Merge branch 'replace-ast-with-ir-use-usedataflow' into rdmarsh2/repair-365-days-per-year

2026-05-01 11:45:14 +02:00 · 2022-10-28 13:48:12 +02:00
parent a334dc9b2b 42e8ec32d7
commit 9888de8acb
24 changed files with 27614 additions and 27387 deletions
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
@@ -142,11 +142,7 @@ class Node extends TIRDataFlowNode {
   * Gets the non-conversion expression that's indirectly tracked by this node
   * under `index` number of indirections.
   */
-  Expr asIndirectExpr(int index) {
-    exists(Operand operand | hasOperandAndIndex(this, operand, index) |
-      result = operand.getDef().getUnconvertedResultExpression()
-    )
-  }
+  Expr asIndirectExpr(int index) { result = this.(IndirectExprNode).getExpr(index) }

  /**
   * Gets the non-conversion expression that's indirectly tracked by this node
@@ -165,9 +161,7 @@ class Node extends TIRDataFlowNode {
   * behind `index` number of indirections.
   */
  Expr asIndirectConvertedExpr(int index) {
-    exists(Operand operand | hasOperandAndIndex(this, operand, index) |
-      result = operand.getDef().getConvertedResultExpression()
-    )
+    result = this.(IndirectExprNode).getConvertedExpr(index)
  }

  /**
@@ -309,7 +303,12 @@ class Node extends TIRDataFlowNode {

  /** Gets a textual representation of this element. */
  cached
-  final string toString() { result = this.toStringImpl() }
+  final string toString() {
+    result = toExprString(this)
+    or
+    not exists(toExprString(this)) and
+    result = this.toStringImpl()
+  }

  /** INTERNAL: Do not use. */
  string toStringImpl() {
@@ -317,6 +316,12 @@ class Node extends TIRDataFlowNode {
  }
 }

+private string toExprString(Node n) {
+  result = n.asExpr().toString()
+  or
+  result = n.asIndirectExpr().toString() + " indirection"
+}
+
 /**
 * An instruction, viewed as a node in a data flow graph.
 */
@@ -738,6 +743,19 @@ private predicate exprNodeShouldBeIndirectOperand(IndirectOperand node, Expr e,
  not convertedExprMustBeOperand(e)
 }

+/** Holds if `node` should be an `IndirectOperand` that maps `node.asIndirectExpr()` to `e`. */
+private predicate indirectExprNodeShouldBeIndirectOperand(IndirectOperand node, Expr e) {
+  exists(Instruction instr |
+    instr = node.getOperand().getDef() and
+    not node instanceof ExprNode
+  |
+    e = instr.(VariableAddressInstruction).getAst().(Expr).getFullyConverted()
+    or
+    not instr instanceof VariableAddressInstruction and
+    e = instr.getConvertedResultExpression()
+  )
+}
+
 private predicate exprNodeShouldBeIndirectOutNode(IndirectArgumentOutNode node, Expr e) {
  exists(CallInstruction call |
    call.getStaticCallTarget() instanceof Constructor and
@@ -754,10 +772,27 @@ predicate exprNodeShouldBeInstruction(Node node, Expr e) {
  not exprNodeShouldBeIndirectOutNode(_, e)
 }

-private class ExprNodeBase extends Node {
-  Expr getConvertedExpr() { none() } // overridden by subclasses
+/** Holds if `node` should be an `IndirectInstruction` that maps `node.asIndirectExpr()` to `e`. */
+predicate indirectExprNodeShouldBeIndirectInstruction(IndirectInstruction node, Expr e) {
+  exists(Instruction instr |
+    instr = node.getInstruction() and not indirectExprNodeShouldBeIndirectOperand(_, e)
+  |
+    e = instr.(VariableAddressInstruction).getAst().(Expr).getFullyConverted()
+    or
+    not instr instanceof VariableAddressInstruction and
+    e = instr.getConvertedResultExpression()
+  )
+}

-  Expr getExpr() { none() } // overridden by subclasses
+abstract private class ExprNodeBase extends Node {
+  /**
+   * Gets the expression corresponding to this node, if any. The returned
+   * expression may be a `Conversion`.
+   */
+  abstract Expr getConvertedExpr();
+
+  /** Gets the non-conversion expression corresponding to this node, if any. */
+  abstract Expr getExpr();
 }

 private class InstructionExprNode extends ExprNodeBase, InstructionNode {
@@ -765,7 +800,7 @@ private class InstructionExprNode extends ExprNodeBase, InstructionNode {

  final override Expr getConvertedExpr() { exprNodeShouldBeInstruction(this, result) }

-  final override Expr getExpr() { result = this.getInstruction().getUnconvertedResultExpression() }
+  final override Expr getExpr() { result = this.getConvertedExpr().getUnconverted() }

  final override string toStringImpl() { result = this.getConvertedExpr().toString() }
 }
@@ -775,9 +810,7 @@ private class OperandExprNode extends ExprNodeBase, OperandNode {

  final override Expr getConvertedExpr() { exprNodeShouldBeOperand(this, result) }

-  final override Expr getExpr() {
-    result = this.getOperand().getDef().getUnconvertedResultExpression()
-  }
+  final override Expr getExpr() { result = this.getConvertedExpr().getUnconverted() }

  final override string toStringImpl() {
    // Avoid generating multiple `toString` results for `ArgumentNode`s
@@ -790,17 +823,54 @@ private class OperandExprNode extends ExprNodeBase, OperandNode {
 }

 private class IndirectOperandExprNode extends ExprNodeBase, IndirectOperand {
-  LoadInstruction load;
+  IndirectOperandExprNode() { exprNodeShouldBeIndirectOperand(this, _, _) }

-  IndirectOperandExprNode() { exprNodeShouldBeIndirectOperand(this, _, load) }
+  final override Expr getConvertedExpr() { exprNodeShouldBeIndirectOperand(this, result, _) }

-  final override Expr getConvertedExpr() { exprNodeShouldBeIndirectOperand(this, result, load) }
-
-  final override Expr getExpr() { result = load.getUnconvertedResultExpression() }
+  final override Expr getExpr() { result = this.getConvertedExpr().getUnconverted() }

  final override string toStringImpl() { result = this.getConvertedExpr().toString() }
 }

+abstract private class IndirectExprNodeBase extends Node {
+  /**
+   * Gets the expression corresponding to this node, if any. The returned
+   * expression may be a `Conversion`.
+   */
+  abstract Expr getConvertedExpr(int indirectionIndex);
+
+  /** Gets the non-conversion expression corresponding to this node, if any. */
+  abstract Expr getExpr(int indirectionIndex);
+}
+
+private class IndirectOperandIndirectExprNode extends IndirectExprNodeBase, IndirectOperand {
+  IndirectOperandIndirectExprNode() { indirectExprNodeShouldBeIndirectOperand(this, _) }
+
+  final override Expr getConvertedExpr(int index) {
+    this.getIndirectionIndex() = index and
+    indirectExprNodeShouldBeIndirectOperand(this, result)
+  }
+
+  final override Expr getExpr(int index) {
+    this.getIndirectionIndex() = index and
+    result = this.getConvertedExpr(index).getUnconverted()
+  }
+}
+
+private class IndirectInstructionIndirectExprNode extends IndirectExprNodeBase, IndirectInstruction {
+  IndirectInstructionIndirectExprNode() { indirectExprNodeShouldBeIndirectInstruction(this, _) }
+
+  final override Expr getConvertedExpr(int index) {
+    this.getIndirectionIndex() = index and
+    indirectExprNodeShouldBeIndirectInstruction(this, result)
+  }
+
+  final override Expr getExpr(int index) {
+    this.getIndirectionIndex() = index and
+    result = this.getConvertedExpr(index).getUnconverted()
+  }
+}
+
 private class IndirectArgumentOutExprNode extends ExprNodeBase, IndirectArgumentOutNode {
  IndirectArgumentOutExprNode() { exprNodeShouldBeIndirectOutNode(this, _) }

@@ -830,6 +900,25 @@ class ExprNode extends Node instanceof ExprNodeBase {
  Expr getConvertedExpr() { result = super.getConvertedExpr() }
 }

+/**
+ * An indirect expression, viewed as a node in a data flow graph.
+ */
+class IndirectExprNode extends Node instanceof IndirectExprNodeBase {
+  /**
+   * Gets the non-conversion expression corresponding to this node, if any. If
+   * this node strictly (in the sense of `getConvertedExpr`) corresponds to a
+   * `Conversion`, then the result is that `Conversion`'s non-`Conversion` base
+   * expression.
+   */
+  Expr getExpr(int indirectionIndex) { result = super.getExpr(indirectionIndex) }
+
+  /**
+   * Gets the expression corresponding to this node, if any. The returned
+   * expression may be a `Conversion`.
+   */
+  Expr getConvertedExpr(int indirectionIndex) { result = super.getConvertedExpr(indirectionIndex) }
+}
+
 /**
 * The value of a parameter at function entry, viewed as a node in a data
 * flow graph. This includes both explicit parameters such as `x` in `f(x)`
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/AllocMultiplicationOverflow/AllocMultiplicationOverflow.expected
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/AllocMultiplicationOverflow/AllocMultiplicationOverflow.expected
@@ -1,20 +1,20 @@
 edges
 | test.cpp:13:33:13:37 | ... * ... | test.cpp:13:33:13:37 | ... * ... |
-| test.cpp:15:31:15:35 | ... * ... | test.cpp:15:31:15:35 | (unsigned long)... |
+| test.cpp:15:31:15:35 | ... * ... | test.cpp:15:31:15:35 | ... * ... |
 | test.cpp:19:34:19:38 | ... * ... | test.cpp:19:34:19:38 | ... * ... |
-| test.cpp:22:17:22:21 | (size_t)... | test.cpp:23:33:23:37 | size1 |
+| test.cpp:22:17:22:21 | ... * ... | test.cpp:23:33:23:37 | size1 |
 | test.cpp:22:17:22:21 | ... * ... | test.cpp:23:33:23:37 | size1 |
 nodes
 | test.cpp:13:33:13:37 | ... * ... | semmle.label | ... * ... |
 | test.cpp:13:33:13:37 | ... * ... | semmle.label | ... * ... |
 | test.cpp:13:33:13:37 | ... * ... | semmle.label | ... * ... |
-| test.cpp:15:31:15:35 | (unsigned long)... | semmle.label | (unsigned long)... |
+| test.cpp:15:31:15:35 | ... * ... | semmle.label | ... * ... |
 | test.cpp:15:31:15:35 | ... * ... | semmle.label | ... * ... |
 | test.cpp:15:31:15:35 | ... * ... | semmle.label | ... * ... |
 | test.cpp:19:34:19:38 | ... * ... | semmle.label | ... * ... |
 | test.cpp:19:34:19:38 | ... * ... | semmle.label | ... * ... |
 | test.cpp:19:34:19:38 | ... * ... | semmle.label | ... * ... |
-| test.cpp:22:17:22:21 | (size_t)... | semmle.label | (size_t)... |
+| test.cpp:22:17:22:21 | ... * ... | semmle.label | ... * ... |
 | test.cpp:22:17:22:21 | ... * ... | semmle.label | ... * ... |
 | test.cpp:23:33:23:37 | size1 | semmle.label | size1 |
 | test.cpp:30:27:30:31 | ... * ... | semmle.label | ... * ... |
@@ -24,13 +24,13 @@ subpaths
 | test.cpp:13:33:13:37 | ... * ... | test.cpp:13:33:13:37 | ... * ... | test.cpp:13:33:13:37 | ... * ... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:13:33:13:37 | ... * ... | multiplication |
 | test.cpp:13:33:13:37 | ... * ... | test.cpp:13:33:13:37 | ... * ... | test.cpp:13:33:13:37 | ... * ... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:13:33:13:37 | ... * ... | multiplication |
 | test.cpp:13:33:13:37 | ... * ... | test.cpp:13:33:13:37 | ... * ... | test.cpp:13:33:13:37 | ... * ... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:13:33:13:37 | ... * ... | multiplication |
-| test.cpp:15:31:15:35 | (unsigned long)... | test.cpp:15:31:15:35 | (unsigned long)... | test.cpp:15:31:15:35 | (unsigned long)... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:15:31:15:35 | (unsigned long)... | multiplication |
-| test.cpp:15:31:15:35 | (unsigned long)... | test.cpp:15:31:15:35 | ... * ... | test.cpp:15:31:15:35 | (unsigned long)... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:15:31:15:35 | ... * ... | multiplication |
+| test.cpp:15:31:15:35 | ... * ... | test.cpp:15:31:15:35 | ... * ... | test.cpp:15:31:15:35 | ... * ... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:15:31:15:35 | ... * ... | multiplication |
+| test.cpp:15:31:15:35 | ... * ... | test.cpp:15:31:15:35 | ... * ... | test.cpp:15:31:15:35 | ... * ... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:15:31:15:35 | ... * ... | multiplication |
 | test.cpp:15:31:15:35 | ... * ... | test.cpp:15:31:15:35 | ... * ... | test.cpp:15:31:15:35 | ... * ... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:15:31:15:35 | ... * ... | multiplication |
 | test.cpp:19:34:19:38 | ... * ... | test.cpp:19:34:19:38 | ... * ... | test.cpp:19:34:19:38 | ... * ... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:19:34:19:38 | ... * ... | multiplication |
 | test.cpp:19:34:19:38 | ... * ... | test.cpp:19:34:19:38 | ... * ... | test.cpp:19:34:19:38 | ... * ... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:19:34:19:38 | ... * ... | multiplication |
 | test.cpp:19:34:19:38 | ... * ... | test.cpp:19:34:19:38 | ... * ... | test.cpp:19:34:19:38 | ... * ... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:19:34:19:38 | ... * ... | multiplication |
-| test.cpp:23:33:23:37 | size1 | test.cpp:22:17:22:21 | (size_t)... | test.cpp:23:33:23:37 | size1 | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:22:17:22:21 | (size_t)... | multiplication |
+| test.cpp:23:33:23:37 | size1 | test.cpp:22:17:22:21 | ... * ... | test.cpp:23:33:23:37 | size1 | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:22:17:22:21 | ... * ... | multiplication |
 | test.cpp:23:33:23:37 | size1 | test.cpp:22:17:22:21 | ... * ... | test.cpp:23:33:23:37 | size1 | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:22:17:22:21 | ... * ... | multiplication |
 | test.cpp:30:27:30:31 | ... * ... | test.cpp:30:27:30:31 | ... * ... | test.cpp:30:27:30:31 | ... * ... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:30:27:30:31 | ... * ... | multiplication |
 | test.cpp:31:27:31:31 | ... * ... | test.cpp:31:27:31:31 | ... * ... | test.cpp:31:27:31:31 | ... * ... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:31:27:31:31 | ... * ... | multiplication |
--- a/cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected
+++ b/cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected
--- a/cpp/ql/test/library-tests/dataflow/stackaddress/StackPointerFlowsToUse.ql
+++ b/cpp/ql/test/library-tests/dataflow/stackaddress/StackPointerFlowsToUse.ql
@@ -1,5 +1,5 @@
 import cpp
-import semmle.code.cpp.dataflow.old.StackAddress
+import semmle.code.cpp.dataflow.StackAddress

