JS: Use question-mark variant in all overlay annotations

2025-12-16 16:53:25 +01:00 · 2025-12-08 13:10:29 +01:00
parent dce6d0e222
commit 294089fe35
75 changed files with 143 additions and 143 deletions
--- a/javascript/ql/lib/Expressions/ExprHasNoEffect.qll
+++ b/javascript/ql/lib/Expressions/ExprHasNoEffect.qll
@@ -1,7 +1,7 @@
 /**
 * Provides classes and predicates for the 'js/useless-expression' query.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/LanguageFeatures/UnusedIndexVariable.qll
+++ b/javascript/ql/lib/LanguageFeatures/UnusedIndexVariable.qll
@@ -1,7 +1,7 @@
 /**
 * Provides a predicate for identifying unused index variables in loops.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/AMD.qll
+++ b/javascript/ql/lib/semmle/javascript/AMD.qll
@@ -2,7 +2,7 @@
 * Provides classes for working with
 * [Asynchronous Module Definitions](https://github.com/amdjs/amdjs-api/wiki/AMD).
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/AST.qll
+++ b/javascript/ql/lib/semmle/javascript/AST.qll
@@ -1,7 +1,7 @@
 /**
 * Provides classes for working with the AST-based representation of JavaScript programs.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
@@ -477,7 +477,7 @@ module AST {
    DataFlow::AnalyzedNode analyze() { result = DataFlow::valueNode(this).analyze() }
    /** Gets the data flow node associated with this program element. */
-    overlay[caller]
+    overlay[caller?]
    pragma[inline]
    DataFlow::ValueNode flow() { result = DataFlow::valueNode(this) }
--- a/javascript/ql/lib/semmle/javascript/CFG.qll
+++ b/javascript/ql/lib/semmle/javascript/CFG.qll
@@ -272,7 +272,7 @@
 * Note that the `import` statement as a whole is part of the CFG of the body, while its single
 * import specifier `x as y` forms part of the preamble.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/Classes.qll
+++ b/javascript/ql/lib/semmle/javascript/Classes.qll
@@ -4,7 +4,7 @@
 * Class declarations and class expressions are modeled by (QL) classes `ClassDeclaration`
 * and `ClassExpression`, respectively, which are both subclasses of `ClassDefinition`.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/Closure.qll
+++ b/javascript/ql/lib/semmle/javascript/Closure.qll
@@ -1,7 +1,7 @@
 /**
 * Provides classes for working with the Closure-Library module system.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/Comments.qll
+++ b/javascript/ql/lib/semmle/javascript/Comments.qll
@@ -1,5 +1,5 @@
 /** Provides classes for working with JavaScript comments. */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/Constants.qll
+++ b/javascript/ql/lib/semmle/javascript/Constants.qll
@@ -1,7 +1,7 @@
 /**
 * Provides classes for working with expressions that evaluate to constant values.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/DefUse.qll
+++ b/javascript/ql/lib/semmle/javascript/DefUse.qll
@@ -1,5 +1,5 @@
 /** Provides classes and predicates for working with variable definitions and uses. */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/E4X.qll
+++ b/javascript/ql/lib/semmle/javascript/E4X.qll
@@ -1,7 +1,7 @@
 /**
 * Provides classes for working with E4X.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/ES2015Modules.qll
+++ b/javascript/ql/lib/semmle/javascript/ES2015Modules.qll
@@ -1,5 +1,5 @@
 /** Provides classes for working with ECMAScript 2015 modules. */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/Errors.qll
+++ b/javascript/ql/lib/semmle/javascript/Errors.qll
@@ -1,5 +1,5 @@
 /** Provides classes for working with syntax errors. */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/Expr.qll
+++ b/javascript/ql/lib/semmle/javascript/Expr.qll
@@ -1,7 +1,7 @@
 /**
 * Provides classes for working with expressions.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
@@ -253,7 +253,7 @@ class Expr extends @expr, ExprOrStmt, ExprOrType, AST::ValueNode {
   * Gets the data-flow node where exceptions thrown by this expression will
   * propagate if this expression causes an exception to be thrown.
   */
-  overlay[caller]
+  overlay[caller?]
  pragma[inline]
  DataFlow::Node getExceptionTarget() {
    result = getCatchParameterFromStmt(getRawEnclosingStmt(this))
@@ -271,7 +271,7 @@ private DataFlow::Node getCatchParameterFromStmt(Stmt stmt) {
    DataFlow::parameterNode(stmt.getEnclosingTryCatchStmt().getACatchClause().getAParameter())
 }
-overlay[caller]
+overlay[caller?]
