From 83790c9365e0ed042c7078588754b96ac673d53e Mon Sep 17 00:00:00 2001 From: Michael R Fairhurst Date: Tue, 17 Sep 2024 00:16:26 +0000 Subject: [PATCH 1/4] Detect compilations with no warnings when '-w' flag is present. Gcc may be compiled to auto include warnings such as -Wformat. However, passing in `-w` will suppress the enabled format warnings. The previous query would not raise an issue, as it saw the `-Wformat` flag etc, even though if `-w` was present, causing gcc to run with no warnings enabled. --- .../CompilerWarningLevelNotInCompliance.ql | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/cpp/autosar/src/rules/A1-1-2/CompilerWarningLevelNotInCompliance.ql b/cpp/autosar/src/rules/A1-1-2/CompilerWarningLevelNotInCompliance.ql index bd98ad9162..b22ffa9e29 100644 --- a/cpp/autosar/src/rules/A1-1-2/CompilerWarningLevelNotInCompliance.ql +++ b/cpp/autosar/src/rules/A1-1-2/CompilerWarningLevelNotInCompliance.ql @@ -18,15 +18,19 @@ import cpp import codingstandards.cpp.autosar -predicate hasResponseFileArgument(Compilation c) { c.getAnArgument().matches("@%") } +class CompilationWithNoWarnings extends Compilation { + CompilationWithNoWarnings() { + getAnArgument() = "-w" + or not getAnArgument().regexpMatch("-W[\\w=-]+") + } +} -predicate hasWarningOption(Compilation c) { c.getAnArgument().regexpMatch("-W[\\w=-]+") } +predicate hasResponseFileArgument(Compilation c) { c.getAnArgument().matches("@%") } from File f where not isExcluded(f, ToolchainPackage::compilerWarningLevelNotInComplianceQuery()) and - exists(Compilation c | f = c.getAFileCompiled() | - not hasResponseFileArgument(c) and - not hasWarningOption(c) + exists(CompilationWithNoWarnings c | f = c.getAFileCompiled() | + not hasResponseFileArgument(c) ) -select f, "No warning-level options were used in the compilation of '" + f.getBaseName() + "'." +select f, "No warning-level options were used in the compilation of '" + f.getBaseName() + "'." \ No newline at end of file From 8a1d089b6959c26d1b75dfb47825d592c9dcc561 Mon Sep 17 00:00:00 2001 From: Michael R Fairhurst Date: Tue, 17 Sep 2024 00:42:28 +0000 Subject: [PATCH 2/4] fix formatting --- .../rules/A1-1-2/CompilerWarningLevelNotInCompliance.ql | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/cpp/autosar/src/rules/A1-1-2/CompilerWarningLevelNotInCompliance.ql b/cpp/autosar/src/rules/A1-1-2/CompilerWarningLevelNotInCompliance.ql index b22ffa9e29..f21a70e776 100644 --- a/cpp/autosar/src/rules/A1-1-2/CompilerWarningLevelNotInCompliance.ql +++ b/cpp/autosar/src/rules/A1-1-2/CompilerWarningLevelNotInCompliance.ql @@ -20,8 +20,8 @@ import codingstandards.cpp.autosar class CompilationWithNoWarnings extends Compilation { CompilationWithNoWarnings() { - getAnArgument() = "-w" - or not getAnArgument().regexpMatch("-W[\\w=-]+") + getAnArgument() = "-w" or + not getAnArgument().regexpMatch("-W[\\w=-]+") } } @@ -30,7 +30,5 @@ predicate hasResponseFileArgument(Compilation c) { c.getAnArgument().matches("@% from File f where not isExcluded(f, ToolchainPackage::compilerWarningLevelNotInComplianceQuery()) and - exists(CompilationWithNoWarnings c | f = c.getAFileCompiled() | - not hasResponseFileArgument(c) - ) + exists(CompilationWithNoWarnings c | f = c.getAFileCompiled() | not hasResponseFileArgument(c)) select f, "No warning-level options were used in the compilation of '" + f.getBaseName() + "'." \ No newline at end of file From e60c4f0a916c8e7bb2a213f3e7e8c2647f643a90 