more command line shenanigans

avoid glob stuff
use relative paths in the autobuilders
2026-05-27 01:21:23 +02:00 · 2022-06-17 08:20:56 +00:00 · 2022-06-17 08:06:59 +00:00 · 2022-06-17 08:06:59 +00:00 · 2022-06-17 08:06:59 +00:00 · 2022-06-17 08:06:59 +00:00
1342 changed files with 54876 additions and 84203 deletions
--- a/.devcontainer/swift/Dockerfile
+++ b/.devcontainer/swift/Dockerfile
@@ -1,9 +0,0 @@
-# See here for image contents: https://github.com/microsoft/vscode-dev-containers/tree/v0.236.0/containers/cpp/.devcontainer/base.Dockerfile
-
-# [Choice] Debian / Ubuntu version (use Debian 11, Ubuntu 18.04/22.04 on local arm64/Apple Silicon): debian-11, debian-10, ubuntu-22.04, ubuntu-20.04, ubuntu-18.04
-FROM mcr.microsoft.com/vscode/devcontainers/cpp:0-ubuntu-22.04
-
-USER root
-ADD root.sh /tmp/root.sh
-ADD update-codeql.sh /usr/local/bin/update-codeql
-RUN bash /tmp/root.sh && rm /tmp/root.sh
--- a/.devcontainer/swift/devcontainer.json
+++ b/.devcontainer/swift/devcontainer.json
@@ -1,25 +0,0 @@
-{
-	"extensions": [
-		"github.vscode-codeql",
-		"hbenl.vscode-test-explorer",
-		"ms-vscode.test-adapter-converter",
-		"slevesque.vscode-zipexplorer",
-		"ms-vscode.cpptools"
-	],
-	"settings": {
-		"files.watcherExclude": {
-			"**/target/**": true
-		},
-		"codeQL.runningQueries.memory": 2048
-	},
-	"build": {
-		"dockerfile": "Dockerfile",
-	},
-	"runArgs": [
-		"--cap-add=SYS_PTRACE",
-		"--security-opt",
-		"seccomp=unconfined"
-	],
-	"remoteUser": "vscode",
-	"onCreateCommand": ".devcontainer/swift/user.sh"
-}
--- a/.devcontainer/swift/root.sh
+++ b/.devcontainer/swift/root.sh
@@ -1,22 +0,0 @@
-set -xe
-
-BAZELISK_VERSION=v1.12.0
-BAZELISK_DOWNLOAD_SHA=6b0bcb2ea15bca16fffabe6fda75803440375354c085480fe361d2cbf32501db
-
-apt-get update
-export DEBIAN_FRONTEND=noninteractive
-apt-get -y install --no-install-recommends \
-    zlib1g-dev \
-    uuid-dev \
-    python3-distutils \
-    python3-pip \
-    bash-completion
-
-# Install Bazel
-curl -fSsL -o /usr/local/bin/bazelisk https://github.com/bazelbuild/bazelisk/releases/download/${BAZELISK_VERSION}/bazelisk-linux-amd64
-echo "${BAZELISK_DOWNLOAD_SHA} */usr/local/bin/bazelisk" | sha256sum --check -
-chmod 0755 /usr/local/bin/bazelisk
-ln -s bazelisk /usr/local/bin/bazel
-
-# install latest codeql
-update-codeql
--- a/.devcontainer/swift/update-codeql.sh
+++ b/.devcontainer/swift/update-codeql.sh
@@ -1,20 +0,0 @@
-#!/bin/bash -e
-
-URL=https://github.com/github/codeql-cli-binaries/releases
-LATEST_VERSION=$(curl -L -s -H 'Accept: application/json' $URL/latest | sed -e 's/.*"tag_name":"\([^"]*\)".*/\1/')
-CURRENT_VERSION=v$(codeql version 2>/dev/null | sed -ne 's/.*release \([0-9.]*\)\./\1/p')
-if [[ $CURRENT_VERSION != $LATEST_VERSION ]]; then
-  if [[ $UID != 0 ]]; then
-    echo "update required, please run this script with sudo:"
-    echo "  sudo $0"
-    exit 1
-  fi
-  ZIP=$(mktemp codeql.XXXX.zip)
-  curl -fSqL -o $ZIP $URL/download/$LATEST_VERSION/codeql-linux64.zip
-  unzip -q $ZIP -d /opt
-  rm $ZIP
-  ln -sf /opt/codeql/codeql /usr/local/bin/codeql
-  echo installed version $LATEST_VERSION
-else
-  echo current version $CURRENT_VERSION is up-to-date
-fi
--- a/.devcontainer/swift/user.sh
+++ b/.devcontainer/swift/user.sh
@@ -1,13 +0,0 @@
-set -xe
-
-# add the workspace to the codeql search path
-mkdir -p /home/vscode/.config/codeql
-echo "--search-path /workspaces/codeql" > /home/vscode/.config/codeql/config
-
-# create a swift extractor pack with the current state
-cd /workspaces/codeql
-bazel run swift/create-extractor-pack
-
-#install and set up pre-commit
-python3 -m pip install pre-commit --no-warn-script-location
-$HOME/.local/bin/pre-commit install
--- a/.github/workflows/ql-for-ql-build.yml
+++ b/.github/workflows/ql-for-ql-build.yml
@@ -187,7 +187,6 @@ jobs:
          languages: ql
          db-location: ${{ runner.temp }}/db
          config-file: ./ql-for-ql-config.yml
-          tools: latest

      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@aa93aea877e5fb8841bcb1193f672abf6e9f2980
@@ -200,4 +199,3 @@ jobs:
        with:
          name: ${{ matrix.folder }}.sarif
          path: ${{ matrix.folder }}.sarif
-
--- a/.github/workflows/swift-codegen.yml
+++ b/.github/workflows/swift-codegen.yml
@@ -15,22 +15,18 @@ jobs:
      - uses: actions/checkout@v3
      - uses: ./.github/actions/fetch-codeql
      - uses: bazelbuild/setup-bazelisk@v2
-      - uses: actions/setup-python@v3
-      - uses: pre-commit/action@v3.0.0
-        name: Check that python code is properly formatted
-        with:
-          extra_args: autopep8 --all-files
      - name: Run unit tests
        run: |
          bazel test //swift/codegen/test --test_output=errors
-      - uses: pre-commit/action@v3.0.0
-        name: Check that QL generated code was checked in
-        with:
-          extra_args: swift-codegen --all-files
+      - name: Check that QL generated code was checked in
+        run: |
+          bazel run //swift/codegen
+          git add swift
+          git diff --exit-code HEAD
      - name: Generate C++ files
        run: |
-          bazel run //swift/codegen:codegen -- --generate=trap,cpp --cpp-output=$PWD/swift-generated-cpp-files
+          bazel run //swift/codegen:codegen -- --generate=trap,cpp --cpp-output=$PWD/swift-generated-headers
      - uses: actions/upload-artifact@v3
        with:
-          name: swift-generated-cpp-files
-          path: swift-generated-cpp-files/**
+          name: swift-generated-headers
+          path: swift-generated-headers/*.h
--- a/.gitignore
+++ b/.gitignore
@@ -58,6 +58,3 @@ go/main
 # node_modules folders except in the JS test suite
 node_modules/
 !/javascript/ql/test/**/node_modules/
-
-# Temporary folders for working with generated models
-.model-temp
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -15,12 +15,6 @@ repos:
      - id: clang-format
        files: ^swift/.*\.(h|c|cpp)$

-  - repo: https://github.com/pre-commit/mirrors-autopep8
-    rev: v1.6.0
-    hooks:
-      - id: autopep8
-        files: ^swift/codegen/.*\.py
-
  - repo: local
    hooks:
      - id: codeql-format
@@ -46,7 +40,7 @@ repos:
        name: Run Swift checked in code generation
        files: ^swift/(codegen/|.*/generated/|ql/lib/(swift\.dbscheme$|codeql/swift/elements))
        language: system
-        entry: bazel run //swift/codegen -- --quiet
+        entry: bazel run //swift/codegen
        pass_filenames: false

      - id: swift-codegen-unit-tests
--- a/config/identical-files.json
+++ b/config/identical-files.json
@@ -453,11 +453,11 @@
    "python/ql/src/Lexical/CommentedOutCodeReferences.inc.qhelp"
  ],
  "IDE Contextual Queries": [
-    "cpp/ql/lib/IDEContextual.qll",
-    "csharp/ql/lib/IDEContextual.qll",
-    "java/ql/lib/IDEContextual.qll",
-    "javascript/ql/lib/IDEContextual.qll",
-    "python/ql/lib/analysis/IDEContextual.qll"
+    "cpp/ql/src/IDEContextual.qll",
+    "csharp/ql/src/IDEContextual.qll",
+    "java/ql/src/IDEContextual.qll",
+    "javascript/ql/src/IDEContextual.qll",
+    "python/ql/src/analysis/IDEContextual.qll"
  ],
  "SSA C#": [
    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/SsaImplCommon.qll",
--- a/cpp/ql/lib/CHANGELOG.md
+++ b/cpp/ql/lib/CHANGELOG.md
@@ -1,19 +1,3 @@
-## 0.3.0
-
-### Deprecated APIs
-
-* The `BarrierGuard` class has been deprecated. Such barriers and sanitizers can now instead be created using the new `BarrierGuard` parameterized module.
-
-### Bug Fixes
-
-* `UserType.getADeclarationEntry()` now yields all forward declarations when the user type is a `class`, `struct`, or `union`.
-
-## 0.2.3
-
-### New Features
-
-* An `isBraced` predicate was added to the `Initializer` class which holds when a C++ braced initializer was used in the initialization.
-
 ## 0.2.2

 ### Deprecated APIs
--- a/cpp/ql/lib/change-notes/2022-05-30-braced-initializers.md
+++ b/cpp/ql/lib/change-notes/2022-05-30-braced-initializers.md
@@ -1,5 +1,4 @@
-## 0.2.3
-
-### New Features
-
+---
+category: feature
+---
 * An `isBraced` predicate was added to the `Initializer` class which holds when a C++ braced initializer was used in the initialization.
--- a/cpp/ql/lib/change-notes/released/0.3.0.md
+++ b/cpp/ql/lib/change-notes/released/0.3.0.md
@@ -1,9 +0,0 @@
-## 0.3.0
-
-### Deprecated APIs
-
-* The `BarrierGuard` class has been deprecated. Such barriers and sanitizers can now instead be created using the new `BarrierGuard` parameterized module.
-
-### Bug Fixes
-
-* `UserType.getADeclarationEntry()` now yields all forward declarations when the user type is a `class`, `struct`, or `union`.
--- a/cpp/ql/lib/codeql-pack.release.yml
+++ b/cpp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.3.0
+lastReleaseVersion: 0.2.2
--- a/cpp/ql/lib/qlpack.yml
+++ b/cpp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.3.1-dev
+version: 0.2.3-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp
--- a/cpp/ql/lib/semmle/code/cpp/UserType.qll
+++ b/cpp/ql/lib/semmle/code/cpp/UserType.qll
@@ -48,8 +48,8 @@ class UserType extends Type, Declaration, NameQualifyingElement, AccessHolder, @
  }

  override TypeDeclarationEntry getADeclarationEntry() {
-    if type_decls(_, unresolveElement(this), _)
-    then type_decls(underlyingElement(result), unresolveElement(this), _)
+    if type_decls(_, underlyingElement(this), _)
+    then type_decls(unresolveElement(result), underlyingElement(this), _)
    else exists(Class t | this.(Class).isConstructedFrom(t) and result = t.getADeclarationEntry())
  }

--- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll
@@ -90,20 +90,14 @@ abstract class Configuration extends string {
  /** Holds if data flow out of `node` is prohibited. */
  predicate isBarrierOut(Node node) { none() }

-  /**
-   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
-   *
-   * Holds if data flow through nodes guarded by `guard` is prohibited.
-   */
-  deprecated predicate isBarrierGuard(BarrierGuard guard) { none() }
+  /** Holds if data flow through nodes guarded by `guard` is prohibited. */
+  predicate isBarrierGuard(BarrierGuard guard) { none() }

  /**
-   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
-   *
   * Holds if data flow through nodes guarded by `guard` is prohibited when
   * the flow state is `state`
   */
-  deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }
+  predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }

  /**
   * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps.
@@ -341,29 +335,6 @@ private predicate outBarrier(NodeEx node, Configuration config) {
  )
 }

-/** A bridge class to access the deprecated `isBarrierGuard`. */
-private class BarrierGuardGuardedNodeBridge extends Unit {
-  abstract predicate guardedNode(Node n, Configuration config);
-
-  abstract predicate guardedNode(Node n, FlowState state, Configuration config);
-}
-
-private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge {
-  deprecated override predicate guardedNode(Node n, Configuration config) {
-    exists(BarrierGuard g |
-      config.isBarrierGuard(g) and
-      n = g.getAGuardedNode()
-    )
-  }
-
-  deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) {
-    exists(BarrierGuard g |
-      config.isBarrierGuard(g, state) and
-      n = g.getAGuardedNode()
-    )
-  }
-}
-
 pragma[nomagic]
 private predicate fullBarrier(NodeEx node, Configuration config) {
  exists(Node n | node.asNode() = n |
@@ -377,7 +348,10 @@ private predicate fullBarrier(NodeEx node, Configuration config) {
    not config.isSink(n) and
    not config.isSink(n, _)
    or
-    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, config)
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g) and
+      n = g.getAGuardedNode()
+    )
  )
 }

@@ -386,7 +360,10 @@ private predicate stateBarrier(NodeEx node, FlowState state, Configuration confi
  exists(Node n | node.asNode() = n |
    config.isBarrier(n, state)
    or
-    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, state, config)
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g, state) and
+      n = g.getAGuardedNode()
+    )
  )
 }

@@ -428,7 +405,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    simpleLocalFlowStepExt(n1, n2) and
    stepFilter(node1, node2, config)
  )
  or
@@ -447,7 +424,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    config.isAdditionalFlowStep(n1, n2) and
    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config)
  )
@@ -466,7 +443,7 @@ private predicate additionalLocalStateStep(
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
+    config.isAdditionalFlowStep(n1, s1, n2, s2) and
    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not stateBarrier(node1, s1, config) and
@@ -481,7 +458,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    jumpStepCached(n1, n2) and
    stepFilter(node1, node2, config) and
    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
  )
@@ -494,7 +471,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    config.isAdditionalFlowStep(n1, n2) and
    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -507,7 +484,7 @@ private predicate additionalJumpStateStep(
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
+    config.isAdditionalFlowStep(n1, s1, n2, s2) and
    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not stateBarrier(node1, s1, config) and
@@ -518,7 +495,7 @@ private predicate additionalJumpStateStep(

 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
+  readSet(node1.asNode(), c, node2.asNode()) and
  stepFilter(node1, node2, config)
  or
  exists(Node n |
@@ -562,8 +539,7 @@ pragma[nomagic]
 private predicate store(
  NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
-    contentType) and
+  store(node1.asNode(), tc, node2.asNode(), contentType) and
  read(_, tc.getContent(), _, config) and
  stepFilter(node1, node2, config)
 }
--- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll
@@ -90,20 +90,14 @@ abstract class Configuration extends string {
  /** Holds if data flow out of `node` is prohibited. */
  predicate isBarrierOut(Node node) { none() }

-  /**
-   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
-   *
-   * Holds if data flow through nodes guarded by `guard` is prohibited.
-   */
-  deprecated predicate isBarrierGuard(BarrierGuard guard) { none() }
+  /** Holds if data flow through nodes guarded by `guard` is prohibited. */
+  predicate isBarrierGuard(BarrierGuard guard) { none() }

  /**
-   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
-   *
   * Holds if data flow through nodes guarded by `guard` is prohibited when
   * the flow state is `state`
   */
-  deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }
+  predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }

  /**
   * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps.
@@ -341,29 +335,6 @@ private predicate outBarrier(NodeEx node, Configuration config) {
  )
 }

-/** A bridge class to access the deprecated `isBarrierGuard`. */
-private class BarrierGuardGuardedNodeBridge extends Unit {
-  abstract predicate guardedNode(Node n, Configuration config);
-
-  abstract predicate guardedNode(Node n, FlowState state, Configuration config);
-}
-
-private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge {
-  deprecated override predicate guardedNode(Node n, Configuration config) {
-    exists(BarrierGuard g |
-      config.isBarrierGuard(g) and
-      n = g.getAGuardedNode()
-    )
-  }
-
-  deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) {
-    exists(BarrierGuard g |
-      config.isBarrierGuard(g, state) and
-      n = g.getAGuardedNode()
-    )
-  }
-}
-
 pragma[nomagic]
 private predicate fullBarrier(NodeEx node, Configuration config) {
  exists(Node n | node.asNode() = n |
@@ -377,7 +348,10 @@ private predicate fullBarrier(NodeEx node, Configuration config) {
    not config.isSink(n) and
    not config.isSink(n, _)
    or
-    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, config)
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g) and
+      n = g.getAGuardedNode()
+    )
  )
 }

@@ -386,7 +360,10 @@ private predicate stateBarrier(NodeEx node, FlowState state, Configuration confi
  exists(Node n | node.asNode() = n |
    config.isBarrier(n, state)
    or
-    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, state, config)
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g, state) and
+      n = g.getAGuardedNode()
+    )
  )
 }

