Kotlin: fix warning

.github/workflows/ruby-build.yml

@@ -0,0 +1,236 @@
+name: "Ruby: Build"
+
+on:
+  push:
+    paths:
+      - "ruby/**"
+      - .github/workflows/ruby-build.yml
+      - .github/actions/fetch-codeql/action.yml
+      - codeql-workspace.yml
+      - "shared/tree-sitter-extractor/**"
+    branches:
+      - main
+      - "rc/*"
+  pull_request:
+    paths:
+      - "ruby/**"
+      - .github/workflows/ruby-build.yml
+      - .github/actions/fetch-codeql/action.yml
+      - codeql-workspace.yml
+      - "shared/tree-sitter-extractor/**"
+    branches:
+      - main
+      - "rc/*"
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: "Version tag to create"
+        required: false
+
+env:
+  CARGO_TERM_COLOR: always
+
+defaults:
+  run:
+    working-directory: ruby
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, macos-latest, windows-latest]
+
+    runs-on: ${{ matrix.os }}
+
+    steps:
+      - uses: actions/checkout@v5
+      - name: Install GNU tar
+        if: runner.os == 'macOS'
+        run: |
+          brew install gnu-tar
+          echo "/usr/local/opt/gnu-tar/libexec/gnubin" >> $GITHUB_PATH
+      - name: Prepare Windows
+        if: runner.os == 'Windows'
+        shell: powershell
+        run: |
+          git config --global core.longpaths true
+      - uses: ./.github/actions/os-version
+        id: os_version
+      - name: Cache entire extractor
+        uses: actions/cache@v3
+        id: cache-extractor
+        with:
+          path: |
+            target/release/codeql-extractor-ruby
+            target/release/codeql-extractor-ruby.exe
+            ruby/extractor/ql/lib/codeql/ruby/ast/internal/TreeSitter.qll
+          key: ${{ runner.os }}-${{ steps.os_version.outputs.version }}-ruby-extractor-${{ hashFiles('ruby/extractor/rust-toolchain.toml', 'ruby/extractor/Cargo.lock') }}-${{ hashFiles('shared/tree-sitter-extractor') }}-${{ hashFiles('ruby/extractor/**/*.rs') }}
+      - uses: actions/cache@v3
+        if: steps.cache-extractor.outputs.cache-hit != 'true'
+        with:
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+            target
+          key: ${{ runner.os }}-${{ steps.os_version.outputs.version }}-ruby-rust-cargo-${{ hashFiles('ruby/extractor/rust-toolchain.toml', 'ruby/extractor/**/Cargo.lock') }}
+      - name: Check formatting
+        if: steps.cache-extractor.outputs.cache-hit != 'true'
+        run: cd extractor && cargo fmt -- --check
+      - name: Build
+        if: steps.cache-extractor.outputs.cache-hit != 'true'
+        run: cd extractor && cargo build --verbose
+      - name: Run tests
+        if: steps.cache-extractor.outputs.cache-hit != 'true'
+        run: cd extractor && cargo test --verbose
+      - name: Release build
+        if: steps.cache-extractor.outputs.cache-hit != 'true'
+        run: cd extractor && cargo build --release
+      - name: Generate dbscheme
+        if: ${{ matrix.os == 'ubuntu-latest' && steps.cache-extractor.outputs.cache-hit != 'true'}}
+        run: ../target/release/codeql-extractor-ruby generate --dbscheme ql/lib/ruby.dbscheme --library ql/lib/codeql/ruby/ast/internal/TreeSitter.qll
+      - uses: actions/upload-artifact@v4
+        if: ${{ matrix.os == 'ubuntu-latest' }}
+        with:
+          name: ruby.dbscheme
+          path: ruby/ql/lib/ruby.dbscheme
+      - uses: actions/upload-artifact@v4
+        if: ${{ matrix.os == 'ubuntu-latest' }}
+        with:
+          name: TreeSitter.qll
+          path: ruby/ql/lib/codeql/ruby/ast/internal/TreeSitter.qll
+      - uses: actions/upload-artifact@v4
+        with:
+          name: extractor-${{ matrix.os }}
+          path: |
+            target/release/codeql-extractor-ruby
+            target/release/codeql-extractor-ruby.exe
+          retention-days: 1
+  compile-queries:
+    if: github.repository_owner == 'github'
+    runs-on: ubuntu-latest-xl
+    steps:
+      - uses: actions/checkout@v5
+      - name: Fetch CodeQL
+        uses: ./.github/actions/fetch-codeql
+      - name: Cache compilation cache
+        id: query-cache
+        uses: ./.github/actions/cache-query-compilation
+        with:
+          key: ruby-build
+      - name: Build Query Pack
+        run: |
+          PACKS=${{ runner.temp }}/query-packs
+          rm -rf $PACKS
+          codeql pack create ../misc/suite-helpers --output "$PACKS"
+          codeql pack create ../shared/regex --output "$PACKS"
+          codeql pack create ../shared/ssa --output "$PACKS"
+          codeql pack create ../shared/tutorial --output "$PACKS"
+          codeql pack create ql/lib --output "$PACKS"
+          codeql pack create -j0 ql/src --output "$PACKS" --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}"
+          PACK_FOLDER=$(readlink -f "$PACKS"/codeql/ruby-queries/*)
+          codeql generate query-help --format=sarifv2.1.0 --output="${PACK_FOLDER}/rules.sarif" ql/src
+          (cd ql/src; find queries \( -name '*.qhelp' -o -name '*.rb' -o -name '*.erb' \) -exec bash -c 'mkdir -p "'"${PACK_FOLDER}"'/$(dirname "{}")"' \; -exec cp "{}" "${PACK_FOLDER}/{}" \;)
+      - uses: actions/upload-artifact@v4
+        with:
+          name: codeql-ruby-queries
+          path: |
+            ${{ runner.temp }}/query-packs/*
+          retention-days: 1
+          include-hidden-files: true
+
+  package:
+    runs-on: ubuntu-latest
+    needs: [build, compile-queries]
+    steps:
+      - uses: actions/checkout@v5
+      - uses: actions/download-artifact@v4
+        with:
+          name: ruby.dbscheme
+          path: ruby/ruby
+      - uses: actions/download-artifact@v4
+        with:
+          name: extractor-ubuntu-latest
+          path: ruby/linux64
+      - uses: actions/download-artifact@v4
+        with:
+          name: extractor-windows-latest
+          path: ruby/win64
+      - uses: actions/download-artifact@v4
+        with:
+          name: extractor-macos-latest
+          path: ruby/osx64
+      - run: |
+          mkdir -p ruby
+          cp -r codeql-extractor.yml tools ql/lib/ruby.dbscheme.stats ruby/
+          mkdir -p ruby/tools/{linux64,osx64,win64}
+          cp linux64/codeql-extractor-ruby ruby/tools/linux64/extractor
+          cp osx64/codeql-extractor-ruby ruby/tools/osx64/extractor
+          cp win64/codeql-extractor-ruby.exe ruby/tools/win64/extractor.exe
+          chmod +x ruby/tools/{linux64,osx64}/extractor
+          zip -rq codeql-ruby.zip ruby
+      - uses: actions/upload-artifact@v4
+        with:
+          name: codeql-ruby-pack
+          path: ruby/codeql-ruby.zip
+          retention-days: 1
+          include-hidden-files: true
+      - uses: actions/download-artifact@v4
+        with:
+          name: codeql-ruby-queries
+          path: ruby/qlpacks
+      - run: |
+          echo '{
+            "provide": [
+            "ruby/codeql-extractor.yml",
+            "qlpacks/*/*/*/qlpack.yml"
+            ]
+          }' > .codeqlmanifest.json
+          zip -rq codeql-ruby-bundle.zip .codeqlmanifest.json ruby qlpacks
+      - uses: actions/upload-artifact@v4
+        with:
+          name: codeql-ruby-bundle
+          path: ruby/codeql-ruby-bundle.zip
+          retention-days: 1
+          include-hidden-files: true
+
+  test:
+    defaults:
+      run:
+        working-directory: ${{ github.workspace }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, macos-latest, windows-latest]
+
+    runs-on: ${{ matrix.os }}
+    needs: [package]
+    steps:
+      - uses: actions/checkout@v5
+      - name: Fetch CodeQL
+        uses: ./.github/actions/fetch-codeql
+
+      - name: Download Ruby bundle
+        uses: actions/download-artifact@v4
+        with:
+          name: codeql-ruby-bundle
+          path: ${{ runner.temp }}
+      - name: Unzip Ruby bundle
+        shell: bash
+        run: unzip -q -d "${{ runner.temp }}/ruby-bundle" "${{ runner.temp }}/codeql-ruby-bundle.zip"
+
+      - name: Run QL test
+        shell: bash
+        run: |
+          codeql test run --search-path "${{ runner.temp }}/ruby-bundle" --additional-packs "${{ runner.temp }}/ruby-bundle" ruby/ql/test/library-tests/ast/constants/
+      - name: Create database
+        shell: bash
+        run: |
+          codeql database create --search-path "${{ runner.temp }}/ruby-bundle" --language ruby --source-root ruby/ql/test/library-tests/ast/constants/ ../database
+      - name: Analyze database
+        shell: bash
+        run: |
+          codeql database analyze --search-path "${{ runner.temp }}/ruby-bundle" --format=sarifv2.1.0 --output=out.sarif ../database ruby-code-scanning.qls

.github/workflows/ruby-dataset-measure.yml

@@ -0,0 +1,75 @@
+name: "Ruby: Collect database stats"
+
+on:
+  push:
+    branches:
+      - main
+      - "rc/*"
+    paths:
+      - ruby/ql/lib/ruby.dbscheme
+      - .github/workflows/ruby-dataset-measure.yml
+  pull_request:
+    branches:
+      - main
+      - "rc/*"
+    paths:
+      - ruby/ql/lib/ruby.dbscheme
+      - .github/workflows/ruby-dataset-measure.yml
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  measure:
+    env:
+      CODEQL_THREADS: 4 # TODO: remove this once it's set by the CLI
+    strategy:
+      fail-fast: false
+      matrix:
+        repo: [rails/rails, discourse/discourse, spree/spree, ruby/ruby]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+
+      - uses: ./.github/actions/fetch-codeql
+
+      - uses: ./ruby/actions/create-extractor-pack
+
+      - name: Checkout ${{ matrix.repo }}
+        uses: actions/checkout@v5
+        with:
+          repository: ${{ matrix.repo }}
+          path: ${{ github.workspace }}/repo
+      - name: Create database
+        run: |
+          codeql database create \
+            --search-path "${{ github.workspace }}" \
+            --threads 4 \
+            --language ruby --source-root "${{ github.workspace }}/repo" \
+            "${{ runner.temp }}/database"
+      - name: Measure database
+        run: |
+          mkdir -p "stats/${{ matrix.repo }}"
+          codeql dataset measure --threads 4 --output "stats/${{ matrix.repo }}/stats.xml" "${{ runner.temp }}/database/db-ruby"
+      - uses: actions/upload-artifact@v4
+        with:
+          name: measurements-${{ hashFiles('stats/**') }}
+          path: stats
+          retention-days: 1
+
+  merge:
+    runs-on: ubuntu-latest
+    needs: measure
+    steps:
+      - uses: actions/checkout@v5
+      - uses: actions/download-artifact@v4
+        with:
+          path: stats
+      - run: |
+          python -m pip install --user lxml
+          find stats -name 'stats.xml' | sort | xargs python ruby/scripts/merge_stats.py --output ruby/ql/lib/ruby.dbscheme.stats --normalise ruby_tokeninfo
+      - uses: actions/upload-artifact@v4
+        with:
+          name: ruby.dbscheme.stats
+          path: ruby/ql/lib/ruby.dbscheme.stats

.github/workflows/ruby-qltest-rtjo.yml

@@ -0,0 +1,40 @@
+name: "Ruby: Run RTJO Language Tests"
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - labeled
+
+env:
+  CARGO_TERM_COLOR: always
+
+defaults:
+  run:
+    working-directory: ruby
+
+permissions:
+  contents: read
+
+jobs:
+  qltest-rtjo:
+    if: "github.repository_owner == 'github' && github.event.label.name == 'Run: RTJO Language Tests'"
+    runs-on: ubuntu-latest-xl
+    strategy:
+      fail-fast: false
+    steps:
+      - uses: actions/checkout@v5
+      - uses: ./.github/actions/fetch-codeql
+      - uses: ./ruby/actions/create-extractor-pack
+      - name: Cache compilation cache
+        id: query-cache
+        uses: ./.github/actions/cache-query-compilation
+        with:
+          key: ruby-qltest
+      - name: Run QL tests
+        run: |
+          codeql test run --dynamic-join-order-mode=all --threads=0 --ram 50000 --search-path "${{ github.workspace }}" --check-databases --check-diff-informed --check-undefined-labels --check-unused-labels --check-repeated-labels --check-redefined-labels --check-use-before-definition --consistency-queries ql/consistency-queries ql/test --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}"
+        env:
+          GITHUB_TOKEN: ${{ github.token }}

.github/workflows/ruby-qltest.yml

@@ -0,0 +1,73 @@
+name: "Ruby: Run QL Tests"
+
+on:
+  push:
+    paths:
+      - "ruby/**"
+      - "shared/**"
+      - .github/workflows/ruby-build.yml
+      - .github/actions/fetch-codeql/action.yml
+      - codeql-workspace.yml
+    branches:
+      - main
+      - "rc/*"
+  pull_request:
+    paths:
+      - "ruby/**"
+      - "shared/**"
+      - .github/workflows/ruby-qltest.yml
+      - .github/actions/fetch-codeql/action.yml
+      - codeql-workspace.yml
+    branches:
+      - main
+      - "rc/*"
+
+env:
+  CARGO_TERM_COLOR: always
+
+defaults:
+  run:
+    working-directory: ruby
+
+permissions:
+  contents: read
+
+jobs:
+  qlupgrade:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+      - uses: ./.github/actions/fetch-codeql
+      - name: Check DB upgrade scripts
+        run: |
+          echo >empty.trap
+          codeql dataset import -S ql/lib/upgrades/initial/ruby.dbscheme testdb empty.trap
+          codeql dataset upgrade testdb --additional-packs ql/lib
+          diff -q testdb/ruby.dbscheme ql/lib/ruby.dbscheme
+      - name: Check DB downgrade scripts
+        run: |
+          echo >empty.trap
+          rm -rf testdb; codeql dataset import -S ql/lib/ruby.dbscheme testdb empty.trap
+          codeql resolve upgrades --format=lines --allow-downgrades --additional-packs downgrades \
+           --dbscheme=ql/lib/ruby.dbscheme --target-dbscheme=downgrades/initial/ruby.dbscheme |
+           xargs codeql execute upgrades testdb
+          diff -q testdb/ruby.dbscheme downgrades/initial/ruby.dbscheme
+  qltest:
+    if: github.repository_owner == 'github'
+    runs-on: ubuntu-latest-xl
+    strategy:
+      fail-fast: false
+    steps:
+      - uses: actions/checkout@v5
+      - uses: ./.github/actions/fetch-codeql
+      - uses: ./ruby/actions/create-extractor-pack
+      - name: Cache compilation cache
+        id: query-cache
+        uses: ./.github/actions/cache-query-compilation
+        with:
+          key: ruby-qltest
+      - name: Run QL tests
+        run: |
+          codeql test run --threads=0 --ram 50000 --search-path "${{ github.workspace }}" --check-databases --check-diff-informed --check-undefined-labels --check-unused-labels --check-repeated-labels --check-redefined-labels --check-use-before-definition --consistency-queries ql/consistency-queries ql/test --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}"
+        env:
+          GITHUB_TOKEN: ${{ github.token }}

.pre-commit-config.yaml

@@ -7,9 +7,9 @@ repos:
     rev: v3.2.0
     hooks:
       - id: trailing-whitespace
-        exclude: /test([^/]*)/.*$(?<!\.qlref)|.*\.patch$|.*\.qll?$
+        exclude: /test/.*$(?<!\.qlref)|.*\.patch$|.*\.qll?$
       - id: end-of-file-fixer
-        exclude: Cargo.lock$|/test([^/]*)/.*$(?<!\.qlref)|.*\.patch$|.*\.qll?$
+        exclude: Cargo.lock$|/test/.*$(?<!\.qlref)|.*\.patch$|.*\.qll?$
 
   - repo: https://github.com/pre-commit/mirrors-clang-format
     rev: v17.0.6

MODULE.bazel

@@ -21,12 +21,12 @@ bazel_dep(name = "rules_java", version = "9.6.1")
 bazel_dep(name = "rules_pkg", version = "1.2.0")
 bazel_dep(name = "rules_nodejs", version = "6.7.3")
 bazel_dep(name = "rules_python", version = "1.9.0")
-bazel_dep(name = "rules_shell", version = "0.7.1")
+bazel_dep(name = "rules_shell", version = "0.6.1")
 bazel_dep(name = "bazel_skylib", version = "1.9.0")
 bazel_dep(name = "abseil-cpp", version = "20260107.1", repo_name = "absl")
 bazel_dep(name = "nlohmann_json", version = "3.11.3", repo_name = "json")
 bazel_dep(name = "fmt", version = "12.1.0-codeql.1")
-bazel_dep(name = "rules_kotlin", version = "2.2.2-codeql.1")
+bazel_dep(name = "rules_kotlin", version = "2.3.20.codeql.1")
 bazel_dep(name = "gazelle", version = "0.47.0")
 bazel_dep(name = "rules_dotnet", version = "0.21.5-codeql.1")
 bazel_dep(name = "googletest", version = "1.17.0.bcr.2")
@@ -242,7 +242,6 @@ use_repo(
     "kotlin-compiler-2.2.0-Beta1",
     "kotlin-compiler-2.2.20-Beta2",
     "kotlin-compiler-2.3.0",
-    "kotlin-compiler-2.3.20",
     "kotlin-compiler-embeddable-1.8.0",
     "kotlin-compiler-embeddable-1.9.0-Beta",
     "kotlin-compiler-embeddable-1.9.20-Beta",
@@ -253,7 +252,6 @@ use_repo(
     "kotlin-compiler-embeddable-2.2.0-Beta1",
     "kotlin-compiler-embeddable-2.2.20-Beta2",
     "kotlin-compiler-embeddable-2.3.0",
-    "kotlin-compiler-embeddable-2.3.20",
     "kotlin-stdlib-1.8.0",
     "kotlin-stdlib-1.9.0-Beta",
     "kotlin-stdlib-1.9.20-Beta",
@@ -264,7 +262,6 @@ use_repo(
     "kotlin-stdlib-2.2.0-Beta1",
     "kotlin-stdlib-2.2.20-Beta2",
     "kotlin-stdlib-2.3.0",
-    "kotlin-stdlib-2.3.20",
 )
 
 go_sdk = use_extension("@rules_go//go:extensions.bzl", "go_sdk")

actions/ql/lib/CHANGELOG.md

@@ -1,11 +1,3 @@
-## 0.4.32
-
-No user-facing changes.
-
-## 0.4.31
-
-No user-facing changes.
-
 ## 0.4.30
 
 No user-facing changes.

actions/ql/lib/change-notes/released/0.4.31.md

@@ -1,3 +0,0 @@
-## 0.4.31
-
-No user-facing changes.

actions/ql/lib/change-notes/released/0.4.32.md

@@ -1,3 +0,0 @@
-## 0.4.32
-
-No user-facing changes.

actions/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.32
+lastReleaseVersion: 0.4.30

actions/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/actions-all
-version: 0.4.33-dev
+version: 0.4.31-dev
 library: true
 warnOnImplicitThis: true
 dependencies:

actions/ql/src/CHANGELOG.md

@@ -1,11 +1,3 @@
-## 0.6.24
-
-No user-facing changes.
-
-## 0.6.23
-
-No user-facing changes.
-
 ## 0.6.22
 
 No user-facing changes.

actions/ql/src/change-notes/released/0.6.23.md

@@ -1,3 +0,0 @@
-## 0.6.23
-
-No user-facing changes.

actions/ql/src/change-notes/released/0.6.24.md

@@ -1,3 +0,0 @@
-## 0.6.24
-
-No user-facing changes.

actions/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.24
+lastReleaseVersion: 0.6.22

actions/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/actions-queries
-version: 0.6.25-dev
+version: 0.6.23-dev
 library: false
 warnOnImplicitThis: true
 groups: [actions, queries]

cpp/ql/integration-tests/query-suite/cpp-code-scanning.qls.expected

@@ -52,6 +52,5 @@ ql/cpp/ql/src/Summary/LinesOfUserCode.ql
 ql/cpp/ql/src/Telemetry/CompilerErrors.ql
 ql/cpp/ql/src/Telemetry/DatabaseQuality.ql
 ql/cpp/ql/src/Telemetry/ExtractionMetrics.ql
-ql/cpp/ql/src/Telemetry/ExtractorInformation.ql
 ql/cpp/ql/src/Telemetry/MissingIncludes.ql
 ql/cpp/ql/src/Telemetry/SucceededIncludes.ql

cpp/ql/integration-tests/query-suite/cpp-security-and-quality.qls.expected

@@ -160,7 +160,6 @@ ql/cpp/ql/src/Summary/LinesOfUserCode.ql
 ql/cpp/ql/src/Telemetry/CompilerErrors.ql
 ql/cpp/ql/src/Telemetry/DatabaseQuality.ql
 ql/cpp/ql/src/Telemetry/ExtractionMetrics.ql
-ql/cpp/ql/src/Telemetry/ExtractorInformation.ql
 ql/cpp/ql/src/Telemetry/MissingIncludes.ql
 ql/cpp/ql/src/Telemetry/SucceededIncludes.ql
 ql/cpp/ql/src/jsf/4.06 Pre-Processing Directives/AV Rule 32.ql

cpp/ql/integration-tests/query-suite/cpp-security-extended.qls.expected

@@ -93,6 +93,5 @@ ql/cpp/ql/src/Summary/LinesOfUserCode.ql
 ql/cpp/ql/src/Telemetry/CompilerErrors.ql
 ql/cpp/ql/src/Telemetry/DatabaseQuality.ql
 ql/cpp/ql/src/Telemetry/ExtractionMetrics.ql
-ql/cpp/ql/src/Telemetry/ExtractorInformation.ql
 ql/cpp/ql/src/Telemetry/MissingIncludes.ql
 ql/cpp/ql/src/Telemetry/SucceededIncludes.ql

cpp/ql/lib/CHANGELOG.md

@@ -1,11 +1,3 @@
-## 8.0.3
-
-No user-facing changes.
-
-## 8.0.2
-
-No user-facing changes.
-
 ## 8.0.1
 
 ### Minor Analysis Improvements

cpp/ql/lib/change-notes/2026-03-20-add-indirect-uninitialized-node.md

@@ -1,4 +0,0 @@
----
-category: feature
----
-* Added a class `IndirectUninitializedNode` to represent the indirection of an uninitialized local variable as a dataflow node.

cpp/ql/lib/change-notes/2026-03-23-indirect-parameter-nodes-and-indirect-instructions.md

@@ -1,5 +0,0 @@
----
-category: feature
----
-* Added a class `DataFlow::IndirectParameterNode` to represent the indirection of a parameter as a dataflow node.
-* Added a predicate `Node::asIndirectInstruction` which returns the `Instruction` that defines the indirect dataflow node, if any.

cpp/ql/lib/change-notes/2026-03-24-field-init.md

@@ -1,5 +0,0 @@
----
-category: feature
----
-* Added a class `ConstructorDirectFieldInit` to represent field initializations that occur in member initializer lists.
-* Added a class `ConstructorDefaultFieldInit` to represent default field initializations.

cpp/ql/lib/change-notes/2026-03-26-convert-csv-models-to-yml.md

@@ -1,4 +0,0 @@
----
-category: breaking
----
-* The `SourceModelCsv`, `SinkModelCsv`, and `SummaryModelCsv` classes and the associated CSV parsing infrastructure have been removed from `ExternalFlow.qll`. New models should be added as `.model.yml` files in the `ext/` directory.

cpp/ql/lib/change-notes/2026-03-30-nsdmi-dataflow.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Added dataflow through members initialized via non-static data member initialization (NSDMI).

cpp/ql/lib/change-notes/2026-03-31-http-flow-sources.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Added `HttpReceiveHttpRequest`, `HttpReceiveRequestEntityBody`, and `HttpReceiveClientCertificate` from Win32's `http.h` as remote flow sources.

cpp/ql/lib/change-notes/2026-03-31-meson.md

@@ -1,4 +0,0 @@
----
-category: feature
----
-* Added a subclass `MesonPrivateTestFile` of `ConfigurationTestFile` that represents files created by Meson to test the build configuration.

cpp/ql/lib/change-notes/2026-04-07-autoconf.md

@@ -1,4 +0,0 @@
----
-category: feature
----
-* Added a subclass `AutoconfConfigureTestFile` of `ConfigurationTestFile` that represents files created by GNU autoconf configure scripts to test the build configuration.

cpp/ql/lib/change-notes/released/8.0.2.md

@@ -1,3 +0,0 @@
-## 8.0.2
-
-No user-facing changes.

cpp/ql/lib/change-notes/released/8.0.3.md

@@ -1,3 +0,0 @@
-## 8.0.3
-
-No user-facing changes.

cpp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 8.0.3
+lastReleaseVersion: 8.0.1

cpp/ql/lib/ext/Windows.model.yml

@@ -31,9 +31,6 @@ extensions:
       - ["", "", False, "WinHttpQueryHeadersEx", "", "", "Argument[*5]", "remote", "manual"]
       - ["", "", False, "WinHttpQueryHeadersEx", "", "", "Argument[*6]", "remote", "manual"]
       - ["", "", False, "WinHttpQueryHeadersEx", "", "", "Argument[**8]", "remote", "manual"]
-      - ["", "", False, "HttpReceiveHttpRequest", "", "", "Argument[*3]", "remote", "manual"]
-      - ["", "", False, "HttpReceiveRequestEntityBody", "", "", "Argument[*3]", "remote", "manual"]
-      - ["", "", False, "HttpReceiveClientCertificate", "", "", "Argument[*3]", "remote", "manual"]
   - addsTo:
       pack: codeql/cpp-all
       extensible: summaryModel

cpp/ql/lib/ext/ZMQ.model.yml

@@ -1,22 +0,0 @@
-# ZeroMQ networking library models
-extensions:
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: sourceModel
-    data: # namespace, type, subtypes, name, signature, ext, output, kind, provenance
-      - ["", "", False, "zmq_recv", "", "", "Argument[*1]", "remote", "manual"]
-      - ["", "", False, "zmq_recvmsg", "", "", "Argument[*1]", "remote", "manual"]
-      - ["", "", False, "zmq_msg_recv", "", "", "Argument[*0]", "remote", "manual"]
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: sinkModel
-    data: # namespace, type, subtypes, name, signature, ext, input, kind, provenance
-      - ["", "", False, "zmq_send", "", "", "Argument[*1]", "remote-sink", "manual"]
-      - ["", "", False, "zmq_sendmsg", "", "", "Argument[*1]", "remote-sink", "manual"]
-      - ["", "", False, "zmq_msg_send", "", "", "Argument[*0]", "remote-sink", "manual"]
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: summaryModel
-    data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
-      - ["", "", False, "zmq_msg_init_data", "", "", "Argument[*1]", "Argument[*0]", "taint", "manual"]
-      - ["", "", False, "zmq_msg_data", "", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"]

cpp/ql/lib/ext/getc.model.yml

@@ -1,19 +0,0 @@
-# Models for getc and similar character-reading functions
-extensions:
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: sourceModel
-    data: # namespace, type, subtypes, name, signature, ext, output, kind, provenance
-      - ["", "", False, "getc", "", "", "ReturnValue", "remote", "manual"]
-      - ["", "", False, "getwc", "", "", "ReturnValue", "remote", "manual"]
-      - ["", "", False, "_getc_nolock", "", "", "ReturnValue", "remote", "manual"]
-      - ["", "", False, "_getwc_nolock", "", "", "ReturnValue", "remote", "manual"]
-      - ["", "", False, "getch", "", "", "ReturnValue", "local", "manual"]
-      - ["", "", False, "_getch", "", "", "ReturnValue", "local", "manual"]
-      - ["", "", False, "_getwch", "", "", "ReturnValue", "local", "manual"]
-      - ["", "", False, "_getch_nolock", "", "", "ReturnValue", "local", "manual"]
-      - ["", "", False, "_getwch_nolock", "", "", "ReturnValue", "local", "manual"]
-      - ["", "", False, "getchar", "", "", "ReturnValue", "local", "manual"]
-      - ["", "", False, "getwchar", "", "", "ReturnValue", "local", "manual"]
-      - ["", "", False, "_getchar_nolock", "", "", "ReturnValue", "local", "manual"]
-      - ["", "", False, "_getwchar_nolock", "", "", "ReturnValue", "local", "manual"]

cpp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 8.0.4-dev
+version: 8.0.2-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

cpp/ql/lib/semmle/code/cpp/ConfigurationTestFile.qll

@@ -26,26 +26,3 @@ class CmakeTryCompileFile extends ConfigurationTestFile {
     )
   }
 }
-
-/**
- * A file created by Meson to test the system configuration.
- */
-class MesonPrivateTestFile extends ConfigurationTestFile {
-  MesonPrivateTestFile() {
-    this.getBaseName() = "testfile.c" and
-    exists(Folder folder, Folder parent |
-      folder = this.getParentContainer() and
-      parent = folder.getParentContainer()
-    |
-      folder.getBaseName().matches("tmp%") and
-      parent.getBaseName() = "meson-private"
-    )
-  }
-}
-
-/**
- * A file created by a GNU autoconf configure script to test the system configuration.
- */
-class AutoconfConfigureTestFile extends ConfigurationTestFile {
-  AutoconfConfigureTestFile() { this.getBaseName().regexpMatch("conftest[0-9]*\\.c(pp)?") }
-}

cpp/ql/lib/semmle/code/cpp/commons/Printf.qll

@@ -163,23 +163,12 @@ predicate primitiveVariadicFormatter(
   )
 }
 
-/**
- * Gets a function call whose target is a variadic formatter with the given
- * `type`, `format` parameter index and `output` parameter index.
- *
- * Join-order helper for `callsVariadicFormatter`.
- */
-pragma[nomagic]
-private predicate callsVariadicFormatterCall(FunctionCall fc, string type, int format, int output) {
-  variadicFormatter(fc.getTarget(), type, format, output)
-}
-
 private predicate callsVariadicFormatter(
   Function f, string type, int formatParamIndex, int outputParamIndex
 ) {
   // calls a variadic formatter with `formatParamIndex`, `outputParamIndex` linked
   exists(FunctionCall fc, int format, int output |
-    callsVariadicFormatterCall(fc, type, format, output) and
+    variadicFormatter(pragma[only_bind_into](fc.getTarget()), type, format, output) and
     fc.getEnclosingFunction() = f and
     fc.getArgument(format) = f.getParameter(formatParamIndex).getAnAccess() and
     fc.getArgument(output) = f.getParameter(outputParamIndex).getAnAccess()
@@ -187,7 +176,7 @@ private predicate callsVariadicFormatter(
   or
   // calls a variadic formatter with only `formatParamIndex` linked
   exists(FunctionCall fc, string calledType, int format, int output |
-    callsVariadicFormatterCall(fc, calledType, format, output) and
+    variadicFormatter(pragma[only_bind_into](fc.getTarget()), calledType, format, output) and
     fc.getEnclosingFunction() = f and
     fc.getArgument(format) = f.getParameter(formatParamIndex).getAnAccess() and
     not fc.getArgument(output) = f.getParameter(_).getAnAccess() and

cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll

@@ -1,10 +1,9 @@
 /**
  * INTERNAL use only. This is an experimental API subject to change without notice.
  *
- * Provides classes and predicates for dealing with flow models specified
- * in data extension files.
+ * Provides classes and predicates for dealing with flow models specified in CSV format.
  *
- * The extensible relations have the following columns:
+ * The CSV specification has the following columns:
  * - Sources:
  *   `namespace; type; subtypes; name; signature; ext; output; kind`
  * - Sinks:
@@ -105,9 +104,117 @@ private import internal.FlowSummaryImpl::Private
 private import internal.FlowSummaryImpl::Private::External
 private import internal.ExternalFlowExtensions::Extensions as Extensions
 private import codeql.mad.ModelValidation as SharedModelVal
+private import codeql.util.Unit
 private import codeql.mad.static.ModelsAsData as SharedMaD
 
+/**
+ * A unit class for adding additional source model rows.
+ *
+ * Extend this class to add additional source definitions.
+ */
+class SourceModelCsv extends Unit {
+  /** Holds if `row` specifies a source definition. */
+  abstract predicate row(string row);
+}
+
+/**
+ * A unit class for adding additional sink model rows.
+ *
+ * Extend this class to add additional sink definitions.
+ */
+class SinkModelCsv extends Unit {
+  /** Holds if `row` specifies a sink definition. */
+  abstract predicate row(string row);
+}
+
+/**
+ * A unit class for adding additional summary model rows.
+ *
+ * Extend this class to add additional flow summary definitions.
+ */
+class SummaryModelCsv extends Unit {
+  /** Holds if `row` specifies a summary definition. */
+  abstract predicate row(string row);
+}
+
+/** Holds if `row` is a source model. */
+predicate sourceModel(string row) { any(SourceModelCsv s).row(row) }
+
+/** Holds if `row` is a sink model. */
+predicate sinkModel(string row) { any(SinkModelCsv s).row(row) }
+
+/** Holds if `row` is a summary model. */
+predicate summaryModel(string row) { any(SummaryModelCsv s).row(row) }
+
 private module MadInput implements SharedMaD::InputSig {
+  /** Holds if a source model exists for the given parameters. */
+  predicate additionalSourceModel(
+    string namespace, string type, boolean subtypes, string name, string signature, string ext,
+    string output, string kind, string provenance, string model
+  ) {
+    exists(string row |
+      sourceModel(row) and
+      row.splitAt(";", 0) = namespace and
+      row.splitAt(";", 1) = type and
+      row.splitAt(";", 2) = subtypes.toString() and
+      subtypes = [true, false] and
+      row.splitAt(";", 3) = name and
+      row.splitAt(";", 4) = signature and
+      row.splitAt(";", 5) = ext and
+      row.splitAt(";", 6) = output and
+      row.splitAt(";", 7) = kind
+    ) and
+    provenance = "manual" and
+    model = ""
+  }
+
+  /** Holds if a sink model exists for the given parameters. */
+  predicate additionalSinkModel(
+    string namespace, string type, boolean subtypes, string name, string signature, string ext,
+    string input, string kind, string provenance, string model
+  ) {
+    exists(string row |
+      sinkModel(row) and
+      row.splitAt(";", 0) = namespace and
+      row.splitAt(";", 1) = type and
+      row.splitAt(";", 2) = subtypes.toString() and
+      subtypes = [true, false] and
+      row.splitAt(";", 3) = name and
+      row.splitAt(";", 4) = signature and
+      row.splitAt(";", 5) = ext and
+      row.splitAt(";", 6) = input and
+      row.splitAt(";", 7) = kind
+    ) and
+    provenance = "manual" and
+    model = ""
+  }
+
+  /**
+   * Holds if a summary model exists for the given parameters.
+   *
+   * This predicate does not expand `@` to `*`s.
+   */
+  predicate additionalSummaryModel(
+    string namespace, string type, boolean subtypes, string name, string signature, string ext,
+    string input, string output, string kind, string provenance, string model
+  ) {
+    exists(string row |
+      summaryModel(row) and
+      row.splitAt(";", 0) = namespace and
+      row.splitAt(";", 1) = type and
+      row.splitAt(";", 2) = subtypes.toString() and
+      subtypes = [true, false] and
+      row.splitAt(";", 3) = name and
+      row.splitAt(";", 4) = signature and
+      row.splitAt(";", 5) = ext and
+      row.splitAt(";", 6) = input and
+      row.splitAt(";", 7) = output and
+      row.splitAt(";", 8) = kind
+    ) and
+    provenance = "manual" and
+    model = ""
+  }
+
   string namespaceSegmentSeparator() { result = "::" }
 }
 
@@ -143,8 +250,8 @@ predicate summaryModel(
   )
 }
 
-/** Provides a query predicate to check the data for validation errors. */
-module ModelValidation {
+/** Provides a query predicate to check the CSV data for validation errors. */
+module CsvValidation {
   private string getInvalidModelInput() {
     exists(string pred, AccessPath input, string part |
       sinkModel(_, _, _, _, _, _, input, _, _, _) and pred = "sink"
@@ -187,6 +294,40 @@ module ModelValidation {
 
   private module KindVal = SharedModelVal::KindValidation<KindValConfig>;
 
+  private string getInvalidModelSubtype() {
+    exists(string pred, string row |
+      sourceModel(row) and pred = "source"
+      or
+      sinkModel(row) and pred = "sink"
+      or
+      summaryModel(row) and pred = "summary"
+    |
+      exists(string b |
+        b = row.splitAt(";", 2) and
+        not b = ["true", "false"] and
+        result = "Invalid boolean \"" + b + "\" in " + pred + " model."
+      )
+    )
+  }
+
+  private string getInvalidModelColumnCount() {
+    exists(string pred, string row, int expect |
+      sourceModel(row) and expect = 8 and pred = "source"
+      or
+      sinkModel(row) and expect = 8 and pred = "sink"
+      or
+      summaryModel(row) and expect = 9 and pred = "summary"
+    |
+      exists(int cols |
+        cols = 1 + max(int n | exists(row.splitAt(";", n))) and
+        cols != expect and
+        result =
+          "Wrong number of columns in " + pred + " model row, expected " + expect + ", got " + cols +
+            "."
+      )
+    )
+  }
+
   private string getInvalidModelSignature() {
     exists(string pred, string namespace, string type, string name, string signature, string ext |
       sourceModel(namespace, type, _, name, signature, ext, _, _, _, _) and pred = "source"
@@ -225,12 +366,13 @@ module ModelValidation {
     )
   }
 
-  /** Holds if some row in a MaD flow model appears to contain typos. */
+  /** Holds if some row in a CSV-based flow model appears to contain typos. */
   query predicate invalidModelRow(string msg) {
     msg =
       [
         getInvalidModelSignature(), getInvalidModelInput(), getInvalidModelOutput(),
-        KindVal::getInvalidModelKind(), getIncorrectConstructorSummaryOutput()
+        getInvalidModelSubtype(), getInvalidModelColumnCount(), KindVal::getInvalidModelKind(),
+        getIncorrectConstructorSummaryOutput()
       ]
   }
 }
@@ -884,7 +1026,7 @@ private module Cached {
   }
 
   /**
-   * Holds if `node` is specified as a source with the given kind in a MaD flow
+   * Holds if `node` is specified as a source with the given kind in a CSV flow
    * model.
    */
   cached
@@ -895,7 +1037,7 @@ private module Cached {
   }
 
   /**
-   * Holds if `node` is specified as a sink with the given kind in a MaD flow
+   * Holds if `node` is specified as a sink with the given kind in a CSV flow
    * model.
    */
   cached

cpp/ql/lib/semmle/code/cpp/exprs/Call.qll

@@ -585,15 +585,12 @@ class ConstructorDelegationInit extends ConstructorBaseInit, @ctordelegatinginit
 
 /**
  * An initialization of a member variable performed as part of a
- * constructor's initializer list or by default initialization.
- *
+ * constructor's explicit initializer list or implicit actions.
  * In the example below, member variable `b` is being initialized by
- * constructor parameter `a`, and `c` is initialized by default
- * initialization:
+ * constructor parameter `a`:
  * ```
  * struct S {
  *   int b;
- *   int c = 3;
  *   S(int a): b(a) {}
  * } s(2);
  * ```
@@ -619,28 +616,6 @@ class ConstructorFieldInit extends ConstructorInit, @ctorfieldinit {
   override predicate mayBeGloballyImpure() { this.getExpr().mayBeGloballyImpure() }
 }
 
-/**
- * An initialization of a member variable performed as part of a
- * constructor's explicit initializer list.
- */
-class ConstructorDirectFieldInit extends ConstructorFieldInit {
-  ConstructorDirectFieldInit() { exists(this.getChild(0)) }
-
-  override string getAPrimaryQlClass() { result = "ConstructorDirectFieldInit" }
-}
-
-/**
- * An initialization of a member variable performed by default
- * initialization.
- */
-class ConstructorDefaultFieldInit extends ConstructorFieldInit {
-  ConstructorDefaultFieldInit() {
-    not exists(this.getChild(0)) and exists(this.getTarget().getInitializer())
-  }
-
-  override string getAPrimaryQlClass() { result = "ConstructorDefaultFieldInit" }
-}
-
 /**
  * A call to a destructor of a base class or field as part of a destructor's
  * compiler-generated actions.

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowDispatch.qll

@@ -238,12 +238,7 @@ private module TrackVirtualDispatch<methodDispatchSig/1 virtualDispatch0> {
 
   private import TypeTracking<Location, TtInput>::TypeTrack<qualifierSource/1>::Graph<qualifierOfVirtualCall/1>
 
-  private predicate isSource(PathNode n) { n.isSource() }
-
-  private predicate isSink(PathNode n) { n.isSink() }
-
-  private predicate edgePlus(PathNode n1, PathNode n2) =
-    doublyBoundedFastTC(edges/2, isSource/1, isSink/1)(n1, n2)
+  private predicate edgePlus(PathNode n1, PathNode n2) = fastTC(edges/2)(n1, n2)
 
   /**
    * Gets the most specific implementation of `mf` that may be called when the
@@ -260,15 +255,6 @@ private module TrackVirtualDispatch<methodDispatchSig/1 virtualDispatch0> {
     )
   }
 
-  pragma[nomagic]
-  private MemberFunction mostSpecificForSource(PathNode p1, MemberFunction mf) {
-    p1.isSource() and
-    exists(Class derived |
-      qualifierSourceImpl(p1.getNode(), derived) and
-      result = mostSpecific(mf, derived)
-    )
-  }
-
   /**
    * Gets a possible pair of end-points `(p1, p2)` where:
    * - `p1` is a derived-to-base conversion that converts from some
@@ -278,16 +264,16 @@ private module TrackVirtualDispatch<methodDispatchSig/1 virtualDispatch0> {
    * - `callable` is the most specific implementation that may be called when
    * the qualifier has type `derived`.
    */
-  bindingset[p1, p2]
-  pragma[inline_late]
   private predicate pairCand(
     PathNode p1, PathNode p2, DataFlowPrivate::DataFlowCallable callable,
     DataFlowPrivate::DataFlowCall call
   ) {
-    p2.isSink() and
-    exists(MemberFunction mf |
+    exists(Class derived, MemberFunction mf |
+      qualifierSourceImpl(p1.getNode(), derived) and
       qualifierOfVirtualCallImpl(p2.getNode(), call.asCallInstruction(), mf) and
-      callable.asSourceCallable() = mostSpecificForSource(p1, mf)
+      p1.isSource() and
+      p2.isSink() and
+      callable.asSourceCallable() = mostSpecific(mf, derived)
     )
   }
 

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowNodes.qll

@@ -321,12 +321,6 @@ module Public {
      */
     Operand asIndirectOperand(int index) { hasOperandAndIndex(this, result, index) }
 
-    /**
-     * Gets the instruction that is indirectly tracked by this node behind
-     * `index` number of indirections.
-     */
-    Instruction asIndirectInstruction(int index) { hasInstructionAndIndex(this, result, index) }
-
     /**
      * Holds if this node is at index `i` in basic block `block`.
      *
@@ -623,25 +617,6 @@ module Public {
      */
     LocalVariable asUninitialized() { result = this.(UninitializedNode).getLocalVariable() }
 
-    /**
-     * Gets the uninitialized local variable corresponding to this node behind
-     * `index` number of indirections, if any.
-     */
-    LocalVariable asIndirectUninitialized(int index) {
-      exists(IndirectUninitializedNode indirectUninitializedNode |
-        this = indirectUninitializedNode and
-        indirectUninitializedNode.getIndirectionIndex() = index
-      |
-        result = indirectUninitializedNode.getLocalVariable()
-      )
-    }
-
-    /**
-     * Gets the uninitialized local variable corresponding to this node behind
-     * a number indirections, if any.
-     */
-    LocalVariable asIndirectUninitialized() { result = this.asIndirectUninitialized(_) }
-
     /**
      * Gets the positional parameter corresponding to the node that represents
      * the value of the parameter after `index` number of loads, if any. For
@@ -786,13 +761,16 @@ module Public {
     final override Type getType() { result = this.getPreUpdateNode().getType() }
   }
 
-  abstract private class AbstractUninitializedNode extends Node {
+  /**
+   * The value of an uninitialized local variable, viewed as a node in a data
+   * flow graph.
+   */
+  class UninitializedNode extends Node {
     LocalVariable v;
-    int indirectionIndex;
 
-    AbstractUninitializedNode() {
+    UninitializedNode() {
       exists(SsaImpl::Definition def, SsaImpl::SourceVariable sv |
-        def.getIndirectionIndex() = indirectionIndex and
+        def.getIndirectionIndex() = 0 and
         def.getValue().asInstruction() instanceof UninitializedInstruction and
         SsaImpl::defToNode(this, def, sv) and
         v = sv.getBaseVariable().(SsaImpl::BaseIRVariable).getIRVariable().getAst()
@@ -803,25 +781,6 @@ module Public {
     LocalVariable getLocalVariable() { result = v }
   }
 
-  /**
-   * The value of an uninitialized local variable, viewed as a node in a data
-   * flow graph.
-   */
-  class UninitializedNode extends AbstractUninitializedNode {
-    UninitializedNode() { indirectionIndex = 0 }
-  }
-
-  /**
-   * The value of an uninitialized local variable behind one or more levels of
-   * indirection, viewed as a node in a data flow graph.
-   */
-  class IndirectUninitializedNode extends AbstractUninitializedNode {
-    IndirectUninitializedNode() { indirectionIndex > 0 }
-
-    /** Gets the indirection index of this node. */
-    int getIndirectionIndex() { result = indirectionIndex }
-  }
-
   /**
    * The value of a parameter at function entry, viewed as a node in a data
    * flow graph. This includes both explicit parameters such as `x` in `f(x)`
@@ -836,12 +795,6 @@ module Public {
   /** An explicit positional parameter, including `this`, but not `...`. */
   final class DirectParameterNode = AbstractDirectParameterNode;
 
-  /**
-   * A node representing an indirection of a positional parameter,
-   * including `*this`, but not `*...`.
-   */
-  final class IndirectParameterNode = AbstractIndirectParameterNode;
-
   final class ExplicitParameterNode = AbstractExplicitParameterNode;
 
   /** An implicit `this` parameter. */
@@ -850,6 +803,11 @@ module Public {
   {
     ThisParameterInstructionNode() { instr.getIRVariable() instanceof IRThisVariable }
 
+    override predicate isSourceParameterOf(Function f, ParameterPosition pos) {
+      pos.(DirectPosition).getArgumentIndex() = -1 and
+      instr.getEnclosingFunction() = f
+    }
+
     override string toStringImpl() { result = "this" }
   }
 
@@ -873,11 +831,7 @@ module Public {
 
     /** Gets the parameter through which this value is assigned. */
     Parameter getParameter() {
-      result =
-        this.getCallInstruction()
-            .getStaticCallTarget()
-            .(Function)
-            .getParameter(this.getArgumentIndex())
+      result = this.getCallInstruction().getStaticCallTarget().getParameter(this.getArgumentIndex())
     }
   }
 
@@ -1000,6 +954,11 @@ module Public {
 
 private import Public
 
+/**
+ * A node representing an indirection of a parameter.
+ */
+final class IndirectParameterNode = AbstractIndirectParameterNode;
+
 /**
  * A class that lifts pre-SSA dataflow nodes to regular dataflow nodes.
  */
@@ -1124,7 +1083,7 @@ class IndirectArgumentOutNode extends PostUpdateNodeImpl {
   /**
    * Gets the `Function` that the call targets, if this is statically known.
    */
-  Declaration getStaticCallTarget() { result = this.getCallInstruction().getStaticCallTarget() }
+  Function getStaticCallTarget() { result = this.getCallInstruction().getStaticCallTarget() }
 
   override string toStringImpl() {
     exists(string prefix | if indirectionIndex > 0 then prefix = "" else prefix = "pointer to " |
@@ -1628,7 +1587,7 @@ abstract private class AbstractParameterNode extends Node {
    * implicit `this` parameter is considered to have position `-1`, and
    * pointer-indirection parameters are at further negative positions.
    */
-  predicate isSourceParameterOf(Declaration f, ParameterPosition pos) { none() }
+  predicate isSourceParameterOf(Function f, ParameterPosition pos) { none() }
 
   /**
    * Holds if this node is the parameter of `sc` at the specified position. The
@@ -1654,11 +1613,6 @@ abstract private class AbstractParameterNode extends Node {
 
   /** Gets the `Parameter` associated with this node, if it exists. */
   Parameter getParameter() { none() } // overridden by subclasses
-
-  /**
-   * Holds if this node represents an implicit `this` parameter, if it exists.
-   */
-  predicate isThis() { none() } // overridden by subclasses
 }
 
 abstract private class AbstractIndirectParameterNode extends AbstractParameterNode {
@@ -1687,9 +1641,7 @@ private class IndirectInstructionParameterNode extends AbstractIndirectParameter
   InitializeParameterInstruction init;
 
   IndirectInstructionParameterNode() {
-    IndirectInstruction.super.hasInstructionAndIndirectionIndex(init, _) and
-    // We don't model catch parameters as parameter nodes
-    not exists(init.getParameter().getCatchBlock())
+    IndirectInstruction.super.hasInstructionAndIndirectionIndex(init, _)
   }
 
   int getArgumentIndex() { init.hasIndex(result) }
@@ -1703,17 +1655,16 @@ private class IndirectInstructionParameterNode extends AbstractIndirectParameter
     )
   }
 
+  /** Gets the parameter whose indirection is initialized. */
   override Parameter getParameter() { result = init.getParameter() }
 
-  override predicate isThis() { init.hasIndex(-1) }
-
   override DataFlowCallable getEnclosingCallable() {
     result.asSourceCallable() = this.getFunction()
   }
 
   override Declaration getFunction() { result = init.getEnclosingFunction() }
 
-  override predicate isSourceParameterOf(Declaration f, ParameterPosition pos) {
+  override predicate isSourceParameterOf(Function f, ParameterPosition pos) {
     this.getFunction() = f and
     exists(int argumentIndex, int indirectionIndex |
       indirectPositionHasArgumentIndexAndIndex(pos, argumentIndex, indirectionIndex) and
@@ -1741,18 +1692,6 @@ abstract class InstructionDirectParameterNode extends InstructionNode, AbstractD
    * Gets the `IRVariable` that this parameter references.
    */
   final IRVariable getIRVariable() { result = instr.getIRVariable() }
-
-  override predicate isThis() { instr.hasIndex(-1) }
-
-  override Parameter getParameter() { result = instr.getParameter() }
-
-  override predicate isSourceParameterOf(Declaration f, ParameterPosition pos) {
-    this.getFunction() = f and
-    exists(int argumentIndex |
-      pos.(DirectPosition).getArgumentIndex() = argumentIndex and
-      instr.hasIndex(argumentIndex)
-    )
-  }
 }
 
 abstract private class AbstractExplicitParameterNode extends AbstractDirectParameterNode { }
@@ -1761,12 +1700,15 @@ abstract private class AbstractExplicitParameterNode extends AbstractDirectParam
 private class ExplicitParameterInstructionNode extends AbstractExplicitParameterNode,
   InstructionDirectParameterNode
 {
-  ExplicitParameterInstructionNode() {
-    // We don't model catch parameters as parameter nodes.
-    exists(instr.getParameter().getFunction())
+  ExplicitParameterInstructionNode() { exists(instr.getParameter()) }
+
+  override predicate isSourceParameterOf(Function f, ParameterPosition pos) {
+    f.getParameter(pos.(DirectPosition).getArgumentIndex()) = instr.getParameter()
   }
 
   override string toStringImpl() { result = instr.getParameter().toString() }
+
+  override Parameter getParameter() { result = instr.getParameter() }
 }
 
 /**
@@ -1794,9 +1736,9 @@ private class DirectBodyLessParameterNode extends AbstractExplicitParameterNode,
 {
   DirectBodyLessParameterNode() { indirectionIndex = 0 }
 
-  override predicate isSourceParameterOf(Declaration f, ParameterPosition pos) {
+  override predicate isSourceParameterOf(Function f, ParameterPosition pos) {
     this.getFunction() = f and
-    f.(Function).getParameter(pos.(DirectPosition).getArgumentIndex()) = p
+    f.getParameter(pos.(DirectPosition).getArgumentIndex()) = p
   }
 
   override Parameter getParameter() { result = p }
@@ -1807,10 +1749,10 @@ private class IndirectBodyLessParameterNode extends AbstractIndirectParameterNod
 {
   IndirectBodyLessParameterNode() { not this instanceof DirectBodyLessParameterNode }
 
-  override predicate isSourceParameterOf(Declaration f, ParameterPosition pos) {
+  override predicate isSourceParameterOf(Function f, ParameterPosition pos) {
     exists(int argumentPosition |
       this.getFunction() = f and
-      f.(Function).getParameter(argumentPosition) = p and
+      f.getParameter(argumentPosition) = p and
       indirectPositionHasArgumentIndexAndIndex(pos, argumentPosition, indirectionIndex)
     )
   }

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll

@@ -1170,7 +1170,7 @@ class DataFlowCall extends TDataFlowCall {
   /**
    * Gets the `Function` that the call targets, if this is statically known.
    */
-  Declaration getStaticCallSourceTarget() { none() }
+  Function getStaticCallSourceTarget() { none() }
 
   /**
    * Gets the target of this call. We use the following strategy for deciding
@@ -1182,7 +1182,7 @@ class DataFlowCall extends TDataFlowCall {
    * whether is it manual or generated.
    */
   final DataFlowCallable getStaticCallTarget() {
-    exists(Declaration target | target = this.getStaticCallSourceTarget() |
+    exists(Function target | target = this.getStaticCallSourceTarget() |
       // Don't use the source callable if there is a manual model for the
       // target
       not exists(SummarizedCallable sc |
@@ -1242,7 +1242,7 @@ private class NormalCall extends DataFlowCall, TNormalCall {
 
   override CallTargetOperand getCallTargetOperand() { result = call.getCallTargetOperand() }
 
-  override Declaration getStaticCallSourceTarget() { result = call.getStaticCallTarget() }
+  override Function getStaticCallSourceTarget() { result = call.getStaticCallTarget() }
 
   override ArgumentOperand getArgumentOperand(int index) { result = call.getArgumentOperand(index) }
 

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImplCommon.qll

@@ -11,18 +11,13 @@ private import TypeFlow
 private import semmle.code.cpp.ir.ValueNumbering
 
 /**
- * Gets the C++ type of `this` in an `IRFunction` generated from `f`.
+ * Gets the C++ type of `this` in the member function `f`.
  * The result is a glvalue if `isGLValue` is true, and
  * a prvalue if `isGLValue` is false.
  */
 bindingset[isGLValue]
-private CppType getThisType(Cpp::Declaration f, boolean isGLValue) {
-  result.hasType(f.(Cpp::MemberFunction).getTypeOfThis(), isGLValue)
-  or
-  exists(Cpp::PointerType pt |
-    pt.getBaseType() = f.(Cpp::Field).getDeclaringType() and
-    result.hasType(pt, isGLValue)
-  )
+private CppType getThisType(Cpp::MemberFunction f, boolean isGLValue) {
+  result.hasType(f.getTypeOfThis(), isGLValue)
 }
 
 /**
@@ -180,8 +175,7 @@ private class PointerWrapperTypeIndirection extends Indirection instanceof Point
   override predicate isAdditionalDereference(Instruction deref, Operand address) {
     exists(CallInstruction call |
       operandForFullyConvertedCall(getAUse(deref), call) and
-      this =
-        call.getStaticCallTarget().(Function).getClassAndName(["operator*", "operator->", "get"]) and
+      this = call.getStaticCallTarget().getClassAndName(["operator*", "operator->", "get"]) and
       address = call.getThisArgumentOperand()
     )
   }
@@ -200,7 +194,7 @@ private module IteratorIndirections {
 
     override predicate isAdditionalWrite(Node0Impl value, Operand address, boolean certain) {
       exists(CallInstruction call | call.getArgumentOperand(0) = value.asOperand() |
-        this = call.getStaticCallTarget().(Function).getClassAndName("operator=") and
+        this = call.getStaticCallTarget().getClassAndName("operator=") and
         address = call.getThisArgumentOperand() and
         certain = false
       )

cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll

@@ -495,7 +495,7 @@ class FieldInstruction extends Instruction {
  * `FunctionAddress` instruction.
  */
 class FunctionInstruction extends Instruction {
-  Language::Declaration funcSymbol;
+  Language::Function funcSymbol;
 
   FunctionInstruction() { funcSymbol = Raw::getInstructionFunction(this) }
 
@@ -504,7 +504,7 @@ class FunctionInstruction extends Instruction {
   /**
    * Gets the function that this instruction references.
    */
-  final Language::Declaration getFunctionSymbol() { result = funcSymbol }
+  final Language::Function getFunctionSymbol() { result = funcSymbol }
 }
 
 /**
@@ -1678,7 +1678,7 @@ class CallInstruction extends Instruction {
   /**
    * Gets the `Function` that the call targets, if this is statically known.
    */
-  final Language::Declaration getStaticCallTarget() {
+  final Language::Function getStaticCallTarget() {
     result = this.getCallTarget().(FunctionAddressInstruction).getFunctionSymbol()
   }
 

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll

@@ -495,7 +495,7 @@ class FieldInstruction extends Instruction {
  * `FunctionAddress` instruction.
  */
 class FunctionInstruction extends Instruction {
-  Language::Declaration funcSymbol;
+  Language::Function funcSymbol;
 
   FunctionInstruction() { funcSymbol = Raw::getInstructionFunction(this) }
 
@@ -504,7 +504,7 @@ class FunctionInstruction extends Instruction {
   /**
    * Gets the function that this instruction references.
    */
-  final Language::Declaration getFunctionSymbol() { result = funcSymbol }
+  final Language::Function getFunctionSymbol() { result = funcSymbol }
 }
 
 /**
@@ -1678,7 +1678,7 @@ class CallInstruction extends Instruction {
   /**
    * Gets the `Function` that the call targets, if this is statically known.
    */
-  final Language::Declaration getStaticCallTarget() {
+  final Language::Function getStaticCallTarget() {
     result = this.getCallTarget().(FunctionAddressInstruction).getFunctionSymbol()
   }
 

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/IRConstruction.qll

@@ -15,7 +15,6 @@ private import TranslatedCall
 private import TranslatedStmt
 private import TranslatedFunction
 private import TranslatedGlobalVar
-private import TranslatedNonStaticDataMember
 private import TranslatedInitialization
 
 TranslatedElement getInstructionTranslatedElement(Instruction instruction) {
@@ -46,9 +45,6 @@ module Raw {
       or
       not var.isFromUninstantiatedTemplate(_) and
       var instanceof StaticInitializedStaticLocalVariable
-      or
-      not var.isFromUninstantiatedTemplate(_) and
-      var instanceof Field
     ) and
     var.hasInitializer() and
     (
@@ -68,8 +64,6 @@ module Raw {
     getTranslatedFunction(decl).hasUserVariable(var, type)
     or
     getTranslatedVarInit(decl).hasUserVariable(var, type)
-    or
-    getTranslatedFieldInit(decl).hasUserVariable(var, type)
   }
 
   cached
@@ -116,7 +110,7 @@ module Raw {
   }
 
   cached
-  Declaration getInstructionFunction(Instruction instruction) {
+  Function getInstructionFunction(Instruction instruction) {
     result =
       getInstructionTranslatedElement(instruction)
           .getInstructionFunction(getInstructionTag(instruction))

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/SideEffects.qll

@@ -130,31 +130,27 @@ private predicate hasDefaultSideEffect(Call call, ParameterIndex i, boolean buff
 }
 
 /**
- * An expression that can have call side effects.
+ * A `Call` or `NewOrNewArrayExpr` or `DeleteOrDeleteArrayExpr`.
  *
- * All kinds of expressions invoke a function as part of their evaluation. This class provides a
- * way to treat those expressions similarly, and to get the invoked `Declaration`.
+ * All kinds of expression invoke a function as part of their evaluation. This class provides a
+ * way to treat both kinds of function similarly, and to get the invoked `Function`.
  */
-class ExprWithCallSideEffects extends Expr {
-  ExprWithCallSideEffects() {
+class CallOrAllocationExpr extends Expr {
+  CallOrAllocationExpr() {
     this instanceof Call
     or
     this instanceof NewOrNewArrayExpr
     or
     this instanceof DeleteOrDeleteArrayExpr
-    or
-    this instanceof ConstructorDefaultFieldInit
   }
 
-  /** Gets the `Declaration` invoked by this expression, if known. */
-  final Declaration getTarget() {
+  /** Gets the `Function` invoked by this expression, if known. */
+  final Function getTarget() {
     result = this.(Call).getTarget()
     or
     result = this.(NewOrNewArrayExpr).getAllocator()
     or
     result = this.(DeleteOrDeleteArrayExpr).getDeallocator()
-    or
-    result = this.(ConstructorDefaultFieldInit).getTarget()
   }
 }
 
@@ -162,7 +158,7 @@ class ExprWithCallSideEffects extends Expr {
  * Returns the side effect opcode, if any, that represents any side effects not specifically modeled
  * by an argument side effect.
  */
-Opcode getCallSideEffectOpcode(ExprWithCallSideEffects expr) {
+Opcode getCallSideEffectOpcode(CallOrAllocationExpr expr) {
   not exists(expr.getTarget().(SideEffectFunction)) and result instanceof Opcode::CallSideEffect
   or
   exists(SideEffectFunction sideEffectFunction |
@@ -179,7 +175,7 @@ Opcode getCallSideEffectOpcode(ExprWithCallSideEffects expr) {
 /**
  * Returns a side effect opcode for parameter index `i` of the specified call.
  *
- * This predicate will yield at most two results: one read side effect, and one write side effect.
+ * This predicate will return at most two results: one read side effect, and one write side effect.
  */
 Opcode getASideEffectOpcode(Call call, ParameterIndex i) {
   exists(boolean buffer |
@@ -232,14 +228,3 @@ Opcode getASideEffectOpcode(Call call, ParameterIndex i) {
     )
   )
 }
-
-/**
- * Returns a side effect opcode for a default field initialization.
- *
- * This predicate will yield two results: one read side effect, and one write side effect.
- */
-Opcode getDefaultFieldInitSideEffectOpcode() {
-  result instanceof Opcode::IndirectReadSideEffect
-  or
-  result instanceof Opcode::IndirectMayWriteSideEffect
-}

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll

@@ -10,7 +10,6 @@ private import SideEffects
 private import TranslatedElement
 private import TranslatedExpr
 private import TranslatedFunction
-private import TranslatedInitialization
 private import DefaultOptions as DefaultOptions
 
 /**
@@ -349,7 +348,7 @@ class TranslatedExprCall extends TranslatedCallExpr {
 class TranslatedFunctionCall extends TranslatedCallExpr, TranslatedDirectCall {
   override FunctionCall expr;
 
-  override Declaration getInstructionFunction(InstructionTag tag) {
+  override Function getInstructionFunction(InstructionTag tag) {
     tag = CallTargetTag() and result = expr.getTarget()
   }
 
@@ -430,9 +429,6 @@ class TranslatedCallSideEffects extends TranslatedSideEffects, TTranslatedCallSi
     or
     expr instanceof DeleteOrDeleteArrayExpr and
     result = getTranslatedDeleteOrDeleteArray(expr).getInstruction(CallTag())
-    or
-    expr instanceof ConstructorDefaultFieldInit and
-    result = getTranslatedConstructorFieldInitialization(expr).getInstruction(CallTag())
   }
 }
 
@@ -508,25 +504,11 @@ abstract class TranslatedSideEffect extends TranslatedElement {
   abstract predicate sideEffectInstruction(Opcode opcode, CppType type);
 }
 
-private class CallOrDefaultFieldInit extends Expr {
-  CallOrDefaultFieldInit() {
-    this instanceof Call
-    or
-    this instanceof ConstructorDefaultFieldInit
-  }
-
-  Declaration getTarget() {
-    result = this.(Call).getTarget()
-    or
-    result = this.(ConstructorDefaultFieldInit).getTarget()
-  }
-}
-
 /**
  * The IR translation of a single argument side effect for a call.
  */
 abstract class TranslatedArgumentSideEffect extends TranslatedSideEffect {
-  CallOrDefaultFieldInit callOrInit;
+  Call call;
   int index;
   SideEffectOpcode sideEffectOpcode;
 
@@ -542,7 +524,7 @@ abstract class TranslatedArgumentSideEffect extends TranslatedSideEffect {
     result = "(read side effect for " + this.getArgString() + ")"
   }
 
-  override Expr getPrimaryExpr() { result = callOrInit }
+  override Call getPrimaryExpr() { result = call }
 
   override predicate sortOrder(int group, int indexInGroup) {
     indexInGroup = index and
@@ -604,10 +586,9 @@ abstract class TranslatedArgumentSideEffect extends TranslatedSideEffect {
     tag instanceof OnlyInstructionTag and
     operandTag instanceof BufferSizeOperandTag and
     result =
-      getTranslatedExpr(callOrInit
-            .(Call)
-            .getArgument(callOrInit.getTarget().(SideEffectFunction).getParameterSizeIndex(index))
-            .getFullyConverted()).getResult()
+      getTranslatedExpr(call.getArgument(call.getTarget()
+              .(SideEffectFunction)
+              .getParameterSizeIndex(index)).getFullyConverted()).getResult()
   }
 
   /** Holds if this side effect is a write side effect, rather than a read side effect. */
@@ -635,7 +616,7 @@ class TranslatedArgumentExprSideEffect extends TranslatedArgumentSideEffect,
   Expr arg;
 
   TranslatedArgumentExprSideEffect() {
-    this = TTranslatedArgumentExprSideEffect(callOrInit, arg, index, sideEffectOpcode)
+    this = TTranslatedArgumentExprSideEffect(call, arg, index, sideEffectOpcode)
   }
 
   final override Locatable getAst() { result = arg }
@@ -659,31 +640,28 @@ class TranslatedArgumentExprSideEffect extends TranslatedArgumentSideEffect,
  * The IR translation of an argument side effect for `*this` on a call, where there is no `Expr`
  * object that represents the `this` argument.
  *
- * This applies to constructor calls and default field initializations, as the AST has explicit
- * qualifier `Expr`s for all other calls to non-static member functions.
+ * The applies only to constructor calls, as the AST has exploit qualifier `Expr`s for all other
+ * calls to non-static member functions.
  */
-class TranslatedImplicitThisQualifierSideEffect extends TranslatedArgumentSideEffect,
-  TTranslatedImplicitThisQualifierSideEffect
+class TranslatedStructorQualifierSideEffect extends TranslatedArgumentSideEffect,
+  TTranslatedStructorQualifierSideEffect
 {
-  TranslatedImplicitThisQualifierSideEffect() {
-    this = TTranslatedImplicitThisQualifierSideEffect(callOrInit, sideEffectOpcode) and
+  TranslatedStructorQualifierSideEffect() {
+    this = TTranslatedStructorQualifierSideEffect(call, sideEffectOpcode) and
     index = -1
   }
 
-  final override Locatable getAst() { result = callOrInit }
+  final override Locatable getAst() { result = call }
 
-  final override Type getIndirectionType() { result = callOrInit.getTarget().getDeclaringType() }
+  final override Type getIndirectionType() { result = call.getTarget().getDeclaringType() }
 
   final override string getArgString() { result = "this" }
 
   final override Instruction getArgInstruction() {
     exists(TranslatedStructorCall structorCall |
-      structorCall.getExpr() = callOrInit and
+      structorCall.getExpr() = call and
       result = structorCall.getQualifierResult()
     )
-    or
-    callOrInit instanceof ConstructorDefaultFieldInit and
-    result = getTranslatedFunction(callOrInit.getEnclosingFunction()).getLoadThisInstruction()
   }
 }
 

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCondition.qll

@@ -36,8 +36,7 @@ abstract class TranslatedCondition extends TranslatedElement {
   final override Declaration getFunction() {
     result = getEnclosingFunction(expr) or
     result = getEnclosingVariable(expr).(GlobalOrNamespaceVariable) or
-    result = getEnclosingVariable(expr).(StaticInitializedStaticLocalVariable) or
-    result = getEnclosingVariable(expr).(Field)
+    result = getEnclosingVariable(expr).(StaticInitializedStaticLocalVariable)
   }
 
   final Type getResultType() { result = expr.getUnspecifiedType() }

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedDeclarationEntry.qll

@@ -34,11 +34,8 @@ abstract class TranslatedDeclarationEntry extends TranslatedElement, TTranslated
       or
       result = entry.getDeclaration().(GlobalOrNamespaceVariable)
       or
-      result = entry.getDeclaration().(Field)
-      or
       not entry.getDeclaration() instanceof StaticInitializedStaticLocalVariable and
       not entry.getDeclaration() instanceof GlobalOrNamespaceVariable and
-      not entry.getDeclaration() instanceof Field and
       result = stmt.getEnclosingFunction()
     )
   }

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedElement.qll

@@ -767,7 +767,7 @@ newtype TTranslatedElement =
       expr = initList.getFieldExpr(field, position).getFullyConverted()
     )
     or
-    exists(ConstructorDirectFieldInit init |
+    exists(ConstructorFieldInit init |
       not ignoreExpr(init) and
       ast = init and
       field = init.getTarget() and
@@ -775,14 +775,6 @@ newtype TTranslatedElement =
       position = -1
     )
   } or
-  // The initialization of a field via a default member initializer.
-  TTranslatedDefaultFieldInitialization(Expr ast, Field field) {
-    exists(ConstructorDefaultFieldInit init |
-      not ignoreExpr(init) and
-      ast = init and
-      field = init.getTarget()
-    )
-  } or
   // The value initialization of a field due to an omitted member of an
   // initializer list.
   TTranslatedFieldValueInitialization(Expr ast, Field field) {
@@ -879,7 +871,7 @@ newtype TTranslatedElement =
   // The declaration/initialization part of a `ConditionDeclExpr`
   TTranslatedConditionDecl(ConditionDeclExpr expr) { not ignoreExpr(expr) } or
   // The side effects of a `Call`
-  TTranslatedCallSideEffects(ExprWithCallSideEffects expr) {
+  TTranslatedCallSideEffects(CallOrAllocationExpr expr) {
     not ignoreExpr(expr) and
     not ignoreSideEffects(expr)
   } or
@@ -918,23 +910,15 @@ newtype TTranslatedElement =
   } or
   // Constructor calls lack a qualifier (`this`) expression, so we need to handle the side effects
   // on `*this` without an `Expr`.
-  TTranslatedImplicitThisQualifierSideEffect(ExprWithCallSideEffects call, SideEffectOpcode opcode) {
+  TTranslatedStructorQualifierSideEffect(Call call, SideEffectOpcode opcode) {
     not ignoreExpr(call) and
     not ignoreSideEffects(call) and
-    (
-      call instanceof ConstructorCall and
-      opcode = getASideEffectOpcode(call, -1)
-      or
-      call instanceof ConstructorFieldInit and
-      opcode = getDefaultFieldInitSideEffectOpcode()
-    )
+    call instanceof ConstructorCall and
+    opcode = getASideEffectOpcode(call, -1)
   } or
   // The side effect that initializes newly-allocated memory.
   TTranslatedAllocationSideEffect(AllocationExpr expr) { not ignoreSideEffects(expr) } or
-  TTranslatedStaticStorageDurationVarInit(Variable var) {
-    Raw::varHasIRFunc(var) and not var instanceof Field
-  } or
-  TTranslatedNonStaticDataMemberVarInit(Field var) { Raw::varHasIRFunc(var) } or
+  TTranslatedStaticStorageDurationVarInit(Variable var) { Raw::varHasIRFunc(var) } or
   TTranslatedAssertionOperand(MacroInvocation mi, int index) { hasAssertionOperand(mi, index) }
 
 /**
@@ -1195,7 +1179,7 @@ abstract class TranslatedElement extends TTranslatedElement {
    * If the instruction specified by `tag` is a `FunctionInstruction`, gets the
    * `Function` for that instruction.
    */
-  Declaration getInstructionFunction(InstructionTag tag) { none() }
+  Function getInstructionFunction(InstructionTag tag) { none() }
 
   /**
    * If the instruction specified by `tag` is a `VariableInstruction`, gets the
@@ -1313,7 +1297,5 @@ abstract class TranslatedRootElement extends TranslatedElement {
     this instanceof TTranslatedFunction
     or
     this instanceof TTranslatedStaticStorageDurationVarInit
-    or
-    this instanceof TTranslatedNonStaticDataMemberVarInit
   }
 }

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll

@@ -14,7 +14,6 @@ private import TranslatedFunction
 private import TranslatedInitialization
 private import TranslatedStmt
 private import TranslatedGlobalVar
-private import TranslatedNonStaticDataMember
 private import IRConstruction
 import TranslatedCall
 
@@ -139,8 +138,6 @@ abstract class TranslatedExpr extends TranslatedElement {
     result = getTranslatedFunction(getEnclosingFunction(expr))
     or
     result = getTranslatedVarInit(getEnclosingVariable(expr))
-    or
-    result = getTranslatedFieldInit(getEnclosingVariable(expr))
   }
 }
 
@@ -156,10 +153,7 @@ Declaration getEnclosingDeclaration0(Expr e) {
     i.getExpr().getFullyConverted() = e and
     v = i.getDeclaration()
   |
-    if
-      v instanceof StaticInitializedStaticLocalVariable or
-      v instanceof GlobalOrNamespaceVariable or
-      v instanceof Field
+    if v instanceof StaticInitializedStaticLocalVariable or v instanceof GlobalOrNamespaceVariable
     then result = v
     else result = e.getEnclosingDeclaration()
   )
@@ -179,10 +173,7 @@ Variable getEnclosingVariable0(Expr e) {
     i.getExpr().getFullyConverted() = e and
     v = i.getDeclaration()
   |
-    if
-      v instanceof StaticInitializedStaticLocalVariable or
-      v instanceof GlobalOrNamespaceVariable or
-      v instanceof Field
+    if v instanceof StaticInitializedStaticLocalVariable or v instanceof GlobalOrNamespaceVariable
     then result = v
     else result = e.getEnclosingVariable()
   )
@@ -835,46 +826,6 @@ class TranslatedPostfixCrementOperation extends TranslatedCrementOperation {
   override Instruction getResult() { result = this.getLoadedOperand().getResult() }
 }
 
-class TranslatedParamAccessForType extends TranslatedNonConstantExpr {
-  override ParamAccessForType expr;
-
-  TranslatedParamAccessForType() {
-    // Currently only needed for this parameter accesses.
-    expr.isThisAccess()
-  }
-
-  final override Instruction getFirstInstruction(EdgeKind kind) {
-    result = this.getInstruction(OnlyInstructionTag()) and
-    kind instanceof GotoEdge
-  }
-
-  override Instruction getALastInstructionInternal() {
-    result = this.getInstruction(OnlyInstructionTag())
-  }
-
-  final override TranslatedElement getChildInternal(int id) { none() }
-
-  override Instruction getInstructionSuccessorInternal(InstructionTag tag, EdgeKind kind) {
-    tag = OnlyInstructionTag() and
-    result = this.getParent().getChildSuccessor(this, kind)
-  }
-
-  override Instruction getResult() { result = this.getInstruction(OnlyInstructionTag()) }
-
-  override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
-    tag = OnlyInstructionTag() and
-    opcode instanceof Opcode::CopyValue and
-    resultType = getTypeForPRValue(expr.getType())
-  }
-
-  override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
-    tag = OnlyInstructionTag() and
-    operandTag instanceof UnaryOperandTag and
-    result =
-      this.getEnclosingFunction().(TranslatedNonStaticDataMemberVarInit).getLoadThisInstruction()
-  }
-}
-
 /**
  * IR translation of an array access expression (e.g. `a[i]`). The array being accessed will either
  * be a prvalue of pointer type (possibly due to an implicit array-to-pointer conversion), or a
@@ -1264,7 +1215,7 @@ class TranslatedFunctionAccess extends TranslatedNonConstantExpr {
     resultType = this.getResultType()
   }
 
-  override Declaration getInstructionFunction(InstructionTag tag) {
+  override Function getInstructionFunction(InstructionTag tag) {
     tag = OnlyInstructionTag() and
     result = expr.getTarget()
   }
@@ -2547,7 +2498,7 @@ class TranslatedAllocatorCall extends TTranslatedAllocatorCall, TranslatedDirect
     any()
   }
 
-  override Declaration getInstructionFunction(InstructionTag tag) {
+  override Function getInstructionFunction(InstructionTag tag) {
     tag = CallTargetTag() and result = expr.getAllocator()
   }
 
@@ -2630,7 +2581,7 @@ class TranslatedDeleteOrDeleteArrayExpr extends TranslatedNonConstantExpr, Trans
     result = this.getFirstArgumentOrCallInstruction(kind)
   }
 
-  override Declaration getInstructionFunction(InstructionTag tag) {
+  override Function getInstructionFunction(InstructionTag tag) {
     tag = CallTargetTag() and result = expr.getDeallocator()
   }
 

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedInitialization.qll

@@ -148,8 +148,7 @@ abstract class TranslatedInitialization extends TranslatedElement, TTranslatedIn
   final override Declaration getFunction() {
     result = getEnclosingFunction(expr) or
     result = getEnclosingVariable(expr).(GlobalOrNamespaceVariable) or
-    result = getEnclosingVariable(expr).(StaticInitializedStaticLocalVariable) or
-    result = getEnclosingVariable(expr).(Field)
+    result = getEnclosingVariable(expr).(StaticInitializedStaticLocalVariable)
   }
 
   final override Locatable getAst() { result = expr }
@@ -515,8 +514,8 @@ TranslatedFieldInitialization getTranslatedConstructorFieldInitialization(Constr
 }
 
 /**
- * The IR translation of the initialization of a field from an element of
- * an initializer list.
+ * Represents the IR translation of the initialization of a field from an
+ * element of an initializer list.
  */
 abstract class TranslatedFieldInitialization extends TranslatedElement {
   Expr ast;
@@ -529,11 +528,13 @@ abstract class TranslatedFieldInitialization extends TranslatedElement {
   final override Declaration getFunction() {
     result = getEnclosingFunction(ast) or
     result = getEnclosingVariable(ast).(GlobalOrNamespaceVariable) or
-    result = getEnclosingVariable(ast).(StaticInitializedStaticLocalVariable) or
-    result = getEnclosingVariable(ast).(Field)
+    result = getEnclosingVariable(ast).(StaticInitializedStaticLocalVariable)
   }
 
-  final Field getField() { result = field }
+  final override Instruction getFirstInstruction(EdgeKind kind) {
+    result = this.getInstruction(this.getFieldAddressTag()) and
+    kind instanceof GotoEdge
+  }
 
   /**
    * Gets the zero-based index describing the order in which this field is to be
@@ -541,20 +542,6 @@ abstract class TranslatedFieldInitialization extends TranslatedElement {
    */
   final int getOrder() { result = field.getInitializationOrder() }
 
-  /** Gets the position in the initializer list, or `-1` if the initialization is implicit. */
-  int getPosition() { result = -1 }
-}
-
-/**
- * The IR translation of the initialization of a field from an element of an initializer
- * list where default initialization is not used.
- */
-abstract class TranslatedNonDefaultFieldInitialization extends TranslatedFieldInitialization {
-  final override Instruction getFirstInstruction(EdgeKind kind) {
-    result = this.getInstruction(this.getFieldAddressTag()) and
-    kind instanceof GotoEdge
-  }
-
   override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
     tag = this.getFieldAddressTag() and
     opcode instanceof Opcode::FieldAddress and
@@ -572,13 +559,18 @@ abstract class TranslatedNonDefaultFieldInitialization extends TranslatedFieldIn
   }
 
   final InstructionTag getFieldAddressTag() { result = InitializerFieldAddressTag() }
+
+  final Field getField() { result = field }
+
+  /** Gets the position in the initializer list, or `-1` if the initialization is implicit. */
+  int getPosition() { result = -1 }
 }
 
 /**
- * The IR translation of the initialization of a field from an explicit element in
- * an initializer list.
+ * Represents the IR translation of the initialization of a field from an
+ * explicit element in an initializer list.
  */
-class TranslatedExplicitFieldInitialization extends TranslatedNonDefaultFieldInitialization,
+class TranslatedExplicitFieldInitialization extends TranslatedFieldInitialization,
   InitializationContext, TTranslatedExplicitFieldInitialization
 {
   Expr expr;
@@ -618,81 +610,15 @@ class TranslatedExplicitFieldInitialization extends TranslatedNonDefaultFieldIni
   override int getPosition() { result = position }
 }
 
-/**
- * The IR translation of the initialization of a field from an element of an initializer
- * list where default initialization is used.
- */
-class TranslatedDefaultFieldInitialization extends TranslatedFieldInitialization,
-  TTranslatedDefaultFieldInitialization
-{
-  TranslatedDefaultFieldInitialization() {
-    this = TTranslatedDefaultFieldInitialization(ast, field)
-  }
-
-  final override Instruction getFirstInstruction(EdgeKind kind) {
-    result = this.getInstruction(CallTargetTag()) and
-    kind instanceof GotoEdge
-  }
-
-  override Instruction getALastInstructionInternal() {
-    result = this.getSideEffects().getALastInstruction()
-  }
-
-  override TranslatedElement getLastChild() { result = this.getSideEffects() }
-
-  override Instruction getInstructionSuccessorInternal(InstructionTag tag, EdgeKind kind) {
-    tag = CallTargetTag() and
-    result = this.getInstruction(CallTag())
-    or
-    tag = CallTag() and
-    result = this.getSideEffects().getFirstInstruction(kind)
-  }
-
-  override Instruction getChildSuccessorInternal(TranslatedElement child, EdgeKind kind) {
-    child = this.getSideEffects() and
-    result = this.getParent().getChildSuccessor(this, kind)
-  }
-
-  override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
-    tag = CallTargetTag() and
-    opcode instanceof Opcode::FunctionAddress and
-    resultType = getFunctionGLValueType()
-    or
-    tag = CallTag() and
-    opcode instanceof Opcode::Call and
-    resultType = getVoidType()
-  }
-
-  override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
-    tag = CallTag() and
-    (
-      operandTag instanceof CallTargetOperandTag and
-      result = this.getInstruction(CallTargetTag())
-      or
-      operandTag instanceof ThisArgumentOperandTag and
-      result = getTranslatedFunction(this.getFunction()).getLoadThisInstruction()
-    )
-  }
-
-  override Declaration getInstructionFunction(InstructionTag tag) {
-    tag = CallTargetTag() and
-    result = field
-  }
-
-  override TranslatedElement getChild(int id) { id = 0 and result = this.getSideEffects() }
-
-  final TranslatedSideEffects getSideEffects() { result.getExpr() = ast }
-}
-
 private string getZeroValue(Type type) {
   if type instanceof FloatingPointType then result = "0.0" else result = "0"
 }
 
 /**
- * The IR translation of the initialization of a field without a corresponding
- * element in the initializer list.
+ * Represents the IR translation of the initialization of a field without a
+ * corresponding element in the initializer list.
  */
-class TranslatedFieldValueInitialization extends TranslatedNonDefaultFieldInitialization,
+class TranslatedFieldValueInitialization extends TranslatedFieldInitialization,
   TTranslatedFieldValueInitialization
 {
   TranslatedFieldValueInitialization() { this = TTranslatedFieldValueInitialization(ast, field) }
@@ -702,7 +628,7 @@ class TranslatedFieldValueInitialization extends TranslatedNonDefaultFieldInitia
   }
 
   override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
-    TranslatedNonDefaultFieldInitialization.super.hasInstruction(opcode, tag, resultType)
+    TranslatedFieldInitialization.super.hasInstruction(opcode, tag, resultType)
     or
     tag = this.getFieldDefaultValueTag() and
     opcode instanceof Opcode::Constant and
@@ -733,8 +659,7 @@ class TranslatedFieldValueInitialization extends TranslatedNonDefaultFieldInitia
   }
 
   override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
-    result =
-      TranslatedNonDefaultFieldInitialization.super.getInstructionRegisterOperand(tag, operandTag)
+    result = TranslatedFieldInitialization.super.getInstructionRegisterOperand(tag, operandTag)
     or
     tag = this.getFieldDefaultValueStoreTag() and
     (
@@ -758,8 +683,8 @@ class TranslatedFieldValueInitialization extends TranslatedNonDefaultFieldInitia
 }
 
 /**
- * The IR translation of the initialization of an array element from an element
- * of an initializer list.
+ * Represents the IR translation of the initialization of an array element from
+ * an element of an initializer list.
  */
 abstract class TranslatedElementInitialization extends TranslatedElement {
   ArrayOrVectorAggregateLiteral initList;
@@ -776,8 +701,6 @@ abstract class TranslatedElementInitialization extends TranslatedElement {
     result = getEnclosingVariable(initList).(GlobalOrNamespaceVariable)
     or
     result = getEnclosingVariable(initList).(StaticInitializedStaticLocalVariable)
-    or
-    result = getEnclosingVariable(initList).(Field)
   }
 
   final override Instruction getFirstInstruction(EdgeKind kind) {
@@ -836,8 +759,8 @@ abstract class TranslatedElementInitialization extends TranslatedElement {
 }
 
 /**
- * The IR translation of the initialization of an array element from an explicit
- * element in an initializer list.
+ * Represents the IR translation of the initialization of an array element from
+ * an explicit element in an initializer list.
  */
 class TranslatedExplicitElementInitialization extends TranslatedElementInitialization,
   TTranslatedExplicitElementInitialization, InitializationContext
@@ -885,8 +808,8 @@ class TranslatedExplicitElementInitialization extends TranslatedElementInitializ
 }
 
 /**
- * The IR translation of the initialization of a range of array elements without
- * corresponding elements in the initializer list.
+ * Represents the IR translation of the initialization of a range of array
+ * elements without corresponding elements in the initializer list.
  */
 class TranslatedElementValueInitialization extends TranslatedElementInitialization,
   TTranslatedElementValueInitialization

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedNonStaticDataMember.qll

@@ -1,217 +0,0 @@
-import semmle.code.cpp.ir.implementation.raw.internal.TranslatedElement
-private import TranslatedExpr
-private import cpp
-private import semmle.code.cpp.ir.implementation.internal.OperandTag
-private import semmle.code.cpp.ir.internal.TempVariableTag
-private import semmle.code.cpp.ir.internal.CppType
-private import TranslatedInitialization
-private import InstructionTag
-private import semmle.code.cpp.ir.internal.IRUtilities
-
-class TranslatedNonStaticDataMemberVarInit extends TranslatedRootElement,
-  TTranslatedNonStaticDataMemberVarInit, InitializationContext
-{
-  Field field;
-  Class cls;
-
-  TranslatedNonStaticDataMemberVarInit() {
-    this = TTranslatedNonStaticDataMemberVarInit(field) and
-    cls.getAMember() = field
-  }
-
-  override string toString() { result = cls.toString() + "::" + field.toString() }
-
-  final override Field getAst() { result = field }
-
-  final override Declaration getFunction() { result = field }
-
-  override Instruction getFirstInstruction(EdgeKind kind) {
-    result = this.getInstruction(EnterFunctionTag()) and
-    kind instanceof GotoEdge
-  }
-
-  override Instruction getALastInstructionInternal() {
-    result = this.getInstruction(ExitFunctionTag())
-  }
-
-  override TranslatedElement getChild(int n) {
-    n = 1 and
-    result = getTranslatedInitialization(field.getInitializer().getExpr().getFullyConverted())
-  }
-
-  override predicate hasInstruction(Opcode op, InstructionTag tag, CppType type) {
-    op instanceof Opcode::EnterFunction and
-    tag = EnterFunctionTag() and
-    type = getVoidType()
-    or
-    op instanceof Opcode::AliasedDefinition and
-    tag = AliasedDefinitionTag() and
-    type = getUnknownType()
-    or
-    op instanceof Opcode::InitializeNonLocal and
-    tag = InitializeNonLocalTag() and
-    type = getUnknownType()
-    or
-    tag = ThisAddressTag() and
-    op instanceof Opcode::VariableAddress and
-    type = getTypeForGLValue(any(UnknownType t))
-    or
-    tag = InitializerStoreTag() and
-    op instanceof Opcode::InitializeParameter and
-    type = this.getThisType()
-    or
-    tag = ThisLoadTag() and
-    op instanceof Opcode::Load and
-    type = this.getThisType()
-    or
-    tag = InitializerIndirectStoreTag() and
-    op instanceof Opcode::InitializeIndirection and
-    type = getTypeForPRValue(cls)
-    or
-    op instanceof Opcode::FieldAddress and
-    tag = InitializerFieldAddressTag() and
-    type = getTypeForGLValue(field.getType())
-    or
-    op instanceof Opcode::ReturnVoid and
-    tag = ReturnTag() and
-    type = getVoidType()
-    or
-    op instanceof Opcode::AliasedUse and
-    tag = AliasedUseTag() and
-    type = getVoidType()
-    or
-    op instanceof Opcode::ExitFunction and
-    tag = ExitFunctionTag() and
-    type = getVoidType()
-  }
-
-  override Instruction getInstructionSuccessorInternal(InstructionTag tag, EdgeKind kind) {
-    kind instanceof GotoEdge and
-    (
-      tag = EnterFunctionTag() and
-      result = this.getInstruction(AliasedDefinitionTag())
-      or
-      tag = AliasedDefinitionTag() and
-      result = this.getInstruction(InitializeNonLocalTag())
-      or
-      tag = InitializeNonLocalTag() and
-      result = this.getInstruction(ThisAddressTag())
-      or
-      tag = ThisAddressTag() and
-      result = this.getInstruction(InitializerStoreTag())
-      or
-      tag = InitializerStoreTag() and
-      result = this.getInstruction(ThisLoadTag())
-      or
-      tag = ThisLoadTag() and
-      result = this.getInstruction(InitializerIndirectStoreTag())
-      or
-      tag = InitializerIndirectStoreTag() and
-      result = this.getInstruction(InitializerFieldAddressTag())
-    )
-    or
-    tag = InitializerFieldAddressTag() and
-    result = this.getChild(1).getFirstInstruction(kind)
-    or
-    kind instanceof GotoEdge and
-    (
-      tag = ReturnTag() and
-      result = this.getInstruction(AliasedUseTag())
-      or
-      tag = AliasedUseTag() and
-      result = this.getInstruction(ExitFunctionTag())
-    )
-  }
-
-  override Instruction getChildSuccessorInternal(TranslatedElement child, EdgeKind kind) {
-    child = this.getChild(1) and
-    result = this.getInstruction(ReturnTag()) and
-    kind instanceof GotoEdge
-  }
-
-  final override CppType getInstructionMemoryOperandType(
-    InstructionTag tag, TypedOperandTag operandTag
-  ) {
-    tag = AliasedUseTag() and
-    operandTag instanceof SideEffectOperandTag and
-    result = getUnknownType()
-  }
-
-  override IRVariable getInstructionVariable(InstructionTag tag) {
-    (
-      tag = ThisAddressTag() or
-      tag = InitializerStoreTag() or
-      tag = InitializerIndirectStoreTag()
-    ) and
-    result = getIRTempVariable(field, ThisTempVar())
-  }
-
-  override Field getInstructionField(InstructionTag tag) {
-    tag = InitializerFieldAddressTag() and
-    result = field
-  }
-
-  override predicate hasTempVariable(TempVariableTag tag, CppType type) {
-    tag = ThisTempVar() and
-    type = this.getThisType()
-  }
-
-  /**
-   * Holds if this variable defines or accesses variable `var` with type `type`. This includes all
-   * parameters and local variables, plus any global variables or static data members that are
-   * directly accessed by the function.
-   */
-  final predicate hasUserVariable(Variable varUsed, CppType type) {
-    (
-      (
-        varUsed instanceof GlobalOrNamespaceVariable
-        or
-        varUsed instanceof StaticLocalVariable
-        or
-        varUsed instanceof MemberVariable and not varUsed instanceof Field
-      ) and
-      exists(VariableAccess access |
-        access.getTarget() = varUsed and
-        getEnclosingVariable(access) = field
-      )
-      or
-      field = varUsed
-      or
-      varUsed.(LocalScopeVariable).getEnclosingElement*() = field
-      or
-      varUsed.(Parameter).getCatchBlock().getEnclosingElement*() = field
-    ) and
-    type = getTypeForPRValue(getVariableType(varUsed))
-  }
-
-  override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
-    (
-      tag = InitializerStoreTag()
-      or
-      tag = ThisLoadTag()
-    ) and
-    operandTag instanceof AddressOperandTag and
-    result = this.getInstruction(ThisAddressTag())
-    or
-    (
-      tag = InitializerIndirectStoreTag() and
-      operandTag instanceof AddressOperandTag
-      or
-      tag = InitializerFieldAddressTag() and
-      operandTag instanceof UnaryOperandTag
-    ) and
-    result = this.getInstruction(ThisLoadTag())
-  }
-
-  override Instruction getTargetAddress() {
-    result = this.getInstruction(InitializerFieldAddressTag())
-  }
-
-  override Type getTargetType() { result = field.getUnspecifiedType() }
-
-  final Instruction getLoadThisInstruction() { result = this.getInstruction(ThisLoadTag()) }
-
-  private CppType getThisType() { result = getTypeForGLValue(cls) }
-}
-
-TranslatedNonStaticDataMemberVarInit getTranslatedFieldInit(Field field) { result.getAst() = field }

cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll

@@ -495,7 +495,7 @@ class FieldInstruction extends Instruction {
  * `FunctionAddress` instruction.
  */
 class FunctionInstruction extends Instruction {
-  Language::Declaration funcSymbol;
+  Language::Function funcSymbol;
 
   FunctionInstruction() { funcSymbol = Raw::getInstructionFunction(this) }
 
@@ -504,7 +504,7 @@ class FunctionInstruction extends Instruction {
   /**
    * Gets the function that this instruction references.
    */
-  final Language::Declaration getFunctionSymbol() { result = funcSymbol }
+  final Language::Function getFunctionSymbol() { result = funcSymbol }
 }
 
 /**
@@ -1678,7 +1678,7 @@ class CallInstruction extends Instruction {
   /**
    * Gets the `Function` that the call targets, if this is statically known.
    */
-  final Language::Declaration getStaticCallTarget() {
+  final Language::Function getStaticCallTarget() {
     result = this.getCallTarget().(FunctionAddressInstruction).getFunctionSymbol()
   }
 

cpp/ql/lib/semmle/code/cpp/models/Models.qll

@@ -48,6 +48,7 @@ private import implementations.SqLite3
 private import implementations.PostgreSql
 private import implementations.System
 private import implementations.StructuredExceptionHandling
+private import implementations.ZMQ
 private import implementations.Win32CommandExecution
 private import implementations.CA2AEX
 private import implementations.CComBSTR
@@ -57,4 +58,3 @@ private import implementations.CAtlFileMapping
 private import implementations.CAtlTemporaryFile
 private import implementations.CRegKey
 private import implementations.WinHttp
-private import implementations.Http

cpp/ql/lib/semmle/code/cpp/models/implementations/Gets.qll

@@ -112,3 +112,21 @@ private class GetsFunction extends DataFlowFunction, ArrayFunction, AliasFunctio
 
   override predicate hasArrayOutput(int bufParam) { bufParam = 0 }
 }
+
+/**
+ * A model for `getc` and similar functions that are flow sources.
+ */
+private class GetcSource extends SourceModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        ";;false;getc;;;ReturnValue;remote", ";;false;getwc;;;ReturnValue;remote",
+        ";;false;_getc_nolock;;;ReturnValue;remote", ";;false;_getwc_nolock;;;ReturnValue;remote",
+        ";;false;getch;;;ReturnValue;local", ";;false;_getch;;;ReturnValue;local",
+        ";;false;_getwch;;;ReturnValue;local", ";;false;_getch_nolock;;;ReturnValue;local",
+        ";;false;_getwch_nolock;;;ReturnValue;local", ";;false;getchar;;;ReturnValue;local",
+        ";;false;getwchar;;;ReturnValue;local", ";;false;_getchar_nolock;;;ReturnValue;local",
+        ";;false;_getwchar_nolock;;;ReturnValue;local",
+      ]
+  }
+}

cpp/ql/lib/semmle/code/cpp/models/implementations/Http.qll

@@ -1,193 +0,0 @@
-private import cpp
-private import semmle.code.cpp.ir.dataflow.FlowSteps
-private import semmle.code.cpp.dataflow.new.DataFlow
-
-private class HttpRequest extends Class {
-  HttpRequest() { this.hasGlobalName("_HTTP_REQUEST_V1") }
-}
-
-private class HttpRequestInheritingContent extends TaintInheritingContent, DataFlow::FieldContent {
-  HttpRequestInheritingContent() {
-    this.getAField().getDeclaringType() instanceof HttpRequest and
-    (
-      this.getAField().hasName("pRawUrl") and
-      this.getIndirectionIndex() = 2
-      or
-      this.getAField().hasName("CookedUrl") and
-      this.getIndirectionIndex() = 1
-      or
-      this.getAField().hasName("Headers") and
-      this.getIndirectionIndex() = 1
-      or
-      this.getAField().hasName("pEntityChunks") and
-      this.getIndirectionIndex() = 2
-      or
-      this.getAField().hasName("pSslInfo") and
-      this.getIndirectionIndex() = 2
-    )
-  }
-}
-
-private class HttpCookedUrl extends Class {
-  HttpCookedUrl() { this.hasGlobalName("_HTTP_COOKED_URL") }
-}
-
-private class HttpCookedUrlInheritingContent extends TaintInheritingContent, DataFlow::FieldContent {
-  HttpCookedUrlInheritingContent() {
-    this.getAField().getDeclaringType() instanceof HttpCookedUrl and
-    this.getAField().hasName(["pFullUrl", "pHost", "pAbsPath", "pQueryString"]) and
-    this.getIndirectionIndex() = 2
-  }
-}
-
-private class HttpRequestHeaders extends Class {
-  HttpRequestHeaders() { this.hasGlobalName("_HTTP_REQUEST_HEADERS") }
-}
-
-private class HttpRequestHeadersInheritingContent extends TaintInheritingContent,
-  DataFlow::FieldContent
-{
-  HttpRequestHeadersInheritingContent() {
-    this.getAField().getDeclaringType() instanceof HttpRequestHeaders and
-    (
-      this.getAField().hasName("KnownHeaders") and
-      this.getIndirectionIndex() = 1
-      or
-      this.getAField().hasName("pUnknownHeaders") and
-      this.getIndirectionIndex() = 2
-    )
-  }
-}
-
-private class HttpKnownHeader extends Class {
-  HttpKnownHeader() { this.hasGlobalName("_HTTP_KNOWN_HEADER") }
-}
-
-private class HttpKnownHeaderInheritingContent extends TaintInheritingContent,
-  DataFlow::FieldContent
-{
-  HttpKnownHeaderInheritingContent() {
-    this.getAField().getDeclaringType() instanceof HttpKnownHeader and
-    this.getAField().hasName("pRawValue") and
-    this.getIndirectionIndex() = 2
-  }
-}
-
-private class HttpUnknownHeader extends Class {
-  HttpUnknownHeader() { this.hasGlobalName("_HTTP_UNKNOWN_HEADER") }
-}
-
-private class HttpUnknownHeaderInheritingContent extends TaintInheritingContent,
-  DataFlow::FieldContent
-{
-  HttpUnknownHeaderInheritingContent() {
-    this.getAField().getDeclaringType() instanceof HttpUnknownHeader and
-    this.getAField().hasName(["pName", "pRawValue"]) and
-    this.getIndirectionIndex() = 2
-  }
-}
-
-private class HttpDataChunk extends Class {
-  HttpDataChunk() { this.hasGlobalName("_HTTP_DATA_CHUNK") }
-}
-
-private class HttpDataChunkInheritingContent extends TaintInheritingContent, DataFlow::FieldContent {
-  HttpDataChunkInheritingContent() {
-    this.getAField().getDeclaringType().(Union).getDeclaringType() instanceof HttpDataChunk and
-    (
-      this.getAField().hasName("FromMemory") and
-      this.getIndirectionIndex() = 1
-      or
-      this.getAField().hasName("FromFileHandle") and
-      this.getIndirectionIndex() = 1
-      or
-      this.getAField().hasName("FromFragmentCache") and
-      this.getIndirectionIndex() = 1
-      or
-      this.getAField().hasName("FromFragmentCacheEx") and
-      this.getIndirectionIndex() = 1
-      or
-      this.getAField().hasName("Trailers") and
-      this.getIndirectionIndex() = 1
-    )
-  }
-}
-
-private class FromMemory extends Class {
-  FromMemory() {
-    this.getDeclaringType().(Union).getDeclaringType() instanceof HttpDataChunk and
-    this.getAField().hasName("pBuffer")
-  }
-}
-
-private class FromMemoryInheritingContent extends TaintInheritingContent, DataFlow::FieldContent {
-  FromMemoryInheritingContent() {
-    this.getAField().getDeclaringType() instanceof FromMemory and
-    this.getAField().hasName("pBuffer") and
-    this.getIndirectionIndex() = 2
-  }
-}
-
-private class FromFileHandle extends Class {
-  FromFileHandle() {
-    this.getDeclaringType().(Union).getDeclaringType() instanceof HttpDataChunk and
-    this.getAField().hasName("FileHandle")
-  }
-}
-
-private class FromFileHandleInheritingContent extends TaintInheritingContent, DataFlow::FieldContent
-{
-  FromFileHandleInheritingContent() {
-    this.getAField().getDeclaringType() instanceof FromFileHandle and
-    this.getIndirectionIndex() = 1 and
-    this.getAField().hasName("FileHandle")
-  }
-}
-
-private class FromFragmentCacheOrCacheEx extends Class {
-  FromFragmentCacheOrCacheEx() {
-    this.getDeclaringType().(Union).getDeclaringType() instanceof HttpDataChunk and
-    this.getAField().hasName("pFragmentName")
-  }
-}
-
-private class FromFragmentCacheInheritingContent extends TaintInheritingContent,
-  DataFlow::FieldContent
-{
-  FromFragmentCacheInheritingContent() {
-    this.getAField().getDeclaringType() instanceof FromFragmentCacheOrCacheEx and
-    this.getIndirectionIndex() = 2 and
-    this.getAField().hasName("pFragmentName")
-  }
-}
-
-private class HttpSslInfo extends Class {
-  HttpSslInfo() { this.hasGlobalName("_HTTP_SSL_INFO") }
-}
-
-private class HttpSslInfoInheritingContent extends TaintInheritingContent, DataFlow::FieldContent {
-  HttpSslInfoInheritingContent() {
-    this.getAField().getDeclaringType() instanceof HttpSslInfo and
-    this.getAField().hasName(["pServerCertIssuer", "pServerCertSubject", "pClientCertInfo"]) and
-    this.getIndirectionIndex() = 2
-  }
-}
-
-private class HttpSslClientCertInfo extends Class {
-  HttpSslClientCertInfo() { this.hasGlobalName("_HTTP_SSL_CLIENT_CERT_INFO") }
-}
-
-private class HttpSslClientCertInfoInheritingContent extends TaintInheritingContent,
-  DataFlow::FieldContent
-{
-  HttpSslClientCertInfoInheritingContent() {
-    this.getAField().getDeclaringType() instanceof HttpSslClientCertInfo and
-    (
-      this.getAField().hasName("pCertEncoded") and
-      this.getIndirectionIndex() = 2
-      or
-      this.getAField().hasName("Token") and
-      this.getIndirectionIndex() = 1
-    )
-  }
-}

cpp/ql/lib/semmle/code/cpp/models/implementations/ZMQ.qll

@@ -0,0 +1,45 @@
+/**
+ * Provides implementation classes modeling the ZeroMQ networking library.
+ */
+
+import semmle.code.cpp.models.interfaces.FlowSource
+
+/**
+ * Remote flow sources.
+ */
+private class ZmqSource extends SourceModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        ";;false;zmq_recv;;;Argument[*1];remote", ";;false;zmq_recvmsg;;;Argument[*1];remote",
+        ";;false;zmq_msg_recv;;;Argument[*0];remote",
+      ]
+  }
+}
+
+/**
+ * Remote flow sinks.
+ */
+private class ZmqSinks extends SinkModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        ";;false;zmq_send;;;Argument[*1];remote-sink",
+        ";;false;zmq_sendmsg;;;Argument[*1];remote-sink",
+        ";;false;zmq_msg_send;;;Argument[*0];remote-sink",
+      ]
+  }
+}
+
+/**
+ * Flow steps.
+ */
+private class ZmqSummaries extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        ";;false;zmq_msg_init_data;;;Argument[*1];Argument[*0];taint",
+        ";;false;zmq_msg_data;;;Argument[*0];ReturnValue[*];taint",
+      ]
+  }
+}

cpp/ql/src/CHANGELOG.md

@@ -1,11 +1,3 @@
-## 1.5.15
-
-No user-facing changes.
-
-## 1.5.14
-
-No user-facing changes.
-
 ## 1.5.13
 
 No user-facing changes.

cpp/ql/src/Diagnostics/ExtractionProblems.qll

@@ -50,7 +50,7 @@ private newtype TExtractionProblem =
 /**
  * Superclass for the extraction problem hierarchy.
  */
-abstract class ExtractionProblem extends TExtractionProblem {
+class ExtractionProblem extends TExtractionProblem {
   /** Gets the string representation of the problem. */
   string toString() { none() }
 
@@ -65,9 +65,6 @@ abstract class ExtractionProblem extends TExtractionProblem {
 
   /** Gets the SARIF severity of this problem. */
   int getSeverity() { none() }
-
-  /** Gets the `Compilation` the problem is associated with. */
-  abstract Compilation getCompilation();
 }
 
 /**
@@ -99,8 +96,6 @@ class ExtractionUnrecoverableError extends ExtractionProblem, TCompilationFailed
     // [errors](https://docs.oasis-open.org/sarif/sarif/v2.1.0/csprd01/sarif-v2.1.0-csprd01.html#_Toc10541338).
     result = 2
   }
-
-  override Compilation getCompilation() { result = c }
 }
 
 /**
@@ -127,8 +122,6 @@ class ExtractionRecoverableWarning extends ExtractionProblem, TReportableWarning
     // [warnings](https://docs.oasis-open.org/sarif/sarif/v2.1.0/csprd01/sarif-v2.1.0-csprd01.html#_Toc10541338).
     result = 1
   }
-
-  override Compilation getCompilation() { result = err.getCompilation() }
 }
 
 /**
@@ -155,6 +148,4 @@ class ExtractionUnknownProblem extends ExtractionProblem, TUnknownProblem {
     // [warnings](https://docs.oasis-open.org/sarif/sarif/v2.1.0/csprd01/sarif-v2.1.0-csprd01.html#_Toc10541338).
     result = 1
   }
-
-  override Compilation getCompilation() { result = err.getCompilation() }
 }

cpp/ql/src/Diagnostics/ExtractionWarnings.ql

@@ -10,9 +10,7 @@ import ExtractionProblems
 
 from ExtractionProblem warning
 where
-  warning instanceof ExtractionRecoverableWarning and
-  exists(warning.getFile().getRelativePath()) and
-  not warning.getCompilation().buildModeNone()
+  warning instanceof ExtractionRecoverableWarning and exists(warning.getFile().getRelativePath())
   or
   warning instanceof ExtractionUnknownProblem
 select warning,

cpp/ql/src/Telemetry/DatabaseQuality.qll

@@ -1,48 +0,0 @@
-import cpp
-import codeql.util.ReportStats
-
-/** A file that is included in the quality statistics. */
-private class RelevantFile extends File {
-  RelevantFile() { this.fromSource() and exists(this.getRelativePath()) }
-}
-
-module CallTargetStats implements StatsSig {
-  private class RelevantCall extends Call {
-    RelevantCall() { this.getFile() instanceof RelevantFile }
-  }
-
-  // We assume that calls with an implicit target are calls that could not be
-  // resolved. This is accurate in the vast majority of cases, but is inaccurate
-  // for calls that deliberately rely on implicitly declared functions.
-  private predicate hasImplicitTarget(RelevantCall call) {
-    call.getTarget().getADeclarationEntry().isImplicit()
-  }
-
-  int getNumberOfOk() { result = count(RelevantCall call | not hasImplicitTarget(call)) }
-
-  int getNumberOfNotOk() { result = count(RelevantCall call | hasImplicitTarget(call)) }
-
-  string getOkText() { result = "calls with call target" }
-
-  string getNotOkText() { result = "calls with missing call target" }
-}
-
-private class SourceExpr extends Expr {
-  SourceExpr() { this.getFile() instanceof RelevantFile }
-}
-
-private predicate hasGoodType(Expr e) { not e.getType() instanceof ErroneousType }
-
-module ExprTypeStats implements StatsSig {
-  int getNumberOfOk() { result = count(SourceExpr e | hasGoodType(e)) }
-
-  int getNumberOfNotOk() { result = count(SourceExpr e | not hasGoodType(e)) }
-
-  string getOkText() { result = "expressions with known type" }
-
-  string getNotOkText() { result = "expressions with unknown type" }
-}
-
-module CallTargetStatsReport = ReportStats<CallTargetStats>;
-
-module ExprTypeStatsReport = ReportStats<ExprTypeStats>;

cpp/ql/src/Telemetry/ExtractorInformation.ql

@@ -1,28 +0,0 @@
-/**
- * @name C/C++ extraction information
- * @description Information about the extraction for a C/C++ database
- * @kind metric
- * @tags summary telemetry
- * @id cpp/telemetry/extraction-information
- */
-
-import cpp
-import DatabaseQuality
-
-from string key, float value
-where
-  (
-    CallTargetStatsReport::numberOfOk(key, value) or
-    CallTargetStatsReport::numberOfNotOk(key, value) or
-    CallTargetStatsReport::percentageOfOk(key, value) or
-    ExprTypeStatsReport::numberOfOk(key, value) or
-    ExprTypeStatsReport::numberOfNotOk(key, value) or
-    ExprTypeStatsReport::percentageOfOk(key, value)
-  ) and
-  /* Infinity */
-  value != 1.0 / 0.0 and
-  /* -Infinity */
-  value != -1.0 / 0.0 and
-  /* NaN */
-  value != 0.0 / 0.0
-select key, value

cpp/ql/src/change-notes/2026-03-30-warning-diagnostics.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* The "Extraction warnings" (`cpp/diagnostics/extraction-warnings`) diagnostics query no longer yields `ExtractionRecoverableWarning`s for `build-mode: none` databases. The results were found to significantly increase the sizes of the produced SARIF files, making them unprocessable in some cases.

cpp/ql/src/change-notes/released/1.5.14.md

@@ -1,3 +0,0 @@
-## 1.5.14
-
-No user-facing changes.

cpp/ql/src/change-notes/released/1.5.15.md

@@ -1,3 +0,0 @@
-## 1.5.15
-
-No user-facing changes.

cpp/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.5.15
+lastReleaseVersion: 1.5.13

cpp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 1.5.16-dev
+version: 1.5.14-dev
 groups:
   - cpp
   - queries

cpp/ql/test/library-tests/ctorinits/ctors.expected

@@ -1,17 +1,17 @@
-| ctorinits.cpp:5:3:5:10 | NoisyInt | 0 | ConstructorDirectFieldInit | ctorinits.cpp:5:29:5:42 | constructor init of field m_value | 1 | 0 |
-| ctorinits.cpp:13:3:13:11 | NoisyPair | 0 | ConstructorDirectFieldInit | ctorinits.cpp:14:7:14:16 | constructor init of field m_fst | 1 | 0 |
-| ctorinits.cpp:13:3:13:11 | NoisyPair | 1 | ConstructorDirectFieldInit | ctorinits.cpp:15:7:15:16 | constructor init of field m_snd | 1 | 0 |
+| ctorinits.cpp:5:3:5:10 | NoisyInt | 0 | ConstructorFieldInit | ctorinits.cpp:5:29:5:42 | constructor init of field m_value | 1 | 0 |
+| ctorinits.cpp:13:3:13:11 | NoisyPair | 0 | ConstructorFieldInit | ctorinits.cpp:14:7:14:16 | constructor init of field m_fst | 1 | 0 |
+| ctorinits.cpp:13:3:13:11 | NoisyPair | 1 | ConstructorFieldInit | ctorinits.cpp:15:7:15:16 | constructor init of field m_snd | 1 | 0 |
 | ctorinits.cpp:16:3:16:11 | NoisyPair | 0 | ConstructorDelegationInit | ctorinits.cpp:16:17:16:31 | call to NoisyPair | 2 | 2 |
 | ctorinits.cpp:21:8:21:8 | NoisyTriple | 0 | ConstructorDirectInit | ctorinits.cpp:21:8:21:8 | call to NoisyPair | 0 | 0 |
-| ctorinits.cpp:21:8:21:8 | NoisyTriple | 1 | ConstructorDirectFieldInit | ctorinits.cpp:21:8:21:8 | constructor init of field m_third | 1 | 0 |
-| ctorinits.cpp:28:2:28:9 | ArrayInt | 0 | ConstructorDirectFieldInit | ctorinits.cpp:28:13:28:13 | constructor init of field m_array | 1 | 0 |
-| ctorinits.cpp:42:2:42:16 | ArrayMemberInit | 0 | ConstructorDirectFieldInit | ctorinits.cpp:42:22:42:32 | constructor init of field xs | 1 | 4 |
+| ctorinits.cpp:21:8:21:8 | NoisyTriple | 1 | ConstructorFieldInit | ctorinits.cpp:21:8:21:8 | constructor init of field m_third | 1 | 0 |
+| ctorinits.cpp:28:2:28:9 | ArrayInt | 0 | ConstructorFieldInit | ctorinits.cpp:28:13:28:13 | constructor init of field m_array | 1 | 0 |
+| ctorinits.cpp:42:2:42:16 | ArrayMemberInit | 0 | ConstructorFieldInit | ctorinits.cpp:42:22:42:32 | constructor init of field xs | 1 | 4 |
 | ctorinits.cpp:65:3:65:15 | MultipleBases | 0 | ConstructorDirectInit | ctorinits.cpp:69:5:69:8 | call to A | 1 | 1 |
 | ctorinits.cpp:65:3:65:15 | MultipleBases | 1 | ConstructorDirectInit | ctorinits.cpp:67:5:67:8 | call to B | 1 | 1 |
 | ctorinits.cpp:65:3:65:15 | MultipleBases | 2 | ConstructorDirectInit | ctorinits.cpp:70:5:70:8 | call to C | 1 | 1 |
-| ctorinits.cpp:65:3:65:15 | MultipleBases | 3 | ConstructorDirectFieldInit | ctorinits.cpp:68:5:68:8 | constructor init of field x | 1 | 1 |
-| ctorinits.cpp:65:3:65:15 | MultipleBases | 4 | ConstructorDirectFieldInit | ctorinits.cpp:71:5:71:8 | constructor init of field y | 1 | 1 |
-| ctorinits.cpp:65:3:65:15 | MultipleBases | 5 | ConstructorDirectFieldInit | ctorinits.cpp:66:5:66:8 | constructor init of field z | 1 | 1 |
+| ctorinits.cpp:65:3:65:15 | MultipleBases | 3 | ConstructorFieldInit | ctorinits.cpp:68:5:68:8 | constructor init of field x | 1 | 1 |
+| ctorinits.cpp:65:3:65:15 | MultipleBases | 4 | ConstructorFieldInit | ctorinits.cpp:71:5:71:8 | constructor init of field y | 1 | 1 |
+| ctorinits.cpp:65:3:65:15 | MultipleBases | 5 | ConstructorFieldInit | ctorinits.cpp:66:5:66:8 | constructor init of field z | 1 | 1 |
 | ctorinits.cpp:81:8:81:8 | VD | 0 | ConstructorVirtualInit | ctorinits.cpp:81:8:81:8 | call to VB | 0 | 0 |
 | ctorinits.cpp:85:3:85:22 | VirtualAndNonVirtual | 0 | ConstructorVirtualInit | ctorinits.cpp:85:26:85:26 | call to VB | 0 | 0 |
 | ctorinits.cpp:85:3:85:22 | VirtualAndNonVirtual | 1 | ConstructorDirectInit | ctorinits.cpp:85:26:85:26 | call to VD | 0 | 0 |

cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected

@@ -10,13 +10,11 @@ uniqueEnclosingCallable
 | test.cpp:1158:18:1158:42 | ... , ... | Node should have one enclosing callable but has 0. |
 | test.cpp:1158:23:1158:31 | recursion | Node should have one enclosing callable but has 0. |
 | test.cpp:1158:35:1158:40 | call to source | Node should have one enclosing callable but has 0. |
-| test.cpp:1318:13:1318:18 | call to source | Node should have one enclosing callable but has 0. |
 uniqueCallEnclosingCallable
 | test.cpp:864:47:864:54 | call to source | Call should have one enclosing callable but has 0. |
 | test.cpp:872:46:872:51 | call to source | Call should have one enclosing callable but has 0. |
 | test.cpp:1158:18:1158:21 | call to sink | Call should have one enclosing callable but has 0. |
 | test.cpp:1158:35:1158:40 | call to source | Call should have one enclosing callable but has 0. |
-| test.cpp:1318:13:1318:18 | call to source | Call should have one enclosing callable but has 0. |
 uniqueType
 uniqueNodeLocation
 missingLocation

cpp/ql/test/library-tests/dataflow/dataflow-tests/test-source-sink.expected

@@ -170,7 +170,6 @@ astFlow
 | test.cpp:1308:7:1308:12 | call to source | test.cpp:1309:14:1309:16 | ... ++ |
 | test.cpp:1312:7:1312:12 | call to source | test.cpp:1313:8:1313:24 | ... ? ... : ... |
 | test.cpp:1312:7:1312:12 | call to source | test.cpp:1314:8:1314:8 | x |
-| test.cpp:1329:11:1329:16 | call to source | test.cpp:1330:10:1330:10 | i |
 | true_upon_entry.cpp:17:11:17:16 | call to source | true_upon_entry.cpp:21:8:21:8 | x |
 | true_upon_entry.cpp:27:9:27:14 | call to source | true_upon_entry.cpp:29:8:29:8 | x |
 | true_upon_entry.cpp:33:11:33:16 | call to source | true_upon_entry.cpp:39:8:39:8 | x |
@@ -391,8 +390,6 @@ irFlow
 | test.cpp:1308:7:1308:12 | call to source | test.cpp:1309:8:1309:16 | ... ++ |
 | test.cpp:1312:7:1312:12 | call to source | test.cpp:1313:8:1313:24 | ... ? ... : ... |
 | test.cpp:1312:7:1312:12 | call to source | test.cpp:1314:8:1314:8 | x |
-| test.cpp:1318:13:1318:18 | call to source | test.cpp:1327:10:1327:10 | i |
-| test.cpp:1329:11:1329:16 | call to source | test.cpp:1330:10:1330:10 | i |
 | true_upon_entry.cpp:9:11:9:16 | call to source | true_upon_entry.cpp:13:8:13:8 | x |
 | true_upon_entry.cpp:17:11:17:16 | call to source | true_upon_entry.cpp:21:8:21:8 | x |
 | true_upon_entry.cpp:27:9:27:14 | call to source | true_upon_entry.cpp:29:8:29:8 | x |

cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp

@@ -1312,20 +1312,4 @@ void crement_test2(bool b, int y) {
   x = source();
   sink(b ? (long)x++ : 0); // $ ir ast
   sink(x); // $ ir ast
-}
-
-struct nsdmi {
-    int i = source();
-
-    nsdmi() {}
-
-    nsdmi(int i) : i(i) {}
-};
-
-void nsdmi_test() {
-  nsdmi x;
-  sink(x.i); // $ ir MISSING: ast
-
-  nsdmi y(source());
-  sink(y.i); // $ ir ast
-}
+}

cpp/ql/test/library-tests/dataflow/dataflow-tests/type-bugs.expected

@@ -1,5 +1,41 @@
 astTypeBugs
 irTypeBugs
+| ../../../include/iterator.h:21:3:21:10 | ../../../include/iterator.h:21:3:21:10 | ../../../include/iterator.h:21:3:21:10 | [summary param] *0 in iterator |
+| ../../../include/iterator.h:21:3:21:10 | ../../../include/iterator.h:21:3:21:10 | ../../../include/iterator.h:21:3:21:10 | [summary param] this in iterator |
+| ../../../include/iterator.h:21:3:21:10 | ../../../include/iterator.h:21:3:21:10 | ../../../include/iterator.h:21:3:21:10 | [summary] read: Argument[*0].Element in iterator |
+| ../../../include/iterator.h:21:3:21:10 | ../../../include/iterator.h:21:3:21:10 | ../../../include/iterator.h:21:3:21:10 | [summary] read: Argument[*0].Element[****] in iterator |
+| ../../../include/iterator.h:21:3:21:10 | ../../../include/iterator.h:21:3:21:10 | ../../../include/iterator.h:21:3:21:10 | [summary] read: Argument[*0].Element[***] in iterator |
+| ../../../include/iterator.h:21:3:21:10 | ../../../include/iterator.h:21:3:21:10 | ../../../include/iterator.h:21:3:21:10 | [summary] read: Argument[*0].Element[**] in iterator |
+| ../../../include/iterator.h:21:3:21:10 | ../../../include/iterator.h:21:3:21:10 | ../../../include/iterator.h:21:3:21:10 | [summary] read: Argument[*0].Element[*] in iterator |
+| ../../../include/iterator.h:21:3:21:10 | ../../../include/iterator.h:21:3:21:10 | ../../../include/iterator.h:21:3:21:10 | [summary] to write: Argument[this] in iterator |
+| ../../../include/iterator.h:21:3:21:10 | ../../../include/iterator.h:21:3:21:10 | ../../../include/iterator.h:21:3:21:10 | [summary] to write: Argument[this].Element in iterator |
+| ../../../include/iterator.h:21:3:21:10 | ../../../include/iterator.h:21:3:21:10 | ../../../include/iterator.h:21:3:21:10 | [summary] to write: Argument[this].Element[****] in iterator |
+| ../../../include/iterator.h:21:3:21:10 | ../../../include/iterator.h:21:3:21:10 | ../../../include/iterator.h:21:3:21:10 | [summary] to write: Argument[this].Element[***] in iterator |
+| ../../../include/iterator.h:21:3:21:10 | ../../../include/iterator.h:21:3:21:10 | ../../../include/iterator.h:21:3:21:10 | [summary] to write: Argument[this].Element[**] in iterator |
+| ../../../include/iterator.h:21:3:21:10 | ../../../include/iterator.h:21:3:21:10 | ../../../include/iterator.h:21:3:21:10 | [summary] to write: Argument[this].Element[*] in iterator |
+| ../../../include/iterator.h:22:3:22:10 | ../../../include/iterator.h:22:3:22:10 | ../../../include/iterator.h:22:3:22:10 | [summary param] *0 in iterator |
+| ../../../include/iterator.h:22:3:22:10 | ../../../include/iterator.h:22:3:22:10 | ../../../include/iterator.h:22:3:22:10 | [summary param] this in iterator |
+| ../../../include/iterator.h:22:3:22:10 | ../../../include/iterator.h:22:3:22:10 | ../../../include/iterator.h:22:3:22:10 | [summary] read: Argument[*0].Element in iterator |
+| ../../../include/iterator.h:22:3:22:10 | ../../../include/iterator.h:22:3:22:10 | ../../../include/iterator.h:22:3:22:10 | [summary] read: Argument[*0].Element[****] in iterator |
+| ../../../include/iterator.h:22:3:22:10 | ../../../include/iterator.h:22:3:22:10 | ../../../include/iterator.h:22:3:22:10 | [summary] read: Argument[*0].Element[***] in iterator |
+| ../../../include/iterator.h:22:3:22:10 | ../../../include/iterator.h:22:3:22:10 | ../../../include/iterator.h:22:3:22:10 | [summary] read: Argument[*0].Element[**] in iterator |
+| ../../../include/iterator.h:22:3:22:10 | ../../../include/iterator.h:22:3:22:10 | ../../../include/iterator.h:22:3:22:10 | [summary] read: Argument[*0].Element[*] in iterator |
+| ../../../include/iterator.h:22:3:22:10 | ../../../include/iterator.h:22:3:22:10 | ../../../include/iterator.h:22:3:22:10 | [summary] to write: Argument[this] in iterator |
+| ../../../include/iterator.h:22:3:22:10 | ../../../include/iterator.h:22:3:22:10 | ../../../include/iterator.h:22:3:22:10 | [summary] to write: Argument[this].Element in iterator |
+| ../../../include/iterator.h:22:3:22:10 | ../../../include/iterator.h:22:3:22:10 | ../../../include/iterator.h:22:3:22:10 | [summary] to write: Argument[this].Element[****] in iterator |
+| ../../../include/iterator.h:22:3:22:10 | ../../../include/iterator.h:22:3:22:10 | ../../../include/iterator.h:22:3:22:10 | [summary] to write: Argument[this].Element[***] in iterator |
+| ../../../include/iterator.h:22:3:22:10 | ../../../include/iterator.h:22:3:22:10 | ../../../include/iterator.h:22:3:22:10 | [summary] to write: Argument[this].Element[**] in iterator |
+| ../../../include/iterator.h:22:3:22:10 | ../../../include/iterator.h:22:3:22:10 | ../../../include/iterator.h:22:3:22:10 | [summary] to write: Argument[this].Element[*] in iterator |
+| ../../../include/iterator.h:30:18:30:26 | ../../../include/iterator.h:30:18:30:26 | ../../../include/iterator.h:30:18:30:26 | [summary param] this in operator* |
+| ../../../include/iterator.h:30:18:30:26 | ../../../include/iterator.h:30:18:30:26 | ../../../include/iterator.h:30:18:30:26 | [summary] read: Argument[this].Element in operator* |
+| ../../../include/iterator.h:30:18:30:26 | ../../../include/iterator.h:30:18:30:26 | ../../../include/iterator.h:30:18:30:26 | [summary] read: Argument[this].Element[*] in operator* |
+| ../../../include/iterator.h:30:18:30:26 | ../../../include/iterator.h:30:18:30:26 | ../../../include/iterator.h:30:18:30:26 | [summary] to write: ReturnValue[**] in operator* |
+| ../../../include/iterator.h:30:18:30:26 | ../../../include/iterator.h:30:18:30:26 | ../../../include/iterator.h:30:18:30:26 | [summary] to write: ReturnValue[*] in operator* |
+| ../../../include/iterator.h:31:16:31:25 | ../../../include/iterator.h:31:16:31:25 | ../../../include/iterator.h:31:16:31:25 | [summary param] this in operator-> |
+| ../../../include/iterator.h:31:16:31:25 | ../../../include/iterator.h:31:16:31:25 | ../../../include/iterator.h:31:16:31:25 | [summary] read: Argument[this].Element in operator-> |
+| ../../../include/iterator.h:31:16:31:25 | ../../../include/iterator.h:31:16:31:25 | ../../../include/iterator.h:31:16:31:25 | [summary] read: Argument[this].Element[*] in operator-> |
+| ../../../include/iterator.h:31:16:31:25 | ../../../include/iterator.h:31:16:31:25 | ../../../include/iterator.h:31:16:31:25 | [summary] to write: ReturnValue[**] in operator-> |
+| ../../../include/iterator.h:31:16:31:25 | ../../../include/iterator.h:31:16:31:25 | ../../../include/iterator.h:31:16:31:25 | [summary] to write: ReturnValue[*] in operator-> |
 incorrectBaseType
 | clang.cpp:22:8:22:20 | *& ... | Expected 'Node.getType()' to be int, but it was int * |
 | clang.cpp:23:17:23:29 | *& ... | Expected 'Node.getType()' to be int, but it was int * |

cpp/ql/test/library-tests/dataflow/dataflow-tests/type-bugs.ql

@@ -17,13 +17,9 @@ import AstTest
 
 module IrTest {
   private import semmle.code.cpp.ir.dataflow.internal.DataFlowUtil
-  private import semmle.code.cpp.ir.dataflow.internal.DataFlowNodes
 
   query predicate irTypeBugs(Location location, Node node) {
     exists(int n |
-      // Flow summary nodes don't have a type since we don't necessarily have
-      // the source code in the database.
-      not node instanceof FlowSummaryNode and
       n = count(node.getType()) and
       location = node.getLocation() and
       n != 1

