Declarations2 MISRA2023 CPP

[knewbury01]

Description

Add rule RULE-6-2-2 and translate to a shared rule with DCL40-C, improve testing based on cpp nuances

Change request type

• Release or process automation (GitHub workflows, internal scripts)
• Internal documentation
• External documentation
• Query files (.ql, .qll, .qls or unit tests)
• External scripts (analysis report or other code shipped as part of a release)

Rules with added or modified queries

• No rules added
• Queries have been added for the following rules:
  • RULE-6-2-2
  • RULE-6-7-1
• Queries have been modified for the following rules:
  • DCL40-C

Release change checklist

A change note (development_handbook.md#change-notes) is required for any pull request which modifies:

• The structure or layout of the release artifacts.
• The evaluation performance (memory, execution time) of an existing query.
• The results of an existing query in any circumstance.

If you are only adding new rule queries, a change note is not required.

Author: Is a change note required?

• Yes
• No

🚨🚨🚨
Reviewer: Confirm that format of shared queries (not the .qll file, the
.ql file that imports it) is valid by running them within VS Code.

• Confirmed

Reviewer: Confirm that either a change note is not required or the change note is required and has been added.

• Confirmed

Query development review checklist

For PRs that add new queries or modify existing queries, the following checklist should be completed by both the author and reviewer:

Author

• Have all the relevant rule package description files been checked in?
• Have you verified that the metadata properties of each new query is set appropriately?
• Do all the unit tests contain both "COMPLIANT" and "NON_COMPLIANT" cases?
• Are the alert messages properly formatted and consistent with the style guide?
• Have you run the queries on OpenPilot and verified that the performance and results are acceptable?
  As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.
• Does the query have an appropriate level of in-query comments/documentation?
• Have you considered/identified possible edge cases?
• Does the query not reinvent features in the standard library?
• Can the query be simplified further (not golfed!)

Reviewer

• Have all the relevant rule package description files been checked in?
• Have you verified that the metadata properties of each new query is set appropriately?
• Do all the unit tests contain both "COMPLIANT" and "NON_COMPLIANT" cases?
• Are the alert messages properly formatted and consistent with the style guide?
• Have you run the queries on OpenPilot and verified that the performance and results are acceptable?
  As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.
• Does the query have an appropriate level of in-query comments/documentation?
• Have you considered/identified possible edge cases?
• Does the query not reinvent features in the standard library?
• Can the query be simplified further (not golfed!)

[Copilot]

Pull request overview

Adds MISRA C++:2023 coverage for additional declaration rules by introducing RULE-6-2-2 and RULE-6-7-1 queries, and refactors CERT DCL40-C to reuse new shared implementations with updated/expanded tests.

Changes:

• Added MISRA C++:2023 queries for RULE-6-2-2 (incompatible declarations) and RULE-6-7-1 (local static storage duration).
• Introduced shared C++ rule implementations for incompatible object/function declarations and wired them into MISRA/CERT queries and exclusion metadata.
• Updated/added tests and test references to validate the new shared implementations across C, C++, MISRA, and CERT.

Reviewed changes

Copilot reviewed 41 out of 43 changed files in this pull request and generated 10 comments.

