From 99e1a07b8e6a0a471a2bcfd55124588957da20d3 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 24 Sep 2025 10:58:47 +0100 Subject: [PATCH] C++: Add a comment to the 'ConditionalBranchInstruction' case in 'additionalImpliesStep. --- cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll index 42de61adf06..c1cb5243268 100644 --- a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll +++ b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll @@ -434,6 +434,15 @@ private module LogicInput_v1 implements GuardsImpl::LogicInputSig { predicate additionalImpliesStep( GuardsImpl::PreGuard g1, GuardValue v1, GuardsImpl::PreGuard g2, GuardValue v2 ) { + // The `ConditionalBranch` instruction is the instruction for which there are + // conditional successors out of. However, the condition that controls + // which conditional successor is taken is given by the condition of the + // `ConditionalBranch` instruction. So this step either needs to be here, + // or we need `ConditionalBranch` instructions to be `IdExpr`s. Modeling + // them as `IdExpr`s would be a bit weird since the result type is + // `IRVoidType`. Including them here is fine as long as `ConditionalBranch` + // instructions cannot be assigned to SSA variables (which they cannot + // since they produce no value). g1.(ConditionalBranchInstruction).getCondition() = g2 and v1.asBooleanValue() = v2.asBooleanValue() }