Merge branch 'main' into lcartey/a0-1-1-ignore-incomplete-or-compiler…

…-generated-vars

.github/workflows/prepare-release.yml

@@ -148,7 +148,7 @@ jobs:
           app-id: ${{ vars.AUTOMATION_APP_ID }}
           private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
           owner: ${{ github.repository_owner }}
-          repository: "codeql-coding-standards"
+          repositories: "codeql-coding-standards"
 
       - name: Create release PR
         env:

.github/workflows/tooling-unit-tests.yml

@@ -96,3 +96,22 @@ jobs:
       - name: Run PyTest
         run: |
           pytest scripts/guideline_recategorization/recategorize_test.py
+
+  release-tests:
+    name: Run release tests
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Install Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.9"
+
+      - name: Install Python dependencies
+        run: pip install -r scripts/release/requirements.txt
+
+      - name: Run PyTest
+        run: |
+          pytest scripts/release/update_release_assets_test.py

.github/workflows/update-release-status.yml

@@ -1,12 +1,5 @@
 name: "Update Release Status"
 on:
-  check_run:
-    types:
-      - completed
-      - rerequested
-    branches:
-      - "rc/**"
-
   workflow_dispatch:
     inputs:
       head-sha:
@@ -20,40 +13,36 @@ permissions:
   checks: write
   contents: write
 
+env:
+  HEAD_SHA: ${{ inputs.head-sha }}
+
 jobs:
   validate-check-runs:
     runs-on: ubuntu-22.04
     outputs:
       status: ${{ steps.set-output.outputs.status }}
-      check-run-head-sha: ${{ steps.set-output.outputs.check-run-head-sha }}
+      conclusion: ${{ steps.set-output.outputs.conclusion }}
     steps:
-      - name: Determine check run head SHA
-        env:
-          HEAD_SHA_FROM_EVENT: ${{ github.event.check_run.head_sha }}
-          HEAD_SHA_FROM_INPUTS: ${{ inputs.head-sha }}
-        run: |
-          if [[ $GITHUB_EVENT_NAME == "workflow_dispatch" ]]; then
-            echo "CHECK_RUN_HEAD_SHA=$HEAD_SHA_FROM_INPUTS" >> "$GITHUB_ENV"
-          else
-            echo "CHECK_RUN_HEAD_SHA=$HEAD_SHA_FROM_EVENT" >> "$GITHUB_ENV"
-          fi
-
       - name: Checkout
         uses: actions/checkout@v4
         with:
-          ref: ${{ env.CHECK_RUN_HEAD_SHA }}
+          ref: ${{ inputs.head-sha }}
 
       - name: Get release status check run
         id: get-check-run
-        if: (github.event_name == 'check_run' && github.event.check_run.conclusion == 'success' && github.event.check_run.name != github.workflow) || github.event_name == 'workflow_dispatch'
         env:
           GITHUB_TOKEN: ${{ github.token }}
         run: |
           check_run_info=$(gh api \
           --header "Accept: application/vnd.github+json" \
           --header "X-GitHub-Api-Version: 2022-11-28" \
           --jq '.check_runs[] | select(.name == "release-status") | {id: .id, status: .status, conclusion: .conclusion}' \
-          /repos/$GITHUB_REPOSITORY/commits/$CHECK_RUN_HEAD_SHA/check-runs)
+          /repos/$GITHUB_REPOSITORY/commits/$HEAD_SHA/check-runs)
+
+          if [[ -z "$check_run_info" ]]; then
+            echo "No release status check run found"
+            exit 1
+          fi
 
           check_run_id=$(echo "$check_run_info" | jq -r '.id')
           check_run_status=$(echo "$check_run_info" | jq -r '.status')
@@ -64,19 +53,22 @@ jobs:
           echo "CHECK_RUN_CONCLUSION=$check_run_conclusion" >> "$GITHUB_ENV"
 
       - name: Reset release status
-        if: env.CHECK_RUN_STATUS == 'completed' && ((github.event_name == 'check_run' && github.event.action == 'rerequested') || github.event_name == 'workflow_dispatch')
+        if: env.CHECK_RUN_STATUS == 'completed'
         env:
           GITHUB_TOKEN: ${{ github.token }}
         run: |
-          CHECK_RUN_ID=$(gh api \
+          check_run_id=$(gh api \
           --header "Accept: application/vnd.github+json" \
           --header "X-GitHub-Api-Version: 2022-11-28" \
           --field name="release-status" \
-          --field head_sha="$CHECK_RUN_HEAD_SHA" \
+          --field head_sha="$HEAD_SHA" \
           --jq ".id" \
           /repos/$GITHUB_REPOSITORY/check-runs)
 
