From c1596044a1068c6a375e7cef2c4e84c99fe74b06 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Tue, 15 Jul 2025 13:46:07 +0200 Subject: [PATCH 1/4] Convert RULE-17-5 to the new dataflow library --- .../RULE-17-5/ArrayFunctionArgumentNumberOfElements.ql | 8 ++++---- .../ArrayFunctionArgumentNumberOfElements.expected | 6 ------ 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/c/misra/src/rules/RULE-17-5/ArrayFunctionArgumentNumberOfElements.ql b/c/misra/src/rules/RULE-17-5/ArrayFunctionArgumentNumberOfElements.ql index 1a142ddb22..279003f6ff 100644 --- a/c/misra/src/rules/RULE-17-5/ArrayFunctionArgumentNumberOfElements.ql +++ b/c/misra/src/rules/RULE-17-5/ArrayFunctionArgumentNumberOfElements.ql @@ -14,7 +14,7 @@ import cpp import codingstandards.c.misra -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow /** * Models a function parameter of type array with specified size @@ -49,7 +49,7 @@ module SmallArrayConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node src) { src.asExpr() instanceof ArrayAggregateLiteral } predicate isSink(DataFlow::Node sink) { - sink.asExpr() = any(ArrayParameter p).getAMatchingArgument() + sink.asIndirectExpr() = any(ArrayParameter p).getAMatchingArgument() } } @@ -68,8 +68,8 @@ where or // the argument is a pointer and its value does not come from a literal of the correct arg.getType() instanceof PointerType and - not exists(ArrayAggregateLiteral l | - SmallArrayFlow::flow(DataFlow::exprNode(l), DataFlow::exprNode(arg)) and + not exists(ArrayAggregateLiteral l, DataFlow::Node arg_node | arg_node.asIndirectExpr() = arg | + SmallArrayFlow::flow(DataFlow::exprNode(l), arg_node) and countElements(l) >= p.getArraySize() ) ) diff --git a/c/misra/test/rules/RULE-17-5/ArrayFunctionArgumentNumberOfElements.expected b/c/misra/test/rules/RULE-17-5/ArrayFunctionArgumentNumberOfElements.expected index 174c6aa40f..913f6f1c34 100644 --- a/c/misra/test/rules/RULE-17-5/ArrayFunctionArgumentNumberOfElements.expected +++ b/c/misra/test/rules/RULE-17-5/ArrayFunctionArgumentNumberOfElements.expected @@ -1,9 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ArrayFunctionArgumentNumberOfElements.ql:48,36-44) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ArrayFunctionArgumentNumberOfElements.ql:49,22-30) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ArrayFunctionArgumentNumberOfElements.ql:51,20-28) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ArrayFunctionArgumentNumberOfElements.ql:56,25-33) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ArrayFunctionArgumentNumberOfElements.ql:72,28-36) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ArrayFunctionArgumentNumberOfElements.ql:72,51-59) | test.c:18:6:18:6 | 0 | The function argument does not have a sufficient number or elements declared in the $@. | test.c:1:13:1:14 | ar | parameter | | test.c:19:6:19:7 | ar | The function argument does not have a sufficient number or elements declared in the $@. | test.c:1:13:1:14 | ar | parameter | | test.c:21:6:21:9 | ar2p | The function argument does not have a sufficient number or elements declared in the $@. | test.c:1:13:1:14 | ar | parameter | From 36eb3b371627a0117397af3cee999704ddde757d Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Tue, 15 Jul 2025 15:06:50 +0200 Subject: [PATCH 2/4] Convert A15-2-2 to use the new dataflow library Observe that field flow requires global flow with the new library, so a dataflow configuration is introduced. --- ...ConstructorErrorLeavesObjectInInvalidState.ql | 16 ++++++++++++++-- ...uctorErrorLeavesObjectInInvalidState.expected | 9 --------- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/cpp/autosar/src/rules/A15-2-2/ConstructorErrorLeavesObjectInInvalidState.ql b/cpp/autosar/src/rules/A15-2-2/ConstructorErrorLeavesObjectInInvalidState.ql index 1b3a3cfed2..bf8f76923b 100644 --- a/cpp/autosar/src/rules/A15-2-2/ConstructorErrorLeavesObjectInInvalidState.ql +++ b/cpp/autosar/src/rules/A15-2-2/ConstructorErrorLeavesObjectInInvalidState.ql @@ -15,7 +15,7 @@ */ import cpp -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import codingstandards.cpp.autosar import codingstandards.cpp.exceptions.ExceptionFlow import codingstandards.cpp.exceptions.ExceptionSpecifications @@ -98,6 +98,18 @@ class ExceptionThrownInConstructor extends ExceptionThrowingExpr { Constructor getConstructor() { result = c } } +module NewDeleteConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node src) { src.asExpr() instanceof NewAllocationExpr } + + predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof DeletedExpr } + + DataFlow::FlowFeature getAFeature() { + result instanceof DataFlow::FeatureEqualSourceSinkCallContext + } +} + +module NewDeleteFlow = DataFlow::Global; + from ExceptionThrowingConstructor c, ExceptionThrownInConstructor throwingExpr, NewAllocationExpr newExpr, ExceptionFlowNode exceptionSource, @@ -127,7 +139,7 @@ where not exists(DeletedExpr deletedExpr | deletedExpr.getEnclosingFunction() = c and // Deletes the same memory location that was new'd - DataFlow::localFlow(DataFlow::exprNode(newExpr), DataFlow::exprNode(deletedExpr)) and + NewDeleteFlow::flow(DataFlow::exprNode(newExpr), DataFlow::exprNode(deletedExpr)) and newExpr.getASuccessor+() = deletedExpr and deletedExpr.getASuccessor+() = throwingExpr ) and diff --git a/cpp/autosar/test/rules/A15-2-2/ConstructorErrorLeavesObjectInInvalidState.expected b/cpp/autosar/test/rules/A15-2-2/ConstructorErrorLeavesObjectInInvalidState.expected index 529a7ccf99..941771dada 100644 --- a/cpp/autosar/test/rules/A15-2-2/ConstructorErrorLeavesObjectInInvalidState.expected +++ b/cpp/autosar/test/rules/A15-2-2/ConstructorErrorLeavesObjectInInvalidState.expected @@ -1,12 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ConstructorErrorLeavesObjectInInvalidState.ql:47,12-20) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ConstructorErrorLeavesObjectInInvalidState.ql:48,30-38) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ConstructorErrorLeavesObjectInInvalidState.ql:48,57-65) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ConstructorErrorLeavesObjectInInvalidState.ql:74,5-13) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ConstructorErrorLeavesObjectInInvalidState.ql:74,25-33) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ConstructorErrorLeavesObjectInInvalidState.ql:75,7-15) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ConstructorErrorLeavesObjectInInvalidState.ql:130,5-13) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ConstructorErrorLeavesObjectInInvalidState.ql:130,25-33) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ConstructorErrorLeavesObjectInInvalidState.ql:130,54-62) edges | test.cpp:12:16:12:27 | new [bad_alloc] | test.cpp:14:33:16:5 | { ... } [bad_alloc] | | test.cpp:13:7:13:28 | throw ... [exception] | test.cpp:14:33:16:5 | { ... } [exception] | From ba9ebc6d6856014a2fd27c2ede8e08929b5d1d11 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Tue, 15 Jul 2025 15:54:57 +0200 Subject: [PATCH 3/4] Convert A18-9-4 to use the new dataflow library The query seemed to depend on a bug in the old dataflow library before, where `asDefiningArgument` could return the function call instead of its argument. --- .../src/rules/A18-9-4/ArgumentToForwardSubsequentlyUsed.ql | 4 ++-- .../rules/A18-9-4/ArgumentToForwardSubsequentlyUsed.expected | 3 --- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/cpp/autosar/src/rules/A18-9-4/ArgumentToForwardSubsequentlyUsed.ql b/cpp/autosar/src/rules/A18-9-4/ArgumentToForwardSubsequentlyUsed.ql index a3acf916ec..923a024a46 100644 --- a/cpp/autosar/src/rules/A18-9-4/ArgumentToForwardSubsequentlyUsed.ql +++ b/cpp/autosar/src/rules/A18-9-4/ArgumentToForwardSubsequentlyUsed.ql @@ -14,13 +14,13 @@ import cpp import codingstandards.cpp.autosar import codingstandards.cpp.standardlibrary.Utility -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow from StdForwardCall f, Access a where not isExcluded(a, MoveForwardPackage::movedFromObjectReadAccessedQuery()) and exists(DataFlow::DefinitionByReferenceNode def | - def.asDefiningArgument() = f and + def.asDefiningArgument() = f.getArgument(0) and DataFlow::localFlow(def, DataFlow::exprNode(a)) ) select a, "The argument $@ of `std::forward` may be indeterminate when accessed at this location.", diff --git a/cpp/autosar/test/rules/A18-9-4/ArgumentToForwardSubsequentlyUsed.expected b/cpp/autosar/test/rules/A18-9-4/ArgumentToForwardSubsequentlyUsed.expected index 9e1cf41d3d..1c72dd7bf3 100644 --- a/cpp/autosar/test/rules/A18-9-4/ArgumentToForwardSubsequentlyUsed.expected +++ b/cpp/autosar/test/rules/A18-9-4/ArgumentToForwardSubsequentlyUsed.expected @@ -1,4 +1 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ArgumentToForwardSubsequentlyUsed.ql:22,10-18) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ArgumentToForwardSubsequentlyUsed.ql:24,5-13) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ArgumentToForwardSubsequentlyUsed.ql:24,30-38) | test.cpp:8:5:8:6 | t2 | The argument $@ of `std::forward` may be indeterminate when accessed at this location. | test.cpp:7:45:7:46 | t2 | t2 | From f4d7e9f4173cb04ceb3002a38581922b4566717d Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Tue, 15 Jul 2025 16:19:44 +0200 Subject: [PATCH 4/4] Convert A20-8-4 to use the new dataflow library --- .../A20-8-4/SharedPointerUsedWithNoOwnershipSharing.ql | 8 ++++++-- .../SharedPointerUsedWithNoOwnershipSharing.expected | 1 - 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/cpp/autosar/src/rules/A20-8-4/SharedPointerUsedWithNoOwnershipSharing.ql b/cpp/autosar/src/rules/A20-8-4/SharedPointerUsedWithNoOwnershipSharing.ql index 0294bfe2e6..47f879a585 100644 --- a/cpp/autosar/src/rules/A20-8-4/SharedPointerUsedWithNoOwnershipSharing.ql +++ b/cpp/autosar/src/rules/A20-8-4/SharedPointerUsedWithNoOwnershipSharing.ql @@ -16,7 +16,7 @@ import cpp import codingstandards.cpp.autosar import codingstandards.cpp.SmartPointers -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow /* * Finds `std::shared_ptr` local variables which are not copy or move initialized, and are not used in @@ -44,7 +44,11 @@ from AutosarSharedPointerLocalScopeVariable var, SharedPointerLocalAllocInitiali where not isExcluded(var, SmartPointers1Package::sharedPointerUsedWithNoOwnershipSharingQuery()) and var.getAnAssignedValue() = src and - not DataFlow::localExprFlow(src, varOwnershipSharingExpr(var.getType(), var.getFunction())) + not exists(DataFlow::Node n | + n.asIndirectExpr() = varOwnershipSharingExpr(var.getType(), var.getFunction()) + | + DataFlow::localFlow(DataFlow::exprNode(src), n) + ) select var, "The ownership of shared_ptr $@ is not shared within or passed out of the local scope of function $@.", var, var.getName(), var.getFunction(), var.getFunction().getQualifiedName() diff --git a/cpp/autosar/test/rules/A20-8-4/SharedPointerUsedWithNoOwnershipSharing.expected b/cpp/autosar/test/rules/A20-8-4/SharedPointerUsedWithNoOwnershipSharing.expected index 5b770a1925..f15f142b3b 100644 --- a/cpp/autosar/test/rules/A20-8-4/SharedPointerUsedWithNoOwnershipSharing.expected +++ b/cpp/autosar/test/rules/A20-8-4/SharedPointerUsedWithNoOwnershipSharing.expected @@ -1,4 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (SharedPointerUsedWithNoOwnershipSharing.ql:47,7-15) | test.cpp:14:24:14:26 | sp3 | The ownership of shared_ptr $@ is not shared within or passed out of the local scope of function $@. | test.cpp:14:24:14:26 | sp3 | sp3 | test.cpp:11:22:11:23 | f1 | f1 | | test.cpp:16:24:16:26 | sp5 | The ownership of shared_ptr $@ is not shared within or passed out of the local scope of function $@. | test.cpp:16:24:16:26 | sp5 | sp5 | test.cpp:11:22:11:23 | f1 | f1 | | test.cpp:17:24:17:26 | sp6 | The ownership of shared_ptr $@ is not shared within or passed out of the local scope of function $@. | test.cpp:17:24:17:26 | sp6 | sp6 | test.cpp:11:22:11:23 | f1 | f1 | pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy