WIP

C#: Adjust compiler argument integration test

.bazelrc

@@ -11,7 +11,8 @@ common --override_module=semmle_code=%workspace%/misc/bazel/semmle_code_stub
 build --repo_env=CC=clang --repo_env=CXX=clang++
 
 build:linux --cxxopt=-std=c++20
-build:macos --cxxopt=-std=c++20 --cpu=darwin_x86_64
+# we currently cannot built the swift extractor for ARM
+build:macos --cxxopt=-std=c++20 --copt=-arch --copt=x86_64 --linkopt=-arch --linkopt=x86_64
 build:windows --cxxopt=/std:c++20 --cxxopt=/Zc:preprocessor
 
 # this requires developer mode, but is required to have pack installer functioning
@@ -21,6 +22,4 @@ common --enable_runfiles
 common --registry=file:///%workspace%/misc/bazel/registry
 common --registry=https://bcr.bazel.build
 
-common --@rules_dotnet//dotnet/settings:strict_deps=false
-
 try-import %workspace%/local.bazelrc

.bazelrc.internal

@@ -2,5 +2,3 @@
 
 common --registry=file:///%workspace%/ql/misc/bazel/registry
 common --registry=https://bcr.bazel.build
-
-common --@rules_dotnet//dotnet/settings:strict_deps=false

.gitattributes

@@ -78,5 +78,3 @@ ruby/extractor/cargo-bazel-lock.json -merge
 csharp/paket.lock linguist-generated=true
 # needs eol=crlf, as `paket` touches this file and saves it als crlf
 csharp/.paket/Paket.Restore.targets linguist-generated=true eol=crlf
-csharp/paket.main.bzl linguist-generated=true
-csharp/paket.main_extension.bzl linguist-generated=true

.vscode/settings.json

@@ -1,5 +1,6 @@
 {
   "omnisharp.autoStart": false,
   "cmake.sourceDirectory": "${workspaceFolder}/swift",
-  "cmake.buildDirectory": "${workspaceFolder}/bazel-cmake-build"
+  "cmake.buildDirectory": "${workspaceFolder}/bazel-cmake-build",
+  "codeQL.githubDatabase.download": "never"
 }

BUILD.bazel

@@ -1 +0,0 @@
-exports_files(["LICENSE"])

MODULE.bazel

@@ -15,7 +15,7 @@ local_path_override(
 
 bazel_dep(name = "platforms", version = "0.0.9")
 bazel_dep(name = "rules_go", version = "0.47.0")
-bazel_dep(name = "rules_pkg", version = "0.10.1-codeql.1")
+bazel_dep(name = "rules_pkg", version = "0.10.1")
 bazel_dep(name = "rules_nodejs", version = "6.0.3")
 bazel_dep(name = "rules_python", version = "0.31.0")
 bazel_dep(name = "bazel_skylib", version = "1.5.0")
@@ -23,19 +23,9 @@ bazel_dep(name = "abseil-cpp", version = "20240116.0", repo_name = "absl")
 bazel_dep(name = "nlohmann_json", version = "3.11.3", repo_name = "json")
 bazel_dep(name = "fmt", version = "10.0.0")
 bazel_dep(name = "gazelle", version = "0.36.0")
-bazel_dep(name = "rules_dotnet", version = "0.15.1")
 
 bazel_dep(name = "buildifier_prebuilt", version = "6.4.0", dev_dependency = True)
 
-dotnet = use_extension("@rules_dotnet//dotnet:extensions.bzl", "dotnet")
-dotnet.toolchain(dotnet_version = "8.0.101")
-use_repo(dotnet, "dotnet_toolchains")
-
-register_toolchains("@dotnet_toolchains//:all")
-
-csharp_main_extension = use_extension("//csharp:paket.main_extension.bzl", "main_extension")
-use_repo(csharp_main_extension, "paket.main")
-
 pip = use_extension("@rules_python//python/extensions:pip.bzl", "pip")
 pip.parse(
     hub_name = "codegen_deps",

cpp/ql/lib/change-notes/2024-05-23-Version1.md

@@ -0,0 +1,4 @@
+---
+category: breaking
+---
+* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0.

cpp/ql/lib/experimental/buildless/ASTSig.qll

@@ -0,0 +1,88 @@
+import cpp
+
+/*
+    The syntax of a C++ program.
+*/
+signature module BuildlessASTSig
+{
+    class Node;
+    predicate nodeLocation(Node node, Location location);
+
+    // Parent/child relationship between AST nodes
+    predicate edge(Node parent, int index, Node child);
+
+    // Include graph
+    predicate userInclude(Node include, string path);
+    predicate systemInclude(Node include, string path);
+
+    // Namespaces
+    predicate namespace(Node ns);
+    predicate namespaceName(Node ns, string name);
+    predicate namespaceMember(Node ns, Node member);
+
+    // Functions
+    predicate function(Node fn);
+    predicate functionBody(Node fn, Node body);
+    predicate functionReturn(Node fn, Node returnType);
+    predicate functionName(Node fn, string name);
+    predicate functionParameter(Node fn, int i, Node parameterDecl);
+    predicate functionDefinition(Node fn);  // If a definition as opposed to a declaration
+
+    // Statements
+    predicate stmt(Node node);
+    predicate blockStmt(Node stmt);
+    predicate blockMember(Node stmt, int index, Node child);
+    predicate ifStmt(Node stmt, Node condition, Node thenBranch);
+    predicate ifStmt(Node tmt, Node condition, Node thenBranch, Node elseBranch);
+    predicate whileStmt(Node stmt, Node condition, Node body);
+    predicate doWhileStmt(Node stmt, Node condition, Node body);
+    predicate forStmt(Node stmt, Node init, Node condition, Node update, Node body);
+    predicate exprStmt(Node stmt, Node expr);
+    predicate returnStmt(Node stmt, Node expr);
+    predicate returnVoidStmt(Node stmt);
+    // etc
+
+    // Types
+    predicate type(Node type);
+    predicate ptrType(Node type, Node element);
+    predicate refType(Node type, Node element);
+    predicate constType(Node type, Node element);
+    predicate rvalueRefType(Node type, Node element);
+    predicate arrayType(Node type, Node element, Node size);
+    predicate arrayType(Node type, Node element);
+    predicate typename(Node node, string name);  // Any named type, including built-in types
+    predicate templated(Node node);
+    predicate typeDefinition(Node node);  // If a definition as opposed to a declaration
+
+    predicate classOrStructDefinition(Node node);
+    predicate classMember(Node classOrStruct, int child, Node member);
+
+    // Templates
+    predicate templateParameter(Node node, int i, Node parameter);
+    predicate typeParameter(Node templateParameter, Node type, Node parameter);
+    predicate typeParameterDefault(Node templateParameter, Node defaultTypeOrValue);
+
+    // Declarations
+    predicate variableDeclaration(Node decl);
+    predicate variableDeclarationType(Node decl, Node type);
+    predicate variableDeclarationEntry(Node decl, int index, Node entry);
+    predicate variableDeclarationEntryInitializer(Node entry, Node initializer);
+    predicate variableName(Node entry, string name);
+    predicate ptrEntry(Node entry, Node element);
+    predicate refEntry(Node entry, Node element);
+    predicate rvalueRefEntry(Node entry, Node element);
+    predicate arrayEntry(Node entry, Node element);  // ?? Size
+
+    // Expressions
+    predicate expression(Node node);
+    predicate prefixExpr(Node expr, string operator, Node operand);
+    predicate postfixExpr(Node expr, Node operand, string operator);
+    predicate binaryExpr(Node expr, Node lhs, string operator, Node rhs);
+    predicate castExpr(Node expr, Node type, Node operand);
+    predicate callExpr(Node call);
+    predicate callArgument(Node call, int i, Node arg);
+    predicate callReceiver(Node call, Node receiver);
+    predicate accessExpr(Node expr, string name);
+    predicate literal(Node expr, string value);
+    predicate stringLiteral(Node expr, string value);
+}

cpp/ql/lib/experimental/buildless/CompiledAST.qll

@@ -0,0 +1,304 @@
+import cpp
+import ASTSig
+
+module CompiledAST implements BuildlessASTSig {
+  private class SourceLocation extends Location {
+    SourceLocation() { not this.hasLocationInfo(_, 0, 0, 0, 0) }
+  }
+
+  private Type reachableType(Type type) {
+    result = type or
+    result = reachableType(type).stripTopLevelSpecifiers() or
+    result = reachableType(type).(PointerType).getBaseType() or
+    result = reachableType(type).(ReferenceType).getBaseType()
+  }
+
+  private class SourceDeclEntry extends DeclarationEntry {
+    SourceDeclEntry() {
+      not this.isAffectedByMacro() and
+      not this.isFromTemplateInstantiation(_) and
+      not this.isInMacroExpansion() and
+      not this.getDeclaration().isInMacroExpansion() and
+      this.getLocation() instanceof SourceLocation and
+      not this.(FunctionDeclarationEntry).getDeclaration().isCompilerGenerated()
+    }
+  }
+
+  private newtype TNode =
+    // TFunction(SourceLocation loc) { exists(Function f | f.getLocation() = loc) } or
+    TStatement(SourceLocation loc) { exists(Stmt s | s.getLocation() = loc) } or
+    TDeclaration(SourceDeclEntry decl) or
+    TExpression(SourceLocation loc) { exists(Expr e | e.getLocation() = loc) } or
+    TFunctionCallName(SourceLocation loc) { exists(FunctionCall c | c.getLocation() = loc) } or
+    TDeclarationType(SourceDeclEntry decl, Type type) { type = reachableType(decl.getType()) } or
+    TNamespaceDeclaration(NamespaceDeclarationEntry ns) { any() } or
+    TInclude(Include i)
+
+  class Node extends TNode {
+    string toString() { result = "node" }
+
+    SourceLocation getLocation() {
+      this = TStatement(result) or
+      result = this.getDeclaration().getLocation() or
+      this = TExpression(result) or
+      this = TFunctionCallName(result) or
+      result = this.getVariableDeclaration().getLocation() or
+      result = this.getNamespaceDeclaration().getLocation() or
+      result = this.getInclude().getLocation()
+    }
+
+    Include getInclude() { this = TInclude(result) }
+
+    Stmt getStmt() { this = TStatement(result.getLocation()) }
+
+    Function getFunction() {
+      result = this.getDeclaration().getDeclaration() and
+      not result.isFromTemplateInstantiation(_) and
+      not result.isCompilerGenerated()
+    }
+
+    SourceDeclEntry getDeclaration() { this = TDeclaration(result) }
+
+    NamespaceDeclarationEntry getNamespaceDeclaration() { this = TNamespaceDeclaration(result) }
+
+    Type getType() { this = TDeclarationType(_, result) }
+
+    SourceDeclEntry getVariableDeclaration() { this = TDeclarationType(result, _) }
+
+    Expr getExpr() { this = TExpression(result.getLocation()) }
+
+    FunctionCall getFunctionCallName() { this = TFunctionCallName(result.getLocation()) }
+  }
+
+  predicate nodeLocation(Node node, Location location) { location = node.getLocation() }
+
+  // Include graph
+  predicate userInclude(Node include, string path) {
+    exists(string head | head = include.getInclude().getHead() |
+      path = head.substring(1, head.length() - 1) and head.charAt(0) = "\""
+    )
+  }
+
+  predicate systemInclude(Node include, string path) {
+    exists(string head | head = include.getInclude().getHead() |
+      path = head.substring(1, head.length() - 1) and head.charAt(0) = "<"
+    )
+  }
+
+  // Functions
+  predicate function(Node fn) { exists(fn.getFunction()) }
+
+  predicate functionBody(Node fn, Node body) { body.getStmt() = fn.getFunction().getBlock() }
+
+  predicate functionReturn(Node fn, Node returnType) {
+    returnType.getVariableDeclaration() = fn.getDeclaration() and
+    fn.getDeclaration().(FunctionDeclarationEntry).getDeclaration().getType() = returnType.getType()
+  }
+
+  predicate functionName(Node fn, string name) { name = fn.getFunction().getName() }
+
+  predicate functionParameter(Node fn, int i, Node parameterDecl) {
+    functionParameter0(fn, i, parameterDecl) and
+    not exists(Node param2 | functionParameter0(fn, i, param2) |
+      param2.getLocation().getStartLine() < parameterDecl.getLocation().getStartLine()
+    )
+  }
+
+  pragma[nomagic]
+  private predicate functionParameter0(Node fn, int i, Node parameterDecl) {
+    fn.getFunction().getParameter(i).getADeclarationEntry() = parameterDecl.getDeclaration() and
+    fn.getLocation().getFile() = parameterDecl.getLocation().getFile() and
+    fn.getLocation().getStartLine() <= parameterDecl.getLocation().getStartLine()
+  }
+
+  // Statements
+  predicate stmt(Node node) { exists(node.getStmt()) }
+
+  predicate blockStmt(Node stmt) { stmt.getStmt() instanceof BlockStmt }
+
+  predicate blockMember(Node stmt, int index, Node child) {
+    child.getStmt() = stmt.getStmt().(BlockStmt).getChild(index)
+  }
+
+  predicate ifStmt(Node stmt, Node condition, Node thenBranch) { none() }
+
+  predicate ifStmt(Node tmt, Node condition, Node thenBranch, Node elseBranch) { none() }
+
+  predicate whileStmt(Node stmt, Node condition, Node body) { none() }
+
+  predicate doWhileStmt(Node stmt, Node condition, Node body) { none() }
+
+  predicate forStmt(Node stmt, Node init, Node condition, Node update, Node body) { none() }
+
+  predicate exprStmt(Node stmt, Node expr) { none() }
+
+  predicate returnStmt(Node stmt, Node expr) { none() }
+
+  predicate returnVoidStmt(Node stmt) { none() }
+
+  // etc
+  // Types
+  predicate ptrType(Node node, Node element) {
+    exists(PointerType type, SourceDeclEntry e |
+      node = TDeclarationType(e, type) and
+      element = TDeclarationType(e, type.getBaseType())
+    )
+  }
+
+  predicate refType(Node node, Node element) {
+    exists(ReferenceType type, SourceDeclEntry e |
+      node = TDeclarationType(e, type) and
+      element = TDeclarationType(e, type.getBaseType())
+    )
+  }
+
+  predicate rvalueRefType(Node type, Node element) { none() }
+
+  predicate arrayType(Node type, Node element, Node size) { none() }
+
+  predicate arrayType(Node type, Node element) { none() }
+
+  predicate typename(Node node, string name) {
+    exists(Class c | c = node.getDeclaration().getDeclaration() |
+      not c.isAnonymous() and c.getName() = name
+    )
+    or
+    name = node.getType().getName()
+  }
+
+  predicate templated(Node node) { none() }
+
+  predicate classOrStructDefinition(Node node) {
+    node.getDeclaration().getDeclaration() instanceof Class
+  }
+
+  predicate classMember(Node classOrStruct, int child, Node member) {
+    classOrStruct.getDeclaration().getDeclaration().(Class).getAMember() =
+      member.getDeclaration().getDeclaration() and
+    child = 0 and
+    classOrStruct.getLocation().getFile() = member.getLocation().getFile() // TODO: Disambiguate
+    // and not member.getDeclaration().getDeclaration() instanceof FriendDecl
+  }
+
+  // Templates
+  predicate templateParameter(Node node, int i, Node parameter) { none() }
+
+  predicate typeParameter(Node templateParameter, Node type, Node parameter) { none() }
+
+  predicate typeParameterDefault(Node templateParameter, Node defaultTypeOrValue) { none() }
+
+  // Declarations
+  predicate variableDeclaration(Node decl) {
+    decl.getDeclaration() instanceof VariableDeclarationEntry
+  }
+
+  pragma[nomagic]
+  private predicate variableDeclarationType2(Node decl, Node type) {
+    decl.getDeclaration() = type.getVariableDeclaration()
+  }
+
+  predicate variableDeclarationType(Node decl, Node type) {
+    variableDeclarationType2(decl, type) and
+    type.getType() = decl.getDeclaration().getType()
+  }
+
+  predicate variableDeclarationEntry(Node decl, int index, Node entry) { none() }
+
+  predicate variableDeclarationEntryInitializer(Node entry, Node initializer) { none() }
+
+  predicate variableName(Node decl, string name) {
+    decl.getDeclaration().(VariableDeclarationEntry).getName() = name
+  }
+
+  predicate ptrEntry(Node entry, Node element) { none() }
+
+  predicate refEntry(Node entry, Node element) { none() }
+
+  predicate rvalueRefEntry(Node entry, Node element) { none() }
+
+  predicate arrayEntry(Node entry, Node element) { none() }
+
+  // Expressions
+  predicate expression(Node node) { exists(node.getExpr()) or exists(node.getFunctionCallName()) }
+
+  predicate prefixExpr(Node expr, string operator, Node operand) { none() }
+
+  predicate postfixExpr(Node expr, Node operand, string operator) { none() }
+
+  predicate binaryExpr(Node expr, Node lhs, string operator, Node rhs) { none() }
+
+  predicate castExpr(Node expr, Node type, Node operand) { none() }
+
+  predicate callExpr(Node call) { call.getExpr() instanceof Call }
+
+  predicate callArgument(Node call, int i, Node arg) {
+    arg.getExpr() = call.getExpr().(Call).getArgument(i)
+  }
+
+  predicate callReceiver(Node call, Node receiver) {
+    receiver.getFunctionCallName() = call.getExpr()
+  }
+
+  predicate accessExpr(Node expr, string name) {
+    expr.getExpr().(VariableAccess).getTarget().getName() = name or
+    expr.getFunctionCallName().getTarget().getName() = name
+  }
+
+  predicate literal(Node expr, string value) { expr.getExpr().(Literal).toString() = value }
+
+  predicate stringLiteral(Node expr, string value) {
+    expr.getExpr().(StringLiteral).getValue() = value
+  }
+
+  predicate type(Node node) { node = TDeclarationType(_, _) }
+
+  predicate constType(Node node, Node element) {
+    exists(SpecifiedType type, SourceDeclEntry e |
+      node = TDeclarationType(e, type) and
+      element = TDeclarationType(e, type.getBaseType()) and
+      type.isConst()
+    )
+  }
+
+  predicate namespace(Node ns) { exists(ns.getNamespaceDeclaration()) }
+
+  predicate namespaceName(Node ns, string name) {
+    ns.getNamespaceDeclaration().getNamespace().getName() = name
+  }
+
+  pragma[nomagic]
+  private predicate namespaceNamespace(Node ns, Node child) {
+    ns.getNamespaceDeclaration().getNamespace().getAChildNamespace() =
+      child.getNamespaceDeclaration().getNamespace() and
+    ns.getLocation().getFile() = child.getLocation().getFile()
+  }
+
+  pragma[nomagic]
+  private predicate namespaceDecl(Node ns, Node child) {
+    child.getDeclaration().getDeclaration() =
+      ns.getNamespaceDeclaration().getNamespace().getADeclaration() and
+    ns.getLocation().getFile() = child.getLocation().getFile() and
+    ns.getLocation().getStartLine() <= child.getLocation().getStartLine()
+  }
+
+  predicate namespaceMember(Node ns, Node member) {
+    namespaceNamespace(ns, member) or
+    namespaceDecl(ns, member)
+  }
+
+  predicate edge(Node parent, int index, Node child) {
+    namespaceMember(parent, child) and index = 0
+    or
+    classMember(parent, index, child)
+    or
+    blockMember(parent, index, child)
+  }
+
+  predicate typeDefinition(Node node) {
+    node.getDeclaration().(TypeDeclarationEntry).isDefinition()
+  }
+
+  predicate functionDefinition(Node fn) {
+    fn.getDeclaration().(FunctionDeclarationEntry).isDefinition()
+  }
+}

cpp/ql/lib/experimental/buildless/Model.qll

@@ -0,0 +1,282 @@
+import AST
+
+module BuildlessModel<BuildlessASTSig Sig> {
+  module AST = BuildlessAST<Sig>;
+
+  private string getQualifiedName(AST::SourceNamespace ns) {
+    not exists(AST::SourceNamespace p | ns = p.getAChild()) and result = ns.getName()
+    or
+    exists(AST::SourceNamespace p | ns = p.getAChild() and ns != p |
+      result = getQualifiedName(p) + "::" + ns.getName()
+    )
+  }
+
+  private newtype TElement =
+    TNamespace(string fqn) { fqn = getQualifiedName(_) } or
+    TASTNode(AST::SourceElement node) { any() }
+
+    /*
+      Any compile-time concept that can be named.
+    */
+  class Entity extends string
+  {
+    bindingset[this] Entity() { any() }
+  }
+
+  /*
+    An entity that contains named members.
+  */
+  class Scope extends Entity
+  {
+    bindingset[this] Scope() { any() }
+
+    Member getAMember() { result = this.getAMember(_) }
+
+    abstract Member getAMember(string name);
+  }
+
+  /*
+    An entity that is a member of a scope.
+  */
+  class Member extends Entity
+  {
+    bindingset[this] Member() { any() }
+
+    abstract string getName();
+    abstract Scope getParent();
+  }
+
+  class Namespace2 extends Member, Scope
+  {
+    AST::SourceNamespace ns;
+
+    Namespace2() { this = "::" + getQualifiedName(ns) }
+
+    AST::SourceNamespace getAstNode() { result = ns }
+
+    override Namespace2 getParent() { result.getAstNode() = ns.getParent() }
+
+    override string getName() { result = ns.getName() }
+
+    override Member getAMember(string name) {
+      result = this.getMemberNamespace(name)
+      // !! Types
+    }
+
+    Namespace2 getMemberNamespace(string name) {
+      result.getParent() = this and result.getName() = name
+    }
+
+  }
+
+  class Type extends Member, Scope {
+    Type() { exists(SourceTypeDeclaration t | t.getMangledName() = this) }
+
+    AST::SourceType getAstNode() { result = this.getADeclaration().getSourceNode() }
+
+    // string toString() { result = "i am a type" }
+    override string getName() { result = this.getADeclaration().getName() }
+
+    Location getLocation() { result = this.getADefinition().getLocation() }
+
+    SourceTypeDeclaration getADeclaration() { result.getMangledName() = this }
+
+    SourceTypeDefinition getADefinition() { result.getMangledName() = this }
+
+    override Member getAMember(string name)
+    {
+      result = getMemberType(name)
+    }
+
+    Type getMemberType(string name)
+    {
+      none()
+    }
+
+    Namespace2 getParentNamespace() {
+      result.getAstNode() = this.getADeclaration().getParentNamespace()
+    }
+
+    Type getParentType() { result.getADeclaration() = this.getADeclaration().getParentType() }
+
+    override Scope getParent() { result = this.getParentNamespace() or result = this.getParentType() }
+
+    string getFullyQualifiedName() { result = this.getADeclaration().getFullyQualifiedName() }
+
+    Field getAField() { result.getParentType() = this }
+  }
+
+  private Type lookupNameInType(Type type, string name)
+  {
+    // Is the name a member of this type?
+
+    // Is the name in the same scope as the type?
+
+    // Is the name in global scope?
+
+    // TODO!
+    none()
+  }
+
+  class Field extends string {
+    Type containingType;
+    SourceTypeDefinition containingTypeDef;
+    AST::SourceVariableDeclaration fieldDef;
+
+    Field() {
+      containingType.getADefinition() = containingTypeDef and
+      fieldDef = containingTypeDef.getAField() and
+      this = containingTypeDef.getMangledName() + "::" + fieldDef.getName()
+    }
+
+    Location getLocation() { result = fieldDef.getLocation() }
+
+    Type getParentType() { result = containingType }
+
+    string getName() { result = fieldDef.getName() }
+
+    // TODO: The type of the field
+
+  }
+
+  class Element extends TElement {
+    string toString() { result = "element" }
+  }
+
+  class Namespace extends Element, TNamespace {
+    string getFullyQualifiedName() { this = TNamespace(result) }
+
+    override string toString() { result = "namespace " + this.getFullyQualifiedName() }
+
+    NamespaceDeclaration getADeclaration() { result.getNamespace() = this }
+  }
+
+  class SourceElement extends Element, TASTNode {
+    AST::SourceElement node;
+
+    SourceElement() { this = TASTNode(node) }
+
+    Location getLocation() { result = node.getLocation() }
+
+    AST::SourceElement getSourceNode() { result = node }
+  }
+
+  class SourceDeclaration extends SourceElement, TASTNode {
+    abstract SourceDeclaration getParent();
+
+    abstract string getName();
+
+    abstract string getMangledName();
+
+    abstract predicate isDefinition();
+  }
+
+  abstract class SourceDefinition extends SourceDeclaration { }
+
+  class NamespaceDeclaration extends SourceDeclaration {
+    AST::SourceNamespace ns;
+
+    NamespaceDeclaration() { ns = node }
+
+    override string getName() { result = ns.getName() }
+
+    Namespace getNamespace() { result.getFullyQualifiedName() = this.getFullyQualifiedName() }
+
+    override string toString() { result = "namespace " + this.getName() + " { ... }" }
+
+    override NamespaceDeclaration getParent() { result.getSourceNode() = node.getParent() }
+
+    string getFullyQualifiedName() {
+      if exists(this.getParent())
+      then result = this.getParent().getFullyQualifiedName() + "::" + this.getName()
+      else result = this.getName()
+    }
+
+    override string getMangledName() { result = "::" + this.getFullyQualifiedName() }
+
+    override predicate isDefinition() { any() }
+  }
+
+  class SourceTypeDeclaration extends SourceDeclaration {
+    AST::SourceTypeDefinition def;
+
+    SourceTypeDeclaration() { def = node }
+
+    override Location getLocation() { result = def.getLocation() }
+
+    override string toString() { result = "typename " + def.getName() }
+
+    string getFullyQualifiedName() {
+      if exists(this.getParentNamespace())
+      then result = this.getParentNamespace().getFullyQualifiedName() + "::" + this.getName()
+      else
+        if exists(this.getParentType())
+        then result = this.getParentType() + "::" + this.getName()
+        else result = this.getName()
+    }
+
+    NamespaceDeclaration getParentNamespace() { result.getSourceNode() = def.getParent() }
+
+    SourceTypeDeclaration getParentType() { result.getSourceNode() = def.getParent() }
+
+    override SourceDeclaration getParent() {
+      result = this.getParentNamespace() or result = this.getParentType()
+    }
+
+    override string getName() { result = def.getName() }
+
+    // Mangled name
+    override string getMangledName() {
+      if exists(this.getParent())
+      then result = this.getParent().getMangledName() + "::" + this.getName()
+      else result = "::" + this.getName()
+    }
+
+    override predicate isDefinition() { def.isDefinition() }
+
+    AST::SourceVariableDeclaration getAField() {
+      result = def.getAMember()
+    }
+  }
+
+  class SourceTypeDefinition extends SourceTypeDeclaration, SourceDefinition {
+    SourceTypeDefinition() { this.isDefinition() }
+  }
+
+  class SourceFunctionDeclaration extends SourceDeclaration {
+    AST::SourceFunction fn;
+
+    SourceFunctionDeclaration() { fn = node }
+
+    SourceTypeDeclaration getParentType() { result.getSourceNode() = fn.getParent() }
+
+    NamespaceDeclaration getParentNamespace() { result.getSourceNode() = fn.getParent() }
+
+    override SourceDeclaration getParent() {
+      result = this.getParentType() or result = this.getParentNamespace()
+    }
+
+    override string toString() { result = fn.getName() + "()" }
+
+    override Location getLocation() { result = fn.getLocation() }
+
+    override string getName() { result = fn.getName() }
+
+    override string getMangledName() {
+      if exists(this.getParent())
+      then result = this.getParent().getMangledName() + "::" + this.getName() + "()"
+      else result = "::" + this.getName() + "()"
+    }
+
+    override predicate isDefinition() { fn.isDefinition() }
+  }
+
+  class SourceFunctionDefinition extends SourceFunctionDeclaration, SourceDefinition {
+    SourceFunctionDefinition() { this.isDefinition() }
+  }
+
+  predicate invalidParent(SourceDeclaration decl) { decl.getParent+() = decl }
+}
+
+// For debugging in context
+module TestModel = BuildlessModel<CompiledAST>;

cpp/ql/lib/experimental/buildless/TODO.md

@@ -0,0 +1,46 @@
+Next:
+- [x] Namespaces
+- [ ] Unnamed class/struct/union and name mangling
+- [ ] Linker awareness is creating duplicates
+
+
+
+- Resolve the type of a local variable
+
+
+- [ ] Parent scopes - where are things declared
+    Parent class
+    Parent namespace
+    Parent function (for variable declarations and parameters)
+    Parent block (for blocks and statements)
+
+
+
+- [ ] Return type nodes
+- [ ] Construction of types
+- [ ] Construction of functions
+- [ ] Construction of Variables
+
+
+
+
+Names:
+- [x] Identify all function names
+- [x] Identify all parameter names
+- [x] Identify all variable declaration names
+- [x] Identify variable accesses
+
+Types:
+- [x] Locate user type definitions and typedefs
+- [x] Get the type of the parameter
+- [ ] Assign types to variable accesses
+
+Calls:
+- [x] Identify function call expressions
+- [x] Identify the "target" of a call in a trivial case.
+
+Overloads:
+
+Types:
+- [ ] Identify return types
+- [x] Identify parameter types and other declarations

cpp/ql/lib/experimental/buildless/ast.qll

@@ -0,0 +1,196 @@
+import CompiledAST
+import ASTSig
+
+module BuildlessAST<BuildlessASTSig AST> {
+  final class Node = AST::Node;
+
+  // Any node in the abstract syntax tree
+  class SourceElement extends Node {
+    Location getLocation() { AST::nodeLocation(this, result) }
+
+    string toString() { result = "element" }
+
+    SourceElement getParent() { AST::edge(result, _, this) }
+
+    SourceElement getChild(int i) { AST::edge(this, i, result) }
+
+    SourceElement getAChild() { result = this.getChild(_) }
+  }
+
+  bindingset[path]
+  private File getAnIncludeTarget(string path) {
+    exists(string p | p = result.toString() | path = p.suffix(p.length() - path.length()))
+  }
+
+  class Include extends SourceElement {
+    string path;
+
+    Include() { AST::userInclude(this, path) or AST::systemInclude(this, path) }
+
+    File getATarget() {
+      result = getAnIncludeTarget(path)
+      or
+      path.prefix(3) = "../" and result = getAnIncludeTarget(path.suffix(3))
+      or
+      path.prefix(2) = "./" and result = getAnIncludeTarget(path.suffix(2))
+    }
+
+    predicate isSystemInclude() { AST::systemInclude(this, _) }
+
+    predicate isUserInclude() { AST::userInclude(this, _) }
+
+    override string toString() {
+      this.isSystemInclude() and result = "#include <" + path + ">"
+      or
+      this.isUserInclude() and result = "#include \"" + path + "\""
+    }
+  }
+
+  abstract class SourceScope extends SourceElement { }
+
+  class SourceNamespace extends SourceScope, SourceDeclaration {
+    SourceNamespace() { AST::namespace(this) }
+
+    override string getName() { AST::namespaceName(this, result) }
+
+    override string toString() { result = "namespace " + this.getName() }
+  }
+
+  // Any syntax node that is a declaration
+  abstract class SourceDeclaration extends SourceElement {
+    abstract string getName();
+  }
+
+  // A syntax node that declares or defines a function
+  class SourceFunction extends SourceDeclaration {
+    SourceFunction() { AST::function(this) }
+
+    override string getName() { AST::functionName(this, result) }
+
+    override string toString() { result = this.getName() }
+
+    BlockStmt getBody() { AST::functionBody(this, result) }
+
+    SourceParameter getParameter(int i) { AST::functionParameter(this, i, result) }
+
+    SourceType getReturnType() { AST::functionReturn(this, result) }
+
+    predicate isDefinition() { AST::functionDefinition(this) }
+  }
+
+  // A syntax node that declares a variable (including fields and parameters)
+  class SourceVariableDeclaration extends SourceDeclaration {
+    SourceVariableDeclaration() { AST::variableDeclaration(this) }
+
+    override string getName() { AST::variableName(this, result) }
+
+    override string toString() { result = this.getName() }
+
+    SourceType getType() { AST::variableDeclarationType(this, result) }
+  }
+
+  // A syntax node that declares a parameter
+  class SourceParameter extends SourceVariableDeclaration {
+    SourceFunction fn;
+    int index;
+
+    SourceParameter() { AST::functionParameter(fn, index, this) }
+  }
+
+  class Stmt extends SourceElement {
+    Stmt() { AST::stmt(this) }
+
+    override string toString() { result = "stmt" }
+  }
+
+  class BlockStmt extends Stmt {
+    BlockStmt() { AST::blockStmt(this) }
+
+    override string toString() { result = "{ ... }" }
+  }
+
+  class Expr extends SourceElement {
+    Expr() { AST::expression(this) }
+  }
+
+  class AccessExpr extends Expr {
+    string identifier;
+
+    AccessExpr() { AST::accessExpr(this, identifier) }
+
+    string getName() { result = identifier }
+
+    override string toString() { result = this.getName() }
+  }
+
+  class CallExpr extends Expr {
+    CallExpr() { AST::callExpr(this) }
+
+    Expr getReceiver() { AST::callReceiver(this, result) }
+
+    Expr getArgument(int i) { AST::callArgument(this, i, result) }
+
+    override string toString() { result = "...(...)" }
+  }
+
+  class Literal extends Expr {
+    string value;
+
+    Literal() { AST::literal(this, value) }
+
+    override string toString() { result = value }
+
+    string getValue() { result = value }
+  }
+
+  class StringLiteral extends Literal {
+    StringLiteral() { AST::stringLiteral(this, _) }
+  }
+
+  abstract class SourceDefinition extends SourceDeclaration { }
+
+  class SourceTypeDefinition extends SourceDefinition {
+    SourceTypeDefinition() { AST::classOrStructDefinition(this) }
+
+    override string getName() { AST::typename(this, result) }
+
+    override string toString() { result = this.getName() }
+
+    SourceElement getAMember() { AST::classMember(this, _, result) }
+
+    predicate isDefinition() { AST::typeDefinition(this) }
+  }
+
+  // A node that contains a type of some kind
+  class SourceType extends SourceElement {
+    SourceType() { AST::type(this) }
+
+    override string toString() { AST::typename(this, result) }
+  }
+
+  class SourcePointer extends SourceType {
+    SourceType pointee;
+
+    SourcePointer() { AST::ptrType(this, pointee) }
+
+    SourceType getType() { result = pointee }
+  }
+
+  class SourceConst extends SourceType {
+    SourceType type;
+
+    SourceConst() { AST::constType(this, type) }
+
+    SourceType getType() { result = type }
+  }
+
+  class SourceReference extends SourceType {
+    SourceType type;
+
+    SourceReference() { AST::refType(this, type) }
+
+    SourceType getType() { result = type }
+  }
+}
+
+module TestAST = BuildlessAST<CompiledAST>;

cpp/ql/lib/experimental/buildless/checks.ql

@@ -0,0 +1,3 @@
+import Model
+
+select 1

cpp/ql/lib/experimental/buildless/identifiers.qll

@@ -0,0 +1,31 @@
+import ast_sig
+import ast
+import compiled_ast // For debugging in context
+
+module BuildlessIdentifiers<BuildlessASTSig A> {
+  module AST = Buildless<A>;
+
+  string getQualifiedName(AST::SourceNamespace ns) {
+    not exists(AST::SourceNamespace p | ns = p.getAChild()) and result = ns.getName()
+    or
+    exists(AST::SourceNamespace p | ns = p.getAChild() and ns !=p|
+      result = getQualifiedName(p) + "::" + ns.getName()
+    )
+  }
+
+  predicate namespace(string ns) {
+    ns = ["", getQualifiedName(_)]
+  }
+
+  // What are the identifiers in scope at a given point in the program?
+  // Give a potential object that the identifier refers to
+  AST::SourceDeclaration nameLookup(AST::SourceScope scope) {
+    result = scope
+    or
+    result = scope.(AST::SourceNamespace).getAChild()
+    or
+    result = scope.(AST::SourceTypeDefinition).getAMember()
+  }
+}
+
+module TestIdentifiers = BuildlessIdentifiers<CompiledAST>;

cpp/ql/lib/experimental/buildless/test_ast.ql

@@ -0,0 +1,26 @@
+import AST
+import types
+
+query TestAST::SourceFunction lua_copy() { result.getName() = "lua_copy" }
+
+query int lua_copy_count() { result = count(lua_copy()) }
+
+query predicate variables(TestAST::SourceVariableDeclaration decl, TestAST::SourceType sourceType) {
+  sourceType = decl.getType()
+}
+
+query predicate naiveCallTargets(TestAST::CallExpr call, TestAST::SourceFunction target) {
+  call.getReceiver().(TestAST::AccessExpr).getName() = target.getName() and
+  target.getName() = "max"
+}
+
+query predicate fnParents(TestAST::SourceFunction fn, TestAST::SourceNamespace parent) {
+  parent = fn.getParent()
+}
+
+query predicate includes(TestAST::Include include, File target) { target = include.getATarget() }
+
+query predicate unresolvedIncludes(TestAST::Include include) { not exists(include.getATarget()) }
+
+from TestAST::SourceFunction fn
+select fn, fn.getReturnType(), count(fn.getReturnType()), fn.getReturnType().getAQlClass()

cpp/ql/lib/experimental/buildless/test_model.ql

@@ -0,0 +1,13 @@
+import Model
+
+query predicate multipleDefinitions(TestModel::Type type, TestModel::SourceTypeDefinition def1, TestModel::SourceTypeDefinition def2)
+{
+    def1 = type.getADefinition() and
+    def2 = type.getADefinition() and 
+    def1.getLocation() != def2.getLocation() and
+    def1 != def2
+}
+
+from TestModel::SourceDeclaration decl
+where decl.getParent+()=decl
+select decl, "This has an invalid parent $@", decl.getParent()

cpp/ql/lib/experimental/buildless/test_types.ql

@@ -0,0 +1,34 @@
+import types
+
+query predicate constPointers(TestAST::SourceType t, TestAST::SourceConst c, TestAST::SourcePointer p)
+{
+    p.getType() = c and 
+    t = c.getType()
+}
+
+query predicate constRefs(TestAST::SourceType t, TestAST::SourceConst c, TestAST::SourceReference p)
+{
+    p.getType() = c and 
+    t = c.getType()
+}
+
+query predicate nestedNamespaces(TestAST::SourceNamespace parent, TestAST::SourceNamespace child)
+{
+    child = parent.getAChild()
+}
+
+query predicate recursiveNamespace(TestAST::SourceNamespace ns, TestAST::SourceNamespace descendents)
+{
+    ns = ns.getAChild+() and
+    descendents = ns.getAChild+()
+}
+
+query predicate usertypes(TestAST::SourceNamespace ns, TestAST::SourceTypeDefinition td)
+{
+    td = ns.getAChild()
+}
+
+// Let's try to resolve the type of a local variable
+
+from TestTypes::Type t
+select t

cpp/ql/lib/experimental/buildless/types.qll

@@ -0,0 +1,34 @@
+import AST
+
+module BuildlessTypes<BuildlessASTSig Sig> {
+  module AST = BuildlessAST<Sig>;
+
+  private newtype TType =
+    TBuiltinType(string name) { name = ["int", "char"] }
+    or
+    TUserType(string fqn) { exists(AST::SourceTypeDefinition d | d.getName() = fqn) }
+    //or
+    //TPointerType(Type type) { exists(A::SourcePointer p | p.getType() = type) }
+    //or
+    //TConstType(Type type) { exists(A::SourceConst c | c.getType() = type) }
+
+  class Type extends TType {
+    string toString() { result = this.getName() }
+
+    abstract string getName();
+    Location getLocation() { none() }
+  }
+
+  class BuiltinType extends Type, TBuiltinType {
+    override string getName() { this = TBuiltinType(result) }
+  }
+
+  class UserType extends Type, TUserType
+  {
+    override string getName() { this = TUserType(result) }
+
+    override Location getLocation() { exists(AST::SourceTypeDefinition d | this.getName() = d.getName() | result = d.getLocation()) }
+  }
+}
+
+module TestTypes = BuildlessTypes<CompiledAST>;

cpp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.13.2-dev
+version: 1.0.0-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll

@@ -565,7 +565,7 @@ class IRGuardCondition extends Instruction {
   /** Holds if (determined by this guard) `op == k` evaluates to `areEqual` if this expression evaluates to `value`. */
   cached
   predicate comparesEq(Operand op, int k, boolean areEqual, AbstractValue value) {
-    compares_eq(this, op, k, areEqual, value)
+    unary_compares_eq(this, op, k, areEqual, false, value)
   }
 
   /**
@@ -586,7 +586,7 @@ class IRGuardCondition extends Instruction {
   cached
   predicate ensuresEq(Operand op, int k, IRBlock block, boolean areEqual) {
     exists(AbstractValue value |
-      compares_eq(this, op, k, areEqual, value) and this.valueControls(block, value)
+      unary_compares_eq(this, op, k, areEqual, false, value) and this.valueControls(block, value)
     )
   }
 
@@ -611,7 +611,7 @@ class IRGuardCondition extends Instruction {
   cached
   predicate ensuresEqEdge(Operand op, int k, IRBlock pred, IRBlock succ, boolean areEqual) {
     exists(AbstractValue value |
-      compares_eq(this, op, k, areEqual, value) and
+      unary_compares_eq(this, op, k, areEqual, false, value) and
       this.valueControlsEdge(pred, succ, value)
     )
   }
@@ -737,26 +737,66 @@ private predicate compares_eq(
   )
 }
 
-/** Holds if `op == k` is `areEqual` given that `test` is equal to `value`. */
-private predicate compares_eq(
-  Instruction test, Operand op, int k, boolean areEqual, AbstractValue value
+/**
+ * Holds if `op == k` is `areEqual` given that `test` is equal to `value`.
+ *
+ * Many internal predicates in this file have a `inNonZeroCase` column.
+ * Ideally, the `k` column would be a type such as `Option<int>::Option`, to
+ * represent whether we have a concrete value `k` such that `op == k`, or whether
+ * we only know that `op != 0`.
+ * However, cannot instantiate `Option` with an infinite type. Thus the boolean
+ * `inNonZeroCase` is used to distinquish the `Some` (where we have a concrete
+ * value `k`) and `None` cases (where we only know that `op != 0`).
+ *
+ * Thus, if `inNonZeroCase = true` then `op != 0` and the value of `k` is
+ * meaningless.
+ *
+ * To see why `inNonZeroCase` is needed consider the following C program:
+ * ```c
+ * char* p = ...;
+ * if(p) {
+ *   use(p);
+ * }
+ * ```
+ * in C++ there would be an int-to-bool conversion on `p`. However, since C
+ * does not have booleans there is no conversion. We want to be able to
+ * conclude that `p` is non-zero in the true branch, so we need to give `k`
+ * some value. However, simply setting `k = 1` would make the rest of the
+ * analysis think that `k == 1` holds inside the branch. So we distinquish
+ * between the above case and
+ * ```c
+ * if(p == 1) {
+ *   use(p)
+ * }
+ * ```
+ * by setting `inNonZeroCase` to `true` in the former case, but not in the
+ * latter.
+ */
+private predicate unary_compares_eq(
+  Instruction test, Operand op, int k, boolean areEqual, boolean inNonZeroCase, AbstractValue value
 ) {
   /* The simple case where the test *is* the comparison so areEqual = testIsTrue xor eq. */
-  exists(AbstractValue v | simple_comparison_eq(test, op, k, v) |
+  exists(AbstractValue v | unary_simple_comparison_eq(test, op, k, inNonZeroCase, v) |
     areEqual = true and value = v
     or
     areEqual = false and value = v.getDualValue()
   )
   or
-  complex_eq(test, op, k, areEqual, value)
+  unary_complex_eq(test, op, k, areEqual, inNonZeroCase, value)
   or
   /* (x is true => (op == k)) => (!x is false => (op == k)) */
-  exists(AbstractValue dual | value = dual.getDualValue() |
-    compares_eq(test.(LogicalNotInstruction).getUnary(), op, k, areEqual, dual)
+  exists(AbstractValue dual, boolean inNonZeroCase0 |
+    value = dual.getDualValue() and
+    unary_compares_eq(test.(LogicalNotInstruction).getUnary(), op, k, inNonZeroCase0, areEqual, dual)
+  |
+    k = 0 and inNonZeroCase = inNonZeroCase0
+    or
+    k != 0 and inNonZeroCase = true
   )
   or
   // ((test is `areEqual` => op == const + k2) and const == `k1`) =>
   // test is `areEqual` => op == k1 + k2
+  inNonZeroCase = false and
   exists(int k1, int k2, ConstantInstruction const |
     compares_eq(test, op, const.getAUse(), k2, areEqual, value) and
     int_value(const) = k1 and
@@ -781,35 +821,53 @@ private predicate simple_comparison_eq(
   value.(BooleanValue).getValue() = false
 }
 
