Merge pull request #20545 from github/release-prep/2.23.2

Release preparation for version 2.23.2
C#: tweak changelog wording
2026-05-16 20:27:06 +02:00 · 2025-09-29 15:35:24 +01:00 · 2025-09-29 15:32:52 +01:00 · 2025-09-29 10:28:45 +00:00 · 2025-09-28 16:56:31 +02:00 · 2025-09-26 16:02:30 +01:00
1105 changed files with 42654 additions and 27475 deletions
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -34,7 +34,7 @@ jobs:
    - name: Setup dotnet
      uses: actions/setup-dotnet@v4
      with:
-        dotnet-version: 9.0.100
+        dotnet-version: 9.0.300

    - name: Checkout repository
      uses: actions/checkout@v5
--- a/.github/workflows/csharp-qltest.yml
+++ b/.github/workflows/csharp-qltest.yml
@@ -43,14 +43,14 @@ jobs:
      - name: Setup dotnet
        uses: actions/setup-dotnet@v4
        with:
-          dotnet-version: 9.0.100
+          dotnet-version: 9.0.300
      - name: Extractor unit tests
        run: |
          dotnet tool restore
-          dotnet test -p:RuntimeFrameworkVersion=9.0.0 extractor/Semmle.Util.Tests
-          dotnet test -p:RuntimeFrameworkVersion=9.0.0 extractor/Semmle.Extraction.Tests
-          dotnet test -p:RuntimeFrameworkVersion=9.0.0 autobuilder/Semmle.Autobuild.CSharp.Tests
-          dotnet test -p:RuntimeFrameworkVersion=9.0.0 autobuilder/Semmle.Autobuild.Cpp.Tests
+          dotnet test -p:RuntimeFrameworkVersion=9.0.5 extractor/Semmle.Util.Tests
+          dotnet test -p:RuntimeFrameworkVersion=9.0.5 extractor/Semmle.Extraction.Tests
+          dotnet test -p:RuntimeFrameworkVersion=9.0.5 autobuilder/Semmle.Autobuild.CSharp.Tests
+          dotnet test -p:RuntimeFrameworkVersion=9.0.5 autobuilder/Semmle.Autobuild.Cpp.Tests
        shell: bash
  stubgentest:
    runs-on: ubuntu-latest
--- a/.gitignore
+++ b/.gitignore
@@ -76,3 +76,6 @@ node_modules/
 # some upgrade/downgrade checks create these files
 **/upgrades/*/*.dbscheme.stats
 **/downgrades/*/*.dbscheme.stats
+
+# Mergetool files
+*.orig
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -26,7 +26,7 @@ bazel_dep(name = "nlohmann_json", version = "3.11.3", repo_name = "json")
 bazel_dep(name = "fmt", version = "10.0.0")
 bazel_dep(name = "rules_kotlin", version = "2.1.3-codeql.1")
 bazel_dep(name = "gazelle", version = "0.40.0")
-bazel_dep(name = "rules_dotnet", version = "0.17.4")
+bazel_dep(name = "rules_dotnet", version = "0.19.2-codeql.1")
 bazel_dep(name = "googletest", version = "1.14.0.bcr.1")
 bazel_dep(name = "rules_rust", version = "0.63.0")
 bazel_dep(name = "zstd", version = "1.5.5.bcr.1")
@@ -89,8 +89,8 @@ use_repo(
    "vendor_py__cc-1.2.14",
    "vendor_py__clap-4.5.30",
    "vendor_py__regex-1.11.1",
-    "vendor_py__tree-sitter-0.20.4",
-    "vendor_py__tree-sitter-graph-0.7.0",
+    "vendor_py__tree-sitter-0.24.7",
+    "vendor_py__tree-sitter-graph-0.12.0",
 )

 # deps for ruby+rust
@@ -101,50 +101,50 @@ use_repo(
    "vendor_ts__anyhow-1.0.99",
    "vendor_ts__argfile-0.2.1",
    "vendor_ts__chalk-ir-0.104.0",
-    "vendor_ts__chrono-0.4.41",
-    "vendor_ts__clap-4.5.44",
+    "vendor_ts__chrono-0.4.42",
+    "vendor_ts__clap-4.5.47",
    "vendor_ts__dunce-1.0.5",
    "vendor_ts__either-1.15.0",
    "vendor_ts__encoding-0.2.33",
    "vendor_ts__figment-0.10.19",
-    "vendor_ts__flate2-1.1.0",
+    "vendor_ts__flate2-1.1.2",
    "vendor_ts__glob-0.3.3",
-    "vendor_ts__globset-0.4.15",
+    "vendor_ts__globset-0.4.16",
    "vendor_ts__itertools-0.14.0",
    "vendor_ts__lazy_static-1.5.0",
    "vendor_ts__mustache-0.9.0",
    "vendor_ts__num-traits-0.2.19",
    "vendor_ts__num_cpus-1.17.0",
-    "vendor_ts__proc-macro2-1.0.97",
+    "vendor_ts__proc-macro2-1.0.101",
    "vendor_ts__quote-1.0.40",
-    "vendor_ts__ra_ap_base_db-0.0.300",
-    "vendor_ts__ra_ap_cfg-0.0.300",
-    "vendor_ts__ra_ap_hir-0.0.300",
-    "vendor_ts__ra_ap_hir_def-0.0.300",
-    "vendor_ts__ra_ap_hir_expand-0.0.300",
-    "vendor_ts__ra_ap_hir_ty-0.0.300",
-    "vendor_ts__ra_ap_ide_db-0.0.300",
-    "vendor_ts__ra_ap_intern-0.0.300",
-    "vendor_ts__ra_ap_load-cargo-0.0.300",
-    "vendor_ts__ra_ap_parser-0.0.300",
-    "vendor_ts__ra_ap_paths-0.0.300",
-    "vendor_ts__ra_ap_project_model-0.0.300",
-    "vendor_ts__ra_ap_span-0.0.300",
-    "vendor_ts__ra_ap_stdx-0.0.300",
-    "vendor_ts__ra_ap_syntax-0.0.300",
-    "vendor_ts__ra_ap_vfs-0.0.300",
+    "vendor_ts__ra_ap_base_db-0.0.301",
+    "vendor_ts__ra_ap_cfg-0.0.301",
+    "vendor_ts__ra_ap_hir-0.0.301",
+    "vendor_ts__ra_ap_hir_def-0.0.301",
+    "vendor_ts__ra_ap_hir_expand-0.0.301",
+    "vendor_ts__ra_ap_hir_ty-0.0.301",
+    "vendor_ts__ra_ap_ide_db-0.0.301",
+    "vendor_ts__ra_ap_intern-0.0.301",
+    "vendor_ts__ra_ap_load-cargo-0.0.301",
+    "vendor_ts__ra_ap_parser-0.0.301",
+    "vendor_ts__ra_ap_paths-0.0.301",
+    "vendor_ts__ra_ap_project_model-0.0.301",
+    "vendor_ts__ra_ap_span-0.0.301",
+    "vendor_ts__ra_ap_stdx-0.0.301",
+    "vendor_ts__ra_ap_syntax-0.0.301",
+    "vendor_ts__ra_ap_vfs-0.0.301",
    "vendor_ts__rand-0.9.2",
-    "vendor_ts__rayon-1.10.0",
-    "vendor_ts__regex-1.11.1",
+    "vendor_ts__rayon-1.11.0",
+    "vendor_ts__regex-1.11.2",
    "vendor_ts__serde-1.0.219",
-    "vendor_ts__serde_json-1.0.142",
+    "vendor_ts__serde_json-1.0.143",
    "vendor_ts__serde_with-3.14.0",
-    "vendor_ts__syn-2.0.104",
+    "vendor_ts__syn-2.0.106",
    "vendor_ts__toml-0.9.5",
    "vendor_ts__tracing-0.1.41",
    "vendor_ts__tracing-flame-0.2.0",
-    "vendor_ts__tracing-subscriber-0.3.19",
-    "vendor_ts__tree-sitter-0.24.6",
+    "vendor_ts__tracing-subscriber-0.3.20",
+    "vendor_ts__tree-sitter-0.25.9",
    "vendor_ts__tree-sitter-embedded-template-0.23.2",
    "vendor_ts__tree-sitter-json-0.24.8",
    "vendor_ts__tree-sitter-ql-0.23.1",
@@ -172,7 +172,7 @@ http_archive(
 )

 dotnet = use_extension("@rules_dotnet//dotnet:extensions.bzl", "dotnet")
-dotnet.toolchain(dotnet_version = "9.0.100")
+dotnet.toolchain(dotnet_version = "9.0.300")
 use_repo(dotnet, "dotnet_toolchains")

 register_toolchains("@dotnet_toolchains//:all")
--- a/actions/extractor/codeql-extractor.yml
+++ b/actions/extractor/codeql-extractor.yml
@@ -1,5 +1,4 @@
 name: "actions"
-aliases: []
 display_name: "GitHub Actions"
 version: 0.0.1
 column_kind: "utf16"
@@ -8,9 +7,11 @@ build_modes:
  - none
 default_queries:
  - codeql/actions-queries
-file_coverage_languages: []
+# Actions workflows are not reported separately by the GitHub API, so we can't
+# associate them with a specific language.
 github_api_languages: []
-scc_languages: []
+scc_languages:
+  - YAML
 file_types:
  - name: workflow
    display_name: GitHub Actions workflow files
--- a/actions/extractor/tools/baseline-config.json
+++ b/actions/extractor/tools/baseline-config.json
@@ -0,0 +1,10 @@
+{
+    "paths": [
+        ".github/workflows/*.yml",
+        ".github/workflows/*.yaml",
+        ".github/reusable_workflows/**/*.yml",
+        ".github/reusable_workflows/**/*.yaml",
+        "**/action.yml",
+        "**/action.yaml"
+    ]
+}
--- a/actions/extractor/tools/configure-baseline.cmd
+++ b/actions/extractor/tools/configure-baseline.cmd
@@ -0,0 +1,2 @@
+@echo off
+type "%CODEQL_EXTRACTOR_ACTIONS_ROOT%\tools\baseline-config.json"
--- a/actions/extractor/tools/configure-baseline.sh
+++ b/actions/extractor/tools/configure-baseline.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+cat "$CODEQL_EXTRACTOR_ACTIONS_ROOT/tools/baseline-config.json"
--- a/actions/ql/integration-tests/query-suite/actions-code-scanning.qls.expected
+++ b/actions/ql/integration-tests/query-suite/actions-code-scanning.qls.expected
@@ -1,3 +1,4 @@
+ql/actions/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql
 ql/actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.ql
 ql/actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.ql
 ql/actions/ql/src/Security/CWE-094/CodeInjectionCritical.ql
--- a/actions/ql/integration-tests/query-suite/actions-security-and-quality.qls.expected
+++ b/actions/ql/integration-tests/query-suite/actions-security-and-quality.qls.expected
@@ -1,4 +1,5 @@
 ql/actions/ql/src/Debug/SyntaxError.ql
+ql/actions/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql
 ql/actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.ql
 ql/actions/ql/src/Security/CWE-077/EnvPathInjectionMedium.ql
 ql/actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.ql
--- a/actions/ql/integration-tests/query-suite/actions-security-extended.qls.expected
+++ b/actions/ql/integration-tests/query-suite/actions-security-extended.qls.expected
@@ -1,3 +1,4 @@
+ql/actions/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql
 ql/actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.ql
 ql/actions/ql/src/Security/CWE-077/EnvPathInjectionMedium.ql
 ql/actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.ql
--- a/actions/ql/lib/CHANGELOG.md
+++ b/actions/ql/lib/CHANGELOG.md
@@ -1,3 +1,11 @@
+## 0.4.18
+
+No user-facing changes.
+
+## 0.4.17
+
+No user-facing changes.
+
 ## 0.4.16

 No user-facing changes.
--- a/actions/ql/lib/change-notes/released/0.4.17.md
+++ b/actions/ql/lib/change-notes/released/0.4.17.md
@@ -0,0 +1,3 @@
+## 0.4.17
+
+No user-facing changes.
--- a/actions/ql/lib/change-notes/released/0.4.18.md
+++ b/actions/ql/lib/change-notes/released/0.4.18.md
@@ -0,0 +1,3 @@
+## 0.4.18
+
+No user-facing changes.
--- a/actions/ql/lib/codeql-pack.release.yml
+++ b/actions/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.16
+lastReleaseVersion: 0.4.18
--- a/actions/ql/lib/qlpack.yml
+++ b/actions/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/actions-all
-version: 0.4.17-dev
+version: 0.4.18
 library: true
 warnOnImplicitThis: true
 dependencies:
--- a/actions/ql/src/CHANGELOG.md
+++ b/actions/ql/src/CHANGELOG.md
@@ -1,3 +1,13 @@
+## 0.6.10
+
+No user-facing changes.
+
+## 0.6.9
+
+### Minor Analysis Improvements
+
+* Actions analysis now reports file coverage information on the CodeQL status page.
+
 ## 0.6.8

 No user-facing changes.
--- a/actions/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql
+++ b/actions/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql
@@ -0,0 +1,13 @@
+/**
+ * @id actions/diagnostics/successfully-extracted-files
+ * @name Extracted files
+ * @description List all files that were extracted.
+ * @kind diagnostic
+ * @tags successfully-extracted-files
+ */
+
+private import codeql.Locations
+
+from File f
+where exists(f.getRelativePath())
+select f, ""
--- a/actions/ql/src/change-notes/released/0.6.10.md
+++ b/actions/ql/src/change-notes/released/0.6.10.md
@@ -0,0 +1,3 @@
+## 0.6.10
+
+No user-facing changes.
--- a/actions/ql/src/change-notes/released/0.6.9.md
+++ b/actions/ql/src/change-notes/released/0.6.9.md
@@ -0,0 +1,5 @@
+## 0.6.9
+
+### Minor Analysis Improvements
+
+* Actions analysis now reports file coverage information on the CodeQL status page.
--- a/actions/ql/src/codeql-pack.release.yml
+++ b/actions/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.8
+lastReleaseVersion: 0.6.10
--- a/actions/ql/src/qlpack.yml
+++ b/actions/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/actions-queries
-version: 0.6.9-dev
+version: 0.6.10
 library: false
 warnOnImplicitThis: true
 groups: [actions, queries]
--- a/config/add-overlay-annotations.py
+++ b/config/add-overlay-annotations.py
@@ -177,6 +177,12 @@ def insert_overlay_caller_annotations(lines):
        out_lines.append(line)
    return out_lines

+explicitly_global = set([
+    "java/ql/lib/semmle/code/java/dispatch/VirtualDispatch.qll",
+    "java/ql/lib/semmle/code/java/dispatch/DispatchFlow.qll",
+    "java/ql/lib/semmle/code/java/dispatch/ObjFlow.qll",
+    "java/ql/lib/semmle/code/java/dispatch/internal/Unification.qll",
+])

 def annotate_as_appropriate(filename, lines):
    '''
@@ -196,6 +202,9 @@ def annotate_as_appropriate(filename, lines):
        ((filename.endswith("Query.qll") or filename.endswith("Config.qll")) and
         any("implements DataFlow::ConfigSig" in line for line in lines))):
        return None
+    elif filename in explicitly_global:
+        # These files are explicitly global and should not be annotated.
+        return None
    elif not any(line for line in lines if line.strip()):
        return None

--- a/cpp/ql/integration-tests/query-suite/cpp-code-scanning.qls.expected
+++ b/cpp/ql/integration-tests/query-suite/cpp-code-scanning.qls.expected
@@ -7,12 +7,10 @@ ql/cpp/ql/src/Diagnostics/ExtractedFiles.ql
 ql/cpp/ql/src/Diagnostics/ExtractionWarnings.ql
 ql/cpp/ql/src/Diagnostics/FailedExtractorInvocations.ql
 ql/cpp/ql/src/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql
-ql/cpp/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql
 ql/cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck.ql
 ql/cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql
 ql/cpp/ql/src/Likely Bugs/Format/SnprintfOverflow.ql
 ql/cpp/ql/src/Likely Bugs/Format/WrongNumberOfFormatArguments.ql
-ql/cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql
 ql/cpp/ql/src/Likely Bugs/Memory Management/AllocaInLoop.ql
 ql/cpp/ql/src/Likely Bugs/Memory Management/PointerOverflow.ql
 ql/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql
@@ -30,7 +28,6 @@ ql/cpp/ql/src/Security/CWE/CWE-120/VeryLikelyOverrunWrite.ql
 ql/cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql
 ql/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql
 ql/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
-ql/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql
 ql/cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql
 ql/cpp/ql/src/Security/CWE/CWE-253/HResultBooleanConversion.ql
 ql/cpp/ql/src/Security/CWE/CWE-311/CleartextFileWrite.ql
@@ -43,7 +40,6 @@ ql/cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql
 ql/cpp/ql/src/Security/CWE/CWE-416/IteratorToExpiredContainer.ql
 ql/cpp/ql/src/Security/CWE/CWE-416/UseOfStringAfterLifetimeEnds.ql
 ql/cpp/ql/src/Security/CWE/CWE-416/UseOfUniquePointerAfterLifetimeEnds.ql
-ql/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql
 ql/cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql
 ql/cpp/ql/src/Security/CWE/CWE-611/XXE.ql
 ql/cpp/ql/src/Security/CWE/CWE-676/DangerousFunctionOverflow.ql
--- a/cpp/ql/lib/CHANGELOG.md
+++ b/cpp/ql/lib/CHANGELOG.md
@@ -1,3 +1,17 @@
+## 5.6.1
+
+No user-facing changes.
+
+## 5.6.0
+
+### Deprecated APIs
+
+* The predicate `getAContructorCall` in the class `SslContextClass` has been deprecated. Use `getAConstructorCall` instead.
+
+### New Features
+
+* Added predicates `getTransitiveNumberOfVlaDimensionStmts`, `getTransitiveVlaDimensionStmt`, and `getParentVlaDecl` to `VlaDeclStmt` for handling `VlaDeclStmt`s whose base type is defined in terms of another `VlaDeclStmt` via a `typedef`.
+
 ## 5.5.0

 ### New Features
--- a/cpp/ql/lib/change-notes/2025-09-02-vla.md
+++ b/cpp/ql/lib/change-notes/2025-09-02-vla.md
@@ -1,4 +0,0 @@
---
-category: feature
---
-* Added predicates `getTransitiveNumberOfVlaDimensionStmts`, `getTransitiveVlaDimensionStmt`, and `getParentVlaDecl` to `VlaDeclStmt` for handling `VlaDeclStmt`s whose base type defined in terms of an other `VlaDeclStmt` via a `typedef`.
--- a/cpp/ql/lib/change-notes/2025-09-03-rename-api.md
+++ b/cpp/ql/lib/change-notes/2025-09-03-rename-api.md
@@ -1,4 +0,0 @@
---
-category: deprecated
---
-* The predicate `getAContructorCall` in the class `SslContextClass` has been deprecated. Use `getAConstructorCall` instead.
--- a/cpp/ql/lib/change-notes/released/5.6.0.md
+++ b/cpp/ql/lib/change-notes/released/5.6.0.md
@@ -0,0 +1,9 @@
+## 5.6.0
+
+### Deprecated APIs
+
+* The predicate `getAContructorCall` in the class `SslContextClass` has been deprecated. Use `getAConstructorCall` instead.
+
+### New Features
+
+* Added predicates `getTransitiveNumberOfVlaDimensionStmts`, `getTransitiveVlaDimensionStmt`, and `getParentVlaDecl` to `VlaDeclStmt` for handling `VlaDeclStmt`s whose base type is defined in terms of another `VlaDeclStmt` via a `typedef`.
--- a/cpp/ql/lib/change-notes/released/5.6.1.md
+++ b/cpp/ql/lib/change-notes/released/5.6.1.md
@@ -0,0 +1,3 @@
+## 5.6.1
+
+No user-facing changes.
--- a/cpp/ql/lib/codeql-pack.release.yml
+++ b/cpp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.5.0
+lastReleaseVersion: 5.6.1
--- a/cpp/ql/lib/qlpack.yml
+++ b/cpp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 5.5.1-dev
+version: 5.6.1
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp
--- a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll
+++ b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll
@@ -72,6 +72,20 @@ abstract private class GuardConditionImpl extends Expr {
   */
  abstract predicate valueControls(BasicBlock controlled, AbstractValue v);

+  /**
+   * Holds if the control-flow edge `(pred, succ)` may be taken only if
+   * the value of this condition is `v`.
+   */
+  abstract predicate valueControlsEdge(BasicBlock pred, BasicBlock succ, AbstractValue v);
+
+  /**
+   * Holds if  the control-flow edge `(pred, succ)` may be taken only if
+   * this the value of this condition is `testIsTrue`.
+   */
+  final predicate controlsEdge(BasicBlock pred, BasicBlock succ, boolean testIsTrue) {
+    this.valueControlsEdge(pred, succ, any(BooleanValue bv | bv.getValue() = testIsTrue))
+  }
+
  /**
   * Holds if this condition controls `controlled`, meaning that `controlled` is only
   * entered if the value of this condition is `testIsTrue`.
@@ -175,6 +189,58 @@ abstract private class GuardConditionImpl extends Expr {
   */
  pragma[inline]
  abstract predicate ensuresEq(Expr e, int k, BasicBlock block, boolean areEqual);
+
+  /**
+   * Holds if (determined by this guard) `left == right + k` must be `areEqual` on the edge from
+   * `pred` to `succ`. If `areEqual = false` then this implies `left != right + k`.
+   */
+  pragma[inline]
+  final predicate ensuresEqEdge(
+    Expr left, Expr right, int k, BasicBlock pred, BasicBlock succ, boolean areEqual
+  ) {
+    exists(boolean testIsTrue |
+      this.comparesEq(left, right, k, areEqual, testIsTrue) and
+      this.controlsEdge(pred, succ, testIsTrue)
+    )
+  }
+
+  /**
+   * Holds if (determined by this guard) `e == k` must be `areEqual` on the edge from
+   * `pred` to `succ`. If `areEqual = false` then this implies `e != k`.
+   */
+  pragma[inline]
+  final predicate ensuresEqEdge(Expr e, int k, BasicBlock pred, BasicBlock succ, boolean areEqual) {
+    exists(AbstractValue v |
+      this.comparesEq(e, k, areEqual, v) and
+      this.valueControlsEdge(pred, succ, v)
+    )
+  }
+
+  /**
+   * Holds if (determined by this guard) `left < right + k` must be `isLessThan` on the edge from
+   * `pred` to `succ`. If `isLessThan = false` then this implies `left >= right + k`.
+   */
+  pragma[inline]
+  final predicate ensuresLtEdge(
+    Expr left, Expr right, int k, BasicBlock pred, BasicBlock succ, boolean isLessThan
+  ) {
+    exists(boolean testIsTrue |
+      this.comparesLt(left, right, k, isLessThan, testIsTrue) and
+      this.controlsEdge(pred, succ, testIsTrue)
+    )
+  }
+
+  /**
+   * Holds if (determined by this guard) `e < k` must be `isLessThan` on the edge from
+   * `pred` to `succ`. If `isLessThan = false` then this implies `e >= k`.
+   */
+  pragma[inline]
+  final predicate ensuresLtEdge(Expr e, int k, BasicBlock pred, BasicBlock succ, boolean isLessThan) {
+    exists(AbstractValue v |
+      this.comparesLt(e, k, isLessThan, v) and
+      this.valueControlsEdge(pred, succ, v)
+    )
+  }
 }

 final class GuardCondition = GuardConditionImpl;
@@ -187,6 +253,16 @@ private class GuardConditionFromBinaryLogicalOperator extends GuardConditionImpl
    this.(BinaryLogicalOperation).getAnOperand() instanceof GuardCondition
  }

+  override predicate valueControlsEdge(BasicBlock pred, BasicBlock succ, AbstractValue v) {
+    exists(BinaryLogicalOperation binop, GuardCondition lhs, GuardCondition rhs |
+      this = binop and
+      lhs = binop.getLeftOperand() and
+      rhs = binop.getRightOperand() and
+      lhs.valueControlsEdge(pred, succ, v) and
+      rhs.valueControlsEdge(pred, succ, v)
+    )
+  }
+
  override predicate valueControls(BasicBlock controlled, AbstractValue v) {
    exists(BinaryLogicalOperation binop, GuardCondition lhs, GuardCondition rhs |
      this = binop and
@@ -274,6 +350,25 @@ private predicate controlsBlock(IRGuardCondition ir, BasicBlock controlled, Abst
  )
 }

+/**
+ * Holds if `ir` controls the `(pred, succ)` edge, meaning that the edge
+ * `(pred, succ)` is only taken if the value of this condition is `v`. This
+ * helper predicate does not necessarily hold for binary logical operations
+ * like `&&` and `||`.
+ * See the detailed explanation on predicate `controlsEdge`.
+ */
+private predicate controlsEdge(
+  IRGuardCondition ir, BasicBlock pred, BasicBlock succ, AbstractValue v
+) {
+  exists(IRBlock irPred, IRBlock irSucc |
+    ir.valueControlsEdge(irPred, irSucc, v) and
+    nonExcludedIRAndBasicBlock(irPred, pred) and
+    nonExcludedIRAndBasicBlock(irSucc, succ) and
+    not isUnreachedBlock(irPred) and
+    not isUnreachedBlock(irSucc)
+  )
+}
+
 private class GuardConditionFromNotExpr extends GuardConditionImpl {
  IRGuardCondition ir;

@@ -295,6 +390,10 @@ private class GuardConditionFromNotExpr extends GuardConditionImpl {
    controlsBlock(ir, controlled, v.getDualValue())
  }

+  override predicate valueControlsEdge(BasicBlock pred, BasicBlock succ, AbstractValue v) {
+    controlsEdge(ir, pred, succ, v.getDualValue())
+  }
+
  pragma[inline]
  override predicate comparesLt(Expr left, Expr right, int k, boolean isLessThan, boolean testIsTrue) {
    exists(Instruction li, Instruction ri |
@@ -383,6 +482,10 @@ private class GuardConditionFromIR extends GuardConditionImpl {
    controlsBlock(ir, controlled, v)
  }

+  override predicate valueControlsEdge(BasicBlock pred, BasicBlock succ, AbstractValue v) {
+    controlsEdge(ir, pred, succ, v)
+  }
+
  pragma[inline]
  override predicate comparesLt(Expr left, Expr right, int k, boolean isLessThan, boolean testIsTrue) {
    exists(Instruction li, Instruction ri |
--- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/FlowSummaryImpl.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/FlowSummaryImpl.qll
@@ -104,7 +104,9 @@ private module StepsInput implements Impl::Private::StepsInputSig {
    result.getStaticCallTarget().getUnderlyingCallable() = sc
  }

-  Node getSourceNode(Input::SourceBase source, Impl::Private::SummaryComponent sc) { none() }
+  DataFlowCallable getSourceNodeEnclosingCallable(Input::SourceBase source) { none() }
+
+  Node getSourceNode(Input::SourceBase source, Impl::Private::SummaryComponentStack s) { none() }

  Node getSinkNode(Input::SinkBase sink, Impl::Private::SummaryComponent sc) { none() }
 }
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/internal/ValueNumberingInternal.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/internal/ValueNumberingInternal.qll
@@ -41,7 +41,7 @@ newtype TValueNumber =
  ) {
    loadTotalOverlapValueNumber(_, irFunc, type, memOperand, operand)
  } or
-  TUniqueValueNumber(IRFunction irFunc, Instruction instr) { uniqueValueNumber(instr, irFunc) }
+  TUniqueValueNumber(Instruction instr) { uniqueValueNumber(instr) }

 /**
 * A `ConvertInstruction` which converts data of type `T` to data of type `U`
@@ -129,12 +129,14 @@ private predicate filteredNumberableInstruction(Instruction instr) {
    count(instr.(InheritanceConversionInstruction).getBaseClass()) != 1 or
    count(instr.(InheritanceConversionInstruction).getDerivedClass()) != 1
  )
+  or
+  count(instr.getEnclosingIRFunction()) != 1
 }

 private predicate variableAddressValueNumber(
  VariableAddressInstruction instr, IRFunction irFunc, Language::AST ast
 ) {
-  instr.getEnclosingIRFunction() = irFunc and
+  unique( | | instr.getEnclosingIRFunction()) = irFunc and
  // The underlying AST element is used as value-numbering key instead of the
  // `IRVariable` to work around a problem where a variable or expression with
  // multiple types gives rise to multiple `IRVariable`s.
@@ -144,7 +146,7 @@ private predicate variableAddressValueNumber(
 private predicate initializeParameterValueNumber(
  InitializeParameterInstruction instr, IRFunction irFunc, Language::AST var
 ) {
-  instr.getEnclosingIRFunction() = irFunc and
+  unique( | | instr.getEnclosingIRFunction()) = irFunc and
  // The underlying AST element is used as value-numbering key instead of the
  // `IRVariable` to work around a problem where a variable or expression with
  // multiple types gives rise to multiple `IRVariable`s.
@@ -154,7 +156,7 @@ private predicate initializeParameterValueNumber(
 private predicate constantValueNumber(
  ConstantInstruction instr, IRFunction irFunc, IRType type, string value
 ) {
-  instr.getEnclosingIRFunction() = irFunc and
+  unique( | | instr.getEnclosingIRFunction()) = irFunc and
  unique( | | instr.getResultIRType()) = type and
  instr.getValue() = value
 }
@@ -162,7 +164,7 @@ private predicate constantValueNumber(
 private predicate stringConstantValueNumber(
  StringConstantInstruction instr, IRFunction irFunc, IRType type, string value
 ) {
-  instr.getEnclosingIRFunction() = irFunc and
+  unique( | | instr.getEnclosingIRFunction()) = irFunc and
  instr.getResultIRType() = type and
  instr.getValue().getValue() = value
 }
@@ -171,7 +173,7 @@ private predicate fieldAddressValueNumber(
  FieldAddressInstruction instr, IRFunction irFunc, Language::Field field,
  TValueNumber objectAddress
 ) {
-  instr.getEnclosingIRFunction() = irFunc and
+  unique( | | instr.getEnclosingIRFunction()) = irFunc and
  unique( | | instr.getField()) = field and
  tvalueNumber(instr.getObjectAddress()) = objectAddress
 }
@@ -182,7 +184,7 @@ private predicate binaryValueNumber0(
  TValueNumber valueNumber
 ) {
  not instr instanceof PointerArithmeticInstruction and
-  instr.getEnclosingIRFunction() = irFunc and
+  unique( | | instr.getEnclosingIRFunction()) = irFunc and
  instr.getOpcode() = opcode and
  (
    isLeft = true and
@@ -206,7 +208,7 @@ private predicate pointerArithmeticValueNumber0(
  PointerArithmeticInstruction instr, IRFunction irFunc, Opcode opcode, int elementSize,
  boolean isLeft, TValueNumber valueNumber
 ) {
-  instr.getEnclosingIRFunction() = irFunc and
+  unique( | | instr.getEnclosingIRFunction()) = irFunc and
  instr.getOpcode() = opcode and
  instr.getElementSize() = elementSize and
  (
@@ -229,7 +231,7 @@ private predicate pointerArithmeticValueNumber(
 private predicate unaryValueNumber(
  UnaryInstruction instr, IRFunction irFunc, Opcode opcode, TValueNumber operand
 ) {
-  instr.getEnclosingIRFunction() = irFunc and
+  unique( | | instr.getEnclosingIRFunction()) = irFunc and
  not instr instanceof InheritanceConversionInstruction and
  not instr instanceof CopyInstruction and
  not instr instanceof FieldAddressInstruction and
@@ -242,7 +244,7 @@ private predicate inheritanceConversionValueNumber(
  InheritanceConversionInstruction instr, IRFunction irFunc, Opcode opcode,
  Language::Class baseClass, Language::Class derivedClass, TValueNumber operand
 ) {
-  instr.getEnclosingIRFunction() = irFunc and
+  unique( | | instr.getEnclosingIRFunction()) = irFunc and
  instr.getOpcode() = opcode and
  tvalueNumber(instr.getUnary()) = operand and
  unique( | | instr.getBaseClass()) = baseClass and
@@ -254,7 +256,7 @@ private predicate loadTotalOverlapValueNumber0(
  LoadTotalOverlapInstruction instr, IRFunction irFunc, IRType type, TValueNumber valueNumber,
  boolean isAddress
 ) {
-  instr.getEnclosingIRFunction() = irFunc and
+  unique( | | instr.getEnclosingIRFunction()) = irFunc and
  instr.getResultIRType() = type and
  (
    isAddress = true and
@@ -277,8 +279,7 @@ private predicate loadTotalOverlapValueNumber(
 * Holds if `instr` should be assigned a unique value number because this library does not know how
 * to determine if two instances of that instruction are equivalent.
 */
-private predicate uniqueValueNumber(Instruction instr, IRFunction irFunc) {
-  instr.getEnclosingIRFunction() = irFunc and
+private predicate uniqueValueNumber(Instruction instr) {
  not instr.getResultIRType() instanceof IRVoidType and
  (
    not numberableInstruction(instr)
@@ -294,10 +295,8 @@ cached
 TValueNumber tvalueNumber(Instruction instr) {
  result = nonUniqueValueNumber(instr)
  or
-  exists(IRFunction irFunc |
-    uniqueValueNumber(instr, irFunc) and
-    result = TUniqueValueNumber(irFunc, instr)
-  )
+  uniqueValueNumber(instr) and
+  result = TUniqueValueNumber(instr)
 }

