Overlay: Add overlay annotations to Java & shared libraries

2025-12-16 16:53:25 +01:00 · 2025-06-16 13:06:31 +02:00
parent 2218a981f6
commit c207cfdeb7
428 changed files with 966 additions and 0 deletions
--- a/java/ql/lib/Customizations.qll
+++ b/java/ql/lib/Customizations.qll
@@ -8,5 +8,7 @@
 * the `RemoteFlowSource` and `AdditionalTaintStep` classes associated with the security queries
 * to model frameworks that are not covered by the standard library.
 */
+overlay[local?]
+module;

 import java
--- a/java/ql/lib/IDEContextual.qll
+++ b/java/ql/lib/IDEContextual.qll
@@ -1,6 +1,8 @@
 /**
 * Provides shared predicates related to contextual queries in the code viewer.
 */
+overlay[local?]
+module;

 import semmle.files.FileSystem
 private import codeql.util.FileSystem
--- a/java/ql/lib/default.qll
+++ b/java/ql/lib/default.qll
@@ -1,3 +1,5 @@
 /** DEPRECATED: use `java.qll` instead. */
+overlay[local?]
+module;

 import java
--- a/java/ql/lib/definitions.qll
+++ b/java/ql/lib/definitions.qll
@@ -2,6 +2,8 @@
 * Provides classes and predicates related to jump-to-definition links
 * in the code viewer.
 */
+overlay[local?]
+module;

 import java
 import IDEContextual
--- a/java/ql/lib/experimental/quantum/JCA.qll
+++ b/java/ql/lib/experimental/quantum/JCA.qll
@@ -1,3 +1,6 @@
+overlay[local?]
+module;
+
 import java
 import semmle.code.java.dataflow.DataFlow
 import semmle.code.java.dataflow.TaintTracking
--- a/java/ql/lib/experimental/quantum/Language.qll
+++ b/java/ql/lib/experimental/quantum/Language.qll
@@ -1,3 +1,6 @@
+overlay[local?]
+module;
+
 private import java as Language
 private import semmle.code.java.security.InsecureRandomnessQuery
 private import semmle.code.java.security.RandomQuery
--- a/java/ql/lib/external/ExternalArtifact.qll
+++ b/java/ql/lib/external/ExternalArtifact.qll
@@ -1,3 +1,6 @@
+overlay[local?]
+module;
+
 import java

 class ExternalData extends @externalDataElement {
--- a/java/ql/lib/java.qll
+++ b/java/ql/lib/java.qll
@@ -1,4 +1,6 @@
 /** Provides all default Java QL imports. */
+overlay[local?]
+module;

 import Customizations
 import semmle.code.FileSystem
--- a/java/ql/lib/semmle/code/FileSystem.qll
+++ b/java/ql/lib/semmle/code/FileSystem.qll
@@ -1,4 +1,6 @@
 /** Provides classes for working with files and folders. */
+overlay[local?]
+module;

 import Location
 private import codeql.util.FileSystem
--- a/java/ql/lib/semmle/code/Location.qll
+++ b/java/ql/lib/semmle/code/Location.qll
@@ -3,6 +3,8 @@
 *
 * Locations represent parts of files and are used to map elements to their source location.
 */
+overlay[local?]
+module;

 import FileSystem
 import semmle.code.java.Element
--- a/java/ql/lib/semmle/code/SMAP.qll
+++ b/java/ql/lib/semmle/code/SMAP.qll
@@ -1,6 +1,8 @@
 /**
 * Provides classes and predicates for working with SMAP files (see JSR-045).
 */
+overlay[local?]
+module;

 import java

--- a/java/ql/lib/semmle/code/Unit.qll
+++ b/java/ql/lib/semmle/code/Unit.qll
@@ -1,3 +1,5 @@
 /** Provides the `Unit` class. */
+overlay[local?]
+module;

 import codeql.util.Unit
--- a/java/ql/lib/semmle/code/configfiles/ConfigFiles.qll
+++ b/java/ql/lib/semmle/code/configfiles/ConfigFiles.qll
@@ -2,6 +2,8 @@
 * Provides classes and predicates for working with configuration files, such
 * as Java `.properties` or `.ini` files.
 */
+overlay[local?]
+module;

 import semmle.code.Location

--- a/java/ql/lib/semmle/code/java/Annotation.qll
+++ b/java/ql/lib/semmle/code/java/Annotation.qll
@@ -8,6 +8,8 @@
 * Each annotation type has zero or more annotation elements that contain a
 * name and possibly a value.
 */
+overlay[local?]
+module;

