Implement Conversions2 rule package

change_notes/2025-08-15-m5-2-2-virtual-base.md

@@ -0,0 +1,3 @@
+ - `M5-2-2` - `PointerToAVirtualBaseClassCastToAPointer.ql`:
+   - Report casts where the from or to types are typedefs to virtual base classes or derived classes.
+   - Report casts to a reference type which is a derived type.

change_notes/2025-08-18-fix-alert-reporting.md

@@ -0,0 +1,3 @@
+ - `RULE-1-2`, `RULE-23-3`, `RULE-23-5`, `RULE-23-6`:
+   - Results that occur in nested macro invocations are now reported in the macro that defines the contravening code, rather than the macro which is first expanded.
+   - Results the occur in arguments to macro invocations are now reported in at the macro invocation site, instead of the macro definition site.

cpp/autosar/src/rules/A5-2-2/TraditionalCStyleCastsUsed.ql

@@ -16,6 +16,7 @@
 import cpp
 import codingstandards.cpp.autosar
 import codingstandards.cpp.Macro
+import codingstandards.cpp.CStyleCasts
 
 /**
  * Gets the macro (if any) that generated the given `CStyleCast`.
@@ -61,18 +62,10 @@ Macro getGeneratedFrom(CStyleCast c) {
  *    argument type is compatible with a single-argument constructor.
  */
 
-from CStyleCast c, string extraMessage, Locatable l, string supplementary
+from ExplicitUserDefinedCStyleCast c, string extraMessage, Locatable l, string supplementary
 where
   not isExcluded(c, BannedSyntaxPackage::traditionalCStyleCastsUsedQuery()) and
-  not c.isImplicit() and
-  not c.getType() instanceof UnknownType and
-  // For casts in templates that occur on types related to a template parameter, the copy of th
-  // cast in the uninstantiated template is represented as a `CStyleCast` even if in practice all
-  // the instantiations represent it as a `ConstructorCall`. To avoid the common false positive case
-  // of using the functional cast notation to call a constructor we exclude all `CStyleCast`s on
-  // uninstantiated templates, and instead rely on reporting results within instantiations.
-  not c.isFromUninstantiatedTemplate(_) and
-  // Exclude casts created from macro invocations of macros defined by third parties
+  // Not generated from a library macro
   not getGeneratedFrom(c) instanceof LibraryMacro and
   // If the cast was generated from a user-provided macro, then report the macro that generated the
   // cast, as the macro itself may have generated the cast

cpp/autosar/src/rules/M5-2-2/PointerToAVirtualBaseClassCastToAPointer.ql

@@ -15,14 +15,10 @@
 
 import cpp
 import codingstandards.cpp.autosar
+import codingstandards.cpp.rules.pointertoavirtualbaseclasscasttoapointer.PointerToAVirtualBaseClassCastToAPointer
 
-from Cast cast, VirtualBaseClass castFrom, Class castTo
-where
-  not isExcluded(cast, PointersPackage::pointerToAVirtualBaseClassCastToAPointerQuery()) and
-  not cast instanceof DynamicCast and
-  castFrom = cast.getExpr().getType().(PointerType).getBaseType() and
-  cast.getType().(PointerType).getBaseType() = castTo and
-  castTo = castFrom.getADerivedClass+()
-select cast,
-  "A pointer to virtual base class $@ is not cast to a pointer of derived class $@ using a dynamic_cast.",
-  castFrom, castFrom.getName(), castTo, castTo.getName()
+class PointerToAVirtualBaseClassCastToAPointerQuery extends PointerToAVirtualBaseClassCastToAPointerSharedQuery {
+  PointerToAVirtualBaseClassCastToAPointerQuery() {
+    this = PointersPackage::pointerToAVirtualBaseClassCastToAPointerQuery()
+  }
+}

cpp/autosar/test/rules/A5-2-2/test.cpp

@@ -2,7 +2,7 @@
 #include <string>
 #include <utility>
 int foo() { return 1; }
-
+// A copy of 8.2,2 test.cpp, but with different cases compliant/non-compliant
 void test_c_style_cast() {
   double f = 3.14;
   std::uint32_t n1 = (std::uint32_t)f; // NON_COMPLIANT - C-style cast

cpp/common/src/codingstandards/cpp/AlertReporting.qll

@@ -14,15 +14,21 @@ module MacroUnwrapper<ResultType ResultElement> {
    * Gets a macro invocation that applies to the result element.
    */
   private MacroInvocation getAMacroInvocation(ResultElement re) {
-    result.getAnExpandedElement() = re
+    result.getAnAffectedElement() = re
   }
 
