C++: Add MaD barrier guard tests.

Author: MathiasVP

cpp/ql/test/library-tests/dataflow/ir-barrier-guards/test.cpp

@@ -12,4 +12,39 @@ void testCheckArgument(int p) {
   if (checkArgument(&p)) {
     sink(p); // $ barrier=glval<int> indirect_barrier=int
   }
+}
+
+int* get_clean_value(int* x) { return x; }
+bool is_clean_value(int*);
+
+int* get_clean_pointer(int* x) { return x; }
+bool is_clean_pointer(int*);
+
+void sink(int);
+void sink(int*);
+
+void test_mad(int x, int* p) {
+	{
+		if(is_clean_value(&x)) {
+			sink(x); // $ MISSING: external=int
+		}
+	}
+
+	{
+		if(is_clean_value(p)) {
+			sink(*p); // $ MISSING: external=int
+		}
+	}
+
+	{
+		if(is_clean_pointer(p)) {
+			sink(p); // $ MISSING: external=int*
+		}
+	}
+
+	{
+		if(is_clean_pointer(&x)) {
+			sink(x); // $ MISSING: external=glval<int>
+		}
+	}
 }

cpp/ql/test/library-tests/dataflow/ir-barrier-guards/test.ext.yml

@@ -0,0 +1,13 @@
+extensions:
+  - addsTo:
+      pack: codeql/cpp-all
+      extensible: barrierModel
+    data:
+      - ["", "", False, "get_clean_pointer", "", "", "ReturnValue", "test-barrier", "manual"]
+      - ["", "", False, "get_clean_data", "", "", "ReturnValue[*]", "test-barrier", "manual"]
+  - addsTo:
+        pack: codeql/cpp-all
+        extensible: barrierGuardModel
+    data:
+      - ["", "", False, "is_clean_value", "", "", "Argument[*0]", "true", "test-barrier", "manual"]
+      - ["", "", False, "is_clean_pointer", "", "", "Argument[0]", "true", "test-barrier", "manual"]

cpp/ql/test/library-tests/dataflow/ir-barrier-guards/test.ql

@@ -2,6 +2,7 @@ import cpp
 import semmle.code.cpp.dataflow.new.DataFlow
 import semmle.code.cpp.controlflow.IRGuards
 import utils.test.InlineExpectationsTest
+import semmle.code.cpp.dataflow.ExternalFlow
 
 predicate instructionGuardChecks(IRGuardCondition gc, Instruction checked, boolean branch) {
   exists(CallInstruction call |
@@ -31,13 +32,11 @@ module Test implements TestSig {
   string getARelevantTag() { result = ["barrier", "indirect_barrier"] }
 
   predicate hasActualResult(Location location, string element, string tag, string value) {
-    exists(DataFlow::Node node, string s |
-      indirectBarrierGuard(node, s) and
-      value = s and
+    exists(DataFlow::Node node |
+      indirectBarrierGuard(node, value) and
       tag = "indirect_barrier"
       or
-      barrierGuard(node, s) and
-      value = s and
+      barrierGuard(node, value) and
       tag = "barrier"
     |
       element = node.toString() and