 /**
@@ -311,68 +310,64 @@ TValueNumber tvalueNumberOfOperand(Operand op) { result = tvalueNumber(op.getDef
 * value number.
 */
 private TValueNumber nonUniqueValueNumber(Instruction instr) {
-  exists(IRFunction irFunc |
-    irFunc = instr.getEnclosingIRFunction() and
-    (
-      exists(Language::AST ast |
-        variableAddressValueNumber(instr, irFunc, ast) and
-        result = TVariableAddressValueNumber(irFunc, ast)
-      )
-      or
-      exists(Language::AST var |
-        initializeParameterValueNumber(instr, irFunc, var) and
-        result = TInitializeParameterValueNumber(irFunc, var)
-      )
-      or
-      exists(string value, IRType type |
-        constantValueNumber(instr, irFunc, type, value) and
-        result = TConstantValueNumber(irFunc, type, value)
-      )
-      or
-      exists(IRType type, string value |
-        stringConstantValueNumber(instr, irFunc, type, value) and
-        result = TStringConstantValueNumber(irFunc, type, value)
-      )
-      or
-      exists(Language::Field field, TValueNumber objectAddress |
-        fieldAddressValueNumber(instr, irFunc, field, objectAddress) and
-        result = TFieldAddressValueNumber(irFunc, field, objectAddress)
-      )
-      or
-      exists(Opcode opcode, TValueNumber leftOperand, TValueNumber rightOperand |
-        binaryValueNumber(instr, irFunc, opcode, leftOperand, rightOperand) and
-        result = TBinaryValueNumber(irFunc, opcode, leftOperand, rightOperand)
-      )
-      or
-      exists(Opcode opcode, TValueNumber operand |
-        unaryValueNumber(instr, irFunc, opcode, operand) and
-        result = TUnaryValueNumber(irFunc, opcode, operand)
-      )
-      or
-      exists(
-        Opcode opcode, Language::Class baseClass, Language::Class derivedClass, TValueNumber operand
-      |
-        inheritanceConversionValueNumber(instr, irFunc, opcode, baseClass, derivedClass, operand) and
-        result = TInheritanceConversionValueNumber(irFunc, opcode, baseClass, derivedClass, operand)
-      )
-      or
-      exists(Opcode opcode, int elementSize, TValueNumber leftOperand, TValueNumber rightOperand |
-        pointerArithmeticValueNumber(instr, irFunc, opcode, elementSize, leftOperand, rightOperand) and
-        result =
-          TPointerArithmeticValueNumber(irFunc, opcode, elementSize, leftOperand, rightOperand)
-      )
-      or
-      exists(IRType type, TValueNumber memOperand, TValueNumber operand |
-        loadTotalOverlapValueNumber(instr, irFunc, type, memOperand, operand) and
-        result = TLoadTotalOverlapValueNumber(irFunc, type, memOperand, operand)
-      )
-      or
-      // The value number of a copy is just the value number of its source value.
-      result = tvalueNumber(instr.(CongruentCopyInstruction).getSourceValue())
-      or
-      // The value number of a type-preserving conversion is just the value
-      // number of the unconverted value.
-      result = tvalueNumber(instr.(TypePreservingConvertInstruction).getUnary())
+  exists(IRFunction irFunc | irFunc = instr.getEnclosingIRFunction() |
+    exists(Language::AST ast |
+      variableAddressValueNumber(instr, irFunc, ast) and
+      result = TVariableAddressValueNumber(irFunc, ast)
    )
+    or
+    exists(Language::AST var |
+      initializeParameterValueNumber(instr, irFunc, var) and
+      result = TInitializeParameterValueNumber(irFunc, var)
+    )
+    or
+    exists(string value, IRType type |
+      constantValueNumber(instr, irFunc, type, value) and
+      result = TConstantValueNumber(irFunc, type, value)
+    )
+    or
+    exists(IRType type, string value |
+      stringConstantValueNumber(instr, irFunc, type, value) and
+      result = TStringConstantValueNumber(irFunc, type, value)
+    )
+    or
+    exists(Language::Field field, TValueNumber objectAddress |
+      fieldAddressValueNumber(instr, irFunc, field, objectAddress) and
+      result = TFieldAddressValueNumber(irFunc, field, objectAddress)
+    )
+    or
+    exists(Opcode opcode, TValueNumber leftOperand, TValueNumber rightOperand |
+      binaryValueNumber(instr, irFunc, opcode, leftOperand, rightOperand) and
+      result = TBinaryValueNumber(irFunc, opcode, leftOperand, rightOperand)
+    )
+    or
+    exists(Opcode opcode, TValueNumber operand |
+      unaryValueNumber(instr, irFunc, opcode, operand) and
+      result = TUnaryValueNumber(irFunc, opcode, operand)
+    )
+    or
+    exists(
+      Opcode opcode, Language::Class baseClass, Language::Class derivedClass, TValueNumber operand
+    |
+      inheritanceConversionValueNumber(instr, irFunc, opcode, baseClass, derivedClass, operand) and
+      result = TInheritanceConversionValueNumber(irFunc, opcode, baseClass, derivedClass, operand)
+    )
+    or
+    exists(Opcode opcode, int elementSize, TValueNumber leftOperand, TValueNumber rightOperand |
+      pointerArithmeticValueNumber(instr, irFunc, opcode, elementSize, leftOperand, rightOperand) and
+      result = TPointerArithmeticValueNumber(irFunc, opcode, elementSize, leftOperand, rightOperand)
+    )
+    or
+    exists(IRType type, TValueNumber memOperand, TValueNumber operand |
+      loadTotalOverlapValueNumber(instr, irFunc, type, memOperand, operand) and
+      result = TLoadTotalOverlapValueNumber(irFunc, type, memOperand, operand)
+    )
+    or
+    // The value number of a copy is just the value number of its source value.
+    result = tvalueNumber(instr.(CongruentCopyInstruction).getSourceValue())
+    or
+    // The value number of a type-preserving conversion is just the value
+    // number of the unconverted value.
+    result = tvalueNumber(instr.(TypePreservingConvertInstruction).getUnary())
  )
 }
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/gvn/internal/ValueNumberingInternal.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/gvn/internal/ValueNumberingInternal.qll
@@ -41,7 +41,7 @@ newtype TValueNumber =
  ) {
    loadTotalOverlapValueNumber(_, irFunc, type, memOperand, operand)
  } or
-  TUniqueValueNumber(IRFunction irFunc, Instruction instr) { uniqueValueNumber(instr, irFunc) }
+  TUniqueValueNumber(Instruction instr) { uniqueValueNumber(instr) }

 /**
 * A `ConvertInstruction` which converts data of type `T` to data of type `U`
@@ -129,12 +129,14 @@ private predicate filteredNumberableInstruction(Instruction instr) {
    count(instr.(InheritanceConversionInstruction).getBaseClass()) != 1 or
    count(instr.(InheritanceConversionInstruction).getDerivedClass()) != 1
  )
+  or
+  count(instr.getEnclosingIRFunction()) != 1
 }

 private predicate variableAddressValueNumber(
  VariableAddressInstruction instr, IRFunction irFunc, Language::AST ast
 ) {
-  instr.getEnclosingIRFunction() = irFunc and
+  unique( | | instr.getEnclosingIRFunction()) = irFunc and
  // The underlying AST element is used as value-numbering key instead of the
  // `IRVariable` to work around a problem where a variable or expression with
  // multiple types gives rise to multiple `IRVariable`s.
@@ -144,7 +146,7 @@ private predicate variableAddressValueNumber(
 private predicate initializeParameterValueNumber(
  InitializeParameterInstruction instr, IRFunction irFunc, Language::AST var
 ) {
-  instr.getEnclosingIRFunction() = irFunc and
+  unique( | | instr.getEnclosingIRFunction()) = irFunc and
  // The underlying AST element is used as value-numbering key instead of the
  // `IRVariable` to work around a problem where a variable or expression with
  // multiple types gives rise to multiple `IRVariable`s.
@@ -154,7 +156,7 @@ private predicate initializeParameterValueNumber(
 private predicate constantValueNumber(
  ConstantInstruction instr, IRFunction irFunc, IRType type, string value
 ) {
-  instr.getEnclosingIRFunction() = irFunc and
+  unique( | | instr.getEnclosingIRFunction()) = irFunc and
  unique( | | instr.getResultIRType()) = type and
  instr.getValue() = value
 }
@@ -162,7 +164,7 @@ private predicate constantValueNumber(
 private predicate stringConstantValueNumber(
  StringConstantInstruction instr, IRFunction irFunc, IRType type, string value
 ) {
-  instr.getEnclosingIRFunction() = irFunc and
+  unique( | | instr.getEnclosingIRFunction()) = irFunc and
  instr.getResultIRType() = type and
  instr.getValue().getValue() = value
 }
@@ -171,7 +173,7 @@ private predicate fieldAddressValueNumber(
  FieldAddressInstruction instr, IRFunction irFunc, Language::Field field,
  TValueNumber objectAddress
 ) {
-  instr.getEnclosingIRFunction() = irFunc and
+  unique( | | instr.getEnclosingIRFunction()) = irFunc and
  unique( | | instr.getField()) = field and
  tvalueNumber(instr.getObjectAddress()) = objectAddress
 }
@@ -182,7 +184,7 @@ private predicate binaryValueNumber0(
  TValueNumber valueNumber
 ) {
  not instr instanceof PointerArithmeticInstruction and
-  instr.getEnclosingIRFunction() = irFunc and
+  unique( | | instr.getEnclosingIRFunction()) = irFunc and
  instr.getOpcode() = opcode and
  (
    isLeft = true and
@@ -206,7 +208,7 @@ private predicate pointerArithmeticValueNumber0(
  PointerArithmeticInstruction instr, IRFunction irFunc, Opcode opcode, int elementSize,
  boolean isLeft, TValueNumber valueNumber
 ) {
-  instr.getEnclosingIRFunction() = irFunc and
+  unique( | | instr.getEnclosingIRFunction()) = irFunc and
  instr.getOpcode() = opcode and
  instr.getElementSize() = elementSize and
  (
@@ -229,7 +231,7 @@ private predicate pointerArithmeticValueNumber(
 private predicate unaryValueNumber(
  UnaryInstruction instr, IRFunction irFunc, Opcode opcode, TValueNumber operand
 ) {
-  instr.getEnclosingIRFunction() = irFunc and
+  unique( | | instr.getEnclosingIRFunction()) = irFunc and
  not instr instanceof InheritanceConversionInstruction and
  not instr instanceof CopyInstruction and
  not instr instanceof FieldAddressInstruction and
@@ -242,7 +244,7 @@ private predicate inheritanceConversionValueNumber(
  InheritanceConversionInstruction instr, IRFunction irFunc, Opcode opcode,
  Language::Class baseClass, Language::Class derivedClass, TValueNumber operand
 ) {
-  instr.getEnclosingIRFunction() = irFunc and
+  unique( | | instr.getEnclosingIRFunction()) = irFunc and
  instr.getOpcode() = opcode and
  tvalueNumber(instr.getUnary()) = operand and
  unique( | | instr.getBaseClass()) = baseClass and
@@ -254,7 +256,7 @@ private predicate loadTotalOverlapValueNumber0(
  LoadTotalOverlapInstruction instr, IRFunction irFunc, IRType type, TValueNumber valueNumber,
  boolean isAddress
 ) {
-  instr.getEnclosingIRFunction() = irFunc and
+  unique( | | instr.getEnclosingIRFunction()) = irFunc and
  instr.getResultIRType() = type and
  (
    isAddress = true and
@@ -277,8 +279,7 @@ private predicate loadTotalOverlapValueNumber(
 * Holds if `instr` should be assigned a unique value number because this library does not know how
 * to determine if two instances of that instruction are equivalent.
 */
-private predicate uniqueValueNumber(Instruction instr, IRFunction irFunc) {
-  instr.getEnclosingIRFunction() = irFunc and
+private predicate uniqueValueNumber(Instruction instr) {
  not instr.getResultIRType() instanceof IRVoidType and
  (
    not numberableInstruction(instr)
@@ -294,10 +295,8 @@ cached
 TValueNumber tvalueNumber(Instruction instr) {
  result = nonUniqueValueNumber(instr)
  or
-  exists(IRFunction irFunc |
-    uniqueValueNumber(instr, irFunc) and
-    result = TUniqueValueNumber(irFunc, instr)
-  )
+  uniqueValueNumber(instr) and
+  result = TUniqueValueNumber(instr)
 }

