Merge pull request #1101 from knewbury01/knewbury01/cpp-misra2023-declarations5

Declarations5 cpp misra 2023

Author: knewbury01

cpp/common/src/codingstandards/cpp/exclusions/cpp/Declarations5.qll

@@ -0,0 +1,44 @@
+//** THIS FILE IS AUTOGENERATED, DO NOT MODIFY DIRECTLY.  **/
+import cpp
+import RuleMetadata
+import codingstandards.cpp.exclusions.RuleMetadata
+
+newtype Declarations5Query =
+  TMemberFunctionsRefqualifiedQuery() or
+  TTypeAliasesDeclarationQuery()
+
+predicate isDeclarations5QueryMetadata(Query query, string queryId, string ruleId, string category) {
+  query =
+    // `Query` instance for the `memberFunctionsRefqualified` query
+    Declarations5Package::memberFunctionsRefqualifiedQuery() and
+  queryId =
+    // `@id` for the `memberFunctionsRefqualified` query
+    "cpp/misra/member-functions-refqualified" and
+  ruleId = "RULE-6-8-4" and
+  category = "advisory"
+  or
+  query =
+    // `Query` instance for the `typeAliasesDeclaration` query
+    Declarations5Package::typeAliasesDeclarationQuery() and
+  queryId =
+    // `@id` for the `typeAliasesDeclaration` query
+    "cpp/misra/type-aliases-declaration" and
+  ruleId = "RULE-6-9-1" and
+  category = "required"
+}
+
+module Declarations5Package {
+  Query memberFunctionsRefqualifiedQuery() {
+    //autogenerate `Query` type
+    result =
+      // `Query` type for `memberFunctionsRefqualified` query
+      TQueryCPP(TDeclarations5PackageQuery(TMemberFunctionsRefqualifiedQuery()))
+  }
+
+  Query typeAliasesDeclarationQuery() {
+    //autogenerate `Query` type
+    result =
+      // `Query` type for `typeAliasesDeclaration` query
+      TQueryCPP(TDeclarations5PackageQuery(TTypeAliasesDeclarationQuery()))
+  }
+}

cpp/common/src/codingstandards/cpp/exclusions/cpp/RuleMetadata.qll

@@ -40,6 +40,7 @@ import Declarations1
 import Declarations2
 import Declarations3
 import Declarations4
+import Declarations5
 import Declarations6
 import Declarations7
 import ExceptionSafety
@@ -149,6 +150,7 @@ newtype TCPPQuery =
   TDeclarations2PackageQuery(Declarations2Query q) or
   TDeclarations3PackageQuery(Declarations3Query q) or
   TDeclarations4PackageQuery(Declarations4Query q) or
+  TDeclarations5PackageQuery(Declarations5Query q) or
   TDeclarations6PackageQuery(Declarations6Query q) or
   TDeclarations7PackageQuery(Declarations7Query q) or
   TExceptionSafetyPackageQuery(ExceptionSafetyQuery q) or
@@ -258,6 +260,7 @@ predicate isQueryMetadata(Query query, string queryId, string ruleId, string cat
   isDeclarations2QueryMetadata(query, queryId, ruleId, category) or
   isDeclarations3QueryMetadata(query, queryId, ruleId, category) or
   isDeclarations4QueryMetadata(query, queryId, ruleId, category) or
+  isDeclarations5QueryMetadata(query, queryId, ruleId, category) or
   isDeclarations6QueryMetadata(query, queryId, ruleId, category) or
   isDeclarations7QueryMetadata(query, queryId, ruleId, category) or
   isExceptionSafetyQueryMetadata(query, queryId, ruleId, category) or

cpp/common/src/codingstandards/cpp/lifetimes/CppObjects.qll

@@ -2,6 +2,7 @@ import cpp
 import codingstandards.cpp.lifetimes.StorageDuration
 import semmle.code.cpp.valuenumbering.HashCons
 import codingstandards.cpp.Clvalues
+import codingstandards.cpp.types.Pointers
 
 /**
  * A library for handling "Objects" in C++.
@@ -136,19 +137,41 @@ abstract class ObjectIdentityBase extends Element {
 }
 