 pragma[inline]
 private Stmt getRawEnclosingStmt(Expr e) {
  // For performance reasons, we need the enclosing statement without overrides
--- a/javascript/ql/lib/semmle/javascript/Extend.qll
+++ b/javascript/ql/lib/semmle/javascript/Extend.qll
@@ -1,7 +1,7 @@
 /**
 * Provides classes for reasoning about `extend`-like functions.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/Externs.qll
+++ b/javascript/ql/lib/semmle/javascript/Externs.qll
@@ -36,7 +36,7 @@
 * Array.prototype.length;
 * </pre>
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/Files.qll
+++ b/javascript/ql/lib/semmle/javascript/Files.qll
@@ -1,5 +1,5 @@
 /** Provides classes for working with files and folders. */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/Functions.qll
+++ b/javascript/ql/lib/semmle/javascript/Functions.qll
@@ -1,5 +1,5 @@
 /** Provides classes for working with functions. */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/GlobalAccessPaths.qll
+++ b/javascript/ql/lib/semmle/javascript/GlobalAccessPaths.qll
@@ -1,7 +1,7 @@
 /**
 * Provides predicates for associating qualified names with data flow nodes.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
@@ -357,7 +357,7 @@ module AccessPath {
     * Gets a variable that is relevant for the computations in the `GetLaterAccess` module.
     * This predicate restricts as much as it can, but without depending on `getAVariableRef`.
     */
-    overlay[caller]
+    overlay[caller?]
    pragma[inline]
    private SsaVariable getARelevantVariableSimple() {
      // The variable might be used where `getLaterBaseAccess()` is called.
@@ -409,7 +409,7 @@ module AccessPath {
   * }
   * ```
   */
-  overlay[caller]
+  overlay[caller?]
  pragma[inline]
  DataFlow::Node getAReferenceTo(Root root, string path) {
    path = fromReference(result, root) and
@@ -433,7 +433,7 @@ module AccessPath {
   * })(NS = NS || {});
   * ```
   */
-  overlay[caller]
+  overlay[caller?]
  pragma[inline]
  DataFlow::Node getAReferenceTo(string path) {
    path = fromReference(result, DataFlow::globalAccessPathRootPseudoNode())
@@ -455,7 +455,7 @@ module AccessPath {
   * }
   * ```
   */
-  overlay[caller]
+  overlay[caller?]
  pragma[inline]
  DataFlow::Node getAnAssignmentTo(Root root, string path) {
    path = fromRhs(result, root) and
@@ -477,7 +477,7 @@ module AccessPath {
   *  })(foo = foo || {});
   * ```
   */
-  overlay[caller]
+  overlay[caller?]
  pragma[inline]
  DataFlow::Node getAnAssignmentTo(string path) {
    path = fromRhs(result, DataFlow::globalAccessPathRootPseudoNode())
@@ -488,7 +488,7 @@ module AccessPath {
   *
   * See `getAReferenceTo` and `getAnAssignmentTo` for more details.
   */
-  overlay[caller]
+  overlay[caller?]
  pragma[inline]
  DataFlow::Node getAReferenceOrAssignmentTo(string path) {
    result = getAReferenceTo(path)
@@ -501,7 +501,7 @@ module AccessPath {
   *
   * See `getAReferenceTo` and `getAnAssignmentTo` for more details.
   */
-  overlay[caller]
+  overlay[caller?]
  pragma[inline]
  DataFlow::Node getAReferenceOrAssignmentTo(Root root, string path) {
    result = getAReferenceTo(root, path)
@@ -530,7 +530,7 @@ module AccessPath {
  /**
   * Gets a `SourceNode` that refers to the same value or access path as the given node.
   */
-  overlay[caller]
+  overlay[caller?]
  pragma[inline]
  DataFlow::SourceNode getAnAliasedSourceNode(DataFlow::Node node) {
    exists(DataFlow::SourceNode root, string accessPath |
--- a/javascript/ql/lib/semmle/javascript/HTML.qll
+++ b/javascript/ql/lib/semmle/javascript/HTML.qll
@@ -1,5 +1,5 @@
 /** Provides classes for working with HTML documents. */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/JSDoc.qll
+++ b/javascript/ql/lib/semmle/javascript/JSDoc.qll
@@ -1,5 +1,5 @@
 /** Provides classes for working with JSDoc comments. */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/JSON.qll
+++ b/javascript/ql/lib/semmle/javascript/JSON.qll
@@ -1,7 +1,7 @@
 /**
 * Provides classes for working with JSON data.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/JSX.qll
+++ b/javascript/ql/lib/semmle/javascript/JSX.qll
@@ -1,7 +1,7 @@
 /**
 * Provides classes for working with JSX code.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/Lines.qll
+++ b/javascript/ql/lib/semmle/javascript/Lines.qll
@@ -4,7 +4,7 @@
 * This information is only available for snapshots that have been extracted with
 * the `--extract-program-text` flag.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/Locations.qll
+++ b/javascript/ql/lib/semmle/javascript/Locations.qll
@@ -1,5 +1,5 @@
 /** Provides classes for working with locations and program elements that have locations. */
-overlay[local]
+overlay[local?]
 module;
 import javascript
@@ -32,7 +32,7 @@ final class Location extends @location_default {
  int getNumLines() { result = this.getEndLine() - this.getStartLine() + 1 }
  /** Holds if this location starts before location `that`. */
-  overlay[caller]
+  overlay[caller?]
