MisraType: Avoid misuse of getSize()

lcartey · lcartey · commit 94cfcda31cc7 · 2025-08-21T10:27:19.000+01:00
diff --git a/cpp/misra/src/codingstandards/cpp/misra/BuiltInTypeRules.qll b/cpp/misra/src/codingstandards/cpp/misra/BuiltInTypeRules.qll
@@ -93,8 +93,11 @@ newtype Signedness =
 * - Typedefs to built in types
 * - References to built in types
 * - Enum types with an explicit underlying type that is a built-in type.
+ *
+ * Note: this does not extend `Type` directly, to prevent accidental use of `getSize()`, which
+ * returns the "wrong" size for e.g. reference types.
 */
-class MisraBuiltInType extends Type{
+class MisraBuiltInType extends Element{
 // The built in type underlying this MISRA built in type
 BuiltInType builtInType;
 
@@ -108,6 +111,8 @@ class MisraBuiltInType extends Type{
 TypeCategory getTypeCategory(){result = getBuiltInTypeCategory(builtInType) }
 
 predicate isSameType(MisraBuiltInType other){this.getBuiltInType() = other.getBuiltInType() }
+
+ string getName(){result = this.(Type).getName() }
 }
 
 class CharacterType extends MisraBuiltInType{
@@ -298,13 +303,13 @@ CanonicalIntegerNumericType getBitFieldType(BitField bf){
 bitfieldActualType = bf.getType() and
 // Integral type with the same signedness as the bit field, and big enough to hold the bit field value
 result.getSignedness() = bitfieldActualType.getSignedness() and
- result.getSize() * 8 >= bf.getNumBits() and
+ result.getBuiltInSize() * 8 >= bf.getNumBits() and
 // No smaller integral type can hold the bit field value
 not exists(CanonicalIntegerNumericType other |
- other.getSize() * 8 >= bf.getNumBits() and
+ other.getBuiltInSize() * 8 >= bf.getNumBits() and
 other.getSignedness() = result.getSignedness()
 |
- other.getSize() < result.getBuiltInSize()
+ other.getBuiltInSize() < result.getBuiltInSize()
 )
 )
 }
diff --git a/cpp/misra/src/rules/RULE-7-0-4/InappropriateBitwiseOrShiftOperands.ql b/cpp/misra/src/rules/RULE-7-0-4/InappropriateBitwiseOrShiftOperands.ql
@@ -45,7 +45,7 @@ predicate isSignedConstantLeftShiftException(LShiftExpr shift){
 leftVal = left.getValue().toBigInt() and
 rightVal = right.getValue().toInt() and
 leftVal >= 0.toBigInt() and
- maxBit = leftType.getSize() * 8 - 1 and
+ maxBit = leftType.getBuiltInSize() * 8 - 1 and
 // Check that no set bit is shifted into or beyond the sign bit
 leftVal * 2.toBigInt().pow(rightVal) < 2.toBigInt().pow(maxBit)
 )

-Original file line number
+Diff line change
  * - Typedefs to built in types
  * - References to built in types
  * - Enum types with an explicit underlying type that is a built-in type.
 + *
 + * Note: this does not extend `Type` directly, to prevent accidental use of `getSize()`, which
 + * returns the "wrong" size for e.g. reference types.
  */
 -classMisraBuiltInTypeextendsType{
 +classMisraBuiltInTypeextendsElement{
 // The built in type underlying this MISRA built in type
 BuiltInTypebuiltInType;
 TypeCategorygetTypeCategory(){result=getBuiltInTypeCategory(builtInType)}
 predicateisSameType(MisraBuiltInTypeother){this.getBuiltInType()=other.getBuiltInType()}
++
 +stringgetName(){result=this.(Type).getName()}
+}
 classCharacterTypeextendsMisraBuiltInType{
 bitfieldActualType=bf.getType()and
 // Integral type with the same signedness as the bit field, and big enough to hold the bit field value
 result.getSignedness()=bitfieldActualType.getSignedness()and
 -result.getSize()*8>=bf.getNumBits()and
 +result.getBuiltInSize()*8>=bf.getNumBits()and
 // No smaller integral type can hold the bit field value
 notexists(CanonicalIntegerNumericTypeother|
 -other.getSize()*8>=bf.getNumBits()and
 +other.getBuiltInSize()*8>=bf.getNumBits()and
 other.getSignedness()=result.getSignedness()
+|
 -other.getSize()<result.getBuiltInSize()
 +other.getBuiltInSize()<result.getBuiltInSize()
+)
+)
+}
Original file line number	Diff line number	Diff line change
`@@ -45,7 +45,7 @@ predicate isSignedConstantLeftShiftException(LShiftExpr shift){`
`45`	`45`	`leftVal=left.getValue().toBigInt()and`
`46`	`46`	`rightVal=right.getValue().toInt()and`
`47`	`47`	`leftVal>=0.toBigInt()and`
`48`		`-maxBit=leftType.getSize()*8-1and`
	`48`	`+maxBit=leftType.getBuiltInSize()*8-1and`
`49`	`49`	`// Check that no set bit is shifted into or beyond the sign bit`
`50`	`50`	`leftVal*2.toBigInt().pow(rightVal)<2.toBigInt().pow(maxBit)`
`51`	`51`	`)`