From f653123df0e2e11a285add93052d418dc1475316 Mon Sep 17 00:00:00 2001 From: Mike Fairhurst Date: Thu, 30 Apr 2026 08:34:08 -0700 Subject: [PATCH 1/2] Update README to declare our support for MISRA C++ 2023 --- README.md | 11 ++++++++--- docs/user_manual.md | 25 +++++++++++++------------ rules.csv | 2 +- 3 files changed, 22 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 465e82d010..85cc9f72d6 100644 --- a/README.md +++ b/README.md @@ -6,12 +6,13 @@ This repository contains CodeQL queries and libraries which support various Codi _Carnegie Mellon and CERT are registered trademarks of Carnegie Mellon University._ -This repository contains CodeQL queries and libraries which support various Coding Standards for the [C++14](https://www.iso.org/standard/64029.html), [C99](https://www.iso.org/standard/29237.html) and [C11](https://www.iso.org/standard/57853.html) programming languages. +This repository contains CodeQL queries and libraries which support various Coding Standards for the [C++14](https://www.iso.org/standard/64029.html), [C++17](https://www.iso.org/standard/68564.html), [C99](https://www.iso.org/standard/29237.html) and [C11](https://www.iso.org/standard/57853.html) programming languages. The following coding standards are supported: - [AUTOSAR - Guidelines for the use of C++14 language in critical and safety-related systems (Releases R22-11, R20-11, R19-11 and R19-03)](https://www.autosar.org/fileadmin/standards/R22-11/AP/AUTOSAR_RS_CPP14Guidelines.pdf). - [SEI CERT C++ Coding Standard: Rules for Developing Safe, Reliable, and Secure Systems (2016 Edition)](https://resources.sei.cmu.edu/library/asset-view.cfm?assetID=494932) - [SEI CERT C Coding Standard: Rules for Developing Safe, Reliable, and Secure Systems (2016 Edition)](https://resources.sei.cmu.edu/downloads/secure-coding/assets/sei-cert-c-coding-standard-2016-v01.pdf) +- [MISRA C++ 2023: Guidelines for the use of C++ in critical systems](https://misra.org.uk/product/misra-cpp2023/). - [MISRA C 2012, 3rd Edition, 1st revision](https://www.misra.org.uk/product/misra-c2012-third-edition-first-revision/) (incoporating Amendment 1 & Technical Corrigendum 1). In addition, we support the following additional amendments and technical corrigendums: - [MISRA C 2012 Amendment 2](https://misra.org.uk/app/uploads/2021/06/MISRA-C-2012-AMD2.pdf) - [MISRA C 2012 Technical Corrigendum 2](https://misra.org.uk/app/uploads/2022/04/MISRA-C-2012-TC2.pdf) @@ -21,9 +22,13 @@ The following coding standards are supported: ## :construction: Standards under development :construction: -The following standards are under active development for [C++17](https://www.iso.org/standard/68564.html): +There are currently no new coding standards under active development. -- [MISRA C++ 2023](https://misra.org.uk/product/misra-cpp2023/) - under development - _scheduled for release 2026 Q1/Q2_ +This product intends to begin development of the following standards in the near future: + +- [MISRA C 2025](https://misra.org.uk/product/misra-cpp2025/) + +If you are interested in this standard or when it will be available, consider contacting us via email or by filing an issue. ## How do I use the CodeQL Coding Standards Queries? diff --git a/docs/user_manual.md b/docs/user_manual.md index 354447915c..3c52416a95 100644 --- a/docs/user_manual.md +++ b/docs/user_manual.md @@ -34,6 +34,7 @@ | 0.25.0 | 2025-01-15 | Mike Fairhurst | Add guidance for the usage of 'strict' queries. | | 0.26.0 | 2025-02-12 | Luke Cartey | Describe support for new deviation code identifier formats | | 0.27.0 | 2025-05-15 | Luke Cartey | Documented completed support for MISRA C 2023. | +| 0.27.0 | 2025-05-15 | Mike Fairhurst | Documented completed support for MISRA C++ 2023. | ## Release information @@ -70,7 +71,7 @@ The _CodeQL Coding Standards_ product is a set of CodeQL queries for identifying | | [2012 Amendment 3](https://misra.org.uk/app/uploads/2021/06/MISRA-C-2012-AMD3.pdf) | 24 | 24 | 24 | Implemented | | | [2012 Amendment 4](https://misra.org.uk/app/uploads/2021/06/MISRA-C-2012-AMD4.pdf) | 22 | 22 | 21[^4] | Implemented | | | [2023 Third Edition, Second Revision](https://misra.org.uk/product/misra-c2023/) | 221 | 210 | 207[^5] | Implemented | -| MISRA C++ | [2023](https://misra.org.uk/product/misra-cpp2023/) | 179 | 176[^6] | - | Under development | +| MISRA C++ | [2023](https://misra.org.uk/product/misra-cpp2023/) | 179 | 175[^6] | - | Implemented | Not all rules in these standards are amenable to static analysis by CodeQL - some rules require external or domain specific knowledge to validate, or refer to properties which are not present in our representation of the codebase under analysis. In addition, some rules are natively enforced by the supported compilers. As CodeQL requires that the program under analysis compiles, we are unable to implement queries for these rules, and doing so would be redundant. @@ -89,7 +90,7 @@ The datasheet _"CodeQL Coding Standards: supported rules"_, provided with each r [^3]: The unimplemented supportable MISRA C 2012 rules are `Rule 9.5`, `Rule 17.13`. `Rule 9.5` and `Rule 17.13` require additional support in the CodeQL CLI to ensure the required information is available in the CodeQL database to identify violations of these rules. Note: `Dir 4.14` is covered by the default CodeQL queries, which identify potential security vulnerabilities caused by not validating external input. [^4]: The unimplemented supportable MISRA C 2012 Amendment 4 rule is `Rule 9.6`. `Rule 9.6` requires additional support in the CodeQL CLI to ensure the required information is available in the CodeQL database to identify violations of this rule. [^5]: The unimplemented supportable MISRA C 2023 rules are `Rule 9.5`, `Rule 9.6`, `Rule 17.13`. `Rule 9.5`, `Rule 9.6` and `Rule 17.13` require additional support in the CodeQL CLI to ensure the required information is available in the CodeQL database to identify violations of these rules. Note: `Dir 4.14` is covered by the default CodeQL queries, which identify potential security vulnerabilities caused by not validating external input. -[^6]: The rules `5.13.7`, `19.0.1` and `19.1.2` are not planned to be implemented by CodeQL as they are compiler checked in all supported compilers. +[^6]: The rules `5.13.7`, `19.0.1` and `19.1.2` are not planned to be implemented by CodeQL as they are compiler checked in all supported compilers. Our implementation does not support `Dir 0.3.2`, and for customers who wish to validate function preconditions we recommend they consider using [this open source CodeQL project](https://github.com/advanced-security/codeql-contracts-smt-z3) that can find and validate preconditions with SMT constraint solving. ## Supported environment @@ -116,11 +117,11 @@ In addition, the machine which performs the analysis must be able to complete a For C++ the codebase under analysis must comply with C++14 and use one of the following supported compiler configurations: -| Compiler | Version | Standard library | Target architecture | Required flags | -| -------- | ------- | ------------------- | --------------------- | -------------------------------- | -| clang | 10.0.0 | libstdc++ (default) | x86_64-linux-gnu | -std=c++14 | -| gcc | 8.4.0 | libstdc++ (default) | x86_64-linux-gnu | -std=c++14 | -| qcc | 8.3.0 | libc++ (default) | gcc_ntoaarch64le_cxx | -std=c++14 -D_QNX_SOURCE -nopipe | +| Compiler | Version | Standard library | Target architecture | Language standard flag | Other required flags | +| -------- | ------- | ------------------- | --------------------- | ---------------------------- | ----------------------- | +| clang | 10.0.0 | libstdc++ (default) | x86_64-linux-gnu | `-std=c++14` or `-std=c++17` | None | +| gcc | 8.4.0 | libstdc++ (default) | x86_64-linux-gnu | `-std=c++14` or `-std=c++17` | None | +| qcc | 8.3.0 | libc++ (default) | gcc_ntoaarch64le_cxx | `-std=c++14` or `-std=c++17` | `-D_QNX_SOURCE -nopipe` | Use of the queries outside these scenarios is possible, but not validated for functional safety. In particular: @@ -133,11 +134,11 @@ Use of the queries outside these scenarios is possible, but not validated for fu For C the codebase under analysis must comply with C99 or C11 and use one of the following supported compiler configurations: -| Compiler | Version | Standard library | Target architecture | Required Flags | -| -------- | ------- | ------------------- | --------------------- | -------------------------- | -| clang | 10.0.0 | glibc (default) | x86_64-linux-gnu | `-std=c11` or `-std=c99` | -| gcc | 8.4.0 | glibc (default) | x86_64-linux-gnu | `-std=c11` or `-std=c99` | -| qcc | 8.3.0 | glibc (default) | gcc_ntoaarch64le | `-std=c11 -nopipe` or `-std=c99 -nopipe` | +| Compiler | Version | Standard library | Target architecture | Language standard flag | Other required flags | +| -------- | ------- | ------------------- | --------------------- | ------------------------ | -------------------- | +| clang | 10.0.0 | glibc (default) | x86_64-linux-gnu | `-std=c11` or `-std=c99` | None | +| gcc | 8.4.0 | glibc (default) | x86_64-linux-gnu | `-std=c11` or `-std=c99` | None | +| qcc | 8.3.0 | glibc (default) | gcc_ntoaarch64le | `-std=c11` or `-std=c99` | `-nopipe` | Use of the queries outside these scenarios is possible, but not validated for functional safety. In particular: diff --git a/rules.csv b/rules.csv index c1fd201745..5d27debcf2 100644 --- a/rules.csv +++ b/rules.csv @@ -832,7 +832,7 @@ cpp,MISRA-C++-2023,RULE-0-2-2,Yes,Required,Decidable,Single Translation Unit,A n cpp,MISRA-C++-2023,RULE-0-2-3,Yes,Advisory,Decidable,Single Translation Unit,Types with limited visibility should be used at least once,A0-1-6,DeadCode9,Easy, cpp,MISRA-C++-2023,RULE-0-2-4,Yes,Advisory,Decidable,System,Functions with limited visibility should be used at least once,A0-1-3,DeadCode10,Easy, cpp,MISRA-C++-2023,DIR-0-3-1,Yes,Advisory,,,Floating-point arithmetic should be used appropriately,,FloatingPoint,Hard, -cpp,MISRA-C++-2023,DIR-0-3-2,Yes,Required,,,A function call shall not violate the function’s preconditions,,Preconditions,Hard, +cpp,MISRA-C++-2023,DIR-0-3-2,No,Required,,,A function call shall not violate the function’s preconditions,,,,Consider other projects such as github.com/advanced-security/codeql-contracts-smt-z3 cpp,MISRA-C++-2023,RULE-4-1-1,Yes,Required,Undecidable,System,A program shall conform to ISO/IEC 14882:2017 (C++17),,Toolchain2,Hard, cpp,MISRA-C++-2023,RULE-4-1-2,Yes,Advisory,Decidable,Single Translation Unit,Deprecated features should not be used,,Toolchain3,Very Hard, cpp,MISRA-C++-2023,RULE-4-1-3,Yes,Required,Undecidable,System,There shall be no occurrence of undefined or critical unspecified behaviour,,Undefined,Very Hard, From f85a1f180cdc85b29ca57b1aaf1390e98cc493af Mon Sep 17 00:00:00 2001 From: Mike Fairhurst Date: Thu, 30 Apr 2026 14:16:46 -0700 Subject: [PATCH 2/2] Copilot feedback --- README.md | 4 ++-- docs/user_manual.md | 13 +++++++------ 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 85cc9f72d6..456440b266 100644 --- a/README.md +++ b/README.md @@ -24,9 +24,9 @@ The following coding standards are supported: There are currently no new coding standards under active development. -This product intends to begin development of the following standards in the near future: +This project intends to begin development of the following standards in the near future: -- [MISRA C 2025](https://misra.org.uk/product/misra-cpp2025/) +- [MISRA C 2025](https://misra.org.uk/product/misra-c2025/) If you are interested in this standard or when it will be available, consider contacting us via email or by filing an issue. diff --git a/docs/user_manual.md b/docs/user_manual.md index 3c52416a95..478fa42794 100644 --- a/docs/user_manual.md +++ b/docs/user_manual.md @@ -34,7 +34,7 @@ | 0.25.0 | 2025-01-15 | Mike Fairhurst | Add guidance for the usage of 'strict' queries. | | 0.26.0 | 2025-02-12 | Luke Cartey | Describe support for new deviation code identifier formats | | 0.27.0 | 2025-05-15 | Luke Cartey | Documented completed support for MISRA C 2023. | -| 0.27.0 | 2025-05-15 | Mike Fairhurst | Documented completed support for MISRA C++ 2023. | +| 0.28.0 | 2026-04-30 | Mike Fairhurst | Documented completed support for MISRA C++ 2023. | ## Release information @@ -71,7 +71,7 @@ The _CodeQL Coding Standards_ product is a set of CodeQL queries for identifying | | [2012 Amendment 3](https://misra.org.uk/app/uploads/2021/06/MISRA-C-2012-AMD3.pdf) | 24 | 24 | 24 | Implemented | | | [2012 Amendment 4](https://misra.org.uk/app/uploads/2021/06/MISRA-C-2012-AMD4.pdf) | 22 | 22 | 21[^4] | Implemented | | | [2023 Third Edition, Second Revision](https://misra.org.uk/product/misra-c2023/) | 221 | 210 | 207[^5] | Implemented | -| MISRA C++ | [2023](https://misra.org.uk/product/misra-cpp2023/) | 179 | 175[^6] | - | Implemented | +| MISRA C++ | [2023](https://misra.org.uk/product/misra-cpp2023/) | 179 | 176[^6] | 175[^7] | Implemented | Not all rules in these standards are amenable to static analysis by CodeQL - some rules require external or domain specific knowledge to validate, or refer to properties which are not present in our representation of the codebase under analysis. In addition, some rules are natively enforced by the supported compilers. As CodeQL requires that the program under analysis compiles, we are unable to implement queries for these rules, and doing so would be redundant. @@ -90,7 +90,8 @@ The datasheet _"CodeQL Coding Standards: supported rules"_, provided with each r [^3]: The unimplemented supportable MISRA C 2012 rules are `Rule 9.5`, `Rule 17.13`. `Rule 9.5` and `Rule 17.13` require additional