(0) = def.getArgument() and + n.asIndirectExpr() = e and + DataFlow::localFlow(def, n) ) and message = "The argument of the $@ may be indeterminate when accessed at this location." and argDesc = f.toString() diff --git a/cpp/common/test/rules/movedfromobjectsunspecifiedstate/MovedFromObjectsUnspecifiedState.expected b/cpp/common/test/rules/movedfromobjectsunspecifiedstate/MovedFromObjectsUnspecifiedState.expected index 7f8c6b9a50..48cce53ea6 100644 --- a/cpp/common/test/rules/movedfromobjectsunspecifiedstate/MovedFromObjectsUnspecifiedState.expected +++ b/cpp/common/test/rules/movedfromobjectsunspecifiedstate/MovedFromObjectsUnspecifiedState.expected @@ -1,5 +1,5 @@ | test.cpp:9:16:9:17 | s1 | The argument of the $@ may be indeterminate when accessed at this location. | test.cpp:7:18:7:26 | call to move | call to move | | test.cpp:30:5:30:5 | s | The argument of the $@ may be indeterminate when accessed at this location. | test.cpp:31:11:31:19 | call to move | call to move | -| test.cpp:31:11:31:22 | call to basic_string | The argument of the $@ may be indeterminate when accessed at this location. | test.cpp:31:11:31:19 | call to move | call to move | +| test.cpp:31:11:31:19 | call to move | The argument of the $@ may be indeterminate when accessed at this location. | test.cpp:31:11:31:19 | call to move | call to move | | test.cpp:31:21:31:21 | s | The argument of the $@ may be indeterminate when accessed at this location. | test.cpp:31:11:31:19 | call to move | call to move | | test.cpp:79:16:79:23 | s_global | The argument of the $@ may be indeterminate when accessed at this location. | test.cpp:78:18:78:26 | call to move | call to move | From 6fc0b5e9a7c494cf35706f211fa345663fd149b2 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Thu, 21 Aug 2025 13:54:43 +0200 Subject: [PATCH 077/104] Update `DoNotUseRelationalOperatorsWithDifferingArrays` to the new dataflow library --- ...ionalOperatorsWithDifferingArrays.expected | 38 +++++++++++-------- ...RelationalOperatorsWithDifferingArrays.qll | 4 +- ...ionalOperatorsWithDifferingArrays.expected | 38 +++++++++++-------- 3 files changed, 49 insertions(+), 31 deletions(-) diff --git a/c/common/test/rules/donotuserelationaloperatorswithdifferingarrays/DoNotUseRelationalOperatorsWithDifferingArrays.expected b/c/common/test/rules/donotuserelationaloperatorswithdifferingarrays/DoNotUseRelationalOperatorsWithDifferingArrays.expected index bda6c7ad05..8625b9793d 100644 --- a/c/common/test/rules/donotuserelationaloperatorswithdifferingarrays/DoNotUseRelationalOperatorsWithDifferingArrays.expected +++ b/c/common/test/rules/donotuserelationaloperatorswithdifferingarrays/DoNotUseRelationalOperatorsWithDifferingArrays.expected @@ -10,27 +10,35 @@ problems | test.c:25:7:25:14 | ... >= ... | test.c:7:14:7:15 | l1 | test.c:25:7:25:8 | p1 | Compare operation >= comparing left operand pointing to array $@ and other operand pointing to array $@. | test.c:2:7:2:8 | l1 | l1 | test.c:4:7:4:8 | l3 | l3 | | test.c:25:7:25:14 | ... >= ... | test.c:25:13:25:14 | l3 | test.c:25:13:25:14 | l3 | Compare operation >= comparing right operand pointing to array $@ and other operand pointing to array $@. | test.c:4:7:4:8 | l3 | l3 | test.c:2:7:2:8 | l1 | l1 | edges +| test.c:6:13:6:14 | l1 | test.c:6:13:6:14 | l1 | provenance | | | test.c:6:13:6:14 | l1 | test.c:13:12:13:13 | p0 | provenance | | -| test.c:7:14:7:15 | l1 | test.c:7:14:7:18 | access to array | provenance | Config | -| test.c:7:14:7:18 | access to array | test.c:11:7:11:8 | p1 | provenance | | -| test.c:7:14:7:18 | access to array | test.c:13:7:13:8 | p1 | provenance | | -| test.c:7:14:7:18 | access to array | test.c:15:13:15:14 | p1 | provenance | | -| test.c:7:14:7:18 | access to array | test.c:17:7:17:8 | p1 | provenance | | -| test.c:7:14:7:18 | access to array | test.c:23:13:23:14 | p1 | provenance | | -| test.c:7:14:7:18 | access to array | test.c:25:7:25:8 | p1 | provenance | | -| test.c:8:14:8:15 | l1 | test.c:8:14:8:18 | access to array | provenance | Config | -| test.c:8:14:8:18 | access to array | test.c:11:12:11:13 | p2 | provenance | | -| test.c:8:14:8:18 | access to array | test.c:21:7:21:8 | p2 | provenance | | -| test.c:9:14:9:15 | l2 | test.c:9:14:9:18 | access to array | provenance | Config | -| test.c:9:14:9:18 | access to array | test.c:21:12:21:13 | p3 | provenance | | +| test.c:7:13:7:18 | & ... | test.c:7:13:7:18 | & ... | provenance | | +| test.c:7:13:7:18 | & ... | test.c:11:7:11:8 | p1 | provenance | | +| test.c:7:13:7:18 | & ... | test.c:13:7:13:8 | p1 | provenance | | +| test.c:7:13:7:18 | & ... | test.c:15:13:15:14 | p1 | provenance | | +| test.c:7:13:7:18 | & ... | test.c:17:7:17:8 | p1 | provenance | | +| test.c:7:13:7:18 | & ... | test.c:23:13:23:14 | p1 | provenance | | +| test.c:7:13:7:18 | & ... | test.c:25:7:25:8 | p1 | provenance | | +| test.c:7:14:7:15 | l1 | test.c:7:13:7:18 | & ... | provenance | Config | +| test.c:8:13:8:18 | & ... | test.c:8:13:8:18 | & ... | provenance | | +| test.c:8:13:8:18 | & ... | test.c:11:12:11:13 | p2 | provenance | | +| test.c:8:13:8:18 | & ... | test.c:21:7:21:8 | p2 | provenance | | +| test.c:8:14:8:15 | l1 | test.c:8:13:8:18 | & ... | provenance | Config | +| test.c:9:13:9:18 | & ... | test.c:9:13:9:18 | & ... | provenance | | +| test.c:9:13:9:18 | & ... | test.c:21:12:21:13 | p3 | provenance | | +| test.c:9:14:9:15 | l2 | test.c:9:13:9:18 | & ... | provenance | Config | nodes | test.c:6:13:6:14 | l1 | semmle.label | l1 | +| test.c:6:13:6:14 | l1 | semmle.label | l1 | +| test.c:7:13:7:18 | & ... | semmle.label | & ... | +| test.c:7:13:7:18 | & ... | semmle.label | & ... | | test.c:7:14:7:15 | l1 | semmle.label | l1 | -| test.c:7:14:7:18 | access to array | semmle.label | access to array | +| test.c:8:13:8:18 | & ... | semmle.label | & ... | +| test.c:8:13:8:18 | & ... | semmle.label | & ... | | test.c:8:14:8:15 | l1 | semmle.label | l1 | -| test.c:8:14:8:18 | access to array | semmle.label | access to array | +| test.c:9:13:9:18 | & ... | semmle.label | & ... | +| test.c:9:13:9:18 | & ... | semmle.label | & ... | | test.c:9:14:9:15 | l2 | semmle.label | l2 | -| test.c:9:14:9:18 | access to array | semmle.label | access to array | | test.c:11:7:11:8 | p1 | semmle.label | p1 | | test.c:11:12:11:13 | p2 | semmle.label | p2 | | test.c:13:7:13:8 | p1 | semmle.label | p1 | diff --git a/cpp/common/src/codingstandards/cpp/rules/donotuserelationaloperatorswithdifferingarrays/DoNotUseRelationalOperatorsWithDifferingArrays.qll b/cpp/common/src/codingstandards/cpp/rules/donotuserelationaloperatorswithdifferingarrays/DoNotUseRelationalOperatorsWithDifferingArrays.qll index aa8fa29bfd..ca0aeb8618 100644 --- a/cpp/common/src/codingstandards/cpp/rules/donotuserelationaloperatorswithdifferingarrays/DoNotUseRelationalOperatorsWithDifferingArrays.qll +++ b/cpp/common/src/codingstandards/cpp/rules/donotuserelationaloperatorswithdifferingarrays/DoNotUseRelationalOperatorsWithDifferingArrays.qll @@ -7,7 +7,7 @@ import cpp import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import ArrayToRelationalOperationOperandFlow::PathGraph abstract class DoNotUseRelationalOperatorsWithDifferingArraysSharedQuery extends Query { } @@ -43,6 +43,8 @@ module ArrayToRelationalOperationOperandConfig implements DataFlow::ConfigSig { // Add a flow step from the base to the array expression to track pointers to elements of the array. exists(ArrayExpr e | e.getArrayBase() = pred.asExpr() and e = succ.asExpr()) } + + predicate isBarrierIn(DataFlow::Node node) { isSource(node) } } module ArrayToRelationalOperationOperandFlow = diff --git a/cpp/common/test/rules/donotuserelationaloperatorswithdifferingarrays/DoNotUseRelationalOperatorsWithDifferingArrays.expected b/cpp/common/test/rules/donotuserelationaloperatorswithdifferingarrays/DoNotUseRelationalOperatorsWithDifferingArrays.expected index cab80e0fe0..94210200fc 100644 --- a/cpp/common/test/rules/donotuserelationaloperatorswithdifferingarrays/DoNotUseRelationalOperatorsWithDifferingArrays.expected +++ b/cpp/common/test/rules/donotuserelationaloperatorswithdifferingarrays/DoNotUseRelationalOperatorsWithDifferingArrays.expected @@ -10,27 +10,35 @@ problems | test.cpp:25:7:25:14 | ... >= ... | test.cpp:7:14:7:15 | l1 | test.cpp:25:7:25:8 | p1 | Compare operation >= comparing left operand pointing to array $@ and other operand pointing to array $@. | test.cpp:2:7:2:8 | l1 | l1 | test.cpp:4:7:4:8 | l3 | l3 | | test.cpp:25:7:25:14 | ... >= ... | test.cpp:25:13:25:14 | l3 | test.cpp:25:13:25:14 | l3 | Compare operation >= comparing right operand pointing to array $@ and other operand pointing to array $@. | test.cpp:4:7:4:8 | l3 | l3 | test.cpp:2:7:2:8 | l1 | l1 | edges +| test.cpp:6:13:6:14 | l1 | test.cpp:6:13:6:14 | l1 | provenance | | | test.cpp:6:13:6:14 | l1 | test.cpp:13:12:13:13 | p0 | provenance | | -| test.cpp:7:14:7:15 | l1 | test.cpp:7:14:7:18 | access to array | provenance | Config | -| test.cpp:7:14:7:18 | access to array | test.cpp:11:7:11:8 | p1 | provenance | | -| test.cpp:7:14:7:18 | access to array | test.cpp:13:7:13:8 | p1 | provenance | | -| test.cpp:7:14:7:18 | access to array | test.cpp:15:13:15:14 | p1 | provenance | | -| test.cpp:7:14:7:18 | access to array | test.cpp:17:7:17:8 | p1 | provenance | | -| test.cpp:7:14:7:18 | access to array | test.cpp:23:13:23:14 | p1 | provenance | | -| test.cpp:7:14:7:18 | access to array | test.cpp:25:7:25:8 | p1 | provenance | | -| test.cpp:8:14:8:15 | l1 | test.cpp:8:14:8:18 | access to array | provenance | Config | -| test.cpp:8:14:8:18 | access to array | test.cpp:11:12:11:13 | p2 | provenance | | -| test.cpp:8:14:8:18 | access to array | test.cpp:21:7:21:8 | p2 | provenance | | -| test.cpp:9:14:9:15 | l2 | test.cpp:9:14:9:18 | access to array | provenance | Config | -| test.cpp:9:14:9:18 | access to array | test.cpp:21:12:21:13 | p3 | provenance | | +| test.cpp:7:13:7:18 | & ... | test.cpp:7:13:7:18 | & ... | provenance | | +| test.cpp:7:13:7:18 | & ... | test.cpp:11:7:11:8 | p1 | provenance | | +| test.cpp:7:13:7:18 | & ... | test.cpp:13:7:13:8 | p1 | provenance | | +| test.cpp:7:13:7:18 | & ... | test.cpp:15:13:15:14 | p1 | provenance | | +| test.cpp:7:13:7:18 | & ... | test.cpp:17:7:17:8 | p1 | provenance | | +| test.cpp:7:13:7:18 | & ... | test.cpp:23:13:23:14 | p1 | provenance | | +| test.cpp:7:13:7:18 | & ... | test.cpp:25:7:25:8 | p1 | provenance | | +| test.cpp:7:14:7:15 | l1 | test.cpp:7:13:7:18 | & ... | provenance | Config | +| test.cpp:8:13:8:18 | & ... | test.cpp:8:13:8:18 | & ... | provenance | | +| test.cpp:8:13:8:18 | & ... | test.cpp:11:12:11:13 | p2 | provenance | | +| test.cpp:8:13:8:18 | & ... | test.cpp:21:7:21:8 | p2 | provenance | | +| test.cpp:8:14:8:15 | l1 | test.cpp:8:13:8:18 | & ... | provenance | Config | +| test.cpp:9:13:9:18 | & ... | test.cpp:9:13:9:18 | & ... | provenance | | +| test.cpp:9:13:9:18 | & ... | test.cpp:21:12:21:13 | p3 | provenance | | +| test.cpp:9:14:9:15 | l2 | test.cpp:9:13:9:18 | & ... | provenance | Config | nodes | test.cpp:6:13:6:14 | l1 | semmle.label | l1 | +| test.cpp:6:13:6:14 | l1 | semmle.label | l1 | +| test.cpp:7:13:7:18 | & ... | semmle.label | & ... | +| test.cpp:7:13:7:18 | & ... | semmle.label | & ... | | test.cpp:7:14:7:15 | l1 | semmle.label | l1 | -| test.cpp:7:14:7:18 | access to array | semmle.label | access to array | +| test.cpp:8:13:8:18 | & ... | semmle.label | & ... | +| test.cpp:8:13:8:18 | & ... | semmle.label | & ... | | test.cpp:8:14:8:15 | l1 | semmle.label | l1 | -| test.cpp:8:14:8:18 | access to array | semmle.label | access to array | +| test.cpp:9:13:9:18 | & ... | semmle.label | & ... | +| test.cpp:9:13:9:18 | & ... | semmle.label | & ... | | test.cpp:9:14:9:15 | l2 | semmle.label | l2 | -| test.cpp:9:14:9:18 | access to array | semmle.label | access to array | | test.cpp:11:7:11:8 | p1 | semmle.label | p1 | | test.cpp:11:12:11:13 | p2 | semmle.label | p2 | | test.cpp:13:7:13:8 | p1 | semmle.label | p1 | From b6d3b33b622db40383df672235b6409a2739017d Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Thu, 21 Aug 2025 15:19:27 +0200 Subject: [PATCH 078/104] Convert `DanglingCaptureWhenReturningLambdaObject` to the new dataflow library Note that this removes - what seems to be - a duplicated test result. --- .../DanglingCaptureWhenReturningLambdaObject.qll | 11 +++++++++-- .../DanglingCaptureWhenReturningLambdaObject.expected | 1 - 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/cpp/common/src/codingstandards/cpp/rules/danglingcapturewhenreturninglambdaobject/DanglingCaptureWhenReturningLambdaObject.qll b/cpp/common/src/codingstandards/cpp/rules/danglingcapturewhenreturninglambdaobject/DanglingCaptureWhenReturningLambdaObject.qll index 4ab01520f6..85fc15c565 100644 --- a/cpp/common/src/codingstandards/cpp/rules/danglingcapturewhenreturninglambdaobject/DanglingCaptureWhenReturningLambdaObject.qll +++ b/cpp/common/src/codingstandards/cpp/rules/danglingcapturewhenreturninglambdaobject/DanglingCaptureWhenReturningLambdaObject.qll @@ -5,7 +5,7 @@ */ import cpp -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions @@ -48,7 +48,14 @@ query predicate problems( not isExcluded(returnStmt, getQuery()) and lambda.getACapture() = danglingCapture and ( - DataFlow::localExprFlow(lambda, returnStmt.getExpr()) + returnStmt.getExpr() = lambda + or + exists(DataFlow::Node lambdaNode, DataFlow::Node returnNode | + lambdaNode.asExpr() = lambda and + returnNode.asIndirectExpr() = returnStmt.getExpr() + | + DataFlow::localFlow(lambdaNode, returnNode) + ) or // implement a rough heuristic to catch the results of constructors (such as std::function's) // which take an argument that has a dangling capture and flow to a return statement diff --git a/cpp/common/test/rules/danglingcapturewhenreturninglambdaobject/DanglingCaptureWhenReturningLambdaObject.expected b/cpp/common/test/rules/danglingcapturewhenreturninglambdaobject/DanglingCaptureWhenReturningLambdaObject.expected index 15fe8afa2f..a85d60399f 100644 --- a/cpp/common/test/rules/danglingcapturewhenreturninglambdaobject/DanglingCaptureWhenReturningLambdaObject.expected +++ b/cpp/common/test/rules/danglingcapturewhenreturninglambdaobject/DanglingCaptureWhenReturningLambdaObject.expected @@ -1,7 +1,6 @@ | test.cpp:6:3:6:12 | return ... | Returning lambda $@ with potentially dangling capture $@. | test.cpp:5:12:5:27 | [...](...){...} | object | test.cpp:5:21:5:21 | l1 | l1 | | test.cpp:17:5:17:36 | return ... | Returning lambda $@ with potentially dangling capture $@. | test.cpp:17:5:17:36 | [...](...){...} | object | test.cpp:17:27:17:27 | (captured this) | this | | test.cpp:27:5:27:17 | return ... | Returning lambda $@ with potentially dangling capture $@. | test.cpp:26:17:26:42 | [...](...){...} | object | test.cpp:26:33:26:33 | val | val | -| test.cpp:27:5:27:17 | return ... | Returning lambda $@ with potentially dangling capture $@. | test.cpp:26:18:26:42 | [...](...){...} | object | test.cpp:26:33:26:33 | val | val | | test.cpp:33:3:33:33 | return ... | Returning lambda $@ with potentially dangling capture $@. | test.cpp:33:3:33:33 | [...](...){...} | object | test.cpp:33:25:33:25 | i | i | | test.cpp:37:3:37:33 | return ... | Returning lambda $@ with potentially dangling capture $@. | test.cpp:37:3:37:33 | [...](...){...} | object | test.cpp:37:25:37:25 | i | i | | test.cpp:46:3:46:45 | return ... | Returning lambda $@ with potentially dangling capture $@. | test.cpp:46:11:46:43 | [...](...){...} | object | test.cpp:46:13:46:16 | data | data | From 890ee512da0dc1240b2025024ff5fbf97ef613df Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Thu, 21 Aug 2025 15:36:33 +0200 Subject: [PATCH 079/104] Update `DanglingCaptureWhenMovingLambdaObject` to the new dataflow library --- .../DanglingCaptureWhenMovingLambdaObject.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/common/src/codingstandards/cpp/rules/danglingcapturewhenmovinglambdaobject/DanglingCaptureWhenMovingLambdaObject.qll b/cpp/common/src/codingstandards/cpp/rules/danglingcapturewhenmovinglambdaobject/DanglingCaptureWhenMovingLambdaObject.qll index 902d0ecf1f..b81e41f256 100644 --- a/cpp/common/src/codingstandards/cpp/rules/danglingcapturewhenmovinglambdaobject/DanglingCaptureWhenMovingLambdaObject.qll +++ b/cpp/common/src/codingstandards/cpp/rules/danglingcapturewhenmovinglambdaobject/DanglingCaptureWhenMovingLambdaObject.qll @@ -5,7 +5,7 @@ */ import cpp -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions import codingstandards.cpp.Expr From 318498a3de47c616d86888d8a21d0cbf1e1586ec Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Thu, 21 Aug 2025 20:36:03 +0200 Subject: [PATCH 080/104] Update `ConstLikeReturnValue` to the new dataflow library Note that there's a small issue here where the dataflow library causes one of the results to get duplicated. --- .../ConstLikeReturnValue.expected | 19 ++++++++++++++----- .../ConstLikeReturnValue.qll | 2 +- .../ConstLikeReturnValue.expected | 19 ++++++++++++++----- 3 files changed, 29 insertions(+), 11 deletions(-) diff --git a/c/common/test/rules/constlikereturnvalue/ConstLikeReturnValue.expected b/c/common/test/rules/constlikereturnvalue/ConstLikeReturnValue.expected index d7dfc6c13f..afbb275c6c 100644 --- a/c/common/test/rules/constlikereturnvalue/ConstLikeReturnValue.expected +++ b/c/common/test/rules/constlikereturnvalue/ConstLikeReturnValue.expected @@ -1,20 +1,29 @@ problems -| test.c:11:8:11:12 | c_str | test.c:18:16:18:21 | call to getenv | test.c:11:8:11:12 | c_str | The object returned by the function getenv should not be modified. | +| test.c:11:7:11:12 | * ... | test.c:18:16:18:21 | call to getenv | test.c:11:7:11:12 | * ... | The object returned by the function getenv should not be modified. | +| test.c:11:8:11:12 | c_str | test.c:18:16:18:21 | call to getenv | test.c:11:7:11:12 | * ... | The object returned by the function getenv should not be modified. | | test.c:67:5:67:9 | conv4 | test.c:64:11:64:20 | call to localeconv | test.c:67:5:67:9 | conv4 | The object returned by the function localeconv should not be modified. | | test.c:76:5:76:8 | conv | test.c:72:25:72:34 | call to localeconv | test.c:76:5:76:8 | conv | The object returned by the function localeconv should not be modified. | edges -| test.c:8:18:8:22 | c_str | test.c:11:8:11:12 | c_str | provenance | | +| test.c:8:18:8:22 | c_str | test.c:11:7:11:12 | * ... | provenance | | +| test.c:18:16:18:21 | call to getenv | test.c:18:16:18:21 | call to getenv | provenance | | | test.c:18:16:18:21 | call to getenv | test.c:24:9:24:12 | env1 | provenance | | | test.c:24:9:24:12 | env1 | test.c:8:18:8:22 | c_str | provenance | | -| test.c:64:11:64:20 | call to localeconv | test.c:67:5:67:9 | conv4 | provenance | | -| test.c:72:25:72:34 | call to localeconv | test.c:76:5:76:8 | conv | provenance | | +| test.c:64:3:64:22 | ... = ... | test.c:67:5:67:9 | conv4 | provenance | | +| test.c:64:11:64:20 | call to localeconv | test.c:64:3:64:22 | ... = ... | provenance | | +| test.c:72:25:72:34 | call to localeconv | test.c:72:25:72:34 | call to localeconv | provenance | | +| test.c:72:25:72:34 | call to localeconv | test.c:73:24:73:28 | conv4 | provenance | | +| test.c:73:24:73:28 | conv4 | test.c:76:5:76:8 | conv | provenance | | nodes | test.c:8:18:8:22 | c_str | semmle.label | c_str | -| test.c:11:8:11:12 | c_str | semmle.label | c_str | +| test.c:11:7:11:12 | * ... | semmle.label | * ... | +| test.c:18:16:18:21 | call to getenv | semmle.label | call to getenv | | test.c:18:16:18:21 | call to getenv | semmle.label | call to getenv | | test.c:24:9:24:12 | env1 | semmle.label | env1 | +| test.c:64:3:64:22 | ... = ... | semmle.label | ... = ... | | test.c:64:11:64:20 | call to localeconv | semmle.label | call to localeconv | | test.c:67:5:67:9 | conv4 | semmle.label | conv4 | | test.c:72:25:72:34 | call to localeconv | semmle.label | call to localeconv | +| test.c:72:25:72:34 | call to localeconv | semmle.label | call to localeconv | +| test.c:73:24:73:28 | conv4 | semmle.label | conv4 | | test.c:76:5:76:8 | conv | semmle.label | conv | subpaths diff --git a/cpp/common/src/codingstandards/cpp/rules/constlikereturnvalue/ConstLikeReturnValue.qll b/cpp/common/src/codingstandards/cpp/rules/constlikereturnvalue/ConstLikeReturnValue.qll index a366991714..d17cd560bb 100644 --- a/cpp/common/src/codingstandards/cpp/rules/constlikereturnvalue/ConstLikeReturnValue.qll +++ b/cpp/common/src/codingstandards/cpp/rules/constlikereturnvalue/ConstLikeReturnValue.qll @@ -8,7 +8,7 @@ import cpp import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import DFFlow::PathGraph abstract class ConstLikeReturnValueSharedQuery extends Query { } diff --git a/cpp/common/test/rules/constlikereturnvalue/ConstLikeReturnValue.expected b/cpp/common/test/rules/constlikereturnvalue/ConstLikeReturnValue.expected index 2caa0d197c..dbbff59c9f 100644 --- a/cpp/common/test/rules/constlikereturnvalue/ConstLikeReturnValue.expected +++ b/cpp/common/test/rules/constlikereturnvalue/ConstLikeReturnValue.expected @@ -1,20 +1,29 @@ problems -| test.cpp:11:8:11:12 | c_str | test.cpp:18:16:18:21 | call to getenv | test.cpp:11:8:11:12 | c_str | The object returned by the function getenv should not be modified. | +| test.cpp:11:7:11:12 | * ... | test.cpp:18:16:18:21 | call to getenv | test.cpp:11:7:11:12 | * ... | The object returned by the function getenv should not be modified. | +| test.cpp:11:8:11:12 | c_str | test.cpp:18:16:18:21 | call to getenv | test.cpp:11:7:11:12 | * ... | The object returned by the function getenv should not be modified. | | test.cpp:67:5:67:9 | conv4 | test.cpp:64:11:64:20 | call to localeconv | test.cpp:67:5:67:9 | conv4 | The object returned by the function localeconv should not be modified. | | test.cpp:76:5:76:8 | conv | test.cpp:72:25:72:34 | call to localeconv | test.cpp:76:5:76:8 | conv | The object returned by the function localeconv should not be modified. | edges -| test.cpp:8:18:8:22 | c_str | test.cpp:11:8:11:12 | c_str | provenance | | +| test.cpp:8:18:8:22 | c_str | test.cpp:11:7:11:12 | * ... | provenance | | +| test.cpp:18:16:18:21 | call to getenv | test.cpp:18:16:18:21 | call to getenv | provenance | | | test.cpp:18:16:18:21 | call to getenv | test.cpp:24:9:24:12 | env1 | provenance | | | test.cpp:24:9:24:12 | env1 | test.cpp:8:18:8:22 | c_str | provenance | | -| test.cpp:64:11:64:20 | call to localeconv | test.cpp:67:5:67:9 | conv4 | provenance | | -| test.cpp:72:25:72:34 | call to localeconv | test.cpp:76:5:76:8 | conv | provenance | | +| test.cpp:64:3:64:22 | ... = ... | test.cpp:67:5:67:9 | conv4 | provenance | | +| test.cpp:64:11:64:20 | call to localeconv | test.cpp:64:3:64:22 | ... = ... | provenance | | +| test.cpp:72:25:72:34 | call to localeconv | test.cpp:72:25:72:34 | call to localeconv | provenance | | +| test.cpp:72:25:72:34 | call to localeconv | test.cpp:73:24:73:28 | conv4 | provenance | | +| test.cpp:73:24:73:28 | conv4 | test.cpp:76:5:76:8 | conv | provenance | | nodes | test.cpp:8:18:8:22 | c_str | semmle.label | c_str | -| test.cpp:11:8:11:12 | c_str | semmle.label | c_str | +| test.cpp:11:7:11:12 | * ... | semmle.label | * ... | +| test.cpp:18:16:18:21 | call to getenv | semmle.label | call to getenv | | test.cpp:18:16:18:21 | call to getenv | semmle.label | call to getenv | | test.cpp:24:9:24:12 | env1 | semmle.label | env1 | +| test.cpp:64:3:64:22 | ... = ... | semmle.label | ... = ... | | test.cpp:64:11:64:20 | call to localeconv | semmle.label | call to localeconv | | test.cpp:67:5:67:9 | conv4 | semmle.label | conv4 | | test.cpp:72:25:72:34 | call to localeconv | semmle.label | call to localeconv | +| test.cpp:72:25:72:34 | call to localeconv | semmle.label | call to localeconv | +| test.cpp:73:24:73:28 | conv4 | semmle.label | conv4 | | test.cpp:76:5:76:8 | conv | semmle.label | conv | subpaths From 35fbfad89d2a786f9019252d5ea8f0ff0413093d Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Thu, 21 Aug 2025 20:45:26 +0200 Subject: [PATCH 081/104] Remove redundant dataflow import --- .../BasicStringMayNotBeNullTerminated.qll | 1 - 1 file changed, 1 deletion(-) diff --git a/cpp/common/src/codingstandards/cpp/rules/basicstringmaynotbenullterminated/BasicStringMayNotBeNullTerminated.qll b/cpp/common/src/codingstandards/cpp/rules/basicstringmaynotbenullterminated/BasicStringMayNotBeNullTerminated.qll index e27f09fd98..c73e77ef2a 100644 --- a/cpp/common/src/codingstandards/cpp/rules/basicstringmaynotbenullterminated/BasicStringMayNotBeNullTerminated.qll +++ b/cpp/common/src/codingstandards/cpp/rules/basicstringmaynotbenullterminated/BasicStringMayNotBeNullTerminated.qll @@ -8,7 +8,6 @@ import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions import semmle.code.cpp.security.BufferWrite import semmle.code.cpp.commons.Buffer -import semmle.code.cpp.dataflow.DataFlow import semmle.code.cpp.dataflow.TaintTracking import codingstandards.cpp.PossiblyUnsafeStringOperation From 90496ba9d6250799dda0259329b6d3f615aa02fe Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Thu, 21 Aug 2025 22:47:05 +0200 Subject: [PATCH 082/104] Convert `BasicStringMayNotBeNullTerminated` to the new dataflow library --- .../BasicStringMayNotBeNullTerminated.qll | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/cpp/common/src/codingstandards/cpp/rules/basicstringmaynotbenullterminated/BasicStringMayNotBeNullTerminated.qll b/cpp/common/src/codingstandards/cpp/rules/basicstringmaynotbenullterminated/BasicStringMayNotBeNullTerminated.qll index c73e77ef2a..ad24101379 100644 --- a/cpp/common/src/codingstandards/cpp/rules/basicstringmaynotbenullterminated/BasicStringMayNotBeNullTerminated.qll +++ b/cpp/common/src/codingstandards/cpp/rules/basicstringmaynotbenullterminated/BasicStringMayNotBeNullTerminated.qll @@ -8,7 +8,7 @@ import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions import semmle.code.cpp.security.BufferWrite import semmle.code.cpp.commons.Buffer -import semmle.code.cpp.dataflow.TaintTracking +import semmle.code.cpp.dataflow.new.TaintTracking import codingstandards.cpp.PossiblyUnsafeStringOperation abstract class BasicStringMayNotBeNullTerminatedSharedQuery extends Query { } @@ -39,8 +39,13 @@ query predicate problems(BasicStringConstructorCall cc, string message) { // a) is not a string literal not arg instanceof StringLiteral and // b) may exist in a dataflow from an unsafe usage of a string function - exists(PossiblyUnsafeStringOperation op | - TaintTracking::localTaint(DataFlow::exprNode(op.getAnArgument()), DataFlow::exprNode(arg)) + exists( + PossiblyUnsafeStringOperation op, DataFlow::DefinitionByReferenceNode opNode, + DataFlow::Node argNode + | + opNode.asDefiningArgument() = op.getAnArgument() and argNode.asIndirectExpr() = arg + | + TaintTracking::localTaint(opNode, argNode) ) and message = "Construction of string object with possibly non-null terminated C-style string." ) From a9c527ab1dee556bc77119554e98d9725e7f56fd Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 18 Sep 2025 12:08:35 +0100 Subject: [PATCH 083/104] C++: Fix up queries after github/codeql#20485. --- .../EXP16-C/DoNotCompareFunctionPointersToConstantValues.ql | 2 +- .../rules/CTR55-CPP/DoNotUseAnAdditiveOperatorOnAnIterator.ql | 4 ++-- .../rules/MEM52-CPP/DetectAndHandleMemoryAllocationErrors.ql | 2 +- .../FunctionErroneousReturnValueNotTested.qll | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/c/cert/src/rules/EXP16-C/DoNotCompareFunctionPointersToConstantValues.ql b/c/cert/src/rules/EXP16-C/DoNotCompareFunctionPointersToConstantValues.ql index 5f347d817a..812d4d910b 100644 --- a/c/cert/src/rules/EXP16-C/DoNotCompareFunctionPointersToConstantValues.ql +++ b/c/cert/src/rules/EXP16-C/DoNotCompareFunctionPointersToConstantValues.ql @@ -51,7 +51,7 @@ class ExplicitComparison extends EffectivelyComparison, FinalComparisonOperation override FunctionExpr getFunctionExpr() { result = funcExpr } } -class ImplicitComparison extends EffectivelyComparison, GuardCondition { +class ImplicitComparison extends EffectivelyComparison, GuardCondition instanceof Expr { ImplicitComparison() { this instanceof FunctionExpr and not getParent() instanceof ComparisonOperation diff --git a/cpp/cert/src/rules/CTR55-CPP/DoNotUseAnAdditiveOperatorOnAnIterator.ql b/cpp/cert/src/rules/CTR55-CPP/DoNotUseAnAdditiveOperatorOnAnIterator.ql index 182f718f6f..697dfd6c89 100644 --- a/cpp/cert/src/rules/CTR55-CPP/DoNotUseAnAdditiveOperatorOnAnIterator.ql +++ b/cpp/cert/src/rules/CTR55-CPP/DoNotUseAnAdditiveOperatorOnAnIterator.ql @@ -78,8 +78,8 @@ predicate isUpperBoundEndCheckedIteratorAccess(IteratorSource source, ContainerI basicBlockOfIteratorAccess.contains(it) and //guard is comprised of end check and an iterator access DataFlow::localFlow(DataFlow::exprNode(referenceToOnePassedTheEndElement), - DataFlow::exprNode(upperBoundCheck.getChild(_))) and - upperBoundCheck.getChild(_) = checkedIteratorAccess and + DataFlow::exprNode(upperBoundCheck.(Expr).getChild(_))) and + upperBoundCheck.(Expr).getChild(_) = checkedIteratorAccess and //make sure its the same iterator being checked in the guard as accessed checkedIteratorAccess.getOwningContainer() = it.getOwningContainer() and //if its the end call itself (or its parts), make sure its the same container providing its end as giving the iterator diff --git a/cpp/cert/src/rules/MEM52-CPP/DetectAndHandleMemoryAllocationErrors.ql b/cpp/cert/src/rules/MEM52-CPP/DetectAndHandleMemoryAllocationErrors.ql index 90685f1c96..ac9281ee9d 100644 --- a/cpp/cert/src/rules/MEM52-CPP/DetectAndHandleMemoryAllocationErrors.ql +++ b/cpp/cert/src/rules/MEM52-CPP/DetectAndHandleMemoryAllocationErrors.ql @@ -63,7 +63,7 @@ class NoThrowAllocExprWrapperFunction extends Function { n.getEnclosingFunction() = this and DataFlow::localExprFlow(n, any(ReturnStmt rs).getExpr()) and // Not checked in this wrapper function - not exists(GuardCondition gc | DataFlow::localExprFlow(n, gc.getAChild*())) + not exists(GuardCondition gc | DataFlow::localExprFlow(n, gc.(Expr).getAChild*())) } /** Gets the underlying nothrow allocation ultimately being wrapped. */ diff --git a/cpp/common/src/codingstandards/cpp/rules/functionerroneousreturnvaluenottested/FunctionErroneousReturnValueNotTested.qll b/cpp/common/src/codingstandards/cpp/rules/functionerroneousreturnvaluenottested/FunctionErroneousReturnValueNotTested.qll index e7e25cf7b0..83907c609a 100644 --- a/cpp/common/src/codingstandards/cpp/rules/functionerroneousreturnvaluenottested/FunctionErroneousReturnValueNotTested.qll +++ b/cpp/common/src/codingstandards/cpp/rules/functionerroneousreturnvaluenottested/FunctionErroneousReturnValueNotTested.qll @@ -56,7 +56,7 @@ query predicate problems(FunctionCall fc, string message) { "vsnwprintf_s" ]) and not exists(GuardCondition gc | - DataFlow::localFlow(DataFlow::exprNode(fc), DataFlow::exprNode(gc.getAChild*())) + DataFlow::localFlow(DataFlow::exprNode(fc), DataFlow::exprNode(gc.(Expr).getAChild*())) ) and message = "Return value from " + fc.getTarget().getName() + " is not tested for errors." } From e30f5e7b14ad6dd8e051a5eaf90e5d47287f2538 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 2 Oct 2025 16:19:43 +0100 Subject: [PATCH 084/104] C++: Fix queries I forgot after merging github/codeql#20485. --- .../DoNotCompareFunctionPointersToConstantValues.ql | 3 ++- .../rules/A4-7-1/IntegerExpressionLeadToDataLoss.ql | 2 +- .../DetectAndHandleMemoryAllocationErrors.ql | 13 ++++++++++--- .../DetectAndHandleMemoryAllocationErrors.expected | 11 +++++------ .../FunctionErroneousReturnValueNotTested.qll | 4 +--- .../UnsignedOperationWithConstantOperandsWraps.qll | 2 +- 6 files changed, 20 insertions(+), 15 deletions(-) diff --git a/c/cert/src/rules/EXP16-C/DoNotCompareFunctionPointersToConstantValues.ql b/c/cert/src/rules/EXP16-C/DoNotCompareFunctionPointersToConstantValues.ql index 812d4d910b..a74d88edbc 100644 --- a/c/cert/src/rules/EXP16-C/DoNotCompareFunctionPointersToConstantValues.ql +++ b/c/cert/src/rules/EXP16-C/DoNotCompareFunctionPointersToConstantValues.ql @@ -53,8 +53,9 @@ class ExplicitComparison extends EffectivelyComparison, FinalComparisonOperation class ImplicitComparison extends EffectivelyComparison, GuardCondition instanceof Expr { ImplicitComparison() { + this.valueControlsEdge(_, _, _) and this instanceof FunctionExpr and - not getParent() instanceof ComparisonOperation + not super.getParent() instanceof ComparisonOperation } override string getExplanation() { result = "$@ undergoes implicit constant comparison." } diff --git a/cpp/autosar/src/rules/A4-7-1/IntegerExpressionLeadToDataLoss.ql b/cpp/autosar/src/rules/A4-7-1/IntegerExpressionLeadToDataLoss.ql index a6d7abc456..a93796e150 100644 --- a/cpp/autosar/src/rules/A4-7-1/IntegerExpressionLeadToDataLoss.ql +++ b/cpp/autosar/src/rules/A4-7-1/IntegerExpressionLeadToDataLoss.ql @@ -23,7 +23,7 @@ from InterestingOverflowingOperation e where not isExcluded(e, IntegerConversionPackage::integerExpressionLeadToDataLossQuery()) and // Not within a guard condition - not exists(GuardCondition gc | gc.getAChild*() = e) and + not e.getParent*().(GuardCondition).valueControlsEdge(_, _, _) and // Not guarded by a check, where the check is not an invalid overflow check not e.hasValidPreCheck() and // Covered by `IntMultToLong.ql` instead diff --git a/cpp/cert/src/rules/MEM52-CPP/DetectAndHandleMemoryAllocationErrors.ql b/cpp/cert/src/rules/MEM52-CPP/DetectAndHandleMemoryAllocationErrors.ql index ac9281ee9d..79ff7a08a2 100644 --- a/cpp/cert/src/rules/MEM52-CPP/DetectAndHandleMemoryAllocationErrors.ql +++ b/cpp/cert/src/rules/MEM52-CPP/DetectAndHandleMemoryAllocationErrors.ql @@ -62,8 +62,13 @@ class NoThrowAllocExprWrapperFunction extends Function { NoThrowAllocExprWrapperFunction() { n.getEnclosingFunction() = this and DataFlow::localExprFlow(n, any(ReturnStmt rs).getExpr()) and - // Not checked in this wrapper function - not exists(GuardCondition gc | DataFlow::localExprFlow(n, gc.(Expr).getAChild*())) + // Not checked in this wrapper function. That is, the allocation is not a + // guard condition which guards something inside the function. + not exists(BasicBlock bb | + pragma[only_bind_out](bb.getEnclosingFunction()) = + pragma[only_bind_out](n.getEnclosingFunction()) and + n.(GuardCondition).valueControlsEdge(bb, _, _) + ) } /** Gets the underlying nothrow allocation ultimately being wrapped. */ @@ -84,7 +89,9 @@ module NoThrowNewErrorCheckConfig implements DataFlow::ConfigSig { source.asExpr() instanceof NotWrappedNoThrowAllocExpr } - predicate isSink(DataFlow::Node sink) { sink.asExpr() = any(GuardCondition gc).getAChild*() } + predicate isSink(DataFlow::Node sink) { + sink.asExpr().(GuardCondition).valueControlsEdge(_, _, _) + } } module NoThrowNewErrorCheckFlow = DataFlow::Global; diff --git a/cpp/cert/test/rules/MEM52-CPP/DetectAndHandleMemoryAllocationErrors.expected b/cpp/cert/test/rules/MEM52-CPP/DetectAndHandleMemoryAllocationErrors.expected index 41fa58045f..45b75e6123 100644 --- a/cpp/cert/test/rules/MEM52-CPP/DetectAndHandleMemoryAllocationErrors.expected +++ b/cpp/cert/test/rules/MEM52-CPP/DetectAndHandleMemoryAllocationErrors.expected @@ -1,9 +1,8 @@ WARNING: module 'DataFlow' has been deprecated and may be removed in future (DetectAndHandleMemoryAllocationErrors.ql:64,5-13) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DetectAndHandleMemoryAllocationErrors.ql:66,36-44) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DetectAndHandleMemoryAllocationErrors.ql:82,46-54) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DetectAndHandleMemoryAllocationErrors.ql:83,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DetectAndHandleMemoryAllocationErrors.ql:87,20-28) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DetectAndHandleMemoryAllocationErrors.ql:90,35-43) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DetectAndHandleMemoryAllocationErrors.ql:95,38-46) +WARNING: module 'DataFlow' has been deprecated and may be removed in future (DetectAndHandleMemoryAllocationErrors.ql:86,46-54) +WARNING: module 'DataFlow' has been deprecated and may be removed in future (DetectAndHandleMemoryAllocationErrors.ql:87,22-30) +WARNING: module 'DataFlow' has been deprecated and may be removed in future (DetectAndHandleMemoryAllocationErrors.ql:91,20-28) +WARNING: module 'DataFlow' has been deprecated and may be removed in future (DetectAndHandleMemoryAllocationErrors.ql:96,35-43) +WARNING: module 'DataFlow' has been deprecated and may be removed in future (DetectAndHandleMemoryAllocationErrors.ql:101,38-46) | test.cpp:24:7:24:34 | new | nothrow new allocation of $@ returns here without a subsequent check to see whether the pointer is valid. | test.cpp:24:7:24:34 | new | StructA * | | test.cpp:40:17:40:38 | call to allocate_without_check | nothrow new allocation of $@ returns here without a subsequent check to see whether the pointer is valid. | test.cpp:35:17:35:44 | new | StructA * | diff --git a/cpp/common/src/codingstandards/cpp/rules/functionerroneousreturnvaluenottested/FunctionErroneousReturnValueNotTested.qll b/cpp/common/src/codingstandards/cpp/rules/functionerroneousreturnvaluenottested/FunctionErroneousReturnValueNotTested.qll index 83907c609a..1b130dc187 100644 --- a/cpp/common/src/codingstandards/cpp/rules/functionerroneousreturnvaluenottested/FunctionErroneousReturnValueNotTested.qll +++ b/cpp/common/src/codingstandards/cpp/rules/functionerroneousreturnvaluenottested/FunctionErroneousReturnValueNotTested.qll @@ -55,8 +55,6 @@ query predicate problems(FunctionCall fc, string message) { "vwprintf", "vfwprintf", "vswprintf", "vwprintf_s", "vfwprintf_s", "vswprintf_s", "vsnwprintf_s" ]) and - not exists(GuardCondition gc | - DataFlow::localFlow(DataFlow::exprNode(fc), DataFlow::exprNode(gc.(Expr).getAChild*())) - ) and + not fc.(GuardCondition).valueControlsEdge(_, _, _) and message = "Return value from " + fc.getTarget().getName() + " is not tested for errors." } diff --git a/cpp/common/src/codingstandards/cpp/rules/unsignedoperationwithconstantoperandswraps/UnsignedOperationWithConstantOperandsWraps.qll b/cpp/common/src/codingstandards/cpp/rules/unsignedoperationwithconstantoperandswraps/UnsignedOperationWithConstantOperandsWraps.qll index bc0c6d8fc1..98171b4e16 100644 --- a/cpp/common/src/codingstandards/cpp/rules/unsignedoperationwithconstantoperandswraps/UnsignedOperationWithConstantOperandsWraps.qll +++ b/cpp/common/src/codingstandards/cpp/rules/unsignedoperationwithconstantoperandswraps/UnsignedOperationWithConstantOperandsWraps.qll @@ -18,7 +18,7 @@ query predicate problems(InterestingOverflowingOperation op, string message) { not isExcluded(op, getQuery()) and op.getType().getUnderlyingType().(IntegralType).isUnsigned() and // Not within a guard condition - not exists(GuardCondition gc | gc.getAChild*() = op) and + not op.getParent*().(GuardCondition).valueControlsEdge(_, _, _) and // Not guarded by a check, where the check is not an invalid overflow check not op.hasValidPreCheck() and // Is not checked after the operation From 164d2f4bbb672842c15d9392be3071571cb2941e Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 2 Oct 2025 16:40:35 +0100 Subject: [PATCH 085/104] C++: Accept line number changes in .expected file. --- .../DetectAndHandleMemoryAllocationErrors.expected | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/cpp/cert/test/rules/MEM52-CPP/DetectAndHandleMemoryAllocationErrors.expected b/cpp/cert/test/rules/MEM52-CPP/DetectAndHandleMemoryAllocationErrors.expected index 45b75e6123..ec11edcd2b 100644 --- a/cpp/cert/test/rules/MEM52-CPP/DetectAndHandleMemoryAllocationErrors.expected +++ b/cpp/cert/test/rules/MEM52-CPP/DetectAndHandleMemoryAllocationErrors.expected @@ -1,8 +1,8 @@ WARNING: module 'DataFlow' has been deprecated and may be removed in future (DetectAndHandleMemoryAllocationErrors.ql:64,5-13) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DetectAndHandleMemoryAllocationErrors.ql:86,46-54) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DetectAndHandleMemoryAllocationErrors.ql:87,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DetectAndHandleMemoryAllocationErrors.ql:91,20-28) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DetectAndHandleMemoryAllocationErrors.ql:96,35-43) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DetectAndHandleMemoryAllocationErrors.ql:101,38-46) +WARNING: module 'DataFlow' has been deprecated and may be removed in future (DetectAndHandleMemoryAllocationErrors.ql:87,46-54) +WARNING: module 'DataFlow' has been deprecated and may be removed in future (DetectAndHandleMemoryAllocationErrors.ql:88,22-30) +WARNING: module 'DataFlow' has been deprecated and may be removed in future (DetectAndHandleMemoryAllocationErrors.ql:92,20-28) +WARNING: module 'DataFlow' has been deprecated and may be removed in future (DetectAndHandleMemoryAllocationErrors.ql:97,35-43) +WARNING: module 'DataFlow' has been deprecated and may be removed in future (DetectAndHandleMemoryAllocationErrors.ql:102,38-46) | test.cpp:24:7:24:34 | new | nothrow new allocation of $@ returns here without a subsequent check to see whether the pointer is valid. | test.cpp:24:7:24:34 | new | StructA * | | test.cpp:40:17:40:38 | call to allocate_without_check | nothrow new allocation of $@ returns here without a subsequent check to see whether the pointer is valid. | test.cpp:35:17:35:44 | new | StructA * | From 01898e92b5b6414e01899544e9b419658a8433f2 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Sat, 8 Nov 2025 16:19:03 +0100 Subject: [PATCH 086/104] Update expected test results With CodeQL 2.23.4 we recognize that the instantiation type was `uintptr_t`. --- cpp/misra/test/rules/RULE-8-2-8/PointerToIntegralCast.expected | 1 - cpp/misra/test/rules/RULE-8-2-8/test.cpp | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/cpp/misra/test/rules/RULE-8-2-8/PointerToIntegralCast.expected b/cpp/misra/test/rules/RULE-8-2-8/PointerToIntegralCast.expected index dd85d003c2..09911f0a7e 100644 --- a/cpp/misra/test/rules/RULE-8-2-8/PointerToIntegralCast.expected +++ b/cpp/misra/test/rules/RULE-8-2-8/PointerToIntegralCast.expected @@ -10,4 +10,3 @@ | test.cpp:77:13:77:46 | reinterpret_cast... | Cast of object pointer type to integral type 'int64_t' instead of 'std::uintptr_t' or 'std::intptr_t'. | test.cpp:77:13:77:46 | reinterpret_cast... | | | test.cpp:84:15:84:37 | reinterpret_cast... | Cast of object pointer type to integral type inside $@. | test.cpp:95:48:95:48 | definition of x | instantiation of class TestNonCompliantTemplateCast | | test.cpp:86:15:86:49 | reinterpret_cast... | Cast of object pointer type to integral type 'uint64_t' instead of 'std::uintptr_t' or 'std::intptr_t'. | test.cpp:86:15:86:49 | reinterpret_cast... | | -| test.cpp:91:23:91:45 | reinterpret_cast... | Cast of object pointer type to integral type inside $@. | test.cpp:96:3:96:35 | variable_template | reference to instantiated template variable variable_template | diff --git a/cpp/misra/test/rules/RULE-8-2-8/test.cpp b/cpp/misra/test/rules/RULE-8-2-8/test.cpp index 6b3dbd7685..8b11744add 100644 --- a/cpp/misra/test/rules/RULE-8-2-8/test.cpp +++ b/cpp/misra/test/rules/RULE-8-2-8/test.cpp @@ -88,7 +88,7 @@ template class TestNonCompliantTemplateCast { }; template -T variable_template = reinterpret_cast(g1); // NON_COMPLIANT +T variable_template = reinterpret_cast(g1); // COMPLIANT void test_instantiate_template() { test_non_compliant_template_cast(); From bee8bd0c9d53b39d198954eac34f33902b7a11bf Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Thu, 27 Nov 2025 14:26:00 +0100 Subject: [PATCH 087/104] Update expected test results after frontend update --- .../test/rules/RULE-14-3/ControllingExprInvariant.expected | 1 - c/misra/test/rules/RULE-14-3/test.c | 2 +- ...MemberObjectWithExternalOrInternalLinkageIsReused.expected | 4 ++-- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/c/misra/test/rules/RULE-14-3/ControllingExprInvariant.expected b/c/misra/test/rules/RULE-14-3/ControllingExprInvariant.expected index 3beb834f84..c03c04d6cc 100644 --- a/c/misra/test/rules/RULE-14-3/ControllingExprInvariant.expected +++ b/c/misra/test/rules/RULE-14-3/ControllingExprInvariant.expected @@ -5,4 +5,3 @@ | test.c:27:10:27:14 | ... < ... | Controlling expression in loop statement has an invariant value. | | test.c:37:3:37:6 | 1 | Controlling expression in conditional statement has an invariant value. | | test.c:38:3:38:3 | 1 | Controlling expression in conditional statement has an invariant value. | -| test.c:45:10:45:26 | ... && ... | Controlling expression in loop statement has an invariant value. | diff --git a/c/misra/test/rules/RULE-14-3/test.c b/c/misra/test/rules/RULE-14-3/test.c index ed8854afd2..94b10d36b0 100644 --- a/c/misra/test/rules/RULE-14-3/test.c +++ b/c/misra/test/rules/RULE-14-3/test.c @@ -42,6 +42,6 @@ void f5(bool b1) { void f6(int p1) { while (p1 < 10 && p1 > 12) { // NON_COMPLIANT[FALSE_NEGATIVE] } - while (1 == 0 && p1 > 12) { // NON_COMPLIANT + while (1 == 0 && p1 > 12) { // NON_COMPLIANT[FALSE_NEGATIVE] } } \ No newline at end of file diff --git a/cpp/autosar/test/rules/A2-10-5/IdentifierNameOfANonMemberObjectWithExternalOrInternalLinkageIsReused.expected b/cpp/autosar/test/rules/A2-10-5/IdentifierNameOfANonMemberObjectWithExternalOrInternalLinkageIsReused.expected index d6f496a3c6..b3284a9970 100644 --- a/cpp/autosar/test/rules/A2-10-5/IdentifierNameOfANonMemberObjectWithExternalOrInternalLinkageIsReused.expected +++ b/cpp/autosar/test/rules/A2-10-5/IdentifierNameOfANonMemberObjectWithExternalOrInternalLinkageIsReused.expected @@ -1,6 +1,6 @@ | test1a.cpp:2:12:2:13 | g1 | Identifier name of non-member object $@ reuses the identifier name of non-member object $@. | test1a.cpp:2:12:2:13 | g1 | g1 | test1b.cpp:2:12:2:13 | g1 | g1 | | test1a.cpp:6:12:6:13 | g3 | Identifier name of non-member object $@ reuses the identifier name of non-member object $@. | test1a.cpp:6:12:6:13 | g3 | g3 | test1b.cpp:6:12:6:13 | g3 | g3 | -| test1a.cpp:17:50:17:50 | number_two | Identifier name of non-member object $@ reuses the identifier name of non-member object $@. | test1a.cpp:17:50:17:50 | number_two | number_two | test1b.cpp:11:50:11:50 | number_two | number_two | +| test1a.cpp:17:39:17:48 | number_two | Identifier name of non-member object $@ reuses the identifier name of non-member object $@. | test1a.cpp:17:39:17:48 | number_two | number_two | test1b.cpp:11:39:11:48 | number_two | number_two | | test1b.cpp:2:12:2:13 | g1 | Identifier name of non-member object $@ reuses the identifier name of non-member object $@. | test1b.cpp:2:12:2:13 | g1 | g1 | test1a.cpp:2:12:2:13 | g1 | g1 | | test1b.cpp:6:12:6:13 | g3 | Identifier name of non-member object $@ reuses the identifier name of non-member object $@. | test1b.cpp:6:12:6:13 | g3 | g3 | test1a.cpp:6:12:6:13 | g3 | g3 | -| test1b.cpp:11:50:11:50 | number_two | Identifier name of non-member object $@ reuses the identifier name of non-member object $@. | test1b.cpp:11:50:11:50 | number_two | number_two | test1a.cpp:17:50:17:50 | number_two | number_two | +| test1b.cpp:11:39:11:48 | number_two | Identifier name of non-member object $@ reuses the identifier name of non-member object $@. | test1b.cpp:11:39:11:48 | number_two | number_two | test1a.cpp:17:39:17:48 | number_two | number_two | From 22438a26aaf302a0fd58789e75bd0e5be83f9483 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Thu, 8 Jan 2026 15:19:13 +0100 Subject: [PATCH 088/104] Fix test formatting --- .../test/rules/RULE-8-2-8/PointerToIntegralCast.expected | 4 ++-- cpp/misra/test/rules/RULE-8-2-8/test.cpp | 3 +-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/cpp/misra/test/rules/RULE-8-2-8/PointerToIntegralCast.expected b/cpp/misra/test/rules/RULE-8-2-8/PointerToIntegralCast.expected index 09911f0a7e..52431b750f 100644 --- a/cpp/misra/test/rules/RULE-8-2-8/PointerToIntegralCast.expected +++ b/cpp/misra/test/rules/RULE-8-2-8/PointerToIntegralCast.expected @@ -4,9 +4,9 @@ | test.cpp:50:13:50:45 | reinterpret_cast... | Cast of object pointer type to integral type 'size_t' instead of 'std::uintptr_t' or 'std::intptr_t'. | test.cpp:50:13:50:45 | reinterpret_cast... | | | test.cpp:55:13:55:43 | reinterpret_cast... | Cast of object pointer type to integral type 'hashPtr_t' instead of 'std::uintptr_t' or 'std::intptr_t'. | test.cpp:55:13:55:43 | reinterpret_cast... | | | test.cpp:60:13:60:42 | reinterpret_cast... | Cast of object pointer type to integral type 'MyIntPtr' instead of 'std::uintptr_t' or 'std::intptr_t'. | test.cpp:60:13:60:42 | reinterpret_cast... | | -| test.cpp:65:13:65:35 | reinterpret_cast... | Cast of object pointer type to integral type inside $@. | test.cpp:94:3:94:50 | call to test_non_compliant_template_cast | call to instantiated template f of test_non_compliant_template_cast | +| test.cpp:65:13:65:35 | reinterpret_cast... | Cast of object pointer type to integral type inside $@. | test.cpp:93:3:93:50 | call to test_non_compliant_template_cast | call to instantiated template f of test_non_compliant_template_cast | | test.cpp:67:13:67:47 | reinterpret_cast... | Cast of object pointer type to integral type 'uint64_t' instead of 'std::uintptr_t' or 'std::intptr_t'. | test.cpp:67:13:67:47 | reinterpret_cast... | | | test.cpp:72:13:72:47 | reinterpret_cast... | Cast of object pointer type to integral type 'uint64_t' instead of 'std::uintptr_t' or 'std::intptr_t'. | test.cpp:72:13:72:47 | reinterpret_cast... | | | test.cpp:77:13:77:46 | reinterpret_cast... | Cast of object pointer type to integral type 'int64_t' instead of 'std::uintptr_t' or 'std::intptr_t'. | test.cpp:77:13:77:46 | reinterpret_cast... | | -| test.cpp:84:15:84:37 | reinterpret_cast... | Cast of object pointer type to integral type inside $@. | test.cpp:95:48:95:48 | definition of x | instantiation of class TestNonCompliantTemplateCast | +| test.cpp:84:15:84:37 | reinterpret_cast... | Cast of object pointer type to integral type inside $@. | test.cpp:94:48:94:48 | definition of x | instantiation of class TestNonCompliantTemplateCast | | test.cpp:86:15:86:49 | reinterpret_cast... | Cast of object pointer type to integral type 'uint64_t' instead of 'std::uintptr_t' or 'std::intptr_t'. | test.cpp:86:15:86:49 | reinterpret_cast... | | diff --git a/cpp/misra/test/rules/RULE-8-2-8/test.cpp b/cpp/misra/test/rules/RULE-8-2-8/test.cpp index 8b11744add..aa6c83163d 100644 --- a/cpp/misra/test/rules/RULE-8-2-8/test.cpp +++ b/cpp/misra/test/rules/RULE-8-2-8/test.cpp @@ -87,8 +87,7 @@ template class TestNonCompliantTemplateCast { } }; -template -T variable_template = reinterpret_cast(g1); // COMPLIANT +template T variable_template = reinterpret_cast(g1); // COMPLIANT void test_instantiate_template() { test_non_compliant_template_cast(); From cad5be09ee06b8feec7002d2cda67956362a9b49 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Tue, 6 Jan 2026 16:23:19 +0100 Subject: [PATCH 089/104] Floating point decimal support has been removed from CodeQL --- c/common/src/codingstandards/c/Extensions.qll | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/c/common/src/codingstandards/c/Extensions.qll b/c/common/src/codingstandards/c/Extensions.qll index 4f16a1f09a..dc2618d5ba 100644 --- a/c/common/src/codingstandards/c/Extensions.qll +++ b/c/common/src/codingstandards/c/Extensions.qll @@ -120,12 +120,7 @@ class CTerseTernaryExtension extends CCompilerExtension, ConditionalExpr { // Reference: https://gcc.gnu.org/onlinedocs/gcc/_005f_005fint128.html#g_t_005f_005fint128 // Reference: https://gcc.gnu.org/onlinedocs/gcc/Decimal-Float.html#Decimal-Float class CRealTypeExtensionExtension extends CCompilerExtension, DeclarationEntry { - CRealTypeExtensionExtension() { - getType() instanceof Decimal128Type or - getType() instanceof Decimal32Type or - getType() instanceof Decimal64Type or - getType() instanceof Float128Type - } + CRealTypeExtensionExtension() { getType() instanceof Float128Type } override string getMessage() { result = "Decimal floats are a compiler extension and are not portable to other compilers." From e92d9c55c08188c005adf1871aeeb1d65bea5506 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 11 Feb 2026 20:01:49 +0000 Subject: [PATCH 090/104] C++: Accept test changes after github/codeql#21313. --- ...NegativeOrGreaterPrecisionOperand.expected | 112 ++++++++++-------- c/cert/test/rules/INT34-C/test.c | 8 +- 2 files changed, 64 insertions(+), 56 deletions(-) diff --git a/c/cert/test/rules/INT34-C/ExprShiftedbyNegativeOrGreaterPrecisionOperand.expected b/c/cert/test/rules/INT34-C/ExprShiftedbyNegativeOrGreaterPrecisionOperand.expected index dc92d0f1be..ca73e82c1d 100644 --- a/c/cert/test/rules/INT34-C/ExprShiftedbyNegativeOrGreaterPrecisionOperand.expected +++ b/c/cert/test/rules/INT34-C/ExprShiftedbyNegativeOrGreaterPrecisionOperand.expected @@ -8,9 +8,9 @@ | test.c:59:3:59:14 | ... << ... | The operand 'lhs0' is shifted by an expression 'rhs9' whose upper bound (32) is greater than or equal to the precision. | | test.c:61:3:61:15 | ... << ... | The operand 'lhs0' is shifted by an expression 'rhs10' whose upper bound (31) is greater than or equal to the precision. | | test.c:63:3:63:15 | ... << ... | The operand 'lhs0' is shifted by an expression 'rhs11' whose upper bound (31) is greater than or equal to the precision. | -| test.c:65:3:65:15 | ... << ... | The operand 'lhs0' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | -| test.c:67:3:67:15 | ... << ... | The operand 'lhs0' is shifted by an expression 'rhs13' whose upper bound (63) is greater than or equal to the precision. | -| test.c:69:3:69:15 | ... << ... | The operand 'lhs0' is shifted by an expression 'rhs14' whose upper bound (63) is greater than or equal to the precision. | +| test.c:65:3:65:15 | ... << ... | The operand 'lhs0' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | +| test.c:67:3:67:15 | ... << ... | The operand 'lhs0' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | +| test.c:69:3:69:15 | ... << ... | The operand 'lhs0' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | | test.c:71:3:71:14 | ... << ... | The operand 'lhs1' is shifted by an expression 'rhs0' whose upper bound (8) is greater than or equal to the precision. | | test.c:73:3:73:14 | ... << ... | The operand 'lhs1' is shifted by an expression 'rhs1' whose upper bound (7) is greater than or equal to the precision. | | test.c:75:3:75:14 | ... << ... | The operand 'lhs1' is shifted by an expression 'rhs2' whose upper bound (7) is greater than or equal to the precision. | @@ -23,9 +23,9 @@ | test.c:89:3:89:14 | ... << ... | The operand 'lhs1' is shifted by an expression 'rhs9' whose upper bound (32) is greater than or equal to the precision. | | test.c:91:3:91:15 | ... << ... | The operand 'lhs1' is shifted by an expression 'rhs10' whose upper bound (31) is greater than or equal to the precision. | | test.c:93:3:93:15 | ... << ... | The operand 'lhs1' is shifted by an expression 'rhs11' whose upper bound (31) is greater than or equal to the precision. | -| test.c:95:3:95:15 | ... << ... | The operand 'lhs1' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | -| test.c:97:3:97:15 | ... << ... | The operand 'lhs1' is shifted by an expression 'rhs13' whose upper bound (63) is greater than or equal to the precision. | -| test.c:99:3:99:15 | ... << ... | The operand 'lhs1' is shifted by an expression 'rhs14' whose upper bound (63) is greater than or equal to the precision. | +| test.c:95:3:95:15 | ... << ... | The operand 'lhs1' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | +| test.c:97:3:97:15 | ... << ... | The operand 'lhs1' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | +| test.c:99:3:99:15 | ... << ... | The operand 'lhs1' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | | test.c:134:3:134:14 | ... << ... | The operand 'lhs3' is shifted by an expression 'rhs3' whose upper bound (16) is greater than or equal to the precision. | | test.c:138:3:138:14 | ... << ... | The operand 'lhs3' is shifted by an expression 'rhs6' whose upper bound (32) is greater than or equal to the precision. | | test.c:140:3:140:14 | ... << ... | The operand 'lhs3' is shifted by an expression 'rhs7' whose upper bound (31) is greater than or equal to the precision. | @@ -33,9 +33,9 @@ | test.c:144:3:144:14 | ... << ... | The operand 'lhs3' is shifted by an expression 'rhs9' whose upper bound (32) is greater than or equal to the precision. | | test.c:146:3:146:15 | ... << ... | The operand 'lhs3' is shifted by an expression 'rhs10' whose upper bound (31) is greater than or equal to the precision. | | test.c:148:3:148:15 | ... << ... | The operand 'lhs3' is shifted by an expression 'rhs11' whose upper bound (31) is greater than or equal to the precision. | -| test.c:150:3:150:15 | ... << ... | The operand 'lhs3' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | -| test.c:152:3:152:15 | ... << ... | The operand 'lhs3' is shifted by an expression 'rhs13' whose upper bound (63) is greater than or equal to the precision. | -| test.c:154:3:154:15 | ... << ... | The operand 'lhs3' is shifted by an expression 'rhs14' whose upper bound (63) is greater than or equal to the precision. | +| test.c:150:3:150:15 | ... << ... | The operand 'lhs3' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | +| test.c:152:3:152:15 | ... << ... | The operand 'lhs3' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | +| test.c:154:3:154:15 | ... << ... | The operand 'lhs3' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | | test.c:159:3:159:14 | ... << ... | The operand 'lhs4' is shifted by an expression 'rhs3' whose upper bound (16) is greater than or equal to the precision. | | test.c:161:3:161:14 | ... << ... | The operand 'lhs4' is shifted by an expression 'rhs4' whose upper bound (15) is greater than or equal to the precision. | | test.c:163:3:163:14 | ... << ... | The operand 'lhs4' is shifted by an expression 'rhs5' whose upper bound (15) is greater than or equal to the precision. | @@ -45,31 +45,35 @@ | test.c:171:3:171:14 | ... << ... | The operand 'lhs4' is shifted by an expression 'rhs9' whose upper bound (32) is greater than or equal to the precision. | | test.c:173:3:173:15 | ... << ... | The operand 'lhs4' is shifted by an expression 'rhs10' whose upper bound (31) is greater than or equal to the precision. | | test.c:175:3:175:15 | ... << ... | The operand 'lhs4' is shifted by an expression 'rhs11' whose upper bound (31) is greater than or equal to the precision. | -| test.c:177:3:177:15 | ... << ... | The operand 'lhs4' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | -| test.c:179:3:179:15 | ... << ... | The operand 'lhs4' is shifted by an expression 'rhs13' whose upper bound (63) is greater than or equal to the precision. | -| test.c:181:3:181:15 | ... << ... | The operand 'lhs4' is shifted by an expression 'rhs14' whose upper bound (63) is greater than or equal to the precision. | +| test.c:177:3:177:15 | ... << ... | The operand 'lhs4' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | +| test.c:179:3:179:15 | ... << ... | The operand 'lhs4' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | +| test.c:181:3:181:15 | ... << ... | The operand 'lhs4' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | | test.c:216:3:216:14 | ... << ... | The operand 'lhs6' is shifted by an expression 'rhs6' whose upper bound (32) is greater than or equal to the precision. | | test.c:220:3:220:14 | ... << ... | The operand 'lhs6' is shifted by an expression 'rhs9' whose upper bound (32) is greater than or equal to the precision. | -| test.c:224:3:224:15 | ... << ... | The operand 'lhs6' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | -| test.c:226:3:226:15 | ... << ... | The operand 'lhs6' is shifted by an expression 'rhs13' whose upper bound (63) is greater than or equal to the precision. | -| test.c:228:3:228:15 | ... << ... | The operand 'lhs6' is shifted by an expression 'rhs14' whose upper bound (63) is greater than or equal to the precision. | +| test.c:224:3:224:15 | ... << ... | The operand 'lhs6' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | +| test.c:226:3:226:15 | ... << ... | The operand 'lhs6' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | +| test.c:228:3:228:15 | ... << ... | The operand 'lhs6' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | | test.c:236:3:236:14 | ... << ... | The operand 'lhs7' is shifted by an expression 'rhs6' whose upper bound (32) is greater than or equal to the precision. | | test.c:238:3:238:14 | ... << ... | The operand 'lhs7' is shifted by an expression 'rhs7' whose upper bound (31) is greater than or equal to the precision. | | test.c:240:3:240:14 | ... << ... | The operand 'lhs7' is shifted by an expression 'rhs8' whose upper bound (31) is greater than or equal to the precision. | | test.c:242:3:242:14 | ... << ... | The operand 'lhs7' is shifted by an expression 'rhs9' whose upper bound (32) is greater than or equal to the precision. | | test.c:244:3:244:15 | ... << ... | The operand 'lhs7' is shifted by an expression 'rhs10' whose upper bound (31) is greater than or equal to the precision. | | test.c:246:3:246:15 | ... << ... | The operand 'lhs7' is shifted by an expression 'rhs11' whose upper bound (31) is greater than or equal to the precision. | -| test.c:248:3:248:15 | ... << ... | The operand 'lhs7' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | -| test.c:250:3:250:15 | ... << ... | The operand 'lhs7' is shifted by an expression 'rhs13' whose upper bound (63) is greater than or equal to the precision. | -| test.c:252:3:252:15 | ... << ... | The operand 'lhs7' is shifted by an expression 'rhs14' whose upper bound (63) is greater than or equal to the precision. | -| test.c:292:3:292:15 | ... << ... | The operand 'lhs9' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | -| test.c:316:3:316:16 | ... << ... | The operand 'lhs10' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | -| test.c:318:3:318:16 | ... << ... | The operand 'lhs10' is shifted by an expression 'rhs13' whose upper bound (63) is greater than or equal to the precision. | -| test.c:320:3:320:16 | ... << ... | The operand 'lhs10' is shifted by an expression 'rhs14' whose upper bound (63) is greater than or equal to the precision. | -| test.c:358:3:358:16 | ... << ... | The operand 'lhs12' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | -| test.c:374:3:374:16 | ... << ... | The operand 'lhs13' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | -| test.c:376:3:376:16 | ... << ... | The operand 'lhs13' is shifted by an expression 'rhs13' whose upper bound (63) is greater than or equal to the precision. | -| test.c:378:3:378:16 | ... << ... | The operand 'lhs13' is shifted by an expression 'rhs14' whose upper bound (63) is greater than or equal to the precision. | +| test.c:248:3:248:15 | ... << ... | The operand 'lhs7' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | +| test.c:250:3:250:15 | ... << ... | The operand 'lhs7' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | +| test.c:252:3:252:15 | ... << ... | The operand 'lhs7' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | +| test.c:292:3:292:15 | ... << ... | The operand 'lhs9' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | +| test.c:294:3:294:15 | ... << ... | The operand 'lhs9' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | +| test.c:296:3:296:15 | ... << ... | The operand 'lhs9' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | +| test.c:316:3:316:16 | ... << ... | The operand 'lhs10' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | +| test.c:318:3:318:16 | ... << ... | The operand 'lhs10' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | +| test.c:320:3:320:16 | ... << ... | The operand 'lhs10' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | +| test.c:358:3:358:16 | ... << ... | The operand 'lhs12' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | +| test.c:360:3:360:16 | ... << ... | The operand 'lhs12' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | +| test.c:361:3:361:16 | ... << ... | The operand 'lhs12' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | +| test.c:374:3:374:16 | ... << ... | The operand 'lhs13' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | +| test.c:376:3:376:16 | ... << ... | The operand 'lhs13' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | +| test.c:378:3:378:16 | ... << ... | The operand 'lhs13' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | | test.c:1579:3:1580:10 | ... >> ... | The operand 'lhs0' is shifted by an expression 'rhs0' whose upper bound (8) is greater than or equal to the precision. | | test.c:1583:3:1584:10 | ... >> ... | The operand 'lhs0' is shifted by an expression 'rhs3' whose upper bound (16) is greater than or equal to the precision. | | test.c:1585:3:1586:10 | ... >> ... | The operand 'lhs0' is shifted by an expression 'rhs4' whose upper bound (15) is greater than or equal to the precision. | @@ -80,9 +84,9 @@ | test.c:1595:3:1596:10 | ... >> ... | The operand 'lhs0' is shifted by an expression 'rhs9' whose upper bound (32) is greater than or equal to the precision. | | test.c:1597:3:1597:15 | ... >> ... | The operand 'lhs0' is shifted by an expression 'rhs10' whose upper bound (31) is greater than or equal to the precision. | | test.c:1599:3:1599:15 | ... >> ... | The operand 'lhs0' is shifted by an expression 'rhs11' whose upper bound (31) is greater than or equal to the precision. | -| test.c:1601:3:1601:15 | ... >> ... | The operand 'lhs0' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | -| test.c:1603:3:1603:15 | ... >> ... | The operand 'lhs0' is shifted by an expression 'rhs13' whose upper bound (63) is greater than or equal to the precision. | -| test.c:1605:3:1605:15 | ... >> ... | The operand 'lhs0' is shifted by an expression 'rhs14' whose upper bound (63) is greater than or equal to the precision. | +| test.c:1601:3:1601:15 | ... >> ... | The operand 'lhs0' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | +| test.c:1603:3:1603:15 | ... >> ... | The operand 'lhs0' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | +| test.c:1605:3:1605:15 | ... >> ... | The operand 'lhs0' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | | test.c:1607:3:1608:10 | ... >> ... | The operand 'lhs1' is shifted by an expression 'rhs0' whose upper bound (8) is greater than or equal to the precision. | | test.c:1609:3:1610:10 | ... >> ... | The operand 'lhs1' is shifted by an expression 'rhs1' whose upper bound (7) is greater than or equal to the precision. | | test.c:1611:3:1612:10 | ... >> ... | The operand 'lhs1' is shifted by an expression 'rhs2' whose upper bound (7) is greater than or equal to the precision. | @@ -95,9 +99,9 @@ | test.c:1625:3:1626:10 | ... >> ... | The operand 'lhs1' is shifted by an expression 'rhs9' whose upper bound (32) is greater than or equal to the precision. | | test.c:1627:3:1627:15 | ... >> ... | The operand 'lhs1' is shifted by an expression 'rhs10' whose upper bound (31) is greater than or equal to the precision. | | test.c:1629:3:1629:15 | ... >> ... | The operand 'lhs1' is shifted by an expression 'rhs11' whose upper bound (31) is greater than or equal to the precision. | -| test.c:1631:3:1631:15 | ... >> ... | The operand 'lhs1' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | -| test.c:1633:3:1633:15 | ... >> ... | The operand 'lhs1' is shifted by an expression 'rhs13' whose upper bound (63) is greater than or equal to the precision. | -| test.c:1635:3:1635:15 | ... >> ... | The operand 'lhs1' is shifted by an expression 'rhs14' whose upper bound (63) is greater than or equal to the precision. | +| test.c:1631:3:1631:15 | ... >> ... | The operand 'lhs1' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | +| test.c:1633:3:1633:15 | ... >> ... | The operand 'lhs1' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | +| test.c:1635:3:1635:15 | ... >> ... | The operand 'lhs1' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | | test.c:1670:3:1671:10 | ... >> ... | The operand 'lhs3' is shifted by an expression 'rhs3' whose upper bound (16) is greater than or equal to the precision. | | test.c:1674:3:1675:10 | ... >> ... | The operand 'lhs3' is shifted by an expression 'rhs6' whose upper bound (32) is greater than or equal to the precision. | | test.c:1676:3:1677:10 | ... >> ... | The operand 'lhs3' is shifted by an expression 'rhs7' whose upper bound (31) is greater than or equal to the precision. | @@ -105,9 +109,9 @@ | test.c:1680:3:1681:10 | ... >> ... | The operand 'lhs3' is shifted by an expression 'rhs9' whose upper bound (32) is greater than or equal to the precision. | | test.c:1682:3:1682:15 | ... >> ... | The operand 'lhs3' is shifted by an expression 'rhs10' whose upper bound (31) is greater than or equal to the precision. | | test.c:1684:3:1684:15 | ... >> ... | The operand 'lhs3' is shifted by an expression 'rhs11' whose upper bound (31) is greater than or equal to the precision. | -| test.c:1686:3:1686:15 | ... >> ... | The operand 'lhs3' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | -| test.c:1688:3:1688:15 | ... >> ... | The operand 'lhs3' is shifted by an expression 'rhs13' whose upper bound (63) is greater than or equal to the precision. | -| test.c:1690:3:1690:15 | ... >> ... | The operand 'lhs3' is shifted by an expression 'rhs14' whose upper bound (63) is greater than or equal to the precision. | +| test.c:1686:3:1686:15 | ... >> ... | The operand 'lhs3' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | +| test.c:1688:3:1688:15 | ... >> ... | The operand 'lhs3' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | +| test.c:1690:3:1690:15 | ... >> ... | The operand 'lhs3' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | | test.c:1695:3:1696:10 | ... >> ... | The operand 'lhs4' is shifted by an expression 'rhs3' whose upper bound (16) is greater than or equal to the precision. | | test.c:1697:3:1698:10 | ... >> ... | The operand 'lhs4' is shifted by an expression 'rhs4' whose upper bound (15) is greater than or equal to the precision. | | test.c:1699:3:1700:10 | ... >> ... | The operand 'lhs4' is shifted by an expression 'rhs5' whose upper bound (15) is greater than or equal to the precision. | @@ -117,31 +121,35 @@ | test.c:1707:3:1708:10 | ... >> ... | The operand 'lhs4' is shifted by an expression 'rhs9' whose upper bound (32) is greater than or equal to the precision. | | test.c:1709:3:1709:15 | ... >> ... | The operand 'lhs4' is shifted by an expression 'rhs10' whose upper bound (31) is greater than or equal to the precision. | | test.c:1711:3:1711:15 | ... >> ... | The operand 'lhs4' is shifted by an expression 'rhs11' whose upper bound (31) is greater than or equal to the precision. | -| test.c:1713:3:1713:15 | ... >> ... | The operand 'lhs4' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | -| test.c:1715:3:1715:15 | ... >> ... | The operand 'lhs4' is shifted by an expression 'rhs13' whose upper bound (63) is greater than or equal to the precision. | -| test.c:1717:3:1717:15 | ... >> ... | The operand 'lhs4' is shifted by an expression 'rhs14' whose upper bound (63) is greater than or equal to the precision. | +| test.c:1713:3:1713:15 | ... >> ... | The operand 'lhs4' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | +| test.c:1715:3:1715:15 | ... >> ... | The operand 'lhs4' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | +| test.c:1717:3:1717:15 | ... >> ... | The operand 'lhs4' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | | test.c:1752:3:1753:10 | ... >> ... | The operand 'lhs6' is shifted by an expression 'rhs6' whose upper bound (32) is greater than or equal to the precision. | | test.c:1756:3:1757:10 | ... >> ... | The operand 'lhs6' is shifted by an expression 'rhs9' whose upper bound (32) is greater than or equal to the precision. | -| test.c:1760:3:1760:15 | ... >> ... | The operand 'lhs6' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | -| test.c:1762:3:1762:15 | ... >> ... | The operand 'lhs6' is shifted by an expression 'rhs13' whose upper bound (63) is greater than or equal to the precision. | -| test.c:1764:3:1764:15 | ... >> ... | The operand 'lhs6' is shifted by an expression 'rhs14' whose upper bound (63) is greater than or equal to the precision. | +| test.c:1760:3:1760:15 | ... >> ... | The operand 'lhs6' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | +| test.c:1762:3:1762:15 | ... >> ... | The operand 'lhs6' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | +| test.c:1764:3:1764:15 | ... >> ... | The operand 'lhs6' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | | test.c:1772:3:1773:10 | ... >> ... | The operand 'lhs7' is shifted by an expression 'rhs6' whose upper bound (32) is greater than or equal to the precision. | | test.c:1774:3:1775:10 | ... >> ... | The operand 'lhs7' is shifted by an expression 'rhs7' whose upper bound (31) is greater than or equal to the precision. | | test.c:1776:3:1777:10 | ... >> ... | The operand 'lhs7' is shifted by an expression 'rhs8' whose upper bound (31) is greater than or equal to the precision. | | test.c:1778:3:1779:10 | ... >> ... | The operand 'lhs7' is shifted by an expression 'rhs9' whose upper bound (32) is greater than or equal to the precision. | | test.c:1780:3:1780:15 | ... >> ... | The operand 'lhs7' is shifted by an expression 'rhs10' whose upper bound (31) is greater than or equal to the precision. | | test.c:1782:3:1782:15 | ... >> ... | The operand 'lhs7' is shifted by an expression 'rhs11' whose upper bound (31) is greater than or equal to the precision. | -| test.c:1784:3:1784:15 | ... >> ... | The operand 'lhs7' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | -| test.c:1786:3:1786:15 | ... >> ... | The operand 'lhs7' is shifted by an expression 'rhs13' whose upper bound (63) is greater than or equal to the precision. | -| test.c:1788:3:1788:15 | ... >> ... | The operand 'lhs7' is shifted by an expression 'rhs14' whose upper bound (63) is greater than or equal to the precision. | -| test.c:1828:3:1828:15 | ... >> ... | The operand 'lhs9' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | -| test.c:1852:3:1852:16 | ... >> ... | The operand 'lhs10' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | -| test.c:1854:3:1854:16 | ... >> ... | The operand 'lhs10' is shifted by an expression 'rhs13' whose upper bound (63) is greater than or equal to the precision. | -| test.c:1856:3:1856:16 | ... >> ... | The operand 'lhs10' is shifted by an expression 'rhs14' whose upper bound (63) is greater than or equal to the precision. | -| test.c:1894:3:1894:16 | ... >> ... | The operand 'lhs12' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | -| test.c:1910:3:1910:16 | ... >> ... | The operand 'lhs13' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | -| test.c:1912:3:1912:16 | ... >> ... | The operand 'lhs13' is shifted by an expression 'rhs13' whose upper bound (63) is greater than or equal to the precision. | -| test.c:1914:3:1914:16 | ... >> ... | The operand 'lhs13' is shifted by an expression 'rhs14' whose upper bound (63) is greater than or equal to the precision. | +| test.c:1784:3:1784:15 | ... >> ... | The operand 'lhs7' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | +| test.c:1786:3:1786:15 | ... >> ... | The operand 'lhs7' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | +| test.c:1788:3:1788:15 | ... >> ... | The operand 'lhs7' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | +| test.c:1828:3:1828:15 | ... >> ... | The operand 'lhs9' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | +| test.c:1830:3:1830:15 | ... >> ... | The operand 'lhs9' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | +| test.c:1832:3:1832:15 | ... >> ... | The operand 'lhs9' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | +| test.c:1852:3:1852:16 | ... >> ... | The operand 'lhs10' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | +| test.c:1854:3:1854:16 | ... >> ... | The operand 'lhs10' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | +| test.c:1856:3:1856:16 | ... >> ... | The operand 'lhs10' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | +| test.c:1894:3:1894:16 | ... >> ... | The operand 'lhs12' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | +| test.c:1896:3:1896:16 | ... >> ... | The operand 'lhs12' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | +| test.c:1897:3:1897:16 | ... >> ... | The operand 'lhs12' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | +| test.c:1910:3:1910:16 | ... >> ... | The operand 'lhs13' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | +| test.c:1912:3:1912:16 | ... >> ... | The operand 'lhs13' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | +| test.c:1914:3:1914:16 | ... >> ... | The operand 'lhs13' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | | test.c:3115:3:3115:12 | ... << ... | The operand 'lhs0' is shifted by an expression '- ...' which may be negative. | | test.c:3116:3:3116:12 | ... << ... | The operand 'lhs1' is shifted by an expression '- ...' which may be negative. | | test.c:3117:3:3117:12 | ... << ... | The operand 'lhs2' is shifted by an expression '- ...' which may be negative. | diff --git a/c/cert/test/rules/INT34-C/test.c b/c/cert/test/rules/INT34-C/test.c index c47df4b55d..6248f75313 100644 --- a/c/cert/test/rules/INT34-C/test.c +++ b/c/cert/test/rules/INT34-C/test.c @@ -357,8 +357,8 @@ int main() { lhs12 << rhs11; // COMPLIANT: lhs12's precision is strictly greater than rhs11 lhs12 << rhs12; // NON_COMPLIANT: lhs12's precision is not strictly greater // than rhs12's - lhs12 << rhs13; // COMPLIANT: lhs12's precision is strictly greater than rhs13 - lhs12 << rhs14; // COMPLIANT: lhs12's precision is strictly greater than rhs14 + lhs12 << rhs13; // COMPLIANT[FALSE POSITIVE]: lhs12's precision is strictly greater than rhs13 (FP because range analysis reduced precision for performance reasons) + lhs12 << rhs14; // COMPLIANT[FALSE POSITIVE]: lhs12's precision is strictly greater than rhs14 (FP because range analysis reduced precision for performance reasons) lhs13 << rhs0; // COMPLIANT: lhs13's precision is strictly greater than rhs0 lhs13 << rhs1; // COMPLIANT: lhs13's precision is strictly greater than rhs1 lhs13 << rhs2; // COMPLIANT: lhs13's precision is strictly greater than rhs2 @@ -1893,8 +1893,8 @@ int main() { lhs12 >> rhs11; // COMPLIANT: lhs12's precision is strictly greater than rhs11 lhs12 >> rhs12; // NON_COMPLIANT: lhs12's precision is not strictly greater // than rhs12 - lhs12 >> rhs13; // COMPLIANT: lhs12's precision is strictly greater than rhs13 - lhs12 >> rhs14; // COMPLIANT: lhs12's precision is strictly greater than rhs14 + lhs12 >> rhs13; // COMPLIANT[FALSE POSITIVE]: lhs12's precision is strictly greater than rhs13 (FP because range analysis reduced precision for performance reasons) + lhs12 >> rhs14; // COMPLIANT[FALSE POSITIVE]: lhs12's precision is strictly greater than rhs14 (FP because range analysis reduced precision for performance reasons) lhs13 >> rhs0; // COMPLIANT: lhs13's precision is strictly greater than rhs0 lhs13 >> rhs1; // COMPLIANT: lhs13's precision is strictly greater than rhs1 lhs13 >> rhs2; // COMPLIANT: lhs13's precision is strictly greater than rhs2 From 7f71c7b30f32e9192483516cef1bdbab61f503ac Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 11 Feb 2026 20:52:08 +0000 Subject: [PATCH 091/104] C++: Fix Copilot comments. --- c/cert/test/rules/INT34-C/test.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/c/cert/test/rules/INT34-C/test.c b/c/cert/test/rules/INT34-C/test.c index 6248f75313..a50974ccd7 100644 --- a/c/cert/test/rules/INT34-C/test.c +++ b/c/cert/test/rules/INT34-C/test.c @@ -357,8 +357,8 @@ int main() { lhs12 << rhs11; // COMPLIANT: lhs12's precision is strictly greater than rhs11 lhs12 << rhs12; // NON_COMPLIANT: lhs12's precision is not strictly greater // than rhs12's - lhs12 << rhs13; // COMPLIANT[FALSE POSITIVE]: lhs12's precision is strictly greater than rhs13 (FP because range analysis reduced precision for performance reasons) - lhs12 << rhs14; // COMPLIANT[FALSE POSITIVE]: lhs12's precision is strictly greater than rhs14 (FP because range analysis reduced precision for performance reasons) + lhs12 << rhs13; // COMPLIANT[FALSE_POSITIVE]: lhs12's precision is strictly greater than rhs13 (FP because range analysis reduced precision for performance reasons) + lhs12 << rhs14; // COMPLIANT[FALSE_POSITIVE]: lhs12's precision is strictly greater than rhs14 (FP because range analysis reduced precision for performance reasons) lhs13 << rhs0; // COMPLIANT: lhs13's precision is strictly greater than rhs0 lhs13 << rhs1; // COMPLIANT: lhs13's precision is strictly greater than rhs1 lhs13 << rhs2; // COMPLIANT: lhs13's precision is strictly greater than rhs2 @@ -1893,8 +1893,8 @@ int main() { lhs12 >> rhs11; // COMPLIANT: lhs12's precision is strictly greater than rhs11 lhs12 >> rhs12; // NON_COMPLIANT: lhs12's precision is not strictly greater // than rhs12 - lhs12 >> rhs13; // COMPLIANT[FALSE POSITIVE]: lhs12's precision is strictly greater than rhs13 (FP because range analysis reduced precision for performance reasons) - lhs12 >> rhs14; // COMPLIANT[FALSE POSITIVE]: lhs12's precision is strictly greater than rhs14 (FP because range analysis reduced precision for performance reasons) + lhs12 >> rhs13; // COMPLIANT[FALSE_POSITIVE]: lhs12's precision is strictly greater than rhs13 (FP because range analysis reduced precision for performance reasons) + lhs12 >> rhs14; // COMPLIANT[FALSE_POSITIVE]: lhs12's precision is strictly greater than rhs14 (FP because range analysis reduced precision for performance reasons) lhs13 >> rhs0; // COMPLIANT: lhs13's precision is strictly greater than rhs0 lhs13 >> rhs1; // COMPLIANT: lhs13's precision is strictly greater than rhs1 lhs13 >> rhs2; // COMPLIANT: lhs13's precision is strictly greater than rhs2 From d77616eed2fcbf52c965aab719bdee3ee93c80f5 Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Mon, 16 Feb 2026 14:20:14 +0100 Subject: [PATCH 092/104] Revert "C++: Accept test changes after github/codeql#21313." This reverts commit 141d5be42766520b4a993711e3f660a1494b458b. --- ...NegativeOrGreaterPrecisionOperand.expected | 112 ++++++++---------- c/cert/test/rules/INT34-C/test.c | 8 +- 2 files changed, 56 insertions(+), 64 deletions(-) diff --git a/c/cert/test/rules/INT34-C/ExprShiftedbyNegativeOrGreaterPrecisionOperand.expected b/c/cert/test/rules/INT34-C/ExprShiftedbyNegativeOrGreaterPrecisionOperand.expected index ca73e82c1d..dc92d0f1be 100644 --- a/c/cert/test/rules/INT34-C/ExprShiftedbyNegativeOrGreaterPrecisionOperand.expected +++ b/c/cert/test/rules/INT34-C/ExprShiftedbyNegativeOrGreaterPrecisionOperand.expected @@ -8,9 +8,9 @@ | test.c:59:3:59:14 | ... << ... | The operand 'lhs0' is shifted by an expression 'rhs9' whose upper bound (32) is greater than or equal to the precision. | | test.c:61:3:61:15 | ... << ... | The operand 'lhs0' is shifted by an expression 'rhs10' whose upper bound (31) is greater than or equal to the precision. | | test.c:63:3:63:15 | ... << ... | The operand 'lhs0' is shifted by an expression 'rhs11' whose upper bound (31) is greater than or equal to the precision. | -| test.c:65:3:65:15 | ... << ... | The operand 'lhs0' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | -| test.c:67:3:67:15 | ... << ... | The operand 'lhs0' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | -| test.c:69:3:69:15 | ... << ... | The operand 'lhs0' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | +| test.c:65:3:65:15 | ... << ... | The operand 'lhs0' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | +| test.c:67:3:67:15 | ... << ... | The operand 'lhs0' is shifted by an expression 'rhs13' whose upper bound (63) is greater than or equal to the precision. | +| test.c:69:3:69:15 | ... << ... | The operand 'lhs0' is shifted by an expression 'rhs14' whose upper bound (63) is greater than or equal to the precision. | | test.c:71:3:71:14 | ... << ... | The operand 'lhs1' is shifted by an expression 'rhs0' whose upper bound (8) is greater than or equal to the precision. | | test.c:73:3:73:14 | ... << ... | The operand 'lhs1' is shifted by an expression 'rhs1' whose upper bound (7) is greater than or equal to the precision. | | test.c:75:3:75:14 | ... << ... | The operand 'lhs1' is shifted by an expression 'rhs2' whose upper bound (7) is greater than or equal to the precision. | @@ -23,9 +23,9 @@ | test.c:89:3:89:14 | ... << ... | The operand 'lhs1' is shifted by an expression 'rhs9' whose upper bound (32) is greater than or equal to the precision. | | test.c:91:3:91:15 | ... << ... | The operand 'lhs1' is shifted by an expression 'rhs10' whose upper bound (31) is greater than or equal to the precision. | | test.c:93:3:93:15 | ... << ... | The operand 'lhs1' is shifted by an expression 'rhs11' whose upper bound (31) is greater than or equal to the precision. | -| test.c:95:3:95:15 | ... << ... | The operand 'lhs1' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | -| test.c:97:3:97:15 | ... << ... | The operand 'lhs1' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | -| test.c:99:3:99:15 | ... << ... | The operand 'lhs1' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | +| test.c:95:3:95:15 | ... << ... | The operand 'lhs1' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | +| test.c:97:3:97:15 | ... << ... | The operand 'lhs1' is shifted by an expression 'rhs13' whose upper bound (63) is greater than or equal to the precision. | +| test.c:99:3:99:15 | ... << ... | The operand 'lhs1' is shifted by an expression 'rhs14' whose upper bound (63) is greater than or equal to the precision. | | test.c:134:3:134:14 | ... << ... | The operand 'lhs3' is shifted by an expression 'rhs3' whose upper bound (16) is greater than or equal to the precision. | | test.c:138:3:138:14 | ... << ... | The operand 'lhs3' is shifted by an expression 'rhs6' whose upper bound (32) is greater than or equal to the precision. | | test.c:140:3:140:14 | ... << ... | The operand 'lhs3' is shifted by an expression 'rhs7' whose upper bound (31) is greater than or equal to the precision. | @@ -33,9 +33,9 @@ | test.c:144:3:144:14 | ... << ... | The operand 'lhs3' is shifted by an expression 'rhs9' whose upper bound (32) is greater than or equal to the precision. | | test.c:146:3:146:15 | ... << ... | The operand 'lhs3' is shifted by an expression 'rhs10' whose upper bound (31) is greater than or equal to the precision. | | test.c:148:3:148:15 | ... << ... | The operand 'lhs3' is shifted by an expression 'rhs11' whose upper bound (31) is greater than or equal to the precision. | -| test.c:150:3:150:15 | ... << ... | The operand 'lhs3' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | -| test.c:152:3:152:15 | ... << ... | The operand 'lhs3' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | -| test.c:154:3:154:15 | ... << ... | The operand 'lhs3' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | +| test.c:150:3:150:15 | ... << ... | The operand 'lhs3' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | +| test.c:152:3:152:15 | ... << ... | The operand 'lhs3' is shifted by an expression 'rhs13' whose upper bound (63) is greater than or equal to the precision. | +| test.c:154:3:154:15 | ... << ... | The operand 'lhs3' is shifted by an expression 'rhs14' whose upper bound (63) is greater than or equal to the precision. | | test.c:159:3:159:14 | ... << ... | The operand 'lhs4' is shifted by an expression 'rhs3' whose upper bound (16) is greater than or equal to the precision. | | test.c:161:3:161:14 | ... << ... | The operand 'lhs4' is shifted by an expression 'rhs4' whose upper bound (15) is greater than or equal to the precision. | | test.c:163:3:163:14 | ... << ... | The operand 'lhs4' is shifted by an expression 'rhs5' whose upper bound (15) is greater than or equal to the precision. | @@ -45,35 +45,31 @@ | test.c:171:3:171:14 | ... << ... | The operand 'lhs4' is shifted by an expression 'rhs9' whose upper bound (32) is greater than or equal to the precision. | | test.c:173:3:173:15 | ... << ... | The operand 'lhs4' is shifted by an expression 'rhs10' whose upper bound (31) is greater than or equal to the precision. | | test.c:175:3:175:15 | ... << ... | The operand 'lhs4' is shifted by an expression 'rhs11' whose upper bound (31) is greater than or equal to the precision. | -| test.c:177:3:177:15 | ... << ... | The operand 'lhs4' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | -| test.c:179:3:179:15 | ... << ... | The operand 'lhs4' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | -| test.c:181:3:181:15 | ... << ... | The operand 'lhs4' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | +| test.c:177:3:177:15 | ... << ... | The operand 'lhs4' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | +| test.c:179:3:179:15 | ... << ... | The operand 'lhs4' is shifted by an expression 'rhs13' whose upper bound (63) is greater than or equal to the precision. | +| test.c:181:3:181:15 | ... << ... | The operand 'lhs4' is shifted by an expression 'rhs14' whose upper bound (63) is greater than or equal to the precision. | | test.c:216:3:216:14 | ... << ... | The operand 'lhs6' is shifted by an expression 'rhs6' whose upper bound (32) is greater than or equal to the precision. | | test.c:220:3:220:14 | ... << ... | The operand 'lhs6' is shifted by an expression 'rhs9' whose upper bound (32) is greater than or equal to the precision. | -| test.c:224:3:224:15 | ... << ... | The operand 'lhs6' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | -| test.c:226:3:226:15 | ... << ... | The operand 'lhs6' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | -| test.c:228:3:228:15 | ... << ... | The operand 'lhs6' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | +| test.c:224:3:224:15 | ... << ... | The operand 'lhs6' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | +| test.c:226:3:226:15 | ... << ... | The operand 'lhs6' is shifted by an expression 'rhs13' whose upper bound (63) is greater than or equal to the precision. | +| test.c:228:3:228:15 | ... << ... | The operand 'lhs6' is shifted by an expression 'rhs14' whose upper bound (63) is greater than or equal to the precision. | | test.c:236:3:236:14 | ... << ... | The operand 'lhs7' is shifted by an expression 'rhs6' whose upper bound (32) is greater than or equal to the precision. | | test.c:238:3:238:14 | ... << ... | The operand 'lhs7' is shifted by an expression 'rhs7' whose upper bound (31) is greater than or equal to the precision. | | test.c:240:3:240:14 | ... << ... | The operand 'lhs7' is shifted by an expression 'rhs8' whose upper bound (31) is greater than or equal to the precision. | | test.c:242:3:242:14 | ... << ... | The operand 'lhs7' is shifted by an expression 'rhs9' whose upper bound (32) is greater than or equal to the precision. | | test.c:244:3:244:15 | ... << ... | The operand 'lhs7' is shifted by an expression 'rhs10' whose upper bound (31) is greater than or equal to the precision. | | test.c:246:3:246:15 | ... << ... | The operand 'lhs7' is shifted by an expression 'rhs11' whose upper bound (31) is greater than or equal to the precision. | -| test.c:248:3:248:15 | ... << ... | The operand 'lhs7' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | -| test.c:250:3:250:15 | ... << ... | The operand 'lhs7' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | -| test.c:252:3:252:15 | ... << ... | The operand 'lhs7' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | -| test.c:292:3:292:15 | ... << ... | The operand 'lhs9' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | -| test.c:294:3:294:15 | ... << ... | The operand 'lhs9' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | -| test.c:296:3:296:15 | ... << ... | The operand 'lhs9' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | -| test.c:316:3:316:16 | ... << ... | The operand 'lhs10' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | -| test.c:318:3:318:16 | ... << ... | The operand 'lhs10' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | -| test.c:320:3:320:16 | ... << ... | The operand 'lhs10' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | -| test.c:358:3:358:16 | ... << ... | The operand 'lhs12' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | -| test.c:360:3:360:16 | ... << ... | The operand 'lhs12' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | -| test.c:361:3:361:16 | ... << ... | The operand 'lhs12' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | -| test.c:374:3:374:16 | ... << ... | The operand 'lhs13' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | -| test.c:376:3:376:16 | ... << ... | The operand 'lhs13' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | -| test.c:378:3:378:16 | ... << ... | The operand 'lhs13' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | +| test.c:248:3:248:15 | ... << ... | The operand 'lhs7' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | +| test.c:250:3:250:15 | ... << ... | The operand 'lhs7' is shifted by an expression 'rhs13' whose upper bound (63) is greater than or equal to the precision. | +| test.c:252:3:252:15 | ... << ... | The operand 'lhs7' is shifted by an expression 'rhs14' whose upper bound (63) is greater than or equal to the precision. | +| test.c:292:3:292:15 | ... << ... | The operand 'lhs9' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | +| test.c:316:3:316:16 | ... << ... | The operand 'lhs10' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | +| test.c:318:3:318:16 | ... << ... | The operand 'lhs10' is shifted by an expression 'rhs13' whose upper bound (63) is greater than or equal to the precision. | +| test.c:320:3:320:16 | ... << ... | The operand 'lhs10' is shifted by an expression 'rhs14' whose upper bound (63) is greater than or equal to the precision. | +| test.c:358:3:358:16 | ... << ... | The operand 'lhs12' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | +| test.c:374:3:374:16 | ... << ... | The operand 'lhs13' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | +| test.c:376:3:376:16 | ... << ... | The operand 'lhs13' is shifted by an expression 'rhs13' whose upper bound (63) is greater than or equal to the precision. | +| test.c:378:3:378:16 | ... << ... | The operand 'lhs13' is shifted by an expression 'rhs14' whose upper bound (63) is greater than or equal to the precision. | | test.c:1579:3:1580:10 | ... >> ... | The operand 'lhs0' is shifted by an expression 'rhs0' whose upper bound (8) is greater than or equal to the precision. | | test.c:1583:3:1584:10 | ... >> ... | The operand 'lhs0' is shifted by an expression 'rhs3' whose upper bound (16) is greater than or equal to the precision. | | test.c:1585:3:1586:10 | ... >> ... | The operand 'lhs0' is shifted by an expression 'rhs4' whose upper bound (15) is greater than or equal to the precision. | @@ -84,9 +80,9 @@ | test.c:1595:3:1596:10 | ... >> ... | The operand 'lhs0' is shifted by an expression 'rhs9' whose upper bound (32) is greater than or equal to the precision. | | test.c:1597:3:1597:15 | ... >> ... | The operand 'lhs0' is shifted by an expression 'rhs10' whose upper bound (31) is greater than or equal to the precision. | | test.c:1599:3:1599:15 | ... >> ... | The operand 'lhs0' is shifted by an expression 'rhs11' whose upper bound (31) is greater than or equal to the precision. | -| test.c:1601:3:1601:15 | ... >> ... | The operand 'lhs0' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | -| test.c:1603:3:1603:15 | ... >> ... | The operand 'lhs0' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | -| test.c:1605:3:1605:15 | ... >> ... | The operand 'lhs0' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | +| test.c:1601:3:1601:15 | ... >> ... | The operand 'lhs0' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | +| test.c:1603:3:1603:15 | ... >> ... | The operand 'lhs0' is shifted by an expression 'rhs13' whose upper bound (63) is greater than or equal to the precision. | +| test.c:1605:3:1605:15 | ... >> ... | The operand 'lhs0' is shifted by an expression 'rhs14' whose upper bound (63) is greater than or equal to the precision. | | test.c:1607:3:1608:10 | ... >> ... | The operand 'lhs1' is shifted by an expression 'rhs0' whose upper bound (8) is greater than or equal to the precision. | | test.c:1609:3:1610:10 | ... >> ... | The operand 'lhs1' is shifted by an expression 'rhs1' whose upper bound (7) is greater than or equal to the precision. | | test.c:1611:3:1612:10 | ... >> ... | The operand 'lhs1' is shifted by an expression 'rhs2' whose upper bound (7) is greater than or equal to the