Merge remote-tracking branch 'origin/main' into michaelrfairhurt/add-additional-cert-rules

Author: MichaelRFairhurst

amendments.csv

@@ -1,7 +1,7 @@
 language,standard,amendment,rule_id,supportable,implementation_category,implemented,difficulty
 c,MISRA-C-2012,Amendment3,DIR-4-6,Yes,Expand,Yes,Easy
 c,MISRA-C-2012,Amendment3,DIR-4-9,Yes,Refine,Yes,Easy
-c,MISRA-C-2012,Amendment3,DIR-4-11,Yes,Refine,No,Import
+c,MISRA-C-2012,Amendment3,DIR-4-11,Yes,Refine,Yes,Import
 c,MISRA-C-2012,Amendment3,RULE-1-4,Yes,Replace,Yes,Easy
 c,MISRA-C-2012,Amendment3,RULE-10-1,Yes,Replace,Yes,Easy
 c,MISRA-C-2012,Amendment3,RULE-10-3,Yes,Refine,Yes,Easy

c/common/src/codingstandards/c/TgMath.qll

@@ -0,0 +1,63 @@
+import cpp
+
+private string getATgMathMacroName(boolean allowComplex) {
+  allowComplex = true and
+  result =
+    [
+      "acos", "acosh", "asin", "asinh", "atan", "atanh", "carg", "cimag", "conj", "cos", "cosh",
+      "cproj", "creal", "exp", "fabs", "log", "pow", "sin", "sinh", "sqrt", "tan", "tanh"
+    ]
+  or
+  allowComplex = false and
+  result =
+    [
+      "atan2", "cbrt", "ceil", "copysign", "erf", "erfc", "exp2", "expm1", "fdim", "floor", "fma",
+      "fmax", "fmin", "fmod", "frexp", "hypot", "ilogb", "ldexp", "lgamma", "llrint", "llround",
+      "log10", "log1p", "log2", "logb", "lrint", "lround", "nearbyint", "nextafter", "nexttoward",
+      "remainder", "remquo", "rint", "round", "scalbn", "scalbln", "tgamma", "trunc",
+    ]
+}
+
+private predicate hasOutputArgument(string macroName, int index) {
+  macroName = "frexp" and index = 1
+  or
+  macroName = "remquo" and index = 2
+}
+
+class TgMathInvocation extends MacroInvocation {
+  Call call;
+  boolean allowComplex;
+
+  TgMathInvocation() {
+    this.getMacro().getName() = getATgMathMacroName(allowComplex) and
+    call = getBestCallInExpansion(this)
+  }
+
+  Expr getOperandArgument(int i) {
+    result = call.getArgument(i) and
+    not hasOutputArgument(call.getTarget().getName(), i)
+  }
+
+  int getNumberOfOperandArguments() {
+    result = call.getNumberOfArguments() - count(int i | hasOutputArgument(getMacroName(), i))
+  }
+
+  Expr getAnOperandArgument() { result = getOperandArgument(_) }
+
+  predicate allowsComplex() { allowComplex = true }
+}
+
+private Call getACallInExpansion(MacroInvocation mi) { result = mi.getAnExpandedElement() }
+
+private Call getNameMatchedCallInExpansion(MacroInvocation mi) {
+  result = getACallInExpansion(mi) and result.getTarget().getName() = mi.getMacroName()
+}
+
+private Call getBestCallInExpansion(MacroInvocation mi) {
+  count(getACallInExpansion(mi)) = 1 and result = getACallInExpansion(mi)
+  or
+  count(getNameMatchedCallInExpansion(mi)) = 1 and result = getNameMatchedCallInExpansion(mi)
+  or
+  count(getNameMatchedCallInExpansion(mi)) > 1 and
+  result = rank[1](Call c | c = getACallInExpansion(mi) | c order by c.getTarget().getName())
+}

