Skip to content

Guards: Improve support for wrapped guards #20121

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 10 commits into
base: main
Choose a base branch
from
Open

Guards: Improve support for wrapped guards #20121

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
5cd03b4
Guards: Remove CustomGuard nesting in Guards instantiation.
aschackmull Jul 22, 2025
439872b
Java: Simplify Guards instantiation a bit.
aschackmull Jul 22, 2025
a8ad67e
Guards: Rename module.
aschackmull Jul 22, 2025
9353c4a
Guards: Generalise wrapper guards.
aschackmull Jul 23, 2025
e7bdfe1
Guards: Rename predicate.
aschackmull Jul 23, 2025
8b58c2c
Guards: Add support for wrappers that may throw exceptions.
aschackmull Jul 23, 2025
7127cca
Guards: Add support for extending BarrierGuards with wrapped invocati…
aschackmull Jul 24, 2025
9615582
Guards: Slight join-order improvement.
aschackmull Jul 24, 2025
8d747e9
Java: Accept qltest change.
aschackmull Jul 24, 2025
8b5ee49
Java: Add change note.
aschackmull Jul 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Guards: Add support for wrappers that may throw exceptions.
  • Loading branch information
@aschackmull
aschackmull committed Jul 25, 2025
commit 8b58c2c32fc1aee4a73ed6e98b363abf48bcb432
2 changes: 2 additions & 0 deletions java/ql/lib/semmle/code/java/controlflow/Guards.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -146,6 +146,8 @@ private module GuardsInput implements SharedGuards::InputSig<Location> {

class ControlFlowNode = J::ControlFlowNode;

class NormalExitNode = ControlFlow::NormalExitNode;

class BasicBlock = J::BasicBlock;

predicate dominatingEdge(BasicBlock bb1, BasicBlock bb2) { J::dominatingEdge(bb1, bb2) }
Expand Down
10 changes: 10 additions & 0 deletions java/ql/test/library-tests/guards/Guards.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -202,4 +202,14 @@ void testWrappers(String s, Integer i) {
break;
}
}

static void ensureNotNull(Object o) throws Exception {
if (o == null) throw new Exception();
}

void testExceptionWrapper(String s) throws Exception {
chk(); // nothing guards here
ensureNotNull(s);
chk(); // $ guarded='ensureNotNull(...):no exception' guarded='s:not null'
}
}
2 changes: 2 additions & 0 deletions java/ql/test/library-tests/guards/GuardsInline.expected
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,3 +112,5 @@
| Guards.java:201:9:201:13 | chk(...) | 'testEnumWrapper(...):FAILURE' |
| Guards.java:201:9:201:13 | chk(...) | 'testEnumWrapper(...):match FAILURE' |
| Guards.java:201:9:201:13 | chk(...) | g(1):false |
| Guards.java:213:5:213:9 | chk(...) | 'ensureNotNull(...):no exception' |
| Guards.java:213:5:213:9 | chk(...) | 's:not null' |
19 changes: 19 additions & 0 deletions shared/controlflow/codeql/controlflow/Guards.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,9 @@ signature module InputSig<LocationSig Location> {
Location getLocation();
}

/** A control flow node indicating normal termination of a callable. */
class NormalExitNode extends ControlFlowNode;

/**
* A basic block, that is, a maximal straight-line sequence of control flow nodes
* without branches or joins.
Expand Down Expand Up @@ -520,6 +523,8 @@ module Make<LocationSig Location, InputSig<Location> Input> {
)
}

private predicate normalExitBlock(BasicBlock bb) { bb.getNode(_) instanceof NormalExitNode }

signature module LogicInputSig {
class SsaDefinition {
/** Gets the basic block to which this SSA definition belongs. */
Expand Down Expand Up @@ -1047,6 +1052,13 @@ module Make<LocationSig Location, InputSig<Location> Input> {
)
}

private predicate guardDirectlyControlsExit(Guard guard, GuardValue val) {
exists(BasicBlock bb |
guard.directlyValueControls(bb, val) and
normalExitBlock(bb)
)
}

/**
* Gets a non-overridable method that performs a check on the `ppos`th
* parameter. A return value equal to `retval` allows us to conclude
Expand All @@ -1064,6 +1076,13 @@ module Make<LocationSig Location, InputSig<Location> Input> {
|
validReturnInCustomGuard(ret, ppos, retval, val)
)
or
exists(SsaDefinition param, Guard g0, GuardValue v0 |
parameterDefinition(result.getParameter(ppos), param) and
guardDirectlyControlsExit(g0, v0) and
retval = TException(false) and
BranchImplies::ssaControls(param, val, g0, v0)
)
}

/**
Expand Down
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy