Rule 18.5.2: AvoidProgramTerminatingFunctions.ql

lcartey · lcartey · commit 102703a3a25e · 2025-06-02T22:40:26.000+01:00
Add a query to identify uses of terminating program functions. [a]
diff --git a/cpp/common/test/includes/standard-library/cstdlib.h b/cpp/common/test/includes/standard-library/cstdlib.h
@@ -2,15 +2,18 @@
 #define _GHLIBCPP_CSTDLIB
 #include "stdlib.h"
 namespace std {
-[[noreturn]] void _Exit(int status) noexcept;
-[[noreturn]] void abort(void) noexcept;
-[[noreturn]] void quick_exit(int status) noexcept;
-extern "C++" int atexit(void (*f)(void)) noexcept;
-extern "C++" int at_quick_exit(void (*f)(void)) noexcept;
+using ::_Exit;
+using ::abort;
+using ::at_quick_exit;
+using ::atexit;
 using ::atof;
 using ::atoi;
 using ::atol;
 using ::atoll;
+using ::exit;
+using ::free;
+using ::malloc;
+using ::quick_exit;
 using ::rand;
 } // namespace std
 #endif // _GHLIBCPP_CSTDLIB
diff --git a/cpp/common/test/includes/standard-library/stdlib.h b/cpp/common/test/includes/standard-library/stdlib.h
@@ -8,14 +8,18 @@ void free(void *ptr);
 void *malloc(size_t size);
 void *realloc(void *ptr, size_t size);
 
-void abort();
+[[noreturn]] void _Exit(int status) noexcept;
+[[noreturn]] void abort(void) noexcept;
+[[noreturn]] void quick_exit(int status) noexcept;
+extern "C++" int atexit(void (*f)(void)) noexcept;
+extern "C++" int at_quick_exit(void (*f)(void)) noexcept;
 
 void exit(int code);
 int system(const char *command);
 
 char *getenv(const char *name);
 
-int setenv (const char *, const char *, int);
+int setenv(const char *, const char *, int);
 