-          echo "Created release status check run with id $CHECK_RUN_ID"
+          echo "Created release status check run with id $check_run_id"
+          # Reset the status to in progress.
+          echo "CHECK_RUN_STATUS=in_progress" >> "$GITHUB_ENV"
+          echo "CHECK_RUN_ID=$check_run_id" >> "$GITHUB_ENV"
 
       - name: Check all runs completed
         if: env.CHECK_RUN_STATUS != 'completed'
@@ -87,10 +79,12 @@ jobs:
           --header "Accept: application/vnd.github+json" \
           --header "X-GitHub-Api-Version: 2022-11-28" \
           --jq '.check_runs | map(select(.name != "release-status"))' \
-          /repos/$GITHUB_REPOSITORY/commits/$CHECK_RUN_HEAD_SHA/check-runs)
+          /repos/$GITHUB_REPOSITORY/commits/$HEAD_SHA/check-runs)
 
           status_stats=$(echo "$check_runs" | jq -r '. | {failed: (map(select(.conclusion == "failure")) | length), pending: (map(select(.status != "completed")) | length) }')
 
+          echo "status_stats=$status_stats"
+
           failed=$(echo "$status_stats" | jq -r '.failed')
           pending=$(echo "$status_stats" | jq -r '.pending')
 
@@ -101,7 +95,6 @@ jobs:
         if: env.CHECK_RUNS_PENDING == '0' && env.CHECK_RUN_STATUS != 'completed'
         env:
           GITHUB_TOKEN: ${{ github.token }}
-          CHECK_RUNS_FAILED: ${{ env.check-runs-failed }}
         run: |
           if [[ "$CHECK_RUNS_FAILED" == "0" ]]; then
             echo "All check runs succeeded"
@@ -123,22 +116,23 @@ jobs:
             --input - \
             /repos/$GITHUB_REPOSITORY/check-runs/$CHECK_RUN_ID
 
+          echo "RELEASE_STATUS_CONCLUSION=$conclusion" >> "$GITHUB_ENV"
+
       - name: Set output
         id: set-output
         run: |
+          echo "conclusion=$RELEASE_STATUS_CONCLUSION" >> "$GITHUB_OUTPUT"
           if [[ "$CHECK_RUNS_PENDING" == "0" ]]; then
             echo "status=completed" >> "$GITHUB_OUTPUT"
           else
             echo "status=in_progress" >> "$GITHUB_OUTPUT"
           fi
 
-          echo "check-run-head-sha=$CHECK_RUN_HEAD_SHA" >> "$GITHUB_OUTPUT"
-
   update-release:
     needs: validate-check-runs
-    if: needs.validate-check-runs.outputs.status == 'completed'
+    if: needs.validate-check-runs.outputs.status == 'completed' && needs.validate-check-runs.outputs.conclusion == 'success'
     uses: ./.github/workflows/update-release.yml
     with:
-      head-sha: ${{ needs.validate-check-runs.outputs.check-run-head-sha }}
+      head-sha: ${{ inputs.head-sha }}
     secrets:
       AUTOMATION_PRIVATE_KEY: ${{ secrets.AUTOMATION_PRIVATE_KEY }}

.github/workflows/update-release.yml

@@ -30,7 +30,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
         with:
-          ref: ${{ inputs.head-sha }}
+          fetch-depth: 0 # We need the full history to compute the changelog
 
       - name: Install Python
         uses: actions/setup-python@v4
@@ -47,20 +47,19 @@ jobs:
           app-id: ${{ vars.AUTOMATION_APP_ID }}
           private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
           owner: ${{ github.repository_owner }}
-          repository: "codeql-coding-standards-release-engineering"
+          repositories: "codeql-coding-standards-release-engineering"
 
       - name: Update release assets
         env:
           GITHUB_TOKEN: ${{ github.token }}
           RELEASE_ENGINEERING_TOKEN: ${{ steps.generate-token.outputs.token }}
         run: |
-          python scripts/release/update-release-assets.py \
+          python scripts/release/update_release_assets.py \
             --head-sha $HEAD_SHA \
             --layout scripts/release/release-layout.yml \
             --repo "$GITHUB_REPOSITORY" \
             --github-token "$GITHUB_REPOSITORY:$GITHUB_TOKEN" "github/codeql-coding-standards-release-engineering:$RELEASE_ENGINEERING_TOKEN" \
-            --skip-checkrun "release-status" \
-            --skip-checks
+            --skip-checkrun "release-status"
 