 from FunctionCall call, Expr use, Type useType, Expr source, boolean isLocal
 where
--- a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected
+++ b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected
--- a/cpp/ql/test/library-tests/syntax-zoo/dataflow-ir-consistency.expected
+++ b/cpp/ql/test/library-tests/syntax-zoo/dataflow-ir-consistency.expected
@@ -564,11 +564,17 @@ uniqueNodeToString
 | break_labels.c:2:11:2:11 | x | Node should have one toString but has 2. |
 | break_labels.c:2:11:2:11 | x | Node should have one toString but has 2. |
 | break_labels.c:4:9:4:9 | i | Node should have one toString but has 2. |
+| break_labels.c:4:9:4:9 | i indirection | Node should have one toString but has 2. |
 | break_labels.c:4:9:4:9 | x | Node should have one toString but has 2. |
+| break_labels.c:4:9:4:9 | x indirection | Node should have one toString but has 2. |
 | break_labels.c:6:16:6:16 | i | Node should have one toString but has 2. |
+| break_labels.c:6:16:6:16 | i indirection | Node should have one toString but has 2. |
 | break_labels.c:6:16:6:16 | x | Node should have one toString but has 2. |
+| break_labels.c:6:16:6:16 | x indirection | Node should have one toString but has 2. |
 | break_labels.c:7:17:7:17 | i | Node should have one toString but has 2. |
+| break_labels.c:7:17:7:17 | i indirection | Node should have one toString but has 2. |
 | break_labels.c:7:17:7:17 | x | Node should have one toString but has 2. |
+| break_labels.c:7:17:7:17 | x indirection | Node should have one toString but has 2. |
 | constructorinitializer.cpp:3:9:3:9 | i | Node should have one toString but has 2. |
 | constructorinitializer.cpp:3:9:3:9 | x | Node should have one toString but has 2. |
 | constructorinitializer.cpp:3:16:3:16 | j | Node should have one toString but has 2. |
@@ -578,9 +584,13 @@ uniqueNodeToString
 | duff.c:2:12:2:12 | x | Node should have one toString but has 2. |
 | duff.c:2:12:2:12 | x | Node should have one toString but has 2. |
 | duff.c:3:14:3:14 | i | Node should have one toString but has 2. |
+| duff.c:3:14:3:14 | i indirection | Node should have one toString but has 2. |
 | duff.c:3:14:3:14 | x | Node should have one toString but has 2. |
+| duff.c:3:14:3:14 | x indirection | Node should have one toString but has 2. |
 | duff.c:4:13:4:13 | i | Node should have one toString but has 2. |
+| duff.c:4:13:4:13 | i indirection | Node should have one toString but has 2. |
 | duff.c:4:13:4:13 | x | Node should have one toString but has 2. |
+| duff.c:4:13:4:13 | x indirection | Node should have one toString but has 2. |
 | newexpr.cpp:3:9:3:9 | i | Node should have one toString but has 2. |
 | newexpr.cpp:3:9:3:9 | x | Node should have one toString but has 2. |
 | newexpr.cpp:3:16:3:16 | j | Node should have one toString but has 2. |
@@ -590,13 +600,17 @@ uniqueNodeToString
 | nodefaultswitchstmt.c:1:12:1:12 | x | Node should have one toString but has 2. |
 | nodefaultswitchstmt.c:1:12:1:12 | x | Node should have one toString but has 2. |
 | nodefaultswitchstmt.c:2:14:2:14 | i | Node should have one toString but has 2. |
+| nodefaultswitchstmt.c:2:14:2:14 | i indirection | Node should have one toString but has 2. |
 | nodefaultswitchstmt.c:2:14:2:14 | x | Node should have one toString but has 2. |
+| nodefaultswitchstmt.c:2:14:2:14 | x indirection | Node should have one toString but has 2. |
 | switchstmt.c:1:12:1:12 | i | Node should have one toString but has 2. |
 | switchstmt.c:1:12:1:12 | i | Node should have one toString but has 2. |
 | switchstmt.c:1:12:1:12 | x | Node should have one toString but has 2. |
 | switchstmt.c:1:12:1:12 | x | Node should have one toString but has 2. |
 | switchstmt.c:2:14:2:14 | i | Node should have one toString but has 2. |
+| switchstmt.c:2:14:2:14 | i indirection | Node should have one toString but has 2. |
 | switchstmt.c:2:14:2:14 | x | Node should have one toString but has 2. |
+| switchstmt.c:2:14:2:14 | x indirection | Node should have one toString but has 2. |
 missingToString
 parameterCallable
 localFlowIsLocal
@@ -607,7 +621,7 @@ postIsNotPre
 postHasUniquePre
 uniquePostUpdate
 | cpp11.cpp:82:17:82:17 | this indirection | Node has multiple PostUpdateNodes. |
-| cpp11.cpp:82:17:82:55 | VariableAddress indirection | Node has multiple PostUpdateNodes. |
+| cpp11.cpp:82:17:82:55 | [...](...){...} indirection | Node has multiple PostUpdateNodes. |
 | ir.cpp:514:10:514:11 | VariableAddress indirection | Node has multiple PostUpdateNodes. |
 | ir.cpp:515:10:515:11 | VariableAddress indirection | Node has multiple PostUpdateNodes. |
 | ir.cpp:515:10:515:11 | VariableAddress indirection | Node has multiple PostUpdateNodes. |
--- a/Bugs/Conversion/CastArrayPointerArithmetic/CastArrayPointerArithmetic.expected
+++ b/Bugs/Conversion/CastArrayPointerArithmetic/CastArrayPointerArithmetic.expected
@@ -5,161 +5,161 @@ edges
 | test.cpp:38:35:38:35 | d | test.cpp:39:2:39:2 | d |
 | test.cpp:42:40:42:40 | d | test.cpp:43:2:43:2 | d |
 | test.cpp:46:37:46:37 | d | test.cpp:47:2:47:2 | d |
-| test.cpp:50:31:50:31 | b | test.cpp:51:3:51:11 | (char *)... |
+| test.cpp:50:31:50:31 | b | test.cpp:51:3:51:11 | b |
 | test.cpp:50:31:50:31 | b | test.cpp:51:11:51:11 | b |
-| test.cpp:57:19:57:19 | array to pointer conversion | test.cpp:57:19:57:19 | d |
-| test.cpp:57:19:57:19 | array to pointer conversion | test.cpp:58:25:58:25 | d |
-| test.cpp:57:19:57:19 | array to pointer conversion | test.cpp:59:21:59:21 | d |
-| test.cpp:57:19:57:19 | array to pointer conversion | test.cpp:61:22:61:22 | d |
-| test.cpp:57:19:57:19 | array to pointer conversion | test.cpp:62:28:62:28 | d |
-| test.cpp:57:19:57:19 | array to pointer conversion | test.cpp:63:24:63:24 | d |
-| test.cpp:57:19:57:19 | array to pointer conversion | test.cpp:95:21:95:21 | d |
 | test.cpp:57:19:57:19 | d | test.cpp:26:29:26:29 | b |
 | test.cpp:57:19:57:19 | d | test.cpp:57:19:57:19 | d |
+| test.cpp:57:19:57:19 | d | test.cpp:57:19:57:19 | d |
 | test.cpp:57:19:57:19 | d | test.cpp:58:25:58:25 | d |
 | test.cpp:57:19:57:19 | d | test.cpp:58:25:58:25 | d |
+| test.cpp:57:19:57:19 | d | test.cpp:58:25:58:25 | d |
+| test.cpp:57:19:57:19 | d | test.cpp:59:21:59:21 | d |
 | test.cpp:57:19:57:19 | d | test.cpp:59:21:59:21 | d |
 | test.cpp:57:19:57:19 | d | test.cpp:59:21:59:21 | d |
 | test.cpp:57:19:57:19 | d | test.cpp:61:22:61:22 | d |
 | test.cpp:57:19:57:19 | d | test.cpp:61:22:61:22 | d |
+| test.cpp:57:19:57:19 | d | test.cpp:61:22:61:22 | d |
+| test.cpp:57:19:57:19 | d | test.cpp:62:28:62:28 | d |
 | test.cpp:57:19:57:19 | d | test.cpp:62:28:62:28 | d |
 | test.cpp:57:19:57:19 | d | test.cpp:62:28:62:28 | d |
 | test.cpp:57:19:57:19 | d | test.cpp:63:24:63:24 | d |
 | test.cpp:57:19:57:19 | d | test.cpp:63:24:63:24 | d |
+| test.cpp:57:19:57:19 | d | test.cpp:63:24:63:24 | d |
+| test.cpp:57:19:57:19 | d | test.cpp:95:21:95:21 | d |
 | test.cpp:57:19:57:19 | d | test.cpp:95:21:95:21 | d |
 | test.cpp:57:19:57:19 | d | test.cpp:95:21:95:21 | d |
-| test.cpp:58:25:58:25 | array to pointer conversion | test.cpp:58:25:58:25 | d |
-| test.cpp:58:25:58:25 | array to pointer conversion | test.cpp:59:21:59:21 | d |
-| test.cpp:58:25:58:25 | array to pointer conversion | test.cpp:61:22:61:22 | d |
-| test.cpp:58:25:58:25 | array to pointer conversion | test.cpp:62:28:62:28 | d |
-| test.cpp:58:25:58:25 | array to pointer conversion | test.cpp:63:24:63:24 | d |
-| test.cpp:58:25:58:25 | array to pointer conversion | test.cpp:95:21:95:21 | d |
 | test.cpp:58:25:58:25 | d | test.cpp:30:34:30:34 | b |
 | test.cpp:58:25:58:25 | d | test.cpp:58:25:58:25 | d |
+| test.cpp:58:25:58:25 | d | test.cpp:58:25:58:25 | d |
 | test.cpp:58:25:58:25 | d | test.cpp:59:21:59:21 | d |
 | test.cpp:58:25:58:25 | d | test.cpp:59:21:59:21 | d |
+| test.cpp:58:25:58:25 | d | test.cpp:59:21:59:21 | d |
+| test.cpp:58:25:58:25 | d | test.cpp:61:22:61:22 | d |
 | test.cpp:58:25:58:25 | d | test.cpp:61:22:61:22 | d |
 | test.cpp:58:25:58:25 | d | test.cpp:61:22:61:22 | d |
 | test.cpp:58:25:58:25 | d | test.cpp:62:28:62:28 | d |
 | test.cpp:58:25:58:25 | d | test.cpp:62:28:62:28 | d |
+| test.cpp:58:25:58:25 | d | test.cpp:62:28:62:28 | d |
+| test.cpp:58:25:58:25 | d | test.cpp:63:24:63:24 | d |
 | test.cpp:58:25:58:25 | d | test.cpp:63:24:63:24 | d |
 | test.cpp:58:25:58:25 | d | test.cpp:63:24:63:24 | d |
 | test.cpp:58:25:58:25 | d | test.cpp:95:21:95:21 | d |
 | test.cpp:58:25:58:25 | d | test.cpp:95:21:95:21 | d |
-| test.cpp:59:21:59:21 | array to pointer conversion | test.cpp:59:21:59:21 | d |
-| test.cpp:59:21:59:21 | array to pointer conversion | test.cpp:61:22:61:22 | d |
-| test.cpp:59:21:59:21 | array to pointer conversion | test.cpp:62:28:62:28 | d |
-| test.cpp:59:21:59:21 | array to pointer conversion | test.cpp:63:24:63:24 | d |
-| test.cpp:59:21:59:21 | array to pointer conversion | test.cpp:95:21:95:21 | d |
+| test.cpp:58:25:58:25 | d | test.cpp:95:21:95:21 | d |
 | test.cpp:59:21:59:21 | d | test.cpp:34:31:34:31 | b |
 | test.cpp:59:21:59:21 | d | test.cpp:59:21:59:21 | d |
+| test.cpp:59:21:59:21 | d | test.cpp:59:21:59:21 | d |
 | test.cpp:59:21:59:21 | d | test.cpp:61:22:61:22 | d |
 | test.cpp:59:21:59:21 | d | test.cpp:61:22:61:22 | d |
+| test.cpp:59:21:59:21 | d | test.cpp:61:22:61:22 | d |
+| test.cpp:59:21:59:21 | d | test.cpp:62:28:62:28 | d |
 | test.cpp:59:21:59:21 | d | test.cpp:62:28:62:28 | d |
 | test.cpp:59:21:59:21 | d | test.cpp:62:28:62:28 | d |
 | test.cpp:59:21:59:21 | d | test.cpp:63:24:63:24 | d |
 | test.cpp:59:21:59:21 | d | test.cpp:63:24:63:24 | d |
+| test.cpp:59:21:59:21 | d | test.cpp:63:24:63:24 | d |
+| test.cpp:59:21:59:21 | d | test.cpp:95:21:95:21 | d |
 | test.cpp:59:21:59:21 | d | test.cpp:95:21:95:21 | d |
 | test.cpp:59:21:59:21 | d | test.cpp:95:21:95:21 | d |
 | test.cpp:61:22:61:22 | d | test.cpp:38:35:38:35 | d |
 | test.cpp:62:28:62:28 | d | test.cpp:42:40:42:40 | d |
 | test.cpp:63:24:63:24 | d | test.cpp:46:37:46:37 | d |
-| test.cpp:74:19:74:21 | array to pointer conversion | test.cpp:74:19:74:21 | dss |
-| test.cpp:74:19:74:21 | array to pointer conversion | test.cpp:75:25:75:27 | dss |
-| test.cpp:74:19:74:21 | array to pointer conversion | test.cpp:76:21:76:23 | dss |
-| test.cpp:74:19:74:21 | array to pointer conversion | test.cpp:96:21:96:23 | dss |
 | test.cpp:74:19:74:21 | dss | test.cpp:26:29:26:29 | b |
 | test.cpp:74:19:74:21 | dss | test.cpp:74:19:74:21 | dss |
+| test.cpp:74:19:74:21 | dss | test.cpp:74:19:74:21 | dss |
 | test.cpp:74:19:74:21 | dss | test.cpp:75:25:75:27 | dss |
 | test.cpp:74:19:74:21 | dss | test.cpp:75:25:75:27 | dss |
+| test.cpp:74:19:74:21 | dss | test.cpp:75:25:75:27 | dss |
+| test.cpp:74:19:74:21 | dss | test.cpp:76:21:76:23 | dss |
 | test.cpp:74:19:74:21 | dss | test.cpp:76:21:76:23 | dss |
 | test.cpp:74:19:74:21 | dss | test.cpp:76:21:76:23 | dss |
 | test.cpp:74:19:74:21 | dss | test.cpp:96:21:96:23 | dss |
 | test.cpp:74:19:74:21 | dss | test.cpp:96:21:96:23 | dss |
-| test.cpp:75:25:75:27 | array to pointer conversion | test.cpp:75:25:75:27 | dss |
-| test.cpp:75:25:75:27 | array to pointer conversion | test.cpp:76:21:76:23 | dss |
-| test.cpp:75:25:75:27 | array to pointer conversion | test.cpp:96:21:96:23 | dss |
+| test.cpp:74:19:74:21 | dss | test.cpp:96:21:96:23 | dss |
 | test.cpp:75:25:75:27 | dss | test.cpp:30:34:30:34 | b |
 | test.cpp:75:25:75:27 | dss | test.cpp:75:25:75:27 | dss |
+| test.cpp:75:25:75:27 | dss | test.cpp:75:25:75:27 | dss |
+| test.cpp:75:25:75:27 | dss | test.cpp:76:21:76:23 | dss |
 | test.cpp:75:25:75:27 | dss | test.cpp:76:21:76:23 | dss |
 | test.cpp:75:25:75:27 | dss | test.cpp:76:21:76:23 | dss |
 | test.cpp:75:25:75:27 | dss | test.cpp:96:21:96:23 | dss |
 | test.cpp:75:25:75:27 | dss | test.cpp:96:21:96:23 | dss |
-| test.cpp:76:21:76:23 | array to pointer conversion | test.cpp:76:21:76:23 | dss |
-| test.cpp:76:21:76:23 | array to pointer conversion | test.cpp:96:21:96:23 | dss |
+| test.cpp:75:25:75:27 | dss | test.cpp:96:21:96:23 | dss |
 | test.cpp:76:21:76:23 | dss | test.cpp:34:31:34:31 | b |
 | test.cpp:76:21:76:23 | dss | test.cpp:76:21:76:23 | dss |
+| test.cpp:76:21:76:23 | dss | test.cpp:76:21:76:23 | dss |
+| test.cpp:76:21:76:23 | dss | test.cpp:96:21:96:23 | dss |
 | test.cpp:76:21:76:23 | dss | test.cpp:96:21:96:23 | dss |
 | test.cpp:76:21:76:23 | dss | test.cpp:96:21:96:23 | dss |
-| test.cpp:86:19:86:20 | (Derived *)... | test.cpp:86:19:86:20 | d2 |
-| test.cpp:86:19:86:20 | (Derived *)... | test.cpp:87:25:87:26 | d2 |
-| test.cpp:86:19:86:20 | (Derived *)... | test.cpp:88:21:88:22 | d2 |
-| test.cpp:86:19:86:20 | (Derived *)... | test.cpp:90:22:90:23 | d2 |
-| test.cpp:86:19:86:20 | (Derived *)... | test.cpp:91:28:91:29 | d2 |
-| test.cpp:86:19:86:20 | (Derived *)... | test.cpp:92:24:92:25 | d2 |
-| test.cpp:86:19:86:20 | array to pointer conversion | test.cpp:86:19:86:20 | d2 |
-| test.cpp:86:19:86:20 | array to pointer conversion | test.cpp:87:25:87:26 | d2 |
-| test.cpp:86:19:86:20 | array to pointer conversion | test.cpp:88:21:88:22 | d2 |
-| test.cpp:86:19:86:20 | array to pointer conversion | test.cpp:90:22:90:23 | d2 |
-| test.cpp:86:19:86:20 | array to pointer conversion | test.cpp:91:28:91:29 | d2 |
-| test.cpp:86:19:86:20 | array to pointer conversion | test.cpp:92:24:92:25 | d2 |
 | test.cpp:86:19:86:20 | d2 | test.cpp:26:29:26:29 | b |
 | test.cpp:86:19:86:20 | d2 | test.cpp:86:19:86:20 | d2 |
+| test.cpp:86:19:86:20 | d2 | test.cpp:86:19:86:20 | d2 |
+| test.cpp:86:19:86:20 | d2 | test.cpp:86:19:86:20 | d2 |
 | test.cpp:86:19:86:20 | d2 | test.cpp:87:25:87:26 | d2 |
 | test.cpp:86:19:86:20 | d2 | test.cpp:87:25:87:26 | d2 |
+| test.cpp:86:19:86:20 | d2 | test.cpp:87:25:87:26 | d2 |
+| test.cpp:86:19:86:20 | d2 | test.cpp:87:25:87:26 | d2 |
+| test.cpp:86:19:86:20 | d2 | test.cpp:88:21:88:22 | d2 |
+| test.cpp:86:19:86:20 | d2 | test.cpp:88:21:88:22 | d2 |
 | test.cpp:86:19:86:20 | d2 | test.cpp:88:21:88:22 | d2 |
 | test.cpp:86:19:86:20 | d2 | test.cpp:88:21:88:22 | d2 |
 | test.cpp:86:19:86:20 | d2 | test.cpp:90:22:90:23 | d2 |
 | test.cpp:86:19:86:20 | d2 | test.cpp:90:22:90:23 | d2 |
+| test.cpp:86:19:86:20 | d2 | test.cpp:90:22:90:23 | d2 |
+| test.cpp:86:19:86:20 | d2 | test.cpp:90:22:90:23 | d2 |
+| test.cpp:86:19:86:20 | d2 | test.cpp:91:28:91:29 | d2 |
+| test.cpp:86:19:86:20 | d2 | test.cpp:91:28:91:29 | d2 |
 | test.cpp:86:19:86:20 | d2 | test.cpp:91:28:91:29 | d2 |
 | test.cpp:86:19:86:20 | d2 | test.cpp:91:28:91:29 | d2 |
 | test.cpp:86:19:86:20 | d2 | test.cpp:92:24:92:25 | d2 |
 | test.cpp:86:19:86:20 | d2 | test.cpp:92:24:92:25 | d2 |
-| test.cpp:87:25:87:26 | (Derived *)... | test.cpp:87:25:87:26 | d2 |
-| test.cpp:87:25:87:26 | (Derived *)... | test.cpp:88:21:88:22 | d2 |
-| test.cpp:87:25:87:26 | (Derived *)... | test.cpp:90:22:90:23 | d2 |
-| test.cpp:87:25:87:26 | (Derived *)... | test.cpp:91:28:91:29 | d2 |
-| test.cpp:87:25:87:26 | (Derived *)... | test.cpp:92:24:92:25 | d2 |
-| test.cpp:87:25:87:26 | array to pointer conversion | test.cpp:87:25:87:26 | d2 |
-| test.cpp:87:25:87:26 | array to pointer conversion | test.cpp:88:21:88:22 | d2 |
-| test.cpp:87:25:87:26 | array to pointer conversion | test.cpp:90:22:90:23 | d2 |
-| test.cpp:87:25:87:26 | array to pointer conversion | test.cpp:91:28:91:29 | d2 |
-| test.cpp:87:25:87:26 | array to pointer conversion | test.cpp:92:24:92:25 | d2 |
+| test.cpp:86:19:86:20 | d2 | test.cpp:92:24:92:25 | d2 |
+| test.cpp:86:19:86:20 | d2 | test.cpp:92:24:92:25 | d2 |
 | test.cpp:87:25:87:26 | d2 | test.cpp:30:34:30:34 | b |
 | test.cpp:87:25:87:26 | d2 | test.cpp:87:25:87:26 | d2 |
+| test.cpp:87:25:87:26 | d2 | test.cpp:87:25:87:26 | d2 |
+| test.cpp:87:25:87:26 | d2 | test.cpp:87:25:87:26 | d2 |
 | test.cpp:87:25:87:26 | d2 | test.cpp:88:21:88:22 | d2 |
 | test.cpp:87:25:87:26 | d2 | test.cpp:88:21:88:22 | d2 |
+| test.cpp:87:25:87:26 | d2 | test.cpp:88:21:88:22 | d2 |
+| test.cpp:87:25:87:26 | d2 | test.cpp:88:21:88:22 | d2 |
+| test.cpp:87:25:87:26 | d2 | test.cpp:90:22:90:23 | d2 |
+| test.cpp:87:25:87:26 | d2 | test.cpp:90:22:90:23 | d2 |
 | test.cpp:87:25:87:26 | d2 | test.cpp:90:22:90:23 | d2 |
 | test.cpp:87:25:87:26 | d2 | test.cpp:90:22:90:23 | d2 |
 | test.cpp:87:25:87:26 | d2 | test.cpp:91:28:91:29 | d2 |
 | test.cpp:87:25:87:26 | d2 | test.cpp:91:28:91:29 | d2 |
+| test.cpp:87:25:87:26 | d2 | test.cpp:91:28:91:29 | d2 |
+| test.cpp:87:25:87:26 | d2 | test.cpp:91:28:91:29 | d2 |
+| test.cpp:87:25:87:26 | d2 | test.cpp:92:24:92:25 | d2 |
+| test.cpp:87:25:87:26 | d2 | test.cpp:92:24:92:25 | d2 |
 | test.cpp:87:25:87:26 | d2 | test.cpp:92:24:92:25 | d2 |
 | test.cpp:87:25:87:26 | d2 | test.cpp:92:24:92:25 | d2 |
-| test.cpp:88:21:88:22 | (Derived *)... | test.cpp:88:21:88:22 | d2 |
-| test.cpp:88:21:88:22 | (Derived *)... | test.cpp:90:22:90:23 | d2 |
-| test.cpp:88:21:88:22 | (Derived *)... | test.cpp:91:28:91:29 | d2 |
-| test.cpp:88:21:88:22 | (Derived *)... | test.cpp:92:24:92:25 | d2 |
-| test.cpp:88:21:88:22 | array to pointer conversion | test.cpp:88:21:88:22 | d2 |
-| test.cpp:88:21:88:22 | array to pointer conversion | test.cpp:90:22:90:23 | d2 |
-| test.cpp:88:21:88:22 | array to pointer conversion | test.cpp:91:28:91:29 | d2 |
-| test.cpp:88:21:88:22 | array to pointer conversion | test.cpp:92:24:92:25 | d2 |
 | test.cpp:88:21:88:22 | d2 | test.cpp:34:31:34:31 | b |
 | test.cpp:88:21:88:22 | d2 | test.cpp:88:21:88:22 | d2 |
+| test.cpp:88:21:88:22 | d2 | test.cpp:88:21:88:22 | d2 |
+| test.cpp:88:21:88:22 | d2 | test.cpp:88:21:88:22 | d2 |
+| test.cpp:88:21:88:22 | d2 | test.cpp:90:22:90:23 | d2 |
+| test.cpp:88:21:88:22 | d2 | test.cpp:90:22:90:23 | d2 |
 | test.cpp:88:21:88:22 | d2 | test.cpp:90:22:90:23 | d2 |
 | test.cpp:88:21:88:22 | d2 | test.cpp:90:22:90:23 | d2 |
 | test.cpp:88:21:88:22 | d2 | test.cpp:91:28:91:29 | d2 |
 | test.cpp:88:21:88:22 | d2 | test.cpp:91:28:91:29 | d2 |
+| test.cpp:88:21:88:22 | d2 | test.cpp:91:28:91:29 | d2 |
+| test.cpp:88:21:88:22 | d2 | test.cpp:91:28:91:29 | d2 |
+| test.cpp:88:21:88:22 | d2 | test.cpp:92:24:92:25 | d2 |
+| test.cpp:88:21:88:22 | d2 | test.cpp:92:24:92:25 | d2 |
 | test.cpp:88:21:88:22 | d2 | test.cpp:92:24:92:25 | d2 |
 | test.cpp:88:21:88:22 | d2 | test.cpp:92:24:92:25 | d2 |
 | test.cpp:90:22:90:23 | d2 | test.cpp:38:35:38:35 | d |
 | test.cpp:91:28:91:29 | d2 | test.cpp:42:40:42:40 | d |
 | test.cpp:92:24:92:25 | d2 | test.cpp:46:37:46:37 | d |
-| test.cpp:95:21:95:21 | array to pointer conversion | test.cpp:95:21:95:21 | d |
 | test.cpp:95:21:95:21 | d | test.cpp:50:31:50:31 | b |
 | test.cpp:95:21:95:21 | d | test.cpp:95:21:95:21 | d |
-| test.cpp:96:21:96:23 | array to pointer conversion | test.cpp:96:21:96:23 | dss |
+| test.cpp:95:21:95:21 | d | test.cpp:95:21:95:21 | d |
 | test.cpp:96:21:96:23 | dss | test.cpp:50:31:50:31 | b |
 | test.cpp:96:21:96:23 | dss | test.cpp:96:21:96:23 | dss |
+| test.cpp:96:21:96:23 | dss | test.cpp:96:21:96:23 | dss |
 nodes
 | test.cpp:26:29:26:29 | b | semmle.label | b |
 | test.cpp:27:2:27:2 | b | semmle.label | b |
@@ -174,109 +174,109 @@ nodes
 | test.cpp:46:37:46:37 | d | semmle.label | d |
 | test.cpp:47:2:47:2 | d | semmle.label | d |
 | test.cpp:50:31:50:31 | b | semmle.label | b |
-| test.cpp:51:3:51:11 | (char *)... | semmle.label | (char *)... |
+| test.cpp:51:3:51:11 | b | semmle.label | b |
 | test.cpp:51:11:51:11 | b | semmle.label | b |
-| test.cpp:57:19:57:19 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test.cpp:57:19:57:19 | d | semmle.label | d |
 | test.cpp:57:19:57:19 | d | semmle.label | d |
-| test.cpp:58:25:58:25 | array to pointer conversion | semmle.label | array to pointer conversion |
+| test.cpp:57:19:57:19 | d | semmle.label | d |
 | test.cpp:58:25:58:25 | d | semmle.label | d |
 | test.cpp:58:25:58:25 | d | semmle.label | d |
-| test.cpp:59:21:59:21 | array to pointer conversion | semmle.label | array to pointer conversion |
+| test.cpp:58:25:58:25 | d | semmle.label | d |
+| test.cpp:59:21:59:21 | d | semmle.label | d |
 | test.cpp:59:21:59:21 | d | semmle.label | d |
 | test.cpp:59:21:59:21 | d | semmle.label | d |
 | test.cpp:61:22:61:22 | d | semmle.label | d |
 | test.cpp:62:28:62:28 | d | semmle.label | d |
 | test.cpp:63:24:63:24 | d | semmle.label | d |
-| test.cpp:74:19:74:21 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test.cpp:74:19:74:21 | dss | semmle.label | dss |
 | test.cpp:74:19:74:21 | dss | semmle.label | dss |
-| test.cpp:75:25:75:27 | array to pointer conversion | semmle.label | array to pointer conversion |
+| test.cpp:74:19:74:21 | dss | semmle.label | dss |
+| test.cpp:75:25:75:27 | dss | semmle.label | dss |
 | test.cpp:75:25:75:27 | dss | semmle.label | dss |
 | test.cpp:75:25:75:27 | dss | semmle.label | dss |
-| test.cpp:76:21:76:23 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test.cpp:76:21:76:23 | dss | semmle.label | dss |
 | test.cpp:76:21:76:23 | dss | semmle.label | dss |
-| test.cpp:86:19:86:20 | (Derived *)... | semmle.label | (Derived *)... |
-| test.cpp:86:19:86:20 | array to pointer conversion | semmle.label | array to pointer conversion |
+| test.cpp:76:21:76:23 | dss | semmle.label | dss |
+| test.cpp:86:19:86:20 | d2 | semmle.label | d2 |
+| test.cpp:86:19:86:20 | d2 | semmle.label | d2 |
 | test.cpp:86:19:86:20 | d2 | semmle.label | d2 |
 | test.cpp:86:19:86:20 | d2 | semmle.label | d2 |
-| test.cpp:87:25:87:26 | (Derived *)... | semmle.label | (Derived *)... |
-| test.cpp:87:25:87:26 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test.cpp:87:25:87:26 | d2 | semmle.label | d2 |
 | test.cpp:87:25:87:26 | d2 | semmle.label | d2 |
-| test.cpp:88:21:88:22 | (Derived *)... | semmle.label | (Derived *)... |
-| test.cpp:88:21:88:22 | array to pointer conversion | semmle.label | array to pointer conversion |
+| test.cpp:87:25:87:26 | d2 | semmle.label | d2 |
+| test.cpp:87:25:87:26 | d2 | semmle.label | d2 |
+| test.cpp:88:21:88:22 | d2 | semmle.label | d2 |
+| test.cpp:88:21:88:22 | d2 | semmle.label | d2 |
 | test.cpp:88:21:88:22 | d2 | semmle.label | d2 |
 | test.cpp:88:21:88:22 | d2 | semmle.label | d2 |
