Michaelrfairhurst/package undefined behavior mismatched list delete

[MichaelRFairhurst]

Description

please enter the description of your change here

Change request type

• Release or process automation (GitHub workflows, internal scripts)
• Internal documentation
• External documentation
• Query files (.ql, .qll, .qls or unit tests)
• External scripts (analysis report or other code shipped as part of a release)

Rules with added or modified queries

• No rules added
• Queries have been added for the following rules:
  • RULE-4-1-3
• Queries have been modified for the following rules:
  • EXP51-CPP

Release change checklist

A change note (development_handbook.md#change-notes) is required for any pull request which modifies:

• The structure or layout of the release artifacts.
• The evaluation performance (memory, execution time) of an existing query.
• The results of an existing query in any circumstance.

If you are only adding new rule queries, a change note is not required.

Author: Is a change note required?

• Yes
• No

🚨🚨🚨
Reviewer: Confirm that format of shared queries (not the .qll file, the
.ql file that imports it) is valid by running them within VS Code.

• Confirmed

Reviewer: Confirm that either a change note is not required or the change note is required and has been added.

• Confirmed

Query development review checklist

For PRs that add new queries or modify existing queries, the following checklist should be completed by both the author and reviewer:

Author

• Have all the relevant rule package description files been checked in?
• Have you verified that the metadata properties of each new query is set appropriately?
• Do all the unit tests contain both "COMPLIANT" and "NON_COMPLIANT" cases?
• Are the alert messages properly formatted and consistent with the style guide?
• Have you run the queries on OpenPilot and verified that the performance and results are acceptable?
  As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.
• Does the query have an appropriate level of in-query comments/documentation?
• Have you considered/identified possible edge cases?
• Does the query not reinvent features in the standard library?
• Can the query be simplified further (not golfed!)

Reviewer

• Have all the relevant rule package description files been checked in?
• Have you verified that the metadata properties of each new query is set appropriately?
• Do all the unit tests contain both "COMPLIANT" and "NON_COMPLIANT" cases?
• Are the alert messages properly formatted and consistent with the style guide?
• Have you run the queries on OpenPilot and verified that the performance and results are acceptable?
  As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.
• Does the query have an appropriate level of in-query comments/documentation?
• Have you considered/identified possible edge cases?
• Does the query not reinvent features in the standard library?
• Can the query be simplified further (not golfed!)

[Copilot]

Pull request overview

Adds a new MISRA C++:2023 RULE-4-1-3 “Undefined / critical unspecified behavior” package and wires in shared query implementations so existing logic can be reused across C, CERT C++, and MISRA C++ rule sets.

Changes:

• Introduces a new rule_packages/cpp/Undefined.json package plus MISRA C++ RULE-4-1-3 query stubs and test scaffolding.
• Refactors/centralizes two existing rule implementations into shared libraries (PossibleDataRaceBetweenThreadsShared.qll, DoNotDeleteAnArrayThroughAPointerOfTheIncorrectTypeShared.qll) and reuses them from C and C++ rule queries.
• Updates CI workflows and adds change notes describing the refactors.

Reviewed changes

Copilot reviewed 42 out of 48 changed files in this pull request and generated 10 comments.

Show a summary per file

File	Description
rule_packages/cpp/Undefined.json	New C++ rule package definition for MISRA C++:2023 RULE-4-1-3 (undefined / critical unspecified behavior).
rule_packages/cpp/Freed.json	Adds shared_implementation_short_name metadata for reuse of the array-delete mismatch query.
rule_packages/c/Concurrency9.json	Adds shared_implementation_short_name metadata for reuse of the data-race query.
cpp/misra/test/rules/RULE-4-1-3/UndefinedBehaviorAudit.qlref	Adds test reference for the MISRA C++ audit query wrapper.
cpp/misra/test/rules/RULE-4-1-3/UndefinedBehaviorAudit.expected	Adds expected output file (currently empty) for the audit wrapper query.
cpp/misra/test/rules/RULE-4-1-3/UndefinedBehavior.qlref	Adds test reference for the MISRA C++ query wrapper.
cpp/misra/test/rules/RULE-4-1-3/UndefinedBehavior.expected	Adds expected output file (currently empty) for the wrapper query.
cpp/misra/test/rules/RULE-4-1-3/PossibleDataRaceBetweenThreads.testref	Points MISRA C++ rule testing to the shared data-race implementation test.
cpp/misra/test/rules/RULE-4-1-3/CriticalUnspecifiedBehaviorAudit.qlref	Adds test reference for the MISRA C++ audit query wrapper.
cpp/misra/test/rules/RULE-4-1-3/CriticalUnspecifiedBehaviorAudit.expected	Adds expected output file (currently empty) for the audit wrapper query.
cpp/misra/test/rules/RULE-4-1-3/CriticalUnspecifiedBehavior.qlref	Adds test reference for the MISRA C++ query wrapper.
cpp/misra/test/rules/RULE-4-1-3/CriticalUnspecifiedBehavior.expected	Adds expected output file (currently empty) for the wrapper query.
cpp/misra/test/rules/RULE-4-1-3/ArrayDeletedThroughPointerOfIncorrectType.testref	Points MISRA C++ rule testing to the shared array-delete mismatch implementation test.
cpp/misra/src/rules/RULE-4-1-3/UndefinedBehaviorAudit.ql	Adds MISRA C++ audit wrapper query stub (no implementation).
cpp/misra/src/rules/RULE-4-1-3/UndefinedBehavior.ql	Adds MISRA C++ wrapper query stub (no implementation).
cpp/misra/src/rules/RULE-4-1-3/PossibleDataRaceBetweenThreads.ql	Adds MISRA C++ query that instantiates the shared data-race implementation.
cpp/misra/src/rules/RULE-4-1-3/CriticalUnspecifiedBehaviorAudit.ql	Adds MISRA C++ audit wrapper query stub (no implementation).
cpp/misra/src/rules/RULE-4-1-3/CriticalUnspecifiedBehavior.ql	Adds MISRA C++ wrapper query stub (no implementation).
cpp/misra/src/rules/RULE-4-1-3/ArrayDeletedThroughPointerOfIncorrectType.ql	Adds MISRA C++ query that instantiates the shared array-delete mismatch implementation.
cpp/common/test/rules/possibledataracebetweenthreadsshared/test.cpp	Adds a C++ shared-implementation test case for the data-race query.
cpp/common/test/rules/possibledataracebetweenthreadsshared/PossibleDataRaceBetweenThreadsShared.ql	Adds generated test driver query to instantiate the shared data-race implementation.
cpp/common/test/rules/possibledataracebetweenthreadsshared/PossibleDataRaceBetweenThreadsShared.expected	Adds expected results for the shared C++ data-race test.
cpp/common/test/rules/donotdeleteanarraythroughapointeroftheincorrecttypeshared/test.cpp	Minor formatting adjustment in the shared array-delete mismatch test source.
cpp/common/test/rules/donotdeleteanarraythroughapointeroftheincorrecttypeshared/DoNotDeleteAnArrayThroughAPointerOfTheIncorrectTypeShared.ql	Adds generated test driver query to instantiate the shared array-delete mismatch implementation.
