First round of feedback

Author: MichaelRFairhurst

change_notes/2025-1-04-misra-c-technical-corrigenda-2.md

@@ -1,6 +1,6 @@
  - `RULE-8-3` - `DeclarationsOfAFunctionSameNameAndType.ql`:
    - Implement new exception, unnamed parameters are not covered by this rule.
- - `RULE-10-2` - `AdditionSubtractionOnEssentiallCharType.ql`:
+ - `RULE-10-2` - `AdditionSubtractionOnEssentiallyCharType.ql`:
    - Disallow `+` and `-` operations with an essentially char type and other types larger than int type.
    - Note, this change affects the essential type of such expressions, which may affect other essential types rules.
  - `RULE-18-1`, `M5-0-16` - `PointerAndDerivedPointerMustAddressSameArray.ql`, `PointerAndDerivedPointerAccessDifferentArray.ql`:

cpp/common/src/codingstandards/cpp/rules/donotusepointerarithmetictoaddressdifferentarrays/DoNotUsePointerArithmeticToAddressDifferentArrays.qll

@@ -104,14 +104,28 @@ class CastedToBytePointer extends ArrayLikeAccess, Conversion {
   }
 }
 
+  predicate pointerRecastBarrier(DataFlow::Node barrier) {
+    // Casting to a differently sized pointer
+    exists(CStyleCast cast, Expr casted |
+      cast.getExpr() = casted and casted = barrier.asConvertedExpr()
+    |
+      not casted.getType().(PointerType).getBaseType().getSize() =
+        cast.getType().(PointerType).getBaseType().getSize()
+    )
+  }
+
 /**
  * A data-flow configuration that tracks access to an array to type to an array index expression.
  * This is used to determine possible pointer to array creations.
  */
 module ByteArrayToArrayExprConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { exists(CastedToBytePointer a | a.getNode() = source) }
 
-  // TODO: casting to different size pointed-to-type invalidates
+  predicate isBarrier(DataFlow::Node barrier) {
+    // Casting to a differently sized pointer invalidates this analysis.
+    pointerRecastBarrier(barrier)
+  }
+
   predicate isSink(DataFlow::Node sink) { exists(ArrayExpr c | c.getArrayBase() = sink.asExpr()) }
 }
 
@@ -126,12 +140,7 @@ module ArrayToArrayExprConfig implements DataFlow::ConfigSig {
 
   predicate isBarrier(DataFlow::Node barrier) {
     // Casting to a differently sized pointer invalidates this analysis.
-    exists(CStyleCast cast, Expr casted |
-      cast.getExpr() = casted and casted = barrier.asConvertedExpr()
-    |
-      not casted.getType().(PointerType).getBaseType().getSize() =
-        cast.getType().(PointerType).getBaseType().getSize()
-    )
+    pointerRecastBarrier(barrier)
   }
 
   predicate isSink(DataFlow::Node sink) { exists(ArrayExpr c | c.getArrayBase() = sink.asExpr()) }

cpp/common/test/rules/donotusepointerarithmetictoaddressdifferentarrays/test.cpp

@@ -40,8 +40,14 @@ void f1() {
   void *p22 = &p21[0];   // COMPLIANT
   void *p23 = &p21[100]; // NON_COMPLIANT[FALSE_NEGATIVE]
 
+  // Casting a byte pointer to a differently sized type that isn't char
+  // invalidates analysis
+  long *p24 = (long *)p15;
+  void *p25 = &p24[0];   // COMPLIANT
+  void *p26 = &p24[100]; // NON_COMPLIANT[FALSE_NEGATIVE]
+
   // Void pointers have size zero and can't be analyzed.
-  void *p24 = 0;
-  unsigned char *p25 = (unsigned char *)p24;
-  void *p26 = &p25[100]; // COMPLIANT
+  void *p27 = 0;
+  unsigned char *p28 = (unsigned char *)p27;
+  void *p29 = &p28[100]; // COMPLIANT
 }

rule_packages/c/Statements5.json

@@ -20,6 +20,9 @@
           ]
         }
       ],
+      "implementation_scope": {
+        "description": "Not all invariant logical expressions which contain dynamic values are detected to be invariant, for instance, `x < 3 && x > 5` where x does not have a statically known value."
+      },
       "title": "Controlling expressions shall not be invariant"
     },
     "RULE-15-5": {