Rule 7.0.6: Address performance issues

lcartey · lcartey · commit 7c5fb879f39c · 2025-06-20T09:54:20.000+01:00
- Extract the determination of ExprCall FunctionTypes
 - Ensure type matching is inlined
diff --git a/cpp/common/src/codingstandards/cpp/types/Compatible.qll b/cpp/common/src/codingstandards/cpp/types/Compatible.qll
@@ -1,6 +1,7 @@
 import cpp
 import codeql.util.Boolean
 import codingstandards.cpp.types.Graph
+import codingstandards.cpp.types.Type
 
 module TypeNamesMatchConfig implements TypeEquivalenceSig {
   predicate resolveTypedefs() {
@@ -522,24 +523,6 @@ module FunctionDeclarationTypeEquivalence<
   }
 }
 
-/**
- * Convenience class to reduce the awkwardness of how `RoutineType` and `FunctionPointerIshType`
- * don't have a common ancestor.
- */
-private class FunctionType extends Type {
-  FunctionType() { this instanceof RoutineType or this instanceof FunctionPointerIshType }
-
-  Type getReturnType() {
-    result = this.(RoutineType).getReturnType() or
-    result = this.(FunctionPointerIshType).getReturnType()
-  }
-
-  Type getParameterType(int i) {
-    result = this.(RoutineType).getParameterType(i) or
-    result = this.(FunctionPointerIshType).getParameterType(i)
-  }
-}
-
 private class LeafType extends Type {
   LeafType() {
     not this instanceof DerivedType and
diff --git a/cpp/common/src/codingstandards/cpp/types/Type.qll b/cpp/common/src/codingstandards/cpp/types/Type.qll
@@ -111,3 +111,21 @@ predicate integralTypeBounds(IntegralType integralType, QlBuiltins::BigInt lb, Q
       )
   )
 }
+
+/**
+ * Convenience class to reduce the awkwardness of how `RoutineType` and `FunctionPointerIshType`
+ * don't have a common ancestor.
+ */
+class FunctionType extends Type {
+  FunctionType() { this instanceof RoutineType or this instanceof FunctionPointerIshType }
+
+  Type getReturnType() {
+    result = this.(RoutineType).getReturnType() or
+    result = this.(FunctionPointerIshType).getReturnType()
+  }
+
+  Type getParameterType(int i) {
+    result = this.(RoutineType).getParameterType(i) or
+    result = this.(FunctionPointerIshType).getParameterType(i)
+  }
+}
diff --git a/cpp/misra/src/codingstandards/cpp/misra/BuiltInTypeRules.qll b/cpp/misra/src/codingstandards/cpp/misra/BuiltInTypeRules.qll
@@ -120,6 +120,19 @@ class CanonicalIntegerTypes extends NumericType, IntegralType {
   CanonicalIntegerTypes() { this = this.getCanonicalArithmeticType() }
 }
 
+FunctionType getExprCallFunctionType(ExprCall call) {
+  // A standard expression call
+  // Returns a FunctionPointerIshType
+  result = call.(ExprCall).getExpr().getType()
+  or
+  // An expression call using the pointer to member operator (.* or ->*)
+  // This special handling is required because we don't have a CodeQL class representing the call
+  // to a pointer to member function, but the right hand side is extracted as the -1 child of the
+  // call.
+  // Returns a RoutineType
+  result = call.(ExprCall).getChild(-1).getType().(PointerToMemberType).getBaseType()
+}
+
 predicate isAssignment(Expr source, NumericType targetType, string context) {
   exists(Expr preConversionAssignment |
     isPreConversionAssignment(preConversionAssignment, targetType, context) and
@@ -181,27 +194,16 @@ predicate isPreConversionAssignment(Expr source, NumericType targetType, string
     not targetType.stripTopLevelSpecifiers() instanceof ReferenceType and
     context = "function argument"
   |
+    // A regular function call
     targetType = call.getTarget().getParameter(i).getType()
     or
-    // Handle varargs - use the fully converted type of the argument
+    // A function call where the argument is passed as varargs
     call.getTarget().getNumberOfParameters() <= i and
+    // The rule states that the type should match the "adjusted" type of the argument
     targetType = source.getFullyConverted().getType()
     or
-    // A standard expression call
-    targetType = call.(ExprCall).getExpr().getType().(FunctionPointerIshType).getParameterType(i)
-    or
-    // An expression call using the pointer to member operator (.* or ->*)
-    // This special handling is required because we don't have a CodeQL class representing the call
-    // to a pointer to member function, but the right hand side is extracted as the -1 child of the
-    // call
-    targetType =
-      call.(ExprCall)
-          .getChild(-1)
-          .getType()
-          .(PointerToMemberType)
-          .getBaseType()
-          .(RoutineType)
-          .getParameterType(i)
+    // An expression call - get the function type, then the parameter type
+    targetType = getExprCallFunctionType(call).getParameterType(i)
   )
   or
   // Return statement
diff --git a/cpp/misra/src/rules/RULE-7-0-6/NumericAssignmentTypeMismatch.ql b/cpp/misra/src/rules/RULE-7-0-6/NumericAssignmentTypeMismatch.ql
@@ -51,6 +51,8 @@ predicate isValidConstantAssignment(IntegerConstantExpr source, NumericType targ
   )
 }
 
+bindingset[sourceType, targetType]
+pragma[inline_late]
 predicate isValidTypeMatch(NumericType sourceType, NumericType targetType) {
   // Same type category, signedness and size
   sourceType.getTypeCategory() = targetType.getTypeCategory() and

Original file line number	Diff line number	Diff line change
`@@ -51,6 +51,8 @@ predicate isValidConstantAssignment(IntegerConstantExpr source, NumericType targ`
`51`	`51`	`)`
`52`	`52`	`}`
`53`	`53`
	`54`	`+bindingset[sourceType, targetType]`
	`55`	`+pragma[inline_late]`
`54`	`56`	`predicate isValidTypeMatch(NumericType sourceType, NumericType targetType) {`
`55`	`57`	`// Same type category, signedness and size`
`56`	`58`	`sourceType.getTypeCategory() = targetType.getTypeCategory() and`