`A8-5-2`: Reports a violation even for correctly initialized variables as per the rule

[rak3-sh]

Affected rules

• A8-5-2

Description

This rule reports violation for the following code (which is correct as per the rule).

Example

void example_function() {
  const int32_t a {array[i]};
  int32_t ret {0};
  myclass01 bbb {6};
}

The reason seems to be the limitation mentioned in the query that CodeQL doesn't store this syntactic information about the form of initialization in the database. The heuristic implemented in the query to check for the violation doesn't work for the above code snippet because of the presence of a whitespace between the variable name and the initialization.

[lcartey]

Thanks for this report! The good news is that since we originally wrote this query, the C/C++ CodeQL standard library has gained additional information on the type of initialisation in the database (Initialiser::isBraced()), so this should now be straightforward to improve.

[rak3-sh]

Thank you for your prompt reply! I just checked isBraced and while it correctly identifies a braced initialization but it is not able to distinguish between the initialization when = is used and when it is not used. E.g. it returns true for both the variables below.

CLASSA a41{};
CLASSA a43 = {};

[lcartey]

Ah, you're right. isBraced will improve this query by removing false positives where bracing wasn't used, but won't resolve the case in your report because it is already braced, and we don't have an equivalent concept for whether it was initialized by ={..} vs {..}.

We will at least fix the isBraced issue, and consider whether it's possible to adjust our extractor to include enough information for this specific case.