Merge pull request #12645 from aschackmull/dataflow/renaming

Dataflow: Rename Make to Global and hasFlow to flow

cpp/ql/lib/change-notes/2023-03-23-dataflow-renaming.md

@@ -0,0 +1,6 @@
+---
+category: deprecated
+---
+* The recently introduced new data flow and taint tracking APIs have had a
+  number of module and predicate renamings. The old APIs remain in place for
+  now.

cpp/ql/lib/experimental/semmle/code/cpp/security/PrivateCleartextWrite.qll

@@ -54,7 +54,7 @@ module PrivateCleartextWrite {
     predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
   }
 
-  module WriteFlow = TaintTracking::Make<WriteConfig>;
+  module WriteFlow = TaintTracking::Global<WriteConfig>;
 
   class PrivateDataSource extends Source {
     PrivateDataSource() { this.getExpr() instanceof PrivateDataExpr }

cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlow.qll

@@ -2,7 +2,7 @@
  * Provides an implementation of global (interprocedural) data flow. This file
  * re-exports the local (intraprocedural) data flow analysis from
  * `DataFlowImplSpecific::Public` and adds a global analysis, mainly exposed
- * through the `Make` and `MakeWithState` modules.
+ * through the `Global` and `GlobalWithState` modules.
  */
 
 private import DataFlowImplCommon
@@ -73,10 +73,10 @@ signature module ConfigSig {
    */
   default FlowFeature getAFeature() { none() }
 
-  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  /** Holds if sources should be grouped in the result of `flowPath`. */
   default predicate sourceGrouping(Node source, string sourceGroup) { none() }
 
-  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  /** Holds if sinks should be grouped in the result of `flowPath`. */
   default predicate sinkGrouping(Node sink, string sinkGroup) { none() }
 
   /**
@@ -166,10 +166,10 @@ signature module StateConfigSig {
    */
   default FlowFeature getAFeature() { none() }
 
-  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  /** Holds if sources should be grouped in the result of `flowPath`. */
   default predicate sourceGrouping(Node source, string sourceGroup) { none() }
 
-  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  /** Holds if sinks should be grouped in the result of `flowPath`. */
   default predicate sinkGrouping(Node sink, string sinkGroup) { none() }
 
   /**
@@ -182,15 +182,15 @@ signature module StateConfigSig {
 }
 
 /**
- * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
+ * Gets the exploration limit for `partialFlow` and `partialFlowRev`
  * measured in approximate number of interprocedural steps.
  */
 signature int explorationLimitSig();
 
 /**
- * The output of a data flow computation.
+ * The output of a global data flow computation.
  */
-signature module DataFlowSig {
+signature module GlobalFlowSig {
   /**
    * A `Node` augmented with a call context (except for sinks) and an access path.
    * Only those `PathNode`s that are reachable from a source, and which can reach a sink, are generated.
@@ -203,28 +203,28 @@ signature module DataFlowSig {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink);
+  predicate flowPath(PathNode source, PathNode sink);
 
   /**
    * Holds if data can flow from `source` to `sink`.
    */
-  predicate hasFlow(Node source, Node sink);
+  predicate flow(Node source, Node sink);
 
   /**
    * Holds if data can flow from some source to `sink`.
    */
-  predicate hasFlowTo(Node sink);
+  predicate flowTo(Node sink);
 
   /**
    * Holds if data can flow from some source to `sink`.
    */
-  predicate hasFlowToExpr(DataFlowExpr sink);
+  predicate flowToExpr(DataFlowExpr sink);
 }
 
 /**
  * Constructs a standard data flow computation.
  */
-module Make<ConfigSig Config> implements DataFlowSig {
+module Global<ConfigSig Config> implements GlobalFlowSig {
   private module C implements FullStateConfigSig {
     import DefaultState<Config>
     import Config
@@ -233,10 +233,15 @@ module Make<ConfigSig Config> implements DataFlowSig {
   import Impl<C>
 }
 
+/** DEPRECATED: Use `Global` instead. */
+deprecated module Make<ConfigSig Config> implements GlobalFlowSig {
+  import Global<Config>
+}
+
 /**
  * Constructs a data flow computation using flow state.
  */
-module MakeWithState<StateConfigSig Config> implements DataFlowSig {
+module GlobalWithState<StateConfigSig Config> implements GlobalFlowSig {
   private module C implements FullStateConfigSig {
     import Config
   }
@@ -244,6 +249,11 @@ module MakeWithState<StateConfigSig Config> implements DataFlowSig {
   import Impl<C>
 }
 
+/** DEPRECATED: Use `GlobalWithState` instead. */
+deprecated module MakeWithState<StateConfigSig Config> implements GlobalFlowSig {
+  import GlobalWithState<Config>
+}
+
 signature class PathNodeSig {
   /** Gets a textual representation of this element. */
   string toString();

cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll

@@ -91,10 +91,10 @@ signature module FullStateConfigSig {
    */
   FlowFeature getAFeature();
 
-  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  /** Holds if sources should be grouped in the result of `flowPath`. */
   predicate sourceGrouping(Node source, string sourceGroup);
 
-  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  /** Holds if sinks should be grouped in the result of `flowPath`. */
   predicate sinkGrouping(Node sink, string sinkGroup);
 
   /**
@@ -3629,7 +3629,7 @@ module Impl<FullStateConfigSig Config> {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) {
+  predicate flowPath(PathNode source, PathNode sink) {
     exists(PathNodeImpl flowsource, PathNodeImpl flowsink |
       source = flowsource and sink = flowsink
     |
@@ -3639,6 +3639,9 @@ module Impl<FullStateConfigSig Config> {
     )
   }
 
+  /** DEPRECATED: Use `flowPath` instead. */
+  deprecated predicate hasFlowPath = flowPath/2;
+
   private predicate flowsTo(PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink) {
     flowsource.isSource() and
     flowsource.getNodeEx().asNode() = source and
@@ -3649,17 +3652,26 @@ module Impl<FullStateConfigSig Config> {
   /**
    * Holds if data can flow from `source` to `sink`.
    */
-  predicate hasFlow(Node source, Node sink) { flowsTo(_, _, source, sink) }
+  predicate flow(Node source, Node sink) { flowsTo(_, _, source, sink) }
+
+  /** DEPRECATED: Use `flow` instead. */
+  deprecated predicate hasFlow = flow/2;
 
   /**
    * Holds if data can flow from some source to `sink`.
    */
-  predicate hasFlowTo(Node sink) { sink = any(PathNodeSink n).getNodeEx().asNode() }
+  predicate flowTo(Node sink) { sink = any(PathNodeSink n).getNodeEx().asNode() }
+
+  /** DEPRECATED: Use `flowTo` instead. */
+  deprecated predicate hasFlowTo = flowTo/1;
 
   /**
    * Holds if data can flow from some source to `sink`.
    */
-  predicate hasFlowToExpr(DataFlowExpr sink) { hasFlowTo(exprNode(sink)) }
+  predicate flowToExpr(DataFlowExpr sink) { flowTo(exprNode(sink)) }
+
+  /** DEPRECATED: Use `flowToExpr` instead. */
+  deprecated predicate hasFlowToExpr = flowToExpr/1;
 
   private predicate finalStats(
     boolean fwd, int nodes, int fields, int conscand, int states, int tuples
@@ -4570,7 +4582,7 @@ module Impl<FullStateConfigSig Config> {
      *
      * To use this in a `path-problem` query, import the module `PartialPathGraph`.
      */
-    predicate hasPartialFlow(PartialPathNode source, PartialPathNode node, int dist) {
+    predicate partialFlow(PartialPathNode source, PartialPathNode node, int dist) {
       partialFlow(source, node) and
       dist = node.getSourceDistance()
     }
@@ -4590,7 +4602,7 @@ module Impl<FullStateConfigSig Config> {
      * Note that reverse flow has slightly lower precision than the corresponding
      * forward flow, as reverse flow disregards type pruning among other features.
      */
-    predicate hasPartialFlowRev(PartialPathNode node, PartialPathNode sink, int dist) {
+    predicate partialFlowRev(PartialPathNode node, PartialPathNode sink, int dist) {
       revPartialFlow(node, sink) and
       dist = node.getSinkDistance()
     }

cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl1.qll

@@ -1,5 +1,5 @@
 /**
- * DEPRECATED: Use `Make` and `MakeWithState` instead.
+ * DEPRECATED: Use `Global` and `GlobalWithState` instead.
  *
  * Provides a `Configuration` class backwards-compatible interface to the data
  * flow library.
@@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }
 
 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  hasFlowPath(source, sink) and source.getConfiguration() = config
+  flowPath(source, sink) and source.getConfiguration() = config
 }
 
 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }

cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll

@@ -1,5 +1,5 @@
 /**
- * DEPRECATED: Use `Make` and `MakeWithState` instead.
+ * DEPRECATED: Use `Global` and `GlobalWithState` instead.
  *
  * Provides a `Configuration` class backwards-compatible interface to the data
  * flow library.
@@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }
 
 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  hasFlowPath(source, sink) and source.getConfiguration() = config
+  flowPath(source, sink) and source.getConfiguration() = config
 }
 
 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }

cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll

@@ -1,5 +1,5 @@
 /**
- * DEPRECATED: Use `Make` and `MakeWithState` instead.
+ * DEPRECATED: Use `Global` and `GlobalWithState` instead.
  *
  * Provides a `Configuration` class backwards-compatible interface to the data
  * flow library.
@@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }
 
 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  hasFlowPath(source, sink) and source.getConfiguration() = config
+  flowPath(source, sink) and source.getConfiguration() = config
 }
 
 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }

cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll

@@ -1,5 +1,5 @@
 /**
- * DEPRECATED: Use `Make` and `MakeWithState` instead.
+ * DEPRECATED: Use `Global` and `GlobalWithState` instead.
  *
  * Provides a `Configuration` class backwards-compatible interface to the data
  * flow library.
@@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }
 
 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  hasFlowPath(source, sink) and source.getConfiguration() = config
+  flowPath(source, sink) and source.getConfiguration() = config
 }
 
 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }

cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll

@@ -1,5 +1,5 @@
 /**
- * DEPRECATED: Use `Make` and `MakeWithState` instead.
+ * DEPRECATED: Use `Global` and `GlobalWithState` instead.
  *
  * Provides a `Configuration` class backwards-compatible interface to the data
  * flow library.
@@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }
 
 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  hasFlowPath(source, sink) and source.getConfiguration() = config
+  flowPath(source, sink) and source.getConfiguration() = config
 }
 
 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }

cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTracking.qll

@@ -35,7 +35,7 @@ private module AddTaintDefaults<DataFlowInternal::FullStateConfigSig Config> imp
 /**
  * Constructs a standard taint tracking computation.
  */
-module Make<DataFlow::ConfigSig Config> implements DataFlow::DataFlowSig {
+module Global<DataFlow::ConfigSig Config> implements DataFlow::GlobalFlowSig {
   private module Config0 implements DataFlowInternal::FullStateConfigSig {
     import DataFlowInternal::DefaultState<Config>
     import Config
@@ -48,10 +48,15 @@ module Make<DataFlow::ConfigSig Config> implements DataFlow::DataFlowSig {
   import DataFlowInternal::Impl<C>
 }
 
+/** DEPRECATED: Use `Global` instead. */
+deprecated module Make<DataFlow::ConfigSig Config> implements DataFlow::GlobalFlowSig {
+  import Global<Config>
+}
+
 /**
  * Constructs a taint tracking computation using flow state.
  */
-module MakeWithState<DataFlow::StateConfigSig Config> implements DataFlow::DataFlowSig {
+module GlobalWithState<DataFlow::StateConfigSig Config> implements DataFlow::GlobalFlowSig {
   private module Config0 implements DataFlowInternal::FullStateConfigSig {
     import Config
   }
@@ -62,3 +67,8 @@ module MakeWithState<DataFlow::StateConfigSig Config> implements DataFlow::DataF
 
   import DataFlowInternal::Impl<C>
 }
+
+/** DEPRECATED: Use `GlobalWithState` instead. */
+deprecated module MakeWithState<DataFlow::StateConfigSig Config> implements DataFlow::GlobalFlowSig {
+  import GlobalWithState<Config>
+}

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlow.qll

@@ -2,7 +2,7 @@
  * Provides an implementation of global (interprocedural) data flow. This file
  * re-exports the local (intraprocedural) data flow analysis from
  * `DataFlowImplSpecific::Public` and adds a global analysis, mainly exposed
- * through the `Make` and `MakeWithState` modules.
+ * through the `Global` and `GlobalWithState` modules.
  */
 
 private import DataFlowImplCommon
@@ -73,10 +73,10 @@ signature module ConfigSig {
    */
   default FlowFeature getAFeature() { none() }
 
-  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  /** Holds if sources should be grouped in the result of `flowPath`. */
   default predicate sourceGrouping(Node source, string sourceGroup) { none() }
 
-  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  /** Holds if sinks should be grouped in the result of `flowPath`. */
   default predicate sinkGrouping(Node sink, string sinkGroup) { none() }
 
   /**
@@ -166,10 +166,10 @@ signature module StateConfigSig {
    */
   default FlowFeature getAFeature() { none() }
 
-  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  /** Holds if sources should be grouped in the result of `flowPath`. */
   default predicate sourceGrouping(Node source, string sourceGroup) { none() }
 
-  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  /** Holds if sinks should be grouped in the result of `flowPath`. */
   default predicate sinkGrouping(Node sink, string sinkGroup) { none() }
 
   /**
@@ -182,15 +182,15 @@ signature module StateConfigSig {
 }
 
 /**
- * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
+ * Gets the exploration limit for `partialFlow` and `partialFlowRev`
  * measured in approximate number of interprocedural steps.
  */
 signature int explorationLimitSig();
 
 /**
- * The output of a data flow computation.
+ * The output of a global data flow computation.
  */
-signature module DataFlowSig {
+signature module GlobalFlowSig {
   /**
    * A `Node` augmented with a call context (except for sinks) and an access path.
    * Only those `PathNode`s that are reachable from a source, and which can reach a sink, are generated.
@@ -203,28 +203,28 @@ signature module DataFlowSig {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink);
+  predicate flowPath(PathNode source, PathNode sink);
 