       - name: Update release notes
         env:

.github/workflows/validate-release.yml

@@ -45,7 +45,7 @@ jobs:
           app-id: ${{ vars.AUTOMATION_APP_ID }}
           private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
           owner: ${{ github.repository_owner }}
-          repository: "codeql-coding-standards-release-engineering"
+          repositories: "codeql-coding-standards-release-engineering"
       - name: Invoke performance test
         env:
           CHECK_RUN_ID: ${{ needs.pre-validate-performance.outputs.check-run-id }}
@@ -58,8 +58,7 @@ jobs:
           | \
           gh workflow run release-performance-testing.yml \
           --json \
-          -R github/codeql-coding-standards-release-engineering \
-          --ref rvermeulen/release-process
+          -R github/codeql-coding-standards-release-engineering
 
   on-failure-validate-performance-dispatch:
     needs: [pre-validate-performance, validate-performance]
@@ -114,7 +113,7 @@ jobs:
           app-id: ${{ vars.AUTOMATION_APP_ID }}
           private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
           owner: ${{ github.repository_owner }}
-          repository: "codeql-coding-standards-release-engineering"
+          repositories: "codeql-coding-standards-release-engineering"
       - name: Invoke compiler compatibility test
         env:
           CHECK_RUN_ID: ${{ needs.pre-validate-compiler-compatibility.outputs.check-run-id }}
@@ -127,8 +126,7 @@ jobs:
           | \
           gh workflow run release-compiler-validation.yml \
           --json \
-          -R github/codeql-coding-standards-release-engineering \
-          --ref rvermeulen/release-process
+          -R github/codeql-coding-standards-release-engineering
 
   on-failure-validate-compiler-compatibility-dispatch:
     needs:

c/misra/src/rules/RULE-10-1/OperandsOfAnInappropriateEssentialType.ql

@@ -14,6 +14,7 @@
 import cpp
 import codingstandards.c.misra
 import codingstandards.c.misra.EssentialTypes
+import codingstandards.cpp.Bitwise
 
 /**
  * Holds if the operator `operator` has an operand `child` that is of an inappropriate essential type
@@ -177,7 +178,7 @@ predicate isInappropriateEssentialType(
     child =
       [
         operator.(BinaryBitwiseOperation).getAnOperand(),
-        operator.(AssignBitwiseOperation).getAnOperand()
+        operator.(Bitwise::AssignBitwiseOperation).getAnOperand()
       ] and
     not operator instanceof LShiftExpr and
     not operator instanceof RShiftExpr and

c/misra/src/rules/RULE-8-2/FunctionTypesNotInPrototypeForm.ql

@@ -45,7 +45,7 @@ where
     msg = "Function " + f + " declares parameter that is unnamed."
     or
     hasZeroParamDecl(f) and
-    msg = "Function " + f + " does not specifiy void for no parameters present."
+    msg = "Function " + f + " does not specify void for no parameters present."
     or
     //parameters declared in declaration list (not in function signature)
     //have placeholder file location associated only

c/misra/test/rules/RULE-10-1/test.c

@@ -492,4 +492,6 @@ void pointerType() {
   b || b; // COMPLIANT
   p || b; // NON_COMPLIANT
   b || p; // NON_COMPLIANT
+  p += 1; // COMPLIANT
+  p -= 1; // COMPLIANT
 }

c/misra/test/rules/RULE-8-2/FunctionTypesNotInPrototypeForm.expected

@@ -1,4 +1,4 @@
 | test.c:3:6:3:7 | f1 | Function f1 declares parameter that is unnamed. |
-| test.c:4:6:4:7 | f2 | Function f2 does not specifiy void for no parameters present. |
-| test.c:5:6:5:7 | f3 | Function f3 does not specifiy void for no parameters present. |
+| test.c:4:6:4:7 | f2 | Function f2 does not specify void for no parameters present. |
+| test.c:5:6:5:7 | f3 | Function f3 does not specify void for no parameters present. |
 | test.c:7:5:7:6 | f5 | Function f5 declares parameter in unsupported declaration list. |

