Merge branch 'main' into rp/m0-1-10-711

Author: rak3-sh

.github/workflows/codeql_unit_tests.yml

@@ -151,7 +151,7 @@ jobs:
               file.close()
 
       - name: Upload test results
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: ${{ matrix.language }}-test-results-${{ runner.os }}-${{ matrix.codeql_cli }}-${{ matrix.codeql_standard_library_ident }}
           path: |
@@ -171,7 +171,7 @@ jobs:
           script: |
             core.setFailed('Test run job failed')
       - name: Collect test results
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
 
       - name: Validate test results
         run: |

.github/workflows/dispatch-matrix-check.yml

@@ -20,11 +20,20 @@ jobs:
         with:
           minimum-permission: "write"
 
+      - name: Generate token
+        id: generate-token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ vars.AUTOMATION_APP_ID }}
+          private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
+          owner: ${{ github.repository_owner }}
+          repositories: "codeql-coding-standards-release-engineering"
+
       - name: Dispatch Matrix Testing Job
         if: steps.check-write-permission.outputs.has-permission
         uses: peter-evans/repository-dispatch@v2
         with:
-          token: ${{ secrets.RELEASE_ENGINEERING_TOKEN }}
+          token: ${{ steps.generate-token.outputs.token }}
           repository: github/codeql-coding-standards-release-engineering
           event-type: matrix-test
           client-payload: '{"pr": "${{ github.event.number }}"}'

.github/workflows/dispatch-matrix-test-on-comment.yml

@@ -17,11 +17,20 @@ jobs:
         with:
           minimum-permission: "write"
 
+      - name: Generate token
+        id: generate-token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ vars.AUTOMATION_APP_ID }}
+          private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
+          owner: ${{ github.repository_owner }}
+          repositories: "codeql-coding-standards-release-engineering"
+
       - name: Dispatch Matrix Testing Job
         if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-matrix') && steps.check-write-permission.outputs.has-permission }}
         uses: peter-evans/repository-dispatch@v2
         with:
-          token: ${{ secrets.RELEASE_ENGINEERING_TOKEN }}
+          token: ${{ steps.generate-token.outputs.token }}
           repository: github/codeql-coding-standards-release-engineering
           event-type: matrix-test
           client-payload: '{"pr": "${{ github.event.issue.number }}"}'

.github/workflows/dispatch-release-performance-check.yml

@@ -17,11 +17,20 @@ jobs:
         with:
           minimum-permission: "write"
 
+      - name: Generate token
+        id: generate-token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ vars.AUTOMATION_APP_ID }}
+          private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
+          owner: ${{ github.repository_owner }}
+          repositories: "codeql-coding-standards-release-engineering"
+
       - name: Dispatch Performance Testing Job
         if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-performance') && steps.check-write-permission.outputs.has-permission }}
         uses: peter-evans/repository-dispatch@v2
         with:
-          token: ${{ secrets.RELEASE_ENGINEERING_TOKEN }}
+          token: ${{ steps.generate-token.outputs.token }}
           repository: github/codeql-coding-standards-release-engineering
           event-type: performance-test
           client-payload: '{"pr": "${{ github.event.issue.number }}"}'

.github/workflows/finalize-release.yml

@@ -103,7 +103,7 @@ jobs:
       - name: Generate token
         if: env.HOTFIX_RELEASE == 'false'
         id: generate-token
-        uses: actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e
+        uses: actions/create-github-app-token@v1
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}
           private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}

.github/workflows/prepare-release.yml

@@ -143,7 +143,7 @@ jobs:
 
       - name: Generate token
         id: generate-token
-        uses: actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e
+        uses: actions/create-github-app-token@v1
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}
           private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}

.github/workflows/standard_library_upgrade_tests.yml

@@ -143,7 +143,7 @@ jobs:
               }, test_summary_file)
 
       - name: Upload test results
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: test-results-${{runner.os}}-${{matrix.codeql_cli}}-${{matrix.codeql_standard_library_ident}}
           path: |
@@ -162,7 +162,7 @@ jobs:
           python-version: "3.9"
 
       - name: Collect test results
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@v4
 