  pragma[inline]
  predicate startsBefore(Location that) {
    exists(string f, int sl1, int sc1, int sl2, int sc2 |
@@ -46,7 +46,7 @@ final class Location extends @location_default {
  }
  /** Holds if this location ends after location `that`. */
-  overlay[caller]
+  overlay[caller?]
  pragma[inline]
  predicate endsAfter(Location that) {
    exists(string f, int el1, int ec1, int el2, int ec2 |
--- a/javascript/ql/lib/semmle/javascript/Modules.qll
+++ b/javascript/ql/lib/semmle/javascript/Modules.qll
@@ -3,7 +3,7 @@
 * ECMAScript 2015-style modules, and the older CommonJS and AMD-style
 * modules.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/NodeJS.qll
+++ b/javascript/ql/lib/semmle/javascript/NodeJS.qll
@@ -17,7 +17,7 @@ private import semmle.javascript.dataflow.internal.DataFlowNode
 *   process.stdout.write(fs.readFileSync(process.argv[i], 'utf8'));
 * ```
 */
-overlay[local]
+overlay[local?]
 class NodeModule extends Module {
  NodeModule() {
    is_module(this) and
@@ -234,7 +234,7 @@ predicate findNodeModulesFolder(Folder f, Folder nodeModules, int distance) {
 /**
 * A Node.js `require` variable.
 */
-overlay[local]
+overlay[local?]
 private class RequireVariable extends Variable {
  RequireVariable() {
    this = any(ModuleScope m).getVariable("require")
@@ -247,7 +247,7 @@ private class RequireVariable extends Variable {
  }
 }
-overlay[local]
+overlay[local?]
 private predicate isModuleModule(EarlyStageNode nd) {
  exists(ImportDeclaration imp | imp.getRawImportPath() = "module" |
    nd = TDestructuredModuleImportNode(imp)
@@ -261,7 +261,7 @@ private predicate isModuleModule(EarlyStageNode nd) {
  )
 }
-overlay[local]
+overlay[local?]
 private predicate isCreateRequire(EarlyStageNode nd) {
  exists(PropAccess prop |
    isModuleModule(TValueNode(prop.getBase())) and
@@ -291,7 +291,7 @@ private predicate isCreateRequire(EarlyStageNode nd) {
 /**
 * Holds if `nd` may refer to `require`, either directly or modulo local data flow.
 */
-overlay[local]
+overlay[local?]
 cached
 private predicate isRequire(EarlyStageNode nd) {
  exists(VarAccess access |
@@ -334,7 +334,7 @@ private predicate isRequire(EarlyStageNode nd) {
 * require('fs')
 * ```
 */
-overlay[local]
+overlay[local?]
 class Require extends CallExpr, Import {
  Require() { isRequire(TValueNode(this.getCallee())) }
--- a/javascript/ql/lib/semmle/javascript/Promises.qll
+++ b/javascript/ql/lib/semmle/javascript/Promises.qll
@@ -186,13 +186,13 @@ module Promises {
  /**
   * Gets the pseudo-field used to describe resolved values in a promise.
   */
-  overlay[local]
+  overlay[local?]
  string valueProp() { result = "$PromiseResolveField$" }
  /**
   * Gets the pseudo-field used to describe rejected values in a promise.
   */
-  overlay[local]
+  overlay[local?]
  string errorProp() { result = "$PromiseRejectField$" }
  /** A property set containing the pseudo-properites of a promise object. */
--- a/javascript/ql/lib/semmle/javascript/Regexp.qll
+++ b/javascript/ql/lib/semmle/javascript/Regexp.qll
@@ -4,7 +4,7 @@
 * Regular expression literals are represented as an abstract syntax tree of regular expression
 * terms.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/SSA.qll
+++ b/javascript/ql/lib/semmle/javascript/SSA.qll
@@ -73,7 +73,7 @@
 * expression in `k` induces a re-capture of `x` to reflect the fact that `x`
 * is incremented between the two `console.log` calls.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/Stmt.qll
+++ b/javascript/ql/lib/semmle/javascript/Stmt.qll
@@ -1,5 +1,5 @@
 /** Provides classes for working with statements. */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/Templates.qll
+++ b/javascript/ql/lib/semmle/javascript/Templates.qll
@@ -1,5 +1,5 @@
 /** Provides classes for working with ECMAScript 2015-style template expressions. */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/Tokens.qll
+++ b/javascript/ql/lib/semmle/javascript/Tokens.qll
@@ -1,7 +1,7 @@
 /**
 * Provides classes for working with the token-based representation of JavaScript programs.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/TypeAnnotations.qll
+++ b/javascript/ql/lib/semmle/javascript/TypeAnnotations.qll
@@ -1,7 +1,7 @@
 /**
 * Provides classes for reasoning about type annotations independently of dialect.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/TypeScript.qll
+++ b/javascript/ql/lib/semmle/javascript/TypeScript.qll
@@ -1,4 +1,4 @@
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/Variables.qll
+++ b/javascript/ql/lib/semmle/javascript/Variables.qll
@@ -1,5 +1,5 @@
 /** Provides classes for modeling program variables. */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/XML.qll
+++ b/javascript/ql/lib/semmle/javascript/XML.qll
@@ -1,7 +1,7 @@
 /**
 * Provides classes and predicates for working with XML files and their content.