c/misra/test/rules/RULE-8-2/FunctionTypesNotInPrototypeForm.expected.clang

@@ -1,3 +1,3 @@
 | test.c:3:6:3:7 | f1 | Function f1 declares parameter that is unnamed. |
-| test.c:4:6:4:7 | f2 | Function f2 does not specifiy void for no parameters present. |
+| test.c:4:6:4:7 | f2 | Function f2 does not specify void for no parameters present. |
 | test.c:7:5:7:6 | f5 | Function f5 declares parameter in unsupported declaration list. |

change_notes/2023-10-04-m5-0-20-exclude-pointer-bitwise.md

@@ -0,0 +1 @@
+ * `M5-0-20`, `M5-0-21`, `RULE-10-1` - exclude pointer assignment operators as bitwise operators.

change_notes/2023-11-07-use-misra-underlying-type.md

@@ -0,0 +1,2 @@
+- `M5-0-20` - `BitwiseOperatorOperandsHaveDifferentUnderlyingType.ql`:
+  - Use the Misra definition of underlying type.

cpp/autosar/src/rules/M5-0-20/BitwiseOperatorOperandsHaveDifferentUnderlyingType.ql

@@ -16,19 +16,30 @@
 
 import cpp
 import codingstandards.cpp.autosar
+import codingstandards.cpp.Bitwise
+import codingstandards.cpp.Conversion
 
 predicate isBinaryBitwiseOperation(Operation o, VariableAccess l, VariableAccess r) {
   exists(BinaryBitwiseOperation bbo | bbo = o |
     l = bbo.getLeftOperand() and r = bbo.getRightOperand()
   )
   or
-  exists(AssignBitwiseOperation abo | abo = o | l = abo.getLValue() and r = abo.getRValue())
+  exists(Bitwise::AssignBitwiseOperation abo | abo = o |
+    l = abo.getLValue() and
+    r = abo.getRValue()
+  )
 }
 
-from Operation o, Variable left, Variable right
+from
+  Operation o, VariableAccess left, VariableAccess right, Type leftUnderlyingType,
+  Type rightUnderlyingType
 where
   not isExcluded(o, ExpressionsPackage::bitwiseOperatorOperandsHaveDifferentUnderlyingTypeQuery()) and
   not o.isFromUninstantiatedTemplate(_) and
-  isBinaryBitwiseOperation(o, left.getAnAccess(), right.getAnAccess()) and
-  left.getUnderlyingType() != right.getUnderlyingType()
-select o, "Operands of the '" + o.getOperator() + "' operation have different underlying types."
+  isBinaryBitwiseOperation(o, left, right) and
+  leftUnderlyingType = MisraConversion::getUnderlyingType(left) and
+  rightUnderlyingType = MisraConversion::getUnderlyingType(right) and
+  leftUnderlyingType != rightUnderlyingType
+select o,
+  "Operands of the '" + o.getOperator() + "' operation have different underlying types '" +
+    leftUnderlyingType.getName() + "' and '" + rightUnderlyingType.getName() + "'."

cpp/autosar/src/rules/M5-0-21/BitwiseOperatorAppliedToSignedTypes.ql

@@ -17,14 +17,15 @@
 
 import cpp
 import codingstandards.cpp.autosar
+import codingstandards.cpp.Bitwise
 
 from Operation o, VariableAccess va
 where
   not isExcluded(o, ExpressionsPackage::bitwiseOperatorAppliedToSignedTypesQuery()) and
   (
     o instanceof UnaryBitwiseOperation or
     o instanceof BinaryBitwiseOperation or
-    o instanceof AssignBitwiseOperation
+    o instanceof Bitwise::AssignBitwiseOperation
   ) and
   o.getAnOperand() = va and
   va.getTarget().getUnderlyingType().(IntegralType).isSigned()

cpp/autosar/src/rules/M5-8-1/RightBitShiftOperandIsNegativeOrTooWide.ql

@@ -17,6 +17,7 @@
 
 import cpp
 import codingstandards.cpp.autosar
+import codingstandards.cpp.Bitwise
 
 class ShiftOperation extends Operation {
   Expr leftOperand;
@@ -33,7 +34,7 @@ class ShiftOperation extends Operation {
       rightOperand = o.getRightOperand()
     )
     or
-    exists(AssignBitwiseOperation o | this = o |
+    exists(Bitwise::AssignBitwiseOperation o | this = o |
       (
         o instanceof AssignLShiftExpr
         or