cpp/ql/test/library-tests/dataflow/external-models/flow.expected

@@ -4,124 +4,121 @@ models
 | 3 | Source: ; ; false; GetCommandLineA; ; ; ReturnValue[*]; local; manual |
 | 4 | Source: ; ; false; GetEnvironmentStringsA; ; ; ReturnValue[*]; local; manual |
 | 5 | Source: ; ; false; GetEnvironmentVariableA; ; ; Argument[*1]; local; manual |
-| 6 | Source: ; ; false; HttpReceiveClientCertificate; ; ; Argument[*3]; remote; manual |
-| 7 | Source: ; ; false; HttpReceiveHttpRequest; ; ; Argument[*3]; remote; manual |
-| 8 | Source: ; ; false; HttpReceiveRequestEntityBody; ; ; Argument[*3]; remote; manual |
-| 9 | Source: ; ; false; MapViewOfFile2; ; ; ReturnValue[*]; local; manual |
-| 10 | Source: ; ; false; MapViewOfFile3; ; ; ReturnValue[*]; local; manual |
-| 11 | Source: ; ; false; MapViewOfFile3FromApp; ; ; ReturnValue[*]; local; manual |
-| 12 | Source: ; ; false; MapViewOfFile; ; ; ReturnValue[*]; local; manual |
-| 13 | Source: ; ; false; MapViewOfFileEx; ; ; ReturnValue[*]; local; manual |
-| 14 | Source: ; ; false; MapViewOfFileFromApp; ; ; ReturnValue[*]; local; manual |
-| 15 | Source: ; ; false; MapViewOfFileNuma2; ; ; ReturnValue[*]; local; manual |
-| 16 | Source: ; ; false; NtReadFile; ; ; Argument[*5]; local; manual |
-| 17 | Source: ; ; false; ReadFile; ; ; Argument[*1]; local; manual |
-| 18 | Source: ; ; false; ReadFileEx; ; ; Argument[*1]; local; manual |
-| 19 | Source: ; ; false; WinHttpQueryHeaders; ; ; Argument[*3]; remote; manual |
-| 20 | Source: ; ; false; WinHttpQueryHeadersEx; ; ; Argument[**8]; remote; manual |
-| 21 | Source: ; ; false; WinHttpQueryHeadersEx; ; ; Argument[*5]; remote; manual |
-| 22 | Source: ; ; false; WinHttpQueryHeadersEx; ; ; Argument[*6]; remote; manual |
-| 23 | Source: ; ; false; WinHttpReadData; ; ; Argument[*1]; remote; manual |
-| 24 | Source: ; ; false; WinHttpReadDataEx; ; ; Argument[*1]; remote; manual |
-| 25 | Source: ; ; false; ymlSource; ; ; ReturnValue; local; manual |
-| 26 | Source: Azure::Core::Http; RawResponse; true; ExtractBodyStream; ; ; ReturnValue[*]; remote; manual |
-| 27 | Source: Azure::Core::Http; RawResponse; true; GetBody; ; ; ReturnValue[*]; remote; manual |
-| 28 | Source: Azure::Core::Http; RawResponse; true; GetHeaders; ; ; ReturnValue[*]; remote; manual |
-| 29 | Source: Azure::Core::Http; Request; true; GetBodyStream; ; ; ReturnValue[*]; remote; manual |
-| 30 | Source: Azure::Core::Http; Request; true; GetHeader; ; ; ReturnValue; remote; manual |
-| 31 | Source: Azure::Core::Http; Request; true; GetHeaders; ; ; ReturnValue; remote; manual |
-| 32 | Source: boost::asio; ; false; read_until; ; ; Argument[*1]; remote; manual |
-| 33 | Summary: ; ; false; CommandLineToArgvA; ; ; Argument[*0]; ReturnValue[**]; taint; manual |
-| 34 | Summary: ; ; false; CreateRemoteThread; ; ; Argument[@4]; Argument[3].Parameter[@0]; value; manual |
-| 35 | Summary: ; ; false; CreateRemoteThreadEx; ; ; Argument[@4]; Argument[3].Parameter[@0]; value; manual |
-| 36 | Summary: ; ; false; CreateThread; ; ; Argument[@3]; Argument[2].Parameter[@0]; value; manual |
-| 37 | Summary: ; ; false; ReadFileEx; ; ; Argument[*3].Field[@hEvent]; Argument[4].Parameter[*2].Field[@hEvent]; value; manual |
-| 38 | Summary: ; ; false; RtlCopyDeviceMemory; ; ; Argument[*@1]; Argument[*@0]; value; manual |
-| 39 | Summary: ; ; false; RtlCopyMemory; ; ; Argument[*@1]; Argument[*@0]; value; manual |
-| 40 | Summary: ; ; false; RtlCopyMemoryNonTemporal; ; ; Argument[*@1]; Argument[*@0]; value; manual |
-| 41 | Summary: ; ; false; RtlCopyUnicodeString; ; ; Argument[*1].Field[*Buffer]; Argument[*0].Field[*Buffer]; value; manual |
-| 42 | Summary: ; ; false; RtlCopyVolatileMemory; ; ; Argument[*@1]; Argument[*@0]; value; manual |
-| 43 | Summary: ; ; false; RtlInitUnicodeString; ; ; Argument[*1]; Argument[*0].Field[*Buffer]; value; manual |
-| 44 | Summary: ; ; false; RtlMoveMemory; ; ; Argument[*@1]; Argument[*@0]; value; manual |
-| 45 | Summary: ; ; false; RtlMoveVolatileMemory; ; ; Argument[*@1]; Argument[*@0]; value; manual |
-| 46 | Summary: ; ; false; WinHttpCrackUrl; ; ; Argument[*0]; Argument[*3]; taint; manual |
-| 47 | Summary: ; ; false; callWithArgument; ; ; Argument[1]; Argument[0].Parameter[0]; value; manual |
-| 48 | Summary: ; ; false; callWithNonTypeTemplate<T>; (const T &); ; Argument[*0]; ReturnValue; value; manual |
-| 49 | Summary: ; ; false; pthread_create; ; ; Argument[@3]; Argument[2].Parameter[@0]; value; manual |
-| 50 | Summary: ; ; false; ymlStepGenerated; ; ; Argument[0]; ReturnValue; taint; df-generated |
-| 51 | Summary: ; ; false; ymlStepManual; ; ; Argument[0]; ReturnValue; taint; manual |
-| 52 | Summary: ; ; false; ymlStepManual_with_body; ; ; Argument[0]; ReturnValue; taint; manual |
-| 53 | Summary: Azure::Core::IO; BodyStream; true; Read; ; ; Argument[-1]; Argument[*0]; taint; manual |
-| 54 | Summary: Azure::Core::IO; BodyStream; true; ReadToCount; ; ; Argument[-1]; Argument[*0]; taint; manual |
-| 55 | Summary: Azure::Core::IO; BodyStream; true; ReadToEnd; ; ; Argument[-1]; ReturnValue.Element; taint; manual |
-| 56 | Summary: Azure; Nullable; true; Value; ; ; Argument[-1]; ReturnValue[*]; taint; manual |
-| 57 | Summary: boost::asio; ; false; buffer; ; ; Argument[*0]; ReturnValue; taint; manual |
+| 6 | Source: ; ; false; MapViewOfFile2; ; ; ReturnValue[*]; local; manual |
+| 7 | Source: ; ; false; MapViewOfFile3; ; ; ReturnValue[*]; local; manual |
+| 8 | Source: ; ; false; MapViewOfFile3FromApp; ; ; ReturnValue[*]; local; manual |
+| 9 | Source: ; ; false; MapViewOfFile; ; ; ReturnValue[*]; local; manual |
+| 10 | Source: ; ; false; MapViewOfFileEx; ; ; ReturnValue[*]; local; manual |
+| 11 | Source: ; ; false; MapViewOfFileFromApp; ; ; ReturnValue[*]; local; manual |
+| 12 | Source: ; ; false; MapViewOfFileNuma2; ; ; ReturnValue[*]; local; manual |
+| 13 | Source: ; ; false; NtReadFile; ; ; Argument[*5]; local; manual |
+| 14 | Source: ; ; false; ReadFile; ; ; Argument[*1]; local; manual |
+| 15 | Source: ; ; false; ReadFileEx; ; ; Argument[*1]; local; manual |
+| 16 | Source: ; ; false; WinHttpQueryHeaders; ; ; Argument[*3]; remote; manual |
+| 17 | Source: ; ; false; WinHttpQueryHeadersEx; ; ; Argument[**8]; remote; manual |
+| 18 | Source: ; ; false; WinHttpQueryHeadersEx; ; ; Argument[*5]; remote; manual |
+| 19 | Source: ; ; false; WinHttpQueryHeadersEx; ; ; Argument[*6]; remote; manual |
+| 20 | Source: ; ; false; WinHttpReadData; ; ; Argument[*1]; remote; manual |
+| 21 | Source: ; ; false; WinHttpReadDataEx; ; ; Argument[*1]; remote; manual |
+| 22 | Source: ; ; false; ymlSource; ; ; ReturnValue; local; manual |
+| 23 | Source: Azure::Core::Http; RawResponse; true; ExtractBodyStream; ; ; ReturnValue[*]; remote; manual |
+| 24 | Source: Azure::Core::Http; RawResponse; true; GetBody; ; ; ReturnValue[*]; remote; manual |
+| 25 | Source: Azure::Core::Http; RawResponse; true; GetHeaders; ; ; ReturnValue[*]; remote; manual |
+| 26 | Source: Azure::Core::Http; Request; true; GetBodyStream; ; ; ReturnValue[*]; remote; manual |
+| 27 | Source: Azure::Core::Http; Request; true; GetHeader; ; ; ReturnValue; remote; manual |
+| 28 | Source: Azure::Core::Http; Request; true; GetHeaders; ; ; ReturnValue; remote; manual |
+| 29 | Source: boost::asio; ; false; read_until; ; ; Argument[*1]; remote; manual |
+| 30 | Summary: ; ; false; CommandLineToArgvA; ; ; Argument[*0]; ReturnValue[**]; taint; manual |
+| 31 | Summary: ; ; false; CreateRemoteThread; ; ; Argument[@4]; Argument[3].Parameter[@0]; value; manual |
+| 32 | Summary: ; ; false; CreateRemoteThreadEx; ; ; Argument[@4]; Argument[3].Parameter[@0]; value; manual |
+| 33 | Summary: ; ; false; CreateThread; ; ; Argument[@3]; Argument[2].Parameter[@0]; value; manual |
+| 34 | Summary: ; ; false; ReadFileEx; ; ; Argument[*3].Field[@hEvent]; Argument[4].Parameter[*2].Field[@hEvent]; value; manual |
+| 35 | Summary: ; ; false; RtlCopyDeviceMemory; ; ; Argument[*@1]; Argument[*@0]; value; manual |
+| 36 | Summary: ; ; false; RtlCopyMemory; ; ; Argument[*@1]; Argument[*@0]; value; manual |
+| 37 | Summary: ; ; false; RtlCopyMemoryNonTemporal; ; ; Argument[*@1]; Argument[*@0]; value; manual |
+| 38 | Summary: ; ; false; RtlCopyUnicodeString; ; ; Argument[*1].Field[*Buffer]; Argument[*0].Field[*Buffer]; value; manual |
+| 39 | Summary: ; ; false; RtlCopyVolatileMemory; ; ; Argument[*@1]; Argument[*@0]; value; manual |
+| 40 | Summary: ; ; false; RtlInitUnicodeString; ; ; Argument[*1]; Argument[*0].Field[*Buffer]; value; manual |
+| 41 | Summary: ; ; false; RtlMoveMemory; ; ; Argument[*@1]; Argument[*@0]; value; manual |
+| 42 | Summary: ; ; false; RtlMoveVolatileMemory; ; ; Argument[*@1]; Argument[*@0]; value; manual |
+| 43 | Summary: ; ; false; WinHttpCrackUrl; ; ; Argument[*0]; Argument[*3]; taint; manual |
+| 44 | Summary: ; ; false; callWithArgument; ; ; Argument[1]; Argument[0].Parameter[0]; value; manual |
+| 45 | Summary: ; ; false; callWithNonTypeTemplate<T>; (const T &); ; Argument[*0]; ReturnValue; value; manual |
+| 46 | Summary: ; ; false; pthread_create; ; ; Argument[@3]; Argument[2].Parameter[@0]; value; manual |
+| 47 | Summary: ; ; false; ymlStepGenerated; ; ; Argument[0]; ReturnValue; taint; df-generated |
+| 48 | Summary: ; ; false; ymlStepManual; ; ; Argument[0]; ReturnValue; taint; manual |
+| 49 | Summary: ; ; false; ymlStepManual_with_body; ; ; Argument[0]; ReturnValue; taint; manual |
+| 50 | Summary: Azure::Core::IO; BodyStream; true; Read; ; ; Argument[-1]; Argument[*0]; taint; manual |
+| 51 | Summary: Azure::Core::IO; BodyStream; true; ReadToCount; ; ; Argument[-1]; Argument[*0]; taint; manual |
+| 52 | Summary: Azure::Core::IO; BodyStream; true; ReadToEnd; ; ; Argument[-1]; ReturnValue.Element; taint; manual |
+| 53 | Summary: Azure; Nullable; true; Value; ; ; Argument[-1]; ReturnValue[*]; taint; manual |
+| 54 | Summary: boost::asio; ; false; buffer; ; ; Argument[*0]; ReturnValue; taint; manual |
 edges
-| asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | provenance | MaD:57 |
-| asio_streams.cpp:87:34:87:44 | read_until output argument | asio_streams.cpp:91:7:91:17 | recv_buffer | provenance | Src:MaD:32  |
-| asio_streams.cpp:87:34:87:44 | read_until output argument | asio_streams.cpp:93:29:93:39 | *recv_buffer | provenance | Src:MaD:32 Sink:MaD:2 |
+| asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | provenance | MaD:54 |
+| asio_streams.cpp:87:34:87:44 | read_until output argument | asio_streams.cpp:91:7:91:17 | recv_buffer | provenance | Src:MaD:29  |
+| asio_streams.cpp:87:34:87:44 | read_until output argument | asio_streams.cpp:93:29:93:39 | *recv_buffer | provenance | Src:MaD:29 Sink:MaD:2 |
 | asio_streams.cpp:97:37:97:44 | call to source | asio_streams.cpp:98:7:98:14 | send_str | provenance | TaintFunction |
 | asio_streams.cpp:97:37:97:44 | call to source | asio_streams.cpp:100:64:100:71 | *send_str | provenance | TaintFunction |
 | asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:100:44:100:62 | call to buffer | provenance |  |
 | asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:101:7:101:17 | send_buffer | provenance |  |
 | asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:103:29:103:39 | *send_buffer | provenance | Sink:MaD:2 |
 | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | provenance |  |
-| asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:100:44:100:62 | call to buffer | provenance | MaD:57 |
-| azure.cpp:62:10:62:14 | [summary param] this in Value | azure.cpp:62:10:62:14 | [summary] to write: ReturnValue[*] in Value | provenance | MaD:56 |
-| azure.cpp:113:16:113:19 | [summary param] this in Read | azure.cpp:113:16:113:19 | [summary param] *0 in Read [Return] | provenance | MaD:53 |
-| azure.cpp:114:16:114:26 | [summary param] this in ReadToCount | azure.cpp:114:16:114:26 | [summary param] *0 in ReadToCount [Return] | provenance | MaD:54 |
-| azure.cpp:115:30:115:38 | [summary param] this in ReadToEnd | azure.cpp:115:30:115:38 | [summary] to write: ReturnValue.Element in ReadToEnd | provenance | MaD:55 |
+| asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:100:44:100:62 | call to buffer | provenance | MaD:54 |
+| azure.cpp:62:10:62:14 | [summary param] this in Value | azure.cpp:62:10:62:14 | [summary] to write: ReturnValue[*] in Value | provenance | MaD:53 |
+| azure.cpp:113:16:113:19 | [summary param] this in Read | azure.cpp:113:16:113:19 | [summary param] *0 in Read [Return] | provenance | MaD:50 |
+| azure.cpp:114:16:114:26 | [summary param] this in ReadToCount | azure.cpp:114:16:114:26 | [summary param] *0 in ReadToCount [Return] | provenance | MaD:51 |
+| azure.cpp:115:30:115:38 | [summary param] this in ReadToEnd | azure.cpp:115:30:115:38 | [summary] to write: ReturnValue.Element in ReadToEnd | provenance | MaD:52 |
 | azure.cpp:115:30:115:38 | [summary] to write: ReturnValue.Element in ReadToEnd | azure.cpp:115:30:115:38 | [summary] to write: ReturnValue in ReadToEnd [element] | provenance |  |
-| azure.cpp:253:48:253:60 | *call to GetBodyStream | azure.cpp:253:48:253:60 | *call to GetBodyStream | provenance | Src:MaD:29  |
+| azure.cpp:253:48:253:60 | *call to GetBodyStream | azure.cpp:253:48:253:60 | *call to GetBodyStream | provenance | Src:MaD:26  |
 | azure.cpp:253:48:253:60 | *call to GetBodyStream | azure.cpp:257:5:257:8 | *resp | provenance |  |
 | azure.cpp:253:48:253:60 | *call to GetBodyStream | azure.cpp:262:5:262:8 | *resp | provenance |  |
 | azure.cpp:253:48:253:60 | *call to GetBodyStream | azure.cpp:266:38:266:41 | *resp | provenance |  |
 | azure.cpp:257:5:257:8 | *resp | azure.cpp:113:16:113:19 | [summary param] this in Read | provenance |  |
-| azure.cpp:257:5:257:8 | *resp | azure.cpp:257:16:257:21 | Read output argument | provenance | MaD:53 |
+| azure.cpp:257:5:257:8 | *resp | azure.cpp:257:16:257:21 | Read output argument | provenance | MaD:50 |
 | azure.cpp:257:16:257:21 | Read output argument | azure.cpp:258:10:258:16 | * ... | provenance |  |
 | azure.cpp:262:5:262:8 | *resp | azure.cpp:114:16:114:26 | [summary param] this in ReadToCount | provenance |  |
-| azure.cpp:262:5:262:8 | *resp | azure.cpp:262:23:262:28 | ReadToCount output argument | provenance | MaD:54 |
+| azure.cpp:262:5:262:8 | *resp | azure.cpp:262:23:262:28 | ReadToCount output argument | provenance | MaD:51 |
 | azure.cpp:262:23:262:28 | ReadToCount output argument | azure.cpp:263:10:263:16 | * ... | provenance |  |
 | azure.cpp:266:38:266:41 | *resp | azure.cpp:115:30:115:38 | [summary param] this in ReadToEnd | provenance |  |
-| azure.cpp:266:38:266:41 | *resp | azure.cpp:266:44:266:52 | call to ReadToEnd [element] | provenance | MaD:55 |
+| azure.cpp:266:38:266:41 | *resp | azure.cpp:266:44:266:52 | call to ReadToEnd [element] | provenance | MaD:52 |
 | azure.cpp:266:44:266:52 | call to ReadToEnd [element] | azure.cpp:266:44:266:52 | call to ReadToEnd [element] | provenance |  |
 | azure.cpp:266:44:266:52 | call to ReadToEnd [element] | azure.cpp:267:10:267:12 | vec [element] | provenance |  |
 | azure.cpp:267:10:267:12 | vec [element] | azure.cpp:267:10:267:12 | vec | provenance |  |
-| azure.cpp:273:62:273:64 | call to GetHeaders | azure.cpp:273:62:273:64 | call to GetHeaders | provenance | Src:MaD:28  |
+| azure.cpp:273:62:273:64 | call to GetHeaders | azure.cpp:273:62:273:64 | call to GetHeaders | provenance | Src:MaD:25  |
 | azure.cpp:273:62:273:64 | call to GetHeaders | azure.cpp:274:14:274:29 | call to operator[] | provenance | TaintFunction |
 | azure.cpp:273:62:273:64 | call to GetHeaders | azure.cpp:274:14:274:29 | call to operator[] | provenance | TaintFunction |
 | azure.cpp:273:62:273:64 | call to GetHeaders | azure.cpp:274:14:274:29 | call to operator[] | provenance | TaintFunction |
 | azure.cpp:274:14:274:29 | call to operator[] | azure.cpp:274:10:274:29 | call to operator[] | provenance |  |
 | azure.cpp:274:14:274:29 | call to operator[] | azure.cpp:274:14:274:29 | call to operator[] | provenance |  |
-| azure.cpp:277:45:277:47 | call to GetBody | azure.cpp:277:45:277:47 | call to GetBody | provenance | Src:MaD:27  |
+| azure.cpp:277:45:277:47 | call to GetBody | azure.cpp:277:45:277:47 | call to GetBody | provenance | Src:MaD:24  |
 | azure.cpp:277:45:277:47 | call to GetBody | azure.cpp:278:10:278:13 | body | provenance |  |
 | azure.cpp:277:45:277:47 | call to GetBody | azure.cpp:278:10:278:13 | body | provenance |  |
 | azure.cpp:278:10:278:13 | body | azure.cpp:278:10:278:13 | body | provenance |  |
-| azure.cpp:281:68:281:84 | *call to ExtractBodyStream | azure.cpp:281:68:281:84 | *call to ExtractBodyStream | provenance | Src:MaD:26  |
+| azure.cpp:281:68:281:84 | *call to ExtractBodyStream | azure.cpp:281:68:281:84 | *call to ExtractBodyStream | provenance | Src:MaD:23  |
 | azure.cpp:281:68:281:84 | *call to ExtractBodyStream | azure.cpp:282:21:282:23 | *call to get | provenance |  |
 | azure.cpp:282:21:282:23 | *call to get | azure.cpp:115:30:115:38 | [summary param] this in ReadToEnd | provenance |  |
-| azure.cpp:282:21:282:23 | *call to get | azure.cpp:282:28:282:36 | call to ReadToEnd [element] | provenance | MaD:55 |
+| azure.cpp:282:21:282:23 | *call to get | azure.cpp:282:28:282:36 | call to ReadToEnd [element] | provenance | MaD:52 |
 | azure.cpp:282:28:282:36 | call to ReadToEnd [element] | azure.cpp:282:10:282:38 | call to ReadToEnd | provenance |  |
 | azure.cpp:282:28:282:36 | call to ReadToEnd [element] | azure.cpp:282:28:282:36 | call to ReadToEnd [element] | provenance |  |
 | azure.cpp:289:24:289:56 | call to GetHeader | azure.cpp:62:10:62:14 | [summary param] this in Value | provenance |  |
-| azure.cpp:289:24:289:56 | call to GetHeader | azure.cpp:289:63:289:65 | call to Value | provenance | MaD:56 |
+| azure.cpp:289:24:289:56 | call to GetHeader | azure.cpp:289:63:289:65 | call to Value | provenance | MaD:53 |
 | azure.cpp:289:32:289:40 | call to GetHeader | azure.cpp:289:24:289:56 | call to GetHeader | provenance |  |
-| azure.cpp:289:32:289:40 | call to GetHeader | azure.cpp:289:32:289:40 | call to GetHeader | provenance | Src:MaD:30  |
+| azure.cpp:289:32:289:40 | call to GetHeader | azure.cpp:289:32:289:40 | call to GetHeader | provenance | Src:MaD:27  |
 | azure.cpp:289:63:289:65 | call to Value | azure.cpp:289:63:289:65 | call to Value | provenance |  |
 | azure.cpp:289:63:289:65 | call to Value | azure.cpp:290:10:290:20 | headerValue | provenance |  |
 | azure.cpp:289:63:289:65 | call to Value | azure.cpp:290:10:290:20 | headerValue | provenance |  |
 | azure.cpp:290:10:290:20 | headerValue | azure.cpp:290:10:290:20 | headerValue | provenance |  |
-| azure.cpp:293:58:293:67 | call to GetHeaders | azure.cpp:293:58:293:67 | call to GetHeaders | provenance | Src:MaD:31  |
+| azure.cpp:293:58:293:67 | call to GetHeaders | azure.cpp:293:58:293:67 | call to GetHeaders | provenance | Src:MaD:28  |
 | azure.cpp:293:58:293:67 | call to GetHeaders | azure.cpp:294:38:294:53 | call to operator[] | provenance | TaintFunction |
 | azure.cpp:294:38:294:53 | call to operator[] | azure.cpp:295:10:295:20 | contentType | provenance |  |
 | azure.cpp:294:38:294:53 | call to operator[] | azure.cpp:295:10:295:20 | contentType | provenance |  |
 | azure.cpp:295:10:295:20 | contentType | azure.cpp:295:10:295:20 | contentType | provenance |  |
-| test.cpp:4:5:4:17 | [summary param] 0 in ymlStepManual | test.cpp:4:5:4:17 | [summary] to write: ReturnValue in ymlStepManual | provenance | MaD:51 |
-| test.cpp:5:5:5:20 | [summary param] 0 in ymlStepGenerated | test.cpp:5:5:5:20 | [summary] to write: ReturnValue in ymlStepGenerated | provenance | MaD:50 |
-| test.cpp:6:5:6:27 | [summary param] 0 in ymlStepManual_with_body | test.cpp:6:5:6:27 | [summary] to write: ReturnValue in ymlStepManual_with_body | provenance | MaD:52 |
+| test.cpp:4:5:4:17 | [summary param] 0 in ymlStepManual | test.cpp:4:5:4:17 | [summary] to write: ReturnValue in ymlStepManual | provenance | MaD:48 |
+| test.cpp:5:5:5:20 | [summary param] 0 in ymlStepGenerated | test.cpp:5:5:5:20 | [summary] to write: ReturnValue in ymlStepGenerated | provenance | MaD:47 |
+| test.cpp:6:5:6:27 | [summary param] 0 in ymlStepManual_with_body | test.cpp:6:5:6:27 | [summary] to write: ReturnValue in ymlStepManual_with_body | provenance | MaD:49 |
 | test.cpp:7:47:7:52 | value2 | test.cpp:7:64:7:69 | value2 | provenance |  |
 | test.cpp:7:64:7:69 | value2 | test.cpp:7:5:7:30 | *ymlStepGenerated_with_body | provenance |  |
-| test.cpp:10:10:10:18 | call to ymlSource | test.cpp:10:10:10:18 | call to ymlSource | provenance | Src:MaD:25  |
+| test.cpp:10:10:10:18 | call to ymlSource | test.cpp:10:10:10:18 | call to ymlSource | provenance | Src:MaD:22  |
 | test.cpp:10:10:10:18 | call to ymlSource | test.cpp:14:10:14:10 | x | provenance | Sink:MaD:1 |
 | test.cpp:10:10:10:18 | call to ymlSource | test.cpp:17:24:17:24 | x | provenance |  |
 | test.cpp:10:10:10:18 | call to ymlSource | test.cpp:21:27:21:27 | x | provenance |  |
@@ -130,15 +127,15 @@ edges
 | test.cpp:17:10:17:22 | call to ymlStepManual | test.cpp:17:10:17:22 | call to ymlStepManual | provenance |  |
 | test.cpp:17:10:17:22 | call to ymlStepManual | test.cpp:18:10:18:10 | y | provenance | Sink:MaD:1 |
 | test.cpp:17:24:17:24 | x | test.cpp:4:5:4:17 | [summary param] 0 in ymlStepManual | provenance |  |
-| test.cpp:17:24:17:24 | x | test.cpp:17:10:17:22 | call to ymlStepManual | provenance | MaD:51 |
+| test.cpp:17:24:17:24 | x | test.cpp:17:10:17:22 | call to ymlStepManual | provenance | MaD:48 |
 | test.cpp:21:10:21:25 | call to ymlStepGenerated | test.cpp:21:10:21:25 | call to ymlStepGenerated | provenance |  |
 | test.cpp:21:10:21:25 | call to ymlStepGenerated | test.cpp:22:10:22:10 | z | provenance | Sink:MaD:1 |
 | test.cpp:21:27:21:27 | x | test.cpp:5:5:5:20 | [summary param] 0 in ymlStepGenerated | provenance |  |
-| test.cpp:21:27:21:27 | x | test.cpp:21:10:21:25 | call to ymlStepGenerated | provenance | MaD:50 |
+| test.cpp:21:27:21:27 | x | test.cpp:21:10:21:25 | call to ymlStepGenerated | provenance | MaD:47 |
 | test.cpp:25:11:25:33 | call to ymlStepManual_with_body | test.cpp:25:11:25:33 | call to ymlStepManual_with_body | provenance |  |
 | test.cpp:25:11:25:33 | call to ymlStepManual_with_body | test.cpp:26:10:26:11 | y2 | provenance | Sink:MaD:1 |
 | test.cpp:25:35:25:35 | x | test.cpp:6:5:6:27 | [summary param] 0 in ymlStepManual_with_body | provenance |  |
-| test.cpp:25:35:25:35 | x | test.cpp:25:11:25:33 | call to ymlStepManual_with_body | provenance | MaD:52 |
+| test.cpp:25:35:25:35 | x | test.cpp:25:11:25:33 | call to ymlStepManual_with_body | provenance | MaD:49 |
 | test.cpp:32:11:32:36 | call to ymlStepGenerated_with_body | test.cpp:32:11:32:36 | call to ymlStepGenerated_with_body | provenance |  |
 | test.cpp:32:11:32:36 | call to ymlStepGenerated_with_body | test.cpp:33:10:33:11 | z2 | provenance | Sink:MaD:1 |
 | test.cpp:32:41:32:41 | x | test.cpp:7:47:7:52 | value2 | provenance |  |
@@ -146,16 +143,16 @@ edges
 | test.cpp:46:30:46:32 | *arg [x] | test.cpp:47:12:47:19 | *arg [x] | provenance |  |
 | test.cpp:47:12:47:19 | *arg [x] | test.cpp:48:13:48:13 | *s [x] | provenance |  |
 | test.cpp:48:13:48:13 | *s [x] | test.cpp:48:16:48:16 | x | provenance | Sink:MaD:1 |
-| test.cpp:52:5:52:18 | [summary param] *3 in pthread_create [x] | test.cpp:52:5:52:18 | [summary] to write: Argument[2].Parameter[*0] in pthread_create [x] | provenance | MaD:49 |
+| test.cpp:52:5:52:18 | [summary param] *3 in pthread_create [x] | test.cpp:52:5:52:18 | [summary] to write: Argument[2].Parameter[*0] in pthread_create [x] | provenance | MaD:46 |
 | test.cpp:52:5:52:18 | [summary] to write: Argument[2].Parameter[*0] in pthread_create [x] | test.cpp:46:30:46:32 | *arg [x] | provenance |  |
 | test.cpp:56:2:56:2 | *s [post update] [x] | test.cpp:59:55:59:64 | *& ... [x] | provenance |  |
 | test.cpp:56:2:56:18 | ... = ... | test.cpp:56:2:56:2 | *s [post update] [x] | provenance |  |
-| test.cpp:56:8:56:16 | call to ymlSource | test.cpp:56:2:56:18 | ... = ... | provenance | Src:MaD:25  |
+| test.cpp:56:8:56:16 | call to ymlSource | test.cpp:56:2:56:18 | ... = ... | provenance | Src:MaD:22  |
 | test.cpp:59:55:59:64 | *& ... [x] | test.cpp:52:5:52:18 | [summary param] *3 in pthread_create [x] | provenance |  |
-| test.cpp:63:6:63:21 | [summary param] 1 in callWithArgument | test.cpp:63:6:63:21 | [summary] to write: Argument[0].Parameter[0] in callWithArgument | provenance | MaD:47 |
-| test.cpp:63:6:63:21 | [summary param] 1 in callWithArgument | test.cpp:63:6:63:21 | [summary] to write: Argument[0].Parameter[0] in callWithArgument | provenance | MaD:47 |
-| test.cpp:63:6:63:21 | [summary param] 1 in callWithArgument | test.cpp:63:6:63:21 | [summary] to write: Argument[0].Parameter[0] in callWithArgument | provenance | MaD:47 |
-| test.cpp:63:6:63:21 | [summary param] 1 in callWithArgument | test.cpp:63:6:63:21 | [summary] to write: Argument[0].Parameter[0] in callWithArgument | provenance | MaD:47 |
+| test.cpp:63:6:63:21 | [summary param] 1 in callWithArgument | test.cpp:63:6:63:21 | [summary] to write: Argument[0].Parameter[0] in callWithArgument | provenance | MaD:44 |
+| test.cpp:63:6:63:21 | [summary param] 1 in callWithArgument | test.cpp:63:6:63:21 | [summary] to write: Argument[0].Parameter[0] in callWithArgument | provenance | MaD:44 |
+| test.cpp:63:6:63:21 | [summary param] 1 in callWithArgument | test.cpp:63:6:63:21 | [summary] to write: Argument[0].Parameter[0] in callWithArgument | provenance | MaD:44 |
+| test.cpp:63:6:63:21 | [summary param] 1 in callWithArgument | test.cpp:63:6:63:21 | [summary] to write: Argument[0].Parameter[0] in callWithArgument | provenance | MaD:44 |
 | test.cpp:63:6:63:21 | [summary] to write: Argument[0].Parameter[0] in callWithArgument | test.cpp:68:22:68:22 | y | provenance |  |
 | test.cpp:63:6:63:21 | [summary] to write: Argument[0].Parameter[0] in callWithArgument | test.cpp:74:22:74:22 | y | provenance |  |
 | test.cpp:63:6:63:21 | [summary] to write: Argument[0].Parameter[0] in callWithArgument | test.cpp:82:22:82:22 | y | provenance |  |
@@ -164,7 +161,7 @@ edges
 | test.cpp:74:22:74:22 | y | test.cpp:75:11:75:11 | y | provenance | Sink:MaD:1 |
 | test.cpp:82:22:82:22 | y | test.cpp:83:11:83:11 | y | provenance | Sink:MaD:1 |
 | test.cpp:88:22:88:22 | y | test.cpp:89:11:89:11 | y | provenance | Sink:MaD:1 |
-| test.cpp:94:10:94:18 | call to ymlSource | test.cpp:94:10:94:18 | call to ymlSource | provenance | Src:MaD:25  |
+| test.cpp:94:10:94:18 | call to ymlSource | test.cpp:94:10:94:18 | call to ymlSource | provenance | Src:MaD:22  |
 | test.cpp:94:10:94:18 | call to ymlSource | test.cpp:97:26:97:26 | x | provenance |  |
 | test.cpp:94:10:94:18 | call to ymlSource | test.cpp:101:26:101:26 | x | provenance |  |
 | test.cpp:94:10:94:18 | call to ymlSource | test.cpp:103:63:103:63 | x | provenance |  |
@@ -173,28 +170,28 @@ edges
 | test.cpp:101:26:101:26 | x | test.cpp:63:6:63:21 | [summary param] 1 in callWithArgument | provenance |  |
 | test.cpp:103:63:103:63 | x | test.cpp:63:6:63:21 | [summary param] 1 in callWithArgument | provenance |  |
 | test.cpp:104:62:104:62 | x | test.cpp:63:6:63:21 | [summary param] 1 in callWithArgument | provenance |  |
-| test.cpp:111:3:111:25 | [summary param] *0 in callWithNonTypeTemplate | test.cpp:111:3:111:25 | [summary] to write: ReturnValue in callWithNonTypeTemplate | provenance | MaD:48 |
-| test.cpp:114:10:114:18 | call to ymlSource | test.cpp:114:10:114:18 | call to ymlSource | provenance | Src:MaD:25  |
+| test.cpp:111:3:111:25 | [summary param] *0 in callWithNonTypeTemplate | test.cpp:111:3:111:25 | [summary] to write: ReturnValue in callWithNonTypeTemplate | provenance | MaD:45 |
+| test.cpp:114:10:114:18 | call to ymlSource | test.cpp:114:10:114:18 | call to ymlSource | provenance | Src:MaD:22  |
 | test.cpp:114:10:114:18 | call to ymlSource | test.cpp:118:44:118:44 | *x | provenance |  |
 | test.cpp:118:11:118:42 | call to callWithNonTypeTemplate | test.cpp:118:11:118:42 | call to callWithNonTypeTemplate | provenance |  |
 | test.cpp:118:11:118:42 | call to callWithNonTypeTemplate | test.cpp:119:10:119:11 | y2 | provenance | Sink:MaD:1 |
 | test.cpp:118:44:118:44 | *x | test.cpp:111:3:111:25 | [summary param] *0 in callWithNonTypeTemplate | provenance |  |
-| test.cpp:118:44:118:44 | *x | test.cpp:118:11:118:42 | call to callWithNonTypeTemplate | provenance | MaD:48 |
-| windows.cpp:17:8:17:25 | [summary param] *0 in CommandLineToArgvA | windows.cpp:17:8:17:25 | [summary] to write: ReturnValue[**] in CommandLineToArgvA | provenance | MaD:33 |
+| test.cpp:118:44:118:44 | *x | test.cpp:118:11:118:42 | call to callWithNonTypeTemplate | provenance | MaD:45 |
+| windows.cpp:17:8:17:25 | [summary param] *0 in CommandLineToArgvA | windows.cpp:17:8:17:25 | [summary] to write: ReturnValue[**] in CommandLineToArgvA | provenance | MaD:30 |
 | windows.cpp:22:15:22:29 | *call to GetCommandLineA | windows.cpp:22:15:22:29 | *call to GetCommandLineA | provenance | Src:MaD:3  |
 | windows.cpp:22:15:22:29 | *call to GetCommandLineA | windows.cpp:24:8:24:11 | * ... | provenance |  |
 | windows.cpp:22:15:22:29 | *call to GetCommandLineA | windows.cpp:27:36:27:38 | *cmd | provenance |  |
 | windows.cpp:27:17:27:34 | **call to CommandLineToArgvA | windows.cpp:27:17:27:34 | **call to CommandLineToArgvA | provenance |  |
 | windows.cpp:27:17:27:34 | **call to CommandLineToArgvA | windows.cpp:30:8:30:15 | * ... | provenance |  |
 | windows.cpp:27:36:27:38 | *cmd | windows.cpp:17:8:17:25 | [summary param] *0 in CommandLineToArgvA | provenance |  |
-| windows.cpp:27:36:27:38 | *cmd | windows.cpp:27:17:27:34 | **call to CommandLineToArgvA | provenance | MaD:33 |
+| windows.cpp:27:36:27:38 | *cmd | windows.cpp:27:17:27:34 | **call to CommandLineToArgvA | provenance | MaD:30 |
 | windows.cpp:34:17:34:38 | *call to GetEnvironmentStringsA | windows.cpp:34:17:34:38 | *call to GetEnvironmentStringsA | provenance | Src:MaD:4  |
 | windows.cpp:34:17:34:38 | *call to GetEnvironmentStringsA | windows.cpp:36:10:36:13 | * ... | provenance |  |
 | windows.cpp:39:36:39:38 | GetEnvironmentVariableA output argument | windows.cpp:41:10:41:13 | * ... | provenance | Src:MaD:5  |
 | windows.cpp:90:6:90:15 | [summary param] *3 in ReadFileEx [*hEvent] | windows.cpp:90:6:90:15 | [summary] read: Argument[*3].Field[*hEvent] in ReadFileEx | provenance |  |
 | windows.cpp:90:6:90:15 | [summary param] *3 in ReadFileEx [hEvent] | windows.cpp:90:6:90:15 | [summary] read: Argument[*3].Field[hEvent] in ReadFileEx | provenance |  |
-| windows.cpp:90:6:90:15 | [summary] read: Argument[*3].Field[*hEvent] in ReadFileEx | windows.cpp:90:6:90:15 | [summary] to write: Argument[4].Parameter[*2].Field[*hEvent] in ReadFileEx | provenance | MaD:37 |
-| windows.cpp:90:6:90:15 | [summary] read: Argument[*3].Field[hEvent] in ReadFileEx | windows.cpp:90:6:90:15 | [summary] to write: Argument[4].Parameter[*2].Field[hEvent] in ReadFileEx | provenance | MaD:37 |
+| windows.cpp:90:6:90:15 | [summary] read: Argument[*3].Field[*hEvent] in ReadFileEx | windows.cpp:90:6:90:15 | [summary] to write: Argument[4].Parameter[*2].Field[*hEvent] in ReadFileEx | provenance | MaD:34 |
+| windows.cpp:90:6:90:15 | [summary] read: Argument[*3].Field[hEvent] in ReadFileEx | windows.cpp:90:6:90:15 | [summary] to write: Argument[4].Parameter[*2].Field[hEvent] in ReadFileEx | provenance | MaD:34 |
 | windows.cpp:90:6:90:15 | [summary] to write: Argument[4].Parameter[*2] in ReadFileEx [*hEvent] | windows.cpp:147:16:147:27 | *lpOverlapped [*hEvent] | provenance |  |
 | windows.cpp:90:6:90:15 | [summary] to write: Argument[4].Parameter[*2] in ReadFileEx [hEvent] | windows.cpp:157:16:157:27 | *lpOverlapped [hEvent] | provenance |  |
 | windows.cpp:90:6:90:15 | [summary] to write: Argument[4].Parameter[*2].Field[*hEvent] in ReadFileEx | windows.cpp:90:6:90:15 | [summary] to write: Argument[4].Parameter[*2] in ReadFileEx [*hEvent] | provenance |  |
@@ -210,43 +207,43 @@ edges
 | windows.cpp:159:12:159:55 | hEvent | windows.cpp:160:8:160:8 | c | provenance |  |
 | windows.cpp:159:35:159:46 | *lpOverlapped [hEvent] | windows.cpp:159:12:159:55 | hEvent | provenance |  |
 | windows.cpp:159:35:159:46 | *lpOverlapped [hEvent] | windows.cpp:159:12:159:55 | hEvent | provenance |  |
-| windows.cpp:168:35:168:40 | ReadFile output argument | windows.cpp:170:10:170:16 | * ... | provenance | Src:MaD:17  |
-| windows.cpp:177:23:177:28 | ReadFileEx output argument | windows.cpp:179:10:179:16 | * ... | provenance | Src:MaD:18  |
-| windows.cpp:189:21:189:26 | ReadFile output argument | windows.cpp:190:5:190:56 | *... = ... | provenance | Src:MaD:17  |
+| windows.cpp:168:35:168:40 | ReadFile output argument | windows.cpp:170:10:170:16 | * ... | provenance | Src:MaD:14  |
+| windows.cpp:177:23:177:28 | ReadFileEx output argument | windows.cpp:179:10:179:16 | * ... | provenance | Src:MaD:15  |
+| windows.cpp:189:21:189:26 | ReadFile output argument | windows.cpp:190:5:190:56 | *... = ... | provenance | Src:MaD:14  |
 | windows.cpp:190:5:190:14 | *overlapped [post update] [*hEvent] | windows.cpp:192:53:192:63 | *& ... [*hEvent] | provenance |  |
 | windows.cpp:190:5:190:56 | *... = ... | windows.cpp:190:5:190:14 | *overlapped [post update] [*hEvent] | provenance |  |
 | windows.cpp:192:53:192:63 | *& ... [*hEvent] | windows.cpp:90:6:90:15 | [summary param] *3 in ReadFileEx [*hEvent] | provenance |  |
-| windows.cpp:198:21:198:26 | ReadFile output argument | windows.cpp:199:5:199:57 | ... = ... | provenance | Src:MaD:17  |
+| windows.cpp:198:21:198:26 | ReadFile output argument | windows.cpp:199:5:199:57 | ... = ... | provenance | Src:MaD:14  |
 | windows.cpp:199:5:199:14 | *overlapped [post update] [hEvent] | windows.cpp:201:53:201:63 | *& ... [hEvent] | provenance |  |
 | windows.cpp:199:5:199:57 | ... = ... | windows.cpp:199:5:199:14 | *overlapped [post update] [hEvent] | provenance |  |
 | windows.cpp:201:53:201:63 | *& ... [hEvent] | windows.cpp:90:6:90:15 | [summary param] *3 in ReadFileEx [hEvent] | provenance |  |
-| windows.cpp:209:84:209:89 | NtReadFile output argument | windows.cpp:211:10:211:16 | * ... | provenance | Src:MaD:16  |
-| windows.cpp:286:23:286:35 | *call to MapViewOfFile | windows.cpp:286:23:286:35 | *call to MapViewOfFile | provenance | Src:MaD:12  |
+| windows.cpp:209:84:209:89 | NtReadFile output argument | windows.cpp:211:10:211:16 | * ... | provenance | Src:MaD:13  |
+| windows.cpp:286:23:286:35 | *call to MapViewOfFile | windows.cpp:286:23:286:35 | *call to MapViewOfFile | provenance | Src:MaD:9  |
 | windows.cpp:286:23:286:35 | *call to MapViewOfFile | windows.cpp:287:20:287:52 | *pMapView | provenance |  |
 | windows.cpp:287:20:287:52 | *pMapView | windows.cpp:289:10:289:16 | * ... | provenance |  |
-| windows.cpp:293:23:293:36 | *call to MapViewOfFile2 | windows.cpp:293:23:293:36 | *call to MapViewOfFile2 | provenance | Src:MaD:9  |
+| windows.cpp:293:23:293:36 | *call to MapViewOfFile2 | windows.cpp:293:23:293:36 | *call to MapViewOfFile2 | provenance | Src:MaD:6  |
 | windows.cpp:293:23:293:36 | *call to MapViewOfFile2 | windows.cpp:294:20:294:52 | *pMapView | provenance |  |
 | windows.cpp:294:20:294:52 | *pMapView | windows.cpp:296:10:296:16 | * ... | provenance |  |
-| windows.cpp:302:23:302:36 | *call to MapViewOfFile3 | windows.cpp:302:23:302:36 | *call to MapViewOfFile3 | provenance | Src:MaD:10  |
+| windows.cpp:302:23:302:36 | *call to MapViewOfFile3 | windows.cpp:302:23:302:36 | *call to MapViewOfFile3 | provenance | Src:MaD:7  |
 | windows.cpp:302:23:302:36 | *call to MapViewOfFile3 | windows.cpp:303:20:303:52 | *pMapView | provenance |  |
 | windows.cpp:303:20:303:52 | *pMapView | windows.cpp:305:10:305:16 | * ... | provenance |  |
-| windows.cpp:311:23:311:43 | *call to MapViewOfFile3FromApp | windows.cpp:311:23:311:43 | *call to MapViewOfFile3FromApp | provenance | Src:MaD:11  |
+| windows.cpp:311:23:311:43 | *call to MapViewOfFile3FromApp | windows.cpp:311:23:311:43 | *call to MapViewOfFile3FromApp | provenance | Src:MaD:8  |
 | windows.cpp:311:23:311:43 | *call to MapViewOfFile3FromApp | windows.cpp:312:20:312:52 | *pMapView | provenance |  |
 | windows.cpp:312:20:312:52 | *pMapView | windows.cpp:314:10:314:16 | * ... | provenance |  |
-| windows.cpp:318:23:318:37 | *call to MapViewOfFileEx | windows.cpp:318:23:318:37 | *call to MapViewOfFileEx | provenance | Src:MaD:13  |
+| windows.cpp:318:23:318:37 | *call to MapViewOfFileEx | windows.cpp:318:23:318:37 | *call to MapViewOfFileEx | provenance | Src:MaD:10  |
 | windows.cpp:318:23:318:37 | *call to MapViewOfFileEx | windows.cpp:319:20:319:52 | *pMapView | provenance |  |
 | windows.cpp:319:20:319:52 | *pMapView | windows.cpp:321:10:321:16 | * ... | provenance |  |
-| windows.cpp:325:23:325:42 | *call to MapViewOfFileFromApp | windows.cpp:325:23:325:42 | *call to MapViewOfFileFromApp | provenance | Src:MaD:14  |
+| windows.cpp:325:23:325:42 | *call to MapViewOfFileFromApp | windows.cpp:325:23:325:42 | *call to MapViewOfFileFromApp | provenance | Src:MaD:11  |
 | windows.cpp:325:23:325:42 | *call to MapViewOfFileFromApp | windows.cpp:326:20:326:52 | *pMapView | provenance |  |
 | windows.cpp:326:20:326:52 | *pMapView | windows.cpp:328:10:328:16 | * ... | provenance |  |
-| windows.cpp:332:23:332:40 | *call to MapViewOfFileNuma2 | windows.cpp:332:23:332:40 | *call to MapViewOfFileNuma2 | provenance | Src:MaD:15  |
+| windows.cpp:332:23:332:40 | *call to MapViewOfFileNuma2 | windows.cpp:332:23:332:40 | *call to MapViewOfFileNuma2 | provenance | Src:MaD:12  |
 | windows.cpp:332:23:332:40 | *call to MapViewOfFileNuma2 | windows.cpp:333:20:333:52 | *pMapView | provenance |  |
 | windows.cpp:333:20:333:52 | *pMapView | windows.cpp:335:10:335:16 | * ... | provenance |  |
-| windows.cpp:349:8:349:19 | [summary param] *3 in CreateThread [x] | windows.cpp:349:8:349:19 | [summary] to write: Argument[2].Parameter[*0] in CreateThread [x] | provenance | MaD:36 |
+| windows.cpp:349:8:349:19 | [summary param] *3 in CreateThread [x] | windows.cpp:349:8:349:19 | [summary] to write: Argument[2].Parameter[*0] in CreateThread [x] | provenance | MaD:33 |
 | windows.cpp:349:8:349:19 | [summary] to write: Argument[2].Parameter[*0] in CreateThread [x] | windows.cpp:403:26:403:36 | *lpParameter [x] | provenance |  |
-| windows.cpp:357:8:357:25 | [summary param] *4 in CreateRemoteThread [x] | windows.cpp:357:8:357:25 | [summary] to write: Argument[3].Parameter[*0] in CreateRemoteThread [x] | provenance | MaD:34 |
+| windows.cpp:357:8:357:25 | [summary param] *4 in CreateRemoteThread [x] | windows.cpp:357:8:357:25 | [summary] to write: Argument[3].Parameter[*0] in CreateRemoteThread [x] | provenance | MaD:31 |
 | windows.cpp:357:8:357:25 | [summary] to write: Argument[3].Parameter[*0] in CreateRemoteThread [x] | windows.cpp:410:26:410:36 | *lpParameter [x] | provenance |  |
-| windows.cpp:387:8:387:27 | [summary param] *4 in CreateRemoteThreadEx [x] | windows.cpp:387:8:387:27 | [summary] to write: Argument[3].Parameter[*0] in CreateRemoteThreadEx [x] | provenance | MaD:35 |
+| windows.cpp:387:8:387:27 | [summary param] *4 in CreateRemoteThreadEx [x] | windows.cpp:387:8:387:27 | [summary] to write: Argument[3].Parameter[*0] in CreateRemoteThreadEx [x] | provenance | MaD:32 |
 | windows.cpp:387:8:387:27 | [summary] to write: Argument[3].Parameter[*0] in CreateRemoteThreadEx [x] | windows.cpp:417:26:417:36 | *lpParameter [x] | provenance |  |
 | windows.cpp:403:26:403:36 | *lpParameter [x] | windows.cpp:405:10:405:25 | *lpParameter [x] | provenance |  |
 | windows.cpp:405:10:405:25 | *lpParameter [x] | windows.cpp:406:8:406:8 | *s [x] | provenance |  |
@@ -265,17 +262,17 @@ edges
 | windows.cpp:439:7:439:8 | *& ... [x] | windows.cpp:349:8:349:19 | [summary param] *3 in CreateThread [x] | provenance |  |
 | windows.cpp:451:7:451:8 | *& ... [x] | windows.cpp:357:8:357:25 | [summary param] *4 in CreateRemoteThread [x] | provenance |  |
 | windows.cpp:464:7:464:8 | *& ... [x] | windows.cpp:387:8:387:27 | [summary param] *4 in CreateRemoteThreadEx [x] | provenance |  |
-| windows.cpp:473:17:473:37 | [summary param] *1 in RtlCopyVolatileMemory | windows.cpp:473:17:473:37 | [summary param] *0 in RtlCopyVolatileMemory [Return] | provenance | MaD:42 |
-| windows.cpp:479:17:479:35 | [summary param] *1 in RtlCopyDeviceMemory | windows.cpp:479:17:479:35 | [summary param] *0 in RtlCopyDeviceMemory [Return] | provenance | MaD:38 |
-| windows.cpp:485:6:485:18 | [summary param] *1 in RtlCopyMemory | windows.cpp:485:6:485:18 | [summary param] *0 in RtlCopyMemory [Return] | provenance | MaD:39 |
-| windows.cpp:493:6:493:29 | [summary param] *1 in RtlCopyMemoryNonTemporal | windows.cpp:493:6:493:29 | [summary param] *0 in RtlCopyMemoryNonTemporal [Return] | provenance | MaD:40 |
+| windows.cpp:473:17:473:37 | [summary param] *1 in RtlCopyVolatileMemory | windows.cpp:473:17:473:37 | [summary param] *0 in RtlCopyVolatileMemory [Return] | provenance | MaD:39 |
+| windows.cpp:479:17:479:35 | [summary param] *1 in RtlCopyDeviceMemory | windows.cpp:479:17:479:35 | [summary param] *0 in RtlCopyDeviceMemory [Return] | provenance | MaD:35 |
+| windows.cpp:485:6:485:18 | [summary param] *1 in RtlCopyMemory | windows.cpp:485:6:485:18 | [summary param] *0 in RtlCopyMemory [Return] | provenance | MaD:36 |
+| windows.cpp:493:6:493:29 | [summary param] *1 in RtlCopyMemoryNonTemporal | windows.cpp:493:6:493:29 | [summary param] *0 in RtlCopyMemoryNonTemporal [Return] | provenance | MaD:37 |
 | windows.cpp:510:6:510:25 | [summary param] *1 in RtlCopyUnicodeString [*Buffer] | windows.cpp:510:6:510:25 | [summary] read: Argument[*1].Field[*Buffer] in RtlCopyUnicodeString | provenance |  |
-| windows.cpp:510:6:510:25 | [summary] read: Argument[*1].Field[*Buffer] in RtlCopyUnicodeString | windows.cpp:510:6:510:25 | [summary] to write: Argument[*0].Field[*Buffer] in RtlCopyUnicodeString | provenance | MaD:41 |
+| windows.cpp:510:6:510:25 | [summary] read: Argument[*1].Field[*Buffer] in RtlCopyUnicodeString | windows.cpp:510:6:510:25 | [summary] to write: Argument[*0].Field[*Buffer] in RtlCopyUnicodeString | provenance | MaD:38 |
 | windows.cpp:510:6:510:25 | [summary] to write: Argument[*0] in RtlCopyUnicodeString [*Buffer] | windows.cpp:510:6:510:25 | [summary param] *0 in RtlCopyUnicodeString [Return] [*Buffer] | provenance |  |
 | windows.cpp:510:6:510:25 | [summary] to write: Argument[*0].Field[*Buffer] in RtlCopyUnicodeString | windows.cpp:510:6:510:25 | [summary] to write: Argument[*0] in RtlCopyUnicodeString [*Buffer] | provenance |  |
-| windows.cpp:515:6:515:18 | [summary param] *1 in RtlMoveMemory | windows.cpp:515:6:515:18 | [summary param] *0 in RtlMoveMemory [Return] | provenance | MaD:44 |
-| windows.cpp:521:17:521:37 | [summary param] *1 in RtlMoveVolatileMemory | windows.cpp:521:17:521:37 | [summary param] *0 in RtlMoveVolatileMemory [Return] | provenance | MaD:45 |
-| windows.cpp:527:6:527:25 | [summary param] *1 in RtlInitUnicodeString | windows.cpp:527:6:527:25 | [summary] to write: Argument[*0].Field[*Buffer] in RtlInitUnicodeString | provenance | MaD:43 |
+| windows.cpp:515:6:515:18 | [summary param] *1 in RtlMoveMemory | windows.cpp:515:6:515:18 | [summary param] *0 in RtlMoveMemory [Return] | provenance | MaD:41 |
+| windows.cpp:521:17:521:37 | [summary param] *1 in RtlMoveVolatileMemory | windows.cpp:521:17:521:37 | [summary param] *0 in RtlMoveVolatileMemory [Return] | provenance | MaD:42 |
+| windows.cpp:527:6:527:25 | [summary param] *1 in RtlInitUnicodeString | windows.cpp:527:6:527:25 | [summary] to write: Argument[*0].Field[*Buffer] in RtlInitUnicodeString | provenance | MaD:40 |
 | windows.cpp:527:6:527:25 | [summary] to write: Argument[*0] in RtlInitUnicodeString [*Buffer] | windows.cpp:527:6:527:25 | [summary param] *0 in RtlInitUnicodeString [Return] [*Buffer] | provenance |  |
 | windows.cpp:527:6:527:25 | [summary] to write: Argument[*0].Field[*Buffer] in RtlInitUnicodeString | windows.cpp:527:6:527:25 | [summary] to write: Argument[*0] in RtlInitUnicodeString [*Buffer] | provenance |  |
 | windows.cpp:533:11:533:16 | call to source | windows.cpp:533:11:533:16 | call to source | provenance |  |
@@ -287,68 +284,51 @@ edges
 | windows.cpp:533:11:533:16 | call to source | windows.cpp:573:40:573:41 | *& ... | provenance |  |
 | windows.cpp:537:27:537:37 | RtlCopyVolatileMemory output argument | windows.cpp:538:10:538:23 | access to array | provenance |  |
 | windows.cpp:537:40:537:41 | *& ... | windows.cpp:473:17:473:37 | [summary param] *1 in RtlCopyVolatileMemory | provenance |  |
-| windows.cpp:537:40:537:41 | *& ... | windows.cpp:537:27:537:37 | RtlCopyVolatileMemory output argument | provenance | MaD:42 |
+| windows.cpp:537:40:537:41 | *& ... | windows.cpp:537:27:537:37 | RtlCopyVolatileMemory output argument | provenance | MaD:39 |
 | windows.cpp:542:25:542:35 | RtlCopyDeviceMemory output argument | windows.cpp:543:10:543:23 | access to array | provenance |  |
 | windows.cpp:542:38:542:39 | *& ... | windows.cpp:479:17:479:35 | [summary param] *1 in RtlCopyDeviceMemory | provenance |  |
-| windows.cpp:542:38:542:39 | *& ... | windows.cpp:542:25:542:35 | RtlCopyDeviceMemory output argument | provenance | MaD:38 |
+| windows.cpp:542:38:542:39 | *& ... | windows.cpp:542:25:542:35 | RtlCopyDeviceMemory output argument | provenance | MaD:35 |
 | windows.cpp:547:19:547:29 | RtlCopyMemory output argument | windows.cpp:548:10:548:23 | access to array | provenance |  |
 | windows.cpp:547:32:547:33 | *& ... | windows.cpp:485:6:485:18 | [summary param] *1 in RtlCopyMemory | provenance |  |
-| windows.cpp:547:32:547:33 | *& ... | windows.cpp:547:19:547:29 | RtlCopyMemory output argument | provenance | MaD:39 |
+| windows.cpp:547:32:547:33 | *& ... | windows.cpp:547:19:547:29 | RtlCopyMemory output argument | provenance | MaD:36 |
 | windows.cpp:552:30:552:40 | RtlCopyMemoryNonTemporal output argument | windows.cpp:553:10:553:23 | access to array | provenance |  |
 | windows.cpp:552:43:552:44 | *& ... | windows.cpp:493:6:493:29 | [summary param] *1 in RtlCopyMemoryNonTemporal | provenance |  |
-| windows.cpp:552:43:552:44 | *& ... | windows.cpp:552:30:552:40 | RtlCopyMemoryNonTemporal output argument | provenance | MaD:40 |
+| windows.cpp:552:43:552:44 | *& ... | windows.cpp:552:30:552:40 | RtlCopyMemoryNonTemporal output argument | provenance | MaD:37 |
 | windows.cpp:559:5:559:24 | ... = ... | windows.cpp:561:39:561:44 | *buffer | provenance |  |
 | windows.cpp:559:17:559:24 | call to source | windows.cpp:559:5:559:24 | ... = ... | provenance |  |
 | windows.cpp:561:26:561:36 | RtlInitUnicodeString output argument [*Buffer] | windows.cpp:562:10:562:19 | *src_string [*Buffer] | provenance |  |
 | windows.cpp:561:26:561:36 | RtlInitUnicodeString output argument [*Buffer] | windows.cpp:563:40:563:50 | *& ... [*Buffer] | provenance |  |
 | windows.cpp:561:39:561:44 | *buffer | windows.cpp:527:6:527:25 | [summary param] *1 in RtlInitUnicodeString | provenance |  |
-| windows.cpp:561:39:561:44 | *buffer | windows.cpp:561:26:561:36 | RtlInitUnicodeString output argument [*Buffer] | provenance | MaD:43 |
+| windows.cpp:561:39:561:44 | *buffer | windows.cpp:561:26:561:36 | RtlInitUnicodeString output argument [*Buffer] | provenance | MaD:40 |
 | windows.cpp:562:10:562:19 | *src_string [*Buffer] | windows.cpp:562:10:562:29 | access to array | provenance |  |
 | windows.cpp:562:10:562:19 | *src_string [*Buffer] | windows.cpp:562:21:562:26 | *Buffer | provenance |  |
 | windows.cpp:562:21:562:26 | *Buffer | windows.cpp:562:10:562:29 | access to array | provenance |  |
 | windows.cpp:563:26:563:37 | RtlCopyUnicodeString output argument [*Buffer] | windows.cpp:564:10:564:20 | *dest_string [*Buffer] | provenance |  |
 | windows.cpp:563:40:563:50 | *& ... [*Buffer] | windows.cpp:510:6:510:25 | [summary param] *1 in RtlCopyUnicodeString [*Buffer] | provenance |  |
-| windows.cpp:563:40:563:50 | *& ... [*Buffer] | windows.cpp:563:26:563:37 | RtlCopyUnicodeString output argument [*Buffer] | provenance | MaD:41 |
+| windows.cpp:563:40:563:50 | *& ... [*Buffer] | windows.cpp:563:26:563:37 | RtlCopyUnicodeString output argument [*Buffer] | provenance | MaD:38 |
 | windows.cpp:564:10:564:20 | *dest_string [*Buffer] | windows.cpp:564:10:564:30 | access to array | provenance |  |
 | windows.cpp:564:10:564:20 | *dest_string [*Buffer] | windows.cpp:564:22:564:27 | *Buffer | provenance |  |
 | windows.cpp:564:22:564:27 | *Buffer | windows.cpp:564:10:564:30 | access to array | provenance |  |
 | windows.cpp:568:19:568:29 | RtlMoveMemory output argument | windows.cpp:569:10:569:23 | access to array | provenance |  |
 | windows.cpp:568:32:568:33 | *& ... | windows.cpp:515:6:515:18 | [summary param] *1 in RtlMoveMemory | provenance |  |
-| windows.cpp:568:32:568:33 | *& ... | windows.cpp:568:19:568:29 | RtlMoveMemory output argument | provenance | MaD:44 |
+| windows.cpp:568:32:568:33 | *& ... | windows.cpp:568:19:568:29 | RtlMoveMemory output argument | provenance | MaD:41 |
 | windows.cpp:573:27:573:37 | RtlMoveVolatileMemory output argument | windows.cpp:574:10:574:23 | access to array | provenance |  |
 | windows.cpp:573:40:573:41 | *& ... | windows.cpp:521:17:521:37 | [summary param] *1 in RtlMoveVolatileMemory | provenance |  |
-| windows.cpp:573:40:573:41 | *& ... | windows.cpp:573:27:573:37 | RtlMoveVolatileMemory output argument | provenance | MaD:45 |
-| windows.cpp:645:45:645:50 | WinHttpReadData output argument | windows.cpp:647:10:647:16 | * ... | provenance | Src:MaD:23  |
-| windows.cpp:652:48:652:53 | WinHttpReadDataEx output argument | windows.cpp:654:10:654:16 | * ... | provenance | Src:MaD:24  |
-| windows.cpp:659:47:659:52 | WinHttpQueryHeaders output argument | windows.cpp:661:10:661:16 | * ... | provenance | Src:MaD:19  |
-| windows.cpp:669:70:669:79 | WinHttpQueryHeadersEx output argument | windows.cpp:673:10:673:29 | * ... | provenance | Src:MaD:21  |
-| windows.cpp:669:82:669:87 | WinHttpQueryHeadersEx output argument | windows.cpp:671:10:671:16 | * ... | provenance | Src:MaD:22  |
-| windows.cpp:669:105:669:112 | WinHttpQueryHeadersEx output argument | windows.cpp:675:10:675:27 | * ... | provenance | Src:MaD:20  |
-| windows.cpp:714:6:714:20 | [summary param] *0 in WinHttpCrackUrl | windows.cpp:714:6:714:20 | [summary param] *3 in WinHttpCrackUrl [Return] | provenance | MaD:46 |
+| windows.cpp:573:40:573:41 | *& ... | windows.cpp:573:27:573:37 | RtlMoveVolatileMemory output argument | provenance | MaD:42 |
+| windows.cpp:645:45:645:50 | WinHttpReadData output argument | windows.cpp:647:10:647:16 | * ... | provenance | Src:MaD:20  |
+| windows.cpp:652:48:652:53 | WinHttpReadDataEx output argument | windows.cpp:654:10:654:16 | * ... | provenance | Src:MaD:21  |
+| windows.cpp:659:47:659:52 | WinHttpQueryHeaders output argument | windows.cpp:661:10:661:16 | * ... | provenance | Src:MaD:16  |
+| windows.cpp:669:70:669:79 | WinHttpQueryHeadersEx output argument | windows.cpp:673:10:673:29 | * ... | provenance | Src:MaD:18  |
+| windows.cpp:669:82:669:87 | WinHttpQueryHeadersEx output argument | windows.cpp:671:10:671:16 | * ... | provenance | Src:MaD:19  |
+| windows.cpp:669:105:669:112 | WinHttpQueryHeadersEx output argument | windows.cpp:675:10:675:27 | * ... | provenance | Src:MaD:17  |
+| windows.cpp:714:6:714:20 | [summary param] *0 in WinHttpCrackUrl | windows.cpp:714:6:714:20 | [summary param] *3 in WinHttpCrackUrl [Return] | provenance | MaD:43 |
 | windows.cpp:728:5:728:28 | ... = ... | windows.cpp:729:35:729:35 | *x | provenance |  |
 | windows.cpp:728:12:728:28 | call to source | windows.cpp:728:5:728:28 | ... = ... | provenance |  |
 | windows.cpp:729:35:729:35 | *x | windows.cpp:714:6:714:20 | [summary param] *0 in WinHttpCrackUrl | provenance |  |
-| windows.cpp:729:35:729:35 | *x | windows.cpp:729:44:729:57 | WinHttpCrackUrl output argument | provenance | MaD:46 |
+| windows.cpp:729:35:729:35 | *x | windows.cpp:729:44:729:57 | WinHttpCrackUrl output argument | provenance | MaD:43 |
 | windows.cpp:729:44:729:57 | WinHttpCrackUrl output argument | windows.cpp:731:10:731:36 | * ... | provenance |  |
 | windows.cpp:729:44:729:57 | WinHttpCrackUrl output argument | windows.cpp:733:10:733:35 | * ... | provenance |  |
 | windows.cpp:729:44:729:57 | WinHttpCrackUrl output argument | windows.cpp:735:10:735:37 | * ... | provenance |  |
-| windows.cpp:900:64:900:77 | HttpReceiveHttpRequest output argument | windows.cpp:901:15:901:53 | *& ... | provenance | Src:MaD:7  |
-| windows.cpp:900:64:900:77 | HttpReceiveHttpRequest output argument | windows.cpp:905:10:905:31 | * ... | provenance | Src:MaD:7  |
-| windows.cpp:900:64:900:77 | HttpReceiveHttpRequest output argument | windows.cpp:907:10:907:42 | * ... | provenance | Src:MaD:7  |
-| windows.cpp:900:64:900:77 | HttpReceiveHttpRequest output argument | windows.cpp:909:10:909:57 | * ... | provenance | Src:MaD:7  |
-| windows.cpp:900:64:900:77 | HttpReceiveHttpRequest output argument | windows.cpp:911:10:911:60 | * ... | provenance | Src:MaD:7  |
-| windows.cpp:900:64:900:77 | HttpReceiveHttpRequest output argument | windows.cpp:912:54:912:63 | FileHandle | provenance | Src:MaD:7  |
-| windows.cpp:900:64:900:77 | HttpReceiveHttpRequest output argument | windows.cpp:914:10:914:70 | * ... | provenance | Src:MaD:7  |
-| windows.cpp:900:64:900:77 | HttpReceiveHttpRequest output argument | windows.cpp:916:10:916:72 | * ... | provenance | Src:MaD:7  |
-| windows.cpp:900:64:900:77 | HttpReceiveHttpRequest output argument | windows.cpp:918:10:918:64 | * ... | provenance | Src:MaD:7  |
-| windows.cpp:900:64:900:77 | HttpReceiveHttpRequest output argument | windows.cpp:920:10:920:51 | * ... | provenance | Src:MaD:7  |
-| windows.cpp:900:64:900:77 | HttpReceiveHttpRequest output argument | windows.cpp:922:10:922:52 | * ... | provenance | Src:MaD:7  |
-| windows.cpp:900:64:900:77 | HttpReceiveHttpRequest output argument | windows.cpp:924:10:924:63 | * ... | provenance | Src:MaD:7  |
-| windows.cpp:901:15:901:53 | *& ... | windows.cpp:903:10:903:11 | * ... | provenance |  |
-| windows.cpp:929:70:929:75 | HttpReceiveRequestEntityBody output argument | windows.cpp:931:10:931:16 | * ... | provenance | Src:MaD:8  |
-| windows.cpp:936:70:936:78 | HttpReceiveClientCertificate output argument | windows.cpp:937:15:937:48 | *& ... | provenance | Src:MaD:6  |
-| windows.cpp:936:70:936:78 | HttpReceiveClientCertificate output argument | windows.cpp:941:10:941:31 | * ... | provenance | Src:MaD:6  |
-| windows.cpp:937:15:937:48 | *& ... | windows.cpp:939:10:939:11 | * ... | provenance |  |
 nodes
 | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | semmle.label | [summary param] *0 in buffer |
 | asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | semmle.label | [summary] to write: ReturnValue in buffer |
@@ -656,26 +636,6 @@ nodes
 | windows.cpp:731:10:731:36 | * ... | semmle.label | * ... |
 | windows.cpp:733:10:733:35 | * ... | semmle.label | * ... |
 | windows.cpp:735:10:735:37 | * ... | semmle.label | * ... |
-| windows.cpp:900:64:900:77 | HttpReceiveHttpRequest output argument | semmle.label | HttpReceiveHttpRequest output argument |
-| windows.cpp:901:15:901:53 | *& ... | semmle.label | *& ... |
-| windows.cpp:903:10:903:11 | * ... | semmle.label | * ... |
-| windows.cpp:905:10:905:31 | * ... | semmle.label | * ... |
-| windows.cpp:907:10:907:42 | * ... | semmle.label | * ... |
-| windows.cpp:909:10:909:57 | * ... | semmle.label | * ... |
-| windows.cpp:911:10:911:60 | * ... | semmle.label | * ... |
-| windows.cpp:912:54:912:63 | FileHandle | semmle.label | FileHandle |
-| windows.cpp:914:10:914:70 | * ... | semmle.label | * ... |
-| windows.cpp:916:10:916:72 | * ... | semmle.label | * ... |
-| windows.cpp:918:10:918:64 | * ... | semmle.label | * ... |
-| windows.cpp:920:10:920:51 | * ... | semmle.label | * ... |
-| windows.cpp:922:10:922:52 | * ... | semmle.label | * ... |
-| windows.cpp:924:10:924:63 | * ... | semmle.label | * ... |
-| windows.cpp:929:70:929:75 | HttpReceiveRequestEntityBody output argument | semmle.label | HttpReceiveRequestEntityBody output argument |
-| windows.cpp:931:10:931:16 | * ... | semmle.label | * ... |
-| windows.cpp:936:70:936:78 | HttpReceiveClientCertificate output argument | semmle.label | HttpReceiveClientCertificate output argument |
-| windows.cpp:937:15:937:48 | *& ... | semmle.label | *& ... |
-| windows.cpp:939:10:939:11 | * ... | semmle.label | * ... |
-| windows.cpp:941:10:941:31 | * ... | semmle.label | * ... |
 subpaths
 | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | asio_streams.cpp:100:44:100:62 | call to buffer |
 | azure.cpp:257:5:257:8 | *resp | azure.cpp:113:16:113:19 | [summary param] this in Read | azure.cpp:113:16:113:19 | [summary param] *0 in Read [Return] | azure.cpp:257:16:257:21 | Read output argument |

