Merge remote-tracking branch 'origin/main' into michaelrfairhurst/implement-package-generics

Author: MichaelRFairhurst

.github/workflows/upgrade_codeql_dependencies.yml

@@ -53,7 +53,7 @@ jobs:
           find c \( -name '*.ql' -or -name '*.qll' \) -print0 | xargs -0 --max-procs "$XARGS_MAX_PROCS" codeql query format --in-place
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6
+        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
         with:
           title: "Upgrade `github/codeql` dependency to ${{ github.event.inputs.codeql_cli_version }}"
           body: |

amendments.csv

@@ -11,40 +11,40 @@ c,MISRA-C-2012,Amendment3,RULE-10-7,Yes,Refine,Yes,Import
 c,MISRA-C-2012,Amendment3,RULE-10-8,Yes,Refine,Yes,Import
 c,MISRA-C-2012,Amendment3,RULE-21-11,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Amendment3,RULE-21-12,Yes,Replace,No,Easy
-c,MISRA-C-2012,Amendment4,RULE-11-3,Yes,Expand,No,Easy
-c,MISRA-C-2012,Amendment4,RULE-11-8,Yes,Expand,No,Easy
-c,MISRA-C-2012,Amendment4,RULE-13-2,Yes,Expand,No,Very Hard
+c,MISRA-C-2012,Amendment4,RULE-11-3,Yes,Expand,Yes,Easy
+c,MISRA-C-2012,Amendment4,RULE-11-8,Yes,Expand,Yes,Easy
+c,MISRA-C-2012,Amendment4,RULE-13-2,Yes,Expand,Yes,Very Hard
 c,MISRA-C-2012,Amendment4,RULE-18-6,Yes,Expand,No,Medium
 c,MISRA-C-2012,Amendment4,RULE-18-8,Yes,Split,Yes,Easy
 c,MISRA-C-2012,Amendment4,RULE-2-2,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Amendment4,RULE-2-7,Yes,Clarification,Yes,Import
-c,MISRA-C-2012,Amendment4,RULE-3-1,Yes,Refine,No,Easy
+c,MISRA-C-2012,Amendment4,RULE-3-1,Yes,Refine,Yes,Easy
 c,MISRA-C-2012,Amendment4,RULE-8-6,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Amendment4,RULE-8-9,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Amendment4,RULE-9-4,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Amendment4,RULE-10-1,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Amendment4,RULE-18-3,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Amendment4,RULE-1-4,Yes,Replace,No,Easy
-c,MISRA-C-2012,Amendment4,RULE-9-1,Yes,Refine,No,Easy
+c,MISRA-C-2012,Amendment4,RULE-9-1,Yes,Refine,Yes,Easy
 c,MISRA-C-2012,Amendment4,RULE-9-2,Yes,Refine,No,Import
 c,MISRA-C-2012,Corrigendum2,DIR-4-10,Yes,Clarification,Yes,Import
-c,MISRA-C-2012,Corrigendum2,RULE-7-4,Yes,Refine,No,Easy
+c,MISRA-C-2012,Corrigendum2,RULE-7-4,Yes,Refine,Yes,Easy
 c,MISRA-C-2012,Corrigendum2,RULE-8-2,Yes,Clarification,Yes,Import
-c,MISRA-C-2012,Corrigendum2,RULE-8-3,Yes,Refine,No,Easy
+c,MISRA-C-2012,Corrigendum2,RULE-8-3,Yes,Refine,Yes,Easy
 c,MISRA-C-2012,Corrigendum2,RULE-8-7,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Corrigendum2,RULE-10-1,Yes,Clarification,Yes,Import
-c,MISRA-C-2012,Corrigendum2,RULE-10-2,Yes,Refine,No,Easy
+c,MISRA-C-2012,Corrigendum2,RULE-10-2,Yes,Refine,Yes,Easy
 c,MISRA-C-2012,Corrigendum2,RULE-10-3,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Corrigendum2,RULE-11-3,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Corrigendum2,RULE-11-6,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Corrigendum2,RULE-13-2,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Corrigendum2,RULE-13-6,Yes,Clarification,Yes,Import
-c,MISRA-C-2012,Corrigendum2,RULE-14-3,Yes,Refine,No,Easy
+c,MISRA-C-2012,Corrigendum2,RULE-14-3,Yes,Refine,Yes,Easy
 c,MISRA-C-2012,Corrigendum2,RULE-15-7,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Corrigendum2,RULE-17-4,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Corrigendum2,RULE-17-5,Yes,Clarification,Yes,Import
-c,MISRA-C-2012,Corrigendum2,RULE-18-1,Yes,Refine,No,Easy
+c,MISRA-C-2012,Corrigendum2,RULE-18-1,Yes,Refine,Yes,Easy
 c,MISRA-C-2012,Corrigendum2,RULE-20-14,No,Clarification,Yes,Import
 c,MISRA-C-2012,Corrigendum2,RULE-21-19,Yes,Clarification,Yes,Import
-c,MISRA-C-2012,Corrigendum2,RULE-21-20,Yes,Refine,No,Easy
-c,MISRA-C-2012,Corrigendum2,RULE-22-9,Yes,Clarification,Yes,Import
+c,MISRA-C-2012,Corrigendum2,RULE-21-20,Yes,Refine,Yes,Easy
+c,MISRA-C-2012,Corrigendum2,RULE-22-9,Yes,Clarification,Yes,Import

