Implement Rule 4-6-1, memory operations should be properly sequenced.

Split configs for C++14 and C++17 sequencing. Fix bug in reciprocity.

Author: MichaelRFairhurst

cpp/autosar/src/rules/A5-0-1/ExpressionShouldNotRelyOnOrderOfEvaluation.ql

@@ -15,19 +15,21 @@
 
 import cpp
 import codingstandards.cpp.autosar
-import codingstandards.cpp.SideEffect
-import codingstandards.cpp.sideeffect.DefaultEffects
+import codingstandards.cpp.rules.expressionwithunsequencedsideeffects.ExpressionWithUnsequencedSideEffects
 import codingstandards.cpp.Ordering
 import codingstandards.cpp.orderofevaluation.VariableAccessOrdering
-import Ordering::Make<VariableAccessInFullExpressionOrdering> as FullExprOrdering
+import Ordering::Make<Cpp14VariableAccessInFullExpressionOrdering> as FullExprOrdering
 
-from FullExpr e, VariableEffect ve, VariableAccess va1, VariableAccess va2, Variable v
-where
-  not isExcluded(e, OrderOfEvaluationPackage::expressionShouldNotRelyOnOrderOfEvaluationQuery()) and
-  e = va1.(ConstituentExpr).getFullExpr() and
-  va1 = ve.getAnAccess() and
-  FullExprOrdering::isUnsequenced(va1, va2) and
-  v = va1.getTarget()
-select e,
-  "The evaluation is depended on the order of evaluation of $@, that is modified by $@ and $@, that both access $@.",
-  va1, "sub-expression", ve, "expression", va2, "sub-expression", v, v.getName()
+module ExpressionShouldNotRelyOnOrderOfEvaluationConfig implements
+  ExpressionWithUnsequencedSideEffectsConfigSig
+{
+  Query getQuery() {
+    result = OrderOfEvaluationPackage::expressionShouldNotRelyOnOrderOfEvaluationQuery()
+  }
+
+  predicate isUnsequenced(VariableAccess va1, VariableAccess va2) {
+    FullExprOrdering::isUnsequenced(va1, va2)
+  }
+}
+
+import ExpressionWithUnsequencedSideEffects<ExpressionShouldNotRelyOnOrderOfEvaluationConfig>

cpp/common/src/codingstandards/cpp/Ordering.qll

@@ -132,6 +132,15 @@ module Ordering {
   predicate cpp17Edge(ExprEvaluationNode n1, ExprEvaluationNode n2) {
     cpp14Edge(n1, n2)
     or
+    // [expr.call] The "postfix expression" (the part before the `(...)`) is sequenced before each
+    // expression in the expression list.
+    exists(Call call, Expr qual, Expr arg |
+      call.getQualifier() = qual and
+      call.getAnArgument() = arg
+      |
+      qual = n1.toExpr().getParent*() and arg = n2.toExpr().getParent*()
+    )
+    or
     // [expr.sub] - (in) the expression E1[E2] ... E1 is sequenced before E2
     exists(ArrayExpr ce, ConstituentExpr lhs, ConstituentExpr rhs |
       lhs = ce.getArrayBase() and
@@ -140,10 +149,39 @@ module Ordering {
       lhs = n1.toExpr().getParent*() and rhs = n2.toExpr().getParent*()
     )
     or
-    // [expr.sub] - (in) the expression E1[E2] ... E1 is sequenced before E2
-    exists(NewExpr newExpr, ConstituentExpr lhs, ConstituentExpr rhs |
-      n1.toExpr() = newExpr.getAllocatorCall() and
-      n2.toExpr() = newExpr.getInitializer().getAChild()
+    // [expr.new] -- invocation of the allocation function is sequenced before the expressions in
+    // the new-initializer.
+    exists(NewExpr newExpr, ConstituentExpr alloc, ConstituentExpr arg |
+      alloc = newExpr.getAllocatorCall() and
+      arg = newExpr.getInitializer().getAChild()
+    |
+      alloc = n1.toExpr().getParent*() and
+      arg = n2.toExpr().getParent*()
+    )
+    or
+    // [expr.mptr.oper] - In E.*E2, E1 is sequenced before E2. This is not the case for E->*E2.
+    exists(PointerToMemberExpr ptrToMember, ConstituentExpr object, ConstituentExpr ptr |
+      // TODO: distinguish between `.*` and `->*` operators.
+      object = ptrToMember.getObjectExpr() and
+      ptr = ptrToMember.getPointerExpr()
+    |
+      object = n1.toExpr().getParent*() and ptr = n2.toExpr().getParent*()
+    )
+    or
+    // [expr.shift] In E1 << E2 and E1 >> E2, E1 is sequenced before E2.
+    exists(BitShiftExpr shift, ConstituentExpr lhs, ConstituentExpr rhs |
+      lhs = shift.getLeftOperand() and
+      rhs = shift.getRightOperand()
+    |
+      lhs = n1.toExpr().getParent*() and rhs = n2.toExpr().getParent*()
+    )
+    or
+    // [expr.ass] The right operand is sequenced before the left operand for all assignment operators.
+    exists(Assignment assign, ConstituentExpr lhs, ConstituentExpr rhs |
+      lhs = assign.getLValue() and
+      rhs = assign.getRValue()
+    |
+      lhs = n1.toExpr().getParent*() and rhs = n2.toExpr().getParent*()
     )
   }
 
@@ -172,5 +210,8 @@ module Ordering {
     predicate isValueComputation() { this = TValueComputationNode(_) }
 
     predicate isSideEffect() { this = TSideEffectNode(_, _) }
+
+    Location getLocation() { result = toExpr().getLocation() }
   }
+
 }

cpp/common/src/codingstandards/cpp/exclusions/cpp/RuleMetadata.qll

@@ -60,6 +60,7 @@ import Representation
 import Scope
 import SideEffects1
 import SideEffects2
+import SideEffects4
 import SmartPointers1
 import SmartPointers2
 import Statements
@@ -132,6 +133,7 @@ newtype TCPPQuery =
   TScopePackageQuery(ScopeQuery q) or
   TSideEffects1PackageQuery(SideEffects1Query q) or
   TSideEffects2PackageQuery(SideEffects2Query q) or
+  TSideEffects4PackageQuery(SideEffects4Query q) or
   TSmartPointers1PackageQuery(SmartPointers1Query q) or
   TSmartPointers2PackageQuery(SmartPointers2Query q) or
   TStatementsPackageQuery(StatementsQuery q) or
@@ -204,6 +206,7 @@ predicate isQueryMetadata(Query query, string queryId, string ruleId, string cat
   isScopeQueryMetadata(query, queryId, ruleId, category) or
   isSideEffects1QueryMetadata(query, queryId, ruleId, category) or
   isSideEffects2QueryMetadata(query, queryId, ruleId, category) or
+  isSideEffects4QueryMetadata(query, queryId, ruleId, category) or
   isSmartPointers1QueryMetadata(query, queryId, ruleId, category) or
   isSmartPointers2QueryMetadata(query, queryId, ruleId, category) or
   isStatementsQueryMetadata(query, queryId, ruleId, category) or

cpp/common/src/codingstandards/cpp/exclusions/cpp/SideEffects4.qll

@@ -0,0 +1,26 @@
+//** THIS FILE IS AUTOGENERATED, DO NOT MODIFY DIRECTLY.  **/
+import cpp
+import RuleMetadata
+import codingstandards.cpp.exclusions.RuleMetadata
+
+newtype SideEffects4Query = TMemoryUsageNotSequencedQuery()
+
+predicate isSideEffects4QueryMetadata(Query query, string queryId, string ruleId, string category) {
+  query =
+    // `Query` instance for the `memoryUsageNotSequenced` query
+    SideEffects4Package::memoryUsageNotSequencedQuery() and
+  queryId =
+    // `@id` for the `memoryUsageNotSequenced` query
+    "cpp/misra/memory-usage-not-sequenced" and
+  ruleId = "RULE-4-6-1" and
+  category = "required"
+}
+
+module SideEffects4Package {
+  Query memoryUsageNotSequencedQuery() {
+    //autogenerate `Query` type
+    result =
+      // `Query` type for `memoryUsageNotSequenced` query
+      TQueryCPP(TSideEffects4PackageQuery(TMemoryUsageNotSequencedQuery()))
+  }
+}

cpp/common/src/codingstandards/cpp/orderofevaluation/VariableAccessOrdering.qll

@@ -1,7 +1,7 @@
 import cpp
 import codingstandards.cpp.Ordering
 
-module VariableAccessInFullExpressionOrdering implements Ordering::ConfigSig {
+module Cpp14VariableAccessInFullExpressionOrdering implements Ordering::ConfigSig {
   import Ordering::CppConfigBase
 
   predicate isCandidate(Expr e1, Expr e2) { isCandidate(_, e1, e2) }
@@ -12,6 +12,17 @@ module VariableAccessInFullExpressionOrdering implements Ordering::ConfigSig {
   }
 }
 
+module Cpp17VariableAccessInFullExpressionOrdering implements Ordering::ConfigSig {
+  import Ordering::CppConfigBase
+
+  predicate isCandidate(Expr e1, Expr e2) { isCandidate(_, e1, e2) }
+
+  pragma[inline]
+  predicate sequencingEdge(Ordering::ExprEvaluationNode n1, Ordering::ExprEvaluationNode n2) {
+    Ordering::cpp17Edge(n1, n2)
+  }
+}
+
 pragma[noinline]
 private predicate isConstituentOf(FullExpr e, VariableAccess ce) {
   ce.(ConstituentExpr).getFullExpr() = e
@@ -35,6 +46,9 @@ predicate isCandidatePair(
  * an other full expression that is sequenced after the value computation (and therefore cannot influence them at that point in the evaluation).
  */
 predicate isCandidate(FullExpr e, VariableAccess va1, VariableAccess va2) {
+  // Ensure va1 and va2 are reciprocal candidates.
+  isCandidate(e, va2, va1)
+  or
   exists(Variable v, VariableEffect ve |
     isCandidatePair(e, va1, va2, v, v) and
     ve.getAnAccess() = va1 and

cpp/common/src/codingstandards/cpp/rules/expressionwithunsequencedsideeffects/ExpressionWithUnsequencedSideEffects.qll

@@ -0,0 +1,38 @@
+/**
+ * Provides a configurable module ExpressionWithUnsequencedSideEffects with a `problems` predicate
+ * for the following issue:
+ * Code behavior should not have unsequenced or indeterminately sequenced operations on
+ * the same memory location.
+ */
+
+import cpp
+import codingstandards.cpp.Customizations
+import codingstandards.cpp.Exclusions
+import codingstandards.cpp.SideEffect
+import codingstandards.cpp.sideeffect.DefaultEffects
+import codingstandards.cpp.Ordering
+
+signature module ExpressionWithUnsequencedSideEffectsConfigSig {
+  Query getQuery();
+
+  predicate isUnsequenced(VariableAccess va1, VariableAccess va2);
+}
+
+module ExpressionWithUnsequencedSideEffects<ExpressionWithUnsequencedSideEffectsConfigSig Config> {
+  query predicate problems(
+    FullExpr e, string message, VariableAccess va1, string va1Desc, VariableEffect ve,
+    string veDesc, VariableAccess va2, string va2Desc, Variable v, string vName
+  ) {
+    not isExcluded(e, Config::getQuery()) and
+    e = va1.(ConstituentExpr).getFullExpr() and
+    va1 = ve.getAnAccess() and
+    Config::isUnsequenced(va1, va2) and
+    v = va1.getTarget() and
+    message =
+      "The evaluation is depended on the order of evaluation of $@, that is modified by $@ and $@, that both access $@." and
+    va1Desc = "sub-expression" and
+    veDesc = "expression" and
+    va2Desc = "sub-expression" and
+    vName = v.getName()
+  }
+}

cpp/common/test/rules/expressionwithunsequencedsideeffects/ExpressionWithUnsequencedSideEffects.expected

@@ -0,0 +1,12 @@
+| test.cpp:5:12:5:24 | ... + ... | The evaluation is depended on the order of evaluation of $@, that is modified by $@ and $@, that both access $@. | test.cpp:5:21:5:22 | l1 | sub-expression | test.cpp:5:21:5:24 | ... ++ | expression | test.cpp:5:15:5:16 | l1 | sub-expression | test.cpp:2:7:2:8 | l1 | l1 |
+| test.cpp:13:12:13:13 | call to f2 | The evaluation is depended on the order of evaluation of $@, that is modified by $@ and $@, that both access $@. | test.cpp:13:15:13:16 | l1 | sub-expression | test.cpp:13:15:13:18 | ... ++ | expression | test.cpp:13:21:13:22 | l1 | sub-expression | test.cpp:12:7:12:8 | l1 | l1 |
+| test.cpp:21:7:21:8 | call to m1 | The evaluation is depended on the order of evaluation of $@, that is modified by $@ and $@, that both access $@. | test.cpp:21:10:21:11 | p1 | sub-expression | test.cpp:21:10:21:13 | ... ++ | expression | test.cpp:21:3:21:4 | p1 | sub-expression | test.cpp:20:13:20:14 | p1 | p1 |
+| test.cpp:26:29:26:53 | ... + ... | The evaluation is depended on the order of evaluation of $@, that is modified by $@ and $@, that both access $@. | test.cpp:26:34:26:35 | p1 | sub-expression | test.cpp:25:34:25:40 | ... += ... | expression | test.cpp:26:48:26:49 | p1 | sub-expression | test.cpp:26:14:26:15 | p1 | p1 |
+| test.cpp:26:29:26:53 | ... + ... | The evaluation is depended on the order of evaluation of $@, that is modified by $@ and $@, that both access $@. | test.cpp:26:48:26:49 | p1 | sub-expression | test.cpp:25:34:25:40 | ... += ... | expression | test.cpp:26:34:26:35 | p1 | sub-expression | test.cpp:26:14:26:15 | p1 | p1 |
+| test.cpp:32:3:32:16 | ... = ... | The evaluation is depended on the order of evaluation of $@, that is modified by $@ and $@, that both access $@. | test.cpp:32:8:32:9 | l1 | sub-expression | test.cpp:32:8:32:16 | ... = ... | expression | test.cpp:32:13:32:14 | l1 | sub-expression | test.cpp:29:7:29:8 | l1 | l1 |
+| test.cpp:32:3:32:16 | ... = ... | The evaluation is depended on the order of evaluation of $@, that is modified by $@ and $@, that both access $@. | test.cpp:32:13:32:14 | l1 | sub-expression | test.cpp:32:13:32:16 | ... ++ | expression | test.cpp:32:8:32:9 | l1 | sub-expression | test.cpp:29:7:29:8 | l1 | l1 |
+| test.cpp:39:12:39:18 | ... + ... | The evaluation is depended on the order of evaluation of $@, that is modified by $@ and $@, that both access $@. | test.cpp:39:12:39:13 | l1 | sub-expression | test.cpp:39:12:39:13 | l1 | expression | test.cpp:39:17:39:18 | l1 | sub-expression | test.cpp:37:16:37:17 | l1 | l1 |
+| test.cpp:39:12:39:18 | ... + ... | The evaluation is depended on the order of evaluation of $@, that is modified by $@ and $@, that both access $@. | test.cpp:39:17:39:18 | l1 | sub-expression | test.cpp:39:17:39:18 | l1 | expression | test.cpp:39:12:39:13 | l1 | sub-expression | test.cpp:37:16:37:17 | l1 | l1 |
+| test.cpp:62:11:62:12 | call to m1 | The evaluation is depended on the order of evaluation of $@, that is modified by $@ and $@, that both access $@. | test.cpp:62:4:62:5 | p1 | sub-expression | test.cpp:62:4:62:7 | ... ++ | expression | test.cpp:62:14:62:15 | p1 | sub-expression | test.cpp:61:14:61:15 | p1 | p1 |
+| test.cpp:67:3:67:20 | ... >> ... | The evaluation is depended on the order of evaluation of $@, that is modified by $@ and $@, that both access $@. | test.cpp:67:5:67:6 | p1 | sub-expression | test.cpp:67:5:67:8 | ... ++ | expression | test.cpp:67:16:67:17 | p1 | sub-expression | test.cpp:66:15:66:16 | p1 | p1 |
+| test.cpp:67:3:67:20 | ... >> ... | The evaluation is depended on the order of evaluation of $@, that is modified by $@ and $@, that both access $@. | test.cpp:67:16:67:17 | p1 | sub-expression | test.cpp:67:16:67:19 | ... ++ | expression | test.cpp:67:5:67:6 | p1 | sub-expression | test.cpp:66:15:66:16 | p1 | p1 |

cpp/common/test/rules/expressionwithunsequencedsideeffects/ExpressionWithUnsequencedSideEffects.ql

