Add Memory1 package files

Author: jeongsoolee09

cpp/common/src/codingstandards/cpp/exclusions/cpp/RuleMetadata.qll

@@ -36,6 +36,7 @@ import Lambdas
 import Literals
 import Loops
 import Macros
+import Memory1
 import MoveForward
 import Naming
 import Null
@@ -95,6 +96,7 @@ newtype TCPPQuery =
   TLiteralsPackageQuery(LiteralsQuery q) or
   TLoopsPackageQuery(LoopsQuery q) or
   TMacrosPackageQuery(MacrosQuery q) or
+  TMemory1PackageQuery(Memory1Query q) or
   TMoveForwardPackageQuery(MoveForwardQuery q) or
   TNamingPackageQuery(NamingQuery q) or
   TNullPackageQuery(NullQuery q) or
@@ -154,6 +156,7 @@ predicate isQueryMetadata(Query query, string queryId, string ruleId, string cat
   isLiteralsQueryMetadata(query, queryId, ruleId, category) or
   isLoopsQueryMetadata(query, queryId, ruleId, category) or
   isMacrosQueryMetadata(query, queryId, ruleId, category) or
+  isMemory1QueryMetadata(query, queryId, ruleId, category) or
   isMoveForwardQueryMetadata(query, queryId, ruleId, category) or
   isNamingQueryMetadata(query, queryId, ruleId, category) or
   isNullQueryMetadata(query, queryId, ruleId, category) or

cpp/misra/src/rules/RULE-8-7-1/PointerArithmeticFormsAnInvalidPointer.ql

@@ -0,0 +1,43 @@
+/**
+ * @id cpp/misra/pointer-arithmetic-forms-an-invalid-pointer
+ * @name RULE-8-7-1: Pointer arithmetic shall not form an invalid pointer.
+ * @description Pointers obtained as result of performing arithmetic should point to an initialized
+ *              object, or an element right next to the last element of an array.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity error
+ * @tags external/misra/id/rule-8-7-1
+ *       scope/system
+ *       external/misra/enforcement/undecidable
+ *       external/misra/obligation/required
+ */
+
+import cpp
+import codingstandards.cpp.misra
+import semmle.code.cpp.dataflow.new.DataFlow
+
+module TrackArrayConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node node) {
+    /* 1. Declaring an array-type variable */
+    none()
+    or
+    /* 2. Allocating dynamic memory as an array */
+    none()
+  }
+
+  predicate isSink(DataFlow::Node node) {
+    /* 1. Pointer arithmetic */
+    none()
+    or
+    /* 2. Array access */
+    none()
+  }
+}
+
+module TrackArray = DataFlow::Global<TrackArrayConfig>;
+
+from Expr expr
+where
+  not isExcluded(expr, Memory1Package::pointerArithmeticFormsAnInvalidPointerQuery()) and
+  none() // TODO
+select "TODO", "TODO"

cpp/misra/test/rules/RULE-8-7-1/PointerArithmeticFormsAnInvalidPointer.expected

@@ -0,0 +1 @@
+No expected results have yet been specified

cpp/misra/test/rules/RULE-8-7-1/PointerArithmeticFormsAnInvalidPointer.qlref

@@ -0,0 +1 @@
+rules/RULE-8-7-1/PointerArithmeticFormsAnInvalidPointer.ql

cpp/misra/test/rules/RULE-8-7-1/test.cpp

@@ -0,0 +1,78 @@
+#include <cstdlib>
+
+void f1(int *array) {
+  /* 1. Pointer formed from performing arithmetic */
+  int *valid1 = array;     // COMPLIANT: pointer is within boundary
+  int *valid2 = array + 1; // COMPLIANT: pointer is within boundary
+  int *valid3 = array + 2; // COMPLIANT: pointer is within boundary
+  int *valid4 =
+      array + 3; // COMPLIANT: pointer points one beyond the last element
+  int *invalid1 =
+      array +
+      4; // NON_COMPLIANT: pointer points more than one beyond the last element
+  int *invalid2 = array - 1; // NON_COMPLIANT: pointer is outside boundary
+}
+
+void f2(int *array) {
+  /* 2. Array Access (entails pointer arithmetic) */
+  int valid1 = array[0];   // COMPLIANT: pointer is within boundary
+  int valid2 = array[1];   // COMPLIANT: pointer is within boundary
+  int valid3 = array[2];   // COMPLIANT: pointer is within boundary
+  int valid4 = array[3];   // COMPLIANT: pointer points one beyond the last
+                           // element, but non-compliant to Rule 4.1.3
+  int invalid1 = array[4]; // NON_COMPLIANT: pointer points more than one beyond
+                           // the last element
+  int invalid2 = array[-1]; // NON_COMPLIANT: pointer is outside boundary
+}
+
+void f1_realloc(int *array) {
+  /* 1. Pointer formed from performing arithmetic */
+  int *valid1 = array;     // COMPLIANT: pointer is within boundary
+  int *valid2 = array + 1; // COMPLIANT: pointer is within boundary
+  int *valid3 = array + 2; // COMPLIANT: pointer is within boundary
+  int *valid4 =
+      array + 3; // COMPLIANT: pointer points one beyond the last element
+  int *invalid1 =
+      array +
+      4; // NON_COMPLIANT: pointer points more than one beyond the last element
+  int *invalid2 = array - 1; // NON_COMPLIANT: pointer is outside boundary
+}
+
+void f2_realloc(int *array) {
+  /* 2. Array Access (entails pointer arithmetic) */
+  int valid1 = array[0];   // COMPLIANT: pointer is within boundary
+  int valid2 = array[1];   // COMPLIANT: pointer is within boundary
+  int valid3 = array[2];   // COMPLIANT: pointer points one beyond the last
+  int invalid1 = array[3];   // NON_COMPLIANT: pointer points one beyond the last
+                           // element, but non-compliant to Rule 4.1.3
+  int invalid2 = array[4]; // NON_COMPLIANT: pointer points more than one beyond
+                           // the last element
+  int invalid3 = array[-1]; // NON_COMPLIANT: pointer is outside boundary
+}
+
+int main() {
+  int array[3] = {0, 1, 2};
+
+  f1(array);
+  f2(array);
+
+  int num_of_elements = 3;
+
+  int* array_malloc = (int*)std::malloc(num_of_elements * sizeof(int));
+  int* array_calloc = (int*)std::calloc(num_of_elements, sizeof(int));
+
+  int new_num_of_elements = 2;
+
+  int* array_realloc = (int*)std::realloc(array_malloc, new_num_of_elements * sizeof(int));
+
+  f1(array_malloc);
+  f2(array_malloc);
+
+  f1(array_calloc);
+  f2(array_calloc);
+
+  f1_realloc(array_realloc);
+  f2_realloc(array_realloc);
+
+  return 0;
+}