Merge pull request #20129 from codeqlhelper/main

geoffw0 · web-flow · commit 6925d4e564ef · 2025-08-04T13:23:45.000+01:00
C++: Static variables are initialized to zero or null by compiler
diff --git a/cpp/ql/src/Critical/InitialisationNotRun.ql b/cpp/ql/src/Critical/InitialisationNotRun.ql
@@ -32,9 +32,18 @@ predicate called(Function f) {
   exists(FunctionAccess fa | fa.getTarget() = f)
 }
 
+predicate staticWithoutDereference(GlobalVariable v) {
+  v.isStatic() and
+  not exists(VariableAccess va |
+    va = v.getAnAccess() and
+    dereferenced(va)
+  )
+}
+
 from GlobalVariable v
 where
   global(v) and
+  not staticWithoutDereference(v) and
   not exists(VariableAccess lval |
     v.getAnAccess() = lval and
     lval.isUsedAsLValue() and
diff --git a/cpp/ql/src/change-notes/2025-07-27-avoid-reporting-static-global-variable.md b/cpp/ql/src/change-notes/2025-07-27-avoid-reporting-static-global-variable.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The "Initialization code not run" query (`cpp/initialization-not-run`) no longer reports an alert on static global variables that has no dereference.
diff --git a/cpp/ql/test/query-tests/Critical/InitialisationNotRun/InitialisationNotRun.expected b/cpp/ql/test/query-tests/Critical/InitialisationNotRun/InitialisationNotRun.expected
@@ -0,0 +1,2 @@
+| test.cpp:12:16:12:17 | g1 | Initialization code for 'g1' is never run. |
+| test.cpp:14:23:14:24 | g3 | Initialization code for 'g3' is never run. |
diff --git a/cpp/ql/test/query-tests/Critical/InitialisationNotRun/InitialisationNotRun.qlref b/cpp/ql/test/query-tests/Critical/InitialisationNotRun/InitialisationNotRun.qlref
@@ -0,0 +1 @@
+Critical/InitialisationNotRun.ql
diff --git a/cpp/ql/test/query-tests/Critical/InitialisationNotRun/test.cpp b/cpp/ql/test/query-tests/Critical/InitialisationNotRun/test.cpp
@@ -0,0 +1,36 @@
+// --- stubs ---
+
+char *strcpy(char *dest, const char *src);
+
+// --- tests ---
+
+class GlobalStorage {
+public:
+    char name[1000];
+};
+
+GlobalStorage *g1; // BAD
+static GlobalStorage g2; // GOOD
+static GlobalStorage *g3; // BAD
+// static variables are initialized by compilers
+static int a;  // GOOD
+static int b = 0;  // GOOD
+
+void init() { //initializes g_storage, but is never run from main
+  g1 = new GlobalStorage();
+  g3 = new GlobalStorage();
+}
+
+void init2(int b) {
+  for (int i = 0; i < b; ++i)
+    a *= -1;
+}
+
+int main(int argc, char *argv[]) {
+	//init not called
+  strcpy(g1->name, argv[1]); // g1 is used before init() is called
+  strcpy(g2.name, argv[1]); // g2 is initialised by compiler
+  strcpy(g3->name, argv[1]);
+  b++;
+  return 0;
+}

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +category: minorAnalysis
 +---
 +* The "Initialization code not run" query (`cpp/initialization-not-run`) no longer reports an alert on static global variables that has no dereference.
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+\| test.cpp:12:16:12:17 \| g1 \| Initialization code for 'g1' is never run. \|`
	`2`	`+\| test.cpp:14:23:14:24 \| g3 \| Initialization code for 'g3' is never run. \|`