fix import

Revert "Ruby: separate trap-writer into its own module"
This reverts commit 388c9ffb74.
2026-05-26 00:51:25 +02:00 · 2022-07-25 12:00:24 +01:00 · 2022-07-25 08:54:30 +01:00 · 2022-07-25 08:52:53 +01:00 · 2022-07-25 08:52:42 +01:00 · 2022-07-25 08:52:12 +01:00
1691 changed files with 94154 additions and 57478 deletions
--- a/.devcontainer/swift/Dockerfile
+++ b/.devcontainer/swift/Dockerfile
@@ -0,0 +1,9 @@
+# See here for image contents: https://github.com/microsoft/vscode-dev-containers/tree/v0.236.0/containers/cpp/.devcontainer/base.Dockerfile
+
+# [Choice] Debian / Ubuntu version (use Debian 11, Ubuntu 18.04/22.04 on local arm64/Apple Silicon): debian-11, debian-10, ubuntu-22.04, ubuntu-20.04, ubuntu-18.04
+FROM mcr.microsoft.com/vscode/devcontainers/cpp:0-ubuntu-22.04
+
+USER root
+ADD root.sh /tmp/root.sh
+ADD update-codeql.sh /usr/local/bin/update-codeql
+RUN bash /tmp/root.sh && rm /tmp/root.sh
--- a/.devcontainer/swift/devcontainer.json
+++ b/.devcontainer/swift/devcontainer.json
@@ -0,0 +1,25 @@
+{
+	"extensions": [
+		"github.vscode-codeql",
+		"hbenl.vscode-test-explorer",
+		"ms-vscode.test-adapter-converter",
+		"slevesque.vscode-zipexplorer",
+		"ms-vscode.cpptools"
+	],
+	"settings": {
+		"files.watcherExclude": {
+			"**/target/**": true
+		},
+		"codeQL.runningQueries.memory": 2048
+	},
+	"build": {
+		"dockerfile": "Dockerfile",
+	},
+	"runArgs": [
+		"--cap-add=SYS_PTRACE",
+		"--security-opt",
+		"seccomp=unconfined"
+	],
+	"remoteUser": "vscode",
+	"onCreateCommand": ".devcontainer/swift/user.sh"
+}
--- a/.devcontainer/swift/root.sh
+++ b/.devcontainer/swift/root.sh
@@ -0,0 +1,22 @@
+set -xe
+
+BAZELISK_VERSION=v1.12.0
+BAZELISK_DOWNLOAD_SHA=6b0bcb2ea15bca16fffabe6fda75803440375354c085480fe361d2cbf32501db
+
+apt-get update
+export DEBIAN_FRONTEND=noninteractive
+apt-get -y install --no-install-recommends \
+    zlib1g-dev \
+    uuid-dev \
+    python3-distutils \
+    python3-pip \
+    bash-completion
+
+# Install Bazel
+curl -fSsL -o /usr/local/bin/bazelisk https://github.com/bazelbuild/bazelisk/releases/download/${BAZELISK_VERSION}/bazelisk-linux-amd64
+echo "${BAZELISK_DOWNLOAD_SHA} */usr/local/bin/bazelisk" | sha256sum --check -
+chmod 0755 /usr/local/bin/bazelisk
+ln -s bazelisk /usr/local/bin/bazel
+
+# install latest codeql
+update-codeql
--- a/.devcontainer/swift/update-codeql.sh
+++ b/.devcontainer/swift/update-codeql.sh
@@ -0,0 +1,20 @@
+#!/bin/bash -e
+
+URL=https://github.com/github/codeql-cli-binaries/releases
+LATEST_VERSION=$(curl -L -s -H 'Accept: application/json' $URL/latest | sed -e 's/.*"tag_name":"\([^"]*\)".*/\1/')
+CURRENT_VERSION=v$(codeql version 2>/dev/null | sed -ne 's/.*release \([0-9.]*\)\./\1/p')
+if [[ $CURRENT_VERSION != $LATEST_VERSION ]]; then
+  if [[ $UID != 0 ]]; then
+    echo "update required, please run this script with sudo:"
+    echo "  sudo $0"
+    exit 1
+  fi
+  ZIP=$(mktemp codeql.XXXX.zip)
+  curl -fSqL -o $ZIP $URL/download/$LATEST_VERSION/codeql-linux64.zip
+  unzip -q $ZIP -d /opt
+  rm $ZIP
+  ln -sf /opt/codeql/codeql /usr/local/bin/codeql
+  echo installed version $LATEST_VERSION
+else
+  echo current version $CURRENT_VERSION is up-to-date
+fi
--- a/.devcontainer/swift/user.sh
+++ b/.devcontainer/swift/user.sh
@@ -0,0 +1,13 @@
+set -xe
+
+# add the workspace to the codeql search path
+mkdir -p /home/vscode/.config/codeql
+echo "--search-path /workspaces/codeql" > /home/vscode/.config/codeql/config
+
+# create a swift extractor pack with the current state
+cd /workspaces/codeql
+bazel run swift/create-extractor-pack
+
+#install and set up pre-commit
+python3 -m pip install pre-commit --no-warn-script-location
+$HOME/.local/bin/pre-commit install
--- a/.github/workflows/check-change-note.yml
+++ b/.github/workflows/check-change-note.yml
@@ -10,6 +10,7 @@ on:
      - "*/ql/lib/**/*.qll"
      - "!**/experimental/**"
      - "!ql/**"
+      - "!swift/**"
      - ".github/workflows/check-change-note.yml"

 jobs:
--- a/.github/workflows/ql-for-ql-build.yml
+++ b/.github/workflows/ql-for-ql-build.yml
@@ -10,16 +10,16 @@ env:
  CARGO_TERM_COLOR: always

 jobs:
-  queries:
-    runs-on: ubuntu-latest
+  analyze:
+    runs-on: ubuntu-latest-xl
    steps:
+      ### Build the queries ###
      - uses: actions/checkout@v3
      - name: Find codeql
        id: find-codeql
        uses: github/codeql-action/init@aa93aea877e5fb8841bcb1193f672abf6e9f2980
        with:
          languages: javascript # does not matter
-          tools: latest
      - name: Get CodeQL version
        id: get-codeql-version
        run: |
@@ -49,14 +49,7 @@ jobs:
          name: query-pack-zip
          path: ${{ runner.temp }}/query-pack.zip

-  extractors:
-    strategy:
-      fail-fast: false
-
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v3
+      ### Build the extractor ###
      - name: Cache entire extractor
        id: cache-extractor
        uses: actions/cache@v3
@@ -100,15 +93,8 @@ jobs:
            ql/target/release/ql-extractor
            ql/target/release/ql-extractor.exe
          retention-days: 1
-  package:
-    runs-on: ubuntu-latest

-    needs:
-      - extractors
-      - queries
-
-    steps:
-      - uses: actions/checkout@v3
+      ### Package the queries and extractor ###
      - uses: actions/download-artifact@v3
        with:
          name: query-pack-zip
@@ -136,16 +122,8 @@ jobs:
          name: codeql-ql-pack
          path: codeql-ql.zip
          retention-days: 1
-  analyze:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        folder: [cpp, csharp, java, javascript, python, ql, ruby, swift, go]

-    needs:
-      - package
-
-    steps:
+      ### Run the analysis ###
      - name: Download pack
        uses: actions/download-artifact@v3
        with:
@@ -165,14 +143,11 @@ jobs:
        env:
          PACK: ${{ runner.temp }}/pack

-      - name: Checkout repository
-        uses: actions/checkout@v3
      - name: Create CodeQL config file
        run: |
-          echo "paths:" > ${CONF}
-          echo "  - ${FOLDER}" >> ${CONF}
          echo "paths-ignore:" >> ${CONF}
          echo "  - ql/ql/test" >> ${CONF} 
+          echo "  - \"*/ql/lib/upgrades/\"" >> ${CONF} 
          echo "disable-default-queries: true" >> ${CONF}
          echo "packs:" >> ${CONF}
          echo "  - codeql/ql" >> ${CONF}
@@ -180,7 +155,6 @@ jobs:
          cat ${CONF}
        env: 
          CONF: ./ql-for-ql-config.yml
-          FOLDER: ${{ matrix.folder }}
      - name: Initialize CodeQL
        uses: github/codeql-action/init@aa93aea877e5fb8841bcb1193f672abf6e9f2980
        with:
@@ -191,11 +165,24 @@ jobs:
      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@aa93aea877e5fb8841bcb1193f672abf6e9f2980
        with: 
-          category: "ql-for-ql-${{ matrix.folder }}"
+          category: "ql-for-ql"
      - name: Copy sarif file to CWD
-        run: cp ../results/ql.sarif ./${{ matrix.folder }}.sarif
+        run: cp ../results/ql.sarif ./ql-for-ql.sarif
+      - name: Fixup the $scema in sarif  # Until https://github.com/microsoft/sarif-vscode-extension/pull/436/ is part in a stable release
+        run: |
+          sed -i 's/\$schema.*/\$schema": "https:\/\/raw.githubusercontent.com\/oasis-tcs\/sarif-spec\/master\/Schemata\/sarif-schema-2.1.0",/' ql-for-ql.sarif 
      - name: Sarif as artifact
        uses: actions/upload-artifact@v3
        with:
-          name: ${{ matrix.folder }}.sarif
-          path: ${{ matrix.folder }}.sarif
+          name: ql-for-ql.sarif
+          path: ql-for-ql.sarif
+      - name: Split out the sarif file into langs
+        run: |
+          mkdir split-sarif
+          node ./ql/scripts/split-sarif.js ql-for-ql.sarif split-sarif
+      - name: Upload langs as artifacts
+        uses: actions/upload-artifact@v3
+        with:
+          name: ql-for-ql-langs
+          path: split-sarif
+          retention-days: 1
--- a/.github/workflows/ql-for-ql-dataset_measure.yml
+++ b/.github/workflows/ql-for-ql-dataset_measure.yml
@@ -36,7 +36,7 @@ jobs:
            ql/target
          key: ${{ runner.os }}-qltest-cargo-${{ hashFiles('ql/**/Cargo.lock') }}
      - name: Build Extractor
-        run: cd ql; env "PATH=$PATH:`dirname ${CODEQL}`" ./create-extractor-pack.sh
+        run: cd ql; env "PATH=$PATH:`dirname ${CODEQL}`" ./scripts/create-extractor-pack.sh
        env:
          CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
      - name: Checkout ${{ matrix.repo }}
--- a/.github/workflows/ql-for-ql-tests.yml
+++ b/.github/workflows/ql-for-ql-tests.yml
@@ -36,7 +36,7 @@ jobs:
        run: |
          cd ql;
          codeqlpath=$(dirname ${{ steps.find-codeql.outputs.codeql-path }});
-          env "PATH=$PATH:$codeqlpath" ./create-extractor-pack.sh
+          env "PATH=$PATH:$codeqlpath" ./scripts/create-extractor-pack.sh
      - name: Run QL tests
        run: |
          "${CODEQL}" test run --check-databases --check-unused-labels --check-repeated-labels --check-redefined-labels --check-use-before-definition --search-path "${{ github.workspace }}/ql/extractor-pack" --consistency-queries ql/ql/consistency-queries ql/ql/test
--- a/.github/workflows/swift-codegen.yml
+++ b/.github/workflows/swift-codegen.yml
@@ -15,18 +15,22 @@ jobs:
      - uses: actions/checkout@v3
      - uses: ./.github/actions/fetch-codeql
      - uses: bazelbuild/setup-bazelisk@v2
+      - uses: actions/setup-python@v3
+      - uses: pre-commit/action@v3.0.0
+        name: Check that python code is properly formatted
+        with:
+          extra_args: autopep8 --all-files
      - name: Run unit tests
        run: |
          bazel test //swift/codegen/test --test_output=errors
-      - name: Check that QL generated code was checked in
-        run: |
-          bazel run //swift/codegen
-          git add swift
-          git diff --exit-code HEAD
+      - uses: pre-commit/action@v3.0.0
+        name: Check that QL generated code was checked in
+        with:
+          extra_args: swift-codegen --all-files
      - name: Generate C++ files
        run: |
-          bazel run //swift/codegen:codegen -- --generate=trap,cpp --cpp-output=$PWD/swift-generated-headers
+          bazel run //swift/codegen:codegen -- --generate=trap,cpp --cpp-output=$PWD/swift-generated-cpp-files
      - uses: actions/upload-artifact@v3
        with:
-          name: swift-generated-headers
-          path: swift-generated-headers/*.h
+          name: swift-generated-cpp-files
+          path: swift-generated-cpp-files/**
--- a/.github/workflows/swift-integration-tests.yml
+++ b/.github/workflows/swift-integration-tests.yml
@@ -0,0 +1,34 @@
+name: "Swift: Run Integration Tests"
+
+on:
+  pull_request:
+    paths:
+      - "swift/**"
+      - .github/workflows/swift-integration-tests.yml
+      - codeql-workspace.yml
+    branches:
+      - main
+defaults:
+  run:
+    working-directory: swift
+
+jobs:
+  integration-tests:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          - ubuntu-20.04
+#          - macos-latest  TODO
+    steps:
+      - uses: actions/checkout@v3
+      - uses: ./.github/actions/fetch-codeql
+      - uses: bazelbuild/setup-bazelisk@v2
+      - uses: actions/setup-python@v3
+      - name: Build Swift extractor
+        run: |
+          bazel run //swift:create-extractor-pack
+      - name: Run integration tests
+        run: |
+          python integration-tests/runner.py
--- a/.gitignore
+++ b/.gitignore
@@ -58,3 +58,6 @@ go/main
 # node_modules folders except in the JS test suite
 node_modules/
 !/javascript/ql/test/**/node_modules/
+
+# Temporary folders for working with generated models
+.model-temp
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -15,6 +15,12 @@ repos:
      - id: clang-format
        files: ^swift/.*\.(h|c|cpp)$

+  - repo: https://github.com/pre-commit/mirrors-autopep8
+    rev: v1.6.0
+    hooks:
+      - id: autopep8
+        files: ^swift/codegen/.*\.py
+
  - repo: local
    hooks:
      - id: codeql-format
@@ -40,7 +46,7 @@ repos:
        name: Run Swift checked in code generation
        files: ^swift/(codegen/|.*/generated/|ql/lib/(swift\.dbscheme$|codeql/swift/elements))
        language: system
-        entry: bazel run //swift/codegen
+        entry: bazel run //swift/codegen -- --quiet
        pass_filenames: false

      - id: swift-codegen-unit-tests
--- a/1
+++ b/1
@@ -42,3 +42,4 @@ WORKSPACE.bazel @github/codeql-ci-reviewers
 /.github/workflows/js-ml-tests.yml @github/codeql-ml-powered-queries-reviewers
 /.github/workflows/ql-for-ql-* @github/codeql-ql-for-ql-reviewers
 /.github/workflows/ruby-* @github/codeql-ruby
+/.github/workflows/swift-* @github/codeql-c
--- a/config/identical-files.json
+++ b/config/identical-files.json
@@ -453,11 +453,11 @@
    "python/ql/src/Lexical/CommentedOutCodeReferences.inc.qhelp"
  ],
  "IDE Contextual Queries": [
-    "cpp/ql/src/IDEContextual.qll",
-    "csharp/ql/src/IDEContextual.qll",
-    "java/ql/src/IDEContextual.qll",
-    "javascript/ql/src/IDEContextual.qll",
-    "python/ql/src/analysis/IDEContextual.qll"
+    "cpp/ql/lib/IDEContextual.qll",
+    "csharp/ql/lib/IDEContextual.qll",
+    "java/ql/lib/IDEContextual.qll",
+    "javascript/ql/lib/IDEContextual.qll",
+    "python/ql/lib/analysis/IDEContextual.qll"
  ],
  "SSA C#": [
    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/SsaImplCommon.qll",
--- a/cpp/ql/lib/CHANGELOG.md
+++ b/cpp/ql/lib/CHANGELOG.md
@@ -1,3 +1,25 @@
+## 0.3.1
+
+### Minor Analysis Improvements
+
+* `AnalysedExpr::isNullCheck` and `AnalysedExpr::isValidCheck` have been updated to handle variable accesses on the left-hand side of the C++ logical "and", and variable declarations in conditions.
+
+## 0.3.0
+
+### Deprecated APIs
+
+* The `BarrierGuard` class has been deprecated. Such barriers and sanitizers can now instead be created using the new `BarrierGuard` parameterized module.
+
+### Bug Fixes
+
+* `UserType.getADeclarationEntry()` now yields all forward declarations when the user type is a `class`, `struct`, or `union`.
+
+## 0.2.3
+
+### New Features
+
+* An `isBraced` predicate was added to the `Initializer` class which holds when a C++ braced initializer was used in the initialization.
+
 ## 0.2.2

 ### Deprecated APIs
--- a/cpp/ql/lib/IDEContextual.qll
+++ b/cpp/ql/lib/IDEContextual.qll
--- a/cpp/ql/lib/change-notes/2022-06-24-unique-variable.md
+++ b/cpp/ql/lib/change-notes/2022-06-24-unique-variable.md
@@ -0,0 +1,4 @@
+---
+category: fix
+---
+* Under certain circumstances a variable declaration that is not also a definition could be associated with a `Variable` that did not have the definition as a `VariableDeclarationEntry`. This is now fixed, and a unique `Variable` will exist that has both the declaration and the definition as a `VariableDeclarationEntry`.
--- a/cpp/ql/lib/change-notes/2022-05-30-braced-initializers.md
+++ b/cpp/ql/lib/change-notes/2022-05-30-braced-initializers.md
@@ -1,4 +1,5 @@
---
-category: feature
---
+## 0.2.3
+
+### New Features
+
 * An `isBraced` predicate was added to the `Initializer` class which holds when a C++ braced initializer was used in the initialization.
--- a/cpp/ql/lib/change-notes/released/0.3.0.md
+++ b/cpp/ql/lib/change-notes/released/0.3.0.md
@@ -0,0 +1,9 @@
+## 0.3.0
+
+### Deprecated APIs
+
+* The `BarrierGuard` class has been deprecated. Such barriers and sanitizers can now instead be created using the new `BarrierGuard` parameterized module.
+
+### Bug Fixes
+
+* `UserType.getADeclarationEntry()` now yields all forward declarations when the user type is a `class`, `struct`, or `union`.
--- a/cpp/ql/lib/change-notes/released/0.3.1.md
+++ b/cpp/ql/lib/change-notes/released/0.3.1.md
@@ -0,0 +1,5 @@
+## 0.3.1
+
+### Minor Analysis Improvements
+
+* `AnalysedExpr::isNullCheck` and `AnalysedExpr::isValidCheck` have been updated to handle variable accesses on the left-hand side of the C++ logical "and", and variable declarations in conditions.
--- a/cpp/ql/lib/codeql-pack.release.yml
+++ b/cpp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.2.2
+lastReleaseVersion: 0.3.1
--- a/cpp/ql/lib/definitions.qll
+++ b/cpp/ql/lib/definitions.qll
--- a/cpp/ql/lib/localDefinitions.ql
+++ b/cpp/ql/lib/localDefinitions.ql
--- a/cpp/ql/lib/localReferences.ql
+++ b/cpp/ql/lib/localReferences.ql
--- a/cpp/ql/lib/printAst.ql
+++ b/cpp/ql/lib/printAst.ql
--- a/cpp/ql/lib/qlpack.yml
+++ b/cpp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.2.3-dev
+version: 0.3.2-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp
--- a/cpp/ql/lib/semmle/code/cpp/Element.qll
+++ b/cpp/ql/lib/semmle/code/cpp/Element.qll
@@ -6,6 +6,7 @@
 import semmle.code.cpp.Location
 private import semmle.code.cpp.Enclosing
 private import semmle.code.cpp.internal.ResolveClass
+private import semmle.code.cpp.internal.ResolveGlobalVariable

 /**
 * Get the `Element` that represents this `@element`.
@@ -28,9 +29,12 @@ Element mkElement(@element e) { unresolveElement(result) = e }
 pragma[inline]
@element unresolveElement(Element e) {
  not result instanceof @usertype and
+  not result instanceof @variable and
  result = e
  or
  e = resolveClass(result)
+  or
+  e = resolveGlobalVariable(result)
 }

 /**
--- a/cpp/ql/lib/semmle/code/cpp/UserType.qll
+++ b/cpp/ql/lib/semmle/code/cpp/UserType.qll
@@ -48,8 +48,8 @@ class UserType extends Type, Declaration, NameQualifyingElement, AccessHolder, @
  }

  override TypeDeclarationEntry getADeclarationEntry() {
-    if type_decls(_, underlyingElement(this), _)
-    then type_decls(unresolveElement(result), underlyingElement(this), _)
+    if type_decls(_, unresolveElement(this), _)
+    then type_decls(underlyingElement(result), unresolveElement(this), _)
    else exists(Class t | this.(Class).isConstructedFrom(t) and result = t.getADeclarationEntry())
  }

--- a/cpp/ql/lib/semmle/code/cpp/Variable.qll
+++ b/cpp/ql/lib/semmle/code/cpp/Variable.qll
@@ -6,6 +6,7 @@ import semmle.code.cpp.Element
 import semmle.code.cpp.exprs.Access
 import semmle.code.cpp.Initializer
 private import semmle.code.cpp.internal.ResolveClass
+private import semmle.code.cpp.internal.ResolveGlobalVariable

 /**
 * A C/C++ variable. For example, in the following code there are four
@@ -32,6 +33,8 @@ private import semmle.code.cpp.internal.ResolveClass
 * can have multiple declarations.
 */
 class Variable extends Declaration, @variable {
+  Variable() { isVariable(underlyingElement(this)) }
+
  override string getAPrimaryQlClass() { result = "Variable" }

  /** Gets the initializer of this variable, if any. */
--- a/cpp/ql/lib/semmle/code/cpp/controlflow/Nullness.qll
+++ b/cpp/ql/lib/semmle/code/cpp/controlflow/Nullness.qll
@@ -46,7 +46,7 @@ predicate nullCheckExpr(Expr checkExpr, Variable var) {
    or
    exists(LogicalAndExpr op, AnalysedExpr child |
      expr = op and
-      op.getRightOperand() = child and
+      op.getAnOperand() = child and
      nullCheckExpr(child, v)
    )
    or
@@ -99,7 +99,7 @@ predicate validCheckExpr(Expr checkExpr, Variable var) {
    or
    exists(LogicalAndExpr op, AnalysedExpr child |
      expr = op and
-      op.getRightOperand() = child and
+      op.getAnOperand() = child and
      validCheckExpr(child, v)
    )
    or
@@ -169,7 +169,10 @@ class AnalysedExpr extends Expr {
   */
  predicate isDef(LocalScopeVariable v) {
    this.inCondition() and
-    this.(Assignment).getLValue() = v.getAnAccess()
+    (
+      this.(Assignment).getLValue() = v.getAnAccess() or
+      this.(ConditionDeclExpr).getVariableAccess() = v.getAnAccess()
+    )
  }

  /**
--- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll
@@ -90,14 +90,20 @@ abstract class Configuration extends string {
  /** Holds if data flow out of `node` is prohibited. */
  predicate isBarrierOut(Node node) { none() }

-  /** Holds if data flow through nodes guarded by `guard` is prohibited. */
-  predicate isBarrierGuard(BarrierGuard guard) { none() }
+  /**
+   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
+   *
+   * Holds if data flow through nodes guarded by `guard` is prohibited.
+   */
+  deprecated predicate isBarrierGuard(BarrierGuard guard) { none() }

  /**
+   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
+   *
   * Holds if data flow through nodes guarded by `guard` is prohibited when
   * the flow state is `state`
   */
-  predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }
+  deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }

  /**
   * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps.
@@ -335,6 +341,29 @@ private predicate outBarrier(NodeEx node, Configuration config) {
  )
 }

+/** A bridge class to access the deprecated `isBarrierGuard`. */
+private class BarrierGuardGuardedNodeBridge extends Unit {
+  abstract predicate guardedNode(Node n, Configuration config);
+
+  abstract predicate guardedNode(Node n, FlowState state, Configuration config);
+}
+
+private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge {
+  deprecated override predicate guardedNode(Node n, Configuration config) {
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g) and
+      n = g.getAGuardedNode()
+    )
+  }
+
+  deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) {
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g, state) and
+      n = g.getAGuardedNode()
+    )
+  }
+}
+
 pragma[nomagic]
 private predicate fullBarrier(NodeEx node, Configuration config) {
  exists(Node n | node.asNode() = n |
@@ -348,10 +377,7 @@ private predicate fullBarrier(NodeEx node, Configuration config) {
    not config.isSink(n) and
    not config.isSink(n, _)
    or
-    exists(BarrierGuard g |
-      config.isBarrierGuard(g) and
-      n = g.getAGuardedNode()
-    )
+    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, config)
  )
 }

@@ -360,10 +386,7 @@ private predicate stateBarrier(NodeEx node, FlowState state, Configuration confi
  exists(Node n | node.asNode() = n |
    config.isBarrier(n, state)
    or
-    exists(BarrierGuard g |
-      config.isBarrierGuard(g, state) and
-      n = g.getAGuardedNode()
-    )
+    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, state, config)
  )
 }

@@ -405,7 +428,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    simpleLocalFlowStepExt(n1, n2) and
+    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
    stepFilter(node1, node2, config)
  )
  or
@@ -424,7 +447,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config)
  )
@@ -443,7 +466,7 @@ private predicate additionalLocalStateStep(
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not stateBarrier(node1, s1, config) and
@@ -458,7 +481,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    jumpStepCached(n1, n2) and
+    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
    stepFilter(node1, node2, config) and
    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
  )
@@ -471,7 +494,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -484,7 +507,7 @@ private predicate additionalJumpStateStep(
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not stateBarrier(node1, s1, config) and
@@ -495,7 +518,7 @@ private predicate additionalJumpStateStep(

 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(node1.asNode(), c, node2.asNode()) and
+  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
  stepFilter(node1, node2, config)
  or
  exists(Node n |
@@ -539,7 +562,8 @@ pragma[nomagic]
 private predicate store(
  NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(node1.asNode(), tc, node2.asNode(), contentType) and
+  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
+    contentType) and
  read(_, tc.getContent(), _, config) and
  stepFilter(node1, node2, config)
 }
--- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll
@@ -90,14 +90,20 @@ abstract class Configuration extends string {
  /** Holds if data flow out of `node` is prohibited. */
  predicate isBarrierOut(Node node) { none() }

-  /** Holds if data flow through nodes guarded by `guard` is prohibited. */
-  predicate isBarrierGuard(BarrierGuard guard) { none() }
+  /**
+   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
+   *
+   * Holds if data flow through nodes guarded by `guard` is prohibited.
+   */
+  deprecated predicate isBarrierGuard(BarrierGuard guard) { none() }

  /**
+   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
+   *
   * Holds if data flow through nodes guarded by `guard` is prohibited when
   * the flow state is `state`
   */
-  predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }
+  deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }

  /**
   * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps.
@@ -335,6 +341,29 @@ private predicate outBarrier(NodeEx node, Configuration config) {
  )
 }

+/** A bridge class to access the deprecated `isBarrierGuard`. */
+private class BarrierGuardGuardedNodeBridge extends Unit {
+  abstract predicate guardedNode(Node n, Configuration config);
+
+  abstract predicate guardedNode(Node n, FlowState state, Configuration config);
+}
+
+private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge {
+  deprecated override predicate guardedNode(Node n, Configuration config) {
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g) and
+      n = g.getAGuardedNode()
+    )
+  }
+
+  deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) {
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g, state) and
+      n = g.getAGuardedNode()
+    )
+  }
+}
+
 pragma[nomagic]
 private predicate fullBarrier(NodeEx node, Configuration config) {
  exists(Node n | node.asNode() = n |
@@ -348,10 +377,7 @@ private predicate fullBarrier(NodeEx node, Configuration config) {
    not config.isSink(n) and
    not config.isSink(n, _)
    or
-    exists(BarrierGuard g |
-      config.isBarrierGuard(g) and
-      n = g.getAGuardedNode()
-    )
+    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, config)
  )
 }

@@ -360,10 +386,7 @@ private predicate stateBarrier(NodeEx node, FlowState state, Configuration confi
  exists(Node n | node.asNode() = n |
    config.isBarrier(n, state)
    or
-    exists(BarrierGuard g |
-      config.isBarrierGuard(g, state) and
-      n = g.getAGuardedNode()
-    )
+    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, state, config)
  )
 }

@@ -405,7 +428,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    simpleLocalFlowStepExt(n1, n2) and
+    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
    stepFilter(node1, node2, config)
  )
  or
@@ -424,7 +447,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config)
  )
@@ -443,7 +466,7 @@ private predicate additionalLocalStateStep(
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not stateBarrier(node1, s1, config) and
@@ -458,7 +481,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    jumpStepCached(n1, n2) and
+    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
    stepFilter(node1, node2, config) and
    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
  )
@@ -471,7 +494,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -484,7 +507,7 @@ private predicate additionalJumpStateStep(
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not stateBarrier(node1, s1, config) and
@@ -495,7 +518,7 @@ private predicate additionalJumpStateStep(

 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(node1.asNode(), c, node2.asNode()) and
+  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
  stepFilter(node1, node2, config)
  or
  exists(Node n |
@@ -539,7 +562,8 @@ pragma[nomagic]
 private predicate store(
  NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(node1.asNode(), tc, node2.asNode(), contentType) and
+  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
+    contentType) and
  read(_, tc.getContent(), _, config) and
  stepFilter(node1, node2, config)
 }
--- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll
@@ -90,14 +90,20 @@ abstract class Configuration extends string {
  /** Holds if data flow out of `node` is prohibited. */
  predicate isBarrierOut(Node node) { none() }

