From 5f91c482e18ff369fe18a15a6436adf88bc3c977 Mon Sep 17 00:00:00 2001 From: Jeongsoo Lee Date: Thu, 5 Feb 2026 18:36:34 -0500 Subject: [PATCH 01/13] Prepare rule description files --- rule_packages/c/Contracts7.json | 8 +++--- rule_packages/cpp/Memory4.json | 39 +++++++++++++++++++++++++++ rule_packages/cpp/Representation.json | 5 ++-- 3 files changed, 47 insertions(+), 5 deletions(-) create mode 100644 rule_packages/cpp/Memory4.json diff --git a/rule_packages/c/Contracts7.json b/rule_packages/c/Contracts7.json index 95df01ca3..8b9ac838c 100644 --- a/rule_packages/c/Contracts7.json +++ b/rule_packages/c/Contracts7.json @@ -82,7 +82,8 @@ "name": "An object shall not be assigned to an overlapping object", "precision": "high", "severity": "error", - "short_name": "ObjectAssignedToAnOverlappingObject", + "short_name": "ObjectAssignedToAnOverlappingObjectMisraC", + "shared_implementation_short_name": "ObjectAssignedToAnOverlappingObject", "tags": [ "correctness", "external/misra/c/2012/third-edition-first-revision" @@ -94,7 +95,8 @@ "name": "An object shall not be copied to an overlapping object", "precision": "high", "severity": "error", - "short_name": "ObjectCopiedToAnOverlappingObject", + "short_name": "ObjectCopiedToAnOverlappingObjectMisraC", + "shared_implementation_short_name": "ObjectCopiedToAnOverlappingObject", "tags": [ "correctness", "external/misra/c/2012/third-edition-first-revision" @@ -104,4 +106,4 @@ "title": "An object shall not be assigned or copied to an overlapping object" } } -} \ No newline at end of file +} diff --git a/rule_packages/cpp/Memory4.json b/rule_packages/cpp/Memory4.json new file mode 100644 index 000000000..9fd364504 --- /dev/null +++ b/rule_packages/cpp/Memory4.json @@ -0,0 +1,39 @@ +{ + "MISRA-C++-2023": { + "RULE-8-18-1": { + "properties": { + "enforcement": "undecidable", + "obligation": "mandatory" + }, + "queries": [ + { + "description": "Copying a member of a union to another causes undefined behavior.", + "kind": "problem", + "name": "A member of a union must not be copied to its another member", + "precision": "high", + "severity": "error", + "short_name": "ObjectAssignedToAnOverlappingObjectMisraCpp", + "shared_implementation_short_name": "ObjectAssignedToAnOverlappingObject", + "tags": [ + "scope/system", + "correctness" + ] + }, + { + "description": "Copying a slice of an array to an overlapping region of the same array causes undefined behavior.", + "kind": "problem", + "name": "An slice of an array must not be copied to an overlapping region of itself", + "precision": "high", + "severity": "error", + "short_name": "ObjectCopiedToAnOverlappingObjectMisraCpp", + "shared_implementation_short_name": "ObjectCopiedToAnOverlappingObject", + "tags": [ + "scope/system", + "correctness" + ] + } + ], + "title": "Copying a member of a union to another, and copying a slice of an array to an overlapping one causes undefined behavior." + } + } +} diff --git a/rule_packages/cpp/Representation.json b/rule_packages/cpp/Representation.json index 813373afb..08056422c 100644 --- a/rule_packages/cpp/Representation.json +++ b/rule_packages/cpp/Representation.json @@ -49,7 +49,8 @@ "name": "An object shall not be assigned to an overlapping object", "precision": "high", "severity": "error", - "short_name": "ObjectAssignedToAnOverlappingObject", + "short_name": "ObjectAssignedToAnOverlappingObjectAutosarCpp", + "shared_implementation_short_name": "ObjectAssignedToAnOverlappingObject", "tags": [ "correctness" ] @@ -176,4 +177,4 @@ "title": "Do not access the bits of an object representation that are not part of the object's value representation" } } -} \ No newline at end of file +} From 69ad12426dc55eb1f42821be0f69852ad23fddab Mon Sep 17 00:00:00 2001 From: Jeongsoo Lee Date: Thu, 5 Feb 2026 18:37:10 -0500 Subject: [PATCH 02/13] Update rules.csv --- rules.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules.csv b/rules.csv index 3011924c8..9fbb36208 100644 --- a/rules.csv +++ b/rules.csv @@ -899,7 +899,7 @@ cpp,MISRA-C++-2023,RULE-8-7-1,Yes,Required,Undecidable,System,Pointer arithmetic cpp,MISRA-C++-2023,RULE-8-7-2,Yes,Required,Undecidable,System,Subtraction between pointers shall only be applied to pointers that address elements of the same array,ARR36-C,Memory2,Easy, cpp,MISRA-C++-2023,RULE-8-9-1,Yes,Required,Undecidable,System,"The built-in relational operators >, >=, < and <= shall not be applied to objects of pointer type, except where they point to elements of the same array",ARR36-C,Memory3,Easy, cpp,MISRA-C++-2023,RULE-8-14-1,Yes,Advisory,Undecidable,System,The right-hand operand of a logical && or operator should not contain persistent side effects,"M5-14-1, RULE-13-5",SideEffects3,Medium, -cpp,MISRA-C++-2023,RULE-8-18-1,Yes,Mandatory,Undecidable,System,An object or subobject must not be copied to an overlapping object,"M0-2-1, RULE-19-1",Memory,Hard, +cpp,MISRA-C++-2023,RULE-8-18-1,Yes,Mandatory,Undecidable,System,An object or subobject must not be copied to an overlapping object,"M0-2-1, RULE-19-1",Memory5,Hard, cpp,MISRA-C++-2023,RULE-8-18-2,Yes,Advisory,Decidable,Single Translation Unit,The result of an assignment operator should not be used,RULE-13-4,ImportMisra23,Import, cpp,MISRA-C++-2023,RULE-8-19-1,Yes,Advisory,Decidable,Single Translation Unit,The comma operator should not be used,M5-18-1,ImportMisra23,Import, cpp,MISRA-C++-2023,RULE-8-20-1,Yes,Advisory,Decidable,Single Translation Unit,An unsigned arithmetic operation with constant operands should not wrap,INT30-C,ImportMisra23,Import, From b9cbb1cdeb0992bc2a058d6fb7e9d39d16d88dfd Mon Sep 17 00:00:00 2001 From: Jeongsoo Lee Date: Thu, 5 Feb 2026 18:52:37 -0500 Subject: [PATCH 03/13] Add package files and factor out shared code --- ...jectAssignedToAnOverlappingObject.expected | 1 + .../ObjectAssignedToAnOverlappingObject.ql | 4 + .../test.c | 0 ...ObjectCopiedToAnOverlappingObject.expected | 1 + .../ObjectCopiedToAnOverlappingObject.ql | 4 + .../objectcopiedtoanoverlappingobject/test.c | 0 .../ObjectAssignedToAnOverlappingObject.ql | 55 -------------- ...jectAssignedToAnOverlappingObjectMisraC.ql | 22 ++++++ ...ObjectCopiedToAnOverlappingObjectMisraC.ql | 22 ++++++ ...ssignedToAnOverlappingObjectMisraC.testref | 1 + ...tCopiedToAnOverlappingObjectMisraC.testref | 1 + .../ObjectAssignedToAnOverlappingObject.ql | 57 -------------- ...AssignedToAnOverlappingObjectAutosarCpp.ql | 23 ++++++ ...nedToAnOverlappingObjectAutosarCpp.testref | 1 + .../cpp/exclusions/c/Contracts7.qll | 32 ++++---- .../cpp/exclusions/cpp/Memory4.qll | 44 +++++++++++ .../cpp/exclusions/cpp/Representation.qll | 16 ++-- .../cpp/exclusions/cpp/RuleMetadata.qll | 3 + .../ObjectAssignedToAnOverlappingObject.qll | 74 +++++++++++++++++++ .../ObjectCopiedToAnOverlappingObject.qll | 45 +++++++---- ...jectAssignedToAnOverlappingObject.expected | 1 + .../ObjectAssignedToAnOverlappingObject.ql | 4 + .../test.cpp | 0 ...ObjectCopiedToAnOverlappingObject.expected | 1 + .../ObjectCopiedToAnOverlappingObject.ql | 4 + .../test.cpp | 0 ...ctAssignedToAnOverlappingObjectMisraCpp.ql | 23 ++++++ ...jectCopiedToAnOverlappingObjectMisraCpp.ql | 24 ++++++ ...ignedToAnOverlappingObjectMisraCpp.testref | 1 + ...opiedToAnOverlappingObjectMisraCpp.testref | 1 + 30 files changed, 313 insertions(+), 152 deletions(-) create mode 100644 c/common/test/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.expected create mode 100644 c/common/test/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.ql create mode 100644 c/common/test/rules/objectassignedtoanoverlappingobject/test.c create mode 100644 c/common/test/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.expected create mode 100644 c/common/test/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.ql create mode 100644 c/common/test/rules/objectcopiedtoanoverlappingobject/test.c delete mode 100644 c/misra/src/rules/RULE-19-1/ObjectAssignedToAnOverlappingObject.ql create mode 100644 c/misra/src/rules/RULE-19-1/ObjectAssignedToAnOverlappingObjectMisraC.ql create mode 100644 c/misra/src/rules/RULE-19-1/ObjectCopiedToAnOverlappingObjectMisraC.ql create mode 100644 c/misra/test/rules/RULE-19-1/ObjectAssignedToAnOverlappingObjectMisraC.testref create mode 100644 c/misra/test/rules/RULE-19-1/ObjectCopiedToAnOverlappingObjectMisraC.testref delete mode 100644 cpp/autosar/src/rules/M0-2-1/ObjectAssignedToAnOverlappingObject.ql create mode 100644 cpp/autosar/src/rules/M0-2-1/ObjectAssignedToAnOverlappingObjectAutosarCpp.ql create mode 100644 cpp/autosar/test/rules/M0-2-1/ObjectAssignedToAnOverlappingObjectAutosarCpp.testref create mode 100644 cpp/common/src/codingstandards/cpp/exclusions/cpp/Memory4.qll create mode 100644 cpp/common/src/codingstandards/cpp/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.qll rename c/misra/src/rules/RULE-19-1/ObjectCopiedToAnOverlappingObject.ql => cpp/common/src/codingstandards/cpp/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.qll (69%) create mode 100644 cpp/common/test/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.expected create mode 100644 cpp/common/test/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.ql create mode 100644 