Skip to content

Upgrade github/codeql dependency to 2.18.4#810

Merged
knewbury01 merged 22 commits intomainfrom
codeql/upgrade-to-2.18.4
Dec 6, 2024
Merged

Upgrade github/codeql dependency to 2.18.4#810
knewbury01 merged 22 commits intomainfrom
codeql/upgrade-to-2.18.4

Conversation

@github-actions
Copy link

@github-actions github-actions bot commented Dec 4, 2024
edited by lcartey
Loading

This PR upgrades the CodeQL CLI version to 2.18.4.

CodeQL dependency upgrade checklist:

  • Confirm the code has been correctly reformatted according to the new CodeQL CLI.
  • Identify any CodeQL compiler warnings and errors, and update queries as required.
  • Validate that the github/codeql test cases succeed.
  • Address any CodeQL test failures in the github/codeql-coding-standards repository.
  • Validate performance vs pre-upgrade, using /test-performance

MathiasVP and others added 15 commits March 13, 2024 15:12
@MathiasVP
Remove the copy of DataFlow that was added in 6aee03e now that the 'a…
1f9bc6b 
…bsolute path' problem has been fixed.
@MathiasVP
Accept test changes.
4b43736
@jketema
Merge pull request #553 from MathiasVP/update-for-15853
0f4fa00 
Use `semmle.code.cpp.dataflow.DataFlow` instead of a coding standards specific copy
@jketema
Merge branch 'main' into next
989e004
@jketema
C++: Update expected test results after dataflow library changes and …
e5cdb71 
…merge from main
@redsun82
Accept new warning format in ql tests
8078f81
@jketema
Merge pull request #627 from redsun82/fix-warnings-in-ql-tests
8e691fa 
Fix expected warning format in tests
@MathiasVP
C++: Accept test changes after #16969.
b67dc05
@MathiasVP
C++: Format test file expectations.
e32a4e4
@jketema
Merge pull request #639 from MathiasVP/accept-test-changes-from-16969
ee08b4f 
C++: Accept test changes from #16969
@sashabu
A12-8-6: Update tests around unused template special members.
cfbdc21
@jketema
Merge pull request #641 from sashabu/sashabu/templates
c69c7b8 
A12-8-6: Update tests around unused template special members.
@jketema
Merge remote-tracking branch 'upstream/main' into next
b5a7210
@jketema
Update expected test results after merge from main
94d7114
@lcartey @github-actions
Upgrading github/codeql dependency to 2.18.4
466f16e
@github-actions github-actions bot force-pushed the codeql/upgrade-to-2.18.4 branch from aa98b0a to 466f16e Compare December 4, 2024 18:01
@lcartey
Merge commit '94d711461dd6c7df5578614a854c8a423dee866b' into codeql/u…
f12bef5 
…pgrade-to-2.18.4
@lcartey
ValidContainerElementAccess: Address new FPs
585b864 
We had some new false positives because in 2.18.4 string taint is
tracked into the qualifier of a string operation, such as insert.
This caused us to erroneously identify the container itself as a
reference to an element of the container. This has been addressed
by excluding uses of the owning container from pointer or reference
access.
@lcartey
Copy link
Contributor

lcartey commented Dec 4, 2024

/test-performance

@github-actions
Copy link
Author

github-actions bot commented Dec 4, 2024

🏁 Beep Boop! Performance testing for this PR has been initiated. Please check back later for results. Note that the query package generation step must complete before testing will start so it might be a minute.

💡 If you do not hear back from me please check my status! I will report even if I fail!

@codeql-coding-standards-automation
Copy link

codeql-coding-standards-automation bot commented Dec 5, 2024

🏁 Beep Boop! Performance testing complete! See below for performance of the last 3 runs vs your PR. Times are based on predicate performance. You can find full graphs and stats in the PR that was created for this test in the release engineering repo. 


Release                            : v2.37.1
Platform                           : x86-linux
Language                           : c
Total_Serialized_Execution_Time_Ms : 2697618
Mean_Predicate_Execution_Time_Ms   : 64.18010087552341
Median_Predicate_Execution_Time_Ms : 1.0
Standard_Deviation_Ms              : 507.9514826069048
Total_Serialized_Execution_Time_s  : 2697.618
Mean_Query_Execution_Time_s        : 0.0641801008755234
Median_Predicate_Execution_Time_s  : 0.001
Percentile95_Ms                    : 191.0
Number_of_Predicates               : 42032

Release                            : v2.37.1
Platform                           : x86-linux
Language                           : cpp
Total_Serialized_Execution_Time_Ms : 3761066
Mean_Predicate_Execution_Time_Ms   : 83.22599632670222
Median_Predicate_Execution_Time_Ms : 2.0
Standard_Deviation_Ms              : 637.9324725217127
Total_Serialized_Execution_Time_s  : 3761.066
Mean_Query_Execution_Time_s        : 0.0832259963267022
Median_Predicate_Execution_Time_s  : 0.002
Percentile95_Ms                    : 225.0
Number_of_Predicates               : 45191

Release                            : v2.37.1
Platform                           : x86-windows
Language                           : c
Total_Serialized_Execution_Time_Ms : 4010595
Mean_Predicate_Execution_Time_Ms   : 95.61556800572178
Median_Predicate_Execution_Time_Ms : 2.0
Standard_Deviation_Ms              : 624.6064097339452
Total_Serialized_Execution_Time_s  : 4010.595
Mean_Query_Execution_Time_s        : 0.0956155680057217
Median_Predicate_Execution_Time_s  : 0.002
Percentile95_Ms                    : 328.0
Number_of_Predicates               : 41945

Release                            : v2.37.1
Platform                           : x86-windows
Language                           : cpp
Total_Serialized_Execution_Time_Ms : 4097155
Mean_Predicate_Execution_Time_Ms   : 90.45490672259632
Median_Predicate_Execution_Time_Ms : 2.0
Standard_Deviation_Ms              : 516.734418325033
Total_Serialized_Execution_Time_s  : 4097.155
Mean_Query_Execution_Time_s        : 0.0904549067225963
Median_Predicate_Execution_Time_s  : 0.002
Percentile95_Ms                    : 297.0
Number_of_Predicates               : 45295

Release                            : v2.38.0
Platform                           : x86-linux
Language                           : c
Total_Serialized_Execution_Time_Ms : 2717562
Mean_Predicate_Execution_Time_Ms   : 62.20385460538363
Median_Predicate_Execution_Time_Ms : 1.0
Standard_Deviation_Ms              : 491.8009002112052
Total_Serialized_Execution_Time_s  : 2717.562
Mean_Query_Execution_Time_s        : 0.0622038546053836
Median_Predicate_Execution_Time_s  : 0.001
Percentile95_Ms                    : 194.0
Number_of_Predicates               : 43688

Release                            : v2.38.0
Platform                           : x86-linux
Language                           : cpp
Total_Serialized_Execution_Time_Ms : 3755814
Mean_Predicate_Execution_Time_Ms   : 83.3661990588653
Median_Predicate_Execution_Time_Ms : 2.0
Standard_Deviation_Ms              : 645.9226691524674
Total_Serialized_Execution_Time_s  : 3755.814
Mean_Query_Execution_Time_s        : 0.0833661990588653
Median_Predicate_Execution_Time_s  : 0.002
Percentile95_Ms                    : 227.0
Number_of_Predicates               : 45052

Release                            : v2.38.0
Platform                           : x86-windows
Language                           : c
Total_Serialized_Execution_Time_Ms : 4122614
Mean_Predicate_Execution_Time_Ms   : 94.1988803838684
Median_Predicate_Execution_Time_Ms : 2.0
Standard_Deviation_Ms              : 604.043528890484
Total_Serialized_Execution_Time_s  : 4122.614
Mean_Query_Execution_Time_s        : 0.0941988803838683
Median_Predicate_Execution_Time_s  : 0.002
Percentile95_Ms                    : 335.0
Number_of_Predicates               : 43765

Release                            : v2.38.0
Platform                           : x86-windows
Language                           : cpp
Total_Serialized_Execution_Time_Ms : 4251384
Mean_Predicate_Execution_Time_Ms   : 94.16132890365448
Median_Predicate_Execution_Time_Ms : 2.0
Standard_Deviation_Ms              : 507.2917609380585
Total_Serialized_Execution_Time_s  : 4251.384
Mean_Query_Execution_Time_s        : 0.0941613289036544
Median_Predicate_Execution_Time_s  : 0.002
Percentile95_Ms                    : 319.0
Number_of_Predicates               : 45150