-  /** Holds if data flow through nodes guarded by `guard` is prohibited. */
-  predicate isBarrierGuard(BarrierGuard guard) { none() }
+  /**
+   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
+   *
+   * Holds if data flow through nodes guarded by `guard` is prohibited.
+   */
+  deprecated predicate isBarrierGuard(BarrierGuard guard) { none() }

  /**
+   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
+   *
   * Holds if data flow through nodes guarded by `guard` is prohibited when
   * the flow state is `state`
   */
-  predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }
+  deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }

  /**
   * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps.
@@ -335,6 +341,29 @@ private predicate outBarrier(NodeEx node, Configuration config) {
  )
 }

+/** A bridge class to access the deprecated `isBarrierGuard`. */
+private class BarrierGuardGuardedNodeBridge extends Unit {
+  abstract predicate guardedNode(Node n, Configuration config);
+
+  abstract predicate guardedNode(Node n, FlowState state, Configuration config);
+}
+
+private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge {
+  deprecated override predicate guardedNode(Node n, Configuration config) {
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g) and
+      n = g.getAGuardedNode()
+    )
+  }
+
+  deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) {
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g, state) and
+      n = g.getAGuardedNode()
+    )
+  }
+}
+
 pragma[nomagic]
 private predicate fullBarrier(NodeEx node, Configuration config) {
  exists(Node n | node.asNode() = n |
@@ -348,10 +377,7 @@ private predicate fullBarrier(NodeEx node, Configuration config) {
    not config.isSink(n) and
    not config.isSink(n, _)
    or
-    exists(BarrierGuard g |
-      config.isBarrierGuard(g) and
-      n = g.getAGuardedNode()
-    )
+    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, config)
  )
 }

@@ -360,10 +386,7 @@ private predicate stateBarrier(NodeEx node, FlowState state, Configuration confi
  exists(Node n | node.asNode() = n |
    config.isBarrier(n, state)
    or
-    exists(BarrierGuard g |
-      config.isBarrierGuard(g, state) and
-      n = g.getAGuardedNode()
-    )
+    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, state, config)
  )
 }

@@ -405,7 +428,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    simpleLocalFlowStepExt(n1, n2) and
+    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
    stepFilter(node1, node2, config)
  )
  or
@@ -424,7 +447,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config)
  )
@@ -443,7 +466,7 @@ private predicate additionalLocalStateStep(
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not stateBarrier(node1, s1, config) and
@@ -458,7 +481,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    jumpStepCached(n1, n2) and
+    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
    stepFilter(node1, node2, config) and
    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
  )
@@ -471,7 +494,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -484,7 +507,7 @@ private predicate additionalJumpStateStep(
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not stateBarrier(node1, s1, config) and
@@ -495,7 +518,7 @@ private predicate additionalJumpStateStep(

 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(node1.asNode(), c, node2.asNode()) and
+  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
  stepFilter(node1, node2, config)
  or
  exists(Node n |
@@ -539,7 +562,8 @@ pragma[nomagic]
 private predicate store(
  NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(node1.asNode(), tc, node2.asNode(), contentType) and
+  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
+    contentType) and
  read(_, tc.getContent(), _, config) and
  stepFilter(node1, node2, config)
 }
--- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll
@@ -90,14 +90,20 @@ abstract class Configuration extends string {
  /** Holds if data flow out of `node` is prohibited. */
  predicate isBarrierOut(Node node) { none() }

-  /** Holds if data flow through nodes guarded by `guard` is prohibited. */
-  predicate isBarrierGuard(BarrierGuard guard) { none() }
+  /**
+   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
+   *
+   * Holds if data flow through nodes guarded by `guard` is prohibited.
+   */
+  deprecated predicate isBarrierGuard(BarrierGuard guard) { none() }

  /**
+   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
+   *
   * Holds if data flow through nodes guarded by `guard` is prohibited when
   * the flow state is `state`
   */
-  predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }
+  deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }

  /**
   * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps.
@@ -335,6 +341,29 @@ private predicate outBarrier(NodeEx node, Configuration config) {
  )
 }

+/** A bridge class to access the deprecated `isBarrierGuard`. */
+private class BarrierGuardGuardedNodeBridge extends Unit {
+  abstract predicate guardedNode(Node n, Configuration config);
+
+  abstract predicate guardedNode(Node n, FlowState state, Configuration config);
+}
+
+private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge {
+  deprecated override predicate guardedNode(Node n, Configuration config) {
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g) and
+      n = g.getAGuardedNode()
+    )
+  }
+
+  deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) {
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g, state) and
+      n = g.getAGuardedNode()
+    )
+  }
+}
+
 pragma[nomagic]
 private predicate fullBarrier(NodeEx node, Configuration config) {
  exists(Node n | node.asNode() = n |
@@ -348,10 +377,7 @@ private predicate fullBarrier(NodeEx node, Configuration config) {
    not config.isSink(n) and
    not config.isSink(n, _)
    or
-    exists(BarrierGuard g |
-      config.isBarrierGuard(g) and
-      n = g.getAGuardedNode()
-    )
+    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, config)
  )
 }

@@ -360,10 +386,7 @@ private predicate stateBarrier(NodeEx node, FlowState state, Configuration confi
  exists(Node n | node.asNode() = n |
    config.isBarrier(n, state)
    or
-    exists(BarrierGuard g |
-      config.isBarrierGuard(g, state) and
-      n = g.getAGuardedNode()
-    )
+    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, state, config)
  )
 }

@@ -405,7 +428,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    simpleLocalFlowStepExt(n1, n2) and
+    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
    stepFilter(node1, node2, config)
  )
  or
@@ -424,7 +447,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config)
  )
@@ -443,7 +466,7 @@ private predicate additionalLocalStateStep(
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not stateBarrier(node1, s1, config) and
@@ -458,7 +481,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    jumpStepCached(n1, n2) and
+    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
    stepFilter(node1, node2, config) and
    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
  )
@@ -471,7 +494,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -484,7 +507,7 @@ private predicate additionalJumpStateStep(
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not stateBarrier(node1, s1, config) and
@@ -495,7 +518,7 @@ private predicate additionalJumpStateStep(

 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(node1.asNode(), c, node2.asNode()) and
+  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
  stepFilter(node1, node2, config)
  or
  exists(Node n |
@@ -539,7 +562,8 @@ pragma[nomagic]
 private predicate store(
  NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(node1.asNode(), tc, node2.asNode(), contentType) and
+  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
+    contentType) and
  read(_, tc.getContent(), _, config) and
  stepFilter(node1, node2, config)
 }
--- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll
@@ -90,14 +90,20 @@ abstract class Configuration extends string {
  /** Holds if data flow out of `node` is prohibited. */
  predicate isBarrierOut(Node node) { none() }

-  /** Holds if data flow through nodes guarded by `guard` is prohibited. */
-  predicate isBarrierGuard(BarrierGuard guard) { none() }
+  /**
+   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
+   *
+   * Holds if data flow through nodes guarded by `guard` is prohibited.
+   */
+  deprecated predicate isBarrierGuard(BarrierGuard guard) { none() }

  /**
+   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
+   *
   * Holds if data flow through nodes guarded by `guard` is prohibited when
   * the flow state is `state`
   */
-  predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }
+  deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }

  /**
   * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps.
@@ -335,6 +341,29 @@ private predicate outBarrier(NodeEx node, Configuration config) {
  )
 }

+/** A bridge class to access the deprecated `isBarrierGuard`. */
+private class BarrierGuardGuardedNodeBridge extends Unit {
+  abstract predicate guardedNode(Node n, Configuration config);
+
+  abstract predicate guardedNode(Node n, FlowState state, Configuration config);
+}
+
+private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge {
+  deprecated override predicate guardedNode(Node n, Configuration config) {
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g) and
+      n = g.getAGuardedNode()
+    )
+  }
+
+  deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) {
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g, state) and
+      n = g.getAGuardedNode()
+    )
+  }
+}
+
 pragma[nomagic]
 private predicate fullBarrier(NodeEx node, Configuration config) {
  exists(Node n | node.asNode() = n |
@@ -348,10 +377,7 @@ private predicate fullBarrier(NodeEx node, Configuration config) {
    not config.isSink(n) and
    not config.isSink(n, _)
    or
-    exists(BarrierGuard g |
-      config.isBarrierGuard(g) and
-      n = g.getAGuardedNode()
-    )
+    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, config)
  )
 }

@@ -360,10 +386,7 @@ private predicate stateBarrier(NodeEx node, FlowState state, Configuration confi
  exists(Node n | node.asNode() = n |
    config.isBarrier(n, state)
    or
-    exists(BarrierGuard g |
-      config.isBarrierGuard(g, state) and
-      n = g.getAGuardedNode()
-    )
+    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, state, config)
  )
 }

@@ -405,7 +428,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    simpleLocalFlowStepExt(n1, n2) and
+    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
    stepFilter(node1, node2, config)
  )
  or
@@ -424,7 +447,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config)
  )
@@ -443,7 +466,7 @@ private predicate additionalLocalStateStep(
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not stateBarrier(node1, s1, config) and
@@ -458,7 +481,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    jumpStepCached(n1, n2) and
+    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
    stepFilter(node1, node2, config) and
    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
  )
@@ -471,7 +494,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -484,7 +507,7 @@ private predicate additionalJumpStateStep(
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not stateBarrier(node1, s1, config) and
@@ -495,7 +518,7 @@ private predicate additionalJumpStateStep(

 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(node1.asNode(), c, node2.asNode()) and
+  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
  stepFilter(node1, node2, config)
  or
  exists(Node n |
@@ -539,7 +562,8 @@ pragma[nomagic]
 private predicate store(
  NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(node1.asNode(), tc, node2.asNode(), contentType) and
+  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
+    contentType) and
  read(_, tc.getContent(), _, config) and
  stepFilter(node1, node2, config)
 }
--- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowUtil.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowUtil.qll
@@ -850,6 +850,34 @@ class ContentSet instanceof Content {
 }

 /**
+ * Holds if the guard `g` validates the expression `e` upon evaluating to `branch`.
+ *
+ * The expression `e` is expected to be a syntactic part of the guard `g`.
+ * For example, the guard `g` might be a call `isSafe(x)` and the expression `e`
+ * the argument `x`.
+ */
+signature predicate guardChecksSig(GuardCondition g, Expr e, boolean branch);
+
+/**
+ * Provides a set of barrier nodes for a guard that validates an expression.
+ *
+ * This is expected to be used in `isBarrier`/`isSanitizer` definitions
+ * in data flow and taint tracking.
+ */
+module BarrierGuard<guardChecksSig/3 guardChecks> {
+  /** Gets a node that is safely guarded by the given guard check. */
+  ExprNode getABarrierNode() {
+    exists(GuardCondition g, SsaDefinition def, Variable v, boolean branch |
+      result.getExpr() = def.getAUse(v) and
+      guardChecks(g, def.getAUse(v), branch) and
+      g.controls(result.getExpr().getBasicBlock(), branch)
+    )
+  }
+}
+
+/**
+ * DEPRECATED: Use `BarrierGuard` module instead.
+ *
 * A guard that validates some expression.
 *
 * To use this in a configuration, extend the class and provide a
@@ -858,7 +886,7 @@ class ContentSet instanceof Content {
 *
 * It is important that all extending classes in scope are disjoint.
 */
-class BarrierGuard extends GuardCondition {
+deprecated class BarrierGuard extends GuardCondition {
  /** Override this predicate to hold if this guard validates `e` upon evaluating to `b`. */
  abstract predicate checks(Expr e, boolean b);

--- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/TaintTrackingUtil.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/TaintTrackingUtil.qll
@@ -47,12 +47,6 @@ predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::Content c) { n
 */
 predicate defaultTaintSanitizer(DataFlow::Node node) { none() }

-/**
- * Holds if `guard` should be a sanitizer guard in all global taint flow configurations
- * but not in local taint.
- */
-predicate defaultTaintSanitizerGuard(DataFlow::BarrierGuard guard) { none() }
-
 /**
 * Holds if taint can flow in one local step from `nodeFrom` to `nodeTo` excluding
 * local data flow steps. That is, `nodeFrom` and `nodeTo` are likely to represent
--- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll
@@ -116,20 +116,30 @@ abstract class Configuration extends DataFlow::Configuration {

  final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) }

-  /** Holds if taint propagation through nodes guarded by `guard` is prohibited. */
-  predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() }
+  /**
+   * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead.
+   *
+   * Holds if taint propagation through nodes guarded by `guard` is prohibited.
+   */
+  deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() }

-  final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) {
-    this.isSanitizerGuard(guard) or defaultTaintSanitizerGuard(guard)
+  deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) {
+    this.isSanitizerGuard(guard)
  }

  /**
+   * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead.
+   *
   * Holds if taint propagation through nodes guarded by `guard` is prohibited
   * when the flow state is `state`.
   */
-  predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { none() }
+  deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) {
+    none()
+  }

-  final override predicate isBarrierGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) {
+  deprecated final override predicate isBarrierGuard(
+    DataFlow::BarrierGuard guard, DataFlow::FlowState state
+  ) {
    this.isSanitizerGuard(guard, state)
  }

--- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll
@@ -116,20 +116,30 @@ abstract class Configuration extends DataFlow::Configuration {

  final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) }

-  /** Holds if taint propagation through nodes guarded by `guard` is prohibited. */
-  predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() }
+  /**
+   * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead.
+   *
+   * Holds if taint propagation through nodes guarded by `guard` is prohibited.
+   */
+  deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() }

-  final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) {
-    this.isSanitizerGuard(guard) or defaultTaintSanitizerGuard(guard)
+  deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) {
+    this.isSanitizerGuard(guard)
  }

  /**
+   * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead.
+   *
   * Holds if taint propagation through nodes guarded by `guard` is prohibited
   * when the flow state is `state`.
   */
-  predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { none() }
+  deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) {
+    none()
+  }

-  final override predicate isBarrierGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) {
+  deprecated final override predicate isBarrierGuard(
+    DataFlow::BarrierGuard guard, DataFlow::FlowState state
+  ) {
    this.isSanitizerGuard(guard, state)
  }

--- a/cpp/ql/lib/semmle/code/cpp/exprs/Call.qll
+++ b/cpp/ql/lib/semmle/code/cpp/exprs/Call.qll
@@ -255,8 +255,10 @@ class FunctionCall extends Call, @funbindexpr {
  /**
   * Gets the function called by this call.
   *
-   * In the case of virtual function calls, the result is the most-specific function in the override tree (as
-   * determined by the compiler) such that the target at runtime will be one of `result.getAnOverridingFunction*()`.
+   * In the case of virtual function calls, the result is the most-specific function in the override tree
+   * such that the target at runtime will be one of `result.getAnOverridingFunction*()`. The most-specific
+   * function is determined by the compiler based on the compile time type of the object the function is a
+   * member of.
   */
  override Function getTarget() { funbind(underlyingElement(this), unresolveElement(result)) }

