Add changed framework coverage reports

Cfg: Distinguish parameters from their patterns.

csharp/ql/lib/semmle/code/csharp/controlflow/internal/ControlFlowGraph.qll

@@ -145,6 +145,8 @@ module Ast implements AstSig<Location> {
   final private class ParameterFinal = CS::Parameter;
 
   class Parameter extends ParameterFinal {
+    AstNode getPattern() { result = this }
+
     Expr getDefaultValue() {
       // Avoid combinatorial explosions for callables with multiple bodies
       result = unique( | | super.getDefaultValue())

go/documentation/library-coverage/coverage.csv

@@ -123,7 +123,7 @@ k8s.io/api/core,,,10,,,,,,,,,,,,,,,,,,,,,,,10,
 k8s.io/apimachinery/pkg/runtime,,,47,,,,,,,,,,,,,,,,,,,,,,,47,
 k8s.io/klog,90,,,,,,90,,,,,,,,,,,,,,,,,,,,
 launchpad.net/xmlpath,2,,,,,,,,,,,,,,,,,,2,,,,,,,,
-log,20,,3,,,,20,,,,,,,,,,,,,,,,,,,3,
+log,40,,3,,,,40,,,,,,,,,,,,,,,,,,,3,
 math/big,,,1,,,,,,,,,,,,,,,,,,,,,,,1,
 mime,,,14,,,,,,,,,,,,,,,,,,,,,,,14,
 net,2,16,100,,,,,,1,,,,,,,,1,,,,,,,16,,100,

go/documentation/library-coverage/coverage.rst

@@ -32,7 +32,7 @@ Go framework & library support
    `Revel <http://revel.github.io/>`_,"``github.com/revel/revel*``, ``github.com/robfig/revel*``",46,20,4
    `SendGrid <https://github.com/sendgrid/sendgrid-go>`_,``github.com/sendgrid/sendgrid-go*``,,1,
    `Squirrel <https://github.com/Masterminds/squirrel>`_,"``github.com/Masterminds/squirrel*``, ``github.com/lann/squirrel*``, ``gopkg.in/Masterminds/squirrel``",81,,96
-   `Standard library <https://pkg.go.dev/std>`_,"````, ``archive/*``, ``bufio``, ``bytes``, ``cmp``, ``compress/*``, ``container/*``, ``context``, ``crypto``, ``crypto/*``, ``database/*``, ``debug/*``, ``embed``, ``encoding``, ``encoding/*``, ``errors``, ``expvar``, ``flag``, ``fmt``, ``go/*``, ``hash``, ``hash/*``, ``html``, ``html/*``, ``image``, ``image/*``, ``index/*``, ``io``, ``io/*``, ``log``, ``log/*``, ``maps``, ``math``, ``math/*``, ``mime``, ``mime/*``, ``net``, ``net/*``, ``os``, ``os/*``, ``path``, ``path/*``, ``plugin``, ``reflect``, ``reflect/*``, ``regexp``, ``regexp/*``, ``slices``, ``sort``, ``strconv``, ``strings``, ``sync``, ``sync/*``, ``syscall``, ``syscall/*``, ``testing``, ``testing/*``, ``text/*``, ``time``, ``time/*``, ``unicode``, ``unicode/*``, ``unsafe``, ``weak``",52,612,104
+   `Standard library <https://pkg.go.dev/std>`_,"````, ``archive/*``, ``bufio``, ``bytes``, ``cmp``, ``compress/*``, ``container/*``, ``context``, ``crypto``, ``crypto/*``, ``database/*``, ``debug/*``, ``embed``, ``encoding``, ``encoding/*``, ``errors``, ``expvar``, ``flag``, ``fmt``, ``go/*``, ``hash``, ``hash/*``, ``html``, ``html/*``, ``image``, ``image/*``, ``index/*``, ``io``, ``io/*``, ``log``, ``log/*``, ``maps``, ``math``, ``math/*``, ``mime``, ``mime/*``, ``net``, ``net/*``, ``os``, ``os/*``, ``path``, ``path/*``, ``plugin``, ``reflect``, ``reflect/*``, ``regexp``, ``regexp/*``, ``slices``, ``sort``, ``strconv``, ``strings``, ``sync``, ``sync/*``, ``syscall``, ``syscall/*``, ``testing``, ``testing/*``, ``text/*``, ``time``, ``time/*``, ``unicode``, ``unicode/*``, ``unsafe``, ``weak``",52,612,124
    `XORM <https://xorm.io>`_,"``github.com/go-xorm/xorm*``, ``xorm.io/xorm*``",,,68
    `XPath <https://github.com/antchfx/xpath>`_,``github.com/antchfx/xpath*``,,,4
    `appleboy/gin-jwt <https://github.com/appleboy/gin-jwt>`_,``github.com/appleboy/gin-jwt*``,,,1
@@ -74,5 +74,5 @@ Go framework & library support
    `xpathparser <https://github.com/santhosh-tekuri/xpathparser>`_,``github.com/santhosh-tekuri/xpathparser*``,,,2
    `yaml <https://gopkg.in/yaml.v3>`_,``gopkg.in/yaml*``,,9,
    `zap <https://go.uber.org/zap>`_,``go.uber.org/zap*``,,11,33
-   Totals,,688,1072,1557
+   Totals,,688,1072,1577
 

