Implement RULE-2-8, project should not contain unused object definitions #784
Conversation
…ons. Also add a new AlertReporting shared query library for deduplicating results across macro definitions/invocations/etc. Split __attribute__((unused)) variables (and similar) to a Strict pair of queries.
…lement-deadcode-2-unused-object-definitions
|
Apologies, I forgot I had unaddressed feedback here! Incorporated. |
| @@ -51,6 +51,8 @@ Each coding standard consists of a list of "guidelines", however not all the gui | |||
|
|
|||
| For some of the rules which are not amenable to static analysis, we may opt to provide a query which aids with "auditing" the rules. For example, AUTOSAR includes a rule (A10-0-1) "Public inheritance shall be used to implement 'is-a' relationship.". This is not directly amenable to static analysis, because it requires external context around the concept being modeled. However, we can provide an "audit" rule which reports all the public and private inheritance relationships in the program, so they can be manually verified. | |||
|
|
|||
| For other rules, there may be means of indicating that a contravention is intentional, and where requiring a _devation report_ may be extra burdensome on developers and require double-entry. These results should be reported under a "strict" query. For instance, `RULE-2-8` "A project should not contain unused object definitions," where adding `__attribute__((unused))` may be preferable in order to suppress compiler warnings (which _deviation reports_ do not do) and are highly indicative of an intentional contravention by a developer. | |||
There was a problem hiding this comment.
There's a versioning header that needs to be updated at the top of this document.
| @@ -74,6 +74,7 @@ For each rule we therefore identify whether it is supportable or not. Furthermor | |||
|
|
|||
| - **Automated** - the queries for the rule find contraventions directly. | |||
| - **Audit only** - the queries for the rule does not find contraventions directly, but instead report a list of _candidates_ that can be used as input into a manual audit. For example, `A10-0-1` (_Public inheritance shall be used to implement 'is-a' relationship_) is not directly amenable to static analysis, but CodeQL can be used to produce a list of all the locations that use public inheritance so they can be manually reviewed. | |||
| - **Strict only** - the queries for the rule find contraventions directly, but find results which are strongly indicated to be intentional, and where adding a _deviation report_ may be extra burden on developers. For example, in `RULE-2-8` (_A project should not contain unused object definitions_), declaring objects with `__attribute__((unused))` may be preferable to a _deviation report_, which will not suppress relevant compiler warnings, and therefore would otherwise require developer double-entry. | |||
There was a problem hiding this comment.
There's a versioning header that needs to be updated at the top of this document.
| } | ||
|
|
||
| string getMessageVariedResultInAllExpansions(Macro m) { | ||
| result = "Macro '" + m.getName() + "' defines unused object of varied names, for example, '$@'." |
There was a problem hiding this comment.
Suggestion on wording:
| result = "Macro '" + m.getName() + "' defines unused object of varied names, for example, '$@'." | |
| result = "Macro '" + m.getName() + "' defines unused object with an invocation dependent name, for example, '$@'." |
| * report.getOptionalPlaceholderMessage() | ||
| * ``` | ||
| * | ||
| * Note that this does *not* (currently) generate a result for elements not contained by a macro. |
There was a problem hiding this comment.
I'm wondering if it would create a cleaner interface to do both in this library? That would reduce the number of queries required in this case to two queries, instead of four. It would also mean we could replace/integrate MacroUnwrapper, which is only currently used by one query.
| * `ResultElement`, indicating that the real problem lies with that other `Macro` instead of with | ||
| * this particular invocation. | ||
| */ | ||
| class IsolatedMacroExpansionWithResultElement extends ResultMacroExpansion { |
There was a problem hiding this comment.
I wonder if we should exclude LibraryMacros from this case, for consistency - as results grouped by a library macro will be excluded (because the location is outside the source archive).
See A5-2-2 for an example where we already do this.
| * To do report such cases, either add support for that in this module, or write a separate query | ||
| * that reports `InvalidFoo` cases where not `.isInMacroExpansion()`. | ||
| */ | ||
| module DeduplicateMacroResults< |
There was a problem hiding this comment.
I believe we could use this module in A5-2-2, which already has some manual handling for duplicate macro results, but could benefit from the improvements in this module. I don't think we need to do it in this PR, but should open an issue to track this as a follow up item.
| class PotentiallyUnusedLocalVariable extends BasePotentiallyUnusedLocalVariable { | ||
| PotentiallyUnusedLocalVariable() { | ||
| // Ignore variables declared in macro expansions | ||
| not exists(DeclStmt ds | ds.getADeclaration() = this and ds.isInMacroExpansion()) |
There was a problem hiding this comment.
The existing queries simply ignore variables declared in macro expansions - we should add an issue to review backporting the macro handling capabilities from this PR.
Description
Implement RULE-2-8, project should not contain unused object definitions
Also add a new AlertReporting shared query library for deduplicating results across macro definitions/invocations/etc.
Split
__attribute__((unused))variables (and similar) to a Strict pair of queries.Change request type
.ql,.qll,.qlsor unit tests)Rules with added or modified queries
RULE-2-8Release change checklist
A change note (development_handbook.md#change-notes) is required for any pull request which modifies:
If you are only adding new rule queries, a change note is not required.
Author: Is a change note required?
🚨🚨🚨
Reviewer: Confirm that format of shared queries (not the .qll file, the
.ql file that imports it) is valid by running them within VS Code.
Reviewer: Confirm that either a change note is not required or the change note is required and has been added.
Query development review checklist
For PRs that add new queries or modify existing queries, the following checklist should be completed by both the author and reviewer:
Author
As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.
Reviewer
As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.