Show a summary per file

File	Description
rules.csv	Adjusts rule-to-package mapping for MISRA C++:2023 rules touched by this PR.
rule_packages/cpp/Declarations2.json	Adds rule-package metadata for new MISRA C++:2023 queries (RULE-6-2-2, RULE-6-7-1).
rule_packages/c/Declarations2.json	Adds shared-implementation metadata fields to align C rule packaging with shared implementations.
cpp/misra/test/rules/RULE-6-7-1/test.cpp	New unit test for local static-storage-duration rule behavior.
cpp/misra/test/rules/RULE-6-7-1/LocalVariableStaticStorageDuration.qlref	Test harness reference for the RULE-6-7-1 query.
cpp/misra/test/rules/RULE-6-7-1/LocalVariableStaticStorageDuration.expected	Expected results for RULE-6-7-1 test.
cpp/misra/test/rules/RULE-6-2-2/IncompatibleObjectDeclarationsCpp.testref	Points RULE-6-2-2 object-declaration test to shared/common tests.
cpp/misra/test/rules/RULE-6-2-2/IncompatibleObjectDeclarations.testref	Additional test reference for shared object-declaration tests.
cpp/misra/test/rules/RULE-6-2-2/IncompatibleFunctionDeclarationsCpp.testref	Points RULE-6-2-2 function-declaration test to shared/common tests.
cpp/misra/test/rules/RULE-6-2-2/IncompatibleFunctionDeclarations.testref	Additional test reference for shared function-declaration tests.
cpp/misra/src/rules/RULE-6-7-1/LocalVariableStaticStorageDuration.ql	New MISRA C++:2023 RULE-6-7-1 query implementation.
cpp/misra/src/rules/RULE-6-2-2/IncompatibleObjectDeclarationsCpp.ql	New MISRA C++:2023 RULE-6-2-2 object-declaration query using shared module.
cpp/misra/src/rules/RULE-6-2-2/IncompatibleFunctionDeclarationsCpp.ql	New MISRA C++:2023 RULE-6-2-2 function-declaration query using shared module.
cpp/common/test/rules/incompatibleobjectdeclaration/test1.cpp	New shared C++ test input for incompatible object declarations.
cpp/common/test/rules/incompatibleobjectdeclaration/test.cpp	New shared C++ test input for incompatible object declarations.
cpp/common/test/rules/incompatibleobjectdeclaration/IncompatibleObjectDeclaration.ql	Generated test query wiring for shared object-declaration logic.
cpp/common/test/rules/incompatibleobjectdeclaration/IncompatibleObjectDeclaration.expected	Expected results for shared C++ object-declaration tests.
cpp/common/test/rules/incompatiblefunctiondeclaration/test1.cpp	New shared C++ test input for incompatible function declarations.
cpp/common/test/rules/incompatiblefunctiondeclaration/test.cpp	New shared C++ test input for incompatible function declarations.
cpp/common/test/rules/incompatiblefunctiondeclaration/IncompatibleFunctionDeclaration.ql	Generated test query wiring for shared function-declaration logic.
cpp/common/test/rules/incompatiblefunctiondeclaration/IncompatibleFunctionDeclaration.expected	Expected results for shared C++ function-declaration tests.
cpp/common/src/codingstandards/cpp/rules/incompatibleobjectdeclaration/IncompatibleObjectDeclaration.qll	Adds shared configurable implementation for incompatible object declarations.
cpp/common/src/codingstandards/cpp/rules/incompatiblefunctiondeclaration/IncompatibleFunctionDeclaration.qll	Adds shared configurable implementation for incompatible function declarations.
cpp/common/src/codingstandards/cpp/exclusions/cpp/RuleMetadata.qll	Registers the new Declarations2 package in C++ exclusion metadata.
cpp/common/src/codingstandards/cpp/exclusions/cpp/Declarations2.qll	New autogenerated exclusion/metadata wrapper for the Declarations2 C++ package queries.
change_notes/2026-03-27-update-compatible-objects-DCL40-C.md	Adds a change note for DCL40-C behavior/results adjustments.
c/common/test/rules/incompatibleobjectdeclaration/test1.c	New shared C test input for incompatible object declarations.
c/common/test/rules/incompatibleobjectdeclaration/test.c	New shared C test input for incompatible object declarations.
c/common/test/rules/incompatibleobjectdeclaration/IncompatibleObjectDeclaration.ql	Generated test query wiring for shared object-declaration logic (C tests).
c/common/test/rules/incompatibleobjectdeclaration/IncompatibleObjectDeclaration.expected	Expected results for shared C object-declaration tests.
c/common/test/rules/incompatiblefunctiondeclaration/test1.c	New shared C test input for incompatible function declarations.
c/common/test/rules/incompatiblefunctiondeclaration/test.c	New shared C test input for incompatible function declarations.
c/common/test/rules/incompatiblefunctiondeclaration/IncompatibleFunctionDeclaration.ql	Generated test query wiring for shared function-declaration logic (C tests).
c/common/test/rules/incompatiblefunctiondeclaration/IncompatibleFunctionDeclaration.expected	Expected results for shared C function-declaration tests.
c/cert/test/rules/DCL40-C/IncompatibleObjectDeclarations.testref	Retargets CERT DCL40-C object-declaration tests to shared common tests.
c/cert/test/rules/DCL40-C/IncompatibleFunctionDeclarations.testref	Retargets CERT DCL40-C function-declaration tests to shared common tests.
c/cert/src/rules/DCL40-C/IncompatibleObjectDeclarations.ql	Refactors CERT DCL40-C object-declaration query to use shared implementation.
c/cert/src/rules/DCL40-C/IncompatibleFunctionDeclarations.ql	Refactors CERT DCL40-C function-declaration query to use shared implementation.
c/cert/src/rules/DCL40-C/ExternalIdentifiers.qll	Removes the now-redundant CERT-specific ExternalIdentifiers helper.

