Merge branch 'main' into setliterals

2026-05-01 19:55:15 +02:00 · 2021-10-14 14:39:39 +01:00
parent 9d63efe495 8b6baa250c
commit f08d2ee759
216 changed files with 9196 additions and 2926 deletions
--- a/cpp/ql/lib/semmle/code/cpp/Declaration.qll
+++ b/cpp/ql/lib/semmle/code/cpp/Declaration.qll
@@ -275,9 +275,8 @@ class Declaration extends Locatable, @declaration {
   * `getTemplateArgumentKind(0)`.
   */
  final Locatable getTemplateArgumentKind(int index) {
-    if exists(getTemplateArgumentValue(index))
-    then result = getTemplateArgumentType(index)
-    else none()
+    exists(getTemplateArgumentValue(index)) and
+    result = getTemplateArgumentType(index)
  }

  /** Gets the number of template arguments for this declaration. */
--- a/cpp/ql/lib/semmle/code/cpp/XML.qll
+++ b/cpp/ql/lib/semmle/code/cpp/XML.qll
@@ -108,7 +108,7 @@ class XMLParent extends @xmlparent {
  }

  /** Gets the text value contained in this XML parent. */
-  string getTextValue() { result = allCharactersString() }
+  string getTextValue() { result = this.allCharactersString() }

  /** Gets a printable representation of this XML parent. */
  string toString() { result = this.getName() }
@@ -119,7 +119,7 @@ class XMLFile extends XMLParent, File {
  XMLFile() { xmlEncoding(this, _) }

  /** Gets a printable representation of this XML file. */
-  override string toString() { result = getName() }
+  override string toString() { result = this.getName() }

  /** Gets the name of this XML file. */
  override string getName() { result = File.super.getAbsolutePath() }
@@ -129,14 +129,14 @@ class XMLFile extends XMLParent, File {
   *
   * Gets the path of this XML file.
   */
-  deprecated string getPath() { result = getAbsolutePath() }
+  deprecated string getPath() { result = this.getAbsolutePath() }

  /**
   * DEPRECATED: Use `getParentContainer().getAbsolutePath()` instead.
   *
   * Gets the path of the folder that contains this XML file.
   */
-  deprecated string getFolder() { result = getParentContainer().getAbsolutePath() }
+  deprecated string getFolder() { result = this.getParentContainer().getAbsolutePath() }

  /** Gets the encoding of this XML file. */
  string getEncoding() { xmlEncoding(this, result) }
@@ -200,7 +200,7 @@ class XMLDTD extends XMLLocatable, @xmldtd {
 */
 class XMLElement extends @xmlelement, XMLParent, XMLLocatable {
  /** Holds if this XML element has the given `name`. */
-  predicate hasName(string name) { name = getName() }
+  predicate hasName(string name) { name = this.getName() }

  /** Gets the name of this XML element. */
  override string getName() { xmlElements(this, result, _, _, _) }
@@ -239,7 +239,7 @@ class XMLElement extends @xmlelement, XMLParent, XMLLocatable {
  string getAttributeValue(string name) { result = this.getAttribute(name).getValue() }

  /** Gets a printable representation of this XML element. */
-  override string toString() { result = getName() }
+  override string toString() { result = this.getName() }
 }

 /**
--- a/cpp/ql/lib/semmle/code/cpp/controlflow/internal/ConstantExprs.qll
+++ b/cpp/ql/lib/semmle/code/cpp/controlflow/internal/ConstantExprs.qll
@@ -344,14 +344,13 @@ private int convertIntToType(int val, IntegralType t) {
  then if val = 0 then result = 0 else result = 1
  else
    if t.isUnsigned()
-    then if val >= 0 and val.bitShiftRight(t.getSize() * 8) = 0 then result = val else none()
+    then val >= 0 and val.bitShiftRight(t.getSize() * 8) = 0 and result = val
    else
      if val >= 0 and val.bitShiftRight(t.getSize() * 8 - 1) = 0
      then result = val
-      else
-        if (-(val + 1)).bitShiftRight(t.getSize() * 8 - 1) = 0
-        then result = val
-        else none()
+      else (
+        (-(val + 1)).bitShiftRight(t.getSize() * 8 - 1) = 0 and result = val
+      )
 }

 /**
--- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplCommon.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplCommon.qll
@@ -937,7 +937,7 @@ class CallContextSpecificCall extends CallContextCall, TSpecificCall {
  }

  override predicate relevantFor(DataFlowCallable callable) {
-    recordDataFlowCallSite(getCall(), callable)
+    recordDataFlowCallSite(this.getCall(), callable)
  }

  override predicate matchesCall(DataFlowCall call) { call = this.getCall() }
@@ -1257,7 +1257,7 @@ abstract class AccessPathFront extends TAccessPathFront {

  TypedContent getHead() { this = TFrontHead(result) }

-  predicate isClearedAt(Node n) { clearsContentCached(n, getHead().getContent()) }
+  predicate isClearedAt(Node n) { clearsContentCached(n, this.getHead().getContent()) }
 }

 class AccessPathFrontNil extends AccessPathFront, TFrontNil {
--- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll
@@ -75,24 +75,26 @@ abstract class Configuration extends DataFlow::Configuration {
  predicate isSanitizer(DataFlow::Node node) { none() }

  final override predicate isBarrier(DataFlow::Node node) {
-    isSanitizer(node) or
+    this.isSanitizer(node) or
    defaultTaintSanitizer(node)
  }

  /** Holds if taint propagation into `node` is prohibited. */
  predicate isSanitizerIn(DataFlow::Node node) { none() }

-  final override predicate isBarrierIn(DataFlow::Node node) { isSanitizerIn(node) }
+  final override predicate isBarrierIn(DataFlow::Node node) { this.isSanitizerIn(node) }

  /** Holds if taint propagation out of `node` is prohibited. */
  predicate isSanitizerOut(DataFlow::Node node) { none() }

-  final override predicate isBarrierOut(DataFlow::Node node) { isSanitizerOut(node) }
+  final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) }

  /** Holds if taint propagation through nodes guarded by `guard` is prohibited. */
  predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() }

-  final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { isSanitizerGuard(guard) }
+  final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) {
+    this.isSanitizerGuard(guard)
+  }

  /**
   * Holds if the additional taint propagation step from `node1` to `node2`
@@ -101,7 +103,7 @@ abstract class Configuration extends DataFlow::Configuration {
  predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { none() }

  final override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    isAdditionalTaintStep(node1, node2) or
+    this.isAdditionalTaintStep(node1, node2) or
    defaultAdditionalTaintStep(node1, node2)
  }

--- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll
@@ -75,24 +75,26 @@ abstract class Configuration extends DataFlow::Configuration {
  predicate isSanitizer(DataFlow::Node node) { none() }

  final override predicate isBarrier(DataFlow::Node node) {
-    isSanitizer(node) or
+    this.isSanitizer(node) or
    defaultTaintSanitizer(node)
  }

  /** Holds if taint propagation into `node` is prohibited. */
  predicate isSanitizerIn(DataFlow::Node node) { none() }

-  final override predicate isBarrierIn(DataFlow::Node node) { isSanitizerIn(node) }
+  final override predicate isBarrierIn(DataFlow::Node node) { this.isSanitizerIn(node) }

  /** Holds if taint propagation out of `node` is prohibited. */
  predicate isSanitizerOut(DataFlow::Node node) { none() }

-  final override predicate isBarrierOut(DataFlow::Node node) { isSanitizerOut(node) }
+  final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) }

  /** Holds if taint propagation through nodes guarded by `guard` is prohibited. */
  predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() }

-  final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { isSanitizerGuard(guard) }
+  final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) {
+    this.isSanitizerGuard(guard)
+  }

  /**
   * Holds if the additional taint propagation step from `node1` to `node2`
@@ -101,7 +103,7 @@ abstract class Configuration extends DataFlow::Configuration {
  predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { none() }

  final override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    isAdditionalTaintStep(node1, node2) or
+    this.isAdditionalTaintStep(node1, node2) or
    defaultAdditionalTaintStep(node1, node2)
  }

--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplCommon.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplCommon.qll
@@ -937,7 +937,7 @@ class CallContextSpecificCall extends CallContextCall, TSpecificCall {
  }

  override predicate relevantFor(DataFlowCallable callable) {
-    recordDataFlowCallSite(getCall(), callable)
+    recordDataFlowCallSite(this.getCall(), callable)
  }

  override predicate matchesCall(DataFlowCall call) { call = this.getCall() }
@@ -1257,7 +1257,7 @@ abstract class AccessPathFront extends TAccessPathFront {

  TypedContent getHead() { this = TFrontHead(result) }

-  predicate isClearedAt(Node n) { clearsContentCached(n, getHead().getContent()) }
+  predicate isClearedAt(Node n) { clearsContentCached(n, this.getHead().getContent()) }
 }

 class AccessPathFrontNil extends AccessPathFront, TFrontNil {
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking1/TaintTrackingImpl.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking1/TaintTrackingImpl.qll
@@ -75,24 +75,26 @@ abstract class Configuration extends DataFlow::Configuration {
  predicate isSanitizer(DataFlow::Node node) { none() }

  final override predicate isBarrier(DataFlow::Node node) {
-    isSanitizer(node) or
+    this.isSanitizer(node) or
    defaultTaintSanitizer(node)
  }

  /** Holds if taint propagation into `node` is prohibited. */
  predicate isSanitizerIn(DataFlow::Node node) { none() }

-  final override predicate isBarrierIn(DataFlow::Node node) { isSanitizerIn(node) }
+  final override predicate isBarrierIn(DataFlow::Node node) { this.isSanitizerIn(node) }

  /** Holds if taint propagation out of `node` is prohibited. */
  predicate isSanitizerOut(DataFlow::Node node) { none() }

-  final override predicate isBarrierOut(DataFlow::Node node) { isSanitizerOut(node) }
+  final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) }

  /** Holds if taint propagation through nodes guarded by `guard` is prohibited. */
  predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() }

-  final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { isSanitizerGuard(guard) }
+  final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) {
+    this.isSanitizerGuard(guard)
+  }

  /**
   * Holds if the additional taint propagation step from `node1` to `node2`
@@ -101,7 +103,7 @@ abstract class Configuration extends DataFlow::Configuration {
  predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { none() }

  final override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    isAdditionalTaintStep(node1, node2) or
+    this.isAdditionalTaintStep(node1, node2) or
    defaultAdditionalTaintStep(node1, node2)
  }

--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking2/TaintTrackingImpl.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking2/TaintTrackingImpl.qll
@@ -75,24 +75,26 @@ abstract class Configuration extends DataFlow::Configuration {
  predicate isSanitizer(DataFlow::Node node) { none() }

  final override predicate isBarrier(DataFlow::Node node) {
-    isSanitizer(node) or
+    this.isSanitizer(node) or
    defaultTaintSanitizer(node)
  }

  /** Holds if taint propagation into `node` is prohibited. */
  predicate isSanitizerIn(DataFlow::Node node) { none() }

-  final override predicate isBarrierIn(DataFlow::Node node) { isSanitizerIn(node) }
+  final override predicate isBarrierIn(DataFlow::Node node) { this.isSanitizerIn(node) }

  /** Holds if taint propagation out of `node` is prohibited. */
  predicate isSanitizerOut(DataFlow::Node node) { none() }

-  final override predicate isBarrierOut(DataFlow::Node node) { isSanitizerOut(node) }
+  final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) }

  /** Holds if taint propagation through nodes guarded by `guard` is prohibited. */
  predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() }

-  final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { isSanitizerGuard(guard) }
+  final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) {
+    this.isSanitizerGuard(guard)
+  }

  /**
   * Holds if the additional taint propagation step from `node1` to `node2`
@@ -101,7 +103,7 @@ abstract class Configuration extends DataFlow::Configuration {
  predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { none() }

  final override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    isAdditionalTaintStep(node1, node2) or
+    this.isAdditionalTaintStep(node1, node2) or
    defaultAdditionalTaintStep(node1, node2)
  }

--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking3/TaintTrackingImpl.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking3/TaintTrackingImpl.qll
@@ -75,24 +75,26 @@ abstract class Configuration extends DataFlow::Configuration {
  predicate isSanitizer(DataFlow::Node node) { none() }

  final override predicate isBarrier(DataFlow::Node node) {
-    isSanitizer(node) or
+    this.isSanitizer(node) or
    defaultTaintSanitizer(node)
  }

  /** Holds if taint propagation into `node` is prohibited. */
  predicate isSanitizerIn(DataFlow::Node node) { none() }

-  final override predicate isBarrierIn(DataFlow::Node node) { isSanitizerIn(node) }
+  final override predicate isBarrierIn(DataFlow::Node node) { this.isSanitizerIn(node) }

  /** Holds if taint propagation out of `node` is prohibited. */
  predicate isSanitizerOut(DataFlow::Node node) { none() }

-  final override predicate isBarrierOut(DataFlow::Node node) { isSanitizerOut(node) }
+  final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) }

  /** Holds if taint propagation through nodes guarded by `guard` is prohibited. */
  predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() }

-  final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { isSanitizerGuard(guard) }
+  final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) {
+    this.isSanitizerGuard(guard)
+  }

