-
Notifications
You must be signed in to change notification settings - Fork 60
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
ae69327
commit 7205b5e
Showing
330 changed files
with
14,322 additions
and
32,140 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
name: cert-c-coding-standards | ||
version: 2.0.0 | ||
version: 2.1.0 | ||
suites: codeql-suites | ||
libraryPathDependencies: common-c-coding-standards |
8 changes: 8 additions & 0 deletions
8
...src/rules/EXP30-C/DependenceOnOrderOfFunctionArgumentsForSideEffects-implementation.qhelp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
<!DOCTYPE qhelp PUBLIC | ||
"-//Semmle//qhelp//EN" | ||
"qhelp.dtd"> | ||
<qhelp> | ||
<fragment> | ||
<p>None</p> | ||
</fragment> | ||
</qhelp> |
33 changes: 33 additions & 0 deletions
33
c/cert/src/rules/EXP30-C/DependenceOnOrderOfFunctionArgumentsForSideEffects-standard.qhelp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
<!DOCTYPE qhelp SYSTEM "qhelp.dtd"> | ||
<qhelp> | ||
<section title="Classification"> | ||
<ul> | ||
<li>required</li> | ||
<li>implementation</li> | ||
<li>automated</li> | ||
</ul> | ||
</section> | ||
|
||
<section title="Rationale"> | ||
<p> | ||
... | ||
</p> | ||
|
||
</section> | ||
|
||
<section title="Exception"> | ||
<p> | ||
... | ||
</p> | ||
</section> | ||
|
||
<example> | ||
<sample src="standard-example.c"></sample> | ||
</example> | ||
|
||
<section title="See more"> | ||
<ul> | ||
<li>...</li> | ||
</ul> | ||
</section> | ||
</qhelp> |
21 changes: 21 additions & 0 deletions
21
c/cert/src/rules/EXP30-C/DependenceOnOrderOfFunctionArgumentsForSideEffects.qhelp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
<!DOCTYPE qhelp PUBLIC "-//Semmle//qhelp//EN" "qhelp.dtd"> | ||
<qhelp> | ||
<!-- THIS FILE IS AUTOGENERATED, DO NOT MODIFY DIRECTLY. --> | ||
<overview> | ||
<p>This query implements the CERT-C rule EXP30-C:</p> | ||
<blockquote> | ||
<p>Do not depend on the order of evaluation for side effects</p> | ||
</blockquote> | ||
</overview> | ||
<include src="DependenceOnOrderOfFunctionArgumentsForSideEffects-standard.qhelp" /> | ||
<section title="Implementation notes"> | ||
<include src="DependenceOnOrderOfFunctionArgumentsForSideEffects-implementation.qhelp" /> | ||
</section> | ||
<references> | ||
<li> | ||
CERT-C: | ||
<a href="https://wiki.sei.cmu.edu/confluence/display/c">EXP30-C: Do not depend on the order of evaluation for side effects</a> | ||
. | ||
</li> | ||
</references> | ||
</qhelp> |
129 changes: 129 additions & 0 deletions
129
c/cert/src/rules/EXP30-C/DependenceOnOrderOfFunctionArgumentsForSideEffects.ql
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,129 @@ | ||
/** | ||
* @id c/cert/dependence-on-order-of-function-arguments-for-side-effects | ||
* @name EXP30-C: Do not depend on the order of evaluation of function call arguments for side effects | ||
* @description Depending on the order of evaluation for side effects in function call arguments can | ||
* result in unexpected program behavior. | ||
* @kind problem | ||
* @precision high | ||
* @problem.severity warning | ||
* @tags external/cert/id/exp30-c | ||
* correctness | ||
* external/cert/obligation/rule | ||
*/ | ||
|
||
import cpp | ||
import codingstandards.c.cert | ||
import codingstandards.cpp.SideEffect | ||
import semmle.code.cpp.dataflow.DataFlow | ||
import semmle.code.cpp.dataflow.TaintTracking | ||
import semmle.code.cpp.valuenumbering.GlobalValueNumberingImpl | ||
|
||
/** Holds if the function's return value is derived from the `AliasParamter` p. */ | ||
predicate returnValueDependsOnAliasParameter(AliasParameter p) { | ||
exists(ReturnStmt ret | ret = p.getFunction().getBlock().getAStmt() | | ||
TaintTracking::localTaint(DataFlow::parameterNode(p), DataFlow::exprNode(ret.getExpr())) | ||
or | ||
exists(FieldAccess fa, VariableAccess va | fa.getQualifier() = va and va.getTarget() = p | | ||
TaintTracking::localTaint(DataFlow::exprNode(fa), DataFlow::exprNode(ret.getExpr())) | ||
) | ||
or | ||
exists(FunctionCall call, VariableAccess va | call.getQualifier() = va and va.getTarget() = p | | ||
TaintTracking::localTaint(DataFlow::exprNode(call), DataFlow::exprNode(ret.getExpr())) | ||
) | ||
or | ||
exists(VariableAccess va | va.getTarget() = p | ret.getAChild+() = va) | ||
) | ||
or | ||
exists(FunctionCall call, ReturnStmt ret, int i, AliasParameter q | | ||
ret = p.getFunction().getBlock().getAStmt() and call.getEnclosingFunction() = p.getFunction() | ||
| | ||
DataFlow::localFlow(DataFlow::parameterNode(p), DataFlow::exprNode(call.getArgument(i))) and | ||
q = call.getTarget().getParameter(i) and | ||
returnValueDependsOnAliasParameter(q) and | ||
TaintTracking::localTaint(DataFlow::exprNode(call), DataFlow::exprNode(ret.getExpr())) | ||
) | ||
} | ||
|
||
/** Holds if the function `f`'s return value is derived from the global variable `v`. */ | ||
predicate returnValueDependsOnGlobalVariable(Function f, GlobalVariable v) { | ||
exists(ReturnStmt ret, VariableAccess va | | ||
ret = f.getBlock().getAStmt() and va.getTarget() = v and va.getEnclosingFunction() = f | ||
| | ||
TaintTracking::localTaint(DataFlow::exprNode(va), DataFlow::exprNode(ret.getExpr())) | ||
) | ||
or | ||
exists(ReturnStmt ret, FunctionCall call | | ||
ret = f.getBlock().getAStmt() and | ||
call.getEnclosingFunction() = f and | ||
returnValueDependsOnGlobalVariable(call.getTarget(), v) and | ||
TaintTracking::localTaint(DataFlow::exprNode(call), DataFlow::exprNode(ret.getExpr())) | ||
) | ||
} | ||
|
||
/** Holds if the member function `f`'s return value is derived from the member variable `v`. */ | ||
predicate returnValueDependsOnMemberVariable(MemberFunction f, MemberVariable v) { | ||
exists(ReturnStmt ret, VariableAccess va | | ||
ret = f.getBlock().getAStmt() and | ||
va.getTarget() = v and | ||
va.getEnclosingFunction() = f and | ||
v.getDeclaringType() = f.getDeclaringType() | ||
| | ||
TaintTracking::localTaint(DataFlow::exprNode(va), DataFlow::exprNode(ret.getExpr())) | ||
) | ||
} | ||
|
||
from | ||
FunctionCall call, Function f1, Function f2, int i, int j, FunctionCall arg1, FunctionCall arg2, | ||
Variable v1, Variable v2 | ||
where | ||
not isExcluded(call, | ||
SideEffects1Package::dependenceOnOrderOfFunctionArgumentsForSideEffectsQuery()) and | ||
arg1 = call.getArgument(i) and | ||
arg2 = call.getArgument(j) and | ||
i < j and | ||
arg1.getTarget() = f1 and | ||
arg2.getTarget() = f2 and | ||
( | ||
// Considering the shared states: | ||
// - pointer or reference arguments being used in both functions | ||
exists(AliasParameter p1, AliasParameter p2 | | ||
v1 = p1 and | ||
v2 = p2 and | ||
f1.getAParameter() = p1 and | ||
f2.getAParameter() = p2 and | ||
p1.isModified() and | ||
p2.isModified() and | ||
globalValueNumber(arg1.getArgument(p1.getIndex())) = | ||
globalValueNumber(arg2.getArgument(p2.getIndex())) and | ||
returnValueDependsOnAliasParameter(p1) and | ||
returnValueDependsOnAliasParameter(p2) | ||
) | ||
or | ||
// - global variables being used in both functions | ||
exists(GlobalVariable v, VariableEffect ve1, VariableEffect ve2 | | ||
v1 = v and | ||
v2 = v and | ||
returnValueDependsOnGlobalVariable(f1, v) and | ||
returnValueDependsOnGlobalVariable(f2, v) and | ||
ve1.getTarget() = v and | ||
ve2.getTarget() = v | ||
) | ||
or | ||
// - member variables that can be modified in both functions | ||
exists(MemberVariable v | | ||
v1 = v and | ||
v2 = v and | ||
returnValueDependsOnMemberVariable(f1, v) and | ||
returnValueDependsOnMemberVariable(f2, v) and | ||
v = getAMemberVariableEffect(f1).getTarget() and | ||
v = getAMemberVariableEffect(f2).getTarget() and | ||
( | ||
globalValueNumber(arg1.getQualifier()) = globalValueNumber(arg2.getQualifier()) | ||
or | ||
v.isStatic() and arg1.getQualifier().getType() = arg2.getQualifier().getType() | ||
) | ||
) | ||
) | ||
select call, | ||
"Depending on the order of evaluation for the arguments $@ and $@ for side effects on shared state is unspecified and can result in unexpected behavior.", | ||