 int atoi(const char *str);
 long int atol(const char *str);
diff --git a/cpp/misra/src/rules/RULE-18-5-2/AvoidProgramTerminatingFunctions.ql b/cpp/misra/src/rules/RULE-18-5-2/AvoidProgramTerminatingFunctions.ql
@@ -0,0 +1,53 @@
+/**
+ * @id cpp/misra/avoid-program-terminating-functions
+ * @name RULE-18-5-2: Program-terminating functions should not be used
+ * @description Using program-terminating functions like abort, exit, _Exit, quick_exit or terminate
+ *              causes the stack to not be unwound and object destructors to not be called,
+ *              potentially leaving the environment in an undesirable state.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity error
+ * @tags external/misra/id/rule-18-5-2
+ *       scope/single-translation-unit
+ *       external/misra/enforcement/decidable
+ *       external/misra/obligation/advisory
+ */
+
+import cpp
+import codingstandards.cpp.misra
+
+predicate isTerminatingFunction(Function f, string functionName) {
+  functionName = f.getName() and
+  (
+    functionName in ["abort", "exit", "_Exit", "quick_exit"] and
+    (f.hasQualifiedName("", functionName) or f.hasQualifiedName("std", functionName))
+    or
+    // std::terminate does not occur in the global namespace.
+    functionName = "terminate" and f.hasQualifiedName("std", functionName)
+  )
+}
+
+predicate isAssertMacroCall(FunctionCall call) {
+  exists(MacroInvocation mi |
+    mi.getMacroName() = "assert" and
+    mi.getAnExpandedElement() = call
+  )
+}
+
+from Expr e, Function f, string functionName, string action
+where
+  not isExcluded(e, BannedAPIsPackage::avoidProgramTerminatingFunctionsQuery()) and
+  isTerminatingFunction(f, functionName) and
+  (
+    // Direct function calls (excluding assert macro calls)
+    e instanceof FunctionCall and
+    f = e.(FunctionCall).getTarget() and
+    not isAssertMacroCall(e) and
+    action = "Call to"
+    or
+    // Function access
+    e instanceof FunctionAccess and
+    f = e.(FunctionAccess).getTarget() and
+    action = "Address taken for"
+  )
+select e, action + " program-terminating function '" + functionName + "'."
diff --git a/cpp/misra/test/rules/RULE-18-5-2/AvoidProgramTerminatingFunctions.expected b/cpp/misra/test/rules/RULE-18-5-2/AvoidProgramTerminatingFunctions.expected
@@ -0,0 +1,27 @@
+| test.cpp:7:3:7:7 | call to abort | Call to program-terminating function 'abort'. |
+| test.cpp:8:3:8:6 | call to exit | Call to program-terminating function 'exit'. |
+| test.cpp:9:3:9:7 | call to _Exit | Call to program-terminating function '_Exit'. |
+| test.cpp:10:3:10:12 | call to quick_exit | Call to program-terminating function 'quick_exit'. |
+| test.cpp:15:3:15:12 | call to abort | Call to program-terminating function 'abort'. |
+| test.cpp:16:3:16:11 | call to exit | Call to program-terminating function 'exit'. |
+| test.cpp:17:3:17:12 | call to _Exit | Call to program-terminating function '_Exit'. |
+| test.cpp:18:3:18:17 | call to quick_exit | Call to program-terminating function 'quick_exit'. |
+| test.cpp:19:3:19:16 | call to terminate | Call to program-terminating function 'terminate'. |
+| test.cpp:24:14:24:18 | abort | Address taken for program-terminating function 'abort'. |
+| test.cpp:25:14:25:17 | exit | Address taken for program-terminating function 'exit'. |
+| test.cpp:26:14:26:18 | _Exit | Address taken for program-terminating function '_Exit'. |
+| test.cpp:27:14:27:23 | quick_exit | Address taken for program-terminating function 'quick_exit'. |
+| test.cpp:28:14:28:23 | abort | Address taken for program-terminating function 'abort'. |
+| test.cpp:29:14:29:22 | exit | Address taken for program-terminating function 'exit'. |
+| test.cpp:30:14:30:23 | _Exit | Address taken for program-terminating function '_Exit'. |
+| test.cpp:31:14:31:28 | quick_exit | Address taken for program-terminating function 'quick_exit'. |
+| test.cpp:32:14:32:27 | terminate | Address taken for program-terminating function 'terminate'. |
+| test.cpp:37:18:37:22 | abort | Address taken for program-terminating function 'abort'. |
+| test.cpp:38:21:38:24 | exit | Address taken for program-terminating function 'exit'. |
+| test.cpp:39:21:39:25 | _Exit | Address taken for program-terminating function '_Exit'. |
+| test.cpp:40:21:40:30 | quick_exit | Address taken for program-terminating function 'quick_exit'. |
+| test.cpp:41:18:41:27 | abort | Address taken for program-terminating function 'abort'. |
+| test.cpp:42:21:42:29 | exit | Address taken for program-terminating function 'exit'. |
+| test.cpp:43:21:43:30 | _Exit | Address taken for program-terminating function '_Exit'. |
+| test.cpp:44:21:44:35 | quick_exit | Address taken for program-terminating function 'quick_exit'. |
+| test.cpp:45:18:45:31 | terminate | Address taken for program-terminating function 'terminate'. |
diff --git a/cpp/misra/test/rules/RULE-18-5-2/AvoidProgramTerminatingFunctions.qlref b/cpp/misra/test/rules/RULE-18-5-2/AvoidProgramTerminatingFunctions.qlref
@@ -0,0 +1 @@
+rules/RULE-18-5-2/AvoidProgramTerminatingFunctions.ql
diff --git a/cpp/misra/test/rules/RULE-18-5-2/test.cpp b/cpp/misra/test/rules/RULE-18-5-2/test.cpp
@@ -0,0 +1,65 @@
+#include <cassert>
+#include <cstdlib>
+#include <stdexcept>
+
+void test_direct_calls_to_terminating_functions() {
+  // Direct calls to program-terminating functions
+  abort();       // NON_COMPLIANT
+  exit(0);       // NON_COMPLIANT
+  _Exit(1);      // NON_COMPLIANT
+  quick_exit(2); // NON_COMPLIANT
+}
+
+void test_std_namespace_calls() {
+  // Calls to functions in std namespace
+  std::abort();       // NON_COMPLIANT
+  std::exit(0);       // NON_COMPLIANT
+  std::_Exit(1);      // NON_COMPLIANT
+  std::quick_exit(2); // NON_COMPLIANT
+  std::terminate();   // NON_COMPLIANT
+}
+
+void test_taking_addresses_of_terminating_functions() {
+  // Taking addresses of program-terminating functions
+  auto l1 = &abort;           // NON_COMPLIANT
+  auto l2 = &exit;            // NON_COMPLIANT
+  auto l3 = &_Exit;           // NON_COMPLIANT
+  auto l4 = &quick_exit;      // NON_COMPLIANT
+  auto l5 = &std::abort;      // NON_COMPLIANT
+  auto l6 = &std::exit;       // NON_COMPLIANT
+  auto l7 = &std::_Exit;      // NON_COMPLIANT
+  auto l8 = &std::quick_exit; // NON_COMPLIANT
+  auto l9 = &std::terminate;  // NON_COMPLIANT
+}
+
+void test_function_pointers_to_terminating_functions() {
+  // Function pointers to program-terminating functions
+  void (*l1)() = abort;              // NON_COMPLIANT
+  void (*l2)(int) = exit;            // NON_COMPLIANT
+  void (*l3)(int) = _Exit;           // NON_COMPLIANT
+  void (*l4)(int) = quick_exit;      // NON_COMPLIANT
+  void (*l5)() = std::abort;         // NON_COMPLIANT
+  void (*l6)(int) = std::exit;       // NON_COMPLIANT
+  void (*l7)(int) = std::_Exit;      // NON_COMPLIANT
+  void (*l8)(int) = std::quick_exit; // NON_COMPLIANT
+  void (*l9)() = std::terminate;     // NON_COMPLIANT
+}
+
+void test_assert_macro_exception() {
+  // The call to abort via assert macro is compliant by exception
+  assert(true);   // COMPLIANT
+  assert(1 == 1); // COMPLIANT
+}
+
+void f1() {
+  // Valid alternative: normal function return
+  return; // COMPLIANT
+}
+
+void test_compliant_alternatives() {
+  // Using normal control flow instead of terminating functions
+  f1(); // COMPLIANT
+
+  // Using exceptions for error handling
+  throw std::runtime_error("error"); // COMPLIANT
+}

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+rules/RULE-18-5-2/AvoidProgramTerminatingFunctions.ql`