Declarations7: add RULE-18-8

knewbury01 · knewbury01 · commit 712d76eb8b2e · 2023-01-17T11:28:35.000-05:00
diff --git a/c/misra/src/rules/RULE-18-8/VariableLengthArrayTypesUsed.ql b/c/misra/src/rules/RULE-18-8/VariableLengthArrayTypesUsed.ql
@@ -0,0 +1,55 @@
+/**
+ * @id c/misra/variable-length-array-types-used
+ * @name RULE-18-8: Variable-length array types shall not be used
+ * @description Using a variable length array can lead to unexpected or undefined program behaviour.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity error
+ * @tags external/misra/id/rule-18-8
+ *       correctness
+ *       readability
+ *       external/misra/obligation/required
+ */
+
+import cpp
+import codingstandards.c.misra
+
+predicate partOfConstantExpr(MacroInvocation i) {
+  exists(Expr e |
+    e.isConstant() and
+    not i.getExpr() = e and
+    i.getExpr().getParent+() = e
+  )
+}
+
+/**
+ * A variable length array (VLA)
+ * ie an array where the size
+ * is not an integer constant expression
+ */
+class VariableLengthArray extends VariableDeclarationEntry {
+  VariableLengthArray() {
+    //VLAs will not have: static/extern specifiers (compilation error)
+    not this.hasSpecifier("static") and
+    not this.hasSpecifier("extern") and
+    //VLAs are not allowed to be initialized
+    not this.getDeclaration().hasInitializer() and
+    exists(ArrayType a |
+      //a.hasArraySize() does not catch multidimensional VLAs like a[1][]
+      a.toString().matches("%[]%") and
+      this.getUnspecifiedType() = a and
+      //variable length array is one declared in block or function prototype
+      (
+        this.getDeclaration().getParentScope() instanceof Function or
+        this.getDeclaration().getParentScope() instanceof BlockStmt
+      )
+    )
+  }
+}
+
+from VariableLengthArray v
+where
+  not isExcluded(v, Declarations7Package::variableLengthArrayTypesUsedQuery()) and
+  //an exception, argv in : int main(int argc, char *argv[])
+  not v.getDeclaration().getParentScope().(Function).hasName("main")
+select v, "Variable length array declared."
diff --git a/c/misra/test/rules/RULE-18-8/VariableLengthArrayTypesUsed.expected b/c/misra/test/rules/RULE-18-8/VariableLengthArrayTypesUsed.expected
@@ -0,0 +1,6 @@
+WARNING: Unused predicate partOfConstantExpr (/Users/knewbury/Desktop/GITHUB/coding-standards/codeql-coding-standards/c/misra/src/rules/RULE-18-8/VariableLengthArrayTypesUsed.ql:17,11-29)
+| test.c:3:19:3:20 | definition of pa | Variable length array declared. |
+| test.c:6:7:6:8 | definition of a1 | Variable length array declared. |
+| test.c:7:7:7:8 | definition of a2 | Variable length array declared. |
+| test.c:8:7:8:8 | definition of a3 | Variable length array declared. |
+| test.c:14:20:14:21 | definition of pa | Variable length array declared. |
diff --git a/c/misra/test/rules/RULE-18-8/VariableLengthArrayTypesUsed.qlref b/c/misra/test/rules/RULE-18-8/VariableLengthArrayTypesUsed.qlref
@@ -0,0 +1 @@
+rules/RULE-18-8/VariableLengthArrayTypesUsed.ql
diff --git a/c/misra/test/rules/RULE-18-8/test.c b/c/misra/test/rules/RULE-18-8/test.c
@@ -0,0 +1,15 @@
+#define TEST 1
+
+void f(int n, int pa[1][n]) { // NON_COMPLIANT
+  int a[1];                   // COMPLIANT
+  int x = 1;
+  int a1[1 + x];  // NON_COMPLIANT - not integer constant expr
+  int a2[n];      // NON_COMPLIANT
+  int a3[1][n];   // NON_COMPLIANT
+  int a4[] = {1}; // COMPLIANT - not a VLA
+  int a5[TEST];   // COMPLIANT
+  int a6[1 + 1];  // COMPLIANT
+}
+
+void f1(int n, int pa[n]) { // NON_COMPLIANT
+}
diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Declarations7.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Declarations7.qll
@@ -3,9 +3,20 @@ import cpp
 import RuleMetadata
 import codingstandards.cpp.exclusions.RuleMetadata
 
