Add Rule-19-1 and converted M0-2-1 to shared query

Author: mbaluda

c/common/test/rules/overlappingobjectassignment/OverlappingObjectAssignment.expected

@@ -0,0 +1 @@
+| test.c:9:3:9:11 | ... = ... | An object $@ assigned to overlapping object $@. | test.c:9:5:9:5 | l | l | test.c:9:11:9:11 | i | i |

c/common/test/rules/overlappingobjectassignment/OverlappingObjectAssignment.ql

@@ -0,0 +1,2 @@
+// GENERATED FILE - DO NOT MODIFY
+import codingstandards.cpp.rules.overlappingobjectassignment.OverlappingObjectAssignment

c/common/test/rules/overlappingobjectassignment/test.c

@@ -0,0 +1,10 @@
+#include <stdint.h>
+
+void f(void) {
+  union {
+    int i;
+    long l;
+  } u = {0};
+
+  u.l = u.i; // NON_COMPLIANT
+}

c/misra/src/rules/RULE-19-1/ObjectAssignedToAnOverlappingObject.ql

@@ -0,0 +1,21 @@
+/**
+ * @id c/misra/object-assigned-to-an-overlapping-object
+ * @name RULE-19-1: An object shall not be assigned to an overlapping object
+ * @description An object shall not be assigned to an overlapping object.
+ * @kind problem
+ * @precision high
+ * @problem.severity error
+ * @tags external/misra/id/rule-19-1
+ *       correctness
+ *       external/misra/obligation/mandatory
+ */
+
+import cpp
+import codingstandards.c.misra
+import codingstandards.cpp.rules.overlappingobjectassignment.OverlappingObjectAssignment
+
+class ObjectAssignedToAnOverlappingObjectQuery extends OverlappingObjectAssignmentSharedQuery {
+  ObjectAssignedToAnOverlappingObjectQuery() {
+    this = Contracts7Package::objectAssignedToAnOverlappingObjectQuery()
+  }
+}

c/misra/src/rules/RULE-19-1/ObjectCopiedToAnOverlappingObject.ql

@@ -0,0 +1,93 @@
+/**
+ * @id c/misra/object-copied-to-an-overlapping-object
+ * @name RULE-19-1: An object shall not be copied to an overlapping object
+ * @description An object shall not be copied to an overlapping object.
+ * @kind problem
+ * @precision high
+ * @problem.severity error
+ * @tags external/misra/id/rule-19-1
+ *       correctness
+ *       external/misra/obligation/mandatory
+ */
+
+import cpp
+import codingstandards.c.misra
+import semmle.code.cpp.valuenumbering.GlobalValueNumbering
+import semmle.code.cpp.dataflow.DataFlow
+
+/**
+ * Models calls to memcpy on overlapping objects
+ */
+class MemcpyCall extends Locatable {
+  Expr src;
+  Expr dst;
+
+  MemcpyCall() {
+    this.(MacroInvocation).getMacroName() = "memcpy" and
+    src = this.(MacroInvocation).getExpr().getChild(1) and
+    dst = this.(MacroInvocation).getExpr().getChild(0)
+    or
+    this.(FunctionCall).getTarget().hasGlobalName("memcpy") and
+    src = this.(FunctionCall).getArgument(1) and
+    dst = this.(FunctionCall).getArgument(0)
+  }
+
+  Expr getSrc() { result = src }
+
+  Expr getDst() { result = dst }
+
+  Expr getBase(Expr e) {
+    result =
+      [
+        e.(VariableAccess), e.(PointerAddExpr).getLeftOperand(),
+        e.(AddressOfExpr).getOperand().(ArrayExpr).getArrayBase()
+      ]
+  }
+
+  int getOffset(Expr e) {
+    result =
+      [
+        e.(PointerAddExpr).getRightOperand().getValue().toInt(),
+        e.(AddressOfExpr).getOperand().(ArrayExpr).getArrayOffset().getValue().toInt()
+      ]
+    or
+    e instanceof VariableAccess and result = 0
+  }
+
+  // maximum amount of element copied
+  int getCount() {
+    result =
+      upperBound([this.(MacroInvocation).getExpr().getChild(2), this.(FunctionCall).getArgument(2)])
+  }
+
+  // source and destination overlap
+  predicate overlap() {
+    globalValueNumber(this.getBase(src)) = globalValueNumber(this.getBase(dst)) and
+    exists(int dstStart, int dstEnd, int srcStart, int srcEnd |
+      dstStart = this.getOffset(dst) and
+      dstEnd = dstStart + this.getCount() - 1 and
+      srcStart = this.getOffset(src) and
+      srcEnd = srcStart + this.getCount() - 1 and
+      (
+        srcStart >= dstStart and srcEnd <= dstEnd
+        or
+        srcStart <= dstStart and srcEnd > dstStart
+        or
+        srcStart < dstEnd and srcEnd >= dstStart
+      ) and
+      // Exception 1: exact overlap and compatible type
+      not (
+        srcStart = dstStart and
+        srcEnd = dstEnd and
+        this.getBase(src).getUnspecifiedType() = this.getBase(dst).getUnspecifiedType()
+      )
+    )
+  }
+}
+
+from MemcpyCall memcpy
+where
+  not isExcluded(memcpy, Contracts7Package::objectCopiedToAnOverlappingObjectQuery()) and
+  memcpy.overlap()
+select memcpy, "The object to copy $@ overlaps the object to copy $@.", memcpy.getSrc(), "from",
+  memcpy.getDst(), "to"

