initial commit

Author: MichaelRFairhurst

cpp/common/src/codingstandards/cpp/exclusions/cpp/Declarations3.qll

@@ -0,0 +1,26 @@
+//** THIS FILE IS AUTOGENERATED, DO NOT MODIFY DIRECTLY.  **/
+import cpp
+import RuleMetadata
+import codingstandards.cpp.exclusions.RuleMetadata
+
+newtype Declarations3Query = TPointerOrRefParamNotConstQuery()
+
+predicate isDeclarations3QueryMetadata(Query query, string queryId, string ruleId, string category) {
+  query =
+    // `Query` instance for the `pointerOrRefParamNotConst` query
+    Declarations3Package::pointerOrRefParamNotConstQuery() and
+  queryId =
+    // `@id` for the `pointerOrRefParamNotConst` query
+    "cpp/misra/pointer-or-ref-param-not-const" and
+  ruleId = "RULE-10-1-1" and
+  category = "advisory"
+}
+
+module Declarations3Package {
+  Query pointerOrRefParamNotConstQuery() {
+    //autogenerate `Query` type
+    result =
+      // `Query` type for `pointerOrRefParamNotConst` query
+      TQueryCPP(TDeclarations3PackageQuery(TPointerOrRefParamNotConstQuery()))
+  }
+}

cpp/common/src/codingstandards/cpp/exclusions/cpp/RuleMetadata.qll

@@ -28,6 +28,7 @@ import DeadCode8
 import DeadCode9
 import Declarations
 import Declarations1
+import Declarations3
 import ExceptionSafety
 import Exceptions1
 import Exceptions2
@@ -119,6 +120,7 @@ newtype TCPPQuery =
   TDeadCode9PackageQuery(DeadCode9Query q) or
   TDeclarationsPackageQuery(DeclarationsQuery q) or
   TDeclarations1PackageQuery(Declarations1Query q) or
+  TDeclarations3PackageQuery(Declarations3Query q) or
   TExceptionSafetyPackageQuery(ExceptionSafetyQuery q) or
   TExceptions1PackageQuery(Exceptions1Query q) or
   TExceptions2PackageQuery(Exceptions2Query q) or
@@ -210,6 +212,7 @@ predicate isQueryMetadata(Query query, string queryId, string ruleId, string cat
   isDeadCode9QueryMetadata(query, queryId, ruleId, category) or
   isDeclarationsQueryMetadata(query, queryId, ruleId, category) or
   isDeclarations1QueryMetadata(query, queryId, ruleId, category) or
+  isDeclarations3QueryMetadata(query, queryId, ruleId, category) or
   isExceptionSafetyQueryMetadata(query, queryId, ruleId, category) or
   isExceptions1QueryMetadata(query, queryId, ruleId, category) or
   isExceptions2QueryMetadata(query, queryId, ruleId, category) or

cpp/common/test/includes/standard-library/vector.h

@@ -20,8 +20,8 @@ template <class T, class Allocator = std::allocator<T>> class vector {
 
   iterator begin();
   iterator end();
-  const_iterator cbegin();
-  const_iterator cend();
+  const_iterator cbegin() const;
+  const_iterator cend() const;
   size_type size() const noexcept;
   void resize(size_type sz);
   void resize(size_type sz, const T &c);

cpp/misra/src/rules/RULE-10-1-1/PointerOrRefParamNotConst.ql

@@ -0,0 +1,201 @@
+/**
+ * @id cpp/misra/pointer-or-ref-param-not-const
+ * @name RULE-10-1-1: The target type of a pointer or lvalue reference parameter should be const-qualified appropriately
+ * @description Pointer or lvalue reference parameters that do not modify the target object should
+ *              be const-qualified to accurately reflect function behavior and prevent unintended
+ *              modifications.
+ * @kind problem
+ * @precision high
+ * @problem.severity warning
+ * @tags external/misra/id/rule-10-1-1
+ *       maintainability
+ *       readability
+ *       scope/single-translation-unit
+ *       external/misra/enforcement/decidable
+ *       external/misra/obligation/advisory
+ */
+
+import cpp
+import codingstandards.cpp.misra
+import codingstandards.cpp.types.Pointers
+import codingstandards.cpp.SideEffect
+import codingstandards.cpp.alertreporting.HoldsForAllCopies
+
+/**
+ * Holds if the function is in a template scope and should be excluded.
+ */
+predicate isInTemplateScope(Function f) {
+  // Function templates
+  f.isFromTemplateInstantiation(_)
+  or
+  f instanceof TemplateFunction
+  or
+  // Functions declared within the scope of a template class
+  exists(TemplateClass tc | f.getDeclaringType() = tc)
+  or
+  f.getDeclaringType().isFromTemplateInstantiation(_)
+  or
+  // Lambdas within template scope
+  exists(LambdaExpression le |
+    le.getLambdaFunction() = f and
+    isInTemplateScope(le.getEnclosingFunction())
+  )
+}
+
+/**
+ * A `Type` that may be a pointer, array, or reference, to a const or a non-const type.
+ *
+ * For example, `const int*`, `int* const`, `cont int* const`, `int*`, `int&`, `const int&` are all
+ * `PointerLikeType`s, while `int`, `int&&`, and `const int` are not.
+ *
+ * To check if a `PointerLikeType` points/refers to a const-qualified type, use the `pointsToConst()`
+ * predicate.
+ */
+class PointerLikeType extends Type {
+  Type innerType;
+  Type outerType;
+
+  PointerLikeType() {
+    innerType = this.(UnspecifiedPointerOrArrayType).getBaseType() and
+    outerType = this
+    or
+    innerType = this.(LValueReferenceType).getBaseType() and
+    outerType = this
+    or
+    exists(PointerLikeType stripped |
+      stripped = this.stripTopLevelSpecifiers() and not stripped = this
+    |
+      innerType = stripped.getInnerType() and
+      outerType = stripped.getOuterType()
+    )
+  }
+
+  /**
+   * Get the pointed to or referred to type, for instance `int` for `int*` or `const int&`.
+   */
+  Type getInnerType() { result = innerType }
+
+  /**
+   * Get the resolved pointer, array, or reference type itself, for instance `int*` in `int* const`.
+   *
+   * Removes cv-qualification and resolves typedefs and decltypes and specifiers via
+   * `stripTopLevelSpecifiers()`.
+   */
+  Type getOuterType() { result = outerType }
+
+  /**
+   * Holds when this type points to const -- for example, `const int*` and `const int&` point to
+   * const, while `int*`, `int *const` and `int&` do not.
+   */
+  predicate pointsToConst() { innerType.isConst() }
+
+  /**
+   * Holds when this type points to non-const -- for example, `int*` and `int&` and `int const*`
+   * point to non-const, while `const int*`, `const int&` do not.
+   */
+  predicate pointsToNonConst() { not innerType.isConst() }
+}
+
+class PointerLikeParam extends Parameter {
+  PointerLikeType pointerLikeType;
+
+  PointerLikeParam() {
+    pointerLikeType = this.getType() and
+    not pointerLikeType.pointsToConst() and
+    // Exclude pointers to non-object types
+    not pointerLikeType.getInnerType() instanceof RoutineType and
+    not pointerLikeType.getInnerType() instanceof VoidType
+  }
+
+  Expr getAPointerLikeAccess() {
+    result = this.getAnAccess()
+    or