   /**
    * Holds if data can flow from `source` to `sink`.
    */
-  predicate hasFlow(Node source, Node sink);
+  predicate flow(Node source, Node sink);
 
   /**
    * Holds if data can flow from some source to `sink`.
    */
-  predicate hasFlowTo(Node sink);
+  predicate flowTo(Node sink);
 
   /**
    * Holds if data can flow from some source to `sink`.
    */
-  predicate hasFlowToExpr(DataFlowExpr sink);
+  predicate flowToExpr(DataFlowExpr sink);
 }
 
 /**
  * Constructs a standard data flow computation.
  */
-module Make<ConfigSig Config> implements DataFlowSig {
+module Global<ConfigSig Config> implements GlobalFlowSig {
   private module C implements FullStateConfigSig {
     import DefaultState<Config>
     import Config
@@ -233,10 +233,15 @@ module Make<ConfigSig Config> implements DataFlowSig {
   import Impl<C>
 }
 
+/** DEPRECATED: Use `Global` instead. */
+deprecated module Make<ConfigSig Config> implements GlobalFlowSig {
+  import Global<Config>
+}
+
 /**
  * Constructs a data flow computation using flow state.
  */
-module MakeWithState<StateConfigSig Config> implements DataFlowSig {
+module GlobalWithState<StateConfigSig Config> implements GlobalFlowSig {
   private module C implements FullStateConfigSig {
     import Config
   }
@@ -244,6 +249,11 @@ module MakeWithState<StateConfigSig Config> implements DataFlowSig {
   import Impl<C>
 }
 
+/** DEPRECATED: Use `GlobalWithState` instead. */
+deprecated module MakeWithState<StateConfigSig Config> implements GlobalFlowSig {
+  import GlobalWithState<Config>
+}
+
 signature class PathNodeSig {
   /** Gets a textual representation of this element. */
   string toString();

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll

@@ -91,10 +91,10 @@ signature module FullStateConfigSig {
    */
   FlowFeature getAFeature();
 
-  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  /** Holds if sources should be grouped in the result of `flowPath`. */
   predicate sourceGrouping(Node source, string sourceGroup);
 
-  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  /** Holds if sinks should be grouped in the result of `flowPath`. */
   predicate sinkGrouping(Node sink, string sinkGroup);
 
   /**
@@ -3629,7 +3629,7 @@ module Impl<FullStateConfigSig Config> {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) {
+  predicate flowPath(PathNode source, PathNode sink) {
     exists(PathNodeImpl flowsource, PathNodeImpl flowsink |
       source = flowsource and sink = flowsink
     |
@@ -3639,6 +3639,9 @@ module Impl<FullStateConfigSig Config> {
     )
   }
 
+  /** DEPRECATED: Use `flowPath` instead. */
+  deprecated predicate hasFlowPath = flowPath/2;
+
   private predicate flowsTo(PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink) {
     flowsource.isSource() and
     flowsource.getNodeEx().asNode() = source and
@@ -3649,17 +3652,26 @@ module Impl<FullStateConfigSig Config> {
   /**
    * Holds if data can flow from `source` to `sink`.
    */
-  predicate hasFlow(Node source, Node sink) { flowsTo(_, _, source, sink) }
+  predicate flow(Node source, Node sink) { flowsTo(_, _, source, sink) }
+
+  /** DEPRECATED: Use `flow` instead. */
+  deprecated predicate hasFlow = flow/2;
 
   /**
    * Holds if data can flow from some source to `sink`.
    */
-  predicate hasFlowTo(Node sink) { sink = any(PathNodeSink n).getNodeEx().asNode() }
+  predicate flowTo(Node sink) { sink = any(PathNodeSink n).getNodeEx().asNode() }
+
+  /** DEPRECATED: Use `flowTo` instead. */
+  deprecated predicate hasFlowTo = flowTo/1;
 
   /**
    * Holds if data can flow from some source to `sink`.
    */
-  predicate hasFlowToExpr(DataFlowExpr sink) { hasFlowTo(exprNode(sink)) }
+  predicate flowToExpr(DataFlowExpr sink) { flowTo(exprNode(sink)) }
+
+  /** DEPRECATED: Use `flowToExpr` instead. */
+  deprecated predicate hasFlowToExpr = flowToExpr/1;
 
   private predicate finalStats(
     boolean fwd, int nodes, int fields, int conscand, int states, int tuples
@@ -4570,7 +4582,7 @@ module Impl<FullStateConfigSig Config> {
      *
      * To use this in a `path-problem` query, import the module `PartialPathGraph`.
      */
-    predicate hasPartialFlow(PartialPathNode source, PartialPathNode node, int dist) {
+    predicate partialFlow(PartialPathNode source, PartialPathNode node, int dist) {
       partialFlow(source, node) and
       dist = node.getSourceDistance()
     }
@@ -4590,7 +4602,7 @@ module Impl<FullStateConfigSig Config> {
      * Note that reverse flow has slightly lower precision than the corresponding
      * forward flow, as reverse flow disregards type pruning among other features.
      */
-    predicate hasPartialFlowRev(PartialPathNode node, PartialPathNode sink, int dist) {
+    predicate partialFlowRev(PartialPathNode node, PartialPathNode sink, int dist) {
       revPartialFlow(node, sink) and
       dist = node.getSinkDistance()
     }

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl1.qll

@@ -1,5 +1,5 @@
 /**
- * DEPRECATED: Use `Make` and `MakeWithState` instead.
+ * DEPRECATED: Use `Global` and `GlobalWithState` instead.
  *
  * Provides a `Configuration` class backwards-compatible interface to the data
  * flow library.
@@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }
 
 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  hasFlowPath(source, sink) and source.getConfiguration() = config
+  flowPath(source, sink) and source.getConfiguration() = config
 }
 
 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll

@@ -1,5 +1,5 @@
 /**
- * DEPRECATED: Use `Make` and `MakeWithState` instead.
+ * DEPRECATED: Use `Global` and `GlobalWithState` instead.
  *
  * Provides a `Configuration` class backwards-compatible interface to the data
  * flow library.
@@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }
 
 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  hasFlowPath(source, sink) and source.getConfiguration() = config
+  flowPath(source, sink) and source.getConfiguration() = config
 }
 
 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll

@@ -1,5 +1,5 @@
 /**
- * DEPRECATED: Use `Make` and `MakeWithState` instead.
+ * DEPRECATED: Use `Global` and `GlobalWithState` instead.
  *
  * Provides a `Configuration` class backwards-compatible interface to the data
  * flow library.
@@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }
 
 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  hasFlowPath(source, sink) and source.getConfiguration() = config
+  flowPath(source, sink) and source.getConfiguration() = config
 }
 
 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll

@@ -1,5 +1,5 @@
 /**
- * DEPRECATED: Use `Make` and `MakeWithState` instead.
+ * DEPRECATED: Use `Global` and `GlobalWithState` instead.
  *
  * Provides a `Configuration` class backwards-compatible interface to the data
  * flow library.
@@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }
 
 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  hasFlowPath(source, sink) and source.getConfiguration() = config
+  flowPath(source, sink) and source.getConfiguration() = config
 }
 
 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DefaultTaintTrackingImpl.qll

@@ -103,7 +103,7 @@ private module DefaultTaintTrackingConfig implements DataFlow::ConfigSig {
   }
 }
 
-private module DefaultTaintTrackingFlow = TaintTracking::Make<DefaultTaintTrackingConfig>;
+private module DefaultTaintTrackingFlow = TaintTracking::Global<DefaultTaintTrackingConfig>;
 
 private module ToGlobalVarTaintTrackingConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source = getNodeForSource(_) }
@@ -121,13 +121,13 @@ private module ToGlobalVarTaintTrackingConfig implements DataFlow::ConfigSig {
   predicate isBarrierIn(DataFlow::Node node) { nodeIsBarrierIn(node) }
 }
 
-private module ToGlobalVarTaintTrackingFlow = TaintTracking::Make<ToGlobalVarTaintTrackingConfig>;
+private module ToGlobalVarTaintTrackingFlow = TaintTracking::Global<ToGlobalVarTaintTrackingConfig>;
 
 private module FromGlobalVarTaintTrackingConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) {
     // This set of sources should be reasonably small, which is good for
     // performance since the set of sinks is very large.
-    ToGlobalVarTaintTrackingFlow::hasFlowTo(source)
+    ToGlobalVarTaintTrackingFlow::flowTo(source)
   }
 
   predicate isSink(DataFlow::Node sink) { exists(adjustedSink(sink)) }
@@ -145,7 +145,7 @@ private module FromGlobalVarTaintTrackingConfig implements DataFlow::ConfigSig {
 }
 
 private module FromGlobalVarTaintTrackingFlow =
-  TaintTracking::Make<FromGlobalVarTaintTrackingConfig>;
+  TaintTracking::Global<FromGlobalVarTaintTrackingConfig>;
 
 private predicate readsVariable(LoadInstruction load, Variable var) {
   load.getSourceAddress().(VariableAddressInstruction).getAstVariable() = var
@@ -331,7 +331,7 @@ private import Cached
 cached
 predicate tainted(Expr source, Element tainted) {
   exists(DataFlow::Node sink |
-    DefaultTaintTrackingFlow::hasFlow(getNodeForSource(source), sink) and
+    DefaultTaintTrackingFlow::flow(getNodeForSource(source), sink) and
     tainted = adjustedSink(sink)
   )
 }
@@ -360,8 +360,8 @@ predicate taintedIncludingGlobalVars(Expr source, Element tainted, string global
     DataFlow::VariableNode variableNode, GlobalOrNamespaceVariable global, DataFlow::Node sink
   |
     global = variableNode.getVariable() and
-    ToGlobalVarTaintTrackingFlow::hasFlow(getNodeForSource(source), variableNode) and
-    FromGlobalVarTaintTrackingFlow::hasFlow(variableNode, sink) and
+    ToGlobalVarTaintTrackingFlow::flow(getNodeForSource(source), variableNode) and
+    FromGlobalVarTaintTrackingFlow::flow(variableNode, sink) and
     tainted = adjustedSink(sink) and
     global = globalVarFromId(globalVar)
   )
@@ -450,7 +450,7 @@ module TaintedWithPath {
     predicate isBarrierIn(DataFlow::Node node) { nodeIsBarrierIn(node) }
   }
 
-  private module AdjustedFlow = TaintTracking::Make<AdjustedConfig>;
+  private module AdjustedFlow = TaintTracking::Global<AdjustedConfig>;
 
   /*
    * A sink `Element` may map to multiple `DataFlowX::PathNode`s via (the
@@ -472,7 +472,7 @@ module TaintedWithPath {
     // that makes it easiest to deal with the case where source = sink.
     TEndpointPathNode(Element e) {
       exists(DataFlow::Node sourceNode, DataFlow::Node sinkNode |
-        AdjustedFlow::hasFlow(sourceNode, sinkNode)
+        AdjustedFlow::flow(sourceNode, sinkNode)
       |
         sourceNode = getNodeForExpr(e) and
         exists(TaintTrackingConfiguration ttCfg | ttCfg.isSource(e))
@@ -634,7 +634,7 @@ module TaintedWithPath {
     exists(DataFlow::Node flowSource, DataFlow::Node flowSink |
       source = sourceNode.(InitialPathNode).inner() and
       flowSource = getNodeForExpr(source) and
-      AdjustedFlow::hasFlow(flowSource, flowSink) and
+      AdjustedFlow::flow(flowSource, flowSink) and
       tainted = adjustedSink(flowSink) and
       tainted = sinkNode.(FinalPathNode).inner()
     )

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking1/TaintTracking.qll

@@ -35,7 +35,7 @@ private module AddTaintDefaults<DataFlowInternal::FullStateConfigSig Config> imp
 /**
  * Constructs a standard taint tracking computation.
  */
-module Make<DataFlow::ConfigSig Config> implements DataFlow::DataFlowSig {
+module Global<DataFlow::ConfigSig Config> implements DataFlow::GlobalFlowSig {
   private module Config0 implements DataFlowInternal::FullStateConfigSig {
     import DataFlowInternal::DefaultState<Config>
     import Config
@@ -48,10 +48,15 @@ module Make<DataFlow::ConfigSig Config> implements DataFlow::DataFlowSig {
   import DataFlowInternal::Impl<C>
 }
 
+/** DEPRECATED: Use `Global` instead. */
+deprecated module Make<DataFlow::ConfigSig Config> implements DataFlow::GlobalFlowSig {
+  import Global<Config>
+}
+
 /**
  * Constructs a taint tracking computation using flow state.
  */
-module MakeWithState<DataFlow::StateConfigSig Config> implements DataFlow::DataFlowSig {
+module GlobalWithState<DataFlow::StateConfigSig Config> implements DataFlow::GlobalFlowSig {
   private module Config0 implements DataFlowInternal::FullStateConfigSig {
     import Config
   }
@@ -62,3 +67,8 @@ module MakeWithState<DataFlow::StateConfigSig Config> implements DataFlow::DataF
 
   import DataFlowInternal::Impl<C>
 }
+
+/** DEPRECATED: Use `GlobalWithState` instead. */
+deprecated module MakeWithState<DataFlow::StateConfigSig Config> implements DataFlow::GlobalFlowSig {
+  import GlobalWithState<Config>
+}

cpp/ql/lib/semmle/code/cpp/security/boostorg/asio/protocols.qll

@@ -399,7 +399,7 @@ module BoostorgAsio {
       import Config
     }
 
-    import DataFlow::Make<C>
+    import DataFlow::Global<C>
   }
 
   /**
@@ -596,7 +596,7 @@ module BoostorgAsio {
     }
   }
 
-  module SslContextFlowsToSetOptionFlow = DataFlow::Make<SslContextFlowsToSetOptionConfig>;
+  module SslContextFlowsToSetOptionFlow = DataFlow::Global<SslContextFlowsToSetOptionConfig>;
 
   /**
    * An option value that flows to the first parameter of a call to `SetOptions()`.
@@ -640,5 +640,5 @@ module BoostorgAsio {
     }
   }
 
-  module SslOptionFlow = DataFlow::Make<SslOptionConfig>;
+  module SslOptionFlow = DataFlow::Global<SslOptionConfig>;
 }

cpp/ql/src/Critical/OverflowDestination.ql

@@ -84,11 +84,11 @@ module OverflowDestinationConfig implements DataFlow::ConfigSig {
   }
 }
 
