WIP

.bazelrc

@@ -1,17 +1,5 @@
-# allow automatic platform-specific configurations (:linux, :macos, :windows)
 common --enable_platform_specific_config
-
-# do not shut down the bazel server on idleness
-startup --max_idle_secs=0
 common --enable_bzlmod
-# use stricter environment filtering for actions
-build --incompatible_strict_action_env
-# Enable verbose failures so debugging the build is easier
-build --verbose_failures
-# print test output, like sembuild does.
-# Set to `errors` if this is too verbose.
-test --test_output all
-
 # because we use --override_module with `%workspace%`, the lock file is not stable
 common --lockfile_mode=off
 
@@ -22,24 +10,15 @@ common --override_module=semmle_code=%workspace%/misc/bazel/semmle_code_stub
 
 build --repo_env=CC=clang --repo_env=CXX=clang++
 
-# we use transitions that break builds of `...`, so for `test` to work with that we need the following
-test --build_tests_only
+build:linux --cxxopt=-std=c++20
+build:macos --cxxopt=-std=c++20 --cpu=darwin_x86_64
+build:windows --cxxopt=/std:c++20 --cxxopt=/Zc:preprocessor
 
 # this requires developer mode, but is required to have pack installer functioning
 startup --windows_enable_symlinks
 common --enable_runfiles
 
-# with the above, we can avoid building python zips which is the default on windows as that's expensive
-build --nobuild_python_zip
-
 common --registry=file:///%workspace%/misc/bazel/registry
 common --registry=https://bcr.bazel.build
 
-common --@rules_dotnet//dotnet/settings:strict_deps=false
-common --experimental_isolated_extension_usages
-# performance improvement on Windows
-common --incompatible_use_plus_in_repo_names
-
-
-
 try-import %workspace%/local.bazelrc

.bazelrc.internal

@@ -2,10 +2,3 @@
 
 common --registry=file:///%workspace%/ql/misc/bazel/registry
 common --registry=https://bcr.bazel.build
-
-# See bazelbuild/rules_dotnet#413: strict_deps in C# also appliy to 3rd-party deps, and when we pull
-# in (for example) the xunit package, there's no code in this at all, it just depends transitively on
-# its implementation packages without providing any code itself.
-# We either can depend on internal implementation details, or turn of strict deps.
-common --@rules_dotnet//dotnet/settings:strict_deps=false
-common --experimental_isolated_extension_usages

.bazelversion

@@ -1 +1 @@
-7.3.1
+7.1.0

.devcontainer/swift/root.sh

@@ -3,16 +3,6 @@ set -xe
 BAZELISK_VERSION=v1.12.0
 BAZELISK_DOWNLOAD_SHA=6b0bcb2ea15bca16fffabe6fda75803440375354c085480fe361d2cbf32501db
 
-# install git lfs apt source
-curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash
-
-# install gh apt source
-(type -p wget >/dev/null || (sudo apt update && sudo apt-get install wget -y)) \
-&& sudo mkdir -p -m 755 /etc/apt/keyrings \
-&& wget -qO- https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo tee /etc/apt/keyrings/githubcli-archive-keyring.gpg > /dev/null \
-&& sudo chmod go+r /etc/apt/keyrings/githubcli-archive-keyring.gpg \
-&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null \
-
 apt-get update
 export DEBIAN_FRONTEND=noninteractive
 apt-get -y install --no-install-recommends \
@@ -20,9 +10,7 @@ apt-get -y install --no-install-recommends \
     uuid-dev \
     python3-distutils \
     python3-pip \
-    bash-completion \
-    git-lfs \
-    gh
+    bash-completion
 
 # Install Bazel
 curl -fSsL -o /usr/local/bin/bazelisk https://github.com/bazelbuild/bazelisk/releases/download/${BAZELISK_VERSION}/bazelisk-linux-amd64

.devcontainer/swift/user.sh

@@ -1,7 +1,5 @@
 set -xe
 
-git lfs install
-
 # add the workspace to the codeql search path
 mkdir -p /home/vscode/.config/codeql
 echo "--search-path /workspaces/codeql" > /home/vscode/.config/codeql/config

.gitattributes

@@ -50,40 +50,26 @@
 *.dll -text
 *.pdb -text
 
-/java/ql/test/stubs/**/*.java linguist-generated=true
-/java/ql/test/experimental/stubs/**/*.java linguist-generated=true
-/java/kotlin-extractor/deps/*.jar filter=lfs diff=lfs merge=lfs -text
+java/ql/test/stubs/**/*.java linguist-generated=true
+java/ql/test/experimental/stubs/**/*.java linguist-generated=true
 
 # Force git not to modify line endings for go or html files under the go/ql directory
-/go/ql/**/*.go -text
-/go/ql/**/*.html -text
+go/ql/**/*.go -text
+go/ql/**/*.html -text
 # Force git not to modify line endings for go dbschemes
-/go/*.dbscheme -text
+go/*.dbscheme -text
 # Preserve unusual line ending from codeql-go merge
-/go/extractor/opencsv/CSVReader.java -text
+go/extractor/opencsv/CSVReader.java -text
 
 # For some languages, upgrade script testing references really old dbscheme
 # files from legacy upgrades that have CRLF line endings. Since upgrade
 # resolution relies on object hashes, we must suppress line ending conversion
 # for those testing dbscheme files.
-/*/ql/lib/upgrades/initial/*.dbscheme -text
+*/ql/lib/upgrades/initial/*.dbscheme -text
 
 # Auto-generated modeling for Python
-/python/ql/lib/semmle/python/frameworks/data/internal/subclass-capture/*.yml linguist-generated=true
+python/ql/lib/semmle/python/frameworks/data/internal/subclass-capture/*.yml linguist-generated=true
 
 # auto-generated bazel lock file
-/ruby/extractor/cargo-bazel-lock.json linguist-generated=true
-/ruby/extractor/cargo-bazel-lock.json -merge
-
-# auto-generated files for the C# build
-/csharp/paket.lock linguist-generated=true
-# needs eol=crlf, as `paket` touches this file and saves it as crlf
-/csharp/.paket/Paket.Restore.targets linguist-generated=true eol=crlf
-/csharp/paket.main.bzl linguist-generated=true
-/csharp/paket.main_extension.bzl linguist-generated=true
-
-# ripunzip tool
-/misc/ripunzip/ripunzip-* filter=lfs diff=lfs merge=lfs -text
-
-# swift prebuilt resources
-/swift/third_party/resource-dir/*.zip filter=lfs diff=lfs merge=lfs -text
+ruby/extractor/cargo-bazel-lock.json linguist-generated=true
+ruby/extractor/cargo-bazel-lock.json -merge

.github/workflows/build-ripunzip.yml

@@ -1,74 +0,0 @@
-name: Build runzip
-
-on:
-  workflow_dispatch:
-    inputs:
-      ripunzip-version:
-        description: "what reference to checktout from google/runzip"
-        required: false
-        default: v1.2.1
-      openssl-version:
-        description: "what reference to checkout from openssl/openssl for Linux"
-        required: false
-        default: openssl-3.3.0
-
-jobs:
-  build:
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [ubuntu-20.04, macos-12, windows-2019]
-    runs-on: ${{ matrix.os }}
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          repository: google/ripunzip
-          ref: ${{ inputs.ripunzip-version }}
-      # we need to avoid ripunzip dynamically linking into libssl
-      # see https://github.com/sfackler/rust-openssl/issues/183
-      - if: runner.os == 'Linux'
-        name: checkout openssl
-        uses: actions/checkout@v4
-        with:
-          repository: openssl/openssl
-          path: openssl
-          ref: ${{ inputs.openssl-version }}
-      - if: runner.os == 'Linux'
-        name: build and install openssl with fPIC
-        shell: bash
-        working-directory: openssl
-        run: |
-          ./config -fPIC --prefix=$HOME/.local --openssldir=$HOME/.local/ssl
-          make -j $(nproc)
-          make install_sw -j $(nproc)
-      - if: runner.os == 'Linux'
-        name: build (linux)
-        shell: bash
-        run: |
-          env OPENSSL_LIB_DIR=$HOME/.local/lib64 OPENSSL_INCLUDE_DIR=$HOME/.local/include OPENSSL_STATIC=yes cargo build --release
-          mv target/release/ripunzip ripunzip-linux
-      - if: runner.os == 'Windows'
-        name: build (windows)
-        shell: bash
-        run: |
-          cargo build --release
-          mv target/release/ripunzip ripunzip-windows
-      - name: build (macOS)
-        if: runner.os == 'macOS'
-        shell: bash
-        run: |
-          rustup target install x86_64-apple-darwin
-          rustup target install aarch64-apple-darwin
-          cargo build --target x86_64-apple-darwin --release
-          cargo build --target aarch64-apple-darwin --release
-          lipo -create -output ripunzip-macos \
-            -arch x86_64 target/x86_64-apple-darwin/release/ripunzip \
-            -arch arm64 target/aarch64-apple-darwin/release/ripunzip
-      - uses: actions/upload-artifact@v4
-        with:
-          name: ripunzip-${{ runner.os }}
-          path: ripunzip-*
-      - name: Check built binary
-        shell: bash
-        run: |
-          ./ripunzip-* --version

.github/workflows/codeql-analysis.yml

@@ -56,9 +56,7 @@ jobs:
     #    uses a compiled language
 
     - run: |
-       cd csharp
-       dotnet tool restore
-       dotnet build .
+       dotnet build csharp
 
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@main

.github/workflows/csharp-qltest.yml

@@ -65,7 +65,7 @@ jobs:
           key: csharp-qltest-${{ matrix.slice }}
       - name: Run QL tests
         run: |
-          codeql test run --threads=0 --ram 50000 --slice ${{ matrix.slice }} --search-path "${{ github.workspace }}" --check-databases --check-undefined-labels --check-repeated-labels --check-redefined-labels --consistency-queries ql/consistency-queries ql/test --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}"
+          codeql test run --threads=0 --ram 50000 --slice ${{ matrix.slice }} --search-path extractor-pack --check-databases --check-undefined-labels --check-repeated-labels --check-redefined-labels --consistency-queries ql/consistency-queries ql/test --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}"
         env:
           GITHUB_TOKEN: ${{ github.token }}
   unit-tests:
@@ -81,11 +81,10 @@ jobs:
           dotnet-version: 8.0.101
       - name: Extractor unit tests
         run: |
-          dotnet tool restore
           dotnet test -p:RuntimeFrameworkVersion=8.0.1 extractor/Semmle.Util.Tests
           dotnet test -p:RuntimeFrameworkVersion=8.0.1 extractor/Semmle.Extraction.Tests
           dotnet test -p:RuntimeFrameworkVersion=8.0.1 autobuilder/Semmle.Autobuild.CSharp.Tests
-          dotnet test -p:RuntimeFrameworkVersion=8.0.1 autobuilder/Semmle.Autobuild.Cpp.Tests
+          dotnet test -p:RuntimeFrameworkVersion=8.0.1 "${{ github.workspace }}/cpp/autobuilder/Semmle.Autobuild.Cpp.Tests"
         shell: bash
   stubgentest:
     runs-on: ubuntu-latest
@@ -101,6 +100,6 @@ jobs:
           # Update existing stubs in the repo with the freshly generated ones
           mv "$STUBS_PATH/output/stubs/_frameworks" ql/test/resources/stubs/
           git status
-          codeql test run --threads=0 --search-path "${{ github.workspace }}" --check-databases --check-undefined-labels --check-repeated-labels --check-redefined-labels --consistency-queries ql/consistency-queries -- ql/test/library-tests/dataflow/flowsources/aspremote
+          codeql test run --threads=0 --search-path extractor-pack --check-databases --check-undefined-labels --check-repeated-labels --check-redefined-labels --consistency-queries ql/consistency-queries -- ql/test/library-tests/dataflow/flowsources/aspremote
         env:
           GITHUB_TOKEN: ${{ github.token }}

.github/workflows/go-tests-other-os.yml

@@ -7,9 +7,8 @@ on:
       - .github/workflows/go-tests-other-os.yml
       - .github/actions/**
       - codeql-workspace.yml
-      - MODULE.bazel
-      - .bazelrc
-      - misc/bazel/**
+env:
+  GO_VERSION: '~1.22.0'
 
 permissions:
   contents: read
@@ -19,17 +18,72 @@ jobs:
     name: Test MacOS
     runs-on: macos-latest
     steps:
+      - name: Set up Go ${{ env.GO_VERSION }}
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+          cache: false
+        id: go
+
       - name: Check out code
         uses: actions/checkout@v4
-      - name: Run tests
-        uses: ./go/actions/test
+
+      - name: Set up CodeQL CLI
+        uses: ./.github/actions/fetch-codeql
+
+      - name: Enable problem matchers in repository
+        shell: bash
+        run: 'find .github/problem-matchers -name \*.json -exec echo "::add-matcher::{}" \;'
+
+      - name: Build
+        run: |
+          cd go
+          make
+
+      - name: Cache compilation cache
+        id: query-cache
+        uses: ./.github/actions/cache-query-compilation
+        with:
+          key: go-qltest
+      - name: Test
+        run: |
+          cd go
+          make test cache="${{ steps.query-cache.outputs.cache-dir }}"
 
   test-win:
     if: github.repository_owner == 'github'
     name: Test Windows
     runs-on: windows-latest-xl
     steps:
+      - name: Set up Go ${{ env.GO_VERSION }}
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+          cache: false
+        id: go
+
       - name: Check out code
         uses: actions/checkout@v4
-      - name: Run tests
-        uses: ./go/actions/test
+
+      - name: Set up CodeQL CLI
+        uses: ./.github/actions/fetch-codeql
+
+      - name: Enable problem matchers in repository
+        shell: bash
+        run: 'find .github/problem-matchers -name \*.json -exec echo "::add-matcher::{}" \;'
+
+      - name: Build
+        run: |
+          cd go
+          make
+
+      - name: Cache compilation cache
+        id: query-cache
+        uses: ./.github/actions/cache-query-compilation
+        with:
+          key: go-qltest
+
+      - name: Test
+        run: |
+          cd go
+          make test cache="${{ steps.query-cache.outputs.cache-dir }}"

.github/workflows/go-tests.yml

@@ -15,9 +15,9 @@ on:
       - .github/workflows/go-tests.yml
       - .github/actions/**
       - codeql-workspace.yml
-      - MODULE.bazel
-      - .bazelrc
-      - misc/bazel/**
+
+env:
+  GO_VERSION: '~1.22.0'
 
 permissions:
   contents: read
@@ -28,9 +28,51 @@ jobs:
     name: Test Linux (Ubuntu)
     runs-on: ubuntu-latest-xl
     steps:
+      - name: Set up Go ${{ env.GO_VERSION }}
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+          cache: false
+        id: go
+
       - name: Check out code
         uses: actions/checkout@v4
-      - name: Run tests
-        uses: ./go/actions/test
+
+      - name: Set up CodeQL CLI
+        uses: ./.github/actions/fetch-codeql
+
+      - name: Enable problem matchers in repository
+        shell: bash
+        run: 'find .github/problem-matchers -name \*.json -exec echo "::add-matcher::{}" \;'
+
+      - name: Build
+        run: |
+          cd go
+          make
+
+      - name: Check that all Go code is autoformatted
+        run: |
+          cd go
+          make check-formatting
+
+      - name: Compile qhelp files to markdown
+        run: |
+          cd go
+          env QHELP_OUT_DIR=qhelp-out make qhelp-to-markdown
+
+      - name: Upload qhelp markdown
+        uses: actions/upload-artifact@v3
         with:
-          run-code-checks: true
+          name: qhelp-markdown
+          path: go/qhelp-out/**/*.md
+
+      - name: Cache compilation cache
+        id: query-cache
+        uses: ./.github/actions/cache-query-compilation
+        with:
+          key: go-qltest
+
+      - name: Test
+        run: |
+          cd go
+          make test cache="${{ steps.query-cache.outputs.cache-dir }}"

.github/workflows/kotlin-build.yml

@@ -1,28 +0,0 @@
-name: "Kotlin Build"
-
-on:
-  pull_request:
-    paths:
-      - "java/kotlin-extractor/**"
-      - "misc/bazel/**"
-      - "misc/codegen/**"
-      - "*.bazel*"
-      - .github/workflows/kotlin-build.yml
-    branches:
-      - main
-      - rc/*
-      - codeql-cli-*
-
-permissions:
-  contents: read
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - run: |
-          bazel query //java/kotlin-extractor/...
-          # only build the default version as a quick check that we can build from `codeql`
-          # the full official build will be checked by QLucie
-          bazel build //java/kotlin-extractor

.github/workflows/ql-for-ql-build.yml

@@ -49,20 +49,20 @@ jobs:
           key: ${{ runner.os }}-${{ steps.os_version.outputs.version }}-rust-cargo-${{ hashFiles('ql/**/Cargo.lock') }}
       - name: Release build
         if: steps.cache-extractor.outputs.cache-hit != 'true'
-        run: cd ql; ./scripts/create-extractor-pack.sh
+        run: cd ql; ./scripts/create-extractor-pack.sh       
         env:
-          GH_TOKEN: ${{ github.token }}
+          GH_TOKEN: ${{ github.token }}   
       - name: Cache compilation cache
         id: query-cache
         uses: ./.github/actions/cache-query-compilation
-        with:
+        with: 
           key: run-ql-for-ql
       - name: Make database and analyze
         run: |
           ./ql/target/release/buramu | tee deprecated.blame # Add a blame file for the extractor to parse.
-          ${CODEQL} database create -l=ql ${DB} --search-path "${{ github.workspace }}"
+          ${CODEQL} database create -l=ql --search-path ql/extractor-pack ${DB}
           ${CODEQL} database analyze -j0 --format=sarif-latest --output=ql-for-ql.sarif ${DB} ql/ql/src/codeql-suites/ql-code-scanning.qls  --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}"
-        env:
+        env: 
           CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
           DB: ${{ runner.temp }}/DB
           LGTM_INDEX_FILTERS: |

.github/workflows/ql-for-ql-dataset_measure.yml

@@ -53,8 +53,8 @@ jobs:
       - name: Create database
         run: |
           "${CODEQL}" database create \
-          --search-path "${{ github.workspace }}"
-          --threads 4 \
+            --search-path "ql/extractor-pack" \
+            --threads 4 \
             --language ql --source-root "${{ github.workspace }}/repo" \
             "${{ runner.temp }}/database"
         env:

.github/workflows/ql-for-ql-tests.yml

@@ -49,15 +49,15 @@ jobs:
       - name: Cache compilation cache
         id: query-cache
         uses: ./.github/actions/cache-query-compilation
-        with:
+        with: 
           key: ql-for-ql-tests
       - name: Run QL tests
         run: |
-          "${CODEQL}" test run --check-databases --check-unused-labels --check-repeated-labels --check-redefined-labels --check-use-before-definition --search-path "${{ github.workspace }}" --consistency-queries ql/ql/consistency-queries --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" ql/ql/test
+          "${CODEQL}" test run --check-databases --check-unused-labels --check-repeated-labels --check-redefined-labels --check-use-before-definition --search-path "${{ github.workspace }}/ql/extractor-pack" --consistency-queries ql/ql/consistency-queries --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" ql/ql/test
         env:
           CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
 
-  other-os:
+  other-os: 
     strategy:
       matrix:
         os: [macos-latest, windows-latest]
@@ -65,7 +65,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v4
-      - name: Install GNU tar
+      - name: Install GNU tar 
         if: runner.os == 'macOS'
         run: |
           brew install gnu-tar
@@ -100,7 +100,7 @@ jobs:
       - name: Run a single QL tests - Unix
         if: runner.os != 'Windows'
         run: |
-          "${CODEQL}" test run --check-databases --search-path "${{ github.workspace }}" ql/ql/test/queries/style/DeadCode/DeadCode.qlref
+          "${CODEQL}" test run --check-databases --search-path "${{ github.workspace }}/ql/extractor-pack" ql/ql/test/queries/style/DeadCode/DeadCode.qlref
         env:
           CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
       - name: Run a single QL tests - Windows
@@ -108,4 +108,5 @@ jobs:
         shell: pwsh
         run: |
           $Env:PATH += ";$(dirname ${{ steps.find-codeql.outputs.codeql-path }})"
-          codeql test run --check-databases --search-path "${{ github.workspace }}" ql/ql/test/queries/style/DeadCode/DeadCode.qlref
+          codeql test run --check-databases --search-path "${{ github.workspace }}/ql/extractor-pack" ql/ql/test/queries/style/DeadCode/DeadCode.qlref
+      

