Merge branch 'main' into pawel_signatures_conversion

shared/controlflow/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 2.0.9
+
+No user-facing changes.
+
+## 2.0.8
+
+No user-facing changes.
+
 ## 2.0.7
 
 No user-facing changes.

shared/controlflow/change-notes/released/2.0.8.md

@@ -0,0 +1,3 @@
+## 2.0.8
+
+No user-facing changes.

shared/controlflow/change-notes/released/2.0.9.md

@@ -0,0 +1,3 @@
+## 2.0.9
+
+No user-facing changes.

shared/controlflow/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 2.0.7
+lastReleaseVersion: 2.0.9

shared/controlflow/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/controlflow
-version: 2.0.8-dev
+version: 2.0.10-dev
 groups: shared
 library: true
 dependencies:

shared/dataflow/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 2.0.9
+
+No user-facing changes.
+
+## 2.0.8
+
+No user-facing changes.
+
 ## 2.0.7
 
 No user-facing changes.

shared/dataflow/change-notes/released/2.0.8.md

@@ -0,0 +1,3 @@
+## 2.0.8
+
+No user-facing changes.

shared/dataflow/change-notes/released/2.0.9.md

@@ -0,0 +1,3 @@
+## 2.0.9
+
+No user-facing changes.

shared/dataflow/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 2.0.7
+lastReleaseVersion: 2.0.9

shared/dataflow/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/dataflow
-version: 2.0.8-dev
+version: 2.0.10-dev
 groups: shared
 library: true
 dependencies:

shared/mad/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 1.0.25
+
+No user-facing changes.
+
+## 1.0.24
+
+No user-facing changes.
+
 ## 1.0.23
 
 No user-facing changes.

shared/mad/change-notes/released/1.0.24.md

@@ -0,0 +1,3 @@
+## 1.0.24
+
+No user-facing changes.

shared/mad/change-notes/released/1.0.25.md

@@ -0,0 +1,3 @@
+## 1.0.25
+
+No user-facing changes.

shared/mad/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.23
+lastReleaseVersion: 1.0.25

shared/mad/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/mad
-version: 1.0.24-dev
+version: 1.0.26-dev
 groups: shared
 library: true
 dependencies:

shared/quantum/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 0.0.3
+
+No user-facing changes.
+
+## 0.0.2
+
+No user-facing changes.
+
 ## 0.0.1
 
 No user-facing changes.

shared/quantum/change-notes/released/0.0.2.md

@@ -0,0 +1,3 @@
+## 0.0.2
+
+No user-facing changes.

shared/quantum/change-notes/released/0.0.3.md

@@ -0,0 +1,3 @@
+## 0.0.3
+
+No user-facing changes.

shared/quantum/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.1
+lastReleaseVersion: 0.0.3

shared/quantum/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/quantum
-version: 0.0.2-dev
+version: 0.0.4-dev
 groups: shared
 library: true
 dependencies:

shared/rangeanalysis/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 1.0.25
+
+No user-facing changes.
+
+## 1.0.24
+
+No user-facing changes.
+
 ## 1.0.23
 
 No user-facing changes.

shared/rangeanalysis/change-notes/released/1.0.24.md

@@ -0,0 +1,3 @@
+## 1.0.24
+
+No user-facing changes.

shared/rangeanalysis/change-notes/released/1.0.25.md

@@ -0,0 +1,3 @@
+## 1.0.25
+
+No user-facing changes.

shared/rangeanalysis/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.23
+lastReleaseVersion: 1.0.25

shared/rangeanalysis/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/rangeanalysis
-version: 1.0.24-dev
+version: 1.0.26-dev
 groups: shared
 library: true
 dependencies:

shared/regex/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 1.0.25
+
+No user-facing changes.
+
+## 1.0.24
+
+No user-facing changes.
+
 ## 1.0.23
 
 No user-facing changes.

shared/regex/change-notes/released/1.0.24.md

@@ -0,0 +1,3 @@
+## 1.0.24
+
+No user-facing changes.

shared/regex/change-notes/released/1.0.25.md

@@ -0,0 +1,3 @@
+## 1.0.25
+
+No user-facing changes.

shared/regex/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.23
+lastReleaseVersion: 1.0.25

shared/regex/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/regex
-version: 1.0.24-dev
+version: 1.0.26-dev
 groups: shared
 library: true
 dependencies:

shared/ssa/CHANGELOG.md

@@ -1,3 +1,13 @@
+## 2.0.1
+
+No user-facing changes.
+
+## 2.0.0
+
+### Breaking Changes
+
+* Adjusted the Guards interface in the SSA data flow integration to distinguish `hasBranchEdge` from `controlsBranchEdge`. Any breakage can be fixed by implementing one with the other as a reasonable fallback solution.
+
 ## 1.1.2
 
 No user-facing changes.

shared/ssa/change-notes/released/2.0.0.md

@@ -1,4 +1,5 @@
----
-category: breaking
----
+## 2.0.0
+
+### Breaking Changes
+
 * Adjusted the Guards interface in the SSA data flow integration to distinguish `hasBranchEdge` from `controlsBranchEdge`. Any breakage can be fixed by implementing one with the other as a reasonable fallback solution.

shared/ssa/change-notes/released/2.0.1.md

@@ -0,0 +1,3 @@
+## 2.0.1
+
+No user-facing changes.

shared/ssa/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.1.2
+lastReleaseVersion: 2.0.1

shared/ssa/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/ssa
-version: 1.1.3-dev
+version: 2.0.2-dev
 groups: shared
 library: true
 dependencies:

shared/threat-models/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 1.0.25
+
+No user-facing changes.
+
+## 1.0.24
+
+No user-facing changes.
+
 ## 1.0.23
 
 No user-facing changes.

shared/threat-models/change-notes/released/1.0.24.md

@@ -0,0 +1,3 @@
+## 1.0.24
+
+No user-facing changes.

shared/threat-models/change-notes/released/1.0.25.md

@@ -0,0 +1,3 @@
+## 1.0.25
+
+No user-facing changes.

shared/threat-models/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.23
+lastReleaseVersion: 1.0.25

shared/threat-models/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/threat-models
-version: 1.0.24-dev
+version: 1.0.26-dev
 library: true
 groups: shared
 dataExtensions:

shared/tutorial/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 1.0.25
+
+No user-facing changes.
+
+## 1.0.24
+
+No user-facing changes.
+
 ## 1.0.23
 
 No user-facing changes.

shared/tutorial/change-notes/released/1.0.24.md

@@ -0,0 +1,3 @@
+## 1.0.24
+
+No user-facing changes.

shared/tutorial/change-notes/released/1.0.25.md

@@ -0,0 +1,3 @@
+## 1.0.25
+
+No user-facing changes.

shared/tutorial/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.23
+lastReleaseVersion: 1.0.25

shared/tutorial/qlpack.yml

@@ -1,7 +1,7 @@
 name: codeql/tutorial
 description: Library for the CodeQL detective tutorials, helping new users learn to
   write CodeQL queries.
-version: 1.0.24-dev
+version: 1.0.26-dev
 groups: shared
 library: true
 warnOnImplicitThis: true

shared/typeflow/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 1.0.25
+
+No user-facing changes.
+
+## 1.0.24
+
+No user-facing changes.
+
 ## 1.0.23
 
 No user-facing changes.

shared/typeflow/change-notes/released/1.0.24.md

@@ -0,0 +1,3 @@
+## 1.0.24
+
+No user-facing changes.

shared/typeflow/change-notes/released/1.0.25.md

@@ -0,0 +1,3 @@
+## 1.0.25
+
+No user-facing changes.

shared/typeflow/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.23
+lastReleaseVersion: 1.0.25

shared/typeflow/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/typeflow
-version: 1.0.24-dev
+version: 1.0.26-dev
 groups: shared
 library: true
 dependencies:

shared/typeinference/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 0.0.6
+
+No user-facing changes.
+
+## 0.0.5
+
+No user-facing changes.
+
 ## 0.0.4
 
 No user-facing changes.

shared/typeinference/change-notes/released/0.0.5.md

@@ -0,0 +1,3 @@
+## 0.0.5
+
+No user-facing changes.

shared/typeinference/change-notes/released/0.0.6.md

@@ -0,0 +1,3 @@
+## 0.0.6
+
+No user-facing changes.

shared/typeinference/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.4
+lastReleaseVersion: 0.0.6

shared/typeinference/codeql/typeinference/internal/TypeInference.qll

@@ -1,12 +1,126 @@
 /**
  * Provides shared functionality for computing type inference in QL.
  *
- * The code examples in this file use C# syntax, but the concepts should
- * carry over to other languages as well.
+ * The code examples in this file use C# syntax, but the concepts should carry
+ * over to other languages as well.
  *
- * The library is initialized in two phases: `Make1`, which constructs
- * the `TypePath` type, and `Make2`, which (using `TypePath` in the input
- * signature) constructs the `Matching` module.
+ * The library is initialized in two phases: `Make1`, which constructs the
+ * `TypePath` type, and `Make2`, which (using `TypePath` in the input signature)
+ * constructs the `Matching` and `IsInstantiationOf` modules.
+ *
+ * The intended use of this library is to define a predicate
+ *
+ * ```ql
+ * Type inferType(AstNode n, TypePath path)
+ * ```
+ *
+ * for recursively inferring the type-path-indexed types of AST nodes. For example,
+ * one may have a base case for literals like
+ *
+ * ```ql
+ * Type inferType(AstNode n, TypePath path) {
+ *   ...
+ *   n instanceof IntegerLiteral and
+ *   result instanceof IntType and
+ *   path.isEmpty()
+ *   ...
+ * }
+ * ```
+ *
+ * and recursive cases for local variables like
+ *
+ * ```ql
+ * Type inferType(AstNode n, TypePath path) {
+ *   ...
+ *   exists(LocalVariable v |
+ *     // propagate type information from the initializer to any access
+ *     n = v.getAnAccess() and
+ *     result = inferType(v.getInitializer(), path)
+ *     or
+ *     // propagate type information from any access back to the initializer; note
+ *     // that this case may not be relevant for all languages, but e.g. in Rust
+ *     // it is
+ *     n = v.getInitializer() and
+ *     result = inferType(v.getAnAccess(), path)
+ *   )
+ *   ...
+ * }
+ * ```
+ *
+ * The `Matching` module is used when an AST node references a potentially generic
+ * declaration, where the type of the node depends on the type of some of its sub
+ * nodes. For example, if we have a generic method like `T Identity<T>(T t)`, then
+ * the type of `Identity(42)` should be `int`, while the type of `Identity("foo")`
+ * should be `string`; in both cases it should _not_ be `T`.
+ *
+ * In order to infer the type of method calls, one would define something like
+ *
+ * ```ql
+ * private module MethodCallMatchingInput implements MatchingInputSig {
+ *   private newtype TDeclarationPosition =
+ *     TSelfDeclarationPosition() or
+ *     TPositionalDeclarationPosition(int pos) { ... } or
+ *     TReturnDeclarationPosition()
+ *
+ *   // A position inside a method with a declared type.
+ *   class DeclarationPosition extends TDeclarationPosition {
+ *     ...
+ *   }
+ *
+ *   class Declaration extends MethodCall {
+ *     // Gets a type parameter at `tppos` belonging to this method.
+ *     //
+ *     // For example, if this method is `T Identity<T>(T t)`, then `T`
+ *     // is at position `0`.
+ *     TypeParameter getTypeParameter(TypeParameterPosition tppos) { ... }
+ *
+ *     // Gets the declared type of this method at `dpos` and `path`.
+ *     //
+ *     // For example, if this method is `T Identity<T>(T t)`, then both the
+ *     // the return type and parameter position `0` is `T` with `path.isEmpty()`.
+ *     Type getDeclaredType(DeclarationPosition dpos, TypePath path) { ... }
+ *   }
+ *
+ *   // A position inside a method call with an inferred type
+ *   class AccessPosition = DeclarationPosition;
+ *
+ *   class Access extends MethodCall {
+ *     AstNode getNodeAt(AccessPosition apos) { ... }
+ *
+ *     // Gets the inferred type of the node at `apos` and `path`.
+ *     //
+ *     // For example, if this method call is `Identity(42)`, then the type
+ *     // at argument position `0` is `int` with `path.isEmpty()"`.
+ *     Type getInferredType(AccessPosition apos, TypePath path) {
+ *       result = inferType(this.getNodeAt(apos), path)
+ *     }
+ *
+ *     // Gets the method that this method call resolves to.
+ *     //
+ *     // This will typically be defined in mutual recursion with the `inferType`
+ *     // predicate, as we need to know the type of the receiver in order to
+ *     // resolve calls to instance methods.
+ *     Declaration getTarget() { ... }
+ *   }
+ *
+ *   predicate accessDeclarationPositionMatch(AccessPosition apos, DeclarationPosition dpos) {
+ *     apos = dpos
+ *   }
+ * }
+ *
+ * private module MethodCallMatching = Matching<MethodCallMatchingInput>;
+ *
+ * Type inferType(AstNode n, TypePath path) {
+ *   ...
+ *   exists(MethodCall mc, MethodCallMatchingInput::AccessPosition apos |
+ *     // Some languages may want to restrict `apos` to be the return position, but in
+ *     // e.g. Rust type information can flow out of all positions
+ *     n = a.getNodeAt(apos) and
+ *     result = MethodCallMatching::inferAccessType(a, apos, path)
+ *   )
+ *   ...
+ * }
+ * ```
  */
 
 private import codeql.util.Location
@@ -220,6 +334,10 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
     predicate isCons(TypeParameter tp, TypePath suffix) {
       suffix = this.stripPrefix(TypePath::singleton(tp))
     }
+
+    /** Gets the head of this path, if any. */
+    bindingset[this]
+    TypeParameter getHead() { result = this.getTypeParameter(0) }
   }
 
   /** Provides predicates for constructing `TypePath`s. */
@@ -419,27 +537,23 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
           )
       }
 
-      /**
-       * Holds if `app` is a possible instantiation of `tm` at `path`. That is
-       * the type at `path` in `tm` is either a type parameter or equal to the
-       * type at the same path in `app`.
-       */
-      bindingset[app, abs, tm, path]
-      private predicate satisfiesConcreteTypeAt(
-        App app, TypeAbstraction abs, TypeMention tm, TypePath path
+      pragma[nomagic]
+      private Type resolveNthTypeAt(
+        App app, TypeAbstraction abs, TypeMention tm, int i, TypePath path
       ) {
-        exists(Type t |
-          tm.resolveTypeAt(path) = t and
-          if t = abs.getATypeParameter() then any() else app.getTypeAt(path) = t
-        )
+        potentialInstantiationOf(app, abs, tm) and
+        path = getNthPath(tm, i) and
+        result = tm.resolveTypeAt(path)
       }
 
       pragma[nomagic]
       private predicate satisfiesConcreteTypesFromIndex(
         App app, TypeAbstraction abs, TypeMention tm, int i
       ) {
-        potentialInstantiationOf(app, abs, tm) and
-        satisfiesConcreteTypeAt(app, abs, tm, getNthPath(tm, i)) and
+        exists(Type t, TypePath path |
+          t = resolveNthTypeAt(app, abs, tm, i, path) and
+          if t = abs.getATypeParameter() then any() else app.getTypeAt(path) = t
+        ) and
         // Recurse unless we are at the first path
         if i = 0 then any() else satisfiesConcreteTypesFromIndex(app, abs, tm, i - 1)
       }
@@ -463,24 +577,34 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
        * Gets the path to the `i`th occurrence of `tp` within `tm` per some
        * arbitrary order, if any.
        */
+      pragma[nomagic]
       private TypePath getNthTypeParameterPath(TypeMention tm, TypeParameter tp, int i) {
         result =
           rank[i + 1](TypePath path | tp = tm.resolveTypeAt(path) and relevantTypeMention(tm) | path)
       }
 
+      pragma[nomagic]
+      private predicate typeParametersEqualFromIndexBase(
+        App app, TypeAbstraction abs, TypeMention tm, TypeParameter tp, TypePath path
+      ) {
+        path = getNthTypeParameterPath(tm, tp, 0) and
+        satisfiesConcreteTypes(app, abs, tm) and
+        // no need to compute this predicate if there is only one path
+        exists(getNthTypeParameterPath(tm, tp, 1))
+      }
+
       pragma[nomagic]
       private predicate typeParametersEqualFromIndex(
         App app, TypeAbstraction abs, TypeMention tm, TypeParameter tp, Type t, int i
       ) {
-        satisfiesConcreteTypes(app, abs, tm) and
         exists(TypePath path |
-          path = getNthTypeParameterPath(tm, tp, i) and
           t = app.getTypeAt(path) and
           if i = 0
-          then
-            // no need to compute this predicate if there is only one path
-            exists(getNthTypeParameterPath(tm, tp, 1))
-          else typeParametersEqualFromIndex(app, abs, tm, tp, t, i - 1)
+          then typeParametersEqualFromIndexBase(app, abs, tm, tp, path)
+          else (
+            typeParametersEqualFromIndex(app, abs, tm, tp, t, i - 1) and
+            path = getNthTypeParameterPath(tm, tp, i)
+          )
         )
       }
 
@@ -975,17 +1099,18 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
 
       private module AccessConstraint {
         predicate relevantAccessConstraint(
-          Access a, AccessPosition apos, TypePath path, Type constraint
+          Access a, Declaration target, AccessPosition apos, TypePath path, Type constraint
         ) {
           exists(DeclarationPosition dpos |
             accessDeclarationPositionMatch(apos, dpos) and
-            typeParameterConstraintHasTypeParameter(a.getTarget(), dpos, path, _, constraint, _, _)
+            target = a.getTarget() and
+            typeParameterConstraintHasTypeParameter(target, dpos, path, _, constraint, _, _)
           )
         }
 
         private newtype TRelevantAccess =
-          MkRelevantAccess(Access a, AccessPosition apos, TypePath path) {
-            relevantAccessConstraint(a, apos, path, _)
+          MkRelevantAccess(Access a, Declaration target, AccessPosition apos, TypePath path) {
+            relevantAccessConstraint(a, target, apos, path, _)
           }
 
         /**
@@ -994,19 +1119,20 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
          */
         private class RelevantAccess extends MkRelevantAccess {
           Access a;
+          Declaration target;
           AccessPosition apos;
           TypePath path;
 
-          RelevantAccess() { this = MkRelevantAccess(a, apos, path) }
+          RelevantAccess() { this = MkRelevantAccess(a, target, apos, path) }
 
           Type getTypeAt(TypePath suffix) {
-            a.getInferredType(apos, path.appendInverse(suffix)) = result
+            adjustedAccessType(a, apos, target, path.appendInverse(suffix), result)
           }
 
           /** Holds if this relevant access has the type `type` and should satisfy `constraint`. */
           predicate hasTypeConstraint(Type type, Type constraint) {
-            type = a.getInferredType(apos, path) and
-            relevantAccessConstraint(a, apos, path, constraint)
+            adjustedAccessType(a, apos, target, path, type) and
+            relevantAccessConstraint(a, target, apos, path, constraint)
           }
 
           string toString() {
@@ -1036,6 +1162,7 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
         /**
          * Holds if `at` satisfies `constraint` through `abs`, `sub`, and `constraintMention`.
          */
+        pragma[nomagic]
         private predicate hasConstraintMention(
           RelevantAccess at, TypeAbstraction abs, TypeMention sub, Type constraint,
           TypeMention constraintMention
@@ -1059,6 +1186,30 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
           )
         }
 
+        pragma[nomagic]
+        predicate satisfiesConstraintTypeMention0(
+          RelevantAccess at, Access a, AccessPosition apos, TypePath prefix, Type constraint,
+          TypeAbstraction abs, TypeMention sub, TypePath path, Type t
+        ) {
+          exists(TypeMention constraintMention |
+            at = MkRelevantAccess(a, _, apos, prefix) and
+            hasConstraintMention(at, abs, sub, constraint, constraintMention) and
+            conditionSatisfiesConstraintTypeAt(abs, sub, constraintMention, path, t)
+          )
+        }
+
+        pragma[nomagic]
+        predicate satisfiesConstraintTypeMention1(
+          RelevantAccess at, Access a, AccessPosition apos, TypePath prefix, Type constraint,
+          TypePath path, TypePath pathToTypeParamInSub
+        ) {
+          exists(TypeAbstraction abs, TypeMention sub, TypeParameter tp |
+            satisfiesConstraintTypeMention0(at, a, apos, prefix, constraint, abs, sub, path, tp) and
+            tp = abs.getATypeParameter() and
+            sub.resolveTypeAt(pathToTypeParamInSub) = tp
+          )
+        }
+
         /**
          * Holds if the type at `a`, `apos`, and `path` satisfies the constraint
          * `constraint` with the type `t` at `path`.
@@ -1067,22 +1218,18 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
         predicate satisfiesConstraintTypeMention(
           Access a, AccessPosition apos, TypePath prefix, Type constraint, TypePath path, Type t
         ) {
+          exists(TypeAbstraction abs |
+            satisfiesConstraintTypeMention0(_, a, apos, prefix, constraint, abs, _, path, t) and
+            not t = abs.getATypeParameter()
+          )
+          or
           exists(
-            RelevantAccess at, TypeAbstraction abs, TypeMention sub, Type t0, TypePath prefix0,
-            TypeMention constraintMention
+            RelevantAccess at, TypePath prefix0, TypePath pathToTypeParamInSub, TypePath suffix
           |
-            at = MkRelevantAccess(a, apos, prefix) and
-            hasConstraintMention(at, abs, sub, constraint, constraintMention) and
-            conditionSatisfiesConstraintTypeAt(abs, sub, constraintMention, prefix0, t0)
-          |
-            not t0 = abs.getATypeParameter() and t = t0 and path = prefix0
-            or
-            t0 = abs.getATypeParameter() and
-            exists(TypePath path3, TypePath suffix |
-              sub.resolveTypeAt(path3) = t0 and
-              at.getTypeAt(path3.appendInverse(suffix)) = t and
-              path = prefix0.append(suffix)
-            )
+            satisfiesConstraintTypeMention1(at, a, apos, prefix, constraint, prefix0,
+              pathToTypeParamInSub) and
+            at.getTypeAt(pathToTypeParamInSub.appendInverse(suffix)) = t and
+            path = prefix0.append(suffix)
           )
         }
       }
@@ -1110,7 +1257,7 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
         Declaration decl, DeclarationPosition dpos, Type base, TypePath path, TypeParameter tp
       ) {
         tp = decl.getDeclaredType(dpos, path) and
-        path.isCons(base.getATypeParameter(), _)
+        base.getATypeParameter() = path.getHead()
       }
 
       /**
@@ -1285,14 +1432,14 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
         exists(DeclarationPosition dpos | accessDeclarationPositionMatch(apos, dpos) |
           // A suffix of `path` leads to a type parameter in the target
           exists(Declaration target, TypePath prefix, TypeParameter tp, TypePath suffix |
-            tp = target.getDeclaredType(pragma[only_bind_into](dpos), prefix) and
+            tp = target.getDeclaredType(dpos, prefix) and
             path = prefix.append(suffix) and
             typeMatch(a, target, suffix, result, tp)
           )
           or
           // `path` corresponds directly to a concrete type in the declaration
           exists(Declaration target |
-            result = target.getDeclaredType(pragma[only_bind_into](dpos), path) and
+            result = target.getDeclaredType(dpos, path) and
             target = a.getTarget() and
             not result instanceof TypeParameter
           )

shared/typeinference/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/typeinference
-version: 0.0.5-dev
+version: 0.0.7-dev
 groups: shared
 library: true
 dependencies:

shared/typetracking/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 2.0.9
+
+No user-facing changes.
+
+## 2.0.8
+
+No user-facing changes.
+
 ## 2.0.7
 
 No user-facing changes.

shared/typetracking/change-notes/released/2.0.8.md

@@ -0,0 +1,3 @@
+## 2.0.8
+
+No user-facing changes.

shared/typetracking/change-notes/released/2.0.9.md

@@ -0,0 +1,3 @@
+## 2.0.9
+
+No user-facing changes.

shared/typetracking/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 2.0.7
+lastReleaseVersion: 2.0.9

shared/typetracking/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/typetracking
-version: 2.0.8-dev
+version: 2.0.10-dev
 groups: shared
 library: true
 dependencies:

shared/typos/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 1.0.25
+
+No user-facing changes.
+
+## 1.0.24
+
+No user-facing changes.
+
 ## 1.0.23
 
 No user-facing changes.

shared/typos/change-notes/released/1.0.24.md

@@ -0,0 +1,3 @@
+## 1.0.24
+
+No user-facing changes.

