Skip to content

Shared/Java: Add shared Guards library and switch Java to use it. #19573

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 14 commits into
base: main
Choose a base branch
from
Draft

Shared/Java: Add shared Guards library and switch Java to use it. #19573

wants to merge 14 commits into from

Conversation

aschackmull
Copy link
Contributor

No description provided.

aschackmull added 14 commits May 23, 2025 13:39
@aschackmull
Rangeanalysis: Simplify Guards integration.
6200031
@aschackmull
C#: Sync.
5b21188
@aschackmull
Java: Add guards-logic qltest with inline expectation.
d5dc693
@aschackmull
Java: Add hasInputFromBlock predicate in BaseSSA.
ac510fc
@aschackmull
Shared: Add a shared Guards library inspired by the Java and C# versi…
4dfe32f 
…ons.
@aschackmull
Shared: Extend the shared Guards library with support for custom wrap…
cb5330c 
…pers.
@aschackmull
Shared: Extend the shared Guards library with support for exception b…
6196b30 
…ranch points.
@aschackmull
Shared: Improve shared guards lib.
31c857b
@aschackmull
Shared: Many tweaks to Guards.
85b621a
@aschackmull
Shared: Elaborate qldoc.
44b82be
@aschackmull
Java: Refactor clearlyNotNullExpr into a base case that does not rely…
5d65f91 
… on SSA.
@aschackmull
Java: Refactor integerGuard.
94ad0d3
@aschackmull
Java: Replace some references to basicNullGuard.
e295254
@aschackmull
Java: Switch to the shared Guards library.
cdd8231
github-advanced-security[bot]
github-advanced-security bot found potential problems May 23, 2025
View reviewed changes
java/ql/lib/semmle/code/java/controlflow/Guards.qll
}

private module LogicInput_v2 implements GuardsImpl::LogicInputSig {
private import semmle.code.java.dataflow.SSA as SSA

Check warning

Code scanning / CodeQL

Names only differing by case Warning

SSA is only different by casing from Ssa that is used elsewhere for modules.
shared/controlflow/codeql/controlflow/Guards.qll
Comment on lines +1 to +49
/**
* Provides classes and predicates for determining "guard-controls"
* relationships.
*
* In their most general form, these relate a guard expression, a value, and a
* basic block, and state that execution of the basic block implies that
* control flow must have passed through the guard in order to reach the basic
* block, and when it did, the guard evaluated to the given value.
*
* For example, in `if (x == 0) { A }`, the guard `x == 0` evaluating to `true`
* controls the basic block `A`, in this case because the true branch dominates
* `A`, but more elaborate controls-relationships may also hold.
* For example, in
* ```
* int sz = a != null ? a.length : 0;
* if (sz != 0) {
* // this block is controlled by:
* // sz != 0 evaluating to true
* // sz evaluating to not 0
* // a.length evaluating to not 0
* // a != null evaluating to true
* // a evaluating to not null
* }
* ```
*
* The provided predicates are separated into general "controls" predicates and
* "directly controls" predicates. The former use all possible implication
* logic as described above, whereas the latter only use control flow dominance
* of the corresponding conditional successor edges.
*
* In some cases, a guard may have a successor edge that can be relevant for
* controlling the input to an SSA phi node, but does not dominate the
* preceeding block. To support this, the `hasBranchEdge` and
* `controlsBranchEdge` predicates are provided, where the former only uses the
* control flow graph similar to the `directlyControls` predicate, and the
* latter uses the full implication logic.
*
* All of these predicates are also available in the more general form that refers
* to `GuardValue`s instead of `boolean`s.
*
* The implementation is nested in two parameterized modules intended to
* facilitate multiple instantiations of the nested module with different
* precision levels. For example, more implications are available if the result
* of Range Analysis is available, but Range Analysis depends on Guards. This
* allows an initial instantiation of the `Logic` module without Range Analysis
* that can be used as input to Range Analysis, and a second instantiation
* using the result of Range Analysis to provide a final and more complete
* controls relation.
*/

Check warning

Code scanning / CodeQL

Misspelling Warning

This comment contains the common misspelling 'preceeding', which should instead be 'preceding'.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
C# C++ Java
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@aschackmull
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy