github
diff --git a/‎.vscode/tasks.json‎
Lines changed: 1 addition & 0 deletions b/‎.vscode/tasks.json‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎change_notes/2026-02-03-uninitialized-mem-improve.md‎
Lines changed: 2 additions & 0 deletions b/‎change_notes/2026-02-03-uninitialized-mem-improve.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎cpp/common/src/codingstandards/cpp/exclusions/cpp/Lifetime.qll‎
Lines changed: 44 additions & 0 deletions b/‎cpp/common/src/codingstandards/cpp/exclusions/cpp/Lifetime.qll‎
Lines changed: 44 additions & 0 deletions
diff --git a/‎cpp/common/src/codingstandards/cpp/exclusions/cpp/RuleMetadata.qll‎
Lines changed: 3 additions & 0 deletions b/‎cpp/common/src/codingstandards/cpp/exclusions/cpp/RuleMetadata.qll‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎cpp/common/src/codingstandards/cpp/lifetimes/CppObjects.qll‎
Lines changed: 3 additions & 1 deletion b/‎cpp/common/src/codingstandards/cpp/lifetimes/CppObjects.qll‎
Lines changed: 3 additions & 1 deletion
@@ -259,6 +259,7 @@
                 "Language1",
                 "Language2",
                 "Language3",
+                "Lifetime",
                 "Linkage1",
                 "Linkage2",
                 "Literals",
 
@@ -0,0 +1,2 @@
+- `A8-5-0`, `EXP53-CPP`, `EXP33-C`, `RULE-9-1` - `MemoryNotInitializedBeforeItIsRead.ql`, `DoNotReadUninitializedMemory.ql`, `DoNotReadUninitializedMemory.ql`, `ObjectWithAutoStorageDurationReadBeforeInit.ql`:
+  - The queries listed now find uses of the operator 'new' where there is no value initialization provided. The queries listed now also uses an out of the box library to consider initialization within another function as valid initialization (`InitializationFunctions.qll`). We do not yet track finely track the initialization/use of `p` vs `*p`.
@@ -0,0 +1,44 @@
+//** THIS FILE IS AUTOGENERATED, DO NOT MODIFY DIRECTLY.  **/
+import cpp
+import RuleMetadata
+import codingstandards.cpp.exclusions.RuleMetadata
+
+newtype LifetimeQuery =
+  TValueOfAnObjectMustNotBeReadBeforeItHasBeenSetQuery() or
+  TAutomaticStorageAssignedToObjectGreaterLifetimeQuery()
+
+predicate isLifetimeQueryMetadata(Query query, string queryId, string ruleId, string category) {
+  query =
+    // `Query` instance for the `valueOfAnObjectMustNotBeReadBeforeItHasBeenSet` query
+    LifetimePackage::valueOfAnObjectMustNotBeReadBeforeItHasBeenSetQuery() and
+  queryId =
+    // `@id` for the `valueOfAnObjectMustNotBeReadBeforeItHasBeenSet` query
+    "cpp/misra/value-of-an-object-must-not-be-read-before-it-has-been-set" and
+  ruleId = "RULE-11-6-2" and
+  category = "mandatory"
+  or
+  query =
+    // `Query` instance for the `automaticStorageAssignedToObjectGreaterLifetime` query
+    LifetimePackage::automaticStorageAssignedToObjectGreaterLifetimeQuery() and
+  queryId =
+    // `@id` for the `automaticStorageAssignedToObjectGreaterLifetime` query
+    "cpp/misra/automatic-storage-assigned-to-object-greater-lifetime" and
+  ruleId = "RULE-6-8-3" and
+  category = "required"
+}
+
+module LifetimePackage {
+  Query valueOfAnObjectMustNotBeReadBeforeItHasBeenSetQuery() {
+    //autogenerate `Query` type
+    result =
+      // `Query` type for `valueOfAnObjectMustNotBeReadBeforeItHasBeenSet` query
+      TQueryCPP(TLifetimePackageQuery(TValueOfAnObjectMustNotBeReadBeforeItHasBeenSetQuery()))
+  }
+
+  Query automaticStorageAssignedToObjectGreaterLifetimeQuery() {
+    //autogenerate `Query` type
+    result =
+      // `Query` type for `automaticStorageAssignedToObjectGreaterLifetime` query
+      TQueryCPP(TLifetimePackageQuery(TAutomaticStorageAssignedToObjectGreaterLifetimeQuery()))
+  }
+}
@@ -46,6 +46,7 @@ import IntegerConversion
 import Invariants
 import Iterators
 import Lambdas
+import Lifetime
 import Linkage1
 import Linkage2
 import Literals
@@ -136,6 +137,7 @@ newtype TCPPQuery =
   TInvariantsPackageQuery(InvariantsQuery q) or
   TIteratorsPackageQuery(IteratorsQuery q) or
   TLambdasPackageQuery(LambdasQuery q) or
+  TLifetimePackageQuery(LifetimeQuery q) or
   TLinkage1PackageQuery(Linkage1Query q) or
   TLinkage2PackageQuery(Linkage2Query q) or
   TLiteralsPackageQuery(LiteralsQuery q) or
@@ -226,6 +228,7 @@ predicate isQueryMetadata(Query query, string queryId, string ruleId, string cat
   isInvariantsQueryMetadata(query, queryId, ruleId, category) or
   isIteratorsQueryMetadata(query, queryId, ruleId, category) or
   isLambdasQueryMetadata(query, queryId, ruleId, category) or
+  isLifetimeQueryMetadata(query, queryId, ruleId, category) or
   isLinkage1QueryMetadata(query, queryId, ruleId, category) or
   isLinkage2QueryMetadata(query, queryId, ruleId, category) or
   isLiteralsQueryMetadata(query, queryId, ruleId, category) or
 