--- a/cpp/ql/lib/semmle/code/cpp/exprs/Expr.qll
+++ b/cpp/ql/lib/semmle/code/cpp/exprs/Expr.qll
@@ -49,6 +49,9 @@ class Expr extends StmtParent, @expr {
  /** Gets the enclosing variable of this expression, if any. */
  Variable getEnclosingVariable() { result = exprEnclosingElement(this) }

+  /** Gets the enclosing variable or function of this expression. */
+  Declaration getEnclosingDeclaration() { result = exprEnclosingElement(this) }
+
  /** Gets a child of this expression. */
  Expr getAChild() { exists(int n | result = this.getChild(n)) }

--- a/cpp/ql/lib/semmle/code/cpp/internal/QualifiedName.qll
+++ b/cpp/ql/lib/semmle/code/cpp/internal/QualifiedName.qll
@@ -4,11 +4,7 @@
 * qualified.
 *
 * This file contains classes that mirror the standard AST classes for C++, but
- * these classes are only concerned with naming. The other difference is that
- * these classes don't use the `ResolveClass.qll` mechanisms like
- * `unresolveElement` because these classes should eventually be part of the
- * implementation of `ResolveClass.qll`, allowing it to match up classes when
- * their qualified names and parameters match.
+ * these classes are only concerned with naming.
 */

 private import semmle.code.cpp.Declaration as D
--- a/cpp/ql/lib/semmle/code/cpp/internal/ResolveClass.qll
+++ b/cpp/ql/lib/semmle/code/cpp/internal/ResolveClass.qll
@@ -115,15 +115,13 @@ private module Cached {
   */
  cached
  predicate isClass(@usertype t) {
-    (
-      usertypes(t, _, 1) or
-      usertypes(t, _, 2) or
-      usertypes(t, _, 3) or
-      usertypes(t, _, 6) or
-      usertypes(t, _, 10) or
-      usertypes(t, _, 11) or
-      usertypes(t, _, 12)
-    )
+    usertypes(t, _, 1) or
+    usertypes(t, _, 2) or
+    usertypes(t, _, 3) or
+    usertypes(t, _, 6) or
+    usertypes(t, _, 10) or
+    usertypes(t, _, 11) or
+    usertypes(t, _, 12)
  }

  cached
--- a/cpp/ql/lib/semmle/code/cpp/internal/ResolveGlobalVariable.qll
+++ b/cpp/ql/lib/semmle/code/cpp/internal/ResolveGlobalVariable.qll
@@ -0,0 +1,60 @@
+private predicate hasDefinition(@globalvariable g) {
+  exists(@var_decl vd | var_decls(vd, g, _, _, _) | var_def(vd))
+}
+
+pragma[noinline]
+private predicate onlyOneCompleteGlobalVariableExistsWithMangledName(@mangledname name) {
+  strictcount(@globalvariable g | hasDefinition(g) and mangled_name(g, name)) = 1
+}
+
+/** Holds if `g` is a unique global variable with a definition named `name`. */
+pragma[noinline]
+private predicate isGlobalWithMangledNameAndWithDefinition(@mangledname name, @globalvariable g) {
+  hasDefinition(g) and
+  mangled_name(g, name) and
+  onlyOneCompleteGlobalVariableExistsWithMangledName(name)
+}
+
+/** Holds if `g` is a global variable without a definition named `name`. */
+pragma[noinline]
+private predicate isGlobalWithMangledNameAndWithoutDefinition(@mangledname name, @globalvariable g) {
+  not hasDefinition(g) and
+  mangled_name(g, name)
+}
+
+/**
+ * Holds if `incomplete` is a global variable without a definition, and there exists
+ * a unique global variable `complete` with the same name that does have a definition.
+ */
+private predicate hasTwinWithDefinition(@globalvariable incomplete, @globalvariable complete) {
+  exists(@mangledname name |
+    not variable_instantiation(incomplete, complete) and
+    isGlobalWithMangledNameAndWithoutDefinition(name, incomplete) and
+    isGlobalWithMangledNameAndWithDefinition(name, complete)
+  )
+}
+
+import Cached
+
+cached
+private module Cached {
+  /**
+   * If `v` is a global variable without a definition, and there exists a unique
+   * global variable with the same name that does have a definition, then the
+   * result is that unique global variable. Otherwise, the result is `v`.
+   */
+  cached
+  @variable resolveGlobalVariable(@variable v) {
+    hasTwinWithDefinition(v, result)
+    or
+    not hasTwinWithDefinition(v, _) and
+    result = v
+  }
+
+  cached
+  predicate isVariable(@variable v) {
+    not v instanceof @globalvariable
+    or
+    v = resolveGlobalVariable(_)
+  }
+}
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll
@@ -90,14 +90,20 @@ abstract class Configuration extends string {
  /** Holds if data flow out of `node` is prohibited. */
  predicate isBarrierOut(Node node) { none() }

-  /** Holds if data flow through nodes guarded by `guard` is prohibited. */
-  predicate isBarrierGuard(BarrierGuard guard) { none() }
+  /**
+   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
+   *
+   * Holds if data flow through nodes guarded by `guard` is prohibited.
+   */
+  deprecated predicate isBarrierGuard(BarrierGuard guard) { none() }

  /**
+   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
+   *
   * Holds if data flow through nodes guarded by `guard` is prohibited when
   * the flow state is `state`
   */
-  predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }
+  deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }

  /**
   * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps.
@@ -335,6 +341,29 @@ private predicate outBarrier(NodeEx node, Configuration config) {
  )
 }

+/** A bridge class to access the deprecated `isBarrierGuard`. */
+private class BarrierGuardGuardedNodeBridge extends Unit {
+  abstract predicate guardedNode(Node n, Configuration config);
+
+  abstract predicate guardedNode(Node n, FlowState state, Configuration config);
+}
+
+private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge {
+  deprecated override predicate guardedNode(Node n, Configuration config) {
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g) and
+      n = g.getAGuardedNode()
+    )
+  }
+
+  deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) {
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g, state) and
+      n = g.getAGuardedNode()
+    )
+  }
+}
+
 pragma[nomagic]
 private predicate fullBarrier(NodeEx node, Configuration config) {
  exists(Node n | node.asNode() = n |
@@ -348,10 +377,7 @@ private predicate fullBarrier(NodeEx node, Configuration config) {
    not config.isSink(n) and
    not config.isSink(n, _)
    or
-    exists(BarrierGuard g |
-      config.isBarrierGuard(g) and
-      n = g.getAGuardedNode()
-    )
+    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, config)
  )
 }

@@ -360,10 +386,7 @@ private predicate stateBarrier(NodeEx node, FlowState state, Configuration confi
  exists(Node n | node.asNode() = n |
    config.isBarrier(n, state)
    or
-    exists(BarrierGuard g |
-      config.isBarrierGuard(g, state) and
-      n = g.getAGuardedNode()
-    )
+    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, state, config)
  )
 }

@@ -405,7 +428,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    simpleLocalFlowStepExt(n1, n2) and
+    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
    stepFilter(node1, node2, config)
  )
  or
@@ -424,7 +447,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config)
  )
@@ -443,7 +466,7 @@ private predicate additionalLocalStateStep(
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not stateBarrier(node1, s1, config) and
@@ -458,7 +481,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    jumpStepCached(n1, n2) and
+    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
    stepFilter(node1, node2, config) and
    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
  )
@@ -471,7 +494,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -484,7 +507,7 @@ private predicate additionalJumpStateStep(
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not stateBarrier(node1, s1, config) and
@@ -495,7 +518,7 @@ private predicate additionalJumpStateStep(

 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(node1.asNode(), c, node2.asNode()) and
+  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
  stepFilter(node1, node2, config)
  or
  exists(Node n |
@@ -539,7 +562,8 @@ pragma[nomagic]
 private predicate store(
  NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(node1.asNode(), tc, node2.asNode(), contentType) and
+  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
+    contentType) and
  read(_, tc.getContent(), _, config) and
  stepFilter(node1, node2, config)
 }
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll
@@ -90,14 +90,20 @@ abstract class Configuration extends string {
  /** Holds if data flow out of `node` is prohibited. */
  predicate isBarrierOut(Node node) { none() }

-  /** Holds if data flow through nodes guarded by `guard` is prohibited. */
-  predicate isBarrierGuard(BarrierGuard guard) { none() }
+  /**
+   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
+   *
+   * Holds if data flow through nodes guarded by `guard` is prohibited.
+   */
+  deprecated predicate isBarrierGuard(BarrierGuard guard) { none() }

  /**
+   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
+   *
   * Holds if data flow through nodes guarded by `guard` is prohibited when
   * the flow state is `state`
   */
-  predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }
+  deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }

  /**
   * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps.
@@ -335,6 +341,29 @@ private predicate outBarrier(NodeEx node, Configuration config) {
  )
 }

+/** A bridge class to access the deprecated `isBarrierGuard`. */
+private class BarrierGuardGuardedNodeBridge extends Unit {
+  abstract predicate guardedNode(Node n, Configuration config);
+
+  abstract predicate guardedNode(Node n, FlowState state, Configuration config);
+}
+
+private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge {
+  deprecated override predicate guardedNode(Node n, Configuration config) {
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g) and
+      n = g.getAGuardedNode()
+    )
+  }
+
+  deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) {
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g, state) and
+      n = g.getAGuardedNode()
+    )
+  }
+}
+
 pragma[nomagic]
 private predicate fullBarrier(NodeEx node, Configuration config) {
  exists(Node n | node.asNode() = n |
@@ -348,10 +377,7 @@ private predicate fullBarrier(NodeEx node, Configuration config) {
    not config.isSink(n) and
    not config.isSink(n, _)
    or
-    exists(BarrierGuard g |
-      config.isBarrierGuard(g) and
-      n = g.getAGuardedNode()
-    )
+    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, config)
  )
 }

@@ -360,10 +386,7 @@ private predicate stateBarrier(NodeEx node, FlowState state, Configuration confi
  exists(Node n | node.asNode() = n |
    config.isBarrier(n, state)
    or
-    exists(BarrierGuard g |
-      config.isBarrierGuard(g, state) and
-      n = g.getAGuardedNode()
-    )
+    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, state, config)
  )
 }

@@ -405,7 +428,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    simpleLocalFlowStepExt(n1, n2) and
+    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
    stepFilter(node1, node2, config)
  )
  or
@@ -424,7 +447,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config)
  )
@@ -443,7 +466,7 @@ private predicate additionalLocalStateStep(
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not stateBarrier(node1, s1, config) and
@@ -458,7 +481,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    jumpStepCached(n1, n2) and
+    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
    stepFilter(node1, node2, config) and
    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
  )
@@ -471,7 +494,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -484,7 +507,7 @@ private predicate additionalJumpStateStep(
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not stateBarrier(node1, s1, config) and
@@ -495,7 +518,7 @@ private predicate additionalJumpStateStep(

 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(node1.asNode(), c, node2.asNode()) and
+  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
  stepFilter(node1, node2, config)
  or
  exists(Node n |
@@ -539,7 +562,8 @@ pragma[nomagic]
 private predicate store(
  NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(node1.asNode(), tc, node2.asNode(), contentType) and
+  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
+    contentType) and
  read(_, tc.getContent(), _, config) and
  stepFilter(node1, node2, config)
 }
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll
@@ -90,14 +90,20 @@ abstract class Configuration extends string {
  /** Holds if data flow out of `node` is prohibited. */
  predicate isBarrierOut(Node node) { none() }

-  /** Holds if data flow through nodes guarded by `guard` is prohibited. */
-  predicate isBarrierGuard(BarrierGuard guard) { none() }
+  /**
+   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
+   *
+   * Holds if data flow through nodes guarded by `guard` is prohibited.
+   */
+  deprecated predicate isBarrierGuard(BarrierGuard guard) { none() }

  /**
+   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
+   *
   * Holds if data flow through nodes guarded by `guard` is prohibited when
   * the flow state is `state`
   */
-  predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }
+  deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }

  /**
   * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps.
@@ -335,6 +341,29 @@ private predicate outBarrier(NodeEx node, Configuration config) {
  )
 }

+/** A bridge class to access the deprecated `isBarrierGuard`. */
+private class BarrierGuardGuardedNodeBridge extends Unit {
+  abstract predicate guardedNode(Node n, Configuration config);
+
+  abstract predicate guardedNode(Node n, FlowState state, Configuration config);
+}
+
+private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge {
+  deprecated override predicate guardedNode(Node n, Configuration config) {
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g) and
+      n = g.getAGuardedNode()
+    )
+  }
+
+  deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) {
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g, state) and
+      n = g.getAGuardedNode()
+    )
+  }
+}
+
 pragma[nomagic]
 private predicate fullBarrier(NodeEx node, Configuration config) {
  exists(Node n | node.asNode() = n |
@@ -348,10 +377,7 @@ private predicate fullBarrier(NodeEx node, Configuration config) {
    not config.isSink(n) and
    not config.isSink(n, _)
    or
-    exists(BarrierGuard g |
-      config.isBarrierGuard(g) and
-      n = g.getAGuardedNode()
-    )
+    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, config)
  )
 }

@@ -360,10 +386,7 @@ private predicate stateBarrier(NodeEx node, FlowState state, Configuration confi
  exists(Node n | node.asNode() = n |
    config.isBarrier(n, state)
    or
-    exists(BarrierGuard g |
-      config.isBarrierGuard(g, state) and
-      n = g.getAGuardedNode()
-    )
+    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, state, config)
  )
 }

@@ -405,7 +428,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    simpleLocalFlowStepExt(n1, n2) and
+    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
    stepFilter(node1, node2, config)
  )
  or
@@ -424,7 +447,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config)
  )
@@ -443,7 +466,7 @@ private predicate additionalLocalStateStep(
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not stateBarrier(node1, s1, config) and
@@ -458,7 +481,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    jumpStepCached(n1, n2) and
+    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
    stepFilter(node1, node2, config) and
    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
  )
@@ -471,7 +494,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -484,7 +507,7 @@ private predicate additionalJumpStateStep(
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not stateBarrier(node1, s1, config) and
@@ -495,7 +518,7 @@ private predicate additionalJumpStateStep(

 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(node1.asNode(), c, node2.asNode()) and
+  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
  stepFilter(node1, node2, config)
  or
  exists(Node n |
@@ -539,7 +562,8 @@ pragma[nomagic]
 private predicate store(
  NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(node1.asNode(), tc, node2.asNode(), contentType) and
+  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
+    contentType) and
  read(_, tc.getContent(), _, config) and
  stepFilter(node1, node2, config)
 }
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll
@@ -90,14 +90,20 @@ abstract class Configuration extends string {
  /** Holds if data flow out of `node` is prohibited. */
  predicate isBarrierOut(Node node) { none() }

