CON40-C

Author: jsinglet

.vscode/settings.json

@@ -0,0 +1,6 @@
+{
+    "files.associations": {
+        "atomic": "c",
+        "memory": "c"
+    }
+}

c/cert/src/rules/CON39-C/ThreadWasPreviouslyJoinedOrDetached.md

@@ -0,0 +1,18 @@
+# CON39-C: Do not join or detach a thread that was previously joined or detached
+
+This query implements the CERT-C rule CON39-C:
+
+> Do not join or detach a thread that was previously joined or detached
+
+
+## CERT
+
+** REPLACE THIS BY RUNNING THE SCRIPT `scripts/help/cert-help-extraction.py` **
+
+## Implementation notes
+
+None
+
+## References
+
+* CERT-C: [CON39-C: Do not join or detach a thread that was previously joined or detached](https://wiki.sei.cmu.edu/confluence/display/c)

c/cert/src/rules/CON39-C/ThreadWasPreviouslyJoinedOrDetached.ql

@@ -0,0 +1,40 @@
+/**
+ * @id c/cert/thread-was-previously-joined-or-detached
+ * @name CON39-C: Do not join or detach a thread that was previously joined or detached
+ * @description Joining or detaching a previously joined or detached thread can lead to undefined
+ *              program behavior.
+ * @kind problem
+ * @precision high
+ * @problem.severity error
+ * @tags external/cert/id/con39-c
+ *       correctness
+ *       concurrency
+ *       external/cert/obligation/rule
+ */
+
+import cpp
+import codingstandards.c.cert
+
+
+
+/**
+ * Strategy for this one is to ensure that there are not two sinks to thrd_join
+   or thrd_detach for a given 
+
+
+   Truth table:
+
+   Error if:
+
+   thread calls detach, parent calls join
+   thread calls 
+
+   Make sure there aren't multiple calls to join? Very had to do in practice. 
+
+   You should call join OR detach, but not both. 
+ */
+
+from
+where
+  not isExcluded(x, Concurrency5Package::threadWasPreviouslyJoinedOrDetachedQuery()) and
+select

c/cert/src/rules/CON40-C/AtomicVariableTwiceInExpression.md

@@ -0,0 +1,18 @@
+# CON40-C: Do not refer to an atomic variable twice in an expression
+
+This query implements the CERT-C rule CON40-C:
+
+> Do not refer to an atomic variable twice in an expression
+
+
+## CERT
+
+** REPLACE THIS BY RUNNING THE SCRIPT `scripts/help/cert-help-extraction.py` **
+
+## Implementation notes
+
+None
+
+## References
+
+* CERT-C: [CON40-C: Do not refer to an atomic variable twice in an expression](https://wiki.sei.cmu.edu/confluence/display/c)

c/cert/src/rules/CON40-C/AtomicVariableTwiceInExpression.ql

@@ -0,0 +1,47 @@
+/**
+ * @id c/cert/atomic-variable-twice-in-expression
+ * @name CON40-C: Do not refer to an atomic variable twice in an expression
+ * @description Atomic variables that are referred to twice in the same expression can produce
+ *              unpredictable program behavior.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity error
+ * @tags external/cert/id/con40-c
+ *       correctness
+ *       concurrency
+ *       external/cert/obligation/rule
+ */
+
+import cpp
+import codingstandards.c.cert
+
+from MacroInvocation mi, Variable v, Locatable whereFound
+where
+  not isExcluded(whereFound, Concurrency5Package::atomicVariableTwiceInExpressionQuery()) and
+  (
+    // There isn't a way to safely use this construct in a away that is also
+    // possible the reliably detect so advise against using it.
+    (
+      mi.getMacroName() = ["atomic_store", "atomic_store_explicit"]
+      or
+      // This construct is generally safe, but must be used in a loop. To lower
+      // the false positive rate we don't look at the conditions of the loop and
+      // instead assume if it is found in a looping construct that it is likely
+      // related to the safety property.
+      mi.getMacroName() = ["atomic_compare_exchange_weak", "atomic_compare_exchange_weak_explicit"] and
+      not exists(Loop l | mi.getAGeneratedElement().(Expr).getParent*() = l)
+    ) and
+    whereFound = mi
+  )
+  or
+  mi.getMacroName() = "ATOMIC_VAR_INIT" and
+  exists(Expr av |
+    av = mi.getAGeneratedElement() and
+    av = v.getAnAssignedValue() and
+    exists(Assignment m |
+      not m instanceof AssignXorExpr and
+      m.getLValue().(VariableAccess).getTarget() = v and
+      whereFound = m
+    )
+  )
+select mi, "Atomic variable possibly referred to twice in an $@.", whereFound, "expression"

