From 58fa16a218df4273db22ed24ba795263833567e6 Mon Sep 17 00:00:00 2001 From: Michael R Fairhurst Date: Tue, 17 Sep 2024 00:16:26 +0000 Subject: [PATCH 1/6] Detect compilations with no warnings when '-w' flag is present. Gcc may be compiled to auto include warnings such as -Wformat. However, passing in `-w` will suppress the enabled format warnings. The previous query would not raise an issue, as it saw the `-Wformat` flag etc, even though if `-w` was present, causing gcc to run with no warnings enabled. --- .../CompilerWarningLevelNotInCompliance.ql | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/cpp/autosar/src/rules/A1-1-2/CompilerWarningLevelNotInCompliance.ql b/cpp/autosar/src/rules/A1-1-2/CompilerWarningLevelNotInCompliance.ql index bd98ad9162..b22ffa9e29 100644 --- a/cpp/autosar/src/rules/A1-1-2/CompilerWarningLevelNotInCompliance.ql +++ b/cpp/autosar/src/rules/A1-1-2/CompilerWarningLevelNotInCompliance.ql @@ -18,15 +18,19 @@ import cpp import codingstandards.cpp.autosar -predicate hasResponseFileArgument(Compilation c) { c.getAnArgument().matches("@%") } +class CompilationWithNoWarnings extends Compilation { + CompilationWithNoWarnings() { + getAnArgument() = "-w" + or not getAnArgument().regexpMatch("-W[\\w=-]+") + } +} -predicate hasWarningOption(Compilation c) { c.getAnArgument().regexpMatch("-W[\\w=-]+") } +predicate hasResponseFileArgument(Compilation c) { c.getAnArgument().matches("@%") } from File f where not isExcluded(f, ToolchainPackage::compilerWarningLevelNotInComplianceQuery()) and - exists(Compilation c | f = c.getAFileCompiled() | - not hasResponseFileArgument(c) and - not hasWarningOption(c) + exists(CompilationWithNoWarnings c | f = c.getAFileCompiled() | + not hasResponseFileArgument(c) ) -select f, "No warning-level options were used in the compilation of '" + f.getBaseName() + "'." +select f, "No warning-level options were used in the compilation of '" + f.getBaseName() + "'." \ No newline at end of file From 89464ce521164ce6bc3b679ddbc7f9b3b561b4f0 Mon Sep 17 00:00:00 2001 From: Michael R Fairhurst Date: Tue, 17 Sep 2024 00:42:28 +0000 Subject: [PATCH 2/6] fix formatting --- .../rules/A1-1-2/CompilerWarningLevelNotInCompliance.ql | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/cpp/autosar/src/rules/A1-1-2/CompilerWarningLevelNotInCompliance.ql b/cpp/autosar/src/rules/A1-1-2/CompilerWarningLevelNotInCompliance.ql index b22ffa9e29..f21a70e776 100644 --- a/cpp/autosar/src/rules/A1-1-2/CompilerWarningLevelNotInCompliance.ql +++ b/cpp/autosar/src/rules/A1-1-2/CompilerWarningLevelNotInCompliance.ql @@ -20,8 +20,8 @@ import codingstandards.cpp.autosar class CompilationWithNoWarnings extends Compilation { CompilationWithNoWarnings() { - getAnArgument() = "-w" - or not getAnArgument().regexpMatch("-W[\\w=-]+") + getAnArgument() = "-w" or + not getAnArgument().regexpMatch("-W[\\w=-]+") } } @@ -30,7 +30,5 @@ predicate hasResponseFileArgument(Compilation c) { c.getAnArgument().matches("@% from File f where not isExcluded(f, ToolchainPackage::compilerWarningLevelNotInComplianceQuery()) and - exists(CompilationWithNoWarnings c | f = c.getAFileCompiled() | - not hasResponseFileArgument(c) - ) + exists(CompilationWithNoWarnings c | f = c.getAFileCompiled() | not hasResponseFileArgument(c)) select f, "No warning-level options were used in the compilation of '" + f.getBaseName() + "'." \ No newline at end of file From 88872a42fa12d84337ce712245be550744f30218 Mon Sep 17 00:00:00 2001 From: Michael R Fairhurst Date: Tue, 17 Sep 2024 22:32:56 +0000 Subject: [PATCH 3/6] Update test expectations -- codeql run test expects noncompliance. --- .../CompilerWarningLevelNotInCompliance.expected | 1 + ...pilerWarningLevelNotInCompliance.expected.clang | 0 ...ompilerWarningLevelNotInCompliance.expected.gcc | 0 ...ompilerWarningLevelNotInCompliance.expected.qcc | 0 .../test/rules/A1-1-2.2/Wcast-function-type.cpp | 14 +++++++++++++- .../CompilerWarningLevelNotInCompliance.expected | 1 + ...pilerWarningLevelNotInCompliance.expected.clang | 0 ...ompilerWarningLevelNotInCompliance.expected.gcc | 0 ...ompilerWarningLevelNotInCompliance.expected.qcc | 0 cpp/autosar/test/rules/A1-1-2/Wall.cpp | 12 +++++++++++- 10 files changed, 26 insertions(+), 2 deletions(-) create mode 100644 cpp/autosar/test/rules/A1-1-2.2/CompilerWarningLevelNotInCompliance.expected.clang create mode 100644 cpp/autosar/test/rules/A1-1-2.2/CompilerWarningLevelNotInCompliance.expected.gcc create mode 100644 cpp/autosar/test/rules/A1-1-2.2/CompilerWarningLevelNotInCompliance.expected.qcc create mode 100644 cpp/autosar/test/rules/A1-1-2/CompilerWarningLevelNotInCompliance.expected.clang create mode 100644 cpp/autosar/test/rules/A1-1-2/CompilerWarningLevelNotInCompliance.expected.gcc create mode 100644 cpp/autosar/test/rules/A1-1-2/CompilerWarningLevelNotInCompliance.expected.qcc diff --git a/cpp/autosar/test/rules/A1-1-2.2/CompilerWarningLevelNotInCompliance.expected b/cpp/autosar/test/rules/A1-1-2.2/CompilerWarningLevelNotInCompliance.expected index e69de29bb2..81a5c4327e 100644 --- a/cpp/autosar/test/rules/A1-1-2.2/CompilerWarningLevelNotInCompliance.expected +++ b/cpp/autosar/test/rules/A1-1-2.2/CompilerWarningLevelNotInCompliance.expected @@ -0,0 +1 @@ +| Wcast-function-type.cpp:0:0:0:0 | Wcast-function-type.cpp | No warning-level options were used in the compilation of 'Wcast-function-type.cpp'. | diff --git a/cpp/autosar/test/rules/A1-1-2.2/CompilerWarningLevelNotInCompliance.expected.clang b/cpp/autosar/test/rules/A1-1-2.2/CompilerWarningLevelNotInCompliance.expected.clang new file mode 100644 index 0000000000..e69de29bb2 diff --git a/cpp/autosar/test/rules/A1-1-2.2/CompilerWarningLevelNotInCompliance.expected.gcc b/cpp/autosar/test/rules/A1-1-2.2/CompilerWarningLevelNotInCompliance.expected.gcc new file mode 100644 index 0000000000..e69de29bb2 diff --git a/cpp/autosar/test/rules/A1-1-2.2/CompilerWarningLevelNotInCompliance.expected.qcc b/cpp/autosar/test/rules/A1-1-2.2/CompilerWarningLevelNotInCompliance.expected.qcc new file mode 100644 index 0000000000..e69de29bb2 diff --git a/cpp/autosar/test/rules/A1-1-2.2/Wcast-function-type.cpp b/cpp/autosar/test/rules/A1-1-2.2/Wcast-function-type.cpp index f405349bbb..79e42b4039 100644 --- a/cpp/autosar/test/rules/A1-1-2.2/Wcast-function-type.cpp +++ b/cpp/autosar/test/rules/A1-1-2.2/Wcast-function-type.cpp @@ -1,2 +1,14 @@ // semmle-extractor-options: --clang -std=c++14 -Wcast-function-type -// COMPLIANT \ No newline at end of file +// COMPLIAN + +// NOTE: When tested with `codeql test run`, the test extractor provides `-w` +// which overrides `-Wcast-function-type` and causes this test case to be +// non-compliant. +// +// However, when tested with our compiler matrix tests, this test db is built +// via `codeql database create --command="..."`, and the `-w` flag will NOT be +// used. This means the `-Wcast-function-type` flag is active and the test case +// is compliant. +// +// Therefore, the .expected file for this test expects non-compliance, and the +// .expected.gcc and .expected.clang files expect this test to be compliant. \ No newline at end of file diff --git a/cpp/autosar/test/rules/A1-1-2/CompilerWarningLevelNotInCompliance.expected b/cpp/autosar/test/rules/A1-1-2/CompilerWarningLevelNotInCompliance.expected index e69de29bb2..82ff1c0c36 100644 --- a/cpp/autosar/test/rules/A1-1-2/CompilerWarningLevelNotInCompliance.expected +++ b/cpp/autosar/test/rules/A1-1-2/CompilerWarningLevelNotInCompliance.expected @@ -0,0 +1 @@ +| Wall.cpp:0:0:0:0 | Wall.cpp | No warning-level options were used in the compilation of 'Wall.cpp'. | \ No newline at end of file diff --git a/cpp/autosar/test/rules/A1-1-2/CompilerWarningLevelNotInCompliance.expected.clang b/cpp/autosar/test/rules/A1-1-2/CompilerWarningLevelNotInCompliance.expected.clang new file mode 100644 index 0000000000..e69de29bb2 diff --git a/cpp/autosar/test/rules/A1-1-2/CompilerWarningLevelNotInCompliance.expected.gcc b/cpp/autosar/test/rules/A1-1-2/CompilerWarningLevelNotInCompliance.expected.gcc new file mode 100644 index 