Add critical unspecified behavior for signed integer overflow#1082
Open
MichaelRFairhurst wants to merge 2 commits intomichaelrfairhurst/package-undefined-behaviorfrom
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds a new MISRA C++ 2023 RULE-4-1-3 query for signed integer overflow/underflow by reusing (and introducing) a shared CodeQL implementation that is also used to refactor the existing CERT C INT32-C rule query.
Changes:
- Added a new MISRA C++ query (
RULE-4-1-3) for signed integer overflow using a shared implementation. - Refactored CERT C
INT32-Cto use the new shared library module. - Added/updated shared-library unit tests and updated package/exclusion metadata plus a change note.
Reviewed changes
Copilot reviewed 14 out of 16 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| rule_packages/cpp/Undefined.json | Adds the new RULE-4-1-3 query entry for signed integer overflow. |
| rule_packages/c/IntegerOverflow.json | Links INT32-C’s query to the shared implementation via shared_implementation_short_name. |
| cpp/misra/test/rules/RULE-4-1-3/SignedIntegerOverflow.testref | Points MISRA RULE-4-1-3 testing to the shared test suite. |
| cpp/misra/src/rules/RULE-4-1-3/SignedIntegerOverflow.ql | Adds the new MISRA query wrapper that instantiates the shared module. |
| cpp/common/test/rules/signedintegeroverflowshared/test.cpp | Adds C++ test cases (COMPLIANT/NON_COMPLIANT) for the shared overflow logic. |
| cpp/common/test/rules/signedintegeroverflowshared/SignedIntegerOverflowShared.ql | Test driver query for the shared module (generated). |
| cpp/common/test/rules/signedintegeroverflowshared/SignedIntegerOverflowShared.expected | Expected results for the C++ shared-module tests. |
| cpp/common/src/codingstandards/cpp/rules/signedintegeroverflowshared/SignedIntegerOverflowShared.qll | Introduces the reusable shared query logic for signed integer overflow/underflow. |
| cpp/common/src/codingstandards/cpp/exclusions/cpp/Undefined.qll | Registers the new MISRA query in the Undefined package metadata/exclusions mapping. |
| change_notes/2026-03-13-share-signed-integer-overflow-query.md | Documents the refactor for INT32-C into a shared library for reuse. |
| c/common/test/rules/signedintegeroverflowshared/test.c | Adds C test cases for the shared overflow logic. |
| c/common/test/rules/signedintegeroverflowshared/SignedIntegerOverflowShared.ql | Test driver query for the shared module in the C test suite (generated). |
| c/common/test/rules/signedintegeroverflowshared/SignedIntegerOverflowShared.expected | Fixes/aligns expected results formatting for the C shared-module tests. |
| c/cert/test/rules/INT32-C/SignedIntegerOverflow.testref | Points INT32-C testing to the shared test suite. |
| c/cert/test/rules/INT32-C/SignedIntegerOverflow.qlref | Removes the old direct test reference in favor of .testref. |
| c/cert/src/rules/INT32-C/SignedIntegerOverflow.ql | Refactors INT32-C query to instantiate the shared module. |
| } | ||
|
|
||
| void test_sub_precheck(signed int i1, signed int i2) { | ||
| // Style recomended by CERT |
Comment on lines
+4
to
+5
| * The multiplication of two signed integers can lead to underflow or overflow and | ||
| * therefore undefined behavior. |
Comment on lines
+74
to
+77
| "description": "Signed integer overflow or underflow from arithmetic operations results in critical unspecified behavior.", | ||
| "kind": "problem", | ||
| "name": "Signed integer overflow leads to critical unspecified behavior", | ||
| "precision": "medium", |
Comment on lines
+3
to
+5
| * @name RULE-4-1-3: Signed integer overflow leads to critical unspecified behavior | ||
| * @description Signed integer overflow or underflow from arithmetic operations results in critical | ||
| * unspecified behavior. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
please enter the description of your change here
Change request type
.ql,.qll,.qlsor unit tests)Rules with added or modified queries
INT32-CRelease change checklist
A change note (development_handbook.md#change-notes) is required for any pull request which modifies:
If you are only adding new rule queries, a change note is not required.
Author: Is a change note required?
🚨🚨🚨
Reviewer: Confirm that format of shared queries (not the .qll file, the
.ql file that imports it) is valid by running them within VS Code.
Reviewer: Confirm that either a change note is not required or the change note is required and has been added.
Query development review checklist
For PRs that add new queries or modify existing queries, the following checklist should be completed by both the author and reviewer:
Author
As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.
Reviewer
As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.