Mon Sep 17 00:00:00 2001 From: Michael R Fairhurst Date: Tue, 17 Sep 2024 22:32:56 +0000 Subject: [PATCH 3/4] Update test expectations -- codeql run test expects noncompliance. --- .../CompilerWarningLevelNotInCompliance.expected | 1 + ...pilerWarningLevelNotInCompliance.expected.clang | 0 ...ompilerWarningLevelNotInCompliance.expected.gcc | 0 ...ompilerWarningLevelNotInCompliance.expected.qcc | 0 .../test/rules/A1-1-2.2/Wcast-function-type.cpp | 14 +++++++++++++- .../CompilerWarningLevelNotInCompliance.expected | 1 + ...pilerWarningLevelNotInCompliance.expected.clang | 0 ...ompilerWarningLevelNotInCompliance.expected.gcc | 0 ...ompilerWarningLevelNotInCompliance.expected.qcc | 0 cpp/autosar/test/rules/A1-1-2/Wall.cpp | 12 +++++++++++- 10 files changed, 26 insertions(+), 2 deletions(-) create mode 100644 cpp/autosar/test/rules/A1-1-2.2/CompilerWarningLevelNotInCompliance.expected.clang create mode 100644 cpp/autosar/test/rules/A1-1-2.2/CompilerWarningLevelNotInCompliance.expected.gcc create mode 100644 cpp/autosar/test/rules/A1-1-2.2/CompilerWarningLevelNotInCompliance.expected.qcc create mode 100644 cpp/autosar/test/rules/A1-1-2/CompilerWarningLevelNotInCompliance.expected.clang create mode 100644 cpp/autosar/test/rules/A1-1-2/CompilerWarningLevelNotInCompliance.expected.gcc create mode 100644 cpp/autosar/test/rules/A1-1-2/CompilerWarningLevelNotInCompliance.expected.qcc diff --git a/cpp/autosar/test/rules/A1-1-2.2/CompilerWarningLevelNotInCompliance.expected b/cpp/autosar/test/rules/A1-1-2.2/CompilerWarningLevelNotInCompliance.expected index e69de29bb2..81a5c4327e 100644 --- a/cpp/autosar/test/rules/A1-1-2.2/CompilerWarningLevelNotInCompliance.expected +++ b/cpp/autosar/test/rules/A1-1-2.2/CompilerWarningLevelNotInCompliance.expected @@ -0,0 +1 @@ +| Wcast-function-type.cpp:0:0:0:0 | Wcast-function-type.cpp | No warning-level options were used in the compilation of 'Wcast-function-type.cpp'. | diff --git a/cpp/autosar/test/rules/A1-1-2.2/CompilerWarningLevelNotInCompliance.expected.clang b/cpp/autosar/test/rules/A1-1-2.2/CompilerWarningLevelNotInCompliance.expected.clang new file mode 100644 index 0000000000..e69de29bb2 diff --git a/cpp/autosar/test/rules/A1-1-2.2/CompilerWarningLevelNotInCompliance.expected.gcc b/cpp/autosar/test/rules/A1-1-2.2/CompilerWarningLevelNotInCompliance.expected.gcc new file mode 100644 index 0000000000..e69de29bb2 diff --git a/cpp/autosar/test/rules/A1-1-2.2/CompilerWarningLevelNotInCompliance.expected.qcc b/cpp/autosar/test/rules/A1-1-2.2/CompilerWarningLevelNotInCompliance.expected.qcc new file mode 100644 index 0000000000..e69de29bb2 diff --git a/cpp/autosar/test/rules/A1-1-2.2/Wcast-function-type.cpp b/cpp/autosar/test/rules/A1-1-2.2/Wcast-function-type.cpp index f405349bbb..79e42b4039 100644 --- a/cpp/autosar/test/rules/A1-1-2.2/Wcast-function-type.cpp +++ b/cpp/autosar/test/rules/A1-1-2.2/Wcast-function-type.cpp @@ -1,2 +1,14 @@ // semmle-extractor-options: --clang -std=c++14 -Wcast-function-type -// COMPLIANT \ No newline at end of file +// COMPLIAN + +// NOTE: When tested with `codeql test run`, the test extractor provides `-w` +// which overrides `-Wcast-function-type` and causes this test case to be +// non-compliant. +// +// However, when tested with our compiler matrix tests, this test db is built +// via `codeql database create --command="..."