diff --git a/cpp/ql/test/library-tests/controlflow/stackvariablereachability/StackVariableReachabilityWithReassignment.expected b/cpp/ql/test/library-tests/controlflow/stackvariablereachability/StackVariableReachabilityWithReassignment.expected
new file mode 100644
index 00000000000..0ef41de2cb3
--- /dev/null
+++ b/cpp/ql/test/library-tests/controlflow/stackvariablereachability/StackVariableReachabilityWithReassignment.expected
@@ -0,0 +1,13 @@
+| stackVariableReachability.c:11:2:11:2 | a | ... + ... |
+| stackVariableReachability.c:11:6:11:6 | a | 10 |
+| stackVariableReachability.c:12:2:12:2 | a | 40 |
+| stackVariableReachability.c:13:2:13:2 | a | 40 |
+| stackVariableReachability.c:14:4:14:4 | a | 40 |
+| stackVariableReachability.c:15:2:15:2 | a | call to f |
+| stackVariableReachability.c:15:8:15:8 | a | 40 |
+| stackVariableReachability.c:16:2:16:2 | a | call to f |
+| stackVariableReachability.c:19:3:19:3 | b | 50 |
+| stackVariableReachability.c:21:3:21:3 | b | 60 |
+| stackVariableReachability.c:23:2:23:2 | c | b |
+| stackVariableReachability.c:23:6:23:6 | b | 50, 60 |
+| stackVariableReachability.c:24:2:24:2 | c | 50, 60, b |
diff --git a/cpp/ql/test/library-tests/controlflow/stackvariablereachability/StackVariableReachabilityWithReassignment.ql b/cpp/ql/test/library-tests/controlflow/stackvariablereachability/StackVariableReachabilityWithReassignment.ql
new file mode 100644
index 00000000000..c143983acbb
--- /dev/null
+++ b/cpp/ql/test/library-tests/controlflow/stackvariablereachability/StackVariableReachabilityWithReassignment.ql
@@ -0,0 +1,19 @@
+import cpp
+import semmle.code.cpp.controlflow.StackVariableReachability
+
+class MyStackVariableReachability extends StackVariableReachabilityWithReassignment {
+  MyStackVariableReachability() { this = "MyStackVariableReachability" }
+
+  override predicate isSourceActual(ControlFlowNode node, StackVariable v) {
+    exprDefinition(v, _, node)
+  }
+
+  override predicate isSinkActual(ControlFlowNode node, StackVariable v) {
+    node.(VariableAccess).getTarget() = v
+  }
+
+  override predicate isBarrier(ControlFlowNode node, StackVariable v) { exprDefinition(v, _, node) }
+}
+
+from MyStackVariableReachability svr, ControlFlowNode sink
+select sink, strictconcat(Expr source | svr.reaches(source, _, sink) | source.toString(), ", ")
diff --git a/cpp/ql/test/library-tests/controlflow/stackvariablereachability/stackVariableReachability.c b/cpp/ql/test/library-tests/controlflow/stackvariablereachability/stackVariableReachability.c
new file mode 100644
index 00000000000..c00a2ccc06e
--- /dev/null
+++ b/cpp/ql/test/library-tests/controlflow/stackvariablereachability/stackVariableReachability.c
@@ -0,0 +1,25 @@
+
+int cond();
+int f(int x);
+
+void test(int p)
+{
+	int a = 10;
+	int b = 20;
+	int c = 30;
+
+	a = a + 1;
+	a = 40;
+	a++;
+	++a;
+	a = f(a);
+	a;
+
+	if (cond()) {
+		b = 50;
+	} else {
+		b = 60;
+	}
+	c = b;
+	c;
+}
diff --git a/cpp/ql/test/library-tests/controlflow/stackvariablereachability/stackVariableReachability.expected b/cpp/ql/test/library-tests/controlflow/stackvariablereachability/stackVariableReachability.expected