 import Element
 import Expr
--- a/java/ql/lib/semmle/code/java/Collections.qll
+++ b/java/ql/lib/semmle/code/java/Collections.qll
@@ -2,6 +2,8 @@
 * Provides classes and predicates for reasoning about instances of
 * `java.util.Collection` and their methods.
 */
+overlay[local?]
+module;

 import java

--- a/java/ql/lib/semmle/code/java/Compilation.qll
+++ b/java/ql/lib/semmle/code/java/Compilation.qll
@@ -1,6 +1,8 @@
 /**
 * Provides a class representing individual compiler invocations that occurred during the build.
 */
+overlay[local?]
+module;

 import semmle.code.FileSystem

--- a/java/ql/lib/semmle/code/java/CompilationUnit.qll
+++ b/java/ql/lib/semmle/code/java/CompilationUnit.qll
@@ -1,6 +1,8 @@
 /**
 * Provides classes and predicates for working with Java compilation units.
 */
+overlay[local?]
+module;

 import Element
 import Package
--- a/java/ql/lib/semmle/code/java/Completion.qll
+++ b/java/ql/lib/semmle/code/java/Completion.qll
@@ -1,6 +1,8 @@
 /**
 * Provides classes and predicates for representing completions.
 */
+overlay[local?]
+module;

 /*
 * A completion represents how a statement or expression terminates.
--- a/java/ql/lib/semmle/code/java/Concurrency.qll
+++ b/java/ql/lib/semmle/code/java/Concurrency.qll
@@ -1,3 +1,6 @@
+overlay[local?]
+module;
+
 import java

 /**
--- a/java/ql/lib/semmle/code/java/Constants.qll
+++ b/java/ql/lib/semmle/code/java/Constants.qll
@@ -1,6 +1,8 @@
 /**
 * Provdides a module to calculate constant integer and boolean values.
 */
+overlay[local?]
+module;

 import java

--- a/java/ql/lib/semmle/code/java/ControlFlowGraph.qll
+++ b/java/ql/lib/semmle/code/java/ControlFlowGraph.qll
@@ -7,6 +7,8 @@
 * statement, an expression, or an exit node for a callable, indicating that
 * execution of the callable terminates.
 */
+overlay[local?]
+module;

 /*
 * The implementation is centered around the concept of a _completion_, which
--- a/java/ql/lib/semmle/code/java/Conversions.qll
+++ b/java/ql/lib/semmle/code/java/Conversions.qll
@@ -4,6 +4,8 @@
 *
 * See the Java Language Specification, Section 5, for details.
 */
+overlay[local?]
+module;

 import java
 import semmle.code.java.arithmetic.Overflow
--- a/java/ql/lib/semmle/code/java/Dependency.qll
+++ b/java/ql/lib/semmle/code/java/Dependency.qll
@@ -1,6 +1,8 @@
 /**
 * Provides utility predicates for representing dependencies between types.
 */
+overlay[local?]
+module;

 import Type
 import Generics
--- a/java/ql/lib/semmle/code/java/DependencyCounts.qll
+++ b/java/ql/lib/semmle/code/java/DependencyCounts.qll
@@ -1,6 +1,8 @@
 /**
 * This library provides utility predicates for representing the number of dependencies between types.
 */
+overlay[local?]
+module;

 import Type
 import Generics
--- a/java/ql/lib/semmle/code/java/Diagnostics.qll
+++ b/java/ql/lib/semmle/code/java/Diagnostics.qll
@@ -1,6 +1,8 @@
 /**
 * Provides classes representing warnings generated during compilation.
 */
+overlay[local?]
+module;

 import java

--- a/java/ql/lib/semmle/code/java/Element.qll
+++ b/java/ql/lib/semmle/code/java/Element.qll
@@ -1,6 +1,8 @@
 /**
 * Provides a class that represents named elements in Java programs.
 */
+overlay[local?]
+module;

 import CompilationUnit
 import semmle.code.Location
--- a/java/ql/lib/semmle/code/java/Exception.qll
+++ b/java/ql/lib/semmle/code/java/Exception.qll
@@ -1,6 +1,8 @@
 /**
 * Provides classes and predicates for working with Java exceptions.
 */
+overlay[local?]
+module;

 import Element
 import Type
--- a/java/ql/lib/semmle/code/java/Expr.qll
+++ b/java/ql/lib/semmle/code/java/Expr.qll
@@ -1,6 +1,8 @@
 /**
 * Provides classes for working with Java expressions.
 */
+overlay[local?]
+module;

