Fix literal matching for user-defined literals#1135
Open
mbaluda wants to merge 18 commits into
Open
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the octal-integer literal recognition logic in the Cpp14Literal modeling library by tightening the regular expression used to identify OctalLiterals.
Changes:
- Changed the
OctalLiteralregex from allowing zero-or-more octal digits after the leading0to requiring one-or-more. - (Potentially) changes how the literal
0(and0U/0ULL, etc.) is classified across queries that depend onCpp14Literal.
Show a summary per file
| File | Description |
|---|---|
cpp/common/src/codingstandards/cpp/Cpp14Literal.qll |
Modifies the OctalLiteral regexp used to classify C++14 octal integer literals. |
Copilot's findings
- Files reviewed: 1/1 changed files
- Comments generated: 1
mbaluda
changed the title
Contributor
There was a problem hiding this comment.
Copilot's findings
Comments suppressed due to low confidence (1)
change_notes/2026-05-21-fix-fp-rule-5-13-4.md:4
- Spelling: "tamplate" should be "template".
- Remove FPs in user-defined literals and tamplate instantiations.
- Files reviewed: 2/2 changed files
- Comments generated: 4
Comment on lines
+10
to
+17
| abstract class NumericLiteral extends StandardLibrary::Literal { | ||
| NumericLiteral() { | ||
| // exclude user-defined literals as they define custom suffixes | ||
| not exists(StandardLibrary::FunctionCall fc | | ||
| this = fc.getArgument(0) and fc.getTarget().getName().matches("operator \"\"%") | ||
| ) and | ||
| // exclude literals derived from template instantiations | ||
| not this.isFromTemplateInstantiation(_) |
Collaborator
Author
There was a problem hiding this comment.
Unit tests would require a c++20 build
Collaborator
There was a problem hiding this comment.
Do you mean suffixes in general, or a specific case?
It looks like custom literal suffixes should be available since C++11
Collaborator
Author
There was a problem hiding this comment.
I added tests showing the new behavior.
However, I could not have the test fail with the old .qll. I think that's because the motivating FPs use concepts which are only available from C++20
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Comment on lines
+10
to
+17
| abstract class NumericLiteral extends StandardLibrary::Literal { | ||
| NumericLiteral() { | ||
| // exclude user-defined literals as they define custom suffixes | ||
| not exists(StandardLibrary::FunctionCall fc | | ||
| this = fc.getArgument(0) and fc.getTarget().getName().matches("operator \"\"%") | ||
| ) and | ||
| // exclude literals derived from template instantiations | ||
| not this.isFromTemplateInstantiation(_) |
Collaborator
There was a problem hiding this comment.
Do you mean suffixes in general, or a specific case?
It looks like custom literal suffixes should be available since C++11
Co-authored-by: Michael R Fairhurst <MichaelRFairhurst@github.com>
30 tasks
Comment on lines
+556
to
+562
| template <typename T> unsigned long long instantiated_literal_exclusion() { | ||
| return T{}; // COMPLIANT - template instantiation should be excluded | ||
| } | ||
|
|
||
| void test_instantiated_literal_exclusion() { | ||
| instantiated_literal_exclusion<int>(); | ||
| } |
…n for consistency
Removed mention of Agentic Autofix in Code Scanning from the user manual.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Motivated by FP, alerts, the PR excludes user-defined literals and template instantiations for the results
Change request type
.ql,.qll,.qlsor unit tests)Rules with added or modified queries
Release change checklist
A change note (development_handbook.md#change-notes) is required for any pull request which modifies:
If you are only adding new rule queries, a change note is not required.
Author: Is a change note required?
🚨🚨🚨
Reviewer: Confirm that format of shared queries (not the .qll file, the
.ql file that imports it) is valid by running them within VS Code.
Reviewer: Confirm that either a change note is not required or the change note is required and has been added.
Query development review checklist
For PRs that add new queries or modify existing queries, the following checklist should be completed by both the author and reviewer:
Author
As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.
Reviewer
As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.