Merge branch 'main' into redsun82/just2

Author: redsun82

.bazelrc

@@ -30,6 +30,13 @@ common --registry=https://bcr.bazel.build
 
 common --@rules_dotnet//dotnet/settings:strict_deps=false
 
+# we only configure a nightly toolchain
+common --@rules_rust//rust/toolchain/channel=nightly
+
+# rust does not like the gold linker, while bazel does by default, so let's avoid using it
+common:linux --linkopt=-fuse-ld=lld
+common:macos --linkopt=-fuse-ld=lld
+
 # Reduce this eventually to empty, once we've fixed all our usages of java, and https://github.com/bazel-contrib/rules_go/issues/4193 is fixed
 common --incompatible_autoload_externally="+@rules_java,+@rules_shell"
 

MODULE.bazel

@@ -15,7 +15,7 @@ local_path_override(
 # see https://registry.bazel.build/ for a list of available packages
 
 bazel_dep(name = "platforms", version = "0.0.11")
-bazel_dep(name = "rules_go", version = "0.50.1")
+bazel_dep(name = "rules_go", version = "0.56.1")
 bazel_dep(name = "rules_pkg", version = "1.0.1")
 bazel_dep(name = "rules_nodejs", version = "6.2.0-codeql.1")
 bazel_dep(name = "rules_python", version = "0.40.0")
@@ -28,7 +28,7 @@ bazel_dep(name = "rules_kotlin", version = "2.1.3-codeql.1")
 bazel_dep(name = "gazelle", version = "0.40.0")
 bazel_dep(name = "rules_dotnet", version = "0.17.4")
 bazel_dep(name = "googletest", version = "1.14.0.bcr.1")
-bazel_dep(name = "rules_rust", version = "0.58.0")
+bazel_dep(name = "rules_rust", version = "0.63.0")
 bazel_dep(name = "zstd", version = "1.5.5.bcr.1")
 
 bazel_dep(name = "buildifier_prebuilt", version = "6.4.0", dev_dependency = True)
@@ -38,7 +38,10 @@ bazel_dep(name = "buildifier_prebuilt", version = "6.4.0", dev_dependency = True
 RUST_EDITION = "2024"
 
 # run buildutils-internal/scripts/fill-rust-sha256s.py when updating (internal repo)
-RUST_VERSION = "1.86.0"
+# a nightly toolchain is required to enable experimental_use_cc_common_link, which we require internally
+# we prefer to run the same version as internally, even if experimental_use_cc_common_link is not really
+# required in this repo
+RUST_VERSION = "nightly/2025-08-01"
 