 import java
 private import semmle.code.java.frameworks.android.Compose
--- a/java/ql/lib/semmle/code/java/GeneratedFiles.qll
+++ b/java/ql/lib/semmle/code/java/GeneratedFiles.qll
@@ -1,6 +1,8 @@
 /**
 * Provides classes and predicates for working with the most common types of generated files.
 */
+overlay[local?]
+module;

 import Type
 private import semmle.code.java.frameworks.JavaxAnnotations
--- a/java/ql/lib/semmle/code/java/Generics.qll
+++ b/java/ql/lib/semmle/code/java/Generics.qll
@@ -30,6 +30,8 @@
 *
 * The terminology for generic methods is analogous.
 */
+overlay[local?]
+module;

 import Type

--- a/java/ql/lib/semmle/code/java/Import.qll
+++ b/java/ql/lib/semmle/code/java/Import.qll
@@ -1,6 +1,8 @@
 /**
 * Provides classes and predicates for working with Java imports.
 */
+overlay[local?]
+module;

 import semmle.code.Location
 import CompilationUnit
--- a/java/ql/lib/semmle/code/java/J2EE.qll
+++ b/java/ql/lib/semmle/code/java/J2EE.qll
@@ -1,6 +1,8 @@
 /**
 * Provides classes and predicates for working with J2EE bean types.
 */
+overlay[local?]
+module;

 import Type

--- a/java/ql/lib/semmle/code/java/JDK.qll
+++ b/java/ql/lib/semmle/code/java/JDK.qll
@@ -1,6 +1,8 @@
 /**
 * Provides classes and predicates for working with standard classes and methods from the JDK.
 */
+overlay[local?]
+module;

 import Member
 import semmle.code.java.security.ExternalProcess
--- a/java/ql/lib/semmle/code/java/JDKAnnotations.qll
+++ b/java/ql/lib/semmle/code/java/JDKAnnotations.qll
@@ -1,6 +1,8 @@
 /**
 * Provides classes that represent standard annotations from the JDK.
 */
+overlay[local?]
+module;

 import java

--- a/java/ql/lib/semmle/code/java/JMX.qll
+++ b/java/ql/lib/semmle/code/java/JMX.qll
@@ -1,6 +1,8 @@
 /**
 * Provides classes and predicates for working with JMX bean types.
 */
+overlay[local?]
+module;

 import Type

--- a/java/ql/lib/semmle/code/java/Javadoc.qll
+++ b/java/ql/lib/semmle/code/java/Javadoc.qll
@@ -1,6 +1,8 @@
 /**
 * Provides classes and predicates for working with Javadoc documentation.
 */
+overlay[local?]
+module;

 import semmle.code.Location

--- a/java/ql/lib/semmle/code/java/KotlinType.qll
+++ b/java/ql/lib/semmle/code/java/KotlinType.qll
@@ -1,6 +1,8 @@
 /**
 * Provides classes and predicates for working with Kotlin types.
 */
+overlay[local?]
+module;

 import java

--- a/java/ql/lib/semmle/code/java/Maps.qll
+++ b/java/ql/lib/semmle/code/java/Maps.qll
@@ -2,6 +2,8 @@
 * Provides classes and predicates for reasoning about instances of
 * `java.util.Map` and their methods.
 */
+overlay[local?]
+module;

 import java
 import Collections
--- a/java/ql/lib/semmle/code/java/Member.qll
+++ b/java/ql/lib/semmle/code/java/Member.qll
@@ -2,6 +2,8 @@
 * Provides classes and predicates for working with members of Java classes and interfaces,
 * that is, methods, constructors, fields and nested types.
 */
+overlay[local?]
+module;

 import Element
 import Type
--- a/java/ql/lib/semmle/code/java/Modifier.qll
+++ b/java/ql/lib/semmle/code/java/Modifier.qll
@@ -1,6 +1,8 @@
 /**
 * Provides classes and predicates for working with Java modifiers.
 */
+overlay[local?]
+module;

 import Element

--- a/java/ql/lib/semmle/code/java/Modules.qll
+++ b/java/ql/lib/semmle/code/java/Modules.qll
@@ -1,6 +1,8 @@
 /**
 * Provides classes for working with Java modules.
 */
+overlay[local?]
+module;

