Rust: Make MaD barrier guards work

Author: hvitved

rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll

@@ -1158,7 +1158,9 @@ private module Cached {
   predicate sinkNode(Node n, string kind) { n.(FlowSummaryNode).isSink(kind, _) }
 
   private newtype TKindModelPair =
-    TMkPair(string kind, string model) { FlowSummaryImpl::Private::barrierSpec(_, _, kind, model) }
+    TMkPair(string kind, string model) {
+      FlowSummaryImpl::Private::barrierGuardSpec(_, _, _, kind, model)
+    }
 
   private boolean convertAcceptingValue(FlowSummaryImpl::Public::AcceptingValue av) {
     av.isTrue() and result = true
@@ -1177,17 +1179,17 @@ private module Cached {
     // av.isNotNull() and result.isNonNullValue()
   }
 
-  private predicate barrierGuardChecks(Node g, Expr e, boolean gv, TKindModelPair kmp) {
+  private predicate barrierGuardChecks(AstNode g, Expr e, boolean gv, TKindModelPair kmp) {
     exists(
-      FlowSummaryImpl::Public::BarrierElement n,
+      FlowSummaryImpl::Public::BarrierGuardElement b,
+      FlowSummaryImpl::Private::SummaryComponentStack stack,
       FlowSummaryImpl::Public::AcceptingValue acceptingvalue, string kind, string model
     |
-      FlowSummaryImpl::Private::barrierSpec(n, acceptingvalue, kind, model) and
-      n.asNode().asExpr() = e and
+      FlowSummaryImpl::Private::barrierGuardSpec(b, stack, acceptingvalue, kind, model) and
+      e = FlowSummaryImpl::StepsInput::getSinkNode(b, stack.headOfSingleton()).asExpr() and
       kmp = TMkPair(kind, model) and
-      gv = convertAcceptingValue(acceptingvalue)
-    |
-      g.asExpr().(CallExpr).getAnArgument() = e // TODO: qualifier?
+      gv = convertAcceptingValue(acceptingvalue) and
+      g = b.getCall()
     )
   }
 

rust/ql/test/library-tests/dataflow/barrier/inline-flow.expected

@@ -4,8 +4,6 @@ edges
 | main.rs:21:13:21:21 | source(...) | main.rs:21:9:21:9 | s | provenance |  |
 | main.rs:32:9:32:9 | s | main.rs:33:10:33:10 | s | provenance |  |
 | main.rs:32:13:32:21 | source(...) | main.rs:32:9:32:9 | s | provenance |  |
-| main.rs:44:9:44:9 | s | main.rs:46:14:46:14 | s | provenance |  |
-| main.rs:44:13:44:21 | source(...) | main.rs:44:9:44:9 | s | provenance |  |
 nodes
 | main.rs:17:10:17:18 | source(...) | semmle.label | source(...) |
 | main.rs:21:9:21:9 | s | semmle.label | s |
@@ -14,13 +12,9 @@ nodes
 | main.rs:32:9:32:9 | s | semmle.label | s |
 | main.rs:32:13:32:21 | source(...) | semmle.label | source(...) |
 | main.rs:33:10:33:10 | s | semmle.label | s |
-| main.rs:44:9:44:9 | s | semmle.label | s |
-| main.rs:44:13:44:21 | source(...) | semmle.label | source(...) |
-| main.rs:46:14:46:14 | s | semmle.label | s |
 subpaths
 testFailures
 #select
 | main.rs:17:10:17:18 | source(...) | main.rs:17:10:17:18 | source(...) | main.rs:17:10:17:18 | source(...) | $@ | main.rs:17:10:17:18 | source(...) | source(...) |
 | main.rs:22:10:22:10 | s | main.rs:21:13:21:21 | source(...) | main.rs:22:10:22:10 | s | $@ | main.rs:21:13:21:21 | source(...) | source(...) |
 | main.rs:33:10:33:10 | s | main.rs:32:13:32:21 | source(...) | main.rs:33:10:33:10 | s | $@ | main.rs:32:13:32:21 | source(...) | source(...) |
-| main.rs:46:14:46:14 | s | main.rs:44:13:44:21 | source(...) | main.rs:46:14:46:14 | s | $@ | main.rs:44:13:44:21 | source(...) | source(...) |

shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll

@@ -1587,7 +1587,7 @@ module Make<
     /**
      * Holds if `barrierGuard` is a relevant barrier guard element with input specification `inSpec`.
      */
-    predicate barrierSpec(
+    predicate barrierGuardSpec(
       BarrierGuardElement barrierGuard, SummaryComponentStack inSpec, string branch, string kind,
       string model
     ) {