Merge pull request #532 from geoffw0/query-tags-3

CPP: Query Tags 3 (JPL_C queries)
2026-04-29 18:55:14 +02:00 · 2018-11-30 15:45:01 +01:00
parent ca72c8ebfe 1232694340
commit 60076cb734
49 changed files with 216 additions and 24 deletions
--- a/03/ExitNonterminatingLoop.ql
+++ b/03/ExitNonterminatingLoop.ql
@@ -4,6 +4,8 @@
 * @kind problem
 * @id cpp/jpl-c/exit-nonterminating-loop
 * @problem.severity warning
+ * @tags correctness
+ *       external/jpl
 */

 import cpp
--- a/cpp/ql/src/JPL_C/LOC-2/Rule
+++ b/cpp/ql/src/JPL_C/LOC-2/Rule
@@ -5,6 +5,8 @@
 * @kind problem
 * @id cpp/jpl-c/loop-bounds
 * @problem.severity warning
+ * @tags correctness
+ *       external/jpl
 */

 import cpp
--- a/cpp/ql/src/JPL_C/LOC-2/Rule
+++ b/cpp/ql/src/JPL_C/LOC-2/Rule
@@ -4,6 +4,10 @@
 * @kind problem
 * @id cpp/jpl-c/recursion
 * @problem.severity warning
+ * @tags maintainability
+ *       readability
+ *       testability
+ *       external/jpl
 */

 import cpp
--- a/cpp/ql/src/JPL_C/LOC-2/Rule
+++ b/cpp/ql/src/JPL_C/LOC-2/Rule
@@ -3,7 +3,9 @@
 * @description Dynamic memory allocation (using malloc() or calloc()) should be confined to the initialization routines of a program.
 * @kind problem
 * @id cpp/jpl-c/heap-memory
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags resources
+ *       external/jpl
 */

 import cpp
--- a/cpp/ql/src/JPL_C/LOC-2/Rule
+++ b/cpp/ql/src/JPL_C/LOC-2/Rule
@@ -4,6 +4,9 @@
 * @kind problem
 * @id cpp/jpl-c/thread-safety
 * @problem.severity warning
+ * @tags correctness
+ *       concurrency
+ *       external/jpl
 */

 import cpp
--- a/09/AvoidNestedSemaphores.ql
+++ b/09/AvoidNestedSemaphores.ql
@@ -4,6 +4,9 @@
 * @kind problem
 * @id cpp/jpl-c/avoid-nested-semaphores
 * @problem.severity warning
+ * @tags correctness
+ *       concurrency
+ *       external/jpl
 */

 import Semaphores
--- a/cpp/ql/src/JPL_C/LOC-2/Rule
+++ b/cpp/ql/src/JPL_C/LOC-2/Rule
@@ -3,7 +3,9 @@
 * @description The use of semaphores or locks to access shared data should be avoided.
 * @kind problem
 * @id cpp/jpl-c/avoid-semaphores
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags concurrency
+ *       external/jpl
 */

 import Semaphores
--- a/cpp/ql/src/JPL_C/LOC-2/Rule
+++ b/cpp/ql/src/JPL_C/LOC-2/Rule
@@ -4,6 +4,9 @@
 * @kind problem
 * @id cpp/jpl-c/out-of-order-locks
 * @problem.severity warning
+ * @tags correctness
+ *       concurrency
+ *       external/jpl
 */

 import Semaphores
--- a/09/ReleaseLocksWhenAcquired.ql
+++ b/09/ReleaseLocksWhenAcquired.ql
@@ -4,6 +4,9 @@
 * @kind problem
 * @id cpp/jpl-c/release-locks-when-acquired
 * @problem.severity warning
+ * @tags correctness
+ *       concurrency
+ *       external/jpl
 */

 import Semaphores
--- a/11/SimpleControlFlowGoto.ql
+++ b/11/SimpleControlFlowGoto.ql
@@ -4,6 +4,9 @@
 * @kind problem
 * @id cpp/jpl-c/simple-control-flow-goto
 * @problem.severity warning
+ * @tags maintainability
+ *       readability
+ *       external/jpl
 */

 import cpp
--- a/cpp/ql/src/JPL_C/LOC-2/Rule
+++ b/cpp/ql/src/JPL_C/LOC-2/Rule
@@ -4,6 +4,10 @@
 * @kind problem
 * @id cpp/jpl-c/simple-control-flow-jmp
 * @problem.severity warning
+ * @tags correctness
+ *       portability
+ *       readability
+ *       external/jpl
 */

 import cpp
--- a/cpp/ql/src/JPL_C/LOC-2/Rule
+++ b/cpp/ql/src/JPL_C/LOC-2/Rule
@@ -3,7 +3,10 @@
 * @description In an enumerator list, the = construct should not be used to explicitly initialize members other than the first, unless all items are explicitly initialized. An exception is the pattern to use the last element of an enumerator list to get the number of possible values.
 * @kind problem
 * @id cpp/jpl-c/enum-initialization
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       readability
+ *       external/jpl
 */
 import cpp