.github/workflows/ruby-build.yml

@@ -7,7 +7,6 @@ on:
       - .github/workflows/ruby-build.yml
       - .github/actions/fetch-codeql/action.yml
       - codeql-workspace.yml
-      - "shared/tree-sitter-extractor/**"
     branches:
       - main
       - "rc/*"
@@ -17,7 +16,6 @@ on:
       - .github/workflows/ruby-build.yml
       - .github/actions/fetch-codeql/action.yml
       - codeql-workspace.yml
-      - "shared/tree-sitter-extractor/**"
     branches:
       - main
       - "rc/*"

.github/workflows/ruby-dataset-measure.yml

@@ -44,7 +44,7 @@ jobs:
       - name: Create database
         run: |
           codeql database create \
-            --search-path "${{ github.workspace }}" \
+            --search-path "${{ github.workspace }}/ruby/extractor-pack" \
             --threads 4 \
             --language ruby --source-root "${{ github.workspace }}/repo" \
             "${{ runner.temp }}/database"

.github/workflows/ruby-qltest.yml

@@ -64,10 +64,10 @@ jobs:
       - name: Cache compilation cache
         id: query-cache
         uses: ./.github/actions/cache-query-compilation
-        with:
+        with: 
           key: ruby-qltest
       - name: Run QL tests
         run: |
-          codeql test run --threads=0 --ram 50000 --search-path "${{ github.workspace }}" --check-databases --check-undefined-labels --check-unused-labels --check-repeated-labels --check-redefined-labels --check-use-before-definition --consistency-queries ql/consistency-queries ql/test --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}"
+          codeql test run --threads=0 --ram 50000 --search-path "${{ github.workspace }}/ruby/extractor-pack" --check-databases --check-undefined-labels --check-unused-labels --check-repeated-labels --check-redefined-labels --check-use-before-definition --consistency-queries ql/consistency-queries ql/test --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}"
         env:
           GITHUB_TOKEN: ${{ github.token }}

.github/workflows/swift.yml

@@ -68,6 +68,21 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: ./swift/actions/run-ql-tests
+  integration-tests-linux:
+    if: github.repository_owner == 'github'
+    needs: build-and-test-linux
+    runs-on: ubuntu-latest-xl
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./swift/actions/run-integration-tests
+  integration-tests-macos:
+    if: ${{ github.repository_owner == 'github' && github.event_name == 'pull_request' }}
+    needs: build-and-test-macos
+    runs-on: macos-12-xl
+    timeout-minutes: 60
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./swift/actions/run-integration-tests
   clang-format:
     if : ${{ github.event_name == 'pull_request' }}
     runs-on: ubuntu-latest

.github/workflows/zipmerge-test.yml

@@ -1,23 +0,0 @@
-name: "Test zipmerge code"
-
-on:
-  pull_request:
-    paths:
-      - "misc/bazel/internal/zipmerge/**"
-      - "MODULE.bazel"
-      - ".bazelrc*"
-    branches:
-      - main
-      - "rc/*"
-
-permissions:
-  contents: read
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v4
-      - run: |
-          bazel test //misc/bazel/internal/zipmerge:test --test_output=all

.gitignore

@@ -62,6 +62,3 @@ node_modules/
 
 # Temporary folders for working with generated models
 .model-temp
-
-# bazel-built in-tree extractor packs
-/*/extractor-pack

.lfsconfig

@@ -2,6 +2,4 @@
 # codeql is publicly forked by many users, and we don't want any LFS file polluting their working
 # copies. We therefore exclude everything by default.
 # For files required by bazel builds, use rules in `misc/bazel/lfs.bzl` to download them on demand.
-# we go for `fetchinclude` to something not exsiting rather than `fetchexclude = *` because the
-# former is easier to override (with `git -c` or a local git config) to fetch something specific
 fetchinclude = /nothing

.pre-commit-config.yaml

@@ -29,13 +29,12 @@ repos:
         entry: bazel run //misc/bazel:buildifier
         pass_filenames: false
 
-#      DISABLED: can be enabled by copying this config and installing `pre-commit` with `--config` on the copy
-#      - id: go-gen
-#        name: Check checked in generated files in go
-#        files: ^go/.*
-#        language: system
-#        entry: bazel run //go:gen
-#        pass_filenames: false
+      - id: go-gen
+        name: Check checked in generated files in go
+        files: ^go/.*
+        language: system
+        entry: bazel run //go:gen
+        pass_filenames: false
 
       - id: codeql-format
         name: Fix QL file formatting

BUILD.bazel

@@ -1 +0,0 @@
-exports_files(["LICENSE"])

CODEOWNERS

@@ -1,7 +1,6 @@
 /cpp/ @github/codeql-c-analysis
+/cpp/autobuilder/ @github/codeql-c-extractor
 /csharp/ @github/codeql-csharp
-/csharp/autobuilder/Semmle.Autobuild.Cpp @github/codeql-c-extractor
-/csharp/autobuilder/Semmle.Autobuild.Cpp.Tests @github/codeql-c-extractor
 /go/ @github/codeql-go
 /java/ @github/codeql-java
 /javascript/ @github/codeql-javascript

MODULE.bazel

@@ -1,7 +1,6 @@
 module(
-    name = "ql",
+    name = "codeql",
     version = "0.0",
-    repo_name = "codeql",
 )
 
 # this points to our internal repository when `codeql` is checked out as a submodule thereof
@@ -14,64 +13,19 @@ local_path_override(
 
 # see https://registry.bazel.build/ for a list of available packages
 
-bazel_dep(name = "platforms", version = "0.0.10")
-bazel_dep(name = "rules_go", version = "0.49.0")
+bazel_dep(name = "platforms", version = "0.0.9")
+bazel_dep(name = "rules_go", version = "0.47.0")
 bazel_dep(name = "rules_pkg", version = "0.10.1")
-bazel_dep(name = "rules_nodejs", version = "6.2.0-codeql.1")
-bazel_dep(name = "rules_python", version = "0.32.2")
-bazel_dep(name = "bazel_skylib", version = "1.6.1")
+bazel_dep(name = "rules_nodejs", version = "6.0.3")
+bazel_dep(name = "rules_python", version = "0.31.0")
+bazel_dep(name = "bazel_skylib", version = "1.5.0")
 bazel_dep(name = "abseil-cpp", version = "20240116.0", repo_name = "absl")
 bazel_dep(name = "nlohmann_json", version = "3.11.3", repo_name = "json")
 bazel_dep(name = "fmt", version = "10.0.0")
-bazel_dep(name = "rules_kotlin", version = "1.9.4-codeql.1")
-bazel_dep(name = "gazelle", version = "0.38.0")
-bazel_dep(name = "rules_dotnet", version = "0.15.1")
-bazel_dep(name = "googletest", version = "1.14.0.bcr.1")
-bazel_dep(name = "rules_rust", version = "0.49.1")
+bazel_dep(name = "gazelle", version = "0.36.0")
 
 bazel_dep(name = "buildifier_prebuilt", version = "6.4.0", dev_dependency = True)
 
-# crate_py but shortened due to Windows file path considerations
-cp = use_extension(
-    "@rules_rust//crate_universe:extension.bzl",
-    "crate",
-    isolate = True,
-)
-cp.from_cargo(
-    name = "py_deps",
-    cargo_lockfile = "//python/extractor/tsg-python:Cargo.lock",
-    manifests = [
-        "//python/extractor/tsg-python:Cargo.toml",
-        "//python/extractor/tsg-python/tsp:Cargo.toml",
-    ],
-)
-use_repo(cp, "py_deps")
-
-# crate_ruby, but shortened due to windows file paths
-r = use_extension(
-    "@rules_rust//crate_universe:extension.bzl",
-    "crate",
-    isolate = True,
-)
-r.from_cargo(
-    name = "rd",
-    cargo_lockfile = "//ruby/extractor:Cargo.lock",
-    manifests = [
-        "//ruby/extractor:Cargo.toml",
-        "//ruby/extractor/codeql-extractor-fake-crate:Cargo.toml",
-    ],
-)
-use_repo(r, ruby_deps = "rd")
-
-dotnet = use_extension("@rules_dotnet//dotnet:extensions.bzl", "dotnet")
-dotnet.toolchain(dotnet_version = "8.0.101")
-use_repo(dotnet, "dotnet_toolchains")
-
-register_toolchains("@dotnet_toolchains//:all")
-
-csharp_main_extension = use_extension("//csharp:paket.main_extension.bzl", "main_extension")
-use_repo(csharp_main_extension, "paket.main")
-
 pip = use_extension("@rules_python//python/extensions:pip.bzl", "pip")
 pip.parse(
     hub_name = "codegen_deps",
@@ -96,99 +50,13 @@ use_repo(
 node = use_extension("@rules_nodejs//nodejs:extensions.bzl", "node")
 node.toolchain(
     name = "nodejs",
-    node_urls = [
-        "https://nodejs.org/dist/v{version}/{filename}",
-        "https://mirrors.dotsrc.org/nodejs/release/v{version}/{filename}",
-    ],
     node_version = "18.15.0",
 )
 use_repo(node, "nodejs", "nodejs_toolchains")
 
-kotlin_extractor_deps = use_extension("//java/kotlin-extractor:deps.bzl", "kotlin_extractor_deps")
-
-# following list can be kept in sync by running `bazel mod tidy` in `codeql`
-use_repo(
-    kotlin_extractor_deps,
-    "codeql_kotlin_defaults",
-    "codeql_kotlin_embeddable",
-    "kotlin-compiler-1.5.0",
-    "kotlin-compiler-1.5.10",
-    "kotlin-compiler-1.5.20",
-    "kotlin-compiler-1.5.30",
-    "kotlin-compiler-1.6.0",
-    "kotlin-compiler-1.6.20",
-    "kotlin-compiler-1.7.0",
-    "kotlin-compiler-1.7.20",
-    "kotlin-compiler-1.8.0",
-    "kotlin-compiler-1.9.0-Beta",
-    "kotlin-compiler-1.9.20-Beta",
-    "kotlin-compiler-2.0.0-RC1",
-    "kotlin-compiler-2.0.20-Beta2",
-    "kotlin-compiler-embeddable-1.5.0",
-    "kotlin-compiler-embeddable-1.5.10",
-    "kotlin-compiler-embeddable-1.5.20",
-    "kotlin-compiler-embeddable-1.5.30",
-    "kotlin-compiler-embeddable-1.6.0",
-    "kotlin-compiler-embeddable-1.6.20",
-    "kotlin-compiler-embeddable-1.7.0",
-    "kotlin-compiler-embeddable-1.7.20",
-    "kotlin-compiler-embeddable-1.8.0",
-    "kotlin-compiler-embeddable-1.9.0-Beta",
-    "kotlin-compiler-embeddable-1.9.20-Beta",
-    "kotlin-compiler-embeddable-2.0.0-RC1",
-    "kotlin-compiler-embeddable-2.0.20-Beta2",
-    "kotlin-stdlib-1.5.0",
-    "kotlin-stdlib-1.5.10",
-    "kotlin-stdlib-1.5.20",
-    "kotlin-stdlib-1.5.30",
-    "kotlin-stdlib-1.6.0",
-    "kotlin-stdlib-1.6.20",
-    "kotlin-stdlib-1.7.0",
-    "kotlin-stdlib-1.7.20",
-    "kotlin-stdlib-1.8.0",
-    "kotlin-stdlib-1.9.0-Beta",
-    "kotlin-stdlib-1.9.20-Beta",
-    "kotlin-stdlib-2.0.0-RC1",
-    "kotlin-stdlib-2.0.20-Beta2",
-)
-
 go_sdk = use_extension("@rules_go//go:extensions.bzl", "go_sdk")
 go_sdk.download(version = "1.22.2")
 
-go_deps = use_extension("@gazelle//:extensions.bzl", "go_deps")
-go_deps.from_file(go_mod = "//go/extractor:go.mod")
-use_repo(go_deps, "org_golang_x_mod", "org_golang_x_tools")
-
-lfs_files = use_repo_rule("//misc/bazel:lfs.bzl", "lfs_files")
-
-lfs_files(
-    name = "ripunzip-linux",
-    srcs = ["//misc/ripunzip:ripunzip-linux"],
-    executable = True,
-)
-
-lfs_files(
-    name = "ripunzip-windows",
-    srcs = ["//misc/ripunzip:ripunzip-windows.exe"],
-    executable = True,
-)
-
-lfs_files(
-    name = "ripunzip-macos",
-    srcs = ["//misc/ripunzip:ripunzip-macos"],
-    executable = True,
-)
-
-lfs_files(
-    name = "swift-resource-dir-linux",
-    srcs = ["//swift/third_party/resource-dir:resource-dir-linux.zip"],
-)
-
-lfs_files(
-    name = "swift-resource-dir-macos",
-    srcs = ["//swift/third_party/resource-dir:resource-dir-macos.zip"],
-)
-
 register_toolchains(
     "@nodejs_toolchains//:all",
 )

codeql-workspace.yml

@@ -6,16 +6,19 @@ provide:
   - "*/ql/consistency-queries/qlpack.yml"
   - "*/ql/automodel/src/qlpack.yml"
   - "*/ql/automodel/test/qlpack.yml"
-  - "*/extractor-pack/codeql-extractor.yml"
   - "python/extractor/qlpack.yml"
   - "shared/**/qlpack.yml"
   - "cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/qlpack.yml"
   - "go/ql/config/legacy-support/qlpack.yml"
+  - "go/build/codeql-extractor-go/codeql-extractor.yml"
   - "csharp/ql/campaigns/Solorigate/lib/qlpack.yml"
   - "csharp/ql/campaigns/Solorigate/src/qlpack.yml"
   - "csharp/ql/campaigns/Solorigate/test/qlpack.yml"
   - "misc/legacy-support/*/qlpack.yml"
   - "misc/suite-helpers/qlpack.yml"
+  - "ruby/extractor-pack/codeql-extractor.yml"
+  - "swift/extractor-pack/codeql-extractor.yml"
+  - "ql/extractor-pack/codeql-extractor.yml"
   - ".github/codeql/extensions/**/codeql-pack.yml"
 
 versionPolicies:

config/dbscheme-fragments.json

@@ -28,7 +28,6 @@
     "/*- Yaml dbscheme -*/",
     "/*- Blame dbscheme -*/",
     "/*- JSON dbscheme -*/",
-    "/*- Python dbscheme -*/",
-    "/*- Empty location -*/"
+    "/*- Python dbscheme -*/"
   ]
 }

config/identical-files.json

@@ -61,6 +61,10 @@
     "java/ql/src/utils/modelgenerator/internal/CaptureModels.qll",
     "csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll"
   ],
+  "Model as Data Generation Java/C# - CaptureModelsPrinting": [
+    "java/ql/src/utils/modelgenerator/internal/CaptureModelsPrinting.qll",
+    "csharp/ql/src/utils/modelgenerator/internal/CaptureModelsPrinting.qll"
+  ],
   "Sign Java/C#": [
     "java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/Sign.qll",
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/Sign.qll"
@@ -181,6 +185,11 @@
     "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/AliasAnalysisImports.qll",
     "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasAnalysisImports.qll"
   ],
+  "C++ IR ValueNumberingImports": [
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/gvn/internal/ValueNumberingImports.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/internal/ValueNumberingImports.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/internal/ValueNumberingImports.qll"
+  ],
   "IR SSA SSAConstruction": [
     "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll",
     "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll"
@@ -355,9 +364,5 @@
   "Python model summaries test extension": [
     "python/ql/test/library-tests/dataflow/model-summaries/InlineTaintTest.ext.yml",
     "python/ql/test/library-tests/dataflow/model-summaries/NormalDataflowTest.ext.yml"
-  ],
-  "shared tree-sitter extractor cargo.toml": [
-    "shared/tree-sitter-extractor/Cargo.toml",
-    "ruby/extractor/codeql-extractor-fake-crate/Cargo.toml"
   ]
 }

cpp/autobuilder/.gitignore

@@ -0,0 +1,13 @@
+obj/
+TestResults/
+*.manifest
+*.pdb
+*.suo
+*.mdb
+*.vsmdi
+csharp.log
+**/bin/Debug
+**/bin/Release
+*.tlog
+.vs
+*.user

cpp/autobuilder/README.md

@@ -1 +0,0 @@
-The Windows autobuilder that used to live in this directory moved to `csharp/autobuilder/Semmle.Autobuild.Cpp`.

cpp/autobuilder/Semmle.Autobuild.Cpp.Tests/BuildScripts.cs

@@ -200,9 +200,9 @@ namespace Semmle.Autobuild.Cpp.Tests
 
     internal class TestDiagnosticWriter : IDiagnosticsWriter
     {
-        public IList<Semmle.Util.DiagnosticMessage> Diagnostics { get; } = new List<Semmle.Util.DiagnosticMessage>();
+        public IList<DiagnosticMessage> Diagnostics { get; } = new List<DiagnosticMessage>();
 
-        public void AddEntry(Semmle.Util.DiagnosticMessage message) => this.Diagnostics.Add(message);
+        public void AddEntry(DiagnosticMessage message) => this.Diagnostics.Add(message);
 
         public void Dispose() { }
     }

cpp/autobuilder/Semmle.Autobuild.Cpp.Tests/Semmle.Autobuild.Cpp.Tests.csproj

@@ -0,0 +1,26 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <OutputType>Exe</OutputType>
+    <TargetFramework>net8.0</TargetFramework>
+    <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
+    <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="System.IO.FileSystem" Version="4.3.0" />
+    <PackageReference Include="System.IO.FileSystem.Primitives" Version="4.3.0" />
+    <PackageReference Include="xunit" Version="2.6.2" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="2.5.4">
+      <PrivateAssets>all</PrivateAssets>
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
+    </PackageReference>
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\Semmle.Autobuild.Cpp\Semmle.Autobuild.Cpp.csproj" />
+    <ProjectReference Include="..\..\..\csharp\autobuilder\Semmle.Autobuild.Shared\Semmle.Autobuild.Shared.csproj" />
+  </ItemGroup>
+</Project>

cpp/autobuilder/Semmle.Autobuild.Cpp/Program.cs

@@ -22,12 +22,12 @@ namespace Semmle.Autobuild.Cpp
                 }
                 catch (InvalidEnvironmentException ex)
                 {
-                    Console.WriteLine($"The environment is invalid: {ex.Message}");
+                    Console.WriteLine("The environment is invalid: {0}", ex.Message);
                 }
             }
             catch (ArgumentOutOfRangeException ex)
             {
-                Console.WriteLine($"The value \"{ex.ActualValue}\" for parameter \"{ex.ParamName}\" is invalid");
+                Console.WriteLine("The value \"{0}\" for parameter \"{1}\" is invalid", ex.ActualValue, ex.ParamName);
             }
             return 1;
         }

cpp/autobuilder/Semmle.Autobuild.Cpp/Properties/AssemblyInfo.cs

@@ -0,0 +1,32 @@
+using System.Reflection;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("Semmle.Autobuild.Cpp")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("GitHub")]
+[assembly: AssemblyProduct("CodeQL autobuilder for C++")]
+[assembly: AssemblyCopyright("Copyright © GitHub 2020")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components.  If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// Version information for an assembly consists of the following four values:
+//
+//      Major Version
+//      Minor Version
+//      Build Number
+//      Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]

cpp/autobuilder/Semmle.Autobuild.Cpp/Semmle.Autobuild.Cpp.csproj

@@ -0,0 +1,28 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <AssemblyName>Semmle.Autobuild.Cpp</AssemblyName>
+    <RootNamespace>Semmle.Autobuild.Cpp</RootNamespace>
+    <ApplicationIcon />
+    <OutputType>Exe</OutputType>
+    <StartupObject />
+    <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
+    <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Folder Include="Properties\" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.Build" Version="17.8.3" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\..\csharp\extractor\Semmle.Util\Semmle.Util.csproj" />
+    <ProjectReference Include="..\..\..\csharp\autobuilder\Semmle.Autobuild.Shared\Semmle.Autobuild.Shared.csproj" />
+  </ItemGroup>
+
+</Project>

cpp/downgrades/19887dbd33327fb07d54251786e0cb2578539775/upgrade.properties

@@ -1,4 +1,4 @@
 description: Revert support for repeated initializers, which are allowed in C with designated initializers.
 compatibility: full
-aggregate_field_init.rel: reorder aggregate_field_init.rel (@aggregateliteral aggregate, @expr initializer, @membervariable field, int position) aggregate initializer field
-aggregate_array_init.rel: reorder aggregate_array_init.rel (@aggregateliteral aggregate, @expr initializer, int element_index, int position) aggregate initializer element_index
+aggregate_field_init.rel: reorder aggregate_field_init.rel (int aggregate, int initializer, int field, int position) aggregate initializer field
+aggregate_array_init.rel: reorder aggregate_array_init.rel (int aggregate, int initializer, int element_index, int position) aggregate initializer element_index

cpp/downgrades/25e365d1e8147df0f759b604f96eb4bffea48271/upgrade.properties

@@ -1,4 +0,0 @@
-description: Revert support for using-enum declarations.
-compatibility: partial
-usings.rel: run usings.qlo
-using_container.rel: run using_container.qlo

cpp/downgrades/25e365d1e8147df0f759b604f96eb4bffea48271/using_container.ql

@@ -1,14 +0,0 @@
-class UsingEntry extends @using {
-  string toString() { none() }
-}
-
-class Element extends @element {
-  string toString() { none() }
-}
-
-from UsingEntry u, Element parent, int kind
-where
-  usings(u, _, _, kind) and
-  using_container(parent, u) and
-  kind != 3
-select parent, u

cpp/downgrades/25e365d1e8147df0f759b604f96eb4bffea48271/usings.ql

@@ -1,17 +0,0 @@
-class UsingEntry extends @using {
-  string toString() { none() }
-}
-
-class Element extends @element {
-  string toString() { none() }
-}
-
-class Location extends @location_default {
-  string toString() { none() }
-}
-
-from UsingEntry u, Element target, Location loc, int kind
-where
-  usings(u, target, loc, kind) and
-  kind != 3
-select u, target, loc

cpp/downgrades/3d35dd6b50edfc540c14c6757e0c7b3c5b7b04dd/exprs.ql

@@ -1,17 +0,0 @@
-class Expr extends @expr {
-  string toString() { none() }
-}
-
-class Location extends @location_expr {
-  string toString() { none() }
-}
-
-predicate isExprWithNewBuiltin(Expr expr) {
-  exists(int kind | exprs(expr, kind, _) | 364 <= kind and kind <= 384)
-}
-
-from Expr expr, int kind, int kind_new, Location location
-where
-  exprs(expr, kind, location) and
-  if isExprWithNewBuiltin(expr) then kind_new = 1 else kind_new = kind
-select expr, kind_new, location

cpp/downgrades/3d35dd6b50edfc540c14c6757e0c7b3c5b7b04dd/upgrade.properties

@@ -1,3 +0,0 @@
-description: Add new builtin operations
-compatibility: partial
-exprs.rel: run exprs.qlo

cpp/downgrades/68930f3b81bbe3fdbb91c850deca1fec8072d62a/upgrade.properties

@@ -1,3 +0,0 @@
-description: description: Support explicit(bool) specifiers
-compatibility: full
-explicit_specifier_exprs.rel: delete

cpp/downgrades/9629fc87dab7dbed0771bf5ce22bce4d7f943b52/upgrade.properties

@@ -1,2 +0,0 @@
-description: Support destroying deletes
-compatibility: full

cpp/downgrades/BUILD.bazel

@@ -6,7 +6,7 @@ pkg_files(
         ["**"],
         exclude = ["BUILD.bazel"],
     ),
-    prefix = "downgrades",
+    prefix = "cpp/downgrades",
     strip_prefix = strip_prefix.from_pkg(),
     visibility = ["//cpp:__pkg__"],
 )

cpp/downgrades/e197626a6ebccd052d5c891975fccf8aebcc9803/upgrade.properties

@@ -1,3 +0,0 @@
-description: Add relation between deduction guides and class templates
-compatibility: full
-deduction_guide_for_class.rel: delete

cpp/ql/lib/BUILD.bazel

@@ -5,9 +5,11 @@ package(default_visibility = ["//cpp:__pkg__"])
 pkg_files(
     name = "dbscheme",
     srcs = ["semmlecode.cpp.dbscheme"],
+    prefix = "cpp",
 )
 
 pkg_files(
     name = "dbscheme-stats",
     srcs = ["semmlecode.cpp.dbscheme.stats"],
+    prefix = "cpp",
 )

cpp/ql/lib/CHANGELOG.md

@@ -1,62 +1,3 @@
-## 1.4.0
-
-### New Features
-
-* A `getTemplateClass` predicate was added to the `DeductionGuide` class to get the class template for which the deduction guide is a guide.
-* An `isExplicit` predicate was added to the `Function` class that determines whether the function was declared as explicit.
-* A `getExplicitExpr` predicate was added to the `Function` class that yields the constant boolean expression (if any) that conditionally determines whether the function is explicit.
-* A `isDestroyingDeleteDeallocation` predicate was added to the `NewOrNewArrayExpr` and `DeleteOrDeleteArrayExpr` classes to indicate whether the deallocation function is a destroying delete. 
-
-### Minor Analysis Improvements
-
-* The controlling expression of a `constexpr if` is now always recognized as an unevaluated expression.
-* Improved performance of alias analysis of large function bodies. In rare cases, alerts that depend on alias analysis of large function bodies may be affected.
-* A `UsingEnumDeclarationEntry` class has been added for C++ `using enum` declarations. As part of this, synthesized `UsingDeclarationEntry`s are no longer emitted for individual enumerators of the referenced enumeration.
-
-## 1.3.0
-
-### New Features
-
-* Models-as-data alert provenance information has been extended to the C/C++ language. Any qltests that include the edges relation in their output (for example, `.qlref`s that reference path-problem queries) will need to be have their expected output updated accordingly.
-* Added subclasses of `BuiltInOperations` for `__builtin_has_attribute`, `__builtin_is_corresponding_member`, `__builtin_is_pointer_interconvertible_with_class`, `__is_assignable_no_precondition_check`, `__is_bounded_array`, `__is_convertible`, `__is_corresponding_member`, `__is_nothrow_convertible`, `__is_pointer_interconvertible_with_class`, `__is_referenceable`, `__is_same_as`, `__is_trivially_copy_assignable`, `__is_unbounded_array`, `__is_valid_winrt_type`, `_is_win_class`, `__is_win_interface`, `__reference_binds_to_temporary`, `__reference_constructs_from_temporary`, and `__reference_converts_from_temporary`.
-* The class `NewArrayExpr` adds a predicate `getArraySize()` to allow a more convenient way to access the static size of the array when the extent is missing.
-
-## 1.2.0
-
-### New Features
-
-* The syntax for models-as-data rows has been extended to make it easier to select sources, sinks, and summaries that involve templated functions and classes. Additionally, the syntax has also been extended to make it easier to specify models with arbitrary levels of indirection. See `dataflow/ExternalFlow.qll` for the updated documentation and specification for the model format.
-* It is now possible to extend the classes `AllocationFunction` and `DeallocationFunction` via data extensions. Extensions of these classes should be added to the `lib/ext/allocation` and `lib/ext/deallocation` directories respectively.
-
-### Minor Analysis Improvements
-
-* The queries "Potential double free" (`cpp/double-free`) and "Potential use after free" (`cpp/use-after-free`) now produce fewer false positives.
-* The "Guards" library (`semmle.code.cpp.controlflow.Guards`) now also infers guards from calls to the builtin operation `__builtin_expect`. As a result, some queries may produce fewer false positives.
-
-## 1.1.1
-
-No user-facing changes.
-
-## 1.1.0
-
-### New Features
-
-* Data models can now be added with data extensions. In this way source, sink and summary models can be added in extension `.model.yml` files, rather than by writing classes in QL code. New models should be added in the `lib/ext` folder.
-
-### Minor Analysis Improvements
-
-* A partial model for the `Boost.Asio` network library has been added. This includes sources, sinks and summaries for certain functions in `Boost.Asio`, such as `read_until` and `write`.
-
-## 1.0.0
-
-### Breaking Changes
-
-* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0.
-
-## 0.13.1
-
-No user-facing changes.
-
 ## 0.13.0
 
 ### Breaking Changes

cpp/ql/lib/change-notes/released/0.13.1.md

@@ -1,3 +0,0 @@
-## 0.13.1
-
-No user-facing changes.

cpp/ql/lib/change-notes/released/1.0.0.md

@@ -1,5 +0,0 @@
-## 1.0.0
-
-### Breaking Changes
-
-* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0.

cpp/ql/lib/change-notes/released/1.1.0.md

@@ -1,9 +0,0 @@
-## 1.1.0
-
-### New Features
-
-* Data models can now be added with data extensions. In this way source, sink and summary models can be added in extension `.model.yml` files, rather than by writing classes in QL code. New models should be added in the `lib/ext` folder.
-
-### Minor Analysis Improvements
-
-* A partial model for the `Boost.Asio` network library has been added. This includes sources, sinks and summaries for certain functions in `Boost.Asio`, such as `read_until` and `write`.

cpp/ql/lib/change-notes/released/1.1.1.md

@@ -1,3 +0,0 @@
-## 1.1.1
-
-No user-facing changes.

cpp/ql/lib/change-notes/released/1.2.0.md

@@ -1,11 +0,0 @@
-## 1.2.0
-
-### New Features
-
-* The syntax for models-as-data rows has been extended to make it easier to select sources, sinks, and summaries that involve templated functions and classes. Additionally, the syntax has also been extended to make it easier to specify models with arbitrary levels of indirection. See `dataflow/ExternalFlow.qll` for the updated documentation and specification for the model format.
-* It is now possible to extend the classes `AllocationFunction` and `DeallocationFunction` via data extensions. Extensions of these classes should be added to the `lib/ext/allocation` and `lib/ext/deallocation` directories respectively.
-
-### Minor Analysis Improvements
-
-* The queries "Potential double free" (`cpp/double-free`) and "Potential use after free" (`cpp/use-after-free`) now produce fewer false positives.
-* The "Guards" library (`semmle.code.cpp.controlflow.Guards`) now also infers guards from calls to the builtin operation `__builtin_expect`. As a result, some queries may produce fewer false positives.

cpp/ql/lib/change-notes/released/1.3.0.md

@@ -1,7 +0,0 @@
-## 1.3.0
-
-### New Features
-
-* Models-as-data alert provenance information has been extended to the C/C++ language. Any qltests that include the edges relation in their output (for example, `.qlref`s that reference path-problem queries) will need to be have their expected output updated accordingly.
-* Added subclasses of `BuiltInOperations` for `__builtin_has_attribute`, `__builtin_is_corresponding_member`, `__builtin_is_pointer_interconvertible_with_class`, `__is_assignable_no_precondition_check`, `__is_bounded_array`, `__is_convertible`, `__is_corresponding_member`, `__is_nothrow_convertible`, `__is_pointer_interconvertible_with_class`, `__is_referenceable`, `__is_same_as`, `__is_trivially_copy_assignable`, `__is_unbounded_array`, `__is_valid_winrt_type`, `_is_win_class`, `__is_win_interface`, `__reference_binds_to_temporary`, `__reference_constructs_from_temporary`, and `__reference_converts_from_temporary`.
-* The class `NewArrayExpr` adds a predicate `getArraySize()` to allow a more convenient way to access the static size of the array when the extent is missing.

cpp/ql/lib/change-notes/released/1.4.0.md

@@ -1,14 +0,0 @@
-## 1.4.0
-
-### New Features
-
-* A `getTemplateClass` predicate was added to the `DeductionGuide` class to get the class template for which the deduction guide is a guide.
-* An `isExplicit` predicate was added to the `Function` class that determines whether the function was declared as explicit.
-* A `getExplicitExpr` predicate was added to the `Function` class that yields the constant boolean expression (if any) that conditionally determines whether the function is explicit.
-* A `isDestroyingDeleteDeallocation` predicate was added to the `NewOrNewArrayExpr` and `DeleteOrDeleteArrayExpr` classes to indicate whether the deallocation function is a destroying delete. 
-
-### Minor Analysis Improvements
-
-* The controlling expression of a `constexpr if` is now always recognized as an unevaluated expression.
-* Improved performance of alias analysis of large function bodies. In rare cases, alerts that depend on alias analysis of large function bodies may be affected.
-* A `UsingEnumDeclarationEntry` class has been added for C++ `using enum` declarations. As part of this, synthesized `UsingDeclarationEntry`s are no longer emitted for individual enumerators of the referenced enumeration.

cpp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.4.0
+lastReleaseVersion: 0.13.0

cpp/ql/lib/ext/Boost.Asio.model.yml

@@ -1,25 +0,0 @@
-  # partial model of the Boost::Asio network library
-extensions:
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: sourceModel
-    data: # namespace, type, subtypes, name, signature, ext, output, kind, provenance
-      - ["boost::asio", "", False, "read", "", "", "Argument[*1]", "remote", "manual"]
-      - ["boost::asio", "", False, "read_at", "", "", "Argument[*2]", "remote", "manual"]
-      - ["boost::asio", "", False, "read_until", "", "", "Argument[*1]", "remote", "manual"]
-      - ["boost::asio", "", False, "async_read", "", "", "Argument[*1]", "remote", "manual"]
-      - ["boost::asio", "", False, "async_read_at", "", "", "Argument[*2]", "remote", "manual"]
-      - ["boost::asio", "", False, "async_read_until", "", "", "Argument[*1]", "remote", "manual"]
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: sinkModel
-    data: # namespace, type, subtypes, name, signature, ext, input, kind, provenance
-      - ["boost::asio", "", False, "write", "", "", "Argument[*1]", "remote-sink", "manual"]
-      - ["boost::asio", "", False, "write_at", "", "", "Argument[*2]", "remote-sink", "manual"]
-      - ["boost::asio", "", False, "async_write", "", "", "Argument[*1]", "remote-sink", "manual"]
-      - ["boost::asio", "", False, "async_write_at", "", "", "Argument[*2]", "remote-sink", "manual"]
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: summaryModel
-    data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
-      - ["boost::asio", "", False, "buffer", "", "", "Argument[*0]", "ReturnValue", "taint", "manual"]

cpp/ql/lib/ext/allocation/Bsd.allocation.model.yml

@@ -1,7 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: allocationFunctionModel
-    data:
-      - ["", "", False, "kmem_alloc", "0", "", "", True]
-      - ["", "", False, "kmem_zalloc", "0", "", "", True]

cpp/ql/lib/ext/allocation/Glibc.allocation.model.yml

@@ -1,7 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: allocationFunctionModel
-    data:
-      - ["", "", False, "g_malloc", "0", "", "", True]
-      - ["", "", False, "g_try_malloc", "0", "", "", True]

cpp/ql/lib/ext/allocation/OpenSSL.allocation.model.yml

@@ -1,10 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: allocationFunctionModel
-    data:
-      - ["", "", False, "CRYPTO_malloc", "0", "", "", True]
-      - ["", "", False, "CRYPTO_zalloc", "0", "", "", True]
-      - ["", "", False, "CRYPTO_secure_malloc", "0", "", "", True]
-      - ["", "", False, "CRYPTO_secure_zalloc", "0", "", "", True]
-

cpp/ql/lib/ext/allocation/Std.allocation.model.yml

@@ -1,15 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: allocationFunctionModel
-    data:
-      - ["", "", False, "malloc", "0", "", "", True]
-      - ["std", "", False, "malloc", "0", "", "", True]
-      - ["bsl", "", False, "malloc", "0", "", "", True]
-      - ["", "", False, "alloca", "0", "", "", False]
-      - ["", "", False, "__builtin_alloca", "0", "", "", False]
-      - ["", "", False, "_alloca", "0", "", "", False]
-      - ["", "", False, "_malloca", "0", "", "", False]
-      - ["", "", False, "calloc", "1", "0", "", True]
-      - ["std", "", False, "calloc", "1", "0", "", True]
-      - ["bsl", "", False, "calloc", "1", "0", "", True]

cpp/ql/lib/ext/allocation/Windows.allocation.model.yml

@@ -1,29 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: allocationFunctionModel
-    data:
-      - ["", "", False, "MmAllocateContiguousMemory", "0", "", "", True]
-      - ["", "", False, "MmAllocateContiguousNodeMemory", "0", "", "", True]
-      - ["", "", False, "MmAllocateContiguousMemorySpecifyCache", "0", "", "", True]
-      - ["", "", False, "MmAllocateContiguousMemorySpecifyCacheNode", "0", "", "", True]
-      - ["", "", False, "MmAllocateNonCachedMemory", "0", "", "", True]
-      - ["", "", False, "MmAllocateMappingAddress", "0", "", "", True]
-      - ["", "", False, "CoTaskMemAlloc", "0", "", "", True]
-      - ["", "", False, "ExAllocatePool", "1", "", "", True]
-      - ["", "", False, "ExAllocatePool2", "1", "", "", True]
-      - ["", "", False, "ExAllocatePool3", "1", "", "", True]
-      - ["", "", False, "ExAllocatePoolWithTag", "1", "", "", True]
-      - ["", "", False, "ExAllocatePoolWithTagPriority", "1", "", "", True]
-      - ["", "", False, "ExAllocatePoolWithQuota", "1", "", "", True]
-      - ["", "", False, "ExAllocatePoolWithQuotaTag", "1", "", "", True]
-      - ["", "", False, "ExAllocatePoolZero", "1", "", "", True]
-      - ["", "", False, "IoAllocateMdl", "1", "", "", True]
-      - ["", "", False, "IoAllocateErrorLogEntry", "1", "", "", True]
-      - ["", "", False, "LocalAlloc", "1", "", "", True]
-      - ["", "", False, "GlobalAlloc", "1", "", "", True]
-      - ["", "", False, "VirtualAlloc", "1", "", "", True]
-      - ["", "", False, "HeapAlloc", "2", "", "", True]
-      - ["", "", False, "MmAllocatePagesForMdl", "3", "", "", True]
-      - ["", "", False, "MmAllocatePagesForMdlEx", "3", "", "", True]
-      - ["", "", False, "MmAllocateNodePagesForMdlEx", "3", "", "", True]

cpp/ql/lib/ext/allocation/empty.allocation.model.yml

@@ -1,5 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: allocationFunctionModel
-    data: []

cpp/ql/lib/ext/bsl.array.model.yml

@@ -1,14 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: summaryModel
-    data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
-      - ["bsl", "array", True, "at", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "array", True, "begin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "array", True, "cbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "array", True, "data", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "array", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "array", True, "rbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "array", True, "rcbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "array", True, "front", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "array", True, "back", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]

