C++: New Query cpp/comma-before-misleading-indentation#10550
Conversation
|
@d10c Could you test this query against |
|
This leads to a 50% reduction of alerts in MRVA 1000.
Arguably warning, not just recommendation; it may be a logic error. TODO: What CWE/CVEs should I tag this with?
Some tricky FPs are preserved in there.
MathiasVP
left a comment
There was a problem hiding this comment.
This looks super nice! I really appreciate the amount of testing that has gone into this PR. We should be sure to start a DCA run for this before we merge it (and we might as well do that now while we're waiting for a Docs review).
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
This has a comparable but different set of FPs as the previous version. But arguably it's an improvement.
|
QHelp previews: cpp/ql/src/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation.qhelpComma before misleading indentationIf the expression after the comma operator starts at an earlier column than the expression before the comma, then this suspicious indentation possibly indicates a logic error, caused by a typo that may escape visual inspection.
RecommendationTo ensure that your code is easy to read and review, use standard indentation around the comma operator. Always begin the right-hand-side operand at the same level of indentation (column number) as the left-hand-side operand. This makes it easier for other developers to see the intended behavior of your code. Use whitespace consistently to communicate your coding intentions. Where possible, avoid mixing tabs and spaces within a file. If you need to mix them, use them consistently. ExampleThis example shows three different ways of writing the same code. The first example contains a comma instead of a semicolon which means that the final line is part of the /*
* In this example, the developer intended to use a semicolon but accidentally used a comma:
*/
enum privileges entitlements = NONE;
if (is_admin)
entitlements = FULL, // BAD
restrict_privileges(entitlements);
/*
* The use of a comma means that the first example is equivalent to this second example:
*/
enum privileges entitlements = NONE;
if (is_admin) {
entitlements = FULL;
restrict_privileges(entitlements);
}
/*
* The indentation of the first example suggests that the developer probably intended the following code:
*/
enum privileges entitlements = NONE;
if (is_admin)
entitlements = FULL; // GOOD
restrict_privileges(entitlements);
References
|
MathiasVP
left a comment
There was a problem hiding this comment.
The code LGTM! Let's merge this once the Docs review is in 🎉.
felicitymay
left a comment
There was a problem hiding this comment.
@d10c - many thanks for including query help with your new query 💖
I've added a few questions and lots of suggestions for bringing the style into line with other queries. It's possible that I may have misunderstood the meaning of some parts, so please do check and get back to me if we need to discuss anything.
| not isParenthesized(ce) and | ||
| leftLoc.getEndLine() < rightLoc.getStartLine() and | ||
| leftLoc.getStartColumn() > rightLoc.getStartColumn() | ||
| select right, "The indentation level may be misleading (for some tab sizes)." |
There was a problem hiding this comment.
Was there any discussion over putting "for some tab sizes)" in parentheses? I'm not sure that they are needed.
There was a problem hiding this comment.
They are not necessary. But tab size is not relevant for all instances of this error, so I thought it might be odd to see tab size mentioned in an alert for code that does not use tabs for indentation.
There was a problem hiding this comment.
Removed the parentheses in a later commit.
Co-authored-by: Felicity Chapman <felicitymay@github.com> Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Debatable; see comment thread in PR.
|
Thanks for the Doc review @felicitymay! I've made changes based on your suggestions. This PR is now ready for a final review/approval. |
felicitymay
left a comment
There was a problem hiding this comment.
@d10c - many thanks for the updates, and for finding some references ✨
This looks ready to merge from our side.
cpp/comma-before-missing-indentationcpp/comma-before-misleading-indentation