Merge branch 'main' into michaelrfairhurst/implement-banned2-rule-pac…

…kage-rule-21-24

.github/workflows/codeql_unit_tests.yml

@@ -151,7 +151,7 @@ jobs:
               file.close()
 
       - name: Upload test results
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: ${{ matrix.language }}-test-results-${{ runner.os }}-${{ matrix.codeql_cli }}-${{ matrix.codeql_standard_library_ident }}
           path: |
@@ -171,7 +171,7 @@ jobs:
           script: |
             core.setFailed('Test run job failed')
       - name: Collect test results
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
 
       - name: Validate test results
         run: |

.github/workflows/dispatch-matrix-test-on-comment.yml

@@ -26,14 +26,19 @@ jobs:
           owner: ${{ github.repository_owner }}
           repositories: "codeql-coding-standards-release-engineering"
 
-      - name: Dispatch Matrix Testing Job
+      - name: Invoke matrix testing job
         if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-matrix') && steps.check-write-permission.outputs.has-permission }}
-        uses: peter-evans/repository-dispatch@v2
-        with:
-          token: ${{ steps.generate-token.outputs.token }}
-          repository: github/codeql-coding-standards-release-engineering
-          event-type: matrix-test
-          client-payload: '{"pr": "${{ github.event.issue.number }}"}'
+        env:
+          ISSUE_NR: ${{ github.event.issue.number }}
+          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
+        run: |
+          jq -n \
+          --arg issue_nr "$ISSUE_NR" \
+          '{"issue-nr": $issue_nr}' \
+          | \
+          gh workflow run pr-compiler-validation.yml \
+          --json \
+            -R github/codeql-coding-standards-release-engineering
 
       - uses: actions/github-script@v6
         if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-matrix') && steps.check-write-permission.outputs.has-permission }}

.github/workflows/dispatch-release-performance-check.yml

@@ -26,14 +26,19 @@ jobs:
           owner: ${{ github.repository_owner }}
           repositories: "codeql-coding-standards-release-engineering"
 
-      - name: Dispatch Performance Testing Job
+      - name: Invoke performance test
         if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-performance') && steps.check-write-permission.outputs.has-permission }}
-        uses: peter-evans/repository-dispatch@v2
-        with:
-          token: ${{ steps.generate-token.outputs.token }}
-          repository: github/codeql-coding-standards-release-engineering
-          event-type: performance-test
-          client-payload: '{"pr": "${{ github.event.issue.number }}"}'
+        env:
+          ISSUE_NR: ${{ github.event.issue.number }}
+          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
+        run: |
+          jq -n \
+          --arg issue_nr "$ISSUE_NR" \
+          '{"issue-nr": $issue_nr}' \
+          | \
+          gh workflow run pr-performance-testing.yml \
+          --json \
+          -R github/codeql-coding-standards-release-engineering
 
       - uses: actions/github-script@v6
         if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-performance') && steps.check-write-permission.outputs.has-permission }}

.github/workflows/standard_library_upgrade_tests.yml

@@ -143,7 +143,7 @@ jobs:
               }, test_summary_file)
 
       - name: Upload test results
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: test-results-${{runner.os}}-${{matrix.codeql_cli}}-${{matrix.codeql_standard_library_ident}}
           path: |
@@ -162,7 +162,7 @@ jobs:
           python-version: "3.9"
 
       - name: Collect test results
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@v4
 
       - name: Validate test results
         shell: python

c/cert/src/codeql-pack.lock.yml

@@ -2,13 +2,17 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.9.3
+    version: 0.12.2
   codeql/dataflow:
+    version: 0.1.5
+  codeql/rangeanalysis:
     version: 0.0.4
   codeql/ssa:
-    version: 0.1.5
+    version: 0.2.5
   codeql/tutorial:
-    version: 0.1.5
+    version: 0.2.5
+  codeql/typetracking:
+    version: 0.2.5
   codeql/util:
-    version: 0.1.5
+    version: 0.2.5
 compiled: false

