Skip to content

Commit a8a6db7

Browse files
jeongsoolee09jeongsoolee09
committed
Checkpoint
1 parent 9d3bab0 commit a8a6db7

File tree

1 file changed

+22
-9
lines changed

1 file changed

+22
-9
lines changed

cpp/misra/src/rules/RULE-8-7-1/PointerArithmeticFormsAnInvalidPointer.ql

Lines changed: 22 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -55,6 +55,11 @@ class ArrayAllocation extends TArrayAllocation {
5555
result = this.asStackAllocation().getLength() or
5656
none() // TODO: this.asDynamicAllocation()
5757
}
58+
59+
Location getLocation() {
60+
result = this.asStackAllocation().getLocation() or
61+
result = this.asDynamicAllocation().getLocation()
62+
}
5863
}
5964

6065
class PointerFormation extends TPointerFormation {
@@ -88,6 +93,11 @@ class PointerFormation extends TPointerFormation {
8893
result.asExpr() = this.asExpr() or
8994
result.asIndirectExpr() = this.asExpr()
9095
}
96+
97+
Location getLocation() {
98+
result = this.asArrayExpr().getLocation() or
99+
result = this.asPointerArithmetic().getLocation()
100+
}
91101
}
92102

93103
module TrackArrayConfig implements DataFlow::ConfigSig {
@@ -109,19 +119,19 @@ module TrackArrayConfig implements DataFlow::ConfigSig {
109119
module TrackArray = DataFlow::Global<TrackArrayConfig>;
110120

111121
private predicate arrayDeclarationAndAccess(
112-
DataFlow::Node arrayDeclarationNode, DataFlow::Node arrayAccessNode
122+
DataFlow::Node arrayDeclarationNode, DataFlow::Node pointerFormationNode
113123
) {
114-
TrackArray::flow(arrayDeclarationNode, arrayAccessNode)
124+
TrackArray::flow(arrayDeclarationNode, pointerFormationNode)
115125
}
116126

117127
private predicate arrayIndexExceedsOutOfBounds(
118-
DataFlow::Node arrayDeclarationNode, DataFlow::Node arrayAccessNode
128+
DataFlow::Node arrayDeclarationNode, DataFlow::Node pointerFormationNode
119129
) {
120130
/* 1. Ensure the array access is reachable from the array declaration. */
121-
arrayDeclarationAndAccess(arrayDeclarationNode, arrayAccessNode) and
131+
arrayDeclarationAndAccess(arrayDeclarationNode, pointerFormationNode) and
122132
exists(ArrayAllocation arrayAllocation, PointerFormation pointerFormation |
123133
arrayDeclarationNode.asExpr() = arrayAllocation.asStackAllocation().getInitExpr() and
124-
arrayAccessNode = pointerFormation.getNode()
134+
pointerFormationNode = pointerFormation.getNode()
125135
|
126136
/* 2. Cases where a pointer formation becomes illegal. */
127137
(
@@ -134,8 +144,11 @@ private predicate arrayIndexExceedsOutOfBounds(
134144
)
135145
}
136146

137-
from Expr expr
147+
from PointerFormation pointerFormation
138148
where
139-
not isExcluded(expr, Memory1Package::pointerArithmeticFormsAnInvalidPointerQuery()) and
140-
none() // TODO
141-
select "TODO", "TODO"
149+
not isExcluded(pointerFormation.asExpr(),
150+
Memory1Package::pointerArithmeticFormsAnInvalidPointerQuery()) and
151+
exists(DataFlow::Node pointerFormationNode | pointerFormationNode = pointerFormation.getNode() |
152+
arrayIndexExceedsOutOfBounds(_, pointerFormationNode)
153+
)
154+
select pointerFormation, "TODO"

0 commit comments

Comments
 (0)