Merge branch 'main' into michaelrfairhurst/deadcode-5-rule-0-1-1

Author: mbaluda

c/misra/src/rules/RULE-18-9/ArrayToPointerConversionOfTemporaryObject.ql

@@ -16,6 +16,7 @@
 import cpp
 import codingstandards.c.misra
 import codingstandards.c.Objects
+import codingstandards.cpp.Expr
 
 /**
  * Holds if the value of an expression is used or stored.
@@ -37,32 +38,14 @@ predicate isUsedOrStored(Expr e) {
   e = any(ClassAggregateLiteral l).getAFieldExpr(_)
 }
 
-/**
- * Find expressions that defer their value directly to an inner expression
- * value.
- *
- * When an array is on the rhs of a comma expr, or in the then/else branch of a
- * ternary expr, and the result us used as a pointer, then the ArrayToPointer
- * conversion is marked inside comma expr/ternary expr, on the operands. These
- * conversions are only non-compliant if they flow into an operation or store.
- *
- * Full flow analysis with localFlowStep should not be necessary, and may cast a
- * wider net than needed for some queries, potentially resulting in false
- * positives.
- */
-Expr temporaryObjectFlowStep(Expr e) {
-  e = result.(CommaExpr).getRightOperand()
-  or
-  e = result.(ConditionalExpr).getThen()
-  or
-  e = result.(ConditionalExpr).getElse()
-}
-
 from FieldAccess fa, TemporaryObjectIdentity temporary, ArrayToPointerConversion conversion
 where
   not isExcluded(conversion, InvalidMemory3Package::arrayToPointerConversionOfTemporaryObjectQuery()) and
   fa = temporary.getASubobjectAccess() and
   conversion.getExpr() = fa and
-  isUsedOrStored(temporaryObjectFlowStep*(conversion.getExpr()))
+  exists(Expr useOrStore |
+    temporaryObjectFlowStep*(conversion.getExpr(), useOrStore) and
+    isUsedOrStored(useOrStore)
+  )
 select conversion, "Array to pointer conversion of array $@ from temporary object $@.",
   fa.getTarget(), fa.getTarget().getName(), temporary, temporary.toString()

change_notes/2025-05-20-update-integer-literal-lexing.md

@@ -0,0 +1,2 @@
+ - All queries related to integer suffixes:
+   - No visible changes expected: the regex for parsing integer suffixes, and how they are treated after lexing, has been refactored.

change_notes/2025-06-03-refactor-temporary-object-flow-step.md

@@ -0,0 +1,2 @@
+ - `RULE-18-9` - `ArraytoPointerConversionOfTemporaryObject.ql`
+   - The behavior for finding flow steps of temporary objects (for example, from ternary branches to the ternary expr result) has been extracted for reuse in other rules, no visible changes expected.

change_notes/2026-02-22-shared-default-initialization-logic.md

@@ -0,0 +1,3 @@
+ - `A3-3-2` - `StaticOrThreadLocalObjectsNonConstantInit`:
+   - The checks for non-constant initialization have been moved to be usable in other queries, such as MISRA C++23 Rule 6.7.2.
+   - No visible changes in query results expected.

cpp/autosar/src/rules/A3-3-2/StaticOrThreadLocalObjectsNonConstantInit.ql

@@ -15,100 +15,7 @@
 
 import cpp
 import codingstandards.cpp.autosar
-
-/**
- * Holds if `e` is a full expression or `AggregateLiteral` in the initializer of a
- * `StaticStorageDurationVariable`.
- *
- * Although `AggregateLiteral`s are expressions according to our model, they are not considered
- * expressions from the perspective of the standard. Therefore, we should consider components of
- * aggregate literals within static initializers to also be full expressions.
- */
-private predicate isFullExprOrAggregateInStaticInitializer(Expr e) {
-  exists(StaticStorageDurationVariable var | e = var.getInitializer().getExpr())
-  or
-  isFullExprOrAggregateInStaticInitializer(e.getParent().(AggregateLiteral))
-}
-
-/**
- * Holds if `e` is a non-constant full expression in a static initializer, for the given `reason`
- * and `reasonElement`.
- */
-private predicate nonConstantFullExprInStaticInitializer(
-  Expr e, Element reasonElement, string reason
-) {
-  isFullExprOrAggregateInStaticInitializer(e) and
-  if e instanceof AggregateLiteral
-  then
-    // If this is an aggregate literal, we apply this recursively
-    nonConstantFullExprInStaticInitializer(e.getAChild(), reasonElement, reason)
-  else (
-    // Otherwise we check this component to determine if it is constant
-    not (
-      e.getFullyConverted().isConstant() or
-      e.(Call).getTarget().isConstexpr() or
-      e.(VariableAccess).getTarget().isConstexpr()
-    ) and
-    reason = "uses a non-constant element in the initialization" and
-    reasonElement = e
-  )
-}
-
-/**
- * A `ConstructorCall` that does not represent a constant initializer for an object according to
- * `[basic.start.init]`.
- *
- * In addition to identifying `ConstructorCall`s which are not constant initializers, this also
- * provides an explanatory "reason" for why this constructor is not considered to be a constant
- * initializer.
- */
-predicate isNotConstantInitializer(ConstructorCall cc, Element reasonElement, string reason) {
-  // Must call a constexpr constructor
-  not cc.getTarget().isConstexpr() and
-  reason =
-    "calls the " + cc.getTarget().getName() + "(..) constructor which is not marked as constexpr" and
-  reasonElement = cc
-  or
-  // And all arguments must either be constant, or themselves call constexpr constructors
-  cc.getTarget().isConstexpr() and
-  exists(Expr arg | arg = cc.getAnArgument() |
-    isNotConstantInitializer(arg, reasonElement, reason)
-    or
-    not arg instanceof ConstructorCall and
-    not arg.getFullyConverted().isConstant() and
-    not arg.(Call).getTarget().isConstexpr() and
-    not arg.(VariableAccess).getTarget().isConstexpr() and
-    reason = "includes a non constant " + arg.getType() + " argument to a constexpr constructor" and
-    reasonElement = arg
-  )
-}
-
-/**
- * Identifies if a `StaticStorageDurationVariable` is not constant initialized according to
- * `[basic.start.init]`.
- */
-predicate isNotConstantInitialized(
-  StaticStorageDurationVariable v, string reason, Element reasonElement
-) {
-  if v.getInitializer().getExpr() instanceof ConstructorCall
-  then
-    // (2.2) if initialized by a constructor call, then that constructor call must be a constant
-    // initializer for the variable to be constant initialized
-    isNotConstantInitializer(v.getInitializer().getExpr(), reasonElement, reason)
-  else
-    // (2.3) If it is not initialized by a constructor call, then it must be the case that every full
-    // expr in the initializer is a constant expression or that the object was "value initialized"
-    // but without a constructor call. For value initialization, there are two non-constructor call
-    // cases to consider:
-    //
-    //  1. The object was zero initialized - in which case, the extractor does not include a
-    //     constructor call - instead, it has a blank aggregate literal, or no initializer.
-    //  2. The object is an array, which will be initialized by an aggregate literal.
-    //
-    // In both cases it is sufficient for us to find a non-constant full expression in the static
-    // initializer
-    nonConstantFullExprInStaticInitializer(v.getInitializer().getExpr(), reasonElement, reason)
-}
+import codingstandards.cpp.orderofevaluation.Initialization
 
