work

Author: jsinglet

.vscode/tasks.json

@@ -199,6 +199,7 @@
                 "Concurrency1",
                 "Concurrency2",
                 "Concurrency3",
+                "Concurrency4",                
                 "Conditionals",
                 "Const",
                 "DeadCode",

c/cert/src/rules/CON34-C/AppropriateThreadObjectStorageDurations.md

@@ -0,0 +1,18 @@
+# CON34-C: Declare objects shared between threads with appropriate storage durations
+
+This query implements the CERT-C rule CON34-C:
+
+> Declare objects shared between threads with appropriate storage durations
+
+
+## CERT
+
+** REPLACE THIS BY RUNNING THE SCRIPT `scripts/help/cert-help-extraction.py` **
+
+## Implementation notes
+
+None
+
+## References
+
+* CERT-C: [CON34-C: Declare objects shared between threads with appropriate storage durations](https://wiki.sei.cmu.edu/confluence/display/c)

c/cert/src/rules/CON34-C/AppropriateThreadObjectStorageDurations.ql

@@ -0,0 +1,65 @@
+/**
+ * @id c/cert/appropriate-thread-object-storage-durations
+ * @name CON34-C: Declare objects shared between threads with appropriate storage durations
+ * @description Accessing thread-local variables with automatic storage durations can lead to
+ *              unpredictable program behavior.
+ * @kind problem
+ * @precision high
+ * @problem.severity error
+ * @tags external/cert/id/con34-c
+ *       correctness
+ *       concurrency
+ *       external/cert/obligation/rule
+ */
+
+import cpp
+import codingstandards.c.cert
+import codingstandards.cpp.Concurrency
+import semmle.code.cpp.dataflow.TaintTracking
+
+
+/// anything from tss_get is ok. the tss get must obtain the value from the
+//  context that called tss_set NOT in the thread. 
+/// anything that was static is ok
+/// anything dynamically allocated is ok. 
+
+// THREAD LOCAL IS NOT OK -- EG STACK VARIBLES ARE NEVER OK
+
+// we can make this really simple -- just look for thread create functions
+// wherein you pass in a variable created on the stack that is a) not static or
+// b) not created via malloc and c) not obtained from tss_get. 
+// we should do something more to determine if tss_get is wrongly called from a
+// thread context without a matching tss_get as another query. That should be an
+// audit. tss get without set. 
+// tss_get in the parent thread should maybe be followed by a thread_join
+// function 
+// 
+// 
+
+// IN THE PARENT -- a call to tss_set MUST be followed by a thread_join. 
+// Without this, it is possible the context isn't valid anymore.
+
+// It's important to note -- tss_get set DOES NOT require a call to delete 
+// to require the wait. It just requires the wait if it is used at all. 
+
+class MallocFunctionCall extends FunctionCall {
+  MallocFunctionCall(){
+    getTarget().getName() = "malloc"
+  }
+}
+
+from MallocFunctionCall fc, StackVariable sv, Expr e
+where not isExcluded(fc) 
+and TaintTracking::localTaint(DataFlow::exprNode(fc), DataFlow::exprNode(e)) 
+select fc, e
+
+
+// from C11ThreadCreateCall tcc, StackVariable sv, Expr arg
+// where
+//   not isExcluded(tcc, Concurrency4Package::appropriateThreadObjectStorageDurationsQuery()) and
+//   tcc.getArgument(2) = arg and 
+//   // a stack variable that is given as an argument to a thread
+//   TaintTracking::localTaint(DataFlow::exprNode(sv.getAnAccess()), DataFlow::exprNode(arg)) 
+//   // that isn't one of the allowed usage patterns
+//   TaintTracking::localTaint(DataFlow::exprNode(sv.getAnAccess()), DataFlow::exprNode(arg)) 
+// select tcc, "$@ not declared with appropriate storage duration", arg, "Shared object"

c/cert/test/rules/CON34-C/AppropriateThreadObjectStorageDurations.expected

@@ -0,0 +1 @@
+No expected results have yet been specified

c/cert/test/rules/CON34-C/AppropriateThreadObjectStorageDurations.qlref

@@ -0,0 +1 @@
+rules/CON34-C/AppropriateThreadObjectStorageDurations.ql

cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency4.qll

@@ -0,0 +1,74 @@
+//** THIS FILE IS AUTOGENERATED, DO NOT MODIFY DIRECTLY.  **/
+import cpp
+import RuleMetadata
+import codingstandards.cpp.exclusions.RuleMetadata
+
+newtype Concurrency4Query =
+  TCleanUpThreadSpecificStorageQuery() or
+  TAppropriateThreadObjectStorageDurationsQuery() or
+  TThreadWasPreviouslyJoinedOrDetachedQuery() or
+  TDoNotReferToAnAtomicVariableTwiceInExpressionQuery()
+
+predicate isConcurrency4QueryMetadata(Query query, string queryId, string ruleId) {
+  query =
+    // `Query` instance for the `cleanUpThreadSpecificStorage` query
+    Concurrency4Package::cleanUpThreadSpecificStorageQuery() and
+  queryId =
+    // `@id` for the `cleanUpThreadSpecificStorage` query
+    "c/cert/clean-up-thread-specific-storage" and
+  ruleId = "CON30-C"
+  or
+  query =
+    // `Query` instance for the `appropriateThreadObjectStorageDurations` query
+    Concurrency4Package::appropriateThreadObjectStorageDurationsQuery() and
+  queryId =
+    // `@id` for the `appropriateThreadObjectStorageDurations` query
+    "c/cert/appropriate-thread-object-storage-durations" and
+  ruleId = "CON34-C"
+  or
+  query =
+    // `Query` instance for the `threadWasPreviouslyJoinedOrDetached` query
+    Concurrency4Package::threadWasPreviouslyJoinedOrDetachedQuery() and
+  queryId =
+    // `@id` for the `threadWasPreviouslyJoinedOrDetached` query
+    "c/cert/thread-was-previously-joined-or-detached" and
+  ruleId = "CON39-C"
+  or
+  query =
+    // `Query` instance for the `doNotReferToAnAtomicVariableTwiceInExpression` query
+    Concurrency4Package::doNotReferToAnAtomicVariableTwiceInExpressionQuery() and
+  queryId =
+    // `@id` for the `doNotReferToAnAtomicVariableTwiceInExpression` query
+    "c/cert/do-not-refer-to-an-atomic-variable-twice-in-expression" and
+  ruleId = "CON40-C"
+}
+
+module Concurrency4Package {
+  Query cleanUpThreadSpecificStorageQuery() {
+    //autogenerate `Query` type
+    result =
+      // `Query` type for `cleanUpThreadSpecificStorage` query
+      TQueryC(TConcurrency4PackageQuery(TCleanUpThreadSpecificStorageQuery()))
+  }
+
+  Query appropriateThreadObjectStorageDurationsQuery() {
+    //autogenerate `Query` type
+    result =
+      // `Query` type for `appropriateThreadObjectStorageDurations` query
+      TQueryC(TConcurrency4PackageQuery(TAppropriateThreadObjectStorageDurationsQuery()))
+  }
+
+  Query threadWasPreviouslyJoinedOrDetachedQuery() {
+    //autogenerate `Query` type
+    result =
+      // `Query` type for `threadWasPreviouslyJoinedOrDetached` query
+      TQueryC(TConcurrency4PackageQuery(TThreadWasPreviouslyJoinedOrDetachedQuery()))
+  }
+
+  Query doNotReferToAnAtomicVariableTwiceInExpressionQuery() {
+    //autogenerate `Query` type
+    result =
+      // `Query` type for `doNotReferToAnAtomicVariableTwiceInExpression` query
+      TQueryC(TConcurrency4PackageQuery(TDoNotReferToAnAtomicVariableTwiceInExpressionQuery()))
+  }
+}

