save work

Author: MichaelRFairhurst

c/misra/src/rules/RULE-7-5/InvalidIntegerConstantMacroArgument.ql

@@ -0,0 +1,86 @@
+/**
+ * @id c/misra/invalid-integer-constant-macro-argument
+ * @name RULE-7-5: The argument of an integer constant macro shall have an appropriate form
+ * @description Integer constant macros should be given appropriate values for the size of the
+ *              integer type.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity error
+ * @tags external/misra/id/rule-7-5
+ *       correctness
+ *       external/misra/obligation/required
+ */
+
+import cpp
+import codingstandards.c.misra
+import codingstandards.cpp.IntegerConstantMacro
+import codingstandards.cpp.Cpp14Literal
+import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis
+
+abstract class PossiblyNegativeLiteral extends Expr {
+  abstract Cpp14Literal::IntegerLiteral getBaseLiteral();
+
+  predicate isNegative() {
+    this instanceof NegativeLiteral
+  }
+}
+
+class NegativeLiteral extends PossiblyNegativeLiteral, UnaryMinusExpr {
+  Cpp14Literal::IntegerLiteral literal;
+
+  NegativeLiteral() {
+    literal = getOperand()
+  }
+
+  override Cpp14Literal::IntegerLiteral getBaseLiteral() {
+    result = literal
+  }
+}
+
+class PositiveLiteral extends PossiblyNegativeLiteral, Cpp14Literal::IntegerLiteral {
+  PositiveLiteral() {
+    not exists(UnaryMinusExpr l | l.getOperand() = this)
+  }
+
+  override Cpp14Literal::IntegerLiteral getBaseLiteral() {
+    result = this
+  }
+}
+
+predicate validExpr(Expr expr) {
+  expr instanceof PossiblyNegativeLiteral
+}
+
+predicate usesSuffix(MacroInvocation invoke) {
+  invoke.getUnexpandedArgument(0).regexpMatch(".*[uUlL]")
+}
+
+predicate matchedSign(IntegerConstantMacro macro, PossiblyNegativeLiteral literal) {
+  literal.isNegative() implies macro.isSigned()
+}
+
+predicate validLiteralType(PossiblyNegativeLiteral expr) {
+  expr.getBaseLiteral() instanceof Cpp14Literal::DecimalLiteral or
+  expr.getBaseLiteral() instanceof Cpp14Literal::OctalLiteral or
+  expr.getBaseLiteral() instanceof Cpp14Literal::HexLiteral
+}
+
+predicate matchesSize(IntegerConstantMacro macro, PossiblyNegativeLiteral literal) {
+  // Note: upperBound should equal lowerBound.
+  upperBound(literal) <= macro.maxValue() and
+  lowerBound(literal) >= macro.minValue() and exists("123".toBigInt())
+}
+
+from MacroInvocation invoke, IntegerConstantMacro macro, string explanation
+where
+  not isExcluded(invoke, Types2Package::invalidIntegerConstantMacroArgumentQuery()) and
+  invoke.getMacro() = macro and
+  (
+    (not validExpr(invoke.getExpr()) and explanation = "invalid expression") or
+    (validLiteralType(invoke.getExpr()) and explanation = "invalid literal type" + invoke.getExpr().getAQlClass()) or
+    (usesSuffix(invoke) and explanation = "literal suffixes not allowed") or
+    (not matchedSign(macro, invoke.getExpr()) and explanation = "signed/unsigned mismatch") or
+    (not matchesSize(macro, invoke.getExpr()) and explanation  = "invalid size")
+  )
+  
+select invoke.getExpr(), "Invalid integer constant macro: " + explanation

c/misra/src/rules/RULE-7-6/UseOfBannedSmallIntegerConstantMacro.ql

@@ -0,0 +1,25 @@
+/**
+ * @id c/misra/use-of-banned-small-integer-constant-macro
+ * @name RULE-7-6: The small integer variants of the minimum-width integer constant macros shall not be used
+ * @description Small integer constant macros expression are promoted to type int, which can lead to
+ *              unexpected results.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity warning
+ * @tags external/misra/id/rule-7-6
+ *       readability
+ *       external/misra/obligation/required
+ */
+
+import cpp
+import codingstandards.c.misra
+import codingstandards.cpp.IntegerConstantMacro
+
+
+from MacroInvocation macroInvoke, IntegerConstantMacro macro
+where
+  not isExcluded(macroInvoke, Types2Package::useOfBannedSmallIntegerConstantMacroQuery()) and
+  macroInvoke.getMacro() = macro
+  and macro.isSmall()
+select
+  macroInvoke, "Usage of small integer constant macro " + macro.getName() + " is not allowed."

c/misra/test/rules/RULE-7-5/InvalidIntegerConstantMacroArgument.expected

@@ -0,0 +1,55 @@
+| test.c:12:13:12:15 | 1.0 | Invalid integer constant macro: invalid literal type |
+| test.c:13:13:12:15 | 0b111 | Invalid integer constant macro: invalid literal type |
+| test.c:16:13:16:14 | 1 | Invalid integer constant macro: literal suffixes not allowed |
+| test.c:17:13:17:14 | 2 | Invalid integer constant macro: literal suffixes not allowed |
+| test.c:18:13:18:14 | 3 | Invalid integer constant macro: literal suffixes not allowed |
+| test.c:19:13:19:14 | 4 | Invalid integer constant macro: literal suffixes not allowed |
+| test.c:20:13:20:15 | 5 | Invalid integer constant macro: literal suffixes not allowed |
+| test.c:26:13:26:15 | 256 | Invalid integer constant macro: invalid size |
+| test.c:27:13:27:16 | 256 | Invalid integer constant macro: invalid size |
+| test.c:28:13:28:17 | 256 | Invalid integer constant macro: invalid size |
+| test.c:31:13:31:14 | - ... | Invalid integer constant macro: signed/unsigned mismatch |
+| test.c:32:13:32:15 | - ... | Invalid integer constant macro: signed/unsigned mismatch |
+| test.c:33:13:33:15 | - ... | Invalid integer constant macro: signed/unsigned mismatch |
+| test.c:34:13:34:17 | - ... | Invalid integer constant macro: signed/unsigned mismatch |
+| test.c:37:13:37:17 | ... + ... | Invalid integer constant macro: invalid expression |
+| test.c:38:13:38:18 | access to array | Invalid integer constant macro: invalid expression |
+| test.c:39:13:39:18 | access to array | Invalid integer constant macro: invalid expression |
+| test.c:40:13:39:18 | UINT8_MAX | Invalid integer constant macro: invalid expression |
+| test.c:54:12:54:15 | 191 | Invalid integer constant macro: invalid size |
+| test.c:55:12:55:14 | 255 | Invalid integer constant macro: invalid size |
+| test.c:56:12:56:15 | 192 | Invalid integer constant macro: invalid size |
+| test.c:57:12:57:15 | 128 | Invalid integer constant macro: invalid size |
+| test.c:61:12:57:15 | -129 | Invalid integer constant macro: invalid size |
+| test.c:62:12:57:15 | -129 | Invalid integer constant macro: invalid size |
+| test.c:63:12:57:15 | -201 | Invalid integer constant macro: invalid size |
+| test.c:64:12:57:15 | -0x81 | Invalid integer constant macro: invalid size |
+| test.c:76:14:76:18 | 65536 | Invalid integer constant macro: invalid size |
+| test.c:78:14:78:20 | 65536 | Invalid integer constant macro: invalid size |
+| test.c:91:13:91:17 | 32768 | Invalid integer constant macro: invalid size |
+| test.c:93:13:93:18 | 32768 | Invalid integer constant macro: invalid size |
+| test.c:97:13:93:18 | -32769 | Invalid integer constant macro: invalid size |
+| test.c:98:13:93:18 | -040001 | Invalid integer constant macro: invalid size |
+| test.c:99:13:93:18 | -0x8001 | Invalid integer constant macro: invalid size |
+| test.c:109:14:109:24 | 4294967296 | Invalid integer constant macro: invalid size |
+| test.c:110:14:110:25 | 4294967296 | Invalid integer constant macro: invalid size |
+| test.c:120:13:120:22 | 2147483648 | Invalid integer constant macro: invalid size |
+| test.c:121:13:121:23 | 34359738368 | Invalid integer constant macro: invalid size |
+| test.c:130:14:130:15 | 0 | Invalid integer constant macro: invalid size |
+| test.c:133:14:133:34 | 18446744073709551615 | Invalid integer constant macro: invalid size |
+| test.c:134:14:134:32 | 18446744073709551615 | Invalid integer constant macro: invalid size |
+| test.c:140:13:140:14 | 0 | Invalid integer constant macro: invalid size |
+| test.c:143:13:143:32 | 9223372036854775807 | Invalid integer constant macro: invalid size |
+| test.c:147:13:147:33 | - ... | Invalid integer constant macro: invalid size |
+| test.c:148:13:148:37 | ... - ... | Invalid integer constant macro: invalid expression |
+| test.c:148:13:148:37 | ... - ... | Invalid integer constant macro: invalid literal type |
+| test.c:148:13:148:37 | ... - ... | Invalid integer constant macro: invalid size |
+| test.c:148:13:148:37 | ... - ... | Invalid integer constant macro: signed/unsigned mismatch |
+| test.c:150:13:150:37 | ... - ... | Invalid integer constant macro: invalid expression |
+| test.c:150:13:150:37 | ... - ... | Invalid integer constant macro: invalid literal type |
+| test.c:150:13:150:37 | ... - ... | Invalid integer constant macro: invalid size |
+| test.c:150:13:150:37 | ... - ... | Invalid integer constant macro: signed/unsigned mismatch |
+| test.c:152:13:152:31 | 9223372036854775807 | Invalid integer constant macro: invalid size |
+| test.c:153:13:153:31 | 9223372036854775808 | Invalid integer constant macro: invalid size |
+| test.c:154:13:154:31 | - ... | Invalid integer constant macro: invalid size |
+| test.c:155:13:155:30 | - ... | Invalid integer constant macro: invalid size |