 */
-overlay[local]
+overlay[local?]
 module;
 import semmle.files.FileSystem
--- a/javascript/ql/lib/semmle/javascript/YAML.qll
+++ b/javascript/ql/lib/semmle/javascript/YAML.qll
@@ -4,7 +4,7 @@
 * YAML documents are represented as abstract syntax trees whose nodes
 * are either YAML values or alias nodes referring to another YAML value.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/dataflow/AbstractValues.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/AbstractValues.qll
@@ -37,7 +37,7 @@
 * they represent; additionally, indefinite abstract values record
 * the source of imprecision that caused them to arise.
 */
-overlay[local]
+overlay[local?]
 module;
 private import javascript
--- a/javascript/ql/lib/semmle/javascript/dataflow/AdditionalFlowSteps.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/AdditionalFlowSteps.qll
@@ -33,7 +33,7 @@ private import semmle.javascript.internal.CachedStages
 * Note: For performance reasons, all subclasses of this class should be part
 * of the standard library. Use `isAdditionalFlowStep` for query-specific flow steps.
 */
-overlay[local]
+overlay[local?]
 class AdditionalFlowStep extends Unit {
  /**
   * Holds if `pred` &rarr; `succ` should be considered a value-preserving data flow edge.f
--- a/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll
@@ -625,19 +625,19 @@ abstract deprecated class LabeledBarrierGuardNode extends BarrierGuardNode {
 *
 * For use with load/store steps in `DataFlow::SharedFlowStep` and TypeTracking.
 */
-overlay[local]
+overlay[local?]
 module PseudoProperties {
  /** Holds if `s` is a pseudo-property. */
  bindingset[s]
-  overlay[caller]
+  overlay[caller?]
  predicate isPseudoProperty(string s) { s.matches("$%$") }
  bindingset[s]
-  overlay[caller]
+  overlay[caller?]
  private string pseudoProperty(string s) { result = "$" + s + "$" }
  bindingset[s, v]
-  overlay[caller]
+  overlay[caller?]
  private string pseudoProperty(string s, string v) { result = "$" + s + "|" + v + "$" }
  /**
@@ -684,7 +684,7 @@ module PseudoProperties {
   * Gets a pseudo-property for the location of a map value where the key is `key`.
   * The string value of the `key` is encoded in the result, and there is only a result if the string value of `key` is known.
   */
-  overlay[caller]
+  overlay[caller?]
  pragma[inline]
  string mapValueKnownKey(DataFlow::Node key) {
    result = mapValueKey(any(string s | key.mayHaveStringValue(s)))
@@ -694,20 +694,20 @@ module PseudoProperties {
   * Gets a pseudo-property for the location of a map value where the key is `key`.
   */
  bindingset[key]
-  overlay[caller]
+  overlay[caller?]
  string mapValueKey(string key) { result = pseudoProperty("mapValue", key) }
  /**
   * Holds if `prop` equals `mapValueKey(key)` for some value of `key`.
   */
  bindingset[prop]
-  overlay[caller]
+  overlay[caller?]
  predicate isMapValueKey(string prop) { prop.matches("$mapValue|%$") }
  /**
   * Gets a pseudo-property for the location of a map value where the key is `key`.
   */
-  overlay[caller]
+  overlay[caller?]
  pragma[inline]
  string mapValue(DataFlow::Node key) {
    result = mapValueKnownKey(key)
--- a/javascript/ql/lib/semmle/javascript/dataflow/CustomAbstractValueDefinitions.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/CustomAbstractValueDefinitions.qll
@@ -7,7 +7,7 @@
 * For performance reasons, all subclasses of `CustomAbstractValueDefinition`
 * should be part of the standard library.
 */
-overlay[local]
+overlay[local?]
 module;
 private import javascript
--- a/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll
@@ -17,7 +17,7 @@
 * Flow through global variables, object properties or function calls is not
 * modeled (except for immediately invoked functions as explained above).
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/dataflow/FlowSummary.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/FlowSummary.qll
@@ -1,5 +1,5 @@
 /** Provides classes and predicates for defining flow summaries. */
-overlay[local]
+overlay[local?]
 module;
 private import javascript
--- a/javascript/ql/lib/semmle/javascript/dataflow/InferredTypes.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/InferredTypes.qll
@@ -1,4 +1,4 @@
-overlay[local]
+overlay[local?]
 module;
 /**
--- a/javascript/ql/lib/semmle/javascript/dataflow/Nodes.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/Nodes.qll
@@ -3,7 +3,7 @@
 * as nodes corresponding to function definitions or nodes corresponding to
 * parameters.
 */
-overlay[local]
+overlay[local?]
 module;
 private import javascript
--- a/javascript/ql/lib/semmle/javascript/dataflow/Refinements.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/Refinements.qll
@@ -27,7 +27,7 @@
 * so the refinement can evaluate to both `true` and `false` for the same
 * candidate value.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/dataflow/Sources.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/Sources.qll
@@ -5,7 +5,7 @@
 * Note that unlike `TypeTracking.qll`, this library only performs
 * local tracking within a function.
