Merge branch 'main' into lcartey/dead-code-improvements

lcartey · web-flow · commit 0f5edd3e8ced · 2024-10-04T08:40:58.000+01:00
diff --git a/.github/workflows/codeql_unit_tests.yml b/.github/workflows/codeql_unit_tests.yml
@@ -160,9 +160,16 @@ jobs:
 
   validate-test-results:
     name: Validate test results
+    if: ${{ always() }}
     needs: run-test-suites
     runs-on: ubuntu-22.04
     steps:
+      - name: Check if run-test-suites job failed to complete, if so fail
+        if: ${{ needs.run-test-suites.result == 'failure' }}
+        uses: actions/github-script@v3
+        with:
+          script: |
+            core.setFailed('Test run job failed')
       - name: Collect test results
         uses: actions/download-artifact@v3
 
diff --git a/.github/workflows/dispatch-matrix-check.yml b/.github/workflows/dispatch-matrix-check.yml
@@ -20,11 +20,20 @@ jobs:
         with:
           minimum-permission: "write"
 
+      - name: Generate token
+        id: generate-token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ vars.AUTOMATION_APP_ID }}
+          private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
+          owner: ${{ github.repository_owner }}
+          repositories: "codeql-coding-standards-release-engineering"
+
       - name: Dispatch Matrix Testing Job
         if: steps.check-write-permission.outputs.has-permission
         uses: peter-evans/repository-dispatch@v2
         with:
-          token: ${{ secrets.RELEASE_ENGINEERING_TOKEN }}
+          token: ${{ steps.generate-token.outputs.token }}
           repository: github/codeql-coding-standards-release-engineering
           event-type: matrix-test
           client-payload: '{"pr": "${{ github.event.number }}"}'
diff --git a/.github/workflows/dispatch-matrix-test-on-comment.yml b/.github/workflows/dispatch-matrix-test-on-comment.yml
@@ -17,11 +17,20 @@ jobs:
         with:
           minimum-permission: "write"
 
+      - name: Generate token
+        id: generate-token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ vars.AUTOMATION_APP_ID }}
+          private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
+          owner: ${{ github.repository_owner }}
+          repositories: "codeql-coding-standards-release-engineering"
+
       - name: Dispatch Matrix Testing Job
         if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-matrix') && steps.check-write-permission.outputs.has-permission }}
         uses: peter-evans/repository-dispatch@v2
         with:
-          token: ${{ secrets.RELEASE_ENGINEERING_TOKEN }}
+          token: ${{ steps.generate-token.outputs.token }}
           repository: github/codeql-coding-standards-release-engineering
           event-type: matrix-test
           client-payload: '{"pr": "${{ github.event.issue.number }}"}'
diff --git a/.github/workflows/dispatch-release-performance-check.yml b/.github/workflows/dispatch-release-performance-check.yml
@@ -17,11 +17,20 @@ jobs:
         with:
           minimum-permission: "write"
 
+      - name: Generate token
+        id: generate-token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ vars.AUTOMATION_APP_ID }}
+          private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
+          owner: ${{ github.repository_owner }}
+          repositories: "codeql-coding-standards-release-engineering"
+
       - name: Dispatch Performance Testing Job
         if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-performance') && steps.check-write-permission.outputs.has-permission }}
         uses: peter-evans/repository-dispatch@v2
         with:
-          token: ${{ secrets.RELEASE_ENGINEERING_TOKEN }}
+          token: ${{ steps.generate-token.outputs.token }}
           repository: github/codeql-coding-standards-release-engineering
           event-type: performance-test
           client-payload: '{"pr": "${{ github.event.issue.number }}"}'
diff --git a/.github/workflows/finalize-release.yml b/.github/workflows/finalize-release.yml
@@ -103,7 +103,7 @@ jobs:
       - name: Generate token
         if: env.HOTFIX_RELEASE == 'false'
         id: generate-token
-        uses: actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e
+        uses: actions/create-github-app-token@v1
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}
           private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
diff --git a/.github/workflows/prepare-release.yml b/.github/workflows/prepare-release.yml
@@ -143,7 +143,7 @@ jobs:
 