-/** Rearrange various simple comparisons into `op == k` form. */
-private predicate simple_comparison_eq(Instruction test, Operand op, int k, AbstractValue value) {
+/**
+ * Holds if `test` is an instruction that is part of test that eventually is
+ * used in a conditional branch.
+ */
+private predicate relevantUnaryComparison(Instruction test) {
+  not test instanceof CompareInstruction and
+  exists(IRType type, ConditionalBranchInstruction branch |
+    type instanceof IRAddressType or type instanceof IRIntegerType
+  |
+    type = test.getResultIRType() and
+    branch.getCondition() = test
+  )
+  or
+  exists(LogicalNotInstruction logicalNot |
+    relevantUnaryComparison(logicalNot) and
+    test = logicalNot.getUnary()
+  )
+}
+
+/**
+ * Rearrange various simple comparisons into `op == k` form.
+ */
+private predicate unary_simple_comparison_eq(
+  Instruction test, Operand op, int k, boolean inNonZeroCase, AbstractValue value
+) {
   exists(SwitchInstruction switch, CaseEdge case |
     test = switch.getExpression() and
     op.getDef() = test and
     case = value.(MatchValue).getCase() and
     exists(switch.getSuccessor(case)) and
-    case.getValue().toInt() = k
+    case.getValue().toInt() = k and
+    inNonZeroCase = false
   )
   or
   // There's no implicit CompareInstruction in files compiled as C since C
   // doesn't have implicit boolean conversions. So instead we check whether
   // there's a branch on a value of pointer or integer type.
-  exists(ConditionalBranchInstruction branch, IRType type |
-    not test instanceof CompareInstruction and
-    type = test.getResultIRType() and
-    (type instanceof IRAddressType or type instanceof IRIntegerType) and
-    test = branch.getCondition() and
-    op.getDef() = test
-  |
-    // We'd like to also include a case such as:
-    // ```
-    // k = 1 and
-    // value.(BooleanValue).getValue() = true
-    // ```
-    // but all we know is that the value is non-zero in the true branch.
-    // So we can only conclude something in the false branch.
+  relevantUnaryComparison(test) and
+  op.getDef() = test and
+  (
+    k = 1 and
+    value.(BooleanValue).getValue() = true and
+    inNonZeroCase = true
+    or
     k = 0 and
-    value.(BooleanValue).getValue() = false
+    value.(BooleanValue).getValue() = false and
+    inNonZeroCase = false
   )
 }
 
@@ -821,12 +879,12 @@ private predicate complex_eq(
   add_eq(cmp, left, right, k, areEqual, value)
 }
 
-private predicate complex_eq(
-  Instruction test, Operand op, int k, boolean areEqual, AbstractValue value
+private predicate unary_complex_eq(
+  Instruction test, Operand op, int k, boolean areEqual, boolean inNonZeroCase, AbstractValue value
 ) {
-  sub_eq(test, op, k, areEqual, value)
+  unary_sub_eq(test, op, k, areEqual, inNonZeroCase, value)
   or
-  add_eq(test, op, k, areEqual, value)
+  unary_add_eq(test, op, k, areEqual, inNonZeroCase, value)
 }
 
 /*
@@ -1090,16 +1148,20 @@ private predicate sub_eq(
 }
 
 // op - x == c => op == (c+x)
-private predicate sub_eq(Instruction test, Operand op, int k, boolean areEqual, AbstractValue value) {
+private predicate unary_sub_eq(
+  Instruction test, Operand op, int k, boolean areEqual, boolean inNonZeroCase, AbstractValue value
+) {
+  inNonZeroCase = false and
   exists(SubInstruction sub, int c, int x |
-    compares_eq(test, sub.getAUse(), c, areEqual, value) and
+    unary_compares_eq(test, sub.getAUse(), c, areEqual, inNonZeroCase, value) and
     op = sub.getLeftOperand() and
     x = int_value(sub.getRight()) and
     k = c + x
   )
   or
+  inNonZeroCase = false and
   exists(PointerSubInstruction sub, int c, int x |
-    compares_eq(test, sub.getAUse(), c, areEqual, value) and
+    unary_compares_eq(test, sub.getAUse(), c, areEqual, inNonZeroCase, value) and
     op = sub.getLeftOperand() and
     x = int_value(sub.getRight()) and
     k = c + x
@@ -1153,11 +1215,13 @@ private predicate add_eq(
 }
 
 // left + x == right + c => left == right + (c-x)
-private predicate add_eq(
-  Instruction test, Operand left, int k, boolean areEqual, AbstractValue value
+private predicate unary_add_eq(
+  Instruction test, Operand left, int k, boolean areEqual, boolean inNonZeroCase,
+  AbstractValue value
 ) {
+  inNonZeroCase = false and
   exists(AddInstruction lhs, int c, int x |
-    compares_eq(test, lhs.getAUse(), c, areEqual, value) and
+    unary_compares_eq(test, lhs.getAUse(), c, areEqual, inNonZeroCase, value) and
     (
       left = lhs.getLeftOperand() and x = int_value(lhs.getRight())
       or
@@ -1166,8 +1230,9 @@ private predicate add_eq(
     k = c - x
   )
   or
+  inNonZeroCase = false and
   exists(PointerAddInstruction lhs, int c, int x |
-    compares_eq(test, lhs.getAUse(), c, areEqual, value) and
+    unary_compares_eq(test, lhs.getAUse(), c, areEqual, inNonZeroCase, value) and
     (
       left = lhs.getLeftOperand() and x = int_value(lhs.getRight())
       or

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/ProductFlow.qll

@@ -546,7 +546,7 @@ module ProductFlow {
       Flow1::PathGraph::edges(pred1, succ1, _, _) and
       exists(ReturnKindExt returnKind |
         succ1.getNode() = returnKind.getAnOutNode(call) and
-        pred1.getNode().(ReturnNodeExt).getKind() = returnKind
+        paramReturnNode(_, pred1.asParameterReturnNode(), _, returnKind)
       )
     }
 
@@ -574,7 +574,7 @@ module ProductFlow {
       Flow2::PathGraph::edges(pred2, succ2, _, _) and
       exists(ReturnKindExt returnKind |
         succ2.getNode() = returnKind.getAnOutNode(call) and
-        pred2.getNode().(ReturnNodeExt).getKind() = returnKind
+        paramReturnNode(_, pred2.asParameterReturnNode(), _, returnKind)
       )
     }
 

cpp/ql/src/Likely Bugs/Memory Management/AllocaInLoop.ql

@@ -37,6 +37,19 @@ class AllocaCall extends FunctionCall {
   }
 }
 
+/**
+ * Gets an expression associated with a dataflow node.
+ */
+private Expr getExpr(DataFlow::Node node) {
+  result = node.asInstruction().getAst()
+  or
+  result = node.asOperand().getUse().getAst()
+  or
+  result = node.(DataFlow::RawIndirectInstruction).getInstruction().getAst()
+  or
+  result = node.(DataFlow::RawIndirectOperand).getOperand().getUse().getAst()
+}
+
 /**
  * A loop that contains an `alloca` call.
  */
@@ -185,19 +198,6 @@ class LoopWithAlloca extends Stmt {
     not this.conditionReachesWithoutUpdate(var, this.(Loop).getCondition())
   }
 
-  /**
-   * Gets an expression associated with a dataflow node.
-   */
-  private Expr getExpr(DataFlow::Node node) {
-    result = node.asInstruction().getAst()
-    or
-    result = node.asOperand().getUse().getAst()
-    or
-    result = node.(DataFlow::RawIndirectInstruction).getInstruction().getAst()
-    or
-    result = node.(DataFlow::RawIndirectOperand).getOperand().getUse().getAst()
-  }
-
   /**
    * Gets a definition that may be the most recent definition of the
    * controlling variable `var` before this loop.
@@ -210,7 +210,7 @@ class LoopWithAlloca extends Stmt {
       // Phi nodes will be preceded by nodes that represent actual definitions
       not result instanceof DataFlow::SsaPhiNode and
       // A source is outside the loop if it's not inside the loop
-      not exists(Expr e | e = this.getExpr(result) | this = getAnEnclosingLoopOfExpr(e))
+      not exists(Expr e | e = getExpr(result) | this = getAnEnclosingLoopOfExpr(e))
     )
   }
 
@@ -221,9 +221,9 @@ class LoopWithAlloca extends Stmt {
   private int getAControllingVarInitialValue(Variable var, DataFlow::Node source) {
     source = this.getAPrecedingDef(var) and
     (
-      result = this.getExpr(source).getValue().toInt()
+      result = getExpr(source).getValue().toInt()
       or
-      result = this.getExpr(source).(Assignment).getRValue().getValue().toInt()
+      result = getExpr(source).(Assignment).getRValue().getValue().toInt()
     )
   }
 

cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.qll

@@ -107,7 +107,7 @@ class SnprintfSizeExpr extends BufferAccess, FunctionCall {
 }
 
 class MemcmpSizeExpr extends BufferAccess, FunctionCall {
-  MemcmpSizeExpr() { this.getTarget().hasName("Memcmp") }
+  MemcmpSizeExpr() { this.getTarget().hasName("memcmp") }
 
   override Expr getPointer() {
     result = this.getArgument(0) or

cpp/ql/src/Security/CWE/CWE-416/UseOfUniquePointerAfterLifetimeEnds.ql

@@ -30,6 +30,8 @@ where
   outlivesFullExpr(c) and
   not c.isFromUninstantiatedTemplate(_) and
   isUniquePointerDerefFunction(c.getTarget()) and
+  // Exclude cases where the pointer is implicitly converted to a non-pointer type
+  not c.getActualType() instanceof IntegralType and
   isTemporary(c.getQualifier().getFullyConverted())
 select c,
   "The underlying unique pointer object is destroyed after the call to '" + c.getTarget() +

cpp/ql/src/change-notes/2024-05-22-use-of-unique-pointer-after-lifetime-ends-fp.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The "Use of unique pointer after lifetime ends" query (`cpp/use-of-unique-pointer-after-lifetime-ends`) no longer reports an alert when the pointer is converted to a boolean

cpp/ql/src/change-notes/2024-05-23-Version1.md

@@ -0,0 +1,4 @@
+---
+category: breaking
+---
+* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0.

cpp/ql/src/experimental/Likely Bugs/DerefNullResult.cpp

@@ -0,0 +1,23 @@
+char * create (int arg) {
+    if (arg > 42) {
+        // this function may return NULL
+        return NULL;
+    }
+    char * r = malloc(arg);
+    snprintf(r, arg -1, "Hello");
+    return r;
+}
+
+void process(char *str) {
+    // str is dereferenced
+    if (str[0] == 'H') {
+        printf("Hello H\n");
+    }
+}
+
+void test(int arg) {
+    // first function returns a pointer that may be NULL
+    char *str = create(arg);
+    // str is not checked for nullness before being passed to process function
+    process(str);
+}

cpp/ql/src/experimental/Likely Bugs/DerefNullResult.qhelp

@@ -0,0 +1,26 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+
+<overview>
+<p>This rule finds a dereference of a function parameter, whose value comes from another function call that may return NULL, without checks in the meantime.</p>
+</overview>
+
+<recommendation>
+<p>A check should be added between the return of the function which may return NULL, and its use by the function dereferencing ths pointer.</p>
+</recommendation>
+
+<example>
+<sample src="DerefNullResult.cpp" />
+</example>
+
+<references>
+<li>
+  <a href="https://www.owasp.org/index.php/Null_Dereference">
+    Null Dereference
+  </a> 
+</li>
+</references>
+
+</qhelp>

cpp/ql/src/experimental/Likely Bugs/DerefNullResult.ql

@@ -0,0 +1,34 @@
+/**
+ * @name Null dereference from a function result
+ * @description A function parameter is dereferenced,
+ *              while it comes from a function that may return NULL,
+ *              and is not checked for nullness by the caller.
+ * @kind problem
+ * @id cpp/deref-null-result
+ * @problem.severity recommendation
+ * @tags reliability
+ *       security
+ *       external/cwe/cwe-476
+ */
+
+import cpp
+import semmle.code.cpp.dataflow.new.DataFlow
+
+from Function nuller, Parameter pd, FunctionCall fc, Variable v
+where
+  mayReturnNull(nuller) and
+  functionDereferences(pd.getFunction(), pd.getIndex()) and
+  // there is a function call which will deref parameter pd
+  fc.getTarget() = pd.getFunction() and
+  // the parameter pd comes from a variable v
+  DataFlow::localFlow(DataFlow::exprNode(v.getAnAccess()),
+    DataFlow::exprNode(fc.getArgument(pd.getIndex()))) and
+  // this variable v was assigned by a call to the nuller function
+  unique( | | v.getAnAssignedValue()) = nuller.getACallToThisFunction() and
+  // this variable v is not accessed for an operation (check for NULLness)
+  not exists(VariableAccess vc |
+    vc.getTarget() = v and
+    (vc.getParent() instanceof Operation or vc.getParent() instanceof IfStmt)
+  )
+select fc, "This function call may deref $@ when it can be NULL from $@", v, v.getName(), nuller,
+  nuller.getName()

cpp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.9.13-dev
+version: 1.0.0-dev
 groups:
   - cpp
   - queries

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected

@@ -1,55 +1,55 @@
 edges
-| test.cpp:34:10:34:12 | buf | test.cpp:34:5:34:24 | access to array | provenance |  |
-| test.cpp:35:10:35:12 | buf | test.cpp:35:5:35:22 | access to array | provenance |  |
-| test.cpp:36:10:36:12 | buf | test.cpp:36:5:36:24 | access to array | provenance |  |
-| test.cpp:39:14:39:16 | buf | test.cpp:39:9:39:19 | access to array | provenance |  |
-| test.cpp:43:14:43:16 | buf | test.cpp:43:9:43:19 | access to array | provenance |  |
-| test.cpp:48:10:48:12 | buf | test.cpp:48:5:48:24 | access to array | provenance |  |
-| test.cpp:49:10:49:12 | buf | test.cpp:49:5:49:22 | access to array | provenance |  |
-| test.cpp:50:10:50:12 | buf | test.cpp:50:5:50:24 | access to array | provenance |  |
-| test.cpp:53:14:53:16 | buf | test.cpp:53:9:53:19 | access to array | provenance |  |
-| test.cpp:57:14:57:16 | buf | test.cpp:57:9:57:19 | access to array | provenance |  |
-| test.cpp:61:14:61:16 | buf | test.cpp:61:9:61:19 | access to array | provenance |  |
-| test.cpp:70:33:70:33 | p | test.cpp:71:5:71:17 | access to array | provenance |  |
-| test.cpp:70:33:70:33 | p | test.cpp:72:5:72:15 | access to array | provenance |  |
+| test.cpp:34:10:34:12 | buf | test.cpp:34:5:34:24 | access to array | provenance | Config |
+| test.cpp:35:10:35:12 | buf | test.cpp:35:5:35:22 | access to array | provenance | Config |
+| test.cpp:36:10:36:12 | buf | test.cpp:36:5:36:24 | access to array | provenance | Config |
+| test.cpp:39:14:39:16 | buf | test.cpp:39:9:39:19 | access to array | provenance | Config |
+| test.cpp:43:14:43:16 | buf | test.cpp:43:9:43:19 | access to array | provenance | Config |
+| test.cpp:48:10:48:12 | buf | test.cpp:48:5:48:24 | access to array | provenance | Config |
+| test.cpp:49:10:49:12 | buf | test.cpp:49:5:49:22 | access to array | provenance | Config |
+| test.cpp:50:10:50:12 | buf | test.cpp:50:5:50:24 | access to array | provenance | Config |
+| test.cpp:53:14:53:16 | buf | test.cpp:53:9:53:19 | access to array | provenance | Config |
+| test.cpp:57:14:57:16 | buf | test.cpp:57:9:57:19 | access to array | provenance | Config |
+| test.cpp:61:14:61:16 | buf | test.cpp:61:9:61:19 | access to array | provenance | Config |
+| test.cpp:70:33:70:33 | p | test.cpp:71:5:71:17 | access to array | provenance | Config |
+| test.cpp:70:33:70:33 | p | test.cpp:72:5:72:15 | access to array | provenance | Config |
 | test.cpp:76:26:76:46 | & ... | test.cpp:66:32:66:32 | p | provenance |  |
-| test.cpp:76:32:76:34 | buf | test.cpp:76:26:76:46 | & ... | provenance |  |
+| test.cpp:76:32:76:34 | buf | test.cpp:76:26:76:46 | & ... | provenance | Config |
 | test.cpp:77:26:77:44 | & ... | test.cpp:66:32:66:32 | p | provenance |  |
-| test.cpp:77:32:77:34 | buf | test.cpp:77:26:77:44 | & ... | provenance |  |
+| test.cpp:77:32:77:34 | buf | test.cpp:77:26:77:44 | & ... | provenance | Config |
 | test.cpp:79:27:79:34 | buf | test.cpp:70:33:70:33 | p | provenance |  |
 | test.cpp:79:32:79:34 | buf | test.cpp:79:27:79:34 | buf | provenance |  |
-| test.cpp:85:21:85:36 | buf | test.cpp:87:5:87:31 | access to array | provenance |  |
-| test.cpp:85:21:85:36 | buf | test.cpp:88:5:88:27 | access to array | provenance |  |
+| test.cpp:85:21:85:36 | buf | test.cpp:87:5:87:31 | access to array | provenance | Config |
+| test.cpp:85:21:85:36 | buf | test.cpp:88:5:88:27 | access to array | provenance | Config |
 | test.cpp:85:34:85:36 | buf | test.cpp:85:21:85:36 | buf | provenance |  |
-| test.cpp:96:13:96:15 | arr | test.cpp:96:13:96:18 | access to array | provenance |  |
-| test.cpp:111:17:111:19 | arr | test.cpp:111:17:111:22 | access to array | provenance |  |
-| test.cpp:111:17:111:19 | arr | test.cpp:115:35:115:40 | access to array | provenance |  |
-| test.cpp:111:17:111:19 | arr | test.cpp:119:17:119:22 | access to array | provenance |  |
-| test.cpp:115:35:115:37 | arr | test.cpp:111:17:111:22 | access to array | provenance |  |
-| test.cpp:115:35:115:37 | arr | test.cpp:115:35:115:40 | access to array | provenance |  |
-| test.cpp:115:35:115:37 | arr | test.cpp:119:17:119:22 | access to array | provenance |  |
-| test.cpp:119:17:119:19 | arr | test.cpp:111:17:111:22 | access to array | provenance |  |
-| test.cpp:119:17:119:19 | arr | test.cpp:115:35:115:40 | access to array | provenance |  |
-| test.cpp:119:17:119:19 | arr | test.cpp:119:17:119:22 | access to array | provenance |  |
-| test.cpp:128:9:128:11 | arr | test.cpp:128:9:128:14 | access to array | provenance |  |
-| test.cpp:134:25:134:27 | arr | test.cpp:136:9:136:16 | ... += ... | provenance |  |
+| test.cpp:96:13:96:15 | arr | test.cpp:96:13:96:18 | access to array | provenance | Config |
+| test.cpp:111:17:111:19 | arr | test.cpp:111:17:111:22 | access to array | provenance | Config |
+| test.cpp:111:17:111:19 | arr | test.cpp:115:35:115:40 | access to array | provenance | Config |
+| test.cpp:111:17:111:19 | arr | test.cpp:119:17:119:22 | access to array | provenance | Config |
+| test.cpp:115:35:115:37 | arr | test.cpp:111:17:111:22 | access to array | provenance | Config |
+| test.cpp:115:35:115:37 | arr | test.cpp:115:35:115:40 | access to array | provenance | Config |
+| test.cpp:115:35:115:37 | arr | test.cpp:119:17:119:22 | access to array | provenance | Config |
+| test.cpp:119:17:119:19 | arr | test.cpp:111:17:111:22 | access to array | provenance | Config |
+| test.cpp:119:17:119:19 | arr | test.cpp:115:35:115:40 | access to array | provenance | Config |
+| test.cpp:119:17:119:19 | arr | test.cpp:119:17:119:22 | access to array | provenance | Config |
+| test.cpp:128:9:128:11 | arr | test.cpp:128:9:128:14 | access to array | provenance | Config |
+| test.cpp:134:25:134:27 | arr | test.cpp:136:9:136:16 | ... += ... | provenance | Config |
 | test.cpp:136:9:136:16 | ... += ... | test.cpp:136:9:136:16 | ... += ... | provenance |  |
 | test.cpp:136:9:136:16 | ... += ... | test.cpp:138:13:138:15 | arr | provenance |  |
 | test.cpp:143:18:143:21 | asdf | test.cpp:134:25:134:27 | arr | provenance |  |
 | test.cpp:143:18:143:21 | asdf | test.cpp:143:18:143:21 | asdf | provenance |  |
 | test.cpp:146:26:146:26 | *p | test.cpp:147:4:147:9 | -- ... | provenance |  |
-| test.cpp:156:12:156:14 | buf | test.cpp:156:12:156:18 | ... + ... | provenance |  |
+| test.cpp:156:12:156:14 | buf | test.cpp:156:12:156:18 | ... + ... | provenance | Config |
 | test.cpp:156:12:156:18 | ... + ... | test.cpp:156:12:156:18 | ... + ... | provenance |  |
 | test.cpp:156:12:156:18 | ... + ... | test.cpp:158:17:158:18 | *& ... | provenance |  |
 | test.cpp:158:17:158:18 | *& ... | test.cpp:146:26:146:26 | *p | provenance |  |
-| test.cpp:218:16:218:28 | buffer | test.cpp:220:5:220:11 | access to array | provenance |  |
-| test.cpp:218:16:218:28 | buffer | test.cpp:221:5:221:11 | access to array | provenance |  |
+| test.cpp:218:16:218:28 | buffer | test.cpp:220:5:220:11 | access to array | provenance | Config |
+| test.cpp:218:16:218:28 | buffer | test.cpp:221:5:221:11 | access to array | provenance | Config |
 | test.cpp:218:23:218:28 | buffer | test.cpp:218:16:218:28 | buffer | provenance |  |
-| test.cpp:229:17:229:29 | array | test.cpp:231:5:231:10 | access to array | provenance |  |
-| test.cpp:229:17:229:29 | array | test.cpp:232:5:232:10 | access to array | provenance |  |
+| test.cpp:229:17:229:29 | array | test.cpp:231:5:231:10 | access to array | provenance | Config |
+| test.cpp:229:17:229:29 | array | test.cpp:232:5:232:10 | access to array | provenance | Config |
 | test.cpp:229:25:229:29 | array | test.cpp:229:17:229:29 | array | provenance |  |
-| test.cpp:245:30:245:30 | p | test.cpp:261:27:261:30 | access to array | provenance |  |
-| test.cpp:245:30:245:30 | p | test.cpp:261:27:261:30 | access to array | provenance |  |
+| test.cpp:245:30:245:30 | p | test.cpp:261:27:261:30 | access to array | provenance | Config |
+| test.cpp:245:30:245:30 | p | test.cpp:261:27:261:30 | access to array | provenance | Config |
 | test.cpp:274:14:274:20 | buffer3 | test.cpp:245:30:245:30 | p | provenance |  |
 | test.cpp:274:14:274:20 | buffer3 | test.cpp:274:14:274:20 | buffer3 | provenance |  |
 | test.cpp:277:35:277:35 | p | test.cpp:278:14:278:14 | p | provenance |  |
@@ -60,21 +60,21 @@ edges
 | test.cpp:286:19:286:25 | buffer2 | test.cpp:286:19:286:25 | buffer2 | provenance |  |
 | test.cpp:289:19:289:25 | buffer3 | test.cpp:277:35:277:35 | p | provenance |  |
 | test.cpp:289:19:289:25 | buffer3 | test.cpp:289:19:289:25 | buffer3 | provenance |  |
-| test.cpp:292:25:292:27 | arr | test.cpp:299:16:299:21 | access to array | provenance |  |
-| test.cpp:292:25:292:27 | arr | test.cpp:299:16:299:21 | access to array | provenance |  |
+| test.cpp:292:25:292:27 | arr | test.cpp:299:16:299:21 | access to array | provenance | Config |
+| test.cpp:292:25:292:27 | arr | test.cpp:299:16:299:21 | access to array | provenance | Config |
 | test.cpp:306:20:306:23 | arr1 | test.cpp:292:25:292:27 | arr | provenance |  |
 | test.cpp:306:20:306:23 | arr1 | test.cpp:306:20:306:23 | arr1 | provenance |  |
 | test.cpp:309:20:309:23 | arr2 | test.cpp:292:25:292:27 | arr | provenance |  |
 | test.cpp:309:20:309:23 | arr2 | test.cpp:309:20:309:23 | arr2 | provenance |  |
 | test.cpp:319:13:319:27 | ... = ... | test.cpp:325:24:325:26 | end | provenance |  |
-| test.cpp:319:19:319:22 | temp | test.cpp:319:19:319:27 | ... + ... | provenance |  |
-| test.cpp:319:19:319:22 | temp | test.cpp:324:23:324:32 | ... + ... | provenance |  |
+| test.cpp:319:19:319:22 | temp | test.cpp:319:19:319:27 | ... + ... | provenance | Config |
+| test.cpp:319:19:319:22 | temp | test.cpp:324:23:324:32 | ... + ... | provenance | Config |
 | test.cpp:319:19:319:27 | ... + ... | test.cpp:319:13:319:27 | ... = ... | provenance |  |
 | test.cpp:322:13:322:27 | ... = ... | test.cpp:325:24:325:26 | end | provenance |  |
-| test.cpp:322:19:322:22 | temp | test.cpp:322:19:322:27 | ... + ... | provenance |  |
-| test.cpp:322:19:322:22 | temp | test.cpp:324:23:324:32 | ... + ... | provenance |  |
+| test.cpp:322:19:322:22 | temp | test.cpp:322:19:322:27 | ... + ... | provenance | Config |
+| test.cpp:322:19:322:22 | temp | test.cpp:324:23:324:32 | ... + ... | provenance | Config |
 | test.cpp:322:19:322:27 | ... + ... | test.cpp:322:13:322:27 | ... = ... | provenance |  |
-| test.cpp:324:23:324:26 | temp | test.cpp:324:23:324:32 | ... + ... | provenance |  |
+| test.cpp:324:23:324:26 | temp | test.cpp:324:23:324:32 | ... + ... | provenance | Config |
 | test.cpp:324:23:324:32 | ... + ... | test.cpp:324:23:324:32 | ... + ... | provenance |  |
 | test.cpp:324:23:324:32 | ... + ... | test.cpp:325:15:325:19 | temp2 | provenance |  |
 nodes

cpp/ql/test/library-tests/controlflow/guards-ir/tests.expected

@@ -160,6 +160,9 @@ astGuardsCompare
 | 137 | 0 == 0 when 0 is false |
 | 146 | ! ... != 0 when ! ... is true |
 | 146 | ! ... == 0 when ! ... is false |
+| 146 | x != 0 when ! ... is false |
+| 146 | x != 0 when x is true |
+| 146 | x == 0 when x is false |
 | 152 | x != 0 when ... && ... is true |
 | 152 | x != 0 when x is true |
 | 152 | x == 0 when x is false |
@@ -518,6 +521,7 @@ astGuardsEnsure_const
 | test.c:131:7:131:7 | b | test.c:131:7:131:7 | b | != | 0 | 131 | 132 |
 | test.c:137:7:137:7 | 0 | test.c:137:7:137:7 | 0 | == | 0 | 142 | 136 |
 | test.c:146:7:146:8 | ! ... | test.c:146:7:146:8 | ! ... | != | 0 | 146 | 147 |
+| test.c:146:8:146:8 | x | test.c:146:8:146:8 | x | == | 0 | 146 | 147 |
 | test.c:152:10:152:10 | x | test.c:152:10:152:10 | x | != | 0 | 151 | 152 |
 | test.c:152:10:152:10 | x | test.c:152:10:152:10 | x | != | 0 | 152 | 152 |
 | test.c:152:10:152:15 | ... && ... | test.c:152:10:152:10 | x | != | 0 | 151 | 152 |
@@ -689,6 +693,9 @@ irGuardsCompare
 | 137 | 0 == 0 when Constant: 0 is false |
 | 146 | ! ... != 0 when LogicalNot: ! ... is true |
 | 146 | ! ... == 0 when LogicalNot: ! ... is false |
+| 146 | x != 0 when Load: x is true |
+| 146 | x != 0 when LogicalNot: ! ... is false |
+| 146 | x == 0 when Load: x is false |
 | 152 | x != 0 when Load: x is true |
 | 152 | x == 0 when Load: x is false |
 | 152 | y != 0 when Load: y is true |
@@ -1063,6 +1070,7 @@ irGuardsEnsure_const
 | test.c:131:7:131:7 | Load: b | test.c:131:7:131:7 | Load: b | != | 0 | 132 | 132 |
 | test.c:137:7:137:7 | Constant: 0 | test.c:137:7:137:7 | Constant: 0 | == | 0 | 142 | 142 |
 | test.c:146:7:146:8 | LogicalNot: ! ... | test.c:146:7:146:8 | LogicalNot: ! ... | != | 0 | 147 | 147 |
+| test.c:146:8:146:8 | Load: x | test.c:146:8:146:8 | Load: x | == | 0 | 147 | 147 |
 | test.c:152:10:152:10 | Load: x | test.c:152:10:152:10 | Load: x | != | 0 | 152 | 152 |
 | test.c:152:15:152:15 | Load: y | test.c:152:15:152:15 | Load: y | != | 0 | 152 | 152 |
 | test.c:175:13:175:32 | CompareEQ: ... == ... | test.c:175:13:175:15 | Call: call to foo | != | 0 | 175 | 175 |

cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected

@@ -161,11 +161,20 @@
 | 137 | 0 == 0 when 0 is false |
 | 146 | ! ... != 0 when ! ... is true |
 | 146 | ! ... == 0 when ! ... is false |
+| 146 | x != 0 when ! ... is false |
+| 146 | x != 0 when x is true |
+| 146 | x == 0 when x is false |
 | 152 | p != 0 when p is true |
 | 152 | p == 0 when p is false |
 | 158 | ! ... != 0 when ! ... is true |
 | 158 | ! ... == 0 when ! ... is false |
+| 158 | p != 0 when ! ... is false |
+| 158 | p != 0 when p is true |
+| 158 | p == 0 when p is false |
 | 164 | s != 0 when s is true |
 | 164 | s == 0 when s is false |
 | 170 | ! ... != 0 when ! ... is true |
 | 170 | ! ... == 0 when ! ... is false |
+| 170 | s != 0 when ! ... is false |
+| 170 | s != 0 when s is true |
+| 170 | s == 0 when s is false |

cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected

@@ -245,10 +245,13 @@ unary
 | test.c:131:7:131:7 | b | test.c:131:7:131:7 | b | != | 0 | 131 | 132 |
 | test.c:137:7:137:7 | 0 | test.c:137:7:137:7 | 0 | == | 0 | 142 | 136 |
 | test.c:146:7:146:8 | ! ... | test.c:146:7:146:8 | ! ... | != | 0 | 146 | 147 |
+| test.c:146:8:146:8 | x | test.c:146:8:146:8 | x | == | 0 | 146 | 147 |
 | test.c:152:8:152:8 | p | test.c:152:8:152:8 | p | != | 0 | 152 | 154 |
 | test.c:158:8:158:9 | ! ... | test.c:158:8:158:9 | ! ... | != | 0 | 158 | 160 |
+| test.c:158:9:158:9 | p | test.c:158:9:158:9 | p | == | 0 | 158 | 160 |
 | test.c:164:8:164:8 | s | test.c:164:8:164:8 | s | != | 0 | 164 | 166 |
 | test.c:170:8:170:9 | ! ... | test.c:170:8:170:9 | ! ... | != | 0 | 170 | 172 |
+| test.c:170:9:170:9 | s | test.c:170:9:170:9 | s | == | 0 | 170 | 172 |
 | test.cpp:18:8:18:10 | call to get | test.cpp:18:8:18:10 | call to get | != | 0 | 19 | 19 |
 | test.cpp:31:7:31:13 | ... == ... | test.cpp:31:7:31:7 | x | != | -1 | 30 | 30 |
 | test.cpp:31:7:31:13 | ... == ... | test.cpp:31:7:31:7 | x | != | -1 | 34 | 34 |

cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected

@@ -1,7 +1,9 @@
 edges
 | A.cpp:23:10:23:10 | c | A.cpp:25:7:25:17 | ... = ... | provenance |  |
+| A.cpp:25:7:25:10 | *this [post update] [c] | A.cpp:23:5:23:5 | *this [Return] [c] | provenance |  |
 | A.cpp:25:7:25:17 | ... = ... | A.cpp:25:7:25:10 | *this [post update] [c] | provenance |  |
 | A.cpp:27:17:27:17 | c | A.cpp:27:22:27:32 | ... = ... | provenance |  |
+| A.cpp:27:22:27:25 | *this [post update] [c] | A.cpp:27:10:27:12 | *this [Return] [c] | provenance |  |
 | A.cpp:27:22:27:32 | ... = ... | A.cpp:27:22:27:25 | *this [post update] [c] | provenance |  |
 | A.cpp:28:8:28:10 | *this [c] | A.cpp:28:23:28:26 | *this [c] | provenance |  |
 | A.cpp:28:23:28:26 | *this [c] | A.cpp:28:29:28:29 | c | provenance |  |
@@ -13,7 +15,7 @@ edges
 | A.cpp:31:20:31:20 | c | A.cpp:23:10:23:10 | c | provenance |  |
 | A.cpp:31:20:31:20 | c | A.cpp:31:14:31:21 | call to B [c] | provenance |  |
 | A.cpp:41:5:41:6 | insert output argument | A.cpp:43:10:43:12 | *& ... | provenance |  |
-| A.cpp:41:15:41:21 | new | A.cpp:41:5:41:6 | insert output argument | provenance |  |
+| A.cpp:41:15:41:21 | new | A.cpp:41:5:41:6 | insert output argument | provenance | Config |
 | A.cpp:47:12:47:18 | new | A.cpp:47:12:47:18 | new | provenance |  |
 | A.cpp:47:12:47:18 | new | A.cpp:48:20:48:20 | c | provenance |  |
 | A.cpp:48:12:48:18 | *call to make [c] | A.cpp:48:12:48:18 | *call to make [c] | provenance |  |
@@ -66,23 +68,28 @@ edges
 | A.cpp:112:7:112:13 | *... = ... [a] | A.cpp:118:18:118:39 | *cc [a] | provenance |  |
 | A.cpp:118:18:118:39 | *cc [a] | A.cpp:120:12:120:13 | *c1 [a] | provenance |  |
 | A.cpp:120:12:120:13 | *c1 [a] | A.cpp:120:12:120:16 | a | provenance |  |
+| A.cpp:124:14:124:14 | *b [Return] [c] | A.cpp:131:8:131:8 | f7 output argument [c] | provenance |  |
 | A.cpp:124:14:124:14 | *b [c] | A.cpp:131:8:131:8 | f7 output argument [c] | provenance |  |
+| A.cpp:126:5:126:5 | set output argument [c] | A.cpp:124:14:124:14 | *b [Return] [c] | provenance |  |
 | A.cpp:126:5:126:5 | set output argument [c] | A.cpp:124:14:124:14 | *b [c] | provenance |  |
-| A.cpp:126:5:126:5 | set output argument [c] | A.cpp:131:8:131:8 | f7 output argument [c] | provenance |  |
 | A.cpp:126:12:126:18 | new | A.cpp:27:17:27:17 | c | provenance |  |
 | A.cpp:126:12:126:18 | new | A.cpp:126:5:126:5 | set output argument [c] | provenance |  |
 | A.cpp:126:12:126:18 | new | A.cpp:126:12:126:18 | new | provenance |  |
 | A.cpp:131:8:131:8 | f7 output argument [c] | A.cpp:132:10:132:10 | *b [c] | provenance |  |
 | A.cpp:132:10:132:10 | *b [c] | A.cpp:132:10:132:13 | c | provenance |  |
+| A.cpp:140:5:140:5 | *this [Return] [*b, c] | A.cpp:151:12:151:24 | call to D [*b, c] | provenance |  |
+| A.cpp:140:5:140:5 | *this [Return] [b] | A.cpp:151:12:151:24 | call to D [b] | provenance |  |
+| A.cpp:140:13:140:13 | *b [Return] [c] | A.cpp:151:18:151:18 | D output argument [c] | provenance |  |
 | A.cpp:140:13:140:13 | *b [c] | A.cpp:151:18:151:18 | D output argument [c] | provenance |  |
 | A.cpp:140:13:140:13 | b | A.cpp:143:7:143:31 | ... = ... | provenance |  |
+| A.cpp:142:7:142:7 | *b [post update] [c] | A.cpp:140:13:140:13 | *b [Return] [c] | provenance |  |
 | A.cpp:142:7:142:7 | *b [post update] [c] | A.cpp:140:13:140:13 | *b [c] | provenance |  |
 | A.cpp:142:7:142:7 | *b [post update] [c] | A.cpp:143:7:143:31 | *... = ... [c] | provenance |  |
-| A.cpp:142:7:142:7 | *b [post update] [c] | A.cpp:151:18:151:18 | D output argument [c] | provenance |  |
 | A.cpp:142:7:142:20 | ... = ... | A.cpp:142:7:142:7 | *b [post update] [c] | provenance |  |
 | A.cpp:142:14:142:20 | new | A.cpp:142:7:142:20 | ... = ... | provenance |  |
-| A.cpp:143:7:143:10 | *this [post update] [*b, c] | A.cpp:151:12:151:24 | call to D [*b, c] | provenance |  |
-| A.cpp:143:7:143:10 | *this [post update] [b] | A.cpp:151:12:151:24 | call to D [b] | provenance |  |
+| A.cpp:143:7:143:10 | *this [post update] [*b, c] | A.cpp:140:5:140:5 | *this [Return] [*b, c] | provenance |  |
+| A.cpp:143:7:143:10 | *this [post update] [b] | A.cpp:140:5:140:5 | *this [Return] [b] | provenance |  |
+| A.cpp:143:7:143:10 | *this [post update] [b] | A.cpp:140:5:140:5 | *this [Return] [b] | provenance |  |
 | A.cpp:143:7:143:31 | *... = ... [c] | A.cpp:143:7:143:10 | *this [post update] [*b, c] | provenance |  |
 | A.cpp:143:7:143:31 | ... = ... | A.cpp:143:7:143:10 | *this [post update] [b] | provenance |  |
 | A.cpp:143:7:143:31 | ... = ... | A.cpp:143:7:143:10 | *this [post update] [b] | provenance |  |
@@ -138,7 +145,10 @@ edges
 | A.cpp:181:15:181:21 | newHead | A.cpp:183:7:183:20 | ... = ... | provenance |  |
 | A.cpp:181:32:181:35 | *next [*next, head] | A.cpp:184:7:184:23 | *... = ... [*next, head] | provenance |  |
 | A.cpp:181:32:181:35 | *next [head] | A.cpp:184:7:184:23 | *... = ... [head] | provenance |  |
+| A.cpp:183:7:183:10 | *this [post update] [head] | A.cpp:181:5:181:10 | *this [Return] [head] | provenance |  |
 | A.cpp:183:7:183:20 | ... = ... | A.cpp:183:7:183:10 | *this [post update] [head] | provenance |  |
+| A.cpp:184:7:184:10 | *this [post update] [*next, *next, head] | A.cpp:181:5:181:10 | *this [Return] [*next, *next, head] | provenance |  |
+| A.cpp:184:7:184:10 | *this [post update] [*next, head] | A.cpp:181:5:181:10 | *this [Return] [*next, head] | provenance |  |
 | A.cpp:184:7:184:23 | *... = ... [*next, head] | A.cpp:184:7:184:10 | *this [post update] [*next, *next, head] | provenance |  |
 | A.cpp:184:7:184:23 | *... = ... [head] | A.cpp:184:7:184:10 | *this [post update] [*next, head] | provenance |  |
 | B.cpp:6:15:6:24 | new | B.cpp:6:15:6:24 | new | provenance |  |
@@ -167,10 +177,14 @@ edges
 | B.cpp:19:14:19:17 | *box1 [elem2] | B.cpp:19:10:19:24 | elem2 | provenance |  |
 | B.cpp:33:16:33:17 | e1 | B.cpp:35:7:35:22 | ... = ... | provenance |  |
 | B.cpp:33:26:33:27 | e2 | B.cpp:36:7:36:22 | ... = ... | provenance |  |
+| B.cpp:35:7:35:10 | *this [post update] [elem1] | B.cpp:33:5:33:8 | *this [Return] [elem1] | provenance |  |
 | B.cpp:35:7:35:22 | ... = ... | B.cpp:35:7:35:10 | *this [post update] [elem1] | provenance |  |
+| B.cpp:36:7:36:10 | *this [post update] [elem2] | B.cpp:33:5:33:8 | *this [Return] [elem2] | provenance |  |
 | B.cpp:36:7:36:22 | ... = ... | B.cpp:36:7:36:10 | *this [post update] [elem2] | provenance |  |
 | B.cpp:44:16:44:17 | *b1 [elem1] | B.cpp:46:7:46:21 | *... = ... [elem1] | provenance |  |
 | B.cpp:44:16:44:17 | *b1 [elem2] | B.cpp:46:7:46:21 | *... = ... [elem2] | provenance |  |
+| B.cpp:46:7:46:10 | *this [post update] [*box1, elem1] | B.cpp:44:5:44:8 | *this [Return] [*box1, elem1] | provenance |  |
+| B.cpp:46:7:46:10 | *this [post update] [*box1, elem2] | B.cpp:44:5:44:8 | *this [Return] [*box1, elem2] | provenance |  |
 | B.cpp:46:7:46:21 | *... = ... [elem1] | B.cpp:46:7:46:10 | *this [post update] [*box1, elem1] | provenance |  |
 | B.cpp:46:7:46:21 | *... = ... [elem2] | B.cpp:46:7:46:10 | *this [post update] [*box1, elem2] | provenance |  |
 | C.cpp:18:12:18:18 | *new [s1] | C.cpp:19:5:19:5 | *c [s1] | provenance |  |
@@ -179,10 +193,12 @@ edges
 | C.cpp:18:12:18:18 | call to C [s3] | C.cpp:18:12:18:18 | *new [s3] | provenance |  |
 | C.cpp:19:5:19:5 | *c [s1] | C.cpp:27:8:27:11 | *this [s1] | provenance |  |
 | C.cpp:19:5:19:5 | *c [s3] | C.cpp:27:8:27:11 | *this [s3] | provenance |  |
-| C.cpp:22:3:22:3 | *this [post update] [s1] | C.cpp:18:12:18:18 | call to C [s1] | provenance |  |
+| C.cpp:22:3:22:3 | *this [Return] [s1] | C.cpp:18:12:18:18 | call to C [s1] | provenance |  |
+| C.cpp:22:3:22:3 | *this [Return] [s3] | C.cpp:18:12:18:18 | call to C [s3] | provenance |  |
+| C.cpp:22:3:22:3 | *this [post update] [s1] | C.cpp:22:3:22:3 | *this [Return] [s1] | provenance |  |
 | C.cpp:22:12:22:21 | new | C.cpp:22:3:22:3 | *this [post update] [s1] | provenance |  |
 | C.cpp:22:12:22:21 | new | C.cpp:22:12:22:21 | new | provenance |  |
-| C.cpp:24:5:24:8 | *this [post update] [s3] | C.cpp:18:12:18:18 | call to C [s3] | provenance |  |
+| C.cpp:24:5:24:8 | *this [post update] [s3] | C.cpp:22:3:22:3 | *this [Return] [s3] | provenance |  |
 | C.cpp:24:5:24:25 | ... = ... | C.cpp:24:5:24:8 | *this [post update] [s3] | provenance |  |
 | C.cpp:24:16:24:25 | new | C.cpp:24:5:24:25 | ... = ... | provenance |  |
 | C.cpp:27:8:27:11 | *this [s1] | C.cpp:29:10:29:11 | *this [s1] | provenance |  |
@@ -194,6 +210,7 @@ edges
 | D.cpp:10:30:10:33 | elem | D.cpp:10:11:10:17 | *getElem | provenance |  |
 | D.cpp:10:30:10:33 | elem | D.cpp:10:30:10:33 | elem | provenance |  |
 | D.cpp:11:24:11:24 | e | D.cpp:11:29:11:36 | ... = ... | provenance |  |
+| D.cpp:11:29:11:32 | *this [post update] [elem] | D.cpp:11:10:11:16 | *this [Return] [elem] | provenance |  |
 | D.cpp:11:29:11:36 | ... = ... | D.cpp:11:29:11:32 | *this [post update] [elem] | provenance |  |
 | D.cpp:17:11:17:17 | *this [*box, elem] | D.cpp:17:30:17:32 | *this [*box, elem] | provenance |  |
 | D.cpp:17:30:17:32 | *box [elem] | D.cpp:17:11:17:17 | **getBox1 [elem] | provenance |  |
@@ -252,14 +269,16 @@ edges
 | E.cpp:30:23:30:26 | *data [post update] [*buffer] | E.cpp:30:21:30:21 | *p [post update] [data, *buffer] | provenance |  |
 | E.cpp:32:10:32:10 | *b [*buffer] | E.cpp:32:13:32:18 | *buffer | provenance |  |
 | E.cpp:33:18:33:19 | *& ... [data, *buffer] | E.cpp:19:27:19:27 | *p [data, *buffer] | provenance |  |
+| aliasing.cpp:8:23:8:23 | *s [Return] [m1] | aliasing.cpp:25:17:25:19 | pointerSetter output argument [m1] | provenance |  |
 | aliasing.cpp:8:23:8:23 | *s [m1] | aliasing.cpp:25:17:25:19 | pointerSetter output argument [m1] | provenance |  |
+| aliasing.cpp:9:3:9:3 | *s [post update] [m1] | aliasing.cpp:8:23:8:23 | *s [Return] [m1] | provenance |  |
 | aliasing.cpp:9:3:9:3 | *s [post update] [m1] | aliasing.cpp:8:23:8:23 | *s [m1] | provenance |  |
-| aliasing.cpp:9:3:9:3 | *s [post update] [m1] | aliasing.cpp:25:17:25:19 | pointerSetter output argument [m1] | provenance |  |
 | aliasing.cpp:9:3:9:22 | ... = ... | aliasing.cpp:9:3:9:3 | *s [post update] [m1] | provenance |  |
 | aliasing.cpp:9:11:9:20 | call to user_input | aliasing.cpp:9:3:9:22 | ... = ... | provenance |  |
+| aliasing.cpp:12:25:12:25 | *s [Return] [m1] | aliasing.cpp:26:19:26:20 | referenceSetter output argument [m1] | provenance |  |
 | aliasing.cpp:12:25:12:25 | *s [m1] | aliasing.cpp:26:19:26:20 | referenceSetter output argument [m1] | provenance |  |
+| aliasing.cpp:13:3:13:3 | *s [post update] [m1] | aliasing.cpp:12:25:12:25 | *s [Return] [m1] | provenance |  |
 | aliasing.cpp:13:3:13:3 | *s [post update] [m1] | aliasing.cpp:12:25:12:25 | *s [m1] | provenance |  |
-| aliasing.cpp:13:3:13:3 | *s [post update] [m1] | aliasing.cpp:26:19:26:20 | referenceSetter output argument [m1] | provenance |  |
 | aliasing.cpp:13:3:13:21 | ... = ... | aliasing.cpp:13:3:13:3 | *s [post update] [m1] | provenance |  |
 | aliasing.cpp:13:10:13:19 | call to user_input | aliasing.cpp:13:3:13:21 | ... = ... | provenance |  |
 | aliasing.cpp:25:17:25:19 | pointerSetter output argument [m1] | aliasing.cpp:29:8:29:9 | *s1 [m1] | provenance |  |
@@ -376,14 +395,18 @@ edges
 | arrays.cpp:50:10:50:17 | *indirect [*ptr, data] | arrays.cpp:50:20:50:22 | *ptr [data] | provenance |  |
 | arrays.cpp:50:20:50:22 | *ptr [data] | arrays.cpp:50:8:50:25 | *access to array [data] | provenance |  |
 | by_reference.cpp:11:48:11:52 | value | by_reference.cpp:12:5:12:16 | ... = ... | provenance |  |
+| by_reference.cpp:12:5:12:5 | *s [post update] [a] | by_reference.cpp:11:39:11:39 | *s [Return] [a] | provenance |  |
 | by_reference.cpp:12:5:12:5 | *s [post update] [a] | by_reference.cpp:11:39:11:39 | *s [a] | provenance |  |
 | by_reference.cpp:12:5:12:16 | ... = ... | by_reference.cpp:12:5:12:5 | *s [post update] [a] | provenance |  |
 | by_reference.cpp:15:26:15:30 | value | by_reference.cpp:16:5:16:19 | ... = ... | provenance |  |
+| by_reference.cpp:16:5:16:8 | *this [post update] [a] | by_reference.cpp:15:8:15:18 | *this [Return] [a] | provenance |  |
 | by_reference.cpp:16:5:16:19 | ... = ... | by_reference.cpp:16:5:16:8 | *this [post update] [a] | provenance |  |
 | by_reference.cpp:19:28:19:32 | value | by_reference.cpp:20:23:20:27 | value | provenance |  |
+| by_reference.cpp:20:5:20:8 | setDirectly output argument [a] | by_reference.cpp:19:8:19:20 | *this [Return] [a] | provenance |  |
 | by_reference.cpp:20:23:20:27 | value | by_reference.cpp:15:26:15:30 | value | provenance |  |
 | by_reference.cpp:20:23:20:27 | value | by_reference.cpp:20:5:20:8 | setDirectly output argument [a] | provenance |  |
 | by_reference.cpp:23:34:23:38 | value | by_reference.cpp:24:25:24:29 | value | provenance |  |
+| by_reference.cpp:24:19:24:22 | nonMemberSetA output argument [a] | by_reference.cpp:23:8:23:26 | *this [Return] [a] | provenance |  |
 | by_reference.cpp:24:25:24:29 | value | by_reference.cpp:11:48:11:52 | value | provenance |  |
 | by_reference.cpp:24:25:24:29 | value | by_reference.cpp:24:19:24:22 | nonMemberSetA output argument [a] | provenance |  |
 | by_reference.cpp:31:46:31:46 | *s [a] | by_reference.cpp:32:12:32:12 | *s [a] | provenance |  |
@@ -424,26 +447,28 @@ edges
 | by_reference.cpp:68:21:68:30 | call to user_input | by_reference.cpp:68:17:68:18 | nonMemberSetA output argument [a] | provenance |  |
 | by_reference.cpp:69:22:69:23 | *& ... [a] | by_reference.cpp:31:46:31:46 | *s [a] | provenance |  |
 | by_reference.cpp:69:22:69:23 | *& ... [a] | by_reference.cpp:69:8:69:20 | call to nonMemberGetA | provenance |  |
+| by_reference.cpp:83:31:83:35 | *inner [Return] [a] | by_reference.cpp:102:21:102:39 | taint_inner_a_ptr output argument [a] | provenance |  |
+| by_reference.cpp:83:31:83:35 | *inner [Return] [a] | by_reference.cpp:103:27:103:35 | taint_inner_a_ptr output argument [a] | provenance |  |
+| by_reference.cpp:83:31:83:35 | *inner [Return] [a] | by_reference.cpp:106:21:106:41 | taint_inner_a_ptr output argument [a] | provenance |  |
+| by_reference.cpp:83:31:83:35 | *inner [Return] [a] | by_reference.cpp:107:29:107:37 | taint_inner_a_ptr output argument [a] | provenance |  |
 | by_reference.cpp:83:31:83:35 | *inner [a] | by_reference.cpp:102:21:102:39 | taint_inner_a_ptr output argument [a] | provenance |  |
 | by_reference.cpp:83:31:83:35 | *inner [a] | by_reference.cpp:103:27:103:35 | taint_inner_a_ptr output argument [a] | provenance |  |
 | by_reference.cpp:83:31:83:35 | *inner [a] | by_reference.cpp:106:21:106:41 | taint_inner_a_ptr output argument [a] | provenance |  |
 | by_reference.cpp:83:31:83:35 | *inner [a] | by_reference.cpp:107:29:107:37 | taint_inner_a_ptr output argument [a] | provenance |  |
+| by_reference.cpp:84:3:84:7 | *inner [post update] [a] | by_reference.cpp:83:31:83:35 | *inner [Return] [a] | provenance |  |
 | by_reference.cpp:84:3:84:7 | *inner [post update] [a] | by_reference.cpp:83:31:83:35 | *inner [a] | provenance |  |
-| by_reference.cpp:84:3:84:7 | *inner [post update] [a] | by_reference.cpp:102:21:102:39 | taint_inner_a_ptr output argument [a] | provenance |  |
-| by_reference.cpp:84:3:84:7 | *inner [post update] [a] | by_reference.cpp:103:27:103:35 | taint_inner_a_ptr output argument [a] | provenance |  |
-| by_reference.cpp:84:3:84:7 | *inner [post update] [a] | by_reference.cpp:106:21:106:41 | taint_inner_a_ptr output argument [a] | provenance |  |
-| by_reference.cpp:84:3:84:7 | *inner [post update] [a] | by_reference.cpp:107:29:107:37 | taint_inner_a_ptr output argument [a] | provenance |  |
 | by_reference.cpp:84:3:84:25 | ... = ... | by_reference.cpp:84:3:84:7 | *inner [post update] [a] | provenance |  |
 | by_reference.cpp:84:14:84:23 | call to user_input | by_reference.cpp:84:3:84:25 | ... = ... | provenance |  |
+| by_reference.cpp:87:31:87:35 | *inner [Return] [a] | by_reference.cpp:122:21:122:38 | taint_inner_a_ref output argument [a] | provenance |  |
+| by_reference.cpp:87:31:87:35 | *inner [Return] [a] | by_reference.cpp:123:21:123:36 | taint_inner_a_ref output argument [a] | provenance |  |
+| by_reference.cpp:87:31:87:35 | *inner [Return] [a] | by_reference.cpp:126:21:126:40 | taint_inner_a_ref output argument [a] | provenance |  |
+| by_reference.cpp:87:31:87:35 | *inner [Return] [a] | by_reference.cpp:127:21:127:38 | taint_inner_a_ref output argument [a] | provenance |  |
 | by_reference.cpp:87:31:87:35 | *inner [a] | by_reference.cpp:122:21:122:38 | taint_inner_a_ref output argument [a] | provenance |  |
 | by_reference.cpp:87:31:87:35 | *inner [a] | by_reference.cpp:123:21:123:36 | taint_inner_a_ref output argument [a] | provenance |  |
 | by_reference.cpp:87:31:87:35 | *inner [a] | by_reference.cpp:126:21:126:40 | taint_inner_a_ref output argument [a] | provenance |  |
 | by_reference.cpp:87:31:87:35 | *inner [a] | by_reference.cpp:127:21:127:38 | taint_inner_a_ref output argument [a] | provenance |  |
+| by_reference.cpp:88:3:88:7 | *inner [post update] [a] | by_reference.cpp:87:31:87:35 | *inner [Return] [a] | provenance |  |
 | by_reference.cpp:88:3:88:7 | *inner [post update] [a] | by_reference.cpp:87:31:87:35 | *inner [a] | provenance |  |
-| by_reference.cpp:88:3:88:7 | *inner [post update] [a] | by_reference.cpp:122:21:122:38 | taint_inner_a_ref output argument [a] | provenance |  |
-| by_reference.cpp:88:3:88:7 | *inner [post update] [a] | by_reference.cpp:123:21:123:36 | taint_inner_a_ref output argument [a] | provenance |  |
-| by_reference.cpp:88:3:88:7 | *inner [post update] [a] | by_reference.cpp:126:21:126:40 | taint_inner_a_ref output argument [a] | provenance |  |
-| by_reference.cpp:88:3:88:7 | *inner [post update] [a] | by_reference.cpp:127:21:127:38 | taint_inner_a_ref output argument [a] | provenance |  |
 | by_reference.cpp:88:3:88:24 | ... = ... | by_reference.cpp:88:3:88:7 | *inner [post update] [a] | provenance |  |
 | by_reference.cpp:88:13:88:22 | call to user_input | by_reference.cpp:88:3:88:24 | ... = ... | provenance |  |
 | by_reference.cpp:91:25:91:26 | *pa | by_reference.cpp:104:15:104:22 | taint_a_ptr output argument | provenance |  |
@@ -599,8 +624,10 @@ edges
 | complex.cpp:10:20:10:21 | b_ | complex.cpp:10:7:10:7 | *b | provenance |  |
 | complex.cpp:10:20:10:21 | b_ | complex.cpp:10:20:10:21 | b_ | provenance |  |
 | complex.cpp:11:17:11:17 | a | complex.cpp:11:22:11:27 | ... = ... | provenance |  |
+| complex.cpp:11:22:11:23 | *this [post update] [a_] | complex.cpp:11:8:11:11 | *this [Return] [a_] | provenance |  |
 | complex.cpp:11:22:11:27 | ... = ... | complex.cpp:11:22:11:23 | *this [post update] [a_] | provenance |  |
 | complex.cpp:12:17:12:17 | b | complex.cpp:12:22:12:27 | ... = ... | provenance |  |
+| complex.cpp:12:22:12:23 | *this [post update] [b_] | complex.cpp:12:8:12:11 | *this [Return] [b_] | provenance |  |
 | complex.cpp:12:22:12:27 | ... = ... | complex.cpp:12:22:12:23 | *this [post update] [b_] | provenance |  |
 | complex.cpp:40:17:40:17 | *b [inner, f, a_] | complex.cpp:42:8:42:8 | *b [inner, f, a_] | provenance |  |
 | complex.cpp:40:17:40:17 | *b [inner, f, b_] | complex.cpp:43:8:43:8 | *b [inner, f, b_] | provenance |  |
@@ -669,6 +696,8 @@ edges
 | constructors.cpp:19:22:19:23 | *this [b_] | constructors.cpp:19:22:19:23 | b_ | provenance |  |
 | constructors.cpp:19:22:19:23 | b_ | constructors.cpp:19:9:19:9 | *b | provenance |  |
 | constructors.cpp:19:22:19:23 | b_ | constructors.cpp:19:22:19:23 | b_ | provenance |  |
+| constructors.cpp:23:5:23:7 | *this [post update] [a_] | constructors.cpp:23:5:23:7 | *this [Return] [a_] | provenance |  |
+| constructors.cpp:23:5:23:7 | *this [post update] [b_] | constructors.cpp:23:5:23:7 | *this [Return] [b_] | provenance |  |
 | constructors.cpp:23:13:23:13 | a | constructors.cpp:23:28:23:28 | a | provenance |  |
 | constructors.cpp:23:20:23:20 | b | constructors.cpp:23:35:23:35 | b | provenance |  |
 | constructors.cpp:23:28:23:28 | a | constructors.cpp:23:5:23:7 | *this [post update] [a_] | provenance |  |
@@ -696,11 +725,14 @@ edges
 | constructors.cpp:46:9:46:9 | *h [a_] | constructors.cpp:26:15:26:15 | *f [a_] | provenance |  |
 | constructors.cpp:46:9:46:9 | *h [b_] | constructors.cpp:26:15:26:15 | *f [b_] | provenance |  |
 | qualifiers.cpp:9:21:9:25 | value | qualifiers.cpp:9:30:9:44 | ... = ... | provenance |  |
+| qualifiers.cpp:9:30:9:33 | *this [post update] [a] | qualifiers.cpp:9:10:9:13 | *this [Return] [a] | provenance |  |
 | qualifiers.cpp:9:30:9:44 | ... = ... | qualifiers.cpp:9:30:9:33 | *this [post update] [a] | provenance |  |
 | qualifiers.cpp:12:40:12:44 | value | qualifiers.cpp:12:49:12:64 | ... = ... | provenance |  |
+| qualifiers.cpp:12:49:12:53 | *inner [post update] [a] | qualifiers.cpp:12:27:12:31 | *inner [Return] [a] | provenance |  |
 | qualifiers.cpp:12:49:12:53 | *inner [post update] [a] | qualifiers.cpp:12:27:12:31 | *inner [a] | provenance |  |
 | qualifiers.cpp:12:49:12:64 | ... = ... | qualifiers.cpp:12:49:12:53 | *inner [post update] [a] | provenance |  |
 | qualifiers.cpp:13:42:13:46 | value | qualifiers.cpp:13:51:13:65 | ... = ... | provenance |  |
+| qualifiers.cpp:13:51:13:55 | *inner [post update] [a] | qualifiers.cpp:13:29:13:33 | *inner [Return] [a] | provenance |  |
 | qualifiers.cpp:13:51:13:55 | *inner [post update] [a] | qualifiers.cpp:13:29:13:33 | *inner [a] | provenance |  |
 | qualifiers.cpp:13:51:13:65 | ... = ... | qualifiers.cpp:13:51:13:55 | *inner [post update] [a] | provenance |  |
 | qualifiers.cpp:22:5:22:9 | getInner output argument [*inner, a] | qualifiers.cpp:23:10:23:14 | *outer [*inner, a] | provenance |  |
@@ -758,8 +790,10 @@ edges
 | simple.cpp:19:22:19:23 | b_ | simple.cpp:19:9:19:9 | *b | provenance |  |
 | simple.cpp:19:22:19:23 | b_ | simple.cpp:19:22:19:23 | b_ | provenance |  |
 | simple.cpp:20:19:20:19 | a | simple.cpp:20:24:20:29 | ... = ... | provenance |  |
+| simple.cpp:20:24:20:25 | *this [post update] [a_] | simple.cpp:20:10:20:13 | *this [Return] [a_] | provenance |  |
 | simple.cpp:20:24:20:29 | ... = ... | simple.cpp:20:24:20:25 | *this [post update] [a_] | provenance |  |
 | simple.cpp:21:19:21:19 | b | simple.cpp:21:24:21:29 | ... = ... | provenance |  |
+| simple.cpp:21:24:21:25 | *this [post update] [b_] | simple.cpp:21:10:21:13 | *this [Return] [b_] | provenance |  |
 | simple.cpp:21:24:21:29 | ... = ... | simple.cpp:21:24:21:25 | *this [post update] [b_] | provenance |  |
 | simple.cpp:26:15:26:15 | *f [a_] | simple.cpp:28:10:28:10 | *f [a_] | provenance |  |
 | simple.cpp:26:15:26:15 | *f [b_] | simple.cpp:29:10:29:10 | *f [b_] | provenance |  |
@@ -844,9 +878,11 @@ edges
 | struct_init.c:46:10:46:14 | *outer [*pointerAB, a] | struct_init.c:46:16:46:24 | *pointerAB [a] | provenance |  |
 | struct_init.c:46:16:46:24 | *pointerAB [a] | struct_init.c:14:24:14:25 | *ab [a] | provenance |  |
 nodes
+| A.cpp:23:5:23:5 | *this [Return] [c] | semmle.label | *this [Return] [c] |
 | A.cpp:23:10:23:10 | c | semmle.label | c |
 | A.cpp:25:7:25:10 | *this [post update] [c] | semmle.label | *this [post update] [c] |
 | A.cpp:25:7:25:17 | ... = ... | semmle.label | ... = ... |
+| A.cpp:27:10:27:12 | *this [Return] [c] | semmle.label | *this [Return] [c] |
 | A.cpp:27:17:27:17 | c | semmle.label | c |
 | A.cpp:27:22:27:25 | *this [post update] [c] | semmle.label | *this [post update] [c] |
 | A.cpp:27:22:27:32 | ... = ... | semmle.label | ... = ... |
@@ -914,6 +950,7 @@ nodes
 | A.cpp:118:18:118:39 | *cc [a] | semmle.label | *cc [a] |
 | A.cpp:120:12:120:13 | *c1 [a] | semmle.label | *c1 [a] |
 | A.cpp:120:12:120:16 | a | semmle.label | a |
+| A.cpp:124:14:124:14 | *b [Return] [c] | semmle.label | *b [Return] [c] |
 | A.cpp:124:14:124:14 | *b [c] | semmle.label | *b [c] |
 | A.cpp:126:5:126:5 | set output argument [c] | semmle.label | set output argument [c] |
 | A.cpp:126:12:126:18 | new | semmle.label | new |
@@ -921,6 +958,10 @@ nodes
 | A.cpp:131:8:131:8 | f7 output argument [c] | semmle.label | f7 output argument [c] |
 | A.cpp:132:10:132:10 | *b [c] | semmle.label | *b [c] |
 | A.cpp:132:10:132:13 | c | semmle.label | c |
+| A.cpp:140:5:140:5 | *this [Return] [*b, c] | semmle.label | *this [Return] [*b, c] |
+| A.cpp:140:5:140:5 | *this [Return] [b] | semmle.label | *this [Return] [b] |
+| A.cpp:140:5:140:5 | *this [Return] [b] | semmle.label | *this [Return] [b] |
+| A.cpp:140:13:140:13 | *b [Return] [c] | semmle.label | *b [Return] [c] |
 | A.cpp:140:13:140:13 | *b [c] | semmle.label | *b [c] |
 | A.cpp:140:13:140:13 | b | semmle.label | b |
 | A.cpp:142:7:142:7 | *b [post update] [c] | semmle.label | *b [post update] [c] |
@@ -979,6 +1020,9 @@ nodes
 | A.cpp:169:12:169:18 | head | semmle.label | head |
 | A.cpp:173:26:173:26 | *o [c] | semmle.label | *o [c] |
 | A.cpp:173:26:173:26 | *o [c] | semmle.label | *o [c] |
+| A.cpp:181:5:181:10 | *this [Return] [*next, *next, head] | semmle.label | *this [Return] [*next, *next, head] |
+| A.cpp:181:5:181:10 | *this [Return] [*next, head] | semmle.label | *this [Return] [*next, head] |
+| A.cpp:181:5:181:10 | *this [Return] [head] | semmle.label | *this [Return] [head] |
 | A.cpp:181:15:181:21 | newHead | semmle.label | newHead |
 | A.cpp:181:32:181:35 | *next [*next, head] | semmle.label | *next [*next, head] |
 | A.cpp:181:32:181:35 | *next [head] | semmle.label | *next [head] |
@@ -1010,12 +1054,16 @@ nodes
 | B.cpp:19:10:19:11 | *b2 [*box1, elem2] | semmle.label | *b2 [*box1, elem2] |
 | B.cpp:19:10:19:24 | elem2 | semmle.label | elem2 |
 | B.cpp:19:14:19:17 | *box1 [elem2] | semmle.label | *box1 [elem2] |
+| B.cpp:33:5:33:8 | *this [Return] [elem1] | semmle.label | *this [Return] [elem1] |
+| B.cpp:33:5:33:8 | *this [Return] [elem2] | semmle.label | *this [Return] [elem2] |
 | B.cpp:33:16:33:17 | e1 | semmle.label | e1 |
 | B.cpp:33:26:33:27 | e2 | semmle.label | e2 |
 | B.cpp:35:7:35:10 | *this [post update] [elem1] | semmle.label | *this [post update] [elem1] |
 | B.cpp:35:7:35:22 | ... = ... | semmle.label | ... = ... |
 | B.cpp:36:7:36:10 | *this [post update] [elem2] | semmle.label | *this [post update] [elem2] |
 | B.cpp:36:7:36:22 | ... = ... | semmle.label | ... = ... |
+| B.cpp:44:5:44:8 | *this [Return] [*box1, elem1] | semmle.label | *this [Return] [*box1, elem1] |
+| B.cpp:44:5:44:8 | *this [Return] [*box1, elem2] | semmle.label | *this [Return] [*box1, elem2] |
 | B.cpp:44:16:44:17 | *b1 [elem1] | semmle.label | *b1 [elem1] |
 | B.cpp:44:16:44:17 | *b1 [elem2] | semmle.label | *b1 [elem2] |
 | B.cpp:46:7:46:10 | *this [post update] [*box1, elem1] | semmle.label | *this [post update] [*box1, elem1] |
@@ -1028,6 +1076,8 @@ nodes
 | C.cpp:18:12:18:18 | call to C [s3] | semmle.label | call to C [s3] |
 | C.cpp:19:5:19:5 | *c [s1] | semmle.label | *c [s1] |
 | C.cpp:19:5:19:5 | *c [s3] | semmle.label | *c [s3] |
+| C.cpp:22:3:22:3 | *this [Return] [s1] | semmle.label | *this [Return] [s1] |
+| C.cpp:22:3:22:3 | *this [Return] [s3] | semmle.label | *this [Return] [s3] |
 | C.cpp:22:3:22:3 | *this [post update] [s1] | semmle.label | *this [post update] [s1] |
 | C.cpp:22:12:22:21 | new | semmle.label | new |
 | C.cpp:22:12:22:21 | new | semmle.label | new |
@@ -1045,6 +1095,7 @@ nodes
 | D.cpp:10:30:10:33 | *this [elem] | semmle.label | *this [elem] |
 | D.cpp:10:30:10:33 | elem | semmle.label | elem |
 | D.cpp:10:30:10:33 | elem | semmle.label | elem |
+| D.cpp:11:10:11:16 | *this [Return] [elem] | semmle.label | *this [Return] [elem] |
 | D.cpp:11:24:11:24 | e | semmle.label | e |
 | D.cpp:11:29:11:32 | *this [post update] [elem] | semmle.label | *this [post update] [elem] |
 | D.cpp:11:29:11:36 | ... = ... | semmle.label | ... = ... |
@@ -1107,10 +1158,12 @@ nodes
 | E.cpp:32:10:32:10 | *b [*buffer] | semmle.label | *b [*buffer] |
 | E.cpp:32:13:32:18 | *buffer | semmle.label | *buffer |
 | E.cpp:33:18:33:19 | *& ... [data, *buffer] | semmle.label | *& ... [data, *buffer] |
+| aliasing.cpp:8:23:8:23 | *s [Return] [m1] | semmle.label | *s [Return] [m1] |
 | aliasing.cpp:8:23:8:23 | *s [m1] | semmle.label | *s [m1] |
 | aliasing.cpp:9:3:9:3 | *s [post update] [m1] | semmle.label | *s [post update] [m1] |
 | aliasing.cpp:9:3:9:22 | ... = ... | semmle.label | ... = ... |
 | aliasing.cpp:9:11:9:20 | call to user_input | semmle.label | call to user_input |
+| aliasing.cpp:12:25:12:25 | *s [Return] [m1] | semmle.label | *s [Return] [m1] |
 | aliasing.cpp:12:25:12:25 | *s [m1] | semmle.label | *s [m1] |
 | aliasing.cpp:13:3:13:3 | *s [post update] [m1] | semmle.label | *s [post update] [m1] |
 | aliasing.cpp:13:3:13:21 | ... = ... | semmle.label | ... = ... |
@@ -1236,16 +1289,20 @@ nodes
 | arrays.cpp:50:10:50:17 | *indirect [*ptr, data] | semmle.label | *indirect [*ptr, data] |
 | arrays.cpp:50:20:50:22 | *ptr [data] | semmle.label | *ptr [data] |
 | arrays.cpp:50:27:50:30 | data | semmle.label | data |
+| by_reference.cpp:11:39:11:39 | *s [Return] [a] | semmle.label | *s [Return] [a] |
 | by_reference.cpp:11:39:11:39 | *s [a] | semmle.label | *s [a] |
 | by_reference.cpp:11:48:11:52 | value | semmle.label | value |
 | by_reference.cpp:12:5:12:5 | *s [post update] [a] | semmle.label | *s [post update] [a] |
 | by_reference.cpp:12:5:12:16 | ... = ... | semmle.label | ... = ... |
+| by_reference.cpp:15:8:15:18 | *this [Return] [a] | semmle.label | *this [Return] [a] |
 | by_reference.cpp:15:26:15:30 | value | semmle.label | value |
 | by_reference.cpp:16:5:16:8 | *this [post update] [a] | semmle.label | *this [post update] [a] |
 | by_reference.cpp:16:5:16:19 | ... = ... | semmle.label | ... = ... |
+| by_reference.cpp:19:8:19:20 | *this [Return] [a] | semmle.label | *this [Return] [a] |
 | by_reference.cpp:19:28:19:32 | value | semmle.label | value |
 | by_reference.cpp:20:5:20:8 | setDirectly output argument [a] | semmle.label | setDirectly output argument [a] |
 | by_reference.cpp:20:23:20:27 | value | semmle.label | value |
+| by_reference.cpp:23:8:23:26 | *this [Return] [a] | semmle.label | *this [Return] [a] |
 | by_reference.cpp:23:34:23:38 | value | semmle.label | value |
 | by_reference.cpp:24:19:24:22 | nonMemberSetA output argument [a] | semmle.label | nonMemberSetA output argument [a] |
 | by_reference.cpp:24:25:24:29 | value | semmle.label | value |
@@ -1285,10 +1342,12 @@ nodes
 | by_reference.cpp:68:21:68:30 | call to user_input | semmle.label | call to user_input |
 | by_reference.cpp:69:8:69:20 | call to nonMemberGetA | semmle.label | call to nonMemberGetA |
 | by_reference.cpp:69:22:69:23 | *& ... [a] | semmle.label | *& ... [a] |
+| by_reference.cpp:83:31:83:35 | *inner [Return] [a] | semmle.label | *inner [Return] [a] |
 | by_reference.cpp:83:31:83:35 | *inner [a] | semmle.label | *inner [a] |
 | by_reference.cpp:84:3:84:7 | *inner [post update] [a] | semmle.label | *inner [post update] [a] |
 | by_reference.cpp:84:3:84:25 | ... = ... | semmle.label | ... = ... |
 | by_reference.cpp:84:14:84:23 | call to user_input | semmle.label | call to user_input |
+| by_reference.cpp:87:31:87:35 | *inner [Return] [a] | semmle.label | *inner [Return] [a] |
 | by_reference.cpp:87:31:87:35 | *inner [a] | semmle.label | *inner [a] |
 | by_reference.cpp:88:3:88:7 | *inner [post update] [a] | semmle.label | *inner [post update] [a] |
 | by_reference.cpp:88:3:88:24 | ... = ... | semmle.label | ... = ... |
@@ -1454,9 +1513,11 @@ nodes
 | complex.cpp:10:20:10:21 | *this [b_] | semmle.label | *this [b_] |
 | complex.cpp:10:20:10:21 | b_ | semmle.label | b_ |
 | complex.cpp:10:20:10:21 | b_ | semmle.label | b_ |
+| complex.cpp:11:8:11:11 | *this [Return] [a_] | semmle.label | *this [Return] [a_] |
 | complex.cpp:11:17:11:17 | a | semmle.label | a |
 | complex.cpp:11:22:11:23 | *this [post update] [a_] | semmle.label | *this [post update] [a_] |
 | complex.cpp:11:22:11:27 | ... = ... | semmle.label | ... = ... |
+| complex.cpp:12:8:12:11 | *this [Return] [b_] | semmle.label | *this [Return] [b_] |
 | complex.cpp:12:17:12:17 | b | semmle.label | b |
 | complex.cpp:12:22:12:23 | *this [post update] [b_] | semmle.label | *this [post update] [b_] |
 | complex.cpp:12:22:12:27 | ... = ... | semmle.label | ... = ... |
@@ -1531,6 +1592,8 @@ nodes
 | constructors.cpp:19:22:19:23 | *this [b_] | semmle.label | *this [b_] |
 | constructors.cpp:19:22:19:23 | b_ | semmle.label | b_ |
 | constructors.cpp:19:22:19:23 | b_ | semmle.label | b_ |
+| constructors.cpp:23:5:23:7 | *this [Return] [a_] | semmle.label | *this [Return] [a_] |
+| constructors.cpp:23:5:23:7 | *this [Return] [b_] | semmle.label | *this [Return] [b_] |
 | constructors.cpp:23:5:23:7 | *this [post update] [a_] | semmle.label | *this [post update] [a_] |
 | constructors.cpp:23:5:23:7 | *this [post update] [b_] | semmle.label | *this [post update] [b_] |
 | constructors.cpp:23:13:23:13 | a | semmle.label | a |
@@ -1555,13 +1618,16 @@ nodes
 | constructors.cpp:43:9:43:9 | *g [b_] | semmle.label | *g [b_] |
 | constructors.cpp:46:9:46:9 | *h [a_] | semmle.label | *h [a_] |
 | constructors.cpp:46:9:46:9 | *h [b_] | semmle.label | *h [b_] |
+| qualifiers.cpp:9:10:9:13 | *this [Return] [a] | semmle.label | *this [Return] [a] |
 | qualifiers.cpp:9:21:9:25 | value | semmle.label | value |
 | qualifiers.cpp:9:30:9:33 | *this [post update] [a] | semmle.label | *this [post update] [a] |
 | qualifiers.cpp:9:30:9:44 | ... = ... | semmle.label | ... = ... |
+| qualifiers.cpp:12:27:12:31 | *inner [Return] [a] | semmle.label | *inner [Return] [a] |
 | qualifiers.cpp:12:27:12:31 | *inner [a] | semmle.label | *inner [a] |
 | qualifiers.cpp:12:40:12:44 | value | semmle.label | value |
 | qualifiers.cpp:12:49:12:53 | *inner [post update] [a] | semmle.label | *inner [post update] [a] |
 | qualifiers.cpp:12:49:12:64 | ... = ... | semmle.label | ... = ... |
+| qualifiers.cpp:13:29:13:33 | *inner [Return] [a] | semmle.label | *inner [Return] [a] |
 | qualifiers.cpp:13:29:13:33 | *inner [a] | semmle.label | *inner [a] |
 | qualifiers.cpp:13:42:13:46 | value | semmle.label | value |
 | qualifiers.cpp:13:51:13:55 | *inner [post update] [a] | semmle.label | *inner [post update] [a] |
@@ -1626,9 +1692,11 @@ nodes
 | simple.cpp:19:22:19:23 | *this [b_] | semmle.label | *this [b_] |
 | simple.cpp:19:22:19:23 | b_ | semmle.label | b_ |
 | simple.cpp:19:22:19:23 | b_ | semmle.label | b_ |
+| simple.cpp:20:10:20:13 | *this [Return] [a_] | semmle.label | *this [Return] [a_] |
 | simple.cpp:20:19:20:19 | a | semmle.label | a |
 | simple.cpp:20:24:20:25 | *this [post update] [a_] | semmle.label | *this [post update] [a_] |
 | simple.cpp:20:24:20:29 | ... = ... | semmle.label | ... = ... |
+| simple.cpp:21:10:21:13 | *this [Return] [b_] | semmle.label | *this [Return] [b_] |
 | simple.cpp:21:19:21:19 | b | semmle.label | b |
 | simple.cpp:21:24:21:25 | *this [post update] [b_] | semmle.label | *this [post update] [b_] |
 | simple.cpp:21:24:21:29 | ... = ... | semmle.label | ... = ... |
@@ -1715,67 +1783,67 @@ nodes
 | struct_init.c:46:10:46:14 | *outer [*pointerAB, a] | semmle.label | *outer [*pointerAB, a] |
 | struct_init.c:46:16:46:24 | *pointerAB [a] | semmle.label | *pointerAB [a] |
 subpaths
-| A.cpp:31:20:31:20 | c | A.cpp:23:10:23:10 | c | A.cpp:25:7:25:10 | *this [post update] [c] | A.cpp:31:14:31:21 | call to B [c] |
+| A.cpp:31:20:31:20 | c | A.cpp:23:10:23:10 | c | A.cpp:23:5:23:5 | *this [Return] [c] | A.cpp:31:14:31:21 | call to B [c] |
 | A.cpp:48:20:48:20 | c | A.cpp:29:23:29:23 | c | A.cpp:29:15:29:18 | **make [c] | A.cpp:48:12:48:18 | *call to make [c] |
-| A.cpp:55:12:55:19 | new | A.cpp:27:17:27:17 | c | A.cpp:27:22:27:25 | *this [post update] [c] | A.cpp:55:5:55:5 | set output argument [c] |
+| A.cpp:55:12:55:19 | new | A.cpp:27:17:27:17 | c | A.cpp:27:10:27:12 | *this [Return] [c] | A.cpp:55:5:55:5 | set output argument [c] |
 | A.cpp:56:10:56:10 | *b [c] | A.cpp:28:8:28:10 | *this [c] | A.cpp:28:8:28:10 | *get | A.cpp:56:10:56:17 | call to get |
 | A.cpp:57:11:57:24 | *new [c] | A.cpp:28:8:28:10 | *this [c] | A.cpp:28:8:28:10 | *get | A.cpp:57:10:57:32 | call to get |
-| A.cpp:57:17:57:23 | new | A.cpp:23:10:23:10 | c | A.cpp:25:7:25:10 | *this [post update] [c] | A.cpp:57:11:57:24 | call to B [c] |
+| A.cpp:57:17:57:23 | new | A.cpp:23:10:23:10 | c | A.cpp:23:5:23:5 | *this [Return] [c] | A.cpp:57:11:57:24 | call to B [c] |
 | A.cpp:64:21:64:28 | new | A.cpp:85:26:85:26 | c | A.cpp:85:9:85:14 | **setOnB [c] | A.cpp:64:10:64:15 | *call to setOnB [c] |
 | A.cpp:73:25:73:32 | new | A.cpp:78:27:78:27 | c | A.cpp:78:6:78:15 | **setOnBWrap [c] | A.cpp:73:10:73:19 | *call to setOnBWrap [c] |
 | A.cpp:81:21:81:21 | c | A.cpp:85:26:85:26 | c | A.cpp:85:9:85:14 | **setOnB [c] | A.cpp:81:10:81:15 | *call to setOnB [c] |
-| A.cpp:90:15:90:15 | c | A.cpp:27:17:27:17 | c | A.cpp:27:22:27:25 | *this [post update] [c] | A.cpp:90:7:90:8 | set output argument [c] |
-| A.cpp:126:12:126:18 | new | A.cpp:27:17:27:17 | c | A.cpp:27:22:27:25 | *this [post update] [c] | A.cpp:126:5:126:5 | set output argument [c] |
-| A.cpp:151:18:151:18 | b | A.cpp:140:13:140:13 | b | A.cpp:143:7:143:10 | *this [post update] [b] | A.cpp:151:12:151:24 | call to D [b] |
+| A.cpp:90:15:90:15 | c | A.cpp:27:17:27:17 | c | A.cpp:27:10:27:12 | *this [Return] [c] | A.cpp:90:7:90:8 | set output argument [c] |
+| A.cpp:126:12:126:18 | new | A.cpp:27:17:27:17 | c | A.cpp:27:10:27:12 | *this [Return] [c] | A.cpp:126:5:126:5 | set output argument [c] |
+| A.cpp:151:18:151:18 | b | A.cpp:140:13:140:13 | b | A.cpp:140:5:140:5 | *this [Return] [b] | A.cpp:151:12:151:24 | call to D [b] |
 | A.cpp:152:10:152:13 | *b [c] | A.cpp:173:26:173:26 | *o [c] | A.cpp:173:26:173:26 | *o [c] | A.cpp:152:10:152:13 | sink output argument [c] |
-| A.cpp:160:29:160:29 | b | A.cpp:181:15:181:21 | newHead | A.cpp:183:7:183:10 | *this [post update] [head] | A.cpp:160:18:160:60 | call to MyList [head] |
-| A.cpp:161:38:161:39 | *l1 [head] | A.cpp:181:32:181:35 | *next [head] | A.cpp:184:7:184:10 | *this [post update] [*next, head] | A.cpp:161:18:161:40 | call to MyList [*next, head] |
-| A.cpp:162:38:162:39 | *l2 [*next, head] | A.cpp:181:32:181:35 | *next [*next, head] | A.cpp:184:7:184:10 | *this [post update] [*next, *next, head] | A.cpp:162:18:162:40 | call to MyList [*next, *next, head] |
-| B.cpp:7:25:7:25 | e | B.cpp:33:16:33:17 | e1 | B.cpp:35:7:35:10 | *this [post update] [elem1] | B.cpp:7:16:7:35 | call to Box1 [elem1] |
-| B.cpp:8:25:8:26 | *b1 [elem1] | B.cpp:44:16:44:17 | *b1 [elem1] | B.cpp:46:7:46:10 | *this [post update] [*box1, elem1] | B.cpp:8:16:8:27 | call to Box2 [*box1, elem1] |
-| B.cpp:16:37:16:37 | e | B.cpp:33:26:33:27 | e2 | B.cpp:36:7:36:10 | *this [post update] [elem2] | B.cpp:16:16:16:38 | call to Box1 [elem2] |
-| B.cpp:17:25:17:26 | *b1 [elem2] | B.cpp:44:16:44:17 | *b1 [elem2] | B.cpp:46:7:46:10 | *this [post update] [*box1, elem2] | B.cpp:17:16:17:27 | call to Box2 [*box1, elem2] |
+| A.cpp:160:29:160:29 | b | A.cpp:181:15:181:21 | newHead | A.cpp:181:5:181:10 | *this [Return] [head] | A.cpp:160:18:160:60 | call to MyList [head] |
+| A.cpp:161:38:161:39 | *l1 [head] | A.cpp:181:32:181:35 | *next [head] | A.cpp:181:5:181:10 | *this [Return] [*next, head] | A.cpp:161:18:161:40 | call to MyList [*next, head] |
+| A.cpp:162:38:162:39 | *l2 [*next, head] | A.cpp:181:32:181:35 | *next [*next, head] | A.cpp:181:5:181:10 | *this [Return] [*next, *next, head] | A.cpp:162:18:162:40 | call to MyList [*next, *next, head] |
+| B.cpp:7:25:7:25 | e | B.cpp:33:16:33:17 | e1 | B.cpp:33:5:33:8 | *this [Return] [elem1] | B.cpp:7:16:7:35 | call to Box1 [elem1] |
+| B.cpp:8:25:8:26 | *b1 [elem1] | B.cpp:44:16:44:17 | *b1 [elem1] | B.cpp:44:5:44:8 | *this [Return] [*box1, elem1] | B.cpp:8:16:8:27 | call to Box2 [*box1, elem1] |
+| B.cpp:16:37:16:37 | e | B.cpp:33:26:33:27 | e2 | B.cpp:33:5:33:8 | *this [Return] [elem2] | B.cpp:16:16:16:38 | call to Box1 [elem2] |
+| B.cpp:17:25:17:26 | *b1 [elem2] | B.cpp:44:16:44:17 | *b1 [elem2] | B.cpp:44:5:44:8 | *this [Return] [*box1, elem2] | B.cpp:17:16:17:27 | call to Box2 [*box1, elem2] |
 | D.cpp:22:10:22:11 | *b2 [*box, elem] | D.cpp:17:11:17:17 | *this [*box, elem] | D.cpp:17:11:17:17 | **getBox1 [elem] | D.cpp:22:14:22:20 | *call to getBox1 [elem] |
 | D.cpp:22:14:22:20 | *call to getBox1 [elem] | D.cpp:10:11:10:17 | *this [elem] | D.cpp:10:11:10:17 | *getElem | D.cpp:22:10:22:33 | call to getElem |
-| D.cpp:37:21:37:21 | e | D.cpp:11:24:11:24 | e | D.cpp:11:29:11:32 | *this [post update] [elem] | D.cpp:37:8:37:10 | setElem output argument [elem] |
-| D.cpp:51:27:51:27 | e | D.cpp:11:24:11:24 | e | D.cpp:11:29:11:32 | *this [post update] [elem] | D.cpp:51:8:51:14 | setElem output argument [elem] |
-| by_reference.cpp:20:23:20:27 | value | by_reference.cpp:15:26:15:30 | value | by_reference.cpp:16:5:16:8 | *this [post update] [a] | by_reference.cpp:20:5:20:8 | setDirectly output argument [a] |
+| D.cpp:37:21:37:21 | e | D.cpp:11:24:11:24 | e | D.cpp:11:10:11:16 | *this [Return] [elem] | D.cpp:37:8:37:10 | setElem output argument [elem] |
+| D.cpp:51:27:51:27 | e | D.cpp:11:24:11:24 | e | D.cpp:11:10:11:16 | *this [Return] [elem] | D.cpp:51:8:51:14 | setElem output argument [elem] |
+| by_reference.cpp:20:23:20:27 | value | by_reference.cpp:15:26:15:30 | value | by_reference.cpp:15:8:15:18 | *this [Return] [a] | by_reference.cpp:20:5:20:8 | setDirectly output argument [a] |
+| by_reference.cpp:24:25:24:29 | value | by_reference.cpp:11:48:11:52 | value | by_reference.cpp:11:39:11:39 | *s [Return] [a] | by_reference.cpp:24:19:24:22 | nonMemberSetA output argument [a] |
 | by_reference.cpp:24:25:24:29 | value | by_reference.cpp:11:48:11:52 | value | by_reference.cpp:11:39:11:39 | *s [a] | by_reference.cpp:24:19:24:22 | nonMemberSetA output argument [a] |
-| by_reference.cpp:24:25:24:29 | value | by_reference.cpp:11:48:11:52 | value | by_reference.cpp:12:5:12:5 | *s [post update] [a] | by_reference.cpp:24:19:24:22 | nonMemberSetA output argument [a] |
 | by_reference.cpp:40:12:40:15 | *this [a] | by_reference.cpp:35:9:35:19 | *this [a] | by_reference.cpp:35:9:35:19 | *getDirectly | by_reference.cpp:40:18:40:28 | call to getDirectly |
 | by_reference.cpp:44:26:44:29 | *this [a] | by_reference.cpp:31:46:31:46 | *s [a] | by_reference.cpp:31:16:31:28 | *nonMemberGetA | by_reference.cpp:44:12:44:24 | call to nonMemberGetA |
-| by_reference.cpp:50:17:50:26 | call to user_input | by_reference.cpp:15:26:15:30 | value | by_reference.cpp:16:5:16:8 | *this [post update] [a] | by_reference.cpp:50:3:50:3 | setDirectly output argument [a] |
+| by_reference.cpp:50:17:50:26 | call to user_input | by_reference.cpp:15:26:15:30 | value | by_reference.cpp:15:8:15:18 | *this [Return] [a] | by_reference.cpp:50:3:50:3 | setDirectly output argument [a] |
 | by_reference.cpp:51:8:51:8 | *s [a] | by_reference.cpp:35:9:35:19 | *this [a] | by_reference.cpp:35:9:35:19 | *getDirectly | by_reference.cpp:51:10:51:20 | call to getDirectly |
-| by_reference.cpp:56:19:56:28 | call to user_input | by_reference.cpp:19:28:19:32 | value | by_reference.cpp:20:5:20:8 | setDirectly output argument [a] | by_reference.cpp:56:3:56:3 | setIndirectly output argument [a] |
+| by_reference.cpp:56:19:56:28 | call to user_input | by_reference.cpp:19:28:19:32 | value | by_reference.cpp:19:8:19:20 | *this [Return] [a] | by_reference.cpp:56:3:56:3 | setIndirectly output argument [a] |
 | by_reference.cpp:57:8:57:8 | *s [a] | by_reference.cpp:39:9:39:21 | *this [a] | by_reference.cpp:39:9:39:21 | *getIndirectly | by_reference.cpp:57:10:57:22 | call to getIndirectly |
-| by_reference.cpp:62:25:62:34 | call to user_input | by_reference.cpp:23:34:23:38 | value | by_reference.cpp:24:19:24:22 | nonMemberSetA output argument [a] | by_reference.cpp:62:3:62:3 | setThroughNonMember output argument [a] |
+| by_reference.cpp:62:25:62:34 | call to user_input | by_reference.cpp:23:34:23:38 | value | by_reference.cpp:23:8:23:26 | *this [Return] [a] | by_reference.cpp:62:3:62:3 | setThroughNonMember output argument [a] |
 | by_reference.cpp:63:8:63:8 | *s [a] | by_reference.cpp:43:9:43:27 | *this [a] | by_reference.cpp:43:9:43:27 | *getThroughNonMember | by_reference.cpp:63:10:63:28 | call to getThroughNonMember |
+| by_reference.cpp:68:21:68:30 | call to user_input | by_reference.cpp:11:48:11:52 | value | by_reference.cpp:11:39:11:39 | *s [Return] [a] | by_reference.cpp:68:17:68:18 | nonMemberSetA output argument [a] |
 | by_reference.cpp:68:21:68:30 | call to user_input | by_reference.cpp:11:48:11:52 | value | by_reference.cpp:11:39:11:39 | *s [a] | by_reference.cpp:68:17:68:18 | nonMemberSetA output argument [a] |
-| by_reference.cpp:68:21:68:30 | call to user_input | by_reference.cpp:11:48:11:52 | value | by_reference.cpp:12:5:12:5 | *s [post update] [a] | by_reference.cpp:68:17:68:18 | nonMemberSetA output argument [a] |
 | by_reference.cpp:69:22:69:23 | *& ... [a] | by_reference.cpp:31:46:31:46 | *s [a] | by_reference.cpp:31:16:31:28 | *nonMemberGetA | by_reference.cpp:69:8:69:20 | call to nonMemberGetA |
 | complex.cpp:42:16:42:16 | *f [a_] | complex.cpp:9:7:9:7 | *this [a_] | complex.cpp:9:7:9:7 | *a | complex.cpp:42:18:42:18 | call to a |
 | complex.cpp:43:16:43:16 | *f [b_] | complex.cpp:10:7:10:7 | *this [b_] | complex.cpp:10:7:10:7 | *b | complex.cpp:43:18:43:18 | call to b |
-| complex.cpp:53:19:53:28 | call to user_input | complex.cpp:11:17:11:17 | a | complex.cpp:11:22:11:23 | *this [post update] [a_] | complex.cpp:53:12:53:12 | setA output argument [a_] |
-| complex.cpp:54:19:54:28 | call to user_input | complex.cpp:12:17:12:17 | b | complex.cpp:12:22:12:23 | *this [post update] [b_] | complex.cpp:54:12:54:12 | setB output argument [b_] |
-| complex.cpp:55:19:55:28 | call to user_input | complex.cpp:11:17:11:17 | a | complex.cpp:11:22:11:23 | *this [post update] [a_] | complex.cpp:55:12:55:12 | setA output argument [a_] |
-| complex.cpp:56:19:56:28 | call to user_input | complex.cpp:12:17:12:17 | b | complex.cpp:12:22:12:23 | *this [post update] [b_] | complex.cpp:56:12:56:12 | setB output argument [b_] |
+| complex.cpp:53:19:53:28 | call to user_input | complex.cpp:11:17:11:17 | a | complex.cpp:11:8:11:11 | *this [Return] [a_] | complex.cpp:53:12:53:12 | setA output argument [a_] |
+| complex.cpp:54:19:54:28 | call to user_input | complex.cpp:12:17:12:17 | b | complex.cpp:12:8:12:11 | *this [Return] [b_] | complex.cpp:54:12:54:12 | setB output argument [b_] |
+| complex.cpp:55:19:55:28 | call to user_input | complex.cpp:11:17:11:17 | a | complex.cpp:11:8:11:11 | *this [Return] [a_] | complex.cpp:55:12:55:12 | setA output argument [a_] |
+| complex.cpp:56:19:56:28 | call to user_input | complex.cpp:12:17:12:17 | b | complex.cpp:12:8:12:11 | *this [Return] [b_] | complex.cpp:56:12:56:12 | setB output argument [b_] |
 | constructors.cpp:28:10:28:10 | *f [a_] | constructors.cpp:18:9:18:9 | *this [a_] | constructors.cpp:18:9:18:9 | *a | constructors.cpp:28:12:28:12 | call to a |
 | constructors.cpp:29:10:29:10 | *f [b_] | constructors.cpp:19:9:19:9 | *this [b_] | constructors.cpp:19:9:19:9 | *b | constructors.cpp:29:12:29:12 | call to b |
-| constructors.cpp:34:11:34:20 | call to user_input | constructors.cpp:23:13:23:13 | a | constructors.cpp:23:5:23:7 | *this [post update] [a_] | constructors.cpp:34:9:34:9 | call to Foo [a_] |
-| constructors.cpp:35:14:35:23 | call to user_input | constructors.cpp:23:20:23:20 | b | constructors.cpp:23:5:23:7 | *this [post update] [b_] | constructors.cpp:35:9:35:9 | call to Foo [b_] |
-| constructors.cpp:36:11:36:20 | call to user_input | constructors.cpp:23:13:23:13 | a | constructors.cpp:23:5:23:7 | *this [post update] [a_] | constructors.cpp:36:9:36:9 | call to Foo [a_] |
-| constructors.cpp:36:25:36:34 | call to user_input | constructors.cpp:23:20:23:20 | b | constructors.cpp:23:5:23:7 | *this [post update] [b_] | constructors.cpp:36:9:36:9 | call to Foo [b_] |
-| qualifiers.cpp:27:28:27:37 | call to user_input | qualifiers.cpp:9:21:9:25 | value | qualifiers.cpp:9:30:9:33 | *this [post update] [a] | qualifiers.cpp:27:11:27:18 | setA output argument [a] |
+| constructors.cpp:34:11:34:20 | call to user_input | constructors.cpp:23:13:23:13 | a | constructors.cpp:23:5:23:7 | *this [Return] [a_] | constructors.cpp:34:9:34:9 | call to Foo [a_] |
+| constructors.cpp:35:14:35:23 | call to user_input | constructors.cpp:23:20:23:20 | b | constructors.cpp:23:5:23:7 | *this [Return] [b_] | constructors.cpp:35:9:35:9 | call to Foo [b_] |
+| constructors.cpp:36:11:36:20 | call to user_input | constructors.cpp:23:13:23:13 | a | constructors.cpp:23:5:23:7 | *this [Return] [a_] | constructors.cpp:36:9:36:9 | call to Foo [a_] |
+| constructors.cpp:36:25:36:34 | call to user_input | constructors.cpp:23:20:23:20 | b | constructors.cpp:23:5:23:7 | *this [Return] [b_] | constructors.cpp:36:9:36:9 | call to Foo [b_] |
+| qualifiers.cpp:27:28:27:37 | call to user_input | qualifiers.cpp:9:21:9:25 | value | qualifiers.cpp:9:10:9:13 | *this [Return] [a] | qualifiers.cpp:27:11:27:18 | setA output argument [a] |
+| qualifiers.cpp:32:35:32:44 | call to user_input | qualifiers.cpp:12:40:12:44 | value | qualifiers.cpp:12:27:12:31 | *inner [Return] [a] | qualifiers.cpp:32:23:32:30 | pointerSetA output argument [a] |
 | qualifiers.cpp:32:35:32:44 | call to user_input | qualifiers.cpp:12:40:12:44 | value | qualifiers.cpp:12:27:12:31 | *inner [a] | qualifiers.cpp:32:23:32:30 | pointerSetA output argument [a] |
-| qualifiers.cpp:32:35:32:44 | call to user_input | qualifiers.cpp:12:40:12:44 | value | qualifiers.cpp:12:49:12:53 | *inner [post update] [a] | qualifiers.cpp:32:23:32:30 | pointerSetA output argument [a] |
+| qualifiers.cpp:37:38:37:47 | call to user_input | qualifiers.cpp:13:42:13:46 | value | qualifiers.cpp:13:29:13:33 | *inner [Return] [a] | qualifiers.cpp:37:19:37:35 | referenceSetA output argument [a] |
 | qualifiers.cpp:37:38:37:47 | call to user_input | qualifiers.cpp:13:42:13:46 | value | qualifiers.cpp:13:29:13:33 | *inner [a] | qualifiers.cpp:37:19:37:35 | referenceSetA output argument [a] |
-| qualifiers.cpp:37:38:37:47 | call to user_input | qualifiers.cpp:13:42:13:46 | value | qualifiers.cpp:13:51:13:55 | *inner [post update] [a] | qualifiers.cpp:37:19:37:35 | referenceSetA output argument [a] |
 | simple.cpp:28:10:28:10 | *f [a_] | simple.cpp:18:9:18:9 | *this [a_] | simple.cpp:18:9:18:9 | *a | simple.cpp:28:12:28:12 | call to a |
 | simple.cpp:29:10:29:10 | *f [b_] | simple.cpp:19:9:19:9 | *this [b_] | simple.cpp:19:9:19:9 | *b | simple.cpp:29:12:29:12 | call to b |
-| simple.cpp:39:12:39:21 | call to user_input | simple.cpp:20:19:20:19 | a | simple.cpp:20:24:20:25 | *this [post update] [a_] | simple.cpp:39:5:39:5 | setA output argument [a_] |
-| simple.cpp:40:12:40:21 | call to user_input | simple.cpp:21:19:21:19 | b | simple.cpp:21:24:21:25 | *this [post update] [b_] | simple.cpp:40:5:40:5 | setB output argument [b_] |
-| simple.cpp:41:12:41:21 | call to user_input | simple.cpp:20:19:20:19 | a | simple.cpp:20:24:20:25 | *this [post update] [a_] | simple.cpp:41:5:41:5 | setA output argument [a_] |
-| simple.cpp:42:12:42:21 | call to user_input | simple.cpp:21:19:21:19 | b | simple.cpp:21:24:21:25 | *this [post update] [b_] | simple.cpp:42:5:42:5 | setB output argument [b_] |
+| simple.cpp:39:12:39:21 | call to user_input | simple.cpp:20:19:20:19 | a | simple.cpp:20:10:20:13 | *this [Return] [a_] | simple.cpp:39:5:39:5 | setA output argument [a_] |
+| simple.cpp:40:12:40:21 | call to user_input | simple.cpp:21:19:21:19 | b | simple.cpp:21:10:21:13 | *this [Return] [b_] | simple.cpp:40:5:40:5 | setB output argument [b_] |
+| simple.cpp:41:12:41:21 | call to user_input | simple.cpp:20:19:20:19 | a | simple.cpp:20:10:20:13 | *this [Return] [a_] | simple.cpp:41:5:41:5 | setA output argument [a_] |
+| simple.cpp:42:12:42:21 | call to user_input | simple.cpp:21:19:21:19 | b | simple.cpp:21:10:21:13 | *this [Return] [b_] | simple.cpp:42:5:42:5 | setB output argument [b_] |
 | simple.cpp:84:14:84:20 | *this [f2, f1] | simple.cpp:78:9:78:15 | *this [f2, f1] | simple.cpp:78:9:78:15 | *getf2f1 | simple.cpp:84:14:84:20 | call to getf2f1 |
 | struct_init.c:24:10:24:12 | *& ... [a] | struct_init.c:14:24:14:25 | *ab [a] | struct_init.c:14:24:14:25 | *ab [a] | struct_init.c:24:10:24:12 | absink output argument [a] |
 #select

cpp/ql/test/library-tests/dataflow/fields/path-flow.expected

@@ -1,7 +1,9 @@
 edges
 | A.cpp:23:10:23:10 | c | A.cpp:25:7:25:17 | ... = ... | provenance |  |
+| A.cpp:25:7:25:10 | this [post update] [c] | A.cpp:23:5:23:5 | this [Return] [c] | provenance |  |
 | A.cpp:25:7:25:17 | ... = ... | A.cpp:25:7:25:10 | this [post update] [c] | provenance |  |
 | A.cpp:27:17:27:17 | c | A.cpp:27:22:27:32 | ... = ... | provenance |  |
+| A.cpp:27:22:27:25 | this [post update] [c] | A.cpp:27:10:27:12 | this [Return] [c] | provenance |  |
 | A.cpp:27:22:27:32 | ... = ... | A.cpp:27:22:27:25 | this [post update] [c] | provenance |  |
 | A.cpp:28:8:28:10 | this [c] | A.cpp:28:23:28:26 | this [c] | provenance |  |
 | A.cpp:28:23:28:26 | this [c] | A.cpp:28:29:28:29 | c | provenance |  |
@@ -10,8 +12,9 @@ edges
 | A.cpp:31:20:31:20 | c | A.cpp:23:10:23:10 | c | provenance |  |
 | A.cpp:31:20:31:20 | c | A.cpp:31:14:31:21 | call to B [c] | provenance |  |
 | A.cpp:41:5:41:6 | ref arg ct | A.cpp:43:11:43:12 | ct | provenance |  |
-| A.cpp:41:15:41:21 | new | A.cpp:41:5:41:6 | ref arg ct | provenance |  |
+| A.cpp:41:15:41:21 | new | A.cpp:41:5:41:6 | ref arg ct | provenance | Config |
 | A.cpp:43:11:43:12 | ct | A.cpp:43:10:43:12 | & ... | provenance |  |
+| A.cpp:43:11:43:12 | ct | A.cpp:43:10:43:12 | & ... | provenance | Config |
 | A.cpp:47:12:47:18 | new | A.cpp:48:20:48:20 | c | provenance |  |
 | A.cpp:48:12:48:18 | call to make [c] | A.cpp:49:10:49:10 | b [c] | provenance |  |
 | A.cpp:48:20:48:20 | c | A.cpp:29:23:29:23 | c | provenance |  |
@@ -51,22 +54,27 @@ edges
 | A.cpp:103:14:103:14 | c [a] | A.cpp:120:12:120:13 | c1 [a] | provenance |  |
 | A.cpp:107:12:107:13 | c1 [a] | A.cpp:107:16:107:16 | a | provenance |  |
 | A.cpp:120:12:120:13 | c1 [a] | A.cpp:120:16:120:16 | a | provenance |  |
+| A.cpp:124:14:124:14 | b [Return] [c] | A.cpp:131:8:131:8 | ref arg b [c] | provenance |  |
 | A.cpp:124:14:124:14 | b [c] | A.cpp:131:8:131:8 | ref arg b [c] | provenance |  |
+| A.cpp:126:5:126:5 | ref arg b [c] | A.cpp:124:14:124:14 | b [Return] [c] | provenance |  |
 | A.cpp:126:5:126:5 | ref arg b [c] | A.cpp:124:14:124:14 | b [c] | provenance |  |
-| A.cpp:126:5:126:5 | ref arg b [c] | A.cpp:131:8:131:8 | ref arg b [c] | provenance |  |
 | A.cpp:126:12:126:18 | new | A.cpp:27:17:27:17 | c | provenance |  |
 | A.cpp:126:12:126:18 | new | A.cpp:126:5:126:5 | ref arg b [c] | provenance |  |
 | A.cpp:131:8:131:8 | ref arg b [c] | A.cpp:132:10:132:10 | b [c] | provenance |  |
 | A.cpp:132:10:132:10 | b [c] | A.cpp:132:13:132:13 | c | provenance |  |
+| A.cpp:140:5:140:5 | this [Return] [b, c] | A.cpp:151:12:151:24 | call to D [b, c] | provenance |  |
+| A.cpp:140:5:140:5 | this [Return] [b] | A.cpp:151:12:151:24 | call to D [b] | provenance |  |
 | A.cpp:140:13:140:13 | b | A.cpp:143:7:143:31 | ... = ... | provenance |  |
+| A.cpp:140:13:140:13 | b [Return] [c] | A.cpp:151:18:151:18 | ref arg b [c] | provenance |  |
 | A.cpp:140:13:140:13 | b [c] | A.cpp:151:18:151:18 | ref arg b [c] | provenance |  |
+| A.cpp:142:7:142:7 | b [post update] [c] | A.cpp:140:13:140:13 | b [Return] [c] | provenance |  |
 | A.cpp:142:7:142:7 | b [post update] [c] | A.cpp:140:13:140:13 | b [c] | provenance |  |
 | A.cpp:142:7:142:7 | b [post update] [c] | A.cpp:143:7:143:31 | ... = ... [c] | provenance |  |
-| A.cpp:142:7:142:7 | b [post update] [c] | A.cpp:151:18:151:18 | ref arg b [c] | provenance |  |
 | A.cpp:142:7:142:20 | ... = ... | A.cpp:142:7:142:7 | b [post update] [c] | provenance |  |
 | A.cpp:142:14:142:20 | new | A.cpp:142:7:142:20 | ... = ... | provenance |  |
-| A.cpp:143:7:143:10 | this [post update] [b, c] | A.cpp:151:12:151:24 | call to D [b, c] | provenance |  |
-| A.cpp:143:7:143:10 | this [post update] [b] | A.cpp:151:12:151:24 | call to D [b] | provenance |  |
+| A.cpp:143:7:143:10 | this [post update] [b, c] | A.cpp:140:5:140:5 | this [Return] [b, c] | provenance |  |
+| A.cpp:143:7:143:10 | this [post update] [b] | A.cpp:140:5:140:5 | this [Return] [b] | provenance |  |
+| A.cpp:143:7:143:10 | this [post update] [b] | A.cpp:140:5:140:5 | this [Return] [b] | provenance |  |
 | A.cpp:143:7:143:31 | ... = ... | A.cpp:143:7:143:10 | this [post update] [b] | provenance |  |
 | A.cpp:143:7:143:31 | ... = ... | A.cpp:143:7:143:10 | this [post update] [b] | provenance |  |
 | A.cpp:143:7:143:31 | ... = ... [c] | A.cpp:143:7:143:10 | this [post update] [b, c] | provenance |  |
@@ -118,7 +126,10 @@ edges
 | A.cpp:181:15:181:21 | newHead | A.cpp:183:7:183:20 | ... = ... | provenance |  |
 | A.cpp:181:32:181:35 | next [head] | A.cpp:184:7:184:23 | ... = ... [head] | provenance |  |
 | A.cpp:181:32:181:35 | next [next, head] | A.cpp:184:7:184:23 | ... = ... [next, head] | provenance |  |
+| A.cpp:183:7:183:10 | this [post update] [head] | A.cpp:181:5:181:10 | this [Return] [head] | provenance |  |
 | A.cpp:183:7:183:20 | ... = ... | A.cpp:183:7:183:10 | this [post update] [head] | provenance |  |
+| A.cpp:184:7:184:10 | this [post update] [next, head] | A.cpp:181:5:181:10 | this [Return] [next, head] | provenance |  |
+| A.cpp:184:7:184:10 | this [post update] [next, next, head] | A.cpp:181:5:181:10 | this [Return] [next, next, head] | provenance |  |
 | A.cpp:184:7:184:23 | ... = ... [head] | A.cpp:184:7:184:10 | this [post update] [next, head] | provenance |  |
 | A.cpp:184:7:184:23 | ... = ... [next, head] | A.cpp:184:7:184:10 | this [post update] [next, next, head] | provenance |  |
 | B.cpp:6:15:6:24 | new | B.cpp:7:25:7:25 | e | provenance |  |
@@ -141,19 +152,25 @@ edges
 | B.cpp:19:14:19:17 | box1 [elem2] | B.cpp:19:20:19:24 | elem2 | provenance |  |
 | B.cpp:33:16:33:17 | e1 | B.cpp:35:7:35:22 | ... = ... | provenance |  |
 | B.cpp:33:26:33:27 | e2 | B.cpp:36:7:36:22 | ... = ... | provenance |  |
+| B.cpp:35:7:35:10 | this [post update] [elem1] | B.cpp:33:5:33:8 | this [Return] [elem1] | provenance |  |
 | B.cpp:35:7:35:22 | ... = ... | B.cpp:35:7:35:10 | this [post update] [elem1] | provenance |  |
+| B.cpp:36:7:36:10 | this [post update] [elem2] | B.cpp:33:5:33:8 | this [Return] [elem2] | provenance |  |
 | B.cpp:36:7:36:22 | ... = ... | B.cpp:36:7:36:10 | this [post update] [elem2] | provenance |  |
 | B.cpp:44:16:44:17 | b1 [elem1] | B.cpp:46:7:46:21 | ... = ... [elem1] | provenance |  |
 | B.cpp:44:16:44:17 | b1 [elem2] | B.cpp:46:7:46:21 | ... = ... [elem2] | provenance |  |
+| B.cpp:46:7:46:10 | this [post update] [box1, elem1] | B.cpp:44:5:44:8 | this [Return] [box1, elem1] | provenance |  |
+| B.cpp:46:7:46:10 | this [post update] [box1, elem2] | B.cpp:44:5:44:8 | this [Return] [box1, elem2] | provenance |  |
 | B.cpp:46:7:46:21 | ... = ... [elem1] | B.cpp:46:7:46:10 | this [post update] [box1, elem1] | provenance |  |
 | B.cpp:46:7:46:21 | ... = ... [elem2] | B.cpp:46:7:46:10 | this [post update] [box1, elem2] | provenance |  |
 | C.cpp:18:12:18:18 | call to C [s1] | C.cpp:19:5:19:5 | c [s1] | provenance |  |
 | C.cpp:18:12:18:18 | call to C [s3] | C.cpp:19:5:19:5 | c [s3] | provenance |  |
 | C.cpp:19:5:19:5 | c [s1] | C.cpp:27:8:27:11 | this [s1] | provenance |  |
 | C.cpp:19:5:19:5 | c [s3] | C.cpp:27:8:27:11 | this [s3] | provenance |  |
-| C.cpp:22:9:22:22 | constructor init of field s1 [post-this] [s1] | C.cpp:18:12:18:18 | call to C [s1] | provenance |  |
+| C.cpp:22:3:22:3 | this [Return] [s1] | C.cpp:18:12:18:18 | call to C [s1] | provenance |  |
+| C.cpp:22:3:22:3 | this [Return] [s3] | C.cpp:18:12:18:18 | call to C [s3] | provenance |  |
+| C.cpp:22:9:22:22 | constructor init of field s1 [post-this] [s1] | C.cpp:22:3:22:3 | this [Return] [s1] | provenance |  |
 | C.cpp:22:12:22:21 | new | C.cpp:22:9:22:22 | constructor init of field s1 [post-this] [s1] | provenance |  |
-| C.cpp:24:5:24:8 | this [post update] [s3] | C.cpp:18:12:18:18 | call to C [s3] | provenance |  |
+| C.cpp:24:5:24:8 | this [post update] [s3] | C.cpp:22:3:22:3 | this [Return] [s3] | provenance |  |
 | C.cpp:24:5:24:25 | ... = ... | C.cpp:24:5:24:8 | this [post update] [s3] | provenance |  |
 | C.cpp:24:16:24:25 | new | C.cpp:24:5:24:25 | ... = ... | provenance |  |
 | C.cpp:27:8:27:11 | this [s1] | C.cpp:29:10:29:11 | this [s1] | provenance |  |
@@ -163,6 +180,7 @@ edges
 | D.cpp:10:11:10:17 | this [elem] | D.cpp:10:30:10:33 | this [elem] | provenance |  |
 | D.cpp:10:30:10:33 | this [elem] | D.cpp:10:30:10:33 | elem | provenance |  |
 | D.cpp:11:24:11:24 | e | D.cpp:11:29:11:36 | ... = ... | provenance |  |
+| D.cpp:11:29:11:32 | this [post update] [elem] | D.cpp:11:10:11:16 | this [Return] [elem] | provenance |  |
 | D.cpp:11:29:11:36 | ... = ... | D.cpp:11:29:11:32 | this [post update] [elem] | provenance |  |
 | D.cpp:17:11:17:17 | this [box, elem] | D.cpp:17:30:17:32 | this [box, elem] | provenance |  |
 | D.cpp:17:30:17:32 | this [box, elem] | D.cpp:17:30:17:32 | box [elem] | provenance |  |
@@ -215,14 +233,16 @@ edges
 | E.cpp:32:10:32:10 | b [buffer] | E.cpp:32:13:32:18 | buffer | provenance |  |
 | E.cpp:33:18:33:19 | & ... [data, buffer] | E.cpp:19:27:19:27 | p [data, buffer] | provenance |  |
 | E.cpp:33:19:33:19 | p [data, buffer] | E.cpp:33:18:33:19 | & ... [data, buffer] | provenance |  |
+| aliasing.cpp:8:23:8:23 | s [Return] [m1] | aliasing.cpp:25:17:25:19 | ref arg & ... [m1] | provenance |  |
 | aliasing.cpp:8:23:8:23 | s [m1] | aliasing.cpp:25:17:25:19 | ref arg & ... [m1] | provenance |  |
+| aliasing.cpp:9:3:9:3 | s [post update] [m1] | aliasing.cpp:8:23:8:23 | s [Return] [m1] | provenance |  |
 | aliasing.cpp:9:3:9:3 | s [post update] [m1] | aliasing.cpp:8:23:8:23 | s [m1] | provenance |  |
-| aliasing.cpp:9:3:9:3 | s [post update] [m1] | aliasing.cpp:25:17:25:19 | ref arg & ... [m1] | provenance |  |
 | aliasing.cpp:9:3:9:22 | ... = ... | aliasing.cpp:9:3:9:3 | s [post update] [m1] | provenance |  |
 | aliasing.cpp:9:11:9:20 | call to user_input | aliasing.cpp:9:3:9:22 | ... = ... | provenance |  |
+| aliasing.cpp:12:25:12:25 | s [Return] [m1] | aliasing.cpp:26:19:26:20 | ref arg s2 [m1] | provenance |  |
 | aliasing.cpp:12:25:12:25 | s [m1] | aliasing.cpp:26:19:26:20 | ref arg s2 [m1] | provenance |  |
+| aliasing.cpp:13:3:13:3 | s [post update] [m1] | aliasing.cpp:12:25:12:25 | s [Return] [m1] | provenance |  |
 | aliasing.cpp:13:3:13:3 | s [post update] [m1] | aliasing.cpp:12:25:12:25 | s [m1] | provenance |  |
-| aliasing.cpp:13:3:13:3 | s [post update] [m1] | aliasing.cpp:26:19:26:20 | ref arg s2 [m1] | provenance |  |
 | aliasing.cpp:13:3:13:21 | ... = ... | aliasing.cpp:13:3:13:3 | s [post update] [m1] | provenance |  |
 | aliasing.cpp:13:10:13:19 | call to user_input | aliasing.cpp:13:3:13:21 | ... = ... | provenance |  |
 | aliasing.cpp:25:17:25:19 | ref arg & ... [m1] | aliasing.cpp:29:8:29:9 | s1 [m1] | provenance |  |
@@ -244,13 +264,13 @@ edges
 | aliasing.cpp:105:23:105:24 | pa | aliasing.cpp:175:15:175:22 | ref arg & ... | provenance |  |
 | aliasing.cpp:105:23:105:24 | pa | aliasing.cpp:187:15:187:22 | ref arg & ... | provenance |  |
 | aliasing.cpp:105:23:105:24 | pa | aliasing.cpp:200:15:200:24 | ref arg & ... | provenance |  |
-| aliasing.cpp:106:4:106:5 | pa [inner post update] | aliasing.cpp:158:17:158:20 | ref arg data | provenance |  |
-| aliasing.cpp:106:4:106:5 | pa [inner post update] | aliasing.cpp:164:17:164:20 | ref arg data | provenance |  |
-| aliasing.cpp:106:4:106:5 | pa [inner post update] | aliasing.cpp:175:15:175:22 | ref arg & ... | provenance |  |
-| aliasing.cpp:106:4:106:5 | pa [inner post update] | aliasing.cpp:187:15:187:22 | ref arg & ... | provenance |  |
-| aliasing.cpp:106:4:106:5 | pa [inner post update] | aliasing.cpp:200:15:200:24 | ref arg & ... | provenance |  |
+| aliasing.cpp:105:23:105:24 | pa [Return] | aliasing.cpp:158:17:158:20 | ref arg data | provenance |  |
+| aliasing.cpp:105:23:105:24 | pa [Return] | aliasing.cpp:164:17:164:20 | ref arg data | provenance |  |
+| aliasing.cpp:105:23:105:24 | pa [Return] | aliasing.cpp:175:15:175:22 | ref arg & ... | provenance |  |
+| aliasing.cpp:105:23:105:24 | pa [Return] | aliasing.cpp:187:15:187:22 | ref arg & ... | provenance |  |
+| aliasing.cpp:105:23:105:24 | pa [Return] | aliasing.cpp:200:15:200:24 | ref arg & ... | provenance |  |
 | aliasing.cpp:106:9:106:18 | call to user_input | aliasing.cpp:105:23:105:24 | pa | provenance |  |
-| aliasing.cpp:106:9:106:18 | call to user_input | aliasing.cpp:106:4:106:5 | pa [inner post update] | provenance |  |
+| aliasing.cpp:106:9:106:18 | call to user_input | aliasing.cpp:105:23:105:24 | pa [Return] | provenance |  |
 | aliasing.cpp:158:15:158:15 | s [post update] [data] | aliasing.cpp:159:9:159:9 | s [data] | provenance |  |
 | aliasing.cpp:158:17:158:20 | ref arg data | aliasing.cpp:158:15:158:15 | s [post update] [data] | provenance |  |
 | aliasing.cpp:159:9:159:9 | s [data] | aliasing.cpp:159:11:159:14 | data | provenance |  |
@@ -330,14 +350,18 @@ edges
 | arrays.cpp:44:10:44:17 | indirect [arr, data] | arrays.cpp:44:20:44:22 | arr [data] | provenance |  |
 | arrays.cpp:44:20:44:22 | arr [data] | arrays.cpp:44:8:44:25 | access to array [data] | provenance |  |
 | by_reference.cpp:11:48:11:52 | value | by_reference.cpp:12:5:12:16 | ... = ... | provenance |  |
+| by_reference.cpp:12:5:12:5 | s [post update] [a] | by_reference.cpp:11:39:11:39 | s [Return] [a] | provenance |  |
 | by_reference.cpp:12:5:12:5 | s [post update] [a] | by_reference.cpp:11:39:11:39 | s [a] | provenance |  |
 | by_reference.cpp:12:5:12:16 | ... = ... | by_reference.cpp:12:5:12:5 | s [post update] [a] | provenance |  |
 | by_reference.cpp:15:26:15:30 | value | by_reference.cpp:16:5:16:19 | ... = ... | provenance |  |
+| by_reference.cpp:16:5:16:8 | this [post update] [a] | by_reference.cpp:15:8:15:18 | this [Return] [a] | provenance |  |
 | by_reference.cpp:16:5:16:19 | ... = ... | by_reference.cpp:16:5:16:8 | this [post update] [a] | provenance |  |
 | by_reference.cpp:19:28:19:32 | value | by_reference.cpp:20:23:20:27 | value | provenance |  |
+| by_reference.cpp:20:5:20:8 | ref arg this [a] | by_reference.cpp:19:8:19:20 | this [Return] [a] | provenance |  |
 | by_reference.cpp:20:23:20:27 | value | by_reference.cpp:15:26:15:30 | value | provenance |  |
 | by_reference.cpp:20:23:20:27 | value | by_reference.cpp:20:5:20:8 | ref arg this [a] | provenance |  |
 | by_reference.cpp:23:34:23:38 | value | by_reference.cpp:24:25:24:29 | value | provenance |  |
+| by_reference.cpp:24:19:24:22 | ref arg this [a] | by_reference.cpp:23:8:23:26 | this [Return] [a] | provenance |  |
 | by_reference.cpp:24:25:24:29 | value | by_reference.cpp:11:48:11:52 | value | provenance |  |
 | by_reference.cpp:24:25:24:29 | value | by_reference.cpp:24:19:24:22 | ref arg this [a] | provenance |  |
 | by_reference.cpp:31:46:31:46 | s [a] | by_reference.cpp:32:12:32:12 | s [a] | provenance |  |
@@ -371,34 +395,36 @@ edges
 | by_reference.cpp:69:22:69:23 | & ... [a] | by_reference.cpp:31:46:31:46 | s [a] | provenance |  |
 | by_reference.cpp:69:22:69:23 | & ... [a] | by_reference.cpp:69:8:69:20 | call to nonMemberGetA | provenance |  |
 | by_reference.cpp:69:23:69:23 | s [a] | by_reference.cpp:69:22:69:23 | & ... [a] | provenance |  |
+| by_reference.cpp:83:31:83:35 | inner [Return] [a] | by_reference.cpp:102:21:102:39 | ref arg & ... [a] | provenance |  |
+| by_reference.cpp:83:31:83:35 | inner [Return] [a] | by_reference.cpp:103:27:103:35 | ref arg inner_ptr [a] | provenance |  |
+| by_reference.cpp:83:31:83:35 | inner [Return] [a] | by_reference.cpp:106:21:106:41 | ref arg & ... [a] | provenance |  |
+| by_reference.cpp:83:31:83:35 | inner [Return] [a] | by_reference.cpp:107:29:107:37 | ref arg inner_ptr [a] | provenance |  |
 | by_reference.cpp:83:31:83:35 | inner [a] | by_reference.cpp:102:21:102:39 | ref arg & ... [a] | provenance |  |
 | by_reference.cpp:83:31:83:35 | inner [a] | by_reference.cpp:103:27:103:35 | ref arg inner_ptr [a] | provenance |  |
 | by_reference.cpp:83:31:83:35 | inner [a] | by_reference.cpp:106:21:106:41 | ref arg & ... [a] | provenance |  |
 | by_reference.cpp:83:31:83:35 | inner [a] | by_reference.cpp:107:29:107:37 | ref arg inner_ptr [a] | provenance |  |
+| by_reference.cpp:84:3:84:7 | inner [post update] [a] | by_reference.cpp:83:31:83:35 | inner [Return] [a] | provenance |  |
 | by_reference.cpp:84:3:84:7 | inner [post update] [a] | by_reference.cpp:83:31:83:35 | inner [a] | provenance |  |
-| by_reference.cpp:84:3:84:7 | inner [post update] [a] | by_reference.cpp:102:21:102:39 | ref arg & ... [a] | provenance |  |
-| by_reference.cpp:84:3:84:7 | inner [post update] [a] | by_reference.cpp:103:27:103:35 | ref arg inner_ptr [a] | provenance |  |
-| by_reference.cpp:84:3:84:7 | inner [post update] [a] | by_reference.cpp:106:21:106:41 | ref arg & ... [a] | provenance |  |
-| by_reference.cpp:84:3:84:7 | inner [post update] [a] | by_reference.cpp:107:29:107:37 | ref arg inner_ptr [a] | provenance |  |
 | by_reference.cpp:84:3:84:25 | ... = ... | by_reference.cpp:84:3:84:7 | inner [post update] [a] | provenance |  |
 | by_reference.cpp:84:14:84:23 | call to user_input | by_reference.cpp:84:3:84:25 | ... = ... | provenance |  |
+| by_reference.cpp:87:31:87:35 | inner [Return] [a] | by_reference.cpp:122:27:122:38 | ref arg inner_nested [a] | provenance |  |
+| by_reference.cpp:87:31:87:35 | inner [Return] [a] | by_reference.cpp:123:21:123:36 | ref arg * ... [a] | provenance |  |
+| by_reference.cpp:87:31:87:35 | inner [Return] [a] | by_reference.cpp:126:29:126:40 | ref arg inner_nested [a] | provenance |  |
+| by_reference.cpp:87:31:87:35 | inner [Return] [a] | by_reference.cpp:127:21:127:38 | ref arg * ... [a] | provenance |  |
 | by_reference.cpp:87:31:87:35 | inner [a] | by_reference.cpp:122:27:122:38 | ref arg inner_nested [a] | provenance |  |
 | by_reference.cpp:87:31:87:35 | inner [a] | by_reference.cpp:123:21:123:36 | ref arg * ... [a] | provenance |  |
 | by_reference.cpp:87:31:87:35 | inner [a] | by_reference.cpp:126:29:126:40 | ref arg inner_nested [a] | provenance |  |
 | by_reference.cpp:87:31:87:35 | inner [a] | by_reference.cpp:127:21:127:38 | ref arg * ... [a] | provenance |  |
+| by_reference.cpp:88:3:88:7 | inner [post update] [a] | by_reference.cpp:87:31:87:35 | inner [Return] [a] | provenance |  |
 | by_reference.cpp:88:3:88:7 | inner [post update] [a] | by_reference.cpp:87:31:87:35 | inner [a] | provenance |  |
-| by_reference.cpp:88:3:88:7 | inner [post update] [a] | by_reference.cpp:122:27:122:38 | ref arg inner_nested [a] | provenance |  |
-| by_reference.cpp:88:3:88:7 | inner [post update] [a] | by_reference.cpp:123:21:123:36 | ref arg * ... [a] | provenance |  |
-| by_reference.cpp:88:3:88:7 | inner [post update] [a] | by_reference.cpp:126:29:126:40 | ref arg inner_nested [a] | provenance |  |
-| by_reference.cpp:88:3:88:7 | inner [post update] [a] | by_reference.cpp:127:21:127:38 | ref arg * ... [a] | provenance |  |
 | by_reference.cpp:88:3:88:24 | ... = ... | by_reference.cpp:88:3:88:7 | inner [post update] [a] | provenance |  |
 | by_reference.cpp:88:13:88:22 | call to user_input | by_reference.cpp:88:3:88:24 | ... = ... | provenance |  |
 | by_reference.cpp:91:25:91:26 | pa | by_reference.cpp:104:15:104:22 | ref arg & ... | provenance |  |
 | by_reference.cpp:91:25:91:26 | pa | by_reference.cpp:108:15:108:24 | ref arg & ... | provenance |  |
-| by_reference.cpp:92:4:92:5 | pa [inner post update] | by_reference.cpp:104:15:104:22 | ref arg & ... | provenance |  |
-| by_reference.cpp:92:4:92:5 | pa [inner post update] | by_reference.cpp:108:15:108:24 | ref arg & ... | provenance |  |
+| by_reference.cpp:91:25:91:26 | pa [Return] | by_reference.cpp:104:15:104:22 | ref arg & ... | provenance |  |
+| by_reference.cpp:91:25:91:26 | pa [Return] | by_reference.cpp:108:15:108:24 | ref arg & ... | provenance |  |
 | by_reference.cpp:92:9:92:18 | call to user_input | by_reference.cpp:91:25:91:26 | pa | provenance |  |
-| by_reference.cpp:92:9:92:18 | call to user_input | by_reference.cpp:92:4:92:5 | pa [inner post update] | provenance |  |
+| by_reference.cpp:92:9:92:18 | call to user_input | by_reference.cpp:91:25:91:26 | pa [Return] | provenance |  |
 | by_reference.cpp:95:25:95:26 | pa | by_reference.cpp:124:21:124:21 | ref arg a | provenance |  |
 | by_reference.cpp:95:25:95:26 | pa | by_reference.cpp:128:23:128:23 | ref arg a | provenance |  |
 | by_reference.cpp:96:8:96:17 | call to user_input | by_reference.cpp:95:25:95:26 | pa | provenance |  |
@@ -493,8 +519,10 @@ edges
 | complex.cpp:10:7:10:7 | this [b_] | complex.cpp:10:20:10:21 | this [b_] | provenance |  |
 | complex.cpp:10:20:10:21 | this [b_] | complex.cpp:10:20:10:21 | b_ | provenance |  |
 | complex.cpp:11:17:11:17 | a | complex.cpp:11:22:11:27 | ... = ... | provenance |  |
+| complex.cpp:11:22:11:23 | this [post update] [a_] | complex.cpp:11:8:11:11 | this [Return] [a_] | provenance |  |
 | complex.cpp:11:22:11:27 | ... = ... | complex.cpp:11:22:11:23 | this [post update] [a_] | provenance |  |
 | complex.cpp:12:17:12:17 | b | complex.cpp:12:22:12:27 | ... = ... | provenance |  |
+| complex.cpp:12:22:12:23 | this [post update] [b_] | complex.cpp:12:8:12:11 | this [Return] [b_] | provenance |  |
 | complex.cpp:12:22:12:27 | ... = ... | complex.cpp:12:22:12:23 | this [post update] [b_] | provenance |  |
 | complex.cpp:40:17:40:17 | b [inner, f, a_] | complex.cpp:42:8:42:8 | b [inner, f, a_] | provenance |  |
 | complex.cpp:40:17:40:17 | b [inner, f, b_] | complex.cpp:43:8:43:8 | b [inner, f, b_] | provenance |  |
@@ -557,7 +585,9 @@ edges
 | constructors.cpp:19:22:19:23 | this [b_] | constructors.cpp:19:22:19:23 | b_ | provenance |  |
 | constructors.cpp:23:13:23:13 | a | constructors.cpp:23:28:23:28 | a | provenance |  |
 | constructors.cpp:23:20:23:20 | b | constructors.cpp:23:35:23:35 | b | provenance |  |
+| constructors.cpp:23:25:23:29 | constructor init of field a_ [post-this] [a_] | constructors.cpp:23:5:23:7 | this [Return] [a_] | provenance |  |
 | constructors.cpp:23:28:23:28 | a | constructors.cpp:23:25:23:29 | constructor init of field a_ [post-this] [a_] | provenance |  |
+| constructors.cpp:23:32:23:36 | constructor init of field b_ [post-this] [b_] | constructors.cpp:23:5:23:7 | this [Return] [b_] | provenance |  |
 | constructors.cpp:23:35:23:35 | b | constructors.cpp:23:32:23:36 | constructor init of field b_ [post-this] [b_] | provenance |  |
 | constructors.cpp:26:15:26:15 | f [a_] | constructors.cpp:28:10:28:10 | f [a_] | provenance |  |
 | constructors.cpp:26:15:26:15 | f [b_] | constructors.cpp:29:10:29:10 | f [b_] | provenance |  |
@@ -582,11 +612,14 @@ edges
 | constructors.cpp:46:9:46:9 | h [a_] | constructors.cpp:26:15:26:15 | f [a_] | provenance |  |
 | constructors.cpp:46:9:46:9 | h [b_] | constructors.cpp:26:15:26:15 | f [b_] | provenance |  |
 | qualifiers.cpp:9:21:9:25 | value | qualifiers.cpp:9:30:9:44 | ... = ... | provenance |  |
+| qualifiers.cpp:9:30:9:33 | this [post update] [a] | qualifiers.cpp:9:10:9:13 | this [Return] [a] | provenance |  |
 | qualifiers.cpp:9:30:9:44 | ... = ... | qualifiers.cpp:9:30:9:33 | this [post update] [a] | provenance |  |
 | qualifiers.cpp:12:40:12:44 | value | qualifiers.cpp:12:49:12:64 | ... = ... | provenance |  |
+| qualifiers.cpp:12:49:12:53 | inner [post update] [a] | qualifiers.cpp:12:27:12:31 | inner [Return] [a] | provenance |  |
 | qualifiers.cpp:12:49:12:53 | inner [post update] [a] | qualifiers.cpp:12:27:12:31 | inner [a] | provenance |  |
 | qualifiers.cpp:12:49:12:64 | ... = ... | qualifiers.cpp:12:49:12:53 | inner [post update] [a] | provenance |  |
 | qualifiers.cpp:13:42:13:46 | value | qualifiers.cpp:13:51:13:65 | ... = ... | provenance |  |
+| qualifiers.cpp:13:51:13:55 | inner [post update] [a] | qualifiers.cpp:13:29:13:33 | inner [Return] [a] | provenance |  |
 | qualifiers.cpp:13:51:13:55 | inner [post update] [a] | qualifiers.cpp:13:29:13:33 | inner [a] | provenance |  |
 | qualifiers.cpp:13:51:13:65 | ... = ... | qualifiers.cpp:13:51:13:55 | inner [post update] [a] | provenance |  |
 | qualifiers.cpp:22:5:22:9 | ref arg outer [inner, a] | qualifiers.cpp:23:10:23:14 | outer [inner, a] | provenance |  |
@@ -654,8 +687,10 @@ edges
 | simple.cpp:19:9:19:9 | this [b_] | simple.cpp:19:22:19:23 | this [b_] | provenance |  |
 | simple.cpp:19:22:19:23 | this [b_] | simple.cpp:19:22:19:23 | b_ | provenance |  |
 | simple.cpp:20:19:20:19 | a | simple.cpp:20:24:20:29 | ... = ... | provenance |  |
+| simple.cpp:20:24:20:25 | this [post update] [a_] | simple.cpp:20:10:20:13 | this [Return] [a_] | provenance |  |
 | simple.cpp:20:24:20:29 | ... = ... | simple.cpp:20:24:20:25 | this [post update] [a_] | provenance |  |
 | simple.cpp:21:19:21:19 | b | simple.cpp:21:24:21:29 | ... = ... | provenance |  |
+| simple.cpp:21:24:21:25 | this [post update] [b_] | simple.cpp:21:10:21:13 | this [Return] [b_] | provenance |  |
 | simple.cpp:21:24:21:29 | ... = ... | simple.cpp:21:24:21:25 | this [post update] [b_] | provenance |  |
 | simple.cpp:26:15:26:15 | f [a_] | simple.cpp:28:10:28:10 | f [a_] | provenance |  |
 | simple.cpp:26:15:26:15 | f [b_] | simple.cpp:29:10:29:10 | f [b_] | provenance |  |
@@ -747,9 +782,11 @@ edges
 | struct_init.c:46:10:46:14 | outer [pointerAB, a] | struct_init.c:46:16:46:24 | pointerAB [a] | provenance |  |
 | struct_init.c:46:16:46:24 | pointerAB [a] | struct_init.c:14:24:14:25 | ab [a] | provenance |  |
 nodes
+| A.cpp:23:5:23:5 | this [Return] [c] | semmle.label | this [Return] [c] |
 | A.cpp:23:10:23:10 | c | semmle.label | c |
 | A.cpp:25:7:25:10 | this [post update] [c] | semmle.label | this [post update] [c] |
 | A.cpp:25:7:25:17 | ... = ... | semmle.label | ... = ... |
+| A.cpp:27:10:27:12 | this [Return] [c] | semmle.label | this [Return] [c] |
 | A.cpp:27:17:27:17 | c | semmle.label | c |
 | A.cpp:27:22:27:25 | this [post update] [c] | semmle.label | this [post update] [c] |
 | A.cpp:27:22:27:32 | ... = ... | semmle.label | ... = ... |
@@ -802,13 +839,18 @@ nodes
 | A.cpp:107:16:107:16 | a | semmle.label | a |
 | A.cpp:120:12:120:13 | c1 [a] | semmle.label | c1 [a] |
 | A.cpp:120:16:120:16 | a | semmle.label | a |
+| A.cpp:124:14:124:14 | b [Return] [c] | semmle.label | b [Return] [c] |
 | A.cpp:124:14:124:14 | b [c] | semmle.label | b [c] |
 | A.cpp:126:5:126:5 | ref arg b [c] | semmle.label | ref arg b [c] |
 | A.cpp:126:12:126:18 | new | semmle.label | new |
 | A.cpp:131:8:131:8 | ref arg b [c] | semmle.label | ref arg b [c] |
 | A.cpp:132:10:132:10 | b [c] | semmle.label | b [c] |
 | A.cpp:132:13:132:13 | c | semmle.label | c |
+| A.cpp:140:5:140:5 | this [Return] [b, c] | semmle.label | this [Return] [b, c] |
+| A.cpp:140:5:140:5 | this [Return] [b] | semmle.label | this [Return] [b] |
+| A.cpp:140:5:140:5 | this [Return] [b] | semmle.label | this [Return] [b] |
 | A.cpp:140:13:140:13 | b | semmle.label | b |
+| A.cpp:140:13:140:13 | b [Return] [c] | semmle.label | b [Return] [c] |
 | A.cpp:140:13:140:13 | b [c] | semmle.label | b [c] |
 | A.cpp:142:7:142:7 | b [post update] [c] | semmle.label | b [post update] [c] |
 | A.cpp:142:7:142:20 | ... = ... | semmle.label | ... = ... |
@@ -862,6 +904,9 @@ nodes
 | A.cpp:173:26:173:26 | o | semmle.label | o |
 | A.cpp:173:26:173:26 | o [c] | semmle.label | o [c] |
 | A.cpp:173:26:173:26 | o [c] | semmle.label | o [c] |
+| A.cpp:181:5:181:10 | this [Return] [head] | semmle.label | this [Return] [head] |
+| A.cpp:181:5:181:10 | this [Return] [next, head] | semmle.label | this [Return] [next, head] |
+| A.cpp:181:5:181:10 | this [Return] [next, next, head] | semmle.label | this [Return] [next, next, head] |
 | A.cpp:181:15:181:21 | newHead | semmle.label | newHead |
 | A.cpp:181:32:181:35 | next [head] | semmle.label | next [head] |
 | A.cpp:181:32:181:35 | next [next, head] | semmle.label | next [next, head] |
@@ -887,12 +932,16 @@ nodes
 | B.cpp:19:10:19:11 | b2 [box1, elem2] | semmle.label | b2 [box1, elem2] |
