From c2d0a12e1e0b458657835be36671291cbb651569 Mon Sep 17 00:00:00 2001 From: codeqlhelper <166422730+codeqlhelper@users.noreply.github.com> Date: Sun, 27 Jul 2025 23:40:00 +0800 Subject: [PATCH 1/8] Create test for InitialisationNotRun --- .../Critical/InitialisationNotRun/test.cpp | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 cpp/ql/test/query-tests/Critical/InitialisationNotRun/test.cpp diff --git a/cpp/ql/test/query-tests/Critical/InitialisationNotRun/test.cpp b/cpp/ql/test/query-tests/Critical/InitialisationNotRun/test.cpp new file mode 100644 index 000000000000..a9a3129e759c --- /dev/null +++ b/cpp/ql/test/query-tests/Critical/InitialisationNotRun/test.cpp @@ -0,0 +1,32 @@ +#include + +class GlobalStorage { +public: + char name[1000]; +}; + +GlobalStorage *g1; // BAD +static GlobalStorage g2; // GOOD +static GlobalStorage *g3; // BAD +// static variables are initialized by compilers +static int a; // GOOD +static int b = 0; // GOOD + +void init() { //initializes g_storage, but is never run from main + g1 = new GlobalStorage(); + g3 = new GlobalStorage(); +} + +void init2(int b) { + for (int i = 0; i < b; ++i) + a *= -1; +} + +int main(int argc, char *argv[]) { + //init not called + strcpy(g1->name, argv[1]); // g1 is used before init() is called + strcpy(g2.name, argv[1]); // g2 is initialised by compiler + strcpy(g3->name, argv[1]); + b++; + return 0; +} From 89dcad48f45f95ce2cd3ff92369cd8facd6966fd Mon Sep 17 00:00:00 2001 From: codeqlhelper <166422730+codeqlhelper@users.noreply.github.com> Date: Sun, 27 Jul 2025 23:42:50 +0800 Subject: [PATCH 2/8] Create InitialisationNotRun.qlref --- .../Critical/InitialisationNotRun/InitialisationNotRun.qlref | 1 + 1 file changed, 1 insertion(+) create mode 100644 cpp/ql/test/query-tests/Critical/InitialisationNotRun/InitialisationNotRun.qlref diff --git a/cpp/ql/test/query-tests/Critical/InitialisationNotRun/InitialisationNotRun.qlref b/cpp/ql/test/query-tests/Critical/InitialisationNotRun/InitialisationNotRun.qlref new file mode 100644 index 000000000000..7012169e8945 --- /dev/null +++ b/cpp/ql/test/query-tests/Critical/InitialisationNotRun/InitialisationNotRun.qlref @@ -0,0 +1 @@ +Critical/InitialisationNotRun.ql From cf21997c0f011dd81c697635ce84bc7646da92bb Mon Sep 17 00:00:00 2001 From: codeqlhelper <166422730+codeqlhelper@users.noreply.github.com> Date: Sun, 27 Jul 2025 23:46:53 +0800 Subject: [PATCH 3/8] Reduce false alarms raised by static variables Static variables are initialized to zero or null by compiler, no need to get an initializer of them. See https://stackoverflow.com/questions/13251083/the-initialization-of-static-variables-in-c See 6.7.8/10 in the C99 Standard. A relevant PR: https://github.com/github/codeql/pull/16527 --- cpp/ql/src/Critical/InitialisationNotRun.ql | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/cpp/ql/src/Critical/InitialisationNotRun.ql b/cpp/ql/src/Critical/InitialisationNotRun.ql index ba575c55921b..0b97b30fbd69 100644 --- a/cpp/ql/src/Critical/InitialisationNotRun.ql +++ b/cpp/ql/src/Critical/InitialisationNotRun.ql @@ -32,9 +32,18 @@ predicate called(Function f) { exists(FunctionAccess fa | fa.getTarget() = f) } +predicate staticWithoutDereference(GlobalVariable v) { + v.isStatic() and + not exists(VariableAccess va | + va = v.getAnAccess() and + dereferenced(va) + ) +} + from GlobalVariable v where global(v) and + not staticWithoutDereference(v) and not exists(VariableAccess lval | v.getAnAccess() = lval and lval.isUsedAsLValue() and From 75e545a67f1f5c899fa1c3d4c8d5d8974179e564 Mon Sep 17 00:00:00 2001 From: codeqlhelper <166422730+codeqlhelper@users.noreply.github.com> Date: Mon, 28 Jul 2025 00:00:41 +0800 Subject: [PATCH 4/8] Create 2025-07-27-avoid-reporting-static-global-variable.md --- .../2025-07-27-avoid-reporting-static-global-variable.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 cpp/ql/src/change-notes/2025-07-27-avoid-reporting-static-global-variable.md diff --git a/cpp/ql/src/change-notes/2025-07-27-avoid-reporting-static-global-variable.md b/cpp/ql/src/change-notes/2025-07-27-avoid-reporting-static-global-variable.md new file mode 100644 index 000000000000..44e80ba0ab06 --- /dev/null +++ b/cpp/ql/src/change-notes/2025-07-27-avoid-reporting-static-global-variable.