Merge remote-tracking branch 'upstream/main' into igfoo/mb

.bazelversion

@@ -1 +1 @@
-8.1.1
+8.4.2

.github/dependabot.yml

@@ -40,3 +40,8 @@ updates:
       - dependency-name: "*"
     reviewers:
       - "github/codeql-go"
+
+  - package-ecosystem: bazel
+    directory: "/"
+    schedule:
+      interval: weekly

.github/workflows/codeql-analysis.yml

@@ -34,7 +34,7 @@ jobs:
     - name: Setup dotnet
       uses: actions/setup-dotnet@v4
       with:
-        dotnet-version: 9.0.300
+        dotnet-version: 10.0.100
 
     - name: Checkout repository
       uses: actions/checkout@v5

.github/workflows/csharp-qltest.yml

@@ -43,14 +43,14 @@ jobs:
       - name: Setup dotnet
         uses: actions/setup-dotnet@v4
         with:
-          dotnet-version: 9.0.300
+          dotnet-version: 10.0.100
       - name: Extractor unit tests
         run: |
           dotnet tool restore
-          dotnet test -p:RuntimeFrameworkVersion=9.0.5 extractor/Semmle.Util.Tests
-          dotnet test -p:RuntimeFrameworkVersion=9.0.5 extractor/Semmle.Extraction.Tests
-          dotnet test -p:RuntimeFrameworkVersion=9.0.5 autobuilder/Semmle.Autobuild.CSharp.Tests
-          dotnet test -p:RuntimeFrameworkVersion=9.0.5 autobuilder/Semmle.Autobuild.Cpp.Tests
+          dotnet test -p:RuntimeFrameworkVersion=10.0.0 extractor/Semmle.Util.Tests
+          dotnet test -p:RuntimeFrameworkVersion=10.0.0 extractor/Semmle.Extraction.Tests
+          dotnet test -p:RuntimeFrameworkVersion=10.0.0 autobuilder/Semmle.Autobuild.CSharp.Tests
+          dotnet test -p:RuntimeFrameworkVersion=10.0.0 autobuilder/Semmle.Autobuild.Cpp.Tests
         shell: bash
   stubgentest:
     runs-on: ubuntu-latest

MODULE.bazel

@@ -26,7 +26,7 @@ bazel_dep(name = "nlohmann_json", version = "3.11.3", repo_name = "json")
 bazel_dep(name = "fmt", version = "12.1.0-codeql.1")
 bazel_dep(name = "rules_kotlin", version = "2.1.3-codeql.1")
 bazel_dep(name = "gazelle", version = "0.40.0")
-bazel_dep(name = "rules_dotnet", version = "0.19.2-codeql.1")
+bazel_dep(name = "rules_dotnet", version = "0.21.5-codeql.1")
 bazel_dep(name = "googletest", version = "1.14.0.bcr.1")
 bazel_dep(name = "rules_rust", version = "0.66.0")
 bazel_dep(name = "zstd", version = "1.5.5.bcr.1")
@@ -172,7 +172,7 @@ http_archive(
 )
 
 dotnet = use_extension("@rules_dotnet//dotnet:extensions.bzl", "dotnet")
-dotnet.toolchain(dotnet_version = "9.0.300")
+dotnet.toolchain(dotnet_version = "10.0.100")
 use_repo(dotnet, "dotnet_toolchains")
 
 register_toolchains("@dotnet_toolchains//:all")
@@ -274,11 +274,11 @@ ripunzip_archive = use_repo_rule("//misc/ripunzip:ripunzip.bzl", "ripunzip_archi
 # go to https://github.com/GoogleChrome/ripunzip/releases to find latest version and corresponding sha256s
 ripunzip_archive(
     name = "ripunzip",
-    sha256_linux = "ee0e8a957687a5dc3a66b2a4b25883bf762df4c9c07f0651af527a32a405054b",
-    sha256_macos_arm = "8a88eea54eac232d162a72a42065e0429b82dbf4f05e9642915dff9d7a81f846",
-    sha256_macos_intel = "4457a18bfcc5feabe09f5ea3d1157128e07b4873392cb404a870e611924abf64",
-    sha256_windows = "66d0c1375301bf5ab815348048f43b110631d3fa7200acd50d50a8ed8655ca62",
-    version = "2.0.3",
+    sha256_linux = "71482d7a7e4ea9176d5596161c49250c34b136b157c45f632b1111323fbfc0de",
+    sha256_macos_arm = "604194ab13f0aba3972995d995f11002b8fc285c8170401fcd46655065df20c9",
+    sha256_macos_intel = "65367b94fd579d93d46f2d2595cc4c9a60cfcf497e3c824f9d1a7b80fa8bd38a",
+    sha256_windows = "ac3874075def2b9e5074a3b5945005ab082cc6e689e1de658da8965bc23e643e",
+    version = "2.0.4",
 )
 
 register_toolchains(

actions/ql/lib/change-notes/2025-11-28-fix-code-injection-alert-filtering.md

@@ -0,0 +1,4 @@
+---
+category: majorAnalysis
+---
+* The query `actions/code-injection/medium` has been updated to include results which were incorrectly excluded while filtering out results that are reported by `actions/code-injection/critical`.

actions/ql/lib/codeql/actions/security/CodeInjectionQuery.qll

@@ -19,12 +19,7 @@ class CodeInjectionSink extends DataFlow::Node {
 Event getRelevantCriticalEventForSink(DataFlow::Node sink) {
   inPrivilegedContext(sink.asExpr(), result) and
   not exists(ControlCheck check | check.protects(sink.asExpr(), result, "code-injection")) and
-  // exclude cases where the sink is a JS script and the expression uses toJson
-  not exists(UsesStep script |
-    script.getCallee() = "actions/github-script" and
-    script.getArgumentExpr("script") = sink.asExpr() and
-    exists(getAToJsonReferenceExpression(sink.asExpr().(Expression).getExpression(), _))
-  )
+  not isGithubScriptUsingToJson(sink.asExpr())
 }
 
 /**
@@ -91,3 +86,38 @@ private module CodeInjectionConfig implements DataFlow::ConfigSig {
 
 /** Tracks flow of unsafe user input that is used to construct and evaluate a code script. */
 module CodeInjectionFlow = TaintTracking::Global<CodeInjectionConfig>;
+
+/**
+ * Holds if there is a code injection flow from `source` to `sink` with
+ * critical severity, linked by `event`.
+ */
+predicate criticalSeverityCodeInjection(
+  CodeInjectionFlow::PathNode source, CodeInjectionFlow::PathNode sink, Event event
+) {
+  CodeInjectionFlow::flowPath(source, sink) and
+  event = getRelevantCriticalEventForSink(sink.getNode()) and
+  source.getNode().(RemoteFlowSource).getEventName() = event.getName()
+}
+
+/**
+ * Holds if there is a code injection flow from `source` to `sink` with medium severity.
+ */
+predicate mediumSeverityCodeInjection(
+  CodeInjectionFlow::PathNode source, CodeInjectionFlow::PathNode sink
+) {
+  CodeInjectionFlow::flowPath(source, sink) and
+  not criticalSeverityCodeInjection(source, sink, _) and
+  not isGithubScriptUsingToJson(sink.getNode().asExpr())
+}
+
+/**
+ * Holds if `expr` is the `script` input to `actions/github-script` and it uses
+ * `toJson`.
+ */
+predicate isGithubScriptUsingToJson(Expression expr) {
+  exists(UsesStep script |
+    script.getCallee() = "actions/github-script" and
+    script.getArgumentExpr("script") = expr and
+    exists(getAToJsonReferenceExpression(expr.getExpression(), _))
+  )
+}

actions/ql/src/Security/CWE-094/CodeInjectionCritical.ql

@@ -20,10 +20,7 @@ import CodeInjectionFlow::PathGraph
 import codeql.actions.security.ControlChecks
 
 from CodeInjectionFlow::PathNode source, CodeInjectionFlow::PathNode sink, Event event
-where
-  CodeInjectionFlow::flowPath(source, sink) and
-  event = getRelevantCriticalEventForSink(sink.getNode()) and
-  source.getNode().(RemoteFlowSource).getEventName() = event.getName()
+where criticalSeverityCodeInjection(source, sink, event)
 select sink.getNode(), source, sink,
   "Potential code injection in $@, which may be controlled by an external user ($@).", sink,
   sink.getNode().asExpr().(Expression).getRawExpression(), event, event.getName()

actions/ql/src/Security/CWE-094/CodeInjectionMedium.ql

@@ -19,15 +19,7 @@ import codeql.actions.security.CodeInjectionQuery
 import CodeInjectionFlow::PathGraph
 
 from CodeInjectionFlow::PathNode source, CodeInjectionFlow::PathNode sink
-where
-  CodeInjectionFlow::flowPath(source, sink) and
-  inNonPrivilegedContext(sink.getNode().asExpr()) and
-  // exclude cases where the sink is a JS script and the expression uses toJson
-  not exists(UsesStep script |
-    script.getCallee() = "actions/github-script" and
-    script.getArgumentExpr("script") = sink.getNode().asExpr() and
-    exists(getAToJsonReferenceExpression(sink.getNode().asExpr().(Expression).getExpression(), _))
-  )
+where mediumSeverityCodeInjection(source, sink)
 select sink.getNode(), source, sink,
   "Potential code injection in $@, which may be controlled by an external user.", sink,
   sink.getNode().asExpr().(Expression).getRawExpression()

actions/ql/src/Security/CWE-275/MissingActionsPermissions.md

@@ -2,6 +2,8 @@
 
 If a GitHub Actions job or workflow has no explicit permissions set, then the repository permissions are used. Repositories created under organizations inherit the organization permissions. The organizations or repositories created before February 2023 have the default permissions set to read-write. Often these permissions do not adhere to the principle of least privilege and can be reduced to read-only, leaving the `write` permission only to a specific types as `issues: write` or `pull-requests: write`.
 
+Note that this query cannot check whether the organization or repository token settings are set to read-only. However, even if they are, it is recommended to define explicit permissions (`contents: read` and `packages: read` are equivalent to the read-only default) so that (a) the actual needs of the workflow are documented, and (b) the permissions will remain restricted if the default is subsequently changed, or the workflow is copied to a different repository or organization.
+
 ## Recommendation
 
 Add the `permissions` key to the job or the root of workflow (in this case it is applied to all jobs in the workflow that do not have their own `permissions` key) and assign the least privileges required to complete the task.

actions/ql/test/query-tests/Security/CWE-094/.github/workflows/push_and_workflow_dispatch.yml

@@ -0,0 +1,18 @@
+on:
+  push:
+  workflow_dispatch:
+
+jobs:
+  echo-chamber:
+    runs-on: ubuntu-latest
+    steps:
+    - run: echo '${{ github.event.commits[11].message }}'
+    - run: echo '${{ github.event.commits[11].author.email }}'
+    - run: echo '${{ github.event.commits[11].author.name }}'
+    - run: echo '${{ github.event.head_commit.message }}'
+    - run: echo '${{ github.event.head_commit.author.email }}'
+    - run: echo '${{ github.event.head_commit.author.name }}'
+    - run: echo '${{ github.event.head_commit.committer.email }}'
+    - run: echo '${{ github.event.head_commit.committer.name }}'
+    - run: echo '${{ github.event.commits[11].committer.email }}'
+    - run: echo '${{ github.event.commits[11].committer.name }}'

actions/ql/test/query-tests/Security/CWE-094/CodeInjectionCritical.expected

@@ -435,6 +435,16 @@ nodes
 | .github/workflows/push.yml:14:19:14:64 | github.event.head_commit.committer.name | semmle.label | github.event.head_commit.committer.name |
 | .github/workflows/push.yml:15:19:15:65 | github.event.commits[11].committer.email | semmle.label | github.event.commits[11].committer.email |
 | .github/workflows/push.yml:16:19:16:64 | github.event.commits[11].committer.name | semmle.label | github.event.commits[11].committer.name |
+| .github/workflows/push_and_workflow_dispatch.yml:9:19:9:57 | github.event.commits[11].message | semmle.label | github.event.commits[11].message |
+| .github/workflows/push_and_workflow_dispatch.yml:10:19:10:62 | github.event.commits[11].author.email | semmle.label | github.event.commits[11].author.email |
+| .github/workflows/push_and_workflow_dispatch.yml:11:19:11:61 | github.event.commits[11].author.name | semmle.label | github.event.commits[11].author.name |
+| .github/workflows/push_and_workflow_dispatch.yml:12:19:12:57 | github.event.head_commit.message | semmle.label | github.event.head_commit.message |
+| .github/workflows/push_and_workflow_dispatch.yml:13:19:13:62 | github.event.head_commit.author.email | semmle.label | github.event.head_commit.author.email |
+| .github/workflows/push_and_workflow_dispatch.yml:14:19:14:61 | github.event.head_commit.author.name | semmle.label | github.event.head_commit.author.name |
+| .github/workflows/push_and_workflow_dispatch.yml:15:19:15:65 | github.event.head_commit.committer.email | semmle.label | github.event.head_commit.committer.email |
+| .github/workflows/push_and_workflow_dispatch.yml:16:19:16:64 | github.event.head_commit.committer.name | semmle.label | github.event.head_commit.committer.name |
+| .github/workflows/push_and_workflow_dispatch.yml:17:19:17:65 | github.event.commits[11].committer.email | semmle.label | github.event.commits[11].committer.email |
+| .github/workflows/push_and_workflow_dispatch.yml:18:19:18:64 | github.event.commits[11].committer.name | semmle.label | github.event.commits[11].committer.name |
 | .github/workflows/reusable-workflow-1.yml:6:7:6:11 | input taint | semmle.label | input taint |
 | .github/workflows/reusable-workflow-1.yml:36:21:36:39 | inputs.taint | semmle.label | inputs.taint |
 | .github/workflows/reusable-workflow-1.yml:44:19:44:56 | github.event.pull_request.title | semmle.label | github.event.pull_request.title |

actions/ql/test/query-tests/Security/CWE-094/CodeInjectionMedium.expected

@@ -435,6 +435,16 @@ nodes
 | .github/workflows/push.yml:14:19:14:64 | github.event.head_commit.committer.name | semmle.label | github.event.head_commit.committer.name |
 | .github/workflows/push.yml:15:19:15:65 | github.event.commits[11].committer.email | semmle.label | github.event.commits[11].committer.email |
 | .github/workflows/push.yml:16:19:16:64 | github.event.commits[11].committer.name | semmle.label | github.event.commits[11].committer.name |
+| .github/workflows/push_and_workflow_dispatch.yml:9:19:9:57 | github.event.commits[11].message | semmle.label | github.event.commits[11].message |
+| .github/workflows/push_and_workflow_dispatch.yml:10:19:10:62 | github.event.commits[11].author.email | semmle.label | github.event.commits[11].author.email |
+| .github/workflows/push_and_workflow_dispatch.yml:11:19:11:61 | github.event.commits[11].author.name | semmle.label | github.event.commits[11].author.name |
+| .github/workflows/push_and_workflow_dispatch.yml:12:19:12:57 | github.event.head_commit.message | semmle.label | github.event.head_commit.message |
+| .github/workflows/push_and_workflow_dispatch.yml:13:19:13:62 | github.event.head_commit.author.email | semmle.label | github.event.head_commit.author.email |
+| .github/workflows/push_and_workflow_dispatch.yml:14:19:14:61 | github.event.head_commit.author.name | semmle.label | github.event.head_commit.author.name |
+| .github/workflows/push_and_workflow_dispatch.yml:15:19:15:65 | github.event.head_commit.committer.email | semmle.label | github.event.head_commit.committer.email |
+| .github/workflows/push_and_workflow_dispatch.yml:16:19:16:64 | github.event.head_commit.committer.name | semmle.label | github.event.head_commit.committer.name |
+| .github/workflows/push_and_workflow_dispatch.yml:17:19:17:65 | github.event.commits[11].committer.email | semmle.label | github.event.commits[11].committer.email |
+| .github/workflows/push_and_workflow_dispatch.yml:18:19:18:64 | github.event.commits[11].committer.name | semmle.label | github.event.commits[11].committer.name |
 | .github/workflows/reusable-workflow-1.yml:6:7:6:11 | input taint | semmle.label | input taint |
 | .github/workflows/reusable-workflow-1.yml:36:21:36:39 | inputs.taint | semmle.label | inputs.taint |
 | .github/workflows/reusable-workflow-1.yml:44:19:44:56 | github.event.pull_request.title | semmle.label | github.event.pull_request.title |
@@ -719,6 +729,16 @@ subpaths
 | .github/workflows/push.yml:14:19:14:64 | github.event.head_commit.committer.name | .github/workflows/push.yml:14:19:14:64 | github.event.head_commit.committer.name | .github/workflows/push.yml:14:19:14:64 | github.event.head_commit.committer.name | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push.yml:14:19:14:64 | github.event.head_commit.committer.name | ${{ github.event.head_commit.committer.name }} |
 | .github/workflows/push.yml:15:19:15:65 | github.event.commits[11].committer.email | .github/workflows/push.yml:15:19:15:65 | github.event.commits[11].committer.email | .github/workflows/push.yml:15:19:15:65 | github.event.commits[11].committer.email | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push.yml:15:19:15:65 | github.event.commits[11].committer.email | ${{ github.event.commits[11].committer.email }} |
 | .github/workflows/push.yml:16:19:16:64 | github.event.commits[11].committer.name | .github/workflows/push.yml:16:19:16:64 | github.event.commits[11].committer.name | .github/workflows/push.yml:16:19:16:64 | github.event.commits[11].committer.name | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push.yml:16:19:16:64 | github.event.commits[11].committer.name | ${{ github.event.commits[11].committer.name }} |
+| .github/workflows/push_and_workflow_dispatch.yml:9:19:9:57 | github.event.commits[11].message | .github/workflows/push_and_workflow_dispatch.yml:9:19:9:57 | github.event.commits[11].message | .github/workflows/push_and_workflow_dispatch.yml:9:19:9:57 | github.event.commits[11].message | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push_and_workflow_dispatch.yml:9:19:9:57 | github.event.commits[11].message | ${{ github.event.commits[11].message }} |
+| .github/workflows/push_and_workflow_dispatch.yml:10:19:10:62 | github.event.commits[11].author.email | .github/workflows/push_and_workflow_dispatch.yml:10:19:10:62 | github.event.commits[11].author.email | .github/workflows/push_and_workflow_dispatch.yml:10:19:10:62 | github.event.commits[11].author.email | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push_and_workflow_dispatch.yml:10:19:10:62 | github.event.commits[11].author.email | ${{ github.event.commits[11].author.email }} |
+| .github/workflows/push_and_workflow_dispatch.yml:11:19:11:61 | github.event.commits[11].author.name | .github/workflows/push_and_workflow_dispatch.yml:11:19:11:61 | github.event.commits[11].author.name | .github/workflows/push_and_workflow_dispatch.yml:11:19:11:61 | github.event.commits[11].author.name | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push_and_workflow_dispatch.yml:11:19:11:61 | github.event.commits[11].author.name | ${{ github.event.commits[11].author.name }} |
+| .github/workflows/push_and_workflow_dispatch.yml:12:19:12:57 | github.event.head_commit.message | .github/workflows/push_and_workflow_dispatch.yml:12:19:12:57 | github.event.head_commit.message | .github/workflows/push_and_workflow_dispatch.yml:12:19:12:57 | github.event.head_commit.message | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push_and_workflow_dispatch.yml:12:19:12:57 | github.event.head_commit.message | ${{ github.event.head_commit.message }} |
+| .github/workflows/push_and_workflow_dispatch.yml:13:19:13:62 | github.event.head_commit.author.email | .github/workflows/push_and_workflow_dispatch.yml:13:19:13:62 | github.event.head_commit.author.email | .github/workflows/push_and_workflow_dispatch.yml:13:19:13:62 | github.event.head_commit.author.email | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push_and_workflow_dispatch.yml:13:19:13:62 | github.event.head_commit.author.email | ${{ github.event.head_commit.author.email }} |
+| .github/workflows/push_and_workflow_dispatch.yml:14:19:14:61 | github.event.head_commit.author.name | .github/workflows/push_and_workflow_dispatch.yml:14:19:14:61 | github.event.head_commit.author.name | .github/workflows/push_and_workflow_dispatch.yml:14:19:14:61 | github.event.head_commit.author.name | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push_and_workflow_dispatch.yml:14:19:14:61 | github.event.head_commit.author.name | ${{ github.event.head_commit.author.name }} |
+| .github/workflows/push_and_workflow_dispatch.yml:15:19:15:65 | github.event.head_commit.committer.email | .github/workflows/push_and_workflow_dispatch.yml:15:19:15:65 | github.event.head_commit.committer.email | .github/workflows/push_and_workflow_dispatch.yml:15:19:15:65 | github.event.head_commit.committer.email | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push_and_workflow_dispatch.yml:15:19:15:65 | github.event.head_commit.committer.email | ${{ github.event.head_commit.committer.email }} |
+| .github/workflows/push_and_workflow_dispatch.yml:16:19:16:64 | github.event.head_commit.committer.name | .github/workflows/push_and_workflow_dispatch.yml:16:19:16:64 | github.event.head_commit.committer.name | .github/workflows/push_and_workflow_dispatch.yml:16:19:16:64 | github.event.head_commit.committer.name | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push_and_workflow_dispatch.yml:16:19:16:64 | github.event.head_commit.committer.name | ${{ github.event.head_commit.committer.name }} |
+| .github/workflows/push_and_workflow_dispatch.yml:17:19:17:65 | github.event.commits[11].committer.email | .github/workflows/push_and_workflow_dispatch.yml:17:19:17:65 | github.event.commits[11].committer.email | .github/workflows/push_and_workflow_dispatch.yml:17:19:17:65 | github.event.commits[11].committer.email | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push_and_workflow_dispatch.yml:17:19:17:65 | github.event.commits[11].committer.email | ${{ github.event.commits[11].committer.email }} |
+| .github/workflows/push_and_workflow_dispatch.yml:18:19:18:64 | github.event.commits[11].committer.name | .github/workflows/push_and_workflow_dispatch.yml:18:19:18:64 | github.event.commits[11].committer.name | .github/workflows/push_and_workflow_dispatch.yml:18:19:18:64 | github.event.commits[11].committer.name | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push_and_workflow_dispatch.yml:18:19:18:64 | github.event.commits[11].committer.name | ${{ github.event.commits[11].committer.name }} |
 | .github/workflows/reusable-workflow-1.yml:36:21:36:39 | inputs.taint | .github/workflows/reusable-workflow-caller-1.yml:11:15:11:52 | github.event.pull_request.title | .github/workflows/reusable-workflow-1.yml:36:21:36:39 | inputs.taint | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/reusable-workflow-1.yml:36:21:36:39 | inputs.taint | ${{ inputs.taint }} |
 | .github/workflows/reusable-workflow-1.yml:53:26:53:39 | env.log | .github/workflows/reusable-workflow-1.yml:44:19:44:56 | github.event.pull_request.title | .github/workflows/reusable-workflow-1.yml:53:26:53:39 | env.log | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/reusable-workflow-1.yml:53:26:53:39 | env.log | ${{ env.log }} |
 | .github/workflows/reusable-workflow-1.yml:66:34:66:52 | env.prev_log | .github/workflows/reusable-workflow-1.yml:45:24:45:61 | github.event.changes.title.from | .github/workflows/reusable-workflow-1.yml:66:34:66:52 | env.prev_log | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/reusable-workflow-1.yml:66:34:66:52 | env.prev_log | ${{ env.prev_log }} |
@@ -729,6 +749,10 @@ subpaths
 | .github/workflows/test10.yml:333:34:333:77 | github.event.workflow_run.head_branch | .github/workflows/test10.yml:333:34:333:77 | github.event.workflow_run.head_branch | .github/workflows/test10.yml:333:34:333:77 | github.event.workflow_run.head_branch | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test10.yml:333:34:333:77 | github.event.workflow_run.head_branch | ${{ github.event.workflow_run.head_branch }} |
 | .github/workflows/test10.yml:423:34:423:77 | github.event.workflow_run.head_branch | .github/workflows/test10.yml:423:34:423:77 | github.event.workflow_run.head_branch | .github/workflows/test10.yml:423:34:423:77 | github.event.workflow_run.head_branch | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test10.yml:423:34:423:77 | github.event.workflow_run.head_branch | ${{ github.event.workflow_run.head_branch }} |
 | .github/workflows/test10.yml:518:34:518:77 | github.event.workflow_run.head_branch | .github/workflows/test10.yml:518:34:518:77 | github.event.workflow_run.head_branch | .github/workflows/test10.yml:518:34:518:77 | github.event.workflow_run.head_branch | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test10.yml:518:34:518:77 | github.event.workflow_run.head_branch | ${{ github.event.workflow_run.head_branch }} |
+| .github/workflows/test20.yml:15:54:15:94 | github.event.pull_request.head.ref | .github/workflows/test20.yml:15:54:15:94 | github.event.pull_request.head.ref | .github/workflows/test20.yml:15:54:15:94 | github.event.pull_request.head.ref | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test20.yml:15:54:15:94 | github.event.pull_request.head.ref | ${{ github.event.pull_request.head.ref }} |
+| .github/workflows/test21.yml:22:35:22:73 | github.event.head_commit.message | .github/workflows/test21.yml:22:35:22:73 | github.event.head_commit.message | .github/workflows/test21.yml:22:35:22:73 | github.event.head_commit.message | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test21.yml:22:35:22:73 | github.event.head_commit.message | ${{ github.event.head_commit.message }} |
+| .github/workflows/test21.yml:23:36:23:74 | github.event.head_commit.message | .github/workflows/test21.yml:23:36:23:74 | github.event.head_commit.message | .github/workflows/test21.yml:23:36:23:74 | github.event.head_commit.message | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test21.yml:23:36:23:74 | github.event.head_commit.message | ${{ github.event.head_commit.message }} |
+| .github/workflows/test21.yml:24:50:24:88 | github.event.head_commit.message | .github/workflows/test21.yml:24:50:24:88 | github.event.head_commit.message | .github/workflows/test21.yml:24:50:24:88 | github.event.head_commit.message | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test21.yml:24:50:24:88 | github.event.head_commit.message | ${{ github.event.head_commit.message }} |
 | .github/workflows/workflow_run_branches1.yml:13:20:13:63 | github.event.workflow_run.head_branch | .github/workflows/workflow_run_branches1.yml:13:20:13:63 | github.event.workflow_run.head_branch | .github/workflows/workflow_run_branches1.yml:13:20:13:63 | github.event.workflow_run.head_branch | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/workflow_run_branches1.yml:13:20:13:63 | github.event.workflow_run.head_branch | ${{ github.event.workflow_run.head_branch }} |
 | .github/workflows/workflow_run_branches2.yml:13:20:13:63 | github.event.workflow_run.head_branch | .github/workflows/workflow_run_branches2.yml:13:20:13:63 | github.event.workflow_run.head_branch | .github/workflows/workflow_run_branches2.yml:13:20:13:63 | github.event.workflow_run.head_branch | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/workflow_run_branches2.yml:13:20:13:63 | github.event.workflow_run.head_branch | ${{ github.event.workflow_run.head_branch }} |
 | .github/workflows/workflow_run_branches4.yml:13:20:13:63 | github.event.workflow_run.head_branch | .github/workflows/workflow_run_branches4.yml:13:20:13:63 | github.event.workflow_run.head_branch | .github/workflows/workflow_run_branches4.yml:13:20:13:63 | github.event.workflow_run.head_branch | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/workflow_run_branches4.yml:13:20:13:63 | github.event.workflow_run.head_branch | ${{ github.event.workflow_run.head_branch }} |

config/identical-files.json

@@ -282,6 +282,7 @@
     "java/ql/lib/semmle/code/java/internal/OverlayXml.qll",
     "go/ql/lib/semmle/go/internal/OverlayXml.qll",
     "python/ql/lib/semmle/python/internal/OverlayXml.qll",
-    "csharp/ql/lib/semmle/code/csharp/internal/OverlayXml.qll"
+    "csharp/ql/lib/semmle/code/csharp/internal/OverlayXml.qll",
+    "cpp/ql/lib/semmle/code/cpp/internal/OverlayXml.qll"
   ]
 }

cpp/ql/lib/change-notes/2026-01-02-constant-folding.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Some constants will now be represented by their unfolded expression trees. The `isConstant` predicate of `Expr` will no longer yield a result for those constants.

cpp/ql/lib/ext/empty.model.yml

@@ -9,6 +9,14 @@ extensions:
       pack: codeql/cpp-all
       extensible: sinkModel
     data: []
+  - addsTo:
+      pack: codeql/cpp-all
+      extensible: barrierModel
+    data: []
+  - addsTo:
+      pack: codeql/cpp-all
+      extensible: barrierGuardModel
+    data: []
   - addsTo:
       pack: codeql/cpp-all
       extensible: summaryModel

cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll

@@ -101,9 +101,10 @@ private import internal.FlowSummaryImpl
 private import internal.FlowSummaryImpl::Public
 private import internal.FlowSummaryImpl::Private
 private import internal.FlowSummaryImpl::Private::External
-private import internal.ExternalFlowExtensions as Extensions
+private import internal.ExternalFlowExtensions::Extensions as Extensions
 private import codeql.mad.ModelValidation as SharedModelVal
 private import codeql.util.Unit
+private import codeql.mad.static.ModelsAsData as SharedMaD
 
 /**
  * A unit class for adding additional source model rows.
@@ -144,134 +145,81 @@ predicate sinkModel(string row) { any(SinkModelCsv s).row(row) }
 /** Holds if `row` is a summary model. */
 predicate summaryModel(string row) { any(SummaryModelCsv s).row(row) }
 
-/** Holds if a source model exists for the given parameters. */
-predicate sourceModel(
-  string namespace, string type, boolean subtypes, string name, string signature, string ext,
-  string output, string kind, string provenance, string model
-) {
-  exists(string row |
-    sourceModel(row) and
-    row.splitAt(";", 0) = namespace and
-    row.splitAt(";", 1) = type and
-    row.splitAt(";", 2) = subtypes.toString() and
-    subtypes = [true, false] and
-    row.splitAt(";", 3) = name and
-    row.splitAt(";", 4) = signature and
-    row.splitAt(";", 5) = ext and
-    row.splitAt(";", 6) = output and
-    row.splitAt(";", 7) = kind
-  ) and
-  provenance = "manual" and
-  model = ""
-  or
-  exists(QlBuiltins::ExtensionId madId |
-    Extensions::sourceModel(namespace, type, subtypes, name, signature, ext, output, kind,
-      provenance, madId) and
-    model = "MaD:" + madId.toString()
-  )
+private module MadInput implements SharedMaD::InputSig {
+  /** Holds if a source model exists for the given parameters. */
+  predicate additionalSourceModel(
+    string namespace, string type, boolean subtypes, string name, string signature, string ext,
+    string output, string kind, string provenance, string model
+  ) {
+    exists(string row |
+      sourceModel(row) and
+      row.splitAt(";", 0) = namespace and
+      row.splitAt(";", 1) = type and
+      row.splitAt(";", 2) = subtypes.toString() and
+      subtypes = [true, false] and
+      row.splitAt(";", 3) = name and
+      row.splitAt(";", 4) = signature and
+      row.splitAt(";", 5) = ext and
+      row.splitAt(";", 6) = output and
+      row.splitAt(";", 7) = kind
+    ) and
+    provenance = "manual" and
+    model = ""
+  }
+
+  /** Holds if a sink model exists for the given parameters. */
+  predicate additionalSinkModel(
+    string namespace, string type, boolean subtypes, string name, string signature, string ext,
+    string input, string kind, string provenance, string model
+  ) {
+    exists(string row |
+      sinkModel(row) and
+      row.splitAt(";", 0) = namespace and
+      row.splitAt(";", 1) = type and
+      row.splitAt(";", 2) = subtypes.toString() and
+      subtypes = [true, false] and
+      row.splitAt(";", 3) = name and
+      row.splitAt(";", 4) = signature and
+      row.splitAt(";", 5) = ext and
+      row.splitAt(";", 6) = input and
+      row.splitAt(";", 7) = kind
+    ) and
+    provenance = "manual" and
+    model = ""
+  }
+
+  /**
+   * Holds if a summary model exists for the given parameters.
+   *
+   * This predicate does not expand `@` to `*`s.
+   */
+  predicate additionalSummaryModel(
+    string namespace, string type, boolean subtypes, string name, string signature, string ext,
+    string input, string output, string kind, string provenance, string model
+  ) {
+    exists(string row |
+      summaryModel(row) and
+      row.splitAt(";", 0) = namespace and
+      row.splitAt(";", 1) = type and
+      row.splitAt(";", 2) = subtypes.toString() and
+      subtypes = [true, false] and
+      row.splitAt(";", 3) = name and
+      row.splitAt(";", 4) = signature and
+      row.splitAt(";", 5) = ext and
+      row.splitAt(";", 6) = input and
+      row.splitAt(";", 7) = output and
+      row.splitAt(";", 8) = kind
+    ) and
+    provenance = "manual" and
+    model = ""
+  }
+
+  string namespaceSegmentSeparator() { result = "::" }
 }
 
-/** Holds if a sink model exists for the given parameters. */
-predicate sinkModel(
-  string namespace, string type, boolean subtypes, string name, string signature, string ext,
-  string input, string kind, string provenance, string model
-) {
-  exists(string row |
-    sinkModel(row) and
-    row.splitAt(";", 0) = namespace and
-    row.splitAt(";", 1) = type and
-    row.splitAt(";", 2) = subtypes.toString() and
-    subtypes = [true, false] and
-    row.splitAt(";", 3) = name and
-    row.splitAt(";", 4) = signature and
-    row.splitAt(";", 5) = ext and
-    row.splitAt(";", 6) = input and
-    row.splitAt(";", 7) = kind
-  ) and
-  provenance = "manual" and
-  model = ""
-  or
-  exists(QlBuiltins::ExtensionId madId |
-    Extensions::sinkModel(namespace, type, subtypes, name, signature, ext, input, kind, provenance,
-      madId) and
-    model = "MaD:" + madId.toString()
-  )
-}
+private module MaD = SharedMaD::ModelsAsData<Extensions, MadInput>;
 
-/**
- * Holds if a summary model exists for the given parameters.
- *
- * This predicate does not expand `@` to `*`s.
- */
-private predicate summaryModel0(
-  string namespace, string type, boolean subtypes, string name, string signature, string ext,
-  string input, string output, string kind, string provenance, string model
-) {
-  exists(string row |
-    summaryModel(row) and
-    row.splitAt(";", 0) = namespace and
-    row.splitAt(";", 1) = type and
-    row.splitAt(";", 2) = subtypes.toString() and
-    subtypes = [true, false] and
-    row.splitAt(";", 3) = name and
-    row.splitAt(";", 4) = signature and
-    row.splitAt(";", 5) = ext and
-    row.splitAt(";", 6) = input and
-    row.splitAt(";", 7) = output and
-    row.splitAt(";", 8) = kind
-  ) and
-  provenance = "manual" and
-  model = ""
-  or
-  exists(QlBuiltins::ExtensionId madId |
-    Extensions::summaryModel(namespace, type, subtypes, name, signature, ext, input, output, kind,
-      provenance, madId) and
-    model = "MaD:" + madId.toString()
-  )
-}
-
-/**
- * Holds if the given extension tuple `madId` should pretty-print as `model`.
- *
- * This predicate should only be used in tests.
- */
-predicate interpretModelForTest(QlBuiltins::ExtensionId madId, string model) {
-  exists(
-    string namespace, string type, boolean subtypes, string name, string signature, string ext,
-    string output, string kind, string provenance
-  |
-    Extensions::sourceModel(namespace, type, subtypes, name, signature, ext, output, kind,
-      provenance, madId)
-  |
-    model =
-      "Source: " + namespace + "; " + type + "; " + subtypes + "; " + name + "; " + signature + "; "
-        + ext + "; " + output + "; " + kind + "; " + provenance
-  )
-  or
-  exists(
-    string namespace, string type, boolean subtypes, string name, string signature, string ext,
-    string input, string kind, string provenance
-  |
-    Extensions::sinkModel(namespace, type, subtypes, name, signature, ext, input, kind, provenance,
-      madId)
-  |
-    model =
-      "Sink: " + namespace + "; " + type + "; " + subtypes + "; " + name + "; " + signature + "; " +
-        ext + "; " + input + "; " + kind + "; " + provenance
-  )
-  or
-  exists(
-    string namespace, string type, boolean subtypes, string name, string signature, string ext,
-    string input, string output, string kind, string provenance
-  |
-    Extensions::summaryModel(namespace, type, subtypes, name, signature, ext, input, output, kind,
-      provenance, madId)
-  |
-    model =
-      "Summary: " + namespace + "; " + type + "; " + subtypes + "; " + name + "; " + signature +
-        "; " + ext + "; " + input + "; " + output + "; " + kind + "; " + provenance
-  )
-}
+import MaD
 
 /**
  * Holds if `input` is `input0`, but with all occurrences of `@` replaced
@@ -294,69 +242,13 @@ predicate summaryModel(
   string input, string output, string kind, string provenance, string model
 ) {
   exists(string input0, string output0 |
-    summaryModel0(namespace, type, subtypes, name, signature, ext, input0, output0, kind,
+    MaD::summaryModel(namespace, type, subtypes, name, signature, ext, input0, output0, kind,
       provenance, model) and
     expandInputAndOutput(input0, input, output0, output,
       [0 .. Private::getMaxElementContentIndirectionIndex() - 1])
   )
 }
 
-private predicate relevantNamespace(string namespace) {
-  sourceModel(namespace, _, _, _, _, _, _, _, _, _) or
-  sinkModel(namespace, _, _, _, _, _, _, _, _, _) or
-  summaryModel(namespace, _, _, _, _, _, _, _, _, _, _)
-}
-
-private predicate namespaceLink(string shortns, string longns) {
-  relevantNamespace(shortns) and
-  relevantNamespace(longns) and
-  longns.prefix(longns.indexOf("::")) = shortns
-}
-
-private predicate canonicalNamespace(string namespace) {
-  relevantNamespace(namespace) and not namespaceLink(_, namespace)
-}
-
-private predicate canonicalNamespaceLink(string namespace, string subns) {
-  canonicalNamespace(namespace) and
-  (subns = namespace or namespaceLink(namespace, subns))
-}
-
-/**
- * Holds if MaD framework coverage of `namespace` is `n` api endpoints of the
- * kind `(kind, part)`, and `namespaces` is the number of subnamespaces of
- * `namespace` which have MaD framework coverage (including `namespace`
- * itself).
- */
-predicate modelCoverage(string namespace, int namespaces, string kind, string part, int n) {
-  namespaces = strictcount(string subns | canonicalNamespaceLink(namespace, subns)) and
-  (
-    part = "source" and
-    n =
-      strictcount(string subns, string type, boolean subtypes, string name, string signature,
-        string ext, string output, string provenance, string model |
-        canonicalNamespaceLink(namespace, subns) and
-        sourceModel(subns, type, subtypes, name, signature, ext, output, kind, provenance, model)
-      )
-    or
-    part = "sink" and
-    n =
-      strictcount(string subns, string type, boolean subtypes, string name, string signature,
-        string ext, string input, string provenance, string model |
-        canonicalNamespaceLink(namespace, subns) and
-        sinkModel(subns, type, subtypes, name, signature, ext, input, kind, provenance, model)
-      )
-    or
-    part = "summary" and
-    n =
-      strictcount(string subns, string type, boolean subtypes, string name, string signature,
-        string ext, string input, string output, string provenance |
-        canonicalNamespaceLink(namespace, subns) and
-        summaryModel(subns, type, subtypes, name, signature, ext, input, output, kind, provenance, _)
-      )
-  )
-}
-
 /** Provides a query predicate to check the CSV data for validation errors. */
 module CsvValidation {
   private string getInvalidModelInput() {

cpp/ql/lib/semmle/code/cpp/dataflow/internal/ExternalFlowExtensions.qll

@@ -2,6 +2,8 @@
  * This module provides extensible predicates for defining MaD models.
  */
 
+private import codeql.mad.static.ModelsAsData as SharedMaD
+
 /**
  * Holds if an external source model exists for the given parameters.
  */
@@ -18,6 +20,22 @@ extensible predicate sinkModel(
   string input, string kind, string provenance, QlBuiltins::ExtensionId madId
 );
 
+/**
+ * Holds if a barrier model exists for the given parameters.
+ */
+extensible predicate barrierModel(
+  string namespace, string type, boolean subtypes, string name, string signature, string ext,
+  string output, string kind, string provenance, QlBuiltins::ExtensionId madId
+);
+
+/**
+ * Holds if a barrier guard model exists for the given parameters.
+ */
+extensible predicate barrierGuardModel(
+  string namespace, string type, boolean subtypes, string name, string signature, string ext,
+  string input, string acceptingvalue, string kind, string provenance, QlBuiltins::ExtensionId madId
+);
+
 /**
  * Holds if an external summary model exists for the given parameters.
  */
@@ -25,3 +43,16 @@ extensible predicate summaryModel(
   string namespace, string type, boolean subtypes, string name, string signature, string ext,
   string input, string output, string kind, string provenance, QlBuiltins::ExtensionId madId
 );
+
+/**
+ * Holds if a neutral model exists for the given parameters.
+ */
+extensible predicate neutralModel(
+  string namespace, string type, string name, string signature, string kind, string provenance
+);
+
+module Extensions implements SharedMaD::ExtensionsSig {
+  import ExternalFlowExtensions
+
+  predicate namespaceGrouping(string group, string namespace) { none() }
+}

cpp/ql/lib/semmle/code/cpp/dataflow/internal/FlowSummaryImpl.qll

@@ -148,6 +148,19 @@ module SourceSinkInterpretationInput implements
     )
   }
 
+  predicate barrierElement(
+    Element n, string output, string kind, Public::Provenance provenance, string model
+  ) {
+    none()
+  }
+
+  predicate barrierGuardElement(
+    Element n, string input, Public::AcceptingValue acceptingvalue, string kind,
+    Public::Provenance provenance, string model
+  ) {
+    none()
+  }
+
   private newtype TInterpretNode =
     TElement_(Element n) or
     TNode_(Node n)

cpp/ql/lib/semmle/code/cpp/internal/Overlay.qll

@@ -2,6 +2,8 @@
  * Defines entity discard predicates for C++ overlay analysis.
  */
 
+private import OverlayXml
+
 /**
  * Holds always for the overlay variant and never for the base variant.
  * This local predicate is used to define local predicates that behave
@@ -20,9 +22,21 @@ private string getLocationFilePath(@location_default loc) {
  */
 overlay[local]
 private string getSingleLocationFilePath(@element e) {
-  // @var_decl has a direct location in the var_decls relation
-  exists(@location_default loc | var_decls(e, _, _, _, loc) | result = getLocationFilePath(loc))
-  //TODO: add other kinds of elements with single locations
+  exists(@location_default loc |
+    var_decls(e, _, _, _, loc)
+    or
+    fun_decls(e, _, _, _, loc)
+    or
+    type_decls(e, _, loc)
+    or
+    namespace_decls(e, _, loc, _)
+    or
+    macroinvocations(e, _, loc, _)
+    or
+    preprocdirects(e, _, loc)
+  |
+    result = getLocationFilePath(loc)
+  )
 }
 
 /**
@@ -30,11 +44,17 @@ private string getSingleLocationFilePath(@element e) {
  */
 overlay[local]
 private string getMultiLocationFilePath(@element e) {
-  // @variable gets its location(s) from its @var_decl(s)
-  exists(@var_decl vd, @location_default loc | var_decls(vd, e, _, _, loc) |
+  exists(@location_default loc |
+    exists(@var_decl vd | var_decls(vd, e, _, _, loc))
+    or
+    exists(@fun_decl fd | fun_decls(fd, e, _, _, loc))
+    or
+    exists(@type_decl td | type_decls(td, e, loc))
+    or
+    exists(@namespace_decl nd | namespace_decls(nd, e, loc, _))
+  |
     result = getLocationFilePath(loc)
   )
-  //TODO: add other kinds of elements with multiple locations
 }
 
 /**

cpp/ql/lib/semmle/code/cpp/internal/OverlayXml.qll

@@ -0,0 +1,46 @@
+overlay[local]
+module;
+
+/**
+ * A local predicate that always holds for the overlay variant and never holds for the base variant.
+ * This is used to define local predicates that behave differently for the base and overlay variant.
+ */
+private predicate isOverlay() { databaseMetadata("isOverlay", "true") }
+
+private string getXmlFile(@xmllocatable locatable) {
+  exists(@location_default location, @file file | xmllocations(locatable, location) |
+    locations_default(location, file, _, _, _, _) and
+    files(file, result)
+  )
+}
+
+private string getXmlFileInBase(@xmllocatable locatable) {
+  not isOverlay() and
+  result = getXmlFile(locatable)
+}
+
+/**
+ * Holds if the given `file` was extracted as part of the overlay and was extracted by the HTML/XML
+ * extractor.
+ */
+private predicate overlayXmlExtracted(string file) {
+  isOverlay() and
+  exists(@xmllocatable locatable |
+    not files(locatable, _) and not xmlNs(locatable, _, _, _) and file = getXmlFile(locatable)
+  )
+}
+
+/**
+ * Holds if the given XML `locatable` should be discarded, because it is part of the overlay base
+ * and is in a file that was also extracted as part of the overlay database.
+ */
+overlay[discard_entity]
+private predicate discardXmlLocatable(@xmllocatable locatable) {
+  exists(string file | file = getXmlFileInBase(locatable) |
+    overlayChangedFiles(file)
+    or
+    // The HTML/XML extractor is currently not incremental and may extract more files than those
+    // included in overlayChangedFiles.
+    overlayXmlExtracted(file)
+  )
+}

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll

@@ -1051,12 +1051,12 @@ module BarrierGuardWithIntParam<guardChecksNodeSig/4 guardChecksNode> {
   }
 
   private predicate guardChecksInstr(
-    IRGuards::Guards_v1::Guard g, IRGuards::GuardsInput::Expr instr, boolean branch,
+    IRGuards::Guards_v1::Guard g, IRGuards::GuardsInput::Expr instr, IRGuards::GuardValue gv,
     int indirectionIndex
   ) {
     exists(Node node |
       nodeHasInstruction(node, instr, indirectionIndex) and
-      guardChecksNode(g, node, branch, indirectionIndex)
+      guardChecksNode(g, node, gv.asBooleanValue(), indirectionIndex)
     )
   }
 
@@ -1064,8 +1064,8 @@ module BarrierGuardWithIntParam<guardChecksNodeSig/4 guardChecksNode> {
     DataFlowIntegrationInput::Guard g, SsaImpl::Definition def, IRGuards::GuardValue val,
     int indirectionIndex
   ) {
-    IRGuards::Guards_v1::ValidationWrapperWithState<int, guardChecksInstr/4>::guardChecksDef(g, def,
-      val, indirectionIndex)
+    IRGuards::Guards_v1::ParameterizedValidationWrapper<int, guardChecksInstr/4>::guardChecksDef(g,
+      def, val, indirectionIndex)
   }
 
   Node getABarrierNode(int indirectionIndex) {

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImplCommon.qll

@@ -688,15 +688,9 @@ private module Cached {
       conversionFlow(mid, instr, false, _)
     )
     or
-    exists(int ind0 |
-      exists(Operand address |
-        isDereference(operand.getDef(), address, _) and
-        isUseImpl(address, base, ind0)
-      )
-      or
-      isUseImpl(operand.getDef().(InitializeParameterInstruction).getAnOperand(), base, ind0)
-    |
-      ind0 = ind - 1
+    exists(Operand address |
+      isDereference(operand.getDef(), address, _) and
+      isUseImpl(address, base, ind - 1)
     )
   }
 

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll

@@ -2679,7 +2679,7 @@ class TranslatedDestructorFieldDestruction extends TranslatedNonConstantExpr, St
   final override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
     tag = OnlyInstructionTag() and
     operandTag instanceof UnaryOperandTag and
-    result = getTranslatedFunction(getEnclosingFunction(expr)).getInitializeThisInstruction()
+    result = getTranslatedFunction(getEnclosingFunction(expr)).getLoadThisInstruction()
   }
 
   final override Field getInstructionField(InstructionTag tag) {

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedFunction.qll

@@ -306,11 +306,11 @@ class TranslatedFunction extends TranslatedRootElement, TTranslatedFunction {
   final predicate hasReturnValue() { hasReturnValue(func) }
 
   /**
-   * Gets the single `InitializeThis` instruction for this function. Holds only
-   * if the function is an instance member function, constructor, or destructor.
+   * Gets the first load of `this` for this function. Holds only if the function
+   * is an instance member function, constructor, or destructor.
    */
-  final Instruction getInitializeThisInstruction() {
-    result = getTranslatedThisParameter(func).getInstruction(InitializerStoreTag())
+  final Instruction getLoadThisInstruction() {
+    result = getTranslatedThisParameter(func).getInstruction(InitializerIndirectAddressTag())
   }
 
   /**
@@ -639,7 +639,7 @@ class TranslatedConstructorInitList extends TranslatedElement, InitializationCon
   }
 
   override Instruction getTargetAddress() {
-    result = getTranslatedFunction(func).getInitializeThisInstruction()
+    result = getTranslatedFunction(func).getLoadThisInstruction()
   }
 
   override Type getTargetType() { result = getTranslatedFunction(func).getThisType() }

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedInitialization.qll

@@ -950,7 +950,7 @@ abstract class TranslatedBaseStructorCall extends TranslatedStructorCallFromStru
   final override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
     tag = OnlyInstructionTag() and
     operandTag instanceof UnaryOperandTag and
-    result = getTranslatedFunction(this.getFunction()).getInitializeThisInstruction()
+    result = getTranslatedFunction(this.getFunction()).getLoadThisInstruction()
   }
 
   final override predicate getInstructionInheritance(
@@ -1000,7 +1000,7 @@ class TranslatedConstructorDelegationInit extends TranslatedConstructorCallFromC
   }
 
   final override Instruction getReceiver() {
-    result = getTranslatedFunction(this.getFunction()).getInitializeThisInstruction()
+    result = getTranslatedFunction(this.getFunction()).getLoadThisInstruction()
   }
 }
 

cpp/ql/lib/semmle/code/cpp/rangeanalysis/SimpleRangeAnalysis.qll

@@ -158,22 +158,6 @@ private class UnsignedBitwiseAndExpr extends BitwiseAndExpr {
   }
 }
 
-/**
- * Gets the floor of `v`, with additional logic to work around issues with
- * large numbers.
- */
-bindingset[v]
-float safeFloor(float v) {
-  // return the floor of v
-  v.abs() < 2.pow(31) and
-  result = v.floor()
-  or
-  // `floor()` doesn't work correctly on large numbers (since it returns an integer),
-  // so fall back to unrounded numbers at this scale.
-  not v.abs() < 2.pow(31) and
-  result = v
-}
-
 /** A `MulExpr` where exactly one operand is constant. */
 private class MulByConstantExpr extends MulExpr {
   float constant;
@@ -1266,7 +1250,7 @@ private float getLowerBoundsImpl(Expr expr) {
       rsExpr = expr and
       left = getFullyConvertedLowerBounds(rsExpr.getLeftOperand()) and
       right = getValue(rsExpr.getRightOperand().getFullyConverted()).toInt() and
-      result = safeFloor(left / 2.pow(right))
+      result = (left / 2.pow(right)).floorFloat()
     )
     // Not explicitly modeled by a SimpleRangeAnalysisExpr
   ) and
@@ -1475,7 +1459,7 @@ private float getUpperBoundsImpl(Expr expr) {
       rsExpr = expr and
       left = getFullyConvertedUpperBounds(rsExpr.getLeftOperand()) and
       right = getValue(rsExpr.getRightOperand().getFullyConverted()).toInt() and
-      result = safeFloor(left / 2.pow(right))
+      result = (left / 2.pow(right)).floorFloat()
     )
     // Not explicitly modeled by a SimpleRangeAnalysisExpr
   ) and
@@ -1725,6 +1709,22 @@ predicate nonNanGuardedVariable(Expr guard, VariableAccess v, boolean branch) {
   nanExcludingComparison(guard, branch)
 }
 
+/**
+ * Adjusts a lower bound to its meaning for integral types.
+ *
+ * Examples:
+ * `>= 3.0` becomes `3.0`
+ * ` > 3.0` becomes `4.0`
+ * `>= 3.5` becomes `4.0`
+ * ` > 3.5` becomes `4.0`
+ */
+bindingset[strictness, lb]
+private float adjustLowerBoundIntegral(RelationStrictness strictness, float lb) {
+  if strictness = Nonstrict() and lb.floorFloat() = lb
+  then result = lb
+  else result = lb.floorFloat() + 1
+}
+
 /**
  * If the guard is a comparison of the form `p*v + q <CMP> r`, then this
  * predicate uses the bounds information for `r` to compute a lower bound
@@ -1736,15 +1736,29 @@ private predicate lowerBoundFromGuard(Expr guard, VariableAccess v, float lb, bo
   |
     if nonNanGuardedVariable(guard, v, branch)
     then
-      if
-        strictness = Nonstrict() or
-        not getVariableRangeType(v.getTarget()) instanceof IntegralType
-      then lb = childLB
-      else lb = childLB + 1
+      if getVariableRangeType(v.getTarget()) instanceof IntegralType
+      then lb = adjustLowerBoundIntegral(strictness, childLB)
+      else lb = childLB
     else lb = varMinVal(v.getTarget())
   )
 }
 
+/**
+ * Adjusts an upper bound to its meaning for integral types.
+ *
+ * Examples:
+ * `<= 3.0` becomes `3.0`
+ * ` < 3.0` becomes `2.0`
+ * `<= 3.5` becomes `3.0`
+ * ` < 3.5` becomes `3.0`
+ */
+bindingset[strictness, ub]
+private float adjustUpperBoundIntegral(RelationStrictness strictness, float ub) {
+  if strictness = Nonstrict() and ub.ceilFloat() = ub
+  then result = ub
+  else result = ub.ceilFloat() - 1
+}
+
 /**
  * If the guard is a comparison of the form `p*v + q <CMP> r`, then this
  * predicate uses the bounds information for `r` to compute a upper bound
@@ -1756,11 +1770,9 @@ private predicate upperBoundFromGuard(Expr guard, VariableAccess v, float ub, bo
   |
     if nonNanGuardedVariable(guard, v, branch)
     then
-      if
-        strictness = Nonstrict() or
-        not getVariableRangeType(v.getTarget()) instanceof IntegralType
-      then ub = childUB
-      else ub = childUB - 1
+      if getVariableRangeType(v.getTarget()) instanceof IntegralType
+      then ub = adjustUpperBoundIntegral(strictness, childUB)
+      else ub = childUB
     else ub = varMaxVal(v.getTarget())
   )
 }

cpp/ql/src/Likely Bugs/Arithmetic/PointlessComparison.ql

@@ -25,11 +25,16 @@ import UnsignedGEZero
 //
 // So to reduce the number of false positives, we do not report a result if
 // the comparison is in a macro expansion. Similarly for template
-// instantiations.
+// instantiations, static asserts, non-type template arguments, enum constants,
+// and constexprs.
 from ComparisonOperation cmp, SmallSide ss, float left, float right, boolean value, string reason
 where
   not cmp.isInMacroExpansion() and
   not cmp.isFromTemplateInstantiation(_) and
+  not exists(StaticAssert s | s.getCondition() = cmp.getParent*()) and
+  not exists(Declaration d | d.getATemplateArgument() = cmp.getParent*()) and
+  not exists(Variable v | v.isConstexpr() | v.getInitializer().getExpr() = cmp.getParent*()) and
+  not exists(EnumConstant e | e.getInitializer().getExpr() = cmp.getParent*()) and
   not functionContainsDisabledCode(cmp.getEnclosingFunction()) and
   reachablePointlessComparison(cmp, left, right, value, ss) and
   // a comparison between an enum and zero is always valid because whether

cpp/ql/src/Security/CWE/CWE-020/ExternalAPIs.qll

@@ -10,7 +10,7 @@ import ExternalAPIsSpecific
 
 /** A node representing untrusted data being passed to an external API. */
 class UntrustedExternalApiDataNode extends ExternalApiDataNode {
-  UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flow(_, this) }
+  UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flowTo(this) }
 
   /** Gets a source of untrusted data which is passed to this external API data node. */
   DataFlow::Node getAnUntrustedSource() { UntrustedDataToExternalApiFlow::flow(result, this) }

cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIs.qll

@@ -10,7 +10,7 @@ import ExternalAPIsSpecific
 
 /** A node representing untrusted data being passed to an external API. */
 class UntrustedExternalApiDataNode extends ExternalApiDataNode {
-  UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flow(_, this) }
+  UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flowTo(this) }
 
   /** Gets a source of untrusted data which is passed to this external API data node. */
   DataFlow::Node getAnUntrustedSource() { UntrustedDataToExternalApiFlow::flow(result, this) }

cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql

@@ -263,7 +263,7 @@ module FromSensitiveFlow = TaintTracking::Global<FromSensitiveConfig>;
  * A taint flow configuration for flow from a sensitive expression to an encryption operation.
  */
 module ToEncryptionConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { FromSensitiveFlow::flow(source, _) }
+  predicate isSource(DataFlow::Node source) { FromSensitiveFlow::flowFrom(source) }
 
   predicate isSink(DataFlow::Node sink) { isSinkEncrypt(sink, _) }
 
@@ -311,7 +311,7 @@ where
   FromSensitiveFlow::flowPath(source, sink) and
   isSinkSendRecv(sink.getNode(), networkSendRecv) and
   // no flow from sensitive -> evidence of encryption
-  not ToEncryptionFlow::flow(source.getNode(), _) and
+  not ToEncryptionFlow::flowFrom(source.getNode()) and
   not FromEncryptionFlow::flowTo(sink.getNode()) and
   // construct result
   if networkSendRecv instanceof NetworkSend

cpp/ql/src/change-notes/2026-01-02-constant-comparison.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The `cpp/constant-comparison` query has been updated to not produce false positives for constants that are now represented by their unfolded expression trees.

cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql

@@ -129,7 +129,7 @@ module PointerArithmeticToDerefFlow = DataFlow::Global<PointerArithmeticToDerefC
 
 predicate pointerArithOverflow(PointerArithmeticInstruction pai, int delta) {
   pointerArithOverflow0(pai, delta) and
-  PointerArithmeticToDerefFlow::flow(DataFlow::instructionNode(pai), _)
+  PointerArithmeticToDerefFlow::flowFrom(DataFlow::instructionNode(pai))
 }
 
 bindingset[v]

cpp/ql/test/library-tests/constants/addresses/addresses.cpp

@@ -26,9 +26,7 @@ void constantAddresses(int param) {
     constexpr int *array2d = &int_arr_arr[1][1] + 1;
     constexpr int *const_ints = &int_arr_arr[int_const][extern_int_const];
 
-    // Commented out because clang and EDG disagree on whether this is
-    // constant.
-    //constexpr int *stmtexpr_int = &int_arr[ ({ 1; }) ];
+    constexpr int *stmtexpr_int = &int_arr[ ({ 1; }) ];
 
     constexpr int *comma_int = &int_arr[ ((void)0, 1) ];
     constexpr int *comma_addr = ((void)0, &int_var);

cpp/ql/test/library-tests/constants/addresses/addresses.expected

@@ -0,0 +1,5 @@
+| addresses.cpp:29:35:29:54 | & ... | stmtexpr_int | misclassified as NOT constant |
+| addresses.cpp:31:32:31:55 | & ... | comma_int | misclassified as NOT constant |
+| addresses.cpp:36:39:36:70 | ... ? ... : ... | ternary_ptr_cond | misclassified as NOT constant |
+| addresses.cpp:37:35:37:69 | & ... | ptr_subtract | misclassified as NOT constant |
+| addresses.cpp:39:35:39:50 | ... + ... | constexpr_va | misclassified as NOT constant |

cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected

@@ -193,10 +193,10 @@ edges
 | C.cpp:18:12:18:18 | call to C [s3] | C.cpp:18:12:18:18 | *new [s3] | provenance |  |
 | C.cpp:19:5:19:5 | *c [s1] | C.cpp:27:8:27:11 | *this [s1] | provenance |  |
 | C.cpp:19:5:19:5 | *c [s3] | C.cpp:27:8:27:11 | *this [s3] | provenance |  |
+| C.cpp:22:3:22:3 | *C [post update] [s1] | C.cpp:22:3:22:3 | *this [Return] [s1] | provenance |  |
 | C.cpp:22:3:22:3 | *this [Return] [s1] | C.cpp:18:12:18:18 | call to C [s1] | provenance |  |
 | C.cpp:22:3:22:3 | *this [Return] [s3] | C.cpp:18:12:18:18 | call to C [s3] | provenance |  |
-| C.cpp:22:3:22:3 | *this [post update] [s1] | C.cpp:22:3:22:3 | *this [Return] [s1] | provenance |  |
-| C.cpp:22:12:22:21 | new | C.cpp:22:3:22:3 | *this [post update] [s1] | provenance |  |
+| C.cpp:22:12:22:21 | new | C.cpp:22:3:22:3 | *C [post update] [s1] | provenance |  |
 | C.cpp:22:12:22:21 | new | C.cpp:22:12:22:21 | new | provenance |  |
 | C.cpp:24:5:24:8 | *this [post update] [s3] | C.cpp:22:3:22:3 | *this [Return] [s3] | provenance |  |
 | C.cpp:24:5:24:25 | ... = ... | C.cpp:24:5:24:8 | *this [post update] [s3] | provenance |  |
@@ -736,12 +736,12 @@ edges
 | constructors.cpp:19:22:19:23 | *this [b_] | constructors.cpp:19:22:19:23 | b_ | provenance |  |
 | constructors.cpp:19:22:19:23 | b_ | constructors.cpp:19:9:19:9 | *b | provenance |  |
 | constructors.cpp:19:22:19:23 | b_ | constructors.cpp:19:22:19:23 | b_ | provenance |  |
-| constructors.cpp:23:5:23:7 | *this [post update] [a_] | constructors.cpp:23:5:23:7 | *this [Return] [a_] | provenance |  |
-| constructors.cpp:23:5:23:7 | *this [post update] [b_] | constructors.cpp:23:5:23:7 | *this [Return] [b_] | provenance |  |
+| constructors.cpp:23:5:23:7 | *Foo [post update] [a_] | constructors.cpp:23:5:23:7 | *this [Return] [a_] | provenance |  |
+| constructors.cpp:23:5:23:7 | *Foo [post update] [b_] | constructors.cpp:23:5:23:7 | *this [Return] [b_] | provenance |  |
 | constructors.cpp:23:13:23:13 | a | constructors.cpp:23:28:23:28 | a | provenance |  |
 | constructors.cpp:23:20:23:20 | b | constructors.cpp:23:35:23:35 | b | provenance |  |
-| constructors.cpp:23:28:23:28 | a | constructors.cpp:23:5:23:7 | *this [post update] [a_] | provenance |  |
-| constructors.cpp:23:35:23:35 | b | constructors.cpp:23:5:23:7 | *this [post update] [b_] | provenance |  |
+| constructors.cpp:23:28:23:28 | a | constructors.cpp:23:5:23:7 | *Foo [post update] [a_] | provenance |  |
+| constructors.cpp:23:35:23:35 | b | constructors.cpp:23:5:23:7 | *Foo [post update] [b_] | provenance |  |
 | constructors.cpp:26:15:26:15 | *f [a_] | constructors.cpp:28:10:28:10 | *f [a_] | provenance |  |
 | constructors.cpp:26:15:26:15 | *f [b_] | constructors.cpp:29:10:29:10 | *f [b_] | provenance |  |
 | constructors.cpp:28:10:28:10 | *f [a_] | constructors.cpp:18:9:18:9 | *this [a_] | provenance |  |
@@ -1122,9 +1122,9 @@ nodes
 | C.cpp:18:12:18:18 | call to C [s3] | semmle.label | call to C [s3] |
 | C.cpp:19:5:19:5 | *c [s1] | semmle.label | *c [s1] |
 | C.cpp:19:5:19:5 | *c [s3] | semmle.label | *c [s3] |
+| C.cpp:22:3:22:3 | *C [post update] [s1] | semmle.label | *C [post update] [s1] |
 | C.cpp:22:3:22:3 | *this [Return] [s1] | semmle.label | *this [Return] [s1] |
 | C.cpp:22:3:22:3 | *this [Return] [s3] | semmle.label | *this [Return] [s3] |
-| C.cpp:22:3:22:3 | *this [post update] [s1] | semmle.label | *this [post update] [s1] |
 | C.cpp:22:12:22:21 | new | semmle.label | new |
 | C.cpp:22:12:22:21 | new | semmle.label | new |
 | C.cpp:24:5:24:8 | *this [post update] [s3] | semmle.label | *this [post update] [s3] |
@@ -1678,10 +1678,10 @@ nodes
 | constructors.cpp:19:22:19:23 | *this [b_] | semmle.label | *this [b_] |
 | constructors.cpp:19:22:19:23 | b_ | semmle.label | b_ |
 | constructors.cpp:19:22:19:23 | b_ | semmle.label | b_ |
+| constructors.cpp:23:5:23:7 | *Foo [post update] [a_] | semmle.label | *Foo [post update] [a_] |
+| constructors.cpp:23:5:23:7 | *Foo [post update] [b_] | semmle.label | *Foo [post update] [b_] |
 | constructors.cpp:23:5:23:7 | *this [Return] [a_] | semmle.label | *this [Return] [a_] |
 | constructors.cpp:23:5:23:7 | *this [Return] [b_] | semmle.label | *this [Return] [b_] |
-| constructors.cpp:23:5:23:7 | *this [post update] [a_] | semmle.label | *this [post update] [a_] |
-| constructors.cpp:23:5:23:7 | *this [post update] [b_] | semmle.label | *this [post update] [b_] |
 | constructors.cpp:23:13:23:13 | a | semmle.label | a |
 | constructors.cpp:23:20:23:20 | b | semmle.label | b |
 | constructors.cpp:23:28:23:28 | a | semmle.label | a |

cpp/ql/test/library-tests/ir/ir/aliased_ssa_consistency.expected

@@ -27,7 +27,7 @@ invalidOverlap
 nonUniqueEnclosingIRFunction
 fieldAddressOnNonPointer
 thisArgumentIsNonPointer
-| ir.cpp:2546:34:2546:34 | Call: call to operator bool | Call instruction 'Call: call to operator bool' has a `this` argument operand that is not an address, in function '$@'. | ir.cpp:2545:6:2545:23 | void this_inconsistency(bool) | void this_inconsistency(bool) |
+| ir.cpp:2548:34:2548:34 | Call: call to operator bool | Call instruction 'Call: call to operator bool' has a `this` argument operand that is not an address, in function '$@'. | ir.cpp:2547:6:2547:23 | void this_inconsistency(bool) | void this_inconsistency(bool) |
 nonUniqueIRVariable
 nonBooleanOperand
 missingCppType

cpp/ql/test/library-tests/ir/ir/aliased_ssa_consistency_unsound.expected

@@ -27,7 +27,7 @@ invalidOverlap
 nonUniqueEnclosingIRFunction
 fieldAddressOnNonPointer
 thisArgumentIsNonPointer
-| ir.cpp:2546:34:2546:34 | Call: call to operator bool | Call instruction 'Call: call to operator bool' has a `this` argument operand that is not an address, in function '$@'. | ir.cpp:2545:6:2545:23 | void this_inconsistency(bool) | void this_inconsistency(bool) |
+| ir.cpp:2548:34:2548:34 | Call: call to operator bool | Call instruction 'Call: call to operator bool' has a `this` argument operand that is not an address, in function '$@'. | ir.cpp:2547:6:2547:23 | void this_inconsistency(bool) | void this_inconsistency(bool) |
 nonUniqueIRVariable
 nonBooleanOperand
 missingCppType

cpp/ql/test/library-tests/ir/ir/ir.cpp

@@ -1214,6 +1214,8 @@ void VectorTypes(int i) {
   vi4[i] = x;
   vector(4, int) vi4_shuffle = __builtin_shufflevector(vi4, vi4, 3+0, 2, 1, 0);
   vi4 = vi4 + vi4_shuffle;
+  vi4 = vi4 && vi4_shuffle;
+  vi4 = vi4 || vi4_shuffle;
 }
 
 void *memcpy(void *dst, void *src, int size);

cpp/ql/test/library-tests/ir/ir/raw_consistency.expected

@@ -20,7 +20,7 @@ multipleIRTypes
 lostReachability
 backEdgeCountMismatch
 useNotDominatedByDefinition
-| ir.cpp:1535:8:1535:8 | Unary | Operand 'Unary' is not dominated by its definition in function '$@'. | ir.cpp:1535:8:1535:8 | void StructuredBindingDataMemberStruct::StructuredBindingDataMemberStruct() | void StructuredBindingDataMemberStruct::StructuredBindingDataMemberStruct() |
+| ir.cpp:1537:8:1537:8 | Unary | Operand 'Unary' is not dominated by its definition in function '$@'. | ir.cpp:1537:8:1537:8 | void StructuredBindingDataMemberStruct::StructuredBindingDataMemberStruct() | void StructuredBindingDataMemberStruct::StructuredBindingDataMemberStruct() |
 switchInstructionWithoutDefaultEdge
 notMarkedAsConflated
 wronglyMarkedAsConflated
@@ -28,7 +28,7 @@ invalidOverlap
 nonUniqueEnclosingIRFunction
 fieldAddressOnNonPointer
 thisArgumentIsNonPointer
-| ir.cpp:2546:34:2546:34 | Call: call to operator bool | Call instruction 'Call: call to operator bool' has a `this` argument operand that is not an address, in function '$@'. | ir.cpp:2545:6:2545:23 | void this_inconsistency(bool) | void this_inconsistency(bool) |
+| ir.cpp:2548:34:2548:34 | Call: call to operator bool | Call instruction 'Call: call to operator bool' has a `this` argument operand that is not an address, in function '$@'. | ir.cpp:2547:6:2547:23 | void this_inconsistency(bool) | void this_inconsistency(bool) |
 nonUniqueIRVariable
 nonBooleanOperand
 missingCppType

cpp/ql/test/library-tests/ir/ir/unaliased_ssa_consistency.expected

@@ -27,7 +27,7 @@ invalidOverlap
 nonUniqueEnclosingIRFunction
 fieldAddressOnNonPointer
 thisArgumentIsNonPointer
-| ir.cpp:2546:34:2546:34 | Call: call to operator bool | Call instruction 'Call: call to operator bool' has a `this` argument operand that is not an address, in function '$@'. | ir.cpp:2545:6:2545:23 | void this_inconsistency(bool) | void this_inconsistency(bool) |
+| ir.cpp:2548:34:2548:34 | Call: call to operator bool | Call instruction 'Call: call to operator bool' has a `this` argument operand that is not an address, in function '$@'. | ir.cpp:2547:6:2547:23 | void this_inconsistency(bool) | void this_inconsistency(bool) |
 nonUniqueIRVariable
 nonBooleanOperand
 missingCppType

cpp/ql/test/library-tests/ir/ir/unaliased_ssa_consistency_unsound.expected

@@ -27,7 +27,7 @@ invalidOverlap
 nonUniqueEnclosingIRFunction
 fieldAddressOnNonPointer
 thisArgumentIsNonPointer
-| ir.cpp:2546:34:2546:34 | Call: call to operator bool | Call instruction 'Call: call to operator bool' has a `this` argument operand that is not an address, in function '$@'. | ir.cpp:2545:6:2545:23 | void this_inconsistency(bool) | void this_inconsistency(bool) |
+| ir.cpp:2548:34:2548:34 | Call: call to operator bool | Call instruction 'Call: call to operator bool' has a `this` argument operand that is not an address, in function '$@'. | ir.cpp:2547:6:2547:23 | void this_inconsistency(bool) | void this_inconsistency(bool) |
 nonUniqueIRVariable
 nonBooleanOperand
 missingCppType

cpp/ql/test/library-tests/rangeanalysis/SimpleRangeAnalysis/ternaryLower.expected

@@ -1,148 +1,153 @@
 | test.c:154:10:154:40 | ... ? ... : ... | -1.0 | 1.0 | -1.0 |
-| test.c:357:8:357:23 | ... ? ... : ... | 0.0 | 0.0 | 10.0 |
-| test.c:358:8:358:24 | ... ? ... : ... | 0.0 | 10.0 | 0.0 |
-| test.c:366:10:366:15 | ... ? ... : ... | 0.0 | 0.0 | 5.0 |
-| test.c:367:10:367:17 | ... ? ... : ... | 0.0 | 0.0 | 500.0 |
-| test.c:368:10:368:21 | ... ? ... : ... | 1.0 | 1.0 | 500.0 |
-| test.c:369:10:369:36 | ... ? ... : ... | 0.0 | 1.0 | 5.0 |
-| test.c:370:10:370:38 | ... ? ... : ... | 0.0 | 1.0 | 500.0 |
-| test.c:371:10:371:39 | ... ? ... : ... | 1.0 | 1.0 | 500.0 |
-| test.c:379:8:379:24 | ... ? ... : ... | 101.0 | 101.0 | 110.0 |
-| test.c:380:8:380:25 | ... ? ... : ... | 101.0 | 110.0 | 101.0 |
-| test.c:385:10:385:21 | ... ? ... : ... | 0.0 | 0.0 | 5.0 |
-| test.c:386:10:386:21 | ... ? ... : ... | 100.0 | 100.0 | 5.0 |
-| test.c:387:10:387:38 | ... ? ... : ... | 0.0 | 100.0 | 5.0 |
-| test.c:394:14:394:108 | ... ? ... : ... | 0.14333887 | 0.14333887 | 0.40496805 |
-| test.c:394:18:394:95 | ... ? ... : ... | 0.14333887 | 0.14333887 | 0.21540225 |
-| test.c:394:22:394:82 | ... ? ... : ... | 0.14333887 | 0.14333887 | 0.39206458 |
-| test.c:394:26:394:69 | ... ? ... : ... | 0.14333887 | 0.14333887 | 0.35279203 |
-| test.c:394:30:394:56 | ... ? ... : ... | 0.14333887 | 0.47438827 | 0.14333887 |
-| test.c:395:14:395:108 | ... ? ... : ... | 0.22247853 | 0.22247853 | 0.5297741 |
-| test.c:395:18:395:95 | ... ? ... : ... | 0.22247853 | 0.22247853 | 0.59270465 |
-| test.c:395:22:395:82 | ... ? ... : ... | 0.22247853 | 0.22247853 | 0.32661893 |
-| test.c:395:26:395:69 | ... ? ... : ... | 0.22247853 | 0.34183348 | 0.22247853 |
-| test.c:395:30:395:56 | ... ? ... : ... | 0.34183348 | 0.34183348 | 0.3533464 |
-| test.c:396:14:396:108 | ... ? ... : ... | 0.05121256 | 0.05121256 | 0.67981451 |
-| test.c:396:18:396:95 | ... ? ... : ... | 0.05121256 | 0.05121256 | 0.79310745 |
-| test.c:396:22:396:82 | ... ? ... : ... | 0.05121256 | 0.31235514 | 0.05121256 |
-| test.c:396:26:396:69 | ... ? ... : ... | 0.31235514 | 0.31478084 | 0.31235514 |
-| test.c:396:30:396:56 | ... ? ... : ... | 0.31478084 | 0.77429603 | 0.31478084 |
-| test.c:397:14:397:108 | ... ? ... : ... | 0.36976948 | 0.36976948 | 0.83866835 |
-| test.c:397:18:397:95 | ... ? ... : ... | 0.36976948 | 0.44729556 | 0.36976948 |
-| test.c:397:22:397:82 | ... ? ... : ... | 0.44729556 | 0.44729556 | 0.59952732 |
-| test.c:397:26:397:69 | ... ? ... : ... | 0.44729556 | 0.44729556 | 0.98997262 |
-| test.c:397:30:397:56 | ... ? ... : ... | 0.44729556 | 0.44729556 | 0.80599202 |
-| test.c:398:14:398:108 | ... ? ... : ... | 0.10597712 | 0.10597712 | 0.68734874 |
-| test.c:398:18:398:95 | ... ? ... : ... | 0.10597712 | 0.10597712 | 0.72485966 |
-| test.c:398:22:398:82 | ... ? ... : ... | 0.10597712 | 0.10597712 | 0.21778426 |
-| test.c:398:26:398:69 | ... ? ... : ... | 0.10597712 | 0.49311828 | 0.10597712 |
-| test.c:398:30:398:56 | ... ? ... : ... | 0.49311828 | 0.49311828 | 0.90389911 |
-| test.c:399:14:399:108 | ... ? ... : ... | 0.1078665 | 0.1078665 | 0.58440865 |
-| test.c:399:18:399:95 | ... ? ... : ... | 0.1078665 | 0.1078665 | 0.34808892 |
-| test.c:399:22:399:82 | ... ? ... : ... | 0.1078665 | 0.1078665 | 0.76164052 |
-| test.c:399:26:399:69 | ... ? ... : ... | 0.1078665 | 0.1078665 | 0.11884576 |
-| test.c:399:30:399:56 | ... ? ... : ... | 0.1078665 | 0.47452848 | 0.1078665 |
-| test.c:400:14:400:108 | ... ? ... : ... | 0.02524326 | 0.02524326 | 0.36232384 |
-| test.c:400:18:400:95 | ... ? ... : ... | 0.02524326 | 0.02524326 | 0.85235179 |
-| test.c:400:22:400:82 | ... ? ... : ... | 0.02524326 | 0.02524326 | 0.12516558 |
-| test.c:400:26:400:69 | ... ? ... : ... | 0.02524326 | 0.02524326 | 0.95823075 |
-| test.c:400:30:400:56 | ... ? ... : ... | 0.02524326 | 0.02524326 | 0.82905046 |
-| test.c:401:14:401:108 | ... ? ... : ... | 0.14963485 | 0.14963485 | 0.84331272 |
-| test.c:401:18:401:95 | ... ? ... : ... | 0.14963485 | 0.14963485 | 0.48640909 |
-| test.c:401:22:401:82 | ... ? ... : ... | 0.14963485 | 0.14963485 | 0.45041108 |
-| test.c:401:26:401:69 | ... ? ... : ... | 0.14963485 | 0.32876044 | 0.14963485 |
-| test.c:401:30:401:56 | ... ? ... : ... | 0.32876044 | 0.38708626 | 0.32876044 |
-| test.c:402:14:402:108 | ... ? ... : ... | 0.05328182 | 0.14800508 | 0.05328182 |
-| test.c:402:18:402:95 | ... ? ... : ... | 0.14800508 | 0.14800508 | 0.37428143 |
-| test.c:402:22:402:82 | ... ? ... : ... | 0.14800508 | 0.15755063 | 0.14800508 |
-| test.c:402:26:402:69 | ... ? ... : ... | 0.15755063 | 0.15755063 | 0.26428481 |
-| test.c:402:30:402:56 | ... ? ... : ... | 0.15755063 | 0.15755063 | 0.77086833 |
-| test.c:403:14:403:108 | ... ? ... : ... | 0.27643238 | 0.27643238 | 0.69072144 |
-| test.c:403:18:403:95 | ... ? ... : ... | 0.27643238 | 0.27643238 | 0.39468857 |
-| test.c:403:22:403:82 | ... ? ... : ... | 0.27643238 | 0.27643238 | 0.55679274 |
-| test.c:403:26:403:69 | ... ? ... : ... | 0.27643238 | 0.41736536 | 0.27643238 |
-| test.c:403:30:403:56 | ... ? ... : ... | 0.41736536 | 0.41736536 | 0.76826628 |
-| test.c:404:14:404:108 | ... ? ... : ... | 0.2051911 | 0.2051911 | 0.81372798 |
-| test.c:404:18:404:95 | ... ? ... : ... | 0.2051911 | 0.2051911 | 0.88745559 |
-| test.c:404:22:404:82 | ... ? ... : ... | 0.2051911 | 0.29904824 | 0.2051911 |
-| test.c:404:26:404:69 | ... ? ... : ... | 0.29904824 | 0.29904824 | 0.76242583 |
-| test.c:404:30:404:56 | ... ? ... : ... | 0.29904824 | 0.88955345 | 0.29904824 |
-| test.c:405:14:405:108 | ... ? ... : ... | 0.13204114 | 0.13204114 | 0.42762647 |
-| test.c:405:18:405:95 | ... ? ... : ... | 0.13204114 | 0.13204114 | 0.52031241 |
-| test.c:405:22:405:82 | ... ? ... : ... | 0.13204114 | 0.42186276 | 0.13204114 |
-| test.c:405:26:405:69 | ... ? ... : ... | 0.42186276 | 0.42186276 | 0.44996679 |
-| test.c:405:30:405:56 | ... ? ... : ... | 0.42186276 | 0.42186276 | 0.53843358 |
-| test.c:447:4:621:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:447:5:449:49 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:450:6:532:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:451:8:469:41 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:454:10:458:21 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:454:31:454:79 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:456:13:458:21 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:463:12:468:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:464:12:464:60 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:466:15:468:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:470:6:489:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:473:8:477:19 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:473:29:473:77 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:475:11:477:19 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:478:6:478:54 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:482:10:486:21 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:482:31:482:79 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:484:13:486:21 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:487:9:489:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:491:10:510:43 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:494:12:499:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:495:12:495:60 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:497:15:499:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:504:14:509:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:505:14:505:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:507:17:509:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:511:9:532:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:514:14:519:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:515:14:515:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:517:17:519:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:520:12:520:60 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:524:12:529:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:525:12:525:60 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:527:15:529:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:530:11:532:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:533:9:535:51 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:536:9:621:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:537:14:556:47 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:540:16:545:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:541:16:541:64 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:543:19:545:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:550:18:555:29 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:551:18:551:66 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:553:21:555:29 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:557:12:578:29 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:560:14:565:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:561:14:561:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:563:17:565:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:566:12:566:60 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:570:16:575:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:571:16:571:64 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:573:19:575:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:576:15:578:29 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:580:12:599:45 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:583:14:588:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:584:14:584:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:586:17:588:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:593:16:598:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:594:16:594:64 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:596:19:598:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:600:11:621:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:603:16:608:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:604:16:604:64 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:606:19:608:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:609:14:609:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:613:14:618:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:614:14:614:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:616:17:618:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:619:13:621:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
-| test.c:647:20:647:36 | ... ? ... : ... | 0.0 | 0.0 | 100.0 |
-| test.c:859:5:859:14 | ... ? ... : ... | 0.0 | 1.0 | 0.0 |
-| test.c:860:5:860:14 | ... ? ... : ... | 0.0 | 0.0 | 1.0 |
+| test.c:348:22:348:44 | ... ? ... : ... | 0.0 | 0.0 | 2.0 |
+| test.c:349:20:349:43 | ... ? ... : ... | 0.0 | 0.0 | 2.0 |
+| test.c:350:22:350:44 | ... ? ... : ... | 0.0 | 0.0 | 2.0 |
+| test.c:351:22:351:44 | ... ? ... : ... | 0.0 | 0.0 | 2.0 |
+| test.c:352:22:352:45 | ... ? ... : ... | 2.0 | 8.0 | 2.0 |
+| test.c:378:8:378:23 | ... ? ... : ... | 0.0 | 0.0 | 10.0 |
+| test.c:379:8:379:24 | ... ? ... : ... | 0.0 | 10.0 | 0.0 |
+| test.c:387:10:387:15 | ... ? ... : ... | 0.0 | 0.0 | 5.0 |
+| test.c:388:10:388:17 | ... ? ... : ... | 0.0 | 0.0 | 500.0 |
+| test.c:389:10:389:21 | ... ? ... : ... | 1.0 | 1.0 | 500.0 |
+| test.c:390:10:390:36 | ... ? ... : ... | 0.0 | 1.0 | 5.0 |
+| test.c:391:10:391:38 | ... ? ... : ... | 0.0 | 1.0 | 500.0 |
+| test.c:392:10:392:39 | ... ? ... : ... | 1.0 | 1.0 | 500.0 |
+| test.c:400:8:400:24 | ... ? ... : ... | 101.0 | 101.0 | 110.0 |
+| test.c:401:8:401:25 | ... ? ... : ... | 101.0 | 110.0 | 101.0 |
+| test.c:406:10:406:21 | ... ? ... : ... | 0.0 | 0.0 | 5.0 |
+| test.c:407:10:407:21 | ... ? ... : ... | 100.0 | 100.0 | 5.0 |
+| test.c:408:10:408:38 | ... ? ... : ... | 0.0 | 100.0 | 5.0 |
+| test.c:415:14:415:108 | ... ? ... : ... | 0.14333887 | 0.14333887 | 0.40496805 |
+| test.c:415:18:415:95 | ... ? ... : ... | 0.14333887 | 0.14333887 | 0.21540225 |
+| test.c:415:22:415:82 | ... ? ... : ... | 0.14333887 | 0.14333887 | 0.39206458 |
+| test.c:415:26:415:69 | ... ? ... : ... | 0.14333887 | 0.14333887 | 0.35279203 |
+| test.c:415:30:415:56 | ... ? ... : ... | 0.14333887 | 0.47438827 | 0.14333887 |
+| test.c:416:14:416:108 | ... ? ... : ... | 0.22247853 | 0.22247853 | 0.5297741 |
+| test.c:416:18:416:95 | ... ? ... : ... | 0.22247853 | 0.22247853 | 0.59270465 |
+| test.c:416:22:416:82 | ... ? ... : ... | 0.22247853 | 0.22247853 | 0.32661893 |
+| test.c:416:26:416:69 | ... ? ... : ... | 0.22247853 | 0.34183348 | 0.22247853 |
+| test.c:416:30:416:56 | ... ? ... : ... | 0.34183348 | 0.34183348 | 0.3533464 |
+| test.c:417:14:417:108 | ... ? ... : ... | 0.05121256 | 0.05121256 | 0.67981451 |
+| test.c:417:18:417:95 | ... ? ... : ... | 0.05121256 | 0.05121256 | 0.79310745 |
+| test.c:417:22:417:82 | ... ? ... : ... | 0.05121256 | 0.31235514 | 0.05121256 |
+| test.c:417:26:417:69 | ... ? ... : ... | 0.31235514 | 0.31478084 | 0.31235514 |
+| test.c:417:30:417:56 | ... ? ... : ... | 0.31478084 | 0.77429603 | 0.31478084 |
+| test.c:418:14:418:108 | ... ? ... : ... | 0.36976948 | 0.36976948 | 0.83866835 |
+| test.c:418:18:418:95 | ... ? ... : ... | 0.36976948 | 0.44729556 | 0.36976948 |
+| test.c:418:22:418:82 | ... ? ... : ... | 0.44729556 | 0.44729556 | 0.59952732 |
+| test.c:418:26:418:69 | ... ? ... : ... | 0.44729556 | 0.44729556 | 0.98997262 |
+| test.c:418:30:418:56 | ... ? ... : ... | 0.44729556 | 0.44729556 | 0.80599202 |
+| test.c:419:14:419:108 | ... ? ... : ... | 0.10597712 | 0.10597712 | 0.68734874 |
+| test.c:419:18:419:95 | ... ? ... : ... | 0.10597712 | 0.10597712 | 0.72485966 |
+| test.c:419:22:419:82 | ... ? ... : ... | 0.10597712 | 0.10597712 | 0.21778426 |
+| test.c:419:26:419:69 | ... ? ... : ... | 0.10597712 | 0.49311828 | 0.10597712 |
+| test.c:419:30:419:56 | ... ? ... : ... | 0.49311828 | 0.49311828 | 0.90389911 |
+| test.c:420:14:420:108 | ... ? ... : ... | 0.1078665 | 0.1078665 | 0.58440865 |
+| test.c:420:18:420:95 | ... ? ... : ... | 0.1078665 | 0.1078665 | 0.34808892 |
+| test.c:420:22:420:82 | ... ? ... : ... | 0.1078665 | 0.1078665 | 0.76164052 |
+| test.c:420:26:420:69 | ... ? ... : ... | 0.1078665 | 0.1078665 | 0.11884576 |
+| test.c:420:30:420:56 | ... ? ... : ... | 0.1078665 | 0.47452848 | 0.1078665 |
+| test.c:421:14:421:108 | ... ? ... : ... | 0.02524326 | 0.02524326 | 0.36232384 |
+| test.c:421:18:421:95 | ... ? ... : ... | 0.02524326 | 0.02524326 | 0.85235179 |
+| test.c:421:22:421:82 | ... ? ... : ... | 0.02524326 | 0.02524326 | 0.12516558 |
+| test.c:421:26:421:69 | ... ? ... : ... | 0.02524326 | 0.02524326 | 0.95823075 |
+| test.c:421:30:421:56 | ... ? ... : ... | 0.02524326 | 0.02524326 | 0.82905046 |
+| test.c:422:14:422:108 | ... ? ... : ... | 0.14963485 | 0.14963485 | 0.84331272 |
+| test.c:422:18:422:95 | ... ? ... : ... | 0.14963485 | 0.14963485 | 0.48640909 |
+| test.c:422:22:422:82 | ... ? ... : ... | 0.14963485 | 0.14963485 | 0.45041108 |
+| test.c:422:26:422:69 | ... ? ... : ... | 0.14963485 | 0.32876044 | 0.14963485 |
+| test.c:422:30:422:56 | ... ? ... : ... | 0.32876044 | 0.38708626 | 0.32876044 |
+| test.c:423:14:423:108 | ... ? ... : ... | 0.05328182 | 0.14800508 | 0.05328182 |
+| test.c:423:18:423:95 | ... ? ... : ... | 0.14800508 | 0.14800508 | 0.37428143 |
+| test.c:423:22:423:82 | ... ? ... : ... | 0.14800508 | 0.15755063 | 0.14800508 |
+| test.c:423:26:423:69 | ... ? ... : ... | 0.15755063 | 0.15755063 | 0.26428481 |
+| test.c:423:30:423:56 | ... ? ... : ... | 0.15755063 | 0.15755063 | 0.77086833 |
+| test.c:424:14:424:108 | ... ? ... : ... | 0.27643238 | 0.27643238 | 0.69072144 |
+| test.c:424:18:424:95 | ... ? ... : ... | 0.27643238 | 0.27643238 | 0.39468857 |
+| test.c:424:22:424:82 | ... ? ... : ... | 0.27643238 | 0.27643238 | 0.55679274 |
+| test.c:424:26:424:69 | ... ? ... : ... | 0.27643238 | 0.41736536 | 0.27643238 |
+| test.c:424:30:424:56 | ... ? ... : ... | 0.41736536 | 0.41736536 | 0.76826628 |
+| test.c:425:14:425:108 | ... ? ... : ... | 0.2051911 | 0.2051911 | 0.81372798 |
+| test.c:425:18:425:95 | ... ? ... : ... | 0.2051911 | 0.2051911 | 0.88745559 |
+| test.c:425:22:425:82 | ... ? ... : ... | 0.2051911 | 0.29904824 | 0.2051911 |
+| test.c:425:26:425:69 | ... ? ... : ... | 0.29904824 | 0.29904824 | 0.76242583 |
+| test.c:425:30:425:56 | ... ? ... : ... | 0.29904824 | 0.88955345 | 0.29904824 |
+| test.c:426:14:426:108 | ... ? ... : ... | 0.13204114 | 0.13204114 | 0.42762647 |
+| test.c:426:18:426:95 | ... ? ... : ... | 0.13204114 | 0.13204114 | 0.52031241 |
+| test.c:426:22:426:82 | ... ? ... : ... | 0.13204114 | 0.42186276 | 0.13204114 |
+| test.c:426:26:426:69 | ... ? ... : ... | 0.42186276 | 0.42186276 | 0.44996679 |
+| test.c:426:30:426:56 | ... ? ... : ... | 0.42186276 | 0.42186276 | 0.53843358 |
+| test.c:468:4:642:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:468:5:470:49 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:471:6:553:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:472:8:490:41 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:475:10:479:21 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:475:31:475:79 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:477:13:479:21 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:484:12:489:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:485:12:485:60 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:487:15:489:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:491:6:510:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:494:8:498:19 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:494:29:494:77 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:496:11:498:19 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:499:6:499:54 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:503:10:507:21 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:503:31:503:79 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:505:13:507:21 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:508:9:510:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:512:10:531:43 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:515:12:520:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:516:12:516:60 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:518:15:520:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:525:14:530:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:526:14:526:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:528:17:530:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:532:9:553:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:535:14:540:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:536:14:536:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:538:17:540:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:541:12:541:60 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:545:12:550:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:546:12:546:60 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:548:15:550:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:551:11:553:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:554:9:556:51 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:557:9:642:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:558:14:577:47 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:561:16:566:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:562:16:562:64 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:564:19:566:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:571:18:576:29 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:572:18:572:66 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:574:21:576:29 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:578:12:599:29 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:581:14:586:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:582:14:582:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:584:17:586:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:587:12:587:60 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:591:16:596:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:592:16:592:64 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:594:19:596:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:597:15:599:29 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:601:12:620:45 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:604:14:609:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:605:14:605:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:607:17:609:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:614:16:619:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:615:16:615:64 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:617:19:619:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:621:11:642:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:624:16:629:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:625:16:625:64 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:627:19:629:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:630:14:630:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:634:14:639:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:635:14:635:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:637:17:639:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:640:13:642:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
+| test.c:668:20:668:36 | ... ? ... : ... | 0.0 | 0.0 | 100.0 |
+| test.c:880:5:880:14 | ... ? ... : ... | 0.0 | 1.0 | 0.0 |
+| test.c:881:5:881:14 | ... ? ... : ... | 0.0 | 0.0 | 1.0 |
 | test.cpp:121:3:121:12 | ... ? ... : ... | 0.0 | 1.0 | 0.0 |
 | test.cpp:122:3:122:12 | ... ? ... : ... | 0.0 | 0.0 | 1.0 |

cpp/ql/test/library-tests/rangeanalysis/SimpleRangeAnalysis/ternaryUpper.expected

@@ -1,148 +1,153 @@
 | test.c:154:10:154:40 | ... ? ... : ... | 2.147483647E9 | 2.147483647E9 | -1.0 |
-| test.c:357:8:357:23 | ... ? ... : ... | 99.0 | 99.0 | 10.0 |
-| test.c:358:8:358:24 | ... ? ... : ... | 99.0 | 10.0 | 99.0 |
-| test.c:366:10:366:15 | ... ? ... : ... | 299.0 | 299.0 | 5.0 |
-| test.c:367:10:367:17 | ... ? ... : ... | 500.0 | 299.0 | 500.0 |
-| test.c:368:10:368:21 | ... ? ... : ... | 300.0 | 300.0 | 500.0 |
-| test.c:369:10:369:36 | ... ? ... : ... | 255.0 | 300.0 | 5.0 |
-| test.c:370:10:370:38 | ... ? ... : ... | 500.0 | 300.0 | 500.0 |
-| test.c:371:10:371:39 | ... ? ... : ... | 300.0 | 300.0 | 500.0 |
-| test.c:379:8:379:24 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 110.0 |
-| test.c:380:8:380:25 | ... ? ... : ... | 4.294967295E9 | 110.0 | 4.294967295E9 |
-| test.c:385:10:385:21 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 5.0 |
-| test.c:386:10:386:21 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 5.0 |
-| test.c:387:10:387:38 | ... ? ... : ... | 255.0 | 4.294967295E9 | 5.0 |
-| test.c:394:14:394:108 | ... ? ... : ... | 0.47438827 | 0.47438827 | 0.40496805 |
-| test.c:394:18:394:95 | ... ? ... : ... | 0.47438827 | 0.47438827 | 0.21540225 |
-| test.c:394:22:394:82 | ... ? ... : ... | 0.47438827 | 0.47438827 | 0.39206458 |
-| test.c:394:26:394:69 | ... ? ... : ... | 0.47438827 | 0.47438827 | 0.35279203 |
-| test.c:394:30:394:56 | ... ? ... : ... | 0.47438827 | 0.47438827 | 0.14333887 |
-| test.c:395:14:395:108 | ... ? ... : ... | 0.59270465 | 0.59270465 | 0.5297741 |
-| test.c:395:18:395:95 | ... ? ... : ... | 0.59270465 | 0.3533464 | 0.59270465 |
-| test.c:395:22:395:82 | ... ? ... : ... | 0.3533464 | 0.3533464 | 0.32661893 |
-| test.c:395:26:395:69 | ... ? ... : ... | 0.3533464 | 0.3533464 | 0.22247853 |
-| test.c:395:30:395:56 | ... ? ... : ... | 0.3533464 | 0.34183348 | 0.3533464 |
-| test.c:396:14:396:108 | ... ? ... : ... | 0.79310745 | 0.79310745 | 0.67981451 |
-| test.c:396:18:396:95 | ... ? ... : ... | 0.79310745 | 0.77429603 | 0.79310745 |
-| test.c:396:22:396:82 | ... ? ... : ... | 0.77429603 | 0.77429603 | 0.05121256 |
-| test.c:396:26:396:69 | ... ? ... : ... | 0.77429603 | 0.77429603 | 0.31235514 |
-| test.c:396:30:396:56 | ... ? ... : ... | 0.77429603 | 0.77429603 | 0.31478084 |
-| test.c:397:14:397:108 | ... ? ... : ... | 0.98997262 | 0.98997262 | 0.83866835 |
-| test.c:397:18:397:95 | ... ? ... : ... | 0.98997262 | 0.98997262 | 0.36976948 |
-| test.c:397:22:397:82 | ... ? ... : ... | 0.98997262 | 0.98997262 | 0.59952732 |
-| test.c:397:26:397:69 | ... ? ... : ... | 0.98997262 | 0.80599202 | 0.98997262 |
-| test.c:397:30:397:56 | ... ? ... : ... | 0.80599202 | 0.44729556 | 0.80599202 |
-| test.c:398:14:398:108 | ... ? ... : ... | 0.90389911 | 0.90389911 | 0.68734874 |
-| test.c:398:18:398:95 | ... ? ... : ... | 0.90389911 | 0.90389911 | 0.72485966 |
-| test.c:398:22:398:82 | ... ? ... : ... | 0.90389911 | 0.90389911 | 0.21778426 |
-| test.c:398:26:398:69 | ... ? ... : ... | 0.90389911 | 0.90389911 | 0.10597712 |
-| test.c:398:30:398:56 | ... ? ... : ... | 0.90389911 | 0.49311828 | 0.90389911 |
-| test.c:399:14:399:108 | ... ? ... : ... | 0.76164052 | 0.76164052 | 0.58440865 |
-| test.c:399:18:399:95 | ... ? ... : ... | 0.76164052 | 0.76164052 | 0.34808892 |
-| test.c:399:22:399:82 | ... ? ... : ... | 0.76164052 | 0.47452848 | 0.76164052 |
-| test.c:399:26:399:69 | ... ? ... : ... | 0.47452848 | 0.47452848 | 0.11884576 |
-| test.c:399:30:399:56 | ... ? ... : ... | 0.47452848 | 0.47452848 | 0.1078665 |
-| test.c:400:14:400:108 | ... ? ... : ... | 0.95823075 | 0.95823075 | 0.36232384 |
-| test.c:400:18:400:95 | ... ? ... : ... | 0.95823075 | 0.95823075 | 0.85235179 |
-| test.c:400:22:400:82 | ... ? ... : ... | 0.95823075 | 0.95823075 | 0.12516558 |
-| test.c:400:26:400:69 | ... ? ... : ... | 0.95823075 | 0.82905046 | 0.95823075 |
-| test.c:400:30:400:56 | ... ? ... : ... | 0.82905046 | 0.02524326 | 0.82905046 |
-| test.c:401:14:401:108 | ... ? ... : ... | 0.84331272 | 0.48640909 | 0.84331272 |
-| test.c:401:18:401:95 | ... ? ... : ... | 0.48640909 | 0.45041108 | 0.48640909 |
-| test.c:401:22:401:82 | ... ? ... : ... | 0.45041108 | 0.38708626 | 0.45041108 |
-| test.c:401:26:401:69 | ... ? ... : ... | 0.38708626 | 0.38708626 | 0.14963485 |
-| test.c:401:30:401:56 | ... ? ... : ... | 0.38708626 | 0.38708626 | 0.32876044 |
-| test.c:402:14:402:108 | ... ? ... : ... | 0.77086833 | 0.77086833 | 0.05328182 |
-| test.c:402:18:402:95 | ... ? ... : ... | 0.77086833 | 0.77086833 | 0.37428143 |
-| test.c:402:22:402:82 | ... ? ... : ... | 0.77086833 | 0.77086833 | 0.14800508 |
-| test.c:402:26:402:69 | ... ? ... : ... | 0.77086833 | 0.77086833 | 0.26428481 |
-| test.c:402:30:402:56 | ... ? ... : ... | 0.77086833 | 0.15755063 | 0.77086833 |
-| test.c:403:14:403:108 | ... ? ... : ... | 0.76826628 | 0.76826628 | 0.69072144 |
-| test.c:403:18:403:95 | ... ? ... : ... | 0.76826628 | 0.76826628 | 0.39468857 |
-| test.c:403:22:403:82 | ... ? ... : ... | 0.76826628 | 0.76826628 | 0.55679274 |
-| test.c:403:26:403:69 | ... ? ... : ... | 0.76826628 | 0.76826628 | 0.27643238 |
-| test.c:403:30:403:56 | ... ? ... : ... | 0.76826628 | 0.41736536 | 0.76826628 |
-| test.c:404:14:404:108 | ... ? ... : ... | 0.88955345 | 0.88955345 | 0.81372798 |
-| test.c:404:18:404:95 | ... ? ... : ... | 0.88955345 | 0.88955345 | 0.88745559 |
-| test.c:404:22:404:82 | ... ? ... : ... | 0.88955345 | 0.88955345 | 0.2051911 |
-| test.c:404:26:404:69 | ... ? ... : ... | 0.88955345 | 0.88955345 | 0.76242583 |
-| test.c:404:30:404:56 | ... ? ... : ... | 0.88955345 | 0.88955345 | 0.29904824 |
-| test.c:405:14:405:108 | ... ? ... : ... | 0.53843358 | 0.53843358 | 0.42762647 |
-| test.c:405:18:405:95 | ... ? ... : ... | 0.53843358 | 0.53843358 | 0.52031241 |
-| test.c:405:22:405:82 | ... ? ... : ... | 0.53843358 | 0.53843358 | 0.13204114 |
-| test.c:405:26:405:69 | ... ? ... : ... | 0.53843358 | 0.53843358 | 0.44996679 |
-| test.c:405:30:405:56 | ... ? ... : ... | 0.53843358 | 0.42186276 | 0.53843358 |
-| test.c:447:4:621:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:447:5:449:49 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:450:6:532:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:451:8:469:41 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:454:10:458:21 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:454:31:454:79 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:456:13:458:21 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:463:12:468:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:464:12:464:60 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:466:15:468:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:470:6:489:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:473:8:477:19 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:473:29:473:77 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:475:11:477:19 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:478:6:478:54 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:482:10:486:21 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:482:31:482:79 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:484:13:486:21 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:487:9:489:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:491:10:510:43 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:494:12:499:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:495:12:495:60 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:497:15:499:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:504:14:509:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:505:14:505:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:507:17:509:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:511:9:532:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:514:14:519:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:515:14:515:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:517:17:519:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:520:12:520:60 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:524:12:529:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:525:12:525:60 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:527:15:529:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:530:11:532:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:533:9:535:51 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:536:9:621:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:537:14:556:47 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:540:16:545:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:541:16:541:64 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:543:19:545:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:550:18:555:29 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:551:18:551:66 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:553:21:555:29 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:557:12:578:29 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:560:14:565:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:561:14:561:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:563:17:565:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:566:12:566:60 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:570:16:575:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:571:16:571:64 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:573:19:575:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:576:15:578:29 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:580:12:599:45 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:583:14:588:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:584:14:584:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:586:17:588:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:593:16:598:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:594:16:594:64 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:596:19:598:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:600:11:621:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:603:16:608:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:604:16:604:64 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:606:19:608:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:609:14:609:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:613:14:618:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:614:14:614:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:616:17:618:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:619:13:621:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
-| test.c:647:20:647:36 | ... ? ... : ... | 100.0 | 99.0 | 100.0 |
-| test.c:859:5:859:14 | ... ? ... : ... | 32767.0 | 32767.0 | 0.0 |
-| test.c:860:5:860:14 | ... ? ... : ... | 32767.0 | 0.0 | 32767.0 |
+| test.c:348:22:348:44 | ... ? ... : ... | 2.147483647E9 | 2.147483647E9 | 2.0 |
+| test.c:349:20:349:43 | ... ? ... : ... | 2.147483647E9 | 2.147483647E9 | 2.0 |
+| test.c:350:22:350:44 | ... ? ... : ... | 1.431655764E9 | 1.431655764E9 | 2.0 |
+| test.c:351:22:351:44 | ... ? ... : ... | 2.147483647E9 | 2.147483647E9 | 2.0 |
+| test.c:352:22:352:45 | ... ? ... : ... | 2.147483647E9 | 2.147483647E9 | 2.0 |
+| test.c:378:8:378:23 | ... ? ... : ... | 99.0 | 99.0 | 10.0 |
+| test.c:379:8:379:24 | ... ? ... : ... | 99.0 | 10.0 | 99.0 |
+| test.c:387:10:387:15 | ... ? ... : ... | 299.0 | 299.0 | 5.0 |
+| test.c:388:10:388:17 | ... ? ... : ... | 500.0 | 299.0 | 500.0 |
+| test.c:389:10:389:21 | ... ? ... : ... | 300.0 | 300.0 | 500.0 |
+| test.c:390:10:390:36 | ... ? ... : ... | 255.0 | 300.0 | 5.0 |
+| test.c:391:10:391:38 | ... ? ... : ... | 500.0 | 300.0 | 500.0 |
+| test.c:392:10:392:39 | ... ? ... : ... | 300.0 | 300.0 | 500.0 |
+| test.c:400:8:400:24 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 110.0 |
+| test.c:401:8:401:25 | ... ? ... : ... | 4.294967295E9 | 110.0 | 4.294967295E9 |
+| test.c:406:10:406:21 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 5.0 |
+| test.c:407:10:407:21 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 5.0 |
+| test.c:408:10:408:38 | ... ? ... : ... | 255.0 | 4.294967295E9 | 5.0 |
+| test.c:415:14:415:108 | ... ? ... : ... | 0.47438827 | 0.47438827 | 0.40496805 |
+| test.c:415:18:415:95 | ... ? ... : ... | 0.47438827 | 0.47438827 | 0.21540225 |
+| test.c:415:22:415:82 | ... ? ... : ... | 0.47438827 | 0.47438827 | 0.39206458 |
+| test.c:415:26:415:69 | ... ? ... : ... | 0.47438827 | 0.47438827 | 0.35279203 |
+| test.c:415:30:415:56 | ... ? ... : ... | 0.47438827 | 0.47438827 | 0.14333887 |
+| test.c:416:14:416:108 | ... ? ... : ... | 0.59270465 | 0.59270465 | 0.5297741 |
+| test.c:416:18:416:95 | ... ? ... : ... | 0.59270465 | 0.3533464 | 0.59270465 |
+| test.c:416:22:416:82 | ... ? ... : ... | 0.3533464 | 0.3533464 | 0.32661893 |
+| test.c:416:26:416:69 | ... ? ... : ... | 0.3533464 | 0.3533464 | 0.22247853 |
+| test.c:416:30:416:56 | ... ? ... : ... | 0.3533464 | 0.34183348 | 0.3533464 |
+| test.c:417:14:417:108 | ... ? ... : ... | 0.79310745 | 0.79310745 | 0.67981451 |
+| test.c:417:18:417:95 | ... ? ... : ... | 0.79310745 | 0.77429603 | 0.79310745 |
+| test.c:417:22:417:82 | ... ? ... : ... | 0.77429603 | 0.77429603 | 0.05121256 |
+| test.c:417:26:417:69 | ... ? ... : ... | 0.77429603 | 0.77429603 | 0.31235514 |
+| test.c:417:30:417:56 | ... ? ... : ... | 0.77429603 | 0.77429603 | 0.31478084 |
+| test.c:418:14:418:108 | ... ? ... : ... | 0.98997262 | 0.98997262 | 0.83866835 |
+| test.c:418:18:418:95 | ... ? ... : ... | 0.98997262 | 0.98997262 | 0.36976948 |
+| test.c:418:22:418:82 | ... ? ... : ... | 0.98997262 | 0.98997262 | 0.59952732 |
+| test.c:418:26:418:69 | ... ? ... : ... | 0.98997262 | 0.80599202 | 0.98997262 |
+| test.c:418:30:418:56 | ... ? ... : ... | 0.80599202 | 0.44729556 | 0.80599202 |
+| test.c:419:14:419:108 | ... ? ... : ... | 0.90389911 | 0.90389911 | 0.68734874 |
+| test.c:419:18:419:95 | ... ? ... : ... | 0.90389911 | 0.90389911 | 0.72485966 |
+| test.c:419:22:419:82 | ... ? ... : ... | 0.90389911 | 0.90389911 | 0.21778426 |
+| test.c:419:26:419:69 | ... ? ... : ... | 0.90389911 | 0.90389911 | 0.10597712 |
+| test.c:419:30:419:56 | ... ? ... : ... | 0.90389911 | 0.49311828 | 0.90389911 |
+| test.c:420:14:420:108 | ... ? ... : ... | 0.76164052 | 0.76164052 | 0.58440865 |
+| test.c:420:18:420:95 | ... ? ... : ... | 0.76164052 | 0.76164052 | 0.34808892 |
+| test.c:420:22:420:82 | ... ? ... : ... | 0.76164052 | 0.47452848 | 0.76164052 |
+| test.c:420:26:420:69 | ... ? ... : ... | 0.47452848 | 0.47452848 | 0.11884576 |
+| test.c:420:30:420:56 | ... ? ... : ... | 0.47452848 | 0.47452848 | 0.1078665 |
+| test.c:421:14:421:108 | ... ? ... : ... | 0.95823075 | 0.95823075 | 0.36232384 |
+| test.c:421:18:421:95 | ... ? ... : ... | 0.95823075 | 0.95823075 | 0.85235179 |
+| test.c:421:22:421:82 | ... ? ... : ... | 0.95823075 | 0.95823075 | 0.12516558 |
+| test.c:421:26:421:69 | ... ? ... : ... | 0.95823075 | 0.82905046 | 0.95823075 |
+| test.c:421:30:421:56 | ... ? ... : ... | 0.82905046 | 0.02524326 | 0.82905046 |
+| test.c:422:14:422:108 | ... ? ... : ... | 0.84331272 | 0.48640909 | 0.84331272 |
+| test.c:422:18:422:95 | ... ? ... : ... | 0.48640909 | 0.45041108 | 0.48640909 |
+| test.c:422:22:422:82 | ... ? ... : ... | 0.45041108 | 0.38708626 | 0.45041108 |
+| test.c:422:26:422:69 | ... ? ... : ... | 0.38708626 | 0.38708626 | 0.14963485 |
+| test.c:422:30:422:56 | ... ? ... : ... | 0.38708626 | 0.38708626 | 0.32876044 |
+| test.c:423:14:423:108 | ... ? ... : ... | 0.77086833 | 0.77086833 | 0.05328182 |
+| test.c:423:18:423:95 | ... ? ... : ... | 0.77086833 | 0.77086833 | 0.37428143 |
+| test.c:423:22:423:82 | ... ? ... : ... | 0.77086833 | 0.77086833 | 0.14800508 |
+| test.c:423:26:423:69 | ... ? ... : ... | 0.77086833 | 0.77086833 | 0.26428481 |
+| test.c:423:30:423:56 | ... ? ... : ... | 0.77086833 | 0.15755063 | 0.77086833 |
+| test.c:424:14:424:108 | ... ? ... : ... | 0.76826628 | 0.76826628 | 0.69072144 |
+| test.c:424:18:424:95 | ... ? ... : ... | 0.76826628 | 0.76826628 | 0.39468857 |
+| test.c:424:22:424:82 | ... ? ... : ... | 0.76826628 | 0.76826628 | 0.55679274 |
+| test.c:424:26:424:69 | ... ? ... : ... | 0.76826628 | 0.76826628 | 0.27643238 |
+| test.c:424:30:424:56 | ... ? ... : ... | 0.76826628 | 0.41736536 | 0.76826628 |
+| test.c:425:14:425:108 | ... ? ... : ... | 0.88955345 | 0.88955345 | 0.81372798 |
+| test.c:425:18:425:95 | ... ? ... : ... | 0.88955345 | 0.88955345 | 0.88745559 |
+| test.c:425:22:425:82 | ... ? ... : ... | 0.88955345 | 0.88955345 | 0.2051911 |
+| test.c:425:26:425:69 | ... ? ... : ... | 0.88955345 | 0.88955345 | 0.76242583 |
+| test.c:425:30:425:56 | ... ? ... : ... | 0.88955345 | 0.88955345 | 0.29904824 |
+| test.c:426:14:426:108 | ... ? ... : ... | 0.53843358 | 0.53843358 | 0.42762647 |
+| test.c:426:18:426:95 | ... ? ... : ... | 0.53843358 | 0.53843358 | 0.52031241 |
+| test.c:426:22:426:82 | ... ? ... : ... | 0.53843358 | 0.53843358 | 0.13204114 |
+| test.c:426:26:426:69 | ... ? ... : ... | 0.53843358 | 0.53843358 | 0.44996679 |
+| test.c:426:30:426:56 | ... ? ... : ... | 0.53843358 | 0.42186276 | 0.53843358 |
+| test.c:468:4:642:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:468:5:470:49 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:471:6:553:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:472:8:490:41 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:475:10:479:21 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:475:31:475:79 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:477:13:479:21 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:484:12:489:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:485:12:485:60 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:487:15:489:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:491:6:510:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:494:8:498:19 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:494:29:494:77 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:496:11:498:19 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:499:6:499:54 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:503:10:507:21 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:503:31:503:79 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:505:13:507:21 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:508:9:510:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:512:10:531:43 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:515:12:520:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:516:12:516:60 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:518:15:520:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:525:14:530:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:526:14:526:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:528:17:530:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:532:9:553:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:535:14:540:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:536:14:536:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:538:17:540:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:541:12:541:60 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:545:12:550:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:546:12:546:60 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:548:15:550:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:551:11:553:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:554:9:556:51 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:557:9:642:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:558:14:577:47 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:561:16:566:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:562:16:562:64 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:564:19:566:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:571:18:576:29 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:572:18:572:66 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:574:21:576:29 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:578:12:599:29 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:581:14:586:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:582:14:582:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:584:17:586:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:587:12:587:60 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:591:16:596:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:592:16:592:64 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:594:19:596:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:597:15:599:29 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:601:12:620:45 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:604:14:609:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:605:14:605:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:607:17:609:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:614:16:619:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:615:16:615:64 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:617:19:619:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:621:11:642:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:624:16:629:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:625:16:625:64 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:627:19:629:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:630:14:630:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:634:14:639:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:635:14:635:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:637:17:639:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:640:13:642:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
+| test.c:668:20:668:36 | ... ? ... : ... | 100.0 | 99.0 | 100.0 |
+| test.c:880:5:880:14 | ... ? ... : ... | 32767.0 | 32767.0 | 0.0 |
+| test.c:881:5:881:14 | ... ? ... : ... | 32767.0 | 0.0 | 32767.0 |
 | test.cpp:121:3:121:12 | ... ? ... : ... | 32767.0 | 32767.0 | 0.0 |
 | test.cpp:122:3:122:12 | ... ? ... : ... | 32767.0 | 0.0 | 32767.0 |

cpp/ql/test/library-tests/rangeanalysis/SimpleRangeAnalysis/test.c

@@ -333,6 +333,27 @@ int test_mult05(int a, int b) {
   return total;
 }
 
+// Tests for shift operators.
+unsigned long long test_shift(unsigned long long a) {
+  // `odd` is the largest odd integer that can be precisely represented by a double.
+  unsigned long long odd = 9007199254740992 - 1; // 2^53 - 1
+  // Shifting right by by 1 give an upper bound that is half of `odd` rounded down.
+  unsigned long long shifted = odd >> 1;
+
+  return shifted;
+}
+
+// Tests for bounds on integers derived from inequalities.
+unsigned int test_inequality_integer(unsigned int e) {
+  unsigned int bi1 = (2 * e + 1) > 0 ? e : 2;
+  signed int bi2 = (2 * e + 1) >= 0 ? e : 2;
+  unsigned int bi3 = (3 * e + 2) > 0 ? e : 2;
+  unsigned int bi4 = (2 * e + 1) > 0 ? e : 2;
+  unsigned int bi5 = (2 * e + 1) > 16 ? e : 2;
+
+  return bi1 + bi2 + bi3 + bi4 + bi5;
+}
+
 int test16(int x) {
   int d, i = 0;
   if (x < 0) {

cpp/ql/test/library-tests/scopes/parents/parents.expected

@@ -1,7 +1,7 @@
 | 0 | file://:0:0:0:0 | (global namespace) | file://:0:0:0:0 | __va_list_tag |
 | 0 | file://:0:0:0:0 | (global namespace) | parents.cpp:2:11:2:13 | foo |
 | 0 | file://:0:0:0:0 | (global namespace) | parents.cpp:18:3:18:3 | var |
-| 0 | file://:0:0:0:0 | (global namespace) | parents.cpp:18:7:18:7 | var |
+| 0 | file://:0:0:0:0 | (global namespace) | parents.cpp:18:3:18:5 | var |
 | 0 | file://:0:0:0:0 | (global namespace) | parents.cpp:20:5:20:5 | g |
 | 1 | file://:0:0:0:0 | __va_list_tag | file://:0:0:0:0 | fp_offset |
 | 1 | file://:0:0:0:0 | __va_list_tag | file://:0:0:0:0 | gp_offset |
@@ -22,6 +22,6 @@
 | 1 | parents.cpp:6:11:10:7 | { ... } | parents.cpp:7:9:9:9 | for(...;...;...) ... |
 | 1 | parents.cpp:6:11:10:7 | { ... } | parents.cpp:7:33:9:9 | { ... } |
 | 1 | parents.cpp:7:33:9:9 | { ... } | parents.cpp:8:15:8:15 | k |
-| 1 | parents.cpp:18:7:18:7 | var | parents.cpp:17:19:17:19 | T |
+| 1 | parents.cpp:18:3:18:5 | var | parents.cpp:17:19:17:19 | T |
 | 1 | parents.cpp:20:5:20:5 | g | parents.cpp:20:9:24:1 | { ... } |
 | 1 | parents.cpp:20:9:24:1 | { ... } | parents.cpp:21:16:21:16 | l |

cpp/ql/test/library-tests/templates/isfromtemplateinstantiation/isfromuninstantiatedtemplate.expected

@@ -121,8 +121,8 @@ isFromUninstantiatedTemplate
 | isfromtemplateinstantiation.cpp:99:1:99:1 | return ... | isfromtemplateinstantiation.cpp:77:26:77:45 | AnotherTemplateClass<T> |
 | isfromtemplateinstantiation.cpp:99:1:99:1 | return ... | isfromtemplateinstantiation.cpp:97:25:97:60 | myMethod2 |
 | isfromtemplateinstantiation.cpp:99:1:99:1 | return ... | isfromtemplateinstantiation.cpp:97:52:97:52 | myMethod2 |
-| isfromtemplateinstantiation.cpp:110:15:110:15 | definition of var_template | isfromtemplateinstantiation.cpp:110:15:110:15 | var_template |
-| isfromtemplateinstantiation.cpp:110:15:110:15 | var_template | isfromtemplateinstantiation.cpp:110:15:110:15 | var_template |
+| isfromtemplateinstantiation.cpp:110:3:110:14 | definition of var_template | isfromtemplateinstantiation.cpp:110:3:110:14 | var_template |
+| isfromtemplateinstantiation.cpp:110:3:110:14 | var_template | isfromtemplateinstantiation.cpp:110:3:110:14 | var_template |
 | isfromtemplateinstantiation.cpp:128:7:128:30 | AnotherTemplateClass<T *> | isfromtemplateinstantiation.cpp:128:7:128:30 | AnotherTemplateClass<T *> |
 | isfromtemplateinstantiation.cpp:128:7:128:30 | definition of AnotherTemplateClass<T *> | isfromtemplateinstantiation.cpp:128:7:128:30 | AnotherTemplateClass<T *> |
 | isfromtemplateinstantiation.cpp:129:6:129:6 | definition of f | isfromtemplateinstantiation.cpp:128:7:128:30 | AnotherTemplateClass<T *> |

cpp/ql/test/library-tests/templates/variables/template_variables.expected

@@ -9,19 +9,19 @@
 | variables.cpp:2:13:2:13 | pi | variables.cpp:25:12:25:16 | T |  |
 | variables.cpp:2:13:2:13 | pi | variables.cpp:25:12:25:16, variables.cpp:37:16:37:24 | float |  |
 | variables.cpp:2:13:2:13 | pi | variables.cpp:25:12:25:16, variables.cpp:38:16:38:22 | int |  |
-| variables.cpp:2:16:2:16 | pi |  | T | TemplateVariable |
+| variables.cpp:2:13:2:14 | pi |  | T | TemplateVariable |
 | variables.cpp:5:23:5:37 | pi |  | const char * |  |
 | variables.cpp:8:13:8:13 | multi_arg | variables.cpp:33:19:33:33 | S, T |  |
 | variables.cpp:8:13:8:13 | multi_arg | variables.cpp:33:19:33:33 | float, char |  |
 | variables.cpp:8:13:8:13 | multi_arg | variables.cpp:33:19:33:33 | short, long |  |
 | variables.cpp:8:13:8:13 | multi_arg | variables.cpp:40:23:40:60 | unsigned int, unsigned char |  |
 | variables.cpp:8:13:8:13 | multi_arg | variables.cpp:41:23:41:42 | int, char |  |
-| variables.cpp:8:23:8:23 | multi_arg |  | S, T | TemplateVariable |
+| variables.cpp:8:13:8:21 | multi_arg |  | S, T | TemplateVariable |
 | variables.cpp:11:3:11:3 | mutable_val | variables.cpp:26:3:26:16 | T |  |
 | variables.cpp:11:3:11:3 | mutable_val | variables.cpp:26:3:26:16 | float |  |
 | variables.cpp:11:3:11:3 | mutable_val | variables.cpp:26:3:26:16, variables.cpp:43:3:43:18 | int |  |
 | variables.cpp:11:3:11:3 | mutable_val | variables.cpp:44:3:44:19 | long |  |
-| variables.cpp:11:15:11:15 | mutable_val |  | T | TemplateVariable |
+| variables.cpp:11:3:11:13 | mutable_val |  | T | TemplateVariable |
 | variables.cpp:19:3:19:10 | bar |  | T | TemplateVariable |
 | variables.cpp:19:8:19:8 | bar | variables.cpp:27:3:27:13 | T |  |
 | variables.cpp:19:8:19:8 | bar | variables.cpp:27:3:27:13 | float |  |

cpp/ql/test/library-tests/vector_types/builtin_ops.expected

@@ -1,4 +1,4 @@
 | vector_types2.cpp:10:15:10:42 | __builtin_shuffle |
 | vector_types2.cpp:11:15:11:45 | __builtin_shuffle |
 | vector_types.cpp:31:13:31:49 | __builtin_shufflevector |
-| vector_types.cpp:58:10:58:52 | __builtin_convertvector |
+| vector_types.cpp:63:10:63:52 | __builtin_convertvector |

cpp/ql/test/library-tests/vector_types/variables.expected

@@ -34,4 +34,7 @@
 | vector_types.cpp:47:23:47:25 | dst | dst | file://:0:0:0:0 | v16i * | 8 |
 | vector_types.cpp:47:34:47:36 | src | src | file://:0:0:0:0 | v16i * | 8 |
 | vector_types.cpp:47:43:47:43 | n | n | file://:0:0:0:0 | int | 4 |
-| vector_types.cpp:57:43:57:44 | vf | vf | vector_types.cpp:55:16:55:27 | vector4float | 16 |
+| vector_types.cpp:54:20:54:22 | dst | dst | file://:0:0:0:0 | v16i * | 8 |
+| vector_types.cpp:54:31:54:34 | src1 | src1 | file://:0:0:0:0 | v16i * | 8 |
+| vector_types.cpp:54:43:54:46 | src2 | src2 | file://:0:0:0:0 | v16i * | 8 |
+| vector_types.cpp:62:43:62:44 | vf | vf | vector_types.cpp:60:16:60:27 | vector4float | 16 |

cpp/ql/test/library-tests/vector_types/vector_ops.expected

@@ -2,3 +2,5 @@
 | vector_types.cpp:21:10:21:18 | ... < ... | < | file://:0:0:0:0 | __attribute((vector_size(16))) int |
 | vector_types.cpp:51:10:51:18 | ... << ... | << | file://:0:0:0:0 | __attribute((vector_size(16))) int |
 | vector_types.cpp:51:18:51:18 | (vector fill) ... | (vector fill) | file://:0:0:0:0 | __attribute((vector_size(16))) int |
+| vector_types.cpp:55:10:55:23 | ... && ... | && | file://:0:0:0:0 | __attribute((vector_size(16))) int |
+| vector_types.cpp:56:10:56:23 | ... \|\| ... | \|\| | file://:0:0:0:0 | __attribute((vector_size(16))) int |

cpp/ql/test/library-tests/vector_types/vector_types.cpp

@@ -51,6 +51,11 @@ void shift_left(v16i *dst, v16i *src, int n) {
   *dst = *src << n;
 }
 
+void logical(v16i *dst, v16i *src1, v16i *src2) {
+  *dst = *src1 && *src2;
+  *dst = *src1 || *src2;
+}
+
 typedef double vector4double __attribute__((__vector_size__(32)));
 typedef float  vector4float  __attribute__((__vector_size__(16)));
 

cpp/ql/test/query-tests/Best Practices/SloppyGlobal/SloppyGlobal.expected

@@ -2,6 +2,6 @@
 | main.cpp:4:5:4:6 | ys | Poor global variable name 'ys'. Prefer longer, descriptive names for globals (eg. kMyGlobalConstant, not foo). |
 | main.cpp:9:5:9:6 | v1 | Poor global variable name 'v1'. Prefer longer, descriptive names for globals (eg. kMyGlobalConstant, not foo). |
 | main.cpp:10:5:10:6 | v2 | Poor global variable name 'v2'. Prefer longer, descriptive names for globals (eg. kMyGlobalConstant, not foo). |
-| main.cpp:12:5:12:5 | v3 | Poor global variable name 'v3'. Prefer longer, descriptive names for globals (eg. kMyGlobalConstant, not foo). |
-| main.cpp:14:5:14:5 | v4 | Poor global variable name 'v4'. Prefer longer, descriptive names for globals (eg. kMyGlobalConstant, not foo). |
-| main.cpp:16:5:16:5 | v5 | Poor global variable name 'v5'. Prefer longer, descriptive names for globals (eg. kMyGlobalConstant, not foo). |
+| main.cpp:12:3:12:4 | v3 | Poor global variable name 'v3'. Prefer longer, descriptive names for globals (eg. kMyGlobalConstant, not foo). |
+| main.cpp:14:3:14:4 | v4 | Poor global variable name 'v4'. Prefer longer, descriptive names for globals (eg. kMyGlobalConstant, not foo). |
+| main.cpp:16:3:16:4 | v5 | Poor global variable name 'v5'. Prefer longer, descriptive names for globals (eg. kMyGlobalConstant, not foo). |

cpp/ql/test/query-tests/Best Practices/Unused Entities/UnusedLocals/UnusedLocals.expected

@@ -2,7 +2,6 @@
 | code2.cpp:7:6:7:7 | v3 | Variable v3 is not used. |
 | code2.cpp:11:16:11:17 | v7 | Variable v7 is not used. |
 | code2.cpp:26:16:26:17 | v1 | Variable v1 is not used. |
-| code2.cpp:27:16:27:17 | v2 | Variable v2 is not used. |
 | code2.cpp:42:11:42:16 | myVar1 | Variable myVar1 is not used. |
 | code2.cpp:64:7:64:8 | v3 | Variable v3 is not used. |
 | code2.cpp:108:11:108:12 | v2 | Variable v2 is not used. |

cpp/ql/test/query-tests/Best Practices/Unused Entities/UnusedLocals/code2.cpp

@@ -24,7 +24,7 @@ void myFunction()
 void test_template_parameter()
 {
 	constexpr int v1 = 0; // BAD: unused
-	constexpr int v2 = 0; // GOOD: used as a template parameter below [FALSE POSITIVE]
+	constexpr int v2 = 0; // GOOD: used as a template parameter below
 
 	myFunction<v2>();
 }

cpp/ql/test/query-tests/Critical/UnsafeUseOfThis/UnsafeUseOfThis.expected

@@ -6,6 +6,7 @@ edges
 | test.cpp:12:5:12:5 | b | test.cpp:12:5:12:5 | (reference dereference) |
 | test.cpp:15:3:15:4 | ~B | test.cpp:16:5:16:5 | this |
 | test.cpp:16:5:16:5 | this | file://:0:0:0:0 | (A *)... |
+| test.cpp:21:3:21:3 | C | test.cpp:21:3:21:3 | C |
 | test.cpp:21:3:21:3 | C | test.cpp:21:13:21:13 | call to B |
 | test.cpp:21:3:21:3 | C | test.cpp:22:12:22:15 | this |
 | test.cpp:21:3:21:3 | C | test.cpp:25:7:25:10 | this |
@@ -35,6 +36,7 @@ nodes
 | test.cpp:15:3:15:4 | ~B | semmle.label | ~B |
 | test.cpp:16:5:16:5 | this | semmle.label | this |
 | test.cpp:21:3:21:3 | C | semmle.label | C |
+| test.cpp:21:3:21:3 | C | semmle.label | C |
 | test.cpp:21:13:21:13 | call to B | semmle.label | call to B |
 | test.cpp:22:12:22:15 | (B *)... | semmle.label | (B *)... |
 | test.cpp:22:12:22:15 | this | semmle.label | this |

cpp/ql/test/query-tests/Likely Bugs/Arithmetic/PointlessComparison/PointlessComparison.cpp

@@ -38,8 +38,8 @@ int extreme_values(void)
 	if (x >> 1 >= 0x7FFFFFFFFFFFFFFF) {} // always true [NOT DETECTED]
 	if (x >> 1 >= 0xFFFFFFFFFFFFFFF) {} // always true [NOT DETECTED]
 
-	if (y >> 1 >= 0xFFFFFFFFFFFF) {} // always false [INCORRECT MESSAGE]
-	if (y >> 1 >= 0x800000000000) {} // always false [INCORRECT MESSAGE]
-	if (y >> 1 >= 0x7FFFFFFFFFFF) {} // always true [INCORRECT MESSAGE]
-	if (y >> 1 >= 0xFFFFFFFFFFF) {} // always true [INCORRECT MESSAGE]
+	if (y >> 1 >= 0xFFFFFFFFFFFF) {} // always false
+	if (y >> 1 >= 0x800000000000) {} // always false
+	if (y >> 1 >= 0x7FFFFFFFFFFF) {} // always true
+	if (y >> 1 >= 0xFFFFFFFFFFF) {} // always true
 }

cpp/ql/test/query-tests/Likely Bugs/Arithmetic/PointlessComparison/PointlessComparison.expected

@@ -45,9 +45,9 @@
 | PointlessComparison.c:391:12:391:20 | ... < ... | Comparison is always false because ... * ... >= 6. |
 | PointlessComparison.c:414:7:414:16 | ... == ... | Comparison is always false because ... * ... >= 18446744073709551616. |
 | PointlessComparison.cpp:36:6:36:33 | ... >= ... | Comparison is always false because ... >> ... <= 9223372036854775808. |
-| PointlessComparison.cpp:41:6:41:29 | ... >= ... | Comparison is always false because ... >> ... <= 140737488355327.5. |
-| PointlessComparison.cpp:42:6:42:29 | ... >= ... | Comparison is always false because ... >> ... <= 140737488355327.5. |
-| PointlessComparison.cpp:43:6:43:29 | ... >= ... | Comparison is always true because ... >> ... >= 140737488355327.5. |
-| PointlessComparison.cpp:44:6:44:28 | ... >= ... | Comparison is always true because ... >> ... >= 140737488355327.5. |
+| PointlessComparison.cpp:41:6:41:29 | ... >= ... | Comparison is always false because ... >> ... <= 140737488355327. |
+| PointlessComparison.cpp:42:6:42:29 | ... >= ... | Comparison is always false because ... >> ... <= 140737488355327. |
+| PointlessComparison.cpp:43:6:43:29 | ... >= ... | Comparison is always true because ... >> ... >= 140737488355327. |
+| PointlessComparison.cpp:44:6:44:28 | ... >= ... | Comparison is always true because ... >> ... >= 140737488355327. |
 | RegressionTests.cpp:57:7:57:22 | ... <= ... | Comparison is always true because * ... <= 4294967295. |
 | Templates.cpp:9:10:9:24 | ... <= ... | Comparison is always true because local <= 32767. |

cpp/ql/test/query-tests/Likely Bugs/Arithmetic/PointlessComparison/RegressionTests.cpp

@@ -124,3 +124,43 @@ void testTempObject() {
   f(&x);
   if (x > 0) {} // GOOD [NO LONGER REPORTED]
 }
+
+void staticAssert() {
+  static const int a = 42;
+  static const int b = 43;
+  static_assert(a < b + 0, ""); // GOOD
+}
+
+constexpr int global_1 = 42;
+constexpr int global_2 = global_1 < 2 * sizeof(int*) ? 43 : 2 * sizeof(int*); // GOOD
+
+static const int global_3 = 42;
+static const int global_4 = global_3 < 2 * sizeof(int*) ? 43 : 2 * sizeof(int*); // GOOD
+
+template<unsigned int p, unsigned int n, bool = ((2u * n) < p)>
+struct templateCompare : public templateCompare<p, 2u * n>  // GOOD
+{ };
+
+template< unsigned int p, unsigned int n>
+struct templateCompare< p, n, false>
+{
+  static const unsigned int v = n;
+};
+
+unsigned int templateCompare_x = templateCompare<42, 42>::v;
+
+template<int n>
+struct someType {
+  typedef someType<((n - 4) < 0 ? 0 : n - 4)> b;  // GOOD
+};
+
+someType<42>::b someType_x;
+
+struct A_Struct {
+  int x;
+  int y;
+};
+
+enum E {
+  E_e = sizeof(A_Struct) * 8 > 50 // GOOD
+};

csharp/.config/dotnet-tools.json

@@ -3,7 +3,7 @@
   "isRoot": true,
   "tools": {
     "paket": {
-      "version": "9.0.2",
+      "version": "10.0.0-alpha011",
       "commands": [
         "paket"
       ]

csharp/.vscode/launch.json

@@ -6,7 +6,7 @@
             "type": "coreclr",
             "request": "launch",
             "preLaunchTask": "dotnet: build",
-            "program": "${workspaceFolder}/extractor/Semmle.Extraction.CSharp.Standalone/bin/Debug/net9.0/Semmle.Extraction.CSharp.Standalone.dll",
+            "program": "${workspaceFolder}/extractor/Semmle.Extraction.CSharp.Standalone/bin/Debug/net10.0/Semmle.Extraction.CSharp.Standalone.dll",
             "args": [],
             // Set the path to the folder that should be extracted:
             "cwd": "${workspaceFolder}/ql/test/library-tests/standalone/standalonemode",
@@ -35,7 +35,7 @@
             "type": "coreclr",
             "request": "launch",
             "preLaunchTask": "dotnet: build",
-            "program": "${workspaceFolder}/autobuilder/Semmle.Autobuild.CSharp/bin/Debug/net9.0/Semmle.Autobuild.CSharp.dll",
+            "program": "${workspaceFolder}/autobuilder/Semmle.Autobuild.CSharp/bin/Debug/net10.0/Semmle.Autobuild.CSharp.dll",
             // Set the path to the folder that should be extracted:
             "cwd": "${workspaceFolder}/ql/integration-tests/all-platforms/autobuild",
             "stopAtEntry": true,
@@ -53,7 +53,7 @@
             "type": "coreclr",
             "request": "launch",
             "preLaunchTask": "dotnet: build",
-            "program": "${workspaceFolder}/extractor/Semmle.Extraction.CSharp.Driver/bin/Debug/net9.0/Semmle.Extraction.CSharp.Driver.dll",
+            "program": "${workspaceFolder}/extractor/Semmle.Extraction.CSharp.Driver/bin/Debug/net10.0/Semmle.Extraction.CSharp.Driver.dll",
             "stopAtEntry": true,
             "args": [
                 "--binlog",
@@ -66,7 +66,7 @@
             "type": "coreclr",
             "request": "launch",
             "preLaunchTask": "dotnet: build",
-            "program": "${workspaceFolder}/extractor/Semmle.Extraction.CSharp.Driver/bin/Debug/net9.0/Semmle.Extraction.CSharp.Driver.dll",
+            "program": "${workspaceFolder}/extractor/Semmle.Extraction.CSharp.Driver/bin/Debug/net10.0/Semmle.Extraction.CSharp.Driver.dll",
             // Set the path to the folder that should be extracted:
             "cwd": "${workspaceFolder}/ql/test/library-tests/dataflow/local",
             "args": [

csharp/.vscode/settings.json

@@ -10,5 +10,5 @@
     "omnisharp.enableRoslynAnalyzers": true,
     "csharpFormatUsings.splitGroups": false,
     "csharpFormatUsings.sortOrder": "Xunit System Microsoft Semmle.Util Semmle",
-    "dotnet.defaultSolution": "CSharp.sln"
-}
+    "dotnet.defaultSolution": "CSharp.slnx"
+}

csharp/CSharp.sln

@@ -1,118 +0,0 @@
-Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio 15
-VisualStudioVersion = 15.0.27130.2036
-MinimumVisualStudioVersion = 10.0.40219.1
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Semmle.Util", "extractor\Semmle.Util\Semmle.Util.csproj", "{CDD7AD69-0FD8-40F0-A9DA-F1077A2A85D6}"
-EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Semmle.Extraction.CSharp", "extractor\Semmle.Extraction.CSharp\Semmle.Extraction.CSharp.csproj", "{C4D62DA0-B64B-440B-86DC-AB52318CB8BF}"
-EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Semmle.Extraction.CSharp.DependencyFetching", "extractor\Semmle.Extraction.CSharp.DependencyFetching\Semmle.Extraction.CSharp.DependencyFetching.csproj", "{541D1AC5-E42C-4AB2-A1A4-C2355CE2A2EF}"
-EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Semmle.Extraction.CSharp.Standalone", "extractor\Semmle.Extraction.CSharp.Standalone\Semmle.Extraction.CSharp.Standalone.csproj", "{D00E7D25-0FA0-48EC-B048-CD60CE1B30D8}"
-EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Semmle.Extraction.CSharp.StubGenerator", "extractor\Semmle.Extraction.CSharp.StubGenerator\Semmle.Extraction.CSharp.StubGenerator.csproj", "{B7C9FD47-A78C-4C20-AC29-B0AE638ADE9D}"
-EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Semmle.Extraction.CSharp.Util", "extractor\Semmle.Extraction.CSharp.Util\Semmle.Extraction.CSharp.Util.csproj", "{998A0D4C-8BFC-4513-A28D-4816AFB89882}"
-EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Semmle.Extraction.CSharp.Driver", "extractor\Semmle.Extraction.CSharp.Driver\Semmle.Extraction.CSharp.Driver.csproj", "{C36453BF-0C82-448A-B15D-26947503A2D3}"
-EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Semmle.Extraction.Tests", "extractor\Semmle.Extraction.Tests\Semmle.Extraction.Tests.csproj", "{CD8D3F90-AD2E-4BB5-8E82-B94AA293864A}"
-EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Semmle.Util.Tests", "extractor\Semmle.Util.Tests\Semmle.Util.Tests.csproj", "{55A620F0-23F6-440D-A5BA-0567613B3C0F}"
-EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Semmle.Autobuild.Shared", "autobuilder\Semmle.Autobuild.Shared\Semmle.Autobuild.Shared.csproj", "{133F2B5B-FD25-4BD9-B34C-062CC6BB4178}"
-EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Semmle.Autobuild.CSharp", "autobuilder\Semmle.Autobuild.CSharp\Semmle.Autobuild.CSharp.csproj", "{F3C07863-3759-4A0B-B777-8A0E0FDB1A41}"
-EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Semmle.Autobuild.CSharp.Tests", "autobuilder\Semmle.Autobuild.CSharp.Tests\Semmle.Autobuild.CSharp.Tests.csproj", "{34256E8F-866A-46C1-800E-3DF69FD1DCB7}"
-EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Semmle.Extraction.CSharp.DependencyStubGenerator", "extractor\Semmle.Extraction.CSharp.DependencyStubGenerator\Semmle.Extraction.CSharp.DependencyStubGenerator.csproj", "{0EDA21A3-ADD8-4C10-B494-58B12B526B76}"
-EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Semmle.Autobuild.Cpp", "autobuilder\Semmle.Autobuild.Cpp\Semmle.Autobuild.Cpp.csproj", "{125C4FB7-34DA-442A-9095-3EA1514270CD}"
-EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Semmle.Autobuild.Cpp.Tests", "autobuilder\Semmle.Autobuild.Cpp.Tests\Semmle.Autobuild.Cpp.Tests.csproj", "{72F369B7-0707-401A-802F-D526F272F9EE}"
-EndProject
-Global
-	GlobalSection(SolutionConfigurationPlatforms) = preSolution
-		Debug|Any CPU = Debug|Any CPU
-		Release|Any CPU = Release|Any CPU
-	EndGlobalSection
-	GlobalSection(ProjectConfigurationPlatforms) = postSolution
-		{CDD7AD69-0FD8-40F0-A9DA-F1077A2A85D6}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{CDD7AD69-0FD8-40F0-A9DA-F1077A2A85D6}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{CDD7AD69-0FD8-40F0-A9DA-F1077A2A85D6}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{CDD7AD69-0FD8-40F0-A9DA-F1077A2A85D6}.Release|Any CPU.Build.0 = Release|Any CPU
-		{81EAAD75-4BE1-44E4-91DF-20778216DB64}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{81EAAD75-4BE1-44E4-91DF-20778216DB64}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{81EAAD75-4BE1-44E4-91DF-20778216DB64}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{81EAAD75-4BE1-44E4-91DF-20778216DB64}.Release|Any CPU.Build.0 = Release|Any CPU
-		{C4D62DA0-B64B-440B-86DC-AB52318CB8BF}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{C4D62DA0-B64B-440B-86DC-AB52318CB8BF}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{C4D62DA0-B64B-440B-86DC-AB52318CB8BF}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{C4D62DA0-B64B-440B-86DC-AB52318CB8BF}.Release|Any CPU.Build.0 = Release|Any CPU
-		{399A1579-68F0-40F4-9A23-F241BA697F9C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{399A1579-68F0-40F4-9A23-F241BA697F9C}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{399A1579-68F0-40F4-9A23-F241BA697F9C}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{399A1579-68F0-40F4-9A23-F241BA697F9C}.Release|Any CPU.Build.0 = Release|Any CPU
-		{541D1AC5-E42C-4AB2-A1A4-C2355CE2A2EF}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{541D1AC5-E42C-4AB2-A1A4-C2355CE2A2EF}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{541D1AC5-E42C-4AB2-A1A4-C2355CE2A2EF}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{541D1AC5-E42C-4AB2-A1A4-C2355CE2A2EF}.Release|Any CPU.Build.0 = Release|Any CPU
-		{D00E7D25-0FA0-48EC-B048-CD60CE1B30D8}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{D00E7D25-0FA0-48EC-B048-CD60CE1B30D8}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{D00E7D25-0FA0-48EC-B048-CD60CE1B30D8}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{D00E7D25-0FA0-48EC-B048-CD60CE1B30D8}.Release|Any CPU.Build.0 = Release|Any CPU
-		{EFA400B3-C1CE-446F-A4E2-8B44E61EF47C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{EFA400B3-C1CE-446F-A4E2-8B44E61EF47C}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{EFA400B3-C1CE-446F-A4E2-8B44E61EF47C}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{EFA400B3-C1CE-446F-A4E2-8B44E61EF47C}.Release|Any CPU.Build.0 = Release|Any CPU
-		{C36453BF-0C82-448A-B15D-26947503A2D3}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{C36453BF-0C82-448A-B15D-26947503A2D3}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{C36453BF-0C82-448A-B15D-26947503A2D3}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{C36453BF-0C82-448A-B15D-26947503A2D3}.Release|Any CPU.Build.0 = Release|Any CPU
-		{CD8D3F90-AD2E-4BB5-8E82-B94AA293864A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{CD8D3F90-AD2E-4BB5-8E82-B94AA293864A}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{CD8D3F90-AD2E-4BB5-8E82-B94AA293864A}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{55A620F0-23F6-440D-A5BA-0567613B3C0F}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{55A620F0-23F6-440D-A5BA-0567613B3C0F}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{55A620F0-23F6-440D-A5BA-0567613B3C0F}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{133F2B5B-FD25-4BD9-B34C-062CC6BB4178}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{133F2B5B-FD25-4BD9-B34C-062CC6BB4178}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{133F2B5B-FD25-4BD9-B34C-062CC6BB4178}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{133F2B5B-FD25-4BD9-B34C-062CC6BB4178}.Release|Any CPU.Build.0 = Release|Any CPU
-		{F3C07863-3759-4A0B-B777-8A0E0FDB1A41}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{F3C07863-3759-4A0B-B777-8A0E0FDB1A41}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{F3C07863-3759-4A0B-B777-8A0E0FDB1A41}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{F3C07863-3759-4A0B-B777-8A0E0FDB1A41}.Release|Any CPU.Build.0 = Release|Any CPU
-		{34256E8F-866A-46C1-800E-3DF69FD1DCB7}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{34256E8F-866A-46C1-800E-3DF69FD1DCB7}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{34256E8F-866A-46C1-800E-3DF69FD1DCB7}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{34256E8F-866A-46C1-800E-3DF69FD1DCB7}.Release|Any CPU.Build.0 = Release|Any CPU
-		{B7C9FD47-A78C-4C20-AC29-B0AE638ADE9D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{B7C9FD47-A78C-4C20-AC29-B0AE638ADE9D}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{B7C9FD47-A78C-4C20-AC29-B0AE638ADE9D}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{B7C9FD47-A78C-4C20-AC29-B0AE638ADE9D}.Release|Any CPU.Build.0 = Release|Any CPU
-		{998A0D4C-8BFC-4513-A28D-4816AFB89882}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{998A0D4C-8BFC-4513-A28D-4816AFB89882}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{998A0D4C-8BFC-4513-A28D-4816AFB89882}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{998A0D4C-8BFC-4513-A28D-4816AFB89882}.Release|Any CPU.Build.0 = Release|Any CPU
-		{0EDA21A3-ADD8-4C10-B494-58B12B526B76}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{0EDA21A3-ADD8-4C10-B494-58B12B526B76}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{0EDA21A3-ADD8-4C10-B494-58B12B526B76}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{0EDA21A3-ADD8-4C10-B494-58B12B526B76}.Release|Any CPU.Build.0 = Release|Any CPU
-		{125C4FB7-34DA-442A-9095-3EA1514270CD}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{125C4FB7-34DA-442A-9095-3EA1514270CD}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{125C4FB7-34DA-442A-9095-3EA1514270CD}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{125C4FB7-34DA-442A-9095-3EA1514270CD}.Release|Any CPU.Build.0 = Release|Any CPU
-		{72F369B7-0707-401A-802F-D526F272F9EE}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{72F369B7-0707-401A-802F-D526F272F9EE}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{72F369B7-0707-401A-802F-D526F272F9EE}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{72F369B7-0707-401A-802F-D526F272F9EE}.Release|Any CPU.Build.0 = Release|Any CPU
-	EndGlobalSection
-	GlobalSection(SolutionProperties) = preSolution
-		HideSolutionNode = FALSE
-	EndGlobalSection
-	GlobalSection(ExtensibilityGlobals) = postSolution
-		SolutionGuid = {E2B2BAC0-D55C-45DB-8CB3-8CEBA86FB547}
-	EndGlobalSection
-EndGlobal

csharp/CSharp.slnx

@@ -0,0 +1,25 @@
+<Solution>
+  <Project Path="autobuilder/Semmle.Autobuild.Cpp.Tests/Semmle.Autobuild.Cpp.Tests.csproj">
+    <Build Solution="Release|*" Project="false" />
+  </Project>
+  <Project Path="autobuilder/Semmle.Autobuild.Cpp/Semmle.Autobuild.Cpp.csproj" />
+  <Project Path="autobuilder/Semmle.Autobuild.CSharp.Tests/Semmle.Autobuild.CSharp.Tests.csproj">
+    <Build Solution="Release|*" Project="false" />
+  </Project>
+  <Project Path="autobuilder/Semmle.Autobuild.CSharp/Semmle.Autobuild.CSharp.csproj" />
+  <Project Path="autobuilder/Semmle.Autobuild.Shared/Semmle.Autobuild.Shared.csproj" />
+  <Project Path="extractor/Semmle.Extraction.CSharp.DependencyFetching/Semmle.Extraction.CSharp.DependencyFetching.csproj" />
+  <Project Path="extractor/Semmle.Extraction.CSharp.DependencyStubGenerator/Semmle.Extraction.CSharp.DependencyStubGenerator.csproj" />
+  <Project Path="extractor/Semmle.Extraction.CSharp.Driver/Semmle.Extraction.CSharp.Driver.csproj" />
+  <Project Path="extractor/Semmle.Extraction.CSharp.Standalone/Semmle.Extraction.CSharp.Standalone.csproj" />
+  <Project Path="extractor/Semmle.Extraction.CSharp.StubGenerator/Semmle.Extraction.CSharp.StubGenerator.csproj" />
+  <Project Path="extractor/Semmle.Extraction.CSharp.Util/Semmle.Extraction.CSharp.Util.csproj" />
+  <Project Path="extractor/Semmle.Extraction.CSharp/Semmle.Extraction.CSharp.csproj" />
+  <Project Path="extractor/Semmle.Extraction.Tests/Semmle.Extraction.Tests.csproj">
+    <Build Solution="Release|*" Project="false" />
+  </Project>
+  <Project Path="extractor/Semmle.Util.Tests/Semmle.Util.Tests.csproj">
+    <Build Solution="Release|*" Project="false" />
+  </Project>
+  <Project Path="extractor/Semmle.Util/Semmle.Util.csproj" />
+</Solution>

csharp/Directory.Build.props

@@ -1,7 +1,7 @@
 <Project>
 
   <PropertyGroup>
-    <TargetFramework>net9.0</TargetFramework>
+    <TargetFramework>net10.0</TargetFramework>
     <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
     <Nullable>enable</Nullable>
     <AllowUnsafeBlocks>true</AllowUnsafeBlocks>

csharp/actions/create-extractor-pack/action.yml

@@ -7,7 +7,7 @@ runs:
     - name: Setup dotnet
       uses: actions/setup-dotnet@v4
       with:
-        dotnet-version: 9.0.300
+        dotnet-version: 10.0.100
     - name: Build Extractor
       shell: bash
       run: scripts/create-extractor-pack.sh

csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/BUILD.bazel

@@ -13,6 +13,5 @@ codeql_xunit_test(
         "//csharp/autobuilder/Semmle.Autobuild.CSharp:bin/Semmle.Autobuild.CSharp",
         "//csharp/autobuilder/Semmle.Autobuild.Shared",
         "@paket.main//microsoft.net.test.sdk",
-        "@paket.main//system.io.filesystem",
     ],
 )

csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/paket.references

@@ -1,4 +1,3 @@
-System.IO.FileSystem
 xunit
 xunit.runner.visualstudio
 Microsoft.NET.Test.Sdk

csharp/autobuilder/Semmle.Autobuild.CSharp/DotNetRule.cs

@@ -48,7 +48,7 @@ namespace Semmle.Autobuild.CSharp
                 {
                     // When a custom .NET CLI has been installed, `dotnet --info` has already been executed
                     // to verify the installation.
-                    var ret = dotNetPath is null ? GetInfoCommand(builder.Actions, dotNetPath, environment) : BuildScript.Success;
+                    var ret = dotNetPath is null ? DotNet.InfoScript(builder.Actions, DotNetCommand(builder.Actions, dotNetPath), environment, builder.Logger) : BuildScript.Success;
                     foreach (var projectOrSolution in builder.ProjectsOrSolutionsToBuild)
                     {
                         var cleanCommand = GetCleanCommand(builder.Actions, dotNetPath, environment);
@@ -111,14 +111,6 @@ namespace Semmle.Autobuild.CSharp
         private static string DotNetCommand(IBuildActions actions, string? dotNetPath) =>
             dotNetPath is not null ? actions.PathCombine(dotNetPath, "dotnet") : "dotnet";
 
-        private static BuildScript GetInfoCommand(IBuildActions actions, string? dotNetPath, IDictionary<string, string>? environment)
-        {
-            var info = new CommandBuilder(actions, null, environment).
-                RunCommand(DotNetCommand(actions, dotNetPath)).
-                Argument("--info");
-            return info.Script;
-        }
-
         private static CommandBuilder GetCleanCommand(IBuildActions actions, string? dotNetPath, IDictionary<string, string>? environment)
         {
             var clean = new CommandBuilder(actions, null, environment).

csharp/autobuilder/Semmle.Autobuild.Cpp.Tests/BUILD.bazel

@@ -13,6 +13,5 @@ codeql_xunit_test(
         "//csharp/autobuilder/Semmle.Autobuild.Cpp:bin/Semmle.Autobuild.Cpp",
         "//csharp/autobuilder/Semmle.Autobuild.Shared",
         "@paket.main//microsoft.net.test.sdk",
-        "@paket.main//system.io.filesystem",
     ],
 )

csharp/autobuilder/Semmle.Autobuild.Cpp.Tests/paket.references

@@ -1,4 +1,3 @@
-System.IO.FileSystem
 xunit
 xunit.runner.visualstudio
 Microsoft.NET.Test.Sdk

csharp/autobuilder/Semmle.Autobuild.Shared/Autobuilder.cs

@@ -182,8 +182,16 @@ namespace Semmle.Autobuild.Shared
                 if (ret is not null)
                     return ret;
 
+                // Then look for language specific solution files, e.g. `.slnx` files
+                if (Options.Language.SolutionExtension is string solutionExtension)
+                {
+                    ret = FindFiles(solutionExtension, f => new Solution<TAutobuildOptions>(this, f, false))?.ToList();
+                    if (ret is not null)
+                        return ret;
+                }
+
                 // Finally look for language specific project files, e.g. `.csproj` files
-                ret = FindFiles(this.Options.Language.ProjectExtension, f => new Project<TAutobuildOptions>(this, f))?.ToList();
+                ret = FindFiles(Options.Language.ProjectExtension, f => new Project<TAutobuildOptions>(this, f))?.ToList();
                 return ret ?? new List<IProjectOrSolution>();
             });
 

csharp/autobuilder/Semmle.Autobuild.Shared/BUILD.bazel

@@ -12,5 +12,6 @@ codeql_csharp_library(
     deps = [
         "//csharp/extractor/Semmle.Util",
         "@paket.main//microsoft.build",
+        "@paket.main//microsoft.visualstudio.solutionpersistence",
     ],
 )

csharp/autobuilder/Semmle.Autobuild.Shared/Solution.cs

@@ -4,12 +4,11 @@ using System.IO;
 using System.Linq;
 using Microsoft.Build.Construction;
 using Microsoft.Build.Exceptions;
-using Semmle.Util.Logging;
 
 namespace Semmle.Autobuild.Shared
 {
     /// <summary>
-    /// A solution file, extension .sln.
+    /// A solution file, extension .sln or .slnx.
     /// </summary>
     public interface ISolution : IProjectOrSolution
     {

csharp/autobuilder/Semmle.Autobuild.Shared/paket.references

@@ -1 +1,2 @@
 Microsoft.Build
+Microsoft.VisualStudio.SolutionPersistence

csharp/documentation/library-coverage/coverage.csv

@@ -2,13 +2,13 @@ package,sink,source,summary,sink:code-injection,sink:encryption-decryptor,sink:e
 Amazon.Lambda.APIGatewayEvents,,6,,,,,,,,,,,,,,,,,6,,,,
 Amazon.Lambda.Core,10,,,,,,,,,,,10,,,,,,,,,,,
 Dapper,55,42,1,,,,,,,,,,55,,42,,,,,,,,1
-ILCompiler,,,121,,,,,,,,,,,,,,,,,,,77,44
-ILLink.RoslynAnalyzer,,,107,,,,,,,,,,,,,,,,,,,31,76
-ILLink.Shared,,,37,,,,,,,,,,,,,,,,,,,9,28
+ILCompiler,,,132,,,,,,,,,,,,,,,,,,,81,51
+ILLink.RoslynAnalyzer,,,110,,,,,,,,,,,,,,,,,,,31,79
+ILLink.Shared,,,45,,,,,,,,,,,,,,,,,,,17,28
 ILLink.Tasks,,,5,,,,,,,,,,,,,,,,,,,4,1
-Internal.IL,,,54,,,,,,,,,,,,,,,,,,,28,26
+Internal.IL,,,68,,,,,,,,,,,,,,,,,,,41,27
 Internal.Pgo,,,9,,,,,,,,,,,,,,,,,,,2,7
-Internal.TypeSystem,,,343,,,,,,,,,,,,,,,,,,,197,146
+Internal.TypeSystem,,,365,,,,,,,,,,,,,,,,,,,216,149
 Microsoft.ApplicationBlocks.Data,28,,,,,,,,,,,,28,,,,,,,,,,
 Microsoft.AspNetCore.Components,2,4,2,,,,,,,2,,,,,,,,,4,,,1,1
 Microsoft.AspNetCore.Http,,,1,,,,,,,,,,,,,,,,,,,1,
@@ -21,27 +21,28 @@ Microsoft.DotNet.Build.Tasks,,,11,,,,,,,,,,,,,,,,,,,9,2
 Microsoft.DotNet.PlatformAbstractions,,,1,,,,,,,,,,,,,,,,,,,1,
 Microsoft.EntityFrameworkCore,6,,12,,,,,,,,,,6,,,,,,,,,,12
 Microsoft.Extensions.Caching.Distributed,,,3,,,,,,,,,,,,,,,,,,,,3
-Microsoft.Extensions.Caching.Memory,,,37,,,,,,,,,,,,,,,,,,,5,32
-Microsoft.Extensions.Configuration,,3,118,,,,,,,,,,,,,3,,,,,,39,79
-Microsoft.Extensions.DependencyInjection,,,209,,,,,,,,,,,,,,,,,,,15,194
-Microsoft.Extensions.DependencyModel,,1,57,,,,,,,,,,,,,1,,,,,,13,44
+Microsoft.Extensions.Caching.Memory,,,35,,,,,,,,,,,,,,,,,,,5,30
+Microsoft.Extensions.Configuration,,3,133,,,,,,,,,,,,,3,,,,,,45,88
+Microsoft.Extensions.DependencyInjection,,,187,,,,,,,,,,,,,,,,,,,22,165
+Microsoft.Extensions.DependencyModel,,1,58,,,,,,,,,,,,,1,,,,,,13,45
 Microsoft.Extensions.Diagnostics.Metrics,,,14,,,,,,,,,,,,,,,,,,,1,13
 Microsoft.Extensions.FileProviders,,,18,,,,,,,,,,,,,,,,,,,8,10
-Microsoft.Extensions.FileSystemGlobbing,,,37,,,,,,,,,,,,,,,,,,,13,24
-Microsoft.Extensions.Hosting,,,61,,,,,,,,,,,,,,,,,,,29,32
+Microsoft.Extensions.FileSystemGlobbing,,,37,,,,,,,,,,,,,,,,,,,14,23
+Microsoft.Extensions.Hosting,,,60,,,,,,,,,,,,,,,,,,,28,32
 Microsoft.Extensions.Http,,,9,,,,,,,,,,,,,,,,,,,7,2
-Microsoft.Extensions.Logging,,,107,,,,,,,,,,,,,,,,,,,26,81
-Microsoft.Extensions.Options,,,174,,,,,,,,,,,,,,,,,,,48,126
+Microsoft.Extensions.Logging,,,110,,,,,,,,,,,,,,,,,,,29,81
+Microsoft.Extensions.Options,,,175,,,,,,,,,,,,,,,,,,,41,134
 Microsoft.Extensions.Primitives,,,75,,,,,,,,,,,,,,,,,,,68,7
-Microsoft.Interop,,,216,,,,,,,,,,,,,,,,,,,71,145
+Microsoft.Interop,,,220,,,,,,,,,,,,,,,,,,,74,146
 Microsoft.JSInterop,2,,,,,,,,,,2,,,,,,,,,,,,
 Microsoft.NET.Build.Tasks,,,5,,,,,,,,,,,,,,,,,,,3,2
 Microsoft.VisualBasic,,,6,,,,,,,,,,,,,,,,,,,1,5
 Microsoft.Win32,,4,2,,,,,,,,,,,,,,,,,,4,,2
-Mono.Linker,,,278,,,,,,,,,,,,,,,,,,,127,151
+Mono.Linker,,,370,,,,,,,,,,,,,,,,,,,218,152
 MySql.Data.MySqlClient,48,,,,,,,,,,,,48,,,,,,,,,,
+NHibernate,3,,,,,,,,,,,,3,,,,,,,,,,
 Newtonsoft.Json,,,91,,,,,,,,,,,,,,,,,,,73,18
 ServiceStack,194,,7,27,,,,,75,,,,92,,,,,,,,,7,
 SourceGenerators,,,5,,,,,,,,,,,,,,,,,,,,5
-System,54,47,12241,,6,5,5,,,4,1,,33,2,,6,15,17,4,3,,6003,6238
+System,59,47,12491,,6,5,12,,,4,1,,31,2,,6,15,17,4,3,,6378,6113
 Windows.Security.Cryptography.Core,1,,,,,,,1,,,,,,,,,,,,,,,

csharp/documentation/library-coverage/coverage.rst

@@ -8,7 +8,7 @@ C# framework & library support
 
    Framework / library,Package,Flow sources,Taint & value steps,Sinks (total),`CWE-079` :sub:`Cross-site scripting`
    `ServiceStack <https://servicestack.net/>`_,"``ServiceStack.*``, ``ServiceStack``",,7,194,
-   System,"``System.*``, ``System``",47,12241,54,5
-   Others,"``Amazon.Lambda.APIGatewayEvents``, ``Amazon.Lambda.Core``, ``Dapper``, ``ILCompiler``, ``ILLink.RoslynAnalyzer``, ``ILLink.Shared``, ``ILLink.Tasks``, ``Internal.IL``, ``Internal.Pgo``, ``Internal.TypeSystem``, ``Microsoft.ApplicationBlocks.Data``, ``Microsoft.AspNetCore.Components``, ``Microsoft.AspNetCore.Http``, ``Microsoft.AspNetCore.Mvc``, ``Microsoft.AspNetCore.WebUtilities``, ``Microsoft.CSharp``, ``Microsoft.Data.SqlClient``, ``Microsoft.Diagnostics.Tools.Pgo``, ``Microsoft.DotNet.Build.Tasks``, ``Microsoft.DotNet.PlatformAbstractions``, ``Microsoft.EntityFrameworkCore``, ``Microsoft.Extensions.Caching.Distributed``, ``Microsoft.Extensions.Caching.Memory``, ``Microsoft.Extensions.Configuration``, ``Microsoft.Extensions.DependencyInjection``, ``Microsoft.Extensions.DependencyModel``, ``Microsoft.Extensions.Diagnostics.Metrics``, ``Microsoft.Extensions.FileProviders``, ``Microsoft.Extensions.FileSystemGlobbing``, ``Microsoft.Extensions.Hosting``, ``Microsoft.Extensions.Http``, ``Microsoft.Extensions.Logging``, ``Microsoft.Extensions.Options``, ``Microsoft.Extensions.Primitives``, ``Microsoft.Interop``, ``Microsoft.JSInterop``, ``Microsoft.NET.Build.Tasks``, ``Microsoft.VisualBasic``, ``Microsoft.Win32``, ``Mono.Linker``, ``MySql.Data.MySqlClient``, ``Newtonsoft.Json``, ``SourceGenerators``, ``Windows.Security.Cryptography.Core``",60,2257,159,4
-   Totals,,107,14505,407,9
+   System,"``System.*``, ``System``",47,12491,59,5
+   Others,"``Amazon.Lambda.APIGatewayEvents``, ``Amazon.Lambda.Core``, ``Dapper``, ``ILCompiler``, ``ILLink.RoslynAnalyzer``, ``ILLink.Shared``, ``ILLink.Tasks``, ``Internal.IL``, ``Internal.Pgo``, ``Internal.TypeSystem``, ``Microsoft.ApplicationBlocks.Data``, ``Microsoft.AspNetCore.Components``, ``Microsoft.AspNetCore.Http``, ``Microsoft.AspNetCore.Mvc``, ``Microsoft.AspNetCore.WebUtilities``, ``Microsoft.CSharp``, ``Microsoft.Data.SqlClient``, ``Microsoft.Diagnostics.Tools.Pgo``, ``Microsoft.DotNet.Build.Tasks``, ``Microsoft.DotNet.PlatformAbstractions``, ``Microsoft.EntityFrameworkCore``, ``Microsoft.Extensions.Caching.Distributed``, ``Microsoft.Extensions.Caching.Memory``, ``Microsoft.Extensions.Configuration``, ``Microsoft.Extensions.DependencyInjection``, ``Microsoft.Extensions.DependencyModel``, ``Microsoft.Extensions.Diagnostics.Metrics``, ``Microsoft.Extensions.FileProviders``, ``Microsoft.Extensions.FileSystemGlobbing``, ``Microsoft.Extensions.Hosting``, ``Microsoft.Extensions.Http``, ``Microsoft.Extensions.Logging``, ``Microsoft.Extensions.Options``, ``Microsoft.Extensions.Primitives``, ``Microsoft.Interop``, ``Microsoft.JSInterop``, ``Microsoft.NET.Build.Tasks``, ``Microsoft.VisualBasic``, ``Microsoft.Win32``, ``Mono.Linker``, ``MySql.Data.MySqlClient``, ``NHibernate``, ``Newtonsoft.Json``, ``SourceGenerators``, ``Windows.Security.Cryptography.Core``",60,2406,162,4
+   Totals,,107,14904,415,9
 