cpp/common/test/rules/objectassignedtoanoverlappingobject/test.cpp create mode 100644 cpp/common/test/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.expected create mode 100644 cpp/common/test/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.ql create mode 100644 cpp/common/test/rules/objectcopiedtoanoverlappingobject/test.cpp create mode 100644 cpp/misra/src/rules/RULE-8-18-1/ObjectAssignedToAnOverlappingObjectMisraCpp.ql create mode 100644 cpp/misra/src/rules/RULE-8-18-1/ObjectCopiedToAnOverlappingObjectMisraCpp.ql create mode 100644 cpp/misra/test/rules/RULE-8-18-1/ObjectAssignedToAnOverlappingObjectMisraCpp.testref create mode 100644 cpp/misra/test/rules/RULE-8-18-1/ObjectCopiedToAnOverlappingObjectMisraCpp.testref diff --git a/c/common/test/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.expected b/c/common/test/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.expected new file mode 100644 index 000000000..2ec1a0ac6 --- /dev/null +++ b/c/common/test/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.expected @@ -0,0 +1 @@ +No expected results have yet been specified \ No newline at end of file diff --git a/c/common/test/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.ql b/c/common/test/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.ql new file mode 100644 index 000000000..3d5b98d28 --- /dev/null +++ b/c/common/test/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.ql @@ -0,0 +1,4 @@ +// GENERATED FILE - DO NOT MODIFY +import codingstandards.cpp.rules.objectassignedtoanoverlappingobject.ObjectAssignedToAnOverlappingObject + +class TestFileQuery extends ObjectAssignedToAnOverlappingObjectSharedQuery, TestQuery { } diff --git a/c/common/test/rules/objectassignedtoanoverlappingobject/test.c b/c/common/test/rules/objectassignedtoanoverlappingobject/test.c new file mode 100644 index 000000000..e69de29bb diff --git a/c/common/test/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.expected b/c/common/test/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.expected new file mode 100644 index 000000000..2ec1a0ac6 --- /dev/null +++ b/c/common/test/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.expected @@ -0,0 +1 @@ +No expected results have yet been specified \ No newline at end of file diff --git a/c/common/test/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.ql b/c/common/test/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.ql new file mode 100644 index 000000000..b05ae1c6e --- /dev/null +++ b/c/common/test/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.ql @@ -0,0 +1,4 @@ +// GENERATED FILE - DO NOT MODIFY +import codingstandards.cpp.rules.objectcopiedtoanoverlappingobject.ObjectCopiedToAnOverlappingObject + +class TestFileQuery extends ObjectCopiedToAnOverlappingObjectSharedQuery, TestQuery { } diff --git a/c/common/test/rules/objectcopiedtoanoverlappingobject/test.c b/c/common/test/rules/objectcopiedtoanoverlappingobject/test.c new file mode 100644 index 000000000..e69de29bb diff --git a/c/misra/src/rules/RULE-19-1/ObjectAssignedToAnOverlappingObject.ql b/c/misra/src/rules/RULE-19-1/ObjectAssignedToAnOverlappingObject.ql deleted file mode 100644 index 31c24dcdd..000000000 --- a/c/misra/src/rules/RULE-19-1/ObjectAssignedToAnOverlappingObject.ql +++ /dev/null @@ -1,55 +0,0 @@ -/** - * @id c/misra/object-assigned-to-an-overlapping-object - * @name RULE-19-1: An object shall not be assigned to an overlapping object - * @description An object shall not be copied or assigned to an overlapping object. - * @kind problem - * @precision high - * @problem.severity error - * @tags external/misra/id/rule-19-1 - * correctness - * external/misra/c/2012/third-edition-first-revision - * external/misra/obligation/mandatory - */ - -import cpp -import codingstandards.c.misra -import semmle.code.cpp.valuenumbering.GlobalValueNumbering - -VariableAccess getAQualifier(VariableAccess va) { result = va.getQualifier+() } - -int getAccessByteOffset(FieldAccess fa) { - not fa.getQualifier() instanceof FieldAccess and result = fa.getTarget().getByteOffset() - or - result = fa.getTarget().getByteOffset() + getAccessByteOffset(fa.getQualifier()) -} - -predicate overlaps(FieldAccess fa1, FieldAccess fa2) { - exists(int startfa1, int endfa1, int startfa2, int endfa2 | - startfa1 = getAccessByteOffset(fa1) and - endfa1 = startfa1 + fa1.getTarget().getType().getSize() - 1 and - startfa2 = getAccessByteOffset(fa2) and - endfa2 = startfa2 + fa2.getTarget().getType().getSize() - 1 - | - startfa1 = startfa2 and endfa1 = endfa2 - or - startfa1 > startfa2 and endfa1 < endfa2 - or - startfa1 < startfa2 and endfa1 < endfa2 and endfa1 > startfa2 - or - startfa1 > startfa2 and endfa1 > endfa2 and startfa1 < endfa2 - ) -} - -from AssignExpr assignExpr, Expr lhs, Expr rhs, ValueFieldAccess valuelhs, ValueFieldAccess valuerhs -where - not isExcluded(assignExpr, Contracts7Package::objectAssignedToAnOverlappingObjectQuery()) and - lhs.getType() instanceof Union and - rhs.getType() instanceof Union and - lhs = getAQualifier(assignExpr.getLValue()) and - rhs = getAQualifier(assignExpr.getRValue()) and - globalValueNumber(lhs) = globalValueNumber(rhs) and - valuerhs = assignExpr.getRValue() and - valuelhs = assignExpr.getLValue() and // a.b.c == ((a.b).c) - overlaps(valuelhs, valuerhs) -select assignExpr, "An object $@ assigned to overlapping object $@.", valuelhs, - valuelhs.getTarget().getName(), valuerhs, valuerhs.getTarget().getName() diff --git a/c/misra/src/rules/RULE-19-1/ObjectAssignedToAnOverlappingObjectMisraC.ql b/c/misra/src/rules/RULE-19-1/ObjectAssignedToAnOverlappingObjectMisraC.ql new file mode 100644 index 000000000..92796bdf7 --- /dev/null +++ b/c/misra/src/rules/RULE-19-1/ObjectAssignedToAnOverlappingObjectMisraC.ql @@ -0,0 +1,22 @@ +/** + * @id c/misra/object-assigned-to-an-overlapping-object-misra-c + * @name RULE-19-1: An object shall not be assigned to an overlapping object + * @description An object shall not be copied or assigned to an overlapping object. + * @kind problem + * @precision high + * @problem.severity error + * @tags external/misra/id/rule-19-1 + * correctness + * external/misra/c/2012/third-edition-first-revision + * external/misra/obligation/mandatory + */ + +import cpp +import codingstandards.c.misra +import codingstandards.cpp.rules.objectassignedtoanoverlappingobject.ObjectAssignedToAnOverlappingObject + +class ObjectAssignedToAnOverlappingObjectMisraCQuery extends ObjectAssignedToAnOverlappingObjectSharedQuery { + ObjectAssignedToAnOverlappingObjectMisraCQuery() { + this = Contracts7Package::objectAssignedToAnOverlappingObjectMisraCQuery() + } +} diff --git a/c/misra/src/rules/RULE-19-1/ObjectCopiedToAnOverlappingObjectMisraC.ql b/c/misra/src/rules/RULE-19-1/ObjectCopiedToAnOverlappingObjectMisraC.ql new file mode 100644 index 000000000..db3759ccd --- /dev/null +++ b/c/misra/src/rules/RULE-19-1/ObjectCopiedToAnOverlappingObjectMisraC.ql @@ -0,0 +1,22 @@ +/** + * @id c/misra/object-copied-to-an-overlapping-object-misra-c + * @name RULE-19-1: An object shall not be copied to an overlapping object + * @description An object shall not be copied to an overlapping object. + * @kind problem + * @precision high + * @problem.severity error + * @tags external/misra/id/rule-19-1 + * correctness + * external/misra/c/2012/third-edition-first-revision + * external/misra/obligation/mandatory + */ + +import cpp +import codingstandards.c.misra +import codingstandards.cpp.rules.objectcopiedtoanoverlappingobject.ObjectCopiedToAnOverlappingObject + +class ObjectCopiedToAnOverlappingObjectMisraCQuery extends ObjectCopiedToAnOverlappingObjectSharedQuery { + ObjectCopiedToAnOverlappingObjectMisraCQuery() { + this = Contracts7Package::objectCopiedToAnOverlappingObjectMisraCQuery() + } +} diff --git a/c/misra/test/rules/RULE-19-1/ObjectAssignedToAnOverlappingObjectMisraC.testref b/c/misra/test/rules/RULE-19-1/ObjectAssignedToAnOverlappingObjectMisraC.testref new file mode 100644 index 000000000..72c714a7a --- /dev/null +++ b/c/misra/test/rules/RULE-19-1/ObjectAssignedToAnOverlappingObjectMisraC.testref @@ -0,0 +1 @@ +c/common/test/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.ql \ No newline at end of file diff --git a/c/misra/test/rules/RULE-19-1/ObjectCopiedToAnOverlappingObjectMisraC.testref b/c/misra/test/rules/RULE-19-1/ObjectCopiedToAnOverlappingObjectMisraC.testref new file mode 100644 index 000000000..6f0410785 --- /dev/null +++ b/c/misra/test/rules/RULE-19-1/ObjectCopiedToAnOverlappingObjectMisraC.testref @@ -0,0 +1 @@ +c/common/test/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.ql \ No newline at end of file diff --git a/cpp/autosar/src/rules/M0-2-1/ObjectAssignedToAnOverlappingObject.ql b/cpp/autosar/src/rules/M0-2-1/ObjectAssignedToAnOverlappingObject.ql deleted file mode 100644 index 17119af07..000000000 --- a/cpp/autosar/src/rules/M0-2-1/ObjectAssignedToAnOverlappingObject.ql +++ /dev/null @@ -1,57 +0,0 @@ -/** - * @id cpp/autosar/object-assigned-to-an-overlapping-object - * @name M0-2-1: An object shall not be assigned to an overlapping object - * @description An object shall not be assigned to an overlapping object. - * @kind problem - * @precision high - * @problem.severity error - * @tags external/autosar/id/m0-2-1 - * correctness - * external/autosar/allocated-target/implementation - * external/autosar/enforcement/automated - * external/autosar/obligation/required - */ - -//Assignment between different active members of same union instance -import cpp -import codingstandards.cpp.autosar -import semmle.code.cpp.valuenumbering.GlobalValueNumbering - -VariableAccess getAQualifier(VariableAccess va) { result = va.getQualifier+() } - -int getAccessByteOffset(FieldAccess fa) { - not fa.getQualifier() instanceof FieldAccess and result = fa.getTarget().getByteOffset() - or - result = fa.getTarget().getByteOffset() + getAccessByteOffset(fa.getQualifier()) -} - -predicate overlaps(FieldAccess fa1, FieldAccess fa2) { - exists(int startfa1, int endfa1, int startfa2, int endfa2 | - startfa1 = getAccessByteOffset(fa1) and - endfa1 = startfa1 + fa1.getTarget().getType().getSize() - 1 and - startfa2 = getAccessByteOffset(fa2) and - endfa2 = startfa2 + fa2.getTarget().getType().getSize() - 1 - | - startfa1 = startfa2 and endfa1 = endfa2 - or - startfa1 > startfa2 and endfa1 < endfa2 - or - startfa1 < startfa2 and endfa1 < endfa2 and endfa1 > startfa2 - or - startfa1 > startfa2 and endfa1 > endfa2 and startfa1 < endfa2 - ) -} - -from AssignExpr assignExpr, Expr lhs, Expr rhs, ValueFieldAccess valuelhs, ValueFieldAccess valuerhs -where - not isExcluded(assignExpr, RepresentationPackage::objectAssignedToAnOverlappingObjectQuery()) and - lhs.getType() instanceof Union and - rhs.getType() instanceof Union and - lhs = getAQualifier(assignExpr.getLValue()) and - rhs = getAQualifier(assignExpr.getRValue()) and - globalValueNumber(lhs) = globalValueNumber(rhs) and - valuerhs = assignExpr.getRValue() and - valuelhs = assignExpr.getLValue() and // a.b.c == ((a.b).c) - overlaps(valuelhs, valuerhs) -select assignExpr, "An object $@ assigned to overlapping object $@.", valuelhs, - valuelhs.getTarget().getName(), valuerhs, valuerhs.getTarget().getName() diff --git a/cpp/autosar/src/rules/M0-2-1/ObjectAssignedToAnOverlappingObjectAutosarCpp.ql b/cpp/autosar/src/rules/M0-2-1/ObjectAssignedToAnOverlappingObjectAutosarCpp.ql new file mode 100644 index 000000000..4c3179006 --- /dev/null +++ b/cpp/autosar/src/rules/M0-2-1/ObjectAssignedToAnOverlappingObjectAutosarCpp.ql @@ -0,0 +1,23 @@ +/** + * @id cpp/autosar/object-assigned-to-an-overlapping-object-autosar-cpp + * @name M0-2-1: An object shall not be assigned to an overlapping object + * @description An object shall not be assigned to an overlapping object. + * @kind problem + * @precision high + * @problem.severity error + * @tags external/autosar/id/m0-2-1 + * correctness + * external/autosar/allocated-target/implementation + * external/autosar/enforcement/automated + * external/autosar/obligation/required + */ + +import cpp +import codingstandards.cpp.autosar +import codingstandards.cpp.rules.objectassignedtoanoverlappingobject.ObjectAssignedToAnOverlappingObject + +class ObjectAssignedToAnOverlappingObjectAutosarCppQuery extends ObjectAssignedToAnOverlappingObjectSharedQuery { + ObjectAssignedToAnOverlappingObjectAutosarCppQuery() { + this = RepresentationPackage::objectAssignedToAnOverlappingObjectAutosarCppQuery() + } +} diff --git a/cpp/autosar/test/rules/M0-2-1/ObjectAssignedToAnOverlappingObjectAutosarCpp.testref b/cpp/autosar/test/rules/M0-2-1/ObjectAssignedToAnOverlappingObjectAutosarCpp.testref new file mode 100644 index 000000000..815531d7a --- /dev/null +++ b/cpp/autosar/test/rules/M0-2-1/ObjectAssignedToAnOverlappingObjectAutosarCpp.testref @@ -0,0 +1 @@ +cpp/common/test/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.ql \ No newline at end of file diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Contracts7.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Contracts7.qll index f6838fe79..867219615 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Contracts7.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Contracts7.qll @@ -7,8 +7,8 @@ newtype Contracts7Query = TDoNotPassInvalidDataToTheAsctimeFunctionQuery() or TDoNotCallVaArgOnAVaListThatHasAnIndeterminateValueQuery() or TRightHandOperandOfAShiftRangeQuery() or - TObjectAssignedToAnOverlappingObjectQuery() or - TObjectCopiedToAnOverlappingObjectQuery() + TObjectAssignedToAnOverlappingObjectMisraCQuery() or + TObjectCopiedToAnOverlappingObjectMisraCQuery() predicate isContracts7QueryMetadata(Query query, string queryId, string ruleId, string category) { query = @@ -39,20 +39,20 @@ predicate isContracts7QueryMetadata(Query query, string queryId, string ruleId, category = "required" or query = - // `Query` instance for the `objectAssignedToAnOverlappingObject` query - Contracts7Package::objectAssignedToAnOverlappingObjectQuery() and + // `Query` instance for the `objectAssignedToAnOverlappingObjectMisraC` query + Contracts7Package::objectAssignedToAnOverlappingObjectMisraCQuery() and queryId = - // `@id` for the `objectAssignedToAnOverlappingObject` query - "c/misra/object-assigned-to-an-overlapping-object" and + // `@id` for the `objectAssignedToAnOverlappingObjectMisraC` query + "c/misra/object-assigned-to-an-overlapping-object-misra-c" and ruleId = "RULE-19-1" and category = "mandatory" or query = - // `Query` instance for the `objectCopiedToAnOverlappingObject` query - Contracts7Package::objectCopiedToAnOverlappingObjectQuery() and + // `Query` instance for the `objectCopiedToAnOverlappingObjectMisraC` query + Contracts7Package::objectCopiedToAnOverlappingObjectMisraCQuery() and queryId = - // `@id` for the `objectCopiedToAnOverlappingObject` query - "c/misra/object-copied-to-an-overlapping-object" and + // `@id` for the `objectCopiedToAnOverlappingObjectMisraC` query + "c/misra/object-copied-to-an-overlapping-object-misra-c" and ruleId = "RULE-19-1" and category = "mandatory" } @@ -79,17 +79,17 @@ module Contracts7Package { TQueryC(TContracts7PackageQuery(TRightHandOperandOfAShiftRangeQuery())) } - Query objectAssignedToAnOverlappingObjectQuery() { + Query objectAssignedToAnOverlappingObjectMisraCQuery() { //autogenerate `Query` type result = - // `Query` type for `objectAssignedToAnOverlappingObject` query - TQueryC(TContracts7PackageQuery(TObjectAssignedToAnOverlappingObjectQuery())) + // `Query` type for `objectAssignedToAnOverlappingObjectMisraC` query + TQueryC(TContracts7PackageQuery(TObjectAssignedToAnOverlappingObjectMisraCQuery())) } - Query objectCopiedToAnOverlappingObjectQuery() { + Query objectCopiedToAnOverlappingObjectMisraCQuery() { //autogenerate `Query` type result = - // `Query` type for `objectCopiedToAnOverlappingObject` query - TQueryC(TContracts7PackageQuery(TObjectCopiedToAnOverlappingObjectQuery())) + // `Query` type for `objectCopiedToAnOverlappingObjectMisraC` query + TQueryC(TContracts7PackageQuery(TObjectCopiedToAnOverlappingObjectMisraCQuery())) } } diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Memory4.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Memory4.qll new file mode 100644 index 000000000..fd22bb347 --- /dev/null +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Memory4.qll @@ -0,0 +1,44 @@ +//** THIS FILE IS AUTOGENERATED, DO NOT MODIFY DIRECTLY. **/ +import cpp +import RuleMetadata +import codingstandards.cpp.exclusions.RuleMetadata + +newtype Memory4Query = + TObjectAssignedToAnOverlappingObjectMisraCppQuery() or + TObjectCopiedToAnOverlappingObjectMisraCppQuery() + +predicate isMemory4QueryMetadata(Query query, string queryId, string ruleId, string category) { + query = + // `Query` instance for the `objectAssignedToAnOverlappingObjectMisraCpp` query + Memory4Package::objectAssignedToAnOverlappingObjectMisraCppQuery() and + queryId = + // `@id` for the `objectAssignedToAnOverlappingObjectMisraCpp` query + "cpp/misra/object-assigned-to-an-overlapping-object-misra-cpp" and + ruleId = "RULE-8-18-1" and + category = "mandatory" + or + query = + // `Query` instance for the `objectCopiedToAnOverlappingObjectMisraCpp` query + Memory4Package::objectCopiedToAnOverlappingObjectMisraCppQuery() and + queryId = + // `@id` for the `objectCopiedToAnOverlappingObjectMisraCpp` query + "cpp/misra/object-copied-to-an-overlapping-object-misra-cpp" and + ruleId = "RULE-8-18-1" and + category = "mandatory" +} + +module Memory4Package { + Query objectAssignedToAnOverlappingObjectMisraCppQuery() { + //autogenerate `Query` type + result = + // `Query` type for `objectAssignedToAnOverlappingObjectMisraCpp` query + TQueryCPP(TMemory4PackageQuery(TObjectAssignedToAnOverlappingObjectMisraCppQuery())) + } + + Query objectCopiedToAnOverlappingObjectMisraCppQuery() { + //autogenerate `Query` type + result = + // `Query` type for `objectCopiedToAnOverlappingObjectMisraCpp` query + TQueryCPP(TMemory4PackageQuery(TObjectCopiedToAnOverlappingObjectMisraCppQuery())) + } +} diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Representation.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Representation.qll index 2f92ea89e..fd07ef14e 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Representation.