   /**
    * Gets the primary macro invocation that generated the result element.
+   *
+   * Does not hold for cases where the result element is located at a macro argument site.
    */
   MacroInvocation getPrimaryMacroInvocation(ResultElement re) {
     exists(MacroInvocation mi |
       mi = getAMacroInvocation(re) and
+      // Only report cases where the element is not located at the macro expansion site
+      // This means we'll report results in macro arguments in the macro argument
+      // location, not within the macro itself
+      mi.getLocation().getStartColumn() = re.getLocation().getStartColumn() and
       // No other more specific macro that expands to element
       not exists(MacroInvocation otherMi |
         otherMi = getAMacroInvocation(re) and otherMi.getParentInvocation() = mi

cpp/common/src/codingstandards/cpp/CStyleCasts.qll

@@ -0,0 +1,18 @@
+import cpp
+import codingstandards.cpp.Macro
+
+/**
+ * A C-style cast that is explicitly user written and has a known target type.
+ */
+class ExplicitUserDefinedCStyleCast extends CStyleCast {
+  ExplicitUserDefinedCStyleCast() {
+    not this.isImplicit() and
+    not this.getType() instanceof UnknownType and
+    // For casts in templates that occur on types related to a template parameter, the copy of th
+    // cast in the uninstantiated template is represented as a `CStyleCast` even if in practice all
+    // the instantiations represent it as a `ConstructorCall`. To avoid the common false positive case
+    // of using the functional cast notation to call a constructor we exclude all `CStyleCast`s on
+    // uninstantiated templates, and instead rely on reporting results within instantiations.
+    not this.isFromUninstantiatedTemplate(_)
+  }
+}

cpp/common/src/codingstandards/cpp/Call.qll

@@ -0,0 +1,18 @@
+import cpp
+import codingstandards.cpp.types.Type
+
+/**
+ * Gets the `FunctionType` of an expression call.
+ */
+FunctionType getExprCallFunctionType(ExprCall call) {
+  // A standard expression call
+  // Returns a FunctionPointerIshType
+  result = call.(ExprCall).getExpr().getType()
+  or
+  // An expression call using the pointer to member operator (.* or ->*)
+  // This special handling is required because we don't have a CodeQL class representing the call
+  // to a pointer to member function, but the right hand side is extracted as the -1 child of the
+  // call.
+  // Returns a RoutineType
+  result = call.(ExprCall).getChild(-1).getType().(PointerToMemberType).getBaseType()
+}

