Merge branch 'main' into codeql/upgrade-to-2.18.4

Author: lcartey

.github/workflows/dispatch-matrix-check.yml

@@ -20,11 +20,20 @@ jobs:
         with:
           minimum-permission: "write"
 
+      - name: Generate token
+        id: generate-token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ vars.AUTOMATION_APP_ID }}
+          private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
+          owner: ${{ github.repository_owner }}
+          repositories: "codeql-coding-standards-release-engineering"
+
       - name: Dispatch Matrix Testing Job
         if: steps.check-write-permission.outputs.has-permission
         uses: peter-evans/repository-dispatch@v2
         with:
-          token: ${{ secrets.RELEASE_ENGINEERING_TOKEN }}
+          token: ${{ steps.generate-token.outputs.token }}
           repository: github/codeql-coding-standards-release-engineering
           event-type: matrix-test
           client-payload: '{"pr": "${{ github.event.number }}"}'

.github/workflows/dispatch-matrix-test-on-comment.yml

@@ -17,11 +17,20 @@ jobs:
         with:
           minimum-permission: "write"
 
+      - name: Generate token
+        id: generate-token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ vars.AUTOMATION_APP_ID }}
+          private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
+          owner: ${{ github.repository_owner }}
+          repositories: "codeql-coding-standards-release-engineering"
+
       - name: Dispatch Matrix Testing Job
         if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-matrix') && steps.check-write-permission.outputs.has-permission }}
         uses: peter-evans/repository-dispatch@v2
         with:
-          token: ${{ secrets.RELEASE_ENGINEERING_TOKEN }}
+          token: ${{ steps.generate-token.outputs.token }}
           repository: github/codeql-coding-standards-release-engineering
           event-type: matrix-test
           client-payload: '{"pr": "${{ github.event.issue.number }}"}'

.github/workflows/dispatch-release-performance-check.yml

@@ -17,11 +17,20 @@ jobs:
         with:
           minimum-permission: "write"
 
+      - name: Generate token
+        id: generate-token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ vars.AUTOMATION_APP_ID }}
+          private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
+          owner: ${{ github.repository_owner }}
+          repositories: "codeql-coding-standards-release-engineering"
+
       - name: Dispatch Performance Testing Job
         if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-performance') && steps.check-write-permission.outputs.has-permission }}
         uses: peter-evans/repository-dispatch@v2
         with:
-          token: ${{ secrets.RELEASE_ENGINEERING_TOKEN }}
+          token: ${{ steps.generate-token.outputs.token }}
           repository: github/codeql-coding-standards-release-engineering
           event-type: performance-test
           client-payload: '{"pr": "${{ github.event.issue.number }}"}'

.github/workflows/finalize-release.yml

@@ -103,7 +103,7 @@ jobs:
       - name: Generate token
         if: env.HOTFIX_RELEASE == 'false'
         id: generate-token
-        uses: actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e
+        uses: actions/create-github-app-token@v1
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}
           private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}

.github/workflows/prepare-release.yml

@@ -143,7 +143,7 @@ jobs:
 
       - name: Generate token
         id: generate-token
-        uses: actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e
+        uses: actions/create-github-app-token@v1
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}
           private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}

.github/workflows/update-release.yml

@@ -43,7 +43,7 @@ jobs:
 
       - name: Generate token
         id: generate-token
-        uses: actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e
+        uses: actions/create-github-app-token@v1
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}
           private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}

.github/workflows/validate-release.yml

@@ -40,7 +40,7 @@ jobs:
     steps:
       - name: Generate token
         id: generate-token
-        uses: actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e
+        uses: actions/create-github-app-token@v1
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}
           private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
@@ -108,7 +108,7 @@ jobs:
     steps:
       - name: Generate token
         id: generate-token
-        uses: actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e
+        uses: actions/create-github-app-token@v1
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}
           private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}

README.md

@@ -18,7 +18,11 @@ The following coding standards are supported:
 
 ## :construction: Standards under development :construction:
 
-- [MISRA C++ 2023](https://misra.org.uk/product/misra-cpp2023/) - under development _scheduled for release 2024 Q4_.
+The following standards are under active development:
+
+- [MISRA C++ 2023](https://misra.org.uk/product/misra-cpp2023/) - under development - _scheduled for release 2025 Q1_
+- [MISRA C 2023](https://misra.org.uk/product/misra-c2023/) - under development - _scheduled for release 2025 Q1_
+  - This includes the development of [MISRA C 2012 Amendment 3](https://misra.org.uk/app/uploads/2021/06/MISRA-C-2012-AMD3.pdf) and [MISRA C 2012 Amendment 4](https://misra.org.uk/app/uploads/2021/06/MISRA-C-2012-AMD4.pdf), which are incorporated into MISRA C 2023.
 
