A18-1-4: Address compiler compatibility issue

lcartey · lcartey · commit f6a9d3012939 · 2023-08-14T00:23:37.000+01:00
libc++ defines release inline in the header, which causes extraneous paths to
be reported by CodeQL. Adjust to summarize and exclude.
diff --git a/cpp/autosar/src/rules/A18-1-4/PointerToAnElementOfAnArrayPassedToASmartPointer.ql b/cpp/autosar/src/rules/A18-1-4/PointerToAnElementOfAnArrayPassedToASmartPointer.ql
@@ -50,6 +50,24 @@ class SingleObjectSmartPointerArrayConstructionConfig extends TaintTracking::Con
       )
     )
   }
+
+  override predicate isAdditionalTaintStep(DataFlow::Node source, DataFlow::Node sink) {
+    exists(AutosarUniquePointer sp, FunctionCall fc |
+      fc = sp.getAReleaseCall() and
+      source.asExpr() = fc.getQualifier() and
+      sink.asExpr() = fc
+    )
+  }
+
+  override predicate isSanitizerIn(DataFlow::Node node) {
+    // Exclude flow into header files outside the source archive which are summarized by the
+    // additional taint steps above.
+    exists(AutosarUniquePointer sp |
+      sp.getAReleaseCall().getTarget() = node.asExpr().(ThisExpr).getEnclosingFunction()
+    |
+      not exists(node.getLocation().getFile().getRelativePath())
+    )
+  }
 }
 
 from
diff --git a/cpp/common/src/codingstandards/cpp/SmartPointers.qll b/cpp/common/src/codingstandards/cpp/SmartPointers.qll
@@ -70,6 +70,11 @@ abstract class AutosarSmartPointer extends Class {
 
 class AutosarUniquePointer extends AutosarSmartPointer {
   AutosarUniquePointer() { this.hasQualifiedName("std", "unique_ptr") }
+
+  FunctionCall getAReleaseCall() {
+    result.getTarget().hasName("release") and
+    result.getQualifier().getType().stripType() = this
+  }
 }
 
 class AutosarSharedPointer extends AutosarSmartPointer {
diff --git a/cpp/common/test/includes/standard-library/memory.h b/cpp/common/test/includes/standard-library/memory.h
@@ -57,13 +57,20 @@ template <class T, class D> class unique_ptr<T[], D> {
   pointer get() const noexcept;
   explicit operator bool() const noexcept;
 
-  pointer release() noexcept;
+  pointer release() noexcept {
+    pointer __p = get();
+    _M_p = pointer();
+    return __p;
+  }
   void reset(pointer p = pointer()) noexcept;
   void reset(nullptr_t) noexcept;
   template <class U> void reset(U) = delete;
   void swap(unique_ptr &u) noexcept;
   unique_ptr(const unique_ptr &) = delete;
   unique_ptr &operator=(const unique_ptr &) = delete;
+
+private:
+  pointer _M_p;
 };
 
 template <class T, class... Args> unique_ptr<T> make_unique(Args &&...args);

Original file line number	Diff line number	Diff line change
`@@ -50,6 +50,24 @@ class SingleObjectSmartPointerArrayConstructionConfig extends TaintTracking::Con`
`50`	`50`	`)`
`51`	`51`	`)`
`52`	`52`	`}`
	`53`	`+`
	`54`	`+ override predicate isAdditionalTaintStep(DataFlow::Node source, DataFlow::Node sink) {`
	`55`	`+ exists(AutosarUniquePointer sp, FunctionCall fc \|`
	`56`	`+ fc = sp.getAReleaseCall() and`
	`57`	`+ source.asExpr() = fc.getQualifier() and`
	`58`	`+ sink.asExpr() = fc`
	`59`	`+ )`
	`60`	`+ }`
	`61`	`+`
	`62`	`+ override predicate isSanitizerIn(DataFlow::Node node) {`
	`63`	`+ // Exclude flow into header files outside the source archive which are summarized by the`
	`64`	`+ // additional taint steps above.`
	`65`	`+ exists(AutosarUniquePointer sp \|`
	`66`	`+ sp.getAReleaseCall().getTarget() = node.asExpr().(ThisExpr).getEnclosingFunction()`
	`67`	`+ \|`
	`68`	`+ not exists(node.getLocation().getFile().getRelativePath())`
	`69`	`+ )`
	`70`	`+ }`
`53`	`71`	`}`
`54`	`72`
`55`	`73`	`from`