Merge pull request #16527 from codeqlhelper/main

MathiasVP · web-flow · commit c483a4bf0413 · 2024-05-20T10:13:23.000+01:00
C++: Static variables are initialized to zero or null by compiler
diff --git a/cpp/ql/src/Critical/NotInitialised.ql b/cpp/ql/src/Critical/NotInitialised.ql
@@ -54,6 +54,7 @@ predicate undefinedLocalUse(VariableAccess va) {
     // it is hard to tell when a struct or array has been initialized, so we
     // ignore them
     not isAggregateType(lv.getUnderlyingType()) and
+    not lv.isStatic() and // static variables are initialized to zero or null by default
     not lv.getType().hasName("va_list") and
     va = lv.getAnAccess() and
     noDefPath(lv, va) and
@@ -70,7 +71,8 @@ predicate uninitialisedGlobal(GlobalVariable gv) {
     va = gv.getAnAccess() and
     va.isRValue() and
     not gv.hasInitializer() and
-    not gv.hasSpecifier("extern")
+    not gv.hasSpecifier("extern") and
+    not gv.isStatic() // static variables are initialized to zero or null by default
   )
 }
 
diff --git a/cpp/ql/src/change-notes/2024-05-19-avoid-reporting-static-variable.md b/cpp/ql/src/change-notes/2024-05-19-avoid-reporting-static-variable.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The "Variable not initialized before use" query (`cpp/not-initialised`) no longer reports an alert on static variables.
diff --git a/cpp/ql/test/query-tests/Critical/NotInitialised/NotInitialised.expected b/cpp/ql/test/query-tests/Critical/NotInitialised/NotInitialised.expected
@@ -0,0 +1,2 @@
+| test.cpp:3:11:3:15 | local | Variable 'local' is not initialized. |
+| test.cpp:12:5:12:24 | uninitialised_global | Variable 'uninitialised_global' is not initialized. |
diff --git a/cpp/ql/test/query-tests/Critical/NotInitialised/NotInitialised.qlref b/cpp/ql/test/query-tests/Critical/NotInitialised/NotInitialised.qlref
@@ -0,0 +1 @@
+Critical/NotInitialised.ql
diff --git a/cpp/ql/test/query-tests/Critical/NotInitialised/test.cpp b/cpp/ql/test/query-tests/Critical/NotInitialised/test.cpp
@@ -0,0 +1,20 @@
+void test1() {
+  int local;
+  int x = local; // BAD
+
+  static int static_local;
+  int y = static_local; // GOOD
+
+  int initialised = 42;
+  int z = initialised; // GOOD
+}
+
+int uninitialised_global; // BAD
+static int uninitialised_static_global; // GOOD
+int initialized_global = 0; // GOOD
+
+void test2() {
+  int a = uninitialised_global;
+  int b = uninitialised_static_global;
+  int c = initialized_global;
+}

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +category: minorAnalysis
 +---
 +* The "Variable not initialized before use" query (`cpp/not-initialised`) no longer reports an alert on static variables.
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+\| test.cpp:3:11:3:15 \| local \| Variable 'local' is not initialized. \|`
	`2`	`+\| test.cpp:12:5:12:24 \| uninitialised_global \| Variable 'uninitialised_global' is not initialized. \|`