Release                            : 810
Platform                           : x86-linux
Language                           : cpp
Total_Serialized_Execution_Time_Ms : 3570047
Mean_Predicate_Execution_Time_Ms   : 74.80454688318491
Median_Predicate_Execution_Time_Ms : 0.0
Standard_Deviation_Ms              : 835.2220325265291
Total_Serialized_Execution_Time_s  : 3570.047
Mean_Query_Execution_Time_s        : 0.0748045468831849
Median_Predicate_Execution_Time_s  : 0.0
Percentile95_Ms                    : 166.0
Number_of_Predicates               : 47725

Release                            : 810
Platform                           : x86-linux
Language                           : c
Total_Serialized_Execution_Time_Ms : 2339680
Mean_Predicate_Execution_Time_Ms   : 49.67157081289939
Median_Predicate_Execution_Time_Ms : 0.0
Standard_Deviation_Ms              : 619.943192967638
Total_Serialized_Execution_Time_s  : 2339.68
Mean_Query_Execution_Time_s        : 0.0496715708128993
Median_Predicate_Execution_Time_s  : 0.0
Percentile95_Ms                    : 125.0
Number_of_Predicates               : 47103

🏁 Below are the slowest predicates for the last 2 releases vs this PR. 


Release           : v2.38.0
Run               : 2024-11-22_15-25-54
Platform          : x86-windows
Language          : cpp
Suite             : autosar-default
Predicate         : HardwareOrProtocolInterface::HardwareOrProtocolInterfaceClass#class#7f026171
Execution_Time_Ms : 16128

Release           : v2.38.0
Run               : 2024-11-22_15-25-54
Platform          : x86-linux
Language          : c
Suite             : misra-default
Predicate         : OutOfBounds::OOB::libraryFunctionNameParamTable/5#79217c12
Execution_Time_Ms : 20584

Release           : v2.38.0
Run               : 2024-11-22_15-25-54
Platform          : x86-linux
Language          : c
Suite             : cert-default
Predicate         : OutOfBounds::OOB::libraryFunctionNameParamTable/5#79217c12
Execution_Time_Ms : 20722

Release           : v2.38.0
Run               : 2024-11-22_15-25-54
Platform          : x86-linux
Language          : c
Suite             : misra-default
Predicate         : QualifiedName::getUserTypeNameWithoutArgs/1#8cfc98e9
Execution_Time_Ms : 22907

Release           : v2.38.0
Run               : 2024-11-22_15-25-54
Platform          : x86-windows
Language          : cpp
Suite             : autosar-default
Predicate         : ___@element#b_Deviations::DeviationRecord.getACodeIdentifierComment/0#dispred#10d8760b_10#join_rhs_D__#shared
Execution_Time_Ms : 19415

Release           : v2.38.0
Run               : 2024-11-22_15-25-54
Platform          : x86-windows
Language          : cpp
Suite             : autosar-default
Predicate         : CharacterOutsideTheLanguageStandardBasicSourceCharacterSetUsedInTheSourceCode::getUniversalCharacterName/1#36dbaa42
Execution_Time_Ms : 16773

Release           : v2.38.0
Run               : 2024-11-22_15-25-54
Platform          : x86-windows
Language          : cpp
Suite             : autosar-default
Predicate         : _Declaration::Declaration.getADeclarationEntry/0#dispred#c5d61b67_Declaration::DeclarationEntry.isDe__#antijoin_rhs
Execution_Time_Ms : 17105

Release           : v2.38.0
Run               : 2024-11-22_15-25-54
Platform          : x86-linux
Language          : c
Suite             : misra-default
Predicate         : _Macro::Macro.getName/0#dispred#e28b3699_Preprocessor::PreprocessorBranchDirective#bcd2bde4#b_Prepro__#antijoin_rhs
Execution_Time_Ms : 41385

Release           : v2.38.0
Run               : 2024-11-22_15-25-54
Platform          : x86-linux
Language          : c
Suite             : misra-default
Predicate         : OutOfBounds::OOB::libraryFunctionNameParamTableSimpleString/5#6de8614f#cpe#1236
Execution_Time_Ms : 35238