 | B.cpp:19:14:19:17 | box1 [elem2] | semmle.label | box1 [elem2] |
 | B.cpp:19:20:19:24 | elem2 | semmle.label | elem2 |
+| B.cpp:33:5:33:8 | this [Return] [elem1] | semmle.label | this [Return] [elem1] |
+| B.cpp:33:5:33:8 | this [Return] [elem2] | semmle.label | this [Return] [elem2] |
 | B.cpp:33:16:33:17 | e1 | semmle.label | e1 |
 | B.cpp:33:26:33:27 | e2 | semmle.label | e2 |
 | B.cpp:35:7:35:10 | this [post update] [elem1] | semmle.label | this [post update] [elem1] |
 | B.cpp:35:7:35:22 | ... = ... | semmle.label | ... = ... |
 | B.cpp:36:7:36:10 | this [post update] [elem2] | semmle.label | this [post update] [elem2] |
 | B.cpp:36:7:36:22 | ... = ... | semmle.label | ... = ... |
+| B.cpp:44:5:44:8 | this [Return] [box1, elem1] | semmle.label | this [Return] [box1, elem1] |
+| B.cpp:44:5:44:8 | this [Return] [box1, elem2] | semmle.label | this [Return] [box1, elem2] |
 | B.cpp:44:16:44:17 | b1 [elem1] | semmle.label | b1 [elem1] |
 | B.cpp:44:16:44:17 | b1 [elem2] | semmle.label | b1 [elem2] |
 | B.cpp:46:7:46:10 | this [post update] [box1, elem1] | semmle.label | this [post update] [box1, elem1] |
@@ -903,6 +952,8 @@ nodes
 | C.cpp:18:12:18:18 | call to C [s3] | semmle.label | call to C [s3] |
 | C.cpp:19:5:19:5 | c [s1] | semmle.label | c [s1] |
 | C.cpp:19:5:19:5 | c [s3] | semmle.label | c [s3] |
+| C.cpp:22:3:22:3 | this [Return] [s1] | semmle.label | this [Return] [s1] |
+| C.cpp:22:3:22:3 | this [Return] [s3] | semmle.label | this [Return] [s3] |
 | C.cpp:22:9:22:22 | constructor init of field s1 [post-this] [s1] | semmle.label | constructor init of field s1 [post-this] [s1] |
 | C.cpp:22:12:22:21 | new | semmle.label | new |
 | C.cpp:24:5:24:8 | this [post update] [s3] | semmle.label | this [post update] [s3] |
@@ -917,6 +968,7 @@ nodes
 | D.cpp:10:11:10:17 | this [elem] | semmle.label | this [elem] |
 | D.cpp:10:30:10:33 | elem | semmle.label | elem |
 | D.cpp:10:30:10:33 | this [elem] | semmle.label | this [elem] |
+| D.cpp:11:10:11:16 | this [Return] [elem] | semmle.label | this [Return] [elem] |
 | D.cpp:11:24:11:24 | e | semmle.label | e |
 | D.cpp:11:29:11:32 | this [post update] [elem] | semmle.label | this [post update] [elem] |
 | D.cpp:11:29:11:36 | ... = ... | semmle.label | ... = ... |
@@ -973,10 +1025,12 @@ nodes
 | E.cpp:32:13:32:18 | buffer | semmle.label | buffer |
 | E.cpp:33:18:33:19 | & ... [data, buffer] | semmle.label | & ... [data, buffer] |
 | E.cpp:33:19:33:19 | p [data, buffer] | semmle.label | p [data, buffer] |
+| aliasing.cpp:8:23:8:23 | s [Return] [m1] | semmle.label | s [Return] [m1] |
 | aliasing.cpp:8:23:8:23 | s [m1] | semmle.label | s [m1] |
 | aliasing.cpp:9:3:9:3 | s [post update] [m1] | semmle.label | s [post update] [m1] |
 | aliasing.cpp:9:3:9:22 | ... = ... | semmle.label | ... = ... |
 | aliasing.cpp:9:11:9:20 | call to user_input | semmle.label | call to user_input |
+| aliasing.cpp:12:25:12:25 | s [Return] [m1] | semmle.label | s [Return] [m1] |
 | aliasing.cpp:12:25:12:25 | s [m1] | semmle.label | s [m1] |
 | aliasing.cpp:13:3:13:3 | s [post update] [m1] | semmle.label | s [post update] [m1] |
 | aliasing.cpp:13:3:13:21 | ... = ... | semmle.label | ... = ... |
@@ -1000,7 +1054,7 @@ nodes
 | aliasing.cpp:93:10:93:10 | s [m1] | semmle.label | s [m1] |
 | aliasing.cpp:93:12:93:13 | m1 | semmle.label | m1 |
 | aliasing.cpp:105:23:105:24 | pa | semmle.label | pa |
-| aliasing.cpp:106:4:106:5 | pa [inner post update] | semmle.label | pa [inner post update] |
+| aliasing.cpp:105:23:105:24 | pa [Return] | semmle.label | pa [Return] |
 | aliasing.cpp:106:9:106:18 | call to user_input | semmle.label | call to user_input |
 | aliasing.cpp:158:15:158:15 | s [post update] [data] | semmle.label | s [post update] [data] |
 | aliasing.cpp:158:17:158:20 | ref arg data | semmle.label | ref arg data |
@@ -1085,16 +1139,20 @@ nodes
 | arrays.cpp:44:10:44:17 | indirect [arr, data] | semmle.label | indirect [arr, data] |
 | arrays.cpp:44:20:44:22 | arr [data] | semmle.label | arr [data] |
 | arrays.cpp:44:27:44:30 | data | semmle.label | data |
+| by_reference.cpp:11:39:11:39 | s [Return] [a] | semmle.label | s [Return] [a] |
 | by_reference.cpp:11:39:11:39 | s [a] | semmle.label | s [a] |
 | by_reference.cpp:11:48:11:52 | value | semmle.label | value |
 | by_reference.cpp:12:5:12:5 | s [post update] [a] | semmle.label | s [post update] [a] |
 | by_reference.cpp:12:5:12:16 | ... = ... | semmle.label | ... = ... |
+| by_reference.cpp:15:8:15:18 | this [Return] [a] | semmle.label | this [Return] [a] |
 | by_reference.cpp:15:26:15:30 | value | semmle.label | value |
 | by_reference.cpp:16:5:16:8 | this [post update] [a] | semmle.label | this [post update] [a] |
 | by_reference.cpp:16:5:16:19 | ... = ... | semmle.label | ... = ... |
+| by_reference.cpp:19:8:19:20 | this [Return] [a] | semmle.label | this [Return] [a] |
 | by_reference.cpp:19:28:19:32 | value | semmle.label | value |
 | by_reference.cpp:20:5:20:8 | ref arg this [a] | semmle.label | ref arg this [a] |
 | by_reference.cpp:20:23:20:27 | value | semmle.label | value |
+| by_reference.cpp:23:8:23:26 | this [Return] [a] | semmle.label | this [Return] [a] |
 | by_reference.cpp:23:34:23:38 | value | semmle.label | value |
 | by_reference.cpp:24:19:24:22 | ref arg this [a] | semmle.label | ref arg this [a] |
 | by_reference.cpp:24:25:24:29 | value | semmle.label | value |
@@ -1127,16 +1185,18 @@ nodes
 | by_reference.cpp:69:8:69:20 | call to nonMemberGetA | semmle.label | call to nonMemberGetA |
 | by_reference.cpp:69:22:69:23 | & ... [a] | semmle.label | & ... [a] |
 | by_reference.cpp:69:23:69:23 | s [a] | semmle.label | s [a] |
+| by_reference.cpp:83:31:83:35 | inner [Return] [a] | semmle.label | inner [Return] [a] |
 | by_reference.cpp:83:31:83:35 | inner [a] | semmle.label | inner [a] |
 | by_reference.cpp:84:3:84:7 | inner [post update] [a] | semmle.label | inner [post update] [a] |
 | by_reference.cpp:84:3:84:25 | ... = ... | semmle.label | ... = ... |
 | by_reference.cpp:84:14:84:23 | call to user_input | semmle.label | call to user_input |
+| by_reference.cpp:87:31:87:35 | inner [Return] [a] | semmle.label | inner [Return] [a] |
 | by_reference.cpp:87:31:87:35 | inner [a] | semmle.label | inner [a] |
 | by_reference.cpp:88:3:88:7 | inner [post update] [a] | semmle.label | inner [post update] [a] |
 | by_reference.cpp:88:3:88:24 | ... = ... | semmle.label | ... = ... |
 | by_reference.cpp:88:13:88:22 | call to user_input | semmle.label | call to user_input |
 | by_reference.cpp:91:25:91:26 | pa | semmle.label | pa |
-| by_reference.cpp:92:4:92:5 | pa [inner post update] | semmle.label | pa [inner post update] |
+| by_reference.cpp:91:25:91:26 | pa [Return] | semmle.label | pa [Return] |
 | by_reference.cpp:92:9:92:18 | call to user_input | semmle.label | call to user_input |
 | by_reference.cpp:95:25:95:26 | pa | semmle.label | pa |
 | by_reference.cpp:96:8:96:17 | call to user_input | semmle.label | call to user_input |
@@ -1253,9 +1313,11 @@ nodes
 | complex.cpp:10:7:10:7 | this [b_] | semmle.label | this [b_] |
 | complex.cpp:10:20:10:21 | b_ | semmle.label | b_ |
 | complex.cpp:10:20:10:21 | this [b_] | semmle.label | this [b_] |
+| complex.cpp:11:8:11:11 | this [Return] [a_] | semmle.label | this [Return] [a_] |
 | complex.cpp:11:17:11:17 | a | semmle.label | a |
 | complex.cpp:11:22:11:23 | this [post update] [a_] | semmle.label | this [post update] [a_] |
 | complex.cpp:11:22:11:27 | ... = ... | semmle.label | ... = ... |
+| complex.cpp:12:8:12:11 | this [Return] [b_] | semmle.label | this [Return] [b_] |
 | complex.cpp:12:17:12:17 | b | semmle.label | b |
 | complex.cpp:12:22:12:23 | this [post update] [b_] | semmle.label | this [post update] [b_] |
 | complex.cpp:12:22:12:27 | ... = ... | semmle.label | ... = ... |
@@ -1321,6 +1383,8 @@ nodes
 | constructors.cpp:19:9:19:9 | this [b_] | semmle.label | this [b_] |
 | constructors.cpp:19:22:19:23 | b_ | semmle.label | b_ |
 | constructors.cpp:19:22:19:23 | this [b_] | semmle.label | this [b_] |
+| constructors.cpp:23:5:23:7 | this [Return] [a_] | semmle.label | this [Return] [a_] |
+| constructors.cpp:23:5:23:7 | this [Return] [b_] | semmle.label | this [Return] [b_] |
 | constructors.cpp:23:13:23:13 | a | semmle.label | a |
 | constructors.cpp:23:20:23:20 | b | semmle.label | b |
 | constructors.cpp:23:25:23:29 | constructor init of field a_ [post-this] [a_] | semmle.label | constructor init of field a_ [post-this] [a_] |
@@ -1345,13 +1409,16 @@ nodes
 | constructors.cpp:43:9:43:9 | g [b_] | semmle.label | g [b_] |
 | constructors.cpp:46:9:46:9 | h [a_] | semmle.label | h [a_] |
 | constructors.cpp:46:9:46:9 | h [b_] | semmle.label | h [b_] |
+| qualifiers.cpp:9:10:9:13 | this [Return] [a] | semmle.label | this [Return] [a] |
 | qualifiers.cpp:9:21:9:25 | value | semmle.label | value |
 | qualifiers.cpp:9:30:9:33 | this [post update] [a] | semmle.label | this [post update] [a] |
 | qualifiers.cpp:9:30:9:44 | ... = ... | semmle.label | ... = ... |
+| qualifiers.cpp:12:27:12:31 | inner [Return] [a] | semmle.label | inner [Return] [a] |
 | qualifiers.cpp:12:27:12:31 | inner [a] | semmle.label | inner [a] |
 | qualifiers.cpp:12:40:12:44 | value | semmle.label | value |
 | qualifiers.cpp:12:49:12:53 | inner [post update] [a] | semmle.label | inner [post update] [a] |
 | qualifiers.cpp:12:49:12:64 | ... = ... | semmle.label | ... = ... |
+| qualifiers.cpp:13:29:13:33 | inner [Return] [a] | semmle.label | inner [Return] [a] |
 | qualifiers.cpp:13:29:13:33 | inner [a] | semmle.label | inner [a] |
 | qualifiers.cpp:13:42:13:46 | value | semmle.label | value |
 | qualifiers.cpp:13:51:13:55 | inner [post update] [a] | semmle.label | inner [post update] [a] |
@@ -1425,9 +1492,11 @@ nodes
 | simple.cpp:19:9:19:9 | this [b_] | semmle.label | this [b_] |
 | simple.cpp:19:22:19:23 | b_ | semmle.label | b_ |
 | simple.cpp:19:22:19:23 | this [b_] | semmle.label | this [b_] |
+| simple.cpp:20:10:20:13 | this [Return] [a_] | semmle.label | this [Return] [a_] |
 | simple.cpp:20:19:20:19 | a | semmle.label | a |
 | simple.cpp:20:24:20:25 | this [post update] [a_] | semmle.label | this [post update] [a_] |
 | simple.cpp:20:24:20:29 | ... = ... | semmle.label | ... = ... |
+| simple.cpp:21:10:21:13 | this [Return] [b_] | semmle.label | this [Return] [b_] |
 | simple.cpp:21:19:21:19 | b | semmle.label | b |
 | simple.cpp:21:24:21:25 | this [post update] [b_] | semmle.label | this [post update] [b_] |
 | simple.cpp:21:24:21:29 | ... = ... | semmle.label | ... = ... |
@@ -1513,71 +1582,71 @@ nodes
 | struct_init.c:46:10:46:14 | outer [pointerAB, a] | semmle.label | outer [pointerAB, a] |
 | struct_init.c:46:16:46:24 | pointerAB [a] | semmle.label | pointerAB [a] |
 subpaths
-| A.cpp:31:20:31:20 | c | A.cpp:23:10:23:10 | c | A.cpp:25:7:25:10 | this [post update] [c] | A.cpp:31:14:31:21 | call to B [c] |
+| A.cpp:31:20:31:20 | c | A.cpp:23:10:23:10 | c | A.cpp:23:5:23:5 | this [Return] [c] | A.cpp:31:14:31:21 | call to B [c] |
 | A.cpp:48:20:48:20 | c | A.cpp:29:23:29:23 | c | A.cpp:31:14:31:21 | new [c] | A.cpp:48:12:48:18 | call to make [c] |
-| A.cpp:55:12:55:19 | new | A.cpp:27:17:27:17 | c | A.cpp:27:22:27:25 | this [post update] [c] | A.cpp:55:5:55:5 | ref arg b [c] |
+| A.cpp:55:12:55:19 | new | A.cpp:27:17:27:17 | c | A.cpp:27:10:27:12 | this [Return] [c] | A.cpp:55:5:55:5 | ref arg b [c] |
 | A.cpp:56:10:56:10 | b [c] | A.cpp:28:8:28:10 | this [c] | A.cpp:28:29:28:29 | c | A.cpp:56:13:56:15 | call to get |
 | A.cpp:57:11:57:24 | new [c] | A.cpp:28:8:28:10 | this [c] | A.cpp:28:29:28:29 | c | A.cpp:57:28:57:30 | call to get |
-| A.cpp:57:17:57:23 | new | A.cpp:23:10:23:10 | c | A.cpp:25:7:25:10 | this [post update] [c] | A.cpp:57:11:57:24 | call to B [c] |
+| A.cpp:57:17:57:23 | new | A.cpp:23:10:23:10 | c | A.cpp:23:5:23:5 | this [Return] [c] | A.cpp:57:11:57:24 | call to B [c] |
 | A.cpp:64:21:64:28 | new | A.cpp:85:26:85:26 | c | A.cpp:91:14:91:15 | b2 [c] | A.cpp:64:10:64:15 | call to setOnB [c] |
 | A.cpp:73:25:73:32 | new | A.cpp:78:27:78:27 | c | A.cpp:82:12:82:24 | ... ? ... : ... [c] | A.cpp:73:10:73:19 | call to setOnBWrap [c] |
 | A.cpp:81:21:81:21 | c | A.cpp:85:26:85:26 | c | A.cpp:91:14:91:15 | b2 [c] | A.cpp:81:10:81:15 | call to setOnB [c] |
-| A.cpp:90:15:90:15 | c | A.cpp:27:17:27:17 | c | A.cpp:27:22:27:25 | this [post update] [c] | A.cpp:90:7:90:8 | ref arg b2 [c] |
-| A.cpp:126:12:126:18 | new | A.cpp:27:17:27:17 | c | A.cpp:27:22:27:25 | this [post update] [c] | A.cpp:126:5:126:5 | ref arg b [c] |
-| A.cpp:151:18:151:18 | b | A.cpp:140:13:140:13 | b | A.cpp:143:7:143:10 | this [post update] [b] | A.cpp:151:12:151:24 | call to D [b] |
+| A.cpp:90:15:90:15 | c | A.cpp:27:17:27:17 | c | A.cpp:27:10:27:12 | this [Return] [c] | A.cpp:90:7:90:8 | ref arg b2 [c] |
+| A.cpp:126:12:126:18 | new | A.cpp:27:17:27:17 | c | A.cpp:27:10:27:12 | this [Return] [c] | A.cpp:126:5:126:5 | ref arg b [c] |
+| A.cpp:151:18:151:18 | b | A.cpp:140:13:140:13 | b | A.cpp:140:5:140:5 | this [Return] [b] | A.cpp:151:12:151:24 | call to D [b] |
 | A.cpp:152:13:152:13 | b [c] | A.cpp:173:26:173:26 | o [c] | A.cpp:173:26:173:26 | o [c] | A.cpp:152:13:152:13 | ref arg b [c] |
-| A.cpp:160:29:160:29 | b | A.cpp:181:15:181:21 | newHead | A.cpp:183:7:183:10 | this [post update] [head] | A.cpp:160:18:160:60 | call to MyList [head] |
-| A.cpp:161:38:161:39 | l1 [head] | A.cpp:181:32:181:35 | next [head] | A.cpp:184:7:184:10 | this [post update] [next, head] | A.cpp:161:18:161:40 | call to MyList [next, head] |
-| A.cpp:162:38:162:39 | l2 [next, head] | A.cpp:181:32:181:35 | next [next, head] | A.cpp:184:7:184:10 | this [post update] [next, next, head] | A.cpp:162:18:162:40 | call to MyList [next, next, head] |
+| A.cpp:160:29:160:29 | b | A.cpp:181:15:181:21 | newHead | A.cpp:181:5:181:10 | this [Return] [head] | A.cpp:160:18:160:60 | call to MyList [head] |
+| A.cpp:161:38:161:39 | l1 [head] | A.cpp:181:32:181:35 | next [head] | A.cpp:181:5:181:10 | this [Return] [next, head] | A.cpp:161:18:161:40 | call to MyList [next, head] |
+| A.cpp:162:38:162:39 | l2 [next, head] | A.cpp:181:32:181:35 | next [next, head] | A.cpp:181:5:181:10 | this [Return] [next, next, head] | A.cpp:162:18:162:40 | call to MyList [next, next, head] |
 | A.cpp:165:26:165:29 | head | A.cpp:173:26:173:26 | o | A.cpp:173:26:173:26 | o | A.cpp:165:26:165:29 | ref arg head |
-| B.cpp:7:25:7:25 | e | B.cpp:33:16:33:17 | e1 | B.cpp:35:7:35:10 | this [post update] [elem1] | B.cpp:7:16:7:35 | call to Box1 [elem1] |
-| B.cpp:8:25:8:26 | b1 [elem1] | B.cpp:44:16:44:17 | b1 [elem1] | B.cpp:46:7:46:10 | this [post update] [box1, elem1] | B.cpp:8:16:8:27 | call to Box2 [box1, elem1] |
-| B.cpp:16:37:16:37 | e | B.cpp:33:26:33:27 | e2 | B.cpp:36:7:36:10 | this [post update] [elem2] | B.cpp:16:16:16:38 | call to Box1 [elem2] |
-| B.cpp:17:25:17:26 | b1 [elem2] | B.cpp:44:16:44:17 | b1 [elem2] | B.cpp:46:7:46:10 | this [post update] [box1, elem2] | B.cpp:17:16:17:27 | call to Box2 [box1, elem2] |
+| B.cpp:7:25:7:25 | e | B.cpp:33:16:33:17 | e1 | B.cpp:33:5:33:8 | this [Return] [elem1] | B.cpp:7:16:7:35 | call to Box1 [elem1] |
+| B.cpp:8:25:8:26 | b1 [elem1] | B.cpp:44:16:44:17 | b1 [elem1] | B.cpp:44:5:44:8 | this [Return] [box1, elem1] | B.cpp:8:16:8:27 | call to Box2 [box1, elem1] |
+| B.cpp:16:37:16:37 | e | B.cpp:33:26:33:27 | e2 | B.cpp:33:5:33:8 | this [Return] [elem2] | B.cpp:16:16:16:38 | call to Box1 [elem2] |
+| B.cpp:17:25:17:26 | b1 [elem2] | B.cpp:44:16:44:17 | b1 [elem2] | B.cpp:44:5:44:8 | this [Return] [box1, elem2] | B.cpp:17:16:17:27 | call to Box2 [box1, elem2] |
 | D.cpp:22:10:22:11 | b2 [box, elem] | D.cpp:17:11:17:17 | this [box, elem] | D.cpp:17:30:17:32 | box [elem] | D.cpp:22:14:22:20 | call to getBox1 [elem] |
 | D.cpp:22:14:22:20 | call to getBox1 [elem] | D.cpp:10:11:10:17 | this [elem] | D.cpp:10:30:10:33 | elem | D.cpp:22:25:22:31 | call to getElem |
-| D.cpp:37:21:37:21 | e | D.cpp:11:24:11:24 | e | D.cpp:11:29:11:32 | this [post update] [elem] | D.cpp:37:8:37:10 | ref arg box [elem] |
-| D.cpp:51:27:51:27 | e | D.cpp:11:24:11:24 | e | D.cpp:11:29:11:32 | this [post update] [elem] | D.cpp:51:8:51:14 | ref arg call to getBox1 [elem] |
+| D.cpp:37:21:37:21 | e | D.cpp:11:24:11:24 | e | D.cpp:11:10:11:16 | this [Return] [elem] | D.cpp:37:8:37:10 | ref arg box [elem] |
+| D.cpp:51:27:51:27 | e | D.cpp:11:24:11:24 | e | D.cpp:11:10:11:16 | this [Return] [elem] | D.cpp:51:8:51:14 | ref arg call to getBox1 [elem] |
 | arrays.cpp:37:24:37:27 | data | realistic.cpp:41:17:41:17 | o | realistic.cpp:41:17:41:17 | o | arrays.cpp:37:24:37:27 | ref arg data |
 | arrays.cpp:43:27:43:30 | data | realistic.cpp:41:17:41:17 | o | realistic.cpp:41:17:41:17 | o | arrays.cpp:43:27:43:30 | ref arg data |
-| by_reference.cpp:20:23:20:27 | value | by_reference.cpp:15:26:15:30 | value | by_reference.cpp:16:5:16:8 | this [post update] [a] | by_reference.cpp:20:5:20:8 | ref arg this [a] |
+| by_reference.cpp:20:23:20:27 | value | by_reference.cpp:15:26:15:30 | value | by_reference.cpp:15:8:15:18 | this [Return] [a] | by_reference.cpp:20:5:20:8 | ref arg this [a] |
+| by_reference.cpp:24:25:24:29 | value | by_reference.cpp:11:48:11:52 | value | by_reference.cpp:11:39:11:39 | s [Return] [a] | by_reference.cpp:24:19:24:22 | ref arg this [a] |
 | by_reference.cpp:24:25:24:29 | value | by_reference.cpp:11:48:11:52 | value | by_reference.cpp:11:39:11:39 | s [a] | by_reference.cpp:24:19:24:22 | ref arg this [a] |
-| by_reference.cpp:24:25:24:29 | value | by_reference.cpp:11:48:11:52 | value | by_reference.cpp:12:5:12:5 | s [post update] [a] | by_reference.cpp:24:19:24:22 | ref arg this [a] |
 | by_reference.cpp:40:12:40:15 | this [a] | by_reference.cpp:35:9:35:19 | this [a] | by_reference.cpp:36:18:36:18 | a | by_reference.cpp:40:18:40:28 | call to getDirectly |
 | by_reference.cpp:44:26:44:29 | this [a] | by_reference.cpp:31:46:31:46 | s [a] | by_reference.cpp:32:15:32:15 | a | by_reference.cpp:44:12:44:24 | call to nonMemberGetA |
-| by_reference.cpp:50:17:50:26 | call to user_input | by_reference.cpp:15:26:15:30 | value | by_reference.cpp:16:5:16:8 | this [post update] [a] | by_reference.cpp:50:3:50:3 | ref arg s [a] |
+| by_reference.cpp:50:17:50:26 | call to user_input | by_reference.cpp:15:26:15:30 | value | by_reference.cpp:15:8:15:18 | this [Return] [a] | by_reference.cpp:50:3:50:3 | ref arg s [a] |
 | by_reference.cpp:51:8:51:8 | s [a] | by_reference.cpp:35:9:35:19 | this [a] | by_reference.cpp:36:18:36:18 | a | by_reference.cpp:51:10:51:20 | call to getDirectly |
-| by_reference.cpp:56:19:56:28 | call to user_input | by_reference.cpp:19:28:19:32 | value | by_reference.cpp:20:5:20:8 | ref arg this [a] | by_reference.cpp:56:3:56:3 | ref arg s [a] |
+| by_reference.cpp:56:19:56:28 | call to user_input | by_reference.cpp:19:28:19:32 | value | by_reference.cpp:19:8:19:20 | this [Return] [a] | by_reference.cpp:56:3:56:3 | ref arg s [a] |
 | by_reference.cpp:57:8:57:8 | s [a] | by_reference.cpp:39:9:39:21 | this [a] | by_reference.cpp:40:18:40:28 | call to getDirectly | by_reference.cpp:57:10:57:22 | call to getIndirectly |
-| by_reference.cpp:62:25:62:34 | call to user_input | by_reference.cpp:23:34:23:38 | value | by_reference.cpp:24:19:24:22 | ref arg this [a] | by_reference.cpp:62:3:62:3 | ref arg s [a] |
+| by_reference.cpp:62:25:62:34 | call to user_input | by_reference.cpp:23:34:23:38 | value | by_reference.cpp:23:8:23:26 | this [Return] [a] | by_reference.cpp:62:3:62:3 | ref arg s [a] |
 | by_reference.cpp:63:8:63:8 | s [a] | by_reference.cpp:43:9:43:27 | this [a] | by_reference.cpp:44:12:44:24 | call to nonMemberGetA | by_reference.cpp:63:10:63:28 | call to getThroughNonMember |
+| by_reference.cpp:68:21:68:30 | call to user_input | by_reference.cpp:11:48:11:52 | value | by_reference.cpp:11:39:11:39 | s [Return] [a] | by_reference.cpp:68:17:68:18 | ref arg & ... [a] |
 | by_reference.cpp:68:21:68:30 | call to user_input | by_reference.cpp:11:48:11:52 | value | by_reference.cpp:11:39:11:39 | s [a] | by_reference.cpp:68:17:68:18 | ref arg & ... [a] |
-| by_reference.cpp:68:21:68:30 | call to user_input | by_reference.cpp:11:48:11:52 | value | by_reference.cpp:12:5:12:5 | s [post update] [a] | by_reference.cpp:68:17:68:18 | ref arg & ... [a] |
 | by_reference.cpp:69:22:69:23 | & ... [a] | by_reference.cpp:31:46:31:46 | s [a] | by_reference.cpp:32:15:32:15 | a | by_reference.cpp:69:8:69:20 | call to nonMemberGetA |
 | complex.cpp:42:16:42:16 | f [a_] | complex.cpp:9:7:9:7 | this [a_] | complex.cpp:9:20:9:21 | a_ | complex.cpp:42:18:42:18 | call to a |
 | complex.cpp:43:16:43:16 | f [b_] | complex.cpp:10:7:10:7 | this [b_] | complex.cpp:10:20:10:21 | b_ | complex.cpp:43:18:43:18 | call to b |
-| complex.cpp:53:19:53:28 | call to user_input | complex.cpp:11:17:11:17 | a | complex.cpp:11:22:11:23 | this [post update] [a_] | complex.cpp:53:12:53:12 | ref arg f [a_] |
-| complex.cpp:54:19:54:28 | call to user_input | complex.cpp:12:17:12:17 | b | complex.cpp:12:22:12:23 | this [post update] [b_] | complex.cpp:54:12:54:12 | ref arg f [b_] |
-| complex.cpp:55:19:55:28 | call to user_input | complex.cpp:11:17:11:17 | a | complex.cpp:11:22:11:23 | this [post update] [a_] | complex.cpp:55:12:55:12 | ref arg f [a_] |
-| complex.cpp:56:19:56:28 | call to user_input | complex.cpp:12:17:12:17 | b | complex.cpp:12:22:12:23 | this [post update] [b_] | complex.cpp:56:12:56:12 | ref arg f [b_] |
+| complex.cpp:53:19:53:28 | call to user_input | complex.cpp:11:17:11:17 | a | complex.cpp:11:8:11:11 | this [Return] [a_] | complex.cpp:53:12:53:12 | ref arg f [a_] |
+| complex.cpp:54:19:54:28 | call to user_input | complex.cpp:12:17:12:17 | b | complex.cpp:12:8:12:11 | this [Return] [b_] | complex.cpp:54:12:54:12 | ref arg f [b_] |
+| complex.cpp:55:19:55:28 | call to user_input | complex.cpp:11:17:11:17 | a | complex.cpp:11:8:11:11 | this [Return] [a_] | complex.cpp:55:12:55:12 | ref arg f [a_] |
+| complex.cpp:56:19:56:28 | call to user_input | complex.cpp:12:17:12:17 | b | complex.cpp:12:8:12:11 | this [Return] [b_] | complex.cpp:56:12:56:12 | ref arg f [b_] |
 | constructors.cpp:28:10:28:10 | f [a_] | constructors.cpp:18:9:18:9 | this [a_] | constructors.cpp:18:22:18:23 | a_ | constructors.cpp:28:12:28:12 | call to a |
 | constructors.cpp:29:10:29:10 | f [b_] | constructors.cpp:19:9:19:9 | this [b_] | constructors.cpp:19:22:19:23 | b_ | constructors.cpp:29:12:29:12 | call to b |
-| constructors.cpp:34:11:34:20 | call to user_input | constructors.cpp:23:13:23:13 | a | constructors.cpp:23:25:23:29 | constructor init of field a_ [post-this] [a_] | constructors.cpp:34:11:34:26 | call to Foo [a_] |
-| constructors.cpp:35:14:35:23 | call to user_input | constructors.cpp:23:20:23:20 | b | constructors.cpp:23:32:23:36 | constructor init of field b_ [post-this] [b_] | constructors.cpp:35:11:35:26 | call to Foo [b_] |
-| constructors.cpp:36:11:36:20 | call to user_input | constructors.cpp:23:13:23:13 | a | constructors.cpp:23:25:23:29 | constructor init of field a_ [post-this] [a_] | constructors.cpp:36:11:36:37 | call to Foo [a_] |
-| constructors.cpp:36:25:36:34 | call to user_input | constructors.cpp:23:20:23:20 | b | constructors.cpp:23:32:23:36 | constructor init of field b_ [post-this] [b_] | constructors.cpp:36:11:36:37 | call to Foo [b_] |
-| qualifiers.cpp:27:28:27:37 | call to user_input | qualifiers.cpp:9:21:9:25 | value | qualifiers.cpp:9:30:9:33 | this [post update] [a] | qualifiers.cpp:27:11:27:18 | ref arg call to getInner [a] |
+| constructors.cpp:34:11:34:20 | call to user_input | constructors.cpp:23:13:23:13 | a | constructors.cpp:23:5:23:7 | this [Return] [a_] | constructors.cpp:34:11:34:26 | call to Foo [a_] |
+| constructors.cpp:35:14:35:23 | call to user_input | constructors.cpp:23:20:23:20 | b | constructors.cpp:23:5:23:7 | this [Return] [b_] | constructors.cpp:35:11:35:26 | call to Foo [b_] |
+| constructors.cpp:36:11:36:20 | call to user_input | constructors.cpp:23:13:23:13 | a | constructors.cpp:23:5:23:7 | this [Return] [a_] | constructors.cpp:36:11:36:37 | call to Foo [a_] |
+| constructors.cpp:36:25:36:34 | call to user_input | constructors.cpp:23:20:23:20 | b | constructors.cpp:23:5:23:7 | this [Return] [b_] | constructors.cpp:36:11:36:37 | call to Foo [b_] |
+| qualifiers.cpp:27:28:27:37 | call to user_input | qualifiers.cpp:9:21:9:25 | value | qualifiers.cpp:9:10:9:13 | this [Return] [a] | qualifiers.cpp:27:11:27:18 | ref arg call to getInner [a] |
+| qualifiers.cpp:32:35:32:44 | call to user_input | qualifiers.cpp:12:40:12:44 | value | qualifiers.cpp:12:27:12:31 | inner [Return] [a] | qualifiers.cpp:32:23:32:30 | ref arg call to getInner [a] |
 | qualifiers.cpp:32:35:32:44 | call to user_input | qualifiers.cpp:12:40:12:44 | value | qualifiers.cpp:12:27:12:31 | inner [a] | qualifiers.cpp:32:23:32:30 | ref arg call to getInner [a] |
-| qualifiers.cpp:32:35:32:44 | call to user_input | qualifiers.cpp:12:40:12:44 | value | qualifiers.cpp:12:49:12:53 | inner [post update] [a] | qualifiers.cpp:32:23:32:30 | ref arg call to getInner [a] |
+| qualifiers.cpp:37:38:37:47 | call to user_input | qualifiers.cpp:13:42:13:46 | value | qualifiers.cpp:13:29:13:33 | inner [Return] [a] | qualifiers.cpp:37:19:37:35 | ref arg * ... [a] |
 | qualifiers.cpp:37:38:37:47 | call to user_input | qualifiers.cpp:13:42:13:46 | value | qualifiers.cpp:13:29:13:33 | inner [a] | qualifiers.cpp:37:19:37:35 | ref arg * ... [a] |
-| qualifiers.cpp:37:38:37:47 | call to user_input | qualifiers.cpp:13:42:13:46 | value | qualifiers.cpp:13:51:13:55 | inner [post update] [a] | qualifiers.cpp:37:19:37:35 | ref arg * ... [a] |
 | realistic.cpp:61:47:61:55 | bufferLen | realistic.cpp:41:17:41:17 | o | realistic.cpp:41:17:41:17 | o | realistic.cpp:61:47:61:55 | ref arg bufferLen |
 | simple.cpp:28:10:28:10 | f [a_] | simple.cpp:18:9:18:9 | this [a_] | simple.cpp:18:22:18:23 | a_ | simple.cpp:28:12:28:12 | call to a |
 | simple.cpp:29:10:29:10 | f [b_] | simple.cpp:19:9:19:9 | this [b_] | simple.cpp:19:22:19:23 | b_ | simple.cpp:29:12:29:12 | call to b |
-| simple.cpp:39:12:39:21 | call to user_input | simple.cpp:20:19:20:19 | a | simple.cpp:20:24:20:25 | this [post update] [a_] | simple.cpp:39:5:39:5 | ref arg f [a_] |
-| simple.cpp:40:12:40:21 | call to user_input | simple.cpp:21:19:21:19 | b | simple.cpp:21:24:21:25 | this [post update] [b_] | simple.cpp:40:5:40:5 | ref arg g [b_] |
-| simple.cpp:41:12:41:21 | call to user_input | simple.cpp:20:19:20:19 | a | simple.cpp:20:24:20:25 | this [post update] [a_] | simple.cpp:41:5:41:5 | ref arg h [a_] |
-| simple.cpp:42:12:42:21 | call to user_input | simple.cpp:21:19:21:19 | b | simple.cpp:21:24:21:25 | this [post update] [b_] | simple.cpp:42:5:42:5 | ref arg h [b_] |
+| simple.cpp:39:12:39:21 | call to user_input | simple.cpp:20:19:20:19 | a | simple.cpp:20:10:20:13 | this [Return] [a_] | simple.cpp:39:5:39:5 | ref arg f [a_] |
+| simple.cpp:40:12:40:21 | call to user_input | simple.cpp:21:19:21:19 | b | simple.cpp:21:10:21:13 | this [Return] [b_] | simple.cpp:40:5:40:5 | ref arg g [b_] |
+| simple.cpp:41:12:41:21 | call to user_input | simple.cpp:20:19:20:19 | a | simple.cpp:20:10:20:13 | this [Return] [a_] | simple.cpp:41:5:41:5 | ref arg h [a_] |
+| simple.cpp:42:12:42:21 | call to user_input | simple.cpp:21:19:21:19 | b | simple.cpp:21:10:21:13 | this [Return] [b_] | simple.cpp:42:5:42:5 | ref arg h [b_] |
 | simple.cpp:84:14:84:20 | this [f2, f1] | simple.cpp:78:9:78:15 | this [f2, f1] | simple.cpp:79:19:79:20 | f1 | simple.cpp:84:14:84:20 | call to getf2f1 |
 | struct_init.c:15:12:15:12 | a | realistic.cpp:41:17:41:17 | o | realistic.cpp:41:17:41:17 | o | struct_init.c:15:12:15:12 | ref arg a |
 | struct_init.c:22:11:22:11 | a | realistic.cpp:41:17:41:17 | o | realistic.cpp:41:17:41:17 | o | struct_init.c:22:11:22:11 | ref arg a |

cpp/ql/test/query-tests/Likely Bugs/Memory Management/NtohlArrayNoBound/NtohlArrayNoBound.expected