 | test.cpp:90:22:90:23 | d2 | semmle.label | d2 |
 | test.cpp:91:28:91:29 | d2 | semmle.label | d2 |
 | test.cpp:92:24:92:25 | d2 | semmle.label | d2 |
-| test.cpp:95:21:95:21 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test.cpp:95:21:95:21 | d | semmle.label | d |
 | test.cpp:95:21:95:21 | d | semmle.label | d |
-| test.cpp:96:21:96:23 | array to pointer conversion | semmle.label | array to pointer conversion |
+| test.cpp:95:21:95:21 | d | semmle.label | d |
+| test.cpp:96:21:96:23 | dss | semmle.label | dss |
 | test.cpp:96:21:96:23 | dss | semmle.label | dss |
 | test.cpp:96:21:96:23 | dss | semmle.label | dss |
 subpaths
 #select
-| test.cpp:27:2:27:2 | b | test.cpp:57:19:57:19 | array to pointer conversion | test.cpp:27:2:27:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:57:19:57:19 | array to pointer conversion | this cast |
 | test.cpp:27:2:27:2 | b | test.cpp:57:19:57:19 | d | test.cpp:27:2:27:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:57:19:57:19 | d | this cast |
 | test.cpp:27:2:27:2 | b | test.cpp:57:19:57:19 | d | test.cpp:27:2:27:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:57:19:57:19 | d | this cast |
-| test.cpp:27:2:27:2 | b | test.cpp:74:19:74:21 | array to pointer conversion | test.cpp:27:2:27:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:74:19:74:21 | array to pointer conversion | this cast |
+| test.cpp:27:2:27:2 | b | test.cpp:57:19:57:19 | d | test.cpp:27:2:27:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:57:19:57:19 | d | this cast |
+| test.cpp:27:2:27:2 | b | test.cpp:74:19:74:21 | dss | test.cpp:27:2:27:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:74:19:74:21 | dss | this cast |
 | test.cpp:27:2:27:2 | b | test.cpp:74:19:74:21 | dss | test.cpp:27:2:27:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:74:19:74:21 | dss | this cast |
 | test.cpp:27:2:27:2 | b | test.cpp:74:19:74:21 | dss | test.cpp:27:2:27:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:74:19:74:21 | dss | this cast |
-| test.cpp:27:2:27:2 | b | test.cpp:86:19:86:20 | (Derived *)... | test.cpp:27:2:27:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:86:19:86:20 | (Derived *)... | this cast |
-| test.cpp:27:2:27:2 | b | test.cpp:86:19:86:20 | array to pointer conversion | test.cpp:27:2:27:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:86:19:86:20 | array to pointer conversion | this cast |
 | test.cpp:27:2:27:2 | b | test.cpp:86:19:86:20 | d2 | test.cpp:27:2:27:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:86:19:86:20 | d2 | this cast |
 | test.cpp:27:2:27:2 | b | test.cpp:86:19:86:20 | d2 | test.cpp:27:2:27:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:86:19:86:20 | d2 | this cast |
-| test.cpp:31:2:31:2 | b | test.cpp:57:19:57:19 | array to pointer conversion | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:57:19:57:19 | array to pointer conversion | this cast |
+| test.cpp:27:2:27:2 | b | test.cpp:86:19:86:20 | d2 | test.cpp:27:2:27:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:86:19:86:20 | d2 | this cast |
+| test.cpp:27:2:27:2 | b | test.cpp:86:19:86:20 | d2 | test.cpp:27:2:27:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:86:19:86:20 | d2 | this cast |
+| test.cpp:31:2:31:2 | b | test.cpp:57:19:57:19 | d | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:57:19:57:19 | d | this cast |
 | test.cpp:31:2:31:2 | b | test.cpp:57:19:57:19 | d | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:57:19:57:19 | d | this cast |
 | test.cpp:31:2:31:2 | b | test.cpp:57:19:57:19 | d | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:57:19:57:19 | d | this cast |
-| test.cpp:31:2:31:2 | b | test.cpp:58:25:58:25 | array to pointer conversion | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:58:25:58:25 | array to pointer conversion | this cast |
 | test.cpp:31:2:31:2 | b | test.cpp:58:25:58:25 | d | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:58:25:58:25 | d | this cast |
 | test.cpp:31:2:31:2 | b | test.cpp:58:25:58:25 | d | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:58:25:58:25 | d | this cast |
-| test.cpp:31:2:31:2 | b | test.cpp:74:19:74:21 | array to pointer conversion | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:74:19:74:21 | array to pointer conversion | this cast |
+| test.cpp:31:2:31:2 | b | test.cpp:58:25:58:25 | d | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:58:25:58:25 | d | this cast |
+| test.cpp:31:2:31:2 | b | test.cpp:74:19:74:21 | dss | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:74:19:74:21 | dss | this cast |
 | test.cpp:31:2:31:2 | b | test.cpp:74:19:74:21 | dss | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:74:19:74:21 | dss | this cast |
 | test.cpp:31:2:31:2 | b | test.cpp:74:19:74:21 | dss | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:74:19:74:21 | dss | this cast |
-| test.cpp:31:2:31:2 | b | test.cpp:75:25:75:27 | array to pointer conversion | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:75:25:75:27 | array to pointer conversion | this cast |
 | test.cpp:31:2:31:2 | b | test.cpp:75:25:75:27 | dss | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:75:25:75:27 | dss | this cast |
 | test.cpp:31:2:31:2 | b | test.cpp:75:25:75:27 | dss | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:75:25:75:27 | dss | this cast |
-| test.cpp:31:2:31:2 | b | test.cpp:86:19:86:20 | (Derived *)... | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:86:19:86:20 | (Derived *)... | this cast |
-| test.cpp:31:2:31:2 | b | test.cpp:86:19:86:20 | array to pointer conversion | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:86:19:86:20 | array to pointer conversion | this cast |
+| test.cpp:31:2:31:2 | b | test.cpp:75:25:75:27 | dss | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:75:25:75:27 | dss | this cast |
+| test.cpp:31:2:31:2 | b | test.cpp:86:19:86:20 | d2 | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:86:19:86:20 | d2 | this cast |
+| test.cpp:31:2:31:2 | b | test.cpp:86:19:86:20 | d2 | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:86:19:86:20 | d2 | this cast |
 | test.cpp:31:2:31:2 | b | test.cpp:86:19:86:20 | d2 | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:86:19:86:20 | d2 | this cast |
 | test.cpp:31:2:31:2 | b | test.cpp:86:19:86:20 | d2 | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:86:19:86:20 | d2 | this cast |
-| test.cpp:31:2:31:2 | b | test.cpp:87:25:87:26 | (Derived *)... | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:87:25:87:26 | (Derived *)... | this cast |
-| test.cpp:31:2:31:2 | b | test.cpp:87:25:87:26 | array to pointer conversion | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:87:25:87:26 | array to pointer conversion | this cast |
 | test.cpp:31:2:31:2 | b | test.cpp:87:25:87:26 | d2 | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:87:25:87:26 | d2 | this cast |
 | test.cpp:31:2:31:2 | b | test.cpp:87:25:87:26 | d2 | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:87:25:87:26 | d2 | this cast |
-| test.cpp:35:2:35:2 | b | test.cpp:57:19:57:19 | array to pointer conversion | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:57:19:57:19 | array to pointer conversion | this cast |
+| test.cpp:31:2:31:2 | b | test.cpp:87:25:87:26 | d2 | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:87:25:87:26 | d2 | this cast |
+| test.cpp:31:2:31:2 | b | test.cpp:87:25:87:26 | d2 | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:87:25:87:26 | d2 | this cast |
+| test.cpp:35:2:35:2 | b | test.cpp:57:19:57:19 | d | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:57:19:57:19 | d | this cast |
 | test.cpp:35:2:35:2 | b | test.cpp:57:19:57:19 | d | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:57:19:57:19 | d | this cast |
 | test.cpp:35:2:35:2 | b | test.cpp:57:19:57:19 | d | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:57:19:57:19 | d | this cast |
-| test.cpp:35:2:35:2 | b | test.cpp:58:25:58:25 | array to pointer conversion | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:58:25:58:25 | array to pointer conversion | this cast |
 | test.cpp:35:2:35:2 | b | test.cpp:58:25:58:25 | d | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:58:25:58:25 | d | this cast |
 | test.cpp:35:2:35:2 | b | test.cpp:58:25:58:25 | d | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:58:25:58:25 | d | this cast |
-| test.cpp:35:2:35:2 | b | test.cpp:59:21:59:21 | array to pointer conversion | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:59:21:59:21 | array to pointer conversion | this cast |
+| test.cpp:35:2:35:2 | b | test.cpp:58:25:58:25 | d | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:58:25:58:25 | d | this cast |
+| test.cpp:35:2:35:2 | b | test.cpp:59:21:59:21 | d | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:59:21:59:21 | d | this cast |
 | test.cpp:35:2:35:2 | b | test.cpp:59:21:59:21 | d | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:59:21:59:21 | d | this cast |
 | test.cpp:35:2:35:2 | b | test.cpp:59:21:59:21 | d | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:59:21:59:21 | d | this cast |
-| test.cpp:35:2:35:2 | b | test.cpp:74:19:74:21 | array to pointer conversion | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:74:19:74:21 | array to pointer conversion | this cast |
 | test.cpp:35:2:35:2 | b | test.cpp:74:19:74:21 | dss | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:74:19:74:21 | dss | this cast |
 | test.cpp:35:2:35:2 | b | test.cpp:74:19:74:21 | dss | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:74:19:74:21 | dss | this cast |
-| test.cpp:35:2:35:2 | b | test.cpp:75:25:75:27 | array to pointer conversion | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:75:25:75:27 | array to pointer conversion | this cast |
+| test.cpp:35:2:35:2 | b | test.cpp:74:19:74:21 | dss | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:74:19:74:21 | dss | this cast |
+| test.cpp:35:2:35:2 | b | test.cpp:75:25:75:27 | dss | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:75:25:75:27 | dss | this cast |
 | test.cpp:35:2:35:2 | b | test.cpp:75:25:75:27 | dss | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:75:25:75:27 | dss | this cast |
 | test.cpp:35:2:35:2 | b | test.cpp:75:25:75:27 | dss | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:75:25:75:27 | dss | this cast |
-| test.cpp:35:2:35:2 | b | test.cpp:76:21:76:23 | array to pointer conversion | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:76:21:76:23 | array to pointer conversion | this cast |
 | test.cpp:35:2:35:2 | b | test.cpp:76:21:76:23 | dss | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:76:21:76:23 | dss | this cast |
 | test.cpp:35:2:35:2 | b | test.cpp:76:21:76:23 | dss | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:76:21:76:23 | dss | this cast |
-| test.cpp:35:2:35:2 | b | test.cpp:86:19:86:20 | (Derived *)... | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:86:19:86:20 | (Derived *)... | this cast |
-| test.cpp:35:2:35:2 | b | test.cpp:86:19:86:20 | array to pointer conversion | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:86:19:86:20 | array to pointer conversion | this cast |
+| test.cpp:35:2:35:2 | b | test.cpp:76:21:76:23 | dss | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:76:21:76:23 | dss | this cast |
+| test.cpp:35:2:35:2 | b | test.cpp:86:19:86:20 | d2 | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:86:19:86:20 | d2 | this cast |
+| test.cpp:35:2:35:2 | b | test.cpp:86:19:86:20 | d2 | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:86:19:86:20 | d2 | this cast |
 | test.cpp:35:2:35:2 | b | test.cpp:86:19:86:20 | d2 | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:86:19:86:20 | d2 | this cast |
 | test.cpp:35:2:35:2 | b | test.cpp:86:19:86:20 | d2 | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:86:19:86:20 | d2 | this cast |
-| test.cpp:35:2:35:2 | b | test.cpp:87:25:87:26 | (Derived *)... | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:87:25:87:26 | (Derived *)... | this cast |
-| test.cpp:35:2:35:2 | b | test.cpp:87:25:87:26 | array to pointer conversion | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:87:25:87:26 | array to pointer conversion | this cast |
 | test.cpp:35:2:35:2 | b | test.cpp:87:25:87:26 | d2 | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:87:25:87:26 | d2 | this cast |
 | test.cpp:35:2:35:2 | b | test.cpp:87:25:87:26 | d2 | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:87:25:87:26 | d2 | this cast |
-| test.cpp:35:2:35:2 | b | test.cpp:88:21:88:22 | (Derived *)... | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:88:21:88:22 | (Derived *)... | this cast |
-| test.cpp:35:2:35:2 | b | test.cpp:88:21:88:22 | array to pointer conversion | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:88:21:88:22 | array to pointer conversion | this cast |
+| test.cpp:35:2:35:2 | b | test.cpp:87:25:87:26 | d2 | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:87:25:87:26 | d2 | this cast |
+| test.cpp:35:2:35:2 | b | test.cpp:87:25:87:26 | d2 | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:87:25:87:26 | d2 | this cast |
+| test.cpp:35:2:35:2 | b | test.cpp:88:21:88:22 | d2 | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:88:21:88:22 | d2 | this cast |
+| test.cpp:35:2:35:2 | b | test.cpp:88:21:88:22 | d2 | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:88:21:88:22 | d2 | this cast |
 | test.cpp:35:2:35:2 | b | test.cpp:88:21:88:22 | d2 | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:88:21:88:22 | d2 | this cast |
 | test.cpp:35:2:35:2 | b | test.cpp:88:21:88:22 | d2 | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:88:21:88:22 | d2 | this cast |
--- a/Management/NtohlArrayNoBound/NtohlArrayNoBound.expected
+++ b/Management/NtohlArrayNoBound/NtohlArrayNoBound.expected
@@ -2,16 +2,16 @@
 | test.cpp:12:25:12:34 | call to ntohl | Unchecked use of data from network function $@. | test.cpp:12:25:12:29 | call to ntohl | call to ntohl |
 | test.cpp:12:25:12:34 | call to ntohl | Unchecked use of data from network function $@. | test.cpp:12:25:12:34 | call to ntohl | call to ntohl |
 | test.cpp:21:26:21:29 | len2 | Unchecked use of data from network function $@. | test.cpp:10:16:10:20 | call to ntohl | call to ntohl |
-| test.cpp:21:26:21:29 | len2 | Unchecked use of data from network function $@. | test.cpp:10:16:10:25 | (size_t)... | (size_t)... |
+| test.cpp:21:26:21:29 | len2 | Unchecked use of data from network function $@. | test.cpp:10:16:10:25 | call to ntohl | call to ntohl |
 | test.cpp:31:26:31:29 | len2 | Unchecked use of data from network function $@. | test.cpp:10:16:10:20 | call to ntohl | call to ntohl |
-| test.cpp:31:26:31:29 | len2 | Unchecked use of data from network function $@. | test.cpp:10:16:10:25 | (size_t)... | (size_t)... |
+| test.cpp:31:26:31:29 | len2 | Unchecked use of data from network function $@. | test.cpp:10:16:10:25 | call to ntohl | call to ntohl |
 | test.cpp:61:26:61:29 | len2 | Unchecked use of data from network function $@. | test.cpp:10:16:10:20 | call to ntohl | call to ntohl |
-| test.cpp:61:26:61:29 | len2 | Unchecked use of data from network function $@. | test.cpp:10:16:10:25 | (size_t)... | (size_t)... |
+| test.cpp:61:26:61:29 | len2 | Unchecked use of data from network function $@. | test.cpp:10:16:10:25 | call to ntohl | call to ntohl |
 | test.cpp:64:9:64:12 | len2 | Unchecked use of data from network function $@. | test.cpp:10:16:10:20 | call to ntohl | call to ntohl |
-| test.cpp:64:9:64:12 | len2 | Unchecked use of data from network function $@. | test.cpp:10:16:10:25 | (size_t)... | (size_t)... |
+| test.cpp:64:9:64:12 | len2 | Unchecked use of data from network function $@. | test.cpp:10:16:10:25 | call to ntohl | call to ntohl |
 | test.cpp:73:10:73:13 | lens | Unchecked use of data from network function $@. | test.cpp:10:16:10:20 | call to ntohl | call to ntohl |
-| test.cpp:73:10:73:13 | lens | Unchecked use of data from network function $@. | test.cpp:10:16:10:25 | (size_t)... | (size_t)... |
+| test.cpp:73:10:73:13 | lens | Unchecked use of data from network function $@. | test.cpp:10:16:10:25 | call to ntohl | call to ntohl |
 | test.cpp:86:10:86:13 | len3 | Unchecked use of data from network function $@. | test.cpp:85:10:85:14 | call to ntohl | call to ntohl |
-| test.cpp:86:10:86:13 | len3 | Unchecked use of data from network function $@. | test.cpp:85:10:85:19 | (size_t)... | (size_t)... |
+| test.cpp:86:10:86:13 | len3 | Unchecked use of data from network function $@. | test.cpp:85:10:85:19 | call to ntohl | call to ntohl |
 | test.cpp:94:9:94:11 | len | Unchecked use of data from network function $@. | test.cpp:99:8:99:12 | call to ntohl | call to ntohl |
 | test.cpp:94:9:94:11 | len | Unchecked use of data from network function $@. | test.cpp:99:8:99:17 | call to ntohl | call to ntohl |
--- a/Management/ReturnStackAllocatedMemory/ReturnStackAllocatedMemory.expected
+++ b/Management/ReturnStackAllocatedMemory/ReturnStackAllocatedMemory.expected
@@ -2,22 +2,22 @@ edges
 | test.cpp:17:9:17:11 | & ... | test.cpp:17:9:17:11 | StoreValue |
 | test.cpp:17:10:17:11 | Unary | test.cpp:17:9:17:11 | & ... |
 | test.cpp:17:10:17:11 | mc | test.cpp:17:10:17:11 | Unary |
-| test.cpp:47:9:47:10 | (reference to) | test.cpp:47:9:47:10 | StoreValue |
-| test.cpp:47:9:47:10 | Unary | test.cpp:47:9:47:10 | (reference to) |
+| test.cpp:47:9:47:10 | Unary | test.cpp:47:9:47:10 | mc |
+| test.cpp:47:9:47:10 | mc | test.cpp:47:9:47:10 | StoreValue |
 | test.cpp:47:9:47:10 | mc | test.cpp:47:9:47:10 | Unary |
 | test.cpp:54:9:54:15 | & ... | test.cpp:54:9:54:15 | StoreValue |
 | test.cpp:54:11:54:12 | Unary | test.cpp:54:14:54:14 | a |
 | test.cpp:54:11:54:12 | mc | test.cpp:54:11:54:12 | Unary |
 | test.cpp:54:14:54:14 | Unary | test.cpp:54:9:54:15 | & ... |
 | test.cpp:54:14:54:14 | a | test.cpp:54:14:54:14 | Unary |
-| test.cpp:112:9:112:11 | Unary | test.cpp:112:9:112:11 | array to pointer conversion |
+| test.cpp:112:9:112:11 | Unary | test.cpp:112:9:112:11 | arr |
+| test.cpp:112:9:112:11 | arr | test.cpp:112:9:112:11 | StoreValue |
 | test.cpp:112:9:112:11 | arr | test.cpp:112:9:112:11 | Unary |
-| test.cpp:112:9:112:11 | array to pointer conversion | test.cpp:112:9:112:11 | StoreValue |
 | test.cpp:119:9:119:18 | & ... | test.cpp:119:9:119:18 | StoreValue |
 | test.cpp:119:11:119:13 | Left | test.cpp:119:11:119:17 | access to array |
-| test.cpp:119:11:119:13 | Unary | test.cpp:119:11:119:13 | array to pointer conversion |
+| test.cpp:119:11:119:13 | Unary | test.cpp:119:11:119:13 | arr |
+| test.cpp:119:11:119:13 | arr | test.cpp:119:11:119:13 | Left |
 | test.cpp:119:11:119:13 | arr | test.cpp:119:11:119:13 | Unary |
-| test.cpp:119:11:119:13 | array to pointer conversion | test.cpp:119:11:119:13 | Left |
 | test.cpp:119:11:119:17 | Unary | test.cpp:119:9:119:18 | & ... |
 | test.cpp:119:11:119:17 | access to array | test.cpp:119:11:119:17 | Unary |
 nodes
@@ -25,10 +25,10 @@ nodes
 | test.cpp:17:9:17:11 | StoreValue | semmle.label | StoreValue |
 | test.cpp:17:10:17:11 | Unary | semmle.label | Unary |
 | test.cpp:17:10:17:11 | mc | semmle.label | mc |
-| test.cpp:47:9:47:10 | (reference to) | semmle.label | (reference to) |
 | test.cpp:47:9:47:10 | StoreValue | semmle.label | StoreValue |
 | test.cpp:47:9:47:10 | Unary | semmle.label | Unary |
 | test.cpp:47:9:47:10 | mc | semmle.label | mc |
+| test.cpp:47:9:47:10 | mc | semmle.label | mc |
 | test.cpp:54:9:54:15 | & ... | semmle.label | & ... |
 | test.cpp:54:9:54:15 | StoreValue | semmle.label | StoreValue |
 | test.cpp:54:11:54:12 | Unary | semmle.label | Unary |
@@ -38,13 +38,13 @@ nodes
 | test.cpp:112:9:112:11 | StoreValue | semmle.label | StoreValue |
 | test.cpp:112:9:112:11 | Unary | semmle.label | Unary |
 | test.cpp:112:9:112:11 | arr | semmle.label | arr |
-| test.cpp:112:9:112:11 | array to pointer conversion | semmle.label | array to pointer conversion |
+| test.cpp:112:9:112:11 | arr | semmle.label | arr |
 | test.cpp:119:9:119:18 | & ... | semmle.label | & ... |
 | test.cpp:119:9:119:18 | StoreValue | semmle.label | StoreValue |
 | test.cpp:119:11:119:13 | Left | semmle.label | Left |
 | test.cpp:119:11:119:13 | Unary | semmle.label | Unary |
 | test.cpp:119:11:119:13 | arr | semmle.label | arr |
-| test.cpp:119:11:119:13 | array to pointer conversion | semmle.label | array to pointer conversion |
+| test.cpp:119:11:119:13 | arr | semmle.label | arr |
 | test.cpp:119:11:119:17 | Unary | semmle.label | Unary |
 | test.cpp:119:11:119:17 | access to array | semmle.label | access to array |
 #select
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-078/SAMATE/ExecTainted/ExecTainted.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-078/SAMATE/ExecTainted/ExecTainted.expected
@@ -1,16 +1,16 @@
 edges
-| tests.cpp:26:15:26:23 | VariableAddress indirection | tests.cpp:51:12:51:20 | Call indirection |
-| tests.cpp:33:34:33:39 | Call indirection | tests.cpp:38:39:38:49 | environment indirection |
+| tests.cpp:26:15:26:23 | VariableAddress indirection | tests.cpp:51:12:51:20 | call to badSource indirection |
+| tests.cpp:33:34:33:39 | call to getenv indirection | tests.cpp:38:39:38:49 | environment indirection |
 | tests.cpp:38:25:38:36 | strncat output argument | tests.cpp:26:15:26:23 | VariableAddress indirection |
 | tests.cpp:38:39:38:49 | environment indirection | tests.cpp:38:25:38:36 | strncat output argument |
-| tests.cpp:51:12:51:20 | Call indirection | tests.cpp:53:16:53:19 | data indirection |
+| tests.cpp:51:12:51:20 | call to badSource indirection | tests.cpp:53:16:53:19 | data indirection |
 nodes
 | tests.cpp:26:15:26:23 | VariableAddress indirection | semmle.label | VariableAddress indirection |
-| tests.cpp:33:34:33:39 | Call indirection | semmle.label | Call indirection |
+| tests.cpp:33:34:33:39 | call to getenv indirection | semmle.label | call to getenv indirection |
 | tests.cpp:38:25:38:36 | strncat output argument | semmle.label | strncat output argument |
 | tests.cpp:38:39:38:49 | environment indirection | semmle.label | environment indirection |
