import

Author: jsinglet

cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency3.qll

@@ -4,24 +4,12 @@ import RuleMetadata
 import codingstandards.cpp.exclusions.RuleMetadata
 
 newtype Concurrency3Query =
-  TCleanUpThreadSpecificStorageQuery() or
   TDoNotAllowAMutexToGoOutOfScopeWhileLockedQuery() or
   TDoNotDestroyAMutexWhileItIsLockedQuery() or
-  TDeclareThreadsWithAppropriateStorageDurationsQuery() or
   TPreserveSafetyWhenUsingConditionVariablesQuery() or
-  TThreadPreviouslyJoinedOrDetachedQuery() or
-  TDoNotReferToAnAtomicVariableTwiceInExpressionQuery() or
   TWrapFunctionsThatCanFailSpuriouslyInLoopQuery()
 
 predicate isConcurrency3QueryMetadata(Query query, string queryId, string ruleId) {
-  query =
-    // `Query` instance for the `cleanUpThreadSpecificStorage` query
-    Concurrency3Package::cleanUpThreadSpecificStorageQuery() and
-  queryId =
-    // `@id` for the `cleanUpThreadSpecificStorage` query
-    "c/cert/clean-up-thread-specific-storage" and
-  ruleId = "CON30-C"
-  or
   query =
     // `Query` instance for the `doNotAllowAMutexToGoOutOfScopeWhileLocked` query
     Concurrency3Package::doNotAllowAMutexToGoOutOfScopeWhileLockedQuery() and
@@ -38,14 +26,6 @@ predicate isConcurrency3QueryMetadata(Query query, string queryId, string ruleId
     "c/cert/do-not-destroy-a-mutex-while-it-is-locked" and
   ruleId = "CON31-C"
   or
-  query =
-    // `Query` instance for the `declareThreadsWithAppropriateStorageDurations` query
-    Concurrency3Package::declareThreadsWithAppropriateStorageDurationsQuery() and
-  queryId =
-    // `@id` for the `declareThreadsWithAppropriateStorageDurations` query
-    "c/cert/declare-threads-with-appropriate-storage-durations" and
-  ruleId = "CON34-C"
-  or
   query =
     // `Query` instance for the `preserveSafetyWhenUsingConditionVariables` query
     Concurrency3Package::preserveSafetyWhenUsingConditionVariablesQuery() and
@@ -54,22 +34,6 @@ predicate isConcurrency3QueryMetadata(Query query, string queryId, string ruleId
     "c/cert/preserve-safety-when-using-condition-variables" and
   ruleId = "CON38-C"
   or
-  query =
-    // `Query` instance for the `threadPreviouslyJoinedOrDetached` query
-    Concurrency3Package::threadPreviouslyJoinedOrDetachedQuery() and
-  queryId =
-    // `@id` for the `threadPreviouslyJoinedOrDetached` query
-    "c/cert/thread-previously-joined-or-detached" and
-  ruleId = "CON39-C"
-  or
-  query =
-    // `Query` instance for the `doNotReferToAnAtomicVariableTwiceInExpression` query
-    Concurrency3Package::doNotReferToAnAtomicVariableTwiceInExpressionQuery() and
-  queryId =
-    // `@id` for the `doNotReferToAnAtomicVariableTwiceInExpression` query
-    "c/cert/do-not-refer-to-an-atomic-variable-twice-in-expression" and
-  ruleId = "CON40-C"
-  or
   query =
     // `Query` instance for the `wrapFunctionsThatCanFailSpuriouslyInLoop` query
     Concurrency3Package::wrapFunctionsThatCanFailSpuriouslyInLoopQuery() and
@@ -80,13 +44,6 @@ predicate isConcurrency3QueryMetadata(Query query, string queryId, string ruleId
 }
 
 module Concurrency3Package {
-  Query cleanUpThreadSpecificStorageQuery() {
-    //autogenerate `Query` type
-    result =
-      // `Query` type for `cleanUpThreadSpecificStorage` query
-      TQueryC(TConcurrency3PackageQuery(TCleanUpThreadSpecificStorageQuery()))
-  }
-
   Query doNotAllowAMutexToGoOutOfScopeWhileLockedQuery() {
     //autogenerate `Query` type
     result =
@@ -101,34 +58,13 @@ module Concurrency3Package {
       TQueryC(TConcurrency3PackageQuery(TDoNotDestroyAMutexWhileItIsLockedQuery()))
   }
 
-  Query declareThreadsWithAppropriateStorageDurationsQuery() {
-    //autogenerate `Query` type
-    result =
-      // `Query` type for `declareThreadsWithAppropriateStorageDurations` query
-      TQueryC(TConcurrency3PackageQuery(TDeclareThreadsWithAppropriateStorageDurationsQuery()))
-  }
-
   Query preserveSafetyWhenUsingConditionVariablesQuery() {
     //autogenerate `Query` type
     result =
       // `Query` type for `preserveSafetyWhenUsingConditionVariables` query
       TQueryC(TConcurrency3PackageQuery(TPreserveSafetyWhenUsingConditionVariablesQuery()))
   }
 
-  Query threadPreviouslyJoinedOrDetachedQuery() {
-    //autogenerate `Query` type
-    result =
-      // `Query` type for `threadPreviouslyJoinedOrDetached` query
-      TQueryC(TConcurrency3PackageQuery(TThreadPreviouslyJoinedOrDetachedQuery()))
-  }
-
-  Query doNotReferToAnAtomicVariableTwiceInExpressionQuery() {
-    //autogenerate `Query` type
-    result =
-      // `Query` type for `doNotReferToAnAtomicVariableTwiceInExpression` query
-      TQueryC(TConcurrency3PackageQuery(TDoNotReferToAnAtomicVariableTwiceInExpressionQuery()))
-  }
-
   Query wrapFunctionsThatCanFailSpuriouslyInLoopQuery() {
     //autogenerate `Query` type
     result =

cpp/common/src/codingstandards/cpp/exclusions/cpp/Concurrency.qll

@@ -10,7 +10,7 @@ newtype ConcurrencyQuery =
   TPreventBitFieldAccessFromMultipleThreadsQuery() or
   TDeadlockByLockingInPredefinedOrderQuery() or
   TWrapFunctionsThatCanSpuriouslyWakeUpInLoopQuery() or
-  TPreserveThreadSafetyAndLivenessWhenUsingConditionVariablesQuery() or
+  TPreserveSafetyWhenUsingConditionVariablesQuery() or
   TDoNotSpeculativelyLockALockedNonRecursiveMutexQuery() or
   TLockedALockedNonRecursiveMutexAuditQuery()
 
@@ -64,11 +64,11 @@ predicate isConcurrencyQueryMetadata(Query query, string queryId, string ruleId)
   ruleId = "CON54-CPP"
   or
   query =
-    // `Query` instance for the `preserveThreadSafetyAndLivenessWhenUsingConditionVariables` query
-    ConcurrencyPackage::preserveThreadSafetyAndLivenessWhenUsingConditionVariablesQuery() and
+    // `Query` instance for the `preserveSafetyWhenUsingConditionVariables` query
+    ConcurrencyPackage::preserveSafetyWhenUsingConditionVariablesQuery() and
   queryId =
-    // `@id` for the `preserveThreadSafetyAndLivenessWhenUsingConditionVariables` query
-    "cpp/cert/preserve-thread-safety-and-liveness-when-using-condition-variables" and
+    // `@id` for the `preserveSafetyWhenUsingConditionVariables` query
+    "cpp/cert/preserve-safety-when-using-condition-variables" and
   ruleId = "CON55-CPP"
   or
   query =
@@ -131,11 +131,11 @@ module ConcurrencyPackage {
       TQueryCPP(TConcurrencyPackageQuery(TWrapFunctionsThatCanSpuriouslyWakeUpInLoopQuery()))
   }
 
