M6-5-5: Improve detection of modification by reference

lcartey · lcartey · commit ac3feff7be62 · 2023-11-07T16:47:50.000-08:00
- No longer consider the taking of a const reference as a modification.
 - Consider taking a non-const reference of a potential loop counter as
   modifying that loop counter.
 - Update tests to reflect changes.
diff --git a/change_notes/2023-11-05-m6-5-5-const-refs.md b/change_notes/2023-11-05-m6-5-5-const-refs.md
@@ -0,0 +1,3 @@
+ * `M6-5-5`
+   - Reduce false positives by no longer considering the taking of a const reference as a modification.
+   - Improve detection of non-local modification of loop iteration variables to reduce false positives.
diff --git a/cpp/autosar/test/rules/M6-5-5/LoopControlVariableModifiedInLoopExpression.expected b/cpp/autosar/test/rules/M6-5-5/LoopControlVariableModifiedInLoopExpression.expected
@@ -1 +1,2 @@
 | test.cpp:24:8:24:15 | testFlag | Loop control variable testFlag is modified in the loop update expression. |
+| test.cpp:47:12:47:12 | y | Loop control variable y is modified in the loop update expression. |
diff --git a/cpp/autosar/test/rules/M6-5-5/test.cpp b/cpp/autosar/test/rules/M6-5-5/test.cpp
@@ -24,3 +24,27 @@ void test_loop_control_variable_modified_in_expression() {
        testFlag = updateFlagWithIncrement(++x)) { // NON_COMPLIANT
   }
 }
+
+#include <vector>
+
+void test_const_refs(std::vector<int> v) {
+  std::vector<int>::iterator first = v.begin();
+  std::vector<int>::iterator last = v.end();
+  // call to operator!= passes a const reference to first
+  for (; first != last; first++) { // COMPLIANT
+  }
+}
+
+void update(std::vector<int>::iterator &f, const int &x, int &y) {}
+
+void test_const_refs_update(std::vector<int> v) {
+  std::vector<int>::iterator last = v.end();
+  int x = 0;
+  int y = 0;
+  // call to operator!= passes a const reference to first
+  for (std::vector<int>::iterator first = v.begin(); first != last; update(
+           first, x, // COMPLIANT - first is a loop counter, so can be modified
+           y)) {     // NON_COMPLIANT - y is modified and is not a loop counter
+    first + 1;
+  }
+}
diff --git a/cpp/common/src/codingstandards/cpp/Loops.qll b/cpp/common/src/codingstandards/cpp/Loops.qll
@@ -106,6 +106,15 @@ Variable getALoopCounter(ForStmt fs) {
     )
     or
     updateOp = result.getAnAssignedValue()
+    or
+    // updateOp is an access whose address is taken in a non-const way
+    exists(FunctionCall fc, VariableAccess va |
+      fc = updateOp and
+      fc instanceof FunctionCall and
+      fc.getAnArgument() = va and
+      va = result.getAnAccess() and
+      va.isAddressOfAccessNonConst()
+    )
   ) and
   result instanceof Variable and
   // checked or used in the condition
@@ -260,7 +269,7 @@ predicate isLoopControlVarModifiedInLoopCondition(
   loopControlVariableAccess = forLoop.getCondition().getAChild+() and
   (
     loopControlVariableAccess.isModified() or
-    loopControlVariableAccess.isAddressOfAccess()
+    loopControlVariableAccess.isAddressOfAccessNonConst()
   )
 }
 
@@ -277,7 +286,7 @@ predicate isLoopControlVarModifiedInLoopExpr(
   loopControlVariableAccess = forLoop.getUpdate().getAChild() and
   (
     loopControlVariableAccess.isModified() or
-    loopControlVariableAccess.isAddressOfAccess()
+    loopControlVariableAccess.isAddressOfAccessNonConst()
   )
 }
 

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	+ * `M6-5-5`
	`2`	`+ - Reduce false positives by no longer considering the taking of a const reference as a modification.`
	`3`	`+ - Improve detection of non-local modification of loop iteration variables to reduce false positives.`
Original file line number	Diff line number	Diff line change
`@@ -1 +1,2 @@`
`1`	`1`	`\| test.cpp:24:8:24:15 \| testFlag \| Loop control variable testFlag is modified in the loop update expression. \|`
	`2`	`+\| test.cpp:47:12:47:12 \| y \| Loop control variable y is modified in the loop update expression. \|`
Original file line number	Diff line number	Diff line change
`@@ -106,6 +106,15 @@ Variable getALoopCounter(ForStmt fs) {`
`106`	`106`	`)`
`107`	`107`	`or`
`108`	`108`	`updateOp = result.getAnAssignedValue()`
	`109`	`+ or`
	`110`	`+ // updateOp is an access whose address is taken in a non-const way`
	`111`	`+ exists(FunctionCall fc, VariableAccess va \|`
	`112`	`+ fc = updateOp and`
	`113`	`+ fc instanceof FunctionCall and`
	`114`	`+ fc.getAnArgument() = va and`
	`115`	`+ va = result.getAnAccess() and`
	`116`	`+ va.isAddressOfAccessNonConst()`
	`117`	`+ )`
`109`	`118`	`) and`
`110`	`119`	`result instanceof Variable and`
`111`	`120`	`// checked or used in the condition`
`@@ -260,7 +269,7 @@ predicate isLoopControlVarModifiedInLoopCondition(`
`260`	`269`	`loopControlVariableAccess = forLoop.getCondition().getAChild+() and`
`261`	`270`	`(`
`262`	`271`	`loopControlVariableAccess.isModified() or`
`263`		`- loopControlVariableAccess.isAddressOfAccess()`
	`272`	`+ loopControlVariableAccess.isAddressOfAccessNonConst()`
`264`	`273`	`)`
`265`	`274`	`}`
`266`	`275`
`@@ -277,7 +286,7 @@ predicate isLoopControlVarModifiedInLoopExpr(`
`277`	`286`	`loopControlVariableAccess = forLoop.getUpdate().getAChild() and`
`278`	`287`	`(`
`279`	`288`	`loopControlVariableAccess.isModified() or`
`280`		`- loopControlVariableAccess.isAddressOfAccess()`
	`289`	`+ loopControlVariableAccess.isAddressOfAccessNonConst()`
`281`	`290`	`)`
`282`	`291`	`}`
`283`	`292`