Fix false positives in RULE-0-0-1 from disconnected non-Stmt CFG nodes

The codeql/cpp-all library (particularly version 5.0.0) can produce orphan
BasicBlock nodes in the CFG that are completely disconnected (no predecessors
and no successors). These nodes represent expressions, variable accesses, or
function name nodes rather than actual statements. When they appear in
functions with virtual calls returning complex types (like expected<void, E>),
the isReachable predicate cannot reach them and they get incorrectly flagged
as unreachable statements.

Add isDisconnectedNonStmtBlock predicate to filter out these CFG artifacts.
The predicate specifically targets blocks that:
- Have no predecessors AND no successors (completely isolated)
- Are not function entry points
- Are not Stmt instances (the rule is about unreachable *statements*)

This preserves detection of legitimate unreachable statements (e.g., code
after infinite loops or noreturn calls) which are Stmt nodes with zero
predecessors but may have successors.

Verified: eliminates ~1182 false positives on eclipse-score/communication
codebase while all existing test cases continue to pass.

Fixes #1143

Author: castler

change_notes/2026-06-19-fix-fp-rule-0-0-1-orphan-blocks.md

@@ -0,0 +1,2 @@
+- `RULE-0-0-1` - `UnreachableStatement.ql`:
+  - Fixed false positives caused by orphan BasicBlock nodes (disconnected from the CFG) that represent expressions rather than statements. These artifacts are generated by the GCC extractor for functions involving virtual calls returning `std::variant`-based types with non-trivially-destructible alternatives.

cpp/misra/src/rules/RULE-0-0-1/UnreachableStatement.ql

@@ -61,12 +61,28 @@ predicate isReachable(BasicBlock bb) {
   )
 }
 
+/**
+ * Holds if `bb` is an orphan basic block that is disconnected from the CFG and
+ * does not represent a statement. These are artifacts of the extractor/CFG
+ * construction (e.g., variable access expressions, function name nodes, or
+ * temporary object reuse nodes) and not genuine unreachable statements.
+ * A block with no predecessors that is a Stmt is legitimately unreachable code
+ * (e.g., code after an infinite loop or noreturn call).
+ */
+predicate isDisconnectedNonStmtBlock(BasicBlock bb) {
+  not exists(bb.getAPredecessor()) and
+  not exists(bb.getASuccessor()) and
+  not bb = any(Function f).getEntryPoint() and
+  not bb instanceof Stmt
+}
+
 from BasicBlock bb
 where
   not isExcluded(bb, DeadCode3Package::unreachableStatementQuery()) and
   not isReachable(bb) and
   not isCompilerGenerated(bb) and
-  not affectedByMacro(bb)
+  not affectedByMacro(bb) and
+  not isDisconnectedNonStmtBlock(bb)
 // Note that the location of a BasicBlock will in some cases have an incorrect end location, often
 // preceding the end and including live code. We cast the block to an `Element` to get locations
 // that are not broken.

cpp/misra/test/rules/RULE-0-0-1/test.cpp

@@ -247,4 +247,40 @@ void f12() {
       int l1 = 0; // NON-COMPLIANT
     }
   }
+}
+
+// Regression test: virtual call returning variant-based expected type should not
+// produce false positives from disconnected CFG nodes. With real GCC headers and
+// codeql/cpp-all <= 5.0.0, the extractor creates orphan BasicBlock nodes (0
+// predecessors, 0 successors) for expressions inside functions that use virtual
+// calls returning std::variant-based types with non-trivially-destructible
+// alternatives (e.g. containing std::string). The isDisconnectedNonStmtBlock
+// predicate filters these artifacts. This test validates the pattern compiles
+// and is not flagged; the actual orphan block generation requires real stdlib.
+#include <variant>
+
+struct TestError {
+  int code;
+};
+
+template <typename E> class test_expected_void {
+  std::variant<TestError, E> storage_;
+
+public:
+  test_expected_void() {}
+  bool has_value() const noexcept;
+};
+
+class ITestService {
+public:
+  virtual test_expected_void<TestError> DoWork(int x) const noexcept = 0;
+  virtual ~ITestService() = default;
+};
+
+bool f13(ITestService &svc) { // COMPLIANT
+  const auto result = svc.DoWork(42);
+  if (!result.has_value()) {
+    return false; // COMPLIANT
+  }
+  return true; // COMPLIANT
 }