new file mode 100644
index 00000000000..cc7a004b629
--- /dev/null
+++ b/cpp/ql/test/library-tests/controlflow/stackvariablereachability/stackVariableReachability.expected
@@ -0,0 +1,13 @@
+| stackVariableReachability.c:11:2:11:2 | a | ... + ... |
+| stackVariableReachability.c:11:6:11:6 | a | 10 |
+| stackVariableReachability.c:12:2:12:2 | a | 40 |
+| stackVariableReachability.c:13:2:13:2 | a | 40 |
+| stackVariableReachability.c:14:4:14:4 | a | 40 |
+| stackVariableReachability.c:15:2:15:2 | a | call to f |
+| stackVariableReachability.c:15:8:15:8 | a | 40 |
+| stackVariableReachability.c:16:2:16:2 | a | call to f |
+| stackVariableReachability.c:19:3:19:3 | b | 50 |
+| stackVariableReachability.c:21:3:21:3 | b | 60 |
+| stackVariableReachability.c:23:2:23:2 | c | b |
+| stackVariableReachability.c:23:6:23:6 | b | 50, 60 |
+| stackVariableReachability.c:24:2:24:2 | c | b |
diff --git a/cpp/ql/test/library-tests/controlflow/stackvariablereachability/stackVariableReachability.ql b/cpp/ql/test/library-tests/controlflow/stackvariablereachability/stackVariableReachability.ql
new file mode 100644
index 00000000000..07770d97d0f
--- /dev/null
+++ b/cpp/ql/test/library-tests/controlflow/stackvariablereachability/stackVariableReachability.ql
@@ -0,0 +1,17 @@
+import cpp
+import semmle.code.cpp.controlflow.StackVariableReachability
+
+class MyStackVariableReachability extends StackVariableReachability {
+  MyStackVariableReachability() { this = "MyStackVariableReachability" }
+
+  override predicate isSource(ControlFlowNode node, StackVariable v) { exprDefinition(v, _, node) }
+
+  override predicate isSink(ControlFlowNode node, StackVariable v) {
+    node.(VariableAccess).getTarget() = v
+  }
+
+  override predicate isBarrier(ControlFlowNode node, StackVariable v) { exprDefinition(v, _, node) }
+}
+
+from MyStackVariableReachability svr, ControlFlowNode sink
+select sink, strictconcat(Expr source | svr.reaches(source, _, sink) | source.toString(), ", ")
diff --git a/cpp/ql/test/library-tests/deprecated/stackVariableReachability.c b/cpp/ql/test/library-tests/deprecated/stackVariableReachability.c
deleted file mode 100644
index e69de29bb2d..00000000000
diff --git a/cpp/ql/test/library-tests/deprecated/stackVariableReachability.expected b/cpp/ql/test/library-tests/deprecated/stackVariableReachability.expected
deleted file mode 100644
index 12f63b493a6..00000000000
--- a/cpp/ql/test/library-tests/deprecated/stackVariableReachability.expected
+++ /dev/null
@@ -1 +0,0 @@
-| Test for deprecated library StackVariableReachability. |
diff --git a/cpp/ql/test/library-tests/deprecated/stackVariableReachability.ql b/cpp/ql/test/library-tests/deprecated/stackVariableReachability.ql
deleted file mode 100644
index 63691e7c3ed..00000000000
--- a/cpp/ql/test/library-tests/deprecated/stackVariableReachability.ql
+++ /dev/null
@@ -1,4 +0,0 @@
-import cpp
-import semmle.code.cpp.controlflow.StackVariableReachability
-
-select "Test for deprecated library StackVariableReachability."