--- a/cpp/ql/src/JPL_C/LOC-3/Rule
+++ b/cpp/ql/src/JPL_C/LOC-3/Rule
@@ -4,6 +4,8 @@
 * @kind problem
 * @id cpp/jpl-c/extern-decls-in-header
 * @problem.severity warning
+ * @tags maintainability
+ *       external/jpl
 */

 import cpp
--- a/cpp/ql/src/JPL_C/LOC-3/Rule
+++ b/cpp/ql/src/JPL_C/LOC-3/Rule
@@ -3,7 +3,11 @@
 * @description Global variables that are not accessed outside their own file should be made static to promote information hiding.
 * @kind problem
 * @id cpp/jpl-c/limited-scope-file
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @precision low
+ * @tags maintainability
+ *       modularity
+ *       external/jpl
 */

 import cpp
--- a/cpp/ql/src/JPL_C/LOC-3/Rule
+++ b/cpp/ql/src/JPL_C/LOC-3/Rule
@@ -3,7 +3,10 @@
 * @description Global and file-scope variables that are accessed by only one function should be scoped within that function.
 * @kind problem
 * @id cpp/jpl-c/limited-scope-function
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @precision low
+ * @tags maintainability
+ *       external/jpl
 */

 import cpp
--- a/13/LimitedScopeLocalHidesGlobal.ql
+++ b/13/LimitedScopeLocalHidesGlobal.ql
@@ -3,7 +3,10 @@
 * @description A local variable or parameter that hides a global variable of the same name.
 * @kind problem
 * @id cpp/jpl-c/limited-scope-local-hides-global
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       readability
+ *       external/jpl
 */
 import cpp

--- a/cpp/ql/src/JPL_C/LOC-3/Rule
+++ b/cpp/ql/src/JPL_C/LOC-3/Rule
@@ -4,6 +4,9 @@
 * @kind problem
 * @id cpp/jpl-c/checking-return-values
 * @problem.severity warning
+ * @tags correctness
+ *       reliability
+ *       external/jpl
 */

 import cpp
--- a/15/CheckingParameterValues.ql
+++ b/15/CheckingParameterValues.ql
@@ -4,6 +4,9 @@
 * @kind problem
 * @id cpp/jpl-c/checking-parameter-values
 * @problem.severity warning
+ * @tags correctness
+ *       reliability
+ *       external/jpl
 */

 import JPL_C.Tasks
--- a/16/UseOfAssertionsConstant.ql
+++ b/16/UseOfAssertionsConstant.ql
@@ -4,6 +4,9 @@
 * @kind problem
 * @id cpp/jpl-c/use-of-assertions-constant
 * @problem.severity warning
+ * @tags maintainability
+ *       reliability
+ *       external/jpl
 */

 import semmle.code.cpp.commons.Assertions
--- a/16/UseOfAssertionsDensity.ql
+++ b/16/UseOfAssertionsDensity.ql
@@ -3,7 +3,10 @@
 * @description All functions of more than 10 lines should have at least one assertion.
 * @kind problem
 * @id cpp/jpl-c/use-of-assertions-density
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       reliability
+ *       external/jpl
 */

 import semmle.code.cpp.commons.Assertions
--- a/16/UseOfAssertionsNonBoolean.ql
+++ b/16/UseOfAssertionsNonBoolean.ql
@@ -4,6 +4,8 @@
 * @kind problem
 * @id cpp/jpl-c/use-of-assertions-non-boolean
 * @problem.severity warning
+ * @tags correctness
+ *       external/jpl
 */

 import semmle.code.cpp.commons.Assertions
--- a/16/UseOfAssertionsSideEffect.ql
+++ b/16/UseOfAssertionsSideEffect.ql
@@ -4,6 +4,8 @@
 * @kind problem
 * @id cpp/jpl-c/use-of-assertions-side-effect
 * @problem.severity warning
+ * @tags correctness
+ *       external/jpl
 */