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Representation.qll @@ -6,7 +6,7 @@ import codingstandards.cpp.exclusions.RuleMetadata newtype RepresentationQuery = TBitFieldsShallBeUsedOnlyWhenInterfacingToHardwareOrConformingToCommunicationProtocolsQuery() or TAuditPossibleHardwareInterfaceDueToBitFieldUsageInDataTypeDefinitionQuery() or - TObjectAssignedToAnOverlappingObjectQuery() or + TObjectAssignedToAnOverlappingObjectAutosarCppQuery() or TDoNotPassAliasedPointerToParamQuery() or TUnderlyingBitRepresentationsOfFloatingPointValuesUsedQuery() or TNamedBitFieldsWithSignedIntegerTypeShallHaveALengthOfMoreThanOneBitQuery() or @@ -34,11 +34,11 @@ predicate isRepresentationQueryMetadata(Query query, string queryId, string rule category = "required" or query = - // `Query` instance for the `objectAssignedToAnOverlappingObject` query - RepresentationPackage::objectAssignedToAnOverlappingObjectQuery() and + // `Query` instance for the `objectAssignedToAnOverlappingObjectAutosarCpp` query + RepresentationPackage::objectAssignedToAnOverlappingObjectAutosarCppQuery() and queryId = - // `@id` for the `objectAssignedToAnOverlappingObject` query - "cpp/autosar/object-assigned-to-an-overlapping-object" and + // `@id` for the `objectAssignedToAnOverlappingObjectAutosarCpp` query + "cpp/autosar/object-assigned-to-an-overlapping-object-autosar-cpp" and ruleId = "M0-2-1" and category = "required" or @@ -112,11 +112,11 @@ module RepresentationPackage { TQueryCPP(TRepresentationPackageQuery(TAuditPossibleHardwareInterfaceDueToBitFieldUsageInDataTypeDefinitionQuery())) } - Query objectAssignedToAnOverlappingObjectQuery() { + Query objectAssignedToAnOverlappingObjectAutosarCppQuery() { //autogenerate `Query` type result = - // `Query` type for `objectAssignedToAnOverlappingObject` query - TQueryCPP(TRepresentationPackageQuery(TObjectAssignedToAnOverlappingObjectQuery())) + // `Query` type for `objectAssignedToAnOverlappingObjectAutosarCpp` query + TQueryCPP(TRepresentationPackageQuery(TObjectAssignedToAnOverlappingObjectAutosarCppQuery())) } Query doNotPassAliasedPointerToParamQuery() { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/RuleMetadata.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/RuleMetadata.qll index 3ba0d5f24..37805cfe8 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/RuleMetadata.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/RuleMetadata.qll @@ -42,6 +42,7 @@ import Loops import Macros import Memory2 import Memory3 +import Memory4 import MoveForward import Naming import Null @@ -110,6 +111,7 @@ newtype TCPPQuery = TMacrosPackageQuery(MacrosQuery q) or TMemory2PackageQuery(Memory2Query q) or TMemory3PackageQuery(Memory3Query q) or + TMemory4PackageQuery(Memory4Query q) or TMoveForwardPackageQuery(MoveForwardQuery q) or TNamingPackageQuery(NamingQuery q) or TNullPackageQuery(NullQuery q) or @@ -178,6 +180,7 @@ predicate isQueryMetadata(Query query, string queryId, string ruleId, string cat isMacrosQueryMetadata(query, queryId, ruleId, category) or isMemory2QueryMetadata(query, queryId, ruleId, category) or isMemory3QueryMetadata(query, queryId, ruleId, category) or + isMemory4QueryMetadata(query, queryId, ruleId, category) or isMoveForwardQueryMetadata(query, queryId, ruleId, category) or isNamingQueryMetadata(query, queryId, ruleId, category) or isNullQueryMetadata(query, queryId, ruleId, category) or diff --git a/cpp/common/src/codingstandards/cpp/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.qll b/cpp/common/src/codingstandards/cpp/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.qll new file mode 100644 index 000000000..ec3505f41 --- /dev/null +++ b/cpp/common/src/codingstandards/cpp/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.qll @@ -0,0 +1,74 @@ +/** + * Provides a library with a `problems` predicate for the following issue: + * An object shall not be copied or assigned to an overlapping object. + */ + +import cpp +import codingstandards.cpp.Customizations +import codingstandards.cpp.Exclusions +import codingstandards.c.misra +import semmle.code.cpp.valuenumbering.GlobalValueNumbering + +abstract class ObjectAssignedToAnOverlappingObjectSharedQuery extends Query { } + +Query getQuery() { result instanceof ObjectAssignedToAnOverlappingObjectSharedQuery } + +VariableAccess getAQualifier(VariableAccess va) { result = va.getQualifier+() } + +int getAccessByteOffset(FieldAccess fa) { + not fa.getQualifier() instanceof FieldAccess and result = fa.getTarget().getByteOffset() + or + result = fa.getTarget().getByteOffset() + getAccessByteOffset(fa.getQualifier()) +} + +predicate overlaps(FieldAccess fa1, FieldAccess fa2) { + exists(int startfa1, int endfa1, int startfa2, int endfa2 | + startfa1 = getAccessByteOffset(fa1) and + endfa1 = startfa1 + fa1.getTarget().getType().getSize() - 1 and + startfa2 = getAccessByteOffset(fa2) and + endfa2 = startfa2 + fa2.getTarget().getType().getSize() - 1 + | + startfa1 = startfa2 and endfa1 = endfa2 + or + startfa1 > startfa2 and endfa1 < endfa2 + or + startfa1 < startfa2 and endfa1 < endfa2 and endfa1 > startfa2 + or + startfa1 > startfa2 and endfa1 > endfa2 and startfa1 < endfa2 + ) +} + +query predicate problems( + AssignExpr assignExpr, string message, ValueFieldAccess valuelhs, string valuelhsTargetName, + ValueFieldAccess valuerhs, string valuerhsTargetName +) { + /* + * from AssignExpr assignExpr, Expr lhs, Expr rhs, ValueFieldAccess valuelhs, ValueFieldAccess valuerhs + * where + * not isExcluded(assignExpr, Contracts7Package::objectAssignedToAnOverlappingObjectQuery()) and + * lhs.getType() instanceof Union and + * rhs.getType() instanceof Union and + * lhs = getAQualifier(assignExpr.getLValue()) and + * rhs = getAQualifier(assignExpr.getRValue()) and + * globalValueNumber(lhs) = globalValueNumber(rhs) and + * valuerhs = assignExpr.getRValue() and + * valuelhs = assignExpr.getLValue() and // a.b.c == ((a.b).c) + * overlaps(valuelhs, valuerhs) + * select assignExpr, "An object $@ assigned to overlapping object $@.", valuelhs, + * valuelhs.getTarget().getName(), valuerhs, valuerhs.getTarget().getName() + */ + + exists(Expr lhs, Expr rhs | + lhs.getType() instanceof Union and + rhs.getType() instanceof Union and + lhs = getAQualifier(assignExpr.getLValue()) and + rhs = getAQualifier(assignExpr.getRValue()) and + globalValueNumber(lhs) = globalValueNumber(rhs) and + valuerhs = assignExpr.getRValue() and + valuelhs = assignExpr.getLValue() and // a.b.c == ((a.b).c) + overlaps(valuelhs, valuerhs) and + message = "An object $@ assigned to overlapping object $@." and + valuelhsTargetName = valuelhs.getTarget().getName() and + valuerhsTargetName = valuerhs.getTarget().getName() + ) +} diff --git a/c/misra/src/rules/RULE-19-1/ObjectCopiedToAnOverlappingObject.ql b/cpp/common/src/codingstandards/cpp/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.qll similarity index 69% rename from c/misra/src/rules/RULE-19-1/ObjectCopiedToAnOverlappingObject.ql rename to cpp/common/src/codingstandards/cpp/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.qll index 33de4f84b..d9ef3dfa2 100644 --- a/c/misra/src/rules/RULE-19-1/ObjectCopiedToAnOverlappingObject.ql +++ b/cpp/common/src/codingstandards/cpp/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.qll @@ -1,20 +1,18 @@ /** - * @id c/misra/object-copied-to-an-overlapping-object - * @name RULE-19-1: An object shall not be copied to an overlapping object - * @description An object shall not be copied to an overlapping object. - * @kind problem - * @precision high - * @problem.severity error - * @tags external/misra/id/rule-19-1 - * correctness - * external/misra/c/2012/third-edition-first-revision - * external/misra/obligation/mandatory + * Provides a library with a `problems` predicate for the following issue: + * An object shall not be copied to an overlapping object. */ import cpp +import codingstandards.cpp.Customizations +import codingstandards.cpp.Exclusions import codingstandards.c.misra import semmle.code.cpp.valuenumbering.GlobalValueNumbering +abstract class ObjectCopiedToAnOverlappingObjectSharedQuery extends Query { } + +Query getQuery() { result instanceof ObjectCopiedToAnOverlappingObjectSharedQuery } + /** * Offset in bytes of a field access */ @@ -92,9 +90,24 @@ class OverlappingCopy extends Locatable { } } -from OverlappingCopy copy -where - not isExcluded(copy, Contracts7Package::objectCopiedToAnOverlappingObjectQuery()) and - copy.overlaps() -select copy, "The object to copy $@ overlaps the object to copy $@.", copy.getSrc(), "from", - copy.getDst(), "to" +query predicate problems( + OverlappingCopy copy, string message, Expr copySrc, string fromLiteral, Expr copyDst, + string toLiteral +) { + /* + * from OverlappingCopy copy + * where + * not isExcluded(copy, Contracts7Package::objectCopiedToAnOverlappingObjectQuery()) and + * copy.overlaps() + * select copy, "The object to copy $@ overlaps the object to copy $@.", copy.getSrc(), "from", + * copy.getDst(), "to" + */ + + not isExcluded(copy, getQuery()) and + copy.overlaps() and + message = "The object to copy $@ overlaps the object to copy $@." and + copySrc = copy.getSrc() and + fromLiteral = "from" and + copyDst = copy.getDst() and + toLiteral = "to" +} diff --git