  /**
   * Holds if the additional taint propagation step from `node1` to `node2`
@@ -101,7 +103,7 @@ abstract class Configuration extends DataFlow::Configuration {
  predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { none() }

  final override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    isAdditionalTaintStep(node1, node2) or
+    this.isAdditionalTaintStep(node1, node2) or
    defaultAdditionalTaintStep(node1, node2)
  }

--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRBlock.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRBlock.qll
@@ -24,7 +24,7 @@ class IRBlockBase extends TIRBlock {
  final string toString() { result = getFirstInstruction(this).toString() }

  /** Gets the source location of the first non-`Phi` instruction in this block. */
-  final Language::Location getLocation() { result = getFirstInstruction().getLocation() }
+  final Language::Location getLocation() { result = this.getFirstInstruction().getLocation() }

  /**
   * INTERNAL: Do not use.
@@ -39,7 +39,7 @@ class IRBlockBase extends TIRBlock {
    ) and
    this =
      rank[result + 1](IRBlock funcBlock, int sortOverride, int sortKey1, int sortKey2 |
-        funcBlock.getEnclosingFunction() = getEnclosingFunction() and
+        funcBlock.getEnclosingFunction() = this.getEnclosingFunction() and
        funcBlock.getFirstInstruction().hasSortKeys(sortKey1, sortKey2) and
        // Ensure that the block containing `EnterFunction` always comes first.
        if funcBlock.getFirstInstruction() instanceof EnterFunctionInstruction
@@ -59,15 +59,15 @@ class IRBlockBase extends TIRBlock {
   * Get the `Phi` instructions that appear at the start of this block.
   */
  final PhiInstruction getAPhiInstruction() {
-    Construction::getPhiInstructionBlockStart(result) = getFirstInstruction()
+    Construction::getPhiInstructionBlockStart(result) = this.getFirstInstruction()
  }

  /**
   * Gets an instruction in this block. This includes `Phi` instructions.
   */
  final Instruction getAnInstruction() {
-    result = getInstruction(_) or
-    result = getAPhiInstruction()
+    result = this.getInstruction(_) or
+    result = this.getAPhiInstruction()
  }

  /**
@@ -78,7 +78,9 @@ class IRBlockBase extends TIRBlock {
  /**
   * Gets the last instruction in this block.
   */
-  final Instruction getLastInstruction() { result = getInstruction(getInstructionCount() - 1) }
+  final Instruction getLastInstruction() {
+    result = this.getInstruction(this.getInstructionCount() - 1)
+  }

  /**
   * Gets the number of non-`Phi` instructions in this block.
@@ -149,7 +151,7 @@ class IRBlock extends IRBlockBase {
   * Block `A` dominates block `B` if any control flow path from the entry block of the function to
   * block `B` must pass through block `A`. A block always dominates itself.
   */
-  final predicate dominates(IRBlock block) { strictlyDominates(block) or this = block }
+  final predicate dominates(IRBlock block) { this.strictlyDominates(block) or this = block }

  /**
   * Gets a block on the dominance frontier of this block.
@@ -159,8 +161,8 @@ class IRBlock extends IRBlockBase {
   */
  pragma[noinline]
  final IRBlock dominanceFrontier() {
-    dominates(result.getAPredecessor()) and
-    not strictlyDominates(result)
+    this.dominates(result.getAPredecessor()) and
+    not this.strictlyDominates(result)
  }

  /**
@@ -189,7 +191,7 @@ class IRBlock extends IRBlockBase {
   * Block `A` post-dominates block `B` if any control flow path from `B` to the exit block of the
   * function must pass through block `A`. A block always post-dominates itself.
   */
-  final predicate postDominates(IRBlock block) { strictlyPostDominates(block) or this = block }
+  final predicate postDominates(IRBlock block) { this.strictlyPostDominates(block) or this = block }

  /**
   * Gets a block on the post-dominance frontier of this block.
@@ -199,16 +201,16 @@ class IRBlock extends IRBlockBase {
   */
  pragma[noinline]
  final IRBlock postPominanceFrontier() {
-    postDominates(result.getASuccessor()) and
-    not strictlyPostDominates(result)
+    this.postDominates(result.getASuccessor()) and
+    not this.strictlyPostDominates(result)
  }

  /**
   * Holds if this block is reachable from the entry block of its function.
   */
  final predicate isReachableFromFunctionEntry() {
-    this = getEnclosingIRFunction().getEntryBlock() or
-    getAPredecessor().isReachableFromFunctionEntry()
+    this = this.getEnclosingIRFunction().getEntryBlock() or
+    this.getAPredecessor().isReachableFromFunctionEntry()
  }
 }

--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Operand.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Operand.qll
@@ -46,12 +46,12 @@ class Operand extends TStageOperand {
  /**
   * Gets the location of the source code for this operand.
   */
-  final Language::Location getLocation() { result = getUse().getLocation() }
+  final Language::Location getLocation() { result = this.getUse().getLocation() }

  /**
   * Gets the function that contains this operand.
   */
-  final IRFunction getEnclosingIRFunction() { result = getUse().getEnclosingIRFunction() }
+  final IRFunction getEnclosingIRFunction() { result = this.getUse().getEnclosingIRFunction() }

  /**
   * Gets the `Instruction` that consumes this operand.
@@ -74,7 +74,7 @@ class Operand extends TStageOperand {
   */
  final Instruction getDef() {
    result = this.getAnyDef() and
-    getDefinitionOverlap() instanceof MustExactlyOverlap
+    this.getDefinitionOverlap() instanceof MustExactlyOverlap
  }

  /**
@@ -82,7 +82,7 @@ class Operand extends TStageOperand {
   *
   * Gets the `Instruction` that consumes this operand.
   */
-  deprecated final Instruction getUseInstruction() { result = getUse() }
+  deprecated final Instruction getUseInstruction() { result = this.getUse() }

  /**
   * DEPRECATED: use `getAnyDef` or `getDef`. The exact replacement for this
@@ -91,7 +91,7 @@ class Operand extends TStageOperand {
   *
   * Gets the `Instruction` whose result is the value of the operand.
   */
-  deprecated final Instruction getDefinitionInstruction() { result = getAnyDef() }
+  deprecated final Instruction getDefinitionInstruction() { result = this.getAnyDef() }

  /**
   * Gets the overlap relationship between the operand's definition and its use.
@@ -101,7 +101,9 @@ class Operand extends TStageOperand {
  /**
   * Holds if the result of the definition instruction does not exactly overlap this use.
   */
-  final predicate isDefinitionInexact() { not getDefinitionOverlap() instanceof MustExactlyOverlap }
+  final predicate isDefinitionInexact() {
+    not this.getDefinitionOverlap() instanceof MustExactlyOverlap
+  }

