codeql-coding-standards icon indicating copy to clipboard operation
codeql-coding-standards copied to clipboard

Published 20 hours ago verified publisher icon github

A2-10-1: add functions and types to identifier consideration

Open knewbury01 opened this issue 1 year ago • 2 comments

Description

fixes #118

the query seems to maybe be slower than before, will need this confirmed

Change request type

  • [ ] Release or process automation (GitHub workflows, internal scripts)
  • [ ] Internal documentation
  • [ ] External documentation
  • [x] Query files (.ql, .qll, .qls or unit tests)
  • [ ] External scripts (analysis report or other code shipped as part of a release)

Rules with added or modified queries

  • [ ] No rules added
  • [ ] Queries have been added for the following rules:
    • rule number here
  • [x] Queries have been modified for the following rules:
    • A2-10-1
    • RULE-5-3

Release change checklist

A change note (development_handbook.md#change-notes) is required for any pull request which modifies:

  • The structure or layout of the release artifacts.
  • The evaluation performance (memory, execution time) of an existing query.
  • The results of an existing query in any circumstance.

If you are only adding new rule queries, a change note is not required.

Author: Is a change note required?

  • [x] Yes
  • [ ] No

🚨🚨🚨 Reviewer: Confirm that format of shared queries (not the .qll file, the .ql file that imports it) is valid by running them within VS Code.

  • [ ] Confirmed

Reviewer: Confirm that either a change note is not required or the change note is required and has been added.

  • [ ] Confirmed

Query development review checklist

For PRs that add new queries or modify existing queries, the following checklist should be completed by both the author and reviewer:

Author

  • [x] Have all the relevant rule package description files been checked in?
  • [x] Have you verified that the metadata properties of each new query is set appropriately?
  • [x] Do all the unit tests contain both "COMPLIANT" and "NON_COMPLIANT" cases?
  • [x] Are the alert messages properly formatted and consistent with the style guide?
  • [x] Have you run the queries on OpenPilot and verified that the performance and results are acceptable?
    As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.
  • [x] Does the query have an appropriate level of in-query comments/documentation?
  • [x] Have you considered/identified possible edge cases?
  • [x] Does the query not reinvent features in the standard library?
  • [x] Can the query be simplified further (not golfed!)

Reviewer

  • [x] Have all the relevant rule package description files been checked in?
  • [x] Have you verified that the metadata properties of each new query is set appropriately?
  • [x] Do all the unit tests contain both "COMPLIANT" and "NON_COMPLIANT" cases?
  • [x] Are the alert messages properly formatted and consistent with the style guide?
  • [ ] Have you run the queries on OpenPilot and verified that the performance and results are acceptable?
    As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.
  • [x] Does the query have an appropriate level of in-query comments/documentation?
  • [x] Have you considered/identified possible edge cases?
  • [x] Does the query not reinvent features in the standard library?
  • [x] Can the query be simplified further (not golfed!)

knewbury01 avatar Feb 27 '24 20:02 knewbury01

The generalization of identifiers needs some further consideration, because of the increased complexity and incomplete exclusions part of the first iteration.

Possible FN are class members where a derived class member hides a base class member. It is possibly because the outer/inner scope definition for this rule doesn't mention it, but it successor in Misra C++ 23 does include that explicitly in the definition of the outer/inner scope.

this is covered in A10-2-1 - so we should be ok to not worry about this exact case?

Our hides logic now has to consider functions and their overloads. The query itself uses the strict version that requires a different scope which excludes this as problem. Not sure if we want to correct the non-strict version.

currently the only use of hides is here, where that wasnt relevant, but I omitted the overloads nonetheless, assuming that overloads are always intentional (not hiding), which I think sounds reasonable?

Given that the Misra C/C++ 23 version of this rule, rule 6.4.1 and 6.4.2, focuses solely on variables and functions, I wonder if we want to do the same here and exclude types.

done, great catch (didnt own the 23 version til this comment)

knewbury01 avatar Mar 27 '24 19:03 knewbury01

With the addition of other declarations the performance of this query has significantly decreased. My current hypothesis is that the number of declarations in the global namespace explodes the size of the getOuterScopesOfDeclaration_candidate relation.

rvermeulen avatar Apr 23 '24 19:04 rvermeulen