Release           : v2.38.0
Run               : 2024-11-22_15-25-54
Platform          : x86-linux
Language          : cpp
Suite             : autosar-default
Predicate         : _Expr::Expr.getValueText/0#dispred#a49585d4#bf_Literal::StringLiteral#847e415f_Literals::Utf8StringL__#shared
Execution_Time_Ms : 22803

Release           : v2.38.0
Run               : 2024-11-22_15-25-54
Platform          : x86-linux
Language          : cpp
Suite             : autosar-default
Predicate         : CharacterOutsideTheLanguageStandardBasicSourceCharacterSetUsedInTheSourceCode::getUniversalCharacterName/1#36dbaa42
Execution_Time_Ms : 35303

Release           : v2.38.0
Run               : 2024-11-22_15-25-54
Platform          : x86-linux
Language          : cpp
Suite             : autosar-default
Predicate         : HardwareOrProtocolInterface::HardwareOrProtocolInterfaceClass#class#7f026171
Execution_Time_Ms : 26634

Release           : v2.38.0
Run               : 2024-11-22_15-25-54
Platform          : x86-linux
Language          : cpp
Suite             : autosar-default
Predicate         : CheckedException::CheckedException#b0aa5ec8
Execution_Time_Ms : 30572

Release           : v2.38.0
Run               : 2024-11-22_15-25-54
Platform          : x86-linux
Language          : cpp
Suite             : autosar-default
Predicate         : QualifiedName::getUserTypeNameWithoutArgs/1#8cfc98e9
Execution_Time_Ms : 27836

Release           : v2.38.0
Run               : 2024-11-22_15-25-54
Platform          : x86-windows
Language          : c
Suite             : misra-default
Predicate         : OutOfBounds::OOB::libraryFunctionNameParamTable/5#79217c12
Execution_Time_Ms : 30214

Release           : v2.38.0
Run               : 2024-11-22_15-25-54
Platform          : x86-windows
Language          : c
Suite             : misra-default
Predicate         : QualifiedName::getUserTypeNameWithoutArgs/1#8cfc98e9
Execution_Time_Ms : 25490

Release           : v2.38.0
Run               : 2024-11-22_15-25-54
Platform          : x86-windows
Language          : c
Suite             : misra-default
Predicate         : OutOfBounds::OOB::libraryFunctionNameParamTableSimpleString/5#6de8614f#cpe#1236
Execution_Time_Ms : 30249

Release           : v2.38.0
Run               : 2024-11-22_15-25-54
Platform          : x86-windows
Language          : cpp
Suite             : autosar-default
Predicate         : QualifiedName::getUserTypeNameWithoutArgs/1#8cfc98e9
Execution_Time_Ms : 16057

Release           : v2.38.0
Run               : 2024-11-22_15-25-54
Platform          : x86-windows
Language          : c
Suite             : misra-default
Predicate         : _Macro::Macro.getName/0#dispred#e28b3699_Preprocessor::PreprocessorBranchDirective#bcd2bde4#b_Prepro__#antijoin_rhs
Execution_Time_Ms : 60888

Release           : v2.38.0
Run               : 2024-11-22_15-25-54
Platform          : x86-windows
Language          : c
Suite             : misra-default
Predicate         : _Expr::Expr.getValueText/0#dispred#a49585d4#bf#antijoin_rhs
Execution_Time_Ms : 19399

Release           : 810
Run               : 2024-12-04_23-29-52
Platform          : x86-linux
Language          : cpp
Suite             : autosar-default
Predicate         : _ExternalFlow::elementSpecMatchesSignature/6#c67d3446_Function::Function.getClassAndName/1#27b7404e___#shared
Execution_Time_Ms : 47718

Release           : 810
Run               : 2024-12-04_23-29-52
Platform          : x86-linux
Language          : cpp
Suite             : autosar-default
Predicate         : OrderingPredicateMustBeStrictlyWeak::UserDefinedStrictlyWeakOrderingComparator#6c60f803
Execution_Time_Ms : 40225

Release           : 810
Run               : 2024-12-04_23-29-52
Platform          : x86-linux
Language          : cpp
Suite             : autosar-default
Predicate         : _Function::Function.getParameter/1#dispred#200dcf26_Parameter::Parameter.getType/0#dispred#aa6b5b63___#recursive_body
Execution_Time_Ms : 38351

Release           : 810
Run               : 2024-12-04_23-29-52
Platform          : x86-linux
Language          : c
Suite             : misra-default
Predicate         : _Call::FunctionCall#2b14a517_Call::FunctionCall.getTarget/0#dispred#935da4c5_Function::Function.getP__#antijoin_rhs
Execution_Time_Ms : 27302

Release           : 810
Run               : 2024-12-04_23-29-52
Platform          : x86-linux
Language          : c
Suite             : misra-default
Predicate         : _ExternalFlow::elementSpecMatchesSignature/6#c67d3446_Function::Function.getClassAndName/1#27b7404e___#shared
Execution_Time_Ms : 47949

Release           : 810
Run               : 2024-12-04_23-29-52
Platform          : x86-linux
Language          : c
Suite             : misra-default
Predicate         : OutOfBounds::OOB::libraryFunctionNameParamTableSimpleString/5#6de8614f#cpe#1236
Execution_Time_Ms : 37813

Release           : 810
Run               : 2024-12-04_23-29-52
Platform          : x86-linux
Language          : cpp
Suite             : autosar-default
Predicate         : FunctionEquivalence::typeSig/1#194ac728
Execution_Time_Ms : 43511

Release           : 810
Run               : 2024-12-04_23-29-52
Platform          : x86-linux
Language          : cpp
Suite             : autosar-default
Predicate         : __Class::Class.accessOfBaseMemberMulti/2#6d0f61c0#ffbf_specifiers#max_range__Class::Class.accessOfBa__#join_rhs
Execution_Time_Ms : 38307

Release           : 810
Run               : 2024-12-04_23-29-52
Platform          : x86-linux
Language          : c
Suite             : misra-default
Predicate         : OutOfBounds::OOB::libraryFunctionNameParamTable/5#79217c12
Execution_Time_Ms : 33067

Release           : 810
Run               : 2024-12-04_23-29-52
Platform          : x86-linux
Language          : c
Suite             : misra-default
Predicate         : _Macro::Macro.getName/0#dispred#e28b3699_Preprocessor::PreprocessorBranchDirective#bcd2bde4_Preproce__#antijoin_rhs
Execution_Time_Ms : 68432

@lcartey
Update expected results files after upgrade
365c090 
 - Rule 1.5 has an extra data flow node that is harmless.
 - The other rules had changes to the .ql which affected the
   location of the deprecated data flow library warnings.
@lcartey
Add FALSE_NEGATIVE markers for #811
7595aa4 
#811
@lcartey
Add change note for upgrade
d7be5cc
@lcartey
Copy link
Contributor

lcartey commented Dec 5, 2024

@MichaelRFairhurst This upgrade accepts some changes to the UngetcCallOnStreamPositionZero.ql expected results - where we seem to be getting an additional data flow node. This looks harmless to me, but wanted to highlight for your benefit.

knewbury01
knewbury01 reviewed Dec 5, 2024
View reviewed changes
Copy link
Collaborator

@knewbury01 knewbury01 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I mean I think this is fine, other than wanting to understand why we are changing our approach of handling the dataflow lib deprecation warnings

@knewbury01 knewbury01 enabled auto-merge December 5, 2024 22:56
knewbury01
knewbury01 approved these changes Dec 5, 2024
View reviewed changes
Copy link
Collaborator

@knewbury01 knewbury01 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good to me!

@knewbury01 knewbury01 added this pull request to the merge queue Dec 6, 2024
Merged via the queue into main with commit 16bfd28 Dec 6, 2024
30 checks passed
@knewbury01 knewbury01 deleted the codeql/upgrade-to-2.18.4 branch December 6, 2024 02:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@knewbury01 knewbury01 knewbury01 approved these changes

@nicolaswill nicolaswill Awaiting requested review from nicolaswill

+1 more reviewer

@lcartey lcartey lcartey left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@lcartey @knewbury01 @MathiasVP @jketema @redsun82 @sashabu