Merge branch 'main' into michaelrfairhurst/preconditions-rule-22-3-1-no-asserts-on-constants

Author: MichaelRFairhurst

.github/workflows/code-scanning-pack-gen.yml

@@ -111,7 +111,7 @@ jobs:
           zip -r codeql-coding-standards/code-scanning-cpp-query-pack.zip codeql-coding-standards/c/ codeql-coding-standards/cpp/ codeql-coding-standards/.codeqlmanifest.json codeql-coding-standards/supported_codeql_configs.json codeql-coding-standards/scripts/configuration codeql-coding-standards/scripts/reports codeql-coding-standards/scripts/shared codeql-coding-standards/scripts/guideline_recategorization codeql-coding-standards/schemas
 
       - name: Upload GHAS Query Pack
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: code-scanning-cpp-query-pack.zip
           path: code-scanning-cpp-query-pack.zip
@@ -132,7 +132,7 @@ jobs:
           codeql pack bundle --output=report-coding-standards.tgz cpp/report/src
 
       - name: Upload qlpack bundles
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: coding-standards-codeql-packs
           path: '*-coding-standards.tgz'

.github/workflows/codeql_unit_tests.yml

@@ -153,7 +153,7 @@ jobs:
               file.close()
 
       - name: Upload test results
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: ${{ matrix.language }}-test-results-${{ runner.os }}-${{ matrix.codeql_cli }}-${{ matrix.codeql_standard_library_ident }}
           path: |
@@ -173,7 +173,7 @@ jobs:
           script: |
             core.setFailed('Test run job failed')
       - name: Collect test results
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v8
 
       - name: Validate test results
         run: |

.github/workflows/extra-rule-validation.yml

@@ -46,13 +46,13 @@ jobs:
         run: scripts/util/Test-SharedImplementationsHaveTestCases.ps1 -Language c -CIMode
 
 
-      - uses: actions/upload-artifact@v6
+      - uses: actions/upload-artifact@v7
         if: failure()
         with:
           name: missing-test-report.csv
           path: MissingTestReport*.csv
 
-      - uses: actions/upload-artifact@v6
+      - uses: actions/upload-artifact@v7
         if: failure()
         with:
           name: test-report.csv

.github/workflows/generate-html-docs.yml

@@ -37,7 +37,7 @@ jobs:
           python scripts/documentation/generate_iso26262_docs.py coding-standards-html-docs
 
       - name: Upload HTML documentation
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: coding-standards-docs-${{ github.sha }}
           path: coding-standards-html-docs/

.github/workflows/standard_library_upgrade_tests.yml

@@ -145,7 +145,7 @@ jobs:
               }, test_summary_file)
 
       - name: Upload test results
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: test-results-${{runner.os}}-${{matrix.codeql_cli}}-${{matrix.codeql_standard_library_ident}}
           path: |
@@ -164,7 +164,7 @@ jobs:
           python-version: "3.9"
 
       - name: Collect test results
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v8
 
       - name: Validate test results
         shell: python

cpp/common/src/codingstandards/cpp/Macro.qll

@@ -26,6 +26,49 @@ class FunctionLikeMacro extends Macro {
       exists(this.getBody().regexpFind("\\#?\\b" + parameter + "\\b", _, result))
     )
   }
+
+  /**
+   * Holds if the parameter is used in a way that may make it vulnerable to precedence issues.
+   *
+   * Typically, parameters are wrapped in parentheses to protect them from precedence issues, but
+   * that is not always possible.
+   */
+  predicate parameterPrecedenceUnprotected(int index) {
+    // Check if the parameter is used in a way that requires parentheses
+    exists(string parameter | parameter = getParameter(index) |
+      // Finds any occurence of the parameter that is not preceded by, or followed by, either a
+      // parenthesis or the '#' token operator.
+      //
+      // Note the following cases:
+      // - "(x + 1)" is preceded by a parenthesis, but not followed by one, so SHOULD be matched.
+      // - "x # 1" is followed by "#" (though not preceded by #) and SHOULD be matched.
+      // - "(1 + x)" is followed by a parenthesis, but not preceded by one, so SHOULD be matched.
+      // - "1 # x" is preceded by "#" (though not followed by #) and SHOULD NOT be matched.
+      //
+      // So the regex is structured as follows:
+      // - paramMatch: Matches the parameter at a word boundary, with optional whitespace
+      // - notHashed: Finds parameters not used with a leading # operator.
+      // - The final regex finds cases of `notHashed` that are not preceded by a parenthesis,
+      //   and cases of `notHashed` that are not followed by a parenthesis.
+      //
+      // Therefore, a parameter with parenthesis on both sides is not matched, a parameter with
+      // parenthesis missing on one or both sides is only matched if there is no leading or trailing
+      // ## operator.
+      exists(string noBeforeParen, string noAfterParen, string paramMatch, string notHashed |
+        // Not preceded by a parenthesis
+        noBeforeParen = "(?<!\\(\\s*)" and
+        // Not followed by a parenthesis
+        noAfterParen = "(?!\\s*\\))" and
+        // Parameter at word boundary in optional whitespace
+        paramMatch = "\\s*\\b" + parameter + "\\b\\s*" and
+        // A parameter is #'d if it is preceded or followed by the # or ## operators.
+        notHashed = "(?<!#)" + paramMatch and
+        // Parameter is used without a leading or trailing parenthesis, and without #.
+        getBody()
+            .regexpMatch(".*(" + noBeforeParen + notHashed + "|" + notHashed + noAfterParen + ").*")
+      )
+    )
+  }
 }
 