cpp/ql/lib/ext/bsl.deque.model.yml

@@ -1,73 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: summaryModel
-    data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
-      - ["bsl", "deque<T,Allocator>", True, "assign", "(size_type,const T &)", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "deque", True, "assign<InputIt>", "(InputIt,InputIt)", "", "Argument[0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "deque", True, "at", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "deque", True, "back", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "deque", True, "begin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "deque", True, "cbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "deque", True, "deque", "(const deque &)", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "deque", True, "deque", "(deque &&)", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "deque", True, "emplace", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "deque", True, "emplace", "", "", "Argument[*@1]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "deque", True, "emplace", "", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "deque", True, "emplace", "", "", "Argument[*@2]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "deque", True, "emplace", "", "", "Argument[*@3]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "deque", True, "emplace", "", "", "Argument[*@3]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "deque", True, "emplace", "", "", "Argument[*@4]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "deque", True, "emplace", "", "", "Argument[*@4]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "deque", True, "emplace", "", "", "Argument[*@5]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "deque", True, "emplace", "", "", "Argument[*@5]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "deque", True, "emplace", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "deque", True, "emplace_back", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "deque", True, "emplace_back", "", "", "Argument[*@0]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "deque", True, "emplace_back", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "deque", True, "emplace_back", "", "", "Argument[*@1]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "deque", True, "emplace_back", "", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "deque", True, "emplace_back", "", "", "Argument[*@2]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "deque", True, "emplace_back", "", "", "Argument[*@3]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "deque", True, "emplace_back", "", "", "Argument[*@3]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "deque", True, "emplace_back", "", "", "Argument[*@4]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "deque", True, "emplace_back", "", "", "Argument[*@4]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "deque", True, "emplace_back", "", "", "Argument[*@5]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "deque", True, "emplace_back", "", "", "Argument[*@5]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "deque", True, "emplace_back", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "deque", True, "emplace_front", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "deque", True, "emplace_front", "", "", "Argument[*@0]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "deque", True, "emplace_front", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "deque", True, "emplace_front", "", "", "Argument[*@1]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "deque", True, "emplace_front", "", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "deque", True, "emplace_front", "", "", "Argument[*@2]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "deque", True, "emplace_front", "", "", "Argument[*@3]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "deque", True, "emplace_front", "", "", "Argument[*@3]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "deque", True, "emplace_front", "", "", "Argument[*@4]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "deque", True, "emplace_front", "", "", "Argument[*@4]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "deque", True, "emplace_front", "", "", "Argument[*@5]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "deque", True, "emplace_front", "", "", "Argument[*@5]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "deque", True, "emplace_front", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "deque", True, "front", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "deque", True, "insert<InputIt>", "(const_iterator,InputIt,InputIt)", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "deque", True, "insert<InputIt>", "(const_iterator,InputIt,InputIt)", "", "Argument[1].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "deque", True, "insert<InputIt>", "(const_iterator,InputIt,InputIt)", "", "Argument[1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "deque", True, "operator=", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "deque", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "deque", True, "push_back", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "deque", True, "push_front", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "deque", True, "rbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "deque", True, "rcbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "deque<T,Allocator>", True, "deque", "(const deque &,const Allocator &)", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "deque<T,Allocator>", True, "deque", "(deque &&,const Allocator &)", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "deque<T,Allocator>", True, "deque", "(size_type,const T &,const Allocator &)", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "deque<T,Allocator>", True, "deque<InputIterator>", "(InputIterator,InputIterator,const Allocator &)", "", "Argument[0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "deque<T>", True, "insert", "(const_iterator,const T &)", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "deque<T>", True, "insert", "(const_iterator,const T &)", "", "Argument[*@1]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "deque<T>", True, "insert", "(const_iterator,const T &)", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "deque<T>", True, "insert", "(const_iterator,size_type,const T &)", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "deque<T>", True, "insert", "(const_iterator,size_type,const T &)", "", "Argument[*@2]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "deque<T>", True, "insert", "(const_iterator,size_type,const T &)", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "deque<T>", True, "insert", "(const_iterator,T &&)", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "deque<T>", True, "insert", "(const_iterator,T &&)", "", "Argument[*@1]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "deque<T>", True, "insert", "(const_iterator,T &&)", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]

cpp/ql/lib/ext/bsl.forward_list.model.yml

@@ -1,56 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: summaryModel
-    data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
-      - ["bsl", "forward_list", True, "insert_after<InputIt>", "(const_iterator,InputIt,InputIt)", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "forward_list<T>", True, "insert_after", "(const_iterator,const T &)", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "forward_list<T>", True, "insert_after", "(const_iterator,size_type,const T &)", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "forward_list<T,Allocator>", True, "assign", "(size_type,const T &)", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "forward_list", True, "assign<InputIt>", "(InputIt,InputIt)", "", "Argument[0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "forward_list", True, "begin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "forward_list", True, "cbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "forward_list", True, "emplace_after", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "forward_list", True, "emplace_after", "", "", "Argument[*@1]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "forward_list", True, "emplace_after", "", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "forward_list", True, "emplace_after", "", "", "Argument[*@2]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "forward_list", True, "emplace_after", "", "", "Argument[*@3]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "forward_list", True, "emplace_after", "", "", "Argument[*@3]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "forward_list", True, "emplace_after", "", "", "Argument[*@4]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "forward_list", True, "emplace_after", "", "", "Argument[*@4]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "forward_list", True, "emplace_after", "", "", "Argument[*@5]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "forward_list", True, "emplace_after", "", "", "Argument[*@5]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "forward_list", True, "emplace_after", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "forward_list", True, "emplace_front", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "forward_list", True, "emplace_front", "", "", "Argument[*@0]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "forward_list", True, "emplace_front", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "forward_list", True, "emplace_front", "", "", "Argument[*@1]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "forward_list", True, "emplace_front", "", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "forward_list", True, "emplace_front", "", "", "Argument[*@2]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "forward_list", True, "emplace_front", "", "", "Argument[*@3]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "forward_list", True, "emplace_front", "", "", "Argument[*@3]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "forward_list", True, "emplace_front", "", "", "Argument[*@4]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "forward_list", True, "emplace_front", "", "", "Argument[*@4]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "forward_list", True, "emplace_front", "", "", "Argument[*@5]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "forward_list", True, "emplace_front", "", "", "Argument[*@5]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "forward_list", True, "emplace_front", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "forward_list", True, "forward_list", "(const forward_list &)", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "forward_list", True, "forward_list", "(forward_list &&)", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "forward_list", True, "front", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "forward_list", True, "insert_after<InputIt>", "(const_iterator,InputIt,InputIt)", "", "Argument[1].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "forward_list", True, "insert_after<InputIt>", "(const_iterator,InputIt,InputIt)", "", "Argument[1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "forward_list", True, "operator=", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "forward_list", True, "push_front", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "forward_list", True, "rbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "forward_list", True, "rcbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "forward_list<T,Allocator>", True, "forward_list", "(const forward_list &,const Allocator &)", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "forward_list<T,Allocator>", True, "forward_list", "(forward_list &&,const Allocator &)", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "forward_list<T,Allocator>", True, "forward_list", "(InputIterator,InputIterator,const Allocator &)", "", "Argument[0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "forward_list<T,Allocator>", True, "forward_list", "(size_type,const T &,const Allocator &)", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "forward_list<T>", True, "insert_after", "(const_iterator,const T &)", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "forward_list<T>", True, "insert_after", "(const_iterator,const T &)", "", "Argument[*@1]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "forward_list<T>", True, "insert_after", "(const_iterator,size_type,const T &)", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "forward_list<T>", True, "insert_after", "(const_iterator,size_type,const T &)", "", "Argument[*@2]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "forward_list<T>", True, "insert_after", "(const_iterator,T &&)", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "forward_list<T>", True, "insert_after", "(const_iterator,T &&)", "", "Argument[*@1]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "forward_list<T>", True, "insert_after", "(const_iterator,T &&)", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]

cpp/ql/lib/ext/bsl.list.model.yml

@@ -1,71 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: summaryModel
-    data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
-      - ["bsl", "list<T,Allocator>", True, "assign", "(size_type,const T &)", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "list", True, "assign<InputIt>", "(InputIt,InputIt)", "", "Argument[0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "list", True, "back", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "list", True, "begin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "list", True, "cbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "list", True, "emplace", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "list", True, "emplace", "", "", "Argument[*@1]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "list", True, "emplace", "", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "list", True, "emplace", "", "", "Argument[*@2]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "list", True, "emplace", "", "", "Argument[*@3]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "list", True, "emplace", "", "", "Argument[*@3]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "list", True, "emplace", "", "", "Argument[*@4]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "list", True, "emplace", "", "", "Argument[*@4]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "list", True, "emplace", "", "", "Argument[*@5]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "list", True, "emplace", "", "", "Argument[*@5]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "list", True, "emplace", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "list", True, "emplace_back", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "list", True, "emplace_back", "", "", "Argument[*@0]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "list", True, "emplace_back", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "list", True, "emplace_back", "", "", "Argument[*@1]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "list", True, "emplace_back", "", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "list", True, "emplace_back", "", "", "Argument[*@2]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "list", True, "emplace_back", "", "", "Argument[*@3]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "list", True, "emplace_back", "", "", "Argument[*@3]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "list", True, "emplace_back", "", "", "Argument[*@4]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "list", True, "emplace_back", "", "", "Argument[*@4]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "list", True, "emplace_back", "", "", "Argument[*@5]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "list", True, "emplace_back", "", "", "Argument[*@5]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "list", True, "emplace_back", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "list", True, "emplace_front", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "list", True, "emplace_front", "", "", "Argument[*@0]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "list", True, "emplace_front", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "list", True, "emplace_front", "", "", "Argument[*@1]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "list", True, "emplace_front", "", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "list", True, "emplace_front", "", "", "Argument[*@2]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "list", True, "emplace_front", "", "", "Argument[*@3]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "list", True, "emplace_front", "", "", "Argument[*@3]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "list", True, "emplace_front", "", "", "Argument[*@4]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "list", True, "emplace_front", "", "", "Argument[*@4]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "list", True, "emplace_front", "", "", "Argument[*@5]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "list", True, "emplace_front", "", "", "Argument[*@5]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "list", True, "emplace_front", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "list", True, "front", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "list", True, "insert<InputIt>", "(const_iterator,InputIt,InputIt)", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "list", True, "insert<InputIt>", "(const_iterator,InputIt,InputIt)", "", "Argument[1].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "list", True, "insert<InputIt>", "(const_iterator,InputIt,InputIt)", "", "Argument[1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "list", True, "list", "(const list &)", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "list", True, "list", "(list &&)", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "list", True, "operator=", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "list", True, "push_back", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "list", True, "push_front", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "list", True, "rbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "list", True, "rcbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "list<T,Allocator>", True, "list", "(const list &,const Allocator &)", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "list<T,Allocator>", True, "list", "(list &&,const Allocator &)", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "list<T,Allocator>", True, "list", "(size_type,const T &,const Allocator &)", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "list<T,Allocator>", True, "list<InputIterator>", "(InputIterator,InputIterator,const Allocator &)", "", "Argument[0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "list<T>", True, "insert", "(const_iterator,const T &)", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "list<T>", True, "insert", "(const_iterator,const T &)", "", "Argument[*@1]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "list<T>", True, "insert", "(const_iterator,const T &)", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "list<T>", True, "insert", "(const_iterator,size_type,const T &)", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "list<T>", True, "insert", "(const_iterator,size_type,const T &)", "", "Argument[*@2]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "list<T>", True, "insert", "(const_iterator,size_type,const T &)", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "list<T>", True, "insert", "(const_iterator,T &&)", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "list<T>", True, "insert", "(const_iterator,T &&)", "", "Argument[*@1]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "list<T>", True, "insert", "(const_iterator,T &&)", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]

cpp/ql/lib/ext/bsl.vector.model.yml

@@ -1,60 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: summaryModel
-    data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
-      - ["bsl", "vector<T,Allocator>", True, "assign", "(size_type,const T &)", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "vector", True, "assign<InputIt>", "(InputIt,InputIt)", "", "Argument[0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "vector", True, "at", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "vector", True, "back", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "vector", True, "begin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "vector", True, "cbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "vector", True, "data", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "vector", True, "emplace", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "vector", True, "emplace", "", "", "Argument[*@1]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "vector", True, "emplace", "", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "vector", True, "emplace", "", "", "Argument[*@2]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "vector", True, "emplace", "", "", "Argument[*@3]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "vector", True, "emplace", "", "", "Argument[*@3]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "vector", True, "emplace", "", "", "Argument[*@4]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "vector", True, "emplace", "", "", "Argument[*@4]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "vector", True, "emplace", "", "", "Argument[*@5]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "vector", True, "emplace", "", "", "Argument[*@5]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "vector", True, "emplace", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "vector", True, "emplace_back", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "vector", True, "emplace_back", "", "", "Argument[*@0]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "vector", True, "emplace_back", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "vector", True, "emplace_back", "", "", "Argument[*@1]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "vector", True, "emplace_back", "", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "vector", True, "emplace_back", "", "", "Argument[*@2]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "vector", True, "emplace_back", "", "", "Argument[*@3]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "vector", True, "emplace_back", "", "", "Argument[*@3]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "vector", True, "emplace_back", "", "", "Argument[*@4]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "vector", True, "emplace_back", "", "", "Argument[*@4]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "vector", True, "emplace_back", "", "", "Argument[*@5]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "vector", True, "emplace_back", "", "", "Argument[*@5]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "vector", True, "emplace_back", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "vector", True, "front", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "vector", True, "insert<InputIt>", "(const_iterator,InputIt,InputIt)", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "vector", True, "insert<InputIt>", "(const_iterator,InputIt,InputIt)", "", "Argument[1].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "vector", True, "insert<InputIt>", "(const_iterator,InputIt,InputIt)", "", "Argument[1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "vector", True, "operator=", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "vector", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["bsl", "vector", True, "push_back", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "vector", True, "rbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "vector", True, "rcbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "vector", True, "vector", "(const vector &)", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "vector", True, "vector", "(vector &&)", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "vector<T,Allocator>", True, "vector", "(const vector &,const Allocator &)", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "vector<T,Allocator>", True, "vector", "(size_type,const T &,const Allocator &)", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "vector<T,Allocator>", True, "vector", "(vector &&,const Allocator &)", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "vector<T,Allocator>", True, "vector<InputIterator>", "(InputIterator,InputIterator,const Allocator &)", "", "Argument[0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "vector<T>", True, "insert", "(const_iterator,const T &)", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "vector<T>", True, "insert", "(const_iterator,const T &)", "", "Argument[*@1]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "vector<T>", True, "insert", "(const_iterator,const T &)", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "vector<T>", True, "insert", "(const_iterator,size_type,const T &)", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "vector<T>", True, "insert", "(const_iterator,size_type,const T &)", "", "Argument[*@2]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "vector<T>", True, "insert", "(const_iterator,size_type,const T &)", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "vector<T>", True, "insert", "(const_iterator,T &&)", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["bsl", "vector<T>", True, "insert", "(const_iterator,T &&)", "", "Argument[*@1]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["bsl", "vector<T>", True, "insert", "(const_iterator,T &&)", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]

cpp/ql/lib/ext/deallocation/Bsd.deallocation.model.yml

@@ -1,8 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: deallocationFunctionModel
-    data:
-      - ["", "", False, "pool_put", "1"]
-      - ["", "", False, "pool_cache_put", "1"]
-      - ["", "", False, "kmem_free", "0"]

cpp/ql/lib/ext/deallocation/Std.deallocation.model.yml

@@ -1,42 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: deallocationFunctionModel
-    data:
-      - ["", "", False, "free", "0"]
-      - ["std", "", False, "free", "0"]
-      - ["bsl", "", False, "free", "0"]
-      - ["", "", False, "realloc", "0"]
-      - ["std", "", False, "realloc", "0"]
-      - ["bsl", "", False, "realloc", "0"]
-      - ["", "", False, "CRYPTO_free", "0"]
-      - ["", "", False, "CRYPTO_secure_free", "0"]
-      - ["", "", False, "g_free", "0"]
-      - ["", "", False, "ExFreePool", "0"]
-      - ["", "", False, "ExFreePoolWithTag", "0"]
-      - ["", "", False, "ExDeleteTimer", "0"]
-      - ["", "", False, "IoFreeIrp", "0"]
-      - ["", "", False, "IoFreeMdl", "0"]
-      - ["", "", False, "IoFreeErrorLogEntry", "0"]
-      - ["", "", False, "IoFreeWorkItem", "0"]
-      - ["", "", False, "MmFreeContiguousMemory", "0"]
-      - ["", "", False, "MmFreeContiguousMemorySpecifyCache", "0"]
-      - ["", "", False, "MmFreeNonCachedMemory", "0"]
-      - ["", "", False, "MmFreeMappingAddress", "0"]
-      - ["", "", False, "MmFreePagesFromMdl", "0"]
-      - ["", "", False, "MmUnmapReservedMapping", "0"]
-      - ["", "", False, "MmUnmapLockedPages", "0"]
-      - ["", "", False, "NdisFreeGenericObject", "0"]
-      - ["", "", False, "NdisFreeMemory", "0"]
-      - ["", "", False, "NdisFreeMemoryWithTag", "0"]
-      - ["", "", False, "NdisFreeMdl", "0"]
-      - ["", "", False, "NdisFreeNetBufferListPool", "0"]
-      - ["", "", False, "NdisFreeNetBufferPool", "0"]
-      - ["", "", False, "LocalFree", "0"]
-      - ["", "", False, "GlobalFree", "0"]
-      - ["", "", False, "LocalReAlloc", "0"]
-      - ["", "", False, "GlobalReAlloc", "0"]
-      - ["", "", False, "VirtualFree", "0"]
-      - ["", "", False, "CoTaskMemFree", "0"]
-      - ["", "", False, "CoTaskMemRealloc", "0"]
-      - ["", "", False, "SysFreeString", "0"]

cpp/ql/lib/ext/deallocation/Windows.deallocation.model.yml

@@ -1,41 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: deallocationFunctionModel
-    data:
-      - ["", "", False, "ExFreePool", "0"]
-      - ["", "", False, "ExFreePoolWithTag", "0"]
-      - ["", "", False, "ExDeleteTimer", "0"]
-      - ["", "", False, "IoFreeIrp", "0"]
-      - ["", "", False, "IoFreeMdl", "0"]
-      - ["", "", False, "IoFreeErrorLogEntry", "0"]
-      - ["", "", False, "IoFreeWorkItem", "0"]
-      - ["", "", False, "MmFreeContiguousMemory", "0"]
-      - ["", "", False, "MmFreeContiguousMemorySpecifyCache", "0"]
-      - ["", "", False, "MmFreeNonCachedMemory", "0"]
-      - ["", "", False, "MmFreeMappingAddress", "0"]
-      - ["", "", False, "MmFreePagesFromMdl", "0"]
-      - ["", "", False, "MmUnmapReservedMapping", "0"]
-      - ["", "", False, "MmUnmapLockedPages", "0"]
-      - ["", "", False, "NdisFreeGenericObject", "0"]
-      - ["", "", False, "NdisFreeMemory", "0"]
-      - ["", "", False, "NdisFreeMemoryWithTag", "0"]
-      - ["", "", False, "NdisFreeMdl", "0"]
-      - ["", "", False, "NdisFreeNetBufferListPool", "0"]
-      - ["", "", False, "NdisFreeNetBufferPool", "0"]
-      - ["", "", False, "LocalFree", "0"]
-      - ["", "", False, "GlobalFree", "0"]
-      - ["", "", False, "LocalReAlloc", "0"]
-      - ["", "", False, "GlobalReAlloc", "0"]
-      - ["", "", False, "VirtualFree", "0"]
-      - ["", "", False, "CoTaskMemFree", "0"]
-      - ["", "", False, "CoTaskMemRealloc", "0"]
-      - ["", "", False, "SysFreeString", "0"]
-      - ["", "", False, "ExFreeToLookasideListEx", "1"]
-      - ["", "", False, "ExFreeToPagedLookasideList", "1"]
-      - ["", "", False, "ExFreeToNPagedLookasideList", "1"]
-      - ["", "", False, "NdisFreeMemoryWithTagPriority", "1"]
-      - ["", "", False, "StorPortFreeMdl", "1"]
-      - ["", "", False, "StorPortFreePool", "1"]
-      - ["", "", False, "HeapFree", "2"]
-      - ["", "", False, "HeapReAlloc", "2"]