 /**
@@ -311,68 +310,64 @@ TValueNumber tvalueNumberOfOperand(Operand op) { result = tvalueNumber(op.getDef
 * value number.
 */
 private TValueNumber nonUniqueValueNumber(Instruction instr) {
-  exists(IRFunction irFunc |
-    irFunc = instr.getEnclosingIRFunction() and
-    (
-      exists(Language::AST ast |
-        variableAddressValueNumber(instr, irFunc, ast) and
-        result = TVariableAddressValueNumber(irFunc, ast)
-      )
-      or
-      exists(Language::AST var |
-        initializeParameterValueNumber(instr, irFunc, var) and
-        result = TInitializeParameterValueNumber(irFunc, var)
-      )
-      or
-      exists(string value, IRType type |
-        constantValueNumber(instr, irFunc, type, value) and
-        result = TConstantValueNumber(irFunc, type, value)
-      )
-      or
-      exists(IRType type, string value |
-        stringConstantValueNumber(instr, irFunc, type, value) and
-        result = TStringConstantValueNumber(irFunc, type, value)
-      )
-      or
-      exists(Language::Field field, TValueNumber objectAddress |
-        fieldAddressValueNumber(instr, irFunc, field, objectAddress) and
-        result = TFieldAddressValueNumber(irFunc, field, objectAddress)
-      )
-      or
-      exists(Opcode opcode, TValueNumber leftOperand, TValueNumber rightOperand |
-        binaryValueNumber(instr, irFunc, opcode, leftOperand, rightOperand) and
-        result = TBinaryValueNumber(irFunc, opcode, leftOperand, rightOperand)
-      )
-      or
-      exists(Opcode opcode, TValueNumber operand |
-        unaryValueNumber(instr, irFunc, opcode, operand) and
-        result = TUnaryValueNumber(irFunc, opcode, operand)
-      )
-      or
-      exists(
-        Opcode opcode, Language::Class baseClass, Language::Class derivedClass, TValueNumber operand
-      |
-        inheritanceConversionValueNumber(instr, irFunc, opcode, baseClass, derivedClass, operand) and
-        result = TInheritanceConversionValueNumber(irFunc, opcode, baseClass, derivedClass, operand)
-      )
-      or
-      exists(Opcode opcode, int elementSize, TValueNumber leftOperand, TValueNumber rightOperand |
-        pointerArithmeticValueNumber(instr, irFunc, opcode, elementSize, leftOperand, rightOperand) and
-        result =
-          TPointerArithmeticValueNumber(irFunc, opcode, elementSize, leftOperand, rightOperand)
-      )
-      or
-      exists(IRType type, TValueNumber memOperand, TValueNumber operand |
-        loadTotalOverlapValueNumber(instr, irFunc, type, memOperand, operand) and
-        result = TLoadTotalOverlapValueNumber(irFunc, type, memOperand, operand)
-      )
-      or
-      // The value number of a copy is just the value number of its source value.
-      result = tvalueNumber(instr.(CongruentCopyInstruction).getSourceValue())
-      or
-      // The value number of a type-preserving conversion is just the value
-      // number of the unconverted value.
-      result = tvalueNumber(instr.(TypePreservingConvertInstruction).getUnary())
+  exists(IRFunction irFunc | irFunc = instr.getEnclosingIRFunction() |
+    exists(Language::AST ast |
+      variableAddressValueNumber(instr, irFunc, ast) and
+      result = TVariableAddressValueNumber(irFunc, ast)
    )
+    or
+    exists(Language::AST var |
+      initializeParameterValueNumber(instr, irFunc, var) and
+      result = TInitializeParameterValueNumber(irFunc, var)
+    )
+    or
+    exists(string value, IRType type |
+      constantValueNumber(instr, irFunc, type, value) and
+      result = TConstantValueNumber(irFunc, type, value)
+    )
+    or
+    exists(IRType type, string value |
+      stringConstantValueNumber(instr, irFunc, type, value) and
+      result = TStringConstantValueNumber(irFunc, type, value)
+    )
+    or
+    exists(Language::Field field, TValueNumber objectAddress |
+      fieldAddressValueNumber(instr, irFunc, field, objectAddress) and
+      result = TFieldAddressValueNumber(irFunc, field, objectAddress)
+    )
+    or
+    exists(Opcode opcode, TValueNumber leftOperand, TValueNumber rightOperand |
+      binaryValueNumber(instr, irFunc, opcode, leftOperand, rightOperand) and
+      result = TBinaryValueNumber(irFunc, opcode, leftOperand, rightOperand)
+    )
+    or
+    exists(Opcode opcode, TValueNumber operand |
+      unaryValueNumber(instr, irFunc, opcode, operand) and
+      result = TUnaryValueNumber(irFunc, opcode, operand)
+    )
+    or
+    exists(
+      Opcode opcode, Language::Class baseClass, Language::Class derivedClass, TValueNumber operand
+    |
+      inheritanceConversionValueNumber(instr, irFunc, opcode, baseClass, derivedClass, operand) and
+      result = TInheritanceConversionValueNumber(irFunc, opcode, baseClass, derivedClass, operand)
+    )
+    or
+    exists(Opcode opcode, int elementSize, TValueNumber leftOperand, TValueNumber rightOperand |
+      pointerArithmeticValueNumber(instr, irFunc, opcode, elementSize, leftOperand, rightOperand) and
+      result = TPointerArithmeticValueNumber(irFunc, opcode, elementSize, leftOperand, rightOperand)
+    )
+    or
+    exists(IRType type, TValueNumber memOperand, TValueNumber operand |
+      loadTotalOverlapValueNumber(instr, irFunc, type, memOperand, operand) and
+      result = TLoadTotalOverlapValueNumber(irFunc, type, memOperand, operand)
+    )
+    or
+    // The value number of a copy is just the value number of its source value.
+    result = tvalueNumber(instr.(CongruentCopyInstruction).getSourceValue())
+    or
+    // The value number of a type-preserving conversion is just the value
+    // number of the unconverted value.
+    result = tvalueNumber(instr.(TypePreservingConvertInstruction).getUnary())
  )
 }
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/internal/ValueNumberingInternal.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/internal/ValueNumberingInternal.qll
@@ -41,7 +41,7 @@ newtype TValueNumber =
  ) {
    loadTotalOverlapValueNumber(_, irFunc, type, memOperand, operand)
  } or
-  TUniqueValueNumber(IRFunction irFunc, Instruction instr) { uniqueValueNumber(instr, irFunc) }
+  TUniqueValueNumber(Instruction instr) { uniqueValueNumber(instr) }

 /**
 * A `ConvertInstruction` which converts data of type `T` to data of type `U`
@@ -129,12 +129,14 @@ private predicate filteredNumberableInstruction(Instruction instr) {
    count(instr.(InheritanceConversionInstruction).getBaseClass()) != 1 or
    count(instr.(InheritanceConversionInstruction).getDerivedClass()) != 1
  )
+  or
+  count(instr.getEnclosingIRFunction()) != 1
 }

 private predicate variableAddressValueNumber(
  VariableAddressInstruction instr, IRFunction irFunc, Language::AST ast
 ) {
-  instr.getEnclosingIRFunction() = irFunc and
+  unique( | | instr.getEnclosingIRFunction()) = irFunc and
  // The underlying AST element is used as value-numbering key instead of the
  // `IRVariable` to work around a problem where a variable or expression with
  // multiple types gives rise to multiple `IRVariable`s.
@@ -144,7 +146,7 @@ private predicate variableAddressValueNumber(
 private predicate initializeParameterValueNumber(
  InitializeParameterInstruction instr, IRFunction irFunc, Language::AST var
 ) {
-  instr.getEnclosingIRFunction() = irFunc and
+  unique( | | instr.getEnclosingIRFunction()) = irFunc and
  // The underlying AST element is used as value-numbering key instead of the
  // `IRVariable` to work around a problem where a variable or expression with
  // multiple types gives rise to multiple `IRVariable`s.
@@ -154,7 +156,7 @@ private predicate initializeParameterValueNumber(
 private predicate constantValueNumber(
  ConstantInstruction instr, IRFunction irFunc, IRType type, string value
 ) {
-  instr.getEnclosingIRFunction() = irFunc and
+  unique( | | instr.getEnclosingIRFunction()) = irFunc and
  unique( | | instr.getResultIRType()) = type and
  instr.getValue() = value
 }
@@ -162,7 +164,7 @@ private predicate constantValueNumber(
 private predicate stringConstantValueNumber(
  StringConstantInstruction instr, IRFunction irFunc, IRType type, string value
 ) {
-  instr.getEnclosingIRFunction() = irFunc and
+  unique( | | instr.getEnclosingIRFunction()) = irFunc and
  instr.getResultIRType() = type and
  instr.getValue().getValue() = value
 }
@@ -171,7 +173,7 @@ private predicate fieldAddressValueNumber(
  FieldAddressInstruction instr, IRFunction irFunc, Language::Field field,
  TValueNumber objectAddress
 ) {
-  instr.getEnclosingIRFunction() = irFunc and
+  unique( | | instr.getEnclosingIRFunction()) = irFunc and
  unique( | | instr.getField()) = field and
  tvalueNumber(instr.getObjectAddress()) = objectAddress
 }
@@ -182,7 +184,7 @@ private predicate binaryValueNumber0(
  TValueNumber valueNumber
 ) {
  not instr instanceof PointerArithmeticInstruction and
-  instr.getEnclosingIRFunction() = irFunc and
+  unique( | | instr.getEnclosingIRFunction()) = irFunc and
  instr.getOpcode() = opcode and
  (
    isLeft = true and
@@ -206,7 +208,7 @@ private predicate pointerArithmeticValueNumber0(
  PointerArithmeticInstruction instr, IRFunction irFunc, Opcode opcode, int elementSize,
  boolean isLeft, TValueNumber valueNumber
 ) {
-  instr.getEnclosingIRFunction() = irFunc and
+  unique( | | instr.getEnclosingIRFunction()) = irFunc and
  instr.getOpcode() = opcode and
  instr.getElementSize() = elementSize and
  (
@@ -229,7 +231,7 @@ private predicate pointerArithmeticValueNumber(
 private predicate unaryValueNumber(
  UnaryInstruction instr, IRFunction irFunc, Opcode opcode, TValueNumber operand
 ) {
-  instr.getEnclosingIRFunction() = irFunc and
+  unique( | | instr.getEnclosingIRFunction()) = irFunc and
  not instr instanceof InheritanceConversionInstruction and
  not instr instanceof CopyInstruction and
  not instr instanceof FieldAddressInstruction and
@@ -242,7 +244,7 @@ private predicate inheritanceConversionValueNumber(
  InheritanceConversionInstruction instr, IRFunction irFunc, Opcode opcode,
  Language::Class baseClass, Language::Class derivedClass, TValueNumber operand
 ) {
-  instr.getEnclosingIRFunction() = irFunc and
+  unique( | | instr.getEnclosingIRFunction()) = irFunc and
  instr.getOpcode() = opcode and
  tvalueNumber(instr.getUnary()) = operand and
  unique( | | instr.getBaseClass()) = baseClass and
@@ -254,7 +256,7 @@ private predicate loadTotalOverlapValueNumber0(
  LoadTotalOverlapInstruction instr, IRFunction irFunc, IRType type, TValueNumber valueNumber,
  boolean isAddress
 ) {
-  instr.getEnclosingIRFunction() = irFunc and
+  unique( | | instr.getEnclosingIRFunction()) = irFunc and
  instr.getResultIRType() = type and
  (
    isAddress = true and
@@ -277,8 +279,7 @@ private predicate loadTotalOverlapValueNumber(
 * Holds if `instr` should be assigned a unique value number because this library does not know how
 * to determine if two instances of that instruction are equivalent.
 */
-private predicate uniqueValueNumber(Instruction instr, IRFunction irFunc) {
-  instr.getEnclosingIRFunction() = irFunc and
+private predicate uniqueValueNumber(Instruction instr) {
  not instr.getResultIRType() instanceof IRVoidType and
  (
    not numberableInstruction(instr)
@@ -294,10 +295,8 @@ cached
 TValueNumber tvalueNumber(Instruction instr) {
  result = nonUniqueValueNumber(instr)
  or
-  exists(IRFunction irFunc |
-    uniqueValueNumber(instr, irFunc) and
-    result = TUniqueValueNumber(irFunc, instr)
-  )
+  uniqueValueNumber(instr) and
+  result = TUniqueValueNumber(instr)
 }

 /**
@@ -311,68 +310,64 @@ TValueNumber tvalueNumberOfOperand(Operand op) { result = tvalueNumber(op.getDef
 * value number.
 */
 private TValueNumber nonUniqueValueNumber(Instruction instr) {
-  exists(IRFunction irFunc |
-    irFunc = instr.getEnclosingIRFunction() and
-    (
-      exists(Language::AST ast |
-        variableAddressValueNumber(instr, irFunc, ast) and
-        result = TVariableAddressValueNumber(irFunc, ast)
-      )
-      or
-      exists(Language::AST var |
-        initializeParameterValueNumber(instr, irFunc, var) and
-        result = TInitializeParameterValueNumber(irFunc, var)
-      )
-      or
-      exists(string value, IRType type |
-        constantValueNumber(instr, irFunc, type, value) and
-        result = TConstantValueNumber(irFunc, type, value)
-      )
-      or
-      exists(IRType type, string value |
-        stringConstantValueNumber(instr, irFunc, type, value) and
-        result = TStringConstantValueNumber(irFunc, type, value)
-      )
-      or
-      exists(Language::Field field, TValueNumber objectAddress |
-        fieldAddressValueNumber(instr, irFunc, field, objectAddress) and
-        result = TFieldAddressValueNumber(irFunc, field, objectAddress)
-      )
-      or
-      exists(Opcode opcode, TValueNumber leftOperand, TValueNumber rightOperand |
-        binaryValueNumber(instr, irFunc, opcode, leftOperand, rightOperand) and
-        result = TBinaryValueNumber(irFunc, opcode, leftOperand, rightOperand)
-      )
-      or
-      exists(Opcode opcode, TValueNumber operand |
-        unaryValueNumber(instr, irFunc, opcode, operand) and
-        result = TUnaryValueNumber(irFunc, opcode, operand)
-      )
-      or
-      exists(
-        Opcode opcode, Language::Class baseClass, Language::Class derivedClass, TValueNumber operand
-      |
-        inheritanceConversionValueNumber(instr, irFunc, opcode, baseClass, derivedClass, operand) and
-        result = TInheritanceConversionValueNumber(irFunc, opcode, baseClass, derivedClass, operand)
-      )
-      or
-      exists(Opcode opcode, int elementSize, TValueNumber leftOperand, TValueNumber rightOperand |
-        pointerArithmeticValueNumber(instr, irFunc, opcode, elementSize, leftOperand, rightOperand) and
-        result =
-          TPointerArithmeticValueNumber(irFunc, opcode, elementSize, leftOperand, rightOperand)
-      )
-      or
-      exists(IRType type, TValueNumber memOperand, TValueNumber operand |
-        loadTotalOverlapValueNumber(instr, irFunc, type, memOperand, operand) and
-        result = TLoadTotalOverlapValueNumber(irFunc, type, memOperand, operand)
-      )
-      or
-      // The value number of a copy is just the value number of its source value.
-      result = tvalueNumber(instr.(CongruentCopyInstruction).getSourceValue())
-      or
-      // The value number of a type-preserving conversion is just the value
-      // number of the unconverted value.
-      result = tvalueNumber(instr.(TypePreservingConvertInstruction).getUnary())
+  exists(IRFunction irFunc | irFunc = instr.getEnclosingIRFunction() |
+    exists(Language::AST ast |
+      variableAddressValueNumber(instr, irFunc, ast) and
+      result = TVariableAddressValueNumber(irFunc, ast)
    )
+    or
+    exists(Language::AST var |
+      initializeParameterValueNumber(instr, irFunc, var) and
+      result = TInitializeParameterValueNumber(irFunc, var)
+    )
+    or
+    exists(string value, IRType type |
+      constantValueNumber(instr, irFunc, type, value) and
+      result = TConstantValueNumber(irFunc, type, value)
+    )
+    or
+    exists(IRType type, string value |
+      stringConstantValueNumber(instr, irFunc, type, value) and
+      result = TStringConstantValueNumber(irFunc, type, value)
+    )
+    or
+    exists(Language::Field field, TValueNumber objectAddress |
+      fieldAddressValueNumber(instr, irFunc, field, objectAddress) and
+      result = TFieldAddressValueNumber(irFunc, field, objectAddress)
+    )
+    or
+    exists(Opcode opcode, TValueNumber leftOperand, TValueNumber rightOperand |
+      binaryValueNumber(instr, irFunc, opcode, leftOperand, rightOperand) and
+      result = TBinaryValueNumber(irFunc, opcode, leftOperand, rightOperand)
+    )
+    or
+    exists(Opcode opcode, TValueNumber operand |
+      unaryValueNumber(instr, irFunc, opcode, operand) and
+      result = TUnaryValueNumber(irFunc, opcode, operand)
+    )
+    or
+    exists(
+      Opcode opcode, Language::Class baseClass, Language::Class derivedClass, TValueNumber operand
+    |
+      inheritanceConversionValueNumber(instr, irFunc, opcode, baseClass, derivedClass, operand) and
+      result = TInheritanceConversionValueNumber(irFunc, opcode, baseClass, derivedClass, operand)
+    )
+    or
+    exists(Opcode opcode, int elementSize, TValueNumber leftOperand, TValueNumber rightOperand |
+      pointerArithmeticValueNumber(instr, irFunc, opcode, elementSize, leftOperand, rightOperand) and
+      result = TPointerArithmeticValueNumber(irFunc, opcode, elementSize, leftOperand, rightOperand)
+    )
+    or
+    exists(IRType type, TValueNumber memOperand, TValueNumber operand |
+      loadTotalOverlapValueNumber(instr, irFunc, type, memOperand, operand) and
+      result = TLoadTotalOverlapValueNumber(irFunc, type, memOperand, operand)
+    )
+    or
+    // The value number of a copy is just the value number of its source value.
+    result = tvalueNumber(instr.(CongruentCopyInstruction).getSourceValue())
+    or
+    // The value number of a type-preserving conversion is just the value
+    // number of the unconverted value.
+    result = tvalueNumber(instr.(TypePreservingConvertInstruction).getUnary())
  )
 }
--- a/cpp/ql/src/CHANGELOG.md
+++ b/cpp/ql/src/CHANGELOG.md
@@ -1,3 +1,19 @@
+## 1.5.1
+
+No user-facing changes.
+
+## 1.5.0
+
+### Major Analysis Improvements
+
+* The queries `cpp/wrong-type-format-argument`, `cpp/comparison-with-wider-type`, `cpp/integer-multiplication-cast-to-long`, `cpp/implicit-function-declaration` and `cpp/suspicious-add-sizeof` have had their precisions reduced from `high` to `medium`. They will also now give alerts for projects built with `build-mode: none`.
+* The queries `cpp/wrong-type-format-argument`, `cpp/comparison-with-wider-type`, `cpp/integer-multiplication-cast-to-long` and `cpp/suspicious-add-sizeof` are no longer included in the `code-scanning` suite.
+
+### Bug Fixes
+
+* The predicate `occurenceCount` in the file module `MagicConstants` has been deprecated. Use `occurrenceCount` instead.
+* The predicate `additionalAdditionOrSubstractionCheckForLeapYear` in the file module `LeapYear` has been deprecated. Use `additionalAdditionOrSubtractionCheckForLeapYear` instead.
+
 ## 1.4.7