-module OverflowDestination = TaintTracking::Make<OverflowDestinationConfig>;
+module OverflowDestination = TaintTracking::Global<OverflowDestinationConfig>;
 
 from FunctionCall fc, OverflowDestination::PathNode source, OverflowDestination::PathNode sink
 where
-  OverflowDestination::hasFlowPath(source, sink) and
+  OverflowDestination::flowPath(source, sink) and
   sourceSized(fc, sink.getNode().asIndirectConvertedExpr())
 select fc, source, sink,
   "To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size."

cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql

@@ -80,9 +80,9 @@ predicate introducesNewField(Class derived, Class base) {
   )
 }
 
-module CastToPointerArithFlow = DataFlow::MakeWithState<CastToPointerArithFlowConfig>;
+module CastToPointerArithFlow = DataFlow::GlobalWithState<CastToPointerArithFlowConfig>;
 
 from CastToPointerArithFlow::PathNode source, CastToPointerArithFlow::PathNode sink
-where CastToPointerArithFlow::hasFlowPath(source, sink)
+where CastToPointerArithFlow::flowPath(source, sink)
 select sink, source, sink, "This pointer arithmetic may be done with the wrong type because of $@.",
   source, "this cast"

cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql

@@ -146,13 +146,13 @@ module NonConstFlowConfig implements DataFlow::ConfigSig {
   predicate isBarrier(DataFlow::Node node) { isBarrierNode(node) }
 }
 
-module NonConstFlow = TaintTracking::Make<NonConstFlowConfig>;
+module NonConstFlow = TaintTracking::Global<NonConstFlowConfig>;
 
 from FormattingFunctionCall call, Expr formatString
 where
   call.getArgument(call.getFormatParameterIndex()) = formatString and
   exists(DataFlow::Node sink |
-    NonConstFlow::hasFlowTo(sink) and
+    NonConstFlow::flowTo(sink) and
     isSinkImpl(sink, formatString)
   )
 select formatString,

cpp/ql/src/Likely Bugs/Leap Year/Adding365DaysPerYear.ql

@@ -16,7 +16,7 @@ import LeapYear
 
 from Expr source, Expr sink
 where
-  PossibleYearArithmeticOperationCheckFlow::hasFlow(DataFlow::exprNode(source),
+  PossibleYearArithmeticOperationCheckFlow::flow(DataFlow::exprNode(source),
     DataFlow::exprNode(sink))
 select sink,
   "An arithmetic operation $@ that uses a constant value of 365 ends up modifying this date/time, without considering leap year scenarios.",

cpp/ql/src/Likely Bugs/Leap Year/LeapYear.qll

@@ -231,7 +231,7 @@ private module LeapYearCheckConfig implements DataFlow::ConfigSig {
   }
 }
 
-module LeapYearCheckFlow = DataFlow::Make<LeapYearCheckConfig>;
+module LeapYearCheckFlow = DataFlow::Global<LeapYearCheckConfig>;
 
 /**
  * Data flow configuration for finding an operation with hardcoded 365 that will flow into
@@ -284,7 +284,7 @@ private module FiletimeYearArithmeticOperationCheckConfig implements DataFlow::C
 }
 
 module FiletimeYearArithmeticOperationCheckFlow =
-  DataFlow::Make<FiletimeYearArithmeticOperationCheckConfig>;
+  DataFlow::Global<FiletimeYearArithmeticOperationCheckConfig>;
 
 /**
  * Taint configuration for finding an operation with hardcoded 365 that will flow into any known date/time field.
@@ -372,4 +372,4 @@ private module PossibleYearArithmeticOperationCheckConfig implements DataFlow::C
 }
 
 module PossibleYearArithmeticOperationCheckFlow =
-  TaintTracking::Make<PossibleYearArithmeticOperationCheckConfig>;
+  TaintTracking::Global<PossibleYearArithmeticOperationCheckConfig>;

cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql

@@ -31,16 +31,14 @@ where
       // If there is a data flow from the variable that was modified to a function that seems to check for leap year
       exists(VariableAccess source, ChecksForLeapYearFunctionCall fc |
         source = var.getAnAccess() and
-        LeapYearCheckFlow::hasFlow(DataFlow::exprNode(source),
-          DataFlow::exprNode(fc.getAnArgument()))
+        LeapYearCheckFlow::flow(DataFlow::exprNode(source), DataFlow::exprNode(fc.getAnArgument()))
       )
       or
       // If there is a data flow from the field that was modified to a function that seems to check for leap year
       exists(VariableAccess vacheck, YearFieldAccess yfacheck, ChecksForLeapYearFunctionCall fc |
         vacheck = var.getAnAccess() and
         yfacheck.getQualifier() = vacheck and
-        LeapYearCheckFlow::hasFlow(DataFlow::exprNode(yfacheck),
-          DataFlow::exprNode(fc.getAnArgument()))
+        LeapYearCheckFlow::flow(DataFlow::exprNode(yfacheck), DataFlow::exprNode(fc.getAnArgument()))
       )
       or
       // If there is a successor or predecessor that sets the month = 1

cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.ql

@@ -12,5 +12,5 @@ import cpp
 import NtohlArrayNoBound
 
 from DataFlow::Node source, DataFlow::Node sink
-where NetworkToBufferSizeFlow::hasFlow(source, sink)
+where NetworkToBufferSizeFlow::flow(source, sink)
 select sink, "Unchecked use of data from network function $@.", source, source.toString()

cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.qll

@@ -161,4 +161,4 @@ private module NetworkToBufferSizeConfig implements DataFlow::ConfigSig {
   }
 }
 
-module NetworkToBufferSizeFlow = DataFlow::Make<NetworkToBufferSizeConfig>;
+module NetworkToBufferSizeFlow = DataFlow::Global<NetworkToBufferSizeConfig>;

cpp/ql/src/Likely Bugs/Protocols/TlsSettingsMisconfiguration.ql

@@ -25,17 +25,17 @@ module ExistsAnyFlowConfig implements DataFlow::ConfigSig {
   }
 }
 
-module ExistsAnyFlow = DataFlow::Make<ExistsAnyFlowConfig>;
+module ExistsAnyFlow = DataFlow::Global<ExistsAnyFlowConfig>;
 
 bindingset[flag]
 predicate isOptionSet(ConstructorCall cc, int flag, FunctionCall fcSetOptions) {
   exists(VariableAccess contextSetOptions |
-    ExistsAnyFlow::hasFlow(DataFlow::exprNode(cc), DataFlow::exprNode(contextSetOptions)) and
+    ExistsAnyFlow::flow(DataFlow::exprNode(cc), DataFlow::exprNode(contextSetOptions)) and
     exists(BoostorgAsio::SslSetOptionsFunction f | f.getACallToThisFunction() = fcSetOptions |
       contextSetOptions = fcSetOptions.getQualifier() and
       forall(Expr optionArgument, Expr optionArgumentSource |
         optionArgument = fcSetOptions.getArgument(0) and
-        BoostorgAsio::SslOptionFlow::hasFlow(DataFlow::exprNode(optionArgumentSource),
+        BoostorgAsio::SslOptionFlow::flow(DataFlow::exprNode(optionArgumentSource),
           DataFlow::exprNode(optionArgument))
       |
         optionArgument.getValue().toInt().bitShiftRight(16).bitAnd(flag) = flag
@@ -49,7 +49,7 @@ predicate isOptionNotSet(ConstructorCall cc, int flag) { not isOptionSet(cc, fla
 
 from Expr protocolSource, Expr protocolSink, ConstructorCall cc, Expr e, string msg
 where
-  BoostorgAsio::SslContextCallTlsProtocolFlow::hasFlow(DataFlow::exprNode(protocolSource),
+  BoostorgAsio::SslContextCallTlsProtocolFlow::flow(DataFlow::exprNode(protocolSource),
     DataFlow::exprNode(protocolSink)) and
   cc.getArgument(0) = protocolSink and
   (

cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.ql

@@ -14,12 +14,12 @@ import semmle.code.cpp.security.boostorg.asio.protocols
 
 from Expr protocolSource, Expr protocolSink, ConstructorCall cc
 where
-  BoostorgAsio::SslContextCallFlow::hasFlow(DataFlow::exprNode(protocolSource),
+  BoostorgAsio::SslContextCallFlow::flow(DataFlow::exprNode(protocolSource),
     DataFlow::exprNode(protocolSink)) and
-  not BoostorgAsio::SslContextCallTlsProtocolFlow::hasFlow(DataFlow::exprNode(protocolSource),
+  not BoostorgAsio::SslContextCallTlsProtocolFlow::flow(DataFlow::exprNode(protocolSource),
     DataFlow::exprNode(protocolSink)) and
   cc.getArgument(0) = protocolSink and
-  BoostorgAsio::SslContextCallBannedProtocolFlow::hasFlow(DataFlow::exprNode(protocolSource),
+  BoostorgAsio::SslContextCallBannedProtocolFlow::flow(DataFlow::exprNode(protocolSource),
     DataFlow::exprNode(protocolSink))
 select protocolSink, "Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@.",
   cc, "boost::asio::ssl::context::context", protocolSource, protocolSource.toString(),

cpp/ql/src/Security/CWE/CWE-020/ExternalAPIs.qll

@@ -10,10 +10,10 @@ import ExternalAPIsSpecific
 
 /** A node representing untrusted data being passed to an external API. */
 class UntrustedExternalApiDataNode extends ExternalApiDataNode {
-  UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::hasFlow(_, this) }
+  UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flow(_, this) }
 
   /** Gets a source of untrusted data which is passed to this external API data node. */
-  DataFlow::Node getAnUntrustedSource() { UntrustedDataToExternalApiFlow::hasFlow(result, this) }
+  DataFlow::Node getAnUntrustedSource() { UntrustedDataToExternalApiFlow::flow(result, this) }
 }
 
 /** DEPRECATED: Alias for UntrustedExternalApiDataNode */

cpp/ql/src/Security/CWE/CWE-020/ExternalAPIsSpecific.qll

@@ -73,4 +73,4 @@ private module UntrustedDataToExternalApiConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode }
 }
 
-module UntrustedDataToExternalApiFlow = TaintTracking::Make<UntrustedDataToExternalApiConfig>;
+module UntrustedDataToExternalApiFlow = TaintTracking::Global<UntrustedDataToExternalApiConfig>;

cpp/ql/src/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.ql

@@ -16,7 +16,7 @@ import semmle.code.cpp.security.FlowSources
 import UntrustedDataToExternalApiFlow::PathGraph
 
 from UntrustedDataToExternalApiFlow::PathNode source, UntrustedDataToExternalApiFlow::PathNode sink
-where UntrustedDataToExternalApiFlow::hasFlowPath(source, sink)
+where UntrustedDataToExternalApiFlow::flowPath(source, sink)
 select sink, source, sink,
   "Call to " + sink.getNode().(ExternalApiDataNode).getExternalFunction().toString() +
     " with untrusted data from $@.", source, source.getNode().(RemoteFlowSource).getSourceType()

cpp/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql

@@ -15,7 +15,7 @@ import ExternalAPIs
 import UntrustedDataToExternalApiFlow::PathGraph
 
 from UntrustedDataToExternalApiFlow::PathNode source, UntrustedDataToExternalApiFlow::PathNode sink
-where UntrustedDataToExternalApiFlow::hasFlowPath(source, sink)
+where UntrustedDataToExternalApiFlow::flowPath(source, sink)
 select sink, source, sink,
   "Call to " + sink.getNode().(ExternalApiDataNode).getExternalFunction().toString() +
     " with untrusted data from $@.", source, source.toString()

cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIs.qll

@@ -10,10 +10,10 @@ import ExternalAPIsSpecific
 
 /** A node representing untrusted data being passed to an external API. */
 class UntrustedExternalApiDataNode extends ExternalApiDataNode {
-  UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::hasFlow(_, this) }
+  UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flow(_, this) }
 
   /** Gets a source of untrusted data which is passed to this external API data node. */
-  DataFlow::Node getAnUntrustedSource() { UntrustedDataToExternalApiFlow::hasFlow(result, this) }
+  DataFlow::Node getAnUntrustedSource() { UntrustedDataToExternalApiFlow::flow(result, this) }
 }
 
 /** DEPRECATED: Alias for UntrustedExternalApiDataNode */

cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIsSpecific.qll

@@ -63,4 +63,4 @@ private module UntrustedDataToExternalApiConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode }
 }
 
-module UntrustedDataToExternalApiFlow = TaintTracking::Make<UntrustedDataToExternalApiConfig>;
+module UntrustedDataToExternalApiFlow = TaintTracking::Global<UntrustedDataToExternalApiConfig>;

cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql

@@ -90,7 +90,7 @@ module TaintedPathConfig implements DataFlow::ConfigSig {
   }
 }
 
-module TaintedPath = TaintTracking::Make<TaintedPathConfig>;
+module TaintedPath = TaintTracking::Global<TaintedPathConfig>;
 
 from
   FileFunction fileFunction, Expr taintedArg, FlowSource taintSource,
@@ -98,7 +98,7 @@ from
 where
   taintedArg = sinkNode.getNode().asIndirectArgument() and
   fileFunction.outermostWrapperFunctionCall(taintedArg, callChain) and
-  TaintedPath::hasFlowPath(sourceNode, sinkNode) and
+  TaintedPath::flowPath(sourceNode, sinkNode) and
   taintSource = sourceNode.getNode()
 select taintedArg, sourceNode, sinkNode,
   "This argument to a file access function is derived from $@ and then passed to " + callChain + ".",

cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql

@@ -76,7 +76,7 @@ class ExecState extends TExecState {
   DataFlow::Node getOutgoingNode() { result = outgoing }
 
   /** Holds if this is a possible `ExecState` for `sink`. */
-  predicate isFeasibleForSink(DataFlow::Node sink) { ExecState::hasFlow(outgoing, sink) }
+  predicate isFeasibleForSink(DataFlow::Node sink) { ExecState::flow(outgoing, sink) }
 
   string toString() { result = "ExecState" }
 }
@@ -109,7 +109,7 @@ module ExecStateConfig implements DataFlow::ConfigSig {
   }
 }
 
