Skip to content

Implement Conversions rule package #919

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 90 commits into
base: main
Choose a base branch
from
Open

Implement Conversions rule package #919

wants to merge 90 commits into from

Conversation

lcartey
Copy link
Collaborator

@lcartey lcartey commented Jul 7, 2025

Description

This PR adds support for an updated Conversions package.

As a number of the early rules in the original conversions package - particularly Rule 7.0.6 - turned out to be more complex than expected, I've created a Conversions2 package and shuffled around the queries in the following way:

  • Rules 7.0.1, 7.0.2, 7.0.3, 7.0.5, 7.0.6, 7.11.3 are retained in the Conversions package.
  • Rule 7.0.4 is moved into Conversions from Preconditions - as the rule concepts related more closely to the other Conversions queries than to preconditions.
  • The remaining rules are moved into Conversions2.

Implementation notes:

  • This PR introduces the use of the BigInt type, to help support analysis of larger integer constants. In CodeQL CLI 2.19.4, this feature is considered "experimental". Therefore, I would recommend we merge the PR to upgrade the CodeQL dependency to 2.20.7 (Upgrade github/codeql dependency to 2.20.7 #913) before we merge this PR.
  • Many of the queries in this package are backed by the newly created BuiltInTypeRules CodeQL library, which implements the behaviour described in the section 4.7.0 The built-in type rules of MISRA C++ 2023. These are similar in purpose to the essential type rules from MISRA C, but different enough that we needed to provide a clean implementation.
  • This PR introduces improvements to many of the standard library stubs for C++, which were necessary to support the various test cases for the conversion rules.
  • Rule 7.0.5 has a known limitation related to preprocessor directives.

Change request type

  • Release or process automation (GitHub workflows, internal scripts)
  • Internal documentation
  • External documentation
  • Query files (.ql, .qll, .qls or unit tests)
  • External scripts (analysis report or other code shipped as part of a release)

Rules with added or modified queries

  • No rules added
  • Queries have been added for the following rules:
    • RULE-7-0-1
    • RULE-7-0-2
    • RULE-7-0-3
    • RULE-7-0-4
    • RULE-7-0-5
    • RULE-7-0-6
    • RULE-7-11-3
  • Queries have been modified for the following rules:
    • rule number here

Release change checklist

A change note (development_handbook.md#change-notes) is required for any pull request which modifies:

  • The structure or layout of the release artifacts.
  • The evaluation performance (memory, execution time) of an existing query.
  • The results of an existing query in any circumstance.

If you are only adding new rule queries, a change note is not required.

Author: Is a change note required?

  • Yes
  • No

🚨🚨🚨
Reviewer: Confirm that format of shared queries (not the .qll file, the
.ql file that imports it) is valid by running them within VS Code.

  • Confirmed

Reviewer: Confirm that either a change note is not required or the change note is required and has been added.

  • Confirmed

Query development review checklist

For PRs that add new queries or modify existing queries, the following checklist should be completed by both the author and reviewer:

Author

  • Have all the relevant rule package description files been checked in?
  • Have you verified that the metadata properties of each new query is set appropriately?
  • Do all the unit tests contain both "COMPLIANT" and "NON_COMPLIANT" cases?
  • Are the alert messages properly formatted and consistent with the style guide?
  • Have you run the queries on OpenPilot and verified that the performance and results are acceptable?
    As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.
  • Does the query have an appropriate level of in-query comments/documentation?
  • Have you considered/identified possible edge cases?
  • Does the query not reinvent features in the standard library?
  • Can the query be simplified further (not golfed!)

Reviewer

  • Have all the relevant rule package description files been checked in?
  • Have you verified that the metadata properties of each new query is set appropriately?
  • Do all the unit tests contain both "COMPLIANT" and "NON_COMPLIANT" cases?
  • Are the alert messages properly formatted and consistent with the style guide?
  • Have you run the queries on OpenPilot and verified that the performance and results are acceptable?
    As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.
  • Does the query have an appropriate level of in-query comments/documentation?
  • Have you considered/identified possible edge cases?
  • Does the query not reinvent features in the standard library?
  • Can the query be simplified further (not golfed!)

lcartey added 30 commits June 10, 2025 12:34
@lcartey
RULE-7-0-1 - NoConversionFromBool
1d2aa2e 
Detects implicit and explicit conversions from type bool to other types,
preventing potential confusion between bitwise and logical operators and
ensuring clear type usage. [a]
@lcartey
Rule 7.0.1: Address review issues
5b810c3 
 - Simplify query implementation
 - Format test code
@lcartey
RULE-7-0-2 - NoImplicitBoolConversion
62d5dcc 
Detects implicit conversions to bool type from fundamental types,
unscoped enumerations, and pointers that may lead to unintended behavior
in conditional expressions.
@lcartey
Rule 7.0.2: Extend test case, support member function pointers
f92a2c9
@lcartey
Add Conversions exclusions file
b62394a
@lcartey
RULE-7-0-6 - NumericAssignmentTypeMismatch
a2c9912 
Detects inappropriate assignments between numeric types that violate type
compatibility requirements, including implicit conversions that may cause
information loss or unexpected behavior changes. [a]
@lcartey
Rule 7.0.6: Update test with better variable names
229705f
@lcartey
Rule 7.0.6: Fix id-expression detection
f870023 
 - Add additional test cases
 - Allow name qualifiers
 - Prohibit explicit casts (inc. parameters)
@lcartey
Rule 7.0.6: Support reference types
0ed1689 
Reference types can be numeric types according to the rule.

