Merge pull request #338 from github/lcartey/final-compiler-compat-issues

Fixing the final compatibility issues

Author: jsinglet

change_notes/2023-08-02-a8-4-13-false-positives.md

@@ -0,0 +1,2 @@
+ - `A8-4-13`
+  - Address false positives caused by missing modelling of modifying operations for smart pointers for some standard libraries (such as libstdc++).

change_notes/2023-08-02-smart-pointers.md

@@ -0,0 +1,5 @@
+ - `A20-8-1`/`MEM56-CPP`
+    - Address false negatives caused by lack of modelling of flow through smart pointers.
+    - Reduce flow paths through standard library headers to simplify results.
+ - `A18-1-4`
+    - Address false positives caused by missing modelling of modifying operations for smart pointers for some standard libraries (such as libstdc++).

change_notes/2023-08-03-string-replace.md

@@ -0,0 +1,2 @@
+ - `STR51-CPP`
+   - Address false negatives caused by incomplete modelling of the `std::string::replace()` function.

change_notes/2023-08-04-a15-5-1-noexcept.md

@@ -0,0 +1,3 @@
+ - `A15-5-1`
+   - Rephrase alert message for `noalert(false)` special functions to clarify that this permits exceptions.
+   - Additional results for implicit `noexcept(true)` special functions highlighting that the specification should be made explicit.

cpp/autosar/src/rules/A15-2-2/ConstructorErrorLeavesObjectInInvalidState.ql

@@ -78,11 +78,18 @@ class DeleteWrapperFunction extends Function {
 class ExceptionThrownInConstructor extends ExceptionThrowingExpr {
   Constructor c;
 
-  ExceptionThrownInConstructor() { exists(getAFunctionThrownType(c, this)) }
+  ExceptionThrownInConstructor() {
+    exists(getAFunctionThrownType(c, this)) and
+    // The constructor is within the users source code
+    exists(c.getFile().getRelativePath())
+  }
 
   Constructor getConstructor() { result = c }
 }
 
+/**
+ * Add the `nodes` predicate to ensure results with an empty path are still reported.
+ */
 query predicate nodes(ExceptionFlowNode node) { any() }
 
 from

cpp/autosar/src/rules/A15-5-1/SpecialFunctionMissingNoExceptSpecification.ql

@@ -22,15 +22,25 @@ import codingstandards.cpp.exceptions.ExceptionSpecifications
 from SpecialFunction f, string message
 where
   not isExcluded(f, Exceptions2Package::specialFunctionMissingNoExceptSpecificationQuery()) and
-  not isNoExceptTrue(f) and
+  not isFDENoExceptTrue(f.getDefinition()) and
   not f.isCompilerGenerated() and
   not f.isDeleted() and
   not f.isDefaulted() and
   (
     isNoExceptExplicitlyFalse(f) and
-    message = f.getQualifiedName() + " should not be noexcept(false)."
+    message =
+      "Special function " + f.getQualifiedName() +
+        " has a noexcept(false) specification that permits exceptions."
     or
+    isNoExceptTrue(f) and
+    message =
+      f.getQualifiedName() +
+        " has an implicit noexcept(true) specification but should make that explicit."
+    or
+    not isNoExceptTrue(f) and
     not isNoExceptExplicitlyFalse(f) and
-    message = f.getQualifiedName() + " is implicitly noexcept(false) and might throw."
+    message =
+      "Special function " + f.getQualifiedName() +
+        " has an implicit noexcept(false) specification that permits exceptions."
   )
 select f, message

cpp/autosar/src/rules/A18-1-4/PointerToAnElementOfAnArrayPassedToASmartPointer.ql

@@ -46,17 +46,28 @@ class SingleObjectSmartPointerArrayConstructionConfig extends TaintTracking::Con
       (
         sp.getAConstructorCallWithExternalObjectConstruction().getAnArgument() = sink.asExpr()
         or
-        sink.asExpr() =
-          any(FunctionCall fc, MemberFunction mf |
-            mf = fc.getTarget() and
-            mf.getDeclaringType() = sp and
-            mf.getName() = "reset"
-          |
-            fc.getArgument(0)
-          )
+        sink.asExpr() = sp.getAResetCall().getArgument(0)
       )
     )
   }
+
+  override predicate isAdditionalTaintStep(DataFlow::Node source, DataFlow::Node sink) {
+    exists(AutosarUniquePointer sp, FunctionCall fc |
+      fc = sp.getAReleaseCall() and
+      source.asExpr() = fc.getQualifier() and
+      sink.asExpr() = fc
+    )
+  }
+
+  override predicate isSanitizerIn(DataFlow::Node node) {
+    // Exclude flow into header files outside the source archive which are summarized by the
+    // additional taint steps above.
+    exists(AutosarUniquePointer sp |
+      sp.getAReleaseCall().getTarget() = node.asExpr().(ThisExpr).getEnclosingFunction()
+    |
+      not exists(node.getLocation().getFile().getRelativePath())
+    )
+  }
 }
 
 from

cpp/autosar/src/rules/A8-4-13/SharedPtrPassedToFunctionWithImproperSemantics.ql

@@ -19,19 +19,15 @@ import cpp
 import codingstandards.cpp.autosar
 import codingstandards.cpp.SmartPointers
 
-Expr underlyingObjectAffectingSharedPointerExpr(Function f) {
-  result =
-    any(VariableAccess va, FunctionCall fc |
-      va.getEnclosingFunction() = f and
-      // strip the type so as to include reference parameter types
-      va.getType().stripType() instanceof AutosarSharedPointer and
-      fc.getTarget().getDeclaringType().stripType() instanceof AutosarSharedPointer and
-      fc.getQualifier() = va and
-      // include only calls to methods which modify the underlying object
-      fc.getTarget().hasName(["operator=", "reset", "swap"])
-    |
-      va
-    )
+VariableAccess underlyingObjectAffectingSharedPointerExpr(Function f) {
+  exists(FunctionCall fc |
+    // Find a call in the function
+    fc.getEnclosingFunction() = f and
+    // include only calls to methods which modify the underlying object
+    fc = any(AutosarSharedPointer s).getAModifyingCall() and
+    // Report the qualifier
+    fc.getQualifier() = result
+  )
 }
 
 predicate flowsToUnderlyingObjectAffectingExpr(Parameter p) {

cpp/autosar/test/rules/A1-1-2.3/options.clang

@@ -0,0 +1 @@
+-w

cpp/autosar/test/rules/A12-0-2/test.cpp

@@ -1,5 +1,5 @@
 #include <cstdlib>
-#include <string>
+#include <cstring>
 
 class A {
 public: