RULE-7-11-3 - FunctionPointerConversionContext

lcartey · lcartey · commit bb9f5a1f0c37 · 2025-06-25T10:00:31.000+01:00
Detects inappropriate implicit conversions from function type to
pointer-to-function type outside of static_cast or assignment contexts.
Prevents ambiguous code where function pointer usage in boolean or
arithmetic expressions may contradict developer intent. [a]
diff --git a/cpp/misra/src/codingstandards/cpp/misra/BuiltInTypeRules.qll b/cpp/misra/src/codingstandards/cpp/misra/BuiltInTypeRules.qll
@@ -121,14 +121,14 @@ class CanonicalIntegerTypes extends NumericType, IntegralType {
   CanonicalIntegerTypes() { this = this.getCanonicalArithmeticType() }
 }
 
-predicate isAssignment(Expr source, NumericType targetType, string context) {
+predicate isAssignment(Expr source, Type targetType, string context) {
   exists(Expr preConversionAssignment |
     isPreConversionAssignment(preConversionAssignment, targetType, context) and
     preConversionAssignment.getExplicitlyConverted() = source
   )
 }
 
-predicate isPreConversionAssignment(Expr source, NumericType targetType, string context) {
+predicate isPreConversionAssignment(Expr source, Type targetType, string context) {
   // Assignment expression (which excludes compound assignments)
   exists(AssignExpr assign |
     assign.getRValue() = source and
diff --git a/cpp/misra/src/rules/RULE-7-11-3/FunctionPointerConversionContext.ql b/cpp/misra/src/rules/RULE-7-11-3/FunctionPointerConversionContext.ql
@@ -0,0 +1,63 @@
+/**
+ * @id cpp/misra/function-pointer-conversion-context
+ * @name RULE-7-11-3: A conversion from function type to pointer-to-function type shall only occur in appropriate contexts
+ * @description Converting a function type to a pointer-to-function type outside of static_cast or
+ *              assignment to a pointer-to-function object creates ambiguous behavior and potential
+ *              unintended effects.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity error
+ * @tags external/misra/id/rule-7-11-3
+ *       scope/single-translation-unit
+ *       external/misra/enforcement/decidable
+ *       external/misra/obligation/required
+ */
+
+import cpp
+import codingstandards.cpp.misra
+import codingstandards.cpp.misra.BuiltInTypeRules
+import codingstandards.cpp.Type
+
+/**
+ * An `Expr` representing an implicit conversion from a function type to a pointer-to-function type.
+ *
+ * Despite the name, these are not `Conversion`s in our model. Instead, they are expressions
+ * representing functions that have been implicilty converted to function pointers.
+ */
+abstract class FunctionToFunctionPointerConversion extends Expr { }
+
+/**
+ * A `FunctionAccess` that has been implicitly converted to a function pointer type.
+ */
+class FunctionAccessConversionToFunctionPointer extends FunctionAccess,
+  FunctionToFunctionPointerConversion
+{
+  FunctionAccessConversionToFunctionPointer() {
+    this.getType().getUnspecifiedType() instanceof FunctionPointerIshType
+  }
+}
+
+/**
+ * A `Call` to a `ConversionOperator` that converts a lambda to a function pointer type.
+ */
+class LambdaFunctionPointerConversion extends Call, FunctionToFunctionPointerConversion {
+  LambdaFunctionPointerConversion() {
+    this.getTarget().(ConversionOperator).getDestType() instanceof FunctionPointerIshType and
+    this.getQualifier().getType().getUnspecifiedType() instanceof Closure
+  }
+}
+
+from FunctionToFunctionPointerConversion f
+where
+  not isExcluded(f, ConversionsPackage::functionPointerConversionContextQuery()) and
+  // Not converted by an explicit static cast
+  not exists(Conversion c |
+    c.getExpr() = f and
+    not c.isImplicit() and
+    c.getType().getUnspecifiedType() instanceof FunctionPointerIshType
+  ) and
+  // Not a MISRA compliant assignment to a function pointer type
+  not exists(FunctionPointerIshType targetType | isAssignment(f, targetType, _))
+select f,
+  "Inappropriate conversion from function type to pointer-to-function type in '" + f.toString() +
+    "'."
diff --git a/cpp/misra/test/rules/RULE-7-11-3/FunctionPointerConversionContext.expected b/cpp/misra/test/rules/RULE-7-11-3/FunctionPointerConversionContext.expected
@@ -0,0 +1,16 @@
+| test.cpp:11:7:11:7 | f | Inappropriate conversion from function type to pointer-to-function type in 'f'. |
+| test.cpp:14:7:14:7 | f | Inappropriate conversion from function type to pointer-to-function type in 'f'. |
+| test.cpp:18:16:18:16 | f | Inappropriate conversion from function type to pointer-to-function type in 'f'. |
+| test.cpp:21:14:21:14 | f | Inappropriate conversion from function type to pointer-to-function type in 'f'. |
+| test.cpp:25:7:25:7 | call to operator void (*)() | Inappropriate conversion from function type to pointer-to-function type in 'call to operator void (*)()'. |
+| test.cpp:33:14:33:14 | call to operator void (*)() | Inappropriate conversion from function type to pointer-to-function type in 'call to operator void (*)()'. |
