msvc analysis: suppress C26819/C28251 advisories, bump EOL actions#3116
Closed
borisbat wants to merge 2 commits into
Closed
msvc analysis: suppress C26819/C28251 advisories, bump EOL actions#3116borisbat wants to merge 2 commits into
borisbat wants to merge 2 commits into
Conversation
…dead STYLE021 STYLE031 is the table twin of STYLE012: an empty table<K;V> (or table<K> set) declaration followed by >= 2 contiguous `t |> insert(k, v)` / `t[k] = v` statements collapses to a table (set) literal move-assign. Computed keys are allowed (runtime-duplicate is last-wins in both forms); runs with a duplicate CONST key stay silent since a literal rejects them at compile time (error 30706) while sequential inserts overwrite. While wiring the STYLE021 handoff (JV tables with const keys keep the stronger JV((k1=...)) suggestion), the new test exposed that STYLE021 had been dead code since landing: its type check matched a tHandle "JsonValue" annotation, but JsonValue is a das struct (daslib/json.das). Fixed the match (tPointer -> tStructure, name + module json) and added the missing style021 test; computed-key JV runs now fall through to STYLE031. Tree sweep: rewrote 6 fixture tables to literals (linq source fixture, long_length, with_boost x2, serialization + data_walker tutorials), nolint'd 12 sites where insert/[]= is the machinery under test (fused tab[k]=v opcodes, packed WithHash nodes, dapi layout, value-key API, insert-teaching tutorials). Touched files also cleaned of pre-existing STYLE001/STYLE028/LINT003/LINT013 warnings. Docs: lint.rst STYLE031 section + STYLE021 fall-through note, skill table rows for 029/030 (were missing) and 031, CLAUDE.md idiom row, module docstring lines for STYLE023 (was missing) and STYLE031. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
The PREfast (MSVC /analyze) workflow surfaced 16 alerts that are pure style/advisory, not memory-safety: 14x C26819 (es.78 unannotated switch fallthrough — ours are intentional, we don't annotate [[fallthrough]]; several are last-label-before-brace misfires like default: assert+break) and 2x C28251 (inconsistent SAL annotation on free_list's global operator new/new[], which intentionally carry no SAL). All 16 were dismissed in the Security tab; suppress both rules at the ruleset source so a future manual run stays clean instead of re-raising them. Also bump the two EOL actions in this workflow to the repo standard: upload-sarif v2 -> v3, upload-artifact v3 -> v4. (msvc-code-analysis-action stays v0.1.1 — no newer release exists.) Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR combines two themes: (1) keeping the manual MSVC /analyze SARIF workflow clean by suppressing advisory-only warnings and updating action versions, and (2) extending/repairing style_lint around table initialization patterns (including adding STYLE031) and updating docs/tests/tutorials accordingly.
Changes:
- Suppress MSVC
/analyzeadvisories C26819 and C28251 inCustomRules.ruleset, and bumpupload-sarif/upload-artifactaction versions in the MSVC workflow. - Fix STYLE021’s
JsonValuetype matching (struct injsonmodule) and add STYLE031 (table insert/[]=run → table/set literal) todaslib/style_lint.das, with new lint tests. - Update docs, tutorials, and tests to prefer table literals or to explicitly suppress STYLE021/STYLE031 where incremental insert patterns are intentional.
Reviewed changes
Copilot reviewed 21 out of 21 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| utils/lint/tests/style031_table_insert_run.das | New lint test coverage for STYLE031 behaviors and exclusions. |
| utils/lint/tests/style021_jv_table_insert.das | New lint test coverage for STYLE021 vs STYLE031 “division of labor”. |
| tutorials/language/47_data_walker.das | Uses table literal initialization and removes self-> method-call arrow usage. |
| tutorials/language/41_serialization.das | Uses table literal initialization for tutorial example. |
| tutorials/language/30_json.das | Adds nolint:STYLE021 to keep incremental JSON object-building example. |
| tutorials/language/10_tables.das | Adds nolint:STYLE031 to keep insert-based tutorial example. |
| tests/with_boost/test_with_table.das | Converts insert-run setup to a table literal. |
| tests/with_boost/test_with_lock_panics.das | Renames unused with_ binders and converts one table setup to a literal. |
| tests/table_packed/test_packed.das | Adds nolint:STYLE031 to keep insert/index-assign path under test. |
| tests/table_packed/test_packed_constkey.das | Adds nolint:STYLE031 where insert/index paths are the test subject. |
| tests/long_array_table/test_long_length.das | Converts simple insert-run setup to a table literal. |
| tests/long_array_table/test_fusion_table_i64.das | Adds nolint:STYLE031 to keep fused write path under test. |
| tests/long_array_table/test_dapi_layout.das | Adds nolint:STYLE031 to keep canonical insert path under test. |
| tests/linq/test_linq_table_source.das | Converts insert-run table factory to a table literal return. |
| tests/language/test_value_table_key.das | Adds nolint:STYLE031 and adjusts get(...) callback syntax usage. |
| skills/style_lint.md | Documents STYLE029/030/031 and corrects STYLE021 implementation notes. |
| doc/source/reference/language/lint.rst | Extends lint reference docs to include STYLE031 and STYLE021→STYLE031 fallback note. |
| daslib/style_lint.das | Implements STYLE031 and fixes STYLE021 JsonValue type matching. |
| CustomRules.ruleset | Suppresses C26819/C28251 advisories for MSVC analysis runs. |
| CLAUDE.md | Updates migration/style table with STYLE031 guidance. |
| .github/workflows/msvc.yml | Bumps upload-sarif to v3 and upload-artifact to v4. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| } | ||
| count++ | ||
| } | ||
| delete seen_keys |
| # Upload SARIF file to GitHub Code Scanning Alerts | ||
| - name: Upload SARIF to GitHub | ||
| uses: github/codeql-action/upload-sarif@v2 | ||
| uses: github/codeql-action/upload-sarif@v3 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Superseded by #3117 — this branch was accidentally based on
bbatkin/style031-table-insert-lintinstead of master, so it dragged in unrelated style031 files. Reopened clean as #3117.