 */
-overlay[local]
+overlay[local?]
 module;
 private import javascript
--- a/javascript/ql/lib/semmle/javascript/dataflow/internal/AbstractValuesImpl.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/AbstractValuesImpl.qll
@@ -3,7 +3,7 @@
 *
 * Provides a representation for abstract values.
 */
-overlay[local]
+overlay[local?]
 module;
 private import javascript
--- a/javascript/ql/lib/semmle/javascript/dataflow/internal/AccessPaths.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/AccessPaths.qll
@@ -14,7 +14,7 @@
 * to the same value have the same access paths, so access paths are neither sound nor
 * complete as an approximation of expression semantics.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/dataflow/internal/AdditionalFlowInternal.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/AdditionalFlowInternal.qll
@@ -5,7 +5,7 @@ private import semmle.javascript.dataflow.internal.DataFlowPrivate
 /**
 * Gets a data-flow node synthesized using `AdditionalFlowInternal#needsSynthesizedNode`.
 */
-overlay[local]
+overlay[local?]
 DataFlow::Node getSynthesizedNode(AstNode node, string tag) {
  result = TGenericSynthesizedNode(node, tag, _)
 }
@@ -13,7 +13,7 @@ DataFlow::Node getSynthesizedNode(AstNode node, string tag) {
 /**
 * An extension to `AdditionalFlowStep` with additional internal-only predicates.
 */
-overlay[local]
+overlay[local?]
 class AdditionalFlowInternal extends DataFlow::AdditionalFlowStep {
  /**
   * Holds if a data-flow node should be synthesized for the pair `(node, tag)`.
--- a/javascript/ql/lib/semmle/javascript/dataflow/internal/Contents.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/Contents.qll
@@ -1,4 +1,4 @@
-overlay[local]
+overlay[local?]
 module;
 private import javascript
@@ -337,14 +337,14 @@ module Public {
    /**
     * A content set containing only the given content.
     */
-    overlay[caller]
+    overlay[caller?]
    pragma[inline]
    ContentSet singleton(Content content) { result.asSingleton() = content }
    /**
     * A content set corresponding to the given property name.
     */
-    overlay[caller]
+    overlay[caller?]
    pragma[inline]
    ContentSet property(PropertyName name) { result.asSingleton().asPropertyName() = name }
@@ -405,7 +405,7 @@ module Public {
     * If `bound` is too large, it is truncated to the greatest lower bound we can represent.
     */
    bindingset[bound]
-    overlay[caller]
+    overlay[caller?]
    ContentSet arrayElementLowerBoundFromInt(int bound) {
      result = arrayElementLowerBound(bound.minimum(getMaxPreciseArrayIndex() + 1))
    }
@@ -416,7 +416,7 @@ module Public {
     * If `n` is too large, it is truncated to the greatest lower bound we can represent.
     */
    bindingset[n]
-    overlay[caller]
+    overlay[caller?]
    ContentSet arrayElementFromInt(int n) {
      result = arrayElementKnown(n)
      or
@@ -456,7 +456,7 @@ module Public {
     * If `key` is not one of the keys we track precisely, this is mapped to the unknown key instead.
     */
    bindingset[key]
-    overlay[caller]
+    overlay[caller?]
    ContentSet mapValueFromKey(string key) {
      result = mapValueWithKnownKey(key)
      or
@@ -519,7 +519,7 @@ module Public {
     * are mapped to their corresponding content sets (which are no longer seen as property names).
     */
    bindingset[propertyName]
-    overlay[caller]
+    overlay[caller?]
    ContentSet fromLegacyProperty(string propertyName) {
      result = fromLegacyPseudoProperty(propertyName)
      or
--- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll
@@ -3,7 +3,7 @@
 *
 * Contains the raw data type underlying `DataFlow::Node`.
 */
-overlay[local]
+overlay[local?]
 module;
 private import javascript
--- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll
@@ -1,4 +1,4 @@
-overlay[local]
+overlay[local?]
 module;
 private import javascript
@@ -1108,7 +1108,7 @@ DataFlowCallable viableImplInCallContext(DataFlowCall call, DataFlowCall ctx) {
 }
 bindingset[node, fun]
-overlay[caller]
+overlay[caller?]
 pragma[inline_late]
 private predicate sameContainerAsEnclosingContainer(Node node, Function fun) {
  node.getContainer() = fun.getEnclosingContainer()
@@ -1517,7 +1517,7 @@ private Node getPostUpdateForStore(Node base) {
 }
 /** Gets node to target with a store to the given `base` object.. */
-overlay[caller]
+overlay[caller?]
 pragma[inline]
 private Node getStoreTarget(DataFlow::Node base) {
  result = getPostUpdateForStore(base)
--- a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSteps.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSteps.qll
@@ -524,7 +524,7 @@ private module CachedSteps {
  /**
   * Holds if there is a step from `pred` to `succ` through a call to an identity function.
   */
-  overlay[local]
+  overlay[local?]
  cached
  predicate identityFunctionStep(DataFlow::Node pred, DataFlow::CallNode succ) {
    exists(DataFlow::GlobalVarRefNode global |
--- a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll
@@ -1,7 +1,7 @@
 /**
 * Provides JS specific classes and predicates for defining flow summaries.
 */
-overlay[local]
+overlay[local?]
 module;
 private import javascript
--- a/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll
@@ -1,4 +1,4 @@
-overlay[local]
+overlay[local?]
 module;
 private import javascript as js
--- a/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableOrThis.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableOrThis.qll
@@ -1,4 +1,4 @@
-overlay[local]
+overlay[local?]
 module;
 private import javascript
--- a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/Ssa.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/Ssa.qll
@@ -3,7 +3,7 @@
 *
 * JavaScript's old SSA library is still responsible for the ordinary SSA flow.
 */
-overlay[local]
+overlay[local?]
 module;
 private import javascript as js
--- a/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSCore.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSCore.qll
@@ -15,7 +15,7 @@ private import AngularJS
 /**
 * Holds if `nd` is a reference to the `angular` variable.
 */
-overlay[local]
+overlay[local?]
 DataFlow::SourceNode angular() {
  // either as a global
  result = DataFlow::globalVarRef("angular")
--- a/javascript/ql/lib/semmle/javascript/frameworks/LazyCache.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/LazyCache.qll
@@ -1,7 +1,7 @@
 /**
 * Models imports through the NPM `lazy-cache` package.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/frameworks/LodashUnderscore.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/LodashUnderscore.qll
@@ -9,7 +9,7 @@ module LodashUnderscore {
  /**
   * A data flow node that accesses a given member of `lodash` or `underscore`.
   */
-  overlay[local]
+  overlay[local?]
  abstract class Member extends DataFlow::SourceNode {
    /** Gets the name of the accessed member. */
    abstract string getName();
@@ -18,7 +18,7 @@ module LodashUnderscore {
  /**
   * An import of `lodash` or `underscore` accessing a given member of that package.
   */
-  overlay[local]
+  overlay[local?]
  private class DefaultMember extends Member {
    string name;
@@ -41,14 +41,14 @@ module LodashUnderscore {
   * In addition to normal imports, this supports per-method imports such as `require("lodash.map")` and `require("lodash/map")`.
   * In addition, the global variable `_` is assumed to refer to `lodash` or `underscore`.
   */
-  overlay[local]
+  overlay[local?]
  DataFlow::SourceNode member(string name) { result.(Member).getName() = name }
  /**
   * Holds if `name` is the name of a member exported from the `lodash` package
   * which has a corresponding `lodash.xxx` NPM package.
   */
-  overlay[local]
+  overlay[local?]
  private predicate isLodashMember(string name) {
    // Can be generated using Object.keys(require('lodash'))
    name =
@@ -185,7 +185,7 @@ module LodashUnderscore {
    }
  }
-  overlay[local]
+  overlay[local?]
  private class LodashEach extends DataFlow::SummarizedCallable {
    LodashEach() { this = "_.each-like" }
@@ -201,7 +201,7 @@ module LodashUnderscore {
    }
  }
-  overlay[local]
+  overlay[local?]
  private class LodashMap extends DataFlow::SummarizedCallable {
    LodashMap() { this = "_.map" }
@@ -220,7 +220,7 @@ module LodashUnderscore {
    }
  }
-  overlay[local]
+  overlay[local?]
  private class LodashFlatMap extends DataFlow::SummarizedCallable {
    LodashFlatMap() { this = "_.flatMap" }
@@ -242,7 +242,7 @@ module LodashUnderscore {
    }
  }
-  overlay[local]
+  overlay[local?]
  private class LodashFlatMapDeep extends DataFlow::SummarizedCallable {
    LodashFlatMapDeep() { this = "_.flatMapDeep" }
@@ -266,7 +266,7 @@ module LodashUnderscore {
    }
  }
-  overlay[local]
+  overlay[local?]
  private class LodashReduce extends DataFlow::SummarizedCallable {
    LodashReduce() { this = "_.reduce-like" }
@@ -285,7 +285,7 @@ module LodashUnderscore {
    }
  }
-  overlay[local]
+  overlay[local?]
  private class LoashSortBy extends DataFlow::SummarizedCallable {
    LoashSortBy() { this = "_.sortBy-like" }
@@ -303,7 +303,7 @@ module LodashUnderscore {
    }
  }
-  overlay[local]
+  overlay[local?]
  private class LodashMinMaxBy extends DataFlow::SummarizedCallable {
    LodashMinMaxBy() { this = "_.minBy / _.maxBy" }
@@ -317,7 +317,7 @@ module LodashUnderscore {
    }
  }
-  overlay[local]
+  overlay[local?]
  private class LodashPartition extends DataFlow::SummarizedCallable {
    LodashPartition() { this = "_.partition" }
@@ -331,7 +331,7 @@ module LodashUnderscore {
    }
  }
-  overlay[local]
+  overlay[local?]
  private class UnderscoreMapObject extends DataFlow::SummarizedCallable {
    UnderscoreMapObject() { this = "_.mapObject" }
@@ -352,7 +352,7 @@ module LodashUnderscore {
    }
  }
-  overlay[local]
+  overlay[local?]
  private class LodashTap extends DataFlow::SummarizedCallable {
    LodashTap() { this = "_.tap" }
--- a/javascript/ql/lib/semmle/javascript/frameworks/NodeJSLib.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/NodeJSLib.qll
@@ -8,17 +8,17 @@ import semmle.javascript.security.SensitiveActions
 private import semmle.javascript.dataflow.internal.PreCallGraphStep
 module NodeJSLib {
-  overlay[local]
+  overlay[local?]
  private GlobalVariable processVariable() { variables(result, "process", any(GlobalScope sc)) }
-  overlay[local]
+  overlay[local?]
  pragma[nomagic]
  private GlobalVarAccess processExprInTopLevel(TopLevel tl) {
    result = processVariable().getAnAccess() and
    tl = result.getTopLevel()
  }
-  overlay[local]
+  overlay[local?]
  pragma[nomagic]
  private GlobalVarAccess processExprInNodeModule() {
    result = processExprInTopLevel(any(NodeModule m))
@@ -28,7 +28,7 @@ module NodeJSLib {
   * An access to the global `process` variable in a Node.js module, interpreted as
   * an import of the `process` module.
   */
-  overlay[local]
+  overlay[local?]
  private class ImplicitProcessImport extends DataFlow::ModuleImportNode::Range {
    ImplicitProcessImport() { this = DataFlow::exprNode(processExprInNodeModule()) }
--- a/javascript/ql/lib/semmle/javascript/frameworks/PropertyProjection.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/PropertyProjection.qll
@@ -4,7 +4,7 @@
 * Subclass `PropertyProjection` to refine the behavior of the analysis on existing property projections.
 * Subclass `CustomPropertyProjection` to introduce new kinds of property projections.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/frameworks/Templating.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/Templating.qll
@@ -1,7 +1,7 @@
 /**
 * Provides predicates for working with templating libraries.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/frameworks/UriLibraries.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/UriLibraries.qll
@@ -422,7 +422,7 @@ private module ClosureLibraryUri {
  }
 }
-overlay[local]
+overlay[local?]
 private class QueryStringStringification extends DataFlow::SummarizedCallable {
  QueryStringStringification() { this = "query-string stringification" }
--- a/javascript/ql/lib/semmle/javascript/frameworks/data/ModelsAsData.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/data/ModelsAsData.qll
@@ -48,7 +48,7 @@ private class ThreatModelSourceFromDataExtension extends ThreatModelSource::Rang
  }
 }
-overlay[local]
+overlay[local?]
 private class SummarizedCallableFromModel extends DataFlow::SummarizedCallable {
  string type;
  string path;
--- a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsExtensions.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsExtensions.qll
@@ -1,7 +1,7 @@
 /**
 * Defines extensible predicates for contributing library models from data extensions.
 */
-overlay[local]
+overlay[local?]
 module;
 /**
--- a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsSpecific.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsSpecific.qll
@@ -41,7 +41,7 @@ class Location = JS::Location;
 * The model generator must explicitly generate the step between `(package)` and `(package).foo`, for example.
 */
 bindingset[rawType]
-overlay[caller]
+overlay[caller?]
 predicate parseTypeString(string rawType, string package, string qualifiedName) {
  exists(string regexp |
    regexp = "('[^']+'|[^.]+)(.*)" and
@@ -56,7 +56,7 @@ predicate parseTypeString(string rawType, string package, string qualifiedName)
 /**
 * Holds if models describing `package` may be relevant for the analysis of this database.
 */
-overlay[local]
+overlay[local?]
 predicate isPackageUsed(string package) {
  package = "global"
  or
@@ -70,7 +70,7 @@ predicate isPackageUsed(string package) {
 }
 bindingset[type]
-overlay[local]
+overlay[local?]
 predicate isTypeUsed(string type) {
  exists(string package |
    parseTypeString(type, package, _) and
@@ -82,10 +82,10 @@ predicate isTypeUsed(string type) {
 * Holds if `type` can be obtained from an instance of `otherType` due to
 * language semantics modeled by `getExtraNodeFromType`.
 */
-overlay[local]
+overlay[local?]
 predicate hasImplicitTypeModel(string type, string otherType) { none() }
-overlay[local]
+overlay[local?]
 pragma[nomagic]
 private predicate parseRelevantTypeString(string rawType, string package, string qualifiedName) {
  isRelevantFullPath(rawType, _) and
--- a/javascript/ql/lib/semmle/javascript/internal/BasicBlockInternal.qll
+++ b/javascript/ql/lib/semmle/javascript/internal/BasicBlockInternal.qll
@@ -2,7 +2,7 @@
 * Provides classes for working with basic blocks, and predicates for computing
 * liveness information for local variables.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
@@ -320,7 +320,7 @@ module Public {
    /**
     * Holds if this basic block strictly dominates `bb`.
