v2.18.0

Release summary

• No new queries were added for this release
• The following changes have been made for this release:
• A15-4-4 - MissingNoExcept.ql
  • Exclude call operators embedded in a lambda expression from functions to be declared noexcept or noexcept(false).
• A2-7-3 - UndocumentedUserDefinedType.ql:
  • Exclude lambda functions from program elements to be documented.

• Fix compatibility issues with the qcc compiler and standard headers:
  • RULE-21-4: longjmp can be implmented as macro
  • ENV32-C: exit functions can be implmented as macro
  • ERR33-C FIO34-C FIO46-C RULE-22-6: the library files ReadErrorsAndEOF.qll DoNotAccessAClosedFile.qll FileAccess.qll have been updated to support different definitions of IO related functions and macros
  • RULE-10-6: Fix output string format
  • STR37-C: add support for a different tolower/toupper macro implementation
  • EXP43-C: add explicit support for library functions that are mentioned in the rule description
  • RULE-11-1 RULE-11-2 RULE-11-5: support for a different NULL pointer definition
  • STR38-C: removed links to library internals in the output message

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.10.5 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.10.5.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-20220908.

v2.17.0

Release summary

• New queries added for the following rule packages: OutOfBounds

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.10.5 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.10.5.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-20220908.

Appendix: MISRA-C-2012 new queries

New queries added to cover the following rules:

• RULE-21-17 - StringFunctionPointerArgumentOutOfBounds.ql
• RULE-21-18 - StringLibrarySizeArgumentOutOfBounds.ql

Appendix: CERT-C new queries

New queries added to cover the following rules:

• ARR30-C - DoNotFormOutOfBoundsPointersOrArraySubscripts.ql
• ARR38-C - LibraryFunctionArgumentOutOfBounds.ql

v2.16.0

Release summary

• New queries added for the following rule packages: Contracts7, FloatingTypes, IntegerOverflow, InvalidMemory2, Language3, Memory2, Memory3, SideEffects3, SideEffects4, SignalHandlers, StandardLibraryFunctionTypes, Statements1, Statements2, Statements3, Statements4, Statements5, Statements6, Static, Types1
• The following changes have been made for this release:
  • Rule 20.12 - the performance of this rule has been improved.
  • The performance of the following identifier related rules has been improved:
    • MISRA C 2012 Rule 5.8
    • MISRA C 2012 Rule 8.7
  • M6-6-2: Changed formatting of the alert message.
  • M6-4-2: Changed formatting of alert message.
  • FIO42-C - CloseFilesWhenTheyAreNoLongerNeeded.ql:
    • Parentheses have been added to a resolve previously lacking parentheses in the where clause, such that the exclusion mechanism only functioned for a certain subset of results.
    • The query implementation has been moved to a shared implementation.
  • M5-19-1:
    • Reduce false negatives by fixing a bug where a constant expression was immediately casted to a signed type.
  • M6-4-4 - alert message updated for clarity.
  • A4-7-1 - IntegerExpressionLeadToDataLoss.ql - reduce false positives and false negatives by:
    • Identifying additional categories of valid guard.
    • Excluding guards which were not proven to prevent overflow or underflow.
    • Expand coverage to include unary operations and arithmetic assignment operations.

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.10.5 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.10.5.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-20220908.

Appendix: MISRA-C-2012 new queries

New queries added to cover the following rules:

