RULE-8-2-6 - IntToPointerCastProhibited

lcartey · lcartey · commit 11ca8b3ea944 · 2025-08-17T23:39:30.000+01:00
Detects casts from integral, enumerated, or void pointer types to object
pointer types that may lead to unspecified behavior. [a]
diff --git a/cpp/misra/src/rules/RULE-8-2-6/IntToPointerCastProhibited.ql b/cpp/misra/src/rules/RULE-8-2-6/IntToPointerCastProhibited.ql
@@ -0,0 +1,43 @@
+/**
+ * @id cpp/misra/int-to-pointer-cast-prohibited
+ * @name RULE-8-2-6: An object with integral, enumerated, or pointer to void type shall not be cast to a pointer type
+ * @description Casting from an integral type, enumerated type, or pointer to void type to a pointer
+ *              type leads to unspecified behavior and is error prone.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity error
+ * @tags external/misra/id/rule-8-2-6
+ *       scope/single-translation-unit
+ *       external/misra/enforcement/decidable
+ *       external/misra/obligation/required
+ */
+
+import cpp
+import codingstandards.cpp.misra
+
+from Cast cast, Type sourceType, Type targetType
+where
+  not isExcluded(cast, Conversions2Package::intToPointerCastProhibitedQuery()) and
+  sourceType = cast.getExpr().getType().stripTopLevelSpecifiers() and
+  targetType = cast.getType().stripTopLevelSpecifiers() and
+  targetType instanceof PointerType and
+  not targetType instanceof FunctionPointerType and
+  not (
+    // Exception: casts between void pointers are allowed
+    targetType.(PointerType).getBaseType().stripTopLevelSpecifiers() instanceof VoidType and
+    sourceType instanceof PointerType and
+    sourceType.(PointerType).getBaseType().stripTopLevelSpecifiers() instanceof VoidType
+  ) and
+  (
+    // Integral types
+    sourceType instanceof IntegralType
+    or
+    // Enumerated types
+    sourceType instanceof Enum
+    or
+    // Pointer to void type
+    sourceType instanceof PointerType and
+    sourceType.(PointerType).getBaseType().stripTopLevelSpecifiers() instanceof VoidType
+  )
+select cast,
+  "Cast from '" + sourceType.toString() + "' to '" + targetType.toString() + "' is prohibited."
diff --git a/cpp/misra/test/rules/RULE-8-2-6/IntToPointerCastProhibited.expected b/cpp/misra/test/rules/RULE-8-2-6/IntToPointerCastProhibited.expected
@@ -0,0 +1,11 @@
+| test.cpp:15:20:15:53 | reinterpret_cast<TestStruct *>... | Cast from 'signed int' to 'TestStruct *' is prohibited. |
+| test.cpp:16:20:16:53 | reinterpret_cast<TestStruct *>... | Cast from 'signed long' to 'TestStruct *' is prohibited. |
+| test.cpp:17:22:17:57 | reinterpret_cast<int32_t *>... | Cast from 'signed long' to 'int32_t *' is prohibited. |
+| test.cpp:24:20:24:53 | reinterpret_cast<TestStruct *>... | Cast from 'TestEnum' to 'TestStruct *' is prohibited. |
+| test.cpp:25:22:25:57 | reinterpret_cast<int32_t *>... | Cast from 'TestEnum' to 'int32_t *' is prohibited. |
+| test.cpp:32:20:32:48 | static_cast<TestStruct *>... | Cast from 'void *' to 'TestStruct *' is prohibited. |
+| test.cpp:33:20:33:53 | reinterpret_cast<TestStruct *>... | Cast from 'void *' to 'TestStruct *' is prohibited. |
+| test.cpp:34:22:34:52 | static_cast<int32_t *>... | Cast from 'void *' to 'int32_t *' is prohibited. |
+| test.cpp:35:22:35:57 | reinterpret_cast<int32_t *>... | Cast from 'void *' to 'int32_t *' is prohibited. |
+| test.cpp:43:14:43:41 | reinterpret_cast<void *>... | Cast from 'signed int' to 'void *' is prohibited. |