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/BUILD.bazel

@@ -15,6 +15,8 @@ codeql_csharp_library(
     deps = [
         "//csharp/extractor/Semmle.Extraction.CSharp",
         "//csharp/extractor/Semmle.Util",
+        "@paket.main//microsoft.visualstudio.solutionpersistence",
         "@paket.main//newtonsoft.json",
+        "@paket.main//nuget.versioning",
     ],
 )

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs

@@ -283,7 +283,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
             {
                 foreach (var fp in frameworkPaths)
                 {
-                    dotnetFrameworkVersionVariantCount += NugetPackageRestorer.GetOrderedPackageVersionSubDirectories(fp.Path!).Length;
+                    dotnetFrameworkVersionVariantCount += nugetPackageRestorer.GetOrderedPackageVersionSubDirectories(fp.Path!).Length;
                 }
 
                 var folder = nugetPackageRestorer.GetNewestNugetPackageVersionFolder(frameworkPath.Path, ".NET Framework");

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs

@@ -3,6 +3,7 @@ using System.Collections.Generic;
 using System.Collections.ObjectModel;
 using System.IO;
 using System.Linq;
+using System.Threading;
 using Newtonsoft.Json.Linq;
 
 using Semmle.Util;
@@ -36,12 +37,29 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
 
         public static IDotNet Make(ILogger logger, string? dotNetPath, TemporaryDirectory tempWorkingDirectory, DependabotProxy? dependabotProxy) => new DotNet(logger, dotNetPath, tempWorkingDirectory, dependabotProxy);
 
+        private static void HandleRetryExitCode143(string dotnet, int attempt, ILogger logger)
+        {
+            logger.LogWarning($"Running '{dotnet} --info' failed with exit code 143. Retrying...");
+            var sleep = Math.Pow(2, attempt) * 1000;
+            Thread.Sleep((int)sleep);
+        }
+
         private void Info()
         {
-            var res = dotnetCliInvoker.RunCommand("--info", silent: false);
-            if (!res)
+            // Allow up to four attempts (with up to three retries) to run `dotnet --info`, to mitigate transient issues
+            for (int attempt = 0; attempt < 4; attempt++)
             {
-                throw new Exception($"{dotnetCliInvoker.Exec} --info failed.");
+                var exitCode = dotnetCliInvoker.RunCommandExitCode("--info", silent: false);
+                switch (exitCode)
+                {
+                    case 0:
+                        return;
+                    case 143 when attempt < 3:
+                        HandleRetryExitCode143(dotnetCliInvoker.Exec, attempt, logger);
+                        continue;
+                    default:
+                        throw new Exception($"{dotnetCliInvoker.Exec} --info failed with exit code {exitCode}.");
+                }
             }
         }
 
@@ -59,7 +77,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
                     Directory.CreateDirectory(path);
                 }
 
-                args += $" /p:TargetFrameworkRootPath=\"{path}\" /p:NetCoreTargetingPackRoot=\"{path}\"";
+                args += $" /p:TargetFrameworkRootPath=\"{path}\" /p:NetCoreTargetingPackRoot=\"{path}\" /p:AllowMissingPrunePackageData=true";
             }
 
             if (restoreSettings.PathToNugetConfig != null)
@@ -139,7 +157,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
         }
 
         // The version number should be kept in sync with the version .NET version used for building the application.
-        public const string LatestDotNetSdkVersion = "9.0.300";
+        public const string LatestDotNetSdkVersion = "10.0.100";
 
         public static ReadOnlyDictionary<string, string> MinimalEnvironment => IDotNetCliInvoker.MinimalEnvironment;
 
@@ -193,6 +211,35 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
             return BuildScript.Failure;
         }
 
+        /// <summary>
+        /// Returns a script for running `dotnet --info`, with retries on exit code 143.
+        /// </summary>
+        public static BuildScript InfoScript(IBuildActions actions, string dotnet, IDictionary<string, string>? environment, ILogger logger)
+        {
+            var info = new CommandBuilder(actions, null, environment).
+                RunCommand(dotnet).
+                Argument("--info");
+            var script = info.Script;
+            for (var attempt = 0; attempt < 4; attempt++)
+            {
+                var attemptCopy = attempt; // Capture in local variable
+                script = BuildScript.Bind(script, ret =>
+                    {
+                        switch (ret)
+                        {
+                            case 0:
+                                return BuildScript.Success;
+                            case 143 when attemptCopy < 3:
+                                HandleRetryExitCode143(dotnet, attemptCopy, logger);
+                                return info.Script;
+                            default:
+                                return BuildScript.Failure;
+                        }
+                    });
+            }
+            return script;
+        }
+
         /// <summary>
         /// Returns a script for downloading specific .NET SDK versions, if the
         /// versions are not already installed.
@@ -292,9 +339,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
                     };
                 }
 
-                var dotnetInfo = new CommandBuilder(actions, environment: MinimalEnvironment).
-                    RunCommand(actions.PathCombine(path, "dotnet")).
-                    Argument("--info").Script;
+                var dotnetInfo = InfoScript(actions, actions.PathCombine(path, "dotnet"), MinimalEnvironment.ToDictionary(), logger);
 
                 Func<string, BuildScript> getInstallAndVerify = version =>
                     // run `dotnet --info` after install, to check that it executes successfully

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs

@@ -57,15 +57,21 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
             return startInfo;
         }
 
-        private bool RunCommandAux(string args, string? workingDirectory, out IList<string> output, bool silent)
+        private int RunCommandExitCodeAux(string args, string? workingDirectory, out IList<string> output, out string dirLog, bool silent)
         {
-            var dirLog = string.IsNullOrWhiteSpace(workingDirectory) ? "" : $" in {workingDirectory}";
+            dirLog = string.IsNullOrWhiteSpace(workingDirectory) ? "" : $" in {workingDirectory}";
             var pi = MakeDotnetStartInfo(args, workingDirectory);
             var threadId = Environment.CurrentManagedThreadId;
             void onOut(string s) => logger.Log(silent ? Severity.Debug : Severity.Info, s, threadId);
             void onError(string s) => logger.LogError(s, threadId);
             logger.LogInfo($"Running '{Exec} {args}'{dirLog}");
             var exitCode = pi.ReadOutput(out output, onOut, onError);
+            return exitCode;
+        }
+
+        private bool RunCommandAux(string args, string? workingDirectory, out IList<string> output, bool silent)
+        {
+            var exitCode = RunCommandExitCodeAux(args, workingDirectory, out output, out var dirLog, silent);
             if (exitCode != 0)
             {
                 logger.LogError($"Command '{Exec} {args}'{dirLog} failed with exit code {exitCode}");
@@ -77,6 +83,9 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
         public bool RunCommand(string args, bool silent = true) =>
             RunCommandAux(args, null, out _, silent);
 
+        public int RunCommandExitCode(string args, bool silent = true) =>
+            RunCommandExitCodeAux(args, null, out _, out _, silent);
+
         public bool RunCommand(string args, out IList<string> output, bool silent = true) =>
             RunCommandAux(args, null, out output, silent);
 

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetVersion.cs

@@ -1,24 +1,16 @@
 using System;
 using System.IO;
+using NuGet.Versioning;
 
 namespace Semmle.Extraction.CSharp.DependencyFetching
 {
     internal record DotNetVersion : IComparable<DotNetVersion>
     {
         private readonly string dir;
-        private readonly Version version;
-        private readonly Version? preReleaseVersion;
-        private readonly string? preReleaseVersionType;
-        private bool IsPreRelease => preReleaseVersionType is not null && preReleaseVersion is not null;
+        private readonly NuGetVersion version;
 
-        private string FullVersion
-        {
-            get
-            {
-                var preRelease = IsPreRelease ? $"-{preReleaseVersionType}.{preReleaseVersion}" : "";
-                return this.version + preRelease;
-            }
-        }
+        private string FullVersion =>
+            version.ToString();
 
         public string FullPath => Path.Combine(dir, FullVersion);
 
@@ -48,37 +40,14 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
         }
 
 
-        public DotNetVersion(string dir, string version, string preReleaseVersionType, string preReleaseVersion)
+        public DotNetVersion(string dir, NuGetVersion version)
         {
             this.dir = dir;
-            this.version = Version.Parse(version);
-            if (!string.IsNullOrEmpty(preReleaseVersion) && !string.IsNullOrEmpty(preReleaseVersionType))
-            {
-                this.preReleaseVersionType = preReleaseVersionType;
-                this.preReleaseVersion = Version.Parse(preReleaseVersion);
-            }
+            this.version = version;
         }
 
-        public int CompareTo(DotNetVersion? other)
-        {
-            var c = version.CompareTo(other?.version);
-            if (c == 0 && IsPreRelease)
-            {
-                if (!other!.IsPreRelease)
-                {
-                    return -1;
-                }
-
-                // Both are pre-release like runtime versions.
-                // The pre-release version types are sorted alphabetically (e.g. alpha, beta, preview, rc)
-                // and the pre-release version types are more important that the pre-release version numbers.
-                return preReleaseVersionType != other!.preReleaseVersionType
-                    ? preReleaseVersionType!.CompareTo(other!.preReleaseVersionType)
-                    : preReleaseVersion!.CompareTo(other!.preReleaseVersion);
-            }
-
-            return c;
-        }
+        public int CompareTo(DotNetVersion? other) =>
+            version.CompareTo(other?.version);
 
         public override string ToString() => FullPath;
     }

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/FilePathFilter.cs

@@ -55,12 +55,12 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
                 }
                 else
                 {
-                    logger.LogInfo($"Invalid filter: {filter}");
+                    logger.LogWarning($"Invalid filter: {filter}");
                     continue;
                 }
 
                 var regex = new FilePattern(filterText).RegexPattern;
-                logger.LogInfo($"Filtering {(include ? "in" : "out")} files matching '{regex}'. Original glob filter: '{filter}'");
+                logger.LogDebug($"Filtering {(include ? "in" : "out")} files matching '{regex}'. Original glob filter: '{filter}'");
                 pathFilters.Add(new PathFilter(new Regex(regex, RegexOptions.IgnoreCase | RegexOptions.Compiled | RegexOptions.Singleline), include));
             }
 
@@ -91,7 +91,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
 
                 if (!include)
                 {
-                    logger.LogInfo($"Excluding '{f.FileInfo.FullName}'");
+                    logger.LogDebug($"Excluding '{f.FileInfo.FullName}'");
                 }
 
                 return include;

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/FileProvider.cs

@@ -37,7 +37,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
             smallNonBinary = new Lazy<string[]>(() => ReturnAndLogFiles("small non-binary", SelectSmallFiles(allNonBinary.Value).SelectFileNames().ToArray()));
             sources = new Lazy<string[]>(() => SelectTextFileNamesByExtension("source", ".cs"));
             projects = new Lazy<string[]>(() => SelectTextFileNamesByExtension("project", ".csproj"));
-            solutions = new Lazy<string[]>(() => SelectTextFileNamesByExtension("solution", ".sln"));
+            solutions = new Lazy<string[]>(() => SelectTextFileNamesByExtension("solution", ".sln", ".slnx"));
             dlls = new Lazy<string[]>(() => SelectBinaryFileNamesByExtension("DLL", ".dll"));
             nugetConfigs = new Lazy<string[]>(() => SelectTextFileNamesByName("nuget.config"));
             globalJsons = new Lazy<string[]>(() => SelectTextFileNamesByName("global.json"));

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/IDotNetCliInvoker.cs

@@ -30,6 +30,12 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
         /// </summary>
         bool RunCommand(string args, bool silent = true);
 
+        /// <summary>
+        /// Execute `dotnet <paramref name="args"/>` and return the exit code.
+        /// If `silent` is true the output of the command is logged as `debug` otherwise as `info`.
+        /// </summary>
+        int RunCommandExitCode(string args, bool silent = true);
+
         /// <summary>
         /// Execute `dotnet <paramref name="args"/>` and return true if the command succeeded, otherwise false.
         /// The output of the command is returned in `output`.

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs

@@ -10,6 +10,7 @@ using System.Text;
 using System.Text.RegularExpressions;
 using System.Threading;
 using System.Threading.Tasks;
+using NuGet.Versioning;
 using Semmle.Util;
 using Semmle.Util.Logging;
 
@@ -87,11 +88,22 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
             return selectedFrameworkFolder;
         }
 
-        public static DirectoryInfo[] GetOrderedPackageVersionSubDirectories(string packagePath)
+        public DirectoryInfo[] GetOrderedPackageVersionSubDirectories(string packagePath)
         {
+            // Only consider directories with valid NuGet version names.
             return new DirectoryInfo(packagePath)
                 .EnumerateDirectories("*", new EnumerationOptions { MatchCasing = MatchCasing.CaseInsensitive, RecurseSubdirectories = false })
-                .OrderByDescending(d => d.Name) // TODO: Improve sorting to handle pre-release versions.
+                .SelectMany(d =>
+                {
+                    if (NuGetVersion.TryParse(d.Name, out var version))
+                    {
+                        return new[] { new { Directory = d, NuGetVersion = version } };
+                    }
+                    logger.LogInfo($"Ignoring package directory '{d.FullName}' as it does not have a valid NuGet version name.");
+                    return [];
+                })
+                .OrderByDescending(dw => dw.NuGetVersion)
+                .Select(dw => dw.Directory)
                 .ToArray();
         }
 

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Runtime.cs

@@ -4,6 +4,7 @@ using System.IO;
 using System.Linq;
 using System.Runtime.InteropServices;
 using System.Text.RegularExpressions;
+using NuGet.Versioning;
 using Semmle.Util;
 using Semmle.Util.Logging;
 
@@ -27,7 +28,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
             this.newestRuntimes = new(GetNewestRuntimes);
         }
 
-        [GeneratedRegex(@"^(\S+)\s(\d+\.\d+\.\d+)(-([a-z]+)\.(\d+\.\d+\.\d+))?\s\[(.+)\]$")]
+        [GeneratedRegex(@"^(\S+)\s(\d+\.\d+\.\d+(-[a-z]+\.\d+\.\d+\.\d+)?)\s\[(.+)\]$")]
         private static partial Regex RuntimeRegex();
 
         /// <summary>
@@ -44,9 +45,9 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
             listed.ForEach(r =>
             {
                 var match = regex.Match(r);
-                if (match.Success)
+                if (match.Success && NuGetVersion.TryParse(match.Groups[2].Value, out var version))
                 {
-                    runtimes.AddOrUpdateToLatest(match.Groups[1].Value, new DotNetVersion(match.Groups[6].Value, match.Groups[2].Value, match.Groups[4].Value, match.Groups[5].Value));
+                    runtimes.AddOrUpdateToLatest(match.Groups[1].Value, new DotNetVersion(match.Groups[4].Value, version));
                 }
             });
 

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Sdk.cs

@@ -3,6 +3,7 @@ using System.Collections.Generic;
 using System.IO;
 using System.Linq;
 using System.Text.RegularExpressions;
+using NuGet.Versioning;
 using Semmle.Util;
 using Semmle.Util.Logging;
 
@@ -27,7 +28,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
             cscPath = new Lazy<string?>(GetCscPath);
         }
 
-        [GeneratedRegex(@"^(\d+\.\d+\.\d+)(-([a-z]+)\.(\d+\.\d+\.\d+))?\s\[(.+)\]$")]
+        [GeneratedRegex(@"^(\d+\.\d+\.\d+(-[a-z]+\.\d+\.\d+\.\d+)?)\s\[(.+)\]$")]
         private static partial Regex SdkRegex();
 
         private static HashSet<DotNetVersion> ParseSdks(IList<string> listed)
@@ -37,9 +38,9 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
             listed.ForEach(r =>
             {
                 var match = regex.Match(r);
-                if (match.Success)
+                if (match.Success && NuGetVersion.TryParse(match.Groups[1].Value, out var version))
                 {
-                    sdks.Add(new DotNetVersion(match.Groups[5].Value, match.Groups[1].Value, match.Groups[3].Value, match.Groups[4].Value));
+                    sdks.Add(new DotNetVersion(match.Groups[3].Value, version));
                 }
             });
 
@@ -73,4 +74,4 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
             return path;
         }
     }
-}
+}

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/SolutionFile.cs

@@ -6,7 +6,7 @@ using Microsoft.Build.Construction;
 namespace Semmle.Extraction.CSharp.DependencyFetching
 {
     /// <summary>
-    /// Access data in a .sln file.
+    /// Access data in a .sln or .slnx file.
     /// </summary>
     internal class SolutionFile
     {
@@ -17,7 +17,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
         /// <summary>
         /// Read the file.
         /// </summary>
-        /// <param name="filename">The filename of the .sln.</param>
+        /// <param name="filename">The filename of the .sln or .slnx.</param>
         public SolutionFile(string filename)
         {
             // SolutionFile.Parse() expects a rooted path.
@@ -26,7 +26,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
         }
 
         /// <summary>
-        /// Projects directly included in the .sln file.
+        /// Projects directly included in the .sln or .slnx file.
         /// </summary>
         public IEnumerable<string> MsBuildProjects
         {

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/paket.references

@@ -1 +1,3 @@
+Microsoft.VisualStudio.SolutionPersistence
 Newtonsoft.Json
+NuGet.Versioning

csharp/extractor/Semmle.Extraction.CSharp.DependencyStubGenerator/Semmle.Extraction.CSharp.DependencyStubGenerator.csproj

@@ -2,7 +2,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <TargetFramework>net9.0</TargetFramework>
+    <TargetFramework>net10.0</TargetFramework>
     <AssemblyName>Semmle.Extraction.CSharp.DependencyStubGenerator</AssemblyName>
     <RootNamespace>Semmle.Extraction.CSharp.DependencyStubGenerator</RootNamespace>
     <ImplicitUsings>enable</ImplicitUsings>
@@ -14,4 +14,4 @@
     <ProjectReference Include="..\Semmle.Extraction.CSharp.StubGenerator\Semmle.Extraction.CSharp.StubGenerator.csproj" />
   </ItemGroup>
   <Import Project="..\..\.paket\Paket.Restore.targets" />
-</Project>
+</Project>

csharp/extractor/Semmle.Extraction.CSharp.Standalone/paket.references

@@ -1,5 +1 @@
 Microsoft.Build
-Microsoft.Win32.Primitives
-System.Net.Primitives
-System.Security.Principal
-System.Threading.ThreadPool

csharp/extractor/Semmle.Extraction.CSharp/Entities/Constructor.cs

@@ -74,6 +74,7 @@ namespace Semmle.Extraction.CSharp.Entities
                 {
                     case SyntaxKind.BaseConstructorInitializer:
                         initializerType = Symbol.ContainingType.BaseType!;
+                        ExtractObjectInitCall(trapFile);
                         break;
                     case SyntaxKind.ThisConstructorInitializer:
                         initializerType = Symbol.ContainingType;
@@ -90,10 +91,12 @@ namespace Semmle.Extraction.CSharp.Entities
                 var primaryInfo = Context.GetSymbolInfo(primaryInitializer);
                 var primarySymbol = primaryInfo.Symbol;
 
+                ExtractObjectInitCall(trapFile);
                 ExtractSourceInitializer(trapFile, primarySymbol?.ContainingType, (IMethodSymbol?)primarySymbol, primaryInitializer.ArgumentList, primaryInitializer.GetLocation());
             }
             else if (Symbol.MethodKind is MethodKind.Constructor)
             {
+                ExtractObjectInitCall(trapFile);
                 var baseType = Symbol.ContainingType.BaseType;
                 if (baseType is null)
                 {
@@ -127,6 +130,27 @@ namespace Semmle.Extraction.CSharp.Entities
             }
         }
 
+        private void ExtractObjectInitCall(TextWriter trapFile)
+        {
+            var target = ObjectInitMethod.Create(Context, ContainingType!);
+
+            var type = Context.Compilation.GetSpecialType(SpecialType.System_Void);
+
+            var info = new ExpressionInfo(Context,
+                AnnotatedTypeSymbol.CreateNotAnnotated(type),
+                Location,
+                Kinds.ExprKind.METHOD_INVOCATION,
+                this,
+                -2,
+                isCompilerGenerated: true,
+                null);
+            var obinitCall = new Expression(info);
+
+            trapFile.expr_call(obinitCall, target);
+
+            Expressions.This.CreateImplicit(Context, Symbol.ContainingType, Location, obinitCall, -1);
+        }
+
         private void ExtractSourceInitializer(TextWriter trapFile, ITypeSymbol? type, IMethodSymbol? symbol, ArgumentListSyntax arguments, Microsoft.CodeAnalysis.Location location)
         {
             var initInfo = new ExpressionInfo(Context,

csharp/extractor/Semmle.Extraction.CSharp/Entities/IMethodEntity.cs

@@ -0,0 +1,9 @@
+namespace Semmle.Extraction.CSharp.Entities
+{
+    /// <summary>
+    /// Marker interface for method entities.
+    /// </summary>
+    public interface IMethodEntity : IEntity
+    {
+    }
+}