cpp/common/src/codingstandards/cpp/ConstantExpressions.qll

@@ -0,0 +1,97 @@
+import cpp
+
+final private class FinalExpr = Expr;
+
+/**
+ * An integer constant expression as defined by the C++17 standard.
+ */
+class IntegerConstantExpr extends FinalExpr {
+  IntegerConstantExpr() {
+    // An integer constant expression is a constant expression that has an
+    // integral type.
+    this.isConstant() and
+    exists(Type unspecifiedType | unspecifiedType = this.getUnspecifiedType() |
+      unspecifiedType instanceof IntegralType
+      or
+      // Unscoped enum type
+      unspecifiedType instanceof Enum and
+      not unspecifiedType instanceof ScopedEnum
+    )
+  }
+
+  /**
+   * Gets the value of this integer constant expression.
+   *
+   * This is only defined for expressions that are constant expressions, and
+   * that have a value that can be represented as a `BigInt`.
+   */
+  QlBuiltins::BigInt getConstantValue() {
+    if exists(getPreConversionConstantValue())
+    then result = getPreConversionConstantValue()
+    else result = this.getValue().toBigInt()
+  }
+
+  /**
+   * Gets the pre-conversion constant value of this integer constant expression, if it is different
+   * from `getValue()`.
+   *
+   * This is required because `Expr.getValue()` returns the _converted constant expression value_
+   * for non-literal constant expressions, which is the expression value after conversions have been
+   * applied, but for validating conversions we need the _pre-conversion constant expression value_.
+   */
+  private QlBuiltins::BigInt getPreConversionConstantValue() {
+    // Access of a variable that has a constant initializer
+    result =
+      this.(VariableAccess)
+          .getTarget()
+          .getInitializer()
+          .getExpr()
+          .getFullyConverted()
+          .getValue()
+          .toBigInt()
+    or
+    result = this.(EnumConstantAccess).getTarget().getValue().toBigInt()
+    or
+    result = -this.(UnaryMinusExpr).getOperand().getFullyConverted().getValue().toBigInt()
+    or
+    result = this.(UnaryPlusExpr).getOperand().getFullyConverted().getValue().toBigInt()
+    or
+    result = this.(NotExpr).getOperand().getFullyConverted().getValue().toBigInt().bitNot()
+    or
+    exists(BinaryOperation op, QlBuiltins::BigInt left, QlBuiltins::BigInt right |
+      op = this and
+      left = op.getLeftOperand().getFullyConverted().getValue().toBigInt() and
+      right = op.getRightOperand().getFullyConverted().getValue().toBigInt()
+    |
+      op instanceof AddExpr and
+      result = left + right
+      or
+      op instanceof SubExpr and
+      result = left - right
+      or
+      op instanceof MulExpr and
+      result = left * right
+      or
+      op instanceof DivExpr and
+      result = left / right
+      or
+      op instanceof RemExpr and
+      result = left % right
+      or
+      op instanceof BitwiseAndExpr and
+      result = left.bitAnd(right)
+      or
+      op instanceof BitwiseOrExpr and
+      result = left.bitOr(right)
+      or
+      op instanceof BitwiseXorExpr and
+      result = left.bitXor(right)
+      or
+      op instanceof RShiftExpr and
+      result = left.bitShiftRightSigned(right.toInt())
+      or
+      op instanceof LShiftExpr and
+      result = left.bitShiftLeft(right.toInt())
+    )
+  }
+}

