Rule 21.10.1: NoVariadicFunctionMacros.ql

lcartey · lcartey · commit ffed4673ca32 · 2025-06-02T22:40:41.000+01:00
A query for reporting the use of variadic functions. [a]
diff --git a/cpp/misra/src/rules/RULE-21-10-1/NoVariadicFunctionMacros.ql b/cpp/misra/src/rules/RULE-21-10-1/NoVariadicFunctionMacros.ql
@@ -0,0 +1,53 @@
+/**
+ * @id cpp/misra/no-variadic-function-macros
+ * @name RULE-21-10-1: The features of <cstdarg> shall not be used
+ * @description Using <cstdarg> features like va_list, va_arg, va_start, va_end and va_copy bypasses
+ *              compiler type checking and leads to undefined behavior when used incorrectly.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity error
+ * @tags external/misra/id/rule-21-10-1
+ *       scope/single-translation-unit
+ *       external/misra/enforcement/decidable
+ *       external/misra/obligation/required
+ */
+
+import cpp
+import codingstandards.cpp.misra
+
+class VaListType extends Type {
+  VaListType() {
+    this.getName() = "va_list" or
+    this.getName() = "__va_list_tag" or
+    this.(SpecifiedType).getBaseType() instanceof VaListType or
+    this.(TypedefType).getBaseType() instanceof VaListType
+  }
+}
+
+from Element element, string message
+where
+  not isExcluded(element, BannedAPIsPackage::noVariadicFunctionMacrosQuery()) and
+  (
+    element.(Variable).getType() instanceof VaListType and
+    message = "Declaration of variable '" + element.(Variable).getName() + "' of type 'va_list'."
+    or
+    element.(Parameter).getType() instanceof VaListType and
+    message = "Declaration of parameter '" + element.(Parameter).getName() + "' of type 'va_list'."
+    or
+    element instanceof BuiltInVarArgsStart and
+    message = "Call to 'va_start'."
+    or
+    element instanceof BuiltInVarArgsEnd and
+    message = "Call to 'va_end'."
+    or
+    element instanceof BuiltInVarArg and
+    message = "Call to 'va_arg'."
+    or
+    element instanceof BuiltInVarArgCopy and
+    message = "Call to 'va_copy'."
+    or
+    element.(TypedefType).getBaseType() instanceof VaListType and
+    message =
+      "Declaration of typedef '" + element.(TypedefType).getName() + "' aliasing 'va_list' type."
+  )
+select element, message
diff --git a/cpp/misra/test/rules/RULE-21-10-1/NoVariadicFunctionMacros.expected b/cpp/misra/test/rules/RULE-21-10-1/NoVariadicFunctionMacros.expected
@@ -0,0 +1,29 @@
+| test.cpp:5:11:5:12 | l1 | Declaration of variable 'l1' of type 'va_list'. |
+| test.cpp:9:11:9:12 | l2 | Declaration of variable 'l2' of type 'va_list'. |
+| test.cpp:10:3:10:18 | __builtin_va_start | Call to 'va_start'. |
+| test.cpp:11:3:11:12 | __builtin_va_end | Call to 'va_end'. |
+| test.cpp:15:11:15:12 | l2 | Declaration of variable 'l2' of type 'va_list'. |
+| test.cpp:16:3:16:18 | __builtin_va_start | Call to 'va_start'. |
+| test.cpp:17:21:17:44 | __builtin_va_arg | Call to 'va_arg'. |
+| test.cpp:18:3:18:12 | __builtin_va_end | Call to 'va_end'. |
+| test.cpp:22:11:22:12 | l2 | Declaration of variable 'l2' of type 'va_list'. |
+| test.cpp:23:3:23:18 | __builtin_va_start | Call to 'va_start'. |
+| test.cpp:24:3:24:12 | __builtin_va_end | Call to 'va_end'. |
+| test.cpp:28:11:28:12 | l2 | Declaration of variable 'l2' of type 'va_list'. |
+| test.cpp:28:15:28:16 | l3 | Declaration of variable 'l3' of type 'va_list'. |
+| test.cpp:29:3:29:18 | __builtin_va_start | Call to 'va_start'. |
+| test.cpp:30:3:30:17 | __builtin_va_copy | Call to 'va_copy'. |