diff --git a/cpp/ql/test/library-tests/functions/unused/unused_functions.expected b/cpp/ql/test/library-tests/functions/unused/unused_functions.expected
deleted file mode 100644
index 546335812fb..00000000000
--- a/cpp/ql/test/library-tests/functions/unused/unused_functions.expected
+++ /dev/null
@@ -1,4 +0,0 @@
-| unused_functions.c:16:13:16:27 | unused_function | Static function unused_function is unreachable | unused_functions.c:16:13:16:27 | unused_function | unused_function |
-| unused_functions.c:20:13:20:28 | unused_function2 | Static function unused_function2 is unreachable ($@ must be removed at the same time) | unused_functions.c:24:13:24:28 | unused_function3 | unused_function3 |
-| unused_functions.c:24:13:24:28 | unused_function3 | Static function unused_function3 is unreachable | unused_functions.c:24:13:24:28 | unused_function3 | unused_function3 |
-| unused_functions.c:63:13:63:14 | h4 | Static function h4 is unreachable | unused_functions.c:63:13:63:14 | h4 | h4 |
diff --git a/cpp/ql/test/library-tests/functions/unused/unused_functions.qlref b/cpp/ql/test/library-tests/functions/unused/unused_functions.qlref
deleted file mode 100644
index dbf4c4e9172..00000000000
--- a/cpp/ql/test/library-tests/functions/unused/unused_functions.qlref
+++ /dev/null
@@ -1 +0,0 @@
-Best Practices/Unused Entities/UnusedStaticFunctions.ql
diff --git a/cpp/ql/test/library-tests/functions/unused_mut/unused_mut.expected b/cpp/ql/test/library-tests/functions/unused_mut/unused_mut.expected
deleted file mode 100644
index d41677ac479..00000000000
--- a/cpp/ql/test/library-tests/functions/unused_mut/unused_mut.expected
+++ /dev/null
@@ -1,2 +0,0 @@
-| unused_mut.c:5:13:5:31 | mut_unused_function | Static function mut_unused_function is unreachable ($@ must be removed at the same time) | unused_mut.c:9:13:9:32 | mut_unused_function2 | mut_unused_function2 |
-| unused_mut.c:9:13:9:32 | mut_unused_function2 | Static function mut_unused_function2 is unreachable ($@ must be removed at the same time) | unused_mut.c:5:13:5:31 | mut_unused_function | mut_unused_function |
diff --git a/cpp/ql/test/library-tests/functions/unused_mut/unused_mut.qlref b/cpp/ql/test/library-tests/functions/unused_mut/unused_mut.qlref
deleted file mode 100644
index dbf4c4e9172..00000000000
--- a/cpp/ql/test/library-tests/functions/unused_mut/unused_mut.qlref
+++ /dev/null
@@ -1 +0,0 @@
-Best Practices/Unused Entities/UnusedStaticFunctions.ql
diff --git a/cpp/ql/test/query-tests/Best Practices/Unused Entities/UnusedStaticFunctions/UnusedStaticFunctions.expected b/cpp/ql/test/query-tests/Best Practices/Unused Entities/UnusedStaticFunctions/UnusedStaticFunctions.expected
index 10e89760be9..46a5698c8c6 100644
--- a/cpp/ql/test/query-tests/Best Practices/Unused Entities/UnusedStaticFunctions/UnusedStaticFunctions.expected	
+++ b/cpp/ql/test/query-tests/Best Practices/Unused Entities/UnusedStaticFunctions/UnusedStaticFunctions.expected	
@@ -1,3 +1,9 @@
+| unused_functions.c:16:13:16:27 | unused_function | Static function unused_function is unreachable | unused_functions.c:16:13:16:27 | unused_function | unused_function |
+| unused_functions.c:20:13:20:28 | unused_function2 | Static function unused_function2 is unreachable ($@ must be removed at the same time) | unused_functions.c:24:13:24:28 | unused_function3 | unused_function3 |
+| unused_functions.c:24:13:24:28 | unused_function3 | Static function unused_function3 is unreachable | unused_functions.c:24:13:24:28 | unused_function3 | unused_function3 |
+| unused_functions.c:63:13:63:14 | h4 | Static function h4 is unreachable | unused_functions.c:63:13:63:14 | h4 | h4 |
+| unused_mut.c:5:13:5:31 | mut_unused_function | Static function mut_unused_function is unreachable ($@ must be removed at the same time) | unused_mut.c:9:13:9:32 | mut_unused_function2 | mut_unused_function2 |
+| unused_mut.c:9:13:9:32 | mut_unused_function2 | Static function mut_unused_function2 is unreachable ($@ must be removed at the same time) | unused_mut.c:5:13:5:31 | mut_unused_function | mut_unused_function |
 | unused_static_functions.cpp:19:13:19:14 | f2 | Static function f2 is unreachable | unused_static_functions.cpp:19:13:19:14 | f2 | f2 |
 | unused_static_functions.cpp:33:13:33:14 | f5 | Static function f5 is unreachable ($@ must be removed at the same time) | unused_static_functions.cpp:34:13:34:14 | f6 | f6 |
 | unused_static_functions.cpp:34:13:34:14 | f6 | Static function f6 is unreachable ($@ must be removed at the same time) | unused_static_functions.cpp:33:13:33:14 | f5 | f5 |
diff --git a/cpp/ql/test/library-tests/functions/unused/unused_functions.c b/cpp/ql/test/query-tests/Best Practices/Unused Entities/UnusedStaticFunctions/unused_functions.c
similarity index 100%
rename from cpp/ql/test/library-tests/functions/unused/unused_functions.c
rename to cpp/ql/test/query-tests/Best Practices/Unused Entities/UnusedStaticFunctions/unused_functions.c
diff --git a/cpp/ql/test/library-tests/functions/unused_mut/unused_mut.c b/cpp/ql/test/query-tests/Best Practices/Unused Entities/UnusedStaticFunctions/unused_mut.c
similarity index 100%
rename from cpp/ql/test/library-tests/functions/unused_mut/unused_mut.c
rename to cpp/ql/test/query-tests/Best Practices/Unused Entities/UnusedStaticFunctions/unused_mut.c
diff --git a/cpp/ql/test/query-tests/Critical/OverflowStatic/OverflowStatic.expected b/cpp/ql/test/query-tests/Critical/OverflowStatic/OverflowStatic.expected
index e6e2c51f7d9..01a2dfc38b3 100644
--- a/cpp/ql/test/query-tests/Critical/OverflowStatic/OverflowStatic.expected
+++ b/cpp/ql/test/query-tests/Critical/OverflowStatic/OverflowStatic.expected
@@ -1,3 +1,10 @@
+| test2.c:28:19:28:20 | 41 | Potential buffer-overflow: 'buffer' has size 40 not 41. |
+| test2.c:29:26:29:27 | 43 | Potential buffer-overflow: 'buffer' has size 40 not 43. |
+| test2.c:31:26:31:27 | 44 | Potential buffer-overflow: 'buffer' has size 40 not 44. |
+| test2.c:32:25:32:26 | 45 | Potential buffer-overflow: 'buffer' has size 40 not 45. |
+| test2.c:33:26:33:27 | 46 | Potential buffer-overflow: 'buffer' has size 40 not 46. |
+| test2.c:34:22:34:23 | 47 | Potential buffer-overflow: 'buffer' has size 40 not 47. |
+| test2.c:35:23:35:24 | 48 | Potential buffer-overflow: 'buffer' has size 40 not 48. |
 | test.c:14:9:14:13 | access to array | Potential buffer-overflow: 'xs' has size 5 but 'xs[5]' is accessed here. |
 | test.c:15:9:15:13 | access to array | Potential buffer-overflow: 'xs' has size 5 but 'xs[6]' is accessed here. |
 | test.c:20:9:20:18 | access to array | Potential buffer-overflow: 'ys' has size 5 but 'ys[5]' is accessed here. |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/OverflowStatic/test.c b/cpp/ql/test/query-tests/Critical/OverflowStatic/test2.c
similarity index 100%
rename from cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/OverflowStatic/test.c
rename to cpp/ql/test/query-tests/Critical/OverflowStatic/test2.c
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/StrncpyFlippedArgs/StrncpyFlippedArgs.expected b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/StrncpyFlippedArgs/StrncpyFlippedArgs.expected
index 8a36ebaaabe..c9827bd83e1 100644
--- a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/StrncpyFlippedArgs/StrncpyFlippedArgs.expected	
+++ b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/StrncpyFlippedArgs/StrncpyFlippedArgs.expected	
@@ -1,3 +1,5 @@
+| test.c:22:2:22:8 | call to strncpy | Potentially unsafe call to strncpy; third argument should be size of destination. |
+| test.c:33:2:33:8 | call to strncpy | Potentially unsafe call to strncpy; third argument should be size of destination. |
 | test.cpp:19:2:19:8 | call to strncpy | Potentially unsafe call to strncpy; third argument should be size of destination. |
 | test.cpp:20:2:20:8 | call to strncpy | Potentially unsafe call to strncpy; third argument should be size of destination. |
 | test.cpp:21:2:21:8 | call to strncpy | Potentially unsafe call to strncpy; third argument should be size of destination. |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/StrncpyFlippedArgs/test.c b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/StrncpyFlippedArgs/test.c
similarity index 100%
rename from cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/StrncpyFlippedArgs/test.c
rename to cpp/ql/test/query-tests/Likely Bugs/Memory Management/StrncpyFlippedArgs/test.c
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/SuspiciousCallToStrncat/SuspiciousCallToStrncat.expected b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/SuspiciousCallToStrncat/SuspiciousCallToStrncat.expected
similarity index 100%
rename from cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/SuspiciousCallToStrncat/SuspiciousCallToStrncat.expected
rename to cpp/ql/test/query-tests/Likely Bugs/Memory Management/SuspiciousCallToStrncat/SuspiciousCallToStrncat.expected
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/SuspiciousCallToStrncat/SuspiciousCallToStrncat.qlref b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/SuspiciousCallToStrncat/SuspiciousCallToStrncat.qlref
similarity index 100%
rename from cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/SuspiciousCallToStrncat/SuspiciousCallToStrncat.qlref
rename to cpp/ql/test/query-tests/Likely Bugs/Memory Management/SuspiciousCallToStrncat/SuspiciousCallToStrncat.qlref
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/SuspiciousCallToStrncat/test.c b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/SuspiciousCallToStrncat/test.c
similarity index 100%
rename from cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/SuspiciousCallToStrncat/test.c
rename to cpp/ql/test/query-tests/Likely Bugs/Memory Management/SuspiciousCallToStrncat/test.c
diff --git a/cpp/ql/test/library-tests/strcat/strcat.c b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/UnsafeUseOfStrcat/strcat.c
similarity index 100%
rename from cpp/ql/test/library-tests/strcat/strcat.c
rename to cpp/ql/test/query-tests/Likely Bugs/Memory Management/UnsafeUseOfStrcat/strcat.c
diff --git a/cpp/ql/test/library-tests/strcat/strcat.expected b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/UnsafeUseOfStrcat/strcat.expected
similarity index 100%
rename from cpp/ql/test/library-tests/strcat/strcat.expected
rename to cpp/ql/test/query-tests/Likely Bugs/Memory Management/UnsafeUseOfStrcat/strcat.expected
diff --git a/cpp/ql/test/library-tests/strcat/strcat.qlref b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/UnsafeUseOfStrcat/strcat.qlref
similarity index 100%
rename from cpp/ql/test/library-tests/strcat/strcat.qlref
rename to cpp/ql/test/query-tests/Likely Bugs/Memory Management/UnsafeUseOfStrcat/strcat.qlref
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/OverflowStatic/OverflowStatic.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/OverflowStatic/OverflowStatic.expected
deleted file mode 100644
index 9bc0658a02d..00000000000
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/OverflowStatic/OverflowStatic.expected
+++ /dev/null
@@ -1,7 +0,0 @@
-| test.c:28:19:28:20 | 41 | Potential buffer-overflow: 'buffer' has size 40 not 41. |
-| test.c:29:26:29:27 | 43 | Potential buffer-overflow: 'buffer' has size 40 not 43. |
-| test.c:31:26:31:27 | 44 | Potential buffer-overflow: 'buffer' has size 40 not 44. |
-| test.c:32:25:32:26 | 45 | Potential buffer-overflow: 'buffer' has size 40 not 45. |
-| test.c:33:26:33:27 | 46 | Potential buffer-overflow: 'buffer' has size 40 not 46. |
-| test.c:34:22:34:23 | 47 | Potential buffer-overflow: 'buffer' has size 40 not 47. |
-| test.c:35:23:35:24 | 48 | Potential buffer-overflow: 'buffer' has size 40 not 48. |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/OverflowStatic/OverflowStatic.qlref b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/OverflowStatic/OverflowStatic.qlref
deleted file mode 100644
index 477af9d71d0..00000000000
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/OverflowStatic/OverflowStatic.qlref
+++ /dev/null
@@ -1 +0,0 @@
-Critical/OverflowStatic.ql
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/StrncpyFlippedArgs/StrncpyFlippedArgs.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/StrncpyFlippedArgs/StrncpyFlippedArgs.expected
deleted file mode 100644
index 0fde9ab1729..00000000000
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/StrncpyFlippedArgs/StrncpyFlippedArgs.expected
+++ /dev/null
@@ -1,2 +0,0 @@
-| test.c:22:2:22:8 | call to strncpy | Potentially unsafe call to strncpy; third argument should be size of destination. |
-| test.c:33:2:33:8 | call to strncpy | Potentially unsafe call to strncpy; third argument should be size of destination. |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/StrncpyFlippedArgs/StrncpyFlippedArgs.qlref b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/StrncpyFlippedArgs/StrncpyFlippedArgs.qlref
deleted file mode 100644
index 5307aeb087f..00000000000
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/StrncpyFlippedArgs/StrncpyFlippedArgs.qlref
+++ /dev/null
@@ -1,2 +0,0 @@
-Likely Bugs/Memory Management/StrncpyFlippedArgs.ql
-