Skip to content

Add "Baseline" query suites for C/C++.#966

Open
MichaelRFairhurst wants to merge 12 commits intomainfrom
michaelrfairhurst/add-baseline-query-suites
Open

Add "Baseline" query suites for C/C++.#966
MichaelRFairhurst wants to merge 12 commits intomainfrom
michaelrfairhurst/add-baseline-query-suites

Conversation

@MichaelRFairhurst
Copy link
Collaborator

@MichaelRFairhurst MichaelRFairhurst commented Oct 29, 2025

Description

These are queries from MISRA, AUTOSAR, and CERT, that have been hand picked based on a few properties:

  • review of violation count for each rule on real projects
  • review of accuracy of each rule
  • subjective review of broad applicability across most projects
  • subjective review of severity of each rule

The baseline rules have been divided into two categories, "style," and "safety." The choice of which is subjective, but as a general rule:

  • Rules that tend to report only erroneous cases are typically "safety."
  • Rules that tend to report patterns that obscure erroneous behavior are typically "style."
  • If alerts can be mitigated by simple changes, it's more likely "style."
  • If it is challenging for a human to spot the rule violation, it's more likely "safety."
  • If the rule is designed to enforce some kind of "good habits," not just fix an isolated it's more likely "style."
  • If the rule feels "opinionated" in some sense, it's more likely "style."
  • If it is difficult to decide whether a finding should be fixed or deviated, it is more likely "safety."
  • Unsurprisingly, if the rule is purely syntactic or related to naming, it's more likely "style."

Some rules are in both suites -- for instance, rules that ban the use of 'goto' are conceivably both "style" and "safety." While goto is not erroneous in itself, and gotos are easy to spot during human review, it is typically not a simple task to refactor code to remove gotos, and it is difficult to decide when a goto serves a legitimate purpose and the rule should be deviated.

In general, the 'style' suites have more violations which are easier to fix, and the 'safety' suites have fewer violation that are harder to fix but warrant more attention to address. Project authors can therefore enable both with the 'default' suite, or pick between the two kinds suitable for their project and goals.

Change request type

  • Release or process automation (GitHub workflows, internal scripts)
  • Internal documentation
  • External documentation
  • Query files (.ql, .qll, .qls or unit tests)
  • External scripts (analysis report or other code shipped as part of a release)

Rules with added or modified queries

  • No rules added
  • Queries have been added for the following rules:
    • rule number here
  • Queries have been modified for the following rules:
    • rule number here

Release change checklist

A change note (development_handbook.md#change-notes) is required for any pull request which modifies:

  • The structure or layout of the release artifacts.
  • The evaluation performance (memory, execution time) of an existing query.
  • The results of an existing query in any circumstance.

If you are only adding new rule queries, a change note is not required.

Author: Is a change note required?

  • Yes
  • No

🚨🚨🚨
Reviewer: Confirm that format of shared queries (not the .qll file, the
.ql file that imports it) is valid by running them within VS Code.

  • Confirmed

Reviewer: Confirm that either a change note is not required or the change note is required and has been added.

  • Confirmed

Query development review checklist

For PRs that add new queries or modify existing queries, the following checklist should be completed by both the author and reviewer:

Author

  • Have all the relevant rule package description files been checked in?
  • Have you verified that the metadata properties of each new query is set appropriately?
  • Do all the unit tests contain both "COMPLIANT" and "NON_COMPLIANT" cases?
  • Are the alert messages properly formatted and consistent with the style guide?
  • Have you run the queries on OpenPilot and verified that the performance and results are acceptable?
    As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.
  • Does the query have an appropriate level of in-query comments/documentation?
  • Have you considered/identified possible edge cases?
  • Does the query not reinvent features in the standard library?
  • Can the query be simplified further (not golfed!)

Reviewer

  • Have all the relevant rule package description files been checked in?
  • Have you verified that the metadata properties of each new query is set appropriately?
  • Do all the unit tests contain both "COMPLIANT" and "NON_COMPLIANT" cases?
  • Are the alert messages properly formatted and consistent with the style guide?
  • Have you run the queries on OpenPilot and verified that the performance and results are acceptable?
    As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.
  • Does the query have an appropriate level of in-query comments/documentation?
  • Have you considered/identified possible edge cases?
  • Does the query not reinvent features in the standard library?
  • Can the query be simplified further (not golfed!)

@MichaelRFairhurst
Add "Baseline" query suites for C/C++.
a23743d 
These are queries from MISRA, AUTOSAR, and CERT, that have been hand picked
based on a few properties:
- review of violation count for each rule on real projects
- review of accuracy of each rule
- subjective review of broad applicability across most projects
- subjective review of severity of each rule

The baseline rules have been divided into two categories, "style," and "safety."
The choice of which is subjective, but as a general rule:
- Rules that tend to report only erroneous cases are typically "safety."
- Rules that tend to report patterns that obscure erroneous behavior are
  typically "style."
- If alerts can be mitigated by simple changes, it's more likely "style."
- If it is challenging for a human to spot the rule violation, it's more likely
  "safety."
- If the rule is designed to enforce some kind of "good habits," not just fix an
  isolated it's more likely "style."
- If the rule feels "opinionated" in some sense, it's more likely "style."
- If it is difficult to decide whether a finding should be fixed or deviated,
  it is more likely "safety."
- Unsurprisingly, if the rule is purely syntactic or related to naming, it's
  more likely "style."

Some rules are in both suites -- for instance, rules that ban the use of 'goto'
are conceivably both "style" and "safety." While goto is not erroneous in
itself, and gotos are easy to spot during human review, it is typically not a
simple task to refactor code to remove gotos, and it is difficult to decide when
a goto serves a legitimate purpose and the rule should be deviated.

In general, the 'style' suites have more violations which are easier to fix, and
the 'safety' suites have fewer violation that are harder to fix but warrant more
attention to address. Project authors can therefore enable both with the
'default' suite, or pick between the two kinds suitable for their project and
goals.
Copilot AI review requested due to automatic review settings October 29, 2025 14:04
Copilot AI reviewed Oct 29, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR introduces baseline query suites for C/C++ by categorizing selected queries from MISRA, AUTOSAR, and CERT standards into "style" and "safety" categories. The baseline queries are hand-picked based on violation frequency, accuracy, broad applicability, and severity analysis on real projects.

  • Adds coding-standards/baseline/style and coding-standards/baseline/safety tags to 100+ existing query files
  • Creates new baseline query suite packages for both C and C++
  • Provides three suite options: default (both style and safety), style-only, and safety-only

Reviewed Changes

Copilot reviewed 300 out of 417 changed files in this pull request and generated no comments.

Show a summary per file
File Description
cpp/autosar/src/rules/**/*.ql Added baseline tags (style/safety) to AUTOSAR C++ rules based on categorization criteria
c/misra/src/rules/**/*.ql Added baseline tags (style/safety) to MISRA C rules
c/cert/src/rules/**/*.ql Added baseline tags (style/safety) to CERT C rules
c/baseline_suites/* Created new C baseline query suite package with suite definitions
cpp/baseline_suites/* Created new C++ baseline query suite package (referenced but not shown in diff)
.codeqlmanifest.json Registered new baseline suite packages

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@MichaelRFairhurst
Copy link
Collaborator Author

MichaelRFairhurst commented Dec 8, 2025

@jeongsoolee09 @data-douser @knewbury01 this is now passing CI/CD and ready for review.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@jeongsoolee09 jeongsoolee09 Awaiting requested review from jeongsoolee09

@data-douser data-douser Awaiting requested review from data-douser

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@MichaelRFairhurst