Add RULE-6-8-4

Author: knewbury01

cpp/misra/src/rules/RULE-6-8-4/MemberFunctionsRefqualified.ql

@@ -0,0 +1,110 @@
+/**
+ * @id cpp/misra/member-functions-refqualified
+ * @name RULE-6-8-4: Member functions returning references to their object should be refqualified appropriately
+ * @description Member functions that return references to temporary objects (or subobjects) can
+ *              lead to dangling pointers.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity error
+ * @tags external/misra/id/rule-6-8-4
+ *       correctness
+ *       scope/single-translation-unit
+ *       external/misra/enforcement/decidable
+ *       external/misra/obligation/advisory
+ */
+
+import cpp
+import codingstandards.cpp.misra
+import codingstandards.cpp.types.Compatible
+import codingstandards.cpp.Operator
+
+abstract class MembersReturningObjectOrSubobject extends MemberFunction {
+  string toString() { result = "Members returning object or subobject" }
+}
+
+class MembersReturningObject extends MembersReturningObjectOrSubobject {
+  MembersReturningObject() {
+    exists(ReturnStmt r, ThisExpr t |
+      r.getEnclosingFunction() = this and
+      (
+        r.getAChild*() = t
+        or
+        exists(PointerDereferenceExpr p |
+          p.getAChild*() = t and
+          r.getAChild*() = p
+        )
+      ) and
+      t.getActualType().stripType() = this.getDeclaringType()
+    )
+  }
+}
+
+class MembersReturningSubObject extends MembersReturningObjectOrSubobject {
+  MembersReturningSubObject() {
+    exists(ReturnStmt r, FieldSubObjectDeclaration field |
+      r.getEnclosingFunction() = this and
+      (
+        r.getAChild*() = field.(Field).getAnAccess()
+        or
+        exists(PointerDereferenceExpr p |
+          p.getAChild*() = field.(Field).getAnAccess() and
+          r.getAChild*() = p
+        )
+      ) and
+      field.(Field).getDeclaringType() = this.getDeclaringType()
+    )
+  }
+}
+
+predicate relevantTypes(Type a, Type b) {
+  exists(MembersReturningObject f, MemberFunction overload |
+    f.getAnOverload() = overload and
+    exists(int i |
+      f.getParameter(i).getType() = a and
+      overload.getParameter(i).getType() = b
+    )
+  )
+}
+
+class AppropriatelyQualified extends MembersReturningObjectOrSubobject {
+  AppropriatelyQualified() {
+    //non-const-lvalue-ref-qualified
+    this.isLValueRefQualified() and
+    not this.hasSpecifier("const")
+    or
+    //const-lvalue-ref-qualified
+    this.isLValueRefQualified() and
+    this.hasSpecifier("const") and
+    //and overload exists that is rvalue-ref-qualified
+    exists(MemberFunction overload |
+      this.getAnOverload() = overload and
+      overload.isRValueRefQualified() and
+      //and has same param list
+      forall(int i | exists([this, overload].getParameter(i)) |
+        TypeEquivalence<TypesCompatibleConfig, relevantTypes/2>::equalTypes(this.getParameter(i)
+              .getType(), overload.getParameter(i).getType())
+      )
+    )
+  }
+}
+
+/**
+ * Fields that are not reference type can be subobjects
+ */
+class FieldSubObjectDeclaration extends Declaration {
+  FieldSubObjectDeclaration() {
+    not this.getADeclarationEntry().getType() instanceof ReferenceType and
+    this instanceof Field
+  }
+}
+
+class DefaultedAssignmentOperator extends AssignmentOperator {
+  DefaultedAssignmentOperator() { this.isDefaulted() }
+}
+
+from MembersReturningObjectOrSubobject f
+where
+  not isExcluded(f, Declarations5Package::memberFunctionsRefqualifiedQuery()) and
+  not f instanceof AppropriatelyQualified and
+  not f instanceof DefaultedAssignmentOperator
+select f, "Member function is not properly ref qualified."

cpp/misra/test/rules/RULE-6-8-4/MemberFunctionsRefqualified.expected

@@ -0,0 +1,7 @@
+| test.cpp:10:7:10:11 | Members returning object or subobject | Member function is not properly ref qualified. |
+| test.cpp:12:14:12:20 | Members returning object or subobject | Member function is not properly ref qualified. |
+| test.cpp:24:12:24:23 | Members returning object or subobject | Member function is not properly ref qualified. |
+| test.cpp:28:6:28:18 | Members returning object or subobject | Member function is not properly ref qualified. |
+| test.cpp:42:16:42:16 | Members returning object or subobject | Member function is not properly ref qualified. |
+| test.cpp:42:16:42:16 | Members returning object or subobject | Member function is not properly ref qualified. |
+| test.cpp:42:16:42:16 | Members returning object or subobject | Member function is not properly ref qualified. |

cpp/misra/test/rules/RULE-6-8-4/MemberFunctionsRefqualified.qlref

@@ -0,0 +1 @@
+rules/RULE-6-8-4/MemberFunctionsRefqualified.ql

cpp/misra/test/rules/RULE-6-8-4/test.cpp

@@ -0,0 +1,54 @@
+struct A {
+  int a;
+  int &b;
+
+  int &geta() & { return a; } // COMPLIANT
+
+  int const &geta2() const & { // COMPLIANT  -- due to overload below
+    return a;
+  }
+  int geta2() && { return a; } // NON_COMPLIANT
+
+  int const &getabad() const & { // NON_COMPLIANT  -- no overload provided
+    return a;
+  }
+
+  int getb() && { return b; } // COMPLIANT -- b is not a subobject
+
+  A const *getstruct() const & { // COMPLIANT  -- due to overload below
+    return this;
+  }
+
+  A getstruct() const && = delete;
+
+  A const *getstructbad() const & { // NON_COMPLIANT  -- no overload provided
+    return this;
+  }
+
+  A &getstructbad2() { return *this; } // NON_COMPLIANT
+};
+
+class C {
+  C *f() { // COMPLIANT -- this is not explicitly designated therefore this is
+           // not
+    // relevant for this rule
+    C *thisclass = this;
+    return thisclass;
+  }
+};
+
+struct Templ {
+  template <typename T>
+  Templ const *f(T) const & { // NON_COMPLIANT -- for an instantiation below
+    return this;
+  }
+
+  void f(int) const && = delete;
+};
+
+void f(int p, float p1) {
+  Templ t;
+  t.f(p);
+  t.f(p1); // instantiation that causes issue due to parameter list type meaning
+           // there is no overload
+}