@@ -428,7 +405,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    simpleLocalFlowStepExt(n1, n2) and
    stepFilter(node1, node2, config)
  )
  or
@@ -447,7 +424,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    config.isAdditionalFlowStep(n1, n2) and
    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config)
  )
@@ -466,7 +443,7 @@ private predicate additionalLocalStateStep(
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
+    config.isAdditionalFlowStep(n1, s1, n2, s2) and
    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not stateBarrier(node1, s1, config) and
@@ -481,7 +458,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    jumpStepCached(n1, n2) and
    stepFilter(node1, node2, config) and
    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
  )
@@ -494,7 +471,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    config.isAdditionalFlowStep(n1, n2) and
    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -507,7 +484,7 @@ private predicate additionalJumpStateStep(
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
+    config.isAdditionalFlowStep(n1, s1, n2, s2) and
    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not stateBarrier(node1, s1, config) and
@@ -518,7 +495,7 @@ private predicate additionalJumpStateStep(

 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
+  readSet(node1.asNode(), c, node2.asNode()) and
  stepFilter(node1, node2, config)
  or
  exists(Node n |
@@ -562,8 +539,7 @@ pragma[nomagic]
 private predicate store(
  NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
-    contentType) and
+  store(node1.asNode(), tc, node2.asNode(), contentType) and
  read(_, tc.getContent(), _, config) and
  stepFilter(node1, node2, config)
 }
--- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll
@@ -90,20 +90,14 @@ abstract class Configuration extends string {
  /** Holds if data flow out of `node` is prohibited. */
  predicate isBarrierOut(Node node) { none() }

-  /**
-   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
-   *
-   * Holds if data flow through nodes guarded by `guard` is prohibited.
-   */
-  deprecated predicate isBarrierGuard(BarrierGuard guard) { none() }
+  /** Holds if data flow through nodes guarded by `guard` is prohibited. */
+  predicate isBarrierGuard(BarrierGuard guard) { none() }

  /**
-   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
-   *
   * Holds if data flow through nodes guarded by `guard` is prohibited when
   * the flow state is `state`
   */
-  deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }
+  predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }

  /**
   * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps.
@@ -341,29 +335,6 @@ private predicate outBarrier(NodeEx node, Configuration config) {
  )
 }

-/** A bridge class to access the deprecated `isBarrierGuard`. */
-private class BarrierGuardGuardedNodeBridge extends Unit {
-  abstract predicate guardedNode(Node n, Configuration config);
-
-  abstract predicate guardedNode(Node n, FlowState state, Configuration config);
-}
-
-private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge {
-  deprecated override predicate guardedNode(Node n, Configuration config) {
-    exists(BarrierGuard g |
-      config.isBarrierGuard(g) and
-      n = g.getAGuardedNode()
-    )
-  }
-
-  deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) {
-    exists(BarrierGuard g |
-      config.isBarrierGuard(g, state) and
-      n = g.getAGuardedNode()
-    )
-  }
-}
-
 pragma[nomagic]
 private predicate fullBarrier(NodeEx node, Configuration config) {
  exists(Node n | node.asNode() = n |
@@ -377,7 +348,10 @@ private predicate fullBarrier(NodeEx node, Configuration config) {
    not config.isSink(n) and
    not config.isSink(n, _)
    or
-    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, config)
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g) and
+      n = g.getAGuardedNode()
+    )
  )
 }

@@ -386,7 +360,10 @@ private predicate stateBarrier(NodeEx node, FlowState state, Configuration confi
  exists(Node n | node.asNode() = n |
    config.isBarrier(n, state)
    or
-    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, state, config)
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g, state) and
+      n = g.getAGuardedNode()
+    )
  )
 }

@@ -428,7 +405,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    simpleLocalFlowStepExt(n1, n2) and
    stepFilter(node1, node2, config)
  )
  or
@@ -447,7 +424,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    config.isAdditionalFlowStep(n1, n2) and
    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config)
  )
@@ -466,7 +443,7 @@ private predicate additionalLocalStateStep(
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
+    config.isAdditionalFlowStep(n1, s1, n2, s2) and
    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not stateBarrier(node1, s1, config) and
@@ -481,7 +458,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    jumpStepCached(n1, n2) and
    stepFilter(node1, node2, config) and
    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
  )
@@ -494,7 +471,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    config.isAdditionalFlowStep(n1, n2) and
    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -507,7 +484,7 @@ private predicate additionalJumpStateStep(
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
+    config.isAdditionalFlowStep(n1, s1, n2, s2) and
    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not stateBarrier(node1, s1, config) and
@@ -518,7 +495,7 @@ private predicate additionalJumpStateStep(

 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
+  readSet(node1.asNode(), c, node2.asNode()) and
  stepFilter(node1, node2, config)
  or
  exists(Node n |
@@ -562,8 +539,7 @@ pragma[nomagic]
 private predicate store(
  NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
-    contentType) and
+  store(node1.asNode(), tc, node2.asNode(), contentType) and
  read(_, tc.getContent(), _, config) and
  stepFilter(node1, node2, config)
 }
--- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll
@@ -90,20 +90,14 @@ abstract class Configuration extends string {
  /** Holds if data flow out of `node` is prohibited. */
  predicate isBarrierOut(Node node) { none() }

-  /**
-   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
-   *
-   * Holds if data flow through nodes guarded by `guard` is prohibited.
-   */
-  deprecated predicate isBarrierGuard(BarrierGuard guard) { none() }
+  /** Holds if data flow through nodes guarded by `guard` is prohibited. */
+  predicate isBarrierGuard(BarrierGuard guard) { none() }

  /**
-   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
-   *
   * Holds if data flow through nodes guarded by `guard` is prohibited when
   * the flow state is `state`
   */
-  deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }
+  predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }

  /**
   * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps.
@@ -341,29 +335,6 @@ private predicate outBarrier(NodeEx node, Configuration config) {
  )
 }

-/** A bridge class to access the deprecated `isBarrierGuard`. */
-private class BarrierGuardGuardedNodeBridge extends Unit {
-  abstract predicate guardedNode(Node n, Configuration config);
-
-  abstract predicate guardedNode(Node n, FlowState state, Configuration config);
-}
-
-private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge {
-  deprecated override predicate guardedNode(Node n, Configuration config) {
-    exists(BarrierGuard g |
-      config.isBarrierGuard(g) and
-      n = g.getAGuardedNode()
-    )
-  }
-
-  deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) {
-    exists(BarrierGuard g |
-      config.isBarrierGuard(g, state) and
-      n = g.getAGuardedNode()
-    )
-  }
-}
-
 pragma[nomagic]
 private predicate fullBarrier(NodeEx node, Configuration config) {
  exists(Node n | node.asNode() = n |
@@ -377,7 +348,10 @@ private predicate fullBarrier(NodeEx node, Configuration config) {
    not config.isSink(n) and
    not config.isSink(n, _)
    or
-    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, config)
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g) and
+      n = g.getAGuardedNode()
+    )
  )
 }

@@ -386,7 +360,10 @@ private predicate stateBarrier(NodeEx node, FlowState state, Configuration confi
  exists(Node n | node.asNode() = n |
    config.isBarrier(n, state)
    or
-    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, state, config)
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g, state) and
+      n = g.getAGuardedNode()
+    )
  )
 }

@@ -428,7 +405,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    simpleLocalFlowStepExt(n1, n2) and
    stepFilter(node1, node2, config)
  )
  or
@@ -447,7 +424,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    config.isAdditionalFlowStep(n1, n2) and
    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config)
  )
@@ -466,7 +443,7 @@ private predicate additionalLocalStateStep(
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
+    config.isAdditionalFlowStep(n1, s1, n2, s2) and
    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not stateBarrier(node1, s1, config) and
@@ -481,7 +458,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    jumpStepCached(n1, n2) and
    stepFilter(node1, node2, config) and
    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
  )
@@ -494,7 +471,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    config.isAdditionalFlowStep(n1, n2) and
    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -507,7 +484,7 @@ private predicate additionalJumpStateStep(
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
+    config.isAdditionalFlowStep(n1, s1, n2, s2) and
    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not stateBarrier(node1, s1, config) and
@@ -518,7 +495,7 @@ private predicate additionalJumpStateStep(

 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
+  readSet(node1.asNode(), c, node2.asNode()) and
  stepFilter(node1, node2, config)
  or
  exists(Node n |
@@ -562,8 +539,7 @@ pragma[nomagic]
 private predicate store(
  NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
-    contentType) and
+  store(node1.asNode(), tc, node2.asNode(), contentType) and
  read(_, tc.getContent(), _, config) and
  stepFilter(node1, node2, config)
 }
--- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll
@@ -90,20 +90,14 @@ abstract class Configuration extends string {
  /** Holds if data flow out of `node` is prohibited. */
  predicate isBarrierOut(Node node) { none() }

-  /**
-   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
-   *
-   * Holds if data flow through nodes guarded by `guard` is prohibited.
-   */
-  deprecated predicate isBarrierGuard(BarrierGuard guard) { none() }
+  /** Holds if data flow through nodes guarded by `guard` is prohibited. */
+  predicate isBarrierGuard(BarrierGuard guard) { none() }

  /**
-   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
-   *
   * Holds if data flow through nodes guarded by `guard` is prohibited when
   * the flow state is `state`
   */
-  deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }
+  predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }

  /**
   * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps.
@@ -341,29 +335,6 @@ private predicate outBarrier(NodeEx node, Configuration config) {
  )
 }

-/** A bridge class to access the deprecated `isBarrierGuard`. */
-private class BarrierGuardGuardedNodeBridge extends Unit {
-  abstract predicate guardedNode(Node n, Configuration config);
-
-  abstract predicate guardedNode(Node n, FlowState state, Configuration config);
-}
-
-private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge {
-  deprecated override predicate guardedNode(Node n, Configuration config) {
-    exists(BarrierGuard g |
-      config.isBarrierGuard(g) and
-      n = g.getAGuardedNode()
-    )
-  }
-
-  deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) {
-    exists(BarrierGuard g |
-      config.isBarrierGuard(g, state) and
-      n = g.getAGuardedNode()
-    )
-  }
-}
-
 pragma[nomagic]
 private predicate fullBarrier(NodeEx node, Configuration config) {
  exists(Node n | node.asNode() = n |
@@ -377,7 +348,10 @@ private predicate fullBarrier(NodeEx node, Configuration config) {
    not config.isSink(n) and
    not config.isSink(n, _)
    or
-    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, config)
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g) and
+      n = g.getAGuardedNode()
+    )
  )
 }

@@ -386,7 +360,10 @@ private predicate stateBarrier(NodeEx node, FlowState state, Configuration confi
  exists(Node n | node.asNode() = n |
    config.isBarrier(n, state)
    or
-    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, state, config)
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g, state) and
+      n = g.getAGuardedNode()
+    )
  )
 }

@@ -428,7 +405,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    simpleLocalFlowStepExt(n1, n2) and
    stepFilter(node1, node2, config)
  )
  or
@@ -447,7 +424,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    config.isAdditionalFlowStep(n1, n2) and
    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config)
  )
@@ -466,7 +443,7 @@ private predicate additionalLocalStateStep(
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
+    config.isAdditionalFlowStep(n1, s1, n2, s2) and
    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not stateBarrier(node1, s1, config) and
@@ -481,7 +458,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    jumpStepCached(n1, n2) and
    stepFilter(node1, node2, config) and
    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
  )
@@ -494,7 +471,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    config.isAdditionalFlowStep(n1, n2) and
    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -507,7 +484,7 @@ private predicate additionalJumpStateStep(
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
+    config.isAdditionalFlowStep(n1, s1, n2, s2) and
    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not stateBarrier(node1, s1, config) and
@@ -518,7 +495,7 @@ private predicate additionalJumpStateStep(

 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
+  readSet(node1.asNode(), c, node2.asNode()) and
  stepFilter(node1, node2, config)
  or
  exists(Node n |
@@ -562,8 +539,7 @@ pragma[nomagic]
 private predicate store(
  NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
-    contentType) and
+  store(node1.asNode(), tc, node2.asNode(), contentType) and
  read(_, tc.getContent(), _, config) and
  stepFilter(node1, node2, config)
 }
--- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowUtil.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowUtil.qll
@@ -850,34 +850,6 @@ class ContentSet instanceof Content {
 }

 /**
- * Holds if the guard `g` validates the expression `e` upon evaluating to `branch`.
- *
- * The expression `e` is expected to be a syntactic part of the guard `g`.
- * For example, the guard `g` might be a call `isSafe(x)` and the expression `e`
- * the argument `x`.
- */
-signature predicate guardChecksSig(GuardCondition g, Expr e, boolean branch);
-
-/**
- * Provides a set of barrier nodes for a guard that validates an expression.
- *
- * This is expected to be used in `isBarrier`/`isSanitizer` definitions
- * in data flow and taint tracking.
- */
-module BarrierGuard<guardChecksSig/3 guardChecks> {
-  /** Gets a node that is safely guarded by the given guard check. */
-  ExprNode getABarrierNode() {
-    exists(GuardCondition g, SsaDefinition def, Variable v, boolean branch |
-      result.getExpr() = def.getAUse(v) and
-      guardChecks(g, def.getAUse(v), branch) and
-      g.controls(result.getExpr().getBasicBlock(), branch)
-    )
-  }
-}
-
-/**
- * DEPRECATED: Use `BarrierGuard` module instead.
- *
 * A guard that validates some expression.
 *
 * To use this in a configuration, extend the class and provide a
@@ -886,7 +858,7 @@ module BarrierGuard<guardChecksSig/3 guardChecks> {
 *
 * It is important that all extending classes in scope are disjoint.
 */
-deprecated class BarrierGuard extends GuardCondition {
+class BarrierGuard extends GuardCondition {
  /** Override this predicate to hold if this guard validates `e` upon evaluating to `b`. */
  abstract predicate checks(Expr e, boolean b);

--- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/TaintTrackingUtil.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/TaintTrackingUtil.qll
@@ -47,6 +47,12 @@ predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::Content c) { n
 */
 predicate defaultTaintSanitizer(DataFlow::Node node) { none() }

+/**
+ * Holds if `guard` should be a sanitizer guard in all global taint flow configurations
+ * but not in local taint.
+ */
+predicate defaultTaintSanitizerGuard(DataFlow::BarrierGuard guard) { none() }
+
 /**
 * Holds if taint can flow in one local step from `nodeFrom` to `nodeTo` excluding
 * local data flow steps. That is, `nodeFrom` and `nodeTo` are likely to represent
--- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll
@@ -116,30 +116,20 @@ abstract class Configuration extends DataFlow::Configuration {

  final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) }

-  /**
-   * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead.
-   *
-   * Holds if taint propagation through nodes guarded by `guard` is prohibited.
-   */
-  deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() }
+  /** Holds if taint propagation through nodes guarded by `guard` is prohibited. */
+  predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() }

-  deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) {
-    this.isSanitizerGuard(guard)
+  final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) {
+    this.isSanitizerGuard(guard) or defaultTaintSanitizerGuard(guard)
  }

  /**
-   * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead.
-   *
   * Holds if taint propagation through nodes guarded by `guard` is prohibited
   * when the flow state is `state`.
   */
-  deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) {
-    none()
-  }
+  predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { none() }

-  deprecated final override predicate isBarrierGuard(
-    DataFlow::BarrierGuard guard, DataFlow::FlowState state
-  ) {
+  final override predicate isBarrierGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) {
    this.isSanitizerGuard(guard, state)
  }

--- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll
@@ -116,30 +116,20 @@ abstract class Configuration extends DataFlow::Configuration {

  final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) }

-  /**
-   * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead.
-   *
-   * Holds if taint propagation through nodes guarded by `guard` is prohibited.
-   */
-  deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() }
+  /** Holds if taint propagation through nodes guarded by `guard` is prohibited. */
+  predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() }

-  deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) {
-    this.isSanitizerGuard(guard)
+  final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) {
+    this.isSanitizerGuard(guard) or defaultTaintSanitizerGuard(guard)
  }

  /**
-   * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead.
-   *
   * Holds if taint propagation through nodes guarded by `guard` is prohibited
   * when the flow state is `state`.
   */
-  deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) {
-    none()
-  }
+  predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { none() }

-  deprecated final override predicate isBarrierGuard(
-    DataFlow::BarrierGuard guard, DataFlow::FlowState state
-  ) {
+  final override predicate isBarrierGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) {
    this.isSanitizerGuard(guard, state)
  }

--- a/cpp/ql/lib/semmle/code/cpp/exprs/Expr.qll
+++ b/cpp/ql/lib/semmle/code/cpp/exprs/Expr.qll
@@ -49,9 +49,6 @@ class Expr extends StmtParent, @expr {
  /** Gets the enclosing variable of this expression, if any. */
  Variable getEnclosingVariable() { result = exprEnclosingElement(this) }

-  /** Gets the enclosing variable or function of this expression. */
-  Declaration getEnclosingDeclaration() { result = exprEnclosingElement(this) }
-
  /** Gets a child of this expression. */
  Expr getAChild() { exists(int n | result = this.getChild(n)) }

