Initial plan

Use Maven Central mirror in Java Maven integration tests

MODULE.bazel

@@ -248,6 +248,7 @@ use_repo(
     "kotlin-compiler-2.2.20-Beta2",
     "kotlin-compiler-2.3.0",
     "kotlin-compiler-2.3.20",
+    "kotlin-compiler-2.4.0",
     "kotlin-compiler-embeddable-1.8.0",
     "kotlin-compiler-embeddable-1.9.0-Beta",
     "kotlin-compiler-embeddable-1.9.20-Beta",
@@ -259,6 +260,7 @@ use_repo(
     "kotlin-compiler-embeddable-2.2.20-Beta2",
     "kotlin-compiler-embeddable-2.3.0",
     "kotlin-compiler-embeddable-2.3.20",
+    "kotlin-compiler-embeddable-2.4.0",
     "kotlin-stdlib-1.8.0",
     "kotlin-stdlib-1.9.0-Beta",
     "kotlin-stdlib-1.9.20-Beta",
@@ -270,6 +272,7 @@ use_repo(
     "kotlin-stdlib-2.2.20-Beta2",
     "kotlin-stdlib-2.3.0",
     "kotlin-stdlib-2.3.20",
+    "kotlin-stdlib-2.4.0",
 )
 
 go_sdk = use_extension("@rules_go//go:extensions.bzl", "go_sdk")

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/FeedManager.cs

@@ -0,0 +1,413 @@
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.IO;
+using System.Linq;
+using System.Net;
+using System.Net.Http;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+using System.Text.RegularExpressions;
+using System.Threading;
+using System.Threading.Tasks;
+using Semmle.Util;
+using Semmle.Util.Logging;
+
+namespace Semmle.Extraction.CSharp.DependencyFetching
+{
+    internal sealed partial class FeedManager : IDisposable
+    {
+        internal const string PublicNugetOrgFeed = "https://api.nuget.org/v3/index.json";
+
+        private readonly ILogger logger;
+        private readonly IDotNet dotnet;
+        private readonly FileProvider fileProvider;
+        private readonly DependabotProxy? dependabotProxy;
+        private readonly DependencyDirectory emptyPackageDirectory;
+
+        public ImmutableHashSet<string> PrivateRegistryFeeds { get; }
+        public bool HasPrivateRegistryFeeds { get; }
+        public bool CheckNugetFeedResponsiveness { get; } = EnvironmentVariables.GetBooleanOptOut(EnvironmentVariableNames.CheckNugetFeedResponsiveness);
+
+        public FeedManager(ILogger logger, IDotNet dotnet, DependabotProxy? dependabotProxy, FileProvider fileProvider)
+        {
+            this.logger = logger;
+            this.dotnet = dotnet;
+            this.dependabotProxy = dependabotProxy;
+            this.fileProvider = fileProvider;
+            PrivateRegistryFeeds = dependabotProxy?.RegistryURLs.ToImmutableHashSet() ?? [];
+            HasPrivateRegistryFeeds = PrivateRegistryFeeds.Count > 0;
+            emptyPackageDirectory = new DependencyDirectory("empty", "empty package", logger);
+        }
+
+        private string? GetDirectoryName(string path)
+        {
+            try
+            {
+                return new FileInfo(path).Directory?.FullName;
+            }
+            catch (Exception exc)
+            {
+                logger.LogWarning($"Failed to get directory of '{path}': {exc}");
+            }
+            return null;
+        }
+
+        private IEnumerable<string> GetFeeds(Func<IList<string>> getNugetFeeds)
+        {
+            var results = getNugetFeeds();
+            var regex = EnabledNugetFeed();
+            foreach (var result in results)
+            {
+                var match = regex.Match(result);
+                if (!match.Success)
+                {
+                    logger.LogError($"Failed to parse feed from '{result}'");
+                    continue;
+                }
+
+                var url = match.Groups[1].Value;
+                if (!url.StartsWith("https://", StringComparison.InvariantCultureIgnoreCase) &&
+                    !url.StartsWith("http://", StringComparison.InvariantCultureIgnoreCase))
+                {
+                    logger.LogInfo($"Skipping feed '{url}' as it is not a valid URL.");
+                    continue;
+                }
+
+                if (!string.IsNullOrWhiteSpace(url))
+                {
+                    yield return url;
+                }
+            }
+        }
+
+        private IEnumerable<string> GetFeedsFromFolder(string folderPath) =>
+            GetFeeds(() => dotnet.GetNugetFeedsFromFolder(folderPath));
+
+
+        private IEnumerable<string> GetFeedsFromNugetConfig(string nugetConfigPath) =>
+            GetFeeds(() => dotnet.GetNugetFeeds(nugetConfigPath));
+
+        private string FeedsToRestoreArgument(IEnumerable<string> feeds)
+        {
+            // If there are no feeds, we want to override any default feeds that `dotnet restore` would use by passing a dummy source argument.
+            if (!feeds.Any())
+            {
+                return $" -s \"{emptyPackageDirectory.DirInfo.FullName}\"";
+            }
+
+            // Add package sources. If any are present, they override all sources specified in
+            // the configuration file(s).
+            var feedArgs = new StringBuilder();
+            foreach (var feed in feeds)
+            {
+                feedArgs.Append($" -s \"{feed}\"");
+            }
+
+            return feedArgs.ToString();
+        }
+
+        /// <summary>
+        /// Constructs the list of NuGet sources to use for this restore.
+        /// (1) Use the feeds we get from `dotnet nuget list source`
+        /// (2) Use private registries, if they are configured
+        /// </summary>
+        /// <param name="path">Path to project/solution</param>
+        /// <param name="reachableFeeds">The set of reachable NuGet feeds.</param>
+        /// <returns>A string representing the NuGet sources argument for the restore command.</returns>
+        public string? MakeRestoreSourcesArgument(string path, HashSet<string> reachableFeeds)
+        {
+            // Do not construct a set of explicit NuGet sources to use for restore.
+            if (!CheckNugetFeedResponsiveness && !HasPrivateRegistryFeeds)
+            {
+                return null;
+            }
+
+            // Find the path specific feeds.
+            var folder = GetDirectoryName(path);
+            var feedsToConsider = folder is not null ? GetFeedsFromFolder(folder).ToHashSet() : new HashSet<string>();
+
+            if (HasPrivateRegistryFeeds)
+            {
+                feedsToConsider.UnionWith(PrivateRegistryFeeds);
+            }
+
+            var feedsToUse = CheckNugetFeedResponsiveness
+                ? feedsToConsider.Where(reachableFeeds.Contains)
+                : feedsToConsider;
+
+            return FeedsToRestoreArgument(feedsToUse);
+        }
+
+        private (int initialTimeout, int tryCount) GetFeedRequestSettings(bool isFallback)
+        {
+            int timeoutMilliSeconds = isFallback && int.TryParse(Environment.GetEnvironmentVariable(EnvironmentVariableNames.NugetFeedResponsivenessInitialTimeoutForFallback), out timeoutMilliSeconds)
+                ? timeoutMilliSeconds
+                : int.TryParse(Environment.GetEnvironmentVariable(EnvironmentVariableNames.NugetFeedResponsivenessInitialTimeout), out timeoutMilliSeconds)
+                    ? timeoutMilliSeconds
+                    : 1000;
+            logger.LogDebug($"Initial timeout for NuGet feed reachability check is {timeoutMilliSeconds}ms.");
+
+            int tryCount = isFallback && int.TryParse(Environment.GetEnvironmentVariable(EnvironmentVariableNames.NugetFeedResponsivenessRequestCountForFallback), out tryCount)
+                ? tryCount
+                : int.TryParse(Environment.GetEnvironmentVariable(EnvironmentVariableNames.NugetFeedResponsivenessRequestCount), out tryCount)
+                    ? tryCount
+                    : 4;
+            logger.LogDebug($"Number of tries for NuGet feed reachability check is {tryCount}.");
+
+            return (timeoutMilliSeconds, tryCount);
+        }
+
+        private static async Task<HttpResponseMessage> ExecuteGetRequest(string address, HttpClient httpClient, CancellationToken cancellationToken)
+        {
+            return await httpClient.GetAsync(address, HttpCompletionOption.ResponseHeadersRead, cancellationToken);
+        }
+
+        private bool IsFeedReachable(string feed, int timeoutMilliSeconds, int tryCount, out bool isTimeout)
+        {
+            logger.LogInfo($"Checking if NuGet feed '{feed}' is reachable...");
+
+            // Configure the HttpClient to be aware of the Dependabot Proxy, if used.
+            HttpClientHandler httpClientHandler = new();
+            if (dependabotProxy != null)
+            {
+                httpClientHandler.Proxy = new WebProxy(dependabotProxy.Address);
+
+                if (dependabotProxy.Certificate != null)
+                {
+                    httpClientHandler.ServerCertificateCustomValidationCallback = (message, cert, chain, _) =>
+                    {
+                        if (chain is null || cert is null)
+                        {
+                            var msg = cert is null && chain is null
+                                ? "certificate and chain"
+                                : chain is null
+                                    ? "chain"
+                                    : "certificate";
+                            logger.LogWarning($"Dependabot proxy certificate validation failed due to missing {msg}");
+                            return false;
+                        }
+                        chain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
+                        chain.ChainPolicy.CustomTrustStore.Add(dependabotProxy.Certificate);
+                        return chain.Build(cert);
+                    };
+                }
+            }
+
+            using HttpClient client = new(httpClientHandler);
+
+            isTimeout = false;
+
+            for (var i = 0; i < tryCount; i++)
+            {
+                using var cts = new CancellationTokenSource();
+                cts.CancelAfter(timeoutMilliSeconds);
+                try
+                {
+                    logger.LogInfo($"Attempt {i + 1}/{tryCount} to reach NuGet feed '{feed}'.");
+                    using var response = ExecuteGetRequest(feed, client, cts.Token).GetAwaiter().GetResult();
+                    response.EnsureSuccessStatusCode();
+                    logger.LogInfo($"Querying NuGet feed '{feed}' succeeded.");
+                    return true;
+                }
+                catch (Exception exc)
+                {
+                    if (exc is TaskCanceledException tce &&
+                        tce.CancellationToken == cts.Token &&
+                        cts.Token.IsCancellationRequested)
+                    {
+                        logger.LogInfo($"Didn't receive answer from NuGet feed '{feed}' in {timeoutMilliSeconds}ms.");
+                        timeoutMilliSeconds *= 2;
+                        continue;
+                    }
+
+                    logger.LogInfo($"Querying NuGet feed '{feed}' failed. The reason for the failure: {exc.Message}");
+                    return false;
+                }
+            }
+
+            logger.LogWarning($"Didn't receive answer from NuGet feed '{feed}'. Tried it {tryCount} times.");
+            isTimeout = true;
+            return false;
+        }
+
+        /// <summary>
+        /// Retrieves a list of excluded NuGet feeds from the corresponding environment variable.
+        /// </summary>
+        private HashSet<string> GetExcludedFeeds()
+        {
+            var excludedFeeds = EnvironmentVariables.GetURLs(EnvironmentVariableNames.ExcludedNugetFeedsFromResponsivenessCheck)
+                .ToHashSet();
+
+            if (excludedFeeds.Count > 0)
+            {
+                logger.LogInfo($"Excluded NuGet feeds from responsiveness check: {string.Join(", ", excludedFeeds.OrderBy(f => f))}");
+            }
+
+            return excludedFeeds;
+        }
+
+        /// <summary>
+        /// Checks that we can connect to the specified NuGet feeds.
+        /// </summary>
+        /// <param name="feeds">The set of package feeds to check.</param>
+        /// <param name="reachableFeeds">The list of feeds that were reachable.</param>
+        /// <returns>
+        /// True if there is a timeout when trying to reach the feeds (excluding any feeds that are configured
+        /// to be excluded from the check) or false otherwise.
+        /// </returns>
+        public bool CheckSpecifiedFeeds(HashSet<string> feeds, out HashSet<string> reachableFeeds)
+        {
+            // Exclude any feeds from the feed check that are configured by the corresponding environment variable.
+            // These feeds are always assumed to be reachable.
+            var excludedFeeds = GetExcludedFeeds();
+
+            HashSet<string> feedsToCheck = feeds.Where(feed =>
+            {
+                if (excludedFeeds.Contains(feed))
+                {
+                    logger.LogInfo($"Not checking reachability of NuGet feed '{feed}' as it is in the list of excluded feeds.");
+                    return false;
+                }
+                return true;
+            }).ToHashSet();
+
+            reachableFeeds = GetReachableNuGetFeeds(feedsToCheck, isFallback: false, out var isTimeout).ToHashSet();
+
+            // Always consider feeds excluded for the reachability check as reachable.
+            reachableFeeds.UnionWith(feeds.Where(feed => excludedFeeds.Contains(feed)));
+
+            return isTimeout;
+        }
+
+        public bool IsDefaultFeedReachable()
+        {
+            if (CheckNugetFeedResponsiveness)
+            {
+                var (initialTimeout, tryCount) = GetFeedRequestSettings(isFallback: false);
+                return IsFeedReachable(PublicNugetOrgFeed, initialTimeout, tryCount, out var _);
+            }
+
+            return true;
+        }
+
+        /// <summary>
+        /// Tests which of the feeds given by <paramref name="feedsToCheck"/> are reachable.
+        /// </summary>
+        /// <param name="feedsToCheck">The feeds to check.</param>
+        /// <param name="isFallback">Whether the feeds are fallback feeds or not.</param>
+        /// <param name="isTimeout">Whether a timeout occurred while checking the feeds.</param>
+        /// <returns>The list of feeds that could be reached.</returns>
+        private List<string> GetReachableNuGetFeeds(HashSet<string> feedsToCheck, bool isFallback, out bool isTimeout)
+        {
+            var fallbackStr = isFallback ? "fallback " : "";
+            logger.LogInfo($"Checking {fallbackStr}NuGet feed reachability on feeds: {string.Join(", ", feedsToCheck.OrderBy(f => f))}");
+
+            var (initialTimeout, tryCount) = GetFeedRequestSettings(isFallback);
+            var timeout = false;
+            var reachableFeeds = feedsToCheck
+                .Where(feed =>
+                {
+                    var reachable = IsFeedReachable(feed, initialTimeout, tryCount, out var feedTimeout);
+                    timeout |= feedTimeout;
+                    return reachable;
+                })
+                .ToList();
+
+            if (reachableFeeds.Count == 0)
+            {
+                logger.LogWarning($"No {fallbackStr}NuGet feeds are reachable.");
+            }
+            else
+            {
+                logger.LogInfo($"Reachable {fallbackStr}NuGet feeds: {string.Join(", ", reachableFeeds.OrderBy(f => f))}");
+            }
+
+            isTimeout = timeout;
+            return reachableFeeds;
+        }
+
+        public List<string> GetReachableFallbackNugetFeeds(HashSet<string>? feedsFromNugetConfigs)
+        {
+            var fallbackFeeds = EnvironmentVariables.GetURLs(EnvironmentVariableNames.FallbackNugetFeeds).ToHashSet();
+            if (fallbackFeeds.Count == 0)
+            {
+                fallbackFeeds.Add(PublicNugetOrgFeed);
+                logger.LogInfo($"No fallback NuGet feeds specified. Adding default feed: {PublicNugetOrgFeed}");
+
+                var shouldAddNugetConfigFeeds = EnvironmentVariables.GetBooleanOptOut(EnvironmentVariableNames.AddNugetConfigFeedsToFallback);
+                logger.LogInfo($"Adding feeds from nuget.config to fallback restore: {shouldAddNugetConfigFeeds}");
+
+                if (shouldAddNugetConfigFeeds && feedsFromNugetConfigs?.Count > 0)
+                {
+                    // There are some feeds in `feedsFromNugetConfigs` that have already been checked for reachability, we could skip those.
+                    // But we might use different responsiveness testing settings when we try them in the fallback logic, so checking them again is safer.
+                    fallbackFeeds.UnionWith(feedsFromNugetConfigs);
+                    logger.LogInfo($"Using NuGet feeds from nuget.config files as fallback feeds: {string.Join(", ", feedsFromNugetConfigs.OrderBy(f => f))}");
+                }
+            }
+
+            return GetReachableNuGetFeeds(fallbackFeeds, isFallback: true, out var _);
+        }
+
+        public (HashSet<string> explicitFeeds, HashSet<string> allFeeds) GetAllFeeds()
+        {
+            var nugetConfigs = fileProvider.NugetConfigs;
+
+            // Find feeds that are explicitly configured in the NuGet configuration files that we found.
+            var explicitFeeds = nugetConfigs
+                .SelectMany(GetFeedsFromNugetConfig)
+                .ToHashSet();
+
+            if (explicitFeeds.Count > 0)
+            {
+                logger.LogInfo($"Found {explicitFeeds.Count} NuGet feeds in nuget.config files: {string.Join(", ", explicitFeeds.OrderBy(f => f))}");
+            }
+            else
+            {
+                logger.LogDebug("No NuGet feeds found in nuget.config files.");
+            }
+
+            // If private package registries are configured for C#, then consider those
+            // in addition to the ones that are configured in `nuget.config` files.
+            if (HasPrivateRegistryFeeds)
+            {
+                logger.LogInfo($"Found {PrivateRegistryFeeds.Count} private registry feeds configured for C#: {string.Join(", ", PrivateRegistryFeeds.OrderBy(f => f))}");
+                explicitFeeds.UnionWith(PrivateRegistryFeeds);
+            }
+
+            HashSet<string> allFeeds = [];
+
+            // Add all explicitFeeds to the set of all feeds.
+            allFeeds.UnionWith(explicitFeeds);
+
+            // Obtain the list of feeds from the root source directory.
+            // If a NuGet file is present it will be respected, otherwise we will just get the machine/environment specific feeds.
+            var nugetFeedsFromRoot = GetFeedsFromFolder(fileProvider.SourceDir.FullName);
+            allFeeds.UnionWith(nugetFeedsFromRoot);
+
+            if (nugetConfigs.Count > 0)
+            {
+                var nugetConfigFeeds = nugetConfigs
+                    .Select(GetDirectoryName)
+                    .Where(folder => folder != null)
+                    .SelectMany(folder => GetFeedsFromFolder(folder!))
+                    .ToHashSet();
+
+                allFeeds.UnionWith(nugetConfigFeeds);
+            }
+
+            logger.LogInfo($"Found {allFeeds.Count} NuGet feeds (with inherited ones) in nuget.config files: {string.Join(", ", allFeeds.OrderBy(f => f))}");
+
+            return (explicitFeeds, allFeeds);
+        }
+
+        [GeneratedRegex(@"^E\s(.*)$", RegexOptions.IgnoreCase | RegexOptions.Compiled | RegexOptions.Singleline)]
+        private static partial Regex EnabledNugetFeed();
+
+        public void Dispose()
+        {
+            emptyPackageDirectory.Dispose();
+        }
+    }
+}

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs

@@ -4,9 +4,6 @@ using System.Collections.Generic;
 using System.Collections.Immutable;
 using System.IO;
 using System.Linq;
-using System.Net;
-using System.Net.Http;
-using System.Security.Cryptography.X509Certificates;
 using System.Text;
 using System.Text.RegularExpressions;
 using System.Threading;
@@ -19,24 +16,19 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
 {
     internal sealed partial class NugetPackageRestorer : IDisposable
     {
-        internal const string PublicNugetOrgFeed = "https://api.nuget.org/v3/index.json";
-
         private readonly FileProvider fileProvider;
         private readonly FileContent fileContent;
         private readonly IDotNet dotnet;
-        private readonly DependabotProxy? dependabotProxy;
         private readonly IDiagnosticsWriter diagnosticsWriter;
         private readonly DependencyDirectory legacyPackageDirectory;
         private readonly DependencyDirectory missingPackageDirectory;
-        private readonly DependencyDirectory emptyPackageDirectory;
         private readonly ILogger logger;
         private readonly ICompilationInfoContainer compilationInfoContainer;
-        private readonly bool checkNugetFeedResponsiveness = EnvironmentVariables.GetBooleanOptOut(EnvironmentVariableNames.CheckNugetFeedResponsiveness);
-        private readonly ImmutableHashSet<string> privateRegistryFeeds;
-        private readonly bool hasPrivateRegistryFeeds;
+        private readonly FeedManager feedManager;
 
         public DependencyDirectory PackageDirectory { get; }
 
+
         public NugetPackageRestorer(
             FileProvider fileProvider,
             FileContent fileContent,
@@ -49,9 +41,6 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
             this.fileProvider = fileProvider;
             this.fileContent = fileContent;
             this.dotnet = dotnet;
-            this.dependabotProxy = dependabotProxy;
-            this.privateRegistryFeeds = dependabotProxy?.RegistryURLs.ToImmutableHashSet() ?? [];
-            this.hasPrivateRegistryFeeds = privateRegistryFeeds.Count > 0;
             this.diagnosticsWriter = diagnosticsWriter;
             this.logger = logger;
             this.compilationInfoContainer = compilationInfoContainer;
@@ -59,7 +48,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
             PackageDirectory = new DependencyDirectory("packages", "package", logger);
             legacyPackageDirectory = new DependencyDirectory("legacypackages", "legacy package", logger);
             missingPackageDirectory = new DependencyDirectory("missingpackages", "missing package", logger);
-            emptyPackageDirectory = new DependencyDirectory("empty", "empty package", logger);
+            feedManager = new FeedManager(logger, dotnet, dependabotProxy, fileProvider);
         }
 
         public string? TryRestore(string package)
@@ -118,20 +107,22 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
         public HashSet<AssemblyLookupLocation> Restore()
         {
             var assemblyLookupLocations = new HashSet<AssemblyLookupLocation>();
-            logger.LogInfo($"Checking NuGet feed responsiveness: {checkNugetFeedResponsiveness}");
-            compilationInfoContainer.CompilationInfos.Add(("NuGet feed responsiveness checked", checkNugetFeedResponsiveness ? "1" : "0"));
+            logger.LogInfo($"Checking NuGet feed responsiveness: {feedManager.CheckNugetFeedResponsiveness}");
+            compilationInfoContainer.CompilationInfos.Add(("NuGet feed responsiveness checked", feedManager.CheckNugetFeedResponsiveness ? "1" : "0"));
 
             HashSet<string> explicitFeeds = [];
             HashSet<string> reachableFeeds = [];
 
             try
             {
+                EmitNugetConfigDiagnostics();
+
                 // Find feeds that are configured in NuGet.config files and divide them into ones that
                 // are explicitly configured for the project or by a private registry, and "all feeds"
                 // (including inherited ones) from other locations on the host outside of the working directory.
-                (explicitFeeds, var allFeeds) = GetAllFeeds();
+                (explicitFeeds, var allFeeds) = feedManager.GetAllFeeds();
 
-                if (checkNugetFeedResponsiveness)
+                if (feedManager.CheckNugetFeedResponsiveness)
                 {
                     var inheritedFeeds = allFeeds.Except(explicitFeeds).ToHashSet();
 
@@ -140,7 +131,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
                         compilationInfoContainer.CompilationInfos.Add(("Inherited NuGet feed count", inheritedFeeds.Count.ToString()));
                     }
 
-                    var timeout = CheckSpecifiedFeeds(explicitFeeds, out var reachableExplicitFeeds);
+                    var timeout = feedManager.CheckSpecifiedFeeds(explicitFeeds, out var reachableExplicitFeeds);
                     reachableFeeds.UnionWith(reachableExplicitFeeds);
 
                     var allExplicitReachable = explicitFeeds.Count == reachableExplicitFeeds.Count;
@@ -157,11 +148,11 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
                     }
 
                     // Inherited feeds should only be used, if they are indeed reachable (as they may be environment specific).
-                    CheckSpecifiedFeeds(inheritedFeeds, out var reachableInheritedFeeds);
+                    feedManager.CheckSpecifiedFeeds(inheritedFeeds, out var reachableInheritedFeeds);
                     reachableFeeds.UnionWith(reachableInheritedFeeds);
                 }
 
-                using (var packagesConfigRestore = PackagesConfigRestoreFactory.Create(fileProvider, legacyPackageDirectory, logger, IsDefaultFeedReachable))
+                using (var packagesConfigRestore = PackagesConfigRestoreFactory.Create(fileProvider, legacyPackageDirectory, logger, feedManager.IsDefaultFeedReachable))
                 {
                     var count = packagesConfigRestore.InstallPackages();
 
@@ -215,7 +206,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
 
             var usedPackageNames = GetAllUsedPackageDirNames(dependencies);
 
-            var missingPackageLocation = checkNugetFeedResponsiveness
+            var missingPackageLocation = feedManager.CheckNugetFeedResponsiveness
                 ? DownloadMissingPackagesFromSpecificFeeds(usedPackageNames, explicitFeeds)
                 : DownloadMissingPackages(usedPackageNames);
 
@@ -226,79 +217,6 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
             return assemblyLookupLocations;
         }
 
-        /// <summary>
-        /// Tests which of the feeds given by <paramref name="feedsToCheck"/> are reachable.
-        /// </summary>
-        /// <param name="feedsToCheck">The feeds to check.</param>
-        /// <param name="isFallback">Whether the feeds are fallback feeds or not.</param>
-        /// <param name="isTimeout">Whether a timeout occurred while checking the feeds.</param>
-        /// <returns>The list of feeds that could be reached.</returns>
-        private List<string> GetReachableNuGetFeeds(HashSet<string> feedsToCheck, bool isFallback, out bool isTimeout)
-        {
-            var fallbackStr = isFallback ? "fallback " : "";
-            logger.LogInfo($"Checking {fallbackStr}NuGet feed reachability on feeds: {string.Join(", ", feedsToCheck.OrderBy(f => f))}");
-
-            var (initialTimeout, tryCount) = GetFeedRequestSettings(isFallback);
-            var timeout = false;
-            var reachableFeeds = feedsToCheck
-                .Where(feed =>
-                {
-                    var reachable = IsFeedReachable(feed, initialTimeout, tryCount, out var feedTimeout);
-                    timeout |= feedTimeout;
-                    return reachable;
-                })
-                .ToList();
-
-            if (reachableFeeds.Count == 0)
-            {
-                logger.LogWarning($"No {fallbackStr}NuGet feeds are reachable.");
-            }
-            else
-            {
-                logger.LogInfo($"Reachable {fallbackStr}NuGet feeds: {string.Join(", ", reachableFeeds.OrderBy(f => f))}");
-            }
-
-            isTimeout = timeout;
-            return reachableFeeds;
-        }
-
-        private bool IsDefaultFeedReachable()
-        {
-            if (checkNugetFeedResponsiveness)
-            {
-                var (initialTimeout, tryCount) = GetFeedRequestSettings(isFallback: false);
-                return IsFeedReachable(PublicNugetOrgFeed, initialTimeout, tryCount, out var _);
-            }
-
-            return true;
-        }
-
-        private List<string> GetReachableFallbackNugetFeeds(HashSet<string>? feedsFromNugetConfigs)
-        {
-            var fallbackFeeds = EnvironmentVariables.GetURLs(EnvironmentVariableNames.FallbackNugetFeeds).ToHashSet();
-            if (fallbackFeeds.Count == 0)
-            {
-                fallbackFeeds.Add(PublicNugetOrgFeed);
-                logger.LogInfo($"No fallback NuGet feeds specified. Adding default feed: {PublicNugetOrgFeed}");
-
-                var shouldAddNugetConfigFeeds = EnvironmentVariables.GetBooleanOptOut(EnvironmentVariableNames.AddNugetConfigFeedsToFallback);
-                logger.LogInfo($"Adding feeds from nuget.config to fallback restore: {shouldAddNugetConfigFeeds}");
-
-                if (shouldAddNugetConfigFeeds && feedsFromNugetConfigs?.Count > 0)
-                {
-                    // There are some feeds in `feedsFromNugetConfigs` that have already been checked for reachability, we could skip those.
-                    // But we might use different responsiveness testing settings when we try them in the fallback logic, so checking them again is safer.
-                    fallbackFeeds.UnionWith(feedsFromNugetConfigs);
-                    logger.LogInfo($"Using NuGet feeds from nuget.config files as fallback feeds: {string.Join(", ", feedsFromNugetConfigs.OrderBy(f => f))}");
-                }
-            }
-
-            var reachableFallbackFeeds = GetReachableNuGetFeeds(fallbackFeeds, isFallback: true, out var _);
-
-            compilationInfoContainer.CompilationInfos.Add(("Reachable fallback NuGet feed count", reachableFallbackFeeds.Count.ToString()));
-
-            return reachableFallbackFeeds;
-        }
 
         /// <summary>
         /// Executes `dotnet restore` on all solution files in solutions.
@@ -321,7 +239,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
             var projects = fileProvider.Solutions.SelectMany(solution =>
                 {
                     logger.LogInfo($"Restoring solution {solution}...");
-                    var nugetSources = MakeRestoreSourcesArgument(solution, reachableFeeds);
+                    var nugetSources = feedManager.MakeRestoreSourcesArgument(solution, reachableFeeds);
                     var res = dotnet.Restore(new(solution, PackageDirectory.DirInfo.FullName, ForceDotnetRefAssemblyFetching: true, NugetSources: nugetSources, TargetWindows: isWindows));
                     if (res.Success)
                     {
@@ -346,57 +264,6 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
             return projects;
         }
 
-        private string FeedsToRestoreArgument(IEnumerable<string> feeds)
-        {
-            // If there are no feeds, we want to override any default feeds that `dotnet restore` would use by passing a dummy source argument.
-            if (!feeds.Any())
-            {
-                return $" -s \"{emptyPackageDirectory.DirInfo.FullName}\"";
-            }
-
-            // Add package sources. If any are present, they override all sources specified in
-            // the configuration file(s).
-            var feedArgs = new StringBuilder();
-            foreach (var feed in feeds)
-            {
-                feedArgs.Append($" -s \"{feed}\"");
-            }
-
-            return feedArgs.ToString();
-        }
-
-        /// <summary>
-        /// Constructs the list of NuGet sources to use for this restore.
-        /// (1) Use the feeds we get from `dotnet nuget list source`
-        /// (2) Use private registries, if they are configured
-        /// </summary>
-        /// <param name="path">Path to project/solution</param>
-        /// <param name="reachableFeeds">The set of reachable NuGet feeds.</param>
-        /// <returns>A string representing the NuGet sources argument for the restore command.</returns>
-        private string? MakeRestoreSourcesArgument(string path, HashSet<string> reachableFeeds)
-        {
-            // Do not construct an set of explicit NuGet sources to use for restore.
-            if (!checkNugetFeedResponsiveness && !hasPrivateRegistryFeeds)
-            {
-                return null;
-            }
-
-            // Find the path specific feeds.
-            var folder = GetDirectoryName(path);
-            var feedsToConsider = folder is not null ? GetFeeds(() => dotnet.GetNugetFeedsFromFolder(folder)).ToHashSet() : [];
-
-            if (hasPrivateRegistryFeeds)
-            {
-                feedsToConsider.UnionWith(privateRegistryFeeds);
-            }
-
-            var feedsToUse = checkNugetFeedResponsiveness
-                ? feedsToConsider.Where(reachableFeeds.Contains)
-                : feedsToConsider;
-
-            return FeedsToRestoreArgument(feedsToUse);
-        }
-
         /// <summary>
         /// Executes `dotnet restore` on all projects in projects.
         /// This is done in parallel for performance reasons.
@@ -421,7 +288,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
                 foreach (var project in projectGroup)
                 {
                     logger.LogInfo($"Restoring project {project}...");
-                    var nugetSources = MakeRestoreSourcesArgument(project, reachableFeeds);
+                    var nugetSources = feedManager.MakeRestoreSourcesArgument(project, reachableFeeds);
                     var res = dotnet.Restore(new(project, PackageDirectory.DirInfo.FullName, ForceDotnetRefAssemblyFetching: true, NugetSources: nugetSources, TargetWindows: isWindows));
                     assets.AddDependenciesRange(res.AssetsFilePaths);
                     lock (sync)
@@ -450,7 +317,9 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
 
         private AssemblyLookupLocation? DownloadMissingPackagesFromSpecificFeeds(IEnumerable<string> usedPackageNames, HashSet<string>? feedsFromNugetConfigs)
         {
-            var reachableFallbackFeeds = GetReachableFallbackNugetFeeds(feedsFromNugetConfigs);
+            var reachableFallbackFeeds = feedManager.GetReachableFallbackNugetFeeds(feedsFromNugetConfigs);
+            compilationInfoContainer.CompilationInfos.Add(("Reachable fallback NuGet feed count", reachableFallbackFeeds.Count.ToString()));
+
             if (reachableFallbackFeeds.Count > 0)
             {
                 return DownloadMissingPackages(usedPackageNames, fallbackNugetFeeds: reachableFallbackFeeds);
@@ -736,147 +605,6 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
             }
         }
 
-        private static async Task<HttpResponseMessage> ExecuteGetRequest(string address, HttpClient httpClient, CancellationToken cancellationToken)
-        {
-            return await httpClient.GetAsync(address, HttpCompletionOption.ResponseHeadersRead, cancellationToken);
-        }
-
-        private bool IsFeedReachable(string feed, int timeoutMilliSeconds, int tryCount, out bool isTimeout)
-        {
-            logger.LogInfo($"Checking if NuGet feed '{feed}' is reachable...");
-
-            // Configure the HttpClient to be aware of the Dependabot Proxy, if used.
-            HttpClientHandler httpClientHandler = new();
-            if (dependabotProxy != null)
-            {
-                httpClientHandler.Proxy = new WebProxy(dependabotProxy.Address);
-
-                if (dependabotProxy.Certificate != null)
-                {
-                    httpClientHandler.ServerCertificateCustomValidationCallback = (message, cert, chain, _) =>
-                    {
-                        if (chain is null || cert is null)
-                        {
-                            var msg = cert is null && chain is null
-                                ? "certificate and chain"
-                                : chain is null
-                                    ? "chain"
-                                    : "certificate";
-                            logger.LogWarning($"Dependabot proxy certificate validation failed due to missing {msg}");
-                            return false;
-                        }
-                        chain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
-                        chain.ChainPolicy.CustomTrustStore.Add(dependabotProxy.Certificate);
-                        return chain.Build(cert);
-                    };
-                }
-            }
-
-            using HttpClient client = new(httpClientHandler);
-
-            isTimeout = false;
-
-            for (var i = 0; i < tryCount; i++)
-            {
-                using var cts = new CancellationTokenSource();
-                cts.CancelAfter(timeoutMilliSeconds);
-                try
-                {
-                    logger.LogInfo($"Attempt {i + 1}/{tryCount} to reach NuGet feed '{feed}'.");
-                    using var response = ExecuteGetRequest(feed, client, cts.Token).GetAwaiter().GetResult();
-                    response.EnsureSuccessStatusCode();
-                    logger.LogInfo($"Querying NuGet feed '{feed}' succeeded.");
-                    return true;
-                }
-                catch (Exception exc)
-                {
-                    if (exc is TaskCanceledException tce &&
-                        tce.CancellationToken == cts.Token &&
-                        cts.Token.IsCancellationRequested)
-                    {
-                        logger.LogInfo($"Didn't receive answer from NuGet feed '{feed}' in {timeoutMilliSeconds}ms.");
-                        timeoutMilliSeconds *= 2;
-                        continue;
-                    }
-
-                    logger.LogInfo($"Querying NuGet feed '{feed}' failed. The reason for the failure: {exc.Message}");
-                    return false;
-                }
-            }
-
-            logger.LogWarning($"Didn't receive answer from NuGet feed '{feed}'. Tried it {tryCount} times.");
-            isTimeout = true;
-            return false;
-        }
-
-        private (int initialTimeout, int tryCount) GetFeedRequestSettings(bool isFallback)
-        {
-            int timeoutMilliSeconds = isFallback && int.TryParse(Environment.GetEnvironmentVariable(EnvironmentVariableNames.NugetFeedResponsivenessInitialTimeoutForFallback), out timeoutMilliSeconds)
-                ? timeoutMilliSeconds
-                : int.TryParse(Environment.GetEnvironmentVariable(EnvironmentVariableNames.NugetFeedResponsivenessInitialTimeout), out timeoutMilliSeconds)
-                    ? timeoutMilliSeconds
-                    : 1000;
-            logger.LogDebug($"Initial timeout for NuGet feed reachability check is {timeoutMilliSeconds}ms.");
-
-            int tryCount = isFallback && int.TryParse(Environment.GetEnvironmentVariable(EnvironmentVariableNames.NugetFeedResponsivenessRequestCountForFallback), out tryCount)
-                ? tryCount
-                : int.TryParse(Environment.GetEnvironmentVariable(EnvironmentVariableNames.NugetFeedResponsivenessRequestCount), out tryCount)
-                    ? tryCount
-                    : 4;
-            logger.LogDebug($"Number of tries for NuGet feed reachability check is {tryCount}.");
-
-            return (timeoutMilliSeconds, tryCount);
-        }
-
-        /// <summary>
-        /// Retrieves a list of excluded NuGet feeds from the corresponding environment variable.
-        /// </summary>
-        private HashSet<string> GetExcludedFeeds()
-        {
-            var excludedFeeds = EnvironmentVariables.GetURLs(EnvironmentVariableNames.ExcludedNugetFeedsFromResponsivenessCheck)
-                .ToHashSet();
-
-            if (excludedFeeds.Count > 0)
-            {
-                logger.LogInfo($"Excluded NuGet feeds from responsiveness check: {string.Join(", ", excludedFeeds.OrderBy(f => f))}");
-            }
-
-            return excludedFeeds;
-        }
-
-        /// <summary>
-        /// Checks that we can connect to the specified NuGet feeds.
-        /// </summary>
-        /// <param name="feeds">The set of package feeds to check.</param>
-        /// <param name="reachableFeeds">The list of feeds that were reachable.</param>
-        /// <returns>
-        /// True if there is a timeout when trying to reach the feeds (excluding any feeds that are configured
-        /// to be excluded from the check) or false otherwise.
-        /// </returns>
-        private bool CheckSpecifiedFeeds(HashSet<string> feeds, out HashSet<string> reachableFeeds)
-        {
-            // Exclude any feeds from the feed check that are configured by the corresponding environment variable.
-            // These feeds are always assumed to be reachable.
-            var excludedFeeds = GetExcludedFeeds();
-
-            HashSet<string> feedsToCheck = feeds.Where(feed =>
-            {
-                if (excludedFeeds.Contains(feed))
-                {
-                    logger.LogInfo($"Not checking reachability of NuGet feed '{feed}' as it is in the list of excluded feeds.");
-                    return false;
-                }
-                return true;
-            }).ToHashSet();
-
-            reachableFeeds = GetReachableNuGetFeeds(feedsToCheck, isFallback: false, out var isTimeout).ToHashSet();
-
-            // Always consider feeds excluded for the reachability check as reachable.
-            reachableFeeds.UnionWith(feeds.Where(feed => excludedFeeds.Contains(feed)));
-
-            return isTimeout;
-        }
-
         /// <summary>
         /// If <paramref name="allFeedsReachable"/> is `false`, logs this and emits a diagnostic.
         /// Adds a `CompilationInfos` entry either way.
@@ -899,56 +627,15 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
             compilationInfoContainer.CompilationInfos.Add(("All NuGet feeds reachable", allFeedsReachable ? "1" : "0"));
         }
 
-        private IEnumerable<string> GetFeeds(Func<IList<string>> getNugetFeeds)
+        private void EmitNugetConfigDiagnostics()
         {
-            var results = getNugetFeeds();
-            var regex = EnabledNugetFeed();
-            foreach (var result in results)
-            {
-                var match = regex.Match(result);
-                if (!match.Success)
-                {
-                    logger.LogError($"Failed to parse feed from '{result}'");
-                    continue;
-                }
-
-                var url = match.Groups[1].Value;
-                if (!url.StartsWith("https://", StringComparison.InvariantCultureIgnoreCase) &&
-                    !url.StartsWith("http://", StringComparison.InvariantCultureIgnoreCase))
-                {
-                    logger.LogInfo($"Skipping feed '{url}' as it is not a valid URL.");
-                    continue;
-                }
-
-                if (!string.IsNullOrWhiteSpace(url))
-                {
-                    yield return url;
-                }
-            }
-        }
-
-        private string? GetDirectoryName(string path)
-        {
-            try
-            {
-                return new FileInfo(path).Directory?.FullName;
-            }
-            catch (Exception exc)
-            {
-                logger.LogWarning($"Failed to get directory of '{path}': {exc}");
-            }
-            return null;
-        }
-
-        private (HashSet<string> explicitFeeds, HashSet<string> allFeeds) GetAllFeeds()
-        {
-            var nugetConfigs = fileProvider.NugetConfigs;
-
             // On systems with case-sensitive file systems (for simplicity, we assume that is Linux), the
             // filenames of NuGet configuration files must be named correctly. For compatibility with projects
             // that are typically built on Windows or macOS where this doesn't matter, we accept all variants
             // of `nuget.config` ourselves. However, `dotnet` does not. If we detect that incorrectly-named
             // files are present, we emit a diagnostic to warn the user.
+            var nugetConfigs = fileProvider.NugetConfigs;
+
             if (SystemBuildActions.Instance.IsLinux())
             {
                 string[] acceptedNugetConfigNames = ["nuget.config", "NuGet.config", "NuGet.Config"];
@@ -978,53 +665,6 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
                     ));
                 }
             }
-
-            // Find feeds that are explicitly configured in the NuGet configuration files that we found.
-            var explicitFeeds = nugetConfigs
-                .SelectMany(config => GetFeeds(() => dotnet.GetNugetFeeds(config)))
-                .ToHashSet();
-
-            if (explicitFeeds.Count > 0)
-            {
-                logger.LogInfo($"Found {explicitFeeds.Count} NuGet feeds in nuget.config files: {string.Join(", ", explicitFeeds.OrderBy(f => f))}");
-            }
-            else
-            {
-                logger.LogDebug("No NuGet feeds found in nuget.config files.");
-            }
-
-            // If private package registries are configured for C#, then consider those
-            // in addition to the ones that are configured in `nuget.config` files.
-            if (hasPrivateRegistryFeeds)
-            {
-                logger.LogInfo($"Found {privateRegistryFeeds.Count} private registry feeds configured for C#: {string.Join(", ", privateRegistryFeeds.OrderBy(f => f))}");
-                explicitFeeds.UnionWith(privateRegistryFeeds);
-            }
-
-            HashSet<string> allFeeds = [];
-
-            // Add all explicitFeeds to the set of all feeds.
-            allFeeds.UnionWith(explicitFeeds);
-
-            // Obtain the list of feeds from the root source directory.
-            // If a NuGet file is present it will be respected, otherwise we will just get the machine/environment specific feeds.
-            var nugetFeedsFromRoot = GetFeeds(() => dotnet.GetNugetFeedsFromFolder(fileProvider.SourceDir.FullName));
-            allFeeds.UnionWith(nugetFeedsFromRoot);
-
-            if (nugetConfigs.Count > 0)
-            {
-                var nugetConfigFeeds = nugetConfigs
-                    .Select(GetDirectoryName)
-                    .Where(folder => folder != null)
-                    .SelectMany(folder => GetFeeds(() => dotnet.GetNugetFeedsFromFolder(folder!)))
-                    .ToHashSet();
-
-                allFeeds.UnionWith(nugetConfigFeeds);
-            }
-
-            logger.LogInfo($"Found {allFeeds.Count} NuGet feeds (with inherited ones) in nuget.config files: {string.Join(", ", allFeeds.OrderBy(f => f))}");
-
-            return (explicitFeeds, allFeeds);
         }
 
         [GeneratedRegex(@"<TargetFramework>.*</TargetFramework>", RegexOptions.IgnoreCase | RegexOptions.Compiled | RegexOptions.Singleline)]
@@ -1036,15 +676,12 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
         [GeneratedRegex(@"^(.+)\.(\d+\.\d+\.\d+(-(.+))?)$", RegexOptions.IgnoreCase | RegexOptions.Compiled | RegexOptions.Singleline)]
         private static partial Regex LegacyNugetPackage();
 
-        [GeneratedRegex(@"^E\s(.*)$", RegexOptions.IgnoreCase | RegexOptions.Compiled | RegexOptions.Singleline)]
-        private static partial Regex EnabledNugetFeed();
-
         public void Dispose()
         {
             PackageDirectory?.Dispose();
             legacyPackageDirectory?.Dispose();
             missingPackageDirectory?.Dispose();
-            emptyPackageDirectory?.Dispose();
+            feedManager.Dispose();
         }
 
         /// <summary>

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/PackagesConfigRestorer.cs

@@ -40,7 +40,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
                 return new NugetExeWrapper(fileProvider, packageDirectory, logger, useDefaultFeed);
             }
 
-            return new NoOpPackagesConfig(fileProvider, logger);
+            return new NoOpPackagesConfig(fileProvider.PackagesConfigs, logger);
         }
 
         /// <summary>
@@ -302,7 +302,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
             private void AddDefaultPackageSource(string nugetConfig)
             {
                 logger.LogInfo("Adding default package source...");
-                RunMonoNugetCommand($"sources add -Name DefaultNugetOrg -Source {NugetPackageRestorer.PublicNugetOrgFeed} -ConfigFile \"{nugetConfig}\"", out _);
+                RunMonoNugetCommand($"sources add -Name DefaultNugetOrg -Source {FeedManager.PublicNugetOrgFeed} -ConfigFile \"{nugetConfig}\"", out _);
             }
 
             public void Dispose()
@@ -343,15 +343,15 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
         private class NoOpPackagesConfig : IPackagesConfigRestore
         {
             private readonly Semmle.Util.Logging.ILogger logger;
-            private readonly FileProvider fileProvider;
+            private readonly ICollection<string> packagesConfigs;
 
-            public NoOpPackagesConfig(FileProvider fileProvider, Semmle.Util.Logging.ILogger logger)
+            public NoOpPackagesConfig(ICollection<string> packagesConfigs, Semmle.Util.Logging.ILogger logger)
             {
-                this.fileProvider = fileProvider;
+                this.packagesConfigs = packagesConfigs;
                 this.logger = logger;
             }
 
-            public int PackageCount => fileProvider.PackagesConfigs.Count;
+            public int PackageCount => packagesConfigs.Count;
 
             public int InstallPackages()
             {

csharp/extractor/Semmle.Extraction.CSharp/Entities/Statements/Catch.cs

@@ -25,7 +25,7 @@ namespace Semmle.Extraction.CSharp.Entities.Statements
             {
                 var type = Type.Create(Context, Context.GetType(Stmt.Declaration!.Type));
                 trapFile.catch_type(this, type.TypeRef, true);
-                TypeMention.Create(Context, Stmt.Declaration!.Type, this, type);
+                Expression.Create(Context, Stmt.Declaration!.Type, this, 0);
             }
             else // A catch clause of the form 'catch { ... }'
             {

csharp/ql/lib/semmle/code/csharp/Stmt.qll

@@ -995,6 +995,23 @@ class SpecificCatchClause extends CatchClause {
   /** Gets the local variable declaration of this catch clause, if any. */
   LocalVariableDeclExpr getVariableDeclExpr() { result.getParent() = this }
 
+  /**
+   * Gets the type access of this catch clause, if it has no variable declaration.
+   *
+   * For example, the type access in
+   *
+   * ```csharp
+   * try { ... }
+   * catch (IOException) { ... }
+   * ```
+   *
+   * is `IOException`.
+   */
+  TypeAccess getTypeAccess() {
+    not exists(this.getVariableDeclExpr()) and
+    result = this.getChild(0)
+  }
+
   override string toString() { result = "catch (...) {...}" }
 
   override string getAPrimaryQlClass() { result = "SpecificCatchClause" }

csharp/ql/lib/semmle/code/csharp/controlflow/internal/ControlFlowGraph.qll

@@ -75,7 +75,8 @@ module Ast implements AstSig<Location> {
 
   additional predicate skipControlFlow(AstNode e) {
     e instanceof TypeAccess and
-    not e instanceof TypeAccessPatternExpr
+    not e instanceof TypeAccessPatternExpr and
+    not any(CS::SpecificCatchClause sc).getTypeAccess() = e
     or
     not e.getFile().fromSource()
   }
@@ -90,6 +91,7 @@ module Ast implements AstSig<Location> {
   private AstNode getStmtChild0(Stmt s, int i) {
     not s instanceof FixedStmt and
     not s instanceof UsingBlockStmt and
+    not skipControlFlow(result) and
     result = s.getChild(i)
     or
     s =
@@ -219,7 +221,12 @@ module Ast implements AstSig<Location> {
   final private class FinalCatchClause = CS::CatchClause;
 
   class CatchClause extends FinalCatchClause {
-    AstNode getVariable() { result = this.(CS::SpecificCatchClause).getVariableDeclExpr() }
+    AstNode getPattern() {
+      result = this.(CS::SpecificCatchClause).getVariableDeclExpr() or
+      result = this.(CS::SpecificCatchClause).getTypeAccess()
+    }
+
+    AstNode getVariable() { none() }
 
     Expr getCondition() { result = this.getFilterClause() }
 

csharp/ql/test/library-tests/controlflow/graph/BasicBlock.expected

@@ -447,13 +447,13 @@
 | ExitMethods.cs:20:10:20:11 | Entry | ExitMethods.cs:20:10:20:11 | Exit | 8 |
 | ExitMethods.cs:26:10:26:11 | Entry | ExitMethods.cs:26:10:26:11 | Exit | 8 |
 | ExitMethods.cs:32:10:32:11 | Entry | ExitMethods.cs:32:10:32:11 | Exit | 8 |
-| ExitMethods.cs:38:10:38:11 | Entry | ExitMethods.cs:44:9:47:9 | catch (...) {...} | 9 |
+| ExitMethods.cs:38:10:38:11 | Entry | ExitMethods.cs:44:16:44:32 | access to type ArgumentException | 10 |
 | ExitMethods.cs:38:10:38:11 | Exit | ExitMethods.cs:38:10:38:11 | Exit | 1 |
 | ExitMethods.cs:38:10:38:11 | Normal Exit | ExitMethods.cs:38:10:38:11 | Normal Exit | 1 |
-| ExitMethods.cs:44:9:47:9 | After catch (...) {...} [match] | ExitMethods.cs:46:13:46:19 | return ...; | 4 |
-| ExitMethods.cs:44:9:47:9 | After catch (...) {...} [no-match] | ExitMethods.cs:48:9:51:9 | catch (...) {...} | 2 |
-| ExitMethods.cs:48:9:51:9 | After catch (...) {...} [match] | ExitMethods.cs:50:13:50:19 | return ...; | 4 |
-| ExitMethods.cs:48:9:51:9 | After catch (...) {...} [no-match] | ExitMethods.cs:38:10:38:11 | Exceptional Exit | 2 |
+| ExitMethods.cs:44:16:44:32 | After access to type ArgumentException [match] | ExitMethods.cs:46:13:46:19 | return ...; | 4 |
+| ExitMethods.cs:44:16:44:32 | After access to type ArgumentException [no-match] | ExitMethods.cs:48:16:48:24 | access to type Exception | 4 |
+| ExitMethods.cs:48:16:48:24 | After access to type Exception [match] | ExitMethods.cs:50:13:50:19 | return ...; | 4 |
+| ExitMethods.cs:48:16:48:24 | After access to type Exception [no-match] | ExitMethods.cs:38:10:38:11 | Exceptional Exit | 3 |
 | ExitMethods.cs:54:10:54:11 | Entry | ExitMethods.cs:54:10:54:11 | Exit | 7 |
 | ExitMethods.cs:60:10:60:11 | Entry | ExitMethods.cs:60:10:60:11 | Exit | 7 |
 | ExitMethods.cs:66:17:66:26 | Entry | ExitMethods.cs:68:13:68:13 | access to parameter b | 5 |
@@ -508,13 +508,13 @@
 | Finally.cs:19:10:19:11 | Normal Exit | Finally.cs:19:10:19:11 | Normal Exit | 1 |
 | Finally.cs:21:9:51:9 | After try {...} ... | Finally.cs:20:5:52:5 | After {...} | 2 |
 | Finally.cs:23:13:23:37 | After call to method WriteLine | Finally.cs:24:13:24:19 | return ...; | 4 |
-| Finally.cs:26:9:29:9 | After catch (...) {...} [match] | Finally.cs:28:13:28:18 | throw ...; | 7 |
-| Finally.cs:26:9:29:9 | After catch (...) {...} [no-match] | Finally.cs:30:9:40:9 | catch (...) {...} | 2 |
-| Finally.cs:26:9:29:9 | catch (...) {...} | Finally.cs:26:9:29:9 | catch (...) {...} | 1 |
-| Finally.cs:30:9:40:9 | After catch (...) {...} [match] | Finally.cs:38:17:38:44 | throw ...; | 17 |
-| Finally.cs:30:9:40:9 | After catch (...) {...} [no-match] | Finally.cs:41:9:43:9 | catch (...) {...} | 2 |
-| Finally.cs:41:9:43:9 | After catch (...) {...} [match] | Finally.cs:42:9:43:9 | {...} | 2 |
-| Finally.cs:41:9:43:9 | After catch (...) {...} [no-match] | Finally.cs:46:13:46:19 | return ...; | 6 |
+| Finally.cs:26:9:29:9 | catch (...) {...} | Finally.cs:26:38:26:39 | IOException ex | 2 |
+| Finally.cs:26:38:26:39 | After IOException ex [match] | Finally.cs:28:13:28:18 | throw ...; | 6 |
+| Finally.cs:26:38:26:39 | After IOException ex [no-match] | Finally.cs:30:41:30:42 | ArgumentException ex | 4 |
+| Finally.cs:30:41:30:42 | After ArgumentException ex [match] | Finally.cs:38:17:38:44 | throw ...; | 16 |
+| Finally.cs:30:41:30:42 | After ArgumentException ex [no-match] | Finally.cs:41:16:41:24 | access to type Exception | 4 |
+| Finally.cs:41:16:41:24 | After access to type Exception [match] | Finally.cs:42:9:43:9 | {...} | 2 |
+| Finally.cs:41:16:41:24 | After access to type Exception [no-match] | Finally.cs:46:13:46:19 | return ...; | 6 |
 | Finally.cs:49:9:51:9 | {...} | Finally.cs:49:9:51:9 | After {...} | 8 |
 | Finally.cs:54:10:54:11 | Entry | Finally.cs:58:13:58:37 | call to method WriteLine | 8 |
 | Finally.cs:54:10:54:11 | Exceptional Exit | Finally.cs:54:10:54:11 | Exceptional Exit | 1 |
@@ -522,11 +522,12 @@
 | Finally.cs:54:10:54:11 | Normal Exit | Finally.cs:54:10:54:11 | Normal Exit | 1 |
 | Finally.cs:56:9:71:9 | After try {...} ... | Finally.cs:55:5:72:5 | After {...} | 2 |
 | Finally.cs:58:13:58:37 | After call to method WriteLine | Finally.cs:59:13:59:19 | return ...; | 4 |
-| Finally.cs:61:9:64:9 | After catch (...) {...} [match] | Finally.cs:63:13:63:18 | throw ...; | 7 |
-| Finally.cs:61:9:64:9 | After catch (...) {...} [no-match] | Finally.cs:65:9:67:9 | catch (...) {...} | 2 |
-| Finally.cs:61:9:64:9 | catch (...) {...} | Finally.cs:61:9:64:9 | catch (...) {...} | 1 |
-| Finally.cs:65:9:67:9 | After catch (...) {...} [match] | Finally.cs:65:35:65:51 | ... != ... | 9 |
+| Finally.cs:61:9:64:9 | catch (...) {...} | Finally.cs:61:38:61:39 | IOException ex | 2 |
+| Finally.cs:61:38:61:39 | After IOException ex [match] | Finally.cs:63:13:63:18 | throw ...; | 6 |
+| Finally.cs:61:38:61:39 | After IOException ex [no-match] | Finally.cs:65:26:65:26 | Exception e | 4 |
 | Finally.cs:65:9:67:9 | After catch (...) {...} [no-match] | Finally.cs:65:9:67:9 | After catch (...) {...} [no-match] | 1 |
+| Finally.cs:65:26:65:26 | After Exception e [match] | Finally.cs:65:35:65:51 | ... != ... | 8 |
+| Finally.cs:65:26:65:26 | After Exception e [no-match] | Finally.cs:65:26:65:26 | After Exception e [no-match] | 1 |
 | Finally.cs:65:35:65:51 | After ... != ... [false] | Finally.cs:65:35:65:51 | After ... != ... [false] | 1 |
 | Finally.cs:65:35:65:51 | After ... != ... [true] | Finally.cs:66:9:67:9 | {...} | 2 |
 | Finally.cs:69:9:71:9 | {...} | Finally.cs:69:9:71:9 | After {...} | 8 |
@@ -589,9 +590,10 @@
 | Finally.cs:158:21:158:36 | After ... == ... [false] | Finally.cs:157:13:160:13 | After {...} | 3 |
 | Finally.cs:158:21:158:36 | After ... == ... [true] | Finally.cs:159:27:159:44 | object creation of type Exception | 5 |
 | Finally.cs:159:27:159:44 | After object creation of type Exception | Finally.cs:159:21:159:45 | throw ...; | 2 |
-| Finally.cs:161:13:164:13 | After catch (...) {...} [match] | Finally.cs:161:39:161:54 | ... == ... | 9 |
-| Finally.cs:161:13:164:13 | After catch (...) {...} [no-match] | Finally.cs:166:13:168:13 | After {...} | 11 |
-| Finally.cs:161:13:164:13 | catch (...) {...} | Finally.cs:161:13:164:13 | catch (...) {...} | 1 |
+| Finally.cs:161:13:164:13 | After catch (...) {...} [no-match] | Finally.cs:166:13:168:13 | After {...} | 10 |
+| Finally.cs:161:13:164:13 | catch (...) {...} | Finally.cs:161:30:161:30 | Exception e | 2 |
+| Finally.cs:161:30:161:30 | After Exception e [match] | Finally.cs:161:39:161:54 | ... == ... | 8 |
+| Finally.cs:161:30:161:30 | After Exception e [no-match] | Finally.cs:161:30:161:30 | After Exception e [no-match] | 1 |
 | Finally.cs:161:39:161:54 | After ... == ... [false] | Finally.cs:161:39:161:54 | After ... == ... [false] | 1 |
 | Finally.cs:161:39:161:54 | After ... == ... [true] | Finally.cs:162:13:164:13 | After {...} | 13 |
 | Finally.cs:172:11:172:20 | Entry | Finally.cs:172:11:172:20 | Exit | 11 |
@@ -609,9 +611,10 @@
 | Finally.cs:186:21:186:22 | After access to parameter b2 [false] | Finally.cs:185:13:187:13 | After {...} | 3 |
 | Finally.cs:186:21:186:22 | After access to parameter b2 [true] | Finally.cs:186:31:186:46 | object creation of type ExceptionB | 4 |
 | Finally.cs:186:31:186:46 | After object creation of type ExceptionB | Finally.cs:186:25:186:47 | throw ...; | 2 |
-| Finally.cs:188:13:191:13 | After catch (...) {...} [match] | Finally.cs:188:38:188:39 | access to parameter b2 | 2 |
 | Finally.cs:188:13:191:13 | After catch (...) {...} [no-match] | Finally.cs:188:13:191:13 | After catch (...) {...} [no-match] | 1 |
-| Finally.cs:188:13:191:13 | catch (...) {...} | Finally.cs:188:13:191:13 | catch (...) {...} | 1 |
+| Finally.cs:188:13:191:13 | catch (...) {...} | Finally.cs:188:20:188:29 | access to type ExceptionB | 2 |
+| Finally.cs:188:20:188:29 | After access to type ExceptionB [match] | Finally.cs:188:38:188:39 | access to parameter b2 | 2 |
+| Finally.cs:188:20:188:29 | After access to type ExceptionB [no-match] | Finally.cs:188:20:188:29 | After access to type ExceptionB [no-match] | 1 |
 | Finally.cs:188:38:188:39 | After access to parameter b2 [false] | Finally.cs:188:38:188:39 | After access to parameter b2 [false] | 1 |
 | Finally.cs:188:38:188:39 | After access to parameter b2 [true] | Finally.cs:190:21:190:22 | access to parameter b1 | 4 |
 | Finally.cs:190:21:190:22 | After access to parameter b1 [false] | Finally.cs:189:13:191:13 | After {...} | 3 |
@@ -633,7 +636,7 @@
 | Finally.cs:209:21:209:22 | After access to parameter b3 [true] | Finally.cs:209:25:209:47 | throw ...; | 6 |
 | Finally.cs:216:10:216:12 | Entry | Finally.cs:220:13:220:36 | call to method WriteLine | 8 |
 | Finally.cs:220:13:220:36 | After call to method WriteLine | Finally.cs:219:9:221:9 | After {...} | 3 |
-| Finally.cs:222:9:225:9 | catch {...} | Finally.cs:223:9:225:9 | After {...} | 10 |
+| Finally.cs:222:9:225:9 | catch {...} | Finally.cs:223:9:225:9 | After {...} | 9 |
 | Finally.cs:227:9:229:9 | {...} | Finally.cs:216:10:216:12 | Exit | 18 |
 | Finally.cs:233:10:233:12 | Entry | Finally.cs:239:21:239:22 | access to parameter b1 | 10 |
 | Finally.cs:233:10:233:12 | Exceptional Exit | Finally.cs:233:10:233:12 | Exceptional Exit | 1 |

csharp/ql/test/library-tests/controlflow/graph/Condition.expected

@@ -264,12 +264,12 @@ conditionBlock
 | DefaultParam.cs:3:12:3:13 | Entry | DefaultParam.cs:3:30:3:30 | After s [no-match] | false |
 | DefaultParam.cs:3:42:3:42 | i | DefaultParam.cs:3:42:3:42 | After i [match] | true |
 | DefaultParam.cs:3:42:3:42 | i | DefaultParam.cs:3:42:3:42 | After i [no-match] | false |
-| ExitMethods.cs:38:10:38:11 | Entry | ExitMethods.cs:44:9:47:9 | After catch (...) {...} [match] | true |
-| ExitMethods.cs:38:10:38:11 | Entry | ExitMethods.cs:44:9:47:9 | After catch (...) {...} [no-match] | false |
-| ExitMethods.cs:38:10:38:11 | Entry | ExitMethods.cs:48:9:51:9 | After catch (...) {...} [match] | false |
-| ExitMethods.cs:38:10:38:11 | Entry | ExitMethods.cs:48:9:51:9 | After catch (...) {...} [no-match] | false |
-| ExitMethods.cs:44:9:47:9 | After catch (...) {...} [no-match] | ExitMethods.cs:48:9:51:9 | After catch (...) {...} [match] | true |
-| ExitMethods.cs:44:9:47:9 | After catch (...) {...} [no-match] | ExitMethods.cs:48:9:51:9 | After catch (...) {...} [no-match] | false |
+| ExitMethods.cs:38:10:38:11 | Entry | ExitMethods.cs:44:16:44:32 | After access to type ArgumentException [match] | true |
+| ExitMethods.cs:38:10:38:11 | Entry | ExitMethods.cs:44:16:44:32 | After access to type ArgumentException [no-match] | false |
+| ExitMethods.cs:38:10:38:11 | Entry | ExitMethods.cs:48:16:48:24 | After access to type Exception [match] | false |
+| ExitMethods.cs:38:10:38:11 | Entry | ExitMethods.cs:48:16:48:24 | After access to type Exception [no-match] | false |
+| ExitMethods.cs:44:16:44:32 | After access to type ArgumentException [no-match] | ExitMethods.cs:48:16:48:24 | After access to type Exception [match] | true |
+| ExitMethods.cs:44:16:44:32 | After access to type ArgumentException [no-match] | ExitMethods.cs:48:16:48:24 | After access to type Exception [no-match] | false |
 | ExitMethods.cs:66:17:66:26 | Entry | ExitMethods.cs:68:13:68:13 | After access to parameter b [false] | false |
 | ExitMethods.cs:66:17:66:26 | Entry | ExitMethods.cs:68:13:68:13 | After access to parameter b [true] | true |
 | ExitMethods.cs:72:17:72:27 | Entry | ExitMethods.cs:74:13:74:13 | After access to parameter b [false] | false |
@@ -280,29 +280,31 @@ conditionBlock
 | ExitMethods.cs:115:16:115:34 | Entry | ExitMethods.cs:117:16:117:30 | After call to method Contains [true] | true |
 | ExitMethods.cs:140:17:140:42 | Entry | ExitMethods.cs:142:13:142:13 | After access to parameter b [false] | false |
 | ExitMethods.cs:140:17:140:42 | Entry | ExitMethods.cs:142:13:142:13 | After access to parameter b [true] | true |
-| Finally.cs:26:9:29:9 | After catch (...) {...} [no-match] | Finally.cs:30:9:40:9 | After catch (...) {...} [match] | true |
-| Finally.cs:26:9:29:9 | After catch (...) {...} [no-match] | Finally.cs:30:9:40:9 | After catch (...) {...} [no-match] | false |
-| Finally.cs:26:9:29:9 | After catch (...) {...} [no-match] | Finally.cs:41:9:43:9 | After catch (...) {...} [match] | false |
-| Finally.cs:26:9:29:9 | After catch (...) {...} [no-match] | Finally.cs:41:9:43:9 | After catch (...) {...} [no-match] | false |
-| Finally.cs:26:9:29:9 | catch (...) {...} | Finally.cs:26:9:29:9 | After catch (...) {...} [match] | true |
-| Finally.cs:26:9:29:9 | catch (...) {...} | Finally.cs:26:9:29:9 | After catch (...) {...} [no-match] | false |
-| Finally.cs:26:9:29:9 | catch (...) {...} | Finally.cs:30:9:40:9 | After catch (...) {...} [match] | false |
-| Finally.cs:26:9:29:9 | catch (...) {...} | Finally.cs:30:9:40:9 | After catch (...) {...} [no-match] | false |
-| Finally.cs:26:9:29:9 | catch (...) {...} | Finally.cs:41:9:43:9 | After catch (...) {...} [match] | false |
-| Finally.cs:26:9:29:9 | catch (...) {...} | Finally.cs:41:9:43:9 | After catch (...) {...} [no-match] | false |
-| Finally.cs:30:9:40:9 | After catch (...) {...} [no-match] | Finally.cs:41:9:43:9 | After catch (...) {...} [match] | true |
-| Finally.cs:30:9:40:9 | After catch (...) {...} [no-match] | Finally.cs:41:9:43:9 | After catch (...) {...} [no-match] | false |
-| Finally.cs:61:9:64:9 | After catch (...) {...} [no-match] | Finally.cs:65:9:67:9 | After catch (...) {...} [match] | true |
-| Finally.cs:61:9:64:9 | After catch (...) {...} [no-match] | Finally.cs:65:35:65:51 | After ... != ... [false] | true |
-| Finally.cs:61:9:64:9 | After catch (...) {...} [no-match] | Finally.cs:65:35:65:51 | After ... != ... [true] | true |
-| Finally.cs:61:9:64:9 | catch (...) {...} | Finally.cs:61:9:64:9 | After catch (...) {...} [match] | true |
-| Finally.cs:61:9:64:9 | catch (...) {...} | Finally.cs:61:9:64:9 | After catch (...) {...} [no-match] | false |
-| Finally.cs:61:9:64:9 | catch (...) {...} | Finally.cs:65:9:67:9 | After catch (...) {...} [match] | false |
+| Finally.cs:26:9:29:9 | catch (...) {...} | Finally.cs:26:38:26:39 | After IOException ex [match] | true |
+| Finally.cs:26:9:29:9 | catch (...) {...} | Finally.cs:26:38:26:39 | After IOException ex [no-match] | false |
+| Finally.cs:26:9:29:9 | catch (...) {...} | Finally.cs:30:41:30:42 | After ArgumentException ex [match] | false |
+| Finally.cs:26:9:29:9 | catch (...) {...} | Finally.cs:30:41:30:42 | After ArgumentException ex [no-match] | false |
+| Finally.cs:26:9:29:9 | catch (...) {...} | Finally.cs:41:16:41:24 | After access to type Exception [match] | false |
+| Finally.cs:26:9:29:9 | catch (...) {...} | Finally.cs:41:16:41:24 | After access to type Exception [no-match] | false |
+| Finally.cs:26:38:26:39 | After IOException ex [no-match] | Finally.cs:30:41:30:42 | After ArgumentException ex [match] | true |
+| Finally.cs:26:38:26:39 | After IOException ex [no-match] | Finally.cs:30:41:30:42 | After ArgumentException ex [no-match] | false |
+| Finally.cs:26:38:26:39 | After IOException ex [no-match] | Finally.cs:41:16:41:24 | After access to type Exception [match] | false |
+| Finally.cs:26:38:26:39 | After IOException ex [no-match] | Finally.cs:41:16:41:24 | After access to type Exception [no-match] | false |
+| Finally.cs:30:41:30:42 | After ArgumentException ex [no-match] | Finally.cs:41:16:41:24 | After access to type Exception [match] | true |
+| Finally.cs:30:41:30:42 | After ArgumentException ex [no-match] | Finally.cs:41:16:41:24 | After access to type Exception [no-match] | false |
+| Finally.cs:61:9:64:9 | catch (...) {...} | Finally.cs:61:38:61:39 | After IOException ex [match] | true |
+| Finally.cs:61:9:64:9 | catch (...) {...} | Finally.cs:61:38:61:39 | After IOException ex [no-match] | false |
 | Finally.cs:61:9:64:9 | catch (...) {...} | Finally.cs:65:9:67:9 | After catch (...) {...} [no-match] | false |
+| Finally.cs:61:9:64:9 | catch (...) {...} | Finally.cs:65:26:65:26 | After Exception e [match] | false |
+| Finally.cs:61:9:64:9 | catch (...) {...} | Finally.cs:65:26:65:26 | After Exception e [no-match] | false |
 | Finally.cs:61:9:64:9 | catch (...) {...} | Finally.cs:65:35:65:51 | After ... != ... [false] | false |
 | Finally.cs:61:9:64:9 | catch (...) {...} | Finally.cs:65:35:65:51 | After ... != ... [true] | false |
-| Finally.cs:65:9:67:9 | After catch (...) {...} [match] | Finally.cs:65:35:65:51 | After ... != ... [false] | false |
-| Finally.cs:65:9:67:9 | After catch (...) {...} [match] | Finally.cs:65:35:65:51 | After ... != ... [true] | true |
+| Finally.cs:61:38:61:39 | After IOException ex [no-match] | Finally.cs:65:26:65:26 | After Exception e [match] | true |
+| Finally.cs:61:38:61:39 | After IOException ex [no-match] | Finally.cs:65:26:65:26 | After Exception e [no-match] | false |
+| Finally.cs:61:38:61:39 | After IOException ex [no-match] | Finally.cs:65:35:65:51 | After ... != ... [false] | true |
+| Finally.cs:61:38:61:39 | After IOException ex [no-match] | Finally.cs:65:35:65:51 | After ... != ... [true] | true |
+| Finally.cs:65:26:65:26 | After Exception e [match] | Finally.cs:65:35:65:51 | After ... != ... [false] | false |
+| Finally.cs:65:26:65:26 | After Exception e [match] | Finally.cs:65:35:65:51 | After ... != ... [true] | true |
 | Finally.cs:77:9:100:9 | [LoopHeader] while (...) ... | Finally.cs:74:10:74:11 | Exceptional Exit | true |
 | Finally.cs:77:9:100:9 | [LoopHeader] while (...) ... | Finally.cs:77:16:77:20 | After ... > ... [false] | false |
 | Finally.cs:77:9:100:9 | [LoopHeader] while (...) ... | Finally.cs:77:16:77:20 | After ... > ... [true] | true |
@@ -354,33 +356,36 @@ conditionBlock
 | Finally.cs:158:21:158:31 | After access to property Length | Finally.cs:158:21:158:36 | After ... == ... [false] | false |
 | Finally.cs:158:21:158:31 | After access to property Length | Finally.cs:158:21:158:36 | After ... == ... [true] | true |
 | Finally.cs:158:21:158:31 | After access to property Length | Finally.cs:159:27:159:44 | After object creation of type Exception | true |
-| Finally.cs:161:13:164:13 | After catch (...) {...} [match] | Finally.cs:161:39:161:54 | After ... == ... [false] | false |
-| Finally.cs:161:13:164:13 | After catch (...) {...} [match] | Finally.cs:161:39:161:54 | After ... == ... [true] | true |
-| Finally.cs:161:13:164:13 | catch (...) {...} | Finally.cs:161:13:164:13 | After catch (...) {...} [match] | true |
+| Finally.cs:161:13:164:13 | catch (...) {...} | Finally.cs:161:30:161:30 | After Exception e [match] | true |
+| Finally.cs:161:13:164:13 | catch (...) {...} | Finally.cs:161:30:161:30 | After Exception e [no-match] | false |
 | Finally.cs:161:13:164:13 | catch (...) {...} | Finally.cs:161:39:161:54 | After ... == ... [false] | true |
 | Finally.cs:161:13:164:13 | catch (...) {...} | Finally.cs:161:39:161:54 | After ... == ... [true] | true |
+| Finally.cs:161:30:161:30 | After Exception e [match] | Finally.cs:161:39:161:54 | After ... == ... [false] | false |
+| Finally.cs:161:30:161:30 | After Exception e [match] | Finally.cs:161:39:161:54 | After ... == ... [true] | true |
 | Finally.cs:176:10:176:11 | Entry | Finally.cs:180:17:180:18 | After access to parameter b1 [false] | false |
 | Finally.cs:176:10:176:11 | Entry | Finally.cs:180:17:180:18 | After access to parameter b1 [true] | true |
 | Finally.cs:176:10:176:11 | Entry | Finally.cs:180:27:180:42 | After object creation of type ExceptionA | true |
 | Finally.cs:183:9:192:9 | {...} | Finally.cs:186:21:186:22 | After access to parameter b2 [false] | false |
 | Finally.cs:183:9:192:9 | {...} | Finally.cs:186:21:186:22 | After access to parameter b2 [true] | true |
 | Finally.cs:183:9:192:9 | {...} | Finally.cs:186:31:186:46 | After object creation of type ExceptionB | true |
-| Finally.cs:183:9:192:9 | {...} | Finally.cs:188:13:191:13 | After catch (...) {...} [match] | true |
 | Finally.cs:183:9:192:9 | {...} | Finally.cs:188:13:191:13 | After catch (...) {...} [no-match] | true |
 | Finally.cs:183:9:192:9 | {...} | Finally.cs:188:13:191:13 | catch (...) {...} | true |
+| Finally.cs:183:9:192:9 | {...} | Finally.cs:188:20:188:29 | After access to type ExceptionB [match] | true |
+| Finally.cs:183:9:192:9 | {...} | Finally.cs:188:20:188:29 | After access to type ExceptionB [no-match] | true |
 | Finally.cs:183:9:192:9 | {...} | Finally.cs:188:38:188:39 | After access to parameter b2 [false] | true |
 | Finally.cs:183:9:192:9 | {...} | Finally.cs:188:38:188:39 | After access to parameter b2 [true] | true |
 | Finally.cs:183:9:192:9 | {...} | Finally.cs:190:21:190:22 | After access to parameter b1 [false] | true |
 | Finally.cs:183:9:192:9 | {...} | Finally.cs:190:21:190:22 | After access to parameter b1 [true] | true |
-| Finally.cs:188:13:191:13 | After catch (...) {...} [match] | Finally.cs:188:38:188:39 | After access to parameter b2 [false] | false |
-| Finally.cs:188:13:191:13 | After catch (...) {...} [match] | Finally.cs:188:38:188:39 | After access to parameter b2 [true] | true |
-| Finally.cs:188:13:191:13 | After catch (...) {...} [match] | Finally.cs:190:21:190:22 | After access to parameter b1 [false] | true |
-| Finally.cs:188:13:191:13 | After catch (...) {...} [match] | Finally.cs:190:21:190:22 | After access to parameter b1 [true] | true |
-| Finally.cs:188:13:191:13 | catch (...) {...} | Finally.cs:188:13:191:13 | After catch (...) {...} [match] | true |
+| Finally.cs:188:13:191:13 | catch (...) {...} | Finally.cs:188:20:188:29 | After access to type ExceptionB [match] | true |
+| Finally.cs:188:13:191:13 | catch (...) {...} | Finally.cs:188:20:188:29 | After access to type ExceptionB [no-match] | false |
 | Finally.cs:188:13:191:13 | catch (...) {...} | Finally.cs:188:38:188:39 | After access to parameter b2 [false] | true |
 | Finally.cs:188:13:191:13 | catch (...) {...} | Finally.cs:188:38:188:39 | After access to parameter b2 [true] | true |
 | Finally.cs:188:13:191:13 | catch (...) {...} | Finally.cs:190:21:190:22 | After access to parameter b1 [false] | true |
 | Finally.cs:188:13:191:13 | catch (...) {...} | Finally.cs:190:21:190:22 | After access to parameter b1 [true] | true |
+| Finally.cs:188:20:188:29 | After access to type ExceptionB [match] | Finally.cs:188:38:188:39 | After access to parameter b2 [false] | false |
+| Finally.cs:188:20:188:29 | After access to type ExceptionB [match] | Finally.cs:188:38:188:39 | After access to parameter b2 [true] | true |
+| Finally.cs:188:20:188:29 | After access to type ExceptionB [match] | Finally.cs:190:21:190:22 | After access to parameter b1 [false] | true |
+| Finally.cs:188:20:188:29 | After access to type ExceptionB [match] | Finally.cs:190:21:190:22 | After access to parameter b1 [true] | true |
 | Finally.cs:188:38:188:39 | After access to parameter b2 [true] | Finally.cs:190:21:190:22 | After access to parameter b1 [false] | false |
 | Finally.cs:188:38:188:39 | After access to parameter b2 [true] | Finally.cs:190:21:190:22 | After access to parameter b1 [true] | true |
 | Finally.cs:195:10:195:12 | Entry | Finally.cs:199:17:199:18 | After access to parameter b1 [false] | false |

csharp/ql/test/library-tests/controlflow/graph/Dominance.expected

@@ -2816,16 +2816,20 @@ dominance
 | ExitMethods.cs:42:13:42:30 | call to method ErrorAlways | ExitMethods.cs:44:9:47:9 | catch (...) {...} |
 | ExitMethods.cs:42:13:42:31 | ...; | ExitMethods.cs:42:13:42:30 | Before call to method ErrorAlways |
 | ExitMethods.cs:42:25:42:29 | false | ExitMethods.cs:42:13:42:30 | call to method ErrorAlways |
-| ExitMethods.cs:44:9:47:9 | After catch (...) {...} [match] | ExitMethods.cs:45:9:47:9 | {...} |
 | ExitMethods.cs:44:9:47:9 | After catch (...) {...} [no-match] | ExitMethods.cs:48:9:51:9 | catch (...) {...} |
-| ExitMethods.cs:44:9:47:9 | catch (...) {...} | ExitMethods.cs:44:9:47:9 | After catch (...) {...} [match] |
-| ExitMethods.cs:44:9:47:9 | catch (...) {...} | ExitMethods.cs:44:9:47:9 | After catch (...) {...} [no-match] |
+| ExitMethods.cs:44:9:47:9 | catch (...) {...} | ExitMethods.cs:44:16:44:32 | access to type ArgumentException |
+| ExitMethods.cs:44:16:44:32 | After access to type ArgumentException [match] | ExitMethods.cs:45:9:47:9 | {...} |
+| ExitMethods.cs:44:16:44:32 | After access to type ArgumentException [no-match] | ExitMethods.cs:44:9:47:9 | After catch (...) {...} [no-match] |
+| ExitMethods.cs:44:16:44:32 | access to type ArgumentException | ExitMethods.cs:44:16:44:32 | After access to type ArgumentException [match] |
+| ExitMethods.cs:44:16:44:32 | access to type ArgumentException | ExitMethods.cs:44:16:44:32 | After access to type ArgumentException [no-match] |
 | ExitMethods.cs:45:9:47:9 | {...} | ExitMethods.cs:46:13:46:19 | Before return ...; |
 | ExitMethods.cs:46:13:46:19 | Before return ...; | ExitMethods.cs:46:13:46:19 | return ...; |
-| ExitMethods.cs:48:9:51:9 | After catch (...) {...} [match] | ExitMethods.cs:49:9:51:9 | {...} |
 | ExitMethods.cs:48:9:51:9 | After catch (...) {...} [no-match] | ExitMethods.cs:38:10:38:11 | Exceptional Exit |
-| ExitMethods.cs:48:9:51:9 | catch (...) {...} | ExitMethods.cs:48:9:51:9 | After catch (...) {...} [match] |
-| ExitMethods.cs:48:9:51:9 | catch (...) {...} | ExitMethods.cs:48:9:51:9 | After catch (...) {...} [no-match] |
+| ExitMethods.cs:48:9:51:9 | catch (...) {...} | ExitMethods.cs:48:16:48:24 | access to type Exception |
+| ExitMethods.cs:48:16:48:24 | After access to type Exception [match] | ExitMethods.cs:49:9:51:9 | {...} |
+| ExitMethods.cs:48:16:48:24 | After access to type Exception [no-match] | ExitMethods.cs:48:9:51:9 | After catch (...) {...} [no-match] |
+| ExitMethods.cs:48:16:48:24 | access to type Exception | ExitMethods.cs:48:16:48:24 | After access to type Exception [match] |
+| ExitMethods.cs:48:16:48:24 | access to type Exception | ExitMethods.cs:48:16:48:24 | After access to type Exception [no-match] |
 | ExitMethods.cs:49:9:51:9 | {...} | ExitMethods.cs:50:13:50:19 | Before return ...; |
 | ExitMethods.cs:50:13:50:19 | Before return ...; | ExitMethods.cs:50:13:50:19 | return ...; |
 | ExitMethods.cs:54:10:54:11 | Entry | ExitMethods.cs:55:5:58:5 | {...} |
@@ -3124,20 +3128,22 @@ dominance
 | Finally.cs:23:13:23:38 | After ...; | Finally.cs:24:13:24:19 | Before return ...; |
 | Finally.cs:23:31:23:36 | "Try2" | Finally.cs:23:13:23:37 | call to method WriteLine |
 | Finally.cs:24:13:24:19 | Before return ...; | Finally.cs:24:13:24:19 | return ...; |
-| Finally.cs:26:9:29:9 | After catch (...) {...} [match] | Finally.cs:26:38:26:39 | IOException ex |
 | Finally.cs:26:9:29:9 | After catch (...) {...} [no-match] | Finally.cs:30:9:40:9 | catch (...) {...} |
-| Finally.cs:26:9:29:9 | catch (...) {...} | Finally.cs:26:9:29:9 | After catch (...) {...} [match] |
-| Finally.cs:26:9:29:9 | catch (...) {...} | Finally.cs:26:9:29:9 | After catch (...) {...} [no-match] |
-| Finally.cs:26:38:26:39 | IOException ex | Finally.cs:26:48:26:51 | true |
+| Finally.cs:26:9:29:9 | catch (...) {...} | Finally.cs:26:38:26:39 | IOException ex |
+| Finally.cs:26:38:26:39 | After IOException ex [match] | Finally.cs:26:48:26:51 | true |
+| Finally.cs:26:38:26:39 | After IOException ex [no-match] | Finally.cs:26:9:29:9 | After catch (...) {...} [no-match] |
+| Finally.cs:26:38:26:39 | IOException ex | Finally.cs:26:38:26:39 | After IOException ex [match] |
+| Finally.cs:26:38:26:39 | IOException ex | Finally.cs:26:38:26:39 | After IOException ex [no-match] |
 | Finally.cs:26:48:26:51 | After true [true] | Finally.cs:27:9:29:9 | {...} |
 | Finally.cs:26:48:26:51 | true | Finally.cs:26:48:26:51 | After true [true] |
 | Finally.cs:27:9:29:9 | {...} | Finally.cs:28:13:28:18 | Before throw ...; |
 | Finally.cs:28:13:28:18 | Before throw ...; | Finally.cs:28:13:28:18 | throw ...; |
-| Finally.cs:30:9:40:9 | After catch (...) {...} [match] | Finally.cs:30:41:30:42 | ArgumentException ex |
 | Finally.cs:30:9:40:9 | After catch (...) {...} [no-match] | Finally.cs:41:9:43:9 | catch (...) {...} |
-| Finally.cs:30:9:40:9 | catch (...) {...} | Finally.cs:30:9:40:9 | After catch (...) {...} [match] |
-| Finally.cs:30:9:40:9 | catch (...) {...} | Finally.cs:30:9:40:9 | After catch (...) {...} [no-match] |
-| Finally.cs:30:41:30:42 | ArgumentException ex | Finally.cs:31:9:40:9 | {...} |
+| Finally.cs:30:9:40:9 | catch (...) {...} | Finally.cs:30:41:30:42 | ArgumentException ex |
+| Finally.cs:30:41:30:42 | After ArgumentException ex [match] | Finally.cs:31:9:40:9 | {...} |
+| Finally.cs:30:41:30:42 | After ArgumentException ex [no-match] | Finally.cs:30:9:40:9 | After catch (...) {...} [no-match] |
+| Finally.cs:30:41:30:42 | ArgumentException ex | Finally.cs:30:41:30:42 | After ArgumentException ex [match] |
+| Finally.cs:30:41:30:42 | ArgumentException ex | Finally.cs:30:41:30:42 | After ArgumentException ex [no-match] |
 | Finally.cs:31:9:40:9 | {...} | Finally.cs:32:13:39:13 | try {...} ... |
 | Finally.cs:32:13:39:13 | try {...} ... | Finally.cs:33:13:35:13 | {...} |
 | Finally.cs:33:13:35:13 | {...} | Finally.cs:34:17:34:32 | if (...) ... |
@@ -3152,12 +3158,13 @@ dominance
 | Finally.cs:38:23:38:43 | Before object creation of type Exception | Finally.cs:38:37:38:42 | "Boo!" |
 | Finally.cs:38:23:38:43 | object creation of type Exception | Finally.cs:38:23:38:43 | After object creation of type Exception |
 | Finally.cs:38:37:38:42 | "Boo!" | Finally.cs:38:23:38:43 | object creation of type Exception |
-| Finally.cs:41:9:43:9 | After catch (...) {...} [match] | Finally.cs:42:9:43:9 | {...} |
 | Finally.cs:41:9:43:9 | After catch (...) {...} [no-match] | Finally.cs:44:9:47:9 | catch {...} |
-| Finally.cs:41:9:43:9 | catch (...) {...} | Finally.cs:41:9:43:9 | After catch (...) {...} [match] |
-| Finally.cs:41:9:43:9 | catch (...) {...} | Finally.cs:41:9:43:9 | After catch (...) {...} [no-match] |
-| Finally.cs:44:9:47:9 | After catch {...} [match] | Finally.cs:45:9:47:9 | {...} |
-| Finally.cs:44:9:47:9 | catch {...} | Finally.cs:44:9:47:9 | After catch {...} [match] |
+| Finally.cs:41:9:43:9 | catch (...) {...} | Finally.cs:41:16:41:24 | access to type Exception |
+| Finally.cs:41:16:41:24 | After access to type Exception [match] | Finally.cs:42:9:43:9 | {...} |
+| Finally.cs:41:16:41:24 | After access to type Exception [no-match] | Finally.cs:41:9:43:9 | After catch (...) {...} [no-match] |
+| Finally.cs:41:16:41:24 | access to type Exception | Finally.cs:41:16:41:24 | After access to type Exception [match] |
+| Finally.cs:41:16:41:24 | access to type Exception | Finally.cs:41:16:41:24 | After access to type Exception [no-match] |
+| Finally.cs:44:9:47:9 | catch {...} | Finally.cs:45:9:47:9 | {...} |
 | Finally.cs:45:9:47:9 | {...} | Finally.cs:46:13:46:19 | Before return ...; |
 | Finally.cs:46:13:46:19 | Before return ...; | Finally.cs:46:13:46:19 | return ...; |
 | Finally.cs:49:9:51:9 | After {...} | Finally.cs:19:10:19:11 | Exceptional Exit |
@@ -3183,19 +3190,20 @@ dominance
 | Finally.cs:58:13:58:38 | After ...; | Finally.cs:59:13:59:19 | Before return ...; |
 | Finally.cs:58:31:58:36 | "Try3" | Finally.cs:58:13:58:37 | call to method WriteLine |
 | Finally.cs:59:13:59:19 | Before return ...; | Finally.cs:59:13:59:19 | return ...; |
-| Finally.cs:61:9:64:9 | After catch (...) {...} [match] | Finally.cs:61:38:61:39 | IOException ex |
 | Finally.cs:61:9:64:9 | After catch (...) {...} [no-match] | Finally.cs:65:9:67:9 | catch (...) {...} |
-| Finally.cs:61:9:64:9 | catch (...) {...} | Finally.cs:61:9:64:9 | After catch (...) {...} [match] |
-| Finally.cs:61:9:64:9 | catch (...) {...} | Finally.cs:61:9:64:9 | After catch (...) {...} [no-match] |
-| Finally.cs:61:38:61:39 | IOException ex | Finally.cs:61:48:61:51 | true |
+| Finally.cs:61:9:64:9 | catch (...) {...} | Finally.cs:61:38:61:39 | IOException ex |
+| Finally.cs:61:38:61:39 | After IOException ex [match] | Finally.cs:61:48:61:51 | true |
+| Finally.cs:61:38:61:39 | After IOException ex [no-match] | Finally.cs:61:9:64:9 | After catch (...) {...} [no-match] |
+| Finally.cs:61:38:61:39 | IOException ex | Finally.cs:61:38:61:39 | After IOException ex [match] |
+| Finally.cs:61:38:61:39 | IOException ex | Finally.cs:61:38:61:39 | After IOException ex [no-match] |
 | Finally.cs:61:48:61:51 | After true [true] | Finally.cs:62:9:64:9 | {...} |
 | Finally.cs:61:48:61:51 | true | Finally.cs:61:48:61:51 | After true [true] |
 | Finally.cs:62:9:64:9 | {...} | Finally.cs:63:13:63:18 | Before throw ...; |
 | Finally.cs:63:13:63:18 | Before throw ...; | Finally.cs:63:13:63:18 | throw ...; |
-| Finally.cs:65:9:67:9 | After catch (...) {...} [match] | Finally.cs:65:26:65:26 | Exception e |
-| Finally.cs:65:9:67:9 | catch (...) {...} | Finally.cs:65:9:67:9 | After catch (...) {...} [match] |
-| Finally.cs:65:9:67:9 | catch (...) {...} | Finally.cs:65:9:67:9 | After catch (...) {...} [no-match] |
-| Finally.cs:65:26:65:26 | Exception e | Finally.cs:65:35:65:51 | Before ... != ... |
+| Finally.cs:65:9:67:9 | catch (...) {...} | Finally.cs:65:26:65:26 | Exception e |
+| Finally.cs:65:26:65:26 | After Exception e [match] | Finally.cs:65:35:65:51 | Before ... != ... |
+| Finally.cs:65:26:65:26 | Exception e | Finally.cs:65:26:65:26 | After Exception e [match] |
+| Finally.cs:65:26:65:26 | Exception e | Finally.cs:65:26:65:26 | After Exception e [no-match] |
 | Finally.cs:65:35:65:35 | access to local variable e | Finally.cs:65:35:65:43 | access to property Message |
 | Finally.cs:65:35:65:43 | After access to property Message | Finally.cs:65:48:65:51 | null |
 | Finally.cs:65:35:65:43 | Before access to property Message | Finally.cs:65:35:65:35 | access to local variable e |
@@ -3468,11 +3476,11 @@ dominance
 | Finally.cs:159:27:159:44 | Before object creation of type Exception | Finally.cs:159:41:159:43 | "1" |
 | Finally.cs:159:27:159:44 | object creation of type Exception | Finally.cs:159:27:159:44 | After object creation of type Exception |
 | Finally.cs:159:41:159:43 | "1" | Finally.cs:159:27:159:44 | object creation of type Exception |
-| Finally.cs:161:13:164:13 | After catch (...) {...} [match] | Finally.cs:161:30:161:30 | Exception e |
 | Finally.cs:161:13:164:13 | After catch (...) {...} [no-match] | Finally.cs:165:13:168:13 | catch {...} |
-| Finally.cs:161:13:164:13 | catch (...) {...} | Finally.cs:161:13:164:13 | After catch (...) {...} [match] |
-| Finally.cs:161:13:164:13 | catch (...) {...} | Finally.cs:161:13:164:13 | After catch (...) {...} [no-match] |
-| Finally.cs:161:30:161:30 | Exception e | Finally.cs:161:39:161:54 | Before ... == ... |
+| Finally.cs:161:13:164:13 | catch (...) {...} | Finally.cs:161:30:161:30 | Exception e |
+| Finally.cs:161:30:161:30 | After Exception e [match] | Finally.cs:161:39:161:54 | Before ... == ... |
+| Finally.cs:161:30:161:30 | Exception e | Finally.cs:161:30:161:30 | After Exception e [match] |
+| Finally.cs:161:30:161:30 | Exception e | Finally.cs:161:30:161:30 | After Exception e [no-match] |
 | Finally.cs:161:39:161:39 | access to local variable e | Finally.cs:161:39:161:47 | access to property Message |
 | Finally.cs:161:39:161:47 | After access to property Message | Finally.cs:161:52:161:54 | "1" |
 | Finally.cs:161:39:161:47 | Before access to property Message | Finally.cs:161:39:161:39 | access to local variable e |
@@ -3493,8 +3501,7 @@ dominance
 | Finally.cs:163:35:163:41 | Before access to array element | Finally.cs:163:35:163:38 | access to parameter args |
 | Finally.cs:163:35:163:41 | access to array element | Finally.cs:163:35:163:41 | After access to array element |
 | Finally.cs:163:40:163:40 | 0 | Finally.cs:163:35:163:41 | access to array element |
-| Finally.cs:165:13:168:13 | After catch {...} [match] | Finally.cs:166:13:168:13 | {...} |
-| Finally.cs:165:13:168:13 | catch {...} | Finally.cs:165:13:168:13 | After catch {...} [match] |
+| Finally.cs:165:13:168:13 | catch {...} | Finally.cs:166:13:168:13 | {...} |
 | Finally.cs:166:13:168:13 | {...} | Finally.cs:167:17:167:38 | ...; |
 | Finally.cs:167:17:167:37 | After call to method WriteLine | Finally.cs:167:17:167:38 | After ...; |
 | Finally.cs:167:17:167:37 | Before call to method WriteLine | Finally.cs:167:35:167:36 | "" |
@@ -3566,9 +3573,10 @@ dominance
 | Finally.cs:186:31:186:46 | Before object creation of type ExceptionB | Finally.cs:186:31:186:46 | object creation of type ExceptionB |
 | Finally.cs:186:31:186:46 | object creation of type ExceptionB | Finally.cs:186:31:186:46 | After object creation of type ExceptionB |
 | Finally.cs:186:31:186:46 | object creation of type ExceptionB | Finally.cs:188:13:191:13 | catch (...) {...} |
-| Finally.cs:188:13:191:13 | After catch (...) {...} [match] | Finally.cs:188:38:188:39 | access to parameter b2 |
-| Finally.cs:188:13:191:13 | catch (...) {...} | Finally.cs:188:13:191:13 | After catch (...) {...} [match] |
-| Finally.cs:188:13:191:13 | catch (...) {...} | Finally.cs:188:13:191:13 | After catch (...) {...} [no-match] |
+| Finally.cs:188:13:191:13 | catch (...) {...} | Finally.cs:188:20:188:29 | access to type ExceptionB |
+| Finally.cs:188:20:188:29 | After access to type ExceptionB [match] | Finally.cs:188:38:188:39 | access to parameter b2 |
+| Finally.cs:188:20:188:29 | access to type ExceptionB | Finally.cs:188:20:188:29 | After access to type ExceptionB [match] |
+| Finally.cs:188:20:188:29 | access to type ExceptionB | Finally.cs:188:20:188:29 | After access to type ExceptionB [no-match] |
 | Finally.cs:188:38:188:39 | After access to parameter b2 [true] | Finally.cs:189:13:191:13 | {...} |
 | Finally.cs:188:38:188:39 | access to parameter b2 | Finally.cs:188:38:188:39 | After access to parameter b2 [false] |
 | Finally.cs:188:38:188:39 | access to parameter b2 | Finally.cs:188:38:188:39 | After access to parameter b2 [true] |
@@ -3663,8 +3671,7 @@ dominance
 | Finally.cs:220:13:220:37 | ...; | Finally.cs:220:13:220:36 | Before call to method WriteLine |
 | Finally.cs:220:13:220:37 | After ...; | Finally.cs:219:9:221:9 | After {...} |
 | Finally.cs:220:31:220:35 | "Try" | Finally.cs:220:13:220:36 | call to method WriteLine |
-| Finally.cs:222:9:225:9 | After catch {...} [match] | Finally.cs:223:9:225:9 | {...} |
-| Finally.cs:222:9:225:9 | catch {...} | Finally.cs:222:9:225:9 | After catch {...} [match] |
+| Finally.cs:222:9:225:9 | catch {...} | Finally.cs:223:9:225:9 | {...} |
 | Finally.cs:223:9:225:9 | {...} | Finally.cs:224:13:224:39 | ...; |
 | Finally.cs:224:13:224:38 | After call to method WriteLine | Finally.cs:224:13:224:39 | After ...; |
 | Finally.cs:224:13:224:38 | Before call to method WriteLine | Finally.cs:224:31:224:37 | "Catch" |
@@ -10615,13 +10622,17 @@ postDominance
 | ExitMethods.cs:42:13:42:30 | call to method ErrorAlways | ExitMethods.cs:42:25:42:29 | false |
 | ExitMethods.cs:42:13:42:31 | ...; | ExitMethods.cs:41:9:43:9 | {...} |
 | ExitMethods.cs:42:25:42:29 | false | ExitMethods.cs:42:13:42:30 | Before call to method ErrorAlways |
+| ExitMethods.cs:44:9:47:9 | After catch (...) {...} [no-match] | ExitMethods.cs:44:16:44:32 | After access to type ArgumentException [no-match] |
 | ExitMethods.cs:44:9:47:9 | catch (...) {...} | ExitMethods.cs:42:13:42:30 | call to method ErrorAlways |
-| ExitMethods.cs:45:9:47:9 | {...} | ExitMethods.cs:44:9:47:9 | After catch (...) {...} [match] |
+| ExitMethods.cs:44:16:44:32 | access to type ArgumentException | ExitMethods.cs:44:9:47:9 | catch (...) {...} |
+| ExitMethods.cs:45:9:47:9 | {...} | ExitMethods.cs:44:16:44:32 | After access to type ArgumentException [match] |
 | ExitMethods.cs:46:13:46:19 | Before return ...; | ExitMethods.cs:45:9:47:9 | {...} |
 | ExitMethods.cs:46:13:46:19 | return ...; | ExitMethods.cs:46:13:46:19 | Before return ...; |
-| ExitMethods.cs:48:9:51:9 | After catch (...) {...} [match] | ExitMethods.cs:48:9:51:9 | catch (...) {...} |
+| ExitMethods.cs:48:9:51:9 | After catch (...) {...} [no-match] | ExitMethods.cs:48:16:48:24 | After access to type Exception [no-match] |
 | ExitMethods.cs:48:9:51:9 | catch (...) {...} | ExitMethods.cs:44:9:47:9 | After catch (...) {...} [no-match] |
-| ExitMethods.cs:49:9:51:9 | {...} | ExitMethods.cs:48:9:51:9 | After catch (...) {...} [match] |
+| ExitMethods.cs:48:16:48:24 | After access to type Exception [match] | ExitMethods.cs:48:16:48:24 | access to type Exception |
+| ExitMethods.cs:48:16:48:24 | access to type Exception | ExitMethods.cs:48:9:51:9 | catch (...) {...} |
+| ExitMethods.cs:49:9:51:9 | {...} | ExitMethods.cs:48:16:48:24 | After access to type Exception [match] |
 | ExitMethods.cs:50:13:50:19 | Before return ...; | ExitMethods.cs:49:9:51:9 | {...} |
 | ExitMethods.cs:50:13:50:19 | return ...; | ExitMethods.cs:50:13:50:19 | Before return ...; |
 | ExitMethods.cs:54:10:54:11 | Exceptional Exit | ExitMethods.cs:56:9:56:22 | call to method ErrorAlways2 |
@@ -10911,15 +10922,17 @@ postDominance
 | Finally.cs:23:31:23:36 | "Try2" | Finally.cs:23:13:23:37 | Before call to method WriteLine |
 | Finally.cs:24:13:24:19 | Before return ...; | Finally.cs:23:13:23:38 | After ...; |
 | Finally.cs:24:13:24:19 | return ...; | Finally.cs:24:13:24:19 | Before return ...; |
-| Finally.cs:26:38:26:39 | IOException ex | Finally.cs:26:9:29:9 | After catch (...) {...} [match] |
+| Finally.cs:26:9:29:9 | After catch (...) {...} [no-match] | Finally.cs:26:38:26:39 | After IOException ex [no-match] |
+| Finally.cs:26:38:26:39 | IOException ex | Finally.cs:26:9:29:9 | catch (...) {...} |
 | Finally.cs:26:48:26:51 | After true [true] | Finally.cs:26:48:26:51 | true |
-| Finally.cs:26:48:26:51 | true | Finally.cs:26:38:26:39 | IOException ex |
+| Finally.cs:26:48:26:51 | true | Finally.cs:26:38:26:39 | After IOException ex [match] |
 | Finally.cs:27:9:29:9 | {...} | Finally.cs:26:48:26:51 | After true [true] |
 | Finally.cs:28:13:28:18 | Before throw ...; | Finally.cs:27:9:29:9 | {...} |
 | Finally.cs:28:13:28:18 | throw ...; | Finally.cs:28:13:28:18 | Before throw ...; |
+| Finally.cs:30:9:40:9 | After catch (...) {...} [no-match] | Finally.cs:30:41:30:42 | After ArgumentException ex [no-match] |
 | Finally.cs:30:9:40:9 | catch (...) {...} | Finally.cs:26:9:29:9 | After catch (...) {...} [no-match] |
-| Finally.cs:30:41:30:42 | ArgumentException ex | Finally.cs:30:9:40:9 | After catch (...) {...} [match] |
-| Finally.cs:31:9:40:9 | {...} | Finally.cs:30:41:30:42 | ArgumentException ex |
+| Finally.cs:30:41:30:42 | ArgumentException ex | Finally.cs:30:9:40:9 | catch (...) {...} |
+| Finally.cs:31:9:40:9 | {...} | Finally.cs:30:41:30:42 | After ArgumentException ex [match] |
 | Finally.cs:32:13:39:13 | try {...} ... | Finally.cs:31:9:40:9 | {...} |
 | Finally.cs:33:13:35:13 | {...} | Finally.cs:32:13:39:13 | try {...} ... |
 | Finally.cs:34:17:34:32 | if (...) ... | Finally.cs:33:13:35:13 | {...} |
@@ -10934,11 +10947,12 @@ postDominance
 | Finally.cs:38:23:38:43 | Before object creation of type Exception | Finally.cs:38:17:38:44 | Before throw ...; |
 | Finally.cs:38:23:38:43 | object creation of type Exception | Finally.cs:38:37:38:42 | "Boo!" |
 | Finally.cs:38:37:38:42 | "Boo!" | Finally.cs:38:23:38:43 | Before object creation of type Exception |
+| Finally.cs:41:9:43:9 | After catch (...) {...} [no-match] | Finally.cs:41:16:41:24 | After access to type Exception [no-match] |
 | Finally.cs:41:9:43:9 | catch (...) {...} | Finally.cs:30:9:40:9 | After catch (...) {...} [no-match] |
-| Finally.cs:42:9:43:9 | {...} | Finally.cs:41:9:43:9 | After catch (...) {...} [match] |
-| Finally.cs:44:9:47:9 | After catch {...} [match] | Finally.cs:44:9:47:9 | catch {...} |
+| Finally.cs:41:16:41:24 | access to type Exception | Finally.cs:41:9:43:9 | catch (...) {...} |
+| Finally.cs:42:9:43:9 | {...} | Finally.cs:41:16:41:24 | After access to type Exception [match] |
 | Finally.cs:44:9:47:9 | catch {...} | Finally.cs:41:9:43:9 | After catch (...) {...} [no-match] |
-| Finally.cs:45:9:47:9 | {...} | Finally.cs:44:9:47:9 | After catch {...} [match] |
+| Finally.cs:45:9:47:9 | {...} | Finally.cs:44:9:47:9 | catch {...} |
 | Finally.cs:46:13:46:19 | Before return ...; | Finally.cs:45:9:47:9 | {...} |
 | Finally.cs:46:13:46:19 | return ...; | Finally.cs:46:13:46:19 | Before return ...; |
 | Finally.cs:49:9:51:9 | After {...} | Finally.cs:50:13:50:41 | After ...; |
@@ -10966,21 +10980,23 @@ postDominance
 | Finally.cs:58:31:58:36 | "Try3" | Finally.cs:58:13:58:37 | Before call to method WriteLine |
 | Finally.cs:59:13:59:19 | Before return ...; | Finally.cs:58:13:58:38 | After ...; |
 | Finally.cs:59:13:59:19 | return ...; | Finally.cs:59:13:59:19 | Before return ...; |
-| Finally.cs:61:38:61:39 | IOException ex | Finally.cs:61:9:64:9 | After catch (...) {...} [match] |
+| Finally.cs:61:9:64:9 | After catch (...) {...} [no-match] | Finally.cs:61:38:61:39 | After IOException ex [no-match] |
+| Finally.cs:61:38:61:39 | IOException ex | Finally.cs:61:9:64:9 | catch (...) {...} |
 | Finally.cs:61:48:61:51 | After true [true] | Finally.cs:61:48:61:51 | true |
-| Finally.cs:61:48:61:51 | true | Finally.cs:61:38:61:39 | IOException ex |
+| Finally.cs:61:48:61:51 | true | Finally.cs:61:38:61:39 | After IOException ex [match] |
 | Finally.cs:62:9:64:9 | {...} | Finally.cs:61:48:61:51 | After true [true] |
 | Finally.cs:63:13:63:18 | Before throw ...; | Finally.cs:62:9:64:9 | {...} |
 | Finally.cs:63:13:63:18 | throw ...; | Finally.cs:63:13:63:18 | Before throw ...; |
+| Finally.cs:65:9:67:9 | After catch (...) {...} [no-match] | Finally.cs:65:26:65:26 | After Exception e [no-match] |
 | Finally.cs:65:9:67:9 | After catch (...) {...} [no-match] | Finally.cs:65:35:65:51 | After ... != ... [false] |
 | Finally.cs:65:9:67:9 | catch (...) {...} | Finally.cs:61:9:64:9 | After catch (...) {...} [no-match] |
-| Finally.cs:65:26:65:26 | Exception e | Finally.cs:65:9:67:9 | After catch (...) {...} [match] |
+| Finally.cs:65:26:65:26 | Exception e | Finally.cs:65:9:67:9 | catch (...) {...} |
 | Finally.cs:65:35:65:35 | access to local variable e | Finally.cs:65:35:65:43 | Before access to property Message |
 | Finally.cs:65:35:65:43 | After access to property Message | Finally.cs:65:35:65:43 | access to property Message |
 | Finally.cs:65:35:65:43 | Before access to property Message | Finally.cs:65:35:65:51 | Before ... != ... |
 | Finally.cs:65:35:65:43 | access to property Message | Finally.cs:65:35:65:35 | access to local variable e |
 | Finally.cs:65:35:65:51 | ... != ... | Finally.cs:65:48:65:51 | null |
-| Finally.cs:65:35:65:51 | Before ... != ... | Finally.cs:65:26:65:26 | Exception e |
+| Finally.cs:65:35:65:51 | Before ... != ... | Finally.cs:65:26:65:26 | After Exception e [match] |
 | Finally.cs:65:48:65:51 | null | Finally.cs:65:35:65:43 | After access to property Message |
 | Finally.cs:66:9:67:9 | {...} | Finally.cs:65:35:65:51 | After ... != ... [true] |
 | Finally.cs:69:9:71:9 | After {...} | Finally.cs:70:13:70:41 | After ...; |
@@ -11237,16 +11253,17 @@ postDominance
 | Finally.cs:159:27:159:44 | Before object creation of type Exception | Finally.cs:159:21:159:45 | Before throw ...; |
 | Finally.cs:159:27:159:44 | object creation of type Exception | Finally.cs:159:41:159:43 | "1" |
 | Finally.cs:159:41:159:43 | "1" | Finally.cs:159:27:159:44 | Before object creation of type Exception |
+| Finally.cs:161:13:164:13 | After catch (...) {...} [no-match] | Finally.cs:161:30:161:30 | After Exception e [no-match] |
 | Finally.cs:161:13:164:13 | After catch (...) {...} [no-match] | Finally.cs:161:39:161:54 | After ... == ... [false] |
 | Finally.cs:161:13:164:13 | catch (...) {...} | Finally.cs:159:21:159:45 | throw ...; |
 | Finally.cs:161:13:164:13 | catch (...) {...} | Finally.cs:159:27:159:44 | object creation of type Exception |
-| Finally.cs:161:30:161:30 | Exception e | Finally.cs:161:13:164:13 | After catch (...) {...} [match] |
+| Finally.cs:161:30:161:30 | Exception e | Finally.cs:161:13:164:13 | catch (...) {...} |
 | Finally.cs:161:39:161:39 | access to local variable e | Finally.cs:161:39:161:47 | Before access to property Message |
 | Finally.cs:161:39:161:47 | After access to property Message | Finally.cs:161:39:161:47 | access to property Message |
 | Finally.cs:161:39:161:47 | Before access to property Message | Finally.cs:161:39:161:54 | Before ... == ... |
 | Finally.cs:161:39:161:47 | access to property Message | Finally.cs:161:39:161:39 | access to local variable e |
 | Finally.cs:161:39:161:54 | ... == ... | Finally.cs:161:52:161:54 | "1" |
-| Finally.cs:161:39:161:54 | Before ... == ... | Finally.cs:161:30:161:30 | Exception e |
+| Finally.cs:161:39:161:54 | Before ... == ... | Finally.cs:161:30:161:30 | After Exception e [match] |
 | Finally.cs:161:52:161:54 | "1" | Finally.cs:161:39:161:47 | After access to property Message |
 | Finally.cs:162:13:164:13 | After {...} | Finally.cs:163:17:163:43 | After ...; |
 | Finally.cs:162:13:164:13 | {...} | Finally.cs:161:39:161:54 | After ... == ... [true] |
@@ -11260,10 +11277,9 @@ postDominance
 | Finally.cs:163:35:163:41 | Before access to array element | Finally.cs:163:17:163:42 | Before call to method WriteLine |
 | Finally.cs:163:35:163:41 | access to array element | Finally.cs:163:40:163:40 | 0 |
 | Finally.cs:163:40:163:40 | 0 | Finally.cs:163:35:163:38 | access to parameter args |
-| Finally.cs:165:13:168:13 | After catch {...} [match] | Finally.cs:165:13:168:13 | catch {...} |
 | Finally.cs:165:13:168:13 | catch {...} | Finally.cs:161:13:164:13 | After catch (...) {...} [no-match] |
 | Finally.cs:166:13:168:13 | After {...} | Finally.cs:167:17:167:38 | After ...; |
-| Finally.cs:166:13:168:13 | {...} | Finally.cs:165:13:168:13 | After catch {...} [match] |
+| Finally.cs:166:13:168:13 | {...} | Finally.cs:165:13:168:13 | catch {...} |
 | Finally.cs:167:17:167:37 | After call to method WriteLine | Finally.cs:167:17:167:37 | call to method WriteLine |
 | Finally.cs:167:17:167:37 | Before call to method WriteLine | Finally.cs:167:17:167:38 | ...; |
 | Finally.cs:167:17:167:37 | call to method WriteLine | Finally.cs:167:35:167:36 | "" |
@@ -11332,11 +11348,12 @@ postDominance
 | Finally.cs:186:25:186:47 | throw ...; | Finally.cs:186:31:186:46 | After object creation of type ExceptionB |
 | Finally.cs:186:31:186:46 | Before object creation of type ExceptionB | Finally.cs:186:25:186:47 | Before throw ...; |
 | Finally.cs:186:31:186:46 | object creation of type ExceptionB | Finally.cs:186:31:186:46 | Before object creation of type ExceptionB |
-| Finally.cs:188:13:191:13 | After catch (...) {...} [match] | Finally.cs:188:13:191:13 | catch (...) {...} |
 | Finally.cs:188:13:191:13 | catch (...) {...} | Finally.cs:186:25:186:47 | throw ...; |
 | Finally.cs:188:13:191:13 | catch (...) {...} | Finally.cs:186:31:186:46 | object creation of type ExceptionB |
+| Finally.cs:188:20:188:29 | After access to type ExceptionB [match] | Finally.cs:188:20:188:29 | access to type ExceptionB |
+| Finally.cs:188:20:188:29 | access to type ExceptionB | Finally.cs:188:13:191:13 | catch (...) {...} |
 | Finally.cs:188:38:188:39 | After access to parameter b2 [true] | Finally.cs:188:38:188:39 | access to parameter b2 |
-| Finally.cs:188:38:188:39 | access to parameter b2 | Finally.cs:188:13:191:13 | After catch (...) {...} [match] |
+| Finally.cs:188:38:188:39 | access to parameter b2 | Finally.cs:188:20:188:29 | After access to type ExceptionB [match] |
 | Finally.cs:189:13:191:13 | After {...} | Finally.cs:190:17:190:47 | After if (...) ... |
 | Finally.cs:189:13:191:13 | {...} | Finally.cs:188:38:188:39 | After access to parameter b2 [true] |
 | Finally.cs:190:17:190:47 | After if (...) ... | Finally.cs:190:21:190:22 | After access to parameter b1 [false] |
@@ -11426,9 +11443,8 @@ postDominance
 | Finally.cs:220:13:220:37 | ...; | Finally.cs:219:9:221:9 | {...} |
 | Finally.cs:220:13:220:37 | After ...; | Finally.cs:220:13:220:36 | After call to method WriteLine |
 | Finally.cs:220:31:220:35 | "Try" | Finally.cs:220:13:220:36 | Before call to method WriteLine |
-| Finally.cs:222:9:225:9 | After catch {...} [match] | Finally.cs:222:9:225:9 | catch {...} |
 | Finally.cs:223:9:225:9 | After {...} | Finally.cs:224:13:224:39 | After ...; |
-| Finally.cs:223:9:225:9 | {...} | Finally.cs:222:9:225:9 | After catch {...} [match] |
+| Finally.cs:223:9:225:9 | {...} | Finally.cs:222:9:225:9 | catch {...} |
 | Finally.cs:224:13:224:38 | After call to method WriteLine | Finally.cs:224:13:224:38 | call to method WriteLine |
 | Finally.cs:224:13:224:38 | Before call to method WriteLine | Finally.cs:224:13:224:39 | ...; |
 | Finally.cs:224:13:224:38 | call to method WriteLine | Finally.cs:224:31:224:37 | "Catch" |
@@ -17407,18 +17423,18 @@ blockDominance
 | ExitMethods.cs:38:10:38:11 | Entry | ExitMethods.cs:38:10:38:11 | Entry |
 | ExitMethods.cs:38:10:38:11 | Entry | ExitMethods.cs:38:10:38:11 | Exit |
 | ExitMethods.cs:38:10:38:11 | Entry | ExitMethods.cs:38:10:38:11 | Normal Exit |
-| ExitMethods.cs:38:10:38:11 | Entry | ExitMethods.cs:44:9:47:9 | After catch (...) {...} [match] |
-| ExitMethods.cs:38:10:38:11 | Entry | ExitMethods.cs:44:9:47:9 | After catch (...) {...} [no-match] |
-| ExitMethods.cs:38:10:38:11 | Entry | ExitMethods.cs:48:9:51:9 | After catch (...) {...} [match] |
-| ExitMethods.cs:38:10:38:11 | Entry | ExitMethods.cs:48:9:51:9 | After catch (...) {...} [no-match] |
+| ExitMethods.cs:38:10:38:11 | Entry | ExitMethods.cs:44:16:44:32 | After access to type ArgumentException [match] |
+| ExitMethods.cs:38:10:38:11 | Entry | ExitMethods.cs:44:16:44:32 | After access to type ArgumentException [no-match] |
+| ExitMethods.cs:38:10:38:11 | Entry | ExitMethods.cs:48:16:48:24 | After access to type Exception [match] |
+| ExitMethods.cs:38:10:38:11 | Entry | ExitMethods.cs:48:16:48:24 | After access to type Exception [no-match] |
 | ExitMethods.cs:38:10:38:11 | Exit | ExitMethods.cs:38:10:38:11 | Exit |
 | ExitMethods.cs:38:10:38:11 | Normal Exit | ExitMethods.cs:38:10:38:11 | Normal Exit |
-| ExitMethods.cs:44:9:47:9 | After catch (...) {...} [match] | ExitMethods.cs:44:9:47:9 | After catch (...) {...} [match] |
-| ExitMethods.cs:44:9:47:9 | After catch (...) {...} [no-match] | ExitMethods.cs:44:9:47:9 | After catch (...) {...} [no-match] |
-| ExitMethods.cs:44:9:47:9 | After catch (...) {...} [no-match] | ExitMethods.cs:48:9:51:9 | After catch (...) {...} [match] |
-| ExitMethods.cs:44:9:47:9 | After catch (...) {...} [no-match] | ExitMethods.cs:48:9:51:9 | After catch (...) {...} [no-match] |
-| ExitMethods.cs:48:9:51:9 | After catch (...) {...} [match] | ExitMethods.cs:48:9:51:9 | After catch (...) {...} [match] |
-| ExitMethods.cs:48:9:51:9 | After catch (...) {...} [no-match] | ExitMethods.cs:48:9:51:9 | After catch (...) {...} [no-match] |
+| ExitMethods.cs:44:16:44:32 | After access to type ArgumentException [match] | ExitMethods.cs:44:16:44:32 | After access to type ArgumentException [match] |
+| ExitMethods.cs:44:16:44:32 | After access to type ArgumentException [no-match] | ExitMethods.cs:44:16:44:32 | After access to type ArgumentException [no-match] |
+| ExitMethods.cs:44:16:44:32 | After access to type ArgumentException [no-match] | ExitMethods.cs:48:16:48:24 | After access to type Exception [match] |
+| ExitMethods.cs:44:16:44:32 | After access to type ArgumentException [no-match] | ExitMethods.cs:48:16:48:24 | After access to type Exception [no-match] |
+| ExitMethods.cs:48:16:48:24 | After access to type Exception [match] | ExitMethods.cs:48:16:48:24 | After access to type Exception [match] |
+| ExitMethods.cs:48:16:48:24 | After access to type Exception [no-match] | ExitMethods.cs:48:16:48:24 | After access to type Exception [no-match] |
 | ExitMethods.cs:54:10:54:11 | Entry | ExitMethods.cs:54:10:54:11 | Entry |
 | ExitMethods.cs:60:10:60:11 | Entry | ExitMethods.cs:60:10:60:11 | Entry |
 | ExitMethods.cs:66:17:66:26 | Entry | ExitMethods.cs:66:17:66:26 | Entry |
@@ -17502,38 +17518,38 @@ blockDominance
 | Finally.cs:19:10:19:11 | Entry | Finally.cs:19:10:19:11 | Normal Exit |
 | Finally.cs:19:10:19:11 | Entry | Finally.cs:21:9:51:9 | After try {...} ... |
 | Finally.cs:19:10:19:11 | Entry | Finally.cs:23:13:23:37 | After call to method WriteLine |
-| Finally.cs:19:10:19:11 | Entry | Finally.cs:26:9:29:9 | After catch (...) {...} [match] |
-| Finally.cs:19:10:19:11 | Entry | Finally.cs:26:9:29:9 | After catch (...) {...} [no-match] |
 | Finally.cs:19:10:19:11 | Entry | Finally.cs:26:9:29:9 | catch (...) {...} |
-| Finally.cs:19:10:19:11 | Entry | Finally.cs:30:9:40:9 | After catch (...) {...} [match] |
-| Finally.cs:19:10:19:11 | Entry | Finally.cs:30:9:40:9 | After catch (...) {...} [no-match] |
-| Finally.cs:19:10:19:11 | Entry | Finally.cs:41:9:43:9 | After catch (...) {...} [match] |
-| Finally.cs:19:10:19:11 | Entry | Finally.cs:41:9:43:9 | After catch (...) {...} [no-match] |
+| Finally.cs:19:10:19:11 | Entry | Finally.cs:26:38:26:39 | After IOException ex [match] |
+| Finally.cs:19:10:19:11 | Entry | Finally.cs:26:38:26:39 | After IOException ex [no-match] |
+| Finally.cs:19:10:19:11 | Entry | Finally.cs:30:41:30:42 | After ArgumentException ex [match] |
+| Finally.cs:19:10:19:11 | Entry | Finally.cs:30:41:30:42 | After ArgumentException ex [no-match] |
+| Finally.cs:19:10:19:11 | Entry | Finally.cs:41:16:41:24 | After access to type Exception [match] |
+| Finally.cs:19:10:19:11 | Entry | Finally.cs:41:16:41:24 | After access to type Exception [no-match] |
 | Finally.cs:19:10:19:11 | Entry | Finally.cs:49:9:51:9 | {...} |
 | Finally.cs:19:10:19:11 | Exceptional Exit | Finally.cs:19:10:19:11 | Exceptional Exit |
 | Finally.cs:19:10:19:11 | Exit | Finally.cs:19:10:19:11 | Exit |
 | Finally.cs:19:10:19:11 | Normal Exit | Finally.cs:19:10:19:11 | Normal Exit |
 | Finally.cs:21:9:51:9 | After try {...} ... | Finally.cs:21:9:51:9 | After try {...} ... |
 | Finally.cs:23:13:23:37 | After call to method WriteLine | Finally.cs:23:13:23:37 | After call to method WriteLine |
-| Finally.cs:26:9:29:9 | After catch (...) {...} [match] | Finally.cs:26:9:29:9 | After catch (...) {...} [match] |
-| Finally.cs:26:9:29:9 | After catch (...) {...} [no-match] | Finally.cs:26:9:29:9 | After catch (...) {...} [no-match] |
-| Finally.cs:26:9:29:9 | After catch (...) {...} [no-match] | Finally.cs:30:9:40:9 | After catch (...) {...} [match] |
-| Finally.cs:26:9:29:9 | After catch (...) {...} [no-match] | Finally.cs:30:9:40:9 | After catch (...) {...} [no-match] |
-| Finally.cs:26:9:29:9 | After catch (...) {...} [no-match] | Finally.cs:41:9:43:9 | After catch (...) {...} [match] |
-| Finally.cs:26:9:29:9 | After catch (...) {...} [no-match] | Finally.cs:41:9:43:9 | After catch (...) {...} [no-match] |
-| Finally.cs:26:9:29:9 | catch (...) {...} | Finally.cs:26:9:29:9 | After catch (...) {...} [match] |
-| Finally.cs:26:9:29:9 | catch (...) {...} | Finally.cs:26:9:29:9 | After catch (...) {...} [no-match] |
 | Finally.cs:26:9:29:9 | catch (...) {...} | Finally.cs:26:9:29:9 | catch (...) {...} |
-| Finally.cs:26:9:29:9 | catch (...) {...} | Finally.cs:30:9:40:9 | After catch (...) {...} [match] |
-| Finally.cs:26:9:29:9 | catch (...) {...} | Finally.cs:30:9:40:9 | After catch (...) {...} [no-match] |
-| Finally.cs:26:9:29:9 | catch (...) {...} | Finally.cs:41:9:43:9 | After catch (...) {...} [match] |
-| Finally.cs:26:9:29:9 | catch (...) {...} | Finally.cs:41:9:43:9 | After catch (...) {...} [no-match] |
-| Finally.cs:30:9:40:9 | After catch (...) {...} [match] | Finally.cs:30:9:40:9 | After catch (...) {...} [match] |
-| Finally.cs:30:9:40:9 | After catch (...) {...} [no-match] | Finally.cs:30:9:40:9 | After catch (...) {...} [no-match] |
-| Finally.cs:30:9:40:9 | After catch (...) {...} [no-match] | Finally.cs:41:9:43:9 | After catch (...) {...} [match] |
-| Finally.cs:30:9:40:9 | After catch (...) {...} [no-match] | Finally.cs:41:9:43:9 | After catch (...) {...} [no-match] |
-| Finally.cs:41:9:43:9 | After catch (...) {...} [match] | Finally.cs:41:9:43:9 | After catch (...) {...} [match] |
-| Finally.cs:41:9:43:9 | After catch (...) {...} [no-match] | Finally.cs:41:9:43:9 | After catch (...) {...} [no-match] |
+| Finally.cs:26:9:29:9 | catch (...) {...} | Finally.cs:26:38:26:39 | After IOException ex [match] |
+| Finally.cs:26:9:29:9 | catch (...) {...} | Finally.cs:26:38:26:39 | After IOException ex [no-match] |
+| Finally.cs:26:9:29:9 | catch (...) {...} | Finally.cs:30:41:30:42 | After ArgumentException ex [match] |
+| Finally.cs:26:9:29:9 | catch (...) {...} | Finally.cs:30:41:30:42 | After ArgumentException ex [no-match] |
+| Finally.cs:26:9:29:9 | catch (...) {...} | Finally.cs:41:16:41:24 | After access to type Exception [match] |
+| Finally.cs:26:9:29:9 | catch (...) {...} | Finally.cs:41:16:41:24 | After access to type Exception [no-match] |
+| Finally.cs:26:38:26:39 | After IOException ex [match] | Finally.cs:26:38:26:39 | After IOException ex [match] |
+| Finally.cs:26:38:26:39 | After IOException ex [no-match] | Finally.cs:26:38:26:39 | After IOException ex [no-match] |
+| Finally.cs:26:38:26:39 | After IOException ex [no-match] | Finally.cs:30:41:30:42 | After ArgumentException ex [match] |
+| Finally.cs:26:38:26:39 | After IOException ex [no-match] | Finally.cs:30:41:30:42 | After ArgumentException ex [no-match] |
+| Finally.cs:26:38:26:39 | After IOException ex [no-match] | Finally.cs:41:16:41:24 | After access to type Exception [match] |
+| Finally.cs:26:38:26:39 | After IOException ex [no-match] | Finally.cs:41:16:41:24 | After access to type Exception [no-match] |
+| Finally.cs:30:41:30:42 | After ArgumentException ex [match] | Finally.cs:30:41:30:42 | After ArgumentException ex [match] |
+| Finally.cs:30:41:30:42 | After ArgumentException ex [no-match] | Finally.cs:30:41:30:42 | After ArgumentException ex [no-match] |
+| Finally.cs:30:41:30:42 | After ArgumentException ex [no-match] | Finally.cs:41:16:41:24 | After access to type Exception [match] |
+| Finally.cs:30:41:30:42 | After ArgumentException ex [no-match] | Finally.cs:41:16:41:24 | After access to type Exception [no-match] |
+| Finally.cs:41:16:41:24 | After access to type Exception [match] | Finally.cs:41:16:41:24 | After access to type Exception [match] |
+| Finally.cs:41:16:41:24 | After access to type Exception [no-match] | Finally.cs:41:16:41:24 | After access to type Exception [no-match] |
 | Finally.cs:49:9:51:9 | {...} | Finally.cs:19:10:19:11 | Exceptional Exit |
 | Finally.cs:49:9:51:9 | {...} | Finally.cs:19:10:19:11 | Exit |
 | Finally.cs:49:9:51:9 | {...} | Finally.cs:19:10:19:11 | Normal Exit |
@@ -17545,11 +17561,12 @@ blockDominance
 | Finally.cs:54:10:54:11 | Entry | Finally.cs:54:10:54:11 | Normal Exit |
 | Finally.cs:54:10:54:11 | Entry | Finally.cs:56:9:71:9 | After try {...} ... |
 | Finally.cs:54:10:54:11 | Entry | Finally.cs:58:13:58:37 | After call to method WriteLine |
-| Finally.cs:54:10:54:11 | Entry | Finally.cs:61:9:64:9 | After catch (...) {...} [match] |
-| Finally.cs:54:10:54:11 | Entry | Finally.cs:61:9:64:9 | After catch (...) {...} [no-match] |
 | Finally.cs:54:10:54:11 | Entry | Finally.cs:61:9:64:9 | catch (...) {...} |
-| Finally.cs:54:10:54:11 | Entry | Finally.cs:65:9:67:9 | After catch (...) {...} [match] |
+| Finally.cs:54:10:54:11 | Entry | Finally.cs:61:38:61:39 | After IOException ex [match] |
+| Finally.cs:54:10:54:11 | Entry | Finally.cs:61:38:61:39 | After IOException ex [no-match] |
 | Finally.cs:54:10:54:11 | Entry | Finally.cs:65:9:67:9 | After catch (...) {...} [no-match] |
+| Finally.cs:54:10:54:11 | Entry | Finally.cs:65:26:65:26 | After Exception e [match] |
+| Finally.cs:54:10:54:11 | Entry | Finally.cs:65:26:65:26 | After Exception e [no-match] |
 | Finally.cs:54:10:54:11 | Entry | Finally.cs:65:35:65:51 | After ... != ... [false] |
 | Finally.cs:54:10:54:11 | Entry | Finally.cs:65:35:65:51 | After ... != ... [true] |
 | Finally.cs:54:10:54:11 | Entry | Finally.cs:69:9:71:9 | {...} |
@@ -17558,23 +17575,26 @@ blockDominance
 | Finally.cs:54:10:54:11 | Normal Exit | Finally.cs:54:10:54:11 | Normal Exit |
 | Finally.cs:56:9:71:9 | After try {...} ... | Finally.cs:56:9:71:9 | After try {...} ... |
 | Finally.cs:58:13:58:37 | After call to method WriteLine | Finally.cs:58:13:58:37 | After call to method WriteLine |
-| Finally.cs:61:9:64:9 | After catch (...) {...} [match] | Finally.cs:61:9:64:9 | After catch (...) {...} [match] |
-| Finally.cs:61:9:64:9 | After catch (...) {...} [no-match] | Finally.cs:61:9:64:9 | After catch (...) {...} [no-match] |
-| Finally.cs:61:9:64:9 | After catch (...) {...} [no-match] | Finally.cs:65:9:67:9 | After catch (...) {...} [match] |
-| Finally.cs:61:9:64:9 | After catch (...) {...} [no-match] | Finally.cs:65:9:67:9 | After catch (...) {...} [no-match] |
-| Finally.cs:61:9:64:9 | After catch (...) {...} [no-match] | Finally.cs:65:35:65:51 | After ... != ... [false] |
-| Finally.cs:61:9:64:9 | After catch (...) {...} [no-match] | Finally.cs:65:35:65:51 | After ... != ... [true] |
-| Finally.cs:61:9:64:9 | catch (...) {...} | Finally.cs:61:9:64:9 | After catch (...) {...} [match] |
-| Finally.cs:61:9:64:9 | catch (...) {...} | Finally.cs:61:9:64:9 | After catch (...) {...} [no-match] |
 | Finally.cs:61:9:64:9 | catch (...) {...} | Finally.cs:61:9:64:9 | catch (...) {...} |
-| Finally.cs:61:9:64:9 | catch (...) {...} | Finally.cs:65:9:67:9 | After catch (...) {...} [match] |
+| Finally.cs:61:9:64:9 | catch (...) {...} | Finally.cs:61:38:61:39 | After IOException ex [match] |
+| Finally.cs:61:9:64:9 | catch (...) {...} | Finally.cs:61:38:61:39 | After IOException ex [no-match] |
 | Finally.cs:61:9:64:9 | catch (...) {...} | Finally.cs:65:9:67:9 | After catch (...) {...} [no-match] |
+| Finally.cs:61:9:64:9 | catch (...) {...} | Finally.cs:65:26:65:26 | After Exception e [match] |
+| Finally.cs:61:9:64:9 | catch (...) {...} | Finally.cs:65:26:65:26 | After Exception e [no-match] |
 | Finally.cs:61:9:64:9 | catch (...) {...} | Finally.cs:65:35:65:51 | After ... != ... [false] |
 | Finally.cs:61:9:64:9 | catch (...) {...} | Finally.cs:65:35:65:51 | After ... != ... [true] |
-| Finally.cs:65:9:67:9 | After catch (...) {...} [match] | Finally.cs:65:9:67:9 | After catch (...) {...} [match] |
-| Finally.cs:65:9:67:9 | After catch (...) {...} [match] | Finally.cs:65:35:65:51 | After ... != ... [false] |
-| Finally.cs:65:9:67:9 | After catch (...) {...} [match] | Finally.cs:65:35:65:51 | After ... != ... [true] |
+| Finally.cs:61:38:61:39 | After IOException ex [match] | Finally.cs:61:38:61:39 | After IOException ex [match] |
+| Finally.cs:61:38:61:39 | After IOException ex [no-match] | Finally.cs:61:38:61:39 | After IOException ex [no-match] |
+| Finally.cs:61:38:61:39 | After IOException ex [no-match] | Finally.cs:65:9:67:9 | After catch (...) {...} [no-match] |
+| Finally.cs:61:38:61:39 | After IOException ex [no-match] | Finally.cs:65:26:65:26 | After Exception e [match] |
+| Finally.cs:61:38:61:39 | After IOException ex [no-match] | Finally.cs:65:26:65:26 | After Exception e [no-match] |
+| Finally.cs:61:38:61:39 | After IOException ex [no-match] | Finally.cs:65:35:65:51 | After ... != ... [false] |
+| Finally.cs:61:38:61:39 | After IOException ex [no-match] | Finally.cs:65:35:65:51 | After ... != ... [true] |
 | Finally.cs:65:9:67:9 | After catch (...) {...} [no-match] | Finally.cs:65:9:67:9 | After catch (...) {...} [no-match] |
+| Finally.cs:65:26:65:26 | After Exception e [match] | Finally.cs:65:26:65:26 | After Exception e [match] |
+| Finally.cs:65:26:65:26 | After Exception e [match] | Finally.cs:65:35:65:51 | After ... != ... [false] |
+| Finally.cs:65:26:65:26 | After Exception e [match] | Finally.cs:65:35:65:51 | After ... != ... [true] |
+| Finally.cs:65:26:65:26 | After Exception e [no-match] | Finally.cs:65:26:65:26 | After Exception e [no-match] |
 | Finally.cs:65:35:65:51 | After ... != ... [false] | Finally.cs:65:35:65:51 | After ... != ... [false] |
 | Finally.cs:65:35:65:51 | After ... != ... [true] | Finally.cs:65:35:65:51 | After ... != ... [true] |
 | Finally.cs:69:9:71:9 | {...} | Finally.cs:54:10:54:11 | Exceptional Exit |
@@ -17783,9 +17803,10 @@ blockDominance
 | Finally.cs:147:10:147:11 | Entry | Finally.cs:158:21:158:36 | After ... == ... [false] |
 | Finally.cs:147:10:147:11 | Entry | Finally.cs:158:21:158:36 | After ... == ... [true] |
 | Finally.cs:147:10:147:11 | Entry | Finally.cs:159:27:159:44 | After object creation of type Exception |
-| Finally.cs:147:10:147:11 | Entry | Finally.cs:161:13:164:13 | After catch (...) {...} [match] |
 | Finally.cs:147:10:147:11 | Entry | Finally.cs:161:13:164:13 | After catch (...) {...} [no-match] |
 | Finally.cs:147:10:147:11 | Entry | Finally.cs:161:13:164:13 | catch (...) {...} |
+| Finally.cs:147:10:147:11 | Entry | Finally.cs:161:30:161:30 | After Exception e [match] |
+| Finally.cs:147:10:147:11 | Entry | Finally.cs:161:30:161:30 | After Exception e [no-match] |
 | Finally.cs:147:10:147:11 | Entry | Finally.cs:161:39:161:54 | After ... == ... [false] |
 | Finally.cs:147:10:147:11 | Entry | Finally.cs:161:39:161:54 | After ... == ... [true] |
 | Finally.cs:147:10:147:11 | Exceptional Exit | Finally.cs:147:10:147:11 | Exceptional Exit |
@@ -17804,9 +17825,10 @@ blockDominance
 | Finally.cs:155:9:169:9 | {...} | Finally.cs:158:21:158:36 | After ... == ... [false] |
 | Finally.cs:155:9:169:9 | {...} | Finally.cs:158:21:158:36 | After ... == ... [true] |
 | Finally.cs:155:9:169:9 | {...} | Finally.cs:159:27:159:44 | After object creation of type Exception |
-| Finally.cs:155:9:169:9 | {...} | Finally.cs:161:13:164:13 | After catch (...) {...} [match] |
 | Finally.cs:155:9:169:9 | {...} | Finally.cs:161:13:164:13 | After catch (...) {...} [no-match] |
 | Finally.cs:155:9:169:9 | {...} | Finally.cs:161:13:164:13 | catch (...) {...} |
+| Finally.cs:155:9:169:9 | {...} | Finally.cs:161:30:161:30 | After Exception e [match] |
+| Finally.cs:155:9:169:9 | {...} | Finally.cs:161:30:161:30 | After Exception e [no-match] |
 | Finally.cs:155:9:169:9 | {...} | Finally.cs:161:39:161:54 | After ... == ... [false] |
 | Finally.cs:155:9:169:9 | {...} | Finally.cs:161:39:161:54 | After ... == ... [true] |
 | Finally.cs:156:13:168:13 | After try {...} ... | Finally.cs:147:10:147:11 | Exceptional Exit |
@@ -17821,15 +17843,17 @@ blockDominance
 | Finally.cs:158:21:158:36 | After ... == ... [true] | Finally.cs:158:21:158:36 | After ... == ... [true] |
 | Finally.cs:158:21:158:36 | After ... == ... [true] | Finally.cs:159:27:159:44 | After object creation of type Exception |
 | Finally.cs:159:27:159:44 | After object creation of type Exception | Finally.cs:159:27:159:44 | After object creation of type Exception |
-| Finally.cs:161:13:164:13 | After catch (...) {...} [match] | Finally.cs:161:13:164:13 | After catch (...) {...} [match] |
-| Finally.cs:161:13:164:13 | After catch (...) {...} [match] | Finally.cs:161:39:161:54 | After ... == ... [false] |
-| Finally.cs:161:13:164:13 | After catch (...) {...} [match] | Finally.cs:161:39:161:54 | After ... == ... [true] |
 | Finally.cs:161:13:164:13 | After catch (...) {...} [no-match] | Finally.cs:161:13:164:13 | After catch (...) {...} [no-match] |
-| Finally.cs:161:13:164:13 | catch (...) {...} | Finally.cs:161:13:164:13 | After catch (...) {...} [match] |
 | Finally.cs:161:13:164:13 | catch (...) {...} | Finally.cs:161:13:164:13 | After catch (...) {...} [no-match] |
 | Finally.cs:161:13:164:13 | catch (...) {...} | Finally.cs:161:13:164:13 | catch (...) {...} |
+| Finally.cs:161:13:164:13 | catch (...) {...} | Finally.cs:161:30:161:30 | After Exception e [match] |
+| Finally.cs:161:13:164:13 | catch (...) {...} | Finally.cs:161:30:161:30 | After Exception e [no-match] |
 | Finally.cs:161:13:164:13 | catch (...) {...} | Finally.cs:161:39:161:54 | After ... == ... [false] |
 | Finally.cs:161:13:164:13 | catch (...) {...} | Finally.cs:161:39:161:54 | After ... == ... [true] |
+| Finally.cs:161:30:161:30 | After Exception e [match] | Finally.cs:161:30:161:30 | After Exception e [match] |
+| Finally.cs:161:30:161:30 | After Exception e [match] | Finally.cs:161:39:161:54 | After ... == ... [false] |
+| Finally.cs:161:30:161:30 | After Exception e [match] | Finally.cs:161:39:161:54 | After ... == ... [true] |
+| Finally.cs:161:30:161:30 | After Exception e [no-match] | Finally.cs:161:30:161:30 | After Exception e [no-match] |
 | Finally.cs:161:39:161:54 | After ... == ... [false] | Finally.cs:161:39:161:54 | After ... == ... [false] |
 | Finally.cs:161:39:161:54 | After ... == ... [true] | Finally.cs:161:39:161:54 | After ... == ... [true] |
 | Finally.cs:172:11:172:20 | Entry | Finally.cs:172:11:172:20 | Entry |
@@ -17847,9 +17871,10 @@ blockDominance
 | Finally.cs:176:10:176:11 | Entry | Finally.cs:186:21:186:22 | After access to parameter b2 [false] |
 | Finally.cs:176:10:176:11 | Entry | Finally.cs:186:21:186:22 | After access to parameter b2 [true] |
 | Finally.cs:176:10:176:11 | Entry | Finally.cs:186:31:186:46 | After object creation of type ExceptionB |
-| Finally.cs:176:10:176:11 | Entry | Finally.cs:188:13:191:13 | After catch (...) {...} [match] |
 | Finally.cs:176:10:176:11 | Entry | Finally.cs:188:13:191:13 | After catch (...) {...} [no-match] |
 | Finally.cs:176:10:176:11 | Entry | Finally.cs:188:13:191:13 | catch (...) {...} |
+| Finally.cs:176:10:176:11 | Entry | Finally.cs:188:20:188:29 | After access to type ExceptionB [match] |
+| Finally.cs:176:10:176:11 | Entry | Finally.cs:188:20:188:29 | After access to type ExceptionB [no-match] |
 | Finally.cs:176:10:176:11 | Entry | Finally.cs:188:38:188:39 | After access to parameter b2 [false] |
 | Finally.cs:176:10:176:11 | Entry | Finally.cs:188:38:188:39 | After access to parameter b2 [true] |
 | Finally.cs:176:10:176:11 | Entry | Finally.cs:190:21:190:22 | After access to parameter b1 [false] |
@@ -17869,9 +17894,10 @@ blockDominance
 | Finally.cs:183:9:192:9 | {...} | Finally.cs:186:21:186:22 | After access to parameter b2 [false] |
 | Finally.cs:183:9:192:9 | {...} | Finally.cs:186:21:186:22 | After access to parameter b2 [true] |
 | Finally.cs:183:9:192:9 | {...} | Finally.cs:186:31:186:46 | After object creation of type ExceptionB |
-| Finally.cs:183:9:192:9 | {...} | Finally.cs:188:13:191:13 | After catch (...) {...} [match] |
 | Finally.cs:183:9:192:9 | {...} | Finally.cs:188:13:191:13 | After catch (...) {...} [no-match] |
 | Finally.cs:183:9:192:9 | {...} | Finally.cs:188:13:191:13 | catch (...) {...} |
+| Finally.cs:183:9:192:9 | {...} | Finally.cs:188:20:188:29 | After access to type ExceptionB [match] |
+| Finally.cs:183:9:192:9 | {...} | Finally.cs:188:20:188:29 | After access to type ExceptionB [no-match] |
 | Finally.cs:183:9:192:9 | {...} | Finally.cs:188:38:188:39 | After access to parameter b2 [false] |
 | Finally.cs:183:9:192:9 | {...} | Finally.cs:188:38:188:39 | After access to parameter b2 [true] |
 | Finally.cs:183:9:192:9 | {...} | Finally.cs:190:21:190:22 | After access to parameter b1 [false] |
@@ -17881,27 +17907,30 @@ blockDominance
 | Finally.cs:186:21:186:22 | After access to parameter b2 [false] | Finally.cs:186:21:186:22 | After access to parameter b2 [false] |
 | Finally.cs:186:21:186:22 | After access to parameter b2 [true] | Finally.cs:186:21:186:22 | After access to parameter b2 [true] |
 | Finally.cs:186:21:186:22 | After access to parameter b2 [true] | Finally.cs:186:31:186:46 | After object creation of type ExceptionB |
-| Finally.cs:186:21:186:22 | After access to parameter b2 [true] | Finally.cs:188:13:191:13 | After catch (...) {...} [match] |
 | Finally.cs:186:21:186:22 | After access to parameter b2 [true] | Finally.cs:188:13:191:13 | After catch (...) {...} [no-match] |
 | Finally.cs:186:21:186:22 | After access to parameter b2 [true] | Finally.cs:188:13:191:13 | catch (...) {...} |
+| Finally.cs:186:21:186:22 | After access to parameter b2 [true] | Finally.cs:188:20:188:29 | After access to type ExceptionB [match] |
+| Finally.cs:186:21:186:22 | After access to parameter b2 [true] | Finally.cs:188:20:188:29 | After access to type ExceptionB [no-match] |
 | Finally.cs:186:21:186:22 | After access to parameter b2 [true] | Finally.cs:188:38:188:39 | After access to parameter b2 [false] |
 | Finally.cs:186:21:186:22 | After access to parameter b2 [true] | Finally.cs:188:38:188:39 | After access to parameter b2 [true] |
 | Finally.cs:186:21:186:22 | After access to parameter b2 [true] | Finally.cs:190:21:190:22 | After access to parameter b1 [false] |
 | Finally.cs:186:21:186:22 | After access to parameter b2 [true] | Finally.cs:190:21:190:22 | After access to parameter b1 [true] |
 | Finally.cs:186:31:186:46 | After object creation of type ExceptionB | Finally.cs:186:31:186:46 | After object creation of type ExceptionB |
-| Finally.cs:188:13:191:13 | After catch (...) {...} [match] | Finally.cs:188:13:191:13 | After catch (...) {...} [match] |
-| Finally.cs:188:13:191:13 | After catch (...) {...} [match] | Finally.cs:188:38:188:39 | After access to parameter b2 [false] |
-| Finally.cs:188:13:191:13 | After catch (...) {...} [match] | Finally.cs:188:38:188:39 | After access to parameter b2 [true] |
-| Finally.cs:188:13:191:13 | After catch (...) {...} [match] | Finally.cs:190:21:190:22 | After access to parameter b1 [false] |
-| Finally.cs:188:13:191:13 | After catch (...) {...} [match] | Finally.cs:190:21:190:22 | After access to parameter b1 [true] |
 | Finally.cs:188:13:191:13 | After catch (...) {...} [no-match] | Finally.cs:188:13:191:13 | After catch (...) {...} [no-match] |
-| Finally.cs:188:13:191:13 | catch (...) {...} | Finally.cs:188:13:191:13 | After catch (...) {...} [match] |
 | Finally.cs:188:13:191:13 | catch (...) {...} | Finally.cs:188:13:191:13 | After catch (...) {...} [no-match] |
 | Finally.cs:188:13:191:13 | catch (...) {...} | Finally.cs:188:13:191:13 | catch (...) {...} |
+| Finally.cs:188:13:191:13 | catch (...) {...} | Finally.cs:188:20:188:29 | After access to type ExceptionB [match] |
+| Finally.cs:188:13:191:13 | catch (...) {...} | Finally.cs:188:20:188:29 | After access to type ExceptionB [no-match] |
 | Finally.cs:188:13:191:13 | catch (...) {...} | Finally.cs:188:38:188:39 | After access to parameter b2 [false] |
 | Finally.cs:188:13:191:13 | catch (...) {...} | Finally.cs:188:38:188:39 | After access to parameter b2 [true] |
 | Finally.cs:188:13:191:13 | catch (...) {...} | Finally.cs:190:21:190:22 | After access to parameter b1 [false] |
 | Finally.cs:188:13:191:13 | catch (...) {...} | Finally.cs:190:21:190:22 | After access to parameter b1 [true] |
+| Finally.cs:188:20:188:29 | After access to type ExceptionB [match] | Finally.cs:188:20:188:29 | After access to type ExceptionB [match] |
+| Finally.cs:188:20:188:29 | After access to type ExceptionB [match] | Finally.cs:188:38:188:39 | After access to parameter b2 [false] |
+| Finally.cs:188:20:188:29 | After access to type ExceptionB [match] | Finally.cs:188:38:188:39 | After access to parameter b2 [true] |
+| Finally.cs:188:20:188:29 | After access to type ExceptionB [match] | Finally.cs:190:21:190:22 | After access to parameter b1 [false] |
+| Finally.cs:188:20:188:29 | After access to type ExceptionB [match] | Finally.cs:190:21:190:22 | After access to parameter b1 [true] |
+| Finally.cs:188:20:188:29 | After access to type ExceptionB [no-match] | Finally.cs:188:20:188:29 | After access to type ExceptionB [no-match] |
 | Finally.cs:188:38:188:39 | After access to parameter b2 [false] | Finally.cs:188:38:188:39 | After access to parameter b2 [false] |
 | Finally.cs:188:38:188:39 | After access to parameter b2 [true] | Finally.cs:188:38:188:39 | After access to parameter b2 [true] |
 | Finally.cs:188:38:188:39 | After access to parameter b2 [true] | Finally.cs:190:21:190:22 | After access to parameter b1 [false] |
@@ -21668,14 +21697,14 @@ postBlockDominance
 | ExitMethods.cs:38:10:38:11 | Exit | ExitMethods.cs:38:10:38:11 | Exit |
 | ExitMethods.cs:38:10:38:11 | Normal Exit | ExitMethods.cs:38:10:38:11 | Entry |
 | ExitMethods.cs:38:10:38:11 | Normal Exit | ExitMethods.cs:38:10:38:11 | Normal Exit |
-| ExitMethods.cs:38:10:38:11 | Normal Exit | ExitMethods.cs:44:9:47:9 | After catch (...) {...} [match] |
-| ExitMethods.cs:38:10:38:11 | Normal Exit | ExitMethods.cs:44:9:47:9 | After catch (...) {...} [no-match] |
-| ExitMethods.cs:38:10:38:11 | Normal Exit | ExitMethods.cs:48:9:51:9 | After catch (...) {...} [match] |
-| ExitMethods.cs:44:9:47:9 | After catch (...) {...} [match] | ExitMethods.cs:44:9:47:9 | After catch (...) {...} [match] |
-| ExitMethods.cs:44:9:47:9 | After catch (...) {...} [no-match] | ExitMethods.cs:44:9:47:9 | After catch (...) {...} [no-match] |
-| ExitMethods.cs:48:9:51:9 | After catch (...) {...} [match] | ExitMethods.cs:44:9:47:9 | After catch (...) {...} [no-match] |
-| ExitMethods.cs:48:9:51:9 | After catch (...) {...} [match] | ExitMethods.cs:48:9:51:9 | After catch (...) {...} [match] |
-| ExitMethods.cs:48:9:51:9 | After catch (...) {...} [no-match] | ExitMethods.cs:48:9:51:9 | After catch (...) {...} [no-match] |
+| ExitMethods.cs:38:10:38:11 | Normal Exit | ExitMethods.cs:44:16:44:32 | After access to type ArgumentException [match] |
+| ExitMethods.cs:38:10:38:11 | Normal Exit | ExitMethods.cs:44:16:44:32 | After access to type ArgumentException [no-match] |
+| ExitMethods.cs:38:10:38:11 | Normal Exit | ExitMethods.cs:48:16:48:24 | After access to type Exception [match] |
+| ExitMethods.cs:44:16:44:32 | After access to type ArgumentException [match] | ExitMethods.cs:44:16:44:32 | After access to type ArgumentException [match] |
+| ExitMethods.cs:44:16:44:32 | After access to type ArgumentException [no-match] | ExitMethods.cs:44:16:44:32 | After access to type ArgumentException [no-match] |
+| ExitMethods.cs:48:16:48:24 | After access to type Exception [match] | ExitMethods.cs:44:16:44:32 | After access to type ArgumentException [no-match] |
+| ExitMethods.cs:48:16:48:24 | After access to type Exception [match] | ExitMethods.cs:48:16:48:24 | After access to type Exception [match] |
+| ExitMethods.cs:48:16:48:24 | After access to type Exception [no-match] | ExitMethods.cs:48:16:48:24 | After access to type Exception [no-match] |
 | ExitMethods.cs:54:10:54:11 | Entry | ExitMethods.cs:54:10:54:11 | Entry |
 | ExitMethods.cs:60:10:60:11 | Entry | ExitMethods.cs:60:10:60:11 | Entry |
 | ExitMethods.cs:66:17:66:26 | Entry | ExitMethods.cs:66:17:66:26 | Entry |
@@ -21743,32 +21772,32 @@ postBlockDominance
 | Finally.cs:19:10:19:11 | Normal Exit | Finally.cs:19:10:19:11 | Normal Exit |
 | Finally.cs:19:10:19:11 | Normal Exit | Finally.cs:21:9:51:9 | After try {...} ... |
 | Finally.cs:19:10:19:11 | Normal Exit | Finally.cs:23:13:23:37 | After call to method WriteLine |
-| Finally.cs:19:10:19:11 | Normal Exit | Finally.cs:26:9:29:9 | After catch (...) {...} [match] |
-| Finally.cs:19:10:19:11 | Normal Exit | Finally.cs:26:9:29:9 | After catch (...) {...} [no-match] |
 | Finally.cs:19:10:19:11 | Normal Exit | Finally.cs:26:9:29:9 | catch (...) {...} |
-| Finally.cs:19:10:19:11 | Normal Exit | Finally.cs:30:9:40:9 | After catch (...) {...} [match] |
-| Finally.cs:19:10:19:11 | Normal Exit | Finally.cs:30:9:40:9 | After catch (...) {...} [no-match] |
-| Finally.cs:19:10:19:11 | Normal Exit | Finally.cs:41:9:43:9 | After catch (...) {...} [match] |
-| Finally.cs:19:10:19:11 | Normal Exit | Finally.cs:41:9:43:9 | After catch (...) {...} [no-match] |
+| Finally.cs:19:10:19:11 | Normal Exit | Finally.cs:26:38:26:39 | After IOException ex [match] |
+| Finally.cs:19:10:19:11 | Normal Exit | Finally.cs:26:38:26:39 | After IOException ex [no-match] |
+| Finally.cs:19:10:19:11 | Normal Exit | Finally.cs:30:41:30:42 | After ArgumentException ex [match] |
+| Finally.cs:19:10:19:11 | Normal Exit | Finally.cs:30:41:30:42 | After ArgumentException ex [no-match] |
+| Finally.cs:19:10:19:11 | Normal Exit | Finally.cs:41:16:41:24 | After access to type Exception [match] |
+| Finally.cs:19:10:19:11 | Normal Exit | Finally.cs:41:16:41:24 | After access to type Exception [no-match] |
 | Finally.cs:19:10:19:11 | Normal Exit | Finally.cs:49:9:51:9 | {...} |
 | Finally.cs:21:9:51:9 | After try {...} ... | Finally.cs:21:9:51:9 | After try {...} ... |
 | Finally.cs:23:13:23:37 | After call to method WriteLine | Finally.cs:23:13:23:37 | After call to method WriteLine |
-| Finally.cs:26:9:29:9 | After catch (...) {...} [match] | Finally.cs:26:9:29:9 | After catch (...) {...} [match] |
-| Finally.cs:26:9:29:9 | After catch (...) {...} [no-match] | Finally.cs:26:9:29:9 | After catch (...) {...} [no-match] |
 | Finally.cs:26:9:29:9 | catch (...) {...} | Finally.cs:26:9:29:9 | catch (...) {...} |
-| Finally.cs:30:9:40:9 | After catch (...) {...} [match] | Finally.cs:30:9:40:9 | After catch (...) {...} [match] |
-| Finally.cs:30:9:40:9 | After catch (...) {...} [no-match] | Finally.cs:30:9:40:9 | After catch (...) {...} [no-match] |
-| Finally.cs:41:9:43:9 | After catch (...) {...} [match] | Finally.cs:41:9:43:9 | After catch (...) {...} [match] |
-| Finally.cs:41:9:43:9 | After catch (...) {...} [no-match] | Finally.cs:41:9:43:9 | After catch (...) {...} [no-match] |
+| Finally.cs:26:38:26:39 | After IOException ex [match] | Finally.cs:26:38:26:39 | After IOException ex [match] |
+| Finally.cs:26:38:26:39 | After IOException ex [no-match] | Finally.cs:26:38:26:39 | After IOException ex [no-match] |
+| Finally.cs:30:41:30:42 | After ArgumentException ex [match] | Finally.cs:30:41:30:42 | After ArgumentException ex [match] |
+| Finally.cs:30:41:30:42 | After ArgumentException ex [no-match] | Finally.cs:30:41:30:42 | After ArgumentException ex [no-match] |
+| Finally.cs:41:16:41:24 | After access to type Exception [match] | Finally.cs:41:16:41:24 | After access to type Exception [match] |
+| Finally.cs:41:16:41:24 | After access to type Exception [no-match] | Finally.cs:41:16:41:24 | After access to type Exception [no-match] |
 | Finally.cs:49:9:51:9 | {...} | Finally.cs:19:10:19:11 | Entry |
 | Finally.cs:49:9:51:9 | {...} | Finally.cs:23:13:23:37 | After call to method WriteLine |
-| Finally.cs:49:9:51:9 | {...} | Finally.cs:26:9:29:9 | After catch (...) {...} [match] |
-| Finally.cs:49:9:51:9 | {...} | Finally.cs:26:9:29:9 | After catch (...) {...} [no-match] |
 | Finally.cs:49:9:51:9 | {...} | Finally.cs:26:9:29:9 | catch (...) {...} |
-| Finally.cs:49:9:51:9 | {...} | Finally.cs:30:9:40:9 | After catch (...) {...} [match] |
-| Finally.cs:49:9:51:9 | {...} | Finally.cs:30:9:40:9 | After catch (...) {...} [no-match] |
-| Finally.cs:49:9:51:9 | {...} | Finally.cs:41:9:43:9 | After catch (...) {...} [match] |
-| Finally.cs:49:9:51:9 | {...} | Finally.cs:41:9:43:9 | After catch (...) {...} [no-match] |
+| Finally.cs:49:9:51:9 | {...} | Finally.cs:26:38:26:39 | After IOException ex [match] |
+| Finally.cs:49:9:51:9 | {...} | Finally.cs:26:38:26:39 | After IOException ex [no-match] |
+| Finally.cs:49:9:51:9 | {...} | Finally.cs:30:41:30:42 | After ArgumentException ex [match] |
+| Finally.cs:49:9:51:9 | {...} | Finally.cs:30:41:30:42 | After ArgumentException ex [no-match] |
+| Finally.cs:49:9:51:9 | {...} | Finally.cs:41:16:41:24 | After access to type Exception [match] |
+| Finally.cs:49:9:51:9 | {...} | Finally.cs:41:16:41:24 | After access to type Exception [no-match] |
 | Finally.cs:49:9:51:9 | {...} | Finally.cs:49:9:51:9 | {...} |
 | Finally.cs:54:10:54:11 | Entry | Finally.cs:54:10:54:11 | Entry |
 | Finally.cs:54:10:54:11 | Exceptional Exit | Finally.cs:54:10:54:11 | Exceptional Exit |
@@ -21777,31 +21806,35 @@ postBlockDominance
 | Finally.cs:54:10:54:11 | Normal Exit | Finally.cs:54:10:54:11 | Normal Exit |
 | Finally.cs:54:10:54:11 | Normal Exit | Finally.cs:56:9:71:9 | After try {...} ... |
 | Finally.cs:54:10:54:11 | Normal Exit | Finally.cs:58:13:58:37 | After call to method WriteLine |
-| Finally.cs:54:10:54:11 | Normal Exit | Finally.cs:61:9:64:9 | After catch (...) {...} [match] |
-| Finally.cs:54:10:54:11 | Normal Exit | Finally.cs:61:9:64:9 | After catch (...) {...} [no-match] |
 | Finally.cs:54:10:54:11 | Normal Exit | Finally.cs:61:9:64:9 | catch (...) {...} |
-| Finally.cs:54:10:54:11 | Normal Exit | Finally.cs:65:9:67:9 | After catch (...) {...} [match] |
+| Finally.cs:54:10:54:11 | Normal Exit | Finally.cs:61:38:61:39 | After IOException ex [match] |
+| Finally.cs:54:10:54:11 | Normal Exit | Finally.cs:61:38:61:39 | After IOException ex [no-match] |
 | Finally.cs:54:10:54:11 | Normal Exit | Finally.cs:65:9:67:9 | After catch (...) {...} [no-match] |
+| Finally.cs:54:10:54:11 | Normal Exit | Finally.cs:65:26:65:26 | After Exception e [match] |
+| Finally.cs:54:10:54:11 | Normal Exit | Finally.cs:65:26:65:26 | After Exception e [no-match] |
 | Finally.cs:54:10:54:11 | Normal Exit | Finally.cs:65:35:65:51 | After ... != ... [false] |
 | Finally.cs:54:10:54:11 | Normal Exit | Finally.cs:65:35:65:51 | After ... != ... [true] |
 | Finally.cs:54:10:54:11 | Normal Exit | Finally.cs:69:9:71:9 | {...} |
 | Finally.cs:56:9:71:9 | After try {...} ... | Finally.cs:56:9:71:9 | After try {...} ... |
 | Finally.cs:58:13:58:37 | After call to method WriteLine | Finally.cs:58:13:58:37 | After call to method WriteLine |
-| Finally.cs:61:9:64:9 | After catch (...) {...} [match] | Finally.cs:61:9:64:9 | After catch (...) {...} [match] |
-| Finally.cs:61:9:64:9 | After catch (...) {...} [no-match] | Finally.cs:61:9:64:9 | After catch (...) {...} [no-match] |
 | Finally.cs:61:9:64:9 | catch (...) {...} | Finally.cs:61:9:64:9 | catch (...) {...} |
-| Finally.cs:65:9:67:9 | After catch (...) {...} [match] | Finally.cs:65:9:67:9 | After catch (...) {...} [match] |
+| Finally.cs:61:38:61:39 | After IOException ex [match] | Finally.cs:61:38:61:39 | After IOException ex [match] |
+| Finally.cs:61:38:61:39 | After IOException ex [no-match] | Finally.cs:61:38:61:39 | After IOException ex [no-match] |
 | Finally.cs:65:9:67:9 | After catch (...) {...} [no-match] | Finally.cs:65:9:67:9 | After catch (...) {...} [no-match] |
+| Finally.cs:65:9:67:9 | After catch (...) {...} [no-match] | Finally.cs:65:26:65:26 | After Exception e [no-match] |
 | Finally.cs:65:9:67:9 | After catch (...) {...} [no-match] | Finally.cs:65:35:65:51 | After ... != ... [false] |
+| Finally.cs:65:26:65:26 | After Exception e [match] | Finally.cs:65:26:65:26 | After Exception e [match] |
+| Finally.cs:65:26:65:26 | After Exception e [no-match] | Finally.cs:65:26:65:26 | After Exception e [no-match] |
 | Finally.cs:65:35:65:51 | After ... != ... [false] | Finally.cs:65:35:65:51 | After ... != ... [false] |
 | Finally.cs:65:35:65:51 | After ... != ... [true] | Finally.cs:65:35:65:51 | After ... != ... [true] |
 | Finally.cs:69:9:71:9 | {...} | Finally.cs:54:10:54:11 | Entry |
 | Finally.cs:69:9:71:9 | {...} | Finally.cs:58:13:58:37 | After call to method WriteLine |
-| Finally.cs:69:9:71:9 | {...} | Finally.cs:61:9:64:9 | After catch (...) {...} [match] |
-| Finally.cs:69:9:71:9 | {...} | Finally.cs:61:9:64:9 | After catch (...) {...} [no-match] |
 | Finally.cs:69:9:71:9 | {...} | Finally.cs:61:9:64:9 | catch (...) {...} |
-| Finally.cs:69:9:71:9 | {...} | Finally.cs:65:9:67:9 | After catch (...) {...} [match] |
+| Finally.cs:69:9:71:9 | {...} | Finally.cs:61:38:61:39 | After IOException ex [match] |
+| Finally.cs:69:9:71:9 | {...} | Finally.cs:61:38:61:39 | After IOException ex [no-match] |
 | Finally.cs:69:9:71:9 | {...} | Finally.cs:65:9:67:9 | After catch (...) {...} [no-match] |
+| Finally.cs:69:9:71:9 | {...} | Finally.cs:65:26:65:26 | After Exception e [match] |
+| Finally.cs:69:9:71:9 | {...} | Finally.cs:65:26:65:26 | After Exception e [no-match] |
 | Finally.cs:69:9:71:9 | {...} | Finally.cs:65:35:65:51 | After ... != ... [false] |
 | Finally.cs:69:9:71:9 | {...} | Finally.cs:65:35:65:51 | After ... != ... [true] |
 | Finally.cs:69:9:71:9 | {...} | Finally.cs:69:9:71:9 | {...} |
@@ -21973,9 +22006,10 @@ postBlockDominance
 | Finally.cs:149:9:169:9 | After try {...} ... | Finally.cs:158:21:158:36 | After ... == ... [false] |
 | Finally.cs:149:9:169:9 | After try {...} ... | Finally.cs:158:21:158:36 | After ... == ... [true] |
 | Finally.cs:149:9:169:9 | After try {...} ... | Finally.cs:159:27:159:44 | After object creation of type Exception |
-| Finally.cs:149:9:169:9 | After try {...} ... | Finally.cs:161:13:164:13 | After catch (...) {...} [match] |
 | Finally.cs:149:9:169:9 | After try {...} ... | Finally.cs:161:13:164:13 | After catch (...) {...} [no-match] |
 | Finally.cs:149:9:169:9 | After try {...} ... | Finally.cs:161:13:164:13 | catch (...) {...} |
+| Finally.cs:149:9:169:9 | After try {...} ... | Finally.cs:161:30:161:30 | After Exception e [match] |
+| Finally.cs:149:9:169:9 | After try {...} ... | Finally.cs:161:30:161:30 | After Exception e [no-match] |
 | Finally.cs:149:9:169:9 | After try {...} ... | Finally.cs:161:39:161:54 | After ... == ... [false] |
 | Finally.cs:149:9:169:9 | After try {...} ... | Finally.cs:161:39:161:54 | After ... == ... [true] |
 | Finally.cs:151:17:151:28 | After ... == ... [false] | Finally.cs:151:17:151:28 | After ... == ... [false] |
@@ -21996,21 +22030,24 @@ postBlockDominance
 | Finally.cs:156:13:168:13 | After try {...} ... | Finally.cs:158:21:158:36 | After ... == ... [false] |
 | Finally.cs:156:13:168:13 | After try {...} ... | Finally.cs:158:21:158:36 | After ... == ... [true] |
 | Finally.cs:156:13:168:13 | After try {...} ... | Finally.cs:159:27:159:44 | After object creation of type Exception |
-| Finally.cs:156:13:168:13 | After try {...} ... | Finally.cs:161:13:164:13 | After catch (...) {...} [match] |
 | Finally.cs:156:13:168:13 | After try {...} ... | Finally.cs:161:13:164:13 | After catch (...) {...} [no-match] |
 | Finally.cs:156:13:168:13 | After try {...} ... | Finally.cs:161:13:164:13 | catch (...) {...} |
+| Finally.cs:156:13:168:13 | After try {...} ... | Finally.cs:161:30:161:30 | After Exception e [match] |
+| Finally.cs:156:13:168:13 | After try {...} ... | Finally.cs:161:30:161:30 | After Exception e [no-match] |
 | Finally.cs:156:13:168:13 | After try {...} ... | Finally.cs:161:39:161:54 | After ... == ... [false] |
 | Finally.cs:156:13:168:13 | After try {...} ... | Finally.cs:161:39:161:54 | After ... == ... [true] |
 | Finally.cs:158:21:158:31 | After access to property Length | Finally.cs:158:21:158:31 | After access to property Length |
 | Finally.cs:158:21:158:36 | After ... == ... [false] | Finally.cs:158:21:158:36 | After ... == ... [false] |
 | Finally.cs:158:21:158:36 | After ... == ... [true] | Finally.cs:158:21:158:36 | After ... == ... [true] |
 | Finally.cs:159:27:159:44 | After object creation of type Exception | Finally.cs:159:27:159:44 | After object creation of type Exception |
-| Finally.cs:161:13:164:13 | After catch (...) {...} [match] | Finally.cs:161:13:164:13 | After catch (...) {...} [match] |
 | Finally.cs:161:13:164:13 | After catch (...) {...} [no-match] | Finally.cs:161:13:164:13 | After catch (...) {...} [no-match] |
+| Finally.cs:161:13:164:13 | After catch (...) {...} [no-match] | Finally.cs:161:30:161:30 | After Exception e [no-match] |
 | Finally.cs:161:13:164:13 | After catch (...) {...} [no-match] | Finally.cs:161:39:161:54 | After ... == ... [false] |
 | Finally.cs:161:13:164:13 | catch (...) {...} | Finally.cs:158:21:158:36 | After ... == ... [true] |
 | Finally.cs:161:13:164:13 | catch (...) {...} | Finally.cs:159:27:159:44 | After object creation of type Exception |
 | Finally.cs:161:13:164:13 | catch (...) {...} | Finally.cs:161:13:164:13 | catch (...) {...} |
+| Finally.cs:161:30:161:30 | After Exception e [match] | Finally.cs:161:30:161:30 | After Exception e [match] |
+| Finally.cs:161:30:161:30 | After Exception e [no-match] | Finally.cs:161:30:161:30 | After Exception e [no-match] |
 | Finally.cs:161:39:161:54 | After ... == ... [false] | Finally.cs:161:39:161:54 | After ... == ... [false] |
 | Finally.cs:161:39:161:54 | After ... == ... [true] | Finally.cs:161:39:161:54 | After ... == ... [true] |
 | Finally.cs:172:11:172:20 | Entry | Finally.cs:172:11:172:20 | Entry |
@@ -22029,8 +22066,8 @@ postBlockDominance
 | Finally.cs:178:9:192:9 | After try {...} ... | Finally.cs:186:21:186:22 | After access to parameter b2 [false] |
 | Finally.cs:178:9:192:9 | After try {...} ... | Finally.cs:186:21:186:22 | After access to parameter b2 [true] |
 | Finally.cs:178:9:192:9 | After try {...} ... | Finally.cs:186:31:186:46 | After object creation of type ExceptionB |
-| Finally.cs:178:9:192:9 | After try {...} ... | Finally.cs:188:13:191:13 | After catch (...) {...} [match] |
 | Finally.cs:178:9:192:9 | After try {...} ... | Finally.cs:188:13:191:13 | catch (...) {...} |
+| Finally.cs:178:9:192:9 | After try {...} ... | Finally.cs:188:20:188:29 | After access to type ExceptionB [match] |
 | Finally.cs:178:9:192:9 | After try {...} ... | Finally.cs:188:38:188:39 | After access to parameter b2 [true] |
 | Finally.cs:178:9:192:9 | After try {...} ... | Finally.cs:190:21:190:22 | After access to parameter b1 [false] |
 | Finally.cs:180:17:180:18 | After access to parameter b1 [false] | Finally.cs:180:17:180:18 | After access to parameter b1 [false] |
@@ -22050,31 +22087,32 @@ postBlockDominance
 | Finally.cs:184:13:191:13 | After try {...} ... | Finally.cs:186:21:186:22 | After access to parameter b2 [false] |
 | Finally.cs:184:13:191:13 | After try {...} ... | Finally.cs:186:21:186:22 | After access to parameter b2 [true] |
 | Finally.cs:184:13:191:13 | After try {...} ... | Finally.cs:186:31:186:46 | After object creation of type ExceptionB |
-| Finally.cs:184:13:191:13 | After try {...} ... | Finally.cs:188:13:191:13 | After catch (...) {...} [match] |
 | Finally.cs:184:13:191:13 | After try {...} ... | Finally.cs:188:13:191:13 | catch (...) {...} |
+| Finally.cs:184:13:191:13 | After try {...} ... | Finally.cs:188:20:188:29 | After access to type ExceptionB [match] |
 | Finally.cs:184:13:191:13 | After try {...} ... | Finally.cs:188:38:188:39 | After access to parameter b2 [true] |
 | Finally.cs:184:13:191:13 | After try {...} ... | Finally.cs:190:21:190:22 | After access to parameter b1 [false] |
 | Finally.cs:186:21:186:22 | After access to parameter b2 [false] | Finally.cs:186:21:186:22 | After access to parameter b2 [false] |
 | Finally.cs:186:21:186:22 | After access to parameter b2 [true] | Finally.cs:186:21:186:22 | After access to parameter b2 [true] |
 | Finally.cs:186:31:186:46 | After object creation of type ExceptionB | Finally.cs:186:31:186:46 | After object creation of type ExceptionB |
-| Finally.cs:188:13:191:13 | After catch (...) {...} [match] | Finally.cs:186:21:186:22 | After access to parameter b2 [true] |
-| Finally.cs:188:13:191:13 | After catch (...) {...} [match] | Finally.cs:186:31:186:46 | After object creation of type ExceptionB |
-| Finally.cs:188:13:191:13 | After catch (...) {...} [match] | Finally.cs:188:13:191:13 | After catch (...) {...} [match] |
-| Finally.cs:188:13:191:13 | After catch (...) {...} [match] | Finally.cs:188:13:191:13 | catch (...) {...} |
 | Finally.cs:188:13:191:13 | After catch (...) {...} [no-match] | Finally.cs:188:13:191:13 | After catch (...) {...} [no-match] |
 | Finally.cs:188:13:191:13 | catch (...) {...} | Finally.cs:186:21:186:22 | After access to parameter b2 [true] |
 | Finally.cs:188:13:191:13 | catch (...) {...} | Finally.cs:186:31:186:46 | After object creation of type ExceptionB |
 | Finally.cs:188:13:191:13 | catch (...) {...} | Finally.cs:188:13:191:13 | catch (...) {...} |
+| Finally.cs:188:20:188:29 | After access to type ExceptionB [match] | Finally.cs:186:21:186:22 | After access to parameter b2 [true] |
+| Finally.cs:188:20:188:29 | After access to type ExceptionB [match] | Finally.cs:186:31:186:46 | After object creation of type ExceptionB |
+| Finally.cs:188:20:188:29 | After access to type ExceptionB [match] | Finally.cs:188:13:191:13 | catch (...) {...} |
+| Finally.cs:188:20:188:29 | After access to type ExceptionB [match] | Finally.cs:188:20:188:29 | After access to type ExceptionB [match] |
+| Finally.cs:188:20:188:29 | After access to type ExceptionB [no-match] | Finally.cs:188:20:188:29 | After access to type ExceptionB [no-match] |
 | Finally.cs:188:38:188:39 | After access to parameter b2 [false] | Finally.cs:188:38:188:39 | After access to parameter b2 [false] |
 | Finally.cs:188:38:188:39 | After access to parameter b2 [true] | Finally.cs:186:21:186:22 | After access to parameter b2 [true] |
 | Finally.cs:188:38:188:39 | After access to parameter b2 [true] | Finally.cs:186:31:186:46 | After object creation of type ExceptionB |
-| Finally.cs:188:38:188:39 | After access to parameter b2 [true] | Finally.cs:188:13:191:13 | After catch (...) {...} [match] |
 | Finally.cs:188:38:188:39 | After access to parameter b2 [true] | Finally.cs:188:13:191:13 | catch (...) {...} |
+| Finally.cs:188:38:188:39 | After access to parameter b2 [true] | Finally.cs:188:20:188:29 | After access to type ExceptionB [match] |
 | Finally.cs:188:38:188:39 | After access to parameter b2 [true] | Finally.cs:188:38:188:39 | After access to parameter b2 [true] |
 | Finally.cs:190:21:190:22 | After access to parameter b1 [false] | Finally.cs:186:21:186:22 | After access to parameter b2 [true] |
 | Finally.cs:190:21:190:22 | After access to parameter b1 [false] | Finally.cs:186:31:186:46 | After object creation of type ExceptionB |
-| Finally.cs:190:21:190:22 | After access to parameter b1 [false] | Finally.cs:188:13:191:13 | After catch (...) {...} [match] |
 | Finally.cs:190:21:190:22 | After access to parameter b1 [false] | Finally.cs:188:13:191:13 | catch (...) {...} |
+| Finally.cs:190:21:190:22 | After access to parameter b1 [false] | Finally.cs:188:20:188:29 | After access to type ExceptionB [match] |
 | Finally.cs:190:21:190:22 | After access to parameter b1 [false] | Finally.cs:188:38:188:39 | After access to parameter b2 [true] |
 | Finally.cs:190:21:190:22 | After access to parameter b1 [false] | Finally.cs:190:21:190:22 | After access to parameter b1 [false] |
 | Finally.cs:190:21:190:22 | After access to parameter b1 [true] | Finally.cs:190:21:190:22 | After access to parameter b1 [true] |

csharp/ql/test/library-tests/controlflow/graph/EnclosingCallable.expected

@@ -3016,15 +3016,19 @@ nodeEnclosing
 | ExitMethods.cs:42:13:42:30 | call to method ErrorAlways | ExitMethods.cs:38:10:38:11 | M6 |
 | ExitMethods.cs:42:13:42:31 | ...; | ExitMethods.cs:38:10:38:11 | M6 |
 | ExitMethods.cs:42:25:42:29 | false | ExitMethods.cs:38:10:38:11 | M6 |
-| ExitMethods.cs:44:9:47:9 | After catch (...) {...} [match] | ExitMethods.cs:38:10:38:11 | M6 |
 | ExitMethods.cs:44:9:47:9 | After catch (...) {...} [no-match] | ExitMethods.cs:38:10:38:11 | M6 |
 | ExitMethods.cs:44:9:47:9 | catch (...) {...} | ExitMethods.cs:38:10:38:11 | M6 |
+| ExitMethods.cs:44:16:44:32 | After access to type ArgumentException [match] | ExitMethods.cs:38:10:38:11 | M6 |
+| ExitMethods.cs:44:16:44:32 | After access to type ArgumentException [no-match] | ExitMethods.cs:38:10:38:11 | M6 |
+| ExitMethods.cs:44:16:44:32 | access to type ArgumentException | ExitMethods.cs:38:10:38:11 | M6 |
 | ExitMethods.cs:45:9:47:9 | {...} | ExitMethods.cs:38:10:38:11 | M6 |
 | ExitMethods.cs:46:13:46:19 | Before return ...; | ExitMethods.cs:38:10:38:11 | M6 |
 | ExitMethods.cs:46:13:46:19 | return ...; | ExitMethods.cs:38:10:38:11 | M6 |
-| ExitMethods.cs:48:9:51:9 | After catch (...) {...} [match] | ExitMethods.cs:38:10:38:11 | M6 |
 | ExitMethods.cs:48:9:51:9 | After catch (...) {...} [no-match] | ExitMethods.cs:38:10:38:11 | M6 |
 | ExitMethods.cs:48:9:51:9 | catch (...) {...} | ExitMethods.cs:38:10:38:11 | M6 |
+| ExitMethods.cs:48:16:48:24 | After access to type Exception [match] | ExitMethods.cs:38:10:38:11 | M6 |
+| ExitMethods.cs:48:16:48:24 | After access to type Exception [no-match] | ExitMethods.cs:38:10:38:11 | M6 |
+| ExitMethods.cs:48:16:48:24 | access to type Exception | ExitMethods.cs:38:10:38:11 | M6 |
 | ExitMethods.cs:49:9:51:9 | {...} | ExitMethods.cs:38:10:38:11 | M6 |
 | ExitMethods.cs:50:13:50:19 | Before return ...; | ExitMethods.cs:38:10:38:11 | M6 |
 | ExitMethods.cs:50:13:50:19 | return ...; | ExitMethods.cs:38:10:38:11 | M6 |
@@ -3358,18 +3362,20 @@ nodeEnclosing
 | Finally.cs:23:31:23:36 | "Try2" | Finally.cs:19:10:19:11 | M2 |
 | Finally.cs:24:13:24:19 | Before return ...; | Finally.cs:19:10:19:11 | M2 |
 | Finally.cs:24:13:24:19 | return ...; | Finally.cs:19:10:19:11 | M2 |
-| Finally.cs:26:9:29:9 | After catch (...) {...} [match] | Finally.cs:19:10:19:11 | M2 |
 | Finally.cs:26:9:29:9 | After catch (...) {...} [no-match] | Finally.cs:19:10:19:11 | M2 |
 | Finally.cs:26:9:29:9 | catch (...) {...} | Finally.cs:19:10:19:11 | M2 |
+| Finally.cs:26:38:26:39 | After IOException ex [match] | Finally.cs:19:10:19:11 | M2 |
+| Finally.cs:26:38:26:39 | After IOException ex [no-match] | Finally.cs:19:10:19:11 | M2 |
 | Finally.cs:26:38:26:39 | IOException ex | Finally.cs:19:10:19:11 | M2 |
 | Finally.cs:26:48:26:51 | After true [true] | Finally.cs:19:10:19:11 | M2 |
 | Finally.cs:26:48:26:51 | true | Finally.cs:19:10:19:11 | M2 |
 | Finally.cs:27:9:29:9 | {...} | Finally.cs:19:10:19:11 | M2 |
 | Finally.cs:28:13:28:18 | Before throw ...; | Finally.cs:19:10:19:11 | M2 |
 | Finally.cs:28:13:28:18 | throw ...; | Finally.cs:19:10:19:11 | M2 |
-| Finally.cs:30:9:40:9 | After catch (...) {...} [match] | Finally.cs:19:10:19:11 | M2 |
 | Finally.cs:30:9:40:9 | After catch (...) {...} [no-match] | Finally.cs:19:10:19:11 | M2 |
 | Finally.cs:30:9:40:9 | catch (...) {...} | Finally.cs:19:10:19:11 | M2 |
+| Finally.cs:30:41:30:42 | After ArgumentException ex [match] | Finally.cs:19:10:19:11 | M2 |
+| Finally.cs:30:41:30:42 | After ArgumentException ex [no-match] | Finally.cs:19:10:19:11 | M2 |
 | Finally.cs:30:41:30:42 | ArgumentException ex | Finally.cs:19:10:19:11 | M2 |
 | Finally.cs:31:9:40:9 | {...} | Finally.cs:19:10:19:11 | M2 |
 | Finally.cs:32:13:39:13 | try {...} ... | Finally.cs:19:10:19:11 | M2 |
@@ -3386,11 +3392,12 @@ nodeEnclosing
 | Finally.cs:38:23:38:43 | Before object creation of type Exception | Finally.cs:19:10:19:11 | M2 |
 | Finally.cs:38:23:38:43 | object creation of type Exception | Finally.cs:19:10:19:11 | M2 |
 | Finally.cs:38:37:38:42 | "Boo!" | Finally.cs:19:10:19:11 | M2 |
-| Finally.cs:41:9:43:9 | After catch (...) {...} [match] | Finally.cs:19:10:19:11 | M2 |
 | Finally.cs:41:9:43:9 | After catch (...) {...} [no-match] | Finally.cs:19:10:19:11 | M2 |
 | Finally.cs:41:9:43:9 | catch (...) {...} | Finally.cs:19:10:19:11 | M2 |
+| Finally.cs:41:16:41:24 | After access to type Exception [match] | Finally.cs:19:10:19:11 | M2 |
+| Finally.cs:41:16:41:24 | After access to type Exception [no-match] | Finally.cs:19:10:19:11 | M2 |
+| Finally.cs:41:16:41:24 | access to type Exception | Finally.cs:19:10:19:11 | M2 |
 | Finally.cs:42:9:43:9 | {...} | Finally.cs:19:10:19:11 | M2 |
-| Finally.cs:44:9:47:9 | After catch {...} [match] | Finally.cs:19:10:19:11 | M2 |
 | Finally.cs:44:9:47:9 | catch {...} | Finally.cs:19:10:19:11 | M2 |
 | Finally.cs:45:9:47:9 | {...} | Finally.cs:19:10:19:11 | M2 |
 | Finally.cs:46:13:46:19 | Before return ...; | Finally.cs:19:10:19:11 | M2 |
@@ -3420,18 +3427,20 @@ nodeEnclosing
 | Finally.cs:58:31:58:36 | "Try3" | Finally.cs:54:10:54:11 | M3 |
 | Finally.cs:59:13:59:19 | Before return ...; | Finally.cs:54:10:54:11 | M3 |
 | Finally.cs:59:13:59:19 | return ...; | Finally.cs:54:10:54:11 | M3 |
-| Finally.cs:61:9:64:9 | After catch (...) {...} [match] | Finally.cs:54:10:54:11 | M3 |
 | Finally.cs:61:9:64:9 | After catch (...) {...} [no-match] | Finally.cs:54:10:54:11 | M3 |
 | Finally.cs:61:9:64:9 | catch (...) {...} | Finally.cs:54:10:54:11 | M3 |
+| Finally.cs:61:38:61:39 | After IOException ex [match] | Finally.cs:54:10:54:11 | M3 |
+| Finally.cs:61:38:61:39 | After IOException ex [no-match] | Finally.cs:54:10:54:11 | M3 |
 | Finally.cs:61:38:61:39 | IOException ex | Finally.cs:54:10:54:11 | M3 |
 | Finally.cs:61:48:61:51 | After true [true] | Finally.cs:54:10:54:11 | M3 |
 | Finally.cs:61:48:61:51 | true | Finally.cs:54:10:54:11 | M3 |
 | Finally.cs:62:9:64:9 | {...} | Finally.cs:54:10:54:11 | M3 |
 | Finally.cs:63:13:63:18 | Before throw ...; | Finally.cs:54:10:54:11 | M3 |
 | Finally.cs:63:13:63:18 | throw ...; | Finally.cs:54:10:54:11 | M3 |
-| Finally.cs:65:9:67:9 | After catch (...) {...} [match] | Finally.cs:54:10:54:11 | M3 |
 | Finally.cs:65:9:67:9 | After catch (...) {...} [no-match] | Finally.cs:54:10:54:11 | M3 |
 | Finally.cs:65:9:67:9 | catch (...) {...} | Finally.cs:54:10:54:11 | M3 |
+| Finally.cs:65:26:65:26 | After Exception e [match] | Finally.cs:54:10:54:11 | M3 |
+| Finally.cs:65:26:65:26 | After Exception e [no-match] | Finally.cs:54:10:54:11 | M3 |
 | Finally.cs:65:26:65:26 | Exception e | Finally.cs:54:10:54:11 | M3 |
 | Finally.cs:65:35:65:35 | access to local variable e | Finally.cs:54:10:54:11 | M3 |
 | Finally.cs:65:35:65:43 | After access to property Message | Finally.cs:54:10:54:11 | M3 |
@@ -3719,9 +3728,10 @@ nodeEnclosing
 | Finally.cs:159:27:159:44 | Before object creation of type Exception | Finally.cs:147:10:147:11 | M8 |
 | Finally.cs:159:27:159:44 | object creation of type Exception | Finally.cs:147:10:147:11 | M8 |
 | Finally.cs:159:41:159:43 | "1" | Finally.cs:147:10:147:11 | M8 |
-| Finally.cs:161:13:164:13 | After catch (...) {...} [match] | Finally.cs:147:10:147:11 | M8 |
 | Finally.cs:161:13:164:13 | After catch (...) {...} [no-match] | Finally.cs:147:10:147:11 | M8 |
 | Finally.cs:161:13:164:13 | catch (...) {...} | Finally.cs:147:10:147:11 | M8 |
+| Finally.cs:161:30:161:30 | After Exception e [match] | Finally.cs:147:10:147:11 | M8 |
+| Finally.cs:161:30:161:30 | After Exception e [no-match] | Finally.cs:147:10:147:11 | M8 |
 | Finally.cs:161:30:161:30 | Exception e | Finally.cs:147:10:147:11 | M8 |
 | Finally.cs:161:39:161:39 | access to local variable e | Finally.cs:147:10:147:11 | M8 |
 | Finally.cs:161:39:161:47 | After access to property Message | Finally.cs:147:10:147:11 | M8 |
@@ -3744,7 +3754,6 @@ nodeEnclosing
 | Finally.cs:163:35:163:41 | Before access to array element | Finally.cs:147:10:147:11 | M8 |
 | Finally.cs:163:35:163:41 | access to array element | Finally.cs:147:10:147:11 | M8 |
 | Finally.cs:163:40:163:40 | 0 | Finally.cs:147:10:147:11 | M8 |
-| Finally.cs:165:13:168:13 | After catch {...} [match] | Finally.cs:147:10:147:11 | M8 |
 | Finally.cs:165:13:168:13 | catch {...} | Finally.cs:147:10:147:11 | M8 |
 | Finally.cs:166:13:168:13 | After {...} | Finally.cs:147:10:147:11 | M8 |
 | Finally.cs:166:13:168:13 | {...} | Finally.cs:147:10:147:11 | M8 |
@@ -3825,9 +3834,11 @@ nodeEnclosing
 | Finally.cs:186:31:186:46 | After object creation of type ExceptionB | Finally.cs:176:10:176:11 | M9 |
 | Finally.cs:186:31:186:46 | Before object creation of type ExceptionB | Finally.cs:176:10:176:11 | M9 |
 | Finally.cs:186:31:186:46 | object creation of type ExceptionB | Finally.cs:176:10:176:11 | M9 |
-| Finally.cs:188:13:191:13 | After catch (...) {...} [match] | Finally.cs:176:10:176:11 | M9 |
 | Finally.cs:188:13:191:13 | After catch (...) {...} [no-match] | Finally.cs:176:10:176:11 | M9 |
 | Finally.cs:188:13:191:13 | catch (...) {...} | Finally.cs:176:10:176:11 | M9 |
+| Finally.cs:188:20:188:29 | After access to type ExceptionB [match] | Finally.cs:176:10:176:11 | M9 |
+| Finally.cs:188:20:188:29 | After access to type ExceptionB [no-match] | Finally.cs:176:10:176:11 | M9 |
+| Finally.cs:188:20:188:29 | access to type ExceptionB | Finally.cs:176:10:176:11 | M9 |
 | Finally.cs:188:38:188:39 | After access to parameter b2 [false] | Finally.cs:176:10:176:11 | M9 |
 | Finally.cs:188:38:188:39 | After access to parameter b2 [true] | Finally.cs:176:10:176:11 | M9 |
 | Finally.cs:188:38:188:39 | access to parameter b2 | Finally.cs:176:10:176:11 | M9 |
@@ -3929,7 +3940,6 @@ nodeEnclosing
 | Finally.cs:220:13:220:37 | ...; | Finally.cs:216:10:216:12 | M11 |
 | Finally.cs:220:13:220:37 | After ...; | Finally.cs:216:10:216:12 | M11 |
 | Finally.cs:220:31:220:35 | "Try" | Finally.cs:216:10:216:12 | M11 |
-| Finally.cs:222:9:225:9 | After catch {...} [match] | Finally.cs:216:10:216:12 | M11 |
 | Finally.cs:222:9:225:9 | catch {...} | Finally.cs:216:10:216:12 | M11 |
 | Finally.cs:223:9:225:9 | After {...} | Finally.cs:216:10:216:12 | M11 |
 | Finally.cs:223:9:225:9 | {...} | Finally.cs:216:10:216:12 | M11 |
@@ -8830,10 +8840,10 @@ blockEnclosing
 | ExitMethods.cs:38:10:38:11 | Entry | ExitMethods.cs:38:10:38:11 | M6 |
 | ExitMethods.cs:38:10:38:11 | Exit | ExitMethods.cs:38:10:38:11 | M6 |
 | ExitMethods.cs:38:10:38:11 | Normal Exit | ExitMethods.cs:38:10:38:11 | M6 |
-| ExitMethods.cs:44:9:47:9 | After catch (...) {...} [match] | ExitMethods.cs:38:10:38:11 | M6 |
-| ExitMethods.cs:44:9:47:9 | After catch (...) {...} [no-match] | ExitMethods.cs:38:10:38:11 | M6 |
-| ExitMethods.cs:48:9:51:9 | After catch (...) {...} [match] | ExitMethods.cs:38:10:38:11 | M6 |
-| ExitMethods.cs:48:9:51:9 | After catch (...) {...} [no-match] | ExitMethods.cs:38:10:38:11 | M6 |
+| ExitMethods.cs:44:16:44:32 | After access to type ArgumentException [match] | ExitMethods.cs:38:10:38:11 | M6 |
+| ExitMethods.cs:44:16:44:32 | After access to type ArgumentException [no-match] | ExitMethods.cs:38:10:38:11 | M6 |
+| ExitMethods.cs:48:16:48:24 | After access to type Exception [match] | ExitMethods.cs:38:10:38:11 | M6 |
+| ExitMethods.cs:48:16:48:24 | After access to type Exception [no-match] | ExitMethods.cs:38:10:38:11 | M6 |
 | ExitMethods.cs:54:10:54:11 | Entry | ExitMethods.cs:54:10:54:11 | M7 |
 | ExitMethods.cs:60:10:60:11 | Entry | ExitMethods.cs:60:10:60:11 | M8 |
 | ExitMethods.cs:66:17:66:26 | Entry | ExitMethods.cs:66:17:66:26 | ErrorMaybe |
@@ -8888,13 +8898,13 @@ blockEnclosing
 | Finally.cs:19:10:19:11 | Normal Exit | Finally.cs:19:10:19:11 | M2 |
 | Finally.cs:21:9:51:9 | After try {...} ... | Finally.cs:19:10:19:11 | M2 |
 | Finally.cs:23:13:23:37 | After call to method WriteLine | Finally.cs:19:10:19:11 | M2 |
-| Finally.cs:26:9:29:9 | After catch (...) {...} [match] | Finally.cs:19:10:19:11 | M2 |
-| Finally.cs:26:9:29:9 | After catch (...) {...} [no-match] | Finally.cs:19:10:19:11 | M2 |
 | Finally.cs:26:9:29:9 | catch (...) {...} | Finally.cs:19:10:19:11 | M2 |
-| Finally.cs:30:9:40:9 | After catch (...) {...} [match] | Finally.cs:19:10:19:11 | M2 |
-| Finally.cs:30:9:40:9 | After catch (...) {...} [no-match] | Finally.cs:19:10:19:11 | M2 |
-| Finally.cs:41:9:43:9 | After catch (...) {...} [match] | Finally.cs:19:10:19:11 | M2 |
-| Finally.cs:41:9:43:9 | After catch (...) {...} [no-match] | Finally.cs:19:10:19:11 | M2 |
+| Finally.cs:26:38:26:39 | After IOException ex [match] | Finally.cs:19:10:19:11 | M2 |
+| Finally.cs:26:38:26:39 | After IOException ex [no-match] | Finally.cs:19:10:19:11 | M2 |
+| Finally.cs:30:41:30:42 | After ArgumentException ex [match] | Finally.cs:19:10:19:11 | M2 |
+| Finally.cs:30:41:30:42 | After ArgumentException ex [no-match] | Finally.cs:19:10:19:11 | M2 |
+| Finally.cs:41:16:41:24 | After access to type Exception [match] | Finally.cs:19:10:19:11 | M2 |
+| Finally.cs:41:16:41:24 | After access to type Exception [no-match] | Finally.cs:19:10:19:11 | M2 |
 | Finally.cs:49:9:51:9 | {...} | Finally.cs:19:10:19:11 | M2 |
 | Finally.cs:54:10:54:11 | Entry | Finally.cs:54:10:54:11 | M3 |
 | Finally.cs:54:10:54:11 | Exceptional Exit | Finally.cs:54:10:54:11 | M3 |
@@ -8902,11 +8912,12 @@ blockEnclosing
 | Finally.cs:54:10:54:11 | Normal Exit | Finally.cs:54:10:54:11 | M3 |
 | Finally.cs:56:9:71:9 | After try {...} ... | Finally.cs:54:10:54:11 | M3 |
 | Finally.cs:58:13:58:37 | After call to method WriteLine | Finally.cs:54:10:54:11 | M3 |
-| Finally.cs:61:9:64:9 | After catch (...) {...} [match] | Finally.cs:54:10:54:11 | M3 |
-| Finally.cs:61:9:64:9 | After catch (...) {...} [no-match] | Finally.cs:54:10:54:11 | M3 |
 | Finally.cs:61:9:64:9 | catch (...) {...} | Finally.cs:54:10:54:11 | M3 |
-| Finally.cs:65:9:67:9 | After catch (...) {...} [match] | Finally.cs:54:10:54:11 | M3 |
+| Finally.cs:61:38:61:39 | After IOException ex [match] | Finally.cs:54:10:54:11 | M3 |
+| Finally.cs:61:38:61:39 | After IOException ex [no-match] | Finally.cs:54:10:54:11 | M3 |
 | Finally.cs:65:9:67:9 | After catch (...) {...} [no-match] | Finally.cs:54:10:54:11 | M3 |
+| Finally.cs:65:26:65:26 | After Exception e [match] | Finally.cs:54:10:54:11 | M3 |
+| Finally.cs:65:26:65:26 | After Exception e [no-match] | Finally.cs:54:10:54:11 | M3 |
 | Finally.cs:65:35:65:51 | After ... != ... [false] | Finally.cs:54:10:54:11 | M3 |
 | Finally.cs:65:35:65:51 | After ... != ... [true] | Finally.cs:54:10:54:11 | M3 |
 | Finally.cs:69:9:71:9 | {...} | Finally.cs:54:10:54:11 | M3 |
@@ -8969,9 +8980,10 @@ blockEnclosing
 | Finally.cs:158:21:158:36 | After ... == ... [false] | Finally.cs:147:10:147:11 | M8 |
 | Finally.cs:158:21:158:36 | After ... == ... [true] | Finally.cs:147:10:147:11 | M8 |
 | Finally.cs:159:27:159:44 | After object creation of type Exception | Finally.cs:147:10:147:11 | M8 |
-| Finally.cs:161:13:164:13 | After catch (...) {...} [match] | Finally.cs:147:10:147:11 | M8 |
 | Finally.cs:161:13:164:13 | After catch (...) {...} [no-match] | Finally.cs:147:10:147:11 | M8 |
 | Finally.cs:161:13:164:13 | catch (...) {...} | Finally.cs:147:10:147:11 | M8 |
+| Finally.cs:161:30:161:30 | After Exception e [match] | Finally.cs:147:10:147:11 | M8 |
+| Finally.cs:161:30:161:30 | After Exception e [no-match] | Finally.cs:147:10:147:11 | M8 |
 | Finally.cs:161:39:161:54 | After ... == ... [false] | Finally.cs:147:10:147:11 | M8 |
 | Finally.cs:161:39:161:54 | After ... == ... [true] | Finally.cs:147:10:147:11 | M8 |
 | Finally.cs:172:11:172:20 | Entry | Finally.cs:172:11:172:20 | ExceptionA |
@@ -8989,9 +9001,10 @@ blockEnclosing
 | Finally.cs:186:21:186:22 | After access to parameter b2 [false] | Finally.cs:176:10:176:11 | M9 |
 | Finally.cs:186:21:186:22 | After access to parameter b2 [true] | Finally.cs:176:10:176:11 | M9 |
 | Finally.cs:186:31:186:46 | After object creation of type ExceptionB | Finally.cs:176:10:176:11 | M9 |
-| Finally.cs:188:13:191:13 | After catch (...) {...} [match] | Finally.cs:176:10:176:11 | M9 |
 | Finally.cs:188:13:191:13 | After catch (...) {...} [no-match] | Finally.cs:176:10:176:11 | M9 |
 | Finally.cs:188:13:191:13 | catch (...) {...} | Finally.cs:176:10:176:11 | M9 |
+| Finally.cs:188:20:188:29 | After access to type ExceptionB [match] | Finally.cs:176:10:176:11 | M9 |
+| Finally.cs:188:20:188:29 | After access to type ExceptionB [no-match] | Finally.cs:176:10:176:11 | M9 |
 | Finally.cs:188:38:188:39 | After access to parameter b2 [false] | Finally.cs:176:10:176:11 | M9 |
 | Finally.cs:188:38:188:39 | After access to parameter b2 [true] | Finally.cs:176:10:176:11 | M9 |
 | Finally.cs:190:21:190:22 | After access to parameter b1 [false] | Finally.cs:176:10:176:11 | M9 |

csharp/ql/test/library-tests/controlflow/graph/EntryElement.expected

@@ -1398,9 +1398,11 @@
 | ExitMethods.cs:42:13:42:31 | ...; | ExitMethods.cs:42:13:42:31 | ...; |
 | ExitMethods.cs:42:25:42:29 | false | ExitMethods.cs:42:25:42:29 | false |
 | ExitMethods.cs:44:9:47:9 | catch (...) {...} | ExitMethods.cs:44:9:47:9 | catch (...) {...} |
+| ExitMethods.cs:44:16:44:32 | access to type ArgumentException | ExitMethods.cs:44:16:44:32 | access to type ArgumentException |
 | ExitMethods.cs:45:9:47:9 | {...} | ExitMethods.cs:45:9:47:9 | {...} |
 | ExitMethods.cs:46:13:46:19 | return ...; | ExitMethods.cs:46:13:46:19 | return ...; |
 | ExitMethods.cs:48:9:51:9 | catch (...) {...} | ExitMethods.cs:48:9:51:9 | catch (...) {...} |
+| ExitMethods.cs:48:16:48:24 | access to type Exception | ExitMethods.cs:48:16:48:24 | access to type Exception |
 | ExitMethods.cs:49:9:51:9 | {...} | ExitMethods.cs:49:9:51:9 | {...} |
 | ExitMethods.cs:50:13:50:19 | return ...; | ExitMethods.cs:50:13:50:19 | return ...; |
 | ExitMethods.cs:55:5:58:5 | {...} | ExitMethods.cs:55:5:58:5 | {...} |
@@ -1569,6 +1571,7 @@
 | Finally.cs:38:23:38:43 | object creation of type Exception | Finally.cs:38:37:38:42 | "Boo!" |
 | Finally.cs:38:37:38:42 | "Boo!" | Finally.cs:38:37:38:42 | "Boo!" |
 | Finally.cs:41:9:43:9 | catch (...) {...} | Finally.cs:41:9:43:9 | catch (...) {...} |
+| Finally.cs:41:16:41:24 | access to type Exception | Finally.cs:41:16:41:24 | access to type Exception |
 | Finally.cs:42:9:43:9 | {...} | Finally.cs:42:9:43:9 | {...} |
 | Finally.cs:44:9:47:9 | catch {...} | Finally.cs:44:9:47:9 | catch {...} |
 | Finally.cs:45:9:47:9 | {...} | Finally.cs:45:9:47:9 | {...} |
@@ -1766,6 +1769,7 @@
 | Finally.cs:186:25:186:47 | throw ...; | Finally.cs:186:31:186:46 | object creation of type ExceptionB |
 | Finally.cs:186:31:186:46 | object creation of type ExceptionB | Finally.cs:186:31:186:46 | object creation of type ExceptionB |
 | Finally.cs:188:13:191:13 | catch (...) {...} | Finally.cs:188:13:191:13 | catch (...) {...} |
+| Finally.cs:188:20:188:29 | access to type ExceptionB | Finally.cs:188:20:188:29 | access to type ExceptionB |
 | Finally.cs:188:38:188:39 | access to parameter b2 | Finally.cs:188:38:188:39 | access to parameter b2 |
 | Finally.cs:189:13:191:13 | {...} | Finally.cs:189:13:191:13 | {...} |
 | Finally.cs:190:17:190:47 | if (...) ... | Finally.cs:190:17:190:47 | if (...) ... |

csharp/ql/test/library-tests/controlflow/graph/NodeGraph.expected

@@ -3062,17 +3062,21 @@
 | ExitMethods.cs:42:13:42:30 | call to method ErrorAlways | ExitMethods.cs:44:9:47:9 | catch (...) {...} | exception |
 | ExitMethods.cs:42:13:42:31 | ...; | ExitMethods.cs:42:13:42:30 | Before call to method ErrorAlways |  |
 | ExitMethods.cs:42:25:42:29 | false | ExitMethods.cs:42:13:42:30 | call to method ErrorAlways |  |
-| ExitMethods.cs:44:9:47:9 | After catch (...) {...} [match] | ExitMethods.cs:45:9:47:9 | {...} |  |
 | ExitMethods.cs:44:9:47:9 | After catch (...) {...} [no-match] | ExitMethods.cs:48:9:51:9 | catch (...) {...} |  |
-| ExitMethods.cs:44:9:47:9 | catch (...) {...} | ExitMethods.cs:44:9:47:9 | After catch (...) {...} [match] | match |
-| ExitMethods.cs:44:9:47:9 | catch (...) {...} | ExitMethods.cs:44:9:47:9 | After catch (...) {...} [no-match] | no-match |
+| ExitMethods.cs:44:9:47:9 | catch (...) {...} | ExitMethods.cs:44:16:44:32 | access to type ArgumentException |  |
+| ExitMethods.cs:44:16:44:32 | After access to type ArgumentException [match] | ExitMethods.cs:45:9:47:9 | {...} |  |
+| ExitMethods.cs:44:16:44:32 | After access to type ArgumentException [no-match] | ExitMethods.cs:44:9:47:9 | After catch (...) {...} [no-match] | no-match |
+| ExitMethods.cs:44:16:44:32 | access to type ArgumentException | ExitMethods.cs:44:16:44:32 | After access to type ArgumentException [match] | match |
+| ExitMethods.cs:44:16:44:32 | access to type ArgumentException | ExitMethods.cs:44:16:44:32 | After access to type ArgumentException [no-match] | no-match |
 | ExitMethods.cs:45:9:47:9 | {...} | ExitMethods.cs:46:13:46:19 | Before return ...; |  |
 | ExitMethods.cs:46:13:46:19 | Before return ...; | ExitMethods.cs:46:13:46:19 | return ...; |  |
 | ExitMethods.cs:46:13:46:19 | return ...; | ExitMethods.cs:38:10:38:11 | Normal Exit | return |
-| ExitMethods.cs:48:9:51:9 | After catch (...) {...} [match] | ExitMethods.cs:49:9:51:9 | {...} |  |
 | ExitMethods.cs:48:9:51:9 | After catch (...) {...} [no-match] | ExitMethods.cs:38:10:38:11 | Exceptional Exit | exception |
-| ExitMethods.cs:48:9:51:9 | catch (...) {...} | ExitMethods.cs:48:9:51:9 | After catch (...) {...} [match] | match |
-| ExitMethods.cs:48:9:51:9 | catch (...) {...} | ExitMethods.cs:48:9:51:9 | After catch (...) {...} [no-match] | no-match |
+| ExitMethods.cs:48:9:51:9 | catch (...) {...} | ExitMethods.cs:48:16:48:24 | access to type Exception |  |
+| ExitMethods.cs:48:16:48:24 | After access to type Exception [match] | ExitMethods.cs:49:9:51:9 | {...} |  |
+| ExitMethods.cs:48:16:48:24 | After access to type Exception [no-match] | ExitMethods.cs:48:9:51:9 | After catch (...) {...} [no-match] | no-match |
+| ExitMethods.cs:48:16:48:24 | access to type Exception | ExitMethods.cs:48:16:48:24 | After access to type Exception [match] | match |
+| ExitMethods.cs:48:16:48:24 | access to type Exception | ExitMethods.cs:48:16:48:24 | After access to type Exception [no-match] | no-match |
 | ExitMethods.cs:49:9:51:9 | {...} | ExitMethods.cs:50:13:50:19 | Before return ...; |  |
 | ExitMethods.cs:50:13:50:19 | Before return ...; | ExitMethods.cs:50:13:50:19 | return ...; |  |
 | ExitMethods.cs:50:13:50:19 | return ...; | ExitMethods.cs:38:10:38:11 | Normal Exit | return |
@@ -3393,21 +3397,23 @@
 | Finally.cs:23:31:23:36 | "Try2" | Finally.cs:23:13:23:37 | call to method WriteLine |  |
 | Finally.cs:24:13:24:19 | Before return ...; | Finally.cs:24:13:24:19 | return ...; |  |
 | Finally.cs:24:13:24:19 | return ...; | Finally.cs:49:9:51:9 | {...} | return |
-| Finally.cs:26:9:29:9 | After catch (...) {...} [match] | Finally.cs:26:38:26:39 | IOException ex |  |
 | Finally.cs:26:9:29:9 | After catch (...) {...} [no-match] | Finally.cs:30:9:40:9 | catch (...) {...} |  |
-| Finally.cs:26:9:29:9 | catch (...) {...} | Finally.cs:26:9:29:9 | After catch (...) {...} [match] | match |
-| Finally.cs:26:9:29:9 | catch (...) {...} | Finally.cs:26:9:29:9 | After catch (...) {...} [no-match] | no-match |
-| Finally.cs:26:38:26:39 | IOException ex | Finally.cs:26:48:26:51 | true |  |
+| Finally.cs:26:9:29:9 | catch (...) {...} | Finally.cs:26:38:26:39 | IOException ex |  |
+| Finally.cs:26:38:26:39 | After IOException ex [match] | Finally.cs:26:48:26:51 | true |  |
+| Finally.cs:26:38:26:39 | After IOException ex [no-match] | Finally.cs:26:9:29:9 | After catch (...) {...} [no-match] | no-match |
+| Finally.cs:26:38:26:39 | IOException ex | Finally.cs:26:38:26:39 | After IOException ex [match] | match |
+| Finally.cs:26:38:26:39 | IOException ex | Finally.cs:26:38:26:39 | After IOException ex [no-match] | no-match |
 | Finally.cs:26:48:26:51 | After true [true] | Finally.cs:27:9:29:9 | {...} |  |
 | Finally.cs:26:48:26:51 | true | Finally.cs:26:48:26:51 | After true [true] | true |
 | Finally.cs:27:9:29:9 | {...} | Finally.cs:28:13:28:18 | Before throw ...; |  |
 | Finally.cs:28:13:28:18 | Before throw ...; | Finally.cs:28:13:28:18 | throw ...; |  |
 | Finally.cs:28:13:28:18 | throw ...; | Finally.cs:49:9:51:9 | {...} | exception |
-| Finally.cs:30:9:40:9 | After catch (...) {...} [match] | Finally.cs:30:41:30:42 | ArgumentException ex |  |
 | Finally.cs:30:9:40:9 | After catch (...) {...} [no-match] | Finally.cs:41:9:43:9 | catch (...) {...} |  |
-| Finally.cs:30:9:40:9 | catch (...) {...} | Finally.cs:30:9:40:9 | After catch (...) {...} [match] | match |
-| Finally.cs:30:9:40:9 | catch (...) {...} | Finally.cs:30:9:40:9 | After catch (...) {...} [no-match] | no-match |
-| Finally.cs:30:41:30:42 | ArgumentException ex | Finally.cs:31:9:40:9 | {...} |  |
+| Finally.cs:30:9:40:9 | catch (...) {...} | Finally.cs:30:41:30:42 | ArgumentException ex |  |
+| Finally.cs:30:41:30:42 | After ArgumentException ex [match] | Finally.cs:31:9:40:9 | {...} |  |
+| Finally.cs:30:41:30:42 | After ArgumentException ex [no-match] | Finally.cs:30:9:40:9 | After catch (...) {...} [no-match] | no-match |
+| Finally.cs:30:41:30:42 | ArgumentException ex | Finally.cs:30:41:30:42 | After ArgumentException ex [match] | match |
+| Finally.cs:30:41:30:42 | ArgumentException ex | Finally.cs:30:41:30:42 | After ArgumentException ex [no-match] | no-match |
 | Finally.cs:31:9:40:9 | {...} | Finally.cs:32:13:39:13 | try {...} ... |  |
 | Finally.cs:32:13:39:13 | try {...} ... | Finally.cs:33:13:35:13 | {...} |  |
 | Finally.cs:33:13:35:13 | {...} | Finally.cs:34:17:34:32 | if (...) ... |  |
@@ -3423,13 +3429,14 @@
 | Finally.cs:38:23:38:43 | Before object creation of type Exception | Finally.cs:38:37:38:42 | "Boo!" |  |
 | Finally.cs:38:23:38:43 | object creation of type Exception | Finally.cs:38:23:38:43 | After object creation of type Exception |  |
 | Finally.cs:38:37:38:42 | "Boo!" | Finally.cs:38:23:38:43 | object creation of type Exception |  |
-| Finally.cs:41:9:43:9 | After catch (...) {...} [match] | Finally.cs:42:9:43:9 | {...} |  |
 | Finally.cs:41:9:43:9 | After catch (...) {...} [no-match] | Finally.cs:44:9:47:9 | catch {...} |  |
-| Finally.cs:41:9:43:9 | catch (...) {...} | Finally.cs:41:9:43:9 | After catch (...) {...} [match] | match |
-| Finally.cs:41:9:43:9 | catch (...) {...} | Finally.cs:41:9:43:9 | After catch (...) {...} [no-match] | no-match |
+| Finally.cs:41:9:43:9 | catch (...) {...} | Finally.cs:41:16:41:24 | access to type Exception |  |
+| Finally.cs:41:16:41:24 | After access to type Exception [match] | Finally.cs:42:9:43:9 | {...} |  |
+| Finally.cs:41:16:41:24 | After access to type Exception [no-match] | Finally.cs:41:9:43:9 | After catch (...) {...} [no-match] | no-match |
+| Finally.cs:41:16:41:24 | access to type Exception | Finally.cs:41:16:41:24 | After access to type Exception [match] | match |
+| Finally.cs:41:16:41:24 | access to type Exception | Finally.cs:41:16:41:24 | After access to type Exception [no-match] | no-match |
 | Finally.cs:42:9:43:9 | {...} | Finally.cs:49:9:51:9 | {...} |  |
-| Finally.cs:44:9:47:9 | After catch {...} [match] | Finally.cs:45:9:47:9 | {...} |  |
-| Finally.cs:44:9:47:9 | catch {...} | Finally.cs:44:9:47:9 | After catch {...} [match] | match |
+| Finally.cs:44:9:47:9 | catch {...} | Finally.cs:45:9:47:9 | {...} |  |
 | Finally.cs:45:9:47:9 | {...} | Finally.cs:46:13:46:19 | Before return ...; |  |
 | Finally.cs:46:13:46:19 | Before return ...; | Finally.cs:46:13:46:19 | return ...; |  |
 | Finally.cs:46:13:46:19 | return ...; | Finally.cs:49:9:51:9 | {...} | return |
@@ -3460,21 +3467,23 @@
 | Finally.cs:58:31:58:36 | "Try3" | Finally.cs:58:13:58:37 | call to method WriteLine |  |
 | Finally.cs:59:13:59:19 | Before return ...; | Finally.cs:59:13:59:19 | return ...; |  |
 | Finally.cs:59:13:59:19 | return ...; | Finally.cs:69:9:71:9 | {...} | return |
-| Finally.cs:61:9:64:9 | After catch (...) {...} [match] | Finally.cs:61:38:61:39 | IOException ex |  |
 | Finally.cs:61:9:64:9 | After catch (...) {...} [no-match] | Finally.cs:65:9:67:9 | catch (...) {...} |  |
-| Finally.cs:61:9:64:9 | catch (...) {...} | Finally.cs:61:9:64:9 | After catch (...) {...} [match] | match |
-| Finally.cs:61:9:64:9 | catch (...) {...} | Finally.cs:61:9:64:9 | After catch (...) {...} [no-match] | no-match |
-| Finally.cs:61:38:61:39 | IOException ex | Finally.cs:61:48:61:51 | true |  |
+| Finally.cs:61:9:64:9 | catch (...) {...} | Finally.cs:61:38:61:39 | IOException ex |  |
+| Finally.cs:61:38:61:39 | After IOException ex [match] | Finally.cs:61:48:61:51 | true |  |
+| Finally.cs:61:38:61:39 | After IOException ex [no-match] | Finally.cs:61:9:64:9 | After catch (...) {...} [no-match] | no-match |
+| Finally.cs:61:38:61:39 | IOException ex | Finally.cs:61:38:61:39 | After IOException ex [match] | match |
+| Finally.cs:61:38:61:39 | IOException ex | Finally.cs:61:38:61:39 | After IOException ex [no-match] | no-match |
 | Finally.cs:61:48:61:51 | After true [true] | Finally.cs:62:9:64:9 | {...} |  |
 | Finally.cs:61:48:61:51 | true | Finally.cs:61:48:61:51 | After true [true] | true |
 | Finally.cs:62:9:64:9 | {...} | Finally.cs:63:13:63:18 | Before throw ...; |  |
 | Finally.cs:63:13:63:18 | Before throw ...; | Finally.cs:63:13:63:18 | throw ...; |  |
 | Finally.cs:63:13:63:18 | throw ...; | Finally.cs:69:9:71:9 | {...} | exception |
-| Finally.cs:65:9:67:9 | After catch (...) {...} [match] | Finally.cs:65:26:65:26 | Exception e |  |
 | Finally.cs:65:9:67:9 | After catch (...) {...} [no-match] | Finally.cs:69:9:71:9 | {...} | exception |
-| Finally.cs:65:9:67:9 | catch (...) {...} | Finally.cs:65:9:67:9 | After catch (...) {...} [match] | match |
-| Finally.cs:65:9:67:9 | catch (...) {...} | Finally.cs:65:9:67:9 | After catch (...) {...} [no-match] | no-match |
-| Finally.cs:65:26:65:26 | Exception e | Finally.cs:65:35:65:51 | Before ... != ... |  |
+| Finally.cs:65:9:67:9 | catch (...) {...} | Finally.cs:65:26:65:26 | Exception e |  |
+| Finally.cs:65:26:65:26 | After Exception e [match] | Finally.cs:65:35:65:51 | Before ... != ... |  |
+| Finally.cs:65:26:65:26 | After Exception e [no-match] | Finally.cs:65:9:67:9 | After catch (...) {...} [no-match] | no-match |
+| Finally.cs:65:26:65:26 | Exception e | Finally.cs:65:26:65:26 | After Exception e [match] | match |
+| Finally.cs:65:26:65:26 | Exception e | Finally.cs:65:26:65:26 | After Exception e [no-match] | no-match |
 | Finally.cs:65:35:65:35 | access to local variable e | Finally.cs:65:35:65:43 | access to property Message |  |
 | Finally.cs:65:35:65:43 | After access to property Message | Finally.cs:65:48:65:51 | null |  |
 | Finally.cs:65:35:65:43 | Before access to property Message | Finally.cs:65:35:65:35 | access to local variable e |  |
@@ -3787,11 +3796,12 @@
 | Finally.cs:159:27:159:44 | object creation of type Exception | Finally.cs:159:27:159:44 | After object creation of type Exception |  |
 | Finally.cs:159:27:159:44 | object creation of type Exception | Finally.cs:161:13:164:13 | catch (...) {...} | exception |
 | Finally.cs:159:41:159:43 | "1" | Finally.cs:159:27:159:44 | object creation of type Exception |  |
-| Finally.cs:161:13:164:13 | After catch (...) {...} [match] | Finally.cs:161:30:161:30 | Exception e |  |
 | Finally.cs:161:13:164:13 | After catch (...) {...} [no-match] | Finally.cs:165:13:168:13 | catch {...} |  |
-| Finally.cs:161:13:164:13 | catch (...) {...} | Finally.cs:161:13:164:13 | After catch (...) {...} [match] | match |
-| Finally.cs:161:13:164:13 | catch (...) {...} | Finally.cs:161:13:164:13 | After catch (...) {...} [no-match] | no-match |
-| Finally.cs:161:30:161:30 | Exception e | Finally.cs:161:39:161:54 | Before ... == ... |  |
+| Finally.cs:161:13:164:13 | catch (...) {...} | Finally.cs:161:30:161:30 | Exception e |  |
+| Finally.cs:161:30:161:30 | After Exception e [match] | Finally.cs:161:39:161:54 | Before ... == ... |  |
+| Finally.cs:161:30:161:30 | After Exception e [no-match] | Finally.cs:161:13:164:13 | After catch (...) {...} [no-match] | no-match |
+| Finally.cs:161:30:161:30 | Exception e | Finally.cs:161:30:161:30 | After Exception e [match] | match |
+| Finally.cs:161:30:161:30 | Exception e | Finally.cs:161:30:161:30 | After Exception e [no-match] | no-match |
 | Finally.cs:161:39:161:39 | access to local variable e | Finally.cs:161:39:161:47 | access to property Message |  |
 | Finally.cs:161:39:161:47 | After access to property Message | Finally.cs:161:52:161:54 | "1" |  |
 | Finally.cs:161:39:161:47 | Before access to property Message | Finally.cs:161:39:161:39 | access to local variable e |  |
@@ -3814,8 +3824,7 @@
 | Finally.cs:163:35:163:41 | Before access to array element | Finally.cs:163:35:163:38 | access to parameter args |  |
 | Finally.cs:163:35:163:41 | access to array element | Finally.cs:163:35:163:41 | After access to array element |  |
 | Finally.cs:163:40:163:40 | 0 | Finally.cs:163:35:163:41 | access to array element |  |
-| Finally.cs:165:13:168:13 | After catch {...} [match] | Finally.cs:166:13:168:13 | {...} |  |
-| Finally.cs:165:13:168:13 | catch {...} | Finally.cs:165:13:168:13 | After catch {...} [match] | match |
+| Finally.cs:165:13:168:13 | catch {...} | Finally.cs:166:13:168:13 | {...} |  |
 | Finally.cs:166:13:168:13 | After {...} | Finally.cs:156:13:168:13 | After try {...} ... |  |
 | Finally.cs:166:13:168:13 | {...} | Finally.cs:167:17:167:38 | ...; |  |
 | Finally.cs:167:17:167:37 | After call to method WriteLine | Finally.cs:167:17:167:38 | After ...; |  |
@@ -3896,10 +3905,12 @@
 | Finally.cs:186:31:186:46 | Before object creation of type ExceptionB | Finally.cs:186:31:186:46 | object creation of type ExceptionB |  |
 | Finally.cs:186:31:186:46 | object creation of type ExceptionB | Finally.cs:186:31:186:46 | After object creation of type ExceptionB |  |
 | Finally.cs:186:31:186:46 | object creation of type ExceptionB | Finally.cs:188:13:191:13 | catch (...) {...} | exception |
-| Finally.cs:188:13:191:13 | After catch (...) {...} [match] | Finally.cs:188:38:188:39 | access to parameter b2 |  |
 | Finally.cs:188:13:191:13 | After catch (...) {...} [no-match] | Finally.cs:176:10:176:11 | Exceptional Exit | exception |
-| Finally.cs:188:13:191:13 | catch (...) {...} | Finally.cs:188:13:191:13 | After catch (...) {...} [match] | match |
-| Finally.cs:188:13:191:13 | catch (...) {...} | Finally.cs:188:13:191:13 | After catch (...) {...} [no-match] | no-match |
+| Finally.cs:188:13:191:13 | catch (...) {...} | Finally.cs:188:20:188:29 | access to type ExceptionB |  |
+| Finally.cs:188:20:188:29 | After access to type ExceptionB [match] | Finally.cs:188:38:188:39 | access to parameter b2 |  |
+| Finally.cs:188:20:188:29 | After access to type ExceptionB [no-match] | Finally.cs:188:13:191:13 | After catch (...) {...} [no-match] | no-match |
+| Finally.cs:188:20:188:29 | access to type ExceptionB | Finally.cs:188:20:188:29 | After access to type ExceptionB [match] | match |
+| Finally.cs:188:20:188:29 | access to type ExceptionB | Finally.cs:188:20:188:29 | After access to type ExceptionB [no-match] | no-match |
 | Finally.cs:188:38:188:39 | After access to parameter b2 [false] | Finally.cs:188:13:191:13 | After catch (...) {...} [no-match] | no-match |
 | Finally.cs:188:38:188:39 | After access to parameter b2 [true] | Finally.cs:189:13:191:13 | {...} |  |
 | Finally.cs:188:38:188:39 | access to parameter b2 | Finally.cs:188:38:188:39 | After access to parameter b2 [false] | false |
@@ -4009,8 +4020,7 @@
 | Finally.cs:220:13:220:37 | ...; | Finally.cs:220:13:220:36 | Before call to method WriteLine |  |
 | Finally.cs:220:13:220:37 | After ...; | Finally.cs:219:9:221:9 | After {...} |  |
 | Finally.cs:220:31:220:35 | "Try" | Finally.cs:220:13:220:36 | call to method WriteLine |  |
-| Finally.cs:222:9:225:9 | After catch {...} [match] | Finally.cs:223:9:225:9 | {...} |  |
-| Finally.cs:222:9:225:9 | catch {...} | Finally.cs:222:9:225:9 | After catch {...} [match] | match |
+| Finally.cs:222:9:225:9 | catch {...} | Finally.cs:223:9:225:9 | {...} |  |
 | Finally.cs:223:9:225:9 | After {...} | Finally.cs:227:9:229:9 | {...} |  |
 | Finally.cs:223:9:225:9 | {...} | Finally.cs:224:13:224:39 | ...; |  |
 | Finally.cs:224:13:224:38 | After call to method WriteLine | Finally.cs:224:13:224:39 | After ...; |  |

csharp/ql/test/library-tests/csharp6/PrintAst.expected

@@ -101,7 +101,8 @@ csharp6.cs:
 #   32|                   0: [IntLiteral] 2
 #   32|                 0: [IntLiteral] 1
 #   34|         1: [SpecificCatchClause] catch (...) {...}
-#   34|           0: [TypeMention] IndexOutOfRangeException
+#   34|           0: [TypeAccess] access to type IndexOutOfRangeException
+#   34|             0: [TypeMention] IndexOutOfRangeException
 #   35|           1: [BlockStmt] {...}
 #   34|           2: [EQExpr] ... == ...
 #   34|             0: [PropertyCall] access to property Value

csharp/ql/test/library-tests/csharp8/switchexprcontrolflow.expected

@@ -336,11 +336,12 @@
 | patterns.cs:142:26:142:34 | { ... } | patterns.cs:142:26:142:34 | After { ... } | semmle.label | successor |
 | patterns.cs:142:31:142:32 | 10 | patterns.cs:142:26:142:34 | { ... } | semmle.label | successor |
 | patterns.cs:142:41:142:41 | 6 | patterns.cs:136:17:143:13 | After ... switch { ... } | semmle.label | successor |
-| patterns.cs:145:9:148:9 | After catch (...) {...} [match] | patterns.cs:145:41:145:42 | InvalidOperationException ex | semmle.label | successor |
 | patterns.cs:145:9:148:9 | After catch (...) {...} [no-match] | patterns.cs:123:10:123:21 | Exceptional Exit | semmle.label | exception |
-| patterns.cs:145:9:148:9 | catch (...) {...} | patterns.cs:145:9:148:9 | After catch (...) {...} [match] | semmle.label | match |
-| patterns.cs:145:9:148:9 | catch (...) {...} | patterns.cs:145:9:148:9 | After catch (...) {...} [no-match] | semmle.label | no-match |
-| patterns.cs:145:41:145:42 | InvalidOperationException ex | patterns.cs:146:9:148:9 | {...} | semmle.label | successor |
+| patterns.cs:145:9:148:9 | catch (...) {...} | patterns.cs:145:41:145:42 | InvalidOperationException ex | semmle.label | successor |
+| patterns.cs:145:41:145:42 | After InvalidOperationException ex [match] | patterns.cs:146:9:148:9 | {...} | semmle.label | successor |
+| patterns.cs:145:41:145:42 | After InvalidOperationException ex [no-match] | patterns.cs:145:9:148:9 | After catch (...) {...} [no-match] | semmle.label | no-match |
+| patterns.cs:145:41:145:42 | InvalidOperationException ex | patterns.cs:145:41:145:42 | After InvalidOperationException ex [match] | semmle.label | match |
+| patterns.cs:145:41:145:42 | InvalidOperationException ex | patterns.cs:145:41:145:42 | After InvalidOperationException ex [no-match] | semmle.label | no-match |
 | patterns.cs:146:9:148:9 | After {...} | patterns.cs:134:9:148:9 | After try {...} ... | semmle.label | successor |
 | patterns.cs:146:9:148:9 | {...} | patterns.cs:147:13:147:51 | ...; | semmle.label | successor |
 | patterns.cs:147:13:147:50 | After call to method WriteLine | patterns.cs:147:13:147:51 | After ...; | semmle.label | successor |

docs/codeql/reusables/supported-versions-compilers.rst

@@ -21,7 +21,7 @@
    Java,"Java 7 to 26 [6]_","javac (OpenJDK and Oracle JDK),
 
    Eclipse compiler for Java (ECJ) [7]_",``.java``
-   Kotlin,"Kotlin 1.8.0 to 2.3.2\ *x*","kotlinc",``.kt``
+   Kotlin,"Kotlin 1.8.0 to 2.4.0\ *x*","kotlinc",``.kt``
    JavaScript,ECMAScript 2022 or lower,Not applicable,"``.js``, ``.jsx``, ``.mjs``, ``.es``, ``.es6``, ``.htm``, ``.html``, ``.xhtm``, ``.xhtml``, ``.vue``, ``.hbs``, ``.ejs``, ``.njk``, ``.json``, ``.yaml``, ``.yml``, ``.raml``, ``.xml`` [8]_"
    Python [9]_,"2.7, 3.5, 3.6, 3.7, 3.8, 3.9, 3.10, 3.11, 3.12, 3.13",Not applicable,``.py``
    Ruby [10]_,"up to 3.3",Not applicable,"``.rb``, ``.erb``, ``.gemspec``, ``Gemfile``"

go/ql/consistency-queries/CfgConsistency.ql

@@ -1,3 +0,0 @@
-import go
-private import semmle.go.controlflow.ControlFlowGraphShared
-import GoCfg::ControlFlow::Consistency

go/ql/lib/change-notes/2026-03-30-shared-cfg-library.md

@@ -1,4 +0,0 @@
----
-category: fix
----
-* The Go control flow graph implementation has been migrated to use the shared CFG library. This is an internal change with no user-visible API changes.