cpp/ql/test/library-tests/dataflow/external-models/sources.expected

@@ -32,6 +32,3 @@
 | windows.cpp:669:70:669:79 | WinHttpQueryHeadersEx output argument | remote |
 | windows.cpp:669:82:669:87 | WinHttpQueryHeadersEx output argument | remote |
 | windows.cpp:669:105:669:112 | WinHttpQueryHeadersEx output argument | remote |
-| windows.cpp:900:64:900:77 | HttpReceiveHttpRequest output argument | remote |
-| windows.cpp:929:70:929:75 | HttpReceiveRequestEntityBody output argument | remote |
-| windows.cpp:936:70:936:78 | HttpReceiveClientCertificate output argument | remote |

cpp/ql/test/library-tests/dataflow/external-models/validatemodels.ql

@@ -1,2 +1,2 @@
 import cpp
-import semmle.code.cpp.dataflow.ExternalFlow::ModelValidation
+import semmle.code.cpp.dataflow.ExternalFlow::CsvValidation

cpp/ql/test/library-tests/dataflow/external-models/windows.cpp

@@ -734,210 +734,4 @@ void test_winhttp_crack_url() {
     sink(urlComponents.lpszExtraInfo);
     sink(*urlComponents.lpszExtraInfo); // $ ir
   }
-}
-
-using HTTP_REQUEST_ID = ULONGLONG;
-using HTTP_CONNECTION_ID = ULONGLONG;
-using HTTP_URL_CONTEXT = ULONGLONG;
-using HTTP_RAW_CONNECTION_ID = ULONGLONG;
-
-typedef struct _HTTP_VERSION {
-  USHORT MajorVersion;
-  USHORT MinorVersion;
-} HTTP_VERSION, *PHTTP_VERSION;
-
-typedef enum _HTTP_VERB {
-  HttpVerbUnparsed = 0
-} HTTP_VERB, *PHTTP_VERB;
-
-typedef struct _HTTP_COOKED_URL {
-  USHORT FullUrlLength;
-  USHORT HostLength;
-  USHORT AbsPathLength;
-  USHORT QueryStringLength;
-  PCWSTR pFullUrl;
-  PCWSTR pHost;
-  PCWSTR pAbsPath;
-  PCWSTR pQueryString;
-} HTTP_COOKED_URL, *PHTTP_COOKED_URL;
-
-typedef struct _HTTP_TRANSPORT_ADDRESS {
-  struct sockaddr* pRemoteAddress;
-  struct sockaddr* pLocalAddress;
-} HTTP_TRANSPORT_ADDRESS, *PHTTP_TRANSPORT_ADDRESS;
-
-typedef struct _HTTP_KNOWN_HEADER {
-  USHORT RawValueLength;
-  PCSTR  pRawValue;
-} HTTP_KNOWN_HEADER, *PHTTP_KNOWN_HEADER;
-
-typedef struct _HTTP_UNKNOWN_HEADER {
-  USHORT NameLength;
-  USHORT RawValueLength;
-  PCSTR  pName;
-  PCSTR  pRawValue;
-} HTTP_UNKNOWN_HEADER, *PHTTP_UNKNOWN_HEADER;
-
-typedef struct _HTTP_REQUEST_HEADERS {
-  USHORT               UnknownHeaderCount;
-  PHTTP_UNKNOWN_HEADER pUnknownHeaders;
-  USHORT               TrailerCount;
-  PHTTP_UNKNOWN_HEADER pTrailers;
-  HTTP_KNOWN_HEADER    KnownHeaders[41];
-} HTTP_REQUEST_HEADERS, *PHTTP_REQUEST_HEADERS;
-
-typedef struct _HTTP_BYTE_RANGE {
-  ULONGLONG StartingOffset;
-  ULONGLONG Length;
-} HTTP_BYTE_RANGE, *PHTTP_BYTE_RANGE;
-
-typedef struct _HTTP_DATA_CHUNK {
-  int DataChunkType;
-  union {
-    struct {
-      PVOID pBuffer;
-      ULONG BufferLength;
-    } FromMemory;
-    struct {
-      HTTP_BYTE_RANGE ByteRange;
-      HANDLE          FileHandle;
-    } FromFileHandle;
-    struct {
-      USHORT FragmentNameLength;
-      PCWSTR pFragmentName;
-    } FromFragmentCache;
-    struct {
-      HTTP_BYTE_RANGE ByteRange;
-      PCWSTR          pFragmentName;
-    } FromFragmentCacheEx;
-    struct {
-      USHORT               TrailerCount;
-      PHTTP_UNKNOWN_HEADER pTrailers;
-    } Trailers;
-  };
-} HTTP_DATA_CHUNK, *PHTTP_DATA_CHUNK;
-
-typedef struct _HTTP_SSL_CLIENT_CERT_INFO {
-  ULONG  CertFlags;
-  ULONG  CertEncodedSize;
-  char*  pCertEncoded;
-  HANDLE Token;
-  BOOL   CertDeniedByMapper;
-} HTTP_SSL_CLIENT_CERT_INFO, *PHTTP_SSL_CLIENT_CERT_INFO;
-
-typedef struct _HTTP_SSL_INFO {
-  USHORT                      ServerCertKeySize;
-  USHORT                      ConnectionKeySize;
-  ULONG                       ServerCertIssuerSize;
-  ULONG                       ServerCertSubjectSize;
-  PCSTR                       pServerCertIssuer;
-  PCSTR                       pServerCertSubject;
-  PHTTP_SSL_CLIENT_CERT_INFO  pClientCertInfo;
-  ULONG                       SslClientCertNegotiated;
-} HTTP_SSL_INFO, *PHTTP_SSL_INFO;
-
-typedef struct _HTTP_REQUEST_V1 {
-  ULONG                    Flags;
-  HTTP_CONNECTION_ID       ConnectionId;
-  HTTP_REQUEST_ID          RequestId;
-  HTTP_URL_CONTEXT         UrlContext;
-  HTTP_VERSION             Version;
-  HTTP_VERB                Verb;
-  USHORT                   UnknownVerbLength;
-  USHORT                   RawUrlLength;
-  PCSTR                    pUnknownVerb;
-  PCSTR                    pRawUrl;
-  HTTP_COOKED_URL          CookedUrl;
-  HTTP_TRANSPORT_ADDRESS   Address;
-  HTTP_REQUEST_HEADERS     Headers;
-  ULONGLONG                BytesReceived;
-  USHORT                   EntityChunkCount;
-  PHTTP_DATA_CHUNK         pEntityChunks;
-  HTTP_RAW_CONNECTION_ID   RawConnectionId;
-  PHTTP_SSL_INFO           pSslInfo;
-} HTTP_REQUEST_V1, *PHTTP_REQUEST_V1;
-
-using HTTP_REQUEST = HTTP_REQUEST_V1;
-using PHTTP_REQUEST = PHTTP_REQUEST_V1;
-
-ULONG HttpReceiveHttpRequest(
-  HANDLE          RequestQueueHandle,
-  HTTP_REQUEST_ID RequestId,
-  ULONG           Flags,
-  PHTTP_REQUEST   RequestBuffer,
-  ULONG           RequestBufferLength,
-  PULONG          BytesReturned,
-  LPOVERLAPPED    Overlapped
-);
-
-ULONG HttpReceiveRequestEntityBody(
-  HANDLE          RequestQueueHandle,
-  HTTP_REQUEST_ID RequestId,
-  ULONG           Flags,
-  PVOID           EntityBuffer,
-  ULONG           EntityBufferLength,
-  PULONG          BytesReturned,
-  LPOVERLAPPED    Overlapped
-);
-
-ULONG HttpReceiveClientCertificate(
-  HANDLE                     RequestQueueHandle,
-  HTTP_CONNECTION_ID         ConnectionId,
-  ULONG                      Flags,
-  PHTTP_SSL_CLIENT_CERT_INFO SslClientCertInfo,
-  ULONG                      SslClientCertInfoSize,
-  PULONG                     BytesReceived,
-  LPOVERLAPPED               Overlapped
-);
-
-void sink(PCWSTR);
-void sink(HANDLE);
-
-void test_http_server_api(HANDLE hRequestQueue) {
-  {
-    HTTP_REQUEST requestBuffer;
-    ULONG bytesReturned;
-    ULONG result = HttpReceiveHttpRequest(hRequestQueue, 0, 0, &requestBuffer, sizeof(requestBuffer), &bytesReturned, nullptr);
-    char* p = reinterpret_cast<char*>(&requestBuffer);
-    sink(p);
-    sink(*p); // $ ir
-    sink(requestBuffer.pRawUrl);
-    sink(*requestBuffer.pRawUrl); // $ ir
-    sink(requestBuffer.CookedUrl.pFullUrl);
-    sink(*requestBuffer.CookedUrl.pFullUrl); // $ ir
-    sink(requestBuffer.Headers.KnownHeaders[0].pRawValue);
-    sink(*requestBuffer.Headers.KnownHeaders[0].pRawValue); // $ ir
-    sink(requestBuffer.Headers.pUnknownHeaders[0].pRawValue);
-    sink(*requestBuffer.Headers.pUnknownHeaders[0].pRawValue); // $ ir
-    sink(requestBuffer.pEntityChunks->FromFileHandle.FileHandle); // $ ir
-    sink(requestBuffer.pEntityChunks->FromFragmentCache.pFragmentName);
-    sink(*requestBuffer.pEntityChunks->FromFragmentCache.pFragmentName); // $ ir
-    sink(requestBuffer.pEntityChunks->FromFragmentCacheEx.pFragmentName);
-    sink(*requestBuffer.pEntityChunks->FromFragmentCacheEx.pFragmentName); // $ ir
-    sink(requestBuffer.pEntityChunks->FromMemory.pBuffer);
-    sink(*(char*)requestBuffer.pEntityChunks->FromMemory.pBuffer); // $ ir
-    sink(requestBuffer.pSslInfo->pServerCertIssuer);
-    sink(*requestBuffer.pSslInfo->pServerCertIssuer); // $ ir
-    sink(requestBuffer.pSslInfo->pServerCertSubject);
-    sink(*requestBuffer.pSslInfo->pServerCertSubject); // $ ir
-    sink(requestBuffer.pSslInfo->pClientCertInfo->pCertEncoded);
-    sink(*requestBuffer.pSslInfo->pClientCertInfo->pCertEncoded); // $ ir
-  }
-  {
-    char buffer[1024];
-    ULONG bytesReturned;
-    ULONG result = HttpReceiveRequestEntityBody(hRequestQueue, 0, 0, buffer, sizeof(buffer), &bytesReturned, nullptr);
-    sink(buffer);
-    sink(*buffer); // $ ir
-  }
-  {
-    HTTP_SSL_CLIENT_CERT_INFO certInfo;
-    ULONG bytesReceived;
-    ULONG result = HttpReceiveClientCertificate(hRequestQueue, 0, 0, &certInfo, sizeof(certInfo), &bytesReceived, nullptr);
-    char* p = reinterpret_cast<char*>(&certInfo);
-    sink(p);
-    sink(*p); // $ ir
-    sink(certInfo.pCertEncoded);
-    sink(*certInfo.pCertEncoded); // $ ir
-  }
 }

cpp/ql/test/library-tests/dataflow/fields/C.cpp

@@ -27,7 +27,7 @@ public:
   void func()
   {
     sink(s1); // $ ast,ir
-    sink(s2); // $ ir MISSING: ast
+    sink(s2); // $ MISSING: ast,ir
     sink(s3); // $ ast,ir
     sink(s4); // $ MISSING: ast,ir
   }

cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected

@@ -187,34 +187,23 @@ edges
 | B.cpp:46:7:46:10 | *this [post update] [*box1, elem2] | B.cpp:44:5:44:8 | *this [Return] [*box1, elem2] | provenance |  |
 | B.cpp:46:7:46:21 | *... = ... [elem1] | B.cpp:46:7:46:10 | *this [post update] [*box1, elem1] | provenance |  |
 | B.cpp:46:7:46:21 | *... = ... [elem2] | B.cpp:46:7:46:10 | *this [post update] [*box1, elem2] | provenance |  |
-| C.cpp:10:15:10:16 | *s2 [post update] [s2] | C.cpp:10:15:10:16 | *this [Return] [s2] | provenance |  |
-| C.cpp:10:15:10:16 | *this [Return] [s2] | C.cpp:22:3:22:3 | s2 output argument [s2] | provenance |  |
-| C.cpp:10:20:10:29 | new | C.cpp:10:15:10:16 | *s2 [post update] [s2] | provenance |  |
-| C.cpp:10:20:10:29 | new | C.cpp:10:20:10:29 | new | provenance |  |
 | C.cpp:18:12:18:18 | *new [s1] | C.cpp:19:5:19:5 | *c [s1] | provenance |  |
-| C.cpp:18:12:18:18 | *new [s2] | C.cpp:19:5:19:5 | *c [s2] | provenance |  |
 | C.cpp:18:12:18:18 | *new [s3] | C.cpp:19:5:19:5 | *c [s3] | provenance |  |
 | C.cpp:18:12:18:18 | call to C [s1] | C.cpp:18:12:18:18 | *new [s1] | provenance |  |
-| C.cpp:18:12:18:18 | call to C [s2] | C.cpp:18:12:18:18 | *new [s2] | provenance |  |
 | C.cpp:18:12:18:18 | call to C [s3] | C.cpp:18:12:18:18 | *new [s3] | provenance |  |
 | C.cpp:19:5:19:5 | *c [s1] | C.cpp:27:8:27:11 | *this [s1] | provenance |  |
-| C.cpp:19:5:19:5 | *c [s2] | C.cpp:27:8:27:11 | *this [s2] | provenance |  |
 | C.cpp:19:5:19:5 | *c [s3] | C.cpp:27:8:27:11 | *this [s3] | provenance |  |
 | C.cpp:22:3:22:3 | *C [post update] [s1] | C.cpp:22:3:22:3 | *this [Return] [s1] | provenance |  |
 | C.cpp:22:3:22:3 | *this [Return] [s1] | C.cpp:18:12:18:18 | call to C [s1] | provenance |  |
-| C.cpp:22:3:22:3 | *this [Return] [s2] | C.cpp:18:12:18:18 | call to C [s2] | provenance |  |
 | C.cpp:22:3:22:3 | *this [Return] [s3] | C.cpp:18:12:18:18 | call to C [s3] | provenance |  |
-| C.cpp:22:3:22:3 | s2 output argument [s2] | C.cpp:22:3:22:3 | *this [Return] [s2] | provenance |  |
 | C.cpp:22:12:22:21 | new | C.cpp:22:3:22:3 | *C [post update] [s1] | provenance |  |
 | C.cpp:22:12:22:21 | new | C.cpp:22:12:22:21 | new | provenance |  |
 | C.cpp:24:5:24:8 | *this [post update] [s3] | C.cpp:22:3:22:3 | *this [Return] [s3] | provenance |  |
 | C.cpp:24:5:24:25 | ... = ... | C.cpp:24:5:24:8 | *this [post update] [s3] | provenance |  |
 | C.cpp:24:16:24:25 | new | C.cpp:24:5:24:25 | ... = ... | provenance |  |
 | C.cpp:27:8:27:11 | *this [s1] | C.cpp:29:10:29:11 | *this [s1] | provenance |  |
-| C.cpp:27:8:27:11 | *this [s2] | C.cpp:30:10:30:11 | *this [s2] | provenance |  |
 | C.cpp:27:8:27:11 | *this [s3] | C.cpp:31:10:31:11 | *this [s3] | provenance |  |
 | C.cpp:29:10:29:11 | *this [s1] | C.cpp:29:10:29:11 | s1 | provenance |  |
-| C.cpp:30:10:30:11 | *this [s2] | C.cpp:30:10:30:11 | s2 | provenance |  |
 | C.cpp:31:10:31:11 | *this [s3] | C.cpp:31:10:31:11 | s3 | provenance |  |
 | D.cpp:10:11:10:17 | *this [elem] | D.cpp:10:30:10:33 | *this [elem] | provenance |  |
 | D.cpp:10:30:10:33 | *this [elem] | D.cpp:10:30:10:33 | elem | provenance |  |
@@ -1127,36 +1116,24 @@ nodes
 | B.cpp:46:7:46:10 | *this [post update] [*box1, elem2] | semmle.label | *this [post update] [*box1, elem2] |
 | B.cpp:46:7:46:21 | *... = ... [elem1] | semmle.label | *... = ... [elem1] |
 | B.cpp:46:7:46:21 | *... = ... [elem2] | semmle.label | *... = ... [elem2] |
-| C.cpp:10:15:10:16 | *s2 [post update] [s2] | semmle.label | *s2 [post update] [s2] |
-| C.cpp:10:15:10:16 | *this [Return] [s2] | semmle.label | *this [Return] [s2] |
-| C.cpp:10:20:10:29 | new | semmle.label | new |
-| C.cpp:10:20:10:29 | new | semmle.label | new |
 | C.cpp:18:12:18:18 | *new [s1] | semmle.label | *new [s1] |
-| C.cpp:18:12:18:18 | *new [s2] | semmle.label | *new [s2] |
 | C.cpp:18:12:18:18 | *new [s3] | semmle.label | *new [s3] |
 | C.cpp:18:12:18:18 | call to C [s1] | semmle.label | call to C [s1] |
-| C.cpp:18:12:18:18 | call to C [s2] | semmle.label | call to C [s2] |
 | C.cpp:18:12:18:18 | call to C [s3] | semmle.label | call to C [s3] |
 | C.cpp:19:5:19:5 | *c [s1] | semmle.label | *c [s1] |
-| C.cpp:19:5:19:5 | *c [s2] | semmle.label | *c [s2] |
 | C.cpp:19:5:19:5 | *c [s3] | semmle.label | *c [s3] |
 | C.cpp:22:3:22:3 | *C [post update] [s1] | semmle.label | *C [post update] [s1] |
 | C.cpp:22:3:22:3 | *this [Return] [s1] | semmle.label | *this [Return] [s1] |
-| C.cpp:22:3:22:3 | *this [Return] [s2] | semmle.label | *this [Return] [s2] |
 | C.cpp:22:3:22:3 | *this [Return] [s3] | semmle.label | *this [Return] [s3] |
-| C.cpp:22:3:22:3 | s2 output argument [s2] | semmle.label | s2 output argument [s2] |
 | C.cpp:22:12:22:21 | new | semmle.label | new |
 | C.cpp:22:12:22:21 | new | semmle.label | new |
 | C.cpp:24:5:24:8 | *this [post update] [s3] | semmle.label | *this [post update] [s3] |
 | C.cpp:24:5:24:25 | ... = ... | semmle.label | ... = ... |
 | C.cpp:24:16:24:25 | new | semmle.label | new |
 | C.cpp:27:8:27:11 | *this [s1] | semmle.label | *this [s1] |
-| C.cpp:27:8:27:11 | *this [s2] | semmle.label | *this [s2] |
 | C.cpp:27:8:27:11 | *this [s3] | semmle.label | *this [s3] |
 | C.cpp:29:10:29:11 | *this [s1] | semmle.label | *this [s1] |
 | C.cpp:29:10:29:11 | s1 | semmle.label | s1 |
-| C.cpp:30:10:30:11 | *this [s2] | semmle.label | *this [s2] |
-| C.cpp:30:10:30:11 | s2 | semmle.label | s2 |
 | C.cpp:31:10:31:11 | *this [s3] | semmle.label | *this [s3] |
 | C.cpp:31:10:31:11 | s3 | semmle.label | s3 |
 | D.cpp:10:11:10:17 | *getElem | semmle.label | *getElem |
@@ -1981,7 +1958,6 @@ subpaths
 | B.cpp:9:10:9:24 | elem1 | B.cpp:6:15:6:24 | new | B.cpp:9:10:9:24 | elem1 | elem1 flows from $@ | B.cpp:6:15:6:24 | new | new |
 | B.cpp:19:10:19:24 | elem2 | B.cpp:15:15:15:27 | new | B.cpp:19:10:19:24 | elem2 | elem2 flows from $@ | B.cpp:15:15:15:27 | new | new |
 | C.cpp:29:10:29:11 | s1 | C.cpp:22:12:22:21 | new | C.cpp:29:10:29:11 | s1 | s1 flows from $@ | C.cpp:22:12:22:21 | new | new |
-| C.cpp:30:10:30:11 | s2 | C.cpp:10:20:10:29 | new | C.cpp:30:10:30:11 | s2 | s2 flows from $@ | C.cpp:10:20:10:29 | new | new |
 | C.cpp:31:10:31:11 | s3 | C.cpp:24:16:24:25 | new | C.cpp:31:10:31:11 | s3 | s3 flows from $@ | C.cpp:24:16:24:25 | new | new |
 | D.cpp:22:10:22:33 | call to getElem | D.cpp:28:15:28:24 | new | D.cpp:22:10:22:33 | call to getElem | call to getElem flows from $@ | D.cpp:28:15:28:24 | new | new |
 | D.cpp:22:10:22:33 | call to getElem | D.cpp:35:15:35:24 | new | D.cpp:22:10:22:33 | call to getElem | call to getElem flows from $@ | D.cpp:35:15:35:24 | new | new |

cpp/ql/test/library-tests/dataflow/models-as-data/FlowSummaryNode.expected

@@ -1,301 +1,3 @@
-uniqueEnclosingCallable
-uniqueCallEnclosingCallable
-uniqueType
-uniqueNodeLocation
-missingLocation
-uniqueNodeToString
-parameterCallable
-localFlowIsLocal
-readStepIsLocal
-storeStepIsLocal
-compatibleTypesReflexive
-unreachableNodeCCtx
-localCallNodes
-postIsNotPre
-postHasUniquePre
-uniquePostUpdate
-postIsInSameCallable
-reverseRead
-argHasPostUpdate
-postWithInFlow
-viableImplInCallContextTooLarge
-uniqueParameterNodeAtPosition
-uniqueParameterNodePosition
-uniqueContentApprox
-identityLocalStep
-missingArgumentCall
-multipleArgumentCall
-lambdaCallEnclosingCallableMismatch
-speculativeStepAlreadyHasModel
-testFailures
-summaryCalls
-| file://:0:0:0:0 | [summary] call to [summary param] 0 in madCallArg0ReturnToReturn in madCallArg0ReturnToReturn |
-| file://:0:0:0:0 | [summary] call to [summary param] 0 in madCallArg0ReturnToReturnFirst in madCallArg0ReturnToReturnFirst |
-| file://:0:0:0:0 | [summary] call to [summary param] 0 in madCallArg0WithValue in madCallArg0WithValue |
-summarizedCallables
-| tests.cpp:144:5:144:19 | madArg0ToReturn |
-| tests.cpp:145:6:145:28 | madArg0ToReturnIndirect |
-| tests.cpp:147:5:147:28 | madArg0ToReturnValueFlow |
-| tests.cpp:148:5:148:27 | madArg0IndirectToReturn |
-| tests.cpp:149:5:149:33 | madArg0DoubleIndirectToReturn |
-| tests.cpp:150:5:150:30 | madArg0NotIndirectToReturn |
-| tests.cpp:151:6:151:26 | madArg0ToArg1Indirect |
-| tests.cpp:152:6:152:34 | madArg0IndirectToArg1Indirect |
-| tests.cpp:153:5:153:18 | madArgsComplex |
-| tests.cpp:154:5:154:14 | madArgsAny |
-| tests.cpp:155:5:155:28 | madAndImplementedComplex |
-| tests.cpp:160:5:160:24 | madArg0FieldToReturn |
-| tests.cpp:161:5:161:32 | madArg0IndirectFieldToReturn |
-| tests.cpp:162:5:162:32 | madArg0FieldIndirectToReturn |
-| tests.cpp:163:13:163:32 | madArg0ToReturnField |
-| tests.cpp:164:14:164:41 | madArg0ToReturnIndirectField |
-| tests.cpp:165:13:165:40 | madArg0ToReturnFieldIndirect |
-| tests.cpp:284:7:284:19 | madArg0ToSelf |
-| tests.cpp:285:6:285:20 | madSelfToReturn |
-| tests.cpp:287:7:287:20 | madArg0ToField |
-| tests.cpp:288:6:288:21 | madFieldToReturn |
-| tests.cpp:313:7:313:30 | namespaceMadSelfToReturn |
-| tests.cpp:434:5:434:29 | madCallArg0ReturnToReturn |
-| tests.cpp:435:9:435:38 | madCallArg0ReturnToReturnFirst |
-| tests.cpp:436:6:436:25 | madCallArg0WithValue |
-| tests.cpp:437:5:437:36 | madCallReturnValueIgnoreFunction |
-| tests.cpp:459:5:459:31 | parameter_ref_to_return_ref |
-| tests.cpp:471:5:471:17 | receive_array |
-sourceCallables
-| tests.cpp:3:5:3:10 | source |
-| tests.cpp:4:6:4:14 | sourcePtr |
-| tests.cpp:5:6:5:19 | sourceIndirect |
-| tests.cpp:6:6:6:9 | sink |
-| tests.cpp:6:15:6:17 | val |
-| tests.cpp:7:6:7:9 | sink |
-| tests.cpp:7:16:7:18 | ptr |
-| tests.cpp:11:5:11:18 | localMadSource |
-| tests.cpp:12:5:12:19 | remoteMadSource |
-| tests.cpp:13:5:13:14 | notASource |
-| tests.cpp:14:5:14:22 | localMadSourceVoid |
-| tests.cpp:15:5:15:25 | localMadSourceHasBody |
-| tests.cpp:16:6:16:28 | remoteMadSourceIndirect |
-| tests.cpp:17:7:17:35 | remoteMadSourceDoubleIndirect |
-| tests.cpp:18:6:18:32 | remoteMadSourceIndirectArg0 |
-| tests.cpp:18:39:18:39 | x |
-| tests.cpp:18:47:18:47 | y |
-| tests.cpp:19:6:19:32 | remoteMadSourceIndirectArg1 |
-| tests.cpp:19:39:19:39 | x |
-| tests.cpp:19:47:19:47 | y |
-| tests.cpp:20:5:20:22 | remoteMadSourceVar |
-| tests.cpp:21:6:21:31 | remoteMadSourceVarIndirect |
-| tests.cpp:24:6:24:28 | namespaceLocalMadSource |
-| tests.cpp:25:6:25:31 | namespaceLocalMadSourceVar |
-| tests.cpp:28:7:28:30 | namespace2LocalMadSource |
-| tests.cpp:31:6:31:19 | localMadSource |
-| tests.cpp:33:5:33:27 | namespaceLocalMadSource |
-| tests.cpp:35:6:35:17 | test_sources |
-| tests.cpp:50:6:50:6 | v |
-| tests.cpp:51:7:51:16 | v_indirect |
-| tests.cpp:52:6:52:13 | v_direct |
-| tests.cpp:63:6:63:6 | a |
-| tests.cpp:63:9:63:9 | b |
-| tests.cpp:63:12:63:12 | c |
-| tests.cpp:63:15:63:15 | d |
-| tests.cpp:75:6:75:6 | e |
-| tests.cpp:85:6:85:26 | remoteMadSourceParam0 |
-| tests.cpp:85:32:85:32 | x |
-| tests.cpp:92:6:92:16 | madSinkArg0 |
-| tests.cpp:92:22:92:22 | x |
-| tests.cpp:93:6:93:13 | notASink |
-| tests.cpp:93:19:93:19 | x |
-| tests.cpp:94:6:94:16 | madSinkArg1 |
-| tests.cpp:94:22:94:22 | x |
-| tests.cpp:94:29:94:29 | y |
-| tests.cpp:95:6:95:17 | madSinkArg01 |
-| tests.cpp:95:23:95:23 | x |
-| tests.cpp:95:30:95:30 | y |
-| tests.cpp:95:37:95:37 | z |
-| tests.cpp:96:6:96:17 | madSinkArg02 |
-| tests.cpp:96:23:96:23 | x |
-| tests.cpp:96:30:96:30 | y |
-| tests.cpp:96:37:96:37 | z |
-| tests.cpp:97:6:97:24 | madSinkIndirectArg0 |
-| tests.cpp:97:31:97:31 | x |
-| tests.cpp:98:6:98:30 | madSinkDoubleIndirectArg0 |
-| tests.cpp:98:38:98:38 | x |
-| tests.cpp:99:5:99:14 | madSinkVar |
-| tests.cpp:100:6:100:23 | madSinkVarIndirect |
-| tests.cpp:102:6:102:15 | test_sinks |
-| tests.cpp:116:6:116:6 | a |
-| tests.cpp:117:7:117:11 | a_ptr |
-| tests.cpp:132:6:132:18 | madSinkParam0 |
-| tests.cpp:132:24:132:24 | x |
-| tests.cpp:138:8:138:8 | operator= |
-| tests.cpp:138:8:138:8 | operator= |
-| tests.cpp:138:8:138:18 | MyContainer |
-| tests.cpp:139:6:139:10 | value |
-| tests.cpp:140:6:140:11 | value2 |
-| tests.cpp:141:7:141:9 | ptr |
-| tests.cpp:144:5:144:19 | madArg0ToReturn |
-| tests.cpp:144:25:144:25 | x |
-| tests.cpp:145:6:145:28 | madArg0ToReturnIndirect |
-| tests.cpp:145:34:145:34 | x |
-| tests.cpp:146:5:146:15 | notASummary |
-| tests.cpp:146:21:146:21 | x |
-| tests.cpp:147:5:147:28 | madArg0ToReturnValueFlow |
-| tests.cpp:147:34:147:34 | x |
-| tests.cpp:148:5:148:27 | madArg0IndirectToReturn |
-| tests.cpp:148:34:148:34 | x |
-| tests.cpp:149:5:149:33 | madArg0DoubleIndirectToReturn |
-| tests.cpp:149:41:149:41 | x |
-| tests.cpp:150:5:150:30 | madArg0NotIndirectToReturn |
-| tests.cpp:150:37:150:37 | x |
-| tests.cpp:151:6:151:26 | madArg0ToArg1Indirect |
-| tests.cpp:151:32:151:32 | x |
-| tests.cpp:151:40:151:40 | y |
-| tests.cpp:152:6:152:34 | madArg0IndirectToArg1Indirect |
-| tests.cpp:152:47:152:47 | x |
-| tests.cpp:152:55:152:55 | y |
-| tests.cpp:153:5:153:18 | madArgsComplex |
-| tests.cpp:153:25:153:25 | a |
-| tests.cpp:153:33:153:33 | b |
-| tests.cpp:153:40:153:40 | c |
-| tests.cpp:153:47:153:47 | d |
-| tests.cpp:154:5:154:14 | madArgsAny |
-| tests.cpp:154:20:154:20 | a |
-| tests.cpp:154:28:154:28 | b |
-| tests.cpp:155:5:155:28 | madAndImplementedComplex |
-| tests.cpp:155:34:155:34 | a |
-| tests.cpp:155:41:155:41 | b |
-| tests.cpp:155:48:155:48 | c |
-| tests.cpp:160:5:160:24 | madArg0FieldToReturn |
-| tests.cpp:160:38:160:39 | mc |
-| tests.cpp:161:5:161:32 | madArg0IndirectFieldToReturn |
-| tests.cpp:161:47:161:48 | mc |
-| tests.cpp:162:5:162:32 | madArg0FieldIndirectToReturn |
-| tests.cpp:162:46:162:47 | mc |
-| tests.cpp:163:13:163:32 | madArg0ToReturnField |
-| tests.cpp:163:38:163:38 | x |
-| tests.cpp:164:14:164:41 | madArg0ToReturnIndirectField |
-| tests.cpp:164:47:164:47 | x |
-| tests.cpp:165:13:165:40 | madArg0ToReturnFieldIndirect |
-| tests.cpp:165:46:165:46 | x |
-| tests.cpp:167:13:167:30 | madFieldToFieldVar |
-| tests.cpp:168:13:168:38 | madFieldToIndirectFieldVar |
-| tests.cpp:169:14:169:39 | madIndirectFieldToFieldVar |
-| tests.cpp:171:6:171:19 | test_summaries |
-| tests.cpp:174:6:174:6 | a |
-| tests.cpp:174:9:174:9 | b |
-| tests.cpp:174:12:174:12 | c |
-| tests.cpp:174:15:174:15 | d |
-| tests.cpp:174:18:174:18 | e |
-| tests.cpp:175:7:175:11 | a_ptr |
-| tests.cpp:218:14:218:16 | mc1 |
-| tests.cpp:218:19:218:21 | mc2 |
-| tests.cpp:237:15:237:18 | rtn1 |
-| tests.cpp:240:14:240:17 | rtn2 |
-| tests.cpp:241:7:241:14 | rtn2_ptr |
-| tests.cpp:267:7:267:7 | operator= |
-| tests.cpp:267:7:267:7 | operator= |
-| tests.cpp:267:7:267:13 | MyClass |
-| tests.cpp:270:6:270:26 | memberRemoteMadSource |
-| tests.cpp:271:7:271:39 | memberRemoteMadSourceIndirectArg0 |
-| tests.cpp:271:46:271:46 | x |
-| tests.cpp:272:6:272:29 | memberRemoteMadSourceVar |
-| tests.cpp:273:7:273:21 | qualifierSource |
-| tests.cpp:274:7:274:26 | qualifierFieldSource |
-| tests.cpp:277:7:277:23 | memberMadSinkArg0 |
-| tests.cpp:277:29:277:29 | x |
-| tests.cpp:278:6:278:21 | memberMadSinkVar |
-| tests.cpp:279:7:279:19 | qualifierSink |
-| tests.cpp:280:7:280:23 | qualifierArg0Sink |
-| tests.cpp:280:29:280:29 | x |
-| tests.cpp:281:7:281:24 | qualifierFieldSink |
-| tests.cpp:284:7:284:19 | madArg0ToSelf |
-| tests.cpp:284:25:284:25 | x |
-| tests.cpp:285:6:285:20 | madSelfToReturn |
-| tests.cpp:286:6:286:16 | notASummary |
-| tests.cpp:287:7:287:20 | madArg0ToField |
-| tests.cpp:287:26:287:26 | x |
-| tests.cpp:288:6:288:21 | madFieldToReturn |
-| tests.cpp:290:6:290:8 | val |
-| tests.cpp:293:7:293:7 | MyDerivedClass |
-| tests.cpp:293:7:293:7 | operator= |
-| tests.cpp:293:7:293:7 | operator= |
-| tests.cpp:293:7:293:20 | MyDerivedClass |
-| tests.cpp:295:6:295:28 | subtypeRemoteMadSource1 |
-| tests.cpp:296:6:296:21 | subtypeNonSource |
-| tests.cpp:297:6:297:28 | subtypeRemoteMadSource2 |
-| tests.cpp:300:9:300:15 | source2 |
-| tests.cpp:301:6:301:9 | sink |
-| tests.cpp:301:19:301:20 | mc |
-| tests.cpp:304:8:304:8 | operator= |
-| tests.cpp:304:8:304:8 | operator= |
-| tests.cpp:304:8:304:14 | MyClass |
-| tests.cpp:307:8:307:33 | namespaceMemberMadSinkArg0 |
-| tests.cpp:307:39:307:39 | x |
-| tests.cpp:308:15:308:46 | namespaceStaticMemberMadSinkArg0 |
-| tests.cpp:308:52:308:52 | x |
-| tests.cpp:309:7:309:31 | namespaceMemberMadSinkVar |
-| tests.cpp:310:14:310:44 | namespaceStaticMemberMadSinkVar |
-| tests.cpp:313:7:313:30 | namespaceMadSelfToReturn |
-| tests.cpp:317:22:317:28 | source3 |
-| tests.cpp:319:6:319:23 | test_class_members |
-| tests.cpp:320:10:320:11 | mc |
-| tests.cpp:320:14:320:16 | mc2 |
-| tests.cpp:320:19:320:21 | mc3 |
-| tests.cpp:320:24:320:26 | mc4 |
-| tests.cpp:320:29:320:31 | mc5 |
-| tests.cpp:320:34:320:36 | mc6 |
-| tests.cpp:320:39:320:41 | mc7 |
-| tests.cpp:320:44:320:46 | mc8 |
-| tests.cpp:320:49:320:51 | mc9 |
-| tests.cpp:320:54:320:57 | mc10 |
-| tests.cpp:320:60:320:63 | mc11 |
-| tests.cpp:321:11:321:13 | ptr |
-| tests.cpp:321:17:321:23 | mc4_ptr |
-| tests.cpp:322:17:322:19 | mdc |
-| tests.cpp:323:23:323:25 | mnc |
-| tests.cpp:323:28:323:31 | mnc2 |
-| tests.cpp:324:24:324:31 | mnc2_ptr |
-| tests.cpp:330:6:330:6 | a |
-| tests.cpp:429:8:429:8 | operator= |
-| tests.cpp:429:8:429:8 | operator= |
-| tests.cpp:429:8:429:14 | intPair |
-| tests.cpp:430:6:430:10 | first |
-| tests.cpp:431:6:431:11 | second |
-| tests.cpp:434:5:434:29 | madCallArg0ReturnToReturn |
-| tests.cpp:434:37:434:43 | fun_ptr |
-| tests.cpp:435:9:435:38 | madCallArg0ReturnToReturnFirst |
-| tests.cpp:435:46:435:52 | fun_ptr |
-| tests.cpp:436:6:436:25 | madCallArg0WithValue |
-| tests.cpp:436:34:436:40 | fun_ptr |
-| tests.cpp:436:53:436:57 | value |
-| tests.cpp:437:5:437:36 | madCallReturnValueIgnoreFunction |
-| tests.cpp:437:45:437:51 | fun_ptr |
-| tests.cpp:437:64:437:68 | value |
-| tests.cpp:439:5:439:14 | getTainted |
-| tests.cpp:440:6:440:13 | useValue |
-| tests.cpp:440:19:440:19 | x |
-| tests.cpp:441:6:441:17 | dontUseValue |
-| tests.cpp:441:23:441:23 | x |
-| tests.cpp:443:6:443:27 | test_function_pointers |
-| tests.cpp:456:19:456:19 | X |
-| tests.cpp:457:8:457:35 | StructWithTypedefInParameter<X> |
-| tests.cpp:457:8:457:35 | StructWithTypedefInParameter<int> |
-| tests.cpp:458:12:458:15 | Type |
-| tests.cpp:459:5:459:31 | parameter_ref_to_return_ref |
-| tests.cpp:459:5:459:31 | parameter_ref_to_return_ref |
-| tests.cpp:459:45:459:45 | x |
-| tests.cpp:459:45:459:45 | x |
-| tests.cpp:462:6:462:37 | test_parameter_ref_to_return_ref |
-| tests.cpp:463:6:463:6 | x |
-| tests.cpp:464:36:464:36 | s |
-| tests.cpp:465:6:465:6 | y |
-| tests.cpp:469:7:469:9 | INT |
-| tests.cpp:471:5:471:17 | receive_array |
-| tests.cpp:471:23:471:23 | a |
-| tests.cpp:473:6:473:23 | test_receive_array |
-| tests.cpp:474:6:474:6 | x |
-| tests.cpp:475:6:475:10 | array |
-| tests.cpp:476:6:476:6 | y |
-flowSummaryNode
 | tests.cpp:144:5:144:19 | [summary param] 0 in madArg0ToReturn | ParameterNode | madArg0ToReturn | madArg0ToReturn |
 | tests.cpp:144:5:144:19 | [summary] to write: ReturnValue in madArg0ToReturn | ReturnNode | madArg0ToReturn | madArg0ToReturn |
 | tests.cpp:145:6:145:28 | [summary param] 0 in madArg0ToReturnIndirect | ParameterNode | madArg0ToReturnIndirect | madArg0ToReturnIndirect |

