Merge pull request #20129 from codeqlhelper/main

C++: Static variables are initialized to zero or null by compiler
2025-12-16 16:53:25 +01:00 · 2025-08-04 13:23:45 +01:00
parent 9aebc58214 4323e6853f
commit 6925d4e564
5 changed files with 52 additions and 0 deletions
--- a/cpp/ql/src/Critical/InitialisationNotRun.ql
+++ b/cpp/ql/src/Critical/InitialisationNotRun.ql
@@ -32,9 +32,18 @@ predicate called(Function f) {
  exists(FunctionAccess fa | fa.getTarget() = f)
 }

+predicate staticWithoutDereference(GlobalVariable v) {
+  v.isStatic() and
+  not exists(VariableAccess va |
+    va = v.getAnAccess() and
+    dereferenced(va)
+  )
+}
+
 from GlobalVariable v
 where
  global(v) and
+  not staticWithoutDereference(v) and
  not exists(VariableAccess lval |
    v.getAnAccess() = lval and
    lval.isUsedAsLValue() and
--- a/cpp/ql/src/change-notes/2025-07-27-avoid-reporting-static-global-variable.md
+++ b/cpp/ql/src/change-notes/2025-07-27-avoid-reporting-static-global-variable.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The "Initialization code not run" query (`cpp/initialization-not-run`) no longer reports an alert on static global variables that has no dereference.
--- a/cpp/ql/test/query-tests/Critical/InitialisationNotRun/InitialisationNotRun.expected
+++ b/cpp/ql/test/query-tests/Critical/InitialisationNotRun/InitialisationNotRun.expected
@@ -0,0 +1,2 @@
+| test.cpp:12:16:12:17 | g1 | Initialization code for 'g1' is never run. |
+| test.cpp:14:23:14:24 | g3 | Initialization code for 'g3' is never run. |
--- a/cpp/ql/test/query-tests/Critical/InitialisationNotRun/InitialisationNotRun.qlref
+++ b/cpp/ql/test/query-tests/Critical/InitialisationNotRun/InitialisationNotRun.qlref
@@ -0,0 +1 @@
+Critical/InitialisationNotRun.ql
--- a/cpp/ql/test/query-tests/Critical/InitialisationNotRun/test.cpp
+++ b/cpp/ql/test/query-tests/Critical/InitialisationNotRun/test.cpp
@@ -0,0 +1,36 @@
+// --- stubs ---
+
+char *strcpy(char *dest, const char *src);
+
+// --- tests ---
+
+class GlobalStorage {
+public:
+    char name[1000];
+};
+
+GlobalStorage *g1; // BAD
+static GlobalStorage g2; // GOOD
+static GlobalStorage *g3; // BAD
+// static variables are initialized by compilers
+static int a;  // GOOD
+static int b = 0;  // GOOD
+
+void init() { //initializes g_storage, but is never run from main
+  g1 = new GlobalStorage();
+  g3 = new GlobalStorage();
+}
+
+void init2(int b) {
+  for (int i = 0; i < b; ++i)
+    a *= -1;
+}
+
+int main(int argc, char *argv[]) {
+	//init not called
+  strcpy(g1->name, argv[1]); // g1 is used before init() is called
+  strcpy(g2.name, argv[1]); // g2 is initialised by compiler
+  strcpy(g3->name, argv[1]);
+  b++;
+  return 0;
+}