CodeQL library for C/C++
codeql/cpp-all 0.13.0 (changelog, source)

Predicate BarrierGuard::getAnIndirectBarrierNode

Gets an indirect expression node that is safely guarded by the given guard check.

For example, given the following code:

int* p;
// ...
*p = source();
if(is_safe_pointer(p)) {

and the following barrier guard check:

predicate myGuardChecks(IRGuardCondition g, Expr e, boolean branch) {
  exists(Call call |
    g.getUnconvertedResultExpression() = call and
    call.getTarget().hasName("is_safe_pointer") and
    e = call.getAnArgument() and
    branch = true

implementing isBarrier as:

predicate isBarrier(DataFlow::Node barrier) {
  barrier = DataFlow::BarrierGuard<myGuardChecks/3>::getAnIndirectBarrierNode()

will block flow from x = source() to sink(x).

NOTE: If a non-indirect expression is tracked, use getABarrierNode instead.

Import path

IndirectExprNode getAnIndirectBarrierNode()