go/ql/lib/printCfg.ql

@@ -1,53 +0,0 @@
-/**
- * @name Print CFG
- * @description Produces a representation of a file's Control Flow Graph.
- *              This query is used by the VS Code extension.
- * @id go/print-cfg
- * @kind graph
- * @tags ide-contextual-queries/print-cfg
- */
-
-import go
-import semmle.go.controlflow.ControlFlowGraph
-private import semmle.go.controlflow.ControlFlowGraphShared
-
-external string selectedSourceFile();
-
-private predicate selectedSourceFileAlias = selectedSourceFile/0;
-
-external int selectedSourceLine();
-
-private predicate selectedSourceLineAlias = selectedSourceLine/0;
-
-external int selectedSourceColumn();
-
-private predicate selectedSourceColumnAlias = selectedSourceColumn/0;
-
-module ViewCfgQueryInput implements GoCfg::ControlFlow::ViewCfgQueryInputSig<File> {
-  predicate selectedSourceFile = selectedSourceFileAlias/0;
-
-  predicate selectedSourceLine = selectedSourceLineAlias/0;
-
-  predicate selectedSourceColumn = selectedSourceColumnAlias/0;
-
-  predicate cfgScopeSpan(
-    CfgScope scope, File file, int startLine, int startColumn, int endLine, int endColumn
-  ) {
-    file = scope.getFile() and
-    scope.getLocation().getStartLine() = startLine and
-    scope.getLocation().getStartColumn() = startColumn and
-    exists(Location loc |
-      loc.getEndLine() = endLine and
-      loc.getEndColumn() = endColumn and
-      loc = scope.(FuncDef).getBody().getLocation()
-    )
-    or
-    file = scope.(File) and
-    startLine = 1 and
-    startColumn = 1 and
-    endLine = file.getNumberOfLines() and
-    endColumn = 999999
-  }
-}
-
-import GoCfg::ControlFlow::ViewCfgQuery<File, ViewCfgQueryInput>

go/ql/lib/semmle/go/Concepts.qll

@@ -431,7 +431,7 @@ private class HeuristicLoggerFunction extends Method {
     )
   }
 
-  override predicate mustNotReturnNormally() { logFunctionPrefix = "Fatal" }
+  override predicate mayReturnNormally() { logFunctionPrefix != "Fatal" }
 
   override predicate mustPanic() { logFunctionPrefix = "Panic" }
 }

go/ql/lib/semmle/go/PrintAst.qll

@@ -1,7 +1,7 @@
 /**
  * Provides queries to pretty-print a Go AST as a graph.
  */
-overlay[local?]
+overlay[local]
 module;
 
 import go

go/ql/lib/semmle/go/Scopes.qll

@@ -437,12 +437,11 @@ class Function extends ValueEntity, @functionobject {
    * This predicate is an over-approximation: it may hold for functions that can never
    * return normally, but it never fails to hold for functions that can.
    *
-   * Library models should not override this predicate; override `mustNotReturnNormally`
-   * instead, so that the control-flow graph construction can take the model into account.
+   * Note this is declared here and not in `DeclaredFunction` so that library models can override this
+   * by extending `Function` rather than having to remember to extend `DeclaredFunction`.
    */
   predicate mayReturnNormally() {
     not this.mustPanic() and
-    not this.mustNotReturnNormally() and
     (ControlFlow::mayReturnNormally(this.getFuncDecl()) or not exists(this.getBody()))
   }
 
@@ -462,16 +461,6 @@ class Function extends ValueEntity, @functionobject {
    */
   predicate mustPanic() { none() }
 
-  /**
-   * Holds if calling this function never returns normally (for example because it
-   * always panics, exits the process, or loops forever).
-   *
-   * Unlike `mayReturnNormally`, this predicate must be defined without reference to
-   * the control-flow graph, so that it can be used during CFG construction to
-   * suppress normal-flow successors of calls to this function.
-   */
-  predicate mustNotReturnNormally() { none() }
-
   /** Gets the number of parameters of this function. */
   int getNumParameter() { result = this.getType().(SignatureType).getNumParameter() }
 

go/ql/lib/semmle/go/Stmt.qll

@@ -761,7 +761,7 @@ class CaseClause extends @caseclause, Stmt, ScopeNode {
    *
    * Note that the default clause does not have any expressions.
    */
-  Expr getAnExpr() { result = this.getExpr(_) }
+  Expr getAnExpr() { result = this.getAChildExpr() }
 
   /**
    * Gets the number of expressions of this `case` clause.

go/ql/lib/semmle/go/controlflow/BasicBlocks.qll

@@ -5,27 +5,66 @@ overlay[local]
 module;
 
 import go
-private import ControlFlowGraphShared
+private import ControlFlowGraphImpl
+private import codeql.controlflow.BasicBlock as BB
+private import codeql.controlflow.SuccessorType
 
-/** A basic block in the control-flow graph. */
-class BasicBlock = GoCfg::Cfg::BasicBlock;
+private module Input implements BB::InputSig<Location> {
+  /** A delineated part of the AST with its own CFG. */
+  class CfgScope = ControlFlow::Root;
 
-/** An entry basic block. */
-class EntryBasicBlock = GoCfg::Cfg::EntryBasicBlock;
+  /** The class of control flow nodes. */
+  class Node = ControlFlowNode;
+
+  /** Gets the CFG scope in which this node occurs. */
+  CfgScope nodeGetCfgScope(Node node) { node.getRoot() = result }
+
+  /** Gets an immediate successor of this node. */
+  Node nodeGetASuccessor(Node node, SuccessorType t) {
+    result = node.getASuccessor() and
+    (
+      not result instanceof ControlFlow::ConditionGuardNode and t instanceof DirectSuccessor
+      or
+      t.(BooleanSuccessor).getValue() = result.(ControlFlow::ConditionGuardNode).getOutcome()
+    )
+  }
+
+  /**
+   * Holds if `node` represents an entry node to be used when calculating
+   * dominance.
+   */
+  predicate nodeIsDominanceEntry(Node node) { node instanceof EntryNode }
+
+  /**
+   * Holds if `node` represents an exit node to be used when calculating
+   * post dominance.
+   */
+  predicate nodeIsPostDominanceExit(Node node) { node instanceof ExitNode }
+}
+
+module Cfg = BB::Make<Location, Input>;
+
+class BasicBlock = Cfg::BasicBlock;
+
+class EntryBasicBlock = Cfg::EntryBasicBlock;
+
+cached
+private predicate reachableBB(BasicBlock bb) {
+  bb instanceof EntryBasicBlock
+  or
+  exists(BasicBlock predBB | predBB.getASuccessor(_) = bb | reachableBB(predBB))
+}
 
 /**
  * A basic block that is reachable from an entry basic block.
- *
- * Since the shared CFG library only creates nodes for reachable code,
- * all basic blocks are reachable by construction.
  */
 class ReachableBasicBlock extends BasicBlock {
-  ReachableBasicBlock() { any() }
+  ReachableBasicBlock() { reachableBB(this) }
 }
 
 /**
  * A reachable basic block with more than one predecessor.
  */
 class ReachableJoinBlock extends ReachableBasicBlock {
-  ReachableJoinBlock() { this.getFirstNode().(ControlFlow::Node).isJoin() }
+  ReachableJoinBlock() { this.getFirstNode().isJoin() }
 }

go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll

@@ -5,17 +5,13 @@ overlay[local]
 module;
 
 import go
-private import ControlFlowGraphShared
+private import ControlFlowGraphImpl
 
-/** Provides helper predicates for mapping between CFG nodes and the AST. */
+/** Provides helper predicates for mapping btween CFG nodes and the AST. */
 module ControlFlow {
   /** A file or function with which a CFG is associated. */
   class Root extends AstNode {
-    Root() {
-      exists(this.(FuncDef).getBody())
-      or
-      exists(this.(File).getADecl())
-    }
+    Root() { exists(this.(File).getADecl()) or exists(this.(FuncDef).getBody()) }
 
     /** Holds if `nd` belongs to this file or function. */
     predicate isRootOf(AstNode nd) {
@@ -33,16 +29,22 @@ module ControlFlow {
   }
 
   /**
-   * A node in the intra-procedural control-flow graph of a Go function.
+   * A node in the intra-procedural control-flow graph of a Go function or file.
    *
    * Nodes correspond to expressions and statements that compute a value or perform
    * an operation (as opposed to providing syntactic structure or type information).
    *
-   * There are also synthetic entry and exit nodes for each Go function
+   * There are also synthetic entry and exit nodes for each Go function and file
    * that mark the beginning and the end, respectively, of the execution of the
-   * function.
+   * function and the loading of the file.
    */
-  class Node extends GoCfg::ControlFlowNode {
+  class Node extends TControlFlowNode {
+    /** Gets a node that directly follows this one in the control-flow graph. */
+    Node getASuccessor() { result = CFG::succ(this) }
+
+    /** Gets a node that directly precedes this one in the control-flow graph. */
+    Node getAPredecessor() { this = result.getASuccessor() }
+
     /** Holds if this is a node with more than one successor. */
     predicate isBranch() { strictcount(this.getASuccessor()) > 1 }
 
@@ -50,23 +52,22 @@ module ControlFlow {
     predicate isJoin() { strictcount(this.getAPredecessor()) > 1 }
 
     /** Holds if this is the first control-flow node in `subtree`. */
-    predicate isFirstNodeOf(AstNode subtree) {
-      this.isBefore(subtree)
-      or
-      this.injects(subtree)
-    }
+    predicate isFirstNodeOf(AstNode subtree) { CFG::firstNode(subtree, this) }
 
-    /** Holds if this node is the (unique) entry node of a function. */
-    predicate isEntryNode() { this instanceof GoCfg::ControlFlow::EntryNode }
+    /** Holds if this node is the (unique) entry node of a function or file. */
+    predicate isEntryNode() { this instanceof MkEntryNode }
 
-    /** Holds if this node is the (unique) exit node of a function. */
-    predicate isExitNode() { this instanceof GoCfg::ControlFlow::ExitNode }
+    /** Holds if this node is the (unique) exit node of a function or file. */
+    predicate isExitNode() { this instanceof MkExitNode }
+
+    /** Gets the basic block to which this node belongs. */
+    BasicBlock getBasicBlock() { result.getANode() = this }
 
     /** Holds if this node dominates `dominee` in the control-flow graph. */
     overlay[caller?]
     pragma[inline]
     predicate dominatesNode(ControlFlow::Node dominee) {
-      exists(GoCfg::Cfg::BasicBlock thisbb, GoCfg::Cfg::BasicBlock dbb, int i, int j |
+      exists(ReachableBasicBlock thisbb, ReachableBasicBlock dbb, int i, int j |
         this = thisbb.getNode(i) and dominee = dbb.getNode(j)
       |
         thisbb.strictlyDominates(dbb)
@@ -75,12 +76,20 @@ module ControlFlow {
       )
     }
 
-    /** Gets the innermost function to which this node belongs. */
-    Root getRoot() { result = this.getEnclosingCallable() }
+    /** Gets the innermost function or file to which this node belongs. */
+    Root getRoot() { none() }
 
     /** Gets the file to which this node belongs. */
     File getFile() { result = this.getLocation().getFile() }
 
+    /**
+     * Gets a textual representation of this control flow node.
+     */
+    string toString() { result = "control-flow node" }
+
+    /** Gets the source location for this element. */
+    Location getLocation() { none() }
+
     /**
      * DEPRECATED: Use `getLocation()` instead.
      *
@@ -104,22 +113,6 @@ module ControlFlow {
     }
   }
 
-  /** A synthetic entry node for a function. */
-  class EntryNode extends Node instanceof GoCfg::ControlFlow::EntryNode { }
-
-  /** A synthetic exit node for a function. */
-  class ExitNode extends Node instanceof GoCfg::ControlFlow::ExitNode { }
-
-  private predicate isBranchConditionRoot(Expr expr) {
-    expr = any(LogicalBinaryExpr lbe).getLeftOperand()
-    or
-    expr = any(ForStmt fs).getCond()
-    or
-    expr = any(IfStmt is).getCond()
-    or
-    expr = any(ExpressionSwitchStmt ess | not exists(ess.getExpr())).getACase().getAnExpr()
-  }
-
   /**
    * A control-flow node that initializes or updates the value of a constant, a variable,
    * a field, or an (array, slice, or map) element.
@@ -179,7 +172,7 @@ module ControlFlow {
       exists(IR::FieldTarget trg | trg = super.getLhs() |
         (
           trg.getBase() = base or
-          trg.getBase() = IR::implicitDerefInstruction(base.(IR::EvalInstruction).getExpr())
+          trg.getBase() = MkImplicitDeref(base.(IR::EvalInstruction).getExpr())
         ) and
         trg.getField() = f and
         super.getRhs() = rhs
@@ -227,7 +220,7 @@ module ControlFlow {
       exists(IR::ElementTarget trg | trg = super.getLhs() |
         (
           trg.getBase() = base or
-          trg.getBase() = IR::implicitDerefInstruction(base.(IR::EvalInstruction).getExpr())
+          trg.getBase() = MkImplicitDeref(base.(IR::EvalInstruction).getExpr())
         ) and
         trg.getIndex() = index and
         super.getRhs() = rhs
@@ -257,19 +250,11 @@ module ControlFlow {
    * A control-flow node recording the fact that a certain expression has a known
    * Boolean value at this point in the program.
    */
-  class ConditionGuardNode extends IR::Instruction {
+  class ConditionGuardNode extends IR::Instruction, MkConditionGuardNode {
     Expr cond;
     boolean outcome;
 
-    ConditionGuardNode() {
-      isBranchConditionRoot(cond) and
-      this.isAfterTrue(cond) and
-      outcome = true
-      or
-      isBranchConditionRoot(cond) and
-      this.isAfterFalse(cond) and
-      outcome = false
-    }
+    ConditionGuardNode() { this = MkConditionGuardNode(cond, outcome) }
 
     private predicate ensuresAux(Expr expr, boolean b) {
       expr = cond and b = outcome
@@ -335,17 +320,21 @@ module ControlFlow {
     boolean getOutcome() { result = outcome }
 
     override Root getRoot() { result.isRootOf(cond) }
+
+    override string toString() { result = cond + " is " + outcome }
+
+    override Location getLocation() { result = cond.getLocation() }
   }
 
   /**
-   * Gets the entry node of function `root`.
+   * Gets the entry node of function or file `root`.
    */
-  EntryNode entryNode(Root root) { result.getEnclosingCallable() = root }
+  Node entryNode(Root root) { result = MkEntryNode(root) }
 
   /**
-   * Gets the exit node of function `root`.
+   * Gets the exit node of function or file `root`.
    */
-  ExitNode exitNode(Root root) { result.getEnclosingCallable() = root }
+  Node exitNode(Root root) { result = MkExitNode(root) }
 
   /**
    * Holds if the function `f` may return without panicking, exiting the process, or looping forever.
@@ -353,12 +342,7 @@ module ControlFlow {
    * This is defined conservatively, and so may also hold of a function that in fact
    * cannot return normally, but never fails to hold of a function that can return normally.
    */
-  predicate mayReturnNormally(FuncDecl f) {
-    exists(GoCfg::ControlFlow::NormalExitNode exit |
-      exit.getEnclosingCallable() = f and
-      exists(exit.getAPredecessor())
-    )
-  }
+  predicate mayReturnNormally(FuncDecl f) { CFG::mayReturnNormally(f.getBody()) }
 
   /**
    * Holds if `pred` is the node for the case `testExpr` in an expression
@@ -368,18 +352,10 @@ module ControlFlow {
   predicate isSwitchCaseTestPassingEdge(
     ControlFlow::Node pred, ControlFlow::Node succ, Expr switchExpr, Expr testExpr
   ) {
-    exists(ExpressionSwitchStmt ess, CaseClause cc, int i |
-      ess.getExpr() = switchExpr and
-      cc = ess.getACase() and
-      testExpr = cc.getExpr(i) and
-      pred.isAfter(testExpr) and
-      succ.isFirstNodeOf(cc.getStmt(0))
-    )
+    CFG::isSwitchCaseTestPassingEdge(pred, succ, switchExpr, testExpr)
   }
 }
 
 class ControlFlowNode = ControlFlow::Node;
 
-class CfgScope = GoCfg::CfgScope;
-
 class Write = ControlFlow::WriteNode;

go/ql/lib/semmle/go/dataflow/GlobalValueNumbering.qll

@@ -200,7 +200,7 @@ private ControlFlow::Node mostRecentSideEffect(ControlFlow::Node entry, ControlF
 
 cached
 private ControlFlow::Node mostRecentSideEffectUnique(ControlFlow::Node node) {
-  result = unique( | | mostRecentSideEffect(getControlFlowEntry(node), node))
+  result = unique( | | mostRecentSideEffect(_, node))
 }
 
 /** Used to represent the "global value number" of an expression. */

go/ql/lib/semmle/go/dataflow/SsaImpl.qll

@@ -9,7 +9,6 @@ module;
 import go
 private import codeql.ssa.Ssa as SsaImplCommon
 private import semmle.go.controlflow.BasicBlocks as BasicBlocks
-private import semmle.go.controlflow.ControlFlowGraphShared
 
 private class BasicBlock = BasicBlocks::BasicBlock;
 
@@ -39,7 +38,7 @@ private module Internal {
   /** Holds if the `i`th node of `bb` in function `f` is an entry node. */
   private predicate entryNode(FuncDef f, BasicBlock bb, int i) {
     f = bb.getScope() and
-    bb.getNode(i).(ControlFlow::Node).isEntryNode()
+    bb.getNode(i).isEntryNode()
   }
 
   /**
@@ -111,7 +110,7 @@ private module Internal {
       v.isCaptured() and
       exists(FuncDef f |
         f = bb.getScope() and
-        bb.getLastNode().(ControlFlow::Node).isExitNode() and
+        bb.getLastNode().isExitNode() and
         i = bb.length() - 1 and
         certain = false
       |
@@ -127,7 +126,7 @@ private module Internal {
 }
 
 import Internal
-import SsaImplCommon::Make<Location, GoCfg::Cfg, SsaInput> as Impl
+import SsaImplCommon::Make<Location, BasicBlocks::Cfg, SsaInput> as Impl
 
 final class Definition = Impl::Definition;
 

go/ql/lib/semmle/go/frameworks/Glog.qll

@@ -59,7 +59,7 @@ module Glog {
     /** Holds if this function takes a format string. */
     predicate formatter() { format = "f" }
 
-    override predicate mustNotReturnNormally() { level = "Fatal" or level = "Exit" }
+    override predicate mayReturnNormally() { level != "Fatal" and level != "Exit" }
   }
 
   private class StringFormatter extends StringOps::Formatting::Range instanceof GlogFunction {

go/ql/lib/semmle/go/frameworks/Logrus.qll

@@ -29,8 +29,8 @@ module Logrus {
       )
     }
 
-    override predicate mustNotReturnNormally() {
-      exists(string level, string suffix | level = ["Fatal", "Panic"] |
+    override predicate mayReturnNormally() {
+      not exists(string level, string suffix | level = ["Fatal", "Panic"] |
         this.getName() = level + suffix
       )
     }

go/ql/lib/semmle/go/frameworks/Revel.qll

@@ -154,7 +154,7 @@ module Revel {
 
   private IR::EvalInstruction skipImplicitFieldReads(IR::Instruction insn) {
     result = insn or
-    result = skipImplicitFieldReads(insn.(IR::ImplicitFieldReadInstruction).getBaseInstruction())
+    result = skipImplicitFieldReads(insn.(IR::ImplicitFieldReadInstruction).getBase())
   }
 
   /** A call to `Controller.Render`. */

go/ql/lib/semmle/go/frameworks/Zap.qll

@@ -54,7 +54,7 @@ module Zap {
       this.hasQualifiedName(packagePath(), "SugaredLogger", "Fatal" + getSuffix())
     }
 
-    override predicate mustNotReturnNormally() { any() }
+    override predicate mayReturnNormally() { none() }
   }
 
   /** A Zap logging function which always panics. */

go/ql/lib/semmle/go/frameworks/stdlib/Log.qll

@@ -44,7 +44,7 @@ module Log {
       )
     }
 
-    override predicate mustNotReturnNormally() { any() }
+    override predicate mayReturnNormally() { none() }
   }
 
   /** A log function which must panic. */

go/ql/lib/semmle/go/frameworks/stdlib/Os.qll

@@ -12,7 +12,7 @@ module Os {
   private class Exit extends Function {
     Exit() { this.hasQualifiedName("os", "Exit") }
 
-    override predicate mustNotReturnNormally() { any() }
+    override predicate mayReturnNormally() { none() }
   }
 
   // These models are not implemented using Models-as-Data because they represent reverse flow.

go/ql/src/RedundantCode/UnreachableStatement.ql

@@ -14,36 +14,11 @@
 
 import go
 
-/**
- * Holds if `s` is reachable, that is, the control-flow graph contains a node for it.
- *
- * The shared control-flow library does not create control-flow nodes for dead code, so an
- * unreachable statement has no first control-flow node.
- */
-predicate isReachable(Stmt s) { exists(s.getFirstControlFlowNode()) }
-
-/** Gets the statement immediately preceding `s` in a statement list, if any. */
-Stmt getPreviousStmt(Stmt s) {
-  exists(BlockStmt b, int i | s = b.getStmt(i) and result = b.getStmt(i - 1))
-  or
-  exists(CaseClause c, int i | s = c.getStmt(i) and result = c.getStmt(i - 1))
-  or
-  exists(CommClause c, int i | s = c.getStmt(i) and result = c.getStmt(i - 1))
-}
-
-/**
- * Holds if `s` is unreachable but the code that would precede it in the control-flow graph is
- * reachable, so that `s` is the first unreachable statement in a run of dead code.
- */
-predicate firstUnreachableStmt(Stmt s) {
-  not isReachable(s) and
-  not s instanceof EmptyStmt and
-  (
-    // a statement whose preceding statement in the same list is reachable
-    isReachable(getPreviousStmt(s))
-    or
-    // the post statement of a `for` loop whose body is entered
-    exists(ForStmt f | s = f.getPost() and isReachable(f.getBody().getAStmt()))
+ControlFlow::Node nonGuardPredecessor(ControlFlow::Node nd) {
+  exists(ControlFlow::Node pred | pred = nd.getAPredecessor() |
+    if pred instanceof ControlFlow::ConditionGuardNode
+    then result = nonGuardPredecessor(pred)
+    else result = pred
   )
 }
 
@@ -88,13 +63,18 @@ predicate allowlist(Stmt s) {
     forall(Expr retval | retval = ret.getAnExpr() | isAllowedReturnValue(retval))
   )
   or
-  // statements deliberately made unreachable by a constant condition, such as the code
-  // following `if true { return }`
-  exists(getPreviousStmt(s).(IfStmt).getCond().getBoolValue())
+  // statements in an `if false { ... }` and similar
+  exists(IfStmt is, ControlFlow::ConditionGuardNode iffalse, Expr cond, boolean b |
+    iffalse.getCondition() = is.getCond() and
+    iffalse = s.getFirstControlFlowNode().getAPredecessor() and
+    cond.getBoolValue() = b and
+    iffalse.ensures(DataFlow::exprNode(cond), b.booleanNot())
+  )
 }
 
-from Stmt s
+from Stmt s, ControlFlow::Node fst
 where
-  firstUnreachableStmt(s) and
+  fst = s.getFirstControlFlowNode() and
+  not exists(nonGuardPredecessor(fst)) and
   not allowlist(s)
 select s, "This statement is unreachable."

go/ql/test/example-tests/snippets/fieldwrite.expected

@@ -1 +1 @@
-| main.go:23:3:23:21 | assign:0 ... = ... | main.go:23:17:23:21 | "200" |
+| main.go:23:3:23:13 | assignment to field Status | main.go:23:17:23:21 | "200" |

go/ql/test/example-tests/snippets/typeinfo.expected

@@ -2,7 +2,7 @@
 | file://:0:0:0:0 | [summary param] -1 in Clone |
 | file://:0:0:0:0 | [summary param] -1 in Write |
 | file://:0:0:0:0 | [summary param] -1 in WriteProxy |
-| main.go:18:103:26:1 | SSA def(req) |
-| main.go:18:103:26:1 | arg:0 block statement |
+| main.go:18:12:18:14 | SSA def(req) |
+| main.go:18:12:18:14 | argument corresponding to req |
 | main.go:20:5:20:7 | req |
 | main.go:20:5:20:7 | req [postupdate] |

go/ql/test/example-tests/snippets/varwrite.expected

@@ -1 +1 @@
-| main.go:29:2:29:31 | assign:0 ... := ... | main.go:29:9:29:31 | call to test1 |
+| main.go:29:2:29:4 | assignment to err | main.go:29:9:29:31 | call to test1 |

go/ql/test/experimental/CWE-285/PamAuthBypass.expected

@@ -1 +1 @@
-| main.go:10:2:12:3 | extract:0 ... := ... | This Pam transaction may not be secure. |
+| main.go:10:2:12:3 | ... := ...[0] | This Pam transaction may not be secure. |

go/ql/test/experimental/CWE-369/DivideByZero.expected

@@ -8,23 +8,23 @@
 edges
 | DivideByZero.go:10:12:10:16 | selection of URL | DivideByZero.go:10:12:10:24 | call to Query | provenance | Src:MaD:1 MaD:2 |
 | DivideByZero.go:10:12:10:24 | call to Query | DivideByZero.go:11:27:11:32 | param1 | provenance |  |
-| DivideByZero.go:11:2:11:33 | extract:0 ... := ... | DivideByZero.go:12:16:12:20 | value | provenance |  |
-| DivideByZero.go:11:27:11:32 | param1 | DivideByZero.go:11:2:11:33 | extract:0 ... := ... | provenance | Config |
+| DivideByZero.go:11:2:11:33 | ... := ...[0] | DivideByZero.go:12:16:12:20 | value | provenance |  |
+| DivideByZero.go:11:27:11:32 | param1 | DivideByZero.go:11:2:11:33 | ... := ...[0] | provenance | Config |
 | DivideByZero.go:17:12:17:16 | selection of URL | DivideByZero.go:17:12:17:24 | call to Query | provenance | Src:MaD:1 MaD:2 |
 | DivideByZero.go:17:12:17:24 | call to Query | DivideByZero.go:18:11:18:24 | type conversion | provenance |  |
 | DivideByZero.go:18:11:18:24 | type conversion | DivideByZero.go:19:16:19:20 | value | provenance |  |
 | DivideByZero.go:24:12:24:16 | selection of URL | DivideByZero.go:24:12:24:24 | call to Query | provenance | Src:MaD:1 MaD:2 |
 | DivideByZero.go:24:12:24:24 | call to Query | DivideByZero.go:25:31:25:36 | param1 | provenance |  |
-| DivideByZero.go:25:2:25:45 | extract:0 ... := ... | DivideByZero.go:26:16:26:20 | value | provenance |  |
-| DivideByZero.go:25:31:25:36 | param1 | DivideByZero.go:25:2:25:45 | extract:0 ... := ... | provenance | Config |
+| DivideByZero.go:25:2:25:45 | ... := ...[0] | DivideByZero.go:26:16:26:20 | value | provenance |  |
+| DivideByZero.go:25:31:25:36 | param1 | DivideByZero.go:25:2:25:45 | ... := ...[0] | provenance | Config |
 | DivideByZero.go:31:12:31:16 | selection of URL | DivideByZero.go:31:12:31:24 | call to Query | provenance | Src:MaD:1 MaD:2 |
 | DivideByZero.go:31:12:31:24 | call to Query | DivideByZero.go:32:33:32:38 | param1 | provenance |  |
-| DivideByZero.go:32:2:32:43 | extract:0 ... := ... | DivideByZero.go:33:16:33:20 | value | provenance |  |
-| DivideByZero.go:32:33:32:38 | param1 | DivideByZero.go:32:2:32:43 | extract:0 ... := ... | provenance | Config |
+| DivideByZero.go:32:2:32:43 | ... := ...[0] | DivideByZero.go:33:16:33:20 | value | provenance |  |
+| DivideByZero.go:32:33:32:38 | param1 | DivideByZero.go:32:2:32:43 | ... := ...[0] | provenance | Config |
 | DivideByZero.go:38:12:38:16 | selection of URL | DivideByZero.go:38:12:38:24 | call to Query | provenance | Src:MaD:1 MaD:2 |
 | DivideByZero.go:38:12:38:24 | call to Query | DivideByZero.go:39:32:39:37 | param1 | provenance |  |
-| DivideByZero.go:39:2:39:46 | extract:0 ... := ... | DivideByZero.go:40:16:40:20 | value | provenance |  |
-| DivideByZero.go:39:32:39:37 | param1 | DivideByZero.go:39:2:39:46 | extract:0 ... := ... | provenance | Config |
+| DivideByZero.go:39:2:39:46 | ... := ...[0] | DivideByZero.go:40:16:40:20 | value | provenance |  |
+| DivideByZero.go:39:32:39:37 | param1 | DivideByZero.go:39:2:39:46 | ... := ...[0] | provenance | Config |
 | DivideByZero.go:54:12:54:16 | selection of URL | DivideByZero.go:54:12:54:24 | call to Query | provenance | Src:MaD:1 MaD:2 |
 | DivideByZero.go:54:12:54:24 | call to Query | DivideByZero.go:55:11:55:24 | type conversion | provenance |  |
 | DivideByZero.go:55:11:55:24 | type conversion | DivideByZero.go:57:17:57:21 | value | provenance |  |
@@ -34,7 +34,7 @@ models
 nodes
 | DivideByZero.go:10:12:10:16 | selection of URL | semmle.label | selection of URL |
 | DivideByZero.go:10:12:10:24 | call to Query | semmle.label | call to Query |
-| DivideByZero.go:11:2:11:33 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
+| DivideByZero.go:11:2:11:33 | ... := ...[0] | semmle.label | ... := ...[0] |
 | DivideByZero.go:11:27:11:32 | param1 | semmle.label | param1 |
 | DivideByZero.go:12:16:12:20 | value | semmle.label | value |
 | DivideByZero.go:17:12:17:16 | selection of URL | semmle.label | selection of URL |
@@ -43,17 +43,17 @@ nodes
 | DivideByZero.go:19:16:19:20 | value | semmle.label | value |
 | DivideByZero.go:24:12:24:16 | selection of URL | semmle.label | selection of URL |
 | DivideByZero.go:24:12:24:24 | call to Query | semmle.label | call to Query |
-| DivideByZero.go:25:2:25:45 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
+| DivideByZero.go:25:2:25:45 | ... := ...[0] | semmle.label | ... := ...[0] |
 | DivideByZero.go:25:31:25:36 | param1 | semmle.label | param1 |
 | DivideByZero.go:26:16:26:20 | value | semmle.label | value |
 | DivideByZero.go:31:12:31:16 | selection of URL | semmle.label | selection of URL |
 | DivideByZero.go:31:12:31:24 | call to Query | semmle.label | call to Query |
-| DivideByZero.go:32:2:32:43 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
+| DivideByZero.go:32:2:32:43 | ... := ...[0] | semmle.label | ... := ...[0] |
 | DivideByZero.go:32:33:32:38 | param1 | semmle.label | param1 |
 | DivideByZero.go:33:16:33:20 | value | semmle.label | value |
 | DivideByZero.go:38:12:38:16 | selection of URL | semmle.label | selection of URL |
 | DivideByZero.go:38:12:38:24 | call to Query | semmle.label | call to Query |
-| DivideByZero.go:39:2:39:46 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
+| DivideByZero.go:39:2:39:46 | ... := ...[0] | semmle.label | ... := ...[0] |
 | DivideByZero.go:39:32:39:37 | param1 | semmle.label | param1 |
 | DivideByZero.go:40:16:40:20 | value | semmle.label | value |
 | DivideByZero.go:54:12:54:16 | selection of URL | semmle.label | selection of URL |

go/ql/test/experimental/CWE-74/DsnInjectionLocal.expected

@@ -8,14 +8,14 @@ edges
 | Dsn.go:28:102:28:109 | index expression | Dsn.go:28:11:28:110 | []type{args} [array] | provenance |  |
 | Dsn.go:28:102:28:109 | index expression | Dsn.go:28:11:28:110 | call to Sprintf | provenance | FunctionModel |
 | Dsn.go:63:9:63:11 | cfg [postupdate] [pointer] | Dsn.go:67:102:67:104 | cfg [pointer] | provenance |  |
-| Dsn.go:63:9:63:11 | implicit-deref cfg [postupdate] | Dsn.go:63:9:63:11 | cfg [postupdate] [pointer] | provenance |  |
-| Dsn.go:63:9:63:11 | implicit-deref cfg [postupdate] | Dsn.go:67:102:67:108 | selection of dsn | provenance |  |
+| Dsn.go:63:9:63:11 | implicit dereference [postupdate] | Dsn.go:63:9:63:11 | cfg [postupdate] [pointer] | provenance |  |
+| Dsn.go:63:9:63:11 | implicit dereference [postupdate] | Dsn.go:67:102:67:108 | selection of dsn | provenance |  |
 | Dsn.go:63:19:63:25 | selection of Args | Dsn.go:63:19:63:29 | slice expression | provenance | Src:MaD:1  |
-| Dsn.go:63:19:63:29 | slice expression | Dsn.go:63:9:63:11 | implicit-deref cfg [postupdate] | provenance | FunctionModel |
+| Dsn.go:63:19:63:29 | slice expression | Dsn.go:63:9:63:11 | implicit dereference [postupdate] | provenance | FunctionModel |
 | Dsn.go:67:11:67:109 | []type{args} [array] | Dsn.go:67:11:67:109 | call to Sprintf | provenance | MaD:2 |
 | Dsn.go:67:11:67:109 | call to Sprintf | Dsn.go:68:29:68:33 | dbDSN | provenance |  |
-| Dsn.go:67:102:67:104 | cfg [pointer] | Dsn.go:67:102:67:104 | implicit-deref cfg | provenance |  |
-| Dsn.go:67:102:67:104 | implicit-deref cfg | Dsn.go:67:102:67:108 | selection of dsn | provenance |  |
+| Dsn.go:67:102:67:104 | cfg [pointer] | Dsn.go:67:102:67:104 | implicit dereference | provenance |  |
+| Dsn.go:67:102:67:104 | implicit dereference | Dsn.go:67:102:67:108 | selection of dsn | provenance |  |
 | Dsn.go:67:102:67:108 | selection of dsn | Dsn.go:67:11:67:109 | []type{args} [array] | provenance |  |
 | Dsn.go:67:102:67:108 | selection of dsn | Dsn.go:67:11:67:109 | call to Sprintf | provenance | FunctionModel |
 models
@@ -28,13 +28,13 @@ nodes
 | Dsn.go:28:102:28:109 | index expression | semmle.label | index expression |
 | Dsn.go:29:29:29:33 | dbDSN | semmle.label | dbDSN |
 | Dsn.go:63:9:63:11 | cfg [postupdate] [pointer] | semmle.label | cfg [postupdate] [pointer] |
-| Dsn.go:63:9:63:11 | implicit-deref cfg [postupdate] | semmle.label | implicit-deref cfg [postupdate] |
+| Dsn.go:63:9:63:11 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] |
 | Dsn.go:63:19:63:25 | selection of Args | semmle.label | selection of Args |
 | Dsn.go:63:19:63:29 | slice expression | semmle.label | slice expression |
 | Dsn.go:67:11:67:109 | []type{args} [array] | semmle.label | []type{args} [array] |
 | Dsn.go:67:11:67:109 | call to Sprintf | semmle.label | call to Sprintf |
 | Dsn.go:67:102:67:104 | cfg [pointer] | semmle.label | cfg [pointer] |
-| Dsn.go:67:102:67:104 | implicit-deref cfg | semmle.label | implicit-deref cfg |
+| Dsn.go:67:102:67:104 | implicit dereference | semmle.label | implicit dereference |
 | Dsn.go:67:102:67:108 | selection of dsn | semmle.label | selection of dsn |
 | Dsn.go:68:29:68:33 | dbDSN | semmle.label | dbDSN |
 subpaths

go/ql/test/experimental/CWE-918/SSRF.expected

@@ -24,9 +24,9 @@ edges
 | builtin.go:112:21:112:31 | call to Referer | builtin.go:115:15:115:28 | untrustedInput | provenance | Src:MaD:8  |
 | builtin.go:130:21:130:31 | call to Referer | builtin.go:133:38:133:51 | untrustedInput | provenance | Src:MaD:8  |
 | builtin.go:151:16:151:36 | call to FormValue | builtin.go:154:13:154:22 | unsafehost | provenance | Src:MaD:7  |
-| builtin.go:154:2:154:4 | implicit-deref url [postupdate] | builtin.go:154:2:154:4 | url [postupdate] | provenance |  |
+| builtin.go:154:2:154:4 | implicit dereference [postupdate] | builtin.go:154:2:154:4 | url [postupdate] | provenance |  |
 | builtin.go:154:2:154:4 | url [postupdate] | builtin.go:156:21:156:23 | url | provenance |  |
-| builtin.go:154:13:154:22 | unsafehost | builtin.go:154:2:154:4 | implicit-deref url [postupdate] | provenance | Config |
+| builtin.go:154:13:154:22 | unsafehost | builtin.go:154:2:154:4 | implicit dereference [postupdate] | provenance | Config |
 | builtin.go:154:13:154:22 | unsafehost | builtin.go:154:2:154:4 | url [postupdate] | provenance | Config |
 | builtin.go:156:21:156:23 | url | builtin.go:156:21:156:32 | call to String | provenance | MaD:12 |
 | new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:31:48:31:56 | selection of word | provenance | Src:MaD:3  |
@@ -43,8 +43,8 @@ edges
 | new-tests.go:35:49:35:57 | selection of word | new-tests.go:35:12:35:58 | call to Sprintf | provenance | FunctionModel |
 | new-tests.go:39:18:39:30 | call to Param | new-tests.go:47:11:47:46 | ...+... | provenance | Src:MaD:1  |
 | new-tests.go:49:18:49:30 | call to Query | new-tests.go:50:11:50:46 | ...+... | provenance | Src:MaD:2  |
-| new-tests.go:62:2:62:39 | extract:0 ... := ... | new-tests.go:63:17:63:23 | reqBody | provenance |  |
-| new-tests.go:62:31:62:38 | selection of Body | new-tests.go:62:2:62:39 | extract:0 ... := ... | provenance | Src:MaD:6 MaD:13 |
+| new-tests.go:62:2:62:39 | ... := ...[0] | new-tests.go:63:17:63:23 | reqBody | provenance |  |
+| new-tests.go:62:31:62:38 | selection of Body | new-tests.go:62:2:62:39 | ... := ...[0] | provenance | Src:MaD:6 MaD:13 |
 | new-tests.go:63:17:63:23 | reqBody | new-tests.go:63:26:63:30 | &... [postupdate] | provenance | MaD:10 |
 | new-tests.go:63:26:63:30 | &... [postupdate] | new-tests.go:68:48:68:56 | selection of word | provenance |  |
 | new-tests.go:63:26:63:30 | &... [postupdate] | new-tests.go:69:48:69:56 | selection of safe | provenance |  |
@@ -95,7 +95,7 @@ nodes
 | builtin.go:130:21:130:31 | call to Referer | semmle.label | call to Referer |
 | builtin.go:133:38:133:51 | untrustedInput | semmle.label | untrustedInput |
 | builtin.go:151:16:151:36 | call to FormValue | semmle.label | call to FormValue |
-| builtin.go:154:2:154:4 | implicit-deref url [postupdate] | semmle.label | implicit-deref url [postupdate] |
+| builtin.go:154:2:154:4 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] |
 | builtin.go:154:2:154:4 | url [postupdate] | semmle.label | url [postupdate] |
 | builtin.go:154:13:154:22 | unsafehost | semmle.label | unsafehost |
 | builtin.go:156:21:156:23 | url | semmle.label | url |
@@ -114,7 +114,7 @@ nodes
 | new-tests.go:47:11:47:46 | ...+... | semmle.label | ...+... |
 | new-tests.go:49:18:49:30 | call to Query | semmle.label | call to Query |
 | new-tests.go:50:11:50:46 | ...+... | semmle.label | ...+... |
-| new-tests.go:62:2:62:39 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
+| new-tests.go:62:2:62:39 | ... := ...[0] | semmle.label | ... := ...[0] |
 | new-tests.go:62:31:62:38 | selection of Body | semmle.label | selection of Body |
 | new-tests.go:63:17:63:23 | reqBody | semmle.label | reqBody |
 | new-tests.go:63:26:63:30 | &... [postupdate] | semmle.label | &... [postupdate] |

go/ql/test/experimental/Unsafe/WrongUsageOfUnsafe.expected

@@ -22,8 +22,8 @@ edges
 | WrongUsageOfUnsafe.go:166:33:166:57 | type conversion | WrongUsageOfUnsafe.go:166:16:166:58 | type conversion | provenance |  |
 | WrongUsageOfUnsafe.go:189:31:189:55 | type conversion | WrongUsageOfUnsafe.go:189:16:189:56 | type conversion | provenance |  |
 | WrongUsageOfUnsafe.go:211:31:211:60 | type conversion | WrongUsageOfUnsafe.go:211:16:211:61 | type conversion | provenance |  |
-| WrongUsageOfUnsafe.go:227:31:227:55 | type conversion | WrongUsageOfUnsafe.go:236:53:245:1 | SSA def(req) | provenance |  |
-| WrongUsageOfUnsafe.go:236:53:245:1 | SSA def(req) | WrongUsageOfUnsafe.go:243:9:243:27 | type conversion | provenance |  |
+| WrongUsageOfUnsafe.go:227:31:227:55 | type conversion | WrongUsageOfUnsafe.go:236:21:236:23 | SSA def(req) | provenance |  |
+| WrongUsageOfUnsafe.go:236:21:236:23 | SSA def(req) | WrongUsageOfUnsafe.go:243:9:243:27 | type conversion | provenance |  |
 | WrongUsageOfUnsafe.go:256:28:256:52 | type conversion | WrongUsageOfUnsafe.go:256:16:256:53 | type conversion | provenance |  |
 | WrongUsageOfUnsafe.go:274:25:274:49 | type conversion | WrongUsageOfUnsafe.go:274:16:274:50 | type conversion | provenance |  |
 | WrongUsageOfUnsafe.go:292:23:292:47 | type conversion | WrongUsageOfUnsafe.go:292:16:292:48 | type conversion | provenance |  |
@@ -51,7 +51,7 @@ nodes
 | WrongUsageOfUnsafe.go:211:16:211:61 | type conversion | semmle.label | type conversion |
 | WrongUsageOfUnsafe.go:211:31:211:60 | type conversion | semmle.label | type conversion |
 | WrongUsageOfUnsafe.go:227:31:227:55 | type conversion | semmle.label | type conversion |
-| WrongUsageOfUnsafe.go:236:53:245:1 | SSA def(req) | semmle.label | SSA def(req) |
+| WrongUsageOfUnsafe.go:236:21:236:23 | SSA def(req) | semmle.label | SSA def(req) |
 | WrongUsageOfUnsafe.go:243:9:243:27 | type conversion | semmle.label | type conversion |
 | WrongUsageOfUnsafe.go:256:16:256:53 | type conversion | semmle.label | type conversion |
 | WrongUsageOfUnsafe.go:256:28:256:52 | type conversion | semmle.label | type conversion |

go/ql/test/extractor-tests/go1.17/CFG.expected

@@ -1,156 +1,64 @@
 nodes
 edges
-| conversions.go:0:0:0:0 | After conversions.go | conversions.go:0:0:0:0 | Normal Exit |
-| conversions.go:0:0:0:0 | Entry | conversions.go:0:0:0:0 | conversions.go |
-| conversions.go:0:0:0:0 | Normal Exit | conversions.go:0:0:0:0 | Exit |
-| conversions.go:0:0:0:0 | conversions.go | conversions.go:3:1:3:15 | import declaration |
-| conversions.go:3:1:3:15 | After import declaration | conversions.go:5:1:5:29 | Before function declaration |
-| conversions.go:3:1:3:15 | import declaration | conversions.go:3:8:3:15 | import specifier |
-| conversions.go:3:8:3:15 | import specifier | conversions.go:3:1:3:15 | After import declaration |
-| conversions.go:5:1:5:29 | After function declaration | conversions.go:7:1:26:1 | Before function declaration |
-| conversions.go:5:1:5:29 | Before function declaration | conversions.go:5:1:5:29 | function declaration |
-| conversions.go:5:1:5:29 | Entry | conversions.go:5:28:5:29 | block statement |
-| conversions.go:5:1:5:29 | Normal Exit | conversions.go:5:1:5:29 | Exit |
-| conversions.go:5:1:5:29 | function declaration | conversions.go:5:1:5:29 | After function declaration |
-| conversions.go:5:28:5:29 | After block statement | conversions.go:5:1:5:29 | Normal Exit |
-| conversions.go:5:28:5:29 | arg:0 block statement | conversions.go:5:28:5:29 | param-init:0 block statement |
-| conversions.go:5:28:5:29 | block statement | conversions.go:5:28:5:29 | arg:0 block statement |
-| conversions.go:5:28:5:29 | param-init:0 block statement | conversions.go:5:28:5:29 | After block statement |
-| conversions.go:7:1:26:1 | After function declaration | conversions.go:0:0:0:0 | After conversions.go |
-| conversions.go:7:1:26:1 | Before function declaration | conversions.go:7:1:26:1 | function declaration |
-| conversions.go:7:1:26:1 | Entry | conversions.go:7:13:26:1 | block statement |
-| conversions.go:7:1:26:1 | Exceptional Exit | conversions.go:7:1:26:1 | Exit |
-| conversions.go:7:1:26:1 | Normal Exit | conversions.go:7:1:26:1 | Exit |
-| conversions.go:7:1:26:1 | function declaration | conversions.go:7:1:26:1 | After function declaration |
-| conversions.go:7:13:26:1 | After block statement | conversions.go:7:1:26:1 | Normal Exit |
-| conversions.go:7:13:26:1 | block statement | conversions.go:8:2:8:21 | declaration statement |
-| conversions.go:8:2:8:21 | After declaration statement | conversions.go:10:2:10:23 | ... := ... |
-| conversions.go:8:2:8:21 | After variable declaration | conversions.go:8:2:8:21 | After declaration statement |
-| conversions.go:8:2:8:21 | declaration statement | conversions.go:8:2:8:21 | variable declaration |
-| conversions.go:8:2:8:21 | variable declaration | conversions.go:8:6:8:21 | value declaration specifier |
-| conversions.go:8:6:8:21 | After value declaration specifier | conversions.go:8:2:8:21 | After variable declaration |
-| conversions.go:8:6:8:21 | assign:0 value declaration specifier | conversions.go:8:6:8:21 | After value declaration specifier |
-| conversions.go:8:6:8:21 | value declaration specifier | conversions.go:8:6:8:21 | zero-init:0 value declaration specifier |
-| conversions.go:8:6:8:21 | zero-init:0 value declaration specifier | conversions.go:8:6:8:21 | assign:0 value declaration specifier |
-| conversions.go:10:2:10:23 | ... := ... | conversions.go:10:7:10:23 | Before call to Add |
-| conversions.go:10:2:10:23 | After ... := ... | conversions.go:11:2:11:7 | expression statement |
-| conversions.go:10:2:10:23 | assign:0 ... := ... | conversions.go:10:2:10:23 | After ... := ... |
-| conversions.go:10:7:10:16 | After selection of Add | conversions.go:10:18:10:18 | Before a |
-| conversions.go:10:7:10:16 | Before selection of Add | conversions.go:10:7:10:16 | selection of Add |
-| conversions.go:10:7:10:16 | selection of Add | conversions.go:10:7:10:16 | After selection of Add |
-| conversions.go:10:7:10:23 | After call to Add | conversions.go:10:2:10:23 | assign:0 ... := ... |
-| conversions.go:10:7:10:23 | Before call to Add | conversions.go:10:7:10:16 | Before selection of Add |
-| conversions.go:10:7:10:23 | call to Add | conversions.go:10:7:10:23 | After call to Add |
-| conversions.go:10:18:10:18 | After a | conversions.go:10:21:10:22 | Before 10 |
-| conversions.go:10:18:10:18 | Before a | conversions.go:10:18:10:18 | a |
-| conversions.go:10:18:10:18 | a | conversions.go:10:18:10:18 | After a |
-| conversions.go:10:21:10:22 | 10 | conversions.go:10:21:10:22 | After 10 |
-| conversions.go:10:21:10:22 | After 10 | conversions.go:10:7:10:23 | call to Add |
-| conversions.go:10:21:10:22 | Before 10 | conversions.go:10:21:10:22 | 10 |
-| conversions.go:11:2:11:4 | After use | conversions.go:11:6:11:6 | Before b |
-| conversions.go:11:2:11:4 | Before use | conversions.go:11:2:11:4 | use |
-| conversions.go:11:2:11:4 | use | conversions.go:11:2:11:4 | After use |
-| conversions.go:11:2:11:7 | After call to use | conversions.go:11:2:11:7 | After expression statement |
-| conversions.go:11:2:11:7 | After expression statement | conversions.go:13:2:13:13 | declaration statement |
-| conversions.go:11:2:11:7 | Before call to use | conversions.go:11:2:11:4 | Before use |
-| conversions.go:11:2:11:7 | call to use | conversions.go:7:1:26:1 | Exceptional Exit |
-| conversions.go:11:2:11:7 | call to use | conversions.go:11:2:11:7 | After call to use |
-| conversions.go:11:2:11:7 | expression statement | conversions.go:11:2:11:7 | Before call to use |
-| conversions.go:11:6:11:6 | After b | conversions.go:11:2:11:7 | call to use |
-| conversions.go:11:6:11:6 | Before b | conversions.go:11:6:11:6 | b |
-| conversions.go:11:6:11:6 | b | conversions.go:11:6:11:6 | After b |
-| conversions.go:13:2:13:13 | After declaration statement | conversions.go:14:2:14:31 | ... := ... |
-| conversions.go:13:2:13:13 | After variable declaration | conversions.go:13:2:13:13 | After declaration statement |
-| conversions.go:13:2:13:13 | declaration statement | conversions.go:13:2:13:13 | variable declaration |
-| conversions.go:13:2:13:13 | variable declaration | conversions.go:13:6:13:13 | value declaration specifier |
-| conversions.go:13:6:13:13 | After value declaration specifier | conversions.go:13:2:13:13 | After variable declaration |
-| conversions.go:13:6:13:13 | assign:0 value declaration specifier | conversions.go:13:6:13:13 | After value declaration specifier |
-| conversions.go:13:6:13:13 | value declaration specifier | conversions.go:13:6:13:13 | zero-init:0 value declaration specifier |
-| conversions.go:13:6:13:13 | zero-init:0 value declaration specifier | conversions.go:13:6:13:13 | assign:0 value declaration specifier |
-| conversions.go:14:2:14:31 | ... := ... | conversions.go:14:11:14:31 | Before call to Slice |
-| conversions.go:14:2:14:31 | After ... := ... | conversions.go:17:2:17:25 | ... := ... |
-| conversions.go:14:2:14:31 | assign:0 ... := ... | conversions.go:14:2:14:31 | After ... := ... |
-| conversions.go:14:11:14:22 | After selection of Slice | conversions.go:14:24:14:26 | Before arr |
-| conversions.go:14:11:14:22 | Before selection of Slice | conversions.go:14:11:14:22 | selection of Slice |
-| conversions.go:14:11:14:22 | selection of Slice | conversions.go:14:11:14:22 | After selection of Slice |
-| conversions.go:14:11:14:31 | After call to Slice | conversions.go:14:2:14:31 | assign:0 ... := ... |
-| conversions.go:14:11:14:31 | Before call to Slice | conversions.go:14:11:14:22 | Before selection of Slice |
-| conversions.go:14:11:14:31 | call to Slice | conversions.go:14:11:14:31 | After call to Slice |
-| conversions.go:14:24:14:26 | After arr | conversions.go:14:29:14:30 | Before 20 |
-| conversions.go:14:24:14:26 | Before arr | conversions.go:14:24:14:26 | arr |
-| conversions.go:14:24:14:26 | arr | conversions.go:14:24:14:26 | After arr |
-| conversions.go:14:29:14:30 | 20 | conversions.go:14:29:14:30 | After 20 |
-| conversions.go:14:29:14:30 | After 20 | conversions.go:14:11:14:31 | call to Slice |
-| conversions.go:14:29:14:30 | Before 20 | conversions.go:14:29:14:30 | 20 |
-| conversions.go:17:2:17:25 | ... := ... | conversions.go:17:9:17:25 | Before type conversion |
-| conversions.go:17:2:17:25 | After ... := ... | conversions.go:18:2:18:9 | expression statement |
-| conversions.go:17:2:17:25 | assign:0 ... := ... | conversions.go:17:2:17:25 | After ... := ... |
-| conversions.go:17:9:17:25 | After type conversion | conversions.go:17:2:17:25 | assign:0 ... := ... |
-| conversions.go:17:9:17:25 | Before type conversion | conversions.go:17:20:17:24 | Before slice |
-| conversions.go:17:9:17:25 | type conversion | conversions.go:7:1:26:1 | Exceptional Exit |
-| conversions.go:17:9:17:25 | type conversion | conversions.go:17:9:17:25 | After type conversion |
-| conversions.go:17:20:17:24 | After slice | conversions.go:17:9:17:25 | type conversion |
-| conversions.go:17:20:17:24 | Before slice | conversions.go:17:20:17:24 | slice |
-| conversions.go:17:20:17:24 | slice | conversions.go:17:20:17:24 | After slice |
-| conversions.go:18:2:18:4 | After use | conversions.go:18:6:18:8 | Before ptr |
-| conversions.go:18:2:18:4 | Before use | conversions.go:18:2:18:4 | use |
-| conversions.go:18:2:18:4 | use | conversions.go:18:2:18:4 | After use |
-| conversions.go:18:2:18:9 | After call to use | conversions.go:18:2:18:9 | After expression statement |
-| conversions.go:18:2:18:9 | After expression statement | conversions.go:21:2:21:18 | ... := ... |
-| conversions.go:18:2:18:9 | Before call to use | conversions.go:18:2:18:4 | Before use |
-| conversions.go:18:2:18:9 | call to use | conversions.go:7:1:26:1 | Exceptional Exit |
-| conversions.go:18:2:18:9 | call to use | conversions.go:18:2:18:9 | After call to use |
-| conversions.go:18:2:18:9 | expression statement | conversions.go:18:2:18:9 | Before call to use |
-| conversions.go:18:6:18:8 | After ptr | conversions.go:18:2:18:9 | call to use |
-| conversions.go:18:6:18:8 | Before ptr | conversions.go:18:6:18:8 | ptr |
-| conversions.go:18:6:18:8 | ptr | conversions.go:18:6:18:8 | After ptr |
-| conversions.go:21:2:21:18 | ... := ... | conversions.go:21:9:21:18 | Before "a string" |
-| conversions.go:21:2:21:18 | After ... := ... | conversions.go:22:2:22:21 | ... := ... |
-| conversions.go:21:2:21:18 | assign:0 ... := ... | conversions.go:21:2:21:18 | After ... := ... |
-| conversions.go:21:9:21:18 | "a string" | conversions.go:21:9:21:18 | After "a string" |
-| conversions.go:21:9:21:18 | After "a string" | conversions.go:21:2:21:18 | assign:0 ... := ... |
-| conversions.go:21:9:21:18 | Before "a string" | conversions.go:21:9:21:18 | "a string" |
-| conversions.go:22:2:22:21 | ... := ... | conversions.go:22:11:22:21 | Before type conversion |
-| conversions.go:22:2:22:21 | After ... := ... | conversions.go:23:2:23:11 | expression statement |
-| conversions.go:22:2:22:21 | assign:0 ... := ... | conversions.go:22:2:22:21 | After ... := ... |
-| conversions.go:22:11:22:21 | After type conversion | conversions.go:22:2:22:21 | assign:0 ... := ... |
-| conversions.go:22:11:22:21 | Before type conversion | conversions.go:22:18:22:20 | Before str |
-| conversions.go:22:11:22:21 | type conversion | conversions.go:22:11:22:21 | After type conversion |
-| conversions.go:22:18:22:20 | After str | conversions.go:22:11:22:21 | type conversion |
-| conversions.go:22:18:22:20 | Before str | conversions.go:22:18:22:20 | str |
-| conversions.go:22:18:22:20 | str | conversions.go:22:18:22:20 | After str |
-| conversions.go:23:2:23:4 | After use | conversions.go:23:6:23:10 | Before bytes |
-| conversions.go:23:2:23:4 | Before use | conversions.go:23:2:23:4 | use |
-| conversions.go:23:2:23:4 | use | conversions.go:23:2:23:4 | After use |
-| conversions.go:23:2:23:11 | After call to use | conversions.go:23:2:23:11 | After expression statement |
-| conversions.go:23:2:23:11 | After expression statement | conversions.go:24:2:24:21 | ... := ... |
-| conversions.go:23:2:23:11 | Before call to use | conversions.go:23:2:23:4 | Before use |
-| conversions.go:23:2:23:11 | call to use | conversions.go:7:1:26:1 | Exceptional Exit |
-| conversions.go:23:2:23:11 | call to use | conversions.go:23:2:23:11 | After call to use |
-| conversions.go:23:2:23:11 | expression statement | conversions.go:23:2:23:11 | Before call to use |
-| conversions.go:23:6:23:10 | After bytes | conversions.go:23:2:23:11 | call to use |
-| conversions.go:23:6:23:10 | Before bytes | conversions.go:23:6:23:10 | bytes |
-| conversions.go:23:6:23:10 | bytes | conversions.go:23:6:23:10 | After bytes |
-| conversions.go:24:2:24:21 | ... := ... | conversions.go:24:11:24:21 | Before type conversion |
-| conversions.go:24:2:24:21 | After ... := ... | conversions.go:25:2:25:11 | expression statement |
-| conversions.go:24:2:24:21 | assign:0 ... := ... | conversions.go:24:2:24:21 | After ... := ... |
-| conversions.go:24:11:24:21 | After type conversion | conversions.go:24:2:24:21 | assign:0 ... := ... |
-| conversions.go:24:11:24:21 | Before type conversion | conversions.go:24:18:24:20 | Before str |
-| conversions.go:24:11:24:21 | type conversion | conversions.go:24:11:24:21 | After type conversion |
-| conversions.go:24:18:24:20 | After str | conversions.go:24:11:24:21 | type conversion |
-| conversions.go:24:18:24:20 | Before str | conversions.go:24:18:24:20 | str |
-| conversions.go:24:18:24:20 | str | conversions.go:24:18:24:20 | After str |
-| conversions.go:25:2:25:4 | After use | conversions.go:25:6:25:10 | Before runes |
-| conversions.go:25:2:25:4 | Before use | conversions.go:25:2:25:4 | use |
-| conversions.go:25:2:25:4 | use | conversions.go:25:2:25:4 | After use |
-| conversions.go:25:2:25:11 | After call to use | conversions.go:25:2:25:11 | After expression statement |
-| conversions.go:25:2:25:11 | After expression statement | conversions.go:7:13:26:1 | After block statement |
-| conversions.go:25:2:25:11 | Before call to use | conversions.go:25:2:25:4 | Before use |
-| conversions.go:25:2:25:11 | call to use | conversions.go:7:1:26:1 | Exceptional Exit |
-| conversions.go:25:2:25:11 | call to use | conversions.go:25:2:25:11 | After call to use |
-| conversions.go:25:2:25:11 | expression statement | conversions.go:25:2:25:11 | Before call to use |
-| conversions.go:25:6:25:10 | After runes | conversions.go:25:2:25:11 | call to use |
-| conversions.go:25:6:25:10 | Before runes | conversions.go:25:6:25:10 | runes |
-| conversions.go:25:6:25:10 | runes | conversions.go:25:6:25:10 | After runes |
+| conversions.go:0:0:0:0 | entry | conversions.go:3:1:3:15 | skip |
+| conversions.go:3:1:3:15 | skip | conversions.go:5:6:5:8 | skip |
+| conversions.go:5:1:5:29 | entry | conversions.go:5:10:5:10 | argument corresponding to _ |
+| conversions.go:5:1:5:29 | function declaration | conversions.go:7:6:7:9 | skip |
+| conversions.go:5:6:5:8 | skip | conversions.go:5:1:5:29 | function declaration |
+| conversions.go:5:10:5:10 | argument corresponding to _ | conversions.go:5:10:5:10 | initialization of _ |
+| conversions.go:5:10:5:10 | initialization of _ | conversions.go:5:28:5:29 | skip |
+| conversions.go:5:28:5:29 | skip | conversions.go:5:1:5:29 | exit |
+| conversions.go:7:1:26:1 | entry | conversions.go:8:6:8:6 | skip |
+| conversions.go:7:1:26:1 | function declaration | conversions.go:0:0:0:0 | exit |
+| conversions.go:7:6:7:9 | skip | conversions.go:7:1:26:1 | function declaration |
+| conversions.go:8:6:8:6 | assignment to a | conversions.go:10:2:10:2 | skip |
+| conversions.go:8:6:8:6 | skip | conversions.go:8:6:8:6 | zero value for a |
+| conversions.go:8:6:8:6 | zero value for a | conversions.go:8:6:8:6 | assignment to a |
+| conversions.go:10:2:10:2 | assignment to b | conversions.go:11:2:11:4 | use |
+| conversions.go:10:2:10:2 | skip | conversions.go:10:7:10:16 | selection of Add |
+| conversions.go:10:7:10:16 | selection of Add | conversions.go:10:18:10:18 | a |
+| conversions.go:10:7:10:23 | call to Add | conversions.go:10:2:10:2 | assignment to b |
+| conversions.go:10:18:10:18 | a | conversions.go:10:21:10:22 | 10 |
+| conversions.go:10:21:10:22 | 10 | conversions.go:10:7:10:23 | call to Add |
+| conversions.go:11:2:11:4 | use | conversions.go:11:6:11:6 | b |
+| conversions.go:11:2:11:7 | call to use | conversions.go:7:1:26:1 | exit |
+| conversions.go:11:2:11:7 | call to use | conversions.go:13:6:13:8 | skip |
+| conversions.go:11:6:11:6 | b | conversions.go:11:2:11:7 | call to use |
+| conversions.go:13:6:13:8 | assignment to arr | conversions.go:14:2:14:6 | skip |
+| conversions.go:13:6:13:8 | skip | conversions.go:13:6:13:8 | zero value for arr |
+| conversions.go:13:6:13:8 | zero value for arr | conversions.go:13:6:13:8 | assignment to arr |
+| conversions.go:14:2:14:6 | assignment to slice | conversions.go:17:2:17:4 | skip |
+| conversions.go:14:2:14:6 | skip | conversions.go:14:11:14:22 | selection of Slice |
+| conversions.go:14:11:14:22 | selection of Slice | conversions.go:14:24:14:26 | arr |
+| conversions.go:14:11:14:31 | call to Slice | conversions.go:14:2:14:6 | assignment to slice |
+| conversions.go:14:24:14:26 | arr | conversions.go:14:29:14:30 | 20 |
+| conversions.go:14:29:14:30 | 20 | conversions.go:14:11:14:31 | call to Slice |
+| conversions.go:17:2:17:4 | assignment to ptr | conversions.go:18:2:18:4 | use |
+| conversions.go:17:2:17:4 | skip | conversions.go:17:20:17:24 | slice |
+| conversions.go:17:9:17:25 | type conversion | conversions.go:7:1:26:1 | exit |
+| conversions.go:17:9:17:25 | type conversion | conversions.go:17:2:17:4 | assignment to ptr |
+| conversions.go:17:20:17:24 | slice | conversions.go:17:9:17:25 | type conversion |
+| conversions.go:18:2:18:4 | use | conversions.go:18:6:18:8 | ptr |
+| conversions.go:18:2:18:9 | call to use | conversions.go:7:1:26:1 | exit |
+| conversions.go:18:2:18:9 | call to use | conversions.go:21:2:21:4 | skip |
+| conversions.go:18:6:18:8 | ptr | conversions.go:18:2:18:9 | call to use |
+| conversions.go:21:2:21:4 | assignment to str | conversions.go:22:2:22:6 | skip |
+| conversions.go:21:2:21:4 | skip | conversions.go:21:9:21:18 | "a string" |
+| conversions.go:21:9:21:18 | "a string" | conversions.go:21:2:21:4 | assignment to str |
+| conversions.go:22:2:22:6 | assignment to bytes | conversions.go:23:2:23:4 | use |
+| conversions.go:22:2:22:6 | skip | conversions.go:22:18:22:20 | str |
+| conversions.go:22:11:22:21 | type conversion | conversions.go:22:2:22:6 | assignment to bytes |
+| conversions.go:22:18:22:20 | str | conversions.go:22:11:22:21 | type conversion |
+| conversions.go:23:2:23:4 | use | conversions.go:23:6:23:10 | bytes |
+| conversions.go:23:2:23:11 | call to use | conversions.go:7:1:26:1 | exit |
+| conversions.go:23:2:23:11 | call to use | conversions.go:24:2:24:6 | skip |
+| conversions.go:23:6:23:10 | bytes | conversions.go:23:2:23:11 | call to use |
+| conversions.go:24:2:24:6 | assignment to runes | conversions.go:25:2:25:4 | use |
+| conversions.go:24:2:24:6 | skip | conversions.go:24:18:24:20 | str |
+| conversions.go:24:11:24:21 | type conversion | conversions.go:24:2:24:6 | assignment to runes |
+| conversions.go:24:18:24:20 | str | conversions.go:24:11:24:21 | type conversion |
+| conversions.go:25:2:25:4 | use | conversions.go:25:6:25:10 | runes |
+| conversions.go:25:2:25:11 | call to use | conversions.go:7:1:26:1 | exit |
+| conversions.go:25:6:25:10 | runes | conversions.go:25:2:25:11 | call to use |
 #select
 |  |

go/ql/test/library-tests/semmle/go/IR/test.expected

@@ -1,6 +1,10 @@
-| test.go:9:2:9:16 | extract:0 ... := ... | test.go:9:13:9:16 | <-... | 0 | file://:0:0:0:0 | bool |
-| test.go:9:2:9:16 | extract:1 ... := ... | test.go:9:13:9:16 | <-... | 1 | file://:0:0:0:0 | bool |
-| test.go:15:2:15:20 | extract:0 ... := ... | test.go:15:13:15:20 | index expression | 0 | file://:0:0:0:0 | string |
-| test.go:15:2:15:20 | extract:1 ... := ... | test.go:15:13:15:20 | index expression | 1 | file://:0:0:0:0 | bool |
-| test.go:21:2:21:22 | extract:0 ... := ... | test.go:21:13:21:22 | type assertion | 0 | file://:0:0:0:0 | string |
-| test.go:21:2:21:22 | extract:1 ... := ... | test.go:21:13:21:22 | type assertion | 1 | file://:0:0:0:0 | bool |
+| test.go:9:2:9:16 | ... := ...[0] | test.go:9:13:9:16 | <-... | 0 | file://:0:0:0:0 | bool |
+| test.go:9:2:9:16 | ... := ...[1] | test.go:9:13:9:16 | <-... | 1 | file://:0:0:0:0 | bool |
+| test.go:15:2:15:20 | ... := ...[0] | test.go:15:13:15:20 | index expression | 0 | file://:0:0:0:0 | string |
+| test.go:15:2:15:20 | ... := ...[1] | test.go:15:13:15:20 | index expression | 1 | file://:0:0:0:0 | bool |
+| test.go:21:2:21:22 | ... := ...[0] | test.go:21:13:21:22 | type assertion | 0 | file://:0:0:0:0 | string |
+| test.go:21:2:21:22 | ... := ...[1] | test.go:21:13:21:22 | type assertion | 1 | file://:0:0:0:0 | bool |
+| test.go:29:2:29:7 | call to f[0] | test.go:29:4:29:6 | call to g | 0 | file://:0:0:0:0 | int |
+| test.go:29:2:29:7 | call to f[1] | test.go:29:4:29:6 | call to g | 1 | file://:0:0:0:0 | int |
+| test.go:33:2:33:7 | call to f[0] | test.go:33:4:33:6 | call to v | 0 | file://:0:0:0:0 | int |
+| test.go:33:2:33:7 | call to f[1] | test.go:33:4:33:6 | call to v | 1 | file://:0:0:0:0 | int |

go/ql/test/library-tests/semmle/go/Scopes/EntityWrite.expected

@@ -1,6 +1,6 @@
 | main.go:6:2:6:2 | x | main.go:24:2:24:9 | increment statement |
-| main.go:13:7:13:10 | recv | main.go:13:27:15:1 | param-init:-1 block statement |
-| main.go:17:10:17:10 | x | main.go:17:32:21:1 | param-init:0 block statement |
-| main.go:17:26:17:26 | y | main.go:17:32:21:1 | param-init:1 block statement |
-| main.go:23:7:23:10 | recv | main.go:23:23:25:1 | param-init:-1 block statement |
-| types.go:33:22:33:22 | a | types.go:33:34:35:1 | param-init:0 block statement |
+| main.go:13:7:13:10 | recv | main.go:13:7:13:10 | initialization of recv |
+| main.go:17:10:17:10 | x | main.go:17:10:17:10 | initialization of x |
+| main.go:17:26:17:26 | y | main.go:17:26:17:26 | initialization of y |
+| main.go:23:7:23:10 | recv | main.go:23:7:23:10 | initialization of recv |
+| types.go:33:22:33:22 | a | types.go:33:22:33:22 | initialization of a |

go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph/NoretFunctions.expected