c/misra/test/rules/RULE-12-2/test.c

@@ -21,9 +21,9 @@ void f1() {
   ul << 64; // NON_COMPLIANT
 
   // 1UL essential type is essentially unsigned char
-  1UL << 7;        // COMPLIANT
-  1UL << 8;        // NON_COMPLIANT
-  1UL << 64;       // NON_COMPLIANT
+  1UL << 7;  // COMPLIANT
+  1UL << 8;  // NON_COMPLIANT
+  1UL << 64; // NON_COMPLIANT
 
   // ULONG_MAX essential type is essentially unsigned long
   ULONG_MAX << 8;  // COMPLIANT

c/misra/test/rules/RULE-19-1/ObjectAssignedToAnOverlappingObject.testref

@@ -0,0 +1 @@
+c/common/test/rules/overlappingobjectassignment/OverlappingObjectAssignment.ql

c/misra/test/rules/RULE-19-1/ObjectCopiedToAnOverlappingObject.expected

@@ -0,0 +1,4 @@
+| test.c:5:3:5:8 | call to memcpy | The object to copy $@ overlaps the object to copy $@. | test.c:5:17:5:21 | & ... | from | test.c:5:10:5:14 | & ... | to |
+| test.c:7:3:7:8 | call to memcpy | The object to copy $@ overlaps the object to copy $@. | test.c:7:17:7:21 | & ... | from | test.c:7:10:7:14 | & ... | to |
+| test.c:8:3:8:8 | call to memcpy | The object to copy $@ overlaps the object to copy $@. | test.c:8:17:8:17 | o | from | test.c:8:10:8:14 | ... + ... | to |
+| test.c:10:3:10:8 | call to memcpy | The object to copy $@ overlaps the object to copy $@. | test.c:10:17:10:21 | ... + ... | from | test.c:10:10:10:14 | ... + ... | to |

c/misra/test/rules/RULE-19-1/ObjectCopiedToAnOverlappingObject.qlref

@@ -0,0 +1 @@
+rules/RULE-19-1/ObjectCopiedToAnOverlappingObject.ql

c/misra/test/rules/RULE-19-1/test.c

@@ -0,0 +1,22 @@
+#include <string.h>
+
+int o[10];
+void g(void) {
+  memcpy(&o[1], &o[0], 2); // NON_COMPLIANT
+  memcpy(&o[2], &o[0], 2); // COMPLIANT
+  memcpy(&o[2], &o[1], 2); // NON_COMPLIANT
+  memcpy(o + 1, o, 2);     // NON_COMPLIANT
+  memcpy(o + 2, o, 2);     // COMPLIANT
+  memcpy(o + 2, o + 1, 2); // NON_COMPLIANT
+
+  // Exception 1
+  int *p = &o[0];
+  int *q = &o[0];
+
+  *p = *q;                 // COMPLIANT
+  memcpy(&o[0], &o[0], 2); // COMPLIANT
+  memcpy(o, o, 2);         // COMPLIANT
+
+  // Exception 2
+  memmove(&o[1], &o[0], 2u * sizeof(o[0])); // COMPLIANT
+}