codeql-coding-standards icon indicating copy to clipboard operation
codeql-coding-standards copied to clipboard
verified publisher icon github

`M5-0-12`: Incorrect alerts on assignments of valid numerical values

Open rvermeulen opened this issue 1 year ago • 1 comments

Affected rules

  • cpp/autosar/signed-char-and-unsigned-char-type-shall-only-be-used-for-the-storage-and-use-of-numeric-values

Description

The implementation incorrectly implements the identification of numeric values. Characters will have type char while numeric values will be promoted to int or unsigned int. However, in the case of templates, the type of the numeric value will be the fully converted expressions type. That is, unsigned char in the example below.

Example

The following is compliant per example in the standard, however is still seen as a contravention.

template <typename T, T value>
class C1 {
  public:
    C1() : m_value(value) {}
  private:
    T m_value;
};

void fp_test() {
  C1<std::uint8_t, 10> l1;  // COMPLIANT[FALSE_POSITIVE]
  C1<std::uint8_t, 10U> l2; // COMPLIANT[FALSE_POSITIVE]
}

rvermeulen avatar Feb 21 '24 17:02 rvermeulen

This query needs to be adjusted to report cases where a PlainCharType type is implicitly converted on assignment to a signed or unsigned char - note, it currently reports when a CharType is converted, which is incorrect because CharType includes the signed/unsigned types. e.g.:

  aexp.getUnspecifiedType() instanceof PlainCharType

The query currently only captures assignment into variables, but this does not cover the correct cases. Instead, we should modify the query to only look for Conversions that are implicit (explicit conversions are acceptable).

lcartey avatar Jan 20 '25 16:01 lcartey