• DIR-4-6 - PlainNumericalTypeUsedOverExplicitTypedef.ql
• RULE-1-2 - LanguageExtensionsShouldNotBeUsed.ql
• RULE-1-3 - OccurrenceOfUndefinedBehavior.ql
• RULE-7-4 - StringLiteralAssignedToNonConstChar.ql
• RULE-12-2 - RightHandOperandOfAShiftRange.ql
• RULE-12-4 - ConstantUnsignedIntegerExpressionsWrapAround.ql
• RULE-12-5 - SizeofOperatorUsedOnArrayTypeParam.ql
• RULE-13-2 - UnsequencedSideEffects.ql
• RULE-14-2 - ForLoopNotWellFormed.ql
• RULE-14-3 - ControllingExprInvariant.ql
• RULE-14-4 - NonBooleanIfCondition.ql, NonBooleanIterationCondition.ql
• RULE-15-1 - GotoStatementUsed.ql
• RULE-15-2 - GotoLabelLocationCondition.ql
• RULE-15-3 - GotoLabelBlockCondition.ql
• RULE-15-4 - LoopIterationCondition.ql
• RULE-15-5 - FunctionReturnCondition.ql
• RULE-15-6 - SwitchCompoundCondition.ql, LoopCompoundCondition.ql, SelectionCompoundCondition.ql
• RULE-15-7 - IfElseEndCondition.ql
• RULE-16-1 - SwitchCaseStartCondition.ql, SwitchStmtNotWellFormed.ql
• RULE-16-2 - NestSwitchLabelInSwitchStatement.ql
• RULE-16-3 - BreakShallTerminateSwitchClause.ql
• RULE-16-4 - EverySwitchShallHaveDefaultLabel.ql
• RULE-16-5 - DefaultNotFirstOrLastOfSwitch.ql
• RULE-16-6 - SwitchClauseNumberCondition.ql
• RULE-16-7 - SwitchExpressionBoolCondition.ql
• RULE-17-2 - RecursiveFunctionCondition.ql
• RULE-17-4 - NonVoidFunctionReturnCondition.ql
• RULE-17-6 - UseOfArrayStatic.ql
• RULE-19-1 - ObjectAssignedToAnOverlappingObject.ql, ObjectCopiedToAnOverlappingObject.ql
• RULE-21-13 - CtypeFunctionArgNotUnsignedCharOrEof.ql
• RULE-21-15 - MemcpyMemmoveMemcmpArgNotPointersToCompatibleTypes.ql
• RULE-22-1 - FreeMemoryWhenNoLongerNeededMisra.ql, CloseFileHandleWhenNoLongerNeededMisra.ql
• RULE-22-2 - OnlyFreeMemoryAllocatedDynamicallyMisra.ql

Appendix: CERT-C new queries

New queries added to cover the following rules:

• ARR32-C - VariableLengthArraySizeNotInValidRange.ql
• ARR36-C - DoNotSubtractPointersThatDoNotReferToTheSameArray.ql, DoNotRelatePointersThatDoNotReferToTheSameArray.ql
• ARR37-C - DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql
• EXP35-C - DoNotModifyObjectsWithTemporaryLifetime.ql
• EXP42-C - DoNotComparePaddingData.ql
• FLP30-C - FloatingPointLoopCounters.ql
• FLP32-C - UncheckedRangeDomainPoleErrors.ql
• FLP34-C - UncheckedFloatingPointConversion.ql
• FLP36-C - IntToFloatPreservePrecision.ql
• FLP37-C - MemcmpUsedToCompareFloats.ql
• INT30-C - UnsignedIntegerOperationsWrapAround.ql
• INT31-C - IntegerConversionCausesDataLoss.ql
• INT32-C - SignedIntegerOverflow.ql
• INT33-C - DivOrRemByZero.ql
• INT34-C - ExprShiftedbyNegativeOrGreaterPrecisionOperand.ql
• INT35-C - UseCorrectIntegerPrecisions.ql
• INT36-C - ConvertingAPointerToIntegerOrIntegerToPointer.ql
• MEM31-C - FreeMemoryWhenNoLongerNeededCert.ql
• MEM33-C - AllocStructsWithAFlexibleArrayMemberDynamically.ql, CopyStructsWithAFlexibleArrayMemberDynamically.ql
• MEM34-C - OnlyFreeMemoryAllocatedDynamicallyCert.ql
• MEM35-C - InsufficientMemoryAllocatedForObject.ql
• MEM36-C - DoNotModifyAlignmentOfMemoryWithRealloc.ql
• MSC33-C - DoNotPassInvalidDataToTheAsctimeFunction.ql
• MSC39-C - DoNotCallVaArgOnAVaListThatHasAnIndeterminateValue.ql
• PRE31-C - SideEffectsInArgumentsToUnsafeMacros.ql
• SIG30-C - CallOnlyAsyncSafeFunctionsWithinSignalHandlers.ql
• SIG31-C - DoNotAccessSharedObjectsInSignalHandlers.ql
• SIG34-C - DoNotCallSignalFromInterruptibleSignalHandlers.ql
• SIG35-C - DoNotReturnFromAComputationalExceptionHandler.ql

