IntegerOverflow: Implement Rule 12.4.

Implement Rule 12.4 by sharing a query with M5-19-1 for finding
constant integer expressions that wrap around.

Author: lcartey

c/common/test/rules/constantunsignedintegerexpressionswraparound/ConstantUnsignedIntegerExpressionsWrapAround.expected

@@ -0,0 +1,16 @@
+| test.c:11:7:11:18 | ... - ... | Use of a constant, unsigned, integer expression that over- or under-flows. |
+| test.c:12:7:12:18 | ... + ... | Use of a constant, unsigned, integer expression that over- or under-flows. |
+| test.c:18:7:18:19 | ... - ... | Use of a constant, unsigned, integer expression that over- or under-flows. |
+| test.c:19:7:19:19 | ... + ... | Use of a constant, unsigned, integer expression that over- or under-flows. |
+| test.c:25:7:25:18 | ... - ... | Use of a constant, unsigned, integer expression that over- or under-flows. |
+| test.c:26:7:26:17 | ... + ... | Use of a constant, unsigned, integer expression that over- or under-flows. |
+| test.c:33:7:33:20 | ... - ... | Use of a constant, unsigned, integer expression that over- or under-flows. |
+| test.c:34:7:34:16 | ... + ... | Use of a constant, unsigned, integer expression that over- or under-flows. |
+| test.c:34:7:34:20 | ... + ... | Use of a constant, unsigned, integer expression that over- or under-flows. |
+| test.c:37:40:37:49 | ... + ... | Use of a constant, unsigned, integer expression that over- or under-flows. |
+| test.c:40:7:40:19 | ... - ... | Use of a constant, unsigned, integer expression that over- or under-flows. |
+| test.c:41:7:41:19 | ... + ... | Use of a constant, unsigned, integer expression that over- or under-flows. |
+| test.c:46:7:46:17 | ... + ... | Use of a constant, unsigned, integer expression that over- or under-flows. |
+| test.c:47:7:47:18 | ... - ... | Use of a constant, unsigned, integer expression that over- or under-flows. |
+| test.c:48:7:48:17 | ... + ... | Use of a constant, unsigned, integer expression that over- or under-flows. |
+| test.c:48:7:48:17 | ... + ... | Use of a constant, unsigned, integer expression that over- or under-flows. |

c/common/test/rules/constantunsignedintegerexpressionswraparound/ConstantUnsignedIntegerExpressionsWrapAround.ql

@@ -0,0 +1,2 @@
+// GENERATED FILE - DO NOT MODIFY
+import codingstandards.cpp.rules.constantunsignedintegerexpressionswraparound.ConstantUnsignedIntegerExpressionsWrapAround

c/common/test/rules/constantunsignedintegerexpressionswraparound/test.c

@@ -0,0 +1,49 @@
+#include <limits.h>
+
+// UINT_MIN and UULONG_MIN isn't defined, but it's going to be zero
+#define UINT_MIN ((unsigned int)0)
+#define UULONG_MIN ((unsigned long long)0)
+
+void test_signed_int() {
+  unsigned int a;
+  a = 1 + 1;        // COMPLIANT
+  a = 0 - 1;        // COMPLIANT
+  a = UINT_MIN - 1; // NON_COMPLIANT
+  a = UINT_MAX + 1; // NON_COMPLIANT
+
+  const unsigned int const_min = UINT_MIN;
+  const unsigned int const_max = UINT_MAX;
+  a = const_min + 1; // COMPLIANT
+  a = const_max - 1; // COMPLIANT
+  a = const_min - 1; // NON_COMPLIANT
+  a = const_max + 1; // NON_COMPLIANT
+
+#define UNDERFLOW(x) (UINT_MIN - (x))
+#define OVERFLOW(x) (UINT_MAX + (x))
+  a = UNDERFLOW(0); // COMPLIANT
+  a = OVERFLOW(0);  // COMPLIANT
+  a = UNDERFLOW(1); // NON_COMPLIANT
+  a = OVERFLOW(1);  // NON_COMPLIANT
+}
+
+void test_long_long() {
+  unsigned long long a;
+  a = 1 + 1;          // COMPLIANT
+  a = 0 - 1;          // COMPLIANT
+  a = UULONG_MIN - 1; // NON_COMPLIANT
+  a = ULLONG_MAX + 1; // NON_COMPLIANT
+
+  const unsigned long long const_min = UULONG_MIN;
+  const unsigned long long const_max = ULLONG_MAX;
+  a = const_min + 1; // COMPLIANT
+  a = const_max - 1; // COMPLIANT
+  a = const_min - 1; // NON_COMPLIANT
+  a = const_max + 1; // NON_COMPLIANT
+
+#define UNDERFLOW(x) (UULONG_MIN - (x))
+#define OVERFLOW(x) (ULLONG_MAX + (x))
+  a = UNDERFLOW(0); // COMPLIANT
+  a = OVERFLOW(0);  // COMPLIANT
+  a = UNDERFLOW(1); // NON_COMPLIANT
+  a = OVERFLOW(1);  // NON_COMPLIANT
+}