precision. | @@ -99,9 +95,9 @@ | test.c:1625:3:1626:10 | ... >> ... | The operand 'lhs1' is shifted by an expression 'rhs9' whose upper bound (32) is greater than or equal to the precision. | | test.c:1627:3:1627:15 | ... >> ... | The operand 'lhs1' is shifted by an expression 'rhs10' whose upper bound (31) is greater than or equal to the precision. | | test.c:1629:3:1629:15 | ... >> ... | The operand 'lhs1' is shifted by an expression 'rhs11' whose upper bound (31) is greater than or equal to the precision. | -| test.c:1631:3:1631:15 | ... >> ... | The operand 'lhs1' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | -| test.c:1633:3:1633:15 | ... >> ... | The operand 'lhs1' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | -| test.c:1635:3:1635:15 | ... >> ... | The operand 'lhs1' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | +| test.c:1631:3:1631:15 | ... >> ... | The operand 'lhs1' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | +| test.c:1633:3:1633:15 | ... >> ... | The operand 'lhs1' is shifted by an expression 'rhs13' whose upper bound (63) is greater than or equal to the precision. | +| test.c:1635:3:1635:15 | ... >> ... | The operand 'lhs1' is shifted by an expression 'rhs14' whose upper bound (63) is greater than or equal to the precision. | | test.c:1670:3:1671:10 | ... >> ... | The operand 'lhs3' is shifted by an expression 'rhs3' whose upper bound (16) is greater than or equal to the precision. | | test.c:1674:3:1675:10 | ... >> ... | The operand 'lhs3' is shifted by an expression 'rhs6' whose upper bound (32) is greater than or equal to the precision. | | test.c:1676:3:1677:10 | ... >> ... | The operand 'lhs3' is shifted by an expression 'rhs7' whose upper bound (31) is greater than or equal to the precision. | @@ -109,9 +105,9 @@ | test.c:1680:3:1681:10 | ... >> ... | The operand 'lhs3' is shifted by an expression 'rhs9' whose upper bound (32) is greater than or equal to the precision. | | test.c:1682:3:1682:15 | ... >> ... | The operand 'lhs3' is shifted by an expression 'rhs10' whose upper bound (31) is greater than or equal to the precision. | | test.c:1684:3:1684:15 | ... >> ... | The operand 'lhs3' is shifted by an expression 'rhs11' whose upper bound (31) is greater than or equal to the precision. | -| test.c:1686:3:1686:15 | ... >> ... | The operand 'lhs3' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | -| test.c:1688:3:1688:15 | ... >> ... | The operand 'lhs3' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | -| test.c:1690:3:1690:15 | ... >> ... | The operand 'lhs3' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | +| test.c:1686:3:1686:15 | ... >> ... | The operand 'lhs3' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | +| test.c:1688:3:1688:15 | ... >> ... | The operand 'lhs3' is shifted by an expression 'rhs13' whose upper bound (63) is greater than or equal to the precision. | +| test.c:1690:3:1690:15 | ... >> ... | The operand 'lhs3' is shifted by an expression 'rhs14' whose upper bound (63) is greater than or equal to the precision. | | test.c:1695:3:1696:10 | ... >> ... | The operand 'lhs4' is shifted by an expression 'rhs3' whose upper bound (16) is greater than or equal to the precision. | | test.c:1697:3:1698:10 | ... >> ... | The operand 'lhs4' is shifted by an expression 'rhs4' whose upper bound (15) is greater than or equal to the precision. | | test.c:1699:3:1700:10 | ... >> ... | The operand 'lhs4' is shifted by an expression 'rhs5' whose upper bound (15) is greater than or equal to the precision. | @@ -121,35 +117,31 @@ | test.c:1707:3:1708:10 | ... >> ... | The operand 'lhs4' is shifted by an expression 'rhs9' whose upper bound (32) is greater than or equal to the precision. | | test.c:1709:3:1709:15 | ... >> ... | The operand 'lhs4' is shifted by an expression 'rhs10' whose upper bound (31) is greater than or equal to the precision. | | test.c:1711:3:1711:15 | ... >> ... | The operand 'lhs4' is shifted by an expression 'rhs11' whose upper bound (31) is greater than or equal to the precision. | -| test.c:1713:3:1713:15 | ... >> ... | The operand 'lhs4' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | -| test.c:1715:3:1715:15 | ... >> ... | The operand 'lhs4' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | -| test.c:1717:3:1717:15 | ... >> ... | The operand 'lhs4' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | +| test.c:1713:3:1713:15 | ... >> ... | The operand 'lhs4' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | +| test.c:1715:3:1715:15 | ... >> ... | The operand 'lhs4' is shifted by an expression 'rhs13' whose upper bound (63) is greater than or equal to the precision. | +| test.c:1717:3:1717:15 | ... >> ... | The operand 'lhs4' is shifted by an expression 'rhs14' whose upper bound (63) is greater than or equal to the precision. | | test.c:1752:3:1753:10 | ... >> ... | The operand 'lhs6' is shifted by an expression 'rhs6' whose upper bound (32) is greater than or equal to the precision. | | test.c:1756:3:1757:10 | ... >> ... | The operand 'lhs6' is shifted by an expression 'rhs9' whose upper bound (32) is greater than or equal to the precision. | -| test.c:1760:3:1760:15 | ... >> ... | The operand 'lhs6' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | -| test.c:1762:3:1762:15 | ... >> ... | The operand 'lhs6' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | -| test.c:1764:3:1764:15 | ... >> ... | The operand 'lhs6' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | +| test.c:1760:3:1760:15 | ... >> ... | The operand 'lhs6' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | +| test.c:1762:3:1762:15 | ... >> ... | The operand 'lhs6' is shifted by an expression 'rhs13' whose upper bound (63) is greater than or equal to the precision. | +| test.c:1764:3:1764:15 | ... >> ... | The operand 'lhs6' is shifted by an expression 'rhs14' whose upper bound (63) is greater than or equal to the precision. | | test.c:1772:3:1773:10 | ... >> ... | The operand 'lhs7' is shifted by an expression 'rhs6' whose upper bound (32) is greater than or equal to the precision. | | test.c:1774:3:1775:10 | ... >> ... | The operand 'lhs7' is shifted by an expression 'rhs7' whose upper bound (31) is greater than or equal to the precision. | | test.c:1776:3:1777:10 | ... >> ... | The operand 'lhs7' is shifted by an expression 'rhs8' whose upper bound (31) is greater than or equal to the precision. | | test.c:1778:3:1779:10 | ... >> ... | The operand 'lhs7' is shifted by an expression 'rhs9' whose upper bound (32) is greater than or equal to the precision. | | test.c:1780:3:1780:15 | ... >> ... | The operand 'lhs7' is shifted by an expression 'rhs10' whose upper bound (31) is greater than or equal to the precision. | | test.c:1782:3:1782:15 | ... >> ... | The operand 'lhs7' is shifted by an expression 'rhs11' whose upper bound (31) is greater than or equal to the precision. | -| test.c:1784:3:1784:15 | ... >> ... | The operand 'lhs7' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | -| test.c:1786:3:1786:15 | ... >> ... | The operand 'lhs7' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | -| test.c:1788:3:1788:15 | ... >> ... | The operand 'lhs7' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | -| test.c:1828:3:1828:15 | ... >> ... | The operand 'lhs9' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | -| test.c:1830:3:1830:15 | ... >> ... | The operand 'lhs9' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | -| test.c:1832:3:1832:15 | ... >> ... | The operand 'lhs9' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | -| test.c:1852:3:1852:16 | ... >> ... | The operand 'lhs10' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | -| test.c:1854:3:1854:16 | ... >> ... | The operand 'lhs10' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | -| test.c:1856:3:1856:16 | ... >> ... | The operand 'lhs10' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | -| test.c:1894:3:1894:16 | ... >> ... | The operand 'lhs12' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | -| test.c:1896:3:1896:16 | ... >> ... | The operand 'lhs12' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | -| test.c:1897:3:1897:16 | ... >> ... | The operand 'lhs12' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | -| test.c:1910:3:1910:16 | ... >> ... | The operand 'lhs13' is shifted by an expression 'rhs12' whose upper bound (127) is greater than or equal to the precision. | -| test.c:1912:3:1912:16 | ... >> ... | The operand 'lhs13' is shifted by an expression 'rhs13' whose upper bound (127) is greater than or equal to the precision. | -| test.c:1914:3:1914:16 | ... >> ... | The operand 'lhs13' is shifted by an expression 'rhs14' whose upper bound (127) is greater than or equal to the precision. | +| test.c:1784:3:1784:15 | ... >> ... | The operand 'lhs7' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | +| test.c:1786:3:1786:15 | ... >> ... | The operand 'lhs7' is shifted by an expression 'rhs13' whose upper bound (63) is greater than or equal to the precision. | +| test.c:1788:3:1788:15 | ... >> ... | The operand 'lhs7' is shifted by an expression 'rhs14' whose upper bound (63) is greater than or equal to the precision. | +| test.c:1828:3:1828:15 | ... >> ... | The operand 'lhs9' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | +| test.c:1852:3:1852:16 | ... >> ... | The operand 'lhs10' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | +| test.c:1854:3:1854:16 | ... >> ... | The operand 'lhs10' is shifted by an expression 'rhs13' whose upper bound (63) is greater than or equal to the precision. | +| test.c:1856:3:1856:16 | ... >> ... | The operand 'lhs10' is shifted by an expression 'rhs14' whose upper bound (63) is greater than or equal to the precision. | +| test.c:1894:3:1894:16 | ... >> ... | The operand 'lhs12' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | +| test.c:1910:3:1910:16 | ... >> ... | The operand 'lhs13' is shifted by an expression 'rhs12' whose upper bound (64) is greater than or equal to the precision. | +| test.c:1912:3:1912:16 | ... >> ... | The operand 'lhs13' is shifted by an expression 'rhs13' whose upper bound (63) is greater than or equal to the precision. | +| test.c:1914:3:1914:16 | ... >> ... | The operand 'lhs13' is shifted by an expression 'rhs14' whose upper bound (63) is greater than or equal to the precision. | | test.c:3115:3:3115:12 | ... << ... | The operand 'lhs0' is shifted by an expression '- ...' which may be negative. | | test.c:3116:3:3116:12 | ... << ... | The operand 'lhs1' is shifted by an expression '- ...' which may be negative. | | test.c:3117:3:3117:12 | ... << ... | The operand 'lhs2' is shifted by an expression '- ...' which may be negative. | diff --git a/c/cert/test/rules/INT34-C/test.c b/c/cert/test/rules/INT34-C/test.c index a50974ccd7..c47df4b55d 100644 --- a/c/cert/test/rules/INT34-C/test.c +++ b/c/cert/test/rules/INT34-C/test.c @@ -357,8 +357,8 @@ int main() { lhs12 << rhs11; // COMPLIANT: lhs12's precision is strictly greater than rhs11 lhs12 << rhs12; // NON_COMPLIANT: lhs12's precision is not strictly greater // than rhs12's - lhs12 << rhs13; // COMPLIANT[FALSE_POSITIVE]: lhs12's precision is strictly greater than rhs13 (FP because range analysis reduced precision for performance reasons) - lhs12 << rhs14; // COMPLIANT[FALSE_POSITIVE]: lhs12's precision is strictly greater than rhs14 (FP because range analysis reduced precision for performance reasons) + lhs12 << rhs13; // COMPLIANT: lhs12's precision is strictly greater than rhs13 + lhs12 << rhs14; // COMPLIANT: lhs12's precision is strictly greater than rhs14 lhs13 << rhs0; // COMPLIANT: lhs13's precision is strictly greater than rhs0 lhs13 << rhs1; // COMPLIANT: lhs13's precision is strictly greater than rhs1 lhs13 << rhs2; // COMPLIANT: lhs13's precision is strictly greater than rhs2 @@ -1893,8 +1893,8 @@ int main() { lhs12 >> rhs11; // COMPLIANT: lhs12's precision is strictly greater than rhs11 lhs12 >> rhs12; // NON_COMPLIANT: lhs12's precision is not strictly greater // than rhs12 - lhs12 >> rhs13; // COMPLIANT[FALSE_POSITIVE]: lhs12's precision is strictly greater than rhs13 (FP because range analysis reduced precision for performance reasons) - lhs12 >> rhs14; // COMPLIANT[FALSE_POSITIVE]: lhs12's precision is strictly greater than rhs14 (FP because range analysis reduced precision for performance reasons) + lhs12 >> rhs13; // COMPLIANT: lhs12's precision is strictly greater than rhs13 + lhs12 >> rhs14; // COMPLIANT: lhs12's precision is strictly greater than rhs14 lhs13 >> rhs0; // COMPLIANT: lhs13's precision is strictly greater than rhs0 lhs13 >> rhs1; // COMPLIANT: lhs13's precision is strictly greater than rhs1 lhs13 >> rhs2; // COMPLIANT: lhs13's precision is strictly greater than rhs2 From a79c12d1abd3fe460d397e61ff430235ce01c7b8 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Tue, 17 Feb 2026 14:31:14 +0100 Subject: [PATCH 093/104] Update test expectations after switch to SoftFloat library in the extractor --- ...CorrectIntervalForDigitSequencesSeparators.expected | 10 +++++----- .../rules/M2-13-4/LiteralSuffixNotUpperCase.expected | 4 ++-- ...icitConstConversionToSmallerUnderlyingType.expected | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/cpp/autosar/test/rules/A13-6-1/UseCorrectIntervalForDigitSequencesSeparators.expected b/cpp/autosar/test/rules/A13-6-1/UseCorrectIntervalForDigitSequencesSeparators.expected index 9cda0967bf..ee87fca749 100644 --- a/cpp/autosar/test/rules/A13-6-1/UseCorrectIntervalForDigitSequencesSeparators.expected +++ b/cpp/autosar/test/rules/A13-6-1/UseCorrectIntervalForDigitSequencesSeparators.expected @@ -7,8 +7,8 @@ | test.cpp:19:3:19:17 | 1370 | The digit sequence 01010101'1010 uses a digit sequence separator at a spacing other than 4. | | test.cpp:20:3:20:15 | 85 | The digit sequence 01'01'01'01 uses a digit sequence separator at a spacing other than 4. | | test.cpp:21:3:21:14 | 85 | The digit sequence 010'1010'1 uses a digit sequence separator at a spacing other than 4. | -| test.cpp:26:3:26:15 | 11000000000.0 | The digit sequence 1000'000 uses a digit sequence separator at a spacing other than 3. | -| test.cpp:27:3:27:16 | 11000000000.0 | The digit sequence 10'00'000 uses a digit sequence separator at a spacing other than 3. | -| test.cpp:28:3:28:17 | 11000000000.0 | The digit sequence 1'0 uses a digit sequence separator at a spacing other than 3. | -| test.cpp:29:3:29:16 | 11000000000.0 | The digit sequence 10'000'00 uses a digit sequence separator at a spacing other than 3. | -| test.cpp:30:3:30:15 | 11000000000.0 | The digit sequence 1'0 uses a digit sequence separator at a spacing other than 3. | +| test.cpp:26:3:26:15 | 1.1E10 | The digit sequence 1000'000 uses a digit sequence separator at a spacing other than 3. | +| test.cpp:27:3:27:16 | 1.1E10 | The digit sequence 10'00'000 uses a digit sequence separator at a spacing other than 3. | +| test.cpp:28:3:28:17 | 1.1E10 | The digit sequence 1'0 uses a digit sequence separator at a spacing other than 3. | +| test.cpp:29:3:29:16 | 1.1E10 | The digit sequence 10'000'00 uses a digit sequence separator at a spacing other than 3. | +| test.cpp:30:3:30:15 | 1.1E10 | The digit sequence 1'0 uses a digit sequence separator at a spacing other than 3. | diff --git a/cpp/autosar/test/rules/M2-13-4/LiteralSuffixNotUpperCase.expected b/cpp/autosar/test/rules/M2-13-4/LiteralSuffixNotUpperCase.expected index 9397fbac49..66fa304117 100644 --- a/cpp/autosar/test/rules/M2-13-4/LiteralSuffixNotUpperCase.expected +++ b/cpp/autosar/test/rules/M2-13-4/LiteralSuffixNotUpperCase.expected @@ -8,5 +8,5 @@ | test.cpp:16:3:16:14 | 1254450 | Numeric literal 0x13'24'32Ul has the lower case suffix l. | | test.cpp:17:3:17:13 | 1254450 | Numeric literal 0x13'24'32u has the lower case suffix u. | | test.cpp:18:3:18:13 | 1254450 | Numeric literal 0x13'24'32l has the lower case suffix l. | -| test.cpp:22:3:22:15 | 1.123122995e+10 | Numeric literal 1.123'123e10f has the lower case suffix f. | -| test.cpp:23:3:23:15 | 11231230000.0 | Numeric literal 1.123'123e10l has the lower case suffix l. | +| test.cpp:22:3:22:15 | 1.123123E10 | Numeric literal 1.123'123e10f has the lower case suffix f. | +| test.cpp:23:3:23:15 | 1.123123E10 | Numeric literal 1.123'123e10l has the lower case suffix l. | diff --git a/cpp/autosar/test/rules/M5-0-6/ImplicitConstConversionToSmallerUnderlyingType.expected b/cpp/autosar/test/rules/M5-0-6/ImplicitConstConversionToSmallerUnderlyingType.expected index 6b1d701128..00e191758c 100644 --- a/cpp/autosar/test/rules/M5-0-6/ImplicitConstConversionToSmallerUnderlyingType.expected +++ b/cpp/autosar/test/rules/M5-0-6/ImplicitConstConversionToSmallerUnderlyingType.expected @@ -1,2 +1,2 @@ | test.cpp:11:8:11:10 | (int8_t)... | Implicit conversion of integral $@ reduces the size from 4 bytes to 1 bytes. | test.cpp:11:8:11:10 | 256 | 256 | -| test.cpp:24:9:24:14 | (float)... | Implicit conversion of floating point $@ reduces the size from 8 bytes to 4 bytes. | test.cpp:24:9:24:14 | 3.500000000000000016e+38 | 3.5e38 | +| test.cpp:24:9:24:14 | (float)... | Implicit conversion of floating point $@ reduces the size from 8 bytes to 4 bytes. | test.cpp:24:9:24:14 | 3.5E38 | 3.5e38 | From e116488d9d1d159e7eeb334d61010bc04a3f77fc Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Tue, 24 Feb 2026 11:17:33 +0100 Subject: [PATCH 094/104] Revert "Merge pull request #1042 from jketema/jketema/softfloat" This reverts commit 3bc45b82c82530da40e8e2e94634b246c3c8840b, reversing changes made to 09d1e3a52798dcb89bace5de57d10b7e4fe5e535. --- ...CorrectIntervalForDigitSequencesSeparators.expected | 10 +++++----- .../rules/M2-13-4/LiteralSuffixNotUpperCase.expected | 4 ++-- ...icitConstConversionToSmallerUnderlyingType.expected | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/cpp/autosar/test/rules/A13-6-1/UseCorrectIntervalForDigitSequencesSeparators.expected b/cpp/autosar/test/rules/A13-6-1/UseCorrectIntervalForDigitSequencesSeparators.expected index ee87fca749..9cda0967bf 100644 --- a/cpp/autosar/test/rules/A13-6-1/UseCorrectIntervalForDigitSequencesSeparators.expected +++ b/cpp/autosar/test/rules/A13-6-1/UseCorrectIntervalForDigitSequencesSeparators.expected @@ -7,8 +7,8 @@ | test.cpp:19:3:19:17 | 1370 | The digit sequence 01010101'1010 uses a digit sequence separator at a spacing other than 4. | | test.cpp:20:3:20:15 | 85 | The digit sequence 01'01'01'01 uses a digit sequence separator at a spacing other than 4. | | test.cpp:21:3:21:14 | 85 | The digit sequence 010'1010'1 uses a digit sequence separator at a spacing other than 4. | -| test.cpp:26:3:26:15 | 1.1E10 | The digit sequence 1000'000 uses a digit sequence separator at a spacing other than 3. | -| test.cpp:27:3:27:16 | 1.1E10 | The digit sequence 10'00'000 uses a digit sequence separator at a spacing other than 3. | -| test.cpp:28:3:28:17 | 1.1E10 | The digit sequence 1'0 uses a digit sequence separator at a spacing other than 3. | -| test.cpp:29:3:29:16 | 1.1E10 | The digit sequence 10'000'00 uses a digit sequence separator at a spacing other than 3. | -| test.cpp:30:3:30:15 | 1.1E10 | The digit sequence 1'0 uses a digit sequence separator at a spacing other than 3. | +| test.cpp:26:3:26:15 | 11000000000.0 | The digit sequence 1000'000 uses a digit sequence separator at a spacing other than 3. | +| test.cpp:27:3:27:16 | 11000000000.0 | The digit sequence 10'00'000 uses a digit sequence separator at a spacing other than 3. | +| test.cpp:28:3:28:17 | 11000000000.0 | The digit sequence 1'0 uses a digit sequence separator at a spacing other than 3. | +| test.cpp:29:3:29:16 | 11000000000.0 | The digit sequence 10'000'00 uses a digit sequence separator at a spacing other than 3. | +| test.cpp:30:3:30:15 | 11000000000.0 | The digit sequence 1'0 uses a digit sequence separator at a spacing other than 3. | diff --git a/cpp/autosar/test/rules/M2-13-4/LiteralSuffixNotUpperCase.expected b/cpp/autosar/test/rules/M2-13-4/LiteralSuffixNotUpperCase.expected index 66fa304117..9397fbac49 100644 --- a/cpp/autosar/test/rules/M2-13-4/LiteralSuffixNotUpperCase.expected +++ b/cpp/autosar/test/rules/M2-13-4/LiteralSuffixNotUpperCase.expected @@ -8,5 +8,5 @@ | test.cpp:16:3:16:14 | 1254450 | Numeric literal 0x13'24'32Ul has the lower case suffix l. | | test.cpp:17:3:17:13 | 1254450 | Numeric literal 0x13'24'32u has the lower case suffix u. | | test.cpp:18:3:18:13 | 1254450 | Numeric literal 0x13'24'32l has the lower case suffix l. | -| test.cpp:22:3:22:15 | 1.123123E10 | Numeric literal 1.123'123e10f has the lower case suffix f. | -| test.cpp:23:3:23:15 | 1.123123E10 | Numeric literal 1.123'123e10l has the lower case suffix l. | +| test.cpp:22:3:22:15 | 1.123122995e+10 | Numeric literal 1.123'123e10f has the lower case suffix f. | +| test.cpp:23:3:23:15 | 11231230000.0 | Numeric literal 1.123'123e10l has the lower case suffix l. | diff --git a/cpp/autosar/test/rules/M5-0-6/ImplicitConstConversionToSmallerUnderlyingType.expected b/cpp/autosar/test/rules/M5-0-6/ImplicitConstConversionToSmallerUnderlyingType.expected index 00e191758c..6b1d701128 100644 --- a/cpp/autosar/test/rules/M5-0-6/ImplicitConstConversionToSmallerUnderlyingType.expected +++ b/cpp/autosar/test/rules/M5-0-6/ImplicitConstConversionToSmallerUnderlyingType.expected @@ -1,2 +1,2 @@ | test.cpp:11:8:11:10 | (int8_t)... | Implicit conversion of integral $@ reduces the size from 4 bytes to 1 bytes. | test.cpp:11:8:11:10 | 256 | 256 | -| test.cpp:24:9:24:14 | (float)... | Implicit conversion of floating point $@ reduces the size from 8 bytes to 4 bytes. | test.cpp:24:9:24:14 | 3.5E38 | 3.5e38 | +| test.cpp:24:9:24:14 | (float)... | Implicit conversion of floating point $@ reduces the size from 8 bytes to 4 bytes. | test.cpp:24:9:24:14 | 3.500000000000000016e+38 | 3.5e38 | From b318aa63f630b57864c34e905dc7e127cfd85041 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 30 Mar 2026 15:09:13 +0200 Subject: [PATCH 095/104] Update expected test results --- .../codingstandards/cpp/identifiers/IdentifiersTest.expected | 2 +- .../test/rules/RULE-15-1-3/NonExplicitConversionMember.expected | 2 +- .../test/rules/RULE-19-2-2/InvalidIncludeDirective.expected | 1 + cpp/misra/test/rules/RULE-19-2-2/test.cpp | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/cpp/common/test/library/codingstandards/cpp/identifiers/IdentifiersTest.expected b/cpp/common/test/library/codingstandards/cpp/identifiers/IdentifiersTest.expected index 697666d61f..ab4c62a779 100644 --- a/cpp/common/test/library/codingstandards/cpp/identifiers/IdentifiersTest.expected +++ b/cpp/common/test/library/codingstandards/cpp/identifiers/IdentifiersTest.expected @@ -162,7 +162,7 @@ | test.cpp:244:7:244:27 | TemplateTemplateClass | test.cpp:244:7:244:27 | TemplateTemplateClass | | test.cpp:245:16:245:24 | container | test.cpp:245:16:245:24 | definition of container | | test.cpp:249:20:249:20 | T | test.cpp:249:20:249:20 | definition of T | -| test.cpp:249:53:249:53 | variable_template | test.cpp:249:53:249:53 | definition of variable_template | +| test.cpp:249:35:249:51 | variable_template | test.cpp:249:35:249:51 | definition of variable_template | | test.cpp:252:20:252:20 | T | test.cpp:252:20:252:20 | definition of T | | test.cpp:252:29:252:39 | VectorAlias | test.cpp:252:29:252:39 | definition of VectorAlias | | test.cpp:255:7:255:15 | BaseClass | test.cpp:255:7:255:15 | definition of BaseClass | diff --git a/cpp/misra/test/rules/RULE-15-1-3/NonExplicitConversionMember.expected b/cpp/misra/test/rules/RULE-15-1-3/NonExplicitConversionMember.expected index 9603aa1c2b..935b6a8156 100644 --- a/cpp/misra/test/rules/RULE-15-1-3/NonExplicitConversionMember.expected +++ b/cpp/misra/test/rules/RULE-15-1-3/NonExplicitConversionMember.expected @@ -1,5 +1,5 @@ | test.cpp:5:3:5:12 | TestClass1 | Constructor 'TestClass1' that is callable with a single argument shall be explicit. | -| test.cpp:6:3:6:23 | operator signed int | Conversion operator shall be explicit. | +| test.cpp:6:3:6:23 | operator int32_t | Conversion operator shall be explicit. | | test.cpp:23:3:23:12 | TestClass4 | Constructor 'TestClass4' that is callable with a single argument shall be explicit. | | test.cpp:25:3:25:12 | TestClass4 | Constructor 'TestClass4' that is callable with a single argument shall be explicit. | | test.cpp:44:3:44:17 | operator double | Conversion operator shall be explicit. | diff --git a/cpp/misra/test/rules/RULE-19-2-2/InvalidIncludeDirective.expected b/cpp/misra/test/rules/RULE-19-2-2/InvalidIncludeDirective.expected index 4e85513b0e..09261053ce 100644 --- a/cpp/misra/test/rules/RULE-19-2-2/InvalidIncludeDirective.expected +++ b/cpp/misra/test/rules/RULE-19-2-2/InvalidIncludeDirective.expected @@ -1,2 +1,3 @@ | test.cpp:6:1:6:20 | #include STRING_PATH | Non-compliant #include directive text 'STRING_PATH'. | +| test.cpp:8:1:8:17 | #include "string" ".h" | Non-compliant #include directive text '"string" ".h"'. | | test.cpp:10:1:10:16 | #include QSTRING | Non-compliant #include directive text 'QSTRING'. | diff --git a/cpp/misra/test/rules/RULE-19-2-2/test.cpp b/cpp/misra/test/rules/RULE-19-2-2/test.cpp index b1788458ec..058c4e8dfa 100644 --- a/cpp/misra/test/rules/RULE-19-2-2/test.cpp +++ b/cpp/misra/test/rules/RULE-19-2-2/test.cpp @@ -5,7 +5,7 @@ #include // COMPLIANT #include STRING_PATH // NON-COMPLIANT // clang-format off -#include "string" ".h" // NON-COMPLIANT[False negative] +#include "string" ".h" // NON-COMPLIANT // clang-format on #include QSTRING DOTH // NON-COMPLIANT From d4837653e6cc4f850ac1323b8e69cb19dd66a2c9 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Fri, 24 Apr 2026 15:13:56 +0200 Subject: [PATCH 096/104] Reapply "Merge pull request #1042 from jketema/jketema/softfloat" This reverts commit b88313953267bec0ff4c75418eaa3ee5ac97259c. --- ...CorrectIntervalForDigitSequencesSeparators.expected | 10 +++++----- .../rules/M2-13-4/LiteralSuffixNotUpperCase.expected | 4 ++-- ...icitConstConversionToSmallerUnderlyingType.expected | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/cpp/autosar/test/rules/A13-6-1/UseCorrectIntervalForDigitSequencesSeparators.expected b/cpp/autosar/test/rules/A13-6-1/UseCorrectIntervalForDigitSequencesSeparators.expected index 9cda0967bf..ee87fca749 100644 --- a/cpp/autosar/test/rules/A13-6-1/UseCorrectIntervalForDigitSequencesSeparators.expected +++ b/cpp/autosar/test/rules/A13-6-1/UseCorrectIntervalForDigitSequencesSeparators.expected @@ -7,8 +7,8 @@ | test.cpp:19:3:19:17 | 1370 | The digit sequence 01010101'1010 uses a digit sequence separator at a spacing other than 4. | | test.cpp:20:3:20:15 | 85 | The digit sequence 01'01'01'01 uses a digit sequence separator at a spacing other than 4. | | test.cpp:21:3:21:14 | 85 | The digit sequence 010'1010'1 uses a digit sequence separator at a spacing other than 4. | -| test.cpp:26:3:26:15 | 11000000000.0 | The digit sequence 1000'000 uses a digit sequence separator at a spacing other than 3. | -| test.cpp:27:3:27:16 | 11000000000.0 | The digit sequence 10'00'000 uses a digit sequence separator at a spacing other than 3. | -| test.cpp:28:3:28:17 | 11000000000.0 | The digit sequence 1'0 uses a digit sequence separator at a spacing other than 3. | -| test.cpp:29:3:29:16 | 11000000000.0 | The digit sequence 10'000'00 uses a digit sequence separator at a spacing other than 3. | -| test.cpp:30:3:30:15 | 11000000000.0 | The digit sequence 1'0 uses a digit sequence separator at a spacing other than 3. | +| test.cpp:26:3:26:15 | 1.1E10 | The digit sequence 1000'000 uses a digit sequence separator at a spacing other than 3. | +| test.cpp:27:3:27:16 | 1.1E10 | The digit sequence 10'00'000 uses a digit sequence separator at a spacing other than 3. | +| test.cpp:28:3:28:17 | 1.1E10 | The digit sequence 1'0 uses a digit sequence separator at a spacing other than 3. | +| test.cpp:29:3:29:16 | 1.1E10 | The digit sequence 10'000'00 uses a digit sequence separator at a spacing other than 3. | +| test.cpp:30:3:30:15 | 1.1E10 | The digit sequence 1'0 uses a digit sequence separator at a spacing other than 3. | diff --git a/cpp/autosar/test/rules/M2-13-4/LiteralSuffixNotUpperCase.expected b/cpp/autosar/test/rules/M2-13-4/LiteralSuffixNotUpperCase.expected index 9397fbac49..66fa304117 100644 --- a/cpp/autosar/test/rules/M2-13-4/LiteralSuffixNotUpperCase.expected +++ b/cpp/autosar/test/rules/M2-13-4/LiteralSuffixNotUpperCase.expected @@ -8,5 +8,5 @@ | test.cpp:16:3:16:14 | 1254450 | Numeric literal 0x13'24'32Ul has the lower case suffix l. | | test.cpp:17:3:17:13 | 1254450 | Numeric literal 0x13'24'32u has the lower case suffix u. | | test.cpp:18:3:18:13 | 1254450 | Numeric literal 0x13'24'32l has the lower case suffix l. | -| test.cpp:22:3:22:15 | 1.123122995e+10 | Numeric literal 1.123'123e10f has the lower case suffix f. | -| test.cpp:23:3:23:15 | 11231230000.0 | Numeric literal 1.123'123e10l has the lower case suffix l. | +| test.cpp:22:3:22:15 | 1.123123E10 | Numeric literal 1.123'123e10f has the lower case suffix f. | +| test.cpp:23:3:23:15 | 1.123123E10 | Numeric literal 1.123'123e10l has the lower case suffix l. | diff --git a/cpp/autosar/test/rules/M5-0-6/ImplicitConstConversionToSmallerUnderlyingType.expected b/cpp/autosar/test/rules/M5-0-6/ImplicitConstConversionToSmallerUnderlyingType.expected index 6b1d701128..00e191758c 100644 --- a/cpp/autosar/test/rules/M5-0-6/ImplicitConstConversionToSmallerUnderlyingType.expected +++ b/cpp/autosar/test/rules/M5-0-6/ImplicitConstConversionToSmallerUnderlyingType.expected @@ -1,2 +1,2 @@ | test.cpp:11:8:11:10 | (int8_t)... | Implicit conversion of integral $@ reduces the size from 4 bytes to 1 bytes. | test.cpp:11:8:11:10 | 256 | 256 | -| test.cpp:24:9:24:14 | (float)... | Implicit conversion of floating point $@ reduces the size from 8 bytes to 4 bytes. | test.cpp:24:9:24:14 | 3.500000000000000016e+38 | 3.5e38 | +| test.cpp:24:9:24:14 | (float)... | Implicit conversion of floating point $@ reduces the size from 8 bytes to 4 bytes. | test.cpp:24:9:24:14 | 3.5E38 | 3.5e38 | From aab3b2d0c09e17a3e3f60e698c436e7340690e90 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Tue, 19 May 2026 11:18:17 +0200 Subject: [PATCH 097/104] Update expected test results --- .../UnusedTypeDeclarations.expected | 9 ++++----- cpp/common/test/rules/unusedtypedeclarations/test.cpp | 5 +++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/cpp/common/test/rules/unusedtypedeclarations/UnusedTypeDeclarations.expected b/cpp/common/test/rules/unusedtypedeclarations/UnusedTypeDeclarations.expected index a4538f01c5..6c80382e35 100644 --- a/cpp/common/test/rules/unusedtypedeclarations/UnusedTypeDeclarations.expected +++ b/cpp/common/test/rules/unusedtypedeclarations/UnusedTypeDeclarations.expected @@ -3,8 +3,7 @@ | test.cpp:13:11:13:11 | D | Type declaration D is not used. | | test.cpp:77:11:77:11 | R | Type declaration R is not used. | | test.cpp:90:12:90:12 | (unnamed class/struct/union) | Type declaration (unnamed class/struct/union) is not used. | -| test.cpp:111:29:111:30 | AA | Type declaration AA is not used. | -| test.cpp:126:7:126:12 | Nested | Type declaration Nested is not used. | -| test.cpp:135:9:135:20 | UnusedNested | Type declaration UnusedNested is not used. | -| test.cpp:138:7:138:22 | NestedBlockScope | Type declaration NestedBlockScope is not used. | -| test.cpp:149:11:149:16 | Unused | Type declaration Unused is not used. | +| test.cpp:127:7:127:12 | Nested | Type declaration Nested is not used. | +| test.cpp:136:9:136:20 | UnusedNested | Type declaration UnusedNested is not used. | +| test.cpp:139:7:139:22 | NestedBlockScope | Type declaration NestedBlockScope is not used. | +| test.cpp:150:11:150:16 | Unused | Type declaration Unused is not used. | diff --git a/cpp/common/test/rules/unusedtypedeclarations/test.cpp b/cpp/common/test/rules/unusedtypedeclarations/test.cpp index 2c2699af04..af404ff005 100644 --- a/cpp/common/test/rules/unusedtypedeclarations/test.cpp +++ b/cpp/common/test/rules/unusedtypedeclarations/test.cpp @@ -107,8 +107,9 @@ template class X { // COMPLIANT - template class never instantiated template class Y {}; // COMPLIANT - used in the test case below // Alias templates -template using Z = Y; // COMPLIANT - used below -template using AA = Y; // NON_COMPLIANT - never instantiated +template using Z = Y; // COMPLIANT - used below +template +using AA = Y; // NON_COMPLIANT[FALSE_NEGATIVE] - never instantiated void test_alias_template() { Z v; } From e2495c866b10c445dc091a5a051cd3bc6e062018 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Tue, 19 May 2026 11:23:37 +0200 Subject: [PATCH 098/104] Update references to deprecated classes --- cpp/common/src/codingstandards/cpp/Identifiers.qll | 2 +- cpp/common/src/codingstandards/cpp/deadcode/UnusedVariables.qll | 2 +- .../MultipleGlobalOrMemberDeclarators.qll | 2 +- .../NonVoidFunctionDoesNotReturn.qll | 2 +- .../UnnecessaryExposedIdentifierDeclarationShared.qll | 2 +- .../cpp/rules/unusedtypedeclarations/UnusedTypeDeclarations.qll | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/cpp/common/src/codingstandards/cpp/Identifiers.qll b/cpp/common/src/codingstandards/cpp/Identifiers.qll index b1aaac9620..6240d207f1 100644 --- a/cpp/common/src/codingstandards/cpp/Identifiers.qll +++ b/cpp/common/src/codingstandards/cpp/Identifiers.qll @@ -22,7 +22,7 @@ class InterestingIdentifiers extends Declaration { InterestingIdentifiers() { not this.isFromTemplateInstantiation(_) and not this.isFromUninstantiatedTemplate(_) and - not this instanceof TemplateParameter and + not this instanceof TypeTemplateParameter and not this.hasDeclaringType() and not this instanceof Operator and not this.hasName("main") and diff --git a/cpp/common/src/codingstandards/cpp/deadcode/UnusedVariables.qll b/cpp/common/src/codingstandards/cpp/deadcode/UnusedVariables.qll index a0caabe624..0e21cf6cc2 100644 --- a/cpp/common/src/codingstandards/cpp/deadcode/UnusedVariables.qll +++ b/cpp/common/src/codingstandards/cpp/deadcode/UnusedVariables.qll @@ -13,7 +13,7 @@ import codingstandards.cpp.Scope */ class TemplateDependentType extends Type { TemplateDependentType() { - this instanceof TemplateParameter + this instanceof TypeTemplateParameter or exists(TemplateDependentType t | this.refersToDirectly(t) and diff --git a/cpp/common/src/codingstandards/cpp/rules/multipleglobalormemberdeclarators/MultipleGlobalOrMemberDeclarators.qll b/cpp/common/src/codingstandards/cpp/rules/multipleglobalormemberdeclarators/MultipleGlobalOrMemberDeclarators.qll index 05821d7270..712e61ab03 100644 --- a/cpp/common/src/codingstandards/cpp/rules/multipleglobalormemberdeclarators/MultipleGlobalOrMemberDeclarators.qll +++ b/cpp/common/src/codingstandards/cpp/rules/multipleglobalormemberdeclarators/MultipleGlobalOrMemberDeclarators.qll @@ -31,7 +31,7 @@ Query getQuery() { result instanceof MultipleGlobalOrMemberDeclaratorsSharedQuer class NonLocalUserDeclaration extends Declaration { NonLocalUserDeclaration() { not this instanceof StackVariable and - not this instanceof TemplateParameter and + not this instanceof TypeTemplateParameter and not this instanceof EnumConstant and not this instanceof TypedefType and not any(LambdaCapture lc).getField() = this and diff --git a/cpp/common/src/codingstandards/cpp/rules/nonvoidfunctiondoesnotreturn/NonVoidFunctionDoesNotReturn.qll b/cpp/common/src/codingstandards/cpp/rules/nonvoidfunctiondoesnotreturn/NonVoidFunctionDoesNotReturn.qll index cd5d1bdef4..2ee0a1a152 100644 --- a/cpp/common/src/codingstandards/cpp/rules/nonvoidfunctiondoesnotreturn/NonVoidFunctionDoesNotReturn.qll +++ b/cpp/common/src/codingstandards/cpp/rules/nonvoidfunctiondoesnotreturn/NonVoidFunctionDoesNotReturn.qll @@ -16,7 +16,7 @@ predicate functionsMissingReturnStmt(Function f, ControlFlowNode blame) { exists(Type returnType | returnType = f.getUnspecifiedType() and not returnType instanceof VoidType and - not returnType instanceof TemplateParameter + not returnType instanceof TypeTemplateParameter ) and exists(ReturnStmt s | f.getAPredecessor() = s and diff --git a/cpp/common/src/codingstandards/cpp/rules/unnecessaryexposedidentifierdeclarationshared/UnnecessaryExposedIdentifierDeclarationShared.qll b/cpp/common/src/codingstandards/cpp/rules/unnecessaryexposedidentifierdeclarationshared/UnnecessaryExposedIdentifierDeclarationShared.qll index 695a8740b6..8b0dcbc6c2 100644 --- a/cpp/common/src/codingstandards/cpp/rules/unnecessaryexposedidentifierdeclarationshared/UnnecessaryExposedIdentifierDeclarationShared.qll +++ b/cpp/common/src/codingstandards/cpp/rules/unnecessaryexposedidentifierdeclarationshared/UnnecessaryExposedIdentifierDeclarationShared.qll @@ -218,7 +218,7 @@ class CandidateDeclaration extends Declaration { or this instanceof Type and not this instanceof ClassTemplateInstantiation and - not this instanceof TemplateParameter + not this instanceof TypeTemplateParameter } } diff --git a/cpp/common/src/codingstandards/cpp/rules/unusedtypedeclarations/UnusedTypeDeclarations.qll b/cpp/common/src/codingstandards/cpp/rules/unusedtypedeclarations/UnusedTypeDeclarations.qll index b6d085619a..a0de4fe329 100644 --- a/cpp/common/src/codingstandards/cpp/rules/unusedtypedeclarations/UnusedTypeDeclarations.qll +++ b/cpp/common/src/codingstandards/cpp/rules/unusedtypedeclarations/UnusedTypeDeclarations.qll @@ -14,7 +14,7 @@ Query getQuery() { result instanceof UnusedTypeDeclarationsSharedQuery } query predicate problems(UserType ut, string message) { not isExcluded(ut, getQuery()) and message = "Type declaration " + ut.getName() + " is not used." and - not ut instanceof TemplateParameter and + not ut instanceof TypeTemplateParameter and not ut instanceof ProxyClass and not exists(getATypeUse(ut)) and not ut.isFromUninstantiatedTemplate(_) From a42dd07d6dd6c25b6db47181aa51e69aab3db46d Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Tue, 26 May 2026 19:15:44 +0200 Subject: [PATCH 099/104] Update references to deprecated classes --- cpp/common/src/codingstandards/cpp/Identifiers.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/common/src/codingstandards/cpp/Identifiers.qll b/cpp/common/src/codingstandards/cpp/Identifiers.qll index 6240d207f1..3e651cfcb0 100644 --- a/cpp/common/src/codingstandards/cpp/Identifiers.qll +++ b/cpp/common/src/codingstandards/cpp/Identifiers.qll @@ -291,7 +291,7 @@ private module IdentifierIntroductionImpl { // A template parameter may itself be a template (`template class T>`). // The inner template parameter `template` is anonymous and does not introduce an // identifier. - not type.(TemplateParameter).isAnonymous() + not type.(TypeTemplateParameter).isAnonymous() or // In the above case, the template template parameter `T` is incorrectly marked as anonymous // in the database. But it does introduce the identifier `T`, so it must not be excluded. From d66ec8d412664884609369f42802e57e68ef55a1 Mon Sep 17 00:00:00 2001 From: Mauro Baluda Date: Tue, 30 Jun 2026 13:02:01 +0200 Subject: [PATCH 100/104] Use the new dataflow module without affecting any tested behavior (#1142) - Updated various QL files to replace deprecated 'DataFlow' and 'TaintTracking' imports with 'new.DataFlow' and 'new.TaintTracking'. - Update expected warnings to reflect deprecation of DataFlow and TaintTracking modules --- ...nOrderOfFunctionArgumentsForSideEffects.ql | 2 +- .../InsufficientMemoryAllocatedForObject.ql | 1 - ...OfFunctionArgumentsForSideEffects.expected | 24 ---------- .../src/codingstandards/c/OutOfBounds.qll | 1 - .../rules/CTR53-CPP/UseValidIteratorRanges.ql | 2 +- ...fectsInFunctionCallsAsFunctionArguments.ql | 1 - .../DetectAndHandleMemoryAllocationErrors.ql | 2 +- ...nFunctionCallsAsFunctionArguments.expected | 48 +++++++++---------- ...ctAndHandleMemoryAllocationErrors.expected | 6 --- .../src/codingstandards/cpp/AccessPath.qll | 2 +- .../src/codingstandards/cpp/Allocations.qll | 2 +- .../src/codingstandards/cpp/ConstHelpers.qll | 2 +- cpp/common/src/codingstandards/cpp/Expr.qll | 2 +- .../src/codingstandards/cpp/Iterators.qll | 4 +- .../src/codingstandards/cpp/OutOfBounds.qll | 1 - .../src/codingstandards/cpp/Overflow.qll | 2 +- .../codingstandards/cpp/ReadErrorsAndEOF.qll | 2 +- .../src/codingstandards/cpp/SmartPointers.qll | 2 +- .../ContainerAccessWithoutRangeCheck.qll | 2 +- .../nonconstantformat/NonConstantFormat.qll | 2 +- .../cpp/standardlibrary/FileStreams.qll | 1 - .../cpp/standardlibrary/STLContainers.qll | 3 +- .../UnnecessaryWriteToLocalObject.ql | 2 +- 23 files changed, 40 insertions(+), 76 deletions(-) diff --git a/c/cert/src/rules/EXP30-C/DependenceOnOrderOfFunctionArgumentsForSideEffects.ql b/c/cert/src/rules/EXP30-C/DependenceOnOrderOfFunctionArgumentsForSideEffects.ql index 48b9487728..24a7089ccc 100644 --- a/c/cert/src/rules/EXP30-C/DependenceOnOrderOfFunctionArgumentsForSideEffects.ql +++ b/c/cert/src/rules/EXP30-C/DependenceOnOrderOfFunctionArgumentsForSideEffects.ql @@ -19,7 +19,7 @@ import cpp import codingstandards.c.cert import codingstandards.cpp.SideEffect -import semmle.code.cpp.dataflow.TaintTracking +import semmle.code.cpp.dataflow.new.TaintTracking import semmle.code.cpp.valuenumbering.GlobalValueNumbering /** Holds if the function's return value is derived from the `AliasParamter` p. */ diff --git a/c/cert/src/rules/MEM35-C/InsufficientMemoryAllocatedForObject.ql b/c/cert/src/rules/MEM35-C/InsufficientMemoryAllocatedForObject.ql index 2f937607e3..a035f4697b 100644 --- a/c/cert/src/rules/MEM35-C/InsufficientMemoryAllocatedForObject.ql +++ b/c/cert/src/rules/MEM35-C/InsufficientMemoryAllocatedForObject.ql @@ -21,7 +21,6 @@ import cpp import codingstandards.c.cert import codingstandards.cpp.Overflow import semmle.code.cpp.controlflow.Guards -import semmle.code.cpp.dataflow.new.TaintTracking import semmle.code.cpp.models.Models /** diff --git a/c/cert/test/rules/EXP30-C/DependenceOnOrderOfFunctionArgumentsForSideEffects.expected b/c/cert/test/rules/EXP30-C/DependenceOnOrderOfFunctionArgumentsForSideEffects.expected index 034f7e9366..3ea1a05fd7 100644 --- a/c/cert/test/rules/EXP30-C/DependenceOnOrderOfFunctionArgumentsForSideEffects.expected +++ b/c/cert/test/rules/EXP30-C/DependenceOnOrderOfFunctionArgumentsForSideEffects.expected @@ -1,25 +1 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DependenceOnOrderOfFunctionArgumentsForSideEffects.ql:28,31-39) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DependenceOnOrderOfFunctionArgumentsForSideEffects.ql:28,59-67) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DependenceOnOrderOfFunctionArgumentsForSideEffects.ql:31,33-41) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DependenceOnOrderOfFunctionArgumentsForSideEffects.ql:31,57-65) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DependenceOnOrderOfFunctionArgumentsForSideEffects.ql:35,33-41) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DependenceOnOrderOfFunctionArgumentsForSideEffects.ql:35,59-67) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DependenceOnOrderOfFunctionArgumentsForSideEffects.ql:44,5-13) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DependenceOnOrderOfFunctionArgumentsForSideEffects.ql:44,25-33) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DependenceOnOrderOfFunctionArgumentsForSideEffects.ql:44,53-61) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DependenceOnOrderOfFunctionArgumentsForSideEffects.ql:47,31-39) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DependenceOnOrderOfFunctionArgumentsForSideEffects.ql:47,57-65) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DependenceOnOrderOfFunctionArgumentsForSideEffects.ql:56,31-39) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DependenceOnOrderOfFunctionArgumentsForSideEffects.ql:56,55-63) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DependenceOnOrderOfFunctionArgumentsForSideEffects.ql:63,31-39) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DependenceOnOrderOfFunctionArgumentsForSideEffects.ql:63,57-65) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DependenceOnOrderOfFunctionArgumentsForSideEffects.ql:75,31-39) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DependenceOnOrderOfFunctionArgumentsForSideEffects.ql:75,55-63) -WARNING: module 'TaintTracking' has been deprecated and may be removed in future (DependenceOnOrderOfFunctionArgumentsForSideEffects.ql:28,5-18) -WARNING: module 'TaintTracking' has been deprecated and may be removed in future (DependenceOnOrderOfFunctionArgumentsForSideEffects.ql:31,7-20) -WARNING: module 'TaintTracking' has been deprecated and may be removed in future (DependenceOnOrderOfFunctionArgumentsForSideEffects.ql:35,7-20) -WARNING: module 'TaintTracking' has been deprecated and may be removed in future (DependenceOnOrderOfFunctionArgumentsForSideEffects.ql:47,5-18) -WARNING: module 'TaintTracking' has been deprecated and may be removed in future (DependenceOnOrderOfFunctionArgumentsForSideEffects.ql:56,5-18) -WARNING: module 'TaintTracking' has been deprecated and may be removed in future (DependenceOnOrderOfFunctionArgumentsForSideEffects.ql:63,5-18) -WARNING: module 'TaintTracking' has been deprecated and may be removed in future (DependenceOnOrderOfFunctionArgumentsForSideEffects.ql:75,5-18) | test.c:20:3:20:4 | call to f1 | Depending on the order of evaluation for the arguments $@ and $@ for side effects on shared state is unspecified and can result in unexpected behavior. | test.c:20:6:20:7 | call to f2 | call to f2 | test.c:20:12:20:13 | call to f3 | call to f3 | diff --git a/c/common/src/codingstandards/c/OutOfBounds.qll b/c/common/src/codingstandards/c/OutOfBounds.qll index 1f1680f56c..a615b7f451 100644 --- a/c/common/src/codingstandards/c/OutOfBounds.qll +++ b/c/common/src/codingstandards/c/OutOfBounds.qll @@ -11,7 +11,6 @@ import codingstandards.cpp.Allocations import codingstandards.cpp.Overflow import codingstandards.cpp.PossiblyUnsafeStringOperation import codingstandards.cpp.SimpleRangeAnalysisCustomizations -private import semmle.code.cpp.dataflow.DataFlow import semmle.code.cpp.valuenumbering.GlobalValueNumbering module OOB { diff --git a/cpp/cert/src/rules/CTR53-CPP/UseValidIteratorRanges.ql b/cpp/cert/src/rules/CTR53-CPP/UseValidIteratorRanges.ql index 58a7d20bed..4e2aba0e1e 100644 --- a/cpp/cert/src/rules/CTR53-CPP/UseValidIteratorRanges.ql +++ b/cpp/cert/src/rules/CTR53-CPP/UseValidIteratorRanges.ql @@ -18,7 +18,7 @@ import cpp import codingstandards.cpp.cert -import codingstandards.cpp.Iterators +import codingstandards.cpp.standardlibrary.Iterators import semmle.code.cpp.dataflow.new.DataFlow predicate startEndArgumentsDoNotPointToTheSameContainer( diff --git a/cpp/cert/src/rules/EXP50-CPP/DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql b/cpp/cert/src/rules/EXP50-CPP/DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql index 960d04449e..cf4906a8f2 100644 --- a/cpp/cert/src/rules/EXP50-CPP/DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql +++ b/cpp/cert/src/rules/EXP50-CPP/DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql @@ -19,7 +19,6 @@ import cpp import codingstandards.cpp.cert import codingstandards.cpp.SideEffect -import semmle.code.cpp.dataflow.DataFlow import semmle.code.cpp.dataflow.TaintTracking import semmle.code.cpp.valuenumbering.GlobalValueNumbering diff --git a/cpp/cert/src/rules/MEM52-CPP/DetectAndHandleMemoryAllocationErrors.ql b/cpp/cert/src/rules/MEM52-CPP/DetectAndHandleMemoryAllocationErrors.ql index 79ff7a08a2..010e9e7b8a 100644 --- a/cpp/cert/src/rules/MEM52-CPP/DetectAndHandleMemoryAllocationErrors.ql +++ b/cpp/cert/src/rules/MEM52-CPP/DetectAndHandleMemoryAllocationErrors.ql @@ -18,7 +18,7 @@ import cpp import codingstandards.cpp.cert import semmle.code.cpp.controlflow.Guards -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import codingstandards.cpp.exceptions.ExceptionSpecifications /** diff --git a/cpp/cert/test/rules/EXP50-CPP/DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.expected b/cpp/cert/test/rules/EXP50-CPP/DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.expected index 08d46a7bbd..a054976ae6 100644 --- a/cpp/cert/test/rules/EXP50-CPP/DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.expected +++ b/cpp/cert/test/rules/EXP50-CPP/DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.expected @@ -1,27 +1,27 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:29,31-39) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:29,59-67) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:32,33-41) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:32,57-65) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:36,33-41) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:36,59-67) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:45,5-13) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:45,25-33) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:45,53-61) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:48,31-39) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:48,57-65) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:57,31-39) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:57,55-63) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:64,31-39) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:64,57-65) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:76,31-39) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:76,55-63) -WARNING: module 'TaintTracking' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:29,5-18) -WARNING: module 'TaintTracking' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:32,7-20) -WARNING: module 'TaintTracking' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:36,7-20) -WARNING: module 'TaintTracking' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:48,5-18) -WARNING: module 'TaintTracking' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:57,5-18) -WARNING: module 'TaintTracking' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:64,5-18) -WARNING: module 'TaintTracking' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:76,5-18) +WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:28,31-39) +WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:28,59-67) +WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:31,33-41) +WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:31,57-65) +WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:35,33-41) +WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:35,59-67) +WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:44,5-13) +WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:44,25-33) +WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:44,53-61) +WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:47,31-39) +WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:47,57-65) +WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:56,31-39) +WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:56,55-63) +WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:63,31-39) +WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:63,57-65) +WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:75,31-39) +WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:75,55-63) +WARNING: module 'TaintTracking' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:28,5-18) +WARNING: module 'TaintTracking' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:31,7-20) +WARNING: module 'TaintTracking' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:35,7-20) +WARNING: module 'TaintTracking' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:47,5-18) +WARNING: module 'TaintTracking' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:56,5-18) +WARNING: module 'TaintTracking' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:63,5-18) +WARNING: module 'TaintTracking' has been deprecated and may be removed in future (DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:75,5-18) | test.cpp:82:3:82:4 | call to f2 | Depending on the order of evaluation for the arguments $@ and $@ for side effects on shared state is unspecified and can result in unexpected behavior. | test.cpp:82:6:82:7 | call to f5 | call to f5 | test.cpp:82:12:82:13 | call to f6 | call to f6 | | test.cpp:84:3:84:4 | call to f2 | Depending on the order of evaluation for the arguments $@ and $@ for side effects on shared state is unspecified and can result in unexpected behavior. | test.cpp:84:6:84:7 | call to f5 | call to f5 | test.cpp:84:12:84:13 | call to f7 | call to f7 | | test.cpp:87:3:87:4 | call to f2 | Depending on the order of evaluation for the arguments $@ and $@ for side effects on shared state is unspecified and can result in unexpected behavior. | test.cpp:87:9:87:10 | call to m1 | call to m1 | test.cpp:87:18:87:19 | call to m1 | call to m1 | diff --git a/cpp/cert/test/rules/MEM52-CPP/DetectAndHandleMemoryAllocationErrors.expected b/cpp/cert/test/rules/MEM52-CPP/DetectAndHandleMemoryAllocationErrors.expected index ec11edcd2b..b7452ec199 100644 --- a/cpp/cert/test/rules/MEM52-CPP/DetectAndHandleMemoryAllocationErrors.expected +++ b/cpp/cert/test/rules/MEM52-CPP/DetectAndHandleMemoryAllocationErrors.expected @@ -1,8 +1,2 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DetectAndHandleMemoryAllocationErrors.ql:64,5-13) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DetectAndHandleMemoryAllocationErrors.ql:87,46-54) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DetectAndHandleMemoryAllocationErrors.ql:88,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DetectAndHandleMemoryAllocationErrors.ql:92,20-28) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DetectAndHandleMemoryAllocationErrors.ql:97,35-43) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (DetectAndHandleMemoryAllocationErrors.ql:102,38-46) | test.cpp:24:7:24:34 | new | nothrow new allocation of $@ returns here without a subsequent check to see whether the pointer is valid. | test.cpp:24:7:24:34 | new | StructA * | | test.cpp:40:17:40:38 | call to allocate_without_check | nothrow new allocation of $@ returns here without a subsequent check to see whether the pointer is valid. | test.cpp:35:17:35:44 | new | StructA * | diff --git a/cpp/common/src/codingstandards/cpp/AccessPath.qll b/cpp/common/src/codingstandards/cpp/AccessPath.qll index 3af462e1ec..a83575cb7e 100644 --- a/cpp/common/src/codingstandards/cpp/AccessPath.qll +++ b/cpp/common/src/codingstandards/cpp/AccessPath.qll @@ -1,5 +1,5 @@ import cpp -private import semmle.code.cpp.dataflow.DataFlow +private import semmle.code.cpp.dataflow.new.DataFlow newtype TFieldQualifier = ExplicitQualifier(VariableAccess v) or diff --git a/cpp/common/src/codingstandards/cpp/Allocations.qll b/cpp/common/src/codingstandards/cpp/Allocations.qll index decdfe9fc4..6c775ccbab 100644 --- a/cpp/common/src/codingstandards/cpp/Allocations.qll +++ b/cpp/common/src/codingstandards/cpp/Allocations.qll @@ -7,7 +7,7 @@ import cpp import semmle.code.cpp.controlflow.SSA -private import semmle.code.cpp.dataflow.DataFlow +private import semmle.code.cpp.dataflow.new.DataFlow /** * Holds if `alloc` is a use of `malloc` or `new`. `kind` is diff --git a/cpp/common/src/codingstandards/cpp/ConstHelpers.qll b/cpp/common/src/codingstandards/cpp/ConstHelpers.qll index a3d12fd127..2a675cad5e 100644 --- a/cpp/common/src/codingstandards/cpp/ConstHelpers.qll +++ b/cpp/common/src/codingstandards/cpp/ConstHelpers.qll @@ -4,7 +4,7 @@ import cpp import codingstandards.cpp.SideEffect -private import semmle.code.cpp.dataflow.DataFlow +private import semmle.code.cpp.dataflow.new.DataFlow import codingstandards.cpp.FunctionParameter /** A variable that can be modified (both the pointer and object pointed to if pointer type) */ diff --git a/cpp/common/src/codingstandards/cpp/Expr.qll b/cpp/common/src/codingstandards/cpp/Expr.qll index bf3d1dcd56..c4650ea0b4 100644 --- a/cpp/common/src/codingstandards/cpp/Expr.qll +++ b/cpp/common/src/codingstandards/cpp/Expr.qll @@ -1,5 +1,5 @@ import cpp -private import semmle.code.cpp.dataflow.DataFlow +private import semmle.code.cpp.dataflow.new.DataFlow private import semmle.code.cpp.valuenumbering.GlobalValueNumbering import codingstandards.cpp.AccessPath diff --git a/cpp/common/src/codingstandards/cpp/Iterators.qll b/cpp/common/src/codingstandards/cpp/Iterators.qll index 38ebf3f7b7..b830151236 100644 --- a/cpp/common/src/codingstandards/cpp/Iterators.qll +++ b/cpp/common/src/codingstandards/cpp/Iterators.qll @@ -3,13 +3,13 @@ */ import cpp -private import semmle.code.cpp.dataflow.DataFlow -private import semmle.code.cpp.dataflow.TaintTracking +private import semmle.code.cpp.dataflow.new.TaintTracking import codingstandards.cpp.StdNamespace import codingstandards.cpp.rules.containeraccesswithoutrangecheck.ContainerAccessWithoutRangeCheck as ContainerAccessWithoutRangeCheck import semmle.code.cpp.controlflow.Guards import semmle.code.cpp.valuenumbering.GlobalValueNumbering import semmle.code.cpp.rangeanalysis.RangeAnalysisUtils +import codingstandards.cpp.standardlibrary.STLContainers abstract class ContainerAccess extends VariableAccess { abstract Variable getOwningContainer(); diff --git a/cpp/common/src/codingstandards/cpp/OutOfBounds.qll b/cpp/common/src/codingstandards/cpp/OutOfBounds.qll index b088233f92..888a34e104 100644 --- a/cpp/common/src/codingstandards/cpp/OutOfBounds.qll +++ b/cpp/common/src/codingstandards/cpp/OutOfBounds.qll @@ -16,7 +16,6 @@ import codingstandards.cpp.Allocations import codingstandards.cpp.Overflow import codingstandards.cpp.PossiblyUnsafeStringOperation import codingstandards.cpp.SimpleRangeAnalysisCustomizations -private import semmle.code.cpp.dataflow.DataFlow import semmle.code.cpp.valuenumbering.GlobalValueNumbering module OOB { diff --git a/cpp/common/src/codingstandards/cpp/Overflow.qll b/cpp/common/src/codingstandards/cpp/Overflow.qll index b81147d6bf..28a5c0d9db 100644 --- a/cpp/common/src/codingstandards/cpp/Overflow.qll +++ b/cpp/common/src/codingstandards/cpp/Overflow.qll @@ -6,7 +6,7 @@ import cpp import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis import SimpleRangeAnalysisCustomizations import semmle.code.cpp.controlflow.Guards -private import semmle.code.cpp.dataflow.TaintTracking +import semmle.code.cpp.dataflow.TaintTracking import semmle.code.cpp.valuenumbering.GlobalValueNumbering import codingstandards.cpp.Expr import codingstandards.cpp.UndefinedBehavior diff --git a/cpp/common/src/codingstandards/cpp/ReadErrorsAndEOF.qll b/cpp/common/src/codingstandards/cpp/ReadErrorsAndEOF.qll index 94e7f89796..af24ab9a7c 100644 --- a/cpp/common/src/codingstandards/cpp/ReadErrorsAndEOF.qll +++ b/cpp/common/src/codingstandards/cpp/ReadErrorsAndEOF.qll @@ -1,5 +1,5 @@ import cpp -private import semmle.code.cpp.dataflow.DataFlow +private import semmle.code.cpp.dataflow.new.DataFlow import codingstandards.cpp.standardlibrary.FileAccess /** diff --git a/cpp/common/src/codingstandards/cpp/SmartPointers.qll b/cpp/common/src/codingstandards/cpp/SmartPointers.qll index a643b0bc2b..99d5fa853f 100644 --- a/cpp/common/src/codingstandards/cpp/SmartPointers.qll +++ b/cpp/common/src/codingstandards/cpp/SmartPointers.qll @@ -1,5 +1,5 @@ import cpp -private import semmle.code.cpp.dataflow.DataFlow +private import semmle.code.cpp.dataflow.new.DataFlow // Local cached version of localExprFlow to avoid bad magic cached diff --git a/cpp/common/src/codingstandards/cpp/rules/containeraccesswithoutrangecheck/ContainerAccessWithoutRangeCheck.qll b/cpp/common/src/codingstandards/cpp/rules/containeraccesswithoutrangecheck/ContainerAccessWithoutRangeCheck.qll index fcf20afbc0..784b585950 100644 --- a/cpp/common/src/codingstandards/cpp/rules/containeraccesswithoutrangecheck/ContainerAccessWithoutRangeCheck.qll +++ b/cpp/common/src/codingstandards/cpp/rules/containeraccesswithoutrangecheck/ContainerAccessWithoutRangeCheck.qll @@ -12,7 +12,7 @@ import codingstandards.cpp.Operator import semmle.code.cpp.controlflow.Guards private import semmle.code.cpp.rangeanalysis.RangeAnalysisUtils import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import semmle.code.cpp.valuenumbering.GlobalValueNumbering abstract class ContainerAccessWithoutRangeCheckSharedQuery extends Query { } diff --git a/cpp/common/src/codingstandards/cpp/rules/nonconstantformat/NonConstantFormat.qll b/cpp/common/src/codingstandards/cpp/rules/nonconstantformat/NonConstantFormat.qll index 248cde106f..0b4cabbfee 100644 --- a/cpp/common/src/codingstandards/cpp/rules/nonconstantformat/NonConstantFormat.qll +++ b/cpp/common/src/codingstandards/cpp/rules/nonconstantformat/NonConstantFormat.qll @@ -1,7 +1,7 @@ import cpp import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions -import semmle.code.cpp.dataflow.TaintTracking +import semmle.code.cpp.dataflow.new.TaintTracking import semmle.code.cpp.commons.Printf abstract class NonConstantFormatSharedQuery extends Query { } diff --git a/cpp/common/src/codingstandards/cpp/standardlibrary/FileStreams.qll b/cpp/common/src/codingstandards/cpp/standardlibrary/FileStreams.qll index 4714fde6a2..3606cc0d2b 100644 --- a/cpp/common/src/codingstandards/cpp/standardlibrary/FileStreams.qll +++ b/cpp/common/src/codingstandards/cpp/standardlibrary/FileStreams.qll @@ -10,7 +10,6 @@ */ import cpp -private import semmle.code.cpp.dataflow.new.DataFlow private import semmle.code.cpp.dataflow.new.TaintTracking private import codingstandards.cpp.Operator diff --git a/cpp/common/src/codingstandards/cpp/standardlibrary/STLContainers.qll b/cpp/common/src/codingstandards/cpp/standardlibrary/STLContainers.qll index 64a1aee3b4..bc8aac43f6 100644 --- a/cpp/common/src/codingstandards/cpp/standardlibrary/STLContainers.qll +++ b/cpp/common/src/codingstandards/cpp/standardlibrary/STLContainers.qll @@ -1,8 +1,7 @@ import cpp import codingstandards.cpp.StdNamespace private import codingstandards.cpp.standardlibrary.Iterators -private import semmle.code.cpp.dataflow.DataFlow -private import semmle.code.cpp.dataflow.TaintTracking +private import semmle.code.cpp.dataflow.new.TaintTracking private import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis newtype TContainerKind = diff --git a/cpp/misra/src/rules/RULE-0-1-1/UnnecessaryWriteToLocalObject.ql b/cpp/misra/src/rules/RULE-0-1-1/UnnecessaryWriteToLocalObject.ql index b175717f70..9cd1ad6804 100644 --- a/cpp/misra/src/rules/RULE-0-1-1/UnnecessaryWriteToLocalObject.ql +++ b/cpp/misra/src/rules/RULE-0-1-1/UnnecessaryWriteToLocalObject.ql @@ -16,7 +16,7 @@ */ import cpp -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import codingstandards.cpp.misra import codingstandards.cpp.lifetimes.CppObjects import codingstandards.cpp.lifetimes.CppSubObjects From 5f61284f7aae1a360653216a4579ee6ec7800d6c Mon Sep 17 00:00:00 2001 From: Mauro Baluda Date: Tue, 30 Jun 2026 17:07:08 +0200 Subject: [PATCH 101/104] Update CodeQL dependencies and fix various issues - Updated CodeQL to v2.23.3. - Improved error messages in EXP37-C and EXP50-CPP . - FIxed false negatives in `RULE-14-3`, `RULE-2-3` and `A0-1-6` --- c/cert/src/codeql-pack.lock.yml | 24 +++++----- c/cert/src/qlpack.yml | 2 +- .../VariableLengthArraySizeNotInValidRange.ql | 2 +- ...tCallFunctionsWithIncompatibleArguments.ql | 4 +- c/cert/test/codeql-pack.lock.yml | 24 +++++----- ...bleLengthArraySizeNotInValidRange.expected | 2 + ...unctionsWithIncompatibleArguments.expected | 6 +-- ...ufficientMemoryAllocatedForObject.expected | 2 + ...SafeFunctionsWithinSignalHandlers.expected | 8 ++-- c/common/src/codeql-pack.lock.yml | 24 +++++----- c/common/src/qlpack.yml | 2 +- c/common/test/codeql-pack.lock.yml | 24 +++++----- c/misra/src/codeql-pack.lock.yml | 24 +++++----- c/misra/src/qlpack.yml | 2 +- c/misra/test/codeql-pack.lock.yml | 24 +++++----- .../ControllingExprInvariant.expected | 1 + c/misra/test/rules/RULE-14-3/test.c | 2 +- change_notes/2026-06-25-upgrade-to-2.23.3.md | 10 ++++ cpp/autosar/src/codeql-pack.lock.yml | 24 +++++----- cpp/autosar/src/qlpack.yml | 2 +- cpp/autosar/test/codeql-pack.lock.yml | 24 +++++----- ...tervalForDigitSequencesSeparators.expected | 10 ++-- ...ExternalOrInternalLinkageIsReused.expected | 4 +- .../LiteralSuffixNotUpperCase.expected | 4 +- ...ConversionToSmallerUnderlyingType.expected | 2 +- cpp/cert/src/codeql-pack.lock.yml | 24 +++++----- cpp/cert/src/qlpack.yml | 2 +- ...rOfScalarObjectEvaluationForSideEffects.ql | 4 +- cpp/cert/test/codeql-pack.lock.yml | 24 +++++----- ...larObjectEvaluationForSideEffects.expected | 46 ++++++++++++------- cpp/common/src/codeql-pack.lock.yml | 24 +++++----- .../cpp/MistypedFunctionArguments.qll | 4 +- .../src/codingstandards/cpp/SideEffect.qll | 2 +- .../cpp/standardlibrary/STLContainers.qll | 1 - cpp/common/src/qlpack.yml | 2 +- cpp/common/test/codeql-pack.lock.yml | 24 +++++----- .../cpp/identifiers/IdentifiersTest.expected | 2 +- .../UnusedTypeDeclarations.expected | 9 ++-- .../rules/unusedtypedeclarations/test.cpp | 5 +- cpp/misra/src/codeql-pack.lock.yml | 24 +++++----- cpp/misra/src/qlpack.yml | 2 +- .../PointerArithmeticFormsAnInvalidPointer.ql | 5 +- cpp/misra/test/codeql-pack.lock.yml | 24 +++++----- cpp/report/src/codeql-pack.lock.yml | 24 +++++----- cpp/report/src/qlpack.yml | 2 +- .../queries/codeql-pack.lock.yml | 24 +++++----- scripts/generate_modules/queries/qlpack.yml | 2 +- supported_codeql_configs.json | 6 +-- 48 files changed, 299 insertions(+), 244 deletions(-) create mode 100644 change_notes/2026-06-25-upgrade-to-2.23.3.md diff --git a/c/cert/src/codeql-pack.lock.yml b/c/cert/src/codeql-pack.lock.yml index 86c985eb17..89576df617 100644 --- a/c/cert/src/codeql-pack.lock.yml +++ b/c/cert/src/codeql-pack.lock.yml @@ -3,26 +3,28 @@ lockVersion: 1.0.0 dependencies: advanced-security/qtil: version: 0.0.3 + codeql/controlflow: + version: 2.0.17 codeql/cpp-all: - version: 5.0.0 + version: 6.0.0 codeql/dataflow: - version: 2.0.8 + version: 2.0.17 codeql/mad: - version: 1.0.24 + version: 1.0.33 codeql/quantum: - version: 0.0.2 + version: 0.0.11 codeql/rangeanalysis: - version: 1.0.24 + version: 1.0.33 codeql/ssa: - version: 2.0.0 + version: 2.0.9 codeql/tutorial: - version: 1.0.24 + version: 1.0.33 codeql/typeflow: - version: 1.0.24 + version: 1.0.33 codeql/typetracking: - version: 2.0.8 + version: 2.0.17 codeql/util: - version: 2.0.11 + version: 2.0.20 codeql/xml: - version: 1.0.24 + version: 1.0.33 compiled: false diff --git a/c/cert/src/qlpack.yml b/c/cert/src/qlpack.yml index 6cca0cc918..39862ac6e9 100644 --- a/c/cert/src/qlpack.yml +++ b/c/cert/src/qlpack.yml @@ -6,4 +6,4 @@ license: MIT default-suite-file: codeql-suites/cert-c-default.qls dependencies: codeql/common-c-coding-standards: '*' - codeql/cpp-all: 5.0.0 + codeql/cpp-all: 6.0.0 diff --git a/c/cert/src/rules/ARR32-C/VariableLengthArraySizeNotInValidRange.ql b/c/cert/src/rules/ARR32-C/VariableLengthArraySizeNotInValidRange.ql index 9fd4aae3b4..1356777e5f 100644 --- a/c/cert/src/rules/ARR32-C/VariableLengthArraySizeNotInValidRange.ql +++ b/c/cert/src/rules/ARR32-C/VariableLengthArraySizeNotInValidRange.ql @@ -20,7 +20,7 @@ import cpp import codingstandards.c.cert import codingstandards.cpp.Overflow -import semmle.code.cpp.dataflow.new.TaintTracking +import semmle.code.cpp.dataflow.TaintTracking /** * Gets the maximum size (in bytes) a variable-length array diff --git a/c/cert/src/rules/EXP37-C/DoNotCallFunctionsWithIncompatibleArguments.ql b/c/cert/src/rules/EXP37-C/DoNotCallFunctionsWithIncompatibleArguments.ql index 4c5ba57504..96dcc4efb1 100644 --- a/c/cert/src/rules/EXP37-C/DoNotCallFunctionsWithIncompatibleArguments.ql +++ b/c/cert/src/rules/EXP37-C/DoNotCallFunctionsWithIncompatibleArguments.ql @@ -29,5 +29,5 @@ where complexArgumentPassedToRealParameter(fc, f, p) ) select fc, - "Argument $@ in call to " + f.toString() + " is incompatible with parameter " + p.getTypedName() + - ".", fc.getArgument(p.getIndex()) as arg, arg.toString() + "Argument $@ in call to " + f.toString() + " is incompatible with the function parameter type.", + fc.getArgument(p.getIndex()) as arg, arg.toString() diff --git a/c/cert/test/codeql-pack.lock.yml b/c/cert/test/codeql-pack.lock.yml index 86c985eb17..89576df617 100644 --- a/c/cert/test/codeql-pack.lock.yml +++ b/c/cert/test/codeql-pack.lock.yml @@ -3,26 +3,28 @@ lockVersion: 1.0.0 dependencies: advanced-security/qtil: version: 0.0.3 + codeql/controlflow: + version: 2.0.17 codeql/cpp-all: - version: 5.0.0 + version: 6.0.0 codeql/dataflow: - version: 2.0.8 + version: 2.0.17 codeql/mad: - version: 1.0.24 + version: 1.0.33 codeql/quantum: - version: 0.0.2 + version: 0.0.11 codeql/rangeanalysis: - version: 1.0.24 + version: 1.0.33 codeql/ssa: - version: 2.0.0 + version: 2.0.9 codeql/tutorial: - version: 1.0.24 + version: 1.0.33 codeql/typeflow: - version: 1.0.24 + version: 1.0.33 codeql/typetracking: - version: 2.0.8 + version: 2.0.17 codeql/util: - version: 2.0.11 + version: 2.0.20 codeql/xml: - version: 1.0.24 + version: 1.0.33 compiled: false diff --git a/c/cert/test/rules/ARR32-C/VariableLengthArraySizeNotInValidRange.expected b/c/cert/test/rules/ARR32-C/VariableLengthArraySizeNotInValidRange.expected index 25153f195b..1617571bbe 100644 --- a/c/cert/test/rules/ARR32-C/VariableLengthArraySizeNotInValidRange.expected +++ b/c/cert/test/rules/ARR32-C/VariableLengthArraySizeNotInValidRange.expected @@ -1,3 +1,5 @@ +WARNING: module 'DataFlow' has been deprecated and may be removed in future (VariableLengthArraySizeNotInValidRange.ql:110,11-19) +WARNING: module 'TaintTracking' has been deprecated and may be removed in future (VariableLengthArraySizeNotInValidRange.ql:93,5-18) | test.c:14:8:14:8 | VLA declaration | Variable-length array dimension size may be in an invalid range. | | test.c:15:8:15:8 | VLA declaration | Variable-length array dimension size may be in an invalid range. | | test.c:16:8:16:8 | VLA declaration | Variable-length array dimension size may be in an invalid range. | diff --git a/c/cert/test/rules/EXP37-C/DoNotCallFunctionsWithIncompatibleArguments.expected b/c/cert/test/rules/EXP37-C/DoNotCallFunctionsWithIncompatibleArguments.expected index a2ff1cdd92..614cdc91c8 100644 --- a/c/cert/test/rules/EXP37-C/DoNotCallFunctionsWithIncompatibleArguments.expected +++ b/c/cert/test/rules/EXP37-C/DoNotCallFunctionsWithIncompatibleArguments.expected @@ -1,3 +1,3 @@ -| test.c:83:12:83:16 | call to atan2 | Argument $@ in call to atan2 is incompatible with parameter double (unnamed parameter 0). | test.c:83:18:83:18 | c | c | -| test.c:93:3:93:12 | call to test_func1 | Argument $@ in call to test_func1 is incompatible with parameter short p1. | test.c:93:14:93:15 | p1 | p1 | -| test.c:94:3:94:12 | call to test_func1 | Argument $@ in call to test_func1 is incompatible with parameter short p1. | test.c:94:14:94:15 | p2 | p2 | +| test.c:83:12:83:16 | call to atan2 | Argument $@ in call to atan2 is incompatible with the function parameter type. | test.c:83:18:83:18 | c | c | +| test.c:93:3:93:12 | call to test_func1 | Argument $@ in call to test_func1 is incompatible with the function parameter type. | test.c:93:14:93:15 | p1 | p1 | +| test.c:94:3:94:12 | call to test_func1 | Argument $@ in call to test_func1 is incompatible with the function parameter type. | test.c:94:14:94:15 | p2 | p2 | diff --git a/c/cert/test/rules/MEM35-C/InsufficientMemoryAllocatedForObject.expected b/c/cert/test/rules/MEM35-C/InsufficientMemoryAllocatedForObject.expected index 30dece9299..fb5e7b483c 100644 --- a/c/cert/test/rules/MEM35-C/InsufficientMemoryAllocatedForObject.expected +++ b/c/cert/test/rules/MEM35-C/InsufficientMemoryAllocatedForObject.expected @@ -1,3 +1,5 @@ +WARNING: module 'TaintTracking' has been deprecated and may be removed in future (InsufficientMemoryAllocatedForObject.ql:89,5-18) +WARNING: module 'TaintTracking' has been deprecated and may be removed in future (InsufficientMemoryAllocatedForObject.ql:147,5-18) | test.c:12:19:12:24 | call to malloc | Allocation size (32 bytes) is not a multiple of the size of 'S1' (36 bytes). | test.c:12:26:12:32 | 32 | | | test.c:15:19:15:24 | call to malloc | Allocation size calculated from the size of a different type ($@). | test.c:15:26:15:35 | sizeof() | sizeof(S1 *) | | test.c:20:19:20:24 | call to malloc | Allocation size (128 bytes) is not a multiple of the size of 'S1' (36 bytes). | test.c:20:26:20:36 | ... * ... | | diff --git a/c/cert/test/rules/SIG30-C/CallOnlyAsyncSafeFunctionsWithinSignalHandlers.expected b/c/cert/test/rules/SIG30-C/CallOnlyAsyncSafeFunctionsWithinSignalHandlers.expected index a601fe63f4..6b7a439308 100644 --- a/c/cert/test/rules/SIG30-C/CallOnlyAsyncSafeFunctionsWithinSignalHandlers.expected +++ b/c/cert/test/rules/SIG30-C/CallOnlyAsyncSafeFunctionsWithinSignalHandlers.expected @@ -1,4 +1,4 @@ -| test.c:10:3:10:18 | call to log_local_unsafe | Asyncronous-unsafe function calls within a $@ can lead to undefined behavior. | test.c:16:7:16:12 | call to signal | signal handler | -| test.c:11:3:11:6 | call to free | Asyncronous-unsafe function calls within a $@ can lead to undefined behavior. | test.c:16:7:16:12 | call to signal | signal handler | -| test.c:46:3:46:9 | call to longjmp | Asyncronous-unsafe function calls within a $@ can lead to undefined behavior. | test.c:50:7:50:12 | call to signal | signal handler | -| test.c:76:7:76:11 | call to raise | Asyncronous-unsafe function calls within a $@ can lead to undefined behavior. | test.c:91:7:91:12 | call to signal | signal handler | +| test.c:10:3:10:18 | call to log_local_unsafe | Asynchronous-unsafe function calls within a $@ can lead to undefined behavior. | test.c:16:7:16:12 | call to signal | signal handler | +| test.c:11:3:11:6 | call to free | Asynchronous-unsafe function calls within a $@ can lead to undefined behavior. | test.c:16:7:16:12 | call to signal | signal handler | +| test.c:46:3:46:9 | call to longjmp | Asynchronous-unsafe function calls within a $@ can lead to undefined behavior. | test.c:50:7:50:12 | call to signal | signal handler | +| test.c:76:7:76:11 | call to raise | Asynchronous-unsafe function calls within a $@ can lead to undefined behavior. | test.c:91:7:91:12 | call to signal | signal handler | diff --git a/c/common/src/codeql-pack.lock.yml b/c/common/src/codeql-pack.lock.yml index 86c985eb17..89576df617 100644 --- a/c/common/src/codeql-pack.lock.yml +++ b/c/common/src/codeql-pack.lock.yml @@ -3,26 +3,28 @@ lockVersion: 1.0.0 dependencies: advanced-security/qtil: version: 0.0.3 + codeql/controlflow: + version: 2.0.17 codeql/cpp-all: - version: 5.0.0 + version: 6.0.0 codeql/dataflow: - version: 2.0.8 + version: 2.0.17 codeql/mad: - version: 1.0.24 + version: 1.0.33 codeql/quantum: - version: 0.0.2 + version: 0.0.11 codeql/rangeanalysis: - version: 1.0.24 + version: 1.0.33 codeql/ssa: - version: 2.0.0 + version: 2.0.9 codeql/tutorial: - version: 1.0.24 + version: 1.0.33 codeql/typeflow: - version: 1.0.24 + version: 1.0.33 codeql/typetracking: - version: 2.0.8 + version: 2.0.17 codeql/util: - version: 2.0.11 + version: 2.0.20 codeql/xml: - version: 1.0.24 + version: 1.0.33 compiled: false diff --git a/c/common/src/qlpack.yml b/c/common/src/qlpack.yml index b0692ed275..e9b7a0976b 100644 --- a/c/common/src/qlpack.yml +++ b/c/common/src/qlpack.yml @@ -3,4 +3,4 @@ version: 2.62.0-dev license: MIT dependencies: codeql/common-cpp-coding-standards: '*' - codeql/cpp-all: 5.0.0 + codeql/cpp-all: 6.0.0 diff --git a/c/common/test/codeql-pack.lock.yml b/c/common/test/codeql-pack.lock.yml index 86c985eb17..89576df617 100644 --- a/c/common/test/codeql-pack.lock.yml +++ b/c/common/test/codeql-pack.lock.yml @@ -3,26 +3,28 @@ lockVersion: 1.0.0 dependencies: advanced-security/qtil: version: 0.0.3 + codeql/controlflow: + version: 2.0.17 codeql/cpp-all: - version: 5.0.0 + version: 6.0.0 codeql/dataflow: - version: 2.0.8 + version: 2.0.17 codeql/mad: - version: 1.0.24 + version: 1.0.33 codeql/quantum: - version: 0.0.2 + version: 0.0.11 codeql/rangeanalysis: - version: 1.0.24 + version: 1.0.33 codeql/ssa: - version: 2.0.0 + version: 2.0.9 codeql/tutorial: - version: 1.0.24 + version: 1.0.33 codeql/typeflow: - version: 1.0.24 + version: 1.0.33 codeql/typetracking: - version: 2.0.8 + version: 2.0.17 codeql/util: - version: 2.0.11 + version: 2.0.20 codeql/xml: - version: 1.0.24 + version: 1.0.33 compiled: false diff --git a/c/misra/src/codeql-pack.lock.yml b/c/misra/src/codeql-pack.lock.yml index 86c985eb17..89576df617 100644 --- a/c/misra/src/codeql-pack.lock.yml +++ b/c/misra/src/codeql-pack.lock.yml @@ -3,26 +3,28 @@ lockVersion: 1.0.0 dependencies: advanced-security/qtil: version: 0.0.3 + codeql/controlflow: + version: 2.0.17 codeql/cpp-all: - version: 5.0.0 + version: 6.0.0 codeql/dataflow: - version: 2.0.8 + version: 2.0.17 codeql/mad: - version: 1.0.24 + version: 1.0.33 codeql/quantum: - version: 0.0.2 + version: 0.0.11 codeql/rangeanalysis: - version: 1.0.24 + version: 1.0.33 codeql/ssa: - version: 2.0.0 + version: 2.0.9 codeql/tutorial: - version: 1.0.24 + version: 1.0.33 codeql/typeflow: - version: 1.0.24 + version: 1.0.33 codeql/typetracking: - version: 2.0.8 + version: 2.0.17 codeql/util: - version: 2.0.11 + version: 2.0.20 codeql/xml: - version: 1.0.24 + version: 1.0.33 compiled: false diff --git a/c/misra/src/qlpack.yml b/c/misra/src/qlpack.yml index 80a4e2c37e..60d8fdd3b3 100644 --- a/c/misra/src/qlpack.yml +++ b/c/misra/src/qlpack.yml @@ -6,4 +6,4 @@ license: MIT default-suite-file: codeql-suites/misra-c-default.qls dependencies: codeql/common-c-coding-standards: '*' - codeql/cpp-all: 5.0.0 + codeql/cpp-all: 6.0.0 diff --git a/c/misra/test/codeql-pack.lock.yml b/c/misra/test/codeql-pack.lock.yml index 86c985eb17..89576df617 100644 --- a/c/misra/test/codeql-pack.lock.yml +++ b/c/misra/test/codeql-pack.lock.yml @@ -3,26 +3,28 @@ lockVersion: 1.0.0 dependencies: advanced-security/qtil: version: 0.0.3 + codeql/controlflow: + version: 2.0.17 codeql/cpp-all: - version: 5.0.0 + version: 6.0.0 codeql/dataflow: - version: 2.0.8 + version: 2.0.17 codeql/mad: - version: 1.0.24 + version: 1.0.33 codeql/quantum: - version: 0.0.2 + version: 0.0.11 codeql/rangeanalysis: - version: 1.0.24 + version: 1.0.33 codeql/ssa: - version: 2.0.0 + version: 2.0.9 codeql/tutorial: - version: 1.0.24 + version: 1.0.33 codeql/typeflow: - version: 1.0.24 + version: 1.0.33 codeql/typetracking: - version: 2.0.8 + version: 2.0.17 codeql/util: - version: 2.0.11 + version: 2.0.20 codeql/xml: - version: 1.0.24 + version: 1.0.33 compiled: false diff --git a/c/misra/test/rules/RULE-14-3/ControllingExprInvariant.expected b/c/misra/test/rules/RULE-14-3/ControllingExprInvariant.expected index c03c04d6cc..3beb834f84 100644 --- a/c/misra/test/rules/RULE-14-3/ControllingExprInvariant.expected +++ b/c/misra/test/rules/RULE-14-3/ControllingExprInvariant.expected @@ -5,3 +5,4 @@ | test.c:27:10:27:14 | ... < ... | Controlling expression in loop statement has an invariant value. | | test.c:37:3:37:6 | 1 | Controlling expression in conditional statement has an invariant value. | | test.c:38:3:38:3 | 1 | Controlling expression in conditional statement has an invariant value. | +| test.c:45:10:45:26 | ... && ... | Controlling expression in loop statement has an invariant value. | diff --git a/c/misra/test/rules/RULE-14-3/test.c b/c/misra/test/rules/RULE-14-3/test.c index 94b10d36b0..ed8854afd2 100644 --- a/c/misra/test/rules/RULE-14-3/test.c +++ b/c/misra/test/rules/RULE-14-3/test.c @@ -42,6 +42,6 @@ void f5(bool b1) { void f6(int p1) { while (p1 < 10 && p1 > 12) { // NON_COMPLIANT[FALSE_NEGATIVE] } - while (1 == 0 && p1 > 12) { // NON_COMPLIANT[FALSE_NEGATIVE] + while (1 == 0 && p1 > 12) { // NON_COMPLIANT } } \ No newline at end of file diff --git a/change_notes/2026-06-25-upgrade-to-2.23.3.md b/change_notes/2026-06-25-upgrade-to-2.23.3.md new file mode 100644 index 0000000000..651238850d --- /dev/null +++ b/change_notes/2026-06-25-upgrade-to-2.23.3.md @@ -0,0 +1,10 @@ +- Updated the CodeQL version to `2.23.3`. +- Refactor multiple queries to compile with updated CodeQL and libraries. +- `EXP37-C` - `DoNotCallFunctionsWithIncompatibleArguments.ql`: + - Modified error message for performance. +- `RULE-14-3` - `ControllingExprInvariant.ql`: + - Fix for known false negative. +- `EXP50-CPP` - `DoNotDependOnTheOrderOfScalarObjectEvaluationForSideEffects.ql`: + - Fix typo in error message. +- `RULE-2-3`, `A0-1-6` - `UnusedTypeDeclarations.ql`: + - Fix for known false negative. \ No newline at end of file diff --git a/cpp/autosar/src/codeql-pack.lock.yml b/cpp/autosar/src/codeql-pack.lock.yml index 86c985eb17..89576df617 100644 --- a/cpp/autosar/src/codeql-pack.lock.yml +++ b/cpp/autosar/src/codeql-pack.lock.yml @@ -3,26 +3,28 @@ lockVersion: 1.0.0 dependencies: advanced-security/qtil: version: 0.0.3 + codeql/controlflow: + version: 2.0.17 codeql/cpp-all: - version: 5.0.0 + version: 6.0.0 codeql/dataflow: - version: 2.0.8 + version: 2.0.17 codeql/mad: - version: 1.0.24 + version: 1.0.33 codeql/quantum: - version: 0.0.2 + version: 0.0.11 codeql/rangeanalysis: - version: 1.0.24 + version: 1.0.33 codeql/ssa: - version: 2.0.0 + version: 2.0.9 codeql/tutorial: - version: 1.0.24 + version: 1.0.33 codeql/typeflow: - version: 1.0.24 + version: 1.0.33 codeql/typetracking: - version: 2.0.8 + version: 2.0.17 codeql/util: - version: 2.0.11 + version: 2.0.20 codeql/xml: - version: 1.0.24 + version: 1.0.33 compiled: false diff --git a/cpp/autosar/src/qlpack.yml b/cpp/autosar/src/qlpack.yml index bb73dab121..f526329e37 100644 --- a/cpp/autosar/src/qlpack.yml +++ b/cpp/autosar/src/qlpack.yml @@ -5,4 +5,4 @@ suites: codeql-suites license: MIT dependencies: codeql/common-cpp-coding-standards: '*' - codeql/cpp-all: 5.0.0 + codeql/cpp-all: 6.0.0 diff --git a/cpp/autosar/test/codeql-pack.lock.yml b/cpp/autosar/test/codeql-pack.lock.yml index 86c985eb17..89576df617 100644 --- a/cpp/autosar/test/codeql-pack.lock.yml +++ b/cpp/autosar/test/codeql-pack.lock.yml @@ -3,26 +3,28 @@ lockVersion: 1.0.0 dependencies: advanced-security/qtil: version: 0.0.3 + codeql/controlflow: + version: 2.0.17 codeql/cpp-all: - version: 5.0.0 + version: 6.0.0 codeql/dataflow: - version: 2.0.8 + version: 2.0.17 codeql/mad: - version: 1.0.24 + version: 1.0.33 codeql/quantum: - version: 0.0.2 + version: 0.0.11 codeql/rangeanalysis: - version: 1.0.24 + version: 1.0.33 codeql/ssa: - version: 2.0.0 + version: 2.0.9 codeql/tutorial: - version: 1.0.24 + version: 1.0.33 codeql/typeflow: - version: 1.0.24 + version: 1.0.33 codeql/typetracking: - version: 2.0.8 + version: 2.0.17 codeql/util: - version: 2.0.11 + version: 2.0.20 codeql/xml: - version: 1.0.24 + version: 1.0.33 compiled: false diff --git a/cpp/autosar/test/rules/A13-6-1/UseCorrectIntervalForDigitSequencesSeparators.expected b/cpp/autosar/test/rules/A13-6-1/UseCorrectIntervalForDigitSequencesSeparators.expected index ee87fca749..9cda0967bf 100644 --- a/cpp/autosar/test/rules/A13-6-1/UseCorrectIntervalForDigitSequencesSeparators.expected +++ b/cpp/autosar/test/rules/A13-6-1/UseCorrectIntervalForDigitSequencesSeparators.expected @@ -7,8 +7,8 @@ | test.cpp:19:3:19:17 | 1370 | The digit sequence 01010101'1010 uses a digit sequence separator at a spacing other than 4. | | test.cpp:20:3:20:15 | 85 | The digit sequence 01'01'01'01 uses a digit sequence separator at a spacing other than 4. | | test.cpp:21:3:21:14 | 85 | The digit sequence 010'1010'1 uses a digit sequence separator at a spacing other than 4. | -| test.cpp:26:3:26:15 | 1.1E10 | The digit sequence 1000'000 uses a digit sequence separator at a spacing other than 3. | -| test.cpp:27:3:27:16 | 1.1E10 | The digit sequence 10'00'000 uses a digit sequence separator at a spacing other than 3. | -| test.cpp:28:3:28:17 | 1.1E10 | The digit sequence 1'0 uses a digit sequence separator at a spacing other than 3. | -| test.cpp:29:3:29:16 | 1.1E10 | The digit sequence 10'000'00 uses a digit sequence separator at a spacing other than 3. | -| test.cpp:30:3:30:15 | 1.1E10 | The digit sequence 1'0 uses a digit sequence separator at a spacing other than 3. | +| test.cpp:26:3:26:15 | 11000000000.0 | The digit sequence 1000'000 uses a digit sequence separator at a spacing other than 3. | +| test.cpp:27:3:27:16 | 11000000000.0 | The digit sequence 10'00'000 uses a digit sequence separator at a spacing other than 3. | +| test.cpp:28:3:28:17 | 11000000000.0 | The digit sequence 1'0 uses a digit sequence separator at a spacing other than 3. | +| test.cpp:29:3:29:16 | 11000000000.0 | The digit sequence 10'000'00 uses a digit sequence separator at a spacing other than 3. | +| test.cpp:30:3:30:15 | 11000000000.0 | The digit sequence 1'0 uses a digit sequence separator at a spacing other than 3. | diff --git a/cpp/autosar/test/rules/A2-10-5/IdentifierNameOfANonMemberObjectWithExternalOrInternalLinkageIsReused.expected b/cpp/autosar/test/rules/A2-10-5/IdentifierNameOfANonMemberObjectWithExternalOrInternalLinkageIsReused.expected index b3284a9970..d6f496a3c6 100644 --- a/cpp/autosar/test/rules/A2-10-5/IdentifierNameOfANonMemberObjectWithExternalOrInternalLinkageIsReused.expected +++ b/cpp/autosar/test/rules/A2-10-5/IdentifierNameOfANonMemberObjectWithExternalOrInternalLinkageIsReused.expected @@ -1,6 +1,6 @@ | test1a.cpp:2:12:2:13 | g1 | Identifier name of non-member object $@ reuses the identifier name of non-member object $@. | test1a.cpp:2:12:2:13 | g1 | g1 | test1b.cpp:2:12:2:13 | g1 | g1 | | test1a.cpp:6:12:6:13 | g3 | Identifier name of non-member object $@ reuses the identifier name of non-member object $@. | test1a.cpp:6:12:6:13 | g3 | g3 | test1b.cpp:6:12:6:13 | g3 | g3 | -| test1a.cpp:17:39:17:48 | number_two | Identifier name of non-member object $@ reuses the identifier name of non-member object $@. | test1a.cpp:17:39:17:48 | number_two | number_two | test1b.cpp:11:39:11:48 | number_two | number_two | +| test1a.cpp:17:50:17:50 | number_two | Identifier name of non-member object $@ reuses the identifier name of non-member object $@. | test1a.cpp:17:50:17:50 | number_two | number_two | test1b.cpp:11:50:11:50 | number_two | number_two | | test1b.cpp:2:12:2:13 | g1 | Identifier name of non-member object $@ reuses the identifier name of non-member object $@. | test1b.cpp:2:12:2:13 | g1 | g1 | test1a.cpp:2:12:2:13 | g1 | g1 | | test1b.cpp:6:12:6:13 | g3 | Identifier name of non-member object $@ reuses the identifier name of non-member object $@. | test1b.cpp:6:12:6:13 | g3 | g3 | test1a.cpp:6:12:6:13 | g3 | g3 | -| test1b.cpp:11:39:11:48 | number_two | Identifier name of non-member object $@ reuses the identifier name of non-member object $@. | test1b.cpp:11:39:11:48 | number_two | number_two | test1a.cpp:17:39:17:48 | number_two | number_two | +| test1b.cpp:11:50:11:50 | number_two | Identifier name of non-member object $@ reuses the identifier name of non-member object $@. | test1b.cpp:11:50:11:50 | number_two | number_two | test1a.cpp:17:50:17:50 | number_two | number_two | diff --git a/cpp/autosar/test/rules/M2-13-4/LiteralSuffixNotUpperCase.expected b/cpp/autosar/test/rules/M2-13-4/LiteralSuffixNotUpperCase.expected index 66fa304117..9397fbac49 100644 --- a/cpp/autosar/test/rules/M2-13-4/LiteralSuffixNotUpperCase.expected +++ b/cpp/autosar/test/rules/M2-13-4/LiteralSuffixNotUpperCase.expected @@ -8,5 +8,5 @@ | test.cpp:16:3:16:14 | 1254450 | Numeric literal 0x13'24'32Ul has the lower case suffix l. | | test.cpp:17:3:17:13 | 1254450 | Numeric literal 0x13'24'32u has the lower case suffix u. | | test.cpp:18:3:18:13 | 1254450 | Numeric literal 0x13'24'32l has the lower case suffix l. | -| test.cpp:22:3:22:15 | 1.123123E10 | Numeric literal 1.123'123e10f has the lower case suffix f. | -| test.cpp:23:3:23:15 | 1.123123E10 | Numeric literal 1.123'123e10l has the lower case suffix l. | +| test.cpp:22:3:22:15 | 1.123122995e+10 | Numeric literal 1.123'123e10f has the lower case suffix f. | +| test.cpp:23:3:23:15 | 11231230000.0 | Numeric literal 1.123'123e10l has the lower case suffix l. | diff --git a/cpp/autosar/test/rules/M5-0-6/ImplicitConstConversionToSmallerUnderlyingType.expected b/cpp/autosar/test/rules/M5-0-6/ImplicitConstConversionToSmallerUnderlyingType.expected index 00e191758c..6b1d701128 100644 --- a/cpp/autosar/test/rules/M5-0-6/ImplicitConstConversionToSmallerUnderlyingType.expected +++ b/cpp/autosar/test/rules/M5-0-6/ImplicitConstConversionToSmallerUnderlyingType.expected @@ -1,2 +1,2 @@ | test.cpp:11:8:11:10 | (int8_t)... | Implicit conversion of integral $@ reduces the size from 4 bytes to 1 bytes. | test.cpp:11:8:11:10 | 256 | 256 | -| test.cpp:24:9:24:14 | (float)... | Implicit conversion of floating point $@ reduces the size from 8 bytes to 4 bytes. | test.cpp:24:9:24:14 | 3.5E38 | 3.5e38 | +| test.cpp:24:9:24:14 | (float)... | Implicit conversion of floating point $@ reduces the size from 8 bytes to 4 bytes. | test.cpp:24:9:24:14 | 3.500000000000000016e+38 | 3.5e38 | diff --git a/cpp/cert/src/codeql-pack.lock.yml b/cpp/cert/src/codeql-pack.lock.yml index 86c985eb17..89576df617 100644 --- a/cpp/cert/src/codeql-pack.lock.yml +++ b/cpp/cert/src/codeql-pack.lock.yml @@ -3,26 +3,28 @@ lockVersion: 1.0.0 dependencies: advanced-security/qtil: version: 0.0.3 + codeql/controlflow: + version: 2.0.17 codeql/cpp-all: - version: 5.0.0 + version: 6.0.0 codeql/dataflow: - version: 2.0.8 + version: 2.0.17 codeql/mad: - version: 1.0.24 + version: 1.0.33 codeql/quantum: - version: 0.0.2 + version: 0.0.11 codeql/rangeanalysis: - version: 1.0.24 + version: 1.0.33 codeql/ssa: - version: 2.0.0 + version: 2.0.9 codeql/tutorial: - version: 1.0.24 + version: 1.0.33 codeql/typeflow: - version: 1.0.24 + version: 1.0.33 codeql/typetracking: - version: 2.0.8 + version: 2.0.17 codeql/util: - version: 2.0.11 + version: 2.0.20 codeql/xml: - version: 1.0.24 + version: 1.0.33 compiled: false diff --git a/cpp/cert/src/qlpack.yml b/cpp/cert/src/qlpack.yml index 7754c7bbe5..40088f3a32 100644 --- a/cpp/cert/src/qlpack.yml +++ b/cpp/cert/src/qlpack.yml @@ -5,5 +5,5 @@ suites: codeql-suites license: MIT default-suite-file: codeql-suites/cert-cpp-default.qls dependencies: - codeql/cpp-all: 5.0.0 + codeql/cpp-all: 6.0.0 codeql/common-cpp-coding-standards: '*' diff --git a/cpp/cert/src/rules/EXP50-CPP/DoNotDependOnTheOrderOfScalarObjectEvaluationForSideEffects.ql b/cpp/cert/src/rules/EXP50-CPP/DoNotDependOnTheOrderOfScalarObjectEvaluationForSideEffects.ql index 82b7d4e8dc..9de227bc88 100644 --- a/cpp/cert/src/rules/EXP50-CPP/DoNotDependOnTheOrderOfScalarObjectEvaluationForSideEffects.ql +++ b/cpp/cert/src/rules/EXP50-CPP/DoNotDependOnTheOrderOfScalarObjectEvaluationForSideEffects.ql @@ -33,5 +33,5 @@ where va1 = ve.getAnAccess() and FullExprOrdering::isUnsequenced(va1, va2) and v = va1.getTarget() -select e, "Scalar object referenced by $@ has a $@ that is unsequenced in relative to another $@.", - v, v.getName(), ve, "side-effect", va2, "side-effect or value computation" +select e, "Scalar object referenced by $@ has a $@ that is unsequenced relative to another $@.", v, + v.getName(), ve, "side-effect", va2, "side-effect or value computation" diff --git a/cpp/cert/test/codeql-pack.lock.yml b/cpp/cert/test/codeql-pack.lock.yml index 86c985eb17..89576df617 100644 --- a/cpp/cert/test/codeql-pack.lock.yml +++ b/cpp/cert/test/codeql-pack.lock.yml @@ -3,26 +3,28 @@ lockVersion: 1.0.0 dependencies: advanced-security/qtil: version: 0.0.3 + codeql/controlflow: + version: 2.0.17 codeql/cpp-all: - version: 5.0.0 + version: 6.0.0 codeql/dataflow: - version: 2.0.8 + version: 2.0.17 codeql/mad: - version: 1.0.24 + version: 1.0.33 codeql/quantum: - version: 0.0.2 + version: 0.0.11 codeql/rangeanalysis: - version: 1.0.24 + version: 1.0.33 codeql/ssa: - version: 2.0.0 + version: 2.0.9 codeql/tutorial: - version: 1.0.24 + version: 1.0.33 codeql/typeflow: - version: 1.0.24 + version: 1.0.33 codeql/typetracking: - version: 2.0.8 + version: 2.0.17 codeql/util: - version: 2.0.11 + version: 2.0.20 codeql/xml: - version: 1.0.24 + version: 1.0.33 compiled: false diff --git a/cpp/cert/test/rules/EXP50-CPP/DoNotDependOnTheOrderOfScalarObjectEvaluationForSideEffects.expected b/cpp/cert/test/rules/EXP50-CPP/DoNotDependOnTheOrderOfScalarObjectEvaluationForSideEffects.expected index a7d5f0e42f..3bbdf84e9b 100644 --- a/cpp/cert/test/rules/EXP50-CPP/DoNotDependOnTheOrderOfScalarObjectEvaluationForSideEffects.expected +++ b/cpp/cert/test/rules/EXP50-CPP/DoNotDependOnTheOrderOfScalarObjectEvaluationForSideEffects.expected @@ -1,17 +1,29 @@ -| test.cpp:8:3:9:8 | ... = ... | Scalar object referenced by $@ has a $@ that is unsequenced in relative to another $@. | test.cpp:4:5:4:6 | g1 | g1 | test.cpp:8:3:9:8 | ... = ... | side-effect | test.cpp:8:10:8:11 | g1 | side-effect or value computation | -| test.cpp:8:3:9:8 | ... = ... | Scalar object referenced by $@ has a $@ that is unsequenced in relative to another $@. | test.cpp:4:5:4:6 | g1 | g1 | test.cpp:8:8:8:11 | ++ ... | side-effect | test.cpp:8:3:8:4 | g1 | side-effect or value computation | -| test.cpp:10:3:10:15 | ... = ... | Scalar object referenced by $@ has a $@ that is unsequenced in relative to another $@. | test.cpp:4:5:4:6 | g1 | g1 | test.cpp:10:6:10:9 | ... ++ | side-effect | test.cpp:10:14:10:15 | g1 | side-effect or value computation | -| test.cpp:14:3:14:12 | ... += ... | Scalar object referenced by $@ has a $@ that is unsequenced in relative to another $@. | test.cpp:4:5:4:6 | g1 | g1 | test.cpp:14:3:14:12 | ... += ... | side-effect | test.cpp:14:9:14:10 | g1 | side-effect or value computation | -| test.cpp:14:3:14:12 | ... += ... | Scalar object referenced by $@ has a $@ that is unsequenced in relative to another $@. | test.cpp:4:5:4:6 | g1 | g1 | test.cpp:14:9:14:12 | ... ++ | side-effect | test.cpp:14:3:14:4 | g1 | side-effect or value computation | -| test.cpp:15:3:16:11 | ... = ... | Scalar object referenced by $@ has a $@ that is unsequenced in relative to another $@. | test.cpp:4:5:4:6 | g1 | g1 | test.cpp:15:3:16:11 | ... = ... | side-effect | test.cpp:15:8:15:9 | g1 | side-effect or value computation | -| test.cpp:15:3:16:11 | ... = ... | Scalar object referenced by $@ has a $@ that is unsequenced in relative to another $@. | test.cpp:4:5:4:6 | g1 | g1 | test.cpp:15:8:16:11 | ... += ... | side-effect | test.cpp:15:3:15:4 | g1 | side-effect or value computation | -| test.cpp:21:3:21:4 | call to f2 | Scalar object referenced by $@ has a $@ that is unsequenced in relative to another $@. | test.cpp:20:13:20:14 | p1 | p1 | test.cpp:21:6:21:9 | ... ++ | side-effect | test.cpp:21:12:21:13 | p1 | side-effect or value computation | -| test.cpp:28:13:28:13 | call to operator<< | Scalar object referenced by $@ has a $@ that is unsequenced in relative to another $@. | test.cpp:26:13:26:14 | p1 | p1 | test.cpp:27:16:27:19 | ... ++ | side-effect | test.cpp:27:24:27:25 | p1 | side-effect or value computation | -| test.cpp:92:3:92:4 | call to f2 | Scalar object referenced by $@ has a $@ that is unsequenced in relative to another $@. | test.cpp:91:7:91:7 | i | i | test.cpp:62:25:62:30 | ++ ... | side-effect | test.cpp:92:18:92:18 | i | side-effect or value computation | -| test.cpp:92:3:92:4 | call to f2 | Scalar object referenced by $@ has a $@ that is unsequenced in relative to another $@. | test.cpp:91:7:91:7 | i | i | test.cpp:66:3:66:8 | ... = ... | side-effect | test.cpp:92:10:92:10 | i | side-effect or value computation | -| test.cpp:93:3:93:4 | call to f2 | Scalar object referenced by $@ has a $@ that is unsequenced in relative to another $@. | test.cpp:91:7:91:7 | i | i | test.cpp:62:25:62:30 | ++ ... | side-effect | test.cpp:93:10:93:10 | i | side-effect or value computation | -| test.cpp:93:3:93:4 | call to f2 | Scalar object referenced by $@ has a $@ that is unsequenced in relative to another $@. | test.cpp:91:7:91:7 | i | i | test.cpp:62:25:62:30 | ++ ... | side-effect | test.cpp:93:19:93:19 | i | side-effect or value computation | -| test.cpp:95:3:95:4 | call to f2 | Scalar object referenced by $@ has a $@ that is unsequenced in relative to another $@. | test.cpp:91:7:91:7 | i | i | test.cpp:63:25:63:27 | ++ ... | side-effect | test.cpp:95:16:95:16 | i | side-effect or value computation | -| test.cpp:95:3:95:4 | call to f2 | Scalar object referenced by $@ has a $@ that is unsequenced in relative to another $@. | test.cpp:91:7:91:7 | i | i | test.cpp:71:3:71:7 | ... = ... | side-effect | test.cpp:95:9:95:9 | i | side-effect or value computation | -| test.cpp:96:3:96:4 | call to f2 | Scalar object referenced by $@ has a $@ that is unsequenced in relative to another $@. | test.cpp:91:7:91:7 | i | i | test.cpp:63:25:63:27 | ++ ... | side-effect | test.cpp:96:9:96:9 | i | side-effect or value computation | -| test.cpp:96:3:96:4 | call to f2 | Scalar object referenced by $@ has a $@ that is unsequenced in relative to another $@. | test.cpp:91:7:91:7 | i | i | test.cpp:63:25:63:27 | ++ ... | side-effect | test.cpp:96:17:96:17 | i | side-effect or value computation | +| test.cpp:8:3:9:8 | ... = ... | Scalar object referenced by $@ has a $@ that is unsequenced relative to another $@. | test.cpp:4:5:4:6 | g1 | g1 | test.cpp:8:3:9:8 | ... = ... | side-effect | test.cpp:8:10:8:11 | g1 | side-effect or value computation | +| test.cpp:8:3:9:8 | ... = ... | Scalar object referenced by $@ has a $@ that is unsequenced relative to another $@. | test.cpp:4:5:4:6 | g1 | g1 | test.cpp:8:8:8:11 | ++ ... | side-effect | test.cpp:8:3:8:4 | g1 | side-effect or value computation | +| test.cpp:10:3:10:15 | ... = ... | Scalar object referenced by $@ has a $@ that is unsequenced relative to another $@. | test.cpp:4:5:4:6 | g1 | g1 | test.cpp:10:6:10:9 | ... ++ | side-effect | test.cpp:10:14:10:15 | g1 | side-effect or value computation | +| test.cpp:14:3:14:12 | ... += ... | Scalar object referenced by $@ has a $@ that is unsequenced relative to another $@. | test.cpp:4:5:4:6 | g1 | g1 | test.cpp:14:3:14:12 | ... += ... | side-effect | test.cpp:14:9:14:10 | g1 | side-effect or value computation | +| test.cpp:14:3:14:12 | ... += ... | Scalar object referenced by $@ has a $@ that is unsequenced relative to another $@. | test.cpp:4:5:4:6 | g1 | g1 | test.cpp:14:9:14:12 | ... ++ | side-effect | test.cpp:14:3:14:4 | g1 | side-effect or value computation | +| test.cpp:15:3:16:11 | ... = ... | Scalar object referenced by $@ has a $@ that is unsequenced relative to another $@. | test.cpp:4:5:4:6 | g1 | g1 | test.cpp:15:3:16:11 | ... = ... | side-effect | test.cpp:15:8:15:9 | g1 | side-effect or value computation | +| test.cpp:15:3:16:11 | ... = ... | Scalar object referenced by $@ has a $@ that is unsequenced relative to another $@. | test.cpp:4:5:4:6 | g1 | g1 | test.cpp:15:8:16:11 | ... += ... | side-effect | test.cpp:15:3:15:4 | g1 | side-effect or value computation | +| test.cpp:21:3:21:4 | call to f2 | Scalar object referenced by $@ has a $@ that is unsequenced relative to another $@. | test.cpp:20:13:20:14 | p1 | p1 | test.cpp:21:6:21:9 | ... ++ | side-effect | test.cpp:21:12:21:13 | p1 | side-effect or value computation | +| test.cpp:28:13:28:13 | call to operator<< | Scalar object referenced by $@ has a $@ that is unsequenced relative to another $@. | test.cpp:26:13:26:14 | p1 | p1 | test.cpp:27:16:27:19 | ... ++ | side-effect | test.cpp:27:24:27:25 | p1 | side-effect or value computation | +| test.cpp:92:3:92:4 | call to f2 | Scalar object referenced by $@ has a $@ that is unsequenced relative to another $@. | test.cpp:91:7:91:7 | i | i | test.cpp:62:25:62:30 | ++ ... | side-effect | test.cpp:92:10:92:10 | i | side-effect or value computation | +| test.cpp:92:3:92:4 | call to f2 | Scalar object referenced by $@ has a $@ that is unsequenced relative to another $@. | test.cpp:91:7:91:7 | i | i | test.cpp:62:25:62:30 | ++ ... | side-effect | test.cpp:92:18:92:18 | i | side-effect or value computation | +| test.cpp:92:3:92:4 | call to f2 | Scalar object referenced by $@ has a $@ that is unsequenced relative to another $@. | test.cpp:91:7:91:7 | i | i | test.cpp:63:25:63:27 | ++ ... | side-effect | test.cpp:92:10:92:10 | i | side-effect or value computation | +| test.cpp:92:3:92:4 | call to f2 | Scalar object referenced by $@ has a $@ that is unsequenced relative to another $@. | test.cpp:91:7:91:7 | i | i | test.cpp:63:25:63:27 | ++ ... | side-effect | test.cpp:92:18:92:18 | i | side-effect or value computation | +| test.cpp:92:3:92:4 | call to f2 | Scalar object referenced by $@ has a $@ that is unsequenced relative to another $@. | test.cpp:91:7:91:7 | i | i | test.cpp:66:3:66:8 | ... = ... | side-effect | test.cpp:92:10:92:10 | i | side-effect or value computation | +| test.cpp:92:3:92:4 | call to f2 | Scalar object referenced by $@ has a $@ that is unsequenced relative to another $@. | test.cpp:91:7:91:7 | i | i | test.cpp:66:3:66:8 | ... = ... | side-effect | test.cpp:92:18:92:18 | i | side-effect or value computation | +| test.cpp:92:3:92:4 | call to f2 | Scalar object referenced by $@ has a $@ that is unsequenced relative to another $@. | test.cpp:91:7:91:7 | i | i | test.cpp:71:3:71:7 | ... = ... | side-effect | test.cpp:92:10:92:10 | i | side-effect or value computation | +| test.cpp:92:3:92:4 | call to f2 | Scalar object referenced by $@ has a $@ that is unsequenced relative to another $@. | test.cpp:91:7:91:7 | i | i | test.cpp:71:3:71:7 | ... = ... | side-effect | test.cpp:92:18:92:18 | i | side-effect or value computation | +| test.cpp:93:3:93:4 | call to f2 | Scalar object referenced by $@ has a $@ that is unsequenced relative to another $@. | test.cpp:91:7:91:7 | i | i | test.cpp:62:25:62:30 | ++ ... | side-effect | test.cpp:93:10:93:10 | i | side-effect or value computation | +| test.cpp:93:3:93:4 | call to f2 | Scalar object referenced by $@ has a $@ that is unsequenced relative to another $@. | test.cpp:91:7:91:7 | i | i | test.cpp:62:25:62:30 | ++ ... | side-effect | test.cpp:93:19:93:19 | i | side-effect or value computation | +| test.cpp:93:3:93:4 | call to f2 | Scalar object referenced by $@ has a $@ that is unsequenced relative to another $@. | test.cpp:91:7:91:7 | i | i | test.cpp:63:25:63:27 | ++ ... | side-effect | test.cpp:93:10:93:10 | i | side-effect or value computation | +| test.cpp:93:3:93:4 | call to f2 | Scalar object referenced by $@ has a $@ that is unsequenced relative to another $@. | test.cpp:91:7:91:7 | i | i | test.cpp:63:25:63:27 | ++ ... | side-effect | test.cpp:93:19:93:19 | i | side-effect or value computation | +| test.cpp:93:3:93:4 | call to f2 | Scalar object referenced by $@ has a $@ that is unsequenced relative to another $@. | test.cpp:91:7:91:7 | i | i | test.cpp:71:3:71:7 | ... = ... | side-effect | test.cpp:93:10:93:10 | i | side-effect or value computation | +| test.cpp:93:3:93:4 | call to f2 | Scalar object referenced by $@ has a $@ that is unsequenced relative to another $@. | test.cpp:91:7:91:7 | i | i | test.cpp:71:3:71:7 | ... = ... | side-effect | test.cpp:93:19:93:19 | i | side-effect or value computation | +| test.cpp:95:3:95:4 | call to f2 | Scalar object referenced by $@ has a $@ that is unsequenced relative to another $@. | test.cpp:91:7:91:7 | i | i | test.cpp:63:25:63:27 | ++ ... | side-effect | test.cpp:95:9:95:9 | i | side-effect or value computation | +| test.cpp:95:3:95:4 | call to f2 | Scalar object referenced by $@ has a $@ that is unsequenced relative to another $@. | test.cpp:91:7:91:7 | i | i | test.cpp:63:25:63:27 | ++ ... | side-effect | test.cpp:95:16:95:16 | i | side-effect or value computation | +| test.cpp:95:3:95:4 | call to f2 | Scalar object referenced by $@ has a $@ that is unsequenced relative to another $@. | test.cpp:91:7:91:7 | i | i | test.cpp:71:3:71:7 | ... = ... | side-effect | test.cpp:95:9:95:9 | i | side-effect or value computation | +| test.cpp:95:3:95:4 | call to f2 | Scalar object referenced by $@ has a $@ that is unsequenced relative to another $@. | test.cpp:91:7:91:7 | i | i | test.cpp:71:3:71:7 | ... = ... | side-effect | test.cpp:95:16:95:16 | i | side-effect or value computation | +| test.cpp:96:3:96:4 | call to f2 | Scalar object referenced by $@ has a $@ that is unsequenced relative to another $@. | test.cpp:91:7:91:7 | i | i | test.cpp:63:25:63:27 | ++ ... | side-effect | test.cpp:96:9:96:9 | i | side-effect or value computation | +| test.cpp:96:3:96:4 | call to f2 | Scalar object referenced by $@ has a $@ that is unsequenced relative to another $@. | test.cpp:91:7:91:7 | i | i | test.cpp:63:25:63:27 | ++ ... | side-effect | test.cpp:96:17:96:17 | i | side-effect or value computation | diff --git a/cpp/common/src/codeql-pack.lock.yml b/cpp/common/src/codeql-pack.lock.yml index 86c985eb17..89576df617 100644 --- a/cpp/common/src/codeql-pack.lock.yml +++ b/cpp/common/src/codeql-pack.lock.yml @@ -3,26 +3,28 @@ lockVersion: 1.0.0 dependencies: advanced-security/qtil: version: 0.0.3 + codeql/controlflow: + version: 2.0.17 codeql/cpp-all: - version: 5.0.0 + version: 6.0.0 codeql/dataflow: - version: 2.0.8 + version: 2.0.17 codeql/mad: - version: 1.0.24 + version: 1.0.33 codeql/quantum: - version: 0.0.2 + version: 0.0.11 codeql/rangeanalysis: - version: 1.0.24 + version: 1.0.33 codeql/ssa: - version: 2.0.0 + version: 2.0.9 codeql/tutorial: - version: 1.0.24 + version: 1.0.33 codeql/typeflow: - version: 1.0.24 + version: 1.0.33 codeql/typetracking: - version: 2.0.8 + version: 2.0.17 codeql/util: - version: 2.0.11 + version: 2.0.20 codeql/xml: - version: 1.0.24 + version: 1.0.33 compiled: false diff --git a/cpp/common/src/codingstandards/cpp/MistypedFunctionArguments.qll b/cpp/common/src/codingstandards/cpp/MistypedFunctionArguments.qll index 6fe90372da..7c7c2c6fcf 100644 --- a/cpp/common/src/codingstandards/cpp/MistypedFunctionArguments.qll +++ b/cpp/common/src/codingstandards/cpp/MistypedFunctionArguments.qll @@ -82,9 +82,7 @@ private predicate hasZeroParamDecl(Function f) { // True if this file (or header) was compiled as a C file private predicate isCompiledAsC(File f) { - f.compiledAsC() - or - exists(File src | isCompiledAsC(src) | src.getAnIncludedFile() = f) + exists(File src | src.compiledAsC() | src.getAnIncludedFile*() = f) } private predicate isTypeInComplexDomain(FloatingPointType type) { diff --git a/cpp/common/src/codingstandards/cpp/SideEffect.qll b/cpp/common/src/codingstandards/cpp/SideEffect.qll index e2ca55e350..53421c410e 100644 --- a/cpp/common/src/codingstandards/cpp/SideEffect.qll +++ b/cpp/common/src/codingstandards/cpp/SideEffect.qll @@ -1,7 +1,7 @@ /** A module to reason about side effects. */ import cpp -private import semmle.code.cpp.dataflow.DataFlow +private import semmle.code.cpp.dataflow.new.DataFlow private import exceptions.ExceptionFlow private import codingstandards.cpp.Expr private import codingstandards.cpp.Variable diff --git a/cpp/common/src/codingstandards/cpp/standardlibrary/STLContainers.qll b/cpp/common/src/codingstandards/cpp/standardlibrary/STLContainers.qll index bc8aac43f6..9622d9db57 100644 --- a/cpp/common/src/codingstandards/cpp/standardlibrary/STLContainers.qll +++ b/cpp/common/src/codingstandards/cpp/standardlibrary/STLContainers.qll @@ -311,7 +311,6 @@ abstract class ContainerAccess extends VariableAccess { abstract Variable getOwningContainer(); } -pragma[noinline, nomagic] private predicate localTaint(DataFlow::Node n1, DataFlow::Node n2) { TaintTracking::localTaint(n1, n2) } diff --git a/cpp/common/src/qlpack.yml b/cpp/common/src/qlpack.yml index f1d79d94c5..4700f8eda6 100644 --- a/cpp/common/src/qlpack.yml +++ b/cpp/common/src/qlpack.yml @@ -2,7 +2,7 @@ name: codeql/common-cpp-coding-standards version: 2.62.0-dev license: MIT dependencies: - codeql/cpp-all: 5.0.0 + codeql/cpp-all: 6.0.0 advanced-security/qtil: "0.0.3" dataExtensions: - ext/*.model.yml diff --git a/cpp/common/test/codeql-pack.lock.yml b/cpp/common/test/codeql-pack.lock.yml index 86c985eb17..89576df617 100644 --- a/cpp/common/test/codeql-pack.lock.yml +++ b/cpp/common/test/codeql-pack.lock.yml @@ -3,26 +3,28 @@ lockVersion: 1.0.0 dependencies: advanced-security/qtil: version: 0.0.3 + codeql/controlflow: + version: 2.0.17 codeql/cpp-all: - version: 5.0.0 + version: 6.0.0 codeql/dataflow: - version: 2.0.8 + version: 2.0.17 codeql/mad: - version: 1.0.24 + version: 1.0.33 codeql/quantum: - version: 0.0.2 + version: 0.0.11 codeql/rangeanalysis: - version: 1.0.24 + version: 1.0.33 codeql/ssa: - version: 2.0.0 + version: 2.0.9 codeql/tutorial: - version: 1.0.24 + version: 1.0.33 codeql/typeflow: - version: 1.0.24 + version: 1.0.33 codeql/typetracking: - version: 2.0.8 + version: 2.0.17 codeql/util: - version: 2.0.11 + version: 2.0.20 codeql/xml: - version: 1.0.24 + version: 1.0.33 compiled: false diff --git a/cpp/common/test/library/codingstandards/cpp/identifiers/IdentifiersTest.expected b/cpp/common/test/library/codingstandards/cpp/identifiers/IdentifiersTest.expected index ab4c62a779..697666d61f 100644 --- a/cpp/common/test/library/codingstandards/cpp/identifiers/IdentifiersTest.expected +++ b/cpp/common/test/library/codingstandards/cpp/identifiers/IdentifiersTest.expected @@ -162,7 +162,7 @@ | test.cpp:244:7:244:27 | TemplateTemplateClass | test.cpp:244:7:244:27 | TemplateTemplateClass | | test.cpp:245:16:245:24 | container | test.cpp:245:16:245:24 | definition of container | | test.cpp:249:20:249:20 | T | test.cpp:249:20:249:20 | definition of T | -| test.cpp:249:35:249:51 | variable_template | test.cpp:249:35:249:51 | definition of variable_template | +| test.cpp:249:53:249:53 | variable_template | test.cpp:249:53:249:53 | definition of variable_template | | test.cpp:252:20:252:20 | T | test.cpp:252:20:252:20 | definition of T | | test.cpp:252:29:252:39 | VectorAlias | test.cpp:252:29:252:39 | definition of VectorAlias | | test.cpp:255:7:255:15 | BaseClass | test.cpp:255:7:255:15 | definition of BaseClass | diff --git a/cpp/common/test/rules/unusedtypedeclarations/UnusedTypeDeclarations.expected b/cpp/common/test/rules/unusedtypedeclarations/UnusedTypeDeclarations.expected index 6c80382e35..a4538f01c5 100644 --- a/cpp/common/test/rules/unusedtypedeclarations/UnusedTypeDeclarations.expected +++ b/cpp/common/test/rules/unusedtypedeclarations/UnusedTypeDeclarations.expected @@ -3,7 +3,8 @@ | test.cpp:13:11:13:11 | D | Type declaration D is not used. | | test.cpp:77:11:77:11 | R | Type declaration R is not used. | | test.cpp:90:12:90:12 | (unnamed class/struct/union) | Type declaration (unnamed class/struct/union) is not used. | -| test.cpp:127:7:127:12 | Nested | Type declaration Nested is not used. | -| test.cpp:136:9:136:20 | UnusedNested | Type declaration UnusedNested is not used. | -| test.cpp:139:7:139:22 | NestedBlockScope | Type declaration NestedBlockScope is not used. | -| test.cpp:150:11:150:16 | Unused | Type declaration Unused is not used. | +| test.cpp:111:29:111:30 | AA | Type declaration AA is not used. | +| test.cpp:126:7:126:12 | Nested | Type declaration Nested is not used. | +| test.cpp:135:9:135:20 | UnusedNested | Type declaration UnusedNested is not used. | +| test.cpp:138:7:138:22 | NestedBlockScope | Type declaration NestedBlockScope is not used. | +| test.cpp:149:11:149:16 | Unused | Type declaration Unused is not used. | diff --git a/cpp/common/test/rules/unusedtypedeclarations/test.cpp b/cpp/common/test/rules/unusedtypedeclarations/test.cpp index af404ff005..2c2699af04 100644 --- a/cpp/common/test/rules/unusedtypedeclarations/test.cpp +++ b/cpp/common/test/rules/unusedtypedeclarations/test.cpp @@ -107,9 +107,8 @@ template class X { // COMPLIANT - template class never instantiated template class Y {}; // COMPLIANT - used in the test case below // Alias templates -template using Z = Y; // COMPLIANT - used below -template -using AA = Y; // NON_COMPLIANT[FALSE_NEGATIVE] - never instantiated +template using Z = Y; // COMPLIANT - used below +template using AA = Y; // NON_COMPLIANT - never instantiated void test_alias_template() { Z v; } diff --git a/cpp/misra/src/codeql-pack.lock.yml b/cpp/misra/src/codeql-pack.lock.yml index 86c985eb17..89576df617 100644 --- a/cpp/misra/src/codeql-pack.lock.yml +++ b/cpp/misra/src/codeql-pack.lock.yml @@ -3,26 +3,28 @@ lockVersion: 1.0.0 dependencies: advanced-security/qtil: version: 0.0.3 + codeql/controlflow: + version: 2.0.17 codeql/cpp-all: - version: 5.0.0 + version: 6.0.0 codeql/dataflow: - version: 2.0.8 + version: 2.0.17 codeql/mad: - version: 1.0.24 + version: 1.0.33 codeql/quantum: - version: 0.0.2 + version: 0.0.11 codeql/rangeanalysis: - version: 1.0.24 + version: 1.0.33 codeql/ssa: - version: 2.0.0 + version: 2.0.9 codeql/tutorial: - version: 1.0.24 + version: 1.0.33 codeql/typeflow: - version: 1.0.24 + version: 1.0.33 codeql/typetracking: - version: 2.0.8 + version: 2.0.17 codeql/util: - version: 2.0.11 + version: 2.0.20 codeql/xml: - version: 1.0.24 + version: 1.0.33 compiled: false diff --git a/cpp/misra/src/qlpack.yml b/cpp/misra/src/qlpack.yml index 222f2523a1..5fbbe8c3ad 100644 --- a/cpp/misra/src/qlpack.yml +++ b/cpp/misra/src/qlpack.yml @@ -5,5 +5,5 @@ default-suite: codeql-suites/misra-cpp-default.qls license: MIT dependencies: codeql/common-cpp-coding-standards: '*' - codeql/cpp-all: 5.0.0 + codeql/cpp-all: 6.0.0 advanced-security/qtil: 0.0.3 diff --git a/cpp/misra/src/rules/RULE-8-7-1/PointerArithmeticFormsAnInvalidPointer.ql b/cpp/misra/src/rules/RULE-8-7-1/PointerArithmeticFormsAnInvalidPointer.ql index f2fd549207..9603c31680 100644 --- a/cpp/misra/src/rules/RULE-8-7-1/PointerArithmeticFormsAnInvalidPointer.ql +++ b/cpp/misra/src/rules/RULE-8-7-1/PointerArithmeticFormsAnInvalidPointer.ql @@ -18,7 +18,6 @@ import cpp import codingstandards.cpp.misra import semmle.code.cpp.ir.IR import semmle.code.cpp.dataflow.new.DataFlow -import semmle.code.cpp.ir.dataflow.internal.DataFlowUtil import semmle.code.cpp.security.BufferAccess /** @@ -198,9 +197,9 @@ class ArrayAllocation extends TArrayAllocation { * the version that has it, the class can be safely removed. */ -import semmle.code.cpp.ir.dataflow.internal.SsaInternals as SsaImpl +import semmle.code.cpp.ir.dataflow.internal.SsaImpl as SsaImpl -class IndirectUninitializedNode extends Node { +class IndirectUninitializedNode extends DataFlow::Node { LocalVariable v; int indirection; diff --git a/cpp/misra/test/codeql-pack.lock.yml b/cpp/misra/test/codeql-pack.lock.yml index 86c985eb17..89576df617 100644 --- a/cpp/misra/test/codeql-pack.lock.yml +++ b/cpp/misra/test/codeql-pack.lock.yml @@ -3,26 +3,28 @@ lockVersion: 1.0.0 dependencies: advanced-security/qtil: version: 0.0.3 + codeql/controlflow: + version: 2.0.17 codeql/cpp-all: - version: 5.0.0 + version: 6.0.0 codeql/dataflow: - version: 2.0.8 + version: 2.0.17 codeql/mad: - version: 1.0.24 + version: 1.0.33 codeql/quantum: - version: 0.0.2 + version: 0.0.11 codeql/rangeanalysis: - version: 1.0.24 + version: 1.0.33 codeql/ssa: - version: 2.0.0 + version: 2.0.9 codeql/tutorial: - version: 1.0.24 + version: 1.0.33 codeql/typeflow: - version: 1.0.24 + version: 1.0.33 codeql/typetracking: - version: 2.0.8 + version: 2.0.17 codeql/util: - version: 2.0.11 + version: 2.0.20 codeql/xml: - version: 1.0.24 + version: 1.0.33 compiled: false diff --git a/cpp/report/src/codeql-pack.lock.yml b/cpp/report/src/codeql-pack.lock.yml index 0ff25f8606..facc8598f6 100644 --- a/cpp/report/src/codeql-pack.lock.yml +++ b/cpp/report/src/codeql-pack.lock.yml @@ -1,26 +1,28 @@ --- lockVersion: 1.0.0 dependencies: + codeql/controlflow: + version: 2.0.17 codeql/cpp-all: - version: 5.0.0 + version: 6.0.0 codeql/dataflow: - version: 2.0.8 + version: 2.0.17 codeql/mad: - version: 1.0.24 + version: 1.0.33 codeql/quantum: - version: 0.0.2 + version: 0.0.11 codeql/rangeanalysis: - version: 1.0.24 + version: 1.0.33 codeql/ssa: - version: 2.0.0 + version: 2.0.9 codeql/tutorial: - version: 1.0.24 + version: 1.0.33 codeql/typeflow: - version: 1.0.24 + version: 1.0.33 codeql/typetracking: - version: 2.0.8 + version: 2.0.17 codeql/util: - version: 2.0.11 + version: 2.0.20 codeql/xml: - version: 1.0.24 + version: 1.0.33 compiled: false diff --git a/cpp/report/src/qlpack.yml b/cpp/report/src/qlpack.yml index edce6f59d0..6341f3a69a 100644 --- a/cpp/report/src/qlpack.yml +++ b/cpp/report/src/qlpack.yml @@ -2,4 +2,4 @@ name: codeql/report-cpp-coding-standards version: 2.62.0-dev license: MIT dependencies: - codeql/cpp-all: 5.0.0 + codeql/cpp-all: 6.0.0 diff --git a/scripts/generate_modules/queries/codeql-pack.lock.yml b/scripts/generate_modules/queries/codeql-pack.lock.yml index 0ff25f8606..facc8598f6 100644 --- a/scripts/generate_modules/queries/codeql-pack.lock.yml +++ b/scripts/generate_modules/queries/codeql-pack.lock.yml @@ -1,26 +1,28 @@ --- lockVersion: 1.0.0 dependencies: + codeql/controlflow: + version: 2.0.17 codeql/cpp-all: - version: 5.0.0 + version: 6.0.0 codeql/dataflow: - version: 2.0.8 + version: 2.0.17 codeql/mad: - version: 1.0.24 + version: 1.0.33 codeql/quantum: - version: 0.0.2 + version: 0.0.11 codeql/rangeanalysis: - version: 1.0.24 + version: 1.0.33 codeql/ssa: - version: 2.0.0 + version: 2.0.9 codeql/tutorial: - version: 1.0.24 + version: 1.0.33 codeql/typeflow: - version: 1.0.24 + version: 1.0.33 codeql/typetracking: - version: 2.0.8 + version: 2.0.17 codeql/util: - version: 2.0.11 + version: 2.0.20 codeql/xml: - version: 1.0.24 + version: 1.0.33 compiled: false diff --git a/scripts/generate_modules/queries/qlpack.yml b/scripts/generate_modules/queries/qlpack.yml index b953234cb7..faf2ac001d 100644 --- a/scripts/generate_modules/queries/qlpack.yml +++ b/scripts/generate_modules/queries/qlpack.yml @@ -2,4 +2,4 @@ name: codeql/standard-library-extraction-cpp-coding-standards version: 0.0.0 license: MIT dependencies: - codeql/cpp-all: 5.0.0 + codeql/cpp-all: 6.0.0 diff --git a/supported_codeql_configs.json b/supported_codeql_configs.json index 85895fd9be..b9b0a0649d 100644 --- a/supported_codeql_configs.json +++ b/supported_codeql_configs.json @@ -1,9 +1,9 @@ { "supported_environment": [ { - "codeql_cli": "2.21.4", - "codeql_standard_library": "codeql-cli/v2.21.4", - "codeql_cli_bundle": "codeql-bundle-v2.21.4" + "codeql_cli": "2.23.3", + "codeql_standard_library": "codeql-cli/v2.23.3", + "codeql_cli_bundle": "codeql-bundle-v2.23.3" } ], "supported_language": [ From 051c56eee1ac55c9b690a516c775c1c82f372089 Mon Sep 17 00:00:00 2001 From: Mauro Baluda Date: Tue, 30 Jun 2026 17:42:34 +0200 Subject: [PATCH 102/104] Revert "Create temporary copies of parts of the concurrency library" This reverts commit 012ac3d82d39d4474102ecccc94d1ab33312227c. --- .../codingstandards/cpp/ConcurrencyNew.qll | 15 -- .../cpp/concurrency/LockingOperationNew.qll | 235 ----------------- .../concurrency/ThreadDependentMutexNew.qll | 246 ------------------ .../concurrency/ThreadSpecificStorageNew.qll | 59 ----- 4 files changed, 555 deletions(-) delete mode 100644 cpp/common/src/codingstandards/cpp/ConcurrencyNew.qll delete mode 100644 cpp/common/src/codingstandards/cpp/concurrency/LockingOperationNew.qll delete mode 100644 cpp/common/src/codingstandards/cpp/concurrency/ThreadDependentMutexNew.qll delete mode 100644 cpp/common/src/codingstandards/cpp/concurrency/ThreadSpecificStorageNew.qll diff --git a/cpp/common/src/codingstandards/cpp/ConcurrencyNew.qll b/cpp/common/src/codingstandards/cpp/ConcurrencyNew.qll deleted file mode 100644 index 37aea01889..0000000000 --- a/cpp/common/src/codingstandards/cpp/ConcurrencyNew.qll +++ /dev/null @@ -1,15 +0,0 @@ -import cpp -import semmle.code.cpp.dataflow.new.TaintTracking -import codingstandards.cpp.concurrency.Atomic -import codingstandards.cpp.concurrency.CConditionOperation -import codingstandards.cpp.concurrency.ControlFlow -import codingstandards.cpp.concurrency.ConditionalWait -import codingstandards.cpp.concurrency.LockingOperationNew -import codingstandards.cpp.concurrency.LockProtectedControlFlow -import codingstandards.cpp.concurrency.MutexDestroyer -import codingstandards.cpp.concurrency.ThreadCreation -import codingstandards.cpp.concurrency.ThreadedFunction -import codingstandards.cpp.concurrency.ThreadDependentMutexNew -import codingstandards.cpp.concurrency.ThreadSpecificStorageNew -import codingstandards.cpp.concurrency.ThreadWaitDetach -import codingstandards.cpp.concurrency.Types diff --git a/cpp/common/src/codingstandards/cpp/concurrency/LockingOperationNew.qll b/cpp/common/src/codingstandards/cpp/concurrency/LockingOperationNew.qll deleted file mode 100644 index 114b569204..0000000000 --- a/cpp/common/src/codingstandards/cpp/concurrency/LockingOperationNew.qll +++ /dev/null @@ -1,235 +0,0 @@ -import cpp -import semmle.code.cpp.dataflow.new.TaintTracking - -abstract class LockingOperation extends FunctionCall { - /** - * Returns the target of the lock underlying this RAII-style lock. - */ - abstract Variable getLock(); - - /** - * Returns the lock underlying this RAII-style lock. - */ - abstract Expr getLockExpr(); - - /** - * Holds if this is a lock operation - */ - abstract predicate isLock(); - - /** - * Holds if this is an unlock operation - */ - abstract predicate isUnlock(); - - /** - * Holds if this locking operation is really a locking operation within a - * designated locking operation. This library assumes the underlying locking - * operations are implemented correctly in that calling a `LockingOperation` - * results in the creation of a singular lock. - */ - predicate isLockingOperationWithinLockingOperation(LockingOperation inner) { - exists(LockingOperation outer | outer.getTarget() = inner.getEnclosingFunction()) - } -} - -/** - * Common base class providing an interface into function call - * based mutex locks. - */ -abstract class MutexFunctionCall extends LockingOperation { - abstract predicate isRecursive(); - - abstract predicate isSpeculativeLock(); - - abstract predicate unlocks(MutexFunctionCall fc); -} - -/** - * Models calls to various mutex types found in CPP. - */ -class CPPMutexFunctionCall extends MutexFunctionCall { - VariableAccess var; - - CPPMutexFunctionCall() { - getTarget() - .(MemberFunction) - .getDeclaringType() - .hasQualifiedName("std", - ["mutex", "timed_mutex", "shared_timed_mutex", "recursive_mutex", "recursive_timed_mutex"]) and - var = getQualifier() - } - - /** - * Holds if this mutex is a recursive mutex. - */ - override predicate isRecursive() { - getTarget() - .(MemberFunction) - .getDeclaringType() - .hasQualifiedName("std", ["recursive_mutex", "recursive_timed_mutex"]) - } - - /** - * Holds if this `CPPMutexFunctionCall` is a lock. - */ - override predicate isLock() { - not isLockingOperationWithinLockingOperation(this) and - getTarget().getName() = "lock" - } - - /** - * Holds if this `CPPMutexFunctionCall` is a speculative lock, defined as calling - * one of the speculative locking functions such as `try_lock`. - */ - override predicate isSpeculativeLock() { - getTarget().getName() in [ - "try_lock", "try_lock_for", "try_lock_until", "try_lock_shared_for", "try_lock_shared_until" - ] - } - - /** - * Returns the lock to which this `CPPMutexFunctionCall` refers to. - */ - override Variable getLock() { result = getQualifier().(VariableAccess).getTarget() } - - /** - * Returns the qualifier for this `CPPMutexFunctionCall`. - */ - override Expr getLockExpr() { result = var } - - /** - * Holds if this is a `unlock` and *may* unlock the previously locked `MutexFunctionCall`. - * This predicate does not check that the mutex is currently locked. - */ - override predicate unlocks(MutexFunctionCall fc) { - isUnlock() and - fc.getQualifier().(VariableAccess).getTarget() = getQualifier().(VariableAccess).getTarget() - } - - /** - * Holds if this is an unlock call. - */ - override predicate isUnlock() { getTarget().getName() = "unlock" } -} - -/** - * Models calls to various mutex types specialized to C code. - */ -class CMutexFunctionCall extends MutexFunctionCall { - Expr arg; - - CMutexFunctionCall() { - // the non recursive kinds - getTarget().getName() = ["mtx_lock", "mtx_unlock", "mtx_timedlock", "mtx_trylock"] and - arg = getArgument(0) - } - - /** - * Holds if this mutex is a recursive mutex. - */ - override predicate isRecursive() { none() } - - /** - * Holds if this `CMutexFunctionCall` is a lock. - */ - override predicate isLock() { - not isLockingOperationWithinLockingOperation(this) and - getTarget().getName() = ["mtx_lock", "mtx_timedlock", "mtx_trylock"] - } - - /** - * Holds if this `CMutexFunctionCall` is a speculative lock, defined as calling - * one of the speculative locking functions such as `try_lock`. - */ - override predicate isSpeculativeLock() { - getTarget().getName() in ["mtx_timedlock", "mtx_trylock"] - } - - /** - * Returns the `Variable` to which this `CMutexFunctionCall` refers to. For this - * style of lock it can reference a number of different variables. - */ - override Variable getLock() { - exists(VariableAccess va | - TaintTracking::localTaint(DataFlow::exprNode(va), DataFlow::exprNode(getLockExpr())) and - result = va.getTarget() - ) - } - - /** - * Returns the expression for this `CMutexFunctionCall`. - */ - override Expr getLockExpr() { result = arg } - - /** - * Holds if this is a `unlock` and *may* unlock the previously locked `CMutexFunctionCall`. - * This predicate does not check that the mutex is currently locked. - */ - override predicate unlocks(MutexFunctionCall fc) { - isUnlock() and - fc.getLock() = getLock() - } - - /** - * Holds if this is an unlock call. - */ - override predicate isUnlock() { getTarget().getName() = "mtx_unlock" } -} - -/** - * Models a RAII-Style lock. - */ -class RAIIStyleLock extends LockingOperation { - VariableAccess lock; - - RAIIStyleLock() { - ( - getTarget().getDeclaringType().hasQualifiedName("std", "lock_guard") or - getTarget().getDeclaringType().hasQualifiedName("std", "unique_lock") or - getTarget().getDeclaringType().hasQualifiedName("std", "scoped_lock") - ) and - ( - lock = getArgument(0).getAChild*() - or - this instanceof DestructorCall and - exists(RAIIStyleLock constructor | - constructor = getQualifier().(VariableAccess).getTarget().getInitializer().getExpr() and - lock = constructor.getArgument(0).getAChild*() - ) - ) - } - - /** - * Holds if this is a lock operation - */ - override predicate isLock() { - not isLockingOperationWithinLockingOperation(this) and - this instanceof ConstructorCall and - lock = getArgument(0).getAChild*() and - // defer_locks don't cause a lock - not exists(Expr exp | - exp = getArgument(1) and - exp.(VariableAccess) - .getTarget() - .getUnderlyingType() - .(Class) - .hasQualifiedName("std", "defer_lock_t") - ) - } - - /** - * Holds if this is an unlock operation - */ - override predicate isUnlock() { this instanceof DestructorCall } - - /** - * Returns the target of the lock underlying this RAII-style lock. - */ - override Variable getLock() { result = lock.getTarget() } - - /** - * Returns the lock underlying this RAII-style lock. - */ - override Expr getLockExpr() { result = lock } -} diff --git a/cpp/common/src/codingstandards/cpp/concurrency/ThreadDependentMutexNew.qll b/cpp/common/src/codingstandards/cpp/concurrency/ThreadDependentMutexNew.qll deleted file mode 100644 index c761e2b1be..0000000000 --- a/cpp/common/src/codingstandards/cpp/concurrency/ThreadDependentMutexNew.qll +++ /dev/null @@ -1,246 +0,0 @@ -import cpp -import semmle.code.cpp.dataflow.new.TaintTracking -private import codingstandards.cpp.concurrency.ControlFlow -private import codingstandards.cpp.concurrency.ThreadedFunction - -abstract class MutexSource extends FunctionCall { } - -/** - * Models a C++ style mutex. - */ -class CPPMutexSource extends MutexSource, ConstructorCall { - CPPMutexSource() { getTarget().getDeclaringType().hasQualifiedName("std", "mutex") } -} - -/** - * Models a C11 style mutex. - */ -class C11MutexSource extends MutexSource, FunctionCall { - C11MutexSource() { getTarget().hasName("mtx_init") } - - Expr getMutexExpr() { result = getArgument(0) } - - Expr getMutexTypeExpr() { result = getArgument(1) } - - predicate isRecursive() { - exists(EnumConstantAccess recursive | - recursive = getMutexTypeExpr().getAChild*() and - recursive.getTarget().hasName("mtx_recursive") - ) - } -} - -/** - * Models a thread dependent mutex. A thread dependent mutex is a mutex - * that is used by a thread. This dependency is established either by directly - * passing in a mutex or by referencing a mutex that is in the local scope. The utility - * of this class is it captures the `DataFlow::Node` source at which the mutex - * came from. For example, if it is passed in from a local function to a thread. - * This functionality is critical, since it allows one to inspect how the thread - * behaves with respect to the owner of a resource. - * - * To model the myriad ways this can happen, the subclasses of this class are - * responsible for implementing the various usage patterns. - */ -abstract class ThreadDependentMutex extends DataFlow::Node { - DataFlow::Node sink; - - DataFlow::Node getASource() { - // the source is either the thing that declared - // the mutex - result = this - or - // or the thread we are using it in - result = getAThreadSource() - } - - /** - * Gets the dataflow nodes corresponding to thread local usages of the - * dependent mutex. - */ - DataFlow::Node getAThreadSource() { - // here we line up the actual parameter at the thread creation - // site with the formal parameter in the target thread. - // Note that there are differences between the C and C++ versions - // of the argument ordering in the thread creation function. However, - // since the C version only takes one parameter (as opposed to multiple) - // we can simplify this search by considering only the first argument. - exists(FunctionCall fc, Function f, int n | - // Get the argument to which the mutex flowed. - fc.getArgument(n) = sink.asExpr() and - // Get the thread function we are calling. - f = fc.getArgument(0).