@@ -1,8 +1,9 @@
-| test.cpp:12:25:12:34 | call to ntohl | Unchecked use of data from network function $@. | test.cpp:12:25:12:34 | call to ntohl | call to ntohl |
-| test.cpp:21:26:21:29 | len2 | Unchecked use of data from network function $@. | test.cpp:10:16:10:25 | call to ntohl | call to ntohl |
-| test.cpp:31:26:31:29 | len2 | Unchecked use of data from network function $@. | test.cpp:10:16:10:25 | call to ntohl | call to ntohl |
-| test.cpp:61:26:61:29 | len2 | Unchecked use of data from network function $@. | test.cpp:10:16:10:25 | call to ntohl | call to ntohl |
-| test.cpp:64:9:64:12 | len2 | Unchecked use of data from network function $@. | test.cpp:10:16:10:25 | call to ntohl | call to ntohl |
-| test.cpp:73:10:73:13 | lens | Unchecked use of data from network function $@. | test.cpp:10:16:10:25 | call to ntohl | call to ntohl |
-| test.cpp:86:10:86:13 | len3 | Unchecked use of data from network function $@. | test.cpp:85:10:85:19 | call to ntohl | call to ntohl |
-| test.cpp:94:9:94:11 | len | Unchecked use of data from network function $@. | test.cpp:99:8:99:17 | call to ntohl | call to ntohl |
+| test.cpp:13:25:13:34 | call to ntohl | Unchecked use of data from network function $@. | test.cpp:13:25:13:34 | call to ntohl | call to ntohl |
+| test.cpp:22:26:22:29 | len2 | Unchecked use of data from network function $@. | test.cpp:11:16:11:25 | call to ntohl | call to ntohl |
+| test.cpp:32:26:32:29 | len2 | Unchecked use of data from network function $@. | test.cpp:11:16:11:25 | call to ntohl | call to ntohl |
+| test.cpp:62:26:62:29 | len2 | Unchecked use of data from network function $@. | test.cpp:11:16:11:25 | call to ntohl | call to ntohl |
+| test.cpp:65:9:65:12 | len2 | Unchecked use of data from network function $@. | test.cpp:11:16:11:25 | call to ntohl | call to ntohl |
+| test.cpp:74:10:74:13 | lens | Unchecked use of data from network function $@. | test.cpp:11:16:11:25 | call to ntohl | call to ntohl |
+| test.cpp:87:10:87:13 | len3 | Unchecked use of data from network function $@. | test.cpp:86:10:86:19 | call to ntohl | call to ntohl |
+| test.cpp:95:9:95:11 | len | Unchecked use of data from network function $@. | test.cpp:100:8:100:17 | call to ntohl | call to ntohl |
+| test.cpp:107:32:107:41 | call to ntohl | Unchecked use of data from network function $@. | test.cpp:107:32:107:41 | call to ntohl | call to ntohl |

cpp/ql/test/query-tests/Likely Bugs/Memory Management/NtohlArrayNoBound/test.cpp

@@ -1,6 +1,7 @@
 
 typedef unsigned int size_t;
 void *memcpy(void *s1, const void *s2, size_t n);
+int memcmp(void *s1, const void *s2, size_t n);
 size_t strlen(const char *s);
 int ntohl(int x);
 
@@ -98,3 +99,10 @@ void test3(size_t len)
 {
 	test2(ntohl(len));
 }
+
+int test4(const char *source, size_t len)
+{
+	char buffer[256];
+
+	return memcmp(buffer, source, ntohl(len)); // BAD
+}

cpp/ql/test/query-tests/Security/CWE/CWE-078/SAMATE/ExecTainted/ExecTainted.expected

@@ -3,7 +3,7 @@ edges
 | tests.cpp:33:34:33:39 | *call to getenv | tests.cpp:33:34:33:39 | *call to getenv | provenance |  |
 | tests.cpp:33:34:33:39 | *call to getenv | tests.cpp:38:39:38:49 | *environment | provenance |  |
 | tests.cpp:38:25:38:36 | strncat output argument | tests.cpp:42:12:42:15 | *data | provenance |  |
-| tests.cpp:38:39:38:49 | *environment | tests.cpp:38:25:38:36 | strncat output argument | provenance |  |
+| tests.cpp:38:39:38:49 | *environment | tests.cpp:38:25:38:36 | strncat output argument | provenance | Config |
 | tests.cpp:42:12:42:15 | *data | tests.cpp:26:15:26:23 | **badSource | provenance |  |
 | tests.cpp:51:5:51:26 | *... = ... | tests.cpp:53:16:53:19 | *data | provenance |  |
 | tests.cpp:51:12:51:20 | *call to badSource | tests.cpp:51:5:51:26 | *... = ... | provenance |  |

cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected

@@ -2,70 +2,72 @@ edges
 | test.cpp:15:27:15:30 | **argv | test.cpp:16:20:16:26 | *access to array | provenance |  |
 | test.cpp:16:20:16:26 | *access to array | test.cpp:22:45:22:52 | *userName | provenance |  |
 | test.cpp:22:13:22:20 | sprintf output argument | test.cpp:23:12:23:19 | *command1 | provenance |  |
-| test.cpp:22:45:22:52 | *userName | test.cpp:22:13:22:20 | sprintf output argument | provenance |  |
+| test.cpp:22:45:22:52 | *userName | test.cpp:22:13:22:20 | sprintf output argument | provenance | Config |
 | test.cpp:47:21:47:26 | *call to getenv | test.cpp:47:21:47:26 | *call to getenv | provenance |  |
 | test.cpp:47:21:47:26 | *call to getenv | test.cpp:50:35:50:43 | *envCflags | provenance |  |
 | test.cpp:50:11:50:17 | sprintf output argument | test.cpp:51:10:51:16 | *command | provenance |  |
-| test.cpp:50:35:50:43 | *envCflags | test.cpp:50:11:50:17 | sprintf output argument | provenance |  |
+| test.cpp:50:35:50:43 | *envCflags | test.cpp:50:11:50:17 | sprintf output argument | provenance | Config |
 | test.cpp:62:9:62:16 | fread output argument | test.cpp:64:20:64:27 | *filename | provenance |  |
 | test.cpp:64:11:64:17 | strncat output argument | test.cpp:65:10:65:16 | *command | provenance |  |
-| test.cpp:64:20:64:27 | *filename | test.cpp:64:11:64:17 | strncat output argument | provenance |  |
+| test.cpp:64:20:64:27 | *filename | test.cpp:64:11:64:17 | strncat output argument | provenance | Config |
 | test.cpp:82:9:82:16 | fread output argument | test.cpp:84:20:84:27 | *filename | provenance |  |
 | test.cpp:84:11:84:17 | strncat output argument | test.cpp:85:32:85:38 | *command | provenance |  |
-| test.cpp:84:20:84:27 | *filename | test.cpp:84:11:84:17 | strncat output argument | provenance |  |
+| test.cpp:84:20:84:27 | *filename | test.cpp:84:11:84:17 | strncat output argument | provenance | Config |
 | test.cpp:91:9:91:16 | fread output argument | test.cpp:93:17:93:24 | *filename | provenance |  |
 | test.cpp:93:11:93:14 | strncat output argument | test.cpp:94:45:94:48 | *path | provenance |  |
-| test.cpp:93:17:93:24 | *filename | test.cpp:93:11:93:14 | strncat output argument | provenance |  |
+| test.cpp:93:17:93:24 | *filename | test.cpp:93:11:93:14 | strncat output argument | provenance | Config |
 | test.cpp:106:20:106:38 | *call to getenv | test.cpp:107:33:107:36 | *path | provenance | TaintFunction |
 | test.cpp:107:31:107:31 | call to operator+ | test.cpp:107:31:107:31 | call to operator+ | provenance |  |
 | test.cpp:107:31:107:31 | call to operator+ | test.cpp:108:18:108:22 | *call to c_str | provenance | TaintFunction |
-| test.cpp:107:33:107:36 | *path | test.cpp:107:31:107:31 | call to operator+ | provenance |  |
+| test.cpp:107:33:107:36 | *path | test.cpp:107:31:107:31 | call to operator+ | provenance | Config |
 | test.cpp:113:20:113:38 | *call to getenv | test.cpp:114:19:114:22 | *path | provenance | TaintFunction |
 | test.cpp:114:10:114:23 | call to operator+ | test.cpp:114:25:114:29 | *call to c_str | provenance | TaintFunction |
 | test.cpp:114:10:114:23 | call to operator+ | test.cpp:114:25:114:29 | *call to c_str | provenance | TaintFunction |
 | test.cpp:114:17:114:17 | call to operator+ | test.cpp:114:10:114:23 | call to operator+ | provenance |  |
-| test.cpp:114:19:114:22 | *path | test.cpp:114:10:114:23 | call to operator+ | provenance |  |
-| test.cpp:114:19:114:22 | *path | test.cpp:114:17:114:17 | call to operator+ | provenance |  |
+| test.cpp:114:19:114:22 | *path | test.cpp:114:10:114:23 | call to operator+ | provenance | Config |
+| test.cpp:114:19:114:22 | *path | test.cpp:114:17:114:17 | call to operator+ | provenance | Config |
 | test.cpp:119:20:119:38 | *call to getenv | test.cpp:120:19:120:22 | *path | provenance | TaintFunction |
 | test.cpp:120:17:120:17 | call to operator+ | test.cpp:120:10:120:30 | *call to data | provenance | TaintFunction |
-| test.cpp:120:19:120:22 | *path | test.cpp:120:17:120:17 | call to operator+ | provenance |  |
+| test.cpp:120:19:120:22 | *path | test.cpp:120:17:120:17 | call to operator+ | provenance | Config |
 | test.cpp:140:9:140:11 | fread output argument | test.cpp:142:31:142:33 | *str | provenance |  |
 | test.cpp:142:11:142:17 | sprintf output argument | test.cpp:143:10:143:16 | *command | provenance |  |
-| test.cpp:142:31:142:33 | *str | test.cpp:142:11:142:17 | sprintf output argument | provenance |  |
+| test.cpp:142:31:142:33 | *str | test.cpp:142:11:142:17 | sprintf output argument | provenance | Config |
 | test.cpp:174:9:174:16 | fread output argument | test.cpp:177:20:177:27 | *filename | provenance |  |
 | test.cpp:174:9:174:16 | fread output argument | test.cpp:180:22:180:29 | *filename | provenance |  |
 | test.cpp:177:13:177:17 | strncat output argument | test.cpp:178:22:178:26 | *flags | provenance |  |
 | test.cpp:177:13:177:17 | strncat output argument | test.cpp:178:22:178:26 | *flags | provenance |  |
-| test.cpp:177:20:177:27 | *filename | test.cpp:177:13:177:17 | strncat output argument | provenance |  |
+| test.cpp:177:20:177:27 | *filename | test.cpp:177:13:177:17 | strncat output argument | provenance | Config |
 | test.cpp:177:20:177:27 | *filename | test.cpp:177:13:177:17 | strncat output argument | provenance | TaintFunction |
 | test.cpp:178:13:178:19 | strncat output argument | test.cpp:183:32:183:38 | *command | provenance |  |
 | test.cpp:178:13:178:19 | strncat output argument | test.cpp:183:32:183:38 | *command | provenance |  |
-| test.cpp:178:22:178:26 | *flags | test.cpp:178:13:178:19 | strncat output argument | provenance |  |
+| test.cpp:178:22:178:26 | *flags | test.cpp:178:13:178:19 | strncat output argument | provenance | Config |
 | test.cpp:178:22:178:26 | *flags | test.cpp:178:13:178:19 | strncat output argument | provenance | TaintFunction |
 | test.cpp:180:13:180:19 | strncat output argument | test.cpp:183:32:183:38 | *command | provenance |  |
-| test.cpp:180:22:180:29 | *filename | test.cpp:180:13:180:19 | strncat output argument | provenance |  |
+| test.cpp:180:22:180:29 | *filename | test.cpp:180:13:180:19 | strncat output argument | provenance | Config |
 | test.cpp:186:47:186:54 | *filename | test.cpp:187:18:187:25 | *filename | provenance |  |
 | test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:20:188:24 | *flags | provenance |  |
 | test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:20:188:24 | *flags | provenance |  |
-| test.cpp:187:18:187:25 | *filename | test.cpp:187:11:187:15 | strncat output argument | provenance |  |
+| test.cpp:187:18:187:25 | *filename | test.cpp:187:11:187:15 | strncat output argument | provenance | Config |
 | test.cpp:187:18:187:25 | *filename | test.cpp:187:11:187:15 | strncat output argument | provenance | TaintFunction |
 | test.cpp:188:11:188:17 | strncat output argument | test.cpp:186:19:186:25 | *command | provenance |  |
 | test.cpp:188:11:188:17 | strncat output argument | test.cpp:186:19:186:25 | *command | provenance |  |
-| test.cpp:188:20:188:24 | *flags | test.cpp:188:11:188:17 | strncat output argument | provenance |  |
+| test.cpp:188:11:188:17 | strncat output argument | test.cpp:186:19:186:25 | *command [Return] | provenance |  |
+| test.cpp:188:11:188:17 | strncat output argument | test.cpp:186:19:186:25 | *command [Return] | provenance |  |
+| test.cpp:188:20:188:24 | *flags | test.cpp:188:11:188:17 | strncat output argument | provenance | Config |
 | test.cpp:188:20:188:24 | *flags | test.cpp:188:11:188:17 | strncat output argument | provenance | TaintFunction |
 | test.cpp:194:9:194:16 | fread output argument | test.cpp:196:26:196:33 | *filename | provenance |  |
 | test.cpp:196:10:196:16 | concat output argument | test.cpp:198:32:198:38 | *command | provenance |  |
 | test.cpp:196:10:196:16 | concat output argument | test.cpp:198:32:198:38 | *command | provenance |  |
 | test.cpp:196:26:196:33 | *filename | test.cpp:186:47:186:54 | *filename | provenance |  |
-| test.cpp:196:26:196:33 | *filename | test.cpp:196:10:196:16 | concat output argument | provenance | TaintFunction |
+| test.cpp:196:26:196:33 | *filename | test.cpp:196:10:196:16 | concat output argument | provenance | Config |
 | test.cpp:196:26:196:33 | *filename | test.cpp:196:10:196:16 | concat output argument | provenance | TaintFunction |
 | test.cpp:218:9:218:16 | fread output argument | test.cpp:220:19:220:26 | *filename | provenance |  |
 | test.cpp:220:10:220:16 | strncat output argument | test.cpp:220:10:220:16 | strncat output argument | provenance | TaintFunction |
 | test.cpp:220:10:220:16 | strncat output argument | test.cpp:220:10:220:16 | strncat output argument | provenance | TaintFunction |
 | test.cpp:220:10:220:16 | strncat output argument | test.cpp:222:32:222:38 | *command | provenance |  |
 | test.cpp:220:10:220:16 | strncat output argument | test.cpp:222:32:222:38 | *command | provenance |  |
-| test.cpp:220:19:220:26 | *filename | test.cpp:220:10:220:16 | strncat output argument | provenance |  |
-| test.cpp:220:19:220:26 | *filename | test.cpp:220:10:220:16 | strncat output argument | provenance |  |
+| test.cpp:220:19:220:26 | *filename | test.cpp:220:10:220:16 | strncat output argument | provenance | Config |
+| test.cpp:220:19:220:26 | *filename | test.cpp:220:10:220:16 | strncat output argument | provenance | Config |
 | test.cpp:220:19:220:26 | *filename | test.cpp:220:19:220:26 | *filename | provenance |  |
 nodes
 | test.cpp:15:27:15:30 | **argv | semmle.label | **argv |
@@ -125,6 +127,8 @@ nodes
 | test.cpp:183:32:183:38 | *command | semmle.label | *command |
 | test.cpp:186:19:186:25 | *command | semmle.label | *command |
 | test.cpp:186:19:186:25 | *command | semmle.label | *command |
+| test.cpp:186:19:186:25 | *command [Return] | semmle.label | *command [Return] |
+| test.cpp:186:19:186:25 | *command [Return] | semmle.label | *command [Return] |
 | test.cpp:186:47:186:54 | *filename | semmle.label | *filename |
 | test.cpp:187:11:187:15 | strncat output argument | semmle.label | strncat output argument |
 | test.cpp:187:11:187:15 | strncat output argument | semmle.label | strncat output argument |
@@ -151,8 +155,8 @@ nodes
 subpaths
 | test.cpp:196:26:196:33 | *filename | test.cpp:186:47:186:54 | *filename | test.cpp:186:19:186:25 | *command | test.cpp:196:10:196:16 | concat output argument |
 | test.cpp:196:26:196:33 | *filename | test.cpp:186:47:186:54 | *filename | test.cpp:186:19:186:25 | *command | test.cpp:196:10:196:16 | concat output argument |
-| test.cpp:196:26:196:33 | *filename | test.cpp:186:47:186:54 | *filename | test.cpp:188:11:188:17 | strncat output argument | test.cpp:196:10:196:16 | concat output argument |
-| test.cpp:196:26:196:33 | *filename | test.cpp:186:47:186:54 | *filename | test.cpp:188:11:188:17 | strncat output argument | test.cpp:196:10:196:16 | concat output argument |
+| test.cpp:196:26:196:33 | *filename | test.cpp:186:47:186:54 | *filename | test.cpp:186:19:186:25 | *command [Return] | test.cpp:196:10:196:16 | concat output argument |
+| test.cpp:196:26:196:33 | *filename | test.cpp:186:47:186:54 | *filename | test.cpp:186:19:186:25 | *command [Return] | test.cpp:196:10:196:16 | concat output argument |
 #select
 | test.cpp:23:12:23:19 | command1 | test.cpp:15:27:15:30 | **argv | test.cpp:23:12:23:19 | *command1 | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:15:27:15:30 | **argv | user input (a command-line argument) | test.cpp:22:13:22:20 | sprintf output argument | sprintf output argument |
 | test.cpp:51:10:51:16 | command | test.cpp:47:21:47:26 | *call to getenv | test.cpp:51:10:51:16 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:47:21:47:26 | *call to getenv | user input (an environment variable) | test.cpp:50:11:50:17 | sprintf output argument | sprintf output argument |

cpp/ql/test/query-tests/Security/CWE/CWE-119/SAMATE/OverrunWriteProductFlow.expected

@@ -53,6 +53,7 @@ edges
 | test.cpp:228:27:228:54 | call to malloc | test.cpp:228:27:228:54 | call to malloc | provenance |  |
 | test.cpp:228:27:228:54 | call to malloc | test.cpp:232:10:232:15 | buffer | provenance |  |
 | test.cpp:235:40:235:45 | buffer | test.cpp:236:5:236:26 | ... = ... | provenance |  |
+| test.cpp:236:5:236:9 | *p_str [post update] [string] | test.cpp:235:27:235:31 | *p_str [Return] [string] | provenance |  |
 | test.cpp:236:5:236:9 | *p_str [post update] [string] | test.cpp:235:27:235:31 | *p_str [string] | provenance |  |
 | test.cpp:236:5:236:26 | ... = ... | test.cpp:236:5:236:9 | *p_str [post update] [string] | provenance |  |
 | test.cpp:241:20:241:38 | call to malloc | test.cpp:241:20:241:38 | call to malloc | provenance |  |
@@ -128,6 +129,7 @@ nodes
 | test.cpp:228:27:228:54 | call to malloc | semmle.label | call to malloc |
 | test.cpp:228:27:228:54 | call to malloc | semmle.label | call to malloc |
 | test.cpp:232:10:232:15 | buffer | semmle.label | buffer |
+| test.cpp:235:27:235:31 | *p_str [Return] [string] | semmle.label | *p_str [Return] [string] |
 | test.cpp:235:27:235:31 | *p_str [string] | semmle.label | *p_str [string] |
 | test.cpp:235:40:235:45 | buffer | semmle.label | buffer |
 | test.cpp:236:5:236:9 | *p_str [post update] [string] | semmle.label | *p_str [post update] [string] |
@@ -150,8 +152,8 @@ nodes
 | test.cpp:264:13:264:30 | call to malloc | semmle.label | call to malloc |
 | test.cpp:266:12:266:12 | p | semmle.label | p |
 subpaths
+| test.cpp:242:22:242:27 | buffer | test.cpp:235:40:235:45 | buffer | test.cpp:235:27:235:31 | *p_str [Return] [string] | test.cpp:242:16:242:19 | set_string output argument [string] |
 | test.cpp:242:22:242:27 | buffer | test.cpp:235:40:235:45 | buffer | test.cpp:235:27:235:31 | *p_str [string] | test.cpp:242:16:242:19 | set_string output argument [string] |
-| test.cpp:242:22:242:27 | buffer | test.cpp:235:40:235:45 | buffer | test.cpp:236:5:236:9 | *p_str [post update] [string] | test.cpp:242:16:242:19 | set_string output argument [string] |
 #select
 | test.cpp:42:5:42:11 | call to strncpy | test.cpp:18:19:18:24 | call to malloc | test.cpp:42:18:42:23 | string | This write may overflow $@ by 1 element. | test.cpp:42:18:42:23 | string | string |
 | test.cpp:72:9:72:15 | call to strncpy | test.cpp:18:19:18:24 | call to malloc | test.cpp:72:22:72:27 | string | This write may overflow $@ by 1 element. | test.cpp:72:22:72:27 | string | string |

cpp/ql/test/query-tests/Security/CWE/CWE-193/InvalidPointerDeref.expected

@@ -1,138 +1,138 @@
 edges
 | test.cpp:4:15:4:33 | call to malloc | test.cpp:4:15:4:33 | call to malloc | provenance |  |
-| test.cpp:4:15:4:33 | call to malloc | test.cpp:5:15:5:22 | ... + ... | provenance |  |
+| test.cpp:4:15:4:33 | call to malloc | test.cpp:5:15:5:22 | ... + ... | provenance | Config |
 | test.cpp:5:15:5:22 | ... + ... | test.cpp:5:15:5:22 | ... + ... | provenance |  |
-| test.cpp:5:15:5:22 | ... + ... | test.cpp:6:14:6:15 | * ... | provenance |  |
-| test.cpp:5:15:5:22 | ... + ... | test.cpp:6:14:6:15 | * ... | provenance |  |
-| test.cpp:5:15:5:22 | ... + ... | test.cpp:6:14:6:15 | * ... | provenance |  |
-| test.cpp:5:15:5:22 | ... + ... | test.cpp:6:14:6:15 | * ... | provenance |  |
-| test.cpp:5:15:5:22 | ... + ... | test.cpp:8:14:8:21 | * ... | provenance |  |
-| test.cpp:5:15:5:22 | ... + ... | test.cpp:8:14:8:21 | * ... | provenance |  |
+| test.cpp:5:15:5:22 | ... + ... | test.cpp:6:14:6:15 | * ... | provenance | Config |
+| test.cpp:5:15:5:22 | ... + ... | test.cpp:6:14:6:15 | * ... | provenance | Config |
+| test.cpp:5:15:5:22 | ... + ... | test.cpp:6:14:6:15 | * ... | provenance | Config |
+| test.cpp:5:15:5:22 | ... + ... | test.cpp:6:14:6:15 | * ... | provenance | Config |
+| test.cpp:5:15:5:22 | ... + ... | test.cpp:8:14:8:21 | * ... | provenance | Config |
+| test.cpp:5:15:5:22 | ... + ... | test.cpp:8:14:8:21 | * ... | provenance | Config |
 | test.cpp:6:14:6:15 | * ... | test.cpp:8:14:8:21 | * ... | provenance |  |
 | test.cpp:16:15:16:33 | call to malloc | test.cpp:16:15:16:33 | call to malloc | provenance |  |
-| test.cpp:16:15:16:33 | call to malloc | test.cpp:20:14:20:21 | * ... | provenance |  |
+| test.cpp:16:15:16:33 | call to malloc | test.cpp:20:14:20:21 | * ... | provenance | Config |
 | test.cpp:28:15:28:37 | call to malloc | test.cpp:28:15:28:37 | call to malloc | provenance |  |
-| test.cpp:28:15:28:37 | call to malloc | test.cpp:29:15:29:28 | ... + ... | provenance |  |
+| test.cpp:28:15:28:37 | call to malloc | test.cpp:29:15:29:28 | ... + ... | provenance | Config |
 | test.cpp:29:15:29:28 | ... + ... | test.cpp:29:15:29:28 | ... + ... | provenance |  |
-| test.cpp:29:15:29:28 | ... + ... | test.cpp:30:14:30:15 | * ... | provenance |  |
-| test.cpp:29:15:29:28 | ... + ... | test.cpp:30:14:30:15 | * ... | provenance |  |
-| test.cpp:29:15:29:28 | ... + ... | test.cpp:30:14:30:15 | * ... | provenance |  |
-| test.cpp:29:15:29:28 | ... + ... | test.cpp:30:14:30:15 | * ... | provenance |  |
-| test.cpp:29:15:29:28 | ... + ... | test.cpp:32:14:32:21 | * ... | provenance |  |
-| test.cpp:29:15:29:28 | ... + ... | test.cpp:32:14:32:21 | * ... | provenance |  |
+| test.cpp:29:15:29:28 | ... + ... | test.cpp:30:14:30:15 | * ... | provenance | Config |
+| test.cpp:29:15:29:28 | ... + ... | test.cpp:30:14:30:15 | * ... | provenance | Config |
+| test.cpp:29:15:29:28 | ... + ... | test.cpp:30:14:30:15 | * ... | provenance | Config |
+| test.cpp:29:15:29:28 | ... + ... | test.cpp:30:14:30:15 | * ... | provenance | Config |
+| test.cpp:29:15:29:28 | ... + ... | test.cpp:32:14:32:21 | * ... | provenance | Config |
+| test.cpp:29:15:29:28 | ... + ... | test.cpp:32:14:32:21 | * ... | provenance | Config |
 | test.cpp:30:14:30:15 | * ... | test.cpp:32:14:32:21 | * ... | provenance |  |
 | test.cpp:51:33:51:35 | *end | test.cpp:60:34:60:37 | mk_array output argument | provenance |  |
 | test.cpp:52:19:52:37 | call to malloc | test.cpp:52:19:52:37 | call to malloc | provenance |  |
-| test.cpp:52:19:52:37 | call to malloc | test.cpp:53:12:53:23 | ... + ... | provenance |  |
+| test.cpp:52:19:52:37 | call to malloc | test.cpp:53:12:53:23 | ... + ... | provenance | Config |
 | test.cpp:53:5:53:23 | ... = ... | test.cpp:51:33:51:35 | *end | provenance |  |
 | test.cpp:53:12:53:23 | ... + ... | test.cpp:53:5:53:23 | ... = ... | provenance |  |
-| test.cpp:60:34:60:37 | mk_array output argument | test.cpp:67:9:67:14 | ... = ... | provenance |  |
+| test.cpp:60:34:60:37 | mk_array output argument | test.cpp:67:9:67:14 | ... = ... | provenance | Config |
 | test.cpp:205:15:205:33 | call to malloc | test.cpp:205:15:205:33 | call to malloc | provenance |  |
-| test.cpp:205:15:205:33 | call to malloc | test.cpp:206:17:206:23 | ... + ... | provenance |  |
+| test.cpp:205:15:205:33 | call to malloc | test.cpp:206:17:206:23 | ... + ... | provenance | Config |
 | test.cpp:206:17:206:23 | ... + ... | test.cpp:206:17:206:23 | ... + ... | provenance |  |
-| test.cpp:206:17:206:23 | ... + ... | test.cpp:213:5:213:13 | ... = ... | provenance |  |
-| test.cpp:206:17:206:23 | ... + ... | test.cpp:213:5:213:13 | ... = ... | provenance |  |
+| test.cpp:206:17:206:23 | ... + ... | test.cpp:213:5:213:13 | ... = ... | provenance | Config |
+| test.cpp:206:17:206:23 | ... + ... | test.cpp:213:5:213:13 | ... = ... | provenance | Config |
 | test.cpp:260:13:260:24 | new[] | test.cpp:260:13:260:24 | new[] | provenance |  |
-| test.cpp:260:13:260:24 | new[] | test.cpp:261:14:261:21 | ... + ... | provenance |  |
+| test.cpp:260:13:260:24 | new[] | test.cpp:261:14:261:21 | ... + ... | provenance | Config |
 | test.cpp:261:14:261:21 | ... + ... | test.cpp:261:14:261:21 | ... + ... | provenance |  |
-| test.cpp:261:14:261:21 | ... + ... | test.cpp:264:13:264:14 | * ... | provenance |  |
-| test.cpp:261:14:261:21 | ... + ... | test.cpp:264:13:264:14 | * ... | provenance |  |
-| test.cpp:261:14:261:21 | ... + ... | test.cpp:264:13:264:14 | * ... | provenance |  |
-| test.cpp:261:14:261:21 | ... + ... | test.cpp:264:13:264:14 | * ... | provenance |  |
+| test.cpp:261:14:261:21 | ... + ... | test.cpp:264:13:264:14 | * ... | provenance | Config |
+| test.cpp:261:14:261:21 | ... + ... | test.cpp:264:13:264:14 | * ... | provenance | Config |
+| test.cpp:261:14:261:21 | ... + ... | test.cpp:264:13:264:14 | * ... | provenance | Config |
+| test.cpp:261:14:261:21 | ... + ... | test.cpp:264:13:264:14 | * ... | provenance | Config |
 | test.cpp:262:31:262:33 | *... ++ | test.cpp:264:13:264:14 | * ... | provenance |  |
 | test.cpp:262:31:262:33 | *... ++ | test.cpp:264:13:264:14 | * ... | provenance |  |
 | test.cpp:264:13:264:14 | * ... | test.cpp:262:31:262:33 | *... ++ | provenance |  |
 | test.cpp:270:13:270:24 | new[] | test.cpp:270:13:270:24 | new[] | provenance |  |
-| test.cpp:270:13:270:24 | new[] | test.cpp:271:14:271:21 | ... + ... | provenance |  |
+| test.cpp:270:13:270:24 | new[] | test.cpp:271:14:271:21 | ... + ... | provenance | Config |
 | test.cpp:271:14:271:21 | ... + ... | test.cpp:271:14:271:21 | ... + ... | provenance |  |
-| test.cpp:271:14:271:21 | ... + ... | test.cpp:274:5:274:10 | ... = ... | provenance |  |
-| test.cpp:271:14:271:21 | ... + ... | test.cpp:274:5:274:10 | ... = ... | provenance |  |
+| test.cpp:271:14:271:21 | ... + ... | test.cpp:274:5:274:10 | ... = ... | provenance | Config |
+| test.cpp:271:14:271:21 | ... + ... | test.cpp:274:5:274:10 | ... = ... | provenance | Config |
 | test.cpp:355:14:355:27 | new[] | test.cpp:355:14:355:27 | new[] | provenance |  |
-| test.cpp:355:14:355:27 | new[] | test.cpp:356:15:356:23 | ... + ... | provenance |  |
+| test.cpp:355:14:355:27 | new[] | test.cpp:356:15:356:23 | ... + ... | provenance | Config |
 | test.cpp:356:15:356:23 | ... + ... | test.cpp:356:15:356:23 | ... + ... | provenance |  |
-| test.cpp:356:15:356:23 | ... + ... | test.cpp:358:14:358:26 | * ... | provenance |  |
-| test.cpp:356:15:356:23 | ... + ... | test.cpp:358:14:358:26 | * ... | provenance |  |
-| test.cpp:356:15:356:23 | ... + ... | test.cpp:359:14:359:32 | * ... | provenance |  |
-| test.cpp:356:15:356:23 | ... + ... | test.cpp:359:14:359:32 | * ... | provenance |  |
+| test.cpp:356:15:356:23 | ... + ... | test.cpp:358:14:358:26 | * ... | provenance | Config |
+| test.cpp:356:15:356:23 | ... + ... | test.cpp:358:14:358:26 | * ... | provenance | Config |
+| test.cpp:356:15:356:23 | ... + ... | test.cpp:359:14:359:32 | * ... | provenance | Config |
+| test.cpp:356:15:356:23 | ... + ... | test.cpp:359:14:359:32 | * ... | provenance | Config |
 | test.cpp:377:14:377:27 | new[] | test.cpp:377:14:377:27 | new[] | provenance |  |
-| test.cpp:377:14:377:27 | new[] | test.cpp:378:15:378:23 | ... + ... | provenance |  |
+| test.cpp:377:14:377:27 | new[] | test.cpp:378:15:378:23 | ... + ... | provenance | Config |
 | test.cpp:378:15:378:23 | ... + ... | test.cpp:378:15:378:23 | ... + ... | provenance |  |
-| test.cpp:378:15:378:23 | ... + ... | test.cpp:384:13:384:16 | * ... | provenance |  |
-| test.cpp:378:15:378:23 | ... + ... | test.cpp:384:13:384:16 | * ... | provenance |  |
+| test.cpp:378:15:378:23 | ... + ... | test.cpp:384:13:384:16 | * ... | provenance | Config |
+| test.cpp:378:15:378:23 | ... + ... | test.cpp:384:13:384:16 | * ... | provenance | Config |
 | test.cpp:410:14:410:27 | new[] | test.cpp:410:14:410:27 | new[] | provenance |  |
-| test.cpp:410:14:410:27 | new[] | test.cpp:411:15:411:23 | & ... | provenance |  |
-| test.cpp:410:14:410:27 | new[] | test.cpp:415:7:415:15 | ... = ... | provenance |  |
+| test.cpp:410:14:410:27 | new[] | test.cpp:411:15:411:23 | & ... | provenance | Config |
+| test.cpp:410:14:410:27 | new[] | test.cpp:415:7:415:15 | ... = ... | provenance | Config |
 | test.cpp:411:15:411:23 | & ... | test.cpp:411:15:411:23 | & ... | provenance |  |
-| test.cpp:411:15:411:23 | & ... | test.cpp:415:7:415:15 | ... = ... | provenance |  |
-| test.cpp:411:15:411:23 | & ... | test.cpp:415:7:415:15 | ... = ... | provenance |  |
+| test.cpp:411:15:411:23 | & ... | test.cpp:415:7:415:15 | ... = ... | provenance | Config |
+| test.cpp:411:15:411:23 | & ... | test.cpp:415:7:415:15 | ... = ... | provenance | Config |
 | test.cpp:421:14:421:27 | new[] | test.cpp:421:14:421:27 | new[] | provenance |  |
-| test.cpp:421:14:421:27 | new[] | test.cpp:422:15:422:23 | & ... | provenance |  |
-| test.cpp:421:14:421:27 | new[] | test.cpp:426:7:426:15 | ... = ... | provenance |  |
+| test.cpp:421:14:421:27 | new[] | test.cpp:422:15:422:23 | & ... | provenance | Config |
+| test.cpp:421:14:421:27 | new[] | test.cpp:426:7:426:15 | ... = ... | provenance | Config |
 | test.cpp:422:15:422:23 | & ... | test.cpp:422:15:422:23 | & ... | provenance |  |
-| test.cpp:422:15:422:23 | & ... | test.cpp:426:7:426:15 | ... = ... | provenance |  |
-| test.cpp:422:15:422:23 | & ... | test.cpp:426:7:426:15 | ... = ... | provenance |  |
+| test.cpp:422:15:422:23 | & ... | test.cpp:426:7:426:15 | ... = ... | provenance | Config |
+| test.cpp:422:15:422:23 | & ... | test.cpp:426:7:426:15 | ... = ... | provenance | Config |
 | test.cpp:432:14:432:27 | new[] | test.cpp:432:14:432:27 | new[] | provenance |  |
-| test.cpp:432:14:432:27 | new[] | test.cpp:433:15:433:23 | & ... | provenance |  |
-| test.cpp:432:14:432:27 | new[] | test.cpp:438:7:438:15 | ... = ... | provenance |  |
+| test.cpp:432:14:432:27 | new[] | test.cpp:433:15:433:23 | & ... | provenance | Config |
+| test.cpp:432:14:432:27 | new[] | test.cpp:438:7:438:15 | ... = ... | provenance | Config |
 | test.cpp:433:15:433:23 | & ... | test.cpp:433:15:433:23 | & ... | provenance |  |
-| test.cpp:433:15:433:23 | & ... | test.cpp:438:7:438:15 | ... = ... | provenance |  |
-| test.cpp:433:15:433:23 | & ... | test.cpp:438:7:438:15 | ... = ... | provenance |  |
+| test.cpp:433:15:433:23 | & ... | test.cpp:438:7:438:15 | ... = ... | provenance | Config |
+| test.cpp:433:15:433:23 | & ... | test.cpp:438:7:438:15 | ... = ... | provenance | Config |
 | test.cpp:444:14:444:27 | new[] | test.cpp:444:14:444:27 | new[] | provenance |  |
-| test.cpp:444:14:444:27 | new[] | test.cpp:445:15:445:23 | & ... | provenance |  |
-| test.cpp:444:14:444:27 | new[] | test.cpp:450:7:450:15 | ... = ... | provenance |  |
+| test.cpp:444:14:444:27 | new[] | test.cpp:445:15:445:23 | & ... | provenance | Config |
+| test.cpp:444:14:444:27 | new[] | test.cpp:450:7:450:15 | ... = ... | provenance | Config |
 | test.cpp:445:15:445:23 | & ... | test.cpp:445:15:445:23 | & ... | provenance |  |
-| test.cpp:445:15:445:23 | & ... | test.cpp:450:7:450:15 | ... = ... | provenance |  |
-| test.cpp:445:15:445:23 | & ... | test.cpp:450:7:450:15 | ... = ... | provenance |  |
+| test.cpp:445:15:445:23 | & ... | test.cpp:450:7:450:15 | ... = ... | provenance | Config |
+| test.cpp:445:15:445:23 | & ... | test.cpp:450:7:450:15 | ... = ... | provenance | Config |
 | test.cpp:480:14:480:27 | new[] | test.cpp:480:14:480:27 | new[] | provenance |  |
-| test.cpp:480:14:480:27 | new[] | test.cpp:481:15:481:23 | & ... | provenance |  |
-| test.cpp:480:14:480:27 | new[] | test.cpp:486:7:486:15 | ... = ... | provenance |  |
+| test.cpp:480:14:480:27 | new[] | test.cpp:481:15:481:23 | & ... | provenance | Config |
+| test.cpp:480:14:480:27 | new[] | test.cpp:486:7:486:15 | ... = ... | provenance | Config |
 | test.cpp:481:15:481:23 | & ... | test.cpp:481:15:481:23 | & ... | provenance |  |
-| test.cpp:481:15:481:23 | & ... | test.cpp:486:7:486:15 | ... = ... | provenance |  |
-| test.cpp:481:15:481:23 | & ... | test.cpp:486:7:486:15 | ... = ... | provenance |  |
+| test.cpp:481:15:481:23 | & ... | test.cpp:486:7:486:15 | ... = ... | provenance | Config |
+| test.cpp:481:15:481:23 | & ... | test.cpp:486:7:486:15 | ... = ... | provenance | Config |
 | test.cpp:543:14:543:27 | new[] | test.cpp:543:14:543:27 | new[] | provenance |  |
-| test.cpp:543:14:543:27 | new[] | test.cpp:548:5:548:19 | ... = ... | provenance |  |
+| test.cpp:543:14:543:27 | new[] | test.cpp:548:5:548:19 | ... = ... | provenance | Config |
 | test.cpp:554:14:554:27 | new[] | test.cpp:554:14:554:27 | new[] | provenance |  |
-| test.cpp:554:14:554:27 | new[] | test.cpp:559:5:559:19 | ... = ... | provenance |  |
+| test.cpp:554:14:554:27 | new[] | test.cpp:559:5:559:19 | ... = ... | provenance | Config |
 | test.cpp:642:14:642:31 | new[] | test.cpp:642:14:642:31 | new[] | provenance |  |
-| test.cpp:642:14:642:31 | new[] | test.cpp:647:5:647:19 | ... = ... | provenance |  |
+| test.cpp:642:14:642:31 | new[] | test.cpp:647:5:647:19 | ... = ... | provenance | Config |
 | test.cpp:730:12:730:28 | new[] | test.cpp:730:12:730:28 | new[] | provenance |  |
-| test.cpp:730:12:730:28 | new[] | test.cpp:732:16:732:26 | ... + ... | provenance |  |
+| test.cpp:730:12:730:28 | new[] | test.cpp:732:16:732:26 | ... + ... | provenance | Config |
 | test.cpp:732:16:732:26 | ... + ... | test.cpp:732:16:732:26 | ... + ... | provenance |  |
-| test.cpp:732:16:732:26 | ... + ... | test.cpp:733:5:733:12 | ... = ... | provenance |  |
-| test.cpp:732:16:732:26 | ... + ... | test.cpp:733:5:733:12 | ... = ... | provenance |  |
+| test.cpp:732:16:732:26 | ... + ... | test.cpp:733:5:733:12 | ... = ... | provenance | Config |
+| test.cpp:732:16:732:26 | ... + ... | test.cpp:733:5:733:12 | ... = ... | provenance | Config |
 | test.cpp:754:18:754:31 | new[] | test.cpp:754:18:754:31 | new[] | provenance |  |
-| test.cpp:754:18:754:31 | new[] | test.cpp:767:16:767:29 | access to array | provenance |  |
-| test.cpp:754:18:754:31 | new[] | test.cpp:767:16:767:29 | access to array | provenance |  |
-| test.cpp:754:18:754:31 | new[] | test.cpp:772:16:772:29 | access to array | provenance |  |
-| test.cpp:754:18:754:31 | new[] | test.cpp:772:16:772:29 | access to array | provenance |  |
+| test.cpp:754:18:754:31 | new[] | test.cpp:767:16:767:29 | access to array | provenance | Config |
+| test.cpp:754:18:754:31 | new[] | test.cpp:767:16:767:29 | access to array | provenance | Config |
+| test.cpp:754:18:754:31 | new[] | test.cpp:772:16:772:29 | access to array | provenance | Config |
+| test.cpp:754:18:754:31 | new[] | test.cpp:772:16:772:29 | access to array | provenance | Config |
 | test.cpp:781:14:781:27 | new[] | test.cpp:781:14:781:27 | new[] | provenance |  |
-| test.cpp:781:14:781:27 | new[] | test.cpp:786:18:786:27 | access to array | provenance |  |
+| test.cpp:781:14:781:27 | new[] | test.cpp:786:18:786:27 | access to array | provenance | Config |
 | test.cpp:792:60:792:62 | *end | test.cpp:800:40:800:43 | mk_array_no_field_flow output argument | provenance |  |
 | test.cpp:792:60:792:62 | *end | test.cpp:832:40:832:43 | mk_array_no_field_flow output argument | provenance |  |
-| test.cpp:793:5:793:32 | ... = ... | test.cpp:794:12:794:24 | ... + ... | provenance |  |
+| test.cpp:793:5:793:32 | ... = ... | test.cpp:794:12:794:24 | ... + ... | provenance | Config |
 | test.cpp:793:14:793:32 | call to malloc | test.cpp:793:5:793:32 | ... = ... | provenance |  |
 | test.cpp:794:5:794:24 | ... = ... | test.cpp:792:60:792:62 | *end | provenance |  |
 | test.cpp:794:12:794:24 | ... + ... | test.cpp:794:5:794:24 | ... = ... | provenance |  |
-| test.cpp:800:40:800:43 | mk_array_no_field_flow output argument | test.cpp:807:7:807:12 | ... = ... | provenance |  |
+| test.cpp:800:40:800:43 | mk_array_no_field_flow output argument | test.cpp:807:7:807:12 | ... = ... | provenance | Config |
 | test.cpp:815:52:815:54 | end | test.cpp:815:52:815:54 | end | provenance |  |
-| test.cpp:815:52:815:54 | end | test.cpp:821:7:821:12 | ... = ... | provenance |  |
-| test.cpp:815:52:815:54 | end | test.cpp:821:7:821:12 | ... = ... | provenance |  |
+| test.cpp:815:52:815:54 | end | test.cpp:821:7:821:12 | ... = ... | provenance | Config |
+| test.cpp:815:52:815:54 | end | test.cpp:821:7:821:12 | ... = ... | provenance | Config |
 | test.cpp:832:40:832:43 | mk_array_no_field_flow output argument | test.cpp:833:37:833:39 | end | provenance |  |
 | test.cpp:833:37:833:39 | end | test.cpp:815:52:815:54 | end | provenance |  |
 | test.cpp:841:18:841:35 | call to malloc | test.cpp:841:18:841:35 | call to malloc | provenance |  |
-| test.cpp:841:18:841:35 | call to malloc | test.cpp:842:3:842:20 | ... = ... | provenance |  |
+| test.cpp:841:18:841:35 | call to malloc | test.cpp:842:3:842:20 | ... = ... | provenance | Config |
 | test.cpp:848:20:848:37 | call to malloc | test.cpp:848:20:848:37 | call to malloc | provenance |  |
-| test.cpp:848:20:848:37 | call to malloc | test.cpp:849:5:849:22 | ... = ... | provenance |  |
+| test.cpp:848:20:848:37 | call to malloc | test.cpp:849:5:849:22 | ... = ... | provenance | Config |
 | test.cpp:856:12:856:35 | call to malloc | test.cpp:856:12:856:35 | call to malloc | provenance |  |
-| test.cpp:856:12:856:35 | call to malloc | test.cpp:857:16:857:29 | ... + ... | provenance |  |
+| test.cpp:856:12:856:35 | call to malloc | test.cpp:857:16:857:29 | ... + ... | provenance | Config |
 | test.cpp:857:16:857:29 | ... + ... | test.cpp:857:16:857:29 | ... + ... | provenance |  |
-| test.cpp:857:16:857:29 | ... + ... | test.cpp:860:5:860:11 | ... = ... | provenance |  |
-| test.cpp:857:16:857:29 | ... + ... | test.cpp:860:5:860:11 | ... = ... | provenance |  |
+| test.cpp:857:16:857:29 | ... + ... | test.cpp:860:5:860:11 | ... = ... | provenance | Config |
+| test.cpp:857:16:857:29 | ... + ... | test.cpp:860:5:860:11 | ... = ... | provenance | Config |
 | test.cpp:868:15:868:35 | call to g_malloc | test.cpp:868:15:868:35 | call to g_malloc | provenance |  |
-| test.cpp:868:15:868:35 | call to g_malloc | test.cpp:869:15:869:22 | ... + ... | provenance |  |
+| test.cpp:868:15:868:35 | call to g_malloc | test.cpp:869:15:869:22 | ... + ... | provenance | Config |
 | test.cpp:869:15:869:22 | ... + ... | test.cpp:869:15:869:22 | ... + ... | provenance |  |
-| test.cpp:869:15:869:22 | ... + ... | test.cpp:870:14:870:15 | * ... | provenance |  |
-| test.cpp:869:15:869:22 | ... + ... | test.cpp:870:14:870:15 | * ... | provenance |  |
+| test.cpp:869:15:869:22 | ... + ... | test.cpp:870:14:870:15 | * ... | provenance | Config |
+| test.cpp:869:15:869:22 | ... + ... | test.cpp:870:14:870:15 | * ... | provenance | Config |
 nodes
 | test.cpp:4:15:4:33 | call to malloc | semmle.label | call to malloc |
 | test.cpp:4:15:4:33 | call to malloc | semmle.label | call to malloc |

cpp/ql/test/query-tests/Security/CWE/CWE-416/semmle/tests/UseOfUniquePtrAfterLifetimeEnds/test.cpp