+| test.cpp:31:3:31:12 | __builtin_va_end | Call to 'va_end'. |
+| test.cpp:32:3:32:12 | __builtin_va_end | Call to 'va_end'. |
+| test.cpp:35:37:35:38 | l1 | Declaration of parameter 'l1' of type 'va_list'. |
+| test.cpp:35:37:35:38 | l1 | Declaration of variable 'l1' of type 'va_list'. |
+| test.cpp:36:15:36:32 | __builtin_va_arg | Call to 'va_arg'. |
+| test.cpp:40:11:40:12 | l2 | Declaration of variable 'l2' of type 'va_list'. |
+| test.cpp:41:3:41:18 | __builtin_va_start | Call to 'va_start'. |
+| test.cpp:42:21:42:44 | __builtin_va_arg | Call to 'va_arg'. |
+| test.cpp:43:15:43:32 | __builtin_va_arg | Call to 'va_arg'. |
+| test.cpp:44:3:44:12 | __builtin_va_end | Call to 'va_end'. |
+| test.cpp:55:17:55:29 | va_list_alias | Declaration of typedef 'va_list_alias' aliasing 'va_list' type. |
+| test.cpp:56:17:56:25 | SOME_TYPE | Declaration of typedef 'SOME_TYPE' aliasing 'va_list' type. |
+| test.cpp:58:17:58:18 | l1 | Declaration of variable 'l1' of type 'va_list'. |
+| test.cpp:59:13:59:14 | l2 | Declaration of variable 'l2' of type 'va_list'. |
diff --git a/cpp/misra/test/rules/RULE-21-10-1/NoVariadicFunctionMacros.qlref b/cpp/misra/test/rules/RULE-21-10-1/NoVariadicFunctionMacros.qlref
@@ -0,0 +1 @@
+rules/RULE-21-10-1/NoVariadicFunctionMacros.ql
diff --git a/cpp/misra/test/rules/RULE-21-10-1/test.cpp b/cpp/misra/test/rules/RULE-21-10-1/test.cpp
@@ -0,0 +1,60 @@
+#include <cstdarg>
+#include <cstdint>
+
+void test_va_list_declaration() {
+  va_list l1; // NON_COMPLIANT
+}
+
+void test_va_start_usage(std::int32_t l1, ...) {
+  va_list l2;       // NON_COMPLIANT
+  va_start(l2, l1); // NON_COMPLIANT
+  va_end(l2);       // NON_COMPLIANT
+}
+
+void test_va_arg_usage(std::int32_t l1, ...) {
+  va_list l2;                                 // NON_COMPLIANT
+  va_start(l2, l1);                           // NON_COMPLIANT
+  std::int32_t l3 = va_arg(l2, std::int32_t); // NON_COMPLIANT
+  va_end(l2);                                 // NON_COMPLIANT
+}
+
+void test_va_end_usage(std::int32_t l1, ...) {
+  va_list l2;       // NON_COMPLIANT
+  va_start(l2, l1); // NON_COMPLIANT
+  va_end(l2);       // NON_COMPLIANT
+}
+
+void test_va_copy_usage(std::int32_t l1, ...) {
+  va_list l2, l3;   // NON_COMPLIANT
+  va_start(l2, l1); // NON_COMPLIANT
+  va_copy(l3, l2);  // NON_COMPLIANT
+  va_end(l3);       // NON_COMPLIANT
+  va_end(l2);       // NON_COMPLIANT
+}
+
+void test_va_list_parameter(va_list l1) { // NON_COMPLIANT
+  double l2 = va_arg(l1, double);         // NON_COMPLIANT
+}
+
+void test_multiple_va_arg_calls(std::int32_t l1, ...) {
+  va_list l2;                                 // NON_COMPLIANT
+  va_start(l2, l1);                           // NON_COMPLIANT
+  std::int32_t l3 = va_arg(l2, std::int32_t); // NON_COMPLIANT
+  double l4 = va_arg(l2, double);             // NON_COMPLIANT
+  va_end(l2);                                 // NON_COMPLIANT
+}
+
+void test_variadic_function_declaration(std::int16_t l1, ...) {
+  // Function declaration with ellipsis is compliant
+}
+
+void test_variadic_function_call() {
+  test_variadic_function_declaration(1, 2.0, 3.0); // COMPLIANT
+}
+
+typedef va_list va_list_alias; // NON_COMPLIANT
+typedef va_list SOME_TYPE;     // NON_COMPLIANT
+void test_va_list_alias() {
+  va_list_alias l1; // NON_COMPLIANT
+  SOME_TYPE l2;     // NON_COMPLIANT
+}

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+rules/RULE-21-10-1/NoVariadicFunctionMacros.ql`