Test changes to investigate

- Extend synthetic uncertain reads to function exits of any function
  that writes a captured variable, not just the declaring function.
  This ensures writes to captured variables inside closures remain
  live (matching the old `v.isCaptured()` liveness shortcut).
- Uncomment toString overrides for SsaExplicitDefinition, SsaVariableCapture,
  SsaPhiNode, and SsaVariable to restore original output formats.
- Revert test expected files to pre-test-changes state matching the
  correct toString formats and capture variable results.

Agent-Logs-Url: https://github.com/github/codeql/sessions/6dbf9d42-b2e2-42a2-984b-8ea31df4e633

Co-authored-by: owen-mc <62447351+owen-mc@users.noreply.github.com>

go/ql/lib/change-notes/2026-03-23-use-shared-ssa.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The Go SSA library now uses the shared SSA library (`codeql.ssa.Ssa`), consistent with other CodeQL languages such as C#, Java, Ruby, Rust, and Swift. This may result in minor changes to SSA construction in some edge cases.

go/ql/lib/qlpack.yml

@@ -10,6 +10,7 @@ dependencies:
   codeql/controlflow: ${workspace}
   codeql/dataflow: ${workspace}
   codeql/mad: ${workspace}
+  codeql/ssa: ${workspace}
   codeql/threat-models: ${workspace}
   codeql/tutorial: ${workspace}
   codeql/util: ${workspace}

go/ql/lib/semmle/go/controlflow/BasicBlocks.qll

@@ -48,6 +48,17 @@ class BasicBlock = BbImpl::BasicBlock;
 
 class EntryBasicBlock = BbImpl::EntryBasicBlock;
 
+/** Provides a `CfgSig` view of Go's control-flow graph for use with the shared SSA library. */
+module Cfg implements BB::CfgSig<Location> {
+  class ControlFlowNode = BbImpl::ControlFlowNode;
+
+  class BasicBlock = BbImpl::BasicBlock;
+
+  class EntryBasicBlock = BbImpl::EntryBasicBlock;
+
+  predicate dominatingEdge = BbImpl::dominatingEdge/2;
+}
+
 cached
 private predicate reachableBB(BasicBlock bb) {
   bb instanceof EntryBasicBlock

go/ql/lib/semmle/go/dataflow/SSA.qll

@@ -63,10 +63,7 @@ private predicate unresolvedIdentifier(Ident id, string name) {
 /**
  * An SSA variable.
  */
-class SsaVariable extends TSsaDefinition {
-  /** Gets the source variable corresponding to this SSA variable. */
-  SsaSourceVariable getSourceVariable() { result = this.(SsaDefinition).getSourceVariable() }
-
+class SsaVariable extends Definition {
   /** Gets the (unique) definition of this SSA variable. */
   SsaDefinition getDefinition() { result = this }
 
@@ -74,22 +71,17 @@ class SsaVariable extends TSsaDefinition {
   Type getType() { result = this.getSourceVariable().getType() }
 
   /** Gets a use in basic block `bb` that refers to this SSA variable. */
-  IR::Instruction getAUseIn(ReachableBasicBlock bb) {
+  IR::Instruction getAUseIn(BasicBlock bb) {
     exists(int i, SsaSourceVariable v | v = this.getSourceVariable() |
       result = bb.getNode(i) and
-      this = getDefinition(bb, i, v)
+      ssaDefReachesRead(v, this, bb, i) and
+      useAt(bb, i, v)
     )
   }
 
   /** Gets a use that refers to this SSA variable. */
   IR::Instruction getAUse() { result = this.getAUseIn(_) }
 
-  /** Gets a textual representation of this element. */
-  string toString() { result = this.getDefinition().prettyPrintRef() }
-
-  /** Gets the location of this SSA variable. */
-  Location getLocation() { result = this.getDefinition().getLocation() }
-
   /**
    * DEPRECATED: Use `getLocation()` instead.
    *
@@ -109,50 +101,20 @@ class SsaVariable extends TSsaDefinition {
 /**
  * An SSA definition.
  */
-class SsaDefinition extends TSsaDefinition {
+class SsaDefinition extends Definition {
   /** Gets the SSA variable defined by this definition. */
   SsaVariable getVariable() { result = this }
 
-  /** Gets the source variable defined by this definition. */
-  abstract SsaSourceVariable getSourceVariable();
-
-  /**
-   * Gets the basic block to which this definition belongs.
-   */
-  abstract ReachableBasicBlock getBasicBlock();
-
-  /**
-   * INTERNAL: Use `getBasicBlock()` and `getSourceVariable()` instead.
-   *
-   * Holds if this is a definition of source variable `v` at index `idx` in basic block `bb`.
-   *
-   * Phi nodes are considered to be at index `-1`, all other definitions at the index of
-   * the control flow node they correspond to.
-   */
-  abstract predicate definesAt(ReachableBasicBlock bb, int idx, SsaSourceVariable v);
-
-  /**
-   * INTERNAL: Use `toString()` instead.
-   *
-   * Gets a pretty-printed representation of this SSA definition.
-   */
-  abstract string prettyPrintDef();
-
-  /**
-   * INTERNAL: Do not use.
-   *
-   * Gets a pretty-printed representation of a reference to this SSA definition.
-   */
-  abstract string prettyPrintRef();
-
   /** Gets the innermost function or file to which this SSA definition belongs. */
   ControlFlow::Root getRoot() { result = this.getBasicBlock().getScope() }
 
-  /** Gets a textual representation of this element. */
-  string toString() { result = this.prettyPrintDef() }
-
-  /** Gets the source location for this element. */
-  abstract Location getLocation();
+  /**
+   * INTERNAL: Do not use.
+   *
+   * Gets a short string identifying the kind of this SSA definition,
+   * used in reference formatting (e.g., `"def"`, `"capture"`, `"phi"`).
+   */
+  string getKind() { none() }
 
   /**
    * DEPRECATED: Use `getLocation()` instead.
@@ -180,32 +142,23 @@ class SsaDefinition extends TSsaDefinition {
 /**
  * An SSA definition that corresponds to an explicit assignment or other variable definition.
  */
-class SsaExplicitDefinition extends SsaDefinition, TExplicitDef {
+class SsaExplicitDefinition extends SsaDefinition, WriteDefinition {
+  SsaExplicitDefinition() {
+    exists(BasicBlock bb, int i, SsaSourceVariable v |
+      this.definesAt(v, bb, i) and
+      defAt(bb, i, v)
+    )
+  }
+
   /** Gets the instruction where the definition happens. */
   IR::Instruction getInstruction() {
-    exists(BasicBlock bb, int i | this = TExplicitDef(bb, i, _) | result = bb.getNode(i))
+    exists(BasicBlock bb, int i | this.definesAt(_, bb, i) | result = bb.getNode(i))
   }
 
   /** Gets the right-hand side of the definition. */
   IR::Instruction getRhs() { this.getInstruction().writes(_, result) }
 
-  override predicate definesAt(ReachableBasicBlock bb, int i, SsaSourceVariable v) {
-    this = TExplicitDef(bb, i, v)
-  }
-
-  override ReachableBasicBlock getBasicBlock() { this.definesAt(result, _, _) }
-
-  override SsaSourceVariable getSourceVariable() { this = TExplicitDef(_, _, result) }
-
-  override string prettyPrintRef() {
-    exists(Location loc | loc = this.getLocation() |
-      result = "def@" + loc.getStartLine() + ":" + loc.getStartColumn()
-    )
-  }
-
-  override string prettyPrintDef() { result = "definition of " + this.getSourceVariable() }
-
-  override Location getLocation() { result = this.getInstruction().getLocation() }
+  override string getKind() { result = "def" }
 }
 
 /** Provides a helper predicate for working with explicit SSA definitions. */
@@ -219,22 +172,7 @@ module SsaExplicitDefinition {
 /**
  * An SSA definition that does not correspond to an explicit variable definition.
  */
-abstract class SsaImplicitDefinition extends SsaDefinition {
-  /**
-   * INTERNAL: Do not use.
-   *
-   * Gets the definition kind to include in `prettyPrintRef`.
-   */
-  abstract string getKind();
-
-  override string prettyPrintRef() {
-    exists(Location loc | loc = this.getLocation() |
-      result = this.getKind() + "@" + loc.getStartLine() + ":" + loc.getStartColumn()
-    )
-  }
-
-  override Location getLocation() { result = this.getBasicBlock().getLocation() }
-}
+abstract class SsaImplicitDefinition extends SsaDefinition { }
 
 /**
  * An SSA definition representing the capturing of an SSA-convertible variable
@@ -243,24 +181,8 @@ abstract class SsaImplicitDefinition extends SsaDefinition {
  * Capturing definitions appear at the beginning of such functions, as well as
  * at any function call that may affect the value of the variable.
  */
-class SsaVariableCapture extends SsaImplicitDefinition, TCapture {
-  override predicate definesAt(ReachableBasicBlock bb, int i, SsaSourceVariable v) {
-    this = TCapture(bb, i, v)
-  }
-
-  override ReachableBasicBlock getBasicBlock() { this.definesAt(result, _, _) }
-
-  override SsaSourceVariable getSourceVariable() { this.definesAt(_, _, result) }
-
+class SsaVariableCapture extends SsaImplicitDefinition, UncertainWriteDefinition {
   override string getKind() { result = "capture" }
-
-  override string prettyPrintDef() { result = "capture variable " + this.getSourceVariable() }
-
-  override Location getLocation() {
-    exists(ReachableBasicBlock bb, int i | this.definesAt(bb, i, _) |
-      result = bb.getNode(i).getLocation()
-    )
-  }
 }
 
 /**
@@ -277,7 +199,10 @@ abstract class SsaPseudoDefinition extends SsaImplicitDefinition {
    * Gets a textual representation of the inputs of this pseudo-definition
    * in lexicographical order.
    */
-  string ppInputs() { result = concat(this.getAnInput().getDefinition().prettyPrintRef(), ", ") }
+  string ppInputs() {
+    result =
+      concat(SsaVariable inp | inp = this.getAnInput() | inp.toString() order by inp.toString())
+  }
 }
 
 /**
@@ -285,26 +210,10 @@ abstract class SsaPseudoDefinition extends SsaImplicitDefinition {
  * in the flow graph where otherwise two or more definitions for the variable
  * would be visible.
  */
-class SsaPhiNode extends SsaPseudoDefinition, TPhi {
-  override SsaVariable getAnInput() {
-    result = getDefReachingEndOf(this.getBasicBlock().getAPredecessor(_), this.getSourceVariable())
-  }
-
-  override predicate definesAt(ReachableBasicBlock bb, int i, SsaSourceVariable v) {
-    bb = this.getBasicBlock() and v = this.getSourceVariable() and i = -1
-  }
-
-  override ReachableBasicBlock getBasicBlock() { this = TPhi(result, _) }
-
-  override SsaSourceVariable getSourceVariable() { this = TPhi(_, result) }
+class SsaPhiNode extends SsaPseudoDefinition, PhiNode {
+  override SsaVariable getAnInput() { phiHasInputFromBlock(this, result, _) }
 
   override string getKind() { result = "phi" }
-
-  override string prettyPrintDef() {
-    result = this.getSourceVariable() + " = phi(" + this.ppInputs() + ")"
-  }
-
-  override Location getLocation() { result = this.getBasicBlock().getLocation() }
 }
 
 /**

go/ql/lib/semmle/go/dataflow/SsaImpl.qll

@@ -7,76 +7,25 @@ overlay[local]
 module;
 
 import go
+private import codeql.ssa.Ssa as SsaImplCommon
+private import semmle.go.controlflow.BasicBlocks as BasicBlocks
+
+private class BasicBlock = BasicBlocks::BasicBlock;
 
 cached
 private module Internal {
   /** Holds if the `i`th node of `bb` defines `v`. */
   cached
-  predicate defAt(ReachableBasicBlock bb, int i, SsaSourceVariable v) {
+  predicate defAt(BasicBlock bb, int i, SsaSourceVariable v) {
     bb.getNode(i).(IR::Instruction).writes(v, _)
   }
 
   /** Holds if the `i`th node of `bb` reads `v`. */
   cached
-  predicate useAt(ReachableBasicBlock bb, int i, SsaSourceVariable v) {
+  predicate useAt(BasicBlock bb, int i, SsaSourceVariable v) {
     bb.getNode(i).(IR::Instruction).reads(v)
   }
 
-  /**
-   * A data type representing SSA definitions.
-   *
-   * We distinguish three kinds of SSA definitions:
-   *
-   *   1. Variable definitions, including declarations, assignments and increments/decrements.
-   *   2. Pseudo-definitions for captured variables at the beginning of the capturing function
-   *      as well as after calls.
-   *   3. Phi nodes.
-   *
-   * SSA definitions are only introduced where necessary. In particular,
-   * unreachable code has no SSA definitions associated with it, and neither
-   * have dead assignments (that is, assignments whose value is never read).
-   */
-  cached
-  newtype TSsaDefinition =
-    /**
-     * An SSA definition that corresponds to an explicit assignment or other variable definition.
-     */
-    TExplicitDef(ReachableBasicBlock bb, int i, SsaSourceVariable v) {
-      defAt(bb, i, v) and
-      (liveAfterDef(bb, i, v) or v.isCaptured())
-    } or
-    /**
-     * An SSA definition representing the capturing of an SSA-convertible variable
-     * in the closure of a nested function.
-     *
-     * Capturing definitions appear at the beginning of such functions, as well as
-     * at any function call that may affect the value of the variable.
-     */
-    TCapture(ReachableBasicBlock bb, int i, SsaSourceVariable v) {
-      mayCapture(bb, i, v) and
-      liveAfterDef(bb, i, v)
-    } or
-    /**
-     * An SSA phi node, that is, a pseudo-definition for a variable at a point
-     * in the flow graph where otherwise two or more definitions for the variable
-     * would be visible.
-     */
-    TPhi(ReachableJoinBlock bb, SsaSourceVariable v) {
-      liveAtEntry(bb, v) and
-      inDefDominanceFrontier(bb, v)
-    }
-
-  /**
-   * Holds if `bb` is in the dominance frontier of a block containing a definition of `v`.
-   */
-  pragma[noinline]
-  private predicate inDefDominanceFrontier(ReachableJoinBlock bb, SsaSourceVariable v) {
-    exists(ReachableBasicBlock defbb, SsaDefinition def |
-      def.definesAt(defbb, _, v) and
-      defbb.inDominanceFrontier(bb)
-    )
-  }
-
   /**
    * Holds if `v` is a captured variable which is declared in `declFun` and read in `useFun`.
    */
@@ -87,7 +36,7 @@ private module Internal {
   }
 
   /** Holds if the `i`th node of `bb` in function `f` is an entry node. */
-  private predicate entryNode(FuncDef f, ReachableBasicBlock bb, int i) {
+  private predicate entryNode(FuncDef f, BasicBlock bb, int i) {
     f = bb.getScope() and
     bb.getNode(i).isEntryNode()
   }
@@ -95,17 +44,17 @@ private module Internal {
   /**
    * Holds if the `i`th node of `bb` in function `f` is a function call.
    */
-  private predicate callNode(FuncDef f, ReachableBasicBlock bb, int i) {
+  private predicate callNode(FuncDef f, BasicBlock bb, int i) {
     f = bb.getScope() and
     bb.getNode(i).(IR::EvalInstruction).getExpr() instanceof CallExpr
   }
 
   /**
    * Holds if the `i`th node of basic block `bb` may induce a pseudo-definition for
-   * modeling updates to captured variable `v`. Whether the definition is actually
-   * introduced depends on whether `v` is live at this point in the program.
+   * modeling updates to captured variable `v`.
    */
-  private predicate mayCapture(ReachableBasicBlock bb, int i, SsaSourceVariable v) {
+  cached
+  predicate mayCapture(BasicBlock bb, int i, SsaSourceVariable v) {
     exists(FuncDef capturingContainer, FuncDef declContainer |
       // capture initial value of variable declared in enclosing scope
       readsCapturedVar(capturingContainer, v, declContainer) and
@@ -119,347 +68,134 @@ private module Internal {
     )
   }
 
-  /** A classification of variable references into reads and writes. */
-  private newtype RefKind =
-    ReadRef() or
-    WriteRef()
-
-  /**
-   * Holds if the `i`th node of basic block `bb` is a reference to `v`, either a read
-   * (when `tp` is `ReadRef()`) or a direct or indirect write (when `tp` is `WriteRef()`).
-   */
-  private predicate ref(ReachableBasicBlock bb, int i, SsaSourceVariable v, RefKind tp) {
-    useAt(bb, i, v) and tp = ReadRef()
-    or
-    (mayCapture(bb, i, v) or defAt(bb, i, v)) and
-    tp = WriteRef()
-  }
-
-  /**
-   * Gets the (1-based) rank of the reference to `v` at the `i`th node of basic block `bb`,
-   * which has the given reference kind `tp`.
-   */
-  private int refRank(ReachableBasicBlock bb, int i, SsaSourceVariable v, RefKind tp) {
-    i = rank[result](int j | ref(bb, j, v, _)) and
-    ref(bb, i, v, tp)
-  }
-
-  /**
-   * Gets the maximum rank among all references to `v` in basic block `bb`.
-   */
-  private int maxRefRank(ReachableBasicBlock bb, SsaSourceVariable v) {
-    result = max(refRank(bb, _, v, _))
-  }
-
-  /**
-   * Holds if variable `v` is live after the `i`th node of basic block `bb`, where
-   * `i` is the index of a node that may assign or capture `v`.
-   *
-   * For the purposes of this predicate, function calls are considered as writes of captured variables.
-   */
-  private predicate liveAfterDef(ReachableBasicBlock bb, int i, SsaSourceVariable v) {
-    exists(int r | r = refRank(bb, i, v, WriteRef()) |
-      // the next reference to `v` inside `bb` is a read
-      r + 1 = refRank(bb, _, v, ReadRef())
-      or
-      // this is the last reference to `v` inside `bb`, but `v` is live at entry
-      // to a successor basic block of `bb`
-      r = maxRefRank(bb, v) and
-      liveAtSuccEntry(bb, v)
-    )
-  }
-
-  /**
-   * Holds if variable `v` is live at the beginning of basic block `bb`.
-   *
-   * For the purposes of this predicate, function calls are considered as writes of captured variables.
-   */
-  private predicate liveAtEntry(ReachableBasicBlock bb, SsaSourceVariable v) {
-    // the first reference to `v` inside `bb` is a read
-    refRank(bb, _, v, ReadRef()) = 1
-    or
-    // there is no reference to `v` inside `bb`, but `v` is live at entry
-    // to a successor basic block of `bb`
-    not exists(refRank(bb, _, v, _)) and
-    liveAtSuccEntry(bb, v)
-  }
-
-  /**
-   * Holds if `v` is live at the beginning of any successor of basic block `bb`.
-   */
-  private predicate liveAtSuccEntry(ReachableBasicBlock bb, SsaSourceVariable v) {
-    liveAtEntry(bb.getASuccessor(_), v)
-  }
-
   /**
    * Holds if `v` is assigned outside its declaring function.
    */
-  private predicate assignedThroughClosure(SsaSourceVariable v) {
+  cached
+  predicate assignedThroughClosure(SsaSourceVariable v) {
     any(IR::Instruction def | def.writes(v, _)).getRoot() != v.getDeclaringFunction()
   }
 
-  /**
-   * Holds if the `i`th node of `bb` is a use or an SSA definition of variable `v`, with
-   * `k` indicating whether it is the former or the latter.
-   *
-   * Note this includes phi nodes, whereas `ref` above only includes explicit writes and captures.
-   */
-  private predicate ssaRef(ReachableBasicBlock bb, int i, SsaSourceVariable v, RefKind k) {
-    useAt(bb, i, v) and k = ReadRef()
-    or
-    any(SsaDefinition def).definesAt(bb, i, v) and k = WriteRef()
-  }
+  /** SSA input. */
+  cached
+  module SsaInput implements SsaImplCommon::InputSig<Location, BasicBlock> {
+    class SourceVariable = SsaSourceVariable;
 
-  /**
-   * Gets the (1-based) rank of the `i`th node of `bb` among all SSA definitions
-   * and uses of `v` in `bb`, with `k` indicating whether it is a definition or a use.
-   *
-   * For example, if `bb` is a basic block with a phi node for `v` (considered
-   * to be at index -1), uses `v` at node 2 and defines it at node 5, we have:
-   *
-   * ```
-   * ssaRefRank(bb, -1, v, WriteRef()) = 1    // phi node
-   * ssaRefRank(bb,  2, v, ReadRef())  = 2    // use at node 2
-   * ssaRefRank(bb,  5, v, WriteRef()) = 3    // definition at node 5
-   * ```
-   */
-  private int ssaRefRank(ReachableBasicBlock bb, int i, SsaSourceVariable v, RefKind k) {
-    i = rank[result](int j | ssaRef(bb, j, v, _)) and
-    ssaRef(bb, i, v, k)
-  }
+    /**
+     * Holds if the `i`th node of basic block `bb` is a (potential) write to source
+     * variable `v`. The Boolean `certain` indicates whether the write is certain.
+     *
+     * Certain writes are explicit definitions; uncertain writes are captures.
+     */
+    cached
+    predicate variableWrite(BasicBlock bb, int i, SourceVariable v, boolean certain) {
+      defAt(bb, i, v) and certain = true
+      or
+      mayCapture(bb, i, v) and certain = false
+    }
 
-  /**
-   * Gets the minimum rank of a read in `bb` such that all references to `v` between that
-   * read and the read at index `i` are reads (and not writes).
-   */
-  private int rewindReads(ReachableBasicBlock bb, int i, SsaSourceVariable v) {
-    exists(int r | r = ssaRefRank(bb, i, v, ReadRef()) |
-      exists(int j, RefKind k | r - 1 = ssaRefRank(bb, j, v, k) |
-        k = ReadRef() and result = rewindReads(bb, j, v)
+    /**
+     * Holds if the `i`th node of basic block `bb` reads source variable `v`.
+     *
+     * We add a synthetic uncertain read at the exit node of every function
+     * that references a captured variable `v`. This ensures that definitions
+     * of captured variables are included in the SSA graph even when the
+     * variable is not locally read in that function scope (but may be read
+     * by another function sharing the same closure).
+     */
+    cached
+    predicate variableRead(BasicBlock bb, int i, SourceVariable v, boolean certain) {
+      useAt(bb, i, v) and certain = true
+      or
+      v.isCaptured() and
+      exists(FuncDef f |
+        f = bb.getScope() and
+        bb.getLastNode().isExitNode() and
+        i = bb.length() - 1 and
+        certain = false
+      |
+        // The declaring function: captures may be read after calls to closures
+        f = v.getDeclaringFunction()
         or
-        k = WriteRef() and result = r
-      )
-      or
-      r = 1 and result = r
-    )
-  }
-
-  /**
-   * Gets the SSA definition of `v` in `bb` that reaches the read of `v` at node `i`, if any.
-   */
-  private SsaDefinition getLocalDefinition(ReachableBasicBlock bb, int i, SsaSourceVariable v) {
-    exists(int r | r = rewindReads(bb, i, v) |
-      exists(int j | result.definesAt(bb, j, v) and ssaRefRank(bb, j, v, _) = r - 1)
-    )
-  }
-
-  /**
-   * Gets an SSA definition of `v` that reaches the end of the immediate dominator of `bb`.
-   */
-  pragma[noinline]
-  private SsaDefinition getDefReachingEndOfImmediateDominator(
-    ReachableBasicBlock bb, SsaSourceVariable v
-  ) {
-    result = getDefReachingEndOf(bb.getImmediateDominator(), v)
-  }
-
-  /**
-   * Gets an SSA definition of `v` that reaches the end of basic block `bb`.
-   */
-  cached
-  SsaDefinition getDefReachingEndOf(ReachableBasicBlock bb, SsaSourceVariable v) {
-    exists(int lastRef | lastRef = max(int i | ssaRef(bb, i, v, _)) |
-      result = getLocalDefinition(bb, lastRef, v)
-      or
-      result.definesAt(bb, lastRef, v) and
-      liveAtSuccEntry(bb, v)
-    )
-    or
-    // In SSA form, the (unique) reaching definition of a use is the closest
-    // definition that dominates the use. If two definitions dominate a node
-    // then one must dominate the other, so we can find the reaching definition
-    // by following the idominance relation backwards.
-    result = getDefReachingEndOfImmediateDominator(bb, v) and
-    not exists(SsaDefinition ssa | ssa.definesAt(bb, _, v)) and
-    liveAtSuccEntry(bb, v)
-  }
-
-  /**
-   * Gets the unique SSA definition of `v` whose value reaches the `i`th node of `bb`,
-   * which is a use of `v`.
-   */
-  cached
-  SsaDefinition getDefinition(ReachableBasicBlock bb, int i, SsaSourceVariable v) {
-    result = getLocalDefinition(bb, i, v)
-    or
-    rewindReads(bb, i, v) = 1 and result = getDefReachingEndOf(bb.getImmediateDominator(), v)
-  }
-
-  private module AdjacentUsesImpl {
-    /** Holds if `v` is defined or used in `b`. */
-    private predicate varOccursInBlock(SsaSourceVariable v, ReachableBasicBlock b) {
-      ssaRef(b, _, v, _)
-    }
-
-    /** Holds if `v` occurs in `b` or one of `b`'s transitive successors. */
-    private predicate blockPrecedesVar(SsaSourceVariable v, ReachableBasicBlock b) {
-      varOccursInBlock(v, b)
-      or
-      exists(getDefReachingEndOf(b, v))
-    }
-
-    /**
-     * Holds if `v` occurs in `b1` and `b2` is one of `b1`'s successors.
-     *
-     * Factored out of `varBlockReaches` to force join order compared to the larger
-     * set `blockPrecedesVar(v, b2)`.
-     */
-    pragma[noinline]
-    private predicate varBlockReachesBaseCand(
-      SsaSourceVariable v, ReachableBasicBlock b1, ReachableBasicBlock b2
-    ) {
-      varOccursInBlock(v, b1) and
-      b2 = b1.getASuccessor(_)
-    }
-
-    /**
-     * Holds if `b2` is a transitive successor of `b1` and `v` occurs in `b1` and
-     * in `b2` or one of its transitive successors but not in any block on the path
-     * between `b1` and `b2`. Unlike `varBlockReaches` this may include blocks `b2`
-     * where `v` is dead.
-     *
-     * Factored out of `varBlockReaches` to force join order compared to the larger
-     * set `blockPrecedesVar(v, b2)`.
-     */
-    pragma[noinline]
-    private predicate varBlockReachesRecCand(
-      SsaSourceVariable v, ReachableBasicBlock b1, ReachableBasicBlock mid, ReachableBasicBlock b2
-    ) {
-      varBlockReaches(v, b1, mid) and
-      not varOccursInBlock(v, mid) and
-      b2 = mid.getASuccessor(_)
-    }
-
-    /**
-     * Holds if `b2` is a transitive successor of `b1` and `v` occurs in `b1` and
-     * in `b2` or one of its transitive successors but not in any block on the path
-     * between `b1` and `b2`.
-     */
-    private predicate varBlockReaches(
-      SsaSourceVariable v, ReachableBasicBlock b1, ReachableBasicBlock b2
-    ) {
-      varBlockReachesBaseCand(v, b1, b2) and
-      blockPrecedesVar(v, b2)
-      or
-      varBlockReachesRecCand(v, b1, _, b2) and
-      blockPrecedesVar(v, b2)
-    }
-
-    /**
-     * Holds if `b2` is a transitive successor of `b1` and `v` occurs in `b1` and
-     * `b2` but not in any block on the path between `b1` and `b2`.
-     */
-    private predicate varBlockStep(
-      SsaSourceVariable v, ReachableBasicBlock b1, ReachableBasicBlock b2
-    ) {
-      varBlockReaches(v, b1, b2) and
-      varOccursInBlock(v, b2)
-    }
-
-    /**
-     * Gets the maximum rank among all SSA references to `v` in basic block `bb`.
-     */
-    private int maxSsaRefRank(ReachableBasicBlock bb, SsaSourceVariable v) {
-      result = max(ssaRefRank(bb, _, v, _))
-    }
-
-    /**
-     * Holds if `v` occurs at index `i1` in `b1` and at index `i2` in `b2` and
-     * there is a path between them without any occurrence of `v`.
-     */
-    pragma[nomagic]
-    predicate adjacentVarRefs(
-      SsaSourceVariable v, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2, int i2
-    ) {
-      exists(int rankix |
-        b1 = b2 and
-        ssaRefRank(b1, i1, v, _) = rankix and
-        ssaRefRank(b2, i2, v, _) = rankix + 1
-      )
-      or
-      maxSsaRefRank(b1, v) = ssaRefRank(b1, i1, v, _) and
-      varBlockStep(v, b1, b2) and
-      ssaRefRank(b2, i2, v, _) = 1
-    }
-
-    predicate variableUse(SsaSourceVariable v, IR::Instruction use, ReachableBasicBlock bb, int i) {
-      bb.getNode(i) = use and
-      exists(SsaVariable sv |
-        sv.getSourceVariable() = v and
-        use = sv.getAUse()
+        // Any function that writes `v`: the write may be observed by the
+        // declaring function or another closure sharing the same variable
+        any(IR::Instruction def | def.writes(v, _)).getRoot() = f
       )
     }
   }
-
-  private import AdjacentUsesImpl
-
-  /**
-   * Holds if the value defined at `def` can reach `use` without passing through
-   * any other uses, but possibly through phi nodes.
-   */
-  cached
-  predicate firstUse(SsaDefinition def, IR::Instruction use) {
-    exists(SsaSourceVariable v, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2, int i2 |
-      adjacentVarRefs(v, b1, i1, b2, i2) and
-      def.definesAt(b1, i1, v) and
-      variableUse(v, use, b2, i2)
-    )
-    or
-    exists(
-      SsaSourceVariable v, SsaPhiNode redef, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2,
-      int i2
-    |
-      adjacentVarRefs(v, b1, i1, b2, i2) and
-      def.definesAt(b1, i1, v) and
-      redef.definesAt(b2, i2, v) and
-      firstUse(redef, use)
-    )
-  }
-
-  /**
-   * Holds if `use1` and `use2` form an adjacent use-use-pair of the same SSA
-   * variable, that is, the value read in `use1` can reach `use2` without passing
-   * through any other use or any SSA definition of the variable.
-   */
-  cached
-  predicate adjacentUseUseSameVar(IR::Instruction use1, IR::Instruction use2) {
-    exists(SsaSourceVariable v, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2, int i2 |
-      adjacentVarRefs(v, b1, i1, b2, i2) and
-      variableUse(v, use1, b1, i1) and
-      variableUse(v, use2, b2, i2)
-    )
-  }
-
-  /**
-   * Holds if `use1` and `use2` form an adjacent use-use-pair of the same
-   * `SsaSourceVariable`, that is, the value read in `use1` can reach `use2`
-   * without passing through any other use or any SSA definition of the variable
-   * except for phi nodes and uncertain implicit updates.
-   */
-  cached
-  predicate adjacentUseUse(IR::Instruction use1, IR::Instruction use2) {
-    adjacentUseUseSameVar(use1, use2)
-    or
-    exists(
-      SsaSourceVariable v, SsaPhiNode def, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2,
-      int i2
-    |
-      adjacentVarRefs(v, b1, i1, b2, i2) and
-      variableUse(v, use1, b1, i1) and
-      def.definesAt(b2, i2, v) and
-      firstUse(def, use2)
-    )
-  }
 }
 
 import Internal
+import SsaImplCommon::Make<Location, BasicBlocks::Cfg, SsaInput> as Impl
+
+final class Definition = Impl::Definition;
+
+final class WriteDefinition = Impl::WriteDefinition;
+
+final class UncertainWriteDefinition = Impl::UncertainWriteDefinition;
+
+final class PhiNode = Impl::PhiNode;
+
+module Consistency = Impl::Consistency;
+
+/**
+ * NB: This predicate should be cached.
+ *
+ * Holds if the SSA definition of `v` at `def` reaches a read at index `i` in
+ * basic block `bb`.
+ */
+cached
+predicate ssaDefReachesRead(SsaSourceVariable v, Definition def, BasicBlock bb, int i) {
+  Impl::ssaDefReachesRead(v, def, bb, i)
+}
+
+/**
+ * NB: This predicate should be cached.
+ *
+ * Holds if the SSA definition of `v` at `def` reaches the end of basic block `bb`.
+ */
+cached
+predicate ssaDefReachesEndOfBlock(BasicBlock bb, Definition def, SsaSourceVariable v) {
+  Impl::ssaDefReachesEndOfBlock(bb, def, v)
+}
+
+/**
+ * NB: This predicate should be cached.
+ *
+ * Holds if `inp` is an input to the phi node `phi` along the edge originating in `bb`.
+ */
+cached
+predicate phiHasInputFromBlock(PhiNode phi, Definition inp, BasicBlock bb) {
+  Impl::phiHasInputFromBlock(phi, inp, bb)
+}
+
+/**
+ * NB: This predicate should be cached.
+ *
+ * Holds if `def` reaches the first use `use` without going through any other use,
+ * but possibly through phi nodes.
+ */
+cached
+predicate firstUse(Definition def, IR::Instruction use) {
+  exists(BasicBlock bb, int i |
+    Impl::firstUse(def, bb, i, _) and
+    use = bb.getNode(i)
+  )
+}
+
+/**
+ * NB: This predicate should be cached.
+ *
+ * Holds if `use1` and `use2` form an adjacent use-use-pair of the same SSA
+ * variable, that is, the value read in `use1` can reach `use2` without passing
+ * through any other use or any SSA definition of the variable except for phi nodes
+ * and uncertain implicit updates.
+ */
+cached
+predicate adjacentUseUse(IR::Instruction use1, IR::Instruction use2) {
+  exists(BasicBlock bb1, int i1, BasicBlock bb2, int i2 |
+    Impl::adjacentUseUse(bb1, i1, bb2, i2, _, _) and
+    use1 = bb1.getNode(i1) and
+    use2 = bb2.getNode(i2)
+  )
+}

go/ql/test/example-tests/snippets/typeinfo.expected

@@ -2,7 +2,7 @@
 | file://:0:0:0:0 | [summary param] -1 in Clone |
 | file://:0:0:0:0 | [summary param] -1 in Write |
 | file://:0:0:0:0 | [summary param] -1 in WriteProxy |
+| main.go:18:12:18:14 | SSA def(req) |
 | main.go:18:12:18:14 | argument corresponding to req |
-| main.go:18:12:18:14 | definition of req |
 | main.go:20:5:20:7 | req |
 | main.go:20:5:20:7 | req [postupdate] |

