🎉 Update README to declare our support for MISRA C++ 2023 🎉

README.md

@@ -6,12 +6,13 @@ This repository contains CodeQL queries and libraries which support various Codi
 
 _Carnegie Mellon and CERT are registered trademarks of Carnegie Mellon University._
 
-This repository contains CodeQL queries and libraries which support various Coding Standards for the [C++14](https://www.iso.org/standard/64029.html), [C99](https://www.iso.org/standard/29237.html) and [C11](https://www.iso.org/standard/57853.html) programming languages.
+This repository contains CodeQL queries and libraries which support various Coding Standards for the [C++14](https://www.iso.org/standard/64029.html), [C++17](https://www.iso.org/standard/68564.html), [C99](https://www.iso.org/standard/29237.html) and [C11](https://www.iso.org/standard/57853.html) programming languages.
 
 The following coding standards are supported:
 - [AUTOSAR - Guidelines for the use of C++14 language in critical and safety-related systems (Releases R22-11, R20-11, R19-11 and R19-03)](https://www.autosar.org/fileadmin/standards/R22-11/AP/AUTOSAR_RS_CPP14Guidelines.pdf). 
 - [SEI CERT C++ Coding Standard: Rules for Developing Safe, Reliable, and Secure Systems (2016 Edition)](https://resources.sei.cmu.edu/library/asset-view.cfm?assetID=494932)
 - [SEI CERT C Coding Standard: Rules for Developing Safe, Reliable, and Secure Systems (2016 Edition)](https://resources.sei.cmu.edu/downloads/secure-coding/assets/sei-cert-c-coding-standard-2016-v01.pdf)
+- [MISRA C++ 2023: Guidelines for the use of C++ in critical systems](https://misra.org.uk/product/misra-cpp2023/).
 - [MISRA C 2012, 3rd Edition, 1st revision](https://www.misra.org.uk/product/misra-c2012-third-edition-first-revision/) (incoporating Amendment 1 & Technical Corrigendum 1). In addition, we support the following additional amendments and technical corrigendums:
    - [MISRA C 2012 Amendment 2](https://misra.org.uk/app/uploads/2021/06/MISRA-C-2012-AMD2.pdf)
    - [MISRA C 2012 Technical Corrigendum 2](https://misra.org.uk/app/uploads/2022/04/MISRA-C-2012-TC2.pdf)
@@ -21,9 +22,13 @@ The following coding standards are supported:
 
 ## :construction: Standards under development :construction:
 
-The following standards are under active development for [C++17](https://www.iso.org/standard/68564.html):
+There are currently no new coding standards under active development.
 
-- [MISRA C++ 2023](https://misra.org.uk/product/misra-cpp2023/) - under development - _scheduled for release 2026 Q1/Q2_
+This product intends to begin development of the following standards in the near future:
+
+- [MISRA C 2025](https://misra.org.uk/product/misra-cpp2025/)
+
+If you are interested in this standard or when it will be available, consider contacting us via email or by filing an issue.
 
 ## How do I use the CodeQL Coding Standards Queries?
 

docs/user_manual.md

@@ -34,6 +34,7 @@
 | 0.25.0  | 2025-01-15 | Mike Fairhurst  | Add guidance for the usage of 'strict' queries.                                                                         |
 | 0.26.0  | 2025-02-12 | Luke Cartey     | Describe support for new deviation code identifier formats                                                              |
 | 0.27.0  | 2025-05-15 | Luke Cartey     | Documented completed support for MISRA C 2023.                                                                          |
+| 0.27.0  | 2025-05-15 | Mike Fairhurst  | Documented completed support for MISRA C++ 2023.                                                                        |
 
