hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Guards: Generalise ValidationWrapper to support GuardValue-based BarrierGuards.

Browse Source
This commit is contained in:
Anders Schack-Mulligen
2025-12-09 16:17:46 +01:00
parent 4a1abc7beb
commit ebb989962c
3 changed files with 11 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll
View File

@@ -1051,12 +1051,12 @@ module BarrierGuardWithIntParam<guardChecksNodeSig/4 guardChecksNode> {
} }
private predicate guardChecksInstr( private predicate guardChecksInstr(
IRGuards::Guards_v1::Guard g, IRGuards::GuardsInput::Expr instr, boolean branch, IRGuards::Guards_v1::Guard g, IRGuards::GuardsInput::Expr instr, IRGuards::GuardValue gv,
int indirectionIndex int indirectionIndex
) { ) {
exists(Node node | exists(Node node |
nodeHasInstruction(node, instr, indirectionIndex) and nodeHasInstruction(node, instr, indirectionIndex) and
guardChecksNode(g, node, branch, indirectionIndex) guardChecksNode(g, node, gv.asBooleanValue(), indirectionIndex)
) )
} }

6
java/ql/lib/semmle/code/java/dataflow/internal/SsaImpl.qll
View File

@@ -568,8 +568,10 @@ private module Cached {
cached // nothing is actually cached cached // nothing is actually cached
module BarrierGuard<guardChecksSig/3 guardChecks> { module BarrierGuard<guardChecksSig/3 guardChecks> {
private predicate guardChecksAdjTypes(Guards::Guards_v3::Guard g, Expr e, boolean branch) { private predicate guardChecksAdjTypes(
guardChecks(g, e, branch) Guards::Guards_v3::Guard g, Expr e, Guards::GuardValue gv
) {
guardChecks(g, e, gv.asBooleanValue())
} }
private predicate guardChecksWithWrappers( private predicate guardChecksWithWrappers(

10
shared/controlflow/codeql/controlflow/Guards.qll
View File

@@ -1280,21 +1280,21 @@ module Make<
} }
} }
signature predicate guardChecksSig(Guard g, Expr e, boolean branch); signature predicate guardChecksSig(Guard g, Expr e, GuardValue gv);
bindingset[this] bindingset[this]
signature class StateSig; signature class StateSig;
private module WithState<StateSig State> { private module WithState<StateSig State> {
signature predicate guardChecksSig(Guard g, Expr e, boolean branch, State state); signature predicate guardChecksSig(Guard g, Expr e, GuardValue gv, State state);
} }
/** /**
* Extends a `BarrierGuard` input predicate with wrapped invocations. * Extends a `BarrierGuard` input predicate with wrapped invocations.
*/ */
module ValidationWrapper<guardChecksSig/3 guardChecks0> { module ValidationWrapper<guardChecksSig/3 guardChecks0> {
private predicate guardChecksWithState(Guard g, Expr e, boolean branch, Unit state) { private predicate guardChecksWithState(Guard g, Expr e, GuardValue gv, Unit state) {
guardChecks0(g, e, branch) and exists(state) guardChecks0(g, e, gv) and exists(state)
} }
private module StatefulWrapper = ValidationWrapperWithState<Unit, guardChecksWithState/4>; private module StatefulWrapper = ValidationWrapperWithState<Unit, guardChecksWithState/4>;
@@ -1366,7 +1366,7 @@ module Make<
* Holds if the guard `g` validates the expression `e` upon evaluating to `val`. * Holds if the guard `g` validates the expression `e` upon evaluating to `val`.
*/ */
private predicate guardChecks(Guard g, Expr e, GuardValue val, State state) { private predicate guardChecks(Guard g, Expr e, GuardValue val, State state) {
guardChecks0(g, e, val.asBooleanValue(), state) guardChecks0(g, e, val, state)
or or
exists(NonOverridableMethodCall call, ParameterPosition ppos, ArgumentPosition apos | exists(NonOverridableMethodCall call, ParameterPosition ppos, ArgumentPosition apos |
g = call and g = call and