java/ql/integration-tests/java/buildless-erroneous/diagnostics.expected

@@ -1,3 +1,18 @@
+{
+  "attributes": {},
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "Because no usable build tool (Gradle, Maven, etc) was found, build scripts could not be queried for guidance about the appropriate JDK version for the code being extracted, or precise dependency information. The default JDK will be used, and external dependencies will be inferred from the Java package names used.",
   "severity": "unknown",

java/ql/integration-tests/java/buildless-gradle-boms/diagnostics.expected

@@ -1,3 +1,18 @@
+{
+  "attributes": {},
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "Java analysis used build tool Gradle to pick a JDK version and/or to recommend external dependencies.",
   "severity": "unknown",

java/ql/integration-tests/java/buildless-gradle-classifiers/diagnostics.expected

@@ -1,3 +1,18 @@
+{
+  "attributes": {},
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "Java analysis used build tool Gradle to pick a JDK version and/or to recommend external dependencies.",
   "severity": "unknown",

java/ql/integration-tests/java/buildless-gradle-timeout/diagnostics.expected

@@ -1,3 +1,18 @@
+{
+  "attributes": {},
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "A Gradle process was aborted because it didn't write to the console for 5 seconds. Consider either lengthening the timeout if appropriate by setting CODEQL_EXTRACTOR_JAVA_BUILDLESS_CHILD_PROCESS_IDLE_TIMEOUT to a higher value or zero for no timeout, or else investigate why Gradle timed out. Java analysis will continue, but the analysis may be of reduced quality.",
   "severity": "note",

java/ql/integration-tests/java/buildless-gradle/diagnostics.expected

@@ -1,3 +1,18 @@
+{
+  "attributes": {},
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "Java analysis used build tool Gradle to pick a JDK version and/or to recommend external dependencies.",
   "severity": "unknown",

java/ql/integration-tests/java/buildless-inherit-trust-store/diagnostics.expected

@@ -1,3 +1,18 @@
+{
+  "attributes": {},
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies.",
   "severity": "unknown",

java/ql/integration-tests/java/buildless-maven-executable-war/diagnostics.expected

@@ -1,3 +1,18 @@
+{
+  "attributes": {},
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies.",
   "severity": "unknown",

java/ql/integration-tests/java/buildless-maven-existing-settings-xml/diagnostics.expected

@@ -1,3 +1,18 @@
+{
+  "attributes": {},
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies.",
   "severity": "unknown",

java/ql/integration-tests/java/buildless-maven-mirrorof/diagnostics.expected

@@ -1,3 +1,18 @@
+{
+  "attributes": {},
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies.",
   "severity": "unknown",

java/ql/integration-tests/java/buildless-maven-multimodule/diagnostics.expected

@@ -1,3 +1,18 @@
+{
+  "attributes": {},
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies.",
   "severity": "unknown",

java/ql/integration-tests/java/buildless-maven-timeout/diagnostics.expected

@@ -1,3 +1,18 @@
+{
+  "attributes": {},
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "A Maven process was aborted because it didn't write to the console for 5 seconds. Consider either lenghtening the timeout if appropriate by setting CODEQL_EXTRACTOR_JAVA_BUILDLESS_CHILD_PROCESS_IDLE_TIMEOUT to a higher value or zero for no timeout, or else investigate why Maven timed out. Java analysis will continue, but the analysis may be of reduced quality.",
   "severity": "note",

java/ql/integration-tests/java/buildless-maven-tolerate-unavailable-dependency/diagnostics.expected

@@ -1,3 +1,18 @@
+{
+  "attributes": {},
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "At least one dependency JAR suggested by the build system could not be downloaded. This means the analysis will try to satisfy the dependency with its default choice for the required external package name, which may be the wrong version or the wrong package entirely. This may lead to partial analysis of code using this dependency. See the extraction log for full details. If the cause appears to be a temporary outage, consider retrying the analysis.",
   "severity": "note",

java/ql/integration-tests/java/buildless-maven-tolerate-unavailable-dependency/test.py