 ## Release information
 
@@ -70,7 +71,7 @@ The _CodeQL Coding Standards_ product is a set of CodeQL queries for identifying
 |             | [2012 Amendment 3](https://misra.org.uk/app/uploads/2021/06/MISRA-C-2012-AMD3.pdf)                                                                                                                       | 24    | 24                | 24                | Implemented       |
 |             | [2012 Amendment 4](https://misra.org.uk/app/uploads/2021/06/MISRA-C-2012-AMD4.pdf)                                                                                                                       | 22    | 22                | 21[^4]            | Implemented       |
 |             | [2023 Third Edition, Second Revision](https://misra.org.uk/product/misra-c2023/)                                                                                                                         | 221   | 210               | 207[^5]           | Implemented       |
-| MISRA C++   | [2023](https://misra.org.uk/product/misra-cpp2023/)                                                                                                                                                      | 179   | 176[^6]           | -                 | Under development |
+| MISRA C++   | [2023](https://misra.org.uk/product/misra-cpp2023/)                                                                                                                                                      | 179   | 175[^6]           | -                 | Implemented       |
 
 Not all rules in these standards are amenable to static analysis by CodeQL - some rules require external or domain specific knowledge to validate, or refer to properties which are not present in our representation of the codebase under analysis. In addition, some rules are natively enforced by the supported compilers. As CodeQL requires that the program under analysis compiles, we are unable to implement queries for these rules, and doing so would be redundant.
 
@@ -89,7 +90,7 @@ The datasheet _"CodeQL Coding Standards: supported rules"_, provided with each r
 [^3]: The unimplemented supportable MISRA C 2012 rules are `Rule 9.5`, `Rule 17.13`. `Rule 9.5` and `Rule 17.13` require additional support in the CodeQL CLI to ensure the required information is available in the CodeQL database to identify violations of these rules. Note: `Dir 4.14` is covered by the default CodeQL queries, which identify potential security vulnerabilities caused by not validating external input.
 [^4]: The unimplemented supportable MISRA C 2012 Amendment 4 rule is `Rule 9.6`. `Rule 9.6` requires additional support in the CodeQL CLI to ensure the required information is available in the CodeQL database to identify violations of this rule.
 [^5]: The unimplemented supportable MISRA C 2023 rules are `Rule 9.5`, `Rule 9.6`, `Rule 17.13`. `Rule 9.5`, `Rule 9.6` and `Rule 17.13` require additional support in the CodeQL CLI to ensure the required information is available in the CodeQL database to identify violations of these rules. Note: `Dir 4.14` is covered by the default CodeQL queries, which identify potential security vulnerabilities caused by not validating external input.
-[^6]: The rules `5.13.7`, `19.0.1` and `19.1.2` are not planned to be implemented by CodeQL as they are compiler checked in all supported compilers.
+[^6]: The rules `5.13.7`, `19.0.1` and `19.1.2` are not planned to be implemented by CodeQL as they are compiler checked in all supported compilers. Our implementation does not support `Dir 0.3.2`, and for customers who wish to validate function preconditions we recommend they consider using [this open source CodeQL project](https://github.com/advanced-security/codeql-contracts-smt-z3) that can find and validate preconditions with SMT constraint solving.
 
 ## Supported environment
 
@@ -116,11 +117,11 @@ In addition, the machine which performs the analysis must be able to complete a
 
 For C++ the codebase under analysis must comply with C++14 and use one of the following supported compiler configurations:
 
-| Compiler | Version | Standard library    | Target architecture   | Required flags                   |
-| -------- | ------- | ------------------- | --------------------- | -------------------------------- |
-| clang    | 10.0.0  | libstdc++ (default) | x86_64-linux-gnu      | -std=c++14                       |
-| gcc      | 8.4.0   | libstdc++ (default) | x86_64-linux-gnu      | -std=c++14                       |
-| qcc      | 8.3.0   | libc++ (default)    | gcc_ntoaarch64le_cxx  | -std=c++14 -D_QNX_SOURCE -nopipe |
+| Compiler | Version | Standard library    | Target architecture   | Language standard flag       | Other required flags    |
+| -------- | ------- | ------------------- | --------------------- | ---------------------------- | ----------------------- |
+| clang    | 10.0.0  | libstdc++ (default) | x86_64-linux-gnu      | `-std=c++14` or `-std=c++17` | None                    |
+| gcc      | 8.4.0   | libstdc++ (default) | x86_64-linux-gnu      | `-std=c++14` or `-std=c++17` | None                    |
+| qcc      | 8.3.0   | libc++ (default)    | gcc_ntoaarch64le_cxx  | `-std=c++14` or `-std=c++17` | `-D_QNX_SOURCE -nopipe` |
 
