Preprocessor5: add Rule MSC38-C

knewbury01 · knewbury01 · commit 0ece5fedd68c · 2022-07-27T14:44:40.000-04:00
diff --git a/c/cert/src/rules/MSC38-C/DoNotTreatAPredefinedIdentifierAsObject.md b/c/cert/src/rules/MSC38-C/DoNotTreatAPredefinedIdentifierAsObject.md
@@ -0,0 +1,17 @@
+# MSC38-C: Do not treat a predefined identifier as an object if it might only be implemented as a macro
+
+This query implements the CERT-C rule MSC38-C:
+
+> Do not treat a predefined identifier as an object if it might only be implemented as a macro
+
+## CERT
+
+** REPLACE THIS BY RUNNING THE SCRIPT `scripts/help/cert-help-extraction.py` **
+
+## Implementation notes
+
+None
+
+## References
+
+* CERT-C: [MSC38-C: Do not treat a predefined identifier as an object if it might only be implemented as a macro](https://wiki.sei.cmu.edu/confluence/display/c)
diff --git a/c/cert/src/rules/MSC38-C/DoNotTreatAPredefinedIdentifierAsObject.ql b/c/cert/src/rules/MSC38-C/DoNotTreatAPredefinedIdentifierAsObject.ql
@@ -0,0 +1,47 @@
+/**
+ * @id c/cert/do-not-treat-a-predefined-identifier-as-object
+ * @name MSC38-C: Do not treat a predefined identifier as an object if it might only be implemented as a macro
+ * @description Accessing an object or function that expands to one of a few specific standard
+ *              library macros is undefined behaviour.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity warning
+ * @tags external/cert/id/msc38-c
+ *       correctness
+ *       readability
+ *       external/cert/obligation/rule
+ */
+
+import cpp
+import codingstandards.c.cert
+
+predicate hasRestrictedMacroName(string s) {
+  s = "assert"
+  or
+  s = "errno"
+  or
+  s = "math_errhandling"
+  or
+  s = "setjmp"
+  or
+  s = "va_arg"
+  or
+  s = "va_copy"
+  or
+  s = "va_end"
+  or
+  s = "va_start"
+}
+
+from Element m, string name, string condition
+where
+  not isExcluded(m, Preprocessor5Package::doNotTreatAPredefinedIdentifierAsObjectQuery()) and
+  (
+    condition = "Access" and
+    m.(Access).getTarget().hasName(name)
+    or
+    m.(Declaration).hasGlobalName(name) and
+    condition = "Redefinition"
+  ) and
+  hasRestrictedMacroName(name)
+select m, condition + " of standard library macro " + name + "."
diff --git a/c/cert/src/rules/PRE32-C/MacroOrFunctionArgsContainHashToken.ql b/c/cert/src/rules/PRE32-C/MacroOrFunctionArgsContainHashToken.ql
@@ -8,8 +8,8 @@
  * @precision high
  * @problem.severity warning
  * @tags external/cert/id/pre32-c
- *       readability
  *       correctness
+ *       readability
  *       external/cert/obligation/rule
  */
 
diff --git a/c/cert/test/rules/MSC38-C/DoNotTreatAPredefinedIdentifierAsObject.expected b/c/cert/test/rules/MSC38-C/DoNotTreatAPredefinedIdentifierAsObject.expected
@@ -0,0 +1,2 @@
+| test.c:3:12:3:16 | errno | Redefinition of standard library macro errno. |
+| test.c:10:21:10:26 | assert | Access of standard library macro assert. |
diff --git a/c/cert/test/rules/MSC38-C/DoNotTreatAPredefinedIdentifierAsObject.qlref b/c/cert/test/rules/MSC38-C/DoNotTreatAPredefinedIdentifierAsObject.qlref
@@ -0,0 +1 @@
+rules/MSC38-C/DoNotTreatAPredefinedIdentifierAsObject.ql
diff --git a/c/cert/test/rules/MSC38-C/test.c b/c/cert/test/rules/MSC38-C/test.c
@@ -0,0 +1,17 @@
+#include <assert.h>
+
+extern int errno; // NON_COMPLIANT
+
+typedef void (*handler_type)(int);
+
+void execute_handler(handler_type handler, int value) { handler(value); }
+
+void f(int e) {
+  execute_handler(&(assert), e < 0); // NON_COMPLIANT
+}
+
+static void assert_handler(int value) { assert(value); }
+
+void f2(int e) {
+  execute_handler(&assert_handler, e < 0); // COMPLIANT
+}
diff --git a/c/common/test/includes/standard-library/assert.h b/c/common/test/includes/standard-library/assert.h
@@ -1,6 +1,7 @@
 #include <features.h>
 