@@ -246,7 +246,7 @@ class AggregateLiteralObjectIdentity extends AggregateLiteral, ObjectIdentityBas
 }
 
 /**
- * An object identified by a call to `malloc`.
+ * An object identified by a call to `malloc` or allcoated with a `new` or `new[]` expression.
  *
  * Note: the malloc expression returns an address to this object, not the object itself. Therefore,
  * `getAnAccess()` returns cases where this malloc result is dereferenced, and not the malloc call
@@ -262,6 +262,8 @@ class AggregateLiteralObjectIdentity extends AggregateLiteral, ObjectIdentityBas
 class AllocatedObjectIdentity extends AllocationExpr, ObjectIdentityBase {
   AllocatedObjectIdentity() {
     this.(FunctionCall).getTarget().(AllocationFunction).requiresDealloc()
+    or
+    this = any(NewOrNewArrayExpr new | not exists(new.getPlacementPointer()))
   }
 
   override StorageDuration getStorageDuration() { result.isAllocated() }
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	+- `A8-5-0`, `EXP53-CPP`, `EXP33-C`, `RULE-9-1` - `MemoryNotInitializedBeforeItIsRead.ql`, `DoNotReadUninitializedMemory.ql`, `DoNotReadUninitializedMemory.ql`, `ObjectWithAutoStorageDurationReadBeforeInit.ql`:
	`2`	+ - The queries listed now find uses of the operator 'new' where there is no value initialization provided. The queries listed now also uses an out of the box library to consider initialization within another function as valid initialization (`InitializationFunctions.qll`). We do not yet track finely track the initialization/use of `p` vs `*p`.
Original file line number	Diff line number	Diff line change
`@@ -246,7 +246,7 @@ class AggregateLiteralObjectIdentity extends AggregateLiteral, ObjectIdentityBas`
`246`	`246`	`}`
`247`	`247`
`248`	`248`	`/**`
`249`		- * An object identified by a call to `malloc`.
	`249`	+ * An object identified by a call to `malloc` or allcoated with a `new` or `new[]` expression.
`250`	`250`	`*`
`251`	`251`	`* Note: the malloc expression returns an address to this object, not the object itself. Therefore,`
`252`	`252`	* `getAnAccess()` returns cases where this malloc result is dereferenced, and not the malloc call
`@@ -262,6 +262,8 @@ class AggregateLiteralObjectIdentity extends AggregateLiteral, ObjectIdentityBas`
`262`	`262`	`class AllocatedObjectIdentity extends AllocationExpr, ObjectIdentityBase {`
`263`	`263`	`AllocatedObjectIdentity() {`
`264`	`264`	`this.(FunctionCall).getTarget().(AllocationFunction).requiresDealloc()`
	`265`	`+ or`
	`266`	`+ this = any(NewOrNewArrayExpr new \| not exists(new.getPlacementPointer()))`
`265`	`267`	`}`
`266`	`268`
`267`	`269`	`override StorageDuration getStorageDuration() { result.isAllocated() }`