Release preparation for version 2.16.0

.bazelrc

@@ -1,25 +1,9 @@
 common --enable_platform_specific_config
-common --enable_bzlmod
-# because we use --override_module with `%workspace%`, the lock file is not stable
-common --lockfile_mode=off
-
-# when building from this repository in isolation, the internal repository will not be found at ..
-# where `MODULE.bazel` looks for it. The following will get us past the module loading phase, so
-# that we can build things that do not rely on that
-common --override_module=semmle_code=%workspace%/misc/bazel/semmle_code_stub
 
 build --repo_env=CC=clang --repo_env=CXX=clang++
 
 build:linux --cxxopt=-std=c++20
-# we currently cannot built the swift extractor for ARM
-build:macos --cxxopt=-std=c++20 --copt=-arch --copt=x86_64 --linkopt=-arch --linkopt=x86_64
+build:macos --cxxopt=-std=c++20 --cpu=darwin_x86_64
 build:windows --cxxopt=/std:c++20 --cxxopt=/Zc:preprocessor
 
-# this requires developer mode, but is required to have pack installer functioning
-startup --windows_enable_symlinks
-common --enable_runfiles
-
-common --registry=file:///%workspace%/misc/bazel/registry
-common --registry=https://bcr.bazel.build
-
 try-import %workspace%/local.bazelrc

.bazelrc.internal

@@ -1,4 +0,0 @@
-# this file should contain bazel settings required to build things from `semmle-code`
-
-common --registry=file:///%workspace%/ql/misc/bazel/registry
-common --registry=https://bcr.bazel.build

.bazelversion

@@ -1 +1 @@
-7.1.2
+6.3.1

.clang-format

@@ -1 +0,0 @@
-DisableFormat: true

.gitattributes

@@ -67,14 +67,10 @@ go/extractor/opencsv/CSVReader.java -text
 # for those testing dbscheme files.
 */ql/lib/upgrades/initial/*.dbscheme -text
 
+# Generated test files - these are synced from the standard JavaScript libraries using
+# `javascript/ql/experimental/adaptivethreatmodeling/test/update_endpoint_test_files.py`.
+javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/**/*.js linguist-generated=true -merge
+javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/**/*.ts linguist-generated=true -merge
+
 # Auto-generated modeling for Python
 python/ql/lib/semmle/python/frameworks/data/internal/subclass-capture/*.yml linguist-generated=true
-
-# auto-generated bazel lock file
-ruby/extractor/cargo-bazel-lock.json linguist-generated=true
-ruby/extractor/cargo-bazel-lock.json -merge
-
-# auto-generated files for the C# build
-csharp/paket.lock linguist-generated=true
-# needs eol=crlf, as `paket` touches this file and saves it als crlf
-csharp/.paket/Paket.Restore.targets linguist-generated=true eol=crlf

.github/labeler.yml

@@ -15,12 +15,12 @@ Java:
   - change-notes/**/*java.*
 
 JS:
-  - any: [ 'javascript/**/*' ]
+  - any: [ 'javascript/**/*', '!javascript/ql/experimental/adaptivethreatmodeling/**/*' ]
   - change-notes/**/*javascript*
 
 Kotlin:
   - java/kotlin-extractor/**/*
-  - java/ql/test-kotlin*/**/*
+  - java/ql/test/kotlin/**/*
 
 Python:
   - python/**/*
@@ -46,3 +46,6 @@ documentation:
 # Since these are all shared files that need to be synced, just pick _one_ copy of each.
 "DataFlow Library":
   - "shared/dataflow/**/*"
+
+"ATM":
+  - javascript/ql/experimental/adaptivethreatmodeling/**/*

.github/workflows/buildifier.yml

@@ -1,28 +0,0 @@
-name: Check bazel formatting
-
-on:
-  pull_request:
-    paths:
-      - "**.bazel"
-      - "**.bzl"
-    branches:
-      - main
-      - "rc/*"
-
-permissions:
-  contents: read
-
-jobs:
-  check:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-      - name: Check bazel formatting
-        uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507
-        with:
-          extra_args: >
-            buildifier --all-files 2>&1 ||
-            (
-              echo -e "In order to format all bazel files, please run:\n  bazel run //misc/bazel:buildifier"; exit 1
-            )

.github/workflows/check-change-note.yml

@@ -1,8 +1,5 @@
 name: Check change note
 
-permissions:
-  pull-requests: read
-
 on:
   pull_request_target:
     types: [labeled, unlabeled, opened, synchronize, reopened, ready_for_review]

.github/workflows/check-implicit-this.yml

@@ -9,9 +9,6 @@ on:
       - main
       - "rc/*"
 
-permissions:
-  contents: read
-
 jobs:
   check:
     runs-on: ubuntu-latest

.github/workflows/check-qldoc.yml

@@ -10,9 +10,6 @@ on:
       - main
       - "rc/*"
 
-permissions:
-  contents: read
-
 jobs:
   qldoc:
     runs-on: ubuntu-latest

.github/workflows/check-query-ids.yml

@@ -11,9 +11,6 @@ on:
       - "rc/*"
   workflow_dispatch:
 
-permissions:
-  contents: read
-
 jobs:
   check:
     name: Check query IDs

.github/workflows/close-stale.yml

@@ -5,9 +5,6 @@ on:
   schedule:
     - cron: "30 1 * * *"
 
-permissions:
-  issues: write
-
 jobs:
   stale:
     if: github.repository == 'github/codeql'

.github/workflows/codeql-analysis.yml

@@ -30,7 +30,7 @@ jobs:
     - name: Setup dotnet
       uses: actions/setup-dotnet@v4
       with:
-        dotnet-version: 8.0.101
+        dotnet-version: 8.0.100
 
     - name: Checkout repository
       uses: actions/checkout@v4
@@ -56,9 +56,7 @@ jobs:
     #    uses a compiled language
 
     - run: |
-       cd csharp
-       dotnet tool restore
-       dotnet build .
+       dotnet build csharp
 
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@main

.github/workflows/compile-queries.yml

@@ -8,12 +8,8 @@ on:
       - "codeql-cli-*"
   pull_request:
 
-permissions:
-  contents: read
-
 jobs:
   compile-queries:
-    if: github.repository_owner == 'github'
     runs-on: ubuntu-latest-xl
 
     steps:
@@ -28,7 +24,7 @@ jobs:
         with: 
           key: all-queries
       - name: check formatting
-        run: find shared */ql -type f \( -name "*.qll" -o -name "*.ql" \) -print0 | xargs -0 -n 3000 -P 10 codeql query format -q --check-only
+        run: find */ql -type f \( -name "*.qll" -o -name "*.ql" \) -print0 | xargs -0 -n 3000 -P 10 codeql query format -q --check-only
       - name: compile queries - check-only
         # run with --check-only if running in a PR (github.sha != main)
         if : ${{ github.event_name == 'pull_request' }}

.github/workflows/cpp-swift-analysis.yml

@@ -1,55 +0,0 @@
-name: "Code scanning - C++"
-
-on:
-  push:
-    branches:
-      - main
-      - 'rc/*'
-  pull_request:
-    branches:
-      - main
-      - 'rc/*'
-    paths:
-      - 'swift/**'
-      - '.github/codeql/**'
-      - '.github/workflows/cpp-swift-analysis.yml'
-  schedule:
-    - cron: '0 9 * * 1'
-
-jobs:
-  CodeQL-Build:
-
-    runs-on: ubuntu-latest
-
-    permissions:
-      contents: read
-      security-events: write
-      pull-requests: read
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4
-
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@main
-      # Override language selection by uncommenting this and choosing your languages
-      with:
-        languages: cpp
-        config-file: ./.github/codeql/codeql-config.yml
-  
-    - name: "[Ubuntu] Remove GCC 13 from runner image"
-      shell: bash
-      run: |
-        sudo rm -f /etc/apt/sources.list.d/ubuntu-toolchain-r-ubuntu-test-jammy.list
-        sudo apt-get update
-        sudo apt-get install -y --allow-downgrades libc6=2.35-* libc6-dev=2.35-* libstdc++6=12.3.0-* libgcc-s1=12.3.0-*
-
-    - name: "Build Swift extractor using Bazel"
-      run: |
-        bazel clean --expunge
-        bazel run //swift:create-extractor-pack --nouse_action_cache --noremote_accept_cached --noremote_upload_local_results --spawn_strategy=local --features=-layering_check
-        bazel shutdown
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@main

.github/workflows/csharp-qltest.yml

@@ -25,9 +25,6 @@ defaults:
   run:
     working-directory: csharp
 
-permissions:
-  contents: read
-
 jobs:
   qlupgrade:
     runs-on: ubuntu-latest
@@ -49,7 +46,6 @@ jobs:
            xargs codeql execute upgrades testdb
           diff -q testdb/semmlecode.csharp.dbscheme downgrades/initial/semmlecode.csharp.dbscheme
   qltest:
-    if: github.repository_owner == 'github'
     runs-on: ubuntu-latest-xl
     strategy:
       fail-fast: false
@@ -78,14 +74,13 @@ jobs:
       - name: Setup dotnet
         uses: actions/setup-dotnet@v4
         with:
-          dotnet-version: 8.0.101
+          dotnet-version: 8.0.100
       - name: Extractor unit tests
         run: |
-          dotnet tool restore
-          dotnet test -p:RuntimeFrameworkVersion=8.0.1 extractor/Semmle.Util.Tests
-          dotnet test -p:RuntimeFrameworkVersion=8.0.1 extractor/Semmle.Extraction.Tests
-          dotnet test -p:RuntimeFrameworkVersion=8.0.1 autobuilder/Semmle.Autobuild.CSharp.Tests
-          dotnet test -p:RuntimeFrameworkVersion=8.0.1 autobuilder/Semmle.Autobuild.Cpp.Tests
+          dotnet test -p:RuntimeFrameworkVersion=8.0.0 extractor/Semmle.Util.Tests
+          dotnet test -p:RuntimeFrameworkVersion=8.0.0 extractor/Semmle.Extraction.Tests
+          dotnet test -p:RuntimeFrameworkVersion=8.0.0 autobuilder/Semmle.Autobuild.CSharp.Tests
+          dotnet test -p:RuntimeFrameworkVersion=8.0.0 "${{ github.workspace }}/cpp/autobuilder/Semmle.Autobuild.Cpp.Tests"
         shell: bash
   stubgentest:
     runs-on: ubuntu-latest

.github/workflows/csv-coverage-metrics.yml

@@ -14,10 +14,6 @@ on:
       - ".github/workflows/csv-coverage-metrics.yml"
       - ".github/actions/fetch-codeql/action.yml"
 
-permissions:
-  contents: read
-  security-events: write
-
 jobs:
   publish-java:
     runs-on: ubuntu-latest

.github/workflows/csv-coverage-pr-artifacts.yml

@@ -19,10 +19,6 @@ on:
       - main
       - "rc/*"
 
-permissions:
-  contents: read
-  pull-requests: read
-
 jobs:
   generate:
     name: Generate framework coverage artifacts

.github/workflows/csv-coverage-pr-comment.yml

@@ -6,10 +6,6 @@ on:
     types:
       - completed
 
-permissions:
-  contents: read
-  pull-requests: write
-
 jobs:
   check:
     name: Check framework coverage differences and comment

.github/workflows/csv-coverage-timeseries.yml

@@ -3,9 +3,6 @@ name: Build framework coverage timeseries reports
 on:
   workflow_dispatch:
 
-permissions:
-  contents: read
-
 jobs:
   build:
     runs-on: ubuntu-latest

.github/workflows/csv-coverage-update.yml

@@ -5,10 +5,6 @@ on:
   schedule:
     - cron: "0 0 * * *"
 
-permissions:
-  contents: write
-  pull-requests: write
-
 jobs:
   update:
     name: Update framework coverage report

.github/workflows/csv-coverage.yml

@@ -7,9 +7,6 @@ on:
         description: "github/codeql repo SHA used for looking up the CSV models"
         required: false
 
-permissions:
-  contents: read
-
 jobs:
   build:
     runs-on: ubuntu-latest

.github/workflows/fast-forward.yml

@@ -7,14 +7,13 @@ name: Fast-forward tracking branch for selected CodeQL version
 on:
   workflow_dispatch:
 
-permissions:
-  contents: write
-
 jobs:
   fast-forward:
     name: Fast-forward tracking branch for selected CodeQL version
     runs-on: ubuntu-latest
     if: github.repository == 'github/codeql'
+    permissions:
+      contents: write
     env:
       BRANCH_NAME: 'lgtm.com'
     steps:

.github/workflows/go-tests-other-os.yml

@@ -7,26 +7,76 @@ on:
       - .github/workflows/go-tests-other-os.yml
       - .github/actions/**
       - codeql-workspace.yml
-
-permissions:
-  contents: read
-
+env:
+  GO_VERSION: '~1.21.0'
 jobs:
   test-mac:
     name: Test MacOS
     runs-on: macos-latest
     steps:
+      - name: Set up Go ${{ env.GO_VERSION }}
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+        id: go
+
       - name: Check out code
         uses: actions/checkout@v4
-      - name: Run tests
-        uses: ./go/actions/test
+
+      - name: Set up CodeQL CLI
+        uses: ./.github/actions/fetch-codeql
+
+      - name: Enable problem matchers in repository
+        shell: bash
+        run: 'find .github/problem-matchers -name \*.json -exec echo "::add-matcher::{}" \;'
+
+      - name: Build
+        run: |
+          cd go
+          make
+
+      - name: Cache compilation cache
+        id: query-cache
+        uses: ./.github/actions/cache-query-compilation
+        with:
+          key: go-qltest
+      - name: Test
+        run: |
+          cd go
+          make test cache="${{ steps.query-cache.outputs.cache-dir }}"
 
   test-win:
-    if: github.repository_owner == 'github'
     name: Test Windows
     runs-on: windows-latest-xl
     steps:
+      - name: Set up Go ${{ env.GO_VERSION }}
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+        id: go
+
       - name: Check out code
         uses: actions/checkout@v4
-      - name: Run tests
-        uses: ./go/actions/test
+
+      - name: Set up CodeQL CLI
+        uses: ./.github/actions/fetch-codeql
+
+      - name: Enable problem matchers in repository
+        shell: bash
+        run: 'find .github/problem-matchers -name \*.json -exec echo "::add-matcher::{}" \;'
+
+      - name: Build
+        run: |
+          cd go
+          make
+
+      - name: Cache compilation cache
+        id: query-cache
+        uses: ./.github/actions/cache-query-compilation
+        with:
+          key: go-qltest
+
+      - name: Test
+        run: |
+          cd go
+          make test cache="${{ steps.query-cache.outputs.cache-dir }}"

.github/workflows/go-tests.yml

@@ -15,19 +15,57 @@ on:
       - .github/workflows/go-tests.yml
       - .github/actions/**
       - codeql-workspace.yml
-
-permissions:
-  contents: read
-
+env:
+  GO_VERSION: '~1.21.0'
 jobs:
   test-linux:
-    if: github.repository_owner == 'github'
     name: Test Linux (Ubuntu)
     runs-on: ubuntu-latest-xl
     steps:
+      - name: Set up Go ${{ env.GO_VERSION }}
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+        id: go
+
       - name: Check out code
         uses: actions/checkout@v4
-      - name: Run tests
-        uses: ./go/actions/test
+
+      - name: Set up CodeQL CLI
+        uses: ./.github/actions/fetch-codeql
+
+      - name: Enable problem matchers in repository
+        shell: bash
+        run: 'find .github/problem-matchers -name \*.json -exec echo "::add-matcher::{}" \;'
+
+      - name: Build
+        run: |
+          cd go
+          make
+
+      - name: Check that all Go code is autoformatted
+        run: |
+          cd go
+          make check-formatting
+
+      - name: Compile qhelp files to markdown
+        run: |
+          cd go
+          env QHELP_OUT_DIR=qhelp-out make qhelp-to-markdown
+
+      - name: Upload qhelp markdown
+        uses: actions/upload-artifact@v3
         with:
-          run-code-checks: true
+          name: qhelp-markdown
+          path: go/qhelp-out/**/*.md
+
+      - name: Cache compilation cache
+        id: query-cache
+        uses: ./.github/actions/cache-query-compilation
+        with:
+          key: go-qltest
+
+      - name: Test
+        run: |
+          cd go
+          make test cache="${{ steps.query-cache.outputs.cache-dir }}"

.github/workflows/labeler.yml

@@ -2,12 +2,11 @@ name: "Pull Request Labeler"
 on:
 - pull_request_target
 
-permissions:
-  contents: read
-  pull-requests: write
-
 jobs:
   triage:
+    permissions:
+      contents: read
+      pull-requests: write
     runs-on: ubuntu-latest
     steps:
     - uses: actions/labeler@v4

.github/workflows/mad_modelDiff.yml

@@ -12,7 +12,6 @@ on:
       - main
     paths:
       - "java/ql/src/utils/modelgenerator/**/*.*"
-      - "misc/scripts/models-as-data/*.*"
       - ".github/workflows/mad_modelDiff.yml"
 
 permissions:
@@ -62,9 +61,8 @@ jobs:
             DATABASE=$2
             cd codeql-$QL_VARIANT
             SHORTNAME=`basename $DATABASE`
-            python java/ql/src/utils/modelgenerator/GenerateFlowModel.py --with-summaries --with-sinks $DATABASE $SHORTNAME/$QL_VARIANT
-            mkdir -p $MODELS/$SHORTNAME
-            mv java/ql/lib/ext/generated/$SHORTNAME/$QL_VARIANT $MODELS/$SHORTNAME
+            python java/ql/src/utils/modelgenerator/GenerateFlowModel.py --with-summaries --with-sinks $DATABASE ${SHORTNAME}.temp.model.yml
+            mv java/ql/lib/ext/generated/${SHORTNAME}.temp.model.yml $MODELS/${SHORTNAME}Generated_${QL_VARIANT}.model.yml
             cd ..
           }
 
@@ -87,16 +85,16 @@ jobs:
           set -x
           MODELS=`pwd`/tmp-models
           ls -1 tmp-models/
-          for m in $MODELS/*/main/*.model.yml ; do
+          for m in $MODELS/*_main.model.yml ; do
             t="${m/main/"pr"}"
             basename=`basename $m`
-            name="diff_${basename/.model.yml/""}"
+            name="diff_${basename/_main.model.yml/""}"
             (diff -w -u $m $t | diff2html -i stdin -F $MODELS/$name.html) || true
           done
       - uses: actions/upload-artifact@v3
         with:
           name: models
-          path: tmp-models/**/**/*.model.yml
+          path: tmp-models/*.model.yml
           retention-days: 20
       - uses: actions/upload-artifact@v3
         with:

.github/workflows/mad_regenerate-models.yml

@@ -11,9 +11,6 @@ on:
       - ".github/workflows/mad_regenerate-models.yml"
       - ".github/actions/fetch-codeql/action.yml"
 
-permissions:
-  contents: read
-
 jobs:
   regenerate-models:
     runs-on: ubuntu-latest

.github/workflows/qhelp-pr-preview.yml

@@ -77,7 +77,7 @@ jobs:
           done < "${RUNNER_TEMP}/paths.txt" >> comment_body.txt
           exit "${EXIT_CODE}"
 
-      - if: ${{ !cancelled() }}
+      - if: always()
         uses: actions/upload-artifact@v3
         with:
           name: comment

.github/workflows/ql-for-ql-build.yml

@@ -9,13 +9,8 @@ on:
 env:
   CARGO_TERM_COLOR: always
 
-permissions:
-  contents: read
-  security-events: write
-
 jobs:
   analyze:
-    if: github.repository_owner == 'github'
     runs-on: ubuntu-latest-xl
     steps:
       ### Build the queries ###
@@ -24,7 +19,7 @@ jobs:
           fetch-depth: 0
       - name: Find codeql
         id: find-codeql
-        uses: github/codeql-action/init@main
+        uses: github/codeql-action/init@v2
         with:
           languages: javascript # does not matter
       - uses: ./.github/actions/os-version
@@ -70,7 +65,7 @@ jobs:
             exclude:*/ql/lib/upgrades/
             exclude:java/ql/integration-tests
       - name: Upload sarif to code-scanning
-        uses: github/codeql-action/upload-sarif@main
+        uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: ql-for-ql.sarif
           category: ql-for-ql

.github/workflows/ql-for-ql-dataset_measure.yml

@@ -11,10 +11,6 @@ on:
       - ql/ql/src/ql.dbscheme
   workflow_dispatch:
 
-permissions:
-  contents: read
-  security-events: read
-
 jobs:
   measure:
     env:
@@ -29,7 +25,7 @@ jobs:
 
       - name: Find codeql
         id: find-codeql
-        uses: github/codeql-action/init@main
+        uses: github/codeql-action/init@v2
         with:
           languages: javascript # does not matter
       - uses: ./.github/actions/os-version

.github/workflows/ql-for-ql-tests.yml

@@ -17,9 +17,6 @@ on:
 env:
   CARGO_TERM_COLOR: always
 
-permissions:
-  contents: read
-
 jobs:
   qltest:
     runs-on: ubuntu-latest
@@ -27,7 +24,7 @@ jobs:
       - uses: actions/checkout@v4
       - name: Find codeql
         id: find-codeql
-        uses: github/codeql-action/init@main
+        uses: github/codeql-action/init@v2
         with:
           languages: javascript # does not matter
       - uses: ./.github/actions/os-version
@@ -72,7 +69,7 @@ jobs:
           echo "/usr/local/opt/gnu-tar/libexec/gnubin" >> $GITHUB_PATH
       - name: Find codeql
         id: find-codeql
-        uses: github/codeql-action/init@main
+        uses: github/codeql-action/init@v2
         with:
           languages: javascript # does not matter
       - uses: ./.github/actions/os-version

.github/workflows/query-list.yml

@@ -13,9 +13,6 @@ on:
       - '.github/actions/fetch-codeql/action.yml'
       - 'misc/scripts/generate-code-scanning-query-list.py'
 
-permissions:
-  contents: read
-
 jobs:
   build:
 

.github/workflows/ruby-build.yml

@@ -32,9 +32,6 @@ defaults:
   run:
     working-directory: ruby
 
-permissions:
-  contents: read
-
 jobs:
   build:
     strategy:
@@ -51,11 +48,9 @@ jobs:
         run: |
           brew install gnu-tar
           echo "/usr/local/opt/gnu-tar/libexec/gnubin" >> $GITHUB_PATH
-      - name: Prepare Windows
-        if: runner.os == 'Windows'
-        shell: powershell
-        run: |
-          git config --global core.longpaths true
+      - name: Install cargo-cross
+        if: runner.os == 'Linux'
+        run: cargo install cross --version 0.2.5
       - uses: ./.github/actions/os-version
         id: os_version
       - name: Cache entire extractor
@@ -84,8 +79,16 @@ jobs:
       - name: Run tests
         if: steps.cache-extractor.outputs.cache-hit != 'true'
         run: cd extractor && cargo test --verbose
-      - name: Release build
-        if: steps.cache-extractor.outputs.cache-hit != 'true'
+      # On linux, build the extractor via cross in a centos7 container.
+      # This ensures we don't depend on glibc > 2.17.
+      - name: Release build (linux)
+        if: steps.cache-extractor.outputs.cache-hit != 'true' && runner.os == 'Linux'
+        run: |
+          cd extractor
+          cross build --release
+          mv target/x86_64-unknown-linux-gnu/release/codeql-extractor-ruby target/release/
+      - name: Release build (windows and macos)
+        if: steps.cache-extractor.outputs.cache-hit != 'true' && runner.os != 'Linux'
         run: cd extractor && cargo build --release
       - name: Generate dbscheme
         if: ${{ matrix.os == 'ubuntu-latest' && steps.cache-extractor.outputs.cache-hit != 'true'}}
@@ -108,7 +111,6 @@ jobs:
             ruby/extractor/target/release/codeql-extractor-ruby.exe
           retention-days: 1
   compile-queries:
-    if: github.repository_owner == 'github'
     runs-on: ubuntu-latest-xl
     steps:
       - uses: actions/checkout@v4
@@ -117,7 +119,7 @@ jobs:
       - name: Cache compilation cache
         id: query-cache
         uses: ./.github/actions/cache-query-compilation
-        with:
+        with: 
           key: ruby-build
       - name: Build Query Pack
         run: |
@@ -229,3 +231,54 @@ jobs:
         shell: bash
         run: |
           codeql database analyze --search-path "${{ runner.temp }}/ruby-bundle" --format=sarifv2.1.0 --output=out.sarif ../database ruby-code-scanning.qls
+
+  # This is a copy of the 'test' job that runs in a centos7 container.
+  # This tests that the extractor works correctly on systems with an old glibc.
+  test-centos7:
+    defaults:
+      run:
+        working-directory: ${{ github.workspace }}
+    strategy:
+      fail-fast: false
+    runs-on: ubuntu-latest
+    container:
+      image: centos:centos7
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    needs: [package]
+    steps:
+      - name: Install gh cli
+        run: |
+          yum-config-manager --add-repo https://cli.github.com/packages/rpm/gh-cli.repo
+          # fetch-codeql requires unzip and jq
+          # jq is available in epel-release (https://docs.fedoraproject.org/en-US/epel/)
+          yum install -y gh unzip epel-release
+          yum install -y jq
+      - uses: actions/checkout@v3
+      - name: Fetch CodeQL
+        uses: ./.github/actions/fetch-codeql
+
+      # Due to a bug in Actions, we can't use runner.temp in the run blocks here.
+      # https://github.com/actions/runner/issues/2185
+
+      - name: Download Ruby bundle
+        uses: actions/download-artifact@v3
+        with:
+          name: codeql-ruby-bundle
+          path: ${{ runner.temp }}
+      - name: Unzip Ruby bundle
+        shell: bash
+        run: unzip -q -d "$RUNNER_TEMP"/ruby-bundle "$RUNNER_TEMP"/codeql-ruby-bundle.zip
+
+      - name: Run QL test
+        shell: bash
+        run: |
+          codeql test run --search-path "$RUNNER_TEMP"/ruby-bundle --additional-packs "$RUNNER_TEMP"/ruby-bundle ruby/ql/test/library-tests/ast/constants/
+      - name: Create database
+        shell: bash
+        run: |
+          codeql database create --search-path "$RUNNER_TEMP"/ruby-bundle --language ruby --source-root ruby/ql/test/library-tests/ast/constants/ ../database
+      - name: Analyze database
+        shell: bash
+        run: |
+          codeql database analyze --search-path "$RUNNER_TEMP"/ruby-bundle --format=sarifv2.1.0 --output=out.sarif ../database ruby-code-scanning.qls