v2.15.1

Release summary

• No new queries were added for this release
• The following changes have been made for this release:
  • The performance of the following queries related to essential types have been improved:
    • Rule 10.1
    • Rule 10.2
    • Rule 10.3
    • Rule 10.4
    • Rule 10.5
    • Rule 10.6
    • Rule 10.7
    • Rule 10.8
    • Rule 14.1
    • Rule 21.14
    • Rule 21.16

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.10.5 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.10.5.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-20220908.

v2.15.0

Release summary

• New queries added for the following rule packages: EssentialTypes, Memory1
• The following changes have been made for this release:
• A13-5-2 - address a false positive where lambda expressions with empty captures were being flagged as having a non-compliant conversion operator.
• A0-1-2
  • Addressed false positives where the return values are cast to void in C-style or assigned to std::ignore.
• A0-1-4
  • Addressed false positives where the parameters are marked with attribute [[maybe_unused]], or either cast to void in C-style or assigned to std::ignore in the function body.
• RULE-8-4 - CompatibleDeclarationObjectDefined.ql
  • Update rule implementation based on changes in the CodeQL libraries.
• Updated the CodeQL version to 2.10.5.
• A2-10-4 - IdentifierNameOfStaticFunctionReusedInNamespace.ql:
  • Reuse of an identifier name of a static function in a namespace is now detected.
• A2-10-4 - IdentifierNameOfStaticNonMemberObjectReusedInNamespace.ql:
  • Reuse of an identifier name of a static non-member object in a namespace is now detected.
• A2-10-5 - IdentifierNameOfStaticNonMemberObjectWithExternalOrInternalLinkageIsReused.ql:
  • Reuse of an identifier name of a static non-member object with internal linkage in a namespace is now detected.
• A5-2-2
  • CStyleCasts.ql - exclude template parameters to avoid false positives when using the "functional notation" syntax. In addition, provide a greater explanation on limitations of this query.

• Improved alert message to avoid reporting locations in standard header files, which cannot be viewed in Code Scanning, in the following queries:
  - Rule 21.4
  - Rule 21.5
  - Rule 21.6
  - Rule 21.7
  - Rule 21.8
  - Rule 21.9
  - Rule 21.10
  - Rule 21.11
  - Rule 21.12
  - Rule 21.21

• A13-2-2 - BinaryOperatorAndBitwiseOperatorReturnAPrvalue.ql
  • The formatting of the query output message has been changed and operators are now displayed starting with the return type instead of ending with it.
• CON41-C: Refactored to address compiler compatibility issues. More accurate
  modeling of cases where macros are modeled against other macros such as
  atomic_compare_exchange_weak and atomic_store.
• CON40-C: Refactored to address compiler compatibility issues. More accurate
  modeling of cases where macros are modeled against other macros such as
  atomic_compare_exchange_weak and atomic_store.

• STR37-C - reduce false negatives by improving detection when the <ctype> functions are implemented using macros.

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.10.5 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.10.5.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-20220908.