 import semmle.code.cpp.commons.Assertions
--- a/cpp/ql/src/JPL_C/LOC-3/Rule
+++ b/cpp/ql/src/JPL_C/LOC-3/Rule
@@ -3,7 +3,10 @@
 * @description Typedefs that indicate size and signedness should be used in place of the basic types.
 * @kind problem
 * @id cpp/jpl-c/basic-int-types
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       readability
+ *       external/jpl
 */

 import cpp
--- a/cpp/ql/src/JPL_C/LOC-3/Rule
+++ b/cpp/ql/src/JPL_C/LOC-3/Rule
@@ -3,7 +3,10 @@
 * @description In compound expressions with multiple sub-expressions the intended order of evaluation shall be made explicit with parentheses.
 * @kind problem
 * @id cpp/jpl-c/compound-expressions
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       readability
+ *       external/jpl
 */

 import cpp
--- a/cpp/ql/src/JPL_C/LOC-3/Rule
+++ b/cpp/ql/src/JPL_C/LOC-3/Rule
@@ -4,6 +4,9 @@
 * @kind problem
 * @id cpp/jpl-c/no-boolean-side-effects
 * @problem.severity warning
+ * @tags correctness
+ *       readability
+ *       external/jpl
 */

 import cpp
--- a/cpp/ql/src/JPL_C/LOC-4/Rule
+++ b/cpp/ql/src/JPL_C/LOC-4/Rule
@@ -3,7 +3,10 @@
 * @description The use of the preprocessor must be limited to inclusion of header files and simple macro definitions.
 * @kind problem
 * @id cpp/jpl-c/preprocessor-use
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       readability
+ *       external/jpl
 */

 import cpp
--- a/cpp/ql/src/JPL_C/LOC-4/Rule
+++ b/cpp/ql/src/JPL_C/LOC-4/Rule
@@ -3,7 +3,10 @@
 * @description The use of conditional compilation directives must be kept to a minimum -- e.g. for header guards only.
 * @kind problem
 * @id cpp/jpl-c/preprocessor-use-ifdef
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       readability
+ *       external/jpl
 */

 import cpp
--- a/20/PreprocessorUsePartial.ql
+++ b/20/PreprocessorUsePartial.ql
@@ -3,7 +3,10 @@
 * @description Macros must expand to complete syntactic units -- "#define MY_IF if(" is not legal.
 * @kind problem
 * @id cpp/jpl-c/preprocessor-use-partial
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       readability
+ *       external/jpl
 */

 import cpp
--- a/20/PreprocessorUseUndisciplined.ql
+++ b/20/PreprocessorUseUndisciplined.ql
@@ -3,7 +3,10 @@
 * @description Macros are not allowed to use complex preprocessor features like variable argument lists and token pasting.
 * @kind problem
 * @id cpp/jpl-c/preprocessor-use-undisciplined
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       readability
+ *       external/jpl
 */

 import cpp
--- a/cpp/ql/src/JPL_C/LOC-4/Rule
+++ b/cpp/ql/src/JPL_C/LOC-4/Rule
@@ -3,7 +3,10 @@
 * @description Macros shall not be #define'd within a function or a block.
 * @kind problem
 * @id cpp/jpl-c/macro-in-block
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       readability
+ *       external/jpl
 */

 import cpp
--- a/cpp/ql/src/JPL_C/LOC-4/Rule
+++ b/cpp/ql/src/JPL_C/LOC-4/Rule
@@ -3,7 +3,10 @@
 * @description #undef shall not be used.
 * @kind problem
 * @id cpp/jpl-c/use-of-undef
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       readability
+ *       external/jpl
 */

 import cpp
--- a/cpp/ql/src/JPL_C/LOC-4/Rule
+++ b/cpp/ql/src/JPL_C/LOC-4/Rule
@@ -4,6 +4,9 @@
 * @kind problem
 * @id cpp/jpl-c/mismatched-ifdefs
 * @problem.severity warning
+ * @tags maintainability
+ *       readability
+ *       external/jpl
 */

 import cpp
--- a/cpp/ql/src/JPL_C/LOC-4/Rule
+++ b/cpp/ql/src/JPL_C/LOC-4/Rule
@@ -3,7 +3,10 @@
 * @description Putting more than one statement on a single line hinders program understanding.
 * @kind problem
 * @id cpp/jpl-c/multiple-stmts-per-line
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       readability
+ *       external/jpl
 */

