Rust: Add support for defining barriers and barrier guards using models-as-data#21475
Open
owen-mc wants to merge 14 commits intogithub:mainfrom
Open
Rust: Add support for defining barriers and barrier guards using models-as-data#21475owen-mc wants to merge 14 commits intogithub:mainfrom
owen-mc wants to merge 14 commits intogithub:mainfrom
Conversation
github-actions
bot
added
Rust
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| * `branch` is either `true` or `false`, indicating which branch of the guard | ||
| * is protecting the parameter. | ||
| */ | ||
| extensible predicate barrierGuardModel( |
Contributor
|
I have opened owen-mc#6 against this branch. |
owen-mc
force-pushed
the
rust/mad-barriers
branch
from
4af95da to
56d459a
Compare
Contributor
|
Fix for barrier guards: owen-mc#7 |
owen-mc
force-pushed
the
rust/mad-barriers
branch
from
9b1e73e to
bde9378
Compare
Contributor
Author
| Rerun has been triggered. |
Contributor
There was a problem hiding this comment.
Pull request overview
Adds Rust dataflow support for defining flow barriers and barrier guards via models-as-data, wiring them through the shared flow summary infrastructure and exposing a small Rust-facing API plus tests.
Changes:
- Introduces shared and Rust-specific flow-summary support for barrier and barrier-guard elements/specs.
- Adds Rust models-as-data extensibles (
barrierModel,barrierGuardModel) and a publicFlowBarrierlibrary API to consume them. - Updates Rust library tests to exercise barrier and barrier-guard behavior using an
.ext.ymlMaD extension.
Reviewed changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll | Adds barrier/barrier-guard element/spec plumbing to shared flow-summary implementation. |
| rust/ql/test/library-tests/dataflow/barrier/main.rs | Extends the Rust test program with barrier and barrier-guard scenarios. |
| rust/ql/test/library-tests/dataflow/barrier/inline-flow.ql | Updates inline flow test configuration to use the new barrier API. |
| rust/ql/test/library-tests/dataflow/barrier/inline-flow.ext.yml | Adds MaD extension rows for a barrier and a barrier guard used by the test. |
| rust/ql/test/library-tests/dataflow/barrier/inline-flow.expected | Updates expected results for the inline flow test. |
| rust/ql/lib/codeql/rust/dataflow/internal/empty.model.yml | Ensures barrier/barrier-guard extensibles have at least one definition (empty) in the pack. |
| rust/ql/lib/codeql/rust/dataflow/internal/SsaImpl.qll | Adds internal support for parameterized barrier guards. |
| rust/ql/lib/codeql/rust/dataflow/internal/Node.qll | Fixes typos in source/sink node documentation comments. |
| rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll | Defines MaD extensible predicates and model pretty-printing for barriers and barrier guards. |
| rust/ql/lib/codeql/rust/dataflow/internal/FlowSummaryImpl.qll | Adjusts Rust flow-summary integration to support barrier node extraction details. |
| rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll | Wires barriers/barrier-guards into Rust dataflow via barrier nodes and guard checks. |
| rust/ql/lib/codeql/rust/dataflow/FlowBarrier.qll | Adds a public Rust library entry point for barriers and barrier guards (and barrierNode). |
Comment on lines
+115
to
+118
| * the value referred to by `input` is assumed to lead to a parameter of a call | ||
| * (possibly `self`), and the call is guarding the parameter. | ||
| * `branch` is either `true` or `false`, indicating which branch of the guard | ||
| * is protecting the parameter. |
There was a problem hiding this comment.
The barrierGuardModel doc comment has a couple issues: the sentence at line 115 starts with a lowercase "the", and branch is documented as boolean (true/false) even though the predicate parameter is a string. Please adjust the wording to be grammatically consistent and clarify the expected string values (for example, literal strings "true"/"false").
Suggested change
| * the value referred to by `input` is assumed to lead to a parameter of a call | |
| * (possibly `self`), and the call is guarding the parameter. | |
| * `branch` is either `true` or `false`, indicating which branch of the guard | |
| * is protecting the parameter. | |
| * The value referred to by `input` is assumed to lead to a parameter of a call | |
| * (possibly `self`), and the call is guarding the parameter. | |
| * `branch` is either `"true"` or `"false"` (as a string literal), indicating which | |
| * branch of the guard is protecting the parameter. |
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Contributor
Author
| Rerun has been triggered. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.