-module ExecState = TaintTracking::Make<ExecStateConfig>;
+module ExecState = TaintTracking::Global<ExecStateConfig>;
 
 module ExecTaintConfig implements DataFlow::StateConfigSig {
   class FlowState = TState;
@@ -141,13 +141,13 @@ module ExecTaintConfig implements DataFlow::StateConfigSig {
   }
 }
 
-module ExecTaint = TaintTracking::MakeWithState<ExecTaintConfig>;
+module ExecTaint = TaintTracking::GlobalWithState<ExecTaintConfig>;
 
 from
   ExecTaint::PathNode sourceNode, ExecTaint::PathNode sinkNode, string taintCause, string callChain,
   DataFlow::Node concatResult, Expr command
 where
-  ExecTaint::hasFlowPath(sourceNode, sinkNode) and
+  ExecTaint::flowPath(sourceNode, sinkNode) and
   taintCause = sourceNode.getNode().(FlowSource).getSourceType() and
   isSinkImpl(sinkNode.getNode(), command, callChain) and
   concatResult = sinkNode.getState().(ExecState).getOutgoingNode()

cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql

@@ -114,13 +114,13 @@ module ImproperArrayIndexValidationConfig implements DataFlow::ConfigSig {
   }
 }
 
-module ImproperArrayIndexValidation = TaintTracking::Make<ImproperArrayIndexValidationConfig>;
+module ImproperArrayIndexValidation = TaintTracking::Global<ImproperArrayIndexValidationConfig>;
 
 from
   ImproperArrayIndexValidation::PathNode source, ImproperArrayIndexValidation::PathNode sink,
   string sourceType
 where
-  ImproperArrayIndexValidation::hasFlowPath(source, sink) and
+  ImproperArrayIndexValidation::flowPath(source, sink) and
   isFlowSource(source.getNode(), sourceType)
 select sink.getNode(), source, sink,
   "An array indexing expression depends on $@ that might be outside the bounds of the array.",

cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql

@@ -122,7 +122,7 @@ module UncontrolledArithConfig implements DataFlow::ConfigSig {
   }
 }
 
-module UncontrolledArith = TaintTracking::Make<UncontrolledArithConfig>;
+module UncontrolledArith = TaintTracking::Global<UncontrolledArithConfig>;
 
 /** Gets the expression that corresponds to `node`, if any. */
 Expr getExpr(DataFlow::Node node) { result = [node.asExpr(), node.asDefiningArgument()] }
@@ -131,7 +131,7 @@ from
   UncontrolledArith::PathNode source, UncontrolledArith::PathNode sink, VariableAccess va,
   string effect
 where
-  UncontrolledArith::hasFlowPath(source, sink) and
+  UncontrolledArith::flowPath(source, sink) and
   sink.getNode().asExpr() = va and
   missingGuard(va, effect)
 select sink.getNode(), source, sink,

cpp/ql/src/Security/CWE/CWE-190/TaintedAllocationSize.ql

@@ -95,14 +95,14 @@ module TaintedAllocationSizeConfig implements DataFlow::ConfigSig {
   }
 }
 
-module TaintedAllocationSize = TaintTracking::Make<TaintedAllocationSizeConfig>;
+module TaintedAllocationSize = TaintTracking::Global<TaintedAllocationSizeConfig>;
 
 from
   Expr alloc, TaintedAllocationSize::PathNode source, TaintedAllocationSize::PathNode sink,
   string taintCause
 where
   isFlowSource(source.getNode(), taintCause) and
-  TaintedAllocationSize::hasFlowPath(source, sink) and
+  TaintedAllocationSize::flowPath(source, sink) and
   allocSink(alloc, sink.getNode())
 select alloc, source, sink, "This allocation size is derived from $@ and might overflow.",
   source.getNode(), "user input (" + taintCause + ")"

cpp/ql/src/Security/CWE/CWE-295/SSLResultConflation.ql

@@ -33,14 +33,14 @@ module VerifyResultConfig implements DataFlow::ConfigSig {
   }
 }
 
-module VerifyResult = DataFlow::Make<VerifyResultConfig>;
+module VerifyResult = DataFlow::Global<VerifyResultConfig>;
 
 from
   DataFlow::Node source, DataFlow::Node sink1, DataFlow::Node sink2, GuardCondition guard, Expr c1,
   Expr c2, boolean testIsTrue
 where
-  VerifyResult::hasFlow(source, sink1) and
-  VerifyResult::hasFlow(source, sink2) and
+  VerifyResult::flow(source, sink1) and
+  VerifyResult::flow(source, sink2) and
   guard.comparesEq(sink1.asExpr(), c1, 0, false, testIsTrue) and // (value != c1) => testIsTrue
   guard.comparesEq(sink2.asExpr(), c2, 0, false, testIsTrue) and // (value != c2) => testIsTrue
   c1.getValue().toInt() = 0 and

cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql

@@ -49,7 +49,7 @@ module ToBufferConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { isSinkImpl(sink, _) }
 }
 
-module ToBufferFlow = TaintTracking::Make<ToBufferConfig>;
+module ToBufferFlow = TaintTracking::Global<ToBufferConfig>;
 
 predicate isSinkImpl(DataFlow::Node sink, SensitiveBufferWrite w) {
   w.getASource() = sink.asIndirectExpr()
@@ -59,7 +59,7 @@ from
   SensitiveBufferWrite w, ToBufferFlow::PathNode sourceNode, ToBufferFlow::PathNode sinkNode,
   FlowSource source
 where
-  ToBufferFlow::hasFlowPath(sourceNode, sinkNode) and
+  ToBufferFlow::flowPath(sourceNode, sinkNode) and
   sourceNode.getNode() = source and
   isSinkImpl(sinkNode.getNode(), w)
 select w, sourceNode, sinkNode,

cpp/ql/src/Security/CWE/CWE-311/CleartextFileWrite.ql

@@ -33,7 +33,7 @@ module FromSensitiveConfig implements DataFlow::ConfigSig {
   }
 }
 
-module FromSensitiveFlow = TaintTracking::Make<FromSensitiveConfig>;
+module FromSensitiveFlow = TaintTracking::Global<FromSensitiveConfig>;
 
 predicate isSinkImpl(DataFlow::Node sink, FileWrite w, Expr dest) {
   exists(Expr e |
@@ -81,7 +81,7 @@ from
   SensitiveExpr source, FromSensitiveFlow::PathNode sourceNode, FromSensitiveFlow::PathNode midNode,
   FileWrite w, Expr dest
 where
-  FromSensitiveFlow::hasFlowPath(sourceNode, midNode) and
+  FromSensitiveFlow::flowPath(sourceNode, midNode) and
   isSourceImpl(sourceNode.getNode(), source) and
   isSinkImpl(midNode.getNode(), w, dest)
 select w, sourceNode, midNode,

cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql

@@ -250,13 +250,13 @@ module FromSensitiveConfig implements DataFlow::ConfigSig {
   }
 }
 
-module FromSensitiveFlow = TaintTracking::Make<FromSensitiveConfig>;
+module FromSensitiveFlow = TaintTracking::Global<FromSensitiveConfig>;
 
 /**
  * A taint flow configuration for flow from a sensitive expression to an encryption operation.
  */
 module ToEncryptionConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { FromSensitiveFlow::hasFlow(source, _) }
+  predicate isSource(DataFlow::Node source) { FromSensitiveFlow::flow(source, _) }
 
   predicate isSink(DataFlow::Node sink) { isSinkEncrypt(sink, _) }
 
@@ -271,7 +271,7 @@ module ToEncryptionConfig implements DataFlow::ConfigSig {
   }
 }
 
-module ToEncryptionFlow = TaintTracking::Make<ToEncryptionConfig>;
+module ToEncryptionFlow = TaintTracking::Global<ToEncryptionConfig>;
 
 /**
  * A taint flow configuration for flow from an encryption operation to a network operation.
@@ -279,25 +279,25 @@ module ToEncryptionFlow = TaintTracking::Make<ToEncryptionConfig>;
 module FromEncryptionConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { isSinkEncrypt(source, _) }
 
-  predicate isSink(DataFlow::Node sink) { FromSensitiveFlow::hasFlowTo(sink) }
+  predicate isSink(DataFlow::Node sink) { FromSensitiveFlow::flowTo(sink) }
 
   predicate isBarrier(DataFlow::Node node) {
     node.asExpr().getUnspecifiedType() instanceof IntegralType
   }
 }
 
-module FromEncryptionFlow = TaintTracking::Make<FromEncryptionConfig>;
+module FromEncryptionFlow = TaintTracking::Global<FromEncryptionConfig>;
 
 from
   FromSensitiveFlow::PathNode source, FromSensitiveFlow::PathNode sink,
   NetworkSendRecv networkSendRecv, string msg
 where
   // flow from sensitive -> network data
-  FromSensitiveFlow::hasFlowPath(source, sink) and
+  FromSensitiveFlow::flowPath(source, sink) and
   isSinkSendRecv(sink.getNode(), networkSendRecv) and
   // no flow from sensitive -> evidence of encryption
-  not ToEncryptionFlow::hasFlow(source.getNode(), _) and
-  not FromEncryptionFlow::hasFlowTo(sink.getNode()) and
+  not ToEncryptionFlow::flow(source.getNode(), _) and
+  not FromEncryptionFlow::flowTo(sink.getNode()) and
   // construct result
   if networkSendRecv instanceof NetworkSend
   then

cpp/ql/src/Security/CWE/CWE-313/CleartextSqliteDatabase.ql

@@ -125,13 +125,13 @@ module FromSensitiveConfig implements DataFlow::ConfigSig {
   }
 }
 
-module FromSensitiveFlow = TaintTracking::Make<FromSensitiveConfig>;
+module FromSensitiveFlow = TaintTracking::Global<FromSensitiveConfig>;
 
 from
   SensitiveExpr sensitive, FromSensitiveFlow::PathNode source, FromSensitiveFlow::PathNode sink,
   SqliteFunctionCall sqliteCall
 where
-  FromSensitiveFlow::hasFlowPath(source, sink) and
+  FromSensitiveFlow::flowPath(source, sink) and
   isSourceImpl(source.getNode(), sensitive) and
   isSinkImpl(sink.getNode(), sqliteCall, _)
 select sqliteCall, source, sink,

cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql

@@ -89,10 +89,10 @@ module HttpStringToUrlOpenConfig implements DataFlow::ConfigSig {
   }
 }
 
-module HttpStringToUrlOpen = TaintTracking::Make<HttpStringToUrlOpenConfig>;
+module HttpStringToUrlOpen = TaintTracking::Global<HttpStringToUrlOpenConfig>;
 
 from HttpStringToUrlOpen::PathNode source, HttpStringToUrlOpen::PathNode sink, HttpStringLiteral str
 where
-  HttpStringToUrlOpen::hasFlowPath(source, sink) and
+  HttpStringToUrlOpen::flowPath(source, sink) and
   str = source.getNode().asIndirectExpr()
 select str, source, sink, "This URL may be constructed with the HTTP protocol."

cpp/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql

@@ -46,13 +46,13 @@ module KeyStrengthFlowConfig implements DataFlow::ConfigSig {
   }
 }
 
-module KeyStrengthFlow = DataFlow::Make<KeyStrengthFlowConfig>;
+module KeyStrengthFlow = DataFlow::Global<KeyStrengthFlowConfig>;
 
 from
   KeyStrengthFlow::PathNode source, KeyStrengthFlow::PathNode sink, FunctionCall fc, int param,
   string name, int minimumBits, int bits
 where
-  KeyStrengthFlow::hasFlowPath(source, sink) and
+  KeyStrengthFlow::flowPath(source, sink) and
   sink.getNode().asExpr() = fc.getArgument(param) and
   fc.getTarget().hasGlobalName(name) and
   minimumBits = getMinimumKeyStrength(name, param) and

cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.ql

@@ -64,7 +64,7 @@ module NullAppNameCreateProcessFunctionConfig implements DataFlow::ConfigSig {
   }
 }
 
-module NullAppNameCreateProcessFunction = DataFlow::Make<NullAppNameCreateProcessFunctionConfig>;
+module NullAppNameCreateProcessFunction = DataFlow::Global<NullAppNameCreateProcessFunctionConfig>;
 
 /**
  * Dataflow that detects a call to CreateProcess with an unquoted commandLine argument
@@ -85,7 +85,7 @@ module QuotedCommandInCreateProcessFunctionConfig implements DataFlow::ConfigSig
 }
 
 module QuotedCommandInCreateProcessFunction =
-  DataFlow::Make<QuotedCommandInCreateProcessFunctionConfig>;
+  DataFlow::Global<QuotedCommandInCreateProcessFunctionConfig>;
 
 bindingset[s]
 predicate isQuotedOrNoSpaceApplicationNameOnCmd(string s) {
@@ -98,12 +98,12 @@ from CreateProcessFunctionCall call, string msg1, string msg2
 where
   exists(Expr appName |
     appName = call.getArgument(call.getApplicationNameArgumentId()) and
-    NullAppNameCreateProcessFunction::hasFlowToExpr(appName) and
+    NullAppNameCreateProcessFunction::flowToExpr(appName) and
     msg1 = call.toString() + " with lpApplicationName == NULL (" + appName + ")"
   ) and
   exists(Expr cmd |
     cmd = call.getArgument(call.getCommandLineArgumentId()) and
-    QuotedCommandInCreateProcessFunction::hasFlowToExpr(cmd) and
+    QuotedCommandInCreateProcessFunction::flowToExpr(cmd) and
     msg2 =
       " and with an unquoted lpCommandLine (" + cmd +
         ") introduces a security vulnerability if the path contains spaces."

cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql

@@ -30,15 +30,15 @@ module ExposedSystemDataConfig implements DataFlow::ConfigSig {
   }
 }
 
-module ExposedSystemData = TaintTracking::Make<ExposedSystemDataConfig>;
+module ExposedSystemData = TaintTracking::Global<ExposedSystemDataConfig>;
 
 from ExposedSystemData::PathNode source, ExposedSystemData::PathNode sink
 where
-  ExposedSystemData::hasFlowPath(source, sink) and
+  ExposedSystemData::flowPath(source, sink) and
   not exists(
     DataFlow::Node alt // remove duplicate results on conversions
   |
-    ExposedSystemData::hasFlow(source.getNode(), alt) and
+    ExposedSystemData::flow(source.getNode(), alt) and
     alt.asConvertedExpr() = sink.getNode().asIndirectExpr() and
     alt != sink.getNode()
   )

cpp/ql/src/Security/CWE/CWE-497/PotentiallyExposedSystemData.ql

@@ -51,9 +51,9 @@ module PotentiallyExposedSystemDataConfig implements DataFlow::ConfigSig {
   }
 }
 