--- a/cpp/ql/lib/semmle/code/cpp/internal/QualifiedName.qll
+++ b/cpp/ql/lib/semmle/code/cpp/internal/QualifiedName.qll
@@ -4,7 +4,11 @@
 * qualified.
 *
 * This file contains classes that mirror the standard AST classes for C++, but
- * these classes are only concerned with naming.
+ * these classes are only concerned with naming. The other difference is that
+ * these classes don't use the `ResolveClass.qll` mechanisms like
+ * `unresolveElement` because these classes should eventually be part of the
+ * implementation of `ResolveClass.qll`, allowing it to match up classes when
+ * their qualified names and parameters match.
 */

 private import semmle.code.cpp.Declaration as D
--- a/cpp/ql/lib/semmle/code/cpp/internal/ResolveClass.qll
+++ b/cpp/ql/lib/semmle/code/cpp/internal/ResolveClass.qll
@@ -115,13 +115,15 @@ private module Cached {
   */
  cached
  predicate isClass(@usertype t) {
-    usertypes(t, _, 1) or
-    usertypes(t, _, 2) or
-    usertypes(t, _, 3) or
-    usertypes(t, _, 6) or
-    usertypes(t, _, 10) or
-    usertypes(t, _, 11) or
-    usertypes(t, _, 12)
+    (
+      usertypes(t, _, 1) or
+      usertypes(t, _, 2) or
+      usertypes(t, _, 3) or
+      usertypes(t, _, 6) or
+      usertypes(t, _, 10) or
+      usertypes(t, _, 11) or
+      usertypes(t, _, 12)
+    )
  }

  cached
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll
@@ -90,20 +90,14 @@ abstract class Configuration extends string {
  /** Holds if data flow out of `node` is prohibited. */
  predicate isBarrierOut(Node node) { none() }

-  /**
-   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
-   *
-   * Holds if data flow through nodes guarded by `guard` is prohibited.
-   */
-  deprecated predicate isBarrierGuard(BarrierGuard guard) { none() }
+  /** Holds if data flow through nodes guarded by `guard` is prohibited. */
+  predicate isBarrierGuard(BarrierGuard guard) { none() }

  /**
-   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
-   *
   * Holds if data flow through nodes guarded by `guard` is prohibited when
   * the flow state is `state`
   */
-  deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }
+  predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }

  /**
   * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps.
@@ -341,29 +335,6 @@ private predicate outBarrier(NodeEx node, Configuration config) {
  )
 }

-/** A bridge class to access the deprecated `isBarrierGuard`. */
-private class BarrierGuardGuardedNodeBridge extends Unit {
-  abstract predicate guardedNode(Node n, Configuration config);
-
-  abstract predicate guardedNode(Node n, FlowState state, Configuration config);
-}
-
-private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge {
-  deprecated override predicate guardedNode(Node n, Configuration config) {
-    exists(BarrierGuard g |
-      config.isBarrierGuard(g) and
-      n = g.getAGuardedNode()
-    )
-  }
-
-  deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) {
-    exists(BarrierGuard g |
-      config.isBarrierGuard(g, state) and
-      n = g.getAGuardedNode()
-    )
-  }
-}
-
 pragma[nomagic]
 private predicate fullBarrier(NodeEx node, Configuration config) {
  exists(Node n | node.asNode() = n |
@@ -377,7 +348,10 @@ private predicate fullBarrier(NodeEx node, Configuration config) {
    not config.isSink(n) and
    not config.isSink(n, _)
    or
-    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, config)
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g) and
+      n = g.getAGuardedNode()
+    )
  )
 }

@@ -386,7 +360,10 @@ private predicate stateBarrier(NodeEx node, FlowState state, Configuration confi
  exists(Node n | node.asNode() = n |
    config.isBarrier(n, state)
    or
-    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, state, config)
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g, state) and
+      n = g.getAGuardedNode()
+    )
  )
 }

@@ -428,7 +405,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    simpleLocalFlowStepExt(n1, n2) and
    stepFilter(node1, node2, config)
  )
  or
@@ -447,7 +424,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    config.isAdditionalFlowStep(n1, n2) and
    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config)
  )
@@ -466,7 +443,7 @@ private predicate additionalLocalStateStep(
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
+    config.isAdditionalFlowStep(n1, s1, n2, s2) and
    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not stateBarrier(node1, s1, config) and
@@ -481,7 +458,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    jumpStepCached(n1, n2) and
    stepFilter(node1, node2, config) and
    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
  )
@@ -494,7 +471,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    config.isAdditionalFlowStep(n1, n2) and
    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -507,7 +484,7 @@ private predicate additionalJumpStateStep(
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
+    config.isAdditionalFlowStep(n1, s1, n2, s2) and
    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not stateBarrier(node1, s1, config) and
@@ -518,7 +495,7 @@ private predicate additionalJumpStateStep(

 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
+  readSet(node1.asNode(), c, node2.asNode()) and
  stepFilter(node1, node2, config)
  or
  exists(Node n |
@@ -562,8 +539,7 @@ pragma[nomagic]
 private predicate store(
  NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
-    contentType) and
+  store(node1.asNode(), tc, node2.asNode(), contentType) and
  read(_, tc.getContent(), _, config) and
  stepFilter(node1, node2, config)
 }
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll
@@ -90,20 +90,14 @@ abstract class Configuration extends string {
  /** Holds if data flow out of `node` is prohibited. */
  predicate isBarrierOut(Node node) { none() }

-  /**
-   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
-   *
-   * Holds if data flow through nodes guarded by `guard` is prohibited.
-   */
-  deprecated predicate isBarrierGuard(BarrierGuard guard) { none() }
+  /** Holds if data flow through nodes guarded by `guard` is prohibited. */
+  predicate isBarrierGuard(BarrierGuard guard) { none() }

  /**
-   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
-   *
   * Holds if data flow through nodes guarded by `guard` is prohibited when
   * the flow state is `state`
   */
-  deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }
+  predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }

  /**
   * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps.
@@ -341,29 +335,6 @@ private predicate outBarrier(NodeEx node, Configuration config) {
  )
 }

-/** A bridge class to access the deprecated `isBarrierGuard`. */
-private class BarrierGuardGuardedNodeBridge extends Unit {
-  abstract predicate guardedNode(Node n, Configuration config);
-
-  abstract predicate guardedNode(Node n, FlowState state, Configuration config);
-}
-
-private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge {
-  deprecated override predicate guardedNode(Node n, Configuration config) {
-    exists(BarrierGuard g |
-      config.isBarrierGuard(g) and
-      n = g.getAGuardedNode()
-    )
-  }
-
-  deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) {
-    exists(BarrierGuard g |
-      config.isBarrierGuard(g, state) and
-      n = g.getAGuardedNode()
-    )
-  }
-}
-
 pragma[nomagic]
 private predicate fullBarrier(NodeEx node, Configuration config) {
  exists(Node n | node.asNode() = n |
@@ -377,7 +348,10 @@ private predicate fullBarrier(NodeEx node, Configuration config) {
    not config.isSink(n) and
    not config.isSink(n, _)
    or
-    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, config)
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g) and
+      n = g.getAGuardedNode()
+    )
  )
 }

@@ -386,7 +360,10 @@ private predicate stateBarrier(NodeEx node, FlowState state, Configuration confi
  exists(Node n | node.asNode() = n |
    config.isBarrier(n, state)
    or
-    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, state, config)
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g, state) and
+      n = g.getAGuardedNode()
+    )
  )
 }

@@ -428,7 +405,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    simpleLocalFlowStepExt(n1, n2) and
    stepFilter(node1, node2, config)
  )
  or
@@ -447,7 +424,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    config.isAdditionalFlowStep(n1, n2) and
    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config)
  )
@@ -466,7 +443,7 @@ private predicate additionalLocalStateStep(
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
+    config.isAdditionalFlowStep(n1, s1, n2, s2) and
    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not stateBarrier(node1, s1, config) and
@@ -481,7 +458,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    jumpStepCached(n1, n2) and
    stepFilter(node1, node2, config) and
    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
  )
@@ -494,7 +471,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    config.isAdditionalFlowStep(n1, n2) and
    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -507,7 +484,7 @@ private predicate additionalJumpStateStep(
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
+    config.isAdditionalFlowStep(n1, s1, n2, s2) and
    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not stateBarrier(node1, s1, config) and
@@ -518,7 +495,7 @@ private predicate additionalJumpStateStep(

 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
+  readSet(node1.asNode(), c, node2.asNode()) and
  stepFilter(node1, node2, config)
  or
  exists(Node n |
@@ -562,8 +539,7 @@ pragma[nomagic]
 private predicate store(
  NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
-    contentType) and
+  store(node1.asNode(), tc, node2.asNode(), contentType) and
  read(_, tc.getContent(), _, config) and
  stepFilter(node1, node2, config)
 }
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll
@@ -90,20 +90,14 @@ abstract class Configuration extends string {
  /** Holds if data flow out of `node` is prohibited. */
  predicate isBarrierOut(Node node) { none() }

-  /**
-   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
-   *
-   * Holds if data flow through nodes guarded by `guard` is prohibited.
-   */
-  deprecated predicate isBarrierGuard(BarrierGuard guard) { none() }
+  /** Holds if data flow through nodes guarded by `guard` is prohibited. */
+  predicate isBarrierGuard(BarrierGuard guard) { none() }

  /**
-   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
-   *
   * Holds if data flow through nodes guarded by `guard` is prohibited when
   * the flow state is `state`
   */
-  deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }
+  predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }

  /**
   * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps.
@@ -341,29 +335,6 @@ private predicate outBarrier(NodeEx node, Configuration config) {
  )
 }

-/** A bridge class to access the deprecated `isBarrierGuard`. */
-private class BarrierGuardGuardedNodeBridge extends Unit {
-  abstract predicate guardedNode(Node n, Configuration config);
-
-  abstract predicate guardedNode(Node n, FlowState state, Configuration config);
-}
-
-private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge {
-  deprecated override predicate guardedNode(Node n, Configuration config) {
-    exists(BarrierGuard g |
-      config.isBarrierGuard(g) and
-      n = g.getAGuardedNode()
-    )
-  }
-
-  deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) {
-    exists(BarrierGuard g |
-      config.isBarrierGuard(g, state) and
-      n = g.getAGuardedNode()
-    )
-  }
-}
-
 pragma[nomagic]
 private predicate fullBarrier(NodeEx node, Configuration config) {
  exists(Node n | node.asNode() = n |
@@ -377,7 +348,10 @@ private predicate fullBarrier(NodeEx node, Configuration config) {
    not config.isSink(n) and
    not config.isSink(n, _)
    or
-    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, config)
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g) and
+      n = g.getAGuardedNode()
+    )
  )
 }

@@ -386,7 +360,10 @@ private predicate stateBarrier(NodeEx node, FlowState state, Configuration confi
  exists(Node n | node.asNode() = n |
    config.isBarrier(n, state)
    or
-    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, state, config)
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g, state) and
+      n = g.getAGuardedNode()
+    )
  )
 }

@@ -428,7 +405,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    simpleLocalFlowStepExt(n1, n2) and
    stepFilter(node1, node2, config)
  )
  or
@@ -447,7 +424,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    config.isAdditionalFlowStep(n1, n2) and
    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config)
  )
@@ -466,7 +443,7 @@ private predicate additionalLocalStateStep(
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
+    config.isAdditionalFlowStep(n1, s1, n2, s2) and
    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not stateBarrier(node1, s1, config) and
@@ -481,7 +458,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    jumpStepCached(n1, n2) and
    stepFilter(node1, node2, config) and
    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
  )
@@ -494,7 +471,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    config.isAdditionalFlowStep(n1, n2) and
    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -507,7 +484,7 @@ private predicate additionalJumpStateStep(
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
+    config.isAdditionalFlowStep(n1, s1, n2, s2) and
    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not stateBarrier(node1, s1, config) and
@@ -518,7 +495,7 @@ private predicate additionalJumpStateStep(

 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
+  readSet(node1.asNode(), c, node2.asNode()) and
  stepFilter(node1, node2, config)
  or
  exists(Node n |
@@ -562,8 +539,7 @@ pragma[nomagic]
 private predicate store(
  NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
-    contentType) and
+  store(node1.asNode(), tc, node2.asNode(), contentType) and
  read(_, tc.getContent(), _, config) and
  stepFilter(node1, node2, config)
 }
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll
@@ -90,20 +90,14 @@ abstract class Configuration extends string {
  /** Holds if data flow out of `node` is prohibited. */
  predicate isBarrierOut(Node node) { none() }

-  /**
-   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
-   *
-   * Holds if data flow through nodes guarded by `guard` is prohibited.
-   */
-  deprecated predicate isBarrierGuard(BarrierGuard guard) { none() }
+  /** Holds if data flow through nodes guarded by `guard` is prohibited. */
+  predicate isBarrierGuard(BarrierGuard guard) { none() }

  /**
-   * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead.
-   *
   * Holds if data flow through nodes guarded by `guard` is prohibited when
   * the flow state is `state`
   */
-  deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }
+  predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() }

  /**
   * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps.
@@ -341,29 +335,6 @@ private predicate outBarrier(NodeEx node, Configuration config) {
  )
 }

-/** A bridge class to access the deprecated `isBarrierGuard`. */
-private class BarrierGuardGuardedNodeBridge extends Unit {
-  abstract predicate guardedNode(Node n, Configuration config);
-
-  abstract predicate guardedNode(Node n, FlowState state, Configuration config);
-}
-
-private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge {
-  deprecated override predicate guardedNode(Node n, Configuration config) {
-    exists(BarrierGuard g |
-      config.isBarrierGuard(g) and
-      n = g.getAGuardedNode()
-    )
-  }
-
-  deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) {
-    exists(BarrierGuard g |
-      config.isBarrierGuard(g, state) and
-      n = g.getAGuardedNode()
-    )
-  }
-}
-
 pragma[nomagic]
 private predicate fullBarrier(NodeEx node, Configuration config) {
  exists(Node n | node.asNode() = n |
@@ -377,7 +348,10 @@ private predicate fullBarrier(NodeEx node, Configuration config) {
    not config.isSink(n) and
    not config.isSink(n, _)
    or
-    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, config)
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g) and
+      n = g.getAGuardedNode()
+    )
  )
 }

@@ -386,7 +360,10 @@ private predicate stateBarrier(NodeEx node, FlowState state, Configuration confi
  exists(Node n | node.asNode() = n |
    config.isBarrier(n, state)
    or
-    any(BarrierGuardGuardedNodeBridge b).guardedNode(n, state, config)
+    exists(BarrierGuard g |
+      config.isBarrierGuard(g, state) and
+      n = g.getAGuardedNode()
+    )
  )
 }

@@ -428,7 +405,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    simpleLocalFlowStepExt(n1, n2) and
    stepFilter(node1, node2, config)
  )
  or
@@ -447,7 +424,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    config.isAdditionalFlowStep(n1, n2) and
    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config)
  )
@@ -466,7 +443,7 @@ private predicate additionalLocalStateStep(
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
+    config.isAdditionalFlowStep(n1, s1, n2, s2) and
    getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not stateBarrier(node1, s1, config) and
@@ -481,7 +458,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    jumpStepCached(n1, n2) and
    stepFilter(node1, node2, config) and
    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
  )
@@ -494,7 +471,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
+    config.isAdditionalFlowStep(n1, n2) and
    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -507,7 +484,7 @@ private predicate additionalJumpStateStep(
  exists(Node n1, Node n2 |
    node1.asNode() = n1 and
    node2.asNode() = n2 and
-    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
+    config.isAdditionalFlowStep(n1, s1, n2, s2) and
    getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
    stepFilter(node1, node2, config) and
    not stateBarrier(node1, s1, config) and
@@ -518,7 +495,7 @@ private predicate additionalJumpStateStep(

 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
+  readSet(node1.asNode(), c, node2.asNode()) and
  stepFilter(node1, node2, config)
  or
  exists(Node n |
@@ -562,8 +539,7 @@ pragma[nomagic]
 private predicate store(
  NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
-    contentType) and
+  store(node1.asNode(), tc, node2.asNode(), contentType) and
  read(_, tc.getContent(), _, config) and
  stepFilter(node1, node2, config)
 }
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
@@ -100,7 +100,7 @@ class Node extends TIRDataFlowNode {
  Declaration getEnclosingCallable() { none() } // overridden in subclasses

  /** Gets the function to which this node belongs, if any. */
-  Declaration getFunction() { none() } // overridden in subclasses
+  Function getFunction() { none() } // overridden in subclasses

  /** Gets the type of this node. */
  IRType getType() { none() } // overridden in subclasses
@@ -196,7 +196,7 @@ class InstructionNode extends Node, TInstructionNode {

  override Declaration getEnclosingCallable() { result = this.getFunction() }

-  override Declaration getFunction() { result = instr.getEnclosingFunction() }
+  override Function getFunction() { result = instr.getEnclosingFunction() }

  override IRType getType() { result = instr.getResultIRType() }

@@ -222,7 +222,7 @@ class OperandNode extends Node, TOperandNode {

  override Declaration getEnclosingCallable() { result = this.getFunction() }

-  override Declaration getFunction() { result = op.getUse().getEnclosingFunction() }
+  override Function getFunction() { result = op.getUse().getEnclosingFunction() }

  override IRType getType() { result = op.getIRType() }

@@ -274,7 +274,7 @@ class StoreNodeInstr extends StoreNode, TStoreNodeInstr {
  /** Gets the underlying instruction. */
  Instruction getInstruction() { result = instr }

-  override Declaration getFunction() { result = this.getInstruction().getEnclosingFunction() }
+  override Function getFunction() { result = this.getInstruction().getEnclosingFunction() }

  override IRType getType() { result = this.getInstruction().getResultIRType() }

@@ -328,7 +328,7 @@ class StoreNodeOperand extends StoreNode, TStoreNodeOperand {
  /** Gets the underlying operand. */
  Operand getOperand() { result = operand }

-  override Declaration getFunction() { result = operand.getDef().getEnclosingFunction() }
+  override Function getFunction() { result = operand.getDef().getEnclosingFunction() }

  override IRType getType() { result = operand.getIRType() }

@@ -384,7 +384,7 @@ class ReadNode extends Node, TReadNode {

  override Declaration getEnclosingCallable() { result = this.getFunction() }

-  override Declaration getFunction() { result = this.getInstruction().getEnclosingFunction() }
+  override Function getFunction() { result = this.getInstruction().getEnclosingFunction() }

  override IRType getType() { result = this.getInstruction().getResultIRType() }

@@ -436,7 +436,7 @@ class SsaPhiNode extends Node, TSsaPhiNode {

  override Declaration getEnclosingCallable() { result = this.getFunction() }

-  override Declaration getFunction() { result = phi.getBasicBlock().getEnclosingFunction() }
+  override Function getFunction() { result = phi.getBasicBlock().getEnclosingFunction() }

  override IRType getType() { result instanceof IRVoidType }

@@ -673,7 +673,7 @@ class VariableNode extends Node, TVariableNode {
  /** Gets the variable corresponding to this node. */
  Variable getVariable() { result = v }

-  override Declaration getFunction() { none() }
+  override Function getFunction() { none() }

  override Declaration getEnclosingCallable() {
    // When flow crosses from one _enclosing callable_ to another, the
@@ -1092,56 +1092,6 @@ class ContentSet instanceof Content {
 }

 /**
- * Holds if the guard `g` validates the expression `e` upon evaluating to `branch`.
- *
- * The expression `e` is expected to be a syntactic part of the guard `g`.
- * For example, the guard `g` might be a call `isSafe(x)` and the expression `e`
- * the argument `x`.
- */
-signature predicate guardChecksSig(IRGuardCondition g, Expr e, boolean branch);
-
-/**
- * Provides a set of barrier nodes for a guard that validates an expression.
- *
- * This is expected to be used in `isBarrier`/`isSanitizer` definitions
- * in data flow and taint tracking.
- */
-module BarrierGuard<guardChecksSig/3 guardChecks> {
-  /** Gets a node that is safely guarded by the given guard check. */
-  ExprNode getABarrierNode() {
-    exists(IRGuardCondition g, ValueNumber value, boolean edge |
-      guardChecks(g, value.getAnInstruction().getConvertedResultExpression(), edge) and
-      result.asInstruction() = value.getAnInstruction() and
-      g.controls(result.asInstruction().getBlock(), edge)
-    )
-  }
-}
-
-/**
- * Holds if the guard `g` validates the instruction `instr` upon evaluating to `branch`.
- */
-signature predicate instructionGuardChecksSig(IRGuardCondition g, Instruction instr, boolean branch);
-
-/**
- * Provides a set of barrier nodes for a guard that validates an instruction.
- *
- * This is expected to be used in `isBarrier`/`isSanitizer` definitions
- * in data flow and taint tracking.
- */
-module InstructionBarrierGuard<instructionGuardChecksSig/3 instructionGuardChecks> {
-  /** Gets a node that is safely guarded by the given guard check. */
-  ExprNode getABarrierNode() {
-    exists(IRGuardCondition g, ValueNumber value, boolean edge |
-      instructionGuardChecks(g, value.getAnInstruction(), edge) and
-      result.asInstruction() = value.getAnInstruction() and
-      g.controls(result.asInstruction().getBlock(), edge)
-    )
-  }
-}
-
-/**
- * DEPRECATED: Use `BarrierGuard` module instead.
- *
 * A guard that validates some instruction.
 *
 * To use this in a configuration, extend the class and provide a
@@ -1150,7 +1100,7 @@ module InstructionBarrierGuard<instructionGuardChecksSig/3 instructionGuardCheck
 *
 * It is important that all extending classes in scope are disjoint.
 */
-deprecated class BarrierGuard extends IRGuardCondition {
+class BarrierGuard extends IRGuardCondition {
  /** Override this predicate to hold if this guard validates `instr` upon evaluating to `b`. */
  predicate checksInstr(Instruction instr, boolean b) { none() }

--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintIRLocalFlow.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintIRLocalFlow.qll
@@ -94,6 +94,12 @@ private string getNodeProperty(DataFlow::Node node, string key) {
      any(DataFlow::Configuration cfg).isBarrierIn(node) and kind = "in"
      or
      any(DataFlow::Configuration cfg).isBarrierOut(node) and kind = "out"
+      or
+      exists(DataFlow::BarrierGuard guard |
+        any(DataFlow::Configuration cfg).isBarrierGuard(guard) and
+        node = guard.getAGuardedNode() and
+        kind = "guard(" + guard.getResultId() + ")"
+      )
    |
      kind, ", "
    )
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll
@@ -163,6 +163,12 @@ predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::Content c) { n
 */
 predicate defaultTaintSanitizer(DataFlow::Node node) { none() }

+/**
+ * Holds if `guard` should be a sanitizer guard in all global taint flow configurations
+ * but not in local taint.
+ */
+predicate defaultTaintSanitizerGuard(DataFlow::BarrierGuard guard) { none() }
+
 /**
 * Holds if taint can flow from `instrIn` to `instrOut` through a call to a
 * modeled function.
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking1/TaintTrackingImpl.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking1/TaintTrackingImpl.qll
@@ -116,30 +116,20 @@ abstract class Configuration extends DataFlow::Configuration {

  final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) }

-  /**
-   * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead.
-   *
-   * Holds if taint propagation through nodes guarded by `guard` is prohibited.
-   */
-  deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() }
+  /** Holds if taint propagation through nodes guarded by `guard` is prohibited. */
+  predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() }

-  deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) {
-    this.isSanitizerGuard(guard)
+  final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) {
+    this.isSanitizerGuard(guard) or defaultTaintSanitizerGuard(guard)
  }

  /**
-   * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead.
-   *
   * Holds if taint propagation through nodes guarded by `guard` is prohibited
   * when the flow state is `state`.
   */
-  deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) {
-    none()
-  }
+  predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { none() }

-  deprecated final override predicate isBarrierGuard(
-    DataFlow::BarrierGuard guard, DataFlow::FlowState state
-  ) {
+  final override predicate isBarrierGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) {
    this.isSanitizerGuard(guard, state)
  }

--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking2/TaintTrackingImpl.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking2/TaintTrackingImpl.qll
@@ -116,30 +116,20 @@ abstract class Configuration extends DataFlow::Configuration {

  final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) }

-  /**
-   * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead.
-   *
-   * Holds if taint propagation through nodes guarded by `guard` is prohibited.
-   */
-  deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() }
+  /** Holds if taint propagation through nodes guarded by `guard` is prohibited. */
+  predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() }

-  deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) {
-    this.isSanitizerGuard(guard)
+  final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) {
+    this.isSanitizerGuard(guard) or defaultTaintSanitizerGuard(guard)
  }

  /**
-   * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead.
-   *
   * Holds if taint propagation through nodes guarded by `guard` is prohibited
   * when the flow state is `state`.
   */
-  deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) {
-    none()
-  }
+  predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { none() }

-  deprecated final override predicate isBarrierGuard(
-    DataFlow::BarrierGuard guard, DataFlow::FlowState state
-  ) {
+  final override predicate isBarrierGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) {
    this.isSanitizerGuard(guard, state)
  }

--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking3/TaintTrackingImpl.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking3/TaintTrackingImpl.qll
@@ -116,30 +116,20 @@ abstract class Configuration extends DataFlow::Configuration {

  final override predicate isBarrierOut(DataFlow::Node node) { this.isSanitizerOut(node) }

-  /**
-   * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead.
-   *
-   * Holds if taint propagation through nodes guarded by `guard` is prohibited.
-   */
-  deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() }
+  /** Holds if taint propagation through nodes guarded by `guard` is prohibited. */
+  predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() }

-  deprecated final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) {
-    this.isSanitizerGuard(guard)
+  final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) {
+    this.isSanitizerGuard(guard) or defaultTaintSanitizerGuard(guard)
  }

  /**
-   * DEPRECATED: Use `isSanitizer` and `BarrierGuard` module instead.
-   *
   * Holds if taint propagation through nodes guarded by `guard` is prohibited
   * when the flow state is `state`.
   */
-  deprecated predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) {
-    none()
-  }
+  predicate isSanitizerGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) { none() }

-  deprecated final override predicate isBarrierGuard(
-    DataFlow::BarrierGuard guard, DataFlow::FlowState state
-  ) {
+  final override predicate isBarrierGuard(DataFlow::BarrierGuard guard, DataFlow::FlowState state) {
    this.isSanitizerGuard(guard, state)
  }

--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/IRConfiguration.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/IRConfiguration.qll
@@ -16,7 +16,7 @@ class IRConfiguration extends TIRConfiguration {
  /**
   * Holds if IR should be created for function `func`. By default, holds for all functions.
   */
-  predicate shouldCreateIRForFunction(Language::Declaration func) { any() }
+  predicate shouldCreateIRForFunction(Language::Function func) { any() }

  /**
   * Holds if the strings used as part of an IR dump should be generated for function `func`.
@@ -25,7 +25,7 @@ class IRConfiguration extends TIRConfiguration {
   * of debug strings for IR that will not be dumped. We still generate the actual IR for these
   * functions, however, to preserve the results of any interprocedural analysis.
   */
-  predicate shouldEvaluateDebugStringsForFunction(Language::Declaration func) { any() }
+  predicate shouldEvaluateDebugStringsForFunction(Language::Function func) { any() }
 }

 private newtype TIREscapeAnalysisConfiguration = MkIREscapeAnalysisConfiguration()
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRBlock.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRBlock.qll
@@ -97,7 +97,7 @@ class IRBlockBase extends TIRBlock {
  /**
   * Gets the `Function` that contains this block.
   */
-  final Language::Declaration getEnclosingFunction() {
+  final Language::Function getEnclosingFunction() {
    result = getFirstInstruction(this).getEnclosingFunction()
  }
 }
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRConsistency.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRConsistency.qll
@@ -524,23 +524,4 @@ module InstructionConsistency {
        "' has a `this` argument operand that is not an address, in function '$@'." and
    irFunc = getInstructionIRFunction(instr, irFuncText)
  }
-
-  query predicate nonUniqueIRVariable(
-    Instruction instr, string message, OptionalIRFunction irFunc, string irFuncText
-  ) {
-    exists(VariableInstruction vi, IRVariable v1, IRVariable v2 |
-      instr = vi and vi.getIRVariable() = v1 and vi.getIRVariable() = v2 and v1 != v2
-    ) and
-    message =
-      "Variable instruction '" + instr.toString() +
-        "' has multiple associated variables, in function '$@'." and
-    irFunc = getInstructionIRFunction(instr, irFuncText)
-    or
-    instr.getOpcode() instanceof Opcode::VariableAddress and
-    not instr instanceof VariableInstruction and
-    message =
-      "Variable address instruction '" + instr.toString() +
-        "' has no associated variable, in function '$@'." and
-    irFunc = getInstructionIRFunction(instr, irFuncText)
-  }
 }
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRVariable.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRVariable.qll
@@ -18,7 +18,7 @@ private import Imports::IRType
 * by the AST-to-IR translation (`IRTempVariable`).
 */
 class IRVariable extends TIRVariable {
-  Language::Declaration func;
+  Language::Function func;

  IRVariable() {
    this = TIRUserVariable(_, _, func) or
@@ -79,7 +79,7 @@ class IRVariable extends TIRVariable {
  /**
   * Gets the function that references this variable.
   */
-  final Language::Declaration getEnclosingFunction() { result = func }
+  final Language::Function getEnclosingFunction() { result = func }
 }

 /**
@@ -246,7 +246,7 @@ class IREllipsisVariable extends IRTempVariable, IRParameter {

  final override string toString() { result = "#ellipsis" }

-  final override int getIndex() { result = func.(Language::Function).getNumberOfParameters() }
+  final override int getIndex() { result = func.getNumberOfParameters() }
 }

 /**
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll
@@ -194,7 +194,7 @@ class Instruction extends Construction::TStageInstruction {
  /**
   * Gets the function that contains this instruction.
   */
-  final Language::Declaration getEnclosingFunction() {
+  final Language::Function getEnclosingFunction() {
    result = this.getEnclosingIRFunction().getFunction()
  }

--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/PrintIR.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/PrintIR.qll
@@ -26,20 +26,20 @@ class PrintIRConfiguration extends TPrintIRConfiguration {
   * Holds if the IR for `func` should be printed. By default, holds for all
   * functions.
   */
-  predicate shouldPrintFunction(Language::Declaration decl) { any() }
+  predicate shouldPrintFunction(Language::Function func) { any() }
 }

 /**
 * Override of `IRConfiguration` to only evaluate debug strings for the functions that are to be dumped.
 */
 private class FilteredIRConfiguration extends IRConfiguration {
-  override predicate shouldEvaluateDebugStringsForFunction(Language::Declaration func) {
+  override predicate shouldEvaluateDebugStringsForFunction(Language::Function func) {
    shouldPrintFunction(func)
  }
 }

-private predicate shouldPrintFunction(Language::Declaration decl) {
-  exists(PrintIRConfiguration config | config.shouldPrintFunction(decl))
+private predicate shouldPrintFunction(Language::Function func) {
+  exists(PrintIRConfiguration config | config.shouldPrintFunction(func))
 }

 private string getAdditionalInstructionProperty(Instruction instr, string key) {
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/IRFunctionBase.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/IRFunctionBase.qll
@@ -5,28 +5,23 @@
 private import IRFunctionBaseInternal

 private newtype TIRFunction =
-  TFunctionIRFunction(Language::Function func) { IRConstruction::Raw::functionHasIR(func) } or
-  TVarInitIRFunction(Language::GlobalVariable var) { IRConstruction::Raw::varHasIRFunc(var) }
+  MkIRFunction(Language::Function func) { IRConstruction::Raw::functionHasIR(func) }

 /**
 * The IR for a function. This base class contains only the predicates that are the same between all
 * phases of the IR. Each instantiation of `IRFunction` extends this class.
 */
 class IRFunctionBase extends TIRFunction {
-  Language::Declaration decl;
+  Language::Function func;

-  IRFunctionBase() {
-    this = TFunctionIRFunction(decl)
-    or
-    this = TVarInitIRFunction(decl)
-  }
+  IRFunctionBase() { this = MkIRFunction(func) }

  /** Gets a textual representation of this element. */
-  final string toString() { result = "IR: " + decl.toString() }
+  final string toString() { result = "IR: " + func.toString() }

  /** Gets the function whose IR is represented. */
-  final Language::Declaration getFunction() { result = decl }
+  final Language::Function getFunction() { result = func }

  /** Gets the location of the function. */
-  final Language::Location getLocation() { result = decl.getLocation() }
+  final Language::Location getLocation() { result = func.getLocation() }
 }
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TIRVariable.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TIRVariable.qll
@@ -2,21 +2,21 @@ private import TIRVariableInternal
 private import Imports::TempVariableTag

 newtype TIRVariable =
-  TIRUserVariable(Language::Variable var, Language::LanguageType type, Language::Declaration func) {
+  TIRUserVariable(Language::Variable var, Language::LanguageType type, Language::Function func) {
    Construction::hasUserVariable(func, var, type)
  } or
  TIRTempVariable(
-    Language::Declaration func, Language::AST ast, TempVariableTag tag, Language::LanguageType type
+    Language::Function func, Language::AST ast, TempVariableTag tag, Language::LanguageType type
  ) {
    Construction::hasTempVariable(func, ast, tag, type)
  } or
  TIRDynamicInitializationFlag(
-    Language::Declaration func, Language::Variable var, Language::LanguageType type
+    Language::Function func, Language::Variable var, Language::LanguageType type
  ) {
    Construction::hasDynamicInitializationFlag(func, var, type)
  } or
  TIRStringLiteral(
-    Language::Declaration func, Language::AST ast, Language::LanguageType type,
+    Language::Function func, Language::AST ast, Language::LanguageType type,
    Language::StringLiteral literal
  ) {
    Construction::hasStringLiteral(func, ast, type, literal)
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRBlock.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRBlock.qll
@@ -97,7 +97,7 @@ class IRBlockBase extends TIRBlock {
  /**
   * Gets the `Function` that contains this block.
   */
-  final Language::Declaration getEnclosingFunction() {
+  final Language::Function getEnclosingFunction() {
    result = getFirstInstruction(this).getEnclosingFunction()
  }
 }
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRConsistency.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRConsistency.qll
@@ -524,23 +524,4 @@ module InstructionConsistency {
        "' has a `this` argument operand that is not an address, in function '$@'." and
    irFunc = getInstructionIRFunction(instr, irFuncText)
  }
-
-  query predicate nonUniqueIRVariable(
-    Instruction instr, string message, OptionalIRFunction irFunc, string irFuncText
-  ) {
-    exists(VariableInstruction vi, IRVariable v1, IRVariable v2 |
-      instr = vi and vi.getIRVariable() = v1 and vi.getIRVariable() = v2 and v1 != v2
-    ) and
-    message =
-      "Variable instruction '" + instr.toString() +
-        "' has multiple associated variables, in function '$@'." and
-    irFunc = getInstructionIRFunction(instr, irFuncText)
-    or
-    instr.getOpcode() instanceof Opcode::VariableAddress and
-    not instr instanceof VariableInstruction and
-    message =
-      "Variable address instruction '" + instr.toString() +
-        "' has no associated variable, in function '$@'." and
-    irFunc = getInstructionIRFunction(instr, irFuncText)
-  }
 }
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRVariable.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRVariable.qll
@@ -18,7 +18,7 @@ private import Imports::IRType
 * by the AST-to-IR translation (`IRTempVariable`).
 */
 class IRVariable extends TIRVariable {
-  Language::Declaration func;
+  Language::Function func;

  IRVariable() {
    this = TIRUserVariable(_, _, func) or
@@ -79,7 +79,7 @@ class IRVariable extends TIRVariable {
  /**
   * Gets the function that references this variable.
   */
-  final Language::Declaration getEnclosingFunction() { result = func }
+  final Language::Function getEnclosingFunction() { result = func }
 }

 /**
@@ -246,7 +246,7 @@ class IREllipsisVariable extends IRTempVariable, IRParameter {

  final override string toString() { result = "#ellipsis" }

-  final override int getIndex() { result = func.(Language::Function).getNumberOfParameters() }
+  final override int getIndex() { result = func.getNumberOfParameters() }
 }

 /**
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll
@@ -194,7 +194,7 @@ class Instruction extends Construction::TStageInstruction {
  /**
   * Gets the function that contains this instruction.
   */
-  final Language::Declaration getEnclosingFunction() {
+  final Language::Function getEnclosingFunction() {
    result = this.getEnclosingIRFunction().getFunction()
  }

--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/PrintIR.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/PrintIR.qll
@@ -26,20 +26,20 @@ class PrintIRConfiguration extends TPrintIRConfiguration {
   * Holds if the IR for `func` should be printed. By default, holds for all
   * functions.
   */
-  predicate shouldPrintFunction(Language::Declaration decl) { any() }
+  predicate shouldPrintFunction(Language::Function func) { any() }
 }

 /**
 * Override of `IRConfiguration` to only evaluate debug strings for the functions that are to be dumped.
 */
 private class FilteredIRConfiguration extends IRConfiguration {
-  override predicate shouldEvaluateDebugStringsForFunction(Language::Declaration func) {
+  override predicate shouldEvaluateDebugStringsForFunction(Language::Function func) {
    shouldPrintFunction(func)
  }
 }

-private predicate shouldPrintFunction(Language::Declaration decl) {
-  exists(PrintIRConfiguration config | config.shouldPrintFunction(decl))
+private predicate shouldPrintFunction(Language::Function func) {
+  exists(PrintIRConfiguration config | config.shouldPrintFunction(func))
 }

 private string getAdditionalInstructionProperty(Instruction instr, string key) {
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/IRConstruction.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/IRConstruction.qll
@@ -13,7 +13,6 @@ private import TranslatedElement
 private import TranslatedExpr
 private import TranslatedStmt
 private import TranslatedFunction
-private import TranslatedGlobalVar

 TranslatedElement getInstructionTranslatedElement(Instruction instruction) {
  instruction = TRawInstruction(result, _)
@@ -36,41 +35,29 @@ module Raw {
  cached
  predicate functionHasIR(Function func) { exists(getTranslatedFunction(func)) }

-  cached
-  predicate varHasIRFunc(GlobalOrNamespaceVariable var) {
-    var.hasInitializer() and
-    (
-      not var.getType().isDeeplyConst()
-      or
-      var.getInitializer().getExpr() instanceof StringLiteral
-    )
-  }
-
  cached
  predicate hasInstruction(TranslatedElement element, InstructionTag tag) {
    element.hasInstruction(_, tag, _)
  }

  cached
-  predicate hasUserVariable(Declaration decl, Variable var, CppType type) {
-    getTranslatedFunction(decl).hasUserVariable(var, type)
-    or
-    getTranslatedVarInit(decl).hasUserVariable(var, type)
+  predicate hasUserVariable(Function func, Variable var, CppType type) {
+    getTranslatedFunction(func).hasUserVariable(var, type)
  }

  cached
-  predicate hasTempVariable(Declaration decl, Locatable ast, TempVariableTag tag, CppType type) {
+  predicate hasTempVariable(Function func, Locatable ast, TempVariableTag tag, CppType type) {
    exists(TranslatedElement element |
      element.getAst() = ast and
-      decl = element.getFunction() and
+      func = element.getFunction() and
      element.hasTempVariable(tag, type)
    )
  }

  cached
-  predicate hasStringLiteral(Declaration decl, Locatable ast, CppType type, StringLiteral literal) {
+  predicate hasStringLiteral(Function func, Locatable ast, CppType type, StringLiteral literal) {
    literal = ast and
-    literal.getEnclosingDeclaration() = decl and
+    literal.getEnclosingFunction() = func and
    getTypeForPRValue(literal.getType()) = type
  }

--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll
@@ -180,7 +180,7 @@ abstract class TranslatedSideEffects extends TranslatedElement {
  /** DEPRECATED: Alias for getAst */
  deprecated override Locatable getAST() { result = getAst() }

-  final override Declaration getFunction() { result = getExpr().getEnclosingDeclaration() }
+  final override Function getFunction() { result = getExpr().getEnclosingFunction() }

  final override TranslatedElement getChild(int i) {
    result =
@@ -375,7 +375,7 @@ abstract class TranslatedSideEffect extends TranslatedElement {
    kind instanceof GotoEdge
  }

-  final override Declaration getFunction() { result = getParent().getFunction() }
+  final override Function getFunction() { result = getParent().getFunction() }

  final override Instruction getPrimaryInstructionForSideEffect(InstructionTag tag) {
    tag = OnlyInstructionTag() and
@@ -436,6 +436,13 @@ abstract class TranslatedArgumentSideEffect extends TranslatedSideEffect {
    result = index
  }

+  /**
+   * Gets the `TranslatedFunction` containing this expression.
+   */
+  final TranslatedFunction getEnclosingFunction() {
+    result = getTranslatedFunction(call.getEnclosingFunction())
+  }
+
  final override predicate sideEffectInstruction(Opcode opcode, CppType type) {
    opcode = sideEffectOpcode and
    (
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedElement.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedElement.qll
@@ -25,9 +25,9 @@ private Element getRealParent(Expr expr) {
  result.(Destructor).getADestruction() = expr
 }

-IRUserVariable getIRUserVariable(Declaration decl, Variable var) {
+IRUserVariable getIRUserVariable(Function func, Variable var) {
  result.getVariable() = var and
-  result.getEnclosingFunction() = decl
+  result.getEnclosingFunction() = func
 }

 IRTempVariable getIRTempVariable(Locatable ast, TempVariableTag tag) {
@@ -67,8 +67,7 @@ private predicate ignoreExprAndDescendants(Expr expr) {
  exists(Initializer init, StaticStorageDurationVariable var |
    init = var.getInitializer() and
    not var.hasDynamicInitialization() and
-    expr = init.getExpr().getFullyConverted() and
-    not var instanceof GlobalOrNamespaceVariable
+    expr = init.getExpr().getFullyConverted()
  )
  or
  // Ignore descendants of `__assume` expressions, since we translated these to `NoOp`.
@@ -118,8 +117,7 @@ private predicate ignoreExprOnly(Expr expr) {
  // should not be translated.
  exists(NewOrNewArrayExpr new | expr = new.getAllocatorCall().getArgument(0))
  or
-  not translateFunction(expr.getEnclosingFunction()) and
-  not Raw::varHasIRFunc(expr.getEnclosingVariable())
+  not translateFunction(expr.getEnclosingFunction())
  or
  // We do not yet translate destructors properly, so for now we ignore the
  // destructor call. We do, however, translate the expression being
@@ -664,8 +662,7 @@ newtype TTranslatedElement =
    opcode = getASideEffectOpcode(call, -1)
  } or
  // The side effect that initializes newly-allocated memory.
-  TTranslatedAllocationSideEffect(AllocationExpr expr) { not ignoreSideEffects(expr) } or
-  TTranslatedGlobalOrNamespaceVarInit(GlobalOrNamespaceVariable var) { Raw::varHasIRFunc(var) }
+  TTranslatedAllocationSideEffect(AllocationExpr expr) { not ignoreSideEffects(expr) }

 /**
 * Gets the index of the first explicitly initialized element in `initList`
@@ -795,7 +792,7 @@ abstract class TranslatedElement extends TTranslatedElement {
  /**
   * Gets the `Function` that contains this element.
   */
-  abstract Declaration getFunction();
+  abstract Function getFunction();

  /**
   * Gets the successor instruction of the instruction that was generated by
@@ -945,14 +942,3 @@ abstract class TranslatedElement extends TTranslatedElement {
   */
  final TranslatedElement getParent() { result.getAChild() = this }
 }
-
-/**
- * Represents the IR translation of a root element, either a function or a global variable.
- */
-abstract class TranslatedRootElement extends TranslatedElement {
-  TranslatedRootElement() {
-    this instanceof TTranslatedFunction
-    or
-    this instanceof TTranslatedGlobalOrNamespaceVarInit
-  }
-}
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll
@@ -12,7 +12,6 @@ private import TranslatedElement
 private import TranslatedFunction
 private import TranslatedInitialization
 private import TranslatedStmt
-private import TranslatedGlobalVar
 import TranslatedCall

 /**
@@ -79,7 +78,7 @@ abstract class TranslatedExpr extends TranslatedElement {
  /** DEPRECATED: Alias for getAst */
  deprecated override Locatable getAST() { result = this.getAst() }

-  final override Declaration getFunction() { result = expr.getEnclosingDeclaration() }
+  final override Function getFunction() { result = expr.getEnclosingFunction() }

  /**
   * Gets the expression from which this `TranslatedExpr` is generated.
@@ -89,10 +88,8 @@ abstract class TranslatedExpr extends TranslatedElement {
  /**
   * Gets the `TranslatedFunction` containing this expression.
   */
-  final TranslatedRootElement getEnclosingFunction() {
+  final TranslatedFunction getEnclosingFunction() {
    result = getTranslatedFunction(expr.getEnclosingFunction())
-    or
-    result = getTranslatedVarInit(expr.getEnclosingVariable())
  }
 }

@@ -790,7 +787,7 @@ class TranslatedThisExpr extends TranslatedNonConstantExpr {

  override IRVariable getInstructionVariable(InstructionTag tag) {
    tag = ThisAddressTag() and
-    result = this.getEnclosingFunction().(TranslatedFunction).getThisVariable()
+    result = this.getEnclosingFunction().getThisVariable()
  }
 }

@@ -841,7 +838,7 @@ class TranslatedNonFieldVariableAccess extends TranslatedVariableAccess {

  override IRVariable getInstructionVariable(InstructionTag tag) {
    tag = OnlyInstructionTag() and
-    result = getIRUserVariable(expr.getEnclosingDeclaration(), expr.getTarget())
+    result = getIRUserVariable(expr.getEnclosingFunction(), expr.getTarget())
  }
 }

@@ -2525,7 +2522,7 @@ class TranslatedVarArgsStart extends TranslatedNonConstantExpr {

  final override IRVariable getInstructionVariable(InstructionTag tag) {
    tag = VarArgsStartEllipsisAddressTag() and
-    result = this.getEnclosingFunction().(TranslatedFunction).getEllipsisVariable()
+    result = this.getEnclosingFunction().getEllipsisVariable()
  }

  final override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedFunction.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedFunction.qll
@@ -58,7 +58,7 @@ predicate hasReturnValue(Function func) { not func.getUnspecifiedType() instance
 * Represents the IR translation of a function. This is the root elements for
 * all other elements associated with this function.
 */
-class TranslatedFunction extends TranslatedRootElement, TTranslatedFunction {
+class TranslatedFunction extends TranslatedElement, TTranslatedFunction {
  Function func;

  TranslatedFunction() { this = TTranslatedFunction(func) }
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedGlobalVar.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedGlobalVar.qll
@@ -1,132 +0,0 @@
-import semmle.code.cpp.ir.implementation.raw.internal.TranslatedElement
-private import cpp
-private import semmle.code.cpp.ir.implementation.IRType
-private import semmle.code.cpp.ir.implementation.Opcode
-private import semmle.code.cpp.ir.implementation.internal.OperandTag
-private import semmle.code.cpp.ir.internal.CppType
-private import TranslatedInitialization
-private import InstructionTag
-private import semmle.code.cpp.ir.internal.IRUtilities
-
-class TranslatedGlobalOrNamespaceVarInit extends TranslatedRootElement,
-  TTranslatedGlobalOrNamespaceVarInit, InitializationContext {
-  GlobalOrNamespaceVariable var;
-
-  TranslatedGlobalOrNamespaceVarInit() { this = TTranslatedGlobalOrNamespaceVarInit(var) }
-
-  override string toString() { result = var.toString() }
-
-  final override GlobalOrNamespaceVariable getAst() { result = var }
-
-  final override Declaration getFunction() { result = var }
-
-  final Location getLocation() { result = var.getLocation() }
-
-  override Instruction getFirstInstruction() { result = this.getInstruction(EnterFunctionTag()) }
-
-  override TranslatedElement getChild(int n) {
-    n = 1 and
-    result = getTranslatedInitialization(var.getInitializer().getExpr().getFullyConverted())
-  }
-
-  override predicate hasInstruction(Opcode op, InstructionTag tag, CppType type) {
-    op instanceof Opcode::EnterFunction and
-    tag = EnterFunctionTag() and
-    type = getVoidType()
-    or
-    op instanceof Opcode::AliasedDefinition and
-    tag = AliasedDefinitionTag() and
-    type = getUnknownType()
-    or
-    op instanceof Opcode::VariableAddress and
-    tag = InitializerVariableAddressTag() and
-    type = getTypeForGLValue(var.getType())
-    or
-    op instanceof Opcode::ReturnVoid and
-    tag = ReturnTag() and
-    type = getVoidType()
-    or
-    op instanceof Opcode::AliasedUse and
-    tag = AliasedUseTag() and
-    type = getVoidType()
-    or
-    op instanceof Opcode::ExitFunction and
-    tag = ExitFunctionTag() and
-    type = getVoidType()
-  }
-
-  override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) {
-    kind instanceof GotoEdge and
-    (
-      tag = EnterFunctionTag() and
-      result = this.getInstruction(AliasedDefinitionTag())
-      or
-      tag = AliasedDefinitionTag() and
-      result = this.getInstruction(InitializerVariableAddressTag())
-      or
-      tag = InitializerVariableAddressTag() and
-      result = getChild(1).getFirstInstruction()
-      or
-      tag = ReturnTag() and
-      result = this.getInstruction(AliasedUseTag())
-      or
-      tag = AliasedUseTag() and
-      result = this.getInstruction(ExitFunctionTag())
-    )
-  }
-
-  override Instruction getChildSuccessor(TranslatedElement child) {
-    child = this.getChild(1) and
-    result = this.getInstruction(ReturnTag())
-  }
-
-  final override CppType getInstructionMemoryOperandType(
-    InstructionTag tag, TypedOperandTag operandTag
-  ) {
-    tag = AliasedUseTag() and
-    operandTag instanceof SideEffectOperandTag and
-    result = getUnknownType()
-  }
-
-  override IRUserVariable getInstructionVariable(InstructionTag tag) {
-    tag = InitializerVariableAddressTag() and
-    result.getVariable() = var and
-    result.getEnclosingFunction() = var
-  }
-
-  override Instruction getTargetAddress() {
-    result = this.getInstruction(InitializerVariableAddressTag())
-  }
-
-  override Type getTargetType() { result = var.getUnspecifiedType() }
-
-  /**
-   * Holds if this variable defines or accesses variable `var` with type `type`. This includes all
-   * parameters and local variables, plus any global variables or static data members that are
-   * directly accessed by the function.
-   */
-  final predicate hasUserVariable(Variable varUsed, CppType type) {
-    (
-      (
-        varUsed instanceof GlobalOrNamespaceVariable
-        or
-        varUsed instanceof MemberVariable and not varUsed instanceof Field
-      ) and
-      exists(VariableAccess access |
-        access.getTarget() = varUsed and
-        access.getEnclosingVariable() = var
-      )
-      or
-      var = varUsed
-      or
-      varUsed.(LocalScopeVariable).getEnclosingElement*() = var
-      or
-      varUsed.(Parameter).getCatchBlock().getEnclosingElement*() = var
-    ) and
-    type = getTypeForPRValue(getVariableType(varUsed))
-  }
-}
-
-TranslatedGlobalOrNamespaceVarInit getTranslatedVarInit(GlobalOrNamespaceVariable var) {
-  result.getAst() = var
-}
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedInitialization.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedInitialization.qll
@@ -137,10 +137,7 @@ abstract class TranslatedInitialization extends TranslatedElement, TTranslatedIn

  final override string toString() { result = "init: " + expr.toString() }

-  final override Declaration getFunction() {
-    result = expr.getEnclosingFunction() or
-    result = expr.getEnclosingVariable().(GlobalOrNamespaceVariable)
-  }
+  final override Function getFunction() { result = expr.getEnclosingFunction() }

  final override Locatable getAst() { result = expr }

@@ -489,10 +486,7 @@ abstract class TranslatedFieldInitialization extends TranslatedElement {
  /** DEPRECATED: Alias for getAst */
  deprecated override Locatable getAST() { result = getAst() }

