Guards: Generalise ValidationWrapper to support GuardValue-based BarrierGuards.

2025-12-16 16:53:25 +01:00 · 2025-12-09 16:17:46 +01:00
parent 4a1abc7beb
commit ebb989962c
3 changed files with 11 additions and 9 deletions
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll
@@ -1051,12 +1051,12 @@ module BarrierGuardWithIntParam<guardChecksNodeSig/4 guardChecksNode> {
  }

  private predicate guardChecksInstr(
-    IRGuards::Guards_v1::Guard g, IRGuards::GuardsInput::Expr instr, boolean branch,
+    IRGuards::Guards_v1::Guard g, IRGuards::GuardsInput::Expr instr, IRGuards::GuardValue gv,
    int indirectionIndex
  ) {
    exists(Node node |
      nodeHasInstruction(node, instr, indirectionIndex) and
-      guardChecksNode(g, node, branch, indirectionIndex)
+      guardChecksNode(g, node, gv.asBooleanValue(), indirectionIndex)
    )
  }

--- a/java/ql/lib/semmle/code/java/dataflow/internal/SsaImpl.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/SsaImpl.qll
@@ -568,8 +568,10 @@ private module Cached {

    cached // nothing is actually cached
    module BarrierGuard<guardChecksSig/3 guardChecks> {
-      private predicate guardChecksAdjTypes(Guards::Guards_v3::Guard g, Expr e, boolean branch) {
-        guardChecks(g, e, branch)
+      private predicate guardChecksAdjTypes(
+        Guards::Guards_v3::Guard g, Expr e, Guards::GuardValue gv
+      ) {
+        guardChecks(g, e, gv.asBooleanValue())
      }

      private predicate guardChecksWithWrappers(
--- a/shared/controlflow/codeql/controlflow/Guards.qll
+++ b/shared/controlflow/codeql/controlflow/Guards.qll
@@ -1280,21 +1280,21 @@ module Make<
      }
    }

-    signature predicate guardChecksSig(Guard g, Expr e, boolean branch);
+    signature predicate guardChecksSig(Guard g, Expr e, GuardValue gv);

    bindingset[this]
    signature class StateSig;

    private module WithState<StateSig State> {
-      signature predicate guardChecksSig(Guard g, Expr e, boolean branch, State state);
+      signature predicate guardChecksSig(Guard g, Expr e, GuardValue gv, State state);
    }

    /**
     * Extends a `BarrierGuard` input predicate with wrapped invocations.
     */
    module ValidationWrapper<guardChecksSig/3 guardChecks0> {
-      private predicate guardChecksWithState(Guard g, Expr e, boolean branch, Unit state) {
-        guardChecks0(g, e, branch) and exists(state)
+      private predicate guardChecksWithState(Guard g, Expr e, GuardValue gv, Unit state) {
+        guardChecks0(g, e, gv) and exists(state)
      }

      private module StatefulWrapper = ValidationWrapperWithState<Unit, guardChecksWithState/4>;
@@ -1366,7 +1366,7 @@ module Make<
       * Holds if the guard `g` validates the expression `e` upon evaluating to `val`.
       */
      private predicate guardChecks(Guard g, Expr e, GuardValue val, State state) {
-        guardChecks0(g, e, val.asBooleanValue(), state)
+        guardChecks0(g, e, val, state)
        or
        exists(NonOverridableMethodCall call, ParameterPosition ppos, ArgumentPosition apos |
          g = call and