a/cpp/common/test/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.expected b/cpp/common/test/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.expected new file mode 100644 index 000000000..2ec1a0ac6 --- /dev/null +++ b/cpp/common/test/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.expected @@ -0,0 +1 @@ +No expected results have yet been specified \ No newline at end of file diff --git a/cpp/common/test/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.ql b/cpp/common/test/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.ql new file mode 100644 index 000000000..3d5b98d28 --- /dev/null +++ b/cpp/common/test/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.ql @@ -0,0 +1,4 @@ +// GENERATED FILE - DO NOT MODIFY +import codingstandards.cpp.rules.objectassignedtoanoverlappingobject.ObjectAssignedToAnOverlappingObject + +class TestFileQuery extends ObjectAssignedToAnOverlappingObjectSharedQuery, TestQuery { } diff --git a/cpp/common/test/rules/objectassignedtoanoverlappingobject/test.cpp b/cpp/common/test/rules/objectassignedtoanoverlappingobject/test.cpp new file mode 100644 index 000000000..e69de29bb diff --git a/cpp/common/test/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.expected b/cpp/common/test/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.expected new file mode 100644 index 000000000..2ec1a0ac6 --- /dev/null +++ b/cpp/common/test/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.expected @@ -0,0 +1 @@ +No expected results have yet been specified \ No newline at end of file diff --git a/cpp/common/test/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.ql b/cpp/common/test/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.ql new file mode 100644 index 000000000..b05ae1c6e --- /dev/null +++ b/cpp/common/test/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.ql @@ -0,0 +1,4 @@ +// GENERATED FILE - DO NOT MODIFY +import codingstandards.cpp.rules.objectcopiedtoanoverlappingobject.ObjectCopiedToAnOverlappingObject + +class TestFileQuery extends ObjectCopiedToAnOverlappingObjectSharedQuery, TestQuery { } diff --git a/cpp/common/test/rules/objectcopiedtoanoverlappingobject/test.cpp b/cpp/common/test/rules/objectcopiedtoanoverlappingobject/test.cpp new file mode 100644 index 000000000..e69de29bb diff --git a/cpp/misra/src/rules/RULE-8-18-1/ObjectAssignedToAnOverlappingObjectMisraCpp.ql b/cpp/misra/src/rules/RULE-8-18-1/ObjectAssignedToAnOverlappingObjectMisraCpp.ql new file mode 100644 index 000000000..eb025bfa1 --- /dev/null +++ b/cpp/misra/src/rules/RULE-8-18-1/ObjectAssignedToAnOverlappingObjectMisraCpp.ql @@ -0,0 +1,23 @@ +/** + * @id cpp/misra/object-assigned-to-an-overlapping-object-misra-cpp + * @name RULE-8-18-1: A member of a union must not be copied to its another member + * @description Copying a member of a union to another causes undefined behavior. + * @kind problem + * @precision high + * @problem.severity error + * @tags external/misra/id/rule-8-18-1 + * scope/system + * correctness + * external/misra/enforcement/undecidable + * external/misra/obligation/mandatory + */ + +import cpp +import codingstandards.cpp.misra +import codingstandards.cpp.rules.objectassignedtoanoverlappingobject.ObjectAssignedToAnOverlappingObject + +class ObjectAssignedToAnOverlappingObjectMisraCppQuery extends ObjectAssignedToAnOverlappingObjectSharedQuery { + ObjectAssignedToAnOverlappingObjectMisraCppQuery() { + this = Memory4Package::objectAssignedToAnOverlappingObjectMisraCppQuery() + } +} diff --git a/cpp/misra/src/rules/RULE-8-18-1/ObjectCopiedToAnOverlappingObjectMisraCpp.ql b/cpp/misra/src/rules/RULE-8-18-1/ObjectCopiedToAnOverlappingObjectMisraCpp.ql new file mode 100644 index 000000000..6ba54e82c --- /dev/null +++ b/cpp/misra/src/rules/RULE-8-18-1/ObjectCopiedToAnOverlappingObjectMisraCpp.ql @@ -0,0 +1,24 @@ +/** + * @id cpp/misra/object-copied-to-an-overlapping-object-misra-cpp + * @name RULE-8-18-1: An slice of an array must not be copied to an overlapping region of itself + * @description Copying a slice of an array to an overlapping region of the same array causes + * undefined behavior. + * @kind problem + * @precision high + * @problem.severity error + * @tags external/misra/id/rule-8-18-1 + * scope/system + * correctness + * external/misra/enforcement/undecidable + * external/misra/obligation/mandatory + */ + +import cpp +import codingstandards.cpp.misra +import codingstandards.cpp.rules.objectcopiedtoanoverlappingobject.ObjectCopiedToAnOverlappingObject + +class ObjectCopiedToAnOverlappingObjectMisraCppQuery extends ObjectCopiedToAnOverlappingObjectSharedQuery { + ObjectCopiedToAnOverlappingObjectMisraCppQuery() { + this = Memory4Package::objectCopiedToAnOverlappingObjectMisraCppQuery() + } +} diff --git a/cpp/misra/test/rules/RULE-8-18-1/ObjectAssignedToAnOverlappingObjectMisraCpp.testref b/cpp/misra/test/rules/RULE-8-18-1/ObjectAssignedToAnOverlappingObjectMisraCpp.testref new file mode 100644 index 000000000..815531d7a --- /dev/null +++ b/cpp/misra/test/rules/RULE-8-18-1/ObjectAssignedToAnOverlappingObjectMisraCpp.testref @@ -0,0 +1 @@ +cpp/common/test/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.ql \ No newline at end of file diff --git a/cpp/misra/test/rules/RULE-8-18-1/ObjectCopiedToAnOverlappingObjectMisraCpp.testref b/cpp/misra/test/rules/RULE-8-18-1/ObjectCopiedToAnOverlappingObjectMisraCpp.testref new file mode 100644 index 000000000..7b1cb6312 --- /dev/null +++ b/cpp/misra/test/rules/RULE-8-18-1/ObjectCopiedToAnOverlappingObjectMisraCpp.testref @@ -0,0 +1 @@ +cpp/common/test/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.ql \ No newline at end of file From 5b643600cf4f40ecc8de54cda932b7d3a2eb35cf Mon Sep 17 00:00:00 2001 From: Jeongsoo Lee Date: Thu, 5 Feb 2026 19:00:56 -0500 Subject: [PATCH 04/13] Factor out test codes --- ...jectAssignedToAnOverlappingObject.expected | 1 - .../ObjectAssignedToAnOverlappingObject.qlref | 1 - ...ObjectCopiedToAnOverlappingObject.expected | 5 -- .../ObjectCopiedToAnOverlappingObject.qlref | 1 - c/misra/test/rules/RULE-19-1/test.c | 59 ------------------- ...jectAssignedToAnOverlappingObject.expected | 1 - .../ObjectAssignedToAnOverlappingObject.qlref | 1 - cpp/autosar/test/rules/M0-2-1/test.cpp | 54 ----------------- .../test.cpp | 53 +++++++++++++++++ .../test.cpp | 59 +++++++++++++++++++ 10 files changed, 112 insertions(+), 123 deletions(-) delete mode 100644 c/misra/test/rules/RULE-19-1/ObjectAssignedToAnOverlappingObject.expected delete mode 100644 c/misra/test/rules/RULE-19-1/ObjectAssignedToAnOverlappingObject.qlref delete mode 100644 c/misra/test/rules/RULE-19-1/ObjectCopiedToAnOverlappingObject.expected delete mode 100644 c/misra/test/rules/RULE-19-1/ObjectCopiedToAnOverlappingObject.qlref delete mode 100644 c/misra/test/rules/RULE-19-1/test.c delete mode 100644 cpp/autosar/test/rules/M0-2-1/ObjectAssignedToAnOverlappingObject.expected delete mode 100644 cpp/autosar/test/rules/M0-2-1/ObjectAssignedToAnOverlappingObject.qlref delete mode 100644 cpp/autosar/test/rules/M0-2-1/test.cpp diff --git a/c/misra/test/rules/RULE-19-1/ObjectAssignedToAnOverlappingObject.expected b/c/misra/test/rules/RULE-19-1/ObjectAssignedToAnOverlappingObject.expected deleted file mode 100644 index bc8f4461e..000000000 --- a/c/misra/test/rules/RULE-19-1/ObjectAssignedToAnOverlappingObject.expected +++ /dev/null @@ -1 +0,0 @@ -| test.c:55:3:55:18 | ... = ... | An object $@ assigned to overlapping object $@. | test.c:55:9:55:10 | m2 | m2 | test.c:55:17:55:18 | m1 | m1 | diff --git a/c/misra/test/rules/RULE-19-1/ObjectAssignedToAnOverlappingObject.qlref b/c/misra/test/rules/RULE-19-1/ObjectAssignedToAnOverlappingObject.qlref deleted file mode 100644 index 088eafa86..000000000 --- a/c/misra/test/rules/RULE-19-1/ObjectAssignedToAnOverlappingObject.qlref +++ /dev/null @@ -1 +0,0 @@ -rules/RULE-19-1/ObjectAssignedToAnOverlappingObject.ql \ No newline at end of file diff --git a/c/misra/test/rules/RULE-19-1/ObjectCopiedToAnOverlappingObject.expected b/c/misra/test/rules/RULE-19-1/ObjectCopiedToAnOverlappingObject.expected deleted file mode 100644 index fe2db5318..000000000 --- a/c/misra/test/rules/RULE-19-1/ObjectCopiedToAnOverlappingObject.expected +++ /dev/null @@ -1,5 +0,0 @@ -| test.c:8:3:8:8 | call to memcpy | The object to copy $@ overlaps the object to copy $@. | test.c:8:17:8:21 | & ... | from | test.c:8:10:8:14 | & ... | to | -| test.c:10:3:10:8 | call to memcpy | The object to copy $@ overlaps the object to copy $@. | test.c:10:17:10:21 | & ... | from | test.c:10:10:10:14 | & ... | to | -| test.c:11:3:11:8 | call to memcpy | The object to copy $@ overlaps the object to copy $@. | test.c:11:17:11:17 | o | from | test.c:11:10:11:14 | ... + ... | to | -| test.c:13:3:13:8 | call to memcpy | The object to copy $@ overlaps the object to copy $@. | test.c:13:17:13:21 | ... + ... | from | test.c:13:10:13:14 | ... + ... | to | -| test.c:57:3:57:8 | call to memcpy | The object to copy $@ overlaps the object to copy $@. | test.c:57:21:57:26 | & ... | from | test.c:57:10:57:18 | & ... | to | diff --git a/c/misra/test/rules/RULE-19-1/ObjectCopiedToAnOverlappingObject.qlref b/c/misra/test/rules/RULE-19-1/ObjectCopiedToAnOverlappingObject.qlref