@@ -203,4 +203,12 @@ void test2(bool b1, bool b2) {
   auto s11 = b2 ? nullptr : sRefRef.get(); // GOOD
   const S* s12;
   s12 = sRefRef.get(); // GOOD
+}
+
+void test_convert_to_bool() {
+  bool b = get_unique_ptr().get(); // GOOD
+
+  if(get_unique_ptr().get()) { // GOOD
+
+  }
 }

cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/ExposedSystemData.expected

@@ -12,7 +12,7 @@ edges
 | tests2.cpp:111:14:111:15 | *c1 [*ptr] | tests2.cpp:111:14:111:19 | *ptr | provenance |  |
 | tests2.cpp:111:14:111:15 | *c1 [*ptr] | tests2.cpp:111:17:111:19 | *ptr | provenance |  |
 | tests2.cpp:111:17:111:19 | *ptr | tests2.cpp:111:14:111:19 | *ptr | provenance |  |
-| tests2.cpp:120:5:120:21 | [summary param] 1 indirection in zmq_msg_init_data | tests2.cpp:120:5:120:21 | [summary] to write: Argument[0 indirection] in zmq_msg_init_data | provenance |  |
+| tests2.cpp:120:5:120:21 | [summary param] 1 indirection in zmq_msg_init_data | tests2.cpp:120:5:120:21 | [summary param] 0 indirection in zmq_msg_init_data [Return] | provenance |  |
 | tests2.cpp:134:2:134:30 | *... = ... | tests2.cpp:138:23:138:34 | *message_data | provenance |  |
 | tests2.cpp:134:2:134:30 | *... = ... | tests2.cpp:143:34:143:45 | *message_data | provenance |  |
 | tests2.cpp:134:17:134:22 | *call to getenv | tests2.cpp:134:2:134:30 | *... = ... | provenance |  |
@@ -52,8 +52,8 @@ nodes
 | tests2.cpp:111:14:111:15 | *c1 [*ptr] | semmle.label | *c1 [*ptr] |
 | tests2.cpp:111:14:111:19 | *ptr | semmle.label | *ptr |
 | tests2.cpp:111:17:111:19 | *ptr | semmle.label | *ptr |
+| tests2.cpp:120:5:120:21 | [summary param] 0 indirection in zmq_msg_init_data [Return] | semmle.label | [summary param] 0 indirection in zmq_msg_init_data [Return] |
 | tests2.cpp:120:5:120:21 | [summary param] 1 indirection in zmq_msg_init_data | semmle.label | [summary param] 1 indirection in zmq_msg_init_data |
-| tests2.cpp:120:5:120:21 | [summary] to write: Argument[0 indirection] in zmq_msg_init_data | semmle.label | [summary] to write: Argument[0 indirection] in zmq_msg_init_data |
 | tests2.cpp:134:2:134:30 | *... = ... | semmle.label | *... = ... |
 | tests2.cpp:134:17:134:22 | *call to getenv | semmle.label | *call to getenv |
 | tests2.cpp:138:23:138:34 | *message_data | semmle.label | *message_data |
@@ -74,7 +74,7 @@ nodes
 | tests_sysconf.cpp:36:21:36:27 | confstr output argument | semmle.label | confstr output argument |
 | tests_sysconf.cpp:39:19:39:25 | *pathbuf | semmle.label | *pathbuf |
 subpaths
-| tests2.cpp:143:34:143:45 | *message_data | tests2.cpp:120:5:120:21 | [summary param] 1 indirection in zmq_msg_init_data | tests2.cpp:120:5:120:21 | [summary] to write: Argument[0 indirection] in zmq_msg_init_data | tests2.cpp:143:24:143:31 | zmq_msg_init_data output argument |
+| tests2.cpp:143:34:143:45 | *message_data | tests2.cpp:120:5:120:21 | [summary param] 1 indirection in zmq_msg_init_data | tests2.cpp:120:5:120:21 | [summary param] 0 indirection in zmq_msg_init_data [Return] | tests2.cpp:143:24:143:31 | zmq_msg_init_data output argument |
 #select
 | tests2.cpp:63:13:63:26 | *call to getenv | tests2.cpp:63:13:63:26 | *call to getenv | tests2.cpp:63:13:63:26 | *call to getenv | This operation exposes system data from $@. | tests2.cpp:63:13:63:26 | *call to getenv | *call to getenv |
 | tests2.cpp:64:13:64:26 | *call to getenv | tests2.cpp:64:13:64:26 | *call to getenv | tests2.cpp:64:13:64:26 | *call to getenv | This operation exposes system data from $@. | tests2.cpp:64:13:64:26 | *call to getenv | *call to getenv |

cpp/ql/test/query-tests/Security/CWE/CWE-611/XXE.expected

@@ -2,6 +2,7 @@ edges
 | tests2.cpp:20:17:20:31 | *new | tests2.cpp:22:2:22:2 | *p | provenance |  |
 | tests2.cpp:20:17:20:31 | call to SAXParser | tests2.cpp:20:17:20:31 | *new | provenance |  |
 | tests2.cpp:33:17:33:31 | *new | tests2.cpp:37:2:37:2 | *p | provenance |  |
+| tests2.cpp:33:17:33:31 | *new | tests2.cpp:37:2:37:2 | *p | provenance | Config |
 | tests2.cpp:33:17:33:31 | call to SAXParser | tests2.cpp:33:17:33:31 | *new | provenance |  |
 | tests2.cpp:49:12:49:12 | call to SAXParser | tests2.cpp:51:2:51:2 | *p | provenance |  |
 | tests3.cpp:23:21:23:53 | *call to createXMLReader | tests3.cpp:23:21:23:53 | *call to createXMLReader | provenance |  |
@@ -14,46 +15,51 @@ edges
 | tests3.cpp:48:24:48:56 | *call to createXMLReader | tests3.cpp:48:24:48:56 | *call to createXMLReader | provenance |  |
 | tests3.cpp:60:21:60:53 | *call to createXMLReader | tests3.cpp:60:21:60:53 | *call to createXMLReader | provenance |  |
 | tests3.cpp:60:21:60:53 | *call to createXMLReader | tests3.cpp:63:2:63:2 | *p | provenance |  |
+| tests3.cpp:60:21:60:53 | *call to createXMLReader | tests3.cpp:63:2:63:2 | *p | provenance | Config |
 | tests3.cpp:67:21:67:53 | *call to createXMLReader | tests3.cpp:67:21:67:53 | *call to createXMLReader | provenance |  |
 | tests3.cpp:67:21:67:53 | *call to createXMLReader | tests3.cpp:70:2:70:2 | *p | provenance |  |
 | tests5.cpp:27:25:27:38 | *call to createLSParser | tests5.cpp:27:25:27:38 | *call to createLSParser | provenance |  |
 | tests5.cpp:27:25:27:38 | *call to createLSParser | tests5.cpp:29:2:29:2 | *p | provenance |  |
 | tests5.cpp:40:25:40:38 | *call to createLSParser | tests5.cpp:40:25:40:38 | *call to createLSParser | provenance |  |
 | tests5.cpp:40:25:40:38 | *call to createLSParser | tests5.cpp:43:2:43:2 | *p | provenance |  |
+| tests5.cpp:40:25:40:38 | *call to createLSParser | tests5.cpp:43:2:43:2 | *p | provenance | Config |
 | tests5.cpp:55:25:55:38 | *call to createLSParser | tests5.cpp:55:25:55:38 | *call to createLSParser | provenance |  |
 | tests5.cpp:55:25:55:38 | *call to createLSParser | tests5.cpp:59:2:59:2 | *p | provenance |  |
+| tests5.cpp:55:25:55:38 | *call to createLSParser | tests5.cpp:59:2:59:2 | *p | provenance | Config |
 | tests5.cpp:63:21:63:24 | **g_p2 | tests5.cpp:77:2:77:5 | *g_p2 | provenance |  |
 | tests5.cpp:70:2:70:32 | *... = ... | tests5.cpp:63:21:63:24 | **g_p2 | provenance |  |
 | tests5.cpp:70:17:70:30 | *call to createLSParser | tests5.cpp:70:2:70:32 | *... = ... | provenance |  |
 | tests5.cpp:81:25:81:38 | *call to createLSParser | tests5.cpp:81:25:81:38 | *call to createLSParser | provenance |  |
 | tests5.cpp:81:25:81:38 | *call to createLSParser | tests5.cpp:83:2:83:2 | *p | provenance |  |
 | tests5.cpp:81:25:81:38 | *call to createLSParser | tests5.cpp:83:2:83:2 | *p | provenance |  |
-| tests5.cpp:83:2:83:2 | *p | tests5.cpp:85:2:85:2 | *p | provenance |  |
+| tests5.cpp:83:2:83:2 | *p | tests5.cpp:85:2:85:2 | *p | provenance | Config |
 | tests5.cpp:85:2:85:2 | *p | tests5.cpp:86:2:86:2 | *p | provenance |  |
-| tests5.cpp:86:2:86:2 | *p | tests5.cpp:88:2:88:2 | *p | provenance |  |
+| tests5.cpp:86:2:86:2 | *p | tests5.cpp:88:2:88:2 | *p | provenance | Config |
 | tests5.cpp:88:2:88:2 | *p | tests5.cpp:89:2:89:2 | *p | provenance |  |
 | tests.cpp:15:23:15:43 | *new | tests.cpp:17:2:17:2 | *p | provenance |  |
 | tests.cpp:15:23:15:43 | call to XercesDOMParser | tests.cpp:15:23:15:43 | *new | provenance |  |
 | tests.cpp:28:23:28:43 | *new | tests.cpp:31:2:31:2 | *p | provenance |  |
+| tests.cpp:28:23:28:43 | *new | tests.cpp:31:2:31:2 | *p | provenance | Config |
 | tests.cpp:28:23:28:43 | call to XercesDOMParser | tests.cpp:28:23:28:43 | *new | provenance |  |
 | tests.cpp:35:23:35:43 | *new | tests.cpp:37:2:37:2 | *p | provenance |  |
 | tests.cpp:35:23:35:43 | call to XercesDOMParser | tests.cpp:35:23:35:43 | *new | provenance |  |
-| tests.cpp:37:2:37:2 | *p | tests.cpp:37:2:37:2 | *p | provenance |  |
+| tests.cpp:37:2:37:2 | *p | tests.cpp:37:2:37:2 | *p | provenance | Config |
 | tests.cpp:37:2:37:2 | *p | tests.cpp:38:2:38:2 | *p | provenance |  |
-| tests.cpp:38:2:38:2 | *p | tests.cpp:38:2:38:2 | *p | provenance |  |
+| tests.cpp:38:2:38:2 | *p | tests.cpp:38:2:38:2 | *p | provenance | Config |
 | tests.cpp:38:2:38:2 | *p | tests.cpp:39:2:39:2 | *p | provenance |  |
 | tests.cpp:51:23:51:43 | *new | tests.cpp:53:2:53:2 | *p | provenance |  |
 | tests.cpp:51:23:51:43 | call to XercesDOMParser | tests.cpp:51:23:51:43 | *new | provenance |  |
-| tests.cpp:53:2:53:2 | *p | tests.cpp:53:2:53:2 | *p | provenance |  |
+| tests.cpp:53:2:53:2 | *p | tests.cpp:53:2:53:2 | *p | provenance | Config |
 | tests.cpp:53:2:53:2 | *p | tests.cpp:55:2:55:2 | *p | provenance |  |
-| tests.cpp:55:2:55:2 | *p | tests.cpp:55:2:55:2 | *p | provenance |  |
+| tests.cpp:55:2:55:2 | *p | tests.cpp:55:2:55:2 | *p | provenance | Config |
 | tests.cpp:55:2:55:2 | *p | tests.cpp:56:2:56:2 | *p | provenance |  |
 | tests.cpp:55:2:55:2 | *p | tests.cpp:57:2:57:2 | *p | provenance |  |
-| tests.cpp:57:2:57:2 | *p | tests.cpp:57:2:57:2 | *p | provenance |  |
+| tests.cpp:57:2:57:2 | *p | tests.cpp:57:2:57:2 | *p | provenance | Config |
 | tests.cpp:57:2:57:2 | *p | tests.cpp:59:2:59:2 | *p | provenance |  |
-| tests.cpp:59:2:59:2 | *p | tests.cpp:59:2:59:2 | *p | provenance |  |
+| tests.cpp:59:2:59:2 | *p | tests.cpp:59:2:59:2 | *p | provenance | Config |
 | tests.cpp:59:2:59:2 | *p | tests.cpp:60:2:60:2 | *p | provenance |  |
 | tests.cpp:66:23:66:43 | *new | tests.cpp:69:2:69:2 | *p | provenance |  |
+| tests.cpp:66:23:66:43 | *new | tests.cpp:69:2:69:2 | *p | provenance | Config |
 | tests.cpp:66:23:66:43 | call to XercesDOMParser | tests.cpp:66:23:66:43 | *new | provenance |  |
 | tests.cpp:73:23:73:43 | *new | tests.cpp:80:2:80:2 | *p | provenance |  |
 | tests.cpp:73:23:73:43 | call to XercesDOMParser | tests.cpp:73:23:73:43 | *new | provenance |  |

csharp/BUILD.bazel

@@ -1,6 +1,3 @@
-load("@rules_pkg//pkg:mappings.bzl", "pkg_filegroup", "pkg_files")
-load("@semmle_code//:dist.bzl", "dist")
-
 package(default_visibility = ["//visibility:public"])
 
 alias(
@@ -12,71 +9,3 @@ alias(
     name = "dbscheme-stats",
     actual = "//csharp/ql/lib:dbscheme-stats",
 )
-
-pkg_files(
-    name = "dbscheme-group",
-    srcs = [
-        ":dbscheme",
-        ":dbscheme-stats",
-    ],
-    strip_prefix = None,
-)
-
-pkg_files(
-    name = "extractor-asp",
-    srcs = [
-        "@semmle_code//extractor-asp:extractor-asp-fat",
-    ],
-    prefix = "tools",
-    renames = {
-        "@semmle_code//extractor-asp:extractor-asp-fat": "extractor-asp.jar",
-    },
-)
-
-pkg_filegroup(
-    name = "db-files",
-    srcs = [
-        ":dbscheme-group",
-        "//csharp/downgrades",
-    ],
-)
-
-pkg_files(
-    name = "extra-files",
-    srcs = [
-        ":codeql-extractor.yml",
-        "//:LICENSE",
-    ],
-)
-
-dist(
-    name = "extractor-arch",
-    srcs = [
-        "//csharp/autobuilder/Semmle.Autobuild.CSharp",
-        "//csharp/extractor/Semmle.Extraction.CSharp.Driver",
-        "//csharp/extractor/Semmle.Extraction.CSharp.Standalone",
-    ],
-)
-
-dist(
-    name = "extractor-generic",
-    srcs = [
-        ":dbscheme-group",
-        ":extra-files",
-        ":extractor-asp",
-        "//csharp/downgrades",
-        "//csharp/tools",
-    ],
-    prefix = "csharp",
-    visibility = ["//visibility:public"],
-)
-
-test_suite(
-    name = "unit-tests",
-    tags = ["csharp"],
-    tests = [
-        "//csharp/autobuilder/Semmle.Autobuild.CSharp.Tests",
-        "//csharp/autobuilder/Semmle.Autobuild.Cpp.Tests",
-        "//csharp/extractor/Semmle.Extraction.Tests",
-    ],
-)

csharp/Directory.Build.props

@@ -0,0 +1,16 @@
+<Project>
+
+  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
+    <Nullable>enable</Nullable>
+    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
+
+    <Company>GitHub</Company>
+    <Copyright>Copyright © $([System.DateTime]::Now.Year) $(Company)</Copyright>
+    <Version>1.0.0.0</Version>
+    <AssemblyVersion>1.0.0.0</AssemblyVersion>
+    <FileVersion>1.0.0.0</FileVersion>
+  </PropertyGroup>
+
+</Project>

csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/BUILD.bazel

@@ -1,18 +0,0 @@
-load(
-    "//misc/bazel:csharp.bzl",
-    "codeql_xunit_test",
-)
-
-codeql_xunit_test(
-    name = "Semmle.Autobuild.CSharp.Tests",
-    srcs = glob([
-        "*.cs",
-        "Properties/*.cs",
-    ]),
-    deps = [
-        "//csharp/autobuilder/Semmle.Autobuild.CSharp:bin/Semmle.Autobuild.CSharp",
-        "//csharp/autobuilder/Semmle.Autobuild.Shared",
-        "@paket.main//microsoft.net.test.sdk",
-        "@paket.main//system.io.filesystem",
-    ],
-)

csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/BuildScripts.cs

@@ -215,9 +215,9 @@ namespace Semmle.Autobuild.CSharp.Tests
 
     internal class TestDiagnosticWriter : IDiagnosticsWriter
     {
-        public IList<Semmle.Util.DiagnosticMessage> Diagnostics { get; } = new List<Semmle.Util.DiagnosticMessage>();
+        public IList<DiagnosticMessage> Diagnostics { get; } = new List<DiagnosticMessage>();
 
-        public void AddEntry(Semmle.Util.DiagnosticMessage message) => this.Diagnostics.Add(message);
+        public void AddEntry(DiagnosticMessage message) => this.Diagnostics.Add(message);
 
         public void Dispose() { }
     }
@@ -544,51 +544,6 @@ namespace Semmle.Autobuild.CSharp.Tests
             Assert.Equal(2, vcvarsfiles.Length);
         }
 
-        [Fact]
-        public void TestLinuxBuildlessExtractionSuccess()
-        {
-            actions.RunProcess[@"C:\codeql\csharp/tools/linux64/Semmle.Extraction.CSharp.Standalone"] = 0;
-            actions.FileExists["csharp.log"] = true;
-            actions.GetEnvironmentVariable["CODEQL_EXTRACTOR_CSHARP_TRAP_DIR"] = "";
-            actions.GetEnvironmentVariable["CODEQL_EXTRACTOR_CSHARP_SOURCE_ARCHIVE_DIR"] = "";
-            actions.GetEnvironmentVariable["CODEQL_EXTRACTOR_CSHARP_SCRATCH_DIR"] = "scratch";
-            actions.EnumerateFiles[@"C:\Project"] = "foo.cs\ntest.sln";
-            actions.EnumerateDirectories[@"C:\Project"] = "";
-
-            var autobuilder = CreateAutoBuilder(false, buildless: "true");
-            TestAutobuilderScript(autobuilder, 0, 1);
-        }
-
-        [Fact]
-        public void TestLinuxBuildlessExtractionFailed()
-        {
-            actions.RunProcess[@"C:\codeql\csharp/tools/linux64/Semmle.Extraction.CSharp.Standalone"] = 10;
-            actions.FileExists["csharp.log"] = true;
-            actions.GetEnvironmentVariable["CODEQL_EXTRACTOR_CSHARP_TRAP_DIR"] = "";
-            actions.GetEnvironmentVariable["CODEQL_EXTRACTOR_CSHARP_SOURCE_ARCHIVE_DIR"] = "";
-            actions.GetEnvironmentVariable["CODEQL_EXTRACTOR_CSHARP_SCRATCH_DIR"] = "scratch";
-            actions.EnumerateFiles[@"C:\Project"] = "foo.cs\ntest.sln";
-            actions.EnumerateDirectories[@"C:\Project"] = "";
-
-            var autobuilder = CreateAutoBuilder(false, buildless: "true");
-            TestAutobuilderScript(autobuilder, 10, 1);
-        }
-
-        [Fact]
-        public void TestLinuxBuildlessExtractionSolution()
-        {
-            actions.RunProcess[@"C:\codeql\csharp/tools/linux64/Semmle.Extraction.CSharp.Standalone"] = 0;
-            actions.FileExists["csharp.log"] = true;
-            actions.GetEnvironmentVariable["CODEQL_EXTRACTOR_CSHARP_TRAP_DIR"] = "";
-            actions.GetEnvironmentVariable["CODEQL_EXTRACTOR_CSHARP_SOURCE_ARCHIVE_DIR"] = "";
-            actions.GetEnvironmentVariable["CODEQL_EXTRACTOR_CSHARP_SCRATCH_DIR"] = "scratch";
-            actions.EnumerateFiles[@"C:\Project"] = "foo.cs\ntest.sln";
-            actions.EnumerateDirectories[@"C:\Project"] = "";
-
-            var autobuilder = CreateAutoBuilder(false, buildless: "true");
-            TestAutobuilderScript(autobuilder, 0, 1);
-        }
-
         private void TestAutobuilderScript(CSharpAutobuilder autobuilder, int expectedOutput, int commandsRun)
         {
             Assert.Equal(expectedOutput, autobuilder.GetBuildScript().Run(actions, StartCallback, EndCallback));
@@ -677,21 +632,6 @@ namespace Semmle.Autobuild.CSharp.Tests
             TestAutobuilderScript(autobuilder, 0, 1);
         }
 
-        [Fact]
-        public void TestSkipNugetBuildless()
-        {
-            actions.RunProcess[@"C:\codeql\csharp/tools/linux64/Semmle.Extraction.CSharp.Standalone"] = 0;
-            actions.FileExists["csharp.log"] = true;
-            actions.GetEnvironmentVariable["CODEQL_EXTRACTOR_CSHARP_TRAP_DIR"] = "";
-            actions.GetEnvironmentVariable["CODEQL_EXTRACTOR_CSHARP_SOURCE_ARCHIVE_DIR"] = "";
-            actions.GetEnvironmentVariable["CODEQL_EXTRACTOR_CSHARP_SCRATCH_DIR"] = "scratch";
-            actions.EnumerateFiles[@"C:\Project"] = "foo.cs\ntest.sln";
-            actions.EnumerateDirectories[@"C:\Project"] = "";
-
-            var autobuilder = CreateAutoBuilder(false, buildless: "true");
-            TestAutobuilderScript(autobuilder, 0, 1);
-        }
-
         [Fact]
         public void TestDotnetVersionNotInstalled()
         {

csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/Semmle.Autobuild.CSharp.Tests.csproj

@@ -1,14 +1,8 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project Sdk="Microsoft.NET.Sdk">
-  <PropertyGroup>
-    <TargetFramework>net8.0</TargetFramework>
-    <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
-    <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
-    <Nullable>enable</Nullable>
-  </PropertyGroup>
-  <ItemGroup>
-    <ProjectReference Include="..\Semmle.Autobuild.CSharp\Semmle.Autobuild.CSharp.csproj" />
-    <ProjectReference Include="..\Semmle.Autobuild.Shared\Semmle.Autobuild.Shared.csproj" />
-  </ItemGroup>
+	<ItemGroup>
+		<ProjectReference Include="..\Semmle.Autobuild.CSharp\Semmle.Autobuild.CSharp.csproj" />
+		<ProjectReference Include="..\Semmle.Autobuild.Shared\Semmle.Autobuild.Shared.csproj" />
+	</ItemGroup>
   <Import Project="..\..\.paket\Paket.Restore.targets" />
-</Project>
+</Project>

csharp/autobuilder/Semmle.Autobuild.CSharp/BUILD.bazel

@@ -1,21 +0,0 @@
-load(
-    "//misc/bazel:csharp.bzl",
-    "codeql_csharp_binary",
-)
-
-codeql_csharp_binary(
-    name = "Semmle.Autobuild.CSharp",
-    srcs = glob([
-        "*.cs",
-        "Properties/*.cs",
-    ]),
-    visibility = ["//csharp:__subpackages__"],
-    deps = [
-        "//csharp/autobuilder/Semmle.Autobuild.Shared",
-        "//csharp/extractor/Semmle.Extraction.CSharp",
-        "//csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching",
-        "//csharp/extractor/Semmle.Util",
-        "@paket.main//microsoft.build",
-        "@paket.main//newtonsoft.json",
-    ],
-)

csharp/autobuilder/Semmle.Autobuild.CSharp/CSharpAutobuilder.cs

@@ -88,9 +88,9 @@ namespace Semmle.Autobuild.CSharp
                 AddDiagnostic(new DiagnosticMessage(
                     Options.Language,
                     "buildless/mode-active",
-                    "C# with build-mode set to 'none'",
+                    "C# was extracted with build-mode set to 'none'",
                     visibility: new DiagnosticMessage.TspVisibility(statusPage: true, cliSummaryTable: true, telemetry: true),
-                    markdownMessage: "C# with build-mode set to 'none'. This means that all C# source in the working directory will be scanned, with build tools, such as Nuget and Dotnet CLIs, only contributing information about external dependencies.",
+                    markdownMessage: "C# was extracted with build-mode set to 'none'. This means that all C# source in the working directory will be scanned, with build tools, such as Nuget and Dotnet CLIs, only contributing information about external dependencies.",
                     severity: DiagnosticMessage.TspSeverity.Note
                 ));
                 return 0;

csharp/autobuilder/Semmle.Autobuild.CSharp/Properties/AssemblyInfo.cs

@@ -1,32 +0,0 @@
-using System.Reflection;
-using System.Runtime.InteropServices;
-
-// General Information about an assembly is controlled through the following
-// set of attributes. Change these attribute values to modify the information
-// associated with an assembly.
-[assembly: AssemblyTitle("Semmle.Autobuild.CSharp")]
-[assembly: AssemblyDescription("")]
-[assembly: AssemblyConfiguration("")]
-[assembly: AssemblyCompany("GitHub")]
-[assembly: AssemblyProduct("CodeQL autobuilder for C#")]
-[assembly: AssemblyCopyright("Copyright © GitHub 2020")]
-[assembly: AssemblyTrademark("")]
-[assembly: AssemblyCulture("")]
-
-// Setting ComVisible to false makes the types in this assembly not visible
-// to COM components.  If you need to access a type in this assembly from
-// COM, set the ComVisible attribute to true on that type.
-[assembly: ComVisible(false)]
-
-// Version information for an assembly consists of the following four values:
-//
-//      Major Version
-//      Minor Version
-//      Build Number
-//      Revision
-//
-// You can specify all the values or you can default the Build and Revision Numbers
-// by using the '*' as shown below:
-// [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("1.0.0.0")]
-[assembly: AssemblyFileVersion("1.0.0.0")]

csharp/autobuilder/Semmle.Autobuild.CSharp/Semmle.Autobuild.CSharp.csproj

@@ -1,22 +1,11 @@
-<?xml version="1.0" encoding="utf-8"?>
 <Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
-    <TargetFramework>net8.0</TargetFramework>
-    <AssemblyName>Semmle.Autobuild.CSharp</AssemblyName>
-    <RootNamespace>Semmle.Autobuild.CSharp</RootNamespace>
-    <ApplicationIcon />
     <OutputType>Exe</OutputType>
-    <StartupObject />
-    <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
-    <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
-    <Nullable>enable</Nullable>
   </PropertyGroup>
-  <ItemGroup>
-    <Folder Include="Properties\" />
-  </ItemGroup>
   <ItemGroup>
     <ProjectReference Include="..\..\extractor\Semmle.Util\Semmle.Util.csproj" />
     <ProjectReference Include="..\..\extractor\Semmle.Extraction.CSharp\Semmle.Extraction.CSharp.csproj" />
+    <ProjectReference Include="..\..\extractor\Semmle.Extraction.CSharp.Standalone\Semmle.Extraction.CSharp.Standalone.csproj" />
     <ProjectReference Include="..\..\extractor\Semmle.Extraction.CSharp.DependencyFetching\Semmle.Extraction.CSharp.DependencyFetching.csproj" />
     <ProjectReference Include="..\Semmle.Autobuild.Shared\Semmle.Autobuild.Shared.csproj" />
   </ItemGroup>

csharp/autobuilder/Semmle.Autobuild.CSharp/StandaloneBuildRule.cs

@@ -10,17 +10,7 @@ namespace Semmle.Autobuild.CSharp
     {
         public BuildScript Analyse(IAutobuilder<CSharpAutobuildOptions> builder, bool auto)
         {
-            if (builder.CodeQLExtractorLangRoot is null
-                || builder.CodeQlPlatform is null)
-            {
-                return BuildScript.Failure;
-            }
-
-            var standalone = builder.Actions.PathCombine(builder.CodeQLExtractorLangRoot, "tools", builder.CodeQlPlatform, "Semmle.Extraction.CSharp.Standalone");
-            var cmd = new CommandBuilder(builder.Actions);
-            cmd.RunCommand(standalone);
-
-            return cmd.Script;
+            return BuildScript.Create(_ => Semmle.Extraction.CSharp.Standalone.Program.Main([]));
         }
     }
 }

csharp/autobuilder/Semmle.Autobuild.Cpp.Tests/BUILD.bazel

@@ -1,18 +0,0 @@
-load(
-    "//misc/bazel:csharp.bzl",
-    "codeql_xunit_test",
-)
-
-codeql_xunit_test(
-    name = "Semmle.Autobuild.Cpp.Tests",
-    srcs = glob([
-        "*.cs",
-        "Properties/*.cs",
-    ]),
-    deps = [
-        "//csharp/autobuilder/Semmle.Autobuild.Cpp:bin/Semmle.Autobuild.Cpp",
-        "//csharp/autobuilder/Semmle.Autobuild.Shared",
-        "@paket.main//microsoft.net.test.sdk",
-        "@paket.main//system.io.filesystem",
-    ],
-)

csharp/autobuilder/Semmle.Autobuild.Cpp.Tests/BuildScripts.cs

@@ -200,9 +200,9 @@ namespace Semmle.Autobuild.Cpp.Tests
 
     internal class TestDiagnosticWriter : IDiagnosticsWriter
     {
-        public IList<Semmle.Util.DiagnosticMessage> Diagnostics { get; } = new List<Semmle.Util.DiagnosticMessage>();
+        public IList<DiagnosticMessage> Diagnostics { get; } = new List<DiagnosticMessage>();
 
-        public void AddEntry(Semmle.Util.DiagnosticMessage message) => this.Diagnostics.Add(message);
+        public void AddEntry(DiagnosticMessage message) => this.Diagnostics.Add(message);
 
         public void Dispose() { }
     }

csharp/autobuilder/Semmle.Autobuild.Cpp.Tests/Semmle.Autobuild.Cpp.Tests.csproj

@@ -2,10 +2,6 @@
 <Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <TargetFramework>net8.0</TargetFramework>
-    <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
-    <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
-    <Nullable>enable</Nullable>
   </PropertyGroup>
   <ItemGroup>
     <ProjectReference Include="..\Semmle.Autobuild.Cpp\Semmle.Autobuild.Cpp.csproj" />

csharp/autobuilder/Semmle.Autobuild.Cpp/BUILD.bazel

@@ -1,18 +0,0 @@
-load(
-    "//misc/bazel:csharp.bzl",
-    "codeql_csharp_binary",
-)
-
-codeql_csharp_binary(
-    name = "Semmle.Autobuild.Cpp",
-    srcs = glob([
-        "*.cs",
-        "Properties/*.cs",
-    ]),
-    visibility = ["//visibility:public"],
-    deps = [
-        "//csharp/autobuilder/Semmle.Autobuild.Shared",
-        "//csharp/extractor/Semmle.Util",
-        "@paket.main//microsoft.build",
-    ],
-)

csharp/autobuilder/Semmle.Autobuild.Cpp/Properties/AssemblyInfo.cs

@@ -1,32 +0,0 @@
-using System.Reflection;
-using System.Runtime.InteropServices;
-
-// General Information about an assembly is controlled through the following
-// set of attributes. Change these attribute values to modify the information
-// associated with an assembly.
-[assembly: AssemblyTitle("Semmle.Autobuild.Cpp")]
-[assembly: AssemblyDescription("")]
-[assembly: AssemblyConfiguration("")]
-[assembly: AssemblyCompany("GitHub")]
-[assembly: AssemblyProduct("CodeQL autobuilder for C++")]
-[assembly: AssemblyCopyright("Copyright © GitHub 2020")]
-[assembly: AssemblyTrademark("")]
-[assembly: AssemblyCulture("")]
-
-// Setting ComVisible to false makes the types in this assembly not visible
-// to COM components.  If you need to access a type in this assembly from
-// COM, set the ComVisible attribute to true on that type.
-[assembly: ComVisible(false)]
-
-// Version information for an assembly consists of the following four values:
-//
-//      Major Version
-//      Minor Version
-//      Build Number
-//      Revision
-//
-// You can specify all the values or you can default the Build and Revision Numbers
-// by using the '*' as shown below:
-// [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("1.0.0.0")]
-[assembly: AssemblyFileVersion("1.0.0.0")]

csharp/autobuilder/Semmle.Autobuild.Cpp/Semmle.Autobuild.Cpp.csproj

@@ -1,19 +1,8 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
-    <TargetFramework>net8.0</TargetFramework>
-    <AssemblyName>Semmle.Autobuild.Cpp</AssemblyName>
-    <RootNamespace>Semmle.Autobuild.Cpp</RootNamespace>
-    <ApplicationIcon />
     <OutputType>Exe</OutputType>
-    <StartupObject />
-    <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
-    <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
-    <Nullable>enable</Nullable>
   </PropertyGroup>
-  <ItemGroup>
-    <Folder Include="Properties\" />
-  </ItemGroup>
   <ItemGroup>
     <ProjectReference Include="..\..\extractor\Semmle.Util\Semmle.Util.csproj" />
     <ProjectReference Include="..\Semmle.Autobuild.Shared\Semmle.Autobuild.Shared.csproj" />

csharp/autobuilder/Semmle.Autobuild.Shared/Autobuilder.cs

@@ -73,16 +73,6 @@ namespace Semmle.Autobuild.Shared
         /// A logger.
         /// </summary>
         ILogger Logger { get; }
-
-        /// <summary>
-        /// Value of CODEQL_EXTRACTOR_<LANG>_ROOT environment variable.
-        /// </summary>
-        string? CodeQLExtractorLangRoot { get; }
-
-        /// <summary>
-        /// Value of CODEQL_PLATFORM environment variable.
-        /// </summary>
-        string? CodeQlPlatform { get; }
     }
 
     /// <summary>
@@ -197,9 +187,6 @@ namespace Semmle.Autobuild.Shared
                 return ret ?? new List<IProjectOrSolution>();
             });
 
-            CodeQLExtractorLangRoot = Actions.GetEnvironmentVariable(EnvVars.Root(this.Options.Language));
-            CodeQlPlatform = Actions.GetEnvironmentVariable(EnvVars.Platform);
-
             TrapDir = RequireEnvironmentVariable(EnvVars.TrapDir(this.Options.Language));
             SourceArchiveDir = RequireEnvironmentVariable(EnvVars.SourceArchiveDir(this.Options.Language));
             DiagnosticsDir = RequireEnvironmentVariable(EnvVars.DiagnosticDir(this.Options.Language));
@@ -364,15 +351,5 @@ namespace Semmle.Autobuild.Shared
                 diagnostics.Dispose();
             }
         }
-
-        /// <summary>
-        /// Value of CODEQL_EXTRACTOR_<LANG>_ROOT environment variable.
-        /// </summary>
-        public string? CodeQLExtractorLangRoot { get; }
-
-        /// <summary>
-        /// Value of CODEQL_PLATFORM environment variable.
-        /// </summary>
-        public string? CodeQlPlatform { get; }
     }
 }

csharp/autobuilder/Semmle.Autobuild.Shared/BUILD.bazel

@@ -1,17 +0,0 @@
-load(
-    "//misc/bazel:csharp.bzl",
-    "codeql_csharp_library",
-)
-
-codeql_csharp_library(
-    name = "Semmle.Autobuild.Shared",
-    srcs = glob([
-        "*.cs",
-        "Properties/*.cs",
-    ]),
-    visibility = ["//visibility:public"],
-    deps = [
-        "//csharp/extractor/Semmle.Util",
-        "@paket.main//microsoft.build",
-    ],
-)

csharp/autobuilder/Semmle.Autobuild.Shared/Properties/AssemblyInfo.cs

@@ -1,35 +0,0 @@
-using System.Reflection;
-using System.Runtime.InteropServices;
-
-// General Information about an assembly is controlled through the following
-// set of attributes. Change these attribute values to modify the information
-// associated with an assembly.
-[assembly: AssemblyTitle("Semmle.Autobuild.Shared")]
-[assembly: AssemblyDescription("")]
-[assembly: AssemblyConfiguration("")]
-[assembly: AssemblyCompany("GitHub")]
-[assembly: AssemblyProduct("CodeQL autobuilder")]
-[assembly: AssemblyCopyright("Copyright © GitHub 2020")]
-[assembly: AssemblyTrademark("")]
-[assembly: AssemblyCulture("")]
-
-// Setting ComVisible to false makes the types in this assembly not visible
-// to COM components.  If you need to access a type in this assembly from
-// COM, set the ComVisible attribute to true on that type.
-[assembly: ComVisible(false)]
-
-// The following GUID is for the ID of the typelib if this project is exposed to COM
-[assembly: Guid("1d9920ad-7b00-4df1-8b01-9ff5b687828e")]
-
-// Version information for an assembly consists of the following four values:
-//
-//      Major Version
-//      Minor Version
-//      Build Number
-//      Revision
-//
-// You can specify all the values or you can default the Build and Revision Numbers
-// by using the '*' as shown below:
-// [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("1.0.0.0")]
-[assembly: AssemblyFileVersion("1.0.0.0")]

csharp/autobuilder/Semmle.Autobuild.Shared/Semmle.Autobuild.Shared.csproj

@@ -1,18 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project Sdk="Microsoft.NET.Sdk">
-  <PropertyGroup>
-    <TargetFramework>net8.0</TargetFramework>
-    <AssemblyName>Semmle.Autobuild.Shared</AssemblyName>
-    <RootNamespace>Semmle.Autobuild.Shared</RootNamespace>
-    <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
-    <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
-    <Nullable>enable</Nullable>
-  </PropertyGroup>
-  <ItemGroup>
-    <Folder Include="Properties\" />
-  </ItemGroup>
-  <ItemGroup>
-    <ProjectReference Include="..\..\extractor\Semmle.Util\Semmle.Util.csproj" />
-  </ItemGroup>
+	<ItemGroup>
+		<ProjectReference Include="..\..\extractor\Semmle.Util\Semmle.Util.csproj" />
+	</ItemGroup>
   <Import Project="..\..\.paket\Paket.Restore.targets" />
-</Project>
+</Project>

csharp/downgrades/BUILD.bazel

@@ -1,12 +0,0 @@
-load("@rules_pkg//:mappings.bzl", "pkg_files", "strip_prefix")
-
-pkg_files(
-    name = "downgrades",
-    srcs = glob(
-        ["**"],
-        exclude = ["BUILD.bazel"],
-    ),
-    prefix = "downgrades",
-    strip_prefix = strip_prefix.from_pkg(),
-    visibility = ["//csharp:__pkg__"],
-)

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/BUILD.bazel

@@ -1,21 +0,0 @@
-load(
-    "//misc/bazel:csharp.bzl",
-    "codeql_csharp_library",
-)
-
-codeql_csharp_library(
-    name = "Semmle.Extraction.CSharp.DependencyFetching",
-    srcs = glob([
-        "*.cs",
-        "Properties/*.cs",
-        "SourceGenerators/**/*.cs",
-    ]),
-    allow_unsafe_blocks = True,
-    internals_visible_to = ["Semmle.Extraction.Tests"],
-    nowarn = ["CA1822"],
-    visibility = ["//csharp:__subpackages__"],
-    deps = [
-        "//csharp/extractor/Semmle.Extraction",
-        "//csharp/extractor/Semmle.Util",
-    ],
-)

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/EnvironmentVariableNames.cs

@@ -60,6 +60,16 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
         /// </summary>
         public const string FallbackNugetFeeds = "CODEQL_EXTRACTOR_CSHARP_BUILDLESS_NUGET_FEEDS_FALLBACK";
 
+        /// <summary>
+        /// Controls whether to include NuGet feeds from nuget.config files in the fallback restore logic.
+        /// </summary>
+        public const string AddNugetConfigFeedsToFallback = "CODEQL_EXTRACTOR_CSHARP_BUILDLESS_NUGET_FEEDS_FALLBACK_INCLUDE_NUGET_CONFIG_FEEDS";
+
+        /// <summary>
+        /// Specifies the path to the nuget executable to be used for package restoration.
+        /// </summary>
+        public const string NugetExePath = "CODEQL_EXTRACTOR_CSHARP_BUILDLESS_NUGET_PATH";
+
         /// <summary>
         /// Specifies the location of the diagnostic directory.
         /// </summary>

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/FileProvider.cs

@@ -20,6 +20,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
         private readonly Lazy<string[]> solutions;
         private readonly Lazy<string[]> dlls;
         private readonly Lazy<string[]> nugetConfigs;
+        private readonly Lazy<string[]> nugetExes;
         private readonly Lazy<string[]> globalJsons;
         private readonly Lazy<string[]> packagesConfigs;
         private readonly Lazy<string[]> razorViews;
@@ -45,6 +46,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
             resources = new Lazy<string[]>(() => SelectTextFileNamesByExtension("resource", ".resx"));
 
             rootNugetConfig = new Lazy<string?>(() => all.SelectRootFiles(SourceDir).SelectFileNamesByName("nuget.config").FirstOrDefault());
+            nugetExes = new Lazy<string[]>(() => all.SelectFileNamesByName("nuget.exe").ToArray());
         }
 
         private string[] ReturnAndLogFiles(string filetype, IEnumerable<string> files)
@@ -123,6 +125,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
         public ICollection<string> Solutions => solutions.Value;
         public IEnumerable<string> Dlls => dlls.Value;
         public ICollection<string> NugetConfigs => nugetConfigs.Value;
+        public ICollection<string> NugetExes => nugetExes.Value;
         public string? RootNugetConfig => rootNugetConfig.Value;
         public IEnumerable<string> GlobalJsons => globalJsons.Value;
         public ICollection<string> PackagesConfigs => packagesConfigs.Value;

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetExeWrapper.cs

@@ -17,15 +17,11 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
         private readonly string? nugetExe;
         private readonly Util.Logging.ILogger logger;
 
-        /// <summary>
-        /// The list of package files.
-        /// </summary>
-        private readonly ICollection<string> packageFiles;
-
-        public int PackageCount => packageFiles.Count;
+        public int PackageCount => fileProvider.PackagesConfigs.Count;
 
         private readonly string? backupNugetConfig;
         private readonly string? nugetConfigPath;
+        private readonly FileProvider fileProvider;
 