c/misra/test/rules/RULE-7-5/InvalidIntegerConstantMacroArgument.qlref

@@ -0,0 +1 @@
+rules/RULE-7-5/InvalidIntegerConstantMacroArgument.ql

c/misra/test/rules/RULE-7-5/test.c

@@ -0,0 +1,156 @@
+#include "stdint.h"
+
+uint_least8_t g1[] = {
+    // Basic valid
+    UINT8_C(0), // COMPLIANT
+    UINT8_C(1), // COMPLIANT
+    UINT8_C(8), // COMPLIANT
+    UINT8_C(0x23), // COMPLIANT
+    UINT8_C(034), // COMPLIANT
+
+    // Incorrect literal types
+    UINT8_C(1.0), // NON-COMPLIANT
+    UINT8_C(0b111), // NON-COMPLIANT
+
+    // Suffixes disallowed
+    UINT8_C(1u), // NON-COMPLIANT
+    UINT8_C(2U), // NON-COMPLIANT
+    UINT8_C(3l), // NON-COMPLIANT
+    UINT8_C(4L), // NON-COMPLIANT
+    UINT8_C(5ul), // NON-COMPLIANT
+
+    // Range tests
+    UINT8_C(255), // COMPLIANT
+    UINT8_C(0xFF), // COMPLIANT
+    UINT8_C(0377), // COMPLIANT
+    UINT8_C(256), // NON-COMPLIANT
+    UINT8_C(0400), // NON-COMPLIANT
+    UINT8_C(0x100), // NON-COMPLIANT
+
+    // Signage tests
+    UINT8_C(-1), // NON-COMPLIANT
+    UINT8_C(-20), // NON-COMPLIANT
+    UINT8_C(-33), // NON-COMPLIANT
+    UINT8_C(-0x44), // NON-COMPLIANT
+
+    // Invalid nonliteral expressions
+    UINT8_C(0 + 0), // NON-COMPLIANT
+    UINT8_C("a"[0]), // NON-COMPLIANT
+    UINT8_C(0["a"]), // NON-COMPLIANT
+    UINT8_C(UINT8_MAX), // NON-COMPLIANT
+};
+
+int_least8_t g2[] = {
+    // Basic valid
+    INT8_C(0), // COMPLIANT
+    INT8_C(1), // COMPLIANT
+    INT8_C(8), // COMPLIANT
+    INT8_C(0x23), // COMPLIANT
+    INT8_C(034), // COMPLIANT
+
+    // Range tests
+    INT8_C(127), // COMPLIANT
+    INT8_C(0x79), // COMPLIANT
+    INT8_C(0177), // COMPLIANT
+    INT8_C(128), // NON-COMPLIANT
+    INT8_C(0200), // NON-COMPLIANT
+    INT8_C(0x80), // NON-COMPLIANT
+    INT8_C(-128), // COMPLIANT
+    INT8_C(-0x80), // COMPLIANT
+    INT8_C(-0200), // COMPLIANT
+    INT8_C(-129), // NON-COMPLIANT
+    INT8_C(-0201), // NON-COMPLIANT
+    INT8_C(-0x81), // NON-COMPLIANT
+};
+
+uint_least16_t g3[] = {
+    // Basic valid
+    UINT16_C(0), // COMPLIANT
+    UINT16_C(0x23), // COMPLIANT
+    UINT16_C(034), // COMPLIANT
+
+    // Range tests
+    UINT16_C(65535), // COMPLIANT
+    UINT16_C(0xFFFF), // COMPLIANT
+    UINT16_C(0177777), // COMPLIANT
+    UINT16_C(65536), // NON-COMPLIANT
+    UINT16_C(0200000), // NON-COMPLIANT
+    UINT16_C(0x10000), // NON-COMPLIANT
+};
+
