Guards: Generalise ValidationWrapper to support GuardValue-based BarrierGuards.

aschackmull · aschackmull · commit ebb989962c17 · 2025-12-10T12:23:51.000+01:00
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll
@@ -1051,12 +1051,12 @@ module BarrierGuardWithIntParam<guardChecksNodeSig/4 guardChecksNode> {
   }
 
   private predicate guardChecksInstr(
-    IRGuards::Guards_v1::Guard g, IRGuards::GuardsInput::Expr instr, boolean branch,
+    IRGuards::Guards_v1::Guard g, IRGuards::GuardsInput::Expr instr, IRGuards::GuardValue gv,
     int indirectionIndex
   ) {
     exists(Node node |
       nodeHasInstruction(node, instr, indirectionIndex) and
-      guardChecksNode(g, node, branch, indirectionIndex)
+      guardChecksNode(g, node, gv.asBooleanValue(), indirectionIndex)
     )
   }
 
diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/SsaImpl.qll b/java/ql/lib/semmle/code/java/dataflow/internal/SsaImpl.qll
@@ -568,8 +568,10 @@ private module Cached {
 
     cached // nothing is actually cached
     module BarrierGuard<guardChecksSig/3 guardChecks> {
-      private predicate guardChecksAdjTypes(Guards::Guards_v3::Guard g, Expr e, boolean branch) {
-        guardChecks(g, e, branch)
+      private predicate guardChecksAdjTypes(
+        Guards::Guards_v3::Guard g, Expr e, Guards::GuardValue gv
+      ) {
+        guardChecks(g, e, gv.asBooleanValue())
       }
 
       private predicate guardChecksWithWrappers(
diff --git a/shared/controlflow/codeql/controlflow/Guards.qll b/shared/controlflow/codeql/controlflow/Guards.qll
@@ -1280,21 +1280,21 @@ module Make<
       }
     }
 
-    signature predicate guardChecksSig(Guard g, Expr e, boolean branch);
+    signature predicate guardChecksSig(Guard g, Expr e, GuardValue gv);
 
     bindingset[this]
     signature class StateSig;
 
     private module WithState<StateSig State> {
-      signature predicate guardChecksSig(Guard g, Expr e, boolean branch, State state);
+      signature predicate guardChecksSig(Guard g, Expr e, GuardValue gv, State state);
     }
 
     /**
      * Extends a `BarrierGuard` input predicate with wrapped invocations.
      */
     module ValidationWrapper<guardChecksSig/3 guardChecks0> {
-      private predicate guardChecksWithState(Guard g, Expr e, boolean branch, Unit state) {
-        guardChecks0(g, e, branch) and exists(state)
+      private predicate guardChecksWithState(Guard g, Expr e, GuardValue gv, Unit state) {
+        guardChecks0(g, e, gv) and exists(state)
       }
 
       private module StatefulWrapper = ValidationWrapperWithState<Unit, guardChecksWithState/4>;
@@ -1366,7 +1366,7 @@ module Make<
        * Holds if the guard `g` validates the expression `e` upon evaluating to `val`.
        */
       private predicate guardChecks(Guard g, Expr e, GuardValue val, State state) {
-        guardChecks0(g, e, val.asBooleanValue(), state)
+        guardChecks0(g, e, val, state)
         or
         exists(NonOverridableMethodCall call, ParameterPosition ppos, ArgumentPosition apos |
           g = call and

Original file line number	Diff line number	Diff line change
`@@ -1051,12 +1051,12 @@ module BarrierGuardWithIntParam<guardChecksNodeSig/4 guardChecksNode> {`
`1051`	`1051`	`}`
`1052`	`1052`
`1053`	`1053`	`private predicate guardChecksInstr(`
`1054`		`- IRGuards::Guards_v1::Guard g, IRGuards::GuardsInput::Expr instr, boolean branch,`
	`1054`	`+ IRGuards::Guards_v1::Guard g, IRGuards::GuardsInput::Expr instr, IRGuards::GuardValue gv,`
`1055`	`1055`	`int indirectionIndex`
`1056`	`1056`	`) {`
`1057`	`1057`	`exists(Node node \|`
`1058`	`1058`	`nodeHasInstruction(node, instr, indirectionIndex) and`
`1059`		`- guardChecksNode(g, node, branch, indirectionIndex)`
	`1059`	`+ guardChecksNode(g, node, gv.asBooleanValue(), indirectionIndex)`
`1060`	`1060`	`)`
`1061`	`1061`	`}`
`1062`	`1062`