go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected

@@ -47,27 +47,27 @@
 | test.go:621:25:621:31 | tarRead | test.go:93:5:93:16 | selection of Body | test.go:621:25:621:31 | tarRead | This decompression is $@. | test.go:93:5:93:16 | selection of Body | decompressing compressed data without managing output size |
 | test.go:629:2:629:8 | tarRead | test.go:93:5:93:16 | selection of Body | test.go:629:2:629:8 | tarRead | This decompression is $@. | test.go:93:5:93:16 | selection of Body | decompressing compressed data without managing output size |
 edges
-| test.go:59:16:59:44 | call to FormValue | test.go:128:20:128:27 | definition of filename | provenance | Src:MaD:2  |
-| test.go:60:15:60:26 | selection of Body | test.go:158:19:158:22 | definition of file | provenance | Src:MaD:1  |
-| test.go:61:24:61:35 | selection of Body | test.go:169:28:169:31 | definition of file | provenance | Src:MaD:1  |
-| test.go:62:13:62:24 | selection of Body | test.go:181:17:181:20 | definition of file | provenance | Src:MaD:1  |
-| test.go:64:8:64:19 | selection of Body | test.go:208:12:208:15 | definition of file | provenance | Src:MaD:1  |
-| test.go:66:8:66:19 | selection of Body | test.go:233:12:233:15 | definition of file | provenance | Src:MaD:1  |
-| test.go:68:17:68:28 | selection of Body | test.go:258:21:258:24 | definition of file | provenance | Src:MaD:1  |
-| test.go:70:13:70:24 | selection of Body | test.go:283:17:283:20 | definition of file | provenance | Src:MaD:1  |
-| test.go:72:16:72:27 | selection of Body | test.go:308:20:308:23 | definition of file | provenance | Src:MaD:1  |
-| test.go:74:7:74:18 | selection of Body | test.go:333:11:333:14 | definition of file | provenance | Src:MaD:1  |
-| test.go:76:9:76:20 | selection of Body | test.go:358:13:358:16 | definition of file | provenance | Src:MaD:1  |
-| test.go:78:18:78:29 | selection of Body | test.go:384:22:384:25 | definition of file | provenance | Src:MaD:1  |
-| test.go:80:5:80:16 | selection of Body | test.go:412:9:412:12 | definition of file | provenance | Src:MaD:1  |
-| test.go:82:7:82:18 | selection of Body | test.go:447:11:447:14 | definition of file | provenance | Src:MaD:1  |
-| test.go:84:15:84:26 | selection of Body | test.go:440:19:440:21 | definition of src | provenance | Src:MaD:1  |
-| test.go:85:16:85:27 | selection of Body | test.go:472:20:472:23 | definition of file | provenance | Src:MaD:1  |
-| test.go:87:16:87:27 | selection of Body | test.go:499:20:499:23 | definition of file | provenance | Src:MaD:1  |
-| test.go:89:17:89:28 | selection of Body | test.go:526:21:526:24 | definition of file | provenance | Src:MaD:1  |
-| test.go:91:15:91:26 | selection of Body | test.go:555:19:555:22 | definition of file | provenance | Src:MaD:1  |
-| test.go:93:5:93:16 | selection of Body | test.go:580:9:580:12 | definition of file | provenance | Src:MaD:1  |
-| test.go:128:20:128:27 | definition of filename | test.go:130:33:130:40 | filename | provenance |  |
+| test.go:59:16:59:44 | call to FormValue | test.go:128:20:128:27 | SSA def(filename) | provenance | Src:MaD:2  |
+| test.go:60:15:60:26 | selection of Body | test.go:158:19:158:22 | SSA def(file) | provenance | Src:MaD:1  |
+| test.go:61:24:61:35 | selection of Body | test.go:169:28:169:31 | SSA def(file) | provenance | Src:MaD:1  |
+| test.go:62:13:62:24 | selection of Body | test.go:181:17:181:20 | SSA def(file) | provenance | Src:MaD:1  |
+| test.go:64:8:64:19 | selection of Body | test.go:208:12:208:15 | SSA def(file) | provenance | Src:MaD:1  |
+| test.go:66:8:66:19 | selection of Body | test.go:233:12:233:15 | SSA def(file) | provenance | Src:MaD:1  |
+| test.go:68:17:68:28 | selection of Body | test.go:258:21:258:24 | SSA def(file) | provenance | Src:MaD:1  |
+| test.go:70:13:70:24 | selection of Body | test.go:283:17:283:20 | SSA def(file) | provenance | Src:MaD:1  |
+| test.go:72:16:72:27 | selection of Body | test.go:308:20:308:23 | SSA def(file) | provenance | Src:MaD:1  |
+| test.go:74:7:74:18 | selection of Body | test.go:333:11:333:14 | SSA def(file) | provenance | Src:MaD:1  |
+| test.go:76:9:76:20 | selection of Body | test.go:358:13:358:16 | SSA def(file) | provenance | Src:MaD:1  |
+| test.go:78:18:78:29 | selection of Body | test.go:384:22:384:25 | SSA def(file) | provenance | Src:MaD:1  |
+| test.go:80:5:80:16 | selection of Body | test.go:412:9:412:12 | SSA def(file) | provenance | Src:MaD:1  |
+| test.go:82:7:82:18 | selection of Body | test.go:447:11:447:14 | SSA def(file) | provenance | Src:MaD:1  |
+| test.go:84:15:84:26 | selection of Body | test.go:440:19:440:21 | SSA def(src) | provenance | Src:MaD:1  |
+| test.go:85:16:85:27 | selection of Body | test.go:472:20:472:23 | SSA def(file) | provenance | Src:MaD:1  |
+| test.go:87:16:87:27 | selection of Body | test.go:499:20:499:23 | SSA def(file) | provenance | Src:MaD:1  |
+| test.go:89:17:89:28 | selection of Body | test.go:526:21:526:24 | SSA def(file) | provenance | Src:MaD:1  |
+| test.go:91:15:91:26 | selection of Body | test.go:555:19:555:22 | SSA def(file) | provenance | Src:MaD:1  |
+| test.go:93:5:93:16 | selection of Body | test.go:580:9:580:12 | SSA def(file) | provenance | Src:MaD:1  |
+| test.go:128:20:128:27 | SSA def(filename) | test.go:130:33:130:40 | filename | provenance |  |
 | test.go:130:2:130:41 | ... := ...[0] | test.go:132:12:132:12 | f | provenance |  |
 | test.go:130:33:130:40 | filename | test.go:130:2:130:41 | ... := ...[0] | provenance | Config |
 | test.go:130:33:130:40 | filename | test.go:143:51:143:58 | filename | provenance |  |
@@ -77,7 +77,7 @@ edges
 | test.go:143:51:143:58 | filename | test.go:143:2:143:59 | ... := ...[0] | provenance | Config |
 | test.go:145:12:145:12 | f | test.go:145:12:145:19 | call to Open | provenance | Config |
 | test.go:145:12:145:19 | call to Open | test.go:147:37:147:38 | rc | provenance |  |
-| test.go:158:19:158:22 | definition of file | test.go:159:25:159:28 | file | provenance |  |
+| test.go:158:19:158:22 | SSA def(file) | test.go:159:25:159:28 | file | provenance |  |
 | test.go:159:2:159:29 | ... := ...[0] | test.go:160:48:160:52 | file1 | provenance |  |
 | test.go:159:25:159:28 | file | test.go:159:2:159:29 | ... := ...[0] | provenance | MaD:6 |
 | test.go:160:2:160:69 | ... := ...[0] | test.go:163:26:163:29 | file | provenance |  |
@@ -85,7 +85,7 @@ edges
 | test.go:160:48:160:52 | file1 | test.go:160:32:160:53 | call to NewReader | provenance | MaD:5 |
 | test.go:163:3:163:36 | ... := ...[0] | test.go:164:36:164:51 | fileReaderCloser | provenance |  |
 | test.go:163:26:163:29 | file | test.go:163:3:163:36 | ... := ...[0] | provenance | MaD:4 |
-| test.go:169:28:169:31 | definition of file | test.go:170:25:170:28 | file | provenance |  |
+| test.go:169:28:169:31 | SSA def(file) | test.go:170:25:170:28 | file | provenance |  |
 | test.go:170:2:170:29 | ... := ...[0] | test.go:171:57:171:61 | file2 | provenance |  |
 | test.go:170:25:170:28 | file | test.go:170:2:170:29 | ... := ...[0] | provenance | MaD:6 |
 | test.go:171:2:171:78 | ... := ...[0] | test.go:175:26:175:29 | file | provenance |  |
@@ -93,64 +93,64 @@ edges
 | test.go:171:57:171:61 | file2 | test.go:171:41:171:62 | call to NewReader | provenance | MaD:5 |
 | test.go:175:26:175:29 | file | test.go:175:26:175:36 | call to Open | provenance | Config |
 | test.go:175:26:175:36 | call to Open | test.go:176:36:176:51 | fileReaderCloser | provenance |  |
-| test.go:181:17:181:20 | definition of file | test.go:184:41:184:44 | file | provenance |  |
+| test.go:181:17:181:20 | SSA def(file) | test.go:184:41:184:44 | file | provenance |  |
 | test.go:184:2:184:73 | ... := ...[0] | test.go:186:2:186:12 | bzip2Reader | provenance |  |
 | test.go:184:2:184:73 | ... := ...[0] | test.go:187:26:187:36 | bzip2Reader | provenance |  |
 | test.go:184:41:184:44 | file | test.go:184:2:184:73 | ... := ...[0] | provenance | Config |
 | test.go:187:12:187:37 | call to NewReader | test.go:189:18:189:24 | tarRead | provenance |  |
 | test.go:187:26:187:36 | bzip2Reader | test.go:187:12:187:37 | call to NewReader | provenance | MaD:3 |
-| test.go:189:18:189:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
-| test.go:208:12:208:15 | definition of file | test.go:211:33:211:36 | file | provenance |  |
+| test.go:189:18:189:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
+| test.go:208:12:208:15 | SSA def(file) | test.go:211:33:211:36 | file | provenance |  |
 | test.go:211:17:211:37 | call to NewReader | test.go:213:2:213:12 | bzip2Reader | provenance |  |
 | test.go:211:17:211:37 | call to NewReader | test.go:214:26:214:36 | bzip2Reader | provenance |  |
 | test.go:211:33:211:36 | file | test.go:211:17:211:37 | call to NewReader | provenance | Config |
 | test.go:214:12:214:37 | call to NewReader | test.go:216:18:216:24 | tarRead | provenance |  |
 | test.go:214:26:214:36 | bzip2Reader | test.go:214:12:214:37 | call to NewReader | provenance | MaD:3 |
-| test.go:216:18:216:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
-| test.go:233:12:233:15 | definition of file | test.go:236:33:236:36 | file | provenance |  |
+| test.go:216:18:216:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
+| test.go:233:12:233:15 | SSA def(file) | test.go:236:33:236:36 | file | provenance |  |
 | test.go:236:17:236:37 | call to NewReader | test.go:238:2:238:12 | flateReader | provenance |  |
 | test.go:236:17:236:37 | call to NewReader | test.go:239:26:239:36 | flateReader | provenance |  |
 | test.go:236:33:236:36 | file | test.go:236:17:236:37 | call to NewReader | provenance | Config |
 | test.go:239:12:239:37 | call to NewReader | test.go:241:18:241:24 | tarRead | provenance |  |
 | test.go:239:26:239:36 | flateReader | test.go:239:12:239:37 | call to NewReader | provenance | MaD:3 |
-| test.go:241:18:241:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
-| test.go:258:21:258:24 | definition of file | test.go:261:42:261:45 | file | provenance |  |
+| test.go:241:18:241:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
+| test.go:258:21:258:24 | SSA def(file) | test.go:261:42:261:45 | file | provenance |  |
 | test.go:261:17:261:46 | call to NewReader | test.go:263:2:263:12 | flateReader | provenance |  |
 | test.go:261:17:261:46 | call to NewReader | test.go:264:26:264:36 | flateReader | provenance |  |
 | test.go:261:42:261:45 | file | test.go:261:17:261:46 | call to NewReader | provenance | Config |
 | test.go:264:12:264:37 | call to NewReader | test.go:266:18:266:24 | tarRead | provenance |  |
 | test.go:264:26:264:36 | flateReader | test.go:264:12:264:37 | call to NewReader | provenance | MaD:3 |
-| test.go:266:18:266:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
-| test.go:283:17:283:20 | definition of file | test.go:286:41:286:44 | file | provenance |  |
+| test.go:266:18:266:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
+| test.go:283:17:283:20 | SSA def(file) | test.go:286:41:286:44 | file | provenance |  |
 | test.go:286:2:286:73 | ... := ...[0] | test.go:288:2:288:12 | flateReader | provenance |  |
 | test.go:286:2:286:73 | ... := ...[0] | test.go:289:26:289:36 | flateReader | provenance |  |
 | test.go:286:41:286:44 | file | test.go:286:2:286:73 | ... := ...[0] | provenance | Config |
 | test.go:289:12:289:37 | call to NewReader | test.go:291:18:291:24 | tarRead | provenance |  |
 | test.go:289:26:289:36 | flateReader | test.go:289:12:289:37 | call to NewReader | provenance | MaD:3 |
-| test.go:291:18:291:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
-| test.go:308:20:308:23 | definition of file | test.go:311:43:311:46 | file | provenance |  |
+| test.go:291:18:291:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
+| test.go:308:20:308:23 | SSA def(file) | test.go:311:43:311:46 | file | provenance |  |
 | test.go:311:2:311:47 | ... := ...[0] | test.go:313:2:313:11 | zlibReader | provenance |  |
 | test.go:311:2:311:47 | ... := ...[0] | test.go:314:26:314:35 | zlibReader | provenance |  |
 | test.go:311:43:311:46 | file | test.go:311:2:311:47 | ... := ...[0] | provenance | Config |
 | test.go:314:12:314:36 | call to NewReader | test.go:316:18:316:24 | tarRead | provenance |  |
 | test.go:314:26:314:35 | zlibReader | test.go:314:12:314:36 | call to NewReader | provenance | MaD:3 |
-| test.go:316:18:316:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
-| test.go:333:11:333:14 | definition of file | test.go:336:34:336:37 | file | provenance |  |
+| test.go:316:18:316:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
+| test.go:333:11:333:14 | SSA def(file) | test.go:336:34:336:37 | file | provenance |  |
 | test.go:336:2:336:38 | ... := ...[0] | test.go:338:2:338:11 | zlibReader | provenance |  |
 | test.go:336:2:336:38 | ... := ...[0] | test.go:339:26:339:35 | zlibReader | provenance |  |
 | test.go:336:34:336:37 | file | test.go:336:2:336:38 | ... := ...[0] | provenance | Config |
 | test.go:339:12:339:36 | call to NewReader | test.go:341:18:341:24 | tarRead | provenance |  |
 | test.go:339:26:339:35 | zlibReader | test.go:339:12:339:36 | call to NewReader | provenance | MaD:3 |
-| test.go:341:18:341:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
-| test.go:358:13:358:16 | definition of file | test.go:361:35:361:38 | file | provenance |  |
+| test.go:341:18:341:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
+| test.go:358:13:358:16 | SSA def(file) | test.go:361:35:361:38 | file | provenance |  |
 | test.go:361:18:361:39 | call to NewReader | test.go:363:2:363:13 | snappyReader | provenance |  |
 | test.go:361:18:361:39 | call to NewReader | test.go:364:2:364:13 | snappyReader | provenance |  |
 | test.go:361:18:361:39 | call to NewReader | test.go:365:26:365:37 | snappyReader | provenance |  |
 | test.go:361:35:361:38 | file | test.go:361:18:361:39 | call to NewReader | provenance | Config |
 | test.go:365:12:365:38 | call to NewReader | test.go:367:18:367:24 | tarRead | provenance |  |
 | test.go:365:26:365:37 | snappyReader | test.go:365:12:365:38 | call to NewReader | provenance | MaD:3 |
-| test.go:367:18:367:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
-| test.go:384:22:384:25 | definition of file | test.go:387:44:387:47 | file | provenance |  |
+| test.go:367:18:367:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
+| test.go:384:22:384:25 | SSA def(file) | test.go:387:44:387:47 | file | provenance |  |
 | test.go:387:18:387:48 | call to NewReader | test.go:389:2:389:13 | snappyReader | provenance |  |
 | test.go:387:18:387:48 | call to NewReader | test.go:391:2:391:13 | snappyReader | provenance |  |
 | test.go:387:18:387:48 | call to NewReader | test.go:392:2:392:13 | snappyReader | provenance |  |
@@ -158,8 +158,8 @@ edges
 | test.go:387:44:387:47 | file | test.go:387:18:387:48 | call to NewReader | provenance | Config |
 | test.go:393:12:393:38 | call to NewReader | test.go:395:18:395:24 | tarRead | provenance |  |
 | test.go:393:26:393:37 | snappyReader | test.go:393:12:393:38 | call to NewReader | provenance | MaD:3 |
-| test.go:395:18:395:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
-| test.go:412:9:412:12 | definition of file | test.go:415:27:415:30 | file | provenance |  |
+| test.go:395:18:395:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
+| test.go:412:9:412:12 | SSA def(file) | test.go:415:27:415:30 | file | provenance |  |
 | test.go:415:14:415:31 | call to NewReader | test.go:417:2:417:9 | s2Reader | provenance |  |
 | test.go:415:14:415:31 | call to NewReader | test.go:418:2:418:9 | s2Reader | provenance |  |
 | test.go:415:14:415:31 | call to NewReader | test.go:420:2:420:9 | s2Reader | provenance |  |
@@ -167,35 +167,35 @@ edges
 | test.go:415:27:415:30 | file | test.go:415:14:415:31 | call to NewReader | provenance | Config |
 | test.go:421:12:421:34 | call to NewReader | test.go:423:18:423:24 | tarRead | provenance |  |
 | test.go:421:26:421:33 | s2Reader | test.go:421:12:421:34 | call to NewReader | provenance | MaD:3 |
-| test.go:423:18:423:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
-| test.go:440:19:440:21 | definition of src | test.go:441:34:441:36 | src | provenance |  |
+| test.go:423:18:423:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
+| test.go:440:19:440:21 | SSA def(src) | test.go:441:34:441:36 | src | provenance |  |
 | test.go:441:2:441:37 | ... := ...[0] | test.go:444:12:444:32 | type conversion | provenance |  |
 | test.go:441:34:441:36 | src | test.go:441:2:441:37 | ... := ...[0] | provenance | Config |
 | test.go:444:12:444:32 | type conversion | test.go:445:23:445:28 | newSrc | provenance |  |
-| test.go:447:11:447:14 | definition of file | test.go:450:34:450:37 | file | provenance |  |
+| test.go:447:11:447:14 | SSA def(file) | test.go:450:34:450:37 | file | provenance |  |
 | test.go:450:2:450:38 | ... := ...[0] | test.go:452:2:452:11 | gzipReader | provenance |  |
 | test.go:450:2:450:38 | ... := ...[0] | test.go:453:26:453:35 | gzipReader | provenance |  |
 | test.go:450:34:450:37 | file | test.go:450:2:450:38 | ... := ...[0] | provenance | Config |
 | test.go:453:12:453:36 | call to NewReader | test.go:455:18:455:24 | tarRead | provenance |  |
 | test.go:453:26:453:35 | gzipReader | test.go:453:12:453:36 | call to NewReader | provenance | MaD:3 |
-| test.go:455:18:455:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
-| test.go:472:20:472:23 | definition of file | test.go:475:43:475:46 | file | provenance |  |
+| test.go:455:18:455:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
+| test.go:472:20:472:23 | SSA def(file) | test.go:475:43:475:46 | file | provenance |  |
 | test.go:475:2:475:47 | ... := ...[0] | test.go:477:2:477:11 | gzipReader | provenance |  |
 | test.go:475:2:475:47 | ... := ...[0] | test.go:479:2:479:11 | gzipReader | provenance |  |
 | test.go:475:2:475:47 | ... := ...[0] | test.go:480:26:480:35 | gzipReader | provenance |  |
 | test.go:475:43:475:46 | file | test.go:475:2:475:47 | ... := ...[0] | provenance | Config |
 | test.go:480:12:480:36 | call to NewReader | test.go:482:18:482:24 | tarRead | provenance |  |
 | test.go:480:26:480:35 | gzipReader | test.go:480:12:480:36 | call to NewReader | provenance | MaD:3 |
-| test.go:482:18:482:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
-| test.go:499:20:499:23 | definition of file | test.go:502:45:502:48 | file | provenance |  |
+| test.go:482:18:482:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
+| test.go:499:20:499:23 | SSA def(file) | test.go:502:45:502:48 | file | provenance |  |
 | test.go:502:2:502:49 | ... := ...[0] | test.go:504:2:504:12 | pgzipReader | provenance |  |
 | test.go:502:2:502:49 | ... := ...[0] | test.go:506:2:506:12 | pgzipReader | provenance |  |
 | test.go:502:2:502:49 | ... := ...[0] | test.go:507:26:507:36 | pgzipReader | provenance |  |
 | test.go:502:45:502:48 | file | test.go:502:2:502:49 | ... := ...[0] | provenance | Config |
 | test.go:507:12:507:37 | call to NewReader | test.go:509:18:509:24 | tarRead | provenance |  |
 | test.go:507:26:507:36 | pgzipReader | test.go:507:12:507:37 | call to NewReader | provenance | MaD:3 |
-| test.go:509:18:509:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
-| test.go:526:21:526:24 | definition of file | test.go:529:43:529:46 | file | provenance |  |
+| test.go:509:18:509:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
+| test.go:526:21:526:24 | SSA def(file) | test.go:529:43:529:46 | file | provenance |  |
 | test.go:529:2:529:47 | ... := ...[0] | test.go:531:2:531:11 | zstdReader | provenance |  |
 | test.go:529:2:529:47 | ... := ...[0] | test.go:533:2:533:11 | zstdReader | provenance |  |
 | test.go:529:2:529:47 | ... := ...[0] | test.go:535:2:535:11 | zstdReader | provenance |  |
@@ -203,33 +203,33 @@ edges
 | test.go:529:43:529:46 | file | test.go:529:2:529:47 | ... := ...[0] | provenance | Config |
 | test.go:536:12:536:36 | call to NewReader | test.go:538:18:538:24 | tarRead | provenance |  |
 | test.go:536:26:536:35 | zstdReader | test.go:536:12:536:36 | call to NewReader | provenance | MaD:3 |
-| test.go:538:18:538:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
-| test.go:555:19:555:22 | definition of file | test.go:558:38:558:41 | file | provenance |  |
+| test.go:538:18:538:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
+| test.go:555:19:555:22 | SSA def(file) | test.go:558:38:558:41 | file | provenance |  |
 | test.go:558:16:558:42 | call to NewReader | test.go:560:2:560:11 | zstdReader | provenance |  |
 | test.go:558:16:558:42 | call to NewReader | test.go:561:26:561:35 | zstdReader | provenance |  |
 | test.go:558:38:558:41 | file | test.go:558:16:558:42 | call to NewReader | provenance | Config |
 | test.go:561:12:561:36 | call to NewReader | test.go:563:18:563:24 | tarRead | provenance |  |
 | test.go:561:26:561:35 | zstdReader | test.go:561:12:561:36 | call to NewReader | provenance | MaD:3 |
-| test.go:563:18:563:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
-| test.go:580:9:580:12 | definition of file | test.go:583:30:583:33 | file | provenance |  |
+| test.go:563:18:563:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
+| test.go:580:9:580:12 | SSA def(file) | test.go:583:30:583:33 | file | provenance |  |
 | test.go:583:2:583:34 | ... := ...[0] | test.go:585:2:585:9 | xzReader | provenance |  |
 | test.go:583:2:583:34 | ... := ...[0] | test.go:586:26:586:33 | xzReader | provenance |  |
 | test.go:583:30:583:33 | file | test.go:583:2:583:34 | ... := ...[0] | provenance | Config |
 | test.go:586:12:586:34 | call to NewReader | test.go:589:18:589:24 | tarRead | provenance |  |
 | test.go:586:12:586:34 | call to NewReader | test.go:590:19:590:25 | tarRead | provenance |  |
 | test.go:586:26:586:33 | xzReader | test.go:586:12:586:34 | call to NewReader | provenance | MaD:3 |
-| test.go:589:18:589:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
-| test.go:590:19:590:25 | tarRead | test.go:627:23:627:29 | definition of tarRead | provenance |  |
-| test.go:611:22:611:28 | definition of tarRead | test.go:621:25:621:31 | tarRead | provenance |  |
-| test.go:611:22:611:28 | definition of tarRead | test.go:621:25:621:31 | tarRead | provenance |  |
-| test.go:611:22:611:28 | definition of tarRead | test.go:621:25:621:31 | tarRead | provenance |  |
-| test.go:611:22:611:28 | definition of tarRead | test.go:621:25:621:31 | tarRead | provenance |  |
-| test.go:611:22:611:28 | definition of tarRead | test.go:621:25:621:31 | tarRead | provenance |  |
-| test.go:611:22:611:28 | definition of tarRead | test.go:621:25:621:31 | tarRead | provenance |  |
-| test.go:611:22:611:28 | definition of tarRead | test.go:621:25:621:31 | tarRead | provenance |  |
-| test.go:611:22:611:28 | definition of tarRead | test.go:621:25:621:31 | tarRead | provenance |  |
-| test.go:611:22:611:28 | definition of tarRead | test.go:621:25:621:31 | tarRead | provenance |  |
-| test.go:627:23:627:29 | definition of tarRead | test.go:629:2:629:8 | tarRead | provenance |  |
+| test.go:589:18:589:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
+| test.go:590:19:590:25 | tarRead | test.go:627:23:627:29 | SSA def(tarRead) | provenance |  |
+| test.go:611:22:611:28 | SSA def(tarRead) | test.go:621:25:621:31 | tarRead | provenance |  |
+| test.go:611:22:611:28 | SSA def(tarRead) | test.go:621:25:621:31 | tarRead | provenance |  |
+| test.go:611:22:611:28 | SSA def(tarRead) | test.go:621:25:621:31 | tarRead | provenance |  |
+| test.go:611:22:611:28 | SSA def(tarRead) | test.go:621:25:621:31 | tarRead | provenance |  |
+| test.go:611:22:611:28 | SSA def(tarRead) | test.go:621:25:621:31 | tarRead | provenance |  |
+| test.go:611:22:611:28 | SSA def(tarRead) | test.go:621:25:621:31 | tarRead | provenance |  |
+| test.go:611:22:611:28 | SSA def(tarRead) | test.go:621:25:621:31 | tarRead | provenance |  |
+| test.go:611:22:611:28 | SSA def(tarRead) | test.go:621:25:621:31 | tarRead | provenance |  |
+| test.go:611:22:611:28 | SSA def(tarRead) | test.go:621:25:621:31 | tarRead | provenance |  |
+| test.go:627:23:627:29 | SSA def(tarRead) | test.go:629:2:629:8 | tarRead | provenance |  |
 models
 | 1 | Source: net/http; Request; true; Body; ; ; ; remote; manual |
 | 2 | Source: net/http; Request; true; FormValue; ; ; ReturnValue; remote; manual |
@@ -258,7 +258,7 @@ nodes
 | test.go:89:17:89:28 | selection of Body | semmle.label | selection of Body |
 | test.go:91:15:91:26 | selection of Body | semmle.label | selection of Body |
 | test.go:93:5:93:16 | selection of Body | semmle.label | selection of Body |
-| test.go:128:20:128:27 | definition of filename | semmle.label | definition of filename |
+| test.go:128:20:128:27 | SSA def(filename) | semmle.label | SSA def(filename) |
 | test.go:130:2:130:41 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:130:33:130:40 | filename | semmle.label | filename |
 | test.go:132:3:132:19 | ... := ...[0] | semmle.label | ... := ...[0] |
@@ -269,7 +269,7 @@ nodes
 | test.go:145:12:145:12 | f | semmle.label | f |
 | test.go:145:12:145:19 | call to Open | semmle.label | call to Open |
 | test.go:147:37:147:38 | rc | semmle.label | rc |
-| test.go:158:19:158:22 | definition of file | semmle.label | definition of file |
+| test.go:158:19:158:22 | SSA def(file) | semmle.label | SSA def(file) |
 | test.go:159:2:159:29 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:159:25:159:28 | file | semmle.label | file |
 | test.go:160:2:160:69 | ... := ...[0] | semmle.label | ... := ...[0] |
@@ -278,7 +278,7 @@ nodes
 | test.go:163:3:163:36 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:163:26:163:29 | file | semmle.label | file |
 | test.go:164:36:164:51 | fileReaderCloser | semmle.label | fileReaderCloser |
-| test.go:169:28:169:31 | definition of file | semmle.label | definition of file |
+| test.go:169:28:169:31 | SSA def(file) | semmle.label | SSA def(file) |
 | test.go:170:2:170:29 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:170:25:170:28 | file | semmle.label | file |
 | test.go:171:2:171:78 | ... := ...[0] | semmle.label | ... := ...[0] |
@@ -287,56 +287,56 @@ nodes
 | test.go:175:26:175:29 | file | semmle.label | file |
 | test.go:175:26:175:36 | call to Open | semmle.label | call to Open |
 | test.go:176:36:176:51 | fileReaderCloser | semmle.label | fileReaderCloser |
-| test.go:181:17:181:20 | definition of file | semmle.label | definition of file |
+| test.go:181:17:181:20 | SSA def(file) | semmle.label | SSA def(file) |
 | test.go:184:2:184:73 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:184:41:184:44 | file | semmle.label | file |
 | test.go:186:2:186:12 | bzip2Reader | semmle.label | bzip2Reader |
 | test.go:187:12:187:37 | call to NewReader | semmle.label | call to NewReader |
 | test.go:187:26:187:36 | bzip2Reader | semmle.label | bzip2Reader |
 | test.go:189:18:189:24 | tarRead | semmle.label | tarRead |
-| test.go:208:12:208:15 | definition of file | semmle.label | definition of file |
+| test.go:208:12:208:15 | SSA def(file) | semmle.label | SSA def(file) |
 | test.go:211:17:211:37 | call to NewReader | semmle.label | call to NewReader |
 | test.go:211:33:211:36 | file | semmle.label | file |
 | test.go:213:2:213:12 | bzip2Reader | semmle.label | bzip2Reader |
 | test.go:214:12:214:37 | call to NewReader | semmle.label | call to NewReader |
 | test.go:214:26:214:36 | bzip2Reader | semmle.label | bzip2Reader |
 | test.go:216:18:216:24 | tarRead | semmle.label | tarRead |
-| test.go:233:12:233:15 | definition of file | semmle.label | definition of file |
+| test.go:233:12:233:15 | SSA def(file) | semmle.label | SSA def(file) |
 | test.go:236:17:236:37 | call to NewReader | semmle.label | call to NewReader |
 | test.go:236:33:236:36 | file | semmle.label | file |
 | test.go:238:2:238:12 | flateReader | semmle.label | flateReader |
 | test.go:239:12:239:37 | call to NewReader | semmle.label | call to NewReader |
 | test.go:239:26:239:36 | flateReader | semmle.label | flateReader |
 | test.go:241:18:241:24 | tarRead | semmle.label | tarRead |
-| test.go:258:21:258:24 | definition of file | semmle.label | definition of file |
+| test.go:258:21:258:24 | SSA def(file) | semmle.label | SSA def(file) |
 | test.go:261:17:261:46 | call to NewReader | semmle.label | call to NewReader |
 | test.go:261:42:261:45 | file | semmle.label | file |
 | test.go:263:2:263:12 | flateReader | semmle.label | flateReader |
 | test.go:264:12:264:37 | call to NewReader | semmle.label | call to NewReader |
 | test.go:264:26:264:36 | flateReader | semmle.label | flateReader |
 | test.go:266:18:266:24 | tarRead | semmle.label | tarRead |
-| test.go:283:17:283:20 | definition of file | semmle.label | definition of file |
+| test.go:283:17:283:20 | SSA def(file) | semmle.label | SSA def(file) |
 | test.go:286:2:286:73 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:286:41:286:44 | file | semmle.label | file |
 | test.go:288:2:288:12 | flateReader | semmle.label | flateReader |
 | test.go:289:12:289:37 | call to NewReader | semmle.label | call to NewReader |
 | test.go:289:26:289:36 | flateReader | semmle.label | flateReader |
 | test.go:291:18:291:24 | tarRead | semmle.label | tarRead |
-| test.go:308:20:308:23 | definition of file | semmle.label | definition of file |
+| test.go:308:20:308:23 | SSA def(file) | semmle.label | SSA def(file) |
 | test.go:311:2:311:47 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:311:43:311:46 | file | semmle.label | file |
 | test.go:313:2:313:11 | zlibReader | semmle.label | zlibReader |
 | test.go:314:12:314:36 | call to NewReader | semmle.label | call to NewReader |
 | test.go:314:26:314:35 | zlibReader | semmle.label | zlibReader |
 | test.go:316:18:316:24 | tarRead | semmle.label | tarRead |
-| test.go:333:11:333:14 | definition of file | semmle.label | definition of file |
+| test.go:333:11:333:14 | SSA def(file) | semmle.label | SSA def(file) |
 | test.go:336:2:336:38 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:336:34:336:37 | file | semmle.label | file |
 | test.go:338:2:338:11 | zlibReader | semmle.label | zlibReader |
 | test.go:339:12:339:36 | call to NewReader | semmle.label | call to NewReader |
 | test.go:339:26:339:35 | zlibReader | semmle.label | zlibReader |
 | test.go:341:18:341:24 | tarRead | semmle.label | tarRead |
-| test.go:358:13:358:16 | definition of file | semmle.label | definition of file |
+| test.go:358:13:358:16 | SSA def(file) | semmle.label | SSA def(file) |
 | test.go:361:18:361:39 | call to NewReader | semmle.label | call to NewReader |
 | test.go:361:35:361:38 | file | semmle.label | file |
 | test.go:363:2:363:13 | snappyReader | semmle.label | snappyReader |
@@ -344,7 +344,7 @@ nodes
 | test.go:365:12:365:38 | call to NewReader | semmle.label | call to NewReader |
 | test.go:365:26:365:37 | snappyReader | semmle.label | snappyReader |
 | test.go:367:18:367:24 | tarRead | semmle.label | tarRead |
-| test.go:384:22:384:25 | definition of file | semmle.label | definition of file |
+| test.go:384:22:384:25 | SSA def(file) | semmle.label | SSA def(file) |
 | test.go:387:18:387:48 | call to NewReader | semmle.label | call to NewReader |
 | test.go:387:44:387:47 | file | semmle.label | file |
 | test.go:389:2:389:13 | snappyReader | semmle.label | snappyReader |
@@ -353,7 +353,7 @@ nodes
 | test.go:393:12:393:38 | call to NewReader | semmle.label | call to NewReader |
 | test.go:393:26:393:37 | snappyReader | semmle.label | snappyReader |
 | test.go:395:18:395:24 | tarRead | semmle.label | tarRead |
-| test.go:412:9:412:12 | definition of file | semmle.label | definition of file |
+| test.go:412:9:412:12 | SSA def(file) | semmle.label | SSA def(file) |
 | test.go:415:14:415:31 | call to NewReader | semmle.label | call to NewReader |
 | test.go:415:27:415:30 | file | semmle.label | file |
 | test.go:417:2:417:9 | s2Reader | semmle.label | s2Reader |
@@ -362,19 +362,19 @@ nodes
 | test.go:421:12:421:34 | call to NewReader | semmle.label | call to NewReader |
 | test.go:421:26:421:33 | s2Reader | semmle.label | s2Reader |
 | test.go:423:18:423:24 | tarRead | semmle.label | tarRead |
-| test.go:440:19:440:21 | definition of src | semmle.label | definition of src |
+| test.go:440:19:440:21 | SSA def(src) | semmle.label | SSA def(src) |
 | test.go:441:2:441:37 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:441:34:441:36 | src | semmle.label | src |
 | test.go:444:12:444:32 | type conversion | semmle.label | type conversion |
 | test.go:445:23:445:28 | newSrc | semmle.label | newSrc |
-| test.go:447:11:447:14 | definition of file | semmle.label | definition of file |
+| test.go:447:11:447:14 | SSA def(file) | semmle.label | SSA def(file) |
 | test.go:450:2:450:38 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:450:34:450:37 | file | semmle.label | file |
 | test.go:452:2:452:11 | gzipReader | semmle.label | gzipReader |
 | test.go:453:12:453:36 | call to NewReader | semmle.label | call to NewReader |
 | test.go:453:26:453:35 | gzipReader | semmle.label | gzipReader |
 | test.go:455:18:455:24 | tarRead | semmle.label | tarRead |
-| test.go:472:20:472:23 | definition of file | semmle.label | definition of file |
+| test.go:472:20:472:23 | SSA def(file) | semmle.label | SSA def(file) |
 | test.go:475:2:475:47 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:475:43:475:46 | file | semmle.label | file |
 | test.go:477:2:477:11 | gzipReader | semmle.label | gzipReader |
@@ -382,7 +382,7 @@ nodes
 | test.go:480:12:480:36 | call to NewReader | semmle.label | call to NewReader |
 | test.go:480:26:480:35 | gzipReader | semmle.label | gzipReader |
 | test.go:482:18:482:24 | tarRead | semmle.label | tarRead |
-| test.go:499:20:499:23 | definition of file | semmle.label | definition of file |
+| test.go:499:20:499:23 | SSA def(file) | semmle.label | SSA def(file) |
 | test.go:502:2:502:49 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:502:45:502:48 | file | semmle.label | file |
 | test.go:504:2:504:12 | pgzipReader | semmle.label | pgzipReader |
@@ -390,7 +390,7 @@ nodes
 | test.go:507:12:507:37 | call to NewReader | semmle.label | call to NewReader |
 | test.go:507:26:507:36 | pgzipReader | semmle.label | pgzipReader |
 | test.go:509:18:509:24 | tarRead | semmle.label | tarRead |
-| test.go:526:21:526:24 | definition of file | semmle.label | definition of file |
+| test.go:526:21:526:24 | SSA def(file) | semmle.label | SSA def(file) |
 | test.go:529:2:529:47 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:529:43:529:46 | file | semmle.label | file |
 | test.go:531:2:531:11 | zstdReader | semmle.label | zstdReader |
@@ -399,14 +399,14 @@ nodes
 | test.go:536:12:536:36 | call to NewReader | semmle.label | call to NewReader |
 | test.go:536:26:536:35 | zstdReader | semmle.label | zstdReader |
 | test.go:538:18:538:24 | tarRead | semmle.label | tarRead |
-| test.go:555:19:555:22 | definition of file | semmle.label | definition of file |
+| test.go:555:19:555:22 | SSA def(file) | semmle.label | SSA def(file) |
 | test.go:558:16:558:42 | call to NewReader | semmle.label | call to NewReader |
 | test.go:558:38:558:41 | file | semmle.label | file |
 | test.go:560:2:560:11 | zstdReader | semmle.label | zstdReader |
 | test.go:561:12:561:36 | call to NewReader | semmle.label | call to NewReader |
 | test.go:561:26:561:35 | zstdReader | semmle.label | zstdReader |
 | test.go:563:18:563:24 | tarRead | semmle.label | tarRead |
-| test.go:580:9:580:12 | definition of file | semmle.label | definition of file |
+| test.go:580:9:580:12 | SSA def(file) | semmle.label | SSA def(file) |
 | test.go:583:2:583:34 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:583:30:583:33 | file | semmle.label | file |
 | test.go:585:2:585:9 | xzReader | semmle.label | xzReader |
@@ -414,15 +414,15 @@ nodes
 | test.go:586:26:586:33 | xzReader | semmle.label | xzReader |
 | test.go:589:18:589:24 | tarRead | semmle.label | tarRead |
 | test.go:590:19:590:25 | tarRead | semmle.label | tarRead |
-| test.go:611:22:611:28 | definition of tarRead | semmle.label | definition of tarRead |
-| test.go:611:22:611:28 | definition of tarRead | semmle.label | definition of tarRead |
-| test.go:611:22:611:28 | definition of tarRead | semmle.label | definition of tarRead |
-| test.go:611:22:611:28 | definition of tarRead | semmle.label | definition of tarRead |
-| test.go:611:22:611:28 | definition of tarRead | semmle.label | definition of tarRead |
-| test.go:611:22:611:28 | definition of tarRead | semmle.label | definition of tarRead |
-| test.go:611:22:611:28 | definition of tarRead | semmle.label | definition of tarRead |
-| test.go:611:22:611:28 | definition of tarRead | semmle.label | definition of tarRead |
-| test.go:611:22:611:28 | definition of tarRead | semmle.label | definition of tarRead |
+| test.go:611:22:611:28 | SSA def(tarRead) | semmle.label | SSA def(tarRead) |
+| test.go:611:22:611:28 | SSA def(tarRead) | semmle.label | SSA def(tarRead) |
+| test.go:611:22:611:28 | SSA def(tarRead) | semmle.label | SSA def(tarRead) |
+| test.go:611:22:611:28 | SSA def(tarRead) | semmle.label | SSA def(tarRead) |
+| test.go:611:22:611:28 | SSA def(tarRead) | semmle.label | SSA def(tarRead) |
+| test.go:611:22:611:28 | SSA def(tarRead) | semmle.label | SSA def(tarRead) |
+| test.go:611:22:611:28 | SSA def(tarRead) | semmle.label | SSA def(tarRead) |
+| test.go:611:22:611:28 | SSA def(tarRead) | semmle.label | SSA def(tarRead) |
+| test.go:611:22:611:28 | SSA def(tarRead) | semmle.label | SSA def(tarRead) |
 | test.go:621:25:621:31 | tarRead | semmle.label | tarRead |
 | test.go:621:25:621:31 | tarRead | semmle.label | tarRead |
 | test.go:621:25:621:31 | tarRead | semmle.label | tarRead |
@@ -432,6 +432,6 @@ nodes
 | test.go:621:25:621:31 | tarRead | semmle.label | tarRead |
 | test.go:621:25:621:31 | tarRead | semmle.label | tarRead |
 | test.go:621:25:621:31 | tarRead | semmle.label | tarRead |
-| test.go:627:23:627:29 | definition of tarRead | semmle.label | definition of tarRead |
+| test.go:627:23:627:29 | SSA def(tarRead) | semmle.label | SSA def(tarRead) |
 | test.go:629:2:629:8 | tarRead | semmle.label | tarRead |
 subpaths

go/ql/test/experimental/Unsafe/WrongUsageOfUnsafe.expected

@@ -10,8 +10,8 @@ edges
 | WrongUsageOfUnsafe.go:166:33:166:57 | type conversion | WrongUsageOfUnsafe.go:166:16:166:58 | type conversion | provenance |  |
 | WrongUsageOfUnsafe.go:189:31:189:55 | type conversion | WrongUsageOfUnsafe.go:189:16:189:56 | type conversion | provenance |  |
 | WrongUsageOfUnsafe.go:211:31:211:60 | type conversion | WrongUsageOfUnsafe.go:211:16:211:61 | type conversion | provenance |  |
-| WrongUsageOfUnsafe.go:227:31:227:55 | type conversion | WrongUsageOfUnsafe.go:236:21:236:23 | definition of req | provenance |  |
-| WrongUsageOfUnsafe.go:236:21:236:23 | definition of req | WrongUsageOfUnsafe.go:243:9:243:27 | type conversion | provenance |  |
+| WrongUsageOfUnsafe.go:227:31:227:55 | type conversion | WrongUsageOfUnsafe.go:236:21:236:23 | SSA def(req) | provenance |  |
+| WrongUsageOfUnsafe.go:236:21:236:23 | SSA def(req) | WrongUsageOfUnsafe.go:243:9:243:27 | type conversion | provenance |  |
 | WrongUsageOfUnsafe.go:256:28:256:52 | type conversion | WrongUsageOfUnsafe.go:256:16:256:53 | type conversion | provenance |  |
 | WrongUsageOfUnsafe.go:274:25:274:49 | type conversion | WrongUsageOfUnsafe.go:274:16:274:50 | type conversion | provenance |  |
 | WrongUsageOfUnsafe.go:292:23:292:47 | type conversion | WrongUsageOfUnsafe.go:292:16:292:48 | type conversion | provenance |  |
@@ -39,7 +39,7 @@ nodes
 | WrongUsageOfUnsafe.go:211:16:211:61 | type conversion | semmle.label | type conversion |
 | WrongUsageOfUnsafe.go:211:31:211:60 | type conversion | semmle.label | type conversion |
 | WrongUsageOfUnsafe.go:227:31:227:55 | type conversion | semmle.label | type conversion |
-| WrongUsageOfUnsafe.go:236:21:236:23 | definition of req | semmle.label | definition of req |
+| WrongUsageOfUnsafe.go:236:21:236:23 | SSA def(req) | semmle.label | SSA def(req) |
 | WrongUsageOfUnsafe.go:243:9:243:27 | type conversion | semmle.label | type conversion |
 | WrongUsageOfUnsafe.go:256:16:256:53 | type conversion | semmle.label | type conversion |
 | WrongUsageOfUnsafe.go:256:28:256:52 | type conversion | semmle.label | type conversion |

go/ql/test/library-tests/semmle/go/concepts/Regexp/RegexpPattern.expected

@@ -3,7 +3,7 @@
 | stdlib.go:13:21:13:24 | "ab" | ab | stdlib.go:13:21:13:24 | "ab" |
 | stdlib.go:15:26:15:39 | "[so]me\|regex" | [so]me\|regex | stdlib.go:15:2:15:40 | ... := ...[0] |
 | stdlib.go:15:26:15:39 | "[so]me\|regex" | [so]me\|regex | stdlib.go:15:26:15:39 | "[so]me\|regex" |
-| stdlib.go:16:30:16:37 | "posix?" | posix? | stdlib.go:16:2:16:3 | definition of re |
+| stdlib.go:16:30:16:37 | "posix?" | posix? | stdlib.go:16:2:16:3 | SSA def(re) |
 | stdlib.go:16:30:16:37 | "posix?" | posix? | stdlib.go:16:2:16:38 | ... = ...[0] |
 | stdlib.go:16:30:16:37 | "posix?" | posix? | stdlib.go:16:30:16:37 | "posix?" |
 | stdlib.go:16:30:16:37 | "posix?" | posix? | stdlib.go:17:2:17:3 | re |

go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.expected

@@ -22,4 +22,4 @@ invalidModelRow
 | test.go:187:24:187:31 | call to Src1 | qltest |
 | test.go:191:24:191:31 | call to Src1 | qltest |
 | test.go:201:10:201:28 | selection of SourceVariable | qltest |
-| test.go:208:15:208:17 | definition of src | qltest |
+| test.go:208:15:208:17 | SSA def(src) | qltest |

go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected

@@ -22,4 +22,4 @@ invalidModelRow
 | test.go:187:24:187:31 | call to Src1 | qltest |
 | test.go:191:24:191:31 | call to Src1 | qltest |
 | test.go:209:10:209:28 | selection of SourceVariable | qltest |
-| test.go:216:15:216:17 | definition of src | qltest |
+| test.go:216:15:216:17 | SSA def(src) | qltest |

go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected

@@ -1,169 +1,169 @@
-| main.go:3:12:3:12 | argument corresponding to x | main.go:3:12:3:12 | definition of x |
-| main.go:3:12:3:12 | definition of x | main.go:5:5:5:5 | x |
-| main.go:3:19:3:20 | argument corresponding to fn | main.go:3:19:3:20 | definition of fn |
-| main.go:3:19:3:20 | definition of fn | main.go:10:24:10:25 | fn |
+| main.go:3:12:3:12 | SSA def(x) | main.go:5:5:5:5 | x |
+| main.go:3:12:3:12 | argument corresponding to x | main.go:3:12:3:12 | SSA def(x) |
+| main.go:3:19:3:20 | SSA def(fn) | main.go:10:24:10:25 | fn |
+| main.go:3:19:3:20 | argument corresponding to fn | main.go:3:19:3:20 | SSA def(fn) |
 | main.go:5:5:5:5 | x | main.go:6:7:6:7 | x |
 | main.go:5:5:5:5 | x | main.go:8:8:8:8 | x |
-| main.go:6:3:6:3 | definition of y | main.go:10:12:10:12 | y |
-| main.go:6:7:6:7 | x | main.go:6:3:6:3 | definition of y |
+| main.go:6:3:6:3 | SSA def(y) | main.go:10:12:10:12 | y |
+| main.go:6:7:6:7 | x | main.go:6:3:6:3 | SSA def(y) |
 | main.go:6:7:6:7 | x | main.go:10:7:10:7 | x |
-| main.go:8:3:8:3 | definition of y | main.go:10:12:10:12 | y |
-| main.go:8:7:8:8 | -... | main.go:8:3:8:3 | definition of y |
+| main.go:8:3:8:3 | SSA def(y) | main.go:10:12:10:12 | y |
+| main.go:8:7:8:8 | -... | main.go:8:3:8:3 | SSA def(y) |
 | main.go:8:8:8:8 | x | main.go:10:7:10:7 | x |
-| main.go:10:2:10:2 | definition of z | main.go:11:14:11:14 | z |
+| main.go:10:2:10:2 | SSA def(z) | main.go:11:14:11:14 | z |
 | main.go:10:7:10:7 | x | main.go:10:22:10:22 | x |
 | main.go:10:7:10:12 | ...<=... | main.go:10:7:10:27 | ...&&... |
-| main.go:10:7:10:27 | ...&&... | main.go:10:2:10:2 | definition of z |
+| main.go:10:7:10:27 | ...&&... | main.go:10:2:10:2 | SSA def(z) |
 | main.go:10:12:10:12 | y | main.go:10:17:10:17 | y |
 | main.go:10:17:10:27 | ...>=... | main.go:10:7:10:27 | ...&&... |
 | main.go:11:14:11:14 | z | main.go:11:9:11:15 | type conversion |
-| main.go:15:9:15:9 | 0 | main.go:15:2:15:4 | definition of acc |
-| main.go:16:9:19:2 | capture variable acc | main.go:17:3:17:5 | acc |
-| main.go:17:3:17:7 | definition of acc | main.go:18:10:18:12 | acc |
-| main.go:17:3:17:7 | rhs of increment statement | main.go:17:3:17:7 | definition of acc |
-| main.go:22:12:22:12 | argument corresponding to b | main.go:22:12:22:12 | definition of b |
-| main.go:22:12:22:12 | definition of b | main.go:23:5:23:5 | b |
-| main.go:22:20:22:20 | argument corresponding to x | main.go:22:20:22:20 | definition of x |
-| main.go:22:20:22:20 | definition of x | main.go:24:10:24:10 | x |
-| main.go:22:20:22:20 | definition of x | main.go:26:11:26:11 | x |
+| main.go:15:9:15:9 | 0 | main.go:15:2:15:4 | SSA def(acc) |
+| main.go:16:9:19:2 | SSA def(acc) | main.go:17:3:17:5 | acc |
+| main.go:17:3:17:7 | SSA def(acc) | main.go:18:10:18:12 | acc |
+| main.go:17:3:17:7 | rhs of increment statement | main.go:17:3:17:7 | SSA def(acc) |
+| main.go:22:12:22:12 | SSA def(b) | main.go:23:5:23:5 | b |
+| main.go:22:12:22:12 | argument corresponding to b | main.go:22:12:22:12 | SSA def(b) |
+| main.go:22:20:22:20 | SSA def(x) | main.go:24:10:24:10 | x |
+| main.go:22:20:22:20 | SSA def(x) | main.go:26:11:26:11 | x |
+| main.go:22:20:22:20 | argument corresponding to x | main.go:22:20:22:20 | SSA def(x) |
 | main.go:24:10:24:10 | x | main.go:24:10:24:19 | type assertion |
-| main.go:26:2:26:2 | definition of n | main.go:27:11:27:11 | n |
-| main.go:26:2:26:17 | ... := ...[0] | main.go:26:2:26:2 | definition of n |
-| main.go:26:2:26:17 | ... := ...[1] | main.go:26:5:26:6 | definition of ok |
-| main.go:26:5:26:6 | definition of ok | main.go:27:5:27:6 | ok |
+| main.go:26:2:26:2 | SSA def(n) | main.go:27:11:27:11 | n |
+| main.go:26:2:26:17 | ... := ...[0] | main.go:26:2:26:2 | SSA def(n) |
+| main.go:26:2:26:17 | ... := ...[1] | main.go:26:5:26:6 | SSA def(ok) |
+| main.go:26:5:26:6 | SSA def(ok) | main.go:27:5:27:6 | ok |
 | main.go:26:11:26:11 | x | main.go:26:2:26:17 | ... := ...[0] |
-| main.go:38:2:38:2 | definition of s | main.go:39:15:39:15 | s |
-| main.go:38:7:38:20 | slice literal | main.go:38:2:38:2 | definition of s |
-| main.go:38:7:38:20 | slice literal [postupdate] | main.go:38:2:38:2 | definition of s |
-| main.go:39:2:39:3 | definition of s1 | main.go:40:18:40:19 | s1 |
-| main.go:39:8:39:25 | call to append | main.go:39:2:39:3 | definition of s1 |
+| main.go:38:2:38:2 | SSA def(s) | main.go:39:15:39:15 | s |
+| main.go:38:7:38:20 | slice literal | main.go:38:2:38:2 | SSA def(s) |
+| main.go:38:7:38:20 | slice literal [postupdate] | main.go:38:2:38:2 | SSA def(s) |
+| main.go:39:2:39:3 | SSA def(s1) | main.go:40:18:40:19 | s1 |
+| main.go:39:8:39:25 | call to append | main.go:39:2:39:3 | SSA def(s1) |
 | main.go:39:15:39:15 | s | main.go:40:15:40:15 | s |
 | main.go:39:15:39:15 | s [postupdate] | main.go:40:15:40:15 | s |
-| main.go:40:2:40:3 | definition of s2 | main.go:43:9:43:10 | s2 |
-| main.go:40:8:40:23 | call to append | main.go:40:2:40:3 | definition of s2 |
+| main.go:40:2:40:3 | SSA def(s2) | main.go:43:9:43:10 | s2 |
+| main.go:40:8:40:23 | call to append | main.go:40:2:40:3 | SSA def(s2) |
 | main.go:40:15:40:15 | s | main.go:42:7:42:7 | s |
 | main.go:40:15:40:15 | s [postupdate] | main.go:42:7:42:7 | s |
-| main.go:41:2:41:3 | definition of s4 | main.go:42:10:42:11 | s4 |
-| main.go:41:8:41:21 | call to make | main.go:41:2:41:3 | definition of s4 |
-| main.go:46:13:46:14 | argument corresponding to xs | main.go:46:13:46:14 | definition of xs |
-| main.go:46:13:46:14 | definition of xs | main.go:47:20:47:21 | xs |
-| main.go:46:24:46:27 | definition of keys | main.go:46:24:46:27 | implicit read of keys |
-| main.go:46:24:46:27 | definition of keys | main.go:49:3:49:6 | keys |
-| main.go:46:24:46:27 | zero value for keys | main.go:46:24:46:27 | definition of keys |
-| main.go:46:34:46:37 | definition of vals | main.go:46:34:46:37 | implicit read of vals |
-| main.go:46:34:46:37 | definition of vals | main.go:48:3:48:6 | vals |
-| main.go:46:34:46:37 | zero value for vals | main.go:46:34:46:37 | definition of vals |
-| main.go:47:2:50:2 | range statement[0] | main.go:47:6:47:6 | definition of k |
-| main.go:47:2:50:2 | range statement[1] | main.go:47:9:47:9 | definition of v |
-| main.go:47:6:47:6 | definition of k | main.go:49:11:49:11 | k |
-| main.go:47:9:47:9 | definition of v | main.go:48:11:48:11 | v |
-| main.go:48:3:48:6 | definition of vals | main.go:46:34:46:37 | implicit read of vals |
-| main.go:48:3:48:6 | definition of vals | main.go:48:3:48:6 | vals |
-| main.go:48:3:48:11 | ... += ... | main.go:48:3:48:6 | definition of vals |
-| main.go:49:3:49:6 | definition of keys | main.go:46:24:46:27 | implicit read of keys |
-| main.go:49:3:49:6 | definition of keys | main.go:49:3:49:6 | keys |
-| main.go:49:3:49:11 | ... += ... | main.go:49:3:49:6 | definition of keys |
-| main.go:55:6:55:7 | definition of ch | main.go:56:2:56:3 | ch |
-| main.go:55:6:55:7 | zero value for ch | main.go:55:6:55:7 | definition of ch |
+| main.go:41:2:41:3 | SSA def(s4) | main.go:42:10:42:11 | s4 |
+| main.go:41:8:41:21 | call to make | main.go:41:2:41:3 | SSA def(s4) |
+| main.go:46:13:46:14 | SSA def(xs) | main.go:47:20:47:21 | xs |
+| main.go:46:13:46:14 | argument corresponding to xs | main.go:46:13:46:14 | SSA def(xs) |
+| main.go:46:24:46:27 | SSA def(keys) | main.go:46:24:46:27 | implicit read of keys |
+| main.go:46:24:46:27 | SSA def(keys) | main.go:49:3:49:6 | keys |
+| main.go:46:24:46:27 | zero value for keys | main.go:46:24:46:27 | SSA def(keys) |
+| main.go:46:34:46:37 | SSA def(vals) | main.go:46:34:46:37 | implicit read of vals |
+| main.go:46:34:46:37 | SSA def(vals) | main.go:48:3:48:6 | vals |
+| main.go:46:34:46:37 | zero value for vals | main.go:46:34:46:37 | SSA def(vals) |
+| main.go:47:2:50:2 | range statement[0] | main.go:47:6:47:6 | SSA def(k) |
+| main.go:47:2:50:2 | range statement[1] | main.go:47:9:47:9 | SSA def(v) |
+| main.go:47:6:47:6 | SSA def(k) | main.go:49:11:49:11 | k |
+| main.go:47:9:47:9 | SSA def(v) | main.go:48:11:48:11 | v |
+| main.go:48:3:48:6 | SSA def(vals) | main.go:46:34:46:37 | implicit read of vals |
+| main.go:48:3:48:6 | SSA def(vals) | main.go:48:3:48:6 | vals |
+| main.go:48:3:48:11 | ... += ... | main.go:48:3:48:6 | SSA def(vals) |
+| main.go:49:3:49:6 | SSA def(keys) | main.go:46:24:46:27 | implicit read of keys |
+| main.go:49:3:49:6 | SSA def(keys) | main.go:49:3:49:6 | keys |
+| main.go:49:3:49:11 | ... += ... | main.go:49:3:49:6 | SSA def(keys) |
+| main.go:55:6:55:7 | SSA def(ch) | main.go:56:2:56:3 | ch |
+| main.go:55:6:55:7 | zero value for ch | main.go:55:6:55:7 | SSA def(ch) |
 | main.go:56:2:56:3 | ch | main.go:57:4:57:5 | ch |
 | main.go:56:2:56:3 | ch [postupdate] | main.go:57:4:57:5 | ch |
-| main.go:61:2:61:2 | definition of x | main.go:64:11:64:11 | x |
-| main.go:61:7:61:7 | 1 | main.go:61:2:61:2 | definition of x |
-| main.go:62:2:62:2 | definition of y | main.go:64:14:64:14 | y |
-| main.go:62:7:62:7 | 2 | main.go:62:2:62:2 | definition of y |
-| main.go:63:2:63:2 | definition of z | main.go:64:17:64:17 | z |
-| main.go:63:7:63:7 | 3 | main.go:63:2:63:2 | definition of z |
-| main.go:64:2:64:2 | definition of a | main.go:66:9:66:9 | a |
-| main.go:64:7:64:18 | call to min | main.go:64:2:64:2 | definition of a |
+| main.go:61:2:61:2 | SSA def(x) | main.go:64:11:64:11 | x |
+| main.go:61:7:61:7 | 1 | main.go:61:2:61:2 | SSA def(x) |
+| main.go:62:2:62:2 | SSA def(y) | main.go:64:14:64:14 | y |
+| main.go:62:7:62:7 | 2 | main.go:62:2:62:2 | SSA def(y) |
+| main.go:63:2:63:2 | SSA def(z) | main.go:64:17:64:17 | z |
+| main.go:63:7:63:7 | 3 | main.go:63:2:63:2 | SSA def(z) |
+| main.go:64:2:64:2 | SSA def(a) | main.go:66:9:66:9 | a |
+| main.go:64:7:64:18 | call to min | main.go:64:2:64:2 | SSA def(a) |
 | main.go:64:11:64:11 | x | main.go:64:7:64:18 | call to min |
 | main.go:64:11:64:11 | x | main.go:65:11:65:11 | x |
 | main.go:64:14:64:14 | y | main.go:64:7:64:18 | call to min |
 | main.go:64:14:64:14 | y | main.go:65:14:65:14 | y |
 | main.go:64:17:64:17 | z | main.go:64:7:64:18 | call to min |
 | main.go:64:17:64:17 | z | main.go:65:17:65:17 | z |
-| main.go:65:2:65:2 | definition of b | main.go:66:12:66:12 | b |
-| main.go:65:7:65:18 | call to max | main.go:65:2:65:2 | definition of b |
+| main.go:65:2:65:2 | SSA def(b) | main.go:66:12:66:12 | b |
+| main.go:65:7:65:18 | call to max | main.go:65:2:65:2 | SSA def(b) |
 | main.go:65:11:65:11 | x | main.go:65:7:65:18 | call to max |
 | main.go:65:14:65:14 | y | main.go:65:7:65:18 | call to max |
 | main.go:65:17:65:17 | z | main.go:65:7:65:18 | call to max |
-| strings.go:8:12:8:12 | argument corresponding to s | strings.go:8:12:8:12 | definition of s |
-| strings.go:8:12:8:12 | definition of s | strings.go:9:24:9:24 | s |
-| strings.go:9:2:9:3 | definition of s2 | strings.go:11:20:11:21 | s2 |
-| strings.go:9:8:9:38 | call to Replace | strings.go:9:2:9:3 | definition of s2 |
+| strings.go:8:12:8:12 | SSA def(s) | strings.go:9:24:9:24 | s |
+| strings.go:8:12:8:12 | argument corresponding to s | strings.go:8:12:8:12 | SSA def(s) |
+| strings.go:9:2:9:3 | SSA def(s2) | strings.go:11:20:11:21 | s2 |
+| strings.go:9:8:9:38 | call to Replace | strings.go:9:2:9:3 | SSA def(s2) |
 | strings.go:9:24:9:24 | s | strings.go:10:27:10:27 | s |
-| strings.go:10:2:10:3 | definition of s3 | strings.go:11:24:11:25 | s3 |
-| strings.go:10:8:10:42 | call to ReplaceAll | strings.go:10:2:10:3 | definition of s3 |
+| strings.go:10:2:10:3 | SSA def(s3) | strings.go:11:24:11:25 | s3 |
+| strings.go:10:8:10:42 | call to ReplaceAll | strings.go:10:2:10:3 | SSA def(s3) |
 | strings.go:11:20:11:21 | s2 | strings.go:11:48:11:49 | s2 |
 | strings.go:11:24:11:25 | s3 | strings.go:11:67:11:68 | s3 |
-| url.go:8:12:8:12 | argument corresponding to b | url.go:8:12:8:12 | definition of b |
-| url.go:8:12:8:12 | definition of b | url.go:11:5:11:5 | b |
-| url.go:8:20:8:20 | argument corresponding to s | url.go:8:20:8:20 | definition of s |
-| url.go:8:20:8:20 | definition of s | url.go:12:46:12:46 | s |
-| url.go:8:20:8:20 | definition of s | url.go:14:48:14:48 | s |
-| url.go:12:3:12:5 | definition of res | url.go:19:9:19:11 | res |
-| url.go:12:3:12:48 | ... = ...[0] | url.go:12:3:12:5 | definition of res |
-| url.go:12:3:12:48 | ... = ...[1] | url.go:12:8:12:10 | definition of err |
-| url.go:12:8:12:10 | definition of err | url.go:16:5:16:7 | err |
-| url.go:14:3:14:5 | definition of res | url.go:19:9:19:11 | res |
-| url.go:14:3:14:50 | ... = ...[0] | url.go:14:3:14:5 | definition of res |
-| url.go:14:3:14:50 | ... = ...[1] | url.go:14:8:14:10 | definition of err |
-| url.go:14:8:14:10 | definition of err | url.go:16:5:16:7 | err |
-| url.go:22:12:22:12 | argument corresponding to i | url.go:22:12:22:12 | definition of i |
-| url.go:22:12:22:12 | definition of i | url.go:24:5:24:5 | i |
-| url.go:22:19:22:19 | argument corresponding to s | url.go:22:19:22:19 | definition of s |
-| url.go:22:19:22:19 | definition of s | url.go:23:20:23:20 | s |
-| url.go:23:2:23:2 | definition of u | url.go:25:10:25:10 | u |
-| url.go:23:2:23:21 | ... := ...[0] | url.go:23:2:23:2 | definition of u |
+| url.go:8:12:8:12 | SSA def(b) | url.go:11:5:11:5 | b |
+| url.go:8:12:8:12 | argument corresponding to b | url.go:8:12:8:12 | SSA def(b) |
+| url.go:8:20:8:20 | SSA def(s) | url.go:12:46:12:46 | s |
+| url.go:8:20:8:20 | SSA def(s) | url.go:14:48:14:48 | s |
+| url.go:8:20:8:20 | argument corresponding to s | url.go:8:20:8:20 | SSA def(s) |
+| url.go:12:3:12:5 | SSA def(res) | url.go:19:9:19:11 | res |
+| url.go:12:3:12:48 | ... = ...[0] | url.go:12:3:12:5 | SSA def(res) |
+| url.go:12:3:12:48 | ... = ...[1] | url.go:12:8:12:10 | SSA def(err) |
+| url.go:12:8:12:10 | SSA def(err) | url.go:16:5:16:7 | err |
+| url.go:14:3:14:5 | SSA def(res) | url.go:19:9:19:11 | res |
+| url.go:14:3:14:50 | ... = ...[0] | url.go:14:3:14:5 | SSA def(res) |
+| url.go:14:3:14:50 | ... = ...[1] | url.go:14:8:14:10 | SSA def(err) |
+| url.go:14:8:14:10 | SSA def(err) | url.go:16:5:16:7 | err |
+| url.go:22:12:22:12 | SSA def(i) | url.go:24:5:24:5 | i |
+| url.go:22:12:22:12 | argument corresponding to i | url.go:22:12:22:12 | SSA def(i) |
+| url.go:22:19:22:19 | SSA def(s) | url.go:23:20:23:20 | s |
+| url.go:22:19:22:19 | argument corresponding to s | url.go:22:19:22:19 | SSA def(s) |
+| url.go:23:2:23:2 | SSA def(u) | url.go:25:10:25:10 | u |
+| url.go:23:2:23:21 | ... := ...[0] | url.go:23:2:23:2 | SSA def(u) |
 | url.go:23:20:23:20 | s | url.go:27:29:27:29 | s |
-| url.go:27:2:27:2 | definition of u | url.go:28:14:28:14 | u |
-| url.go:27:2:27:30 | ... = ...[0] | url.go:27:2:27:2 | definition of u |
+| url.go:27:2:27:2 | SSA def(u) | url.go:28:14:28:14 | u |
+| url.go:27:2:27:30 | ... = ...[0] | url.go:27:2:27:2 | SSA def(u) |
 | url.go:28:14:28:14 | u | url.go:29:14:29:14 | u |
 | url.go:28:14:28:14 | u [postupdate] | url.go:29:14:29:14 | u |
 | url.go:29:14:29:14 | u | url.go:30:11:30:11 | u |
 | url.go:29:14:29:14 | u [postupdate] | url.go:30:11:30:11 | u |
-| url.go:30:2:30:3 | definition of bs | url.go:31:14:31:15 | bs |
-| url.go:30:2:30:27 | ... := ...[0] | url.go:30:2:30:3 | definition of bs |
+| url.go:30:2:30:3 | SSA def(bs) | url.go:31:14:31:15 | bs |
+| url.go:30:2:30:27 | ... := ...[0] | url.go:30:2:30:3 | SSA def(bs) |
 | url.go:30:11:30:11 | u | url.go:32:9:32:9 | u |
 | url.go:30:11:30:11 | u [postupdate] | url.go:32:9:32:9 | u |
-| url.go:32:2:32:2 | definition of u | url.go:33:14:33:14 | u |
-| url.go:32:2:32:23 | ... = ...[0] | url.go:32:2:32:2 | definition of u |
+| url.go:32:2:32:2 | SSA def(u) | url.go:33:14:33:14 | u |
+| url.go:32:2:32:23 | ... = ...[0] | url.go:32:2:32:2 | SSA def(u) |
 | url.go:33:14:33:14 | u | url.go:34:14:34:14 | u |
 | url.go:33:14:33:14 | u [postupdate] | url.go:34:14:34:14 | u |
 | url.go:34:14:34:14 | u | url.go:35:14:35:14 | u |
 | url.go:34:14:34:14 | u [postupdate] | url.go:35:14:35:14 | u |
 | url.go:35:14:35:14 | u | url.go:36:6:36:6 | u |
 | url.go:35:14:35:14 | u [postupdate] | url.go:36:6:36:6 | u |
-| url.go:36:2:36:2 | definition of u | url.go:37:9:37:9 | u |
+| url.go:36:2:36:2 | SSA def(u) | url.go:37:9:37:9 | u |
 | url.go:36:6:36:6 | u | url.go:36:25:36:25 | u |
 | url.go:36:6:36:6 | u [postupdate] | url.go:36:25:36:25 | u |
-| url.go:36:6:36:26 | call to ResolveReference | url.go:36:2:36:2 | definition of u |
-| url.go:42:2:42:3 | definition of ui | url.go:43:11:43:12 | ui |
-| url.go:42:7:42:38 | call to UserPassword | url.go:42:2:42:3 | definition of ui |
-| url.go:43:2:43:3 | definition of pw | url.go:44:14:44:15 | pw |
-| url.go:43:2:43:23 | ... := ...[0] | url.go:43:2:43:3 | definition of pw |
+| url.go:36:6:36:26 | call to ResolveReference | url.go:36:2:36:2 | SSA def(u) |
+| url.go:42:2:42:3 | SSA def(ui) | url.go:43:11:43:12 | ui |
+| url.go:42:7:42:38 | call to UserPassword | url.go:42:2:42:3 | SSA def(ui) |
+| url.go:43:2:43:3 | SSA def(pw) | url.go:44:14:44:15 | pw |
+| url.go:43:2:43:23 | ... := ...[0] | url.go:43:2:43:3 | SSA def(pw) |
 | url.go:43:11:43:12 | ui | url.go:45:14:45:15 | ui |
 | url.go:43:11:43:12 | ui [postupdate] | url.go:45:14:45:15 | ui |
 | url.go:45:14:45:15 | ui | url.go:46:9:46:10 | ui |
 | url.go:45:14:45:15 | ui [postupdate] | url.go:46:9:46:10 | ui |
-| url.go:49:12:49:12 | argument corresponding to q | url.go:49:12:49:12 | definition of q |
-| url.go:49:12:49:12 | definition of q | url.go:50:25:50:25 | q |
-| url.go:50:2:50:2 | definition of v | url.go:51:14:51:14 | v |
-| url.go:50:2:50:26 | ... := ...[0] | url.go:50:2:50:2 | definition of v |
+| url.go:49:12:49:12 | SSA def(q) | url.go:50:25:50:25 | q |
+| url.go:49:12:49:12 | argument corresponding to q | url.go:49:12:49:12 | SSA def(q) |
+| url.go:50:2:50:2 | SSA def(v) | url.go:51:14:51:14 | v |
+| url.go:50:2:50:26 | ... := ...[0] | url.go:50:2:50:2 | SSA def(v) |
 | url.go:51:14:51:14 | v | url.go:52:14:52:14 | v |
 | url.go:51:14:51:14 | v [postupdate] | url.go:52:14:52:14 | v |
 | url.go:52:14:52:14 | v | url.go:53:9:53:9 | v |
 | url.go:52:14:52:14 | v [postupdate] | url.go:53:9:53:9 | v |
-| url.go:56:12:56:12 | argument corresponding to q | url.go:56:12:56:12 | definition of q |
-| url.go:56:12:56:12 | definition of q | url.go:57:29:57:29 | q |
-| url.go:57:2:57:8 | definition of joined1 | url.go:58:38:58:44 | joined1 |
-| url.go:57:2:57:39 | ... := ...[0] | url.go:57:2:57:8 | definition of joined1 |
-| url.go:58:2:58:8 | definition of joined2 | url.go:59:24:59:30 | joined2 |
-| url.go:58:2:58:45 | ... := ...[0] | url.go:58:2:58:8 | definition of joined2 |
-| url.go:59:2:59:6 | definition of asUrl | url.go:60:15:60:19 | asUrl |
-| url.go:59:2:59:31 | ... := ...[0] | url.go:59:2:59:6 | definition of asUrl |
-| url.go:60:2:60:10 | definition of joinedUrl | url.go:61:9:61:17 | joinedUrl |
-| url.go:60:15:60:37 | call to JoinPath | url.go:60:2:60:10 | definition of joinedUrl |
-| url.go:64:13:64:13 | argument corresponding to q | url.go:64:13:64:13 | definition of q |
-| url.go:64:13:64:13 | definition of q | url.go:66:27:66:27 | q |
-| url.go:65:2:65:9 | definition of cleanUrl | url.go:66:9:66:16 | cleanUrl |
-| url.go:65:2:65:48 | ... := ...[0] | url.go:65:2:65:9 | definition of cleanUrl |
+| url.go:56:12:56:12 | SSA def(q) | url.go:57:29:57:29 | q |
+| url.go:56:12:56:12 | argument corresponding to q | url.go:56:12:56:12 | SSA def(q) |
+| url.go:57:2:57:8 | SSA def(joined1) | url.go:58:38:58:44 | joined1 |
+| url.go:57:2:57:39 | ... := ...[0] | url.go:57:2:57:8 | SSA def(joined1) |
+| url.go:58:2:58:8 | SSA def(joined2) | url.go:59:24:59:30 | joined2 |
+| url.go:58:2:58:45 | ... := ...[0] | url.go:58:2:58:8 | SSA def(joined2) |
+| url.go:59:2:59:6 | SSA def(asUrl) | url.go:60:15:60:19 | asUrl |
+| url.go:59:2:59:31 | ... := ...[0] | url.go:59:2:59:6 | SSA def(asUrl) |
+| url.go:60:2:60:10 | SSA def(joinedUrl) | url.go:61:9:61:17 | joinedUrl |
+| url.go:60:15:60:37 | call to JoinPath | url.go:60:2:60:10 | SSA def(joinedUrl) |
+| url.go:64:13:64:13 | SSA def(q) | url.go:66:27:66:27 | q |
+| url.go:64:13:64:13 | argument corresponding to q | url.go:64:13:64:13 | SSA def(q) |
+| url.go:65:2:65:9 | SSA def(cleanUrl) | url.go:66:9:66:16 | cleanUrl |
+| url.go:65:2:65:48 | ... := ...[0] | url.go:65:2:65:9 | SSA def(cleanUrl) |

go/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionInput_getEntryNode.expected