-  Query preserveThreadSafetyAndLivenessWhenUsingConditionVariablesQuery() {
+  Query preserveSafetyWhenUsingConditionVariablesQuery() {
     //autogenerate `Query` type
     result =
-      // `Query` type for `preserveThreadSafetyAndLivenessWhenUsingConditionVariables` query
-      TQueryCPP(TConcurrencyPackageQuery(TPreserveThreadSafetyAndLivenessWhenUsingConditionVariablesQuery()))
+      // `Query` type for `preserveSafetyWhenUsingConditionVariables` query
+      TQueryCPP(TConcurrencyPackageQuery(TPreserveSafetyWhenUsingConditionVariablesQuery()))
   }
 
   Query doNotSpeculativelyLockALockedNonRecursiveMutexQuery() {

cpp/common/src/codingstandards/cpp/rules/preservesafetywhenusingconditionvariables/PreserveSafetyWhenUsingConditionVariables.qll

@@ -0,0 +1,73 @@
+/**
+ * Provides a library which includes a `problems` predicate for reporting....
+ */
+
+import cpp
+import codingstandards.cpp.Customizations
+import codingstandards.cpp.Exclusions
+import codingstandards.cpp.Concurrency
+
+abstract class PreserveSafetyWhenUsingConditionVariablesSharedQuery extends Query { }
+
+Query getQuery() { result instanceof PreserveSafetyWhenUsingConditionVariablesSharedQuery }
+
+/**
+ * Models a notification arising from a conditional variable.
+ */
+abstract class ConditionalNotification extends FunctionCall {
+  abstract predicate isNotifyOne();
+}
+
+class CPPConditionalNotification extends ConditionalNotification {
+  string name;
+
+  CPPConditionalNotification() {
+    exists(MemberFunction mf |
+      mf = getTarget() and
+      mf.getDeclaringType().hasQualifiedName("std", "condition_variable") and
+      mf.getName() = name
+    )
+  }
+
+  override predicate isNotifyOne() { name in ["notify_one"] }
+}
+
+class C11ConditionalNotification extends ConditionalNotification {
+  string name;
+
+  C11ConditionalNotification() {
+    exists(Function mf |
+      mf = getTarget() and
+      mf.getName() = ["cnd_signal", "cnd_broadcast"] and
+      mf.getName() = name
+    )
+  }
+
+  override predicate isNotifyOne() { name in ["cnd_signal"] }
+}
+
+/*
+ * This query works by looking for single dispatch notifications in the context of a
+ * function that is used in a thread.
+ *
+ * To avoid this problem a programmer may use `notify_all` or `cnd_broadcast` or use unique
+ * condition variables. The problem of checking for correct usage of multiple
+ * condition variables is especially non-trivial and thus this query
+ * conservatively over-approximates potential issues with condition variables.
+ *
+ * Note that the check for using conditional variables within a loop is covered
+ * by CON54-CPP
+ */
+
+query predicate problems(ConditionalNotification cn, string message) {
+  not isExcluded(cn, getQuery()) and
+  exists(ThreadedFunction tf |
+    // the problematic types of uses of conditional variables
+    // are the cases where single dispatch notification is used.
+    cn.isNotifyOne() and
+    // to be problematic this function should actually be used in a thread
+    cn.getEnclosingFunction() = tf
+  ) and
+  message =
+    "Possible unsafe usage of single dispatch notification which can lead to deadlocking of threads."
+}

cpp/common/test/rules/preservesafetywhenusingconditionvariables/PreserveSafetyWhenUsingConditionVariables.expected

@@ -0,0 +1 @@
+No expected results have yet been specified

cpp/common/test/rules/preservesafetywhenusingconditionvariables/PreserveSafetyWhenUsingConditionVariables.ql

@@ -0,0 +1,2 @@
+// GENERATED FILE - DO NOT MODIFY
+import codingstandards.cpp.rules.preservesafetywhenusingconditionvariables.PreserveSafetyWhenUsingConditionVariables