c/cert/src/qlpack.yml

@@ -5,4 +5,4 @@ suites: codeql-suites
 license: MIT
 dependencies:
   codeql/common-c-coding-standards: '*'
-  codeql/cpp-all: 0.9.3
+  codeql/cpp-all: 0.12.2

c/cert/test/codeql-pack.lock.yml

@@ -2,13 +2,17 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.9.3
+    version: 0.12.2
   codeql/dataflow:
+    version: 0.1.5
+  codeql/rangeanalysis:
     version: 0.0.4
   codeql/ssa:
-    version: 0.1.5
+    version: 0.2.5
   codeql/tutorial:
-    version: 0.1.5
+    version: 0.2.5
+  codeql/typetracking:
+    version: 0.2.5
   codeql/util:
-    version: 0.1.5
+    version: 0.2.5
 compiled: false

c/common/src/codeql-pack.lock.yml

@@ -2,13 +2,17 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.9.3
+    version: 0.12.2
   codeql/dataflow:
+    version: 0.1.5
+  codeql/rangeanalysis:
     version: 0.0.4
   codeql/ssa:
-    version: 0.1.5
+    version: 0.2.5
   codeql/tutorial:
-    version: 0.1.5
+    version: 0.2.5
+  codeql/typetracking:
+    version: 0.2.5
   codeql/util:
-    version: 0.1.5
+    version: 0.2.5
 compiled: false

c/common/src/qlpack.yml

@@ -3,4 +3,4 @@ version: 2.36.0-dev
 license: MIT
 dependencies:
   codeql/common-cpp-coding-standards: '*'
-  codeql/cpp-all: 0.9.3
+  codeql/cpp-all: 0.12.2

c/common/test/codeql-pack.lock.yml

@@ -2,13 +2,17 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.9.3
+    version: 0.12.2
   codeql/dataflow:
+    version: 0.1.5
+  codeql/rangeanalysis:
     version: 0.0.4
   codeql/ssa:
-    version: 0.1.5
+    version: 0.2.5
   codeql/tutorial:
-    version: 0.1.5
+    version: 0.2.5
+  codeql/typetracking:
+    version: 0.2.5
   codeql/util:
-    version: 0.1.5
+    version: 0.2.5
 compiled: false

c/misra/src/codeql-pack.lock.yml

@@ -2,13 +2,17 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.9.3
+    version: 0.12.2
   codeql/dataflow:
+    version: 0.1.5
+  codeql/rangeanalysis:
     version: 0.0.4
   codeql/ssa:
-    version: 0.1.5
+    version: 0.2.5
   codeql/tutorial:
-    version: 0.1.5
+    version: 0.2.5
+  codeql/typetracking:
+    version: 0.2.5
   codeql/util:
-    version: 0.1.5
+    version: 0.2.5
 compiled: false

c/misra/src/qlpack.yml

@@ -6,4 +6,4 @@ license: MIT
 default-suite-file: codeql-suites/misra-c-default.qls
 dependencies:
   codeql/common-c-coding-standards: '*'
-  codeql/cpp-all: 0.9.3
+  codeql/cpp-all: 0.12.2

c/misra/src/rules/RULE-10-1/OperandsOfAnInappropriateEssentialType.ql

@@ -15,7 +15,6 @@
 import cpp
 import codingstandards.c.misra
 import codingstandards.c.misra.EssentialTypes
-import codingstandards.cpp.Bitwise
 
 /**
  * Holds if the operator `operator` has an operand `child` that is of an inappropriate essential type
@@ -179,8 +178,7 @@ predicate isInappropriateEssentialType(
     child =
       [
         operator.(BinaryBitwiseOperation).getAnOperand(),
-        operator.(Bitwise::AssignBitwiseOperation).getAnOperand(),
-        operator.(ComplementExpr).getAnOperand()
+        operator.(AssignBitwiseOperation).getAnOperand(), operator.(ComplementExpr).getAnOperand()
       ] and
     not operator instanceof LShiftExpr and
     not operator instanceof RShiftExpr and