c/cert/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cert-c-coding-standards
-version: 2.42.0-dev
+version: 2.43.0-dev
 description: CERT C 2016
 suites: codeql-suites
 license: MIT

c/cert/test/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cert-c-coding-standards-tests
-version: 2.42.0-dev
+version: 2.43.0-dev
 extractor: cpp
 license: MIT
 dependencies:

c/common/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/common-c-coding-standards
-version: 2.42.0-dev
+version: 2.43.0-dev
 license: MIT
 dependencies:
   codeql/common-cpp-coding-standards: '*'

c/common/test/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/common-c-coding-standards-tests
-version: 2.42.0-dev
+version: 2.43.0-dev
 extractor: cpp
 license: MIT
 dependencies:

c/common/test/rules/donotusepointerarithmetictoaddressdifferentarrays/DoNotUsePointerArithmeticToAddressDifferentArrays.expected

@@ -1,5 +1,5 @@
-| test.c:4:13:4:18 | ... + ... | Array pointer p2 points 1 element passed the end of $@. | test.c:2:7:2:8 | l1 | l1 |
-| test.c:5:13:5:18 | ... + ... | Array pointer p3 points 1 element passed the end of $@. | test.c:2:7:2:8 | l1 | l1 |
-| test.c:6:13:6:18 | & ... | Array pointer p4 points 1 element passed the end of $@. | test.c:2:7:2:8 | l1 | l1 |
-| test.c:11:8:11:11 | ... -- | Array pointer p7 points 1 element passed the end of $@. | test.c:2:7:2:8 | l1 | l1 |
-| test.c:12:8:12:9 | p3 | Array pointer p8 points 1 element passed the end of $@. | test.c:2:7:2:8 | l1 | l1 |
+| test.c:4:13:4:18 | ... + ... | Array pointer p2 points 1 element past the end of $@. | test.c:2:7:2:8 | l1 | l1 |
+| test.c:5:13:5:18 | ... + ... | Array pointer p3 points 1 element past the end of $@. | test.c:2:7:2:8 | l1 | l1 |
+| test.c:6:13:6:18 | & ... | Array pointer p4 points 1 element past the end of $@. | test.c:2:7:2:8 | l1 | l1 |
+| test.c:11:8:11:11 | ... -- | Array pointer p7 points 1 element past the end of $@. | test.c:2:7:2:8 | l1 | l1 |
+| test.c:12:8:12:9 | p3 | Array pointer p8 points 1 element past the end of $@. | test.c:2:7:2:8 | l1 | l1 |