-| tests.cpp:51:12:51:20 | Call indirection | semmle.label | Call indirection |
+| tests.cpp:51:12:51:20 | call to badSource indirection | semmle.label | call to badSource indirection |
 | tests.cpp:53:16:53:19 | data indirection | semmle.label | data indirection |
 subpaths
 #select
-| tests.cpp:53:16:53:19 | data | tests.cpp:33:34:33:39 | Call indirection | tests.cpp:53:16:53:19 | data indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | tests.cpp:33:34:33:39 | Call indirection | user input (an environment variable) | tests.cpp:38:25:38:36 | strncat output argument | strncat output argument |
+| tests.cpp:53:16:53:19 | data | tests.cpp:33:34:33:39 | call to getenv indirection | tests.cpp:53:16:53:19 | data indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | tests.cpp:33:34:33:39 | call to getenv indirection | user input (an environment variable) | tests.cpp:38:25:38:36 | strncat output argument | strncat output argument |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected
@@ -1,5 +1,5 @@
 edges
-| test.cpp:47:21:47:26 | Call indirection | test.cpp:50:35:50:43 | envCflags indirection |
+| test.cpp:47:21:47:26 | call to getenv indirection | test.cpp:50:35:50:43 | envCflags indirection |
 | test.cpp:50:11:50:17 | sprintf output argument | test.cpp:51:10:51:16 | command indirection |
 | test.cpp:50:35:50:43 | envCflags indirection | test.cpp:50:11:50:17 | sprintf output argument |
 | test.cpp:62:9:62:16 | fread output argument | test.cpp:64:20:64:27 | filename indirection |
@@ -97,7 +97,7 @@ edges
 | test.cpp:220:19:220:26 | filename indirection | test.cpp:220:10:220:16 | strncat output argument |
 | test.cpp:220:19:220:26 | filename indirection | test.cpp:220:10:220:16 | strncat output argument |
 nodes
-| test.cpp:47:21:47:26 | Call indirection | semmle.label | Call indirection |
+| test.cpp:47:21:47:26 | call to getenv indirection | semmle.label | call to getenv indirection |
 | test.cpp:50:11:50:17 | sprintf output argument | semmle.label | sprintf output argument |
 | test.cpp:50:35:50:43 | envCflags indirection | semmle.label | envCflags indirection |
 | test.cpp:51:10:51:16 | command indirection | semmle.label | command indirection |
@@ -202,7 +202,7 @@ subpaths
 | test.cpp:196:26:196:33 | filename indirection | test.cpp:186:47:186:54 | filename indirection | test.cpp:188:11:188:17 | strncat output argument | test.cpp:196:10:196:16 | concat output argument |
 | test.cpp:196:26:196:33 | filename indirection | test.cpp:186:47:186:54 | filename indirection | test.cpp:188:11:188:17 | strncat output argument | test.cpp:196:10:196:16 | concat output argument |
 #select
-| test.cpp:51:10:51:16 | command | test.cpp:47:21:47:26 | Call indirection | test.cpp:51:10:51:16 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:47:21:47:26 | Call indirection | user input (an environment variable) | test.cpp:50:11:50:17 | sprintf output argument | sprintf output argument |
+| test.cpp:51:10:51:16 | command | test.cpp:47:21:47:26 | call to getenv indirection | test.cpp:51:10:51:16 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:47:21:47:26 | call to getenv indirection | user input (an environment variable) | test.cpp:50:11:50:17 | sprintf output argument | sprintf output argument |
 | test.cpp:65:10:65:16 | command | test.cpp:62:9:62:16 | fread output argument | test.cpp:65:10:65:16 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:62:9:62:16 | fread output argument | user input (String read by fread) | test.cpp:64:11:64:17 | strncat output argument | strncat output argument |
 | test.cpp:85:32:85:38 | command | test.cpp:82:9:82:16 | fread output argument | test.cpp:85:32:85:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:82:9:82:16 | fread output argument | user input (String read by fread) | test.cpp:84:11:84:17 | strncat output argument | strncat output argument |
 | test.cpp:94:45:94:48 | path | test.cpp:91:9:91:16 | fread output argument | test.cpp:94:45:94:48 | path indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:91:9:91:16 | fread output argument | user input (String read by fread) | test.cpp:93:11:93:14 | strncat output argument | strncat output argument |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-089/SqlTainted/SqlTainted.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-089/SqlTainted/SqlTainted.expected
@@ -1,6 +1,6 @@
 edges
-| test.c:15:20:15:23 | argv | test.c:21:18:21:23 | array to pointer conversion |
-| test.c:15:20:15:23 | argv | test.c:21:18:21:23 | array to pointer conversion |
+| test.c:15:20:15:23 | argv | test.c:21:18:21:23 | query1 |
+| test.c:15:20:15:23 | argv | test.c:21:18:21:23 | query1 |
 | test.c:15:20:15:23 | argv | test.c:21:18:21:23 | query1 |
 | test.c:15:20:15:23 | argv | test.c:21:18:21:23 | query1 |
 | test.c:15:20:15:23 | argv | test.c:21:18:21:23 | query1 |
@@ -15,8 +15,8 @@ subpaths
 nodes
 | test.c:15:20:15:23 | argv | semmle.label | argv |
 | test.c:15:20:15:23 | argv | semmle.label | argv |
-| test.c:21:18:21:23 | array to pointer conversion | semmle.label | array to pointer conversion |
-| test.c:21:18:21:23 | array to pointer conversion | semmle.label | array to pointer conversion |
+| test.c:21:18:21:23 | query1 | semmle.label | query1 |
+| test.c:21:18:21:23 | query1 | semmle.label | query1 |
 | test.c:21:18:21:23 | query1 | semmle.label | query1 |
 | test.c:21:18:21:23 | query1 | semmle.label | query1 |
 | test.c:21:18:21:23 | query1 | semmle.label | query1 |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-114/semmle/UncontrolledProcessOperation/UncontrolledProcessOperation.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-114/semmle/UncontrolledProcessOperation/UncontrolledProcessOperation.expected
@@ -7,8 +7,8 @@ edges
 | test.cpp:42:18:42:34 | call to getenv | test.cpp:24:30:24:36 | command |
 | test.cpp:43:18:43:23 | call to getenv | test.cpp:29:30:29:36 | command |
 | test.cpp:43:18:43:34 | call to getenv | test.cpp:29:30:29:36 | command |
-| test.cpp:56:12:56:17 | buffer | test.cpp:62:10:62:15 | array to pointer conversion |
-| test.cpp:56:12:56:17 | buffer | test.cpp:62:10:62:15 | array to pointer conversion |
+| test.cpp:56:12:56:17 | buffer | test.cpp:62:10:62:15 | buffer |
+| test.cpp:56:12:56:17 | buffer | test.cpp:62:10:62:15 | buffer |
 | test.cpp:56:12:56:17 | buffer | test.cpp:62:10:62:15 | buffer |
 | test.cpp:56:12:56:17 | buffer | test.cpp:62:10:62:15 | buffer |
 | test.cpp:56:12:56:17 | buffer | test.cpp:62:10:62:15 | buffer |
@@ -19,8 +19,8 @@ edges
 | test.cpp:56:12:56:17 | buffer | test.cpp:63:10:63:13 | data |
 | test.cpp:56:12:56:17 | buffer | test.cpp:63:10:63:13 | data |
 | test.cpp:56:12:56:17 | buffer | test.cpp:63:10:63:13 | data |
-| test.cpp:56:12:56:17 | buffer | test.cpp:64:10:64:16 | (reference dereference) |
-| test.cpp:56:12:56:17 | buffer | test.cpp:64:10:64:16 | (reference dereference) |
+| test.cpp:56:12:56:17 | buffer | test.cpp:64:10:64:16 | dataref |
+| test.cpp:56:12:56:17 | buffer | test.cpp:64:10:64:16 | dataref |
 | test.cpp:56:12:56:17 | buffer | test.cpp:64:10:64:16 | dataref |
 | test.cpp:56:12:56:17 | buffer | test.cpp:64:10:64:16 | dataref |
 | test.cpp:56:12:56:17 | buffer | test.cpp:64:10:64:16 | dataref |
@@ -33,44 +33,44 @@ edges
 | test.cpp:56:12:56:17 | buffer | test.cpp:65:10:65:14 | data2 |
 | test.cpp:56:12:56:17 | buffer | test.cpp:65:10:65:14 | data2 |
 | test.cpp:56:12:56:17 | buffer | test.cpp:65:10:65:14 | data2 |
-| test.cpp:56:12:56:17 | fgets output argument | test.cpp:62:10:62:15 | array to pointer conversion |
+| test.cpp:56:12:56:17 | fgets output argument | test.cpp:62:10:62:15 | buffer |
 | test.cpp:56:12:56:17 | fgets output argument | test.cpp:62:10:62:15 | buffer |
 | test.cpp:56:12:56:17 | fgets output argument | test.cpp:62:10:62:15 | buffer |
 | test.cpp:56:12:56:17 | fgets output argument | test.cpp:63:10:63:13 | data |
 | test.cpp:56:12:56:17 | fgets output argument | test.cpp:63:10:63:13 | data |
 | test.cpp:56:12:56:17 | fgets output argument | test.cpp:63:10:63:13 | data |
-| test.cpp:56:12:56:17 | fgets output argument | test.cpp:64:10:64:16 | (reference dereference) |
+| test.cpp:56:12:56:17 | fgets output argument | test.cpp:64:10:64:16 | dataref |
 | test.cpp:56:12:56:17 | fgets output argument | test.cpp:64:10:64:16 | dataref |
 | test.cpp:56:12:56:17 | fgets output argument | test.cpp:64:10:64:16 | dataref |
 | test.cpp:56:12:56:17 | fgets output argument | test.cpp:64:10:64:16 | dataref |
 | test.cpp:56:12:56:17 | fgets output argument | test.cpp:65:10:65:14 | data2 |
 | test.cpp:56:12:56:17 | fgets output argument | test.cpp:65:10:65:14 | data2 |
 | test.cpp:56:12:56:17 | fgets output argument | test.cpp:65:10:65:14 | data2 |
-| test.cpp:76:12:76:17 | buffer | test.cpp:78:10:78:15 | array to pointer conversion |
-| test.cpp:76:12:76:17 | buffer | test.cpp:78:10:78:15 | array to pointer conversion |
 | test.cpp:76:12:76:17 | buffer | test.cpp:78:10:78:15 | buffer |
 | test.cpp:76:12:76:17 | buffer | test.cpp:78:10:78:15 | buffer |
 | test.cpp:76:12:76:17 | buffer | test.cpp:78:10:78:15 | buffer |
 | test.cpp:76:12:76:17 | buffer | test.cpp:78:10:78:15 | buffer |
-| test.cpp:76:12:76:17 | fgets output argument | test.cpp:78:10:78:15 | array to pointer conversion |
+| test.cpp:76:12:76:17 | buffer | test.cpp:78:10:78:15 | buffer |
+| test.cpp:76:12:76:17 | buffer | test.cpp:78:10:78:15 | buffer |
+| test.cpp:76:12:76:17 | fgets output argument | test.cpp:78:10:78:15 | buffer |
 | test.cpp:76:12:76:17 | fgets output argument | test.cpp:78:10:78:15 | buffer |
 | test.cpp:76:12:76:17 | fgets output argument | test.cpp:78:10:78:15 | buffer |
-| test.cpp:98:17:98:22 | buffer | test.cpp:99:15:99:20 | array to pointer conversion |
-| test.cpp:98:17:98:22 | buffer | test.cpp:99:15:99:20 | array to pointer conversion |
 | test.cpp:98:17:98:22 | buffer | test.cpp:99:15:99:20 | buffer |
 | test.cpp:98:17:98:22 | buffer | test.cpp:99:15:99:20 | buffer |
 | test.cpp:98:17:98:22 | buffer | test.cpp:99:15:99:20 | buffer |
 | test.cpp:98:17:98:22 | buffer | test.cpp:99:15:99:20 | buffer |
-| test.cpp:98:17:98:22 | recv output argument | test.cpp:99:15:99:20 | array to pointer conversion |
+| test.cpp:98:17:98:22 | buffer | test.cpp:99:15:99:20 | buffer |
+| test.cpp:98:17:98:22 | buffer | test.cpp:99:15:99:20 | buffer |
+| test.cpp:98:17:98:22 | recv output argument | test.cpp:99:15:99:20 | buffer |
 | test.cpp:98:17:98:22 | recv output argument | test.cpp:99:15:99:20 | buffer |
 | test.cpp:98:17:98:22 | recv output argument | test.cpp:99:15:99:20 | buffer |
-| test.cpp:106:17:106:22 | buffer | test.cpp:107:15:107:20 | array to pointer conversion |
-| test.cpp:106:17:106:22 | buffer | test.cpp:107:15:107:20 | array to pointer conversion |
 | test.cpp:106:17:106:22 | buffer | test.cpp:107:15:107:20 | buffer |
 | test.cpp:106:17:106:22 | buffer | test.cpp:107:15:107:20 | buffer |
 | test.cpp:106:17:106:22 | buffer | test.cpp:107:15:107:20 | buffer |
 | test.cpp:106:17:106:22 | buffer | test.cpp:107:15:107:20 | buffer |
-| test.cpp:106:17:106:22 | recv output argument | test.cpp:107:15:107:20 | array to pointer conversion |
+| test.cpp:106:17:106:22 | buffer | test.cpp:107:15:107:20 | buffer |
+| test.cpp:106:17:106:22 | buffer | test.cpp:107:15:107:20 | buffer |
+| test.cpp:106:17:106:22 | recv output argument | test.cpp:107:15:107:20 | buffer |
 | test.cpp:106:17:106:22 | recv output argument | test.cpp:107:15:107:20 | buffer |
 | test.cpp:106:17:106:22 | recv output argument | test.cpp:107:15:107:20 | buffer |
 subpaths
@@ -90,8 +90,8 @@ nodes
 | test.cpp:56:12:56:17 | buffer | semmle.label | buffer |
 | test.cpp:56:12:56:17 | buffer | semmle.label | buffer |
 | test.cpp:56:12:56:17 | fgets output argument | semmle.label | fgets output argument |
-| test.cpp:62:10:62:15 | array to pointer conversion | semmle.label | array to pointer conversion |
-| test.cpp:62:10:62:15 | array to pointer conversion | semmle.label | array to pointer conversion |
+| test.cpp:62:10:62:15 | buffer | semmle.label | buffer |
+| test.cpp:62:10:62:15 | buffer | semmle.label | buffer |
 | test.cpp:62:10:62:15 | buffer | semmle.label | buffer |
 | test.cpp:62:10:62:15 | buffer | semmle.label | buffer |
 | test.cpp:62:10:62:15 | buffer | semmle.label | buffer |
@@ -100,8 +100,8 @@ nodes
 | test.cpp:63:10:63:13 | data | semmle.label | data |
 | test.cpp:63:10:63:13 | data | semmle.label | data |
 | test.cpp:63:10:63:13 | data | semmle.label | data |
-| test.cpp:64:10:64:16 | (reference dereference) | semmle.label | (reference dereference) |
-| test.cpp:64:10:64:16 | (reference dereference) | semmle.label | (reference dereference) |
+| test.cpp:64:10:64:16 | dataref | semmle.label | dataref |
+| test.cpp:64:10:64:16 | dataref | semmle.label | dataref |
 | test.cpp:64:10:64:16 | dataref | semmle.label | dataref |
 | test.cpp:64:10:64:16 | dataref | semmle.label | dataref |
 | test.cpp:64:10:64:16 | dataref | semmle.label | dataref |
@@ -115,24 +115,24 @@ nodes
 | test.cpp:76:12:76:17 | buffer | semmle.label | buffer |
 | test.cpp:76:12:76:17 | buffer | semmle.label | buffer |
 | test.cpp:76:12:76:17 | fgets output argument | semmle.label | fgets output argument |
-| test.cpp:78:10:78:15 | array to pointer conversion | semmle.label | array to pointer conversion |
-| test.cpp:78:10:78:15 | array to pointer conversion | semmle.label | array to pointer conversion |
+| test.cpp:78:10:78:15 | buffer | semmle.label | buffer |
+| test.cpp:78:10:78:15 | buffer | semmle.label | buffer |
 | test.cpp:78:10:78:15 | buffer | semmle.label | buffer |
 | test.cpp:78:10:78:15 | buffer | semmle.label | buffer |
 | test.cpp:78:10:78:15 | buffer | semmle.label | buffer |
 | test.cpp:98:17:98:22 | buffer | semmle.label | buffer |
 | test.cpp:98:17:98:22 | buffer | semmle.label | buffer |
 | test.cpp:98:17:98:22 | recv output argument | semmle.label | recv output argument |
-| test.cpp:99:15:99:20 | array to pointer conversion | semmle.label | array to pointer conversion |
-| test.cpp:99:15:99:20 | array to pointer conversion | semmle.label | array to pointer conversion |
+| test.cpp:99:15:99:20 | buffer | semmle.label | buffer |
+| test.cpp:99:15:99:20 | buffer | semmle.label | buffer |
 | test.cpp:99:15:99:20 | buffer | semmle.label | buffer |
 | test.cpp:99:15:99:20 | buffer | semmle.label | buffer |
 | test.cpp:99:15:99:20 | buffer | semmle.label | buffer |
 | test.cpp:106:17:106:22 | buffer | semmle.label | buffer |
 | test.cpp:106:17:106:22 | buffer | semmle.label | buffer |
 | test.cpp:106:17:106:22 | recv output argument | semmle.label | recv output argument |
-| test.cpp:107:15:107:20 | array to pointer conversion | semmle.label | array to pointer conversion |
-| test.cpp:107:15:107:20 | array to pointer conversion | semmle.label | array to pointer conversion |
+| test.cpp:107:15:107:20 | buffer | semmle.label | buffer |
+| test.cpp:107:15:107:20 | buffer | semmle.label | buffer |
 | test.cpp:107:15:107:20 | buffer | semmle.label | buffer |
 | test.cpp:107:15:107:20 | buffer | semmle.label | buffer |
 | test.cpp:107:15:107:20 | buffer | semmle.label | buffer |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/argv/argvLocal.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/argv/argvLocal.expected
@@ -47,8 +47,8 @@ edges
 | argvLocal.c:105:14:105:17 | argv | argvLocal.c:111:15:111:17 | * ... |
 | argvLocal.c:105:14:105:17 | argv | argvLocal.c:111:15:111:17 | * ... |
 | argvLocal.c:105:14:105:17 | argv | argvLocal.c:111:15:111:17 | * ... |
-| argvLocal.c:115:13:115:16 | argv | argvLocal.c:116:9:116:10 | array to pointer conversion |
-| argvLocal.c:115:13:115:16 | argv | argvLocal.c:116:9:116:10 | array to pointer conversion |
+| argvLocal.c:115:13:115:16 | argv | argvLocal.c:116:9:116:10 | i3 |
+| argvLocal.c:115:13:115:16 | argv | argvLocal.c:116:9:116:10 | i3 |
 | argvLocal.c:115:13:115:16 | argv | argvLocal.c:116:9:116:10 | i3 |
 | argvLocal.c:115:13:115:16 | argv | argvLocal.c:116:9:116:10 | i3 |
 | argvLocal.c:115:13:115:16 | argv | argvLocal.c:116:9:116:10 | i3 |
@@ -83,8 +83,8 @@ edges
 | argvLocal.c:115:13:115:16 | argv | argvLocal.c:136:15:136:18 | -- ... |
 | argvLocal.c:115:13:115:16 | argv | argvLocal.c:136:17:136:18 | i4 |
 | argvLocal.c:115:13:115:16 | argv | argvLocal.c:136:17:136:18 | i4 |
-| argvLocal.c:126:10:126:13 | argv | argvLocal.c:127:9:127:10 | array to pointer conversion |
-| argvLocal.c:126:10:126:13 | argv | argvLocal.c:127:9:127:10 | array to pointer conversion |
+| argvLocal.c:126:10:126:13 | argv | argvLocal.c:127:9:127:10 | i5 |
+| argvLocal.c:126:10:126:13 | argv | argvLocal.c:127:9:127:10 | i5 |
 | argvLocal.c:126:10:126:13 | argv | argvLocal.c:127:9:127:10 | i5 |
 | argvLocal.c:126:10:126:13 | argv | argvLocal.c:127:9:127:10 | i5 |
 | argvLocal.c:126:10:126:13 | argv | argvLocal.c:127:9:127:10 | i5 |
@@ -123,8 +123,8 @@ edges
 | argvLocal.c:149:11:149:14 | argv | argvLocal.c:151:15:151:16 | i8 |
 | argvLocal.c:149:11:149:14 | argv | argvLocal.c:151:15:151:16 | i8 |
 | argvLocal.c:149:11:149:14 | argv | argvLocal.c:151:15:151:16 | i8 |
-| argvLocal.c:168:18:168:21 | argv | argvLocal.c:169:9:169:20 | (char *)... |
-| argvLocal.c:168:18:168:21 | argv | argvLocal.c:169:9:169:20 | (char *)... |
+| argvLocal.c:168:18:168:21 | argv | argvLocal.c:169:9:169:20 | i10 |
+| argvLocal.c:168:18:168:21 | argv | argvLocal.c:169:9:169:20 | i10 |
 | argvLocal.c:168:18:168:21 | argv | argvLocal.c:169:9:169:20 | i10 |
 | argvLocal.c:168:18:168:21 | argv | argvLocal.c:169:9:169:20 | i10 |
 | argvLocal.c:168:18:168:21 | argv | argvLocal.c:169:18:169:20 | i10 |
@@ -179,8 +179,8 @@ nodes
 | argvLocal.c:111:15:111:17 | * ... | semmle.label | * ... |
 | argvLocal.c:115:13:115:16 | argv | semmle.label | argv |
 | argvLocal.c:115:13:115:16 | argv | semmle.label | argv |
-| argvLocal.c:116:9:116:10 | array to pointer conversion | semmle.label | array to pointer conversion |
-| argvLocal.c:116:9:116:10 | array to pointer conversion | semmle.label | array to pointer conversion |
+| argvLocal.c:116:9:116:10 | i3 | semmle.label | i3 |
+| argvLocal.c:116:9:116:10 | i3 | semmle.label | i3 |
 | argvLocal.c:116:9:116:10 | i3 | semmle.label | i3 |
 | argvLocal.c:116:9:116:10 | i3 | semmle.label | i3 |
 | argvLocal.c:116:9:116:10 | i3 | semmle.label | i3 |
@@ -197,8 +197,8 @@ nodes
 | argvLocal.c:122:15:122:16 | i4 | semmle.label | i4 |
 | argvLocal.c:126:10:126:13 | argv | semmle.label | argv |
 | argvLocal.c:126:10:126:13 | argv | semmle.label | argv |
-| argvLocal.c:127:9:127:10 | array to pointer conversion | semmle.label | array to pointer conversion |
-| argvLocal.c:127:9:127:10 | array to pointer conversion | semmle.label | array to pointer conversion |
+| argvLocal.c:127:9:127:10 | i5 | semmle.label | i5 |
+| argvLocal.c:127:9:127:10 | i5 | semmle.label | i5 |
 | argvLocal.c:127:9:127:10 | i5 | semmle.label | i5 |
 | argvLocal.c:127:9:127:10 | i5 | semmle.label | i5 |
 | argvLocal.c:127:9:127:10 | i5 | semmle.label | i5 |
@@ -255,8 +255,8 @@ nodes
 | argvLocal.c:151:15:151:16 | i8 | semmle.label | i8 |
 | argvLocal.c:168:18:168:21 | argv | semmle.label | argv |
 | argvLocal.c:168:18:168:21 | argv | semmle.label | argv |
-| argvLocal.c:169:9:169:20 | (char *)... | semmle.label | (char *)... |
-| argvLocal.c:169:9:169:20 | (char *)... | semmle.label | (char *)... |
+| argvLocal.c:169:9:169:20 | i10 | semmle.label | i10 |
+| argvLocal.c:169:9:169:20 | i10 | semmle.label | i10 |
 | argvLocal.c:169:9:169:20 | i10 | semmle.label | i10 |
 | argvLocal.c:169:9:169:20 | i10 | semmle.label | i10 |
 | argvLocal.c:169:18:169:20 | i10 | semmle.label | i10 |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/funcs/funcsLocal.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/funcs/funcsLocal.expected
@@ -1,27 +1,27 @@
 edges
-| funcsLocal.c:16:8:16:9 | fread output argument | funcsLocal.c:17:9:17:10 | array to pointer conversion |
 | funcsLocal.c:16:8:16:9 | fread output argument | funcsLocal.c:17:9:17:10 | i1 |
 | funcsLocal.c:16:8:16:9 | fread output argument | funcsLocal.c:17:9:17:10 | i1 |
-| funcsLocal.c:16:8:16:9 | fread output argument | funcsLocal.c:58:9:58:10 | array to pointer conversion |
+| funcsLocal.c:16:8:16:9 | fread output argument | funcsLocal.c:17:9:17:10 | i1 |
+| funcsLocal.c:16:8:16:9 | fread output argument | funcsLocal.c:58:9:58:10 | e1 |
 | funcsLocal.c:16:8:16:9 | fread output argument | funcsLocal.c:58:9:58:10 | e1 |
 | funcsLocal.c:16:8:16:9 | fread output argument | funcsLocal.c:58:9:58:10 | e1 |
-| funcsLocal.c:16:8:16:9 | i1 | funcsLocal.c:17:9:17:10 | array to pointer conversion |
-| funcsLocal.c:16:8:16:9 | i1 | funcsLocal.c:17:9:17:10 | array to pointer conversion |
 | funcsLocal.c:16:8:16:9 | i1 | funcsLocal.c:17:9:17:10 | i1 |
 | funcsLocal.c:16:8:16:9 | i1 | funcsLocal.c:17:9:17:10 | i1 |
 | funcsLocal.c:16:8:16:9 | i1 | funcsLocal.c:17:9:17:10 | i1 |
 | funcsLocal.c:16:8:16:9 | i1 | funcsLocal.c:17:9:17:10 | i1 |
-| funcsLocal.c:16:8:16:9 | i1 | funcsLocal.c:58:9:58:10 | array to pointer conversion |
-| funcsLocal.c:16:8:16:9 | i1 | funcsLocal.c:58:9:58:10 | array to pointer conversion |
+| funcsLocal.c:16:8:16:9 | i1 | funcsLocal.c:17:9:17:10 | i1 |
+| funcsLocal.c:16:8:16:9 | i1 | funcsLocal.c:17:9:17:10 | i1 |
+| funcsLocal.c:16:8:16:9 | i1 | funcsLocal.c:58:9:58:10 | e1 |
+| funcsLocal.c:16:8:16:9 | i1 | funcsLocal.c:58:9:58:10 | e1 |
 | funcsLocal.c:16:8:16:9 | i1 | funcsLocal.c:58:9:58:10 | e1 |
 | funcsLocal.c:16:8:16:9 | i1 | funcsLocal.c:58:9:58:10 | e1 |
 | funcsLocal.c:16:8:16:9 | i1 | funcsLocal.c:58:9:58:10 | e1 |
 | funcsLocal.c:16:8:16:9 | i1 | funcsLocal.c:58:9:58:10 | e1 |
-| funcsLocal.c:26:8:26:9 | fgets output argument | funcsLocal.c:27:9:27:10 | array to pointer conversion |
 | funcsLocal.c:26:8:26:9 | fgets output argument | funcsLocal.c:27:9:27:10 | i3 |
 | funcsLocal.c:26:8:26:9 | fgets output argument | funcsLocal.c:27:9:27:10 | i3 |
-| funcsLocal.c:26:8:26:9 | i3 | funcsLocal.c:27:9:27:10 | array to pointer conversion |
-| funcsLocal.c:26:8:26:9 | i3 | funcsLocal.c:27:9:27:10 | array to pointer conversion |
