Java: Adjust comment style.

java/ql/src/Security/CWE/CWE-129/ArraySizing.qll

@@ -66,16 +66,10 @@ class PointlessLoop extends WhileStmt {
  */
 class CheckableArrayAccess extends ArrayAccess {
   CheckableArrayAccess() {
-    /*
-     * We are not interested in array accesses that don't access the first dimension.
-     */
-
+    // We are not interested in array accesses that don't access the first dimension.
     not this.getArray() instanceof ArrayAccess and
-    /*
-     * Array accesses within loops can make it difficult to verify whether the index is checked
-     * prior to access. Ignore "pointless" loops of the sort found in Juliet test cases.
-     */
-
+    // Array accesses within loops can make it difficult to verify whether the index is checked
+    // prior to access. Ignore "pointless" loops of the sort found in Juliet test cases.
     not exists(LoopStmt loop |
       loop.getBody().getAChild*() = getEnclosingStmt() and
       not loop instanceof PointlessLoop
@@ -102,24 +96,15 @@ class CheckableArrayAccess extends ArrayAccess {
    * to the array being initialized with `sizeExpr`, which may be zero.
    */
   predicate canThrowOutOfBoundsDueToEmptyArray(Expr sizeExpr, ArrayCreationExpr arrayCreation) {
-    /*
-     * Find an `ArrayCreationExpr` for the array used in this indexing operation.
-     */
-
+    // Find an `ArrayCreationExpr` for the array used in this indexing operation.
     exists(VariableAssign assign |
       assign.getSource() = arrayCreation and
       defUsePair(assign, this.getArray())
     ) and
-    /*
-     * If the array access is protected by a conditional that verifies the index is less than the array
-     * length, then the array will never be accessed if the size is zero.
-     */
-
+    // If the array access is protected by a conditional that verifies the index is less than the array
+    // length, then the array will never be accessed if the size is zero.
     not lessthanLength(this) and
-    /*
-     * Verify that the size expression is never checked to be greater than 0.
-     */
-
+    // Verify that the size expression is never checked to be greater than 0.
     sizeExpr = arrayCreation.getDimension(0) and
     not lowerBound(sizeExpr) > 0
   }
@@ -167,11 +152,8 @@ class RandomValueFlowSource extends BoundedFlowSource {
   }
 
   int upperBound() {
-    /*
-     * If this call specified an argument to `nextInt()`, and that argument is a compile time constant,
-     * it forms the upper bound.
-     */
-
+    // If this call specified an argument to `nextInt()`, and that argument is a compile time constant,
+    // it forms the upper bound.
     this.asExpr().(MethodAccess).getCallee().hasName("nextInt") and
     this.asExpr().(MethodAccess).getNumArgument() = 1 and
     result = this.asExpr().(MethodAccess).getArgument(0).(CompileTimeConstantExpr).getIntValue()

java/ql/src/Security/CWE/CWE-190/ArithmeticCommon.qll

@@ -3,11 +3,10 @@ import semmle.code.java.controlflow.Dominance
 import semmle.code.java.dataflow.DefUse
 import semmle.code.java.controlflow.Guards
 
-/*
- * The type of `exp` is narrower than or equal to `numType`,
+/**
+ * Holds if the type of `exp` is narrower than or equal to `numType`,
  * or there is an enclosing cast to a type at least as narrow as 'numType'.
  */
-
 predicate narrowerThanOrEqualTo(ArithExpr exp, NumType numType) {
   exp.getType().(NumType).widerThan(numType)
   implies

java/ql/src/semmle/code/xml/MavenPom.qll

@@ -52,11 +52,8 @@ class ProtoPom extends XMLElement {
 class Pom extends ProtoPom {
   Pom() {
     this.getName() = "project" and
-    /*
-     * Ignore "dependency-reduced-pom" files - these are generated by the
-     * shading plugin, and duplicate existing pom files.
-     */
-
+    // Ignore "dependency-reduced-pom" files - these are generated by the
+    // shading plugin, and duplicate existing pom files.
     this.getFile().getStem() != "dependency-reduced-pom"
   }
 
@@ -260,24 +257,15 @@ class Dependency extends ProtoPom {
 class PomDependency extends Dependency {
   PomDependency() {
     exists(Pom source |
-      /*
-       * This dependency must be a dependency of a pom - dependency tags can also appear in the dependency
-       * management section, where they do not directly contribute to the dependencies of the containing
-       * pom.
-       */
-
+      // This dependency must be a dependency of a pom - dependency tags can also appear in the dependency
+      // management section, where they do not directly contribute to the dependencies of the containing
+      // pom.
       source.getADependency() = this and
-      /*
-       * Consider dependencies that can be used at compile time.
-       */
-
+      // Consider dependencies that can be used at compile time.
       (
         getScope() = "compile" or
-        /*
-         * Provided dependencies are like compile time dependencies except (a) they are not packaged
-         * when creating the jar and (b) they are not transitive.
-         */
-
+        // Provided dependencies are like compile time dependencies except (a) they are not packaged
+        // when creating the jar and (b) they are not transitive.
         getScope() = "provided"
         // We ignore "test" dependencies because they can be runtime or compile time dependencies
       )
@@ -412,11 +400,8 @@ class MavenRepoJar extends File {
 
   string getGroupID() {
     exists(MavenRepo mr | mr.getAJarFile() = this |
-      /*
-       * Assuming the standard layout, the first part of the directory structure from the maven
-       * repository will be the groupId converted to a path by replacing "." with "/".
-       */
-
+      // Assuming the standard layout, the first part of the directory structure from the maven
+      // repository will be the groupId converted to a path by replacing "." with "/".
       result = getParentContainer()
             .getParentContainer()
             .getParentContainer()