cpp/ql/test/library-tests/dataflow/models-as-data/FlowSummaryNode.ql

@@ -0,0 +1,20 @@
+import testModels
+private import semmle.code.cpp.ir.dataflow.internal.DataFlowPrivate
+private import semmle.code.cpp.ir.dataflow.internal.DataFlowUtil
+private import semmle.code.cpp.ir.dataflow.internal.DataFlowNodes
+
+string describe(DataFlow::Node n) {
+  n instanceof ParameterNode and result = "ParameterNode"
+  or
+  n instanceof PostUpdateNode and result = "PostUpdateNode"
+  or
+  n instanceof ArgumentNode and result = "ArgumentNode"
+  or
+  n instanceof ReturnNode and result = "ReturnNode"
+  or
+  n instanceof OutNode and result = "OutNode"
+}
+
+from FlowSummaryNode n
+select n, concat(describe(n), ", "), concat(n.getSummarizedCallable().toString(), ", "),
+  concat(n.getEnclosingCallable().toString(), ", ")

cpp/ql/test/library-tests/dataflow/models-as-data/SummaryCall.expected

@@ -0,0 +1,267 @@
+summaryCalls
+| file://:0:0:0:0 | [summary] call to [summary param] 0 in madCallArg0ReturnToReturn in madCallArg0ReturnToReturn |
+| file://:0:0:0:0 | [summary] call to [summary param] 0 in madCallArg0ReturnToReturnFirst in madCallArg0ReturnToReturnFirst |
+| file://:0:0:0:0 | [summary] call to [summary param] 0 in madCallArg0WithValue in madCallArg0WithValue |
+summarizedCallables
+| tests.cpp:144:5:144:19 | madArg0ToReturn |
+| tests.cpp:145:6:145:28 | madArg0ToReturnIndirect |
+| tests.cpp:147:5:147:28 | madArg0ToReturnValueFlow |
+| tests.cpp:148:5:148:27 | madArg0IndirectToReturn |
+| tests.cpp:149:5:149:33 | madArg0DoubleIndirectToReturn |
+| tests.cpp:150:5:150:30 | madArg0NotIndirectToReturn |
+| tests.cpp:151:6:151:26 | madArg0ToArg1Indirect |
+| tests.cpp:152:6:152:34 | madArg0IndirectToArg1Indirect |
+| tests.cpp:153:5:153:18 | madArgsComplex |
+| tests.cpp:154:5:154:14 | madArgsAny |
+| tests.cpp:155:5:155:28 | madAndImplementedComplex |
+| tests.cpp:160:5:160:24 | madArg0FieldToReturn |
+| tests.cpp:161:5:161:32 | madArg0IndirectFieldToReturn |
+| tests.cpp:162:5:162:32 | madArg0FieldIndirectToReturn |
+| tests.cpp:163:13:163:32 | madArg0ToReturnField |
+| tests.cpp:164:14:164:41 | madArg0ToReturnIndirectField |
+| tests.cpp:165:13:165:40 | madArg0ToReturnFieldIndirect |
+| tests.cpp:284:7:284:19 | madArg0ToSelf |
+| tests.cpp:285:6:285:20 | madSelfToReturn |
+| tests.cpp:287:7:287:20 | madArg0ToField |
+| tests.cpp:288:6:288:21 | madFieldToReturn |
+| tests.cpp:313:7:313:30 | namespaceMadSelfToReturn |
+| tests.cpp:434:5:434:29 | madCallArg0ReturnToReturn |
+| tests.cpp:435:9:435:38 | madCallArg0ReturnToReturnFirst |
+| tests.cpp:436:6:436:25 | madCallArg0WithValue |
+| tests.cpp:437:5:437:36 | madCallReturnValueIgnoreFunction |
+| tests.cpp:459:5:459:31 | parameter_ref_to_return_ref |
+| tests.cpp:471:5:471:17 | receive_array |
+sourceCallables
+| tests.cpp:3:5:3:10 | source |
+| tests.cpp:4:6:4:14 | sourcePtr |
+| tests.cpp:5:6:5:19 | sourceIndirect |
+| tests.cpp:6:6:6:9 | sink |
+| tests.cpp:6:15:6:17 | val |
+| tests.cpp:7:6:7:9 | sink |
+| tests.cpp:7:16:7:18 | ptr |
+| tests.cpp:11:5:11:18 | localMadSource |
+| tests.cpp:12:5:12:19 | remoteMadSource |
+| tests.cpp:13:5:13:14 | notASource |
+| tests.cpp:14:5:14:22 | localMadSourceVoid |
+| tests.cpp:15:5:15:25 | localMadSourceHasBody |
+| tests.cpp:16:6:16:28 | remoteMadSourceIndirect |
+| tests.cpp:17:7:17:35 | remoteMadSourceDoubleIndirect |
+| tests.cpp:18:6:18:32 | remoteMadSourceIndirectArg0 |
+| tests.cpp:18:39:18:39 | x |
+| tests.cpp:18:47:18:47 | y |
+| tests.cpp:19:6:19:32 | remoteMadSourceIndirectArg1 |
+| tests.cpp:19:39:19:39 | x |
+| tests.cpp:19:47:19:47 | y |
+| tests.cpp:20:5:20:22 | remoteMadSourceVar |
+| tests.cpp:21:6:21:31 | remoteMadSourceVarIndirect |
+| tests.cpp:24:6:24:28 | namespaceLocalMadSource |
+| tests.cpp:25:6:25:31 | namespaceLocalMadSourceVar |
+| tests.cpp:28:7:28:30 | namespace2LocalMadSource |
+| tests.cpp:31:6:31:19 | localMadSource |
+| tests.cpp:33:5:33:27 | namespaceLocalMadSource |
+| tests.cpp:35:6:35:17 | test_sources |
+| tests.cpp:50:6:50:6 | v |
+| tests.cpp:51:7:51:16 | v_indirect |
+| tests.cpp:52:6:52:13 | v_direct |
+| tests.cpp:63:6:63:6 | a |
+| tests.cpp:63:9:63:9 | b |
+| tests.cpp:63:12:63:12 | c |
+| tests.cpp:63:15:63:15 | d |
+| tests.cpp:75:6:75:6 | e |
+| tests.cpp:85:6:85:26 | remoteMadSourceParam0 |
+| tests.cpp:85:32:85:32 | x |
+| tests.cpp:92:6:92:16 | madSinkArg0 |
+| tests.cpp:92:22:92:22 | x |
+| tests.cpp:93:6:93:13 | notASink |
+| tests.cpp:93:19:93:19 | x |
+| tests.cpp:94:6:94:16 | madSinkArg1 |
+| tests.cpp:94:22:94:22 | x |
+| tests.cpp:94:29:94:29 | y |
+| tests.cpp:95:6:95:17 | madSinkArg01 |
+| tests.cpp:95:23:95:23 | x |
+| tests.cpp:95:30:95:30 | y |
+| tests.cpp:95:37:95:37 | z |
+| tests.cpp:96:6:96:17 | madSinkArg02 |
+| tests.cpp:96:23:96:23 | x |
+| tests.cpp:96:30:96:30 | y |
+| tests.cpp:96:37:96:37 | z |
+| tests.cpp:97:6:97:24 | madSinkIndirectArg0 |
+| tests.cpp:97:31:97:31 | x |
+| tests.cpp:98:6:98:30 | madSinkDoubleIndirectArg0 |
+| tests.cpp:98:38:98:38 | x |
+| tests.cpp:99:5:99:14 | madSinkVar |
+| tests.cpp:100:6:100:23 | madSinkVarIndirect |
+| tests.cpp:102:6:102:15 | test_sinks |
+| tests.cpp:116:6:116:6 | a |
+| tests.cpp:117:7:117:11 | a_ptr |
+| tests.cpp:132:6:132:18 | madSinkParam0 |
+| tests.cpp:132:24:132:24 | x |
+| tests.cpp:138:8:138:8 | operator= |
+| tests.cpp:138:8:138:8 | operator= |
+| tests.cpp:138:8:138:18 | MyContainer |
+| tests.cpp:139:6:139:10 | value |
+| tests.cpp:140:6:140:11 | value2 |
+| tests.cpp:141:7:141:9 | ptr |
+| tests.cpp:144:5:144:19 | madArg0ToReturn |
+| tests.cpp:144:25:144:25 | x |
+| tests.cpp:145:6:145:28 | madArg0ToReturnIndirect |
+| tests.cpp:145:34:145:34 | x |
+| tests.cpp:146:5:146:15 | notASummary |
+| tests.cpp:146:21:146:21 | x |
+| tests.cpp:147:5:147:28 | madArg0ToReturnValueFlow |
+| tests.cpp:147:34:147:34 | x |
+| tests.cpp:148:5:148:27 | madArg0IndirectToReturn |
+| tests.cpp:148:34:148:34 | x |
+| tests.cpp:149:5:149:33 | madArg0DoubleIndirectToReturn |
+| tests.cpp:149:41:149:41 | x |
+| tests.cpp:150:5:150:30 | madArg0NotIndirectToReturn |
+| tests.cpp:150:37:150:37 | x |
+| tests.cpp:151:6:151:26 | madArg0ToArg1Indirect |
+| tests.cpp:151:32:151:32 | x |
+| tests.cpp:151:40:151:40 | y |
+| tests.cpp:152:6:152:34 | madArg0IndirectToArg1Indirect |
+| tests.cpp:152:47:152:47 | x |
+| tests.cpp:152:55:152:55 | y |
+| tests.cpp:153:5:153:18 | madArgsComplex |
+| tests.cpp:153:25:153:25 | a |
+| tests.cpp:153:33:153:33 | b |
+| tests.cpp:153:40:153:40 | c |
+| tests.cpp:153:47:153:47 | d |
+| tests.cpp:154:5:154:14 | madArgsAny |
+| tests.cpp:154:20:154:20 | a |
+| tests.cpp:154:28:154:28 | b |
+| tests.cpp:155:5:155:28 | madAndImplementedComplex |
+| tests.cpp:155:34:155:34 | a |
+| tests.cpp:155:41:155:41 | b |
+| tests.cpp:155:48:155:48 | c |
+| tests.cpp:160:5:160:24 | madArg0FieldToReturn |
+| tests.cpp:160:38:160:39 | mc |
+| tests.cpp:161:5:161:32 | madArg0IndirectFieldToReturn |
+| tests.cpp:161:47:161:48 | mc |
+| tests.cpp:162:5:162:32 | madArg0FieldIndirectToReturn |
+| tests.cpp:162:46:162:47 | mc |
+| tests.cpp:163:13:163:32 | madArg0ToReturnField |
+| tests.cpp:163:38:163:38 | x |
+| tests.cpp:164:14:164:41 | madArg0ToReturnIndirectField |
+| tests.cpp:164:47:164:47 | x |
+| tests.cpp:165:13:165:40 | madArg0ToReturnFieldIndirect |
+| tests.cpp:165:46:165:46 | x |
+| tests.cpp:167:13:167:30 | madFieldToFieldVar |
+| tests.cpp:168:13:168:38 | madFieldToIndirectFieldVar |
+| tests.cpp:169:14:169:39 | madIndirectFieldToFieldVar |
+| tests.cpp:171:6:171:19 | test_summaries |
+| tests.cpp:174:6:174:6 | a |
+| tests.cpp:174:9:174:9 | b |
+| tests.cpp:174:12:174:12 | c |
+| tests.cpp:174:15:174:15 | d |
+| tests.cpp:174:18:174:18 | e |
+| tests.cpp:175:7:175:11 | a_ptr |
+| tests.cpp:218:14:218:16 | mc1 |
+| tests.cpp:218:19:218:21 | mc2 |
+| tests.cpp:237:15:237:18 | rtn1 |
+| tests.cpp:240:14:240:17 | rtn2 |
+| tests.cpp:241:7:241:14 | rtn2_ptr |
+| tests.cpp:267:7:267:7 | operator= |
+| tests.cpp:267:7:267:7 | operator= |
+| tests.cpp:267:7:267:13 | MyClass |
+| tests.cpp:270:6:270:26 | memberRemoteMadSource |
+| tests.cpp:271:7:271:39 | memberRemoteMadSourceIndirectArg0 |
+| tests.cpp:271:46:271:46 | x |
+| tests.cpp:272:6:272:29 | memberRemoteMadSourceVar |
+| tests.cpp:273:7:273:21 | qualifierSource |
+| tests.cpp:274:7:274:26 | qualifierFieldSource |
+| tests.cpp:277:7:277:23 | memberMadSinkArg0 |
+| tests.cpp:277:29:277:29 | x |
+| tests.cpp:278:6:278:21 | memberMadSinkVar |
+| tests.cpp:279:7:279:19 | qualifierSink |
+| tests.cpp:280:7:280:23 | qualifierArg0Sink |
+| tests.cpp:280:29:280:29 | x |
+| tests.cpp:281:7:281:24 | qualifierFieldSink |
+| tests.cpp:284:7:284:19 | madArg0ToSelf |
+| tests.cpp:284:25:284:25 | x |
+| tests.cpp:285:6:285:20 | madSelfToReturn |
+| tests.cpp:286:6:286:16 | notASummary |
+| tests.cpp:287:7:287:20 | madArg0ToField |
+| tests.cpp:287:26:287:26 | x |
+| tests.cpp:288:6:288:21 | madFieldToReturn |
+| tests.cpp:290:6:290:8 | val |
+| tests.cpp:293:7:293:7 | MyDerivedClass |
+| tests.cpp:293:7:293:7 | operator= |
+| tests.cpp:293:7:293:7 | operator= |
+| tests.cpp:293:7:293:20 | MyDerivedClass |
+| tests.cpp:295:6:295:28 | subtypeRemoteMadSource1 |
+| tests.cpp:296:6:296:21 | subtypeNonSource |
+| tests.cpp:297:6:297:28 | subtypeRemoteMadSource2 |
+| tests.cpp:300:9:300:15 | source2 |
+| tests.cpp:301:6:301:9 | sink |
+| tests.cpp:301:19:301:20 | mc |
+| tests.cpp:304:8:304:8 | operator= |
+| tests.cpp:304:8:304:8 | operator= |
+| tests.cpp:304:8:304:14 | MyClass |
+| tests.cpp:307:8:307:33 | namespaceMemberMadSinkArg0 |
+| tests.cpp:307:39:307:39 | x |
+| tests.cpp:308:15:308:46 | namespaceStaticMemberMadSinkArg0 |
+| tests.cpp:308:52:308:52 | x |
+| tests.cpp:309:7:309:31 | namespaceMemberMadSinkVar |
+| tests.cpp:310:14:310:44 | namespaceStaticMemberMadSinkVar |
+| tests.cpp:313:7:313:30 | namespaceMadSelfToReturn |
+| tests.cpp:317:22:317:28 | source3 |
+| tests.cpp:319:6:319:23 | test_class_members |
+| tests.cpp:320:10:320:11 | mc |
+| tests.cpp:320:14:320:16 | mc2 |
+| tests.cpp:320:19:320:21 | mc3 |
+| tests.cpp:320:24:320:26 | mc4 |
+| tests.cpp:320:29:320:31 | mc5 |
+| tests.cpp:320:34:320:36 | mc6 |
+| tests.cpp:320:39:320:41 | mc7 |
+| tests.cpp:320:44:320:46 | mc8 |
+| tests.cpp:320:49:320:51 | mc9 |
+| tests.cpp:320:54:320:57 | mc10 |
+| tests.cpp:320:60:320:63 | mc11 |
+| tests.cpp:321:11:321:13 | ptr |
+| tests.cpp:321:17:321:23 | mc4_ptr |
+| tests.cpp:322:17:322:19 | mdc |
+| tests.cpp:323:23:323:25 | mnc |
+| tests.cpp:323:28:323:31 | mnc2 |
+| tests.cpp:324:24:324:31 | mnc2_ptr |
+| tests.cpp:330:6:330:6 | a |
+| tests.cpp:429:8:429:8 | operator= |
+| tests.cpp:429:8:429:8 | operator= |
+| tests.cpp:429:8:429:14 | intPair |
+| tests.cpp:430:6:430:10 | first |
+| tests.cpp:431:6:431:11 | second |
+| tests.cpp:434:5:434:29 | madCallArg0ReturnToReturn |
+| tests.cpp:434:37:434:43 | fun_ptr |
+| tests.cpp:435:9:435:38 | madCallArg0ReturnToReturnFirst |
+| tests.cpp:435:46:435:52 | fun_ptr |
+| tests.cpp:436:6:436:25 | madCallArg0WithValue |
+| tests.cpp:436:34:436:40 | fun_ptr |
+| tests.cpp:436:53:436:57 | value |
+| tests.cpp:437:5:437:36 | madCallReturnValueIgnoreFunction |
+| tests.cpp:437:45:437:51 | fun_ptr |
+| tests.cpp:437:64:437:68 | value |
+| tests.cpp:439:5:439:14 | getTainted |
+| tests.cpp:440:6:440:13 | useValue |
+| tests.cpp:440:19:440:19 | x |
+| tests.cpp:441:6:441:17 | dontUseValue |
+| tests.cpp:441:23:441:23 | x |
+| tests.cpp:443:6:443:27 | test_function_pointers |
+| tests.cpp:456:19:456:19 | X |
+| tests.cpp:457:8:457:35 | StructWithTypedefInParameter<X> |
+| tests.cpp:457:8:457:35 | StructWithTypedefInParameter<int> |
+| tests.cpp:458:12:458:15 | Type |
+| tests.cpp:459:5:459:31 | parameter_ref_to_return_ref |
+| tests.cpp:459:5:459:31 | parameter_ref_to_return_ref |
+| tests.cpp:459:45:459:45 | x |
+| tests.cpp:459:45:459:45 | x |
+| tests.cpp:462:6:462:37 | test_parameter_ref_to_return_ref |
+| tests.cpp:463:6:463:6 | x |
+| tests.cpp:464:36:464:36 | s |
+| tests.cpp:465:6:465:6 | y |
+| tests.cpp:469:7:469:9 | INT |
+| tests.cpp:471:5:471:17 | receive_array |
+| tests.cpp:471:23:471:23 | a |
+| tests.cpp:473:6:473:23 | test_receive_array |
+| tests.cpp:474:6:474:6 | x |
+| tests.cpp:475:6:475:10 | array |
+| tests.cpp:476:6:476:6 | y |

cpp/ql/test/library-tests/dataflow/models-as-data/SummaryCall.ql

@@ -0,0 +1,9 @@
+import testModels
+private import semmle.code.cpp.ir.dataflow.internal.DataFlowPrivate
+private import semmle.code.cpp.ir.dataflow.internal.DataFlowUtil
+
+query predicate summaryCalls(SummaryCall c) { any() }
+
+query predicate summarizedCallables(SummarizedCallable c) { any() }
+
+query predicate sourceCallables(SourceCallable c) { c.getLocation().getFile().toString() != "" }

cpp/ql/test/library-tests/dataflow/models-as-data/consistency.expected

@@ -0,0 +1,29 @@
+uniqueEnclosingCallable
+uniqueCallEnclosingCallable
+uniqueType
+uniqueNodeLocation
+missingLocation
+uniqueNodeToString
+parameterCallable
+localFlowIsLocal
+readStepIsLocal
+storeStepIsLocal
+compatibleTypesReflexive
+unreachableNodeCCtx
+localCallNodes
+postIsNotPre
+postHasUniquePre
+uniquePostUpdate
+postIsInSameCallable
+reverseRead
+argHasPostUpdate
+postWithInFlow
+viableImplInCallContextTooLarge
+uniqueParameterNodeAtPosition
+uniqueParameterNodePosition
+uniqueContentApprox
+identityLocalStep
+missingArgumentCall
+multipleArgumentCall
+lambdaCallEnclosingCallableMismatch
+speculativeStepAlreadyHasModel

cpp/ql/test/library-tests/dataflow/models-as-data/consistency.ql

@@ -0,0 +1,2 @@
+import testModels
+import semmle.code.cpp.ir.dataflow.internal.DataFlowImplConsistency::Consistency

cpp/ql/test/library-tests/dataflow/models-as-data/interpretElement.ql

@@ -0,0 +1,18 @@
+import utils.test.InlineExpectationsTest
+import testModels
+
+module InterpretElementTest implements TestSig {
+  string getARelevantTag() { result = "interpretElement" }
+
+  predicate hasActualResult(Location location, string element, string tag, string value) {
+    exists(Element e |
+      e = interpretElement(_, _, _, _, _, _) and
+      location = e.getLocation() and
+      element = e.toString() and
+      tag = "interpretElement" and
+      value = ""
+    )
+  }
+}
+
+import MakeTest<InterpretElementTest>

cpp/ql/test/library-tests/dataflow/models-as-data/taint.ql

@@ -0,0 +1,32 @@
+import utils.test.dataflow.FlowTestCommon
+import testModels
+
+module IRTest {
+  private import semmle.code.cpp.ir.IR
+  private import semmle.code.cpp.ir.dataflow.TaintTracking
+
+  /** Common data flow configuration to be used by tests. */
+  module TestAllocationConfig implements DataFlow::ConfigSig {
+    predicate isSource(DataFlow::Node source) {
+      source instanceof FlowSource
+      or
+      source.asExpr().(FunctionCall).getTarget().getName() =
+        ["source", "source2", "source3", "sourcePtr"]
+      or
+      source.asIndirectExpr(1).(FunctionCall).getTarget().getName() = "sourceIndirect"
+    }
+
+    predicate isSink(DataFlow::Node sink) {
+      sinkNode(sink, "test-sink")
+      or
+      exists(FunctionCall call |
+        call.getTarget().getName() = "sink" and
+        sink.asExpr() = call.getAnArgument()
+      )
+    }
+  }
+
+  module IRFlow = TaintTracking::Global<TestAllocationConfig>;
+}
+
+import MakeTest<IRFlowTest<IRTest::IRFlow>>

cpp/ql/test/library-tests/dataflow/models-as-data/testModels.ext.yml

@@ -1,84 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: sourceModel
-    data: # namespace, type, subtypes, name, signature, ext, output, kind, provenance
-      - ["", "", False, "localMadSource", "", "", "ReturnValue", "local", "manual"]
-      - ["", "", False, "remoteMadSource", "", "", "ReturnValue", "remote", "manual"]
-      - ["", "", False, "localMadSourceVoid", "", "", "ReturnValue", "local", "manual"]
-      - ["", "", False, "localMadSourceHasBody", "", "", "ReturnValue", "local", "manual"]
-      - ["", "", False, "remoteMadSourceIndirect", "", "", "ReturnValue[*]", "remote", "manual"]
-      - ["", "", False, "remoteMadSourceDoubleIndirect", "", "", "ReturnValue[**]", "remote", "manual"]
-      - ["", "", False, "remoteMadSourceIndirectArg0", "", "", "Argument[*0]", "remote", "manual"]
-      - ["", "", False, "remoteMadSourceIndirectArg1", "", "", "Argument[*1]", "remote", "manual"]
-      - ["", "", False, "remoteMadSourceVar", "", "", "", "remote", "manual"]
-      - ["", "", False, "remoteMadSourceVarIndirect", "", "", "*", "remote", "manual"] # we can't express this source/sink correctly at present, "*" is not a valid access path
-      - ["", "", False, "remoteMadSourceParam0", "", "", "Parameter[0]", "remote", "manual"]
-      - ["MyNamespace", "", False, "namespaceLocalMadSource", "", "", "ReturnValue", "local", "manual"]
-      - ["MyNamespace", "", False, "namespaceLocalMadSourceVar", "", "", "", "local", "manual"]
-      - ["MyNamespace::MyNamespace2", "", False, "namespace2LocalMadSource", "", "", "ReturnValue", "local", "manual"]
-      - ["", "MyClass", True, "memberRemoteMadSource", "", "", "ReturnValue", "remote", "manual"]
-      - ["", "MyClass", True, "memberRemoteMadSourceIndirectArg0", "", "", "Argument[*0]", "remote", "manual"]
-      - ["", "MyClass", True, "memberRemoteMadSourceVar", "", "", "", "remote", "manual"]
-      - ["", "MyClass", True, "subtypeRemoteMadSource1", "", "", "ReturnValue", "remote", "manual"]
-      - ["", "MyClass", False, "subtypeNonSource", "", "", "ReturnValue", "remote", "manual"] # the tests define this in MyDerivedClass, so it should *not* be recongized as a source
-      - ["", "MyClass", True, "qualifierSource", "", "", "Argument[-1]", "remote", "manual"]
-      - ["", "MyClass", True, "qualifierFieldSource", "", "", "Argument[-1].val", "remote", "manual"]
-      - ["", "MyDerivedClass", False, "subtypeRemoteMadSource2", "", "", "ReturnValue", "remote", "manual"]
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: sinkModel
-    data: # namespace, type, subtypes, name, signature, ext, input, kind, provenance
-      - ["", "", False, "madSinkArg0", "", "", "Argument[0]", "test-sink", "manual"]
-      - ["", "", False, "madSinkArg1", "", "", "Argument[1]", "test-sink", "manual"]
-      - ["", "", False, "madSinkArg01", "", "", "Argument[0..1]", "test-sink", "manual"]
-      - ["", "", False, "madSinkArg02", "", "", "Argument[0,2]", "test-sink", "manual"]
-      - ["", "", False, "madSinkIndirectArg0", "", "", "Argument[*0]", "test-sink", "manual"]
-      - ["", "", False, "madSinkDoubleIndirectArg0", "", "", "Argument[**0]", "test-sink", "manual"]
-      - ["", "", False, "madSinkVar", "", "", "", "test-sink", "manual"]
-      - ["", "", False, "madSinkVarIndirect", "", "", "*", "test-sink", "manual"] # we can't express this source/sink correctly at present, "*" is not a valid access path
-      - ["", "", False, "madSinkParam0", "", "", "Parameter[0]", "test-sink", "manual"]
-      - ["", "MyClass", True, "memberMadSinkArg0", "", "", "Argument[0]", "test-sink", "manual"]
-      - ["", "MyClass", True, "memberMadSinkVar", "", "", "", "test-sink", "manual"]
-      - ["", "MyClass", True, "qualifierSink", "", "", "Argument[-1]", "test-sink", "manual"]
-      - ["", "MyClass", True, "qualifierArg0Sink", "", "", "Argument[-1..0]", "test-sink", "manual"]
-      - ["", "MyClass", True, "qualifierFieldSink", "", "", "Argument[-1].val", "test-sink", "manual"]
-      - ["MyNamespace", "MyClass", True, "namespaceMemberMadSinkArg0", "", "", "Argument[0]", "test-sink", "manual"]
-      - ["MyNamespace", "MyClass", True, "namespaceStaticMemberMadSinkArg0", "", "", "Argument[0]", "test-sink", "manual"]
-      - ["MyNamespace", "MyClass", True, "namespaceMemberMadSinkVar", "", "", "", "test-sink", "manual"]
-      - ["MyNamespace", "MyClass", True, "namespaceStaticMemberMadSinkVar", "", "", "", "test-sink", "manual"]
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: summaryModel
-    data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
-      - ["", "", False, "madArg0ToReturn", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["", "", False, "madArg0ToReturnIndirect", "", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"]
-      - ["", "", False, "madArg0ToReturnValueFlow", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
-      - ["", "", False, "madArg0IndirectToReturn", "", "", "Argument[*0]", "ReturnValue", "taint", "manual"]
-      - ["", "", False, "madArg0DoubleIndirectToReturn", "", "", "Argument[**0]", "ReturnValue", "taint", "manual"]
-      - ["", "", False, "madArg0NotIndirectToReturn", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["", "", False, "madArg0ToArg1Indirect", "", "", "Argument[0]", "Argument[*1]", "taint", "manual"]
-      - ["", "", False, "madArg0IndirectToArg1Indirect", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"]
-      - ["", "", False, "madArgsComplex", "", "", "Argument[*0..1,2]", "ReturnValue", "taint", "manual"]
-      - ["", "", False, "madAndImplementedComplex", "", "", "Argument[2]", "ReturnValue", "taint", "manual"]
-      - ["", "", False, "madArgsAny", "", "", "Argument", "ReturnValue", "taint", "manual"] # we can't express this source/sink correctly at present, "Argument" is not a valid input
-      - ["", "", False, "madArg0FieldToReturn", "", "", "Argument[0].Field[value]", "ReturnValue", "taint", "manual"]
-      - ["", "", False, "madArg0IndirectFieldToReturn", "", "", "Argument[*0].Field[value]", "ReturnValue", "taint", "manual"]
-      - ["", "", False, "madArg0FieldIndirectToReturn", "", "", "Argument[0].Field[*ptr]", "ReturnValue", "taint", "manual"]
-      - ["", "", False, "madArg0ToReturnField", "", "", "Argument[0]", "ReturnValue.Field[value]", "taint", "manual"]
-      - ["", "", False, "madArg0ToReturnIndirectField", "", "", "Argument[0]", "ReturnValue[*].Field[value]", "taint", "manual"]
-      - ["", "", False, "madArg0ToReturnFieldIndirect", "", "", "Argument[0]", "ReturnValue.Field[*ptr]", "taint", "manual"]
-      - ["", "", False, "madFieldToFieldVar", "", "", "Field[value]", "Field[value2]", "taint", "manual"] # we can't express this source/sink correctly at present, "Field[value]" is not a valid input and "Field[value2]" is not a valid output
-      - ["", "", False, "madFieldToIndirectFieldVar", "", "", "Field[value]", "Field[*ptr]", "taint", "manual"] # we can't express this source/sink correctly at present, "Field[value]" is not a valid input and "Field[*ptr]" is not a valid output
-      - ["", "", False, "madIndirectFieldToFieldVar", "", "", "Field[value]", "Field[value2]", "taint", "manual"] # we can't express this source/sink correctly at present, "Field[value]" is not a valid input and "Field[value2]" is not a valid output
-      - ["", "MyClass", True, "madArg0ToSelf", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
-      - ["", "MyClass", True, "madSelfToReturn", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
-      - ["", "MyClass", True, "madArg0ToField", "", "", "Argument[0]", "Argument[-1].Field[val]", "taint", "manual"]
-      - ["", "MyClass", True, "madFieldToReturn", "", "", "Argument[-1].Field[val]", "ReturnValue", "taint", "manual"]
-      - ["MyNamespace", "MyClass", True, "namespaceMadSelfToReturn", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
-      - ["", "", False, "madCallArg0ReturnToReturn", "", "", "Argument[0].ReturnValue", "ReturnValue", "value", "manual"]
-      - ["", "", False, "madCallArg0ReturnToReturnFirst", "", "", "Argument[0].ReturnValue", "ReturnValue.Field[first]", "value", "manual"]
-      - ["", "", False, "madCallArg0WithValue", "", "", "Argument[1]", "Argument[0].Parameter[0]", "value", "manual"]
-      - ["", "", False, "madCallReturnValueIgnoreFunction", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
-      - ["", "StructWithTypedefInParameter<T>", True, "parameter_ref_to_return_ref", "(const T &)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"]
-      - ["", "", False, "receive_array", "(int[20])", "", "Argument[*0]", "ReturnValue", "taint", "manual"]

cpp/ql/test/library-tests/dataflow/models-as-data/testModels.ql

@@ -1,74 +0,0 @@
-import semmle.code.cpp.ir.dataflow.internal.DataFlowImplConsistency::Consistency
-import semmle.code.cpp.ir.dataflow.internal.DataFlowNodes
-import semmle.code.cpp.ir.dataflow.internal.DataFlowPrivate
-import semmle.code.cpp.ir.dataflow.internal.DataFlowUtil
-import semmle.code.cpp.security.FlowSources
-import utils.test.dataflow.FlowTestCommon
-
-module InterpretElementTest implements TestSig {
-  string getARelevantTag() { result = "interpretElement" }
-
-  predicate hasActualResult(Location location, string element, string tag, string value) {
-    exists(Element e |
-      e = interpretElement(_, _, _, _, _, _) and
-      location = e.getLocation() and
-      element = e.toString() and
-      tag = "interpretElement" and
-      value = ""
-    )
-  }
-}
-
-query predicate summaryCalls(SummaryCall c) { any() }
-
-query predicate summarizedCallables(SummarizedCallable c) { any() }
-
-query predicate sourceCallables(SourceCallable c) { c.getLocation().getFile().toString() != "" }
-
-module IRTest {
-  private import semmle.code.cpp.ir.IR
-  private import semmle.code.cpp.ir.dataflow.TaintTracking
-
-  /** Common data flow configuration to be used by tests. */
-  module TestAllocationConfig implements DataFlow::ConfigSig {
-    predicate isSource(DataFlow::Node source) {
-      source instanceof FlowSource
-      or
-      source.asExpr().(FunctionCall).getTarget().getName() =
-        ["source", "source2", "source3", "sourcePtr"]
-      or
-      source.asIndirectExpr(1).(FunctionCall).getTarget().getName() = "sourceIndirect"
-    }
-
-    predicate isSink(DataFlow::Node sink) {
-      sinkNode(sink, "test-sink")
-      or
-      exists(FunctionCall call |
-        call.getTarget().getName() = "sink" and
-        sink.asExpr() = call.getAnArgument()
-      )
-    }
-  }
-
-  module IRFlow = TaintTracking::Global<TestAllocationConfig>;
-}
-
-import MakeTest<MergeTests<IRFlowTest<IRTest::IRFlow>, InterpretElementTest>>
-
-string describe(DataFlow::Node n) {
-  n instanceof ParameterNode and result = "ParameterNode"
-  or
-  n instanceof PostUpdateNode and result = "PostUpdateNode"
-  or
-  n instanceof ArgumentNode and result = "ArgumentNode"
-  or
-  n instanceof ReturnNode and result = "ReturnNode"
-  or
-  n instanceof OutNode and result = "OutNode"
-}
-
-query predicate flowSummaryNode(FlowSummaryNode n, string str1, string str2, string str3) {
-  str1 = concat(describe(n), ", ") and
-  str2 = concat(n.getSummarizedCallable().toString(), ", ") and
-  str3 = concat(n.getEnclosingCallable().toString(), ", ")
-}

cpp/ql/test/library-tests/dataflow/models-as-data/testModels.qll

@@ -0,0 +1,105 @@
+import semmle.code.cpp.security.FlowSources
+
+/**
+ * Models-as-data source models for this test.
+ */
+private class TestSources extends SourceModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        ";;false;localMadSource;;;ReturnValue;local",
+        ";;false;remoteMadSource;;;ReturnValue;remote",
+        ";;false;localMadSourceVoid;;;ReturnValue;local",
+        ";;false;localMadSourceHasBody;;;ReturnValue;local",
+        ";;false;remoteMadSourceIndirect;;;ReturnValue[*];remote",
+        ";;false;remoteMadSourceDoubleIndirect;;;ReturnValue[**];remote",
+        ";;false;remoteMadSourceIndirectArg0;;;Argument[*0];remote",
+        ";;false;remoteMadSourceIndirectArg1;;;Argument[*1];remote",
+        ";;false;remoteMadSourceVar;;;;remote",
+        ";;false;remoteMadSourceVarIndirect;;;*;remote", // not correctly expressed
+        ";;false;remoteMadSourceParam0;;;Parameter[0];remote",
+        "MyNamespace;;false;namespaceLocalMadSource;;;ReturnValue;local",
+        "MyNamespace;;false;namespaceLocalMadSourceVar;;;;local",
+        "MyNamespace::MyNamespace2;;false;namespace2LocalMadSource;;;ReturnValue;local",
+        ";MyClass;true;memberRemoteMadSource;;;ReturnValue;remote",
+        ";MyClass;true;memberRemoteMadSourceIndirectArg0;;;Argument[*0];remote",
+        ";MyClass;true;memberRemoteMadSourceVar;;;;remote",
+        ";MyClass;true;subtypeRemoteMadSource1;;;ReturnValue;remote",
+        ";MyClass;false;subtypeNonSource;;;ReturnValue;remote", // the tests define this in MyDerivedClass, so it should *not* be recongized as a source
+        ";MyClass;true;qualifierSource;;;Argument[-1];remote",
+        ";MyClass;true;qualifierFieldSource;;;Argument[-1].val;remote",
+        ";MyDerivedClass;false;subtypeRemoteMadSource2;;;ReturnValue;remote",
+      ]
+  }
+}
+
+/**
+ * Models-as-data sink models for this test.
+ */
+private class TestSinks extends SinkModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        ";;false;madSinkArg0;;;Argument[0];test-sink",
+        ";;false;madSinkArg1;;;Argument[1];test-sink",
+        ";;false;madSinkArg01;;;Argument[0..1];test-sink",
+        ";;false;madSinkArg02;;;Argument[0,2];test-sink",
+        ";;false;madSinkIndirectArg0;;;Argument[*0];test-sink",
+        ";;false;madSinkDoubleIndirectArg0;;;Argument[**0];test-sink",
+        ";;false;madSinkVar;;;;test-sink",
+        ";;false;madSinkVarIndirect;;;*;test-sink", // not correctly expressed
+        ";;false;madSinkParam0;;;Parameter[0];test-sink",
+        ";MyClass;true;memberMadSinkArg0;;;Argument[0];test-sink",
+        ";MyClass;true;memberMadSinkVar;;;;test-sink",
+        ";MyClass;true;qualifierSink;;;Argument[-1];test-sink",
+        ";MyClass;true;qualifierArg0Sink;;;Argument[-1..0];test-sink",
+        ";MyClass;true;qualifierFieldSink;;;Argument[-1].val;test-sink",
+        "MyNamespace;MyClass;true;namespaceMemberMadSinkArg0;;;Argument[0];test-sink",
+        "MyNamespace;MyClass;true;namespaceStaticMemberMadSinkArg0;;;Argument[0];test-sink",
+        "MyNamespace;MyClass;true;namespaceMemberMadSinkVar;;;;test-sink",
+        "MyNamespace;MyClass;true;namespaceStaticMemberMadSinkVar;;;;test-sink",
+      ]
+  }
+}
+
+/**
+ * Models-as-data summary models for this test.
+ */
+private class TestSummaries extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        ";;false;madArg0ToReturn;;;Argument[0];ReturnValue;taint",
+        ";;false;madArg0ToReturnIndirect;;;Argument[0];ReturnValue[*];taint",
+        ";;false;madArg0ToReturnValueFlow;;;Argument[0];ReturnValue;value",
+        ";;false;madArg0IndirectToReturn;;;Argument[*0];ReturnValue;taint",
+        ";;false;madArg0DoubleIndirectToReturn;;;Argument[**0];ReturnValue;taint",
+        ";;false;madArg0NotIndirectToReturn;;;Argument[0];ReturnValue;taint",
+        ";;false;madArg0ToArg1Indirect;;;Argument[0];Argument[*1];taint",
+        ";;false;madArg0IndirectToArg1Indirect;;;Argument[*0];Argument[*1];taint",
+        ";;false;madArgsComplex;;;Argument[*0..1,2];ReturnValue;taint",
+        ";;false;madAndImplementedComplex;;;Argument[2];ReturnValue;taint",
+        ";;false;madArgsAny;;;Argument;ReturnValue;taint", // (syntax not supported)
+        ";;false;madArg0FieldToReturn;;;Argument[0].Field[value];ReturnValue;taint",
+        ";;false;madArg0IndirectFieldToReturn;;;Argument[*0].Field[value];ReturnValue;taint",
+        ";;false;madArg0FieldIndirectToReturn;;;Argument[0].Field[*ptr];ReturnValue;taint",
+        ";;false;madArg0ToReturnField;;;Argument[0];ReturnValue.Field[value];taint",
+        ";;false;madArg0ToReturnIndirectField;;;Argument[0];ReturnValue[*].Field[value];taint",
+        ";;false;madArg0ToReturnFieldIndirect;;;Argument[0];ReturnValue.Field[*ptr];taint",
+        ";;false;madFieldToFieldVar;;;Field[value];Field[value2];taint",
+        ";;false;madFieldToIndirectFieldVar;;;Field[value];Field[*ptr];taint",
+        ";;false;madIndirectFieldToFieldVar;;;;Field[value];Field[value2];taint", // not correctly expressed
+        ";MyClass;true;madArg0ToSelf;;;Argument[0];Argument[-1];taint",
+        ";MyClass;true;madSelfToReturn;;;Argument[-1];ReturnValue;taint",
+        ";MyClass;true;madArg0ToField;;;Argument[0];Argument[-1].Field[val];taint",
+        ";MyClass;true;madFieldToReturn;;;Argument[-1].Field[val];ReturnValue;taint",
+        "MyNamespace;MyClass;true;namespaceMadSelfToReturn;;;Argument[-1];ReturnValue;taint",
+        ";;false;madCallArg0ReturnToReturn;;;Argument[0].ReturnValue;ReturnValue;value",
+        ";;false;madCallArg0ReturnToReturnFirst;;;Argument[0].ReturnValue;ReturnValue.Field[first];value",
+        ";;false;madCallArg0WithValue;;;Argument[1];Argument[0].Parameter[0];value",
+        ";;false;madCallReturnValueIgnoreFunction;;;Argument[1];ReturnValue;value",
+        ";StructWithTypedefInParameter<T>;true;parameter_ref_to_return_ref;(const T &);;Argument[*0];ReturnValue[*];value",
+        ";;false;receive_array;(int[20]);;Argument[*0];ReturnValue;taint"
+      ]
+  }
+}

