Rule 7.0.6: Support reference types

lcartey · lcartey · commit 0ed1689ac4af · 2025-06-17T13:23:32.000+01:00
Reference types can be numeric types according to the rule.

In addition to making NumericTypes reference types, we also add
a helper predicate which gets the size of the real type (rather
than the size of the reference).
diff --git a/cpp/misra/src/rules/RULE-7-0-6/NumericAssignmentTypeMismatch.ql b/cpp/misra/src/rules/RULE-7-0-6/NumericAssignmentTypeMismatch.ql
@@ -43,6 +43,7 @@ class NumericType extends Type {
   Type realType;
 
   NumericType() {
+    realType = this.getUnspecifiedType().(ReferenceType).getBaseType().(NumericType).getRealType() or
     realType = this.getUnspecifiedType().(IntegralType) or
     realType = this.getUnspecifiedType().(FloatingPointType) or
     realType = this.getUnspecifiedType().(Enum).getExplicitUnderlyingType().getUnspecifiedType()
@@ -52,6 +53,8 @@ class NumericType extends Type {
     if realType.(IntegralType).isUnsigned() then result = Unsigned() else result = Signed()
   }
 
+  int getRealSize() { result = realType.getSize() }
+
   TypeCategory getTypeCategory() {
     realType instanceof IntegralType and result = Integral()
     or
@@ -76,14 +79,15 @@ predicate isAssignment(Expr source, NumericType targetType, string context) {
     then
       exists(BitField bf |
         isAssignedToBitfield(source, bf) and
+        // TODO integral after numeric?
         targetType.(IntegralType).(NumericType).getSignedness() =
           bf.getType().(NumericType).getSignedness() and
         // smallest integral type that can hold the bit field value
-        targetType.getSize() * 8 >= bf.getNumBits() and
+        targetType.getRealSize() * 8 >= bf.getNumBits() and
         not exists(IntegralType other |
           other.getSize() * 8 >= bf.getNumBits() and
           other.(NumericType).getSignedness() = targetType.getSignedness() and
-          other.getSize() < targetType.getSize()
+          other.getSize() < targetType.getRealSize()
         )
       )
     else targetType = assign.getLValue().getType()
@@ -159,7 +163,7 @@ predicate isValidTypeMatch(NumericType sourceType, NumericType targetType) {
   // Same type category, signedness and size
   sourceType.getTypeCategory() = targetType.getTypeCategory() and
   sourceType.getSignedness() = targetType.getSignedness() and
-  sourceType.getSize() = targetType.getSize()
+  sourceType.getRealSize() = targetType.getRealSize()
 }
 
 predicate hasConstructorException(FunctionCall call) {
@@ -209,7 +213,7 @@ predicate isValidWidening(Expr source, NumericType sourceType, NumericType targe
   ) and
   sourceType.getTypeCategory() = targetType.getTypeCategory() and
   sourceType.getSignedness() = targetType.getSignedness() and
-  sourceType.getSize() < targetType.getSize()
+  sourceType.getRealSize() < targetType.getRealSize()
 }
 