@@ -0,0 +1,14 @@
+import codingstandards.cpp.rules.expressionwithunsequencedsideeffects.ExpressionWithUnsequencedSideEffects
+import codingstandards.cpp.Ordering
+import codingstandards.cpp.orderofevaluation.VariableAccessOrdering
+import Ordering::Make<Cpp14VariableAccessInFullExpressionOrdering> as FullExprOrdering
+
+module TestFileConfig implements ExpressionWithUnsequencedSideEffectsConfigSig {
+  Query getQuery() { result instanceof TestQuery }
+
+  predicate isUnsequenced(VariableAccess va1, VariableAccess va2) {
+    FullExprOrdering::isUnsequenced(va1, va2)
+  }
+}
+
+import ExpressionWithUnsequencedSideEffects<TestFileConfig>

cpp/common/test/rules/expressionwithunsequencedsideeffects/ExpressionWithUnsequencedSideEffectsCpp17.expected

@@ -0,0 +1,6 @@
+| test.cpp:5:12:5:24 | ... + ... | The evaluation is depended on the order of evaluation of $@, that is modified by $@ and $@, that both access $@. | test.cpp:5:21:5:22 | l1 | sub-expression | test.cpp:5:21:5:24 | ... ++ | expression | test.cpp:5:15:5:16 | l1 | sub-expression | test.cpp:2:7:2:8 | l1 | l1 |
+| test.cpp:13:12:13:13 | call to f2 | The evaluation is depended on the order of evaluation of $@, that is modified by $@ and $@, that both access $@. | test.cpp:13:15:13:16 | l1 | sub-expression | test.cpp:13:15:13:18 | ... ++ | expression | test.cpp:13:21:13:22 | l1 | sub-expression | test.cpp:12:7:12:8 | l1 | l1 |
+| test.cpp:26:29:26:53 | ... + ... | The evaluation is depended on the order of evaluation of $@, that is modified by $@ and $@, that both access $@. | test.cpp:26:34:26:35 | p1 | sub-expression | test.cpp:25:34:25:40 | ... += ... | expression | test.cpp:26:48:26:49 | p1 | sub-expression | test.cpp:26:14:26:15 | p1 | p1 |
+| test.cpp:26:29:26:53 | ... + ... | The evaluation is depended on the order of evaluation of $@, that is modified by $@ and $@, that both access $@. | test.cpp:26:48:26:49 | p1 | sub-expression | test.cpp:25:34:25:40 | ... += ... | expression | test.cpp:26:34:26:35 | p1 | sub-expression | test.cpp:26:14:26:15 | p1 | p1 |
+| test.cpp:39:12:39:18 | ... + ... | The evaluation is depended on the order of evaluation of $@, that is modified by $@ and $@, that both access $@. | test.cpp:39:12:39:13 | l1 | sub-expression | test.cpp:39:12:39:13 | l1 | expression | test.cpp:39:17:39:18 | l1 | sub-expression | test.cpp:37:16:37:17 | l1 | l1 |
+| test.cpp:39:12:39:18 | ... + ... | The evaluation is depended on the order of evaluation of $@, that is modified by $@ and $@, that both access $@. | test.cpp:39:17:39:18 | l1 | sub-expression | test.cpp:39:17:39:18 | l1 | expression | test.cpp:39:12:39:13 | l1 | sub-expression | test.cpp:37:16:37:17 | l1 | l1 |

cpp/common/test/rules/expressionwithunsequencedsideeffects/ExpressionWithUnsequencedSideEffectsCpp17.ql

@@ -0,0 +1,14 @@
+import codingstandards.cpp.rules.expressionwithunsequencedsideeffects.ExpressionWithUnsequencedSideEffects
+import codingstandards.cpp.Ordering
+import codingstandards.cpp.orderofevaluation.VariableAccessOrdering
+import Ordering::Make<Cpp17VariableAccessInFullExpressionOrdering> as FullExprOrdering
+
+module TestFileConfig implements ExpressionWithUnsequencedSideEffectsConfigSig {
+  Query getQuery() { result instanceof TestQuery }
+
+  predicate isUnsequenced(VariableAccess va1, VariableAccess va2) {
+    FullExprOrdering::isUnsequenced(va1, va2)
+  }
+}
+
+import ExpressionWithUnsequencedSideEffects<TestFileConfig>