From ed6500a5fba54c662586390c67dc001f0254c0d5 Mon Sep 17 00:00:00 2001
From: Tom Hvitved <hvitved@github.com>
Date: Fri, 20 Mar 2026 10:24:47 +0100
Subject: [PATCH] Rust: Make MaD barrier guards work

---
 .../rust/dataflow/internal/DataFlowImpl.qll    | 18 ++++++++++--------
 .../dataflow/barrier/inline-flow.expected      |  6 ------
 .../dataflow/internal/FlowSummaryImpl.qll      |  2 +-
 3 files changed, 11 insertions(+), 15 deletions(-)

diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll b/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll
index be6750c18a35..27773758fc46 100644
--- a/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll
+++ b/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll
@@ -1158,7 +1158,9 @@ private module Cached {
   predicate sinkNode(Node n, string kind) { n.(FlowSummaryNode).isSink(kind, _) }
 
   private newtype TKindModelPair =
-    TMkPair(string kind, string model) { FlowSummaryImpl::Private::barrierSpec(_, _, kind, model) }
+    TMkPair(string kind, string model) {
+      FlowSummaryImpl::Private::barrierGuardSpec(_, _, _, kind, model)
+    }
 
   private boolean convertAcceptingValue(FlowSummaryImpl::Public::AcceptingValue av) {
     av.isTrue() and result = true
@@ -1177,17 +1179,17 @@ private module Cached {
     // av.isNotNull() and result.isNonNullValue()
   }
 
-  private predicate barrierGuardChecks(Node g, Expr e, boolean gv, TKindModelPair kmp) {
+  private predicate barrierGuardChecks(AstNode g, Expr e, boolean gv, TKindModelPair kmp) {
     exists(
-      FlowSummaryImpl::Public::BarrierElement n,
+      FlowSummaryImpl::Public::BarrierGuardElement b,
+      FlowSummaryImpl::Private::SummaryComponentStack stack,
       FlowSummaryImpl::Public::AcceptingValue acceptingvalue, string kind, string model
     |
-      FlowSummaryImpl::Private::barrierSpec(n, acceptingvalue, kind, model) and
-      n.asNode().asExpr() = e and
+      FlowSummaryImpl::Private::barrierGuardSpec(b, stack, acceptingvalue, kind, model) and
+      e = FlowSummaryImpl::StepsInput::getSinkNode(b, stack.headOfSingleton()).asExpr() and
       kmp = TMkPair(kind, model) and
-      gv = convertAcceptingValue(acceptingvalue)
-    |
-      g.asExpr().(CallExpr).getAnArgument() = e // TODO: qualifier?
+      gv = convertAcceptingValue(acceptingvalue) and
+      g = b.getCall()
     )
   }
 
diff --git a/rust/ql/test/library-tests/dataflow/barrier/inline-flow.expected b/rust/ql/test/library-tests/dataflow/barrier/inline-flow.expected
index b1e32f95fb90..0514da67333d 100644
--- a/rust/ql/test/library-tests/dataflow/barrier/inline-flow.expected
+++ b/rust/ql/test/library-tests/dataflow/barrier/inline-flow.expected
@@ -4,8 +4,6 @@ edges
 | main.rs:21:13:21:21 | source(...) | main.rs:21:9:21:9 | s | provenance |  |
 | main.rs:32:9:32:9 | s | main.rs:33:10:33:10 | s | provenance |  |
 | main.rs:32:13:32:21 | source(...) | main.rs:32:9:32:9 | s | provenance |  |
-| main.rs:44:9:44:9 | s | main.rs:46:14:46:14 | s | provenance |  |
-| main.rs:44:13:44:21 | source(...) | main.rs:44:9:44:9 | s | provenance |  |
 nodes
 | main.rs:17:10:17:18 | source(...) | semmle.label | source(...) |
 | main.rs:21:9:21:9 | s | semmle.label | s |
@@ -14,13 +12,9 @@ nodes
 | main.rs:32:9:32:9 | s | semmle.label | s |
 | main.rs:32:13:32:21 | source(...) | semmle.label | source(...) |
 | main.rs:33:10:33:10 | s | semmle.label | s |
-| main.rs:44:9:44:9 | s | semmle.label | s |
-| main.rs:44:13:44:21 | source(...) | semmle.label | source(...) |
-| main.rs:46:14:46:14 | s | semmle.label | s |
 subpaths
 testFailures
 #select
 | main.rs:17:10:17:18 | source(...) | main.rs:17:10:17:18 | source(...) | main.rs:17:10:17:18 | source(...) | $@ | main.rs:17:10:17:18 | source(...) | source(...) |
 | main.rs:22:10:22:10 | s | main.rs:21:13:21:21 | source(...) | main.rs:22:10:22:10 | s | $@ | main.rs:21:13:21:21 | source(...) | source(...) |
 | main.rs:33:10:33:10 | s | main.rs:32:13:32:21 | source(...) | main.rs:33:10:33:10 | s | $@ | main.rs:32:13:32:21 | source(...) | source(...) |
-| main.rs:46:14:46:14 | s | main.rs:44:13:44:21 | source(...) | main.rs:46:14:46:14 | s | $@ | main.rs:44:13:44:21 | source(...) | source(...) |
diff --git a/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll b/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll
index 75c6ab9ce3d9..8b25c54bfa09 100644
--- a/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll
+++ b/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll
@@ -1587,7 +1587,7 @@ module Make<
     /**
      * Holds if `barrierGuard` is a relevant barrier guard element with input specification `inSpec`.
      */
-    predicate barrierSpec(
+    predicate barrierGuardSpec(
       BarrierGuardElement barrierGuard, SummaryComponentStack inSpec, string branch, string kind,
       string model
     ) {