 rust = use_extension("@rules_rust//rust:extensions.bzl", "rust")
 rust.toolchain(
@@ -50,26 +53,26 @@ rust.toolchain(
     ],
     # generated by buildutils-internal/scripts/fill-rust-sha256s.py (internal repo)
     sha256s = {
-        "rustc-1.86.0-x86_64-unknown-linux-gnu.tar.xz": "4438b809ce4a083af31ed17aeeedcc8fc60ccffc0625bef1926620751b6989d7",
-        "rustc-1.86.0-x86_64-apple-darwin.tar.xz": "42b76253626febb7912541a30d3379f463dec89581aad4cb72c6c04fb5a71dc5",
-        "rustc-1.86.0-aarch64-apple-darwin.tar.xz": "23b8f52102249a47ab5bc859d54c9a3cb588a3259ba3f00f557d50edeca4fde9",
-        "rustc-1.86.0-x86_64-pc-windows-msvc.tar.xz": "fdde839fea274529a31e51eb85c6df1782cc8479c9d1bc24e2914d66a0de41ab",
-        "clippy-1.86.0-x86_64-unknown-linux-gnu.tar.xz": "02aaff2c1407d2da8dba19aa4970dd873e311902b120a66cbcdbe51eb8836edf",
-        "clippy-1.86.0-x86_64-apple-darwin.tar.xz": "bb85efda7bbffaf124867f5ca36d50932b1e8f533c62ee923438afb32ff8fe9a",
-        "clippy-1.86.0-aarch64-apple-darwin.tar.xz": "239fa3a604b124f0312f2af08537874a1227dba63385484b468cca62e7c4f2f2",
-        "clippy-1.86.0-x86_64-pc-windows-msvc.tar.xz": "d00498f47d49219f032e2c5eeebdfc3d32317c0dc3d3fd7125327445bc482cb4",
-        "cargo-1.86.0-x86_64-unknown-linux-gnu.tar.xz": "c5c1590f7e9246ad9f4f97cfe26ffa92707b52a769726596a9ef81565ebd908b",
-        "cargo-1.86.0-x86_64-apple-darwin.tar.xz": "af163eb02d1a178044d1b4f2375960efd47130f795f6e33d09e345454bb26f4e",
-        "cargo-1.86.0-aarch64-apple-darwin.tar.xz": "3cb13873d48c3e1e4cc684d42c245226a11fba52af6b047c3346ed654e7a05c0",
-        "cargo-1.86.0-x86_64-pc-windows-msvc.tar.xz": "e57a9d89619b5604899bac443e68927bdd371e40f2e03e18950b6ceb3eb67966",
-        "llvm-tools-1.86.0-x86_64-unknown-linux-gnu.tar.xz": "282145ab7a63c98b625856f44b905b4dc726b497246b824632a5790debe95a78",
-        "llvm-tools-1.86.0-x86_64-apple-darwin.tar.xz": "b55706e92f7da989207c50c13c7add483a9fedd233bc431b106eca2a8f151ec9",
-        "llvm-tools-1.86.0-aarch64-apple-darwin.tar.xz": "04d3618c686845853585f036e3211eb9e18f2d290f4610a7a78bdc1fcce1ebd9",
-        "llvm-tools-1.86.0-x86_64-pc-windows-msvc.tar.xz": "721a17cc8dc219177e4277a3592253934ef08daa1e1b12eda669a67d15fad8dd",
-        "rust-std-1.86.0-x86_64-unknown-linux-gnu.tar.xz": "67be7184ea388d8ce0feaf7fdea46f1775cfc2970930264343b3089898501d37",
-        "rust-std-1.86.0-x86_64-apple-darwin.tar.xz": "3b1140d54870a080080e84700143f4a342fbd02a410a319b05d9c02e7dcf44cc",
-        "rust-std-1.86.0-aarch64-apple-darwin.tar.xz": "0fb121fb3b8fa9027d79ff598500a7e5cd086ddbc3557482ed3fdda00832c61b",
-        "rust-std-1.86.0-x86_64-pc-windows-msvc.tar.xz": "3d5354b7b9cb950b58bff3fce18a652aa374bb30c8f70caebd3bd0b43cb41a33",
+        "2025-08-01/rustc-nightly-x86_64-unknown-linux-gnu.tar.xz": "9bbeaf5d3fc7247d31463a9083aa251c995cc50662c8219e7a2254d76a72a9a4",
+        "2025-08-01/rustc-nightly-x86_64-apple-darwin.tar.xz": "c9ea539a8eff0d5d162701f99f9e1aabe14dd0dfb420d62362817a5d09219de7",
+        "2025-08-01/rustc-nightly-aarch64-apple-darwin.tar.xz": "ae83feebbc39cfd982e4ecc8297731fe79c185173aee138467b334c5404b3773",
+        "2025-08-01/rustc-nightly-x86_64-pc-windows-msvc.tar.xz": "9f170c30d802a349be60cf52ec46260802093cb1013ad667fc0d528b7b10152f",
+        "2025-08-01/clippy-nightly-x86_64-unknown-linux-gnu.tar.xz": "9ae5f3cd8f557c4f6df522597c69d14398cf604cfaed2b83e767c4b77a7eaaf6",
+        "2025-08-01/clippy-nightly-x86_64-apple-darwin.tar.xz": "983cb9ee0b6b968188e04ab2d33743d54764b2681ce565e1b3f2b9135c696a3e",
+        "2025-08-01/clippy-nightly-aarch64-apple-darwin.tar.xz": "ed2219dbc49d088225e1b7c5c4390fa295066e071fddaa2714018f6bb39ddbf0",
+        "2025-08-01/clippy-nightly-x86_64-pc-windows-msvc.tar.xz": "911f40ab5cbdd686f40e00965271fe47c4805513a308ed01f30eafb25b448a50",
+        "2025-08-01/cargo-nightly-x86_64-unknown-linux-gnu.tar.xz": "106463c284e48e4904c717471eeec2be5cc83a9d2cae8d6e948b52438cad2e69",
+        "2025-08-01/cargo-nightly-x86_64-apple-darwin.tar.xz": "6ad35c40efc41a8c531ea43235058347b6902d98a9693bf0aed7fc16d5590cef",
+        "2025-08-01/cargo-nightly-aarch64-apple-darwin.tar.xz": "dd28c365e9d298abc3154c797720ad36a0058f131265c9978b4c8e4e37012c8a",
+        "2025-08-01/cargo-nightly-x86_64-pc-windows-msvc.tar.xz": "7b431286e12d6b3834b038f078389a00cac73f351e8c3152b2504a3c06420b3b",
+        "2025-08-01/llvm-tools-nightly-x86_64-unknown-linux-gnu.tar.xz": "e342e305d7927cc288d386983b2bc253cfad3776b113386e903d0b302648ef47",
+        "2025-08-01/llvm-tools-nightly-x86_64-apple-darwin.tar.xz": "e44dd3506524d85c37b3a54bcc91d01378fd2c590b2db5c5974d12f05c1b84d1",
+        "2025-08-01/llvm-tools-nightly-aarch64-apple-darwin.tar.xz": "0c1b5f46dd81be4a9227b10283a0fcaa39c14fea7e81aea6fd6d9887ff6cdc41",
+        "2025-08-01/llvm-tools-nightly-x86_64-pc-windows-msvc.tar.xz": "423e5fd11406adccbc31b8456ceb7375ce055cdf45e90d2c3babeb2d7f58383f",
+        "2025-08-01/rust-std-nightly-x86_64-unknown-linux-gnu.tar.xz": "3c0ceb46a252647a1d4c7116d9ccae684fa5e42aaf3296419febd2c962c3b41d",
+        "2025-08-01/rust-std-nightly-x86_64-apple-darwin.tar.xz": "3be416003cab10f767390a753d1d16ae4d26c7421c03c98992cf1943e5b0efe8",
+        "2025-08-01/rust-std-nightly-aarch64-apple-darwin.tar.xz": "4046ac0ef951cb056b5028a399124f60999fa37792eab69d008d8d7965f389b4",
+        "2025-08-01/rust-std-nightly-x86_64-pc-windows-msvc.tar.xz": "191ed9d8603c3a4fe5a7bbbc2feb72049078dae2df3d3b7d5dedf3abbf823e6e",
     },
     versions = [RUST_VERSION],
 )
@@ -260,7 +263,7 @@ use_repo(
 )
 
 go_sdk = use_extension("@rules_go//go:extensions.bzl", "go_sdk")
-go_sdk.download(version = "1.24.0")
+go_sdk.download(version = "1.25.0")
 
 go_deps = use_extension("@gazelle//:extensions.bzl", "go_deps")
 go_deps.from_file(go_mod = "//go/extractor:go.mod")

cpp/ql/lib/change-notes/2025-08-13-guards.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The guards libraries (`semmle.code.cpp.controlflow.Guards` and `semmle.code.cpp.controlflow.IRGuards`) have been improved to recognize more guards.

cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll

@@ -936,6 +936,77 @@ private module Cached {
     ValueNumber getUnary() { result.getAnInstruction() = instr.getUnary() }
   }
 
+  signature predicate sinkSig(Instruction instr);
+
+  private module BooleanInstruction<sinkSig/1 isSink> {
+    /**
+     * Holds if `i1` flows to `i2` in a single step and `i2` is not an
+     * instruction that produces a value of Boolean type.
+     */
+    private predicate stepToNonBoolean(Instruction i1, Instruction i2) {
+      not i2.getResultIRType() instanceof IRBooleanType and
+      (
+        i2.(CopyInstruction).getSourceValue() = i1
+        or
+        i2.(ConvertInstruction).getUnary() = i1
+        or
+        i2.(BuiltinExpectCallInstruction).getArgument(0) = i1
+      )
+    }
+
+    private predicate rev(Instruction instr) {
+      isSink(instr)
+      or
+      exists(Instruction instr1 |
+        rev(instr1) and
+        stepToNonBoolean(instr, instr1)
+      )
+    }
+
+    private predicate hasBooleanType(Instruction instr) {
+      instr.getResultIRType() instanceof IRBooleanType
+    }
+
+    private predicate fwd(Instruction instr) {
+      rev(instr) and
+      (
+        hasBooleanType(instr)
+        or
+        exists(Instruction instr0 |
+          fwd(instr0) and
+          stepToNonBoolean(instr0, instr)
+        )
+      )
+    }
+
+    private predicate prunedStep(Instruction i1, Instruction i2) {
+      fwd(i1) and
+      fwd(i2) and
+      stepToNonBoolean(i1, i2)
+    }
+
+    private predicate stepsPlus(Instruction i1, Instruction i2) =
+      doublyBoundedFastTC(prunedStep/2, hasBooleanType/1, isSink/1)(i1, i2)
+
+    /**
+     * Gets the Boolean-typed instruction that defines `instr` before any
+     * integer conversions are applied, if any.
+     */
+    Instruction get(Instruction instr) {
+      isSink(instr) and
+      (
+        result = instr
+        or
+        stepsPlus(result, instr)
+      ) and
+      hasBooleanType(result)
+    }
+  }
+
+  private predicate isUnaryComparesEqLeft(Instruction instr) {
+    unary_compares_eq(_, instr.getAUse(), 0, _, _)
+  }
+
   /**
    * Holds if `left == right + k` is `areEqual` given that test is `testIsTrue`.
    *
@@ -966,14 +1037,19 @@ private module Cached {
     )
     or
     compares_eq(test.(BuiltinExpectCallValueNumber).getCondition(), left, right, k, areEqual, value)
-  }
-
-  private predicate isConvertedBool(Instruction instr) {
-    instr.getResultIRType() instanceof IRBooleanType
-    or
-    isConvertedBool(instr.(ConvertInstruction).getUnary())
     or
-    isConvertedBool(instr.(BuiltinExpectCallInstruction).getCondition())
+    exists(Operand l, BooleanValue bv |
+      // 1. test = value -> int(l) = 0 is !bv
+      unary_compares_eq(test, l, 0, bv.getValue().booleanNot(), value) and
+      // 2. l = bv -> left + right is areEqual
+      compares_eq(valueNumber(BooleanInstruction<isUnaryComparesEqLeft/1>::get(l.getDef())), left,
+        right, k, areEqual, bv)
+      // We want this to hold:
+      // `test = value -> left + right is areEqual`
+      // Applying 2 we need to show:
+      // `test = value -> l = bv`
+      // And `l = bv` holds by `int(l) = 0 is !bv`
+    )
   }
 