Comments suppressed due to low confidence (1)

c/cert/src/rules/DCL40-C/IncompatibleObjectDeclarations.ql:7

• The CodeQL query metadata tag is malformed (@ kind). This will likely prevent the query kind from being parsed correctly. Please change it to the standard @kind problem (no space after @).

 *              types, then accessing those objects can lead to undefined behaviour.
 * @kind problem
 * @precision high

[Copilot]

relevantTypes/2 is a top-level predicate in a library file but is not marked private and has no QLDoc. If it is intended as an internal helper for this module, mark it private (preferred). Otherwise, add QLDoc documenting its parameters and purpose.

[Copilot]

The helper predicates interestedInFunctions/4 and interestedInFunctions/2 are declared at top level in a library file without being marked private and without QLDoc. If these are only implementation details of this library, mark them private (preferred) or add QLDoc if they are meant to be part of the public API.

[Copilot]

This file mixes function-declaration cases into the incompatible object declarations test. The object-declaration query will not report these function cases, so marking them NON_COMPLIANT is misleading and will not match the .expected output. Consider moving these function cases to the incompatiblefunctiondeclaration tests or changing the annotations here.

Suggested change

	extern int f(int a); // NON_COMPLIANT
	extern void f1(int a); // NON_COMPLIANT
	void f2(int a, ...) {} // NON_COMPLIANT
	extern int f(int a); // COMPLIANT
	extern void f1(int a); // COMPLIANT
	void f2(int a, ...) {} // COMPLIANT

[Copilot]

The two query descriptions use different spellings ("behavior" vs "behaviour"). Please standardize on a single spelling across these entries (and keep it consistent with the corresponding query QLDoc) to avoid inconsistent user-facing text.

[Copilot]

The object-declaration tests in this directory do not appear to include a COMPLIANT object redeclaration/definition pair (the only COMPLIANT case shown is for f3, which is a function and not covered by this query). Add at least one COMPLIANT object case to ensure the query is exercised for non-violations as well.

[Copilot]

This change note only mentions IncompatibleObjectDeclarations.ql, but the PR also changes DCL40-C's IncompatibleFunctionDeclarations.ql (new shared implementation and updated alert message/format), which can affect results. Consider updating the change note to cover the function-declaration query changes as well.

Suggested change

	- `DCL40-C` - `IncompatibleObjectDeclarations.ql`:
	- Enhanced the query's ability to compare objects with array type, which will reduce false positives.
	- `DCL40-C` - `IncompatibleObjectDeclarations.ql` and `IncompatibleFunctionDeclarations.ql`:
	- Enhanced the object-declaration query's ability to compare objects with array type, which will
	reduce false positives.
	- Updated the function-declaration query to use a shared implementation and improved alert
	messages/format, which may change results.

[MichaelRFairhurst]

I think we can elaborate here -- the rule states that objects should be of compatible types, but the old version only allowed exact types. This will eliminate false positives for some array types and types using equivalent typedefs.

[MichaelRFairhurst]

Nice! Way to find some high bang-for-the-buck improvements along the way here.

[MichaelRFairhurst]

I think we can elaborate here -- the rule states that objects should be of compatible types, but the old version only allowed exact types. This will eliminate false positives for some array types and types using equivalent typedefs.

[MichaelRFairhurst]

Filtering this by ExternalIdentifiers will likely make a big performance difference for large and/or pathological dbs.

The relevantTypes predicate restricts the set of types that will be compared by the TypeEquivalence module, potentially recursively. This will currently compare the types of all variables that share the same name, even if they're local variables etc. This will be a much larger set than global variables.

A quick experiment showed this saved ~2.7b tuple operations in the linux db. It may make an even bigger difference in C++ databases (e.g. opencv/opencv) because variables in templates will share names across instantiations and also often have different types.

[MichaelRFairhurst]

We should add tests for class types. The logic in the TypeEquivalence module may only work for structs.

Likely want to add templates too. Especially since:

template<typename T> class C<T> {};

// this:
extern C<int[]> x;
// is incompatible with:
extern C<int[4]> x;