C++: Initial telemetry queries

[calumgrant]

This adds new internal telemetry queries, so should not need a changenote.

It loosely follows the examples in https://github.com/github/codeql/tree/main/java/ql/src/Telemetry and https://github.com/github/codeql/tree/main/csharp/ql/src/Telemetry.

As a new idea, Metrics.qll uses QL classes a bit more heavily, instead of binary predicates, but obviously they boil down to the same thing.

We don't (yet) emit a diagnostic warning about low quality databases.

Note that qltest can't test for missing includes, since these lead to a catastrophic error by default.

Fixes https://github.com/github/codeql-c-team/issues/2471

Pull Request checklist

All query authors

• [ ] A change note is added if necessary. See the documentation in this repository.
• [ ] All new queries have appropriate .qhelp. See the documentation in this repository.
• QL tests are added if necessary. See Testing custom queries in the GitHub documentation.
• New and changed queries have correct query metadata. See the documentation in this repository.

Internal query authors only

• [ ] Autofixes generated based on these changes are valid, only needed if this PR makes significant changes to .ql, .qll, or .qhelp files. See the documentation (internal access required).
• Changes are validated at scale (internal access required).
• [ ] Adding a new query? Consider also adding the query to autofix.

[jketema]

Is there are specific reason we're not re-using some of the functionality already present in cpp/ql/src/Diagnostics?

[jketema]

Why are the values here floats? It seems like these are just discrete counts.

[calumgrant]

It's because all metrics are floats in general. But it might be worth specialising to int-metrics and float-metrics.

[jketema]

That seems a very bad design.

[calumgrant]

Is 841c678 any better?

[calumgrant]

Is there are specific reason we're not re-using some of the functionality already present in cpp/ql/src/Diagnostics?

The code in cpp/ql/src/Diagnostics isn't really that helpful, mainly because it's in the wrong format and has @kind diagnostic.

[jketema]

Is there are specific reason we're not re-using some of the functionality already present in cpp/ql/src/Diagnostics?

The code in cpp/ql/src/Diagnostics isn't really that helpful, mainly because it's in the wrong format and has @kind diagnostic.

Not even the libraries in that directory are of use?

[jketema]

Some questions about the used tags.

[jketema]

Shouldn't this also cover cannot_open_file_reason?

[calumgrant]

I will have a look at these tags 👍

[jketema]

There are a number of other ..._undefined_identifier tags, shouldn't those be covered too?

[calumgrant]

I've had a search through the front end source code, and the other ec_undefined_ errors are all at warning or remark level (e.g. ec_undefined_preproc_id)

[jketema]

What about ec_range_based_for_undefined_identifier and ec_for_each_undefined_identifier?

[calumgrant]

Ok, I think I'll just delete UndefinedIdentifier as it's unused and not worth creating a test for.

[jketema]

Does exp_ cover all possible syntax errors?

[calumgrant]

Ah, no. Searching for syntax_error(ec_ reveals various other syntax errors that I will add.

[calumgrant]

Is there are specific reason we're not re-using some of the functionality already present in cpp/ql/src/Diagnostics?

The code in cpp/ql/src/Diagnostics isn't really that helpful, mainly because it's in the wrong format and has @kind diagnostic.

Not even the libraries in that directory are of use?

Well, telemetry is a bit simpler because it's a question of dumping counts and raw data, so we don't need to refine them in the same way.

[jketema]

I'm a bit concerned that this might completely blow up on real-world projects to such an extent that the SARIF will be rejected when uploaded.

[calumgrant]

Makes sense. I've limited the results to the top 500 - not sure if that's a sensible number or not.

[jketema]

I'm a bit concerned that this might completely blow up on real-world projects to such an extent that the SARIF will be rejected when uploaded. Especially because the error messages can in principle be several lines long.