Appendix: MISRA-C-2012 new queries

New queries added to cover the following rules:

• RULE-9-2 - InitializerForAggregateOrUnionNotEnclosedInBraces.ql
• RULE-9-3 - PartiallyInitializedArrayWithExplicitInitializers.ql
• RULE-9-4 - RepeatedInitializationOfAggregateObjectElement.ql
• RULE-10-1 - OperandsOfAnInappropriateEssentialType.ql, PointerTypeOnLogicalOperator.ql
• RULE-10-2 - AdditionSubtractionOnEssentiallyCharType.ql
• RULE-10-3 - AssignmentOfIncompatibleEssentialType.ql
• RULE-10-4 - OperandsWithMismatchedEssentialTypeCategory.ql
• RULE-10-5 - InappropriateEssentialTypeCast.ql
• RULE-10-6 - AssignmentToWiderEssentialType.ql
• RULE-10-7 - ImplicitConversionOfCompositeExpression.ql
• RULE-10-8 - InappropriateCastOfCompositeExpression.ql
• RULE-14-1 - LoopOverEssentiallyFloatType.ql
• RULE-21-14 - MemcmpUsedToCompareNullTerminatedStrings.ql
• RULE-21-16 - MemcmpOnInappropriateEssentialTypeArgs.ql

v2.14.0

Release summary

• New queries added for the following rule packages: BitfieldTypes, Contracts6, Declarations7, Declarations8, InvalidMemory1, Pointers3
• The following changes have been made for this release:
  • RULE-11-7 - CastBetweenPointerToObjectAndNonIntArithmeticType.ql
    • Corrected the query output message to describe a cast involving a pointer to an object rather than a void pointer.
  • A1-1-2: Refactored this test case to support better cross-compiler testing.
  • A1-1-3: Added support for alternate spelling of compiler flag.

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.9.4 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.9.4.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-20220615.

Appendix: MISRA-C-2012 new queries

New queries added to cover the following rules:

• RULE-6-1 - BitFieldsShallOnlyBeDeclaredWithAnAppropriateType.ql
• RULE-6-2 - SingleBitNamedBitFieldsOfASignedType.ql
• RULE-8-12 - ValueImplicitEnumerationConstantNotUnique.ql
• RULE-9-1 - ObjectWithAutoStorageDurationReadBeforeInit.ql
• RULE-17-5 - ArrayFunctionArgumentNumberOfElements.ql
• RULE-17-7 - ValueReturnedByAFunctionNotUsed.ql
• RULE-18-8 - VariableLengthArrayTypesUsed.ql

Appendix: CERT-C new queries

New queries added to cover the following rules:

• DCL30-C - AppropriateStorageDurationsStackAdressEscape.ql, AppropriateStorageDurationsFunctionReturn.ql
• DCL39-C - InformationLeakageAcrossTrustBoundariesC.ql
• EXP32-C - DoNotAccessVolatileObjectWithNonVolatileReference.ql
• EXP33-C - DoNotReadUninitializedMemory.ql
• EXP34-C - DoNotDereferenceNullPointers.ql
• EXP36-C - DoNotCastPointerToMoreStrictlyAlignedPointerType.ql
• EXP39-C - DoNotAccessVariableViaPointerOfIncompatibleType.ql
• EXP40-C - DoNotModifyConstantObjects.ql
• EXP43-C - DoNotPassAliasedPointerToRestrictQualifiedParam.ql, RestrictPointerReferencesOverlappingObject.ql
• MEM30-C - DoNotAccessFreedMemory.ql

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.9.4 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.9.4.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-20220615.

v2.13.0

Release summary

• New queries added for the following rule packages: Contracts5, DeadCode, Declarations4, Declarations5, Declarations6
• The following changes have been made for this release:
  • M0-1-9: This query previously excluded all results which were affected by a macro expansion. This is because a macro may be expanded multiple times with code that is dead in one expansion but live in another. This query has been modified to exclude results only where the entirety of a statement is generated by a macro. This reduces false negatives where the statements liveness is not affected by the macro expansion.

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.9.4 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.9.4.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-20220615.