 /**
- * Finds expressions `e.x` or `e[x]` for expression `e`, recursively. Does not resolve pointers.
+ * Finds expressions `e.x` or `e[x]` for expression `e`, recursively.
+ *
+ * Omits accesses to reference fields, as they are not subobjects.
  *
  * Note that this does not hold for `e->x` or `e[x]` where `e` is a pointer.
  */
-private Expr getASubobjectAccessOf(Expr e) {
+Expr getASubobjectAccessOf(Expr e) {
   result = e
   or
-  result.(DotFieldAccess).getQualifier() = getASubobjectAccessOf(e)
+  result.(DotFieldAccess).getQualifier() = getASubobjectAccessOf(e) and
+  not result.(DotFieldAccess).getTarget().getUnderlyingType() instanceof ReferenceType
   or
   result.(ArrayExpr).getArrayBase() = getASubobjectAccessOf(e) and
   not result.(ArrayExpr).getArrayBase().getUnspecifiedType() instanceof PointerType
 }
 
+/**
+ * Finds subobjects of the pointee for expression `e`,
+ * where `e` has the type pointer type.
+ *
+ * For `e` this will be subobject accesses of `*e`.
+ * Or for `e->x` the subobject access is `x`.
+ *
+ * This predicate is not used/tested extensively so
+ * verify it before use.
+ */
+Expr getASubobjectAccessOfPointee(Expr e) {
+  e.getParent() instanceof PointerDereferenceExpr and
+  result = getASubobjectAccessOf(e.getParent())
+  or
+  // for e1->e2 : getASubobjectAccessOfPointee(e1) = e2 and or subobjects of e2
+  result = getASubobjectAccessOf(e.getParent().(PointerFieldAccess)) and
+  not result.(PointerFieldAccess).getTarget().getUnderlyingType() instanceof ReferenceType
+}
+
 /**
  * Find the object types that are embedded within the current type.
  *

cpp/common/src/codingstandards/cpp/types/Compatible.qll

@@ -486,45 +486,72 @@ signature predicate interestedInFunctionDeclarations(
 );
 
 module FunctionDeclarationTypeEquivalence<
-  TypeEquivalenceSig Config, interestedInFunctionDeclarations/2 interestedInFunctions>
+  TypeEquivalenceSig Config, interestedInFunctionDeclarations/2 interestedInFunDecls>
 {
   private predicate interestedInReturnTypes(Type a, Type b) {
     exists(FunctionDeclarationEntry aFun, FunctionDeclarationEntry bFun |
-      interestedInFunctions(pragma[only_bind_into](aFun), pragma[only_bind_into](bFun)) and
+      interestedInFunDecls(pragma[only_bind_into](aFun), pragma[only_bind_into](bFun)) and
       a = aFun.getType() and
       b = bFun.getType()
     )
   }
 
   private predicate interestedInParameterTypes(Type a, Type b) {
     exists(FunctionDeclarationEntry aFun, FunctionDeclarationEntry bFun, int i |
-      interestedInFunctions(pragma[only_bind_into](aFun), pragma[only_bind_into](bFun)) and
+      interestedInFunDecls(pragma[only_bind_into](aFun), pragma[only_bind_into](bFun)) and
       a = aFun.getParameterDeclarationEntry(i).getType() and
       b = bFun.getParameterDeclarationEntry(i).getType()
     )
   }
 
   predicate equalReturnTypes(FunctionDeclarationEntry f1, FunctionDeclarationEntry f2) {
-    interestedInFunctions(f1, f2) and
+    interestedInFunDecls(f1, f2) and
     TypeEquivalence<Config, interestedInReturnTypes/2>::equalTypes(f1.getType(), f2.getType())
   }
 
   predicate equalParameterTypes(FunctionDeclarationEntry f1, FunctionDeclarationEntry f2) {
-    interestedInFunctions(f1, f2) and
+    interestedInFunDecls(f1, f2) and
     f1.getDeclaration() = f2.getDeclaration() and
     forall(int i | exists([f1, f2].getParameterDeclarationEntry(i)) |
       equalParameterTypesAt(f1, f2, pragma[only_bind_into](i))
     )
   }
 
   predicate equalParameterTypesAt(FunctionDeclarationEntry f1, FunctionDeclarationEntry f2, int i) {
-    interestedInFunctions(f1, f2) and
+    interestedInFunDecls(f1, f2) and
     f1.getDeclaration() = f2.getDeclaration() and
     TypeEquivalence<Config, interestedInParameterTypes/2>::equalTypes(f1.getParameterDeclarationEntry(pragma[only_bind_into](i))
           .getType(), f2.getParameterDeclarationEntry(pragma[only_bind_into](i)).getType())
   }
 }
 