 ## How do I use the CodeQL Coding Standards Queries?
 

c/common/test/rules/functionnoreturnattributecondition/FunctionNoReturnAttributeCondition.expected

@@ -0,0 +1,3 @@
+| test.c:9:16:9:31 | test_noreturn_f2 | The function test_noreturn_f2 declared with attribute _Noreturn returns a value. |
+| test.c:34:16:34:31 | test_noreturn_f5 | The function test_noreturn_f5 declared with attribute _Noreturn returns a value. |
+| test.c:49:32:49:47 | test_noreturn_f7 | The function test_noreturn_f7 declared with attribute _Noreturn returns a value. |

c/common/test/rules/functionnoreturnattributecondition/FunctionNoReturnAttributeCondition.ql

@@ -0,0 +1,4 @@
+// GENERATED FILE - DO NOT MODIFY
+import codingstandards.cpp.rules.functionnoreturnattributecondition.FunctionNoReturnAttributeCondition
+
+class TestFileQuery extends FunctionNoReturnAttributeConditionSharedQuery, TestQuery { }

c/common/test/rules/functionnoreturnattributecondition/test.c

@@ -0,0 +1,88 @@
+#include "setjmp.h"
+#include "stdlib.h"
+#include "threads.h"
+
+_Noreturn void test_noreturn_f1(int i) { // COMPLIANT
+  abort();
+}
+
+_Noreturn void test_noreturn_f2(int i) { // NON_COMPLIANT
+  if (i > 0) {
+    abort();
+  }
+  if (i < 0) {
+    abort();
+  }
+}
+
+_Noreturn void test_noreturn_f3(int i) { // COMPLIANT
+  if (i > 0) {
+    abort();
+  }
+  exit(1);
+}
+
+void test_noreturn_f4(int i) { // COMPLIANT
+  if (i > 0) {
+    abort();
+  }
+  if (i < 0) {
+    abort();
+  }
+}
+
+_Noreturn void test_noreturn_f5(int i) { // NON_COMPLIANT
+  if (i > 0) {
+    abort();
+  }
+}
+
+_Noreturn void test_noreturn_f6(int i) { // COMPLIANT
+  if (i > 0) {
+    abort();
+  }
+  while (1) {
+    i = 5;
+  }
+}
+
+__attribute__((noreturn)) void test_noreturn_f7(int i) { // NON_COMPLIANT
+  if (i > 0) {
+    abort();
+  }
+}
+
+__attribute__((noreturn)) void test_noreturn_f8(int i) { // COMPLIANT
+  abort();
+}
+
+_Noreturn void test_noreturn_f9(int i) { // COMPLIANT
+  test_noreturn_f1(i);
+}
+
+_Noreturn void test_noreturn_f10(int i) { // COMPLIANT
+  switch (i) {
+  case 0:
+    abort();
+    break;
+  case 1:
+    exit(0);
+    break;
+  case 2:
+    _Exit(0);
+    break;
+  case 3:
+    quick_exit(0);
+    break;
+  case 4:
+    thrd_exit(0);
+    break;
+  default:
+    jmp_buf jb;
+    longjmp(jb, 0);
+  }
+}
+
+_Noreturn void test_noreturn_f11(int i) { // COMPLIANT
+  return test_noreturn_f11(i);
+}

c/misra/src/rules/RULE-17-10/NonVoidReturnTypeOfNoreturnFunction.ql

@@ -0,0 +1,26 @@
+/**
+ * @id c/misra/non-void-return-type-of-noreturn-function
+ * @name RULE-17-10: A function declared with _noreturn shall have a return type of void
+ * @description Function declared with _noreturn will by definition not return a value, and should
+ *              be declared to return void.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity recommendation
+ * @tags external/misra/id/rule-17-10
+ *       correctness
+ *       external/misra/obligation/required
+ */
+
+import cpp
+import codingstandards.c.misra
+import codingstandards.cpp.Noreturn
+
+from NoreturnFunction f, Type returnType
+where
+  not isExcluded(f, NoReturnPackage::nonVoidReturnTypeOfNoreturnFunctionQuery()) and
+  returnType = f.getType() and
+  not returnType instanceof VoidType and
+  not f.isCompilerGenerated()
+select f,
+  "The function " + f.getName() + " is declared _noreturn but has a return type of " +
+    returnType.toString() + "."