.github/workflows/ruby-dataset-measure.yml

@@ -17,9 +17,6 @@ on:
       - .github/workflows/ruby-dataset-measure.yml
   workflow_dispatch:
 
-permissions:
-  contents: read
-
 jobs:
   measure:
     env:

.github/workflows/ruby-qltest.yml

@@ -29,9 +29,6 @@ defaults:
   run:
     working-directory: ruby
 
-permissions:
-  contents: read
-
 jobs:
   qlupgrade:
     runs-on: ubuntu-latest
@@ -53,7 +50,6 @@ jobs:
            xargs codeql execute upgrades testdb
           diff -q testdb/ruby.dbscheme downgrades/initial/ruby.dbscheme
   qltest:
-    if: github.repository_owner == 'github'
     runs-on: ubuntu-latest-xl
     strategy:
       fail-fast: false

.github/workflows/swift.yml

@@ -6,7 +6,6 @@ on:
       - "swift/**"
       - "misc/bazel/**"
       - "misc/codegen/**"
-      - "shared/**"
       - "*.bazel*"
       - .github/workflows/swift.yml
       - .github/actions/**
@@ -23,12 +22,10 @@ on:
       - "swift/**"
       - "misc/bazel/**"
       - "misc/codegen/**"
-      - "shared/**"
       - "*.bazel*"
       - .github/workflows/swift.yml
       - .github/actions/**
       - codeql-workspace.yml
-      - .pre-commit-config.yaml
       - "!**/*.md"
       - "!**/*.qhelp"
     branches:
@@ -36,62 +33,46 @@ on:
       - rc/*
       - codeql-cli-*
 
-permissions:
-  contents: read
-
 jobs:
   # not using a matrix as you cannot depend on a specific job in a matrix, and we want to start linux checks
   # without waiting for the macOS build
   build-and-test-macos:
-    if: github.repository_owner == 'github'
     runs-on: macos-12-xl
     steps:
       - uses: actions/checkout@v4
       - uses: ./swift/actions/build-and-test
   build-and-test-linux:
-    if: github.repository_owner == 'github'
     runs-on: ubuntu-latest-xl
     steps:
       - uses: actions/checkout@v4
       - uses: ./swift/actions/build-and-test
   qltests-linux:
-    if: github.repository_owner == 'github'
     needs: build-and-test-linux
     runs-on: ubuntu-latest-xl
     steps:
       - uses: actions/checkout@v4
       - uses: ./swift/actions/run-ql-tests
   qltests-macos:
-    if: ${{ github.repository_owner == 'github' && github.event_name == 'pull_request' }}
+    if : ${{ github.event_name == 'pull_request' }}
     needs: build-and-test-macos
     runs-on: macos-12-xl
     steps:
       - uses: actions/checkout@v4
       - uses: ./swift/actions/run-ql-tests
   integration-tests-linux:
-    if: github.repository_owner == 'github'
     needs: build-and-test-linux
     runs-on: ubuntu-latest-xl
     steps:
       - uses: actions/checkout@v4
       - uses: ./swift/actions/run-integration-tests
   integration-tests-macos:
-    if: ${{ github.repository_owner == 'github' && github.event_name == 'pull_request' }}
+    if : ${{ github.event_name == 'pull_request' }}
     needs: build-and-test-macos
     runs-on: macos-12-xl
     timeout-minutes: 60
     steps:
       - uses: actions/checkout@v4
       - uses: ./swift/actions/run-integration-tests
-  clang-format:
-    if : ${{ github.event_name == 'pull_request' }}
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507
-        name: Check that python code is properly formatted
-        with:
-          extra_args: clang-format --all-files
   codegen:
     if : ${{ github.event_name == 'pull_request' }}
     runs-on: ubuntu-latest
@@ -101,12 +82,12 @@ jobs:
       - uses: actions/setup-python@v4
         with:
           python-version-file: 'swift/.python-version'
-      - uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507
+      - uses: pre-commit/action@v3.0.0
         name: Check that python code is properly formatted
         with:
           extra_args: autopep8 --all-files
       - uses: ./.github/actions/fetch-codeql
-      - uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507
+      - uses: pre-commit/action@v3.0.0
         name: Check that QL generated code was checked in
         with:
           extra_args: swift-codegen --all-files

.github/workflows/sync-files.yml

@@ -10,9 +10,6 @@ on:
       - main
       - 'rc/*'
 
-permissions:
-  contents: read
-
 jobs:
   sync:
     runs-on: ubuntu-latest

.github/workflows/tree-sitter-extractor-test.yml

@@ -23,9 +23,6 @@ defaults:
   run:
     working-directory: shared/tree-sitter-extractor
 
-permissions:
-  contents: read
-
 jobs:
   test:
     runs-on: ubuntu-latest

.github/workflows/validate-change-notes.yml

@@ -15,9 +15,6 @@ on:
       - ".github/workflows/validate-change-notes.yml"
       - ".github/actions/fetch-codeql/action.yml"
 
-permissions:
-  contents: read
-
 jobs:
   check-change-note:
     runs-on: ubuntu-latest

.gitignore

@@ -39,9 +39,6 @@
 # local bazel options
 /local.bazelrc
 
-# generated cmake directory
-/.bazel-cmake
-
 # CLion project files
 /.clwb
 

.lfsconfig

@@ -1,5 +0,0 @@
-[lfs]
-# codeql is publicly forked by many users, and we don't want any LFS file polluting their working
-# copies. We therefore exclude everything by default.
-# For files required by bazel builds, use rules in `misc/bazel/lfs.bzl` to download them on demand.
-fetchinclude = /nothing

.pre-commit-config.yaml

@@ -10,9 +10,10 @@ repos:
         exclude: /test/.*$(?<!\.ql)(?<!\.qll)(?<!\.qlref)|.*\.patch
 
   - repo: https://github.com/pre-commit/mirrors-clang-format
-    rev: v17.0.6
+    rev: v13.0.1
     hooks:
       - id: clang-format
+        files: ^swift/.*\.(h|c|cpp)$
 
   - repo: https://github.com/pre-commit/mirrors-autopep8
     rev: v1.6.0
@@ -20,23 +21,13 @@ repos:
       - id: autopep8
         files: ^misc/codegen/.*\.py
 
-  - repo: local
+  - repo: https://github.com/warchant/pre-commit-buildifier
+    rev: 0.0.2
     hooks:
       - id: buildifier
-        name: Format bazel files
-        files: \.(bazel|bzl)
-        language: system
-        entry: bazel run //misc/bazel:buildifier
-        pass_filenames: false
-
-#      DISABLED: can be enabled by copying this config and installing `pre-commit` with `--config` on the copy
-#      - id: go-gen
-#        name: Check checked in generated files in go
-#        files: ^go/.*
-#        language: system
-#        entry: bazel run //go:gen
-#        pass_filenames: false
 
+  - repo: local
+    hooks:
       - id: codeql-format
         name: Fix QL file formatting
         files: \.qll?$

.vscode/settings.json

@@ -1,6 +1,5 @@
 {
   "omnisharp.autoStart": false,
   "cmake.sourceDirectory": "${workspaceFolder}/swift",
-  "cmake.buildDirectory": "${workspaceFolder}/bazel-cmake-build",
-  "codeQL.githubDatabase.download": "never"
+  "cmake.buildDirectory": "${workspaceFolder}/bazel-cmake-build"
 }

CODEOWNERS

@@ -1,7 +1,5 @@
 /cpp/ @github/codeql-c-analysis
 /csharp/ @github/codeql-csharp
-/csharp/autobuilder/Semmle.Autobuild.Cpp @github/codeql-c-extractor
-/csharp/autobuilder/Semmle.Autobuild.Cpp.Tests @github/codeql-c-extractor
 /go/ @github/codeql-go
 /java/ @github/codeql-java
 /javascript/ @github/codeql-javascript
@@ -13,6 +11,9 @@
 /java/ql/test-kotlin1/ @github/codeql-kotlin
 /java/ql/test-kotlin2/ @github/codeql-kotlin
 
+# ML-powered queries
+/javascript/ql/experimental/adaptivethreatmodeling/ @github/codeql-ml-powered-queries-reviewers
+
 # CodeQL tools and associated docs
 /docs/codeql/codeql-cli/ @github/codeql-cli-reviewers
 /docs/codeql/codeql-for-visual-studio-code/ @github/codeql-vscode-reviewers
@@ -24,7 +25,6 @@
 
 # Bazel (excluding BUILD.bazel files)
 WORKSPACE.bazel @github/codeql-ci-reviewers
-MODULE.bazel @github/codeql-ci-reviewers
 .bazelversion @github/codeql-ci-reviewers
 .bazelrc @github/codeql-ci-reviewers
 **/*.bzl @github/codeql-ci-reviewers
@@ -35,7 +35,9 @@ MODULE.bazel @github/codeql-ci-reviewers
 
 # Workflows
 /.github/workflows/ @github/codeql-ci-reviewers
+/.github/workflows/atm-* @github/codeql-ml-powered-queries-reviewers
 /.github/workflows/go-* @github/codeql-go
+/.github/workflows/js-ml-tests.yml @github/codeql-ml-powered-queries-reviewers
 /.github/workflows/ql-for-ql-* @github/codeql-ql-for-ql-reviewers
 /.github/workflows/ruby-* @github/codeql-ruby
 /.github/workflows/swift.yml @github/codeql-swift

CONTRIBUTING.md

@@ -4,8 +4,6 @@ We welcome contributions to our CodeQL libraries and queries. Got an idea for a
 
 There is lots of useful documentation to help you write queries, ranging from information about query file structure to tutorials for specific target languages. For more information on the documentation available, see [CodeQL queries](https://codeql.github.com/docs/writing-codeql-queries/codeql-queries) on [codeql.github.com](https://codeql.github.com).
 
-Note that the CodeQL for Visual Studio Code documentation has been migrated to https://docs.github.com/en/code-security/codeql-for-vs-code/, but you can still contribute to it via a different repository. For more information, see [Contributing to GitHub Docs documentation](https://docs.github.com/en/contributing)."
-
 ## Change notes
 
 Any nontrivial user-visible change to a query pack or library pack should have a change note. For details on how to add a change note for your change, see [this guide](docs/change-notes.md).
@@ -45,7 +43,7 @@ If you have an idea for a query that you would like to share with other CodeQL u
 
 3. **Formatting**
 
-    - The queries and libraries must be autoformatted, for example using the "Format Document" command in [CodeQL for Visual Studio Code](https://docs.github.com/en/code-security/codeql-for-vs-code/).
+    - The queries and libraries must be autoformatted, for example using the "Format Document" command in [CodeQL for Visual Studio Code](https://codeql.github.com/docs/codeql-for-visual-studio-code/about-codeql-for-visual-studio-code).
 