+| test.cpp:61:13:61:13 | f | Inappropriate conversion from function type to pointer-to-function type in 'f'. |
+| test.cpp:64:13:64:13 | f | Inappropriate conversion from function type to pointer-to-function type in 'f'. |
+| test.cpp:67:7:67:7 | f | Inappropriate conversion from function type to pointer-to-function type in 'f'. |
+| test.cpp:71:7:71:7 | f | Inappropriate conversion from function type to pointer-to-function type in 'f'. |
+| test.cpp:74:7:74:7 | f | Inappropriate conversion from function type to pointer-to-function type in 'f'. |
+| test.cpp:77:7:77:7 | f | Inappropriate conversion from function type to pointer-to-function type in 'f'. |
+| test.cpp:83:7:83:7 | f | Inappropriate conversion from function type to pointer-to-function type in 'f'. |
+| test.cpp:87:7:87:7 | f | Inappropriate conversion from function type to pointer-to-function type in 'f'. |
+| test.cpp:92:7:92:7 | call to operator void (*)() | Inappropriate conversion from function type to pointer-to-function type in 'call to operator void (*)()'. |
+| test.cpp:96:7:96:7 | call to operator void (*)() | Inappropriate conversion from function type to pointer-to-function type in 'call to operator void (*)()'. |
diff --git a/cpp/misra/test/rules/RULE-7-11-3/FunctionPointerConversionContext.qlref b/cpp/misra/test/rules/RULE-7-11-3/FunctionPointerConversionContext.qlref
@@ -0,0 +1 @@
+rules/RULE-7-11-3/FunctionPointerConversionContext.ql
diff --git a/cpp/misra/test/rules/RULE-7-11-3/test.cpp b/cpp/misra/test/rules/RULE-7-11-3/test.cpp
@@ -0,0 +1,98 @@
+#include <cstdint>
+#include <iostream>
+
+// Test functions
+extern int *f();
+void f1(double);
+void f1(std::uint32_t);
+void simple_function();
+
+void test_function_to_pointer_conversion() {
+  if (f) { // NON_COMPLIANT
+  }
+
+  if (f == nullptr) { // NON_COMPLIANT
+  }
+
+  std::cout << std::boolalpha // COMPLIANT - considered assignment
+            << f;             // NON_COMPLIANT - not assignment
+
+  // Non-compliant: Unary plus operator causing pointer decay
+  auto l1 = +f; // NON_COMPLIANT
+
+  auto lam = []() {};
+  // Lambda used in boolean context
+  if (lam) { // NON_COMPLIANT
+  }
+
+  // Lambda used in address-of operator
+  if (&lam) { // COMPLIANT
+  }
+
+  // Unary plus on lambda
+  auto l2 = +lam; // NON_COMPLIANT
+
+  // Using address-of operator
+  if (&f != nullptr) { // COMPLIANT
+  }
+
+  // Function call
+  (f)(); // COMPLIANT
+  lam(); // COMPLIANT
+
+  // static_cast conversion
+  auto selected = static_cast<void (*)(std::uint32_t)>(f1); // COMPLIANT
+
+  // Assignment to pointer-to-function type
+  void (*p)() = lam; // COMPLIANT
+
+  // Assignment to pointer-to-function type
+  int *(*func_ptr)() = f; // COMPLIANT
+
+  // Using address-of operator
+  void (*simple_ptr)() = &simple_function; // COMPLIANT
+
+  // Direct assignment without conversion
+  void (*simple_ptr2)() = simple_function; // COMPLIANT
+}
+
+void test_arithmetic_expressions() {
+  // Function used in arithmetic expression (triggers pointer decay)
+  auto l3 = f + 0; // NON_COMPLIANT
+
+  // Function used in arithmetic subtraction expression
+  auto l4 = f - 0; // NON_COMPLIANT
+
+  // Function used in comparison with non-null pointer
+  if (f > nullptr) { // NON_COMPLIANT
+  }
+
+  // Function used in relational operators
+  if (f < nullptr) { // NON_COMPLIANT
+  }
+
+  if (f <= nullptr) { // NON_COMPLIANT
+  }
+
+  if (f >= nullptr) { // NON_COMPLIANT
+  }
+}
+
+void test_logical_expressions() {
+  // Function used in logical AND expression
+  if (f && true) { // NON_COMPLIANT
+  }
+
+  // Function used in logical OR expression
+  if (f || false) { // NON_COMPLIANT
+  }
+
+  // Lambda used in logical AND expression
+  auto lam = []() {};
+  if (lam && true) { // NON_COMPLIANT
+  }
+
+  // Lambda used in logical OR expression
+  if (lam || false) { // NON_COMPLIANT
+  }
+}

Original file line number	Diff line number	Diff line change
`@@ -121,14 +121,14 @@ class CanonicalIntegerTypes extends NumericType, IntegralType {`
`121`	`121`	`CanonicalIntegerTypes() { this = this.getCanonicalArithmeticType() }`
`122`	`122`	`}`
`123`	`123`
`124`		`-predicate isAssignment(Expr source, NumericType targetType, string context) {`
	`124`	`+predicate isAssignment(Expr source, Type targetType, string context) {`
`125`	`125`	`exists(Expr preConversionAssignment \|`
`126`	`126`	`isPreConversionAssignment(preConversionAssignment, targetType, context) and`
`127`	`127`	`preConversionAssignment.getExplicitlyConverted() = source`
`128`	`128`	`)`
`129`	`129`	`}`
`130`	`130`
`131`		`-predicate isPreConversionAssignment(Expr source, NumericType targetType, string context) {`
	`131`	`+predicate isPreConversionAssignment(Expr source, Type targetType, string context) {`
`132`	`132`	`// Assignment expression (which excludes compound assignments)`
`133`	`133`	`exists(AssignExpr assign \|`
`134`	`134`	`assign.getRValue() = source and`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+rules/RULE-7-11-3/FunctionPointerConversionContext.ql`