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The "GlobalVariable not initialized" query (`cpp/not-initialised`) no longer reports an alert on static global variables that has no dereference. From 43bca8431093260d9dd5f397cd91c272edcd6c4d Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 30 Jul 2025 11:21:55 +0100 Subject: [PATCH 5/8] CPP: Convert test to use a stub rather than a library include. --- .../test/query-tests/Critical/InitialisationNotRun/test.cpp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/cpp/ql/test/query-tests/Critical/InitialisationNotRun/test.cpp b/cpp/ql/test/query-tests/Critical/InitialisationNotRun/test.cpp index a9a3129e759c..ee0d070df088 100644 --- a/cpp/ql/test/query-tests/Critical/InitialisationNotRun/test.cpp +++ b/cpp/ql/test/query-tests/Critical/InitialisationNotRun/test.cpp @@ -1,4 +1,8 @@ -#include +// --- stubs --- + +char *strcpy(char *dest, const char *src); + +// --- tests --- class GlobalStorage { public: From d6fddde6e0dd4504fc0890507b97a62471b02a04 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 30 Jul 2025 11:22:23 +0100 Subject: [PATCH 6/8] CPP: Add .expected (results before query changes here). --- .../InitialisationNotRun/InitialisationNotRun.expected | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 cpp/ql/test/query-tests/Critical/InitialisationNotRun/InitialisationNotRun.expected diff --git a/cpp/ql/test/query-tests/Critical/InitialisationNotRun/InitialisationNotRun.expected b/cpp/ql/test/query-tests/Critical/InitialisationNotRun/InitialisationNotRun.expected new file mode 100644 index 000000000000..f3fbfc87dee6 --- /dev/null +++ b/cpp/ql/test/query-tests/Critical/InitialisationNotRun/InitialisationNotRun.expected @@ -0,0 +1,3 @@ +| test.cpp:12:16:12:17 | g1 | Initialization code for 'g1' is never run. | +| test.cpp:14:23:14:24 | g3 | Initialization code for 'g3' is never run. | +| test.cpp:16:12:16:12 | a | Initialization code for 'a' is never run. | From c0638a5fcbe78055d80b1e3ee16fae0dfe2cd35a Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 30 Jul 2025 11:24:57 +0100 Subject: [PATCH 7/8] CPP: Update .expected for the changes here. --- .../Critical/InitialisationNotRun/InitialisationNotRun.expected | 1 - 1 file changed, 1 deletion(-) diff --git a/cpp/ql/test/query-tests/Critical/InitialisationNotRun/InitialisationNotRun.expected b/cpp/ql/test/query-tests/Critical/InitialisationNotRun/InitialisationNotRun.expected index f3fbfc87dee6..fdb53a2a4689 100644 --- a/cpp/ql/test/query-tests/Critical/InitialisationNotRun/InitialisationNotRun.expected +++ b/cpp/ql/test/query-tests/Critical/InitialisationNotRun/InitialisationNotRun.expected @@ -1,3 +1,2 @@ | test.cpp:12:16:12:17 | g1 | Initialization code for 'g1' is never run. | | test.cpp:14:23:14:24 | g3 | Initialization code for 'g3' is never run. | -| test.cpp:16:12:16:12 | a | Initialization code for 'a' is never run. | From 4323e6853fe2ab6fddab6a12835c057a73692b81 Mon Sep 17 00:00:00 2001 From: codeqlhelper <166422730+codeqlhelper@users.noreply.github.com> Date: Thu, 31 Jul 2025 21:17:29 +0800 Subject: [PATCH 8/8] Update cpp/ql/src/change-notes/2025-07-27-avoid-reporting-static-global-variable.md Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com> --- .../2025-07-27-avoid-reporting-static-global-variable.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/src/change-notes/2025-07-27-avoid-reporting-static-global-variable.md b/cpp/ql/src/change-notes/2025-07-27-avoid-reporting-static-global-variable.md index 44e80ba0ab06..56cfe184d307 100644 --- a/cpp/ql/src/change-notes/2025-07-27-avoid-reporting-static-global-variable.md +++ b/cpp/ql/src/change-notes/2025-07-27-avoid-reporting-static-global-variable.md @@ -1,4 +1,4 @@ --- category: minorAnalysis --- -* The "GlobalVariable not initialized" query (`cpp/not-initialised`) no longer reports an alert on static global variables that has no dereference. +* The "Initialization code not run" query (`cpp/initialization-not-run`) no longer reports an alert on static global variables that has no dereference.