In addition to making NumericTypes reference types, we also add
a helper predicate which gets the size of the real type (rather
than the size of the reference).
@lcartey
Rule 7.0.6: Ignore compound expressions
778b344
@lcartey
Rule 7.0.6: Additional function return test cases
acfb253
@lcartey
Rule 7.0.6: Clarify pass-by-value on parameters
9dbc39f
@lcartey
Rule 7.0.6: Add user defined operator tests
b310e14
@lcartey
MISRA C++ 2023: Create StandardConversions library
af2ff95 
Migrate conversion generic code to a shared library.
@lcartey
MISRA C++ StandardConversions - improve detection of bitfield types
ea7d168
@lcartey
Rule 7.0.6: Improve bitfield support
5843258 
 - Add extra testing
 - Support signed bitfields
@lcartey
StandardConversions: Improve detection of numeric type category
01b517d 
 - Exclude booleans and chars from our determination of numeric
   types.
 - Deduplicate integer types deduced for bitfields - identifying
   a canonical set of integer types.
@lcartey
Rule 7.0.6: Add a test case for non-numeric (not covered)
06eddfa
@lcartey
StandardConversions: Handle aggregate initialization
a65c4cc
@lcartey
Add a library for determining constant expressions
04613cd 
The `getValue()` provided in the database applies the conversions,
which can be unhelpful when trying to write rules the refer to
conversions.
@lcartey
Rule 7.0.6: Use BigInt for constant expressions
4be1395 
 - Use IntegerConstantExpr to determine both the expressions which
   are constant, and the BigInt value of those constants (before
   final conversion).
 - Implement a BigInt type upper/lower bound to determine whether
   a constant assignment is valid.
@lcartey
Rule 7.0.6: add tests for cv-qualified types
e87892e
@lcartey
Rule 7.0.6: Support pointer to member cases
916fb3d 
 - Support assignment to pointer to members
 - Support pointer-to-member function calls
@lcartey
Rule 7.0.6: Support functions with default parameters
2ec2814 
Overload independence should consider what parameters are default.
@lcartey
Rule 7.0.6: Ignore deleted overloads
e659944
@lcartey
Rule 7.0.6: Refactor overload independent code
c0fe44d
@lcartey
Rule 7.0.6: Move aggregate tests to new file
06ffbfb
@lcartey
Rule 7.0.6: Move operator tests to separate file
fc63db1
@lcartey
Rule 7.0.6: Support constructor field initializers
f68658a
@lcartey
Rule 7.0.6: Handle explicit conversions
3fdaa98 
Consider the conversion as the source, not the pre-conversion
value.
lcartey added 20 commits August 19, 2025 11:21
@lcartey
Rule 7.0.4: Improve reporting
1af908a 
 - Use BinaryOperations library to merge reporting of assign and
   binary operations.
 - Report the actual type of the operand.
 - Report the operand which is in contravention, instead of the
   operation.
 - Split reporting of cases where a constant is not valid from
   cases where the it is not unsigned for better reporting.
@lcartey
Rule 7.0.6: Correctly handle constructor exception
cd8c960 
Improve handling for constructors with default arguments.
@lcartey
ConstantExpressions: Correct NotExpr to ComplementExpr
feccaf7
@lcartey
Make CanonicalIntegerType singular, use it more widely
2c0d06b
@lcartey
CanonicalTypes: refactor library
21cf410 
 - Create new shared library for canonical integer types
 - Implement `isMinimal` case to handle instances where multiple
   canonical types have the same size (for example `long` and
   `long long` on some platforms).
 - Create a new CanonicalIntegerNumericType for representing the
   concept of MISRA numeric canonical types. Set isMinimal() in
   the charpred to automatically filter out multiple canonical
   types for the same size and signedness.
@lcartey
Rule 7.0.5: Limit to Casts and refactor naming
bc7bf51 
 - Only `Cast`s participate in integer promotions and arithmetic
   conversions.
 - Rename conversion classes to clarify what they cover.
 - Update documentation to improve clarity on coverage.
@lcartey
BuiltInTypeRules: Handle bit fields in switch cases
f7cd25e
@lcartey
Fix CanonicalIntegralType classes
2d14c81
@lcartey
BuiltInTypeRules: Rename realType to builtInType
9ddf645
@lcartey
BuiltInTypeRules: Add isSameType API
8be7b3c
@lcartey
BuiltInTypeRules: Rename getRealSize to getBuiltInSize
bcf8ae9
@lcartey
MisraType: Avoid misuse of getSize()
94cfcda
@lcartey
BuiltInTypes: Wrap in MisraCpp23BuiltInTypes module
2c97905 
For clarity
@lcartey
Add TypeCategory suffix
5ca11e9
@lcartey
Update reference to MisraBuiltInTypes
6110770
@lcartey
BuiltInTypes: Refactor bitfield handling
8b999e9 
Simplify the handling of bitfields.
@lcartey
Create MISRA arithmetic conversions library
258dadf
@lcartey
Test case formatting
3186c70
@lcartey
More test case formatting
23be3db
@lcartey
More formatting
61ae04f
MichaelRFairhurst
MichaelRFairhurst requested changes Aug 21, 2025
View reviewed changes
Copy link
Contributor

@MichaelRFairhurst MichaelRFairhurst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, just a few more comments based on reviewing the test cases!

Overall looking very good and very very close.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@MichaelRFairhurst MichaelRFairhurst Awaiting requested review from MichaelRFairhurst

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lcartey @MichaelRFairhurst