Comments (5)
In the example, while the array is trivially copyable it is likely larger than 2 * sizeof(void*)
which is an implementation-defined value so this clearly seems to be a false positive. A larger question is if this required rule should be enforced at all.
from codeql-coding-standards.
For background, this AUTOSAR rule seems poorly conceived. The rule is strictly a performance rule. The rule states that "passing an argument by value documents that the argument won't be modified" but unlike passing by reference to cost eliminates indirection in the function body. From a safety perspective, there is no real advantage in passing by value over passing by reference to const. I'm not sure enforcing this rule adds much if any value, and of course, changing code to comply with a rule always costs efforts and may introduce additional defects.
from codeql-coding-standards.
The enforcement guidance on which this rule is based "F.16: For βinβ parameters, pass cheaply-copied types by value and others by reference to const" says:
- (Simple) ((Foundation)) Warn when a parameter being passed by value has a size greater than 2 * sizeof(void*). Suggest using a reference to const instead.
- (Simple) ((Foundation)) Warn when a parameter passed by reference to const has a size less than 2 * sizeof(void*). Suggest passing by value instead.
- (Simple) ((Foundation)) Warn when a parameter passed by reference to const is moved.
This is fairly different enforcement from what we currently have.
from codeql-coding-standards.
Agreed @rcseacord. Testing locally the computed size is 20 bytes and the word size is 8 bytes. So since it is longer than 2 words it is not eligible to be passed by value (under this rule) so it is clearly a false positive, trivially copyable or not.
Some more notes on what needs to be fixed:
- Needs to factor in definition of trivial to copy / identify the cases where that makes a difference.
- The calculation of size needs a call to
v.getType().stripType().getSize()
to ensure that the correct size is begin calculated.
Example:
Calling getType().getSize()
on const A8_4_7 &a847
will yield 8
, when what is expected is 20
.
- Reference types are explicitly excluded in the query -- There is an edge case that was introduced (the catch block clause) but the exclusion of all reference types is too broad since some will need to be flagged. For example:
struct A { std::uint32_t a; };
void f1(const A &a){} // this should be flagged
from codeql-coding-standards.
this might have been solved in this PR , will check
from codeql-coding-standards.
Related Issues (20)
- Seems to have problems with CodeQL Bundle v2.16.0 HOT 2
- Missing attestations: @jketema HOT 1
- Missing attestations: @lcartey
- Missing attestations: @jsinglet
- Missing attestations: @kraiouchkine
- Missing attestations: @rvermeulen HOT 1
- Missing attestations: @mbaluda
- Missing attestations: @knewbury01
- Missing attestations: @erik-krogh
- Missing attestations: @MathiasVP
- Missing attestations: @andersfugmann
- Use QL for QL to check for omissions HOT 1
- A5-0-2 Improve testcase
- A13-3-1: reconsider precision and feasibility of rule exception
- `A2-7-3`: template function prototypes with comments are not correctly detected
- `A7-1-2`: Alert on move constructor declaration that cannot be `constexpr` specified
- `A3-9-1`: Variables having template parameter type are recognized as having `variable-width type`.
- Add compliance for MISRA C++ 2023
- `A3-9-1`: Incorrectly alerts on template functions instantiated with fix-width integers
- `M5-0-12`: Incorrect alerts on assignments of valid numerical values
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from codeql-coding-standards.