c/common/test/rules/readofuninitializedmemory/test.c

@@ -94,4 +94,6 @@ void test_non_default_init() {
   static struct A ss;
   use_struct_A(
       ss); // COMPLIANT - static struct type variables are zero initialized
+  _Atomic int x;
+  use_int(x); // COMPLIANT - atomics are special, covered by other rules
 }

c/misra/src/codingstandards/c/misra/EssentialTypes.qll

@@ -328,12 +328,14 @@ class EssentialBinaryOperationSubjectToUsualConversions extends EssentialExpr, B
     exists(
       Type leftEssentialType, Type rightEssentialType,
       EssentialTypeCategory leftEssentialTypeCategory,
-      EssentialTypeCategory rightEssentialTypeCategory
+      EssentialTypeCategory rightEssentialTypeCategory, int intTypeSize
     |
       leftEssentialType = getEssentialType(getLeftOperand()) and
       rightEssentialType = getEssentialType(getRightOperand()) and
       leftEssentialTypeCategory = getEssentialTypeCategory(leftEssentialType) and
-      rightEssentialTypeCategory = getEssentialTypeCategory(rightEssentialType)
+      rightEssentialTypeCategory = getEssentialTypeCategory(rightEssentialType) and
+      // For rules around addition/subtraction with char types:
+      intTypeSize = any(IntType i | i.isSigned()).getSize()
     |
       if
         leftEssentialTypeCategory = rightEssentialTypeCategory and
@@ -356,14 +358,18 @@ class EssentialBinaryOperationSubjectToUsualConversions extends EssentialExpr, B
 class EssentialAddExpr extends EssentialBinaryOperationSubjectToUsualConversions, AddExpr {
   override Type getEssentialType() {
     exists(
-      EssentialTypeCategory operandTypeCategory, EssentialTypeCategory otherOperandTypeCategory
+      Type otherOperandType, EssentialTypeCategory operandTypeCategory,
+      EssentialTypeCategory otherOperandTypeCategory, int intTypeSize
     |
       operandTypeCategory = getEssentialTypeCategory(getEssentialType(getAnOperand())) and
-      otherOperandTypeCategory = getEssentialTypeCategory(getEssentialType(getAnOperand()))
+      otherOperandType = getEssentialType(getAnOperand()) and
+      otherOperandTypeCategory = getEssentialTypeCategory(otherOperandType) and
+      intTypeSize = any(IntType i).getSize()
     |
       if
         operandTypeCategory = EssentiallyCharacterType() and
-        otherOperandTypeCategory instanceof EssentiallySignedOrUnsignedType
+        otherOperandTypeCategory instanceof EssentiallySignedOrUnsignedType and
+        otherOperandType.getSize() <= intTypeSize
       then result instanceof PlainCharType
       else result = super.getEssentialType()
     )
@@ -376,15 +382,18 @@ class EssentialAddExpr extends EssentialBinaryOperationSubjectToUsualConversions
 class EssentialSubExpr extends EssentialBinaryOperationSubjectToUsualConversions, SubExpr {
   override Type getEssentialType() {
     exists(
-      EssentialTypeCategory leftEssentialTypeCategory,
-      EssentialTypeCategory rightEssentialTypeCategory
+      EssentialTypeCategory leftEssentialTypeCategory, Type rightEssentialType,
+      EssentialTypeCategory rightEssentialTypeCategory, int intTypeSize
     |
       leftEssentialTypeCategory = getEssentialTypeCategory(getEssentialType(getLeftOperand())) and
-      rightEssentialTypeCategory = getEssentialTypeCategory(getEssentialType(getRightOperand()))
+      rightEssentialType = getEssentialType(getRightOperand()) and
+      rightEssentialTypeCategory = getEssentialTypeCategory(rightEssentialType) and
+      intTypeSize = any(IntType i).getSize()
     |
       if
         leftEssentialTypeCategory = EssentiallyCharacterType() and
-        rightEssentialTypeCategory instanceof EssentiallySignedOrUnsignedType
+        rightEssentialTypeCategory instanceof EssentiallySignedOrUnsignedType and
+        rightEssentialType.getSize() <= intTypeSize
       then result instanceof PlainCharType
       else result = super.getEssentialType()
     )

