René's URL Explorer Experiment

Title: Add `Template` query library by jeongsoolee09 · Pull Request #932 · github/codeql-coding-standards · GitHub

Open Graph Title: Add `Template` query library by jeongsoolee09 · Pull Request #932 · github/codeql-coding-standards

X Title: Add `Template` query library by jeongsoolee09 · Pull Request #932 · github/codeql-coding-standards

Description: Description Add a query library titled Template that provides definitions to help reason about templates and human-friendly alert locations. What is this? This library started its life as part of a new version of query for M-0-12 in MISRA C++. The rule was mistaken as pertaining to template usages, and thus the types here was conceived of and utilized to report usages that were thought of violating the rule. Although the definitions were pulled off the final version of the query, these are expected to be of some use in providing sensible alert locations when the pattern a query aims to find involves templates. What does it provide? Templates, when instantiated, become generated code that is only visible after they are processed. This makes tricky when the way the template is instantiated in a particular case has to be reported, and doubly so when there are some other uses of the same template that don't violate the rule. A quick and dirty way is to alert on a location in the uninstantiated template definition, but in practice this makes it tricky to trace back to the client code that instantiates the template in a way that violates the rule. To circumvent this issue, this library provides TemplateInstantiation.getAUse/0 that finds occurrences of a template call in the client code. TemplateInstantiation is a composition of three cases, class templates, function templates, and variable templates. Therefore, it is natural to explain per case the location this predicate gets us for given template instantiation. Class templates Let's assume we're expanding M-0-12, which dictates that explicitly signed or unsigned chars should only be assigned numeric values, to catch template instantiations. We may decide to consider cases like below as below as violating the rule: template class C { public: C() : x(y) {} private: unsigned char x; } void f() { C c1(); C c2(); } The first allocation of c1 does not transgress, as the member x of type unsigned char is assigned to a numeral declared as also having type unsigned char. However, when we allocate c2, the unsigned char member x gets assigned a char literal 'x' with the type char. This can be viewed as violating the rule, and we'd like to report it. But at which location should we report it? We might be tempted to use the member initialization site x(y) as the location to report on. However, it is not immediately clear which allocation between c1 and c2 causes the assignment. Instead, if we choose to alert on the use of C type name on top of the assignment, possibly as a clickable location in the alert message, then it becomes much more helpful for the user to identify the problem. This library enables the first part, to get the type name use, with TemplateInstantiation.getAUse/0. Function templates The story here is not so different from the class templates'. Consider this example: template void g(T y) { unsigned char y = x; } void f() { unsigned char x1 = 1; char x2 = 'x'; g(x1); g(x2); } Only the second call makes a char literal to be assigned to an unsigned char. Again, it is much more helpful when we provide the call site (g(x2)) on top of where the problematic assignment takes place (in the body of g). TemplateInstantiation.getAUse/0 gets the function call g(x2) in the above example. Variable templates Variable template is the most straightforward one out of the three kinds, and the only case where the predicate does not get a different location. This is because instantiation is the use site in the case of variable templates. template T v1; void instantiateTemplateVariables() { v1 = 1; v2 = 'x'; } Given the above example, the predicate gets v2. Call for discussion There are some potential use cases of this library that can enhance result reporting for some queries. The reviewer is recommended to think of ones that might benefit from making use of this library. Change request type Release or process automation (GitHub workflows, internal scripts) Internal documentation External documentation Query files (.ql, .qll, .qls or unit tests) External scripts (analysis report or other code shipped as part of a release) Rules with added or modified queries No rules added Queries have been added for the following rules: rule number here Queries have been modified for the following rules: rule number here Release change checklist A change note (development_handbook.md#change-notes) is required for any pull request which modifies: The structure or layout of the release artifacts. The evaluation performance (memory, execution time) of an existing query. The results of an existing query in any circumstance. If you are only adding new rule queries, a change note is not required. Author: Is a change note required? Yes No 🚨🚨🚨 Reviewer: Confirm that format of shared queries (not the .qll file, the .ql file that imports it) is valid by running them within VS Code. Confirmed Reviewer: Confirm that either a change note is not required or the change note is required and has been added. Confirmed Query development review checklist For PRs that add new queries or modify existing queries, the following checklist should be completed by both the author and reviewer: Author Have all the relevant rule package description files been checked in? Have you verified that the metadata properties of each new query is set appropriately? Do all the unit tests contain both "COMPLIANT" and "NON_COMPLIANT" cases? Are the alert messages properly formatted and consistent with the style guide? Have you run the queries on OpenPilot and verified that the performance and results are acceptable?As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process. Does the query have an appropriate level of in-query comments/documentation? Have you considered/identified possible edge cases? Does the query not reinvent features in the standard library? Can the query be simplified further (not golfed!) Reviewer Have all the relevant rule package description files been checked in? Have you verified that the metadata properties of each new query is set appropriately? Do all the unit tests contain both "COMPLIANT" and "NON_COMPLIANT" cases? Are the alert messages properly formatted and consistent with the style guide? Have you run the queries on OpenPilot and verified that the performance and results are acceptable?As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process. Does the query have an appropriate level of in-query comments/documentation? Have you considered/identified possible edge cases? Does the query not reinvent features in the standard library? Can the query be simplified further (not golfed!)

Open Graph Description: Description Add a query library titled Template that provides definitions to help reason about templates and human-friendly alert locations. What is this? This library started its life as part of a...

X Description: Description Add a query library titled Template that provides definitions to help reason about templates and human-friendly alert locations. What is this? This library started its life as part of a...

Opengraph URL: https://github.com/github/codeql-coding-standards/pull/932

X: @github

direct link

Domain: github.com

Links:

Viewport: width=device-width