@@ -1,4 +1,4 @@
-def test(codeql, java):
+def test(codeql, java, check_diagnostics_java):
     codeql.database.create(
         build_mode="none",
     )

java/ql/integration-tests/java/buildless-maven/diagnostics.expected

@@ -1,3 +1,18 @@
+{
+  "attributes": {},
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies.",
   "severity": "unknown",

java/ql/integration-tests/java/buildless-proxy-gradle/diagnostics.expected

@@ -1,3 +1,18 @@
+{
+  "attributes": {},
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "Java analysis used build tool Gradle to pick a JDK version and/or to recommend external dependencies.",
   "severity": "unknown",

java/ql/integration-tests/java/buildless-proxy-maven/diagnostics.expected

@@ -1,3 +1,18 @@
+{
+  "attributes": {},
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies.",
   "severity": "unknown",

java/ql/integration-tests/java/buildless-sibling-projects/diagnostics.expected

@@ -1,3 +1,18 @@
+{
+  "attributes": {},
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "Java analysis dropped the following dependencies because a sibling project depends on a higher version:\n\n* `junit/junit-4.11`",
   "severity": "unknown",

java/ql/integration-tests/java/buildless/diagnostics.expected

@@ -1,3 +1,18 @@
+{
+  "attributes": {},
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "Because no usable build tool (Gradle, Maven, etc) was found, build scripts could not be queried for guidance about the appropriate JDK version for the code being extracted, or precise dependency information. The default JDK will be used, and external dependencies will be inferred from the Java package names used.",
   "severity": "unknown",

java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/diagnostics.expected

@@ -1,3 +1,21 @@
+{
+  "attributes": {
+    "java_vendor": "__REDACTED__",
+    "java_version": "11.0.31"
+  },
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "Analyzed a Gradle project without the [Gradle wrapper](https://docs.gradle.org/current/userguide/gradle_wrapper.html). This may use an incompatible version of Gradle.",
   "severity": "warning",

java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/test.py

@@ -4,7 +4,8 @@ import pathlib
 
 
 # The version of gradle used doesn't work on java 17
-def test(codeql, use_java_11, java, environment):
+def test(codeql, use_java_11, java, environment, check_diagnostics):
+    check_diagnostics.redact += ["attributes.java_vendor"]
     gradle_override_dir = pathlib.Path(tempfile.mkdtemp())
     if runs_on.windows:
         (gradle_override_dir / "gradle.bat").write_text("@echo off\nexit /b 2\n")

java/ql/integration-tests/java/maven-download-failure/diagnostics.expected

@@ -1,3 +1,18 @@
+{
+  "attributes": {},
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies.",
   "severity": "unknown",

java/ql/integration-tests/java/maven-download-failure/test.py

@@ -2,7 +2,7 @@ import os
 import os.path
 import shutil
 
-def test(codeql, java, check_diagnostics):
+def test(codeql, java, check_diagnostics_java):
 
     # Avoid shutil resolving mvn to the wrapper script in the test dir:
     os.environ["NoDefaultCurrentDirectoryInExePath"] = "0"

java/ql/lib/semmle/code/java/ControlFlowGraph.qll

@@ -61,6 +61,8 @@ private module Ast implements AstSig<Location> {
   class Parameter extends AstNode {
     Parameter() { none() }
 
+    AstNode getPattern() { none() }
+
     Expr getDefaultValue() { none() }
   }
 

misc/codegen/requirements_lock.txt

@@ -14,7 +14,7 @@ pluggy==1.5.0
     # via pytest
 pystache==0.6.8
     # via -r misc/codegen/requirements_in.txt
-pytest==9.0.3
+pytest==8.3.5
     # via -r misc/codegen/requirements_in.txt
 pyyaml==6.0.2
     # via -r misc/codegen/requirements_in.txt

python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/PoC/requirements.txt

@@ -1,2 +1,2 @@
 flask
-pymongo==4.6.3
+pymongo==3.9

shared/controlflow/codeql/controlflow/ControlFlowGraph.qll

@@ -52,6 +52,15 @@ signature module AstSig<LocationSig Location> {
 
   /** A parameter of a callable. */
   class Parameter extends AstNode {
+    /**
+     * Gets the pattern associated with this parameter.
+     *
+     * The pattern is included in the CFG while the parameter itself is not.
+     * Although, in simple cases that do not involve destructuring, it is
+     * allowed for the pattern to be equal to the parameter.
+     */
+    AstNode getPattern();
+
     /** Gets the default value of this parameter, if any. */
     Expr getDefaultValue();
   }
@@ -631,7 +640,7 @@ module Make0<LocationSig Location, AstSig<Location> Ast> {
         or
         n = any(Case case).getPattern(_)
         or
-        exists(n.(Parameter).getDefaultValue())
+        exists(Parameter p | exists(p.getDefaultValue()) and n = p.getPattern())
       )
     }
 
@@ -803,24 +812,27 @@ module Make0<LocationSig Location, AstSig<Location> Ast> {
       )
     }
 
+    private predicate hasCfg(AstNode n) {
+      exists(getEnclosingCallable(n)) and
+      (n instanceof Parameter implies n = n.(Parameter).getPattern())
+    }
+
     cached
     private newtype TNode =
-      TBeforeNode(AstNode n) { Input1::cfgCachedStageRef() and exists(getEnclosingCallable(n)) } or
-      TAstNode(AstNode n) { postOrInOrder(n) and exists(getEnclosingCallable(n)) } or
+      TBeforeNode(AstNode n) { Input1::cfgCachedStageRef() and hasCfg(n) } or
+      TAstNode(AstNode n) { postOrInOrder(n) and hasCfg(n) } or
       TAfterValueNode(AstNode n, ConditionalSuccessor t) {
         inConditionalContext(n, t.getKind()) and
-        exists(getEnclosingCallable(n)) and
+        hasCfg(n) and
         not constantCondition(n, t.getDual())
       } or
       TAfterNode(AstNode n) {
-        exists(getEnclosingCallable(n)) and
+        hasCfg(n) and
         not inConditionalContext(n, _) and
         not cannotTerminateNormally(n) and
         not simpleLeafNode(n)
       } or
-      TAdditionalNode(AstNode n, string tag) {
-        additionalNode(n, tag, _) and exists(getEnclosingCallable(n))
-      } or
+      TAdditionalNode(AstNode n, string tag) { additionalNode(n, tag, _) and hasCfg(n) } or
       TEntryNode(Callable c) { callableHasBodyPart(c, _) } or
       TAnnotatedExitNode(Callable c, Boolean normal) { callableHasBodyPart(c, _) } or
       TExitNode(Callable c) { callableHasBodyPart(c, _) }
@@ -1390,8 +1402,8 @@ module Make0<LocationSig Location, AstSig<Location> Ast> {
       }
 
       pragma[nomagic]
-      private AstNode getParameterOrBodyEntry(Callable c, CallableContextOption ctx, int i) {
-        result = getRankedParameter(c, ctx, i)
+      private AstNode getParameterPatternOrBodyEntry(Callable c, CallableContextOption ctx, int i) {
+        result = getRankedParameter(c, ctx, i).getPattern()
         or
         (
           not exists(getRankedParameter(c, _, _)) and
@@ -1409,18 +1421,18 @@ module Make0<LocationSig Location, AstSig<Location> Ast> {
         or
         exists(Callable c |
           n1.(EntryNodeImpl).getEnclosingCallable() = c and
-          n2.isBefore(getParameterOrBodyEntry(c, _, 1))
+          n2.isBefore(getParameterPatternOrBodyEntry(c, _, 1))
           or
           exists(CallableContextOption ctx, Parameter p, int i | p = getRankedParameter(c, ctx, i) |
             exists(MatchingSuccessor t |
-              n1.isAfterValue(p, t) and
+              n1.isAfterValue(p.getPattern(), t) and
               if t.isMatch()
-              then n2.isBefore(getParameterOrBodyEntry(c, ctx, i + 1))
+              then n2.isBefore(getParameterPatternOrBodyEntry(c, ctx, i + 1))
               else n2.isBefore(p.getDefaultValue())
             )
             or
             n1.isAfter(p.getDefaultValue()) and
-            n2.isBefore(getParameterOrBodyEntry(c, ctx, i + 1))
+            n2.isBefore(getParameterPatternOrBodyEntry(c, ctx, i + 1))
           )
           or
           exists(Input1::CallableContext ctx, int i |
@@ -1796,6 +1808,7 @@ module Make0<LocationSig Location, AstSig<Location> Ast> {
        * and therefore should use default left-to-right evaluation.
        */
       private predicate defaultCfg(AstNode ast) {
+        hasCfg(ast) and
         not explicitStep(any(PreControlFlowNode n | n.isBefore(ast)), _)
       }