codeql-coding-standards/c/misra/src/rules/RULE-22-14/MutexNotInitializedBeforeUse.ql at 9c70506bcc0ed05f5323921c5e4cb8099004f8a7 · github/codeql-coding-standards · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
/**
 * @id c/misra/mutex-not-initialized-before-use
 * @name RULE-22-14: Thread synchronization objects shall be initialized before being accessed
 * @description Mutex and condition objects shall be initialized with the standard library functions
 *              before using them.
 * @kind problem
 * @precision high
 * @problem.severity error
 * @tags external/misra/id/rule-22-14
 *       correctness
 *       concurrency
 *       external/misra/c/2012/amendment4
 *       external/misra/obligation/mandatory
 */

import cpp
import codingstandards.c.misra
import codingstandards.c.Objects
import codingstandards.cpp.Concurrency
import codingstandards.cpp.types.Resolve
import codingstandards.c.initialization.GlobalInitializationAnalysis

module MutexInitializationConfig implements GlobalInitializationAnalysisConfigSig {
  ObjectIdentity getAnInitializedObject(Expr e) {
    e.(C11MutexSource).getMutexExpr() = result.getASubobjectAddressExpr()
  }

  ObjectIdentity getAUsedObject(Expr e) {
    result.getASubobjectAddressExpr() = e and
    (
      exists(CMutexFunctionCall mutexUse | e = mutexUse.getLockExpr())
      or
      exists(CConditionOperation condOp | e = condOp.getMutexExpr())
    )
  }
}

module ConditionInitializationConfig implements GlobalInitializationAnalysisConfigSig {
  ObjectIdentity getAnInitializedObject(Expr e) {
    exists(CConditionOperation condOp |
      e = condOp and
      condOp.isInit() and
      condOp.getConditionExpr() = result.getASubobjectAddressExpr()
    )
  }

  ObjectIdentity getAUsedObject(Expr e) {
    result.getASubobjectAddressExpr() = e and
    exists(CConditionOperation condOp |
      condOp.isUse() and
      e = condOp.getConditionExpr()
    )
  }
}

import GlobalInitalizationAnalysis<MutexInitializationConfig> as MutexInitAnalysis
import GlobalInitalizationAnalysis<ConditionInitializationConfig> as CondInitAnalysis

from Expr objUse, ObjectIdentity obj, Function callRoot, string typeString, string description
where
  not isExcluded(objUse, Concurrency8Package::mutexNotInitializedBeforeUseQuery()) and
  (
    MutexInitAnalysis::uninitializedFrom(objUse, obj, callRoot) and
    typeString = "Mutex"
    or
    CondInitAnalysis::uninitializedFrom(objUse, obj, callRoot) and
    typeString = "Condition"
  ) and
  (
    if
      obj.getType() instanceof ResolvesTo<C11MutexType>::IgnoringSpecifiers or
      obj.getType() instanceof ResolvesTo<C11ConditionType>::IgnoringSpecifiers
    then description = typeString
    else description = typeString + " in object"
  )
select objUse,
  description + " '$@' possibly used before initialization, from entry point function '$@'.", obj,
  obj.toString(), callRoot, callRoot.getName()