cpp/common/test/rules/donotdeleteanarraythroughapointeroftheincorrecttypeshared/DoNotDeleteAnArrayThroughAPointerOfTheIncorrectTypeShared.expected	Adds expected results for the shared array-delete mismatch test.
cpp/common/src/codingstandards/cpp/rules/possibledataracebetweenthreadsshared/PossibleDataRaceBetweenThreadsShared.qll	New shared library implementing the possible data-race detection logic.
cpp/common/src/codingstandards/cpp/rules/donotdeleteanarraythroughapointeroftheincorrecttypeshared/DoNotDeleteAnArrayThroughAPointerOfTheIncorrectTypeShared.qll	New shared library implementing the array-delete type mismatch path-problem logic.
cpp/common/src/codingstandards/cpp/exclusions/cpp/Undefined.qll	New autogenerated exclusions/metadata wiring for the new Undefined package.
cpp/common/src/codingstandards/cpp/exclusions/cpp/RuleMetadata.qll	Registers the new Undefined package in global metadata wiring.
cpp/cert/test/rules/EXP51-CPP/DoNotDeleteAnArrayThroughAPointerOfTheIncorrectType.testref	Redirects CERT EXP51-CPP testing to the shared implementation test.
cpp/cert/test/rules/EXP51-CPP/DoNotDeleteAnArrayThroughAPointerOfTheIncorrectType.qlref	Removes direct test reference to the production EXP51-CPP query.
cpp/cert/test/rules/EXP51-CPP/DoNotDeleteAnArrayThroughAPointerOfTheIncorrectType.expected	Removes the old expected output (now covered by shared implementation tests).
cpp/cert/src/rules/EXP51-CPP/DoNotDeleteAnArrayThroughAPointerOfTheIncorrectType.ql	Refactors the CERT query to instantiate the shared array-delete mismatch implementation.
change_notes/2026-03-13-share-array-delete-type-mismatch-query.md	Change note for the shared refactor of EXP51-CPP array-delete mismatch logic.
change_notes/2026-03-09-possible-data-race-between-threads-shared.md	Change note for the shared refactor of DIR-5-1 possible data-race logic.
c/misra/test/rules/DIR-5-1/PossibleDataRaceBetweenThreads.testref	Redirects MISRA C DIR-5-1 testing to the shared implementation test.
c/misra/test/rules/DIR-5-1/PossibleDataRaceBetweenThreads.qlref	Removes direct test reference to the production DIR-5-1 query.
c/misra/src/rules/DIR-5-1/PossibleDataRaceBetweenThreads.ql	Refactors the MISRA C query to instantiate the shared data-race implementation.
c/common/test/rules/possibledataracebetweenthreadsshared/test.c	Adds a C shared-implementation test case for the data-race query.
c/common/test/rules/possibledataracebetweenthreadsshared/PossibleDataRaceBetweenThreadsShared.ql	Adds generated test driver query to instantiate the shared data-race implementation (C config).
c/common/test/rules/possibledataracebetweenthreadsshared/PossibleDataRaceBetweenThreadsShared.expected	Adds expected results for the shared C data-race test.
.github/workflows/validate-query-test-case-formatting.yml	Adds an explicit branch name to the workflow trigger list.
.github/workflows/validate-query-help.yml	Adds an explicit branch name to the workflow trigger list.
.github/workflows/validate-query-formatting.yml	Adds an explicit branch name to the workflow trigger list.
.github/workflows/validate-package-files.yml	Adds an explicit branch name to the workflow trigger list.
.github/workflows/tooling-unit-tests.yml	Adds an explicit branch name to the workflow trigger list.
.github/workflows/extra-rule-validation.yml	Adds an explicit branch name to the workflow trigger list.
.github/workflows/codeql_unit_tests.yml	Adds an explicit branch name to the workflow trigger list.