@@ -19,3 +19,4 @@
 | stmts7.go:10:6:10:15 | canRecover | github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph.canRecover |
 | stmts.go:10:6:10:10 | test5 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph.test5 |
 | stmts.go:46:6:46:10 | test6 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph.test6 |
+| stmts.go:112:6:112:10 | test9 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph.test9 |

go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected

@@ -4,9 +4,9 @@ invalidModelRow
 | test.go:40:8:40:15 | call to Src2 | qltest |
 | test.go:40:8:40:15 | call to Src2 | qltest-w-subtypes |
 | test.go:41:8:41:16 | call to Src2 | qltest-w-subtypes |
-| test.go:42:2:42:21 | extract:0 ... = ... | qltest |
-| test.go:42:2:42:21 | extract:1 ... = ... | qltest-w-subtypes |
-| test.go:43:2:43:22 | extract:1 ... = ... | qltest-w-subtypes |
+| test.go:42:2:42:21 | ... = ...[0] | qltest |
+| test.go:42:2:42:21 | ... = ...[1] | qltest-w-subtypes |
+| test.go:43:2:43:22 | ... = ...[1] | qltest-w-subtypes |
 | test.go:44:11:44:13 | arg [postupdate] | qltest-arg |
 | test.go:59:9:59:16 | call to Src1 | qltest |
 | test.go:102:46:102:53 | call to Src1 | qltest |
@@ -22,4 +22,4 @@ invalidModelRow
 | test.go:187:24:187:31 | call to Src1 | qltest |
 | test.go:191:24:191:31 | call to Src1 | qltest |
 | test.go:209:10:209:28 | selection of SourceVariable | qltest |
-| test.go:216:37:218:1 | SSA def(src) | qltest |
+| test.go:216:15:216:17 | SSA def(src) | qltest |

go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/steps.expected

@@ -1,14 +1,14 @@
 invalidModelRow
 #select
 | test.go:17:23:17:25 | arg | test.go:17:10:17:26 | call to StepArgRes |
-| test.go:18:27:18:29 | arg | test.go:18:2:18:30 | extract:1 ... = ... |
+| test.go:18:27:18:29 | arg | test.go:18:2:18:30 | ... = ...[1] |
 | test.go:19:15:19:17 | arg | test.go:19:20:19:23 | arg1 [postupdate] |
 | test.go:21:16:21:18 | arg | test.go:21:2:21:2 | t [postupdate] |
 | test.go:22:10:22:10 | t | test.go:22:10:22:24 | call to StepQualRes |
 | test.go:23:2:23:2 | t | test.go:23:16:23:18 | arg [postupdate] |
 | test.go:24:32:24:34 | arg | test.go:24:10:24:35 | call to StepArgResNoQual |
 | test.go:61:25:61:27 | src | test.go:61:12:61:28 | call to StepArgRes |
-| test.go:64:29:64:31 | src | test.go:64:2:64:32 | extract:1 ... := ... |
+| test.go:64:29:64:31 | src | test.go:64:2:64:32 | ... := ...[1] |
 | test.go:68:15:68:17 | src | test.go:68:20:68:25 | taint3 [postupdate] |
 | test.go:76:21:76:23 | src | test.go:76:2:76:7 | taint4 [postupdate] |
 | test.go:79:13:79:25 | type assertion | test.go:79:12:79:40 | call to StepQualRes |

go/ql/test/library-tests/semmle/go/dataflow/GlobalValueNumbering/GlobalValueNumber.expected

@@ -1,40 +1,42 @@
-| main.go:6:2:6:5 | implicit-one increment statement | main.go:14:7:14:7 | 1 |
-| main.go:10:2:10:7 | SSA def(x) | main.go:10:7:10:7 | 0 |
+| main.go:6:2:6:5 | 1 | main.go:14:7:14:7 | 1 |
+| main.go:10:2:10:2 | SSA def(x) | main.go:10:7:10:7 | 0 |
 | main.go:10:7:10:7 | 0 | main.go:10:7:10:7 | 0 |
-| main.go:11:6:11:10 | SSA def(y) | main.go:10:7:10:7 | 0 |
-| main.go:11:6:11:10 | zero-init:0 value declaration specifier | main.go:10:7:10:7 | 0 |
+| main.go:11:6:11:6 | SSA def(y) | main.go:10:7:10:7 | 0 |
+| main.go:11:6:11:6 | zero value for y | main.go:10:7:10:7 | 0 |
 | main.go:12:2:12:18 | call to Println | main.go:12:2:12:18 | call to Println |
 | main.go:12:14:12:14 | x | main.go:10:7:10:7 | 0 |
 | main.go:12:17:12:17 | y | main.go:10:7:10:7 | 0 |
-| main.go:14:2:14:7 | SSA def(z) | main.go:14:7:14:7 | 1 |
+| main.go:14:2:14:2 | SSA def(z) | main.go:14:7:14:7 | 1 |
 | main.go:14:7:14:7 | 1 | main.go:14:7:14:7 | 1 |
 | main.go:15:2:15:9 | call to bump | main.go:15:2:15:9 | call to bump |
 | main.go:16:2:16:21 | call to Println | main.go:16:2:16:21 | call to Println |
 | main.go:16:14:16:14 | x | main.go:10:7:10:7 | 0 |
 | main.go:16:17:16:17 | y | main.go:10:7:10:7 | 0 |
-| main.go:18:2:18:24 | SSA def(ss) | main.go:18:8:18:24 | call to make |
+| main.go:18:2:18:3 | SSA def(ss) | main.go:18:8:18:24 | call to make |
 | main.go:18:8:18:24 | call to make | main.go:18:8:18:24 | call to make |
 | main.go:18:23:18:23 | 3 | main.go:18:23:18:23 | 3 |
 | main.go:19:5:19:5 | 2 | main.go:19:5:19:5 | 2 |
 | main.go:19:10:19:24 | "Hello, world!" | main.go:19:10:19:24 | "Hello, world!" |
 | main.go:20:2:20:16 | call to Println | main.go:20:2:20:16 | call to Println |
-| main.go:23:23:26:1 | result-read:0 block statement | main.go:24:8:24:8 | 4 |
-| main.go:24:2:24:8 | SSA def(res) | main.go:24:8:24:8 | 4 |
+| main.go:23:14:23:16 | implicit read of res | main.go:24:8:24:8 | 4 |
+| main.go:23:14:23:16 | zero value for res | main.go:10:7:10:7 | 0 |
+| main.go:24:2:24:4 | SSA def(res) | main.go:24:8:24:8 | 4 |
 | main.go:24:8:24:8 | 4 | main.go:24:8:24:8 | 4 |
-| main.go:28:24:31:1 | result-read:0 block statement | main.go:29:8:29:8 | 5 |
-| main.go:29:2:29:8 | SSA def(res) | main.go:29:8:29:8 | 5 |
+| main.go:28:15:28:17 | implicit read of res | main.go:30:9:30:9 | 6 |
+| main.go:28:15:28:17 | zero value for res | main.go:10:7:10:7 | 0 |
 | main.go:29:8:29:8 | 5 | main.go:29:8:29:8 | 5 |
 | main.go:30:9:30:9 | 6 | main.go:30:9:30:9 | 6 |
-| main.go:34:2:34:8 | SSA def(res) | main.go:34:8:34:8 | 7 |
+| main.go:30:9:30:9 | SSA def(res) | main.go:30:9:30:9 | 6 |
+| main.go:33:15:33:17 | zero value for res | main.go:10:7:10:7 | 0 |
 | main.go:34:8:34:8 | 7 | main.go:34:8:34:8 | 7 |
 | main.go:35:8:37:4 | function call | main.go:35:8:37:4 | function call |
-| main.go:36:3:36:9 | SSA def(res) | main.go:36:9:36:9 | 8 |
+| main.go:36:3:36:5 | SSA def(res) | main.go:36:9:36:9 | 8 |
 | main.go:36:9:36:9 | 8 | main.go:36:9:36:9 | 8 |
 | main.go:38:9:38:9 | 9 | main.go:38:9:38:9 | 9 |
+| main.go:38:9:38:9 | SSA def(res) | main.go:38:9:38:9 | 9 |
 | regressions.go:5:11:5:31 | call to Sizeof | regressions.go:5:11:5:31 | call to Sizeof |
-| regressions.go:5:25:5:30 | call to test | regressions.go:5:25:5:30 | call to test |
 | regressions.go:7:11:7:15 | false | regressions.go:7:11:7:15 | false |
-| regressions.go:9:12:9:12 | d | regressions.go:7:11:7:15 | false |
+| regressions.go:9:11:9:12 | !... | regressions.go:11:11:11:14 | true |
 | regressions.go:11:11:11:14 | true | regressions.go:11:11:11:14 | true |
 | regressions.go:30:9:30:22 | call to getPayload | regressions.go:30:9:30:22 | call to getPayload |
 | regressions.go:30:26:30:39 | call to getPayload | regressions.go:30:26:30:39 | call to getPayload |

go/ql/test/library-tests/semmle/go/dataflow/ReadsAndWrites/readsElement.expected

@@ -1,3 +1,3 @@
 | tst.go:19:10:19:14 | index expression | tst.go:19:10:19:11 | xs | tst.go:19:13:19:13 | 1 |
-| tst.go:20:10:20:14 | index expression | tst.go:20:10:20:11 | implicit-deref ps | tst.go:20:13:20:13 | 1 |
+| tst.go:20:10:20:14 | index expression | tst.go:20:10:20:11 | implicit dereference | tst.go:20:13:20:13 | 1 |
 | tst.go:20:10:20:14 | index expression | tst.go:20:10:20:11 | ps | tst.go:20:13:20:13 | 1 |

go/ql/test/library-tests/semmle/go/dataflow/ReadsAndWrites/readsField.expected

@@ -1,4 +1,4 @@
-| tst.go:8:8:8:10 | selection of f | tst.go:8:8:8:8 | implicit-deref t | tst.go:4:2:4:2 | f |
+| tst.go:8:8:8:10 | selection of f | tst.go:8:8:8:8 | implicit dereference | tst.go:4:2:4:2 | f |
 | tst.go:8:8:8:10 | selection of f | tst.go:8:8:8:8 | t | tst.go:4:2:4:2 | f |
 | tst.go:13:9:13:11 | selection of f | tst.go:13:9:13:9 | t | tst.go:4:2:4:2 | f |
 | tst.go:17:8:17:10 | selection of f | tst.go:17:8:17:8 | x | tst.go:4:2:4:2 | f |

go/ql/test/library-tests/semmle/go/dataflow/ReadsAndWrites/readsMethod.expected

@@ -1,3 +1,3 @@
-| tst.go:9:9:9:13 | selection of get | tst.go:9:9:9:9 | implicit-deref t | tst.go:12:12:12:14 | get |
+| tst.go:9:9:9:13 | selection of get | tst.go:9:9:9:9 | implicit dereference | tst.go:12:12:12:14 | get |
 | tst.go:9:9:9:13 | selection of get | tst.go:9:9:9:9 | t | tst.go:12:12:12:14 | get |
 | tst.go:18:2:18:7 | selection of bump | tst.go:18:2:18:2 | x | tst.go:7:13:7:16 | bump |

go/ql/test/library-tests/semmle/go/dataflow/ReadsAndWrites/writesElement.expected

@@ -1,3 +1,3 @@
-| tst.go:19:2:19:14 | assign:0 ... = ... | tst.go:19:2:19:3 | xs [postupdate] | tst.go:19:5:19:5 | 0 | tst.go:19:10:19:14 | index expression |
-| tst.go:20:2:20:14 | assign:0 ... = ... | tst.go:20:2:20:3 | implicit-deref ps [postupdate] | tst.go:20:5:20:5 | 0 | tst.go:20:10:20:14 | index expression |
-| tst.go:20:2:20:14 | assign:0 ... = ... | tst.go:20:2:20:3 | ps [postupdate] | tst.go:20:5:20:5 | 0 | tst.go:20:10:20:14 | index expression |
+| tst.go:19:2:19:6 | assignment to element | tst.go:19:2:19:3 | xs [postupdate] | tst.go:19:5:19:5 | 0 | tst.go:19:10:19:14 | index expression |
+| tst.go:20:2:20:6 | assignment to element | tst.go:20:2:20:3 | implicit dereference [postupdate] | tst.go:20:5:20:5 | 0 | tst.go:20:10:20:14 | index expression |
+| tst.go:20:2:20:6 | assignment to element | tst.go:20:2:20:3 | ps [postupdate] | tst.go:20:5:20:5 | 0 | tst.go:20:10:20:14 | index expression |

go/ql/test/library-tests/semmle/go/dataflow/ReadsAndWrites/writesField.expected

@@ -1,3 +1,3 @@
-| tst.go:8:2:8:14 | assign:0 ... = ... | tst.go:8:2:8:2 | implicit-deref t [postupdate] | tst.go:4:2:4:2 | f | tst.go:8:8:8:14 | ...+... |
-| tst.go:8:2:8:14 | assign:0 ... = ... | tst.go:8:2:8:2 | t [postupdate] | tst.go:4:2:4:2 | f | tst.go:8:8:8:14 | ...+... |
-| tst.go:17:2:17:14 | assign:0 ... = ... | tst.go:17:2:17:2 | x [postupdate] | tst.go:4:2:4:2 | f | tst.go:17:8:17:14 | ...+... |
+| tst.go:8:2:8:4 | assignment to field f | tst.go:8:2:8:2 | implicit dereference [postupdate] | tst.go:4:2:4:2 | f | tst.go:8:8:8:14 | ...+... |
+| tst.go:8:2:8:4 | assignment to field f | tst.go:8:2:8:2 | t [postupdate] | tst.go:4:2:4:2 | f | tst.go:8:8:8:14 | ...+... |
+| tst.go:17:2:17:4 | assignment to field f | tst.go:17:2:17:2 | x [postupdate] | tst.go:4:2:4:2 | f | tst.go:17:8:17:14 | ...+... |

go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.expected

@@ -5,11 +5,11 @@
 | test.go:34:16:34:20 | param | test.go:33:11:33:27 | call to QueryParams | test.go:34:16:34:20 | param | Cross-site scripting vulnerability due to $@. | test.go:33:11:33:27 | call to QueryParams | user-provided value | test.go:0:0:0:0 | test.go |  |
 | test.go:40:16:40:19 | qstr | test.go:39:10:39:26 | call to QueryString | test.go:40:16:40:19 | qstr | Cross-site scripting vulnerability due to $@. | test.go:39:10:39:26 | call to QueryString | user-provided value | test.go:0:0:0:0 | test.go |  |
 | test.go:46:16:46:18 | val | test.go:45:9:45:34 | call to FormValue | test.go:46:16:46:18 | val | Cross-site scripting vulnerability due to $@. | test.go:45:9:45:34 | call to FormValue | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:52:16:52:37 | index expression | test.go:51:2:51:30 | extract:0 ... := ... | test.go:52:16:52:37 | index expression | Cross-site scripting vulnerability due to $@. | test.go:51:2:51:30 | extract:0 ... := ... | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:61:20:61:25 | buffer | test.go:57:2:57:46 | extract:0 ... := ... | test.go:61:20:61:25 | buffer | Cross-site scripting vulnerability due to $@. | test.go:57:2:57:46 | extract:0 ... := ... | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:67:16:67:41 | index expression | test.go:66:2:66:31 | extract:0 ... := ... | test.go:67:16:67:41 | index expression | Cross-site scripting vulnerability due to $@. | test.go:66:2:66:31 | extract:0 ... := ... | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:77:20:77:25 | buffer | test.go:72:2:72:31 | extract:0 ... := ... | test.go:77:20:77:25 | buffer | Cross-site scripting vulnerability due to $@. | test.go:72:2:72:31 | extract:0 ... := ... | user-provided value | test.go:0:0:0:0 | test.go |  |
-| test.go:83:16:83:24 | selection of Value | test.go:82:2:82:32 | extract:0 ... := ... | test.go:83:16:83:24 | selection of Value | Cross-site scripting vulnerability due to $@. | test.go:82:2:82:32 | extract:0 ... := ... | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:52:16:52:37 | index expression | test.go:51:2:51:30 | ... := ...[0] | test.go:52:16:52:37 | index expression | Cross-site scripting vulnerability due to $@. | test.go:51:2:51:30 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:61:20:61:25 | buffer | test.go:57:2:57:46 | ... := ...[0] | test.go:61:20:61:25 | buffer | Cross-site scripting vulnerability due to $@. | test.go:57:2:57:46 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:67:16:67:41 | index expression | test.go:66:2:66:31 | ... := ...[0] | test.go:67:16:67:41 | index expression | Cross-site scripting vulnerability due to $@. | test.go:66:2:66:31 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:77:20:77:25 | buffer | test.go:72:2:72:31 | ... := ...[0] | test.go:77:20:77:25 | buffer | Cross-site scripting vulnerability due to $@. | test.go:72:2:72:31 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
+| test.go:83:16:83:24 | selection of Value | test.go:82:2:82:32 | ... := ...[0] | test.go:83:16:83:24 | selection of Value | Cross-site scripting vulnerability due to $@. | test.go:82:2:82:32 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go |  |
 | test.go:89:16:89:31 | selection of Value | test.go:88:13:88:25 | call to Cookies | test.go:89:16:89:31 | selection of Value | Cross-site scripting vulnerability due to $@. | test.go:88:13:88:25 | call to Cookies | user-provided value | test.go:0:0:0:0 | test.go |  |
 | test.go:100:16:100:21 | selection of s | test.go:99:11:99:15 | &... [postupdate] | test.go:100:16:100:21 | selection of s | Cross-site scripting vulnerability due to $@. | test.go:99:11:99:15 | &... [postupdate] | user-provided value | test.go:0:0:0:0 | test.go |  |
 | test.go:114:16:114:42 | type assertion | test.go:113:21:113:42 | call to Param | test.go:114:16:114:42 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:113:21:113:42 | call to Param | user-provided value | test.go:0:0:0:0 | test.go |  |
@@ -25,23 +25,23 @@ edges
 | test.go:33:11:33:27 | call to QueryParams | test.go:34:16:34:20 | param | provenance | Src:MaD:11  |
 | test.go:39:10:39:26 | call to QueryString | test.go:40:16:40:19 | qstr | provenance | Src:MaD:12  |
 | test.go:45:9:45:34 | call to FormValue | test.go:46:16:46:18 | val | provenance | Src:MaD:6  |
-| test.go:51:2:51:30 | extract:0 ... := ... | test.go:52:16:52:37 | index expression | provenance | Src:MaD:5  |
-| test.go:57:2:57:46 | extract:0 ... := ... | test.go:58:13:58:22 | fileHeader | provenance | Src:MaD:4  |
-| test.go:58:2:58:29 | extract:0 ... := ... | test.go:60:2:60:5 | file | provenance |  |
-| test.go:58:13:58:22 | fileHeader | test.go:58:2:58:29 | extract:0 ... := ... | provenance | MaD:17 |
+| test.go:51:2:51:30 | ... := ...[0] | test.go:52:16:52:37 | index expression | provenance | Src:MaD:5  |
+| test.go:57:2:57:46 | ... := ...[0] | test.go:58:13:58:22 | fileHeader | provenance | Src:MaD:4  |
+| test.go:58:2:58:29 | ... := ...[0] | test.go:60:2:60:5 | file | provenance |  |
+| test.go:58:13:58:22 | fileHeader | test.go:58:2:58:29 | ... := ...[0] | provenance | MaD:17 |
 | test.go:60:2:60:5 | file | test.go:60:12:60:17 | buffer [postupdate] | provenance | MaD:15 |
 | test.go:60:2:60:5 | file | test.go:60:12:60:17 | buffer [postupdate] | provenance | MaD:16 |
 | test.go:60:2:60:5 | file | test.go:60:12:60:17 | buffer [postupdate] | provenance | MaD:18 |
 | test.go:60:12:60:17 | buffer [postupdate] | test.go:61:20:61:25 | buffer | provenance |  |
-| test.go:66:2:66:31 | extract:0 ... := ... | test.go:67:16:67:41 | index expression | provenance | Src:MaD:7  |
-| test.go:72:2:72:31 | extract:0 ... := ... | test.go:74:13:74:22 | fileHeader | provenance | Src:MaD:7  |
-| test.go:74:2:74:29 | extract:0 ... := ... | test.go:76:2:76:5 | file | provenance |  |
-| test.go:74:13:74:22 | fileHeader | test.go:74:2:74:29 | extract:0 ... := ... | provenance | MaD:17 |
+| test.go:66:2:66:31 | ... := ...[0] | test.go:67:16:67:41 | index expression | provenance | Src:MaD:7  |
+| test.go:72:2:72:31 | ... := ...[0] | test.go:74:13:74:22 | fileHeader | provenance | Src:MaD:7  |
+| test.go:74:2:74:29 | ... := ...[0] | test.go:76:2:76:5 | file | provenance |  |
+| test.go:74:13:74:22 | fileHeader | test.go:74:2:74:29 | ... := ...[0] | provenance | MaD:17 |
 | test.go:76:2:76:5 | file | test.go:76:12:76:17 | buffer [postupdate] | provenance | MaD:15 |
 | test.go:76:2:76:5 | file | test.go:76:12:76:17 | buffer [postupdate] | provenance | MaD:16 |
 | test.go:76:2:76:5 | file | test.go:76:12:76:17 | buffer [postupdate] | provenance | MaD:18 |
 | test.go:76:12:76:17 | buffer [postupdate] | test.go:77:20:77:25 | buffer | provenance |  |
-| test.go:82:2:82:32 | extract:0 ... := ... | test.go:83:16:83:24 | selection of Value | provenance | Src:MaD:2  |
+| test.go:82:2:82:32 | ... := ...[0] | test.go:83:16:83:24 | selection of Value | provenance | Src:MaD:2  |
 | test.go:88:13:88:25 | call to Cookies | test.go:89:16:89:31 | selection of Value | provenance | Src:MaD:3  |
 | test.go:99:11:99:15 | &... [postupdate] | test.go:100:16:100:21 | selection of s | provenance | Src:MaD:1  |
 | test.go:113:2:113:4 | ctx [postupdate] | test.go:114:16:114:18 | ctx | provenance |  |
@@ -88,23 +88,23 @@ nodes
 | test.go:40:16:40:19 | qstr | semmle.label | qstr |
 | test.go:45:9:45:34 | call to FormValue | semmle.label | call to FormValue |
 | test.go:46:16:46:18 | val | semmle.label | val |
-| test.go:51:2:51:30 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
+| test.go:51:2:51:30 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:52:16:52:37 | index expression | semmle.label | index expression |
-| test.go:57:2:57:46 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
-| test.go:58:2:58:29 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
+| test.go:57:2:57:46 | ... := ...[0] | semmle.label | ... := ...[0] |
+| test.go:58:2:58:29 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:58:13:58:22 | fileHeader | semmle.label | fileHeader |
 | test.go:60:2:60:5 | file | semmle.label | file |
 | test.go:60:12:60:17 | buffer [postupdate] | semmle.label | buffer [postupdate] |
 | test.go:61:20:61:25 | buffer | semmle.label | buffer |
-| test.go:66:2:66:31 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
+| test.go:66:2:66:31 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:67:16:67:41 | index expression | semmle.label | index expression |
-| test.go:72:2:72:31 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
-| test.go:74:2:74:29 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
+| test.go:72:2:72:31 | ... := ...[0] | semmle.label | ... := ...[0] |
+| test.go:74:2:74:29 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:74:13:74:22 | fileHeader | semmle.label | fileHeader |
 | test.go:76:2:76:5 | file | semmle.label | file |
 | test.go:76:12:76:17 | buffer [postupdate] | semmle.label | buffer [postupdate] |
 | test.go:77:20:77:25 | buffer | semmle.label | buffer |
-| test.go:82:2:82:32 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
+| test.go:82:2:82:32 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:83:16:83:24 | selection of Value | semmle.label | selection of Value |
 | test.go:88:13:88:25 | call to Cookies | semmle.label | call to Cookies |
 | test.go:89:16:89:31 | selection of Value | semmle.label | selection of Value |

go/ql/test/library-tests/semmle/go/frameworks/Gin/Gin.expected

@@ -7,18 +7,18 @@
 | Gin.go:58:10:58:25 | call to Param |
 | Gin.go:62:10:62:34 | call to GetStringSlice |
 | Gin.go:66:10:66:29 | call to GetString |
-| Gin.go:70:3:70:28 | extract:0 ... := ... |
+| Gin.go:70:3:70:28 | ... := ...[0] |
 | Gin.go:74:10:74:23 | call to ClientIP |
 | Gin.go:78:10:78:26 | call to ContentType |
-| Gin.go:82:3:82:29 | extract:0 ... := ... |
-| Gin.go:86:3:86:36 | extract:0 ... := ... |
-| Gin.go:90:3:90:31 | extract:0 ... := ... |
-| Gin.go:94:3:94:39 | extract:0 ... := ... |
-| Gin.go:98:3:98:34 | extract:0 ... := ... |
+| Gin.go:82:3:82:29 | ... := ...[0] |
+| Gin.go:86:3:86:36 | ... := ...[0] |
+| Gin.go:90:3:90:31 | ... := ...[0] |
+| Gin.go:94:3:94:39 | ... := ...[0] |
+| Gin.go:98:3:98:34 | ... := ...[0] |
 | Gin.go:102:10:102:52 | call to DefaultPostForm |
 | Gin.go:106:10:106:49 | call to DefaultQuery |
-| Gin.go:110:3:110:37 | extract:0 ... := ... |
-| Gin.go:114:3:114:34 | extract:0 ... := ... |
+| Gin.go:110:3:110:37 | ... := ...[0] |
+| Gin.go:114:3:114:34 | ... := ...[0] |
 | Gin.go:118:10:118:32 | call to GetStringMap |
 | Gin.go:122:10:122:38 | call to GetStringMapString |
 | Gin.go:126:10:126:43 | call to GetStringMapStringSlice |

go/ql/test/library-tests/semmle/go/frameworks/Gorestful/gorestful.expected

@@ -6,18 +6,18 @@ models
 | 5 | Source: github.com/emicklei/go-restful; Request; true; ReadEntity; ; ; Argument[0]; remote; manual |
 edges
 | gorestful.go:15:15:15:44 | call to QueryParameters | gorestful.go:15:15:15:47 | index expression | provenance | Src:MaD:4 Sink:MaD:1 |
-| gorestful.go:17:2:17:39 | extract:0 ... := ... | gorestful.go:18:15:18:17 | val | provenance | Src:MaD:2 Sink:MaD:1 |
+| gorestful.go:17:2:17:39 | ... := ...[0] | gorestful.go:18:15:18:17 | val | provenance | Src:MaD:2 Sink:MaD:1 |
 | gorestful.go:21:15:21:38 | call to PathParameters | gorestful.go:21:15:21:45 | index expression | provenance | Src:MaD:3 Sink:MaD:1 |
 | gorestful.go:23:21:23:24 | &... [postupdate] | gorestful.go:24:15:24:21 | selection of cmd | provenance | Src:MaD:5 Sink:MaD:1 |
 | gorestful_v2.go:15:15:15:44 | call to QueryParameters | gorestful_v2.go:15:15:15:47 | index expression | provenance | Src:MaD:4 Sink:MaD:1 |
-| gorestful_v2.go:17:2:17:39 | extract:0 ... := ... | gorestful_v2.go:18:15:18:17 | val | provenance | Src:MaD:2 Sink:MaD:1 |
+| gorestful_v2.go:17:2:17:39 | ... := ...[0] | gorestful_v2.go:18:15:18:17 | val | provenance | Src:MaD:2 Sink:MaD:1 |
 | gorestful_v2.go:21:15:21:38 | call to PathParameters | gorestful_v2.go:21:15:21:45 | index expression | provenance | Src:MaD:3 Sink:MaD:1 |
 | gorestful_v2.go:23:21:23:24 | &... [postupdate] | gorestful_v2.go:24:15:24:21 | selection of cmd | provenance | Src:MaD:5 Sink:MaD:1 |
 nodes
 | gorestful.go:15:15:15:44 | call to QueryParameters | semmle.label | call to QueryParameters |
 | gorestful.go:15:15:15:47 | index expression | semmle.label | index expression |
 | gorestful.go:16:15:16:43 | call to QueryParameter | semmle.label | call to QueryParameter |
-| gorestful.go:17:2:17:39 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
+| gorestful.go:17:2:17:39 | ... := ...[0] | semmle.label | ... := ...[0] |
 | gorestful.go:18:15:18:17 | val | semmle.label | val |
 | gorestful.go:19:15:19:44 | call to HeaderParameter | semmle.label | call to HeaderParameter |
 | gorestful.go:20:15:20:42 | call to PathParameter | semmle.label | call to PathParameter |
@@ -28,7 +28,7 @@ nodes
 | gorestful_v2.go:15:15:15:44 | call to QueryParameters | semmle.label | call to QueryParameters |
 | gorestful_v2.go:15:15:15:47 | index expression | semmle.label | index expression |
 | gorestful_v2.go:16:15:16:43 | call to QueryParameter | semmle.label | call to QueryParameter |
-| gorestful_v2.go:17:2:17:39 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
+| gorestful_v2.go:17:2:17:39 | ... := ...[0] | semmle.label | ... := ...[0] |
 | gorestful_v2.go:18:15:18:17 | val | semmle.label | val |
 | gorestful_v2.go:19:15:19:44 | call to HeaderParameter | semmle.label | call to HeaderParameter |
 | gorestful_v2.go:20:15:20:42 | call to PathParameter | semmle.label | call to PathParameter |
@@ -41,14 +41,14 @@ invalidModelRow
 #select
 | gorestful.go:15:15:15:47 | index expression | gorestful.go:15:15:15:44 | call to QueryParameters | gorestful.go:15:15:15:47 | index expression | This command depends on $@. | gorestful.go:15:15:15:44 | call to QueryParameters | a user-provided value |
 | gorestful.go:16:15:16:43 | call to QueryParameter | gorestful.go:16:15:16:43 | call to QueryParameter | gorestful.go:16:15:16:43 | call to QueryParameter | This command depends on $@. | gorestful.go:16:15:16:43 | call to QueryParameter | a user-provided value |
-| gorestful.go:18:15:18:17 | val | gorestful.go:17:2:17:39 | extract:0 ... := ... | gorestful.go:18:15:18:17 | val | This command depends on $@. | gorestful.go:17:2:17:39 | extract:0 ... := ... | a user-provided value |
+| gorestful.go:18:15:18:17 | val | gorestful.go:17:2:17:39 | ... := ...[0] | gorestful.go:18:15:18:17 | val | This command depends on $@. | gorestful.go:17:2:17:39 | ... := ...[0] | a user-provided value |
 | gorestful.go:19:15:19:44 | call to HeaderParameter | gorestful.go:19:15:19:44 | call to HeaderParameter | gorestful.go:19:15:19:44 | call to HeaderParameter | This command depends on $@. | gorestful.go:19:15:19:44 | call to HeaderParameter | a user-provided value |
 | gorestful.go:20:15:20:42 | call to PathParameter | gorestful.go:20:15:20:42 | call to PathParameter | gorestful.go:20:15:20:42 | call to PathParameter | This command depends on $@. | gorestful.go:20:15:20:42 | call to PathParameter | a user-provided value |
 | gorestful.go:21:15:21:45 | index expression | gorestful.go:21:15:21:38 | call to PathParameters | gorestful.go:21:15:21:45 | index expression | This command depends on $@. | gorestful.go:21:15:21:38 | call to PathParameters | a user-provided value |
 | gorestful.go:24:15:24:21 | selection of cmd | gorestful.go:23:21:23:24 | &... [postupdate] | gorestful.go:24:15:24:21 | selection of cmd | This command depends on $@. | gorestful.go:23:21:23:24 | &... [postupdate] | a user-provided value |
 | gorestful_v2.go:15:15:15:47 | index expression | gorestful_v2.go:15:15:15:44 | call to QueryParameters | gorestful_v2.go:15:15:15:47 | index expression | This command depends on $@. | gorestful_v2.go:15:15:15:44 | call to QueryParameters | a user-provided value |
 | gorestful_v2.go:16:15:16:43 | call to QueryParameter | gorestful_v2.go:16:15:16:43 | call to QueryParameter | gorestful_v2.go:16:15:16:43 | call to QueryParameter | This command depends on $@. | gorestful_v2.go:16:15:16:43 | call to QueryParameter | a user-provided value |
-| gorestful_v2.go:18:15:18:17 | val | gorestful_v2.go:17:2:17:39 | extract:0 ... := ... | gorestful_v2.go:18:15:18:17 | val | This command depends on $@. | gorestful_v2.go:17:2:17:39 | extract:0 ... := ... | a user-provided value |
+| gorestful_v2.go:18:15:18:17 | val | gorestful_v2.go:17:2:17:39 | ... := ...[0] | gorestful_v2.go:18:15:18:17 | val | This command depends on $@. | gorestful_v2.go:17:2:17:39 | ... := ...[0] | a user-provided value |
 | gorestful_v2.go:19:15:19:44 | call to HeaderParameter | gorestful_v2.go:19:15:19:44 | call to HeaderParameter | gorestful_v2.go:19:15:19:44 | call to HeaderParameter | This command depends on $@. | gorestful_v2.go:19:15:19:44 | call to HeaderParameter | a user-provided value |
 | gorestful_v2.go:20:15:20:42 | call to PathParameter | gorestful_v2.go:20:15:20:42 | call to PathParameter | gorestful_v2.go:20:15:20:42 | call to PathParameter | This command depends on $@. | gorestful_v2.go:20:15:20:42 | call to PathParameter | a user-provided value |
 | gorestful_v2.go:21:15:21:45 | index expression | gorestful_v2.go:21:15:21:38 | call to PathParameters | gorestful_v2.go:21:15:21:45 | index expression | This command depends on $@. | gorestful_v2.go:21:15:21:38 | call to PathParameters | a user-provided value |

go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.expected

@@ -1,17 +1,17 @@
 #select
 | EndToEnd.go:95:20:95:49 | call to Get | EndToEnd.go:95:20:95:27 | selection of Params | EndToEnd.go:95:20:95:49 | call to Get | This path to an untrusted URL redirection depends on a $@. | EndToEnd.go:95:20:95:27 | selection of Params | user-provided value |
 edges
-| EndToEnd.go:95:20:95:27 | implicit-deref selection of Params | EndToEnd.go:95:20:95:27 | selection of Params [postupdate] | provenance | Config |
-| EndToEnd.go:95:20:95:27 | implicit-deref selection of Params | EndToEnd.go:95:20:95:32 | selection of Form | provenance | Config |
-| EndToEnd.go:95:20:95:27 | selection of Params | EndToEnd.go:95:20:95:27 | implicit-deref selection of Params | provenance | Src:MaD:2 Config |
+| EndToEnd.go:95:20:95:27 | implicit dereference | EndToEnd.go:95:20:95:27 | selection of Params [postupdate] | provenance | Config |
+| EndToEnd.go:95:20:95:27 | implicit dereference | EndToEnd.go:95:20:95:32 | selection of Form | provenance | Config |
+| EndToEnd.go:95:20:95:27 | selection of Params | EndToEnd.go:95:20:95:27 | implicit dereference | provenance | Src:MaD:2 Config |
 | EndToEnd.go:95:20:95:27 | selection of Params | EndToEnd.go:95:20:95:32 | selection of Form | provenance | Src:MaD:2 Config |
-| EndToEnd.go:95:20:95:27 | selection of Params [postupdate] | EndToEnd.go:95:20:95:27 | implicit-deref selection of Params | provenance | Config |
+| EndToEnd.go:95:20:95:27 | selection of Params [postupdate] | EndToEnd.go:95:20:95:27 | implicit dereference | provenance | Config |
 | EndToEnd.go:95:20:95:32 | selection of Form | EndToEnd.go:95:20:95:49 | call to Get | provenance | Config Sink:MaD:1 |
 models
 | 1 | Sink: group:revel; Controller; true; Redirect; ; ; Argument[0]; url-redirection; manual |
 | 2 | Source: group:revel; Controller; true; Params; ; ; ; remote; manual |
 nodes
-| EndToEnd.go:95:20:95:27 | implicit-deref selection of Params | semmle.label | implicit-deref selection of Params |
+| EndToEnd.go:95:20:95:27 | implicit dereference | semmle.label | implicit dereference |
 | EndToEnd.go:95:20:95:27 | selection of Params | semmle.label | selection of Params |
 | EndToEnd.go:95:20:95:27 | selection of Params [postupdate] | semmle.label | selection of Params [postupdate] |
 | EndToEnd.go:95:20:95:32 | selection of Form | semmle.label | selection of Form |

go/ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected

@@ -1,12 +1,12 @@
 invalidModelRow
 #select
-| crypto.go:9:14:9:31 | call to NewCipher | crypto.go:9:2:9:31 | extract:0 ... := ... |
-| crypto.go:9:14:9:31 | call to NewCipher | crypto.go:9:2:9:31 | extract:1 ... := ... |
-| crypto.go:10:15:10:34 | call to NewGCM | crypto.go:10:2:10:34 | extract:0 ... := ... |
-| crypto.go:10:15:10:34 | call to NewGCM | crypto.go:10:2:10:34 | extract:1 ... := ... |
-| crypto.go:11:18:11:57 | call to Open | crypto.go:11:2:11:57 | extract:0 ... := ... |
-| crypto.go:11:18:11:57 | call to Open | crypto.go:11:2:11:57 | extract:1 ... := ... |
-| crypto.go:11:42:11:51 | ciphertext | crypto.go:11:2:11:57 | extract:0 ... := ... |
+| crypto.go:9:14:9:31 | call to NewCipher | crypto.go:9:2:9:31 | ... := ...[0] |
+| crypto.go:9:14:9:31 | call to NewCipher | crypto.go:9:2:9:31 | ... := ...[1] |
+| crypto.go:10:15:10:34 | call to NewGCM | crypto.go:10:2:10:34 | ... := ...[0] |
+| crypto.go:10:15:10:34 | call to NewGCM | crypto.go:10:2:10:34 | ... := ...[1] |
+| crypto.go:11:18:11:57 | call to Open | crypto.go:11:2:11:57 | ... := ...[0] |
+| crypto.go:11:18:11:57 | call to Open | crypto.go:11:2:11:57 | ... := ...[1] |
+| crypto.go:11:42:11:51 | ciphertext | crypto.go:11:2:11:57 | ... := ...[0] |
 | io.go:14:31:14:43 | "some string" | io.go:14:13:14:44 | call to NewReader |
 | io.go:16:23:16:27 | &... | io.go:16:24:16:27 | buf1 [postupdate] |
 | io.go:16:23:16:27 | &... [postupdate] | io.go:16:24:16:27 | buf1 [postupdate] |
@@ -31,9 +31,9 @@ invalidModelRow
 | io.go:33:20:33:23 | buf1 | io.go:33:19:33:23 | &... |
 | io.go:33:20:33:23 | buf1 [postupdate] | io.go:33:19:33:23 | &... |
 | io.go:35:16:35:21 | reader | io.go:35:12:35:13 | w2 [postupdate] |
-| io.go:39:11:39:19 | call to Pipe | io.go:39:3:39:19 | extract:0 ... := ... |
-| io.go:39:11:39:19 | call to Pipe | io.go:39:3:39:19 | extract:1 ... := ... |
-| io.go:40:14:40:14 | w [postupdate] | io.go:39:3:39:19 | extract:0 ... := ... |
+| io.go:39:11:39:19 | call to Pipe | io.go:39:3:39:19 | ... := ...[0] |
+| io.go:39:11:39:19 | call to Pipe | io.go:39:3:39:19 | ... := ...[1] |
+| io.go:40:14:40:14 | w [postupdate] | io.go:39:3:39:19 | ... := ...[0] |
 | io.go:40:17:40:31 | "some string\\n" | io.go:40:14:40:14 | w [postupdate] |
 | io.go:43:16:43:16 | r | io.go:43:3:43:5 | buf [postupdate] |
 | io.go:44:13:44:15 | buf | io.go:44:13:44:24 | call to String |
@@ -74,35 +74,35 @@ invalidModelRow
 | io.go:101:26:101:38 | "some string" | io.go:101:8:101:39 | call to NewReader |
 | io.go:102:3:102:3 | r | io.go:102:13:102:21 | selection of Stdout [postupdate] |
 | io.go:108:30:108:42 | "some string" | io.go:108:12:108:43 | call to NewReader |
-| io.go:109:12:109:33 | call to ReadAll | io.go:109:2:109:33 | extract:0 ... := ... |
-| io.go:109:12:109:33 | call to ReadAll | io.go:109:2:109:33 | extract:1 ... := ... |
-| io.go:109:27:109:32 | reader | io.go:109:2:109:33 | extract:0 ... := ... |
+| io.go:109:12:109:33 | call to ReadAll | io.go:109:2:109:33 | ... := ...[0] |
+| io.go:109:12:109:33 | call to ReadAll | io.go:109:2:109:33 | ... := ...[1] |
+| io.go:109:27:109:32 | reader | io.go:109:2:109:33 | ... := ...[0] |
 | io.go:110:18:110:20 | buf | io.go:110:2:110:10 | selection of Stdout [postupdate] |
-| main.go:11:12:11:26 | call to Marshal | main.go:11:2:11:26 | extract:0 ... := ... |
-| main.go:11:12:11:26 | call to Marshal | main.go:11:2:11:26 | extract:1 ... := ... |
-| main.go:11:25:11:25 | v | main.go:11:2:11:26 | extract:0 ... := ... |
-| main.go:13:14:13:52 | call to MarshalIndent | main.go:13:2:13:52 | extract:0 ... := ... |
-| main.go:13:14:13:52 | call to MarshalIndent | main.go:13:2:13:52 | extract:1 ... := ... |
-| main.go:13:33:13:33 | v | main.go:13:2:13:52 | extract:0 ... := ... |
-| main.go:13:36:13:45 | "/*JSON*/" | main.go:13:2:13:52 | extract:0 ... := ... |
-| main.go:13:48:13:51 | "  " | main.go:13:2:13:52 | extract:0 ... := ... |
+| main.go:11:12:11:26 | call to Marshal | main.go:11:2:11:26 | ... := ...[0] |
+| main.go:11:12:11:26 | call to Marshal | main.go:11:2:11:26 | ... := ...[1] |
+| main.go:11:25:11:25 | v | main.go:11:2:11:26 | ... := ...[0] |
+| main.go:13:14:13:52 | call to MarshalIndent | main.go:13:2:13:52 | ... := ...[0] |
+| main.go:13:14:13:52 | call to MarshalIndent | main.go:13:2:13:52 | ... := ...[1] |
+| main.go:13:33:13:33 | v | main.go:13:2:13:52 | ... := ...[0] |
+| main.go:13:36:13:45 | "/*JSON*/" | main.go:13:2:13:52 | ... := ...[0] |
+| main.go:13:48:13:51 | "  " | main.go:13:2:13:52 | ... := ...[0] |
 | main.go:14:25:14:25 | b | main.go:14:9:14:41 | slice literal |
 | main.go:14:28:14:30 | err | main.go:14:9:14:41 | slice literal |
 | main.go:14:33:14:34 | b2 | main.go:14:9:14:41 | slice literal |
 | main.go:14:37:14:40 | err2 | main.go:14:9:14:41 | slice literal |
-| main.go:19:18:19:42 | call to DecodeString | main.go:19:2:19:42 | extract:0 ... := ... |
-| main.go:19:18:19:42 | call to DecodeString | main.go:19:2:19:42 | extract:1 ... := ... |
-| main.go:19:35:19:41 | encoded | main.go:19:2:19:42 | extract:0 ... := ... |
+| main.go:19:18:19:42 | call to DecodeString | main.go:19:2:19:42 | ... := ...[0] |
+| main.go:19:18:19:42 | call to DecodeString | main.go:19:2:19:42 | ... := ...[1] |
+| main.go:19:35:19:41 | encoded | main.go:19:2:19:42 | ... := ...[0] |
 | main.go:23:25:23:31 | decoded | main.go:23:9:23:48 | slice literal |
 | main.go:23:34:23:36 | err | main.go:23:9:23:48 | slice literal |
 | main.go:23:39:23:47 | reEncoded | main.go:23:9:23:48 | slice literal |
-| main.go:28:2:28:4 | implicit-deref req | main.go:28:2:28:4 | req [postupdate] |
-| main.go:28:2:28:4 | implicit-deref req | main.go:28:2:28:9 | selection of Body |
-| main.go:28:2:28:4 | req | main.go:28:2:28:4 | implicit-deref req |
-| main.go:28:2:28:4 | req [postupdate] | main.go:28:2:28:4 | implicit-deref req |
+| main.go:28:2:28:4 | implicit dereference | main.go:28:2:28:4 | req [postupdate] |
+| main.go:28:2:28:4 | implicit dereference | main.go:28:2:28:9 | selection of Body |
+| main.go:28:2:28:4 | req | main.go:28:2:28:4 | implicit dereference |
+| main.go:28:2:28:4 | req [postupdate] | main.go:28:2:28:4 | implicit dereference |
 | main.go:28:2:28:9 | selection of Body | main.go:28:16:28:16 | b [postupdate] |
-| main.go:34:2:34:4 | implicit-deref req | main.go:34:2:34:4 | req [postupdate] |
-| main.go:34:2:34:4 | implicit-deref req | main.go:34:2:34:9 | selection of Body |
-| main.go:34:2:34:4 | req | main.go:34:2:34:4 | implicit-deref req |
-| main.go:34:2:34:4 | req [postupdate] | main.go:34:2:34:4 | implicit-deref req |
+| main.go:34:2:34:4 | implicit dereference | main.go:34:2:34:4 | req [postupdate] |
+| main.go:34:2:34:4 | implicit dereference | main.go:34:2:34:9 | selection of Body |
+| main.go:34:2:34:4 | req | main.go:34:2:34:4 | implicit dereference |
+| main.go:34:2:34:4 | req [postupdate] | main.go:34:2:34:4 | implicit dereference |
 | main.go:34:2:34:9 | selection of Body | main.go:34:16:34:16 | b [postupdate] |

go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected

@@ -1,19 +1,19 @@
 #select
 | server/main.go:30:38:30:48 | selection of Text | rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | server/main.go:30:38:30:48 | selection of Text | The $@ of this request depends on a $@. | server/main.go:30:38:30:48 | selection of Text | URL | rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | user-provided value |
-| server/main.go:30:38:30:48 | selection of Text | server/main.go:19:109:38:1 | SSA def(params) | server/main.go:30:38:30:48 | selection of Text | The $@ of this request depends on a $@. | server/main.go:30:38:30:48 | selection of Text | URL | server/main.go:19:109:38:1 | SSA def(params) | user-provided value |
+| server/main.go:30:38:30:48 | selection of Text | server/main.go:19:56:19:61 | SSA def(params) | server/main.go:30:38:30:48 | selection of Text | The $@ of this request depends on a $@. | server/main.go:30:38:30:48 | selection of Text | URL | server/main.go:19:56:19:61 | SSA def(params) | user-provided value |
 edges
-| client/main.go:16:35:16:78 | &... | server/main.go:19:109:38:1 | SSA def(params) | provenance |  |
+| client/main.go:16:35:16:78 | &... | server/main.go:19:56:19:61 | SSA def(params) | provenance |  |
 | client/main.go:16:35:16:78 | &... [postupdate] | client/main.go:16:35:16:78 | &... | provenance |  |
-| rpc/notes/service.twirp.go:538:2:538:33 | extract:0 ... := ... | rpc/notes/service.twirp.go:544:27:544:29 | buf | provenance |  |
-| rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | rpc/notes/service.twirp.go:538:2:538:33 | extract:0 ... := ... | provenance | Src:MaD:1 MaD:3 |
+| rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | rpc/notes/service.twirp.go:544:27:544:29 | buf | provenance |  |
+| rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | provenance | Src:MaD:1 MaD:3 |
 | rpc/notes/service.twirp.go:544:27:544:29 | buf | rpc/notes/service.twirp.go:544:32:544:41 | reqContent [postupdate] | provenance | MaD:2 |
 | rpc/notes/service.twirp.go:544:32:544:41 | reqContent [postupdate] | rpc/notes/service.twirp.go:574:2:577:2 | SSA def(reqContent) | provenance |  |
 | rpc/notes/service.twirp.go:574:2:577:2 | SSA def(reqContent) | rpc/notes/service.twirp.go:576:35:576:44 | reqContent | provenance |  |
-| rpc/notes/service.twirp.go:576:35:576:44 | reqContent | server/main.go:19:109:38:1 | SSA def(params) | provenance |  |
-| server/main.go:19:109:38:1 | SSA def(params) | server/main.go:19:109:38:1 | SSA def(params) [Return] | provenance |  |
-| server/main.go:19:109:38:1 | SSA def(params) | server/main.go:30:38:30:48 | selection of Text | provenance |  |
-| server/main.go:19:109:38:1 | SSA def(params) | server/main.go:30:38:30:48 | selection of Text | provenance |  |
-| server/main.go:19:109:38:1 | SSA def(params) [Return] | client/main.go:16:35:16:78 | &... [postupdate] | provenance |  |
+| rpc/notes/service.twirp.go:576:35:576:44 | reqContent | server/main.go:19:56:19:61 | SSA def(params) | provenance |  |
+| server/main.go:19:56:19:61 | SSA def(params) | server/main.go:19:56:19:61 | SSA def(params) [Return] | provenance |  |
+| server/main.go:19:56:19:61 | SSA def(params) | server/main.go:30:38:30:48 | selection of Text | provenance |  |
+| server/main.go:19:56:19:61 | SSA def(params) | server/main.go:30:38:30:48 | selection of Text | provenance |  |
+| server/main.go:19:56:19:61 | SSA def(params) [Return] | client/main.go:16:35:16:78 | &... [postupdate] | provenance |  |
 models
 | 1 | Source: net/http; Request; true; Body; ; ; ; remote; manual |
 | 2 | Summary: google.golang.org/protobuf/proto; ; false; Unmarshal; ; ; Argument[0]; Argument[1]; taint; manual |
@@ -21,17 +21,14 @@ models
 nodes
 | client/main.go:16:35:16:78 | &... | semmle.label | &... |
 | client/main.go:16:35:16:78 | &... [postupdate] | semmle.label | &... [postupdate] |
-| rpc/notes/service.twirp.go:538:2:538:33 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
+| rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | semmle.label | ... := ...[0] |
 | rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | semmle.label | selection of Body |
 | rpc/notes/service.twirp.go:544:27:544:29 | buf | semmle.label | buf |
 | rpc/notes/service.twirp.go:544:32:544:41 | reqContent [postupdate] | semmle.label | reqContent [postupdate] |
 | rpc/notes/service.twirp.go:574:2:577:2 | SSA def(reqContent) | semmle.label | SSA def(reqContent) |
 | rpc/notes/service.twirp.go:576:35:576:44 | reqContent | semmle.label | reqContent |
-| server/main.go:19:109:38:1 | SSA def(params) | semmle.label | SSA def(params) |
-| server/main.go:19:109:38:1 | SSA def(params) | semmle.label | SSA def(params) |
-| server/main.go:19:109:38:1 | SSA def(params) [Return] | semmle.label | SSA def(params) [Return] |
+| server/main.go:19:56:19:61 | SSA def(params) | semmle.label | SSA def(params) |
+| server/main.go:19:56:19:61 | SSA def(params) | semmle.label | SSA def(params) |
+| server/main.go:19:56:19:61 | SSA def(params) [Return] | semmle.label | SSA def(params) [Return] |
 | server/main.go:30:38:30:48 | selection of Text | semmle.label | selection of Text |
 subpaths
-testFailures
-| server/main.go:19:109:38:1 | SSA def(params) | Unexpected result: Source |
-| server/main.go:19:111:19:154 | comment | Missing result: Source |

go/ql/test/query-tests/InconsistentCode/MissingErrorCheck/MissingErrorCheck.expected

@@ -1,2 +1,2 @@
-| tests.go:61:30:61:35 | result | $@ may be nil at this dereference because $@ may not have been checked. | tests.go:59:2:59:30 | SSA def(result) | result | tests.go:59:2:59:30 | SSA def(err) | err |
-| tests.go:243:27:243:32 | result | $@ may be nil at this dereference because $@ may not have been checked. | tests.go:241:2:241:37 | SSA def(result) | result | tests.go:241:2:241:37 | SSA def(err) | err |
+| tests.go:61:30:61:35 | result | $@ may be nil at this dereference because $@ may not have been checked. | tests.go:59:2:59:7 | SSA def(result) | result | tests.go:59:10:59:12 | SSA def(err) | err |
+| tests.go:243:27:243:32 | result | $@ may be nil at this dereference because $@ may not have been checked. | tests.go:241:2:241:7 | SSA def(result) | result | tests.go:241:10:241:12 | SSA def(err) | err |

go/ql/test/query-tests/InconsistentCode/UnhandledCloseWritableHandle/UnhandledCloseWritableHandle.expected

@@ -1,52 +1,52 @@
 #select
-| tests.go:10:8:10:8 | f | tests.go:32:5:32:78 | extract:0 ... := ... | tests.go:10:8:10:8 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:32:15:32:78 | call to OpenFile | call to OpenFile |
-| tests.go:10:8:10:8 | f | tests.go:46:5:46:76 | extract:0 ... := ... | tests.go:10:8:10:8 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:46:15:46:76 | call to OpenFile | call to OpenFile |
-| tests.go:15:3:15:3 | f | tests.go:32:5:32:78 | extract:0 ... := ... | tests.go:15:3:15:3 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:32:15:32:78 | call to OpenFile | call to OpenFile |
-| tests.go:15:3:15:3 | f | tests.go:46:5:46:76 | extract:0 ... := ... | tests.go:15:3:15:3 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:46:15:46:76 | call to OpenFile | call to OpenFile |
-| tests.go:57:3:57:3 | f | tests.go:55:5:55:78 | extract:0 ... := ... | tests.go:57:3:57:3 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:55:15:55:78 | call to OpenFile | call to OpenFile |
-| tests.go:69:3:69:3 | f | tests.go:67:5:67:76 | extract:0 ... := ... | tests.go:69:3:69:3 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:67:15:67:76 | call to OpenFile | call to OpenFile |
-| tests.go:126:9:126:9 | f | tests.go:124:5:124:78 | extract:0 ... := ... | tests.go:126:9:126:9 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:124:15:124:78 | call to OpenFile | call to OpenFile |
-| tests.go:145:3:145:3 | f | tests.go:141:5:141:78 | extract:0 ... := ... | tests.go:145:3:145:3 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:141:15:141:78 | call to OpenFile | call to OpenFile |
-| tests.go:166:8:166:8 | f | tests.go:162:2:162:74 | extract:0 ... := ... | tests.go:166:8:166:8 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:162:12:162:74 | call to OpenFile | call to OpenFile |
+| tests.go:10:8:10:8 | f | tests.go:32:5:32:78 | ... := ...[0] | tests.go:10:8:10:8 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:32:15:32:78 | call to OpenFile | call to OpenFile |
+| tests.go:10:8:10:8 | f | tests.go:46:5:46:76 | ... := ...[0] | tests.go:10:8:10:8 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:46:15:46:76 | call to OpenFile | call to OpenFile |
+| tests.go:15:3:15:3 | f | tests.go:32:5:32:78 | ... := ...[0] | tests.go:15:3:15:3 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:32:15:32:78 | call to OpenFile | call to OpenFile |
+| tests.go:15:3:15:3 | f | tests.go:46:5:46:76 | ... := ...[0] | tests.go:15:3:15:3 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:46:15:46:76 | call to OpenFile | call to OpenFile |
+| tests.go:57:3:57:3 | f | tests.go:55:5:55:78 | ... := ...[0] | tests.go:57:3:57:3 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:55:15:55:78 | call to OpenFile | call to OpenFile |
+| tests.go:69:3:69:3 | f | tests.go:67:5:67:76 | ... := ...[0] | tests.go:69:3:69:3 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:67:15:67:76 | call to OpenFile | call to OpenFile |
+| tests.go:126:9:126:9 | f | tests.go:124:5:124:78 | ... := ...[0] | tests.go:126:9:126:9 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:124:15:124:78 | call to OpenFile | call to OpenFile |
+| tests.go:145:3:145:3 | f | tests.go:141:5:141:78 | ... := ...[0] | tests.go:145:3:145:3 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:141:15:141:78 | call to OpenFile | call to OpenFile |
+| tests.go:166:8:166:8 | f | tests.go:162:2:162:74 | ... := ...[0] | tests.go:166:8:166:8 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:162:12:162:74 | call to OpenFile | call to OpenFile |
 edges
-| tests.go:9:36:11:1 | SSA def(f) | tests.go:10:8:10:8 | f | provenance |  |
-| tests.go:13:44:19:1 | SSA def(f) | tests.go:14:13:16:2 | SSA def(f) | provenance |  |
+| tests.go:9:24:9:24 | SSA def(f) | tests.go:10:8:10:8 | f | provenance |  |
+| tests.go:13:32:13:32 | SSA def(f) | tests.go:14:13:16:2 | SSA def(f) | provenance |  |
 | tests.go:14:13:16:2 | SSA def(f) | tests.go:15:3:15:3 | f | provenance |  |
-| tests.go:32:5:32:78 | extract:0 ... := ... | tests.go:33:21:33:21 | f | provenance | Src:MaD:1  |
-| tests.go:32:5:32:78 | extract:0 ... := ... | tests.go:34:29:34:29 | f | provenance | Src:MaD:1  |
-| tests.go:33:21:33:21 | f | tests.go:9:36:11:1 | SSA def(f) | provenance |  |
-| tests.go:34:29:34:29 | f | tests.go:13:44:19:1 | SSA def(f) | provenance |  |
-| tests.go:46:5:46:76 | extract:0 ... := ... | tests.go:47:21:47:21 | f | provenance | Src:MaD:1  |
-| tests.go:46:5:46:76 | extract:0 ... := ... | tests.go:48:29:48:29 | f | provenance | Src:MaD:1  |
-| tests.go:47:21:47:21 | f | tests.go:9:36:11:1 | SSA def(f) | provenance |  |
-| tests.go:48:29:48:29 | f | tests.go:13:44:19:1 | SSA def(f) | provenance |  |
-| tests.go:55:5:55:78 | extract:0 ... := ... | tests.go:57:3:57:3 | f | provenance | Src:MaD:1  |
-| tests.go:67:5:67:76 | extract:0 ... := ... | tests.go:69:3:69:3 | f | provenance | Src:MaD:1  |
-| tests.go:124:5:124:78 | extract:0 ... := ... | tests.go:126:9:126:9 | f | provenance | Src:MaD:1  |
-| tests.go:141:5:141:78 | extract:0 ... := ... | tests.go:145:3:145:3 | f | provenance | Src:MaD:1  |
-| tests.go:162:2:162:74 | extract:0 ... := ... | tests.go:166:8:166:8 | f | provenance | Src:MaD:1  |
+| tests.go:32:5:32:78 | ... := ...[0] | tests.go:33:21:33:21 | f | provenance | Src:MaD:1  |
+| tests.go:32:5:32:78 | ... := ...[0] | tests.go:34:29:34:29 | f | provenance | Src:MaD:1  |
+| tests.go:33:21:33:21 | f | tests.go:9:24:9:24 | SSA def(f) | provenance |  |
+| tests.go:34:29:34:29 | f | tests.go:13:32:13:32 | SSA def(f) | provenance |  |
+| tests.go:46:5:46:76 | ... := ...[0] | tests.go:47:21:47:21 | f | provenance | Src:MaD:1  |
+| tests.go:46:5:46:76 | ... := ...[0] | tests.go:48:29:48:29 | f | provenance | Src:MaD:1  |
+| tests.go:47:21:47:21 | f | tests.go:9:24:9:24 | SSA def(f) | provenance |  |
+| tests.go:48:29:48:29 | f | tests.go:13:32:13:32 | SSA def(f) | provenance |  |
+| tests.go:55:5:55:78 | ... := ...[0] | tests.go:57:3:57:3 | f | provenance | Src:MaD:1  |
+| tests.go:67:5:67:76 | ... := ...[0] | tests.go:69:3:69:3 | f | provenance | Src:MaD:1  |
+| tests.go:124:5:124:78 | ... := ...[0] | tests.go:126:9:126:9 | f | provenance | Src:MaD:1  |
+| tests.go:141:5:141:78 | ... := ...[0] | tests.go:145:3:145:3 | f | provenance | Src:MaD:1  |
+| tests.go:162:2:162:74 | ... := ...[0] | tests.go:166:8:166:8 | f | provenance | Src:MaD:1  |
 models
 | 1 | Source: os; ; false; OpenFile; ; ; ReturnValue[0]; file; manual |
 nodes
-| tests.go:9:36:11:1 | SSA def(f) | semmle.label | SSA def(f) |
+| tests.go:9:24:9:24 | SSA def(f) | semmle.label | SSA def(f) |
 | tests.go:10:8:10:8 | f | semmle.label | f |
-| tests.go:13:44:19:1 | SSA def(f) | semmle.label | SSA def(f) |
+| tests.go:13:32:13:32 | SSA def(f) | semmle.label | SSA def(f) |
 | tests.go:14:13:16:2 | SSA def(f) | semmle.label | SSA def(f) |
 | tests.go:15:3:15:3 | f | semmle.label | f |
-| tests.go:32:5:32:78 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
+| tests.go:32:5:32:78 | ... := ...[0] | semmle.label | ... := ...[0] |
 | tests.go:33:21:33:21 | f | semmle.label | f |
 | tests.go:34:29:34:29 | f | semmle.label | f |
-| tests.go:46:5:46:76 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
+| tests.go:46:5:46:76 | ... := ...[0] | semmle.label | ... := ...[0] |
 | tests.go:47:21:47:21 | f | semmle.label | f |
 | tests.go:48:29:48:29 | f | semmle.label | f |
-| tests.go:55:5:55:78 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
+| tests.go:55:5:55:78 | ... := ...[0] | semmle.label | ... := ...[0] |
 | tests.go:57:3:57:3 | f | semmle.label | f |
-| tests.go:67:5:67:76 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
+| tests.go:67:5:67:76 | ... := ...[0] | semmle.label | ... := ...[0] |
 | tests.go:69:3:69:3 | f | semmle.label | f |
-| tests.go:124:5:124:78 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
+| tests.go:124:5:124:78 | ... := ...[0] | semmle.label | ... := ...[0] |
 | tests.go:126:9:126:9 | f | semmle.label | f |
-| tests.go:141:5:141:78 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
+| tests.go:141:5:141:78 | ... := ...[0] | semmle.label | ... := ...[0] |
 | tests.go:145:3:145:3 | f | semmle.label | f |
-| tests.go:162:2:162:74 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
+| tests.go:162:2:162:74 | ... := ...[0] | semmle.label | ... := ...[0] |
 | tests.go:166:8:166:8 | f | semmle.label | f |
 subpaths

go/ql/test/query-tests/RedundantCode/DeadStoreOfField/DeadStoreOfField.expected

@@ -1 +1 @@
-| DeadStoreOfField.go:8:2:8:10 | assign:0 ... = ... | This assignment to val is useless since its value is never read. |
+| DeadStoreOfField.go:8:2:8:6 | assignment to field val | This assignment to val is useless since its value is never read. |

go/ql/test/query-tests/Security/CWE-022/UnsafeUnzipSymlink.expected

@@ -5,18 +5,18 @@
 | UnsafeUnzipSymlink.go:126:17:126:31 | selection of Linkname | UnsafeUnzipSymlink.go:126:17:126:31 | selection of Linkname | UnsafeUnzipSymlink.go:112:13:112:20 | linkName | Unresolved path from an archive header, which may point outside the archive root, is used in $@. | UnsafeUnzipSymlink.go:112:13:112:20 | linkName | symlink creation |
 | UnsafeUnzipSymlink.go:126:34:126:44 | selection of Name | UnsafeUnzipSymlink.go:126:34:126:44 | selection of Name | UnsafeUnzipSymlink.go:112:23:112:30 | fileName | Unresolved path from an archive header, which may point outside the archive root, is used in $@. | UnsafeUnzipSymlink.go:112:23:112:30 | fileName | symlink creation |
 edges
-| UnsafeUnzipSymlink.go:111:46:113:1 | SSA def(fileName) | UnsafeUnzipSymlink.go:112:23:112:30 | fileName | provenance | Sink:MaD:1 |
-| UnsafeUnzipSymlink.go:111:46:113:1 | SSA def(linkName) | UnsafeUnzipSymlink.go:112:13:112:20 | linkName | provenance | Sink:MaD:1 |
-| UnsafeUnzipSymlink.go:126:17:126:31 | selection of Linkname | UnsafeUnzipSymlink.go:111:46:113:1 | SSA def(linkName) | provenance |  |
-| UnsafeUnzipSymlink.go:126:34:126:44 | selection of Name | UnsafeUnzipSymlink.go:111:46:113:1 | SSA def(fileName) | provenance |  |
+| UnsafeUnzipSymlink.go:111:19:111:26 | SSA def(linkName) | UnsafeUnzipSymlink.go:112:13:112:20 | linkName | provenance | Sink:MaD:1 |
+| UnsafeUnzipSymlink.go:111:29:111:36 | SSA def(fileName) | UnsafeUnzipSymlink.go:112:23:112:30 | fileName | provenance | Sink:MaD:1 |
+| UnsafeUnzipSymlink.go:126:17:126:31 | selection of Linkname | UnsafeUnzipSymlink.go:111:19:111:26 | SSA def(linkName) | provenance |  |
+| UnsafeUnzipSymlink.go:126:34:126:44 | selection of Name | UnsafeUnzipSymlink.go:111:29:111:36 | SSA def(fileName) | provenance |  |
 models
 | 1 | Sink: os; ; false; Symlink; ; ; Argument[0..1]; path-injection; manual |
 nodes
 | UnsafeUnzipSymlink.go:31:15:31:29 | selection of Linkname | semmle.label | selection of Linkname |
 | UnsafeUnzipSymlink.go:31:32:31:42 | selection of Name | semmle.label | selection of Name |
 | UnsafeUnzipSymlink.go:43:25:43:35 | selection of Name | semmle.label | selection of Name |
-| UnsafeUnzipSymlink.go:111:46:113:1 | SSA def(fileName) | semmle.label | SSA def(fileName) |
-| UnsafeUnzipSymlink.go:111:46:113:1 | SSA def(linkName) | semmle.label | SSA def(linkName) |
+| UnsafeUnzipSymlink.go:111:19:111:26 | SSA def(linkName) | semmle.label | SSA def(linkName) |
+| UnsafeUnzipSymlink.go:111:29:111:36 | SSA def(fileName) | semmle.label | SSA def(fileName) |
 | UnsafeUnzipSymlink.go:112:13:112:20 | linkName | semmle.label | linkName |
 | UnsafeUnzipSymlink.go:112:23:112:30 | fileName | semmle.label | fileName |
 | UnsafeUnzipSymlink.go:126:17:126:31 | selection of Linkname | semmle.label | selection of Linkname |

go/ql/test/query-tests/Security/CWE-022/ZipSlip.expected

@@ -1,21 +1,21 @@
 #select
-| UnsafeUnzipSymlinkGood.go:72:3:72:25 | extract:0 ... := ... | UnsafeUnzipSymlinkGood.go:72:3:72:25 | extract:0 ... := ... | UnsafeUnzipSymlinkGood.go:61:31:61:62 | call to Join | Unsanitized archive entry, which may contain '..', is used in a $@. | UnsafeUnzipSymlinkGood.go:61:31:61:62 | call to Join | file system operation |
-| ZipSlip.go:11:2:15:2 | extract:1 range statement | ZipSlip.go:11:2:15:2 | extract:1 range statement | ZipSlip.go:14:20:14:20 | p | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.go:14:20:14:20 | p | file system operation |
-| tarslip.go:15:2:15:30 | extract:0 ... := ... | tarslip.go:15:2:15:30 | extract:0 ... := ... | tarslip.go:16:14:16:34 | call to Dir | Unsanitized archive entry, which may contain '..', is used in a $@. | tarslip.go:16:14:16:34 | call to Dir | file system operation |
-| tst.go:23:2:43:2 | extract:1 range statement | tst.go:23:2:43:2 | extract:1 range statement | tst.go:29:20:29:23 | path | Unsanitized archive entry, which may contain '..', is used in a $@. | tst.go:29:20:29:23 | path | file system operation |
+| UnsafeUnzipSymlinkGood.go:72:3:72:25 | ... := ...[0] | UnsafeUnzipSymlinkGood.go:72:3:72:25 | ... := ...[0] | UnsafeUnzipSymlinkGood.go:61:31:61:62 | call to Join | Unsanitized archive entry, which may contain '..', is used in a $@. | UnsafeUnzipSymlinkGood.go:61:31:61:62 | call to Join | file system operation |
+| ZipSlip.go:11:2:15:2 | range statement[1] | ZipSlip.go:11:2:15:2 | range statement[1] | ZipSlip.go:14:20:14:20 | p | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.go:14:20:14:20 | p | file system operation |
+| tarslip.go:15:2:15:30 | ... := ...[0] | tarslip.go:15:2:15:30 | ... := ...[0] | tarslip.go:16:14:16:34 | call to Dir | Unsanitized archive entry, which may contain '..', is used in a $@. | tarslip.go:16:14:16:34 | call to Dir | file system operation |
+| tst.go:23:2:43:2 | range statement[1] | tst.go:23:2:43:2 | range statement[1] | tst.go:29:20:29:23 | path | Unsanitized archive entry, which may contain '..', is used in a $@. | tst.go:29:20:29:23 | path | file system operation |
 edges
-| UnsafeUnzipSymlinkGood.go:52:55:67:1 | SSA def(candidate) | UnsafeUnzipSymlinkGood.go:61:53:61:61 | candidate | provenance |  |
+| UnsafeUnzipSymlinkGood.go:52:24:52:32 | SSA def(candidate) | UnsafeUnzipSymlinkGood.go:61:53:61:61 | candidate | provenance |  |
 | UnsafeUnzipSymlinkGood.go:61:53:61:61 | candidate | UnsafeUnzipSymlinkGood.go:61:31:61:62 | call to Join | provenance | FunctionModel Sink:MaD:3 |
-| UnsafeUnzipSymlinkGood.go:72:3:72:25 | extract:0 ... := ... | UnsafeUnzipSymlinkGood.go:76:24:76:38 | selection of Linkname | provenance |  |
-| UnsafeUnzipSymlinkGood.go:72:3:72:25 | extract:0 ... := ... | UnsafeUnzipSymlinkGood.go:76:70:76:80 | selection of Name | provenance |  |
-| UnsafeUnzipSymlinkGood.go:76:24:76:38 | selection of Linkname | UnsafeUnzipSymlinkGood.go:52:55:67:1 | SSA def(candidate) | provenance |  |
-| UnsafeUnzipSymlinkGood.go:76:70:76:80 | selection of Name | UnsafeUnzipSymlinkGood.go:52:55:67:1 | SSA def(candidate) | provenance |  |
-| ZipSlip.go:11:2:15:2 | extract:1 range statement | ZipSlip.go:12:24:12:29 | selection of Name | provenance |  |
-| ZipSlip.go:12:3:12:30 | extract:0 ... := ... | ZipSlip.go:14:20:14:20 | p | provenance | Sink:MaD:1 |
-| ZipSlip.go:12:24:12:29 | selection of Name | ZipSlip.go:12:3:12:30 | extract:0 ... := ... | provenance | MaD:4 |
-| tarslip.go:15:2:15:30 | extract:0 ... := ... | tarslip.go:16:23:16:33 | selection of Name | provenance |  |
+| UnsafeUnzipSymlinkGood.go:72:3:72:25 | ... := ...[0] | UnsafeUnzipSymlinkGood.go:76:24:76:38 | selection of Linkname | provenance |  |
+| UnsafeUnzipSymlinkGood.go:72:3:72:25 | ... := ...[0] | UnsafeUnzipSymlinkGood.go:76:70:76:80 | selection of Name | provenance |  |
+| UnsafeUnzipSymlinkGood.go:76:24:76:38 | selection of Linkname | UnsafeUnzipSymlinkGood.go:52:24:52:32 | SSA def(candidate) | provenance |  |
+| UnsafeUnzipSymlinkGood.go:76:70:76:80 | selection of Name | UnsafeUnzipSymlinkGood.go:52:24:52:32 | SSA def(candidate) | provenance |  |
+| ZipSlip.go:11:2:15:2 | range statement[1] | ZipSlip.go:12:24:12:29 | selection of Name | provenance |  |
+| ZipSlip.go:12:3:12:30 | ... := ...[0] | ZipSlip.go:14:20:14:20 | p | provenance | Sink:MaD:1 |
+| ZipSlip.go:12:24:12:29 | selection of Name | ZipSlip.go:12:3:12:30 | ... := ...[0] | provenance | MaD:4 |
+| tarslip.go:15:2:15:30 | ... := ...[0] | tarslip.go:16:23:16:33 | selection of Name | provenance |  |
 | tarslip.go:16:23:16:33 | selection of Name | tarslip.go:16:14:16:34 | call to Dir | provenance | MaD:5 Sink:MaD:2 |
-| tst.go:23:2:43:2 | extract:1 range statement | tst.go:29:20:29:23 | path | provenance | Sink:MaD:1 |
+| tst.go:23:2:43:2 | range statement[1] | tst.go:29:20:29:23 | path | provenance | Sink:MaD:1 |
 models
 | 1 | Sink: io/ioutil; ; false; WriteFile; ; ; Argument[0]; path-injection; manual |
 | 2 | Sink: os; ; false; MkdirAll; ; ; Argument[0]; path-injection; manual |
@@ -23,19 +23,19 @@ models
 | 4 | Summary: path/filepath; ; false; Abs; ; ; Argument[0]; ReturnValue[0]; taint; manual |
 | 5 | Summary: path; ; false; Dir; ; ; Argument[0]; ReturnValue; taint; manual |
 nodes
-| UnsafeUnzipSymlinkGood.go:52:55:67:1 | SSA def(candidate) | semmle.label | SSA def(candidate) |
+| UnsafeUnzipSymlinkGood.go:52:24:52:32 | SSA def(candidate) | semmle.label | SSA def(candidate) |
 | UnsafeUnzipSymlinkGood.go:61:31:61:62 | call to Join | semmle.label | call to Join |
 | UnsafeUnzipSymlinkGood.go:61:53:61:61 | candidate | semmle.label | candidate |
-| UnsafeUnzipSymlinkGood.go:72:3:72:25 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
+| UnsafeUnzipSymlinkGood.go:72:3:72:25 | ... := ...[0] | semmle.label | ... := ...[0] |
 | UnsafeUnzipSymlinkGood.go:76:24:76:38 | selection of Linkname | semmle.label | selection of Linkname |
 | UnsafeUnzipSymlinkGood.go:76:70:76:80 | selection of Name | semmle.label | selection of Name |
-| ZipSlip.go:11:2:15:2 | extract:1 range statement | semmle.label | extract:1 range statement |
-| ZipSlip.go:12:3:12:30 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
+| ZipSlip.go:11:2:15:2 | range statement[1] | semmle.label | range statement[1] |
+| ZipSlip.go:12:3:12:30 | ... := ...[0] | semmle.label | ... := ...[0] |
 | ZipSlip.go:12:24:12:29 | selection of Name | semmle.label | selection of Name |
 | ZipSlip.go:14:20:14:20 | p | semmle.label | p |
-| tarslip.go:15:2:15:30 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
+| tarslip.go:15:2:15:30 | ... := ...[0] | semmle.label | ... := ...[0] |
 | tarslip.go:16:14:16:34 | call to Dir | semmle.label | call to Dir |
 | tarslip.go:16:23:16:33 | selection of Name | semmle.label | selection of Name |
-| tst.go:23:2:43:2 | extract:1 range statement | semmle.label | extract:1 range statement |
+| tst.go:23:2:43:2 | range statement[1] | semmle.label | range statement[1] |
 | tst.go:29:20:29:23 | path | semmle.label | path |
 subpaths

go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected

@@ -31,16 +31,16 @@ edges
 | SqlInjection.go:11:3:11:17 | call to Query | SqlInjection.go:11:3:11:29 | index expression | provenance |  |
 | SqlInjection.go:11:3:11:29 | index expression | SqlInjection.go:10:7:11:30 | []type{args} [array] | provenance |  |
 | SqlInjection.go:11:3:11:29 | index expression | SqlInjection.go:10:7:11:30 | call to Sprintf | provenance | FunctionModel |
-| issue48.go:17:2:17:33 | extract:0 ... := ... | issue48.go:18:17:18:17 | b | provenance |  |
-| issue48.go:17:25:17:32 | selection of Body | issue48.go:17:2:17:33 | extract:0 ... := ... | provenance | Src:MaD:17 MaD:24 |
+| issue48.go:17:2:17:33 | ... := ...[0] | issue48.go:18:17:18:17 | b | provenance |  |
+| issue48.go:17:25:17:32 | selection of Body | issue48.go:17:2:17:33 | ... := ...[0] | provenance | Src:MaD:17 MaD:24 |
 | issue48.go:18:17:18:17 | b | issue48.go:18:20:18:39 | &... [postupdate] | provenance | MaD:22 |
 | issue48.go:18:20:18:39 | &... [postupdate] | issue48.go:21:3:21:33 | index expression | provenance |  |
 | issue48.go:20:8:21:34 | []type{args} [array] | issue48.go:20:8:21:34 | call to Sprintf | provenance | MaD:23 |
 | issue48.go:20:8:21:34 | call to Sprintf | issue48.go:22:11:22:12 | q3 | provenance | Sink:MaD:1 |
 | issue48.go:21:3:21:33 | index expression | issue48.go:20:8:21:34 | []type{args} [array] | provenance |  |
 | issue48.go:21:3:21:33 | index expression | issue48.go:20:8:21:34 | call to Sprintf | provenance | FunctionModel |
-| issue48.go:27:2:27:34 | extract:0 ... := ... | issue48.go:28:17:28:18 | b2 | provenance |  |
-| issue48.go:27:26:27:33 | selection of Body | issue48.go:27:2:27:34 | extract:0 ... := ... | provenance | Src:MaD:17 MaD:24 |
+| issue48.go:27:2:27:34 | ... := ...[0] | issue48.go:28:17:28:18 | b2 | provenance |  |
+| issue48.go:27:26:27:33 | selection of Body | issue48.go:27:2:27:34 | ... := ...[0] | provenance | Src:MaD:17 MaD:24 |
 | issue48.go:28:17:28:18 | b2 | issue48.go:28:21:28:41 | &... [postupdate] | provenance | MaD:22 |
 | issue48.go:28:21:28:41 | &... [postupdate] | issue48.go:31:3:31:31 | selection of Category | provenance |  |
 | issue48.go:30:8:31:32 | []type{args} [array] | issue48.go:30:8:31:32 | call to Sprintf | provenance | MaD:23 |
@@ -72,19 +72,19 @@ edges
 | main.go:30:13:30:39 | index expression | main.go:28:18:31:2 | struct literal [Category] | provenance |  |
 | main.go:33:7:34:23 | []type{args} [array] | main.go:33:7:34:23 | call to Sprintf | provenance | MaD:23 |
 | main.go:33:7:34:23 | call to Sprintf | main.go:35:11:35:11 | q | provenance | Sink:MaD:1 |
-| main.go:34:3:34:13 | RequestData [pointer, Category] | main.go:34:3:34:13 | implicit-deref RequestData [Category] | provenance |  |
-| main.go:34:3:34:13 | implicit-deref RequestData [Category] | main.go:34:3:34:22 | selection of Category | provenance |  |
+| main.go:34:3:34:13 | RequestData [pointer, Category] | main.go:34:3:34:13 | implicit dereference [Category] | provenance |  |
+| main.go:34:3:34:13 | implicit dereference [Category] | main.go:34:3:34:22 | selection of Category | provenance |  |
 | main.go:34:3:34:22 | selection of Category | main.go:33:7:34:23 | []type{args} [array] | provenance |  |
 | main.go:34:3:34:22 | selection of Category | main.go:33:7:34:23 | call to Sprintf | provenance | FunctionModel |
 | main.go:40:2:40:12 | RequestData [postupdate] [pointer, Category] | main.go:43:3:43:13 | RequestData [pointer, Category] | provenance |  |
-| main.go:40:2:40:12 | implicit-deref RequestData [postupdate] [Category] | main.go:40:2:40:12 | RequestData [postupdate] [pointer, Category] | provenance |  |
+| main.go:40:2:40:12 | implicit dereference [postupdate] [Category] | main.go:40:2:40:12 | RequestData [postupdate] [pointer, Category] | provenance |  |
 | main.go:40:25:40:31 | selection of URL | main.go:40:25:40:39 | call to Query | provenance | Src:MaD:21 MaD:26 |
 | main.go:40:25:40:39 | call to Query | main.go:40:25:40:51 | index expression | provenance |  |
-| main.go:40:25:40:51 | index expression | main.go:40:2:40:12 | implicit-deref RequestData [postupdate] [Category] | provenance |  |
+| main.go:40:25:40:51 | index expression | main.go:40:2:40:12 | implicit dereference [postupdate] [Category] | provenance |  |
 | main.go:42:7:43:23 | []type{args} [array] | main.go:42:7:43:23 | call to Sprintf | provenance | MaD:23 |
 | main.go:42:7:43:23 | call to Sprintf | main.go:44:11:44:11 | q | provenance | Sink:MaD:1 |
-| main.go:43:3:43:13 | RequestData [pointer, Category] | main.go:43:3:43:13 | implicit-deref RequestData [Category] | provenance |  |
-| main.go:43:3:43:13 | implicit-deref RequestData [Category] | main.go:43:3:43:22 | selection of Category | provenance |  |
+| main.go:43:3:43:13 | RequestData [pointer, Category] | main.go:43:3:43:13 | implicit dereference [Category] | provenance |  |
+| main.go:43:3:43:13 | implicit dereference [Category] | main.go:43:3:43:22 | selection of Category | provenance |  |
 | main.go:43:3:43:22 | selection of Category | main.go:42:7:43:23 | []type{args} [array] | provenance |  |
 | main.go:43:3:43:22 | selection of Category | main.go:42:7:43:23 | call to Sprintf | provenance | FunctionModel |
 | main.go:49:3:49:14 | star expression [postupdate] [Category] | main.go:49:4:49:14 | RequestData [postupdate] [pointer, Category] | provenance |  |
@@ -94,8 +94,8 @@ edges
 | main.go:49:28:49:54 | index expression | main.go:49:3:49:14 | star expression [postupdate] [Category] | provenance |  |
 | main.go:51:7:52:23 | []type{args} [array] | main.go:51:7:52:23 | call to Sprintf | provenance | MaD:23 |
 | main.go:51:7:52:23 | call to Sprintf | main.go:53:11:53:11 | q | provenance | Sink:MaD:1 |
-| main.go:52:3:52:13 | RequestData [pointer, Category] | main.go:52:3:52:13 | implicit-deref RequestData [Category] | provenance |  |
-| main.go:52:3:52:13 | implicit-deref RequestData [Category] | main.go:52:3:52:22 | selection of Category | provenance |  |
+| main.go:52:3:52:13 | RequestData [pointer, Category] | main.go:52:3:52:13 | implicit dereference [Category] | provenance |  |
+| main.go:52:3:52:13 | implicit dereference [Category] | main.go:52:3:52:22 | selection of Category | provenance |  |
 | main.go:52:3:52:22 | selection of Category | main.go:51:7:52:23 | []type{args} [array] | provenance |  |
 | main.go:52:3:52:22 | selection of Category | main.go:51:7:52:23 | call to Sprintf | provenance | FunctionModel |
 | main.go:58:3:58:14 | star expression [postupdate] [Category] | main.go:58:4:58:14 | RequestData [postupdate] [pointer, Category] | provenance |  |
@@ -161,7 +161,7 @@ nodes
 | SqlInjection.go:11:3:11:17 | call to Query | semmle.label | call to Query |
 | SqlInjection.go:11:3:11:29 | index expression | semmle.label | index expression |
 | SqlInjection.go:12:11:12:11 | q | semmle.label | q |
-| issue48.go:17:2:17:33 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
+| issue48.go:17:2:17:33 | ... := ...[0] | semmle.label | ... := ...[0] |
 | issue48.go:17:25:17:32 | selection of Body | semmle.label | selection of Body |
 | issue48.go:18:17:18:17 | b | semmle.label | b |
 | issue48.go:18:20:18:39 | &... [postupdate] | semmle.label | &... [postupdate] |
@@ -169,7 +169,7 @@ nodes
 | issue48.go:20:8:21:34 | call to Sprintf | semmle.label | call to Sprintf |
 | issue48.go:21:3:21:33 | index expression | semmle.label | index expression |
 | issue48.go:22:11:22:12 | q3 | semmle.label | q3 |
-| issue48.go:27:2:27:34 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
+| issue48.go:27:2:27:34 | ... := ...[0] | semmle.label | ... := ...[0] |
 | issue48.go:27:26:27:33 | selection of Body | semmle.label | selection of Body |
 | issue48.go:28:17:28:18 | b2 | semmle.label | b2 |
 | issue48.go:28:21:28:41 | &... [postupdate] | semmle.label | &... [postupdate] |
@@ -204,18 +204,18 @@ nodes
 | main.go:33:7:34:23 | []type{args} [array] | semmle.label | []type{args} [array] |
 | main.go:33:7:34:23 | call to Sprintf | semmle.label | call to Sprintf |
 | main.go:34:3:34:13 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
-| main.go:34:3:34:13 | implicit-deref RequestData [Category] | semmle.label | implicit-deref RequestData [Category] |
+| main.go:34:3:34:13 | implicit dereference [Category] | semmle.label | implicit dereference [Category] |
 | main.go:34:3:34:22 | selection of Category | semmle.label | selection of Category |
 | main.go:35:11:35:11 | q | semmle.label | q |
 | main.go:40:2:40:12 | RequestData [postupdate] [pointer, Category] | semmle.label | RequestData [postupdate] [pointer, Category] |
-| main.go:40:2:40:12 | implicit-deref RequestData [postupdate] [Category] | semmle.label | implicit-deref RequestData [postupdate] [Category] |
+| main.go:40:2:40:12 | implicit dereference [postupdate] [Category] | semmle.label | implicit dereference [postupdate] [Category] |
 | main.go:40:25:40:31 | selection of URL | semmle.label | selection of URL |
 | main.go:40:25:40:39 | call to Query | semmle.label | call to Query |
 | main.go:40:25:40:51 | index expression | semmle.label | index expression |
 | main.go:42:7:43:23 | []type{args} [array] | semmle.label | []type{args} [array] |
 | main.go:42:7:43:23 | call to Sprintf | semmle.label | call to Sprintf |
 | main.go:43:3:43:13 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
-| main.go:43:3:43:13 | implicit-deref RequestData [Category] | semmle.label | implicit-deref RequestData [Category] |
+| main.go:43:3:43:13 | implicit dereference [Category] | semmle.label | implicit dereference [Category] |
 | main.go:43:3:43:22 | selection of Category | semmle.label | selection of Category |
 | main.go:44:11:44:11 | q | semmle.label | q |
 | main.go:49:3:49:14 | star expression [postupdate] [Category] | semmle.label | star expression [postupdate] [Category] |
@@ -226,7 +226,7 @@ nodes
 | main.go:51:7:52:23 | []type{args} [array] | semmle.label | []type{args} [array] |
 | main.go:51:7:52:23 | call to Sprintf | semmle.label | call to Sprintf |
 | main.go:52:3:52:13 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
-| main.go:52:3:52:13 | implicit-deref RequestData [Category] | semmle.label | implicit-deref RequestData [Category] |
+| main.go:52:3:52:13 | implicit dereference [Category] | semmle.label | implicit dereference [Category] |
 | main.go:52:3:52:22 | selection of Category | semmle.label | selection of Category |
 | main.go:53:11:53:11 | q | semmle.label | q |
 | main.go:58:3:58:14 | star expression [postupdate] [Category] | semmle.label | star expression [postupdate] [Category] |

go/ql/test/query-tests/Security/CWE-089/StringBreak.expected

@@ -1,25 +1,25 @@
 #select
-| StringBreak.go:15:47:15:57 | versionJSON | StringBreak.go:11:2:11:40 | extract:0 ... := ... | StringBreak.go:15:47:15:57 | versionJSON | If this $@ contains a single quote, it could break out of the enclosing quotes. | StringBreak.go:11:2:11:40 | extract:0 ... := ... | JSON value |
-| StringBreakMismatched.go:18:26:18:32 | escaped | StringBreakMismatched.go:13:2:13:40 | extract:0 ... := ... | StringBreakMismatched.go:18:26:18:32 | escaped | If this $@ contains a single quote, it could break out of the enclosing quotes. | StringBreakMismatched.go:13:2:13:40 | extract:0 ... := ... | JSON value |
-| StringBreakMismatched.go:30:27:30:33 | escaped | StringBreakMismatched.go:25:2:25:40 | extract:0 ... := ... | StringBreakMismatched.go:30:27:30:33 | escaped | If this $@ contains a double quote, it could break out of the enclosing quotes. | StringBreakMismatched.go:25:2:25:40 | extract:0 ... := ... | JSON value |
+| StringBreak.go:15:47:15:57 | versionJSON | StringBreak.go:11:2:11:40 | ... := ...[0] | StringBreak.go:15:47:15:57 | versionJSON | If this $@ contains a single quote, it could break out of the enclosing quotes. | StringBreak.go:11:2:11:40 | ... := ...[0] | JSON value |
+| StringBreakMismatched.go:18:26:18:32 | escaped | StringBreakMismatched.go:13:2:13:40 | ... := ...[0] | StringBreakMismatched.go:18:26:18:32 | escaped | If this $@ contains a single quote, it could break out of the enclosing quotes. | StringBreakMismatched.go:13:2:13:40 | ... := ...[0] | JSON value |
+| StringBreakMismatched.go:30:27:30:33 | escaped | StringBreakMismatched.go:25:2:25:40 | ... := ...[0] | StringBreakMismatched.go:30:27:30:33 | escaped | If this $@ contains a double quote, it could break out of the enclosing quotes. | StringBreakMismatched.go:25:2:25:40 | ... := ...[0] | JSON value |
 edges
-| StringBreak.go:11:2:11:40 | extract:0 ... := ... | StringBreak.go:15:47:15:57 | versionJSON | provenance |  |
-| StringBreakMismatched.go:13:2:13:40 | extract:0 ... := ... | StringBreakMismatched.go:14:29:14:47 | type conversion | provenance |  |
+| StringBreak.go:11:2:11:40 | ... := ...[0] | StringBreak.go:15:47:15:57 | versionJSON | provenance |  |
+| StringBreakMismatched.go:13:2:13:40 | ... := ...[0] | StringBreakMismatched.go:14:29:14:47 | type conversion | provenance |  |
 | StringBreakMismatched.go:14:13:14:62 | call to Replace | StringBreakMismatched.go:18:26:18:32 | escaped | provenance |  |
 | StringBreakMismatched.go:14:29:14:47 | type conversion | StringBreakMismatched.go:14:13:14:62 | call to Replace | provenance | MaD:1 |
-| StringBreakMismatched.go:25:2:25:40 | extract:0 ... := ... | StringBreakMismatched.go:26:29:26:47 | type conversion | provenance |  |
+| StringBreakMismatched.go:25:2:25:40 | ... := ...[0] | StringBreakMismatched.go:26:29:26:47 | type conversion | provenance |  |
 | StringBreakMismatched.go:26:13:26:61 | call to Replace | StringBreakMismatched.go:30:27:30:33 | escaped | provenance |  |
 | StringBreakMismatched.go:26:29:26:47 | type conversion | StringBreakMismatched.go:26:13:26:61 | call to Replace | provenance | MaD:1 |
 models
 | 1 | Summary: strings; ; false; Replace; ; ; Argument[0]; ReturnValue; taint; manual |
 nodes
-| StringBreak.go:11:2:11:40 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
+| StringBreak.go:11:2:11:40 | ... := ...[0] | semmle.label | ... := ...[0] |
 | StringBreak.go:15:47:15:57 | versionJSON | semmle.label | versionJSON |
-| StringBreakMismatched.go:13:2:13:40 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
+| StringBreakMismatched.go:13:2:13:40 | ... := ...[0] | semmle.label | ... := ...[0] |
 | StringBreakMismatched.go:14:13:14:62 | call to Replace | semmle.label | call to Replace |
 | StringBreakMismatched.go:14:29:14:47 | type conversion | semmle.label | type conversion |
 | StringBreakMismatched.go:18:26:18:32 | escaped | semmle.label | escaped |
-| StringBreakMismatched.go:25:2:25:40 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
+| StringBreakMismatched.go:25:2:25:40 | ... := ...[0] | semmle.label | ... := ...[0] |
 | StringBreakMismatched.go:26:13:26:61 | call to Replace | semmle.label | call to Replace |
 | StringBreakMismatched.go:26:29:26:47 | type conversion | semmle.label | type conversion |
 | StringBreakMismatched.go:30:27:30:33 | escaped | semmle.label | escaped |

go/ql/test/query-tests/Security/CWE-190/AllocationSizeOverflow.expected

@@ -1,22 +1,22 @@
 #select
-| AllocationSizeOverflow.go:10:10:10:22 | call to len | AllocationSizeOverflow.go:6:2:6:33 | extract:0 ... := ... | AllocationSizeOverflow.go:10:10:10:22 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | AllocationSizeOverflow.go:11:25:11:28 | size | allocation | AllocationSizeOverflow.go:6:2:6:33 | extract:0 ... := ... | potentially large value |
-| tst2.go:10:22:10:30 | call to len | tst2.go:9:2:9:37 | extract:0 ... := ... | tst2.go:10:22:10:30 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst2.go:10:22:10:32 | ...+... | allocation | tst2.go:9:2:9:37 | extract:0 ... := ... | potentially large value |
-| tst2.go:15:22:15:30 | call to len | tst2.go:14:2:14:29 | extract:0 ... := ... | tst2.go:15:22:15:30 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst2.go:15:22:15:32 | ...+... | allocation | tst2.go:14:2:14:29 | extract:0 ... := ... | potentially large value |
-| tst3.go:7:22:7:34 | call to len | tst3.go:6:2:6:31 | extract:0 ... := ... | tst3.go:7:22:7:34 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst3.go:7:22:7:36 | ...+... | allocation | tst3.go:6:2:6:31 | extract:0 ... := ... | potentially large value |
-| tst3.go:24:16:24:28 | call to len | tst3.go:6:2:6:31 | extract:0 ... := ... | tst3.go:24:16:24:28 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst3.go:27:24:27:32 | newlength | allocation | tst3.go:6:2:6:31 | extract:0 ... := ... | potentially large value |
-| tst3.go:32:16:32:28 | call to len | tst3.go:6:2:6:31 | extract:0 ... := ... | tst3.go:32:16:32:28 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst3.go:36:23:36:31 | newlength | allocation | tst3.go:6:2:6:31 | extract:0 ... := ... | potentially large value |
-| tst.go:15:22:15:34 | call to len | tst.go:14:2:14:30 | extract:0 ... = ... | tst.go:15:22:15:34 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst.go:15:22:15:36 | ...+... | allocation | tst.go:14:2:14:30 | extract:0 ... = ... | potentially large value |
-| tst.go:21:22:21:34 | call to len | tst.go:20:2:20:31 | extract:0 ... = ... | tst.go:21:22:21:34 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst.go:21:22:21:36 | ...+... | allocation | tst.go:20:2:20:31 | extract:0 ... = ... | potentially large value |
-| tst.go:27:26:27:38 | call to len | tst.go:26:2:26:31 | extract:0 ... = ... | tst.go:27:26:27:38 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst.go:27:26:27:40 | ...+... | allocation | tst.go:26:2:26:31 | extract:0 ... = ... | potentially large value |
-| tst.go:35:22:35:34 | call to len | tst.go:34:2:34:30 | extract:0 ... = ... | tst.go:35:22:35:34 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst.go:35:22:35:36 | ...+... | allocation | tst.go:34:2:34:30 | extract:0 ... = ... | potentially large value |
+| AllocationSizeOverflow.go:10:10:10:22 | call to len | AllocationSizeOverflow.go:6:2:6:33 | ... := ...[0] | AllocationSizeOverflow.go:10:10:10:22 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | AllocationSizeOverflow.go:11:25:11:28 | size | allocation | AllocationSizeOverflow.go:6:2:6:33 | ... := ...[0] | potentially large value |
+| tst2.go:10:22:10:30 | call to len | tst2.go:9:2:9:37 | ... := ...[0] | tst2.go:10:22:10:30 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst2.go:10:22:10:32 | ...+... | allocation | tst2.go:9:2:9:37 | ... := ...[0] | potentially large value |
+| tst2.go:15:22:15:30 | call to len | tst2.go:14:2:14:29 | ... := ...[0] | tst2.go:15:22:15:30 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst2.go:15:22:15:32 | ...+... | allocation | tst2.go:14:2:14:29 | ... := ...[0] | potentially large value |
+| tst3.go:7:22:7:34 | call to len | tst3.go:6:2:6:31 | ... := ...[0] | tst3.go:7:22:7:34 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst3.go:7:22:7:36 | ...+... | allocation | tst3.go:6:2:6:31 | ... := ...[0] | potentially large value |
+| tst3.go:24:16:24:28 | call to len | tst3.go:6:2:6:31 | ... := ...[0] | tst3.go:24:16:24:28 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst3.go:27:24:27:32 | newlength | allocation | tst3.go:6:2:6:31 | ... := ...[0] | potentially large value |
+| tst3.go:32:16:32:28 | call to len | tst3.go:6:2:6:31 | ... := ...[0] | tst3.go:32:16:32:28 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst3.go:36:23:36:31 | newlength | allocation | tst3.go:6:2:6:31 | ... := ...[0] | potentially large value |
+| tst.go:15:22:15:34 | call to len | tst.go:14:2:14:30 | ... = ...[0] | tst.go:15:22:15:34 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst.go:15:22:15:36 | ...+... | allocation | tst.go:14:2:14:30 | ... = ...[0] | potentially large value |
+| tst.go:21:22:21:34 | call to len | tst.go:20:2:20:31 | ... = ...[0] | tst.go:21:22:21:34 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst.go:21:22:21:36 | ...+... | allocation | tst.go:20:2:20:31 | ... = ...[0] | potentially large value |
+| tst.go:27:26:27:38 | call to len | tst.go:26:2:26:31 | ... = ...[0] | tst.go:27:26:27:38 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst.go:27:26:27:40 | ...+... | allocation | tst.go:26:2:26:31 | ... = ...[0] | potentially large value |
+| tst.go:35:22:35:34 | call to len | tst.go:34:2:34:30 | ... = ...[0] | tst.go:35:22:35:34 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst.go:35:22:35:36 | ...+... | allocation | tst.go:34:2:34:30 | ... = ...[0] | potentially large value |
 edges
-| AllocationSizeOverflow.go:6:2:6:33 | extract:0 ... := ... | AllocationSizeOverflow.go:10:14:10:21 | jsonData | provenance |  |
+| AllocationSizeOverflow.go:6:2:6:33 | ... := ...[0] | AllocationSizeOverflow.go:10:14:10:21 | jsonData | provenance |  |
 | AllocationSizeOverflow.go:10:14:10:21 | jsonData | AllocationSizeOverflow.go:10:10:10:22 | call to len | provenance | Config |
-| tst2.go:9:2:9:37 | extract:0 ... := ... | tst2.go:10:26:10:29 | data | provenance | Src:MaD:1  |
+| tst2.go:9:2:9:37 | ... := ...[0] | tst2.go:10:26:10:29 | data | provenance | Src:MaD:1  |
 | tst2.go:10:26:10:29 | data | tst2.go:10:22:10:30 | call to len | provenance | Config |
-| tst2.go:14:2:14:29 | extract:0 ... := ... | tst2.go:15:26:15:29 | data | provenance |  |
+| tst2.go:14:2:14:29 | ... := ...[0] | tst2.go:15:26:15:29 | data | provenance |  |
 | tst2.go:15:26:15:29 | data | tst2.go:15:22:15:30 | call to len | provenance | Config |
-| tst3.go:6:2:6:31 | extract:0 ... := ... | tst3.go:7:26:7:33 | jsonData | provenance |  |
+| tst3.go:6:2:6:31 | ... := ...[0] | tst3.go:7:26:7:33 | jsonData | provenance |  |
 | tst3.go:7:26:7:33 | jsonData | tst3.go:7:22:7:34 | call to len | provenance | Config |
 | tst3.go:7:26:7:33 | jsonData | tst3.go:9:32:9:39 | jsonData | provenance |  |
 | tst3.go:9:32:9:39 | jsonData | tst3.go:11:9:11:16 | jsonData | provenance |  |
@@ -25,27 +25,27 @@ edges
 | tst3.go:24:20:24:27 | jsonData | tst3.go:24:16:24:28 | call to len | provenance | Config |
 | tst3.go:24:20:24:27 | jsonData | tst3.go:32:20:32:27 | jsonData | provenance |  |
 | tst3.go:32:20:32:27 | jsonData | tst3.go:32:16:32:28 | call to len | provenance | Config |
-| tst.go:14:2:14:30 | extract:0 ... = ... | tst.go:15:26:15:33 | jsonData | provenance |  |
+| tst.go:14:2:14:30 | ... = ...[0] | tst.go:15:26:15:33 | jsonData | provenance |  |
 | tst.go:15:26:15:33 | jsonData | tst.go:15:22:15:34 | call to len | provenance | Config |
-| tst.go:20:2:20:31 | extract:0 ... = ... | tst.go:21:26:21:33 | jsonData | provenance |  |
+| tst.go:20:2:20:31 | ... = ...[0] | tst.go:21:26:21:33 | jsonData | provenance |  |
 | tst.go:21:26:21:33 | jsonData | tst.go:21:22:21:34 | call to len | provenance | Config |
-| tst.go:26:2:26:31 | extract:0 ... = ... | tst.go:27:30:27:37 | jsonData | provenance |  |
+| tst.go:26:2:26:31 | ... = ...[0] | tst.go:27:30:27:37 | jsonData | provenance |  |
 | tst.go:27:30:27:37 | jsonData | tst.go:27:26:27:38 | call to len | provenance | Config |
-| tst.go:34:2:34:30 | extract:0 ... = ... | tst.go:35:26:35:33 | jsonData | provenance |  |
+| tst.go:34:2:34:30 | ... = ...[0] | tst.go:35:26:35:33 | jsonData | provenance |  |
 | tst.go:35:26:35:33 | jsonData | tst.go:35:22:35:34 | call to len | provenance | Config |
 models
 | 1 | Source: io/ioutil; ; false; ReadFile; ; ; ReturnValue[0]; file; manual |
 nodes
-| AllocationSizeOverflow.go:6:2:6:33 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
+| AllocationSizeOverflow.go:6:2:6:33 | ... := ...[0] | semmle.label | ... := ...[0] |
 | AllocationSizeOverflow.go:10:10:10:22 | call to len | semmle.label | call to len |
 | AllocationSizeOverflow.go:10:14:10:21 | jsonData | semmle.label | jsonData |
-| tst2.go:9:2:9:37 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
+| tst2.go:9:2:9:37 | ... := ...[0] | semmle.label | ... := ...[0] |
 | tst2.go:10:22:10:30 | call to len | semmle.label | call to len |
 | tst2.go:10:26:10:29 | data | semmle.label | data |
-| tst2.go:14:2:14:29 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
+| tst2.go:14:2:14:29 | ... := ...[0] | semmle.label | ... := ...[0] |
 | tst2.go:15:22:15:30 | call to len | semmle.label | call to len |
 | tst2.go:15:26:15:29 | data | semmle.label | data |
-| tst3.go:6:2:6:31 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
+| tst3.go:6:2:6:31 | ... := ...[0] | semmle.label | ... := ...[0] |
 | tst3.go:7:22:7:34 | call to len | semmle.label | call to len |
 | tst3.go:7:26:7:33 | jsonData | semmle.label | jsonData |
 | tst3.go:9:32:9:39 | jsonData | semmle.label | jsonData |
@@ -55,16 +55,16 @@ nodes
 | tst3.go:24:20:24:27 | jsonData | semmle.label | jsonData |
 | tst3.go:32:16:32:28 | call to len | semmle.label | call to len |
 | tst3.go:32:20:32:27 | jsonData | semmle.label | jsonData |
-| tst.go:14:2:14:30 | extract:0 ... = ... | semmle.label | extract:0 ... = ... |
+| tst.go:14:2:14:30 | ... = ...[0] | semmle.label | ... = ...[0] |
 | tst.go:15:22:15:34 | call to len | semmle.label | call to len |
 | tst.go:15:26:15:33 | jsonData | semmle.label | jsonData |
-| tst.go:20:2:20:31 | extract:0 ... = ... | semmle.label | extract:0 ... = ... |
+| tst.go:20:2:20:31 | ... = ...[0] | semmle.label | ... = ...[0] |
 | tst.go:21:22:21:34 | call to len | semmle.label | call to len |
 | tst.go:21:26:21:33 | jsonData | semmle.label | jsonData |
-| tst.go:26:2:26:31 | extract:0 ... = ... | semmle.label | extract:0 ... = ... |
+| tst.go:26:2:26:31 | ... = ...[0] | semmle.label | ... = ...[0] |
 | tst.go:27:26:27:38 | call to len | semmle.label | call to len |
 | tst.go:27:30:27:37 | jsonData | semmle.label | jsonData |
-| tst.go:34:2:34:30 | extract:0 ... = ... | semmle.label | extract:0 ... = ... |
+| tst.go:34:2:34:30 | ... = ...[0] | semmle.label | ... = ...[0] |
 | tst.go:35:22:35:34 | call to len | semmle.label | call to len |
 | tst.go:35:26:35:33 | jsonData | semmle.label | jsonData |
 subpaths

go/ql/test/query-tests/Security/CWE-295/DisabledCertificateCheck/DisabledCertificateCheck.expected

@@ -1,4 +1,4 @@
-| DisabledCertificateCheck.go:10:32:10:55 | lit-init key-value pair | InsecureSkipVerify should not be used in production code. |
-| main.go:9:2:9:30 | assign:0 ... = ... | InsecureSkipVerify should not be used in production code. |
-| main.go:57:21:57:44 | lit-init key-value pair | InsecureSkipVerify should not be used in production code. |
-| main.go:62:32:62:55 | lit-init key-value pair | InsecureSkipVerify should not be used in production code. |
+| DisabledCertificateCheck.go:10:32:10:55 | init of key-value pair | InsecureSkipVerify should not be used in production code. |
+| main.go:9:2:9:23 | assignment to field InsecureSkipVerify | InsecureSkipVerify should not be used in production code. |
+| main.go:57:21:57:44 | init of key-value pair | InsecureSkipVerify should not be used in production code. |
+| main.go:62:32:62:55 | init of key-value pair | InsecureSkipVerify should not be used in production code. |

go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected

@@ -1,85 +1,80 @@
 #select
 | klog.go:23:15:23:20 | header | klog.go:21:30:21:37 | selection of Header | klog.go:23:15:23:20 | header | $@ flows to a logging call. | klog.go:21:30:21:37 | selection of Header | Sensitive data returned by HTTP request headers |
 | klog.go:29:13:29:41 | call to Get | klog.go:29:13:29:20 | selection of Header | klog.go:29:13:29:41 | call to Get | $@ flows to a logging call. | klog.go:29:13:29:20 | selection of Header | Sensitive data returned by HTTP request headers |
-| main.go:19:12:19:19 | password | main.go:17:2:17:23 | SSA def(password) | main.go:19:12:19:19 | password | $@ flows to a logging call. | main.go:17:2:17:23 | SSA def(password) | Sensitive data returned by an access to password |
-| main.go:20:19:20:26 | password | main.go:17:2:17:23 | SSA def(password) | main.go:20:19:20:26 | password | $@ flows to a logging call. | main.go:17:2:17:23 | SSA def(password) | Sensitive data returned by an access to password |
-| main.go:21:13:21:20 | password | main.go:17:2:17:23 | SSA def(password) | main.go:21:13:21:20 | password | $@ flows to a logging call. | main.go:17:2:17:23 | SSA def(password) | Sensitive data returned by an access to password |
-| main.go:22:14:22:21 | password | main.go:17:2:17:23 | SSA def(password) | main.go:22:14:22:21 | password | $@ flows to a logging call. | main.go:17:2:17:23 | SSA def(password) | Sensitive data returned by an access to password |
-| main.go:24:13:24:20 | password | main.go:17:2:17:23 | SSA def(password) | main.go:24:13:24:20 | password | $@ flows to a logging call. | main.go:17:2:17:23 | SSA def(password) | Sensitive data returned by an access to password |
-| main.go:27:20:27:27 | password | main.go:17:2:17:23 | SSA def(password) | main.go:27:20:27:27 | password | $@ flows to a logging call. | main.go:17:2:17:23 | SSA def(password) | Sensitive data returned by an access to password |
-| main.go:30:14:30:21 | password | main.go:17:2:17:23 | SSA def(password) | main.go:30:14:30:21 | password | $@ flows to a logging call. | main.go:17:2:17:23 | SSA def(password) | Sensitive data returned by an access to password |
-| main.go:33:15:33:22 | password | main.go:17:2:17:23 | SSA def(password) | main.go:33:15:33:22 | password | $@ flows to a logging call. | main.go:17:2:17:23 | SSA def(password) | Sensitive data returned by an access to password |
-| main.go:36:13:36:20 | password | main.go:17:2:17:23 | SSA def(password) | main.go:36:13:36:20 | password | $@ flows to a logging call. | main.go:17:2:17:23 | SSA def(password) | Sensitive data returned by an access to password |
-| main.go:39:20:39:27 | password | main.go:17:2:17:23 | SSA def(password) | main.go:39:20:39:27 | password | $@ flows to a logging call. | main.go:17:2:17:23 | SSA def(password) | Sensitive data returned by an access to password |
-| main.go:42:14:42:21 | password | main.go:17:2:17:23 | SSA def(password) | main.go:42:14:42:21 | password | $@ flows to a logging call. | main.go:17:2:17:23 | SSA def(password) | Sensitive data returned by an access to password |
-| main.go:45:15:45:22 | password | main.go:17:2:17:23 | SSA def(password) | main.go:45:15:45:22 | password | $@ flows to a logging call. | main.go:17:2:17:23 | SSA def(password) | Sensitive data returned by an access to password |
-| main.go:47:16:47:23 | password | main.go:17:2:17:23 | SSA def(password) | main.go:47:16:47:23 | password | $@ flows to a logging call. | main.go:17:2:17:23 | SSA def(password) | Sensitive data returned by an access to password |
-| main.go:51:10:51:17 | password | main.go:17:2:17:23 | SSA def(password) | main.go:51:10:51:17 | password | $@ flows to a logging call. | main.go:17:2:17:23 | SSA def(password) | Sensitive data returned by an access to password |
-| main.go:52:17:52:24 | password | main.go:17:2:17:23 | SSA def(password) | main.go:52:17:52:24 | password | $@ flows to a logging call. | main.go:17:2:17:23 | SSA def(password) | Sensitive data returned by an access to password |
-| main.go:53:11:53:18 | password | main.go:17:2:17:23 | SSA def(password) | main.go:53:11:53:18 | password | $@ flows to a logging call. | main.go:17:2:17:23 | SSA def(password) | Sensitive data returned by an access to password |
-| main.go:54:12:54:19 | password | main.go:17:2:17:23 | SSA def(password) | main.go:54:12:54:19 | password | $@ flows to a logging call. | main.go:17:2:17:23 | SSA def(password) | Sensitive data returned by an access to password |
-| main.go:56:11:56:18 | password | main.go:17:2:17:23 | SSA def(password) | main.go:56:11:56:18 | password | $@ flows to a logging call. | main.go:17:2:17:23 | SSA def(password) | Sensitive data returned by an access to password |
-| main.go:59:18:59:25 | password | main.go:17:2:17:23 | SSA def(password) | main.go:59:18:59:25 | password | $@ flows to a logging call. | main.go:17:2:17:23 | SSA def(password) | Sensitive data returned by an access to password |
-| main.go:62:12:62:19 | password | main.go:17:2:17:23 | SSA def(password) | main.go:62:12:62:19 | password | $@ flows to a logging call. | main.go:17:2:17:23 | SSA def(password) | Sensitive data returned by an access to password |
-| main.go:65:13:65:20 | password | main.go:17:2:17:23 | SSA def(password) | main.go:65:13:65:20 | password | $@ flows to a logging call. | main.go:17:2:17:23 | SSA def(password) | Sensitive data returned by an access to password |
-| main.go:68:11:68:18 | password | main.go:17:2:17:23 | SSA def(password) | main.go:68:11:68:18 | password | $@ flows to a logging call. | main.go:17:2:17:23 | SSA def(password) | Sensitive data returned by an access to password |
-| main.go:71:18:71:25 | password | main.go:17:2:17:23 | SSA def(password) | main.go:71:18:71:25 | password | $@ flows to a logging call. | main.go:17:2:17:23 | SSA def(password) | Sensitive data returned by an access to password |
-| main.go:74:12:74:19 | password | main.go:17:2:17:23 | SSA def(password) | main.go:74:12:74:19 | password | $@ flows to a logging call. | main.go:17:2:17:23 | SSA def(password) | Sensitive data returned by an access to password |
-| main.go:77:13:77:20 | password | main.go:17:2:17:23 | SSA def(password) | main.go:77:13:77:20 | password | $@ flows to a logging call. | main.go:17:2:17:23 | SSA def(password) | Sensitive data returned by an access to password |
-| main.go:79:14:79:21 | password | main.go:17:2:17:23 | SSA def(password) | main.go:79:14:79:21 | password | $@ flows to a logging call. | main.go:17:2:17:23 | SSA def(password) | Sensitive data returned by an access to password |
-| main.go:82:12:82:19 | password | main.go:17:2:17:23 | SSA def(password) | main.go:82:12:82:19 | password | $@ flows to a logging call. | main.go:17:2:17:23 | SSA def(password) | Sensitive data returned by an access to password |
-| main.go:83:17:83:24 | password | main.go:17:2:17:23 | SSA def(password) | main.go:83:17:83:24 | password | $@ flows to a logging call. | main.go:17:2:17:23 | SSA def(password) | Sensitive data returned by an access to password |
-| main.go:87:29:87:34 | fields | main.go:17:2:17:23 | SSA def(password) | main.go:87:29:87:34 | fields | $@ flows to a logging call. | main.go:17:2:17:23 | SSA def(password) | Sensitive data returned by an access to password |
-| main.go:90:35:90:42 | password | main.go:17:2:17:23 | SSA def(password) | main.go:90:35:90:42 | password | $@ flows to a logging call. | main.go:17:2:17:23 | SSA def(password) | Sensitive data returned by an access to password |
-| overrides.go:13:14:13:23 | call to String | overrides.go:8:2:8:40 | SSA def(password) | overrides.go:13:14:13:23 | call to String | $@ flows to a logging call. | overrides.go:8:2:8:40 | SSA def(password) | Sensitive data returned by an access to password |
-| passwords.go:9:14:9:14 | x | passwords.go:21:2:21:23 | SSA def(password) | passwords.go:9:14:9:14 | x | $@ flows to a logging call. | passwords.go:21:2:21:23 | SSA def(password) | Sensitive data returned by an access to password |
-| passwords.go:25:14:25:21 | password | passwords.go:21:2:21:23 | SSA def(password) | passwords.go:25:14:25:21 | password | $@ flows to a logging call. | passwords.go:21:2:21:23 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:19:12:19:19 | password | main.go:17:2:17:9 | SSA def(password) | main.go:19:12:19:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:20:19:20:26 | password | main.go:17:2:17:9 | SSA def(password) | main.go:20:19:20:26 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:21:13:21:20 | password | main.go:17:2:17:9 | SSA def(password) | main.go:21:13:21:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:22:14:22:21 | password | main.go:17:2:17:9 | SSA def(password) | main.go:22:14:22:21 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:24:13:24:20 | password | main.go:17:2:17:9 | SSA def(password) | main.go:24:13:24:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:27:20:27:27 | password | main.go:17:2:17:9 | SSA def(password) | main.go:27:20:27:27 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:30:14:30:21 | password | main.go:17:2:17:9 | SSA def(password) | main.go:30:14:30:21 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:33:15:33:22 | password | main.go:17:2:17:9 | SSA def(password) | main.go:33:15:33:22 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:36:13:36:20 | password | main.go:17:2:17:9 | SSA def(password) | main.go:36:13:36:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:39:20:39:27 | password | main.go:17:2:17:9 | SSA def(password) | main.go:39:20:39:27 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:42:14:42:21 | password | main.go:17:2:17:9 | SSA def(password) | main.go:42:14:42:21 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:45:15:45:22 | password | main.go:17:2:17:9 | SSA def(password) | main.go:45:15:45:22 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:47:16:47:23 | password | main.go:17:2:17:9 | SSA def(password) | main.go:47:16:47:23 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:51:10:51:17 | password | main.go:17:2:17:9 | SSA def(password) | main.go:51:10:51:17 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:52:17:52:24 | password | main.go:17:2:17:9 | SSA def(password) | main.go:52:17:52:24 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:53:11:53:18 | password | main.go:17:2:17:9 | SSA def(password) | main.go:53:11:53:18 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:54:12:54:19 | password | main.go:17:2:17:9 | SSA def(password) | main.go:54:12:54:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:56:11:56:18 | password | main.go:17:2:17:9 | SSA def(password) | main.go:56:11:56:18 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:59:18:59:25 | password | main.go:17:2:17:9 | SSA def(password) | main.go:59:18:59:25 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:62:12:62:19 | password | main.go:17:2:17:9 | SSA def(password) | main.go:62:12:62:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:65:13:65:20 | password | main.go:17:2:17:9 | SSA def(password) | main.go:65:13:65:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:68:11:68:18 | password | main.go:17:2:17:9 | SSA def(password) | main.go:68:11:68:18 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:71:18:71:25 | password | main.go:17:2:17:9 | SSA def(password) | main.go:71:18:71:25 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:74:12:74:19 | password | main.go:17:2:17:9 | SSA def(password) | main.go:74:12:74:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:77:13:77:20 | password | main.go:17:2:17:9 | SSA def(password) | main.go:77:13:77:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:79:14:79:21 | password | main.go:17:2:17:9 | SSA def(password) | main.go:79:14:79:21 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:82:12:82:19 | password | main.go:17:2:17:9 | SSA def(password) | main.go:82:12:82:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:83:17:83:24 | password | main.go:17:2:17:9 | SSA def(password) | main.go:83:17:83:24 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:87:29:87:34 | fields | main.go:17:2:17:9 | SSA def(password) | main.go:87:29:87:34 | fields | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| main.go:90:35:90:42 | password | main.go:17:2:17:9 | SSA def(password) | main.go:90:35:90:42 | password | $@ flows to a logging call. | main.go:17:2:17:9 | SSA def(password) | Sensitive data returned by an access to password |
+| overrides.go:13:14:13:23 | call to String | overrides.go:8:2:8:9 | SSA def(password) | overrides.go:13:14:13:23 | call to String | $@ flows to a logging call. | overrides.go:8:2:8:9 | SSA def(password) | Sensitive data returned by an access to password |
+| passwords.go:9:14:9:14 | x | passwords.go:21:2:21:9 | SSA def(password) | passwords.go:9:14:9:14 | x | $@ flows to a logging call. | passwords.go:21:2:21:9 | SSA def(password) | Sensitive data returned by an access to password |
+| passwords.go:25:14:25:21 | password | passwords.go:21:2:21:9 | SSA def(password) | passwords.go:25:14:25:21 | password | $@ flows to a logging call. | passwords.go:21:2:21:9 | SSA def(password) | Sensitive data returned by an access to password |
 | passwords.go:26:14:26:23 | selection of password | passwords.go:26:14:26:23 | selection of password | passwords.go:26:14:26:23 | selection of password | $@ flows to a logging call. | passwords.go:26:14:26:23 | selection of password | Sensitive data returned by an access to password |
 | passwords.go:27:14:27:26 | call to getPassword | passwords.go:27:14:27:26 | call to getPassword | passwords.go:27:14:27:26 | call to getPassword | $@ flows to a logging call. | passwords.go:27:14:27:26 | call to getPassword | Sensitive data returned by a call to getPassword |
 | passwords.go:28:14:28:28 | call to getPassword | passwords.go:28:14:28:28 | call to getPassword | passwords.go:28:14:28:28 | call to getPassword | $@ flows to a logging call. | passwords.go:28:14:28:28 | call to getPassword | Sensitive data returned by a call to getPassword |
-| passwords.go:33:13:33:20 | password | passwords.go:21:2:21:23 | SSA def(password) | passwords.go:33:13:33:20 | password | $@ flows to a logging call. | passwords.go:21:2:21:23 | SSA def(password) | Sensitive data returned by an access to password |
-| passwords.go:36:14:36:35 | ...+... | passwords.go:21:2:21:23 | SSA def(password) | passwords.go:36:14:36:35 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:23 | SSA def(password) | Sensitive data returned by an access to password |
-| passwords.go:41:14:41:17 | obj1 | passwords.go:39:3:39:13 | key-value pair | passwords.go:41:14:41:17 | obj1 | $@ flows to a logging call. | passwords.go:39:3:39:13 | key-value pair | Sensitive data returned by an access to password |
+| passwords.go:33:13:33:20 | password | passwords.go:21:2:21:9 | SSA def(password) | passwords.go:33:13:33:20 | password | $@ flows to a logging call. | passwords.go:21:2:21:9 | SSA def(password) | Sensitive data returned by an access to password |
+| passwords.go:36:14:36:35 | ...+... | passwords.go:21:2:21:9 | SSA def(password) | passwords.go:36:14:36:35 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | SSA def(password) | Sensitive data returned by an access to password |
 | passwords.go:41:14:41:17 | obj1 | passwords.go:39:13:39:13 | x | passwords.go:41:14:41:17 | obj1 | $@ flows to a logging call. | passwords.go:39:13:39:13 | x | Sensitive data returned by an access to password |
-| passwords.go:46:14:46:17 | obj2 | passwords.go:21:2:21:23 | SSA def(password) | passwords.go:46:14:46:17 | obj2 | $@ flows to a logging call. | passwords.go:21:2:21:23 | SSA def(password) | Sensitive data returned by an access to password |
-| passwords.go:53:14:53:27 | fixed_password | passwords.go:52:2:52:44 | SSA def(fixed_password) | passwords.go:53:14:53:27 | fixed_password | $@ flows to a logging call. | passwords.go:52:2:52:44 | SSA def(fixed_password) | Sensitive data returned by an access to fixed_password |
-| passwords.go:65:14:65:44 | struct literal | passwords.go:65:25:65:43 | key-value pair | passwords.go:65:14:65:44 | struct literal | $@ flows to a logging call. | passwords.go:65:25:65:43 | key-value pair | Sensitive data returned by an access to password |
-| passwords.go:91:14:91:26 | utilityObject | passwords.go:89:3:89:36 | key-value pair | passwords.go:91:14:91:26 | utilityObject | $@ flows to a logging call. | passwords.go:89:3:89:36 | key-value pair | Sensitive data returned by an access to passwordSet |
+| passwords.go:46:14:46:17 | obj2 | passwords.go:21:2:21:9 | SSA def(password) | passwords.go:46:14:46:17 | obj2 | $@ flows to a logging call. | passwords.go:21:2:21:9 | SSA def(password) | Sensitive data returned by an access to password |
+| passwords.go:53:14:53:27 | fixed_password | passwords.go:52:2:52:15 | SSA def(fixed_password) | passwords.go:53:14:53:27 | fixed_password | $@ flows to a logging call. | passwords.go:52:2:52:15 | SSA def(fixed_password) | Sensitive data returned by an access to fixed_password |
 | passwords.go:91:14:91:26 | utilityObject | passwords.go:89:16:89:36 | call to make | passwords.go:91:14:91:26 | utilityObject | $@ flows to a logging call. | passwords.go:89:16:89:36 | call to make | Sensitive data returned by an access to passwordSet |
-| passwords.go:94:23:94:28 | secret | passwords.go:21:2:21:23 | SSA def(password) | passwords.go:94:23:94:28 | secret | $@ flows to a logging call. | passwords.go:21:2:21:23 | SSA def(password) | Sensitive data returned by an access to password |
-| passwords.go:104:15:104:40 | ...+... | passwords.go:21:2:21:23 | SSA def(password) | passwords.go:104:15:104:40 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:23 | SSA def(password) | Sensitive data returned by an access to password |
-| passwords.go:110:16:110:41 | ...+... | passwords.go:21:2:21:23 | SSA def(password) | passwords.go:110:16:110:41 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:23 | SSA def(password) | Sensitive data returned by an access to password |
-| passwords.go:115:15:115:40 | ...+... | passwords.go:21:2:21:23 | SSA def(password) | passwords.go:115:15:115:40 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:23 | SSA def(password) | Sensitive data returned by an access to password |
-| passwords.go:119:14:119:45 | ...+... | passwords.go:118:6:118:50 | SSA def(password1) | passwords.go:119:14:119:45 | ...+... | $@ flows to a logging call. | passwords.go:118:6:118:50 | SSA def(password1) | Sensitive data returned by an access to password1 |
-| passwords.go:129:14:129:19 | config | passwords.go:21:2:21:23 | SSA def(password) | passwords.go:129:14:129:19 | config | $@ flows to a logging call. | passwords.go:21:2:21:23 | SSA def(password) | Sensitive data returned by an access to password |
-| passwords.go:129:14:129:19 | config | passwords.go:123:3:123:14 | key-value pair | passwords.go:129:14:129:19 | config | $@ flows to a logging call. | passwords.go:123:3:123:14 | key-value pair | Sensitive data returned by an access to password |
+| passwords.go:94:23:94:28 | secret | passwords.go:21:2:21:9 | SSA def(password) | passwords.go:94:23:94:28 | secret | $@ flows to a logging call. | passwords.go:21:2:21:9 | SSA def(password) | Sensitive data returned by an access to password |
+| passwords.go:104:15:104:40 | ...+... | passwords.go:21:2:21:9 | SSA def(password) | passwords.go:104:15:104:40 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | SSA def(password) | Sensitive data returned by an access to password |
+| passwords.go:110:16:110:41 | ...+... | passwords.go:21:2:21:9 | SSA def(password) | passwords.go:110:16:110:41 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | SSA def(password) | Sensitive data returned by an access to password |
+| passwords.go:115:15:115:40 | ...+... | passwords.go:21:2:21:9 | SSA def(password) | passwords.go:115:15:115:40 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | SSA def(password) | Sensitive data returned by an access to password |
+| passwords.go:119:14:119:45 | ...+... | passwords.go:118:6:118:14 | SSA def(password1) | passwords.go:119:14:119:45 | ...+... | $@ flows to a logging call. | passwords.go:118:6:118:14 | SSA def(password1) | Sensitive data returned by an access to password1 |
+| passwords.go:129:14:129:19 | config | passwords.go:21:2:21:9 | SSA def(password) | passwords.go:129:14:129:19 | config | $@ flows to a logging call. | passwords.go:21:2:21:9 | SSA def(password) | Sensitive data returned by an access to password |
 | passwords.go:129:14:129:19 | config | passwords.go:123:13:123:14 | x3 | passwords.go:129:14:129:19 | config | $@ flows to a logging call. | passwords.go:123:13:123:14 | x3 | Sensitive data returned by an access to password |
 | passwords.go:129:14:129:19 | config | passwords.go:126:13:126:25 | call to getPassword | passwords.go:129:14:129:19 | config | $@ flows to a logging call. | passwords.go:126:13:126:25 | call to getPassword | Sensitive data returned by a call to getPassword |
-| passwords.go:130:14:130:21 | selection of x | passwords.go:21:2:21:23 | SSA def(password) | passwords.go:130:14:130:21 | selection of x | $@ flows to a logging call. | passwords.go:21:2:21:23 | SSA def(password) | Sensitive data returned by an access to password |
+| passwords.go:130:14:130:21 | selection of x | passwords.go:21:2:21:9 | SSA def(password) | passwords.go:130:14:130:21 | selection of x | $@ flows to a logging call. | passwords.go:21:2:21:9 | SSA def(password) | Sensitive data returned by an access to password |
 | passwords.go:131:14:131:21 | selection of y | passwords.go:126:13:126:25 | call to getPassword | passwords.go:131:14:131:21 | selection of y | $@ flows to a logging call. | passwords.go:126:13:126:25 | call to getPassword | Sensitive data returned by a call to getPassword |
-| protobuf.go:14:14:14:35 | call to GetDescription | protobuf.go:9:2:9:23 | SSA def(password) | protobuf.go:14:14:14:35 | call to GetDescription | $@ flows to a logging call. | protobuf.go:9:2:9:23 | SSA def(password) | Sensitive data returned by an access to password |
-| server1.go:19:15:19:19 | user3 | server1.go:17:4:17:63 | key-value pair | server1.go:19:15:19:19 | user3 | $@ flows to a logging call. | server1.go:17:4:17:63 | key-value pair | Sensitive data returned by an access to password |
+| protobuf.go:14:14:14:35 | call to GetDescription | protobuf.go:9:2:9:9 | SSA def(password) | protobuf.go:14:14:14:35 | call to GetDescription | $@ flows to a logging call. | protobuf.go:9:2:9:9 | SSA def(password) | Sensitive data returned by an access to password |
 edges
-| klog.go:21:3:26:3 | extract:1 range statement | klog.go:22:27:22:33 | headers | provenance |  |
-| klog.go:21:30:21:37 | selection of Header | klog.go:21:3:26:3 | extract:1 range statement | provenance | Src:MaD:11 Config |
-| klog.go:22:4:25:4 | extract:1 range statement | klog.go:23:15:23:20 | header | provenance |  |
-| klog.go:22:27:22:33 | headers | klog.go:22:4:25:4 | extract:1 range statement | provenance | Config |
+| klog.go:21:3:26:3 | range statement[1] | klog.go:22:27:22:33 | headers | provenance |  |
+| klog.go:21:30:21:37 | selection of Header | klog.go:21:3:26:3 | range statement[1] | provenance | Src:MaD:11 Config |
+| klog.go:22:4:25:4 | range statement[1] | klog.go:23:15:23:20 | header | provenance |  |
+| klog.go:22:27:22:33 | headers | klog.go:22:4:25:4 | range statement[1] | provenance | Config |
 | klog.go:29:13:29:20 | selection of Header | klog.go:29:13:29:41 | call to Get | provenance | Src:MaD:11 Config |
-| main.go:17:2:17:23 | SSA def(password) | main.go:19:12:19:19 | password | provenance |  |
-| main.go:17:2:17:23 | SSA def(password) | main.go:20:19:20:26 | password | provenance |  |
-| main.go:17:2:17:23 | SSA def(password) | main.go:21:13:21:20 | password | provenance | Sink:MaD:6 |
-| main.go:17:2:17:23 | SSA def(password) | main.go:22:14:22:21 | password | provenance |  |
-| main.go:17:2:17:23 | SSA def(password) | main.go:24:13:24:20 | password | provenance |  |
-| main.go:17:2:17:23 | SSA def(password) | main.go:27:20:27:27 | password | provenance |  |
-| main.go:17:2:17:23 | SSA def(password) | main.go:30:14:30:21 | password | provenance | Sink:MaD:3 |
-| main.go:17:2:17:23 | SSA def(password) | main.go:33:15:33:22 | password | provenance |  |
-| main.go:17:2:17:23 | SSA def(password) | main.go:36:13:36:20 | password | provenance |  |
-| main.go:17:2:17:23 | SSA def(password) | main.go:39:20:39:27 | password | provenance |  |
-| main.go:17:2:17:23 | SSA def(password) | main.go:42:14:42:21 | password | provenance | Sink:MaD:5 |
-| main.go:17:2:17:23 | SSA def(password) | main.go:45:15:45:22 | password | provenance |  |
-| main.go:17:2:17:23 | SSA def(password) | main.go:47:16:47:23 | password | provenance | Sink:MaD:4 |
-| main.go:17:2:17:23 | SSA def(password) | main.go:51:10:51:17 | password | provenance |  |
-| main.go:17:2:17:23 | SSA def(password) | main.go:51:10:51:17 | password | provenance |  |
+| main.go:17:2:17:9 | SSA def(password) | main.go:19:12:19:19 | password | provenance |  |
+| main.go:17:2:17:9 | SSA def(password) | main.go:20:19:20:26 | password | provenance |  |
+| main.go:17:2:17:9 | SSA def(password) | main.go:21:13:21:20 | password | provenance | Sink:MaD:6 |
+| main.go:17:2:17:9 | SSA def(password) | main.go:22:14:22:21 | password | provenance |  |
+| main.go:17:2:17:9 | SSA def(password) | main.go:24:13:24:20 | password | provenance |  |
+| main.go:17:2:17:9 | SSA def(password) | main.go:27:20:27:27 | password | provenance |  |
+| main.go:17:2:17:9 | SSA def(password) | main.go:30:14:30:21 | password | provenance | Sink:MaD:3 |
+| main.go:17:2:17:9 | SSA def(password) | main.go:33:15:33:22 | password | provenance |  |
+| main.go:17:2:17:9 | SSA def(password) | main.go:36:13:36:20 | password | provenance |  |
+| main.go:17:2:17:9 | SSA def(password) | main.go:39:20:39:27 | password | provenance |  |
+| main.go:17:2:17:9 | SSA def(password) | main.go:42:14:42:21 | password | provenance | Sink:MaD:5 |
+| main.go:17:2:17:9 | SSA def(password) | main.go:45:15:45:22 | password | provenance |  |
+| main.go:17:2:17:9 | SSA def(password) | main.go:47:16:47:23 | password | provenance | Sink:MaD:4 |
+| main.go:17:2:17:9 | SSA def(password) | main.go:51:10:51:17 | password | provenance |  |
+| main.go:17:2:17:9 | SSA def(password) | main.go:51:10:51:17 | password | provenance |  |
 | main.go:51:10:51:17 | password | main.go:52:17:52:24 | password | provenance |  |
 | main.go:51:10:51:17 | password | main.go:52:17:52:24 | password | provenance |  |
 | main.go:52:17:52:24 | password | main.go:53:11:53:18 | password | provenance |  |
@@ -102,18 +97,17 @@ edges
 | main.go:86:2:86:7 | fields [postupdate] | main.go:87:29:87:34 | fields | provenance | Sink:MaD:2 |
 | main.go:86:19:86:26 | password | main.go:86:2:86:7 | fields [postupdate] | provenance | Config |
 | main.go:86:19:86:26 | password | main.go:90:35:90:42 | password | provenance | Sink:MaD:1 |
-| overrides.go:8:2:8:40 | SSA def(password) | overrides.go:9:9:9:16 | password | provenance |  |
+| overrides.go:8:2:8:9 | SSA def(password) | overrides.go:9:9:9:16 | password | provenance |  |
 | overrides.go:9:9:9:16 | password | overrides.go:13:14:13:23 | call to String | provenance |  |
-| passwords.go:8:22:10:1 | SSA def(x) | passwords.go:9:14:9:14 | x | provenance |  |
-| passwords.go:21:2:21:23 | SSA def(password) | passwords.go:25:14:25:21 | password | provenance |  |
-| passwords.go:21:2:21:23 | SSA def(password) | passwords.go:30:8:30:15 | password | provenance |  |
-| passwords.go:21:2:21:23 | SSA def(password) | passwords.go:33:13:33:20 | password | provenance |  |
-| passwords.go:21:2:21:23 | SSA def(password) | passwords.go:36:28:36:35 | password | provenance |  |
-| passwords.go:30:8:30:15 | password | passwords.go:8:22:10:1 | SSA def(x) | provenance |  |
+| passwords.go:8:12:8:12 | SSA def(x) | passwords.go:9:14:9:14 | x | provenance |  |
+| passwords.go:21:2:21:9 | SSA def(password) | passwords.go:25:14:25:21 | password | provenance |  |
+| passwords.go:21:2:21:9 | SSA def(password) | passwords.go:30:8:30:15 | password | provenance |  |
+| passwords.go:21:2:21:9 | SSA def(password) | passwords.go:33:13:33:20 | password | provenance |  |
+| passwords.go:21:2:21:9 | SSA def(password) | passwords.go:36:28:36:35 | password | provenance |  |
+| passwords.go:30:8:30:15 | password | passwords.go:8:12:8:12 | SSA def(x) | provenance |  |
 | passwords.go:36:28:36:35 | password | passwords.go:36:14:36:35 | ...+... | provenance | Config |
 | passwords.go:36:28:36:35 | password | passwords.go:44:6:44:13 | password | provenance |  |
 | passwords.go:38:10:40:2 | struct literal | passwords.go:41:14:41:17 | obj1 | provenance |  |
-| passwords.go:39:3:39:13 | key-value pair | passwords.go:38:10:40:2 | struct literal | provenance | Config |
 | passwords.go:39:13:39:13 | x | passwords.go:38:10:40:2 | struct literal | provenance | Config |
 | passwords.go:43:10:45:2 | struct literal | passwords.go:46:14:46:17 | obj2 | provenance |  |
 | passwords.go:44:6:44:13 | password | passwords.go:43:10:45:2 | struct literal | provenance | Config |
@@ -123,10 +117,8 @@ edges
 | passwords.go:50:11:50:18 | password | passwords.go:110:34:110:41 | password | provenance |  |
 | passwords.go:50:11:50:18 | password | passwords.go:115:33:115:40 | password | provenance |  |
 | passwords.go:50:11:50:18 | password | passwords.go:125:13:125:20 | password | provenance |  |
-| passwords.go:52:2:52:44 | SSA def(fixed_password) | passwords.go:53:14:53:27 | fixed_password | provenance |  |
-| passwords.go:65:25:65:43 | key-value pair | passwords.go:65:14:65:44 | struct literal | provenance | Config |
+| passwords.go:52:2:52:15 | SSA def(fixed_password) | passwords.go:53:14:53:27 | fixed_password | provenance |  |
 | passwords.go:88:19:90:2 | struct literal | passwords.go:91:14:91:26 | utilityObject | provenance |  |
-| passwords.go:89:3:89:36 | key-value pair | passwords.go:88:19:90:2 | struct literal | provenance | Config |
 | passwords.go:89:16:89:36 | call to make | passwords.go:88:19:90:2 | struct literal | provenance | Config |
 | passwords.go:104:33:104:40 | password | passwords.go:104:15:104:40 | ...+... | provenance | Config |
 | passwords.go:104:33:104:40 | password | passwords.go:110:34:110:41 | password | provenance |  |
@@ -137,13 +129,12 @@ edges
 | passwords.go:110:34:110:41 | password | passwords.go:125:13:125:20 | password | provenance |  |
 | passwords.go:115:33:115:40 | password | passwords.go:115:15:115:40 | ...+... | provenance | Config |
 | passwords.go:115:33:115:40 | password | passwords.go:125:13:125:20 | password | provenance |  |
-| passwords.go:118:6:118:50 | SSA def(password1) | passwords.go:119:28:119:36 | password1 | provenance |  |
+| passwords.go:118:6:118:14 | SSA def(password1) | passwords.go:119:28:119:36 | password1 | provenance |  |
 | passwords.go:119:28:119:36 | password1 | passwords.go:119:28:119:45 | call to String | provenance | Config |
 | passwords.go:119:28:119:45 | call to String | passwords.go:119:14:119:45 | ...+... | provenance | Config |
 | passwords.go:122:12:127:2 | struct literal | passwords.go:129:14:129:19 | config | provenance |  |
 | passwords.go:122:12:127:2 | struct literal [x] | passwords.go:130:14:130:19 | config [x] | provenance |  |
 | passwords.go:122:12:127:2 | struct literal [y] | passwords.go:131:14:131:19 | config [y] | provenance |  |
-| passwords.go:123:3:123:14 | key-value pair | passwords.go:122:12:127:2 | struct literal | provenance | Config |
 | passwords.go:123:13:123:14 | x3 | passwords.go:122:12:127:2 | struct literal | provenance | Config |
 | passwords.go:125:13:125:20 | password | passwords.go:122:12:127:2 | struct literal | provenance | Config |
 | passwords.go:125:13:125:20 | password | passwords.go:122:12:127:2 | struct literal [x] | provenance |  |
@@ -151,17 +142,15 @@ edges
 | passwords.go:126:13:126:25 | call to getPassword | passwords.go:122:12:127:2 | struct literal [y] | provenance |  |
 | passwords.go:130:14:130:19 | config [x] | passwords.go:130:14:130:21 | selection of x | provenance |  |
 | passwords.go:131:14:131:19 | config [y] | passwords.go:131:14:131:21 | selection of y | provenance |  |
-| protobuf.go:9:2:9:23 | SSA def(password) | protobuf.go:12:22:12:29 | password | provenance |  |
-| protobuf.go:12:2:12:6 | implicit-deref query [postupdate] [Description] | protobuf.go:12:2:12:6 | query [postupdate] [pointer, Description] | provenance |  |
+| protobuf.go:9:2:9:9 | SSA def(password) | protobuf.go:12:22:12:29 | password | provenance |  |
+| protobuf.go:12:2:12:6 | implicit dereference [postupdate] [Description] | protobuf.go:12:2:12:6 | query [postupdate] [pointer, Description] | provenance |  |
 | protobuf.go:12:2:12:6 | query [postupdate] [pointer, Description] | protobuf.go:14:14:14:18 | query [pointer, Description] | provenance |  |
-| protobuf.go:12:22:12:29 | password | protobuf.go:12:2:12:6 | implicit-deref query [postupdate] [Description] | provenance |  |
+| protobuf.go:12:22:12:29 | password | protobuf.go:12:2:12:6 | implicit dereference [postupdate] [Description] | provenance |  |
 | protobuf.go:14:14:14:18 | query [pointer, Description] | protobuf.go:14:14:14:35 | call to GetDescription | provenance |  |
-| protobuf.go:14:14:14:18 | query [pointer, Description] | protos/query/query.pb.go:117:41:122:1 | SSA def(x) [pointer, Description] | provenance |  |
-| protos/query/query.pb.go:117:41:122:1 | SSA def(x) [pointer, Description] | protos/query/query.pb.go:119:10:119:10 | x [pointer, Description] | provenance |  |
-| protos/query/query.pb.go:119:10:119:10 | implicit-deref x [Description] | protos/query/query.pb.go:119:10:119:22 | selection of Description | provenance |  |
-| protos/query/query.pb.go:119:10:119:10 | x [pointer, Description] | protos/query/query.pb.go:119:10:119:10 | implicit-deref x [Description] | provenance |  |
-| server1.go:16:15:18:3 | struct literal | server1.go:19:15:19:19 | user3 | provenance |  |
-| server1.go:17:4:17:63 | key-value pair | server1.go:16:15:18:3 | struct literal | provenance | Config |
+| protobuf.go:14:14:14:18 | query [pointer, Description] | protos/query/query.pb.go:117:7:117:7 | SSA def(x) [pointer, Description] | provenance |  |
+| protos/query/query.pb.go:117:7:117:7 | SSA def(x) [pointer, Description] | protos/query/query.pb.go:119:10:119:10 | x [pointer, Description] | provenance |  |
+| protos/query/query.pb.go:119:10:119:10 | implicit dereference [Description] | protos/query/query.pb.go:119:10:119:22 | selection of Description | provenance |  |
+| protos/query/query.pb.go:119:10:119:10 | x [pointer, Description] | protos/query/query.pb.go:119:10:119:10 | implicit dereference [Description] | provenance |  |
 models
 | 1 | Sink: group:logrus; ; false; WithField; ; ; Argument[0..1]; log-injection; manual |
 | 2 | Sink: group:logrus; ; false; WithFields; ; ; Argument[0]; log-injection; manual |
@@ -175,14 +164,14 @@ models
 | 10 | Sink: log; Logger; true; Printf; ; ; Argument[0..1]; log-injection; manual |
 | 11 | Source: net/http; Request; true; Header; ; ; ; remote; manual |
 nodes
-| klog.go:21:3:26:3 | extract:1 range statement | semmle.label | extract:1 range statement |
+| klog.go:21:3:26:3 | range statement[1] | semmle.label | range statement[1] |
 | klog.go:21:30:21:37 | selection of Header | semmle.label | selection of Header |
-| klog.go:22:4:25:4 | extract:1 range statement | semmle.label | extract:1 range statement |
+| klog.go:22:4:25:4 | range statement[1] | semmle.label | range statement[1] |
 | klog.go:22:27:22:33 | headers | semmle.label | headers |
 | klog.go:23:15:23:20 | header | semmle.label | header |
 | klog.go:29:13:29:20 | selection of Header | semmle.label | selection of Header |
 | klog.go:29:13:29:41 | call to Get | semmle.label | call to Get |
-| main.go:17:2:17:23 | SSA def(password) | semmle.label | SSA def(password) |
+| main.go:17:2:17:9 | SSA def(password) | semmle.label | SSA def(password) |
 | main.go:19:12:19:19 | password | semmle.label | password |
 | main.go:20:19:20:26 | password | semmle.label | password |
 | main.go:21:13:21:20 | password | semmle.label | password |
@@ -220,12 +209,12 @@ nodes
 | main.go:86:19:86:26 | password | semmle.label | password |
 | main.go:87:29:87:34 | fields | semmle.label | fields |
 | main.go:90:35:90:42 | password | semmle.label | password |
-| overrides.go:8:2:8:40 | SSA def(password) | semmle.label | SSA def(password) |
+| overrides.go:8:2:8:9 | SSA def(password) | semmle.label | SSA def(password) |
 | overrides.go:9:9:9:16 | password | semmle.label | password |
 | overrides.go:13:14:13:23 | call to String | semmle.label | call to String |
-| passwords.go:8:22:10:1 | SSA def(x) | semmle.label | SSA def(x) |
+| passwords.go:8:12:8:12 | SSA def(x) | semmle.label | SSA def(x) |
 | passwords.go:9:14:9:14 | x | semmle.label | x |
-| passwords.go:21:2:21:23 | SSA def(password) | semmle.label | SSA def(password) |
+| passwords.go:21:2:21:9 | SSA def(password) | semmle.label | SSA def(password) |
 | passwords.go:25:14:25:21 | password | semmle.label | password |
 | passwords.go:26:14:26:23 | selection of password | semmle.label | selection of password |
 | passwords.go:27:14:27:26 | call to getPassword | semmle.label | call to getPassword |
@@ -235,19 +224,15 @@ nodes
 | passwords.go:36:14:36:35 | ...+... | semmle.label | ...+... |
 | passwords.go:36:28:36:35 | password | semmle.label | password |
 | passwords.go:38:10:40:2 | struct literal | semmle.label | struct literal |
-| passwords.go:39:3:39:13 | key-value pair | semmle.label | key-value pair |
 | passwords.go:39:13:39:13 | x | semmle.label | x |
 | passwords.go:41:14:41:17 | obj1 | semmle.label | obj1 |
 | passwords.go:43:10:45:2 | struct literal | semmle.label | struct literal |
 | passwords.go:44:6:44:13 | password | semmle.label | password |
 | passwords.go:46:14:46:17 | obj2 | semmle.label | obj2 |
 | passwords.go:50:11:50:18 | password | semmle.label | password |
-| passwords.go:52:2:52:44 | SSA def(fixed_password) | semmle.label | SSA def(fixed_password) |
+| passwords.go:52:2:52:15 | SSA def(fixed_password) | semmle.label | SSA def(fixed_password) |
 | passwords.go:53:14:53:27 | fixed_password | semmle.label | fixed_password |
-| passwords.go:65:14:65:44 | struct literal | semmle.label | struct literal |
-| passwords.go:65:25:65:43 | key-value pair | semmle.label | key-value pair |
 | passwords.go:88:19:90:2 | struct literal | semmle.label | struct literal |
-| passwords.go:89:3:89:36 | key-value pair | semmle.label | key-value pair |
 | passwords.go:89:16:89:36 | call to make | semmle.label | call to make |
 | passwords.go:91:14:91:26 | utilityObject | semmle.label | utilityObject |
 | passwords.go:94:23:94:28 | secret | semmle.label | secret |
@@ -257,14 +242,13 @@ nodes
 | passwords.go:110:34:110:41 | password | semmle.label | password |
 | passwords.go:115:15:115:40 | ...+... | semmle.label | ...+... |
 | passwords.go:115:33:115:40 | password | semmle.label | password |
-| passwords.go:118:6:118:50 | SSA def(password1) | semmle.label | SSA def(password1) |
+| passwords.go:118:6:118:14 | SSA def(password1) | semmle.label | SSA def(password1) |
 | passwords.go:119:14:119:45 | ...+... | semmle.label | ...+... |
 | passwords.go:119:28:119:36 | password1 | semmle.label | password1 |
 | passwords.go:119:28:119:45 | call to String | semmle.label | call to String |
 | passwords.go:122:12:127:2 | struct literal | semmle.label | struct literal |
 | passwords.go:122:12:127:2 | struct literal [x] | semmle.label | struct literal [x] |
 | passwords.go:122:12:127:2 | struct literal [y] | semmle.label | struct literal [y] |
-| passwords.go:123:3:123:14 | key-value pair | semmle.label | key-value pair |
 | passwords.go:123:13:123:14 | x3 | semmle.label | x3 |
 | passwords.go:125:13:125:20 | password | semmle.label | password |
 | passwords.go:126:13:126:25 | call to getPassword | semmle.label | call to getPassword |
@@ -273,23 +257,15 @@ nodes
 | passwords.go:130:14:130:21 | selection of x | semmle.label | selection of x |
 | passwords.go:131:14:131:19 | config [y] | semmle.label | config [y] |
 | passwords.go:131:14:131:21 | selection of y | semmle.label | selection of y |
-| protobuf.go:9:2:9:23 | SSA def(password) | semmle.label | SSA def(password) |
-| protobuf.go:12:2:12:6 | implicit-deref query [postupdate] [Description] | semmle.label | implicit-deref query [postupdate] [Description] |
+| protobuf.go:9:2:9:9 | SSA def(password) | semmle.label | SSA def(password) |
+| protobuf.go:12:2:12:6 | implicit dereference [postupdate] [Description] | semmle.label | implicit dereference [postupdate] [Description] |
 | protobuf.go:12:2:12:6 | query [postupdate] [pointer, Description] | semmle.label | query [postupdate] [pointer, Description] |
 | protobuf.go:12:22:12:29 | password | semmle.label | password |
 | protobuf.go:14:14:14:18 | query [pointer, Description] | semmle.label | query [pointer, Description] |
 | protobuf.go:14:14:14:35 | call to GetDescription | semmle.label | call to GetDescription |
-| protos/query/query.pb.go:117:41:122:1 | SSA def(x) [pointer, Description] | semmle.label | SSA def(x) [pointer, Description] |
-| protos/query/query.pb.go:119:10:119:10 | implicit-deref x [Description] | semmle.label | implicit-deref x [Description] |
+| protos/query/query.pb.go:117:7:117:7 | SSA def(x) [pointer, Description] | semmle.label | SSA def(x) [pointer, Description] |
+| protos/query/query.pb.go:119:10:119:10 | implicit dereference [Description] | semmle.label | implicit dereference [Description] |
 | protos/query/query.pb.go:119:10:119:10 | x [pointer, Description] | semmle.label | x [pointer, Description] |
 | protos/query/query.pb.go:119:10:119:22 | selection of Description | semmle.label | selection of Description |
-| server1.go:16:15:18:3 | struct literal | semmle.label | struct literal |
-| server1.go:17:4:17:63 | key-value pair | semmle.label | key-value pair |
-| server1.go:19:15:19:19 | user3 | semmle.label | user3 |
 subpaths
-| protobuf.go:14:14:14:18 | query [pointer, Description] | protos/query/query.pb.go:117:41:122:1 | SSA def(x) [pointer, Description] | protos/query/query.pb.go:119:10:119:22 | selection of Description | protobuf.go:14:14:14:35 | call to GetDescription |
-testFailures
-| passwords.go:65:14:65:44 | struct literal | Unexpected result: Alert |
-| passwords.go:65:25:65:43 | key-value pair | Unexpected result: Alert |
-| server1.go:17:4:17:63 | key-value pair | Unexpected result: Source |
-| server1.go:19:15:19:19 | user3 | Unexpected result: Alert |
+| protobuf.go:14:14:14:18 | query [pointer, Description] | protos/query/query.pb.go:117:7:117:7 | SSA def(x) [pointer, Description] | protos/query/query.pb.go:119:10:119:22 | selection of Description | protobuf.go:14:14:14:35 | call to GetDescription |

go/ql/test/query-tests/Security/CWE-322/InsecureHostKeyCallback.expected

@@ -8,18 +8,18 @@ edges
 | InsecureHostKeyCallbackExample.go:31:14:34:4 | type conversion | InsecureHostKeyCallbackExample.go:39:20:39:27 | callback | provenance |  |
 | InsecureHostKeyCallbackExample.go:32:3:34:3 | function literal | InsecureHostKeyCallbackExample.go:31:14:34:4 | type conversion | provenance |  |
 | InsecureHostKeyCallbackExample.go:45:3:47:3 | function literal | InsecureHostKeyCallbackExample.go:52:20:52:48 | type conversion | provenance |  |
-| InsecureHostKeyCallbackExample.go:58:69:64:1 | SSA def(callback) | InsecureHostKeyCallbackExample.go:62:20:62:27 | callback | provenance |  |
-| InsecureHostKeyCallbackExample.go:68:78:80:1 | SSA def(callback) | InsecureHostKeyCallbackExample.go:78:28:78:35 | callback | provenance |  |
-| InsecureHostKeyCallbackExample.go:94:3:94:43 | extract:0 ... := ... | InsecureHostKeyCallbackExample.go:95:28:95:35 | callback | provenance |  |
+| InsecureHostKeyCallbackExample.go:58:39:58:46 | SSA def(callback) | InsecureHostKeyCallbackExample.go:62:20:62:27 | callback | provenance |  |
+| InsecureHostKeyCallbackExample.go:68:48:68:55 | SSA def(callback) | InsecureHostKeyCallbackExample.go:78:28:78:35 | callback | provenance |  |
+| InsecureHostKeyCallbackExample.go:94:3:94:43 | ... := ...[0] | InsecureHostKeyCallbackExample.go:95:28:95:35 | callback | provenance |  |
 | InsecureHostKeyCallbackExample.go:102:22:105:4 | type conversion | InsecureHostKeyCallbackExample.go:107:35:107:50 | insecureCallback | provenance |  |
 | InsecureHostKeyCallbackExample.go:103:3:105:3 | function literal | InsecureHostKeyCallbackExample.go:102:22:105:4 | type conversion | provenance |  |
-| InsecureHostKeyCallbackExample.go:107:35:107:50 | insecureCallback | InsecureHostKeyCallbackExample.go:58:69:64:1 | SSA def(callback) | provenance |  |
+| InsecureHostKeyCallbackExample.go:107:35:107:50 | insecureCallback | InsecureHostKeyCallbackExample.go:58:39:58:46 | SSA def(callback) | provenance |  |
 | InsecureHostKeyCallbackExample.go:109:31:115:4 | type conversion | InsecureHostKeyCallbackExample.go:117:35:117:59 | potentiallySecureCallback | provenance |  |
 | InsecureHostKeyCallbackExample.go:109:31:115:4 | type conversion | InsecureHostKeyCallbackExample.go:120:44:120:68 | potentiallySecureCallback | provenance |  |
 | InsecureHostKeyCallbackExample.go:110:3:115:3 | function literal | InsecureHostKeyCallbackExample.go:109:31:115:4 | type conversion | provenance |  |
-| InsecureHostKeyCallbackExample.go:117:35:117:59 | potentiallySecureCallback | InsecureHostKeyCallbackExample.go:58:69:64:1 | SSA def(callback) | provenance |  |
-| InsecureHostKeyCallbackExample.go:118:35:118:61 | call to InsecureIgnoreHostKey | InsecureHostKeyCallbackExample.go:58:69:64:1 | SSA def(callback) | provenance |  |
-| InsecureHostKeyCallbackExample.go:120:44:120:68 | potentiallySecureCallback | InsecureHostKeyCallbackExample.go:68:78:80:1 | SSA def(callback) | provenance |  |
+| InsecureHostKeyCallbackExample.go:117:35:117:59 | potentiallySecureCallback | InsecureHostKeyCallbackExample.go:58:39:58:46 | SSA def(callback) | provenance |  |
+| InsecureHostKeyCallbackExample.go:118:35:118:61 | call to InsecureIgnoreHostKey | InsecureHostKeyCallbackExample.go:58:39:58:46 | SSA def(callback) | provenance |  |
+| InsecureHostKeyCallbackExample.go:120:44:120:68 | potentiallySecureCallback | InsecureHostKeyCallbackExample.go:68:48:68:55 | SSA def(callback) | provenance |  |
 nodes
 | InsecureHostKeyCallbackExample.go:15:20:18:5 | type conversion | semmle.label | type conversion |
 | InsecureHostKeyCallbackExample.go:16:4:18:4 | function literal | semmle.label | function literal |
@@ -29,13 +29,13 @@ nodes
 | InsecureHostKeyCallbackExample.go:39:20:39:27 | callback | semmle.label | callback |
 | InsecureHostKeyCallbackExample.go:45:3:47:3 | function literal | semmle.label | function literal |
 | InsecureHostKeyCallbackExample.go:52:20:52:48 | type conversion | semmle.label | type conversion |
-| InsecureHostKeyCallbackExample.go:58:69:64:1 | SSA def(callback) | semmle.label | SSA def(callback) |
+| InsecureHostKeyCallbackExample.go:58:39:58:46 | SSA def(callback) | semmle.label | SSA def(callback) |
 | InsecureHostKeyCallbackExample.go:62:20:62:27 | callback | semmle.label | callback |
-| InsecureHostKeyCallbackExample.go:68:78:80:1 | SSA def(callback) | semmle.label | SSA def(callback) |
+| InsecureHostKeyCallbackExample.go:68:48:68:55 | SSA def(callback) | semmle.label | SSA def(callback) |
 | InsecureHostKeyCallbackExample.go:76:28:76:54 | call to InsecureIgnoreHostKey | semmle.label | call to InsecureIgnoreHostKey |
 | InsecureHostKeyCallbackExample.go:78:28:78:35 | callback | semmle.label | callback |
 | InsecureHostKeyCallbackExample.go:92:28:92:54 | call to InsecureIgnoreHostKey | semmle.label | call to InsecureIgnoreHostKey |
-| InsecureHostKeyCallbackExample.go:94:3:94:43 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
+| InsecureHostKeyCallbackExample.go:94:3:94:43 | ... := ...[0] | semmle.label | ... := ...[0] |
 | InsecureHostKeyCallbackExample.go:95:28:95:35 | callback | semmle.label | callback |
 | InsecureHostKeyCallbackExample.go:102:22:105:4 | type conversion | semmle.label | type conversion |
 | InsecureHostKeyCallbackExample.go:103:3:105:3 | function literal | semmle.label | function literal |

go/ql/test/query-tests/Security/CWE-326/InsufficientKeySize.expected

@@ -1,14 +1,7 @@
-#select
-| InsufficientKeySize.go:9:31:9:34 | 1024 | InsufficientKeySize.go:9:31:9:34 | 1024 | InsufficientKeySize.go:9:31:9:34 | 1024 | The size of this RSA key should be at least 2048 bits. |
-| InsufficientKeySize.go:14:31:14:34 | size | InsufficientKeySize.go:13:10:13:13 | 1024 | InsufficientKeySize.go:14:31:14:34 | size | The size of this RSA key should be at least 2048 bits. |
-| InsufficientKeySize.go:26:31:26:34 | size | InsufficientKeySize.go:18:7:18:10 | 1024 | InsufficientKeySize.go:26:31:26:34 | size | The size of this RSA key should be at least 2048 bits. |
-| InsufficientKeySize.go:32:32:32:38 | keyBits | InsufficientKeySize.go:30:13:30:16 | 1024 | InsufficientKeySize.go:32:32:32:38 | keyBits | The size of this RSA key should be at least 2048 bits. |
-| InsufficientKeySize.go:47:32:47:38 | keyBits | InsufficientKeySize.go:44:13:44:16 | 1024 | InsufficientKeySize.go:47:32:47:38 | keyBits | The size of this RSA key should be at least 2048 bits. |
-| InsufficientKeySize.go:67:31:67:37 | keyBits | InsufficientKeySize.go:61:21:61:24 | 1024 | InsufficientKeySize.go:67:31:67:37 | keyBits | The size of this RSA key should be at least 2048 bits. |
 edges
 | InsufficientKeySize.go:13:10:13:13 | 1024 | InsufficientKeySize.go:14:31:14:34 | size | provenance |  |
-| InsufficientKeySize.go:18:7:18:10 | 1024 | InsufficientKeySize.go:25:21:27:1 | SSA def(size) | provenance |  |
-| InsufficientKeySize.go:25:21:27:1 | SSA def(size) | InsufficientKeySize.go:26:31:26:34 | size | provenance |  |
+| InsufficientKeySize.go:18:7:18:10 | 1024 | InsufficientKeySize.go:25:11:25:14 | SSA def(size) | provenance |  |
+| InsufficientKeySize.go:25:11:25:14 | SSA def(size) | InsufficientKeySize.go:26:31:26:34 | size | provenance |  |
 | InsufficientKeySize.go:30:13:30:16 | 1024 | InsufficientKeySize.go:32:32:32:38 | keyBits | provenance |  |
 | InsufficientKeySize.go:44:13:44:16 | 1024 | InsufficientKeySize.go:47:32:47:38 | keyBits | provenance |  |
 | InsufficientKeySize.go:61:21:61:24 | 1024 | InsufficientKeySize.go:67:31:67:37 | keyBits | provenance |  |
@@ -17,7 +10,7 @@ nodes
 | InsufficientKeySize.go:13:10:13:13 | 1024 | semmle.label | 1024 |
 | InsufficientKeySize.go:14:31:14:34 | size | semmle.label | size |
 | InsufficientKeySize.go:18:7:18:10 | 1024 | semmle.label | 1024 |
-| InsufficientKeySize.go:25:21:27:1 | SSA def(size) | semmle.label | SSA def(size) |
+| InsufficientKeySize.go:25:11:25:14 | SSA def(size) | semmle.label | SSA def(size) |
 | InsufficientKeySize.go:26:31:26:34 | size | semmle.label | size |
 | InsufficientKeySize.go:30:13:30:16 | 1024 | semmle.label | 1024 |
 | InsufficientKeySize.go:32:32:32:38 | keyBits | semmle.label | keyBits |
@@ -26,3 +19,10 @@ nodes
 | InsufficientKeySize.go:61:21:61:24 | 1024 | semmle.label | 1024 |
 | InsufficientKeySize.go:67:31:67:37 | keyBits | semmle.label | keyBits |
 subpaths
+#select
+| InsufficientKeySize.go:9:31:9:34 | 1024 | InsufficientKeySize.go:9:31:9:34 | 1024 | InsufficientKeySize.go:9:31:9:34 | 1024 | The size of this RSA key should be at least 2048 bits. |
+| InsufficientKeySize.go:14:31:14:34 | size | InsufficientKeySize.go:13:10:13:13 | 1024 | InsufficientKeySize.go:14:31:14:34 | size | The size of this RSA key should be at least 2048 bits. |
+| InsufficientKeySize.go:26:31:26:34 | size | InsufficientKeySize.go:18:7:18:10 | 1024 | InsufficientKeySize.go:26:31:26:34 | size | The size of this RSA key should be at least 2048 bits. |
+| InsufficientKeySize.go:32:32:32:38 | keyBits | InsufficientKeySize.go:30:13:30:16 | 1024 | InsufficientKeySize.go:32:32:32:38 | keyBits | The size of this RSA key should be at least 2048 bits. |
+| InsufficientKeySize.go:47:32:47:38 | keyBits | InsufficientKeySize.go:44:13:44:16 | 1024 | InsufficientKeySize.go:47:32:47:38 | keyBits | The size of this RSA key should be at least 2048 bits. |
+| InsufficientKeySize.go:67:31:67:37 | keyBits | InsufficientKeySize.go:61:21:61:24 | 1024 | InsufficientKeySize.go:67:31:67:37 | keyBits | The size of this RSA key should be at least 2048 bits. |

go/ql/test/query-tests/Security/CWE-327/BrokenCryptoAlgorithm.expected

@@ -1,29 +1,29 @@
-| encryption.go:30:2:30:36 | call to Encrypt | $@ is broken or weak, and should not be used. | encryption.go:28:2:28:31 | extract:0 ... := ... | The cryptographic algorithm DES |
-| encryption.go:34:2:34:42 | call to Seal | $@ is broken or weak, and should not be used. | encryption.go:28:2:28:31 | extract:0 ... := ... | The cryptographic algorithm DES |
-| encryption.go:38:2:38:42 | call to Seal | $@ is broken or weak, and should not be used. | encryption.go:28:2:28:31 | extract:0 ... := ... | The cryptographic algorithm DES |
-| encryption.go:42:2:42:42 | call to Seal | $@ is broken or weak, and should not be used. | encryption.go:28:2:28:31 | extract:0 ... := ... | The cryptographic algorithm DES |
-| encryption.go:46:2:46:42 | call to Seal | $@ is broken or weak, and should not be used. | encryption.go:28:2:28:31 | extract:0 ... := ... | The cryptographic algorithm DES |
-| encryption.go:50:2:50:47 | call to CryptBlocks | $@ is broken or weak, and should not be used. | encryption.go:28:2:28:31 | extract:0 ... := ... | The cryptographic algorithm DES |
-| encryption.go:54:2:54:45 | call to XORKeyStream | $@ is broken or weak, and should not be used. | encryption.go:28:2:28:31 | extract:0 ... := ... | The cryptographic algorithm DES |
-| encryption.go:56:22:56:91 | struct literal | $@ is broken or weak, and should not be used. | encryption.go:28:2:28:31 | extract:0 ... := ... | The cryptographic algorithm DES |
-| encryption.go:59:21:59:68 | &... [postupdate] | $@ is broken or weak, and should not be used. | encryption.go:28:2:28:31 | extract:0 ... := ... | The cryptographic algorithm DES |
-| encryption.go:59:22:59:68 | struct literal | $@ is broken or weak, and should not be used. | encryption.go:28:2:28:31 | extract:0 ... := ... | The cryptographic algorithm DES |
-| encryption.go:59:22:59:68 | struct literal [postupdate] | $@ is broken or weak, and should not be used. | encryption.go:28:2:28:31 | extract:0 ... := ... | The cryptographic algorithm DES |
-| encryption.go:60:10:60:24 | ctrStreamWriter [postupdate] | $@ is broken or weak, and should not be used. | encryption.go:28:2:28:31 | extract:0 ... := ... | The cryptographic algorithm DES |
-| encryption.go:65:2:65:45 | call to XORKeyStream | $@ is broken or weak, and should not be used. | encryption.go:28:2:28:31 | extract:0 ... := ... | The cryptographic algorithm DES |
-| encryption.go:69:2:69:45 | call to XORKeyStream | $@ is broken or weak, and should not be used. | encryption.go:28:2:28:31 | extract:0 ... := ... | The cryptographic algorithm DES |
-| encryption.go:76:2:76:32 | call to Encrypt | $@ is broken or weak, and should not be used. | encryption.go:74:2:74:40 | extract:0 ... := ... | The cryptographic algorithm TRIPLEDES |
-| encryption.go:80:2:80:38 | call to Seal | $@ is broken or weak, and should not be used. | encryption.go:74:2:74:40 | extract:0 ... := ... | The cryptographic algorithm TRIPLEDES |
-| encryption.go:84:2:84:38 | call to Seal | $@ is broken or weak, and should not be used. | encryption.go:74:2:74:40 | extract:0 ... := ... | The cryptographic algorithm TRIPLEDES |
-| encryption.go:88:2:88:42 | call to Seal | $@ is broken or weak, and should not be used. | encryption.go:74:2:74:40 | extract:0 ... := ... | The cryptographic algorithm TRIPLEDES |
-| encryption.go:92:2:92:42 | call to Seal | $@ is broken or weak, and should not be used. | encryption.go:74:2:74:40 | extract:0 ... := ... | The cryptographic algorithm TRIPLEDES |
-| encryption.go:96:2:96:43 | call to CryptBlocks | $@ is broken or weak, and should not be used. | encryption.go:74:2:74:40 | extract:0 ... := ... | The cryptographic algorithm TRIPLEDES |
-| encryption.go:100:2:100:41 | call to XORKeyStream | $@ is broken or weak, and should not be used. | encryption.go:74:2:74:40 | extract:0 ... := ... | The cryptographic algorithm TRIPLEDES |
-| encryption.go:102:22:102:87 | struct literal | $@ is broken or weak, and should not be used. | encryption.go:74:2:74:40 | extract:0 ... := ... | The cryptographic algorithm TRIPLEDES |
-| encryption.go:105:21:105:68 | &... [postupdate] | $@ is broken or weak, and should not be used. | encryption.go:74:2:74:40 | extract:0 ... := ... | The cryptographic algorithm TRIPLEDES |
-| encryption.go:105:22:105:68 | struct literal | $@ is broken or weak, and should not be used. | encryption.go:74:2:74:40 | extract:0 ... := ... | The cryptographic algorithm TRIPLEDES |
-| encryption.go:105:22:105:68 | struct literal [postupdate] | $@ is broken or weak, and should not be used. | encryption.go:74:2:74:40 | extract:0 ... := ... | The cryptographic algorithm TRIPLEDES |
-| encryption.go:106:10:106:24 | ctrStreamWriter [postupdate] | $@ is broken or weak, and should not be used. | encryption.go:74:2:74:40 | extract:0 ... := ... | The cryptographic algorithm TRIPLEDES |
-| encryption.go:111:2:111:45 | call to XORKeyStream | $@ is broken or weak, and should not be used. | encryption.go:74:2:74:40 | extract:0 ... := ... | The cryptographic algorithm TRIPLEDES |
-| encryption.go:115:2:115:45 | call to XORKeyStream | $@ is broken or weak, and should not be used. | encryption.go:74:2:74:40 | extract:0 ... := ... | The cryptographic algorithm TRIPLEDES |
+| encryption.go:30:2:30:36 | call to Encrypt | $@ is broken or weak, and should not be used. | encryption.go:28:2:28:31 | ... := ...[0] | The cryptographic algorithm DES |
+| encryption.go:34:2:34:42 | call to Seal | $@ is broken or weak, and should not be used. | encryption.go:28:2:28:31 | ... := ...[0] | The cryptographic algorithm DES |
+| encryption.go:38:2:38:42 | call to Seal | $@ is broken or weak, and should not be used. | encryption.go:28:2:28:31 | ... := ...[0] | The cryptographic algorithm DES |
+| encryption.go:42:2:42:42 | call to Seal | $@ is broken or weak, and should not be used. | encryption.go:28:2:28:31 | ... := ...[0] | The cryptographic algorithm DES |
+| encryption.go:46:2:46:42 | call to Seal | $@ is broken or weak, and should not be used. | encryption.go:28:2:28:31 | ... := ...[0] | The cryptographic algorithm DES |
+| encryption.go:50:2:50:47 | call to CryptBlocks | $@ is broken or weak, and should not be used. | encryption.go:28:2:28:31 | ... := ...[0] | The cryptographic algorithm DES |
+| encryption.go:54:2:54:45 | call to XORKeyStream | $@ is broken or weak, and should not be used. | encryption.go:28:2:28:31 | ... := ...[0] | The cryptographic algorithm DES |
+| encryption.go:56:22:56:91 | struct literal | $@ is broken or weak, and should not be used. | encryption.go:28:2:28:31 | ... := ...[0] | The cryptographic algorithm DES |
+| encryption.go:59:21:59:68 | &... [postupdate] | $@ is broken or weak, and should not be used. | encryption.go:28:2:28:31 | ... := ...[0] | The cryptographic algorithm DES |
+| encryption.go:59:22:59:68 | struct literal | $@ is broken or weak, and should not be used. | encryption.go:28:2:28:31 | ... := ...[0] | The cryptographic algorithm DES |
+| encryption.go:59:22:59:68 | struct literal [postupdate] | $@ is broken or weak, and should not be used. | encryption.go:28:2:28:31 | ... := ...[0] | The cryptographic algorithm DES |
+| encryption.go:60:10:60:24 | ctrStreamWriter [postupdate] | $@ is broken or weak, and should not be used. | encryption.go:28:2:28:31 | ... := ...[0] | The cryptographic algorithm DES |
+| encryption.go:65:2:65:45 | call to XORKeyStream | $@ is broken or weak, and should not be used. | encryption.go:28:2:28:31 | ... := ...[0] | The cryptographic algorithm DES |
+| encryption.go:69:2:69:45 | call to XORKeyStream | $@ is broken or weak, and should not be used. | encryption.go:28:2:28:31 | ... := ...[0] | The cryptographic algorithm DES |
+| encryption.go:76:2:76:32 | call to Encrypt | $@ is broken or weak, and should not be used. | encryption.go:74:2:74:40 | ... := ...[0] | The cryptographic algorithm TRIPLEDES |
+| encryption.go:80:2:80:38 | call to Seal | $@ is broken or weak, and should not be used. | encryption.go:74:2:74:40 | ... := ...[0] | The cryptographic algorithm TRIPLEDES |
+| encryption.go:84:2:84:38 | call to Seal | $@ is broken or weak, and should not be used. | encryption.go:74:2:74:40 | ... := ...[0] | The cryptographic algorithm TRIPLEDES |
+| encryption.go:88:2:88:42 | call to Seal | $@ is broken or weak, and should not be used. | encryption.go:74:2:74:40 | ... := ...[0] | The cryptographic algorithm TRIPLEDES |
+| encryption.go:92:2:92:42 | call to Seal | $@ is broken or weak, and should not be used. | encryption.go:74:2:74:40 | ... := ...[0] | The cryptographic algorithm TRIPLEDES |
+| encryption.go:96:2:96:43 | call to CryptBlocks | $@ is broken or weak, and should not be used. | encryption.go:74:2:74:40 | ... := ...[0] | The cryptographic algorithm TRIPLEDES |
+| encryption.go:100:2:100:41 | call to XORKeyStream | $@ is broken or weak, and should not be used. | encryption.go:74:2:74:40 | ... := ...[0] | The cryptographic algorithm TRIPLEDES |
+| encryption.go:102:22:102:87 | struct literal | $@ is broken or weak, and should not be used. | encryption.go:74:2:74:40 | ... := ...[0] | The cryptographic algorithm TRIPLEDES |
+| encryption.go:105:21:105:68 | &... [postupdate] | $@ is broken or weak, and should not be used. | encryption.go:74:2:74:40 | ... := ...[0] | The cryptographic algorithm TRIPLEDES |
+| encryption.go:105:22:105:68 | struct literal | $@ is broken or weak, and should not be used. | encryption.go:74:2:74:40 | ... := ...[0] | The cryptographic algorithm TRIPLEDES |
+| encryption.go:105:22:105:68 | struct literal [postupdate] | $@ is broken or weak, and should not be used. | encryption.go:74:2:74:40 | ... := ...[0] | The cryptographic algorithm TRIPLEDES |
+| encryption.go:106:10:106:24 | ctrStreamWriter [postupdate] | $@ is broken or weak, and should not be used. | encryption.go:74:2:74:40 | ... := ...[0] | The cryptographic algorithm TRIPLEDES |
+| encryption.go:111:2:111:45 | call to XORKeyStream | $@ is broken or weak, and should not be used. | encryption.go:74:2:74:40 | ... := ...[0] | The cryptographic algorithm TRIPLEDES |
+| encryption.go:115:2:115:45 | call to XORKeyStream | $@ is broken or weak, and should not be used. | encryption.go:74:2:74:40 | ... := ...[0] | The cryptographic algorithm TRIPLEDES |
 | encryption.go:166:2:166:33 | call to XORKeyStream | $@ is broken or weak, and should not be used. | encryption.go:166:2:166:33 | call to XORKeyStream | The cryptographic algorithm RC4 |

go/ql/test/query-tests/Security/CWE-347/MissingJwtSignatureCheck.expected

@@ -5,15 +5,15 @@ edges
 | go-jose.v3.go:25:16:25:20 | selection of URL | go-jose.v3.go:25:16:25:28 | call to Query | provenance | Src:MaD:3 MaD:5 |
 | go-jose.v3.go:25:16:25:28 | call to Query | go-jose.v3.go:25:16:25:47 | call to Get | provenance | MaD:6 |
 | go-jose.v3.go:25:16:25:47 | call to Get | go-jose.v3.go:26:15:26:25 | signedToken | provenance |  |
-| go-jose.v3.go:26:15:26:25 | signedToken | go-jose.v3.go:29:39:37:1 | SSA def(signedToken) | provenance |  |
-| go-jose.v3.go:29:39:37:1 | SSA def(signedToken) | go-jose.v3.go:31:37:31:47 | signedToken | provenance |  |
-| go-jose.v3.go:31:2:31:48 | extract:0 ... := ... | go-jose.v3.go:33:12:33:23 | DecodedToken | provenance | Sink:MaD:2 |
-| go-jose.v3.go:31:37:31:47 | signedToken | go-jose.v3.go:31:2:31:48 | extract:0 ... := ... | provenance | MaD:4 |
+| go-jose.v3.go:26:15:26:25 | signedToken | go-jose.v3.go:29:19:29:29 | SSA def(signedToken) | provenance |  |
+| go-jose.v3.go:29:19:29:29 | SSA def(signedToken) | go-jose.v3.go:31:37:31:47 | signedToken | provenance |  |
+| go-jose.v3.go:31:2:31:48 | ... := ...[0] | go-jose.v3.go:33:12:33:23 | DecodedToken | provenance | Sink:MaD:2 |
+| go-jose.v3.go:31:37:31:47 | signedToken | go-jose.v3.go:31:2:31:48 | ... := ...[0] | provenance | MaD:4 |
 | golang-jwt-v5.go:28:16:28:20 | selection of URL | golang-jwt-v5.go:28:16:28:28 | call to Query | provenance | Src:MaD:3 MaD:5 |
 | golang-jwt-v5.go:28:16:28:28 | call to Query | golang-jwt-v5.go:28:16:28:47 | call to Get | provenance | MaD:6 |
 | golang-jwt-v5.go:28:16:28:47 | call to Get | golang-jwt-v5.go:29:25:29:35 | signedToken | provenance |  |
-| golang-jwt-v5.go:29:25:29:35 | signedToken | golang-jwt-v5.go:32:49:40:1 | SSA def(signedToken) | provenance |  |
-| golang-jwt-v5.go:32:49:40:1 | SSA def(signedToken) | golang-jwt-v5.go:34:58:34:68 | signedToken | provenance | Sink:MaD:1 |
+| golang-jwt-v5.go:29:25:29:35 | signedToken | golang-jwt-v5.go:32:29:32:39 | SSA def(signedToken) | provenance |  |
+| golang-jwt-v5.go:32:29:32:39 | SSA def(signedToken) | golang-jwt-v5.go:34:58:34:68 | signedToken | provenance | Sink:MaD:1 |
 models
 | 1 | Sink: github.com/golang-jwt/jwt; Parser; true; ParseUnverified; ; ; Argument[0]; jwt; manual |
 | 2 | Sink: group:go-jose/jwt; JSONWebToken; true; UnsafeClaimsWithoutVerification; ; ; Argument[receiver]; jwt; manual |
@@ -26,14 +26,14 @@ nodes
 | go-jose.v3.go:25:16:25:28 | call to Query | semmle.label | call to Query |
 | go-jose.v3.go:25:16:25:47 | call to Get | semmle.label | call to Get |
 | go-jose.v3.go:26:15:26:25 | signedToken | semmle.label | signedToken |
-| go-jose.v3.go:29:39:37:1 | SSA def(signedToken) | semmle.label | SSA def(signedToken) |
-| go-jose.v3.go:31:2:31:48 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
+| go-jose.v3.go:29:19:29:29 | SSA def(signedToken) | semmle.label | SSA def(signedToken) |
+| go-jose.v3.go:31:2:31:48 | ... := ...[0] | semmle.label | ... := ...[0] |
 | go-jose.v3.go:31:37:31:47 | signedToken | semmle.label | signedToken |
 | go-jose.v3.go:33:12:33:23 | DecodedToken | semmle.label | DecodedToken |
 | golang-jwt-v5.go:28:16:28:20 | selection of URL | semmle.label | selection of URL |
 | golang-jwt-v5.go:28:16:28:28 | call to Query | semmle.label | call to Query |
 | golang-jwt-v5.go:28:16:28:47 | call to Get | semmle.label | call to Get |
 | golang-jwt-v5.go:29:25:29:35 | signedToken | semmle.label | signedToken |
-| golang-jwt-v5.go:32:49:40:1 | SSA def(signedToken) | semmle.label | SSA def(signedToken) |
+| golang-jwt-v5.go:32:29:32:39 | SSA def(signedToken) | semmle.label | SSA def(signedToken) |
 | golang-jwt-v5.go:34:58:34:68 | signedToken | semmle.label | signedToken |
 subpaths

go/ql/test/query-tests/Security/CWE-601/BadRedirectCheck/BadRedirectCheck.expected

@@ -1,76 +1,63 @@
 #select
-| BadRedirectCheck.go:4:23:4:37 | ...==... | BadRedirectCheck.go:3:39:8:1 | arg:0 block statement | main.go:11:25:11:45 | call to sanitizeUrl | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | BadRedirectCheck.go:3:39:8:1 | arg:0 block statement | this value | main.go:11:25:11:45 | call to sanitizeUrl | redirect |
-| BadRedirectCheck.go:4:23:4:37 | ...==... | main.go:10:78:12:1 | arg:0 block statement | main.go:11:25:11:45 | call to sanitizeUrl | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | main.go:10:78:12:1 | arg:0 block statement | this value | main.go:11:25:11:45 | call to sanitizeUrl | redirect |
-| cves.go:11:26:11:38 | ...==... | cves.go:14:78:18:1 | arg:0 block statement | cves.go:16:26:16:28 | url | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | cves.go:14:78:18:1 | arg:0 block statement | this value | cves.go:16:26:16:28 | url | redirect |
+| BadRedirectCheck.go:4:23:4:37 | ...==... | BadRedirectCheck.go:3:18:3:22 | argument corresponding to redir | main.go:11:25:11:45 | call to sanitizeUrl | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | BadRedirectCheck.go:3:18:3:22 | argument corresponding to redir | this value | main.go:11:25:11:45 | call to sanitizeUrl | redirect |
+| BadRedirectCheck.go:4:23:4:37 | ...==... | main.go:10:18:10:25 | argument corresponding to redirect | main.go:11:25:11:45 | call to sanitizeUrl | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | main.go:10:18:10:25 | argument corresponding to redirect | this value | main.go:11:25:11:45 | call to sanitizeUrl | redirect |
+| cves.go:11:26:11:38 | ...==... | cves.go:14:23:14:25 | argument corresponding to url | cves.go:16:26:16:28 | url | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | cves.go:14:23:14:25 | argument corresponding to url | this value | cves.go:16:26:16:28 | url | redirect |
 | cves.go:34:6:34:37 | call to HasPrefix | cves.go:33:14:33:34 | call to Get | cves.go:37:25:37:32 | redirect | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | cves.go:33:14:33:34 | call to Get | this value | cves.go:37:25:37:32 | redirect | redirect |
 | cves.go:42:6:42:37 | call to HasPrefix | cves.go:41:14:41:34 | call to Get | cves.go:45:25:45:32 | redirect | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | cves.go:41:14:41:34 | call to Get | this value | cves.go:45:25:45:32 | redirect | redirect |
-| main.go:25:7:25:38 | call to HasPrefix | main.go:32:79:36:1 | arg:0 block statement | main.go:34:26:34:28 | url | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | main.go:32:79:36:1 | arg:0 block statement | this value | main.go:34:26:34:28 | url | redirect |
-| main.go:69:5:69:22 | ...!=... | main.go:68:41:74:1 | arg:0 block statement | main.go:77:25:77:39 | call to getTarget1 | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | main.go:68:41:74:1 | arg:0 block statement | this value | main.go:77:25:77:39 | call to getTarget1 | redirect |
-| main.go:69:5:69:22 | ...!=... | main.go:76:74:78:1 | arg:0 block statement | main.go:77:25:77:39 | call to getTarget1 | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | main.go:76:74:78:1 | arg:0 block statement | this value | main.go:77:25:77:39 | call to getTarget1 | redirect |
+| main.go:25:7:25:38 | call to HasPrefix | main.go:32:24:32:26 | argument corresponding to url | main.go:34:26:34:28 | url | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | main.go:32:24:32:26 | argument corresponding to url | this value | main.go:34:26:34:28 | url | redirect |
+| main.go:69:5:69:22 | ...!=... | main.go:68:17:68:24 | argument corresponding to redirect | main.go:77:25:77:39 | call to getTarget1 | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | main.go:68:17:68:24 | argument corresponding to redirect | this value | main.go:77:25:77:39 | call to getTarget1 | redirect |
+| main.go:69:5:69:22 | ...!=... | main.go:76:19:76:21 | argument corresponding to url | main.go:77:25:77:39 | call to getTarget1 | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | main.go:76:19:76:21 | argument corresponding to url | this value | main.go:77:25:77:39 | call to getTarget1 | redirect |
 | main.go:83:5:83:20 | ...!=... | main.go:87:9:87:14 | selection of Path | main.go:91:25:91:39 | call to getTarget2 | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | main.go:87:9:87:14 | selection of Path | this value | main.go:91:25:91:39 | call to getTarget2 | redirect |
 edges
-| BadRedirectCheck.go:3:39:8:1 | SSA def(redir) | BadRedirectCheck.go:5:10:5:14 | redir | provenance |  |
-| BadRedirectCheck.go:3:39:8:1 | arg:0 block statement | BadRedirectCheck.go:5:10:5:14 | redir | provenance |  |
+| BadRedirectCheck.go:3:18:3:22 | SSA def(redir) | BadRedirectCheck.go:5:10:5:14 | redir | provenance |  |
+| BadRedirectCheck.go:3:18:3:22 | argument corresponding to redir | BadRedirectCheck.go:5:10:5:14 | redir | provenance |  |
 | BadRedirectCheck.go:5:10:5:14 | redir | main.go:11:25:11:45 | call to sanitizeUrl | provenance | Sink:MaD:1 |
-| cves.go:14:78:18:1 | arg:0 block statement | cves.go:16:26:16:28 | url | provenance | Sink:MaD:1 |
+| cves.go:14:23:14:25 | argument corresponding to url | cves.go:16:26:16:28 | url | provenance | Sink:MaD:1 |
 | cves.go:33:14:33:34 | call to Get | cves.go:37:25:37:32 | redirect | provenance | Sink:MaD:1 |
 | cves.go:41:14:41:34 | call to Get | cves.go:45:25:45:32 | redirect | provenance | Sink:MaD:1 |
-| main.go:10:78:12:1 | arg:0 block statement | main.go:11:37:11:44 | redirect | provenance |  |
-| main.go:11:37:11:44 | redirect | BadRedirectCheck.go:3:39:8:1 | SSA def(redir) | provenance |  |
+| main.go:10:18:10:25 | argument corresponding to redirect | main.go:11:37:11:44 | redirect | provenance |  |
+| main.go:11:37:11:44 | redirect | BadRedirectCheck.go:3:18:3:22 | SSA def(redir) | provenance |  |
 | main.go:11:37:11:44 | redirect | main.go:11:25:11:45 | call to sanitizeUrl | provenance | Sink:MaD:1 |
-| main.go:32:79:36:1 | arg:0 block statement | main.go:34:26:34:28 | url | provenance | Sink:MaD:1 |
-| main.go:68:41:74:1 | SSA def(redirect) | main.go:73:20:73:27 | redirect | provenance |  |
-| main.go:68:41:74:1 | arg:0 block statement | main.go:73:20:73:27 | redirect | provenance |  |
+| main.go:32:24:32:26 | argument corresponding to url | main.go:34:26:34:28 | url | provenance | Sink:MaD:1 |
+| main.go:68:17:68:24 | SSA def(redirect) | main.go:73:20:73:27 | redirect | provenance |  |
+| main.go:68:17:68:24 | argument corresponding to redirect | main.go:73:20:73:27 | redirect | provenance |  |
 | main.go:73:9:73:28 | call to Clean | main.go:77:25:77:39 | call to getTarget1 | provenance | Sink:MaD:1 |
 | main.go:73:20:73:27 | redirect | main.go:73:9:73:28 | call to Clean | provenance | MaD:2 |
 | main.go:73:20:73:27 | redirect | main.go:73:9:73:28 | call to Clean | provenance | MaD:2 |
-| main.go:76:74:78:1 | arg:0 block statement | main.go:77:36:77:38 | url | provenance |  |
-| main.go:77:36:77:38 | url | main.go:68:41:74:1 | SSA def(redirect) | provenance |  |
+| main.go:76:19:76:21 | argument corresponding to url | main.go:77:36:77:38 | url | provenance |  |
+| main.go:77:36:77:38 | url | main.go:68:17:68:24 | SSA def(redirect) | provenance |  |
 | main.go:77:36:77:38 | url | main.go:77:25:77:39 | call to getTarget1 | provenance | MaD:2 Sink:MaD:1 |
 | main.go:87:9:87:14 | selection of Path | main.go:91:25:91:39 | call to getTarget2 | provenance | Sink:MaD:1 |
 models
 | 1 | Sink: net/http; ; false; Redirect; ; ; Argument[2]; url-redirection[0]; manual |
 | 2 | Summary: path; ; false; Clean; ; ; Argument[0]; ReturnValue; taint; manual |
 nodes
-| BadRedirectCheck.go:3:39:8:1 | SSA def(redir) | semmle.label | SSA def(redir) |
-| BadRedirectCheck.go:3:39:8:1 | arg:0 block statement | semmle.label | arg:0 block statement |
+| BadRedirectCheck.go:3:18:3:22 | SSA def(redir) | semmle.label | SSA def(redir) |
+| BadRedirectCheck.go:3:18:3:22 | argument corresponding to redir | semmle.label | argument corresponding to redir |
 | BadRedirectCheck.go:5:10:5:14 | redir | semmle.label | redir |
 | BadRedirectCheck.go:5:10:5:14 | redir | semmle.label | redir |
-| cves.go:14:78:18:1 | arg:0 block statement | semmle.label | arg:0 block statement |
+| cves.go:14:23:14:25 | argument corresponding to url | semmle.label | argument corresponding to url |
 | cves.go:16:26:16:28 | url | semmle.label | url |
 | cves.go:33:14:33:34 | call to Get | semmle.label | call to Get |
 | cves.go:37:25:37:32 | redirect | semmle.label | redirect |
 | cves.go:41:14:41:34 | call to Get | semmle.label | call to Get |
 | cves.go:45:25:45:32 | redirect | semmle.label | redirect |
-| main.go:10:78:12:1 | arg:0 block statement | semmle.label | arg:0 block statement |
+| main.go:10:18:10:25 | argument corresponding to redirect | semmle.label | argument corresponding to redirect |
 | main.go:11:25:11:45 | call to sanitizeUrl | semmle.label | call to sanitizeUrl |
 | main.go:11:37:11:44 | redirect | semmle.label | redirect |
-| main.go:32:79:36:1 | arg:0 block statement | semmle.label | arg:0 block statement |
+| main.go:32:24:32:26 | argument corresponding to url | semmle.label | argument corresponding to url |
 | main.go:34:26:34:28 | url | semmle.label | url |
-| main.go:68:41:74:1 | SSA def(redirect) | semmle.label | SSA def(redirect) |
-| main.go:68:41:74:1 | arg:0 block statement | semmle.label | arg:0 block statement |
+| main.go:68:17:68:24 | SSA def(redirect) | semmle.label | SSA def(redirect) |
+| main.go:68:17:68:24 | argument corresponding to redirect | semmle.label | argument corresponding to redirect |
 | main.go:73:9:73:28 | call to Clean | semmle.label | call to Clean |
 | main.go:73:9:73:28 | call to Clean | semmle.label | call to Clean |
 | main.go:73:20:73:27 | redirect | semmle.label | redirect |
 | main.go:73:20:73:27 | redirect | semmle.label | redirect |
-| main.go:76:74:78:1 | arg:0 block statement | semmle.label | arg:0 block statement |
+| main.go:76:19:76:21 | argument corresponding to url | semmle.label | argument corresponding to url |
 | main.go:77:25:77:39 | call to getTarget1 | semmle.label | call to getTarget1 |
 | main.go:77:36:77:38 | url | semmle.label | url |
 | main.go:87:9:87:14 | selection of Path | semmle.label | selection of Path |
 | main.go:91:25:91:39 | call to getTarget2 | semmle.label | call to getTarget2 |
 subpaths
-| main.go:11:37:11:44 | redirect | BadRedirectCheck.go:3:39:8:1 | SSA def(redir) | BadRedirectCheck.go:5:10:5:14 | redir | main.go:11:25:11:45 | call to sanitizeUrl |
-| main.go:77:36:77:38 | url | main.go:68:41:74:1 | SSA def(redirect) | main.go:73:9:73:28 | call to Clean | main.go:77:25:77:39 | call to getTarget1 |
-testFailures
-| BadRedirectCheck.go:3:39:8:1 | arg:0 block statement | Unexpected result: Source |
-| BadRedirectCheck.go:3:41:3:51 | comment | Missing result: Source |
-| cves.go:14:78:18:1 | arg:0 block statement | Unexpected result: Source |
-| cves.go:14:80:14:90 | comment | Missing result: Source |
-| main.go:10:78:12:1 | arg:0 block statement | Unexpected result: Source |
-| main.go:10:80:10:90 | comment | Missing result: Source |
-| main.go:32:79:36:1 | arg:0 block statement | Unexpected result: Source |
-| main.go:32:81:32:91 | comment | Missing result: Source |
-| main.go:68:41:74:1 | arg:0 block statement | Unexpected result: Source |
-| main.go:68:43:68:53 | comment | Missing result: Source |
-| main.go:76:74:78:1 | arg:0 block statement | Unexpected result: Source |
-| main.go:76:76:76:86 | comment | Missing result: Source |
+| main.go:11:37:11:44 | redirect | BadRedirectCheck.go:3:18:3:22 | SSA def(redir) | BadRedirectCheck.go:5:10:5:14 | redir | main.go:11:25:11:45 | call to sanitizeUrl |
+| main.go:77:36:77:38 | url | main.go:68:17:68:24 | SSA def(redirect) | main.go:73:9:73:28 | call to Clean | main.go:77:25:77:39 | call to getTarget1 |

go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected

@@ -30,16 +30,16 @@ edges
 | stdlib.go:71:23:71:37 | ...+... | stdlib.go:71:23:71:40 | ...+... | provenance | Config Sink:MaD:1 |
 | stdlib.go:93:13:93:18 | selection of Form | stdlib.go:93:13:93:32 | call to Get | provenance | Src:MaD:2 Config |
 | stdlib.go:93:13:93:32 | call to Get | stdlib.go:94:3:94:8 | target | provenance |  |
-| stdlib.go:94:3:94:8 | target | stdlib.go:94:3:94:25 | compound-rhs ... += ... | provenance | Config |
-| stdlib.go:94:3:94:25 | compound-rhs ... += ... | stdlib.go:96:23:96:28 | target | provenance | Sink:MaD:1 |
-| stdlib.go:116:4:116:4 | implicit-deref r [postupdate] [URL] | stdlib.go:116:4:116:4 | r [postupdate] [pointer, URL] | provenance |  |
+| stdlib.go:94:3:94:8 | target | stdlib.go:94:3:94:25 | ... += ... | provenance | Config |
+| stdlib.go:94:3:94:25 | ... += ... | stdlib.go:96:23:96:28 | target | provenance | Sink:MaD:1 |
+| stdlib.go:116:4:116:4 | implicit dereference [postupdate] [URL] | stdlib.go:116:4:116:4 | r [postupdate] [pointer, URL] | provenance |  |
 | stdlib.go:116:4:116:4 | r [postupdate] [pointer, URL] | stdlib.go:117:24:117:24 | r [pointer, URL] | provenance |  |
-| stdlib.go:116:4:116:8 | implicit-deref selection of URL | stdlib.go:116:4:116:8 | selection of URL [postupdate] | provenance | Config |
-| stdlib.go:116:4:116:8 | selection of URL | stdlib.go:116:4:116:8 | implicit-deref selection of URL | provenance | Src:MaD:4 Config |
-| stdlib.go:116:4:116:8 | selection of URL [postupdate] | stdlib.go:116:4:116:4 | implicit-deref r [postupdate] [URL] | provenance |  |
-| stdlib.go:116:4:116:8 | selection of URL [postupdate] | stdlib.go:116:4:116:8 | implicit-deref selection of URL | provenance | Config |
-| stdlib.go:117:24:117:24 | implicit-deref r [URL] | stdlib.go:117:24:117:28 | selection of URL | provenance |  |
-| stdlib.go:117:24:117:24 | r [pointer, URL] | stdlib.go:117:24:117:24 | implicit-deref r [URL] | provenance |  |
+| stdlib.go:116:4:116:8 | implicit dereference | stdlib.go:116:4:116:8 | selection of URL [postupdate] | provenance | Config |
+| stdlib.go:116:4:116:8 | selection of URL | stdlib.go:116:4:116:8 | implicit dereference | provenance | Src:MaD:4 Config |
+| stdlib.go:116:4:116:8 | selection of URL [postupdate] | stdlib.go:116:4:116:4 | implicit dereference [postupdate] [URL] | provenance |  |
+| stdlib.go:116:4:116:8 | selection of URL [postupdate] | stdlib.go:116:4:116:8 | implicit dereference | provenance | Config |
+| stdlib.go:117:24:117:24 | implicit dereference [URL] | stdlib.go:117:24:117:28 | selection of URL | provenance |  |
+| stdlib.go:117:24:117:24 | r [pointer, URL] | stdlib.go:117:24:117:24 | implicit dereference [URL] | provenance |  |
 | stdlib.go:117:24:117:28 | selection of URL | stdlib.go:117:24:117:37 | call to String | provenance | Src:MaD:4 Config Sink:MaD:1 |
 | stdlib.go:150:13:150:18 | selection of Form | stdlib.go:150:13:150:32 | call to Get | provenance | Src:MaD:2 Config |
 | stdlib.go:150:13:150:32 | call to Get | stdlib.go:156:23:156:28 | target | provenance | Sink:MaD:1 |
@@ -51,42 +51,42 @@ edges
 | stdlib.go:177:35:177:39 | selection of URL | stdlib.go:177:35:177:52 | call to RequestURI | provenance | Src:MaD:4 Config |
 | stdlib.go:177:35:177:52 | call to RequestURI | stdlib.go:177:24:177:52 | ...+... | provenance | Config Sink:MaD:1 |
 | stdlib.go:186:13:186:33 | call to FormValue | stdlib.go:188:23:188:28 | target | provenance | Src:MaD:3 Sink:MaD:1 |
-| stdlib.go:194:3:194:57 | extract:0 ... := ... | stdlib.go:196:23:196:28 | target | provenance |  |
-| stdlib.go:194:36:194:56 | call to FormValue | stdlib.go:194:3:194:57 | extract:0 ... := ... | provenance | Src:MaD:3 Config |
-| stdlib.go:196:23:196:28 | implicit-deref target | stdlib.go:196:23:196:28 | target [postupdate] | provenance | Config |
-| stdlib.go:196:23:196:28 | implicit-deref target | stdlib.go:196:23:196:33 | selection of Path | provenance | Config Sink:MaD:1 |
-| stdlib.go:196:23:196:28 | target | stdlib.go:196:23:196:28 | implicit-deref target | provenance | Config |
+| stdlib.go:194:3:194:57 | ... := ...[0] | stdlib.go:196:23:196:28 | target | provenance |  |
+| stdlib.go:194:36:194:56 | call to FormValue | stdlib.go:194:3:194:57 | ... := ...[0] | provenance | Src:MaD:3 Config |
+| stdlib.go:196:23:196:28 | implicit dereference | stdlib.go:196:23:196:28 | target [postupdate] | provenance | Config |
+| stdlib.go:196:23:196:28 | implicit dereference | stdlib.go:196:23:196:33 | selection of Path | provenance | Config Sink:MaD:1 |
+| stdlib.go:196:23:196:28 | target | stdlib.go:196:23:196:28 | implicit dereference | provenance | Config |
 | stdlib.go:196:23:196:28 | target | stdlib.go:196:23:196:33 | selection of Path | provenance | Config Sink:MaD:1 |
 | stdlib.go:196:23:196:28 | target | stdlib.go:198:23:198:28 | target | provenance |  |
-| stdlib.go:196:23:196:28 | target [postupdate] | stdlib.go:196:23:196:28 | implicit-deref target | provenance | Config |
+| stdlib.go:196:23:196:28 | target [postupdate] | stdlib.go:196:23:196:28 | implicit dereference | provenance | Config |
 | stdlib.go:196:23:196:28 | target [postupdate] | stdlib.go:198:23:198:28 | target | provenance |  |
 | stdlib.go:198:23:198:28 | target | stdlib.go:198:23:198:42 | call to EscapedPath | provenance | Config Sink:MaD:1 |
-| stdlib.go:210:3:210:3 | implicit-deref u [postupdate] | stdlib.go:210:3:210:3 | u [postupdate] | provenance | Config |
-| stdlib.go:210:3:210:3 | implicit-deref u [postupdate] | stdlib.go:210:3:210:3 | u [postupdate] [pointer] | provenance |  |
+| stdlib.go:210:3:210:3 | implicit dereference [postupdate] | stdlib.go:210:3:210:3 | u [postupdate] | provenance | Config |
+| stdlib.go:210:3:210:3 | implicit dereference [postupdate] | stdlib.go:210:3:210:3 | u [postupdate] [pointer] | provenance |  |
 | stdlib.go:210:3:210:3 | u [postupdate] | stdlib.go:212:23:212:23 | u | provenance |  |
 | stdlib.go:210:3:210:3 | u [postupdate] [pointer] | stdlib.go:212:23:212:23 | u [pointer] | provenance |  |
-| stdlib.go:210:12:210:30 | call to FormValue | stdlib.go:210:3:210:3 | implicit-deref u [postupdate] | provenance | Src:MaD:3 Config |
+| stdlib.go:210:12:210:30 | call to FormValue | stdlib.go:210:3:210:3 | implicit dereference [postupdate] | provenance | Src:MaD:3 Config |
 | stdlib.go:210:12:210:30 | call to FormValue | stdlib.go:210:3:210:3 | u [postupdate] | provenance | Src:MaD:3 Config |
-| stdlib.go:212:23:212:23 | implicit-deref u | stdlib.go:212:23:212:23 | u [postupdate] | provenance | Config |
-| stdlib.go:212:23:212:23 | implicit-deref u | stdlib.go:212:23:212:28 | selection of Path | provenance | Config Sink:MaD:1 |
-| stdlib.go:212:23:212:23 | u | stdlib.go:212:23:212:23 | implicit-deref u | provenance | Config |
+| stdlib.go:212:23:212:23 | implicit dereference | stdlib.go:212:23:212:23 | u [postupdate] | provenance | Config |
+| stdlib.go:212:23:212:23 | implicit dereference | stdlib.go:212:23:212:28 | selection of Path | provenance | Config Sink:MaD:1 |
+| stdlib.go:212:23:212:23 | u | stdlib.go:212:23:212:23 | implicit dereference | provenance | Config |
 | stdlib.go:212:23:212:23 | u | stdlib.go:212:23:212:28 | selection of Path | provenance | Config Sink:MaD:1 |
 | stdlib.go:212:23:212:23 | u | stdlib.go:214:23:214:23 | u | provenance |  |
-| stdlib.go:212:23:212:23 | u [pointer] | stdlib.go:212:23:212:23 | implicit-deref u | provenance |  |
-| stdlib.go:212:23:212:23 | u [postupdate] | stdlib.go:212:23:212:23 | implicit-deref u | provenance | Config |
+| stdlib.go:212:23:212:23 | u [pointer] | stdlib.go:212:23:212:23 | implicit dereference | provenance |  |
+| stdlib.go:212:23:212:23 | u [postupdate] | stdlib.go:212:23:212:23 | implicit dereference | provenance | Config |
 | stdlib.go:212:23:212:23 | u [postupdate] | stdlib.go:214:23:214:23 | u | provenance |  |
 | stdlib.go:214:23:214:23 | u | stdlib.go:214:23:214:32 | call to String | provenance | Config Sink:MaD:1 |
-| stdlib.go:257:3:257:3 | implicit-deref u [postupdate] | stdlib.go:257:3:257:3 | u [postupdate] | provenance | Config |
-| stdlib.go:257:3:257:3 | implicit-deref u [postupdate] | stdlib.go:257:3:257:3 | u [postupdate] [pointer] | provenance |  |
+| stdlib.go:257:3:257:3 | implicit dereference [postupdate] | stdlib.go:257:3:257:3 | u [postupdate] | provenance | Config |
+| stdlib.go:257:3:257:3 | implicit dereference [postupdate] | stdlib.go:257:3:257:3 | u [postupdate] [pointer] | provenance |  |
 | stdlib.go:257:3:257:3 | u [postupdate] | stdlib.go:260:3:260:3 | u | provenance |  |
 | stdlib.go:257:3:257:3 | u [postupdate] [pointer] | stdlib.go:260:3:260:3 | u [pointer] | provenance |  |
-| stdlib.go:257:12:257:30 | call to FormValue | stdlib.go:257:3:257:3 | implicit-deref u [postupdate] | provenance | Src:MaD:3 Config |
+| stdlib.go:257:12:257:30 | call to FormValue | stdlib.go:257:3:257:3 | implicit dereference [postupdate] | provenance | Src:MaD:3 Config |
 | stdlib.go:257:12:257:30 | call to FormValue | stdlib.go:257:3:257:3 | u [postupdate] | provenance | Src:MaD:3 Config |
-| stdlib.go:260:3:260:3 | implicit-deref u | stdlib.go:260:3:260:3 | u [postupdate] | provenance | Config |
-| stdlib.go:260:3:260:3 | u | stdlib.go:260:3:260:3 | implicit-deref u | provenance | Config |
+| stdlib.go:260:3:260:3 | implicit dereference | stdlib.go:260:3:260:3 | u [postupdate] | provenance | Config |
+| stdlib.go:260:3:260:3 | u | stdlib.go:260:3:260:3 | implicit dereference | provenance | Config |
 | stdlib.go:260:3:260:3 | u | stdlib.go:261:23:261:23 | u | provenance |  |
-| stdlib.go:260:3:260:3 | u [pointer] | stdlib.go:260:3:260:3 | implicit-deref u | provenance |  |
-| stdlib.go:260:3:260:3 | u [postupdate] | stdlib.go:260:3:260:3 | implicit-deref u | provenance | Config |
+| stdlib.go:260:3:260:3 | u [pointer] | stdlib.go:260:3:260:3 | implicit dereference | provenance |  |
+| stdlib.go:260:3:260:3 | u [postupdate] | stdlib.go:260:3:260:3 | implicit dereference | provenance | Config |
 | stdlib.go:260:3:260:3 | u [postupdate] | stdlib.go:261:23:261:23 | u | provenance |  |
 | stdlib.go:261:23:261:23 | u | stdlib.go:261:23:261:32 | call to String | provenance | Config Sink:MaD:1 |
 models
@@ -118,14 +118,14 @@ nodes
 | stdlib.go:93:13:93:18 | selection of Form | semmle.label | selection of Form |
 | stdlib.go:93:13:93:32 | call to Get | semmle.label | call to Get |
 | stdlib.go:94:3:94:8 | target | semmle.label | target |
-| stdlib.go:94:3:94:25 | compound-rhs ... += ... | semmle.label | compound-rhs ... += ... |
+| stdlib.go:94:3:94:25 | ... += ... | semmle.label | ... += ... |
 | stdlib.go:96:23:96:28 | target | semmle.label | target |
-| stdlib.go:116:4:116:4 | implicit-deref r [postupdate] [URL] | semmle.label | implicit-deref r [postupdate] [URL] |
+| stdlib.go:116:4:116:4 | implicit dereference [postupdate] [URL] | semmle.label | implicit dereference [postupdate] [URL] |
 | stdlib.go:116:4:116:4 | r [postupdate] [pointer, URL] | semmle.label | r [postupdate] [pointer, URL] |
-| stdlib.go:116:4:116:8 | implicit-deref selection of URL | semmle.label | implicit-deref selection of URL |
+| stdlib.go:116:4:116:8 | implicit dereference | semmle.label | implicit dereference |
 | stdlib.go:116:4:116:8 | selection of URL | semmle.label | selection of URL |
 | stdlib.go:116:4:116:8 | selection of URL [postupdate] | semmle.label | selection of URL [postupdate] |
-| stdlib.go:117:24:117:24 | implicit-deref r [URL] | semmle.label | implicit-deref r [URL] |
+| stdlib.go:117:24:117:24 | implicit dereference [URL] | semmle.label | implicit dereference [URL] |
 | stdlib.go:117:24:117:24 | r [pointer, URL] | semmle.label | r [pointer, URL] |
 | stdlib.go:117:24:117:28 | selection of URL | semmle.label | selection of URL |
 | stdlib.go:117:24:117:37 | call to String | semmle.label | call to String |
@@ -142,30 +142,30 @@ nodes
 | stdlib.go:177:35:177:52 | call to RequestURI | semmle.label | call to RequestURI |
 | stdlib.go:186:13:186:33 | call to FormValue | semmle.label | call to FormValue |
 | stdlib.go:188:23:188:28 | target | semmle.label | target |
-| stdlib.go:194:3:194:57 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
+| stdlib.go:194:3:194:57 | ... := ...[0] | semmle.label | ... := ...[0] |
 | stdlib.go:194:36:194:56 | call to FormValue | semmle.label | call to FormValue |
-| stdlib.go:196:23:196:28 | implicit-deref target | semmle.label | implicit-deref target |
+| stdlib.go:196:23:196:28 | implicit dereference | semmle.label | implicit dereference |
 | stdlib.go:196:23:196:28 | target | semmle.label | target |
 | stdlib.go:196:23:196:28 | target [postupdate] | semmle.label | target [postupdate] |
 | stdlib.go:196:23:196:33 | selection of Path | semmle.label | selection of Path |
 | stdlib.go:198:23:198:28 | target | semmle.label | target |
 | stdlib.go:198:23:198:42 | call to EscapedPath | semmle.label | call to EscapedPath |
-| stdlib.go:210:3:210:3 | implicit-deref u [postupdate] | semmle.label | implicit-deref u [postupdate] |
+| stdlib.go:210:3:210:3 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] |
 | stdlib.go:210:3:210:3 | u [postupdate] | semmle.label | u [postupdate] |
 | stdlib.go:210:3:210:3 | u [postupdate] [pointer] | semmle.label | u [postupdate] [pointer] |
 | stdlib.go:210:12:210:30 | call to FormValue | semmle.label | call to FormValue |
-| stdlib.go:212:23:212:23 | implicit-deref u | semmle.label | implicit-deref u |
+| stdlib.go:212:23:212:23 | implicit dereference | semmle.label | implicit dereference |
 | stdlib.go:212:23:212:23 | u | semmle.label | u |
 | stdlib.go:212:23:212:23 | u [pointer] | semmle.label | u [pointer] |
 | stdlib.go:212:23:212:23 | u [postupdate] | semmle.label | u [postupdate] |
 | stdlib.go:212:23:212:28 | selection of Path | semmle.label | selection of Path |
 | stdlib.go:214:23:214:23 | u | semmle.label | u |
 | stdlib.go:214:23:214:32 | call to String | semmle.label | call to String |
-| stdlib.go:257:3:257:3 | implicit-deref u [postupdate] | semmle.label | implicit-deref u [postupdate] |
+| stdlib.go:257:3:257:3 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] |
 | stdlib.go:257:3:257:3 | u [postupdate] | semmle.label | u [postupdate] |
 | stdlib.go:257:3:257:3 | u [postupdate] [pointer] | semmle.label | u [postupdate] [pointer] |
 | stdlib.go:257:12:257:30 | call to FormValue | semmle.label | call to FormValue |
-| stdlib.go:260:3:260:3 | implicit-deref u | semmle.label | implicit-deref u |
+| stdlib.go:260:3:260:3 | implicit dereference | semmle.label | implicit dereference |
 | stdlib.go:260:3:260:3 | u | semmle.label | u |
 | stdlib.go:260:3:260:3 | u [pointer] | semmle.label | u [pointer] |
 | stdlib.go:260:3:260:3 | u [postupdate] | semmle.label | u [postupdate] |

go/ql/test/query-tests/Security/CWE-770/UncontrolledAllocationSize.expected

@@ -5,8 +5,8 @@ edges
 | UncontrolledAllocationSizeBad.go:11:12:11:24 | call to Query | UncontrolledAllocationSizeBad.go:13:15:13:20 | source | provenance |  |
 | UncontrolledAllocationSizeBad.go:13:15:13:20 | source | UncontrolledAllocationSizeBad.go:13:15:13:29 | call to Get | provenance | MaD:3 |
 | UncontrolledAllocationSizeBad.go:13:15:13:29 | call to Get | UncontrolledAllocationSizeBad.go:14:28:14:36 | sourceStr | provenance |  |
-| UncontrolledAllocationSizeBad.go:14:2:14:37 | extract:0 ... := ... | UncontrolledAllocationSizeBad.go:20:27:20:30 | sink | provenance |  |
-| UncontrolledAllocationSizeBad.go:14:28:14:36 | sourceStr | UncontrolledAllocationSizeBad.go:14:2:14:37 | extract:0 ... := ... | provenance | Config |
+| UncontrolledAllocationSizeBad.go:14:2:14:37 | ... := ...[0] | UncontrolledAllocationSizeBad.go:20:27:20:30 | sink | provenance |  |
+| UncontrolledAllocationSizeBad.go:14:28:14:36 | sourceStr | UncontrolledAllocationSizeBad.go:14:2:14:37 | ... := ...[0] | provenance | Config |
 models
 | 1 | Source: net/http; Request; true; URL; ; ; ; remote; manual |
 | 2 | Summary: net/url; URL; true; Query; ; ; Argument[receiver]; ReturnValue; taint; manual |
@@ -16,7 +16,7 @@ nodes
 | UncontrolledAllocationSizeBad.go:11:12:11:24 | call to Query | semmle.label | call to Query |
 | UncontrolledAllocationSizeBad.go:13:15:13:20 | source | semmle.label | source |
 | UncontrolledAllocationSizeBad.go:13:15:13:29 | call to Get | semmle.label | call to Get |
-| UncontrolledAllocationSizeBad.go:14:2:14:37 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
+| UncontrolledAllocationSizeBad.go:14:2:14:37 | ... := ...[0] | semmle.label | ... := ...[0] |
 | UncontrolledAllocationSizeBad.go:14:28:14:36 | sourceStr | semmle.label | sourceStr |
 | UncontrolledAllocationSizeBad.go:20:27:20:30 | sink | semmle.label | sink |
 subpaths

go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected

@@ -37,9 +37,9 @@ edges
 | tst.go:11:13:11:35 | call to FormValue | tst.go:39:11:39:29 | ...+... | provenance | Src:MaD:1  |
 | tst.go:11:13:11:35 | call to FormValue | tst.go:41:11:41:40 | ...+... | provenance | Src:MaD:1  |
 | tst.go:11:13:11:35 | call to FormValue | tst.go:48:11:48:18 | tainted2 | provenance | Src:MaD:1  |
-| tst.go:48:2:48:2 | implicit-deref u [postupdate] | tst.go:48:2:48:2 | u [postupdate] | provenance |  |
+| tst.go:48:2:48:2 | implicit dereference [postupdate] | tst.go:48:2:48:2 | u [postupdate] | provenance |  |
 | tst.go:48:2:48:2 | u [postupdate] | tst.go:49:11:49:11 | u | provenance |  |
-| tst.go:48:11:48:18 | tainted2 | tst.go:48:2:48:2 | implicit-deref u [postupdate] | provenance | Config |
+| tst.go:48:11:48:18 | tainted2 | tst.go:48:2:48:2 | implicit dereference [postupdate] | provenance | Config |
 | tst.go:48:11:48:18 | tainted2 | tst.go:48:2:48:2 | u [postupdate] | provenance | Config |
 | tst.go:49:11:49:11 | u | tst.go:49:11:49:20 | call to String | provenance | MaD:3 |
 | websocket.go:60:21:60:31 | call to Referer | websocket.go:65:27:65:40 | untrustedInput | provenance | Src:MaD:2  |
@@ -71,7 +71,7 @@ nodes
 | tst.go:37:18:37:24 | tainted | semmle.label | tainted |
 | tst.go:39:11:39:29 | ...+... | semmle.label | ...+... |
 | tst.go:41:11:41:40 | ...+... | semmle.label | ...+... |
-| tst.go:48:2:48:2 | implicit-deref u [postupdate] | semmle.label | implicit-deref u [postupdate] |
+| tst.go:48:2:48:2 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] |
 | tst.go:48:2:48:2 | u [postupdate] | semmle.label | u [postupdate] |
 | tst.go:48:11:48:18 | tainted2 | semmle.label | tainted2 |
 | tst.go:49:11:49:11 | u | semmle.label | u |

java/kotlin-extractor/BUILD.bazel

@@ -53,6 +53,10 @@ _extractor_name_prefix = "%s-%s" % (
     "embeddable" if _for_embeddable else "standalone",
 )
 
