codeql-coding-standards icon indicating copy to clipboard operation
codeql-coding-standards copied to clipboard
verified publisher icon github

Add support for MISRA-C Rule 6.3

Open MichaelRFairhurst opened this issue 1 year ago • 1 comments

Description

please enter the description of your change here

Change request type

  • [ ] Release or process automation (GitHub workflows, internal scripts)
  • [ ] Internal documentation
  • [ ] External documentation
  • [x] Query files (.ql, .qll, .qls or unit tests)
  • [ ] External scripts (analysis report or other code shipped as part of a release)

Rules with added or modified queries

  • [ ] No rules added
  • [x] Queries have been added for the following rules:
    • RULE-6-3
  • [ ] Queries have been modified for the following rules:
    • rule number here

Release change checklist

A change note (development_handbook.md#change-notes) is required for any pull request which modifies:

  • The structure or layout of the release artifacts.
  • The evaluation performance (memory, execution time) of an existing query.
  • The results of an existing query in any circumstance.

If you are only adding new rule queries, a change note is not required.

Author: Is a change note required?

  • [ ] Yes
  • [x] No

🚨🚨🚨 Reviewer: Confirm that format of shared queries (not the .qll file, the .ql file that imports it) is valid by running them within VS Code.

  • [ ] Confirmed

Reviewer: Confirm that either a change note is not required or the change note is required and has been added.

  • [ ] Confirmed

Query development review checklist

For PRs that add new queries or modify existing queries, the following checklist should be completed by both the author and reviewer:

Author

  • [x] Have all the relevant rule package description files been checked in?
  • [x] Have you verified that the metadata properties of each new query is set appropriately?
  • [x] Do all the unit tests contain both "COMPLIANT" and "NON_COMPLIANT" cases?
  • [x] Are the alert messages properly formatted and consistent with the style guide?
  • [x] Have you run the queries on OpenPilot and verified that the performance and results are acceptable?
    As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.
  • [x] Does the query have an appropriate level of in-query comments/documentation?
  • [x] Have you considered/identified possible edge cases?
  • [x] Does the query not reinvent features in the standard library?
  • [x] Can the query be simplified further (not golfed!)

Reviewer

  • [ ] Have all the relevant rule package description files been checked in?
  • [ ] Have you verified that the metadata properties of each new query is set appropriately?
  • [ ] Do all the unit tests contain both "COMPLIANT" and "NON_COMPLIANT" cases?
  • [ ] Are the alert messages properly formatted and consistent with the style guide?
  • [ ] Have you run the queries on OpenPilot and verified that the performance and results are acceptable?
    As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.
  • [ ] Does the query have an appropriate level of in-query comments/documentation?
  • [ ] Have you considered/identified possible edge cases?
  • [ ] Does the query not reinvent features in the standard library?
  • [ ] Can the query be simplified further (not golfed!)

MichaelRFairhurst avatar Sep 20 '24 18:09 MichaelRFairhurst

Tested with MRVA, it finds two issues.

  1. this appears to be a validly flagged example of relying on implementation-specific behavior.

  2. this macro -- resulting in dozens of reports, not worth handling here but further evidence for the value of a parameterized module to handle this -- which seems like a reasonable way of ensuring 64bit union size. I think this by rule text (and, to a lesser extent, rule intent as well?) this declaration is non compliant and correctly flagged.

MichaelRFairhurst avatar Sep 20 '24 19:09 MichaelRFairhurst

Tested with MRVA, it finds two issues.

this appears to be a validly flagged example of relying on implementation-specific behavior.

this macro -- resulting in dozens of reports, not worth handling here but further evidence for the value of a parameterized module to handle this -- which seems like a reasonable way of ensuring 64bit union size. I think this by rule text (and, to a lesser extent, rule intent as well?) this declaration is non compliant and correctly flagged

Agree on all those points 👍

lcartey avatar Sep 25 '24 16:09 lcartey