[Copilot]

Pull request overview

Adds support for MISRA C++-2023 RULE-4-1-3 (undefined/critical unspecified behavior) by introducing a new rule package and reusing/refactoring existing checks into shared CodeQL libraries.

Changes:

• Added RULE-4-1-3 rule package JSON and corresponding MISRA C++ query stubs/wrappers.
• Refactored “possible data race between threads” and “array delete through incorrect type” into shared .qll libraries and wired them into MISRA/CERT/C rule queries.
• Added/updated unit test references and expected outputs; added change notes; updated CI workflow branch triggers.

Reviewed changes

Copilot reviewed 42 out of 48 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
rule_packages/cpp/Undefined.json	New MISRA C++-2023 RULE-4-1-3 package entries and shared-impl wiring
rule_packages/cpp/Freed.json	Adds shared implementation short name for delete-type-mismatch query
rule_packages/c/Concurrency9.json	Adds shared implementation short name for data-race query
cpp/misra/test/rules/RULE-4-1-3/UndefinedBehaviorAudit.qlref	Adds test reference for new MISRA query
cpp/misra/test/rules/RULE-4-1-3/UndefinedBehavior.qlref	Adds test reference for new MISRA query
cpp/misra/test/rules/RULE-4-1-3/CriticalUnspecifiedBehaviorAudit.qlref	Adds test reference for new MISRA query
cpp/misra/test/rules/RULE-4-1-3/CriticalUnspecifiedBehavior.qlref	Adds test reference for new MISRA query
cpp/misra/test/rules/RULE-4-1-3/PossibleDataRaceBetweenThreads.testref	Points MISRA test at shared data-race test query
cpp/misra/test/rules/RULE-4-1-3/ArrayDeletedThroughPointerOfIncorrectType.testref	Points MISRA test at shared delete-type-mismatch test query
cpp/misra/src/rules/RULE-4-1-3/UndefinedBehaviorAudit.ql	New MISRA query stub/wrapper for audit rule
cpp/misra/src/rules/RULE-4-1-3/UndefinedBehavior.ql	New MISRA query stub/wrapper for required rule
cpp/misra/src/rules/RULE-4-1-3/PossibleDataRaceBetweenThreads.ql	MISRA wrapper importing shared data-race library
cpp/misra/src/rules/RULE-4-1-3/CriticalUnspecifiedBehaviorAudit.ql	New MISRA query stub/wrapper for audit rule
cpp/misra/src/rules/RULE-4-1-3/CriticalUnspecifiedBehavior.ql	New MISRA query stub/wrapper for required rule
cpp/misra/src/rules/RULE-4-1-3/ArrayDeletedThroughPointerOfIncorrectType.ql	MISRA wrapper importing shared delete-type-mismatch library
cpp/common/test/rules/possibledataracebetweenthreadsshared/test.cpp	New C++ test case for shared data-race query
cpp/common/test/rules/possibledataracebetweenthreadsshared/PossibleDataRaceBetweenThreadsShared.ql	Generated test query for shared data-race library
cpp/common/test/rules/possibledataracebetweenthreadsshared/PossibleDataRaceBetweenThreadsShared.expected	Expected results for shared data-race test
cpp/common/test/rules/donotdeleteanarraythroughapointeroftheincorrecttypeshared/DoNotDeleteAnArrayThroughAPointerOfTheIncorrectTypeShared.ql	Generated test query for shared delete-type-mismatch library
cpp/common/test/rules/donotdeleteanarraythroughapointeroftheincorrecttypeshared/DoNotDeleteAnArrayThroughAPointerOfTheIncorrectTypeShared.expected	Expected results for shared delete-type-mismatch test
cpp/common/src/codingstandards/cpp/rules/possibledataracebetweenthreadsshared/PossibleDataRaceBetweenThreadsShared.qll	New shared library for data-race detection
cpp/common/src/codingstandards/cpp/rules/donotdeleteanarraythroughapointeroftheincorrecttypeshared/DoNotDeleteAnArrayThroughAPointerOfTheIncorrectTypeShared.qll	New shared library for delete-type-mismatch detection
cpp/common/src/codingstandards/cpp/exclusions/cpp/Undefined.qll	Autogenerated exclusions + metadata mapping for new package
cpp/common/src/codingstandards/cpp/exclusions/cpp/RuleMetadata.qll	Wires new Undefined package into global metadata dispatch
cpp/cert/test/rules/EXP51-CPP/test.cpp	Formatting-only fix to test file
cpp/cert/test/rules/EXP51-CPP/DoNotDeleteAnArrayThroughAPointerOfTheIncorrectType.testref	Switches CERT test to shared query
cpp/cert/test/rules/EXP51-CPP/DoNotDeleteAnArrayThroughAPointerOfTheIncorrectType.qlref	Removes old direct query reference
cpp/cert/test/rules/EXP51-CPP/DoNotDeleteAnArrayThroughAPointerOfTheIncorrectType.expected	Removes old expected output file (now covered via shared test)
cpp/cert/src/rules/EXP51-CPP/DoNotDeleteAnArrayThroughAPointerOfTheIncorrectType.ql	Refactors CERT query to use shared library
change_notes/2026-03-13-share-array-delete-type-mismatch-query.md	Change note for shared delete-type-mismatch refactor
change_notes/2026-03-09-possible-data-race-between-threads-shared.md	Change note for shared data-race refactor
c/misra/test/rules/DIR-5-1/PossibleDataRaceBetweenThreads.testref	Switches C MISRA test to shared query
c/misra/test/rules/DIR-5-1/PossibleDataRaceBetweenThreads.qlref	Removes old direct query reference
c/misra/src/rules/DIR-5-1/PossibleDataRaceBetweenThreads.ql	Refactors C MISRA query to use shared library
c/common/test/rules/possibledataracebetweenthreadsshared/test.c	New C test case for shared data-race query
c/common/test/rules/possibledataracebetweenthreadsshared/PossibleDataRaceBetweenThreadsShared.ql	Generated test query for shared data-race library (C config)
.github/workflows/validate-query-test-case-formatting.yml	Adds explicit branch trigger for feature branch
.github/workflows/validate-query-help.yml	Adds explicit branch trigger for feature branch
.github/workflows/validate-query-formatting.yml	Adds explicit branch trigger for feature branch
.github/workflows/validate-package-files.yml	Adds explicit branch trigger for feature branch
.github/workflows/tooling-unit-tests.yml	Adds explicit branch trigger for feature branch
.github/workflows/extra-rule-validation.yml	Adds explicit branch trigger for feature branch
.github/workflows/codeql_unit_tests.yml	Adds explicit branch trigger for feature branch