deleted file mode 100644 index c371b9bad..000000000 --- a/c/misra/test/rules/RULE-19-1/ObjectCopiedToAnOverlappingObject.qlref +++ /dev/null @@ -1 +0,0 @@ -rules/RULE-19-1/ObjectCopiedToAnOverlappingObject.ql \ No newline at end of file diff --git a/c/misra/test/rules/RULE-19-1/test.c b/c/misra/test/rules/RULE-19-1/test.c deleted file mode 100644 index 7f445993c..000000000 --- a/c/misra/test/rules/RULE-19-1/test.c +++ /dev/null @@ -1,59 +0,0 @@ -#include - -int o[10]; -void g(void) { - - o[2] = o[0]; // COMPLIANT - - memcpy(&o[1], &o[0], 2); // NON_COMPLIANT - memcpy(&o[2], &o[0], 2); // COMPLIANT - memcpy(&o[2], &o[1], 2); // NON_COMPLIANT - memcpy(o + 1, o, 2); // NON_COMPLIANT - memcpy(o + 2, o, 2); // COMPLIANT - memcpy(o + 2, o + 1, 2); // NON_COMPLIANT - - // Exception 1 - int *p = &o[0]; - int *q = &o[0]; - - *p = *q; // COMPLIANT - memcpy(&o[0], &o[0], 2); // COMPLIANT - memcpy(o, o, 2); // COMPLIANT - - // Exception 2 - memmove(&o[1], &o[0], 2u * sizeof(o[0])); // COMPLIANT -} - -struct s1 { - int m1[10]; -}; -struct s2 { - int m1; - struct s1 m2; -}; -union u { - struct s1 m1; - struct s2 m2; -} u1; - -typedef struct { - char buf[8]; -} Union_t; -union { - unsigned char uc[24]; - struct { - Union_t prefix; - Union_t suffix; - } fnv; - struct { - unsigned char padding[16]; - Union_t suffix; - } diff; -} u2; - -void test_unions() { - u1.m2.m2 = u1.m1; // NON_COMPLIANT - - memcpy(&u1.m2.m2, &u1.m1, sizeof(u1.m1)); // NON_COMPLIANT - memcpy(&u2.diff.suffix, &u2.fnv.suffix, sizeof(u2.fnv.suffix)); // COMPLIANT -} \ No newline at end of file diff --git a/cpp/autosar/test/rules/M0-2-1/ObjectAssignedToAnOverlappingObject.expected b/cpp/autosar/test/rules/M0-2-1/ObjectAssignedToAnOverlappingObject.expected deleted file mode 100644 index 13b670e4d..000000000 --- a/cpp/autosar/test/rules/M0-2-1/ObjectAssignedToAnOverlappingObject.expected +++ /dev/null @@ -1 +0,0 @@ -| test.cpp:37:3:37:18 | ... = ... | An object $@ assigned to overlapping object $@. | test.cpp:37:9:37:10 | m2 | m2 | test.cpp:37:17:37:18 | m1 | m1 | diff --git a/cpp/autosar/test/rules/M0-2-1/ObjectAssignedToAnOverlappingObject.qlref b/cpp/autosar/test/rules/M0-2-1/ObjectAssignedToAnOverlappingObject.qlref deleted file mode 100644 index 54e12483d..000000000 --- a/cpp/autosar/test/rules/M0-2-1/ObjectAssignedToAnOverlappingObject.qlref +++ /dev/null @@ -1 +0,0 @@ -rules/M0-2-1/ObjectAssignedToAnOverlappingObject.ql \ No newline at end of file diff --git a/cpp/autosar/test/rules/M0-2-1/test.cpp b/cpp/autosar/test/rules/M0-2-1/test.cpp deleted file mode 100644 index 3329f1282..000000000 --- a/cpp/autosar/test/rules/M0-2-1/test.cpp +++ /dev/null @@ -1,54 +0,0 @@ - -struct s1 { - int m1[10]; -}; -struct s2 { - int m1; - struct s1 m2; -}; - -union u { - struct s1 m1; - struct s2 m2; -}; - -typedef struct { - char buf[8]; -} Union_t; - -typedef union { - - unsigned char uc[24]; - - struct { - Union_t prefix; - Union_t suffix; - } fnv; - - struct { - unsigned char padding[16]; - Union_t suffix; - } diff; - -} UnionSecret_t; - -void overlapping_access() { - u u1; - u1.m2.m2 = u1.m1; // NON_COMPLIANT, different struct. u1.m2 and u1.m1 -} - -void cross_copy() { - UnionSecret_t hash1; - hash1.diff.suffix = - hash1.fnv.suffix; // COMPLIANT (copy across structs), but safe. -} - -void internal_shift() { - UnionSecret_t hash1; - hash1.fnv.prefix = hash1.fnv.suffix; // COMPLIANT, same struct. -} - -void separate_access() { - UnionSecret_t hash1, hash2; - hash2.diff.suffix = hash1.fnv.suffix; // COMPLIANT, different union. -} diff --git a/cpp/common/test/rules/objectassignedtoanoverlappingobject/test.cpp b/cpp/common/test/rules/objectassignedtoanoverlappingobject/test.cpp index e69de29bb..1fed9da0e 100644 --- a/cpp/common/test/rules/objectassignedtoanoverlappingobject/test.cpp +++ b/cpp/common/test/rules/objectassignedtoanoverlappingobject/test.cpp @@ -0,0 +1,53 @@ +struct s1 { + int m1[10]; +}; +struct s2 { + int m1; + struct s1 m2; +}; + +union u { + struct s1 m1; + struct s2 m2; +}; + +typedef struct { + char buf[8]; +} Union_t; + +typedef union { + + unsigned char uc[24]; + + struct { + Union_t prefix; + Union_t suffix; + } fnv; + + struct { + unsigned char padding[16]; + Union_t suffix; + } diff; + +} UnionSecret_t; + +void overlapping_access() { + u u1; + u1.m2.m2 = u1.m1; // NON_COMPLIANT, different struct. u1.m2 and u1.m1 +} + +void cross_copy() { + UnionSecret_t hash1; + hash1.diff.suffix = + hash1.fnv.suffix; // COMPLIANT (copy across structs), but safe. +} + +void internal_shift() { + UnionSecret_t hash1; + hash1.fnv.prefix = hash1.fnv.suffix; // COMPLIANT, same struct. +} + +void separate_access() { + UnionSecret_t hash1, hash2; + hash2.diff.suffix = hash1.fnv.suffix; // COMPLIANT, different union. +} diff --git a/cpp/common/test/rules/objectcopiedtoanoverlappingobject/test.cpp b/cpp/common/test/rules/objectcopiedtoanoverlappingobject/test.cpp index e69de29bb..47c245c0a 100644 --- a/cpp/common/test/rules/objectcopiedtoanoverlappingobject/test.cpp +++ b/cpp/common/test/rules/objectcopiedtoanoverlappingobject/test.cpp @@ -0,0 +1,59 @@ +#include + +int o[10]; +void g(void) { + + o[2] = o[0]; // COMPLIANT + + memcpy(&o[1], &o[0], 2); // NON_COMPLIANT + memcpy(&o[2], &o[0], 2); // COMPLIANT + memcpy(&o[2], &o[1], 2); // NON_COMPLIANT + memcpy(o + 1, o, 2); // NON_COMPLIANT + memcpy(o + 2, o, 2); // COMPLIANT + memcpy(o + 2, o + 1, 2); // NON_COMPLIANT + + // Exception 1 + int *p = &o[0]; + int *q = &o[0]; + + *p = *q; // COMPLIANT + memcpy(&o[0], &o[0], 2); // COMPLIANT + memcpy(o, o, 2); // COMPLIANT + + // Exception 2 + memmove(&o[1], &o[0], 2u * sizeof(o[0])); // COMPLIANT +} + +struct s1 { + int m1[10]; +}; +struct s2 { + int m1; + struct s1 m2; +}; +union u { + struct s1 m1; + struct s2 m2; +} u1; + +typedef struct { + char buf[8]; +} Union_t; +union { + unsigned char uc[24]; + struct { + Union_t prefix; + Union_t suffix; + } fnv; + struct { + unsigned char padding[16]; + Union_t suffix; + } diff; +} u2; + +void test_unions() { + u1.m2.m2 = u1.m1; // NON_COMPLIANT + + memcpy(&u1.m2.m2, &u1.m1, sizeof(u1.m1)); // NON_COMPLIANT + memcpy(&u2.diff.suffix, &u2.fnv.suffix, sizeof(u2.fnv.suffix)); // COMPLIANT +} From 0c62235b5d36fe6ffc396f46c21ab664e027fadb Mon Sep 17 00:00:00 2001 From: Jeongsoo Lee Date: Thu, 5 Feb 2026 19:10:06 -0500 Subject: [PATCH 05/13] Fix number from Memory5 to Memory4 --- rules.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules.csv b/rules.csv index 9fbb36208..50fd5e51f 100644 --- a/rules.csv +++ b/rules.csv @@ -899,7 +899,7 @@ cpp,MISRA-C++-2023,RULE-8-7-1,Yes,Required,Undecidable,System,Pointer arithmetic cpp,MISRA-C++-2023,RULE-8-7-2,Yes,Required,Undecidable,System,Subtraction between pointers shall only be applied to pointers that address elements of the same array,ARR36-C,Memory2,Easy, cpp,MISRA-C++-2023,RULE-8-9-1,Yes,Required,Undecidable,System,"The built-in relational operators >, >=, < and <= shall not be applied to objects of pointer type, except where they point to elements of the same array",ARR36-C,Memory3,Easy, cpp,MISRA-C++-2023,RULE-8-14-1,Yes,Advisory,Undecidable,System,The right-hand operand of a logical && or operator should not contain persistent side effects,"M5-14-1, RULE-13-5",SideEffects3,Medium, -cpp,MISRA-C++-2023,RULE-8-18-1,Yes,Mandatory,Undecidable,System,An object or subobject must not be copied to an overlapping object,"M0-2-1, RULE-19-1",Memory5,Hard, +cpp,MISRA-C++-2023,RULE-8-18-1,Yes,Mandatory,Undecidable,System,An object or subobject must not be copied to an overlapping object,"M0-2-1, RULE-19-1",Memory4,Hard, cpp,MISRA-C++-2023,RULE-8-18-2,Yes,Advisory,Decidable,Single Translation Unit,The result of an assignment operator should not be used,RULE-13-4,ImportMisra23,Import, cpp,MISRA-C++-2023,RULE-8-19-1,Yes,Advisory,Decidable,Single Translation Unit,The comma operator should not be used,M5-18-1,ImportMisra23,Import, cpp,MISRA-C++-2023,RULE-8-20-1,Yes,Advisory,Decidable,Single Translation Unit,An unsigned arithmetic operation with constant operands should not wrap,INT30-C,ImportMisra23,Import, From f3fdbea563aa57a6bb90f37b8b4929f31000727a Mon Sep 17 00:00:00 2001 From: Jeongsoo Lee Date: Thu, 5 Feb 2026 19:17:22 -0500 Subject: [PATCH 06/13] Fix formatting issues --- .../RULE-19-1/ObjectAssignedToAnOverlappingObjectMisraC.ql | 3 ++- .../rules/RULE-19-1/ObjectCopiedToAnOverlappingObjectMisraC.ql | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/c/misra/src/rules/RULE-19-1/ObjectAssignedToAnOverlappingObjectMisraC.ql b/c/misra/src/rules/RULE-19-1/ObjectAssignedToAnOverlappingObjectMisraC.ql index 92796bdf7..e569b4829 100644 --- a/c/misra/src/rules/RULE-19-1/ObjectAssignedToAnOverlappingObjectMisraC.ql +++ b/c/misra/src/rules/RULE-19-1/ObjectAssignedToAnOverlappingObjectMisraC.ql @@ -15,7 +15,8 @@ import cpp import codingstandards.c.misra import codingstandards.cpp.rules.objectassignedtoanoverlappingobject.ObjectAssignedToAnOverlappingObject -class ObjectAssignedToAnOverlappingObjectMisraCQuery extends ObjectAssignedToAnOverlappingObjectSharedQuery { +class ObjectAssignedToAnOverlappingObjectMisraCQuery extends ObjectAssignedToAnOverlappingObjectSharedQuery +{ ObjectAssignedToAnOverlappingObjectMisraCQuery() { this = Contracts7Package::objectAssignedToAnOverlappingObjectMisraCQuery() } diff --git a/c/misra/src/rules/RULE-19-1/ObjectCopiedToAnOverlappingObjectMisraC.ql b/c/misra/src/rules/RULE-19-1/ObjectCopiedToAnOverlappingObjectMisraC.ql index db3759ccd..57bc31c83 100644 --- a/c/misra/src/rules/RULE-19-1/ObjectCopiedToAnOverlappingObjectMisraC.ql +++ b/c/misra/src/rules/RULE-19-1/ObjectCopiedToAnOverlappingObjectMisraC.ql @@ -15,7 +15,8 @@ import cpp import codingstandards.c.misra import codingstandards.cpp.rules.objectcopiedtoanoverlappingobject.ObjectCopiedToAnOverlappingObject -class ObjectCopiedToAnOverlappingObjectMisraCQuery extends ObjectCopiedToAnOverlappingObjectSharedQuery { +class ObjectCopiedToAnOverlappingObjectMisraCQuery extends ObjectCopiedToAnOverlappingObjectSharedQuery +{ ObjectCopiedToAnOverlappingObjectMisraCQuery() { this = Contracts7Package::objectCopiedToAnOverlappingObjectMisraCQuery() } From c91971cbea567e2d16c003a6e83e58515df0ed19 Mon Sep 17 00:00:00 2001 From: Jeongsoo Lee Date: Thu, 5 Feb 2026 19:22:11 -0500 Subject: [PATCH 07/13] Apply suggestions from Copilot --- .../ObjectAssignedToAnOverlappingObject.qll | 1 + .../ObjectAssignedToAnOverlappingObjectMisraCpp.ql | 5 +++-- .../RULE-8-18-1/ObjectCopiedToAnOverlappingObjectMisraCpp.ql | 2 +- rule_packages/cpp/Memory4.json | 4 ++-- 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/cpp/common/src/codingstandards/cpp/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.qll b/cpp/common/src/codingstandards/cpp/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.qll index ec3505f41..c775339ee 100644 --- a/cpp/common/src/codingstandards/cpp/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.qll +++ b/cpp/common/src/codingstandards/cpp/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.qll @@ -59,6 +59,7 @@ query predicate problems( */ exists(Expr lhs, Expr rhs | + not isExcluded(assignExpr, getQuery()) and lhs.getType() instanceof Union and rhs.getType() instanceof Union and lhs = getAQualifier(assignExpr.getLValue()) and diff --git a/cpp/misra/src/rules/RULE-8-18-1/ObjectAssignedToAnOverlappingObjectMisraCpp.ql b/cpp/misra/src/rules/RULE-8-18-1/ObjectAssignedToAnOverlappingObjectMisraCpp.ql index eb025bfa1..20fff7a3f 100644 --- a/cpp/misra/src/rules/RULE-8-18-1/ObjectAssignedToAnOverlappingObjectMisraCpp.ql +++ b/cpp/misra/src/rules/RULE-8-18-1/ObjectAssignedToAnOverlappingObjectMisraCpp.ql @@ -1,7 +1,7 @@ /** * @id cpp/misra/object-assigned-to-an-overlapping-object-misra-cpp * @name RULE-8-18-1: A member of a union must not be copied to its another member - * @description Copying a member of a union to another causes undefined behavior. + * @description Copying a member of a union to another member causes undefined behavior. * @kind problem * @precision high * @problem.severity error @@ -16,7 +16,8 @@ import cpp import codingstandards.cpp.misra import codingstandards.cpp.rules.objectassignedtoanoverlappingobject.ObjectAssignedToAnOverlappingObject -class ObjectAssignedToAnOverlappingObjectMisraCppQuery extends ObjectAssignedToAnOverlappingObjectSharedQuery { +class ObjectAssignedToAnOverlappingObjectMisraCppQuery extends ObjectAssignedToAnOverlappingObjectSharedQuery +{ ObjectAssignedToAnOverlappingObjectMisraCppQuery() { this = Memory4Package::objectAssignedToAnOverlappingObjectMisraCppQuery() } diff --git a/cpp/misra/src/rules/RULE-8-18-1/ObjectCopiedToAnOverlappingObjectMisraCpp.ql b/cpp/misra/src/rules/RULE-8-18-1/ObjectCopiedToAnOverlappingObjectMisraCpp.ql index 6ba54e82c..b0db17b01 100644 --- a/cpp/misra/src/rules/RULE-8-18-1/ObjectCopiedToAnOverlappingObjectMisraCpp.ql +++ b/cpp/misra/src/rules/RULE-8-18-1/ObjectCopiedToAnOverlappingObjectMisraCpp.ql @@ -1,6 +1,6 @@ /** * @id cpp/misra/object-copied-to-an-overlapping-object-misra-cpp - * @name RULE-8-18-1: An slice of an array must not be copied to an overlapping region of itself + * @name RULE-8-18-1: A slice of an array must not be copied to an overlapping region of itself * @description Copying a slice of an array to an overlapping region of the same array causes * undefined behavior. * @kind problem diff --git a/rule_packages/cpp/Memory4.json b/rule_packages/cpp/Memory4.json index 9fd364504..e25ff0d30 100644 --- a/rule_packages/cpp/Memory4.json +++ b/rule_packages/cpp/Memory4.json @@ -7,7 +7,7 @@ }, "queries": [ { - "description": "Copying a member of a union to another causes undefined behavior.", + "description": "Copying a member of a union to another member causes undefined behavior.", "kind": "problem", "name": "A member of a union must not be copied to its another member", "precision": "high", @@ -22,7 +22,7 @@ { "description": "Copying a slice of an array to an overlapping region of the same array causes undefined behavior.", "kind": "problem", - "name": "An slice of an array must not be copied to an overlapping region of itself", + "name": "A slice of an array must not be copied to an overlapping region of itself", "precision": "high", "severity": "error", "short_name": "ObjectCopiedToAnOverlappingObjectMisraCpp", From 991739597bc55866a7de335a01c1a3b211c6293b Mon Sep 17 00:00:00 2001 From: Jeongsoo Lee Date: Fri, 6 Feb 2026 10:44:01 -0500 Subject: [PATCH 08/13] Remove imports of `codingstandards.c.misra` in shared queries --- .../ObjectAssignedToAnOverlappingObject.qll | 1 - .../ObjectCopiedToAnOverlappingObject.qll | 1 - 2 files changed, 2 deletions(-) diff --git a/cpp/common/src/codingstandards/cpp/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.qll b/cpp/common/src/codingstandards/cpp/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.qll index c775339ee..37ce658bf 100644 --- a/cpp/common/src/codingstandards/cpp/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.qll +++ b/cpp/common/src/codingstandards/cpp/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.qll @@ -6,7 +6,6 @@ import cpp import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions -import codingstandards.c.misra import semmle.code.cpp.valuenumbering.GlobalValueNumbering abstract class ObjectAssignedToAnOverlappingObjectSharedQuery extends Query { } diff --git a/cpp/common/src/codingstandards/cpp/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.qll b/cpp/common/src/codingstandards/cpp/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.qll index d9ef3dfa2..247040827 100644 --- a/cpp/common/src/codingstandards/cpp/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.qll +++ b/cpp/common/src/codingstandards/cpp/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.qll @@ -6,7 +6,6 @@ import cpp import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions -import codingstandards.c.misra import semmle.code.cpp.valuenumbering.GlobalValueNumbering abstract class ObjectCopiedToAnOverlappingObjectSharedQuery extends Query { } From f7aabeabb618fbe96c9564056077596fc21a2ee7 Mon Sep 17 00:00:00 2001 From: Jeongsoo Lee Date: Fri, 6 Feb 2026 10:48:15 -0500 Subject: [PATCH 09/13] Fix QL formatting --- .../M0-2-1/ObjectAssignedToAnOverlappingObjectAutosarCpp.ql | 3 ++- .../RULE-8-18-1/ObjectCopiedToAnOverlappingObjectMisraCpp.ql | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/cpp/autosar/src/rules/M0-2-1/ObjectAssignedToAnOverlappingObjectAutosarCpp.ql b/cpp/autosar/src/rules/M0-2-1/ObjectAssignedToAnOverlappingObjectAutosarCpp.ql index 4c3179006..bd15475e1 100644 --- a/cpp/autosar/src/rules/M0-2-1/ObjectAssignedToAnOverlappingObjectAutosarCpp.ql +++ b/cpp/autosar/src/rules/M0-2-1/ObjectAssignedToAnOverlappingObjectAutosarCpp.ql @@ -16,7 +16,8 @@ import cpp import codingstandards.cpp.autosar import codingstandards.cpp.rules.objectassignedtoanoverlappingobject.ObjectAssignedToAnOverlappingObject -class ObjectAssignedToAnOverlappingObjectAutosarCppQuery extends ObjectAssignedToAnOverlappingObjectSharedQuery { +class ObjectAssignedToAnOverlappingObjectAutosarCppQuery extends ObjectAssignedToAnOverlappingObjectSharedQuery +{ ObjectAssignedToAnOverlappingObjectAutosarCppQuery() { this = RepresentationPackage::objectAssignedToAnOverlappingObjectAutosarCppQuery() } diff --git a/cpp/misra/src/rules/RULE-8-18-1/ObjectCopiedToAnOverlappingObjectMisraCpp.ql b/cpp/misra/src/rules/RULE-8-18-1/ObjectCopiedToAnOverlappingObjectMisraCpp.ql index b0db17b01..5a2879abe 100644 --- a/cpp/misra/src/rules/RULE-8-18-1/ObjectCopiedToAnOverlappingObjectMisraCpp.ql +++ b/cpp/misra/src/rules/RULE-8-18-1/ObjectCopiedToAnOverlappingObjectMisraCpp.ql @@ -17,7 +17,8 @@ import cpp import codingstandards.cpp.misra import codingstandards.cpp.rules.objectcopiedtoanoverlappingobject.ObjectCopiedToAnOverlappingObject -class ObjectCopiedToAnOverlappingObjectMisraCppQuery extends ObjectCopiedToAnOverlappingObjectSharedQuery { +class ObjectCopiedToAnOverlappingObjectMisraCppQuery extends ObjectCopiedToAnOverlappingObjectSharedQuery +{ ObjectCopiedToAnOverlappingObjectMisraCppQuery() { this = Memory4Package::objectCopiedToAnOverlappingObjectMisraCppQuery() } From e632ba90a63751e6b4df8494154d1ccf393818ed Mon Sep 17 00:00:00 2001 From: Jeongsoo Lee Date: Fri, 6 Feb 2026 11:01:17 -0500 Subject: [PATCH 10/13] Fix an import