Merge remote-tracking branch 'origin/michaelrfairhurst/package-undefined-behavior' into michaelrfairhurst/package-undefined-behavior-divide-or-modulo-by-zero

Author: MichaelRFairhurst

change_notes/2026-03-13-make-string-literal-query-shared.md

@@ -0,0 +1,2 @@
+ - `A2-13-4` - `StringLiteralsAssignedToNonConstantPointers.ql`:
+   - Refactored query logic into a shared module (`StringLiteralsAssignedToNonConstantPointersShared`) to enable reuse by MISRA C++ `RULE-4-1-3`. The query logic is unchanged. No visible changes to results or performance are expected.

change_notes/2026-03-13-share-deallocation-type-mismatch-query.md

@@ -0,0 +1,2 @@
+ - `MEM51-CPP` - `ProperlyDeallocateDynamicallyAllocatedResources.ql`:
+   - Refactored query logic into a shared library (`ProperlyDeallocateDynamicallyAllocatedResourcesShared.qll`) to enable reuse by MISRA C++ `RULE-4-1-3`. The query logic is unchanged and no visible changes to results or performance are expected.

cpp/autosar/src/rules/A2-13-4/StringLiteralsAssignedToNonConstantPointers.ql

@@ -17,11 +17,12 @@
 
 import cpp
 import codingstandards.cpp.autosar
+import codingstandards.cpp.rules.stringliteralsassignedtononconstantpointersshared.StringLiteralsAssignedToNonConstantPointersShared
 
-from ArrayToPointerConversion apc
-where
-  not isExcluded(apc, StringsPackage::stringLiteralsAssignedToNonConstantPointersQuery()) and
-  apc.getExpr() instanceof StringLiteral and
-  apc.getExpr().getUnderlyingType().(ArrayType).getBaseType().isConst() and
-  not apc.getFullyConverted().getType().getUnderlyingType().(PointerType).getBaseType().isConst()
-select apc, "String literal assigned to non-const pointer."
+module StringLiteralsAssignedToNonConstantPointersConfig implements
+  StringLiteralsAssignedToNonConstantPointersSharedConfigSig
+{
+  Query getQuery() { result = StringsPackage::stringLiteralsAssignedToNonConstantPointersQuery() }
+}
+
+import StringLiteralsAssignedToNonConstantPointersShared<StringLiteralsAssignedToNonConstantPointersConfig>

cpp/autosar/test/rules/A2-13-4/StringLiteralsAssignedToNonConstantPointers.qlref

@@ -0,0 +1 @@
+cpp/common/test/rules/stringliteralsassignedtononconstantpointersshared/StringLiteralsAssignedToNonConstantPointersShared.ql

cpp/autosar/test/rules/A2-13-4/StringLiteralsAssignedToNonConstantPointers.testref

@@ -19,20 +19,14 @@
 
 import cpp
 import codingstandards.cpp.cert
-import codingstandards.cpp.Allocations
+import codingstandards.cpp.rules.properlydeallocatedynamicallyallocatedresourcesshared.ProperlyDeallocateDynamicallyAllocatedResourcesShared
 
-predicate matching(string allocKind, string deleteKind) {
-  allocKind = "new" and deleteKind = "delete"
-  or
-  allocKind = "new[]" and deleteKind = "delete[]"
-  or
-  allocKind = "malloc" and deleteKind = "free"
+module ProperlyDeallocateDynamicallyAllocatedResourcesConfig implements
+  ProperlyDeallocateDynamicallyAllocatedResourcesSharedConfigSig
+{
+  Query getQuery() {
+    result = AllocationsPackage::properlyDeallocateDynamicallyAllocatedResourcesQuery()
+  }
 }
 
-from Expr alloc, Expr free, Expr freed, string allocKind, string deleteKind
-where
-  not isExcluded(freed, AllocationsPackage::properlyDeallocateDynamicallyAllocatedResourcesQuery()) and
-  allocReaches(freed, alloc, allocKind) and
-  freeExprOrIndirect(free, freed, deleteKind) and
-  not matching(allocKind, deleteKind)
-select free, "Memory allocated with $@ but deleted with " + deleteKind + ".", alloc, allocKind
+import ProperlyDeallocateDynamicallyAllocatedResourcesShared<ProperlyDeallocateDynamicallyAllocatedResourcesConfig>

cpp/cert/src/rules/MEM51-CPP/ProperlyDeallocateDynamicallyAllocatedResources.ql

@@ -0,0 +1 @@
+cpp/common/test/rules/properlydeallocatedynamicallyallocatedresourcesshared/ProperlyDeallocateDynamicallyAllocatedResourcesShared.ql

cpp/cert/test/rules/MEM51-CPP/ProperlyDeallocateDynamicallyAllocatedResources.qlref

@@ -9,7 +9,9 @@ newtype UndefinedQuery =
   TUndefinedBehaviorAuditQuery() or
   TCriticalUnspecifiedBehaviorAuditQuery() or
   TPossibleDataRaceBetweenThreadsQuery() or
-  TDivisionByZeroUndefinedBehaviorQuery()
+  TDivisionByZeroUndefinedBehaviorQuery() or
+  TDeallocationTypeMismatchQuery() or
+  TStringLiteralPossiblyModifiedAuditQuery()
 
 predicate isUndefinedQueryMetadata(Query query, string queryId, string ruleId, string category) {
   query =
@@ -65,6 +67,24 @@ predicate isUndefinedQueryMetadata(Query query, string queryId, string ruleId, s
     "cpp/misra/division-by-zero-undefined-behavior" and
   ruleId = "RULE-4-1-3" and
   category = "required"
+  or
+  query =
+    // `Query` instance for the `deallocationTypeMismatch` query
+    UndefinedPackage::deallocationTypeMismatchQuery() and
+  queryId =
+    // `@id` for the `deallocationTypeMismatch` query
+    "cpp/misra/deallocation-type-mismatch" and
+  ruleId = "RULE-4-1-3" and
+  category = "required"
+  or
+  query =
+    // `Query` instance for the `stringLiteralPossiblyModifiedAudit` query
+    UndefinedPackage::stringLiteralPossiblyModifiedAuditQuery() and
+  queryId =
+    // `@id` for the `stringLiteralPossiblyModifiedAudit` query
+    "cpp/misra/string-literal-possibly-modified-audit" and
+  ruleId = "RULE-4-1-3" and
+  category = "required"
 }
 
 module UndefinedPackage {
@@ -109,4 +129,18 @@ module UndefinedPackage {
       // `Query` type for `divisionByZeroUndefinedBehavior` query
       TQueryCPP(TUndefinedPackageQuery(TDivisionByZeroUndefinedBehaviorQuery()))
   }
+
+  Query deallocationTypeMismatchQuery() {
+    //autogenerate `Query` type
+    result =
+      // `Query` type for `deallocationTypeMismatch` query
+      TQueryCPP(TUndefinedPackageQuery(TDeallocationTypeMismatchQuery()))
+  }
+
+  Query stringLiteralPossiblyModifiedAuditQuery() {
+    //autogenerate `Query` type
+    result =
+      // `Query` type for `stringLiteralPossiblyModifiedAudit` query
+      TQueryCPP(TUndefinedPackageQuery(TStringLiteralPossiblyModifiedAuditQuery()))
+  }
 }

cpp/cert/test/rules/MEM51-CPP/ProperlyDeallocateDynamicallyAllocatedResources.testref

@@ -0,0 +1,37 @@
+/**
+ * Provides a configurable module ProperlyDeallocateDynamicallyAllocatedResourcesShared with a
+ * `problems` predicate for the following issue:
+ * Deallocation functions should only be called on nullptr or a pointer returned by the
+ * corresponding allocation function, that hasn't already been deallocated.
+ */
+
+import cpp
+import codingstandards.cpp.Customizations
+import codingstandards.cpp.Exclusions
+import codingstandards.cpp.Allocations
+
+signature module ProperlyDeallocateDynamicallyAllocatedResourcesSharedConfigSig {
+  Query getQuery();
+}
+
+module ProperlyDeallocateDynamicallyAllocatedResourcesShared<
+  ProperlyDeallocateDynamicallyAllocatedResourcesSharedConfigSig Config>
+{
+  private predicate matching(string allocKind, string deleteKind) {
+    allocKind = "new" and deleteKind = "delete"
+    or
+    allocKind = "new[]" and deleteKind = "delete[]"
+    or
+    allocKind = "malloc" and deleteKind = "free"
+  }
+
+  query predicate problems(Expr free, string message, Expr alloc, string allocKind) {
+    exists(Expr freed, string deleteKind |
+      not isExcluded(freed, Config::getQuery()) and
+      allocReaches(freed, alloc, allocKind) and
+      freeExprOrIndirect(free, freed, deleteKind) and
+      not matching(allocKind, deleteKind) and
+      message = "Memory allocated with $@ but deleted with " + deleteKind + "."
+    )
+  }
+}