cpp/ql/lib/ext/deallocation/empty.deallocation.model.yml

@@ -1,5 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: deallocationFunctionModel
-    data: []

cpp/ql/lib/ext/empty.model.yml

@@ -1,15 +0,0 @@
-extensions:
-  # Make sure that the extensible model predicates have at least one definition
-  # to avoid errors about undefined extensionals.
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: sourceModel
-    data: []
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: sinkModel
-    data: []
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: summaryModel
-    data: []

cpp/ql/lib/ext/std.array.model.yml

@@ -1,14 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: summaryModel
-    data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
-      - ["std", "array", True, "at", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "array", True, "begin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "array", True, "cbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "array", True, "data", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "array", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "array", True, "rbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "array", True, "rcbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "array", True, "front", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "array", True, "back", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]

cpp/ql/lib/ext/std.deque.model.yml

@@ -1,73 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: summaryModel
-    data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
-      - ["std", "deque<T,Allocator>", True, "assign", "(size_type,const T &)", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "deque", True, "assign<InputIt>", "(InputIt,InputIt)", "", "Argument[0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "deque", True, "at", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "deque", True, "back", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "deque", True, "begin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "deque", True, "cbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "deque", True, "deque", "(const deque &)", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "deque", True, "deque", "(deque &&)", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "deque", True, "emplace", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "deque", True, "emplace", "", "", "Argument[*@1]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "deque", True, "emplace", "", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "deque", True, "emplace", "", "", "Argument[*@2]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "deque", True, "emplace", "", "", "Argument[*@3]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "deque", True, "emplace", "", "", "Argument[*@3]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "deque", True, "emplace", "", "", "Argument[*@4]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "deque", True, "emplace", "", "", "Argument[*@4]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "deque", True, "emplace", "", "", "Argument[*@5]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "deque", True, "emplace", "", "", "Argument[*@5]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "deque", True, "emplace", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "deque", True, "emplace_back", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "deque", True, "emplace_back", "", "", "Argument[*@0]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "deque", True, "emplace_back", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "deque", True, "emplace_back", "", "", "Argument[*@1]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "deque", True, "emplace_back", "", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "deque", True, "emplace_back", "", "", "Argument[*@2]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "deque", True, "emplace_back", "", "", "Argument[*@3]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "deque", True, "emplace_back", "", "", "Argument[*@3]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "deque", True, "emplace_back", "", "", "Argument[*@4]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "deque", True, "emplace_back", "", "", "Argument[*@4]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "deque", True, "emplace_back", "", "", "Argument[*@5]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "deque", True, "emplace_back", "", "", "Argument[*@5]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "deque", True, "emplace_back", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "deque", True, "emplace_front", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "deque", True, "emplace_front", "", "", "Argument[*@0]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "deque", True, "emplace_front", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "deque", True, "emplace_front", "", "", "Argument[*@1]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "deque", True, "emplace_front", "", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "deque", True, "emplace_front", "", "", "Argument[*@2]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "deque", True, "emplace_front", "", "", "Argument[*@3]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "deque", True, "emplace_front", "", "", "Argument[*@3]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "deque", True, "emplace_front", "", "", "Argument[*@4]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "deque", True, "emplace_front", "", "", "Argument[*@4]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "deque", True, "emplace_front", "", "", "Argument[*@5]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "deque", True, "emplace_front", "", "", "Argument[*@5]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "deque", True, "emplace_front", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "deque", True, "front", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "deque", True, "insert<InputIt>", "(const_iterator,InputIt,InputIt)", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "deque", True, "insert<InputIt>", "(const_iterator,InputIt,InputIt)", "", "Argument[1].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "deque", True, "insert<InputIt>", "(const_iterator,InputIt,InputIt)", "", "Argument[1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "deque", True, "operator=", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "deque", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "deque", True, "push_back", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "deque", True, "push_front", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "deque", True, "rbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "deque", True, "rcbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "deque<T,Allocator>", True, "deque", "(const deque &,const Allocator &)", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "deque<T,Allocator>", True, "deque", "(deque &&,const Allocator &)", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "deque<T,Allocator>", True, "deque", "(size_type,const T &,const Allocator &)", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "deque<T,Allocator>", True, "deque<InputIterator>", "(InputIterator,InputIterator,const Allocator &)", "", "Argument[0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "deque<T>", True, "insert", "(const_iterator,const T &)", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "deque<T>", True, "insert", "(const_iterator,const T &)", "", "Argument[*@1]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "deque<T>", True, "insert", "(const_iterator,const T &)", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "deque<T>", True, "insert", "(const_iterator,size_type,const T &)", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "deque<T>", True, "insert", "(const_iterator,size_type,const T &)", "", "Argument[*@2]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "deque<T>", True, "insert", "(const_iterator,size_type,const T &)", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "deque<T>", True, "insert", "(const_iterator,T &&)", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "deque<T>", True, "insert", "(const_iterator,T &&)", "", "Argument[*@1]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "deque<T>", True, "insert", "(const_iterator,T &&)", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]

cpp/ql/lib/ext/std.format.model.yml

@@ -1,14 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: summaryModel
-    data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
-      - ["std", "", False, "format<Args>", "(format_string,Args &&)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["std", "", False, "format<Args>", "(format_string,Args &&)", "", "Argument[*1]", "ReturnValue", "taint", "manual"]
-      - ["std", "", False, "format<Args>", "(format_string,Args &&)", "", "Argument[*2]", "ReturnValue", "taint", "manual"]
-      - ["std", "", False, "format<Args>", "(format_string,Args &&)", "", "Argument[*3]", "ReturnValue", "taint", "manual"]
-      - ["std", "", False, "format<Args>", "(format_string,Args &&)", "", "Argument[*4]", "ReturnValue", "taint", "manual"]
-      - ["std", "", False, "format<Args>", "(format_string,Args &&)", "", "Argument[*5]", "ReturnValue", "taint", "manual"]
-      - ["std", "", False, "format<Args>", "(format_string,Args &&)", "", "Argument[*6]", "ReturnValue", "taint", "manual"]
-      - ["std", "", False, "format<Args>", "(format_string,Args &&)", "", "Argument[*7]", "ReturnValue", "taint", "manual"]
-      - ["std", "", False, "format<Args>", "(format_string,Args &&)", "", "Argument[*8]", "ReturnValue", "taint", "manual"]

cpp/ql/lib/ext/std.forward_list.model.yml

@@ -1,56 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: summaryModel
-    data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
-      - ["std", "forward_list", True, "insert_after<InputIt>", "(const_iterator,InputIt,InputIt)", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "forward_list<T>", True, "insert_after", "(const_iterator,const T &)", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "forward_list<T>", True, "insert_after", "(const_iterator,size_type,const T &)", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "forward_list<T,Allocator>", True, "assign", "(size_type,const T &)", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "forward_list", True, "assign<InputIt>", "(InputIt,InputIt)", "", "Argument[0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "forward_list", True, "begin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "forward_list", True, "cbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "forward_list", True, "emplace_after", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "forward_list", True, "emplace_after", "", "", "Argument[*@1]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "forward_list", True, "emplace_after", "", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "forward_list", True, "emplace_after", "", "", "Argument[*@2]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "forward_list", True, "emplace_after", "", "", "Argument[*@3]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "forward_list", True, "emplace_after", "", "", "Argument[*@3]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "forward_list", True, "emplace_after", "", "", "Argument[*@4]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "forward_list", True, "emplace_after", "", "", "Argument[*@4]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "forward_list", True, "emplace_after", "", "", "Argument[*@5]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "forward_list", True, "emplace_after", "", "", "Argument[*@5]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "forward_list", True, "emplace_after", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "forward_list", True, "emplace_front", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "forward_list", True, "emplace_front", "", "", "Argument[*@0]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "forward_list", True, "emplace_front", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "forward_list", True, "emplace_front", "", "", "Argument[*@1]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "forward_list", True, "emplace_front", "", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "forward_list", True, "emplace_front", "", "", "Argument[*@2]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "forward_list", True, "emplace_front", "", "", "Argument[*@3]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "forward_list", True, "emplace_front", "", "", "Argument[*@3]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "forward_list", True, "emplace_front", "", "", "Argument[*@4]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "forward_list", True, "emplace_front", "", "", "Argument[*@4]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "forward_list", True, "emplace_front", "", "", "Argument[*@5]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "forward_list", True, "emplace_front", "", "", "Argument[*@5]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "forward_list", True, "emplace_front", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "forward_list", True, "forward_list", "(const forward_list &)", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "forward_list", True, "forward_list", "(forward_list &&)", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "forward_list", True, "front", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "forward_list", True, "insert_after<InputIt>", "(const_iterator,InputIt,InputIt)", "", "Argument[1].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "forward_list", True, "insert_after<InputIt>", "(const_iterator,InputIt,InputIt)", "", "Argument[1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "forward_list", True, "operator=", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "forward_list", True, "push_front", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "forward_list", True, "rbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "forward_list", True, "rcbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "forward_list<T,Allocator>", True, "forward_list", "(const forward_list &,const Allocator &)", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "forward_list<T,Allocator>", True, "forward_list", "(forward_list &&,const Allocator &)", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "forward_list<T,Allocator>", True, "forward_list", "(InputIterator,InputIterator,const Allocator &)", "", "Argument[0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "forward_list<T,Allocator>", True, "forward_list", "(size_type,const T &,const Allocator &)", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "forward_list<T>", True, "insert_after", "(const_iterator,const T &)", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "forward_list<T>", True, "insert_after", "(const_iterator,const T &)", "", "Argument[*@1]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "forward_list<T>", True, "insert_after", "(const_iterator,size_type,const T &)", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "forward_list<T>", True, "insert_after", "(const_iterator,size_type,const T &)", "", "Argument[*@2]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "forward_list<T>", True, "insert_after", "(const_iterator,T &&)", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "forward_list<T>", True, "insert_after", "(const_iterator,T &&)", "", "Argument[*@1]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "forward_list<T>", True, "insert_after", "(const_iterator,T &&)", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]

cpp/ql/lib/ext/std.iterator.model.yml

@@ -1,11 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: summaryModel
-    data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
-      - ["std", "iterator", True, "operator*", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "iterator", True, "operator->", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "iterator", True, "iterator", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["__gnu_cxx", "__normal_iterator", True, "operator*", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["__gnu_cxx", "__normal_iterator", True, "operator->", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["__gnu_cxx", "__normal_iterator", True, "__normal_iterator", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]

cpp/ql/lib/ext/std.list.model.yml

@@ -1,71 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: summaryModel
-    data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
-      - ["std", "list<T,Allocator>", True, "assign", "(size_type,const T &)", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "list", True, "assign<InputIt>", "(InputIt,InputIt)", "", "Argument[0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "list", True, "back", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "list", True, "begin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "list", True, "cbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "list", True, "emplace", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "list", True, "emplace", "", "", "Argument[*@1]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "list", True, "emplace", "", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "list", True, "emplace", "", "", "Argument[*@2]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "list", True, "emplace", "", "", "Argument[*@3]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "list", True, "emplace", "", "", "Argument[*@3]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "list", True, "emplace", "", "", "Argument[*@4]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "list", True, "emplace", "", "", "Argument[*@4]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "list", True, "emplace", "", "", "Argument[*@5]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "list", True, "emplace", "", "", "Argument[*@5]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "list", True, "emplace", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "list", True, "emplace_back", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "list", True, "emplace_back", "", "", "Argument[*@0]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "list", True, "emplace_back", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "list", True, "emplace_back", "", "", "Argument[*@1]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "list", True, "emplace_back", "", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "list", True, "emplace_back", "", "", "Argument[*@2]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "list", True, "emplace_back", "", "", "Argument[*@3]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "list", True, "emplace_back", "", "", "Argument[*@3]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "list", True, "emplace_back", "", "", "Argument[*@4]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "list", True, "emplace_back", "", "", "Argument[*@4]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "list", True, "emplace_back", "", "", "Argument[*@5]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "list", True, "emplace_back", "", "", "Argument[*@5]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "list", True, "emplace_back", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "list", True, "emplace_front", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "list", True, "emplace_front", "", "", "Argument[*@0]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "list", True, "emplace_front", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "list", True, "emplace_front", "", "", "Argument[*@1]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "list", True, "emplace_front", "", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "list", True, "emplace_front", "", "", "Argument[*@2]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "list", True, "emplace_front", "", "", "Argument[*@3]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "list", True, "emplace_front", "", "", "Argument[*@3]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "list", True, "emplace_front", "", "", "Argument[*@4]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "list", True, "emplace_front", "", "", "Argument[*@4]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "list", True, "emplace_front", "", "", "Argument[*@5]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "list", True, "emplace_front", "", "", "Argument[*@5]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "list", True, "emplace_front", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "list", True, "front", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "list", True, "insert<InputIt>", "(const_iterator,InputIt,InputIt)", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "list", True, "insert<InputIt>", "(const_iterator,InputIt,InputIt)", "", "Argument[1].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "list", True, "insert<InputIt>", "(const_iterator,InputIt,InputIt)", "", "Argument[1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "list", True, "list", "(const list &)", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "list", True, "list", "(list &&)", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "list", True, "operator=", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "list", True, "push_back", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "list", True, "push_front", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "list", True, "rbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "list", True, "rcbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "list<T,Allocator>", True, "list", "(const list &,const Allocator &)", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "list<T,Allocator>", True, "list", "(list &&,const Allocator &)", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "list<T,Allocator>", True, "list", "(size_type,const T &,const Allocator &)", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "list<T,Allocator>", True, "list<InputIterator>", "(InputIterator,InputIterator,const Allocator &)", "", "Argument[0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "list<T>", True, "insert", "(const_iterator,const T &)", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "list<T>", True, "insert", "(const_iterator,const T &)", "", "Argument[*@1]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "list<T>", True, "insert", "(const_iterator,const T &)", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "list<T>", True, "insert", "(const_iterator,size_type,const T &)", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "list<T>", True, "insert", "(const_iterator,size_type,const T &)", "", "Argument[*@2]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "list<T>", True, "insert", "(const_iterator,size_type,const T &)", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "list<T>", True, "insert", "(const_iterator,T &&)", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "list<T>", True, "insert", "(const_iterator,T &&)", "", "Argument[*@1]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "list<T>", True, "insert", "(const_iterator,T &&)", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]

cpp/ql/lib/ext/std.vector.model.yml

@@ -1,60 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: summaryModel
-    data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
-      - ["std", "vector<T,Allocator>", True, "assign", "(size_type,const T &)", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "vector", True, "assign<InputIt>", "(InputIt,InputIt)", "", "Argument[0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "vector", True, "at", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "vector", True, "back", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "vector", True, "begin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "vector", True, "cbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "vector", True, "data", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "vector", True, "emplace", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "vector", True, "emplace", "", "", "Argument[*@1]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "vector", True, "emplace", "", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "vector", True, "emplace", "", "", "Argument[*@2]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "vector", True, "emplace", "", "", "Argument[*@3]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "vector", True, "emplace", "", "", "Argument[*@3]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "vector", True, "emplace", "", "", "Argument[*@4]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "vector", True, "emplace", "", "", "Argument[*@4]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "vector", True, "emplace", "", "", "Argument[*@5]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "vector", True, "emplace", "", "", "Argument[*@5]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "vector", True, "emplace", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "vector", True, "emplace_back", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "vector", True, "emplace_back", "", "", "Argument[*@0]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "vector", True, "emplace_back", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "vector", True, "emplace_back", "", "", "Argument[*@1]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "vector", True, "emplace_back", "", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "vector", True, "emplace_back", "", "", "Argument[*@2]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "vector", True, "emplace_back", "", "", "Argument[*@3]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "vector", True, "emplace_back", "", "", "Argument[*@3]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "vector", True, "emplace_back", "", "", "Argument[*@4]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "vector", True, "emplace_back", "", "", "Argument[*@4]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "vector", True, "emplace_back", "", "", "Argument[*@5]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "vector", True, "emplace_back", "", "", "Argument[*@5]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "vector", True, "emplace_back", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "vector", True, "front", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "vector", True, "insert<InputIt>", "(const_iterator,InputIt,InputIt)", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "vector", True, "insert<InputIt>", "(const_iterator,InputIt,InputIt)", "", "Argument[1].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "vector", True, "insert<InputIt>", "(const_iterator,InputIt,InputIt)", "", "Argument[1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "vector", True, "operator=", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "vector", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["std", "vector", True, "push_back", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "vector", True, "rbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "vector", True, "rcbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "vector", True, "vector", "(const vector &)", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "vector", True, "vector", "(vector &&)", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "vector<T,Allocator>", True, "vector", "(const vector &,const Allocator &)", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "vector<T,Allocator>", True, "vector", "(size_type,const T &,const Allocator &)", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "vector<T,Allocator>", True, "vector", "(vector &&,const Allocator &)", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "vector<T,Allocator>", True, "vector<InputIterator>", "(InputIterator,InputIterator,const Allocator &)", "", "Argument[0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "vector<T>", True, "insert", "(const_iterator,const T &)", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "vector<T>", True, "insert", "(const_iterator,const T &)", "", "Argument[*@1]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "vector<T>", True, "insert", "(const_iterator,const T &)", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "vector<T>", True, "insert", "(const_iterator,size_type,const T &)", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "vector<T>", True, "insert", "(const_iterator,size_type,const T &)", "", "Argument[*@2]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "vector<T>", True, "insert", "(const_iterator,size_type,const T &)", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "vector<T>", True, "insert", "(const_iterator,T &&)", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["std", "vector<T>", True, "insert", "(const_iterator,T &&)", "", "Argument[*@1]", "ReturnValue.Element[@]", "value", "manual"]
-      - ["std", "vector<T>", True, "insert", "(const_iterator,T &&)", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]

cpp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 1.4.1-dev
+version: 0.13.1-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp
@@ -14,8 +14,4 @@ dependencies:
   codeql/tutorial: ${workspace}
   codeql/util: ${workspace}
   codeql/xml: ${workspace}
-dataExtensions:
-  - ext/*.model.yml
-  - ext/deallocation/*.model.yml
-  - ext/allocation/*.model.yml
 warnOnImplicitThis: true

cpp/ql/lib/semmle/code/cpp/Function.qll

@@ -158,26 +158,6 @@ class Function extends Declaration, ControlFlowNode, AccessHolder, @function {
    */
   predicate isConsteval() { this.hasSpecifier("is_consteval") }
 
-  /**
-   * Holds if this function is declared to be `explicit`.
-   */
-  predicate isExplicit() { this.hasSpecifier("explicit") }
-
-  /**
-   * Gets the constant expression that determines whether the function is explicit.
-   *
-   * For example, for the following code the result is the expression `sizeof(T) == 1`:
-   * ```
-   * template<typename T> struct C {
-   *   explicit(sizeof(T) == 1)
-   *   C(const T);
-   * };
-   * ```
-   */
-  Expr getExplicitExpr() {
-    explicit_specifier_exprs(underlyingElement(this), unresolveElement(result))
-  }
-
   /**
    * Holds if this function is declared with `__attribute__((naked))` or
    * `__declspec(naked)`.
@@ -918,11 +898,4 @@ class UserDefinedLiteral extends Function {
  */
 class DeductionGuide extends Function {
   DeductionGuide() { functions(underlyingElement(this), _, 8) }
-
-  /**
-   * Gets the class template for which this is a deduction guide.
-   */
-  TemplateClass getTemplateClass() {
-    deduction_guide_for_class(underlyingElement(this), unresolveElement(result))
-  }
 }

cpp/ql/lib/semmle/code/cpp/Namespace.qll

@@ -156,7 +156,7 @@ class NamespaceDeclarationEntry extends Locatable, @namespace_decl {
  * A C++ `using` directive or `using` declaration.
  */
 class UsingEntry extends Locatable, @using {
-  override Location getLocation() { usings(underlyingElement(this), _, result, _) }
+  override Location getLocation() { usings(underlyingElement(this), _, result) }
 }
 