cpp/common/src/codingstandards/cpp/exclusions/c/RuleMetadata.qll

@@ -6,6 +6,7 @@ import Banned
 import Concurrency1
 import Concurrency2
 import Concurrency3
+import Concurrency4
 import Contracts1
 import Declarations1
 import IO1
@@ -31,6 +32,7 @@ newtype TCQuery =
   TConcurrency1PackageQuery(Concurrency1Query q) or
   TConcurrency2PackageQuery(Concurrency2Query q) or
   TConcurrency3PackageQuery(Concurrency3Query q) or
+  TConcurrency4PackageQuery(Concurrency4Query q) or
   TContracts1PackageQuery(Contracts1Query q) or
   TDeclarations1PackageQuery(Declarations1Query q) or
   TIO1PackageQuery(IO1Query q) or
@@ -56,6 +58,7 @@ predicate isQueryMetadata(Query query, string queryId, string ruleId) {
   isConcurrency1QueryMetadata(query, queryId, ruleId) or
   isConcurrency2QueryMetadata(query, queryId, ruleId) or
   isConcurrency3QueryMetadata(query, queryId, ruleId) or
+  isConcurrency4QueryMetadata(query, queryId, ruleId) or
   isContracts1QueryMetadata(query, queryId, ruleId) or
   isDeclarations1QueryMetadata(query, queryId, ruleId) or
   isIO1QueryMetadata(query, queryId, ruleId) or

rule_packages/c/Concurrency4.json

@@ -0,0 +1,78 @@
+{
+  "CERT-C": {
+    "CON30-C": {
+      "properties": {
+        "obligation": "rule"
+      },
+      "queries": [
+        {
+          "description": "",
+          "kind": "problem",
+          "name": "Clean up thread-specific storage",
+          "precision": "medium",
+          "severity": "error",
+          "short_name": "CleanUpThreadSpecificStorage",
+          "tags": []
+        }
+      ],
+      "title": "Clean up thread-specific storage"
+    },
+    "CON34-C": {
+      "properties": {
+        "obligation": "rule"
+      },
+      "queries": [
+        {
+          "description": "Accessing thread-local variables with automatic storage durations can lead to unpredictable program behavior.",
+          "kind": "problem",
+          "name": "Declare objects shared between threads with appropriate storage durations",
+          "precision": "high",
+          "severity": "error",
+          "short_name": "AppropriateThreadObjectStorageDurations",
+          "tags": [
+            "correctness",
+            "concurrency"
+          ],
+          "implementation_scope": {
+            "description": "This query does not consider Windows implementations or OpenMP implementations. This query is primarily about excluding cases wherein the storage duration of a variable is appropriate. As such, this query is not concerned if the appropriate synchronization mechanisms are used, such as sequencing calls to `thrd_join` and `free`. An audit query is supplied to handle those cases."
+          }
+        }
+      ],
+      "title": "Declare objects shared between threads with appropriate storage durations"
+    },
+    "CON39-C": {
+      "properties": {
+        "obligation": "rule"
+      },
+      "queries": [
+        {
+          "description": "",
+          "kind": "problem",
+          "name": "Do not join or detach a thread that was previously joined or detached",
+          "precision": "high",
+          "severity": "error",
+          "short_name": "ThreadWasPreviouslyJoinedOrDetached",
+          "tags": []
+        }
+      ],
+      "title": "Do not join or detach a thread that was previously joined or detached"
+    },
+    "CON40-C": {
+      "properties": {
+        "obligation": "rule"
+      },
+      "queries": [
+        {
+          "description": "",
+          "kind": "problem",
+          "name": "Do not refer to an atomic variable twice in an expression",
+          "precision": "very-high",
+          "severity": "error",
+          "short_name": "DoNotReferToAnAtomicVariableTwiceInExpression",
+          "tags": []
+        }
+      ],
+      "title": "Do not refer to an atomic variable twice in an expression"
+    }
+  }
+}