-  final override Declaration getFunction() {
-    result = ast.getEnclosingFunction() or
-    result = ast.getEnclosingVariable().(GlobalOrNamespaceVariable)
-  }
+  final override Function getFunction() { result = ast.getEnclosingFunction() }

  final override Instruction getFirstInstruction() { result = getInstruction(getFieldAddressTag()) }

@@ -639,11 +633,7 @@ abstract class TranslatedElementInitialization extends TranslatedElement {
  /** DEPRECATED: Alias for getAst */
  deprecated override Locatable getAST() { result = getAst() }

-  final override Declaration getFunction() {
-    result = initList.getEnclosingFunction()
-    or
-    result = initList.getEnclosingVariable().(GlobalOrNamespaceVariable)
-  }
+  final override Function getFunction() { result = initList.getEnclosingFunction() }

  final override Instruction getFirstInstruction() { result = getInstruction(getElementIndexTag()) }

--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRBlock.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRBlock.qll
@@ -97,7 +97,7 @@ class IRBlockBase extends TIRBlock {
  /**
   * Gets the `Function` that contains this block.
   */
-  final Language::Declaration getEnclosingFunction() {
+  final Language::Function getEnclosingFunction() {
    result = getFirstInstruction(this).getEnclosingFunction()
  }
 }
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRConsistency.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRConsistency.qll
@@ -524,23 +524,4 @@ module InstructionConsistency {
        "' has a `this` argument operand that is not an address, in function '$@'." and
    irFunc = getInstructionIRFunction(instr, irFuncText)
  }
-
-  query predicate nonUniqueIRVariable(
-    Instruction instr, string message, OptionalIRFunction irFunc, string irFuncText
-  ) {
-    exists(VariableInstruction vi, IRVariable v1, IRVariable v2 |
-      instr = vi and vi.getIRVariable() = v1 and vi.getIRVariable() = v2 and v1 != v2
-    ) and
-    message =
-      "Variable instruction '" + instr.toString() +
-        "' has multiple associated variables, in function '$@'." and
-    irFunc = getInstructionIRFunction(instr, irFuncText)
-    or
-    instr.getOpcode() instanceof Opcode::VariableAddress and
-    not instr instanceof VariableInstruction and
-    message =
-      "Variable address instruction '" + instr.toString() +
-        "' has no associated variable, in function '$@'." and
-    irFunc = getInstructionIRFunction(instr, irFuncText)
-  }
 }
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRVariable.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRVariable.qll
@@ -18,7 +18,7 @@ private import Imports::IRType
 * by the AST-to-IR translation (`IRTempVariable`).
 */
 class IRVariable extends TIRVariable {
-  Language::Declaration func;
+  Language::Function func;

  IRVariable() {
    this = TIRUserVariable(_, _, func) or
@@ -79,7 +79,7 @@ class IRVariable extends TIRVariable {
  /**
   * Gets the function that references this variable.
   */
-  final Language::Declaration getEnclosingFunction() { result = func }
+  final Language::Function getEnclosingFunction() { result = func }
 }

 /**
@@ -246,7 +246,7 @@ class IREllipsisVariable extends IRTempVariable, IRParameter {

  final override string toString() { result = "#ellipsis" }

-  final override int getIndex() { result = func.(Language::Function).getNumberOfParameters() }
+  final override int getIndex() { result = func.getNumberOfParameters() }
 }

 /**
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll
@@ -194,7 +194,7 @@ class Instruction extends Construction::TStageInstruction {
  /**
   * Gets the function that contains this instruction.
   */
-  final Language::Declaration getEnclosingFunction() {
+  final Language::Function getEnclosingFunction() {
    result = this.getEnclosingIRFunction().getFunction()
  }

--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/PrintIR.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/PrintIR.qll
@@ -26,20 +26,20 @@ class PrintIRConfiguration extends TPrintIRConfiguration {
   * Holds if the IR for `func` should be printed. By default, holds for all
   * functions.
   */
-  predicate shouldPrintFunction(Language::Declaration decl) { any() }
+  predicate shouldPrintFunction(Language::Function func) { any() }
 }

 /**
 * Override of `IRConfiguration` to only evaluate debug strings for the functions that are to be dumped.
 */
 private class FilteredIRConfiguration extends IRConfiguration {
-  override predicate shouldEvaluateDebugStringsForFunction(Language::Declaration func) {
+  override predicate shouldEvaluateDebugStringsForFunction(Language::Function func) {
    shouldPrintFunction(func)
  }
 }

-private predicate shouldPrintFunction(Language::Declaration decl) {
-  exists(PrintIRConfiguration config | config.shouldPrintFunction(decl))
+private predicate shouldPrintFunction(Language::Function func) {
+  exists(PrintIRConfiguration config | config.shouldPrintFunction(func))
 }

 private string getAdditionalInstructionProperty(Instruction instr, string key) {
--- a/cpp/ql/lib/semmle/code/cpp/ir/internal/IRCppLanguage.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/internal/IRCppLanguage.qll
@@ -50,16 +50,12 @@ class AutomaticVariable = Cpp::StackVariable;

 class StaticVariable = Cpp::Variable;

-class GlobalVariable = Cpp::GlobalOrNamespaceVariable;
-
 class Parameter = Cpp::Parameter;

 class Field = Cpp::Field;

 class BuiltInOperation = Cpp::BuiltInOperation;

-class Declaration = Cpp::Declaration;
-
 // TODO: Remove necessity for these.
 class Expr = Cpp::Expr;

--- a/cpp/ql/src/CHANGELOG.md
+++ b/cpp/ql/src/CHANGELOG.md
@@ -1,7 +1,3 @@
-## 0.2.0
-
-## 0.1.4
-
 ## 0.1.3

 ### Minor Analysis Improvements
--- a/cpp/ql/src/IDEContextual.qll
+++ b/cpp/ql/src/IDEContextual.qll
--- a/Management/UsingExpiredStackAddress.ql
+++ b/Management/UsingExpiredStackAddress.ql
@@ -133,9 +133,7 @@ TGlobalAddress globalAddress(Instruction instr) {
  )
  or
  exists(FieldAddressInstruction fai | instr = fai |
-    result =
-      TFieldAddress(globalAddress(pragma[only_bind_into](fai.getObjectAddress())),
-        pragma[only_bind_out](fai.getField()))
+    result = TFieldAddress(globalAddress(fai.getObjectAddress()), fai.getField())
  )
  or
  result = globalAddress(instr.(PointerOffsetInstruction).getLeft())
--- a/cpp/ql/src/change-notes/2022-06-29-move-contextual-queries.md
+++ b/cpp/ql/src/change-notes/2022-06-29-move-contextual-queries.md
@@ -1,4 +0,0 @@
---
-category: breaking
---
-* Contextual queries and the query libraries they depend on have been moved to the `codeql/cpp-all` package.
--- a/cpp/ql/src/change-notes/released/0.1.4.md
+++ b/cpp/ql/src/change-notes/released/0.1.4.md
@@ -1 +0,0 @@
-## 0.1.4
--- a/cpp/ql/src/change-notes/released/0.2.0.md
+++ b/cpp/ql/src/change-notes/released/0.2.0.md
@@ -1 +0,0 @@
-## 0.2.0
--- a/cpp/ql/src/codeql-pack.release.yml
+++ b/cpp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.2.0
+lastReleaseVersion: 0.1.3
--- a/cpp/ql/src/definitions.qll
+++ b/cpp/ql/src/definitions.qll
--- a/cpp/ql/src/experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.cpp
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.cpp
@@ -1,11 +0,0 @@
-...
-SSL_shutdown(ssl); 
-SSL_shutdown(ssl); // BAD
-...
-    switch ((ret = SSL_shutdown(ssl))) {
-    case 1:
-      break;
-    case 0:
-      ERR_clear_error();
-      if (-1 != (ret = SSL_shutdown(ssl))) break; // GOOD
-...
--- a/cpp/ql/src/experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.qhelp
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.qhelp
@@ -1,27 +0,0 @@
-<!DOCTYPE qhelp PUBLIC
-  "-//Semmle//qhelp//EN"
-  "qhelp.dtd">
-<qhelp>
-<overview>
-<p>Incorrect closing of the connection leads to the creation of different states for the server and client, which can be exploited by an attacker.</p>
-
-</overview>
-
-<example>
-<p>The following example shows the incorrect and correct usage of function SSL_shutdown.</p>
-<sample src="DangerousUseSSL_shutdown.cpp" />
-
-</example>
-<references>
-
-<li>
-  CERT Coding Standard:
-  <a href="https://wiki.sei.cmu.edu/confluence/display/c/EXP12-C.+Do+not+ignore+values+returned+by+functions">EXP12-C. Do not ignore values returned by functions - SEI CERT C Coding Standard - Confluence</a>.
-</li>
-<li>
-  Openssl.org:
-  <a href="https://www.openssl.org/docs/man3.0/man3/SSL_shutdown.html">SSL_shutdown - shut down a TLS/SSL connection</a>.
-</li>
-
-</references>
-</qhelp>
--- a/cpp/ql/src/experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.ql
@@ -1,33 +0,0 @@
-/**
- * @name Dangerous use SSL_shutdown.
- * @description Incorrect closing of the connection leads to the creation of different states for the server and client, which can be exploited by an attacker.
- * @kind problem
- * @id cpp/dangerous-use-of-ssl-shutdown
- * @problem.severity warning
- * @precision medium
- * @tags correctness
- *       security
- *       external/cwe/cwe-670
- */
-
-import cpp
-import semmle.code.cpp.commons.Exclusions
-import semmle.code.cpp.valuenumbering.GlobalValueNumbering
-
-from FunctionCall fc, FunctionCall fc1
-where
-  fc != fc1 and
-  fc.getASuccessor+() = fc1 and
-  fc.getTarget().hasName("SSL_shutdown") and
-  fc1.getTarget().hasName("SSL_shutdown") and
-  fc1 instanceof ExprInVoidContext and
-  (
-    globalValueNumber(fc.getArgument(0)) = globalValueNumber(fc1.getArgument(0)) or
-    fc.getArgument(0).(VariableAccess).getTarget() = fc1.getArgument(0).(VariableAccess).getTarget()
-  ) and
-  not exists(FunctionCall fctmp |
-    fctmp.getTarget().hasName("SSL_free") and
-    fc.getASuccessor+() = fctmp and
-    fctmp.getASuccessor+() = fc1
-  )
-select fc, "You need to handle the return value SSL_shutdown"
--- a/cpp/ql/src/localDefinitions.ql
+++ b/cpp/ql/src/localDefinitions.ql
--- a/cpp/ql/src/localReferences.ql
+++ b/cpp/ql/src/localReferences.ql
--- a/cpp/ql/src/printAst.ql
+++ b/cpp/ql/src/printAst.ql
--- a/cpp/ql/src/qlpack.yml
+++ b/cpp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.2.1-dev
+version: 0.1.4-dev
 groups: 
  - cpp
  - queries
--- a/cpp/ql/test/TestUtilities/InlineExpectationsTest.qll
+++ b/cpp/ql/test/TestUtilities/InlineExpectationsTest.qll
@@ -239,24 +239,12 @@ private string getColumnString(TColumn column) {

 /**
 * RegEx pattern to match a single expected result, not including the leading `$`. It consists of one or
- * more comma-separated tags optionally followed by `=` and the expected value.
- *
- * Tags must be only letters, digits, `-` and `_` (note that the first character
- * must not be a digit), but can contain anything enclosed in a single set of
- * square brackets.
- *
- * Examples:
- * - `tag`
- * - `tag=value`
- * - `tag,tag2=value`
- * - `tag[foo bar]=value`
- *
- * Not allowed:
- * - `tag[[[foo bar]`
+ * more comma-separated tags containing only letters, digits, `-` and `_` (note that the first character
+ * must not be a digit), optionally followed by `=` and the expected value.
 */
 private string expectationPattern() {
  exists(string tag, string tags, string value |
-    tag = "[A-Za-z-_](?:[A-Za-z-_0-9]|\\[[^\\]\\]]*\\])*" and
+    tag = "[A-Za-z-_][A-Za-z-_0-9]*" and
    tags = "((?:" + tag + ")(?:\\s*,\\s*" + tag + ")*)" and
    // In Python, we allow both `"` and `'` for strings, as well as the prefixes `bru`.
    // For example, `b"foo"`.
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-670/semmle/tests/DangerousUseSSL_shutdown.expected
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-670/semmle/tests/DangerousUseSSL_shutdown.expected
@@ -1,2 +0,0 @@
-| test.cpp:45:20:45:31 | call to SSL_shutdown | You need to handle the return value SSL_shutdown |
-| test.cpp:61:11:61:22 | call to SSL_shutdown | You need to handle the return value SSL_shutdown |
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-670/semmle/tests/DangerousUseSSL_shutdown.qlref
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-670/semmle/tests/DangerousUseSSL_shutdown.qlref
@@ -1 +0,0 @@
-experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.ql
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-670/semmle/tests/test.cpp
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-670/semmle/tests/test.cpp
@@ -1,75 +0,0 @@
-// it's not exact, but it's enough for an example
-typedef int SSL;
-
-
-int SSL_shutdown(SSL *ssl);
-int SSL_get_error(const SSL *ssl, int ret);
-void ERR_clear_error(void);
-void print_error(char *buff,int code);
-
-int gootTest1(SSL *ssl)
-{
-  int ret;
-    switch ((ret = SSL_shutdown(ssl))) {
-    case 1:
-      break;
-    case 0:
-      ERR_clear_error();
-      if ((ret = SSL_shutdown(ssl)) == 1) break; // GOOD
-    default:
-      print_error("error shutdown",
-        SSL_get_error(ssl, ret));
-      return -1;
-    }
- return 0;
-}
-int gootTest2(SSL *ssl)
-{
-  int ret;
-    switch ((ret = SSL_shutdown(ssl))) {
-    case 1:
-      break;
-    case 0:
-      ERR_clear_error();
-      if (-1 != (ret = SSL_shutdown(ssl))) break; // GOOD
-    default:
-      print_error("error shutdown",
-        SSL_get_error(ssl, ret));
-      return -1;
-    }
- return 0;
-}
-int badTest1(SSL *ssl)
-{
-  int ret;
-    switch ((ret = SSL_shutdown(ssl))) {
-    case 1:
-      break;
-    case 0:
-      SSL_shutdown(ssl); // BAD
-      break;
-    default:      
-      print_error("error shutdown",
-        SSL_get_error(ssl, ret));
-      return -1;
-    }
- return 0;
-}
-int badTest2(SSL *ssl)
-{
-  int ret;
-    ret = SSL_shutdown(ssl);
-    switch (ret) {
-    case 1:
-      break;
-    case 0:
-      SSL_shutdown(ssl); // BAD
-      break;
-    default:
-      print_error("error shutdown",
-        SSL_get_error(ssl, ret));
-      return -1;
-    }
- return 0;
-}
-
--- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected
+++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected
@@ -199,9 +199,7 @@ postWithInFlow
 | example.c:28:22:28:25 | & ... [post update] | PostUpdateNode should not be the target of local flow. |
 | example.c:28:23:28:25 | pos [post update] | PostUpdateNode should not be the target of local flow. |
 | globals.cpp:5:9:5:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
-| globals.cpp:9:5:9:19 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
 | globals.cpp:13:5:13:19 | flowTestGlobal1 [post update] | PostUpdateNode should not be the target of local flow. |
-| globals.cpp:16:12:16:26 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
 | globals.cpp:23:5:23:19 | flowTestGlobal2 [post update] | PostUpdateNode should not be the target of local flow. |
 | lambdas.cpp:8:6:8:6 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
 | lambdas.cpp:9:6:9:6 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
--- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.ql
+++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.ql
@@ -2,17 +2,19 @@ import TestUtilities.dataflow.FlowTestCommon

 module AstTest {
  private import semmle.code.cpp.dataflow.DataFlow
-  private import semmle.code.cpp.controlflow.Guards

  /**
   * A `BarrierGuard` that stops flow to all occurrences of `x` within statement
   * S in `if (guarded(x)) S`.
   */
  // This is tested in `BarrierGuard.cpp`.
-  predicate testBarrierGuard(GuardCondition g, Expr checked, boolean isTrue) {
-    g.(FunctionCall).getTarget().getName() = "guarded" and
-    checked = g.(FunctionCall).getArgument(0) and
-    isTrue = true
+  class TestBarrierGuard extends DataFlow::BarrierGuard {
+    TestBarrierGuard() { this.(FunctionCall).getTarget().getName() = "guarded" }
+
+    override predicate checks(Expr checked, boolean isTrue) {
+      checked = this.(FunctionCall).getArgument(0) and
+      isTrue = true
+    }
  }