     If you prefer, you can either:
     1. install the [pre-commit framework](https://pre-commit.com/) and install the configured hooks on this repo via `pre-commit install`, or

MODULE.bazel

@@ -1,62 +0,0 @@
-module(
-    name = "codeql",
-    version = "0.0",
-)
-
-# this points to our internal repository when `codeql` is checked out as a submodule thereof
-# when building things from `codeql` independently this is stubbed out in `.bazelrc`
-bazel_dep(name = "semmle_code", version = "0.0")
-local_path_override(
-    module_name = "semmle_code",
-    path = "..",
-)
-
-# see https://registry.bazel.build/ for a list of available packages
-
-bazel_dep(name = "platforms", version = "0.0.9")
-bazel_dep(name = "rules_go", version = "0.47.0")
-bazel_dep(name = "rules_pkg", version = "0.10.1")
-bazel_dep(name = "rules_nodejs", version = "6.0.3")
-bazel_dep(name = "rules_python", version = "0.31.0")
-bazel_dep(name = "bazel_skylib", version = "1.5.0")
-bazel_dep(name = "abseil-cpp", version = "20240116.0", repo_name = "absl")
-bazel_dep(name = "nlohmann_json", version = "3.11.3", repo_name = "json")
-bazel_dep(name = "fmt", version = "10.0.0")
-bazel_dep(name = "gazelle", version = "0.36.0")
-
-bazel_dep(name = "buildifier_prebuilt", version = "6.4.0", dev_dependency = True)
-
-pip = use_extension("@rules_python//python/extensions:pip.bzl", "pip")
-pip.parse(
-    hub_name = "codegen_deps",
-    python_version = "3.11",
-    requirements_lock = "//misc/codegen:requirements_lock.txt",
-)
-use_repo(pip, "codegen_deps")
-
-swift_deps = use_extension("//swift/third_party:load.bzl", "swift_deps")
-
-# following list can be kept in sync with `bazel mod tidy`
-use_repo(
-    swift_deps,
-    "binlog",
-    "picosha2",
-    "swift_prebuilt_darwin_x86_64",
-    "swift_prebuilt_linux",
-    "swift_toolchain_linux",
-    "swift_toolchain_macos",
-)
-
-node = use_extension("@rules_nodejs//nodejs:extensions.bzl", "node")
-node.toolchain(
-    name = "nodejs",
-    node_version = "18.15.0",
-)
-use_repo(node, "nodejs", "nodejs_toolchains")
-
-go_sdk = use_extension("@rules_go//go:extensions.bzl", "go_sdk")
-go_sdk.download(version = "1.22.2")
-
-register_toolchains(
-    "@nodejs_toolchains//:all",
-)

README.md

@@ -4,7 +4,7 @@ This open source repository contains the standard CodeQL libraries and queries t
 
 ## How do I learn CodeQL and run queries?
 
-There is extensive documentation about the [CodeQL language](https://codeql.github.com/docs/), writing CodeQL using the [CodeQL extension for Visual Studio Code](https://docs.github.com/en/code-security/codeql-for-vs-code/) and using the [CodeQL CLI](https://docs.github.com/en/code-security/codeql-cli).
+There is [extensive documentation](https://codeql.github.com/docs/) on getting started with writing CodeQL using the [CodeQL extension for Visual Studio Code](https://codeql.github.com/docs/codeql-for-visual-studio-code/) and the [CodeQL CLI](https://codeql.github.com/docs/codeql-cli/).
 
 ## Contributing
 

WORKSPACE.bazel

@@ -1,2 +1,12 @@
-# please use MODULE.bazel to add dependencies
-# this empty file is required by internal repositories, don't remove it
+# Please notice that any bazel targets and definitions in this repository are currently experimental
+# and for internal use only.
+
+workspace(name = "codeql")
+
+load("//misc/bazel:workspace.bzl", "codeql_workspace")
+
+codeql_workspace()
+
+load("//misc/bazel:workspace_deps.bzl", "codeql_workspace_deps")
+
+codeql_workspace_deps()

codeql-workspace.yml

@@ -6,11 +6,20 @@ provide:
   - "*/ql/consistency-queries/qlpack.yml"
   - "*/ql/automodel/src/qlpack.yml"
   - "*/ql/automodel/test/qlpack.yml"
-  - "python/extractor/qlpack.yml"
   - "shared/**/qlpack.yml"
   - "cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/qlpack.yml"
   - "go/ql/config/legacy-support/qlpack.yml"
   - "go/build/codeql-extractor-go/codeql-extractor.yml"
+  - "javascript/ql/experimental/adaptivethreatmodeling/lib/qlpack.yml"
+  # This pack is explicitly excluded from the workspace since most users
+  # will want to use a version of this pack from the package cache. Internal
+  # users can uncomment the following line and place a custom ML model
+  # in the corresponding pack to test a custom ML model within their local
+  # checkout.
+  # - "javascript/ql/experimental/adaptivethreatmodeling/model/qlpack.yml"
+  - "javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/qlpack.yml"
+  - "javascript/ql/experimental/adaptivethreatmodeling/src/qlpack.yml"
+  - "javascript/ql/experimental/adaptivethreatmodeling/test/qlpack.yml"
   - "csharp/ql/campaigns/Solorigate/lib/qlpack.yml"
   - "csharp/ql/campaigns/Solorigate/src/qlpack.yml"
   - "csharp/ql/campaigns/Solorigate/test/qlpack.yml"
@@ -18,6 +27,7 @@ provide:
   - "misc/suite-helpers/qlpack.yml"
   - "ruby/extractor-pack/codeql-extractor.yml"
   - "swift/extractor-pack/codeql-extractor.yml"
+  - "swift/integration-tests/qlpack.yml"
   - "ql/extractor-pack/codeql-extractor.yml"
   - ".github/codeql/extensions/**/codeql-pack.yml"
 

config/identical-files.json

@@ -88,46 +88,123 @@
   "IR Instruction": [
     "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll",
     "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll"
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll",
+    "csharp/ql/src/experimental/ir/implementation/raw/Instruction.qll",
+    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/Instruction.qll"
   ],
   "IR IRBlock": [
     "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRBlock.qll",
     "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRBlock.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRBlock.qll"
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRBlock.qll",
+    "csharp/ql/src/experimental/ir/implementation/raw/IRBlock.qll",
+    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRBlock.qll"
   ],
   "IR IRVariable": [
     "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRVariable.qll",
     "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRVariable.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRVariable.qll"
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRVariable.qll",
+    "csharp/ql/src/experimental/ir/implementation/raw/IRVariable.qll",
+    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRVariable.qll"
   ],
   "IR IRFunction": [
     "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRFunction.qll",
     "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRFunction.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRFunction.qll"
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRFunction.qll",
+    "csharp/ql/src/experimental/ir/implementation/raw/IRFunction.qll",
+    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRFunction.qll"
   ],
   "IR Operand": [
     "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Operand.qll",
     "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Operand.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Operand.qll"
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Operand.qll",
+    "csharp/ql/src/experimental/ir/implementation/raw/Operand.qll",
+    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/Operand.qll"
+  ],
+  "IR IRType": [
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/IRType.qll",
+    "csharp/ql/src/experimental/ir/implementation/IRType.qll"
+  ],
+  "IR IRConfiguration": [
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/IRConfiguration.qll",
+    "csharp/ql/src/experimental/ir/implementation/IRConfiguration.qll"
+  ],
+  "IR UseSoundEscapeAnalysis": [
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/UseSoundEscapeAnalysis.qll",
+    "csharp/ql/src/experimental/ir/implementation/UseSoundEscapeAnalysis.qll"
+  ],
+  "IR IRFunctionBase": [
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/IRFunctionBase.qll",
+    "csharp/ql/src/experimental/ir/implementation/internal/IRFunctionBase.qll"
+  ],
+  "IR Operand Tag": [
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/OperandTag.qll",
+    "csharp/ql/src/experimental/ir/implementation/internal/OperandTag.qll"
+  ],
+  "IR TInstruction": [
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TInstruction.qll",
+    "csharp/ql/src/experimental/ir/implementation/internal/TInstruction.qll"
+  ],
+  "IR TIRVariable": [
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TIRVariable.qll",
+    "csharp/ql/src/experimental/ir/implementation/internal/TIRVariable.qll"
   ],
   "IR IR": [
     "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IR.qll",
     "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IR.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IR.qll"
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IR.qll",
+    "csharp/ql/src/experimental/ir/implementation/raw/IR.qll",
+    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IR.qll"
   ],
   "IR IRConsistency": [
     "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRConsistency.qll",
     "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRConsistency.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRConsistency.qll"
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRConsistency.qll",
+    "csharp/ql/src/experimental/ir/implementation/raw/IRConsistency.qll",
+    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRConsistency.qll"
   ],
   "IR PrintIR": [
     "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/PrintIR.qll",
     "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/PrintIR.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/PrintIR.qll"
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/PrintIR.qll",
+    "csharp/ql/src/experimental/ir/implementation/raw/PrintIR.qll",
+    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/PrintIR.qll"
+  ],
+  "IR IntegerConstant": [
+    "cpp/ql/lib/semmle/code/cpp/ir/internal/IntegerConstant.qll",
+    "csharp/ql/src/experimental/ir/internal/IntegerConstant.qll"
+  ],
+  "IR IntegerInteval": [
+    "cpp/ql/lib/semmle/code/cpp/ir/internal/IntegerInterval.qll",
+    "csharp/ql/src/experimental/ir/internal/IntegerInterval.qll"
+  ],
+  "IR IntegerPartial": [
+    "cpp/ql/lib/semmle/code/cpp/ir/internal/IntegerPartial.qll",
+    "csharp/ql/src/experimental/ir/internal/IntegerPartial.qll"
+  ],
+  "IR Overlap": [
+    "cpp/ql/lib/semmle/code/cpp/ir/internal/Overlap.qll",
+    "csharp/ql/src/experimental/ir/internal/Overlap.qll"
+  ],
+  "IR EdgeKind": [
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/EdgeKind.qll",
+    "csharp/ql/src/experimental/ir/implementation/EdgeKind.qll"
+  ],
+  "IR MemoryAccessKind": [
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/MemoryAccessKind.qll",
+    "csharp/ql/src/experimental/ir/implementation/MemoryAccessKind.qll"
+  ],
+  "IR TempVariableTag": [
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/TempVariableTag.qll",
+    "csharp/ql/src/experimental/ir/implementation/TempVariableTag.qll"
+  ],
+  "IR Opcode": [
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/Opcode.qll",
+    "csharp/ql/src/experimental/ir/implementation/Opcode.qll"
   ],
   "IR SSAConsistency": [
     "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConsistency.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConsistency.qll"
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConsistency.qll",
+    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SSAConsistency.qll"
   ],
   "C++ IR InstructionImports": [
     "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/InstructionImports.qll",
@@ -175,7 +252,8 @@
   ],
   "SSA AliasAnalysis": [
     "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/AliasAnalysis.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasAnalysis.qll"
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasAnalysis.qll",
+    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/AliasAnalysis.qll"
   ],
   "SSA PrintAliasAnalysis": [
     "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/PrintAliasAnalysis.qll",
@@ -190,28 +268,44 @@
     "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/internal/ValueNumberingImports.qll",
     "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/internal/ValueNumberingImports.qll"
   ],
+  "IR SSA SimpleSSA": [
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll",
+    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll"
+  ],
+  "IR AliasConfiguration (unaliased_ssa)": [
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/AliasConfiguration.qll",
+    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/AliasConfiguration.qll"
+  ],
   "IR SSA SSAConstruction": [
     "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll"
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll",
+    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll"
   ],
   "IR SSA PrintSSA": [
     "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/PrintSSA.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/PrintSSA.qll"
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/PrintSSA.qll",
+    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/PrintSSA.qll"
   ],
   "IR ValueNumberInternal": [
     "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/gvn/internal/ValueNumberingInternal.qll",
     "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/internal/ValueNumberingInternal.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/internal/ValueNumberingInternal.qll"
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/internal/ValueNumberingInternal.qll",
+    "csharp/ql/src/experimental/ir/implementation/raw/gvn/internal/ValueNumberingInternal.qll",
+    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/gvn/internal/ValueNumberingInternal.qll"
   ],
   "C++ IR ValueNumber": [
     "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/gvn/ValueNumbering.qll",
     "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/ValueNumbering.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/ValueNumbering.qll"
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/ValueNumbering.qll",
+    "csharp/ql/src/experimental/ir/implementation/raw/gvn/ValueNumbering.qll",
+    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/gvn/ValueNumbering.qll"
   ],
   "C++ IR PrintValueNumbering": [
     "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/gvn/PrintValueNumbering.qll",
     "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/PrintValueNumbering.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/PrintValueNumbering.qll"
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/PrintValueNumbering.qll",
+    "csharp/ql/src/experimental/ir/implementation/raw/gvn/PrintValueNumbering.qll",
+    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/gvn/PrintValueNumbering.qll"
   ],
   "C++ IR ConstantAnalysis": [
     "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/constant/ConstantAnalysis.qll",
@@ -239,6 +333,38 @@
     "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/reachability/PrintDominance.qll",
     "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/reachability/PrintDominance.qll"
   ],
+  "C# IR InstructionImports": [
+    "csharp/ql/src/experimental/ir/implementation/raw/internal/InstructionImports.qll",
+    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/InstructionImports.qll"
+  ],
+  "C# IR IRImports": [
+    "csharp/ql/src/experimental/ir/implementation/raw/internal/IRImports.qll",
+    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/IRImports.qll"
+  ],
+  "C# IR IRBlockImports": [
+    "csharp/ql/src/experimental/ir/implementation/raw/internal/IRBlockImports.qll",
+    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/IRBlockImports.qll"
+  ],
+  "C# IR IRFunctionImports": [
+    "csharp/ql/src/experimental/ir/implementation/raw/internal/IRFunctionImports.qll",
+    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/IRFunctionImports.qll"
+  ],
+  "C# IR IRVariableImports": [
+    "csharp/ql/src/experimental/ir/implementation/raw/internal/IRVariableImports.qll",
+    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/IRVariableImports.qll"
+  ],
+  "C# IR OperandImports": [
+    "csharp/ql/src/experimental/ir/implementation/raw/internal/OperandImports.qll",
+    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/OperandImports.qll"
+  ],
+  "C# IR PrintIRImports": [
+    "csharp/ql/src/experimental/ir/implementation/raw/internal/PrintIRImports.qll",
+    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/PrintIRImports.qll"
+  ],
+  "C# IR ValueNumberingImports": [
+    "csharp/ql/src/experimental/ir/implementation/raw/gvn/internal/ValueNumberingImports.qll",
+    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/gvn/internal/ValueNumberingImports.qll"
+  ],
   "C# ControlFlowReachability": [
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/ControlFlowReachability.qll",
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/ControlFlowReachability.qll"
@@ -251,6 +377,13 @@
     "cpp/ql/src/Security/CWE/CWE-020/SafeExternalAPIFunction.qll",
     "cpp/ql/src/Security/CWE/CWE-020/ir/SafeExternalAPIFunction.qll"
   ],
+  "XML": [
+    "cpp/ql/lib/semmle/code/cpp/XML.qll",
+    "csharp/ql/lib/semmle/code/csharp/XML.qll",
+    "java/ql/lib/semmle/code/xml/XML.qll",
+    "javascript/ql/lib/semmle/javascript/XML.qll",
+    "python/ql/lib/semmle/python/xml/XML.qll"
+  ],
   "DuplicationProblems.inc.qhelp": [
     "cpp/ql/src/Metrics/Files/DuplicationProblems.inc.qhelp",
     "javascript/ql/src/Metrics/DuplicationProblems.inc.qhelp",
@@ -298,6 +431,13 @@
     "java/ql/src/experimental/Security/CWE/CWE-400/LocalThreadResourceAbuse.qhelp",
     "java/ql/src/experimental/Security/CWE/CWE-400/ThreadResourceAbuse.qhelp"
   ],
+  "IDE Contextual Queries": [
+    "cpp/ql/lib/IDEContextual.qll",
+    "csharp/ql/lib/IDEContextual.qll",
+    "java/ql/lib/IDEContextual.qll",
+    "javascript/ql/lib/IDEContextual.qll",
+    "python/ql/lib/analysis/IDEContextual.qll"
+  ],
   "CryptoAlgorithms Python/JS/Ruby": [
     "javascript/ql/lib/semmle/javascript/security/CryptoAlgorithms.qll",
     "python/ql/lib/semmle/python/concepts/CryptoAlgorithms.qll",
@@ -333,6 +473,10 @@
     "ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModelsExtensions.qll",
     "python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsExtensions.qll"
   ],
+  "Typo database": [
+    "javascript/ql/src/Expressions/TypoDatabase.qll",
+    "ql/ql/src/codeql_ql/style/TypoDatabase.qll"
+  ],
   "Swift declarations test file": [
     "swift/ql/test/extractor-tests/declarations/declarations.swift",
     "swift/ql/test/library-tests/ast/declarations.swift"
@@ -362,7 +506,7 @@
     "java/ql/lib/semmle/code/java/security/internal/EncryptionKeySizes.qll"
   ],
   "Python model summaries test extension": [
-    "python/ql/test/library-tests/dataflow/model-summaries/InlineTaintTest.ext.yml",
-    "python/ql/test/library-tests/dataflow/model-summaries/NormalDataflowTest.ext.yml"
+    "python/ql/test/experimental/dataflow/model-summaries/InlineTaintTest.ext.yml",
+    "python/ql/test/experimental/dataflow/model-summaries/NormalDataflowTest.ext.yml"
   ]
-}
+}