c/misra/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/misra-c-coding-standards
-version: 2.42.0-dev
+version: 2.43.0-dev
 description: MISRA C 2012
 suites: codeql-suites
 license: MIT

c/misra/src/rules/RULE-10-2/AdditionSubtractionOnEssentiallyCharType.ql

@@ -32,7 +32,7 @@ where
     // But the overall essential type is not essentially character type
     getEssentialTypeCategory(getEssentialType(addOrSub)) = EssentiallyCharacterType()
     or
-    // Or this is a subtration of one character with another, which is permitted, but produces an integral type
+    // Or this is a subtraction of one character with another, which is permitted, but produces an integral type
     getEssentialTypeCategory(getEssentialType(addOrSub.getLeftOperand())) =
       EssentiallyCharacterType() and
     getEssentialTypeCategory(getEssentialType(addOrSub.getRightOperand())) =

c/misra/src/rules/RULE-11-10/AtomicQualifierAppliedToVoid.ql

@@ -0,0 +1,55 @@
+/**
+ * @id c/misra/atomic-qualifier-applied-to-void
+ * @name RULE-11-10: The _Atomic qualifier shall not be applied to the incomplete type void
+ * @description Conversions between types by using an _Atomic void type may result in undefined
+ *              behavior.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity error
+ * @tags external/misra/id/rule-11-10
+ *       correctness
+ *       external/misra/c/2012/third-edition-first-revision
+ *       external/misra/c/2012/amendment4
+ *       external/misra/obligation/required
+ */
+
+import cpp
+import codingstandards.c.misra
+
+class AtomicVoidType extends Type {
+  AtomicVoidType() {
+    hasSpecifier("atomic") and
+    getUnspecifiedType() instanceof VoidType
+  }
+}
+
+predicate usesAtomicVoid(Type root) {
+  root instanceof AtomicVoidType
+  or
+  usesAtomicVoid(root.(DerivedType).getBaseType())
+  or
+  usesAtomicVoid(root.(RoutineType).getReturnType())
+  or
+  usesAtomicVoid(root.(RoutineType).getAParameterType())
+  or
+  usesAtomicVoid(root.(FunctionPointerType).getReturnType())
+  or
+  usesAtomicVoid(root.(FunctionPointerType).getAParameterType())
+  or
+  usesAtomicVoid(root.(TypedefType).getBaseType())
+}
+
+class ExplicitType extends Type {
+  Element getDeclaration(string description) {
+    result.(DeclarationEntry).getType() = this and description = result.(DeclarationEntry).getName()
+    or
+    result.(CStyleCast).getType() = this and description = "Cast"
+  }
+}
+
+from Element decl, ExplicitType explicitType, string elementDescription
+where
+  not isExcluded(decl, Declarations9Package::atomicQualifierAppliedToVoidQuery()) and
+  decl = explicitType.getDeclaration(elementDescription) and
+  usesAtomicVoid(explicitType)
+select decl, elementDescription + " declared with an atomic void type."

c/misra/src/rules/RULE-11-3/CastBetweenObjectPointerAndDifferentObjectType.ql

@@ -23,7 +23,11 @@ where
   baseTypeFrom = cast.getExpr().getType().(PointerToObjectType).getBaseType() and
   baseTypeTo = cast.getType().(PointerToObjectType).getBaseType() and
   // exception: cast to a char, signed char, or unsigned char is permitted
-  not baseTypeTo.stripType() instanceof CharType and
+  not (
+    baseTypeTo.stripType() instanceof CharType and
+    // Exception does not apply to _Atomic types
+    not baseTypeFrom.hasSpecifier("atomic")
+  ) and
   (
     (
       baseTypeFrom.isVolatile() and not baseTypeTo.isVolatile()

c/misra/src/rules/RULE-11-8/CastRemovesConstOrVolatileQualification.ql

@@ -24,5 +24,9 @@ where
     baseTypeFrom.isVolatile() and not baseTypeTo.isVolatile() and qualificationName = "volatile"
     or
     baseTypeFrom.isConst() and not baseTypeTo.isConst() and qualificationName = "const"
+    or
+    baseTypeFrom.hasSpecifier("atomic") and
+    not baseTypeTo.hasSpecifier("atomic") and
+    qualificationName = "atomic"
   )
 select cast, "Cast of pointer removes " + qualificationName + " qualification from its base type."