+signature predicate interestedInFunctionsByFunction(Function f1, Function f2);
+
+module FunctionEquivalence<
+  TypeEquivalenceSig Config, interestedInFunctionsByFunction/2 interestedInFuncs>
+{
+  private predicate interestedInParameterTypes(Type a, Type b) {
+    exists(Function aFun, Function bFun, int i |
+      interestedInFuncs(pragma[only_bind_into](aFun), pragma[only_bind_into](bFun)) and
+      a = aFun.getParameter(i).getType() and
+      b = bFun.getParameter(i).getType()
+    )
+  }
+
+  predicate equalParameterTypes(Function f1, Function f2) {
+    interestedInFuncs(f1, f2) and
+    forall(int i | exists([f1, f2].getParameter(i)) |
+      equalParameterTypesAt(f1, f2, pragma[only_bind_into](i))
+    )
+  }
+
+  predicate equalParameterTypesAt(Function f1, Function f2, int i) {
+    interestedInFuncs(f1, f2) and
+    TypeEquivalence<Config, interestedInParameterTypes/2>::equalTypes(f1.getParameter(pragma[only_bind_into](i))
+          .getType(), f2.getParameter(pragma[only_bind_into](i)).getType())
+  }
+}
+
 private class LeafType extends Type {
   LeafType() {
     not this instanceof DerivedType and

cpp/misra/src/rules/RULE-6-8-4/MemberFunctionsRefqualified.ql

@@ -0,0 +1,105 @@
+/**
+ * @id cpp/misra/member-functions-refqualified
+ * @name RULE-6-8-4: Member functions returning references to their object should be refqualified appropriately
+ * @description Member functions that return references to temporary objects (or subobjects) can
+ *              lead to dangling pointers.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity error
+ * @tags external/misra/id/rule-6-8-4
+ *       correctness
+ *       scope/single-translation-unit
+ *       external/misra/enforcement/decidable
+ *       external/misra/obligation/advisory
+ */
+
+import cpp
+import codingstandards.cpp.misra
+import codingstandards.cpp.types.Compatible
+import codingstandards.cpp.Operator
+import codingstandards.cpp.types.Pointers
+import codingstandards.cpp.lifetimes.CppObjects
+
+class MembersReturningPointerOrRef extends MemberFunction {
+  MembersReturningPointerOrRef() { this.getType() instanceof PointerLikeType }
+}
+
+abstract class MembersReturningObjectOrSubobject extends MembersReturningPointerOrRef {
+  string toString() { result = "Members returning object or subobject" }
+}
+
+/**
+ * Members that have an explicit `this` access within their return statement.
+ */
+class MembersReturningObject extends MembersReturningObjectOrSubobject {
+  MembersReturningObject() {
+    exists(ReturnStmt r, ThisExpr t |
+      r.getEnclosingFunction() = this and
+      //return `this`
+      r.getAChild() = t and
+      t.getActualType().stripType() = this.getDeclaringType()
+    )
+  }
+}
+
+/**
+ * Members that have an explicit subobject access within their return statement.
+ *
+ * Specifically, this captures when the return is a reference or pointer
+ * to a subobject.
+ */
+class MembersReturningSubObject extends MembersReturningObjectOrSubobject {
+  MembersReturningSubObject() {
+    exists(ReturnStmt r, FieldAccess access, Expr e |
+      r.getEnclosingFunction() = this and
+      (not exists(access.getQualifier()) or access.getQualifier() instanceof ThisExpr) and
+      (
+        //subobject returned by address
+        r.getAChild() = access.getParent() and
+        e = getASubobjectAccessOf(access) and
+        access.getParent() instanceof AddressOfExpr
+        or
+        //reference to subobject returned
+        r.getAChild() = e and
+        e = getASubobjectAccessOf(access) and
+        this.getType() instanceof ReferenceType
+      )
+    )
+  }
+}
+
+predicate relevantFunctions(Function a, Function b) {
+  a instanceof MembersReturningObjectOrSubobject and
+  a.getAnOverload() = b
+}
+
+class AppropriatelyQualified extends MemberFunction {
+  AppropriatelyQualified() {
+    //non-const-lvalue-ref-qualified
+    this.isLValueRefQualified() and
+    this.getType().(PointerLikeType).pointsToNonConst()
+    or
+    //const-lvalue-ref-qualified
+    this.isLValueRefQualified() and
+    this.getType().(PointerLikeType).pointsToConst() and
+    //and overload exists that is rvalue-ref-qualified
+    exists(MemberFunction overload |
+      this.getAnOverload() = overload and
+      overload.isRValueRefQualified() and
+      //and has same param list
+      FunctionEquivalence<TypesCompatibleConfig, relevantFunctions/2>::equalParameterTypes(this,
+        overload)
+    )
+  }
+}
+
+class DefaultedAssignmentOperator extends AssignmentOperator {
+  DefaultedAssignmentOperator() { this.isDefaulted() }
+}
+
+from MembersReturningObjectOrSubobject f
+where
+  not isExcluded(f, Declarations5Package::memberFunctionsRefqualifiedQuery()) and
+  not f instanceof AppropriatelyQualified and
+  not f instanceof DefaultedAssignmentOperator
+select f, "Member function is not properly ref qualified."