+| funcsLocal.c:26:8:26:9 | fgets output argument | funcsLocal.c:27:9:27:10 | i3 |
+| funcsLocal.c:26:8:26:9 | i3 | funcsLocal.c:27:9:27:10 | i3 |
+| funcsLocal.c:26:8:26:9 | i3 | funcsLocal.c:27:9:27:10 | i3 |
 | funcsLocal.c:26:8:26:9 | i3 | funcsLocal.c:27:9:27:10 | i3 |
 | funcsLocal.c:26:8:26:9 | i3 | funcsLocal.c:27:9:27:10 | i3 |
 | funcsLocal.c:26:8:26:9 | i3 | funcsLocal.c:27:9:27:10 | i3 |
@@ -38,11 +38,11 @@ edges
 | funcsLocal.c:31:19:31:21 | i41 | funcsLocal.c:32:9:32:10 | i4 |
 | funcsLocal.c:31:19:31:21 | i41 | funcsLocal.c:32:9:32:10 | i4 |
 | funcsLocal.c:31:19:31:21 | i41 | funcsLocal.c:32:9:32:10 | i4 |
-| funcsLocal.c:36:7:36:8 | gets output argument | funcsLocal.c:37:9:37:10 | array to pointer conversion |
 | funcsLocal.c:36:7:36:8 | gets output argument | funcsLocal.c:37:9:37:10 | i5 |
 | funcsLocal.c:36:7:36:8 | gets output argument | funcsLocal.c:37:9:37:10 | i5 |
-| funcsLocal.c:36:7:36:8 | i5 | funcsLocal.c:37:9:37:10 | array to pointer conversion |
-| funcsLocal.c:36:7:36:8 | i5 | funcsLocal.c:37:9:37:10 | array to pointer conversion |
+| funcsLocal.c:36:7:36:8 | gets output argument | funcsLocal.c:37:9:37:10 | i5 |
+| funcsLocal.c:36:7:36:8 | i5 | funcsLocal.c:37:9:37:10 | i5 |
+| funcsLocal.c:36:7:36:8 | i5 | funcsLocal.c:37:9:37:10 | i5 |
 | funcsLocal.c:36:7:36:8 | i5 | funcsLocal.c:37:9:37:10 | i5 |
 | funcsLocal.c:36:7:36:8 | i5 | funcsLocal.c:37:9:37:10 | i5 |
 | funcsLocal.c:36:7:36:8 | i5 | funcsLocal.c:37:9:37:10 | i5 |
@@ -85,16 +85,16 @@ nodes
 | funcsLocal.c:16:8:16:9 | fread output argument | semmle.label | fread output argument |
 | funcsLocal.c:16:8:16:9 | i1 | semmle.label | i1 |
 | funcsLocal.c:16:8:16:9 | i1 | semmle.label | i1 |
-| funcsLocal.c:17:9:17:10 | array to pointer conversion | semmle.label | array to pointer conversion |
-| funcsLocal.c:17:9:17:10 | array to pointer conversion | semmle.label | array to pointer conversion |
+| funcsLocal.c:17:9:17:10 | i1 | semmle.label | i1 |
+| funcsLocal.c:17:9:17:10 | i1 | semmle.label | i1 |
 | funcsLocal.c:17:9:17:10 | i1 | semmle.label | i1 |
 | funcsLocal.c:17:9:17:10 | i1 | semmle.label | i1 |
 | funcsLocal.c:17:9:17:10 | i1 | semmle.label | i1 |
 | funcsLocal.c:26:8:26:9 | fgets output argument | semmle.label | fgets output argument |
 | funcsLocal.c:26:8:26:9 | i3 | semmle.label | i3 |
 | funcsLocal.c:26:8:26:9 | i3 | semmle.label | i3 |
-| funcsLocal.c:27:9:27:10 | array to pointer conversion | semmle.label | array to pointer conversion |
-| funcsLocal.c:27:9:27:10 | array to pointer conversion | semmle.label | array to pointer conversion |
+| funcsLocal.c:27:9:27:10 | i3 | semmle.label | i3 |
+| funcsLocal.c:27:9:27:10 | i3 | semmle.label | i3 |
 | funcsLocal.c:27:9:27:10 | i3 | semmle.label | i3 |
 | funcsLocal.c:27:9:27:10 | i3 | semmle.label | i3 |
 | funcsLocal.c:27:9:27:10 | i3 | semmle.label | i3 |
@@ -110,8 +110,8 @@ nodes
 | funcsLocal.c:36:7:36:8 | gets output argument | semmle.label | gets output argument |
 | funcsLocal.c:36:7:36:8 | i5 | semmle.label | i5 |
 | funcsLocal.c:36:7:36:8 | i5 | semmle.label | i5 |
-| funcsLocal.c:37:9:37:10 | array to pointer conversion | semmle.label | array to pointer conversion |
-| funcsLocal.c:37:9:37:10 | array to pointer conversion | semmle.label | array to pointer conversion |
+| funcsLocal.c:37:9:37:10 | i5 | semmle.label | i5 |
+| funcsLocal.c:37:9:37:10 | i5 | semmle.label | i5 |
 | funcsLocal.c:37:9:37:10 | i5 | semmle.label | i5 |
 | funcsLocal.c:37:9:37:10 | i5 | semmle.label | i5 |
 | funcsLocal.c:37:9:37:10 | i5 | semmle.label | i5 |
@@ -141,8 +141,8 @@ nodes
 | funcsLocal.c:53:9:53:11 | * ... | semmle.label | * ... |
 | funcsLocal.c:53:10:53:11 | * ... | semmle.label | * ... |
 | funcsLocal.c:53:10:53:11 | * ... | semmle.label | * ... |
-| funcsLocal.c:58:9:58:10 | array to pointer conversion | semmle.label | array to pointer conversion |
-| funcsLocal.c:58:9:58:10 | array to pointer conversion | semmle.label | array to pointer conversion |
+| funcsLocal.c:58:9:58:10 | e1 | semmle.label | e1 |
+| funcsLocal.c:58:9:58:10 | e1 | semmle.label | e1 |
 | funcsLocal.c:58:9:58:10 | e1 | semmle.label | e1 |
 | funcsLocal.c:58:9:58:10 | e1 | semmle.label | e1 |
 | funcsLocal.c:58:9:58:10 | e1 | semmle.label | e1 |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-190/SAMATE/ArithmeticUncontrolled.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-190/SAMATE/ArithmeticUncontrolled.expected
@@ -1,22 +1,22 @@
 edges
-| examples.cpp:22:26:22:33 | (unsigned int)... | examples.cpp:25:31:25:34 | data |
-| examples.cpp:22:26:22:33 | (unsigned int)... | examples.cpp:25:31:25:34 | data |
-| examples.cpp:22:26:22:33 | (unsigned int)... | examples.cpp:25:31:25:34 | data |
-| examples.cpp:22:26:22:33 | (unsigned int)... | examples.cpp:25:31:25:34 | data |
-| examples.cpp:22:26:22:33 | (unsigned int)... | examples.cpp:25:31:25:34 | data |
-| examples.cpp:22:26:22:33 | (unsigned int)... | examples.cpp:25:31:25:34 | data |
 | examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data |
 | examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data |
 | examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data |
 | examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data |
 | examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data |
 | examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data |
-| examples.cpp:35:26:35:33 | (unsigned int)... | examples.cpp:38:9:38:12 | data |
-| examples.cpp:35:26:35:33 | (unsigned int)... | examples.cpp:38:9:38:12 | data |
-| examples.cpp:35:26:35:33 | (unsigned int)... | examples.cpp:38:9:38:12 | data |
-| examples.cpp:35:26:35:33 | (unsigned int)... | examples.cpp:38:9:38:12 | data |
-| examples.cpp:35:26:35:33 | (unsigned int)... | examples.cpp:38:9:38:12 | data |
-| examples.cpp:35:26:35:33 | (unsigned int)... | examples.cpp:38:9:38:12 | data |
+| examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data |
+| examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data |
+| examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data |
+| examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data |
+| examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data |
+| examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data |
+| examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data |
+| examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data |
+| examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data |
+| examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data |
+| examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data |
+| examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data |
 | examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data |
 | examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data |
 | examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data |
@@ -24,12 +24,12 @@ edges
 | examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data |
 | examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data |
 nodes
-| examples.cpp:22:26:22:33 | (unsigned int)... | semmle.label | (unsigned int)... |
-| examples.cpp:22:26:22:33 | (unsigned int)... | semmle.label | (unsigned int)... |
-| examples.cpp:22:26:22:33 | (unsigned int)... | semmle.label | (unsigned int)... |
-| examples.cpp:22:26:22:33 | (unsigned int)... | semmle.label | (unsigned int)... |
-| examples.cpp:22:26:22:33 | (unsigned int)... | semmle.label | (unsigned int)... |
-| examples.cpp:22:26:22:33 | (unsigned int)... | semmle.label | (unsigned int)... |
+| examples.cpp:22:26:22:33 | call to rand | semmle.label | call to rand |
+| examples.cpp:22:26:22:33 | call to rand | semmle.label | call to rand |
+| examples.cpp:22:26:22:33 | call to rand | semmle.label | call to rand |
+| examples.cpp:22:26:22:33 | call to rand | semmle.label | call to rand |
+| examples.cpp:22:26:22:33 | call to rand | semmle.label | call to rand |
+| examples.cpp:22:26:22:33 | call to rand | semmle.label | call to rand |
 | examples.cpp:22:26:22:33 | call to rand | semmle.label | call to rand |
 | examples.cpp:22:26:22:33 | call to rand | semmle.label | call to rand |
 | examples.cpp:22:26:22:33 | call to rand | semmle.label | call to rand |
@@ -37,12 +37,12 @@ nodes
 | examples.cpp:22:26:22:33 | call to rand | semmle.label | call to rand |
 | examples.cpp:22:26:22:33 | call to rand | semmle.label | call to rand |
 | examples.cpp:25:31:25:34 | data | semmle.label | data |
-| examples.cpp:35:26:35:33 | (unsigned int)... | semmle.label | (unsigned int)... |
-| examples.cpp:35:26:35:33 | (unsigned int)... | semmle.label | (unsigned int)... |
-| examples.cpp:35:26:35:33 | (unsigned int)... | semmle.label | (unsigned int)... |
-| examples.cpp:35:26:35:33 | (unsigned int)... | semmle.label | (unsigned int)... |
-| examples.cpp:35:26:35:33 | (unsigned int)... | semmle.label | (unsigned int)... |
-| examples.cpp:35:26:35:33 | (unsigned int)... | semmle.label | (unsigned int)... |
+| examples.cpp:35:26:35:33 | call to rand | semmle.label | call to rand |
+| examples.cpp:35:26:35:33 | call to rand | semmle.label | call to rand |
+| examples.cpp:35:26:35:33 | call to rand | semmle.label | call to rand |
+| examples.cpp:35:26:35:33 | call to rand | semmle.label | call to rand |
+| examples.cpp:35:26:35:33 | call to rand | semmle.label | call to rand |
+| examples.cpp:35:26:35:33 | call to rand | semmle.label | call to rand |
 | examples.cpp:35:26:35:33 | call to rand | semmle.label | call to rand |
 | examples.cpp:35:26:35:33 | call to rand | semmle.label | call to rand |
 | examples.cpp:35:26:35:33 | call to rand | semmle.label | call to rand |
@@ -52,24 +52,24 @@ nodes
 | examples.cpp:38:9:38:12 | data | semmle.label | data |
 subpaths
 #select
-| examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | (unsigned int)... | examples.cpp:25:31:25:34 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value |
-| examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | (unsigned int)... | examples.cpp:25:31:25:34 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value |
-| examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | (unsigned int)... | examples.cpp:25:31:25:34 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value |
-| examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | (unsigned int)... | examples.cpp:25:31:25:34 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value |
-| examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | (unsigned int)... | examples.cpp:25:31:25:34 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value |
-| examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | (unsigned int)... | examples.cpp:25:31:25:34 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value |
 | examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value |
 | examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value |
 | examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value |
 | examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value |
 | examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value |
 | examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value |
-| examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | (unsigned int)... | examples.cpp:38:9:38:12 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value |
-| examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | (unsigned int)... | examples.cpp:38:9:38:12 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value |
-| examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | (unsigned int)... | examples.cpp:38:9:38:12 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value |
-| examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | (unsigned int)... | examples.cpp:38:9:38:12 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value |
-| examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | (unsigned int)... | examples.cpp:38:9:38:12 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value |
-| examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | (unsigned int)... | examples.cpp:38:9:38:12 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value |
+| examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value |
+| examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value |
+| examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value |
+| examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value |
+| examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value |
+| examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | uncontrolled value |
+| examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value |
+| examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value |
+| examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value |
+| examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value |
+| examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value |
+| examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value |
 | examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value |
 | examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value |
 | examples.cpp:38:9:38:12 | data | examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data | This arithmetic expression depends on an $@, potentially causing an underflow. | examples.cpp:35:26:35:33 | call to rand | uncontrolled value |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ArithmeticUncontrolled/ArithmeticUncontrolled.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ArithmeticUncontrolled/ArithmeticUncontrolled.expected
@@ -10,7 +10,7 @@ edges
 | test.c:131:13:131:16 | call to rand | test.c:133:5:133:5 | r |
 | test.c:137:13:137:16 | call to rand | test.c:139:10:139:10 | r |
 | test.c:155:22:155:25 | call to rand | test.c:157:9:157:9 | r |
-| test.c:155:22:155:27 | (unsigned int)... | test.c:157:9:157:9 | r |
+| test.c:155:22:155:27 | call to rand | test.c:157:9:157:9 | r |
 | test.cpp:6:5:6:12 | VariableAddress indirection | test.cpp:25:7:25:7 | r |
 | test.cpp:8:9:8:12 | call to rand | test.cpp:6:5:6:12 | VariableAddress indirection |
 | test.cpp:11:21:11:24 | Load indirection | test.cpp:30:13:30:14 | get_rand2 output argument |
@@ -29,7 +29,7 @@ edges
 | test.cpp:98:10:98:13 | call to rand | test.cpp:102:10:102:10 | x |
 | test.cpp:137:10:137:13 | call to rand | test.cpp:146:9:146:9 | y |
 | test.cpp:151:10:151:13 | call to rand | test.cpp:154:10:154:10 | b |
-| test.cpp:169:11:169:14 | call to rand | test.cpp:171:11:171:16 | (int)... |
+| test.cpp:169:11:169:14 | call to rand | test.cpp:171:11:171:16 | y |
 | test.cpp:169:11:169:14 | call to rand | test.cpp:171:16:171:16 | y |
 | test.cpp:189:10:189:13 | call to rand | test.cpp:196:7:196:7 | x |
 | test.cpp:189:10:189:13 | call to rand | test.cpp:198:7:198:7 | x |
@@ -58,7 +58,7 @@ nodes
 | test.c:137:13:137:16 | call to rand | semmle.label | call to rand |
 | test.c:139:10:139:10 | r | semmle.label | r |
 | test.c:155:22:155:25 | call to rand | semmle.label | call to rand |
-| test.c:155:22:155:27 | (unsigned int)... | semmle.label | (unsigned int)... |
+| test.c:155:22:155:27 | call to rand | semmle.label | call to rand |
 | test.c:157:9:157:9 | r | semmle.label | r |
 | test.cpp:6:5:6:12 | VariableAddress indirection | semmle.label | VariableAddress indirection |
 | test.cpp:8:9:8:12 | call to rand | semmle.label | call to rand |
@@ -86,7 +86,7 @@ nodes
 | test.cpp:151:10:151:13 | call to rand | semmle.label | call to rand |
 | test.cpp:154:10:154:10 | b | semmle.label | b |
 | test.cpp:169:11:169:14 | call to rand | semmle.label | call to rand |
-| test.cpp:171:11:171:16 | (int)... | semmle.label | (int)... |
+| test.cpp:171:11:171:16 | y | semmle.label | y |
 | test.cpp:171:16:171:16 | y | semmle.label | y |
 | test.cpp:189:10:189:13 | call to rand | semmle.label | call to rand |
 | test.cpp:190:10:190:13 | call to rand | semmle.label | call to rand |
@@ -111,7 +111,7 @@ subpaths
 | test.c:133:5:133:5 | r | test.c:131:13:131:16 | call to rand | test.c:133:5:133:5 | r | This arithmetic expression depends on an $@, potentially causing an overflow. | test.c:131:13:131:16 | call to rand | uncontrolled value |
 | test.c:139:10:139:10 | r | test.c:137:13:137:16 | call to rand | test.c:139:10:139:10 | r | This arithmetic expression depends on an $@, potentially causing an overflow. | test.c:137:13:137:16 | call to rand | uncontrolled value |
 | test.c:157:9:157:9 | r | test.c:155:22:155:25 | call to rand | test.c:157:9:157:9 | r | This arithmetic expression depends on an $@, potentially causing an underflow. | test.c:155:22:155:25 | call to rand | uncontrolled value |
-| test.c:157:9:157:9 | r | test.c:155:22:155:27 | (unsigned int)... | test.c:157:9:157:9 | r | This arithmetic expression depends on an $@, potentially causing an underflow. | test.c:155:22:155:25 | call to rand | uncontrolled value |
+| test.c:157:9:157:9 | r | test.c:155:22:155:27 | call to rand | test.c:157:9:157:9 | r | This arithmetic expression depends on an $@, potentially causing an underflow. | test.c:155:22:155:25 | call to rand | uncontrolled value |
 | test.cpp:25:7:25:7 | r | test.cpp:8:9:8:12 | call to rand | test.cpp:25:7:25:7 | r | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:8:9:8:12 | call to rand | uncontrolled value |
 | test.cpp:31:7:31:7 | r | test.cpp:13:10:13:13 | call to rand | test.cpp:31:7:31:7 | r | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:13:10:13:13 | call to rand | uncontrolled value |
 | test.cpp:37:7:37:7 | r | test.cpp:18:9:18:12 | call to rand | test.cpp:37:7:37:7 | r | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:18:9:18:12 | call to rand | uncontrolled value |
@@ -120,7 +120,7 @@ subpaths
 | test.cpp:102:10:102:10 | x | test.cpp:98:10:98:13 | call to rand | test.cpp:102:10:102:10 | x | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:98:10:98:13 | call to rand | uncontrolled value |
 | test.cpp:146:9:146:9 | y | test.cpp:137:10:137:13 | call to rand | test.cpp:146:9:146:9 | y | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:137:10:137:13 | call to rand | uncontrolled value |
 | test.cpp:154:10:154:10 | b | test.cpp:151:10:151:13 | call to rand | test.cpp:154:10:154:10 | b | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:151:10:151:13 | call to rand | uncontrolled value |
-| test.cpp:171:11:171:16 | (int)... | test.cpp:169:11:169:14 | call to rand | test.cpp:171:11:171:16 | (int)... | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:169:11:169:14 | call to rand | uncontrolled value |
+| test.cpp:171:11:171:16 | y | test.cpp:169:11:169:14 | call to rand | test.cpp:171:11:171:16 | y | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:169:11:169:14 | call to rand | uncontrolled value |
 | test.cpp:171:16:171:16 | y | test.cpp:169:11:169:14 | call to rand | test.cpp:171:16:171:16 | y | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:169:11:169:14 | call to rand | uncontrolled value |
 | test.cpp:196:7:196:7 | x | test.cpp:189:10:189:13 | call to rand | test.cpp:196:7:196:7 | x | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:189:10:189:13 | call to rand | uncontrolled value |
 | test.cpp:198:7:198:7 | x | test.cpp:189:10:189:13 | call to rand | test.cpp:198:7:198:7 | x | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:189:10:189:13 | call to rand | uncontrolled value |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/TaintedAllocationSize.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/TaintedAllocationSize.expected
@@ -55,7 +55,7 @@ edges
 | test.cpp:289:17:289:20 | get_size output argument | test.cpp:291:11:291:28 | ... * ... |
 | test.cpp:305:18:305:21 | get_size output argument | test.cpp:308:10:308:27 | ... * ... |
 | test.cpp:331:15:331:20 | Call | test.cpp:334:9:334:14 | offset |
-| test.cpp:331:15:331:20 | Call indirection | test.cpp:334:9:334:14 | offset |
+| test.cpp:331:15:331:20 | call to getenv indirection | test.cpp:334:9:334:14 | offset |
 nodes
 | test.cpp:40:21:40:24 | argv | semmle.label | argv |
 | test.cpp:43:38:43:44 | tainted | semmle.label | tainted |
@@ -119,7 +119,7 @@ nodes
 | test.cpp:305:18:305:21 | get_size output argument | semmle.label | get_size output argument |
 | test.cpp:308:10:308:27 | ... * ... | semmle.label | ... * ... |
 | test.cpp:331:15:331:20 | Call | semmle.label | Call |
-| test.cpp:331:15:331:20 | Call indirection | semmle.label | Call indirection |
+| test.cpp:331:15:331:20 | call to getenv indirection | semmle.label | call to getenv indirection |
 | test.cpp:334:9:334:14 | offset | semmle.label | offset |
 subpaths
 #select
@@ -159,4 +159,4 @@ subpaths
 | test.cpp:308:3:308:8 | call to malloc | test.cpp:251:18:251:23 | call to getenv | test.cpp:308:10:308:27 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:251:18:251:23 | call to getenv | user input (an environment variable) |
 | test.cpp:308:3:308:8 | call to malloc | test.cpp:251:18:251:31 | call to getenv indirection | test.cpp:308:10:308:27 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:251:18:251:31 | call to getenv indirection | user input (an environment variable) |
 | test.cpp:334:2:334:7 | call to malloc | test.cpp:331:15:331:20 | Call | test.cpp:334:9:334:14 | offset | This allocation size is derived from $@ and might overflow. | test.cpp:331:15:331:20 | Call | user input (an environment variable) |
-| test.cpp:334:2:334:7 | call to malloc | test.cpp:331:15:331:20 | Call indirection | test.cpp:334:9:334:14 | offset | This allocation size is derived from $@ and might overflow. | test.cpp:331:15:331:20 | Call indirection | user input (an environment variable) |
+| test.cpp:334:2:334:7 | call to malloc | test.cpp:331:15:331:20 | call to getenv indirection | test.cpp:334:9:334:14 | offset | This allocation size is derived from $@ and might overflow. | test.cpp:331:15:331:20 | call to getenv indirection | user input (an environment variable) |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-290/semmle/AuthenticationBypass/AuthenticationBypass.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-290/semmle/AuthenticationBypass/AuthenticationBypass.expected