c/misra/src/rules/DIR-4-11/LowPrecisionPeriodicTrigonometricFunctionCall.ql

@@ -0,0 +1,43 @@
+/**
+ * @id c/misra/low-precision-periodic-trigonometric-function-call
+ * @name DIR-4-11: The validity of values passed to trigonometric functions shall be checked
+ * @description Trigonometric periodic functions have significantly less precision when called with
+ *              large floating-point values.
+ * @kind problem
+ * @precision high
+ * @problem.severity warning
+ * @tags external/misra/id/dir-4-11
+ *       correctness
+ *       external/misra/c/2012/third-edition-first-revision
+ *       external/misra/c/2012/amendment3
+ *       external/misra/obligation/required
+ */
+
+import cpp
+import codingstandards.c.misra
+import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis
+
+float getMaxAllowedAbsoluteValue(FloatingPointType t, string description) {
+  if t.getSize() <= 4
+  then (
+    // Per MISRA, assume k=1 for float types.
+    result = 3.15 and description = "pi"
+  ) else (
+    // Allow k=10 for doubles, as the standard allows for a larger range depending on the
+    // implementation, application, and precision goals.
+    result = 10 * 3.15 and description = "10 * pi"
+  )
+}
+
+from FunctionCall fc, Expr argument, float maxValue, float maxAllowedValue, string maxAllowedStr
+where
+  not isExcluded(fc, ContractsPackage::lowPrecisionPeriodicTrigonometricFunctionCallQuery()) and
+  fc.getTarget().getName() = ["sin", "cos", "tan"] and
+  argument = fc.getArgument(0) and
+  maxValue = rank[1](float bound | bound = [lowerBound(argument), upperBound(argument)].abs()) and
+  maxAllowedValue = getMaxAllowedAbsoluteValue(argument.getType(), maxAllowedStr) and
+  maxValue > maxAllowedValue
+select fc,
+  "Call to periodic trigonometric function " + fc.getTarget().getName() +
+    " with maximum argument absolute value of " + maxValue.toString() +
+    ", which exceeds the recommended " + "maximum of " + maxAllowedStr + "."

c/misra/src/rules/RULE-21-22/TgMathArgumentWithInvalidEssentialType.ql

@@ -0,0 +1,47 @@
+/**
+ * @id c/misra/tg-math-argument-with-invalid-essential-type
+ * @name RULE-21-22: All operand arguments to type-generic macros in <tgmath.h> shall have an appropriate essential type
+ * @description All operand arguments to any type-generic macros in <tgmath.h> shall have an
+ *              appropriate essential type.
+ * @kind problem
+ * @precision high
+ * @problem.severity error
+ * @tags external/misra/id/rule-21-22
+ *       correctness
+ *       external/misra/c/2012/amendment3
+ *       external/misra/obligation/mandatory
+ */
+
+import cpp
+import codingstandards.c.misra
+import codingstandards.c.TgMath
+import codingstandards.c.misra.EssentialTypes
+
+EssentialTypeCategory getAnAllowedEssentialTypeCategory(TgMathInvocation call) {
+  result = EssentiallySignedType()
+  or
+  result = EssentiallyUnsignedType()
+  or
+  result = EssentiallyFloatingType(Real())
+  or
+  call.allowsComplex() and
+  result = EssentiallyFloatingType(Complex())
+}
+
+string getAllowedTypesString(TgMathInvocation call) {
+  if call.allowsComplex()
+  then result = "essentially signed, unsigned, or floating type"
+  else result = "essentially signed, unsigned, or real floating type"
+}
+
+from TgMathInvocation call, Expr arg, int argIndex, Type type, EssentialTypeCategory category
+where
+  not isExcluded(call, EssentialTypes2Package::tgMathArgumentWithInvalidEssentialTypeQuery()) and
+  arg = call.getOperandArgument(argIndex) and
+  type = getEssentialType(arg) and
+  category = getEssentialTypeCategory(type) and
+  not category = getAnAllowedEssentialTypeCategory(call)
+select arg,
+  "Argument " + (argIndex + 1) + " provided to type-generic macro '" + call.getMacroName() +
+    "' has " + category.toString().toLowerCase() + ", which is not " + getAllowedTypesString(call) +
+    "."