cpp/ql/test/library-tests/ir/ir/PrintAST.expected

@@ -277,7 +277,7 @@ bad_asts.cpp:
 #-----|     getParameter(0): [Parameter] (unnamed parameter 0)
 #-----|         Type = [LValueReferenceType] const Point &
 #   19|   <initializations>: 
-#   19|     getInitializer(0): [ConstructorDirectFieldInit] constructor init of field x
+#   19|     getInitializer(0): [ConstructorFieldInit] constructor init of field x
 #   19|         Type = [IntType] int
 #   19|         ValueCategory = prvalue
 #   19|       getExpr(): [ReferenceFieldAccess] x
@@ -289,7 +289,7 @@ bad_asts.cpp:
 #   19|         getQualifier().getFullyConverted(): [ReferenceDereferenceExpr] (reference dereference)
 #   19|             Type = [SpecifiedType] const Point
 #   19|             ValueCategory = lvalue
-#   19|     getInitializer(1): [ConstructorDirectFieldInit] constructor init of field y
+#   19|     getInitializer(1): [ConstructorFieldInit] constructor init of field y
 #   19|         Type = [IntType] int
 #   19|         ValueCategory = prvalue
 #   19|       getExpr(): [ReferenceFieldAccess] y
@@ -8986,20 +8986,20 @@ ir.cpp:
 #  658| [Constructor] void C::C()
 #  658|   <params>: 
 #  658|   <initializations>: 
-#  659|     getInitializer(0): [ConstructorDirectFieldInit] constructor init of field m_a
+#  659|     getInitializer(0): [ConstructorFieldInit] constructor init of field m_a
 #  659|         Type = [IntType] int
 #  659|         ValueCategory = prvalue
 #  659|       getExpr(): [Literal] 1
 #  659|           Type = [IntType] int
 #  659|           Value = [Literal] 1
 #  659|           ValueCategory = prvalue
-#  663|     getInitializer(1): [ConstructorDirectFieldInit] constructor init of field m_b
+#  663|     getInitializer(1): [ConstructorFieldInit] constructor init of field m_b
 #  663|         Type = [Struct] String
 #  663|         ValueCategory = prvalue
 #  663|       getExpr(): [ConstructorCall] call to String
 #  663|           Type = [VoidType] void
 #  663|           ValueCategory = prvalue
-#  660|     getInitializer(2): [ConstructorDirectFieldInit] constructor init of field m_c
+#  660|     getInitializer(2): [ConstructorFieldInit] constructor init of field m_c
 #  660|         Type = [PlainCharType] char
 #  660|         ValueCategory = prvalue
 #  660|       getExpr(): [Literal] 3
@@ -9011,14 +9011,14 @@ ir.cpp:
 #  660|           Type = [PlainCharType] char
 #  660|           Value = [CStyleCast] 3
 #  660|           ValueCategory = prvalue
-#  661|     getInitializer(3): [ConstructorDirectFieldInit] constructor init of field m_e
+#  661|     getInitializer(3): [ConstructorFieldInit] constructor init of field m_e
 #  661|         Type = [VoidPointerType] void *
 #  661|         ValueCategory = prvalue
 #  661|       getExpr(): [Literal] 0
 #  661|           Type = [VoidPointerType] void *
 #  661|           Value = [Literal] 0
 #  661|           ValueCategory = prvalue
-#  662|     getInitializer(4): [ConstructorDirectFieldInit] constructor init of field m_f
+#  662|     getInitializer(4): [ConstructorFieldInit] constructor init of field m_f
 #  662|         Type = [Struct] String
 #  662|         ValueCategory = prvalue
 #  662|       getExpr(): [ConstructorCall] call to String
@@ -9474,7 +9474,7 @@ ir.cpp:
 #-----|     getParameter(0): [Parameter] (unnamed parameter 0)
 #-----|         Type = [LValueReferenceType] const Base &
 #  745|   <initializations>: 
-#  745|     getInitializer(0): [ConstructorDirectFieldInit] constructor init of field base_s
+#  745|     getInitializer(0): [ConstructorFieldInit] constructor init of field base_s
 #  745|         Type = [Struct] String
 #  745|         ValueCategory = prvalue
 #  745|       getExpr(): [ConstructorCall] call to String
@@ -9485,7 +9485,7 @@ ir.cpp:
 #  748| [Constructor] void Base::Base()
 #  748|   <params>: 
 #  748|   <initializations>: 
-#  748|     getInitializer(0): [ConstructorDirectFieldInit] constructor init of field base_s
+#  748|     getInitializer(0): [ConstructorFieldInit] constructor init of field base_s
 #  748|         Type = [Struct] String
 #  748|         ValueCategory = prvalue
 #  748|       getExpr(): [ConstructorCall] call to String
@@ -9593,7 +9593,7 @@ ir.cpp:
 #  757|     getInitializer(0): [ConstructorDirectInit] call to Base
 #  757|         Type = [VoidType] void
 #  757|         ValueCategory = prvalue
-#  757|     getInitializer(1): [ConstructorDirectFieldInit] constructor init of field middle_s
+#  757|     getInitializer(1): [ConstructorFieldInit] constructor init of field middle_s
 #  757|         Type = [Struct] String
 #  757|         ValueCategory = prvalue
 #  757|       getExpr(): [ConstructorCall] call to String
@@ -9704,7 +9704,7 @@ ir.cpp:
 #  766|     getInitializer(0): [ConstructorDirectInit] call to Middle
 #  766|         Type = [VoidType] void
 #  766|         ValueCategory = prvalue
-#  766|     getInitializer(1): [ConstructorDirectFieldInit] constructor init of field derived_s
+#  766|     getInitializer(1): [ConstructorFieldInit] constructor init of field derived_s
 #  766|         Type = [Struct] String
 #  766|         ValueCategory = prvalue
 #  766|       getExpr(): [ConstructorCall] call to String
@@ -9743,7 +9743,7 @@ ir.cpp:
 #  775|     getInitializer(0): [ConstructorVirtualInit] call to Base
 #  775|         Type = [VoidType] void
 #  775|         ValueCategory = prvalue
-#  775|     getInitializer(1): [ConstructorDirectFieldInit] constructor init of field middlevb1_s
+#  775|     getInitializer(1): [ConstructorFieldInit] constructor init of field middlevb1_s
 #  775|         Type = [Struct] String
 #  775|         ValueCategory = prvalue
 #  775|       getExpr(): [ConstructorCall] call to String
@@ -9782,7 +9782,7 @@ ir.cpp:
 #  784|     getInitializer(0): [ConstructorVirtualInit] call to Base
 #  784|         Type = [VoidType] void
 #  784|         ValueCategory = prvalue
-#  784|     getInitializer(1): [ConstructorDirectFieldInit] constructor init of field middlevb2_s
+#  784|     getInitializer(1): [ConstructorFieldInit] constructor init of field middlevb2_s
 #  784|         Type = [Struct] String
 #  784|         ValueCategory = prvalue
 #  784|       getExpr(): [ConstructorCall] call to String
@@ -9827,7 +9827,7 @@ ir.cpp:
 #  793|     getInitializer(2): [ConstructorDirectInit] call to MiddleVB2
 #  793|         Type = [VoidType] void
 #  793|         ValueCategory = prvalue
-#  793|     getInitializer(3): [ConstructorDirectFieldInit] constructor init of field derivedvb_s
+#  793|     getInitializer(3): [ConstructorFieldInit] constructor init of field derivedvb_s
 #  793|         Type = [Struct] String
 #  793|         ValueCategory = prvalue
 #  793|       getExpr(): [ConstructorCall] call to String
@@ -15190,7 +15190,7 @@ ir.cpp:
 # 1508|     getInitializer(0): [ConstructorInit] constructor init
 # 1508|         Type = [Struct] Inheritance_Test_B
 # 1508|         ValueCategory = prvalue
-# 1508|     getInitializer(1): [ConstructorDirectFieldInit] constructor init of field x
+# 1508|     getInitializer(1): [ConstructorFieldInit] constructor init of field x
 # 1508|         Type = [IntType] int
 # 1508|         ValueCategory = prvalue
 # 1508|       getExpr(): [Literal] 42
@@ -15414,7 +15414,7 @@ ir.cpp:
 # 1533| [Constructor] void StructuredBindingDataMemberMemberStruct::StructuredBindingDataMemberMemberStruct()
 # 1533|   <params>: 
 # 1533|   <initializations>: 
-# 1533|     getInitializer(0): [ConstructorDefaultFieldInit] constructor init of field x
+# 1533|     getInitializer(0): [ConstructorFieldInit] constructor init of field x
 # 1533|         Type = [IntType] int
 # 1533|         ValueCategory = prvalue
 # 1533|   getEntryPoint(): [BlockStmt] { ... }
@@ -15434,25 +15434,25 @@ ir.cpp:
 # 1537| [Constructor] void StructuredBindingDataMemberStruct::StructuredBindingDataMemberStruct()
 # 1537|   <params>: 
 # 1537|   <initializations>: 
-# 1537|     getInitializer(0): [ConstructorDefaultFieldInit] constructor init of field i
+# 1537|     getInitializer(0): [ConstructorFieldInit] constructor init of field i
 # 1537|         Type = [IntType] int
 # 1537|         ValueCategory = prvalue
-# 1537|     getInitializer(1): [ConstructorDefaultFieldInit] constructor init of field d
+# 1537|     getInitializer(1): [ConstructorFieldInit] constructor init of field d
 # 1537|         Type = [DoubleType] double
 # 1537|         ValueCategory = prvalue
-# 1537|     getInitializer(2): [ConstructorDefaultFieldInit] constructor init of field r
+# 1537|     getInitializer(2): [ConstructorFieldInit] constructor init of field r
 # 1537|         Type = [LValueReferenceType] int &
 # 1537|         ValueCategory = prvalue
-# 1537|     getInitializer(3): [ConstructorDefaultFieldInit] constructor init of field p
+# 1537|     getInitializer(3): [ConstructorFieldInit] constructor init of field p
 # 1537|         Type = [IntPointerType] int *
 # 1537|         ValueCategory = prvalue
-# 1537|     getInitializer(4): [ConstructorDefaultFieldInit] constructor init of field xs
+# 1537|     getInitializer(4): [ConstructorFieldInit] constructor init of field xs
 # 1537|         Type = [CTypedefType,NestedTypedefType] ArrayType
 # 1537|         ValueCategory = prvalue
-# 1537|     getInitializer(5): [ConstructorDefaultFieldInit] constructor init of field r_alt
+# 1537|     getInitializer(5): [ConstructorFieldInit] constructor init of field r_alt
 # 1537|         Type = [CTypedefType,NestedTypedefType] RefType
 # 1537|         ValueCategory = prvalue
-# 1537|     getInitializer(6): [ConstructorDirectFieldInit] constructor init of field m
+# 1537|     getInitializer(6): [ConstructorFieldInit] constructor init of field m
 # 1537|         Type = [Struct] StructuredBindingDataMemberMemberStruct
 # 1537|         ValueCategory = prvalue
 # 1537|       getExpr(): [ConstructorCall] call to StructuredBindingDataMemberMemberStruct
@@ -15465,7 +15465,7 @@ ir.cpp:
 #-----|     getParameter(0): [Parameter] (unnamed parameter 0)
 #-----|         Type = [LValueReferenceType] const StructuredBindingDataMemberStruct &
 # 1537|   <initializations>: 
-# 1537|     getInitializer(0): [ConstructorDirectFieldInit] constructor init of field i
+# 1537|     getInitializer(0): [ConstructorFieldInit] constructor init of field i
 # 1537|         Type = [IntType] int
 # 1537|         ValueCategory = prvalue
 # 1537|       getExpr(): [ReferenceFieldAccess] i
@@ -15477,7 +15477,7 @@ ir.cpp:
 # 1537|         getQualifier().getFullyConverted(): [ReferenceDereferenceExpr] (reference dereference)
 # 1537|             Type = [SpecifiedType] const StructuredBindingDataMemberStruct
 # 1537|             ValueCategory = lvalue
-# 1537|     getInitializer(1): [ConstructorDirectFieldInit] constructor init of field d
+# 1537|     getInitializer(1): [ConstructorFieldInit] constructor init of field d
 # 1537|         Type = [DoubleType] double
 # 1537|         ValueCategory = prvalue
 # 1537|       getExpr(): [ReferenceFieldAccess] d
@@ -15489,7 +15489,7 @@ ir.cpp:
 # 1537|         getQualifier().getFullyConverted(): [ReferenceDereferenceExpr] (reference dereference)
 # 1537|             Type = [SpecifiedType] const StructuredBindingDataMemberStruct
 # 1537|             ValueCategory = lvalue
-# 1537|     getInitializer(2): [ConstructorDirectFieldInit] constructor init of field b
+# 1537|     getInitializer(2): [ConstructorFieldInit] constructor init of field b
 # 1537|         Type = [IntType] unsigned int
 # 1537|         ValueCategory = prvalue
 # 1537|       getExpr(): [ReferenceFieldAccess] b
@@ -15501,7 +15501,7 @@ ir.cpp:
 # 1537|         getQualifier().getFullyConverted(): [ReferenceDereferenceExpr] (reference dereference)
 # 1537|             Type = [SpecifiedType] const StructuredBindingDataMemberStruct
 # 1537|             ValueCategory = lvalue
-# 1537|     getInitializer(3): [ConstructorDirectFieldInit] constructor init of field r
+# 1537|     getInitializer(3): [ConstructorFieldInit] constructor init of field r
 # 1537|         Type = [LValueReferenceType] int &
 # 1537|         ValueCategory = prvalue
 # 1537|       getExpr(): [ReferenceFieldAccess] r
@@ -15513,7 +15513,7 @@ ir.cpp:
 # 1537|         getQualifier().getFullyConverted(): [ReferenceDereferenceExpr] (reference dereference)
 # 1537|             Type = [SpecifiedType] const StructuredBindingDataMemberStruct
 # 1537|             ValueCategory = lvalue
-# 1537|     getInitializer(4): [ConstructorDirectFieldInit] constructor init of field p
+# 1537|     getInitializer(4): [ConstructorFieldInit] constructor init of field p
 # 1537|         Type = [IntPointerType] int *
 # 1537|         ValueCategory = prvalue
 # 1537|       getExpr(): [ReferenceFieldAccess] p
@@ -15525,7 +15525,7 @@ ir.cpp:
 # 1537|         getQualifier().getFullyConverted(): [ReferenceDereferenceExpr] (reference dereference)
 # 1537|             Type = [SpecifiedType] const StructuredBindingDataMemberStruct
 # 1537|             ValueCategory = lvalue
-# 1537|     getInitializer(5): [ConstructorDirectFieldInit] constructor init of field xs
+# 1537|     getInitializer(5): [ConstructorFieldInit] constructor init of field xs
 # 1537|         Type = [CTypedefType,NestedTypedefType] ArrayType
 # 1537|         ValueCategory = prvalue
 # 1537|       getExpr(): [ReferenceFieldAccess] xs
@@ -15537,7 +15537,7 @@ ir.cpp:
 # 1537|         getQualifier().getFullyConverted(): [ReferenceDereferenceExpr] (reference dereference)
 # 1537|             Type = [SpecifiedType] const StructuredBindingDataMemberStruct
 # 1537|             ValueCategory = lvalue
-# 1537|     getInitializer(6): [ConstructorDirectFieldInit] constructor init of field r_alt
+# 1537|     getInitializer(6): [ConstructorFieldInit] constructor init of field r_alt
 # 1537|         Type = [CTypedefType,NestedTypedefType] RefType
 # 1537|         ValueCategory = prvalue
 # 1537|       getExpr(): [ReferenceFieldAccess] r_alt
@@ -15549,7 +15549,7 @@ ir.cpp:
 # 1537|         getQualifier().getFullyConverted(): [ReferenceDereferenceExpr] (reference dereference)
 # 1537|             Type = [SpecifiedType] const StructuredBindingDataMemberStruct
 # 1537|             ValueCategory = lvalue
-# 1537|     getInitializer(7): [ConstructorDirectFieldInit] constructor init of field m
+# 1537|     getInitializer(7): [ConstructorFieldInit] constructor init of field m
 # 1537|         Type = [Struct] StructuredBindingDataMemberMemberStruct
 # 1537|         ValueCategory = prvalue
 # 1537|       getExpr(): [ReferenceFieldAccess] m
@@ -15918,13 +15918,13 @@ ir.cpp:
 # 1590| [Constructor] void StructuredBindingTupleRefGet::StructuredBindingTupleRefGet()
 # 1590|   <params>: 
 # 1590|   <initializations>: 
-# 1590|     getInitializer(0): [ConstructorDefaultFieldInit] constructor init of field i
+# 1590|     getInitializer(0): [ConstructorFieldInit] constructor init of field i
 # 1590|         Type = [IntType] int
 # 1590|         ValueCategory = prvalue
-# 1590|     getInitializer(1): [ConstructorDefaultFieldInit] constructor init of field d
+# 1590|     getInitializer(1): [ConstructorFieldInit] constructor init of field d
 # 1590|         Type = [DoubleType] double
 # 1590|         ValueCategory = prvalue
-# 1590|     getInitializer(2): [ConstructorDefaultFieldInit] constructor init of field r
+# 1590|     getInitializer(2): [ConstructorFieldInit] constructor init of field r
 # 1590|         Type = [LValueReferenceType] int &
 # 1590|         ValueCategory = prvalue
 # 1590|   getEntryPoint(): [BlockStmt] { ... }
@@ -15934,7 +15934,7 @@ ir.cpp:
 #-----|     getParameter(0): [Parameter] (unnamed parameter 0)
 #-----|         Type = [LValueReferenceType] const StructuredBindingTupleRefGet &
 # 1590|   <initializations>: 
-# 1590|     getInitializer(0): [ConstructorDirectFieldInit] constructor init of field i
+# 1590|     getInitializer(0): [ConstructorFieldInit] constructor init of field i
 # 1590|         Type = [IntType] int
 # 1590|         ValueCategory = prvalue
 # 1590|       getExpr(): [ReferenceFieldAccess] i
@@ -15946,7 +15946,7 @@ ir.cpp:
 # 1590|         getQualifier().getFullyConverted(): [ReferenceDereferenceExpr] (reference dereference)
 # 1590|             Type = [SpecifiedType] const StructuredBindingTupleRefGet
 # 1590|             ValueCategory = lvalue
-# 1590|     getInitializer(1): [ConstructorDirectFieldInit] constructor init of field d
+# 1590|     getInitializer(1): [ConstructorFieldInit] constructor init of field d
 # 1590|         Type = [DoubleType] double
 # 1590|         ValueCategory = prvalue
 # 1590|       getExpr(): [ReferenceFieldAccess] d
@@ -15958,7 +15958,7 @@ ir.cpp:
 # 1590|         getQualifier().getFullyConverted(): [ReferenceDereferenceExpr] (reference dereference)
 # 1590|             Type = [SpecifiedType] const StructuredBindingTupleRefGet
 # 1590|             ValueCategory = lvalue
-# 1590|     getInitializer(2): [ConstructorDirectFieldInit] constructor init of field r
+# 1590|     getInitializer(2): [ConstructorFieldInit] constructor init of field r
 # 1590|         Type = [LValueReferenceType] int &
 # 1590|         ValueCategory = prvalue
 # 1590|       getExpr(): [ReferenceFieldAccess] r
@@ -16327,10 +16327,10 @@ ir.cpp:
 # 1657| [Constructor] void StructuredBindingTupleNoRefGet::StructuredBindingTupleNoRefGet()
 # 1657|   <params>: 
 # 1657|   <initializations>: 
-# 1657|     getInitializer(0): [ConstructorDefaultFieldInit] constructor init of field i
+# 1657|     getInitializer(0): [ConstructorFieldInit] constructor init of field i
 # 1657|         Type = [IntType] int
 # 1657|         ValueCategory = prvalue
-# 1657|     getInitializer(1): [ConstructorDefaultFieldInit] constructor init of field r
+# 1657|     getInitializer(1): [ConstructorFieldInit] constructor init of field r
 # 1657|         Type = [LValueReferenceType] int &
 # 1657|         ValueCategory = prvalue
 # 1657|   getEntryPoint(): [BlockStmt] { ... }
@@ -19817,7 +19817,7 @@ ir.cpp:
 #-----|     getParameter(0): [Parameter] (unnamed parameter 0)
 #-----|         Type = [LValueReferenceType] const ClassWithDestructor &
 # 2188|   <initializations>: 
-# 2188|     getInitializer(0): [ConstructorDirectFieldInit] constructor init of field x
+# 2188|     getInitializer(0): [ConstructorFieldInit] constructor init of field x
 # 2188|         Type = [CharPointerType] char *
 # 2188|         ValueCategory = prvalue
 # 2188|       getExpr(): [ReferenceFieldAccess] x
@@ -25642,168 +25642,6 @@ ir.cpp:
 # 2884|                   Type = [VoidType] void
 # 2884|                   ValueCategory = prvalue
 # 2886|     getStmt(6): [ReturnStmt] return ...
-# 2889| [CopyAssignmentOperator] StructInit& StructInit::operator=(StructInit const&)
-# 2889|   <params>: 
-#-----|     getParameter(0): [Parameter] (unnamed parameter 0)
-#-----|         Type = [LValueReferenceType] const StructInit &
-# 2889| [MoveAssignmentOperator] StructInit& StructInit::operator=(StructInit&&)
-# 2889|   <params>: 
-#-----|     getParameter(0): [Parameter] (unnamed parameter 0)
-#-----|         Type = [RValueReferenceType] StructInit &&
-# 2889| [CopyConstructor] void StructInit::StructInit(StructInit const&)
-# 2889|   <params>: 
-#-----|     getParameter(0): [Parameter] (unnamed parameter 0)
-#-----|         Type = [LValueReferenceType] const StructInit &
-# 2889| [MoveConstructor] void StructInit::StructInit(StructInit&&)
-# 2889|   <params>: 
-#-----|     getParameter(0): [Parameter] (unnamed parameter 0)
-#-----|         Type = [RValueReferenceType] StructInit &&
-# 2897| [Constructor] void StructInit::StructInit(int)
-# 2897|   <params>: 
-# 2897|     getParameter(0): [Parameter] j
-# 2897|         Type = [IntType] int
-# 2897|   <initializations>: 
-# 2897|     getInitializer(0): [ConstructorDefaultFieldInit] constructor init of field i
-# 2897|         Type = [IntType] int
-# 2897|         ValueCategory = prvalue
-# 2897|     getInitializer(1): [ConstructorDirectFieldInit] constructor init of field j
-# 2897|         Type = [IntType] int
-# 2897|         ValueCategory = prvalue
-# 2897|       getExpr(): [VariableAccess] j
-# 2897|           Type = [IntType] int
-# 2897|           ValueCategory = prvalue(load)
-# 2897|     getInitializer(2): [ConstructorDefaultFieldInit] constructor init of field k
-# 2897|         Type = [IntType] int
-# 2897|         ValueCategory = prvalue
-# 2897|     getInitializer(3): [ConstructorDefaultFieldInit] constructor init of field l
-# 2897|         Type = [IntType] int
-# 2897|         ValueCategory = prvalue
-# 2897|     getInitializer(4): [ConstructorDefaultFieldInit] constructor init of field m
-# 2897|         Type = [IntType] int
-# 2897|         ValueCategory = prvalue
-# 2897|     getInitializer(5): [ConstructorDirectFieldInit] constructor init of field n
-# 2897|         Type = [IntType] int
-# 2897|         ValueCategory = prvalue
-# 2897|       getExpr(): [FunctionCall] call to get_val
-# 2897|           Type = [IntType] int
-# 2897|           ValueCategory = prvalue
-# 2897|         getQualifier(): [ThisExpr] this
-# 2897|             Type = [PointerType] StructInit *
-# 2897|             ValueCategory = prvalue(load)
-# 2897|   getEntryPoint(): [BlockStmt] { ... }
-# 2897|     getStmt(0): [ReturnStmt] return ...
-# 2899| [Constructor] void StructInit::StructInit()
-# 2899|   <params>: 
-# 2899|   <initializations>: 
-# 2899|     getInitializer(0): [ConstructorDirectFieldInit] constructor init of field i
-# 2899|         Type = [IntType] int
-# 2899|         ValueCategory = prvalue
-# 2899|       getExpr(): [Literal] 41
-# 2899|           Type = [IntType] int
-# 2899|           Value = [Literal] 41
-# 2899|           ValueCategory = prvalue
-# 2899|     getInitializer(1): [ConstructorDefaultFieldInit] constructor init of field j
-# 2899|         Type = [IntType] int
-# 2899|         ValueCategory = prvalue
-# 2899|     getInitializer(2): [ConstructorDirectFieldInit] constructor init of field k
-# 2899|         Type = [IntType] int
-# 2899|         ValueCategory = prvalue
-# 2899|       getExpr(): [Literal] 41
-# 2899|           Type = [IntType] int
-# 2899|           Value = [Literal] 41
-# 2899|           ValueCategory = prvalue
-# 2899|     getInitializer(3): [ConstructorDefaultFieldInit] constructor init of field l
-# 2899|         Type = [IntType] int
-# 2899|         ValueCategory = prvalue
-# 2899|     getInitializer(4): [ConstructorDefaultFieldInit] constructor init of field m
-# 2899|         Type = [IntType] int
-# 2899|         ValueCategory = prvalue
-# 2899|     getInitializer(5): [ConstructorDefaultFieldInit] constructor init of field n
-# 2899|         Type = [IntType] int
-# 2899|         ValueCategory = prvalue
-# 2899|   getEntryPoint(): [BlockStmt] { ... }
-# 2899|     getStmt(0): [ReturnStmt] return ...
-# 2901| [MemberFunction] int StructInit::get_val()
-# 2901|   <params>: 
-# 2901|   getEntryPoint(): [BlockStmt] { ... }
-# 2901|     getStmt(0): [ReturnStmt] return ...
-# 2901|       getExpr(): [ImplicitThisFieldAccess,PointerFieldAccess] k
-# 2901|           Type = [IntType] int
-# 2901|           ValueCategory = prvalue(load)
-# 2901|         getQualifier(): [ThisExpr] this
-# 2901|             Type = [PointerType] StructInit *
-# 2901|             ValueCategory = prvalue(load)
-# 2905| [Constructor] void StructInitFromTemplate<int>::StructInitFromTemplate()
-# 2905|   <params>: 
-# 2905|   <initializations>: 
-# 2905|     getInitializer(0): [ConstructorDefaultFieldInit] constructor init of field t
-# 2905|         Type = [IntType] int
-# 2905|         ValueCategory = prvalue
-# 2905|   getEntryPoint(): [BlockStmt] { ... }
-# 2905|     getStmt(0): [ReturnStmt] return ...
-# 2909| [GlobalVariable] StructInitFromTemplate<int> StructInitFromTemplateVar
-#-----|   getInitializer(): [Initializer] initializer for StructInitFromTemplateVar
-#-----|     getExpr(): [ConstructorCall] call to StructInitFromTemplate
-#-----|         Type = [VoidType] void
-#-----|         ValueCategory = prvalue
-#-----|     getExpr().getFullyConverted(): [TemporaryObjectExpr] temporary object
-#-----|         Type = [ClassTemplateInstantiation,Struct] StructInitFromTemplate<int>
-#-----|         ValueCategory = prvalue(load)
-# 2912| [GlobalVariable,VariableTemplateInstantiation] double VariableTemplate<double>
-# 2912|   getInitializer(): [Initializer] initializer for VariableTemplate
-# 2912|     getExpr(): [Literal] 42
-# 2912|         Type = [IntType] int
-# 2912|         Value = [Literal] 42
-# 2912|         ValueCategory = prvalue
-# 2912|     getExpr().getFullyConverted(): [CStyleCast] (double)...
-# 2912|         Conversion = [IntegralToFloatingPointConversion] integral to floating point conversion
-# 2912|         Type = [DoubleType] double
-# 2912|         Value = [CStyleCast] 42.0
-# 2912|         ValueCategory = prvalue
-# 2915| [TemplateFunction,TopLevelFunction] T VariableTemplateFunc<T>(T)
-# 2915|   <params>: 
-# 2915|     getParameter(0): [Parameter] x
-# 2915|         Type = [TypeTemplateParameter] T
-# 2915|   getEntryPoint(): [BlockStmt] { ... }
-# 2916|     getStmt(0): [ReturnStmt] return ...
-# 2916|       getExpr(): [AddExpr] ... + ...
-# 2916|           Type = [UnknownType] unknown
-# 2916|           ValueCategory = prvalue
-# 2916|         getLeftOperand(): [VariableAccess] VariableTemplate
-# 2916|             Type = [UnknownType] unknown
-# 2916|             ValueCategory = lvalue
-# 2916|         getRightOperand(): [VariableAccess] x
-# 2916|             Type = [TypeTemplateParameter] T
-# 2916|             ValueCategory = lvalue
-# 2915| [FunctionTemplateInstantiation,TopLevelFunction] double VariableTemplateFunc<double>(double)
-# 2915|   <params>: 
-# 2915|     getParameter(0): [Parameter] x
-# 2915|         Type = [DoubleType] double
-# 2915|   getEntryPoint(): [BlockStmt] { ... }
-# 2916|     getStmt(0): [ReturnStmt] return ...
-# 2916|       getExpr(): [AddExpr] ... + ...
-# 2916|           Type = [DoubleType] double
-# 2916|           ValueCategory = prvalue
-# 2916|         getLeftOperand(): [VariableAccess] VariableTemplate
-# 2916|             Type = [DoubleType] double
-# 2916|             Value = [VariableAccess] 42.0
-# 2916|             ValueCategory = prvalue(load)
-# 2916|         getRightOperand(): [VariableAccess] x
-# 2916|             Type = [DoubleType] double
-# 2916|             ValueCategory = prvalue(load)
-# 2919| [GlobalVariable] int VariableTemplateFuncUse
-# 2919|   getInitializer(): [Initializer] initializer for VariableTemplateFuncUse
-# 2919|     getExpr(): [FunctionCall] call to VariableTemplateFunc
-# 2919|         Type = [DoubleType] double
-# 2919|         ValueCategory = prvalue
-# 2919|       getArgument(0): [Literal] 2.299999999999999822
-# 2919|           Type = [DoubleType] double
-# 2919|           Value = [Literal] 2.299999999999999822
-# 2919|           ValueCategory = prvalue
-# 2919|     getExpr().getFullyConverted(): [CStyleCast] (int)...
-# 2919|         Conversion = [FloatingPointToIntegralConversion] floating point to integral conversion
-# 2919|         Type = [IntType] int
-# 2919|         ValueCategory = prvalue
 ir23.cpp:
 #    1| [TopLevelFunction] bool consteval_1()
 #    1|   <params>: 
@@ -50548,7 +50386,7 @@ perf-regression.cpp:
 #    6| [Constructor] void Big::Big()
 #    6|   <params>: 
 #    6|   <initializations>: 
-#    6|     getInitializer(0): [ConstructorDirectFieldInit] constructor init of field buffer
+#    6|     getInitializer(0): [ConstructorFieldInit] constructor init of field buffer
 #    6|         Type = [ArrayType] char[1073741824]
 #    6|         ValueCategory = prvalue
 #    6|       getExpr(): [ArrayAggregateLiteral] {...}

cpp/ql/test/library-tests/ir/ir/PrintConfig.qll

@@ -20,7 +20,5 @@ predicate shouldDumpDeclaration(Declaration decl) {
     decl.(GlobalOrNamespaceVariable).hasInitializer()
     or
     decl.(StaticLocalVariable).hasInitializer()
-    or
-    decl.(Field).hasInitializer()
   )
 }

cpp/ql/test/library-tests/ir/ir/ir.cpp

@@ -2886,36 +2886,4 @@ namespace {
     }
 }
 
-struct StructInit {
-    int i = 42;
-    int j = 42;
-    int k = 42;
-    int l = k;
-    int m = get_val();
-    int n = 42;
-
-    StructInit(int j) : j(j), n(get_val()) {}
-
-    StructInit() : i(41), k(41) {}
-
-    int get_val() { return k; }
-};
-
-template<typename T>
-struct StructInitFromTemplate {
-    T t = T();
-};
-
-StructInitFromTemplate<int> StructInitFromTemplateVar;
-
-template<class T>
-constexpr T VariableTemplate = T(42);
- 
-template<class T>
-T VariableTemplateFunc(T x) {
-    return VariableTemplate<T> + x;
-}
-
-int VariableTemplateFuncUse = VariableTemplateFunc(2.3);
-
 // semmle-extractor-options: -std=c++20 --clang

cpp/ql/test/library-tests/ir/ir/raw_consistency.expected

@@ -20,6 +20,7 @@ multipleIRTypes
 lostReachability
 backEdgeCountMismatch
 useNotDominatedByDefinition
+| ir.cpp:1537:8:1537:8 | Unary | Operand 'Unary' is not dominated by its definition in function '$@'. | ir.cpp:1537:8:1537:8 | void StructuredBindingDataMemberStruct::StructuredBindingDataMemberStruct() | void StructuredBindingDataMemberStruct::StructuredBindingDataMemberStruct() |
 switchInstructionWithoutDefaultEdge
 notMarkedAsConflated
 wronglyMarkedAsConflated

cpp/ql/test/library-tests/ir/ir/raw_ir.expected

@@ -11339,89 +11339,44 @@ ir.cpp:
 
 # 1533| void StructuredBindingDataMemberMemberStruct::StructuredBindingDataMemberMemberStruct()
 # 1533|   Block 0
-# 1533|     v1533_1(void)                                            = EnterFunction                   : 
-# 1533|     mu1533_2(unknown)                                        = AliasedDefinition               : 
-# 1533|     mu1533_3(unknown)                                        = InitializeNonLocal              : 
-# 1533|     r1533_4(glval<unknown>)                                  = VariableAddress[#this]          : 
-# 1533|     mu1533_5(glval<StructuredBindingDataMemberMemberStruct>) = InitializeParameter[#this]      : &:r1533_4
-# 1533|     r1533_6(glval<StructuredBindingDataMemberMemberStruct>)  = Load[#this]                     : &:r1533_4, ~m?
-# 1533|     mu1533_7(StructuredBindingDataMemberMemberStruct)        = InitializeIndirection[#this]    : &:r1533_6
-# 1533|     r1533_8(glval<unknown>)                                  = FunctionAddress[x]              : 
-# 1533|     v1533_9(void)                                            = Call[x]                         : func:r1533_8, this:r1533_6
-# 1533|     mu1533_10(unknown)                                       = ^CallSideEffect                 : ~m?
-# 1533|     v1533_11(void)                                           = ^IndirectReadSideEffect[-1]     : &:r1533_6, ~m?
-# 1533|     mu1533_12(StructuredBindingDataMemberMemberStruct)       = ^IndirectMayWriteSideEffect[-1] : &:r1533_6
-# 1533|     v1533_13(void)                                           = NoOp                            : 
-# 1533|     v1533_14(void)                                           = ReturnIndirection[#this]        : &:r1533_6, ~m?
-# 1533|     v1533_15(void)                                           = ReturnVoid                      : 
-# 1533|     v1533_16(void)                                           = AliasedUse                      : ~m?
-# 1533|     v1533_17(void)                                           = ExitFunction                    : 
-
-# 1534| int StructuredBindingDataMemberMemberStruct::x
-# 1534|   Block 0
-# 1534|     v1534_1(void)                                            = EnterFunction                : 
-# 1534|     mu1534_2(unknown)                                        = AliasedDefinition            : 
-# 1534|     mu1534_3(unknown)                                        = InitializeNonLocal           : 
-# 1534|     r1534_4(glval<unknown>)                                  = VariableAddress[#this]       : 
-# 1534|     mu1534_5(glval<StructuredBindingDataMemberMemberStruct>) = InitializeParameter[#this]   : &:r1534_4
-# 1534|     r1534_6(glval<StructuredBindingDataMemberMemberStruct>)  = Load[#this]                  : &:r1534_4, ~m?
-# 1534|     mu1534_7(StructuredBindingDataMemberMemberStruct)        = InitializeIndirection[#this] : &:r1534_6
-# 1534|     r1534_8(glval<int>)                                      = FieldAddress[x]              : r1534_6
-# 1534|     r1534_9(int)                                             = Constant[5]                  : 
-# 1534|     mu1534_10(int)                                           = Store[?]                     : &:r1534_8, r1534_9
-# 1534|     v1534_11(void)                                           = ReturnVoid                   : 
-# 1534|     v1534_12(void)                                           = AliasedUse                   : ~m?
-# 1534|     v1534_13(void)                                           = ExitFunction                 : 
+# 1533|     v1533_1(void)                                            = EnterFunction                : 
+# 1533|     mu1533_2(unknown)                                        = AliasedDefinition            : 
+# 1533|     mu1533_3(unknown)                                        = InitializeNonLocal           : 
+# 1533|     r1533_4(glval<unknown>)                                  = VariableAddress[#this]       : 
+# 1533|     mu1533_5(glval<StructuredBindingDataMemberMemberStruct>) = InitializeParameter[#this]   : &:r1533_4
+# 1533|     r1533_6(glval<StructuredBindingDataMemberMemberStruct>)  = Load[#this]                  : &:r1533_4, ~m?
+# 1533|     mu1533_7(StructuredBindingDataMemberMemberStruct)        = InitializeIndirection[#this] : &:r1533_6
+# 1533|     v1533_8(void)                                            = NoOp                         : 
+# 1533|     v1533_9(void)                                            = ReturnIndirection[#this]     : &:r1533_6, ~m?
+# 1533|     v1533_10(void)                                           = ReturnVoid                   : 
+# 1533|     v1533_11(void)                                           = AliasedUse                   : ~m?
+# 1533|     v1533_12(void)                                           = ExitFunction                 : 
 
 # 1537| void StructuredBindingDataMemberStruct::StructuredBindingDataMemberStruct()
 # 1537|   Block 0
-# 1537|     v1537_1(void)                                            = EnterFunction                                            : 
-# 1537|     mu1537_2(unknown)                                        = AliasedDefinition                                        : 
-# 1537|     mu1537_3(unknown)                                        = InitializeNonLocal                                       : 
-# 1537|     r1537_4(glval<unknown>)                                  = VariableAddress[#this]                                   : 
-# 1537|     mu1537_5(glval<StructuredBindingDataMemberStruct>)       = InitializeParameter[#this]                               : &:r1537_4
-# 1537|     r1537_6(glval<StructuredBindingDataMemberStruct>)        = Load[#this]                                              : &:r1537_4, ~m?
-# 1537|     mu1537_7(StructuredBindingDataMemberStruct)              = InitializeIndirection[#this]                             : &:r1537_6
-# 1537|     r1537_8(glval<unknown>)                                  = FunctionAddress[i]                                       : 
-# 1537|     v1537_9(void)                                            = Call[i]                                                  : func:r1537_8, this:r1537_6
-# 1537|     mu1537_10(unknown)                                       = ^CallSideEffect                                          : ~m?
-# 1537|     v1537_11(void)                                           = ^IndirectReadSideEffect[-1]                              : &:r1537_6, ~m?
-# 1537|     mu1537_12(StructuredBindingDataMemberStruct)             = ^IndirectMayWriteSideEffect[-1]                          : &:r1537_6
-# 1537|     r1537_13(glval<unknown>)                                 = FunctionAddress[d]                                       : 
-# 1537|     v1537_14(void)                                           = Call[d]                                                  : func:r1537_13, this:r1537_6
-# 1537|     mu1537_15(unknown)                                       = ^CallSideEffect                                          : ~m?
-# 1537|     v1537_16(void)                                           = ^IndirectReadSideEffect[-1]                              : &:r1537_6, ~m?
-# 1537|     mu1537_17(StructuredBindingDataMemberStruct)             = ^IndirectMayWriteSideEffect[-1]                          : &:r1537_6
-# 1537|     r1537_18(glval<unknown>)                                 = FunctionAddress[r]                                       : 
-# 1537|     v1537_19(void)                                           = Call[r]                                                  : func:r1537_18, this:r1537_6
-# 1537|     mu1537_20(unknown)                                       = ^CallSideEffect                                          : ~m?
-# 1537|     v1537_21(void)                                           = ^IndirectReadSideEffect[-1]                              : &:r1537_6, ~m?
-# 1537|     mu1537_22(StructuredBindingDataMemberStruct)             = ^IndirectMayWriteSideEffect[-1]                          : &:r1537_6
-# 1537|     r1537_23(glval<unknown>)                                 = FunctionAddress[p]                                       : 
-# 1537|     v1537_24(void)                                           = Call[p]                                                  : func:r1537_23, this:r1537_6
-# 1537|     mu1537_25(unknown)                                       = ^CallSideEffect                                          : ~m?
-# 1537|     v1537_26(void)                                           = ^IndirectReadSideEffect[-1]                              : &:r1537_6, ~m?
-# 1537|     mu1537_27(StructuredBindingDataMemberStruct)             = ^IndirectMayWriteSideEffect[-1]                          : &:r1537_6
-# 1537|     r1537_28(glval<unknown>)                                 = FunctionAddress[xs]                                      : 
-# 1537|     v1537_29(void)                                           = Call[xs]                                                 : func:r1537_28, this:r1537_6
-# 1537|     mu1537_30(unknown)                                       = ^CallSideEffect                                          : ~m?
-# 1537|     v1537_31(void)                                           = ^IndirectReadSideEffect[-1]                              : &:r1537_6, ~m?
-# 1537|     mu1537_32(StructuredBindingDataMemberStruct)             = ^IndirectMayWriteSideEffect[-1]                          : &:r1537_6
-# 1537|     r1537_33(glval<unknown>)                                 = FunctionAddress[r_alt]                                   : 
-# 1537|     v1537_34(void)                                           = Call[r_alt]                                              : func:r1537_33, this:r1537_6
-# 1537|     mu1537_35(unknown)                                       = ^CallSideEffect                                          : ~m?
-# 1537|     v1537_36(void)                                           = ^IndirectReadSideEffect[-1]                              : &:r1537_6, ~m?
-# 1537|     mu1537_37(StructuredBindingDataMemberStruct)             = ^IndirectMayWriteSideEffect[-1]                          : &:r1537_6
-# 1537|     r1537_38(glval<StructuredBindingDataMemberMemberStruct>) = FieldAddress[m]                                          : r1537_6
-# 1537|     r1537_39(glval<unknown>)                                 = FunctionAddress[StructuredBindingDataMemberMemberStruct] : 
-# 1537|     v1537_40(void)                                           = Call[StructuredBindingDataMemberMemberStruct]            : func:r1537_39, this:r1537_38
-# 1537|     mu1537_41(unknown)                                       = ^CallSideEffect                                          : ~m?
-# 1537|     mu1537_42(StructuredBindingDataMemberMemberStruct)       = ^IndirectMayWriteSideEffect[-1]                          : &:r1537_38
-# 1537|     v1537_43(void)                                           = NoOp                                                     : 
-# 1537|     v1537_44(void)                                           = ReturnIndirection[#this]                                 : &:r1537_6, ~m?
-# 1537|     v1537_45(void)                                           = ReturnVoid                                               : 
-# 1537|     v1537_46(void)                                           = AliasedUse                                               : ~m?
-# 1537|     v1537_47(void)                                           = ExitFunction                                             : 
+# 1537|     v1537_1(void)                                      = EnterFunction                : 
+# 1537|     mu1537_2(unknown)                                  = AliasedDefinition            : 
+# 1537|     mu1537_3(unknown)                                  = InitializeNonLocal           : 
+# 1537|     r1537_4(glval<unknown>)                            = VariableAddress[#this]       : 
+# 1537|     mu1537_5(glval<StructuredBindingDataMemberStruct>) = InitializeParameter[#this]   : &:r1537_4
+# 1537|     r1537_6(glval<StructuredBindingDataMemberStruct>)  = Load[#this]                  : &:r1537_4, ~m?
+# 1537|     mu1537_7(StructuredBindingDataMemberStruct)        = InitializeIndirection[#this] : &:r1537_6
+#-----|   Goto -> Block 2
+
+# 1537|   Block 1
+# 1537|     r1537_8(glval<StructuredBindingDataMemberMemberStruct>) = FieldAddress[m]                                          : r1537_6
+# 1537|     r1537_9(glval<unknown>)                                 = FunctionAddress[StructuredBindingDataMemberMemberStruct] : 
+# 1537|     v1537_10(void)                                          = Call[StructuredBindingDataMemberMemberStruct]            : func:r1537_9, this:r1537_8
+# 1537|     mu1537_11(unknown)                                      = ^CallSideEffect                                          : ~m?
+# 1537|     mu1537_12(StructuredBindingDataMemberMemberStruct)      = ^IndirectMayWriteSideEffect[-1]                          : &:r1537_8
+#-----|   Goto -> Block 2
+
+# 1537|   Block 2
+# 1537|     v1537_13(void) = NoOp                     : 
+# 1537|     v1537_14(void) = ReturnIndirection[#this] : &:r1537_6, ~m?
+# 1537|     v1537_15(void) = ReturnVoid               : 
+# 1537|     v1537_16(void) = AliasedUse               : ~m?
+# 1537|     v1537_17(void) = ExitFunction             : 
 
 # 1537| void StructuredBindingDataMemberStruct::StructuredBindingDataMemberStruct(StructuredBindingDataMemberStruct const&)
 # 1537|   Block 0
@@ -11499,114 +11454,6 @@ ir.cpp:
 # 1537|     v1537_67(void)                                           = AliasedUse                                   : ~m?
 # 1537|     v1537_68(void)                                           = ExitFunction                                 : 
 