-  /** Holds if data flow through nodes guarded by `guard` is prohibited. */
-  predicate isBarrierGuard(BarrierGuard guard) { none() }
+  /**
+   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
+   *
+   * Holds if data flow through nodes guarded by `guard` is prohibited.
+   */
+  deprecated predicate isBarrierGuard(BarrierGuard guard) { none() }

  /**
+   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
+   *
   * Holds if data flow through nodes guarded by `guard` is prohibited when
   * the flow state is `state`
   */
-  predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }
+  deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }

  /**
   * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps.
@@ -335,6 +341,29 @@ private predicate outBarrier(NodeEx node, Configuration config) {
  )
 }

+/** A bridge class to access the deprecated `isBarrierGuard`. */
+private class BarrierGuardGuardedNodeBridge extends Unit {
+  abstract predicate guardedNode(Node n, Configuration config);
+
+  abstract predicate guardedNode(Node n, FlowState state, Configuration config);
+}
+
+private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge {
+  deprecated override predicate guardedNode(Node n, Configuration config) {
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g) and
+      n = g.getAGuardedNode()
+    )
+  }
+
+  deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) {
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g, state) and
+      n = g.getAGuardedNode()
+    )
+  }
+}
+
 pragma[nomagic]
 private predicate fullBarrier(NodeEx node, Configuration config) {
  exists(Node n | node.asNode() = n |
@@ -348,10 +377,7 @@ private predicate fullBarrier(NodeEx node, Configuration config) {
    not config.isSink(n) and
    not config.isSink(n, _)
    or
-    exists(BarrierGuard g |
-      config.isBarrierGuard(g) and
-      n = g.getAGuardedNode()
-    )
+    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, config)
  )
 }

@@ -360,10 +386,7 @@ private predicate stateBarrier(NodeEx node, FlowState state, Configuration confi
  exists(Node n | node.asNode() = n |
    config.isBarrier(n, state)
    or
-    exists(BarrierGuard g |
-      config.isBarrierGuard(g, state) and
-      n = g.getAGuardedNode()
-    )
+    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, state, config)
  )
 }

@@ -405,7 +428,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    simpleLocalFlowStepExt(n1, n2) and
+    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
    stepFilter(node1, node2, config)
  )
  or
@@ -424,7 +447,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config)
  )
@@ -443,7 +466,7 @@ private predicate additionalLocalStateStep(
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not stateBarrier(node1, s1, config) and
@@ -458,7 +481,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    jumpStepCached(n1, n2) and
+    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
    stepFilter(node1, node2, config) and
    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
  )
@@ -471,7 +494,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -484,7 +507,7 @@ private predicate additionalJumpStateStep(
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not stateBarrier(node1, s1, config) and
@@ -495,7 +518,7 @@ private predicate additionalJumpStateStep(

 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(node1.asNode(), c, node2.asNode()) and
+  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
  stepFilter(node1, node2, config)
  or
  exists(Node n |
@@ -539,7 +562,8 @@ pragma[nomagic]
 private predicate store(
  NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(node1.asNode(), tc, node2.asNode(), contentType) and
+  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
+    contentType) and
  read(_, tc.getContent(), _, config) and
  stepFilter(node1, node2, config)
 }
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
@@ -100,7 +100,7 @@ class Node extends TIRDataFlowNode {
  Declaration getEnclosingCallable() { none() } // overridden in subclasses

  /** Gets the function to which this node belongs, if any. */
-  Function getFunction() { none() } // overridden in subclasses
+  Declaration getFunction() { none() } // overridden in subclasses

  /** Gets the type of this node. */
  IRType getType() { none() } // overridden in subclasses
@@ -196,7 +196,7 @@ class InstructionNode extends Node, TInstructionNode {

  override Declaration getEnclosingCallable() { result = this.getFunction() }

-  override Function getFunction() { result = instr.getEnclosingFunction() }
+  override Declaration getFunction() { result = instr.getEnclosingFunction() }

  override IRType getType() { result = instr.getResultIRType() }

@@ -222,7 +222,7 @@ class OperandNode extends Node, TOperandNode {

  override Declaration getEnclosingCallable() { result = this.getFunction() }

-  override Function getFunction() { result = op.getUse().getEnclosingFunction() }
+  override Declaration getFunction() { result = op.getUse().getEnclosingFunction() }

  override IRType getType() { result = op.getIRType() }

@@ -274,7 +274,7 @@ class StoreNodeInstr extends StoreNode, TStoreNodeInstr {
  /** Gets the underlying instruction. */
  Instruction getInstruction() { result = instr }

-  override Function getFunction() { result = this.getInstruction().getEnclosingFunction() }
+  override Declaration getFunction() { result = this.getInstruction().getEnclosingFunction() }

  override IRType getType() { result = this.getInstruction().getResultIRType() }

@@ -328,7 +328,7 @@ class StoreNodeOperand extends StoreNode, TStoreNodeOperand {
  /** Gets the underlying operand. */
  Operand getOperand() { result = operand }

-  override Function getFunction() { result = operand.getDef().getEnclosingFunction() }
+  override Declaration getFunction() { result = operand.getDef().getEnclosingFunction() }

  override IRType getType() { result = operand.getIRType() }

@@ -384,7 +384,7 @@ class ReadNode extends Node, TReadNode {

  override Declaration getEnclosingCallable() { result = this.getFunction() }

-  override Function getFunction() { result = this.getInstruction().getEnclosingFunction() }
+  override Declaration getFunction() { result = this.getInstruction().getEnclosingFunction() }

  override IRType getType() { result = this.getInstruction().getResultIRType() }

@@ -436,7 +436,7 @@ class SsaPhiNode extends Node, TSsaPhiNode {

  override Declaration getEnclosingCallable() { result = this.getFunction() }

-  override Function getFunction() { result = phi.getBasicBlock().getEnclosingFunction() }
+  override Declaration getFunction() { result = phi.getBasicBlock().getEnclosingFunction() }

  override IRType getType() { result instanceof IRVoidType }

@@ -673,7 +673,7 @@ class VariableNode extends Node, TVariableNode {
  /** Gets the variable corresponding to this node. */
  Variable getVariable() { result = v }

-  override Function getFunction() { none() }
+  override Declaration getFunction() { none() }

  override Declaration getEnclosingCallable() {
    // When flow crosses from one _enclosing callable_ to another, the
@@ -1092,6 +1092,56 @@ class ContentSet instanceof Content {
 }

 /**
+ * Holds if the guard `g` validates the expression `e` upon evaluating to `branch`.
+ *
+ * The expression `e` is expected to be a syntactic part of the guard `g`.
+ * For example, the guard `g` might be a call `isSafe(x)` and the expression `e`
+ * the argument `x`.
+ */
+signature predicate guardChecksSig(IRGuardCondition g, Expr e, boolean branch);
+
+/**
+ * Provides a set of barrier nodes for a guard that validates an expression.
+ *
+ * This is expected to be used in `isBarrier`/`isSanitizer` definitions
+ * in data flow and taint tracking.
+ */
+module BarrierGuard<guardChecksSig/3 guardChecks> {
+  /** Gets a node that is safely guarded by the given guard check. */
+  ExprNode getABarrierNode() {
+    exists(IRGuardCondition g, ValueNumber value, boolean edge |
+      guardChecks(g, value.getAnInstruction().getConvertedResultExpression(), edge) and
+      result.asInstruction() = value.getAnInstruction() and
+      g.controls(result.asInstruction().getBlock(), edge)
+    )
+  }
+}
+
+/**
+ * Holds if the guard `g` validates the instruction `instr` upon evaluating to `branch`.
+ */
+signature predicate instructionGuardChecksSig(IRGuardCondition g, Instruction instr, boolean branch);
+
+/**
+ * Provides a set of barrier nodes for a guard that validates an instruction.
+ *
+ * This is expected to be used in `isBarrier`/`isSanitizer` definitions
+ * in data flow and taint tracking.
+ */
+module InstructionBarrierGuard<instructionGuardChecksSig/3 instructionGuardChecks> {
+  /** Gets a node that is safely guarded by the given guard check. */
+  ExprNode getABarrierNode() {
+    exists(IRGuardCondition g, ValueNumber value, boolean edge |
+      instructionGuardChecks(g, value.getAnInstruction(), edge) and
+      result.asInstruction() = value.getAnInstruction() and
+      g.controls(result.asInstruction().getBlock(), edge)
+    )
+  }
+}
+
+/**
+ * DEPRECATED: Use `BarrierGuard` module instead.
+ *
 * A guard that validates some instruction.
 *
 * To use this in a configuration, extend the class and provide a
@@ -1100,7 +1150,7 @@ class ContentSet instanceof Content {
 *
 * It is important that all extending classes in scope are disjoint.
 */
-class BarrierGuard extends IRGuardCondition {
+deprecated class BarrierGuard extends IRGuardCondition {
  /** Override this predicate to hold if this guard validates `instr` upon evaluating to `b`. */
  predicate checksInstr(Instruction instr, boolean b) { none() }

--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintIRLocalFlow.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintIRLocalFlow.qll
@@ -94,12 +94,6 @@ private string getNodeProperty(DataFlow::Node node, string key) {
      any(DataFlow::Configuration cfg).isBarrierIn(node) and kind = "in"
      or
      any(DataFlow::Configuration cfg).isBarrierOut(node) and kind = "out"
-      or
-      exists(DataFlow::BarrierGuard guard |
-        any(DataFlow::Configuration cfg).isBarrierGuard(guard) and
-        node = guard.getAGuardedNode() and
-        kind = "guard(" + guard.getResultId() + ")"
-      )
    |
      kind, ", "
    )
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll
@@ -163,12 +163,6 @@ predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::Content c) { n
 */
 predicate defaultTaintSanitizer(DataFlow::Node node) { none() }

-/**
- * Holds if `guard` should be a sanitizer guard in all global taint flow configurations
- * but not in local taint.
- */
-predicate defaultTaintSanitizerGuard(DataFlow::BarrierGuard guard) { none() }
-
 /**
 * Holds if taint can flow from `instrIn` to `instrOut` through a call to a
 * modeled function.
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking1/TaintTrackingImpl.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking1/TaintTrackingImpl.qll
@@ -116,20 +116,30 @@ abstract class Configuration extends DataFlow::Configuration {

  final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) }

-  /** Holds if taint propagation through nodes guarded by `guard` is prohibited. */
-  predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() }
+  /**
+   * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead.
+   *
+   * Holds if taint propagation through nodes guarded by `guard` is prohibited.
+   */
+  deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() }

-  final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) {
-    this.isSanitizerGuard(guard) or defaultTaintSanitizerGuard(guard)
+  deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) {
+    this.isSanitizerGuard(guard)
  }

  /**
+   * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead.
+   *
   * Holds if taint propagation through nodes guarded by `guard` is prohibited
   * when the flow state is `state`.
   */
-  predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { none() }
+  deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) {
+    none()
+  }

-  final override predicate isBarrierGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) {
+  deprecated final override predicate isBarrierGuard(
+    DataFlow::BarrierGuard guard, DataFlow::FlowState state
+  ) {
    this.isSanitizerGuard(guard, state)
  }

--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking2/TaintTrackingImpl.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking2/TaintTrackingImpl.qll
@@ -116,20 +116,30 @@ abstract class Configuration extends DataFlow::Configuration {

  final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) }

-  /** Holds if taint propagation through nodes guarded by `guard` is prohibited. */
-  predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() }
+  /**
+   * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead.
+   *
+   * Holds if taint propagation through nodes guarded by `guard` is prohibited.
+   */
+  deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() }

-  final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) {
-    this.isSanitizerGuard(guard) or defaultTaintSanitizerGuard(guard)
+  deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) {
+    this.isSanitizerGuard(guard)
  }

  /**
+   * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead.
+   *
   * Holds if taint propagation through nodes guarded by `guard` is prohibited
   * when the flow state is `state`.
   */
-  predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { none() }
+  deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) {
+    none()
+  }

-  final override predicate isBarrierGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) {
+  deprecated final override predicate isBarrierGuard(
+    DataFlow::BarrierGuard guard, DataFlow::FlowState state
+  ) {
    this.isSanitizerGuard(guard, state)
  }

--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking3/TaintTrackingImpl.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking3/TaintTrackingImpl.qll
@@ -116,20 +116,30 @@ abstract class Configuration extends DataFlow::Configuration {

  final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) }

-  /** Holds if taint propagation through nodes guarded by `guard` is prohibited. */
-  predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() }
+  /**
+   * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead.
+   *
+   * Holds if taint propagation through nodes guarded by `guard` is prohibited.
+   */
+  deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() }

-  final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) {
-    this.isSanitizerGuard(guard) or defaultTaintSanitizerGuard(guard)
+  deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) {
+    this.isSanitizerGuard(guard)
  }

  /**
+   * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead.
+   *
   * Holds if taint propagation through nodes guarded by `guard` is prohibited
   * when the flow state is `state`.
   */
-  predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { none() }
+  deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) {
+    none()
+  }

-  final override predicate isBarrierGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) {
+  deprecated final override predicate isBarrierGuard(
+    DataFlow::BarrierGuard guard, DataFlow::FlowState state
+  ) {
    this.isSanitizerGuard(guard, state)
  }

--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/IRConfiguration.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/IRConfiguration.qll
@@ -16,7 +16,7 @@ class IRConfiguration extends TIRConfiguration {
  /**
   * Holds if IR should be created for function `func`. By default, holds for all functions.
   */
-  predicate shouldCreateIRForFunction(Language::Function func) { any() }
+  predicate shouldCreateIRForFunction(Language::Declaration func) { any() }

  /**
   * Holds if the strings used as part of an IR dump should be generated for function `func`.
@@ -25,7 +25,7 @@ class IRConfiguration extends TIRConfiguration {
   * of debug strings for IR that will not be dumped. We still generate the actual IR for these
   * functions, however, to preserve the results of any interprocedural analysis.
   */
-  predicate shouldEvaluateDebugStringsForFunction(Language::Function func) { any() }
+  predicate shouldEvaluateDebugStringsForFunction(Language::Declaration func) { any() }
 }

 private newtype TIREscapeAnalysisConfiguration = MkIREscapeAnalysisConfiguration()
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRBlock.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRBlock.qll
@@ -97,7 +97,7 @@ class IRBlockBase extends TIRBlock {
  /**
   * Gets the `Function` that contains this block.
   */
-  final Language::Function getEnclosingFunction() {
+  final Language::Declaration getEnclosingFunction() {
    result = getFirstInstruction(this).getEnclosingFunction()
  }
 }
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRConsistency.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRConsistency.qll
@@ -524,4 +524,23 @@ module InstructionConsistency {
        "' has a `this` argument operand that is not an address, in function '$@'." and
    irFunc = getInstructionIRFunction(instr, irFuncText)
  }
+
+  query predicate nonUniqueIRVariable(
+    Instruction instr, string message, OptionalIRFunction irFunc, string irFuncText
+  ) {
+    exists(VariableInstruction vi, IRVariable v1, IRVariable v2 |
+      instr = vi and vi.getIRVariable() = v1 and vi.getIRVariable() = v2 and v1 != v2
+    ) and
+    message =
+      "Variable instruction '" + instr.toString() +
+        "' has multiple associated variables, in function '$@'." and
+    irFunc = getInstructionIRFunction(instr, irFuncText)
+    or
+    instr.getOpcode() instanceof Opcode::VariableAddress and
+    not instr instanceof VariableInstruction and
+    message =
+      "Variable address instruction '" + instr.toString() +
+        "' has no associated variable, in function '$@'." and
+    irFunc = getInstructionIRFunction(instr, irFuncText)
+  }
 }
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRVariable.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRVariable.qll
@@ -18,7 +18,7 @@ private import Imports::IRType
 * by the AST-to-IR translation (`IRTempVariable`).
 */
 class IRVariable extends TIRVariable {
-  Language::Function func;
+  Language::Declaration func;