+    // For reference parameters, also consider accesses to the parameter itself as accesses to the referent
+    pointerLikeType.getOuterType() instanceof ReferenceType and
+    result.(AddressOfExpr).getOperand() = this.getAnAccess()
+    or
+    // A pointer is dereferenced, but the result is not copied
+    pointerLikeType.getOuterType() instanceof PointerType and
+    result.(PointerDereferenceExpr).getOperand() = this.getAnAccess() and
+    not any(ReferenceDereferenceExpr rde).getExpr() = result.getConversion+()
+  }
+}
+
+query predicate test(
+  PointerLikeParam param, Expr ptrLikeAccess, Type argtype, Type innerType, string explain
+) {
+  ptrLikeAccess = param.getAPointerLikeAccess() and
+  exists(FunctionCall fc |
+    fc.getArgument(0) = ptrLikeAccess and
+    argtype = fc.getTarget().getParameter(0).getType() and
+    argtype.(PointerLikeType).pointsToNonConst() and
+    innerType = argtype.(PointerLikeType).getInnerType()
+  ) and
+  explain = argtype.explain()
+}
+
+/**
+ * A candidate parameter that could have its target type const-qualified.
+ */
+class NonConstParam extends PointerLikeParam {
+  NonConstParam() {
+    not pointerLikeType.pointsToConst() and
+    // Ignore parameters in functions without bodies
+    exists(this.getFunction().getBlock()) and
+    // Ignore unnamed parameters
+    this.isNamed() and
+    // Ignore functions that use ASM statements
+    not exists(AsmStmt a | a.getEnclosingFunction() = this.getFunction()) and
+    // Must have a pointer, array, or lvalue reference type with non-const target
+    // Exclude pointers to non-object types
+    not pointerLikeType.getInnerType() instanceof RoutineType and
+    not pointerLikeType.getInnerType() instanceof VoidType and
+    // Exclude virtual functions
+    not this.getFunction().isVirtual() and
+    // Exclude functions in template scope
+    not isInTemplateScope(this.getFunction()) and
+    // Exclude main
+    not this.getFunction().hasGlobalName("main") and
+    // Exclude deleted functions
+    not this.getFunction().isDeleted() and
+    // Exclude any parameter whose underlying data is modified (VariableEffect)
+    not exists(VariableEffect effect |
+      effect.getTarget() = this and
+      (
+        // For reference types, any effect is a target modification
+        pointerLikeType.getOuterType() instanceof ReferenceType
+        or
+        // For pointer types, exclude effects that only modify the pointer itself
+        not effect.(AssignExpr).getLValue() = this.getAnAccess() and
+        not effect.(CrementOperation).getOperand() = this.getAnAccess()
+      )
+    ) and
+    // Exclude parameters passed as arguments to functions taking non-const pointer/ref params
+    not exists(FunctionCall fc, int i |
+      fc.getArgument(i) = this.getAPointerLikeAccess() and
+      fc.getTarget().getParameter(i).getType().(PointerLikeType).pointsToNonConst()
+    ) and
+    // Exclude parameters used as qualifier for a non-const member function
+    not exists(FunctionCall fc |
+      fc.getQualifier() = this.getAnAccess() and
+      not fc.getTarget().hasSpecifier("const") and
+      not fc.getTarget().isStatic()
+    ) and
+    // Exclude parameters assigned to a non-const pointer/reference alias
+    not exists(Variable v |
+      v.getAnAssignedValue() = this.getAnAccess() and
+      v.getType().(PointerLikeType).pointsToNonConst()
+    ) and
+    // Exclude parameters returned as non-const pointer/reference
+    not exists(ReturnStmt ret |
+      ret.getExpr() = this.getAnAccess() and
+      ret.getEnclosingFunction().getType().(PointerLikeType).pointsToNonConst()
+    )
+  }
+}
+
+from NonConstParam param
+where not isExcluded(param, Declarations3Package::pointerOrRefParamNotConstQuery())
+select param,
+  "Parameter '" + param.getName() +
+    "' points/refers to a non-const-qualified type but does not modify the target object."