   /**
@@ -1006,19 +1082,11 @@ private module Cached {
       k = k1 + k2
     )
     or
-    exists(CompareValueNumber cmp, Operand left, Operand right, AbstractValue v |
-      test = cmp and
-      pragma[only_bind_into](cmp)
-          .hasOperands(pragma[only_bind_into](left), pragma[only_bind_into](right)) and
-      isConvertedBool(left.getDef()) and
-      int_value(right.getDef()) = 0 and
-      unary_compares_eq(valueNumberOfOperand(left), op, k, areEqual, v)
-    |
-      cmp instanceof CompareNEValueNumber and
-      v = value
-      or
-      cmp instanceof CompareEQValueNumber and
-      v.getDualValue() = value
+    // See argument for why this is correct in compares_eq
+    exists(Operand l, BooleanValue bv |
+      unary_compares_eq(test, l, 0, bv.getValue().booleanNot(), value) and
+      unary_compares_eq(valueNumber(BooleanInstruction<isUnaryComparesEqLeft/1>::get(l.getDef())),
+        op, k, areEqual, bv)
     )
     or
     unary_compares_eq(test.(BuiltinExpectCallValueNumber).getCondition(), op, k, areEqual, value)
@@ -1116,70 +1184,26 @@ private module Cached {
     )
   }
 
+  private predicate isBuiltInExpectArg(Instruction instr) {
+    instr = any(BuiltinExpectCallInstruction buildinExpect).getArgument(0)
+  }
+
   /** A call to the builtin operation `__builtin_expect`. */
   private class BuiltinExpectCallInstruction extends CallInstruction {
     BuiltinExpectCallInstruction() { this.getStaticCallTarget().hasName("__builtin_expect") }
 
     /** Gets the condition of this call. */
-    Instruction getCondition() { result = this.getConditionOperand().getDef() }
-
-    Operand getConditionOperand() {
-      // The first parameter of `__builtin_expect` has type `long`. So we skip
-      // the conversion when inferring guards.
-      result = this.getArgument(0).(ConvertInstruction).getUnaryOperand()
+    Instruction getCondition() {
+      result = BooleanInstruction<isBuiltInExpectArg/1>::get(this.getArgument(0))
     }
   }
 