c/misra/src/rules/RULE-13-2/UnsequencedAtomicReads.ql

@@ -0,0 +1,91 @@
+/**
+ * @id c/misra/unsequenced-atomic-reads
+ * @name RULE-13-2: The value of an atomic variable shall not depend on the evaluation order of interleaved threads
+ * @description The value of an atomic variable shall not depend on evaluation order and
+ *              interleaving of threads.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity error
+ * @tags external/misra/id/rule-13-2
+ *       correctness
+ *       external/misra/c/2012/amendment3
+ *       external/misra/obligation/required
+ */
+
+import cpp
+import semmle.code.cpp.dataflow.TaintTracking
+import codingstandards.c.misra
+import codingstandards.c.Ordering
+import codingstandards.c.orderofevaluation.VariableAccessOrdering
+
+class AtomicAccessInFullExpressionOrdering extends Ordering::Configuration {
+  AtomicAccessInFullExpressionOrdering() { this = "AtomicAccessInFullExpressionOrdering" }
+
+  override predicate isCandidate(Expr e1, Expr e2) {
+    exists(AtomicVariableAccess a, AtomicVariableAccess b, FullExpr e | a = e1 and b = e2 |
+      a.getTarget() = b.getTarget() and
+      a.(ConstituentExpr).getFullExpr() = e and
+      b.(ConstituentExpr).getFullExpr() = e and
+      not a = b
+    )
+  }
+}
+
+/**
+ * A read of a variable specified as `_Atomic`.
+ *
+ * Note, it may be accessed directly, or by passing its address into the std atomic functions.
+ */
+class AtomicVariableAccess extends VariableAccess {
+  AtomicVariableAccess() { getTarget().getType().hasSpecifier("atomic") }
+
+  /* Get the `atomic_<read|write>()` call this VarAccess occurs in. */
+  FunctionCall getAtomicFunctionCall() {
+    exists(AddressOfExpr addrParent, FunctionCall fc |
+      fc.getTarget().getName().matches("__c11_atomic%") and
+      addrParent = fc.getArgument(0) and
+      addrParent.getAnOperand() = this and
+      result = fc
+    )
+  }
+
+  /**
+   * Gets an assigned expr, either in the form `x = <result>` or `atomic_store(&x, <result>)`.
+   */
+  Expr getAnAssignedExpr() {
+    result = getAtomicFunctionCall().getArgument(1)
+    or
+    exists(AssignExpr assign |
+      assign.getLValue() = this and
+      result = assign.getRValue()
+    )
+  }
+
+  /**
+   * Gets the expression holding this variable access, either in the form `x` or `atomic_read(&x)`.
+   */
+  Expr getARead() {
+    result = getAtomicFunctionCall()
+    or
+    result = this
+  }
+}
+
+from
+  AtomicAccessInFullExpressionOrdering config, FullExpr e, Variable v, AtomicVariableAccess va1,
+  AtomicVariableAccess va2
+where
+  not isExcluded(e, SideEffects3Package::unsequencedAtomicReadsQuery()) and
+  e = va1.(ConstituentExpr).getFullExpr() and
+  config.isUnsequenced(va1, va2) and
+  v = va1.getTarget() and
+  v = va2.getTarget() and
+  // Exclude cases where the variable is assigned a value tainted by the other variable access.
+  not exists(Expr write |
+    write = va1.getAnAssignedExpr() and
+    TaintTracking::localTaint(DataFlow::exprNode(va2.getARead()), DataFlow::exprNode(write))
+  ) and
+  // Impose an ordering, show the first access.
+  va1.getLocation().isBefore(va2.getLocation(), _)
+select e, "Atomic variable $@ has a $@ that is unsequenced with $@.", v, v.getName(), va1,
+  "previous read", va2, "another read"