  /**
   * Gets a prefix to use when dumping the operand in an operand list.
@@ -121,7 +123,7 @@ class Operand extends TStageOperand {
   * For example: `this:r3_5`
   */
  final string getDumpString() {
-    result = getDumpLabel() + getInexactSpecifier() + getDefinitionId()
+    result = this.getDumpLabel() + this.getInexactSpecifier() + this.getDefinitionId()
  }

  /**
@@ -129,9 +131,9 @@ class Operand extends TStageOperand {
   * definition is not modeled in SSA.
   */
  private string getDefinitionId() {
-    result = getAnyDef().getResultId()
+    result = this.getAnyDef().getResultId()
    or
-    not exists(getAnyDef()) and result = "m?"
+    not exists(this.getAnyDef()) and result = "m?"
  }

  /**
@@ -140,7 +142,7 @@ class Operand extends TStageOperand {
   * the empty string.
   */
  private string getInexactSpecifier() {
-    if isDefinitionInexact() then result = "~" else result = ""
+    if this.isDefinitionInexact() then result = "~" else result = ""
  }

  /**
@@ -155,7 +157,7 @@ class Operand extends TStageOperand {
   * the definition type, such as in the case of a partial read or a read from a pointer that
   * has been cast to a different type.
   */
-  Language::LanguageType getLanguageType() { result = getAnyDef().getResultLanguageType() }
+  Language::LanguageType getLanguageType() { result = this.getAnyDef().getResultLanguageType() }

  /**
   * Gets the language-neutral type of the value consumed by this operand. This is usually the same
@@ -164,7 +166,7 @@ class Operand extends TStageOperand {
   * from the definition type, such as in the case of a partial read or a read from a pointer that
   * has been cast to a different type.
   */
-  final IRType getIRType() { result = getLanguageType().getIRType() }
+  final IRType getIRType() { result = this.getLanguageType().getIRType() }

  /**
   * Gets the type of the value consumed by this operand. This is usually the same as the
@@ -173,7 +175,7 @@ class Operand extends TStageOperand {
   * the definition type, such as in the case of a partial read or a read from a pointer that
   * has been cast to a different type.
   */
-  final Language::Type getType() { getLanguageType().hasType(result, _) }
+  final Language::Type getType() { this.getLanguageType().hasType(result, _) }

  /**
   * Holds if the value consumed by this operand is a glvalue. If this
@@ -182,13 +184,13 @@ class Operand extends TStageOperand {
   * not hold, the value of the operand represents a value whose type is
   * given by `getType()`.
   */
-  final predicate isGLValue() { getLanguageType().hasType(_, true) }
+  final predicate isGLValue() { this.getLanguageType().hasType(_, true) }

  /**
   * Gets the size of the value consumed by this operand, in bytes. If the operand does not have
   * a known constant size, this predicate does not hold.
   */
-  final int getSize() { result = getLanguageType().getByteSize() }
+  final int getSize() { result = this.getLanguageType().getByteSize() }
 }

 /**
@@ -205,7 +207,7 @@ class MemoryOperand extends Operand {
  /**
   * Gets the kind of memory access performed by the operand.
   */
-  MemoryAccessKind getMemoryAccess() { result = getUse().getOpcode().getReadMemoryAccess() }
+  MemoryAccessKind getMemoryAccess() { result = this.getUse().getOpcode().getReadMemoryAccess() }

  /**
   * Holds if the memory access performed by this operand will not always read from every bit in the
@@ -215,7 +217,7 @@ class MemoryOperand extends Operand {
   * conservative estimate of the memory that might actually be accessed at runtime (for example,
   * the global side effects of a function call).
   */
-  predicate hasMayReadMemoryAccess() { getUse().getOpcode().hasMayReadMemoryAccess() }
+  predicate hasMayReadMemoryAccess() { this.getUse().getOpcode().hasMayReadMemoryAccess() }

  /**
   * Returns the operand that holds the memory address from which the current operand loads its
@@ -223,8 +225,8 @@ class MemoryOperand extends Operand {
   * is `r1`.
   */
  final AddressOperand getAddressOperand() {
-    getMemoryAccess().usesAddressOperand() and
-    result.getUse() = getUse()
+    this.getMemoryAccess().usesAddressOperand() and
+    result.getUse() = this.getUse()
  }
 }

@@ -294,7 +296,7 @@ class NonPhiMemoryOperand extends NonPhiOperand, MemoryOperand, TNonPhiMemoryOpe
    result = unique(Instruction defInstr | hasDefinition(defInstr, _))
  }

-  final override Overlap getDefinitionOverlap() { hasDefinition(_, result) }
+  final override Overlap getDefinitionOverlap() { this.hasDefinition(_, result) }

  pragma[noinline]
  private predicate hasDefinition(Instruction defInstr, Overlap overlap) {
@@ -449,13 +451,17 @@ class PhiInputOperand extends MemoryOperand, TPhiOperand {

  final override Overlap getDefinitionOverlap() { result = overlap }

-  final override int getDumpSortOrder() { result = 11 + getPredecessorBlock().getDisplayIndex() }
-
-  final override string getDumpLabel() {
-    result = "from " + getPredecessorBlock().getDisplayIndex().toString() + ":"
+  final override int getDumpSortOrder() {
+    result = 11 + this.getPredecessorBlock().getDisplayIndex()
  }

-  final override string getDumpId() { result = getPredecessorBlock().getDisplayIndex().toString() }
+  final override string getDumpLabel() {
+    result = "from " + this.getPredecessorBlock().getDisplayIndex().toString() + ":"
+  }
+
+  final override string getDumpId() {
+    result = this.getPredecessorBlock().getDisplayIndex().toString()
+  }

  /**
   * Gets the predecessor block from which this value comes.
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRBlock.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRBlock.qll
@@ -24,7 +24,7 @@ class IRBlockBase extends TIRBlock {
  final string toString() { result = getFirstInstruction(this).toString() }

  /** Gets the source location of the first non-`Phi` instruction in this block. */
-  final Language::Location getLocation() { result = getFirstInstruction().getLocation() }
+  final Language::Location getLocation() { result = this.getFirstInstruction().getLocation() }

  /**
   * INTERNAL: Do not use.
@@ -39,7 +39,7 @@ class IRBlockBase extends TIRBlock {
    ) and
    this =
      rank[result + 1](IRBlock funcBlock, int sortOverride, int sortKey1, int sortKey2 |
-        funcBlock.getEnclosingFunction() = getEnclosingFunction() and
+        funcBlock.getEnclosingFunction() = this.getEnclosingFunction() and
        funcBlock.getFirstInstruction().hasSortKeys(sortKey1, sortKey2) and
        // Ensure that the block containing `EnterFunction` always comes first.
        if funcBlock.getFirstInstruction() instanceof EnterFunctionInstruction
@@ -59,15 +59,15 @@ class IRBlockBase extends TIRBlock {
   * Get the `Phi` instructions that appear at the start of this block.
   */
  final PhiInstruction getAPhiInstruction() {
-    Construction::getPhiInstructionBlockStart(result) = getFirstInstruction()
+    Construction::getPhiInstructionBlockStart(result) = this.getFirstInstruction()
  }

  /**
   * Gets an instruction in this block. This includes `Phi` instructions.
   */
  final Instruction getAnInstruction() {
-    result = getInstruction(_) or
-    result = getAPhiInstruction()
+    result = this.getInstruction(_) or
+    result = this.getAPhiInstruction()
  }

  /**
@@ -78,7 +78,9 @@ class IRBlockBase extends TIRBlock {
  /**
   * Gets the last instruction in this block.
   */
-  final Instruction getLastInstruction() { result = getInstruction(getInstructionCount() - 1) }
+  final Instruction getLastInstruction() {
+    result = this.getInstruction(this.getInstructionCount() - 1)
+  }

  /**
   * Gets the number of non-`Phi` instructions in this block.
@@ -149,7 +151,7 @@ class IRBlock extends IRBlockBase {
   * Block `A` dominates block `B` if any control flow path from the entry block of the function to
   * block `B` must pass through block `A`. A block always dominates itself.
   */
-  final predicate dominates(IRBlock block) { strictlyDominates(block) or this = block }
+  final predicate dominates(IRBlock block) { this.strictlyDominates(block) or this = block }

  /**
   * Gets a block on the dominance frontier of this block.
@@ -159,8 +161,8 @@ class IRBlock extends IRBlockBase {
   */
  pragma[noinline]
  final IRBlock dominanceFrontier() {
-    dominates(result.getAPredecessor()) and
-    not strictlyDominates(result)
+    this.dominates(result.getAPredecessor()) and
+    not this.strictlyDominates(result)
  }

  /**
@@ -189,7 +191,7 @@ class IRBlock extends IRBlockBase {
   * Block `A` post-dominates block `B` if any control flow path from `B` to the exit block of the
   * function must pass through block `A`. A block always post-dominates itself.
   */
-  final predicate postDominates(IRBlock block) { strictlyPostDominates(block) or this = block }
+  final predicate postDominates(IRBlock block) { this.strictlyPostDominates(block) or this = block }

  /**
   * Gets a block on the post-dominance frontier of this block.
@@ -199,16 +201,16 @@ class IRBlock extends IRBlockBase {
   */
  pragma[noinline]
  final IRBlock postPominanceFrontier() {
-    postDominates(result.getASuccessor()) and
-    not strictlyPostDominates(result)
+    this.postDominates(result.getASuccessor()) and
+    not this.strictlyPostDominates(result)
  }

  /**
   * Holds if this block is reachable from the entry block of its function.
   */
  final predicate isReachableFromFunctionEntry() {
-    this = getEnclosingIRFunction().getEntryBlock() or
-    getAPredecessor().isReachableFromFunctionEntry()
+    this = this.getEnclosingIRFunction().getEntryBlock() or
+    this.getAPredecessor().isReachableFromFunctionEntry()
  }
 }

--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Operand.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Operand.qll
@@ -46,12 +46,12 @@ class Operand extends TStageOperand {
  /**
   * Gets the location of the source code for this operand.
   */
-  final Language::Location getLocation() { result = getUse().getLocation() }
+  final Language::Location getLocation() { result = this.getUse().getLocation() }

  /**
   * Gets the function that contains this operand.
   */
-  final IRFunction getEnclosingIRFunction() { result = getUse().getEnclosingIRFunction() }
+  final IRFunction getEnclosingIRFunction() { result = this.getUse().getEnclosingIRFunction() }

  /**
   * Gets the `Instruction` that consumes this operand.
@@ -74,7 +74,7 @@ class Operand extends TStageOperand {
   */
  final Instruction getDef() {
    result = this.getAnyDef() and
-    getDefinitionOverlap() instanceof MustExactlyOverlap
+    this.getDefinitionOverlap() instanceof MustExactlyOverlap
  }

  /**
@@ -82,7 +82,7 @@ class Operand extends TStageOperand {
   *
   * Gets the `Instruction` that consumes this operand.
   */
-  deprecated final Instruction getUseInstruction() { result = getUse() }
+  deprecated final Instruction getUseInstruction() { result = this.getUse() }

  /**
   * DEPRECATED: use `getAnyDef` or `getDef`. The exact replacement for this
@@ -91,7 +91,7 @@ class Operand extends TStageOperand {
   *
   * Gets the `Instruction` whose result is the value of the operand.
   */
-  deprecated final Instruction getDefinitionInstruction() { result = getAnyDef() }
+  deprecated final Instruction getDefinitionInstruction() { result = this.getAnyDef() }

  /**
   * Gets the overlap relationship between the operand's definition and its use.
@@ -101,7 +101,9 @@ class Operand extends TStageOperand {
  /**
   * Holds if the result of the definition instruction does not exactly overlap this use.
   */
-  final predicate isDefinitionInexact() { not getDefinitionOverlap() instanceof MustExactlyOverlap }
+  final predicate isDefinitionInexact() {
+    not this.getDefinitionOverlap() instanceof MustExactlyOverlap
+  }

  /**
   * Gets a prefix to use when dumping the operand in an operand list.
@@ -121,7 +123,7 @@ class Operand extends TStageOperand {
   * For example: `this:r3_5`
   */
  final string getDumpString() {
-    result = getDumpLabel() + getInexactSpecifier() + getDefinitionId()
+    result = this.getDumpLabel() + this.getInexactSpecifier() + this.getDefinitionId()
  }

  /**
@@ -129,9 +131,9 @@ class Operand extends TStageOperand {
   * definition is not modeled in SSA.
   */
  private string getDefinitionId() {
-    result = getAnyDef().getResultId()
+    result = this.getAnyDef().getResultId()
    or
-    not exists(getAnyDef()) and result = "m?"
+    not exists(this.getAnyDef()) and result = "m?"
  }

  /**
@@ -140,7 +142,7 @@ class Operand extends TStageOperand {
   * the empty string.
   */
  private string getInexactSpecifier() {
-    if isDefinitionInexact() then result = "~" else result = ""
+    if this.isDefinitionInexact() then result = "~" else result = ""
  }

  /**
@@ -155,7 +157,7 @@ class Operand extends TStageOperand {
   * the definition type, such as in the case of a partial read or a read from a pointer that
   * has been cast to a different type.
   */
-  Language::LanguageType getLanguageType() { result = getAnyDef().getResultLanguageType() }
+  Language::LanguageType getLanguageType() { result = this.getAnyDef().getResultLanguageType() }

  /**
   * Gets the language-neutral type of the value consumed by this operand. This is usually the same
@@ -164,7 +166,7 @@ class Operand extends TStageOperand {
   * from the definition type, such as in the case of a partial read or a read from a pointer that
   * has been cast to a different type.
   */
-  final IRType getIRType() { result = getLanguageType().getIRType() }
+  final IRType getIRType() { result = this.getLanguageType().getIRType() }

  /**
   * Gets the type of the value consumed by this operand. This is usually the same as the
@@ -173,7 +175,7 @@ class Operand extends TStageOperand {
   * the definition type, such as in the case of a partial read or a read from a pointer that
   * has been cast to a different type.
   */
-  final Language::Type getType() { getLanguageType().hasType(result, _) }
+  final Language::Type getType() { this.getLanguageType().hasType(result, _) }

  /**
   * Holds if the value consumed by this operand is a glvalue. If this
@@ -182,13 +184,13 @@ class Operand extends TStageOperand {
   * not hold, the value of the operand represents a value whose type is
   * given by `getType()`.
   */
-  final predicate isGLValue() { getLanguageType().hasType(_, true) }
+  final predicate isGLValue() { this.getLanguageType().hasType(_, true) }

  /**
   * Gets the size of the value consumed by this operand, in bytes. If the operand does not have
   * a known constant size, this predicate does not hold.
   */
-  final int getSize() { result = getLanguageType().getByteSize() }
+  final int getSize() { result = this.getLanguageType().getByteSize() }
 }

 /**
@@ -205,7 +207,7 @@ class MemoryOperand extends Operand {
  /**
   * Gets the kind of memory access performed by the operand.
   */
-  MemoryAccessKind getMemoryAccess() { result = getUse().getOpcode().getReadMemoryAccess() }
+  MemoryAccessKind getMemoryAccess() { result = this.getUse().getOpcode().getReadMemoryAccess() }

  /**
   * Holds if the memory access performed by this operand will not always read from every bit in the
@@ -215,7 +217,7 @@ class MemoryOperand extends Operand {
   * conservative estimate of the memory that might actually be accessed at runtime (for example,
   * the global side effects of a function call).
   */
-  predicate hasMayReadMemoryAccess() { getUse().getOpcode().hasMayReadMemoryAccess() }
+  predicate hasMayReadMemoryAccess() { this.getUse().getOpcode().hasMayReadMemoryAccess() }

  /**
   * Returns the operand that holds the memory address from which the current operand loads its
@@ -223,8 +225,8 @@ class MemoryOperand extends Operand {
   * is `r1`.
   */
  final AddressOperand getAddressOperand() {
-    getMemoryAccess().usesAddressOperand() and
-    result.getUse() = getUse()
+    this.getMemoryAccess().usesAddressOperand() and
+    result.getUse() = this.getUse()
  }
 }

@@ -294,7 +296,7 @@ class NonPhiMemoryOperand extends NonPhiOperand, MemoryOperand, TNonPhiMemoryOpe
    result = unique(Instruction defInstr | hasDefinition(defInstr, _))
  }

-  final override Overlap getDefinitionOverlap() { hasDefinition(_, result) }
+  final override Overlap getDefinitionOverlap() { this.hasDefinition(_, result) }

  pragma[noinline]
  private predicate hasDefinition(Instruction defInstr, Overlap overlap) {
@@ -449,13 +451,17 @@ class PhiInputOperand extends MemoryOperand, TPhiOperand {

  final override Overlap getDefinitionOverlap() { result = overlap }

-  final override int getDumpSortOrder() { result = 11 + getPredecessorBlock().getDisplayIndex() }
-
-  final override string getDumpLabel() {
-    result = "from " + getPredecessorBlock().getDisplayIndex().toString() + ":"
+  final override int getDumpSortOrder() {
+    result = 11 + this.getPredecessorBlock().getDisplayIndex()
  }

-  final override string getDumpId() { result = getPredecessorBlock().getDisplayIndex().toString() }
+  final override string getDumpLabel() {
+    result = "from " + this.getPredecessorBlock().getDisplayIndex().toString() + ":"
+  }
+
+  final override string getDumpId() {
+    result = this.getPredecessorBlock().getDisplayIndex().toString()
+  }

  /**
   * Gets the predecessor block from which this value comes.
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRBlock.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRBlock.qll
@@ -24,7 +24,7 @@ class IRBlockBase extends TIRBlock {
  final string toString() { result = getFirstInstruction(this).toString() }

  /** Gets the source location of the first non-`Phi` instruction in this block. */
-  final Language::Location getLocation() { result = getFirstInstruction().getLocation() }
+  final Language::Location getLocation() { result = this.getFirstInstruction().getLocation() }

  /**
   * INTERNAL: Do not use.
@@ -39,7 +39,7 @@ class IRBlockBase extends TIRBlock {
    ) and
    this =
      rank[result + 1](IRBlock funcBlock, int sortOverride, int sortKey1, int sortKey2 |
-        funcBlock.getEnclosingFunction() = getEnclosingFunction() and
+        funcBlock.getEnclosingFunction() = this.getEnclosingFunction() and
        funcBlock.getFirstInstruction().hasSortKeys(sortKey1, sortKey2) and
        // Ensure that the block containing `EnterFunction` always comes first.
        if funcBlock.getFirstInstruction() instanceof EnterFunctionInstruction
@@ -59,15 +59,15 @@ class IRBlockBase extends TIRBlock {
   * Get the `Phi` instructions that appear at the start of this block.
   */
  final PhiInstruction getAPhiInstruction() {
-    Construction::getPhiInstructionBlockStart(result) = getFirstInstruction()
+    Construction::getPhiInstructionBlockStart(result) = this.getFirstInstruction()
  }

  /**
   * Gets an instruction in this block. This includes `Phi` instructions.
   */
  final Instruction getAnInstruction() {
-    result = getInstruction(_) or
-    result = getAPhiInstruction()
+    result = this.getInstruction(_) or
+    result = this.getAPhiInstruction()
  }

  /**
@@ -78,7 +78,9 @@ class IRBlockBase extends TIRBlock {
  /**
   * Gets the last instruction in this block.
   */
-  final Instruction getLastInstruction() { result = getInstruction(getInstructionCount() - 1) }
+  final Instruction getLastInstruction() {
+    result = this.getInstruction(this.getInstructionCount() - 1)
+  }

  /**
   * Gets the number of non-`Phi` instructions in this block.
@@ -149,7 +151,7 @@ class IRBlock extends IRBlockBase {
   * Block `A` dominates block `B` if any control flow path from the entry block of the function to
   * block `B` must pass through block `A`. A block always dominates itself.
   */
-  final predicate dominates(IRBlock block) { strictlyDominates(block) or this = block }
+  final predicate dominates(IRBlock block) { this.strictlyDominates(block) or this = block }

  /**
   * Gets a block on the dominance frontier of this block.
@@ -159,8 +161,8 @@ class IRBlock extends IRBlockBase {
   */
  pragma[noinline]
  final IRBlock dominanceFrontier() {
-    dominates(result.getAPredecessor()) and
-    not strictlyDominates(result)
+    this.dominates(result.getAPredecessor()) and
+    not this.strictlyDominates(result)
  }

  /**
@@ -189,7 +191,7 @@ class IRBlock extends IRBlockBase {
   * Block `A` post-dominates block `B` if any control flow path from `B` to the exit block of the
   * function must pass through block `A`. A block always post-dominates itself.
   */
-  final predicate postDominates(IRBlock block) { strictlyPostDominates(block) or this = block }
+  final predicate postDominates(IRBlock block) { this.strictlyPostDominates(block) or this = block }

  /**
   * Gets a block on the post-dominance frontier of this block.
@@ -199,16 +201,16 @@ class IRBlock extends IRBlockBase {
   */
  pragma[noinline]
  final IRBlock postPominanceFrontier() {
-    postDominates(result.getASuccessor()) and
-    not strictlyPostDominates(result)
+    this.postDominates(result.getASuccessor()) and
+    not this.strictlyPostDominates(result)
  }

  /**
   * Holds if this block is reachable from the entry block of its function.
   */
  final predicate isReachableFromFunctionEntry() {
-    this = getEnclosingIRFunction().getEntryBlock() or
-    getAPredecessor().isReachableFromFunctionEntry()
+    this = this.getEnclosingIRFunction().getEntryBlock() or
+    this.getAPredecessor().isReachableFromFunctionEntry()
  }
 }

--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Operand.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Operand.qll
@@ -46,12 +46,12 @@ class Operand extends TStageOperand {
  /**
   * Gets the location of the source code for this operand.
   */
-  final Language::Location getLocation() { result = getUse().getLocation() }
+  final Language::Location getLocation() { result = this.getUse().getLocation() }

  /**
   * Gets the function that contains this operand.
   */
-  final IRFunction getEnclosingIRFunction() { result = getUse().getEnclosingIRFunction() }
+  final IRFunction getEnclosingIRFunction() { result = this.getUse().getEnclosingIRFunction() }

  /**
   * Gets the `Instruction` that consumes this operand.
@@ -74,7 +74,7 @@ class Operand extends TStageOperand {
   */
  final Instruction getDef() {
    result = this.getAnyDef() and
-    getDefinitionOverlap() instanceof MustExactlyOverlap
+    this.getDefinitionOverlap() instanceof MustExactlyOverlap
  }

  /**
@@ -82,7 +82,7 @@ class Operand extends TStageOperand {
   *
   * Gets the `Instruction` that consumes this operand.
   */
-  deprecated final Instruction getUseInstruction() { result = getUse() }
+  deprecated final Instruction getUseInstruction() { result = this.getUse() }

  /**
   * DEPRECATED: use `getAnyDef` or `getDef`. The exact replacement for this
@@ -91,7 +91,7 @@ class Operand extends TStageOperand {
   *
   * Gets the `Instruction` whose result is the value of the operand.
   */
-  deprecated final Instruction getDefinitionInstruction() { result = getAnyDef() }
+  deprecated final Instruction getDefinitionInstruction() { result = this.getAnyDef() }

  /**
   * Gets the overlap relationship between the operand's definition and its use.
@@ -101,7 +101,9 @@ class Operand extends TStageOperand {
  /**
   * Holds if the result of the definition instruction does not exactly overlap this use.
   */
-  final predicate isDefinitionInexact() { not getDefinitionOverlap() instanceof MustExactlyOverlap }
+  final predicate isDefinitionInexact() {
+    not this.getDefinitionOverlap() instanceof MustExactlyOverlap
+  }

  /**
   * Gets a prefix to use when dumping the operand in an operand list.
@@ -121,7 +123,7 @@ class Operand extends TStageOperand {
   * For example: `this:r3_5`
   */
  final string getDumpString() {
-    result = getDumpLabel() + getInexactSpecifier() + getDefinitionId()
+    result = this.getDumpLabel() + this.getInexactSpecifier() + this.getDefinitionId()
  }

  /**
@@ -129,9 +131,9 @@ class Operand extends TStageOperand {
   * definition is not modeled in SSA.
   */
  private string getDefinitionId() {
-    result = getAnyDef().getResultId()
+    result = this.getAnyDef().getResultId()
    or
-    not exists(getAnyDef()) and result = "m?"
+    not exists(this.getAnyDef()) and result = "m?"
  }

  /**
@@ -140,7 +142,7 @@ class Operand extends TStageOperand {
   * the empty string.
   */
  private string getInexactSpecifier() {
-    if isDefinitionInexact() then result = "~" else result = ""
+    if this.isDefinitionInexact() then result = "~" else result = ""
  }

  /**
@@ -155,7 +157,7 @@ class Operand extends TStageOperand {
   * the definition type, such as in the case of a partial read or a read from a pointer that
   * has been cast to a different type.
   */
-  Language::LanguageType getLanguageType() { result = getAnyDef().getResultLanguageType() }
+  Language::LanguageType getLanguageType() { result = this.getAnyDef().getResultLanguageType() }

  /**
   * Gets the language-neutral type of the value consumed by this operand. This is usually the same
@@ -164,7 +166,7 @@ class Operand extends TStageOperand {
   * from the definition type, such as in the case of a partial read or a read from a pointer that
   * has been cast to a different type.
   */
-  final IRType getIRType() { result = getLanguageType().getIRType() }
+  final IRType getIRType() { result = this.getLanguageType().getIRType() }

  /**
   * Gets the type of the value consumed by this operand. This is usually the same as the
@@ -173,7 +175,7 @@ class Operand extends TStageOperand {
   * the definition type, such as in the case of a partial read or a read from a pointer that
   * has been cast to a different type.
   */
-  final Language::Type getType() { getLanguageType().hasType(result, _) }
+  final Language::Type getType() { this.getLanguageType().hasType(result, _) }