  /** Common data flow configuration to be used by tests. */
@@ -38,26 +40,29 @@ module AstTest {
    }

    override predicate isBarrier(DataFlow::Node barrier) {
-      barrier.asExpr().(VariableAccess).getTarget().hasName("barrier") or
-      barrier = DataFlow::BarrierGuard<testBarrierGuard/3>::getABarrierNode()
+      barrier.asExpr().(VariableAccess).getTarget().hasName("barrier")
    }
+
+    override predicate isBarrierGuard(DataFlow::BarrierGuard bg) { bg instanceof TestBarrierGuard }
  }
 }

 module IRTest {
  private import semmle.code.cpp.ir.dataflow.DataFlow
  private import semmle.code.cpp.ir.IR
-  private import semmle.code.cpp.controlflow.IRGuards

  /**
   * A `BarrierGuard` that stops flow to all occurrences of `x` within statement
   * S in `if (guarded(x)) S`.
   */
  // This is tested in `BarrierGuard.cpp`.
-  predicate testBarrierGuard(IRGuardCondition g, Instruction checked, boolean isTrue) {
-    g.(CallInstruction).getStaticCallTarget().getName() = "guarded" and
-    checked = g.(CallInstruction).getPositionalArgument(0) and
-    isTrue = true
+  class TestBarrierGuard extends DataFlow::BarrierGuard {
+    TestBarrierGuard() { this.(CallInstruction).getStaticCallTarget().getName() = "guarded" }
+
+    override predicate checksInstr(Instruction checked, boolean isTrue) {
+      checked = this.(CallInstruction).getPositionalArgument(0) and
+      isTrue = true
+    }
  }

  /** Common data flow configuration to be used by tests. */
@@ -88,9 +93,10 @@ module IRTest {
    }

    override predicate isBarrier(DataFlow::Node barrier) {
-      barrier.asExpr().(VariableAccess).getTarget().hasName("barrier") or
-      barrier = DataFlow::InstructionBarrierGuard<testBarrierGuard/3>::getABarrierNode()
+      barrier.asExpr().(VariableAccess).getTarget().hasName("barrier")
    }
+
+    override predicate isBarrierGuard(DataFlow::BarrierGuard bg) { bg instanceof TestBarrierGuard }
  }

  private predicate readsVariable(LoadInstruction load, Variable var) {
--- a/cpp/ql/test/library-tests/declarationEntry/declarationEntry/declarationEntry.cpp
+++ b/cpp/ql/test/library-tests/declarationEntry/declarationEntry/declarationEntry.cpp
@@ -33,11 +33,3 @@ public:

 myTemplateClass<int> mtc_int;
 myTemplateClass<short> mtc_short;
-
-// Class (UserType)
-
-class myClass
-{
-public:
-	int myMemberVariable;
-};
--- a/cpp/ql/test/library-tests/declarationEntry/declarationEntry/declarationEntry.expected
+++ b/cpp/ql/test/library-tests/declarationEntry/declarationEntry/declarationEntry.expected
@@ -27,11 +27,5 @@
 | declarationEntry.cpp:31:4:31:19 | myMemberVariable | declarationEntry.cpp:31:4:31:19 | definition of myMemberVariable | 1 | 1 |
 | declarationEntry.cpp:34:22:34:28 | mtc_int | declarationEntry.cpp:34:22:34:28 | definition of mtc_int | 1 | 1 |
 | declarationEntry.cpp:35:24:35:32 | mtc_short | declarationEntry.cpp:35:24:35:32 | definition of mtc_short | 1 | 1 |
-| declarationEntry.cpp:39:7:39:7 | operator= | declarationEntry.cpp:39:7:39:7 | declaration of operator= | 1 | 1 |
-| declarationEntry.cpp:39:7:39:7 | operator= | declarationEntry.cpp:39:7:39:7 | declaration of operator= | 1 | 1 |
-| declarationEntry.cpp:39:7:39:13 | myClass | declarationEntry.cpp:39:7:39:13 | definition of myClass | 1 | 1 |
-| declarationEntry.cpp:39:7:39:13 | myClass | forwardDeclaration.cpp:1:7:1:13 | declaration of myClass | 1 | 1 |
-| declarationEntry.cpp:42:6:42:21 | myMemberVariable | declarationEntry.cpp:42:6:42:21 | definition of myMemberVariable | 1 | 1 |
-| forwardDeclaration.cpp:3:10:3:19 | myClassPtr | forwardDeclaration.cpp:3:10:3:19 | definition of myClassPtr | 1 | 1 |
 | macro.c:2:1:2:3 | foo | macro.c:2:1:2:3 | declaration of foo | 1 | 1 |
 | macro.c:4:5:4:8 | main | macro.c:4:5:4:8 | definition of main | 1 | 1 |
--- a/cpp/ql/test/library-tests/declarationEntry/declarationEntry/fde.expected
+++ b/cpp/ql/test/library-tests/declarationEntry/declarationEntry/fde.expected
@@ -10,7 +10,5 @@
 | declarationEntry.cpp:28:7:28:7 | declaration of operator= |  | 0 |  |
 | declarationEntry.cpp:28:7:28:7 | declaration of operator= |  | 0 |  |
 | declarationEntry.cpp:28:7:28:7 | declaration of operator= |  | 0 |  |
-| declarationEntry.cpp:39:7:39:7 | declaration of operator= |  | 0 |  |
-| declarationEntry.cpp:39:7:39:7 | declaration of operator= |  | 0 |  |
 | macro.c:2:1:2:3 | declaration of foo |  | 2 | c_linkage, static |
 | macro.c:4:5:4:8 | definition of main |  | 1 | c_linkage |
--- a/cpp/ql/test/library-tests/declarationEntry/declarationEntry/forwardDeclaration.cpp
+++ b/cpp/ql/test/library-tests/declarationEntry/declarationEntry/forwardDeclaration.cpp
@@ -1,3 +0,0 @@
-class myClass;
-
-myClass *myClassPtr;
--- a/cpp/ql/test/library-tests/declarationEntry/declarationEntry/roundTrip.expected
+++ b/cpp/ql/test/library-tests/declarationEntry/declarationEntry/roundTrip.expected
@@ -1,45 +0,0 @@
-| declarationEntry.c:2:6:2:20 | declaration of myFirstFunction | declarationEntry.c:2:6:2:20 | myFirstFunction | yes |
-| declarationEntry.c:4:6:4:21 | definition of mySecondFunction | declarationEntry.c:4:6:4:21 | mySecondFunction | yes |
-| declarationEntry.c:8:6:8:20 | definition of myThirdFunction | declarationEntry.c:8:6:8:20 | myThirdFunction | yes |
-| declarationEntry.c:13:2:13:2 | declaration of myFourthFunction | declarationEntry.c:13:2:13:2 | myFourthFunction | yes |
-| declarationEntry.c:13:2:13:2 | declaration of myFourthFunction | declarationEntry.c:17:6:17:21 | myFourthFunction | yes |
-| declarationEntry.c:14:2:14:2 | declaration of myFifthFunction | declarationEntry.c:14:2:14:2 | myFifthFunction | yes |
-| declarationEntry.c:17:6:17:21 | declaration of myFourthFunction | declarationEntry.c:13:2:13:2 | myFourthFunction | yes |
-| declarationEntry.c:17:6:17:21 | declaration of myFourthFunction | declarationEntry.c:17:6:17:21 | myFourthFunction | yes |
-| declarationEntry.cpp:3:12:3:21 | declaration of myVariable | declarationEntry.cpp:5:5:5:14 | myVariable | yes |
-| declarationEntry.cpp:5:5:5:14 | definition of myVariable | declarationEntry.cpp:5:5:5:14 | myVariable | yes |
-| declarationEntry.cpp:9:6:9:15 | declaration of myFunction | declarationEntry.cpp:11:6:11:15 | myFunction | yes |
-| declarationEntry.cpp:9:21:9:31 | declaration of myParameter | declarationEntry.cpp:11:21:11:31 | myParameter | yes |
-| declarationEntry.cpp:11:6:11:15 | definition of myFunction | declarationEntry.cpp:11:6:11:15 | myFunction | yes |
-| declarationEntry.cpp:11:21:11:31 | definition of myParameter | declarationEntry.cpp:11:21:11:31 | myParameter | yes |
-| declarationEntry.cpp:18:6:18:11 | declaration of myEnum | declarationEntry.cpp:20:6:20:11 | myEnum | yes |
-| declarationEntry.cpp:20:6:20:11 | definition of myEnum | declarationEntry.cpp:20:6:20:11 | myEnum | yes |
-| declarationEntry.cpp:27:20:27:20 | definition of T | declarationEntry.cpp:27:20:27:20 | T | yes |
-| declarationEntry.cpp:28:7:28:7 | declaration of operator= | declarationEntry.cpp:28:7:28:7 | operator= | yes |
-| declarationEntry.cpp:28:7:28:7 | declaration of operator= | declarationEntry.cpp:28:7:28:7 | operator= | yes |
-| declarationEntry.cpp:28:7:28:7 | declaration of operator= | declarationEntry.cpp:28:7:28:7 | operator= | yes |
-| declarationEntry.cpp:28:7:28:7 | declaration of operator= | declarationEntry.cpp:28:7:28:7 | operator= | yes |
-| declarationEntry.cpp:28:7:28:21 | definition of myTemplateClass<T> | declarationEntry.cpp:28:7:28:21 | myTemplateClass<T> | yes |
-| declarationEntry.cpp:31:4:31:19 | definition of myMemberVariable | declarationEntry.cpp:31:4:31:19 | myMemberVariable | yes |
-| declarationEntry.cpp:31:4:31:19 | definition of myMemberVariable | declarationEntry.cpp:31:4:31:19 | myMemberVariable | yes |
-| declarationEntry.cpp:31:4:31:19 | definition of myMemberVariable | declarationEntry.cpp:31:4:31:19 | myMemberVariable | yes |
-| declarationEntry.cpp:34:22:34:28 | definition of mtc_int | declarationEntry.cpp:34:22:34:28 | mtc_int | yes |
-| declarationEntry.cpp:35:24:35:32 | definition of mtc_short | declarationEntry.cpp:35:24:35:32 | mtc_short | yes |
-| declarationEntry.cpp:39:7:39:7 | declaration of operator= | declarationEntry.cpp:39:7:39:7 | operator= | yes |
-| declarationEntry.cpp:39:7:39:7 | declaration of operator= | declarationEntry.cpp:39:7:39:7 | operator= | yes |
-| declarationEntry.cpp:39:7:39:13 | definition of myClass | declarationEntry.cpp:39:7:39:13 | myClass | yes |
-| declarationEntry.cpp:42:6:42:21 | definition of myMemberVariable | declarationEntry.cpp:42:6:42:21 | myMemberVariable | yes |
-| file://:0:0:0:0 | declaration of 1st parameter | file://:0:0:0:0 | (unnamed parameter 0) | yes |
-| file://:0:0:0:0 | declaration of 1st parameter | file://:0:0:0:0 | (unnamed parameter 0) | yes |
-| file://:0:0:0:0 | declaration of 1st parameter | file://:0:0:0:0 | (unnamed parameter 0) | yes |
-| file://:0:0:0:0 | declaration of 1st parameter | file://:0:0:0:0 | (unnamed parameter 0) | yes |
-| file://:0:0:0:0 | declaration of 1st parameter | file://:0:0:0:0 | (unnamed parameter 0) | yes |
-| file://:0:0:0:0 | declaration of 1st parameter | file://:0:0:0:0 | (unnamed parameter 0) | yes |
-| file://:0:0:0:0 | definition of fp_offset | file://:0:0:0:0 | fp_offset | yes |
-| file://:0:0:0:0 | definition of gp_offset | file://:0:0:0:0 | gp_offset | yes |
-| file://:0:0:0:0 | definition of overflow_arg_area | file://:0:0:0:0 | overflow_arg_area | yes |
-| file://:0:0:0:0 | definition of reg_save_area | file://:0:0:0:0 | reg_save_area | yes |
-| forwardDeclaration.cpp:1:7:1:13 | declaration of myClass | declarationEntry.cpp:39:7:39:13 | myClass | yes |
-| forwardDeclaration.cpp:3:10:3:19 | definition of myClassPtr | forwardDeclaration.cpp:3:10:3:19 | myClassPtr | yes |
-| macro.c:2:1:2:3 | declaration of foo | macro.c:2:1:2:3 | foo | yes |
-| macro.c:4:5:4:8 | definition of main | macro.c:4:5:4:8 | main | yes |
--- a/cpp/ql/test/library-tests/declarationEntry/declarationEntry/roundTrip.ql
+++ b/cpp/ql/test/library-tests/declarationEntry/declarationEntry/roundTrip.ql
@@ -1,7 +0,0 @@
-import cpp
-
-from DeclarationEntry de, Declaration d, string canRoundTrip
-where
-  d = de.getDeclaration() and
-  if d.getADeclarationEntry() = de then canRoundTrip = "yes" else canRoundTrip = "no"
-select de, d, canRoundTrip
--- a/cpp/ql/test/library-tests/ir/ir/PrintConfig.qll
+++ b/cpp/ql/test/library-tests/ir/ir/PrintConfig.qll
@@ -12,11 +12,4 @@ predicate locationIsInStandardHeaders(Location loc) {
 *
 * This predicate excludes functions defined in standard headers.
 */
-predicate shouldDumpFunction(Declaration decl) {
-  not locationIsInStandardHeaders(decl.getLocation()) and
-  (
-    not decl instanceof Variable
-    or
-    decl.(GlobalOrNamespaceVariable).hasInitializer()
-  )
-}
+predicate shouldDumpFunction(Function func) { not locationIsInStandardHeaders(func.getLocation()) }
--- a/cpp/ql/test/library-tests/ir/ir/aliased_ssa_consistency.expected
+++ b/cpp/ql/test/library-tests/ir/ir/aliased_ssa_consistency.expected
@@ -23,7 +23,6 @@ invalidOverlap
 nonUniqueEnclosingIRFunction
 fieldAddressOnNonPointer
 thisArgumentIsNonPointer
-nonUniqueIRVariable
 missingCanonicalLanguageType
 multipleCanonicalLanguageTypes
 missingIRType
--- a/cpp/ql/test/library-tests/ir/ir/aliased_ssa_consistency_unsound.expected
+++ b/cpp/ql/test/library-tests/ir/ir/aliased_ssa_consistency_unsound.expected
@@ -23,7 +23,6 @@ invalidOverlap
 nonUniqueEnclosingIRFunction
 fieldAddressOnNonPointer
 thisArgumentIsNonPointer
-nonUniqueIRVariable
 missingCanonicalLanguageType
 multipleCanonicalLanguageTypes
 missingIRType
--- a/cpp/ql/test/library-tests/ir/ir/ir.cpp
+++ b/cpp/ql/test/library-tests/ir/ir/ir.cpp
@@ -1816,18 +1816,4 @@ void switch_initialization(int x) {
    }
 }