@@ -25,15 +25,15 @@
 | result | main.go:53:2:53:22 | call to op2 | main.go:53:2:53:22 | call to op2 |
 | result | main.go:53:14:53:21 | call to bump | main.go:53:14:53:21 | call to bump |
 | result | tst2.go:10:9:10:26 | call to NewEncoder | tst2.go:10:9:10:26 | call to NewEncoder |
-| result | tst2.go:10:9:10:39 | call to Encode | tst2.go:10:2:10:4 | definition of err |
-| result | tst.go:9:17:9:33 | call to new | tst.go:9:2:9:12 | definition of bytesBuffer |
+| result | tst2.go:10:9:10:39 | call to Encode | tst2.go:10:2:10:4 | SSA def(err) |
+| result | tst.go:9:17:9:33 | call to new | tst.go:9:2:9:12 | SSA def(bytesBuffer) |
 | result 0 | main.go:51:2:51:14 | call to op | main.go:51:2:51:14 | call to op |
 | result 0 | main.go:53:2:53:22 | call to op2 | main.go:53:2:53:22 | call to op2 |
 | result 0 | main.go:53:14:53:21 | call to bump | main.go:53:14:53:21 | call to bump |
-| result 0 | main.go:54:10:54:15 | call to test | main.go:54:2:54:2 | definition of x |
-| result 0 | main.go:56:9:56:15 | call to test2 | main.go:56:2:56:2 | definition of x |
+| result 0 | main.go:54:10:54:15 | call to test | main.go:54:2:54:2 | SSA def(x) |
+| result 0 | main.go:56:9:56:15 | call to test2 | main.go:56:2:56:2 | SSA def(x) |
 | result 0 | tst2.go:10:9:10:26 | call to NewEncoder | tst2.go:10:9:10:26 | call to NewEncoder |
-| result 0 | tst2.go:10:9:10:39 | call to Encode | tst2.go:10:2:10:4 | definition of err |
-| result 0 | tst.go:9:17:9:33 | call to new | tst.go:9:2:9:12 | definition of bytesBuffer |
-| result 1 | main.go:54:10:54:15 | call to test | main.go:54:5:54:5 | definition of y |
-| result 1 | main.go:56:9:56:15 | call to test2 | main.go:56:5:56:5 | definition of y |
+| result 0 | tst2.go:10:9:10:39 | call to Encode | tst2.go:10:2:10:4 | SSA def(err) |
+| result 0 | tst.go:9:17:9:33 | call to new | tst.go:9:2:9:12 | SSA def(bytesBuffer) |
+| result 1 | main.go:54:10:54:15 | call to test | main.go:54:5:54:5 | SSA def(y) |
+| result 1 | main.go:56:9:56:15 | call to test2 | main.go:56:5:56:5 | SSA def(y) |

go/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionInput_getExitNode.expected

@@ -1,14 +1,14 @@
-| parameter 0 | main.go:5:1:11:1 | function declaration | main.go:5:9:5:10 | definition of op |
-| parameter 0 | main.go:13:1:20:1 | function declaration | main.go:13:10:13:11 | definition of op |
-| parameter 0 | main.go:40:1:48:1 | function declaration | main.go:40:12:40:12 | definition of b |
-| parameter 0 | reset.go:8:1:16:1 | function declaration | reset.go:8:27:8:27 | definition of r |
-| parameter 0 | tst2.go:8:1:12:1 | function declaration | tst2.go:8:12:8:15 | definition of data |
-| parameter 0 | tst.go:8:1:11:1 | function declaration | tst.go:8:12:8:17 | definition of reader |
+| parameter 0 | main.go:5:1:11:1 | function declaration | main.go:5:9:5:10 | SSA def(op) |
+| parameter 0 | main.go:13:1:20:1 | function declaration | main.go:13:10:13:11 | SSA def(op) |
+| parameter 0 | main.go:40:1:48:1 | function declaration | main.go:40:12:40:12 | SSA def(b) |
+| parameter 0 | reset.go:8:1:16:1 | function declaration | reset.go:8:27:8:27 | SSA def(r) |
+| parameter 0 | tst2.go:8:1:12:1 | function declaration | tst2.go:8:12:8:15 | SSA def(data) |
+| parameter 0 | tst.go:8:1:11:1 | function declaration | tst.go:8:12:8:17 | SSA def(reader) |
 | parameter 0 | tst.go:13:1:13:25 | function declaration | tst.go:13:12:13:13 | initialization of xs |
-| parameter 0 | tst.go:15:1:19:1 | function declaration | tst.go:15:12:15:12 | definition of x |
-| parameter 1 | main.go:5:1:11:1 | function declaration | main.go:5:20:5:20 | definition of x |
-| parameter 1 | main.go:13:1:20:1 | function declaration | main.go:13:21:13:21 | definition of x |
-| parameter 1 | tst.go:15:1:19:1 | function declaration | tst.go:15:15:15:15 | definition of y |
-| parameter 2 | main.go:5:1:11:1 | function declaration | main.go:5:27:5:27 | definition of y |
-| parameter 2 | main.go:13:1:20:1 | function declaration | main.go:13:28:13:28 | definition of y |
-| receiver | main.go:26:1:29:1 | function declaration | main.go:26:7:26:7 | definition of c |
+| parameter 0 | tst.go:15:1:19:1 | function declaration | tst.go:15:12:15:12 | SSA def(x) |
+| parameter 1 | main.go:5:1:11:1 | function declaration | main.go:5:20:5:20 | SSA def(x) |
+| parameter 1 | main.go:13:1:20:1 | function declaration | main.go:13:21:13:21 | SSA def(x) |
+| parameter 1 | tst.go:15:1:19:1 | function declaration | tst.go:15:15:15:15 | SSA def(y) |
+| parameter 2 | main.go:5:1:11:1 | function declaration | main.go:5:27:5:27 | SSA def(y) |
+| parameter 2 | main.go:13:1:20:1 | function declaration | main.go:13:28:13:28 | SSA def(y) |
+| receiver | main.go:26:1:29:1 | function declaration | main.go:26:7:26:7 | SSA def(c) |

go/ql/test/library-tests/semmle/go/dataflow/GlobalValueNumbering/GlobalValueNumber.expected

@@ -1,18 +1,18 @@
 | main.go:6:2:6:5 | 1 | main.go:14:7:14:7 | 1 |
-| main.go:10:2:10:2 | definition of x | main.go:10:7:10:7 | 0 |
+| main.go:10:2:10:2 | SSA def(x) | main.go:10:7:10:7 | 0 |
 | main.go:10:7:10:7 | 0 | main.go:10:7:10:7 | 0 |
-| main.go:11:6:11:6 | definition of y | main.go:10:7:10:7 | 0 |
+| main.go:11:6:11:6 | SSA def(y) | main.go:10:7:10:7 | 0 |
 | main.go:11:6:11:6 | zero value for y | main.go:10:7:10:7 | 0 |
 | main.go:12:2:12:18 | call to Println | main.go:12:2:12:18 | call to Println |
 | main.go:12:14:12:14 | x | main.go:10:7:10:7 | 0 |
 | main.go:12:17:12:17 | y | main.go:10:7:10:7 | 0 |
-| main.go:14:2:14:2 | definition of z | main.go:14:7:14:7 | 1 |
+| main.go:14:2:14:2 | SSA def(z) | main.go:14:7:14:7 | 1 |
 | main.go:14:7:14:7 | 1 | main.go:14:7:14:7 | 1 |
 | main.go:15:2:15:9 | call to bump | main.go:15:2:15:9 | call to bump |
 | main.go:16:2:16:21 | call to Println | main.go:16:2:16:21 | call to Println |
 | main.go:16:14:16:14 | x | main.go:10:7:10:7 | 0 |
 | main.go:16:17:16:17 | y | main.go:10:7:10:7 | 0 |
-| main.go:18:2:18:3 | definition of ss | main.go:18:8:18:24 | call to make |
+| main.go:18:2:18:3 | SSA def(ss) | main.go:18:8:18:24 | call to make |
 | main.go:18:8:18:24 | call to make | main.go:18:8:18:24 | call to make |
 | main.go:18:23:18:23 | 3 | main.go:18:23:18:23 | 3 |
 | main.go:19:5:19:5 | 2 | main.go:19:5:19:5 | 2 |
@@ -20,22 +20,20 @@
 | main.go:20:2:20:16 | call to Println | main.go:20:2:20:16 | call to Println |
 | main.go:23:14:23:16 | implicit read of res | main.go:24:8:24:8 | 4 |
 | main.go:23:14:23:16 | zero value for res | main.go:10:7:10:7 | 0 |
-| main.go:24:2:24:4 | definition of res | main.go:24:8:24:8 | 4 |
+| main.go:24:2:24:4 | SSA def(res) | main.go:24:8:24:8 | 4 |
 | main.go:24:8:24:8 | 4 | main.go:24:8:24:8 | 4 |
 | main.go:28:15:28:17 | implicit read of res | main.go:30:9:30:9 | 6 |
 | main.go:28:15:28:17 | zero value for res | main.go:10:7:10:7 | 0 |
 | main.go:29:8:29:8 | 5 | main.go:29:8:29:8 | 5 |
 | main.go:30:9:30:9 | 6 | main.go:30:9:30:9 | 6 |
-| main.go:30:9:30:9 | definition of res | main.go:30:9:30:9 | 6 |
-| main.go:33:15:33:17 | definition of res | main.go:10:7:10:7 | 0 |
+| main.go:30:9:30:9 | SSA def(res) | main.go:30:9:30:9 | 6 |
 | main.go:33:15:33:17 | zero value for res | main.go:10:7:10:7 | 0 |
-| main.go:34:2:34:4 | definition of res | main.go:34:8:34:8 | 7 |
 | main.go:34:8:34:8 | 7 | main.go:34:8:34:8 | 7 |
 | main.go:35:8:37:4 | function call | main.go:35:8:37:4 | function call |
-| main.go:36:3:36:5 | definition of res | main.go:36:9:36:9 | 8 |
+| main.go:36:3:36:5 | SSA def(res) | main.go:36:9:36:9 | 8 |
 | main.go:36:9:36:9 | 8 | main.go:36:9:36:9 | 8 |
 | main.go:38:9:38:9 | 9 | main.go:38:9:38:9 | 9 |
-| main.go:38:9:38:9 | definition of res | main.go:38:9:38:9 | 9 |
+| main.go:38:9:38:9 | SSA def(res) | main.go:38:9:38:9 | 9 |
 | regressions.go:5:11:5:31 | call to Sizeof | regressions.go:5:11:5:31 | call to Sizeof |
 | regressions.go:7:11:7:15 | false | regressions.go:7:11:7:15 | false |
 | regressions.go:9:11:9:12 | !... | regressions.go:11:11:11:14 | true |

go/ql/test/library-tests/semmle/go/dataflow/PromotedFields/LocalFlowStep.expected

@@ -1,132 +1,132 @@
-| main.go:22:2:22:6 | definition of outer | main.go:25:7:25:11 | outer |
-| main.go:22:11:24:2 | struct literal | main.go:22:2:22:6 | definition of outer |
-| main.go:22:11:24:2 | struct literal [postupdate] | main.go:22:2:22:6 | definition of outer |
+| main.go:22:2:22:6 | SSA def(outer) | main.go:25:7:25:11 | outer |
+| main.go:22:11:24:2 | struct literal | main.go:22:2:22:6 | SSA def(outer) |
+| main.go:22:11:24:2 | struct literal [postupdate] | main.go:22:2:22:6 | SSA def(outer) |
 | main.go:25:7:25:11 | outer | main.go:26:7:26:11 | outer |
 | main.go:26:7:26:11 | outer | main.go:27:7:27:11 | outer |
 | main.go:27:7:27:11 | outer | main.go:28:7:28:11 | outer |
-| main.go:30:2:30:7 | definition of outerp | main.go:33:7:33:12 | outerp |
-| main.go:30:12:32:2 | &... | main.go:30:2:30:7 | definition of outerp |
-| main.go:30:12:32:2 | &... [postupdate] | main.go:30:2:30:7 | definition of outerp |
+| main.go:30:2:30:7 | SSA def(outerp) | main.go:33:7:33:12 | outerp |
+| main.go:30:12:32:2 | &... | main.go:30:2:30:7 | SSA def(outerp) |
+| main.go:30:12:32:2 | &... [postupdate] | main.go:30:2:30:7 | SSA def(outerp) |
 | main.go:33:7:33:12 | outerp | main.go:34:7:34:12 | outerp |
 | main.go:33:7:33:12 | outerp [postupdate] | main.go:34:7:34:12 | outerp |
 | main.go:34:7:34:12 | outerp | main.go:35:7:35:12 | outerp |
 | main.go:34:7:34:12 | outerp [postupdate] | main.go:35:7:35:12 | outerp |
 | main.go:35:7:35:12 | outerp | main.go:36:7:36:12 | outerp |
 | main.go:35:7:35:12 | outerp [postupdate] | main.go:36:7:36:12 | outerp |
-| main.go:40:2:40:6 | definition of outer | main.go:41:7:41:11 | outer |
-| main.go:40:11:40:40 | struct literal | main.go:40:2:40:6 | definition of outer |
-| main.go:40:11:40:40 | struct literal [postupdate] | main.go:40:2:40:6 | definition of outer |
+| main.go:40:2:40:6 | SSA def(outer) | main.go:41:7:41:11 | outer |
+| main.go:40:11:40:40 | struct literal | main.go:40:2:40:6 | SSA def(outer) |
+| main.go:40:11:40:40 | struct literal [postupdate] | main.go:40:2:40:6 | SSA def(outer) |
 | main.go:41:7:41:11 | outer | main.go:42:7:42:11 | outer |
 | main.go:42:7:42:11 | outer | main.go:43:7:43:11 | outer |
 | main.go:43:7:43:11 | outer | main.go:44:7:44:11 | outer |
-| main.go:46:2:46:7 | definition of outerp | main.go:47:7:47:12 | outerp |
-| main.go:46:12:46:42 | &... | main.go:46:2:46:7 | definition of outerp |
-| main.go:46:12:46:42 | &... [postupdate] | main.go:46:2:46:7 | definition of outerp |
+| main.go:46:2:46:7 | SSA def(outerp) | main.go:47:7:47:12 | outerp |
+| main.go:46:12:46:42 | &... | main.go:46:2:46:7 | SSA def(outerp) |
+| main.go:46:12:46:42 | &... [postupdate] | main.go:46:2:46:7 | SSA def(outerp) |
 | main.go:47:7:47:12 | outerp | main.go:48:7:48:12 | outerp |
 | main.go:47:7:47:12 | outerp [postupdate] | main.go:48:7:48:12 | outerp |
 | main.go:48:7:48:12 | outerp | main.go:49:7:49:12 | outerp |
 | main.go:48:7:48:12 | outerp [postupdate] | main.go:49:7:49:12 | outerp |
 | main.go:49:7:49:12 | outerp | main.go:50:7:50:12 | outerp |
 | main.go:49:7:49:12 | outerp [postupdate] | main.go:50:7:50:12 | outerp |
-| main.go:54:2:54:6 | definition of inner | main.go:55:19:55:23 | inner |
-| main.go:54:11:54:25 | struct literal | main.go:54:2:54:6 | definition of inner |
-| main.go:54:11:54:25 | struct literal [postupdate] | main.go:54:2:54:6 | definition of inner |
-| main.go:55:2:55:7 | definition of middle | main.go:56:17:56:22 | middle |
-| main.go:55:12:55:24 | struct literal | main.go:55:2:55:7 | definition of middle |
-| main.go:55:12:55:24 | struct literal [postupdate] | main.go:55:2:55:7 | definition of middle |
-| main.go:56:2:56:6 | definition of outer | main.go:57:7:57:11 | outer |
-| main.go:56:11:56:23 | struct literal | main.go:56:2:56:6 | definition of outer |
-| main.go:56:11:56:23 | struct literal [postupdate] | main.go:56:2:56:6 | definition of outer |
+| main.go:54:2:54:6 | SSA def(inner) | main.go:55:19:55:23 | inner |
+| main.go:54:11:54:25 | struct literal | main.go:54:2:54:6 | SSA def(inner) |
+| main.go:54:11:54:25 | struct literal [postupdate] | main.go:54:2:54:6 | SSA def(inner) |
+| main.go:55:2:55:7 | SSA def(middle) | main.go:56:17:56:22 | middle |
+| main.go:55:12:55:24 | struct literal | main.go:55:2:55:7 | SSA def(middle) |
+| main.go:55:12:55:24 | struct literal [postupdate] | main.go:55:2:55:7 | SSA def(middle) |
+| main.go:56:2:56:6 | SSA def(outer) | main.go:57:7:57:11 | outer |
+| main.go:56:11:56:23 | struct literal | main.go:56:2:56:6 | SSA def(outer) |
+| main.go:56:11:56:23 | struct literal [postupdate] | main.go:56:2:56:6 | SSA def(outer) |
 | main.go:57:7:57:11 | outer | main.go:58:7:58:11 | outer |
 | main.go:58:7:58:11 | outer | main.go:59:7:59:11 | outer |
 | main.go:59:7:59:11 | outer | main.go:60:7:60:11 | outer |
-| main.go:62:2:62:7 | definition of innerp | main.go:63:20:63:25 | innerp |
-| main.go:62:12:62:26 | struct literal | main.go:62:2:62:7 | definition of innerp |
-| main.go:62:12:62:26 | struct literal [postupdate] | main.go:62:2:62:7 | definition of innerp |
-| main.go:63:2:63:8 | definition of middlep | main.go:64:18:64:24 | middlep |
-| main.go:63:13:63:26 | struct literal | main.go:63:2:63:8 | definition of middlep |
-| main.go:63:13:63:26 | struct literal [postupdate] | main.go:63:2:63:8 | definition of middlep |
-| main.go:64:2:64:7 | definition of outerp | main.go:65:7:65:12 | outerp |
-| main.go:64:12:64:25 | struct literal | main.go:64:2:64:7 | definition of outerp |
-| main.go:64:12:64:25 | struct literal [postupdate] | main.go:64:2:64:7 | definition of outerp |
+| main.go:62:2:62:7 | SSA def(innerp) | main.go:63:20:63:25 | innerp |
+| main.go:62:12:62:26 | struct literal | main.go:62:2:62:7 | SSA def(innerp) |
+| main.go:62:12:62:26 | struct literal [postupdate] | main.go:62:2:62:7 | SSA def(innerp) |
+| main.go:63:2:63:8 | SSA def(middlep) | main.go:64:18:64:24 | middlep |
+| main.go:63:13:63:26 | struct literal | main.go:63:2:63:8 | SSA def(middlep) |
+| main.go:63:13:63:26 | struct literal [postupdate] | main.go:63:2:63:8 | SSA def(middlep) |
+| main.go:64:2:64:7 | SSA def(outerp) | main.go:65:7:65:12 | outerp |
+| main.go:64:12:64:25 | struct literal | main.go:64:2:64:7 | SSA def(outerp) |
+| main.go:64:12:64:25 | struct literal [postupdate] | main.go:64:2:64:7 | SSA def(outerp) |
 | main.go:65:7:65:12 | outerp | main.go:66:7:66:12 | outerp |
 | main.go:66:7:66:12 | outerp | main.go:67:7:67:12 | outerp |
 | main.go:67:7:67:12 | outerp | main.go:68:7:68:12 | outerp |
-| main.go:72:2:72:6 | definition of inner | main.go:73:26:73:30 | inner |
-| main.go:72:11:72:25 | struct literal | main.go:72:2:72:6 | definition of inner |
-| main.go:72:11:72:25 | struct literal [postupdate] | main.go:72:2:72:6 | definition of inner |
-| main.go:73:2:73:7 | definition of middle | main.go:74:25:74:30 | middle |
-| main.go:73:12:73:31 | struct literal | main.go:73:2:73:7 | definition of middle |
-| main.go:73:12:73:31 | struct literal [postupdate] | main.go:73:2:73:7 | definition of middle |
-| main.go:74:2:74:6 | definition of outer | main.go:75:7:75:11 | outer |
-| main.go:74:11:74:31 | struct literal | main.go:74:2:74:6 | definition of outer |
-| main.go:74:11:74:31 | struct literal [postupdate] | main.go:74:2:74:6 | definition of outer |
+| main.go:72:2:72:6 | SSA def(inner) | main.go:73:26:73:30 | inner |
+| main.go:72:11:72:25 | struct literal | main.go:72:2:72:6 | SSA def(inner) |
+| main.go:72:11:72:25 | struct literal [postupdate] | main.go:72:2:72:6 | SSA def(inner) |
+| main.go:73:2:73:7 | SSA def(middle) | main.go:74:25:74:30 | middle |
+| main.go:73:12:73:31 | struct literal | main.go:73:2:73:7 | SSA def(middle) |
+| main.go:73:12:73:31 | struct literal [postupdate] | main.go:73:2:73:7 | SSA def(middle) |
+| main.go:74:2:74:6 | SSA def(outer) | main.go:75:7:75:11 | outer |
+| main.go:74:11:74:31 | struct literal | main.go:74:2:74:6 | SSA def(outer) |
+| main.go:74:11:74:31 | struct literal [postupdate] | main.go:74:2:74:6 | SSA def(outer) |
 | main.go:75:7:75:11 | outer | main.go:76:7:76:11 | outer |
 | main.go:76:7:76:11 | outer | main.go:77:7:77:11 | outer |
 | main.go:77:7:77:11 | outer | main.go:78:7:78:11 | outer |
-| main.go:80:2:80:7 | definition of innerp | main.go:81:27:81:32 | innerp |
-| main.go:80:12:80:26 | struct literal | main.go:80:2:80:7 | definition of innerp |
-| main.go:80:12:80:26 | struct literal [postupdate] | main.go:80:2:80:7 | definition of innerp |
-| main.go:81:2:81:8 | definition of middlep | main.go:82:26:82:32 | middlep |
-| main.go:81:13:81:33 | struct literal | main.go:81:2:81:8 | definition of middlep |
-| main.go:81:13:81:33 | struct literal [postupdate] | main.go:81:2:81:8 | definition of middlep |
-| main.go:82:2:82:7 | definition of outerp | main.go:83:7:83:12 | outerp |
-| main.go:82:12:82:33 | struct literal | main.go:82:2:82:7 | definition of outerp |
-| main.go:82:12:82:33 | struct literal [postupdate] | main.go:82:2:82:7 | definition of outerp |
+| main.go:80:2:80:7 | SSA def(innerp) | main.go:81:27:81:32 | innerp |
+| main.go:80:12:80:26 | struct literal | main.go:80:2:80:7 | SSA def(innerp) |
+| main.go:80:12:80:26 | struct literal [postupdate] | main.go:80:2:80:7 | SSA def(innerp) |
+| main.go:81:2:81:8 | SSA def(middlep) | main.go:82:26:82:32 | middlep |
+| main.go:81:13:81:33 | struct literal | main.go:81:2:81:8 | SSA def(middlep) |
+| main.go:81:13:81:33 | struct literal [postupdate] | main.go:81:2:81:8 | SSA def(middlep) |
+| main.go:82:2:82:7 | SSA def(outerp) | main.go:83:7:83:12 | outerp |
+| main.go:82:12:82:33 | struct literal | main.go:82:2:82:7 | SSA def(outerp) |
+| main.go:82:12:82:33 | struct literal [postupdate] | main.go:82:2:82:7 | SSA def(outerp) |
 | main.go:83:7:83:12 | outerp | main.go:84:7:84:12 | outerp |
 | main.go:84:7:84:12 | outerp | main.go:85:7:85:12 | outerp |
 | main.go:85:7:85:12 | outerp | main.go:86:7:86:12 | outerp |
-| main.go:90:6:90:10 | definition of outer | main.go:91:2:91:6 | outer |
-| main.go:90:6:90:10 | zero value for outer | main.go:90:6:90:10 | definition of outer |
+| main.go:90:6:90:10 | SSA def(outer) | main.go:91:2:91:6 | outer |
+| main.go:90:6:90:10 | zero value for outer | main.go:90:6:90:10 | SSA def(outer) |
 | main.go:91:2:91:6 | outer | main.go:92:7:92:11 | outer |
 | main.go:91:2:91:6 | outer [postupdate] | main.go:92:7:92:11 | outer |
 | main.go:92:7:92:11 | outer | main.go:93:7:93:11 | outer |
 | main.go:93:7:93:11 | outer | main.go:94:7:94:11 | outer |
 | main.go:94:7:94:11 | outer | main.go:95:7:95:11 | outer |
-| main.go:97:6:97:11 | definition of outerp | main.go:98:2:98:7 | outerp |
-| main.go:97:6:97:11 | zero value for outerp | main.go:97:6:97:11 | definition of outerp |
+| main.go:97:6:97:11 | SSA def(outerp) | main.go:98:2:98:7 | outerp |
+| main.go:97:6:97:11 | zero value for outerp | main.go:97:6:97:11 | SSA def(outerp) |
 | main.go:98:2:98:7 | outerp | main.go:99:7:99:12 | outerp |
 | main.go:98:2:98:7 | outerp [postupdate] | main.go:99:7:99:12 | outerp |
 | main.go:99:7:99:12 | outerp | main.go:100:7:100:12 | outerp |
 | main.go:100:7:100:12 | outerp | main.go:101:7:101:12 | outerp |
 | main.go:101:7:101:12 | outerp | main.go:102:7:102:12 | outerp |
-| main.go:106:6:106:10 | definition of outer | main.go:107:2:107:6 | outer |
-| main.go:106:6:106:10 | zero value for outer | main.go:106:6:106:10 | definition of outer |
+| main.go:106:6:106:10 | SSA def(outer) | main.go:107:2:107:6 | outer |
+| main.go:106:6:106:10 | zero value for outer | main.go:106:6:106:10 | SSA def(outer) |
 | main.go:107:2:107:6 | outer | main.go:108:7:108:11 | outer |
 | main.go:107:2:107:6 | outer [postupdate] | main.go:108:7:108:11 | outer |
 | main.go:108:7:108:11 | outer | main.go:109:7:109:11 | outer |
 | main.go:109:7:109:11 | outer | main.go:110:7:110:11 | outer |
 | main.go:110:7:110:11 | outer | main.go:111:7:111:11 | outer |
-| main.go:113:6:113:11 | definition of outerp | main.go:114:2:114:7 | outerp |
-| main.go:113:6:113:11 | zero value for outerp | main.go:113:6:113:11 | definition of outerp |
+| main.go:113:6:113:11 | SSA def(outerp) | main.go:114:2:114:7 | outerp |
+| main.go:113:6:113:11 | zero value for outerp | main.go:113:6:113:11 | SSA def(outerp) |
 | main.go:114:2:114:7 | outerp | main.go:115:7:115:12 | outerp |
 | main.go:114:2:114:7 | outerp [postupdate] | main.go:115:7:115:12 | outerp |
 | main.go:115:7:115:12 | outerp | main.go:116:7:116:12 | outerp |
 | main.go:116:7:116:12 | outerp | main.go:117:7:117:12 | outerp |
 | main.go:117:7:117:12 | outerp | main.go:118:7:118:12 | outerp |
-| main.go:122:6:122:10 | definition of outer | main.go:123:2:123:6 | outer |
-| main.go:122:6:122:10 | zero value for outer | main.go:122:6:122:10 | definition of outer |
+| main.go:122:6:122:10 | SSA def(outer) | main.go:123:2:123:6 | outer |
+| main.go:122:6:122:10 | zero value for outer | main.go:122:6:122:10 | SSA def(outer) |
 | main.go:123:2:123:6 | outer | main.go:124:7:124:11 | outer |
 | main.go:123:2:123:6 | outer [postupdate] | main.go:124:7:124:11 | outer |
 | main.go:124:7:124:11 | outer | main.go:125:7:125:11 | outer |
 | main.go:125:7:125:11 | outer | main.go:126:7:126:11 | outer |
 | main.go:126:7:126:11 | outer | main.go:127:7:127:11 | outer |
-| main.go:129:6:129:11 | definition of outerp | main.go:130:2:130:7 | outerp |
-| main.go:129:6:129:11 | zero value for outerp | main.go:129:6:129:11 | definition of outerp |
+| main.go:129:6:129:11 | SSA def(outerp) | main.go:130:2:130:7 | outerp |
+| main.go:129:6:129:11 | zero value for outerp | main.go:129:6:129:11 | SSA def(outerp) |
 | main.go:130:2:130:7 | outerp | main.go:131:7:131:12 | outerp |
 | main.go:130:2:130:7 | outerp [postupdate] | main.go:131:7:131:12 | outerp |
 | main.go:131:7:131:12 | outerp | main.go:132:7:132:12 | outerp |
 | main.go:132:7:132:12 | outerp | main.go:133:7:133:12 | outerp |
 | main.go:133:7:133:12 | outerp | main.go:134:7:134:12 | outerp |
-| main.go:138:6:138:10 | definition of outer | main.go:139:2:139:6 | outer |
-| main.go:138:6:138:10 | zero value for outer | main.go:138:6:138:10 | definition of outer |
+| main.go:138:6:138:10 | SSA def(outer) | main.go:139:2:139:6 | outer |
+| main.go:138:6:138:10 | zero value for outer | main.go:138:6:138:10 | SSA def(outer) |
 | main.go:139:2:139:6 | outer | main.go:140:7:140:11 | outer |
 | main.go:139:2:139:6 | outer [postupdate] | main.go:140:7:140:11 | outer |
 | main.go:140:7:140:11 | outer | main.go:141:7:141:11 | outer |
 | main.go:141:7:141:11 | outer | main.go:142:7:142:11 | outer |
 | main.go:142:7:142:11 | outer | main.go:143:7:143:11 | outer |
-| main.go:145:6:145:11 | definition of outerp | main.go:146:2:146:7 | outerp |
-| main.go:145:6:145:11 | zero value for outerp | main.go:145:6:145:11 | definition of outerp |
+| main.go:145:6:145:11 | SSA def(outerp) | main.go:146:2:146:7 | outerp |
+| main.go:145:6:145:11 | zero value for outerp | main.go:145:6:145:11 | SSA def(outerp) |
 | main.go:146:2:146:7 | outerp | main.go:147:7:147:12 | outerp |
 | main.go:146:2:146:7 | outerp [postupdate] | main.go:147:7:147:12 | outerp |
 | main.go:147:7:147:12 | outerp | main.go:148:7:148:12 | outerp |

go/ql/test/library-tests/semmle/go/dataflow/SSA/DefUse.expected

@@ -1,34 +1,42 @@
-| main.go:15:12:15:12 | x | main.go:13:6:13:6 | definition of x | main.go:13:6:13:6 | x |
-| main.go:15:15:15:15 | y | main.go:14:2:14:2 | definition of y | main.go:14:2:14:2 | y |
-| main.go:17:3:17:3 | y | main.go:14:2:14:2 | definition of y | main.go:14:2:14:2 | y |
-| main.go:19:12:19:12 | x | main.go:13:6:13:6 | definition of x | main.go:13:6:13:6 | x |
-| main.go:19:15:19:15 | y | main.go:19:2:19:10 | y = phi(def@14:2, def@17:3) | main.go:14:2:14:2 | y |
-| main.go:21:7:21:7 | y | main.go:19:2:19:10 | y = phi(def@14:2, def@17:3) | main.go:14:2:14:2 | y |
-| main.go:23:12:23:12 | x | main.go:23:2:23:10 | x = phi(def@13:6, def@21:3) | main.go:13:6:13:6 | x |
-| main.go:23:15:23:15 | y | main.go:19:2:19:10 | y = phi(def@14:2, def@17:3) | main.go:14:2:14:2 | y |
-| main.go:27:10:27:10 | x | main.go:26:10:26:10 | definition of x | main.go:26:10:26:10 | x |
-| main.go:29:10:29:10 | b | main.go:27:5:27:5 | definition of b | main.go:27:5:27:5 | b |
-| main.go:29:13:29:13 | a | main.go:27:2:27:2 | definition of a | main.go:27:2:27:2 | a |
-| main.go:31:9:31:9 | a | main.go:31:9:31:9 | a = phi(def@27:2, def@29:3) | main.go:27:2:27:2 | a |
-| main.go:31:12:31:12 | b | main.go:31:9:31:9 | b = phi(def@27:5, def@29:6) | main.go:27:5:27:5 | b |
-| main.go:35:3:35:3 | x | main.go:34:11:34:11 | definition of x | main.go:34:11:34:11 | x |
-| main.go:40:10:40:10 | x | main.go:39:2:39:2 | definition of x | main.go:39:2:39:2 | x |
-| main.go:42:8:42:10 | ptr | main.go:40:2:40:4 | definition of ptr | main.go:40:2:40:4 | ptr |
-| main.go:44:12:44:12 | x | main.go:39:2:39:2 | definition of x | main.go:39:2:39:2 | x |
-| main.go:47:13:47:18 | implicit read of result | main.go:48:2:48:7 | definition of result | main.go:47:13:47:18 | result |
-| main.go:52:14:52:19 | implicit read of result | main.go:52:14:52:19 | definition of result | main.go:52:14:52:19 | result |
-| main.go:61:12:61:12 | x | main.go:58:6:58:9 | x = phi(def@57:6, def@59:3) | main.go:57:6:57:6 | x |
-| main.go:64:16:64:16 | i | main.go:65:6:65:9 | i = phi(def@64:16, def@64:6) | main.go:64:6:64:6 | i |
-| main.go:70:12:70:12 | y | main.go:65:6:65:9 | y = phi(def@63:2, def@68:3) | main.go:63:2:63:2 | y |
-| main.go:73:16:73:16 | i | main.go:74:3:74:3 | i = phi(def@73:16, def@73:6) | main.go:73:6:73:6 | i |
-| main.go:79:12:79:12 | z | main.go:74:3:74:3 | definition of z | main.go:72:2:72:2 | z |
-| main.go:82:18:82:18 | implicit read of a | main.go:84:5:84:5 | definition of a | main.go:82:18:82:18 | a |
-| main.go:82:25:82:25 | implicit read of b | main.go:82:25:82:25 | definition of b | main.go:82:25:82:25 | b |
-| main.go:84:9:84:9 | x | main.go:83:2:83:2 | definition of x | main.go:83:2:83:2 | x |
-| main.go:84:15:84:15 | x | main.go:83:2:83:2 | definition of x | main.go:83:2:83:2 | x |
-| main.go:97:2:97:8 | wrapper | main.go:95:22:95:28 | definition of wrapper | main.go:95:22:95:28 | wrapper |
-| main.go:100:9:100:9 | x | main.go:97:2:99:3 | capture variable x | main.go:96:2:96:2 | x |
-| main.go:117:2:117:2 | p | main.go:117:2:117:2 | p = phi(def@112:3, def@114:3) | main.go:110:6:110:6 | p |
-| main.go:119:12:119:12 | p | main.go:117:2:117:2 | p = phi(def@112:3, def@114:3) | main.go:110:6:110:6 | p |
-| main.go:119:17:119:17 | p | main.go:117:2:117:2 | p = phi(def@112:3, def@114:3) | main.go:110:6:110:6 | p |
-| main.go:119:24:119:24 | p | main.go:117:2:117:2 | p = phi(def@112:3, def@114:3) | main.go:110:6:110:6 | p |
+| main.go:15:12:15:12 | x | main.go:13:6:13:6 | SSA def(x) | main.go:13:6:13:6 | x |
+| main.go:15:15:15:15 | y | main.go:14:2:14:2 | SSA def(y) | main.go:14:2:14:2 | y |
+| main.go:17:3:17:3 | y | main.go:14:2:14:2 | SSA def(y) | main.go:14:2:14:2 | y |
+| main.go:19:12:19:12 | x | main.go:13:6:13:6 | SSA def(x) | main.go:13:6:13:6 | x |
+| main.go:19:15:19:15 | y | main.go:19:2:19:10 | SSA phi(y) | main.go:14:2:14:2 | y |
+| main.go:21:7:21:7 | y | main.go:19:2:19:10 | SSA phi(y) | main.go:14:2:14:2 | y |
+| main.go:23:12:23:12 | x | main.go:23:2:23:10 | SSA phi(x) | main.go:13:6:13:6 | x |
+| main.go:23:15:23:15 | y | main.go:19:2:19:10 | SSA phi(y) | main.go:14:2:14:2 | y |
+| main.go:27:10:27:10 | x | main.go:26:10:26:10 | SSA def(x) | main.go:26:10:26:10 | x |
+| main.go:29:10:29:10 | b | main.go:27:5:27:5 | SSA def(b) | main.go:27:5:27:5 | b |
+| main.go:29:13:29:13 | a | main.go:27:2:27:2 | SSA def(a) | main.go:27:2:27:2 | a |
+| main.go:31:9:31:9 | a | main.go:31:9:31:9 | SSA phi(a) | main.go:27:2:27:2 | a |
+| main.go:31:12:31:12 | b | main.go:31:9:31:9 | SSA phi(b) | main.go:27:5:27:5 | b |
+| main.go:35:3:35:3 | x | main.go:34:11:34:11 | SSA def(x) | main.go:34:11:34:11 | x |
+| main.go:40:10:40:10 | x | main.go:39:2:39:2 | SSA def(x) | main.go:39:2:39:2 | x |
+| main.go:42:8:42:10 | ptr | main.go:40:2:40:4 | SSA def(ptr) | main.go:40:2:40:4 | ptr |
+| main.go:44:12:44:12 | x | main.go:39:2:39:2 | SSA def(x) | main.go:39:2:39:2 | x |
+| main.go:47:13:47:18 | implicit read of result | main.go:48:2:48:7 | SSA def(result) | main.go:47:13:47:18 | result |
+| main.go:52:14:52:19 | implicit read of result | main.go:52:14:52:19 | SSA def(result) | main.go:52:14:52:19 | result |
+| main.go:61:12:61:12 | x | main.go:58:6:58:9 | SSA phi(x) | main.go:57:6:57:6 | x |
+| main.go:64:16:64:16 | i | main.go:65:6:65:9 | SSA phi(i) | main.go:64:6:64:6 | i |
+| main.go:70:12:70:12 | y | main.go:65:6:65:9 | SSA phi(y) | main.go:63:2:63:2 | y |
+| main.go:73:16:73:16 | i | main.go:74:3:74:3 | SSA phi(i) | main.go:73:6:73:6 | i |
+| main.go:79:12:79:12 | z | main.go:74:3:74:3 | SSA def(z) | main.go:72:2:72:2 | z |
+| main.go:82:18:82:18 | implicit read of a | main.go:84:5:84:5 | SSA def(a) | main.go:82:18:82:18 | a |
+| main.go:82:25:82:25 | implicit read of b | main.go:82:25:82:25 | SSA def(b) | main.go:82:25:82:25 | b |
+| main.go:84:9:84:9 | x | main.go:83:2:83:2 | SSA def(x) | main.go:83:2:83:2 | x |
+| main.go:84:15:84:15 | x | main.go:83:2:83:2 | SSA def(x) | main.go:83:2:83:2 | x |
+| main.go:97:2:97:8 | wrapper | main.go:95:22:95:28 | SSA def(wrapper) | main.go:95:22:95:28 | wrapper |
+| main.go:100:9:100:9 | x | main.go:97:2:99:3 | SSA def(x) | main.go:96:2:96:2 | x |
+| main.go:105:2:105:8 | wrapper | main.go:103:20:103:26 | SSA def(wrapper) | main.go:103:20:103:26 | wrapper |
+| main.go:106:8:106:8 | x | main.go:105:16:108:2 | SSA def(x) | main.go:104:2:104:2 | x |
+| main.go:107:7:107:7 | y | main.go:106:3:106:3 | SSA def(y) | main.go:106:3:106:3 | y |
+| main.go:109:9:109:9 | x | main.go:104:2:104:2 | SSA def(x) | main.go:104:2:104:2 | x |
+| main.go:114:2:114:8 | wrapper | main.go:112:29:112:35 | SSA def(wrapper) | main.go:112:29:112:35 | wrapper |
+| main.go:115:8:115:8 | x | main.go:114:16:117:2 | SSA def(x) | main.go:113:2:113:2 | x |
+| main.go:116:7:116:7 | y | main.go:115:3:115:3 | SSA def(y) | main.go:115:3:115:3 | y |
+| main.go:118:9:118:9 | x | main.go:114:2:117:3 | SSA def(x) | main.go:113:2:113:2 | x |
+| main.go:135:2:135:2 | p | main.go:135:2:135:2 | SSA phi(p) | main.go:128:6:128:6 | p |
+| main.go:137:12:137:12 | p | main.go:135:2:135:2 | SSA phi(p) | main.go:128:6:128:6 | p |
+| main.go:137:17:137:17 | p | main.go:135:2:135:2 | SSA phi(p) | main.go:128:6:128:6 | p |
+| main.go:137:24:137:24 | p | main.go:135:2:135:2 | SSA phi(p) | main.go:128:6:128:6 | p |

go/ql/test/library-tests/semmle/go/dataflow/SSA/SsaDefinition.expected

@@ -1,41 +1,51 @@
-| main.go:13:6:13:6 | definition of x |
-| main.go:14:2:14:2 | definition of y |
-| main.go:17:3:17:3 | definition of y |
-| main.go:19:2:19:10 | y = phi(def@14:2, def@17:3) |
-| main.go:21:3:21:3 | definition of x |
-| main.go:23:2:23:10 | x = phi(def@13:6, def@21:3) |
-| main.go:26:10:26:10 | definition of x |
-| main.go:27:2:27:2 | definition of a |
-| main.go:27:5:27:5 | definition of b |
-| main.go:29:3:29:3 | definition of a |
-| main.go:29:6:29:6 | definition of b |
-| main.go:31:9:31:9 | a = phi(def@27:2, def@29:3) |
-| main.go:31:9:31:9 | b = phi(def@27:5, def@29:6) |
-| main.go:34:11:34:11 | definition of x |
-| main.go:39:2:39:2 | definition of x |
-| main.go:40:2:40:4 | definition of ptr |
-| main.go:48:2:48:7 | definition of result |
-| main.go:52:14:52:19 | definition of result |
-| main.go:57:6:57:6 | definition of x |
-| main.go:58:6:58:9 | x = phi(def@57:6, def@59:3) |
-| main.go:59:3:59:3 | definition of x |
-| main.go:63:2:63:2 | definition of y |
-| main.go:64:6:64:6 | definition of i |
-| main.go:64:16:64:18 | definition of i |
-| main.go:65:6:65:9 | i = phi(def@64:16, def@64:6) |
-| main.go:65:6:65:9 | y = phi(def@63:2, def@68:3) |
-| main.go:68:3:68:3 | definition of y |
-| main.go:73:6:73:6 | definition of i |
-| main.go:73:16:73:18 | definition of i |
-| main.go:74:3:74:3 | definition of z |
-| main.go:74:3:74:3 | i = phi(def@73:16, def@73:6) |
-| main.go:82:25:82:25 | definition of b |
-| main.go:83:2:83:2 | definition of x |
-| main.go:84:5:84:5 | definition of a |
-| main.go:95:22:95:28 | definition of wrapper |
-| main.go:96:2:96:2 | definition of x |
-| main.go:97:2:99:3 | capture variable x |
-| main.go:98:3:98:3 | definition of x |
-| main.go:112:3:112:3 | definition of p |
-| main.go:114:3:114:3 | definition of p |
-| main.go:117:2:117:2 | p = phi(def@112:3, def@114:3) |
+| main.go:13:6:13:6 | SSA def(x) |
+| main.go:14:2:14:2 | SSA def(y) |
+| main.go:17:3:17:3 | SSA def(y) |
+| main.go:19:2:19:10 | SSA phi(y) |
+| main.go:21:3:21:3 | SSA def(x) |
+| main.go:23:2:23:10 | SSA phi(x) |
+| main.go:26:10:26:10 | SSA def(x) |
+| main.go:27:2:27:2 | SSA def(a) |
+| main.go:27:5:27:5 | SSA def(b) |
+| main.go:29:3:29:3 | SSA def(a) |
+| main.go:29:6:29:6 | SSA def(b) |
+| main.go:31:9:31:9 | SSA phi(a) |
+| main.go:31:9:31:9 | SSA phi(b) |
+| main.go:34:11:34:11 | SSA def(x) |
+| main.go:39:2:39:2 | SSA def(x) |
+| main.go:40:2:40:4 | SSA def(ptr) |
+| main.go:48:2:48:7 | SSA def(result) |
+| main.go:52:14:52:19 | SSA def(result) |
+| main.go:57:6:57:6 | SSA def(x) |
+| main.go:58:6:58:9 | SSA phi(x) |
+| main.go:59:3:59:3 | SSA def(x) |
+| main.go:63:2:63:2 | SSA def(y) |
+| main.go:64:6:64:6 | SSA def(i) |
+| main.go:64:16:64:18 | SSA def(i) |
+| main.go:65:6:65:9 | SSA phi(i) |
+| main.go:65:6:65:9 | SSA phi(y) |
+| main.go:68:3:68:3 | SSA def(y) |
+| main.go:73:6:73:6 | SSA def(i) |
+| main.go:73:16:73:18 | SSA def(i) |
+| main.go:74:3:74:3 | SSA def(z) |
+| main.go:74:3:74:3 | SSA phi(i) |
+| main.go:82:25:82:25 | SSA def(b) |
+| main.go:83:2:83:2 | SSA def(x) |
+| main.go:84:5:84:5 | SSA def(a) |
+| main.go:95:22:95:28 | SSA def(wrapper) |
+| main.go:96:2:96:2 | SSA def(x) |
+| main.go:97:2:99:3 | SSA def(x) |
+| main.go:98:3:98:3 | SSA def(x) |
+| main.go:103:20:103:26 | SSA def(wrapper) |
+| main.go:104:2:104:2 | SSA def(x) |
+| main.go:105:16:108:2 | SSA def(x) |
+| main.go:106:3:106:3 | SSA def(y) |
+| main.go:112:29:112:35 | SSA def(wrapper) |
+| main.go:113:2:113:2 | SSA def(x) |
+| main.go:114:2:117:3 | SSA def(x) |
+| main.go:114:16:117:2 | SSA def(x) |
+| main.go:115:3:115:3 | SSA def(y) |
+| main.go:116:3:116:3 | SSA def(x) |
+| main.go:130:3:130:3 | SSA def(p) |
+| main.go:132:3:132:3 | SSA def(p) |
+| main.go:135:2:135:2 | SSA phi(p) |

go/ql/test/library-tests/semmle/go/dataflow/SSA/SsaWithFields.expected

@@ -1,46 +1,58 @@
-| main.go:13:6:13:6 | (def@13:6) | x |
-| main.go:14:2:14:2 | (def@14:2) | y |
-| main.go:17:3:17:3 | (def@17:3) | y |
-| main.go:19:2:19:10 | (phi@19:2) | y |
-| main.go:21:3:21:3 | (def@21:3) | x |
-| main.go:23:2:23:10 | (phi@23:2) | x |
-| main.go:26:10:26:10 | (def@26:10) | x |
-| main.go:27:2:27:2 | (def@27:2) | a |
-| main.go:27:5:27:5 | (def@27:5) | b |
-| main.go:29:3:29:3 | (def@29:3) | a |
-| main.go:29:6:29:6 | (def@29:6) | b |
-| main.go:31:9:31:9 | (phi@31:9) | a |
-| main.go:31:9:31:9 | (phi@31:9) | b |
-| main.go:34:11:34:11 | (def@34:11) | x |
-| main.go:39:2:39:2 | (def@39:2) | x |
-| main.go:40:2:40:4 | (def@40:2) | ptr |
-| main.go:48:2:48:7 | (def@48:2) | result |
-| main.go:52:14:52:19 | (def@52:14) | result |
-| main.go:57:6:57:6 | (def@57:6) | x |
-| main.go:58:6:58:9 | (phi@58:6) | x |
-| main.go:59:3:59:3 | (def@59:3) | x |
-| main.go:63:2:63:2 | (def@63:2) | y |
-| main.go:64:6:64:6 | (def@64:6) | i |
-| main.go:64:16:64:18 | (def@64:16) | i |
-| main.go:65:6:65:9 | (phi@65:6) | i |
-| main.go:65:6:65:9 | (phi@65:6) | y |
-| main.go:68:3:68:3 | (def@68:3) | y |
-| main.go:73:6:73:6 | (def@73:6) | i |
-| main.go:73:16:73:18 | (def@73:16) | i |
-| main.go:74:3:74:3 | (def@74:3) | z |
-| main.go:74:3:74:3 | (phi@74:3) | i |
-| main.go:82:25:82:25 | (def@82:25) | b |
-| main.go:83:2:83:2 | (def@83:2) | x |
-| main.go:84:5:84:5 | (def@84:5) | a |
-| main.go:95:22:95:28 | (def@95:22) | wrapper |
-| main.go:95:22:95:28 | (def@95:22).s | wrapper.s |
-| main.go:96:2:96:2 | (def@96:2) | x |
-| main.go:97:2:99:3 | (capture@97:2) | x |
-| main.go:98:3:98:3 | (def@98:3) | x |
-| main.go:112:3:112:3 | (def@112:3) | p |
-| main.go:114:3:114:3 | (def@114:3) | p |
-| main.go:117:2:117:2 | (phi@117:2) | p |
-| main.go:117:2:117:2 | (phi@117:2).a | p.a |
-| main.go:117:2:117:2 | (phi@117:2).b | p.b |
-| main.go:117:2:117:2 | (phi@117:2).b.a | p.b.a |
-| main.go:117:2:117:2 | (phi@117:2).c | p.c |
+| main.go:13:6:13:6 | (SSA def(x)) | x |
+| main.go:14:2:14:2 | (SSA def(y)) | y |
+| main.go:17:3:17:3 | (SSA def(y)) | y |
+| main.go:19:2:19:10 | (SSA phi(y)) | y |
+| main.go:21:3:21:3 | (SSA def(x)) | x |
+| main.go:23:2:23:10 | (SSA phi(x)) | x |
+| main.go:26:10:26:10 | (SSA def(x)) | x |
+| main.go:27:2:27:2 | (SSA def(a)) | a |
+| main.go:27:5:27:5 | (SSA def(b)) | b |
+| main.go:29:3:29:3 | (SSA def(a)) | a |
+| main.go:29:6:29:6 | (SSA def(b)) | b |
+| main.go:31:9:31:9 | (SSA phi(a)) | a |
+| main.go:31:9:31:9 | (SSA phi(b)) | b |
+| main.go:34:11:34:11 | (SSA def(x)) | x |
+| main.go:39:2:39:2 | (SSA def(x)) | x |
+| main.go:40:2:40:4 | (SSA def(ptr)) | ptr |
+| main.go:48:2:48:7 | (SSA def(result)) | result |
+| main.go:52:14:52:19 | (SSA def(result)) | result |
+| main.go:57:6:57:6 | (SSA def(x)) | x |
+| main.go:58:6:58:9 | (SSA phi(x)) | x |
+| main.go:59:3:59:3 | (SSA def(x)) | x |
+| main.go:63:2:63:2 | (SSA def(y)) | y |
+| main.go:64:6:64:6 | (SSA def(i)) | i |
+| main.go:64:16:64:18 | (SSA def(i)) | i |
+| main.go:65:6:65:9 | (SSA phi(i)) | i |
+| main.go:65:6:65:9 | (SSA phi(y)) | y |
+| main.go:68:3:68:3 | (SSA def(y)) | y |
+| main.go:73:6:73:6 | (SSA def(i)) | i |
+| main.go:73:16:73:18 | (SSA def(i)) | i |
+| main.go:74:3:74:3 | (SSA def(z)) | z |
+| main.go:74:3:74:3 | (SSA phi(i)) | i |
+| main.go:82:25:82:25 | (SSA def(b)) | b |
+| main.go:83:2:83:2 | (SSA def(x)) | x |
+| main.go:84:5:84:5 | (SSA def(a)) | a |
+| main.go:95:22:95:28 | (SSA def(wrapper)) | wrapper |
+| main.go:95:22:95:28 | (SSA def(wrapper)).s | wrapper.s |
+| main.go:96:2:96:2 | (SSA def(x)) | x |
+| main.go:97:2:99:3 | (SSA def(x)) | x |
+| main.go:98:3:98:3 | (SSA def(x)) | x |
+| main.go:103:20:103:26 | (SSA def(wrapper)) | wrapper |
+| main.go:103:20:103:26 | (SSA def(wrapper)).s | wrapper.s |
+| main.go:104:2:104:2 | (SSA def(x)) | x |
+| main.go:105:16:108:2 | (SSA def(x)) | x |
+| main.go:106:3:106:3 | (SSA def(y)) | y |
+| main.go:112:29:112:35 | (SSA def(wrapper)) | wrapper |
+| main.go:112:29:112:35 | (SSA def(wrapper)).s | wrapper.s |
+| main.go:113:2:113:2 | (SSA def(x)) | x |
+| main.go:114:2:117:3 | (SSA def(x)) | x |
+| main.go:114:16:117:2 | (SSA def(x)) | x |
+| main.go:115:3:115:3 | (SSA def(y)) | y |
+| main.go:116:3:116:3 | (SSA def(x)) | x |
+| main.go:130:3:130:3 | (SSA def(p)) | p |
+| main.go:132:3:132:3 | (SSA def(p)) | p |
+| main.go:135:2:135:2 | (SSA phi(p)) | p |
+| main.go:135:2:135:2 | (SSA phi(p)).a | p.a |
+| main.go:135:2:135:2 | (SSA phi(p)).b | p.b |
+| main.go:135:2:135:2 | (SSA phi(p)).b.a | p.b.a |
+| main.go:135:2:135:2 | (SSA phi(p)).c | p.c |

go/ql/test/library-tests/semmle/go/dataflow/SSA/VarDefs.expected

@@ -32,16 +32,23 @@
 | main.go:95:22:95:28 | initialization of wrapper | main.go:95:22:95:28 | wrapper | main.go:95:22:95:28 | argument corresponding to wrapper |
 | main.go:96:2:96:2 | assignment to x | main.go:96:2:96:2 | x | main.go:96:7:96:7 | 0 |
 | main.go:98:3:98:3 | assignment to x | main.go:96:2:96:2 | x | main.go:98:7:98:7 | 1 |
-| main.go:110:6:110:6 | assignment to p | main.go:110:6:110:6 | p | main.go:110:6:110:6 | zero value for p |
-| main.go:112:3:112:3 | assignment to p | main.go:110:6:110:6 | p | main.go:112:7:112:24 | struct literal |
-| main.go:112:9:112:9 | init of 2 | main.go:104:2:104:2 | a | main.go:112:9:112:9 | 2 |
-| main.go:112:12:112:18 | init of struct literal | main.go:105:2:105:2 | b | main.go:112:12:112:18 | struct literal |
-| main.go:112:14:112:14 | init of 1 | main.go:89:2:89:2 | a | main.go:112:14:112:14 | 1 |
-| main.go:112:17:112:17 | init of 5 | main.go:90:2:90:2 | b | main.go:112:17:112:17 | 5 |
-| main.go:112:21:112:23 | init of 'n' | main.go:106:2:106:2 | c | main.go:112:21:112:23 | 'n' |
-| main.go:114:3:114:3 | assignment to p | main.go:110:6:110:6 | p | main.go:114:7:114:24 | struct literal |
-| main.go:114:9:114:9 | init of 3 | main.go:104:2:104:2 | a | main.go:114:9:114:9 | 3 |
-| main.go:114:12:114:18 | init of struct literal | main.go:105:2:105:2 | b | main.go:114:12:114:18 | struct literal |
-| main.go:114:14:114:14 | init of 4 | main.go:89:2:89:2 | a | main.go:114:14:114:14 | 4 |
-| main.go:114:17:114:17 | init of 5 | main.go:90:2:90:2 | b | main.go:114:17:114:17 | 5 |
-| main.go:114:21:114:23 | init of '2' | main.go:106:2:106:2 | c | main.go:114:21:114:23 | '2' |
+| main.go:103:20:103:26 | initialization of wrapper | main.go:103:20:103:26 | wrapper | main.go:103:20:103:26 | argument corresponding to wrapper |
+| main.go:104:2:104:2 | assignment to x | main.go:104:2:104:2 | x | main.go:104:7:104:7 | 0 |
+| main.go:106:3:106:3 | assignment to y | main.go:106:3:106:3 | y | main.go:106:8:106:8 | x |
+| main.go:112:29:112:35 | initialization of wrapper | main.go:112:29:112:35 | wrapper | main.go:112:29:112:35 | argument corresponding to wrapper |
+| main.go:113:2:113:2 | assignment to x | main.go:113:2:113:2 | x | main.go:113:7:113:7 | 0 |
+| main.go:115:3:115:3 | assignment to y | main.go:115:3:115:3 | y | main.go:115:8:115:12 | ...+... |
+| main.go:116:3:116:3 | assignment to x | main.go:113:2:113:2 | x | main.go:116:7:116:7 | y |
+| main.go:128:6:128:6 | assignment to p | main.go:128:6:128:6 | p | main.go:128:6:128:6 | zero value for p |
+| main.go:130:3:130:3 | assignment to p | main.go:128:6:128:6 | p | main.go:130:7:130:24 | struct literal |
+| main.go:130:9:130:9 | init of 2 | main.go:122:2:122:2 | a | main.go:130:9:130:9 | 2 |
+| main.go:130:12:130:18 | init of struct literal | main.go:123:2:123:2 | b | main.go:130:12:130:18 | struct literal |
+| main.go:130:14:130:14 | init of 1 | main.go:89:2:89:2 | a | main.go:130:14:130:14 | 1 |
+| main.go:130:17:130:17 | init of 5 | main.go:90:2:90:2 | b | main.go:130:17:130:17 | 5 |
+| main.go:130:21:130:23 | init of 'n' | main.go:124:2:124:2 | c | main.go:130:21:130:23 | 'n' |
+| main.go:132:3:132:3 | assignment to p | main.go:128:6:128:6 | p | main.go:132:7:132:24 | struct literal |
+| main.go:132:9:132:9 | init of 3 | main.go:122:2:122:2 | a | main.go:132:9:132:9 | 3 |
+| main.go:132:12:132:18 | init of struct literal | main.go:123:2:123:2 | b | main.go:132:12:132:18 | struct literal |
+| main.go:132:14:132:14 | init of 4 | main.go:89:2:89:2 | a | main.go:132:14:132:14 | 4 |
+| main.go:132:17:132:17 | init of 5 | main.go:90:2:90:2 | b | main.go:132:17:132:17 | 5 |
+| main.go:132:21:132:23 | init of '2' | main.go:124:2:124:2 | c | main.go:132:21:132:23 | '2' |

go/ql/test/library-tests/semmle/go/dataflow/SSA/VarUses.expected

@@ -28,13 +28,29 @@
 | main.go:84:15:84:15 | x | main.go:83:2:83:2 | x |
 | main.go:97:2:97:8 | wrapper | main.go:95:22:95:28 | wrapper |
 | main.go:97:2:97:10 | selection of s | main.go:95:38:95:38 | s |
+| main.go:97:2:97:10 | selection of s | main.go:103:36:103:36 | s |
+| main.go:97:2:97:10 | selection of s | main.go:112:45:112:45 | s |
 | main.go:100:9:100:9 | x | main.go:96:2:96:2 | x |
-| main.go:117:2:117:2 | p | main.go:110:6:110:6 | p |
-| main.go:117:2:117:4 | selection of b | main.go:105:2:105:2 | b |
-| main.go:119:12:119:12 | p | main.go:110:6:110:6 | p |
-| main.go:119:12:119:14 | selection of a | main.go:104:2:104:2 | a |
-| main.go:119:17:119:17 | p | main.go:110:6:110:6 | p |
-| main.go:119:17:119:19 | selection of b | main.go:105:2:105:2 | b |
-| main.go:119:17:119:21 | selection of a | main.go:89:2:89:2 | a |
-| main.go:119:24:119:24 | p | main.go:110:6:110:6 | p |
-| main.go:119:24:119:26 | selection of c | main.go:106:2:106:2 | c |
+| main.go:105:2:105:8 | wrapper | main.go:103:20:103:26 | wrapper |
+| main.go:105:2:105:10 | selection of s | main.go:95:38:95:38 | s |
+| main.go:105:2:105:10 | selection of s | main.go:103:36:103:36 | s |
+| main.go:105:2:105:10 | selection of s | main.go:112:45:112:45 | s |
+| main.go:106:8:106:8 | x | main.go:104:2:104:2 | x |
+| main.go:107:7:107:7 | y | main.go:106:3:106:3 | y |
+| main.go:109:9:109:9 | x | main.go:104:2:104:2 | x |
+| main.go:114:2:114:8 | wrapper | main.go:112:29:112:35 | wrapper |
+| main.go:114:2:114:10 | selection of s | main.go:95:38:95:38 | s |
+| main.go:114:2:114:10 | selection of s | main.go:103:36:103:36 | s |
+| main.go:114:2:114:10 | selection of s | main.go:112:45:112:45 | s |
+| main.go:115:8:115:8 | x | main.go:113:2:113:2 | x |
+| main.go:116:7:116:7 | y | main.go:115:3:115:3 | y |
+| main.go:118:9:118:9 | x | main.go:113:2:113:2 | x |
+| main.go:135:2:135:2 | p | main.go:128:6:128:6 | p |
+| main.go:135:2:135:4 | selection of b | main.go:123:2:123:2 | b |
+| main.go:137:12:137:12 | p | main.go:128:6:128:6 | p |
+| main.go:137:12:137:14 | selection of a | main.go:122:2:122:2 | a |
+| main.go:137:17:137:17 | p | main.go:128:6:128:6 | p |
+| main.go:137:17:137:19 | selection of b | main.go:123:2:123:2 | b |
+| main.go:137:17:137:21 | selection of a | main.go:89:2:89:2 | a |
+| main.go:137:24:137:24 | p | main.go:128:6:128:6 | p |
+| main.go:137:24:137:26 | selection of c | main.go:124:2:124:2 | c |

go/ql/test/library-tests/semmle/go/dataflow/SSA/main.go

@@ -100,6 +100,24 @@ func updateInClosure(wrapper struct{ s }) int {
 	return x
 }
 
+func readInClosure(wrapper struct{ s }) int {
+	x := 0
+	wrapper.s.foo(func() {
+		y := x
+		_ = y
+	})
+	return x
+}
+
+func readAndUpdateInClosure(wrapper struct{ s }) int {
+	x := 0
+	wrapper.s.foo(func() {
+		y := x + 1
+		x = y
+	})
+	return x
+}
+
 type t struct {
 	a int
 	b s

