Skip to content

v2.16.0

Pre-release
Pre-release

Choose a tag to compare

View all tags
@github-actions github-actions released this 31 Mar 17:54
v2.16.0
576499a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Release summary

  • New queries added for the following rule packages: Contracts7, FloatingTypes, IntegerOverflow, InvalidMemory2, Language3, Memory2, Memory3, SideEffects3, SideEffects4, SignalHandlers, StandardLibraryFunctionTypes, Statements1, Statements2, Statements3, Statements4, Statements5, Statements6, Static, Types1
  • The following changes have been made for this release:
    • Rule 20.12 - the performance of this rule has been improved.
    • The performance of the following identifier related rules has been improved:
      • MISRA C 2012 Rule 5.8
      • MISRA C 2012 Rule 8.7
    • M6-6-2: Changed formatting of the alert message.
    • M6-4-2: Changed formatting of alert message.
    • FIO42-C - CloseFilesWhenTheyAreNoLongerNeeded.ql:
      • Parentheses have been added to a resolve previously lacking parentheses in the where clause, such that the exclusion mechanism only functioned for a certain subset of results.
      • The query implementation has been moved to a shared implementation.
    • M5-19-1:
      • Reduce false negatives by fixing a bug where a constant expression was immediately casted to a signed type.
    • M6-4-4 - alert message updated for clarity.
    • A4-7-1 - IntegerExpressionLeadToDataLoss.ql - reduce false positives and false negatives by:
      • Identifying additional categories of valid guard.
      • Excluding guards which were not proven to prevent overflow or underflow.
      • Expand coverage to include unary operations and arithmetic assignment operations.

Supported versions

  • The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
  • The Code Scanning pack is supported when:
    • Using the CodeQL CLI version 2.10.5 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.10.5.
    • Using the CodeQL Action or CodeQL runner with the codeql-bundle-20220908.

Appendix: MISRA-C-2012 new queries

New queries added to cover the following rules:

  • DIR-4-6 - PlainNumericalTypeUsedOverExplicitTypedef.ql
  • RULE-1-2 - LanguageExtensionsShouldNotBeUsed.ql
  • RULE-1-3 - OccurrenceOfUndefinedBehavior.ql
  • RULE-7-4 - StringLiteralAssignedToNonConstChar.ql
  • RULE-12-2 - RightHandOperandOfAShiftRange.ql
  • RULE-12-4 - ConstantUnsignedIntegerExpressionsWrapAround.ql
  • RULE-12-5 - SizeofOperatorUsedOnArrayTypeParam.ql
  • RULE-13-2 - UnsequencedSideEffects.ql
  • RULE-14-2 - ForLoopNotWellFormed.ql
  • RULE-14-3 - ControllingExprInvariant.ql
  • RULE-14-4 - NonBooleanIfCondition.ql, NonBooleanIterationCondition.ql
  • RULE-15-1 - GotoStatementUsed.ql
  • RULE-15-2 - GotoLabelLocationCondition.ql
  • RULE-15-3 - GotoLabelBlockCondition.ql
  • RULE-15-4 - LoopIterationCondition.ql
  • RULE-15-5 - FunctionReturnCondition.ql
  • RULE-15-6 - SwitchCompoundCondition.ql, LoopCompoundCondition.ql, SelectionCompoundCondition.ql
  • RULE-15-7 - IfElseEndCondition.ql
  • RULE-16-1 - SwitchCaseStartCondition.ql, SwitchStmtNotWellFormed.ql
  • RULE-16-2 - NestSwitchLabelInSwitchStatement.ql
  • RULE-16-3 - BreakShallTerminateSwitchClause.ql
  • RULE-16-4 - EverySwitchShallHaveDefaultLabel.ql
  • RULE-16-5 - DefaultNotFirstOrLastOfSwitch.ql
  • RULE-16-6 - SwitchClauseNumberCondition.ql
  • RULE-16-7 - SwitchExpressionBoolCondition.ql
  • RULE-17-2 - RecursiveFunctionCondition.ql
  • RULE-17-4 - NonVoidFunctionReturnCondition.ql
  • RULE-17-6 - UseOfArrayStatic.ql
  • RULE-19-1 - ObjectAssignedToAnOverlappingObject.ql, ObjectCopiedToAnOverlappingObject.ql
  • RULE-21-13 - CtypeFunctionArgNotUnsignedCharOrEof.ql
  • RULE-21-15 - MemcpyMemmoveMemcmpArgNotPointersToCompatibleTypes.ql
  • RULE-22-1 - FreeMemoryWhenNoLongerNeededMisra.ql, CloseFileHandleWhenNoLongerNeededMisra.ql
  • RULE-22-2 - OnlyFreeMemoryAllocatedDynamicallyMisra.ql

Appendix: CERT-C new queries

New queries added to cover the following rules:

  • ARR32-C - VariableLengthArraySizeNotInValidRange.ql
  • ARR36-C - DoNotSubtractPointersThatDoNotReferToTheSameArray.ql, DoNotRelatePointersThatDoNotReferToTheSameArray.ql
  • ARR37-C - DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql
  • EXP35-C - DoNotModifyObjectsWithTemporaryLifetime.ql
  • EXP42-C - DoNotComparePaddingData.ql
  • FLP30-C - FloatingPointLoopCounters.ql
  • FLP32-C - UncheckedRangeDomainPoleErrors.ql
  • FLP34-C - UncheckedFloatingPointConversion.ql
  • FLP36-C - IntToFloatPreservePrecision.ql
  • FLP37-C - MemcmpUsedToCompareFloats.ql
  • INT30-C - UnsignedIntegerOperationsWrapAround.ql
  • INT31-C - IntegerConversionCausesDataLoss.ql
  • INT32-C - SignedIntegerOverflow.ql
  • INT33-C - DivOrRemByZero.ql
  • INT34-C - ExprShiftedbyNegativeOrGreaterPrecisionOperand.ql
  • INT35-C - UseCorrectIntegerPrecisions.ql
  • INT36-C - ConvertingAPointerToIntegerOrIntegerToPointer.ql
  • MEM31-C - FreeMemoryWhenNoLongerNeededCert.ql
  • MEM33-C - AllocStructsWithAFlexibleArrayMemberDynamically.ql, CopyStructsWithAFlexibleArrayMemberDynamically.ql
  • MEM34-C - OnlyFreeMemoryAllocatedDynamicallyCert.ql
  • MEM35-C - InsufficientMemoryAllocatedForObject.ql
  • MEM36-C - DoNotModifyAlignmentOfMemoryWithRealloc.ql
  • MSC33-C - DoNotPassInvalidDataToTheAsctimeFunction.ql
  • MSC39-C - DoNotCallVaArgOnAVaListThatHasAnIndeterminateValue.ql
  • PRE31-C - SideEffectsInArgumentsToUnsafeMacros.ql
  • SIG30-C - CallOnlyAsyncSafeFunctionsWithinSignalHandlers.ql
  • SIG31-C - DoNotAccessSharedObjectsInSignalHandlers.ql
  • SIG34-C - DoNotCallSignalFromInterruptibleSignalHandlers.ql
  • SIG35-C - DoNotReturnFromAComputationalExceptionHandler.ql
Assets 7
Loading