cpp/BUILD.bazel

@@ -1,4 +1,4 @@
-load("@rules_pkg//pkg:mappings.bzl", "pkg_filegroup")
+load("@rules_pkg//:mappings.bzl", "pkg_filegroup")
 
 package(default_visibility = ["//visibility:public"])
 

cpp/autobuilder/.gitignore

@@ -0,0 +1,13 @@
+obj/
+TestResults/
+*.manifest
+*.pdb
+*.suo
+*.mdb
+*.vsmdi
+csharp.log
+**/bin/Debug
+**/bin/Release
+*.tlog
+.vs
+*.user

cpp/autobuilder/README.md

@@ -1 +0,0 @@
-The Windows autobuilder that used to live in this directory moved to `csharp/autobuilder/Semmle.Autobuild.Cpp`.

cpp/autobuilder/Semmle.Autobuild.Cpp.Tests/BuildScripts.cs

@@ -203,8 +203,6 @@ namespace Semmle.Autobuild.Cpp.Tests
         public IList<DiagnosticMessage> Diagnostics { get; } = new List<DiagnosticMessage>();
 
         public void AddEntry(DiagnosticMessage message) => this.Diagnostics.Add(message);
-
-        public void Dispose() { }
     }
 
     /// <summary>
@@ -252,7 +250,12 @@ namespace Semmle.Autobuild.Cpp.Tests
             EndCallbackIn.Add(s);
         }
 
-        CppAutobuilder CreateAutoBuilder(bool isWindows, string? dotnetVersion = null, string cwd = @"C:\Project")
+        CppAutobuilder CreateAutoBuilder(bool isWindows,
+            string? buildless = null, string? solution = null, string? buildCommand = null, string? ignoreErrors = null,
+            string? msBuildArguments = null, string? msBuildPlatform = null, string? msBuildConfiguration = null, string? msBuildTarget = null,
+            string? dotnetArguments = null, string? dotnetVersion = null, string? vsToolsVersion = null,
+            string? nugetRestore = null, string? allSolutions = null,
+            string cwd = @"C:\Project")
         {
             string codeqlUpperLanguage = Language.Cpp.UpperCaseName;
             Actions.GetEnvironmentVariable[$"CODEQL_AUTOBUILDER_{codeqlUpperLanguage}_NO_INDEXING"] = "false";
@@ -262,7 +265,22 @@ namespace Semmle.Autobuild.Cpp.Tests
             Actions.GetEnvironmentVariable[$"CODEQL_EXTRACTOR_{codeqlUpperLanguage}_DIAGNOSTIC_DIR"] = "";
             Actions.GetEnvironmentVariable["CODEQL_JAVA_HOME"] = @"C:\codeql\tools\java";
             Actions.GetEnvironmentVariable["CODEQL_PLATFORM"] = "win64";
-            Actions.GetEnvironmentVariable["CODEQL_EXTRACTOR_CSHARP_OPTION_DOTNET_VERSION"] = dotnetVersion;
+            Actions.GetEnvironmentVariable["SEMMLE_DIST"] = @"C:\odasa";
+            Actions.GetEnvironmentVariable["SEMMLE_JAVA_HOME"] = @"C:\odasa\tools\java";
+            Actions.GetEnvironmentVariable["SEMMLE_PLATFORM_TOOLS"] = @"C:\odasa\tools";
+            Actions.GetEnvironmentVariable["LGTM_INDEX_VSTOOLS_VERSION"] = vsToolsVersion;
+            Actions.GetEnvironmentVariable["LGTM_INDEX_MSBUILD_ARGUMENTS"] = msBuildArguments;
+            Actions.GetEnvironmentVariable["LGTM_INDEX_MSBUILD_PLATFORM"] = msBuildPlatform;
+            Actions.GetEnvironmentVariable["LGTM_INDEX_MSBUILD_CONFIGURATION"] = msBuildConfiguration;
+            Actions.GetEnvironmentVariable["LGTM_INDEX_MSBUILD_TARGET"] = msBuildTarget;
+            Actions.GetEnvironmentVariable["LGTM_INDEX_DOTNET_ARGUMENTS"] = dotnetArguments;
+            Actions.GetEnvironmentVariable["LGTM_INDEX_DOTNET_VERSION"] = dotnetVersion;
+            Actions.GetEnvironmentVariable["LGTM_INDEX_BUILD_COMMAND"] = buildCommand;
+            Actions.GetEnvironmentVariable["LGTM_INDEX_SOLUTION"] = solution;
+            Actions.GetEnvironmentVariable["LGTM_INDEX_IGNORE_ERRORS"] = ignoreErrors;
+            Actions.GetEnvironmentVariable["LGTM_INDEX_BUILDLESS"] = buildless;
+            Actions.GetEnvironmentVariable["LGTM_INDEX_ALL_SOLUTIONS"] = allSolutions;
+            Actions.GetEnvironmentVariable["LGTM_INDEX_NUGET_RESTORE"] = nugetRestore;
             Actions.GetEnvironmentVariable["ProgramFiles(x86)"] = isWindows ? @"C:\Program Files (x86)" : null;
             Actions.GetCurrentDirectory = cwd;
             Actions.IsWindows = isWindows;

cpp/autobuilder/Semmle.Autobuild.Cpp.Tests/Semmle.Autobuild.Cpp.Tests.csproj

@@ -0,0 +1,26 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <OutputType>Exe</OutputType>
+    <TargetFramework>net8.0</TargetFramework>
+    <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
+    <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="System.IO.FileSystem" Version="4.3.0" />
+    <PackageReference Include="System.IO.FileSystem.Primitives" Version="4.3.0" />
+    <PackageReference Include="xunit" Version="2.6.2" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="2.5.4">
+      <PrivateAssets>all</PrivateAssets>
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
+    </PackageReference>
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\Semmle.Autobuild.Cpp\Semmle.Autobuild.Cpp.csproj" />
+    <ProjectReference Include="..\..\..\csharp\autobuilder\Semmle.Autobuild.Shared\Semmle.Autobuild.Shared.csproj" />
+  </ItemGroup>
+</Project>

cpp/autobuilder/Semmle.Autobuild.Cpp/CppAutobuilder.cs

@@ -26,6 +26,9 @@ namespace Semmle.Autobuild.Cpp
 
         public override BuildScript GetBuildScript()
         {
+            if (Options.BuildCommand != null)
+                return new BuildCommandRule((_, f) => f(null)).Analyse(this, false);
+
             return
                 // First try MSBuild
                 new MsBuildRule().Analyse(this, true) |

cpp/autobuilder/Semmle.Autobuild.Cpp/Program.cs

@@ -0,0 +1,33 @@
+using System;
+using Semmle.Autobuild.Shared;
+
+namespace Semmle.Autobuild.Cpp
+{
+    class Program
+    {
+        static int Main()
+        {
+
+            try
+            {
+                var actions = SystemBuildActions.Instance;
+                var options = new CppAutobuildOptions(actions);
+                try
+                {
+                    Console.WriteLine("CodeQL C++ autobuilder");
+                    var builder = new CppAutobuilder(actions, options);
+                    return builder.AttemptBuild();
+                }
+                catch (InvalidEnvironmentException ex)
+                {
+                    Console.WriteLine("The environment is invalid: {0}", ex.Message);
+                }
+            }
+            catch (ArgumentOutOfRangeException ex)
+            {
+                Console.WriteLine("The value \"{0}\" for parameter \"{1}\" is invalid", ex.ActualValue, ex.ParamName);
+            }
+            return 1;
+        }
+    }
+}

cpp/autobuilder/Semmle.Autobuild.Cpp/Properties/AssemblyInfo.cs

@@ -0,0 +1,32 @@
+using System.Reflection;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("Semmle.Autobuild.Cpp")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("GitHub")]
+[assembly: AssemblyProduct("CodeQL autobuilder for C++")]
+[assembly: AssemblyCopyright("Copyright © GitHub 2020")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components.  If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// Version information for an assembly consists of the following four values:
+//
+//      Major Version
+//      Minor Version
+//      Build Number
+//      Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]

cpp/autobuilder/Semmle.Autobuild.Cpp/Semmle.Autobuild.Cpp.csproj

@@ -0,0 +1,28 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <AssemblyName>Semmle.Autobuild.Cpp</AssemblyName>
+    <RootNamespace>Semmle.Autobuild.Cpp</RootNamespace>
+    <ApplicationIcon />
+    <OutputType>Exe</OutputType>
+    <StartupObject />
+    <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
+    <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Folder Include="Properties\" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.Build" Version="17.8.3" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\..\csharp\extractor\Semmle.Util\Semmle.Util.csproj" />
+    <ProjectReference Include="..\..\..\csharp\autobuilder\Semmle.Autobuild.Shared\Semmle.Autobuild.Shared.csproj" />
+  </ItemGroup>
+
+</Project>

cpp/downgrades/19887dbd33327fb07d54251786e0cb2578539775/upgrade.properties

@@ -1,4 +1,4 @@
 description: Revert support for repeated initializers, which are allowed in C with designated initializers.
 compatibility: full
-aggregate_field_init.rel: reorder aggregate_field_init.rel (@aggregateliteral aggregate, @expr initializer, @membervariable field, int position) aggregate initializer field
-aggregate_array_init.rel: reorder aggregate_array_init.rel (@aggregateliteral aggregate, @expr initializer, int element_index, int position) aggregate initializer element_index
+aggregate_field_init.rel: reorder aggregate_field_init.rel (int aggregate, int initializer, int field, int position) aggregate initializer field
+aggregate_array_init.rel: reorder aggregate_array_init.rel (int aggregate, int initializer, int element_index, int position) aggregate initializer element_index

