Misra rules 12-2 17-5 17-7

Author: mbaluda

c/misra/src/rules/RULE-12-2/RightHandOperandOfAShiftOperatorRange.ql

@@ -12,8 +12,15 @@
 
 import cpp
 import codingstandards.c.misra
+import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis
 
-from
+from BinaryOperation x, int max_size
 where
   not isExcluded(x, Contracts6Package::rightHandOperandOfAShiftOperatorRangeQuery()) and
-select
+  (x instanceof LShiftExpr or x instanceof RShiftExpr) and
+  max_size = (8 * x.getLeftOperand().getExplicitlyConverted().getUnderlyingType().getSize()) - 1 and
+  exists(Expr rhs | rhs = x.getRightOperand().getFullyConverted() |
+    lowerBound(rhs) < 0 or
+    upperBound(rhs) > max_size
+  )
+select x, "The right hand operand of the shift operator is not in the range 0 to " + max_size + "."

c/misra/src/rules/RULE-17-5/ArrayFunctionArgumentNumberOfElements.ql

@@ -12,8 +12,64 @@
 
 import cpp
 import codingstandards.c.misra
+import semmle.code.cpp.dataflow.DataFlow
 
-from
+/**
+ * Models a function parameter of type array with specified size
+ * ```
+ * void f1(int ar[3]);
+ * ```
+ */
+class ArrayParameter extends Parameter {
+  ArrayParameter() { this.getType().(ArrayType).hasArraySize() }
+
+  Expr getAMatchingArgument() {
+    exists(FunctionCall fc |
+      this.getFunction() = fc.getTarget() and
+      result = fc.getArgument(this.getIndex())
+    )
+  }
+
+  int getArraySize() { result = this.getType().(ArrayType).getArraySize() }
+}
+
+/**
+ * The number of initialized elements in an ArrayAggregateLiteral.
+ * In the following examples the result=2
+ * ```
+ * int arr3[3] = {1, 2};
+ * int arr2[2] = {1, 2, 3};
+ * ```
+ */
+int countElements(ArrayAggregateLiteral l) { result = count(l.getElementExpr(_)) }
+
+class SmallArrayConfig extends DataFlow::Configuration {
+  SmallArrayConfig() { this = "SmallArrayConfig" }
+
+  override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof ArrayAggregateLiteral }
+
+  override predicate isSink(DataFlow::Node sink) {
+    sink.asExpr() = any(ArrayParameter p).getAMatchingArgument()
+  }
+}
+
+from Expr arg, ArrayParameter p
 where
-  not isExcluded(x, Contracts6Package::arrayFunctionArgumentNumberOfElementsQuery()) and
-select
+  not isExcluded(arg, Contracts6Package::arrayFunctionArgumentNumberOfElementsQuery()) and
+  exists(SmallArrayConfig config | arg = p.getAMatchingArgument() |
+    // the argument is a value and not an arrey
+    not arg.getType() instanceof DerivedType
+    or
+    // the argument is an array too small
+    arg.getType().(ArrayType).getArraySize() < p.getArraySize()
+    or
+    // the argument is a pointer and its value does not come from a literal of the correct
+    arg.getType() instanceof PointerType and
+    not exists(ArrayAggregateLiteral l |
+      config.hasFlow(DataFlow::exprNode(l), DataFlow::exprNode(arg)) and
+      countElements(l) >= p.getArraySize()
+    )
+  )
+select arg,
+  "The function argument does not have a sufficient number or elements declared in the $@.", p,
+  "parameter"

c/misra/src/rules/RULE-17-7/ValueReturnedByAFunctionNotUsed.ql

@@ -1,7 +1,7 @@
 /**
  * @id c/misra/value-returned-by-a-function-not-used
  * @name RULE-17-7: The value returned by a function having non-void return type shall be used
- * @description 
+ * @description
  * @kind problem
  * @precision very-high
  * @problem.severity error
@@ -11,8 +11,16 @@
 
 import cpp
 import codingstandards.c.misra
+import semmle.code.cpp.dataflow.DataFlow
 
-from
+from Call c
 where
-  not isExcluded(x, Contracts6Package::valueReturnedByAFunctionNotUsedQuery()) and
-select
+  not isExcluded(c, Contracts6Package::valueReturnedByAFunctionNotUsedQuery()) and
+  // Calls in `ExprStmt`s indicate that the return value is ignored
+  c.getParent() instanceof ExprStmt and
+  // Ignore calls to void functions or where the return value is cast to `void`
+  not c.getActualType() instanceof VoidType and
+  // Exclude cases where the function call is generated within a macro, as the user of the macro is
+  // not necessarily able to address thoes results
+  not c.isAffectedByMacro()
+select c, "The value returned by this call shall be used or cast to `void`."

