github · jeongsoolee09 · Feb 27, 2026 · Feb 12, 2026 · Feb 12, 2026 · Feb 12, 2026
diff --git a/cpp/common/src/codingstandards/cpp/UnintializedMemoryAllocation.qll b/cpp/common/src/codingstandards/cpp/UnintializedMemoryAllocation.qll
@@ -0,0 +1,75 @@
+/**
+ * Provides models of functions in <memory> that deals with uninitialized memory.
+ */
+
+import cpp
+
+abstract class UninitializedMemoryManagementFunction extends Function {
+  UninitializedMemoryManagementFunction() {
+    this.getADeclarationLocation().getFile().getShortName() = "memory"
+  }
+}
+
+class UninitializedCopyFunction extends UninitializedMemoryManagementFunction {
+  UninitializedCopyFunction() { this.hasQualifiedName("std", "uninitialized_copy") }
+}
+
+class UninitializedCopyNFunction extends UninitializedMemoryManagementFunction {
+  UninitializedCopyNFunction() { this.hasQualifiedName("std", "uninitialized_copy_n") }
+}
+
+class UninitializedDefaultConstructFunction extends UninitializedMemoryManagementFunction {
+  UninitializedDefaultConstructFunction() {
+    this.hasQualifiedName("std", "uninitialized_default_construct")
+  }
+}
+
+class UninitializedDefaultConstructNFunction extends UninitializedMemoryManagementFunction {
+  UninitializedDefaultConstructNFunction() {
+    this.hasQualifiedName("std", "uninitialized_default_construct_n")
+  }
+}
+
+class UninitializedValueConstructFunction extends UninitializedMemoryManagementFunction {
+  UninitializedValueConstructFunction() {
+    this.hasQualifiedName("std", "uninitialized_value_construct")
+  }
+}
+
+class UninitializedValueConstructNFunction extends UninitializedMemoryManagementFunction {
+  UninitializedValueConstructNFunction() {
+    this.hasQualifiedName("std", "uninitialized_value_construct_n")
+  }
+}
+
+class UninitializedMoveFunction extends UninitializedMemoryManagementFunction {
+  UninitializedMoveFunction() { this.hasQualifiedName("std", "uninitialized_move") }
+}
+
+class UninitializedMoveNFunction extends UninitializedMemoryManagementFunction {
+  UninitializedMoveNFunction() { this.hasQualifiedName("std", "uninitialized_move_n") }
+}
+
+class UninitializedFillFunction extends UninitializedMemoryManagementFunction {
+  UninitializedFillFunction() { this.hasQualifiedName("std", "uninitialized_fill") }
+}
+
+class UninitializedFillNFunction extends UninitializedMemoryManagementFunction {
+  UninitializedFillNFunction() { this.hasQualifiedName("std", "uninitialized_fill_n") }
+}
+
+class DestroyFunction extends UninitializedMemoryManagementFunction {
+  DestroyFunction() { this.hasQualifiedName("std", "destroy") }
+}
+
+class DestroyNFunction extends UninitializedMemoryManagementFunction {
+  DestroyNFunction() { this.hasQualifiedName("std", "destroy_n") }
+}
+
+class DestroyAtFunction extends UninitializedMemoryManagementFunction {
+  DestroyAtFunction() { this.hasQualifiedName("std", "destroy_at") }
+}
+
+class LaunderFunction extends UninitializedMemoryManagementFunction {
+  LaunderFunction() { this.hasQualifiedName("std", "launder") }
+}
diff --git a/cpp/common/src/codingstandards/cpp/allocations/CustomOperatorNewDelete.qll b/cpp/common/src/codingstandards/cpp/allocations/CustomOperatorNewDelete.qll
@@ -20,7 +20,13 @@ abstract class CustomOperatorNewOrDelete extends Operator {
     exists(getFile().getRelativePath()) and
     // Not in a file called `new`, which is likely to be a copy of the standard library
     // as it is in our tests
-    not getFile().getBaseName() = "new"
+    not forall(File file | file = this.getADeclarationLocation().getFile() |
+      file.getBaseName() = "new"
+    ) and
+    (
+      this.getName().regexpMatch("operator new(\\[\\])?") or
+      this.getName().regexpMatch("operator delete(\\[\\])?")
+    )
   }
 