`, and the `-w` flag will NOT be +// used. This means the `-Wcast-function-type` flag is active and the test case +// is compliant. +// +// Therefore, the .expected file for this test expects non-compliance, and the +// .expected.gcc and .expected.clang files expect this test to be compliant. \ No newline at end of file diff --git a/cpp/autosar/test/rules/A1-1-2/CompilerWarningLevelNotInCompliance.expected b/cpp/autosar/test/rules/A1-1-2/CompilerWarningLevelNotInCompliance.expected index e69de29bb2..82ff1c0c36 100644 --- a/cpp/autosar/test/rules/A1-1-2/CompilerWarningLevelNotInCompliance.expected +++ b/cpp/autosar/test/rules/A1-1-2/CompilerWarningLevelNotInCompliance.expected @@ -0,0 +1 @@ +| Wall.cpp:0:0:0:0 | Wall.cpp | No warning-level options were used in the compilation of 'Wall.cpp'. | \ No newline at end of file diff --git a/cpp/autosar/test/rules/A1-1-2/CompilerWarningLevelNotInCompliance.expected.clang b/cpp/autosar/test/rules/A1-1-2/CompilerWarningLevelNotInCompliance.expected.clang new file mode 100644 index 0000000000..e69de29bb2 diff --git a/cpp/autosar/test/rules/A1-1-2/CompilerWarningLevelNotInCompliance.expected.gcc b/cpp/autosar/test/rules/A1-1-2/CompilerWarningLevelNotInCompliance.expected.gcc new file mode 100644 index 0000000000..e69de29bb2 diff --git a/cpp/autosar/test/rules/A1-1-2/CompilerWarningLevelNotInCompliance.expected.qcc b/cpp/autosar/test/rules/A1-1-2/CompilerWarningLevelNotInCompliance.expected.qcc new file mode 100644 index 0000000000..e69de29bb2 diff --git a/cpp/autosar/test/rules/A1-1-2/Wall.cpp b/cpp/autosar/test/rules/A1-1-2/Wall.cpp index cb21e0601e..b42189a8d1 100644 --- a/cpp/autosar/test/rules/A1-1-2/Wall.cpp +++ b/cpp/autosar/test/rules/A1-1-2/Wall.cpp @@ -1,2 +1,12 @@ // semmle-extractor-options: --clang -std=c++14 -Wall -// COMPLIANT \ No newline at end of file +// COMPLIANT + +// NOTE: When tested with `codeql test run`, the test extractor provides `-w` +// which overrides `-Wall` and causes this test case to be non-compliant. +// +// However, when tested with our compiler matrix tests, this test db is built +// via `codeql database create --command="..."`, and the `-w` flag will NOT be +// used. This means the `-Wall` flag is active and the test case is compliant. +// +// Therefore, the .expected file for this test expects non-compliance, and the +// .expected.gcc and .expected.clang files expect this test to be compliant. \ No newline at end of file From 863d8e442459da9ac188d7a3bca7a23c7d4d6721 Mon Sep 17 00:00:00 2001 From: Michael R Fairhurst Date: Wed, 18 Sep 2024 00:18:59 +0000 Subject: [PATCH 4/4] Add newline to EOF --- .../src/rules/A1-1-2/CompilerWarningLevelNotInCompliance.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/autosar/src/rules/A1-1-2/CompilerWarningLevelNotInCompliance.ql b/cpp/autosar/src/rules/A1-1-2/CompilerWarningLevelNotInCompliance.ql index f21a70e776..60efab251a 100644 --- a/cpp/autosar/src/rules/A1-1-2/CompilerWarningLevelNotInCompliance.ql +++ b/cpp/autosar/src/rules/A1-1-2/CompilerWarningLevelNotInCompliance.ql @@ -31,4 +31,4 @@ from File f where not isExcluded(f, ToolchainPackage::compilerWarningLevelNotInComplianceQuery()) and exists(CompilationWithNoWarnings c | f = c.getAFileCompiled() | not hasResponseFileArgument(c)) -select f, "No warning-level options were used in the compilation of '" + f.getBaseName() + "'." \ No newline at end of file +select f, "No warning-level options were used in the compilation of '" + f.getBaseName() + "'."