Merge branch 'main' into lcartey/2.19.4-perf-improvements

Author: knewbury01

.github/workflows/upgrade_codeql_dependencies.yml

@@ -53,7 +53,7 @@ jobs:
           find c \( -name '*.ql' -or -name '*.qll' \) -print0 | xargs -0 --max-procs "$XARGS_MAX_PROCS" codeql query format --in-place
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6
+        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
         with:
           title: "Upgrade `github/codeql` dependency to ${{ github.event.inputs.codeql_cli_version }}"
           body: |

amendments.csv

@@ -11,21 +11,21 @@ c,MISRA-C-2012,Amendment3,RULE-10-7,Yes,Refine,Yes,Import
 c,MISRA-C-2012,Amendment3,RULE-10-8,Yes,Refine,Yes,Import
 c,MISRA-C-2012,Amendment3,RULE-21-11,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Amendment3,RULE-21-12,Yes,Replace,No,Easy
-c,MISRA-C-2012,Amendment4,RULE-11-3,Yes,Expand,No,Easy
-c,MISRA-C-2012,Amendment4,RULE-11-8,Yes,Expand,No,Easy
-c,MISRA-C-2012,Amendment4,RULE-13-2,Yes,Expand,No,Very Hard
+c,MISRA-C-2012,Amendment4,RULE-11-3,Yes,Expand,Yes,Easy
+c,MISRA-C-2012,Amendment4,RULE-11-8,Yes,Expand,Yes,Easy
+c,MISRA-C-2012,Amendment4,RULE-13-2,Yes,Expand,Yes,Very Hard
 c,MISRA-C-2012,Amendment4,RULE-18-6,Yes,Expand,No,Medium
 c,MISRA-C-2012,Amendment4,RULE-18-8,Yes,Split,Yes,Easy
 c,MISRA-C-2012,Amendment4,RULE-2-2,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Amendment4,RULE-2-7,Yes,Clarification,Yes,Import
-c,MISRA-C-2012,Amendment4,RULE-3-1,Yes,Refine,No,Easy
+c,MISRA-C-2012,Amendment4,RULE-3-1,Yes,Refine,Yes,Easy
 c,MISRA-C-2012,Amendment4,RULE-8-6,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Amendment4,RULE-8-9,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Amendment4,RULE-9-4,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Amendment4,RULE-10-1,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Amendment4,RULE-18-3,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Amendment4,RULE-1-4,Yes,Replace,No,Easy
-c,MISRA-C-2012,Amendment4,RULE-9-1,Yes,Refine,No,Easy
+c,MISRA-C-2012,Amendment4,RULE-9-1,Yes,Refine,Yes,Easy
 c,MISRA-C-2012,Amendment4,RULE-9-2,Yes,Refine,No,Import
 c,MISRA-C-2012,Corrigendum2,DIR-4-10,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Corrigendum2,RULE-7-4,Yes,Refine,No,Easy

c/cert/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cert-c-coding-standards
-version: 2.42.0-dev
+version: 2.43.0-dev
 description: CERT C 2016
 suites: codeql-suites
 license: MIT

c/cert/test/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cert-c-coding-standards-tests
-version: 2.42.0-dev
+version: 2.43.0-dev
 extractor: cpp
 license: MIT
 dependencies:

c/common/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/common-c-coding-standards
-version: 2.42.0-dev
+version: 2.43.0-dev
 license: MIT
 dependencies:
   codeql/common-cpp-coding-standards: '*'

c/common/test/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/common-c-coding-standards-tests
-version: 2.42.0-dev
+version: 2.43.0-dev
 extractor: cpp
 license: MIT
 dependencies:

c/common/test/rules/readofuninitializedmemory/test.c

@@ -94,4 +94,6 @@ void test_non_default_init() {
   static struct A ss;
   use_struct_A(
       ss); // COMPLIANT - static struct type variables are zero initialized
+  _Atomic int x;
+  use_int(x); // COMPLIANT - atomics are special, covered by other rules
 }