 newtype TMacroOperator =

cpp/common/src/codingstandards/cpp/MatchingParenthesis.qll

@@ -61,7 +61,7 @@ module MatchingParenthesis<InputString Input> {
           occurrence = prevOccurrence + 1
         ) else (
           token = TNotParen() and
-          exists(inputStr.regexpFind("\\(|\\)", prevOccurrence + 1, endPos)) and
+          exists(inputStr.regexpFind("\\(|\\)|$", prevOccurrence + 1, endPos)) and
           occurrence = prevOccurrence
         )
       )

cpp/common/src/codingstandards/cpp/exclusions/cpp/Preprocessor2.qll

@@ -0,0 +1,61 @@
+//** THIS FILE IS AUTOGENERATED, DO NOT MODIFY DIRECTLY.  **/
+import cpp
+import RuleMetadata
+import codingstandards.cpp.exclusions.RuleMetadata
+
+newtype Preprocessor2Query =
+  TInvalidIncludeDirectiveQuery() or
+  TUnparenthesizedMacroArgumentQuery() or
+  TDisallowedUseOfPragmaQuery()
+
+predicate isPreprocessor2QueryMetadata(Query query, string queryId, string ruleId, string category) {
+  query =
+    // `Query` instance for the `invalidIncludeDirective` query
+    Preprocessor2Package::invalidIncludeDirectiveQuery() and
+  queryId =
+    // `@id` for the `invalidIncludeDirective` query
+    "cpp/misra/invalid-include-directive" and
+  ruleId = "RULE-19-2-2" and
+  category = "required"
+  or
+  query =
+    // `Query` instance for the `unparenthesizedMacroArgument` query
+    Preprocessor2Package::unparenthesizedMacroArgumentQuery() and
+  queryId =
+    // `@id` for the `unparenthesizedMacroArgument` query
+    "cpp/misra/unparenthesized-macro-argument" and
+  ruleId = "RULE-19-3-4" and
+  category = "required"
+  or
+  query =
+    // `Query` instance for the `disallowedUseOfPragma` query
+    Preprocessor2Package::disallowedUseOfPragmaQuery() and
+  queryId =
+    // `@id` for the `disallowedUseOfPragma` query
+    "cpp/misra/disallowed-use-of-pragma" and
+  ruleId = "RULE-19-6-1" and
+  category = "advisory"
+}
+
+module Preprocessor2Package {
+  Query invalidIncludeDirectiveQuery() {
+    //autogenerate `Query` type
+    result =
+      // `Query` type for `invalidIncludeDirective` query
+      TQueryCPP(TPreprocessor2PackageQuery(TInvalidIncludeDirectiveQuery()))
+  }
+
+  Query unparenthesizedMacroArgumentQuery() {
+    //autogenerate `Query` type
+    result =
+      // `Query` type for `unparenthesizedMacroArgument` query
+      TQueryCPP(TPreprocessor2PackageQuery(TUnparenthesizedMacroArgumentQuery()))
+  }
+
+  Query disallowedUseOfPragmaQuery() {
+    //autogenerate `Query` type
+    result =
+      // `Query` type for `disallowedUseOfPragma` query
+      TQueryCPP(TPreprocessor2PackageQuery(TDisallowedUseOfPragmaQuery()))
+  }
+}

cpp/common/src/codingstandards/cpp/exclusions/cpp/RuleMetadata.qll

@@ -68,6 +68,7 @@ import Preconditions1
 import Preconditions3
 import Preconditions4
 import Preprocessor
+import Preprocessor2
 import Representation
 import Scope
 import SideEffects1
@@ -155,6 +156,7 @@ newtype TCPPQuery =
   TPreconditions3PackageQuery(Preconditions3Query q) or
   TPreconditions4PackageQuery(Preconditions4Query q) or
   TPreprocessorPackageQuery(PreprocessorQuery q) or
+  TPreprocessor2PackageQuery(Preprocessor2Query q) or
   TRepresentationPackageQuery(RepresentationQuery q) or
   TScopePackageQuery(ScopeQuery q) or
   TSideEffects1PackageQuery(SideEffects1Query q) or
@@ -242,6 +244,7 @@ predicate isQueryMetadata(Query query, string queryId, string ruleId, string cat
   isPreconditions3QueryMetadata(query, queryId, ruleId, category) or
   isPreconditions4QueryMetadata(query, queryId, ruleId, category) or
   isPreprocessorQueryMetadata(query, queryId, ruleId, category) or
+  isPreprocessor2QueryMetadata(query, queryId, ruleId, category) or
   isRepresentationQueryMetadata(query, queryId, ruleId, category) or
   isScopeQueryMetadata(query, queryId, ruleId, category) or
   isSideEffects1QueryMetadata(query, queryId, ruleId, category) or

cpp/misra/src/rules/RULE-19-2-2/InvalidIncludeDirective.ql

@@ -0,0 +1,24 @@
+/**
+ * @id cpp/misra/invalid-include-directive
+ * @name RULE-19-2-2: The #include directive shall be followed by either a <filename> or "filename" sequence
+ * @description Include directives shall only use the <filename> or "filename" forms.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity warning
+ * @tags external/misra/id/rule-19-2-2
+ *       scope/single-translation-unit
+ *       maintainability
+ *       readability
+ *       external/misra/enforcement/decidable
+ *       external/misra/obligation/required
+ */
+
+import cpp
+import codingstandards.cpp.misra
+
+from Include include
+where
+  not isExcluded(include, Preprocessor2Package::invalidIncludeDirectiveQuery()) and
+  // Check for < followed by (not >)+ followed by >, or " followed by (not ")+ followed by ".
+  not include.getIncludeText().trim().regexpMatch("^(<[^>]+>|\"[^\"]+\")$")
+select include, "Non-compliant #include directive text '" + include.getHead() + "'."