-module PotentiallyExposedSystemData = TaintTracking::Make<PotentiallyExposedSystemDataConfig>;
+module PotentiallyExposedSystemData = TaintTracking::Global<PotentiallyExposedSystemDataConfig>;
 
 from PotentiallyExposedSystemData::PathNode source, PotentiallyExposedSystemData::PathNode sink
-where PotentiallyExposedSystemData::hasFlowPath(source, sink)
+where PotentiallyExposedSystemData::flowPath(source, sink)
 select sink, source, sink, "This operation potentially exposes sensitive system data from $@.",
   source, source.getNode().toString()

cpp/ql/src/Security/CWE/CWE-611/XXE.ql

@@ -45,9 +45,9 @@ module XxeConfig implements DataFlow::StateConfigSig {
   }
 }
 
-module XxeFlow = DataFlow::MakeWithState<XxeConfig>;
+module XxeFlow = DataFlow::GlobalWithState<XxeConfig>;
 
 from XxeFlow::PathNode source, XxeFlow::PathNode sink
-where XxeFlow::hasFlowPath(source, sink)
+where XxeFlow::flowPath(source, sink)
 select sink, source, sink,
   "This $@ is not configured to prevent an XML external entity (XXE) attack.", source, "XML parser"

cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql

@@ -39,7 +39,7 @@ module NullDaclConfig implements DataFlow::ConfigSig {
   }
 }
 
-module NullDaclFlow = DataFlow::Make<NullDaclConfig>;
+module NullDaclFlow = DataFlow::Global<NullDaclConfig>;
 
 /**
  * Dataflow that detects a call to SetSecurityDescriptorDacl with a pDacl
@@ -70,7 +70,7 @@ module NonNullDaclConfig implements DataFlow::ConfigSig {
   }
 }
 
-module NonNullDaclFlow = DataFlow::Make<NonNullDaclConfig>;
+module NonNullDaclFlow = DataFlow::Global<NonNullDaclConfig>;
 
 from SetSecurityDescriptorDaclFunctionCall call, string message
 where
@@ -88,7 +88,7 @@ where
         " that is set to NULL will result in an unprotected object."
   |
     var = call.getArgument(2) and
-    NullDaclFlow::hasFlowToExpr(var) and
-    not NonNullDaclFlow::hasFlowToExpr(var)
+    NullDaclFlow::flowToExpr(var) and
+    not NonNullDaclFlow::flowToExpr(var)
   )
 select call, message

cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.ql

@@ -50,9 +50,9 @@ module WordexpTaintConfig implements DataFlow::ConfigSig {
   }
 }
 
-module WordexpTaint = TaintTracking::Make<WordexpTaintConfig>;
+module WordexpTaint = TaintTracking::Global<WordexpTaintConfig>;
 
 from WordexpTaint::PathNode sourceNode, WordexpTaint::PathNode sinkNode
-where WordexpTaint::hasFlowPath(sourceNode, sinkNode)
+where WordexpTaint::flowPath(sourceNode, sinkNode)
 select sinkNode.getNode(), sourceNode, sinkNode,
   "Using user-supplied data in a `wordexp` command, without disabling command substitution, can make code vulnerable to command injection."

cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql

@@ -32,10 +32,10 @@ module MultToAllocConfig implements DataFlow::ConfigSig {
   }
 }
 
-module MultToAlloc = DataFlow::Make<MultToAllocConfig>;
+module MultToAlloc = DataFlow::Global<MultToAllocConfig>;
 
 from MultToAlloc::PathNode source, MultToAlloc::PathNode sink
-where MultToAlloc::hasFlowPath(source, sink)
+where MultToAlloc::flowPath(source, sink)
 select sink, source, sink,
   "Potentially overflowing value from $@ is used in the size of this allocation.", source,
   "multiplication"

cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql

@@ -43,7 +43,8 @@ module FieldAddressToPointerArithmeticConfig implements DataFlow::ConfigSig {
   }
 }
 
-module FieldAddressToPointerArithmeticFlow = DataFlow::Make<FieldAddressToPointerArithmeticConfig>;
+module FieldAddressToPointerArithmeticFlow =
+  DataFlow::Global<FieldAddressToPointerArithmeticConfig>;
 
 predicate isFieldAddressSource(Field f, DataFlow::Node source) {
   source.asInstruction().(FieldAddressInstruction).getField() = f
@@ -70,7 +71,7 @@ predicate isInvalidPointerDerefSink(DataFlow::Node sink, Instruction i, string o
 
 predicate isConstantSizeOverflowSource(Field f, PointerAddInstruction pai, int delta) {
   exists(int size, int bound, DataFlow::Node source, DataFlow::InstructionNode sink |
-    FieldAddressToPointerArithmeticFlow::hasFlow(source, sink) and
+    FieldAddressToPointerArithmeticFlow::flow(source, sink) and
     isFieldAddressSource(f, source) and
     pai.getLeft() = sink.asInstruction() and
     f.getUnspecifiedType().(ArrayType).getArraySize() = size and
@@ -90,13 +91,13 @@ module PointerArithmeticToDerefConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { isInvalidPointerDerefSink(sink, _, _) }
 }
 
-module PointerArithmeticToDerefFlow = DataFlow::Make<PointerArithmeticToDerefConfig>;
+module PointerArithmeticToDerefFlow = DataFlow::Global<PointerArithmeticToDerefConfig>;
 
 from
   Field f, PointerArithmeticToDerefFlow::PathNode source,
   PointerArithmeticToDerefFlow::PathNode sink, Instruction deref, string operation, int delta
 where
-  PointerArithmeticToDerefFlow::hasFlowPath(source, sink) and
+  PointerArithmeticToDerefFlow::flowPath(source, sink) and
   isInvalidPointerDerefSink(sink.getNode(), deref, operation) and
   isConstantSizeOverflowSource(f, source.getNode().asInstruction(), delta)
 select source, source, sink,

cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql

@@ -209,7 +209,7 @@ module InvalidPointerToDerefConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { isInvalidPointerDerefSink(sink, _, _) }
 }
 
-module InvalidPointerToDerefFlow = DataFlow::Make<InvalidPointerToDerefConfig>;
+module InvalidPointerToDerefFlow = DataFlow::Global<InvalidPointerToDerefConfig>;
 
 /**
  * Holds if `pai` is a pointer-arithmetic operation and `source` is a dataflow node with a
@@ -241,7 +241,7 @@ newtype TMergedPathNode =
   // pointer, but we want to raise an alert at the dereference.
   TPathNodeSink(Instruction i) {
     exists(DataFlow::Node n |
-      InvalidPointerToDerefFlow::hasFlow(_, n) and
+      InvalidPointerToDerefFlow::flow(_, n) and
       isInvalidPointerDerefSink(n, i, _)
     )
   }
@@ -349,7 +349,7 @@ predicate hasFlowPath(
   |
     conf1.hasFlowPath(source1.asPathNode1(), _, sink1, _) and
     joinOn1(pai, sink1, source3) and
-    InvalidPointerToDerefFlow::hasFlowPath(source3, sink3) and
+    InvalidPointerToDerefFlow::flowPath(source3, sink3) and
     joinOn2(sink3, sink.asSinkNode(), operation)
   )
 }

cpp/ql/src/experimental/Security/CWE/CWE-359/PrivateCleartextWrite.ql

@@ -16,7 +16,7 @@ import experimental.semmle.code.cpp.security.PrivateCleartextWrite::PrivateClear
 import WriteFlow::PathGraph
 
 from WriteFlow::PathNode source, WriteFlow::PathNode sink
-where WriteFlow::hasFlowPath(source, sink)
+where WriteFlow::flowPath(source, sink)
 select sink.getNode(), source, sink,
   "This write into the external location '" + sink.getNode() +
     "' may contain unencrypted data from $@.", source, "this source of private data."

cpp/ql/test/examples/docs-examples/analyzing-data-flow-in-cpp/exercise2.ql

@@ -12,11 +12,11 @@ module LiteralToGethostbynameConfig implements DataFlow::ConfigSig {
   }
 }
 
-module LiteralToGethostbynameFlow = DataFlow::Make<LiteralToGethostbynameConfig>;
+module LiteralToGethostbynameFlow = DataFlow::Global<LiteralToGethostbynameConfig>;
 
 from StringLiteral sl, FunctionCall fc, DataFlow::Node source, DataFlow::Node sink
 where
   source.asIndirectExpr(1) = sl and
   sink.asIndirectExpr(1) = fc.getArgument(0) and
-  LiteralToGethostbynameFlow::hasFlow(source, sink)
+  LiteralToGethostbynameFlow::flow(source, sink)
 select sl, fc

cpp/ql/test/examples/docs-examples/analyzing-data-flow-in-cpp/exercise4.ql

@@ -16,11 +16,11 @@ module GetenvToGethostbynameConfig implements DataFlow::ConfigSig {
   }
 }
 
-module GetenvToGethostbynameFlow = DataFlow::Make<GetenvToGethostbynameConfig>;
+module GetenvToGethostbynameFlow = DataFlow::Global<GetenvToGethostbynameConfig>;
 
 from Expr getenv, FunctionCall fc, DataFlow::Node source, DataFlow::Node sink
 where
   source.asIndirectExpr(1) = getenv and
   sink.asIndirectExpr(1) = fc.getArgument(0) and
-  GetenvToGethostbynameFlow::hasFlow(source, sink)
+  GetenvToGethostbynameFlow::flow(source, sink)
 select getenv, fc

cpp/ql/test/examples/docs-examples/analyzing-data-flow-in-cpp/fopen-flow-from-getenv.ql

@@ -17,11 +17,11 @@ module EnvironmentToFileConfig implements DataFlow::ConfigSig {
   }
 }
 
-module EnvironmentToFileFlow = DataFlow::Make<EnvironmentToFileConfig>;
+module EnvironmentToFileFlow = DataFlow::Global<EnvironmentToFileConfig>;
 
 from Expr getenv, Expr fopen, DataFlow::Node source, DataFlow::Node sink
 where
   source.asIndirectExpr(1) = getenv and
   sink.asIndirectExpr(1) = fopen and
-  EnvironmentToFileFlow::hasFlow(source, sink)
+  EnvironmentToFileFlow::flow(source, sink)
 select fopen, "This 'fopen' uses data from $@.", getenv, "call to 'getenv'"

cpp/ql/test/examples/docs-examples/analyzing-data-flow-in-cpp/index-flow-from-ntohl.ql

@@ -30,9 +30,9 @@ module NetworkToBufferSizeConfig implements DataFlow::ConfigSig {
   }
 }
 
-module NetworkToBufferSizeFlow = TaintTracking::Make<NetworkToBufferSizeConfig>;
+module NetworkToBufferSizeFlow = TaintTracking::Global<NetworkToBufferSizeConfig>;
 
 from DataFlow::Node ntohl, DataFlow::Node offset
-where NetworkToBufferSizeFlow::hasFlow(ntohl, offset)
+where NetworkToBufferSizeFlow::flow(ntohl, offset)
 select offset, "This array offset may be influenced by $@.", ntohl,
   "converted data from the network"

cpp/ql/test/library-tests/dataflow/additional-flow-to-parameter/standardFlow.ql

@@ -14,8 +14,8 @@ module TestConfig implements DataFlow::ConfigSig {
   }
 }
 
-module TestFlow = DataFlow::Make<TestConfig>;
+module TestFlow = DataFlow::Global<TestConfig>;
 
 from DataFlow::Node sink, DataFlow::Node source
-where TestFlow::hasFlow(source, sink)
+where TestFlow::flow(source, sink)
 select sink, source

cpp/ql/test/library-tests/dataflow/additional-flow-to-parameter/withAdditionalFlow.ql

@@ -25,8 +25,8 @@ module TestConfig implements DataFlow::ConfigSig {
   }
 }
 
-module TestFlow = DataFlow::Make<TestConfig>;
+module TestFlow = DataFlow::Global<TestConfig>;
 
 from DataFlow::Node sink, DataFlow::Node source
-where TestFlow::hasFlow(source, sink)
+where TestFlow::flow(source, sink)
 select sink, source

cpp/ql/test/library-tests/dataflow/crement/from0.ql

@@ -7,8 +7,8 @@ module Cfg implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof VariableAccess }
 }
 
-module Flow = DataFlow::Make<Cfg>;
+module Flow = DataFlow::Global<Cfg>;
 
 from Expr sink
-where Flow::hasFlowToExpr(sink)
+where Flow::flowToExpr(sink)
 select sink

csharp/ql/lib/change-notes/2023-03-23-dataflow-renaming.md

@@ -0,0 +1,6 @@
+---
+category: deprecated
+---
+* The recently introduced new data flow and taint tracking APIs have had a
+  number of module and predicate renamings. The old APIs remain in place for
+  now.

csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlow.qll

@@ -2,7 +2,7 @@
  * Provides an implementation of global (interprocedural) data flow. This file
  * re-exports the local (intraprocedural) data flow analysis from
  * `DataFlowImplSpecific::Public` and adds a global analysis, mainly exposed
- * through the `Make` and `MakeWithState` modules.
+ * through the `Global` and `GlobalWithState` modules.
  */
 
 private import DataFlowImplCommon
@@ -73,10 +73,10 @@ signature module ConfigSig {
    */
   default FlowFeature getAFeature() { none() }
 
-  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  /** Holds if sources should be grouped in the result of `flowPath`. */
   default predicate sourceGrouping(Node source, string sourceGroup) { none() }
 
-  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  /** Holds if sinks should be grouped in the result of `flowPath`. */
   default predicate sinkGrouping(Node sink, string sinkGroup) { none() }
 
   /**
@@ -166,10 +166,10 @@ signature module StateConfigSig {
    */
   default FlowFeature getAFeature() { none() }
 
-  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  /** Holds if sources should be grouped in the result of `flowPath`. */
   default predicate sourceGrouping(Node source, string sourceGroup) { none() }
 
