`M0-1-10`: Functions called from int32_t main() are not considered as "called"

[rak3-sh]

Affected rules

• M0-1-10

Description

The class MainFunction defined in EncapsulatingFunctions.qll doesn't consider int32_t main() as a "main" function. Due to this, multiple false positives get raised in case the user has defined main with int32_t return type.

Example

Definitions of func1 and func2 are left out for reasons of brevity.

namespace mains {
    static int32_t var;

    // @brief namespace_func
    static void namespace_func(void) noexcept { // FP: Function is reported as not called, but it is called from "main" below.
        mains::var = -1;
        return;
    }
}  // namespace

// @brief main
// @return exit code
int32_t main(void) {
    int32_t ret {0};
    try {
        ret = func1(); // FP: Reported as not called in the definition location
        mains::var += ret;
        ret = func2(); // FP: Reported as not called in the definition location
        mains::var += ret;
    }
    catch(...) { 
        mains::namespace_func(); // namespace_func is called here.
    }
    return ret; 
}

[rak3-sh]

A possible fix strategy would be to consider Int32_t type as well for MainFunction here. It works locally. Happy to provide a PR that can be reviewed and integrated. Kindly let me know.

class MainFunction extends MainLikeFunction {
  MainFunction() {
    hasGlobalName("main") and
    (
      getType() instanceof IntType or
      getType() instanceof Int32_t
    )
  }
}

[lcartey]

Thanks for the report!

For a main function to be valid it needs to be using int, or an alias of int. So the above is only valid on platforms where int32_t is an alias for int. For this reason, I would suggest changing MainFunction to resolve typedefs, then perform the check against IntType, e.g.:

class MainFunction extends MainLikeFunction {
  MainFunction() {
    hasGlobalName("main") and
    (
      getType().resolveTypeDefs() instanceof IntType
    )
  }
}

This would also have the benefit of capturing mains which use other aliases for int.

[rak3-sh]

I agree .. your proposal sounds better! Thank you for your comments!

[rak3-sh]

I was wondering how to modify the test for this rule. The test case uses the int main version. If I create another C++ file with int32_t main, will the test infrastructure treat it as a separate test? Should this be added in a separate directory?

[rak3-sh]

@lcartey : Would it be OK to have a test for this here considering that the fix is inside the library - EncapsulatingFunctions.qll?

[lcartey]

Library tests can be added to this directory:
https://github.com/github/codeql-coding-standards/tree/main/cpp/common/test/library/codingstandards/cpp

And, just to confirm, you will need a separate test directory for each type of main you want to test.