cpp/downgrades/298438feb146335af824002589cd6d4e96e5dbf9/exprparents.ql

@@ -1,19 +0,0 @@
-class Element extends @element {
-  string toString() { none() }
-}
-
-class Expr extends @expr {
-  string toString() { none() }
-}
-
-class Stmt extends @stmt {
-  string toString() { none() }
-}
-
-predicate isStmtWithInitializer(Stmt stmt) { exists(int kind | stmts(stmt, kind, _) | kind = 29) }
-
-from Expr child, int index, int index_new, Element parent
-where
-  exprparents(child, index, parent) and
-  if isStmtWithInitializer(parent) then index_new = index - 1 else index_new = index
-select child, index_new, parent

cpp/downgrades/298438feb146335af824002589cd6d4e96e5dbf9/for_initialization.ql

@@ -1,9 +0,0 @@
-class Stmt extends @stmt {
-  string toString() { none() }
-}
-
-from Stmt f, Stmt i
-where
-  for_initialization(f, i) and
-  f instanceof @stmt_for
-select f, i

cpp/downgrades/298438feb146335af824002589cd6d4e96e5dbf9/stmtparents.ql

@@ -1,20 +0,0 @@
-class Element extends @element {
-  string toString() { none() }
-}
-
-class Stmt extends @stmt {
-  string toString() { none() }
-}
-
-predicate isStmtWithInitializer(Stmt stmt) { exists(int kind | stmts(stmt, kind, _) | kind = 29) }
-
-from Stmt child, int index, int index_new, Element parent
-where
-  stmtparents(child, index, parent) and
-  (
-    not isStmtWithInitializer(parent)
-    or
-    index > 0
-  ) and
-  if isStmtWithInitializer(parent) then index_new = index - 1 else index_new = index
-select child, index_new, parent

cpp/downgrades/298438feb146335af824002589cd6d4e96e5dbf9/upgrade.properties

@@ -1,5 +0,0 @@
-description: Support C++20 range-based for initializers
-compatibility: partial
-exprparents.rel: run exprparents.qlo
-stmtparents.rel: run stmtparents.qlo
-for_initialization.rel: run for_initialization.qlo

cpp/downgrades/4f9fabab5124d49108782c081579f45a70571d74/mangled_name.ql

@@ -1,11 +0,0 @@
-class Declaration extends @declaration {
-  string toString() { none() }
-}
-
-class MangledName extends @mangledname {
-  string toString() { none() }
-}
-
-from Declaration d, MangledName n
-where mangled_name(d, n, _)
-select d, n

cpp/downgrades/4f9fabab5124d49108782c081579f45a70571d74/upgrade.properties

@@ -1,3 +0,0 @@
-description: Add completness information to mangled name table
-compatibility: full
-mangled_name.rel: run mangled_name.qlo

cpp/downgrades/BUILD.bazel

@@ -1,4 +1,4 @@
-load("@rules_pkg//pkg:mappings.bzl", "pkg_files", "strip_prefix")
+load("@rules_pkg//:mappings.bzl", "pkg_files", "strip_prefix")
 
 pkg_files(
     name = "downgrades",

cpp/downgrades/aa7ff0ab32cd4674f6ab731d32fea64116997b05/exprs.ql

@@ -1,13 +0,0 @@
-class Expr extends @expr {
-  string toString() { none() }
-}
-
-class Location extends @location_expr {
-  string toString() { none() }
-}
-
-from Expr expr, int kind, int kind_new, Location loc
-where
-  exprs(expr, kind, loc) and
-  if kind = 363 then kind_new = 1 else kind_new = kind
-select expr, kind_new, loc

cpp/downgrades/aa7ff0ab32cd4674f6ab731d32fea64116997b05/upgrade.properties

@@ -1,4 +0,0 @@
-description: Introduce re-use expressions
-compatibility: partial
-expr_reuse.rel: delete
-exprs.rel: run exprs.qlo

cpp/downgrades/abfce5c170f93e281948f7689ece373464fdaf87/expr_reuse.ql

@@ -1,7 +0,0 @@
-class Expr extends @expr {
-  string toString() { none() }
-}
-
-from Expr reuse, Expr original
-where expr_reuse(reuse, original, _)
-select reuse, original

cpp/downgrades/abfce5c170f93e281948f7689ece373464fdaf87/expr_types.ql

@@ -1,22 +0,0 @@
-class Expr extends @expr {
-  string toString() { none() }
-}
-
-class Type extends @type {
-  string toString() { none() }
-}
-
-predicate existingType(Expr expr, Type type, int value_category) {
-  expr_types(expr, type, value_category)
-}
-
-predicate reuseType(Expr reuse, Type type, int value_category) {
-  exists(Expr original |
-    expr_reuse(reuse, original, value_category) and
-    expr_types(original, type, _)
-  )
-}
-
-from Expr expr, Type type, int value_category
-where existingType(expr, type, value_category) or reuseType(expr, type, value_category)
-select expr, type, value_category

cpp/downgrades/abfce5c170f93e281948f7689ece373464fdaf87/upgrade.properties

@@ -1,4 +0,0 @@
-description: Add value category to expr_reuse table
-compatibility: full
-expr_reuse.rel: run expr_reuse.qlo
-expr_types.rel: run expr_types.qlo

cpp/downgrades/cf72c8898d19eb1b3374432cf79d8276cb07ad43/upgrade.properties

@@ -1,6 +1,5 @@
 description: Support C++17 if and switch initializers
 compatibility: partial
-constexpr_if_initialization.rel: delete
 if_initialization.rel: delete
 switch_initialization.rel: delete
 exprparents.rel: run exprparents.qlo

cpp/ql/lib/BUILD.bazel

@@ -1,4 +1,4 @@
-load("@rules_pkg//pkg:mappings.bzl", "pkg_files")
+load("@rules_pkg//:mappings.bzl", "pkg_files")
 
 package(default_visibility = ["//cpp:__pkg__"])
 

cpp/ql/lib/CHANGELOG.md

@@ -1,76 +1,6 @@
-## 0.13.1
-
-No user-facing changes.
-
-## 0.13.0
-
-### Breaking Changes
-
-* Deleted the deprecated `GlobalValueNumberingImpl.qll` implementation.
-
-### New Features
-
-* Models-as-Data support has been added for C/C++. This feature allows flow sources, sinks and summaries to be expressed in compact strings as an alternative to modelling each source / sink / summary with explicit QL. See `dataflow/ExternalFlow.qll` for documentation and specification of the model format, and `models/implementations/ZMQ.qll` for a simple example of models. Importing models from `.yml` is not yet supported.
-
-### Minor Analysis Improvements
-
-* Source models have been added for the standard library function `getc` (and variations).
-* Source, sink and flow models for the ZeroMQ (ZMQ) networking library have been added.
-* Parameters of functions without definitions now have `ParameterNode`s.
-* The alias analysis used internally by various libraries has been improved to answer alias questions more conservatively. As a result, some queries may report fewer false positives.
-
-## 0.12.11
-
-No user-facing changes.
-
-## 0.12.10
-
-### New Features
-
-* Added a `TaintInheritingContent` class that can be extended to model taint flowing from a qualifier to a field.
-* Added a predicate `GuardCondition.comparesEq/4` to query whether an expression is compared to a constant. 
-* Added a predicate `GuardCondition.ensuresEq/4` to query whether a basic block is guarded by an expression being equal to a constant.
-* Added a predicate `GuardCondition.comparesLt/4` to query whether an expression is compared to a constant. 
-* Added a predicate `GuardCondition.ensuresLt/4` to query whether a basic block is guarded by an expression being less than a constant.
-* Added a predicate `GuardCondition.valueControls` to query whether a basic block is guarded by a particular `case` of a `switch` statement.
-
-### Minor Analysis Improvements
-
-* Added destructors for temporary objects with extended lifetimes to the intermediate representation.
-
-## 0.12.9
-
-No user-facing changes.
-
-## 0.12.8
-
-No user-facing changes.
-
-## 0.12.7
-
-### Minor Analysis Improvements
-
-* Added destructors for named objects to the intermediate representation.
-
-## 0.12.6
-
-### New Features
-
-* A `getInitialization` predicate was added to the `RangeBasedForStmt` class that yields the C++20-style initializer of the range-based `for` statement when it exists.
-
-## 0.12.5
-
-### New Features
-
-* Added the `PreprocBlock.qll` library to this repository.  This library offers a view of `#if`, `#elif`, `#else` and similar directives as a tree with navigable parent-child relationships.
-* Added a new `ThrowingFunction` abstract class that can be used to model an external function that may throw an exception.
-
 ## 0.12.4
 
-### Minor Analysis Improvements
-
-* Deleted many deprecated predicates and classes with uppercase `XML`, `SSA`, `SAL`, `SQL`, etc. in their names. Use the PascalCased versions instead.
-* Deleted the deprecated `StrcatFunction` class, use `semmle.code.cpp.models.implementations.Strcat.qll` instead.
+No user-facing changes.
 
 ## 0.12.3
 

cpp/ql/lib/IDEContextual.qll

@@ -3,7 +3,6 @@
  */
 
 import semmle.files.FileSystem
-private import codeql.util.FileSystem
 
 /**
  * Returns the `File` matching the given source file name as encoded by the VS
@@ -11,5 +10,13 @@ private import codeql.util.FileSystem
  */
 cached
 File getFileBySourceArchiveName(string name) {
-  result = IdeContextual<File>::getFileBySourceArchiveName(name)
+  // The name provided for a file in the source archive by the VS Code extension
+  // has some differences from the absolute path in the database:
+  // 1. colons are replaced by underscores
+  // 2. there's a leading slash, even for Windows paths: "C:/foo/bar" ->
+  //    "/C_/foo/bar"
+  // 3. double slashes in UNC prefixes are replaced with a single slash
+  // We can handle 2 and 3 together by unconditionally adding a leading slash
+  // before replacing double slashes.
+  name = ("/" + result.getAbsolutePath().replaceAll(":", "_")).replaceAll("//", "/")
 }

cpp/ql/lib/change-notes/2024-05-23-Version1.md

@@ -1,4 +0,0 @@
----
-category: breaking
----
-* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0.

cpp/ql/lib/change-notes/released/0.12.10.md

@@ -1,14 +0,0 @@
-## 0.12.10
-
-### New Features
-
-* Added a `TaintInheritingContent` class that can be extended to model taint flowing from a qualifier to a field.
-* Added a predicate `GuardCondition.comparesEq/4` to query whether an expression is compared to a constant. 
-* Added a predicate `GuardCondition.ensuresEq/4` to query whether a basic block is guarded by an expression being equal to a constant.
-* Added a predicate `GuardCondition.comparesLt/4` to query whether an expression is compared to a constant. 
-* Added a predicate `GuardCondition.ensuresLt/4` to query whether a basic block is guarded by an expression being less than a constant.
-* Added a predicate `GuardCondition.valueControls` to query whether a basic block is guarded by a particular `case` of a `switch` statement.
-
-### Minor Analysis Improvements
-
-* Added destructors for temporary objects with extended lifetimes to the intermediate representation.

cpp/ql/lib/change-notes/released/0.12.11.md

@@ -1,3 +0,0 @@
-## 0.12.11
-
-No user-facing changes.

cpp/ql/lib/change-notes/released/0.12.4.md

@@ -1,6 +1,3 @@
 ## 0.12.4
 
-### Minor Analysis Improvements
-
-* Deleted many deprecated predicates and classes with uppercase `XML`, `SSA`, `SAL`, `SQL`, etc. in their names. Use the PascalCased versions instead.
-* Deleted the deprecated `StrcatFunction` class, use `semmle.code.cpp.models.implementations.Strcat.qll` instead.
+No user-facing changes.

cpp/ql/lib/change-notes/released/0.12.5.md

@@ -1,6 +0,0 @@
-## 0.12.5
-
-### New Features
-
-* Added the `PreprocBlock.qll` library to this repository.  This library offers a view of `#if`, `#elif`, `#else` and similar directives as a tree with navigable parent-child relationships.
-* Added a new `ThrowingFunction` abstract class that can be used to model an external function that may throw an exception.

cpp/ql/lib/change-notes/released/0.12.6.md

@@ -1,5 +0,0 @@
-## 0.12.6
-
-### New Features
-
-* A `getInitialization` predicate was added to the `RangeBasedForStmt` class that yields the C++20-style initializer of the range-based `for` statement when it exists.

cpp/ql/lib/change-notes/released/0.12.7.md

@@ -1,5 +0,0 @@
-## 0.12.7
-
-### Minor Analysis Improvements
-
-* Added destructors for named objects to the intermediate representation.