     */
-    overlay[caller]
+    overlay[caller?]
    pragma[inline]
    predicate strictlyDominates(ReachableBasicBlock bb) { this = immediateDominator+(bb) }
@@ -329,14 +329,14 @@ module Public {
     *
     * This predicate is reflexive: each reachable basic block dominates itself.
     */
-    overlay[caller]
+    overlay[caller?]
    pragma[inline]
    predicate dominates(ReachableBasicBlock bb) { this = immediateDominator*(bb) }
    /**
     * Holds if this basic block strictly post-dominates `bb`.
     */
-    overlay[caller]
+    overlay[caller?]
    pragma[inline]
    predicate strictlyPostDominates(ReachableBasicBlock bb) { this = immediatePostDominator+(bb) }
@@ -345,7 +345,7 @@ module Public {
     *
     * This predicate is reflexive: each reachable basic block post-dominates itself.
     */
-    overlay[caller]
+    overlay[caller?]
    pragma[inline]
    predicate postDominates(ReachableBasicBlock bb) { this = immediatePostDominator*(bb) }
  }
--- a/javascript/ql/lib/semmle/javascript/internal/CachedStages.qll
+++ b/javascript/ql/lib/semmle/javascript/internal/CachedStages.qll
@@ -40,7 +40,7 @@ module Stages {
  /**
   * The `ast` stage.
   */
-  overlay[local]
+  overlay[local?]
  cached
  module Ast {
    /**
@@ -85,7 +85,7 @@ module Stages {
  /**
   * The `basicblocks` stage.
   */
-  overlay[local]
+  overlay[local?]
  cached
  module BasicBlocks {
    /**
@@ -112,7 +112,7 @@ module Stages {
  /**
   * The part of data flow computed before flow summary nodes.
   */
-  overlay[local]
+  overlay[local?]
  cached
  module EarlyDataFlowStage {
    /**
@@ -137,7 +137,7 @@ module Stages {
  /**
   * The `dataflow` stage.
   */
-  overlay[local]
+  overlay[local?]
  cached
  module DataFlowStage {
    /**
--- a/javascript/ql/lib/semmle/javascript/internal/Overlay.qll
+++ b/javascript/ql/lib/semmle/javascript/internal/Overlay.qll
@@ -2,10 +2,10 @@ private import javascript
 private import OverlayXml
 /** Holds if the database is an overlay. */
-overlay[local]
+overlay[local?]
 private predicate isOverlay() { databaseMetadata("isOverlay", "true") }
-overlay[local]
+overlay[local?]
 private string getFileFromEntity(@locatable node) {
  exists(@location loc |
    hasLocation(node, loc)
@@ -19,11 +19,11 @@ private string getFileFromEntity(@locatable node) {
 }
 /** Holds if `file` was changed or deleted in the overlay. */
-overlay[local]
+overlay[local?]
 private predicate discardFile(string file) { isOverlay() and overlayChangedFiles(file) }
 /** Holds if `node` is in the `file` and is part of the overlay base database. */
-overlay[local]
+overlay[local?]
 private predicate discardableEntity(string file, @locatable node) {
  not isOverlay() and file = getFileFromEntity(node)
 }
@@ -34,7 +34,7 @@ private predicate discardEntity(@locatable node) {
  exists(string file | discardableEntity(file, node) and discardFile(file))
 }
-overlay[local]
+overlay[local?]
 private string getFileFromLocation(@location loc) {
  exists(@file file |
    locations_default(loc, file, _, _, _, _) and
@@ -43,7 +43,7 @@ private string getFileFromLocation(@location loc) {
 }
 /** Holds if `loc` is in the `file` and is part of the overlay base database. */
-overlay[local]
+overlay[local?]
 private predicate discardableLocation(string file, @location node) {
  not isOverlay() and file = getFileFromLocation(node)
 }
--- a/javascript/ql/lib/semmle/javascript/internal/OverlayXml.qll
+++ b/javascript/ql/lib/semmle/javascript/internal/OverlayXml.qll
@@ -1,4 +1,4 @@
-overlay[local]
+overlay[local?]
 module;
 /**
--- a/javascript/ql/lib/semmle/javascript/internal/StmtContainers.qll
+++ b/javascript/ql/lib/semmle/javascript/internal/StmtContainers.qll
@@ -4,7 +4,7 @@
 * Provides predicates and classes for relating nodes to their
 * enclosing `StmtContainer`.
 */
-overlay[local]
+overlay[local?]
 module;
 private import javascript
@@ -48,7 +48,7 @@ class NodeInStmtContainer extends Locatable, @node_in_stmt_container {
  /**
   * Gets the function or toplevel to which this node belongs.
   */
-  overlay[caller]
+  overlay[caller?]
  pragma[inline]
  final StmtContainer getContainer() { result = getStmtContainer(this) }
 }
--- a/javascript/ql/lib/utils/test/InlineSummaries.qll
+++ b/javascript/ql/lib/utils/test/InlineSummaries.qll
@@ -1,7 +1,7 @@
 import javascript
 import semmle.javascript.dataflow.FlowSummary
-overlay[local]
+overlay[local?]
 class MkSummary extends SummarizedCallable {
  private CallExpr mkSummary;