microsoft
diff --git a/‎src/drivers/general/queries/StaticInitializer/StaticInitializer.qhelp‎
Lines changed: 71 additions & 0 deletions b/‎src/drivers/general/queries/StaticInitializer/StaticInitializer.qhelp‎
Lines changed: 71 additions & 0 deletions
diff --git a/‎src/drivers/general/queries/StaticInitializer/StaticInitializer.ql‎
Lines changed: 43 additions & 0 deletions b/‎src/drivers/general/queries/StaticInitializer/StaticInitializer.ql‎
Lines changed: 43 additions & 0 deletions
@@ -0,0 +1,71 @@
+<!DOCTYPE qhelp PUBLIC "-//Semmle//qhelp//EN" "qhelp.dtd">
+<qhelp>
+	<overview>
+		<p>
+		Static initializers of global or static const variables can often
+ 		be fully evaluated at compile time, thus generated in RDATA.
+ 		However if any initializer is a pointer-to-member-function where
+ 		it is a non-static function, the entire initialier may be placed
+ 		in copy-on-write pages, which has a performance cost.
+		</p>
+	</overview>
+	<recommendation>
+		<p>
+		For binaries which require fast loading and minimizing copy on
+		write pages, consider making sure all function pointer in the
+		static initializer are not pointer-to-member-function.  If a
+		pointer-to-member-function is required, write a simple static
+		member function that wraps a call to the actual member function.
+		</p>
+	</recommendation>
+	<example>
+		<p>
+			Code which triggers this query:
+		</p>
+		<sample language="c"> <![CDATA[
+                    class MyClass
+                    {
+                        ...
+                        bool memberFunc();
+                        ...
+                    };
+                    const StructType MyStruct[] = {
+                        ...
+                        &MyClass::memberFunc,
+                        ...
+                    };
+                ]]>
+		</sample>
+		<p>
+			Good code:
+		</p>
+		<sample language="c"> <![CDATA[
+                    class MyClass
+                    {
+                        ...
+                        bool memberFunc();
+                        static bool memberFuncWrap(MyClass *thisPtr)
+                            { return thisPtr->memberFunc(); }
+                        ...
+                    };
+                    const StructType MyStruct[] = {
+                        ...
+                        &MyClass::memberFuncWrap,
+                        ...
+                    };
+                ]]>
+		</sample>
+	</example>
+	<semmleNotes>
+		<p>
+			
+		</p>
+	</semmleNotes>
+	<references>
+		<li>
+			<a href="https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/28651-member-function-pointers-cause-write-pages-copy">
+				C28651
+			</a>
+		</li>
+	</references>
+</qhelp>
@@ -0,0 +1,43 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+/**
+ * @id cpp/drivers/static-initializer
+ * @kind problem
+ * @name Static Initializer
+ * @description Static initializers of global or static const variables can often
+ * be fully evaluated at compile time, thus generated in RDATA.
+ * However if any initializer is a pointer-to-member-function where
+ * it is a non-static function, the entire initialier may be placed
+ * in copy-on-write pages, which has a performance cost.
+ * @platform Desktop
+ * @feature.area Multiple
+ * @impact Insecure Coding Practice
+ * @repro.text For binaries which require fast loading and minimizing copy on
+ * write pages, consider making sure all function pointer in the
+ * static initializer are not pointer-to-member-function.  If a
+ * pointer-to-member-function is required, write a simple static
+ * member function that wraps a call to the actual member function.
+ * @owner.email: [email protected]
+ * @opaqueid CQLD-C28651
+ * @problem.severity warning
+ * @precision medium
+ * @tags performance
+ * @scope domainspecific
+ * @query-version v1
+ */
+
+import cpp
+
+// Initalizer that is a pointer to a member function that is a non-static function
+from Initializer i, FunctionAccess f
+where
+  f.getParent*() = i.getExpr() and
+  f.getTarget() instanceof MemberFunction and
+  not f.getTarget().getADeclarationEntry().getDeclaration().isStatic() and
+  (
+    i.getDeclaration() instanceof GlobalVariable
+    or
+    (i.getDeclaration().isStatic() and i.getDeclaration().(Variable).isConst())
+  )
+//global or static const
+select f, "Static initializer causes copy on write pages due to member function pointer(s): $@", f.getTarget(), f.getTarget().getName()