Appendix: MISRA-C-2012 new queries

New queries added to cover the following rules:

• RULE-2-1 - UnreachableCode.ql
• RULE-2-2 - DeadCode.ql
• RULE-2-3 - UnusedTypeDeclarations.ql
• RULE-2-4 - UnusedTagDeclaration.ql
• RULE-2-5 - UnusedMacroDeclaration.ql
• RULE-2-6 - UnusedLabelDeclaration.ql
• RULE-2-7 - UnusedParameter.ql
• RULE-5-2 - IdentifiersDeclaredInTheSameScopeNotDistinct.ql
• RULE-5-8 - IdentifiersWithExternalLinkageNotUnique.ql
• RULE-5-9 - IdentifiersWithInternalLinkageNotUnique.ql
• RULE-8-2 - FunctionTypesNotInPrototypeForm.ql
• RULE-8-3 - DeclarationsOfAnObjectSameNameAndType.ql, DeclarationsOfAFunctionSameNameAndType.ql
• RULE-8-4 - CompatibleDeclarationObjectDefined.ql, CompatibleDeclarationFunctionDefined.ql
• RULE-8-5 - ExternalObjectOrFunctionNotDeclaredInOneFile.ql
• RULE-8-6 - IdentifierWithExternalLinkageOneDefinition.ql
• RULE-8-7 - ShouldNotBeDefinedWithExternalLinkage.ql
• RULE-8-8 - MissingStaticSpecifierFunctionRedeclarationC.ql, MissingStaticSpecifierObjectRedeclarationC.ql
• RULE-8-9 - UnnecessaryExposedIdentifierDeclarationC.ql
• RULE-8-10 - InlineFunctionNotDeclaredStaticStorage.ql
• RULE-8-11 - ArrayExternalLinkageSizeExplicitlySpecified.ql
• RULE-17-3 - FunctionDeclaredImplicitly.ql
• RULE-18-7 - FlexibleArrayMembersDeclared.ql

Appendix: CERT-C new queries

New queries added to cover the following rules:

• ERR32-C - DoNotRelyOnIndeterminateValuesOfErrno.ql
• ERR33-C - DetectAndHandleStandardLibraryErrors.ql

v2.12.0

Release summary

• New queries added for the following rule packages: Language2, Preprocessor6
• The following changes have been made for this release:
• Add the Python scripts under scripts/guideline_recategorization and the JSON schemas under schemas.
• Add the Python scripts under scripts/shared relied upon by the analysis report generation.
• EXP30-C - DependenceOnOrderOfFunctionArgumentsForSideEffects.ql:
  • Prefer the GlobalValueNumbering CodeQL library over the GlobalValueNumberingImpl library, as the former yields higher quality results and the latter is going to be deprecated. This also improves performance when multiple queries are evaluated, due to more sharing of intermediate computations.
• EXP50-CPP - DoNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments.ql:
  • Prefer the GlobalValueNumbering CodeQL library over the GlobalValueNumberingImpl library, as the former yields higher quality results and the latter is going to be deprecated. This also improves performance when multiple queries are evaluated, due to more sharing of intermediate computations.
• M27-0-1
  • CstdioTypesUsed.ql - Exclude size_t from this rule, as it can be provided by headers other than <cstdio>.
  • CstdioMacrosUsed.ql - Exclude NULL from this rule, as it can be provided by headers other than <cstdio>.

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.9.4 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.9.4.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-20220615.