0000000000..e69de29bb2 diff --git a/cpp/autosar/test/rules/A1-1-2/CompilerWarningLevelNotInCompliance.expected.qcc b/cpp/autosar/test/rules/A1-1-2/CompilerWarningLevelNotInCompliance.expected.qcc new file mode 100644 index 0000000000..e69de29bb2 diff --git a/cpp/autosar/test/rules/A1-1-2/Wall.cpp b/cpp/autosar/test/rules/A1-1-2/Wall.cpp index cb21e0601e..b42189a8d1 100644 --- a/cpp/autosar/test/rules/A1-1-2/Wall.cpp +++ b/cpp/autosar/test/rules/A1-1-2/Wall.cpp @@ -1,2 +1,12 @@ // semmle-extractor-options: --clang -std=c++14 -Wall -// COMPLIANT \ No newline at end of file +// COMPLIANT + +// NOTE: When tested with `codeql test run`, the test extractor provides `-w` +// which overrides `-Wall` and causes this test case to be non-compliant. +// +// However, when tested with our compiler matrix tests, this test db is built +// via `codeql database create --command="..."`, and the `-w` flag will NOT be +// used. This means the `-Wall` flag is active and the test case is compliant. +// +// Therefore, the .expected file for this test expects non-compliance, and the +// .expected.gcc and .expected.clang files expect this test to be compliant. \ No newline at end of file From 495b32e340bdb7531abdb93bab1f9a03cbe5f7cd Mon Sep 17 00:00:00 2001 From: Michael R Fairhurst Date: Wed, 18 Sep 2024 00:18:59 +0000 Subject: [PATCH 4/6] Add newline to EOF --- .../src/rules/A1-1-2/CompilerWarningLevelNotInCompliance.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/autosar/src/rules/A1-1-2/CompilerWarningLevelNotInCompliance.ql b/cpp/autosar/src/rules/A1-1-2/CompilerWarningLevelNotInCompliance.ql index f21a70e776..60efab251a 100644 --- a/cpp/autosar/src/rules/A1-1-2/CompilerWarningLevelNotInCompliance.ql +++ b/cpp/autosar/src/rules/A1-1-2/CompilerWarningLevelNotInCompliance.ql @@ -31,4 +31,4 @@ from File f where not isExcluded(f, ToolchainPackage::compilerWarningLevelNotInComplianceQuery()) and exists(CompilationWithNoWarnings c | f = c.getAFileCompiled() | not hasResponseFileArgument(c)) -select f, "No warning-level options were used in the compilation of '" + f.getBaseName() + "'." \ No newline at end of file +select f, "No warning-level options were used in the compilation of '" + f.getBaseName() + "'." From 4b821be80dff4af5f0c60762c3615b8d7f6a5ef4 Mon Sep 17 00:00:00 2001 From: Mike Fairhurst Date: Fri, 20 Sep 2024 14:35:40 -0700 Subject: [PATCH 5/6] Add changelog. --- change_notes/2024-9-20-a1-1-2-improvements.md | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 change_notes/2024-9-20-a1-1-2-improvements.md diff --git a/change_notes/2024-9-20-a1-1-2-improvements.md b/change_notes/2024-9-20-a1-1-2-improvements.md new file mode 100644 index 0000000000..25e393954b --- /dev/null +++ b/change_notes/2024-9-20-a1-1-2-improvements.md @@ -0,0 +1,2 @@ +- `A1-1-2` - `CompilerWarningLevelNotInCompliance.ql`: + - Report non-compliance for compilations that use the error-suppressing `-w` flag. From aa945830dd6dce3300ace0f27c6c09e4b3e76ba9 Mon Sep 17 00:00:00 2001 From: Mike Fairhurst Date: Fri, 20 Sep 2024 14:39:29 -0700 Subject: [PATCH 6/6] fix typo --- cpp/autosar/test/rules/A1-1-2.2/Wcast-function-type.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cpp/autosar/test/rules/A1-1-2.2/Wcast-function-type.cpp b/cpp/autosar/test/rules/A1-1-2.2/Wcast-function-type.cpp index 79e42b4039..bc48268931 100644 --- a/cpp/autosar/test/rules/A1-1-2.2/Wcast-function-type.cpp +++ b/cpp/autosar/test/rules/A1-1-2.2/Wcast-function-type.cpp @@ -1,5 +1,5 @@ // semmle-extractor-options: --clang -std=c++14 -Wcast-function-type -// COMPLIAN +// COMPLIANT // NOTE: When tested with `codeql test run`, the test extractor provides `-w` // which overrides `-Wcast-function-type` and causes this test case to be @@ -11,4 +11,4 @@ // is compliant. // // Therefore, the .expected file for this test expects non-compliance, and the -// .expected.gcc and .expected.clang files expect this test to be compliant. \ No newline at end of file +// .expected.gcc and .expected.clang files expect this test to be compliant.