@@ -1,30 +1,30 @@
 edges
 | test.cpp:16:25:16:30 | call to getenv | test.cpp:20:14:20:20 | address |
 | test.cpp:16:25:16:30 | call to getenv | test.cpp:20:14:20:20 | address |
-| test.cpp:16:25:16:42 | (const char *)... | test.cpp:20:14:20:20 | address |
-| test.cpp:16:25:16:42 | (const char *)... | test.cpp:20:14:20:20 | address |
+| test.cpp:16:25:16:42 | call to getenv | test.cpp:20:14:20:20 | address |
+| test.cpp:16:25:16:42 | call to getenv | test.cpp:20:14:20:20 | address |
 | test.cpp:27:25:27:30 | call to getenv | test.cpp:31:14:31:20 | address |
 | test.cpp:27:25:27:30 | call to getenv | test.cpp:31:14:31:20 | address |
-| test.cpp:27:25:27:42 | (const char *)... | test.cpp:31:14:31:20 | address |
-| test.cpp:27:25:27:42 | (const char *)... | test.cpp:31:14:31:20 | address |
+| test.cpp:27:25:27:42 | call to getenv | test.cpp:31:14:31:20 | address |
+| test.cpp:27:25:27:42 | call to getenv | test.cpp:31:14:31:20 | address |
 | test.cpp:38:25:38:30 | call to getenv | test.cpp:42:14:42:20 | address |
 | test.cpp:38:25:38:30 | call to getenv | test.cpp:42:14:42:20 | address |
-| test.cpp:38:25:38:42 | (const char *)... | test.cpp:42:14:42:20 | address |
-| test.cpp:38:25:38:42 | (const char *)... | test.cpp:42:14:42:20 | address |
+| test.cpp:38:25:38:42 | call to getenv | test.cpp:42:14:42:20 | address |
+| test.cpp:38:25:38:42 | call to getenv | test.cpp:42:14:42:20 | address |
 subpaths
 nodes
 | test.cpp:16:25:16:30 | call to getenv | semmle.label | call to getenv |
-| test.cpp:16:25:16:42 | (const char *)... | semmle.label | (const char *)... |
+| test.cpp:16:25:16:42 | call to getenv | semmle.label | call to getenv |
 | test.cpp:20:14:20:20 | address | semmle.label | address |
 | test.cpp:20:14:20:20 | address | semmle.label | address |
 | test.cpp:20:14:20:20 | address | semmle.label | address |
 | test.cpp:27:25:27:30 | call to getenv | semmle.label | call to getenv |
-| test.cpp:27:25:27:42 | (const char *)... | semmle.label | (const char *)... |
+| test.cpp:27:25:27:42 | call to getenv | semmle.label | call to getenv |
 | test.cpp:31:14:31:20 | address | semmle.label | address |
 | test.cpp:31:14:31:20 | address | semmle.label | address |
 | test.cpp:31:14:31:20 | address | semmle.label | address |
 | test.cpp:38:25:38:30 | call to getenv | semmle.label | call to getenv |
-| test.cpp:38:25:38:42 | (const char *)... | semmle.label | (const char *)... |
+| test.cpp:38:25:38:42 | call to getenv | semmle.label | call to getenv |
 | test.cpp:42:14:42:20 | address | semmle.label | address |
 | test.cpp:42:14:42:20 | address | semmle.label | address |
 | test.cpp:42:14:42:20 | address | semmle.label | address |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.expected
@@ -1,48 +1,83 @@
 edges
 | test3.cpp:20:28:20:36 | password1 indirection | test3.cpp:22:15:22:23 | password1 |
+| test3.cpp:20:28:20:36 | password1 indirection | test3.cpp:22:15:22:23 | password1 |
+| test3.cpp:20:28:20:36 | password1 indirection | test3.cpp:22:15:22:23 | password1 |
+| test3.cpp:22:15:22:23 | password1 indirection | test3.cpp:22:15:22:23 | password1 |
 | test3.cpp:22:15:22:23 | password1 indirection | test3.cpp:22:15:22:23 | password1 |
 | test3.cpp:22:33:22:41 | password1 indirection | test3.cpp:22:15:22:23 | password1 |
+| test3.cpp:22:33:22:41 | password1 indirection | test3.cpp:22:15:22:23 | password1 |
+| test3.cpp:22:33:22:41 | password1 indirection | test3.cpp:22:15:22:23 | password1 |
+| test3.cpp:26:15:26:23 | password2 indirection | test3.cpp:26:15:26:23 | password2 |
 | test3.cpp:26:15:26:23 | password2 indirection | test3.cpp:26:15:26:23 | password2 |
 | test3.cpp:26:33:26:41 | password2 indirection | test3.cpp:26:15:26:23 | password2 |
+| test3.cpp:26:33:26:41 | password2 indirection | test3.cpp:26:15:26:23 | password2 |
+| test3.cpp:26:33:26:41 | password2 indirection | test3.cpp:26:15:26:23 | password2 |
+| test3.cpp:47:15:47:22 | password indirection | test3.cpp:47:15:47:22 | password |
 | test3.cpp:47:15:47:22 | password indirection | test3.cpp:47:15:47:22 | password |
 | test3.cpp:55:15:55:22 | password indirection | test3.cpp:55:15:55:22 | password |
-| test3.cpp:74:21:74:29 | Load indirection | test3.cpp:76:15:76:17 | ptr |
-| test3.cpp:81:15:81:22 | array to pointer conversion indirection | test3.cpp:83:15:83:17 | ptr |
+| test3.cpp:55:15:55:22 | password indirection | test3.cpp:55:15:55:22 | password |
+| test3.cpp:74:21:74:29 | password1 indirection | test3.cpp:76:15:76:17 | ptr |
+| test3.cpp:74:21:74:29 | password1 indirection | test3.cpp:76:15:76:17 | ptr |
+| test3.cpp:81:15:81:22 | password indirection | test3.cpp:83:15:83:17 | ptr |
+| test3.cpp:81:15:81:22 | password indirection | test3.cpp:83:15:83:17 | ptr |
+| test3.cpp:101:12:101:19 | password indirection | test3.cpp:101:12:101:19 | password |
 | test3.cpp:101:12:101:19 | password indirection | test3.cpp:101:12:101:19 | password |
 | test3.cpp:112:20:112:25 | buffer | test3.cpp:114:14:114:19 | buffer |
 | test3.cpp:112:20:112:25 | buffer indirection | test3.cpp:114:14:114:19 | buffer |
 | test3.cpp:117:28:117:33 | buffer indirection | test3.cpp:117:13:117:14 | VariableAddress indirection |
-| test3.cpp:124:7:124:20 | VariableAddress indirection | test3.cpp:144:16:144:29 | Call indirection |
+| test3.cpp:124:7:124:20 | VariableAddress indirection | test3.cpp:144:16:144:29 | call to get_global_str indirection |
 | test3.cpp:124:7:124:20 | VariableAddress indirection | test3.cpp:146:15:146:18 | data |
-| test3.cpp:126:9:126:23 | Load indirection | test3.cpp:124:7:124:20 | VariableAddress indirection |
-| test3.cpp:126:9:126:23 | Load indirection | test3.cpp:124:7:124:20 | VariableAddress indirection |
+| test3.cpp:126:9:126:23 | global_password indirection | test3.cpp:124:7:124:20 | VariableAddress indirection |
+| test3.cpp:126:9:126:23 | global_password indirection | test3.cpp:124:7:124:20 | VariableAddress indirection |
+| test3.cpp:126:9:126:23 | global_password indirection | test3.cpp:124:7:124:20 | VariableAddress indirection |
 | test3.cpp:134:11:134:18 | password | test3.cpp:112:20:112:25 | buffer |
 | test3.cpp:134:11:134:18 | password indirection | test3.cpp:112:20:112:25 | buffer indirection |
 | test3.cpp:134:11:134:18 | password indirection | test3.cpp:134:11:134:18 | password |
-| test3.cpp:138:21:138:22 | Call indirection | test3.cpp:140:15:140:17 | ptr |
+| test3.cpp:134:11:134:18 | password indirection | test3.cpp:134:11:134:18 | password |
+| test3.cpp:138:21:138:22 | call to id indirection | test3.cpp:140:15:140:17 | ptr |
 | test3.cpp:138:24:138:32 | password1 | test3.cpp:140:15:140:17 | ptr |
 | test3.cpp:138:24:138:32 | password1 indirection | test3.cpp:117:28:117:33 | buffer indirection |
-| test3.cpp:138:24:138:32 | password1 indirection | test3.cpp:138:21:138:22 | Call indirection |
+| test3.cpp:138:24:138:32 | password1 indirection | test3.cpp:138:21:138:22 | call to id indirection |
+| test3.cpp:138:24:138:32 | password1 indirection | test3.cpp:138:24:138:32 | password1 |
+| test3.cpp:138:24:138:32 | password1 indirection | test3.cpp:138:24:138:32 | password1 |
 | test3.cpp:138:24:138:32 | password1 indirection | test3.cpp:138:24:138:32 | password1 |
 | test3.cpp:138:24:138:32 | password1 indirection | test3.cpp:140:15:140:17 | ptr |
-| test3.cpp:144:16:144:29 | Call indirection | test3.cpp:146:15:146:18 | data |
+| test3.cpp:144:16:144:29 | call to get_global_str indirection | test3.cpp:146:15:146:18 | data |
+| test3.cpp:173:15:173:22 | password indirection | test3.cpp:173:15:173:22 | password |
 | test3.cpp:173:15:173:22 | password indirection | test3.cpp:173:15:173:22 | password |
 | test3.cpp:181:15:181:22 | password indirection | test3.cpp:181:15:181:22 | password |
+| test3.cpp:181:15:181:22 | password indirection | test3.cpp:181:15:181:22 | password |
+| test3.cpp:191:15:191:22 | password indirection | test3.cpp:191:15:191:22 | password |
 | test3.cpp:191:15:191:22 | password indirection | test3.cpp:191:15:191:22 | password |
 | test3.cpp:199:19:199:26 | password indirection | test3.cpp:201:15:201:22 | password |
+| test3.cpp:199:19:199:26 | password indirection | test3.cpp:201:15:201:22 | password |
+| test3.cpp:201:15:201:22 | password indirection | test3.cpp:201:15:201:22 | password |
 | test3.cpp:201:15:201:22 | password indirection | test3.cpp:201:15:201:22 | password |
 | test3.cpp:201:32:201:39 | password indirection | test3.cpp:201:15:201:22 | password |
+| test3.cpp:201:32:201:39 | password indirection | test3.cpp:201:15:201:22 | password |
+| test3.cpp:210:15:210:22 | password indirection | test3.cpp:210:15:210:22 | password |
 | test3.cpp:210:15:210:22 | password indirection | test3.cpp:210:15:210:22 | password |
 | test3.cpp:210:32:210:39 | password indirection | test3.cpp:210:15:210:22 | password |
+| test3.cpp:210:32:210:39 | password indirection | test3.cpp:210:15:210:22 | password |
+| test3.cpp:219:15:219:26 | password_ptr indirection | test3.cpp:219:15:219:26 | password_ptr |
 | test3.cpp:219:15:219:26 | password_ptr indirection | test3.cpp:219:15:219:26 | password_ptr |
 | test3.cpp:219:36:219:47 | password_ptr indirection | test3.cpp:219:15:219:26 | password_ptr |
+| test3.cpp:219:36:219:47 | password_ptr indirection | test3.cpp:219:15:219:26 | password_ptr |
+| test3.cpp:227:22:227:29 | password indirection | test3.cpp:228:26:228:33 | password |
 | test3.cpp:227:22:227:29 | password indirection | test3.cpp:228:26:228:33 | password |
 | test3.cpp:228:26:228:33 | password indirection | test3.cpp:228:26:228:33 | password |
+| test3.cpp:228:26:228:33 | password indirection | test3.cpp:228:26:228:33 | password |
+| test3.cpp:241:8:241:15 | password indirection | test3.cpp:241:8:241:15 | password |
 | test3.cpp:241:8:241:15 | password indirection | test3.cpp:241:8:241:15 | password |
 | test3.cpp:254:15:254:23 | password1 indirection | test3.cpp:254:15:254:23 | password1 |
+| test3.cpp:254:15:254:23 | password1 indirection | test3.cpp:254:15:254:23 | password1 |
+| test3.cpp:262:32:262:40 | password2 indirection | test3.cpp:264:15:264:23 | password2 |
 | test3.cpp:262:32:262:40 | password2 indirection | test3.cpp:264:15:264:23 | password2 |
 | test3.cpp:264:15:264:23 | password2 indirection | test3.cpp:264:15:264:23 | password2 |
+| test3.cpp:264:15:264:23 | password2 indirection | test3.cpp:264:15:264:23 | password2 |
 | test3.cpp:264:33:264:41 | password2 indirection | test3.cpp:264:15:264:23 | password2 |
+| test3.cpp:264:33:264:41 | password2 indirection | test3.cpp:264:15:264:23 | password2 |
+| test3.cpp:270:16:270:23 | password indirection | test3.cpp:272:15:272:18 | data |
 | test3.cpp:270:16:270:23 | password indirection | test3.cpp:272:15:272:18 | data |
 | test3.cpp:278:20:278:23 | data | test3.cpp:280:14:280:17 | data |
 | test3.cpp:278:20:278:23 | data indirection | test3.cpp:280:14:280:17 | data |
@@ -54,38 +89,49 @@ edges
 | test3.cpp:293:20:293:23 | data indirection | test3.cpp:295:14:295:17 | data |
 | test3.cpp:298:20:298:23 | data | test3.cpp:300:14:300:17 | data |
 | test3.cpp:298:20:298:23 | data indirection | test3.cpp:300:14:300:17 | data |
-| test3.cpp:312:19:312:27 | password1 indirection | test3.cpp:313:11:313:19 | password1 |
-| test3.cpp:312:19:312:27 | password1 indirection | test3.cpp:314:11:314:19 | password1 |
 | test3.cpp:313:11:313:19 | password1 | test3.cpp:278:20:278:23 | data |
 | test3.cpp:313:11:313:19 | password1 indirection | test3.cpp:278:20:278:23 | data indirection |
 | test3.cpp:313:11:313:19 | password1 indirection | test3.cpp:313:11:313:19 | password1 |
-| test3.cpp:313:11:313:19 | password1 indirection | test3.cpp:314:11:314:19 | password1 |
+| test3.cpp:313:11:313:19 | password1 indirection | test3.cpp:313:11:313:19 | password1 |
+| test3.cpp:313:11:313:19 | password1 indirection | test3.cpp:313:11:313:19 | password1 |
 | test3.cpp:314:11:314:19 | password1 | test3.cpp:283:20:283:23 | data |
 | test3.cpp:314:11:314:19 | password1 indirection | test3.cpp:283:20:283:23 | data indirection |
 | test3.cpp:314:11:314:19 | password1 indirection | test3.cpp:314:11:314:19 | password1 |
+| test3.cpp:314:11:314:19 | password1 indirection | test3.cpp:314:11:314:19 | password1 |
+| test3.cpp:314:11:314:19 | password1 indirection | test3.cpp:314:11:314:19 | password1 |
 | test3.cpp:316:11:316:19 | password1 | test3.cpp:283:20:283:23 | data |
 | test3.cpp:316:11:316:19 | password1 indirection | test3.cpp:283:20:283:23 | data indirection |
 | test3.cpp:316:11:316:19 | password1 indirection | test3.cpp:316:11:316:19 | password1 |
-| test3.cpp:316:11:316:19 | password1 indirection | test3.cpp:317:11:317:19 | password1 |
+| test3.cpp:316:11:316:19 | password1 indirection | test3.cpp:316:11:316:19 | password1 |
+| test3.cpp:316:11:316:19 | password1 indirection | test3.cpp:316:11:316:19 | password1 |
 | test3.cpp:317:11:317:19 | password1 | test3.cpp:288:20:288:23 | data |
 | test3.cpp:317:11:317:19 | password1 indirection | test3.cpp:288:20:288:23 | data indirection |
 | test3.cpp:317:11:317:19 | password1 indirection | test3.cpp:317:11:317:19 | password1 |
-| test3.cpp:322:16:322:24 | Load indirection | test3.cpp:324:11:324:14 | data |
-| test3.cpp:322:16:322:24 | Load indirection | test3.cpp:324:11:324:14 | data indirection |
-| test3.cpp:322:16:322:24 | Load indirection | test3.cpp:325:11:325:14 | data |
-| test3.cpp:322:16:322:24 | Load indirection | test3.cpp:325:11:325:14 | data indirection |
+| test3.cpp:317:11:317:19 | password1 indirection | test3.cpp:317:11:317:19 | password1 |
+| test3.cpp:317:11:317:19 | password1 indirection | test3.cpp:317:11:317:19 | password1 |
+| test3.cpp:322:16:322:24 | password2 indirection | test3.cpp:324:11:324:14 | data |
+| test3.cpp:322:16:322:24 | password2 indirection | test3.cpp:324:11:324:14 | data |
+| test3.cpp:322:16:322:24 | password2 indirection | test3.cpp:324:11:324:14 | data indirection |
+| test3.cpp:322:16:322:24 | password2 indirection | test3.cpp:325:11:325:14 | data |
+| test3.cpp:322:16:322:24 | password2 indirection | test3.cpp:325:11:325:14 | data |
+| test3.cpp:322:16:322:24 | password2 indirection | test3.cpp:325:11:325:14 | data indirection |
 | test3.cpp:324:11:324:14 | data | test3.cpp:293:20:293:23 | data |
 | test3.cpp:324:11:324:14 | data indirection | test3.cpp:293:20:293:23 | data indirection |
 | test3.cpp:325:11:325:14 | data | test3.cpp:298:20:298:23 | data |
 | test3.cpp:325:11:325:14 | data indirection | test3.cpp:298:20:298:23 | data indirection |
 | test3.cpp:341:16:341:23 | password indirection | test3.cpp:341:16:341:23 | password |
+| test3.cpp:341:16:341:23 | password indirection | test3.cpp:341:16:341:23 | password |
+| test3.cpp:352:16:352:23 | password indirection | test3.cpp:352:16:352:23 | password |
 | test3.cpp:352:16:352:23 | password indirection | test3.cpp:352:16:352:23 | password |
 | test3.cpp:368:15:368:22 | password indirection | test3.cpp:368:15:368:22 | password |
+| test3.cpp:368:15:368:22 | password indirection | test3.cpp:368:15:368:22 | password |
+| test3.cpp:388:15:388:22 | password indirection | test3.cpp:388:15:388:22 | password |
 | test3.cpp:388:15:388:22 | password indirection | test3.cpp:388:15:388:22 | password |
 | test3.cpp:400:16:400:23 | password indirection | test3.cpp:400:15:400:23 | & ... |
 | test3.cpp:414:15:414:24 | password indirection | test3.cpp:414:15:414:24 | password |
 | test3.cpp:420:15:420:24 | password indirection | test3.cpp:420:15:420:24 | password |
 | test3.cpp:431:8:431:15 | password indirection | test3.cpp:431:8:431:15 | password |
+| test3.cpp:431:8:431:15 | password indirection | test3.cpp:431:8:431:15 | password |
 | test3.cpp:507:14:507:39 | social_security_number indirection | test3.cpp:507:14:507:39 | social_security_number |
 | test3.cpp:508:14:508:33 | socialSecurityNo indirection | test3.cpp:508:14:508:33 | socialSecurityNo |
 | test3.cpp:509:14:509:29 | homePostCode indirection | test3.cpp:509:14:509:29 | homePostCode |
@@ -99,27 +145,40 @@ edges
 | test3.cpp:517:14:517:29 | medical_info indirection | test3.cpp:517:14:517:29 | medical_info |
 | test3.cpp:518:14:518:28 | license_key indirection | test3.cpp:518:14:518:28 | license_key |
 | test3.cpp:551:47:551:58 | salaryString indirection | test3.cpp:552:15:552:20 | buffer |
-| test3.cpp:556:19:556:30 | Load indirection | test3.cpp:559:15:559:20 | buffer |
+| test3.cpp:556:19:556:30 | salaryString indirection | test3.cpp:559:15:559:20 | buffer |
 | test3.cpp:571:8:571:21 | call to get_home_phone | test3.cpp:572:14:572:16 | str |
 | test3.cpp:577:8:577:23 | call to get_home_address | test3.cpp:578:14:578:16 | str |
 nodes
 | test3.cpp:20:28:20:36 | password1 indirection | semmle.label | password1 indirection |
+| test3.cpp:20:28:20:36 | password1 indirection | semmle.label | password1 indirection |
+| test3.cpp:20:28:20:36 | password1 indirection | semmle.label | password1 indirection |
 | test3.cpp:22:15:22:23 | password1 | semmle.label | password1 |
 | test3.cpp:22:15:22:23 | password1 indirection | semmle.label | password1 indirection |
+| test3.cpp:22:15:22:23 | password1 indirection | semmle.label | password1 indirection |
+| test3.cpp:22:33:22:41 | password1 indirection | semmle.label | password1 indirection |
+| test3.cpp:22:33:22:41 | password1 indirection | semmle.label | password1 indirection |
 | test3.cpp:22:33:22:41 | password1 indirection | semmle.label | password1 indirection |
 | test3.cpp:26:15:26:23 | password2 | semmle.label | password2 |
 | test3.cpp:26:15:26:23 | password2 indirection | semmle.label | password2 indirection |
+| test3.cpp:26:15:26:23 | password2 indirection | semmle.label | password2 indirection |
+| test3.cpp:26:33:26:41 | password2 indirection | semmle.label | password2 indirection |
+| test3.cpp:26:33:26:41 | password2 indirection | semmle.label | password2 indirection |
 | test3.cpp:26:33:26:41 | password2 indirection | semmle.label | password2 indirection |
 | test3.cpp:47:15:47:22 | password | semmle.label | password |
 | test3.cpp:47:15:47:22 | password indirection | semmle.label | password indirection |
+| test3.cpp:47:15:47:22 | password indirection | semmle.label | password indirection |
 | test3.cpp:55:15:55:22 | password | semmle.label | password |
 | test3.cpp:55:15:55:22 | password indirection | semmle.label | password indirection |
-| test3.cpp:74:21:74:29 | Load indirection | semmle.label | Load indirection |
+| test3.cpp:55:15:55:22 | password indirection | semmle.label | password indirection |
+| test3.cpp:74:21:74:29 | password1 indirection | semmle.label | password1 indirection |
+| test3.cpp:74:21:74:29 | password1 indirection | semmle.label | password1 indirection |
 | test3.cpp:76:15:76:17 | ptr | semmle.label | ptr |
-| test3.cpp:81:15:81:22 | array to pointer conversion indirection | semmle.label | array to pointer conversion indirection |
+| test3.cpp:81:15:81:22 | password indirection | semmle.label | password indirection |
+| test3.cpp:81:15:81:22 | password indirection | semmle.label | password indirection |
 | test3.cpp:83:15:83:17 | ptr | semmle.label | ptr |
 | test3.cpp:101:12:101:19 | password | semmle.label | password |
 | test3.cpp:101:12:101:19 | password indirection | semmle.label | password indirection |
+| test3.cpp:101:12:101:19 | password indirection | semmle.label | password indirection |
 | test3.cpp:112:20:112:25 | buffer | semmle.label | buffer |
 | test3.cpp:112:20:112:25 | buffer indirection | semmle.label | buffer indirection |
 | test3.cpp:114:14:114:19 | buffer | semmle.label | buffer |
@@ -127,42 +186,64 @@ nodes
 | test3.cpp:117:28:117:33 | buffer indirection | semmle.label | buffer indirection |
 | test3.cpp:124:7:124:20 | VariableAddress indirection | semmle.label | VariableAddress indirection |
 | test3.cpp:124:7:124:20 | VariableAddress indirection | semmle.label | VariableAddress indirection |
-| test3.cpp:126:9:126:23 | Load indirection | semmle.label | Load indirection |
+| test3.cpp:126:9:126:23 | global_password indirection | semmle.label | global_password indirection |
+| test3.cpp:126:9:126:23 | global_password indirection | semmle.label | global_password indirection |
 | test3.cpp:134:11:134:18 | password | semmle.label | password |
 | test3.cpp:134:11:134:18 | password indirection | semmle.label | password indirection |
-| test3.cpp:138:21:138:22 | Call indirection | semmle.label | Call indirection |
+| test3.cpp:134:11:134:18 | password indirection | semmle.label | password indirection |
+| test3.cpp:138:21:138:22 | call to id indirection | semmle.label | call to id indirection |
 | test3.cpp:138:24:138:32 | password1 | semmle.label | password1 |
 | test3.cpp:138:24:138:32 | password1 indirection | semmle.label | password1 indirection |
+| test3.cpp:138:24:138:32 | password1 indirection | semmle.label | password1 indirection |
+| test3.cpp:138:24:138:32 | password1 indirection | semmle.label | password1 indirection |
 | test3.cpp:140:15:140:17 | ptr | semmle.label | ptr |
-| test3.cpp:144:16:144:29 | Call indirection | semmle.label | Call indirection |
+| test3.cpp:144:16:144:29 | call to get_global_str indirection | semmle.label | call to get_global_str indirection |
 | test3.cpp:146:15:146:18 | data | semmle.label | data |
 | test3.cpp:173:15:173:22 | password | semmle.label | password |
 | test3.cpp:173:15:173:22 | password indirection | semmle.label | password indirection |
+| test3.cpp:173:15:173:22 | password indirection | semmle.label | password indirection |
 | test3.cpp:181:15:181:22 | password | semmle.label | password |
 | test3.cpp:181:15:181:22 | password indirection | semmle.label | password indirection |
+| test3.cpp:181:15:181:22 | password indirection | semmle.label | password indirection |
 | test3.cpp:191:15:191:22 | password | semmle.label | password |
 | test3.cpp:191:15:191:22 | password indirection | semmle.label | password indirection |
+| test3.cpp:191:15:191:22 | password indirection | semmle.label | password indirection |
+| test3.cpp:199:19:199:26 | password indirection | semmle.label | password indirection |
 | test3.cpp:199:19:199:26 | password indirection | semmle.label | password indirection |