       - name: Generate token
         id: generate-token
-        uses: actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e
+        uses: actions/create-github-app-token@v1
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}
           private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
diff --git a/.github/workflows/update-release.yml b/.github/workflows/update-release.yml
@@ -43,7 +43,7 @@ jobs:
 
       - name: Generate token
         id: generate-token
-        uses: actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e
+        uses: actions/create-github-app-token@v1
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}
           private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
diff --git a/.github/workflows/validate-release.yml b/.github/workflows/validate-release.yml
@@ -40,7 +40,7 @@ jobs:
     steps:
       - name: Generate token
         id: generate-token
-        uses: actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e
+        uses: actions/create-github-app-token@v1
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}
           private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
@@ -108,7 +108,7 @@ jobs:
     steps:
       - name: Generate token
         id: generate-token
-        uses: actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e
+        uses: actions/create-github-app-token@v1
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}
           private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
diff --git a/c/cert/src/qlpack.yml b/c/cert/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cert-c-coding-standards
-version: 2.35.0-dev
+version: 2.36.0-dev
 description: CERT C 2016
 suites: codeql-suites
 license: MIT
diff --git a/c/cert/src/rules/SIG31-C/DoNotAccessSharedObjectsInSignalHandlers.ql b/c/cert/src/rules/SIG31-C/DoNotAccessSharedObjectsInSignalHandlers.ql
@@ -21,18 +21,19 @@ import codingstandards.c.Signal
  */
 class UnsafeSharedVariableAccess extends VariableAccess {
   UnsafeSharedVariableAccess() {
-    // static or thread local storage duration
-    (
-      this.getTarget() instanceof StaticStorageDurationVariable or
-      this.getTarget().isThreadLocal()
-    ) and
     // excluding `volatile sig_atomic_t` type
     not this.getType().(SigAtomicType).isVolatile() and
-    // excluding lock-free atomic objects
-    not exists(MacroInvocation mi, VariableAccess va |
-      mi.getMacroName() = "atomic_is_lock_free" and
-      mi.getExpr().getChild(0) = va.getEnclosingElement*() and
-      va.getTarget() = this.getTarget()
+    exists(Variable target | target = this.getTarget() |
+      // static or thread local storage duration
+      (
+        target instanceof StaticStorageDurationVariable or
+        target.isThreadLocal()
+      ) and
+      // excluding lock-free atomic objects
+      not exists(MacroInvocation mi, VariableAccess va | va.getTarget() = target |
+        mi.getMacroName() = "atomic_is_lock_free" and
+        mi.getExpr().getChild(0) = va.getEnclosingElement*()
+      )
     )
   }
 }
diff --git a/c/cert/test/qlpack.yml b/c/cert/test/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cert-c-coding-standards-tests
-version: 2.35.0-dev
+version: 2.36.0-dev
 extractor: cpp
 license: MIT
 dependencies:
diff --git a/c/common/src/qlpack.yml b/c/common/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/common-c-coding-standards
-version: 2.35.0-dev
+version: 2.36.0-dev
 license: MIT
 dependencies:
   codeql/common-cpp-coding-standards: '*'
diff --git a/c/common/test/qlpack.yml b/c/common/test/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/common-c-coding-standards-tests
-version: 2.35.0-dev
+version: 2.36.0-dev
 extractor: cpp
 license: MIT
 dependencies:
diff --git a/c/misra/src/qlpack.yml b/c/misra/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/misra-c-coding-standards
-version: 2.35.0-dev
+version: 2.36.0-dev
 description: MISRA C 2012
 suites: codeql-suites
 license: MIT
diff --git a/c/misra/src/rules/RULE-10-7/ImplicitConversionOfCompositeExpression.ql b/c/misra/src/rules/RULE-10-7/ImplicitConversionOfCompositeExpression.ql
@@ -18,6 +18,12 @@ import codingstandards.c.misra
 import codingstandards.c.misra.EssentialTypes
 import codingstandards.c.misra.MisraExpressions
 
+bindingset[essentialTypeLeft, essentialTypeRight]
+pragma[inline_late]
+predicate isSameEssentialTypeCategory(Type essentialTypeLeft, Type essentialTypeRight) {
+  getEssentialTypeCategory(essentialTypeLeft) = getEssentialTypeCategory(essentialTypeRight)
+}
+
 from
   OperationWithUsualArithmeticConversions arith, CompositeExpression compositeOp, Expr otherOp,
   Type compositeEssentialType, Type otherOpEssentialType
@@ -32,7 +38,7 @@ where
   // Operands of a different type category in an operation with the usual arithmetic conversions is
   // prohibited by Rule 10.4, so we only report cases here where the essential type categories are
   // the same
-  getEssentialTypeCategory(compositeEssentialType) = getEssentialTypeCategory(otherOpEssentialType)
+  isSameEssentialTypeCategory(compositeEssentialType, otherOpEssentialType)
 select arith,
   "Implicit conversion of $@ from " + compositeEssentialType + " to " + otherOpEssentialType,
   compositeOp, "composite op"
diff --git a/c/misra/test/qlpack.yml b/c/misra/test/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/misra-c-coding-standards-tests
-version: 2.35.0-dev
+version: 2.36.0-dev
 extractor: cpp
 license: MIT
 dependencies:
diff --git a/change_notes/2024-10-02-c-perf-issues.md b/change_notes/2024-10-02-c-perf-issues.md
@@ -0,0 +1,4 @@
+ - `RULE-10-7` - `ImplicitConversionOfCompositeExpression.ql`:
+   - Improved performance on larger codebases.
+ - `SIG31-C` - `DoNotAccessSharedObjectsInSignalHandlers.ql`:
+   - Improved performance on larger codebases.
diff --git a/cpp/autosar/src/qlpack.yml b/cpp/autosar/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/autosar-cpp-coding-standards
-version: 2.35.0-dev
+version: 2.36.0-dev
 description: AUTOSAR C++14 Guidelines R22-11, R21-11, R20-11, R19-11 and R19-03
 suites: codeql-suites
 license: MIT
diff --git a/cpp/autosar/test/qlpack.yml b/cpp/autosar/test/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/autosar-cpp-coding-standards-tests
-version: 2.35.0-dev
+version: 2.36.0-dev
 extractor: cpp
 license: MIT
 dependencies:
diff --git a/cpp/cert/src/qlpack.yml b/cpp/cert/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cert-cpp-coding-standards
-version: 2.35.0-dev
+version: 2.36.0-dev
 description: CERT C++ 2016
 suites: codeql-suites
 license: MIT
diff --git a/cpp/cert/test/qlpack.yml b/cpp/cert/test/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cert-cpp-coding-standards-tests
-version: 2.35.0-dev
+version: 2.36.0-dev
 extractor: cpp
 license: MIT
 dependencies:
diff --git a/cpp/common/src/qlpack.yml b/cpp/common/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/common-cpp-coding-standards
-version: 2.35.0-dev
+version: 2.36.0-dev
 license: MIT
 dependencies:
   codeql/cpp-all: 0.9.3
diff --git a/cpp/common/test/qlpack.yml b/cpp/common/test/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/common-cpp-coding-standards-tests
-version: 2.35.0-dev
+version: 2.36.0-dev
 extractor: cpp
 license: MIT
 dependencies:
diff --git a/cpp/misra/src/qlpack.yml b/cpp/misra/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/misra-cpp-coding-standards
-version: 2.35.0-dev
+version: 2.36.0-dev
 description: MISRA C++ 2023
 suites: codeql-suites
 license: MIT
diff --git a/cpp/misra/test/qlpack.yml b/cpp/misra/test/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/misra-cpp-coding-standards-tests
-version: 2.35.0-dev
+version: 2.36.0-dev
 extractor: cpp
 license: MIT
 dependencies:
diff --git a/cpp/report/src/qlpack.yml b/cpp/report/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/report-cpp-coding-standards
-version: 2.35.0-dev
+version: 2.36.0-dev
 license: MIT
 dependencies:
   codeql/cpp-all: 0.9.3
diff --git a/docs/user_manual.md b/docs/user_manual.md