 import cpp
--- a/24/MultipleVarDeclsPerLine.ql
+++ b/24/MultipleVarDeclsPerLine.ql
@@ -3,7 +3,10 @@
 * @description There should be no more than one variable declaration per line.
 * @kind problem
 * @id cpp/jpl-c/multiple-var-decls-per-line
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       readability
+ *       external/jpl
 */

 import cpp
--- a/cpp/ql/src/JPL_C/LOC-4/Rule
+++ b/cpp/ql/src/JPL_C/LOC-4/Rule
@@ -3,7 +3,10 @@
 * @description Function length should be limited to what can be printed on a single sheet of paper (60 lines). Number of parameters is limited to 6 or fewer.
 * @kind problem
 * @id cpp/jpl-c/function-size-limits
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       readability
+ *       external/jpl
 */

 import cpp
--- a/26/DeclarationPointerNesting.ql
+++ b/26/DeclarationPointerNesting.ql
@@ -3,7 +3,10 @@
 * @description The declaration of an object should contain no more than two levels of indirection.
 * @kind problem
 * @id cpp/jpl-c/declaration-pointer-nesting
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       readability
+ *       external/jpl
 */

 import cpp
--- a/27/PointerDereferenceInStmt.ql
+++ b/27/PointerDereferenceInStmt.ql
@@ -3,7 +3,10 @@
 * @description Statements should contain no more than two levels of dereferencing per object.
 * @kind problem
 * @id cpp/jpl-c/pointer-dereference-in-stmt
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       readability
+ *       external/jpl
 */

 import cpp
--- a/28/HiddenPointerDereferenceMacro.ql
+++ b/28/HiddenPointerDereferenceMacro.ql
@@ -3,7 +3,10 @@
 * @description Pointer dereference operations should not be hidden in macro definitions.
 * @kind problem
 * @id cpp/jpl-c/hidden-pointer-dereference-macro
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       readability
+ *       external/jpl
 */

 import cpp
--- a/28/HiddenPointerIndirectionTypedef.ql
+++ b/28/HiddenPointerIndirectionTypedef.ql
@@ -3,7 +3,10 @@
 * @description Pointer indirection may not be hidden by typedefs -- "typedef int* IntPtr;" is not allowed.
 * @kind problem
 * @id cpp/jpl-c/hidden-pointer-indirection-typedef
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       readability
+ *       external/jpl
 */

 import cpp
--- a/29/NonConstFunctionPointer.ql
+++ b/29/NonConstFunctionPointer.ql
@@ -3,7 +3,11 @@
 * @description Non-constant pointers to functions should not be used.
 * @kind problem
 * @id cpp/jpl-c/non-const-function-pointer
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @precision low
+ * @tags maintainability
+ *       readability
+ *       external/jpl
 */

 import cpp
--- a/30/FunctionPointerConversions.ql
+++ b/30/FunctionPointerConversions.ql
@@ -4,6 +4,9 @@
 * @kind problem
 * @id cpp/jpl-c/function-pointer-conversions
 * @problem.severity warning
+ * @precision low
+ * @tags correctness
+ *       external/jpl
 */

 import cpp
--- a/cpp/ql/src/JPL_C/LOC-4/Rule
+++ b/cpp/ql/src/JPL_C/LOC-4/Rule
@@ -3,7 +3,10 @@
 * @description #include directives in a file shall only be preceded by other preprocessor directives or comments.
 * @kind problem
 * @id cpp/jpl-c/includes-first
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       readability
+ *       external/jpl
 */

 import cpp
--- a/cpp/ql/src/external/DuplicateBlock.ql
+++ b/cpp/ql/src/external/DuplicateBlock.ql
@@ -4,6 +4,11 @@
 * @kind problem
 * @id cpp/duplicate-block
 * @problem.severity recommendation
+ * @precision medium
+ * @tags testability
+ *       maintainability
+ *       duplicate-code
+ *       non-attributable
 */
 import CodeDuplication