   /**

diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Memory5.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Memory5.qll
@@ -0,0 +1,26 @@
+//** THIS FILE IS AUTOGENERATED, DO NOT MODIFY DIRECTLY.  **/
+import cpp
+import RuleMetadata
+import codingstandards.cpp.exclusions.RuleMetadata
+
+newtype Memory5Query = TDynamicMemoryManagedManuallyQuery()
+
+predicate isMemory5QueryMetadata(Query query, string queryId, string ruleId, string category) {
+  query =
+    // `Query` instance for the `dynamicMemoryManagedManually` query
+    Memory5Package::dynamicMemoryManagedManuallyQuery() and
+  queryId =
+    // `@id` for the `dynamicMemoryManagedManually` query
+    "cpp/misra/dynamic-memory-managed-manually" and
+  ruleId = "RULE-21-6-2" and
+  category = "required"
+}
+
+module Memory5Package {
+  Query dynamicMemoryManagedManuallyQuery() {
+    //autogenerate `Query` type
+    result =
+      // `Query` type for `dynamicMemoryManagedManually` query
+      TQueryCPP(TMemory5PackageQuery(TDynamicMemoryManagedManuallyQuery()))
+  }
+}
diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Memory6.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Memory6.qll
@@ -0,0 +1,26 @@
+//** THIS FILE IS AUTOGENERATED, DO NOT MODIFY DIRECTLY.  **/
+import cpp
+import RuleMetadata
+import codingstandards.cpp.exclusions.RuleMetadata
+
+newtype Memory6Query = TAdvancedMemoryManagementUsedQuery()
+
+predicate isMemory6QueryMetadata(Query query, string queryId, string ruleId, string category) {
+  query =
+    // `Query` instance for the `advancedMemoryManagementUsed` query
+    Memory6Package::advancedMemoryManagementUsedQuery() and
+  queryId =
+    // `@id` for the `advancedMemoryManagementUsed` query
+    "cpp/misra/advanced-memory-management-used" and
+  ruleId = "RULE-21-6-3" and
+  category = "required"
+}
+
+module Memory6Package {
+  Query advancedMemoryManagementUsedQuery() {
+    //autogenerate `Query` type
+    result =
+      // `Query` type for `advancedMemoryManagementUsed` query
+      TQueryCPP(TMemory6PackageQuery(TAdvancedMemoryManagementUsedQuery()))
+  }
+}
diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/RuleMetadata.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/RuleMetadata.qll
@@ -48,6 +48,8 @@ import Macros
 import Memory2
 import Memory3
 import Memory4
+import Memory5
+import Memory6
 import MoveForward
 import Naming
 import Naming2
@@ -123,6 +125,8 @@ newtype TCPPQuery =
   TMemory2PackageQuery(Memory2Query q) or
   TMemory3PackageQuery(Memory3Query q) or
   TMemory4PackageQuery(Memory4Query q) or
+  TMemory5PackageQuery(Memory5Query q) or
+  TMemory6PackageQuery(Memory6Query q) or
   TMoveForwardPackageQuery(MoveForwardQuery q) or
   TNamingPackageQuery(NamingQuery q) or
   TNaming2PackageQuery(Naming2Query q) or
@@ -198,6 +202,8 @@ predicate isQueryMetadata(Query query, string queryId, string ruleId, string cat
   isMemory2QueryMetadata(query, queryId, ruleId, category) or
   isMemory3QueryMetadata(query, queryId, ruleId, category) or
   isMemory4QueryMetadata(query, queryId, ruleId, category) or
+  isMemory5QueryMetadata(query, queryId, ruleId, category) or
+  isMemory6QueryMetadata(query, queryId, ruleId, category) or
   isMoveForwardQueryMetadata(query, queryId, ruleId, category) or
   isNamingQueryMetadata(query, queryId, ruleId, category) or
   isNaming2QueryMetadata(query, queryId, ruleId, category) or

diff --git a/cpp/common/test/includes/standard-library/cstdlib b/cpp/common/test/includes/standard-library/cstdlib
@@ -13,6 +13,9 @@ using ::atoll;
 using ::exit;
 using ::free;
 using ::malloc;
+using ::calloc;
+using ::realloc;
+using ::aligned_alloc;
 using ::quick_exit;
 using ::rand;
 using ::strtod;

diff --git a/cpp/common/test/includes/standard-library/memory.h b/cpp/common/test/includes/standard-library/memory.h
@@ -2,6 +2,7 @@
 #define _GHLIBCPP_MEMORY
 #include "exception.h"
 #include "stddef.h"
+#include "utility.h"
 