 import CompilationUnit

--- a/java/ql/lib/semmle/code/java/NumberFormatException.qll
+++ b/java/ql/lib/semmle/code/java/NumberFormatException.qll
@@ -1,4 +1,6 @@
 /** Provides classes and predicates for reasoning about `java.lang.NumberFormatException`. */
+overlay[local?]
+module;

 import java

--- a/java/ql/lib/semmle/code/java/Package.qll
+++ b/java/ql/lib/semmle/code/java/Package.qll
@@ -1,6 +1,8 @@
 /**
 * Provides classes and predicates for working with Java packages.
 */
+overlay[local?]
+module;

 import Element
 import Type
--- a/java/ql/lib/semmle/code/java/PrettyPrintAst.qll
+++ b/java/ql/lib/semmle/code/java/PrettyPrintAst.qll
@@ -2,6 +2,8 @@
 * Provides pretty-printed representations of the AST, in particular top-level
 * classes and interfaces.
 */
+overlay[local?]
+module;

 import java

--- a/java/ql/lib/semmle/code/java/PrintAst.qll
+++ b/java/ql/lib/semmle/code/java/PrintAst.qll
@@ -5,6 +5,8 @@
 * extend `PrintAstConfiguration` and override `shouldPrint` to hold for only the elements
 * you wish to view the AST for.
 */
+overlay[local?]
+module;

 import java
 import semmle.code.java.regex.RegexTreeView as RegexTreeView
--- a/java/ql/lib/semmle/code/java/Reflection.qll
+++ b/java/ql/lib/semmle/code/java/Reflection.qll
@@ -1,6 +1,8 @@
 /**
 * Provides classes and predicates for working with Java Reflection.
 */
+overlay[local?]
+module;

 import java
 import JDKAnnotations
--- a/java/ql/lib/semmle/code/java/Serializability.qll
+++ b/java/ql/lib/semmle/code/java/Serializability.qll
@@ -1,6 +1,8 @@
 /**
 * Provides classes and predicates for working with Java Serialization.
 */
+overlay[local?]
+module;

 import java
 private import frameworks.jackson.JacksonSerializability
--- a/java/ql/lib/semmle/code/java/Statement.qll
+++ b/java/ql/lib/semmle/code/java/Statement.qll
@@ -1,6 +1,8 @@
 /**
 * Provides classes and predicates for working with Java statements.
 */
+overlay[local?]
+module;

 import Expr
 import metrics.MetricStmt
--- a/java/ql/lib/semmle/code/java/StringFormat.qll
+++ b/java/ql/lib/semmle/code/java/StringFormat.qll
@@ -1,6 +1,8 @@
 /**
 * Provides classes and predicates for reasoning about string formatting.
 */
+overlay[local?]
+module;

 import java
 import dataflow.DefUse
--- a/java/ql/lib/semmle/code/java/Type.qll
+++ b/java/ql/lib/semmle/code/java/Type.qll
@@ -9,6 +9,8 @@
 * Classes and interfaces can also be local (`LocalClassOrInterface`, `LocalClass`) or anonymous (`AnonymousClass`).
 * Enumerated types (`EnumType`) and records (`Record`) are special kinds of classes.
 */
+overlay[local?]
+module;

 import Member
 import Modifier
@@ -668,6 +670,7 @@ class RefType extends Type, Annotatable, Modifiable, @reftype {
   *
   * For the definition of the notion of *erasure* see JLS v8, section 4.6 (Type Erasure).
   */
+  overlay[caller]
  pragma[inline]
  RefType commonSubtype(RefType other) {
    result.getASourceSupertype*() = erase(this) and
@@ -1257,6 +1260,7 @@ private Type erase(Type t) {
 *
 * For the definition of the notion of *erasure* see JLS v8, section 4.6 (Type Erasure).
 */
+overlay[caller]
 pragma[inline]
 predicate haveIntersection(RefType t1, RefType t2) {
  exists(RefType e1, RefType e2 | e1 = erase(t1) and e2 = erase(t2) |
--- a/java/ql/lib/semmle/code/java/UnitTests.qll
+++ b/java/ql/lib/semmle/code/java/UnitTests.qll
@@ -1,6 +1,8 @@
 /**
 * Provides classes and predicates for working with test classes and methods.
 */
+overlay[local?]
+module;

 import Type
 import Member
--- a/java/ql/lib/semmle/code/java/Variable.qll
+++ b/java/ql/lib/semmle/code/java/Variable.qll
@@ -1,6 +1,8 @@
 /**
 * Provides classes and predicates for working with Java variables and their declarations.
 */
+overlay[local?]
+module;

 import Element

--- a/java/ql/lib/semmle/code/java/arithmetic/Overflow.qll
+++ b/java/ql/lib/semmle/code/java/arithmetic/Overflow.qll
@@ -1,3 +1,6 @@
+overlay[local?]
+module;
+
 import java

 /** A subclass of `PrimitiveType` with width-based ordering methods. */
--- a/java/ql/lib/semmle/code/java/comparison/Comparison.qll
+++ b/java/ql/lib/semmle/code/java/comparison/Comparison.qll
@@ -1,3 +1,6 @@
+overlay[local?]
+module;
+
 import java

 /**
--- a/java/ql/lib/semmle/code/java/controlflow/BasicBlocks.qll
+++ b/java/ql/lib/semmle/code/java/controlflow/BasicBlocks.qll
@@ -1,6 +1,8 @@
 /**
 * Provides classes and predicates for working with basic blocks in Java.
 */
+overlay[local?]
+module;

 import java
 import Dominance
--- a/java/ql/lib/semmle/code/java/controlflow/Dominance.qll
+++ b/java/ql/lib/semmle/code/java/controlflow/Dominance.qll
@@ -1,6 +1,8 @@
 /**
 * Provides classes and predicates for control-flow graph dominance.
 */
+overlay[local?]
+module;

 import java

@@ -93,6 +95,7 @@ predicate iDominates(ControlFlowNode dominator, ControlFlowNode node) {
 }

 /** Holds if `dom` strictly dominates `node`. */
+overlay[caller]
 pragma[inline]
 predicate strictlyDominates(ControlFlowNode dom, ControlFlowNode node) {
  // This predicate is gigantic, so it must be inlined.
@@ -102,6 +105,7 @@ predicate strictlyDominates(ControlFlowNode dom, ControlFlowNode node) {
 }

 /** Holds if `dom` dominates `node`. (This is reflexive.) */
+overlay[caller]
 pragma[inline]
 predicate dominates(ControlFlowNode dom, ControlFlowNode node) {
  // This predicate is gigantic, so it must be inlined.
@@ -111,6 +115,7 @@ predicate dominates(ControlFlowNode dom, ControlFlowNode node) {
 }

 /** Holds if `dom` strictly post-dominates `node`. */
+overlay[caller]
 pragma[inline]
 predicate strictlyPostDominates(ControlFlowNode dom, ControlFlowNode node) {
  // This predicate is gigantic, so it must be inlined.
@@ -120,6 +125,7 @@ predicate strictlyPostDominates(ControlFlowNode dom, ControlFlowNode node) {
 }

 /** Holds if `dom` post-dominates `node`. (This is reflexive.) */
+overlay[caller]
 pragma[inline]
 predicate postDominates(ControlFlowNode dom, ControlFlowNode node) {
  // This predicate is gigantic, so it must be inlined.
--- a/java/ql/lib/semmle/code/java/controlflow/Guards.qll
+++ b/java/ql/lib/semmle/code/java/controlflow/Guards.qll
@@ -2,6 +2,8 @@
 * Provides classes and predicates for reasoning about guards and the control
 * flow elements controlled by those guards.
 */
+overlay[local?]
+module;

 import java
 private import semmle.code.java.controlflow.Dominance
--- a/java/ql/lib/semmle/code/java/controlflow/Paths.qll
+++ b/java/ql/lib/semmle/code/java/controlflow/Paths.qll
@@ -2,6 +2,8 @@
 * This library provides predicates for reasoning about the set of all paths
 * through a callable.
 */
+overlay[local?]
+module;

 import java
 import semmle.code.java.dispatch.VirtualDispatch
--- a/java/ql/lib/semmle/code/java/controlflow/SuccessorType.qll
+++ b/java/ql/lib/semmle/code/java/controlflow/SuccessorType.qll
@@ -1,6 +1,8 @@
 /**
 * Provides different types of control flow successor types.
 */
+overlay[local?]
+module;

 import java
 private import codeql.util.Boolean
--- a/java/ql/lib/semmle/code/java/controlflow/UnreachableBlocks.qll
+++ b/java/ql/lib/semmle/code/java/controlflow/UnreachableBlocks.qll
@@ -1,6 +1,8 @@
 /**
 * Provides classes and predicates for identifying unreachable blocks under a "closed-world" assumption.
 */
+overlay[local?]
+module;

