Import MEM51-CPP, mismatched new/delete[]/malloc/free is UB

Author: MichaelRFairhurst

change_notes/2026-03-13-share-deallocation-type-mismatch-query.md

@@ -0,0 +1,2 @@
+ - `MEM51-CPP` - `ProperlyDeallocateDynamicallyAllocatedResources.ql`:
+   - Refactored query logic into a shared library (`ProperlyDeallocateDynamicallyAllocatedResourcesShared.qll`) to enable reuse by MISRA C++ `RULE-4-1-3`. The query logic is unchanged and no visible changes to results or performance are expected.

cpp/cert/src/rules/MEM51-CPP/ProperlyDeallocateDynamicallyAllocatedResources.ql

@@ -19,20 +19,14 @@
 
 import cpp
 import codingstandards.cpp.cert
-import codingstandards.cpp.Allocations
+import codingstandards.cpp.rules.properlydeallocatedynamicallyallocatedresourcesshared.ProperlyDeallocateDynamicallyAllocatedResourcesShared
 
-predicate matching(string allocKind, string deleteKind) {
-  allocKind = "new" and deleteKind = "delete"
-  or
-  allocKind = "new[]" and deleteKind = "delete[]"
-  or
-  allocKind = "malloc" and deleteKind = "free"
+module ProperlyDeallocateDynamicallyAllocatedResourcesConfig implements
+  ProperlyDeallocateDynamicallyAllocatedResourcesSharedConfigSig
+{
+  Query getQuery() {
+    result = AllocationsPackage::properlyDeallocateDynamicallyAllocatedResourcesQuery()
+  }
 }
 
-from Expr alloc, Expr free, Expr freed, string allocKind, string deleteKind
-where
-  not isExcluded(freed, AllocationsPackage::properlyDeallocateDynamicallyAllocatedResourcesQuery()) and
-  allocReaches(freed, alloc, allocKind) and
-  freeExprOrIndirect(free, freed, deleteKind) and
-  not matching(allocKind, deleteKind)
-select free, "Memory allocated with $@ but deleted with " + deleteKind + ".", alloc, allocKind
+import ProperlyDeallocateDynamicallyAllocatedResourcesShared<ProperlyDeallocateDynamicallyAllocatedResourcesConfig>

cpp/cert/test/rules/MEM51-CPP/ProperlyDeallocateDynamicallyAllocatedResources.qlref

@@ -0,0 +1 @@
+cpp/common/test/rules/properlydeallocatedynamicallyallocatedresourcesshared/ProperlyDeallocateDynamicallyAllocatedResourcesShared.ql

cpp/cert/test/rules/MEM51-CPP/ProperlyDeallocateDynamicallyAllocatedResources.testref

@@ -8,7 +8,8 @@ newtype UndefinedQuery =
   TCriticalUnspecifiedBehaviorQuery() or
   TUndefinedBehaviorAuditQuery() or
   TCriticalUnspecifiedBehaviorAuditQuery() or
-  TPossibleDataRaceBetweenThreadsQuery()
+  TPossibleDataRaceBetweenThreadsQuery() or
+  TDeallocationTypeMismatchQuery()
 
 predicate isUndefinedQueryMetadata(Query query, string queryId, string ruleId, string category) {
   query =
@@ -55,6 +56,15 @@ predicate isUndefinedQueryMetadata(Query query, string queryId, string ruleId, s
     "cpp/misra/possible-data-race-between-threads" and
   ruleId = "RULE-4-1-3" and
   category = "required"
+  or
+  query =
+    // `Query` instance for the `deallocationTypeMismatch` query
+    UndefinedPackage::deallocationTypeMismatchQuery() and
+  queryId =
+    // `@id` for the `deallocationTypeMismatch` query
+    "cpp/misra/deallocation-type-mismatch" and
+  ruleId = "RULE-4-1-3" and
+  category = "required"
 }
 
 module UndefinedPackage {
@@ -92,4 +102,11 @@ module UndefinedPackage {
       // `Query` type for `possibleDataRaceBetweenThreads` query
       TQueryCPP(TUndefinedPackageQuery(TPossibleDataRaceBetweenThreadsQuery()))
   }
+
+  Query deallocationTypeMismatchQuery() {
+    //autogenerate `Query` type
+    result =
+      // `Query` type for `deallocationTypeMismatch` query
+      TQueryCPP(TUndefinedPackageQuery(TDeallocationTypeMismatchQuery()))
+  }
 }