c/misra/src/rules/RULE-17-11/FunctionWithNoReturningBranchShouldBeNoreturn.ql

@@ -0,0 +1,28 @@
+/**
+ * @id c/misra/function-with-no-returning-branch-should-be-noreturn
+ * @name RULE-17-11: A function without a branch that returns shall be declared with _Noreturn
+ * @description Functions which cannot return should be declared with _Noreturn.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity recommendation
+ * @tags external/misra/id/rule-17-11
+ *       correctness
+ *       external/misra/obligation/advisory
+ */
+
+import cpp
+import codingstandards.c.misra
+import codingstandards.cpp.Noreturn
+
+from Function f
+where
+  not isExcluded(f, NoReturnPackage::functionWithNoReturningBranchShouldBeNoreturnQuery()) and
+  not f instanceof NoreturnFunction and
+  not mayReturn(f) and
+  f.hasDefinition() and
+  not f.getName() = "main" and // Allowed exception; _Noreturn main() is undefined behavior.
+  // Harden against c++ cases.
+  not f.isFromUninstantiatedTemplate(_) and
+  not f.isDeleted() and
+  not f.isCompilerGenerated()
+select f, "The function " + f.getName() + " cannot return and should be declared as _Noreturn."

c/misra/src/rules/RULE-17-9/ReturnStatementInNoreturnFunction.ql

@@ -0,0 +1,21 @@
+/**
+ * @id c/misra/return-statement-in-noreturn-function
+ * @name RULE-17-9: Verify that a function declared with _Noreturn does not return
+ * @description Returning inside a function declared with _Noreturn is undefined behavior.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity error
+ * @tags external/misra/id/rule-17-9
+ *       correctness
+ *       external/misra/obligation/mandatory
+ */
+
+import cpp
+import codingstandards.c.misra
+import codingstandards.cpp.rules.functionnoreturnattributecondition.FunctionNoReturnAttributeCondition
+
+class ReturnStatementInNoreturnFunctionQuery extends FunctionNoReturnAttributeConditionSharedQuery {
+  ReturnStatementInNoreturnFunctionQuery() {
+    this = NoReturnPackage::returnStatementInNoreturnFunctionQuery()
+  }
+}

c/misra/test/rules/RULE-17-10/NonVoidReturnTypeOfNoreturnFunction.expected

@@ -0,0 +1,4 @@
+| test.c:6:15:6:16 | f4 | The function f4 is declared _noreturn but has a return type of int. |
+| test.c:19:15:19:16 | f8 | The function f8 is declared _noreturn but has a return type of int. |
+| test.c:24:17:24:18 | f9 | The function f9 is declared _noreturn but has a return type of void *. |
+| test.c:26:31:26:33 | f10 | The function f10 is declared _noreturn but has a return type of int. |

c/misra/test/rules/RULE-17-10/NonVoidReturnTypeOfNoreturnFunction.qlref

@@ -0,0 +1 @@
+rules/RULE-17-10/NonVoidReturnTypeOfNoreturnFunction.ql

c/misra/test/rules/RULE-17-10/test.c

@@ -0,0 +1,26 @@
+#include "stdlib.h"
+
+void f1();           // COMPLIANT
+int f2();            // COMPLIANT
+_Noreturn void f3(); // COMPLIANT
+_Noreturn int f4();  // NON-COMPLIANT
+
+void f5() { // COMPLIANT
+}
+
+int f6() { // COMPLIANT
+  return 0;
+}
+
+_Noreturn void f7() { // COMPLIANT
+  abort();
+}
+
+_Noreturn int f8() { // NON-COMPLIANT
+  abort();
+  return 0;
+}
+
+_Noreturn void *f9(); // NON-COMPLIANT
+
+__attribute__((noreturn)) int f10(); // NON-COMPLIANT

c/misra/test/rules/RULE-17-11/FunctionWithNoReturningBranchShouldBeNoreturn.expected

@@ -0,0 +1,6 @@
+| test.c:7:6:7:21 | test_noreturn_f2 | The function test_noreturn_f2 cannot return and should be declared as _Noreturn. |
+| test.c:18:6:18:21 | test_noreturn_f4 | The function test_noreturn_f4 cannot return and should be declared as _Noreturn. |
+| test.c:47:6:47:21 | test_noreturn_f8 | The function test_noreturn_f8 cannot return and should be declared as _Noreturn. |
+| test.c:63:6:63:22 | test_noreturn_f10 | The function test_noreturn_f10 cannot return and should be declared as _Noreturn. |
+| test.c:97:6:97:22 | test_noreturn_f15 | The function test_noreturn_f15 cannot return and should be declared as _Noreturn. |
+| test.c:101:6:101:22 | test_noreturn_f16 | The function test_noreturn_f16 cannot return and should be declared as _Noreturn. |

c/misra/test/rules/RULE-17-11/FunctionWithNoReturningBranchShouldBeNoreturn.qlref

@@ -0,0 +1 @@
+rules/RULE-17-11/FunctionWithNoReturningBranchShouldBeNoreturn.ql