 | test3.cpp:201:15:201:22 | password | semmle.label | password |
 | test3.cpp:201:15:201:22 | password indirection | semmle.label | password indirection |
+| test3.cpp:201:15:201:22 | password indirection | semmle.label | password indirection |
+| test3.cpp:201:32:201:39 | password indirection | semmle.label | password indirection |
 | test3.cpp:201:32:201:39 | password indirection | semmle.label | password indirection |
 | test3.cpp:210:15:210:22 | password | semmle.label | password |
 | test3.cpp:210:15:210:22 | password indirection | semmle.label | password indirection |
+| test3.cpp:210:15:210:22 | password indirection | semmle.label | password indirection |
+| test3.cpp:210:32:210:39 | password indirection | semmle.label | password indirection |
 | test3.cpp:210:32:210:39 | password indirection | semmle.label | password indirection |
 | test3.cpp:219:15:219:26 | password_ptr | semmle.label | password_ptr |
 | test3.cpp:219:15:219:26 | password_ptr indirection | semmle.label | password_ptr indirection |
+| test3.cpp:219:15:219:26 | password_ptr indirection | semmle.label | password_ptr indirection |
 | test3.cpp:219:36:219:47 | password_ptr indirection | semmle.label | password_ptr indirection |
+| test3.cpp:219:36:219:47 | password_ptr indirection | semmle.label | password_ptr indirection |
+| test3.cpp:227:22:227:29 | password indirection | semmle.label | password indirection |
 | test3.cpp:227:22:227:29 | password indirection | semmle.label | password indirection |
 | test3.cpp:228:26:228:33 | password | semmle.label | password |
 | test3.cpp:228:26:228:33 | password indirection | semmle.label | password indirection |
+| test3.cpp:228:26:228:33 | password indirection | semmle.label | password indirection |
 | test3.cpp:241:8:241:15 | password | semmle.label | password |
 | test3.cpp:241:8:241:15 | password indirection | semmle.label | password indirection |
+| test3.cpp:241:8:241:15 | password indirection | semmle.label | password indirection |
 | test3.cpp:254:15:254:23 | password1 | semmle.label | password1 |
 | test3.cpp:254:15:254:23 | password1 indirection | semmle.label | password1 indirection |
+| test3.cpp:254:15:254:23 | password1 indirection | semmle.label | password1 indirection |
+| test3.cpp:262:32:262:40 | password2 indirection | semmle.label | password2 indirection |
 | test3.cpp:262:32:262:40 | password2 indirection | semmle.label | password2 indirection |
 | test3.cpp:264:15:264:23 | password2 | semmle.label | password2 |
 | test3.cpp:264:15:264:23 | password2 indirection | semmle.label | password2 indirection |
+| test3.cpp:264:15:264:23 | password2 indirection | semmle.label | password2 indirection |
 | test3.cpp:264:33:264:41 | password2 indirection | semmle.label | password2 indirection |
+| test3.cpp:264:33:264:41 | password2 indirection | semmle.label | password2 indirection |
+| test3.cpp:270:16:270:23 | password indirection | semmle.label | password indirection |
 | test3.cpp:270:16:270:23 | password indirection | semmle.label | password indirection |
 | test3.cpp:272:15:272:18 | data | semmle.label | data |
 | test3.cpp:278:20:278:23 | data | semmle.label | data |
@@ -180,28 +261,40 @@ nodes
 | test3.cpp:298:20:298:23 | data | semmle.label | data |
 | test3.cpp:298:20:298:23 | data indirection | semmle.label | data indirection |
 | test3.cpp:300:14:300:17 | data | semmle.label | data |
-| test3.cpp:312:19:312:27 | password1 indirection | semmle.label | password1 indirection |
 | test3.cpp:313:11:313:19 | password1 | semmle.label | password1 |
 | test3.cpp:313:11:313:19 | password1 indirection | semmle.label | password1 indirection |
+| test3.cpp:313:11:313:19 | password1 indirection | semmle.label | password1 indirection |
+| test3.cpp:313:11:313:19 | password1 indirection | semmle.label | password1 indirection |
 | test3.cpp:314:11:314:19 | password1 | semmle.label | password1 |
 | test3.cpp:314:11:314:19 | password1 indirection | semmle.label | password1 indirection |
+| test3.cpp:314:11:314:19 | password1 indirection | semmle.label | password1 indirection |
+| test3.cpp:314:11:314:19 | password1 indirection | semmle.label | password1 indirection |
 | test3.cpp:316:11:316:19 | password1 | semmle.label | password1 |
 | test3.cpp:316:11:316:19 | password1 indirection | semmle.label | password1 indirection |
+| test3.cpp:316:11:316:19 | password1 indirection | semmle.label | password1 indirection |
+| test3.cpp:316:11:316:19 | password1 indirection | semmle.label | password1 indirection |
 | test3.cpp:317:11:317:19 | password1 | semmle.label | password1 |
 | test3.cpp:317:11:317:19 | password1 indirection | semmle.label | password1 indirection |
-| test3.cpp:322:16:322:24 | Load indirection | semmle.label | Load indirection |
+| test3.cpp:317:11:317:19 | password1 indirection | semmle.label | password1 indirection |
+| test3.cpp:317:11:317:19 | password1 indirection | semmle.label | password1 indirection |
+| test3.cpp:322:16:322:24 | password2 indirection | semmle.label | password2 indirection |
+| test3.cpp:322:16:322:24 | password2 indirection | semmle.label | password2 indirection |
 | test3.cpp:324:11:324:14 | data | semmle.label | data |
 | test3.cpp:324:11:324:14 | data indirection | semmle.label | data indirection |
 | test3.cpp:325:11:325:14 | data | semmle.label | data |
 | test3.cpp:325:11:325:14 | data indirection | semmle.label | data indirection |
 | test3.cpp:341:16:341:23 | password | semmle.label | password |
 | test3.cpp:341:16:341:23 | password indirection | semmle.label | password indirection |
+| test3.cpp:341:16:341:23 | password indirection | semmle.label | password indirection |
 | test3.cpp:352:16:352:23 | password | semmle.label | password |
 | test3.cpp:352:16:352:23 | password indirection | semmle.label | password indirection |
+| test3.cpp:352:16:352:23 | password indirection | semmle.label | password indirection |
 | test3.cpp:368:15:368:22 | password | semmle.label | password |
 | test3.cpp:368:15:368:22 | password indirection | semmle.label | password indirection |
+| test3.cpp:368:15:368:22 | password indirection | semmle.label | password indirection |
 | test3.cpp:388:15:388:22 | password | semmle.label | password |
 | test3.cpp:388:15:388:22 | password indirection | semmle.label | password indirection |
+| test3.cpp:388:15:388:22 | password indirection | semmle.label | password indirection |
 | test3.cpp:400:15:400:23 | & ... | semmle.label | & ... |
 | test3.cpp:400:16:400:23 | password indirection | semmle.label | password indirection |
 | test3.cpp:414:15:414:24 | password | semmle.label | password |
@@ -210,6 +303,7 @@ nodes
 | test3.cpp:420:15:420:24 | password indirection | semmle.label | password indirection |
 | test3.cpp:431:8:431:15 | password | semmle.label | password |
 | test3.cpp:431:8:431:15 | password indirection | semmle.label | password indirection |
+| test3.cpp:431:8:431:15 | password indirection | semmle.label | password indirection |
 | test3.cpp:507:14:507:39 | social_security_number | semmle.label | social_security_number |
 | test3.cpp:507:14:507:39 | social_security_number indirection | semmle.label | social_security_number indirection |
 | test3.cpp:508:14:508:33 | socialSecurityNo | semmle.label | socialSecurityNo |
@@ -236,44 +330,74 @@ nodes
 | test3.cpp:518:14:518:28 | license_key indirection | semmle.label | license_key indirection |
 | test3.cpp:551:47:551:58 | salaryString indirection | semmle.label | salaryString indirection |
 | test3.cpp:552:15:552:20 | buffer | semmle.label | buffer |
-| test3.cpp:556:19:556:30 | Load indirection | semmle.label | Load indirection |
+| test3.cpp:556:19:556:30 | salaryString indirection | semmle.label | salaryString indirection |
 | test3.cpp:559:15:559:20 | buffer | semmle.label | buffer |
 | test3.cpp:571:8:571:21 | call to get_home_phone | semmle.label | call to get_home_phone |
 | test3.cpp:572:14:572:16 | str | semmle.label | str |
 | test3.cpp:577:8:577:23 | call to get_home_address | semmle.label | call to get_home_address |
 | test3.cpp:578:14:578:16 | str | semmle.label | str |
 subpaths
-| test3.cpp:138:24:138:32 | password1 indirection | test3.cpp:117:28:117:33 | buffer indirection | test3.cpp:117:13:117:14 | VariableAddress indirection | test3.cpp:138:21:138:22 | Call indirection |
+| test3.cpp:138:24:138:32 | password1 indirection | test3.cpp:117:28:117:33 | buffer indirection | test3.cpp:117:13:117:14 | VariableAddress indirection | test3.cpp:138:21:138:22 | call to id indirection |
 #select
 | test3.cpp:22:3:22:6 | call to send | test3.cpp:20:28:20:36 | password1 indirection | test3.cpp:22:15:22:23 | password1 | This operation transmits 'password1', which may contain unencrypted sensitive data from $@. | test3.cpp:20:28:20:36 | password1 indirection | password1 indirection |
+| test3.cpp:22:3:22:6 | call to send | test3.cpp:20:28:20:36 | password1 indirection | test3.cpp:22:15:22:23 | password1 | This operation transmits 'password1', which may contain unencrypted sensitive data from $@. | test3.cpp:20:28:20:36 | password1 indirection | password1 indirection |
+| test3.cpp:22:3:22:6 | call to send | test3.cpp:20:28:20:36 | password1 indirection | test3.cpp:22:15:22:23 | password1 | This operation transmits 'password1', which may contain unencrypted sensitive data from $@. | test3.cpp:20:28:20:36 | password1 indirection | password1 indirection |
+| test3.cpp:22:3:22:6 | call to send | test3.cpp:22:15:22:23 | password1 indirection | test3.cpp:22:15:22:23 | password1 | This operation transmits 'password1', which may contain unencrypted sensitive data from $@. | test3.cpp:22:15:22:23 | password1 indirection | password1 indirection |
 | test3.cpp:22:3:22:6 | call to send | test3.cpp:22:15:22:23 | password1 indirection | test3.cpp:22:15:22:23 | password1 | This operation transmits 'password1', which may contain unencrypted sensitive data from $@. | test3.cpp:22:15:22:23 | password1 indirection | password1 indirection |
 | test3.cpp:22:3:22:6 | call to send | test3.cpp:22:33:22:41 | password1 indirection | test3.cpp:22:15:22:23 | password1 | This operation transmits 'password1', which may contain unencrypted sensitive data from $@. | test3.cpp:22:33:22:41 | password1 indirection | password1 indirection |
+| test3.cpp:22:3:22:6 | call to send | test3.cpp:22:33:22:41 | password1 indirection | test3.cpp:22:15:22:23 | password1 | This operation transmits 'password1', which may contain unencrypted sensitive data from $@. | test3.cpp:22:33:22:41 | password1 indirection | password1 indirection |
+| test3.cpp:22:3:22:6 | call to send | test3.cpp:22:33:22:41 | password1 indirection | test3.cpp:22:15:22:23 | password1 | This operation transmits 'password1', which may contain unencrypted sensitive data from $@. | test3.cpp:22:33:22:41 | password1 indirection | password1 indirection |
+| test3.cpp:26:3:26:6 | call to send | test3.cpp:26:15:26:23 | password2 indirection | test3.cpp:26:15:26:23 | password2 | This operation transmits 'password2', which may contain unencrypted sensitive data from $@. | test3.cpp:26:15:26:23 | password2 indirection | password2 indirection |
 | test3.cpp:26:3:26:6 | call to send | test3.cpp:26:15:26:23 | password2 indirection | test3.cpp:26:15:26:23 | password2 | This operation transmits 'password2', which may contain unencrypted sensitive data from $@. | test3.cpp:26:15:26:23 | password2 indirection | password2 indirection |
 | test3.cpp:26:3:26:6 | call to send | test3.cpp:26:33:26:41 | password2 indirection | test3.cpp:26:15:26:23 | password2 | This operation transmits 'password2', which may contain unencrypted sensitive data from $@. | test3.cpp:26:33:26:41 | password2 indirection | password2 indirection |
+| test3.cpp:26:3:26:6 | call to send | test3.cpp:26:33:26:41 | password2 indirection | test3.cpp:26:15:26:23 | password2 | This operation transmits 'password2', which may contain unencrypted sensitive data from $@. | test3.cpp:26:33:26:41 | password2 indirection | password2 indirection |
+| test3.cpp:26:3:26:6 | call to send | test3.cpp:26:33:26:41 | password2 indirection | test3.cpp:26:15:26:23 | password2 | This operation transmits 'password2', which may contain unencrypted sensitive data from $@. | test3.cpp:26:33:26:41 | password2 indirection | password2 indirection |
+| test3.cpp:47:3:47:6 | call to recv | test3.cpp:47:15:47:22 | password indirection | test3.cpp:47:15:47:22 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:47:15:47:22 | password indirection | password indirection |
 | test3.cpp:47:3:47:6 | call to recv | test3.cpp:47:15:47:22 | password indirection | test3.cpp:47:15:47:22 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:47:15:47:22 | password indirection | password indirection |
 | test3.cpp:55:3:55:6 | call to recv | test3.cpp:55:15:55:22 | password indirection | test3.cpp:55:15:55:22 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:55:15:55:22 | password indirection | password indirection |
-| test3.cpp:76:3:76:6 | call to send | test3.cpp:74:21:74:29 | Load indirection | test3.cpp:76:15:76:17 | ptr | This operation transmits 'ptr', which may contain unencrypted sensitive data from $@. | test3.cpp:74:21:74:29 | Load indirection | Load indirection |
-| test3.cpp:83:3:83:6 | call to recv | test3.cpp:81:15:81:22 | array to pointer conversion indirection | test3.cpp:83:15:83:17 | ptr | This operation receives into 'ptr', which may put unencrypted sensitive data into $@. | test3.cpp:81:15:81:22 | array to pointer conversion indirection | array to pointer conversion indirection |
+| test3.cpp:55:3:55:6 | call to recv | test3.cpp:55:15:55:22 | password indirection | test3.cpp:55:15:55:22 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:55:15:55:22 | password indirection | password indirection |
+| test3.cpp:76:3:76:6 | call to send | test3.cpp:74:21:74:29 | password1 indirection | test3.cpp:76:15:76:17 | ptr | This operation transmits 'ptr', which may contain unencrypted sensitive data from $@. | test3.cpp:74:21:74:29 | password1 indirection | password1 indirection |
+| test3.cpp:76:3:76:6 | call to send | test3.cpp:74:21:74:29 | password1 indirection | test3.cpp:76:15:76:17 | ptr | This operation transmits 'ptr', which may contain unencrypted sensitive data from $@. | test3.cpp:74:21:74:29 | password1 indirection | password1 indirection |
+| test3.cpp:83:3:83:6 | call to recv | test3.cpp:81:15:81:22 | password indirection | test3.cpp:83:15:83:17 | ptr | This operation receives into 'ptr', which may put unencrypted sensitive data into $@. | test3.cpp:81:15:81:22 | password indirection | password indirection |
+| test3.cpp:83:3:83:6 | call to recv | test3.cpp:81:15:81:22 | password indirection | test3.cpp:83:15:83:17 | ptr | This operation receives into 'ptr', which may put unencrypted sensitive data into $@. | test3.cpp:81:15:81:22 | password indirection | password indirection |
+| test3.cpp:101:3:101:6 | call to read | test3.cpp:101:12:101:19 | password indirection | test3.cpp:101:12:101:19 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:101:12:101:19 | password indirection | password indirection |
 | test3.cpp:101:3:101:6 | call to read | test3.cpp:101:12:101:19 | password indirection | test3.cpp:101:12:101:19 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:101:12:101:19 | password indirection | password indirection |
 | test3.cpp:114:2:114:5 | call to recv | test3.cpp:134:11:134:18 | password indirection | test3.cpp:114:14:114:19 | buffer | This operation receives into 'buffer', which may put unencrypted sensitive data into $@. | test3.cpp:134:11:134:18 | password indirection | password indirection |
+| test3.cpp:114:2:114:5 | call to recv | test3.cpp:134:11:134:18 | password indirection | test3.cpp:114:14:114:19 | buffer | This operation receives into 'buffer', which may put unencrypted sensitive data into $@. | test3.cpp:134:11:134:18 | password indirection | password indirection |
 | test3.cpp:140:3:140:6 | call to send | test3.cpp:138:24:138:32 | password1 indirection | test3.cpp:140:15:140:17 | ptr | This operation transmits 'ptr', which may contain unencrypted sensitive data from $@. | test3.cpp:138:24:138:32 | password1 indirection | password1 indirection |
-| test3.cpp:146:3:146:6 | call to send | test3.cpp:126:9:126:23 | Load indirection | test3.cpp:146:15:146:18 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:126:9:126:23 | Load indirection | Load indirection |
+| test3.cpp:140:3:140:6 | call to send | test3.cpp:138:24:138:32 | password1 indirection | test3.cpp:140:15:140:17 | ptr | This operation transmits 'ptr', which may contain unencrypted sensitive data from $@. | test3.cpp:138:24:138:32 | password1 indirection | password1 indirection |
+| test3.cpp:140:3:140:6 | call to send | test3.cpp:138:24:138:32 | password1 indirection | test3.cpp:140:15:140:17 | ptr | This operation transmits 'ptr', which may contain unencrypted sensitive data from $@. | test3.cpp:138:24:138:32 | password1 indirection | password1 indirection |
+| test3.cpp:146:3:146:6 | call to send | test3.cpp:126:9:126:23 | global_password indirection | test3.cpp:146:15:146:18 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:126:9:126:23 | global_password indirection | global_password indirection |
+| test3.cpp:146:3:146:6 | call to send | test3.cpp:126:9:126:23 | global_password indirection | test3.cpp:146:15:146:18 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:126:9:126:23 | global_password indirection | global_password indirection |
+| test3.cpp:181:3:181:6 | call to recv | test3.cpp:181:15:181:22 | password indirection | test3.cpp:181:15:181:22 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:181:15:181:22 | password indirection | password indirection |
 | test3.cpp:181:3:181:6 | call to recv | test3.cpp:181:15:181:22 | password indirection | test3.cpp:181:15:181:22 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:181:15:181:22 | password indirection | password indirection |
 | test3.cpp:210:3:210:6 | call to send | test3.cpp:210:15:210:22 | password indirection | test3.cpp:210:15:210:22 | password | This operation transmits 'password', which may contain unencrypted sensitive data from $@. | test3.cpp:210:15:210:22 | password indirection | password indirection |
+| test3.cpp:210:3:210:6 | call to send | test3.cpp:210:15:210:22 | password indirection | test3.cpp:210:15:210:22 | password | This operation transmits 'password', which may contain unencrypted sensitive data from $@. | test3.cpp:210:15:210:22 | password indirection | password indirection |
+| test3.cpp:210:3:210:6 | call to send | test3.cpp:210:32:210:39 | password indirection | test3.cpp:210:15:210:22 | password | This operation transmits 'password', which may contain unencrypted sensitive data from $@. | test3.cpp:210:32:210:39 | password indirection | password indirection |
 | test3.cpp:210:3:210:6 | call to send | test3.cpp:210:32:210:39 | password indirection | test3.cpp:210:15:210:22 | password | This operation transmits 'password', which may contain unencrypted sensitive data from $@. | test3.cpp:210:32:210:39 | password indirection | password indirection |
 | test3.cpp:228:2:228:5 | call to send | test3.cpp:227:22:227:29 | password indirection | test3.cpp:228:26:228:33 | password | This operation transmits 'password', which may contain unencrypted sensitive data from $@. | test3.cpp:227:22:227:29 | password indirection | password indirection |
+| test3.cpp:228:2:228:5 | call to send | test3.cpp:227:22:227:29 | password indirection | test3.cpp:228:26:228:33 | password | This operation transmits 'password', which may contain unencrypted sensitive data from $@. | test3.cpp:227:22:227:29 | password indirection | password indirection |
+| test3.cpp:228:2:228:5 | call to send | test3.cpp:228:26:228:33 | password indirection | test3.cpp:228:26:228:33 | password | This operation transmits 'password', which may contain unencrypted sensitive data from $@. | test3.cpp:228:26:228:33 | password indirection | password indirection |
 | test3.cpp:228:2:228:5 | call to send | test3.cpp:228:26:228:33 | password indirection | test3.cpp:228:26:228:33 | password | This operation transmits 'password', which may contain unencrypted sensitive data from $@. | test3.cpp:228:26:228:33 | password indirection | password indirection |
 | test3.cpp:241:2:241:6 | call to fgets | test3.cpp:241:8:241:15 | password indirection | test3.cpp:241:8:241:15 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:241:8:241:15 | password indirection | password indirection |
+| test3.cpp:241:2:241:6 | call to fgets | test3.cpp:241:8:241:15 | password indirection | test3.cpp:241:8:241:15 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:241:8:241:15 | password indirection | password indirection |
+| test3.cpp:272:3:272:6 | call to send | test3.cpp:270:16:270:23 | password indirection | test3.cpp:272:15:272:18 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:270:16:270:23 | password indirection | password indirection |
 | test3.cpp:272:3:272:6 | call to send | test3.cpp:270:16:270:23 | password indirection | test3.cpp:272:15:272:18 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:270:16:270:23 | password indirection | password indirection |
-| test3.cpp:290:2:290:5 | call to send | test3.cpp:316:11:316:19 | password1 indirection | test3.cpp:290:14:290:17 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:316:11:316:19 | password1 indirection | password1 indirection |
 | test3.cpp:290:2:290:5 | call to send | test3.cpp:317:11:317:19 | password1 indirection | test3.cpp:290:14:290:17 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:317:11:317:19 | password1 indirection | password1 indirection |
-| test3.cpp:295:2:295:5 | call to send | test3.cpp:322:16:322:24 | Load indirection | test3.cpp:295:14:295:17 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:322:16:322:24 | Load indirection | Load indirection |
-| test3.cpp:300:2:300:5 | call to send | test3.cpp:322:16:322:24 | Load indirection | test3.cpp:300:14:300:17 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:322:16:322:24 | Load indirection | Load indirection |