cpp/ql/lib/change-notes/released/0.12.8.md

@@ -1,3 +0,0 @@
-## 0.12.8
-
-No user-facing changes.

cpp/ql/lib/change-notes/released/0.12.9.md

@@ -1,3 +0,0 @@
-## 0.12.9
-
-No user-facing changes.

cpp/ql/lib/change-notes/released/0.13.0.md

@@ -1,16 +0,0 @@
-## 0.13.0
-
-### Breaking Changes
-
-* Deleted the deprecated `GlobalValueNumberingImpl.qll` implementation.
-
-### New Features
-
-* Models-as-Data support has been added for C/C++. This feature allows flow sources, sinks and summaries to be expressed in compact strings as an alternative to modelling each source / sink / summary with explicit QL. See `dataflow/ExternalFlow.qll` for documentation and specification of the model format, and `models/implementations/ZMQ.qll` for a simple example of models. Importing models from `.yml` is not yet supported.
-
-### Minor Analysis Improvements
-
-* Source models have been added for the standard library function `getc` (and variations).
-* Source, sink and flow models for the ZeroMQ (ZMQ) networking library have been added.
-* Parameters of functions without definitions now have `ParameterNode`s.
-* The alias analysis used internally by various libraries has been improved to answer alias questions more conservatively. As a result, some queries may report fewer false positives.

cpp/ql/lib/change-notes/released/0.13.1.md

@@ -1,3 +0,0 @@
-## 0.13.1
-
-No user-facing changes.

cpp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.13.1
+lastReleaseVersion: 0.12.4

cpp/ql/lib/experimental/buildless/ASTSig.qll

@@ -1,88 +0,0 @@
-import cpp
-
-/*
-    The syntax of a C++ program.
-*/
-signature module BuildlessASTSig
-{
-    class Node;
-    predicate nodeLocation(Node node, Location location);
-
-    // Parent/child relationship between AST nodes
-    predicate edge(Node parent, int index, Node child);
-
-    // Include graph
-    predicate userInclude(Node include, string path);
-    predicate systemInclude(Node include, string path);
-
-    // Namespaces
-    predicate namespace(Node ns);
-    predicate namespaceName(Node ns, string name);
-    predicate namespaceMember(Node ns, Node member);
-
-    // Functions
-    predicate function(Node fn);
-    predicate functionBody(Node fn, Node body);
-    predicate functionReturn(Node fn, Node returnType);
-    predicate functionName(Node fn, string name);
-    predicate functionParameter(Node fn, int i, Node parameterDecl);
-    predicate functionDefinition(Node fn);  // If a definition as opposed to a declaration
-
-    // Statements
-    predicate stmt(Node node);
-    predicate blockStmt(Node stmt);
-    predicate blockMember(Node stmt, int index, Node child);
-    predicate ifStmt(Node stmt, Node condition, Node thenBranch);
-    predicate ifStmt(Node tmt, Node condition, Node thenBranch, Node elseBranch);
-    predicate whileStmt(Node stmt, Node condition, Node body);
-    predicate doWhileStmt(Node stmt, Node condition, Node body);
-    predicate forStmt(Node stmt, Node init, Node condition, Node update, Node body);
-    predicate exprStmt(Node stmt, Node expr);
-    predicate returnStmt(Node stmt, Node expr);
-    predicate returnVoidStmt(Node stmt);
-    // etc
-
-    // Types
-    predicate type(Node type);
-    predicate ptrType(Node type, Node element);
-    predicate refType(Node type, Node element);
-    predicate constType(Node type, Node element);
-    predicate rvalueRefType(Node type, Node element);
-    predicate arrayType(Node type, Node element, Node size);
-    predicate arrayType(Node type, Node element);
-    predicate typename(Node node, string name);  // Any named type, including built-in types
-    predicate templated(Node node);
-    predicate typeDefinition(Node node);  // If a definition as opposed to a declaration
-
-    predicate classOrStructDefinition(Node node);
-    predicate classMember(Node classOrStruct, int child, Node member);
-
-    // Templates
-    predicate templateParameter(Node node, int i, Node parameter);
-    predicate typeParameter(Node templateParameter, Node type, Node parameter);
-    predicate typeParameterDefault(Node templateParameter, Node defaultTypeOrValue);
-
-    // Declarations
-    predicate variableDeclaration(Node decl);
-    predicate variableDeclarationType(Node decl, Node type);
-    predicate variableDeclarationEntry(Node decl, int index, Node entry);
-    predicate variableDeclarationEntryInitializer(Node entry, Node initializer);
-    predicate variableName(Node entry, string name);
-    predicate ptrEntry(Node entry, Node element);
-    predicate refEntry(Node entry, Node element);
-    predicate rvalueRefEntry(Node entry, Node element);
-    predicate arrayEntry(Node entry, Node element);  // ?? Size
-
-    // Expressions
-    predicate expression(Node node);
-    predicate prefixExpr(Node expr, string operator, Node operand);
-    predicate postfixExpr(Node expr, Node operand, string operator);
-    predicate binaryExpr(Node expr, Node lhs, string operator, Node rhs);
-    predicate castExpr(Node expr, Node type, Node operand);
-    predicate callExpr(Node call);
-    predicate callArgument(Node call, int i, Node arg);
-    predicate callReceiver(Node call, Node receiver);
-    predicate accessExpr(Node expr, string name);
-    predicate literal(Node expr, string value);
-    predicate stringLiteral(Node expr, string value);
-}

cpp/ql/lib/experimental/buildless/CompiledAST.qll

@@ -1,304 +0,0 @@
-import cpp
-import ASTSig
-
-module CompiledAST implements BuildlessASTSig {
-  private class SourceLocation extends Location {
-    SourceLocation() { not this.hasLocationInfo(_, 0, 0, 0, 0) }
-  }
-
-  private Type reachableType(Type type) {
-    result = type or
-    result = reachableType(type).stripTopLevelSpecifiers() or
-    result = reachableType(type).(PointerType).getBaseType() or
-    result = reachableType(type).(ReferenceType).getBaseType()
-  }
-
-  private class SourceDeclEntry extends DeclarationEntry {
-    SourceDeclEntry() {
-      not this.isAffectedByMacro() and
-      not this.isFromTemplateInstantiation(_) and
-      not this.isInMacroExpansion() and
-      not this.getDeclaration().isInMacroExpansion() and
-      this.getLocation() instanceof SourceLocation and
-      not this.(FunctionDeclarationEntry).getDeclaration().isCompilerGenerated()
-    }
-  }
-
-  private newtype TNode =
-    // TFunction(SourceLocation loc) { exists(Function f | f.getLocation() = loc) } or
-    TStatement(SourceLocation loc) { exists(Stmt s | s.getLocation() = loc) } or
-    TDeclaration(SourceDeclEntry decl) or
-    TExpression(SourceLocation loc) { exists(Expr e | e.getLocation() = loc) } or
-    TFunctionCallName(SourceLocation loc) { exists(FunctionCall c | c.getLocation() = loc) } or
-    TDeclarationType(SourceDeclEntry decl, Type type) { type = reachableType(decl.getType()) } or
-    TNamespaceDeclaration(NamespaceDeclarationEntry ns) { any() } or
-    TInclude(Include i)
-
-  class Node extends TNode {
-    string toString() { result = "node" }
-
-    SourceLocation getLocation() {
-      this = TStatement(result) or
-      result = this.getDeclaration().getLocation() or
-      this = TExpression(result) or
-      this = TFunctionCallName(result) or
-      result = this.getVariableDeclaration().getLocation() or
-      result = this.getNamespaceDeclaration().getLocation() or
-      result = this.getInclude().getLocation()
-    }
-
-    Include getInclude() { this = TInclude(result) }
-
-    Stmt getStmt() { this = TStatement(result.getLocation()) }
-
-    Function getFunction() {
-      result = this.getDeclaration().getDeclaration() and
-      not result.isFromTemplateInstantiation(_) and
-      not result.isCompilerGenerated()
-    }
-
-    SourceDeclEntry getDeclaration() { this = TDeclaration(result) }
-
-    NamespaceDeclarationEntry getNamespaceDeclaration() { this = TNamespaceDeclaration(result) }
-
-    Type getType() { this = TDeclarationType(_, result) }
-
-    SourceDeclEntry getVariableDeclaration() { this = TDeclarationType(result, _) }
-
-    Expr getExpr() { this = TExpression(result.getLocation()) }
-
-    FunctionCall getFunctionCallName() { this = TFunctionCallName(result.getLocation()) }
-  }
-
-  predicate nodeLocation(Node node, Location location) { location = node.getLocation() }
-
-  // Include graph
-  predicate userInclude(Node include, string path) {
-    exists(string head | head = include.getInclude().getHead() |
-      path = head.substring(1, head.length() - 1) and head.charAt(0) = "\""
-    )
-  }
-
-  predicate systemInclude(Node include, string path) {
-    exists(string head | head = include.getInclude().getHead() |
-      path = head.substring(1, head.length() - 1) and head.charAt(0) = "<"
-    )
-  }
-
-  // Functions
-  predicate function(Node fn) { exists(fn.getFunction()) }
-
-  predicate functionBody(Node fn, Node body) { body.getStmt() = fn.getFunction().getBlock() }
-
-  predicate functionReturn(Node fn, Node returnType) {
-    returnType.getVariableDeclaration() = fn.getDeclaration() and
-    fn.getDeclaration().(FunctionDeclarationEntry).getDeclaration().getType() = returnType.getType()
-  }
-
-  predicate functionName(Node fn, string name) { name = fn.getFunction().getName() }
-
-  predicate functionParameter(Node fn, int i, Node parameterDecl) {
-    functionParameter0(fn, i, parameterDecl) and
-    not exists(Node param2 | functionParameter0(fn, i, param2) |
-      param2.getLocation().getStartLine() < parameterDecl.getLocation().getStartLine()
-    )
-  }
-
-  pragma[nomagic]
-  private predicate functionParameter0(Node fn, int i, Node parameterDecl) {
-    fn.getFunction().getParameter(i).getADeclarationEntry() = parameterDecl.getDeclaration() and
-    fn.getLocation().getFile() = parameterDecl.getLocation().getFile() and
-    fn.getLocation().getStartLine() <= parameterDecl.getLocation().getStartLine()
-  }
-
-  // Statements
-  predicate stmt(Node node) { exists(node.getStmt()) }
-
-  predicate blockStmt(Node stmt) { stmt.getStmt() instanceof BlockStmt }
-
-  predicate blockMember(Node stmt, int index, Node child) {
-    child.getStmt() = stmt.getStmt().(BlockStmt).getChild(index)
-  }
-
-  predicate ifStmt(Node stmt, Node condition, Node thenBranch) { none() }
-
-  predicate ifStmt(Node tmt, Node condition, Node thenBranch, Node elseBranch) { none() }
-
-  predicate whileStmt(Node stmt, Node condition, Node body) { none() }
-
-  predicate doWhileStmt(Node stmt, Node condition, Node body) { none() }
-
-  predicate forStmt(Node stmt, Node init, Node condition, Node update, Node body) { none() }
-
-  predicate exprStmt(Node stmt, Node expr) { none() }
-
-  predicate returnStmt(Node stmt, Node expr) { none() }
-
-  predicate returnVoidStmt(Node stmt) { none() }
-
-  // etc
-  // Types
-  predicate ptrType(Node node, Node element) {
-    exists(PointerType type, SourceDeclEntry e |
-      node = TDeclarationType(e, type) and
-      element = TDeclarationType(e, type.getBaseType())
-    )
-  }
-
-  predicate refType(Node node, Node element) {
-    exists(ReferenceType type, SourceDeclEntry e |
-      node = TDeclarationType(e, type) and
-      element = TDeclarationType(e, type.getBaseType())
-    )
-  }
-
-  predicate rvalueRefType(Node type, Node element) { none() }
-
-  predicate arrayType(Node type, Node element, Node size) { none() }
-
-  predicate arrayType(Node type, Node element) { none() }
-
-  predicate typename(Node node, string name) {
-    exists(Class c | c = node.getDeclaration().getDeclaration() |
-      not c.isAnonymous() and c.getName() = name
-    )
-    or
-    name = node.getType().getName()
-  }
-
-  predicate templated(Node node) { none() }
-
-  predicate classOrStructDefinition(Node node) {
-    node.getDeclaration().getDeclaration() instanceof Class
-  }
-
-  predicate classMember(Node classOrStruct, int child, Node member) {
-    classOrStruct.getDeclaration().getDeclaration().(Class).getAMember() =
-      member.getDeclaration().getDeclaration() and
-    child = 0 and
-    classOrStruct.getLocation().getFile() = member.getLocation().getFile() // TODO: Disambiguate
-    // and not member.getDeclaration().getDeclaration() instanceof FriendDecl
-  }
-
-  // Templates
-  predicate templateParameter(Node node, int i, Node parameter) { none() }
-
-  predicate typeParameter(Node templateParameter, Node type, Node parameter) { none() }
-
-  predicate typeParameterDefault(Node templateParameter, Node defaultTypeOrValue) { none() }
-
-  // Declarations
-  predicate variableDeclaration(Node decl) {
-    decl.getDeclaration() instanceof VariableDeclarationEntry
-  }
-
-  pragma[nomagic]
-  private predicate variableDeclarationType2(Node decl, Node type) {
-    decl.getDeclaration() = type.getVariableDeclaration()
-  }
-
-  predicate variableDeclarationType(Node decl, Node type) {
-    variableDeclarationType2(decl, type) and
-    type.getType() = decl.getDeclaration().getType()
-  }
-
-  predicate variableDeclarationEntry(Node decl, int index, Node entry) { none() }
-
-  predicate variableDeclarationEntryInitializer(Node entry, Node initializer) { none() }
-
-  predicate variableName(Node decl, string name) {
-    decl.getDeclaration().(VariableDeclarationEntry).getName() = name
-  }
-
-  predicate ptrEntry(Node entry, Node element) { none() }
-
-  predicate refEntry(Node entry, Node element) { none() }
-
-  predicate rvalueRefEntry(Node entry, Node element) { none() }
-
-  predicate arrayEntry(Node entry, Node element) { none() }
-
-  // Expressions
-  predicate expression(Node node) { exists(node.getExpr()) or exists(node.getFunctionCallName()) }
-
-  predicate prefixExpr(Node expr, string operator, Node operand) { none() }
-
-  predicate postfixExpr(Node expr, Node operand, string operator) { none() }
-
-  predicate binaryExpr(Node expr, Node lhs, string operator, Node rhs) { none() }
-
-  predicate castExpr(Node expr, Node type, Node operand) { none() }
-
-  predicate callExpr(Node call) { call.getExpr() instanceof Call }
-
-  predicate callArgument(Node call, int i, Node arg) {
-    arg.getExpr() = call.getExpr().(Call).getArgument(i)
-  }
-
-  predicate callReceiver(Node call, Node receiver) {
-    receiver.getFunctionCallName() = call.getExpr()
-  }
-
-  predicate accessExpr(Node expr, string name) {
-    expr.getExpr().(VariableAccess).getTarget().getName() = name or
-    expr.getFunctionCallName().getTarget().getName() = name
-  }
-
-  predicate literal(Node expr, string value) { expr.getExpr().(Literal).toString() = value }
-
-  predicate stringLiteral(Node expr, string value) {
-    expr.getExpr().(StringLiteral).getValue() = value
-  }
-
-  predicate type(Node node) { node = TDeclarationType(_, _) }
-
-  predicate constType(Node node, Node element) {
-    exists(SpecifiedType type, SourceDeclEntry e |
-      node = TDeclarationType(e, type) and
-      element = TDeclarationType(e, type.getBaseType()) and
-      type.isConst()
-    )
-  }
-
-  predicate namespace(Node ns) { exists(ns.getNamespaceDeclaration()) }
-
-  predicate namespaceName(Node ns, string name) {
-    ns.getNamespaceDeclaration().getNamespace().getName() = name
-  }
-
-  pragma[nomagic]
-  private predicate namespaceNamespace(Node ns, Node child) {
-    ns.getNamespaceDeclaration().getNamespace().getAChildNamespace() =
-      child.getNamespaceDeclaration().getNamespace() and
-    ns.getLocation().getFile() = child.getLocation().getFile()
-  }
-
-  pragma[nomagic]
-  private predicate namespaceDecl(Node ns, Node child) {
-    child.getDeclaration().getDeclaration() =
-      ns.getNamespaceDeclaration().getNamespace().getADeclaration() and
-    ns.getLocation().getFile() = child.getLocation().getFile() and
-    ns.getLocation().getStartLine() <= child.getLocation().getStartLine()
-  }
-
-  predicate namespaceMember(Node ns, Node member) {
-    namespaceNamespace(ns, member) or
-    namespaceDecl(ns, member)
-  }
-
-  predicate edge(Node parent, int index, Node child) {
-    namespaceMember(parent, child) and index = 0
-    or
-    classMember(parent, index, child)
-    or
-    blockMember(parent, index, child)
-  }
-
-  predicate typeDefinition(Node node) {
-    node.getDeclaration().(TypeDeclarationEntry).isDefinition()
-  }
-
-  predicate functionDefinition(Node fn) {
-    fn.getDeclaration().(FunctionDeclarationEntry).isDefinition()
-  }
-}