  IRVariable() {
    this = TIRUserVariable(_, _, func) or
@@ -79,7 +79,7 @@ class IRVariable extends TIRVariable {
  /**
   * Gets the function that references this variable.
   */
-  final Language::Function getEnclosingFunction() { result = func }
+  final Language::Declaration getEnclosingFunction() { result = func }
 }

 /**
@@ -246,7 +246,7 @@ class IREllipsisVariable extends IRTempVariable, IRParameter {

  final override string toString() { result = "#ellipsis" }

-  final override int getIndex() { result = func.getNumberOfParameters() }
+  final override int getIndex() { result = func.(Language::Function).getNumberOfParameters() }
 }

 /**
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll
@@ -194,7 +194,7 @@ class Instruction extends Construction::TStageInstruction {
  /**
   * Gets the function that contains this instruction.
   */
-  final Language::Function getEnclosingFunction() {
+  final Language::Declaration getEnclosingFunction() {
    result = this.getEnclosingIRFunction().getFunction()
  }

--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/PrintIR.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/PrintIR.qll
@@ -26,20 +26,20 @@ class PrintIRConfiguration extends TPrintIRConfiguration {
   * Holds if the IR for `func` should be printed. By default, holds for all
   * functions.
   */
-  predicate shouldPrintFunction(Language::Function func) { any() }
+  predicate shouldPrintFunction(Language::Declaration decl) { any() }
 }

 /**
 * Override of `IRConfiguration` to only evaluate debug strings for the functions that are to be dumped.
 */
 private class FilteredIRConfiguration extends IRConfiguration {
-  override predicate shouldEvaluateDebugStringsForFunction(Language::Function func) {
+  override predicate shouldEvaluateDebugStringsForFunction(Language::Declaration func) {
    shouldPrintFunction(func)
  }
 }

-private predicate shouldPrintFunction(Language::Function func) {
-  exists(PrintIRConfiguration config | config.shouldPrintFunction(func))
+private predicate shouldPrintFunction(Language::Declaration decl) {
+  exists(PrintIRConfiguration config | config.shouldPrintFunction(decl))
 }

 private string getAdditionalInstructionProperty(Instruction instr, string key) {
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/IRFunctionBase.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/IRFunctionBase.qll
@@ -5,23 +5,28 @@
 private import IRFunctionBaseInternal

 private newtype TIRFunction =
-  MkIRFunction(Language::Function func) { IRConstruction::Raw::functionHasIR(func) }
+  TFunctionIRFunction(Language::Function func) { IRConstruction::Raw::functionHasIR(func) } or
+  TVarInitIRFunction(Language::GlobalVariable var) { IRConstruction::Raw::varHasIRFunc(var) }

 /**
 * The IR for a function. This base class contains only the predicates that are the same between all
 * phases of the IR. Each instantiation of `IRFunction` extends this class.
 */
 class IRFunctionBase extends TIRFunction {
-  Language::Function func;
+  Language::Declaration decl;

-  IRFunctionBase() { this = MkIRFunction(func) }
+  IRFunctionBase() {
+    this = TFunctionIRFunction(decl)
+    or
+    this = TVarInitIRFunction(decl)
+  }

  /** Gets a textual representation of this element. */
-  final string toString() { result = "IR: " + func.toString() }
+  final string toString() { result = "IR: " + decl.toString() }

  /** Gets the function whose IR is represented. */
-  final Language::Function getFunction() { result = func }
+  final Language::Declaration getFunction() { result = decl }

  /** Gets the location of the function. */
-  final Language::Location getLocation() { result = func.getLocation() }
+  final Language::Location getLocation() { result = decl.getLocation() }
 }
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TIRVariable.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TIRVariable.qll
@@ -2,21 +2,21 @@ private import TIRVariableInternal
 private import Imports::TempVariableTag

 newtype TIRVariable =
-  TIRUserVariable(Language::Variable var, Language::LanguageType type, Language::Function func) {
+  TIRUserVariable(Language::Variable var, Language::LanguageType type, Language::Declaration func) {
    Construction::hasUserVariable(func, var, type)
  } or
  TIRTempVariable(
-    Language::Function func, Language::AST ast, TempVariableTag tag, Language::LanguageType type
+    Language::Declaration func, Language::AST ast, TempVariableTag tag, Language::LanguageType type
  ) {
    Construction::hasTempVariable(func, ast, tag, type)
  } or
  TIRDynamicInitializationFlag(
-    Language::Function func, Language::Variable var, Language::LanguageType type
+    Language::Declaration func, Language::Variable var, Language::LanguageType type
  ) {
    Construction::hasDynamicInitializationFlag(func, var, type)
  } or
  TIRStringLiteral(
-    Language::Function func, Language::AST ast, Language::LanguageType type,
+    Language::Declaration func, Language::AST ast, Language::LanguageType type,
    Language::StringLiteral literal
  ) {
    Construction::hasStringLiteral(func, ast, type, literal)
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRBlock.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRBlock.qll
@@ -97,7 +97,7 @@ class IRBlockBase extends TIRBlock {
  /**
   * Gets the `Function` that contains this block.
   */
-  final Language::Function getEnclosingFunction() {
+  final Language::Declaration getEnclosingFunction() {
    result = getFirstInstruction(this).getEnclosingFunction()
  }
 }
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRConsistency.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRConsistency.qll
@@ -524,4 +524,23 @@ module InstructionConsistency {
        "' has a `this` argument operand that is not an address, in function '$@'." and
    irFunc = getInstructionIRFunction(instr, irFuncText)
  }
+
+  query predicate nonUniqueIRVariable(
+    Instruction instr, string message, OptionalIRFunction irFunc, string irFuncText
+  ) {
+    exists(VariableInstruction vi, IRVariable v1, IRVariable v2 |
+      instr = vi and vi.getIRVariable() = v1 and vi.getIRVariable() = v2 and v1 != v2
+    ) and
+    message =
+      "Variable instruction '" + instr.toString() +
+        "' has multiple associated variables, in function '$@'." and
+    irFunc = getInstructionIRFunction(instr, irFuncText)
+    or
+    instr.getOpcode() instanceof Opcode::VariableAddress and
+    not instr instanceof VariableInstruction and
+    message =
+      "Variable address instruction '" + instr.toString() +
+        "' has no associated variable, in function '$@'." and
+    irFunc = getInstructionIRFunction(instr, irFuncText)
+  }
 }
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRVariable.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRVariable.qll
@@ -18,7 +18,7 @@ private import Imports::IRType
 * by the AST-to-IR translation (`IRTempVariable`).
 */
 class IRVariable extends TIRVariable {
-  Language::Function func;
+  Language::Declaration func;

  IRVariable() {
    this = TIRUserVariable(_, _, func) or
@@ -79,7 +79,7 @@ class IRVariable extends TIRVariable {
  /**
   * Gets the function that references this variable.
   */
-  final Language::Function getEnclosingFunction() { result = func }
+  final Language::Declaration getEnclosingFunction() { result = func }
 }

 /**
@@ -246,7 +246,7 @@ class IREllipsisVariable extends IRTempVariable, IRParameter {

  final override string toString() { result = "#ellipsis" }

-  final override int getIndex() { result = func.getNumberOfParameters() }
+  final override int getIndex() { result = func.(Language::Function).getNumberOfParameters() }
 }

 /**
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll
@@ -194,7 +194,7 @@ class Instruction extends Construction::TStageInstruction {
  /**
   * Gets the function that contains this instruction.
   */
-  final Language::Function getEnclosingFunction() {
+  final Language::Declaration getEnclosingFunction() {
    result = this.getEnclosingIRFunction().getFunction()
  }

--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/PrintIR.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/PrintIR.qll
@@ -26,20 +26,20 @@ class PrintIRConfiguration extends TPrintIRConfiguration {
   * Holds if the IR for `func` should be printed. By default, holds for all
   * functions.
   */
-  predicate shouldPrintFunction(Language::Function func) { any() }
+  predicate shouldPrintFunction(Language::Declaration decl) { any() }
 }

 /**
 * Override of `IRConfiguration` to only evaluate debug strings for the functions that are to be dumped.
 */
 private class FilteredIRConfiguration extends IRConfiguration {
-  override predicate shouldEvaluateDebugStringsForFunction(Language::Function func) {
+  override predicate shouldEvaluateDebugStringsForFunction(Language::Declaration func) {
    shouldPrintFunction(func)
  }
 }

-private predicate shouldPrintFunction(Language::Function func) {
-  exists(PrintIRConfiguration config | config.shouldPrintFunction(func))
+private predicate shouldPrintFunction(Language::Declaration decl) {
+  exists(PrintIRConfiguration config | config.shouldPrintFunction(decl))
 }

 private string getAdditionalInstructionProperty(Instruction instr, string key) {
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/IRConstruction.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/IRConstruction.qll
@@ -13,6 +13,7 @@ private import TranslatedElement
 private import TranslatedExpr
 private import TranslatedStmt
 private import TranslatedFunction
+private import TranslatedGlobalVar

 TranslatedElement getInstructionTranslatedElement(Instruction instruction) {
  instruction = TRawInstruction(result, _)
@@ -35,29 +36,41 @@ module Raw {
  cached
  predicate functionHasIR(Function func) { exists(getTranslatedFunction(func)) }

+  cached
+  predicate varHasIRFunc(GlobalOrNamespaceVariable var) {
+    var.hasInitializer() and
+    (
+      not var.getType().isDeeplyConst()
+      or
+      var.getInitializer().getExpr() instanceof StringLiteral
+    )
+  }
+
  cached
  predicate hasInstruction(TranslatedElement element, InstructionTag tag) {
    element.hasInstruction(_, tag, _)
  }

  cached
-  predicate hasUserVariable(Function func, Variable var, CppType type) {
-    getTranslatedFunction(func).hasUserVariable(var, type)
+  predicate hasUserVariable(Declaration decl, Variable var, CppType type) {
+    getTranslatedFunction(decl).hasUserVariable(var, type)
+    or
+    getTranslatedVarInit(decl).hasUserVariable(var, type)
  }

  cached
-  predicate hasTempVariable(Function func, Locatable ast, TempVariableTag tag, CppType type) {
+  predicate hasTempVariable(Declaration decl, Locatable ast, TempVariableTag tag, CppType type) {
    exists(TranslatedElement element |
      element.getAst() = ast and
-      func = element.getFunction() and
+      decl = element.getFunction() and
      element.hasTempVariable(tag, type)
    )
  }

  cached
-  predicate hasStringLiteral(Function func, Locatable ast, CppType type, StringLiteral literal) {
+  predicate hasStringLiteral(Declaration decl, Locatable ast, CppType type, StringLiteral literal) {
    literal = ast and
-    literal.getEnclosingFunction() = func and
+    literal.getEnclosingDeclaration() = decl and
    getTypeForPRValue(literal.getType()) = type
  }

--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll
@@ -180,7 +180,7 @@ abstract class TranslatedSideEffects extends TranslatedElement {
  /** DEPRECATED: Alias for getAst */
  deprecated override Locatable getAST() { result = getAst() }

-  final override Function getFunction() { result = getExpr().getEnclosingFunction() }
+  final override Declaration getFunction() { result = getExpr().getEnclosingDeclaration() }

  final override TranslatedElement getChild(int i) {
    result =
@@ -375,7 +375,7 @@ abstract class TranslatedSideEffect extends TranslatedElement {
    kind instanceof GotoEdge
  }

-  final override Function getFunction() { result = getParent().getFunction() }
+  final override Declaration getFunction() { result = getParent().getFunction() }

  final override Instruction getPrimaryInstructionForSideEffect(InstructionTag tag) {
    tag = OnlyInstructionTag() and
@@ -436,13 +436,6 @@ abstract class TranslatedArgumentSideEffect extends TranslatedSideEffect {
    result = index
  }

-  /**
-   * Gets the `TranslatedFunction` containing this expression.
-   */
-  final TranslatedFunction getEnclosingFunction() {
-    result = getTranslatedFunction(call.getEnclosingFunction())
-  }
-
  final override predicate sideEffectInstruction(Opcode opcode, CppType type) {
    opcode = sideEffectOpcode and
    (
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedElement.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedElement.qll
@@ -25,9 +25,9 @@ private Element getRealParent(Expr expr) {
  result.(Destructor).getADestruction() = expr
 }

-IRUserVariable getIRUserVariable(Function func, Variable var) {
+IRUserVariable getIRUserVariable(Declaration decl, Variable var) {
  result.getVariable() = var and
-  result.getEnclosingFunction() = func
+  result.getEnclosingFunction() = decl
 }

 IRTempVariable getIRTempVariable(Locatable ast, TempVariableTag tag) {
@@ -67,7 +67,8 @@ private predicate ignoreExprAndDescendants(Expr expr) {
  exists(Initializer init, StaticStorageDurationVariable var |
    init = var.getInitializer() and
    not var.hasDynamicInitialization() and
-    expr = init.getExpr().getFullyConverted()
+    expr = init.getExpr().getFullyConverted() and
+    not var instanceof GlobalOrNamespaceVariable
  )
  or
  // Ignore descendants of `__assume` expressions, since we translated these to `NoOp`.
@@ -117,7 +118,8 @@ private predicate ignoreExprOnly(Expr expr) {
  // should not be translated.
  exists(NewOrNewArrayExpr new | expr = new.getAllocatorCall().getArgument(0))
  or
-  not translateFunction(expr.getEnclosingFunction())
+  not translateFunction(expr.getEnclosingFunction()) and
+  not Raw::varHasIRFunc(expr.getEnclosingVariable())
  or
  // We do not yet translate destructors properly, so for now we ignore the
  // destructor call. We do, however, translate the expression being
@@ -662,7 +664,8 @@ newtype TTranslatedElement =
    opcode = getASideEffectOpcode(call, -1)
  } or
  // The side effect that initializes newly-allocated memory.
-  TTranslatedAllocationSideEffect(AllocationExpr expr) { not ignoreSideEffects(expr) }
+  TTranslatedAllocationSideEffect(AllocationExpr expr) { not ignoreSideEffects(expr) } or
+  TTranslatedGlobalOrNamespaceVarInit(GlobalOrNamespaceVariable var) { Raw::varHasIRFunc(var) }