 /**
@@ -166,13 +166,15 @@ class UsingEntry extends Locatable, @using {
  * ```
  */
 class UsingDeclarationEntry extends UsingEntry {
-  UsingDeclarationEntry() { usings(underlyingElement(this), _, _, 1) }
+  UsingDeclarationEntry() {
+    not exists(Namespace n | usings(underlyingElement(this), unresolveElement(n), _))
+  }
 
   /**
    * Gets the declaration that is referenced by this using declaration. For
    * example, `std::string` in `using std::string`.
    */
-  Declaration getDeclaration() { usings(underlyingElement(this), unresolveElement(result), _, _) }
+  Declaration getDeclaration() { usings(underlyingElement(this), unresolveElement(result), _) }
 
   override string toString() { result = "using " + this.getDeclaration().getDescription() }
 }
@@ -184,36 +186,19 @@ class UsingDeclarationEntry extends UsingEntry {
  * ```
  */
 class UsingDirectiveEntry extends UsingEntry {
-  UsingDirectiveEntry() { usings(underlyingElement(this), _, _, 2) }
+  UsingDirectiveEntry() {
+    exists(Namespace n | usings(underlyingElement(this), unresolveElement(n), _))
+  }
 
   /**
    * Gets the namespace that is referenced by this using directive. For
    * example, `std` in `using namespace std`.
    */
-  Namespace getNamespace() { usings(underlyingElement(this), unresolveElement(result), _, _) }
+  Namespace getNamespace() { usings(underlyingElement(this), unresolveElement(result), _) }
 
   override string toString() { result = "using namespace " + this.getNamespace().getFriendlyName() }
 }
 
-/**
- * A C++ `using enum` declaration. For example:
- * ```
- * enum class Foo { a, b };
- * using enum Foo;
- * ```
- */
-class UsingEnumDeclarationEntry extends UsingEntry {
-  UsingEnumDeclarationEntry() { usings(underlyingElement(this), _, _, 3) }
-
-  /**
-   * Gets the enumeration that is referenced by this using directive. For
-   * example, `Foo` in `using enum Foo`.
-   */
-  Enum getEnum() { usings(underlyingElement(this), unresolveElement(result), _, _) }
-
-  override string toString() { result = "using enum " + this.getEnum().getQualifiedName() }
-}
-
 /**
  * Holds if `g` is an instance of `GlobalNamespace`. This predicate
  * is used suppress a warning in `GlobalNamespace.getADeclaration()`

cpp/ql/lib/semmle/code/cpp/Variable.qll

@@ -410,10 +410,6 @@ class LocalVariable extends LocalScopeVariable, @localvariable {
     or
     orphaned_variables(underlyingElement(this), unresolveElement(result))
   }
-
-  override predicate isStatic() {
-    super.isStatic() or orphaned_variables(underlyingElement(this), _)
-  }
 }
 
 /**

cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll

@@ -59,7 +59,8 @@ class MatchValue extends AbstractValue, TMatchValue {
 }
 
 /**
- * A Boolean condition in the AST that guards one or more basic blocks.
+ * A Boolean condition in the AST that guards one or more basic blocks. This includes
+ * operands of logical operators but not switch statements.
  */
 cached
 class GuardCondition extends Expr {
@@ -365,42 +366,15 @@ private predicate nonExcludedIRAndBasicBlock(IRBlock irb, BasicBlock controlled)
 }
 
 /**
- * A Boolean condition in the IR that guards one or more basic blocks.
- *
- * Note that `&&` and `||` don't have an explicit representation in the IR,
- * and therefore will not appear as IRGuardConditions.
+ * A Boolean condition in the IR that guards one or more basic blocks. This includes
+ * operands of logical operators but not switch statements. Note that `&&` and `||`
+ * don't have an explicit representation in the IR, and therefore will not appear as
+ * IRGuardConditions.
  */
 cached
 class IRGuardCondition extends Instruction {
   Instruction branch;
 
-  /*
-   * An `IRGuardCondition` supports reasoning about four different kinds of
-   * relations:
-   * 1. A unary equality relation of the form `e == k`
-   * 2. A binary equality relation of the form `e1 == e2 + k`
-   * 3. A unary inequality relation of the form `e < k`
-   * 4. A binary inequality relation of the form `e1 < e2 + k`
-   *
-   * where `k` is a constant.
-   *
-   * Furthermore, the unary relations (i.e., case 1 and case 3) are also
-   * inferred from `switch` statement guards: equality relations are inferred
-   * from the unique `case` statement, if any, and inequality relations are
-   * inferred from the [case range](https://gcc.gnu.org/onlinedocs/gcc/Case-Ranges.html)
-   * gcc extension.
-   *
-   * The implementation of all four follows the same structure: Each relation
-   * has a cached user-facing predicate that. For example,
-   * `GuardCondition::comparesEq` calls `compares_eq`. This predicate has
-   * several cases that recursively decompose the relation to bring it to a
-   * canonical form (i.e., a relation of the form `e1 == e2 + k`). The base
-   * case for this relation (i.e., `simple_comparison_eq`) handles
-   * `CompareEQInstruction`s and `CompareNEInstruction`, and recursive
-   * predicates (e.g., `complex_eq`) rewrites larger expressions such as
-   * `e1 + k1 == e2 + k2` into canonical the form `e1 == e2 + (k2 - k1)`.
-   */
-
   cached
   IRGuardCondition() { branch = getBranchForCondition(this) }
 
@@ -591,7 +565,7 @@ class IRGuardCondition extends Instruction {
   /** Holds if (determined by this guard) `op == k` evaluates to `areEqual` if this expression evaluates to `value`. */
   cached
   predicate comparesEq(Operand op, int k, boolean areEqual, AbstractValue value) {
-    unary_compares_eq(this, op, k, areEqual, false, value)
+    compares_eq(this, op, k, areEqual, value)
   }
 
   /**
@@ -612,7 +586,7 @@ class IRGuardCondition extends Instruction {
   cached
   predicate ensuresEq(Operand op, int k, IRBlock block, boolean areEqual) {
     exists(AbstractValue value |
-      unary_compares_eq(this, op, k, areEqual, false, value) and this.valueControls(block, value)
+      compares_eq(this, op, k, areEqual, value) and this.valueControls(block, value)
     )
   }
 
@@ -637,7 +611,7 @@ class IRGuardCondition extends Instruction {
   cached
   predicate ensuresEqEdge(Operand op, int k, IRBlock pred, IRBlock succ, boolean areEqual) {
     exists(AbstractValue value |
-      unary_compares_eq(this, op, k, areEqual, false, value) and
+      compares_eq(this, op, k, areEqual, value) and
       this.valueControlsEdge(pred, succ, value)
     )
   }
@@ -761,80 +735,33 @@ private predicate compares_eq(
   exists(AbstractValue dual | value = dual.getDualValue() |
     compares_eq(test.(LogicalNotInstruction).getUnary(), left, right, k, areEqual, dual)
   )
-  or
-  compares_eq(test.(BuiltinExpectCallInstruction).getCondition(), left, right, k, areEqual, value)
 }
 
-/**
- * Holds if `op == k` is `areEqual` given that `test` is equal to `value`.
- *
- * Many internal predicates in this file have a `inNonZeroCase` column.
- * Ideally, the `k` column would be a type such as `Option<int>::Option`, to
- * represent whether we have a concrete value `k` such that `op == k`, or whether
- * we only know that `op != 0`.
- * However, cannot instantiate `Option` with an infinite type. Thus the boolean
- * `inNonZeroCase` is used to distinquish the `Some` (where we have a concrete
- * value `k`) and `None` cases (where we only know that `op != 0`).
- *
- * Thus, if `inNonZeroCase = true` then `op != 0` and the value of `k` is
- * meaningless.
- *
- * To see why `inNonZeroCase` is needed consider the following C program:
- * ```c
- * char* p = ...;
- * if(p) {
- *   use(p);
- * }
- * ```
- * in C++ there would be an int-to-bool conversion on `p`. However, since C
- * does not have booleans there is no conversion. We want to be able to
- * conclude that `p` is non-zero in the true branch, so we need to give `k`
- * some value. However, simply setting `k = 1` would make the rest of the
- * analysis think that `k == 1` holds inside the branch. So we distinquish
- * between the above case and
- * ```c
- * if(p == 1) {
- *   use(p)
- * }
- * ```
- * by setting `inNonZeroCase` to `true` in the former case, but not in the
- * latter.
- */
-private predicate unary_compares_eq(
-  Instruction test, Operand op, int k, boolean areEqual, boolean inNonZeroCase, AbstractValue value
+/** Holds if `op == k` is `areEqual` given that `test` is equal to `value`. */
+private predicate compares_eq(
+  Instruction test, Operand op, int k, boolean areEqual, AbstractValue value
 ) {
   /* The simple case where the test *is* the comparison so areEqual = testIsTrue xor eq. */
-  exists(AbstractValue v |
-    unary_simple_comparison_eq(test, k, inNonZeroCase, v) and op.getDef() = test
-  |
+  exists(AbstractValue v | simple_comparison_eq(test, op, k, v) |
     areEqual = true and value = v
     or
     areEqual = false and value = v.getDualValue()
   )
   or
-  unary_complex_eq(test, op, k, areEqual, inNonZeroCase, value)
+  complex_eq(test, op, k, areEqual, value)
   or
   /* (x is true => (op == k)) => (!x is false => (op == k)) */
-  exists(AbstractValue dual, boolean inNonZeroCase0 |
-    value = dual.getDualValue() and
-    unary_compares_eq(test.(LogicalNotInstruction).getUnary(), op, k, inNonZeroCase0, areEqual, dual)
-  |
-    k = 0 and inNonZeroCase = inNonZeroCase0
-    or
-    k != 0 and inNonZeroCase = true
+  exists(AbstractValue dual | value = dual.getDualValue() |
+    compares_eq(test.(LogicalNotInstruction).getUnary(), op, k, areEqual, dual)
   )
   or
   // ((test is `areEqual` => op == const + k2) and const == `k1`) =>
   // test is `areEqual` => op == k1 + k2
-  inNonZeroCase = false and
   exists(int k1, int k2, ConstantInstruction const |
     compares_eq(test, op, const.getAUse(), k2, areEqual, value) and
     int_value(const) = k1 and
     k = k1 + k2
   )
-  or
-  unary_compares_eq(test.(BuiltinExpectCallInstruction).getCondition(), op, k, areEqual,
-    inNonZeroCase, value)
 }
 
 /** Rearrange various simple comparisons into `left == right + k` form. */
@@ -854,96 +781,35 @@ private predicate simple_comparison_eq(
   value.(BooleanValue).getValue() = false
 }
 
-/**
- * Rearrange various simple comparisons into `op == k` form.
- */
-private predicate unary_simple_comparison_eq(
-  Instruction test, int k, boolean inNonZeroCase, AbstractValue value
-) {
+/** Rearrange various simple comparisons into `op == k` form. */
+private predicate simple_comparison_eq(Instruction test, Operand op, int k, AbstractValue value) {
   exists(SwitchInstruction switch, CaseEdge case |
     test = switch.getExpression() and
+    op.getDef() = test and
     case = value.(MatchValue).getCase() and
     exists(switch.getSuccessor(case)) and
-    case.getValue().toInt() = k and
-    inNonZeroCase = false
+    case.getValue().toInt() = k
   )
   or
-  // Any instruction with an integral type could potentially be part of a
-  // check for nullness when used in a guard. So we include all integral
-  // typed instructions here. However, since some of these instructions are
-  // already included as guards in other cases, we exclude those here.
-  // These are instructions that compute a binary equality or inequality
-  // relation. For example, the following:
-  // ```cpp
-  // if(a == b + 42) { ... }
-  // ```
-  // generates the following IR:
-  // ```
-  // r1(glval<int>) = VariableAddress[a]     :
-  // r2(int)        = Load[a]                : &:r1, m1
-  // r3(glval<int>) = VariableAddress[b]     :
-  // r4(int)        = Load[b]                : &:r3, m2
-  // r5(int)        = Constant[42]           :
-  // r6(int)        = Add                    : r4, r5
-  // r7(bool)       = CompareEQ              : r2, r6
-  // v1(void)       = ConditionalBranch      : r7
-  // ```
-  // and since `r7` is an integral typed instruction this predicate could
-  // include a case for when `r7` evaluates to true (in which case we would
-  // infer that `r6` was non-zero, and a case for when `r7` evaluates to false
-  // (in which case we would infer that `r6` was zero).
-  // However, since `a == b + 42` is already supported when reasoning about
-  // binary equalities we exclude those cases here.
-  not test.isGLValue() and
-  not simple_comparison_eq(test, _, _, _, _) and
-  not simple_comparison_lt(test, _, _, _) and
-  not test = any(SwitchInstruction switch).getExpression() and
-  (
-    test.getResultIRType() instanceof IRAddressType or
-    test.getResultIRType() instanceof IRIntegerType or
-    test.getResultIRType() instanceof IRBooleanType
-  ) and
-  (
-    k = 1 and
-    value.(BooleanValue).getValue() = true and
-    inNonZeroCase = true
-    or
-    k = 0 and
-    value.(BooleanValue).getValue() = false and
-    inNonZeroCase = false
-  )
-}
-
-/** A call to the builtin operation `__builtin_expect`. */
-private class BuiltinExpectCallInstruction extends CallInstruction {
-  BuiltinExpectCallInstruction() { this.getStaticCallTarget().hasName("__builtin_expect") }
-
-  /** Gets the condition of this call. */
-  Instruction getCondition() {
-    // The first parameter of `__builtin_expect` has type `long`. So we skip
-    // the conversion when inferring guards.
-    result = this.getArgument(0).(ConvertInstruction).getUnary()
-  }
-}
-
-/**
- * Holds if `left == right + k` is `areEqual` if `cmp` evaluates to `value`,
- * and `cmp` is an instruction that compares the value of
- * `__builtin_expect(left == right + k, _)` to `0`.
- */
-private predicate builtin_expect_eq(
-  CompareInstruction cmp, Operand left, Operand right, int k, boolean areEqual, AbstractValue value
-) {
-  exists(BuiltinExpectCallInstruction call, Instruction const, AbstractValue innerValue |
-    int_value(const) = 0 and
-    cmp.hasOperands(call.getAUse(), const.getAUse()) and
-    compares_eq(call.getCondition(), left, right, k, areEqual, innerValue)
+  // There's no implicit CompareInstruction in files compiled as C since C
+  // doesn't have implicit boolean conversions. So instead we check whether
+  // there's a branch on a value of pointer or integer type.
+  exists(ConditionalBranchInstruction branch, IRType type |
+    not test instanceof CompareInstruction and
+    type = test.getResultIRType() and
+    (type instanceof IRAddressType or type instanceof IRIntegerType) and
+    test = branch.getCondition() and
+    op.getDef() = test
   |
-    cmp instanceof CompareNEInstruction and
-    value = innerValue
-    or
-    cmp instanceof CompareEQInstruction and
-    value.getDualValue() = innerValue
+    // We'd like to also include a case such as:
+    // ```
+    // k = 1 and
+    // value.(BooleanValue).getValue() = true
+    // ```
+    // but all we know is that the value is non-zero in the true branch.
+    // So we can only conclude something in the false branch.
+    k = 0 and
+    value.(BooleanValue).getValue() = false
   )
 }
 
@@ -953,39 +819,14 @@ private predicate complex_eq(
   sub_eq(cmp, left, right, k, areEqual, value)
   or
   add_eq(cmp, left, right, k, areEqual, value)
-  or
-  builtin_expect_eq(cmp, left, right, k, areEqual, value)
 }
 
-/**
- * Holds if `op == k` is `areEqual` if `cmp` evaluates to `value`, and `cmp` is
- * an instruction that compares the value of `__builtin_expect(op == k, _)` to `0`.
- */
-private predicate unary_builtin_expect_eq(
-  CompareInstruction cmp, Operand op, int k, boolean areEqual, boolean inNonZeroCase,
-  AbstractValue value
+private predicate complex_eq(
+  Instruction test, Operand op, int k, boolean areEqual, AbstractValue value
 ) {
-  exists(BuiltinExpectCallInstruction call, Instruction const, AbstractValue innerValue |
-    int_value(const) = 0 and
-    cmp.hasOperands(call.getAUse(), const.getAUse()) and
-    unary_compares_eq(call.getCondition(), op, k, areEqual, inNonZeroCase, innerValue)
-  |
-    cmp instanceof CompareNEInstruction and
-    value = innerValue
-    or
-    cmp instanceof CompareEQInstruction and
-    value.getDualValue() = innerValue
-  )
-}
-
-private predicate unary_complex_eq(
-  Instruction test, Operand op, int k, boolean areEqual, boolean inNonZeroCase, AbstractValue value
-) {
-  unary_sub_eq(test, op, k, areEqual, inNonZeroCase, value)
+  sub_eq(test, op, k, areEqual, value)
   or
-  unary_add_eq(test, op, k, areEqual, inNonZeroCase, value)
-  or
-  unary_builtin_expect_eq(test, op, k, areEqual, inNonZeroCase, value)
+  add_eq(test, op, k, areEqual, value)
 }
 
 /*
@@ -1014,8 +855,7 @@ private predicate compares_lt(
 
 /** Holds if `op < k` evaluates to `isLt` given that `test` evaluates to `value`. */
 private predicate compares_lt(Instruction test, Operand op, int k, boolean isLt, AbstractValue value) {
-  unary_simple_comparison_lt(test, k, isLt, value) and
-  op.getDef() = test
+  simple_comparison_lt(test, op, k, isLt, value)
   or
   complex_lt(test, op, k, isLt, value)
   or
@@ -1062,11 +902,12 @@ private predicate simple_comparison_lt(CompareInstruction cmp, Operand left, Ope
 }
 
 /** Rearrange various simple comparisons into `op < k` form. */
-private predicate unary_simple_comparison_lt(
-  Instruction test, int k, boolean isLt, AbstractValue value
+private predicate simple_comparison_lt(
+  Instruction test, Operand op, int k, boolean isLt, AbstractValue value
 ) {
   exists(SwitchInstruction switch, CaseEdge case |
     test = switch.getExpression() and
+    op.getDef() = test and
     case = value.(MatchValue).getCase() and
     exists(switch.getSuccessor(case)) and
     case.getMaxValue() > case.getMinValue()
@@ -1249,20 +1090,16 @@ private predicate sub_eq(
 }
 
 // op - x == c => op == (c+x)
-private predicate unary_sub_eq(
-  Instruction test, Operand op, int k, boolean areEqual, boolean inNonZeroCase, AbstractValue value
-) {
-  inNonZeroCase = false and
+private predicate sub_eq(Instruction test, Operand op, int k, boolean areEqual, AbstractValue value) {
   exists(SubInstruction sub, int c, int x |
-    unary_compares_eq(test, sub.getAUse(), c, areEqual, inNonZeroCase, value) and
+    compares_eq(test, sub.getAUse(), c, areEqual, value) and
     op = sub.getLeftOperand() and
     x = int_value(sub.getRight()) and
     k = c + x
   )
   or
-  inNonZeroCase = false and
   exists(PointerSubInstruction sub, int c, int x |
-    unary_compares_eq(test, sub.getAUse(), c, areEqual, inNonZeroCase, value) and
+    compares_eq(test, sub.getAUse(), c, areEqual, value) and
     op = sub.getLeftOperand() and
     x = int_value(sub.getRight()) and
     k = c + x
@@ -1316,13 +1153,11 @@ private predicate add_eq(
 }
 