+| test.cpp:44:14:44:41 | reinterpret_cast<void *>... | Cast from 'signed long' to 'void *' is prohibited. |
diff --git a/cpp/misra/test/rules/RULE-8-2-6/IntToPointerCastProhibited.qlref b/cpp/misra/test/rules/RULE-8-2-6/IntToPointerCastProhibited.qlref
@@ -0,0 +1 @@
+rules/RULE-8-2-6/IntToPointerCastProhibited.ql
diff --git a/cpp/misra/test/rules/RULE-8-2-6/test.cpp b/cpp/misra/test/rules/RULE-8-2-6/test.cpp
@@ -0,0 +1,90 @@
+#include <cstdint>
+
+struct TestStruct {
+  std::int32_t m1;
+  std::int32_t m2;
+};
+
+enum TestEnum { VALUE1, VALUE2 };
+
+void test_integral_to_pointer_cast() {
+  std::int32_t l1 = 42;
+  std::int64_t l2 = 0x1000;
+
+  // Casting integral types to pointer types
+  TestStruct *l4 = reinterpret_cast<TestStruct *>(l1);     // NON_COMPLIANT
+  TestStruct *l5 = reinterpret_cast<TestStruct *>(l2);     // NON_COMPLIANT
+  std::int32_t *l7 = reinterpret_cast<std::int32_t *>(l2); // NON_COMPLIANT
+}
+
+void test_enumerated_to_pointer_cast() {
+  TestEnum l1 = VALUE1;
+
+  // Casting enumerated types to pointer types
+  TestStruct *l3 = reinterpret_cast<TestStruct *>(l1);     // NON_COMPLIANT
+  std::int32_t *l5 = reinterpret_cast<std::int32_t *>(l1); // NON_COMPLIANT
+}
+
+void test_void_pointer_to_object_pointer_cast() {
+  void *l1 = nullptr;
+
+  // Casting void pointer to object pointer types
+  TestStruct *l2 = static_cast<TestStruct *>(l1);          // NON_COMPLIANT
+  TestStruct *l3 = reinterpret_cast<TestStruct *>(l1);     // NON_COMPLIANT
+  std::int32_t *l4 = static_cast<std::int32_t *>(l1);      // NON_COMPLIANT
+  std::int32_t *l5 = reinterpret_cast<std::int32_t *>(l1); // NON_COMPLIANT
+}
+
+void test_integral_to_void_pointer_cast() {
+  std::int32_t l1 = 42;
+  std::int64_t l2 = 0x1000;
+
+  // Casting integral types to void pointer
+  void *l3 = reinterpret_cast<void *>(l1); // NON_COMPLIANT
+  void *l4 = reinterpret_cast<void *>(l2); // NON_COMPLIANT
+}
+
+void test_compliant_void_pointer_casts() {
+  void *l1 = nullptr;
+  const void *l2 = nullptr;
+
+  // Casts between void pointers are allowed
+  const void *l3 = const_cast<const void *>(l1);        // COMPLIANT
+  void *l4 = const_cast<void *>(l2);                    // COMPLIANT
+  volatile void *l5 = static_cast<volatile void *>(l1); // COMPLIANT
+}
+
+void f1() {}
+void f2(int) {}
+
+void test_compliant_function_pointer_exceptions() {
+  std::int64_t l1 = 0x1000;
+
+  // Function pointer casts are exceptions to this rule
+  void (*l2)() = reinterpret_cast<void (*)()>(l1);       // COMPLIANT
+  void (*l3)(int) = reinterpret_cast<void (*)(int)>(l1); // COMPLIANT
+}
+
+struct TestClass {
+  void memberFunc();
+  std::int32_t m1;
+};
+
+void test_compliant_member_function_pointer_exceptions() {
+  void *l1 = nullptr;
+
+  // Member function pointer casts are technically exceptions to this rule, but
+  // are prohibited by the compiler.
+  //   void (TestClass::*l2)() =
+  //       reinterpret_cast<void (TestClass::*)()>(l1); // COMPLIANT
+}
+
+void test_compliant_regular_pointer_operations() {
+  TestStruct l1;
+  TestStruct *l2 = &l1;
+  std::int32_t *l3 = &l1.m1;
+
+  // Regular pointer operations that don't involve forbidden casts
+  TestStruct *l4 = l2;   // COMPLIANT
+  std::int32_t *l5 = l3; // COMPLIANT
+}

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+rules/RULE-8-2-6/IntToPointerCastProhibited.ql`