 Use of the queries outside these scenarios is possible, but not validated for functional safety. In particular:
 
@@ -133,11 +134,11 @@ Use of the queries outside these scenarios is possible, but not validated for fu
 
 For C the codebase under analysis must comply with C99 or C11 and use one of the following supported compiler configurations:
 
-| Compiler | Version | Standard library    | Target architecture   | Required Flags             |
-| -------- | ------- | ------------------- | --------------------- | -------------------------- |
-| clang    | 10.0.0  | glibc (default)     | x86_64-linux-gnu      | `-std=c11` or `-std=c99`   |
-| gcc      | 8.4.0   | glibc (default)     | x86_64-linux-gnu      | `-std=c11` or `-std=c99`   |
-| qcc      | 8.3.0   | glibc (default)     | gcc_ntoaarch64le      | `-std=c11 -nopipe` or `-std=c99 -nopipe` |
+| Compiler | Version | Standard library    | Target architecture   | Language standard flag   | Other required flags |
+| -------- | ------- | ------------------- | --------------------- | ------------------------ | -------------------- |
+| clang    | 10.0.0  | glibc (default)     | x86_64-linux-gnu      | `-std=c11` or `-std=c99` | None                 |
+| gcc      | 8.4.0   | glibc (default)     | x86_64-linux-gnu      | `-std=c11` or `-std=c99` | None                 |
+| qcc      | 8.3.0   | glibc (default)     | gcc_ntoaarch64le      | `-std=c11` or `-std=c99` | `-nopipe`            |
 
 Use of the queries outside these scenarios is possible, but not validated for functional safety. In particular:
 

rules.csv

@@ -832,7 +832,7 @@ cpp,MISRA-C++-2023,RULE-0-2-2,Yes,Required,Decidable,Single Translation Unit,A n
 cpp,MISRA-C++-2023,RULE-0-2-3,Yes,Advisory,Decidable,Single Translation Unit,Types with limited visibility should be used at least once,A0-1-6,DeadCode9,Easy,
 cpp,MISRA-C++-2023,RULE-0-2-4,Yes,Advisory,Decidable,System,Functions with limited visibility should be used at least once,A0-1-3,DeadCode10,Easy,
 cpp,MISRA-C++-2023,DIR-0-3-1,Yes,Advisory,,,Floating-point arithmetic should be used appropriately,,FloatingPoint,Hard,
-cpp,MISRA-C++-2023,DIR-0-3-2,Yes,Required,,,A function call shall not violate the function’s preconditions,,Preconditions,Hard,
+cpp,MISRA-C++-2023,DIR-0-3-2,No,Required,,,A function call shall not violate the function’s preconditions,,,,Consider other projects such as github.com/advanced-security/codeql-contracts-smt-z3
 cpp,MISRA-C++-2023,RULE-4-1-1,Yes,Required,Undecidable,System,A program shall conform to ISO/IEC 14882:2017 (C++17),,Toolchain2,Hard,
 cpp,MISRA-C++-2023,RULE-4-1-2,Yes,Advisory,Decidable,Single Translation Unit,Deprecated features should not be used,,Toolchain3,Very Hard,
 cpp,MISRA-C++-2023,RULE-4-1-3,Yes,Required,Undecidable,System,There shall be no occurrence of undefined or critical unspecified behaviour,,Undefined,Very Hard,