-  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  /** Holds if sinks should be grouped in the result of `flowPath`. */
   default predicate sinkGrouping(Node sink, string sinkGroup) { none() }
 
   /**
@@ -182,15 +182,15 @@ signature module StateConfigSig {
 }
 
 /**
- * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
+ * Gets the exploration limit for `partialFlow` and `partialFlowRev`
  * measured in approximate number of interprocedural steps.
  */
 signature int explorationLimitSig();
 
 /**
- * The output of a data flow computation.
+ * The output of a global data flow computation.
  */
-signature module DataFlowSig {
+signature module GlobalFlowSig {
   /**
    * A `Node` augmented with a call context (except for sinks) and an access path.
    * Only those `PathNode`s that are reachable from a source, and which can reach a sink, are generated.
@@ -203,28 +203,28 @@ signature module DataFlowSig {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink);
+  predicate flowPath(PathNode source, PathNode sink);
 
   /**
    * Holds if data can flow from `source` to `sink`.
    */
-  predicate hasFlow(Node source, Node sink);
+  predicate flow(Node source, Node sink);
 
   /**
    * Holds if data can flow from some source to `sink`.
    */
-  predicate hasFlowTo(Node sink);
+  predicate flowTo(Node sink);
 
   /**
    * Holds if data can flow from some source to `sink`.
    */
-  predicate hasFlowToExpr(DataFlowExpr sink);
+  predicate flowToExpr(DataFlowExpr sink);
 }
 
 /**
  * Constructs a standard data flow computation.
  */
-module Make<ConfigSig Config> implements DataFlowSig {
+module Global<ConfigSig Config> implements GlobalFlowSig {
   private module C implements FullStateConfigSig {
     import DefaultState<Config>
     import Config
@@ -233,10 +233,15 @@ module Make<ConfigSig Config> implements DataFlowSig {
   import Impl<C>
 }
 
+/** DEPRECATED: Use `Global` instead. */
+deprecated module Make<ConfigSig Config> implements GlobalFlowSig {
+  import Global<Config>
+}
+
 /**
  * Constructs a data flow computation using flow state.
  */
-module MakeWithState<StateConfigSig Config> implements DataFlowSig {
+module GlobalWithState<StateConfigSig Config> implements GlobalFlowSig {
   private module C implements FullStateConfigSig {
     import Config
   }
@@ -244,6 +249,11 @@ module MakeWithState<StateConfigSig Config> implements DataFlowSig {
   import Impl<C>
 }
 
+/** DEPRECATED: Use `GlobalWithState` instead. */
+deprecated module MakeWithState<StateConfigSig Config> implements GlobalFlowSig {
+  import GlobalWithState<Config>
+}
+
 signature class PathNodeSig {
   /** Gets a textual representation of this element. */
   string toString();

csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll

@@ -91,10 +91,10 @@ signature module FullStateConfigSig {
    */
   FlowFeature getAFeature();
 
-  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  /** Holds if sources should be grouped in the result of `flowPath`. */
   predicate sourceGrouping(Node source, string sourceGroup);
 
-  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  /** Holds if sinks should be grouped in the result of `flowPath`. */
   predicate sinkGrouping(Node sink, string sinkGroup);
 
   /**
@@ -3629,7 +3629,7 @@ module Impl<FullStateConfigSig Config> {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) {
+  predicate flowPath(PathNode source, PathNode sink) {
     exists(PathNodeImpl flowsource, PathNodeImpl flowsink |
       source = flowsource and sink = flowsink
     |
@@ -3639,6 +3639,9 @@ module Impl<FullStateConfigSig Config> {
     )
   }
 
+  /** DEPRECATED: Use `flowPath` instead. */
+  deprecated predicate hasFlowPath = flowPath/2;
+
   private predicate flowsTo(PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink) {
     flowsource.isSource() and
     flowsource.getNodeEx().asNode() = source and
@@ -3649,17 +3652,26 @@ module Impl<FullStateConfigSig Config> {
   /**
    * Holds if data can flow from `source` to `sink`.
    */
-  predicate hasFlow(Node source, Node sink) { flowsTo(_, _, source, sink) }
+  predicate flow(Node source, Node sink) { flowsTo(_, _, source, sink) }
+
+  /** DEPRECATED: Use `flow` instead. */
+  deprecated predicate hasFlow = flow/2;
 
   /**
    * Holds if data can flow from some source to `sink`.
    */
-  predicate hasFlowTo(Node sink) { sink = any(PathNodeSink n).getNodeEx().asNode() }
+  predicate flowTo(Node sink) { sink = any(PathNodeSink n).getNodeEx().asNode() }
+
+  /** DEPRECATED: Use `flowTo` instead. */
+  deprecated predicate hasFlowTo = flowTo/1;
 
   /**
    * Holds if data can flow from some source to `sink`.
    */
-  predicate hasFlowToExpr(DataFlowExpr sink) { hasFlowTo(exprNode(sink)) }
+  predicate flowToExpr(DataFlowExpr sink) { flowTo(exprNode(sink)) }
+
+  /** DEPRECATED: Use `flowToExpr` instead. */
+  deprecated predicate hasFlowToExpr = flowToExpr/1;
 
   private predicate finalStats(
     boolean fwd, int nodes, int fields, int conscand, int states, int tuples
@@ -4570,7 +4582,7 @@ module Impl<FullStateConfigSig Config> {
      *
      * To use this in a `path-problem` query, import the module `PartialPathGraph`.
      */
-    predicate hasPartialFlow(PartialPathNode source, PartialPathNode node, int dist) {
+    predicate partialFlow(PartialPathNode source, PartialPathNode node, int dist) {
       partialFlow(source, node) and
       dist = node.getSourceDistance()
     }
@@ -4590,7 +4602,7 @@ module Impl<FullStateConfigSig Config> {
      * Note that reverse flow has slightly lower precision than the corresponding
      * forward flow, as reverse flow disregards type pruning among other features.
      */
-    predicate hasPartialFlowRev(PartialPathNode node, PartialPathNode sink, int dist) {
+    predicate partialFlowRev(PartialPathNode node, PartialPathNode sink, int dist) {
       revPartialFlow(node, sink) and
       dist = node.getSinkDistance()
     }

csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl1.qll

@@ -1,5 +1,5 @@
 /**
- * DEPRECATED: Use `Make` and `MakeWithState` instead.
+ * DEPRECATED: Use `Global` and `GlobalWithState` instead.
  *
  * Provides a `Configuration` class backwards-compatible interface to the data
  * flow library.
@@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }
 
 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  hasFlowPath(source, sink) and source.getConfiguration() = config
+  flowPath(source, sink) and source.getConfiguration() = config
 }
 
 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }

csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll

@@ -1,5 +1,5 @@
 /**
- * DEPRECATED: Use `Make` and `MakeWithState` instead.
+ * DEPRECATED: Use `Global` and `GlobalWithState` instead.
  *
  * Provides a `Configuration` class backwards-compatible interface to the data
  * flow library.
@@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }
 
 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  hasFlowPath(source, sink) and source.getConfiguration() = config
+  flowPath(source, sink) and source.getConfiguration() = config
 }
 
 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }

csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll

@@ -1,5 +1,5 @@
 /**
- * DEPRECATED: Use `Make` and `MakeWithState` instead.
+ * DEPRECATED: Use `Global` and `GlobalWithState` instead.
  *
  * Provides a `Configuration` class backwards-compatible interface to the data
  * flow library.
@@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }
 
 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  hasFlowPath(source, sink) and source.getConfiguration() = config
+  flowPath(source, sink) and source.getConfiguration() = config
 }
 
 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }

csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll

@@ -1,5 +1,5 @@
 /**
- * DEPRECATED: Use `Make` and `MakeWithState` instead.
+ * DEPRECATED: Use `Global` and `GlobalWithState` instead.
  *
  * Provides a `Configuration` class backwards-compatible interface to the data
  * flow library.
@@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }
 
 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  hasFlowPath(source, sink) and source.getConfiguration() = config
+  flowPath(source, sink) and source.getConfiguration() = config
 }
 
 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }

csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll

@@ -1,5 +1,5 @@
 /**
- * DEPRECATED: Use `Make` and `MakeWithState` instead.
+ * DEPRECATED: Use `Global` and `GlobalWithState` instead.
  *
  * Provides a `Configuration` class backwards-compatible interface to the data
  * flow library.
@@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }
 
 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  hasFlowPath(source, sink) and source.getConfiguration() = config
+  flowPath(source, sink) and source.getConfiguration() = config
 }
 
 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }

csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplForContentDataFlow.qll

@@ -1,5 +1,5 @@
 /**
- * DEPRECATED: Use `Make` and `MakeWithState` instead.
+ * DEPRECATED: Use `Global` and `GlobalWithState` instead.
  *
  * Provides a `Configuration` class backwards-compatible interface to the data
  * flow library.
@@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }
 
 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  hasFlowPath(source, sink) and source.getConfiguration() = config
+  flowPath(source, sink) and source.getConfiguration() = config
 }
 
 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }

csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTracking.qll

@@ -35,7 +35,7 @@ private module AddTaintDefaults<DataFlowInternal::FullStateConfigSig Config> imp
 /**
  * Constructs a standard taint tracking computation.
  */
-module Make<DataFlow::ConfigSig Config> implements DataFlow::DataFlowSig {
+module Global<DataFlow::ConfigSig Config> implements DataFlow::GlobalFlowSig {
   private module Config0 implements DataFlowInternal::FullStateConfigSig {
     import DataFlowInternal::DefaultState<Config>
     import Config
@@ -48,10 +48,15 @@ module Make<DataFlow::ConfigSig Config> implements DataFlow::DataFlowSig {
   import DataFlowInternal::Impl<C>
 }
 
+/** DEPRECATED: Use `Global` instead. */
+deprecated module Make<DataFlow::ConfigSig Config> implements DataFlow::GlobalFlowSig {
+  import Global<Config>
+}
+
 /**
  * Constructs a taint tracking computation using flow state.
  */
-module MakeWithState<DataFlow::StateConfigSig Config> implements DataFlow::DataFlowSig {
+module GlobalWithState<DataFlow::StateConfigSig Config> implements DataFlow::GlobalFlowSig {
   private module Config0 implements DataFlowInternal::FullStateConfigSig {
     import Config
   }
@@ -62,3 +67,8 @@ module MakeWithState<DataFlow::StateConfigSig Config> implements DataFlow::DataF
 
   import DataFlowInternal::Impl<C>
 }
+
+/** DEPRECATED: Use `GlobalWithState` instead. */
+deprecated module MakeWithState<DataFlow::StateConfigSig Config> implements DataFlow::GlobalFlowSig {
+  import GlobalWithState<Config>
+}

csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll

@@ -210,7 +210,7 @@ module ThroughFlowConfig implements DataFlow::StateConfigSig {
   }
 }
 
-private module ThroughFlow = TaintTracking::MakeWithState<ThroughFlowConfig>;
+private module ThroughFlow = TaintTracking::GlobalWithState<ThroughFlowConfig>;
 
 /**
  * Gets the summary model(s) of `api`, if there is flow from parameters to return value or parameter.
@@ -220,7 +220,7 @@ string captureThroughFlow(DataFlowTargetApi api) {
     DataFlow::ParameterNode p, DataFlowImplCommon::ReturnNodeExt returnNodeExt, string input,
     string output
   |
-    ThroughFlow::hasFlow(p, returnNodeExt) and
+    ThroughFlow::flow(p, returnNodeExt) and
     returnNodeExt.getEnclosingCallable() = api and
     input = parameterNodeAsInput(p) and
     output = returnNodeAsOutput(returnNodeExt) and
@@ -253,14 +253,14 @@ module FromSourceConfig implements DataFlow::ConfigSig {
   }
 }
 
-private module FromSource = TaintTracking::Make<FromSourceConfig>;
+private module FromSource = TaintTracking::Global<FromSourceConfig>;
 
 /**
  * Gets the source model(s) of `api`, if there is flow from an existing known source to the return of `api`.
  */
 string captureSource(DataFlowTargetApi api) {
   exists(DataFlow::Node source, DataFlow::Node sink, string kind |
-    FromSource::hasFlow(source, sink) and
+    FromSource::flow(source, sink) and
     ExternalFlow::sourceNode(source, kind) and
     api = sink.getEnclosingCallable() and
     isRelevantSourceKind(kind) and
@@ -285,14 +285,14 @@ module PropagateToSinkConfig implements DataFlow::ConfigSig {
   DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSourceCallContext }
 }
 
-private module PropagateToSink = TaintTracking::Make<PropagateToSinkConfig>;
+private module PropagateToSink = TaintTracking::Global<PropagateToSinkConfig>;
 
 /**
  * Gets the sink model(s) of `api`, if there is flow from a parameter to an existing known sink.
  */
 string captureSink(DataFlowTargetApi api) {
   exists(DataFlow::Node src, DataFlow::Node sink, string kind |
-    PropagateToSink::hasFlow(src, sink) and
+    PropagateToSink::flow(src, sink) and
     ExternalFlow::sinkNode(sink, kind) and
     api = src.getEnclosingCallable() and
     isRelevantSinkKind(kind) and

go/ql/lib/change-notes/2023-03-23-dataflow-renaming.md

@@ -0,0 +1,6 @@
+---
+category: deprecated
+---
+* The recently introduced new data flow and taint tracking APIs have had a
+  number of module and predicate renamings. The old APIs remain in place for
+  now.

go/ql/lib/semmle/go/dataflow/internal/DataFlow.qll

@@ -2,7 +2,7 @@
  * Provides an implementation of global (interprocedural) data flow. This file
  * re-exports the local (intraprocedural) data flow analysis from
  * `DataFlowImplSpecific::Public` and adds a global analysis, mainly exposed
- * through the `Make` and `MakeWithState` modules.
+ * through the `Global` and `GlobalWithState` modules.
  */
 
 private import DataFlowImplCommon
@@ -73,10 +73,10 @@ signature module ConfigSig {
    */
   default FlowFeature getAFeature() { none() }
 
-  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  /** Holds if sources should be grouped in the result of `flowPath`. */
   default predicate sourceGrouping(Node source, string sourceGroup) { none() }
 
-  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  /** Holds if sinks should be grouped in the result of `flowPath`. */
   default predicate sinkGrouping(Node sink, string sinkGroup) { none() }
 