go/ql/test/library-tests/semmle/go/frameworks/Beego/CleartextLogging.expected

@@ -1,73 +1,73 @@
 #select
-| test.go:154:14:154:21 | password | test.go:153:17:153:24 | definition of password | test.go:154:14:154:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:155:17:155:24 | password | test.go:153:17:153:24 | definition of password | test.go:155:17:155:24 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:156:14:156:21 | password | test.go:153:17:153:24 | definition of password | test.go:156:14:156:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:157:18:157:25 | password | test.go:153:17:153:24 | definition of password | test.go:157:18:157:25 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:158:14:158:21 | password | test.go:153:17:153:24 | definition of password | test.go:158:14:158:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:159:13:159:20 | password | test.go:153:17:153:24 | definition of password | test.go:159:13:159:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:160:22:160:29 | password | test.go:153:17:153:24 | definition of password | test.go:160:22:160:29 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:161:15:161:22 | password | test.go:153:17:153:24 | definition of password | test.go:161:15:161:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:162:14:162:21 | password | test.go:153:17:153:24 | definition of password | test.go:162:14:162:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:163:13:163:20 | password | test.go:153:17:153:24 | definition of password | test.go:163:13:163:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:164:16:164:23 | password | test.go:153:17:153:24 | definition of password | test.go:164:16:164:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:165:13:165:20 | password | test.go:153:17:153:24 | definition of password | test.go:165:13:165:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:166:16:166:23 | password | test.go:153:17:153:24 | definition of password | test.go:166:16:166:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:167:13:167:20 | password | test.go:153:17:153:24 | definition of password | test.go:167:13:167:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:168:17:168:24 | password | test.go:153:17:153:24 | definition of password | test.go:168:17:168:24 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:169:13:169:20 | password | test.go:153:17:153:24 | definition of password | test.go:169:13:169:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:170:12:170:19 | password | test.go:153:17:153:24 | definition of password | test.go:170:12:170:19 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:171:21:171:28 | password | test.go:153:17:153:24 | definition of password | test.go:171:21:171:28 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:172:14:172:21 | password | test.go:153:17:153:24 | definition of password | test.go:172:14:172:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:173:13:173:20 | password | test.go:153:17:153:24 | definition of password | test.go:173:13:173:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:174:12:174:19 | password | test.go:153:17:153:24 | definition of password | test.go:174:12:174:19 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:175:15:175:22 | password | test.go:153:17:153:24 | definition of password | test.go:175:15:175:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:176:15:176:22 | password | test.go:153:17:153:24 | definition of password | test.go:176:15:176:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:177:18:177:25 | password | test.go:153:17:153:24 | definition of password | test.go:177:18:177:25 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:178:15:178:22 | password | test.go:153:17:153:24 | definition of password | test.go:178:15:178:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:179:19:179:26 | password | test.go:153:17:153:24 | definition of password | test.go:179:19:179:26 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:180:15:180:22 | password | test.go:153:17:153:24 | definition of password | test.go:180:15:180:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:181:14:181:21 | password | test.go:153:17:153:24 | definition of password | test.go:181:14:181:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:182:23:182:30 | password | test.go:153:17:153:24 | definition of password | test.go:182:23:182:30 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:183:16:183:23 | password | test.go:153:17:153:24 | definition of password | test.go:183:16:183:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:184:15:184:22 | password | test.go:153:17:153:24 | definition of password | test.go:184:15:184:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:185:14:185:21 | password | test.go:153:17:153:24 | definition of password | test.go:185:14:185:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:186:17:186:24 | password | test.go:153:17:153:24 | definition of password | test.go:186:17:186:24 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
-| test.go:187:16:187:23 | password | test.go:153:17:153:24 | definition of password | test.go:187:16:187:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
+| test.go:154:14:154:21 | password | test.go:153:17:153:24 | SSA def(password) | test.go:154:14:154:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:155:17:155:24 | password | test.go:153:17:153:24 | SSA def(password) | test.go:155:17:155:24 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:156:14:156:21 | password | test.go:153:17:153:24 | SSA def(password) | test.go:156:14:156:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:157:18:157:25 | password | test.go:153:17:153:24 | SSA def(password) | test.go:157:18:157:25 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:158:14:158:21 | password | test.go:153:17:153:24 | SSA def(password) | test.go:158:14:158:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:159:13:159:20 | password | test.go:153:17:153:24 | SSA def(password) | test.go:159:13:159:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:160:22:160:29 | password | test.go:153:17:153:24 | SSA def(password) | test.go:160:22:160:29 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:161:15:161:22 | password | test.go:153:17:153:24 | SSA def(password) | test.go:161:15:161:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:162:14:162:21 | password | test.go:153:17:153:24 | SSA def(password) | test.go:162:14:162:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:163:13:163:20 | password | test.go:153:17:153:24 | SSA def(password) | test.go:163:13:163:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:164:16:164:23 | password | test.go:153:17:153:24 | SSA def(password) | test.go:164:16:164:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:165:13:165:20 | password | test.go:153:17:153:24 | SSA def(password) | test.go:165:13:165:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:166:16:166:23 | password | test.go:153:17:153:24 | SSA def(password) | test.go:166:16:166:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:167:13:167:20 | password | test.go:153:17:153:24 | SSA def(password) | test.go:167:13:167:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:168:17:168:24 | password | test.go:153:17:153:24 | SSA def(password) | test.go:168:17:168:24 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:169:13:169:20 | password | test.go:153:17:153:24 | SSA def(password) | test.go:169:13:169:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:170:12:170:19 | password | test.go:153:17:153:24 | SSA def(password) | test.go:170:12:170:19 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:171:21:171:28 | password | test.go:153:17:153:24 | SSA def(password) | test.go:171:21:171:28 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:172:14:172:21 | password | test.go:153:17:153:24 | SSA def(password) | test.go:172:14:172:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:173:13:173:20 | password | test.go:153:17:153:24 | SSA def(password) | test.go:173:13:173:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:174:12:174:19 | password | test.go:153:17:153:24 | SSA def(password) | test.go:174:12:174:19 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:175:15:175:22 | password | test.go:153:17:153:24 | SSA def(password) | test.go:175:15:175:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:176:15:176:22 | password | test.go:153:17:153:24 | SSA def(password) | test.go:176:15:176:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:177:18:177:25 | password | test.go:153:17:153:24 | SSA def(password) | test.go:177:18:177:25 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:178:15:178:22 | password | test.go:153:17:153:24 | SSA def(password) | test.go:178:15:178:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:179:19:179:26 | password | test.go:153:17:153:24 | SSA def(password) | test.go:179:19:179:26 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:180:15:180:22 | password | test.go:153:17:153:24 | SSA def(password) | test.go:180:15:180:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:181:14:181:21 | password | test.go:153:17:153:24 | SSA def(password) | test.go:181:14:181:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:182:23:182:30 | password | test.go:153:17:153:24 | SSA def(password) | test.go:182:23:182:30 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:183:16:183:23 | password | test.go:153:17:153:24 | SSA def(password) | test.go:183:16:183:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:184:15:184:22 | password | test.go:153:17:153:24 | SSA def(password) | test.go:184:15:184:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:185:14:185:21 | password | test.go:153:17:153:24 | SSA def(password) | test.go:185:14:185:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:186:17:186:24 | password | test.go:153:17:153:24 | SSA def(password) | test.go:186:17:186:24 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:187:16:187:23 | password | test.go:153:17:153:24 | SSA def(password) | test.go:187:16:187:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
 edges
-| test.go:153:17:153:24 | definition of password | test.go:154:14:154:21 | password | provenance |  |
-| test.go:153:17:153:24 | definition of password | test.go:155:17:155:24 | password | provenance |  |
-| test.go:153:17:153:24 | definition of password | test.go:156:14:156:21 | password | provenance |  |
-| test.go:153:17:153:24 | definition of password | test.go:157:18:157:25 | password | provenance |  |
-| test.go:153:17:153:24 | definition of password | test.go:158:14:158:21 | password | provenance |  |
-| test.go:153:17:153:24 | definition of password | test.go:159:13:159:20 | password | provenance |  |
-| test.go:153:17:153:24 | definition of password | test.go:160:22:160:29 | password | provenance |  |
-| test.go:153:17:153:24 | definition of password | test.go:161:15:161:22 | password | provenance |  |
-| test.go:153:17:153:24 | definition of password | test.go:162:14:162:21 | password | provenance |  |
-| test.go:153:17:153:24 | definition of password | test.go:163:13:163:20 | password | provenance |  |
-| test.go:153:17:153:24 | definition of password | test.go:164:16:164:23 | password | provenance |  |
-| test.go:153:17:153:24 | definition of password | test.go:165:13:165:20 | password | provenance | Sink:MaD:1 |
-| test.go:153:17:153:24 | definition of password | test.go:166:16:166:23 | password | provenance | Sink:MaD:2 |
-| test.go:153:17:153:24 | definition of password | test.go:167:13:167:20 | password | provenance | Sink:MaD:3 |
-| test.go:153:17:153:24 | definition of password | test.go:168:17:168:24 | password | provenance | Sink:MaD:4 |
-| test.go:153:17:153:24 | definition of password | test.go:169:13:169:20 | password | provenance | Sink:MaD:5 |
-| test.go:153:17:153:24 | definition of password | test.go:170:12:170:19 | password | provenance | Sink:MaD:6 |
-| test.go:153:17:153:24 | definition of password | test.go:171:21:171:28 | password | provenance | Sink:MaD:7 |
-| test.go:153:17:153:24 | definition of password | test.go:172:14:172:21 | password | provenance | Sink:MaD:8 |
-| test.go:153:17:153:24 | definition of password | test.go:173:13:173:20 | password | provenance | Sink:MaD:9 |
-| test.go:153:17:153:24 | definition of password | test.go:174:12:174:19 | password | provenance | Sink:MaD:10 |
-| test.go:153:17:153:24 | definition of password | test.go:175:15:175:22 | password | provenance | Sink:MaD:11 |
-| test.go:153:17:153:24 | definition of password | test.go:176:15:176:22 | password | provenance | Sink:MaD:12 |
-| test.go:153:17:153:24 | definition of password | test.go:177:18:177:25 | password | provenance | Sink:MaD:13 |
-| test.go:153:17:153:24 | definition of password | test.go:178:15:178:22 | password | provenance | Sink:MaD:14 |
-| test.go:153:17:153:24 | definition of password | test.go:179:19:179:26 | password | provenance | Sink:MaD:15 |
-| test.go:153:17:153:24 | definition of password | test.go:180:15:180:22 | password | provenance | Sink:MaD:16 |
-| test.go:153:17:153:24 | definition of password | test.go:181:14:181:21 | password | provenance | Sink:MaD:17 |
-| test.go:153:17:153:24 | definition of password | test.go:182:23:182:30 | password | provenance | Sink:MaD:18 |
-| test.go:153:17:153:24 | definition of password | test.go:183:16:183:23 | password | provenance | Sink:MaD:19 |
-| test.go:153:17:153:24 | definition of password | test.go:184:15:184:22 | password | provenance | Sink:MaD:20 |
-| test.go:153:17:153:24 | definition of password | test.go:185:14:185:21 | password | provenance | Sink:MaD:21 |
-| test.go:153:17:153:24 | definition of password | test.go:186:17:186:24 | password | provenance | Sink:MaD:22 |
-| test.go:153:17:153:24 | definition of password | test.go:187:16:187:23 | password | provenance |  |
+| test.go:153:17:153:24 | SSA def(password) | test.go:154:14:154:21 | password | provenance |  |
+| test.go:153:17:153:24 | SSA def(password) | test.go:155:17:155:24 | password | provenance |  |
+| test.go:153:17:153:24 | SSA def(password) | test.go:156:14:156:21 | password | provenance |  |
+| test.go:153:17:153:24 | SSA def(password) | test.go:157:18:157:25 | password | provenance |  |
+| test.go:153:17:153:24 | SSA def(password) | test.go:158:14:158:21 | password | provenance |  |
+| test.go:153:17:153:24 | SSA def(password) | test.go:159:13:159:20 | password | provenance |  |
+| test.go:153:17:153:24 | SSA def(password) | test.go:160:22:160:29 | password | provenance |  |
+| test.go:153:17:153:24 | SSA def(password) | test.go:161:15:161:22 | password | provenance |  |
+| test.go:153:17:153:24 | SSA def(password) | test.go:162:14:162:21 | password | provenance |  |
+| test.go:153:17:153:24 | SSA def(password) | test.go:163:13:163:20 | password | provenance |  |
+| test.go:153:17:153:24 | SSA def(password) | test.go:164:16:164:23 | password | provenance |  |
+| test.go:153:17:153:24 | SSA def(password) | test.go:165:13:165:20 | password | provenance | Sink:MaD:1 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:166:16:166:23 | password | provenance | Sink:MaD:2 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:167:13:167:20 | password | provenance | Sink:MaD:3 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:168:17:168:24 | password | provenance | Sink:MaD:4 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:169:13:169:20 | password | provenance | Sink:MaD:5 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:170:12:170:19 | password | provenance | Sink:MaD:6 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:171:21:171:28 | password | provenance | Sink:MaD:7 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:172:14:172:21 | password | provenance | Sink:MaD:8 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:173:13:173:20 | password | provenance | Sink:MaD:9 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:174:12:174:19 | password | provenance | Sink:MaD:10 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:175:15:175:22 | password | provenance | Sink:MaD:11 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:176:15:176:22 | password | provenance | Sink:MaD:12 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:177:18:177:25 | password | provenance | Sink:MaD:13 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:178:15:178:22 | password | provenance | Sink:MaD:14 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:179:19:179:26 | password | provenance | Sink:MaD:15 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:180:15:180:22 | password | provenance | Sink:MaD:16 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:181:14:181:21 | password | provenance | Sink:MaD:17 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:182:23:182:30 | password | provenance | Sink:MaD:18 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:183:16:183:23 | password | provenance | Sink:MaD:19 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:184:15:184:22 | password | provenance | Sink:MaD:20 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:185:14:185:21 | password | provenance | Sink:MaD:21 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:186:17:186:24 | password | provenance | Sink:MaD:22 |
+| test.go:153:17:153:24 | SSA def(password) | test.go:187:16:187:23 | password | provenance |  |
 models
 | 1 | Sink: group:beego-logs; ; false; Alert; ; ; Argument[0..1]; log-injection; manual |
 | 2 | Sink: group:beego-logs; ; false; Critical; ; ; Argument[0..1]; log-injection; manual |
@@ -92,7 +92,7 @@ models
 | 21 | Sink: group:beego-logs; BeeLogger; true; Warn; ; ; Argument[0..1]; log-injection; manual |
 | 22 | Sink: group:beego-logs; BeeLogger; true; Warning; ; ; Argument[0..1]; log-injection; manual |
 nodes
-| test.go:153:17:153:24 | definition of password | semmle.label | definition of password |
+| test.go:153:17:153:24 | SSA def(password) | semmle.label | SSA def(password) |
 | test.go:154:14:154:21 | password | semmle.label | password |
 | test.go:155:17:155:24 | password | semmle.label | password |
 | test.go:156:14:156:21 | password | semmle.label | password |

go/ql/test/library-tests/semmle/go/frameworks/GoKit/main.go

@@ -12,12 +12,12 @@ type MyService interface {
 }
 
 func makeEndpointLit(svc MyService) endpoint.Endpoint {
-	return func(_ context.Context, request interface{}) (interface{}, error) { // $ source="definition of request"
+	return func(_ context.Context, request interface{}) (interface{}, error) { // $ source="SSA def(request)"
 		return request, nil
 	}
 }
 
-func endpointfn(_ context.Context, request interface{}) (interface{}, error) { // $ source="definition of request"
+func endpointfn(_ context.Context, request interface{}) (interface{}, error) { // $ source="SSA def(request)"
 	return request, nil
 }
 

go/ql/test/library-tests/semmle/go/frameworks/GoMicro/LogInjection.expected

@@ -1,8 +1,8 @@
 edges
-| main.go:18:46:18:48 | definition of req | main.go:21:28:21:31 | name | provenance |  |
+| main.go:18:46:18:48 | SSA def(req) | main.go:21:28:21:31 | name | provenance |  |
 nodes
-| main.go:18:46:18:48 | definition of req | semmle.label | definition of req |
+| main.go:18:46:18:48 | SSA def(req) | semmle.label | SSA def(req) |
 | main.go:21:28:21:31 | name | semmle.label | name |
 subpaths
 #select
-| main.go:21:28:21:31 | name | main.go:18:46:18:48 | definition of req | main.go:21:28:21:31 | name | This log entry depends on a $@. | main.go:18:46:18:48 | definition of req | user-provided value |
+| main.go:21:28:21:31 | name | main.go:18:46:18:48 | SSA def(req) | main.go:21:28:21:31 | name | This log entry depends on a $@. | main.go:18:46:18:48 | SSA def(req) | user-provided value |

go/ql/test/library-tests/semmle/go/frameworks/GoMicro/main.go

@@ -15,7 +15,7 @@ import (
 
 type Greeter struct{}
 
-func (g *Greeter) Hello(ctx context.Context, req *pb.Request, rsp *pb.Response) error { // $ serverRequest="definition of req"
+func (g *Greeter) Hello(ctx context.Context, req *pb.Request, rsp *pb.Response) error { // $ serverRequest="SSA def(req)"
 	// var access
 	name := req.Name
 	fmt.Println("Name :: %s", name)

go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected

@@ -1,19 +1,19 @@
 #select
 | server/main.go:30:38:30:48 | selection of Text | rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | server/main.go:30:38:30:48 | selection of Text | The $@ of this request depends on a $@. | server/main.go:30:38:30:48 | selection of Text | URL | rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | user-provided value |
-| server/main.go:30:38:30:48 | selection of Text | server/main.go:19:56:19:61 | definition of params | server/main.go:30:38:30:48 | selection of Text | The $@ of this request depends on a $@. | server/main.go:30:38:30:48 | selection of Text | URL | server/main.go:19:56:19:61 | definition of params | user-provided value |
+| server/main.go:30:38:30:48 | selection of Text | server/main.go:19:56:19:61 | SSA def(params) | server/main.go:30:38:30:48 | selection of Text | The $@ of this request depends on a $@. | server/main.go:30:38:30:48 | selection of Text | URL | server/main.go:19:56:19:61 | SSA def(params) | user-provided value |
 edges
-| client/main.go:16:35:16:78 | &... | server/main.go:19:56:19:61 | definition of params | provenance |  |
+| client/main.go:16:35:16:78 | &... | server/main.go:19:56:19:61 | SSA def(params) | provenance |  |
 | client/main.go:16:35:16:78 | &... [postupdate] | client/main.go:16:35:16:78 | &... | provenance |  |
 | rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | rpc/notes/service.twirp.go:544:27:544:29 | buf | provenance |  |
 | rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | provenance | Src:MaD:1 MaD:3 |
 | rpc/notes/service.twirp.go:544:27:544:29 | buf | rpc/notes/service.twirp.go:544:32:544:41 | reqContent [postupdate] | provenance | MaD:2 |
-| rpc/notes/service.twirp.go:544:32:544:41 | reqContent [postupdate] | rpc/notes/service.twirp.go:574:2:577:2 | capture variable reqContent | provenance |  |
-| rpc/notes/service.twirp.go:574:2:577:2 | capture variable reqContent | rpc/notes/service.twirp.go:576:35:576:44 | reqContent | provenance |  |
-| rpc/notes/service.twirp.go:576:35:576:44 | reqContent | server/main.go:19:56:19:61 | definition of params | provenance |  |
-| server/main.go:19:56:19:61 | definition of params | server/main.go:19:56:19:61 | definition of params [Return] | provenance |  |
-| server/main.go:19:56:19:61 | definition of params | server/main.go:30:38:30:48 | selection of Text | provenance |  |
-| server/main.go:19:56:19:61 | definition of params | server/main.go:30:38:30:48 | selection of Text | provenance |  |
-| server/main.go:19:56:19:61 | definition of params [Return] | client/main.go:16:35:16:78 | &... [postupdate] | provenance |  |
+| rpc/notes/service.twirp.go:544:32:544:41 | reqContent [postupdate] | rpc/notes/service.twirp.go:574:2:577:2 | SSA def(reqContent) | provenance |  |
+| rpc/notes/service.twirp.go:574:2:577:2 | SSA def(reqContent) | rpc/notes/service.twirp.go:576:35:576:44 | reqContent | provenance |  |
+| rpc/notes/service.twirp.go:576:35:576:44 | reqContent | server/main.go:19:56:19:61 | SSA def(params) | provenance |  |
+| server/main.go:19:56:19:61 | SSA def(params) | server/main.go:19:56:19:61 | SSA def(params) [Return] | provenance |  |
+| server/main.go:19:56:19:61 | SSA def(params) | server/main.go:30:38:30:48 | selection of Text | provenance |  |
+| server/main.go:19:56:19:61 | SSA def(params) | server/main.go:30:38:30:48 | selection of Text | provenance |  |
+| server/main.go:19:56:19:61 | SSA def(params) [Return] | client/main.go:16:35:16:78 | &... [postupdate] | provenance |  |
 models
 | 1 | Source: net/http; Request; true; Body; ; ; ; remote; manual |
 | 2 | Summary: google.golang.org/protobuf/proto; ; false; Unmarshal; ; ; Argument[0]; Argument[1]; taint; manual |
@@ -25,10 +25,10 @@ nodes
 | rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | semmle.label | selection of Body |
 | rpc/notes/service.twirp.go:544:27:544:29 | buf | semmle.label | buf |
 | rpc/notes/service.twirp.go:544:32:544:41 | reqContent [postupdate] | semmle.label | reqContent [postupdate] |
-| rpc/notes/service.twirp.go:574:2:577:2 | capture variable reqContent | semmle.label | capture variable reqContent |
+| rpc/notes/service.twirp.go:574:2:577:2 | SSA def(reqContent) | semmle.label | SSA def(reqContent) |
 | rpc/notes/service.twirp.go:576:35:576:44 | reqContent | semmle.label | reqContent |
-| server/main.go:19:56:19:61 | definition of params | semmle.label | definition of params |
-| server/main.go:19:56:19:61 | definition of params | semmle.label | definition of params |
-| server/main.go:19:56:19:61 | definition of params [Return] | semmle.label | definition of params [Return] |
+| server/main.go:19:56:19:61 | SSA def(params) | semmle.label | SSA def(params) |
+| server/main.go:19:56:19:61 | SSA def(params) | semmle.label | SSA def(params) |
+| server/main.go:19:56:19:61 | SSA def(params) [Return] | semmle.label | SSA def(params) [Return] |
 | server/main.go:30:38:30:48 | selection of Text | semmle.label | selection of Text |
 subpaths

go/ql/test/library-tests/semmle/go/frameworks/Yaml/yaml.go

@@ -24,7 +24,7 @@ func main() {
 	d.Decode(out)            // $ ttfnmodelstep="d -> out [postupdate]"
 
 	var w io.Writer
-	e := yaml2.NewEncoder(w) // $ ttfnmodelstep="definition of e -> w [postupdate]"
+	e := yaml2.NewEncoder(w) // $ ttfnmodelstep="SSA def(e) -> w [postupdate]"
 	e.Encode(in)             // $ ttfnmodelstep="in -> e [postupdate]"
 
 	out, _ = yaml3.Marshal(in) // $ marshaler="yaml: in -> ... = ...[0]" ttfnmodelstep="in -> ... = ...[0]"
@@ -33,7 +33,7 @@ func main() {
 	d1 := yaml3.NewDecoder(r) // $ ttfnmodelstep="r -> call to NewDecoder"
 	d1.Decode(out)            // $ ttfnmodelstep="d1 -> out [postupdate]"
 
-	e1 := yaml3.NewEncoder(w) // $ ttfnmodelstep="definition of e1 -> w [postupdate]"
+	e1 := yaml3.NewEncoder(w) // $ ttfnmodelstep="SSA def(e1) -> w [postupdate]"
 	e1.Encode(in)             // $ ttfnmodelstep="in -> e1 [postupdate]"
 
 	var n1 yaml3.Node

go/ql/test/library-tests/semmle/go/frameworks/gqlgen/graph/schema.resolvers.go

@@ -11,7 +11,7 @@ import (
 )
 
 // CreateTodo is the resolver for the createTodo field.
-func (r *mutationResolver) CreateTodo(ctx context.Context, input model.NewTodo) (*model.Todo, error) { // $ resolverParameter="definition of input"
+func (r *mutationResolver) CreateTodo(ctx context.Context, input model.NewTodo) (*model.Todo, error) { // $ resolverParameter="SSA def(input)"
 	panic(fmt.Errorf("not implemented: CreateTodo - createTodo %v", input))
 }
 

go/ql/test/query-tests/InconsistentCode/MissingErrorCheck/MissingErrorCheck.expected

@@ -1,2 +1,2 @@
-| tests.go:61:30:61:35 | result | $@ may be nil at this dereference because $@ may not have been checked. | tests.go:59:2:59:7 | definition of result | result | tests.go:59:10:59:12 | definition of err | err |
-| tests.go:243:27:243:32 | result | $@ may be nil at this dereference because $@ may not have been checked. | tests.go:241:2:241:7 | definition of result | result | tests.go:241:10:241:12 | definition of err | err |
+| tests.go:61:30:61:35 | result | $@ may be nil at this dereference because $@ may not have been checked. | tests.go:59:2:59:7 | SSA def(result) | result | tests.go:59:10:59:12 | SSA def(err) | err |
+| tests.go:243:27:243:32 | result | $@ may be nil at this dereference because $@ may not have been checked. | tests.go:241:2:241:7 | SSA def(result) | result | tests.go:241:10:241:12 | SSA def(err) | err |

go/ql/test/query-tests/InconsistentCode/UnhandledCloseWritableHandle/UnhandledCloseWritableHandle.expected

@@ -9,17 +9,17 @@
 | tests.go:130:3:130:3 | f | tests.go:126:5:126:78 | ... := ...[0] | tests.go:130:3:130:3 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:126:15:126:78 | call to OpenFile | call to OpenFile |
 | tests.go:151:8:151:8 | f | tests.go:147:2:147:74 | ... := ...[0] | tests.go:151:8:151:8 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:147:12:147:74 | call to OpenFile | call to OpenFile |
 edges
-| tests.go:9:24:9:24 | definition of f | tests.go:10:8:10:8 | f | provenance |  |
-| tests.go:13:32:13:32 | definition of f | tests.go:14:13:16:2 | capture variable f | provenance |  |
-| tests.go:14:13:16:2 | capture variable f | tests.go:15:3:15:3 | f | provenance |  |
+| tests.go:9:24:9:24 | SSA def(f) | tests.go:10:8:10:8 | f | provenance |  |
+| tests.go:13:32:13:32 | SSA def(f) | tests.go:14:13:16:2 | SSA def(f) | provenance |  |
+| tests.go:14:13:16:2 | SSA def(f) | tests.go:15:3:15:3 | f | provenance |  |
 | tests.go:32:5:32:78 | ... := ...[0] | tests.go:33:21:33:21 | f | provenance | Src:MaD:1  |
 | tests.go:32:5:32:78 | ... := ...[0] | tests.go:34:29:34:29 | f | provenance | Src:MaD:1  |
-| tests.go:33:21:33:21 | f | tests.go:9:24:9:24 | definition of f | provenance |  |
-| tests.go:34:29:34:29 | f | tests.go:13:32:13:32 | definition of f | provenance |  |
+| tests.go:33:21:33:21 | f | tests.go:9:24:9:24 | SSA def(f) | provenance |  |
+| tests.go:34:29:34:29 | f | tests.go:13:32:13:32 | SSA def(f) | provenance |  |
 | tests.go:46:5:46:76 | ... := ...[0] | tests.go:47:21:47:21 | f | provenance | Src:MaD:1  |
 | tests.go:46:5:46:76 | ... := ...[0] | tests.go:48:29:48:29 | f | provenance | Src:MaD:1  |
-| tests.go:47:21:47:21 | f | tests.go:9:24:9:24 | definition of f | provenance |  |
-| tests.go:48:29:48:29 | f | tests.go:13:32:13:32 | definition of f | provenance |  |
+| tests.go:47:21:47:21 | f | tests.go:9:24:9:24 | SSA def(f) | provenance |  |
+| tests.go:48:29:48:29 | f | tests.go:13:32:13:32 | SSA def(f) | provenance |  |
 | tests.go:55:5:55:78 | ... := ...[0] | tests.go:57:3:57:3 | f | provenance | Src:MaD:1  |
 | tests.go:67:5:67:76 | ... := ...[0] | tests.go:69:3:69:3 | f | provenance | Src:MaD:1  |
 | tests.go:109:5:109:78 | ... := ...[0] | tests.go:111:9:111:9 | f | provenance | Src:MaD:1  |
@@ -28,10 +28,10 @@ edges
 models
 | 1 | Source: os; ; false; OpenFile; ; ; ReturnValue[0]; file; manual |
 nodes
-| tests.go:9:24:9:24 | definition of f | semmle.label | definition of f |
+| tests.go:9:24:9:24 | SSA def(f) | semmle.label | SSA def(f) |
 | tests.go:10:8:10:8 | f | semmle.label | f |
-| tests.go:13:32:13:32 | definition of f | semmle.label | definition of f |
-| tests.go:14:13:16:2 | capture variable f | semmle.label | capture variable f |
+| tests.go:13:32:13:32 | SSA def(f) | semmle.label | SSA def(f) |
+| tests.go:14:13:16:2 | SSA def(f) | semmle.label | SSA def(f) |
 | tests.go:15:3:15:3 | f | semmle.label | f |
 | tests.go:32:5:32:78 | ... := ...[0] | semmle.label | ... := ...[0] |
 | tests.go:33:21:33:21 | f | semmle.label | f |

go/ql/test/query-tests/Security/CWE-022/UnsafeUnzipSymlink.expected

@@ -5,18 +5,18 @@
 | UnsafeUnzipSymlink.go:126:17:126:31 | selection of Linkname | UnsafeUnzipSymlink.go:126:17:126:31 | selection of Linkname | UnsafeUnzipSymlink.go:112:13:112:20 | linkName | Unresolved path from an archive header, which may point outside the archive root, is used in $@. | UnsafeUnzipSymlink.go:112:13:112:20 | linkName | symlink creation |
 | UnsafeUnzipSymlink.go:126:34:126:44 | selection of Name | UnsafeUnzipSymlink.go:126:34:126:44 | selection of Name | UnsafeUnzipSymlink.go:112:23:112:30 | fileName | Unresolved path from an archive header, which may point outside the archive root, is used in $@. | UnsafeUnzipSymlink.go:112:23:112:30 | fileName | symlink creation |
 edges
-| UnsafeUnzipSymlink.go:111:19:111:26 | definition of linkName | UnsafeUnzipSymlink.go:112:13:112:20 | linkName | provenance | Sink:MaD:1 |
-| UnsafeUnzipSymlink.go:111:29:111:36 | definition of fileName | UnsafeUnzipSymlink.go:112:23:112:30 | fileName | provenance | Sink:MaD:1 |
-| UnsafeUnzipSymlink.go:126:17:126:31 | selection of Linkname | UnsafeUnzipSymlink.go:111:19:111:26 | definition of linkName | provenance |  |
-| UnsafeUnzipSymlink.go:126:34:126:44 | selection of Name | UnsafeUnzipSymlink.go:111:29:111:36 | definition of fileName | provenance |  |
+| UnsafeUnzipSymlink.go:111:19:111:26 | SSA def(linkName) | UnsafeUnzipSymlink.go:112:13:112:20 | linkName | provenance | Sink:MaD:1 |
+| UnsafeUnzipSymlink.go:111:29:111:36 | SSA def(fileName) | UnsafeUnzipSymlink.go:112:23:112:30 | fileName | provenance | Sink:MaD:1 |
+| UnsafeUnzipSymlink.go:126:17:126:31 | selection of Linkname | UnsafeUnzipSymlink.go:111:19:111:26 | SSA def(linkName) | provenance |  |
+| UnsafeUnzipSymlink.go:126:34:126:44 | selection of Name | UnsafeUnzipSymlink.go:111:29:111:36 | SSA def(fileName) | provenance |  |
 models
 | 1 | Sink: os; ; false; Symlink; ; ; Argument[0..1]; path-injection; manual |
 nodes
 | UnsafeUnzipSymlink.go:31:15:31:29 | selection of Linkname | semmle.label | selection of Linkname |
 | UnsafeUnzipSymlink.go:31:32:31:42 | selection of Name | semmle.label | selection of Name |
 | UnsafeUnzipSymlink.go:43:25:43:35 | selection of Name | semmle.label | selection of Name |
-| UnsafeUnzipSymlink.go:111:19:111:26 | definition of linkName | semmle.label | definition of linkName |
-| UnsafeUnzipSymlink.go:111:29:111:36 | definition of fileName | semmle.label | definition of fileName |
+| UnsafeUnzipSymlink.go:111:19:111:26 | SSA def(linkName) | semmle.label | SSA def(linkName) |
+| UnsafeUnzipSymlink.go:111:29:111:36 | SSA def(fileName) | semmle.label | SSA def(fileName) |
 | UnsafeUnzipSymlink.go:112:13:112:20 | linkName | semmle.label | linkName |
 | UnsafeUnzipSymlink.go:112:23:112:30 | fileName | semmle.label | fileName |
 | UnsafeUnzipSymlink.go:126:17:126:31 | selection of Linkname | semmle.label | selection of Linkname |

go/ql/test/query-tests/Security/CWE-022/ZipSlip.expected

@@ -4,12 +4,12 @@
 | tarslip.go:15:2:15:30 | ... := ...[0] | tarslip.go:15:2:15:30 | ... := ...[0] | tarslip.go:16:14:16:34 | call to Dir | Unsanitized archive entry, which may contain '..', is used in a $@. | tarslip.go:16:14:16:34 | call to Dir | file system operation |
 | tst.go:23:2:43:2 | range statement[1] | tst.go:23:2:43:2 | range statement[1] | tst.go:29:20:29:23 | path | Unsanitized archive entry, which may contain '..', is used in a $@. | tst.go:29:20:29:23 | path | file system operation |
 edges
-| UnsafeUnzipSymlinkGood.go:52:24:52:32 | definition of candidate | UnsafeUnzipSymlinkGood.go:61:53:61:61 | candidate | provenance |  |
+| UnsafeUnzipSymlinkGood.go:52:24:52:32 | SSA def(candidate) | UnsafeUnzipSymlinkGood.go:61:53:61:61 | candidate | provenance |  |
 | UnsafeUnzipSymlinkGood.go:61:53:61:61 | candidate | UnsafeUnzipSymlinkGood.go:61:31:61:62 | call to Join | provenance | FunctionModel Sink:MaD:3 |
 | UnsafeUnzipSymlinkGood.go:72:3:72:25 | ... := ...[0] | UnsafeUnzipSymlinkGood.go:76:24:76:38 | selection of Linkname | provenance |  |
 | UnsafeUnzipSymlinkGood.go:72:3:72:25 | ... := ...[0] | UnsafeUnzipSymlinkGood.go:76:70:76:80 | selection of Name | provenance |  |
-| UnsafeUnzipSymlinkGood.go:76:24:76:38 | selection of Linkname | UnsafeUnzipSymlinkGood.go:52:24:52:32 | definition of candidate | provenance |  |
-| UnsafeUnzipSymlinkGood.go:76:70:76:80 | selection of Name | UnsafeUnzipSymlinkGood.go:52:24:52:32 | definition of candidate | provenance |  |
+| UnsafeUnzipSymlinkGood.go:76:24:76:38 | selection of Linkname | UnsafeUnzipSymlinkGood.go:52:24:52:32 | SSA def(candidate) | provenance |  |
+| UnsafeUnzipSymlinkGood.go:76:70:76:80 | selection of Name | UnsafeUnzipSymlinkGood.go:52:24:52:32 | SSA def(candidate) | provenance |  |
 | ZipSlip.go:11:2:15:2 | range statement[1] | ZipSlip.go:12:24:12:29 | selection of Name | provenance |  |
 | ZipSlip.go:12:3:12:30 | ... := ...[0] | ZipSlip.go:14:20:14:20 | p | provenance | Sink:MaD:1 |
 | ZipSlip.go:12:24:12:29 | selection of Name | ZipSlip.go:12:3:12:30 | ... := ...[0] | provenance | MaD:4 |
@@ -23,7 +23,7 @@ models
 | 4 | Summary: path/filepath; ; false; Abs; ; ; Argument[0]; ReturnValue[0]; taint; manual |
 | 5 | Summary: path; ; false; Dir; ; ; Argument[0]; ReturnValue; taint; manual |
 nodes
-| UnsafeUnzipSymlinkGood.go:52:24:52:32 | definition of candidate | semmle.label | definition of candidate |
+| UnsafeUnzipSymlinkGood.go:52:24:52:32 | SSA def(candidate) | semmle.label | SSA def(candidate) |
 | UnsafeUnzipSymlinkGood.go:61:31:61:62 | call to Join | semmle.label | call to Join |
 | UnsafeUnzipSymlinkGood.go:61:53:61:61 | candidate | semmle.label | candidate |
 | UnsafeUnzipSymlinkGood.go:72:3:72:25 | ... := ...[0] | semmle.label | ... := ...[0] |

go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected

@@ -48,14 +48,14 @@ edges
 | GitSubcommands.go:11:13:11:27 | call to Query | GitSubcommands.go:17:36:17:42 | tainted | provenance |  |
 | GitSubcommands.go:33:13:33:19 | selection of URL | GitSubcommands.go:33:13:33:27 | call to Query | provenance | Src:MaD:2 MaD:7 |
 | GitSubcommands.go:33:13:33:27 | call to Query | GitSubcommands.go:38:32:38:38 | tainted | provenance |  |
-| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:13:25:13:31 | tainted | provenance |  |
-| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:14:23:14:33 | slice expression | provenance |  |
-| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:39:31:39:37 | tainted | provenance | Config |
-| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:52:24:52:30 | tainted | provenance | Config |
-| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:68:31:68:37 | tainted | provenance | Config |
-| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:80:23:80:29 | tainted | provenance | Config |
+| SanitizingDoubleDash.go:9:2:9:8 | SSA def(tainted) | SanitizingDoubleDash.go:13:25:13:31 | tainted | provenance |  |
+| SanitizingDoubleDash.go:9:2:9:8 | SSA def(tainted) | SanitizingDoubleDash.go:14:23:14:33 | slice expression | provenance |  |
+| SanitizingDoubleDash.go:9:2:9:8 | SSA def(tainted) | SanitizingDoubleDash.go:39:31:39:37 | tainted | provenance | Config |
+| SanitizingDoubleDash.go:9:2:9:8 | SSA def(tainted) | SanitizingDoubleDash.go:52:24:52:30 | tainted | provenance | Config |
+| SanitizingDoubleDash.go:9:2:9:8 | SSA def(tainted) | SanitizingDoubleDash.go:68:31:68:37 | tainted | provenance | Config |
+| SanitizingDoubleDash.go:9:2:9:8 | SSA def(tainted) | SanitizingDoubleDash.go:80:23:80:29 | tainted | provenance | Config |
 | SanitizingDoubleDash.go:9:13:9:19 | selection of URL | SanitizingDoubleDash.go:9:13:9:27 | call to Query | provenance | Src:MaD:2 MaD:7 |
-| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | provenance |  |
+| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:9:2:9:8 | SSA def(tainted) | provenance |  |
 | SanitizingDoubleDash.go:13:15:13:32 | array literal [array] | SanitizingDoubleDash.go:14:23:14:30 | arrayLit [array] | provenance |  |
 | SanitizingDoubleDash.go:13:25:13:31 | tainted | SanitizingDoubleDash.go:13:15:13:32 | array literal [array] | provenance |  |
 | SanitizingDoubleDash.go:14:23:14:30 | arrayLit [array] | SanitizingDoubleDash.go:14:23:14:33 | slice element node | provenance |  |
@@ -181,7 +181,7 @@ nodes
 | GitSubcommands.go:33:13:33:19 | selection of URL | semmle.label | selection of URL |
 | GitSubcommands.go:33:13:33:27 | call to Query | semmle.label | call to Query |
 | GitSubcommands.go:38:32:38:38 | tainted | semmle.label | tainted |
-| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | semmle.label | definition of tainted |
+| SanitizingDoubleDash.go:9:2:9:8 | SSA def(tainted) | semmle.label | SSA def(tainted) |
 | SanitizingDoubleDash.go:9:13:9:19 | selection of URL | semmle.label | selection of URL |
 | SanitizingDoubleDash.go:9:13:9:27 | call to Query | semmle.label | call to Query |
 | SanitizingDoubleDash.go:13:15:13:32 | array literal [array] | semmle.label | array literal [array] |

go/ql/test/query-tests/Security/CWE-079/StoredXss.expected

@@ -1,11 +1,11 @@
 #select
 | stored.go:30:22:30:25 | name | stored.go:18:3:18:28 | ... := ...[0] | stored.go:30:22:30:25 | name | Stored cross-site scripting vulnerability due to $@. | stored.go:18:3:18:28 | ... := ...[0] | stored value |
-| stored.go:61:22:61:25 | path | stored.go:59:30:59:33 | definition of path | stored.go:61:22:61:25 | path | Stored cross-site scripting vulnerability due to $@. | stored.go:59:30:59:33 | definition of path | stored value |
+| stored.go:61:22:61:25 | path | stored.go:59:30:59:33 | SSA def(path) | stored.go:61:22:61:25 | path | Stored cross-site scripting vulnerability due to $@. | stored.go:59:30:59:33 | SSA def(path) | stored value |
 edges
 | stored.go:18:3:18:28 | ... := ...[0] | stored.go:25:14:25:17 | rows | provenance | Src:MaD:1  |
 | stored.go:25:14:25:17 | rows | stored.go:25:29:25:33 | &... [postupdate] | provenance | FunctionModel |
 | stored.go:25:29:25:33 | &... [postupdate] | stored.go:30:22:30:25 | name | provenance |  |
-| stored.go:59:30:59:33 | definition of path | stored.go:61:22:61:25 | path | provenance |  |
+| stored.go:59:30:59:33 | SSA def(path) | stored.go:61:22:61:25 | path | provenance |  |
 models
 | 1 | Source: database/sql; DB; true; Query; ; ; ReturnValue[0]; database; manual |
 nodes
@@ -13,7 +13,7 @@ nodes
 | stored.go:25:14:25:17 | rows | semmle.label | rows |
 | stored.go:25:29:25:33 | &... [postupdate] | semmle.label | &... [postupdate] |
 | stored.go:30:22:30:25 | name | semmle.label | name |
-| stored.go:59:30:59:33 | definition of path | semmle.label | definition of path |
+| stored.go:59:30:59:33 | SSA def(path) | semmle.label | SSA def(path) |
 | stored.go:61:22:61:25 | path | semmle.label | path |
 subpaths
 testFailures