c/misra/test/rules/RULE-12-2/RightHandOperandOfAShiftOperatorRange.expected

@@ -1 +1,21 @@
-No expected results have yet been specified
+| test.c:20:7:20:13 | ... << ... | The right hand operand of the shift operator is not in the range 0 to 31. |
+| test.c:22:7:22:13 | ... << ... | The right hand operand of the shift operator is not in the range 0 to 31. |
+| test.c:23:7:23:13 | ... << ... | The right hand operand of the shift operator is not in the range 0 to 31. |
+| test.c:25:7:25:13 | ... << ... | The right hand operand of the shift operator is not in the range 0 to 31. |
+| test.c:26:7:26:13 | ... << ... | The right hand operand of the shift operator is not in the range 0 to 31. |
+| test.c:29:7:29:13 | ... << ... | The right hand operand of the shift operator is not in the range 0 to 15. |
+| test.c:30:7:30:13 | ... << ... | The right hand operand of the shift operator is not in the range 0 to 15. |
+| test.c:31:7:31:13 | ... << ... | The right hand operand of the shift operator is not in the range 0 to 15. |
+| test.c:32:7:32:13 | ... << ... | The right hand operand of the shift operator is not in the range 0 to 15. |
+| test.c:33:7:33:13 | ... << ... | The right hand operand of the shift operator is not in the range 0 to 15. |
+| test.c:34:7:34:13 | ... << ... | The right hand operand of the shift operator is not in the range 0 to 15. |
+| test.c:35:7:35:13 | ... << ... | The right hand operand of the shift operator is not in the range 0 to 15. |
+| test.c:38:7:38:13 | ... << ... | The right hand operand of the shift operator is not in the range 0 to 63. |
+| test.c:40:7:40:13 | ... << ... | The right hand operand of the shift operator is not in the range 0 to 63. |
+| test.c:43:7:43:13 | ... << ... | The right hand operand of the shift operator is not in the range 0 to 63. |
+| test.c:46:7:46:13 | ... << ... | The right hand operand of the shift operator is not in the range 0 to 7. |
+| test.c:47:7:47:12 | ... << ... | The right hand operand of the shift operator is not in the range 0 to 7. |
+| test.c:63:7:63:13 | ... << ... | The right hand operand of the shift operator is not in the range 0 to 7. |
+| test.c:71:8:71:14 | ... << ... | The right hand operand of the shift operator is not in the range 0 to 7. |
+| test.c:75:3:75:19 | ... << ... | The right hand operand of the shift operator is not in the range 0 to 15. |
+| test.c:77:3:77:12 | ... >> ... | The right hand operand of the shift operator is not in the range 0 to 63. |

c/misra/test/rules/RULE-12-2/test.c

@@ -1,4 +1,4 @@
-
+#include <stdint.h>
 
 const short int s1 = 15;
 const short int s2 = -1;
@@ -58,8 +58,21 @@ void f2() {
   int aa = 10;
   aa++;
 
-  a = a << aa;
-  b = b << aa;
-  c = c << aa;
-  d = d << aa;
+  a = a << aa; // COMPLIANT
+  b = b << aa; // COMPLIANT
+  c = c << aa; // NON_COMPLIANT
+  d = d << aa; // COMPLIANT
+}
+
+void f3() {
+  uint8_t u8;
+  uint16_t u16;
+  u8 = u8 << 7;            // COMPLIANT
+  u8 = u8 << 8;            // NON_COMPLIANT
+  u16 = (uint16_t)u8 << 9; // COMPLIANT
+// 0u is essentially unsigned char
+  0u << 10;          // NON_COMPLIANT[FALSE_NEGATIVE]
+  (uint16_t)0 << 20; // NON_COMPLIANT
+  0UL << 10;         // COMPLIANT
+  0UL >> 100;        // NON_COMPLIANT
 }

c/misra/test/rules/RULE-17-5/ArrayFunctionArgumentNumberOfElements.expected

@@ -1 +1,9 @@
-No expected results have yet been specified
+| test.c:18:6:18:6 | 0 | The function argument does not have a sufficient number or elements declared in the $@. | test.c:1:13:1:14 | ar | parameter |
+| test.c:19:6:19:7 | ar | The function argument does not have a sufficient number or elements declared in the $@. | test.c:1:13:1:14 | ar | parameter |
+| test.c:21:6:21:9 | ar2p | The function argument does not have a sufficient number or elements declared in the $@. | test.c:1:13:1:14 | ar | parameter |
+| test.c:26:9:26:9 | 0 | The function argument does not have a sufficient number or elements declared in the $@. | test.c:2:20:2:21 | ar | parameter |
+| test.c:27:9:27:10 | ar | The function argument does not have a sufficient number or elements declared in the $@. | test.c:2:20:2:21 | ar | parameter |
+| test.c:29:9:29:12 | ar2p | The function argument does not have a sufficient number or elements declared in the $@. | test.c:2:20:2:21 | ar | parameter |
+| test.c:61:6:61:8 | ar2 | The function argument does not have a sufficient number or elements declared in the $@. | test.c:1:13:1:14 | ar | parameter |
+| test.c:62:6:62:9 | ar2b | The function argument does not have a sufficient number or elements declared in the $@. | test.c:1:13:1:14 | ar | parameter |
+| test.c:63:6:63:9 | ar2p | The function argument does not have a sufficient number or elements declared in the $@. | test.c:1:13:1:14 | ar | parameter |