Appendix: MISRA-C-2012 new queries

New queries added to cover the following rules:

• DIR-4-2 - UsageOfAssemblyLanguageShouldBeDocumented.ql
• DIR-4-9 - FunctionOverFunctionLikeMacro.ql
• RULE-1-4 - EmergentLanguageFeaturesUsed.ql

v2.11.0

Release summary

• New queries added for the following rule packages: Contracts2, Contracts4, Banned, Pointers1, Preprocessor2, Syntax
• The following changes have been made for this release:
  • A5-2-2 - TraditionalCStyleCastsUsed.ql
    • Reduced false positives by excluding casts generated by library macros (i.e. macros defined outside the source location)
    • Improved the message to cite the macro which generated the c-style cast, if any.
    • Improved the message to cite the type being casted to, to aid with identification and remediation.
  • M0-1-4 - SingleUseMemberPODVariable.ql
    • Reduce false positives by excluding any constexpr variable whose constant value is used as an argument to a template.
• The following rules have been renamed:
  • RULE-4-4 has been renamed to DIR-4-4 to reflect correct naming as per
    MISRA C:2012 standard.
  • RULE-4-8 has been renamed to DIR-4-8 to reflect correct naming as per
    MISRA C:2012 standard.
  • RULE-4-10 has been renamed to DIR-4-10 to reflect correct naming as per
    MISRA C:2012 standard.
  • RULE-4-12 has been renamed to DIR-4-12 to reflect correct naming as per
    MISRA C:2012 standard.

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.9.4 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.9.4.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-20220615.

Appendix: MISRA-C-2012 new queries

New queries added to cover the following rules:

• DIR-4-4 - SectionsOfCodeShallNotBeCommentedOut.ql
• DIR-4-8 - ObjectWithNoPointerDereferenceShouldBeOpaque.ql
• DIR-4-10 - PrecautionIncludeGuardsNotProvided.ql
• DIR-4-12 - StdLibDynamicMemoryAllocationUsed.ql
• RULE-21-19 - ValuesReturnedByLocaleSettingUsedAsPtrToConst.ql
• RULE-21-20 - CallToSetlocaleInvalidatesOldPointers.ql, CallToSetlocaleInvalidatesOldPointersWarn.ql

Appendix: CERT-C new queries

New queries added to cover the following rules:

• ENV32-C - ExitHandlersMustReturnNormally.ql
• ENV34-C - DoNotStorePointersReturnedByEnvFunctions.ql, DoNotStorePointersReturnedByEnvironmentFunWarn.ql
• ERR30-C - SetlocaleMightSetErrno.ql, ErrnoReadBeforeReturn.ql, FunctionCallBeforeErrnoCheck.ql, ErrnoNotSetToZero.ql

v2.10.0

Release summary

• New queries added for the following rule packages: Concurrency5, Contracts3, Declarations3, Language1
• The following changes have been made for this release:
  • M0-1-9 - DeadCode.ql:
    • More compiler generated statements are now excluded from being reported as dead code, including compiler generated statements for static_assert calls.
  • A2-10-5 - IdentifierNameOfANonMemberObjectWithExternalOrInternalLinkageIsReused.ql
    • Reduce false positives by excluding variable template instantiations.
  • M3-2-1 - DeclarationsOfAnObjectShallHaveCompatibleTypes.ql
    • Reduced false positives by excluding non-object variables (for example, member variables).
    • Reduced false positives by excluding variable templates and template instantiations.
    • Improved the reported error message by including the conflicting type names.

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.9.4 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.9.4.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-20220615.

Appendix: MISRA-C-2012 new queries

New queries added to cover the following rules:

• DIR-4-3 - LanguageNotEncapsulatedAndIsolated.ql
• RULE-5-3 - IdentifierHidingC.ql
• RULE-5-5 - IdentifiersNotDistinctFromMacroNames.ql
• RULE-5-6 - TypedefNameNotUnique.ql
• RULE-5-7 - TagNameNotUnique.ql
• RULE-8-1 - ExplicitlyDeclareTypes.ql
• RULE-22-8 - ErrnoSetToZeroPriorToCall.ql
• RULE-22-9 - ErrnoSetToZeroAfterCall.ql
• RULE-22-10 - OnlyTestErrnoRightAfterErrnoSettingFunction.ql

Appendix: CERT-C new queries

New queries added to cover the following rules:

• CON39-C - ThreadWasPreviouslyJoinedOrDetached.ql
• CON40-C - AtomicVariableTwiceInExpression.ql