c/misra/src/rules/RULE-21-23/TgMathArgumentsWithDifferingStandardType.ql

@@ -0,0 +1,75 @@
+/**
+ * @id c/misra/tg-math-arguments-with-differing-standard-type
+ * @name RULE-21-23: Operand arguments for an invocation of a type-generic macro shall have the same standard type
+ * @description All operand arguments to any multi-argument type-generic macros in <tgmath.h> shall
+ *              have the same standard type.
+ * @kind problem
+ * @precision high
+ * @problem.severity error
+ * @tags external/misra/id/rule-21-23
+ *       correctness
+ *       external/misra/c/2012/amendment3
+ *       external/misra/obligation/required
+ */
+
+import cpp
+import codingstandards.c.misra
+import codingstandards.c.TgMath
+
+string argTypesString(TgMathInvocation call, int i) {
+  exists(string typeStr |
+    typeStr = getEffectiveStandardType(call.getOperandArgument(i)).toString() and
+    (
+      i = 0 and result = typeStr
+      or
+      i > 0 and result = argTypesString(call, i - 1) + ", " + typeStr
+    )
+  )
+}
+
+/**
+ * If the range of values can be represented as a signed int, it is promoted to signed int.
+ *
+ * A value may also promote to unsigned int but only if `int` cannot represent the range of
+ * values. Which basically means only an `unsigned int` promotes to `unsigned int`, so we don't
+ * need to do anything in this case.
+ *
+ * An unsigned int bitfield with fewer than 32 bits is promoted to `int`.
+ */
+predicate promotesToSignedInt(Expr e) {
+  exists(int intBits, int intBytes |
+    intBytes = any(IntType t).getSize() and
+    intBits = intBytes * 8 and
+    (
+      e.(FieldAccess).getTarget().(BitField).getNumBits() < intBits
+      or
+      e.getUnderlyingType().(IntegralType).getSize() < intBytes
+    )
+  )
+}
+
+Type getPromotedType(Expr e) {
+  if promotesToSignedInt(e) then result.(IntType).isSigned() else result = e.getUnderlyingType()
+}
+
+Type canonicalize(Type type) {
+  if type instanceof IntegralType
+  then result = type.(IntegralType).getCanonicalArithmeticType()
+  else result = type
+}
+
+Type getEffectiveStandardType(Expr e) {
+  result = canonicalize(getPromotedType(e.getExplicitlyConverted()))
+}
+
+from TgMathInvocation call, Type firstType
+where
+  not isExcluded(call, EssentialTypes2Package::tgMathArgumentsWithDifferingStandardTypeQuery()) and
+  firstType = getEffectiveStandardType(call.getAnOperandArgument()) and
+  not forall(Expr arg | arg = call.getAnOperandArgument() |
+    firstType = getEffectiveStandardType(arg)
+  )
+select call,
+  "Call to type-generic macro '" + call.getMacroName() +
+    "' has arguments with differing standard types (" +
+    argTypesString(call, call.getNumberOfOperandArguments() - 1) + ")."

c/misra/test/rules/DIR-4-11/LowPrecisionPeriodicTrigonometricFunctionCall.expected

@@ -0,0 +1,18 @@
+| test.c:32:5:32:7 | call to sin | Call to periodic trigonometric function sin with maximum argument absolute value of 31.4, which exceeds the recommended maximum of pi. |
+| test.c:33:5:33:7 | call to cos | Call to periodic trigonometric function cos with maximum argument absolute value of 31.4, which exceeds the recommended maximum of pi. |
+| test.c:34:5:34:7 | call to tan | Call to periodic trigonometric function tan with maximum argument absolute value of 31.4, which exceeds the recommended maximum of pi. |
+| test.c:38:5:38:7 | call to sin | Call to periodic trigonometric function sin with maximum argument absolute value of 31.4, which exceeds the recommended maximum of pi. |
+| test.c:39:5:39:7 | call to cos | Call to periodic trigonometric function cos with maximum argument absolute value of 31.4, which exceeds the recommended maximum of pi. |
+| test.c:40:5:40:7 | call to tan | Call to periodic trigonometric function tan with maximum argument absolute value of 31.4, which exceeds the recommended maximum of pi. |
+| test.c:49:5:49:7 | call to sin | Call to periodic trigonometric function sin with maximum argument absolute value of 314, which exceeds the recommended maximum of pi. |
+| test.c:50:5:50:7 | call to cos | Call to periodic trigonometric function cos with maximum argument absolute value of 314, which exceeds the recommended maximum of pi. |
+| test.c:51:5:51:7 | call to tan | Call to periodic trigonometric function tan with maximum argument absolute value of 314, which exceeds the recommended maximum of pi. |
+| test.c:52:5:52:7 | call to sin | Call to periodic trigonometric function sin with maximum argument absolute value of 314, which exceeds the recommended maximum of 10 * pi. |
+| test.c:53:5:53:7 | call to cos | Call to periodic trigonometric function cos with maximum argument absolute value of 314, which exceeds the recommended maximum of 10 * pi. |
+| test.c:54:5:54:7 | call to tan | Call to periodic trigonometric function tan with maximum argument absolute value of 314, which exceeds the recommended maximum of 10 * pi. |
+| test.c:55:5:55:7 | call to sin | Call to periodic trigonometric function sin with maximum argument absolute value of 314, which exceeds the recommended maximum of pi. |
+| test.c:56:5:56:7 | call to cos | Call to periodic trigonometric function cos with maximum argument absolute value of 314, which exceeds the recommended maximum of pi. |
+| test.c:57:5:57:7 | call to tan | Call to periodic trigonometric function tan with maximum argument absolute value of 314, which exceeds the recommended maximum of pi. |
+| test.c:58:5:58:7 | call to sin | Call to periodic trigonometric function sin with maximum argument absolute value of 314, which exceeds the recommended maximum of 10 * pi. |
+| test.c:59:5:59:7 | call to cos | Call to periodic trigonometric function cos with maximum argument absolute value of 314, which exceeds the recommended maximum of 10 * pi. |
+| test.c:60:5:60:7 | call to tan | Call to periodic trigonometric function tan with maximum argument absolute value of 314, which exceeds the recommended maximum of 10 * pi. |