(FunctionAccess).getTarget() and - // in C++, there is an extra argument to the `std::thread` call - // so we must subtract 1 since this is not passed to the thread. - ( - result = DataFlow::exprNode(f.getParameter(n - 1).getAnAccess()) - or - // In C, only one argument is allowed. Thus IF the flow predicate holds, - // it will be to the first argument - result = DataFlow::exprNode(f.getParameter(0).getAnAccess()) - ) - ) - } - - /** - * Produces the set of dataflow nodes to thread creation for threads - * that are dependent on this mutex. - */ - DataFlow::Node getADependentThreadCreationExpr() { - exists(FunctionCall fc | - fc.getAnArgument() = sink.asExpr() and - result = DataFlow::exprNode(fc) - ) - } - - /** - * Gets a set of usages of this mutex in both the local and thread scope. - * In the case of scoped usage, this also captures typical accesses of variables. - */ - DataFlow::Node getAUsage() { TaintTracking::localTaint(getASource(), result) } -} - -/** - * This class models the type of thread/mutex dependency that is established - * through the typical parameter passing mechanisms found in C++. - */ -class FlowBasedThreadDependentMutex extends ThreadDependentMutex { - FlowBasedThreadDependentMutex() { - // some sort of dataflow, likely through parameter passing. - ThreadDependentMutexFlow::flow(this, sink) - } -} - -/** - * This class models the type of thread/mutex dependency that is established by - * either scope based accesses (e.g., global variables) or block scope differences. - */ -class AccessBasedThreadDependentMutex extends ThreadDependentMutex { - Variable variableSource; - - AccessBasedThreadDependentMutex() { - // encapsulates usages from outside scopes not directly expressed - // in dataflow. - exists(MutexSource mutexSrc, ThreadedFunction f | - DataFlow::exprNode(mutexSrc) = this and - // find a variable that was assigned the mutex - TaintTracking::localTaint(DataFlow::exprNode(mutexSrc), - DataFlow::exprNode(variableSource.getAnAssignedValue())) and - // find all subsequent accesses of that variable that are within a - // function and set those to the sink - exists(VariableAccess va | - va = variableSource.getAnAccess() and - va.getEnclosingFunction() = f and - sink = DataFlow::exprNode(va) - ) - ) - } - - override DataFlow::Node getAUsage() { DataFlow::exprNode(variableSource.getAnAccess()) = result } -} - -/** - * In the typical C thread model, a mutex is a created by a function that is not responsible - * for creating the variable. Thus this class encodes a slightly different semantics - * wherein the usage pattern is that of variables that have been both initialized - * and then subsequently passed into a thread directly. - */ -class DeclarationInitBasedThreadDependentMutex extends ThreadDependentMutex { - Variable variableSource; - - DeclarationInitBasedThreadDependentMutex() { - exists(MutexSource ms, ThreadCreationFunction tcf | - this = DataFlow::exprNode(ms) and - // accessed as a mutex source - TaintTracking::localTaint(DataFlow::exprNode(variableSource.getAnAccess()), - DataFlow::exprNode(ms.getAnArgument())) and - // subsequently passed to a thread creation function (order not strictly - // enforced for performance reasons) - sink = DataFlow::exprNode(tcf.getAnArgument()) and - TaintTracking::localTaint(DataFlow::exprNode(variableSource.getAnAccess()), sink) - ) - } - - override DataFlow::Node getAUsage() { - TaintTracking::localTaint(getASource(), result) or - DataFlow::exprNode(variableSource.getAnAccess()) = result - } - - override DataFlow::Node getASource() { - // the source is either the thing that declared - // the mutex - result = this - or - // or the thread we are using it in - result = getAThreadSource() - } - - DataFlow::Node getSink() { result = sink } - - /** - * Gets the dataflow nodes corresponding to thread local usages of the - * dependent mutex. - */ - override DataFlow::Node getAThreadSource() { - // here we line up the actual parameter at the thread creation - // site with the formal parameter in the target thread. - // Note that there are differences between the C and C++ versions - // of the argument ordering in the thread creation function. However, - // since the C version only takes one parameter (as opposed to multiple) - // we can simplify this search by considering only the first argument. - exists( - FunctionCall fc, Function f, int n // CPP Version - | - fc.getArgument(n) = sink.asExpr() and - f = fc.getArgument(0).(FunctionAccess).getTarget() and - // in C++, there is an extra argument to the `std::thread` call - // so we must subtract 1 since this is not passed to the thread. - result = DataFlow::exprNode(f.getParameter(n - 1).getAnAccess()) - ) - or - exists( - FunctionCall fc, Function f // C Version - | - fc.getAnArgument() = sink.asExpr() and - // in C, the second argument is the function - f = fc.getArgument(1).(FunctionAccess).getTarget() and - // in C, the passed argument is always the zeroth argument - result = DataFlow::exprNode(f.getParameter(0).getAnAccess()) - ) - } -} - -/** - * In the typical C model, another way to use mutexes is to work with global variables - * that can be initialized at various points -- one of which must be inside a thread. - * This class encapsulates this pattern. - */ -class DeclarationInitAccessBasedThreadDependentMutex extends ThreadDependentMutex { - Variable variableSource; - - DeclarationInitAccessBasedThreadDependentMutex() { - exists(MutexSource ms, ThreadedFunction tf, VariableAccess va | - this = DataFlow::exprNode(ms) and - // accessed as a mutex source - TaintTracking::localTaint(DataFlow::exprNode(variableSource.getAnAccess()), - DataFlow::exprNode(ms.getAnArgument())) and - // is accessed somewhere else - va = variableSource.getAnAccess() and - sink = DataFlow::exprNode(va) and - // one of which must be a thread - va.getEnclosingFunction() = tf - ) - } - - override DataFlow::Node getAUsage() { result = DataFlow::exprNode(variableSource.getAnAccess()) } -} - -module ThreadDependentMutexConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node node) { node.asExpr() instanceof MutexSource } - - predicate isSink(DataFlow::Node node) { - exists(ThreadCreationFunction f | f.getAnArgument() = node.asExpr()) - } -} - -module ThreadDependentMutexFlow = TaintTracking::Global; diff --git a/cpp/common/src/codingstandards/cpp/concurrency/ThreadSpecificStorageNew.qll b/cpp/common/src/codingstandards/cpp/concurrency/ThreadSpecificStorageNew.qll deleted file mode 100644 index 6dcb169250..0000000000 --- a/cpp/common/src/codingstandards/cpp/concurrency/ThreadSpecificStorageNew.qll +++ /dev/null @@ -1,59 +0,0 @@ -import cpp -private import semmle.code.cpp.dataflow.new.DataFlow -private import codingstandards.cpp.concurrency.ThreadCreation - -/** - * Models calls to thread specific storage function calls. - */ -abstract class ThreadSpecificStorageFunctionCall extends FunctionCall { - /** - * Gets the key to which this call references. - */ - Expr getKey() { getArgument(0) = result } -} - -/** - * Models calls to `tss_get`. - */ -class TSSGetFunctionCall extends ThreadSpecificStorageFunctionCall { - TSSGetFunctionCall() { getTarget().getName() = "tss_get" } -} - -/** - * Models calls to `tss_set`. - */ -class TSSSetFunctionCall extends ThreadSpecificStorageFunctionCall { - TSSSetFunctionCall() { getTarget().getName() = "tss_set" } -} - -/** - * Models calls to `tss_create` - */ -class TSSCreateFunctionCall extends ThreadSpecificStorageFunctionCall { - TSSCreateFunctionCall() { getTarget().getName() = "tss_create" } - - predicate hasDeallocator() { - not exists(MacroInvocation mi, NullMacro nm | - getArgument(1) = mi.getExpr() and - mi = nm.getAnInvocation() - ) - } -} - -/** - * Models calls to `tss_delete` - */ -class TSSDeleteFunctionCall extends ThreadSpecificStorageFunctionCall { - TSSDeleteFunctionCall() { getTarget().getName() = "tss_delete" } -} - -/** - * Gets a call to `DeallocationExpr` that deallocates memory owned by thread specific - * storage. - */ -predicate getAThreadSpecificStorageDeallocationCall(C11ThreadCreateCall tcc, DeallocationExpr dexp) { - exists(TSSGetFunctionCall tsg | - tcc.getFunction().getEntryPoint().getASuccessor*() = tsg and - DataFlow::localFlow(DataFlow::exprNode(tsg), DataFlow::exprNode(dexp.getFreedExpr())) - ) -} From 4b07e11ceb614ff3d0d60971ae2c66adf3d3d191 Mon Sep 17 00:00:00 2001 From: Mauro Baluda Date: Tue, 30 Jun 2026 19:59:28 +0200 Subject: [PATCH 103/104] PossibleDataRaceBetweenThreads.ql fix --- c/misra/src/rules/DIR-5-1/PossibleDataRaceBetweenThreads.ql | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/c/misra/src/rules/DIR-5-1/PossibleDataRaceBetweenThreads.ql b/c/misra/src/rules/DIR-5-1/PossibleDataRaceBetweenThreads.ql index 5bcea0c5c6..187c926278 100644 --- a/c/misra/src/rules/DIR-5-1/PossibleDataRaceBetweenThreads.ql +++ b/c/misra/src/rules/DIR-5-1/PossibleDataRaceBetweenThreads.ql @@ -15,9 +15,9 @@ import cpp import codingstandards.c.misra -import codingstandards.c.Objects -import codingstandards.c.SubObjects -import codingstandards.cpp.ConcurrencyNew +import codingstandards.c.Objects as CObjects +import codingstandards.c.SubObjects as CSubObjects +import codingstandards.cpp.rules.possibledataracebetweenthreadsshared.PossibleDataRaceBetweenThreadsShared module PossibleDataRaceBetweenThreadsConfig implements PossibleDataRaceBetweenThreadsSharedConfigSig { From b5970a41fc995b167cb24d182f47e91fa9832b1a Mon Sep 17 00:00:00 2001 From: Mauro Baluda Date: Tue, 30 Jun 2026 20:14:58 +0200 Subject: [PATCH 104/104] Refactor concurrency imports --- c/cert/src/rules/CON30-C/CleanUpThreadSpecificStorage.ql | 3 +-- .../rules/CON33-C/RaceConditionsWhenUsingLibraryFunctions.ql | 2 +- .../rules/CON34-C/AppropriateThreadObjectStorageDurations.ql | 3 +-- .../CON34-C/ThreadObjectStorageDurationsNotInitialized.ql | 3 +-- .../src/rules/CON37-C/DoNotCallSignalInMultithreadedProgram.ql | 2 +- c/cert/src/rules/CON40-C/AtomicVariableTwiceInExpression.ql | 2 +- .../rules/CON41-C/WrapFunctionsThatCanFailSpuriouslyInLoop.ql | 2 +- .../c/initialization/GlobalInitializationAnalysis.qll | 2 +- c/misra/src/rules/DIR-5-3/BannedDynamicThreadCreation.ql | 2 +- c/misra/src/rules/DIR-5-3/ThreadCreatedByThread.ql | 2 +- .../RULE-18-6/ThreadLocalObjectAddressCopiedToGlobalObject.ql | 2 +- .../src/rules/RULE-22-12/NonstandardUseOfThreadingObject.ql | 2 +- .../RULE-22-13/ThreadingObjectWithInvalidStorageDuration.ql | 2 +- c/misra/src/rules/RULE-22-14/MutexInitWithInvalidMutexType.ql | 2 +- c/misra/src/rules/RULE-22-14/MutexInitializedInsideThread.ql | 2 +- c/misra/src/rules/RULE-22-14/MutexNotInitializedBeforeUse.ql | 2 +- .../RULE-22-15/ThreadResourceDisposedBeforeThreadsJoined.ql | 2 +- .../src/rules/RULE-22-17/InvalidOperationOnUnlockedMutex.ql | 2 +- .../src/rules/RULE-22-18/NonRecursiveMutexRecursivelyLocked.ql | 2 +- .../RULE-22-18/NonRecursiveMutexRecursivelyLockedAudit.ql | 2 +- .../RULE-22-19/ConditionVariableUsedWithMultipleMutexes.ql | 2 +- .../rules/RULE-22-20/ThreadStorageNotInitializedBeforeUse.ql | 2 +- .../RULE-22-20/ThreadStoragePointerInitializedInsideThread.ql | 2 +- .../DoNotSpeculativelyLockALockedNonRecursiveMutex.ql | 2 +- .../src/rules/CON56-CPP/LockedALockedNonRecursiveMutexAudit.ql | 2 +- .../src/codingstandards/cpp/concurrency/LockingOperation.qll | 2 +- .../codingstandards/cpp/concurrency/ThreadDependentMutex.qll | 2 +- .../codingstandards/cpp/concurrency/ThreadSpecificStorage.qll | 2 +- .../rules/guardaccesstobitfields/GuardAccessToBitFields.qll | 2 +- .../joinordetachthreadonlyonce/JoinOrDetachThreadOnlyOnce.qll | 2 +- .../PreserveSafetyWhenUsingConditionVariables.qll | 2 +- .../PreventDeadlockByLockingInPredefinedOrder.qll | 2 +- .../wrapspuriousfunctioninloop/WrapSpuriousFunctionInLoop.qll | 2 +- 33 files changed, 33 insertions(+), 36 deletions(-) diff --git a/c/cert/src/rules/CON30-C/CleanUpThreadSpecificStorage.ql b/c/cert/src/rules/CON30-C/CleanUpThreadSpecificStorage.ql index 50ed7f0ff3..5814decd58 100644 --- a/c/cert/src/rules/CON30-C/CleanUpThreadSpecificStorage.ql +++ b/c/cert/src/rules/CON30-C/CleanUpThreadSpecificStorage.ql @@ -19,8 +19,7 @@ import cpp import codingstandards.c.cert -import codingstandards.cpp.ConcurrencyNew -import semmle.code.cpp.dataflow.new.DataFlow +import codingstandards.cpp.Concurrency newtype Direction = Incoming() or diff --git a/c/cert/src/rules/CON33-C/RaceConditionsWhenUsingLibraryFunctions.ql b/c/cert/src/rules/CON33-C/RaceConditionsWhenUsingLibraryFunctions.ql index dadb21985e..c9bcaa6bd2 100644 --- a/c/cert/src/rules/CON33-C/RaceConditionsWhenUsingLibraryFunctions.ql +++ b/c/cert/src/rules/CON33-C/RaceConditionsWhenUsingLibraryFunctions.ql @@ -18,7 +18,7 @@ import cpp import codingstandards.c.cert -import codingstandards.cpp.ConcurrencyNew +import codingstandards.cpp.Concurrency from ThreadedCFN node where diff --git a/c/cert/src/rules/CON34-C/AppropriateThreadObjectStorageDurations.ql b/c/cert/src/rules/CON34-C/AppropriateThreadObjectStorageDurations.ql index 10cdec5c73..f44a5e642d 100644 --- a/c/cert/src/rules/CON34-C/AppropriateThreadObjectStorageDurations.ql +++ b/c/cert/src/rules/CON34-C/AppropriateThreadObjectStorageDurations.ql @@ -20,8 +20,7 @@ import cpp import codingstandards.c.cert import codingstandards.c.Objects -import codingstandards.cpp.ConcurrencyNew -import semmle.code.cpp.dataflow.new.DataFlow +import codingstandards.cpp.Concurrency import semmle.code.cpp.commons.Alloc from C11ThreadCreateCall tcc, Expr arg diff --git a/c/cert/src/rules/CON34-C/ThreadObjectStorageDurationsNotInitialized.ql b/c/cert/src/rules/CON34-C/ThreadObjectStorageDurationsNotInitialized.ql index 40acc1e3ea..3855e11f02 100644 --- a/c/cert/src/rules/CON34-C/ThreadObjectStorageDurationsNotInitialized.ql +++ b/c/cert/src/rules/CON34-C/ThreadObjectStorageDurationsNotInitialized.ql @@ -20,8 +20,7 @@ import cpp import codingstandards.c.cert -import codingstandards.cpp.ConcurrencyNew -import semmle.code.cpp.dataflow.new.DataFlow +import codingstandards.cpp.Concurrency from TSSGetFunctionCall tsg, ThreadedFunction tf where diff --git a/c/cert/src/rules/CON37-C/DoNotCallSignalInMultithreadedProgram.ql b/c/cert/src/rules/CON37-C/DoNotCallSignalInMultithreadedProgram.ql index 72fe5b5923..17691f24dd 100644 --- a/c/cert/src/rules/CON37-C/DoNotCallSignalInMultithreadedProgram.ql +++ b/c/cert/src/rules/CON37-C/DoNotCallSignalInMultithreadedProgram.ql @@ -19,7 +19,7 @@ import cpp import codingstandards.c.cert -import codingstandards.cpp.ConcurrencyNew +import codingstandards.cpp.Concurrency from FunctionCall fc // This should only be applied in the context of a multi-threaded program (since diff --git a/c/cert/src/rules/CON40-C/AtomicVariableTwiceInExpression.ql b/c/cert/src/rules/CON40-C/AtomicVariableTwiceInExpression.ql index cc85cd9d1c..0ec195868f 100644 --- a/c/cert/src/rules/CON40-C/AtomicVariableTwiceInExpression.ql +++ b/c/cert/src/rules/CON40-C/AtomicVariableTwiceInExpression.ql @@ -19,7 +19,7 @@ import cpp import codingstandards.c.cert -import codingstandards.cpp.ConcurrencyNew +import codingstandards.cpp.Concurrency from MacroInvocation mi, Variable v, Locatable whereFound where diff --git a/c/cert/src/rules/CON41-C/WrapFunctionsThatCanFailSpuriouslyInLoop.ql b/c/cert/src/rules/CON41-C/WrapFunctionsThatCanFailSpuriouslyInLoop.ql index d7754973fe..57be1bc488 100644 --- a/c/cert/src/rules/CON41-C/WrapFunctionsThatCanFailSpuriouslyInLoop.ql +++ b/c/cert/src/rules/CON41-C/WrapFunctionsThatCanFailSpuriouslyInLoop.ql @@ -19,7 +19,7 @@ import cpp import codingstandards.c.cert -import codingstandards.cpp.ConcurrencyNew +import codingstandards.cpp.Concurrency from AtomicCompareExchange ace where diff --git a/c/common/src/codingstandards/c/initialization/GlobalInitializationAnalysis.qll b/c/common/src/codingstandards/c/initialization/GlobalInitializationAnalysis.qll index cf32f9bdc6..2906883ae9 100644 --- a/c/common/src/codingstandards/c/initialization/GlobalInitializationAnalysis.qll +++ b/c/common/src/codingstandards/c/initialization/GlobalInitializationAnalysis.qll @@ -1,6 +1,6 @@ import cpp import codingstandards.c.Objects -import codingstandards.cpp.ConcurrencyNew +import codingstandards.cpp.Concurrency import codingstandards.cpp.Type signature module GlobalInitializationAnalysisConfigSig { diff --git a/c/misra/src/rules/DIR-5-3/BannedDynamicThreadCreation.ql b/c/misra/src/rules/DIR-5-3/BannedDynamicThreadCreation.ql index cb12a8156b..4bb526306b 100644 --- a/c/misra/src/rules/DIR-5-3/BannedDynamicThreadCreation.ql +++ b/c/misra/src/rules/DIR-5-3/BannedDynamicThreadCreation.ql @@ -18,7 +18,7 @@ import cpp import codingstandards.c.misra -import codingstandards.cpp.ConcurrencyNew +import codingstandards.cpp.Concurrency from CThreadCreateCall tc, Function enclosingFunction where diff --git a/c/misra/src/rules/DIR-5-3/ThreadCreatedByThread.ql b/c/misra/src/rules/DIR-5-3/ThreadCreatedByThread.ql index 11f76de7ae..207e763fa7 100644 --- a/c/misra/src/rules/DIR-5-3/ThreadCreatedByThread.ql +++ b/c/misra/src/rules/DIR-5-3/ThreadCreatedByThread.ql @@ -17,7 +17,7 @@ import cpp import codingstandards.c.misra -import codingstandards.cpp.ConcurrencyNew +import codingstandards.cpp.Concurrency class CThreadRoot extends Function { CThreadCreateCall threadCreate; diff --git a/c/misra/src/rules/RULE-18-6/ThreadLocalObjectAddressCopiedToGlobalObject.ql b/c/misra/src/rules/RULE-18-6/ThreadLocalObjectAddressCopiedToGlobalObject.ql index a8fea9558e..6a520447d1 100644 --- a/c/misra/src/rules/RULE-18-6/ThreadLocalObjectAddressCopiedToGlobalObject.ql +++ b/c/misra/src/rules/RULE-18-6/ThreadLocalObjectAddressCopiedToGlobalObject.ql @@ -16,7 +16,7 @@ import cpp import codingstandards.c.misra import codingstandards.c.Objects -import codingstandards.cpp.ConcurrencyNew +import codingstandards.cpp.Concurrency from AssignExpr assignment, Element threadLocal, ObjectIdentity static where diff --git a/c/misra/src/rules/RULE-22-12/NonstandardUseOfThreadingObject.ql b/c/misra/src/rules/RULE-22-12/NonstandardUseOfThreadingObject.ql index 15a437e7ed..d92b4ccea6 100644 --- a/c/misra/src/rules/RULE-22-12/NonstandardUseOfThreadingObject.ql +++ b/c/misra/src/rules/RULE-22-12/NonstandardUseOfThreadingObject.ql @@ -15,7 +15,7 @@ import cpp import codingstandards.c.misra -import codingstandards.cpp.ConcurrencyNew +import codingstandards.cpp.Concurrency import codingstandards.cpp.Type predicate isThreadingObject(Type t) { t instanceof PossiblySpecified::Type } diff --git a/c/misra/src/rules/RULE-22-13/ThreadingObjectWithInvalidStorageDuration.ql b/c/misra/src/rules/RULE-22-13/ThreadingObjectWithInvalidStorageDuration.ql index 18f3671202..066cf3c295 100644 --- a/c/misra/src/rules/RULE-22-13/ThreadingObjectWithInvalidStorageDuration.ql +++ b/c/misra/src/rules/RULE-22-13/ThreadingObjectWithInvalidStorageDuration.ql @@ -16,7 +16,7 @@ import cpp import codingstandards.c.misra import codingstandards.c.Objects -import codingstandards.cpp.ConcurrencyNew +import codingstandards.cpp.Concurrency import codingstandards.cpp.Type from ObjectIdentity obj, StorageDuration storageDuration, Type type diff --git a/c/misra/src/rules/RULE-22-14/MutexInitWithInvalidMutexType.ql b/c/misra/src/rules/RULE-22-14/MutexInitWithInvalidMutexType.ql index cda50fbf73..a122a0bec4 100644 --- a/c/misra/src/rules/RULE-22-14/MutexInitWithInvalidMutexType.ql +++ b/c/misra/src/rules/RULE-22-14/MutexInitWithInvalidMutexType.ql @@ -14,7 +14,7 @@ import cpp import codingstandards.c.misra -import codingstandards.cpp.ConcurrencyNew +import codingstandards.cpp.Concurrency predicate isBaseMutexType(EnumConstantAccess access) { access.getTarget().hasName(["mtx_plain", "mtx_timed"]) diff --git a/c/misra/src/rules/RULE-22-14/MutexInitializedInsideThread.ql b/c/misra/src/rules/RULE-22-14/MutexInitializedInsideThread.ql index 4b6afe9f5f..497fdaf14d 100644 --- a/c/misra/src/rules/RULE-22-14/MutexInitializedInsideThread.ql +++ b/c/misra/src/rules/RULE-22-14/MutexInitializedInsideThread.ql @@ -16,7 +16,7 @@ import cpp import codingstandards.c.misra -import codingstandards.cpp.ConcurrencyNew +import codingstandards.cpp.Concurrency from C11MutexSource mutexCreate, ThreadedFunction thread where diff --git a/c/misra/src/rules/RULE-22-14/MutexNotInitializedBeforeUse.ql b/c/misra/src/rules/RULE-22-14/MutexNotInitializedBeforeUse.ql index 7df3a2dc4d..f78c25f981 100644 --- a/c/misra/src/rules/RULE-22-14/MutexNotInitializedBeforeUse.ql +++ b/c/misra/src/rules/RULE-22-14/MutexNotInitializedBeforeUse.ql @@ -16,7 +16,7 @@ import cpp import codingstandards.c.misra import codingstandards.c.Objects -import codingstandards.cpp.ConcurrencyNew +import codingstandards.cpp.Concurrency import codingstandards.cpp.Type import codingstandards.c.initialization.GlobalInitializationAnalysis diff --git a/c/misra/src/rules/RULE-22-15/ThreadResourceDisposedBeforeThreadsJoined.ql b/c/misra/src/rules/RULE-22-15/ThreadResourceDisposedBeforeThreadsJoined.ql index 9f06f441d1..ec4631ef1b 100644 --- a/c/misra/src/rules/RULE-22-15/ThreadResourceDisposedBeforeThreadsJoined.ql +++ b/c/misra/src/rules/RULE-22-15/ThreadResourceDisposedBeforeThreadsJoined.ql @@ -16,7 +16,7 @@ import cpp import codingstandards.c.misra import codingstandards.c.SubObjects -import codingstandards.cpp.ConcurrencyNew +import codingstandards.cpp.Concurrency newtype TThreadKind = TSpawned(C11ThreadCreateCall tcc) or diff --git a/c/misra/src/rules/RULE-22-17/InvalidOperationOnUnlockedMutex.ql b/c/misra/src/rules/RULE-22-17/InvalidOperationOnUnlockedMutex.ql index f2bb0a519c..d85183a831 100644 --- a/c/misra/src/rules/RULE-22-17/InvalidOperationOnUnlockedMutex.ql +++ b/c/misra/src/rules/RULE-22-17/InvalidOperationOnUnlockedMutex.ql @@ -16,7 +16,7 @@ import cpp import codingstandards.c.misra import codingstandards.c.SubObjects -import codingstandards.cpp.ConcurrencyNew +import codingstandards.cpp.Concurrency import codingstandards.cpp.dominance.BehavioralSet /* A call to mtx_unlock() or cnd_wait() or cnd_timedwait(), which require a locked mutex */ diff --git a/c/misra/src/rules/RULE-22-18/NonRecursiveMutexRecursivelyLocked.ql b/c/misra/src/rules/RULE-22-18/NonRecursiveMutexRecursivelyLocked.ql index c1ace4489b..17762b3eee 100644 --- a/c/misra/src/rules/RULE-22-18/NonRecursiveMutexRecursivelyLocked.ql +++ b/c/misra/src/rules/RULE-22-18/NonRecursiveMutexRecursivelyLocked.ql @@ -16,7 +16,7 @@ import cpp import codingstandards.c.misra import codingstandards.c.SubObjects -import codingstandards.cpp.ConcurrencyNew +import codingstandards.cpp.Concurrency import codingstandards.cpp.Type from diff --git a/c/misra/src/rules/RULE-22-18/NonRecursiveMutexRecursivelyLockedAudit.ql b/c/misra/src/rules/RULE-22-18/NonRecursiveMutexRecursivelyLockedAudit.ql index 1df7c03825..7e002585b6 100644 --- a/c/misra/src/rules/RULE-22-18/NonRecursiveMutexRecursivelyLockedAudit.ql +++ b/c/misra/src/rules/RULE-22-18/NonRecursiveMutexRecursivelyLockedAudit.ql @@ -18,7 +18,7 @@ import cpp import codeql.util.Boolean import codingstandards.c.misra import codingstandards.c.SubObjects -import codingstandards.cpp.ConcurrencyNew +import codingstandards.cpp.Concurrency import codingstandards.cpp.Type predicate isTrackableMutex(CMutexFunctionCall lockCall, Boolean recursive) { diff --git a/c/misra/src/rules/RULE-22-19/ConditionVariableUsedWithMultipleMutexes.ql b/c/misra/src/rules/RULE-22-19/ConditionVariableUsedWithMultipleMutexes.ql index ce05c2dc74..0d5aa5399f 100644 --- a/c/misra/src/rules/RULE-22-19/ConditionVariableUsedWithMultipleMutexes.ql +++ b/c/misra/src/rules/RULE-22-19/ConditionVariableUsedWithMultipleMutexes.ql @@ -16,7 +16,7 @@ import cpp import codingstandards.c.misra import codingstandards.c.SubObjects -import codingstandards.cpp.ConcurrencyNew +import codingstandards.cpp.Concurrency bindingset[cond, mutex] int countMutexesForConditionVariable(SubObject cond, SubObject mutex) { diff --git a/c/misra/src/rules/RULE-22-20/ThreadStorageNotInitializedBeforeUse.ql b/c/misra/src/rules/RULE-22-20/ThreadStorageNotInitializedBeforeUse.ql index 9a9d924247..1edf4aa9c3 100644 --- a/c/misra/src/rules/RULE-22-20/ThreadStorageNotInitializedBeforeUse.ql +++ b/c/misra/src/rules/RULE-22-20/ThreadStorageNotInitializedBeforeUse.ql @@ -16,7 +16,7 @@ import cpp import codingstandards.c.misra import codingstandards.c.Objects -import codingstandards.cpp.ConcurrencyNew +import codingstandards.cpp.Concurrency import codingstandards.cpp.Type import codingstandards.c.initialization.GlobalInitializationAnalysis diff --git a/c/misra/src/rules/RULE-22-20/ThreadStoragePointerInitializedInsideThread.ql b/c/misra/src/rules/RULE-22-20/ThreadStoragePointerInitializedInsideThread.ql index 4b7c64d914..3c40ea7116 100644 --- a/c/misra/src/rules/RULE-22-20/ThreadStoragePointerInitializedInsideThread.ql +++ b/c/misra/src/rules/RULE-22-20/ThreadStoragePointerInitializedInsideThread.ql @@ -16,7 +16,7 @@ import cpp import codingstandards.c.misra -import codingstandards.cpp.ConcurrencyNew +import codingstandards.cpp.Concurrency from TSSCreateFunctionCall tssCreate, ThreadedFunction thread where diff --git a/cpp/cert/src/rules/CON56-CPP/DoNotSpeculativelyLockALockedNonRecursiveMutex.ql b/cpp/cert/src/rules/CON56-CPP/DoNotSpeculativelyLockALockedNonRecursiveMutex.ql index a462e60edb..67edf2fc22 100644 --- a/cpp/cert/src/rules/CON56-CPP/DoNotSpeculativelyLockALockedNonRecursiveMutex.ql +++ b/cpp/cert/src/rules/CON56-CPP/DoNotSpeculativelyLockALockedNonRecursiveMutex.ql @@ -19,7 +19,7 @@ import cpp import codingstandards.cpp.cert -import codingstandards.cpp.ConcurrencyNew +import codingstandards.cpp.Concurrency from LockProtectedControlFlowNode n where diff --git a/cpp/cert/src/rules/CON56-CPP/LockedALockedNonRecursiveMutexAudit.ql b/cpp/cert/src/rules/CON56-CPP/LockedALockedNonRecursiveMutexAudit.ql index 99ad966efa..09ec2fa3d5 100644 --- a/cpp/cert/src/rules/CON56-CPP/LockedALockedNonRecursiveMutexAudit.ql +++ b/cpp/cert/src/rules/CON56-CPP/LockedALockedNonRecursiveMutexAudit.ql @@ -19,7 +19,7 @@ import cpp import codingstandards.cpp.cert -import codingstandards.cpp.ConcurrencyNew +import codingstandards.cpp.Concurrency from LockProtectedControlFlowNode n where diff --git a/cpp/common/src/codingstandards/cpp/concurrency/LockingOperation.qll b/cpp/common/src/codingstandards/cpp/concurrency/LockingOperation.qll index cfa263792e..9a1e77a6f2 100644 --- a/cpp/common/src/codingstandards/cpp/concurrency/LockingOperation.qll +++ b/cpp/common/src/codingstandards/cpp/concurrency/LockingOperation.qll @@ -1,5 +1,5 @@ import cpp -private import semmle.code.cpp.dataflow.TaintTracking +private import semmle.code.cpp.dataflow.new.TaintTracking abstract class LockingOperation extends FunctionCall { /** diff --git a/cpp/common/src/codingstandards/cpp/concurrency/ThreadDependentMutex.qll b/cpp/common/src/codingstandards/cpp/concurrency/ThreadDependentMutex.qll index f86e94566f..c761e2b1be 100644 --- a/cpp/common/src/codingstandards/cpp/concurrency/ThreadDependentMutex.qll +++ b/cpp/common/src/codingstandards/cpp/concurrency/ThreadDependentMutex.qll @@ -1,5 +1,5 @@ import cpp -import semmle.code.cpp.dataflow.TaintTracking +import semmle.code.cpp.dataflow.new.TaintTracking private import codingstandards.cpp.concurrency.ControlFlow private import codingstandards.cpp.concurrency.ThreadedFunction diff --git a/cpp/common/src/codingstandards/cpp/concurrency/ThreadSpecificStorage.qll b/cpp/common/src/codingstandards/cpp/concurrency/ThreadSpecificStorage.qll index aa7daf972c..6dcb169250 100644 --- a/cpp/common/src/codingstandards/cpp/concurrency/ThreadSpecificStorage.qll +++ b/cpp/common/src/codingstandards/cpp/concurrency/ThreadSpecificStorage.qll @@ -1,5 +1,5 @@ import cpp -private import semmle.code.cpp.dataflow.DataFlow +private import semmle.code.cpp.dataflow.new.DataFlow private import codingstandards.cpp.concurrency.ThreadCreation /** diff --git a/cpp/common/src/codingstandards/cpp/rules/guardaccesstobitfields/GuardAccessToBitFields.qll b/cpp/common/src/codingstandards/cpp/rules/guardaccesstobitfields/GuardAccessToBitFields.qll index 8bac7e15ee..5b03a4f8bd 100644 --- a/cpp/common/src/codingstandards/cpp/rules/guardaccesstobitfields/GuardAccessToBitFields.qll +++ b/cpp/common/src/codingstandards/cpp/rules/guardaccesstobitfields/GuardAccessToBitFields.qll @@ -6,7 +6,7 @@ import cpp import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions -import codingstandards.cpp.ConcurrencyNew +import codingstandards.cpp.Concurrency abstract class GuardAccessToBitFieldsSharedQuery extends Query { } diff --git a/cpp/common/src/codingstandards/cpp/rules/joinordetachthreadonlyonce/JoinOrDetachThreadOnlyOnce.qll b/cpp/common/src/codingstandards/cpp/rules/joinordetachthreadonlyonce/JoinOrDetachThreadOnlyOnce.qll index 4b09e85873..5ccbe83c72 100644 --- a/cpp/common/src/codingstandards/cpp/rules/joinordetachthreadonlyonce/JoinOrDetachThreadOnlyOnce.qll +++ b/cpp/common/src/codingstandards/cpp/rules/joinordetachthreadonlyonce/JoinOrDetachThreadOnlyOnce.qll @@ -7,7 +7,7 @@ import cpp import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions -import codingstandards.cpp.ConcurrencyNew +import codingstandards.cpp.Concurrency abstract class JoinOrDetachThreadOnlyOnceSharedQuery extends Query { } diff --git a/cpp/common/src/codingstandards/cpp/rules/preservesafetywhenusingconditionvariables/PreserveSafetyWhenUsingConditionVariables.qll b/cpp/common/src/codingstandards/cpp/rules/preservesafetywhenusingconditionvariables/PreserveSafetyWhenUsingConditionVariables.qll index 0851fe980a..94d9d201c4 100644 --- a/cpp/common/src/codingstandards/cpp/rules/preservesafetywhenusingconditionvariables/PreserveSafetyWhenUsingConditionVariables.qll +++ b/cpp/common/src/codingstandards/cpp/rules/preservesafetywhenusingconditionvariables/PreserveSafetyWhenUsingConditionVariables.qll @@ -6,7 +6,7 @@ import cpp import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions -import codingstandards.cpp.ConcurrencyNew +import codingstandards.cpp.Concurrency abstract class PreserveSafetyWhenUsingConditionVariablesSharedQuery extends Query { } diff --git a/cpp/common/src/codingstandards/cpp/rules/preventdeadlockbylockinginpredefinedorder/PreventDeadlockByLockingInPredefinedOrder.qll b/cpp/common/src/codingstandards/cpp/rules/preventdeadlockbylockinginpredefinedorder/PreventDeadlockByLockingInPredefinedOrder.qll index 25e169b139..db755293c6 100644 --- a/cpp/common/src/codingstandards/cpp/rules/preventdeadlockbylockinginpredefinedorder/PreventDeadlockByLockingInPredefinedOrder.qll +++ b/cpp/common/src/codingstandards/cpp/rules/preventdeadlockbylockinginpredefinedorder/PreventDeadlockByLockingInPredefinedOrder.qll @@ -6,7 +6,7 @@ import cpp import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions -import codingstandards.cpp.ConcurrencyNew +import codingstandards.cpp.Concurrency import semmle.code.cpp.controlflow.Dominance abstract class PreventDeadlockByLockingInPredefinedOrderSharedQuery extends Query { } diff --git a/cpp/common/src/codingstandards/cpp/rules/wrapspuriousfunctioninloop/WrapSpuriousFunctionInLoop.qll b/cpp/common/src/codingstandards/cpp/rules/wrapspuriousfunctioninloop/WrapSpuriousFunctionInLoop.qll index 382cda1ae8..99bdbeee5d 100644 --- a/cpp/common/src/codingstandards/cpp/rules/wrapspuriousfunctioninloop/WrapSpuriousFunctionInLoop.qll +++ b/cpp/common/src/codingstandards/cpp/rules/wrapspuriousfunctioninloop/WrapSpuriousFunctionInLoop.qll @@ -6,7 +6,7 @@ import cpp import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions -import codingstandards.cpp.ConcurrencyNew +import codingstandards.cpp.Concurrency abstract class WrapSpuriousFunctionInLoopSharedQuery extends Query { }