-newtype Declarations7Query = TValueImplicitEnumerationConstantNotUniqueQuery()
+newtype Declarations7Query =
+  TVariableLengthArrayTypesUsedQuery() or
+  TValueImplicitEnumerationConstantNotUniqueQuery()
 
 predicate isDeclarations7QueryMetadata(Query query, string queryId, string ruleId, string category) {
+  query =
+    // `Query` instance for the `variableLengthArrayTypesUsed` query
+    Declarations7Package::variableLengthArrayTypesUsedQuery() and
+  queryId =
+    // `@id` for the `variableLengthArrayTypesUsed` query
+    "c/misra/variable-length-array-types-used" and
+  ruleId = "RULE-18-8" and
+  category = "required"
+  or
   query =
     // `Query` instance for the `valueImplicitEnumerationConstantNotUnique` query
     Declarations7Package::valueImplicitEnumerationConstantNotUniqueQuery() and
@@ -17,6 +28,13 @@ predicate isDeclarations7QueryMetadata(Query query, string queryId, string ruleI
 }
 
 module Declarations7Package {
+  Query variableLengthArrayTypesUsedQuery() {
+    //autogenerate `Query` type
+    result =
+      // `Query` type for `variableLengthArrayTypesUsed` query
+      TQueryC(TDeclarations7PackageQuery(TVariableLengthArrayTypesUsedQuery()))
+  }
+
   Query valueImplicitEnumerationConstantNotUniqueQuery() {
     //autogenerate `Query` type
     result =
diff --git a/rule_packages/c/Declarations7.json b/rule_packages/c/Declarations7.json
@@ -1,5 +1,25 @@
 {
   "MISRA-C-2012": {
+    "RULE-18-8": {
+      "properties": {
+        "obligation": "required"
+      },
+      "queries": [
+        {
+          "description": "Using a variable length array can lead to unexpected or undefined program behaviour.",
+          "kind": "problem",
+          "name": "Variable-length array types shall not be used",
+          "precision": "very-high",
+          "severity": "error",
+          "short_name": "VariableLengthArrayTypesUsed",
+          "tags": [
+            "correctness",
+            "readability"
+          ]
+        }
+      ],
+      "title": "Variable-length array types shall not be used"
+    },
     "RULE-8-12": {
       "properties": {
         "obligation": "required"
diff --git a/rules.csv b/rules.csv
@@ -726,7 +726,7 @@ c,MISRA-C-2012,RULE-18-4,Yes,Advisory,,,"The +, -, += and -= operators should no
 c,MISRA-C-2012,RULE-18-5,Yes,Advisory,,,Declarations should contain no more than two levels of pointer nesting,A5-0-3,Pointers1,Import,
 c,MISRA-C-2012,RULE-18-6,Yes,Required,,,The address of an object with automatic storage shall not be copied to another object that persists after the first object has ceased to exist,M7-5-2,Pointers1,Import,
 c,MISRA-C-2012,RULE-18-7,Yes,Required,,,Flexible array members shall not be declared,,Declarations,Medium,
-c,MISRA-C-2012,RULE-18-8,Yes,Required,,,Variable-length array types shall not be used,,Declarations,Medium,
+c,MISRA-C-2012,RULE-18-8,Yes,Required,,,Variable-length array types shall not be used,,Declarations7,Medium,
 c,MISRA-C-2012,RULE-19-1,Yes,Mandatory,,,An object shall not be assigned or copied to an overlapping object,M0-2-1,Contracts,Hard,
 c,MISRA-C-2012,RULE-19-2,Yes,Advisory,,,The union keyword should not be used,A9-5-1,Banned,Import,
 c,MISRA-C-2012,RULE-20-1,Yes,Advisory,,,#include directives should only be preceded by preprocessor directives or comments,M16-0-1,Preprocessor1,Import,

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+rules/RULE-18-8/VariableLengthArrayTypesUsed.ql`