 // left + x == right + c => left == right + (c-x)
-private predicate unary_add_eq(
-  Instruction test, Operand left, int k, boolean areEqual, boolean inNonZeroCase,
-  AbstractValue value
+private predicate add_eq(
+  Instruction test, Operand left, int k, boolean areEqual, AbstractValue value
 ) {
-  inNonZeroCase = false and
   exists(AddInstruction lhs, int c, int x |
-    unary_compares_eq(test, lhs.getAUse(), c, areEqual, inNonZeroCase, value) and
+    compares_eq(test, lhs.getAUse(), c, areEqual, value) and
     (
       left = lhs.getLeftOperand() and x = int_value(lhs.getRight())
       or
@@ -1331,9 +1166,8 @@ private predicate unary_add_eq(
     k = c - x
   )
   or
-  inNonZeroCase = false and
   exists(PointerAddInstruction lhs, int c, int x |
-    unary_compares_eq(test, lhs.getAUse(), c, areEqual, inNonZeroCase, value) and
+    compares_eq(test, lhs.getAUse(), c, areEqual, value) and
     (
       left = lhs.getLeftOperand() and x = int_value(lhs.getRight())
       or

cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll

@@ -14,22 +14,16 @@
  * The interpretation of a row is similar to API-graphs with a left-to-right
  * reading.
  * 1. The `namespace` column selects a namespace.
- * 2. The `type` column selects a type within that namespace. This column can
- *    introduce template names that can be mentioned in the `signature` column.
- *    For example, `vector<T,Allocator>` introduces the template names `T` and
- *    `Allocator`.
+ * 2. The `type` column selects a type within that namespace.
  * 3. The `subtypes` is a boolean that indicates whether to jump to an
  *    arbitrary subtype of that type. Set this to `false` if leaving the `type`
  *    blank (for example, a free function).
  * 4. The `name` column optionally selects a specific named member of the type.
- *    Like the `type` column, this column can introduce template names that can
- *    be mentioned in the `signature` column. For example, `insert<InputIt>`
- *    introduces the template name `InputIt`.
  * 5. The `signature` column optionally restricts the named member. If
  *    `signature` is blank then no such filtering is done. The format of the
  *    signature is a comma-separated list of types enclosed in parentheses. The
- *    types must be stripped of template names. That is, write `const vector &`
- *    instead of `const vector<T> &`.
+ *    types can be short names or fully qualified names (mixing these two options
+ *    is not allowed within a single signature).
  * 6. The `ext` column specifies additional API-graph-like edges. Currently
  *    there is only one valid value: "".
  * 7. The `input` column specifies how data enters the element selected by the
@@ -50,9 +44,6 @@
  *      One or more "*" can be added as an argument to indicate indirection, for
  *      example, "ReturnValue[*]" indicates the first indirection of the return
  *      value.
- *    The special symbol `@` can be used to specify an arbitrary (but fixed)
- *    number of indirections. For example, the `input` column `Argument[*@0]`
- *    indicates one or more indirections of the 0th argument.
  *
  *    An `output` can be either:
  *    - "": Selects a read of a selected field.
@@ -74,17 +65,6 @@
  *      One or more "*" can be added as an argument to indicate indirection, for
  *      example, "ReturnValue[*]" indicates the first indirection of the return
  *      value.
- *    The special symbol `@` can be used to specify an arbitrary (but fixed)
- *    number of indirections. For example, the `output` column
- *    `ReturnValue[*@0]` indicates one or more indirections of the return
- *    value.
- *    Note: The symbol `@` only ever takes a single value across a row. Thus,
- *    the (`input`, `output`) pair `("Argument[*@0]", "ReturnValue[@]")`
- *    represents:
- *    - flow from the _first_ indirection of the 0th argument to the return
- *    value, and
- *    - flow from the _second_ indirection of the 0th argument to the first
- *    indirection of the return value, etc.
  * 8. The `kind` column is a tag that can be referenced from QL to determine to
  *    which classes the interpreted elements should be added. For example, for
  *    sources "remote" indicates a default remote flow source, and for summaries
@@ -94,13 +74,10 @@
 
 import cpp
 private import new.DataFlow
-private import semmle.code.cpp.ir.dataflow.internal.DataFlowPrivate as Private
-private import semmle.code.cpp.ir.dataflow.internal.DataFlowUtil
 private import internal.FlowSummaryImpl
 private import internal.FlowSummaryImpl::Public
 private import internal.FlowSummaryImpl::Private
 private import internal.FlowSummaryImpl::Private::External
-private import internal.ExternalFlowExtensions as Extensions
 private import codeql.mad.ModelValidation as SharedModelVal
 private import codeql.util.Unit
 
@@ -146,7 +123,7 @@ predicate summaryModel(string row) { any(SummaryModelCsv s).row(row) }
 /** Holds if a source model exists for the given parameters. */
 predicate sourceModel(
   string namespace, string type, boolean subtypes, string name, string signature, string ext,
-  string output, string kind, string provenance, string model
+  string output, string kind, string provenance
 ) {
   exists(string row |
     sourceModel(row) and
@@ -160,20 +137,13 @@ predicate sourceModel(
     row.splitAt(";", 6) = output and
     row.splitAt(";", 7) = kind
   ) and
-  provenance = "manual" and
-  model = ""
-  or
-  exists(QlBuiltins::ExtensionId madId |
-    Extensions::sourceModel(namespace, type, subtypes, name, signature, ext, output, kind,
-      provenance, madId) and
-    model = "MaD:" + madId.toString()
-  )
+  provenance = "manual"
 }
 
 /** Holds if a sink model exists for the given parameters. */
 predicate sinkModel(
   string namespace, string type, boolean subtypes, string name, string signature, string ext,
-  string input, string kind, string provenance, string model
+  string input, string kind, string provenance
 ) {
   exists(string row |
     sinkModel(row) and
@@ -187,24 +157,13 @@ predicate sinkModel(
     row.splitAt(";", 6) = input and
     row.splitAt(";", 7) = kind
   ) and
-  provenance = "manual" and
-  model = ""
-  or
-  exists(QlBuiltins::ExtensionId madId |
-    Extensions::sinkModel(namespace, type, subtypes, name, signature, ext, input, kind, provenance,
-      madId) and
-    model = "MaD:" + madId.toString()
-  )
+  provenance = "manual"
 }
 
-/**
- * Holds if a summary model exists for the given parameters.
- *
- * This predicate does not expand `@` to `*`s.
- */
-private predicate summaryModel0(
+/** Holds if a summary model exists for the given parameters. */
+predicate summaryModel(
   string namespace, string type, boolean subtypes, string name, string signature, string ext,
-  string input, string output, string kind, string provenance, string model
+  string input, string output, string kind, string provenance
 ) {
   exists(string row |
     summaryModel(row) and
@@ -219,48 +178,13 @@ private predicate summaryModel0(
     row.splitAt(";", 7) = output and
     row.splitAt(";", 8) = kind
   ) and
-  provenance = "manual" and
-  model = ""
-  or
-  exists(QlBuiltins::ExtensionId madId |
-    Extensions::summaryModel(namespace, type, subtypes, name, signature, ext, input, output, kind,
-      provenance, madId) and
-    model = "MaD:" + madId.toString()
-  )
-}
-
-/**
- * Holds if `input` is `input0`, but with all occurrences of `@` replaced
- * by `n` repetitions of `*` (and similarly for `output` and `output0`).
- */
-bindingset[input0, output0, n]
-pragma[inline_late]
-private predicate expandInputAndOutput(
-  string input0, string input, string output0, string output, int n
-) {
-  input = input0.replaceAll("@", repeatStars(n)) and
-  output = output0.replaceAll("@", repeatStars(n))
-}
-
-/**
- * Holds if a summary model exists for the given parameters.
- */
-predicate summaryModel(
-  string namespace, string type, boolean subtypes, string name, string signature, string ext,
-  string input, string output, string kind, string provenance, string model
-) {
-  exists(string input0, string output0 |
-    summaryModel0(namespace, type, subtypes, name, signature, ext, input0, output0, kind,
-      provenance, model) and
-    expandInputAndOutput(input0, input, output0, output,
-      [0 .. Private::getMaxElementContentIndirectionIndex() - 1])
-  )
+  provenance = "manual"
 }
 
 private predicate relevantNamespace(string namespace) {
-  sourceModel(namespace, _, _, _, _, _, _, _, _, _) or
-  sinkModel(namespace, _, _, _, _, _, _, _, _, _) or
-  summaryModel(namespace, _, _, _, _, _, _, _, _, _, _)
+  sourceModel(namespace, _, _, _, _, _, _, _, _) or
+  sinkModel(namespace, _, _, _, _, _, _, _, _) or
+  summaryModel(namespace, _, _, _, _, _, _, _, _, _)
 }
 
 private predicate namespaceLink(string shortns, string longns) {
@@ -279,10 +203,8 @@ private predicate canonicalNamespaceLink(string namespace, string subns) {
 }
 
 /**
- * Holds if MaD framework coverage of `namespace` is `n` api endpoints of the
- * kind `(kind, part)`, and `namespaces` is the number of subnamespaces of
- * `namespace` which have MaD framework coverage (including `namespace`
- * itself).
+ * Holds if CSV framework coverage of `namespace` is `n` api endpoints of the
+ * kind `(kind, part)`.
  */
 predicate modelCoverage(string namespace, int namespaces, string kind, string part, int n) {
   namespaces = strictcount(string subns | canonicalNamespaceLink(namespace, subns)) and
@@ -290,17 +212,17 @@ predicate modelCoverage(string namespace, int namespaces, string kind, string pa
     part = "source" and
     n =
       strictcount(string subns, string type, boolean subtypes, string name, string signature,
-        string ext, string output, string provenance, string model |
+        string ext, string output, string provenance |
         canonicalNamespaceLink(namespace, subns) and
-        sourceModel(subns, type, subtypes, name, signature, ext, output, kind, provenance, model)
+        sourceModel(subns, type, subtypes, name, signature, ext, output, kind, provenance)
       )
     or
     part = "sink" and
     n =
       strictcount(string subns, string type, boolean subtypes, string name, string signature,
-        string ext, string input, string provenance, string model |
+        string ext, string input, string provenance |
         canonicalNamespaceLink(namespace, subns) and
-        sinkModel(subns, type, subtypes, name, signature, ext, input, kind, provenance, model)
+        sinkModel(subns, type, subtypes, name, signature, ext, input, kind, provenance)
       )
     or
     part = "summary" and
@@ -308,7 +230,7 @@ predicate modelCoverage(string namespace, int namespaces, string kind, string pa
       strictcount(string subns, string type, boolean subtypes, string name, string signature,
         string ext, string input, string output, string provenance |
         canonicalNamespaceLink(namespace, subns) and
-        summaryModel(subns, type, subtypes, name, signature, ext, input, output, kind, provenance, _)
+        summaryModel(subns, type, subtypes, name, signature, ext, input, output, kind, provenance)
       )
   )
 }
@@ -317,9 +239,9 @@ predicate modelCoverage(string namespace, int namespaces, string kind, string pa
 module CsvValidation {
   private string getInvalidModelInput() {
     exists(string pred, AccessPath input, string part |
-      sinkModel(_, _, _, _, _, _, input, _, _, _) and pred = "sink"
+      sinkModel(_, _, _, _, _, _, input, _, _) and pred = "sink"
       or
-      summaryModel(_, _, _, _, _, _, input, _, _, _, _) and pred = "summary"
+      summaryModel(_, _, _, _, _, _, input, _, _, _) and pred = "summary"
     |
       (
         invalidSpecComponent(input, part) and
@@ -336,9 +258,9 @@ module CsvValidation {
 
   private string getInvalidModelOutput() {
     exists(string pred, string output, string part |
-      sourceModel(_, _, _, _, _, _, output, _, _, _) and pred = "source"
+      sourceModel(_, _, _, _, _, _, output, _, _) and pred = "source"
       or
-      summaryModel(_, _, _, _, _, _, _, output, _, _, _) and pred = "summary"
+      summaryModel(_, _, _, _, _, _, _, output, _, _) and pred = "summary"
     |
       invalidSpecComponent(output, part) and
       not part = "" and
@@ -348,11 +270,11 @@ module CsvValidation {
   }
 
   private module KindValConfig implements SharedModelVal::KindValidationConfigSig {
-    predicate summaryKind(string kind) { summaryModel(_, _, _, _, _, _, _, _, kind, _, _) }
+    predicate summaryKind(string kind) { summaryModel(_, _, _, _, _, _, _, _, kind, _) }
 
-    predicate sinkKind(string kind) { sinkModel(_, _, _, _, _, _, _, kind, _, _) }
+    predicate sinkKind(string kind) { sinkModel(_, _, _, _, _, _, _, kind, _) }
 
-    predicate sourceKind(string kind) { sourceModel(_, _, _, _, _, _, _, kind, _, _) }
+    predicate sourceKind(string kind) { sourceModel(_, _, _, _, _, _, _, kind, _) }
   }
 
   private module KindVal = SharedModelVal::KindValidation<KindValConfig>;
@@ -393,16 +315,16 @@ module CsvValidation {
 
   private string getInvalidModelSignature() {
     exists(string pred, string namespace, string type, string name, string signature, string ext |
-      sourceModel(namespace, type, _, name, signature, ext, _, _, _, _) and pred = "source"
+      sourceModel(namespace, type, _, name, signature, ext, _, _, _) and pred = "source"
       or
-      sinkModel(namespace, type, _, name, signature, ext, _, _, _, _) and pred = "sink"
+      sinkModel(namespace, type, _, name, signature, ext, _, _, _) and pred = "sink"
       or
-      summaryModel(namespace, type, _, name, signature, ext, _, _, _, _, _) and pred = "summary"
+      summaryModel(namespace, type, _, name, signature, ext, _, _, _, _) and pred = "summary"
     |
-      not namespace.regexpMatch("[a-zA-Z0-9_\\.:]*") and
+      not namespace.regexpMatch("[a-zA-Z0-9_\\.]+") and
       result = "Dubious namespace \"" + namespace + "\" in " + pred + " model."
       or
-      not type.regexpMatch("[a-zA-Z0-9_<>,\\+]*") and
+      not type.regexpMatch("[a-zA-Z0-9_<>,\\+]+") and
       result = "Dubious type \"" + type + "\" in " + pred + " model."
       or
       not name.regexpMatch("[a-zA-Z0-9_<>,]*") and
@@ -429,352 +351,38 @@ module CsvValidation {
 private predicate elementSpec(
   string namespace, string type, boolean subtypes, string name, string signature, string ext
 ) {
-  sourceModel(namespace, type, subtypes, name, signature, ext, _, _, _, _) or
-  sinkModel(namespace, type, subtypes, name, signature, ext, _, _, _, _) or
-  summaryModel(namespace, type, subtypes, name, signature, ext, _, _, _, _, _)
+  sourceModel(namespace, type, subtypes, name, signature, ext, _, _, _) or
+  sinkModel(namespace, type, subtypes, name, signature, ext, _, _, _) or
+  summaryModel(namespace, type, subtypes, name, signature, ext, _, _, _, _)
 }
 
-/** Gets the fully templated version of `f`. */
-private Function getFullyTemplatedFunction(Function f) {
-  not f.isFromUninstantiatedTemplate(_) and
-  (
-    exists(Class c, Class templateClass, int i |
-      c.isConstructedFrom(templateClass) and
-      f = c.getAMember(i) and
-      result = templateClass.getCanonicalMember(i)
-    )
+private string paramsStringPart(Function c, int i) {
+  i = -1 and result = "(" and exists(c)
+  or
+  exists(int n, string p | c.getParameter(n).getType().toString() = p |
+    i = 2 * n and result = p
     or
-    not exists(f.getDeclaringType()) and
-    f.isConstructedFrom(result)
-  )
-}
-
-/**
- * Gets the type name of the `n`'th parameter of `f` without any template
- * arguments.
- */
-bindingset[f]
-pragma[inline_late]
-string getParameterTypeWithoutTemplateArguments(Function f, int n) {
-  exists(string s, string base, string specifiers |
-    s = f.getParameter(n).getType().getName() and
-    parseAngles(s, base, _, specifiers) and
-    result = base + specifiers
-  )
-}
-
-/**
- * Normalize the `n`'th parameter of `f` by replacing template names
- * with `func:N` (where `N` is the index of the template).
- */
-private string getTypeNameWithoutFunctionTemplates(Function f, int n, int remaining) {
-  exists(Function templateFunction |
-    templateFunction = getFullyTemplatedFunction(f) and
-    remaining = templateFunction.getNumberOfTemplateArguments() and
-    result = getParameterTypeWithoutTemplateArguments(templateFunction, n)
+    i = 2 * n - 1 and result = "," and n != 0
   )
   or
-  exists(string mid, TemplateParameter tp, Function templateFunction |
-    mid = getTypeNameWithoutFunctionTemplates(f, n, remaining + 1) and
-    templateFunction = getFullyTemplatedFunction(f) and
-    tp = templateFunction.getTemplateArgument(remaining) and
-    result = mid.replaceAll(tp.getName(), "func:" + remaining.toString())
-  )
+  i = 2 * c.getNumberOfParameters() and result = ")"
 }
 
 /**
- * Normalize the `n`'th parameter of `f` by replacing template names
- * with `class:N` (where `N` is the index of the template).
- */
-private string getTypeNameWithoutClassTemplates(Function f, int n, int remaining) {
-  // If there is a declaring type then we start by expanding the function templates
-  exists(Class template |
-    f.getDeclaringType().isConstructedFrom(template) and
-    remaining = template.getNumberOfTemplateArguments() and
-    result = getTypeNameWithoutFunctionTemplates(f, n, 0)
-  )
-  or
-  // If there is no declaring type we're done after expanding the function templates
-  not exists(f.getDeclaringType()) and
-  remaining = 0 and
-  result = getTypeNameWithoutFunctionTemplates(f, n, 0)
-  or
-  exists(string mid, TemplateParameter tp, Class template |
-    mid = getTypeNameWithoutClassTemplates(f, n, remaining + 1) and
-    f.getDeclaringType().isConstructedFrom(template) and
-    tp = template.getTemplateArgument(remaining) and
-    result = mid.replaceAll(tp.getName(), "class:" + remaining.toString())
-  )
-}
-
-/** Gets the string representation of the `i`'th parameter of `c`. */
-private string getParameterTypeName(Function c, int i) {
-  result = getTypeNameWithoutClassTemplates(c, i, 0)
-}
-
-/** Splits `s` by `,` and gets the `i`'th element. */
-bindingset[s]
-pragma[inline_late]
-private string getAtIndex(string s, int i) {
-  result = s.splitAt(",", i) and
-  // when `s` is `""` and `i` is `0` we get `result = ""` which we don't want.
-  not (s = "" and i = 0)
-}
-
-/**
- * Normalizes `partiallyNormalizedSignature` by replacing the `remaining`
- * number of template arguments in `partiallyNormalizedSignature` with their
- * index in `typeArgs`.
- */
-private string getSignatureWithoutClassTemplateNames(
-  string partiallyNormalizedSignature, string typeArgs, string nameArgs, int remaining
-) {
-  elementSpecWithArguments0(_, _, _, partiallyNormalizedSignature, typeArgs, nameArgs) and
-  remaining = count(partiallyNormalizedSignature.indexOf(",")) + 1 and
-  result = partiallyNormalizedSignature
-  or
-  exists(string mid |
-    mid =
-      getSignatureWithoutClassTemplateNames(partiallyNormalizedSignature, typeArgs, nameArgs,
-        remaining + 1)
-  |
-    exists(string typeArg |
-      typeArg = getAtIndex(typeArgs, remaining) and
-      result = mid.replaceAll(typeArg, "class:" + remaining.toString())
-    )
-    or
-    // Make sure `remaining` is properly bound
-    remaining = [0 .. count(partiallyNormalizedSignature.indexOf(",")) + 1] and
-    not exists(getAtIndex(typeArgs, remaining)) and
-    result = mid
-  )
-}
-
-/**
- * Normalizes `partiallyNormalizedSignature` by replacing:
- * - _All_ the template arguments in `partiallyNormalizedSignature` that refer to
- * template parameters in `typeArgs` with their index in `typeArgs`, and
- * - The `remaining` number of template arguments in `partiallyNormalizedSignature`
- * with their index in `nameArgs`.
- */
-private string getSignatureWithoutFunctionTemplateNames(
-  string partiallyNormalizedSignature, string typeArgs, string nameArgs, int remaining
-) {
-  remaining = count(partiallyNormalizedSignature.indexOf(",")) + 1 and
-  result =
-    getSignatureWithoutClassTemplateNames(partiallyNormalizedSignature, typeArgs, nameArgs, 0)
-  or
-  exists(string mid |
-    mid =
-      getSignatureWithoutFunctionTemplateNames(partiallyNormalizedSignature, typeArgs, nameArgs,
-        remaining + 1)
-  |
-    exists(string nameArg |
-      nameArg = getAtIndex(nameArgs, remaining) and
-      result = mid.replaceAll(nameArg, "func:" + remaining.toString())
-    )
-    or
-    // Make sure `remaining` is properly bound
-    remaining = [0 .. count(partiallyNormalizedSignature.indexOf(",")) + 1] and
-    not exists(getAtIndex(nameArgs, remaining)) and
-    result = mid
-  )
-}
-
-/**
- * Holds if `elementSpec(_, type, _, name, signature, _)` holds and
- * - `typeArgs` represents the named template parameters supplied to `type`, and
- * - `nameArgs` represents the named template parameters supplied to `name`, and
- * - `normalizedSignature` is `signature`, except with
- *    - template parameter names replaced by `func:i` if the template name is
- *      the `i`'th entry in `nameArgs`, and
- *    - template parameter names replaced by `class:i` if the template name is
- *      the `i`'th entry in `typeArgs`.
+ * Gets a parenthesized string containing all parameter types of this callable, separated by a comma.
  *
- * In other words, the string `normalizedSignature` represents a "normalized"
- * signature with no mention of any free template parameters.
- *
- * For example, consider a summary row such as:
- * ```
- * elementSpec(_, "MyClass<B, C>", _, myFunc<A>, "(const A &,int,C,B *)", _)
- * ```
- * In this case, `normalizedSignature` will be `"(const func:0 &,int,class:1,class:0 *)"`.
+ * Returns the empty string if the callable has no parameters.
+ * Parameter types are represented by their type erasure.
  */
-private predicate elementSpecWithArguments(
-  string signature, string type, string name, string normalizedSignature, string typeArgs,
-  string nameArgs
-) {
-  exists(string signatureWithoutParens |
-    elementSpecWithArguments0(signature, type, name, signatureWithoutParens, typeArgs, nameArgs) and
-    normalizedSignature =
-      getSignatureWithoutFunctionTemplateNames(signatureWithoutParens, typeArgs, nameArgs, 0)
-  )
+cached
+private string paramsString(Function c) {
+  result = concat(int i | | paramsStringPart(c, i) order by i)
 }
 