cpp/misra/test/rules/RULE-10-1-1/PointerOrRefParamNotConst.expected

@@ -0,0 +1,70 @@
+test
+| test.cpp:44:20:44:21 | p1 | test.cpp:44:35:44:37 | * ... | file://:0:0:0:0 | int32_t & | file:///Users/michaelrfairhurst/projects/codeql-coding-standards/cpp/common/test/includes/standard-library/stdint.h:8:20:8:26 | int32_t | reference to {typedef {signed int} as "int32_t"} |
+| test.cpp:53:20:53:21 | p1 | test.cpp:53:35:53:36 | p1 | file://:0:0:0:0 | int32_t & | file:///Users/michaelrfairhurst/projects/codeql-coding-standards/cpp/common/test/includes/standard-library/stdint.h:8:20:8:26 | int32_t | reference to {typedef {signed int} as "int32_t"} |
+| test.cpp:59:20:59:21 | p1 | test.cpp:59:35:59:36 | p1 | file://:0:0:0:0 | int32_t * | file:///Users/michaelrfairhurst/projects/codeql-coding-standards/cpp/common/test/includes/standard-library/stdint.h:8:20:8:26 | int32_t | pointer to {typedef {signed int} as "int32_t"} |
+| test.cpp:65:20:65:21 | p1 | test.cpp:65:36:65:37 | p1 | file://:0:0:0:0 | int32_t *const | file:///Users/michaelrfairhurst/projects/codeql-coding-standards/cpp/common/test/includes/standard-library/stdint.h:8:20:8:26 | int32_t | const {pointer to {typedef {signed int} as "int32_t"}} |
+| test.cpp:69:20:69:21 | p1 | test.cpp:69:35:69:37 | & ... | file://:0:0:0:0 | int32_t * | file:///Users/michaelrfairhurst/projects/codeql-coding-standards/cpp/common/test/includes/standard-library/stdint.h:8:20:8:26 | int32_t | pointer to {typedef {signed int} as "int32_t"} |
+| test.cpp:75:20:75:21 | p1 | test.cpp:75:36:75:38 | & ... | file://:0:0:0:0 | int32_t *const | file:///Users/michaelrfairhurst/projects/codeql-coding-standards/cpp/common/test/includes/standard-library/stdint.h:8:20:8:26 | int32_t | const {pointer to {typedef {signed int} as "int32_t"}} |
+#select
+| test.cpp:4:22:4:23 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:7:28:7:29 | p4 | Parameter 'p4' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:8:21:8:22 | p5 | Parameter 'p5' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:19:36:19:37 | l2 | Parameter 'l2' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:40:20:40:21 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:41:20:41:21 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:42:20:42:21 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:43:20:43:21 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:45:20:45:21 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:46:20:46:21 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:50:20:50:21 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:51:20:51:21 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:54:20:54:21 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:55:20:55:21 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:60:20:60:21 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:61:20:61:21 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:62:20:62:21 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:63:20:63:21 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:68:20:68:21 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:70:20:70:21 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:71:20:71:21 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:72:20:72:21 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:73:20:73:21 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:74:20:74:21 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:78:20:78:21 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:79:20:79:21 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:80:20:80:21 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:82:20:82:21 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:84:20:84:21 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:89:20:89:21 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:91:20:91:21 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:92:20:92:21 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:93:20:93:21 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:94:20:94:21 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:95:20:95:21 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:100:20:100:21 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:102:20:102:21 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:103:20:103:21 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:104:20:104:21 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:105:20:105:21 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:106:20:106:21 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:142:26:142:27 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:143:26:143:27 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:144:26:144:27 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:145:26:145:27 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:146:26:146:27 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:147:26:147:27 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:148:12:148:13 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:149:12:149:13 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:150:12:150:13 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:151:12:151:13 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:152:12:152:13 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:153:12:153:13 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:156:23:156:24 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:164:23:164:24 | p9 | Parameter 'p9' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:165:23:165:25 | p10 | Parameter 'p10' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:167:23:167:25 | p12 | Parameter 'p12' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:198:12:198:13 | p2 | Parameter 'p2' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:199:12:199:13 | p3 | Parameter 'p3' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:206:23:206:24 | p1 | Parameter 'p1' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:208:23:208:24 | p3 | Parameter 'p3' points/refers to a non-const-qualified type but does not modify the target object. |
+| test.cpp:209:23:209:24 | p4 | Parameter 'p4' points/refers to a non-const-qualified type but does not modify the target object. |

cpp/misra/test/rules/RULE-10-1-1/PointerOrRefParamNotConst.qlref

@@ -0,0 +1 @@
+rules/RULE-10-1-1/PointerOrRefParamNotConst.ql