 from StaticStorageDurationVariable staticOrThreadLocalVar, string reason, Element reasonElement
 where

cpp/cert/test/rules/OOP54-CPP/GracefullyHandleSelfCopyAssignment.expected

@@ -1,2 +1,2 @@
-| test.cpp:57:6:57:14 | operator= | User defined copy or user defined move does not handle self-assignment correctly.  |
-| test.cpp:66:6:66:14 | operator= | User defined copy or user defined move does not handle self-assignment correctly.  |
+| test.cpp:56:6:56:14 | operator= | User defined copy or user defined move does not handle self-assignment correctly.  |
+| test.cpp:65:6:65:14 | operator= | User defined copy or user defined move does not handle self-assignment correctly.  |

cpp/cert/test/rules/OOP54-CPP/test.cpp

@@ -1,6 +1,5 @@
 #include <functional>
 #include <string>
-#include <utility>
 
 class A {
 public:

cpp/common/src/codingstandards/cpp/Cpp14Literal.qll

@@ -12,11 +12,33 @@ module Cpp14Literal {
   /** Convenience for implementing class `UnrecognizedNumericLiteral` */
   abstract private class RecognizedNumericLiteral extends StandardLibrary::Literal { }
 
+  /** An integer literal suffix (e.g. 'u', 'll', etc, or even an empty string). */
+  class IntegerLiteralSuffix extends string {
+    string uPart;
+    string lPart;
+
+    IntegerLiteralSuffix() {
+      uPart = ["", "u", "U"] and
+      lPart = ["", "l", "L"] + ["", "l", "L"] and
+      this = uPart + lPart
+    }
+
+    predicate isSigned() { uPart = "" }
+
+    predicate isUnsigned() { uPart != "" }
+
+    int getLCount() { result = lPart.length() }
+  }
+
   /** An integer literal. */
   abstract class IntegerLiteral extends NumericLiteral {
     predicate isSigned() { not isUnsigned() }
 
-    predicate isUnsigned() { getValueText().regexpMatch(".*[uU][lL]?$") }
+    predicate isUnsigned() { getSuffix().isUnsigned() }
+
+    IntegerLiteralSuffix getSuffix() {
+      result = getValueText().regexpCapture("[^uUlL]*([uU]?[lL]*)\\s*$", 1)
+    }
   }
 
   /**

cpp/common/src/codingstandards/cpp/Expr.qll

@@ -243,6 +243,28 @@ predicate isCompileTimeEvaluatedExpression(Expr expression) {
   )
 }
 
+/**
+ * Find expressions that defer their value directly to an inner expression
+ * value -- how temporary object can flow without being copied or having their
+ * address taken.
+ *
+ * Full flow analysis with localFlowStep is often not necessary for certain
+ * rules related to temporary objects, and may cast a wider net than needed for
+ * those queries.
+ *
+ * When an array is on the rhs of a comma expr, or in the then/else branch of a
+ * ternary expr, and the result us used as a pointer, then the ArrayToPointer
+ * conversion is marked inside comma expr/ternary expr, on the operands. These
+ * conversions are only non-compliant if they flow into an operation or store.
+ */
+predicate temporaryObjectFlowStep(Expr source, Expr sink) {
+  source = sink.(CommaExpr).getRightOperand()
+  or
+  source = sink.(ConditionalExpr).getThen()
+  or
+  source = sink.(ConditionalExpr).getElse()
+}
+
 predicate isDirectCompileTimeEvaluatedExpression(Expr expression) {
   expression instanceof Literal
   or