+_compiler_plugin_registrar_service_source = "src/main/resources/META-INF/services/org.jetbrains.kotlin.compiler.plugin.CompilerPluginRegistrar"
+
+_compiler_plugin_registrar_service_target = "META-INF/services/org.jetbrains.kotlin.compiler.plugin.CompilerPluginRegistrar"
+
 py_binary(
     name = "generate_dbscheme",
     srcs = ["generate_dbscheme.py"],
@@ -64,8 +68,14 @@ _resources = [
         r[len("src/main/resources/"):],
     )
     for r in glob(["src/main/resources/**"])
+    if r != _compiler_plugin_registrar_service_source
 ]
 
+_compiler_plugin_registrar_service = (
+    _compiler_plugin_registrar_service_source,
+    _compiler_plugin_registrar_service_target,
+)
+
 kt_javac_options(
     name = "javac-options",
     release = "8",
@@ -91,19 +101,32 @@ kt_javac_options(
         # * `resource_strip_prefix` is unique per jar, so we must also put other resources under the same version prefix
         genrule(
             name = "resources-%s" % v,
-            srcs = [src for src, _ in _resources],
+            srcs = [src for src, _ in _resources] + (
+                [_compiler_plugin_registrar_service[0]] if not version_less(v, "2.4.0") else []
+            ),
             outs = [
                 "%s/com/github/codeql/extractor.name" % v,
             ] + [
                 "%s/%s" % (v, target)
                 for _, target in _resources
-            ],
+            ] + (
+                ["%s/%s" % (
+                    v,
+                    _compiler_plugin_registrar_service[1],
+                )] if not version_less(v, "2.4.0") else []
+            ),
             cmd = "\n".join([
                 "echo %s-%s > $(RULEDIR)/%s/com/github/codeql/extractor.name" % (_extractor_name_prefix, v, v),
             ] + [
                 "cp $(execpath %s) $(RULEDIR)/%s/%s" % (source, v, target)
                 for source, target in _resources
-            ]),
+            ] + (
+                ["cp $(execpath %s) $(RULEDIR)/%s/%s" % (
+                    _compiler_plugin_registrar_service[0],
+                    v,
+                    _compiler_plugin_registrar_service[1],
+                )] if not version_less(v, "2.4.0") else []
+            )),
         ),
         kt_jvm_library(
             name = "%s-%s" % (_extractor_name_prefix, v),

java/kotlin-extractor/dev/wrapper.py

@@ -27,7 +27,7 @@ import shutil
 import io
 import os
 
-DEFAULT_VERSION = "2.3.20"
+DEFAULT_VERSION = "2.4.0"
 
 
 def options():

java/kotlin-extractor/src/main/kotlin/KotlinExtractorComponentRegistrar.kt

@@ -3,32 +3,21 @@
 
 package com.github.codeql
 
-import com.intellij.mock.MockProject
-import com.intellij.openapi.extensions.LoadingOrder
-import org.jetbrains.kotlin.backend.common.extensions.IrGenerationExtension
 import org.jetbrains.kotlin.config.CompilerConfiguration
 
 class KotlinExtractorComponentRegistrar : Kotlin2ComponentRegistrar() {
-    override fun registerProjectComponents(
-        project: MockProject,
-        configuration: CompilerConfiguration
-    ) {
+    override fun doRegisterExtensions(configuration: CompilerConfiguration) {
         val invocationTrapFile = configuration[KEY_INVOCATION_TRAP_FILE]
         if (invocationTrapFile == null) {
             throw Exception("Required argument for TRAP invocation file not given")
         }
-        // Register with LoadingOrder.LAST to ensure the extractor runs after other
-        // IR generation plugins (like kotlinx.serialization) have generated their code.
-        val extensionPoint = project.extensionArea.getExtensionPoint(IrGenerationExtension.extensionPointName)
-        extensionPoint.registerExtension(
+        registerExtractorExtension(
             KotlinExtractorExtension(
                 invocationTrapFile,
                 configuration[KEY_CHECK_TRAP_IDENTICAL] ?: false,
                 configuration[KEY_COMPILATION_STARTTIME],
                 configuration[KEY_EXIT_AFTER_EXTRACTION] ?: false
-            ),
-            LoadingOrder.LAST,
-            project
+            )
         )
     }
 }

java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt

@@ -173,9 +173,9 @@ open class KotlinFileExtractor(
         when (d) {
             is IrFunction ->
                 when (d.name.asString()) {
-                    "toString" -> d.valueParameters.isEmpty()
-                    "hashCode" -> d.valueParameters.isEmpty()
-                    "equals" -> d.valueParameters.singleOrNull()?.type?.isNullableAny() ?: false
+                    "toString" -> d.codeQlValueParameters.isEmpty()
+                    "hashCode" -> d.codeQlValueParameters.isEmpty()
+                    "equals" -> d.codeQlValueParameters.singleOrNull()?.type?.isNullableAny() ?: false
                     else -> false
                 } && isJavaBinaryDeclaration(d)
             else -> false
@@ -721,7 +721,7 @@ open class KotlinFileExtractor(
             (it.type as? IrSimpleType)?.classFqName?.asString() != "kotlin.Deprecated"
         } +
             // Note we lose any arguments to @java.lang.Deprecated that were written in source.
-            IrConstructorCallImpl.fromSymbolOwner(
+            codeQlAnnotationFromSymbolOwner(
                 UNDEFINED_OFFSET,
                 UNDEFINED_OFFSET,
                 jldConstructor.returnType,
@@ -781,13 +781,13 @@ open class KotlinFileExtractor(
         val locId = tw.getLocation(constructorCall)
         tw.writeHasLocation(id, locId)
 
-        for (i in 0 until constructorCall.valueArgumentsCount) {
-            val param = constructorCall.symbol.owner.valueParameters[i]
+        for (i in 0 until constructorCall.codeQlValueArgumentsCount) {
+            val param = constructorCall.symbol.owner.codeQlValueParameters[i]
             val prop =
                 constructorCall.symbol.owner.parentAsClass.declarations
                     .filterIsInstance<IrProperty>()
                     .first { it.name == param.name }
-            val v = constructorCall.getValueArgument(i) ?: param.defaultValue?.expression
+            val v = constructorCall.codeQlGetValueArgument(i) ?: param.defaultValue?.expression
             val getter = prop.getter
             if (getter == null) {
                 logger.warnElement("Expected annotation property to define a getter", prop)
@@ -1115,9 +1115,9 @@ open class KotlinFileExtractor(
                         returnId,
                         0,
                         returnId,
-                        f.valueParameters.size,
+                        f.codeQlValueParameters.size,
                         { argParent, idxOffset ->
-                            f.valueParameters.forEachIndexed { idx, param ->
+                            f.codeQlValueParameters.forEachIndexed { idx, param ->
                                 val syntheticParamId = useValueParameter(param, proxyFunctionId)
                                 extractVariableAccess(
                                     syntheticParamId,
@@ -1695,9 +1695,9 @@ open class KotlinFileExtractor(
                             returnId,
                             0,
                             returnId,
-                            f.valueParameters.size,
+                            f.codeQlValueParameters.size,
                             { argParentId, idxOffset ->
-                                f.valueParameters.mapIndexed { idx, param ->
+                                f.codeQlValueParameters.mapIndexed { idx, param ->
                                     val syntheticParamId = useValueParameter(param, functionId)
                                     extractVariableAccess(
                                         syntheticParamId,
@@ -1792,7 +1792,7 @@ open class KotlinFileExtractor(
         extractBody: Boolean,
         extractMethodAndParameterTypeAccesses: Boolean
     ) {
-        if (f.valueParameters.none { it.defaultValue != null }) return
+        if (f.codeQlValueParameters.none { it.defaultValue != null }) return
 
         val id = getDefaultsMethodLabel(f)
         if (id == null) {
@@ -1800,7 +1800,7 @@ open class KotlinFileExtractor(
             return
         }
         val locId = getLocation(f, null)
-        val extReceiver = f.extensionReceiverParameter
+        val extReceiver = f.codeQlExtensionReceiverParameter
         val dispatchReceiver = if (f.shouldExtractAsStatic) null else f.dispatchReceiverParameter
         val parameterTypes = getDefaultsMethodArgTypes(f)
         val allParamTypeResults =
@@ -1869,7 +1869,7 @@ open class KotlinFileExtractor(
         tw.writeCompiler_generated(id, CompilerGeneratedKinds.DEFAULT_ARGUMENTS_METHOD.kind)
 
         if (extractBody) {
-            val nonSyntheticParams = listOfNotNull(dispatchReceiver) + f.valueParameters
+            val nonSyntheticParams = listOfNotNull(dispatchReceiver) + f.codeQlValueParameters
             // This stack entry represents as if we're extracting the 'real' function `f`, giving
             // the indices of its non-synthetic parameters
             // such that when we extract the default expressions below, any reference to f's nth
@@ -1895,12 +1895,12 @@ open class KotlinFileExtractor(
                     val realParamsVarId = getValueParameterLabel(id, parameterTypes.size - 2)
                     val intType = pluginContext.irBuiltIns.intType
                     val paramIdxOffset =
-                        listOf(dispatchReceiver, f.extensionReceiverParameter).count { it != null }
+                        listOf(dispatchReceiver, f.codeQlExtensionReceiverParameter).count { it != null }
                     extractBlockBody(id, locId).also { blockId ->
                         var nextStmt = 0
                         // For each parameter with a default, sub in the default value if the caller
                         // hasn't supplied a value:
-                        f.valueParameters.forEachIndexed { paramIdx, param ->
+                        f.codeQlValueParameters.forEachIndexed { paramIdx, param ->
                             val defaultVal = param.defaultValue
                             if (defaultVal != null) {
                                 extractIfStmt(locId, blockId, nextStmt++, id).also { ifId ->
@@ -1975,7 +1975,7 @@ open class KotlinFileExtractor(
                                     id
                                 )
                                 tw.writeHasLocation(thisCallId, locId)
-                                f.valueParameters.forEachIndexed { idx, param ->
+                                f.codeQlValueParameters.forEachIndexed { idx, param ->
                                     extractVariableAccess(
                                         tw.getLabelFor<DbParam>(getValueParameterLabel(id, idx)),
                                         param.type,
@@ -2003,9 +2003,9 @@ open class KotlinFileExtractor(
                                     )
                                     .also { thisCallId ->
                                         val realFnIdxOffset =
-                                            if (f.extensionReceiverParameter != null) 1 else 0
+                                            if (f.codeQlExtensionReceiverParameter != null) 1 else 0
                                         val paramMappings =
-                                            f.valueParameters.mapIndexed { idx, param ->
+                                            f.codeQlValueParameters.mapIndexed { idx, param ->
                                                 Triple(
                                                     param.type,
                                                     idx + paramIdxOffset,
@@ -2156,7 +2156,7 @@ open class KotlinFileExtractor(
                         val dispatchReceiver =
                             f.dispatchReceiverParameter?.let { IrGetValueImpl(-1, -1, it.symbol) }
                         val extensionReceiver =
-                            f.extensionReceiverParameter?.let { IrGetValueImpl(-1, -1, it.symbol) }
+                            f.codeQlExtensionReceiverParameter?.let { IrGetValueImpl(-1, -1, it.symbol) }
 
                         extractExpressionBody(overloadId, realFunctionLocId).also { returnId ->
                             extractsDefaultsCall(
@@ -2180,28 +2180,28 @@ open class KotlinFileExtractor(
         if (!f.hasAnnotation(jvmOverloadsFqName)) {
             if (
                 f is IrConstructor &&
-                    f.valueParameters.isNotEmpty() &&
-                    f.valueParameters.all { it.defaultValue != null } &&
+                    f.codeQlValueParameters.isNotEmpty() &&
+                    f.codeQlValueParameters.all { it.defaultValue != null } &&
                     f.parentClassOrNull?.let {
                         // Don't create a default constructor for an annotation class, or a class
                         // that explicitly declares a no-arg constructor.
                         !it.isAnnotationClass &&
                             it.declarations.none { d ->
-                                d is IrConstructor && d.valueParameters.isEmpty()
+                                d is IrConstructor && d.codeQlValueParameters.isEmpty()
                             }
                     } == true
             ) {
                 // Per https://kotlinlang.org/docs/classes.html#creating-instances-of-classes, a
                 // single default overload gets created specifically
                 // when we have all default parameters, regardless of `@JvmOverloads`.
-                extractGeneratedOverload(f.valueParameters.map { _ -> null })
+                extractGeneratedOverload(f.codeQlValueParameters.map { _ -> null })
             }
             return
         }
 
-        val paramList: MutableList<IrValueParameter?> = f.valueParameters.toMutableList()
-        for (n in (f.valueParameters.size - 1) downTo 0) {
-            if (f.valueParameters[n].defaultValue != null) {
+        val paramList: MutableList<IrValueParameter?> = f.codeQlValueParameters.toMutableList()
+        for (n in (f.codeQlValueParameters.size - 1) downTo 0) {
+            if (f.codeQlValueParameters[n].defaultValue != null) {
                 paramList[n] = null // Remove this parameter, to be replaced by a default value
                 extractGeneratedOverload(paramList)
             }
@@ -2327,7 +2327,7 @@ open class KotlinFileExtractor(
             getClassByFqName(pluginContext, it)?.let { annotationClass ->
                 annotationClass.owner.declarations.firstIsInstanceOrNull<IrConstructor>()?.let {
                     annotationConstructor ->
-                    IrConstructorCallImpl.fromSymbolOwner(
+                    codeQlAnnotationFromSymbolOwner(
                         UNDEFINED_OFFSET,
                         UNDEFINED_OFFSET,
                         annotationConstructor.returnType,
@@ -2388,13 +2388,13 @@ open class KotlinFileExtractor(
                             id
                         }
 
-                val extReceiver = f.extensionReceiverParameter
+                val extReceiver = f.codeQlExtensionReceiverParameter
                 // The following parameter order is correct, because member $default methods (where
                 // the order would be [dispatchParam], [extensionParam], normalParams) are not
                 // extracted here
                 val fParameters =
                     listOfNotNull(extReceiver) +
-                        (overriddenAttributes?.valueParameters ?: f.valueParameters)
+                        (overriddenAttributes?.valueParameters ?: f.codeQlValueParameters)
                 val paramTypes =
                     fParameters.mapIndexed { i, vp ->
                         extractValueParameter(
@@ -3069,14 +3069,14 @@ open class KotlinFileExtractor(
             logger.errorElement("Unexpected dispatch receiver found", c)
         }
 
-        if (c.valueArgumentsCount < 1) {
+        if (c.codeQlValueArgumentsCount < 1) {
             logger.errorElement("No arguments found", c)
             return
         }
 
         extractArgument(id, c, callable, enclosingStmt, 0, "Operand null")
 
-        if (c.valueArgumentsCount > 1) {
+        if (c.codeQlValueArgumentsCount > 1) {
             logger.errorElement("Extra arguments found", c)
         }
     }
@@ -3095,21 +3095,21 @@ open class KotlinFileExtractor(
             logger.errorElement("Unexpected dispatch receiver found", c)
         }
 
-        if (c.valueArgumentsCount < 1) {
+        if (c.codeQlValueArgumentsCount < 1) {
             logger.errorElement("No arguments found", c)
             return
         }
 
         extractArgument(id, c, callable, enclosingStmt, 0, "LHS null")
 
-        if (c.valueArgumentsCount < 2) {
+        if (c.codeQlValueArgumentsCount < 2) {
             logger.errorElement("No RHS found", c)
             return
         }
 
         extractArgument(id, c, callable, enclosingStmt, 1, "RHS null")
 
-        if (c.valueArgumentsCount > 2) {
+        if (c.codeQlValueArgumentsCount > 2) {
             logger.errorElement("Extra arguments found", c)
         }
     }
@@ -3122,7 +3122,7 @@ open class KotlinFileExtractor(
         idx: Int,
         msg: String
     ) {
-        val op = c.getValueArgument(idx)
+        val op = c.codeQlGetValueArgument(idx)
         if (op == null) {
             logger.errorElement(msg, c)
         } else {
@@ -3267,8 +3267,8 @@ open class KotlinFileExtractor(
         // and which should be replaced by defaults. The final Object parameter is apparently always
         // null.
         (listOfNotNull(if (f.shouldExtractAsStatic) null else f.dispatchReceiverParameter?.type) +
-                listOfNotNull(f.extensionReceiverParameter?.type) +
-                f.valueParameters.map { it.type } +
+                listOfNotNull(f.codeQlExtensionReceiverParameter?.type) +
+                f.codeQlValueParameters.map { it.type } +
                 listOf(pluginContext.irBuiltIns.intType, getDefaultsMethodLastArgType(f)))
             .map { erase(it) }
 
@@ -3345,7 +3345,7 @@ open class KotlinFileExtractor(
         val overriddenCallTarget =
             (callTarget as? IrSimpleFunction)?.allOverridden(includeSelf = true)?.firstOrNull {
                 it.overriddenSymbols.isEmpty() &&
-                    it.valueParameters.any { p -> p.defaultValue != null }
+                    it.codeQlValueParameters.any { p -> p.defaultValue != null }
             } ?: callTarget
         if (isExternalDeclaration(overriddenCallTarget)) {
             // Likewise, ensure the overridden target gets extracted.
@@ -3419,7 +3419,7 @@ open class KotlinFileExtractor(
         }
 
         val valueArgsWithDummies =
-            valueArguments.zip(callTarget.valueParameters).map { (expr, param) ->
+            valueArguments.zip(callTarget.codeQlValueParameters).map { (expr, param) ->
                 expr ?: IrConstImpl.defaultValueForType(0, 0, param.type)
             }
 
@@ -3529,7 +3529,7 @@ open class KotlinFileExtractor(
         callTarget: IrFunction,
         valueArguments: List<IrExpression?>
     ): Boolean {
-        val varargParam = callTarget.valueParameters.withIndex().find { it.value.isVararg }
+        val varargParam = callTarget.codeQlValueParameters.withIndex().find { it.value.isVararg }
         // If the vararg param is the only one not specified, and it has no default value, then we
         // don't need to call a $default method,
         // as omitting it already implies passing an empty vararg array.
@@ -3805,7 +3805,7 @@ open class KotlinFileExtractor(
     ) =
         extractCallValueArguments(
             callId,
-            (0 until call.valueArgumentsCount).map { call.getValueArgument(it) },
+            (0 until call.codeQlValueArgumentsCount).map { call.codeQlGetValueArgument(it) },
             enclosingStmt,
             enclosingCallable,
             idxOffset
@@ -3874,7 +3874,7 @@ open class KotlinFileExtractor(
                     (owner.parentClassOrNull?.fqNameWhenAvailable?.asString() == type ||
                         (owner.parent is IrExternalPackageFragment &&
                             getFileClassFqName(owner)?.asString() == type)) &&
-                        owner.valueParameters
+                        owner.codeQlValueParameters
                             .map { it.type.classFqName?.asString() }
                             .toTypedArray() contentEquals parameterTypes
                 }
@@ -3926,8 +3926,8 @@ open class KotlinFileExtractor(
         val result =
             javaLangString?.declarations?.findSubType<IrFunction> {
                 it.name.asString() == "valueOf" &&
-                    it.valueParameters.size == 1 &&
-                    it.valueParameters[0].type == pluginContext.irBuiltIns.anyNType
+                    it.codeQlValueParameters.size == 1 &&
+                    it.codeQlValueParameters[0].type == pluginContext.irBuiltIns.anyNType
             }
         if (result == null) {
             logger.error("Couldn't find declaration java.lang.String.valueOf(Object)")
@@ -3951,7 +3951,7 @@ open class KotlinFileExtractor(
     val kotlinNoWhenBranchMatchedConstructor by lazy {
         val result =
             kotlinNoWhenBranchMatchedExn?.declarations?.findSubType<IrConstructor> {
-                it.valueParameters.isEmpty()
+                it.codeQlValueParameters.isEmpty()
             }
         if (result == null) {
             logger.error("Couldn't find no-arg constructor for kotlin.NoWhenBranchMatchedException")
@@ -3990,7 +3990,7 @@ open class KotlinFileExtractor(
             verboseln("No match as function name is ${target.name.asString()} not $fName")
             return false
         }
-        val extensionReceiverParameter = target.extensionReceiverParameter
+        val extensionReceiverParameter = target.codeQlExtensionReceiverParameter
         val targetClass =
             if (extensionReceiverParameter == null) {
                 if (isNullable == true) {
@@ -4098,8 +4098,8 @@ open class KotlinFileExtractor(
             ) {
                 val typeArgs =
                     if (extractMethodTypeArguments)
-                        (0 until c.typeArgumentsCount)
-                            .map { c.getTypeArgument(it) }
+                        (0 until c.codeQlTypeArgumentsCount)
+                            .map { c.codeQlGetTypeArgument(it) }
                             .requireNoNullsOrNull()
                     else listOf()
 
@@ -4116,9 +4116,9 @@ open class KotlinFileExtractor(
                     parent,
                     idx,
                     enclosingStmt,
-                    (0 until c.valueArgumentsCount).map { c.getValueArgument(it) },
+                    (0 until c.codeQlValueArgumentsCount).map { c.codeQlGetValueArgument(it) },
                     c.dispatchReceiver,
-                    c.extensionReceiver,
+                    c.codeQlExtensionReceiver,
                     typeArgs,
                     extractClassTypeArguments,
                     c.superQualifierSymbol
@@ -4126,12 +4126,12 @@ open class KotlinFileExtractor(
             }
 
             fun extractSpecialEnumFunction(fnName: String) {
-                if (c.typeArgumentsCount != 1) {
+                if (c.codeQlTypeArgumentsCount != 1) {
                     logger.errorElement("Expected to find exactly one type argument", c)
                     return
                 }
 
-                val enumType = (c.getTypeArgument(0) as? IrSimpleType)?.classifier?.owner
+                val enumType = (c.codeQlGetTypeArgument(0) as? IrSimpleType)?.classifier?.owner
                 if (enumType == null) {
                     logger.errorElement("Couldn't find type of enum type", c)
                     return
@@ -4178,13 +4178,13 @@ open class KotlinFileExtractor(
                 } else {
                     extractExpressionExpr(receiver, callable, id, 0, enclosingStmt)
                 }
-                if (c.valueArgumentsCount < 1) {
+                if (c.codeQlValueArgumentsCount < 1) {
                     logger.errorElement("No RHS found", c)
                 } else {
-                    if (c.valueArgumentsCount > 1) {
+                    if (c.codeQlValueArgumentsCount > 1) {
                         logger.errorElement("Extra arguments found", c)
                     }
-                    val arg = c.getValueArgument(0)
+                    val arg = c.codeQlGetValueArgument(0)
                     if (arg == null) {
                         logger.errorElement("RHS null", c)
                     } else {
@@ -4205,7 +4205,7 @@ open class KotlinFileExtractor(
                 } else {
                     extractExpressionExpr(receiver, callable, id, 0, enclosingStmt)
                 }
-                if (c.valueArgumentsCount > 0) {
+                if (c.codeQlValueArgumentsCount > 0) {
                     logger.errorElement("Extra arguments found", c)
                 }
             }
@@ -4219,7 +4219,7 @@ open class KotlinFileExtractor(
             }
 
             fun binopExt(id: Label<out DbExpr>) {
-                binopReceiver(id, c.extensionReceiver, "Extension receiver")
+                binopReceiver(id, c.codeQlExtensionReceiver, "Extension receiver")
             }
 
             fun unaryopDisp(id: Label<out DbExpr>) {
@@ -4227,7 +4227,7 @@ open class KotlinFileExtractor(
             }
 
             fun unaryopExt(id: Label<out DbExpr>) {
-                unaryopReceiver(id, c.extensionReceiver, "Extension receiver")
+                unaryopReceiver(id, c.codeQlExtensionReceiver, "Extension receiver")
             }
 
             val dr = c.dispatchReceiver
@@ -4249,7 +4249,7 @@ open class KotlinFileExtractor(
                             parent,
                             idx,
                             enclosingStmt,
-                            listOf(c.extensionReceiver, c.getValueArgument(0)),
+                            listOf(c.codeQlExtensionReceiver, c.codeQlGetValueArgument(0)),
                             null,
                             null
                         )
@@ -4350,7 +4350,7 @@ open class KotlinFileExtractor(
                 // != gets desugared into not and ==. Here we resugar it.
                 c.origin == IrStatementOrigin.EXCLEQ &&
                     isFunction(target, "kotlin", "Boolean", "not") &&
-                    c.valueArgumentsCount == 0 &&
+                    c.codeQlValueArgumentsCount == 0 &&
                     dr != null &&
                     dr is IrCall &&
                     isBuiltinCallInternal(dr, "EQEQ") -> {
@@ -4362,7 +4362,7 @@ open class KotlinFileExtractor(
                 }
                 c.origin == IrStatementOrigin.EXCLEQEQ &&
                     isFunction(target, "kotlin", "Boolean", "not") &&
-                    c.valueArgumentsCount == 0 &&
+                    c.codeQlValueArgumentsCount == 0 &&
                     dr != null &&
                     dr is IrCall &&
                     isBuiltinCallInternal(dr, "EQEQEQ") -> {
@@ -4374,7 +4374,7 @@ open class KotlinFileExtractor(
                 }
                 c.origin == IrStatementOrigin.EXCLEQ &&
                     isFunction(target, "kotlin", "Boolean", "not") &&
-                    c.valueArgumentsCount == 0 &&
+                    c.codeQlValueArgumentsCount == 0 &&
                     dr != null &&
                     dr is IrCall &&
                     isBuiltinCallInternal(dr, "ieee754equals") -> {
@@ -4576,7 +4576,7 @@ open class KotlinFileExtractor(
                             parent,
                             idx,
                             enclosingStmt,
-                            listOf(c.extensionReceiver),
+                            listOf(c.codeQlExtensionReceiver),
                             null,
                             null
                         )
@@ -4596,8 +4596,8 @@ open class KotlinFileExtractor(
                     val locId = tw.getLocation(c)
                     extractExprContext(id, locId, callable, enclosingStmt)
 
-                    if (c.typeArgumentsCount == 1) {
-                        val typeArgument = c.getTypeArgument(0)
+                    if (c.codeQlTypeArgumentsCount == 1) {
+                        val typeArgument = c.codeQlGetTypeArgument(0)
                         if (typeArgument == null) {
                             logger.errorElement("Type argument missing in an arrayOfNulls call", c)
                         } else {
@@ -4618,8 +4618,8 @@ open class KotlinFileExtractor(
                         )
                     }
 
-                    if (c.valueArgumentsCount == 1) {
-                        val dim = c.getValueArgument(0)
+                    if (c.codeQlValueArgumentsCount == 1) {
+                        val dim = c.codeQlGetValueArgument(0)
                         if (dim != null) {
                             extractExpressionExpr(dim, callable, id, 0, enclosingStmt)
                         } else {
@@ -4651,8 +4651,8 @@ open class KotlinFileExtractor(
                             c.type.getArrayElementTypeCodeQL(pluginContext.irBuiltIns)
                         } else {
                             // TODO: is there any reason not to always use getArrayElementTypeCodeQL?
-                            if (c.typeArgumentsCount == 1) {
-                                c.getTypeArgument(0).also {
+                            if (c.codeQlTypeArgumentsCount == 1) {
+                                c.codeQlGetTypeArgument(0).also {
                                     if (it == null) {
                                         logger.errorElement(
                                             "Type argument missing in an arrayOf call",
@@ -4670,7 +4670,7 @@ open class KotlinFileExtractor(
                         }
 
                     val arg =
-                        if (c.valueArgumentsCount == 1) c.getValueArgument(0)
+                        if (c.codeQlValueArgumentsCount == 1) c.codeQlGetValueArgument(0)
                             else {
                                 logger.errorElement(
                                     "Expected to find only one (vararg) argument in ${c.symbol.owner.name.asString()} call",
@@ -4719,7 +4719,7 @@ open class KotlinFileExtractor(
                                 return
                             }
 
-                            val ext = c.extensionReceiver
+                            val ext = c.codeQlExtensionReceiver
                             if (ext == null) {
                                 logger.errorElement(
                                     "No extension receiver found for `KClass::java` call",
@@ -4826,8 +4826,8 @@ open class KotlinFileExtractor(
                     c.origin == IrStatementOrigin.EQ &&
                     c.dispatchReceiver != null -> {
                     val array = c.dispatchReceiver
-                    val arrayIdx = c.getValueArgument(0)
-                    val assignedValue = c.getValueArgument(1)
+                    val arrayIdx = c.codeQlGetValueArgument(0)
+                    val assignedValue = c.codeQlGetValueArgument(1)
 
                     if (array != null && arrayIdx != null && assignedValue != null) {
 
@@ -4882,22 +4882,22 @@ open class KotlinFileExtractor(
                 }
                 isBuiltinCall(c, "<unsafe-coerce>", "kotlin.jvm.internal") -> {
 
-                    if (c.valueArgumentsCount != 1) {
+                    if (c.codeQlValueArgumentsCount != 1) {
                         logger.errorElement(
-                            "Expected to find one argument for a kotlin.jvm.internal.<unsafe-coerce>() call, but found ${c.valueArgumentsCount}",
+                            "Expected to find one argument for a kotlin.jvm.internal.<unsafe-coerce>() call, but found ${c.codeQlValueArgumentsCount}",
                             c
                         )
                         return
                     }
 
-                    if (c.typeArgumentsCount != 2) {
+                    if (c.codeQlTypeArgumentsCount != 2) {
                         logger.errorElement(
-                            "Expected to find two type arguments for a kotlin.jvm.internal.<unsafe-coerce>() call, but found ${c.typeArgumentsCount}",
+                            "Expected to find two type arguments for a kotlin.jvm.internal.<unsafe-coerce>() call, but found ${c.codeQlTypeArgumentsCount}",
                             c
                         )
                         return
                     }
-                    val valueArg = c.getValueArgument(0)
+                    val valueArg = c.codeQlGetValueArgument(0)
                     if (valueArg == null) {
                         logger.errorElement(
                             "Cannot find value argument for a kotlin.jvm.internal.<unsafe-coerce>() call",
@@ -4905,7 +4905,7 @@ open class KotlinFileExtractor(
                         )
                         return
                     }
-                    val typeArg = c.getTypeArgument(1)
+                    val typeArg = c.codeQlGetTypeArgument(1)
                     if (typeArg == null) {
                         logger.errorElement(
                             "Cannot find type argument for a kotlin.jvm.internal.<unsafe-coerce>() call",
@@ -4924,7 +4924,7 @@ open class KotlinFileExtractor(
                     extractExpressionExpr(valueArg, callable, id, 1, enclosingStmt)
                 }
                 isBuiltinCallInternal(c, "dataClassArrayMemberToString") -> {
-                    val arrayArg = c.getValueArgument(0)
+                    val arrayArg = c.codeQlGetValueArgument(0)
                     val realArrayClass = arrayArg?.type?.classOrNull
                     if (realArrayClass == null) {
                         logger.errorElement(
@@ -4936,8 +4936,8 @@ open class KotlinFileExtractor(
                     val realCallee =
                         javaUtilArrays?.declarations?.findSubType<IrFunction> { decl ->
                             decl.name.asString() == "toString" &&
-                                decl.valueParameters.size == 1 &&
-                                decl.valueParameters[0].type.classOrNull?.let {
+                                decl.codeQlValueParameters.size == 1 &&
+                                decl.codeQlValueParameters[0].type.classOrNull?.let {
                                     it == realArrayClass
                                 } == true
                         }
@@ -4962,7 +4962,7 @@ open class KotlinFileExtractor(
                     }
                 }
                 isBuiltinCallInternal(c, "dataClassArrayMemberHashCode") -> {
-                    val arrayArg = c.getValueArgument(0)
+                    val arrayArg = c.codeQlGetValueArgument(0)
                     val realArrayClass = arrayArg?.type?.classOrNull
                     if (realArrayClass == null) {
                         logger.errorElement(
@@ -4974,8 +4974,8 @@ open class KotlinFileExtractor(
                     val realCallee =
                         javaUtilArrays?.declarations?.findSubType<IrFunction> { decl ->
                             decl.name.asString() == "hashCode" &&
-                                decl.valueParameters.size == 1 &&
-                                decl.valueParameters[0].type.classOrNull?.let {
+                                decl.codeQlValueParameters.size == 1 &&
+                                decl.codeQlValueParameters[0].type.classOrNull?.let {
                                     it == realArrayClass
                                 } == true
                         }
@@ -5155,7 +5155,7 @@ open class KotlinFileExtractor(
         val type = useType(eType)
         val isAnonymous = eType.isAnonymous
         val locId = tw.getLocation(e)
-        val valueArgs = (0 until e.valueArgumentsCount).map { e.getValueArgument(it) }
+        val valueArgs = (0 until e.codeQlValueArgumentsCount).map { e.codeQlGetValueArgument(it) }
 
         val id =
             if (
@@ -5211,10 +5211,10 @@ open class KotlinFileExtractor(
                         realCallTarget is IrConstructor &&
                         realCallTarget.parentClassOrNull?.fqNameWhenAvailable?.asString() ==
                             "kotlin.Enum" &&
-                        realCallTarget.valueParameters.size == 2 &&
-                        realCallTarget.valueParameters[0].type ==
+                        realCallTarget.codeQlValueParameters.size == 2 &&
+                        realCallTarget.codeQlValueParameters[0].type ==
                             pluginContext.irBuiltIns.stringType &&
-                        realCallTarget.valueParameters[1].type == pluginContext.irBuiltIns.intType
+                        realCallTarget.codeQlValueParameters[1].type == pluginContext.irBuiltIns.intType
                 ) {
 
                     val id0 =
@@ -5287,7 +5287,7 @@ open class KotlinFileExtractor(
             }
 
             val args =
-                (0 until e.typeArgumentsCount).map { e.getTypeArgument(it) }.requireNoNullsOrNull()
+                (0 until e.codeQlTypeArgumentsCount).map { e.codeQlGetTypeArgument(it) }.requireNoNullsOrNull()
             if (args == null) {
                 logger.warnElement("Found null type argument in enum constructor call", e)
                 return
@@ -5365,7 +5365,7 @@ open class KotlinFileExtractor(
                 // Check for an expression like x = get(x).op(e):
                 val opReceiver = updateRhs.dispatchReceiver
                 if (isExpectedLhs(opReceiver)) {
-                    updateRhs.getValueArgument(0)
+                    updateRhs.codeQlGetValueArgument(0)
                 } else null
             } else null
         }
@@ -5560,7 +5560,7 @@ open class KotlinFileExtractor(
                                     "set"
                                 )
                             ) {
-                                val updateRhs0 = arraySetCall.getValueArgument(1)
+                                val updateRhs0 = arraySetCall.codeQlGetValueArgument(1)
                                 if (updateRhs0 == null) {
                                     logger.errorElement("Update RHS not found", e)
                                     return false
@@ -6403,12 +6403,12 @@ open class KotlinFileExtractor(
                     val ids = getLocallyVisibleFunctionLabels(e.function)
                     val locId = tw.getLocation(e)
 
-                    val ext = e.function.extensionReceiverParameter
+                    val ext = e.function.codeQlExtensionReceiverParameter
                     val parameters =
                         if (ext != null) {
-                            listOf(ext) + e.function.valueParameters
+                            listOf(ext) + e.function.codeQlValueParameters
                         } else {
-                            e.function.valueParameters
+                            e.function.codeQlValueParameters
                         }
 
                     var types = parameters.map { it.type }
@@ -6670,7 +6670,7 @@ open class KotlinFileExtractor(
                 is IrFunction -> {
                     if (
                         ownerParent.dispatchReceiverParameter == owner &&
-                            ownerParent.extensionReceiverParameter != null
+                            ownerParent.codeQlExtensionReceiverParameter != null
                     ) {
 
                         val ownerParent2 = ownerParent.parent
@@ -7089,7 +7089,7 @@ open class KotlinFileExtractor(
             makeReceiverInfo(callableReferenceExpr.dispatchReceiver, 0)
         private val extensionReceiverInfo =
             makeReceiverInfo(
-                callableReferenceExpr.extensionReceiver,
+                callableReferenceExpr.codeQlExtensionReceiver,
                 if (dispatchReceiverInfo == null) 0 else 1
             )
 
@@ -7627,8 +7627,8 @@ open class KotlinFileExtractor(
                     }
 
             val expressionTypeArguments =
-                (0 until propertyReferenceExpr.typeArgumentsCount).mapNotNull {
-                    propertyReferenceExpr.getTypeArgument(it)
+                (0 until propertyReferenceExpr.codeQlTypeArgumentsCount).mapNotNull {
+                    propertyReferenceExpr.codeQlGetTypeArgument(it)
                 }
 
             val idPropertyRef = tw.getFreshIdLabel<DbPropertyref>()
@@ -7829,7 +7829,7 @@ open class KotlinFileExtractor(
 
             if (
                 functionReferenceExpr.dispatchReceiver != null &&
-                    functionReferenceExpr.extensionReceiver != null
+                    functionReferenceExpr.codeQlExtensionReceiver != null
             ) {
                 logger.errorElement(
                     "Unexpected: dispatchReceiver and extensionReceiver are both non-null",
@@ -7840,7 +7840,7 @@ open class KotlinFileExtractor(
 
             if (
                 target.owner.dispatchReceiverParameter != null &&
-                    target.owner.extensionReceiverParameter != null
+                    target.owner.codeQlExtensionReceiverParameter != null
             ) {
                 logger.errorElement(
                     "Unexpected: dispatch and extension parameters are both non-null",
@@ -7899,8 +7899,8 @@ open class KotlinFileExtractor(
                             null
                         }
                 expressionTypeArguments =
-                    (0 until functionReferenceExpr.typeArgumentsCount).mapNotNull {
-                        functionReferenceExpr.getTypeArgument(it)
+                    (0 until functionReferenceExpr.codeQlTypeArgumentsCount).mapNotNull {
+                        functionReferenceExpr.codeQlGetTypeArgument(it)
                     }
                 dispatchReceiverIdx = -1
             }
@@ -7965,7 +7965,7 @@ open class KotlinFileExtractor(
                         functionReferenceExpr,
                         declarationParent,
                         null,
-                        { it.valueParameters.size == 1 }
+                        { it.codeQlValueParameters.size == 1 }
                     ) {
                         // The argument to FunctionReference's constructor is the function arity.
                         extractConstantInteger(
@@ -8572,7 +8572,7 @@ open class KotlinFileExtractor(
         reverse: Boolean = false
     ) {
         val typeArguments =
-            (0 until c.typeArgumentsCount).map { c.getTypeArgument(it) }.requireNoNullsOrNull()
+            (0 until c.codeQlTypeArgumentsCount).map { c.codeQlGetTypeArgument(it) }.requireNoNullsOrNull()
         if (typeArguments == null) {
             logger.errorElement("Found a null type argument for a member access expression", c)
         } else {
@@ -8923,11 +8923,11 @@ open class KotlinFileExtractor(
                     tw.writeVariableBinding(lhsId, fieldId)
 
                     val parameters = mutableListOf<IrValueParameter>()
-                    val extParam = samMember.extensionReceiverParameter
+                    val extParam = samMember.codeQlExtensionReceiverParameter
                     if (extParam != null) {
                         parameters.add(extParam)
                     }
-                    parameters.addAll(samMember.valueParameters)
+                    parameters.addAll(samMember.codeQlValueParameters)
 
                     fun extractArgument(
                         p: IrValueParameter,
@@ -9032,7 +9032,7 @@ open class KotlinFileExtractor(
         elementToReportOn: IrElement,
         declarationParent: IrDeclarationParent,
         compilerGeneratedKindOverride: CompilerGeneratedKinds? = null,
-        superConstructorSelector: (IrFunction) -> Boolean = { it.valueParameters.isEmpty() },
+        superConstructorSelector: (IrFunction) -> Boolean = { it.codeQlValueParameters.isEmpty() },
         extractSuperconstructorArgs: (Label<DbSuperconstructorinvocationstmt>) -> Unit = {},
     ): Label<out DbClassorinterface> {
         // Write class

java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt

@@ -12,7 +12,7 @@ import org.jetbrains.kotlin.ir.ObsoleteDescriptorBasedAPI
 import org.jetbrains.kotlin.ir.declarations.*
 import org.jetbrains.kotlin.ir.expressions.*
 import org.jetbrains.kotlin.ir.symbols.*
-import org.jetbrains.kotlin.ir.types.addAnnotations
+import com.github.codeql.utils.versions.codeQlAddAnnotations
 import org.jetbrains.kotlin.ir.types.classFqName
 import org.jetbrains.kotlin.ir.types.classifierOrNull
 import org.jetbrains.kotlin.ir.types.classOrNull
@@ -355,7 +355,7 @@ open class KotlinUsesExtractor(
     }
 
     private fun propertySignature(p: IrProperty) =
-        ((p.getter ?: p.setter)?.extensionReceiverParameter?.let {
+        ((p.getter ?: p.setter)?.codeQlExtensionReceiverParameter?.let {
             useType(erase(it.type)).javaResult.signature
         } ?: "")
 
@@ -368,7 +368,7 @@ open class KotlinUsesExtractor(
                 // useDeclarationParent -> useFunction
                 // -> extractFunctionLaterIfExternalFileMember, which would result for `fun <T> f(t:
                 // T) { ... }` for example.
-                (listOfNotNull(d.extensionReceiverParameter) + d.valueParameters)
+                (listOfNotNull(d.codeQlExtensionReceiverParameter) + d.codeQlValueParameters)
                     .map { useType(erase(it.type)).javaResult.signature }
                     .joinToString(separator = ",", prefix = "(", postfix = ")")
             is IrProperty -> propertySignature(d) + externalClassExtractor.propertySignature
@@ -488,8 +488,8 @@ open class KotlinUsesExtractor(
             val result =
                 replacementClass.declarations.findSubType<IrSimpleFunction> { replacementDecl ->
                     replacementDecl.name == f.name &&
-                        replacementDecl.valueParameters.size == f.valueParameters.size &&
-                        replacementDecl.valueParameters.zip(f.valueParameters).all {
+                        replacementDecl.codeQlValueParameters.size == f.codeQlValueParameters.size &&
+                        replacementDecl.codeQlValueParameters.zip(f.codeQlValueParameters).all {
                             erase(it.first.type) == erase(it.second.type)
                         }
                 }
@@ -1265,7 +1265,7 @@ open class KotlinUsesExtractor(
     private fun getWildcardSuppressionDirective(t: IrAnnotationContainer): Boolean? =
         t.getAnnotation(jvmWildcardSuppressionAnnotation)?.let {
             @Suppress("USELESS_CAST") // `as? Boolean` is not needed for Kotlin < 2.1
-            (it.getValueArgument(0) as? CodeQLIrConst<Boolean>)?.value as? Boolean ?: true
+            (it.codeQlGetValueArgument(0) as? CodeQLIrConst<Boolean>)?.value as? Boolean ?: true
         }
 
     private fun addJavaLoweringArgumentWildcards(
@@ -1376,9 +1376,9 @@ open class KotlinUsesExtractor(
             f.parent,
             parentId,
             getFunctionShortName(f).nameInDB,
-            (maybeParameterList ?: f.valueParameters).map { it.type },
+            (maybeParameterList ?: f.codeQlValueParameters).map { it.type },
             getAdjustedReturnType(f),
-            f.extensionReceiverParameter?.type,
+            f.codeQlExtensionReceiverParameter?.type,
             getFunctionTypeParameters(f),
             classTypeArgsIncludingOuterClasses,
             overridesCollectionsMethodWithAlteredParameterTypes(f),
@@ -1401,12 +1401,12 @@ open class KotlinUsesExtractor(
         // The name of the function; normally f.name.asString().
         name: String,
         // The types of the value parameters that the functions takes; normally
-        // f.valueParameters.map { it.type }.
+        // f.codeQlValueParameters.map { it.type }.
         parameterTypes: List<IrType>,
         // The return type of the function; normally f.returnType.
         returnType: IrType,
         // The extension receiver of the function, if any; normally
-        // f.extensionReceiverParameter?.type.
+        // f.codeQlExtensionReceiverParameter?.type.
         extensionParamType: IrType?,
         // The type parameters of the function. This does not include type parameters of enclosing
         // classes.
@@ -1579,7 +1579,7 @@ open class KotlinUsesExtractor(
                 parentClass.fqNameWhenAvailable?.asString() !=
                     "java.util.concurrent.ConcurrentHashMap" ||
                 getFunctionShortName(f).nameInDB != "keySet" ||
-                f.valueParameters.isNotEmpty() ||
+                f.codeQlValueParameters.isNotEmpty() ||
                 f.returnType.classFqName?.asString() != "kotlin.collections.MutableSet"
         ) {
             return f.returnType
@@ -1587,7 +1587,7 @@ open class KotlinUsesExtractor(
 
         val otherKeySet =
             parentClass.declarations.findSubType<IrFunction> {
-                it.name.asString() == "keySet" && it.valueParameters.size == 1
+                it.name.asString() == "keySet" && it.codeQlValueParameters.size == 1
             } ?: return f.returnType
 
         return otherKeySet.returnType.codeQlWithHasQuestionMark(false)
@@ -1695,8 +1695,8 @@ open class KotlinUsesExtractor(
                         javaClass.declarations.findSubType<IrFunction> { decl ->
                             !decl.isFakeOverride &&
                                 decl.name.asString() == jvmName &&
-                                decl.valueParameters.size == f.valueParameters.size &&
-                                decl.valueParameters.zip(f.valueParameters).all { p ->
+                                decl.codeQlValueParameters.size == f.codeQlValueParameters.size &&
+                                decl.codeQlValueParameters.zip(f.codeQlValueParameters).all { p ->
                                     erase(p.first.type).classifierOrNull ==
                                         erase(p.second.type).classifierOrNull
                                 }
@@ -2125,7 +2125,7 @@ open class KotlinUsesExtractor(
                 }
 
                 return if (t.arguments.isNotEmpty())
-                    t.addAnnotations(listOf(RawTypeAnnotation.annotationConstructor))
+                    t.codeQlAddAnnotations(listOf(RawTypeAnnotation.annotationConstructor))
                 else t
             }
         }
@@ -2153,7 +2153,7 @@ open class KotlinUsesExtractor(
         val idxOffset =
             if (
                 declarationParent is IrFunction &&
-                    declarationParent.extensionReceiverParameter != null
+                    declarationParent.codeQlExtensionReceiverParameter != null
             )
             // For extension functions increase the index to match what the java extractor sees:
             1
@@ -2187,7 +2187,7 @@ open class KotlinUsesExtractor(
     // Gets a field's corresponding property's extension receiver type, if any
     fun getExtensionReceiverType(f: IrField) =
         f.correspondingPropertySymbol?.owner?.let {
-            (it.getter ?: it.setter)?.extensionReceiverParameter?.type
+            (it.getter ?: it.setter)?.codeQlExtensionReceiverParameter?.type
         }
 
     fun getFieldLabel(f: IrField): String {
@@ -2222,14 +2222,14 @@ open class KotlinUsesExtractor(
         val setter = p.setter
 
         val func = getter ?: setter
-        val ext = func?.extensionReceiverParameter
+        val ext = func?.codeQlExtensionReceiverParameter
 
         return if (ext == null) {
             "@\"property;{$parentId};${p.name.asString()}\""
         } else {
             val returnType =
                 getter?.returnType
-                    ?: setter?.valueParameters?.singleOrNull()?.type
+                    ?: setter?.codeQlValueParameters?.singleOrNull()?.type
                     ?: pluginContext.irBuiltIns.unitType
             val typeParams = getFunctionTypeParameters(func)
 

java/kotlin-extractor/src/main/kotlin/MetaAnnotationSupport.kt

@@ -1,5 +1,10 @@
 package com.github.codeql
 
+import com.github.codeql.utils.versions.codeQlAnnotationFromSymbolOwner
+import com.github.codeql.utils.versions.codeQlGetValueArgument
+import com.github.codeql.utils.versions.codeQlPutValueArgument
+import com.github.codeql.utils.versions.codeQlSetAnnotations
+import com.github.codeql.utils.versions.codeQlSetDispatchReceiverParameter
 import com.github.codeql.utils.versions.createImplicitParameterDeclarationWithWrappedDescriptor
 import java.lang.annotation.ElementType
 import java.util.HashSet
@@ -95,7 +100,7 @@ class MetaAnnotationSupport(
                     JvmAnnotationNames.REPEATABLE_ANNOTATION
             }
         return if (jvmRepeatable != null) {
-            ((jvmRepeatable.getValueArgument(0) as? IrClassReference)?.symbol as? IrClassSymbol)
+            ((jvmRepeatable.codeQlGetValueArgument(0) as? IrClassReference)?.symbol as? IrClassSymbol)
                 ?.owner
         } else {
             getOrCreateSyntheticRepeatableAnnotationContainer(annotationClass)
@@ -117,12 +122,12 @@ class MetaAnnotationSupport(
             )
             return null
         } else {
-            return IrConstructorCallImpl.fromSymbolOwner(
+            return codeQlAnnotationFromSymbolOwner(
                     containerClass.defaultType,
                     containerConstructor.symbol
                 )
                 .apply {
-                    putValueArgument(
+                    codeQlPutValueArgument(
                         0,
                         IrVarargImpl(
                             UNDEFINED_OFFSET,
@@ -144,7 +149,7 @@ class MetaAnnotationSupport(
 
     // Taken from AdditionalClassAnnotationLowering.kt
     private fun loadAnnotationTargets(targetEntry: IrConstructorCall): Set<KotlinTarget>? {
-        val valueArgument = targetEntry.getValueArgument(0) as? IrVararg ?: return null
+        val valueArgument = targetEntry.codeQlGetValueArgument(0) as? IrVararg ?: return null
         return valueArgument.elements
             .filterIsInstance<IrGetEnumValue>()
             .mapNotNull { KotlinTarget.valueOrNull(it.symbol.owner.name.asString()) }
@@ -230,14 +235,14 @@ class MetaAnnotationSupport(
             )
         }
 
-        return IrConstructorCallImpl.fromSymbolOwner(
+        return codeQlAnnotationFromSymbolOwner(
                 UNDEFINED_OFFSET,
                 UNDEFINED_OFFSET,
                 targetConstructor.returnType,
                 targetConstructor.symbol,
                 0
             )
-            .apply { putValueArgument(0, vararg) }
+            .apply { codeQlPutValueArgument(0, vararg) }
     }
 
     private val javaAnnotationRetention by lazy {
@@ -263,7 +268,7 @@ class MetaAnnotationSupport(
     // Taken from AnnotationCodegen.kt (not available in Kotlin < 1.6.20)
     private fun IrClass.getAnnotationRetention(): KotlinRetention? {
         val retentionArgument =
-            getAnnotation(StandardNames.FqNames.retention)?.getValueArgument(0) as? IrGetEnumValue
+            getAnnotation(StandardNames.FqNames.retention)?.codeQlGetValueArgument(0) as? IrGetEnumValue
                 ?: return null
         val retentionArgumentValue = retentionArgument.symbol.owner
         return KotlinRetention.valueOf(retentionArgumentValue.name.asString())
@@ -283,7 +288,7 @@ class MetaAnnotationSupport(
         val targetConstructor =
             retentionType.declarations.firstIsInstanceOrNull<IrConstructor>() ?: return null
 
-        return IrConstructorCallImpl.fromSymbolOwner(
+        return codeQlAnnotationFromSymbolOwner(
                 UNDEFINED_OFFSET,
                 UNDEFINED_OFFSET,
                 targetConstructor.returnType,
@@ -291,7 +296,7 @@ class MetaAnnotationSupport(
                 0
             )
             .apply {
-                putValueArgument(
+                codeQlPutValueArgument(
                     0,
                     IrGetEnumValueImpl(
                         UNDEFINED_OFFSET,
@@ -333,7 +338,7 @@ class MetaAnnotationSupport(
                             return
                         }
                 val newParam = thisReceiever.copyTo(this)
-                dispatchReceiverParameter = newParam
+                codeQlSetDispatchReceiverParameter(newParam)
                 body =
                     factory
                         .createBlockBody(UNDEFINED_OFFSET, UNDEFINED_OFFSET)
@@ -406,7 +411,7 @@ class MetaAnnotationSupport(
             val repeatableContainerAnnotation =
                 kotlinAnnotationRepeatableContainer?.constructors?.single()
 
-            containerClass.annotations =
+            codeQlSetAnnotations(containerClass,
                 annotationClass.annotations
                     .filter {
                         it.isAnnotationWithEqualFqName(StandardNames.FqNames.retention) ||
@@ -415,7 +420,7 @@ class MetaAnnotationSupport(
                     .map { it.deepCopyWithSymbols(containerClass) } +
                     listOfNotNull(
                         repeatableContainerAnnotation?.let {
-                            IrConstructorCallImpl.fromSymbolOwner(
+                            codeQlAnnotationFromSymbolOwner(
                                 UNDEFINED_OFFSET,
                                 UNDEFINED_OFFSET,
                                 it.returnType,
@@ -424,6 +429,7 @@ class MetaAnnotationSupport(
                             )
                         }
                     )
+            )
 
             containerClass
         }
@@ -462,14 +468,14 @@ class MetaAnnotationSupport(
                 containerClass.symbol,
                 containerClass.defaultType
             )
-        return IrConstructorCallImpl.fromSymbolOwner(
+        return codeQlAnnotationFromSymbolOwner(
                 UNDEFINED_OFFSET,
                 UNDEFINED_OFFSET,
                 repeatableConstructor.returnType,
                 repeatableConstructor.symbol,
                 0
             )
-            .apply { putValueArgument(0, containerReference) }
+            .apply { codeQlPutValueArgument(0, containerReference) }
     }
 
     private val javaAnnotationDocumented by lazy {
@@ -488,7 +494,7 @@ class MetaAnnotationSupport(
             javaAnnotationDocumented?.declarations?.firstIsInstanceOrNull<IrConstructor>()
                 ?: return null
 
-        return IrConstructorCallImpl.fromSymbolOwner(
+        return codeQlAnnotationFromSymbolOwner(
             UNDEFINED_OFFSET,
             UNDEFINED_OFFSET,
             documentedConstructor.returnType,

java/kotlin-extractor/src/main/kotlin/TrapWriter.kt

@@ -1,6 +1,7 @@
 package com.github.codeql
 
 import com.github.codeql.KotlinUsesExtractor.LocallyVisibleFunctionLabels
+import com.github.codeql.utils.versions.codeQlExtensionReceiver
 import com.semmle.extractor.java.PopulateFile
 import com.semmle.util.unicode.UTF8Util
 import java.io.BufferedWriter
@@ -331,7 +332,7 @@ open class FileTrapWriter(
             is IrCall -> {
                 // Calls have incorrect startOffset, so we adjust them:
                 val dr = e.dispatchReceiver?.let { getStartOffset(it) }
-                val er = e.extensionReceiver?.let { getStartOffset(it) }
+                val er = e.codeQlExtensionReceiver?.let { getStartOffset(it) }
                 offsetMinOf(e.startOffset, dr, er)
             }
             else -> e.startOffset

java/kotlin-extractor/src/main/kotlin/comments/CommentExtractor.kt

@@ -2,6 +2,7 @@ package com.github.codeql.comments
 
 import com.github.codeql.*
 import com.github.codeql.utils.isLocalFunction
+import com.github.codeql.utils.versions.codeQlExtensionReceiverParameter
 import com.github.codeql.utils.versions.isDispatchReceiver
 import org.jetbrains.kotlin.ir.IrElement
 import org.jetbrains.kotlin.ir.declarations.*
@@ -11,7 +12,7 @@ import org.jetbrains.kotlin.ir.util.parentClassOrNull
 
 private fun IrValueParameter.isExtensionReceiver(): Boolean {
     val parentFun = parent as? IrFunction ?: return false
-    return parentFun.extensionReceiverParameter == this
+    return parentFun.codeQlExtensionReceiverParameter == this
 }
 
 open class CommentExtractor(

java/kotlin-extractor/src/main/kotlin/utils/JvmNames.kt

@@ -1,6 +1,8 @@
 package com.github.codeql.utils
 
 import com.github.codeql.utils.versions.CodeQLIrConst
+import com.github.codeql.utils.versions.codeQlGetValueArgument
+import com.github.codeql.utils.versions.codeQlValueArgumentsCount
 import org.jetbrains.kotlin.builtins.StandardNames
 import org.jetbrains.kotlin.ir.declarations.IrAnnotationContainer
 import org.jetbrains.kotlin.ir.declarations.IrClass
@@ -76,9 +78,9 @@ private fun getSpecialJvmName(f: IrFunction): String? {
 fun getJvmName(container: IrAnnotationContainer): String? {
     for (a: IrConstructorCall in container.annotations) {
         val t = a.type
-        if (t is IrSimpleType && a.valueArgumentsCount == 1) {
+        if (t is IrSimpleType && a.codeQlValueArgumentsCount == 1) {
             val owner = t.classifier.owner
-            val v = a.getValueArgument(0)
+            val v = a.codeQlGetValueArgument(0)
             if (owner is IrClass) {
                 val aPkg = owner.packageFqName?.asString()
                 val name = owner.name.asString()

java/kotlin-extractor/src/main/kotlin/utils/TypeSubstitution.kt

@@ -18,7 +18,7 @@ import org.jetbrains.kotlin.ir.expressions.IrConstructorCall
 import org.jetbrains.kotlin.ir.expressions.impl.*
 import org.jetbrains.kotlin.ir.symbols.IrTypeParameterSymbol
 import org.jetbrains.kotlin.ir.symbols.impl.DescriptorlessExternalPackageFragmentSymbol
-import org.jetbrains.kotlin.ir.types.addAnnotations
+import com.github.codeql.utils.versions.codeQlAddAnnotations
 import org.jetbrains.kotlin.ir.types.classifierOrNull
 import org.jetbrains.kotlin.ir.types.makeNotNull
 import org.jetbrains.kotlin.ir.types.makeNullable
@@ -192,7 +192,7 @@ object RawTypeAnnotation {
                     addConstructor { isPrimary = true }
                 }
         val constructor = annoClass.constructors.single()
-        IrConstructorCallImpl.fromSymbolOwner(constructor.constructedClassType, constructor.symbol)
+        codeQlAnnotationFromSymbolOwner(constructor.constructedClassType, constructor.symbol)
     }
 }
 
@@ -202,7 +202,7 @@ fun IrType.toRawType(): IrType =
             when (val owner = this.classifier.owner) {
                 is IrClass -> {
                     if (this.arguments.isNotEmpty())
-                        this.addAnnotations(listOf(RawTypeAnnotation.annotationConstructor))
+                        this.codeQlAddAnnotations(listOf(RawTypeAnnotation.annotationConstructor))
                     else this
                 }
                 is IrTypeParameter -> owner.superTypes[0].toRawType()
@@ -215,7 +215,7 @@ fun IrType.toRawType(): IrType =
 fun IrClass.toRawType(): IrType {
     val result = this.typeWith(listOf())
     return if (this.typeParameters.isNotEmpty())
-        result.addAnnotations(listOf(RawTypeAnnotation.annotationConstructor))
+        result.codeQlAddAnnotations(listOf(RawTypeAnnotation.annotationConstructor))
     else result
 }
 

java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/IrCompat.kt

@@ -0,0 +1,70 @@
+package com.github.codeql.utils.versions
+
+import org.jetbrains.kotlin.ir.declarations.IrFunction
+import org.jetbrains.kotlin.ir.declarations.IrValueParameter
+import org.jetbrains.kotlin.ir.expressions.IrConstructorCall
+import org.jetbrains.kotlin.ir.expressions.IrExpression
+import org.jetbrains.kotlin.ir.expressions.IrMemberAccessExpression
+import org.jetbrains.kotlin.ir.expressions.impl.*
+import org.jetbrains.kotlin.ir.symbols.IrConstructorSymbol
+import org.jetbrains.kotlin.ir.types.IrType
+import org.jetbrains.kotlin.ir.types.addAnnotations
+
+/**
+ * Compatibility accessors for pre-2.4.0 API patterns.
+ * In pre-2.4.0 versions, these delegate directly to the existing APIs.
+ */
+
+// IrFunction: valueParameters
+val IrFunction.codeQlValueParameters: List<IrValueParameter>
+    get() = valueParameters
+
+// IrFunction: extensionReceiverParameter
+val IrFunction.codeQlExtensionReceiverParameter: IrValueParameter?
+    get() = extensionReceiverParameter
+
+// IrMemberAccessExpression: valueArgumentsCount
+val IrMemberAccessExpression<*>.codeQlValueArgumentsCount: Int
+    get() = valueArgumentsCount
+
+// IrMemberAccessExpression: getValueArgument
+fun IrMemberAccessExpression<*>.codeQlGetValueArgument(index: Int): IrExpression? = getValueArgument(index)
+
+// IrMemberAccessExpression: putValueArgument
+fun IrMemberAccessExpression<*>.codeQlPutValueArgument(index: Int, value: IrExpression?) {
+    putValueArgument(index, value)
+}
+
+// IrMemberAccessExpression: extensionReceiver
+val IrMemberAccessExpression<*>.codeQlExtensionReceiver: IrExpression?
+    get() = extensionReceiver
+
+// IrMemberAccessExpression: typeArgumentsCount
+val IrMemberAccessExpression<*>.codeQlTypeArgumentsCount: Int
+    get() = typeArgumentsCount
+
+// IrMemberAccessExpression: getTypeArgument
+fun IrMemberAccessExpression<*>.codeQlGetTypeArgument(index: Int): IrType? = getTypeArgument(index)
+
+// addAnnotations compat: in pre-2.4.0, addAnnotations expects List<IrConstructorCall>
+fun IrType.codeQlAddAnnotations(annotations: List<IrConstructorCall>): IrType =
+    addAnnotations(annotations)
+
+// IrMutableAnnotationContainer.annotations setter: in pre-2.4.0, annotations is var with List<IrConstructorCall>
+fun codeQlSetAnnotations(container: org.jetbrains.kotlin.ir.declarations.IrMutableAnnotationContainer, annotations: List<IrConstructorCall>) {
+    container.annotations = annotations
+}
+
+// IrFunction: set dispatch receiver parameter (pre-2.4.0 it's a var)
+fun IrFunction.codeQlSetDispatchReceiverParameter(param: IrValueParameter?) {
+    dispatchReceiverParameter = param
+}
+
+// In pre-2.4.0, annotations are List<IrConstructorCall> so IrConstructorCallImpl works directly.
+fun codeQlAnnotationFromSymbolOwner(
+    startOffset: Int, endOffset: Int, type: IrType, symbol: IrConstructorSymbol, typeArgumentsCount: Int
+): IrConstructorCall =
+    IrConstructorCallImpl.fromSymbolOwner(startOffset, endOffset, type, symbol, typeArgumentsCount)
+
+fun codeQlAnnotationFromSymbolOwner(type: IrType, symbol: IrConstructorSymbol): IrConstructorCall =
+    IrConstructorCallImpl.fromSymbolOwner(type, symbol)

java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/Kotlin2ComponentRegistrar.kt

@@ -3,10 +3,34 @@
 
 package com.github.codeql
 
+import com.intellij.mock.MockProject
+import com.intellij.openapi.extensions.LoadingOrder
+import org.jetbrains.kotlin.backend.common.extensions.IrGenerationExtension
 import org.jetbrains.kotlin.compiler.plugin.ComponentRegistrar
 import org.jetbrains.kotlin.compiler.plugin.ExperimentalCompilerApi
+import org.jetbrains.kotlin.config.CompilerConfiguration
 
 @OptIn(ExperimentalCompilerApi::class)
 abstract class Kotlin2ComponentRegistrar : ComponentRegistrar {
     /* Nothing to do; supportsK2 doesn't exist yet. */
+
+    private var project: MockProject? = null
+
+    override fun registerProjectComponents(
+        project: MockProject,
+        configuration: CompilerConfiguration
+    ) {
+        this.project = project
+        doRegisterExtensions(configuration)
+    }
+
+    abstract fun doRegisterExtensions(configuration: CompilerConfiguration)
+
+    fun registerExtractorExtension(extension: IrGenerationExtension) {
+        val p = project ?: throw IllegalStateException("registerExtractorExtension called before registerProjectComponents")
+        // Register with LoadingOrder.LAST to ensure the extractor runs after other
+        // IR generation plugins (like kotlinx.serialization) have generated their code.
+        val extensionPoint = p.extensionArea.getExtensionPoint(IrGenerationExtension.extensionPointName)
+        extensionPoint.registerExtension(extension, LoadingOrder.LAST, p)
+    }
 }

java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_9_0-Beta/Kotlin2ComponentRegistrar.kt

@@ -3,11 +3,35 @@
 
 package com.github.codeql
 
+import com.intellij.mock.MockProject
+import com.intellij.openapi.extensions.LoadingOrder
+import org.jetbrains.kotlin.backend.common.extensions.IrGenerationExtension
 import org.jetbrains.kotlin.compiler.plugin.ComponentRegistrar
 import org.jetbrains.kotlin.compiler.plugin.ExperimentalCompilerApi
+import org.jetbrains.kotlin.config.CompilerConfiguration
 
 @OptIn(ExperimentalCompilerApi::class)
 abstract class Kotlin2ComponentRegistrar : ComponentRegistrar {
     override val supportsK2: Boolean
         get() = true
+
+    private var project: MockProject? = null
+
+    override fun registerProjectComponents(
+        project: MockProject,
+        configuration: CompilerConfiguration
+    ) {
+        this.project = project
+        doRegisterExtensions(configuration)
+    }
+
+    abstract fun doRegisterExtensions(configuration: CompilerConfiguration)
+
+    fun registerExtractorExtension(extension: IrGenerationExtension) {
+        val p = project ?: throw IllegalStateException("registerExtractorExtension called before registerProjectComponents")
+        // Register with LoadingOrder.LAST to ensure the extractor runs after other
+        // IR generation plugins (like kotlinx.serialization) have generated their code.
+        val extensionPoint = p.extensionArea.getExtensionPoint(IrGenerationExtension.extensionPointName)
+        extensionPoint.registerExtension(extension, LoadingOrder.LAST, p)
+    }
 }

java/kotlin-extractor/src/main/kotlin/utils/versions/v_2_4_0/IrCompat.kt

@@ -0,0 +1,123 @@
+@file:Suppress("DEPRECATION")
+
+package com.github.codeql.utils.versions
+
+import org.jetbrains.kotlin.ir.declarations.IrFunction
+import org.jetbrains.kotlin.ir.declarations.IrValueParameter
+import org.jetbrains.kotlin.ir.expressions.IrAnnotation
+import org.jetbrains.kotlin.ir.expressions.IrConstructorCall
+import org.jetbrains.kotlin.ir.expressions.IrExpression
+import org.jetbrains.kotlin.ir.expressions.IrMemberAccessExpression
+import org.jetbrains.kotlin.ir.expressions.impl.IrAnnotationImpl
+import org.jetbrains.kotlin.ir.expressions.impl.fromSymbolOwner
+import org.jetbrains.kotlin.ir.symbols.IrConstructorSymbol
+import org.jetbrains.kotlin.ir.types.IrType
+import org.jetbrains.kotlin.ir.types.addAnnotations
+
+/**
+ * Compatibility accessors for pre-2.4.0 API patterns.
+ * In 2.4.0, valueParameters/extensionReceiverParameter/extensionReceiver/
+ * getValueArgument/putValueArgument/valueArgumentsCount/typeArgumentsCount/getTypeArgument
+ * have been removed. This file provides the 2.4.0 implementations.
+ */
+
+// IrFunction: valueParameters -> parameters filtered to Regular kind
+val IrFunction.codeQlValueParameters: List<IrValueParameter>
+    get() = parameters.filter { it.kind == org.jetbrains.kotlin.ir.declarations.IrParameterKind.Regular }
+
+// IrFunction: extensionReceiverParameter
+val IrFunction.codeQlExtensionReceiverParameter: IrValueParameter?
+    get() = parameters.firstOrNull { it.kind == org.jetbrains.kotlin.ir.declarations.IrParameterKind.ExtensionReceiver }
+
+// Helper: get the offset of value arguments in the arguments list
+private fun IrMemberAccessExpression<*>.valueArgumentOffset(): Int {
+    val owner = symbol.owner as? IrFunction ?: return 0
+    return owner.parameters.count { it.kind != org.jetbrains.kotlin.ir.declarations.IrParameterKind.Regular }
+}
+
+// IrMemberAccessExpression: valueArgumentsCount
+// In 2.4.0, arguments[] includes dispatch/extension receivers before regular params
+val IrMemberAccessExpression<*>.codeQlValueArgumentsCount: Int
+    get() = arguments.size - valueArgumentOffset()
+
+// IrMemberAccessExpression: getValueArgument
+// In 2.4.0, arguments[] includes dispatch/extension receivers before regular params
+fun IrMemberAccessExpression<*>.codeQlGetValueArgument(index: Int): IrExpression? = arguments[index + valueArgumentOffset()]
+
+// IrMemberAccessExpression: putValueArgument
+// In 2.4.0, arguments[] includes dispatch/extension receivers before regular params
+fun IrMemberAccessExpression<*>.codeQlPutValueArgument(index: Int, value: IrExpression?) {
+    arguments[index + valueArgumentOffset()] = value
+}
+
+// Re-add accessor for the extensionReceiver property removed in Kotlin 2.4.0.
+val IrMemberAccessExpression<*>.codeQlExtensionReceiver: IrExpression?
+    get() {
+        val erp = extensionReceiverParameterIndex() ?: return null
+        return arguments[erp]
+    }
+
+// Find the argument index corresponding to the extension receiver parameter.
+// Calls and function references expose an IrFunction owner directly; property
+// references need to look through their getter or setter.
+private fun IrMemberAccessExpression<*>.extensionReceiverParameterIndex(): Int? {
+    // Direct function owner (IrCall, IrFunctionReference, etc.)
+    (symbol.owner as? IrFunction)?.codeQlExtensionReceiverParameter?.let {
+        return it.indexInParameters
+    }
+    // Property reference: look at getter or setter function
+    (this as? org.jetbrains.kotlin.ir.expressions.IrPropertyReference)?.let { propRef ->
+        propRef.getter?.owner?.codeQlExtensionReceiverParameter?.let {
+            return it.indexInParameters
+        }
+        propRef.setter?.owner?.codeQlExtensionReceiverParameter?.let {
+            return it.indexInParameters
+        }
+    }
+    return null
+}
+
+// IrMemberAccessExpression: typeArgumentsCount
+val IrMemberAccessExpression<*>.codeQlTypeArgumentsCount: Int
+    get() = typeArguments.size
+
+// IrMemberAccessExpression: getTypeArgument
+fun IrMemberAccessExpression<*>.codeQlGetTypeArgument(index: Int): IrType? = typeArguments[index]
+
+// addAnnotations compat: in 2.4.0, addAnnotations expects List<IrAnnotation>
+// IrConstructorCall implements IrAnnotation in 2.4.0, so filterIsInstance is identity
+fun IrType.codeQlAddAnnotations(annotations: List<IrConstructorCall>): IrType =
+    addAnnotations(annotations.filterIsInstance<IrAnnotation>())
+
+// IrMutableAnnotationContainer.annotations setter: in 2.4.0, expects List<IrAnnotation>
+fun codeQlSetAnnotations(container: org.jetbrains.kotlin.ir.declarations.IrMutableAnnotationContainer, annotations: List<IrConstructorCall>) {
+    container.annotations = annotations.filterIsInstance<IrAnnotation>()
+}
+
+// IrFunction: set dispatch receiver parameter
+// In 2.4.0, dispatchReceiverParameter is val; modify the parameters list directly.
+fun IrFunction.codeQlSetDispatchReceiverParameter(param: IrValueParameter?) {
+    val existing = parameters.indexOfFirst { it.kind == org.jetbrains.kotlin.ir.declarations.IrParameterKind.DispatchReceiver }
+    val mutableParams = parameters.toMutableList()
+    if (existing >= 0) {
+        if (param != null) {
+            mutableParams[existing] = param
+        } else {
+            mutableParams.removeAt(existing)
+        }
+    } else if (param != null) {
+        param.kind = org.jetbrains.kotlin.ir.declarations.IrParameterKind.DispatchReceiver
+        mutableParams.add(0, param)
+    }
+    parameters = mutableParams
+}
+
+// In 2.4.0, annotation lists require IrAnnotation instances.
+// Use IrAnnotationImpl.fromSymbolOwner instead of IrConstructorCallImpl.fromSymbolOwner.
+fun codeQlAnnotationFromSymbolOwner(
+    startOffset: Int, endOffset: Int, type: IrType, symbol: IrConstructorSymbol, typeArgumentsCount: Int
+): IrConstructorCall =
+    IrAnnotationImpl.fromSymbolOwner(startOffset, endOffset, type, symbol, typeArgumentsCount)
+
+fun codeQlAnnotationFromSymbolOwner(type: IrType, symbol: IrConstructorSymbol): IrConstructorCall =
+    IrAnnotationImpl.fromSymbolOwner(type, symbol)