support in the CodeQL CLI to ensure the required information is available in the CodeQL database to identify violations of these rules. Note: `Dir 4.14` is covered by the default CodeQL queries, which identify potential security vulnerabilities caused by not validating external input. [^4]: The unimplemented supportable MISRA C 2012 Amendment 4 rule is `Rule 9.6`. `Rule 9.6` requires additional support in the CodeQL CLI to ensure the required information is available in the CodeQL database to identify violations of this rule. [^5]: The unimplemented supportable MISRA C 2023 rules are `Rule 9.5`, `Rule 9.6`, `Rule 17.13`. `Rule 9.5`, `Rule 9.6` and `Rule 17.13` require additional support in the CodeQL CLI to ensure the required information is available in the CodeQL database to identify violations of these rules. Note: `Dir 4.14` is covered by the default CodeQL queries, which identify potential security vulnerabilities caused by not validating external input. -[^6]: The rules `5.13.7`, `19.0.1` and `19.1.2` are not planned to be implemented by CodeQL as they are compiler checked in all supported compilers. Our implementation does not support `Dir 0.3.2`, and for customers who wish to validate function preconditions we recommend they consider using [this open source CodeQL project](https://github.com/advanced-security/codeql-contracts-smt-z3) that can find and validate preconditions with SMT constraint solving. +[^6]: The rules `5.13.7`, `19.0.1` and `19.1.2` are not planned to be implemented by CodeQL as they are compiler checked in all supported compilers. +[^7]: The rule `Dir 0.3.2` is not supported by our implementation. For customers who wish to validate function preconditions we recommend they consider using [this open source CodeQL project](https://github.com/advanced-security/codeql-contracts-smt-z3) that can find and validate preconditions with SMT constraint solving. ## Supported environment @@ -115,7 +116,7 @@ In addition, the machine which performs the analysis must be able to complete a #### C++ -For C++ the codebase under analysis must comply with C++14 and use one of the following supported compiler configurations: +For C++ the codebase under analysis must comply with C++14 or C++17 and use one of the following supported compiler configurations: | Compiler | Version | Standard library | Target architecture | Language standard flag | Other required flags | | -------- | ------- | ------------------- | --------------------- | ---------------------------- | ----------------------- | @@ -127,7 +128,7 @@ Use of the queries outside these scenarios is possible, but not validated for fu - Use of the queries against codebases written with more recent versions of C++ (as supported by CodeQL) are not validated in the following circumstances: - When new language features are used - - When language features are used which have a differing interpretation from C++14. + - When language features are used which have a differing interpretation from C++14 or C++17. - Use of the queries against codebases which use other compilers or other compiler versions supported by CodeQL is not tested or validated for functional safety. #### C @@ -467,7 +468,7 @@ Note - considation should be taken to ensure the use of custom attributes for de * Confirm that unknown attributes are ignored by the compiler. * For MISRA C, add a project deviation against "Rule 1.2: Language extensions should not be used", if attribute support is a language extension in your language version. -**Use of attributes in C++ Coding Standards**: The C++ Standard supports attributes in C++14, however the handling of unknown attributes is implementation defined. From C++17 onwards, unknown attributes are mandated to be ignored. Unknown attributes will usually raise an "unknown attribute" warning. You should: +**Use of attributes in C++ Coding Standards**: The C++ Standard supports attributes in C++14 and C++17, however the handling of unknown attributes is implementation defined. From C++17 onwards, unknown attributes are mandated to be ignored. Unknown attributes will usually raise an "unknown attribute" warning. You should: * If using C++14, confirm that your compiler ignores unknown attributes. * If using AUTOSAR and a compiler which produces warnings on unknown attributes, the compiler warning should be disabled (as per `A1-1-2: A warning level of the compilation process shall be set in compliance with project policies`), to ensure compliance with `A1-4-3: All code should compiler free of compiler warnings`.