 ### Bug Fixes
--- a/cpp/ql/src/Critical/ScanfChecks.qll
+++ b/cpp/ql/src/Critical/ScanfChecks.qll
@@ -4,13 +4,9 @@ private import semmle.code.cpp.controlflow.IRGuards
 private import semmle.code.cpp.ir.ValueNumbering

 private predicate exprInBooleanContext(Expr e) {
-  exists(IRGuardCondition gc |
-    exists(Instruction i |
-      i.getUnconvertedResultExpression() = e and
-      gc.comparesEq(valueNumber(i).getAUse(), 0, _, _)
-    )
-    or
-    gc.getUnconvertedResultExpression() = e
+  exists(IRGuardCondition gc, Instruction i |
+    i.getUnconvertedResultExpression() = e and
+    gc.comparesEq(valueNumber(i).getAUse(), 0, _, _)
  )
 }

@@ -36,20 +32,18 @@ private string getEofValue() {
 * Holds if the value of `call` has been checked to not equal `EOF`.
 */
 private predicate checkedForEof(ScanfFunctionCall call) {
-  exists(IRGuardCondition gc |
-    exists(CallInstruction i | i.getUnconvertedResultExpression() = call |
-      exists(int val | gc.comparesEq(valueNumber(i).getAUse(), val, _, _) |
-        // call == EOF
-        val = getEofValue().toInt()
-        or
-        // call == [any positive number]
-        val > 0
-      )
+  exists(IRGuardCondition gc, CallInstruction i | i.getUnconvertedResultExpression() = call |
+    exists(int val | gc.comparesEq(valueNumber(i).getAUse(), val, _, _) |
+      // call == EOF
+      val = getEofValue().toInt()
      or
-      exists(int val | gc.comparesLt(valueNumber(i).getAUse(), val, true, _) |
-        // call < [any non-negative number] (EOF is guaranteed to be negative)
-        val >= 0
-      )
+      // call == [any positive number]
+      val > 0
+    )
+    or
+    exists(int val | gc.comparesLt(valueNumber(i).getAUse(), val, true, _) |
+      // call < [any non-negative number] (EOF is guaranteed to be negative)
+      val >= 0
    )
  )
 }
--- a/Bugs/Arithmetic/IntMultToLong.ql
+++ b/Bugs/Arithmetic/IntMultToLong.ql
@@ -5,7 +5,7 @@
 * @kind problem
 * @problem.severity warning
 * @security-severity 8.1
- * @precision high
+ * @precision medium
 * @id cpp/integer-multiplication-cast-to-long
 * @tags reliability
 *       security
@@ -179,7 +179,6 @@ predicate overflows(MulExpr me, Type t) {

 from MulExpr me, Type t1, Type t2
 where
-  not any(Compilation c).buildModeNone() and
  t1 = me.getType().getUnderlyingType() and
  t2 = me.getConversion().getType().getUnderlyingType() and
  t1.getSize() < t2.getSize() and
--- a/Bugs/Format/WrongTypeFormatArguments.ql
+++ b/Bugs/Format/WrongTypeFormatArguments.ql
@@ -5,7 +5,7 @@
 * @kind problem
 * @problem.severity error
 * @security-severity 7.5
- * @precision high
+ * @precision medium
 * @id cpp/wrong-type-format-argument
 * @tags reliability
 *       correctness
@@ -154,7 +154,6 @@ int sizeof_IntType() { exists(IntType it | result = it.getSize()) }

 from FormattingFunctionCall ffc, int n, Expr arg, Type expected, Type actual
 where
-  not any(Compilation c).buildModeNone() and
  (
    formattingFunctionCallExpectedType(ffc, n, expected) and
    formattingFunctionCallActualType(ffc, n, arg, actual) and
--- a/Functions/ImplicitFunctionDeclaration.ql
+++ b/Functions/ImplicitFunctionDeclaration.ql
@@ -5,7 +5,7 @@
 * may lead to unpredictable behavior.
 * @kind problem
 * @problem.severity warning
- * @precision high
+ * @precision medium
 * @id cpp/implicit-function-declaration
 * @tags correctness
 *       maintainability
@@ -38,7 +38,6 @@ predicate isCompiledAsC(File f) {

 from FunctionDeclarationEntry fdeIm, FunctionCall fc
 where
-  not any(Compilation c).buildModeNone() and
  isCompiledAsC(fdeIm.getFile()) and
  not isFromMacroDefinition(fc) and
  fdeIm.isImplicit() and
--- a/cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.ql
+++ b/cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.ql
@@ -109,7 +109,7 @@ predicate lessThanOrEqual(IRGuardCondition g, Expr e, boolean branch) {
    g.comparesEq(left, _, _, true, branch)
  |
    interestingLessThanOrEqual(left) and
-    left.getDef().getUnconvertedResultExpression() = e
+    left.getDef().getConvertedResultExpression() = e
  )
 }

--- a/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql
+++ b/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql
@@ -6,7 +6,7 @@
 * @kind problem
 * @problem.severity warning
 * @security-severity 7.8
- * @precision high
+ * @precision medium
 * @tags reliability
 *       security
 *       external/cwe/cwe-190
@@ -51,7 +51,6 @@ int getComparisonSizeAdjustment(Expr e) {

 from Loop l, RelationalOperation rel, VariableAccess small, Expr large
 where
-  not any(Compilation c).buildModeNone() and
  small = rel.getLesserOperand() and
  large = rel.getGreaterOperand() and
  rel = l.getCondition().getAChild*() and
--- a/cpp/ql/src/Security/CWE/CWE-295/SSLResultNotChecked.ql
+++ b/cpp/ql/src/Security/CWE/CWE-295/SSLResultNotChecked.ql
@@ -55,30 +55,9 @@ predicate resultIsChecked(SslGetPeerCertificateCall getCertCall, ControlFlowNode
 predicate certIsZero(
  SslGetPeerCertificateCall getCertCall, ControlFlowNode node1, ControlFlowNode node2
 ) {
-  exists(Expr cert | cert = globalValueNumber(getCertCall).getAnExpr() |
-    exists(GuardCondition guard, Expr zero |
-      zero.getValue().toInt() = 0 and
-      node1 = guard and
-      (
-        // if (cert == zero) {
-        guard.comparesEq(cert, zero, 0, true, true) and
-        node2 = guard.getATrueSuccessor()
-        or
-        // if (cert != zero) { }
-        guard.comparesEq(cert, zero, 0, false, true) and
-        node2 = guard.getAFalseSuccessor()
-      )
-    )
-    or
-    (
-      // if (cert) { }
-      node1 = cert
-      or
-      // if (!cert) {
-      node1.(NotExpr).getAChild() = cert
-    ) and
-    node2 = node1.getASuccessor() and
-    not cert.(GuardCondition).controls(node2, true) // cert may be false
+  exists(Expr cert |
+    cert = globalValueNumber(getCertCall).getAnExpr() and
+    node1.(GuardCondition).ensuresEqEdge(cert, 0, _, node2.getBasicBlock(), true)
  )
 }

--- a/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql
+++ b/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql
@@ -6,7 +6,7 @@
 * @kind problem
 * @problem.severity warning
 * @security-severity 8.8
- * @precision high
+ * @precision medium
 * @id cpp/suspicious-add-sizeof
 * @tags security
 *       external/cwe/cwe-468
@@ -24,7 +24,6 @@ private predicate isCharSzPtrExpr(Expr e) {