cpp/ql/lib/experimental/buildless/Model.qll

@@ -1,282 +0,0 @@
-import AST
-
-module BuildlessModel<BuildlessASTSig Sig> {
-  module AST = BuildlessAST<Sig>;
-
-  private string getQualifiedName(AST::SourceNamespace ns) {
-    not exists(AST::SourceNamespace p | ns = p.getAChild()) and result = ns.getName()
-    or
-    exists(AST::SourceNamespace p | ns = p.getAChild() and ns != p |
-      result = getQualifiedName(p) + "::" + ns.getName()
-    )
-  }
-
-  private newtype TElement =
-    TNamespace(string fqn) { fqn = getQualifiedName(_) } or
-    TASTNode(AST::SourceElement node) { any() }
-
-    /*
-      Any compile-time concept that can be named.
-    */
-  class Entity extends string
-  {
-    bindingset[this] Entity() { any() }
-  }
-
-  /*
-    An entity that contains named members.
-  */
-  class Scope extends Entity
-  {
-    bindingset[this] Scope() { any() }
-
-    Member getAMember() { result = this.getAMember(_) }
-
-    abstract Member getAMember(string name);
-  }
-
-  /*
-    An entity that is a member of a scope.
-  */
-  class Member extends Entity
-  {
-    bindingset[this] Member() { any() }
-
-    abstract string getName();
-    abstract Scope getParent();
-  }
-
-  class Namespace2 extends Member, Scope
-  {
-    AST::SourceNamespace ns;
-
-    Namespace2() { this = "::" + getQualifiedName(ns) }
-
-    AST::SourceNamespace getAstNode() { result = ns }
-
-    override Namespace2 getParent() { result.getAstNode() = ns.getParent() }
-
-    override string getName() { result = ns.getName() }
-
-    override Member getAMember(string name) {
-      result = this.getMemberNamespace(name)
-      // !! Types
-    }
-
-    Namespace2 getMemberNamespace(string name) {
-      result.getParent() = this and result.getName() = name
-    }
-
-  }
-
-  class Type extends Member, Scope {
-    Type() { exists(SourceTypeDeclaration t | t.getMangledName() = this) }
-
-    AST::SourceType getAstNode() { result = this.getADeclaration().getSourceNode() }
-
-    // string toString() { result = "i am a type" }
-    override string getName() { result = this.getADeclaration().getName() }
-
-    Location getLocation() { result = this.getADefinition().getLocation() }
-
-    SourceTypeDeclaration getADeclaration() { result.getMangledName() = this }
-
-    SourceTypeDefinition getADefinition() { result.getMangledName() = this }
-
-    override Member getAMember(string name)
-    {
-      result = getMemberType(name)
-    }
-
-    Type getMemberType(string name)
-    {
-      none()
-    }
-
-    Namespace2 getParentNamespace() {
-      result.getAstNode() = this.getADeclaration().getParentNamespace()
-    }
-
-    Type getParentType() { result.getADeclaration() = this.getADeclaration().getParentType() }
-
-    override Scope getParent() { result = this.getParentNamespace() or result = this.getParentType() }
-
-    string getFullyQualifiedName() { result = this.getADeclaration().getFullyQualifiedName() }
-
-    Field getAField() { result.getParentType() = this }
-  }
-
-  private Type lookupNameInType(Type type, string name)
-  {
-    // Is the name a member of this type?
-
-    // Is the name in the same scope as the type?
-
-    // Is the name in global scope?
-
-    // TODO!
-    none()
-  }
-
-  class Field extends string {
-    Type containingType;
-    SourceTypeDefinition containingTypeDef;
-    AST::SourceVariableDeclaration fieldDef;
-
-    Field() {
-      containingType.getADefinition() = containingTypeDef and
-      fieldDef = containingTypeDef.getAField() and
-      this = containingTypeDef.getMangledName() + "::" + fieldDef.getName()
-    }
-
-    Location getLocation() { result = fieldDef.getLocation() }
-
-    Type getParentType() { result = containingType }
-
-    string getName() { result = fieldDef.getName() }
-
-    // TODO: The type of the field
-
-  }
-
-  class Element extends TElement {
-    string toString() { result = "element" }
-  }
-
-  class Namespace extends Element, TNamespace {
-    string getFullyQualifiedName() { this = TNamespace(result) }
-
-    override string toString() { result = "namespace " + this.getFullyQualifiedName() }
-
-    NamespaceDeclaration getADeclaration() { result.getNamespace() = this }
-  }
-
-  class SourceElement extends Element, TASTNode {
-    AST::SourceElement node;
-
-    SourceElement() { this = TASTNode(node) }
-
-    Location getLocation() { result = node.getLocation() }
-
-    AST::SourceElement getSourceNode() { result = node }
-  }
-
-  class SourceDeclaration extends SourceElement, TASTNode {
-    abstract SourceDeclaration getParent();
-
-    abstract string getName();
-
-    abstract string getMangledName();
-
-    abstract predicate isDefinition();
-  }
-
-  abstract class SourceDefinition extends SourceDeclaration { }
-
-  class NamespaceDeclaration extends SourceDeclaration {
-    AST::SourceNamespace ns;
-
-    NamespaceDeclaration() { ns = node }
-
-    override string getName() { result = ns.getName() }
-
-    Namespace getNamespace() { result.getFullyQualifiedName() = this.getFullyQualifiedName() }
-
-    override string toString() { result = "namespace " + this.getName() + " { ... }" }
-
-    override NamespaceDeclaration getParent() { result.getSourceNode() = node.getParent() }
-
-    string getFullyQualifiedName() {
-      if exists(this.getParent())
-      then result = this.getParent().getFullyQualifiedName() + "::" + this.getName()
-      else result = this.getName()
-    }
-
-    override string getMangledName() { result = "::" + this.getFullyQualifiedName() }
-
-    override predicate isDefinition() { any() }
-  }
-
-  class SourceTypeDeclaration extends SourceDeclaration {
-    AST::SourceTypeDefinition def;
-
-    SourceTypeDeclaration() { def = node }
-
-    override Location getLocation() { result = def.getLocation() }
-
-    override string toString() { result = "typename " + def.getName() }
-
-    string getFullyQualifiedName() {
-      if exists(this.getParentNamespace())
-      then result = this.getParentNamespace().getFullyQualifiedName() + "::" + this.getName()
-      else
-        if exists(this.getParentType())
-        then result = this.getParentType() + "::" + this.getName()
-        else result = this.getName()
-    }
-
-    NamespaceDeclaration getParentNamespace() { result.getSourceNode() = def.getParent() }
-
-    SourceTypeDeclaration getParentType() { result.getSourceNode() = def.getParent() }
-
-    override SourceDeclaration getParent() {
-      result = this.getParentNamespace() or result = this.getParentType()
-    }
-
-    override string getName() { result = def.getName() }
-
-    // Mangled name
-    override string getMangledName() {
-      if exists(this.getParent())
-      then result = this.getParent().getMangledName() + "::" + this.getName()
-      else result = "::" + this.getName()
-    }
-
-    override predicate isDefinition() { def.isDefinition() }
-
-    AST::SourceVariableDeclaration getAField() {
-      result = def.getAMember()
-    }
-  }
-
-  class SourceTypeDefinition extends SourceTypeDeclaration, SourceDefinition {
-    SourceTypeDefinition() { this.isDefinition() }
-  }
-
-  class SourceFunctionDeclaration extends SourceDeclaration {
-    AST::SourceFunction fn;
-
-    SourceFunctionDeclaration() { fn = node }
-
-    SourceTypeDeclaration getParentType() { result.getSourceNode() = fn.getParent() }
-
-    NamespaceDeclaration getParentNamespace() { result.getSourceNode() = fn.getParent() }
-
-    override SourceDeclaration getParent() {
-      result = this.getParentType() or result = this.getParentNamespace()
-    }
-
-    override string toString() { result = fn.getName() + "()" }
-
-    override Location getLocation() { result = fn.getLocation() }
-
-    override string getName() { result = fn.getName() }
-
-    override string getMangledName() {
-      if exists(this.getParent())
-      then result = this.getParent().getMangledName() + "::" + this.getName() + "()"
-      else result = "::" + this.getName() + "()"
-    }
-
-    override predicate isDefinition() { fn.isDefinition() }
-  }
-
-  class SourceFunctionDefinition extends SourceFunctionDeclaration, SourceDefinition {
-    SourceFunctionDefinition() { this.isDefinition() }
-  }
-
-  predicate invalidParent(SourceDeclaration decl) { decl.getParent+() = decl }
-}
-
-// For debugging in context
-module TestModel = BuildlessModel<CompiledAST>;