 /**
diff --git a/cpp/misra/test/rules/RULE-7-0-6/NumericAssignmentTypeMismatch.expected b/cpp/misra/test/rules/RULE-7-0-6/NumericAssignmentTypeMismatch.expected
@@ -28,3 +28,16 @@
 | test.cpp:215:9:215:10 | 42 | Assignment between incompatible numeric types from 'int' to 'long'. |
 | test.cpp:244:23:244:24 | 42 | Assignment between incompatible numeric types from 'int' to 'unsigned long'. |
 | test.cpp:254:19:254:25 | ... + ... | Assignment between incompatible numeric types from 'int' to 'int16_t'. |
+| test.cpp:288:8:288:9 | l6 | Assignment between incompatible numeric types from 'uint32_t &' to 'uint8_t'. |
+| test.cpp:289:8:289:9 | l7 | Assignment between incompatible numeric types from 'int8_t &' to 'uint8_t'. |
+| test.cpp:290:9:290:10 | l8 | Assignment between incompatible numeric types from 'float &' to 'int32_t'. |
+| test.cpp:301:6:301:7 | l3 | Assignment between incompatible numeric types from 'uint8_t &' to 'int64_t'. |
+| test.cpp:302:6:302:7 | l4 | Assignment between incompatible numeric types from 'uint16_t &' to 'int32_t'. |
+| test.cpp:313:8:313:9 | l3 | Assignment between incompatible numeric types from 'uint8_t &' to 'int8_t'. |
+| test.cpp:314:8:314:9 | l4 | Assignment between incompatible numeric types from 'int8_t &' to 'uint8_t'. |
+| test.cpp:327:9:327:10 | l4 | Assignment between incompatible numeric types from 'float &' to 'int32_t'. |
+| test.cpp:328:7:328:8 | l5 | Assignment between incompatible numeric types from 'double &' to 'float'. |
+| test.cpp:329:7:329:8 | l6 | Assignment between incompatible numeric types from 'int32_t &' to 'float'. |
+| test.cpp:340:8:340:14 | ... + ... | Assignment between incompatible numeric types from 'int' to 'uint8_t'. |
+| test.cpp:358:7:358:8 | l3 | Assignment between incompatible numeric types from 'uint16_t &' to 'uint32_t'. |
+| test.cpp:361:7:361:8 | l5 | Assignment between incompatible numeric types from 'uint64_t &' to 'uint32_t'. |
diff --git a/cpp/misra/test/rules/RULE-7-0-6/test.cpp b/cpp/misra/test/rules/RULE-7-0-6/test.cpp
@@ -269,4 +269,94 @@ void test_switch_cases() {
     //    case 0xFFFF'FFFF'FFFF:
     //      break;
   }
+}
+
+// Test reference types - references to numeric types are considered numeric
+void test_reference_types_basic() {
+  std::uint8_t l1 = 42;
+  std::uint32_t l2 = 100;
+  std::int8_t l3 = -5;
+  float l4 = 3.14f;
+
+  std::uint8_t &l5 = l1;  // COMPLIANT
+  std::uint32_t &l6 = l2; // COMPLIANT
+  std::int8_t &l7 = l3;   // COMPLIANT
+  float &l8 = l4;         // COMPLIANT
+
+  // Reference types follow same rules as their referred types
+  u32 = l5; // COMPLIANT - widening of id-expression (reference)
+  u8 = l6;  // NON_COMPLIANT - narrowing from reference
+  u8 = l7;  // NON_COMPLIANT - different signedness from reference
+  s32 = l8; // NON_COMPLIANT - different type category from reference
+}
+
+void test_reference_types_function_parameters() {
+  std::uint8_t l1 = 42;
+  std::uint16_t l2 = 1000;
+
+  std::uint8_t &l3 = l1;
+  std::uint16_t &l4 = l2;
+
+  // Function calls with reference arguments
+  f1(l3); // NON_COMPLIANT - widening conversion through reference
+  f2(l4); // NON_COMPLIANT - narrowing conversion through reference
+}
+
+void test_reference_types_signedness() {
+  std::uint8_t l1 = 42;
+  std::int8_t l2 = -5;
+
+  std::uint8_t &l3 = l1;
+  std::int8_t &l4 = l2;
+
+  // Signedness violations through references
+  s8 = l3; // NON_COMPLIANT - different signedness through reference
+  u8 = l4; // NON_COMPLIANT - different signedness through reference
+}
+
+void test_reference_types_floating_point() {
+  float l1 = 3.14f;
+  double l2 = 2.718;
+  std::int32_t l3 = 42;
+
+  float &l4 = l1;
+  double &l5 = l2;
+  std::int32_t &l6 = l3;
+
+  // Type category violations through references
+  s32 = l4; // NON_COMPLIANT - different type category through reference
+  f = l5;   // NON_COMPLIANT - different size through reference
+  f = l6;   // NON_COMPLIANT - different type category through reference
+}
+
+void test_reference_types_expressions() {
+  std::uint8_t l1 = 42;
+  std::uint8_t l2 = 24;
+
+  std::uint8_t &l3 = l1;
+  std::uint8_t &l4 = l2;
+
+  // Expression results with references still follow expression rules
+  u8 = l3 + l4;  // NON_COMPLIANT - addition promotes to int
+  s32 = l3 + l4; // COMPLIANT - promotion to int
+}
+
+// Test reference parameters in functions
+void f13(std::uint8_t &l1) {}
+void f13(std::uint16_t &l1) {}
+
+void f14(std::uint32_t l1) {}
+
+void test_references() {
+  std::uint8_t l1 = 42;
+  std::uint16_t l2 = 1000;
+
+  f13(l1); // COMPLIANT - exact match
+  f13(l2); // COMPLIANT - exact match
+
+  std::uint16_t &l3 = l2;
+  f14(l3); // NON_COMPLIANT - must be the same type, as non-overload-independent
+  std::uint64_t l4 = 1000;
+  std::uint64_t &l5 = l4;
+  f14(l5); // NON_COMPLIANT - narrowing conversion through reference
 }