+int_least16_t g4[] = {
+    // Basic valid
+    INT16_C(0), // COMPLIANT
+    INT16_C(0x23), // COMPLIANT
+    INT16_C(034), // COMPLIANT
+
+    // Range tests
+    INT16_C(32767), // COMPLIANT
+    INT16_C(0x7FFF), // COMPLIANT
+    INT16_C(077777), // COMPLIANT
+    INT16_C(32768), // NON-COMPLIANT
+    INT16_C(0100000), // NON-COMPLIANT
+    INT16_C(0x8000), // NON-COMPLIANT
+    INT16_C(-32768), // COMPLIANT
+    INT16_C(-040000), // COMPLIANT
+    INT16_C(-0x8000), // COMPLIANT
+    INT16_C(-32769), // NON-COMPLIANT
+    INT16_C(-040001), // NON-COMPLIANT
+    INT16_C(-0x8001), // NON-COMPLIANT
+};
+
+uint_least32_t g5[] = {
+    // Basic valid
+    UINT32_C(0), // COMPLIANT
+
+    // Range tests
+    UINT32_C(4294967295), // COMPLIANT
+    UINT32_C(0xFFFFFFFF), // COMPLIANT
+    UINT32_C(4294967296), // NON-COMPLIANT
+    UINT32_C(0x100000000), // NON-COMPLIANT
+};
+
+int_least32_t g6[] = {
+    // Basic valid
+    INT32_C(0), // COMPLIANT
+
+    // Range tests
+    INT32_C(2147483647), // COMPLIANT
+    INT32_C(0x7FFFFFFF), // COMPLIANT
+    INT32_C(2147483648), // NON-COMPLIANT
+    INT32_C(0x800000000), // NON-COMPLIANT
+    INT32_C(-2147483648), // COMPLIANT
+    INT32_C(-0x80000000), // COMPLIANT
+    INT32_C(-2147483647), // NON-COMPLIANT
+    INT32_C(-0x800000001), // NON-COMPLIANT
+};
+
+uint_least64_t g7[] = {
+    // Basic valid
+    UINT64_C(0), // COMPLIANT
+
+    // Range tests
+    UINT64_C(18446744073709551615), // COMPLIANT
+    UINT64_C(0xFFFFFFFFFFFFFFFF), // COMPLIANT
+    // Compile time error if we try to create integer literals beyond this.
+};
+
+int_least64_t g8[] = {
+    // Basic valid
+    INT64_C(0), // COMPLIANT
+
+    // Range tests
+    INT64_C(9223372036854775807), // COMPLIANT
+    // INT64_C(9223372036854775808) is a compile-time error
+
+    // -9223372036854775808 allowed, but cannot be created via unary- without compile time errors.
+    INT64_C(-9223372036854775807), // COMPLIANT
+    INT64_C(-9223372036854775807 - 1), // COMPLIANT
+    // -9223372036854775809 is not allowed, and cannot be created via unary- without compile time errors.
+    INT64_C(-9223372036854775807 - 2), // NON-COMPLIANT
+
+    INT64_C(0x7FFFFFFFFFFFFFFF), // COMPLIANT
+    INT64_C(0x8000000000000000), // NON-COMPLIANT
+    INT64_C(-0x8000000000000000), // COMPLIANT
+    INT64_C(-0x8000000000000001), // NON-COMPLIANT
+};