+| test3.cpp:290:2:290:5 | call to send | test3.cpp:317:11:317:19 | password1 indirection | test3.cpp:290:14:290:17 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:317:11:317:19 | password1 indirection | password1 indirection |
+| test3.cpp:290:2:290:5 | call to send | test3.cpp:317:11:317:19 | password1 indirection | test3.cpp:290:14:290:17 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:317:11:317:19 | password1 indirection | password1 indirection |
+| test3.cpp:295:2:295:5 | call to send | test3.cpp:322:16:322:24 | password2 indirection | test3.cpp:295:14:295:17 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:322:16:322:24 | password2 indirection | password2 indirection |
+| test3.cpp:295:2:295:5 | call to send | test3.cpp:322:16:322:24 | password2 indirection | test3.cpp:295:14:295:17 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:322:16:322:24 | password2 indirection | password2 indirection |
+| test3.cpp:300:2:300:5 | call to send | test3.cpp:322:16:322:24 | password2 indirection | test3.cpp:300:14:300:17 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:322:16:322:24 | password2 indirection | password2 indirection |
+| test3.cpp:300:2:300:5 | call to send | test3.cpp:322:16:322:24 | password2 indirection | test3.cpp:300:14:300:17 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:322:16:322:24 | password2 indirection | password2 indirection |
 | test3.cpp:341:4:341:7 | call to recv | test3.cpp:341:16:341:23 | password indirection | test3.cpp:341:16:341:23 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:341:16:341:23 | password indirection | password indirection |
+| test3.cpp:341:4:341:7 | call to recv | test3.cpp:341:16:341:23 | password indirection | test3.cpp:341:16:341:23 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:341:16:341:23 | password indirection | password indirection |
+| test3.cpp:388:3:388:6 | call to recv | test3.cpp:388:15:388:22 | password indirection | test3.cpp:388:15:388:22 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:388:15:388:22 | password indirection | password indirection |
 | test3.cpp:388:3:388:6 | call to recv | test3.cpp:388:15:388:22 | password indirection | test3.cpp:388:15:388:22 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:388:15:388:22 | password indirection | password indirection |
 | test3.cpp:414:3:414:6 | call to recv | test3.cpp:414:15:414:24 | password indirection | test3.cpp:414:15:414:24 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:414:15:414:24 | password indirection | password indirection |
 | test3.cpp:420:3:420:6 | call to recv | test3.cpp:420:15:420:24 | password indirection | test3.cpp:420:15:420:24 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:420:15:420:24 | password indirection | password indirection |
 | test3.cpp:431:2:431:6 | call to fgets | test3.cpp:431:8:431:15 | password indirection | test3.cpp:431:8:431:15 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:431:8:431:15 | password indirection | password indirection |
+| test3.cpp:431:2:431:6 | call to fgets | test3.cpp:431:8:431:15 | password indirection | test3.cpp:431:8:431:15 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:431:8:431:15 | password indirection | password indirection |
 | test3.cpp:507:2:507:5 | call to send | test3.cpp:507:14:507:39 | social_security_number indirection | test3.cpp:507:14:507:39 | social_security_number | This operation transmits 'social_security_number', which may contain unencrypted sensitive data from $@. | test3.cpp:507:14:507:39 | social_security_number indirection | social_security_number indirection |
 | test3.cpp:508:2:508:5 | call to send | test3.cpp:508:14:508:33 | socialSecurityNo indirection | test3.cpp:508:14:508:33 | socialSecurityNo | This operation transmits 'socialSecurityNo', which may contain unencrypted sensitive data from $@. | test3.cpp:508:14:508:33 | socialSecurityNo indirection | socialSecurityNo indirection |
 | test3.cpp:509:2:509:5 | call to send | test3.cpp:509:14:509:29 | homePostCode indirection | test3.cpp:509:14:509:29 | homePostCode | This operation transmits 'homePostCode', which may contain unencrypted sensitive data from $@. | test3.cpp:509:14:509:29 | homePostCode indirection | homePostCode indirection |
@@ -287,6 +411,6 @@ subpaths
 | test3.cpp:517:2:517:5 | call to send | test3.cpp:517:14:517:29 | medical_info indirection | test3.cpp:517:14:517:29 | medical_info | This operation transmits 'medical_info', which may contain unencrypted sensitive data from $@. | test3.cpp:517:14:517:29 | medical_info indirection | medical_info indirection |
 | test3.cpp:518:2:518:5 | call to send | test3.cpp:518:14:518:28 | license_key indirection | test3.cpp:518:14:518:28 | license_key | This operation transmits 'license_key', which may contain unencrypted sensitive data from $@. | test3.cpp:518:14:518:28 | license_key indirection | license_key indirection |
 | test3.cpp:552:3:552:6 | call to send | test3.cpp:551:47:551:58 | salaryString indirection | test3.cpp:552:15:552:20 | buffer | This operation transmits 'buffer', which may contain unencrypted sensitive data from $@. | test3.cpp:551:47:551:58 | salaryString indirection | salaryString indirection |
-| test3.cpp:559:3:559:6 | call to send | test3.cpp:556:19:556:30 | Load indirection | test3.cpp:559:15:559:20 | buffer | This operation transmits 'buffer', which may contain unencrypted sensitive data from $@. | test3.cpp:556:19:556:30 | Load indirection | Load indirection |
+| test3.cpp:559:3:559:6 | call to send | test3.cpp:556:19:556:30 | salaryString indirection | test3.cpp:559:15:559:20 | buffer | This operation transmits 'buffer', which may contain unencrypted sensitive data from $@. | test3.cpp:556:19:556:30 | salaryString indirection | salaryString indirection |
 | test3.cpp:572:2:572:5 | call to send | test3.cpp:571:8:571:21 | call to get_home_phone | test3.cpp:572:14:572:16 | str | This operation transmits 'str', which may contain unencrypted sensitive data from $@. | test3.cpp:571:8:571:21 | call to get_home_phone | call to get_home_phone |
 | test3.cpp:578:2:578:5 | call to send | test3.cpp:577:8:577:23 | call to get_home_address | test3.cpp:578:14:578:16 | str | This operation transmits 'str', which may contain unencrypted sensitive data from $@. | test3.cpp:577:8:577:23 | call to get_home_address | call to get_home_address |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-319/UseOfHttp/UseOfHttp.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-319/UseOfHttp/UseOfHttp.expected
@@ -3,15 +3,15 @@ edges
 | test.cpp:11:26:11:28 | url indirection | test.cpp:15:30:15:32 | url |
 | test.cpp:24:13:24:17 | url_g | test.cpp:38:11:38:15 | Load |
 | test.cpp:24:21:24:40 | Store | test.cpp:24:13:24:17 | url_g |
-| test.cpp:24:21:24:40 | array to pointer conversion | test.cpp:24:21:24:40 | Store |
+| test.cpp:24:21:24:40 | http://example.com | test.cpp:24:21:24:40 | Store |
 | test.cpp:24:21:24:40 | http://example.com | test.cpp:24:21:24:40 | Store |
 | test.cpp:28:10:28:29 | http://example.com | test.cpp:11:26:11:28 | url |
 | test.cpp:28:10:28:29 | http://example.com | test.cpp:28:10:28:29 | http://example.com |
-| test.cpp:35:23:35:42 | array to pointer conversion | test.cpp:39:11:39:15 | url_l |
 | test.cpp:35:23:35:42 | http://example.com | test.cpp:39:11:39:15 | url_l |
-| test.cpp:36:26:36:45 | array to pointer conversion | test.cpp:40:11:40:17 | access to array |
-| test.cpp:36:26:36:45 | array to pointer conversion | test.cpp:40:11:40:17 | access to array indirection |
+| test.cpp:35:23:35:42 | http://example.com | test.cpp:39:11:39:15 | url_l |
 | test.cpp:36:26:36:45 | http://example.com | test.cpp:40:11:40:17 | access to array |
+| test.cpp:36:26:36:45 | http://example.com | test.cpp:40:11:40:17 | access to array |
+| test.cpp:36:26:36:45 | http://example.com | test.cpp:40:11:40:17 | access to array indirection |
 | test.cpp:36:26:36:45 | http://example.com | test.cpp:40:11:40:17 | access to array indirection |
 | test.cpp:38:11:38:15 | Load | test.cpp:38:11:38:15 | url_g |
 | test.cpp:38:11:38:15 | url_g | test.cpp:11:26:11:28 | url |
@@ -24,11 +24,11 @@ edges
 | test.cpp:46:18:46:26 | http:// | test.cpp:49:11:49:16 | buffer indirection |
 | test.cpp:49:11:49:16 | buffer | test.cpp:11:26:11:28 | url |
 | test.cpp:49:11:49:16 | buffer indirection | test.cpp:11:26:11:28 | url indirection |
-| test.cpp:110:21:110:40 | (char *)... | test.cpp:121:11:121:13 | ptr |
-| test.cpp:110:21:110:40 | (char *)... | test.cpp:121:11:121:13 | ptr indirection |
-| test.cpp:110:21:110:40 | array to pointer conversion | test.cpp:121:11:121:13 | ptr |
-| test.cpp:110:21:110:40 | array to pointer conversion | test.cpp:121:11:121:13 | ptr indirection |
 | test.cpp:110:21:110:40 | http://example.com | test.cpp:121:11:121:13 | ptr |
+| test.cpp:110:21:110:40 | http://example.com | test.cpp:121:11:121:13 | ptr |
+| test.cpp:110:21:110:40 | http://example.com | test.cpp:121:11:121:13 | ptr |
+| test.cpp:110:21:110:40 | http://example.com | test.cpp:121:11:121:13 | ptr indirection |
+| test.cpp:110:21:110:40 | http://example.com | test.cpp:121:11:121:13 | ptr indirection |
 | test.cpp:110:21:110:40 | http://example.com | test.cpp:121:11:121:13 | ptr indirection |
 | test.cpp:121:11:121:13 | ptr | test.cpp:11:26:11:28 | url |
 | test.cpp:121:11:121:13 | ptr indirection | test.cpp:11:26:11:28 | url indirection |
@@ -38,13 +38,13 @@ nodes
 | test.cpp:15:30:15:32 | url | semmle.label | url |
 | test.cpp:24:13:24:17 | url_g | semmle.label | url_g |
 | test.cpp:24:21:24:40 | Store | semmle.label | Store |
-| test.cpp:24:21:24:40 | array to pointer conversion | semmle.label | array to pointer conversion |
+| test.cpp:24:21:24:40 | http://example.com | semmle.label | http://example.com |
 | test.cpp:24:21:24:40 | http://example.com | semmle.label | http://example.com |
 | test.cpp:28:10:28:29 | http://example.com | semmle.label | http://example.com |
 | test.cpp:28:10:28:29 | http://example.com | semmle.label | http://example.com |
-| test.cpp:35:23:35:42 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test.cpp:35:23:35:42 | http://example.com | semmle.label | http://example.com |
-| test.cpp:36:26:36:45 | array to pointer conversion | semmle.label | array to pointer conversion |
+| test.cpp:35:23:35:42 | http://example.com | semmle.label | http://example.com |
+| test.cpp:36:26:36:45 | http://example.com | semmle.label | http://example.com |
 | test.cpp:36:26:36:45 | http://example.com | semmle.label | http://example.com |
 | test.cpp:38:11:38:15 | Load | semmle.label | Load |
 | test.cpp:38:11:38:15 | url_g | semmle.label | url_g |
@@ -55,23 +55,23 @@ nodes
 | test.cpp:46:18:46:26 | http:// | semmle.label | http:// |
 | test.cpp:49:11:49:16 | buffer | semmle.label | buffer |
 | test.cpp:49:11:49:16 | buffer indirection | semmle.label | buffer indirection |
-| test.cpp:110:21:110:40 | (char *)... | semmle.label | (char *)... |
-| test.cpp:110:21:110:40 | array to pointer conversion | semmle.label | array to pointer conversion |
+| test.cpp:110:21:110:40 | http://example.com | semmle.label | http://example.com |
+| test.cpp:110:21:110:40 | http://example.com | semmle.label | http://example.com |
 | test.cpp:110:21:110:40 | http://example.com | semmle.label | http://example.com |
 | test.cpp:121:11:121:13 | ptr | semmle.label | ptr |
 | test.cpp:121:11:121:13 | ptr indirection | semmle.label | ptr indirection |
 subpaths
 #select
-| test.cpp:24:21:24:40 | http://example.com | test.cpp:24:21:24:40 | array to pointer conversion | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
+| test.cpp:24:21:24:40 | http://example.com | test.cpp:24:21:24:40 | http://example.com | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
 | test.cpp:24:21:24:40 | http://example.com | test.cpp:24:21:24:40 | http://example.com | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
 | test.cpp:28:10:28:29 | http://example.com | test.cpp:28:10:28:29 | http://example.com | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
 | test.cpp:28:10:28:29 | http://example.com | test.cpp:28:10:28:29 | http://example.com | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
-| test.cpp:35:23:35:42 | http://example.com | test.cpp:35:23:35:42 | array to pointer conversion | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
 | test.cpp:35:23:35:42 | http://example.com | test.cpp:35:23:35:42 | http://example.com | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
-| test.cpp:36:26:36:45 | http://example.com | test.cpp:36:26:36:45 | array to pointer conversion | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
+| test.cpp:35:23:35:42 | http://example.com | test.cpp:35:23:35:42 | http://example.com | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
+| test.cpp:36:26:36:45 | http://example.com | test.cpp:36:26:36:45 | http://example.com | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
 | test.cpp:36:26:36:45 | http://example.com | test.cpp:36:26:36:45 | http://example.com | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
 | test.cpp:46:18:46:26 | http:// | test.cpp:46:18:46:26 | http:// | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
 | test.cpp:46:18:46:26 | http:// | test.cpp:46:18:46:26 | http:// | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
-| test.cpp:110:21:110:40 | http://example.com | test.cpp:110:21:110:40 | (char *)... | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
-| test.cpp:110:21:110:40 | http://example.com | test.cpp:110:21:110:40 | array to pointer conversion | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
+| test.cpp:110:21:110:40 | http://example.com | test.cpp:110:21:110:40 | http://example.com | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
+| test.cpp:110:21:110:40 | http://example.com | test.cpp:110:21:110:40 | http://example.com | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
 | test.cpp:110:21:110:40 | http://example.com | test.cpp:110:21:110:40 | http://example.com | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/ExposedSystemData.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/ExposedSystemData.expected
@@ -6,7 +6,7 @@ edges
 | tests2.cpp:64:13:64:18 | call to getenv | tests2.cpp:64:13:64:26 | call to getenv |
 | tests2.cpp:65:13:65:18 | call to getenv | tests2.cpp:65:13:65:30 | call to getenv |
 | tests2.cpp:66:13:66:18 | call to getenv | tests2.cpp:66:13:66:34 | call to getenv |
-| tests2.cpp:78:18:78:38 | call to mysql_get_client_info | tests2.cpp:81:14:81:19 | array to pointer conversion |
+| tests2.cpp:78:18:78:38 | call to mysql_get_client_info | tests2.cpp:81:14:81:19 | buffer |
 | tests2.cpp:78:18:78:38 | call to mysql_get_client_info | tests2.cpp:81:14:81:19 | buffer |
 | tests2.cpp:82:14:82:20 | Load | tests2.cpp:82:14:82:20 | global1 |
 | tests2.cpp:91:42:91:45 | str1 | tests2.cpp:93:14:93:17 | str1 |
@@ -46,7 +46,7 @@ nodes
 | tests2.cpp:66:13:66:34 | call to getenv | semmle.label | call to getenv |
 | tests2.cpp:78:18:78:38 | call to mysql_get_client_info | semmle.label | call to mysql_get_client_info |
 | tests2.cpp:80:14:80:34 | call to mysql_get_client_info | semmle.label | call to mysql_get_client_info |
-| tests2.cpp:81:14:81:19 | array to pointer conversion | semmle.label | array to pointer conversion |
+| tests2.cpp:81:14:81:19 | buffer | semmle.label | buffer |
 | tests2.cpp:81:14:81:19 | buffer | semmle.label | buffer |
 | tests2.cpp:82:14:82:20 | Load | semmle.label | Load |
 | tests2.cpp:82:14:82:20 | global1 | semmle.label | global1 |
@@ -81,7 +81,7 @@ subpaths
 | tests2.cpp:65:13:65:18 | call to getenv | tests2.cpp:65:13:65:18 | call to getenv | tests2.cpp:65:13:65:18 | call to getenv | This operation exposes system data from $@. | tests2.cpp:65:13:65:18 | call to getenv | call to getenv |
 | tests2.cpp:66:13:66:18 | call to getenv | tests2.cpp:66:13:66:18 | call to getenv | tests2.cpp:66:13:66:18 | call to getenv | This operation exposes system data from $@. | tests2.cpp:66:13:66:18 | call to getenv | call to getenv |
 | tests2.cpp:80:14:80:34 | call to mysql_get_client_info | tests2.cpp:80:14:80:34 | call to mysql_get_client_info | tests2.cpp:80:14:80:34 | call to mysql_get_client_info | This operation exposes system data from $@. | tests2.cpp:80:14:80:34 | call to mysql_get_client_info | call to mysql_get_client_info |
-| tests2.cpp:81:14:81:19 | array to pointer conversion | tests2.cpp:78:18:78:38 | call to mysql_get_client_info | tests2.cpp:81:14:81:19 | array to pointer conversion | This operation exposes system data from $@. | tests2.cpp:78:18:78:38 | call to mysql_get_client_info | call to mysql_get_client_info |
+| tests2.cpp:81:14:81:19 | buffer | tests2.cpp:78:18:78:38 | call to mysql_get_client_info | tests2.cpp:81:14:81:19 | buffer | This operation exposes system data from $@. | tests2.cpp:78:18:78:38 | call to mysql_get_client_info | call to mysql_get_client_info |
 | tests2.cpp:81:14:81:19 | buffer | tests2.cpp:78:18:78:38 | call to mysql_get_client_info | tests2.cpp:81:14:81:19 | buffer | This operation exposes system data from $@. | tests2.cpp:78:18:78:38 | call to mysql_get_client_info | call to mysql_get_client_info |
 | tests2.cpp:82:14:82:20 | global1 | tests2.cpp:50:23:50:43 | call to mysql_get_client_info | tests2.cpp:82:14:82:20 | global1 | This operation exposes system data from $@. | tests2.cpp:50:23:50:43 | call to mysql_get_client_info | call to mysql_get_client_info |
 | tests2.cpp:93:14:93:17 | str1 | tests2.cpp:91:42:91:45 | str1 | tests2.cpp:93:14:93:17 | str1 | This operation exposes system data from $@. | tests2.cpp:91:42:91:45 | str1 | str1 |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/PotentiallyExposedSystemData.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/PotentiallyExposedSystemData.expected
@@ -16,7 +16,7 @@ edges
 | tests.cpp:97:13:97:18 | call to getenv | tests.cpp:97:13:97:34 | call to getenv |
 | tests.cpp:97:13:97:34 | call to getenv | tests.cpp:86:29:86:31 | msg |
 | tests.cpp:107:30:107:32 | msg | tests.cpp:111:15:111:17 | tmp |
-| tests.cpp:114:30:114:32 | msg | tests.cpp:119:7:119:12 | array to pointer conversion |
+| tests.cpp:114:30:114:32 | msg | tests.cpp:119:7:119:12 | buffer |
 | tests.cpp:114:30:114:32 | msg | tests.cpp:119:7:119:12 | buffer |
 | tests.cpp:122:30:122:32 | msg | tests.cpp:124:15:124:17 | msg |
 | tests.cpp:131:14:131:19 | call to getenv | tests.cpp:131:14:131:35 | call to getenv |
@@ -63,7 +63,7 @@ nodes
 | tests.cpp:107:30:107:32 | msg | semmle.label | msg |
 | tests.cpp:111:15:111:17 | tmp | semmle.label | tmp |
 | tests.cpp:114:30:114:32 | msg | semmle.label | msg |
-| tests.cpp:119:7:119:12 | array to pointer conversion | semmle.label | array to pointer conversion |
+| tests.cpp:119:7:119:12 | buffer | semmle.label | buffer |
 | tests.cpp:119:7:119:12 | buffer | semmle.label | buffer |
 | tests.cpp:122:30:122:32 | msg | semmle.label | msg |
 | tests.cpp:124:15:124:17 | msg | semmle.label | msg |
@@ -98,7 +98,7 @@ subpaths
 | tests.cpp:97:13:97:18 | call to getenv | tests.cpp:97:13:97:18 | call to getenv | tests.cpp:97:13:97:18 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:97:13:97:18 | call to getenv | call to getenv |
 | tests.cpp:97:13:97:34 | call to getenv | tests.cpp:97:13:97:18 | call to getenv | tests.cpp:97:13:97:34 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:97:13:97:18 | call to getenv | call to getenv |
 | tests.cpp:111:15:111:17 | tmp | tests.cpp:131:14:131:19 | call to getenv | tests.cpp:111:15:111:17 | tmp | This operation potentially exposes sensitive system data from $@. | tests.cpp:131:14:131:19 | call to getenv | call to getenv |
-| tests.cpp:119:7:119:12 | array to pointer conversion | tests.cpp:132:14:132:19 | call to getenv | tests.cpp:119:7:119:12 | array to pointer conversion | This operation potentially exposes sensitive system data from $@. | tests.cpp:132:14:132:19 | call to getenv | call to getenv |
+| tests.cpp:119:7:119:12 | buffer | tests.cpp:132:14:132:19 | call to getenv | tests.cpp:119:7:119:12 | buffer | This operation potentially exposes sensitive system data from $@. | tests.cpp:132:14:132:19 | call to getenv | call to getenv |
 | tests.cpp:119:7:119:12 | buffer | tests.cpp:132:14:132:19 | call to getenv | tests.cpp:119:7:119:12 | buffer | This operation potentially exposes sensitive system data from $@. | tests.cpp:132:14:132:19 | call to getenv | call to getenv |
 | tests.cpp:124:15:124:17 | msg | tests.cpp:133:14:133:19 | call to getenv | tests.cpp:124:15:124:17 | msg | This operation potentially exposes sensitive system data from $@. | tests.cpp:133:14:133:19 | call to getenv | call to getenv |
 | tests.cpp:133:14:133:19 | call to getenv | tests.cpp:133:14:133:19 | call to getenv | tests.cpp:133:14:133:19 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:133:14:133:19 | call to getenv | call to getenv |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-807/semmle/TaintedCondition/TaintedCondition.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-807/semmle/TaintedCondition/TaintedCondition.expected
@@ -1,12 +1,12 @@
 edges
 | test.cpp:20:29:20:34 | call to getenv | test.cpp:24:10:24:35 | ! ... |
 | test.cpp:20:29:20:34 | call to getenv | test.cpp:24:11:24:16 | call to strcmp |
-| test.cpp:20:29:20:47 | (const char *)... | test.cpp:24:10:24:35 | ! ... |
-| test.cpp:20:29:20:47 | (const char *)... | test.cpp:24:11:24:16 | call to strcmp |
+| test.cpp:20:29:20:47 | call to getenv | test.cpp:24:10:24:35 | ! ... |
+| test.cpp:20:29:20:47 | call to getenv | test.cpp:24:11:24:16 | call to strcmp |
 subpaths
 nodes
 | test.cpp:20:29:20:34 | call to getenv | semmle.label | call to getenv |
-| test.cpp:20:29:20:47 | (const char *)... | semmle.label | (const char *)... |
+| test.cpp:20:29:20:47 | call to getenv | semmle.label | call to getenv |
 | test.cpp:24:10:24:35 | ! ... | semmle.label | ! ... |
 | test.cpp:24:11:24:16 | call to strcmp | semmle.label | call to strcmp |
 | test.cpp:24:11:24:16 | call to strcmp | semmle.label | call to strcmp |