arg1, arg1.toString(), arg2, arg2.toString() |
8 changes: 8 additions & 0 deletions
8
.../src/rules/EXP30-C/DependenceOnOrderOfScalarEvaluationForSideEffects-implementation.qhelp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
<!DOCTYPE qhelp PUBLIC | ||
"-//Semmle//qhelp//EN" | ||
"qhelp.dtd"> | ||
<qhelp> | ||
<fragment> | ||
<p>None</p> | ||
</fragment> | ||
</qhelp> |
33 changes: 33 additions & 0 deletions
33
c/cert/src/rules/EXP30-C/DependenceOnOrderOfScalarEvaluationForSideEffects-standard.qhelp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
<!DOCTYPE qhelp SYSTEM "qhelp.dtd"> | ||
<qhelp> | ||
<section title="Classification"> | ||
<ul> | ||
<li>required</li> | ||
<li>implementation</li> | ||
<li>automated</li> | ||
</ul> | ||
</section> | ||
|
||
<section title="Rationale"> | ||
<p> | ||
... | ||
</p> | ||
|
||
</section> | ||
|
||
<section title="Exception"> | ||
<p> | ||
... | ||
</p> | ||
</section> | ||
|
||
<example> | ||
<sample src="standard-example.c"></sample> | ||
</example> | ||
|
||
<section title="See more"> | ||
<ul> | ||
<li>...</li> | ||
</ul> | ||
</section> | ||
</qhelp> |
21 changes: 21 additions & 0 deletions
21
c/cert/src/rules/EXP30-C/DependenceOnOrderOfScalarEvaluationForSideEffects.qhelp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
<!DOCTYPE qhelp PUBLIC "-//Semmle//qhelp//EN" "qhelp.dtd"> | ||
<qhelp> | ||
<!-- THIS FILE IS AUTOGENERATED, DO NOT MODIFY DIRECTLY. --> | ||
<overview> | ||
<p>This query implements the CERT-C rule EXP30-C:</p> | ||
<blockquote> | ||
<p>Do not depend on the order of evaluation for side effects</p> | ||
</blockquote> | ||
</overview> | ||
<include src="DependenceOnOrderOfScalarEvaluationForSideEffects-standard.qhelp" /> | ||
<section title="Implementation notes"> | ||
<include src="DependenceOnOrderOfScalarEvaluationForSideEffects-implementation.qhelp" /> | ||
</section> | ||
<references> | ||
<li> | ||
CERT-C: | ||
<a href="https://wiki.sei.cmu.edu/confluence/display/c">EXP30-C: Do not depend on the order of evaluation for side effects</a> | ||
. | ||
</li> | ||
</references> | ||
</qhelp> |
30 changes: 30 additions & 0 deletions
30
c/cert/src/rules/EXP30-C/DependenceOnOrderOfScalarEvaluationForSideEffects.ql
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
/** | ||
* @id c/cert/dependence-on-order-of-scalar-evaluation-for-side-effects | ||
* @name EXP30-C: Do not depend on the order of scalar object evaluation for side effects | ||
* @description Depending on the order of evaluation for side effects for evaluation of scalar | ||
* objects that are unsequenced results in undefined behavior. | ||
* @kind problem | ||
* @precision high | ||
* @problem.severity warning | ||
* @tags external/cert/id/exp30-c | ||
* correctness | ||
* external/cert/obligation/rule | ||
*/ | ||
|
||
import cpp | ||
import codingstandards.c.cert | ||
import codingstandards.cpp.SideEffect | ||
import codingstandards.c.Ordering | ||
import codingstandards.c.orderofevaluation.VariableAccessOrdering | ||
|
||
from | ||
VariableAccessInFullExpressionOrdering config, FullExpr e, ScalarVariable v, VariableEffect ve, | ||
VariableAccess va1, VariableAccess va2 | ||
where | ||
not isExcluded(e, SideEffects1Package::dependenceOnOrderOfScalarEvaluationForSideEffectsQuery()) and | ||
e = va1.(ConstituentExpr).getFullExpr() and | ||
va1 = ve.getAnAccess() and | ||
config.isUnsequenced(va1, va2) and | ||
v = va1.getTarget() | ||
select e, "Scalar object referenced by $@ has a $@ that is unsequenced in relative to another $@.", | ||
v, v.getName(), ve, "side-effect", va2, "side-effect or value computation" |
File renamed without changes.
8 changes: 8 additions & 0 deletions
8
c/cert/src/rules/EXP44-C/UnevaluatedOperandWithSideEffect-implementation.qhelp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
<!DOCTYPE qhelp PUBLIC | ||
"-//Semmle//qhelp//EN" | ||
"qhelp.dtd"> | ||
<qhelp> | ||
<fragment> | ||
<p>None</p> | ||
</fragment> | ||
</qhelp> |
Oops, something went wrong.