   /**
@@ -166,10 +166,10 @@ signature module StateConfigSig {
    */
   default FlowFeature getAFeature() { none() }
 
-  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  /** Holds if sources should be grouped in the result of `flowPath`. */
   default predicate sourceGrouping(Node source, string sourceGroup) { none() }
 
-  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  /** Holds if sinks should be grouped in the result of `flowPath`. */
   default predicate sinkGrouping(Node sink, string sinkGroup) { none() }
 
   /**
@@ -182,15 +182,15 @@ signature module StateConfigSig {
 }
 
 /**
- * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
+ * Gets the exploration limit for `partialFlow` and `partialFlowRev`
  * measured in approximate number of interprocedural steps.
  */
 signature int explorationLimitSig();
 
 /**
- * The output of a data flow computation.
+ * The output of a global data flow computation.
  */
-signature module DataFlowSig {
+signature module GlobalFlowSig {
   /**
    * A `Node` augmented with a call context (except for sinks) and an access path.
    * Only those `PathNode`s that are reachable from a source, and which can reach a sink, are generated.
@@ -203,28 +203,28 @@ signature module DataFlowSig {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink);
+  predicate flowPath(PathNode source, PathNode sink);
 
   /**
    * Holds if data can flow from `source` to `sink`.
    */
-  predicate hasFlow(Node source, Node sink);
+  predicate flow(Node source, Node sink);
 
   /**
    * Holds if data can flow from some source to `sink`.
    */
-  predicate hasFlowTo(Node sink);
+  predicate flowTo(Node sink);
 
   /**
    * Holds if data can flow from some source to `sink`.
    */
-  predicate hasFlowToExpr(DataFlowExpr sink);
+  predicate flowToExpr(DataFlowExpr sink);
 }
 
 /**
  * Constructs a standard data flow computation.
  */
-module Make<ConfigSig Config> implements DataFlowSig {
+module Global<ConfigSig Config> implements GlobalFlowSig {
   private module C implements FullStateConfigSig {
     import DefaultState<Config>
     import Config
@@ -233,10 +233,15 @@ module Make<ConfigSig Config> implements DataFlowSig {
   import Impl<C>
 }
 
+/** DEPRECATED: Use `Global` instead. */
+deprecated module Make<ConfigSig Config> implements GlobalFlowSig {
+  import Global<Config>
+}
+
 /**
  * Constructs a data flow computation using flow state.
  */
-module MakeWithState<StateConfigSig Config> implements DataFlowSig {
+module GlobalWithState<StateConfigSig Config> implements GlobalFlowSig {
   private module C implements FullStateConfigSig {
     import Config
   }
@@ -244,6 +249,11 @@ module MakeWithState<StateConfigSig Config> implements DataFlowSig {
   import Impl<C>
 }
 
+/** DEPRECATED: Use `GlobalWithState` instead. */
+deprecated module MakeWithState<StateConfigSig Config> implements GlobalFlowSig {
+  import GlobalWithState<Config>
+}
+
 signature class PathNodeSig {
   /** Gets a textual representation of this element. */
   string toString();

go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl.qll

@@ -91,10 +91,10 @@ signature module FullStateConfigSig {
    */
   FlowFeature getAFeature();
 
-  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  /** Holds if sources should be grouped in the result of `flowPath`. */
   predicate sourceGrouping(Node source, string sourceGroup);
 
-  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  /** Holds if sinks should be grouped in the result of `flowPath`. */
   predicate sinkGrouping(Node sink, string sinkGroup);
 
   /**
@@ -3629,7 +3629,7 @@ module Impl<FullStateConfigSig Config> {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) {
+  predicate flowPath(PathNode source, PathNode sink) {
     exists(PathNodeImpl flowsource, PathNodeImpl flowsink |
       source = flowsource and sink = flowsink
     |
@@ -3639,6 +3639,9 @@ module Impl<FullStateConfigSig Config> {
     )
   }
 
+  /** DEPRECATED: Use `flowPath` instead. */
+  deprecated predicate hasFlowPath = flowPath/2;
+
   private predicate flowsTo(PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink) {
     flowsource.isSource() and
     flowsource.getNodeEx().asNode() = source and
@@ -3649,17 +3652,26 @@ module Impl<FullStateConfigSig Config> {
   /**
    * Holds if data can flow from `source` to `sink`.
    */
-  predicate hasFlow(Node source, Node sink) { flowsTo(_, _, source, sink) }
+  predicate flow(Node source, Node sink) { flowsTo(_, _, source, sink) }
+
+  /** DEPRECATED: Use `flow` instead. */
+  deprecated predicate hasFlow = flow/2;
 
   /**
    * Holds if data can flow from some source to `sink`.
    */
-  predicate hasFlowTo(Node sink) { sink = any(PathNodeSink n).getNodeEx().asNode() }
+  predicate flowTo(Node sink) { sink = any(PathNodeSink n).getNodeEx().asNode() }
+
+  /** DEPRECATED: Use `flowTo` instead. */
+  deprecated predicate hasFlowTo = flowTo/1;
 
   /**
    * Holds if data can flow from some source to `sink`.
    */
-  predicate hasFlowToExpr(DataFlowExpr sink) { hasFlowTo(exprNode(sink)) }
+  predicate flowToExpr(DataFlowExpr sink) { flowTo(exprNode(sink)) }
+
+  /** DEPRECATED: Use `flowToExpr` instead. */
+  deprecated predicate hasFlowToExpr = flowToExpr/1;
 
   private predicate finalStats(
     boolean fwd, int nodes, int fields, int conscand, int states, int tuples
@@ -4570,7 +4582,7 @@ module Impl<FullStateConfigSig Config> {
      *
      * To use this in a `path-problem` query, import the module `PartialPathGraph`.
      */
-    predicate hasPartialFlow(PartialPathNode source, PartialPathNode node, int dist) {
+    predicate partialFlow(PartialPathNode source, PartialPathNode node, int dist) {
       partialFlow(source, node) and
       dist = node.getSourceDistance()
     }
@@ -4590,7 +4602,7 @@ module Impl<FullStateConfigSig Config> {
      * Note that reverse flow has slightly lower precision than the corresponding
      * forward flow, as reverse flow disregards type pruning among other features.
      */
-    predicate hasPartialFlowRev(PartialPathNode node, PartialPathNode sink, int dist) {
+    predicate partialFlowRev(PartialPathNode node, PartialPathNode sink, int dist) {
       revPartialFlow(node, sink) and
       dist = node.getSinkDistance()
     }

go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl1.qll

@@ -1,5 +1,5 @@
 /**
- * DEPRECATED: Use `Make` and `MakeWithState` instead.
+ * DEPRECATED: Use `Global` and `GlobalWithState` instead.
  *
  * Provides a `Configuration` class backwards-compatible interface to the data
  * flow library.
@@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }
 
 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  hasFlowPath(source, sink) and source.getConfiguration() = config
+  flowPath(source, sink) and source.getConfiguration() = config
 }
 
 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }

go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl2.qll

@@ -1,5 +1,5 @@
 /**
- * DEPRECATED: Use `Make` and `MakeWithState` instead.
+ * DEPRECATED: Use `Global` and `GlobalWithState` instead.
  *
  * Provides a `Configuration` class backwards-compatible interface to the data
  * flow library.
@@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }
 
 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  hasFlowPath(source, sink) and source.getConfiguration() = config
+  flowPath(source, sink) and source.getConfiguration() = config
 }
 
 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }

go/ql/lib/semmle/go/dataflow/internal/DataFlowImplForStringsNewReplacer.qll

@@ -1,5 +1,5 @@
 /**
- * DEPRECATED: Use `Make` and `MakeWithState` instead.
+ * DEPRECATED: Use `Global` and `GlobalWithState` instead.
  *
  * Provides a `Configuration` class backwards-compatible interface to the data
  * flow library.
@@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }
 
 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  hasFlowPath(source, sink) and source.getConfiguration() = config
+  flowPath(source, sink) and source.getConfiguration() = config
 }
 
 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }

go/ql/lib/semmle/go/dataflow/internal/tainttracking1/TaintTracking.qll

@@ -35,7 +35,7 @@ private module AddTaintDefaults<DataFlowInternal::FullStateConfigSig Config> imp
 /**
  * Constructs a standard taint tracking computation.
  */
-module Make<DataFlow::ConfigSig Config> implements DataFlow::DataFlowSig {
+module Global<DataFlow::ConfigSig Config> implements DataFlow::GlobalFlowSig {
   private module Config0 implements DataFlowInternal::FullStateConfigSig {
     import DataFlowInternal::DefaultState<Config>
     import Config
@@ -48,10 +48,15 @@ module Make<DataFlow::ConfigSig Config> implements DataFlow::DataFlowSig {
   import DataFlowInternal::Impl<C>
 }
 
+/** DEPRECATED: Use `Global` instead. */
+deprecated module Make<DataFlow::ConfigSig Config> implements DataFlow::GlobalFlowSig {
+  import Global<Config>
+}
+
 /**
  * Constructs a taint tracking computation using flow state.
  */
-module MakeWithState<DataFlow::StateConfigSig Config> implements DataFlow::DataFlowSig {
+module GlobalWithState<DataFlow::StateConfigSig Config> implements DataFlow::GlobalFlowSig {
   private module Config0 implements DataFlowInternal::FullStateConfigSig {
     import Config
   }
@@ -62,3 +67,8 @@ module MakeWithState<DataFlow::StateConfigSig Config> implements DataFlow::DataF
 
   import DataFlowInternal::Impl<C>
 }
+
+/** DEPRECATED: Use `GlobalWithState` instead. */
+deprecated module MakeWithState<DataFlow::StateConfigSig Config> implements DataFlow::GlobalFlowSig {
+  import GlobalWithState<Config>
+}

java/ql/lib/change-notes/2023-03-23-dataflow-renaming.md

@@ -0,0 +1,6 @@
+---
+category: deprecated
+---
+* The recently introduced new data flow and taint tracking APIs have had a
+  number of module and predicate renamings. The old APIs remain in place for
+  now.

java/ql/lib/semmle/code/java/dataflow/internal/DataFlow.qll

@@ -2,7 +2,7 @@
  * Provides an implementation of global (interprocedural) data flow. This file
  * re-exports the local (intraprocedural) data flow analysis from
  * `DataFlowImplSpecific::Public` and adds a global analysis, mainly exposed
- * through the `Make` and `MakeWithState` modules.
+ * through the `Global` and `GlobalWithState` modules.
  */
 
 private import DataFlowImplCommon
@@ -73,10 +73,10 @@ signature module ConfigSig {
    */
   default FlowFeature getAFeature() { none() }
 
-  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  /** Holds if sources should be grouped in the result of `flowPath`. */
   default predicate sourceGrouping(Node source, string sourceGroup) { none() }
 
-  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  /** Holds if sinks should be grouped in the result of `flowPath`. */
   default predicate sinkGrouping(Node sink, string sinkGroup) { none() }
 
   /**
@@ -166,10 +166,10 @@ signature module StateConfigSig {
    */
   default FlowFeature getAFeature() { none() }
 
-  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  /** Holds if sources should be grouped in the result of `flowPath`. */
   default predicate sourceGrouping(Node source, string sourceGroup) { none() }
 
-  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  /** Holds if sinks should be grouped in the result of `flowPath`. */
   default predicate sinkGrouping(Node sink, string sinkGroup) { none() }
 
   /**
@@ -182,15 +182,15 @@ signature module StateConfigSig {
 }
 
 /**
- * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
+ * Gets the exploration limit for `partialFlow` and `partialFlowRev`
  * measured in approximate number of interprocedural steps.
  */
 signature int explorationLimitSig();
 
 /**
- * The output of a data flow computation.
+ * The output of a global data flow computation.
  */
-signature module DataFlowSig {
+signature module GlobalFlowSig {
   /**
    * A `Node` augmented with a call context (except for sinks) and an access path.
    * Only those `PathNode`s that are reachable from a source, and which can reach a sink, are generated.
@@ -203,28 +203,28 @@ signature module DataFlowSig {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink);
+  predicate flowPath(PathNode source, PathNode sink);
 
   /**
    * Holds if data can flow from `source` to `sink`.
    */
-  predicate hasFlow(Node source, Node sink);
+  predicate flow(Node source, Node sink);
 
   /**
    * Holds if data can flow from some source to `sink`.
    */
-  predicate hasFlowTo(Node sink);
+  predicate flowTo(Node sink);
 
   /**
    * Holds if data can flow from some source to `sink`.
    */
-  predicate hasFlowToExpr(DataFlowExpr sink);
+  predicate flowToExpr(DataFlowExpr sink);
 }
 
 /**
  * Constructs a standard data flow computation.
  */
-module Make<ConfigSig Config> implements DataFlowSig {
+module Global<ConfigSig Config> implements GlobalFlowSig {
   private module C implements FullStateConfigSig {
     import DefaultState<Config>
     import Config
@@ -233,10 +233,15 @@ module Make<ConfigSig Config> implements DataFlowSig {
   import Impl<C>
 }
 
+/** DEPRECATED: Use `Global` instead. */
+deprecated module Make<ConfigSig Config> implements GlobalFlowSig {
+  import Global<Config>
+}
+
 /**
  * Constructs a data flow computation using flow state.
  */
-module MakeWithState<StateConfigSig Config> implements DataFlowSig {
+module GlobalWithState<StateConfigSig Config> implements GlobalFlowSig {
   private module C implements FullStateConfigSig {
     import Config
   }
@@ -244,6 +249,11 @@ module MakeWithState<StateConfigSig Config> implements DataFlowSig {
   import Impl<C>
 }
 
+/** DEPRECATED: Use `GlobalWithState` instead. */
+deprecated module MakeWithState<StateConfigSig Config> implements GlobalFlowSig {
+  import GlobalWithState<Config>
+}
+
 signature class PathNodeSig {
   /** Gets a textual representation of this element. */
   string toString();

java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll

@@ -91,10 +91,10 @@ signature module FullStateConfigSig {
    */
   FlowFeature getAFeature();
 
-  /** Holds if sources should be grouped in the result of `hasFlowPath`. */
+  /** Holds if sources should be grouped in the result of `flowPath`. */
   predicate sourceGrouping(Node source, string sourceGroup);
 