 from Expr sizeofExpr, Expr e
 where
-  not any(Compilation c).buildModeNone() and
  // If we see an addWithSizeof then we expect the type of
  // the pointer expression to be `char*` or `void*`. Otherwise it
  // is probably a mistake.
--- a/cpp/ql/src/change-notes/2025-09-03-rename-api.md
+++ b/cpp/ql/src/change-notes/2025-09-03-rename-api.md
@@ -1,5 +0,0 @@
---
-category: fix
---
-* The predicate `occurenceCount` in the file module `MagicConstants` has been deprecated. Use `occurrenceCount` instead.
-* The predicate `additionalAdditionOrSubstractionCheckForLeapYear` in the file module `LeapYear` has been deprecated. Use `additionalAdditionOrSubtractionCheckForLeapYear` instead.
--- a/cpp/ql/src/change-notes/released/1.5.0.md
+++ b/cpp/ql/src/change-notes/released/1.5.0.md
@@ -0,0 +1,11 @@
+## 1.5.0
+
+### Major Analysis Improvements
+
+* The queries `cpp/wrong-type-format-argument`, `cpp/comparison-with-wider-type`, `cpp/integer-multiplication-cast-to-long`, `cpp/implicit-function-declaration` and `cpp/suspicious-add-sizeof` have had their precisions reduced from `high` to `medium`. They will also now give alerts for projects built with `build-mode: none`.
+* The queries `cpp/wrong-type-format-argument`, `cpp/comparison-with-wider-type`, `cpp/integer-multiplication-cast-to-long` and `cpp/suspicious-add-sizeof` are no longer included in the `code-scanning` suite.
+
+### Bug Fixes
+
+* The predicate `occurenceCount` in the file module `MagicConstants` has been deprecated. Use `occurrenceCount` instead.
+* The predicate `additionalAdditionOrSubstractionCheckForLeapYear` in the file module `LeapYear` has been deprecated. Use `additionalAdditionOrSubtractionCheckForLeapYear` instead.
--- a/cpp/ql/src/change-notes/released/1.5.1.md
+++ b/cpp/ql/src/change-notes/released/1.5.1.md
@@ -0,0 +1,3 @@
+## 1.5.1
+
+No user-facing changes.
--- a/cpp/ql/src/codeql-pack.release.yml
+++ b/cpp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.4.7
+lastReleaseVersion: 1.5.1
--- a/cpp/ql/src/qlpack.yml
+++ b/cpp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 1.4.8-dev
+version: 1.5.1
 groups:
  - cpp
  - queries
--- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected
+++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected
@@ -50,37 +50,21 @@ argHasPostUpdate
 postWithInFlow
 | BarrierGuard.cpp:49:6:49:6 | x [post update] | PostUpdateNode should not be the target of local flow. |
 | BarrierGuard.cpp:60:7:60:7 | x [post update] | PostUpdateNode should not be the target of local flow. |
-| clang.cpp:22:9:22:20 | sourceArray1 [inner post update] | PostUpdateNode should not be the target of local flow. |
-| clang.cpp:23:18:23:29 | sourceArray1 [inner post update] | PostUpdateNode should not be the target of local flow. |
 | clang.cpp:29:22:29:23 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
-| clang.cpp:51:3:51:12 | stackArray [inner post update] | PostUpdateNode should not be the target of local flow. |
 | clang.cpp:51:3:51:15 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
 | dispatch.cpp:60:3:60:14 | globalBottom [post update] | PostUpdateNode should not be the target of local flow. |
 | dispatch.cpp:61:3:61:14 | globalMiddle [post update] | PostUpdateNode should not be the target of local flow. |
-| dispatch.cpp:78:24:78:37 | call to allocateBottom [inner post update] | PostUpdateNode should not be the target of local flow. |
 | dispatch.cpp:148:5:148:5 | f [post update] | PostUpdateNode should not be the target of local flow. |
 | dispatch.cpp:168:8:168:8 | f [post update] | PostUpdateNode should not be the target of local flow. |
 | example.c:24:9:24:9 | x [post update] | PostUpdateNode should not be the target of local flow. |
 | example.c:24:20:24:20 | y [post update] | PostUpdateNode should not be the target of local flow. |
 | example.c:26:9:26:9 | x [post update] | PostUpdateNode should not be the target of local flow. |
-| example.c:26:19:26:24 | coords [inner post update] | PostUpdateNode should not be the target of local flow. |
-| example.c:28:23:28:25 | pos [inner post update] | PostUpdateNode should not be the target of local flow. |
 | flowOut.cpp:5:5:5:12 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
-| flowOut.cpp:5:6:5:12 | toTaint [inner post update] | PostUpdateNode should not be the target of local flow. |
 | flowOut.cpp:8:5:8:12 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
-| flowOut.cpp:8:6:8:12 | toTaint [inner post update] | PostUpdateNode should not be the target of local flow. |
-| flowOut.cpp:18:17:18:17 | x [inner post update] | PostUpdateNode should not be the target of local flow. |
-| flowOut.cpp:30:12:30:12 | x [inner post update] | PostUpdateNode should not be the target of local flow. |
-| flowOut.cpp:37:5:37:6 | p2 [inner post update] | PostUpdateNode should not be the target of local flow. |
 | flowOut.cpp:37:5:37:9 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
-| flowOut.cpp:84:3:84:7 | call to deref [inner post update] | PostUpdateNode should not be the target of local flow. |
 | flowOut.cpp:84:3:84:14 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
-| flowOut.cpp:84:10:84:10 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
 | flowOut.cpp:90:3:90:4 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
-| flowOut.cpp:90:4:90:4 | q [inner post update] | PostUpdateNode should not be the target of local flow. |
-| flowOut.cpp:101:14:101:14 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
 | flowOut.cpp:168:3:168:10 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
-| flowOut.cpp:168:4:168:10 | toTaint [inner post update] | PostUpdateNode should not be the target of local flow. |
 | globals.cpp:13:5:13:19 | flowTestGlobal1 [post update] | PostUpdateNode should not be the target of local flow. |
 | globals.cpp:23:5:23:19 | flowTestGlobal2 [post update] | PostUpdateNode should not be the target of local flow. |
 | lambdas.cpp:23:3:23:14 | v [post update] | PostUpdateNode should not be the target of local flow. |
@@ -106,57 +90,30 @@ postWithInFlow
 | ref.cpp:109:9:109:11 | val [post update] | PostUpdateNode should not be the target of local flow. |
 | ref.cpp:113:11:113:13 | val [post update] | PostUpdateNode should not be the target of local flow. |
 | ref.cpp:115:11:115:13 | val [post update] | PostUpdateNode should not be the target of local flow. |
-| self_parameter_flow.cpp:3:4:3:5 | ps [inner post update] | PostUpdateNode should not be the target of local flow. |
-| self_parameter_flow.cpp:8:9:8:9 | s [inner post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:91:3:91:9 | source1 [post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:115:3:115:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:115:4:115:6 | out [inner post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:120:3:120:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:120:4:120:6 | out [inner post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:125:3:125:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:125:4:125:6 | out [inner post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:333:5:333:13 | globalVar [post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:347:5:347:13 | globalVar [post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:359:5:359:9 | field [post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:373:5:373:9 | field [post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:384:10:384:13 | ref arg & ... | PostUpdateNode should not be the target of local flow. |
-| test.cpp:384:11:384:13 | tmp [inner post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:391:10:391:13 | ref arg & ... | PostUpdateNode should not be the target of local flow. |
-| test.cpp:391:11:391:13 | tmp [inner post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:400:10:400:13 | ref arg & ... | PostUpdateNode should not be the target of local flow. |
-| test.cpp:400:11:400:13 | tmp [inner post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:407:10:407:13 | ref arg & ... | PostUpdateNode should not be the target of local flow. |
-| test.cpp:407:11:407:13 | tmp [inner post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:423:21:423:25 | local [inner post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:441:19:441:23 | local [inner post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:472:3:472:4 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:472:4:472:4 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:477:22:477:22 | x [inner post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:506:3:506:4 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:506:4:506:4 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:512:35:512:35 | x [inner post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:519:3:519:12 | stackArray [inner post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:519:3:519:15 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:520:3:520:12 | stackArray [inner post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:520:3:520:15 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:526:3:526:4 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:526:4:526:4 | e [inner post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:531:40:531:40 | e [inner post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:537:5:537:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:537:6:537:6 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:542:5:542:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:542:6:542:6 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:548:25:548:25 | x [inner post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:552:25:552:25 | y [inner post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:562:5:562:13 | globalInt [post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:576:5:576:13 | globalInt [post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:589:19:589:19 | x [inner post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:596:3:596:4 | xs [inner post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:596:3:596:7 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:602:3:602:3 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:602:3:602:7 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:608:3:608:4 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:608:4:608:4 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:639:3:639:3 | x [post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:646:3:646:3 | x [post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:652:3:652:3 | x [post update] | PostUpdateNode should not be the target of local flow. |
@@ -167,40 +124,23 @@ postWithInFlow
 | test.cpp:681:3:681:3 | s [post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:689:3:689:3 | s [post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:690:3:690:3 | s [post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:694:4:694:6 | buf [inner post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:704:23:704:25 | buf [inner post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:715:25:715:25 | c [inner post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:728:3:728:4 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:728:4:728:4 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:734:41:734:41 | x [inner post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:808:5:808:21 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:808:6:808:21 | global_indirect1 [inner post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:832:5:832:17 | global_direct [post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:931:5:931:18 | global_pointer [post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:932:5:932:19 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:932:6:932:19 | global_pointer [inner post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:1045:9:1045:11 | ref arg buf | PostUpdateNode should not be the target of local flow. |
 | test.cpp:1066:5:1066:5 | i [post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:1069:5:1069:5 | i [post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:1087:5:1087:11 | content [post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:1088:9:1088:9 | a [inner post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:1092:5:1092:7 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:1092:6:1092:7 | pp [inner post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:1098:53:1098:53 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:1108:3:1108:4 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:1108:4:1108:4 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:1109:3:1109:4 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:1109:4:1109:4 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:1138:3:1138:13 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:1138:5:1138:8 | data [inner post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:1139:3:1139:7 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:1139:4:1139:7 | data [inner post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:1153:5:1153:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:1153:6:1153:6 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:1165:5:1165:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:1165:6:1165:6 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:1195:5:1195:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
-| test.cpp:1195:6:1195:6 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
 viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
--- a/cpp/ql/test/library-tests/dataflow/fields/dataflow-consistency.expected
+++ b/cpp/ql/test/library-tests/dataflow/fields/dataflow-consistency.expected
@@ -48,8 +48,6 @@ argHasPostUpdate
 postWithInFlow
 | A.cpp:25:13:25:13 | c [post update] | PostUpdateNode should not be the target of local flow. |
 | A.cpp:27:28:27:28 | c [post update] | PostUpdateNode should not be the target of local flow. |
-| A.cpp:42:11:42:12 | cc [inner post update] | PostUpdateNode should not be the target of local flow. |
-| A.cpp:43:11:43:12 | ct [inner post update] | PostUpdateNode should not be the target of local flow. |
 | A.cpp:100:9:100:9 | a [post update] | PostUpdateNode should not be the target of local flow. |
 | A.cpp:142:10:142:10 | c [post update] | PostUpdateNode should not be the target of local flow. |
 | A.cpp:143:13:143:13 | b [post update] | PostUpdateNode should not be the target of local flow. |
@@ -67,11 +65,9 @@ postWithInFlow
 | D.cpp:44:19:44:22 | elem [post update] | PostUpdateNode should not be the target of local flow. |
 | D.cpp:57:5:57:12 | boxfield [post update] | PostUpdateNode should not be the target of local flow. |
 | D.cpp:58:20:58:23 | elem [post update] | PostUpdateNode should not be the target of local flow. |
-| E.cpp:33:19:33:19 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
 | aliasing.cpp:9:6:9:7 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
 | aliasing.cpp:13:5:13:6 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
 | aliasing.cpp:17:5:17:6 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
-| aliasing.cpp:25:18:25:19 | s1 [inner post update] | PostUpdateNode should not be the target of local flow. |
 | aliasing.cpp:37:8:37:9 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
 | aliasing.cpp:42:6:42:7 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
 | aliasing.cpp:49:9:49:10 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
@@ -83,70 +79,31 @@ postWithInFlow
 | aliasing.cpp:92:7:92:8 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
 | aliasing.cpp:98:5:98:6 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
 | aliasing.cpp:106:3:106:5 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
-| aliasing.cpp:106:4:106:5 | pa [inner post update] | PostUpdateNode should not be the target of local flow. |
-| aliasing.cpp:111:18:111:19 | m1 [inner post update] | PostUpdateNode should not be the target of local flow. |
-| aliasing.cpp:126:15:126:16 | xs [inner post update] | PostUpdateNode should not be the target of local flow. |
-| aliasing.cpp:136:16:136:17 | xs [inner post update] | PostUpdateNode should not be the target of local flow. |
-| aliasing.cpp:147:16:147:16 | s [inner post update] | PostUpdateNode should not be the target of local flow. |
-| aliasing.cpp:147:21:147:22 | m1 [inner post update] | PostUpdateNode should not be the target of local flow. |
-| aliasing.cpp:175:21:175:22 | m1 [inner post update] | PostUpdateNode should not be the target of local flow. |
-| aliasing.cpp:181:21:181:22 | m1 [inner post update] | PostUpdateNode should not be the target of local flow. |
-| aliasing.cpp:187:21:187:22 | m1 [inner post update] | PostUpdateNode should not be the target of local flow. |
-| aliasing.cpp:194:21:194:22 | m1 [inner post update] | PostUpdateNode should not be the target of local flow. |
-| aliasing.cpp:200:23:200:24 | m1 [inner post update] | PostUpdateNode should not be the target of local flow. |
-| aliasing.cpp:205:23:205:24 | m1 [inner post update] | PostUpdateNode should not be the target of local flow. |
 | aliasing.cpp:215:14:215:15 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
 | aliasing.cpp:223:17:223:18 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
 | aliasing.cpp:234:19:234:20 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
 | aliasing.cpp:242:22:242:23 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
 | aliasing.cpp:252:5:252:31 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
-| aliasing.cpp:252:28:252:31 | data [inner post update] | PostUpdateNode should not be the target of local flow. |
 | aliasing.cpp:262:5:262:29 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
-| aliasing.cpp:262:26:262:29 | data [inner post update] | PostUpdateNode should not be the target of local flow. |
-| arrays.cpp:6:3:6:5 | arr [inner post update] | PostUpdateNode should not be the target of local flow. |
 | arrays.cpp:6:3:6:8 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
 | arrays.cpp:15:3:15:10 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
-| arrays.cpp:15:5:15:7 | arr [inner post update] | PostUpdateNode should not be the target of local flow. |
-| arrays.cpp:36:12:36:14 | arr [inner post update] | PostUpdateNode should not be the target of local flow. |
 | arrays.cpp:36:19:36:22 | data [post update] | PostUpdateNode should not be the target of local flow. |
-| arrays.cpp:37:17:37:19 | arr [inner post update] | PostUpdateNode should not be the target of local flow. |
-| arrays.cpp:38:17:38:19 | arr [inner post update] | PostUpdateNode should not be the target of local flow. |
-| arrays.cpp:42:15:42:17 | arr [inner post update] | PostUpdateNode should not be the target of local flow. |
 | arrays.cpp:42:22:42:25 | data [post update] | PostUpdateNode should not be the target of local flow. |
-| arrays.cpp:43:20:43:22 | arr [inner post update] | PostUpdateNode should not be the target of local flow. |
-| arrays.cpp:44:20:44:22 | arr [inner post update] | PostUpdateNode should not be the target of local flow. |
-| arrays.cpp:48:15:48:17 | ptr [inner post update] | PostUpdateNode should not be the target of local flow. |
 | arrays.cpp:48:22:48:25 | data [post update] | PostUpdateNode should not be the target of local flow. |
-| arrays.cpp:49:20:49:22 | ptr [inner post update] | PostUpdateNode should not be the target of local flow. |
-| arrays.cpp:50:20:50:22 | ptr [inner post update] | PostUpdateNode should not be the target of local flow. |
 | by_reference.cpp:12:8:12:8 | a [post update] | PostUpdateNode should not be the target of local flow. |
 | by_reference.cpp:16:11:16:11 | a [post update] | PostUpdateNode should not be the target of local flow. |
-| by_reference.cpp:68:18:68:18 | s [inner post update] | PostUpdateNode should not be the target of local flow. |
 | by_reference.cpp:84:10:84:10 | a [post update] | PostUpdateNode should not be the target of local flow. |
 | by_reference.cpp:88:9:88:9 | a [post update] | PostUpdateNode should not be the target of local flow. |
 | by_reference.cpp:92:3:92:5 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
-| by_reference.cpp:92:4:92:5 | pa [inner post update] | PostUpdateNode should not be the target of local flow. |
 | by_reference.cpp:96:3:96:4 | pa [post update] | PostUpdateNode should not be the target of local flow. |
-| by_reference.cpp:102:28:102:39 | inner_nested [inner post update] | PostUpdateNode should not be the target of local flow. |
-| by_reference.cpp:104:22:104:22 | a [inner post update] | PostUpdateNode should not be the target of local flow. |
-| by_reference.cpp:106:30:106:41 | inner_nested [inner post update] | PostUpdateNode should not be the target of local flow. |
-| by_reference.cpp:108:24:108:24 | a [inner post update] | PostUpdateNode should not be the target of local flow. |
-| by_reference.cpp:123:28:123:36 | inner_ptr [inner post update] | PostUpdateNode should not be the target of local flow. |
-| by_reference.cpp:127:30:127:38 | inner_ptr [inner post update] | PostUpdateNode should not be the target of local flow. |
 | clearning.cpp:19:3:19:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
-| clearning.cpp:19:6:19:6 | x [inner post update] | PostUpdateNode should not be the target of local flow. |
 | clearning.cpp:32:3:32:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
-| clearning.cpp:32:6:32:6 | x [inner post update] | PostUpdateNode should not be the target of local flow. |
 | clearning.cpp:39:3:39:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
-| clearning.cpp:39:6:39:6 | x [inner post update] | PostUpdateNode should not be the target of local flow. |
 | clearning.cpp:40:5:40:5 | x [post update] | PostUpdateNode should not be the target of local flow. |
 | clearning.cpp:47:5:47:5 | x [post update] | PostUpdateNode should not be the target of local flow. |
 | clearning.cpp:53:3:53:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
-| clearning.cpp:53:6:53:6 | x [inner post update] | PostUpdateNode should not be the target of local flow. |
 | clearning.cpp:75:2:75:10 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
-| clearning.cpp:75:4:75:6 | val [inner post update] | PostUpdateNode should not be the target of local flow. |
 | clearning.cpp:82:2:82:9 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
-| clearning.cpp:82:4:82:6 | val [inner post update] | PostUpdateNode should not be the target of local flow. |
 | clearning.cpp:83:7:83:9 | val [post update] | PostUpdateNode should not be the target of local flow. |
 | clearning.cpp:97:4:97:6 | val [post update] | PostUpdateNode should not be the target of local flow. |
 | clearning.cpp:124:4:124:6 | val [post update] | PostUpdateNode should not be the target of local flow. |
@@ -162,7 +119,6 @@ postWithInFlow
 | complex.cpp:11:22:11:23 | a_ [post update] | PostUpdateNode should not be the target of local flow. |
 | complex.cpp:12:22:12:23 | b_ [post update] | PostUpdateNode should not be the target of local flow. |
 | conflated.cpp:10:3:10:7 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
-| conflated.cpp:10:7:10:7 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
 | conflated.cpp:29:7:29:7 | x [post update] | PostUpdateNode should not be the target of local flow. |
 | conflated.cpp:36:7:36:7 | x [post update] | PostUpdateNode should not be the target of local flow. |
 | conflated.cpp:53:7:53:10 | next [post update] | PostUpdateNode should not be the target of local flow. |
@@ -174,19 +130,11 @@ postWithInFlow
 | qualifiers.cpp:12:56:12:56 | a [post update] | PostUpdateNode should not be the target of local flow. |
 | qualifiers.cpp:13:57:13:57 | a [post update] | PostUpdateNode should not be the target of local flow. |
 | qualifiers.cpp:22:23:22:23 | a [post update] | PostUpdateNode should not be the target of local flow. |
-| qualifiers.cpp:37:26:37:33 | call to getInner [inner post update] | PostUpdateNode should not be the target of local flow. |
-| qualifiers.cpp:42:13:42:20 | call to getInner [inner post update] | PostUpdateNode should not be the target of local flow. |
 | qualifiers.cpp:42:25:42:25 | a [post update] | PostUpdateNode should not be the target of local flow. |
-| qualifiers.cpp:47:7:47:11 | outer [inner post update] | PostUpdateNode should not be the target of local flow. |
 | qualifiers.cpp:47:27:47:27 | a [post update] | PostUpdateNode should not be the target of local flow. |
-| realistic.cpp:49:13:49:15 | bar [inner post update] | PostUpdateNode should not be the target of local flow. |
 | realistic.cpp:49:20:49:22 | baz [post update] | PostUpdateNode should not be the target of local flow. |
-| realistic.cpp:53:13:53:15 | bar [inner post update] | PostUpdateNode should not be the target of local flow. |
 | realistic.cpp:53:35:53:43 | bufferLen [post update] | PostUpdateNode should not be the target of local flow. |
-| realistic.cpp:54:20:54:22 | bar [inner post update] | PostUpdateNode should not be the target of local flow. |
 | realistic.cpp:60:16:60:18 | ref arg dst | PostUpdateNode should not be the target of local flow. |
-| realistic.cpp:61:25:61:27 | bar [inner post update] | PostUpdateNode should not be the target of local flow. |
-| realistic.cpp:65:25:65:27 | bar [inner post update] | PostUpdateNode should not be the target of local flow. |
 | simple.cpp:20:24:20:25 | a_ [post update] | PostUpdateNode should not be the target of local flow. |
 | simple.cpp:21:24:21:25 | b_ [post update] | PostUpdateNode should not be the target of local flow. |
 | simple.cpp:65:7:65:7 | i [post update] | PostUpdateNode should not be the target of local flow. |
@@ -194,9 +142,6 @@ postWithInFlow
 | simple.cpp:92:7:92:7 | i [post update] | PostUpdateNode should not be the target of local flow. |
 | simple.cpp:118:7:118:7 | i [post update] | PostUpdateNode should not be the target of local flow. |
 | simple.cpp:124:5:124:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
-| simple.cpp:124:6:124:6 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
-| struct_init.c:24:11:24:12 | ab [inner post update] | PostUpdateNode should not be the target of local flow. |
-| struct_init.c:36:17:36:24 | nestedAB [inner post update] | PostUpdateNode should not be the target of local flow. |
 viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
--- a/cpp/ql/test/library-tests/dataflow/models-as-data/consistency.expected
+++ b/cpp/ql/test/library-tests/dataflow/models-as-data/consistency.expected
@@ -18,7 +18,6 @@ postIsInSameCallable
 reverseRead
 argHasPostUpdate
 postWithInFlow
-| tests.cpp:436:6:436:25 | [summary] to write: Argument[1] in madCallArg0WithValue | PostUpdateNode should not be the target of local flow. |
 viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
--- a/cpp/ql/test/library-tests/permissive/accesses.expected
+++ b/cpp/ql/test/library-tests/permissive/accesses.expected
@@ -1 +0,0 @@
-| permissive.cpp:6:5:6:7 | str |
--- a/cpp/ql/test/library-tests/permissive/calls.expected
+++ b/cpp/ql/test/library-tests/permissive/calls.expected
@@ -1 +0,0 @@
-| permissive.cpp:6:3:6:3 | call to f | permissive.cpp:2:13:2:13 | f |
--- a/cpp/ql/test/library-tests/permissive/permissive.cpp
+++ b/cpp/ql/test/library-tests/permissive/permissive.cpp
@@ -1,8 +0,0 @@
-// semmle-extractor-options: --edg --permissive
-static void f(char* foo) {}
-
-static void g(void) {
-  const char* str = "foo";
-  f(str);
-}
-
--- a/cpp/ql/test/library-tests/syntax-zoo/dataflow-consistency.expected
+++ b/cpp/ql/test/library-tests/syntax-zoo/dataflow-consistency.expected
@@ -48,21 +48,10 @@ argHasPostUpdate
 | ir.cpp:623:5:623:5 | r | ArgumentNode is missing PostUpdateNode. |
 | ir.cpp:625:5:625:5 | s | ArgumentNode is missing PostUpdateNode. |
 postWithInFlow
-| VacuousDestructorCall.cpp:10:22:10:22 | i [inner post update] | PostUpdateNode should not be the target of local flow. |
 | allocators.cpp:4:18:4:20 | m_x [post update] | PostUpdateNode should not be the target of local flow. |
 | allocators.cpp:4:24:4:26 | m_y [post update] | PostUpdateNode should not be the target of local flow. |
 | assignexpr.cpp:11:4:11:4 | i [post update] | PostUpdateNode should not be the target of local flow. |
-| builtin.c:34:23:34:31 | staticint [inner post update] | PostUpdateNode should not be the target of local flow. |
-| builtin.c:39:37:39:45 | carry_out [inner post update] | PostUpdateNode should not be the target of local flow. |
-| builtin.c:43:41:43:49 | staticint [inner post update] | PostUpdateNode should not be the target of local flow. |
-| builtin.c:51:30:51:38 | staticint [inner post update] | PostUpdateNode should not be the target of local flow. |
-| builtin.c:54:29:54:38 | atomic_int [inner post update] | PostUpdateNode should not be the target of local flow. |
 | condition_decls.cpp:3:5:3:9 | m_ptr [post update] | PostUpdateNode should not be the target of local flow. |
-| condition_decls.cpp:17:11:17:15 | m_ptr [inner post update] | PostUpdateNode should not be the target of local flow. |
-| condition_decls.cpp:20:11:20:15 | m_ptr [inner post update] | PostUpdateNode should not be the target of local flow. |
-| condition_decls.cpp:28:11:28:15 | m_ptr [inner post update] | PostUpdateNode should not be the target of local flow. |
-| condition_decls.cpp:31:11:31:15 | m_ptr [inner post update] | PostUpdateNode should not be the target of local flow. |
-| condition_decls.cpp:34:9:34:13 | m_ptr [inner post update] | PostUpdateNode should not be the target of local flow. |
 | conditional_destructors.cpp:6:13:6:15 | val [post update] | PostUpdateNode should not be the target of local flow. |
 | conditional_destructors.cpp:18:13:18:15 | val [post update] | PostUpdateNode should not be the target of local flow. |
 | cpp11.cpp:7:7:7:8 | el [post update] | PostUpdateNode should not be the target of local flow. |
@@ -70,26 +59,16 @@ postWithInFlow
 | cpp11.cpp:82:11:82:14 | call to Val | PostUpdateNode should not be the target of local flow. |
 | cpp11.cpp:82:45:82:48 | call to Val | PostUpdateNode should not be the target of local flow. |
 | cpp11.cpp:82:51:82:51 | call to Val | PostUpdateNode should not be the target of local flow. |
-| ir.cpp:177:5:177:5 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
 | ir.cpp:177:5:177:8 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
 | ir.cpp:178:5:178:8 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
-| ir.cpp:178:7:178:7 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
-| ir.cpp:183:5:183:5 | a [inner post update] | PostUpdateNode should not be the target of local flow. |
 | ir.cpp:183:5:183:8 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
 | ir.cpp:184:5:184:8 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
-| ir.cpp:184:7:184:7 | a [inner post update] | PostUpdateNode should not be the target of local flow. |
 | ir.cpp:342:5:342:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
-| ir.cpp:342:6:342:6 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
 | ir.cpp:428:8:428:8 | x [post update] | PostUpdateNode should not be the target of local flow. |
 | ir.cpp:429:8:429:8 | y [post update] | PostUpdateNode should not be the target of local flow. |
 | ir.cpp:644:15:644:17 | m_a [post update] | PostUpdateNode should not be the target of local flow. |
-| ir.cpp:645:11:645:14 | this [inner post update] | PostUpdateNode should not be the target of local flow. |
 | ir.cpp:645:17:645:19 | m_a [post update] | PostUpdateNode should not be the target of local flow. |
 | ir.cpp:646:9:646:11 | m_a [post update] | PostUpdateNode should not be the target of local flow. |
-| ir.cpp:655:11:655:14 | this [inner post update] | PostUpdateNode should not be the target of local flow. |
-| ir.cpp:747:8:747:8 | base_s [inner post update] | PostUpdateNode should not be the target of local flow. |
-| ir.cpp:756:8:756:8 | middle_s [inner post update] | PostUpdateNode should not be the target of local flow. |
-| ir.cpp:765:8:765:8 | derived_s [inner post update] | PostUpdateNode should not be the target of local flow. |
 | ir.cpp:811:7:811:13 | call to Base | PostUpdateNode should not be the target of local flow. |
 | ir.cpp:812:7:812:26 | call to Base | PostUpdateNode should not be the target of local flow. |
 | ir.cpp:825:7:825:13 | call to Base | PostUpdateNode should not be the target of local flow. |
@@ -97,7 +76,6 @@ postWithInFlow
 | misc.c:130:7:130:7 | i [post update] | PostUpdateNode should not be the target of local flow. |
 | misc.c:131:9:131:9 | i [post update] | PostUpdateNode should not be the target of local flow. |
 | misc.c:220:3:220:5 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
-| misc.c:220:4:220:5 | sp [inner post update] | PostUpdateNode should not be the target of local flow. |
 | static_init_templates.cpp:3:2:3:4 | ref [post update] | PostUpdateNode should not be the target of local flow. |
 | static_init_templates.cpp:21:2:21:4 | val [post update] | PostUpdateNode should not be the target of local flow. |
 | try_catch.cpp:7:8:7:8 | call to exception | PostUpdateNode should not be the target of local flow. |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/too_many_constants.cpp
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/too_many_constants.cpp
@@ -0,0 +1,42 @@
+struct S {
+  int a;
+  int b;
+  int c;
+  unsigned long *d;
+
+  union {
+    struct {
+      const char *e;
+      int f;
+      S *g;
+      const char *h;
+      int i;
+      bool j;
+      bool k;
+      const char *l;
+      char **m;
+    } n;
+
+    struct {
+      bool o;
+      bool p;
+    } q;
+  } r;
+};
+
+int too_many_constants_init(S *s);
+
+char *too_many_constants(const char *h, bool k, int i) {
+  const char *e = "";
+  char l[64] = "";
+  char *m;
+
+  S s[] = {
+      {.a = 0, .c = 0, .d = nullptr, .r = {.n = {.e = e, .f = 1, .g = nullptr, .h = h, .i = i, .j = false, .k = k, .l = l, .m = &m}}},
+      {.a = 0, .c = 0, .d = nullptr, .r = {.q = {.o = true, .p = true}}}
+  };
+
+  too_many_constants_init(s);
+
+  return m; // GOOD - initialized by too_many_constants_init
+}
--- a/csharp/actions/create-extractor-pack/action.yml
+++ b/csharp/actions/create-extractor-pack/action.yml
@@ -7,7 +7,7 @@ runs:
    - name: Setup dotnet
      uses: actions/setup-dotnet@v4
      with:
-        dotnet-version: 9.0.100
+        dotnet-version: 9.0.300
    - name: Build Extractor
      shell: bash
      run: scripts/create-extractor-pack.sh
--- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs
@@ -138,7 +138,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
        }