c/misra/test/rules/RULE-7-6/UseOfBannedSmallIntegerConstantMacro.expected

@@ -0,0 +1,4 @@
+| test.c:3:13:3:24 | INT8_C(c) | Usage of small integer constant macro INT8_C is not allowed. |
+| test.c:4:14:4:26 | UINT8_C(c) | Usage of small integer constant macro UINT8_C is not allowed. |
+| test.c:5:14:5:28 | INT16_C(c) | Usage of small integer constant macro INT16_C is not allowed. |
+| test.c:6:15:6:30 | UINT16_C(c) | Usage of small integer constant macro UINT16_C is not allowed. |

c/misra/test/rules/RULE-7-6/UseOfBannedSmallIntegerConstantMacro.qlref

@@ -0,0 +1 @@
+rules/RULE-7-6/UseOfBannedSmallIntegerConstantMacro.ql

c/misra/test/rules/RULE-7-6/test.c

@@ -0,0 +1,10 @@
+#include "stdint.h"
+
+int8_t g1 = INT8_C(0x12); // NON-COMPLIANT
+uint8_t g2 = UINT8_C(0x12); // NON-COMPLIANT
+int16_t g3 = INT16_C(0x1234); // NON-COMPLIANT
+uint16_t g4 = UINT16_C(0x1234); // NON-COMPLIANT
+int32_t g5 = INT32_C(0x1234); // COMPLIANT
+uint32_t g6 = UINT32_C(0x1234); // COMPLIANT
+int64_t g7 = INT64_C(0x1234); // COMPLIANT
+uint64_t g8 = UINT64_C(0x1234); // COMPLIANT

cpp/common/src/codingstandards/cpp/IntegerConstantMacro.qll

@@ -0,0 +1,35 @@
+import cpp
+
+class IntegerConstantMacro extends Macro {
+  boolean signed;
+  int size;
+  IntegerConstantMacro() {
+    (
+    signed = true and size = getName().regexpCapture("INT(8|16|32|64)_C", 1).toInt()
+    ) or (
+    signed = false and size = getName().regexpCapture("UINT(8|16|32|64)_C", 1).toInt()
+    )
+  }
+
+  predicate isSmall() {
+    size < 32
+  }
+
+  int getSize() {
+    result = size
+  }
+
+  predicate isSigned() {
+    signed = true
+  }
+
+  int maxValue() {
+    (signed = true and result = 2.pow(getSize() - 1) - 1) or
+    (signed = false and result = 2.pow(getSize()) - 1)
+  }
+
+  int minValue() {
+    (signed = true and result = -(2.0.pow(getSize() - 1))) or
+    (signed = false and result = 0)
+  }
+}