c/misra/test/rules/DIR-4-11/LowPrecisionPeriodicTrigonometricFunctionCall.qlref

@@ -0,0 +1 @@
+rules/DIR-4-11/LowPrecisionPeriodicTrigonometricFunctionCall.ql

c/misra/test/rules/DIR-4-11/test.c

@@ -0,0 +1,62 @@
+#include <math.h>
+void f(int x) {
+  float f1 = 0.0f;
+  double d1 = 0.0f;
+  sin(f1); // COMPLIANT
+  cos(f1); // COMPLIANT
+  tan(f1); // COMPLIANT
+  sin(d1); // COMPLIANT
+  cos(d1); // COMPLIANT
+  tan(d1); // COMPLIANT
+
+  if (x < 10) {
+    f1 += 3.14;
+    d1 += 3.14;
+    sin(f1);  // COMPLIANT
+    cos(f1);  // COMPLIANT
+    tan(f1);  // COMPLIANT
+    sin(d1);  // COMPLIANT
+    cos(d1);  // COMPLIANT
+    tan(d1);  // COMPLIANT
+    sin(-f1); // COMPLIANT
+    cos(-f1); // COMPLIANT
+    tan(-f1); // COMPLIANT
+    sin(-d1); // COMPLIANT
+    cos(-d1); // COMPLIANT
+    tan(-d1); // COMPLIANT
+  }
+
+  if (x < 20) {
+    f1 = 3.14 * 10;
+    d1 = 3.14 * 10;
+    sin(f1);  // NON-COMPLIANT
+    cos(f1);  // NON-COMPLIANT
+    tan(f1);  // NON-COMPLIANT
+    sin(d1);  // COMPLIANT
+    cos(d1);  // COMPLIANT
+    tan(d1);  // COMPLIANT
+    sin(-f1); // NON-COMPLIANT
+    cos(-f1); // NON-COMPLIANT
+    tan(-f1); // NON-COMPLIANT
+    sin(-d1); // COMPLIANT
+    cos(-d1); // COMPLIANT
+    tan(-d1); // COMPLIANT
+  }
+
+  if (x < 30) {
+    f1 = 3.14 * 100;
+    d1 = 3.14 * 100;
+    sin(f1);  // NON-COMPLIANT
+    cos(f1);  // NON-COMPLIANT
+    tan(f1);  // NON-COMPLIANT
+    sin(d1);  // NON-COMPLIANT
+    cos(d1);  // NON-COMPLIANT
+    tan(d1);  // NON-COMPLIANT
+    sin(-f1); // NON-COMPLIANT
+    cos(-f1); // NON-COMPLIANT
+    tan(-f1); // NON-COMPLIANT
+    sin(-d1); // NON-COMPLIANT
+    cos(-d1); // NON-COMPLIANT
+    tan(-d1); // NON-COMPLIANT
+  }
+}