         /// <summary>
         /// The computed packages directory.
@@ -39,15 +35,14 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
         /// </summary>
         public NugetExeWrapper(FileProvider fileProvider, TemporaryDirectory packageDirectory, Util.Logging.ILogger logger)
         {
+            this.fileProvider = fileProvider;
             this.packageDirectory = packageDirectory;
             this.logger = logger;
 
-            packageFiles = fileProvider.PackagesConfigs;
-
-            if (packageFiles.Count > 0)
+            if (fileProvider.PackagesConfigs.Count > 0)
             {
                 logger.LogInfo($"Found packages.config files, trying to use nuget.exe for package restore");
-                nugetExe = ResolveNugetExe(fileProvider.SourceDir.FullName);
+                nugetExe = ResolveNugetExe();
                 if (HasNoPackageSource())
                 {
                     // We only modify or add a top level nuget.config file
@@ -87,25 +82,44 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
         }
 
         /// <summary>
-        /// Tries to find the location of `nuget.exe` in the nuget directory under the directory
-        /// containing the executing assembly. If it can't be found, it is downloaded to the
-        /// `.nuget` directory under the source directory.
+        /// Tries to find the location of `nuget.exe`. It looks for
+        /// - the environment variable specifying a location,
+        /// - files in the repository,
+        /// - tries to resolve nuget from the PATH, or
+        /// - downloads it if it is not found.
         /// </summary>
-        /// <param name="sourceDir">The source directory.</param>
-        private string ResolveNugetExe(string sourceDir)
+        private string ResolveNugetExe()
         {
-            var currentAssembly = System.Reflection.Assembly.GetExecutingAssembly().Location;
-            var directory = Path.GetDirectoryName(currentAssembly)
-                ?? throw new FileNotFoundException($"Directory path '{currentAssembly}' of current assembly is null");
-
-            var nuget = Path.Combine(directory, "nuget", "nuget.exe");
-            if (File.Exists(nuget))
+            var envVarPath = Environment.GetEnvironmentVariable(EnvironmentVariableNames.NugetExePath);
+            if (!string.IsNullOrEmpty(envVarPath))
             {
-                logger.LogInfo($"Found nuget.exe at {nuget}");
-                return nuget;
+                logger.LogInfo($"Using nuget.exe from environment variable: '{envVarPath}'");
+                return envVarPath;
             }
 
-            return DownloadNugetExe(sourceDir);
+            var nugetExesInRepo = fileProvider.NugetExes;
+            if (nugetExesInRepo.Count > 1)
+            {
+                logger.LogInfo($"Found multiple nuget.exe files in the repository: {string.Join(", ", nugetExesInRepo.OrderBy(s => s))}");
+            }
+
+            if (nugetExesInRepo.Count > 0)
+            {
+                var path = nugetExesInRepo.First();
+                logger.LogInfo($"Using nuget.exe from path '{path}'");
+                return path;
+            }
+
+            var executableName = Win32.IsWindows() ? "nuget.exe" : "nuget";
+            var nugetPath = FileUtils.FindProgramOnPath(executableName);
+            if (nugetPath is not null)
+            {
+                nugetPath = Path.Combine(nugetPath, executableName);
+                logger.LogInfo($"Using nuget.exe from PATH: {nugetPath}");
+                return nugetPath;
+            }
+
+            return DownloadNugetExe(fileProvider.SourceDir.FullName);
         }
 
         private string DownloadNugetExe(string sourceDir)
@@ -135,6 +149,8 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
             }
         }
 
+        private bool RunWithMono => !Win32.IsWindows() && !string.IsNullOrEmpty(Path.GetExtension(nugetExe));
+
         /// <summary>
         /// Restore all files in a specified package.
         /// </summary>
@@ -150,16 +166,16 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
              */
 
             string exe, args;
-            if (Win32.IsWindows())
-            {
-                exe = nugetExe!;
-                args = $"install -OutputDirectory {packageDirectory} {package}";
-            }
-            else
+            if (RunWithMono)
             {
                 exe = "mono";
                 args = $"{nugetExe} install -OutputDirectory {packageDirectory} {package}";
             }
+            else
+            {
+                exe = nugetExe!;
+                args = $"install -OutputDirectory {packageDirectory} {package}";
+            }
 
             var pi = new ProcessStartInfo(exe, args)
             {
@@ -189,7 +205,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
         /// </summary>
         public int InstallPackages()
         {
-            return packageFiles.Count(package => TryRestoreNugetPackage(package));
+            return fileProvider.PackagesConfigs.Count(package => TryRestoreNugetPackage(package));
         }
 
         private bool HasNoPackageSource()
@@ -219,8 +235,18 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
 
         private void RunMonoNugetCommand(string command, out IList<string> stdout)
         {
-            var exe = "mono";
-            var args = $"{nugetExe} {command}";
+            string exe, args;
+            if (RunWithMono)
+            {
+                exe = "mono";
+                args = $"{nugetExe} {command}";
+            }
+            else
+            {
+                exe = nugetExe!;
+                args = command;
+            }
+
             var pi = new ProcessStartInfo(exe, args)
             {
                 RedirectStandardOutput = true,

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs

@@ -98,12 +98,14 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
             logger.LogInfo($"Checking NuGet feed responsiveness: {checkNugetFeedResponsiveness}");
             compilationInfoContainer.CompilationInfos.Add(("NuGet feed responsiveness checked", checkNugetFeedResponsiveness ? "1" : "0"));
 
+            HashSet<string>? explicitFeeds = null;
+
             try
             {
-                if (checkNugetFeedResponsiveness && !CheckFeeds())
+                if (checkNugetFeedResponsiveness && !CheckFeeds(out explicitFeeds))
                 {
                     // todo: we could also check the reachability of the inherited nuget feeds, but to use those in the fallback we would need to handle authentication too.
-                    var unresponsiveMissingPackageLocation = DownloadMissingPackagesFromSpecificFeeds();
+                    var unresponsiveMissingPackageLocation = DownloadMissingPackagesFromSpecificFeeds(explicitFeeds);
                     return unresponsiveMissingPackageLocation is null
                         ? []
                         : [unresponsiveMissingPackageLocation];
@@ -163,7 +165,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
             LogAllUnusedPackages(dependencies);
 
             var missingPackageLocation = checkNugetFeedResponsiveness
-                ? DownloadMissingPackagesFromSpecificFeeds()
+                ? DownloadMissingPackagesFromSpecificFeeds(explicitFeeds)
                 : DownloadMissingPackages();
 
             if (missingPackageLocation is not null)
@@ -173,13 +175,24 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
             return assemblyLookupLocations;
         }
 
-        private List<string> GetReachableFallbackNugetFeeds()
+        private List<string> GetReachableFallbackNugetFeeds(HashSet<string>? feedsFromNugetConfigs)
         {
             var fallbackFeeds = EnvironmentVariables.GetURLs(EnvironmentVariableNames.FallbackNugetFeeds).ToHashSet();
             if (fallbackFeeds.Count == 0)
             {
                 fallbackFeeds.Add(PublicNugetOrgFeed);
-                logger.LogInfo($"No fallback Nuget feeds specified. Using default feed: {PublicNugetOrgFeed}");
+                logger.LogInfo($"No fallback Nuget feeds specified. Adding default feed: {PublicNugetOrgFeed}");
+
+                var shouldAddNugetConfigFeeds = EnvironmentVariables.GetBooleanOptOut(EnvironmentVariableNames.AddNugetConfigFeedsToFallback);
+                logger.LogInfo($"Adding feeds from nuget.config to fallback restore: {shouldAddNugetConfigFeeds}");
+
+                if (shouldAddNugetConfigFeeds && feedsFromNugetConfigs?.Count > 0)
+                {
+                    // There are some feeds in `feedsFromNugetConfigs` that have already been checked for reachability, we could skip those.
+                    // But we might use different responsiveness testing settings when we try them in the fallback logic, so checking them again is safer.
+                    fallbackFeeds.UnionWith(feedsFromNugetConfigs);
+                    logger.LogInfo($"Using Nuget feeds from nuget.config files as fallback feeds: {string.Join(", ", feedsFromNugetConfigs.OrderBy(f => f))}");
+                }
             }
 
             logger.LogInfo($"Checking fallback Nuget feed reachability on feeds: {string.Join(", ", fallbackFeeds.OrderBy(f => f))}");
@@ -194,6 +207,8 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
                 logger.LogInfo($"Reachable fallback Nuget feeds: {string.Join(", ", reachableFallbackFeeds.OrderBy(f => f))}");
             }
 
+            compilationInfoContainer.CompilationInfos.Add(("Reachable fallback Nuget feed count", reachableFallbackFeeds.Count.ToString()));
+
             return reachableFallbackFeeds;
         }
 
@@ -272,9 +287,9 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
             compilationInfoContainer.CompilationInfos.Add(("Failed project restore with package source error", nugetSourceFailures.ToString()));
         }
 
-        private AssemblyLookupLocation? DownloadMissingPackagesFromSpecificFeeds()
+        private AssemblyLookupLocation? DownloadMissingPackagesFromSpecificFeeds(HashSet<string>? feedsFromNugetConfigs)
         {
-            var reachableFallbackFeeds = GetReachableFallbackNugetFeeds();
+            var reachableFallbackFeeds = GetReachableFallbackNugetFeeds(feedsFromNugetConfigs);
             if (reachableFallbackFeeds.Count > 0)
             {
                 return DownloadMissingPackages(fallbackNugetFeeds: reachableFallbackFeeds);
@@ -623,10 +638,10 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
             return (timeoutMilliSeconds, tryCount);
         }
 
-        private bool CheckFeeds()
+        private bool CheckFeeds(out HashSet<string> explicitFeeds)
         {
             logger.LogInfo("Checking Nuget feeds...");
-            var (explicitFeeds, allFeeds) = GetAllFeeds();
+            (explicitFeeds, var allFeeds) = GetAllFeeds();
 
             var excludedFeeds = EnvironmentVariables.GetURLs(EnvironmentVariableNames.ExcludedNugetFeedsFromResponsivenessCheck)
                 .ToHashSet() ?? [];

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Properties/AssemblyInfo.cs

@@ -1,39 +1,4 @@
-using System.Reflection;
-using System.Runtime.CompilerServices;
-using System.Runtime.InteropServices;
-
-// General Information about an assembly is controlled through the following
-// set of attributes. Change these attribute values to modify the information
-// associated with an assembly.
-[assembly: AssemblyTitle("Semmle.Extraction.CSharp.DependencyFetching")]
-[assembly: AssemblyDescription("")]
-[assembly: AssemblyConfiguration("")]
-[assembly: AssemblyCompany("")]
-[assembly: AssemblyProduct("Semmle.Extraction.CSharp.DependencyFetching")]
-[assembly: AssemblyCopyright("Copyright ©  2023")]
-[assembly: AssemblyTrademark("")]
-[assembly: AssemblyCulture("")]
-
-// Setting ComVisible to false makes the types in this assembly not visible
-// to COM components.  If you need to access a type in this assembly from
-// COM, set the ComVisible attribute to true on that type.
-[assembly: ComVisible(false)]
-
-// The following GUID is for the ID of the typelib if this project is exposed to COM
-[assembly: Guid("8e902d1e-f639-4f9f-a6d2-71e8ade7c5a3")]
+using System.Runtime.CompilerServices;
 
 // Expose internals for testing purposes.
 [assembly: InternalsVisibleTo("Semmle.Extraction.Tests")]
-
-// Version information for an assembly consists of the following four values:
-//
-//      Major Version
-//      Minor Version
-//      Build Number
-//      Revision
-//
-// You can specify all the values or you can default the Build and Revision Numbers
-// by using the '*' as shown below:
-// [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("1.0.0.0")]
-[assembly: AssemblyFileVersion("1.0.0.0")]

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Semmle.Extraction.CSharp.DependencyFetching.csproj

@@ -1,21 +1,11 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
-    <TargetFramework>net8.0</TargetFramework>
-    <AssemblyName>Semmle.Extraction.CSharp.DependencyFetching</AssemblyName>
-    <RootNamespace>Semmle.Extraction.CSharp.DependencyFetching</RootNamespace>
-    <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
-    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
-    <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
-    <Nullable>enable</Nullable>
     <NoWarn>$(NoWarn);CA1822</NoWarn>
   </PropertyGroup>
   <ItemGroup>
     <ProjectReference Include="..\Semmle.Util\Semmle.Util.csproj" />
     <ProjectReference Include="..\Semmle.Extraction\Semmle.Extraction.csproj" />
   </ItemGroup>
-  <ItemGroup>
-    <Folder Include="Properties\" />
-  </ItemGroup>
   <Import Project="..\..\.paket\Paket.Restore.targets" />
-</Project>
+</Project>

csharp/extractor/Semmle.Extraction.CSharp.DependencyStubGenerator/BUILD.bazel

@@ -1,18 +0,0 @@
-load(
-    "//misc/bazel:csharp.bzl",
-    "codeql_csharp_binary",
-)
-
-codeql_csharp_binary(
-    name = "Semmle.Extraction.CSharp.DependencyStubGenerator",
-    srcs = glob([
-        "*.cs",
-        "Properties/*.cs",
-    ]),
-    visibility = ["//csharp:__pkg__"],
-    deps = [
-        "//csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching",
-        "//csharp/extractor/Semmle.Extraction.CSharp.StubGenerator",
-        "//csharp/extractor/Semmle.Util",
-    ],
-)

csharp/extractor/Semmle.Extraction.CSharp.Driver/BUILD.bazel

@@ -1,16 +0,0 @@
-load(
-    "//misc/bazel:csharp.bzl",
-    "codeql_csharp_binary",
-)
-
-codeql_csharp_binary(
-    name = "Semmle.Extraction.CSharp.Driver",
-    srcs = glob([
-        "*.cs",
-        "Properties/*.cs",
-    ]),
-    visibility = ["//csharp:__pkg__"],
-    deps = [
-        "//csharp/extractor/Semmle.Extraction.CSharp",
-    ],
-)

csharp/extractor/Semmle.Extraction.CSharp.Driver/Properties/AssemblyInfo.cs

@@ -1,35 +0,0 @@
-using System.Reflection;
-using System.Runtime.InteropServices;
-
-// General Information about an assembly is controlled through the following
-// set of attributes. Change these attribute values to modify the information
-// associated with an assembly.
-[assembly: AssemblyTitle("Semmle.Extraction.CSharp.Driver")]
-[assembly: AssemblyDescription("")]
-[assembly: AssemblyConfiguration("")]
-[assembly: AssemblyCompany("")]
-[assembly: AssemblyProduct("Semmle.Extraction.CSharp.Driver")]
-[assembly: AssemblyCopyright("Copyright ©  2015")]
-[assembly: AssemblyTrademark("")]
-[assembly: AssemblyCulture("")]
-
-// Setting ComVisible to false makes the types in this assembly not visible
-// to COM components.  If you need to access a type in this assembly from
-// COM, set the ComVisible attribute to true on that type.
-[assembly: ComVisible(false)]
-
-// The following GUID is for the ID of the typelib if this project is exposed to COM
-[assembly: Guid("c02a2b0e-8884-4b82-8275-ea282403a775")]
-
-// Version information for an assembly consists of the following four values:
-//
-//      Major Version
-//      Minor Version
-//      Build Number
-//      Revision
-//
-// You can specify all the values or you can default the Build and Revision Numbers
-// by using the '*' as shown below:
-// [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("1.0.0.0")]
-[assembly: AssemblyFileVersion("1.0.0.0")]

csharp/extractor/Semmle.Extraction.CSharp.Driver/Semmle.Extraction.CSharp.Driver.csproj

@@ -2,11 +2,6 @@
 <Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <TargetFramework>net8.0</TargetFramework>
-    <AssemblyName>Semmle.Extraction.CSharp.Driver</AssemblyName>
-    <RootNamespace>Semmle.Extraction.CSharp.Driver</RootNamespace>
-    <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
-    <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
   </PropertyGroup>
   <ItemGroup>
     <ProjectReference Include="..\Semmle.Extraction.CSharp\Semmle.Extraction.CSharp.csproj" />

csharp/extractor/Semmle.Extraction.CSharp.Standalone/BUILD.bazel

@@ -1,18 +0,0 @@
-load(
-    "//misc/bazel:csharp.bzl",
-    "codeql_csharp_binary",
-)
-
-codeql_csharp_binary(
-    name = "Semmle.Extraction.CSharp.Standalone",
-    srcs = glob([
-        "*.cs",
-        "Properties/*.cs",
-    ]),
-    visibility = ["//csharp:__subpackages__"],
-    deps = [
-        "//csharp/extractor/Semmle.Extraction.CSharp",
-        "//csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching",
-        "//csharp/extractor/Semmle.Util",
-    ],
-)

csharp/extractor/Semmle.Extraction.CSharp.Standalone/Properties/AssemblyInfo.cs

@@ -1,35 +0,0 @@
-using System.Reflection;
-using System.Runtime.InteropServices;
-
-// General Information about an assembly is controlled through the following
-// set of attributes. Change these attribute values to modify the information
-// associated with an assembly.
-[assembly: AssemblyTitle("Semmle.Extraction.CSharp.Standalone")]
-[assembly: AssemblyDescription("Standalone extractor for C#")]
-[assembly: AssemblyConfiguration("")]
-[assembly: AssemblyCompany("Semmle Ltd.")]
-[assembly: AssemblyProduct("Semmle.Extraction.CSharp.Standalone")]
-[assembly: AssemblyCopyright("Copyright © Semmle 2016")]
-[assembly: AssemblyTrademark("")]
-[assembly: AssemblyCulture("")]
-
-// Setting ComVisible to false makes the types in this assembly not visible
-// to COM components.  If you need to access a type in this assembly from
-// COM, set the ComVisible attribute to true on that type.
-[assembly: ComVisible(false)]
-
-// The following GUID is for the ID of the typelib if this project is exposed to COM
-[assembly: Guid("bb71e9da-7e0a-43e8-989c-c8e87c828e7c")]
-
-// Version information for an assembly consists of the following four values:
-//
-//      Major Version
-//      Minor Version
-//      Build Number
-//      Revision
-//
-// You can specify all the values or you can default the Build and Revision Numbers
-// by using the '*' as shown below:
-// [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("1.0.0.0")]
-[assembly: AssemblyFileVersion("1.0.0.0")]

csharp/extractor/Semmle.Extraction.CSharp.Standalone/Semmle.Extraction.CSharp.Standalone.csproj

@@ -1,23 +1,14 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project Sdk="Microsoft.NET.Sdk">
-  <PropertyGroup>
-    <OutputType>Exe</OutputType>
-    <TargetFramework>net8.0</TargetFramework>
-    <AssemblyName>Semmle.Extraction.CSharp.Standalone</AssemblyName>
-    <RootNamespace>Semmle.Extraction.CSharp.Standalone</RootNamespace>
-    <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
-    <TreatWarningsAsErrors>false</TreatWarningsAsErrors>
-    <WarningsAsErrors />
-    <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
-    <Nullable>enable</Nullable>
-  </PropertyGroup>
-  <ItemGroup>
-    <ProjectReference Include="..\Semmle.Extraction.CSharp\Semmle.Extraction.CSharp.csproj" />
-    <ProjectReference Include="..\Semmle.Extraction.CSharp.DependencyFetching\Semmle.Extraction.CSharp.DependencyFetching.csproj" />
-    <ProjectReference Include="..\Semmle.Util\Semmle.Util.csproj" />
-  </ItemGroup>
-  <ItemGroup>
-    <Folder Include="Properties\" />
-  </ItemGroup>
+	<PropertyGroup>
+		<OutputType>Exe</OutputType>
+		<TreatWarningsAsErrors>false</TreatWarningsAsErrors>
+		<WarningsAsErrors />
+	</PropertyGroup>
+	<ItemGroup>
+		<ProjectReference Include="..\Semmle.Extraction.CSharp\Semmle.Extraction.CSharp.csproj" />
+		<ProjectReference Include="..\Semmle.Extraction.CSharp.DependencyFetching\Semmle.Extraction.CSharp.DependencyFetching.csproj" />
+		<ProjectReference Include="..\Semmle.Util\Semmle.Util.csproj" />
+	</ItemGroup>
   <Import Project="..\..\.paket\Paket.Restore.targets" />
-</Project>
+</Project>

csharp/extractor/Semmle.Extraction.CSharp.StubGenerator/BUILD.bazel

@@ -1,20 +0,0 @@
-load(
-    "//misc/bazel:csharp.bzl",
-    "codeql_csharp_library",
-)
-
-codeql_csharp_library(
-    name = "Semmle.Extraction.CSharp.StubGenerator",
-    srcs = glob([
-        "*.cs",
-        "Properties/*.cs",
-    ]),
-    internals_visible_to = ["Semmle.Extraction.Tests"],
-    visibility = ["//csharp:__subpackages__"],
-    deps = [
-        "//csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching",
-        "//csharp/extractor/Semmle.Extraction.CSharp.Util",
-        "//csharp/extractor/Semmle.Util",
-        "@paket.main//microsoft.codeanalysis.csharp",
-    ],
-)

csharp/extractor/Semmle.Extraction.CSharp.StubGenerator/Properties/AssemblyInfo.cs

@@ -1,39 +1,4 @@
-using System.Reflection;
-using System.Runtime.CompilerServices;
-using System.Runtime.InteropServices;
-
-// General Information about an assembly is controlled through the following
-// set of attributes. Change these attribute values to modify the information
-// associated with an assembly.
-[assembly: AssemblyTitle("Semmle.Extraction.CSharp.StubGenerator")]
-[assembly: AssemblyDescription("Stub generator for C#")]
-[assembly: AssemblyConfiguration("")]
-[assembly: AssemblyCompany("")]
-[assembly: AssemblyProduct("Semmle.Extraction.CSharp.StubGenerator")]
-[assembly: AssemblyCopyright("Copyright ©  2023")]
-[assembly: AssemblyTrademark("")]
-[assembly: AssemblyCulture("")]
-
-// Setting ComVisible to false makes the types in this assembly not visible
-// to COM components.  If you need to access a type in this assembly from
-// COM, set the ComVisible attribute to true on that type.
-[assembly: ComVisible(false)]
-
-// The following GUID is for the ID of the typelib if this project is exposed to COM
-[assembly: Guid("6d55ca39-615a-4c1b-a648-a4010995e1ea")]
+using System.Runtime.CompilerServices;
 
 // Expose internals for testing purposes.
 [assembly: InternalsVisibleTo("Semmle.Extraction.Tests")]
-
-// Version information for an assembly consists of the following four values:
-//
-//      Major Version
-//      Minor Version
-//      Build Number
-//      Revision
-//
-// You can specify all the values or you can default the Build and Revision Numbers
-// by using the '*' as shown below:
-// [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("1.0.0.0")]
-[assembly: AssemblyFileVersion("1.0.0.0")]

csharp/extractor/Semmle.Extraction.CSharp.StubGenerator/Semmle.Extraction.CSharp.StubGenerator.csproj

@@ -1,17 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project Sdk="Microsoft.NET.Sdk">
-  <PropertyGroup>
-    <TargetFramework>net8.0</TargetFramework>
-    <AssemblyName>Semmle.Extraction.CSharp.StubGenerator</AssemblyName>
-    <RootNamespace>Semmle.Extraction.CSharp.StubGenerator</RootNamespace>
-    <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
-    <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
-    <Nullable>enable</Nullable>
-  </PropertyGroup>
-  <ItemGroup>
-    <ProjectReference Include="..\Semmle.Util\Semmle.Util.csproj" />
-    <ProjectReference Include="..\Semmle.Extraction.CSharp.DependencyFetching\Semmle.Extraction.CSharp.DependencyFetching.csproj" />
-    <ProjectReference Include="..\Semmle.Extraction.CSharp.Util\Semmle.Extraction.CSharp.Util.csproj" />
-  </ItemGroup>
+	<ItemGroup>
+		<ProjectReference Include="..\Semmle.Util\Semmle.Util.csproj" />
+		<ProjectReference Include="..\Semmle.Extraction.CSharp.DependencyFetching\Semmle.Extraction.CSharp.DependencyFetching.csproj" />
+		<ProjectReference Include="..\Semmle.Extraction.CSharp.Util\Semmle.Extraction.CSharp.Util.csproj" />
+	</ItemGroup>
   <Import Project="..\..\.paket\Paket.Restore.targets" />
-</Project>
+</Project>

csharp/extractor/Semmle.Extraction.CSharp.Util/BUILD.bazel

@@ -1,17 +0,0 @@
-load(
-    "//misc/bazel:csharp.bzl",
-    "codeql_csharp_library",
-)
-
-codeql_csharp_library(
-    name = "Semmle.Extraction.CSharp.Util",
-    srcs = glob([
-        "Properties/*.cs",
-        "*.cs",
-    ]),
-    visibility = ["//csharp:__subpackages__"],
-    deps = [
-        "//csharp/extractor/Semmle.Util",
-        "@paket.main//microsoft.codeanalysis.csharp",
-    ],
-)

csharp/extractor/Semmle.Extraction.CSharp.Util/Semmle.Extraction.CSharp.Util.csproj

@@ -1,16 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project Sdk="Microsoft.NET.Sdk">
-  <PropertyGroup>
-    <TargetFramework>net8.0</TargetFramework>
-    <AssemblyName>Semmle.Extraction.CSharp.Util</AssemblyName>
-    <RootNamespace>Semmle.Extraction.CSharp.Util</RootNamespace>
-    <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
-    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
-    <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
-    <Nullable>enable</Nullable>
-  </PropertyGroup>
   <ItemGroup>
     <ProjectReference Include="..\Semmle.Util\Semmle.Util.csproj" />
   </ItemGroup>
   <Import Project="..\..\.paket\Paket.Restore.targets" />
-</Project>
+</Project>

csharp/extractor/Semmle.Extraction.CSharp/BUILD.bazel

@@ -1,26 +0,0 @@
-load(
-    "//misc/bazel:csharp.bzl",
-    "codeql_csharp_library",
-)
-
-codeql_csharp_library(
-    name = "Semmle.Extraction.CSharp",
-    srcs = glob([
-        "Comments/**/*.cs",
-        "Entities/**/*.cs",
-        "Extractor/**/*.cs",
-        "Kinds/**/*.cs",
-        "Populators/**/*.cs",
-        "Properties/**/*.cs",
-        "*.cs",
-    ]),
-    allow_unsafe_blocks = True,
-    visibility = ["//csharp:__subpackages__"],
-    deps = [
-        "//csharp/extractor/Semmle.Extraction",
-        "//csharp/extractor/Semmle.Extraction.CSharp.Util",
-        "//csharp/extractor/Semmle.Util",
-        "@paket.main//microsoft.build",
-        "@paket.main//microsoft.codeanalysis.csharp",
-    ],
-)

csharp/extractor/Semmle.Extraction.CSharp/Entities/Compilations/Compilation.cs

@@ -11,26 +11,20 @@ namespace Semmle.Extraction.CSharp.Entities
     {
         internal readonly ConcurrentDictionary<string, int> messageCounts = new();
 
-        private static (string Cwd, string[] Args) settings;
-        private static int hashCode;
-
-        public static (string Cwd, string[] Args) Settings
-        {
-            get { return settings; }
-            set
-            {
-                settings = value;
-                hashCode = settings.Cwd.GetHashCode();
-                for (var i = 0; i < settings.Args.Length; i++)
-                {
-                    hashCode = HashCode.Combine(hashCode, settings.Args[i].GetHashCode());
-                }
-            }
-        }
+        private readonly string cwd;
+        private readonly string[] args;
+        private readonly int hashCode;
 
 #nullable disable warnings
         private Compilation(Context cx) : base(cx, null)
         {
+            cwd = cx.Extractor.Cwd;
+            args = cx.Extractor.Args;
+            hashCode = cwd.GetHashCode();
+            for (var i = 0; i < args.Length; i++)
+            {
+                hashCode = HashCode.Combine(hashCode, args[i].GetHashCode());
+            }
         }
 #nullable restore warnings
 
@@ -38,14 +32,14 @@ namespace Semmle.Extraction.CSharp.Entities
         {
             var assembly = Assembly.CreateOutputAssembly(Context);
 
-            trapFile.compilations(this, FileUtils.ConvertToUnix(Compilation.Settings.Cwd));
+            trapFile.compilations(this, FileUtils.ConvertToUnix(cwd));
             trapFile.compilation_assembly(this, assembly);
 
             // Arguments
             var expandedIndex = 0;
-            for (var i = 0; i < Compilation.Settings.Args.Length; i++)
+            for (var i = 0; i < args.Length; i++)
             {
-                var arg = Compilation.Settings.Args[i];
+                var arg = args[i];
                 trapFile.compilation_args(this, i, arg);
 
                 if (CommandLineExtensions.IsFileArgument(arg))

csharp/extractor/Semmle.Extraction.CSharp/Extractor/Extractor.cs

@@ -97,7 +97,8 @@ namespace Semmle.Extraction.CSharp
             stopwatch.Start();
 
             var options = Options.CreateWithEnvironment(args);
-            Entities.Compilation.Settings = (Directory.GetCurrentDirectory(), options.CompilerArguments.ToArray());
+            var workingDirectory = Directory.GetCurrentDirectory();
+            var compilerArgs = options.CompilerArguments.ToArray();
 
             using var logger = MakeLogger(options.Verbosity, options.Console);
 
@@ -123,7 +124,7 @@ namespace Semmle.Extraction.CSharp
 
                 var compilerArguments = CSharpCommandLineParser.Default.Parse(
                     compilerVersion.ArgsWithResponse,
-                    Entities.Compilation.Settings.Cwd,
+                    workingDirectory,
                     compilerVersion.FrameworkPath,
                     compilerVersion.AdditionalReferenceDirectories
                     );
@@ -131,7 +132,7 @@ namespace Semmle.Extraction.CSharp
                 if (compilerArguments is null)
                 {
                     var sb = new StringBuilder();
-                    sb.Append("  Failed to parse command line: ").AppendList(" ", Entities.Compilation.Settings.Args);
+                    sb.Append("  Failed to parse command line: ").AppendList(" ", compilerArgs);
                     logger.Log(Severity.Error, sb.ToString());
                     ++analyser.CompilationErrors;
                     return ExitCode.Failed;
@@ -143,7 +144,7 @@ namespace Semmle.Extraction.CSharp
                     return ExitCode.Ok;
                 }
 
-                return AnalyseTracing(analyser, compilerArguments, options, canonicalPathCache, stopwatch);
+                return AnalyseTracing(workingDirectory, compilerArgs, analyser, compilerArguments, options, canonicalPathCache, stopwatch);
             }
             catch (Exception ex)  // lgtm[cs/catch-of-all-exceptions]
             {
@@ -376,6 +377,8 @@ namespace Semmle.Extraction.CSharp
         }
 
         private static ExitCode AnalyseTracing(
+            string cwd,
+            string[] args,
             TracingAnalyser analyser,
             CSharpCommandLineArguments compilerArguments,
             Options options,
@@ -420,7 +423,7 @@ namespace Semmle.Extraction.CSharp
                             .WithMetadataImportOptions(MetadataImportOptions.All)
                         );
                 },
-                (compilation, options) => analyser.EndInitialize(compilerArguments, options, compilation),
+                (compilation, options) => analyser.EndInitialize(compilerArguments, options, compilation, cwd, args),
                 () => { });
         }
 

csharp/extractor/Semmle.Extraction.CSharp/Extractor/StandaloneAnalyser.cs

@@ -16,12 +16,10 @@ namespace Semmle.Extraction.CSharp
         public void Initialize(string outputPath, IEnumerable<(string, string)> compilationInfos, CSharpCompilation compilationIn, CommonOptions options)
         {
             compilation = compilationIn;
-            extractor = new StandaloneExtractor(outputPath, compilationInfos, Logger, PathTransformer, options);
+            extractor = new StandaloneExtractor(Directory.GetCurrentDirectory(), outputPath, compilationInfos, Logger, PathTransformer, options);
             this.options = options;
             LogExtractorInfo(Extraction.Extractor.Version);
             SetReferencePaths();
-
-            Entities.Compilation.Settings = (Directory.GetCurrentDirectory(), Array.Empty<string>());
         }
 
 #nullable disable warnings

csharp/extractor/Semmle.Extraction.CSharp/Extractor/TracingAnalyser.cs

@@ -38,13 +38,15 @@ namespace Semmle.Extraction.CSharp
         public void EndInitialize(
            CSharpCommandLineArguments commandLineArguments,
            CommonOptions options,
-           CSharpCompilation compilation)
+           CSharpCompilation compilation,
+           string cwd,
+           string[] args)
         {
             if (!init)
                 throw new InternalError("EndInitialize called without BeginInitialize returning true");
             this.options = options;
             this.compilation = compilation;
-            this.extractor = new TracingExtractor(GetOutputName(compilation, commandLineArguments), Logger, PathTransformer, options);
+            this.extractor = new TracingExtractor(cwd, args, GetOutputName(compilation, commandLineArguments), Logger, PathTransformer, options);
             LogDiagnostics();
 
             SetReferencePaths();

csharp/extractor/Semmle.Extraction.CSharp/Properties/AssemblyInfo.cs

@@ -1,35 +0,0 @@
-using System.Reflection;
-using System.Runtime.InteropServices;
-
-// General Information about an assembly is controlled through the following
-// set of attributes. Change these attribute values to modify the information
-// associated with an assembly.
-[assembly: AssemblyTitle("Semmle.Extraction.CSharp")]
-[assembly: AssemblyDescription("")]
-[assembly: AssemblyConfiguration("")]
-[assembly: AssemblyCompany("")]
-[assembly: AssemblyProduct("Semmle.Extraction.CSharp")]
-[assembly: AssemblyCopyright("Copyright ©  2015")]
-[assembly: AssemblyTrademark("")]
-[assembly: AssemblyCulture("")]
-
-// Setting ComVisible to false makes the types in this assembly not visible
-// to COM components.  If you need to access a type in this assembly from
-// COM, set the ComVisible attribute to true on that type.
-[assembly: ComVisible(false)]
-
-// The following GUID is for the ID of the typelib if this project is exposed to COM
-[assembly: Guid("09d7c55d-5ed3-4af8-9b9f-8f9342533ee9")]
-
-// Version information for an assembly consists of the following four values:
-//
-//      Major Version
-//      Minor Version
-//      Build Number
-//      Revision
-//
-// You can specify all the values or you can default the Build and Revision Numbers
-// by using the '*' as shown below:
-// [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("1.0.0.0")]
-[assembly: AssemblyFileVersion("1.0.0.0")]

csharp/extractor/Semmle.Extraction.CSharp/Semmle.Extraction.CSharp.csproj

@@ -1,21 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project Sdk="Microsoft.NET.Sdk">
-  <PropertyGroup>
-    <TargetFramework>net8.0</TargetFramework>
-    <AssemblyName>Semmle.Extraction.CSharp</AssemblyName>
-    <RootNamespace>Semmle.Extraction.CSharp</RootNamespace>
-    <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
-    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
-    <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
-    <Nullable>enable</Nullable>
-  </PropertyGroup>
-  <ItemGroup>
-    <ProjectReference Include="..\Semmle.Extraction\Semmle.Extraction.csproj" />
-    <ProjectReference Include="..\Semmle.Extraction.CSharp.Util\Semmle.Extraction.CSharp.Util.csproj" />
-    <ProjectReference Include="..\Semmle.Util\Semmle.Util.csproj" />
-  </ItemGroup>
-  <ItemGroup>
-    <Folder Include="Properties\" />
-  </ItemGroup>
+	<ItemGroup>
+		<ProjectReference Include="..\Semmle.Extraction\Semmle.Extraction.csproj" />
+		<ProjectReference Include="..\Semmle.Extraction.CSharp.Util\Semmle.Extraction.CSharp.Util.csproj" />
+		<ProjectReference Include="..\Semmle.Util\Semmle.Util.csproj" />
+	</ItemGroup>
   <Import Project="..\..\.paket\Paket.Restore.targets" />
-</Project>
+</Project>

csharp/extractor/Semmle.Extraction.Tests/BUILD.bazel

@@ -1,22 +0,0 @@
-load(
-    "//misc/bazel:csharp.bzl",
-    "codeql_xunit_test",
-)
-
-codeql_xunit_test(
-    name = "Semmle.Extraction.Tests",
-    srcs = glob([
-        "*.cs",
-        "Properties/*.cs",
-    ]),
-    deps = [
-        "//csharp/extractor/Semmle.Extraction",
-        "//csharp/extractor/Semmle.Extraction.CSharp",
-        "//csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching",
-        "//csharp/extractor/Semmle.Extraction.CSharp.Standalone:bin/Semmle.Extraction.CSharp.Standalone",
-        "//csharp/extractor/Semmle.Extraction.CSharp.StubGenerator",
-        "//csharp/extractor/Semmle.Util",
-        "@paket.main//microsoft.net.test.sdk",
-        "@paket.main//system.io.filesystem",
-    ],
-)

csharp/extractor/Semmle.Extraction.Tests/Properties/AssemblyInfo.cs

@@ -1,35 +0,0 @@
-using System.Reflection;
-using System.Runtime.InteropServices;
-
-// General Information about an assembly is controlled through the following
-// set of attributes. Change these attribute values to modify the information
-// associated with an assembly.
-[assembly: AssemblyTitle("Semmle.Extraction.Tests")]
-[assembly: AssemblyDescription("")]
-[assembly: AssemblyConfiguration("")]
-[assembly: AssemblyCompany("")]
-[assembly: AssemblyProduct("Semmle.Extraction.Tests")]
-[assembly: AssemblyCopyright("Copyright ©  2016")]
-[assembly: AssemblyTrademark("")]
-[assembly: AssemblyCulture("")]
-
-// Setting ComVisible to false makes the types in this assembly not visible
-// to COM components.  If you need to access a type in this assembly from
-// COM, set the ComVisible attribute to true on that type.
-[assembly: ComVisible(false)]
-
-// The following GUID is for the ID of the typelib if this project is exposed to COM
-[assembly: Guid("23237396-31ef-41f8-b466-ee96ddd7b7bc")]
-
-// Version information for an assembly consists of the following four values:
-//
-//      Major Version
-//      Minor Version
-//      Build Number
-//      Revision
-//
-// You can specify all the values or you can default the Build and Revision Numbers
-// by using the '*' as shown below:
-// [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("1.0.0.0")]
-[assembly: AssemblyFileVersion("1.0.0.0")]

csharp/extractor/Semmle.Extraction.Tests/Semmle.Extraction.Tests.csproj

@@ -1,11 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project Sdk="Microsoft.NET.Sdk">
-  <PropertyGroup>
-    <TargetFramework>net8.0</TargetFramework>
-    <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
-    <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
-    <Nullable>enable</Nullable>
-  </PropertyGroup>
   <ItemGroup>
     <ProjectReference Include="..\Semmle.Extraction.CSharp.StubGenerator\Semmle.Extraction.CSharp.StubGenerator.csproj" />
     <ProjectReference Include="..\Semmle.Extraction.CSharp.Standalone\Semmle.Extraction.CSharp.Standalone.csproj" />
@@ -14,4 +8,4 @@
     <ProjectReference Include="..\Semmle.Util\Semmle.Util.csproj" />
   </ItemGroup>
   <Import Project="..\..\.paket\Paket.Restore.targets" />
-</Project>
+</Project>

csharp/extractor/Semmle.Extraction/BUILD.bazel

@@ -1,36 +0,0 @@
-load(
-    "//misc/bazel:csharp.bzl",
-    "codeql_csharp_library",
-)
-
-config_setting(
-    name = "debug_build",
-    values = {
-        "compilation_mode": "dbg",
-    },
-)
-
-codeql_csharp_library(
-    name = "Semmle.Extraction",
-    srcs = glob([
-        "Entities/**/*.cs",
-        "Extractor/**/*.cs",
-        "Properties/*.cs",
-        "*.cs",
-    ]),
-    # enable via -c dbg on the bazel command line/in .bazelrc.local
-    defines = select({
-        ":debug_build": [
-            "TRACE",
-            "DEBUG",
-            "DEBUG_LABELS",
-        ],
-        "//conditions:default": [],
-    }),
-    visibility = ["//csharp:__subpackages__"],
-    deps = [
-        "//csharp/extractor/Semmle.Util",
-        "@paket.main//microsoft.build",
-        "@paket.main//microsoft.codeanalysis",
-    ],
-)

csharp/extractor/Semmle.Extraction/Extractor/Extractor.cs

@@ -1,7 +1,6 @@
 using System.Collections.Generic;
-using System.Reflection;
-using System.IO;
 using Semmle.Util.Logging;
+
 using CompilationInfo = (string key, string value);
 
 namespace Semmle.Extraction
@@ -11,6 +10,8 @@ namespace Semmle.Extraction
     /// </summary>
     public abstract class Extractor
     {
+        public string Cwd { get; init; }
+        public string[] Args { get; init; }
         public abstract ExtractorMode Mode { get; }
         public string OutputPath { get; }
         public IEnumerable<CompilationInfo> CompilationInfos { get; }
@@ -20,12 +21,14 @@ namespace Semmle.Extraction
         /// </summary>
         /// <param name="logger">The object used for logging.</param>
         /// <param name="pathTransformer">The object used for path transformations.</param>
-        protected Extractor(string outputPath, IEnumerable<CompilationInfo> compilationInfos, ILogger logger, PathTransformer pathTransformer)
+        protected Extractor(string cwd, string[] args, string outputPath, IEnumerable<CompilationInfo> compilationInfos, ILogger logger, PathTransformer pathTransformer)
         {
             OutputPath = outputPath;
             Logger = logger;
             PathTransformer = pathTransformer;
             CompilationInfos = compilationInfos;
+            Cwd = cwd;
+            Args = args;
         }
 
         // Limit the number of error messages in the log file
@@ -103,23 +106,7 @@ namespace Semmle.Extraction
 
         public ILogger Logger { get; private set; }
 
-        public static string Version
-        {
-            get
-            {
-                // the resources for git information are always attached to the entry` assembly by our build system
-                var assembly = Assembly.GetEntryAssembly();
-                var describeAllStream = assembly.GetManifestResourceStream("git-ql-describe-all.log");
-                var headSHAStream = assembly.GetManifestResourceStream("git-ql-rev-parse.log");
-                if (describeAllStream == null || headSHAStream == null)
-                {
-                    return "unknown (not built from internal bazel workspace)";
-                }
-                var describeAll = new StreamReader(describeAllStream).ReadToEnd().Trim('\n');
-                var headSHA = new StreamReader(headSHAStream).ReadToEnd().Trim('\n');
-                return $"{describeAll} ({headSHA})";
-            }
-        }
+        public static string Version => $"{ThisAssembly.Git.BaseTag} ({ThisAssembly.Git.Sha})";
 
         public PathTransformer PathTransformer { get; }
     }

csharp/extractor/Semmle.Extraction/Extractor/StandaloneExtractor.cs

@@ -12,7 +12,8 @@ namespace Semmle.Extraction
         /// </summary>
         /// <param name="logger">The object used for logging.</param>
         /// <param name="pathTransformer">The object used for path transformations.</param>
-        public StandaloneExtractor(string outputPath, IEnumerable<(string, string)> compilationInfos, ILogger logger, PathTransformer pathTransformer, CommonOptions options) : base(outputPath, compilationInfos, logger, pathTransformer)
+        public StandaloneExtractor(string cwd, string outputPath, IEnumerable<(string, string)> compilationInfos, ILogger logger, PathTransformer pathTransformer, CommonOptions options)
+            : base(cwd, [], outputPath, compilationInfos, logger, pathTransformer)
         {
             Mode = ExtractorMode.Standalone;
             if (options.QlTest)

csharp/extractor/Semmle.Extraction/Extractor/TracingExtractor.cs

@@ -1,4 +1,3 @@
-using System.Linq;
 using Semmle.Util.Logging;
 
 namespace Semmle.Extraction
@@ -13,7 +12,8 @@ namespace Semmle.Extraction
         /// <param name="outputPath">The name of the output DLL/EXE, or null if not specified (standalone extraction).</param>
         /// <param name="logger">The object used for logging.</param>
         /// <param name="pathTransformer">The object used for path transformations.</param>
-        public TracingExtractor(string outputPath, ILogger logger, PathTransformer pathTransformer, CommonOptions options) : base(outputPath, Enumerable.Empty<(string, string)>(), logger, pathTransformer)
+        public TracingExtractor(string cwd, string[] args, string outputPath, ILogger logger, PathTransformer pathTransformer, CommonOptions options)
+            : base(cwd, args, outputPath, [], logger, pathTransformer)
         {
             Mode = ExtractorMode.None;
             if (options.QlTest)