c/misra/src/rules/RULE-12-4/ConstantUnsignedIntegerExpressionsWrapAround.ql

@@ -0,0 +1,28 @@
+/**
+ * @id c/misra/constant-unsigned-integer-expressions-wrap-around
+ * @name RULE-12-4: Evaluation of constant expressions should not lead to unsigned integer wrap-around
+ * @description Unsigned integer expressions do not strictly overflow, but instead wrap around in a
+ *              modular way. Any constant unsigned integer expressions that in effect "overflow"
+ *              will not be detected by the compiler. Although there may be good reasons at run-time
+ *              to rely on the modular arithmetic provided by unsigned integer types, the reasons
+ *              for using it at compile-time to evaluate a constant expression are less obvious. Any
+ *              instance of an unsigned integer constant expression wrapping around is therefore
+ *              likely to indicate a programming error.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity error
+ * @tags external/misra/id/rule-12-4
+ *       correctness
+ *       security
+ *       external/misra/obligation/advisory
+ */
+
+import cpp
+import codingstandards.c.misra
+import codingstandards.cpp.rules.constantunsignedintegerexpressionswraparound.ConstantUnsignedIntegerExpressionsWrapAround
+
+class ConstantUnsignedIntegerExpressionsWrapAroundQuery extends ConstantUnsignedIntegerExpressionsWrapAroundSharedQuery {
+  ConstantUnsignedIntegerExpressionsWrapAroundQuery() {
+    this = IntegerOverflowPackage::constantUnsignedIntegerExpressionsWrapAroundQuery()
+  }
+}

c/misra/test/rules/RULE-12-4/ConstantUnsignedIntegerExpressionsWrapAround.testref

@@ -0,0 +1 @@
+c/common/test/rules/constantunsignedintegerexpressionswraparound/ConstantUnsignedIntegerExpressionsWrapAround.ql

cpp/autosar/src/rules/M5-19-1/ConstantUnsignedIntegerExpressionsWrapAround.ql

@@ -21,12 +21,10 @@
 
 import cpp
 import codingstandards.cpp.autosar
-import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis
+import codingstandards.cpp.rules.constantunsignedintegerexpressionswraparound.ConstantUnsignedIntegerExpressionsWrapAround
 
-from BinaryArithmeticOperation bao
-where
-  not isExcluded(bao, ExpressionsPackage::constantUnsignedIntegerExpressionsWrapAroundQuery()) and
-  bao.isConstant() and
-  bao.getFullyConverted().getUnderlyingType().(IntegralType).isUnsigned() and
-  convertedExprMightOverflow(bao)
-select bao, "Use of a constant, unsigned, integer expression that over- or under-flows."
+class ConstantUnsignedIntegerExpressionsWrapAroundQuery extends ConstantUnsignedIntegerExpressionsWrapAroundSharedQuery {
+  ConstantUnsignedIntegerExpressionsWrapAroundQuery() {
+    this = ExpressionsPackage::constantUnsignedIntegerExpressionsWrapAroundQuery()
+  }
+}

cpp/autosar/test/rules/M5-19-1/ConstantUnsignedIntegerExpressionsWrapAround.qlref

@@ -0,0 +1 @@
+cpp/common/test/rules/constantunsignedintegerexpressionswraparound/ConstantUnsignedIntegerExpressionsWrapAround.ql

cpp/autosar/test/rules/M5-19-1/ConstantUnsignedIntegerExpressionsWrapAround.testref

@@ -0,0 +1,21 @@
+/**
+ * Provides a library which includes a `problems` predicate for reporting unsigned integer
+ * wraparound related to constant expressions.
+ */
+
+import cpp
+import codingstandards.cpp.Customizations
+import codingstandards.cpp.Exclusions
+import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis
+
+abstract class ConstantUnsignedIntegerExpressionsWrapAroundSharedQuery extends Query { }
+
+Query getQuery() { result instanceof ConstantUnsignedIntegerExpressionsWrapAroundSharedQuery }
+
+query predicate problems(BinaryArithmeticOperation bao, string message) {
+  not isExcluded(bao, getQuery()) and
+  bao.isConstant() and
+  bao.getFullyConverted().getUnderlyingType().(IntegralType).isUnsigned() and
+  convertedExprMightOverflow(bao) and
+  message = "Use of a constant, unsigned, integer expression that over- or under-flows."
+}