Merge pull request #478 from felicity-semmle/cpp/SD-2777-jsf-note

C++: Add JSF note to qhelp for sub-set of JSF queries
2025-12-17 01:03:14 +01:00 · 2018-11-19 09:30:39 +00:00
parent 696178e6cc d4bcc1e9d4
commit 90c75cd362
11 changed files with 49 additions and 11 deletions
--- a/cpp/ql/src/Critical/NotInitialised.ql
+++ b/cpp/ql/src/Critical/NotInitialised.ql
@@ -9,9 +9,7 @@
 */
 import cpp

-// This query is the JSF version
-//
-// (see also InitialisationNotRun.ql and GlobalUseBeforeInit.ql)
+// See also InitialisationNotRun.ql and GlobalUseBeforeInit.ql

 // Holds if s defines variable v (conservative)
 predicate defines(ControlFlowNode s, Variable lv) {
--- a/cpp/ql/src/jsf/4.05
+++ b/cpp/ql/src/jsf/4.05
@@ -5,8 +5,12 @@


 <overview>
+
+<!-- Mention that this rule may not be applicable in projects that don't follow the JSF standard. -->
+<include src="cpp/jsfNote.qhelp" />
+
 <p>
-This rule finds calls to the standard library functions <code>abort, exit, getenv</code> and <code>system</code>.
+This query highlights calls to the standard library functions <code>abort, exit, getenv</code> and <code>system</code>.
 The functions <code>abort</code> and <code>exit</code> should not be called as they immediately terminate the program
 and will bypass all the normal error and exception handling routines in the software. This is especially important in
 software which is run on systems without an interactive OS, as restarting the software may require a complete reboot
--- a/cpp/ql/src/jsf/4.10
+++ b/cpp/ql/src/jsf/4.10
@@ -5,8 +5,12 @@


 <overview>
+
+<!-- Mention that this rule may not be applicable in projects that don't follow the JSF standard. -->
+<include src="cpp/jsfNote.qhelp" />
+
 <p>
-This rule ensures that all operators with opposites (e.g. == and !=) are both defined, and
+This query ensures that all operators with opposites (e.g. == and !=) are both defined, and
 that one of them is defined in terms of the other. This just enforces the consistency of meaning
 of the operators.
 </p>
--- a/cpp/ql/src/jsf/4.13
+++ b/cpp/ql/src/jsf/4.13
@@ -5,8 +5,12 @@


 <overview>
+
+<!-- Mention that this rule may not be applicable in projects that don't follow the JSF standard. -->
+<include src="cpp/jsfNote.qhelp" />
+
 <p>
-This rule finds return statements that return pointers to an object allocated on the stack. The lifetime
+This query highlights return statements that return pointers to an object allocated on the stack. The lifetime
 of a stack allocated memory location only lasts until the function returns, , and 
 the contents of that memory become undefined after that. Clearly, using a pointer to stack 
 memory after the function has already returned will have undefined results.
--- a/cpp/ql/src/jsf/4.15
+++ b/cpp/ql/src/jsf/4.15
@@ -5,8 +5,12 @@


 <overview>
+
+<!-- Mention that this rule may not be applicable in projects that don't follow the JSF standard. -->
+<include src="cpp/jsfNote.qhelp" />
+
 <p>
-This rule finds identifiers in an inner scope that hide (have the same name as) an identifier in an outer scope.
+This query highlights identifiers in an inner scope that hide (have the same name as) an identifier in an outer scope.
 This should be avoided as it can cause confusion about the actual variable being used in an expression.
 </p>

--- a/cpp/ql/src/jsf/4.15
+++ b/cpp/ql/src/jsf/4.15
@@ -5,8 +5,12 @@


 <overview>
+
+<!-- Mention that this rule may not be applicable in projects that don't follow the JSF standard. -->
+<include src="cpp/jsfNote.qhelp" />
+
 <p>
-This rule finds variables with the <code>register</code> storage class specifier. Modern compilers are now capable of
+This query highlights variables with the <code>register</code> storage class specifier. Modern compilers are now capable of
 optimal register placement, and overriding it could lead to worse performance.
 </p>

--- a/cpp/ql/src/jsf/4.17
+++ b/cpp/ql/src/jsf/4.17
@@ -5,8 +5,12 @@


 <overview>
+
+<!-- Mention that this rule may not be applicable in projects that don't follow the JSF standard. -->
+<include src="cpp/jsfNote.qhelp" />
+
 <p>
-This rule finds portions of code that can expose the floating point implementation of the underlying
+This query highlights portions of code that can expose the floating point implementation of the underlying
 machine. Manually manipulating the bits in the float is prone to mistakes and is unportable. Floating point
 implementations can vary across architectures, and bit-field packing can differ across compilers,
 making manual bit-manipulation of floats inadvisable.
--- a/cpp/ql/src/jsf/4.18
+++ b/cpp/ql/src/jsf/4.18
@@ -5,8 +5,12 @@


 <overview>
+
+<!-- Mention that this rule may not be applicable in projects that don't follow the JSF standard. -->
+<include src="cpp/jsfNote.qhelp" />
+
 <p>
-This rule finds string literals that are assigned to a non-<code>const</code> variable. String literals
+This query highlights string literals that are assigned to a non-<code>const</code> variable. String literals
 should not be changed, since they are usually stored in the data section, and depending on the architecture, 
 writing to the data section will cause undefined behavior, such as memory corruption or memory write error.
 </p>
--- a/cpp/ql/src/jsf/4.20
+++ b/cpp/ql/src/jsf/4.20
@@ -5,6 +5,10 @@


 <overview>
+
+<!-- Mention that this rule may not be applicable in projects that don't follow the JSF standard. -->
+<include src="cpp/jsfNote.qhelp" />
+
 <p>
 This rule finds bit fields with members that are not explicitly declared to be unsigned.
 The sign of plain char, short, int, or long bit field is implementation-specific, and declaring
--- a/cpp/ql/src/jsf/4.21
+++ b/cpp/ql/src/jsf/4.21
@@ -5,8 +5,12 @@


 <overview>
+
+<!-- Mention that this rule may not be applicable in projects that don't follow the JSF standard. -->
+<include src="cpp/jsfNote.qhelp" />
+
 <p>
-This rule finds unsigned values that are being negated. Behavior is undefined in such cases.
+This query finds unsigned values that are being negated. Behavior is undefined in such cases.
 Negating integer values produces the two's complement of that number, which cannot represent negative
 values of large unsigned values (values where the sign bit is used) and are most likely to be interpreted 
 as a smaller positive integer instead.
--- a/cpp/ql/src/jsf/4.24
+++ b/cpp/ql/src/jsf/4.24
@@ -4,6 +4,10 @@
 <qhelp>

 <overview>
+
+<!-- Mention that this rule may not be applicable in projects that don't follow the JSF standard. -->
+<include src="cpp/jsfNote.qhelp" />
+
 <p>Use of goto statements makes code more difficult to understand and maintain. Consequently, the use 
 of goto statements is deprecated except as a mechanism for breaking out of multiple nested loops. 
 This rule identifies any goto statements that are called directly or from a single nested loop as violations.</p>