problem from sharing the query The module `codingstandards.cpp.SimpleRangeAnalysisCustomizations` is included in `codingstandards.c.misra` which this query doesn't import anymore from being shared. Therefore, manually include it in the import list. --- .../ObjectCopiedToAnOverlappingObject.qll | 1 + 1 file changed, 1 insertion(+) diff --git a/cpp/common/src/codingstandards/cpp/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.qll b/cpp/common/src/codingstandards/cpp/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.qll index 247040827..625a2f572 100644 --- a/cpp/common/src/codingstandards/cpp/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.qll +++ b/cpp/common/src/codingstandards/cpp/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.qll @@ -6,6 +6,7 @@ import cpp import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions +import codingstandards.cpp.SimpleRangeAnalysisCustomizations import semmle.code.cpp.valuenumbering.GlobalValueNumbering abstract class ObjectCopiedToAnOverlappingObjectSharedQuery extends Query { } From f0429452f1db157ac6e7a62cd36417cea1fa006a Mon Sep 17 00:00:00 2001 From: Jeongsoo Lee Date: Fri, 6 Feb 2026 16:02:39 -0500 Subject: [PATCH 11/13] Add objectassignedtoanoverlappingobject for C and update expected results --- ...jectAssignedToAnOverlappingObject.expected | 2 +- .../test.c | 53 +++++++++++++++++++ ...jectAssignedToAnOverlappingObject.expected | 2 +- 3 files changed, 55 insertions(+), 2 deletions(-) diff --git a/c/common/test/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.expected b/c/common/test/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.expected index 2ec1a0ac6..8c529b82e 100644 --- a/c/common/test/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.expected +++ b/c/common/test/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.expected @@ -1 +1 @@ -No expected results have yet been specified \ No newline at end of file +| test.c:36:3:36:18 | ... = ... | An object $@ assigned to overlapping object $@. | test.c:36:9:36:10 | m2 | m2 | test.c:36:17:36:18 | m1 | m1 | diff --git a/c/common/test/rules/objectassignedtoanoverlappingobject/test.c b/c/common/test/rules/objectassignedtoanoverlappingobject/test.c index e69de29bb..6b308c130 100644 --- a/c/common/test/rules/objectassignedtoanoverlappingobject/test.c +++ b/c/common/test/rules/objectassignedtoanoverlappingobject/test.c @@ -0,0 +1,53 @@ +struct s1 { + int m1[10]; +}; +struct s2 { + int m1; + struct s1 m2; +}; + +union u { + struct s1 m1; + struct s2 m2; +}; + +typedef struct { + char buf[8]; +} Union_t; + +typedef union { + + unsigned char uc[24]; + + struct { + Union_t prefix; + Union_t suffix; + } fnv; + + struct { + unsigned char padding[16]; + Union_t suffix; + } diff; + +} UnionSecret_t; + +void overlapping_access() { + union u u1; + u1.m2.m2 = u1.m1; // NON_COMPLIANT, different struct. u1.m2 and u1.m1 +} + +void cross_copy() { + UnionSecret_t hash1; + hash1.diff.suffix = + hash1.fnv.suffix; // COMPLIANT (copy across structs), but safe. +} + +void internal_shift() { + UnionSecret_t hash1; + hash1.fnv.prefix = hash1.fnv.suffix; // COMPLIANT, same struct. +} + +void separate_access() { + UnionSecret_t hash1, hash2; + hash2.diff.suffix = hash1.fnv.suffix; // COMPLIANT, different union. +} diff --git a/cpp/common/test/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.expected b/cpp/common/test/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.expected index 2ec1a0ac6..72fc7a419 100644 --- a/cpp/common/test/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.expected +++ b/cpp/common/test/rules/objectassignedtoanoverlappingobject/ObjectAssignedToAnOverlappingObject.expected @@ -1 +1 @@ -No expected results have yet been specified \ No newline at end of file +| test.cpp:36:3:36:18 | ... = ... | An object $@ assigned to overlapping object $@. | test.cpp:36:9:36:10 | m2 | m2 | test.cpp:36:17:36:18 | m1 | m1 | From 999a55ba4fa39c2fe2ea0cfd2feaf0058a3de02a Mon Sep 17 00:00:00 2001 From: Jeongsoo Lee Date: Fri, 6 Feb 2026 16:05:19 -0500 Subject: [PATCH 12/13] Add objectcopiedtoanoverlappingobject for C and update expected results --- ...ObjectCopiedToAnOverlappingObject.expected | 6 +- .../objectcopiedtoanoverlappingobject/test.c | 60 +++++++++++++++++++ ...ObjectCopiedToAnOverlappingObject.expected | 6 +- 3 files changed, 70 insertions(+), 2 deletions(-) diff --git a/c/common/test/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.expected b/c/common/test/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.expected index 2ec1a0ac6..fe2db5318 100644 --- a/c/common/test/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.expected +++ b/c/common/test/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.expected @@ -1 +1,5 @@ -No expected results have yet been specified \ No newline at end of file +| test.c:8:3:8:8 | call to memcpy | The object to copy $@ overlaps the object to copy $@. | test.c:8:17:8:21 | & ... | from | test.c:8:10:8:14 | & ... | to | +| test.c:10:3:10:8 | call to memcpy | The object to copy $@ overlaps the object to copy $@. | test.c:10:17:10:21 | & ... | from | test.c:10:10:10:14 | & ... | to | +| test.c:11:3:11:8 | call to memcpy | The object to copy $@ overlaps the object to copy $@. | test.c:11:17:11:17 | o | from | test.c:11:10:11:14 | ... + ... | to | +| test.c:13:3:13:8 | call to memcpy | The object to copy $@ overlaps the object to copy $@. | test.c:13:17:13:21 | ... + ... | from | test.c:13:10:13:14 | ... + ... | to | +| test.c:57:3:57:8 | call to memcpy | The object to copy $@ overlaps the object to copy $@. | test.c:57:21:57:26 | & ... | from | test.c:57:10:57:18 | & ... | to | diff --git a/c/common/test/rules/objectcopiedtoanoverlappingobject/test.c b/c/common/test/rules/objectcopiedtoanoverlappingobject/test.c index e69de29bb..17b772ebe 100644 --- a/c/common/test/rules/objectcopiedtoanoverlappingobject/test.c +++ b/c/common/test/rules/objectcopiedtoanoverlappingobject/test.c @@ -0,0 +1,60 @@ +#include + +int o[10]; +void g(void) { + + o[2] = o[0]; // COMPLIANT + + memcpy(&o[1], &o[0], 2); // NON_COMPLIANT + memcpy(&o[2], &o[0], 2); // COMPLIANT + memcpy(&o[2], &o[1], 2); // NON_COMPLIANT + memcpy(o + 1, o, 2); // NON_COMPLIANT + memcpy(o + 2, o, 2); // COMPLIANT + memcpy(o + 2, o + 1, 2); // NON_COMPLIANT + + // Exception 1 + int *p = &o[0]; + int *q = &o[0]; + + *p = *q; // COMPLIANT + memcpy(&o[0], &o[0], 2); // COMPLIANT + memcpy(o, o, 2); // COMPLIANT + + // Exception 2 + memmove(&o[1], &o[0], 2u * sizeof(o[0])); // COMPLIANT +} + +struct s1 { + int m1[10]; +}; +struct s2 { + int m1; + struct s1 m2; +}; +union u { + struct s1 m1; + struct s2 m2; +} u1; + +typedef struct { + char buf[8]; +} Union_t; +union { + unsigned char uc[24]; + struct { + Union_t prefix; + Union_t suffix; + } fnv; + struct { + unsigned char padding[16]; + Union_t suffix; + } diff; +} u2; + +void test_unions() { + u1.m2.m2 = u1.m1; // NON_COMPLIANT + + memcpy(&u1.m2.m2, &u1.m1, sizeof(u1.m1)); // NON_COMPLIANT + memcpy(&u2.diff.suffix, &u2.fnv.suffix, sizeof(u2.fnv.suffix)); // COMPLIANT +} + diff --git a/cpp/common/test/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.expected b/cpp/common/test/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.expected index 2ec1a0ac6..cc079637f 100644 --- a/cpp/common/test/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.expected +++ b/cpp/common/test/rules/objectcopiedtoanoverlappingobject/ObjectCopiedToAnOverlappingObject.expected @@ -1 +1,5 @@ -No expected results have yet been specified \ No newline at end of file +| test.cpp:8:3:8:8 | call to memcpy | The object to copy $@ overlaps the object to copy $@. | test.cpp:8:17:8:21 | & ... | from | test.cpp:8:10:8:14 | & ... | to | +| test.cpp:10:3:10:8 | call to memcpy | The object to copy $@ overlaps the object to copy $@. | test.cpp:10:17:10:21 | & ... | from | test.cpp:10:10:10:14 | & ... | to | +| test.cpp:11:3:11:8 | call to memcpy | The object to copy $@ overlaps the object to copy $@. | test.cpp:11:17:11:17 | o | from | test.cpp:11:10:11:14 | ... + ... | to | +| test.cpp:13:3:13:8 | call to memcpy | The object to copy $@ overlaps the object to copy $@. | test.cpp:13:17:13:21 | ... + ... | from | test.cpp:13:10:13:14 | ... + ... | to | +| test.cpp:57:3:57:8 | call to memcpy | The object to copy $@ overlaps the object to copy $@. | test.cpp:57:21:57:26 | & ... | from | test.cpp:57:10:57:18 | & ... | to | From d6a5ca8885b189f43384fa0a0427f5d62f357f85 Mon Sep 17 00:00:00 2001 From: Jeongsoo Lee Date: Fri, 6 Feb 2026 16:08:52 -0500 Subject: [PATCH 13/13] Fix formatting of test.c --- c/common/test/rules/objectcopiedtoanoverlappingobject/test.c | 1 - 1 file changed, 1 deletion(-) diff --git a/c/common/test/rules/objectcopiedtoanoverlappingobject/test.c b/c/common/test/rules/objectcopiedtoanoverlappingobject/test.c index 17b772ebe..47c245c0a 100644 --- a/c/common/test/rules/objectcopiedtoanoverlappingobject/test.c +++ b/c/common/test/rules/objectcopiedtoanoverlappingobject/test.c @@ -57,4 +57,3 @@ void test_unions() { memcpy(&u1.m2.m2, &u1.m1, sizeof(u1.m1)); // NON_COMPLIANT memcpy(&u2.diff.suffix, &u2.fnv.suffix, sizeof(u2.fnv.suffix)); // COMPLIANT } -