c/misra/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/misra-c-coding-standards
-version: 2.42.0-dev
+version: 2.43.0-dev
 description: MISRA C 2012
 suites: codeql-suites
 license: MIT

c/misra/src/rules/RULE-11-10/AtomicQualifierAppliedToVoid.ql

@@ -0,0 +1,55 @@
+/**
+ * @id c/misra/atomic-qualifier-applied-to-void
+ * @name RULE-11-10: The _Atomic qualifier shall not be applied to the incomplete type void
+ * @description Conversions between types by using an _Atomic void type may result in undefined
+ *              behavior.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity error
+ * @tags external/misra/id/rule-11-10
+ *       correctness
+ *       external/misra/c/2012/third-edition-first-revision
+ *       external/misra/c/2012/amendment4
+ *       external/misra/obligation/required
+ */
+
+import cpp
+import codingstandards.c.misra
+
+class AtomicVoidType extends Type {
+  AtomicVoidType() {
+    hasSpecifier("atomic") and
+    getUnspecifiedType() instanceof VoidType
+  }
+}
+
+predicate usesAtomicVoid(Type root) {
+  root instanceof AtomicVoidType
+  or
+  usesAtomicVoid(root.(DerivedType).getBaseType())
+  or
+  usesAtomicVoid(root.(RoutineType).getReturnType())
+  or
+  usesAtomicVoid(root.(RoutineType).getAParameterType())
+  or
+  usesAtomicVoid(root.(FunctionPointerType).getReturnType())
+  or
+  usesAtomicVoid(root.(FunctionPointerType).getAParameterType())
+  or
+  usesAtomicVoid(root.(TypedefType).getBaseType())
+}
+
+class ExplicitType extends Type {
+  Element getDeclaration(string description) {
+    result.(DeclarationEntry).getType() = this and description = result.(DeclarationEntry).getName()
+    or
+    result.(CStyleCast).getType() = this and description = "Cast"
+  }
+}
+
+from Element decl, ExplicitType explicitType, string elementDescription
+where
+  not isExcluded(decl, Declarations9Package::atomicQualifierAppliedToVoidQuery()) and
+  decl = explicitType.getDeclaration(elementDescription) and
+  usesAtomicVoid(explicitType)
+select decl, elementDescription + " declared with an atomic void type."

c/misra/src/rules/RULE-11-3/CastBetweenObjectPointerAndDifferentObjectType.ql

@@ -23,7 +23,11 @@ where
   baseTypeFrom = cast.getExpr().getType().(PointerToObjectType).getBaseType() and
   baseTypeTo = cast.getType().(PointerToObjectType).getBaseType() and
   // exception: cast to a char, signed char, or unsigned char is permitted
-  not baseTypeTo.stripType() instanceof CharType and
+  not (
+    baseTypeTo.stripType() instanceof CharType and
+    // Exception does not apply to _Atomic types
+    not baseTypeFrom.hasSpecifier("atomic")
+  ) and
   (
     (
       baseTypeFrom.isVolatile() and not baseTypeTo.isVolatile()

c/misra/src/rules/RULE-11-8/CastRemovesConstOrVolatileQualification.ql

@@ -24,5 +24,9 @@ where
     baseTypeFrom.isVolatile() and not baseTypeTo.isVolatile() and qualificationName = "volatile"
     or
     baseTypeFrom.isConst() and not baseTypeTo.isConst() and qualificationName = "const"
+    or
+    baseTypeFrom.hasSpecifier("atomic") and
+    not baseTypeTo.hasSpecifier("atomic") and
+    qualificationName = "atomic"
   )
 select cast, "Cast of pointer removes " + qualificationName + " qualification from its base type."