--- a/29/NonConstFunctionPointer/NonConstFunctionPointer.expected
+++ b/29/NonConstFunctionPointer/NonConstFunctionPointer.expected
@@ -0,0 +1,3 @@
+| test.c:18:2:18:10 | call to expression | This call does not go through a const function pointer. |
+| test.c:19:2:19:10 | call to expression | This call does not go through a const function pointer. |
+| test.c:20:2:20:10 | call to expression | This call does not go through a const function pointer. |
--- a/29/NonConstFunctionPointer/NonConstFunctionPointer.qlref
+++ b/29/NonConstFunctionPointer/NonConstFunctionPointer.qlref
@@ -0,0 +1 @@
+JPL_C/LOC-4/Rule 29/NonConstFunctionPointer.ql
--- a/cpp/ql/test/query-tests/JPL_C/LOC-4/Rule
+++ b/cpp/ql/test/query-tests/JPL_C/LOC-4/Rule
@@ -0,0 +1,21 @@
+// test.c
+
+void myFunc1();
+void myFunc2();
+
+typedef void (*voidFunPointer)();
+
+void test()
+{
+	void (*funPtr1)() = &myFunc1;
+	const void (*funPtr2)() = &myFunc1;
+	const voidFunPointer funPtr3 = &myFunc1;
+
+	funPtr1 = &myFunc2;
+	funPtr2 = &myFunc2;
+	//funPtr3 = &myFunc2; --- this would be a compilation error
+
+	funPtr1(); // BAD
+	funPtr2(); // BAD
+	funPtr3(); // GOOD [FALSE POSITIVE]
+}
--- a/30/FunctionPointerConversions/FunctionPointerConversions.expected
+++ b/30/FunctionPointerConversions/FunctionPointerConversions.expected
@@ -0,0 +1,6 @@
+| test.c:11:16:11:23 | & ... | Function pointer converted to int *, which is not an integral type. |
+| test.c:12:18:12:25 | & ... | Function pointer converted to void *, which is not an integral type. |
+| test.c:17:11:17:17 | funPtr1 | Function pointer converted to int *, which is not an integral type. |
+| test.c:18:12:18:18 | funPtr1 | Function pointer converted to void *, which is not an integral type. |
+| test.c:29:18:29:24 | funPtr1 | Function pointer converted to int *, which is not an integral type. |
+| test.c:30:20:30:26 | funPtr1 | Function pointer converted to void *, which is not an integral type. |
--- a/30/FunctionPointerConversions/FunctionPointerConversions.qlref
+++ b/30/FunctionPointerConversions/FunctionPointerConversions.qlref
@@ -0,0 +1 @@
+JPL_C/LOC-4/Rule 30/FunctionPointerConversions.ql
--- a/cpp/ql/test/query-tests/JPL_C/LOC-4/Rule
+++ b/cpp/ql/test/query-tests/JPL_C/LOC-4/Rule
@@ -0,0 +1,32 @@
+// test.c
+
+void myFunc1();
+
+typedef void (*voidFunPtr)();
+
+void test()
+{
+	void (*funPtr1)() = &myFunc1; // GOOD
+	voidFunPtr funPtr2 = &myFunc1; // GOOD
+	int *intPtr = &myFunc1; // BAD (function pointer -> int pointer)
+	void *voidPtr = &myFunc1; // BAD (function pointer -> void pointer)
+	int i = &myFunc1; // GOOD (permitted)
+
+	funPtr1 = funPtr1; // GOOD
+	funPtr2 = funPtr1; // GOOD
+	intPtr = funPtr1; // BAD (function pointer -> int pointer)
+	voidPtr = funPtr1; // BAD (function pointer -> void pointer)
+	i = funPtr1; // GOOD (permitted)
+
+	funPtr1 = funPtr2; // GOOD
+	funPtr2 = funPtr2; // GOOD
+	intPtr = funPtr2; // BAD (function pointer -> int pointer) [NOT DETECTED]
+	voidPtr = funPtr2; // BAD (function pointer -> void pointer) [NOT DETECTED]
+	i = funPtr2; // GOOD (permitted)
+
+	funPtr1 = (void (*)())funPtr1; // GOOD
+	funPtr2 = (voidFunPtr)funPtr1; // GOOD
+	intPtr = (int *)funPtr1; // BAD (function pointer -> int pointer)
+	voidPtr = (void *)funPtr1; // BAD (function pointer -> void pointer)
+	i = (int)funPtr1; // GOOD (permitted)
+}
				`@@ -0,0 +1 @@`
				`JPL_C/LOC-4/Rule 29/NonConstFunctionPointer.ql`
				`@@ -0,0 +1 @@`
				`JPL_C/LOC-4/Rule 30/FunctionPointerConversions.ql`