-int global_1;
-
-int global_2 = 1;
-
-const int global_3 = 2;
-
-constructor_only global_4(1);
-
-constructor_only global_5 = constructor_only(2);
-
-char *global_string = "global string";
-
-int global_6 = global_2;
-
 // semmle-extractor-options: -std=c++17 --clang
--- a/cpp/ql/test/library-tests/ir/ir/operand_locations.expected
+++ b/cpp/ql/test/library-tests/ir/ir/operand_locations.expected
@@ -4743,14 +4743,6 @@
 | ir.cpp:1034:6:1034:20 | ChiTotal | total:m1034_2 |
 | ir.cpp:1034:6:1034:20 | SideEffect | m1034_3 |
 | ir.cpp:1035:15:1035:15 | Address | &:r1035_1 |
-| ir.cpp:1038:6:1038:8 | Address | &:r1038_3 |
-| ir.cpp:1038:6:1038:8 | SideEffect | ~m1038_8 |
-| ir.cpp:1038:12:1038:18 | Address | &:r1038_4 |
-| ir.cpp:1038:12:1038:18 | Address | &:r1038_4 |
-| ir.cpp:1038:12:1038:18 | ChiPartial | partial:m1038_7 |
-| ir.cpp:1038:12:1038:18 | ChiTotal | total:m1038_2 |
-| ir.cpp:1038:12:1038:18 | Load | m1038_5 |
-| ir.cpp:1038:12:1038:18 | StoreValue | r1038_6 |
 | ir.cpp:1038:14:1038:14 | Address | &:r1038_5 |
 | ir.cpp:1038:14:1038:14 | Address | &:r1038_5 |
 | ir.cpp:1038:14:1038:14 | Address | &:r1038_5 |
@@ -8465,45 +8457,6 @@
 | ir.cpp:1815:14:1815:15 | Address | &:r1815_1 |
 | ir.cpp:1815:14:1815:15 | Load | m1813_4 |
 | ir.cpp:1815:14:1815:15 | Right | r1815_2 |
-| ir.cpp:1821:5:1821:12 | Address | &:r1821_3 |
-| ir.cpp:1821:5:1821:12 | SideEffect | ~m1821_6 |
-| ir.cpp:1821:16:1821:16 | ChiPartial | partial:m1821_5 |
-| ir.cpp:1821:16:1821:16 | ChiTotal | total:m1821_2 |
-| ir.cpp:1821:16:1821:16 | StoreValue | r1821_4 |
-| ir.cpp:1825:18:1825:25 | Address | &:r1825_3 |
-| ir.cpp:1825:18:1825:25 | Arg(this) | this:r1825_3 |
-| ir.cpp:1825:18:1825:25 | SideEffect | ~m1825_10 |
-| ir.cpp:1825:27:1825:27 | Arg(0) | 0:r1825_5 |
-| ir.cpp:1825:27:1825:28 | CallTarget | func:r1825_4 |
-| ir.cpp:1825:27:1825:28 | ChiPartial | partial:m1825_7 |
-| ir.cpp:1825:27:1825:28 | ChiPartial | partial:m1825_9 |
-| ir.cpp:1825:27:1825:28 | ChiTotal | total:m1825_2 |
-| ir.cpp:1825:27:1825:28 | ChiTotal | total:m1825_8 |
-| ir.cpp:1825:27:1825:28 | SideEffect | ~m1825_2 |
-| ir.cpp:1827:18:1827:25 | Address | &:r1827_3 |
-| ir.cpp:1827:18:1827:25 | Arg(this) | this:r1827_3 |
-| ir.cpp:1827:18:1827:25 | SideEffect | ~m1827_10 |
-| ir.cpp:1827:28:1827:47 | CallTarget | func:r1827_4 |
-| ir.cpp:1827:28:1827:47 | ChiPartial | partial:m1827_7 |
-| ir.cpp:1827:28:1827:47 | ChiPartial | partial:m1827_9 |
-| ir.cpp:1827:28:1827:47 | ChiTotal | total:m1827_2 |
-| ir.cpp:1827:28:1827:47 | ChiTotal | total:m1827_8 |
-| ir.cpp:1827:28:1827:47 | SideEffect | ~m1827_2 |
-| ir.cpp:1827:46:1827:46 | Arg(0) | 0:r1827_5 |
-| ir.cpp:1829:7:1829:19 | Address | &:r1829_3 |
-| ir.cpp:1829:7:1829:19 | SideEffect | ~m1829_8 |
-| ir.cpp:1829:23:1829:37 | ChiPartial | partial:m1829_7 |
-| ir.cpp:1829:23:1829:37 | ChiTotal | total:m1829_2 |
-| ir.cpp:1829:23:1829:37 | StoreValue | r1829_6 |
-| ir.cpp:1829:23:1829:37 | Unary | r1829_4 |
-| ir.cpp:1829:23:1829:37 | Unary | r1829_5 |
-| ir.cpp:1831:5:1831:12 | Address | &:r1831_3 |
-| ir.cpp:1831:5:1831:12 | SideEffect | ~m1831_7 |
-| ir.cpp:1831:16:1831:23 | Address | &:r1831_4 |
-| ir.cpp:1831:16:1831:23 | ChiPartial | partial:m1831_6 |
-| ir.cpp:1831:16:1831:23 | ChiTotal | total:m1831_2 |
-| ir.cpp:1831:16:1831:23 | Load | ~m1831_2 |
-| ir.cpp:1831:16:1831:23 | StoreValue | r1831_5 |
 | perf-regression.cpp:6:3:6:5 | Address | &:r6_5 |
 | perf-regression.cpp:6:3:6:5 | Address | &:r6_5 |
 | perf-regression.cpp:6:3:6:5 | Address | &:r6_7 |
@@ -8747,34 +8700,6 @@
 | smart_ptr.cpp:47:43:47:63 | SideEffect | ~m47_16 |
 | smart_ptr.cpp:47:43:47:63 | Unary | r47_5 |
 | smart_ptr.cpp:47:43:47:63 | Unary | r47_6 |
-| struct_init.cpp:9:13:9:25 | Left | r9_3 |
-| struct_init.cpp:9:13:9:25 | Left | r9_3 |
-| struct_init.cpp:9:13:9:25 | SideEffect | ~m11_10 |
-| struct_init.cpp:9:31:12:1 | Right | r9_4 |
-| struct_init.cpp:9:31:12:1 | Right | r9_6 |
-| struct_init.cpp:9:31:12:1 | Unary | r9_5 |
-| struct_init.cpp:9:31:12:1 | Unary | r9_5 |
-| struct_init.cpp:9:31:12:1 | Unary | r9_7 |
-| struct_init.cpp:9:31:12:1 | Unary | r9_7 |
-| struct_init.cpp:10:5:10:21 | Address | &:r10_1 |
-| struct_init.cpp:10:5:10:21 | Address | &:r10_6 |
-| struct_init.cpp:10:7:10:9 | ChiPartial | partial:m10_4 |
-| struct_init.cpp:10:7:10:9 | ChiTotal | total:m9_2 |
-| struct_init.cpp:10:7:10:9 | StoreValue | r10_3 |
-| struct_init.cpp:10:7:10:9 | Unary | r10_2 |
-| struct_init.cpp:10:12:10:19 | ChiPartial | partial:m10_8 |
-| struct_init.cpp:10:12:10:19 | ChiTotal | total:m10_5 |
-| struct_init.cpp:10:12:10:19 | StoreValue | r10_7 |
-| struct_init.cpp:11:5:11:22 | Address | &:r11_1 |
-| struct_init.cpp:11:5:11:22 | Address | &:r11_6 |
-| struct_init.cpp:11:7:11:9 | ChiPartial | partial:m11_4 |
-| struct_init.cpp:11:7:11:9 | ChiTotal | total:m10_9 |
-| struct_init.cpp:11:7:11:9 | StoreValue | r11_3 |
-| struct_init.cpp:11:7:11:9 | Unary | r11_2 |
-| struct_init.cpp:11:12:11:20 | ChiPartial | partial:m11_9 |
-| struct_init.cpp:11:12:11:20 | ChiTotal | total:m11_5 |
-| struct_init.cpp:11:12:11:20 | StoreValue | r11_8 |
-| struct_init.cpp:11:13:11:20 | Unary | r11_7 |
 | struct_init.cpp:16:6:16:20 | ChiPartial | partial:m16_3 |
 | struct_init.cpp:16:6:16:20 | ChiTotal | total:m16_2 |
 | struct_init.cpp:16:6:16:20 | SideEffect | ~m17_5 |
--- a/cpp/ql/test/library-tests/ir/ir/raw_consistency.expected
+++ b/cpp/ql/test/library-tests/ir/ir/raw_consistency.expected
@@ -27,7 +27,6 @@ invalidOverlap
 nonUniqueEnclosingIRFunction
 fieldAddressOnNonPointer
 thisArgumentIsNonPointer
-nonUniqueIRVariable
 missingCanonicalLanguageType
 multipleCanonicalLanguageTypes
 missingIRType
--- a/cpp/ql/test/library-tests/ir/ir/raw_ir.expected
+++ b/cpp/ql/test/library-tests/ir/ir/raw_ir.expected
@@ -5650,19 +5650,6 @@ ir.cpp:
 # 1034|     v1034_5(void)               = AliasedUse         : ~m?
 # 1034|     v1034_6(void)               = ExitFunction       : 

-# 1038| (lambda [] type at line 1038, col. 12) lam
-# 1038|   Block 0
-# 1038|     v1038_1(void)                             = EnterFunction                 : 
-# 1038|     mu1038_2(unknown)                         = AliasedDefinition             : 
-# 1038|     r1038_3(glval<decltype([...](...){...})>) = VariableAddress[lam]          : 
-# 1038|     r1038_4(glval<decltype([...](...){...})>) = VariableAddress[#temp1038:12] : 
-# 1038|     mu1038_5(decltype([...](...){...}))       = Uninitialized[#temp1038:12]   : &:r1038_4
-# 1038|     r1038_6(decltype([...](...){...}))        = Load[#temp1038:12]            : &:r1038_4, ~m?
-# 1038|     mu1038_7(decltype([...](...){...}))       = Store[lam]                    : &:r1038_3, r1038_6
-# 1038|     v1038_8(void)                             = ReturnVoid                    : 
-# 1038|     v1038_9(void)                             = AliasedUse                    : ~m?
-# 1038|     v1038_10(void)                            = ExitFunction                  : 
-
 # 1038| void (lambda [] type at line 1038, col. 12)::operator()() const
 # 1038|   Block 0
 # 1038|     v1038_1(void)                              = EnterFunction                : 
@@ -9733,70 +9720,6 @@ ir.cpp:
 # 1785|     v1785_7(void)       = AliasedUse          : ~m?
 # 1785|     v1785_8(void)       = ExitFunction        : 

-# 1821| int global_2
-# 1821|   Block 0
-# 1821|     v1821_1(void)       = EnterFunction             : 
-# 1821|     mu1821_2(unknown)   = AliasedDefinition         : 
-# 1821|     r1821_3(glval<int>) = VariableAddress[global_2] : 
-# 1821|     r1821_4(int)        = Constant[1]               : 
-# 1821|     mu1821_5(int)       = Store[global_2]           : &:r1821_3, r1821_4
-# 1821|     v1821_6(void)       = ReturnVoid                : 
-# 1821|     v1821_7(void)       = AliasedUse                : ~m?
-# 1821|     v1821_8(void)       = ExitFunction              : 
-
-# 1825| constructor_only global_4
-# 1825|   Block 0
-# 1825|     v1825_1(void)                    = EnterFunction                     : 
-# 1825|     mu1825_2(unknown)                = AliasedDefinition                 : 
-# 1825|     r1825_3(glval<constructor_only>) = VariableAddress[global_4]         : 
-# 1825|     r1825_4(glval<unknown>)          = FunctionAddress[constructor_only] : 
-# 1825|     r1825_5(int)                     = Constant[1]                       : 
-# 1825|     v1825_6(void)                    = Call[constructor_only]            : func:r1825_4, this:r1825_3, 0:r1825_5
-# 1825|     mu1825_7(unknown)                = ^CallSideEffect                   : ~m?
-# 1825|     mu1825_8(constructor_only)       = ^IndirectMayWriteSideEffect[-1]   : &:r1825_3
-# 1825|     v1825_9(void)                    = ReturnVoid                        : 
-# 1825|     v1825_10(void)                   = AliasedUse                        : ~m?
-# 1825|     v1825_11(void)                   = ExitFunction                      : 
-
-# 1827| constructor_only global_5
-# 1827|   Block 0
-# 1827|     v1827_1(void)                    = EnterFunction                     : 
-# 1827|     mu1827_2(unknown)                = AliasedDefinition                 : 
-# 1827|     r1827_3(glval<constructor_only>) = VariableAddress[global_5]         : 
-# 1827|     r1827_4(glval<unknown>)          = FunctionAddress[constructor_only] : 
-# 1827|     r1827_5(int)                     = Constant[2]                       : 
-# 1827|     v1827_6(void)                    = Call[constructor_only]            : func:r1827_4, this:r1827_3, 0:r1827_5
-# 1827|     mu1827_7(unknown)                = ^CallSideEffect                   : ~m?
-# 1827|     mu1827_8(constructor_only)       = ^IndirectMayWriteSideEffect[-1]   : &:r1827_3
-# 1827|     v1827_9(void)                    = ReturnVoid                        : 
-# 1827|     v1827_10(void)                   = AliasedUse                        : ~m?
-# 1827|     v1827_11(void)                   = ExitFunction                      : 
-
-# 1829| char* global_string
-# 1829|   Block 0
-# 1829|     v1829_1(void)            = EnterFunction                   : 
-# 1829|     mu1829_2(unknown)        = AliasedDefinition               : 
-# 1829|     r1829_3(glval<char *>)   = VariableAddress[global_string]  : 
-# 1829|     r1829_4(glval<char[14]>) = StringConstant["global string"] : 
-# 1829|     r1829_5(char *)          = Convert                         : r1829_4
-# 1829|     r1829_6(char *)          = Convert                         : r1829_5
-# 1829|     mu1829_7(char *)         = Store[global_string]            : &:r1829_3, r1829_6
-# 1829|     v1829_8(void)            = ReturnVoid                      : 
-# 1829|     v1829_9(void)            = AliasedUse                      : ~m?
-# 1829|     v1829_10(void)           = ExitFunction                    : 
-
-# 1831| int global_6
-# 1831|   Block 0
-# 1831|     v1831_1(void)       = EnterFunction             : 
-# 1831|     mu1831_2(unknown)   = AliasedDefinition         : 
-# 1831|     r1831_3(glval<int>) = VariableAddress[global_6] : 
-# 1831|     r1831_4(glval<int>) = VariableAddress[global_2] : 
-# 1831|     r1831_5(int)        = Load[global_2]            : &:r1831_4, ~m?
-# 1831|     mu1831_6(int)       = Store[global_6]           : &:r1831_3, r1831_5
-# 1831|     v1831_7(void)       = ReturnVoid                : 
-# 1831|     v1831_8(void)       = AliasedUse                : ~m?
-# 1831|     v1831_9(void)       = ExitFunction              : 
-
 perf-regression.cpp:
 #    6| void Big::Big()
 #    6|   Block 0
@@ -10018,34 +9941,6 @@ smart_ptr.cpp:
 #   28|     v28_6(void)                                           = ExitFunction                                           : 

 struct_init.cpp:
-#    9| Info infos_in_file[]
-#    9|   Block 0
-#    9|     v9_1(void)              = EnterFunction                  : 
-#    9|     mu9_2(unknown)          = AliasedDefinition              : 
-#    9|     r9_3(glval<Info[]>)     = VariableAddress[infos_in_file] : 
-#    9|     r9_4(int)               = Constant[0]                    : 
-#    9|     r9_5(glval<Info>)       = PointerAdd[16]                 : r9_3, r9_4
-#   10|     r10_1(glval<char *>)    = FieldAddress[name]             : r9_5
-#   10|     r10_2(glval<char[2]>)   = StringConstant["1"]            : 
-#   10|     r10_3(char *)           = Convert                        : r10_2
-#   10|     mu10_4(char *)          = Store[?]                       : &:r10_1, r10_3
-#   10|     r10_5(glval<..(*)(..)>) = FieldAddress[handler]          : r9_5
-#   10|     r10_6(..(*)(..))        = FunctionAddress[handler1]      : 
-#   10|     mu10_7(..(*)(..))       = Store[?]                       : &:r10_5, r10_6
-#    9|     r9_6(int)               = Constant[1]                    : 
-#    9|     r9_7(glval<Info>)       = PointerAdd[16]                 : r9_3, r9_6
-#   11|     r11_1(glval<char *>)    = FieldAddress[name]             : r9_7
-#   11|     r11_2(glval<char[2]>)   = StringConstant["3"]            : 
-#   11|     r11_3(char *)           = Convert                        : r11_2
-#   11|     mu11_4(char *)          = Store[?]                       : &:r11_1, r11_3
-#   11|     r11_5(glval<..(*)(..)>) = FieldAddress[handler]          : r9_7
-#   11|     r11_6(glval<..()(..)>)  = FunctionAddress[handler2]      : 
-#   11|     r11_7(..(*)(..))        = CopyValue                      : r11_6
-#   11|     mu11_8(..(*)(..))       = Store[?]                       : &:r11_5, r11_7
-#    9|     v9_8(void)              = ReturnVoid                     : 
-#    9|     v9_9(void)              = AliasedUse                     : ~m?
-#    9|     v9_10(void)             = ExitFunction                   : 
-
 #   16| void let_info_escape(Info*)
 #   16|   Block 0
 #   16|     v16_1(void)          = EnterFunction                   : 
--- a/cpp/ql/test/library-tests/ir/ir/raw_ir.ql
+++ b/cpp/ql/test/library-tests/ir/ir/raw_ir.ql
@@ -7,5 +7,5 @@ private import semmle.code.cpp.ir.implementation.raw.PrintIR
 private import PrintConfig

 private class PrintConfig extends PrintIRConfiguration {
-  override predicate shouldPrintFunction(Declaration decl) { shouldDumpFunction(decl) }
+  override predicate shouldPrintFunction(Function func) { shouldDumpFunction(func) }
 }
--- a/cpp/ql/test/library-tests/ir/ir/unaliased_ssa_consistency.expected
+++ b/cpp/ql/test/library-tests/ir/ir/unaliased_ssa_consistency.expected
@@ -23,7 +23,6 @@ invalidOverlap
 nonUniqueEnclosingIRFunction
 fieldAddressOnNonPointer
 thisArgumentIsNonPointer
-nonUniqueIRVariable
 missingCanonicalLanguageType
 multipleCanonicalLanguageTypes
 missingIRType
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Erik Krogh Kristensen	0dd6eef202	more command line shenanigans	2022-06-17 08:20:56 +00:00
Erik Krogh Kristensen	4d726bc295	avoid glob stuff	2022-06-17 08:06:59 +00:00
Erik Krogh Kristensen	4367f8e3ff	use relative paths in the autobuilders	2022-06-17 08:06:59 +00:00
Erik Krogh Kristensen	eced887a8e	windows fix attempt 2	2022-06-17 08:06:59 +00:00
Erik Krogh Kristensen	f33bd2fecc	attempt to fix Windows	2022-06-17 08:06:59 +00:00
Erik Krogh Kristensen	c28107bce3	get excludes to work properly	2022-06-17 08:06:59 +00:00
Erik Krogh Kristensen	16c5c7dfd7	remove tools:latest from codeql-action in QL-for-QL	2022-06-17 08:06:59 +00:00
Erik Krogh Kristensen	0cac40a5e3	update, and fix, the autobuilders by using the new --also-match option	2022-06-17 08:06:59 +00:00
				`@@ -1 +0,0 @@`
				`experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.ql`