 import java
 import semmle.code.java.controlflow.Guards
--- a/java/ql/lib/semmle/code/java/controlflow/internal/GuardsLogic.qll
+++ b/java/ql/lib/semmle/code/java/controlflow/internal/GuardsLogic.qll
@@ -2,6 +2,8 @@
 * Provides predicates for working with the internal logic of the `Guards`
 * library.
 */
+overlay[local?]
+module;

 import java
 import semmle.code.java.controlflow.Guards
--- a/java/ql/lib/semmle/code/java/controlflow/internal/Preconditions.qll
+++ b/java/ql/lib/semmle/code/java/controlflow/internal/Preconditions.qll
@@ -3,6 +3,8 @@
 * `com.google.common.base.Preconditions` and
 * `org.apache.commons.lang3.Validate`.
 */
+overlay[local?]
+module;

 import java

--- a/java/ql/lib/semmle/code/java/controlflow/internal/SwitchCases.qll
+++ b/java/ql/lib/semmle/code/java/controlflow/internal/SwitchCases.qll
@@ -1,4 +1,6 @@
 /** Provides utility predicates relating to switch cases. */
+overlay[local?]
+module;

 import java

--- a/java/ql/lib/semmle/code/java/controlflow/unreachableblocks/ExcludeDebuggingProfilingLogging.qll
+++ b/java/ql/lib/semmle/code/java/controlflow/unreachableblocks/ExcludeDebuggingProfilingLogging.qll
@@ -1,3 +1,6 @@
+overlay[local?]
+module;
+
 import java
 import semmle.code.java.controlflow.UnreachableBlocks

--- a/java/ql/lib/semmle/code/java/dataflow/ApiSinks.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/ApiSinks.qll
@@ -1,4 +1,6 @@
 /** Provides classes representing various flow sinks for data flow / taint tracking. */
+overlay[local?]
+module;

 private import semmle.code.java.dataflow.FlowSinks as FlowSinks

--- a/java/ql/lib/semmle/code/java/dataflow/ApiSources.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/ApiSources.qll
@@ -1,4 +1,6 @@
 /** Provides classes representing various flow sources for data flow / taint tracking. */
+overlay[local?]
+module;

 private import semmle.code.java.dataflow.FlowSources as FlowSources

--- a/java/ql/lib/semmle/code/java/dataflow/Bound.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/Bound.qll
@@ -1,6 +1,8 @@
 /**
 * Provides classes for representing abstract bounds for use in, for example, range analysis.
 */
+overlay[local?]
+module;

 private import internal.rangeanalysis.BoundSpecific

--- a/java/ql/lib/semmle/code/java/dataflow/DataFlow.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/DataFlow.qll
@@ -2,6 +2,8 @@
 * Provides classes for performing local (intra-procedural) and
 * global (inter-procedural) data flow analyses.
 */
+overlay[local?]
+module;

 import java

--- a/java/ql/lib/semmle/code/java/dataflow/DefUse.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/DefUse.qll
@@ -2,6 +2,8 @@
 * Provides classes and predicates for def-use and use-use pairs. Built on top of the SSA library for
 * maximal precision.
 */
+overlay[local?]
+module;

 import java
 private import SSA
--- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
@@ -86,6 +86,8 @@
 *    This information is used in a heuristic for dataflow analysis to determine, if a
 *    model or source code should be used for determining flow.
 */
+overlay[local?]
+module;

 import java
 private import semmle.code.java.dataflow.DataFlow::DataFlow
--- a/java/ql/lib/semmle/code/java/dataflow/FlowSinks.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/FlowSinks.qll
@@ -1,4 +1,6 @@
 /** Provides classes representing various flow sinks for data flow / taint tracking. */
+overlay[local?]
+module;

 private import java
 private import semmle.code.java.dataflow.ExternalFlow
--- a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll
@@ -1,6 +1,8 @@
 /**
 * Provides classes representing various flow sources for taint tracking.
 */
+overlay[local?]
+module;

 import java
 import semmle.code.java.dataflow.DataFlow
--- a/java/ql/lib/semmle/code/java/dataflow/FlowSteps.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/FlowSteps.qll
@@ -1,6 +1,8 @@
 /**
 * Provides classes representing various flow steps for taint tracking.
 */
+overlay[local?]
+module;

 private import java
 private import semmle.code.java.dataflow.DataFlow
--- a/java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll
@@ -1,6 +1,8 @@
 /**
 * Provides classes and predicates for defining flow summaries.
 */
+overlay[local?]
+module;