-  /**
-   * Holds if `left == right + k` is `areEqual` if `cmp` evaluates to `value`,
-   * and `cmp` is an instruction that compares the value of
-   * `__builtin_expect(left == right + k, _)` to `0`.
-   */
-  private predicate builtin_expect_eq(
-    CompareValueNumber cmp, Operand left, Operand right, int k, boolean areEqual,
-    AbstractValue value
-  ) {
-    exists(BuiltinExpectCallValueNumber call, Instruction const, AbstractValue innerValue |
-      int_value(const) = 0 and
-      cmp.hasOperands(call.getAUse(), const.getAUse()) and
-      compares_eq(call.getCondition(), left, right, k, areEqual, innerValue)
-    |
-      cmp instanceof CompareNEValueNumber and
-      value = innerValue
-      or
-      cmp instanceof CompareEQValueNumber and
-      value.getDualValue() = innerValue
-    )
-  }
-
   private predicate complex_eq(
     ValueNumber cmp, Operand left, Operand right, int k, boolean areEqual, AbstractValue value
   ) {
     sub_eq(cmp, left, right, k, areEqual, value)
     or
     add_eq(cmp, left, right, k, areEqual, value)
-    or
-    builtin_expect_eq(cmp, left, right, k, areEqual, value)
-  }
-
-  /**
-   * Holds if `op == k` is `areEqual` if `cmp` evaluates to `value`, and `cmp` is
-   * an instruction that compares the value of `__builtin_expect(op == k, _)` to `0`.
-   */
-  private predicate unary_builtin_expect_eq(
-    CompareValueNumber cmp, Operand op, int k, boolean areEqual, AbstractValue value
-  ) {
-    exists(BuiltinExpectCallValueNumber call, Instruction const, AbstractValue innerValue |
-      int_value(const) = 0 and
-      cmp.hasOperands(call.getAUse(), const.getAUse()) and
-      unary_compares_eq(call.getCondition(), op, k, areEqual, innerValue)
-    |
-      cmp instanceof CompareNEValueNumber and
-      value = innerValue
-      or
-      cmp instanceof CompareEQValueNumber and
-      value.getDualValue() = innerValue
-    )
   }
 
   private predicate unary_complex_eq(
@@ -1188,8 +1212,6 @@ private module Cached {
     unary_sub_eq(test, op, k, areEqual, value)
     or
     unary_add_eq(test, op, k, areEqual, value)
-    or
-    unary_builtin_expect_eq(test, op, k, areEqual, value)
   }
 
   /*
@@ -1215,6 +1237,15 @@ private module Cached {
     exists(AbstractValue dual | value = dual.getDualValue() |
       compares_lt(test.(LogicalNotValueNumber).getUnary(), left, right, k, isLt, dual)
     )
+    or
+    compares_lt(test.(BuiltinExpectCallValueNumber).getCondition(), left, right, k, isLt, value)
+    or
+    // See argument for why this is correct in compares_eq
+    exists(Operand l, BooleanValue bv |
+      unary_compares_eq(test, l, 0, bv.getValue().booleanNot(), value) and
+      compares_lt(valueNumber(BooleanInstruction<isUnaryComparesEqLeft/1>::get(l.getDef())), left,
+        right, k, isLt, bv)
+    )
   }
 
   /** Holds if `op < k` evaluates to `isLt` given that `test` evaluates to `value`. */
@@ -1234,6 +1265,15 @@ private module Cached {
       int_value(const) = k1 and
       k = k1 + k2
     )
+    or
+    compares_lt(test.(BuiltinExpectCallValueNumber).getCondition(), op, k, isLt, value)
+    or
+    // See argument for why this is correct in compares_eq
+    exists(Operand l, BooleanValue bv |
+      unary_compares_eq(test, l, 0, bv.getValue().booleanNot(), value) and
+      compares_lt(valueNumber(BooleanInstruction<isUnaryComparesEqLeft/1>::get(l.getDef())), op, k,
+        isLt, bv)
+    )
   }
 
   /** `(a < b + k) => (b > a - k) => (b >= a + (1-k))` */

cpp/ql/test/library-tests/controlflow/guards/Guards.expected

@@ -44,6 +44,8 @@
 | test.c:198:8:198:8 | b |
 | test.c:206:7:206:8 | ! ... |
 | test.c:206:8:206:8 | c |
+| test.c:215:6:215:18 | call to __builtin_expect |
+| test.c:219:9:219:22 | call to __builtin_expect |
 | test.cpp:18:8:18:10 | call to get |
 | test.cpp:31:7:31:13 | ... == ... |
 | test.cpp:42:13:42:20 | call to getABool |
@@ -92,3 +94,15 @@
 | test.cpp:241:9:241:43 | ... && ... |
 | test.cpp:241:22:241:30 | ... == ... |
 | test.cpp:241:35:241:43 | ... == ... |
+| test.cpp:247:6:247:18 | ... == ... |
+| test.cpp:253:6:253:18 | ... != ... |
+| test.cpp:260:6:260:18 | ... == ... |
+| test.cpp:266:6:266:18 | ... != ... |
+| test.cpp:273:6:273:17 | ... == ... |
+| test.cpp:279:6:279:17 | ... != ... |
+| test.cpp:287:6:287:19 | ... == ... |
+| test.cpp:293:6:293:19 | ... != ... |
+| test.cpp:300:6:300:19 | ... == ... |
+| test.cpp:306:6:306:19 | ... != ... |
+| test.cpp:312:6:312:18 | ... == ... |
+| test.cpp:318:6:318:18 | ... != ... |