First working draft

jeongsoolee09 · jeongsoolee09 · commit fe2a3c420eb0 · 2026-01-20T13:57:09.000-05:00
diff --git a/cpp/misra/src/rules/RULE-8-7-1/PointerArithmeticFormsAnInvalidPointer.ql b/cpp/misra/src/rules/RULE-8-7-1/PointerArithmeticFormsAnInvalidPointer.ql
@@ -105,6 +105,11 @@ class ArrayAllocation extends TArrayAllocation {
     result = this.asStackAllocation().getLocation() or
     result = this.asDynamicAllocation().getLocation()
   }
+
+  DataFlow::Node getNode() {
+    result.asExpr() = this.asStackAllocation().getInitExpr() or
+    result.asConvertedExpr() = this.asDynamicAllocation()
+  }
 }
 
 class PointerFormation extends TPointerFormation {
@@ -147,21 +152,16 @@ class PointerFormation extends TPointerFormation {
 
 module TrackArrayConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node node) {
-    /* 1. Declaring / Initializing an array-type variable */
-    exists(ArrayAllocation arrayAllocation |
-      node.asExpr() = arrayAllocation.asStackAllocation().getInitExpr()
-    )
-    or
-    /* 2. Allocating dynamic memory as an array */
-    none() // TODO
+    exists(ArrayAllocation arrayAllocation | node = arrayAllocation.getNode())
   }
 
   predicate isSink(DataFlow::Node node) {
     exists(PointerFormation pointerFormation | node = pointerFormation.getNode())
   }
 }
 
-module TrackArray = DataFlow::Global<TrackArrayConfig>;
+import semmle.code.cpp.dataflow.new.TaintTracking
+module TrackArray = TaintTracking::Global<TrackArrayConfig>;
 
 private predicate arrayDeclarationAndAccess(
   DataFlow::Node arrayDeclarationNode, DataFlow::Node pointerFormationNode
diff --git a/cpp/misra/test/rules/RULE-8-7-1/test.cpp b/cpp/misra/test/rules/RULE-8-7-1/test.cpp
@@ -72,11 +72,11 @@ int main(int argc, char *argv[]) {
     num_of_elements_realloc = 6;
   }
 
-  int *array_malloc = (int *)std::malloc(num_of_elements_malloc * sizeof(int));
-  int *array_calloc = (int *)std::calloc(num_of_elements_calloc, sizeof(int));
+  int *array_malloc = (int *)malloc(num_of_elements_malloc * sizeof(int));
+  int *array_calloc = (int *)calloc(num_of_elements_calloc, sizeof(int));
 
   int *array_realloc =
-      (int *)std::realloc(array_malloc, num_of_elements_realloc * sizeof(int));
+      (int *)realloc(array_malloc, num_of_elements_realloc * sizeof(int));
 
   f1(array_malloc);
   f2(array_malloc);
