PointerToAVirtualBaseClass: Support casts from parents of virtual

lcartey · lcartey · commit 1d0736eddf82 · 2025-08-26T21:38:07.000+01:00
base classes.
diff --git a/change_notes/2025-08-15-m5-2-2-virtual-base.md b/change_notes/2025-08-15-m5-2-2-virtual-base.md
@@ -1,3 +1,5 @@
  - `M5-2-2` - `PointerToAVirtualBaseClassCastToAPointer.ql`:
    - Report casts where the from or to types are typedefs to virtual base classes or derived classes.
-   - Report casts to a reference type which is a derived type.
+   - Report casts to a reference type which is a derived type.
+   - Report casts where the base class is the parent of a virtual base class.
+   - The alert message has been updated to refer to the virtual base class derivation.
diff --git a/cpp/common/src/codingstandards/cpp/rules/pointertoavirtualbaseclasscasttoapointer/PointerToAVirtualBaseClassCastToAPointer.qll b/cpp/common/src/codingstandards/cpp/rules/pointertoavirtualbaseclasscasttoapointer/PointerToAVirtualBaseClassCastToAPointer.qll
@@ -12,23 +12,31 @@ abstract class PointerToAVirtualBaseClassCastToAPointerSharedQuery extends Query
 
 Query getQuery() { result instanceof PointerToAVirtualBaseClassCastToAPointerSharedQuery }
 
-query predicate problems(Cast cast, string message) {
-  exists(VirtualBaseClass castFrom, Class castTo |
+query predicate problems(
+  Cast cast, string message, VirtualClassDerivation derivation, string derivationDescription
+) {
+  exists(Class castFrom, VirtualBaseClass virtualBaseClass, Class castTo, string type |
     not isExcluded(cast, getQuery()) and
     not cast instanceof DynamicCast and
-    castTo = castFrom.getADerivedClass+() and
+    castTo = virtualBaseClass.getADerivedClass+() and
+    virtualBaseClass = castFrom.getADerivedClass*() and
+    derivation = virtualBaseClass.getAVirtualDerivation() and
+    derivation.getDerivedClass().getADerivedClass*() = castTo and
+    derivationDescription = "derived through virtual base class " + virtualBaseClass.getName() and
     message =
-      "A pointer to virtual base class " + castFrom.getName() +
-        " is not cast to a pointer of derived class " + castTo.getName() + " using a dynamic_cast."
+      "dynamic_cast not used for cast from " + type + " to base class " + castFrom.getName() +
+        " to derived class " + castTo.getName() + " which is  $@."
   |
     // Pointer cast
     castFrom = cast.getExpr().getType().stripTopLevelSpecifiers().(PointerType).getBaseType() and
-    cast.getType().stripTopLevelSpecifiers().(PointerType).getBaseType() = castTo
+    cast.getType().stripTopLevelSpecifiers().(PointerType).getBaseType() = castTo and
+    type = "pointer"
     or
     // Reference type cast
     castFrom = cast.getExpr().getType().stripTopLevelSpecifiers() and
     // Not actually represented as a reference type in our model - instead as the
     // type itself
-    cast.getType().stripTopLevelSpecifiers() = castTo
+    cast.getType().stripTopLevelSpecifiers() = castTo and
+    type = "reference"
   )
 }
diff --git a/cpp/common/test/rules/pointertoavirtualbaseclasscasttoapointer/PointerToAVirtualBaseClassCastToAPointer.expected b/cpp/common/test/rules/pointertoavirtualbaseclasscasttoapointer/PointerToAVirtualBaseClassCastToAPointer.expected
@@ -1,3 +1,4 @@
-| test.cpp:36:12:36:37 | reinterpret_cast<C2 *>... | A pointer to virtual base class C1 is not cast to a pointer of derived class C2 using a dynamic_cast. |
-| test.cpp:42:12:42:38 | reinterpret_cast<C2>... | A pointer to virtual base class C1 is not cast to a pointer of derived class C2 using a dynamic_cast. |
-| test.cpp:48:17:48:48 | reinterpret_cast<Derived>... | A pointer to virtual base class C1 is not cast to a pointer of derived class C2 using a dynamic_cast. |
+| test.cpp:41:12:41:37 | reinterpret_cast<C2 *>... | dynamic_cast not used for cast from pointer to base class C1 to derived class C2 which is  $@. | test.cpp:11:12:11:28 | derivation | derived through virtual base class C1 |
+| test.cpp:47:12:47:38 | reinterpret_cast<C2>... | dynamic_cast not used for cast from reference to base class C1 to derived class C2 which is  $@. | test.cpp:11:12:11:28 | derivation | derived through virtual base class C1 |
+| test.cpp:53:17:53:48 | reinterpret_cast<Derived>... | dynamic_cast not used for cast from reference to base class C1 to derived class C2 which is  $@. | test.cpp:11:12:11:28 | derivation | derived through virtual base class C1 |
+| test.cpp:86:12:86:37 | reinterpret_cast<C2 *>... | dynamic_cast not used for cast from pointer to base class C0 to derived class C2 which is  $@. | test.cpp:11:12:11:28 | derivation | derived through virtual base class C1 |
diff --git a/cpp/common/test/rules/pointertoavirtualbaseclasscasttoapointer/test.cpp b/cpp/common/test/rules/pointertoavirtualbaseclasscasttoapointer/test.cpp
@@ -1,4 +1,9 @@
-class C1 {
+class C0 {
+public:
+  virtual ~C0() {}
+};
+
+class C1 : public C0 {
 public:
   virtual ~C1() {}
 };
@@ -72,4 +77,11 @@ void test_static_cast_reference_non_compliant() {
   C1 *p1 = &l1;
   // C2 &l2 = static_cast<C2 &>(*p1); // NON_COMPLIANT - prohibited by the
   // compiler
+}
+
+void test_skipped_base_class() {
+  C2 l1;
+  C0 *p1 = &l1;
+  C2 *l2 = dynamic_cast<C2 *>(p1);     // COMPLIANT
+  C2 *p2 = reinterpret_cast<C2 *>(p1); // NON_COMPLIANT
 }
