C++: Add 'isBarrierIn' to prevent path duplication.

Author: MathiasVP

cpp/ql/lib/experimental/semmle/code/cpp/dataflow/ProductFlow.qll

@@ -133,6 +133,18 @@ module ProductFlow {
       this.isAdditionalFlowStep2(node1, node2)
     }
 
+    /**
+     * Holds if data flow into `node` is prohibited in the first projection of the product
+     * dataflow graph.
+     */
+    predicate isBarrierIn1(DataFlow::Node node) { none() }
+
+    /**
+     * Holds if data flow into `node` is prohibited in the second projection of the product
+     * dataflow graph.
+     */
+    predicate isBarrierIn2(DataFlow::Node node) { none() }
+
     predicate hasFlowPath(
       DataFlow::PathNode source1, DataFlow2::PathNode source2, DataFlow::PathNode sink1,
       DataFlow2::PathNode sink2
@@ -169,6 +181,10 @@ module ProductFlow {
       ) {
         exists(Configuration conf | conf.isAdditionalFlowStep1(node1, state1, node2, state2))
       }
+
+      override predicate isBarrierIn(DataFlow::Node node) {
+        exists(Configuration conf | conf.isBarrierIn1(node))
+      }
     }
 
     class Conf2 extends DataFlow2::Configuration {
@@ -202,9 +218,14 @@ module ProductFlow {
       ) {
         exists(Configuration conf | conf.isAdditionalFlowStep2(node1, state1, node2, state2))
       }
+
+      override predicate isBarrierIn(DataFlow::Node node) {
+        exists(Configuration conf | conf.isBarrierIn2(node))
+      }
     }
   }
 
+  pragma[nomagic]
   private predicate reachableInterprocEntry(
     Configuration conf, DataFlow::PathNode source1, DataFlow2::PathNode source2,
     DataFlow::PathNode node1, DataFlow2::PathNode node2

cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql

@@ -132,6 +132,8 @@ class AllocToInvalidPointerConf extends ProductFlow::Configuration {
   override predicate isBarrierOut2(DataFlow::Node node) {
     node = any(DataFlow::SsaPhiNode phi).getAnInput(true)
   }
+
+  override predicate isBarrierIn1(DataFlow::Node node) { isSourcePair(node, _, _, _) }
 }
 
 pragma[nomagic]