       - name: Validate test results
         shell: python

.github/workflows/update-release.yml

@@ -43,7 +43,7 @@ jobs:
 
       - name: Generate token
         id: generate-token
-        uses: actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e
+        uses: actions/create-github-app-token@v1
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}
           private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}

.github/workflows/upgrade_codeql_dependencies.yml

@@ -18,10 +18,20 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
+
+      - name: Fetch CodeQL
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+          RUNNER_TEMP: ${{ runner.temp }}
+        run: |
+          cd $RUNNER_TEMP
+          gh release download "v${CODEQL_CLI_VERSION}" --repo https://github.com/github/codeql-cli-binaries --pattern codeql-linux64.zip
+          unzip -q codeql-linux64.zip
+          echo "$RUNNER_TEMP/codeql/" >> $GITHUB_PATH
 
       - name: Install Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: "3.9"
 
@@ -35,27 +45,27 @@ jobs:
         run: |
           python3 scripts/upgrade-codeql-dependencies/upgrade-codeql-dependencies.py --cli-version "$CODEQL_CLI_VERSION"
 
-      - name: Fetch CodeQL
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
-          RUNNER_TEMP: ${{ runner.temp }}
-        run: |
-          cd $RUNNER_TEMP
-          gh release download "v${CODEQL_CLI_VERSION}" --repo https://github.com/github/codeql-cli-binaries --pattern codeql-linux64.zip
-          unzip -q codeql-linux64.zip
-
       - name: Update CodeQL formatting based on new CLI version
         env:
           RUNNER_TEMP: ${{ runner.temp }}
         run: |
-          find cpp \( -name '*.ql' -or -name '*.qll' \) -print0 | xargs -0 --max-procs "$XARGS_MAX_PROCS" $RUNNER_TEMP/codeql/codeql query format --in-place
-          find c \( -name '*.ql' -or -name '*.qll' \) -print0 | xargs -0 --max-procs "$XARGS_MAX_PROCS" $RUNNER_TEMP/codeql/codeql query format --in-place
+          find cpp \( -name '*.ql' -or -name '*.qll' \) -print0 | xargs -0 --max-procs "$XARGS_MAX_PROCS" codeql query format --in-place
+          find c \( -name '*.ql' -or -name '*.qll' \) -print0 | xargs -0 --max-procs "$XARGS_MAX_PROCS" codeql query format --in-place
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v3
+        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
         with:
-          title: "Upgrading `github/codeql` dependency to ${{ github.event.inputs.codeql_cli_version }}"
-          body: "This PR upgrades the CodeQL CLI version to ${{ github.event.inputs.codeql_cli_version }}."
+          title: "Upgrade `github/codeql` dependency to ${{ github.event.inputs.codeql_cli_version }}"
+          body: |
+            This PR upgrades the CodeQL CLI version to ${{ github.event.inputs.codeql_cli_version }}.
+
+            ## CodeQL dependency upgrade checklist:
+
+            - [ ] Confirm the code has been correctly reformatted according to the new CodeQL CLI.
+            - [ ] Identify any CodeQL compiler warnings and errors, and update queries as required.
+            - [ ] Validate that the `github/codeql` test cases succeed.
+            - [ ] Address any CodeQL test failures in the `github/codeql-coding-standards` repository.
+            - [ ] Validate performance vs pre-upgrade, using /test-performance
           commit-message: "Upgrading `github/codeql` dependency to ${{ github.event.inputs.codeql_cli_version }}"
           delete-branch: true
           branch: "codeql/upgrade-to-${{ github.event.inputs.codeql_cli_version }}"

.github/workflows/validate-release.yml

@@ -40,7 +40,7 @@ jobs:
     steps:
       - name: Generate token
         id: generate-token
-        uses: actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e
+        uses: actions/create-github-app-token@v1
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}
           private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
@@ -108,7 +108,7 @@ jobs:
     steps:
       - name: Generate token
         id: generate-token
-        uses: actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e
+        uses: actions/create-github-app-token@v1
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}
           private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}

README.md

@@ -18,7 +18,11 @@ The following coding standards are supported:
 
