Merge remote-tracking branch 'origin/main' into michaelrfairhurst/implement-missing-sin-precision-amendment

Author: MichaelRFairhurst

amendments.csv

@@ -1,20 +1,20 @@
 language,standard,amendment,rule_id,supportable,implementation_category,implemented,difficulty
 c,MISRA-C-2012,Amendment3,DIR-4-6,Yes,Expand,Yes,Easy
-c,MISRA-C-2012,Amendment3,DIR-4-9,Yes,Refine,No,Easy
+c,MISRA-C-2012,Amendment3,DIR-4-9,Yes,Refine,Yes,Easy
 c,MISRA-C-2012,Amendment3,DIR-4-11,Yes,Refine,Yes,Import
-c,MISRA-C-2012,Amendment3,RULE-1-4,Yes,Replace,No,Easy
+c,MISRA-C-2012,Amendment3,RULE-1-4,Yes,Replace,Yes,Easy
 c,MISRA-C-2012,Amendment3,RULE-10-1,Yes,Replace,Yes,Easy
 c,MISRA-C-2012,Amendment3,RULE-10-3,Yes,Refine,Yes,Easy
 c,MISRA-C-2012,Amendment3,RULE-10-4,Yes,Refine,Yes,Import
 c,MISRA-C-2012,Amendment3,RULE-10-5,Yes,Expand,Yes,Easy
 c,MISRA-C-2012,Amendment3,RULE-10-7,Yes,Refine,Yes,Import
 c,MISRA-C-2012,Amendment3,RULE-10-8,Yes,Refine,Yes,Import
 c,MISRA-C-2012,Amendment3,RULE-21-11,Yes,Clarification,Yes,Import
-c,MISRA-C-2012,Amendment3,RULE-21-12,Yes,Replace,No,Easy
+c,MISRA-C-2012,Amendment3,RULE-21-12,Yes,Replace,Yes,Easy
 c,MISRA-C-2012,Amendment4,RULE-11-3,Yes,Expand,Yes,Easy
 c,MISRA-C-2012,Amendment4,RULE-11-8,Yes,Expand,Yes,Easy
 c,MISRA-C-2012,Amendment4,RULE-13-2,Yes,Expand,Yes,Very Hard
-c,MISRA-C-2012,Amendment4,RULE-18-6,Yes,Expand,No,Medium
+c,MISRA-C-2012,Amendment4,RULE-18-6,Yes,Expand,Yes,Medium
 c,MISRA-C-2012,Amendment4,RULE-18-8,Yes,Split,Yes,Easy
 c,MISRA-C-2012,Amendment4,RULE-2-2,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Amendment4,RULE-2-7,Yes,Clarification,Yes,Import
@@ -26,7 +26,6 @@ c,MISRA-C-2012,Amendment4,RULE-10-1,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Amendment4,RULE-18-3,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Amendment4,RULE-1-4,Yes,Replace,No,Easy
 c,MISRA-C-2012,Amendment4,RULE-9-1,Yes,Refine,Yes,Easy
-c,MISRA-C-2012,Amendment4,RULE-9-2,Yes,Refine,No,Import
 c,MISRA-C-2012,Corrigendum2,DIR-4-10,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Corrigendum2,RULE-7-4,Yes,Refine,Yes,Easy
 c,MISRA-C-2012,Corrigendum2,RULE-8-2,Yes,Clarification,Yes,Import

c/common/src/codingstandards/c/SubObjects.qll

@@ -0,0 +1,125 @@
+/**
+ * A library that expands upon the `Objects.qll` library, to support nested "Objects" such as
+ * `x.y.z` or `x[i][j]` within an object `x`.
+ *
+ * Objects in C are values in memory, that have a type and a storage duration. In the case of
+ * array objects and struct objects, the object will contain other objects. The these subobjects
+ * will share properties of the root object such as storage duration. This library can be used to,
+ * for instance, find all usages of a struct member to ensure that member is initialized before it
+ * is used.
+ *
+ * To use this library, select `SubObject` and find its usages in the AST via `getAnAccess()` (to
+ * find usages of the subobject by value) or `getAnAddressOfExpr()` (to find usages of the object
+ * by address).
+ *
+ * Note that a struct or array object may contain a pointer. In this case, the pointer itself is
+ * a subobject of the struct or array object, but the object that the pointer points to is not.
+ * This is because the pointed-to object does not necessarily have the same storage duration,
+ * lifetime, or linkage as the pointer and the object containing the pointer.
+ *
+ * Note as well that `getAnAccess()` on an array subobject will return all accesses to the array,
+ * not just accesses to a particular index. For this reason, `SubObject` exposes the predicate
+ * `isPrecise()`. If a subobject is precise, that means all results of `getAnAccess()` will
+ * definitely refer to the same object in memory. If it is not precise, the different accesses
+ * may refer to the same or different objects in memory. For instance, `x[i].y` and `x[j].y` are
+ * the same object if `i` and `j` are the same, but they are different objects if `i` and `j` are
+ * different.
+ */
+
+import codingstandards.c.Objects
+
+newtype TSubObject =
+  TObjectRoot(ObjectIdentity i) or
+  TObjectMember(SubObject struct, MemberVariable m) {
+    m = struct.getType().(Struct).getAMemberVariable()
+  } or
+  TObjectIndex(SubObject array) { array.getType() instanceof ArrayType }
+
+class SubObject extends TSubObject {
+  string toString() {
+    exists(ObjectIdentity i |
+      this = TObjectRoot(i) and
+      result = i.toString()
+    )
+    or
+    exists(SubObject struct, Variable m |
+      this = TObjectMember(struct, m) and
+      result = struct.toString() + "." + m.getName()
+    )
+    or
+    exists(SubObject array |
+      this = TObjectIndex(array) and
+      result = array.toString()
+    )
+  }
+
+  Type getType() {
+    exists(ObjectIdentity i |
+      this = TObjectRoot(i) and
+      result = i.getType()
+    )
+    or
+    exists(Variable m |
+      this = TObjectMember(_, m) and
+      result = m.getType()
+    )
+    or
+    exists(SubObject array |
+      this = TObjectIndex(array) and
+      result = array.getType().(ArrayType).getBaseType()
+    )
+  }
+
+  /**
+   * Holds for object roots and for member accesses on that root, not for array accesses.
+   *
+   * This is useful for cases where we do not wish to treat `x[y]` and `x[z]` as the same object.
+   */
+  predicate isPrecise() { not getParent*() = TObjectIndex(_) }
+
+  SubObject getParent() {
+    exists(SubObject struct, MemberVariable m |
+      this = TObjectMember(struct, m) and
+      result = struct
+    )
+    or
+    exists(SubObject array |
+      this = TObjectIndex(array) and
+      result = array
+    )
+  }
+
+  Expr getAnAccess() {
+    exists(ObjectIdentity i |
+      this = TObjectRoot(i) and
+      result = i.getAnAccess()
+    )
+    or
+    exists(MemberVariable m |
+      this = TObjectMember(_, m) and
+      result = m.getAnAccess() and
+      // Only consider `DotFieldAccess`es, not `PointerFieldAccess`es, as the latter
+      // are not subobjects of the root object:
+      result.(DotFieldAccess).getQualifier() = getParent().getAnAccess()
+    )
+    or
+    this = TObjectIndex(_) and
+    result.(ArrayExpr).getArrayBase() = getParent().getAnAccess()
+  }
+
+  AddressOfExpr getAnAddressOfExpr() { result.getOperand() = this.getAnAccess() }
+
+  /**
+   * Get the "root" object identity to which this subobject belongs. For instance, in the
+   * expression `x.y.z`, the root object is `x`. This subobject will share properties with the root
+   * object such as storage duration, lifetime, and linkage.
+   */
+  ObjectIdentity getRootIdentity() {
+    exists(ObjectIdentity i |
+      this = TObjectRoot(i) and
+      result = i
+    )
+    or
+    result = getParent().getRootIdentity()
+  }
+}