 /**
 * Gets the index of the first explicitly initialized element in `initList`
@@ -792,7 +795,7 @@ abstract class TranslatedElement extends TTranslatedElement {
  /**
   * Gets the `Function` that contains this element.
   */
-  abstract Function getFunction();
+  abstract Declaration getFunction();

  /**
   * Gets the successor instruction of the instruction that was generated by
@@ -942,3 +945,14 @@ abstract class TranslatedElement extends TTranslatedElement {
   */
  final TranslatedElement getParent() { result.getAChild() = this }
 }
+
+/**
+ * Represents the IR translation of a root element, either a function or a global variable.
+ */
+abstract class TranslatedRootElement extends TranslatedElement {
+  TranslatedRootElement() {
+    this instanceof TTranslatedFunction
+    or
+    this instanceof TTranslatedGlobalOrNamespaceVarInit
+  }
+}
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll
@@ -12,6 +12,7 @@ private import TranslatedElement
 private import TranslatedFunction
 private import TranslatedInitialization
 private import TranslatedStmt
+private import TranslatedGlobalVar
 import TranslatedCall

 /**
@@ -78,7 +79,7 @@ abstract class TranslatedExpr extends TranslatedElement {
  /** DEPRECATED: Alias for getAst */
  deprecated override Locatable getAST() { result = this.getAst() }

-  final override Function getFunction() { result = expr.getEnclosingFunction() }
+  final override Declaration getFunction() { result = expr.getEnclosingDeclaration() }

  /**
   * Gets the expression from which this `TranslatedExpr` is generated.
@@ -88,8 +89,10 @@ abstract class TranslatedExpr extends TranslatedElement {
  /**
   * Gets the `TranslatedFunction` containing this expression.
   */
-  final TranslatedFunction getEnclosingFunction() {
+  final TranslatedRootElement getEnclosingFunction() {
    result = getTranslatedFunction(expr.getEnclosingFunction())
+    or
+    result = getTranslatedVarInit(expr.getEnclosingVariable())
  }
 }

@@ -787,7 +790,7 @@ class TranslatedThisExpr extends TranslatedNonConstantExpr {

  override IRVariable getInstructionVariable(InstructionTag tag) {
    tag = ThisAddressTag() and
-    result = this.getEnclosingFunction().getThisVariable()
+    result = this.getEnclosingFunction().(TranslatedFunction).getThisVariable()
  }
 }

@@ -838,7 +841,7 @@ class TranslatedNonFieldVariableAccess extends TranslatedVariableAccess {

  override IRVariable getInstructionVariable(InstructionTag tag) {
    tag = OnlyInstructionTag() and
-    result = getIRUserVariable(expr.getEnclosingFunction(), expr.getTarget())
+    result = getIRUserVariable(expr.getEnclosingDeclaration(), expr.getTarget())
  }
 }

@@ -2522,7 +2525,7 @@ class TranslatedVarArgsStart extends TranslatedNonConstantExpr {

  final override IRVariable getInstructionVariable(InstructionTag tag) {
    tag = VarArgsStartEllipsisAddressTag() and
-    result = this.getEnclosingFunction().getEllipsisVariable()
+    result = this.getEnclosingFunction().(TranslatedFunction).getEllipsisVariable()
  }

  final override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedFunction.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedFunction.qll
@@ -58,7 +58,7 @@ predicate hasReturnValue(Function func) { not func.getUnspecifiedType() instance
 * Represents the IR translation of a function. This is the root elements for
 * all other elements associated with this function.
 */
-class TranslatedFunction extends TranslatedElement, TTranslatedFunction {
+class TranslatedFunction extends TranslatedRootElement, TTranslatedFunction {
  Function func;

  TranslatedFunction() { this = TTranslatedFunction(func) }
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedGlobalVar.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedGlobalVar.qll
@@ -0,0 +1,132 @@
+import semmle.code.cpp.ir.implementation.raw.internal.TranslatedElement
+private import cpp
+private import semmle.code.cpp.ir.implementation.IRType
+private import semmle.code.cpp.ir.implementation.Opcode
+private import semmle.code.cpp.ir.implementation.internal.OperandTag
+private import semmle.code.cpp.ir.internal.CppType
+private import TranslatedInitialization
+private import InstructionTag
+private import semmle.code.cpp.ir.internal.IRUtilities
+
+class TranslatedGlobalOrNamespaceVarInit extends TranslatedRootElement,
+  TTranslatedGlobalOrNamespaceVarInit, InitializationContext {
+  GlobalOrNamespaceVariable var;
+
+  TranslatedGlobalOrNamespaceVarInit() { this = TTranslatedGlobalOrNamespaceVarInit(var) }
+
+  override string toString() { result = var.toString() }
+
+  final override GlobalOrNamespaceVariable getAst() { result = var }
+
+  final override Declaration getFunction() { result = var }
+
+  final Location getLocation() { result = var.getLocation() }
+
+  override Instruction getFirstInstruction() { result = this.getInstruction(EnterFunctionTag()) }
+
+  override TranslatedElement getChild(int n) {
+    n = 1 and
+    result = getTranslatedInitialization(var.getInitializer().getExpr().getFullyConverted())
+  }
+
+  override predicate hasInstruction(Opcode op, InstructionTag tag, CppType type) {
+    op instanceof Opcode::EnterFunction and
+    tag = EnterFunctionTag() and
+    type = getVoidType()
+    or
+    op instanceof Opcode::AliasedDefinition and
+    tag = AliasedDefinitionTag() and
+    type = getUnknownType()
+    or
+    op instanceof Opcode::VariableAddress and
+    tag = InitializerVariableAddressTag() and
+    type = getTypeForGLValue(var.getType())
+    or
+    op instanceof Opcode::ReturnVoid and
+    tag = ReturnTag() and
+    type = getVoidType()
+    or
+    op instanceof Opcode::AliasedUse and
+    tag = AliasedUseTag() and
+    type = getVoidType()
+    or
+    op instanceof Opcode::ExitFunction and
+    tag = ExitFunctionTag() and
+    type = getVoidType()
+  }
+
+  override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) {
+    kind instanceof GotoEdge and
+    (
+      tag = EnterFunctionTag() and
+      result = this.getInstruction(AliasedDefinitionTag())
+      or
+      tag = AliasedDefinitionTag() and
+      result = this.getInstruction(InitializerVariableAddressTag())
+      or
+      tag = InitializerVariableAddressTag() and
+      result = getChild(1).getFirstInstruction()
+      or
+      tag = ReturnTag() and
+      result = this.getInstruction(AliasedUseTag())
+      or
+      tag = AliasedUseTag() and
+      result = this.getInstruction(ExitFunctionTag())
+    )
+  }
+
+  override Instruction getChildSuccessor(TranslatedElement child) {
+    child = this.getChild(1) and
+    result = this.getInstruction(ReturnTag())
+  }
+
+  final override CppType getInstructionMemoryOperandType(
+    InstructionTag tag, TypedOperandTag operandTag
+  ) {
+    tag = AliasedUseTag() and
+    operandTag instanceof SideEffectOperandTag and
+    result = getUnknownType()
+  }
+
+  override IRUserVariable getInstructionVariable(InstructionTag tag) {
+    tag = InitializerVariableAddressTag() and
+    result.getVariable() = var and
+    result.getEnclosingFunction() = var
+  }
+
+  override Instruction getTargetAddress() {
+    result = this.getInstruction(InitializerVariableAddressTag())
+  }
+
+  override Type getTargetType() { result = var.getUnspecifiedType() }
+
+  /**
+   * Holds if this variable defines or accesses variable `var` with type `type`. This includes all
+   * parameters and local variables, plus any global variables or static data members that are
+   * directly accessed by the function.
+   */
+  final predicate hasUserVariable(Variable varUsed, CppType type) {
+    (
+      (
+        varUsed instanceof GlobalOrNamespaceVariable
+        or
+        varUsed instanceof MemberVariable and not varUsed instanceof Field
+      ) and
+      exists(VariableAccess access |
+        access.getTarget() = varUsed and
+        access.getEnclosingVariable() = var
+      )
+      or
+      var = varUsed
+      or
+      varUsed.(LocalScopeVariable).getEnclosingElement*() = var
+      or
+      varUsed.(Parameter).getCatchBlock().getEnclosingElement*() = var
+    ) and
+    type = getTypeForPRValue(getVariableType(varUsed))
+  }
+}
+
+TranslatedGlobalOrNamespaceVarInit getTranslatedVarInit(GlobalOrNamespaceVariable var) {
+  result.getAst() = var
+}
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedInitialization.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedInitialization.qll
@@ -137,7 +137,10 @@ abstract class TranslatedInitialization extends TranslatedElement, TTranslatedIn

  final override string toString() { result = "init: " + expr.toString() }

-  final override Function getFunction() { result = expr.getEnclosingFunction() }
+  final override Declaration getFunction() {
+    result = expr.getEnclosingFunction() or
+    result = expr.getEnclosingVariable().(GlobalOrNamespaceVariable)
+  }

  final override Locatable getAst() { result = expr }

@@ -486,7 +489,10 @@ abstract class TranslatedFieldInitialization extends TranslatedElement {
  /** DEPRECATED: Alias for getAst */
  deprecated override Locatable getAST() { result = getAst() }

-  final override Function getFunction() { result = ast.getEnclosingFunction() }
+  final override Declaration getFunction() {
+    result = ast.getEnclosingFunction() or
+    result = ast.getEnclosingVariable().(GlobalOrNamespaceVariable)
+  }

  final override Instruction getFirstInstruction() { result = getInstruction(getFieldAddressTag()) }

@@ -633,7 +639,11 @@ abstract class TranslatedElementInitialization extends TranslatedElement {
  /** DEPRECATED: Alias for getAst */
  deprecated override Locatable getAST() { result = getAst() }

-  final override Function getFunction() { result = initList.getEnclosingFunction() }
+  final override Declaration getFunction() {
+    result = initList.getEnclosingFunction()
+    or
+    result = initList.getEnclosingVariable().(GlobalOrNamespaceVariable)
+  }

  final override Instruction getFirstInstruction() { result = getInstruction(getElementIndexTag()) }

--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRBlock.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRBlock.qll
@@ -97,7 +97,7 @@ class IRBlockBase extends TIRBlock {
  /**
   * Gets the `Function` that contains this block.
   */
-  final Language::Function getEnclosingFunction() {
+  final Language::Declaration getEnclosingFunction() {
    result = getFirstInstruction(this).getEnclosingFunction()
  }
 }
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRConsistency.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRConsistency.qll
@@ -524,4 +524,23 @@ module InstructionConsistency {
        "' has a `this` argument operand that is not an address, in function '$@'." and
    irFunc = getInstructionIRFunction(instr, irFuncText)
  }
+
+  query predicate nonUniqueIRVariable(
+    Instruction instr, string message, OptionalIRFunction irFunc, string irFuncText
+  ) {
+    exists(VariableInstruction vi, IRVariable v1, IRVariable v2 |
+      instr = vi and vi.getIRVariable() = v1 and vi.getIRVariable() = v2 and v1 != v2
+    ) and
+    message =
+      "Variable instruction '" + instr.toString() +
+        "' has multiple associated variables, in function '$@'." and
+    irFunc = getInstructionIRFunction(instr, irFuncText)
+    or
+    instr.getOpcode() instanceof Opcode::VariableAddress and
+    not instr instanceof VariableInstruction and
+    message =
+      "Variable address instruction '" + instr.toString() +
+        "' has no associated variable, in function '$@'." and
+    irFunc = getInstructionIRFunction(instr, irFuncText)
+  }
 }
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRVariable.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRVariable.qll
@@ -18,7 +18,7 @@ private import Imports::IRType
 * by the AST-to-IR translation (`IRTempVariable`).
 */
 class IRVariable extends TIRVariable {
-  Language::Function func;
+  Language::Declaration func;

  IRVariable() {
    this = TIRUserVariable(_, _, func) or
@@ -79,7 +79,7 @@ class IRVariable extends TIRVariable {
  /**
   * Gets the function that references this variable.
   */
-  final Language::Function getEnclosingFunction() { result = func }
+  final Language::Declaration getEnclosingFunction() { result = func }
 }

 /**
@@ -246,7 +246,7 @@ class IREllipsisVariable extends IRTempVariable, IRParameter {

  final override string toString() { result = "#ellipsis" }

-  final override int getIndex() { result = func.getNumberOfParameters() }
+  final override int getIndex() { result = func.(Language::Function).getNumberOfParameters() }
 }

 /**
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll
@@ -194,7 +194,7 @@ class Instruction extends Construction::TStageInstruction {
  /**
   * Gets the function that contains this instruction.
   */
-  final Language::Function getEnclosingFunction() {
+  final Language::Declaration getEnclosingFunction() {
    result = this.getEnclosingIRFunction().getFunction()
  }

--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/PrintIR.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/PrintIR.qll
@@ -26,20 +26,20 @@ class PrintIRConfiguration extends TPrintIRConfiguration {
   * Holds if the IR for `func` should be printed. By default, holds for all
   * functions.
   */
-  predicate shouldPrintFunction(Language::Function func) { any() }
+  predicate shouldPrintFunction(Language::Declaration decl) { any() }
 }

 /**
 * Override of `IRConfiguration` to only evaluate debug strings for the functions that are to be dumped.
 */
 private class FilteredIRConfiguration extends IRConfiguration {
-  override predicate shouldEvaluateDebugStringsForFunction(Language::Function func) {
+  override predicate shouldEvaluateDebugStringsForFunction(Language::Declaration func) {
    shouldPrintFunction(func)
  }
 }

-private predicate shouldPrintFunction(Language::Function func) {
-  exists(PrintIRConfiguration config | config.shouldPrintFunction(func))
+private predicate shouldPrintFunction(Language::Declaration decl) {
+  exists(PrintIRConfiguration config | config.shouldPrintFunction(decl))
 }

 private string getAdditionalInstructionProperty(Instruction instr, string key) {
--- a/cpp/ql/lib/semmle/code/cpp/ir/internal/IRCppLanguage.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/internal/IRCppLanguage.qll
@@ -50,12 +50,16 @@ class AutomaticVariable = Cpp::StackVariable;

 class StaticVariable = Cpp::Variable;

+class GlobalVariable = Cpp::GlobalOrNamespaceVariable;
+
 class Parameter = Cpp::Parameter;

 class Field = Cpp::Field;

 class BuiltInOperation = Cpp::BuiltInOperation;

+class Declaration = Cpp::Declaration;
+
 // TODO: Remove necessity for these.
 class Expr = Cpp::Expr;