        // The version number should be kept in sync with the version .NET version used for building the application.
-        public const string LatestDotNetSdkVersion = "9.0.100";
+        public const string LatestDotNetSdkVersion = "9.0.300";

        /// <summary>
        /// Returns a script for downloading relevant versions of the
--- a/csharp/paket.main_extension.bzl
+++ b/csharp/paket.main_extension.bzl
@@ -2,8 +2,9 @@

 load(":paket.main.bzl", _main = "main")

-def _main_impl(_ctx):
+def _main_impl(module_ctx):
    _main()
+    return module_ctx.extension_metadata(reproducible = True)

 main_extension = module_extension(
    implementation = _main_impl,
--- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
@@ -1,3 +1,11 @@
+## 1.7.49
+
+No user-facing changes.
+
+## 1.7.48
+
+No user-facing changes.
+
 ## 1.7.47

 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.48.md
+++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.48.md
@@ -0,0 +1,3 @@
+## 1.7.48
+
+No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.49.md
+++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.49.md
@@ -0,0 +1,3 @@
+## 1.7.49
+
+No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.47
+lastReleaseVersion: 1.7.49
--- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.48-dev
+version: 1.7.49
 groups:
  - csharp
  - solorigate
--- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
@@ -1,3 +1,11 @@
+## 1.7.49
+
+No user-facing changes.
+
+## 1.7.48
+
+No user-facing changes.
+
 ## 1.7.47

 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.48.md
+++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.48.md
@@ -0,0 +1,3 @@
+## 1.7.48
+
+No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.49.md
+++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.49.md
@@ -0,0 +1,3 @@
+## 1.7.49
+
+No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.47
+lastReleaseVersion: 1.7.49
--- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.48-dev
+version: 1.7.49
 groups:
  - csharp
  - solorigate
--- a/csharp/ql/integration-tests/all-platforms/autobuild/global.json
+++ b/csharp/ql/integration-tests/all-platforms/autobuild/global.json
@@ -1,5 +1,5 @@
 {
    "sdk": {
-        "version": "9.0.100"
+        "version": "9.0.304"
    }
-}
+}
--- a/csharp/ql/integration-tests/all-platforms/binlog/global.json
+++ b/csharp/ql/integration-tests/all-platforms/binlog/global.json
@@ -1,5 +1,5 @@
 {
    "sdk": {
-        "version": "9.0.100"
+        "version": "9.0.304"
    }
 }
--- a/csharp/ql/integration-tests/all-platforms/binlog_multiple/global.json
+++ b/csharp/ql/integration-tests/all-platforms/binlog_multiple/global.json
@@ -1,5 +1,5 @@
 {
    "sdk": {
-        "version": "9.0.100"
+        "version": "9.0.304"
    }
 }
--- a/csharp/ql/integration-tests/all-platforms/blazor/BlazorTest/global.json
+++ b/csharp/ql/integration-tests/all-platforms/blazor/BlazorTest/global.json
@@ -1,5 +1,5 @@
 {
    "sdk": {
-        "version": "9.0.100"
+        "version": "9.0.304"
    }
-}
+}
--- a/csharp/ql/integration-tests/all-platforms/blazor/XSS.expected
+++ b/csharp/ql/integration-tests/all-platforms/blazor/XSS.expected
@@ -3,8 +3,8 @@
 | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | User-provided value |
 | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | User-provided value |
 edges
-| BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:569:16:577:13 | call to method TypeCheck<String> : String | provenance | Src:MaD:2 MaD:3 |
-| BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:569:16:577:13 | call to method TypeCheck<String> : String | BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | provenance | Sink:MaD:1 |
+| BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:553:16:561:13 | call to method TypeCheck<String> : String | provenance | Src:MaD:2 MaD:3 |
+| BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:553:16:561:13 | call to method TypeCheck<String> : String | BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | provenance | Sink:MaD:1 |
 models
 | 1 | Sink: Microsoft.AspNetCore.Components; MarkupString; false; MarkupString; (System.String); ; Argument[0]; html-injection; manual |
 | 2 | Source: Microsoft.AspNetCore.Components; SupplyParameterFromQueryAttribute; false; ; ; Attribute.Getter; ReturnValue; remote; manual |
@@ -14,5 +14,5 @@ nodes
 | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | semmle.label | access to property UrlParam |
 | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | semmle.label | access to property QueryParam |
 | BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | semmle.label | access to property QueryParam : String |
-| BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:569:16:577:13 | call to method TypeCheck<String> : String | semmle.label | call to method TypeCheck<String> : String |
+| BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:553:16:561:13 | call to method TypeCheck<String> : String | semmle.label | call to method TypeCheck<String> : String |
 subpaths
--- a/csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/global.json
+++ b/csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/global.json
@@ -1,5 +1,5 @@
 {
    "sdk": {
-        "version": "9.0.300"
+        "version": "9.0.304"
    }
-}
+}
--- a/csharp/ql/integration-tests/all-platforms/conditional_compilation/global.json
+++ b/csharp/ql/integration-tests/all-platforms/conditional_compilation/global.json
@@ -1,5 +1,5 @@
 {
    "sdk": {
-        "version": "9.0.100"
+        "version": "9.0.304"
    }
 }
--- a/csharp/ql/integration-tests/all-platforms/cshtml/global.json
+++ b/csharp/ql/integration-tests/all-platforms/cshtml/global.json
@@ -1,5 +1,5 @@
 {
    "sdk": {
-        "version": "9.0.100"
+        "version": "9.0.304"
    }
 }
--- a/csharp/ql/integration-tests/all-platforms/cshtml_standalone/global.json
+++ b/csharp/ql/integration-tests/all-platforms/cshtml_standalone/global.json
@@ -1,5 +1,5 @@
 {
    "sdk": {
-        "version": "9.0.100"
+        "version": "9.0.304"
    }
 }
--- a/csharp/ql/integration-tests/all-platforms/cshtml_standalone_disabled/global.json
+++ b/csharp/ql/integration-tests/all-platforms/cshtml_standalone_disabled/global.json
@@ -1,5 +1,5 @@
 {
    "sdk": {
-        "version": "9.0.100"
+        "version": "9.0.304"
    }
 }
--- a/csharp/ql/integration-tests/all-platforms/cshtml_standalone_flowsteps/global.json
+++ b/csharp/ql/integration-tests/all-platforms/cshtml_standalone_flowsteps/global.json
@@ -1,5 +1,5 @@
 {
    "sdk": {
-        "version": "9.0.100"
+        "version": "9.0.304"
    }
 }
--- a/csharp/ql/integration-tests/all-platforms/diag_dotnet_incompatible/global.json
+++ b/csharp/ql/integration-tests/all-platforms/diag_dotnet_incompatible/global.json
@@ -1,5 +1,5 @@
 {
    "sdk": {
-        "version": "9.0.100"
+        "version": "9.0.304"
    }
 }
--- a/csharp/ql/integration-tests/all-platforms/diag_missing_project_files/global.json
+++ b/csharp/ql/integration-tests/all-platforms/diag_missing_project_files/global.json
@@ -1,5 +1,5 @@
 {
    "sdk": {
-        "version": "9.0.100"
+        "version": "9.0.304"
    }
 }
--- a/csharp/ql/integration-tests/all-platforms/diag_missing_xamarin_sdk/global.json
+++ b/csharp/ql/integration-tests/all-platforms/diag_missing_xamarin_sdk/global.json
@@ -1,5 +1,5 @@
 {
    "sdk": {
-        "version": "9.0.100"
+        "version": "9.0.304"
    }
 }
--- a/csharp/ql/integration-tests/all-platforms/diag_recursive_generics/global.json
+++ b/csharp/ql/integration-tests/all-platforms/diag_recursive_generics/global.json
@@ -1,5 +1,5 @@
 {
    "sdk": {
-        "version": "9.0.100"
+        "version": "9.0.304"
    }
 }
--- a/csharp/ql/integration-tests/all-platforms/dotnet_build/global.json
+++ b/csharp/ql/integration-tests/all-platforms/dotnet_build/global.json
@@ -1,5 +1,5 @@
 {
    "sdk": {
-        "version": "9.0.100"
+        "version": "9.0.304"
    }
 }
--- a/csharp/ql/integration-tests/all-platforms/dotnet_no_args_inject/global.json
+++ b/csharp/ql/integration-tests/all-platforms/dotnet_no_args_inject/global.json
@@ -1,5 +1,5 @@
 {
    "sdk": {
-        "version": "9.0.100"
+        "version": "9.0.304"
    }
 }
--- a/csharp/ql/integration-tests/all-platforms/dotnet_pack/global.json
+++ b/csharp/ql/integration-tests/all-platforms/dotnet_pack/global.json
@@ -1,5 +1,5 @@
 {
    "sdk": {
-        "version": "9.0.100"
+        "version": "9.0.304"
    }
 }
--- a/csharp/ql/integration-tests/all-platforms/dotnet_publish/global.json
+++ b/csharp/ql/integration-tests/all-platforms/dotnet_publish/global.json
@@ -1,5 +1,5 @@
 {
    "sdk": {
-        "version": "9.0.100"
+        "version": "9.0.304"
    }
 }
--- a/csharp/ql/integration-tests/all-platforms/dotnet_run/global.json
+++ b/csharp/ql/integration-tests/all-platforms/dotnet_run/global.json
@@ -1,5 +1,5 @@
 {
    "sdk": {
-        "version": "9.0.100"
+        "version": "9.0.304"
    }
 }
--- a/csharp/ql/integration-tests/all-platforms/source_generator/global.json
+++ b/csharp/ql/integration-tests/all-platforms/source_generator/global.json
@@ -1,5 +1,5 @@
 {
    "sdk": {
-        "version": "9.0.100"
+        "version": "9.0.304"
    }
 }
--- a/csharp/ql/integration-tests/all-platforms/standalone/DatabaseQualityDiagnostics.expected
+++ b/csharp/ql/integration-tests/all-platforms/standalone/DatabaseQualityDiagnostics.expected
@@ -1,6 +1,6 @@
 diagnosticAttributes
-| Scanning C# code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code, among other reasons -- see other CodeQL diagnostics reported on the CodeQL status page for more details of possible causes. Addressing these warnings is advisable to avoid false-positive or missing results. If they cannot be addressed, consider scanning C# using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | visibilityCliSummaryTable | true |
-| Scanning C# code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code, among other reasons -- see other CodeQL diagnostics reported on the CodeQL status page for more details of possible causes. Addressing these warnings is advisable to avoid false-positive or missing results. If they cannot be addressed, consider scanning C# using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | visibilityStatusPage | true |
-| Scanning C# code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code, among other reasons -- see other CodeQL diagnostics reported on the CodeQL status page for more details of possible causes. Addressing these warnings is advisable to avoid false-positive or missing results. If they cannot be addressed, consider scanning C# using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | visibilityTelemetry | true |
+| Scanning C# code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code. Some metrics of the database quality are: Percentage of calls with call target: 25 % (threshold 85 %). Percentage of expressions with known type: 58 % (threshold 85 %). Ideally these metrics should be above their thresholds. Addressing these issues is advisable to avoid false-positives or missing results. If they cannot be addressed, consider scanning C# using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | visibilityCliSummaryTable | true |
+| Scanning C# code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code. Some metrics of the database quality are: Percentage of calls with call target: 25 % (threshold 85 %). Percentage of expressions with known type: 58 % (threshold 85 %). Ideally these metrics should be above their thresholds. Addressing these issues is advisable to avoid false-positives or missing results. If they cannot be addressed, consider scanning C# using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | visibilityStatusPage | true |
+| Scanning C# code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code. Some metrics of the database quality are: Percentage of calls with call target: 25 % (threshold 85 %). Percentage of expressions with known type: 58 % (threshold 85 %). Ideally these metrics should be above their thresholds. Addressing these issues is advisable to avoid false-positives or missing results. If they cannot be addressed, consider scanning C# using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | visibilityTelemetry | true |
 #select
-| Scanning C# code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code, among other reasons -- see other CodeQL diagnostics reported on the CodeQL status page for more details of possible causes. Addressing these warnings is advisable to avoid false-positive or missing results. If they cannot be addressed, consider scanning C# using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | Scanning C# code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code, among other reasons -- see other CodeQL diagnostics reported on the CodeQL status page for more details of possible causes. Addressing these warnings is advisable to avoid false-positive or missing results. If they cannot be addressed, consider scanning C# using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | 1 |
+| Scanning C# code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code. Some metrics of the database quality are: Percentage of calls with call target: 25 % (threshold 85 %). Percentage of expressions with known type: 58 % (threshold 85 %). Ideally these metrics should be above their thresholds. Addressing these issues is advisable to avoid false-positives or missing results. If they cannot be addressed, consider scanning C# using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | Scanning C# code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code. Some metrics of the database quality are: Percentage of calls with call target: 25 % (threshold 85 %). Percentage of expressions with known type: 58 % (threshold 85 %). Ideally these metrics should be above their thresholds. Addressing these issues is advisable to avoid false-positives or missing results. If they cannot be addressed, consider scanning C# using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | 1 |
--- a/csharp/ql/integration-tests/all-platforms/standalone/global.json
+++ b/csharp/ql/integration-tests/all-platforms/standalone/global.json
@@ -1,5 +1,5 @@
 {
    "sdk": {
-        "version": "9.0.100"
+        "version": "9.0.304"
    }
 }
--- a/csharp/ql/integration-tests/all-platforms/standalone_buildless_option/global.json
+++ b/csharp/ql/integration-tests/all-platforms/standalone_buildless_option/global.json
@@ -1,5 +1,5 @@
 {
    "sdk": {
-        "version": "9.0.100"
+        "version": "9.0.304"
    }
 }
--- a/csharp/ql/integration-tests/all-platforms/standalone_dependencies_net48/global.json
+++ b/csharp/ql/integration-tests/all-platforms/standalone_dependencies_net48/global.json
@@ -1,5 +1,5 @@
 {
  "sdk": {
-    "version": "9.0.100"
+    "version": "9.0.304"
  }
 }
--- a/csharp/ql/integration-tests/all-platforms/standalone_resx/global.json
+++ b/csharp/ql/integration-tests/all-platforms/standalone_resx/global.json
@@ -1,5 +1,5 @@
 {
    "sdk": {
-        "version": "9.0.100"
+        "version": "9.0.304"
    }
 }
--- a/csharp/ql/integration-tests/all-platforms/standalone_resx/test.py
+++ b/csharp/ql/integration-tests/all-platforms/standalone_resx/test.py
@@ -2,5 +2,9 @@ import os


