codeql/csharp/ql/lib/change-notes/released/5.3.0.md

5.3.0

Deprecated APIs

• The class AbstractValue in the Guards library has been deprecated and replaced with the class GuardValue.

Major Analysis Improvements

• The representation of the C# control-flow graph has been significantly changed. This has minor effects on a wide range of queries including both minor improvements and minor regressions, for example, improved precision has been observed for cs/inefficient-containskey and cs/stringbuilder-creation-in-loop. Two queries stand out as being significantly affected with great improvements: cs/dereferenced-value-may-be-null has been completely rewritten which removes a very significant number of false positives. Furthermore, cs/constant-condition has been updated to report many new results - these new results are primarily expected to be true positives, but a few new false positives are expected as well. As part of these changes, cs/dereferenced-value-may-be-null has been changed from a path-problem query to a problem query, so paths are no longer reported for this query.

Minor Analysis Improvements

• Added tracer support for macOS and Linux when the .NET CLI (dotnet) directly invokes the C# compiler (csc). This enhancement provides basic tracing and extraction capabilities for .NET 10 RC2 on these platforms.
• The extraction of location information for source code entities has been updated to use star IDs (* IDs). This change should be transparent to end-users but may improve extraction performance in some cases by reducing TRAP file size and eliminating overhead from location de-duplication.