Draft of 7-4

Author: jeongsoolee09

c/misra/src/rules/RULE-7-4/StringLiteralAssignedToNonConstChar.ql

@@ -13,7 +13,88 @@
 import cpp
 import codingstandards.c.misra
 
-from
+class NonConstCharStarType extends Type {
+  NonConstCharStarType() {
+    this instanceof CharPointerType and
+    not this.isDeeplyConstBelow()
+  }
+}
+
+/* A non-const-char* variable declared with a string literal */
+predicate declaringNonConstCharVar(Variable decl) {
+  not decl instanceof Parameter and // exclude parameters
+  /* It should be declaring a char* type variable */
+  decl.getUnspecifiedType() instanceof CharPointerType and
+  not decl.getUnderlyingType().isDeeplyConstBelow() and
+  /* But it's declared to hold a string literal.  */
+  decl.getInitializer().getExpr() instanceof StringLiteral
+}
+
+/* String literal being assigned to a non-const-char* variable */
+predicate assignmentToNonConstCharVar(Assignment assign) {
+  /* The variable being assigned is char* */
+  assign.getLValue().getUnderlyingType() instanceof NonConstCharStarType and
+  /* But the rvalue is a string literal */
+  exists(Expr rvalue | rvalue = assign.getRValue() | rvalue instanceof StringLiteral)
+}
+
+/* String literal being passed to a non-const-char* parameter */
+predicate assignmentToNonConstCharParam(FunctionCall call) {
+  exists(int index |
+    /* Param at index is a char* */
+    call.getTarget().getParameter(index).getUnderlyingType() instanceof NonConstCharStarType and
+    /* But a string literal is passed */
+    call.getArgument(index) instanceof StringLiteral
+  )
+}
+
+/* String literal being returned by a non-const-char* function */
+predicate returningNonConstCharVar(ReturnStmt return) {
+  /* The function is declared to return a char* */
+  return.getEnclosingFunction().getType().resolveTypedefs() instanceof NonConstCharStarType and
+  /* But in reality it returns a string literal */
+  return.getExpr() instanceof StringLiteral
+}
+
+// newtype TProblematicElem =
+//   TVar(Variable decl) or
+//   TAssign(Assignment assign) or
+//   TFunCall(FunctionCall call) or
+//   TReturnStmt(ReturnStmt return)
+// class ProblematicElem extends TProblematicElem {
+//   Variable getVariable() { this = TVar(result) }
+//   Assignment getAssign() { this = TAssign(result) }
+//   FunctionCall getFunCall() { this = TFunCall(result) }
+//   ReturnStmt getReturnStmt() { this = TReturnStmt(result) }
+//   override string toString() {
+//     this instanceof TVar and result = this.getVariable().toString()
+//     or
+//     this instanceof TAssign and result = this.getAssign().toString()
+//     or
+//     this instanceof TFunCall and result = this.getFunCall().toString()
+//     or
+//     this instanceof TReturnStmt and result = this.getReturnStmt().toString()
+//   }
+// }
+// class ProblematicElem = Variable or Assignment or FunctionCall or ReturnStmt;
+// ^ Nope!
+from Variable decl, Assignment assign, FunctionCall call, ReturnStmt return, string message
 where
-  not isExcluded(x, TypesPackage::stringLiteralAssignedToNonConstCharQuery()) and
-select
+  not isExcluded(decl, TypesPackage::stringLiteralAssignedToNonConstCharQuery()) and
+  not isExcluded(assign, TypesPackage::stringLiteralAssignedToNonConstCharQuery()) and
+  not isExcluded(call, TypesPackage::stringLiteralAssignedToNonConstCharQuery()) and
+  not isExcluded(return, TypesPackage::stringLiteralAssignedToNonConstCharQuery()) and
+  (
+    declaringNonConstCharVar(decl) and
+    message = "char* variable " + decl + " is declared with a string literal."
+    or
+    assignmentToNonConstCharVar(assign) and
+    message = "char* variable " + assign.getLValue() + " is assigned a string literal. "
+    or
+    assignmentToNonConstCharParam(call) and
+    message = "char* parameter of " + call.getTarget() + " is passed a string literal."
+    or
+    returningNonConstCharVar(return) and
+    message = "char* function " + return.getEnclosingFunction() + " is returning a string literal."
+  )
+select message

c/misra/test/rules/RULE-7-4/test.c

@@ -2,26 +2,29 @@
 
 void sample1() {
   const char *s1 =
-      "string"; // COMPLIANT: string literal assigned to a const char* variable
+      "string1"; // COMPLIANT: string literal assigned to a const char* variable
   const register volatile char *s2 =
-      "string"; // COMPLIANT: string literal assigned to a const char* variable,
-                // don't care about the qualifiers
-  char *s3 = "string"; // NON_COMPLIANT: char* variable declared to hold a
-                       // string literal
+      "string2";        // COMPLIANT: string literal assigned to a const char*
+                        // variable, don't care about the qualifiers
+  char *s3 = "string3"; // NON_COMPLIANT: char* variable declared to hold a
+                        // string literal
+  s3 =
+      "string4"; // NON_COMPLIANT: char* variable assigned a string literal
+                 // (not likely to be seen in production, since there is strcpy)
 }
 
 const char *sample2(int x) {
   if (x == 1)
-    return "string"; // COMPLIANT: can return a string literal with return type
-                     // being const char* being const char*
+    return "string5"; // COMPLIANT: can return a string literal with return type
+                      // being const char* being const char*
   else
     return NULL;
 }
 
 char *sample3(int x) {
   if (x == 1)
-    return "string"; // NON_COMPLIANT: can return a string literal with return
-                     // type being char*
+    return "string6"; // NON_COMPLIANT: can return a string literal with return
+                      // type being char*
   else
     return NULL;
 }
@@ -31,9 +34,9 @@ void sample4(char *string) {}
 void sample5(const char *string) {}
 
 void call45() {
-  const char *literal = "string";
-  sample4("string"); // NON_COMPLIANT: can't pass string literal to char*
-  sample5("string"); // COMPLIANT: passing string literal to const char*
+  const char *literal = "string7";
+  sample4("string8"); // NON_COMPLIANT: can't pass string literal to char*
+  sample5("string9"); // COMPLIANT: passing string literal to const char*
 }
 
 int main() { return 0; }