 #undef assert
+void assert(int i);
 
 #ifdef NDEBUG
 #define	assert(x) (void)0
diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor5.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor5.qll
@@ -4,10 +4,19 @@ import RuleMetadata
 import codingstandards.cpp.exclusions.RuleMetadata
 
 newtype Preprocessor5Query =
+  TDoNotTreatAPredefinedIdentifierAsObjectQuery() or
   TMacroOrFunctionArgsContainHashTokenQuery() or
   TMacroParameterNotEnclosedInParenthesesCQueryQuery()
 
 predicate isPreprocessor5QueryMetadata(Query query, string queryId, string ruleId) {
+  query =
+    // `Query` instance for the `doNotTreatAPredefinedIdentifierAsObject` query
+    Preprocessor5Package::doNotTreatAPredefinedIdentifierAsObjectQuery() and
+  queryId =
+    // `@id` for the `doNotTreatAPredefinedIdentifierAsObject` query
+    "c/cert/do-not-treat-a-predefined-identifier-as-object" and
+  ruleId = "MSC38-C"
+  or
   query =
     // `Query` instance for the `macroOrFunctionArgsContainHashToken` query
     Preprocessor5Package::macroOrFunctionArgsContainHashTokenQuery() and
@@ -26,6 +35,13 @@ predicate isPreprocessor5QueryMetadata(Query query, string queryId, string ruleI
 }
 
 module Preprocessor5Package {
+  Query doNotTreatAPredefinedIdentifierAsObjectQuery() {
+    //autogenerate `Query` type
+    result =
+      // `Query` type for `doNotTreatAPredefinedIdentifierAsObject` query
+      TQueryC(TPreprocessor5PackageQuery(TDoNotTreatAPredefinedIdentifierAsObjectQuery()))
+  }
+
   Query macroOrFunctionArgsContainHashTokenQuery() {
     //autogenerate `Query` type
     result =
diff --git a/rule_packages/c/Preprocessor5.json b/rule_packages/c/Preprocessor5.json
@@ -1,5 +1,25 @@
 {
   "CERT-C": {
+    "MSC38-C": {
+      "properties": {
+        "obligation": "rule"
+      },
+      "queries": [
+        {
+          "description": "Accessing an object or function that expands to one of a few specific standard library macros is undefined behaviour.",
+          "kind": "problem",
+          "name": "Do not treat a predefined identifier as an object if it might only be implemented as a macro",
+          "precision": "very-high",
+          "severity": "warning",
+          "short_name": "DoNotTreatAPredefinedIdentifierAsObject",
+          "tags": [
+            "correctness",
+            "readability"
+          ]
+        }
+      ],
+      "title": "Do not treat a predefined identifier as an object if it might only be implemented as a macro"
+    },
     "PRE32-C": {
       "properties": {
         "obligation": "rule"
@@ -13,8 +33,8 @@
           "severity": "warning",
           "short_name": "MacroOrFunctionArgsContainHashToken",
           "tags": [
-            "readability",
-            "correctness"
+            "correctness",
+            "readability"
           ]
         }
       ],
diff --git a/rules.csv b/rules.csv
@@ -565,7 +565,7 @@ c,CERT-C,MSC30-C,Yes,Rule,,,Do not use the rand() function for generating pseudo
 c,CERT-C,MSC32-C,Yes,Rule,,,Properly seed pseudorandom number generators,MSC51-CPP,Misc,Easy,
 c,CERT-C,MSC33-C,Yes,Rule,,,Do not pass invalid data to the asctime() function,,Contracts,Easy,
 c,CERT-C,MSC37-C,Yes,Rule,,,Ensure that control never reaches the end of a non-void function,,Misc,Easy,
-c,CERT-C,MSC38-C,Yes,Rule,,,Do not treat a predefined identifier as an object if it might only be implemented as a macro,M17-0-2,Preprocessor,Medium,
+c,CERT-C,MSC38-C,Yes,Rule,,,Do not treat a predefined identifier as an object if it might only be implemented as a macro,M17-0-2,Preprocessor5,Medium,
 c,CERT-C,MSC39-C,Yes,Rule,,,Do not call va_arg() on a va_list that has an indeterminate value,,Contracts,Hard,
 c,CERT-C,MSC40-C,Yes,Rule,,,Do not violate constraints,,Contracts,Very Hard,
 c,CERT-C,MSC41-C,OutOfScope,Rule,,,Never hard code sensitive information,,,,

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+\| test.c:3:12:3:16 \| errno \| Redefinition of standard library macro errno. \|`
	`2`	`+\| test.c:10:21:10:26 \| assert \| Access of standard library macro assert. \|`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+rules/MSC38-C/DoNotTreatAPredefinedIdentifierAsObject.ql`