 namespace std {
 
@@ -128,6 +129,136 @@ class bad_alloc : public exception {
   bad_alloc &operator=(const bad_alloc &) noexcept;
   virtual const char *what() const noexcept;
 };
+
+template <typename T1> struct allocator {
+  using value_type = T1;
+  using size_type = std::size_t;
+  using difference_type = std::ptrdiff_t;
+
+  constexpr allocator() noexcept = default;
+  constexpr allocator(const allocator &) noexcept = default;
+
+  template <typename T2> constexpr allocator(const allocator<T2> &) noexcept;
+
+  ~allocator() = default;
+
+  T1 *allocate(std::size_t);
+  void deallocate(T1 *, std::size_t);
+};
+
+template <> struct allocator<void> {
+  using value_type = void;
+};
+
+template <typename T1> struct allocator_traits {
+  using allocator_type = T1;
+  using value_type = typename T1::value_type;
+  using pointer = value_type *;
+  using const_pointer = const value_type *;
+  using void_pointer = void *;
+  using const_void_pointer = const void *;
+  using size_type = typename T1::size_type;
+  using difference_type = typename T1::difference_type;
+
+  template <typename T2> using rebind_alloc = allocator<T2>;
+
+  static pointer allocate(T1 &, size_type);
+  static pointer allocate(T1 &, size_type, const_void_pointer);
+  static void deallocate(T1 &, pointer, size_type);
+};
+
+// uninitialized_default_construct
+template <class T1>
+void uninitialized_default_construct(T1, T1);
+
+template <class T1, class T2>
+void uninitialized_default_construct(T1&&, T2, T2);
+
+// uninitialized_default_construct_n
+template <class T1, class T2>
+T1 uninitialized_default_construct_n(T1, T2);
+
+template <class T1, class T2, class T3>
+T2 uninitialized_default_construct_n(T1&&, T2, T3);
+
+// uninitialized_value_construct
+template <class T1>
+void uninitialized_value_construct(T1, T1);
+
+template <class T1, class T2>
+void uninitialized_value_construct(T1&&, T2, T2);
+
+// uninitialized_value_construct_n
+template <class T1, class T2>
+T1 uninitialized_value_construct_n(T1, T2);
+
+template <class T1, class T2, class T3>
+T2 uninitialized_value_construct_n(T1&&, T2, T3);
+
+// uninitialized_copy
+template <class T1, class T2>
+T2 uninitialized_copy(T1, T1, T2);
+
+template <class T1, class T2, class T3>
+T3 uninitialized_copy(T1&&, T2, T2, T3);
+
+// uninitialized_copy_n
+template <class T1, class T2, class T3>
+T3 uninitialized_copy_n(T1, T2, T3);
+
+template <class T1, class T2, class T3, class T4>
+T4 uninitialized_copy_n(T1&&, T2, T3, T4);
+
+// uninitialized_move
+template <class T1, class T2>
+T2 uninitialized_move(T1, T1, T2);
+
+template <class T1, class T2, class T3>
+T3 uninitialized_move(T1&&, T2, T2, T3);
+
+// uninitialized_move_n
+template <class T1, class T2, class T3>
+pair<T1, T3> uninitialized_move_n(T1, T2, T3);
+
+template <class T1, class T2, class T3, class T4>
+pair<T2, T4> uninitialized_move_n(T1&&, T2, T3, T4);
+
+// uninitialized_fill
+template <class T1, class T2>
+void uninitialized_fill(T1, T1, const T2&);
+
+template <class T1, class T2, class T3>
+void uninitialized_fill(T1&&, T2, T2, const T3&);
+
+// uninitialized_fill_n
+template <class T1, class T2, class T3>
+T1 uninitialized_fill_n(T1, T2, const T3&);
+
+template <class T1, class T2, class T3, class T4>
+T2 uninitialized_fill_n(T1&&, T2, T3, const T4&);
+
+// destroy_at
+template <class T1>
+void destroy_at(T1*);
+
+// destroy
+template <class T1>
+void destroy(T1, T1);
+
+template <class T1, class T2>
+void destroy(T1&&, T2, T2);
+
+// destroy_n
+template <class T1, class T2>
+T1 destroy_n(T1, T2);
+
+template <class T1, class T2, class T3>
+T2 destroy_n(T1&&, T2, T3);
+
+// launder
+template <class T1>
+constexpr T1* launder(T1*) noexcept;
+
 } // namespace std
 
-#endif // _GHLIBCPP_MEMORY
+#endif // _GHLIBCPP_MEMORY
diff --git a/cpp/common/test/includes/standard-library/memory_resource b/cpp/common/test/includes/standard-library/memory_resource
@@ -0,0 +1 @@
+#include <memory_resource.h>