c/common/src/codingstandards/c/initialization/GlobalInitializationAnalysis.qll

@@ -0,0 +1,95 @@
+import cpp
+import codingstandards.c.Objects
+import codingstandards.cpp.Concurrency
+import codingstandards.cpp.Type
+
+signature module GlobalInitializationAnalysisConfigSig {
+  /** A function which is not called or started as a thread */
+  default predicate isRootFunction(Function f) {
+    not exists(Function f2 | f2.calls(f)) and
+    not f instanceof ThreadedFunction and
+    // Exclude functions which are used as function pointers.
+    not exists(FunctionAccess access | f = access.getTarget())
+  }
+
+  ObjectIdentity getAnInitializedObject(Expr e);
+
+  ObjectIdentity getAUsedObject(Expr e);
+}
+
+module GlobalInitalizationAnalysis<GlobalInitializationAnalysisConfigSig Config> {
+  final class FinalFunction = Function;
+
+  final class FinalExpr = Expr;
+
+  class RootFunction extends FinalFunction {
+    RootFunction() { Config::isRootFunction(this) }
+  }
+
+  /** A function call which initializes a mutex or a condition */
+  class ObjectInit extends FinalExpr {
+    ObjectIdentity owningObject;
+
+    ObjectInit() { owningObject = Config::getAnInitializedObject(this) }
+
+    ObjectIdentity getOwningObject() { result = owningObject }
+  }
+
+  /**
+   * A function argument where that argument is used as a mutex or condition object.
+   */
+  class ObjectUse extends FinalExpr {
+    ObjectIdentity owningObject;
+
+    ObjectUse() { owningObject = Config::getAUsedObject(this) }
+
+    ObjectIdentity getOwningObject() { result = owningObject }
+  }
+
+  predicate requiresInitializedMutexObject(
+    Function func, ObjectUse mutexUse, ObjectIdentity owningObject
+  ) {
+    mutexUse.getEnclosingFunction() = func and
+    owningObject = mutexUse.getOwningObject() and
+    not exists(ObjectInit init |
+      init.getEnclosingFunction() = func and
+      init.getOwningObject() = owningObject and
+      mutexUse.getAPredecessor+() = init
+    )
+    or
+    exists(FunctionCall call |
+      func = call.getEnclosingFunction() and
+      requiresInitializedMutexObject(call.getTarget(), mutexUse, owningObject) and
+      not exists(ObjectInit init |
+        call.getAPredecessor*() = init and
+        init.getOwningObject() = owningObject
+      )
+    )
+    or
+    exists(C11ThreadCreateCall call |
+      func = call.getEnclosingFunction() and
+      not owningObject.getStorageDuration().isThread() and
+      requiresInitializedMutexObject(call.getFunction(), mutexUse, owningObject) and
+      not exists(ObjectInit init |
+        call.getAPredecessor*() = init and
+        init.getOwningObject() = owningObject
+      )
+    )
+  }
+
+  predicate uninitializedFrom(Expr e, ObjectIdentity obj, Function callRoot) {
+    exists(ObjectUse use | use = e |
+      obj = use.getOwningObject() and
+      requiresInitializedMutexObject(callRoot, use, obj) and
+      (
+        if obj.getStorageDuration().isAutomatic()
+        then obj.getEnclosingElement+() = callRoot
+        else (
+          obj.getStorageDuration().isThread() and callRoot instanceof ThreadedFunction
+          or
+          callRoot instanceof RootFunction
+        )
+      )
+    )
+  }
+}

c/common/test/includes/standard-library/stdlib.h

@@ -49,6 +49,7 @@ int at_quick_exit (void (*) (void));
 _Noreturn void quick_exit (int);
 
 char *getenv (const char *);
+char *getenv_s (size_t *restrict len, char *restrict value, size_t valuesz, const char *restrict name);
 
 int system (const char *);