c/misra/src/rules/RULE-13-2/UnsequencedAtomicReads.ql

@@ -0,0 +1,91 @@
+/**
+ * @id c/misra/unsequenced-atomic-reads
+ * @name RULE-13-2: The value of an atomic variable shall not depend on the evaluation order of interleaved threads
+ * @description The value of an atomic variable shall not depend on evaluation order and
+ *              interleaving of threads.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity error
+ * @tags external/misra/id/rule-13-2
+ *       correctness
+ *       external/misra/c/2012/amendment3
+ *       external/misra/obligation/required
+ */
+
+import cpp
+import semmle.code.cpp.dataflow.TaintTracking
+import codingstandards.c.misra
+import codingstandards.c.Ordering
+import codingstandards.c.orderofevaluation.VariableAccessOrdering
+
+class AtomicAccessInFullExpressionOrdering extends Ordering::Configuration {
+  AtomicAccessInFullExpressionOrdering() { this = "AtomicAccessInFullExpressionOrdering" }
+
+  override predicate isCandidate(Expr e1, Expr e2) {
+    exists(AtomicVariableAccess a, AtomicVariableAccess b, FullExpr e | a = e1 and b = e2 |
+      a.getTarget() = b.getTarget() and
+      a.(ConstituentExpr).getFullExpr() = e and
+      b.(ConstituentExpr).getFullExpr() = e and
+      not a = b
+    )
+  }
+}
+
+/**
+ * A read of a variable specified as `_Atomic`.
+ *
+ * Note, it may be accessed directly, or by passing its address into the std atomic functions.
+ */
+class AtomicVariableAccess extends VariableAccess {
+  AtomicVariableAccess() { getTarget().getType().hasSpecifier("atomic") }
+
+  /* Get the `atomic_<read|write>()` call this VarAccess occurs in. */
+  FunctionCall getAtomicFunctionCall() {
+    exists(AddressOfExpr addrParent, FunctionCall fc |
+      fc.getTarget().getName().matches("__c11_atomic%") and
+      addrParent = fc.getArgument(0) and
+      addrParent.getAnOperand() = this and
+      result = fc
+    )
+  }
+
+  /**
+   * Gets an assigned expr, either in the form `x = <result>` or `atomic_store(&x, <result>)`.
+   */
+  Expr getAnAssignedExpr() {
+    result = getAtomicFunctionCall().getArgument(1)
+    or
+    exists(AssignExpr assign |
+      assign.getLValue() = this and
+      result = assign.getRValue()
+    )
+  }
+
+  /**
+   * Gets the expression holding this variable access, either in the form `x` or `atomic_read(&x)`.
+   */
+  Expr getARead() {
+    result = getAtomicFunctionCall()
+    or
+    result = this
+  }
+}
+
+from
+  AtomicAccessInFullExpressionOrdering config, FullExpr e, Variable v, AtomicVariableAccess va1,
+  AtomicVariableAccess va2
+where
+  not isExcluded(e, SideEffects3Package::unsequencedAtomicReadsQuery()) and
+  e = va1.(ConstituentExpr).getFullExpr() and
+  config.isUnsequenced(va1, va2) and
+  v = va1.getTarget() and
+  v = va2.getTarget() and
+  // Exclude cases where the variable is assigned a value tainted by the other variable access.
+  not exists(Expr write |
+    write = va1.getAnAssignedExpr() and
+    TaintTracking::localTaint(DataFlow::exprNode(va2.getARead()), DataFlow::exprNode(write))
+  ) and
+  // Impose an ordering, show the first access.
+  va1.getLocation().isBefore(va2.getLocation(), _)
+select e, "Atomic variable $@ has a $@ that is unsequenced with $@.", v, v.getName(), va1,
+  "previous read", va2, "another read"

c/misra/src/rules/RULE-3-1/CharacterSequencesAndUsedWithinAComment.ql

@@ -16,27 +16,38 @@
 import cpp
 import codingstandards.c.misra
 
-class IllegalCCommentCharacter extends string {
-  IllegalCCommentCharacter() {
-    this = "/*" or
-    this = "//"
-  }
+/* Character sequence is banned from all comment types */
+class IllegalCommentSequence extends string {
+  IllegalCommentSequence() { this = "/*" }
 }
 