cpp/misra/src/rules/RULE-6-9-1/TypeAliasesDeclaration.ql

@@ -0,0 +1,33 @@
+/**
+ * @id cpp/misra/type-aliases-declaration
+ * @name RULE-6-9-1: The same type aliases shall be used in all declarations of the same entity
+ * @description Using different type aliases on redeclarations can make code hard to understand and
+ *              maintain.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity warning
+ * @tags external/misra/id/rule-6-9-1
+ *       maintainability
+ *       readability
+ *       scope/single-translation-unit
+ *       external/misra/enforcement/decidable
+ *       external/misra/obligation/required
+ */
+
+import cpp
+import codingstandards.cpp.misra
+
+from DeclarationEntry decl1, DeclarationEntry decl2, TypedefType t
+where
+  not isExcluded(decl1, Declarations5Package::typeAliasesDeclarationQuery()) and
+  not isExcluded(decl2, Declarations5Package::typeAliasesDeclarationQuery()) and
+  not decl1 = decl2 and
+  decl1.getDeclaration() = decl2.getDeclaration() and
+  t.getATypeNameUse() = decl1 and
+  not t.getATypeNameUse() = decl2 and
+  //exception cases - we dont want to disallow struct typedef name use
+  not t.getBaseType() instanceof Struct and
+  not t.getBaseType() instanceof Enum
+select decl1,
+  "Declaration entry has a different type alias than $@ where the type alias used is '$@'.", decl2,
+  decl2.getName(), t, t.getName()

cpp/misra/test/rules/RULE-6-8-4/MemberFunctionsRefqualified.expected

@@ -0,0 +1,13 @@
+| test.cpp:12:14:12:20 | Members returning object or subobject | Member function is not properly ref qualified. |
+| test.cpp:24:12:24:23 | Members returning object or subobject | Member function is not properly ref qualified. |
+| test.cpp:42:16:42:16 | Members returning object or subobject | Member function is not properly ref qualified. |
+| test.cpp:42:16:42:16 | Members returning object or subobject | Member function is not properly ref qualified. |
+| test.cpp:42:16:42:16 | Members returning object or subobject | Member function is not properly ref qualified. |
+| test.cpp:61:8:61:8 | Members returning object or subobject | Member function is not properly ref qualified. |
+| test.cpp:71:9:71:10 | Members returning object or subobject | Member function is not properly ref qualified. |
+| test.cpp:79:8:79:9 | Members returning object or subobject | Member function is not properly ref qualified. |
+| test.cpp:89:9:89:10 | Members returning object or subobject | Member function is not properly ref qualified. |
+| test.cpp:103:8:103:8 | Members returning object or subobject | Member function is not properly ref qualified. |
+| test.cpp:113:9:113:10 | Members returning object or subobject | Member function is not properly ref qualified. |
+| test.cpp:121:8:121:9 | Members returning object or subobject | Member function is not properly ref qualified. |
+| test.cpp:131:9:131:10 | Members returning object or subobject | Member function is not properly ref qualified. |

cpp/misra/test/rules/RULE-6-8-4/MemberFunctionsRefqualified.qlref

@@ -0,0 +1 @@
+rules/RULE-6-8-4/MemberFunctionsRefqualified.ql