  /**
   * Holds if the value consumed by this operand is a glvalue. If this
@@ -182,13 +184,13 @@ class Operand extends TStageOperand {
   * not hold, the value of the operand represents a value whose type is
   * given by `getType()`.
   */
-  final predicate isGLValue() { getLanguageType().hasType(_, true) }
+  final predicate isGLValue() { this.getLanguageType().hasType(_, true) }

  /**
   * Gets the size of the value consumed by this operand, in bytes. If the operand does not have
   * a known constant size, this predicate does not hold.
   */
-  final int getSize() { result = getLanguageType().getByteSize() }
+  final int getSize() { result = this.getLanguageType().getByteSize() }
 }

 /**
@@ -205,7 +207,7 @@ class MemoryOperand extends Operand {
  /**
   * Gets the kind of memory access performed by the operand.
   */
-  MemoryAccessKind getMemoryAccess() { result = getUse().getOpcode().getReadMemoryAccess() }
+  MemoryAccessKind getMemoryAccess() { result = this.getUse().getOpcode().getReadMemoryAccess() }

  /**
   * Holds if the memory access performed by this operand will not always read from every bit in the
@@ -215,7 +217,7 @@ class MemoryOperand extends Operand {
   * conservative estimate of the memory that might actually be accessed at runtime (for example,
   * the global side effects of a function call).
   */
-  predicate hasMayReadMemoryAccess() { getUse().getOpcode().hasMayReadMemoryAccess() }
+  predicate hasMayReadMemoryAccess() { this.getUse().getOpcode().hasMayReadMemoryAccess() }

  /**
   * Returns the operand that holds the memory address from which the current operand loads its
@@ -223,8 +225,8 @@ class MemoryOperand extends Operand {
   * is `r1`.
   */
  final AddressOperand getAddressOperand() {
-    getMemoryAccess().usesAddressOperand() and
-    result.getUse() = getUse()
+    this.getMemoryAccess().usesAddressOperand() and
+    result.getUse() = this.getUse()
  }
 }

@@ -294,7 +296,7 @@ class NonPhiMemoryOperand extends NonPhiOperand, MemoryOperand, TNonPhiMemoryOpe
    result = unique(Instruction defInstr | hasDefinition(defInstr, _))
  }

-  final override Overlap getDefinitionOverlap() { hasDefinition(_, result) }
+  final override Overlap getDefinitionOverlap() { this.hasDefinition(_, result) }

  pragma[noinline]
  private predicate hasDefinition(Instruction defInstr, Overlap overlap) {
@@ -449,13 +451,17 @@ class PhiInputOperand extends MemoryOperand, TPhiOperand {

  final override Overlap getDefinitionOverlap() { result = overlap }

-  final override int getDumpSortOrder() { result = 11 + getPredecessorBlock().getDisplayIndex() }
-
-  final override string getDumpLabel() {
-    result = "from " + getPredecessorBlock().getDisplayIndex().toString() + ":"
+  final override int getDumpSortOrder() {
+    result = 11 + this.getPredecessorBlock().getDisplayIndex()
  }

-  final override string getDumpId() { result = getPredecessorBlock().getDisplayIndex().toString() }
+  final override string getDumpLabel() {
+    result = "from " + this.getPredecessorBlock().getDisplayIndex().toString() + ":"
+  }
+
+  final override string getDumpId() {
+    result = this.getPredecessorBlock().getDisplayIndex().toString()
+  }

  /**
   * Gets the predecessor block from which this value comes.
--- a/cpp/ql/lib/semmle/code/cpp/ir/internal/IntegerInterval.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/internal/IntegerInterval.qll
@@ -18,10 +18,11 @@ Overlap getOverlap(IntValue defStart, IntValue defEnd, IntValue useStart, IntVal
  else
    if isLE(defStart, useStart) and isGE(defEnd, useEnd)
    then result instanceof MustTotallyOverlap
-    else
-      if isLE(defEnd, useStart) or isGE(defStart, useEnd)
-      then none()
-      else result instanceof MayPartiallyOverlap
+    else (
+      not isLE(defEnd, useStart) and
+      not isGE(defStart, useEnd) and
+      result instanceof MayPartiallyOverlap
+    )
 }

 /**
--- a/cpp/ql/lib/semmle/code/cpp/models/implementations/Allocation.qll
+++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/Allocation.qll
@@ -56,7 +56,7 @@ private class MallocAllocationFunction extends AllocationFunction {
      ]) and
    sizeArg = 1
    or
-    hasGlobalName(["HeapAlloc"]) and // HeapAlloc(heap, flags, size)
+    hasGlobalName("HeapAlloc") and // HeapAlloc(heap, flags, size)
    sizeArg = 2
    or
    hasGlobalName([
--- a/cpp/ql/lib/semmle/code/cpp/security/BufferWrite.qll
+++ b/cpp/ql/lib/semmle/code/cpp/security/BufferWrite.qll
@@ -365,7 +365,7 @@ class GetsBW extends BufferWriteCall {
  /**
   * Gets the index of the parameter that is the maximum number of characters to be read.
   */
-  int getParamSize() { if exists(getArgument(1)) then result = 1 else none() }
+  int getParamSize() { exists(getArgument(1)) and result = 1 }

  override Type getBufferType() { result = this.getTarget().getParameter(0).getUnspecifiedType() }

--- a/cpp/ql/lib/tutorial.qll
+++ b/cpp/ql/lib/tutorial.qll
--- a/Bugs/Arithmetic/PointlessComparison.ql
+++ b/Bugs/Arithmetic/PointlessComparison.ql
@@ -50,10 +50,7 @@ where
    // If either of the operands is constant, then don't include it.
    (
      if cmp.getLeftOperand().isConstant()
-      then
-        if cmp.getRightOperand().isConstant()
-        then none() // Both operands are constant so don't create a message.
-        else reason = rightReason
+      then not cmp.getRightOperand().isConstant() and reason = rightReason
      else
        if cmp.getRightOperand().isConstant()
        then reason = leftReason
--- a/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScalingCommon.qll
+++ b/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScalingCommon.qll
@@ -121,16 +121,14 @@ predicate exprSourceType(Expr use, Type sourceType, Location sourceLoc) {
          else
            if use instanceof CrementOperation
            then exprSourceType(use.(CrementOperation).getOperand(), sourceType, sourceLoc)
-            else
+            else (
              // Conversions are not in the AST, so ignore them.
-              if use instanceof Conversion
-              then none()
-              else (
-                // Source expressions
-                sourceType = use.getUnspecifiedType() and
-                isPointerType(sourceType) and
-                sourceLoc = use.getLocation()
-              )
+              not use instanceof Conversion and
+              // Source expressions
+              sourceType = use.getUnspecifiedType() and
+              isPointerType(sourceType) and
+              sourceLoc = use.getLocation()
+            )
 }

 /**