-class IllegalCPPCommentCharacter extends string {
-  IllegalCPPCommentCharacter() { this = "/*" }
+/* A regexp to check for illegal C-style comments */
+class IllegalCCommentRegexp extends string {
+  IllegalCCommentRegexp() {
+    // Regexp to match "//" in C-style comments, which do not appear to be URLs. General format
+    // uses negative lookahead/lookbehind to match like `.*(?<!HTTP:)//(?!GITHUB.).*`. Broken down
+    // into parts:
+    //  - `.*PATTERN.*` - look for the pattern anywhere in the comment.
+    //  - `(?<![a-zA-Z]:)` - negative lookbehind, exclude "http://github.com" by seeing "p:".
+    //  - `//` - the actual illegal sequence.
+    //  - `(?!(pattern))` - negative lookahead, exclude "http://github.com" by seeing "github.".
+    //  - `[a-zA-Z0-9\\-]+\\\\.` - Assume alphanumeric/hyphen followed by '.' is a domain name.
+    this = ".*(?<![a-zA-Z]:)//(?![a-zA-Z0-9\\-]+\\\\.).*"
+  }
+
+  string getDescription() { result = "//" }
 }
 
 from Comment comment, string illegalSequence
 where
   not isExcluded(comment, SyntaxPackage::characterSequencesAndUsedWithinACommentQuery()) and
   (
-    exists(IllegalCCommentCharacter c | illegalSequence = c |
-      comment.(CStyleComment).getContents().indexOf(illegalSequence) > 0
+    exists(IllegalCommentSequence c | illegalSequence = c |
+      comment.getContents().indexOf(illegalSequence) > 1
     )
     or
-    exists(IllegalCPPCommentCharacter c | illegalSequence = c |
-      comment.(CppStyleComment).getContents().indexOf(illegalSequence) > 0
+    exists(IllegalCCommentRegexp c | illegalSequence = c.getDescription() |
+      comment.(CStyleComment).getContents().regexpMatch(c)
     )
   )
 select comment, "Comment contains an illegal sequence '" + illegalSequence + "'"

c/misra/src/rules/RULE-8-7/ShouldNotBeDefinedWithExternalLinkage.ql

@@ -40,17 +40,22 @@ predicate isReferencedInTranslationUnit(
   ExternalIdentifiers e, ExternalIdentifierReference r, TranslationUnit t
 ) {
   r.getExternalIdentifierTarget() = e and
-  r.getFile() = t
+  // Used within the translation unit or an included header
+  r.getFile() = t.getAUserFile()
 }
 
 from ExternalIdentifiers e, ExternalIdentifierReference a1, TranslationUnit t1
 where
   not isExcluded(e, Declarations6Package::shouldNotBeDefinedWithExternalLinkageQuery()) and
+  // Only report external identifiers where we see the definition
+  e.hasDefinition() and
   isReferencedInTranslationUnit(e, a1, t1) and
   // Not referenced in any other translation unit
   not exists(TranslationUnit t2 |
     isReferencedInTranslationUnit(e, _, t2) and
     not t1 = t2
-  )
+  ) and
+  // Definition is also in the same translation unit
+  e.getDefinition().getFile() = t1.getAUserFile()
 select e, "Declaration with external linkage is accessed in only one translation unit $@.", a1,
   a1.toString()

c/misra/test/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/misra-c-coding-standards-tests
-version: 2.42.0-dev
+version: 2.43.0-dev
 extractor: cpp
 license: MIT
 dependencies:

c/misra/test/rules/RULE-11-10/AtomicQualifierAppliedToVoid.expected

@@ -0,0 +1,8 @@
+| test.c:3:15:3:16 | definition of g3 | g3 declared with an atomic void type. |
+| test.c:10:17:10:18 | definition of m3 | m3 declared with an atomic void type. |
+| test.c:15:22:15:23 | definition of p2 | p2 declared with an atomic void type. |
+| test.c:20:23:20:24 | declaration of f2 | f2 declared with an atomic void type. |
+| test.c:21:25:21:26 | declaration of f3 | f3 declared with an atomic void type. |
+| test.c:22:14:22:15 | declaration of f4 | f4 declared with an atomic void type. |
+| test.c:23:16:23:17 | declaration of f5 | f5 declared with an atomic void type. |
+| test.c:27:3:27:19 | (_Atomic(void) *)... | Cast declared with an atomic void type. |

c/misra/test/rules/RULE-11-10/AtomicQualifierAppliedToVoid.qlref

@@ -0,0 +1 @@
+rules/RULE-11-10/AtomicQualifierAppliedToVoid.ql

c/misra/test/rules/RULE-11-10/test.c

@@ -0,0 +1,28 @@
+// _Atomic void g1;  // doesn't compile
+_Atomic int g2;   // COMPLIANT
+_Atomic void *g3; // NON_COMPLIANT
+// _Atomic void g4[]; // doesn't compile
+void *_Atomic g5; // COMPLIANT
+
+struct {
+  _Atomic int m1; // COMPLIANT
+  // _Atomic void m2; // doesn't compile
+  _Atomic void *m3; // NON_COMPLIANT
+  void *_Atomic m4; // COMPLIANT
+} s1;
+
+void f(_Atomic int p1,  // COMPLIANT
+       _Atomic void *p2 // NON_COMPLIANT
+       // _Atomic void p3[] // doesn't compile, even though it perhaps should as
+       // it is adjusted to void*.
+) {}
+
+typedef _Atomic void *f2(void);     // NON_COMPLIANT
+typedef _Atomic void *(*f3)(void);  // NON_COMPLIANT
+typedef void f4(_Atomic void *);    // NON_COMPLIANT
+typedef void (*f5)(_Atomic void *); // NON_COMPLIANT
+
+void f6() {
+  (void *)0;         // COMPLIANT
+  (_Atomic void *)0; // NON_COMPLIANT
+}

c/misra/test/rules/RULE-11-3/CastBetweenObjectPointerAndDifferentObjectType.expected

@@ -6,3 +6,7 @@
 | test.c:21:3:21:16 | (int *)... | Cast performed between a pointer to object type (char) and a pointer to a different object type (int). |
 | test.c:22:20:22:21 | (int *)... | Cast performed between a pointer to object type (char) and a pointer to a different object type (int). |
 | test.c:23:3:23:18 | (long long *)... | Cast performed between a pointer to object type (int) and a pointer to a different object type (long long). |
+| test.c:26:3:26:13 | (char *)... | Cast performed between a pointer to object type (_Atomic(int)) and a pointer to a different object type (char). |
+| test.c:27:8:27:10 | (char *)... | Cast performed between a pointer to object type (_Atomic(int)) and a pointer to a different object type (char). |
+| test.c:28:3:28:21 | (_Atomic(char) *)... | Cast performed between a pointer to object type (_Atomic(int)) and a pointer to a different object type (_Atomic(char)). |
+| test.c:29:23:29:25 | (_Atomic(char) *)... | Cast performed between a pointer to object type (_Atomic(int)) and a pointer to a different object type (_Atomic(char)). |

c/misra/test/rules/RULE-11-3/test.c

@@ -21,4 +21,10 @@ void f1(void) {
   (int *const)v2;             // NON_COMPLIANT
   int *const v10 = v2;        // NON_COMPLIANT
   (long long *)v10;           // NON_COMPLIANT
+
+  _Atomic int *v11 = 0;
+  (char *)v11;             // NON_COMPLIANT
+  v2 = v11;                // NON_COMPLIANT
+  (_Atomic char *)v11;     // NON_COMPLIANT
+  _Atomic char *v12 = v11; // NON_COMPLIANT
 }