 def test(codeql, csharp):
+    # Making sure the reachability test of `nuget.org` succeeds:
+    os.environ["CODEQL_EXTRACTOR_CSHARP_BUILDLESS_NUGET_FEEDS_CHECK_FALLBACK_TIMEOUT"] = "1000"
+    os.environ["CODEQL_EXTRACTOR_CSHARP_BUILDLESS_NUGET_FEEDS_CHECK_FALLBACK_LIMIT"] = "5"
+
    os.environ["CODEQL_EXTRACTOR_CSHARP_BUILDLESS_EXTRACT_RESOURCES"] = "true"
    codeql.database.create(build_mode="none")
--- a/csharp/ql/integration-tests/all-platforms/standalone_winforms/Assemblies.expected
+++ b/csharp/ql/integration-tests/all-platforms/standalone_winforms/Assemblies.expected
@@ -1,49 +1,49 @@
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/Accessibility.dll:0:0:0:0 | Accessibility, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/Microsoft.VisualBasic.Forms.dll:0:0:0:0 | Microsoft.VisualBasic.Forms, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/Microsoft.VisualBasic.dll:0:0:0:0 | Microsoft.VisualBasic, Version=10.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/Microsoft.Win32.Registry.AccessControl.dll:0:0:0:0 | Microsoft.Win32.Registry.AccessControl, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/Microsoft.Win32.SystemEvents.dll:0:0:0:0 | Microsoft.Win32.SystemEvents, Version=9.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51 |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/PresentationCore.dll:0:0:0:0 | PresentationCore, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/PresentationFramework.Aero2.dll:0:0:0:0 | PresentationFramework.Aero2, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/PresentationFramework.Aero.dll:0:0:0:0 | PresentationFramework.Aero, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/PresentationFramework.AeroLite.dll:0:0:0:0 | PresentationFramework.AeroLite, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/PresentationFramework.Classic.dll:0:0:0:0 | PresentationFramework.Classic, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/PresentationFramework.Luna.dll:0:0:0:0 | PresentationFramework.Luna, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/PresentationFramework.Royale.dll:0:0:0:0 | PresentationFramework.Royale, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/PresentationFramework.dll:0:0:0:0 | PresentationFramework, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/PresentationUI.dll:0:0:0:0 | PresentationUI, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/ReachFramework.dll:0:0:0:0 | ReachFramework, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/System.CodeDom.dll:0:0:0:0 | System.CodeDom, Version=9.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51 |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/System.Configuration.ConfigurationManager.dll:0:0:0:0 | System.Configuration.ConfigurationManager, Version=9.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51 |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/System.Design.dll:0:0:0:0 | System.Design, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/System.Diagnostics.EventLog.dll:0:0:0:0 | System.Diagnostics.EventLog, Version=9.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51 |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/System.Diagnostics.PerformanceCounter.dll:0:0:0:0 | System.Diagnostics.PerformanceCounter, Version=9.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51 |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/System.DirectoryServices.dll:0:0:0:0 | System.DirectoryServices, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/System.Drawing.Common.dll:0:0:0:0 | System.Drawing.Common, Version=9.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51 |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/System.Drawing.Design.dll:0:0:0:0 | System.Drawing.Design, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/System.Drawing.dll:0:0:0:0 | System.Drawing, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/System.Formats.Nrbf.dll:0:0:0:0 | System.Formats.Nrbf, Version=9.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51 |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/System.IO.Packaging.dll:0:0:0:0 | System.IO.Packaging, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/System.Printing.dll:0:0:0:0 | System.Printing, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/System.Private.Windows.Core.dll:0:0:0:0 | System.Private.Windows.Core, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/System.Resources.Extensions.dll:0:0:0:0 | System.Resources.Extensions, Version=9.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51 |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/System.Security.Cryptography.Pkcs.dll:0:0:0:0 | System.Security.Cryptography.Pkcs, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/System.Security.Cryptography.ProtectedData.dll:0:0:0:0 | System.Security.Cryptography.ProtectedData, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/System.Security.Cryptography.Xml.dll:0:0:0:0 | System.Security.Cryptography.Xml, Version=9.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51 |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/System.Security.Permissions.dll:0:0:0:0 | System.Security.Permissions, Version=9.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51 |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/System.Threading.AccessControl.dll:0:0:0:0 | System.Threading.AccessControl, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/System.Windows.Controls.Ribbon.dll:0:0:0:0 | System.Windows.Controls.Ribbon, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/System.Windows.Extensions.dll:0:0:0:0 | System.Windows.Extensions, Version=9.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51 |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/System.Windows.Forms.Design.Editors.dll:0:0:0:0 | System.Windows.Forms.Design.Editors, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/System.Windows.Forms.Design.dll:0:0:0:0 | System.Windows.Forms.Design, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/System.Windows.Forms.Primitives.dll:0:0:0:0 | System.Windows.Forms.Primitives, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/System.Windows.Forms.dll:0:0:0:0 | System.Windows.Forms, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/System.Windows.Input.Manipulations.dll:0:0:0:0 | System.Windows.Input.Manipulations, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/System.Windows.Presentation.dll:0:0:0:0 | System.Windows.Presentation, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/System.Xaml.dll:0:0:0:0 | System.Xaml, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/UIAutomationClient.dll:0:0:0:0 | UIAutomationClient, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/UIAutomationClientSideProviders.dll:0:0:0:0 | UIAutomationClientSideProviders, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/UIAutomationProvider.dll:0:0:0:0 | UIAutomationProvider, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/UIAutomationTypes.dll:0:0:0:0 | UIAutomationTypes, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/WindowsBase.dll:0:0:0:0 | WindowsBase, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 |
-| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.0/ref/net9.0/WindowsFormsIntegration.dll:0:0:0:0 | WindowsFormsIntegration, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/Accessibility.dll:0:0:0:0 | Accessibility, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/Microsoft.VisualBasic.Forms.dll:0:0:0:0 | Microsoft.VisualBasic.Forms, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/Microsoft.VisualBasic.dll:0:0:0:0 | Microsoft.VisualBasic, Version=10.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/Microsoft.Win32.Registry.AccessControl.dll:0:0:0:0 | Microsoft.Win32.Registry.AccessControl, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/Microsoft.Win32.SystemEvents.dll:0:0:0:0 | Microsoft.Win32.SystemEvents, Version=9.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51 |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/PresentationCore.dll:0:0:0:0 | PresentationCore, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/PresentationFramework.Aero2.dll:0:0:0:0 | PresentationFramework.Aero2, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/PresentationFramework.Aero.dll:0:0:0:0 | PresentationFramework.Aero, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/PresentationFramework.AeroLite.dll:0:0:0:0 | PresentationFramework.AeroLite, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/PresentationFramework.Classic.dll:0:0:0:0 | PresentationFramework.Classic, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/PresentationFramework.Luna.dll:0:0:0:0 | PresentationFramework.Luna, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/PresentationFramework.Royale.dll:0:0:0:0 | PresentationFramework.Royale, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/PresentationFramework.dll:0:0:0:0 | PresentationFramework, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/PresentationUI.dll:0:0:0:0 | PresentationUI, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/ReachFramework.dll:0:0:0:0 | ReachFramework, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/System.CodeDom.dll:0:0:0:0 | System.CodeDom, Version=9.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51 |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/System.Configuration.ConfigurationManager.dll:0:0:0:0 | System.Configuration.ConfigurationManager, Version=9.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51 |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/System.Design.dll:0:0:0:0 | System.Design, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/System.Diagnostics.EventLog.dll:0:0:0:0 | System.Diagnostics.EventLog, Version=9.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51 |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/System.Diagnostics.PerformanceCounter.dll:0:0:0:0 | System.Diagnostics.PerformanceCounter, Version=9.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51 |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/System.DirectoryServices.dll:0:0:0:0 | System.DirectoryServices, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/System.Drawing.Common.dll:0:0:0:0 | System.Drawing.Common, Version=9.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51 |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/System.Drawing.Design.dll:0:0:0:0 | System.Drawing.Design, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/System.Drawing.dll:0:0:0:0 | System.Drawing, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/System.Formats.Nrbf.dll:0:0:0:0 | System.Formats.Nrbf, Version=9.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51 |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/System.IO.Packaging.dll:0:0:0:0 | System.IO.Packaging, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/System.Printing.dll:0:0:0:0 | System.Printing, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/System.Private.Windows.Core.dll:0:0:0:0 | System.Private.Windows.Core, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/System.Resources.Extensions.dll:0:0:0:0 | System.Resources.Extensions, Version=9.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51 |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/System.Security.Cryptography.Pkcs.dll:0:0:0:0 | System.Security.Cryptography.Pkcs, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/System.Security.Cryptography.ProtectedData.dll:0:0:0:0 | System.Security.Cryptography.ProtectedData, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/System.Security.Cryptography.Xml.dll:0:0:0:0 | System.Security.Cryptography.Xml, Version=9.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51 |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/System.Security.Permissions.dll:0:0:0:0 | System.Security.Permissions, Version=9.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51 |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/System.Threading.AccessControl.dll:0:0:0:0 | System.Threading.AccessControl, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/System.Windows.Controls.Ribbon.dll:0:0:0:0 | System.Windows.Controls.Ribbon, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/System.Windows.Extensions.dll:0:0:0:0 | System.Windows.Extensions, Version=9.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51 |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/System.Windows.Forms.Design.Editors.dll:0:0:0:0 | System.Windows.Forms.Design.Editors, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/System.Windows.Forms.Design.dll:0:0:0:0 | System.Windows.Forms.Design, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/System.Windows.Forms.Primitives.dll:0:0:0:0 | System.Windows.Forms.Primitives, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/System.Windows.Forms.dll:0:0:0:0 | System.Windows.Forms, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/System.Windows.Input.Manipulations.dll:0:0:0:0 | System.Windows.Input.Manipulations, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/System.Windows.Presentation.dll:0:0:0:0 | System.Windows.Presentation, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/System.Xaml.dll:0:0:0:0 | System.Xaml, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/UIAutomationClient.dll:0:0:0:0 | UIAutomationClient, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/UIAutomationClientSideProviders.dll:0:0:0:0 | UIAutomationClientSideProviders, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/UIAutomationProvider.dll:0:0:0:0 | UIAutomationProvider, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/UIAutomationTypes.dll:0:0:0:0 | UIAutomationTypes, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/WindowsBase.dll:0:0:0:0 | WindowsBase, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 |
+| test-db/working/packages/microsoft.windowsdesktop.app.ref/9.0.8/ref/net9.0/WindowsFormsIntegration.dll:0:0:0:0 | WindowsFormsIntegration, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 |
--- a/Show More
+++ b/Show More
				`@@ -1 +0,0 @@`
				`\| permissive.cpp:6:3:6:3 \| call to f \| permissive.cpp:2:13:2:13 \| f \|`