LGTM 1.18: finalize change notes for C/C++#169
Merged
Conversation
jbj
reviewed
Sep 8, 2018
| * `ClassAggregateLiteral.getFieldExpr()` previously assumed initializer expressions appeared in the same order as the declaration order of the fields, causing it to associate the expressions with the wrong fields when using designated initializers. This has been fixed. | ||
| * `ArrayAggregateLiteral.getElementExpr()` previously assumed initializer expressions appeared in the same order as the corresponding array elements, causing it to associate the expressions with the wrong array elements when using designated initializers. This has been fixed. | ||
| * `Element.getEnclosingElement()` no longer includes macro accesses in its results. To explore parents and children of macro accesses, use the relevant member predicates on `MacroAccess` or `MacroInvocation`. | ||
| * The `ClassAggregateLiteral.getFieldExpr()` and `ArrayAggregateLiteral.getElementExpr()` predicates incorrectly assumed that initializer expressions appeared in the same order as the declaration order of the fields. This resulted in the association of the expressions with the wrong fields when designated initializers were used. This has been fixed. |
Contributor
There was a problem hiding this comment.
There are no fields in an array, so I think the merged language is confusing. Maybe replace with "elements of the aggregate" or just "elements".
| | Too many arguments to formatting function (`cpp/too-many-format-arguments`) | More precise results | This new query was created by splitting the old "Wrong number of arguments to formatting function" query (see row above). It reports function calls with too many arguments. | | ||
| | User-controlled data in arithmetic expression (`cpp/tainted-arithmetic`) | More results | The query is extended to analyze increment, decrement, addition assignment and subtraction assignment operations. | | ||
| | Variable used in its own initializer (`cpp/use-in-own-initializer`) | Fewer false positive results | Results where a macro is used to indicate deliberate uninitialization are now excluded | | ||
| |Uncontrolled data in arithmetic expression (`cpp/uncontrolled-arithmetic`) | More results | The query is extended to analyze increment, decrement, addition assignment and subtraction assignment operations. | |
Contributor
There was a problem hiding this comment.
Missing comma before "and". Also, I think "addition assignment" and "subtraction assignment" would read better if hyphenated. Without hyphens, I find this sentence hard to parse.
Same issue above, with cpp/tainted-arithmetic.
| | Local variable hides global variable (`cpp/local-variable-hides-global-variable`) | Fewer false positive results | Results for parameters are now only reported if the name of the global variable is the same as the name of the parameter as used in the function definition (not just a function declaration). | | ||
| | Nested loops with same variable (`cpp/nested-loops-with-same-variable`) | Fewer false positive results | Results where the loop variable is a member of a class or struct now account for the object. | | ||
| | Self comparison (`cpp/comparison-of-identical-expressions`) | Fewer false positive results | Range checks of the form `x == (T)x` are no longer flagged unless they are guaranteed to have the same result on all platforms. | | ||
| | Too few arguments to formatting function (`cpp/wrong-number-format-arguments`) | More precise results | This was previously known as "Wrong number of arguments to formatting function". It now focuses only functions calls that are missing arguments, which tend to be more severe. See the next row for the new query that reports lower-severity alerts for calls with too many arguments. In addition, both queries now understand positional format arguments as supported by some libraries, and some false positive results for custom printf-like functions have been fixed.| |
Contributor
There was a problem hiding this comment.
"focuses only functions" -> "focuses only on functions"
| | Too few arguments to formatting function (`cpp/wrong-number-format-arguments`) | More precise results | This was previously known as "Wrong number of arguments to formatting function". It now focuses only functions calls that are missing arguments, which tend to be more severe. See the next row for the new query that reports lower-severity alerts for calls with too many arguments. In addition, both queries now understand positional format arguments as supported by some libraries, and some false positive results for custom printf-like functions have been fixed.| | ||
| | Too many arguments to formatting function (`cpp/too-many-format-arguments`) | More precise results | This new query was created by splitting the old "Wrong number of arguments to formatting function" query (see row above). It reports function calls with too many arguments. | | ||
| | User-controlled data in arithmetic expression (`cpp/tainted-arithmetic`) | More results | The query is extended to analyze increment, decrement, addition assignment and subtraction assignment operations. | | ||
| | Variable used in its own initializer (`cpp/use-in-own-initializer`) | Fewer false positive results | Results where a macro is used to indicate deliberate uninitialization are now excluded | |
Contributor
Author
|
Thanks for the review Jonas. Text updated accordingly 😄 |
smowton
added a commit
to smowton/codeql
that referenced
this pull request
Jan 17, 2022
…ke-overrides Don't extract fake override methods
MathiasVP
pushed a commit
to MathiasVP/ql
that referenced
this pull request
Aug 10, 2025
Metadata Bug in C++ Query
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
As far as I know, all changes to the C/C++ queries that have customer-facing implications for the 1.18 release are merged. I've tidied up the analysis change notes so that they're ready for publication.
You probably want to review this on a commit basis, since I sorted the query table. For some reason the changes are much easier to see in the rich diff:
studio-cpp.mdfile instead (c.f. C/C++ analysis 1.17)@jbj - do you have time to review this? Please can you ping anyone else who needs to review it.