@@ -53,12 +53,12 @@ The full list of supported rules per standard is published as
5353 The presence of certain design issues (e.g. dynamic memory allocation) might
5454 indicate that the code is not intended to be compliant with the standard, and
5555 that a deviation should be added instead of a code fix.
56- - ** New code must comply with the same standard.** Any code introduced by the
57- fix must itself satisfy the coding standard being verified (e.g. MISRA C++
58- 2023). Cross-check the inserted code against the COMPLIANT examples in the
59- corresponding ` test/rules/<rule-id>/ ` directory and against neighbouring
60- rules that are obviously relevant (e.g. don’t fix an integer-conversion rule
61- by introducing a cast that violates a different MISRA rule).
56+ - ** New code must comply with the same standard.** Any code modified by the
57+ fix must itself satisfy every rule of the coding standard being verified.
58+ Cross-check the changed code against the COMPLIANT examples in the
59+ corresponding ` test/rules/<rule-id>/ ` directory and against every other
60+ relevant rules (e.g. don’t fix an integer-conversion rule by introducing a
61+ cast that violates a different MISRA rule).
6262- ** Preserve safe and desired functional behavior.** ensure the resulting code
6363 handles all reasonable real-world scenarios as the code originally intended.
6464 This may involve precisely maintaining the existing code behavior, or it may
@@ -152,20 +152,20 @@ When an alert is judged to be a false positive, the autofix PR must:
152152
1531531 . ** Not modify the flagged code** to “work around” the alert.
1541542 . ** Add or update a deviation record** that scopes precisely to the alert.
155- Prefer the narrowest scope that is appropriate:
156- - a ` code-identifier ` deviation referenced from the exact line, statement,
155+ Prefer the narrowest scope that is appropriate in this order :
156+ 1 . a ` code-identifier ` deviation referenced from the exact line, statement,
157157 function, or block, via an attribute
158158 (` [[codeql::<standard>_deviation("...")]] ` ) or a comment marker
159159 (` // codeql::<standard>_deviation(...) ` ,
160160 ` // codeql::<standard>_deviation_next_line(...) ` , or a
161161 ` ..._deviation_begin ` / ` ..._deviation_end ` pair); or
162- - a ` paths: ` -scoped deviation in ` coding-standards.yml ` when the rule should
162+ 2 . a ` paths: ` -scoped deviation in ` coding-standards.yml ` when the rule should
163163 not be applied to a whole file or directory or
164- - a project-wide deviation only when the rule is genuinely inapplicable to
164+ 3 . a project-wide deviation only when the rule is genuinely inapplicable to
165165 the project.
166166 Use ` <standard> ` ∈ {` misra ` , ` autosar ` , ` cert ` } as appropriate for the
167167 alert.
168- 3 . ** Populate the deviation record** with at least:
168+ 3 . ** Populate the deviation record** for deviation records with at least:
169169 - ` rule-id ` matching the alert’s rule identifier;
170170 - ` query-id ` matching the alert’s ` @id ` (when the deviation is meant to
171171 cover a single sub-query of the rule);
@@ -174,12 +174,12 @@ When an alert is judged to be a false positive, the autofix PR must:
174174 - ` scope ` , ` background ` , and ` requirements ` when they help a reviewer
175175 audit the decision;
176176 - a ` raised-by ` entry (and leave ` approved-by ` for a human reviewer).
177- 4 . ** Place the deviation entry** in an existing ` coding-standards.yml ` if one
178- exists in an appropriate directory; otherwise create one at the most
179- specific directory whose subtree is affected. When using a ` permit-id ` ,
180- reference an existing permit if one matches; do not invent new permit IDs
181- unless necessary.
182- 5 . ** In the PR description** , explicitly state that the alert is being
177+ 4 . ** Place the deviation entry** of types 2. and 3. in an existing
178+ ` coding-standards.yml ` if one exists in an appropriate directory;
179+ otherwise create one at the most specific directory whose subtree is
180+ affected. When using a ` permit-id ` , reference an existing permit
181+ if one matches; do not invent new permit IDs unless necessary.
182+ 6 . ** In the PR description** , explicitly state that the alert is being
183183 handled as a false positive via a deviation (not by code change), link to
184184 the
185185 [ deviation mechanism documentation] ( https://github.com/github/codeql-coding-standards/blob/main/docs/user_manual.md#applying-deviations ) ,
0 commit comments