go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected

@@ -1,80 +1,80 @@
 #select
 | klog.go:23:15:23:20 | header | klog.go:21:30:21:37 | selection of Header | klog.go:23:15:23:20 | header | $@ flows to a logging call. | klog.go:21:30:21:37 | selection of Header | Sensitive data returned by HTTP request headers |
 | klog.go:29:13:29:41 | call to Get | klog.go:29:13:29:20 | selection of Header | klog.go:29:13:29:41 | call to Get | $@ flows to a logging call. | klog.go:29:13:29:20 | selection of Header | Sensitive data returned by HTTP request headers |
-| main.go:19:12:19:19 | password | main.go:17:2:17:9 | definition of password | main.go:19:12:19:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
-| main.go:20:19:20:26 | password | main.go:17:2:17:9 | definition of password | main.go:20:19:20:26 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
-| main.go:21:13:21:20 | password | main.go:17:2:17:9 | definition of password | main.go:21:13:21:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
-| main.go:22:14:22:21 | password | main.go:17:2:17:9 | definition of password | main.go:22:14:22:21 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
-| main.go:24:13:24:20 | password | main.go:17:2:17:9 | definition of password | main.go:24:13:24:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
-| main.go:27:20:27:27 | password | main.go:17:2:17:9 | definition of password | main.go:27:20:27:27 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
-| main.go:30:14:30:21 | password | main.go:17:2:17:9 | definition of password | main.go:30:14:30:21 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
-| main.go:33:15:33:22 | password | main.go:17:2:17:9 | definition of password | main.go:33:15:33:22 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
-| main.go:36:13:36:20 | password | main.go:17:2:17:9 | definition of password | main.go:36:13:36:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
-| main.go:39:20:39:27 | password | main.go:17:2:17:9 | definition of password | main.go:39:20:39:27 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
-| main.go:42:14:42:21 | password | main.go:17:2:17:9 | definition of password | main.go:42:14:42:21 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
-| main.go:45:15:45:22 | password | main.go:17:2:17:9 | definition of password | main.go:45:15:45:22 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
-| main.go:47:16:47:23 | password | main.go:17:2:17:9 | definition of password | main.go:47:16:47:23 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
-| main.go:51:10:51:17 | password | main.go:17:2:17:9 | definition of password | main.go:51:10:51:17 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
-| main.go:52:17:52:24 | password | main.go:17:2:17:9 | definition of password | main.go:52:17:52:24 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
-| main.go:53:11:53:18 | password | main.go:17:2:17:9 | definition of password | main.go:53:11:53:18 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
-| main.go:54:12:54:19 | password | main.go:17:2:17:9 | definition of password | main.go:54:12:54:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
-| main.go:56:11:56:18 | password | main.go:17:2:17:9 | definition of password | main.go:56:11:56:18 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
-| main.go:59:18:59:25 | password | main.go:17:2:17:9 | definition of password | main.go:59:18:59:25 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
-| main.go:62:12:62:19 | password | main.go:17:2:17:9 | definition of password | main.go:62:12:62:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
-| main.go:65:13:65:20 | password | main.go:17:2:17:9 | definition of password | main.go:65:13:65:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
-| main.go:68:11:68:18 | password | main.go:17:2:17:9 | definition of password | main.go:68:11:68:18 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
-| main.go:71:18:71:25 | password | main.go:17:2:17:9 | definition of password | main.go:71:18:71:25 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
-| main.go:74:12:74:19 | password | main.go:17:2:17:9 | definition of password | main.go:74:12:74:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
-| main.go:77:13:77:20 | password | main.go:17:2:17:9 | definition of password | main.go:77:13:77:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
-| main.go:79:14:79:21 | password | main.go:17:2:17:9 | definition of password | main.go:79:14:79:21 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
-| main.go:82:12:82:19 | password | main.go:17:2:17:9 | definition of password | main.go:82:12:82:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
-| main.go:83:17:83:24 | password | main.go:17:2:17:9 | definition of password | main.go:83:17:83:24 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
-| main.go:87:29:87:34 | fields | main.go:17:2:17:9 | definition of password | main.go:87:29:87:34 | fields | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
-| main.go:90:35:90:42 | password | main.go:17:2:17:9 | definition of password | main.go:90:35:90:42 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
-| overrides.go:13:14:13:23 | call to String | overrides.go:8:2:8:9 | definition of password | overrides.go:13:14:13:23 | call to String | $@ flows to a logging call. | overrides.go:8:2:8:9 | definition of password | Sensitive data returned by an access to password |
-| passwords.go:9:14:9:14 | x | passwords.go:21:2:21:9 | definition of password | passwords.go:9:14:9:14 | x | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
-| passwords.go:25:14:25:21 | password | passwords.go:21:2:21:9 | definition of password | passwords.go:25:14:25:21 | password | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
+| main.go:19:12:19:19 | password | main.go:17:2:17:9 | SSA def(password) | main.go:19:12:19:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:20:19:20:26 | password | main.go:17:2:17:9 | SSA def(password) | main.go:20:19:20:26 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:21:13:21:20 | password | main.go:17:2:17:9 | SSA def(password) | main.go:21:13:21:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:22:14:22:21 | password | main.go:17:2:17:9 | SSA def(password) | main.go:22:14:22:21 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:24:13:24:20 | password | main.go:17:2:17:9 | SSA def(password) | main.go:24:13:24:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:27:20:27:27 | password | main.go:17:2:17:9 | SSA def(password) | main.go:27:20:27:27 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:30:14:30:21 | password | main.go:17:2:17:9 | SSA def(password) | main.go:30:14:30:21 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:33:15:33:22 | password | main.go:17:2:17:9 | SSA def(password) | main.go:33:15:33:22 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:36:13:36:20 | password | main.go:17:2:17:9 | SSA def(password) | main.go:36:13:36:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:39:20:39:27 | password | main.go:17:2:17:9 | SSA def(password) | main.go:39:20:39:27 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:42:14:42:21 | password | main.go:17:2:17:9 | SSA def(password) | main.go:42:14:42:21 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:45:15:45:22 | password | main.go:17:2:17:9 | SSA def(password) | main.go:45:15:45:22 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:47:16:47:23 | password | main.go:17:2:17:9 | SSA def(password) | main.go:47:16:47:23 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:51:10:51:17 | password | main.go:17:2:17:9 | SSA def(password) | main.go:51:10:51:17 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:52:17:52:24 | password | main.go:17:2:17:9 | SSA def(password) | main.go:52:17:52:24 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:53:11:53:18 | password | main.go:17:2:17:9 | SSA def(password) | main.go:53:11:53:18 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:54:12:54:19 | password | main.go:17:2:17:9 | SSA def(password) | main.go:54:12:54:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:56:11:56:18 | password | main.go:17:2:17:9 | SSA def(password) | main.go:56:11:56:18 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:59:18:59:25 | password | main.go:17:2:17:9 | SSA def(password) | main.go:59:18:59:25 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:62:12:62:19 | password | main.go:17:2:17:9 | SSA def(password) | main.go:62:12:62:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:65:13:65:20 | password | main.go:17:2:17:9 | SSA def(password) | main.go:65:13:65:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:68:11:68:18 | password | main.go:17:2:17:9 | SSA def(password) | main.go:68:11:68:18 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:71:18:71:25 | password | main.go:17:2:17:9 | SSA def(password) | main.go:71:18:71:25 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:74:12:74:19 | password | main.go:17:2:17:9 | SSA def(password) | main.go:74:12:74:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:77:13:77:20 | password | main.go:17:2:17:9 | SSA def(password) | main.go:77:13:77:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:79:14:79:21 | password | main.go:17:2:17:9 | SSA def(password) | main.go:79:14:79:21 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:82:12:82:19 | password | main.go:17:2:17:9 | SSA def(password) | main.go:82:12:82:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:83:17:83:24 | password | main.go:17:2:17:9 | SSA def(password) | main.go:83:17:83:24 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:87:29:87:34 | fields | main.go:17:2:17:9 | SSA def(password) | main.go:87:29:87:34 | fields | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:90:35:90:42 | password | main.go:17:2:17:9 | SSA def(password) | main.go:90:35:90:42 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| overrides.go:13:14:13:23 | call to String | overrides.go:8:2:8:9 | SSA def(password) | overrides.go:13:14:13:23 | call to String | $@ flows to a logging call. | overrides.go:8:2:8:9 | SSA def(password) | Sensitive data returned by an access to password |
+| passwords.go:9:14:9:14 | x | passwords.go:21:2:21:9 | SSA def(password) | passwords.go:9:14:9:14 | x | $@ flows to a logging call. | passwords.go:21:2:21:9 | SSA def(password) | Sensitive data returned by an access to password |
+| passwords.go:25:14:25:21 | password | passwords.go:21:2:21:9 | SSA def(password) | passwords.go:25:14:25:21 | password | $@ flows to a logging call. | passwords.go:21:2:21:9 | SSA def(password) | Sensitive data returned by an access to password |
 | passwords.go:26:14:26:23 | selection of password | passwords.go:26:14:26:23 | selection of password | passwords.go:26:14:26:23 | selection of password | $@ flows to a logging call. | passwords.go:26:14:26:23 | selection of password | Sensitive data returned by an access to password |
 | passwords.go:27:14:27:26 | call to getPassword | passwords.go:27:14:27:26 | call to getPassword | passwords.go:27:14:27:26 | call to getPassword | $@ flows to a logging call. | passwords.go:27:14:27:26 | call to getPassword | Sensitive data returned by a call to getPassword |
 | passwords.go:28:14:28:28 | call to getPassword | passwords.go:28:14:28:28 | call to getPassword | passwords.go:28:14:28:28 | call to getPassword | $@ flows to a logging call. | passwords.go:28:14:28:28 | call to getPassword | Sensitive data returned by a call to getPassword |
-| passwords.go:33:13:33:20 | password | passwords.go:21:2:21:9 | definition of password | passwords.go:33:13:33:20 | password | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
-| passwords.go:36:14:36:35 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:36:14:36:35 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
+| passwords.go:33:13:33:20 | password | passwords.go:21:2:21:9 | SSA def(password) | passwords.go:33:13:33:20 | password | $@ flows to a logging call. | passwords.go:21:2:21:9 | SSA def(password) | Sensitive data returned by an access to password |
+| passwords.go:36:14:36:35 | ...+... | passwords.go:21:2:21:9 | SSA def(password) | passwords.go:36:14:36:35 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | SSA def(password) | Sensitive data returned by an access to password |
 | passwords.go:41:14:41:17 | obj1 | passwords.go:39:13:39:13 | x | passwords.go:41:14:41:17 | obj1 | $@ flows to a logging call. | passwords.go:39:13:39:13 | x | Sensitive data returned by an access to password |
-| passwords.go:46:14:46:17 | obj2 | passwords.go:21:2:21:9 | definition of password | passwords.go:46:14:46:17 | obj2 | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
-| passwords.go:53:14:53:27 | fixed_password | passwords.go:52:2:52:15 | definition of fixed_password | passwords.go:53:14:53:27 | fixed_password | $@ flows to a logging call. | passwords.go:52:2:52:15 | definition of fixed_password | Sensitive data returned by an access to fixed_password |
+| passwords.go:46:14:46:17 | obj2 | passwords.go:21:2:21:9 | SSA def(password) | passwords.go:46:14:46:17 | obj2 | $@ flows to a logging call. | passwords.go:21:2:21:9 | SSA def(password) | Sensitive data returned by an access to password |
+| passwords.go:53:14:53:27 | fixed_password | passwords.go:52:2:52:15 | SSA def(fixed_password) | passwords.go:53:14:53:27 | fixed_password | $@ flows to a logging call. | passwords.go:52:2:52:15 | SSA def(fixed_password) | Sensitive data returned by an access to fixed_password |
 | passwords.go:91:14:91:26 | utilityObject | passwords.go:89:16:89:36 | call to make | passwords.go:91:14:91:26 | utilityObject | $@ flows to a logging call. | passwords.go:89:16:89:36 | call to make | Sensitive data returned by an access to passwordSet |
-| passwords.go:94:23:94:28 | secret | passwords.go:21:2:21:9 | definition of password | passwords.go:94:23:94:28 | secret | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
-| passwords.go:104:15:104:40 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:104:15:104:40 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
-| passwords.go:110:16:110:41 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:110:16:110:41 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
-| passwords.go:115:15:115:40 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:115:15:115:40 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
-| passwords.go:119:14:119:45 | ...+... | passwords.go:118:6:118:14 | definition of password1 | passwords.go:119:14:119:45 | ...+... | $@ flows to a logging call. | passwords.go:118:6:118:14 | definition of password1 | Sensitive data returned by an access to password1 |
-| passwords.go:129:14:129:19 | config | passwords.go:21:2:21:9 | definition of password | passwords.go:129:14:129:19 | config | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
+| passwords.go:94:23:94:28 | secret | passwords.go:21:2:21:9 | SSA def(password) | passwords.go:94:23:94:28 | secret | $@ flows to a logging call. | passwords.go:21:2:21:9 | SSA def(password) | Sensitive data returned by an access to password |
+| passwords.go:104:15:104:40 | ...+... | passwords.go:21:2:21:9 | SSA def(password) | passwords.go:104:15:104:40 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | SSA def(password) | Sensitive data returned by an access to password |
+| passwords.go:110:16:110:41 | ...+... | passwords.go:21:2:21:9 | SSA def(password) | passwords.go:110:16:110:41 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | SSA def(password) | Sensitive data returned by an access to password |
+| passwords.go:115:15:115:40 | ...+... | passwords.go:21:2:21:9 | SSA def(password) | passwords.go:115:15:115:40 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | SSA def(password) | Sensitive data returned by an access to password |
+| passwords.go:119:14:119:45 | ...+... | passwords.go:118:6:118:14 | SSA def(password1) | passwords.go:119:14:119:45 | ...+... | $@ flows to a logging call. | passwords.go:118:6:118:14 | SSA def(password1) | Sensitive data returned by an access to password1 |
+| passwords.go:129:14:129:19 | config | passwords.go:21:2:21:9 | SSA def(password) | passwords.go:129:14:129:19 | config | $@ flows to a logging call. | passwords.go:21:2:21:9 | SSA def(password) | Sensitive data returned by an access to password |
 | passwords.go:129:14:129:19 | config | passwords.go:123:13:123:14 | x3 | passwords.go:129:14:129:19 | config | $@ flows to a logging call. | passwords.go:123:13:123:14 | x3 | Sensitive data returned by an access to password |
 | passwords.go:129:14:129:19 | config | passwords.go:126:13:126:25 | call to getPassword | passwords.go:129:14:129:19 | config | $@ flows to a logging call. | passwords.go:126:13:126:25 | call to getPassword | Sensitive data returned by a call to getPassword |
-| passwords.go:130:14:130:21 | selection of x | passwords.go:21:2:21:9 | definition of password | passwords.go:130:14:130:21 | selection of x | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
+| passwords.go:130:14:130:21 | selection of x | passwords.go:21:2:21:9 | SSA def(password) | passwords.go:130:14:130:21 | selection of x | $@ flows to a logging call. | passwords.go:21:2:21:9 | SSA def(password) | Sensitive data returned by an access to password |
 | passwords.go:131:14:131:21 | selection of y | passwords.go:126:13:126:25 | call to getPassword | passwords.go:131:14:131:21 | selection of y | $@ flows to a logging call. | passwords.go:126:13:126:25 | call to getPassword | Sensitive data returned by a call to getPassword |
-| protobuf.go:14:14:14:35 | call to GetDescription | protobuf.go:9:2:9:9 | definition of password | protobuf.go:14:14:14:35 | call to GetDescription | $@ flows to a logging call. | protobuf.go:9:2:9:9 | definition of password | Sensitive data returned by an access to password |
+| protobuf.go:14:14:14:35 | call to GetDescription | protobuf.go:9:2:9:9 | SSA def(password) | protobuf.go:14:14:14:35 | call to GetDescription | $@ flows to a logging call. | protobuf.go:9:2:9:9 | SSA def(password) | Sensitive data returned by an access to password |
 edges
 | klog.go:21:3:26:3 | range statement[1] | klog.go:22:27:22:33 | headers | provenance |  |
 | klog.go:21:30:21:37 | selection of Header | klog.go:21:3:26:3 | range statement[1] | provenance | Src:MaD:11 Config |
 | klog.go:22:4:25:4 | range statement[1] | klog.go:23:15:23:20 | header | provenance |  |
 | klog.go:22:27:22:33 | headers | klog.go:22:4:25:4 | range statement[1] | provenance | Config |
 | klog.go:29:13:29:20 | selection of Header | klog.go:29:13:29:41 | call to Get | provenance | Src:MaD:11 Config |
-| main.go:17:2:17:9 | definition of password | main.go:19:12:19:19 | password | provenance |  |
-| main.go:17:2:17:9 | definition of password | main.go:20:19:20:26 | password | provenance |  |
-| main.go:17:2:17:9 | definition of password | main.go:21:13:21:20 | password | provenance | Sink:MaD:6 |
-| main.go:17:2:17:9 | definition of password | main.go:22:14:22:21 | password | provenance |  |
-| main.go:17:2:17:9 | definition of password | main.go:24:13:24:20 | password | provenance |  |
-| main.go:17:2:17:9 | definition of password | main.go:27:20:27:27 | password | provenance |  |
-| main.go:17:2:17:9 | definition of password | main.go:30:14:30:21 | password | provenance | Sink:MaD:3 |
-| main.go:17:2:17:9 | definition of password | main.go:33:15:33:22 | password | provenance |  |
-| main.go:17:2:17:9 | definition of password | main.go:36:13:36:20 | password | provenance |  |
-| main.go:17:2:17:9 | definition of password | main.go:39:20:39:27 | password | provenance |  |
-| main.go:17:2:17:9 | definition of password | main.go:42:14:42:21 | password | provenance | Sink:MaD:5 |
-| main.go:17:2:17:9 | definition of password | main.go:45:15:45:22 | password | provenance |  |
-| main.go:17:2:17:9 | definition of password | main.go:47:16:47:23 | password | provenance | Sink:MaD:4 |
-| main.go:17:2:17:9 | definition of password | main.go:51:10:51:17 | password | provenance |  |
-| main.go:17:2:17:9 | definition of password | main.go:51:10:51:17 | password | provenance |  |
+| main.go:17:2:17:9 | SSA def(password) | main.go:19:12:19:19 | password | provenance |  |
+| main.go:17:2:17:9 | SSA def(password) | main.go:20:19:20:26 | password | provenance |  |
+| main.go:17:2:17:9 | SSA def(password) | main.go:21:13:21:20 | password | provenance | Sink:MaD:6 |
+| main.go:17:2:17:9 | SSA def(password) | main.go:22:14:22:21 | password | provenance |  |
+| main.go:17:2:17:9 | SSA def(password) | main.go:24:13:24:20 | password | provenance |  |
+| main.go:17:2:17:9 | SSA def(password) | main.go:27:20:27:27 | password | provenance |  |
+| main.go:17:2:17:9 | SSA def(password) | main.go:30:14:30:21 | password | provenance | Sink:MaD:3 |
+| main.go:17:2:17:9 | SSA def(password) | main.go:33:15:33:22 | password | provenance |  |
+| main.go:17:2:17:9 | SSA def(password) | main.go:36:13:36:20 | password | provenance |  |
+| main.go:17:2:17:9 | SSA def(password) | main.go:39:20:39:27 | password | provenance |  |
+| main.go:17:2:17:9 | SSA def(password) | main.go:42:14:42:21 | password | provenance | Sink:MaD:5 |
+| main.go:17:2:17:9 | SSA def(password) | main.go:45:15:45:22 | password | provenance |  |
+| main.go:17:2:17:9 | SSA def(password) | main.go:47:16:47:23 | password | provenance | Sink:MaD:4 |
+| main.go:17:2:17:9 | SSA def(password) | main.go:51:10:51:17 | password | provenance |  |
+| main.go:17:2:17:9 | SSA def(password) | main.go:51:10:51:17 | password | provenance |  |
 | main.go:51:10:51:17 | password | main.go:52:17:52:24 | password | provenance |  |
 | main.go:51:10:51:17 | password | main.go:52:17:52:24 | password | provenance |  |
 | main.go:52:17:52:24 | password | main.go:53:11:53:18 | password | provenance |  |
@@ -97,14 +97,14 @@ edges
 | main.go:86:2:86:7 | fields [postupdate] | main.go:87:29:87:34 | fields | provenance | Sink:MaD:2 |
 | main.go:86:19:86:26 | password | main.go:86:2:86:7 | fields [postupdate] | provenance | Config |
 | main.go:86:19:86:26 | password | main.go:90:35:90:42 | password | provenance | Sink:MaD:1 |
-| overrides.go:8:2:8:9 | definition of password | overrides.go:9:9:9:16 | password | provenance |  |
+| overrides.go:8:2:8:9 | SSA def(password) | overrides.go:9:9:9:16 | password | provenance |  |
 | overrides.go:9:9:9:16 | password | overrides.go:13:14:13:23 | call to String | provenance |  |
-| passwords.go:8:12:8:12 | definition of x | passwords.go:9:14:9:14 | x | provenance |  |
-| passwords.go:21:2:21:9 | definition of password | passwords.go:25:14:25:21 | password | provenance |  |
-| passwords.go:21:2:21:9 | definition of password | passwords.go:30:8:30:15 | password | provenance |  |
-| passwords.go:21:2:21:9 | definition of password | passwords.go:33:13:33:20 | password | provenance |  |
-| passwords.go:21:2:21:9 | definition of password | passwords.go:36:28:36:35 | password | provenance |  |
-| passwords.go:30:8:30:15 | password | passwords.go:8:12:8:12 | definition of x | provenance |  |
+| passwords.go:8:12:8:12 | SSA def(x) | passwords.go:9:14:9:14 | x | provenance |  |
+| passwords.go:21:2:21:9 | SSA def(password) | passwords.go:25:14:25:21 | password | provenance |  |
+| passwords.go:21:2:21:9 | SSA def(password) | passwords.go:30:8:30:15 | password | provenance |  |
+| passwords.go:21:2:21:9 | SSA def(password) | passwords.go:33:13:33:20 | password | provenance |  |
+| passwords.go:21:2:21:9 | SSA def(password) | passwords.go:36:28:36:35 | password | provenance |  |
+| passwords.go:30:8:30:15 | password | passwords.go:8:12:8:12 | SSA def(x) | provenance |  |
 | passwords.go:36:28:36:35 | password | passwords.go:36:14:36:35 | ...+... | provenance | Config |
 | passwords.go:36:28:36:35 | password | passwords.go:44:6:44:13 | password | provenance |  |
 | passwords.go:38:10:40:2 | struct literal | passwords.go:41:14:41:17 | obj1 | provenance |  |
@@ -117,7 +117,7 @@ edges
 | passwords.go:50:11:50:18 | password | passwords.go:110:34:110:41 | password | provenance |  |
 | passwords.go:50:11:50:18 | password | passwords.go:115:33:115:40 | password | provenance |  |
 | passwords.go:50:11:50:18 | password | passwords.go:125:13:125:20 | password | provenance |  |
-| passwords.go:52:2:52:15 | definition of fixed_password | passwords.go:53:14:53:27 | fixed_password | provenance |  |
+| passwords.go:52:2:52:15 | SSA def(fixed_password) | passwords.go:53:14:53:27 | fixed_password | provenance |  |
 | passwords.go:88:19:90:2 | struct literal | passwords.go:91:14:91:26 | utilityObject | provenance |  |
 | passwords.go:89:16:89:36 | call to make | passwords.go:88:19:90:2 | struct literal | provenance | Config |
 | passwords.go:104:33:104:40 | password | passwords.go:104:15:104:40 | ...+... | provenance | Config |
@@ -129,7 +129,7 @@ edges
 | passwords.go:110:34:110:41 | password | passwords.go:125:13:125:20 | password | provenance |  |
 | passwords.go:115:33:115:40 | password | passwords.go:115:15:115:40 | ...+... | provenance | Config |
 | passwords.go:115:33:115:40 | password | passwords.go:125:13:125:20 | password | provenance |  |
-| passwords.go:118:6:118:14 | definition of password1 | passwords.go:119:28:119:36 | password1 | provenance |  |
+| passwords.go:118:6:118:14 | SSA def(password1) | passwords.go:119:28:119:36 | password1 | provenance |  |
 | passwords.go:119:28:119:36 | password1 | passwords.go:119:28:119:45 | call to String | provenance | Config |
 | passwords.go:119:28:119:45 | call to String | passwords.go:119:14:119:45 | ...+... | provenance | Config |
 | passwords.go:122:12:127:2 | struct literal | passwords.go:129:14:129:19 | config | provenance |  |
@@ -142,13 +142,13 @@ edges
 | passwords.go:126:13:126:25 | call to getPassword | passwords.go:122:12:127:2 | struct literal [y] | provenance |  |
 | passwords.go:130:14:130:19 | config [x] | passwords.go:130:14:130:21 | selection of x | provenance |  |
 | passwords.go:131:14:131:19 | config [y] | passwords.go:131:14:131:21 | selection of y | provenance |  |
-| protobuf.go:9:2:9:9 | definition of password | protobuf.go:12:22:12:29 | password | provenance |  |
+| protobuf.go:9:2:9:9 | SSA def(password) | protobuf.go:12:22:12:29 | password | provenance |  |
 | protobuf.go:12:2:12:6 | implicit dereference [postupdate] [Description] | protobuf.go:12:2:12:6 | query [postupdate] [pointer, Description] | provenance |  |
 | protobuf.go:12:2:12:6 | query [postupdate] [pointer, Description] | protobuf.go:14:14:14:18 | query [pointer, Description] | provenance |  |
 | protobuf.go:12:22:12:29 | password | protobuf.go:12:2:12:6 | implicit dereference [postupdate] [Description] | provenance |  |
 | protobuf.go:14:14:14:18 | query [pointer, Description] | protobuf.go:14:14:14:35 | call to GetDescription | provenance |  |
-| protobuf.go:14:14:14:18 | query [pointer, Description] | protos/query/query.pb.go:117:7:117:7 | definition of x [pointer, Description] | provenance |  |
-| protos/query/query.pb.go:117:7:117:7 | definition of x [pointer, Description] | protos/query/query.pb.go:119:10:119:10 | x [pointer, Description] | provenance |  |
+| protobuf.go:14:14:14:18 | query [pointer, Description] | protos/query/query.pb.go:117:7:117:7 | SSA def(x) [pointer, Description] | provenance |  |
+| protos/query/query.pb.go:117:7:117:7 | SSA def(x) [pointer, Description] | protos/query/query.pb.go:119:10:119:10 | x [pointer, Description] | provenance |  |
 | protos/query/query.pb.go:119:10:119:10 | implicit dereference [Description] | protos/query/query.pb.go:119:10:119:22 | selection of Description | provenance |  |
 | protos/query/query.pb.go:119:10:119:10 | x [pointer, Description] | protos/query/query.pb.go:119:10:119:10 | implicit dereference [Description] | provenance |  |
 models
@@ -171,7 +171,7 @@ nodes
 | klog.go:23:15:23:20 | header | semmle.label | header |
 | klog.go:29:13:29:20 | selection of Header | semmle.label | selection of Header |
 | klog.go:29:13:29:41 | call to Get | semmle.label | call to Get |
-| main.go:17:2:17:9 | definition of password | semmle.label | definition of password |
+| main.go:17:2:17:9 | SSA def(password) | semmle.label | SSA def(password) |
 | main.go:19:12:19:19 | password | semmle.label | password |
 | main.go:20:19:20:26 | password | semmle.label | password |
 | main.go:21:13:21:20 | password | semmle.label | password |
@@ -209,12 +209,12 @@ nodes
 | main.go:86:19:86:26 | password | semmle.label | password |
 | main.go:87:29:87:34 | fields | semmle.label | fields |
 | main.go:90:35:90:42 | password | semmle.label | password |
-| overrides.go:8:2:8:9 | definition of password | semmle.label | definition of password |
+| overrides.go:8:2:8:9 | SSA def(password) | semmle.label | SSA def(password) |
 | overrides.go:9:9:9:16 | password | semmle.label | password |
 | overrides.go:13:14:13:23 | call to String | semmle.label | call to String |
-| passwords.go:8:12:8:12 | definition of x | semmle.label | definition of x |
+| passwords.go:8:12:8:12 | SSA def(x) | semmle.label | SSA def(x) |
 | passwords.go:9:14:9:14 | x | semmle.label | x |
-| passwords.go:21:2:21:9 | definition of password | semmle.label | definition of password |
+| passwords.go:21:2:21:9 | SSA def(password) | semmle.label | SSA def(password) |
 | passwords.go:25:14:25:21 | password | semmle.label | password |
 | passwords.go:26:14:26:23 | selection of password | semmle.label | selection of password |
 | passwords.go:27:14:27:26 | call to getPassword | semmle.label | call to getPassword |
@@ -230,7 +230,7 @@ nodes
 | passwords.go:44:6:44:13 | password | semmle.label | password |
 | passwords.go:46:14:46:17 | obj2 | semmle.label | obj2 |
 | passwords.go:50:11:50:18 | password | semmle.label | password |
-| passwords.go:52:2:52:15 | definition of fixed_password | semmle.label | definition of fixed_password |
+| passwords.go:52:2:52:15 | SSA def(fixed_password) | semmle.label | SSA def(fixed_password) |
 | passwords.go:53:14:53:27 | fixed_password | semmle.label | fixed_password |
 | passwords.go:88:19:90:2 | struct literal | semmle.label | struct literal |
 | passwords.go:89:16:89:36 | call to make | semmle.label | call to make |
@@ -242,7 +242,7 @@ nodes
 | passwords.go:110:34:110:41 | password | semmle.label | password |
 | passwords.go:115:15:115:40 | ...+... | semmle.label | ...+... |
 | passwords.go:115:33:115:40 | password | semmle.label | password |
-| passwords.go:118:6:118:14 | definition of password1 | semmle.label | definition of password1 |
+| passwords.go:118:6:118:14 | SSA def(password1) | semmle.label | SSA def(password1) |
 | passwords.go:119:14:119:45 | ...+... | semmle.label | ...+... |
 | passwords.go:119:28:119:36 | password1 | semmle.label | password1 |
 | passwords.go:119:28:119:45 | call to String | semmle.label | call to String |
@@ -257,15 +257,15 @@ nodes
 | passwords.go:130:14:130:21 | selection of x | semmle.label | selection of x |
 | passwords.go:131:14:131:19 | config [y] | semmle.label | config [y] |
 | passwords.go:131:14:131:21 | selection of y | semmle.label | selection of y |
-| protobuf.go:9:2:9:9 | definition of password | semmle.label | definition of password |
+| protobuf.go:9:2:9:9 | SSA def(password) | semmle.label | SSA def(password) |
 | protobuf.go:12:2:12:6 | implicit dereference [postupdate] [Description] | semmle.label | implicit dereference [postupdate] [Description] |
 | protobuf.go:12:2:12:6 | query [postupdate] [pointer, Description] | semmle.label | query [postupdate] [pointer, Description] |
 | protobuf.go:12:22:12:29 | password | semmle.label | password |
 | protobuf.go:14:14:14:18 | query [pointer, Description] | semmle.label | query [pointer, Description] |
 | protobuf.go:14:14:14:35 | call to GetDescription | semmle.label | call to GetDescription |
-| protos/query/query.pb.go:117:7:117:7 | definition of x [pointer, Description] | semmle.label | definition of x [pointer, Description] |
+| protos/query/query.pb.go:117:7:117:7 | SSA def(x) [pointer, Description] | semmle.label | SSA def(x) [pointer, Description] |
 | protos/query/query.pb.go:119:10:119:10 | implicit dereference [Description] | semmle.label | implicit dereference [Description] |
 | protos/query/query.pb.go:119:10:119:10 | x [pointer, Description] | semmle.label | x [pointer, Description] |
 | protos/query/query.pb.go:119:10:119:22 | selection of Description | semmle.label | selection of Description |
 subpaths
-| protobuf.go:14:14:14:18 | query [pointer, Description] | protos/query/query.pb.go:117:7:117:7 | definition of x [pointer, Description] | protos/query/query.pb.go:119:10:119:22 | selection of Description | protobuf.go:14:14:14:35 | call to GetDescription |
+| protobuf.go:14:14:14:18 | query [pointer, Description] | protos/query/query.pb.go:117:7:117:7 | SSA def(x) [pointer, Description] | protos/query/query.pb.go:119:10:119:22 | selection of Description | protobuf.go:14:14:14:35 | call to GetDescription |

