Checkpoint

jeongsoolee09 · jeongsoolee09 · commit 69765a65438a · 2026-02-19T17:57:57.000-05:00
diff --git a/cpp/common/src/codingstandards/cpp/UnintializedMemoryAllocation.qll b/cpp/common/src/codingstandards/cpp/UnintializedMemoryAllocation.qll
@@ -0,0 +1,75 @@
+/**
+ * Provides models of functions in <memory> that deals with uninitialized memory.
+ */
+
+import cpp
+
+abstract class UninitializedMemoryManagementFunction extends Function {
+  UninitializedMemoryManagementFunction() {
+    this.getADeclarationLocation().getFile().getShortName() = "memory"
+  }
+}
+
+class UninitializedCopyFunction extends UninitializedMemoryManagementFunction {
+  UninitializedCopyFunction() { this.hasQualifiedName("std", "uninitialized_copy") }
+}
+
+class UninitializedCopyNFunction extends UninitializedMemoryManagementFunction {
+  UninitializedCopyNFunction() { this.hasQualifiedName("std", "uninitialized_copy_n") }
+}
+
+class UninitializedDefaultConstructFunction extends UninitializedMemoryManagementFunction {
+  UninitializedDefaultConstructFunction() {
+    this.hasQualifiedName("std", "uninitialized_default_construct")
+  }
+}
+
+class UninitializedDefaultConstructNFunction extends UninitializedMemoryManagementFunction {
+  UninitializedDefaultConstructNFunction() {
+    this.hasQualifiedName("std", "uninitialized_default_construct_n")
+  }
+}
+
+class UninitializedValueConstructFunction extends UninitializedMemoryManagementFunction {
+  UninitializedValueConstructFunction() {
+    this.hasQualifiedName("std", "uninitialized_value_construct")
+  }
+}
+
+class UninitializedValueConstructNFunction extends UninitializedMemoryManagementFunction {
+  UninitializedValueConstructNFunction() {
+    this.hasQualifiedName("std", "uninitialized_value_construct_n")
+  }
+}
+
+class UninitializedMoveFunction extends UninitializedMemoryManagementFunction {
+  UninitializedMoveFunction() { this.hasQualifiedName("std", "uninitialized_move") }
+}
+
+class UninitializedMoveNFunction extends UninitializedMemoryManagementFunction {
+  UninitializedMoveNFunction() { this.hasQualifiedName("std", "uninitialized_move_n") }
+}
+
+class UninitializedFillFunction extends UninitializedMemoryManagementFunction {
+  UninitializedFillFunction() { this.hasQualifiedName("std", "uninitialized_fill") }
+}
+
+class UninitializedFillNFunction extends UninitializedMemoryManagementFunction {
+  UninitializedFillNFunction() { this.hasQualifiedName("std", "uninitialized_fill_n") }
+}
+
+class DestroyFunction extends UninitializedMemoryManagementFunction {
+  DestroyFunction() { this.hasQualifiedName("std", "destroy") }
+}
+
+class DestroyNFunction extends UninitializedMemoryManagementFunction {
+  DestroyNFunction() { this.hasQualifiedName("std", "destroy_n") }
+}
+
+class DestroyAtFunction extends UninitializedMemoryManagementFunction {
+  DestroyAtFunction() { this.hasQualifiedName("std", "destroy_at") }
+}
+
+class LaunderFunction extends UninitializedMemoryManagementFunction {
+  LaunderFunction() { this.hasQualifiedName("std", "launder") }
+}
diff --git a/cpp/misra/src/rules/RULE-21-6-3/AdvancedMemoryManagementUsed.ql b/cpp/misra/src/rules/RULE-21-6-3/AdvancedMemoryManagementUsed.ql
@@ -15,8 +15,34 @@
 
 import cpp
 import codingstandards.cpp.misra
+import codingstandards.cpp.UnintializedMemoryAllocation
+import codingstandards.cpp.allocations.CustomOperatorNewDelete
 
-from
+class NonStandardNewOrNewArrayOperator extends CustomOperatorNewOrDelete {
+  NonStandardNewOrNewArrayOperator() {
+    this.getName() in ["operator new", "operator new[]"] and
+    not this instanceof CustomOperatorNew // `CustomOperatorNew` only detects replaceable allocation functions.
+  }
+}
+
+class NonStandardDeleteOrDeleteArrayOperator extends CustomOperatorNewOrDelete {
+  NonStandardDeleteOrDeleteArrayOperator() {
+    this.getName() in ["operator delete", "operator delete[]"] and
+    not this instanceof CustomOperatorDelete // `CustomOperatorDelete` only detects replaceable deallocation functions.
+  }
+}
+
+from Element element
 where
-  not isExcluded(x, Memory6Package::advancedMemoryManagementUsedQuery()) and
-select
+  not isExcluded(element, Memory6Package::advancedMemoryManagementUsedQuery()) and
+  (
+    /* The element is a call to one of the function at <memory> that manages uninitialized memory. */
+    element.(FunctionCall).getTarget() instanceof UninitializedMemoryManagementFunction or
+    /* The element is an explicit call to a destructor. */
+    element instanceof VacuousDestructorCall or
+    element instanceof DestructorCall or
+    /* The element is a declaration or a definition of operator `new` / `new[]` / `delete` / `delete[]`. */
+    element instanceof NonStandardNewOrNewArrayOperator or
+    element instanceof NonStandardDeleteOrDeleteArrayOperator
+  )
+select element, "TODO"