 import java
 private import internal.FlowSummaryImpl as Impl
--- a/java/ql/lib/semmle/code/java/dataflow/InstanceAccess.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/InstanceAccess.qll
@@ -2,6 +2,8 @@
 * Provides classes and predicates for reasoning about explicit and implicit
 * instance accesses.
 */
+overlay[local?]
+module;

 import java

--- a/java/ql/lib/semmle/code/java/dataflow/IntegerGuards.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/IntegerGuards.qll
@@ -1,6 +1,8 @@
 /**
 * Provides classes and predicates for integer guards.
 */
+overlay[local?]
+module;

 import java
 private import SSA
--- a/java/ql/lib/semmle/code/java/dataflow/ModulusAnalysis.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/ModulusAnalysis.qll
@@ -3,6 +3,8 @@
 * an expression, `b` is a `Bound` (typically zero or the value of an SSA
 * variable), and `v` is an integer in the range `[0 .. m-1]`.
 */
+overlay[local?]
+module;

 private import internal.rangeanalysis.ModulusAnalysisSpecific::Private
 private import Bound
--- a/java/ql/lib/semmle/code/java/dataflow/NullGuards.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/NullGuards.qll
@@ -1,6 +1,8 @@
 /**
 * Provides classes and predicates for null guards.
 */
+overlay[local?]
+module;

 import java
 import SSA
--- a/java/ql/lib/semmle/code/java/dataflow/Nullness.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/Nullness.qll
@@ -6,6 +6,8 @@
 * hold, so results guarded by, for example, `assert x != null;` or
 * `if (x == null) { assert false; }` are excluded.
 */
+overlay[local?]
+module;

 /*
 * Implementation details:
--- a/java/ql/lib/semmle/code/java/dataflow/RangeAnalysis.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/RangeAnalysis.qll
@@ -8,6 +8,8 @@
 * If an inferred bound relies directly on a condition, then this condition is
 * reported as the reason for the bound.
 */
+overlay[local?]
+module;

 /*
 * This library tackles range analysis as a flow problem. Consider e.g.:
--- a/java/ql/lib/semmle/code/java/dataflow/RangeUtils.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/RangeUtils.qll
@@ -1,6 +1,8 @@
 /**
 * Provides utility predicates for range analysis.
 */
+overlay[local?]
+module;

 import java
 private import SSA
--- a/java/ql/lib/semmle/code/java/dataflow/SSA.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/SSA.qll
@@ -10,6 +10,8 @@
 * of the field in case the field is not amenable to a non-trivial SSA
 * representation.
 */
+overlay[local?]
+module;

 import java
 private import internal.SsaImpl
--- a/java/ql/lib/semmle/code/java/dataflow/SignAnalysis.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/SignAnalysis.qll
@@ -5,5 +5,7 @@
 * The analysis is implemented as an abstract interpretation over the
 * three-valued domain `{negative, zero, positive}`.
 */
+overlay[local?]
+module;