c/misra/test/rules/RULE-17-5/test.c

@@ -17,15 +17,15 @@ void t1() {
 
   f1(0);    // NON_COMPLAINT
   f1(ar);   // NON_COMPLAINT
-  f1(ar2);  // NON_COMPLIANT
+  f1(ar2);  // COMPLIANT
   f1(ar2p); // NON_COMPLIANT
   f1(ar3);  // COMPLIANT
   f1(ar3p); // COMPLIANT
   f1(ar4);  // COMPLIANT
 
   f2(0, 0);    // NON_COMPLAINT
   f2(0, ar);   // NON_COMPLAINT
-  f2(0, ar2);  // NON_COMPLIANT
+  f2(0, ar2);  // COMPLIANT
   f2(0, ar2p); // NON_COMPLIANT
   f2(0, ar3);  // COMPLIANT
   f2(0, ar3p); // COMPLIANT
@@ -46,4 +46,21 @@ void t1() {
   f4(0, ar3);  // COMPLIANT
   f4(0, ar3p); // COMPLIANT
   f4(0, ar4);  // COMPLIANT
+}
+
+void t2() {
+  int ar2[2] = {1, 2};
+  int ar2b[2] = {1, 2, 3};
+  int *ar2p = ar2;
+  int ar3[3];
+  ar3[0] = 1;
+  ar3[1] = 2;
+  ar3[2] = 3;
+  int ar4[4] = {1, 2, 3, 4};
+
+  f1(ar2);  // NON_COMPLIANT
+  f1(ar2b); // NON_COMPLIANT
+  f1(ar2p); // NON_COMPLIANT
+  f1(ar3);  // COMPLIANT
+  f1(ar4);  // COMPLIANT
 }

c/misra/test/rules/RULE-17-7/ValueReturnedByAFunctionNotUsed.expected

@@ -1 +1,2 @@
-No expected results have yet been specified
+| test.c:6:3:6:4 | call to f2 | The value returned by this call shall be used or cast to `void`. |
+| test.c:15:3:15:9 | call to expression | The value returned by this call shall be used or cast to `void`. |

cpp/common/src/codingstandards/cpp/exclusions/c/Contracts6.qll

@@ -9,38 +9,42 @@ newtype Contracts6Query =
   TArrayFunctionArgumentNumberOfElementsQuery() or
   TValueReturnedByAFunctionNotUsedQuery()
 
-predicate isContracts6QueryMetadata(Query query, string queryId, string ruleId) {
+predicate isContracts6QueryMetadata(Query query, string queryId, string ruleId, string category) {
   query =
     // `Query` instance for the `doNotModifyConstantObjects` query
     Contracts6Package::doNotModifyConstantObjectsQuery() and
   queryId =
     // `@id` for the `doNotModifyConstantObjects` query
     "c/cert/do-not-modify-constant-objects" and
-  ruleId = "EXP40-C"
+  ruleId = "EXP40-C" and
+  category = "rule"
   or
   query =
     // `Query` instance for the `rightHandOperandOfAShiftOperatorRange` query
     Contracts6Package::rightHandOperandOfAShiftOperatorRangeQuery() and
   queryId =
     // `@id` for the `rightHandOperandOfAShiftOperatorRange` query
     "c/misra/right-hand-operand-of-a-shift-operator-range" and
-  ruleId = "RULE-12-2"
+  ruleId = "RULE-12-2" and
+  category = "required"
   or
   query =
     // `Query` instance for the `arrayFunctionArgumentNumberOfElements` query
     Contracts6Package::arrayFunctionArgumentNumberOfElementsQuery() and
   queryId =
     // `@id` for the `arrayFunctionArgumentNumberOfElements` query
     "c/misra/array-function-argument-number-of-elements" and
-  ruleId = "RULE-17-5"
+  ruleId = "RULE-17-5" and
+  category = "advisory"
   or
   query =
     // `Query` instance for the `valueReturnedByAFunctionNotUsed` query
     Contracts6Package::valueReturnedByAFunctionNotUsedQuery() and
   queryId =
     // `@id` for the `valueReturnedByAFunctionNotUsed` query
     "c/misra/value-returned-by-a-function-not-used" and
-  ruleId = "RULE-17-7"
+  ruleId = "RULE-17-7" and
+  category = "required"
 }
 
 module Contracts6Package {