c/cert/test/rules/CON39-C/ThreadWasPreviouslyJoinedOrDetached.expected

@@ -0,0 +1 @@
+No expected results have yet been specified

c/cert/test/rules/CON39-C/ThreadWasPreviouslyJoinedOrDetached.qlref

@@ -0,0 +1 @@
+rules/CON39-C/ThreadWasPreviouslyJoinedOrDetached.ql

c/cert/test/rules/CON39-C/test.c

@@ -0,0 +1,6 @@
+| test.c:6:19:6:40 | ATOMIC_VAR_INIT(value) | Atomic variable possibly referred to twice in an $@. | test.c:32:3:32:10 | ... += ... | expression |
+| test.c:6:19:6:40 | ATOMIC_VAR_INIT(value) | Atomic variable possibly referred to twice in an $@. | test.c:33:3:33:13 | ... = ... | expression |
+| test.c:10:3:10:23 | atomic_store(a,b) | Atomic variable possibly referred to twice in an $@. | test.c:10:3:10:23 | atomic_store(a,b) | expression |
+| test.c:11:3:11:35 | atomic_store_explicit(a,b,c) | Atomic variable possibly referred to twice in an $@. | test.c:11:3:11:35 | atomic_store_explicit(a,b,c) | expression |
+| test.c:24:3:24:48 | atomic_compare_exchange_weak(a,b,c) | Atomic variable possibly referred to twice in an $@. | test.c:24:3:24:48 | atomic_compare_exchange_weak(a,b,c) | expression |
+| test.c:25:3:26:45 | atomic_compare_exchange_weak_explicit(a,b,c,d,e) | Atomic variable possibly referred to twice in an $@. | test.c:25:3:26:45 | atomic_compare_exchange_weak_explicit(a,b,c,d,e) | expression |

c/cert/test/rules/CON40-C/AtomicVariableTwiceInExpression.expected

@@ -0,0 +1 @@
+rules/CON40-C/AtomicVariableTwiceInExpression.ql

c/cert/test/rules/CON40-C/AtomicVariableTwiceInExpression.qlref

@@ -0,0 +1,34 @@
+#include <stdatomic.h>
+#include <stdbool.h>
+
+static bool fl1 = ATOMIC_VAR_INIT(false);
+static bool fl2 = ATOMIC_VAR_INIT(false);
+static bool fl3 = ATOMIC_VAR_INIT(false);
+static bool fl4 = ATOMIC_VAR_INIT(false);
+
+void f1() {
+  atomic_store(&fl1, 0);             // NON_COMPLIANT
+  atomic_store_explicit(&fl1, 0, 0); // NON_COMPLIANT
+}
+
+void f2() {
+  do {
+  } while (!atomic_compare_exchange_weak(&fl2, &fl2, &fl2)); // COMPLIANT
+
+  do {
+  } while (!atomic_compare_exchange_weak_explicit(&fl2, &fl2, &fl2, &fl2,
+                                                  &fl2)); // COMPLIANT
+}
+
+void f3() {
+  atomic_compare_exchange_weak(&fl2, &fl2, &fl2); // NON_COMPLIANT
+  atomic_compare_exchange_weak_explicit(&fl2, &fl2, &fl2, &fl2,
+                                        &fl2); // NON_COMPLIANT
+}
+
+void f4() { fl3 ^= true; }
+
+void f5() {
+  fl3 += 1;    // NON_COMPLIANT
+  fl3 = 1 + 1; // NON_COMPLIANT
+}

c/cert/test/rules/CON40-C/test.c

@@ -1,2 +1,7 @@
 #define atomic_compare_exchange_weak(a, b, c) 0
 #define atomic_compare_exchange_weak_explicit(a, b, c, d, e) 0
+#define atomic_load(a) 0
+#define atomic_load_explicit(a, b)
+#define atomic_store(a, b) 0
+#define atomic_store_explicit(a,b,c) 0
+#define ATOMIC_VAR_INIT(value) (value)