-# 1540| int StructuredBindingDataMemberStruct::i
-# 1540|   Block 0
-# 1540|     v1540_1(void)                                      = EnterFunction                : 
-# 1540|     mu1540_2(unknown)                                  = AliasedDefinition            : 
-# 1540|     mu1540_3(unknown)                                  = InitializeNonLocal           : 
-# 1540|     r1540_4(glval<unknown>)                            = VariableAddress[#this]       : 
-# 1540|     mu1540_5(glval<StructuredBindingDataMemberStruct>) = InitializeParameter[#this]   : &:r1540_4
-# 1540|     r1540_6(glval<StructuredBindingDataMemberStruct>)  = Load[#this]                  : &:r1540_4, ~m?
-# 1540|     mu1540_7(StructuredBindingDataMemberStruct)        = InitializeIndirection[#this] : &:r1540_6
-# 1540|     r1540_8(glval<int>)                                = FieldAddress[i]              : r1540_6
-# 1540|     r1540_9(int)                                       = Constant[1]                  : 
-# 1540|     mu1540_10(int)                                     = Store[?]                     : &:r1540_8, r1540_9
-# 1540|     v1540_11(void)                                     = ReturnVoid                   : 
-# 1540|     v1540_12(void)                                     = AliasedUse                   : ~m?
-# 1540|     v1540_13(void)                                     = ExitFunction                 : 
-
-# 1541| double StructuredBindingDataMemberStruct::d
-# 1541|   Block 0
-# 1541|     v1541_1(void)                                      = EnterFunction                : 
-# 1541|     mu1541_2(unknown)                                  = AliasedDefinition            : 
-# 1541|     mu1541_3(unknown)                                  = InitializeNonLocal           : 
-# 1541|     r1541_4(glval<unknown>)                            = VariableAddress[#this]       : 
-# 1541|     mu1541_5(glval<StructuredBindingDataMemberStruct>) = InitializeParameter[#this]   : &:r1541_4
-# 1541|     r1541_6(glval<StructuredBindingDataMemberStruct>)  = Load[#this]                  : &:r1541_4, ~m?
-# 1541|     mu1541_7(StructuredBindingDataMemberStruct)        = InitializeIndirection[#this] : &:r1541_6
-# 1541|     r1541_8(glval<double>)                             = FieldAddress[d]              : r1541_6
-# 1541|     r1541_9(double)                                    = Constant[2.0]                : 
-# 1541|     mu1541_10(double)                                  = Store[?]                     : &:r1541_8, r1541_9
-# 1541|     v1541_11(void)                                     = ReturnVoid                   : 
-# 1541|     v1541_12(void)                                     = AliasedUse                   : ~m?
-# 1541|     v1541_13(void)                                     = ExitFunction                 : 
-
-# 1543| int& StructuredBindingDataMemberStruct::r
-# 1543|   Block 0
-# 1543|     v1543_1(void)                                      = EnterFunction                : 
-# 1543|     mu1543_2(unknown)                                  = AliasedDefinition            : 
-# 1543|     mu1543_3(unknown)                                  = InitializeNonLocal           : 
-# 1543|     r1543_4(glval<unknown>)                            = VariableAddress[#this]       : 
-# 1543|     mu1543_5(glval<StructuredBindingDataMemberStruct>) = InitializeParameter[#this]   : &:r1543_4
-# 1543|     r1543_6(glval<StructuredBindingDataMemberStruct>)  = Load[#this]                  : &:r1543_4, ~m?
-# 1543|     mu1543_7(StructuredBindingDataMemberStruct)        = InitializeIndirection[#this] : &:r1543_6
-# 1543|     r1543_8(glval<int &>)                              = FieldAddress[r]              : r1543_6
-# 1543|     r1543_9(StructuredBindingDataMemberStruct *)       = CopyValue                    : r1543_6
-# 1543|     r1543_10(glval<int>)                               = FieldAddress[i]              : r1543_9
-#-----|     r0_1(int &)                                        = CopyValue                    : r1543_10
-#-----|     mu0_2(int &)                                       = Store[?]                     : &:r1543_8, r0_1
-# 1543|     v1543_11(void)                                     = ReturnVoid                   : 
-# 1543|     v1543_12(void)                                     = AliasedUse                   : ~m?
-# 1543|     v1543_13(void)                                     = ExitFunction                 : 
-
-# 1544| int* StructuredBindingDataMemberStruct::p
-# 1544|   Block 0
-# 1544|     v1544_1(void)                                      = EnterFunction                : 
-# 1544|     mu1544_2(unknown)                                  = AliasedDefinition            : 
-# 1544|     mu1544_3(unknown)                                  = InitializeNonLocal           : 
-# 1544|     r1544_4(glval<unknown>)                            = VariableAddress[#this]       : 
-# 1544|     mu1544_5(glval<StructuredBindingDataMemberStruct>) = InitializeParameter[#this]   : &:r1544_4
-# 1544|     r1544_6(glval<StructuredBindingDataMemberStruct>)  = Load[#this]                  : &:r1544_4, ~m?
-# 1544|     mu1544_7(StructuredBindingDataMemberStruct)        = InitializeIndirection[#this] : &:r1544_6
-# 1544|     r1544_8(glval<int *>)                              = FieldAddress[p]              : r1544_6
-# 1544|     r1544_9(StructuredBindingDataMemberStruct *)       = CopyValue                    : r1544_6
-# 1544|     r1544_10(glval<int>)                               = FieldAddress[i]              : r1544_9
-# 1544|     r1544_11(int *)                                    = CopyValue                    : r1544_10
-# 1544|     mu1544_12(int *)                                   = Store[?]                     : &:r1544_8, r1544_11
-# 1544|     v1544_13(void)                                     = ReturnVoid                   : 
-# 1544|     v1544_14(void)                                     = AliasedUse                   : ~m?
-# 1544|     v1544_15(void)                                     = ExitFunction                 : 
-
-# 1545| StructuredBindingDataMemberStruct::ArrayType StructuredBindingDataMemberStruct::xs
-# 1545|   Block 0
-# 1545|     v1545_1(void)                                      = EnterFunction                : 
-# 1545|     mu1545_2(unknown)                                  = AliasedDefinition            : 
-# 1545|     mu1545_3(unknown)                                  = InitializeNonLocal           : 
-# 1545|     r1545_4(glval<unknown>)                            = VariableAddress[#this]       : 
-# 1545|     mu1545_5(glval<StructuredBindingDataMemberStruct>) = InitializeParameter[#this]   : &:r1545_4
-# 1545|     r1545_6(glval<StructuredBindingDataMemberStruct>)  = Load[#this]                  : &:r1545_4, ~m?
-# 1545|     mu1545_7(StructuredBindingDataMemberStruct)        = InitializeIndirection[#this] : &:r1545_6
-# 1545|     r1545_8(glval<int[2]>)                             = FieldAddress[xs]             : r1545_6
-# 1545|     r1545_9(int)                                       = Constant[0]                  : 
-# 1545|     r1545_10(glval<int>)                               = PointerAdd[4]                : r1545_8, r1545_9
-# 1545|     r1545_11(int)                                      = Constant[1]                  : 
-# 1545|     mu1545_12(int)                                     = Store[?]                     : &:r1545_10, r1545_11
-# 1545|     r1545_13(int)                                      = Constant[1]                  : 
-# 1545|     r1545_14(glval<int>)                               = PointerAdd[4]                : r1545_8, r1545_13
-# 1545|     r1545_15(int)                                      = Constant[2]                  : 
-# 1545|     mu1545_16(int)                                     = Store[?]                     : &:r1545_14, r1545_15
-# 1545|     v1545_17(void)                                     = ReturnVoid                   : 
-# 1545|     v1545_18(void)                                     = AliasedUse                   : ~m?
-# 1545|     v1545_19(void)                                     = ExitFunction                 : 
-
-# 1546| StructuredBindingDataMemberStruct::RefType StructuredBindingDataMemberStruct::r_alt
-# 1546|   Block 0
-# 1546|     v1546_1(void)                                      = EnterFunction                : 
-# 1546|     mu1546_2(unknown)                                  = AliasedDefinition            : 
-# 1546|     mu1546_3(unknown)                                  = InitializeNonLocal           : 
-# 1546|     r1546_4(glval<unknown>)                            = VariableAddress[#this]       : 
-# 1546|     mu1546_5(glval<StructuredBindingDataMemberStruct>) = InitializeParameter[#this]   : &:r1546_4
-# 1546|     r1546_6(glval<StructuredBindingDataMemberStruct>)  = Load[#this]                  : &:r1546_4, ~m?
-# 1546|     mu1546_7(StructuredBindingDataMemberStruct)        = InitializeIndirection[#this] : &:r1546_6
-# 1546|     r1546_8(glval<int &>)                              = FieldAddress[r_alt]          : r1546_6
-# 1546|     r1546_9(StructuredBindingDataMemberStruct *)       = CopyValue                    : r1546_6
-# 1546|     r1546_10(glval<int>)                               = FieldAddress[i]              : r1546_9
-#-----|     r0_1(int &)                                        = CopyValue                    : r1546_10
-#-----|     mu0_2(int &)                                       = Store[?]                     : &:r1546_8, r0_1
-# 1546|     v1546_11(void)                                     = ReturnVoid                   : 
-# 1546|     v1546_12(void)                                     = AliasedUse                   : ~m?
-# 1546|     v1546_13(void)                                     = ExitFunction                 : 
-
 # 1550| void data_member_structured_binding()
 # 1550|   Block 0
 # 1550|     v1550_1(void)                                              = EnterFunction                                      : 
@@ -11774,33 +11621,18 @@ ir.cpp:
 
 # 1590| void StructuredBindingTupleRefGet::StructuredBindingTupleRefGet()
 # 1590|   Block 0
-# 1590|     v1590_1(void)                                 = EnterFunction                   : 
-# 1590|     mu1590_2(unknown)                             = AliasedDefinition               : 
-# 1590|     mu1590_3(unknown)                             = InitializeNonLocal              : 
-# 1590|     r1590_4(glval<unknown>)                       = VariableAddress[#this]          : 
-# 1590|     mu1590_5(glval<StructuredBindingTupleRefGet>) = InitializeParameter[#this]      : &:r1590_4
-# 1590|     r1590_6(glval<StructuredBindingTupleRefGet>)  = Load[#this]                     : &:r1590_4, ~m?
-# 1590|     mu1590_7(StructuredBindingTupleRefGet)        = InitializeIndirection[#this]    : &:r1590_6
-# 1590|     r1590_8(glval<unknown>)                       = FunctionAddress[i]              : 
-# 1590|     v1590_9(void)                                 = Call[i]                         : func:r1590_8, this:r1590_6
-# 1590|     mu1590_10(unknown)                            = ^CallSideEffect                 : ~m?
-# 1590|     v1590_11(void)                                = ^IndirectReadSideEffect[-1]     : &:r1590_6, ~m?
-# 1590|     mu1590_12(StructuredBindingTupleRefGet)       = ^IndirectMayWriteSideEffect[-1] : &:r1590_6
-# 1590|     r1590_13(glval<unknown>)                      = FunctionAddress[d]              : 
-# 1590|     v1590_14(void)                                = Call[d]                         : func:r1590_13, this:r1590_6
-# 1590|     mu1590_15(unknown)                            = ^CallSideEffect                 : ~m?
-# 1590|     v1590_16(void)                                = ^IndirectReadSideEffect[-1]     : &:r1590_6, ~m?
-# 1590|     mu1590_17(StructuredBindingTupleRefGet)       = ^IndirectMayWriteSideEffect[-1] : &:r1590_6
-# 1590|     r1590_18(glval<unknown>)                      = FunctionAddress[r]              : 
-# 1590|     v1590_19(void)                                = Call[r]                         : func:r1590_18, this:r1590_6
-# 1590|     mu1590_20(unknown)                            = ^CallSideEffect                 : ~m?
-# 1590|     v1590_21(void)                                = ^IndirectReadSideEffect[-1]     : &:r1590_6, ~m?
-# 1590|     mu1590_22(StructuredBindingTupleRefGet)       = ^IndirectMayWriteSideEffect[-1] : &:r1590_6
-# 1590|     v1590_23(void)                                = NoOp                            : 
-# 1590|     v1590_24(void)                                = ReturnIndirection[#this]        : &:r1590_6, ~m?
-# 1590|     v1590_25(void)                                = ReturnVoid                      : 
-# 1590|     v1590_26(void)                                = AliasedUse                      : ~m?
-# 1590|     v1590_27(void)                                = ExitFunction                    : 
+# 1590|     v1590_1(void)                                 = EnterFunction                : 
+# 1590|     mu1590_2(unknown)                             = AliasedDefinition            : 
+# 1590|     mu1590_3(unknown)                             = InitializeNonLocal           : 
+# 1590|     r1590_4(glval<unknown>)                       = VariableAddress[#this]       : 
+# 1590|     mu1590_5(glval<StructuredBindingTupleRefGet>) = InitializeParameter[#this]   : &:r1590_4
+# 1590|     r1590_6(glval<StructuredBindingTupleRefGet>)  = Load[#this]                  : &:r1590_4, ~m?
+# 1590|     mu1590_7(StructuredBindingTupleRefGet)        = InitializeIndirection[#this] : &:r1590_6
+# 1590|     v1590_8(void)                                 = NoOp                         : 
+# 1590|     v1590_9(void)                                 = ReturnIndirection[#this]     : &:r1590_6, ~m?
+# 1590|     v1590_10(void)                                = ReturnVoid                   : 
+# 1590|     v1590_11(void)                                = AliasedUse                   : ~m?
+# 1590|     v1590_12(void)                                = ExitFunction                 : 
 
 # 1590| void StructuredBindingTupleRefGet::StructuredBindingTupleRefGet(StructuredBindingTupleRefGet const&)
 # 1590|   Block 0
@@ -11843,56 +11675,6 @@ ir.cpp:
 # 1590|     v1590_32(void)                                  = AliasedUse                                   : ~m?
 # 1590|     v1590_33(void)                                  = ExitFunction                                 : 
 
-# 1591| int StructuredBindingTupleRefGet::i
-# 1591|   Block 0
-# 1591|     v1591_1(void)                                 = EnterFunction                : 
-# 1591|     mu1591_2(unknown)                             = AliasedDefinition            : 
-# 1591|     mu1591_3(unknown)                             = InitializeNonLocal           : 
-# 1591|     r1591_4(glval<unknown>)                       = VariableAddress[#this]       : 
-# 1591|     mu1591_5(glval<StructuredBindingTupleRefGet>) = InitializeParameter[#this]   : &:r1591_4
-# 1591|     r1591_6(glval<StructuredBindingTupleRefGet>)  = Load[#this]                  : &:r1591_4, ~m?
-# 1591|     mu1591_7(StructuredBindingTupleRefGet)        = InitializeIndirection[#this] : &:r1591_6
-# 1591|     r1591_8(glval<int>)                           = FieldAddress[i]              : r1591_6
-# 1591|     r1591_9(int)                                  = Constant[1]                  : 
-# 1591|     mu1591_10(int)                                = Store[?]                     : &:r1591_8, r1591_9
-# 1591|     v1591_11(void)                                = ReturnVoid                   : 
-# 1591|     v1591_12(void)                                = AliasedUse                   : ~m?
-# 1591|     v1591_13(void)                                = ExitFunction                 : 
-
-# 1592| double StructuredBindingTupleRefGet::d
-# 1592|   Block 0
-# 1592|     v1592_1(void)                                 = EnterFunction                  : 
-# 1592|     mu1592_2(unknown)                             = AliasedDefinition              : 
-# 1592|     mu1592_3(unknown)                             = InitializeNonLocal             : 
-# 1592|     r1592_4(glval<unknown>)                       = VariableAddress[#this]         : 
-# 1592|     mu1592_5(glval<StructuredBindingTupleRefGet>) = InitializeParameter[#this]     : &:r1592_4
-# 1592|     r1592_6(glval<StructuredBindingTupleRefGet>)  = Load[#this]                    : &:r1592_4, ~m?
-# 1592|     mu1592_7(StructuredBindingTupleRefGet)        = InitializeIndirection[#this]   : &:r1592_6
-# 1592|     r1592_8(glval<double>)                        = FieldAddress[d]                : r1592_6
-# 1592|     r1592_9(double)                               = Constant[2.200000000000000178] : 
-# 1592|     mu1592_10(double)                             = Store[?]                       : &:r1592_8, r1592_9
-# 1592|     v1592_11(void)                                = ReturnVoid                     : 
-# 1592|     v1592_12(void)                                = AliasedUse                     : ~m?
-# 1592|     v1592_13(void)                                = ExitFunction                   : 
-
-# 1593| int& StructuredBindingTupleRefGet::r
-# 1593|   Block 0
-# 1593|     v1593_1(void)                                 = EnterFunction                : 
-# 1593|     mu1593_2(unknown)                             = AliasedDefinition            : 
-# 1593|     mu1593_3(unknown)                             = InitializeNonLocal           : 
-# 1593|     r1593_4(glval<unknown>)                       = VariableAddress[#this]       : 
-# 1593|     mu1593_5(glval<StructuredBindingTupleRefGet>) = InitializeParameter[#this]   : &:r1593_4
-# 1593|     r1593_6(glval<StructuredBindingTupleRefGet>)  = Load[#this]                  : &:r1593_4, ~m?
-# 1593|     mu1593_7(StructuredBindingTupleRefGet)        = InitializeIndirection[#this] : &:r1593_6
-# 1593|     r1593_8(glval<int &>)                         = FieldAddress[r]              : r1593_6
-# 1593|     r1593_9(StructuredBindingTupleRefGet *)       = CopyValue                    : r1593_6
-# 1593|     r1593_10(glval<int>)                          = FieldAddress[i]              : r1593_9
-#-----|     r0_1(int &)                                   = CopyValue                    : r1593_10
-#-----|     mu0_2(int &)                                  = Store[?]                     : &:r1593_8, r0_1
-# 1593|     v1593_11(void)                                = ReturnVoid                   : 
-# 1593|     v1593_12(void)                                = AliasedUse                   : ~m?
-# 1593|     v1593_13(void)                                = ExitFunction                 : 
-
 # 1618| std::tuple_element<int 0, StructuredBindingTupleRefGet>::type& StructuredBindingTupleRefGet::get<int 0>()
 # 1618|   Block 0
 # 1618|     v1618_1(void)                                 = EnterFunction                : 
@@ -12108,62 +11890,18 @@ ir.cpp:
 
 # 1657| void StructuredBindingTupleNoRefGet::StructuredBindingTupleNoRefGet()
 # 1657|   Block 0
-# 1657|     v1657_1(void)                                   = EnterFunction                   : 
-# 1657|     mu1657_2(unknown)                               = AliasedDefinition               : 
-# 1657|     mu1657_3(unknown)                               = InitializeNonLocal              : 
-# 1657|     r1657_4(glval<unknown>)                         = VariableAddress[#this]          : 
-# 1657|     mu1657_5(glval<StructuredBindingTupleNoRefGet>) = InitializeParameter[#this]      : &:r1657_4
-# 1657|     r1657_6(glval<StructuredBindingTupleNoRefGet>)  = Load[#this]                     : &:r1657_4, ~m?
-# 1657|     mu1657_7(StructuredBindingTupleNoRefGet)        = InitializeIndirection[#this]    : &:r1657_6
-# 1657|     r1657_8(glval<unknown>)                         = FunctionAddress[i]              : 
-# 1657|     v1657_9(void)                                   = Call[i]                         : func:r1657_8, this:r1657_6
-# 1657|     mu1657_10(unknown)                              = ^CallSideEffect                 : ~m?
-# 1657|     v1657_11(void)                                  = ^IndirectReadSideEffect[-1]     : &:r1657_6, ~m?
-# 1657|     mu1657_12(StructuredBindingTupleNoRefGet)       = ^IndirectMayWriteSideEffect[-1] : &:r1657_6
-# 1657|     r1657_13(glval<unknown>)                        = FunctionAddress[r]              : 
-# 1657|     v1657_14(void)                                  = Call[r]                         : func:r1657_13, this:r1657_6
-# 1657|     mu1657_15(unknown)                              = ^CallSideEffect                 : ~m?
-# 1657|     v1657_16(void)                                  = ^IndirectReadSideEffect[-1]     : &:r1657_6, ~m?
-# 1657|     mu1657_17(StructuredBindingTupleNoRefGet)       = ^IndirectMayWriteSideEffect[-1] : &:r1657_6
-# 1657|     v1657_18(void)                                  = NoOp                            : 
-# 1657|     v1657_19(void)                                  = ReturnIndirection[#this]        : &:r1657_6, ~m?
-# 1657|     v1657_20(void)                                  = ReturnVoid                      : 
-# 1657|     v1657_21(void)                                  = AliasedUse                      : ~m?
-# 1657|     v1657_22(void)                                  = ExitFunction                    : 
-
-# 1658| int StructuredBindingTupleNoRefGet::i
-# 1658|   Block 0
-# 1658|     v1658_1(void)                                   = EnterFunction                : 
-# 1658|     mu1658_2(unknown)                               = AliasedDefinition            : 
-# 1658|     mu1658_3(unknown)                               = InitializeNonLocal           : 
-# 1658|     r1658_4(glval<unknown>)                         = VariableAddress[#this]       : 
-# 1658|     mu1658_5(glval<StructuredBindingTupleNoRefGet>) = InitializeParameter[#this]   : &:r1658_4
-# 1658|     r1658_6(glval<StructuredBindingTupleNoRefGet>)  = Load[#this]                  : &:r1658_4, ~m?
-# 1658|     mu1658_7(StructuredBindingTupleNoRefGet)        = InitializeIndirection[#this] : &:r1658_6
-# 1658|     r1658_8(glval<int>)                             = FieldAddress[i]              : r1658_6
-# 1658|     r1658_9(int)                                    = Constant[1]                  : 
-# 1658|     mu1658_10(int)                                  = Store[?]                     : &:r1658_8, r1658_9
-# 1658|     v1658_11(void)                                  = ReturnVoid                   : 
-# 1658|     v1658_12(void)                                  = AliasedUse                   : ~m?
-# 1658|     v1658_13(void)                                  = ExitFunction                 : 
-
-# 1659| int& StructuredBindingTupleNoRefGet::r
-# 1659|   Block 0
-# 1659|     v1659_1(void)                                   = EnterFunction                : 
-# 1659|     mu1659_2(unknown)                               = AliasedDefinition            : 
-# 1659|     mu1659_3(unknown)                               = InitializeNonLocal           : 
-# 1659|     r1659_4(glval<unknown>)                         = VariableAddress[#this]       : 
-# 1659|     mu1659_5(glval<StructuredBindingTupleNoRefGet>) = InitializeParameter[#this]   : &:r1659_4
-# 1659|     r1659_6(glval<StructuredBindingTupleNoRefGet>)  = Load[#this]                  : &:r1659_4, ~m?
-# 1659|     mu1659_7(StructuredBindingTupleNoRefGet)        = InitializeIndirection[#this] : &:r1659_6
-# 1659|     r1659_8(glval<int &>)                           = FieldAddress[r]              : r1659_6
-# 1659|     r1659_9(StructuredBindingTupleNoRefGet *)       = CopyValue                    : r1659_6
-# 1659|     r1659_10(glval<int>)                            = FieldAddress[i]              : r1659_9
-#-----|     r0_1(int &)                                     = CopyValue                    : r1659_10
-#-----|     mu0_2(int &)                                    = Store[?]                     : &:r1659_8, r0_1
-# 1659|     v1659_11(void)                                  = ReturnVoid                   : 
-# 1659|     v1659_12(void)                                  = AliasedUse                   : ~m?
-# 1659|     v1659_13(void)                                  = ExitFunction                 : 
+# 1657|     v1657_1(void)                                   = EnterFunction                : 
+# 1657|     mu1657_2(unknown)                               = AliasedDefinition            : 
+# 1657|     mu1657_3(unknown)                               = InitializeNonLocal           : 
+# 1657|     r1657_4(glval<unknown>)                         = VariableAddress[#this]       : 
+# 1657|     mu1657_5(glval<StructuredBindingTupleNoRefGet>) = InitializeParameter[#this]   : &:r1657_4
+# 1657|     r1657_6(glval<StructuredBindingTupleNoRefGet>)  = Load[#this]                  : &:r1657_4, ~m?
+# 1657|     mu1657_7(StructuredBindingTupleNoRefGet)        = InitializeIndirection[#this] : &:r1657_6
+# 1657|     v1657_8(void)                                   = NoOp                         : 
+# 1657|     v1657_9(void)                                   = ReturnIndirection[#this]     : &:r1657_6, ~m?
+# 1657|     v1657_10(void)                                  = ReturnVoid                   : 
+# 1657|     v1657_11(void)                                  = AliasedUse                   : ~m?
+# 1657|     v1657_12(void)                                  = ExitFunction                 : 
 
 # 1684| std::tuple_element<int 0, StructuredBindingTupleNoRefGet>::type StructuredBindingTupleNoRefGet::get<int 0>()
 # 1684|   Block 0
@@ -19462,321 +19200,6 @@ ir.cpp:
 # 2867|     v2867_13(void)      = ReturnVoid                    : 
 #-----|   Goto -> Block 1
 
-# 2890| int StructInit::i
-# 2890|   Block 0
-# 2890|     v2890_1(void)               = EnterFunction                : 
-# 2890|     mu2890_2(unknown)           = AliasedDefinition            : 
-# 2890|     mu2890_3(unknown)           = InitializeNonLocal           : 
-# 2890|     r2890_4(glval<unknown>)     = VariableAddress[#this]       : 
-# 2890|     mu2890_5(glval<StructInit>) = InitializeParameter[#this]   : &:r2890_4
-# 2890|     r2890_6(glval<StructInit>)  = Load[#this]                  : &:r2890_4, ~m?
-# 2890|     mu2890_7(StructInit)        = InitializeIndirection[#this] : &:r2890_6
-# 2890|     r2890_8(glval<int>)         = FieldAddress[i]              : r2890_6
-# 2890|     r2890_9(int)                = Constant[42]                 : 
-# 2890|     mu2890_10(int)              = Store[?]                     : &:r2890_8, r2890_9
-# 2890|     v2890_11(void)              = ReturnVoid                   : 
-# 2890|     v2890_12(void)              = AliasedUse                   : ~m?
-# 2890|     v2890_13(void)              = ExitFunction                 : 
-
-# 2891| int StructInit::j
-# 2891|   Block 0
-# 2891|     v2891_1(void)               = EnterFunction                : 
-# 2891|     mu2891_2(unknown)           = AliasedDefinition            : 
-# 2891|     mu2891_3(unknown)           = InitializeNonLocal           : 
-# 2891|     r2891_4(glval<unknown>)     = VariableAddress[#this]       : 
-# 2891|     mu2891_5(glval<StructInit>) = InitializeParameter[#this]   : &:r2891_4
-# 2891|     r2891_6(glval<StructInit>)  = Load[#this]                  : &:r2891_4, ~m?
-# 2891|     mu2891_7(StructInit)        = InitializeIndirection[#this] : &:r2891_6
-# 2891|     r2891_8(glval<int>)         = FieldAddress[j]              : r2891_6
-# 2891|     r2891_9(int)                = Constant[42]                 : 
-# 2891|     mu2891_10(int)              = Store[?]                     : &:r2891_8, r2891_9
-# 2891|     v2891_11(void)              = ReturnVoid                   : 
-# 2891|     v2891_12(void)              = AliasedUse                   : ~m?
-# 2891|     v2891_13(void)              = ExitFunction                 : 
-
-# 2892| int StructInit::k
-# 2892|   Block 0
-# 2892|     v2892_1(void)               = EnterFunction                : 
-# 2892|     mu2892_2(unknown)           = AliasedDefinition            : 
-# 2892|     mu2892_3(unknown)           = InitializeNonLocal           : 
-# 2892|     r2892_4(glval<unknown>)     = VariableAddress[#this]       : 
-# 2892|     mu2892_5(glval<StructInit>) = InitializeParameter[#this]   : &:r2892_4
-# 2892|     r2892_6(glval<StructInit>)  = Load[#this]                  : &:r2892_4, ~m?
-# 2892|     mu2892_7(StructInit)        = InitializeIndirection[#this] : &:r2892_6
-# 2892|     r2892_8(glval<int>)         = FieldAddress[k]              : r2892_6
-# 2892|     r2892_9(int)                = Constant[42]                 : 
-# 2892|     mu2892_10(int)              = Store[?]                     : &:r2892_8, r2892_9
-# 2892|     v2892_11(void)              = ReturnVoid                   : 
-# 2892|     v2892_12(void)              = AliasedUse                   : ~m?
-# 2892|     v2892_13(void)              = ExitFunction                 : 
-
-# 2893| int StructInit::l
-# 2893|   Block 0
-# 2893|     v2893_1(void)               = EnterFunction                : 
-# 2893|     mu2893_2(unknown)           = AliasedDefinition            : 
-# 2893|     mu2893_3(unknown)           = InitializeNonLocal           : 
-# 2893|     r2893_4(glval<unknown>)     = VariableAddress[#this]       : 
-# 2893|     mu2893_5(glval<StructInit>) = InitializeParameter[#this]   : &:r2893_4
-# 2893|     r2893_6(glval<StructInit>)  = Load[#this]                  : &:r2893_4, ~m?
-# 2893|     mu2893_7(StructInit)        = InitializeIndirection[#this] : &:r2893_6
-# 2893|     r2893_8(glval<int>)         = FieldAddress[l]              : r2893_6
-# 2893|     r2893_9(StructInit *)       = CopyValue                    : r2893_6
-# 2893|     r2893_10(glval<int>)        = FieldAddress[k]              : r2893_9
-# 2893|     r2893_11(int)               = Load[?]                      : &:r2893_10, ~m?
-# 2893|     mu2893_12(int)              = Store[?]                     : &:r2893_8, r2893_11
-# 2893|     v2893_13(void)              = ReturnVoid                   : 
-# 2893|     v2893_14(void)              = AliasedUse                   : ~m?
-# 2893|     v2893_15(void)              = ExitFunction                 : 
-
-# 2894| int StructInit::m
-# 2894|   Block 0
-# 2894|     v2894_1(void)               = EnterFunction                   : 
-# 2894|     mu2894_2(unknown)           = AliasedDefinition               : 
-# 2894|     mu2894_3(unknown)           = InitializeNonLocal              : 
-# 2894|     r2894_4(glval<unknown>)     = VariableAddress[#this]          : 
-# 2894|     mu2894_5(glval<StructInit>) = InitializeParameter[#this]      : &:r2894_4
-# 2894|     r2894_6(glval<StructInit>)  = Load[#this]                     : &:r2894_4, ~m?
-# 2894|     mu2894_7(StructInit)        = InitializeIndirection[#this]    : &:r2894_6
-# 2894|     r2894_8(glval<int>)         = FieldAddress[m]                 : r2894_6
-# 2894|     r2894_9(StructInit *)       = CopyValue                       : r2894_6
-# 2894|     r2894_10(glval<unknown>)    = FunctionAddress[get_val]        : 
-# 2894|     r2894_11(int)               = Call[get_val]                   : func:r2894_10, this:r2894_9
-# 2894|     mu2894_12(unknown)          = ^CallSideEffect                 : ~m?
-# 2894|     v2894_13(void)              = ^IndirectReadSideEffect[-1]     : &:r2894_9, ~m?
-# 2894|     mu2894_14(StructInit)       = ^IndirectMayWriteSideEffect[-1] : &:r2894_9
-# 2894|     mu2894_15(int)              = Store[?]                        : &:r2894_8, r2894_11
-# 2894|     v2894_16(void)              = ReturnVoid                      : 
-# 2894|     v2894_17(void)              = AliasedUse                      : ~m?
-# 2894|     v2894_18(void)              = ExitFunction                    : 
-
-# 2895| int StructInit::n
-# 2895|   Block 0
-# 2895|     v2895_1(void)               = EnterFunction                : 
-# 2895|     mu2895_2(unknown)           = AliasedDefinition            : 
-# 2895|     mu2895_3(unknown)           = InitializeNonLocal           : 
-# 2895|     r2895_4(glval<unknown>)     = VariableAddress[#this]       : 
-# 2895|     mu2895_5(glval<StructInit>) = InitializeParameter[#this]   : &:r2895_4
-# 2895|     r2895_6(glval<StructInit>)  = Load[#this]                  : &:r2895_4, ~m?
-# 2895|     mu2895_7(StructInit)        = InitializeIndirection[#this] : &:r2895_6
-# 2895|     r2895_8(glval<int>)         = FieldAddress[n]              : r2895_6
-# 2895|     r2895_9(int)                = Constant[42]                 : 
-# 2895|     mu2895_10(int)              = Store[?]                     : &:r2895_8, r2895_9
-# 2895|     v2895_11(void)              = ReturnVoid                   : 
-# 2895|     v2895_12(void)              = AliasedUse                   : ~m?
-# 2895|     v2895_13(void)              = ExitFunction                 : 
-
-# 2897| void StructInit::StructInit(int)
-# 2897|   Block 0
-# 2897|     v2897_1(void)               = EnterFunction                   : 
-# 2897|     mu2897_2(unknown)           = AliasedDefinition               : 
-# 2897|     mu2897_3(unknown)           = InitializeNonLocal              : 
-# 2897|     r2897_4(glval<unknown>)     = VariableAddress[#this]          : 
-# 2897|     mu2897_5(glval<StructInit>) = InitializeParameter[#this]      : &:r2897_4
-# 2897|     r2897_6(glval<StructInit>)  = Load[#this]                     : &:r2897_4, ~m?
-# 2897|     mu2897_7(StructInit)        = InitializeIndirection[#this]    : &:r2897_6
-# 2897|     r2897_8(glval<int>)         = VariableAddress[j]              : 
-# 2897|     mu2897_9(int)               = InitializeParameter[j]          : &:r2897_8
-# 2897|     r2897_10(glval<unknown>)    = FunctionAddress[i]              : 
-# 2897|     v2897_11(void)              = Call[i]                         : func:r2897_10, this:r2897_6
-# 2897|     mu2897_12(unknown)          = ^CallSideEffect                 : ~m?
-# 2897|     v2897_13(void)              = ^IndirectReadSideEffect[-1]     : &:r2897_6, ~m?
-# 2897|     mu2897_14(StructInit)       = ^IndirectMayWriteSideEffect[-1] : &:r2897_6
-# 2897|     r2897_15(glval<int>)        = FieldAddress[j]                 : r2897_6
-# 2897|     r2897_16(glval<int>)        = VariableAddress[j]              : 
-# 2897|     r2897_17(int)               = Load[j]                         : &:r2897_16, ~m?
-# 2897|     mu2897_18(int)              = Store[?]                        : &:r2897_15, r2897_17
-# 2897|     r2897_19(glval<unknown>)    = FunctionAddress[k]              : 
-# 2897|     v2897_20(void)              = Call[k]                         : func:r2897_19, this:r2897_6
-# 2897|     mu2897_21(unknown)          = ^CallSideEffect                 : ~m?
-# 2897|     v2897_22(void)              = ^IndirectReadSideEffect[-1]     : &:r2897_6, ~m?
-# 2897|     mu2897_23(StructInit)       = ^IndirectMayWriteSideEffect[-1] : &:r2897_6
-# 2897|     r2897_24(glval<unknown>)    = FunctionAddress[l]              : 
-# 2897|     v2897_25(void)              = Call[l]                         : func:r2897_24, this:r2897_6
-# 2897|     mu2897_26(unknown)          = ^CallSideEffect                 : ~m?
-# 2897|     v2897_27(void)              = ^IndirectReadSideEffect[-1]     : &:r2897_6, ~m?
-# 2897|     mu2897_28(StructInit)       = ^IndirectMayWriteSideEffect[-1] : &:r2897_6
-# 2897|     r2897_29(glval<unknown>)    = FunctionAddress[m]              : 
-# 2897|     v2897_30(void)              = Call[m]                         : func:r2897_29, this:r2897_6
-# 2897|     mu2897_31(unknown)          = ^CallSideEffect                 : ~m?
-# 2897|     v2897_32(void)              = ^IndirectReadSideEffect[-1]     : &:r2897_6, ~m?
-# 2897|     mu2897_33(StructInit)       = ^IndirectMayWriteSideEffect[-1] : &:r2897_6
-# 2897|     r2897_34(glval<int>)        = FieldAddress[n]                 : r2897_6
-# 2897|     r2897_35(glval<unknown>)    = VariableAddress[#this]          : 
-# 2897|     r2897_36(StructInit *)      = Load[#this]                     : &:r2897_35, ~m?
-# 2897|     r2897_37(glval<unknown>)    = FunctionAddress[get_val]        : 
-# 2897|     r2897_38(int)               = Call[get_val]                   : func:r2897_37, this:r2897_36
-# 2897|     mu2897_39(unknown)          = ^CallSideEffect                 : ~m?
-# 2897|     v2897_40(void)              = ^IndirectReadSideEffect[-1]     : &:r2897_36, ~m?
-# 2897|     mu2897_41(StructInit)       = ^IndirectMayWriteSideEffect[-1] : &:r2897_36
-# 2897|     mu2897_42(int)              = Store[?]                        : &:r2897_34, r2897_38
-# 2897|     v2897_43(void)              = NoOp                            : 
-# 2897|     v2897_44(void)              = ReturnIndirection[#this]        : &:r2897_6, ~m?
-# 2897|     v2897_45(void)              = ReturnVoid                      : 
-# 2897|     v2897_46(void)              = AliasedUse                      : ~m?
-# 2897|     v2897_47(void)              = ExitFunction                    : 
-
-# 2899| void StructInit::StructInit()
-# 2899|   Block 0
-# 2899|     v2899_1(void)               = EnterFunction                   : 
-# 2899|     mu2899_2(unknown)           = AliasedDefinition               : 
-# 2899|     mu2899_3(unknown)           = InitializeNonLocal              : 
-# 2899|     r2899_4(glval<unknown>)     = VariableAddress[#this]          : 
-# 2899|     mu2899_5(glval<StructInit>) = InitializeParameter[#this]      : &:r2899_4
-# 2899|     r2899_6(glval<StructInit>)  = Load[#this]                     : &:r2899_4, ~m?
-# 2899|     mu2899_7(StructInit)        = InitializeIndirection[#this]    : &:r2899_6
-# 2899|     r2899_8(glval<int>)         = FieldAddress[i]                 : r2899_6
-# 2899|     r2899_9(int)                = Constant[41]                    : 
-# 2899|     mu2899_10(int)              = Store[?]                        : &:r2899_8, r2899_9
-# 2899|     r2899_11(glval<unknown>)    = FunctionAddress[j]              : 
-# 2899|     v2899_12(void)              = Call[j]                         : func:r2899_11, this:r2899_6
-# 2899|     mu2899_13(unknown)          = ^CallSideEffect                 : ~m?
-# 2899|     v2899_14(void)              = ^IndirectReadSideEffect[-1]     : &:r2899_6, ~m?
-# 2899|     mu2899_15(StructInit)       = ^IndirectMayWriteSideEffect[-1] : &:r2899_6
-# 2899|     r2899_16(glval<int>)        = FieldAddress[k]                 : r2899_6
-# 2899|     r2899_17(int)               = Constant[41]                    : 
-# 2899|     mu2899_18(int)              = Store[?]                        : &:r2899_16, r2899_17
-# 2899|     r2899_19(glval<unknown>)    = FunctionAddress[l]              : 
-# 2899|     v2899_20(void)              = Call[l]                         : func:r2899_19, this:r2899_6
-# 2899|     mu2899_21(unknown)          = ^CallSideEffect                 : ~m?
-# 2899|     v2899_22(void)              = ^IndirectReadSideEffect[-1]     : &:r2899_6, ~m?
-# 2899|     mu2899_23(StructInit)       = ^IndirectMayWriteSideEffect[-1] : &:r2899_6
-# 2899|     r2899_24(glval<unknown>)    = FunctionAddress[m]              : 
-# 2899|     v2899_25(void)              = Call[m]                         : func:r2899_24, this:r2899_6
-# 2899|     mu2899_26(unknown)          = ^CallSideEffect                 : ~m?
-# 2899|     v2899_27(void)              = ^IndirectReadSideEffect[-1]     : &:r2899_6, ~m?
-# 2899|     mu2899_28(StructInit)       = ^IndirectMayWriteSideEffect[-1] : &:r2899_6
-# 2899|     r2899_29(glval<unknown>)    = FunctionAddress[n]              : 
-# 2899|     v2899_30(void)              = Call[n]                         : func:r2899_29, this:r2899_6
-# 2899|     mu2899_31(unknown)          = ^CallSideEffect                 : ~m?
-# 2899|     v2899_32(void)              = ^IndirectReadSideEffect[-1]     : &:r2899_6, ~m?
-# 2899|     mu2899_33(StructInit)       = ^IndirectMayWriteSideEffect[-1] : &:r2899_6
-# 2899|     v2899_34(void)              = NoOp                            : 
-# 2899|     v2899_35(void)              = ReturnIndirection[#this]        : &:r2899_6, ~m?
-# 2899|     v2899_36(void)              = ReturnVoid                      : 
-# 2899|     v2899_37(void)              = AliasedUse                      : ~m?
-# 2899|     v2899_38(void)              = ExitFunction                    : 
-
-# 2901| int StructInit::get_val()
-# 2901|   Block 0
-# 2901|     v2901_1(void)               = EnterFunction                : 
-# 2901|     mu2901_2(unknown)           = AliasedDefinition            : 
-# 2901|     mu2901_3(unknown)           = InitializeNonLocal           : 
-# 2901|     r2901_4(glval<unknown>)     = VariableAddress[#this]       : 
-# 2901|     mu2901_5(glval<StructInit>) = InitializeParameter[#this]   : &:r2901_4
-# 2901|     r2901_6(glval<StructInit>)  = Load[#this]                  : &:r2901_4, ~m?
-# 2901|     mu2901_7(StructInit)        = InitializeIndirection[#this] : &:r2901_6
-# 2901|     r2901_8(glval<int>)         = VariableAddress[#return]     : 
-# 2901|     r2901_9(glval<unknown>)     = VariableAddress[#this]       : 
-# 2901|     r2901_10(StructInit *)      = Load[#this]                  : &:r2901_9, ~m?
-# 2901|     r2901_11(glval<int>)        = FieldAddress[k]              : r2901_10
-# 2901|     r2901_12(int)               = Load[?]                      : &:r2901_11, ~m?
-# 2901|     mu2901_13(int)              = Store[#return]               : &:r2901_8, r2901_12
-# 2901|     v2901_14(void)              = ReturnIndirection[#this]     : &:r2901_6, ~m?
-# 2901|     r2901_15(glval<int>)        = VariableAddress[#return]     : 
-# 2901|     v2901_16(void)              = ReturnValue                  : &:r2901_15, ~m?
-# 2901|     v2901_17(void)              = AliasedUse                   : ~m?
-# 2901|     v2901_18(void)              = ExitFunction                 : 
-
-# 2905| void StructInitFromTemplate<int>::StructInitFromTemplate()
-# 2905|   Block 0
-# 2905|     v2905_1(void)                                = EnterFunction                   : 
-# 2905|     mu2905_2(unknown)                            = AliasedDefinition               : 
-# 2905|     mu2905_3(unknown)                            = InitializeNonLocal              : 
-# 2905|     r2905_4(glval<unknown>)                      = VariableAddress[#this]          : 
-# 2905|     mu2905_5(glval<StructInitFromTemplate<int>>) = InitializeParameter[#this]      : &:r2905_4
-# 2905|     r2905_6(glval<StructInitFromTemplate<int>>)  = Load[#this]                     : &:r2905_4, ~m?
-# 2905|     mu2905_7(StructInitFromTemplate<int>)        = InitializeIndirection[#this]    : &:r2905_6
-# 2905|     r2905_8(glval<unknown>)                      = FunctionAddress[t]              : 
-# 2905|     v2905_9(void)                                = Call[t]                         : func:r2905_8, this:r2905_6
-# 2905|     mu2905_10(unknown)                           = ^CallSideEffect                 : ~m?
-# 2905|     v2905_11(void)                               = ^IndirectReadSideEffect[-1]     : &:r2905_6, ~m?
-# 2905|     mu2905_12(StructInitFromTemplate<int>)       = ^IndirectMayWriteSideEffect[-1] : &:r2905_6
-# 2905|     v2905_13(void)                               = NoOp                            : 
-# 2905|     v2905_14(void)                               = ReturnIndirection[#this]        : &:r2905_6, ~m?
-# 2905|     v2905_15(void)                               = ReturnVoid                      : 
-# 2905|     v2905_16(void)                               = AliasedUse                      : ~m?
-# 2905|     v2905_17(void)                               = ExitFunction                    : 
-
-# 2906| int StructInitFromTemplate<int>::t
-# 2906|   Block 0
-# 2906|     v2906_1(void)                                = EnterFunction                 : 
-# 2906|     mu2906_2(unknown)                            = AliasedDefinition             : 
-# 2906|     mu2906_3(unknown)                            = InitializeNonLocal            : 
-# 2906|     r2906_4(glval<unknown>)                      = VariableAddress[#this]        : 
-# 2906|     mu2906_5(glval<StructInitFromTemplate<int>>) = InitializeParameter[#this]    : &:r2906_4
-# 2906|     r2906_6(glval<StructInitFromTemplate<int>>)  = Load[#this]                   : &:r2906_4, ~m?
-# 2906|     mu2906_7(StructInitFromTemplate<int>)        = InitializeIndirection[#this]  : &:r2906_6
-# 2906|     r2906_8(glval<int>)                          = FieldAddress[t]               : r2906_6
-# 2906|     r2906_9(glval<int>)                          = VariableAddress[#temp2906:11] : 
-# 2906|     r2906_10(int)                                = Constant[0]                   : 
-# 2906|     mu2906_11(int)                               = Store[#temp2906:11]           : &:r2906_9, r2906_10
-# 2906|     r2906_12(int)                                = Load[#temp2906:11]            : &:r2906_9, ~m?
-# 2906|     mu2906_13(int)                               = Store[?]                      : &:r2906_8, r2906_12
-# 2906|     v2906_14(void)                               = ReturnVoid                    : 
-# 2906|     v2906_15(void)                               = AliasedUse                    : ~m?
-# 2906|     v2906_16(void)                               = ExitFunction                  : 
-
-# 2909| StructInitFromTemplate<int> StructInitFromTemplateVar
-# 2909|   Block 0
-# 2909|     v2909_1(void)                               = EnterFunction                              : 
-# 2909|     mu2909_2(unknown)                           = AliasedDefinition                          : 
-# 2909|     r2909_3(glval<StructInitFromTemplate<int>>) = VariableAddress[StructInitFromTemplateVar] : 
-#-----|     r0_1(glval<StructInitFromTemplate<int>>)    = VariableAddress[#temp0:0]                  : 
-#-----|     mu0_2(StructInitFromTemplate<int>)          = Uninitialized[#temp0:0]                    : &:r0_1
-#-----|     r0_3(glval<unknown>)                        = FunctionAddress[StructInitFromTemplate]    : 
-#-----|     v0_4(void)                                  = Call[StructInitFromTemplate]               : func:r0_3, this:r0_1
-#-----|     mu0_5(unknown)                              = ^CallSideEffect                            : ~m?
-#-----|     mu0_6(StructInitFromTemplate<int>)          = ^IndirectMayWriteSideEffect[-1]            : &:r0_1
-#-----|     r0_7(StructInitFromTemplate<int>)           = Load[#temp0:0]                             : &:r0_1, ~m?
-#-----|     mu0_8(StructInitFromTemplate<int>)          = Store[StructInitFromTemplateVar]           : &:r2909_3, r0_7
-# 2909|     v2909_4(void)                               = ReturnVoid                                 : 
-# 2909|     v2909_5(void)                               = AliasedUse                                 : ~m?
-# 2909|     v2909_6(void)                               = ExitFunction                               : 
-
-# 2912| double VariableTemplate<double>
-# 2912|   Block 0
-# 2912|     v2912_1(void)          = EnterFunction                     : 
-# 2912|     mu2912_2(unknown)      = AliasedDefinition                 : 
-# 2912|     r2912_3(glval<double>) = VariableAddress[VariableTemplate] : 
-# 2912|     r2912_4(double)        = Constant[42.0]                    : 
-# 2912|     mu2912_5(double)       = Store[VariableTemplate]           : &:r2912_3, r2912_4
-# 2912|     v2912_6(void)          = ReturnVoid                        : 
-# 2912|     v2912_7(void)          = AliasedUse                        : ~m?
-# 2912|     v2912_8(void)          = ExitFunction                      : 
-
-# 2915| double VariableTemplateFunc<double>(double)
-# 2915|   Block 0
-# 2915|     v2915_1(void)          = EnterFunction            : 
-# 2915|     mu2915_2(unknown)      = AliasedDefinition        : 
-# 2915|     mu2915_3(unknown)      = InitializeNonLocal       : 
-# 2915|     r2915_4(glval<double>) = VariableAddress[x]       : 
-# 2915|     mu2915_5(double)       = InitializeParameter[x]   : &:r2915_4
-# 2916|     r2916_1(glval<double>) = VariableAddress[#return] : 
-# 2916|     r2916_2(double)        = Constant[42.0]           : 
-# 2916|     r2916_3(glval<double>) = VariableAddress[x]       : 
-# 2916|     r2916_4(double)        = Load[x]                  : &:r2916_3, ~m?
-# 2916|     r2916_5(double)        = Add                      : r2916_2, r2916_4
-# 2916|     mu2916_6(double)       = Store[#return]           : &:r2916_1, r2916_5
-# 2915|     r2915_6(glval<double>) = VariableAddress[#return] : 
-# 2915|     v2915_7(void)          = ReturnValue              : &:r2915_6, ~m?
-# 2915|     v2915_8(void)          = AliasedUse               : ~m?
-# 2915|     v2915_9(void)          = ExitFunction             : 
-
-# 2919| int VariableTemplateFuncUse
-# 2919|   Block 0
-# 2919|     v2919_1(void)           = EnterFunction                            : 
-# 2919|     mu2919_2(unknown)       = AliasedDefinition                        : 
-# 2919|     r2919_3(glval<int>)     = VariableAddress[VariableTemplateFuncUse] : 
-# 2919|     r2919_4(glval<unknown>) = FunctionAddress[VariableTemplateFunc]    : 
-# 2919|     r2919_5(double)         = Constant[2.299999999999999822]           : 
-# 2919|     r2919_6(double)         = Call[VariableTemplateFunc]               : func:r2919_4, 0:r2919_5
-# 2919|     mu2919_7(unknown)       = ^CallSideEffect                          : ~m?
-# 2919|     r2919_8(int)            = Convert                                  : r2919_6
-# 2919|     mu2919_9(int)           = Store[VariableTemplateFuncUse]           : &:r2919_3, r2919_8
-# 2919|     v2919_10(void)          = ReturnVoid                               : 
-# 2919|     v2919_11(void)          = AliasedUse                               : ~m?
-# 2919|     v2919_12(void)          = ExitFunction                             : 
-
 ir23.cpp:
 #    1| bool consteval_1()
 #    1|   Block 0