Merge remote-tracking branch 'upstream/main' into next

github · Jan 9, 2025 · 17e2a1e · 17e2a1e
2 parents 347c84f + 41080c4
commit 17e2a1e
Show file tree

Hide file tree

Showing 6 changed files with 59 additions and 2 deletions.
diff --git a/.github/workflows/code-scanning-pack-gen.yml b/.github/workflows/code-scanning-pack-gen.yml
@@ -80,6 +80,8 @@ jobs:
 
       - name: Checkout external help files
         id: checkout-external-help-files
+        # PRs from forks and dependabot do not have access to an appropriate token for cloning the help files repos
+        if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' }}
         uses: actions/checkout@v4
         with:
           ssh-key: ${{ secrets.CODEQL_CODING_STANDARDS_HELP_KEY }}
@@ -88,7 +90,7 @@ jobs:
           path: external-help-files
 
       - name: Include external help files
-        if: steps.checkout-external-help-files.outcome == 'success'
+        if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]'&& steps.checkout-external-help-files.outcome == 'success' }}
         run: |
           pushd external-help-files
           find . -name '*.md' -exec rsync -av --relative {} "$GITHUB_WORKSPACE" \;

diff --git a/change_notes/2024-12-17-fix-fp-824-a15-4-4 b/change_notes/2024-12-17-fix-fp-824-a15-4-4
@@ -0,0 +1,2 @@
+ - `A15-4-4` - `MissingNoExcept.ql`:
+   - Reduce false positives by not reporting on functions that have a noexcept specification with a complex expression or call other such functions.
diff --git a/change_notes/2024-12-18-fix-fp-540-a3-9-1.md b/change_notes/2024-12-18-fix-fp-540-a3-9-1.md
@@ -0,0 +1,2 @@
+ - `A3-9-1` - `VariableWidthIntegerTypesUsed.ql`:
+   - Reduce false positives by not considering variables from template instantiations.
diff --git a/cpp/autosar/src/rules/A15-4-4/MissingNoExcept.ql b/cpp/autosar/src/rules/A15-4-4/MissingNoExcept.ql
@@ -19,6 +19,36 @@ import codingstandards.cpp.autosar
 import codingstandards.cpp.exceptions.ExceptionSpecifications
 import codingstandards.cpp.exceptions.ExceptionFlow
 
+// These functions have a noexcept specification that could not be resolved
+// to noexcept(true). So either, they are noexcept(false) functions which
+// means, they can throw an exception OR they have an expression which
+// could not be resolved to "true" or "false". Even in this case, lets
+// be more conservative and assume they may thrown an exception.
+class FunctionWithUnknownNoExcept extends Function {
+  FunctionWithUnknownNoExcept() {
+    // Exists a noexcept specification but not noexcept(true)
+    exists(this.getADeclarationEntry().getNoExceptExpr()) and
+    not isNoExceptTrue(this)
+  }
+}
+
+// This predicate checks if a function can call to other functions
+// that may have a noexcept specification which cannot be resolved to
+// noexcept(true).
+predicate mayCallThrowingFunctions(Function f) {
+  // Exists a call in this function
+  exists(Call fc |
+    fc.getEnclosingFunction() = f and
+    (
+      // Either this call is to a function with an unknown noexcept OR
+      fc.getTarget() instanceof FunctionWithUnknownNoExcept
+      or
+      // That function can further have calls to unknown noexcept functions.
+      mayCallThrowingFunctions(fc.getTarget())
+    )
+  )
+}
+
 from Function f
 where
   not isExcluded(f, Exceptions1Package::missingNoExceptQuery()) and
@@ -28,6 +58,12 @@ where
   not isNoExceptTrue(f) and
   // Not explicitly marked noexcept(false)
   not isNoExceptExplicitlyFalse(f) and
+  // Not having a noexcept specification that
+  // could not be computed as true or false above.
+  not exists(f.getADeclarationEntry().getNoExceptExpr()) and
+  // Not calling function(s) which have a noexcept specification that
+  // could not be computed as true.
+  not mayCallThrowingFunctions(f) and
   // Not compiler generated
   not f.isCompilerGenerated() and
   // The function is defined in this database

diff --git a/cpp/autosar/src/rules/A3-9-1/VariableWidthIntegerTypesUsed.ql b/cpp/autosar/src/rules/A3-9-1/VariableWidthIntegerTypesUsed.ql
@@ -32,6 +32,10 @@ where
     typeStrippedOfSpecifiers instanceof SignedCharType
   ) and
   not v instanceof ExcludedVariable and
+  // Dont consider template instantiations because instantiations with
+  // Fixed Width Types are recorded after stripping their typedef'd type,
+  // thereby, causing false positives (#540).
+  not v.isFromTemplateInstantiation(_) and
   //post-increment/post-decrement operators are required by the standard to have a dummy int parameter
   not v.(Parameter).getFunction() instanceof PostIncrementOperator and
   not v.(Parameter).getFunction() instanceof PostDecrementOperator

diff --git a/cpp/autosar/test/rules/A3-9-1/test.cpp b/cpp/autosar/test/rules/A3-9-1/test.cpp
@@ -75,4 +75,15 @@ void test_variable_width_type_qualified_variables() {
 struct test_fix_fp_614 {
   test_fix_fp_614 operator++(int); // COMPLIANT
   test_fix_fp_614 operator--(int); // COMPLIANT
-};
+};
+
+// COMPLIANT - instantiated with Fixed Width Types.
+template <typename MyType> constexpr void test_fix_fp_540(MyType value) {
+  value++;
+}
+
+int call_test_fix_fp_540() {
+  test_fix_fp_540<std::uint8_t>(19);
+  test_fix_fp_540<std::int16_t>(20);
+  return 0;
+}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		- `A15-4-4` - `MissingNoExcept.ql`:
		- Reduce false positives by not reporting on functions that have a noexcept specification with a complex expression or call other such functions.
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		- `A3-9-1` - `VariableWidthIntegerTypesUsed.ql`:
		- Reduce false positives by not considering variables from template instantiations.