 import semmle.code.java.dataflow.internal.rangeanalysis.SignAnalysisCommon
--- a/java/ql/lib/semmle/code/java/dataflow/StringPrefixes.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/StringPrefixes.qll
@@ -25,6 +25,8 @@
 * String.format("%sfoo:%s", notSuffix, suffix4);
 * ```
 */
+overlay[local?]
+module;

 import java
 private import semmle.code.java.dataflow.TaintTracking
--- a/java/ql/lib/semmle/code/java/dataflow/TaintTracking.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/TaintTracking.qll
@@ -2,6 +2,8 @@
 * Provides classes for performing local (intra-procedural) and
 * global (inter-procedural) taint-tracking analyses.
 */
+overlay[local?]
+module;

 import semmle.code.java.dataflow.DataFlow
 import semmle.code.java.dataflow.internal.TaintTrackingUtil::StringBuilderVarModule
--- a/java/ql/lib/semmle/code/java/dataflow/TypeFlow.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/TypeFlow.qll
@@ -7,6 +7,8 @@
 * type has a subtype or if an inferred upper bound passed through at least one
 * explicit or implicit cast that lost type information.
 */
+overlay[local?]
+module;

 import java as J
 private import semmle.code.java.dispatch.VirtualDispatch
--- a/java/ql/lib/semmle/code/java/dataflow/internal/BaseSSA.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/BaseSSA.qll
@@ -10,6 +10,8 @@
 * This is a restricted version of SSA.qll that only handles `LocalScopeVariable`s
 * in order to not depend on virtual dispatch.
 */
+overlay[local?]
+module;

 import java
 private import codeql.ssa.Ssa as SsaImplCommon
--- a/java/ql/lib/semmle/code/java/dataflow/internal/ContainerFlow.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/ContainerFlow.qll
@@ -1,3 +1,6 @@
+overlay[local?]
+module;
+
 import java
 import semmle.code.java.Collections
 import semmle.code.java.Maps
--- a/java/ql/lib/semmle/code/java/dataflow/internal/ContentDataFlow.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/ContentDataFlow.qll
@@ -1,3 +1,6 @@
+overlay[local?]
+module;
+
 private import java
 private import DataFlowImplSpecific
 private import codeql.dataflow.internal.ContentDataFlowImpl
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowDispatch.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowDispatch.qll
@@ -1,3 +1,6 @@
+overlay[local?]
+module;
+
 private import java
 private import DataFlowPrivate
 private import DataFlowUtil
@@ -210,6 +213,7 @@ private module DispatchImpl {
  }

  /** Holds if arguments at position `apos` match parameters at position `ppos`. */
+  overlay[caller]
  pragma[inline]
  predicate parameterMatch(ParameterPosition ppos, ArgumentPosition apos) { ppos = apos }
 }
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll
@@ -1,3 +1,6 @@
+overlay[local?]
+module;
+
 private import DataFlowImplSpecific
 private import codeql.dataflow.internal.DataFlowImpl
 private import semmle.code.Location
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll
@@ -1,3 +1,6 @@
+overlay[local?]
+module;
+
 private import DataFlowImplSpecific
 private import semmle.code.Location
 private import codeql.dataflow.internal.DataFlowImplCommon
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplConsistency.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplConsistency.qll
@@ -2,6 +2,8 @@
 * Provides consistency queries for checking invariants in the language-specific
 * data-flow classes and predicates.
 */
+overlay[local?]
+module;

 private import java
 private import DataFlowImplSpecific
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplSpecific.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplSpecific.qll
@@ -1,6 +1,8 @@
 /**
 * Provides Java-specific definitions for use in the data flow library.
 */
+overlay[local?]
+module;

 private import semmle.code.Location
 private import codeql.dataflow.DataFlow
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll
@@ -1,3 +1,6 @@
+overlay[local?]
+module;
+
 private import java
 private import semmle.code.java.dataflow.InstanceAccess
 private import semmle.code.java.dataflow.ExternalFlow
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll
@@ -1,3 +1,6 @@
+overlay[local?]
+module;
+
 private import java
 private import DataFlowUtil
 private import DataFlowImplCommon
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll
@@ -1,6 +1,8 @@
 /**
 * Basic definitions for use in the data flow library.
 */
+overlay[local?]
+module;

 private import java
 private import DataFlowPrivate
@@ -77,6 +79,7 @@ private module ThisFlow {
 * Holds if data can flow from `node1` to `node2` in zero or more
 * local (intra-procedural) steps.
 */
+overlay[caller]
 pragma[inline]
 predicate localFlow(Node node1, Node node2) { node1 = node2 or localFlowStepPlus(node1, node2) }

@@ -86,6 +89,7 @@ private predicate localFlowStepPlus(Node node1, Node node2) = fastTC(localFlowSt
 * Holds if data can flow from `e1` to `e2` in zero or more
 * local (intra-procedural) steps.
 */
+overlay[caller]
 pragma[inline]
 predicate localExprFlow(Expr e1, Expr e2) { localFlow(exprNode(e1), exprNode(e2)) }

--- a/java/ql/lib/semmle/code/java/dataflow/internal/ExternalFlowExtensions.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/ExternalFlowExtensions.qll
@@ -1,6 +1,8 @@
 /**
 * This module provides extensible predicates for defining MaD models.
 */
+overlay[local?]
+module;

 /**
 * Holds if a source model exists for the given parameters.
--- a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll
@@ -1,6 +1,8 @@
 /**
 * Provides classes and predicates for defining flow summaries.
 */
+overlay[local?]
+module;

 private import java
 private import codeql.dataflow.internal.FlowSummaryImpl
--- a/java/ql/lib/semmle/code/java/dataflow/internal/ModelExclusions.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/ModelExclusions.qll
@@ -1,4 +1,6 @@
 /** Provides classes and predicates for exclusions related to MaD models. */
+overlay[local?]
+module;

 import java

--- a/Show More
+++ b/Show More