c/misra/src/rules/RULE-17-12/FunctionAddressesShouldAddressOperator.ql

@@ -0,0 +1,33 @@
+/**
+ * @id c/misra/function-addresses-should-address-operator
+ * @name RULE-17-12: A function identifier should only be called with a parenthesized parameter list or used with a &
+ * @description A function identifier should only be called with a parenthesized parameter list or
+ *              used with a & (address-of).
+ * @kind problem
+ * @precision very-high
+ * @problem.severity error
+ * @tags external/misra/id/rule-17-12
+ *       readability
+ *       external/misra/c/2012/amendment3
+ *       external/misra/obligation/advisory
+ */
+
+import cpp
+import codingstandards.c.misra
+
+predicate isImplicitlyAddressed(FunctionAccess access) {
+  not access.getParent() instanceof AddressOfExpr and
+  // Note: the following *seems* to only exist in c++ codebases, for instance,
+  // when calling a member. In c, this syntax should always extract as a
+  // [FunctionCall] rather than a [ExprCall] of a [FunctionAccess]. Still, this
+  // is a good pattern to be defensive against.
+  not exists(ExprCall call | call.getExpr() = access)
+}
+
+from FunctionAccess funcAccess
+where
+  not isExcluded(funcAccess, FunctionTypesPackage::functionAddressesShouldAddressOperatorQuery()) and
+  isImplicitlyAddressed(funcAccess)
+select funcAccess,
+  "The address of function " + funcAccess.getTarget().getName() +
+    " is taken without the & operator."

c/misra/src/rules/RULE-8-2/FunctionTypesNotInPrototypeForm.ql

@@ -49,11 +49,9 @@ where
     msg = "Function " + f + " does not specify void for no parameters present."
     or
     //parameters declared in declaration list (not in function signature)
-    //have placeholder file location associated only
-    exists(Parameter p |
-      p.getFunction() = f and
-      not p.getFile() = f.getFile() and
-      msg = "Function " + f + " declares parameter in unsupported declaration list."
-    )
+    //have no prototype
+    not f.isPrototyped() and
+    not hasZeroParamDecl(f) and
+    msg = "Function " + f + " declares parameter in unsupported declaration list."
   )
 select f, msg

c/misra/test/codeql-pack.lock.yml

@@ -2,13 +2,17 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.9.3
+    version: 0.12.2
   codeql/dataflow:
+    version: 0.1.5
+  codeql/rangeanalysis:
     version: 0.0.4
   codeql/ssa:
-    version: 0.1.5
+    version: 0.2.5
   codeql/tutorial:
-    version: 0.1.5
+    version: 0.2.5
+  codeql/typetracking:
+    version: 0.2.5
   codeql/util:
-    version: 0.1.5
+    version: 0.2.5
 compiled: false

c/misra/test/rules/RULE-17-12/FunctionAddressesShouldAddressOperator.expected

@@ -0,0 +1,13 @@
+| test.c:14:25:14:29 | func2 | The address of function func2 is taken without the & operator. |
+| test.c:15:25:15:29 | func3 | The address of function func3 is taken without the & operator. |
+| test.c:21:12:21:16 | func1 | The address of function func1 is taken without the & operator. |
+| test.c:38:3:38:7 | func1 | The address of function func1 is taken without the & operator. |
+| test.c:39:3:39:7 | func2 | The address of function func2 is taken without the & operator. |
+| test.c:57:13:57:17 | func1 | The address of function func1 is taken without the & operator. |
+| test.c:58:21:58:25 | func2 | The address of function func2 is taken without the & operator. |
+| test.c:59:13:59:17 | func1 | The address of function func1 is taken without the & operator. |
+| test.c:59:20:59:24 | func2 | The address of function func2 is taken without the & operator. |
+| test.c:67:11:67:15 | func1 | The address of function func1 is taken without the & operator. |
+| test.c:68:12:68:16 | func1 | The address of function func1 is taken without the & operator. |
+| test.c:69:12:69:16 | func1 | The address of function func1 is taken without the & operator. |
+| test.c:71:18:71:22 | func1 | The address of function func1 is taken without the & operator. |

c/misra/test/rules/RULE-17-12/FunctionAddressesShouldAddressOperator.qlref

@@ -0,0 +1 @@
+rules/RULE-17-12/FunctionAddressesShouldAddressOperator.ql