cpp/common/src/codingstandards/cpp/exclusions/cpp/Undefined.qll

@@ -0,0 +1,37 @@
+/**
+ * Provides a configurable module ProperlyDeallocateDynamicallyAllocatedResourcesShared with a
+ * `problems` predicate for the following issue:
+ * Deallocation functions should only be called on nullptr or a pointer returned by the
+ * corresponding allocation function, that hasn't already been deallocated.
+ */
+
+import cpp
+import codingstandards.cpp.Customizations
+import codingstandards.cpp.Exclusions
+import codingstandards.cpp.Allocations
+
+signature module ProperlyDeallocateDynamicallyAllocatedResourcesSharedConfigSig {
+  Query getQuery();
+}
+
+module ProperlyDeallocateDynamicallyAllocatedResourcesShared<
+  ProperlyDeallocateDynamicallyAllocatedResourcesSharedConfigSig Config>
+{
+  private predicate matching(string allocKind, string deleteKind) {
+    allocKind = "new" and deleteKind = "delete"
+    or
+    allocKind = "new[]" and deleteKind = "delete[]"
+    or
+    allocKind = "malloc" and deleteKind = "free"
+  }
+
+  query predicate problems(Expr free, string message, Expr alloc, string allocKind) {
+    exists(Expr freed, string deleteKind |
+      not isExcluded(freed, Config::getQuery()) and
+      allocReaches(freed, alloc, allocKind) and
+      freeExprOrIndirect(free, freed, deleteKind) and
+      not matching(allocKind, deleteKind) and
+      message = "Memory allocated with $@ but deleted with " + deleteKind + "."
+    )
+  }
+}

cpp/common/src/codingstandards/cpp/rules/properlydeallocatedynamicallyallocatedresourcesshared/ProperlyDeallocateDynamicallyAllocatedResourcesShared.qll

@@ -0,0 +1,8 @@
+// GENERATED FILE - DO NOT MODIFY
+import codingstandards.cpp.rules.properlydeallocatedynamicallyallocatedresourcesshared.ProperlyDeallocateDynamicallyAllocatedResourcesShared
+
+module TestFileConfig implements ProperlyDeallocateDynamicallyAllocatedResourcesSharedConfigSig {
+  Query getQuery() { result instanceof TestQuery }
+}
+
+import ProperlyDeallocateDynamicallyAllocatedResourcesShared<TestFileConfig>

…teDynamicallyAllocatedResources.expected …micallyAllocatedResourcesShared.expectedcpp/cert/test/rules/MEM51-CPP/ProperlyDeallocateDynamicallyAllocatedResources.expected renamed to cpp/common/test/rules/properlydeallocatedynamicallyallocatedresourcesshared/ProperlyDeallocateDynamicallyAllocatedResourcesShared.expected cpp/cert/test/rules/MEM51-CPP/ProperlyDeallocateDynamicallyAllocatedResources.expected renamed to cpp/common/test/rules/properlydeallocatedynamicallyallocatedresourcesshared/ProperlyDeallocateDynamicallyAllocatedResourcesShared.expected

@@ -33,4 +33,4 @@ void test_malloc() {
 
   int *i3 = (int *)malloc(sizeof(int));
   free(i3); // COMPLIANT
-}
+}

cpp/common/test/rules/properlydeallocatedynamicallyallocatedresourcesshared/ProperlyDeallocateDynamicallyAllocatedResourcesShared.ql

@@ -0,0 +1,26 @@
+/**
+ * @id cpp/misra/deallocation-type-mismatch
+ * @name RULE-4-1-3: Deallocation type mismatch leads to undefined behavior
+ * @description Using a deallocation function that does not match the allocation function results in
+ *              undefined behavior.
+ * @kind problem
+ * @precision medium
+ * @problem.severity error
+ * @tags external/misra/id/rule-4-1-3
+ *       correctness
+ *       scope/system
+ *       external/misra/enforcement/undecidable
+ *       external/misra/obligation/required
+ */
+
+import cpp
+import codingstandards.cpp.misra
+import codingstandards.cpp.rules.properlydeallocatedynamicallyallocatedresourcesshared.ProperlyDeallocateDynamicallyAllocatedResourcesShared
+
+module DeallocationTypeMismatchConfig implements
+  ProperlyDeallocateDynamicallyAllocatedResourcesSharedConfigSig
+{
+  Query getQuery() { result = UndefinedPackage::deallocationTypeMismatchQuery() }
+}
+
+import ProperlyDeallocateDynamicallyAllocatedResourcesShared<DeallocationTypeMismatchConfig>