shared/typos/change-notes/released/1.0.25.md

@@ -0,0 +1,3 @@
+## 1.0.25
+
+No user-facing changes.

shared/typos/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.23
+lastReleaseVersion: 1.0.25

shared/typos/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/typos
-version: 1.0.24-dev
+version: 1.0.26-dev
 groups: shared
 library: true
 warnOnImplicitThis: true

shared/util/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 2.0.12
+
+No user-facing changes.
+
+## 2.0.11
+
+No user-facing changes.
+
 ## 2.0.10
 
 No user-facing changes.

shared/util/change-notes/released/2.0.11.md

@@ -0,0 +1,3 @@
+## 2.0.11
+
+No user-facing changes.

shared/util/change-notes/released/2.0.12.md

@@ -0,0 +1,3 @@
+## 2.0.12
+
+No user-facing changes.

shared/util/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 2.0.10
+lastReleaseVersion: 2.0.12

shared/util/codeql/util/test/ExternalLocationPostProcessing.qll

@@ -0,0 +1,30 @@
+/**
+ * Provides logic for creating a `@kind test-postprocess` query that converts
+ * external locations to a special `{EXTERNAL LOCATION}` string.
+ *
+ * This is useful for writing tests that use real locations when executed in
+ * VS Code, but prevents the "Location is outside of test directory" warning
+ * when executed through `codeql test run`.
+ */
+module;
+
+external private predicate queryResults(string relation, int row, int column, string data);
+
+external private predicate queryRelations(string relation);
+
+private signature string getSourceLocationPrefixSig();
+
+module Make<getSourceLocationPrefixSig/0 getSourceLocationPrefix> {
+  query predicate results(string relation, int row, int column, string data) {
+    exists(string s | queryResults(relation, row, column, s) |
+      if
+        not s = "file://" + any(string suffix) or
+        s = "file://:0:0:0:0" or
+        s = getSourceLocationPrefix() + any(string suffix)
+      then data = s
+      else data = "{EXTERNAL LOCATION}"
+    )
+  }
+
+  query predicate resultRelations(string relation) { queryRelations(relation) }
+}

shared/util/codeql/util/test/InlineExpectationsTest.qll

@@ -627,11 +627,11 @@ private string mainResultSet() { result = ["#select", "problems"] }
  * to be matched.
  */
 module TestPostProcessing {
-  external predicate queryResults(string relation, int row, int column, string data);
+  external private predicate queryResults(string relation, int row, int column, string data);
 
-  external predicate queryRelations(string relation);
+  external private predicate queryRelations(string relation);
 
-  external predicate queryMetadata(string key, string value);
+  external private predicate queryMetadata(string key, string value);
 
   private string getQueryId() { queryMetadata("id", result) }
 

shared/util/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/util
-version: 2.0.11-dev
+version: 2.0.13-dev
 groups: shared
 library: true
 dependencies: null

shared/xml/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 1.0.25
+
+No user-facing changes.
+
+## 1.0.24
+
+No user-facing changes.
+
 ## 1.0.23
 
 No user-facing changes.

shared/xml/change-notes/released/1.0.24.md

@@ -0,0 +1,3 @@
+## 1.0.24
+
+No user-facing changes.

shared/xml/change-notes/released/1.0.25.md

@@ -0,0 +1,3 @@
+## 1.0.25
+
+No user-facing changes.

shared/xml/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.23
+lastReleaseVersion: 1.0.25

shared/xml/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/xml
-version: 1.0.24-dev
+version: 1.0.26-dev
 groups: shared
 library: true
 dependencies:

shared/yaml/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 1.0.25
+
+No user-facing changes.
+
+## 1.0.24
+
+No user-facing changes.
+
 ## 1.0.23
 
 No user-facing changes.

shared/yaml/change-notes/released/1.0.24.md

@@ -0,0 +1,3 @@
+## 1.0.24
+
+No user-facing changes.

shared/yaml/change-notes/released/1.0.25.md

@@ -0,0 +1,3 @@
+## 1.0.25
+
+No user-facing changes.

shared/yaml/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.23
+lastReleaseVersion: 1.0.25

shared/yaml/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/yaml
-version: 1.0.24-dev
+version: 1.0.26-dev
 groups: shared
 library: true
 warnOnImplicitThis: true