go/ql/test/query-tests/Security/CWE-322/InsecureHostKeyCallback.expected

@@ -3,18 +3,18 @@ edges
 | InsecureHostKeyCallbackExample.go:31:14:34:4 | type conversion | InsecureHostKeyCallbackExample.go:39:20:39:27 | callback | provenance |  |
 | InsecureHostKeyCallbackExample.go:32:3:34:3 | function literal | InsecureHostKeyCallbackExample.go:31:14:34:4 | type conversion | provenance |  |
 | InsecureHostKeyCallbackExample.go:45:3:47:3 | function literal | InsecureHostKeyCallbackExample.go:52:20:52:48 | type conversion | provenance |  |
-| InsecureHostKeyCallbackExample.go:58:39:58:46 | definition of callback | InsecureHostKeyCallbackExample.go:62:20:62:27 | callback | provenance |  |
-| InsecureHostKeyCallbackExample.go:68:48:68:55 | definition of callback | InsecureHostKeyCallbackExample.go:78:28:78:35 | callback | provenance |  |
+| InsecureHostKeyCallbackExample.go:58:39:58:46 | SSA def(callback) | InsecureHostKeyCallbackExample.go:62:20:62:27 | callback | provenance |  |
+| InsecureHostKeyCallbackExample.go:68:48:68:55 | SSA def(callback) | InsecureHostKeyCallbackExample.go:78:28:78:35 | callback | provenance |  |
 | InsecureHostKeyCallbackExample.go:94:3:94:43 | ... := ...[0] | InsecureHostKeyCallbackExample.go:95:28:95:35 | callback | provenance |  |
 | InsecureHostKeyCallbackExample.go:102:22:105:4 | type conversion | InsecureHostKeyCallbackExample.go:107:35:107:50 | insecureCallback | provenance |  |
 | InsecureHostKeyCallbackExample.go:103:3:105:3 | function literal | InsecureHostKeyCallbackExample.go:102:22:105:4 | type conversion | provenance |  |
-| InsecureHostKeyCallbackExample.go:107:35:107:50 | insecureCallback | InsecureHostKeyCallbackExample.go:58:39:58:46 | definition of callback | provenance |  |
+| InsecureHostKeyCallbackExample.go:107:35:107:50 | insecureCallback | InsecureHostKeyCallbackExample.go:58:39:58:46 | SSA def(callback) | provenance |  |
 | InsecureHostKeyCallbackExample.go:109:31:115:4 | type conversion | InsecureHostKeyCallbackExample.go:117:35:117:59 | potentiallySecureCallback | provenance |  |
 | InsecureHostKeyCallbackExample.go:109:31:115:4 | type conversion | InsecureHostKeyCallbackExample.go:120:44:120:68 | potentiallySecureCallback | provenance |  |
 | InsecureHostKeyCallbackExample.go:110:3:115:3 | function literal | InsecureHostKeyCallbackExample.go:109:31:115:4 | type conversion | provenance |  |
-| InsecureHostKeyCallbackExample.go:117:35:117:59 | potentiallySecureCallback | InsecureHostKeyCallbackExample.go:58:39:58:46 | definition of callback | provenance |  |
-| InsecureHostKeyCallbackExample.go:118:35:118:61 | call to InsecureIgnoreHostKey | InsecureHostKeyCallbackExample.go:58:39:58:46 | definition of callback | provenance |  |
-| InsecureHostKeyCallbackExample.go:120:44:120:68 | potentiallySecureCallback | InsecureHostKeyCallbackExample.go:68:48:68:55 | definition of callback | provenance |  |
+| InsecureHostKeyCallbackExample.go:117:35:117:59 | potentiallySecureCallback | InsecureHostKeyCallbackExample.go:58:39:58:46 | SSA def(callback) | provenance |  |
+| InsecureHostKeyCallbackExample.go:118:35:118:61 | call to InsecureIgnoreHostKey | InsecureHostKeyCallbackExample.go:58:39:58:46 | SSA def(callback) | provenance |  |
+| InsecureHostKeyCallbackExample.go:120:44:120:68 | potentiallySecureCallback | InsecureHostKeyCallbackExample.go:68:48:68:55 | SSA def(callback) | provenance |  |
 nodes
 | InsecureHostKeyCallbackExample.go:15:20:18:5 | type conversion | semmle.label | type conversion |
 | InsecureHostKeyCallbackExample.go:16:4:18:4 | function literal | semmle.label | function literal |
@@ -24,9 +24,9 @@ nodes
 | InsecureHostKeyCallbackExample.go:39:20:39:27 | callback | semmle.label | callback |
 | InsecureHostKeyCallbackExample.go:45:3:47:3 | function literal | semmle.label | function literal |
 | InsecureHostKeyCallbackExample.go:52:20:52:48 | type conversion | semmle.label | type conversion |
-| InsecureHostKeyCallbackExample.go:58:39:58:46 | definition of callback | semmle.label | definition of callback |
+| InsecureHostKeyCallbackExample.go:58:39:58:46 | SSA def(callback) | semmle.label | SSA def(callback) |
 | InsecureHostKeyCallbackExample.go:62:20:62:27 | callback | semmle.label | callback |
-| InsecureHostKeyCallbackExample.go:68:48:68:55 | definition of callback | semmle.label | definition of callback |
+| InsecureHostKeyCallbackExample.go:68:48:68:55 | SSA def(callback) | semmle.label | SSA def(callback) |
 | InsecureHostKeyCallbackExample.go:76:28:76:54 | call to InsecureIgnoreHostKey | semmle.label | call to InsecureIgnoreHostKey |
 | InsecureHostKeyCallbackExample.go:78:28:78:35 | callback | semmle.label | callback |
 | InsecureHostKeyCallbackExample.go:92:28:92:54 | call to InsecureIgnoreHostKey | semmle.label | call to InsecureIgnoreHostKey |

go/ql/test/query-tests/Security/CWE-326/InsufficientKeySize.expected

@@ -1,7 +1,7 @@
 edges
 | InsufficientKeySize.go:13:10:13:13 | 1024 | InsufficientKeySize.go:14:31:14:34 | size | provenance |  |
-| InsufficientKeySize.go:18:7:18:10 | 1024 | InsufficientKeySize.go:25:11:25:14 | definition of size | provenance |  |
-| InsufficientKeySize.go:25:11:25:14 | definition of size | InsufficientKeySize.go:26:31:26:34 | size | provenance |  |
+| InsufficientKeySize.go:18:7:18:10 | 1024 | InsufficientKeySize.go:25:11:25:14 | SSA def(size) | provenance |  |
+| InsufficientKeySize.go:25:11:25:14 | SSA def(size) | InsufficientKeySize.go:26:31:26:34 | size | provenance |  |
 | InsufficientKeySize.go:30:13:30:16 | 1024 | InsufficientKeySize.go:32:32:32:38 | keyBits | provenance |  |
 | InsufficientKeySize.go:44:13:44:16 | 1024 | InsufficientKeySize.go:47:32:47:38 | keyBits | provenance |  |
 | InsufficientKeySize.go:61:21:61:24 | 1024 | InsufficientKeySize.go:67:31:67:37 | keyBits | provenance |  |
@@ -10,7 +10,7 @@ nodes
 | InsufficientKeySize.go:13:10:13:13 | 1024 | semmle.label | 1024 |
 | InsufficientKeySize.go:14:31:14:34 | size | semmle.label | size |
 | InsufficientKeySize.go:18:7:18:10 | 1024 | semmle.label | 1024 |
-| InsufficientKeySize.go:25:11:25:14 | definition of size | semmle.label | definition of size |
+| InsufficientKeySize.go:25:11:25:14 | SSA def(size) | semmle.label | SSA def(size) |
 | InsufficientKeySize.go:26:31:26:34 | size | semmle.label | size |
 | InsufficientKeySize.go:30:13:30:16 | 1024 | semmle.label | 1024 |
 | InsufficientKeySize.go:32:32:32:38 | keyBits | semmle.label | keyBits |

go/ql/test/query-tests/Security/CWE-347/MissingJwtSignatureCheck.expected

@@ -5,15 +5,15 @@ edges
 | go-jose.v3.go:25:16:25:20 | selection of URL | go-jose.v3.go:25:16:25:28 | call to Query | provenance | Src:MaD:3 MaD:5 |
 | go-jose.v3.go:25:16:25:28 | call to Query | go-jose.v3.go:25:16:25:47 | call to Get | provenance | MaD:6 |
 | go-jose.v3.go:25:16:25:47 | call to Get | go-jose.v3.go:26:15:26:25 | signedToken | provenance |  |
-| go-jose.v3.go:26:15:26:25 | signedToken | go-jose.v3.go:29:19:29:29 | definition of signedToken | provenance |  |
-| go-jose.v3.go:29:19:29:29 | definition of signedToken | go-jose.v3.go:31:37:31:47 | signedToken | provenance |  |
+| go-jose.v3.go:26:15:26:25 | signedToken | go-jose.v3.go:29:19:29:29 | SSA def(signedToken) | provenance |  |
+| go-jose.v3.go:29:19:29:29 | SSA def(signedToken) | go-jose.v3.go:31:37:31:47 | signedToken | provenance |  |
 | go-jose.v3.go:31:2:31:48 | ... := ...[0] | go-jose.v3.go:33:12:33:23 | DecodedToken | provenance | Sink:MaD:2 |
 | go-jose.v3.go:31:37:31:47 | signedToken | go-jose.v3.go:31:2:31:48 | ... := ...[0] | provenance | MaD:4 |
 | golang-jwt-v5.go:28:16:28:20 | selection of URL | golang-jwt-v5.go:28:16:28:28 | call to Query | provenance | Src:MaD:3 MaD:5 |
 | golang-jwt-v5.go:28:16:28:28 | call to Query | golang-jwt-v5.go:28:16:28:47 | call to Get | provenance | MaD:6 |
 | golang-jwt-v5.go:28:16:28:47 | call to Get | golang-jwt-v5.go:29:25:29:35 | signedToken | provenance |  |
-| golang-jwt-v5.go:29:25:29:35 | signedToken | golang-jwt-v5.go:32:29:32:39 | definition of signedToken | provenance |  |
-| golang-jwt-v5.go:32:29:32:39 | definition of signedToken | golang-jwt-v5.go:34:58:34:68 | signedToken | provenance | Sink:MaD:1 |
+| golang-jwt-v5.go:29:25:29:35 | signedToken | golang-jwt-v5.go:32:29:32:39 | SSA def(signedToken) | provenance |  |
+| golang-jwt-v5.go:32:29:32:39 | SSA def(signedToken) | golang-jwt-v5.go:34:58:34:68 | signedToken | provenance | Sink:MaD:1 |
 models
 | 1 | Sink: github.com/golang-jwt/jwt; Parser; true; ParseUnverified; ; ; Argument[0]; jwt; manual |
 | 2 | Sink: group:go-jose/jwt; JSONWebToken; true; UnsafeClaimsWithoutVerification; ; ; Argument[receiver]; jwt; manual |
@@ -26,7 +26,7 @@ nodes
 | go-jose.v3.go:25:16:25:28 | call to Query | semmle.label | call to Query |
 | go-jose.v3.go:25:16:25:47 | call to Get | semmle.label | call to Get |
 | go-jose.v3.go:26:15:26:25 | signedToken | semmle.label | signedToken |
-| go-jose.v3.go:29:19:29:29 | definition of signedToken | semmle.label | definition of signedToken |
+| go-jose.v3.go:29:19:29:29 | SSA def(signedToken) | semmle.label | SSA def(signedToken) |
 | go-jose.v3.go:31:2:31:48 | ... := ...[0] | semmle.label | ... := ...[0] |
 | go-jose.v3.go:31:37:31:47 | signedToken | semmle.label | signedToken |
 | go-jose.v3.go:33:12:33:23 | DecodedToken | semmle.label | DecodedToken |
@@ -34,6 +34,6 @@ nodes
 | golang-jwt-v5.go:28:16:28:28 | call to Query | semmle.label | call to Query |
 | golang-jwt-v5.go:28:16:28:47 | call to Get | semmle.label | call to Get |
 | golang-jwt-v5.go:29:25:29:35 | signedToken | semmle.label | signedToken |
-| golang-jwt-v5.go:32:29:32:39 | definition of signedToken | semmle.label | definition of signedToken |
+| golang-jwt-v5.go:32:29:32:39 | SSA def(signedToken) | semmle.label | SSA def(signedToken) |
 | golang-jwt-v5.go:34:58:34:68 | signedToken | semmle.label | signedToken |
 subpaths

go/ql/test/query-tests/Security/CWE-601/BadRedirectCheck/BadRedirectCheck.expected

@@ -9,31 +9,31 @@
 | main.go:69:5:69:22 | ...!=... | main.go:76:19:76:21 | argument corresponding to url | main.go:77:25:77:39 | call to getTarget1 | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | main.go:76:19:76:21 | argument corresponding to url | this value | main.go:77:25:77:39 | call to getTarget1 | redirect |
 | main.go:83:5:83:20 | ...!=... | main.go:87:9:87:14 | selection of Path | main.go:91:25:91:39 | call to getTarget2 | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | main.go:87:9:87:14 | selection of Path | this value | main.go:91:25:91:39 | call to getTarget2 | redirect |
 edges
+| BadRedirectCheck.go:3:18:3:22 | SSA def(redir) | BadRedirectCheck.go:5:10:5:14 | redir | provenance |  |
 | BadRedirectCheck.go:3:18:3:22 | argument corresponding to redir | BadRedirectCheck.go:5:10:5:14 | redir | provenance |  |
-| BadRedirectCheck.go:3:18:3:22 | definition of redir | BadRedirectCheck.go:5:10:5:14 | redir | provenance |  |
 | BadRedirectCheck.go:5:10:5:14 | redir | main.go:11:25:11:45 | call to sanitizeUrl | provenance | Sink:MaD:1 |
 | cves.go:14:23:14:25 | argument corresponding to url | cves.go:16:26:16:28 | url | provenance | Sink:MaD:1 |
 | cves.go:33:14:33:34 | call to Get | cves.go:37:25:37:32 | redirect | provenance | Sink:MaD:1 |
 | cves.go:41:14:41:34 | call to Get | cves.go:45:25:45:32 | redirect | provenance | Sink:MaD:1 |
 | main.go:10:18:10:25 | argument corresponding to redirect | main.go:11:37:11:44 | redirect | provenance |  |
-| main.go:11:37:11:44 | redirect | BadRedirectCheck.go:3:18:3:22 | definition of redir | provenance |  |
+| main.go:11:37:11:44 | redirect | BadRedirectCheck.go:3:18:3:22 | SSA def(redir) | provenance |  |
 | main.go:11:37:11:44 | redirect | main.go:11:25:11:45 | call to sanitizeUrl | provenance | Sink:MaD:1 |
 | main.go:32:24:32:26 | argument corresponding to url | main.go:34:26:34:28 | url | provenance | Sink:MaD:1 |
+| main.go:68:17:68:24 | SSA def(redirect) | main.go:73:20:73:27 | redirect | provenance |  |
 | main.go:68:17:68:24 | argument corresponding to redirect | main.go:73:20:73:27 | redirect | provenance |  |
-| main.go:68:17:68:24 | definition of redirect | main.go:73:20:73:27 | redirect | provenance |  |
 | main.go:73:9:73:28 | call to Clean | main.go:77:25:77:39 | call to getTarget1 | provenance | Sink:MaD:1 |
 | main.go:73:20:73:27 | redirect | main.go:73:9:73:28 | call to Clean | provenance | MaD:2 |
 | main.go:73:20:73:27 | redirect | main.go:73:9:73:28 | call to Clean | provenance | MaD:2 |
 | main.go:76:19:76:21 | argument corresponding to url | main.go:77:36:77:38 | url | provenance |  |
-| main.go:77:36:77:38 | url | main.go:68:17:68:24 | definition of redirect | provenance |  |
+| main.go:77:36:77:38 | url | main.go:68:17:68:24 | SSA def(redirect) | provenance |  |
 | main.go:77:36:77:38 | url | main.go:77:25:77:39 | call to getTarget1 | provenance | MaD:2 Sink:MaD:1 |
 | main.go:87:9:87:14 | selection of Path | main.go:91:25:91:39 | call to getTarget2 | provenance | Sink:MaD:1 |
 models
 | 1 | Sink: net/http; ; false; Redirect; ; ; Argument[2]; url-redirection[0]; manual |
 | 2 | Summary: path; ; false; Clean; ; ; Argument[0]; ReturnValue; taint; manual |
 nodes
+| BadRedirectCheck.go:3:18:3:22 | SSA def(redir) | semmle.label | SSA def(redir) |
 | BadRedirectCheck.go:3:18:3:22 | argument corresponding to redir | semmle.label | argument corresponding to redir |
-| BadRedirectCheck.go:3:18:3:22 | definition of redir | semmle.label | definition of redir |
 | BadRedirectCheck.go:5:10:5:14 | redir | semmle.label | redir |
 | BadRedirectCheck.go:5:10:5:14 | redir | semmle.label | redir |
 | cves.go:14:23:14:25 | argument corresponding to url | semmle.label | argument corresponding to url |
@@ -47,8 +47,8 @@ nodes
 | main.go:11:37:11:44 | redirect | semmle.label | redirect |
 | main.go:32:24:32:26 | argument corresponding to url | semmle.label | argument corresponding to url |
 | main.go:34:26:34:28 | url | semmle.label | url |
+| main.go:68:17:68:24 | SSA def(redirect) | semmle.label | SSA def(redirect) |
 | main.go:68:17:68:24 | argument corresponding to redirect | semmle.label | argument corresponding to redirect |
-| main.go:68:17:68:24 | definition of redirect | semmle.label | definition of redirect |
 | main.go:73:9:73:28 | call to Clean | semmle.label | call to Clean |
 | main.go:73:9:73:28 | call to Clean | semmle.label | call to Clean |
 | main.go:73:20:73:27 | redirect | semmle.label | redirect |
@@ -59,5 +59,5 @@ nodes
 | main.go:87:9:87:14 | selection of Path | semmle.label | selection of Path |
 | main.go:91:25:91:39 | call to getTarget2 | semmle.label | call to getTarget2 |
 subpaths
-| main.go:11:37:11:44 | redirect | BadRedirectCheck.go:3:18:3:22 | definition of redir | BadRedirectCheck.go:5:10:5:14 | redir | main.go:11:25:11:45 | call to sanitizeUrl |
-| main.go:77:36:77:38 | url | main.go:68:17:68:24 | definition of redirect | main.go:73:9:73:28 | call to Clean | main.go:77:25:77:39 | call to getTarget1 |
+| main.go:11:37:11:44 | redirect | BadRedirectCheck.go:3:18:3:22 | SSA def(redir) | BadRedirectCheck.go:5:10:5:14 | redir | main.go:11:25:11:45 | call to sanitizeUrl |
+| main.go:77:36:77:38 | url | main.go:68:17:68:24 | SSA def(redirect) | main.go:73:9:73:28 | call to Clean | main.go:77:25:77:39 | call to getTarget1 |

javascript/ql/integration-tests/query-suite/not_included_in_qls.expected

@@ -63,7 +63,6 @@ ql/javascript/ql/src/experimental/Security/CWE-347/decodeJwtWithoutVerificationL
 ql/javascript/ql/src/experimental/Security/CWE-444/InsecureHttpParser.ql
 ql/javascript/ql/src/experimental/Security/CWE-522-DecompressionBombs/DecompressionBombs.ql
 ql/javascript/ql/src/experimental/Security/CWE-918/SSRF.ql
-ql/javascript/ql/src/experimental/Security/CWE-918/SsrfIpv6TransitionIncompleteGuard.ql
 ql/javascript/ql/src/experimental/StandardLibrary/MultipleArgumentsToSetConstructor.ql
 ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql
 ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-078/CommandInjection.ql

javascript/ql/src/change-notes/2026-06-06-ssrf-ipv6-transition-incomplete-guard.md

@@ -1,4 +0,0 @@
----
-category: newQuery
----
-* Added a new experimental query, `javascript/ssrf-ipv6-transition-incomplete-guard`, to detect SSRF host-validation guards that reject private IPv4 ranges but fail to unwrap IPv6-transition forms (IPv4-mapped `::ffff:`, NAT64 `64:ff9b::`, 6to4 `2002::`), allowing the guard to be bypassed by wrapping an internal IPv4 address in a transition literal.

javascript/ql/src/experimental/Security/CWE-918/SsrfIpv6TransitionIncompleteGuard.qhelp

@@ -1,59 +0,0 @@
-<!DOCTYPE qhelp PUBLIC
-  "-//Semmle//qhelp//EN"
-  "qhelp.dtd">
-<qhelp>
-
-<overview>
-    <p>
-        Server-side request forgery (SSRF) guards frequently reject requests to internal
-        addresses by checking the request host against a denylist of private, loopback and
-        cloud-metadata IPv4 ranges. When such a guard inspects only the dotted-quad IPv4 form
-        and never unwraps IPv6-transition representations, it can be bypassed: the host
-        validator classifies the address as public, but the operating system routes the
-        connection to the embedded internal IPv4 endpoint.
-    </p>
-    <p>
-        The affected forms include IPv4-mapped IPv6 (<code>::ffff:169.254.169.254</code>),
-        NAT64 (<code>64:ff9b::a9fe:a9fe</code>) and 6to4 (<code>2002::</code>). A URL such as
-        <code>http://[::ffff:169.254.169.254]/</code> passes a dotted-quad denylist unchanged
-        while still reaching the internal address.
-    </p>
-</overview>
-
-<recommendation>
-    <p>
-        Normalize the host before validating it: parse the address with a transition-aware
-        library and unwrap IPv4-mapped, NAT64 and 6to4 forms to their embedded IPv4 address,
-        then apply the private-range check to the normalized value. Libraries such as
-        <code>ipaddr.js</code> classify these forms correctly via their range API, and
-        SSRF-protection libraries such as <code>request-filtering-agent</code> apply the check
-        after DNS resolution. Validate the resolved address rather than the textual host.
-    </p>
-</recommendation>
-
-<example>
-    <p>
-        The following guard rejects private IPv4 ranges using the <code>private-ip</code>
-        package, which inspects the textual IPv4 form only. An attacker supplies
-        <code>::ffff:169.254.169.254</code>, which the guard classifies as public, but the
-        request still reaches the internal metadata endpoint.
-    </p>
-
-    <sample src="examples/SsrfIpv6TransitionIncompleteGuardBad.js"/>
-
-    <p>
-        The following guard parses the host with a transition-aware classifier, so the
-        embedded internal IPv4 address is detected regardless of the transition form used.
-    </p>
-
-    <sample src="examples/SsrfIpv6TransitionIncompleteGuardGood.js"/>
-</example>
-
-<references>
-
-<li>OWASP: <a href="https://owasp.org/www-community/attacks/Server_Side_Request_Forgery">Server-Side Request Forgery</a>.</li>
-<li>Common Weakness Enumeration: <a href="https://cwe.mitre.org/data/definitions/918.html">CWE-918</a>.</li>
-<li>Common Weakness Enumeration: <a href="https://cwe.mitre.org/data/definitions/1389.html">CWE-1389</a>.</li>
-
-</references>
-</qhelp>

javascript/ql/src/experimental/Security/CWE-918/SsrfIpv6TransitionIncompleteGuard.ql

@@ -1,129 +0,0 @@
-/**
- * @name SSRF host guard does not reject IPv6-transition forms
- * @description An SSRF host guard that rejects private or loopback IPv4 ranges but never
- *              unwraps IPv6-transition forms (IPv4-mapped `::ffff:`, NAT64 `64:ff9b::`,
- *              6to4 `2002::`) can be bypassed by wrapping an internal IPv4 address in a
- *              transition literal, allowing requests to reach internal endpoints.
- * @kind problem
- * @problem.severity warning
- * @id javascript/ssrf-ipv6-transition-incomplete-guard
- * @tags security
- *       experimental
- *       external/cwe/cwe-918
- *       external/cwe/cwe-1389
- */
-
-import javascript
-
-/**
- * Holds if `f` imports a dotted-quad-oriented private-IP guard package whose
- * classification is performed on the textual IPv4 form and therefore returns
- * `false` for an internal address wrapped in an IPv6-transition literal.
- */
-predicate importsHandRolledIpGuard(File f) {
-  exists(DataFlow::SourceNode mod |
-    mod.getFile() = f and
-    mod = DataFlow::moduleImport(["private-ip", "is-ip", "ip", "ip-range-check"])
-  )
-}
-
-/**
- * Holds if `f` contains a call to an `isPrivate`-style host classifier, the
- * common name for a hand-rolled SSRF guard.
- */
-predicate hasIsPrivateCall(File f) {
-  exists(DataFlow::CallNode c |
-    c.getFile() = f and
-    c.getCalleeName().regexpMatch("(?i)^is_?private(ip|address|host)?$")
-  )
-  or
-  exists(DataFlow::MethodCallNode m |
-    m.getFile() = f and
-    m.getMethodName().regexpMatch("(?i)^is_?private(ip|address|host)?$")
-  )
-}
-
-/**
- * Holds if `f` contains a hand-written RFC 1918, loopback or cloud-metadata IPv4
- * literal used as a denylist entry.
- */
-predicate hasRfc1918Literal(File f) {
-  exists(StringLiteral s |
-    s.getFile() = f and
-    s.getValue()
-        .regexpMatch("(?i).*(127\\.0\\.0\\.1|169\\.254\\.169\\.254|10\\.|192\\.168|172\\.1[6-9]|::1|fc00|fd00|metadata\\.google).*")
-  )
-}
-
-/** Holds if `f` carries any hand-rolled, dotted-quad-oriented SSRF guard signal. */
-predicate hasUnsafeGuardSignal(File f) {
-  importsHandRolledIpGuard(f) or
-  hasIsPrivateCall(f) or
-  hasRfc1918Literal(f)
-}
-
-/** Holds if `func` has a name that reads as an SSRF host or URL validator. */
-predicate isSsrfValidatorFunction(Function func) {
-  func.getName()
-      .regexpMatch("(?i).*(validate|check|guard|reject|deny|block|allow|is_?safe|sanitiz)e?_?.*(url|host|ip|address|target|endpoint|webhook|origin).*")
-  or
-  func.getName()
-      .regexpMatch("(?i).*(is_?)?(private|internal|loopback|reserved|external)_?(ip|address|host|url).*")
-  or
-  func.getName().regexpMatch("(?i).*(ssrf|metadata).*")
-}
-
-/**
- * Holds if `f` imports a maturity-hardened, transition-aware address classifier
- * or SSRF-protection library that does unwrap IPv6-transition forms.
- */
-predicate importsSafeClassifier(File f) {
-  exists(DataFlow::SourceNode mod |
-    mod.getFile() = f and
-    mod =
-      DataFlow::moduleImport([
-          "ipaddr.js", "ssrf-req-filter", "request-filtering-agent", "ssrf-agent", "netmask",
-          "ip-cidr", "cidr-matcher", "blocked-at"
-        ])
-  )
-}
-
-/**
- * Holds if `f` already performs an explicit IPv6-transition unwrap or
- * canonicalization, so the guard does see the embedded IPv4 address.
- */
-predicate hasTransitionUnwrap(File f) {
-  exists(StringLiteral s |
-    s.getFile() = f and
-    (
-      s.getValue().matches("%64:ff9b%") or
-      s.getValue().matches("%::ffff%") or
-      s.getValue().matches("%2002:%") or
-      s.getValue().matches("%2001:%")
-    )
-  )
-  or
-  exists(Identifier id |
-    id.getFile() = f and
-    id.getName()
-        .regexpMatch("(?i).*(ipv4mapped|v4mapped|mappedipv4|ipv4inipv6|embeddedipv4|unwrap.*ip|toipv4|canonicaliz|isipv4compat).*")
-  )
-  or
-  exists(DataFlow::MethodCallNode m | m.getFile() = f and m.getMethodName() = ["range", "kind"])
-}
-
-/** Holds if `f` is treated as safe (transition-aware), suppressing the alert. */
-predicate isSafe(File f) { importsSafeClassifier(f) or hasTransitionUnwrap(f) }
-
-from Function guard, File f
-where
-  guard.getFile() = f and
-  isSsrfValidatorFunction(guard) and
-  hasUnsafeGuardSignal(f) and
-  not isSafe(f) and
-  not f.getRelativePath()
-      .regexpMatch("(?i).*/(tests?|specs?|examples?|__tests__|e2e|node_modules)/.*")
-select guard,
-  "This SSRF host guard rejects private IPv4 ranges but never unwraps IPv6-transition forms " +
-    "(IPv4-mapped '::ffff:', NAT64 '64:ff9b::', 6to4 '2002::'); an attacker can wrap an internal " +
-    "IPv4 address in a transition literal to bypass it and reach internal endpoints."

javascript/ql/src/experimental/Security/CWE-918/examples/SsrfIpv6TransitionIncompleteGuardBad.js

@@ -1,14 +0,0 @@
-const isPrivate = require('private-ip');
-const fetch = require('node-fetch');
-
-// BAD: `private-ip` classifies the textual IPv4 form only, so it returns false
-// for `::ffff:169.254.169.254`. The guard treats the wrapped internal address as
-// public, but the request still reaches the metadata endpoint.
-async function validateUrlHost(host) {
-  if (isPrivate(host)) {
-    throw new Error('blocked private host');
-  }
-  return fetch('http://' + host + '/');
-}
-
-module.exports = { validateUrlHost };

javascript/ql/src/experimental/Security/CWE-918/examples/SsrfIpv6TransitionIncompleteGuardGood.js

@@ -1,16 +0,0 @@
-const ipaddr = require('ipaddr.js');
-const fetch = require('node-fetch');
-
-// GOOD: ipaddr.js parses the host and classifies it with `.range()`, which is
-// transition-aware. `::ffff:169.254.169.254` parses as an IPv4-mapped address and
-// is reported in the `linkLocal` range, so the guard is complete.
-async function validateTargetHost(host) {
-  const addr = ipaddr.parse(host);
-  const range = addr.range();
-  if (range === 'private' || range === 'loopback' || range === 'linkLocal') {
-    throw new Error('blocked internal host');
-  }
-  return fetch('http://' + host + '/');
-}
-
-module.exports = { validateTargetHost };

javascript/ql/test/experimental/Security/CWE-918/SsrfIpv6TransitionIncompleteGuard/SsrfIpv6TransitionIncompleteGuard.expected

@@ -1,2 +0,0 @@
-| bad-private-ip-pkg.js:6:1:11:1 | async f ... '/');\\n} | This SSRF host guard rejects private IPv4 ranges but never unwraps IPv6-transition forms (IPv4-mapped '::ffff:', NAT64 '64:ff9b::', 6to4 '2002::'); an attacker can wrap an internal IPv4 address in a transition literal to bypass it and reach internal endpoints. |
-| bad-rfc1918-regex.js:5:1:16:1 | functio ... '/');\\n} | This SSRF host guard rejects private IPv4 ranges but never unwraps IPv6-transition forms (IPv4-mapped '::ffff:', NAT64 '64:ff9b::', 6to4 '2002::'); an attacker can wrap an internal IPv4 address in a transition literal to bypass it and reach internal endpoints. |

javascript/ql/test/experimental/Security/CWE-918/SsrfIpv6TransitionIncompleteGuard/SsrfIpv6TransitionIncompleteGuard.qlref

@@ -1 +0,0 @@
-experimental/Security/CWE-918/SsrfIpv6TransitionIncompleteGuard.ql

javascript/ql/test/experimental/Security/CWE-918/SsrfIpv6TransitionIncompleteGuard/bad-private-ip-pkg.js

@@ -1,13 +0,0 @@
-const isPrivate = require('private-ip');
-const fetch = require('node-fetch');
-
-// BAD: `private-ip` classifies the textual IPv4 form only. It returns false for
-// `::ffff:169.254.169.254`, so a transition-wrapped internal address slips past.
-async function validateUrlHost(host) { // NOT OK
-  if (isPrivate(host)) {
-    throw new Error('blocked private host');
-  }
-  return fetch('http://' + host + '/');
-}
-
-module.exports = { validateUrlHost };

javascript/ql/test/experimental/Security/CWE-918/SsrfIpv6TransitionIncompleteGuard/bad-rfc1918-regex.js

@@ -1,18 +0,0 @@
-const http = require('http');
-
-// BAD: a hand-written RFC 1918 / loopback / metadata denylist matched against the
-// host string. The embedded IPv4 inside `::ffff:10.0.0.1` is never seen.
-function checkTargetHost(host) { // NOT OK
-  if (
-    host === '127.0.0.1' ||
-    host === '169.254.169.254' ||
-    host.startsWith('10.') ||
-    host.startsWith('192.168') ||
-    host.startsWith('172.16')
-  ) {
-    throw new Error('blocked internal host');
-  }
-  return http.get('http://' + host + '/');
-}
-
-module.exports = { checkTargetHost };

javascript/ql/test/experimental/Security/CWE-918/SsrfIpv6TransitionIncompleteGuard/good-explicit-unwrap.js

@@ -1,32 +0,0 @@
-const http = require('http');
-
-const IPV4_MAPPED_PREFIX = '::ffff:';
-
-// OK: this guard uses a hand-rolled denylist, but it first unwraps the
-// IPv6-transition form, so the embedded IPv4 is normalized before the check.
-function unwrapMapped(host) {
-  // strip an IPv4-mapped `::ffff:` prefix down to the embedded dotted quad
-  if (host.toLowerCase().startsWith(IPV4_MAPPED_PREFIX)) {
-    return host.slice(IPV4_MAPPED_PREFIX.length);
-  }
-  return host;
-}
-
-function isPrivateAddress(host) { // OK
-  const h = unwrapMapped(host);
-  return (
-    h === '127.0.0.1' ||
-    h === '169.254.169.254' ||
-    h.startsWith('10.') ||
-    h.startsWith('192.168')
-  );
-}
-
-function validateHost(host) { // OK
-  if (isPrivateAddress(host)) {
-    throw new Error('blocked internal host');
-  }
-  return http.get('http://' + host + '/');
-}
-
-module.exports = { validateHost };

javascript/ql/test/experimental/Security/CWE-918/SsrfIpv6TransitionIncompleteGuard/good-ipaddr.js

@@ -1,16 +0,0 @@
-const ipaddr = require('ipaddr.js');
-const fetch = require('node-fetch');
-
-// OK: ipaddr.js parses the address and classifies it with `.range()`, which is
-// transition-aware. `::ffff:10.0.0.1` parses as an IPv4-mapped address and is
-// reported in the `private` range, so the guard is complete.
-async function validateTargetHost(host) { // OK
-  const addr = ipaddr.parse(host);
-  const range = addr.range();
-  if (range === 'private' || range === 'loopback' || range === 'linkLocal') {
-    throw new Error('blocked internal host');
-  }
-  return fetch('http://' + host + '/');
-}
-
-module.exports = { validateTargetHost };

python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll

@@ -1249,65 +1249,12 @@ predicate allowParameterReturnInSelf(ParameterNode p) {
   )
 }
 
-bindingset[s]
-private string getFirstChar(string s) {
-  result =
-    min(int i, string c |
-      c = s.charAt(i) and c != "_"
-      or
-      c = "" and i = s.length()
-    |
-      c order by i
-    )
-}
-
-private string getAttributeContentFirstChar(AttributeContent ac) {
-  result = getFirstChar(ac.getAttribute())
-}
-
-private string getDictionaryElementContentKeyFirstChar(DictionaryElementContent dec) {
-  result = getFirstChar(dec.getKey())
-}
-
-private newtype TContentApprox =
-  TListElementContentApprox() or
-  TSetElementContentApprox() or
-  TTupleElementContentApprox() or
-  TDictionaryElementContentApprox(string first) {
-    first = "" // for `TDictionaryElementAnyContent`
-    or
-    first = getDictionaryElementContentKeyFirstChar(_)
-  } or
-  TAttributeContentApprox(string first) { first = getAttributeContentFirstChar(_) } or
-  TCapturedVariableContentApprox()
-
 /** An approximated `Content`. */
-class ContentApprox extends TContentApprox {
-  /** Gets a textual representation of this element. */
-  string toString() { result = "" }
-}
+class ContentApprox = Unit;
 
 /** Gets an approximated value for content `c`. */
-ContentApprox getContentApprox(Content c) {
-  c = TListElementContent() and
-  result = TListElementContentApprox()
-  or
-  c = TSetElementContent() and
-  result = TSetElementContentApprox()
-  or
-  c = TTupleElementContent(_) and
-  result = TTupleElementContentApprox()
-  or
-  result = TDictionaryElementContentApprox(getDictionaryElementContentKeyFirstChar(c))
-  or
-  c = TDictionaryElementAnyContent() and
-  result = TDictionaryElementContentApprox("")
-  or
-  result = TAttributeContentApprox(getAttributeContentFirstChar(c))
-  or
-  c = TCapturedVariableContent(_) and
-  result = TCapturedVariableContentApprox()
-}
+pragma[inline]
+ContentApprox getContentApprox(Content c) { any() }
 
 /** Helper for `.getEnclosingCallable`. */
 DataFlowCallable getCallableScope(Scope s) {

python/ql/test/library-tests/frameworks/hdbcli/pep249.py

@@ -7,31 +7,3 @@ cursor.execute("some sql", (42,))  # $ getSql="some sql"
 cursor.executemany("some sql", (42,))  # $ getSql="some sql"
     
 cursor.close()
-
-
-# Connection stored in a class attribute (`self._conn`) and used in another method.
-#
-# This is currently NOT detected: the `Connection::instance()`/`execute()` predicates in
-# PEP249.qll are based on type tracking, which cannot follow a value that is stored into a
-# `self` attribute in one method and read from a `self` attribute in another method (see the
-# `MISSING` markers below). Regular (global) data flow handles this case correctly, so the
-# limitation is specific to the type-tracking-based modeling.
-class Database:
-    def __init__(self):
-        self._conn = dbapi.connect(address="hostname", port=300, user="username")
-
-    def get_connection(self):
-        return self._conn
-
-    def run_via_getter(self):
-        conn = self.get_connection()
-        cursor = conn.cursor()
-        cursor.execute("getter sql")  # $ MISSING: getSql="getter sql"
-
-    def run_direct(self):
-        self._conn.execute("direct sql")  # $ MISSING: getSql="direct sql"
-
-
-db = Database()
-db.run_via_getter()
-db.run_direct()