 ## :construction: Standards under development :construction:
 
-- [MISRA C++ 2023](https://misra.org.uk/product/misra-cpp2023/) - under development _scheduled for release 2024 Q4_.
+The following standards are under active development:
+
+- [MISRA C++ 2023](https://misra.org.uk/product/misra-cpp2023/) - under development - _scheduled for release 2025 Q1_
+- [MISRA C 2023](https://misra.org.uk/product/misra-c2023/) - under development - _scheduled for release 2025 Q1_
+  - This includes the development of [MISRA C 2012 Amendment 3](https://misra.org.uk/app/uploads/2021/06/MISRA-C-2012-AMD3.pdf) and [MISRA C 2012 Amendment 4](https://misra.org.uk/app/uploads/2021/06/MISRA-C-2012-AMD4.pdf), which are incorporated into MISRA C 2023.
 
 ## How do I use the CodeQL Coding Standards Queries?
 

c/common/src/codingstandards/c/Extensions.qll

@@ -4,21 +4,28 @@ import codingstandards.cpp.Extensions
 /**
  * Common base class for modeling compiler extensions.
  */
-abstract class CCompilerExtension extends CompilerExtension { }
+abstract class CCompilerExtension extends CompilerExtension {
+  abstract string getMessage();
+}
 
 // Reference: https://gcc.gnu.org/onlinedocs/gcc/Other-Builtins.html#Other-Builtins
 abstract class CConditionalDefineExtension extends CCompilerExtension, PreprocessorIfdef {
+  string feature;
+
   CConditionalDefineExtension() {
-    exists(toString().indexOf("__has_builtin")) or
-    exists(toString().indexOf("__has_constexpr_builtin")) or
-    exists(toString().indexOf("__has_feature")) or
-    exists(toString().indexOf("__has_extension")) or
-    exists(toString().indexOf("__has_attribute")) or
-    exists(toString().indexOf("__has_declspec_attribute")) or
-    exists(toString().indexOf("__is_identifier")) or
-    exists(toString().indexOf("__has_include")) or
-    exists(toString().indexOf("__has_include_next")) or
-    exists(toString().indexOf("__has_warning"))
+    feature =
+      [
+        "__has_builtin", "__has_constexpr_builtin", "__has_feature", "__has_extension",
+        "__has_attribute", "__has_declspec_attribute", "__is_identifier", "__has_include",
+        "__has_include_next", "__has_warning"
+      ] and
+    exists(toString().indexOf(feature))
+  }
+
+  override string getMessage() {
+    result =
+      "Call to builtin function '" + feature +
+        "' is a compiler extension and is not portable to other compilers."
   }
 }
 
@@ -31,6 +38,12 @@ class CMacroBasedExtension extends CCompilerExtension, Macro {
         "__clang_version__", "__clang_literal_encoding__", "__clang_wide_literal_encoding__"
       ]
   }
+
+  override string getMessage() {
+    result =
+      "Use of builtin macro '" + getBody() +
+        "' is a compiler extension and is not portable to other compilers."
+  }
 }
 
 // Reference: https://gcc.gnu.org/onlinedocs/gcc/Variable-Attributes.html#Variable-Attributes
@@ -41,6 +54,12 @@ class CAttributeExtension extends CCompilerExtension, Attribute {
         "fallthrough", "read_only", "alias"
       ]
   }
+
+  override string getMessage() {
+    result =
+      "Use of attribute  '" + getName() +
+        "' is a compiler extension and is not portable to other compilers."
+  }
 }
 
 // Reference: https://gcc.gnu.org/onlinedocs/gcc/_005f_005fsync-Builtins.html#g_t_005f_005fsync-Builtins
@@ -61,21 +80,41 @@ class CFunctionExtension extends CCompilerExtension, FunctionCall {
     // the built-in extensions
     getTarget().getName().indexOf("__builtin_") = 0
   }
+
+  override string getMessage() {
+    result =
+      "Call to builtin function '" + getTarget().getName() +
+        "' is a compiler extension and is not portable to other compilers."
+  }
 }
 
 // Reference: https://gcc.gnu.org/onlinedocs/gcc/Alignment.html#Alignment
 class CFunctionLikeExtension extends CCompilerExtension, AlignofExprOperator {
   CFunctionLikeExtension() { exists(getValueText().indexOf("__alignof__")) }
+
+  override string getMessage() {
+    result = "'__alignof__' is a compiler extension and is not portable to other compilers."
+  }
 }
 
 // Reference: https://gcc.gnu.org/onlinedocs/gcc/Statement-Exprs.html#Statement-Exprs
-class CStmtExprExtension extends CCompilerExtension, StmtExpr { }
+class CStmtExprExtension extends CCompilerExtension, StmtExpr {
+  override string getMessage() {
+    result =
+      "Statement expressions are a compiler extension and are not portable to other compilers."
+  }
+}
 
 // Use of ternary like the following: `int a = 0 ?: 0;` where the
 // one of the branches is omitted
 // Reference: https://gcc.gnu.org/onlinedocs/gcc/Conditionals.html#Conditionals
 class CTerseTernaryExtension extends CCompilerExtension, ConditionalExpr {
   CTerseTernaryExtension() { getCondition() = getElse() or getCondition() = getThen() }
+
+  override string getMessage() {
+    result =
+      "Ternaries with omitted middle operands are a compiler extension and is not portable to other compilers."
+  }
 }
 
 // Reference: https://gcc.gnu.org/onlinedocs/gcc/_005f_005fint128.html#g_t_005f_005fint128
@@ -87,31 +126,63 @@ class CRealTypeExtensionExtension extends CCompilerExtension, DeclarationEntry {
     getType() instanceof Decimal64Type or
     getType() instanceof Float128Type
   }
+
+  override string getMessage() {
+    result = "Decimal floats are a compiler extension and are not portable to other compilers."
+  }
 }
 
 // Reference: https://gcc.gnu.org/onlinedocs/gcc/_005f_005fint128.html#g_t_005f_005fint128
 class CIntegerTypeExtension extends CCompilerExtension, DeclarationEntry {
   CIntegerTypeExtension() { getType() instanceof Int128Type }
+
+  override string getMessage() {
+    result = "128-bit integers are a compiler extension and are not portable to other compilers."
+  }
 }
 
 // Reference: https://gcc.gnu.org/onlinedocs/gcc/Long-Long.html#Long-Long
 class CLongLongType extends CCompilerExtension, DeclarationEntry {
   CLongLongType() { getType() instanceof LongLongType }
+
+  override string getMessage() {
+    result =
+      "Double-Word integers are a compiler extension and are not portable to other compilers."
+  }
 }
 
 class CZeroLengthArraysExtension extends CCompilerExtension, DeclarationEntry {
   CZeroLengthArraysExtension() { getType().(ArrayType).getArraySize() = 0 }
+
+  override string getMessage() {
+    result = "Zero length arrays are a compiler extension and are not portable to other compilers."
+  }
 }
 
 // Reference: https://gcc.gnu.org/onlinedocs/gcc/Empty-Structures.html#Empty-Structures
 class CEmptyStructExtension extends CCompilerExtension, Struct {
   CEmptyStructExtension() { not exists(getAMember(_)) }
+
+  override string getMessage() {
+    result = "Empty structures are a compiler extension and are not portable to other compilers."
+  }
 }
 
 // Reference: https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html#Variable-Length
-class CVariableLengthArraysExtension extends CCompilerExtension, DeclarationEntry {
+class CVariableLengthArraysExtension extends CCompilerExtension, Field {
   CVariableLengthArraysExtension() {
     getType() instanceof ArrayType and
-    not getType().(ArrayType).hasArraySize()
+    not getType().(ArrayType).hasArraySize() and
+    // Not the final member of the struct, which is allowed to be variably sized
+    not exists(int lastIndex, Class declaringStruct |
+      declaringStruct = getDeclaringType() and
+      lastIndex = count(declaringStruct.getACanonicalMember()) - 1 and
+      this = declaringStruct.getCanonicalMember(lastIndex)
+    )
+  }
+
+  override string getMessage() {
+    result =
+      "Variable length arrays are a compiler extension and are not portable to other compilers."
   }
 }