-/** Gets the `n`'th normalized signature parameter for the function `name` in class `type`. */
-private string getSignatureParameterName(string signature, string type, string name, int n) {
-  exists(string normalizedSignature |
-    elementSpecWithArguments(signature, type, name, normalizedSignature, _, _) and
-    result = getAtIndex(normalizedSignature, n)
-  )
-}
-
-/**
- * Holds if the suffix containing the entries in `signature` starting at entry
- * `i` matches the suffix containing the parameters of `func` starting at entry `i`.
- *
- * For example, consider the signature `(int,bool,char)` and a function:
- * ```
- * void f(int a, bool b, char c);
- * ```
- * 1. The predicate holds for `i = 2` because the suffix containing all the entries
- * in `signature` starting at `2` is `char`, and suffix containing all the parameters
- * of `func` starting at `2` is `char`.
- * 2. The predicate holds for `i = 1` because the suffix containing all the entries
- * in `signature` starting at `1` is `bool,char`, and the suffix containing all the
- * parameters of `func` starting at `1` is `bool, char`.
- * 3. The predicate holds for `i = 0` because the suffix containing all the entries
- * in `signature` starting at `0` is `int,bool,char` and the suffix containing all
- * the parameters of `func` starting at `0` is `int, bool, char`.
- *
- * When `paramsString(func)[i]` is `class:n` then the signature name is
- * compared with the `n`'th name in `type`, and when `paramsString(func)[i]`
- * is `func:n` then the signature name is compared with the `n`'th name
- * in `name`.
- */
-private predicate signatureMatches(Function func, string signature, string type, string name, int i) {
-  exists(string s |
-    s = getSignatureParameterName(signature, type, name, i) and
-    s = getParameterTypeName(func, i)
-  ) and
-  if exists(getParameterTypeName(func, i + 1))
-  then signatureMatches(func, signature, type, name, i + 1)
-  else i = count(signature.indexOf(","))
-}
-
-/**
- * Internal: Do not use.
- *
- * This module only exists to expose internal predicates for testing purposes.
- */
-module ExternalFlowDebug {
-  /**
-   * INTERNAL: Do not use.
-   *
-   * Exposed for testing purposes.
-   */
-  predicate signatureMatches_debug = signatureMatches/5;
-
-  /**
-   * INTERNAL: Do not use.
-   *
-   * Exposed for testing purposes.
-   */
-  predicate getSignatureParameterName_debug = getSignatureParameterName/4;
-
-  /**
-   * INTERNAL: Do not use.
-   *
-   * Exposed for testing purposes.
-   */
-  predicate getParameterTypeName_debug = getParameterTypeName/2;
-}
-
-/**
- * Holds if `s` can be broken into a string of the form
- * `beforeAngles<betweenAngles>`,
- * or `s = beforeAngles` where `beforeAngles` does not have any brackets.
- */
-bindingset[s]
-pragma[inline_late]
-private predicate parseAngles(
-  string s, string beforeAngles, string betweenAngles, string afterAngles
-) {
-  beforeAngles = s.regexpCapture("([^<]+)(?:<([^>]+)>(.*))?", 1) and
-  (
-    betweenAngles = s.regexpCapture("([^<]+)(?:<([^>]+)>(.*))?", 2) and
-    afterAngles = s.regexpCapture("([^<]+)(?:<([^>]+)>(.*))?", 3)
-    or
-    not exists(s.regexpCapture("([^<]+)(?:<([^>]+)>(.*))?", 2)) and
-    betweenAngles = "" and
-    afterAngles = ""
-  )
-}
-
-/** Holds if `s` can be broken into a string of the form `(betweenParens)`. */
-bindingset[s]
-pragma[inline_late]
-private predicate parseParens(string s, string betweenParens) { s = "(" + betweenParens + ")" }
-
-/**
- * Holds if `elementSpec(_, type, _, name, signature, _)` and:
- * - `type` introduces template parameters `typeArgs`, and
- * - `name` introduces template parameters `nameArgs`, and
- * - `signatureWithoutParens` equals `signature`, but with the surrounding
- *    parentheses removed.
- */
-private predicate elementSpecWithArguments0(
-  string signature, string type, string name, string signatureWithoutParens, string typeArgs,
-  string nameArgs
-) {
-  elementSpec(_, type, _, name, signature, _) and
-  parseAngles(name, _, nameArgs, "") and
-  (
-    type = "" and typeArgs = ""
-    or
-    parseAngles(type, _, typeArgs, "")
-  ) and
-  parseParens(signature, signatureWithoutParens)
-}
-
-/**
- * Holds if `elementSpec(namespace, type, subtypes, name, signature, _)` and
- * `func`'s signature matches `signature`.
- *
- * `signature` may contain template parameter names that are bound by `type` and `name`.
- */
-pragma[nomagic]
-private predicate elementSpecMatchesSignature(
-  Function func, string namespace, string type, boolean subtypes, string name, string signature
-) {
-  elementSpec(namespace, pragma[only_bind_into](type), subtypes, pragma[only_bind_into](name),
-    pragma[only_bind_into](signature), _) and
-  signatureMatches(func, signature, type, name, 0)
-}
-
-/**
- * Holds if `classWithMethod` has `method` named `name` (excluding any
- * template parameters).
- */
-bindingset[name]
-pragma[inline_late]
-private predicate hasClassAndName(Class classWithMethod, Function method, string name) {
-  exists(string nameWithoutArgs |
-    parseAngles(name, nameWithoutArgs, _, "") and
-    classWithMethod = method.getClassAndName(nameWithoutArgs)
-  )
-}
-
-bindingset[name]
-pragma[inline_late]
-private predicate funcHasQualifiedName(Function func, string namespace, string name) {
-  exists(string nameWithoutArgs |
-    parseAngles(name, nameWithoutArgs, _, "") and
-    func.hasQualifiedName(namespace, nameWithoutArgs)
-  )
-}
-
-/**
- * Holds if `namedClass` is in namespace `namespace` and has
- * name `type` (excluding any template parameters).
- */
-bindingset[type, namespace]
-pragma[inline_late]
-private predicate classHasQualifiedName(Class namedClass, string namespace, string type) {
-  exists(string typeWithoutArgs |
-    parseAngles(type, typeWithoutArgs, _, "") and
-    namedClass.hasQualifiedName(namespace, typeWithoutArgs)
-  )
+bindingset[func]
+private predicate matchesSignature(Function func, string signature) {
+  signature = "" or
+  paramsString(func) = signature
 }
 
 /**
@@ -791,42 +399,34 @@ pragma[nomagic]
 private Element interpretElement0(
   string namespace, string type, boolean subtypes, string name, string signature
 ) {
+  elementSpec(namespace, type, subtypes, name, signature, _) and
   (
     // Non-member functions
-    elementSpec(namespace, type, subtypes, name, signature, _) and
-    subtypes = false and
-    type = "" and
-    (
-      elementSpecMatchesSignature(result, namespace, type, subtypes, name, signature)
-      or
-      signature = "" and
-      elementSpec(namespace, type, subtypes, name, "", _) and
-      funcHasQualifiedName(result, namespace, name)
+    exists(Function func |
+      func.hasQualifiedName(namespace, name) and
+      type = "" and
+      matchesSignature(func, signature) and
+      subtypes = false and
+      not exists(func.getDeclaringType()) and
+      result = func
     )
     or
     // Member functions
-    exists(Class namedClass, Class classWithMethod |
-      (
-        elementSpecMatchesSignature(result, namespace, type, subtypes, name, signature) and
-        hasClassAndName(classWithMethod, result, name)
-        or
-        signature = "" and
-        elementSpec(namespace, type, subtypes, name, "", _) and
-        hasClassAndName(classWithMethod, result, name)
-      ) and
-      classHasQualifiedName(namedClass, namespace, type) and
-      (
-        // member declared in the named type or a subtype of it
-        subtypes = true and
-        classWithMethod = namedClass.getADerivedClass*()
-        or
-        // member declared directly in the named type
-        subtypes = false and
-        classWithMethod = namedClass
-      )
+    exists(Class namedClass, Class classWithMethod, Function method |
+      classWithMethod = method.getClassAndName(name) and
+      namedClass.hasQualifiedName(namespace, type) and
+      matchesSignature(method, signature) and
+      result = method
+    |
+      // member declared in the named type or a subtype of it
+      subtypes = true and
+      classWithMethod = namedClass.getADerivedClass*()
+      or
+      // member declared directly in the named type
+      subtypes = false and
+      classWithMethod = namedClass
     )
     or
-    elementSpec(namespace, type, subtypes, name, signature, _) and
     // Member variables
     signature = "" and
     exists(Class namedClass, Class classWithMember, MemberVariable member |
@@ -845,7 +445,6 @@ private Element interpretElement0(
     )
     or
     // Global or namespace variables
-    elementSpec(namespace, type, subtypes, name, signature, _) and
     signature = "" and
     type = "" and
     subtypes = false and
@@ -870,9 +469,9 @@ private module Cached {
    * model.
    */
   cached
-  predicate sourceNode(DataFlow::Node node, string kind, string model) {
+  predicate sourceNode(DataFlow::Node node, string kind) {
     exists(SourceSinkInterpretationInput::InterpretNode n |
-      isSourceNode(n, kind, model) and n.asNode() = node
+      isSourceNode(n, kind, _) and n.asNode() = node // TODO
     )
   }
 
@@ -881,57 +480,40 @@ private module Cached {
    * model.
    */
   cached
-  predicate sinkNode(DataFlow::Node node, string kind, string model) {
+  predicate sinkNode(DataFlow::Node node, string kind) {
     exists(SourceSinkInterpretationInput::InterpretNode n |
-      isSinkNode(n, kind, model) and n.asNode() = node
+      isSinkNode(n, kind, _) and n.asNode() = node // TODO
     )
   }
 }
 
 import Cached
 
-/**
- * Holds if `node` is specified as a source with the given kind in a MaD flow
- * model.
- */
-predicate sourceNode(DataFlow::Node node, string kind) { sourceNode(node, kind, _) }
-
-/**
- * Holds if `node` is specified as a sink with the given kind in a MaD flow
- * model.
- */
-predicate sinkNode(DataFlow::Node node, string kind) { sinkNode(node, kind, _) }
-
 private predicate interpretSummary(
-  Function f, string input, string output, string kind, string provenance, string model
+  Function f, string input, string output, string kind, string provenance
 ) {
   exists(
     string namespace, string type, boolean subtypes, string name, string signature, string ext
   |
-    summaryModel(namespace, type, subtypes, name, signature, ext, input, output, kind, provenance,
-      model) and
+    summaryModel(namespace, type, subtypes, name, signature, ext, input, output, kind, provenance) and
     f = interpretElement(namespace, type, subtypes, name, signature, ext)
   )
 }
 
 // adapter class for converting Mad summaries to `SummarizedCallable`s
 private class SummarizedCallableAdapter extends SummarizedCallable {
-  SummarizedCallableAdapter() { interpretSummary(this, _, _, _, _, _) }
+  SummarizedCallableAdapter() { interpretSummary(this, _, _, _, _) }
 
-  private predicate relevantSummaryElementManual(
-    string input, string output, string kind, string model
-  ) {
+  private predicate relevantSummaryElementManual(string input, string output, string kind) {
     exists(Provenance provenance |
-      interpretSummary(this, input, output, kind, provenance, model) and
+      interpretSummary(this, input, output, kind, provenance) and
       provenance.isManual()
     )
   }
 
-  private predicate relevantSummaryElementGenerated(
-    string input, string output, string kind, string model
-  ) {
+  private predicate relevantSummaryElementGenerated(string input, string output, string kind) {
     exists(Provenance provenance |
-      interpretSummary(this, input, output, kind, provenance, model) and
+      interpretSummary(this, input, output, kind, provenance) and
       provenance.isGenerated()
     )
   }
@@ -940,16 +522,35 @@ private class SummarizedCallableAdapter extends SummarizedCallable {
     string input, string output, boolean preservesValue, string model
   ) {
     exists(string kind |
-      this.relevantSummaryElementManual(input, output, kind, model)
+      this.relevantSummaryElementManual(input, output, kind)
       or
-      not this.relevantSummaryElementManual(_, _, _, _) and
-      this.relevantSummaryElementGenerated(input, output, kind, model)
+      not this.relevantSummaryElementManual(_, _, _) and
+      this.relevantSummaryElementGenerated(input, output, kind)
     |
       if kind = "value" then preservesValue = true else preservesValue = false
-    )
+    ) and
+    model = "" // TODO
   }
 
   override predicate hasProvenance(Provenance provenance) {
-    interpretSummary(this, _, _, _, provenance, _)
+    interpretSummary(this, _, _, _, provenance)
   }
 }
+
+// adapter class for converting Mad neutrals to `NeutralCallable`s
+private class NeutralCallableAdapter extends NeutralCallable {
+  string kind;
+  string provenance_;
+
+  NeutralCallableAdapter() {
+    // Neutral models have not been implemented for CPP.
+    none() and
+    exists(this) and
+    exists(kind) and
+    exists(provenance_)
+  }
+
+  override string getKind() { result = kind }
+
+  override predicate hasProvenance(Provenance provenance) { provenance = provenance_ }
+}

cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowDispatch.qll

@@ -9,7 +9,7 @@ private import DataFlowUtil
 /**
  * Gets a function that might be called by `call`.
  */
-DataFlowCallable viableCallable(DataFlowCall call) {
+Function viableCallable(DataFlowCall call) {
   result = call.(Call).getTarget()
   or
   // If the target of the call does not have a body in the snapshot, it might

cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowPrivate.qll

@@ -215,19 +215,25 @@ predicate typeStrongerThan(DataFlowType t1, DataFlowType t2) { none() }
 predicate localMustFlowStep(Node node1, Node node2) { none() }
 
 /** Gets the type of `n` used for type pruning. */
-DataFlowType getNodeType(Node n) {
-  exists(n) and
+Type getNodeType(Node n) {
+  suppressUnusedNode(n) and
   result instanceof VoidType // stub implementation
 }
 
+/** Gets a string representation of a type returned by `getNodeType`. */
+string ppReprType(Type t) { none() } // stub implementation
+
 /**
  * Holds if `t1` and `t2` are compatible, that is, whether data can flow from
  * a node of type `t1` to a node of type `t2`.
  */
-predicate compatibleTypes(DataFlowType t1, DataFlowType t2) {
-  t1 instanceof VoidType and t2 instanceof VoidType // stub implementation
+pragma[inline]
+predicate compatibleTypes(Type t1, Type t2) {
+  any() // stub implementation
 }
 
+private predicate suppressUnusedNode(Node n) { any() }
+
 //////////////////////////////////////////////////////////////////////////////
 // Java QL library compatibility wrappers
 //////////////////////////////////////////////////////////////////////////////
@@ -236,15 +242,11 @@ class CastNode extends Node {
   CastNode() { none() } // stub implementation
 }
 
-class DataFlowCallable extends Function { }
+class DataFlowCallable = Function;
 
 class DataFlowExpr = Expr;
 
-final private class TypeFinal = Type;
-
-class DataFlowType extends TypeFinal {
-  string toString() { result = "" }
-}
+class DataFlowType = Type;
 
 /** A function call relevant for data flow. */
 class DataFlowCall extends Expr instanceof Call {
@@ -259,16 +261,10 @@ class DataFlowCall extends Expr instanceof Call {
   ExprNode getNode() { result.getExpr() = this }
 
   /** Gets the enclosing callable of this call. */
-  DataFlowCallable getEnclosingCallable() { result = this.getEnclosingFunction() }
+  Function getEnclosingCallable() { result = this.getEnclosingFunction() }
 }
 
-class NodeRegion instanceof Unit {
-  string toString() { result = "NodeRegion" }
-
-  predicate contains(Node n) { none() }
-}
-
-predicate isUnreachableInCall(NodeRegion nr, DataFlowCall call) { none() } // stub implementation
+predicate isUnreachableInCall(Node n, DataFlowCall call) { none() } // stub implementation
 
 /**
  * Holds if access paths with `c` at their head always should be tracked at high

cpp/ql/lib/semmle/code/cpp/dataflow/internal/ExternalFlowExtensions.qll

@@ -1,27 +0,0 @@
-/**
- * This module provides extensible predicates for defining MaD models.
- */
-
-/**
- * Holds if an external source model exists for the given parameters.
- */
-extensible predicate sourceModel(
-  string namespace, string type, boolean subtypes, string name, string signature, string ext,
-  string output, string kind, string provenance, QlBuiltins::ExtensionId madId
-);
-
-/**
- * Holds if an external sink model exists for the given parameters.
- */
-extensible predicate sinkModel(
-  string namespace, string type, boolean subtypes, string name, string signature, string ext,
-  string input, string kind, string provenance, QlBuiltins::ExtensionId madId
-);
-
-/**
- * Holds if an external summary model exists for the given parameters.
- */
-extensible predicate summaryModel(
-  string namespace, string type, boolean subtypes, string name, string signature, string ext,
-  string input, string output, string kind, string provenance, QlBuiltins::ExtensionId madId
-);