--- a/cpp/ql/src/CHANGELOG.md
+++ b/cpp/ql/src/CHANGELOG.md
@@ -1,3 +1,13 @@
+## 0.3.0
+
+### Breaking Changes
+
+* Contextual queries and the query libraries they depend on have been moved to the `codeql/cpp-all` package.
+
+## 0.2.0
+
+## 0.1.4
+
 ## 0.1.3

 ### Minor Analysis Improvements
--- a/Bugs/Conversion/LossyFunctionResultCast.ql
+++ b/Bugs/Conversion/LossyFunctionResultCast.ql
@@ -44,7 +44,7 @@ predicate whiteListWrapped(FunctionCall fc) {

 from FunctionCall c, FloatingPointType t1, IntegralType t2
 where
-  t1 = c.getTarget().getType().getUnderlyingType() and
+  pragma[only_bind_into](t1) = c.getTarget().getType().getUnderlyingType() and
  t2 = c.getActualType() and
  c.hasImplicitConversion() and
  not whiteListWrapped(c)
--- a/Management/ReturnStackAllocatedMemory.ql
+++ b/Management/ReturnStackAllocatedMemory.ql
@@ -18,7 +18,7 @@ import semmle.code.cpp.ir.IR
 import semmle.code.cpp.ir.dataflow.MustFlow
 import PathGraph

-/** Holds if `f` has a name that we intrepret as evidence of intentionally returning the value of the stack pointer. */
+/** Holds if `f` has a name that we interpret as evidence of intentionally returning the value of the stack pointer. */
 predicate intentionallyReturnsStackPointer(Function f) {
  f.getName().toLowerCase().matches(["%stack%", "%sp%"])
 }
@@ -74,13 +74,12 @@ class ReturnStackAllocatedMemoryConfig extends MustFlowConfiguration {

 from
  MustFlowPathNode source, MustFlowPathNode sink, VariableAddressInstruction var,
-  ReturnStackAllocatedMemoryConfig conf, Function f
+  ReturnStackAllocatedMemoryConfig conf
 where
-  conf.hasFlowPath(source, sink) and
+  conf.hasFlowPath(pragma[only_bind_into](source), pragma[only_bind_into](sink)) and
  source.getNode().asInstruction() = var and
  // Only raise an alert if we're returning from the _same_ callable as the on that
  // declared the stack variable.
-  var.getEnclosingFunction() = pragma[only_bind_into](f) and
-  sink.getNode().getEnclosingCallable() = pragma[only_bind_into](f)
+  var.getEnclosingFunction() = sink.getNode().getEnclosingCallable()
 select sink.getNode(), source, sink, "May return stack-allocated memory from $@.", var.getAst(),
  var.getAst().toString()
--- a/Management/UsingExpiredStackAddress.ql
+++ b/Management/UsingExpiredStackAddress.ql
@@ -133,7 +133,9 @@ TGlobalAddress globalAddress(Instruction instr) {
  )
  or
  exists(FieldAddressInstruction fai | instr = fai |
-    result = TFieldAddress(globalAddress(fai.getObjectAddress()), fai.getField())
+    result =
+      TFieldAddress(globalAddress(pragma[only_bind_into](fai.getObjectAddress())),
+        pragma[only_bind_out](fai.getField()))
  )
  or
  result = globalAddress(instr.(PointerOffsetInstruction).getLeft())
--- a/Bugs/UseInOwnInitializer.ql
+++ b/Bugs/UseInOwnInitializer.ql
@@ -15,6 +15,7 @@ class VariableAccessInInitializer extends VariableAccess {
  Variable var;
  Initializer init;

+  pragma[nomagic]
  VariableAccessInInitializer() {
    init.getDeclaration() = var and
    init.getExpr().getAChild*() = this
--- a/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql
+++ b/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql
@@ -77,7 +77,7 @@ class ExecState extends DataFlow::FlowState {
  ExecState() {
    this =
      "ExecState (" + fst.getLocation() + " | " + fst + ", " + snd.getLocation() + " | " + snd + ")" and
-    interestingConcatenation(fst, snd)
+    interestingConcatenation(pragma[only_bind_into](fst), pragma[only_bind_into](snd))
  }

  DataFlow::Node getFstNode() { result = fst }
--- a/cpp/ql/src/change-notes/released/0.1.4.md
+++ b/cpp/ql/src/change-notes/released/0.1.4.md
@@ -0,0 +1 @@
+## 0.1.4
--- a/cpp/ql/src/change-notes/released/0.2.0.md
+++ b/cpp/ql/src/change-notes/released/0.2.0.md
@@ -0,0 +1 @@
+## 0.2.0
--- a/cpp/ql/src/change-notes/released/0.3.0.md
+++ b/cpp/ql/src/change-notes/released/0.3.0.md
@@ -0,0 +1,5 @@
+## 0.3.0
+
+### Breaking Changes
+
+* Contextual queries and the query libraries they depend on have been moved to the `codeql/cpp-all` package.
--- a/cpp/ql/src/codeql-pack.release.yml
+++ b/cpp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.3
+lastReleaseVersion: 0.3.0
--- a/cpp/ql/src/experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.cpp
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.cpp
@@ -0,0 +1,11 @@
+...
+SSL_shutdown(ssl); 
+SSL_shutdown(ssl); // BAD
+...
+    switch ((ret = SSL_shutdown(ssl))) {
+    case 1:
+      break;
+    case 0:
+      ERR_clear_error();
+      if (-1 != (ret = SSL_shutdown(ssl))) break; // GOOD
+...
--- a/cpp/ql/src/experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.qhelp
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.qhelp
@@ -0,0 +1,27 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+<overview>
+<p>Incorrect closing of the connection leads to the creation of different states for the server and client, which can be exploited by an attacker.</p>
+
+</overview>
+
+<example>
+<p>The following example shows the incorrect and correct usage of function SSL_shutdown.</p>
+<sample src="DangerousUseSSL_shutdown.cpp" />
+
+</example>
+<references>
+
+<li>
+  CERT Coding Standard:
+  <a href="https://wiki.sei.cmu.edu/confluence/display/c/EXP12-C.+Do+not+ignore+values+returned+by+functions">EXP12-C. Do not ignore values returned by functions - SEI CERT C Coding Standard - Confluence</a>.
+</li>
+<li>
+  Openssl.org:
+  <a href="https://www.openssl.org/docs/man3.0/man3/SSL_shutdown.html">SSL_shutdown - shut down a TLS/SSL connection</a>.
+</li>
+
+</references>
+</qhelp>
--- a/cpp/ql/src/experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.ql
@@ -0,0 +1,33 @@
+/**
+ * @name Dangerous use SSL_shutdown.
+ * @description Incorrect closing of the connection leads to the creation of different states for the server and client, which can be exploited by an attacker.
+ * @kind problem
+ * @id cpp/dangerous-use-of-ssl-shutdown
+ * @problem.severity warning
+ * @precision medium
+ * @tags correctness
+ *       security
+ *       external/cwe/cwe-670
+ */
+
+import cpp
+import semmle.code.cpp.commons.Exclusions
+import semmle.code.cpp.valuenumbering.GlobalValueNumbering
+
+from FunctionCall fc, FunctionCall fc1
+where
+  fc != fc1 and
+  fc.getASuccessor+() = fc1 and
+  fc.getTarget().hasName("SSL_shutdown") and
+  fc1.getTarget().hasName("SSL_shutdown") and
+  fc1 instanceof ExprInVoidContext and
+  (
+    globalValueNumber(fc.getArgument(0)) = globalValueNumber(fc1.getArgument(0)) or
+    fc.getArgument(0).(VariableAccess).getTarget() = fc1.getArgument(0).(VariableAccess).getTarget()
+  ) and
+  not exists(FunctionCall fctmp |
+    fctmp.getTarget().hasName("SSL_free") and
+    fc.getASuccessor+() = fctmp and
+    fctmp.getASuccessor+() = fc1
+  )
+select fc, "You need to handle the return value SSL_shutdown"
--- a/cpp/ql/src/qlpack.yml
+++ b/cpp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.1.4-dev
+version: 0.3.1-dev
 groups: 
  - cpp
  - queries
--- a/cpp/ql/test/TestUtilities/InlineExpectationsTest.qll
+++ b/cpp/ql/test/TestUtilities/InlineExpectationsTest.qll
@@ -239,12 +239,24 @@ private string getColumnString(TColumn column) {

 /**
 * RegEx pattern to match a single expected result, not including the leading `$`. It consists of one or
- * more comma-separated tags containing only letters, digits, `-` and `_` (note that the first character
- * must not be a digit), optionally followed by `=` and the expected value.
+ * more comma-separated tags optionally followed by `=` and the expected value.
+ *
+ * Tags must be only letters, digits, `-` and `_` (note that the first character
+ * must not be a digit), but can contain anything enclosed in a single set of
+ * square brackets.
+ *
+ * Examples:
+ * - `tag`
+ * - `tag=value`
+ * - `tag,tag2=value`
+ * - `tag[foo bar]=value`
+ *
+ * Not allowed:
+ * - `tag[[[foo bar]`
 */
 private string expectationPattern() {
  exists(string tag, string tags, string value |
-    tag = "[A-Za-z-_][A-Za-z-_0-9]*" and
+    tag = "[A-Za-z-_](?:[A-Za-z-_0-9]|\\[[^\\]\\]]*\\])*" and
    tags = "((?:" + tag + ")(?:\\s*,\\s*" + tag + ")*)" and
    // In Python, we allow both `"` and `'` for strings, as well as the prefixes `bru`.
    // For example, `b"foo"`.
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-670/semmle/tests/DangerousUseSSL_shutdown.expected
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-670/semmle/tests/DangerousUseSSL_shutdown.expected
@@ -0,0 +1,2 @@
+| test.cpp:45:20:45:31 | call to SSL_shutdown | You need to handle the return value SSL_shutdown |
+| test.cpp:61:11:61:22 | call to SSL_shutdown | You need to handle the return value SSL_shutdown |
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-670/semmle/tests/DangerousUseSSL_shutdown.qlref
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-670/semmle/tests/DangerousUseSSL_shutdown.qlref
@@ -0,0 +1 @@
+experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.ql
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-670/semmle/tests/test.cpp
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-670/semmle/tests/test.cpp
@@ -0,0 +1,75 @@
+// it's not exact, but it's enough for an example
+typedef int SSL;
+
+
+int SSL_shutdown(SSL *ssl);
+int SSL_get_error(const SSL *ssl, int ret);
+void ERR_clear_error(void);
+void print_error(char *buff,int code);
+
+int gootTest1(SSL *ssl)
+{
+  int ret;
+    switch ((ret = SSL_shutdown(ssl))) {
+    case 1:
+      break;
+    case 0:
+      ERR_clear_error();
+      if ((ret = SSL_shutdown(ssl)) == 1) break; // GOOD
+    default:
+      print_error("error shutdown",
+        SSL_get_error(ssl, ret));
+      return -1;
+    }
+ return 0;
+}
+int gootTest2(SSL *ssl)
+{
+  int ret;
+    switch ((ret = SSL_shutdown(ssl))) {
+    case 1:
+      break;
+    case 0:
+      ERR_clear_error();
+      if (-1 != (ret = SSL_shutdown(ssl))) break; // GOOD
+    default:
+      print_error("error shutdown",
+        SSL_get_error(ssl, ret));
+      return -1;
+    }
+ return 0;
+}
+int badTest1(SSL *ssl)
+{
+  int ret;
+    switch ((ret = SSL_shutdown(ssl))) {
+    case 1:
+      break;
+    case 0:
+      SSL_shutdown(ssl); // BAD
+      break;
+    default:      
+      print_error("error shutdown",
+        SSL_get_error(ssl, ret));
+      return -1;
+    }
+ return 0;
+}
+int badTest2(SSL *ssl)
+{
+  int ret;
+    ret = SSL_shutdown(ssl);
+    switch (ret) {
+    case 1:
+      break;
+    case 0:
+      SSL_shutdown(ssl); // BAD
+      break;
+    default:
+      print_error("error shutdown",
+        SSL_get_error(ssl, ret));
+      return -1;
+    }
+ return 0;
+}
+
--- a/cpp/ql/test/library-tests/controlflow/nullness/nullness.expected
+++ b/cpp/ql/test/library-tests/controlflow/nullness/nullness.expected
@@ -0,0 +1,20 @@
+| test.cpp:9:9:9:9 | v | test.cpp:5:13:5:13 | v | is not null | is valid |
+| test.cpp:10:9:10:10 | ! ... | test.cpp:5:13:5:13 | v | is null | is not valid |
+| test.cpp:11:9:11:14 | ... == ... | test.cpp:5:13:5:13 | v | is null | is not valid |
+| test.cpp:12:9:12:17 | ... == ... | test.cpp:5:13:5:13 | v | is not null | is valid |
+| test.cpp:13:9:13:14 | ... != ... | test.cpp:5:13:5:13 | v | is not null | is valid |
+| test.cpp:14:9:14:17 | ... != ... | test.cpp:5:13:5:13 | v | is null | is not valid |
+| test.cpp:15:8:15:23 | call to __builtin_expect | test.cpp:5:13:5:13 | v | is not null | is valid |
+| test.cpp:16:8:16:23 | call to __builtin_expect | test.cpp:5:13:5:13 | v | is null | is not valid |
+| test.cpp:17:9:17:17 | ... && ... | test.cpp:5:13:5:13 | v | is not null | is valid |
+| test.cpp:18:9:18:17 | ... && ... | test.cpp:5:13:5:13 | v | is not null | is valid |
+| test.cpp:19:9:19:18 | ... && ... | test.cpp:5:13:5:13 | v | is null | is not valid |
+| test.cpp:20:9:20:18 | ... && ... | test.cpp:5:13:5:13 | v | is null | is not valid |
+| test.cpp:21:9:21:14 | ... = ... | test.cpp:5:13:5:13 | v | is null | is not valid |
+| test.cpp:21:9:21:14 | ... = ... | test.cpp:7:10:7:10 | b | is not null | is valid |
+| test.cpp:22:9:22:14 | ... = ... | test.cpp:5:13:5:13 | v | is not null | is not valid |
+| test.cpp:22:9:22:14 | ... = ... | test.cpp:7:13:7:13 | c | is not null | is not valid |
+| test.cpp:22:17:22:17 | c | test.cpp:7:13:7:13 | c | is not null | is valid |
+| test.cpp:23:21:23:21 | x | test.cpp:23:14:23:14 | x | is not null | is valid |
+| test.cpp:24:9:24:18 | (condition decl) | test.cpp:5:13:5:13 | v | is not null | is not valid |
+| test.cpp:24:9:24:18 | (condition decl) | test.cpp:24:14:24:14 | y | is not null | is valid |
--- a/Show More
+++ b/Show More
				`@@ -0,0 +1 @@`
				`experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.ql`