[Copilot]

Pull request overview

Copilot reviewed 35 out of 41 changed files in this pull request and generated 4 comments.

[Copilot]

This audit query currently cannot produce any results because the where clause contains none(), and it always selects the constant message "no implementation". If this is meant as a placeholder, consider documenting that explicitly and/or omitting it from the shipped query set until it has an implementation.

Suggested change

	from Element e
	where
	not isExcluded(e, UndefinedPackage::undefinedBehaviorAuditQuery()) and
	none()
	select e, "no implementation"
	from Function f
	where
	not isExcluded(f, UndefinedPackage::undefinedBehaviorAuditQuery())
	select f,
	"Review function $@ for undefined behavior as required by MISRA Rule 4-1-3.",
	f, f.getName()

[Copilot]

This audit query currently cannot produce any results because the where clause contains none(), and it always selects the constant message "no implementation". If the audit query is expected to surface actionable findings, it needs an implementation (or should be removed until implemented).

Suggested change

	none()
	1 = 0

[Copilot]

This query currently cannot produce any results because the where clause contains none(), and it always selects the constant message "no implementation". If this query is meant to ship as part of RULE-4-1-3, it should contain real detection logic (or be removed from the rule package until implemented), otherwise the rule will silently report no findings.

Suggested change

	from Element e
	where
	not isExcluded(e, UndefinedPackage::undefinedBehaviorQuery()) and
	none()
	select e, "no implementation"
	from ShiftExpr s, IntegerLiteral shiftAmount
	where
	not isExcluded(s, UndefinedPackage::undefinedBehaviorQuery()) and
	shiftAmount = s.getRhs() and
	shiftAmount.getValue() < 0
	select
	s,
	"Shift operation '" + s.toString() + "' uses negative shift count '" +
	shiftAmount.toString() + "', which has undefined behavior."

[Copilot]

This query currently cannot produce any results because the where clause contains none(), and it always selects the constant message "no implementation". If this query is intended to be part of RULE-4-1-3, consider implementing actual detection logic or removing it from the rule package until it has meaningful results.

Suggested change

	from Element e
	where
	not isExcluded(e, UndefinedPackage::criticalUnspecifiedBehaviorQuery()) and
	none()
	select e, "no implementation"
	from FunctionCall call, Expr arg1, Expr arg2, Variable v
	where
	arg1 = call.getAnArgument() and
	arg2 = call.getAnArgument() and
	arg1 != arg2 and
	exists(PostfixExpr pe, VariableAccess va1 |
	pe = arg1 and
	(pe.getOperator() = "++" or pe.getOperator() = "--") and
	va1 = pe.getBaseExpr() and
	v = va1.getTarget()
	) and
	exists(VariableAccess va2 |
	va2 = arg2 and
	va2.getTarget() = v
	) and
	not isExcluded(call, UndefinedPackage::criticalUnspecifiedBehaviorQuery())
	select call, call.getCallee(),
	"Call to function $@ has arguments that may cause critical unspecified behavior."