c/common/test/includes/standard-library/stdatomic.h

@@ -0,0 +1,42 @@
+//** THIS FILE IS AUTOGENERATED, DO NOT MODIFY DIRECTLY.  **/
+import cpp
+import RuleMetadata
+import codingstandards.cpp.exclusions.RuleMetadata
+
+newtype Concurrency5Query =
+  TThreadWasPreviouslyJoinedOrDetachedQuery() or
+  TAtomicVariableTwiceInExpressionQuery()
+
+predicate isConcurrency5QueryMetadata(Query query, string queryId, string ruleId) {
+  query =
+    // `Query` instance for the `threadWasPreviouslyJoinedOrDetached` query
+    Concurrency5Package::threadWasPreviouslyJoinedOrDetachedQuery() and
+  queryId =
+    // `@id` for the `threadWasPreviouslyJoinedOrDetached` query
+    "c/cert/thread-was-previously-joined-or-detached" and
+  ruleId = "CON39-C"
+  or
+  query =
+    // `Query` instance for the `atomicVariableTwiceInExpression` query
+    Concurrency5Package::atomicVariableTwiceInExpressionQuery() and
+  queryId =
+    // `@id` for the `atomicVariableTwiceInExpression` query
+    "c/cert/atomic-variable-twice-in-expression" and
+  ruleId = "CON40-C"
+}
+
+module Concurrency5Package {
+  Query threadWasPreviouslyJoinedOrDetachedQuery() {
+    //autogenerate `Query` type
+    result =
+      // `Query` type for `threadWasPreviouslyJoinedOrDetached` query
+      TQueryC(TConcurrency5PackageQuery(TThreadWasPreviouslyJoinedOrDetachedQuery()))
+  }
+
+  Query atomicVariableTwiceInExpressionQuery() {
+    //autogenerate `Query` type
+    result =
+      // `Query` type for `atomicVariableTwiceInExpression` query
+      TQueryC(TConcurrency5PackageQuery(TAtomicVariableTwiceInExpressionQuery()))
+  }
+}

cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency5.qll

@@ -7,6 +7,7 @@ import Concurrency1
 import Concurrency2
 import Concurrency3
 import Concurrency4
+import Concurrency5
 import Contracts1
 import Contracts3
 import Declarations1
@@ -39,6 +40,7 @@ newtype TCQuery =
   TConcurrency2PackageQuery(Concurrency2Query q) or
   TConcurrency3PackageQuery(Concurrency3Query q) or
   TConcurrency4PackageQuery(Concurrency4Query q) or
+  TConcurrency5PackageQuery(Concurrency5Query q) or
   TContracts1PackageQuery(Contracts1Query q) or
   TContracts3PackageQuery(Contracts3Query q) or
   TDeclarations1PackageQuery(Declarations1Query q) or
@@ -71,6 +73,7 @@ predicate isQueryMetadata(Query query, string queryId, string ruleId) {
   isConcurrency2QueryMetadata(query, queryId, ruleId) or
   isConcurrency3QueryMetadata(query, queryId, ruleId) or
   isConcurrency4QueryMetadata(query, queryId, ruleId) or
+  isConcurrency5QueryMetadata(query, queryId, ruleId) or
   isContracts1QueryMetadata(query, queryId, ruleId) or
   isContracts3QueryMetadata(query, queryId, ruleId) or
   isDeclarations1QueryMetadata(query, queryId, ruleId) or

cpp/common/src/codingstandards/cpp/exclusions/c/RuleMetadata.qll

@@ -0,0 +1,44 @@
+{
+  "CERT-C": {
+    "CON39-C": {
+      "properties": {
+        "obligation": "rule"
+      },
+      "queries": [
+        {
+          "description": "Joining or detaching a previously joined or detached thread can lead to undefined program behavior.",
+          "kind": "problem",
+          "name": "Do not join or detach a thread that was previously joined or detached",
+          "precision": "high",
+          "severity": "error",
+          "short_name": "ThreadWasPreviouslyJoinedOrDetached",
+          "tags": [
+            "correctness",
+            "concurrency"
+          ]
+        }
+      ],
+      "title": "Do not join or detach a thread that was previously joined or detached"
+    },
+    "CON40-C": {
+      "properties": {
+        "obligation": "rule"
+      },
+      "queries": [
+        {
+          "description": "Atomic variables that are referred to twice in the same expression can produce unpredictable program behavior.",
+          "kind": "problem",
+          "name": "Do not refer to an atomic variable twice in an expression",
+          "precision": "very-high",
+          "severity": "error",
+          "short_name": "AtomicVariableTwiceInExpression",
+          "tags": [
+            "correctness",
+            "concurrency"
+          ]
+        }
+      ],
+      "title": "Do not refer to an atomic variable twice in an expression"
+    }
+  }
+}