cpp/common/src/codingstandards/cpp/exclusions/cpp/Conversions.qll

@@ -0,0 +1,129 @@
+//** THIS FILE IS AUTOGENERATED, DO NOT MODIFY DIRECTLY.  **/
+import cpp
+import RuleMetadata
+import codingstandards.cpp.exclusions.RuleMetadata
+
+newtype ConversionsQuery =
+  TNoConversionFromBoolQuery() or
+  TNoImplicitBoolConversionQuery() or
+  TNoCharacterNumericalValueQuery() or
+  TInappropriateBitwiseOrShiftOperandsQuery() or
+  TNoSignednessChangeFromPromotionQuery() or
+  TNumericAssignmentTypeMismatchQuery() or
+  TFunctionPointerConversionContextQuery()
+
+predicate isConversionsQueryMetadata(Query query, string queryId, string ruleId, string category) {
+  query =
+    // `Query` instance for the `noConversionFromBool` query
+    ConversionsPackage::noConversionFromBoolQuery() and
+  queryId =
+    // `@id` for the `noConversionFromBool` query
+    "cpp/misra/no-conversion-from-bool" and
+  ruleId = "RULE-7-0-1" and
+  category = "required"
+  or
+  query =
+    // `Query` instance for the `noImplicitBoolConversion` query
+    ConversionsPackage::noImplicitBoolConversionQuery() and
+  queryId =
+    // `@id` for the `noImplicitBoolConversion` query
+    "cpp/misra/no-implicit-bool-conversion" and
+  ruleId = "RULE-7-0-2" and
+  category = "required"
+  or
+  query =
+    // `Query` instance for the `noCharacterNumericalValue` query
+    ConversionsPackage::noCharacterNumericalValueQuery() and
+  queryId =
+    // `@id` for the `noCharacterNumericalValue` query
+    "cpp/misra/no-character-numerical-value" and
+  ruleId = "RULE-7-0-3" and
+  category = "required"
+  or
+  query =
+    // `Query` instance for the `inappropriateBitwiseOrShiftOperands` query
+    ConversionsPackage::inappropriateBitwiseOrShiftOperandsQuery() and
+  queryId =
+    // `@id` for the `inappropriateBitwiseOrShiftOperands` query
+    "cpp/misra/inappropriate-bitwise-or-shift-operands" and
+  ruleId = "RULE-7-0-4" and
+  category = "required"
+  or
+  query =
+    // `Query` instance for the `noSignednessChangeFromPromotion` query
+    ConversionsPackage::noSignednessChangeFromPromotionQuery() and
+  queryId =
+    // `@id` for the `noSignednessChangeFromPromotion` query
+    "cpp/misra/no-signedness-change-from-promotion" and
+  ruleId = "RULE-7-0-5" and
+  category = "required"
+  or
+  query =
+    // `Query` instance for the `numericAssignmentTypeMismatch` query
+    ConversionsPackage::numericAssignmentTypeMismatchQuery() and
+  queryId =
+    // `@id` for the `numericAssignmentTypeMismatch` query
+    "cpp/misra/numeric-assignment-type-mismatch" and
+  ruleId = "RULE-7-0-6" and
+  category = "required"
+  or
+  query =
+    // `Query` instance for the `functionPointerConversionContext` query
+    ConversionsPackage::functionPointerConversionContextQuery() and
+  queryId =
+    // `@id` for the `functionPointerConversionContext` query
+    "cpp/misra/function-pointer-conversion-context" and
+  ruleId = "RULE-7-11-3" and
+  category = "required"
+}
+
+module ConversionsPackage {
+  Query noConversionFromBoolQuery() {
+    //autogenerate `Query` type
+    result =
+      // `Query` type for `noConversionFromBool` query
+      TQueryCPP(TConversionsPackageQuery(TNoConversionFromBoolQuery()))
+  }
+
+  Query noImplicitBoolConversionQuery() {
+    //autogenerate `Query` type
+    result =
+      // `Query` type for `noImplicitBoolConversion` query
+      TQueryCPP(TConversionsPackageQuery(TNoImplicitBoolConversionQuery()))
+  }
+
+  Query noCharacterNumericalValueQuery() {
+    //autogenerate `Query` type
+    result =
+      // `Query` type for `noCharacterNumericalValue` query
+      TQueryCPP(TConversionsPackageQuery(TNoCharacterNumericalValueQuery()))
+  }
+
+  Query inappropriateBitwiseOrShiftOperandsQuery() {
+    //autogenerate `Query` type
+    result =
+      // `Query` type for `inappropriateBitwiseOrShiftOperands` query
+      TQueryCPP(TConversionsPackageQuery(TInappropriateBitwiseOrShiftOperandsQuery()))
+  }
+
+  Query noSignednessChangeFromPromotionQuery() {
+    //autogenerate `Query` type
+    result =
+      // `Query` type for `noSignednessChangeFromPromotion` query
+      TQueryCPP(TConversionsPackageQuery(TNoSignednessChangeFromPromotionQuery()))
+  }
+
+  Query numericAssignmentTypeMismatchQuery() {
+    //autogenerate `Query` type
+    result =
+      // `Query` type for `numericAssignmentTypeMismatch` query
+      TQueryCPP(TConversionsPackageQuery(TNumericAssignmentTypeMismatchQuery()))
+  }
+
+  Query functionPointerConversionContextQuery() {
+    //autogenerate `Query` type
+    result =
+      // `Query` type for `functionPointerConversionContext` query
+      TQueryCPP(TConversionsPackageQuery(TFunctionPointerConversionContextQuery()))
+  }
+}