-  /** Holds if sinks should be grouped in the result of `hasFlowPath`. */
+  /** Holds if sinks should be grouped in the result of `flowPath`. */
   predicate sinkGrouping(Node sink, string sinkGroup);
 
   /**
@@ -3629,7 +3629,7 @@ module Impl<FullStateConfigSig Config> {
    * The corresponding paths are generated from the end-points and the graph
    * included in the module `PathGraph`.
    */
-  predicate hasFlowPath(PathNode source, PathNode sink) {
+  predicate flowPath(PathNode source, PathNode sink) {
     exists(PathNodeImpl flowsource, PathNodeImpl flowsink |
       source = flowsource and sink = flowsink
     |
@@ -3639,6 +3639,9 @@ module Impl<FullStateConfigSig Config> {
     )
   }
 
+  /** DEPRECATED: Use `flowPath` instead. */
+  deprecated predicate hasFlowPath = flowPath/2;
+
   private predicate flowsTo(PathNodeImpl flowsource, PathNodeSink flowsink, Node source, Node sink) {
     flowsource.isSource() and
     flowsource.getNodeEx().asNode() = source and
@@ -3649,17 +3652,26 @@ module Impl<FullStateConfigSig Config> {
   /**
    * Holds if data can flow from `source` to `sink`.
    */
-  predicate hasFlow(Node source, Node sink) { flowsTo(_, _, source, sink) }
+  predicate flow(Node source, Node sink) { flowsTo(_, _, source, sink) }
+
+  /** DEPRECATED: Use `flow` instead. */
+  deprecated predicate hasFlow = flow/2;
 
   /**
    * Holds if data can flow from some source to `sink`.
    */
-  predicate hasFlowTo(Node sink) { sink = any(PathNodeSink n).getNodeEx().asNode() }
+  predicate flowTo(Node sink) { sink = any(PathNodeSink n).getNodeEx().asNode() }
+
+  /** DEPRECATED: Use `flowTo` instead. */
+  deprecated predicate hasFlowTo = flowTo/1;
 
   /**
    * Holds if data can flow from some source to `sink`.
    */
-  predicate hasFlowToExpr(DataFlowExpr sink) { hasFlowTo(exprNode(sink)) }
+  predicate flowToExpr(DataFlowExpr sink) { flowTo(exprNode(sink)) }
+
+  /** DEPRECATED: Use `flowToExpr` instead. */
+  deprecated predicate hasFlowToExpr = flowToExpr/1;
 
   private predicate finalStats(
     boolean fwd, int nodes, int fields, int conscand, int states, int tuples
@@ -4570,7 +4582,7 @@ module Impl<FullStateConfigSig Config> {
      *
      * To use this in a `path-problem` query, import the module `PartialPathGraph`.
      */
-    predicate hasPartialFlow(PartialPathNode source, PartialPathNode node, int dist) {
+    predicate partialFlow(PartialPathNode source, PartialPathNode node, int dist) {
       partialFlow(source, node) and
       dist = node.getSourceDistance()
     }
@@ -4590,7 +4602,7 @@ module Impl<FullStateConfigSig Config> {
      * Note that reverse flow has slightly lower precision than the corresponding
      * forward flow, as reverse flow disregards type pruning among other features.
      */
-    predicate hasPartialFlowRev(PartialPathNode node, PartialPathNode sink, int dist) {
+    predicate partialFlowRev(PartialPathNode node, PartialPathNode sink, int dist) {
       revPartialFlow(node, sink) and
       dist = node.getSinkDistance()
     }

java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl1.qll

@@ -1,5 +1,5 @@
 /**
- * DEPRECATED: Use `Make` and `MakeWithState` instead.
+ * DEPRECATED: Use `Global` and `GlobalWithState` instead.
  *
  * Provides a `Configuration` class backwards-compatible interface to the data
  * flow library.
@@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }
 
 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  hasFlowPath(source, sink) and source.getConfiguration() = config
+  flowPath(source, sink) and source.getConfiguration() = config
 }
 
 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }

java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll

@@ -1,5 +1,5 @@
 /**
- * DEPRECATED: Use `Make` and `MakeWithState` instead.
+ * DEPRECATED: Use `Global` and `GlobalWithState` instead.
  *
  * Provides a `Configuration` class backwards-compatible interface to the data
  * flow library.
@@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }
 
 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  hasFlowPath(source, sink) and source.getConfiguration() = config
+  flowPath(source, sink) and source.getConfiguration() = config
 }
 
 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }

java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll

@@ -1,5 +1,5 @@
 /**
- * DEPRECATED: Use `Make` and `MakeWithState` instead.
+ * DEPRECATED: Use `Global` and `GlobalWithState` instead.
  *
  * Provides a `Configuration` class backwards-compatible interface to the data
  * flow library.
@@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }
 
 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  hasFlowPath(source, sink) and source.getConfiguration() = config
+  flowPath(source, sink) and source.getConfiguration() = config
 }
 
 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }

java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll

@@ -1,5 +1,5 @@
 /**
- * DEPRECATED: Use `Make` and `MakeWithState` instead.
+ * DEPRECATED: Use `Global` and `GlobalWithState` instead.
  *
  * Provides a `Configuration` class backwards-compatible interface to the data
  * flow library.
@@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }
 
 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  hasFlowPath(source, sink) and source.getConfiguration() = config
+  flowPath(source, sink) and source.getConfiguration() = config
 }
 
 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }

java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll

@@ -1,5 +1,5 @@
 /**
- * DEPRECATED: Use `Make` and `MakeWithState` instead.
+ * DEPRECATED: Use `Global` and `GlobalWithState` instead.
  *
  * Provides a `Configuration` class backwards-compatible interface to the data
  * flow library.
@@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }
 
 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  hasFlowPath(source, sink) and source.getConfiguration() = config
+  flowPath(source, sink) and source.getConfiguration() = config
 }
 
 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }

java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll

@@ -1,5 +1,5 @@
 /**
- * DEPRECATED: Use `Make` and `MakeWithState` instead.
+ * DEPRECATED: Use `Global` and `GlobalWithState` instead.
  *
  * Provides a `Configuration` class backwards-compatible interface to the data
  * flow library.
@@ -388,7 +388,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }
 
 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  hasFlowPath(source, sink) and source.getConfiguration() = config
+  flowPath(source, sink) and source.getConfiguration() = config
 }
 
 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }

java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTracking.qll

@@ -35,7 +35,7 @@ private module AddTaintDefaults<DataFlowInternal::FullStateConfigSig Config> imp
 /**
  * Constructs a standard taint tracking computation.
  */
-module Make<DataFlow::ConfigSig Config> implements DataFlow::DataFlowSig {
+module Global<DataFlow::ConfigSig Config> implements DataFlow::GlobalFlowSig {
   private module Config0 implements DataFlowInternal::FullStateConfigSig {
     import DataFlowInternal::DefaultState<Config>
     import Config
@@ -48,10 +48,15 @@ module Make<DataFlow::ConfigSig Config> implements DataFlow::DataFlowSig {
   import DataFlowInternal::Impl<C>
 }
 
+/** DEPRECATED: Use `Global` instead. */
+deprecated module Make<DataFlow::ConfigSig Config> implements DataFlow::GlobalFlowSig {
+  import Global<Config>
+}
+
 /**
  * Constructs a taint tracking computation using flow state.
  */
-module MakeWithState<DataFlow::StateConfigSig Config> implements DataFlow::DataFlowSig {
+module GlobalWithState<DataFlow::StateConfigSig Config> implements DataFlow::GlobalFlowSig {
   private module Config0 implements DataFlowInternal::FullStateConfigSig {
     import Config
   }
@@ -62,3 +67,8 @@ module MakeWithState<DataFlow::StateConfigSig Config> implements DataFlow::DataF
 
   import DataFlowInternal::Impl<C>
 }
+
+/** DEPRECATED: Use `GlobalWithState` instead. */
+deprecated module MakeWithState<DataFlow::StateConfigSig Config> implements DataFlow::GlobalFlowSig {
+  import GlobalWithState<Config>
+}

java/ql/lib/semmle/code/java/frameworks/android/OnActivityResultSource.qll

@@ -28,7 +28,7 @@ class OnActivityResultIncomingIntent extends DataFlow::Node {
    */
   predicate isRemoteSource() {
     exists(RefType startingType, Expr startActivityForResultArg |
-      ImplicitStartActivityForResult::hasFlowToExpr(startActivityForResultArg) and
+      ImplicitStartActivityForResult::flowToExpr(startActivityForResultArg) and
       // startingType is the class enclosing the method that calls `startActivityForResult`.
       startingType = startActivityForResultArg.getEnclosingCallable().getDeclaringType()
     |
@@ -104,7 +104,7 @@ private module ImplicitStartActivityForResultConfig implements DataFlow::ConfigS
 }
 
 private module ImplicitStartActivityForResult =
-  DataFlow::Make<ImplicitStartActivityForResultConfig>;
+  DataFlow::Global<ImplicitStartActivityForResultConfig>;
 
 /** An Android Activity or Fragment. */
 private class ActivityOrFragment extends Class {

java/ql/lib/semmle/code/java/frameworks/google/GoogleHttpClientApi.qll

@@ -21,10 +21,10 @@ private module TypeLiteralToParseAsFlowConfig implements DataFlow::ConfigSig {
   }
 }
 
-private module TypeLiteralToParseAsFlow = DataFlow::Make<TypeLiteralToParseAsFlowConfig>;
+private module TypeLiteralToParseAsFlow = DataFlow::Global<TypeLiteralToParseAsFlowConfig>;
 
 private TypeLiteral getSourceWithFlowToParseAs() {
-  TypeLiteralToParseAsFlow::hasFlow(DataFlow::exprNode(result), _)
+  TypeLiteralToParseAsFlow::flow(DataFlow::exprNode(result), _)
 }
 
 /** A field that is deserialized by `HttpResponse.parseAs`. */

java/ql/lib/semmle/code/java/frameworks/jackson/JacksonSerializability.qll

@@ -108,10 +108,10 @@ private module TypeLiteralToJacksonDatabindFlowConfig implements DataFlow::Confi
 }
 
 private module TypeLiteralToJacksonDatabindFlow =
-  DataFlow::Make<TypeLiteralToJacksonDatabindFlowConfig>;
+  DataFlow::Global<TypeLiteralToJacksonDatabindFlowConfig>;
 
 private TypeLiteral getSourceWithFlowToJacksonDatabind() {
-  TypeLiteralToJacksonDatabindFlow::hasFlow(DataFlow::exprNode(result), _)
+  TypeLiteralToJacksonDatabindFlow::flow(DataFlow::exprNode(result), _)
 }
 
 /** A type whose values are explicitly deserialized in a call to a Jackson method. */

java/ql/lib/semmle/code/java/security/AndroidSensitiveCommunicationQuery.qll

@@ -173,4 +173,4 @@ private module SensitiveCommunicationConfig implements DataFlow::ConfigSig {
 /**
  * Tracks taint flow from variables containing sensitive information to broadcast Intents.
  */
-module SensitiveCommunicationFlow = TaintTracking::Make<SensitiveCommunicationConfig>;
+module SensitiveCommunicationFlow = TaintTracking::Global<SensitiveCommunicationConfig>;

java/ql/lib/semmle/code/java/security/ArbitraryApkInstallationQuery.qll

@@ -17,15 +17,15 @@ private module ApkInstallationConfig implements DataFlow::ConfigSig {
       ma.getMethod() instanceof SetDataMethod and
       ma.getArgument(0) = node.asExpr() and
       (
-        PackageArchiveMimeTypeFlow::hasFlowToExpr(ma.getQualifier())
+        PackageArchiveMimeTypeFlow::flowToExpr(ma.getQualifier())
         or
-        InstallPackageActionFlow::hasFlowToExpr(ma.getQualifier())
+        InstallPackageActionFlow::flowToExpr(ma.getQualifier())
       )
     )
   }
 }
 
-module ApkInstallationFlow = DataFlow::Make<ApkInstallationConfig>;
+module ApkInstallationFlow = DataFlow::Global<ApkInstallationConfig>;
 
 private newtype ActionState =
   ActionUnset() or
@@ -72,7 +72,8 @@ private module InstallPackageActionConfig implements DataFlow::StateConfigSig {
   predicate isBarrier(DataFlow::Node node, FlowState state) { none() }
 }
 
-private module InstallPackageActionFlow = TaintTracking::MakeWithState<InstallPackageActionConfig>;
+private module InstallPackageActionFlow =
+  TaintTracking::GlobalWithState<InstallPackageActionConfig>;
 
 private newtype MimeTypeState =
   MimeTypeUnset() or
@@ -117,4 +118,4 @@ private module PackageArchiveMimeTypeConfig implements DataFlow::StateConfigSig
 }
 
 private module PackageArchiveMimeTypeFlow =
-  TaintTracking::MakeWithState<PackageArchiveMimeTypeConfig>;
+  TaintTracking::GlobalWithState<PackageArchiveMimeTypeConfig>;

java/ql/lib/semmle/code/java/security/FragmentInjectionQuery.qll

@@ -37,4 +37,4 @@ private module FragmentInjectionTaintConfig implements DataFlow::ConfigSig {
  * Taint-tracking flow for unsafe user input
  * that is used to create Android fragments dynamically.
  */
-module FragmentInjectionTaintFlow = TaintTracking::Make<FragmentInjectionTaintConfig>;
+module FragmentInjectionTaintFlow = TaintTracking::Global<FragmentInjectionTaintConfig>;

java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulationQuery.qll

@@ -53,4 +53,4 @@ private module IntentUriPermissionManipulationConfig implements DataFlow::Config
  * Taint tracking flow for user-provided Intents being returned to third party apps.
  */
 module IntentUriPermissionManipulationFlow =
-  TaintTracking::Make<IntentUriPermissionManipulationConfig>;
+  TaintTracking::Global<IntentUriPermissionManipulationConfig>;

java/ql/lib/semmle/code/java/security/LogInjectionQuery.qll

@@ -38,4 +38,4 @@ private module LogInjectionConfig implements DataFlow::ConfigSig {
 /**
  * Taint-tracking flow for tracking untrusted user input used in log entries.
  */
-module LogInjectionFlow = TaintTracking::Make<LogInjectionConfig>;
+module LogInjectionFlow = TaintTracking::Global<LogInjectionConfig>;