From 3f7b50ebbafdbc04d006c1eca20df4cc8fe5fe76 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Wed, 13 May 2026 16:19:15 +0200 Subject: [PATCH 01/27] Type inference: Unify `getABaseTypeMention` and `conditionSatisfiesConstraint` --- .../internal/typeinference/TypeInference.qll | 4 - .../typeinference/internal/TypeInference.qll | 360 ++++++------------ 2 files changed, 118 insertions(+), 246 deletions(-) diff --git a/rust/ql/lib/codeql/rust/internal/typeinference/TypeInference.qll b/rust/ql/lib/codeql/rust/internal/typeinference/TypeInference.qll index 423ad21ae4ac..fd99060d404b 100644 --- a/rust/ql/lib/codeql/rust/internal/typeinference/TypeInference.qll +++ b/rust/ql/lib/codeql/rust/internal/typeinference/TypeInference.qll @@ -222,8 +222,6 @@ private module Input2Common { } private module PreInput2 implements InputSig2 { - PreTypeMention getABaseTypeMention(Type t) { none() } - PreTypeMention getATypeParameterConstraint(TypeParameter tp) { result = Input2Common::getATypeParameterConstraint(tp) } @@ -248,8 +246,6 @@ private module PreInput2 implements InputSig2 { module PreM2 = Make2; private module Input2 implements InputSig2 { - TypeMention getABaseTypeMention(Type t) { none() } - TypeMention getATypeParameterConstraint(TypeParameter tp) { result = Input2Common::getATypeParameterConstraint(tp) } diff --git a/shared/typeinference/codeql/typeinference/internal/TypeInference.qll b/shared/typeinference/codeql/typeinference/internal/TypeInference.qll index cf82d77b5e1d..c6d657d7241f 100644 --- a/shared/typeinference/codeql/typeinference/internal/TypeInference.qll +++ b/shared/typeinference/codeql/typeinference/internal/TypeInference.qll @@ -155,8 +155,8 @@ signature module InputSig1 { class TypeParameter extends Type; /** - * A type abstraction. I.e., a place in the program where type variables are - * introduced. + * A type abstraction. I.e., a place in the program where type variables may + * be introduced. * * Example in C#: * ```csharp @@ -171,7 +171,7 @@ signature module InputSig1 { * ``` */ class TypeAbstraction { - /** Gets a type parameter introduced by this abstraction. */ + /** Gets a type parameter introduced by this abstraction, if any. */ TypeParameter getATypeParameter(); /** Gets a textual representation of this type abstraction. */ @@ -324,56 +324,31 @@ module Make1 Input1> { /** * Provides the input to `Make2`. * - * The `TypeMention` parameter is used to build the base type hierarchy based on - * `getABaseTypeMention` and to construct the constraint satisfaction - * hierarchy based on `conditionSatisfiesConstraint`. - * - * It will usually be based on syntactic occurrences of types in the source - * code. For example, in - * - * ```csharp - * class C : Base, Interface { } - * ``` - * - * a type mention would exist for `Base` and resolve to the following - * types: - * - * `TypePath` | `Type` - * ---------- | ------- - * `""` | ``Base`1`` - * `"0"` | `T` + * The `TypeMention` parameter is used to construct the constraint satisfaction + * hierarchy based on `conditionSatisfiesConstraint`, which is general enough + * to model both class hierarchies and trait implementation hierarchies in Rust. */ signature module InputSig2 { - /** - * Gets a base type mention of `t`, if any. Example: - * - * ```csharp - * class C : Base, Interface { } - * // ^ `t` - * // ^^^^^^^ `result` - * // ^^^^^^^^^ `result` - * ``` - */ - TypeMention getABaseTypeMention(Type t); - /** * Gets a type constraint on the type parameter `tp`, if any. All * instantiations of the type parameter must satisfy the constraint. * * For example, in + * * ```csharp * class GenericClass : IComparable> * // ^ `tp` * where T : IComparable { } * // ^^^^^^^^^^^^^^ `result` * ``` + * * the type parameter `T` has the constraint `IComparable`. */ TypeMention getATypeParameterConstraint(TypeParameter tp); /** * Holds if - * - `abs` is a type abstraction that introduces type variables that are + * - `abs` is a type abstraction that may introduce type variables that are * free in `condition` and `constraint`, * - and for every instantiation of the type parameters from `abs` the * resulting `condition` satisfies the constraint given by `constraint`. @@ -381,6 +356,7 @@ module Make1 Input1> { * through `constraint` should also apply to `condition`. * * Example in C#: + * * ```csharp * class C : IComparable> { } * // ^^^ `abs` @@ -389,6 +365,7 @@ module Make1 Input1> { * ``` * * Example in Rust: + * * ```rust * impl Trait for Type { } * // ^^^ `abs` ^^^^^^^^^^^^^^^ `condition` @@ -397,18 +374,22 @@ module Make1 Input1> { * * To see how `abs` changes the meaning of the type parameters that occur in * `condition`, consider the following examples in Rust: + * * ```rust * impl Trait for T { } * // ^^^ `abs` ^ `condition` * // ^^^^^ `constraint` * ``` + * * Here the meaning is "for all type parameters `T` it is the case that `T` * implements `Trait`". On the other hand, in + * * ```rust * fn foo() { } * // ^ `condition` * // ^^^^^ `constraint` * ``` + * * the meaning is "`T` implements `Trait`" where the constraint is only * valid for the specific `T`. Note that `condition` and `condition` are * identical in the two examples. To encode the difference, `abs` in the @@ -825,99 +806,6 @@ module Make1 Input1> { predicate multipleConstraintImplementations(Type conditionRoot, Type constraintRoot) { countConstraintImplementations(conditionRoot, constraintRoot) > 1 } - - /** - * Holds if `baseMention` is a (transitive) base type mention of `sub`, - * and `t` is mentioned (implicitly) at `path` inside `baseMention`. For - * example, in - * - * ```csharp - * class C { } - * - * class Base { } - * - * class Mid : Base> { } - * - * class Sub : Mid> { } // Sub extends Base> - * ``` - * - * - ``C`1`` is mentioned at `T2` for immediate base type mention `Base>` - * of `Mid`, - * - `T3` is mentioned at `T2.T1` for immediate base type mention `Base>` - * of `Mid`, - * - ``C`1`` is mentioned at `T3` for immediate base type mention `Mid>` - * of `Sub`, - * - `T4` is mentioned at `T3.T1` for immediate base type mention `Mid>` - * of `Sub`, - * - ``C`1`` is mentioned at `T2` and implicitly at `T2.T1` for transitive base type - * mention `Base>` of `Sub`, and - * - `T4` is mentioned implicitly at `T2.T1.T1` for transitive base type mention - * `Base>` of `Sub`. - */ - pragma[nomagic] - predicate baseTypeMentionHasTypeAt(Type sub, TypeMention baseMention, TypePath path, Type t) { - exists(TypeMention immediateBaseMention | - pragma[only_bind_into](immediateBaseMention) = - getABaseTypeMention(pragma[only_bind_into](sub)) - | - // immediate base class - baseMention = immediateBaseMention and - t = immediateBaseMention.getTypeAt(path) - or - // transitive base class - exists(Type immediateBase | immediateBase = getTypeMentionRoot(immediateBaseMention) | - baseTypeMentionHasNonTypeParameterAt(immediateBase, baseMention, path, t) - or - exists(TypePath path0, TypePath prefix, TypePath suffix, TypeParameter tp | - /* - * Example: - * - * - `prefix = "T2.T1"`, - * - `path0 = "T3"`, - * - `suffix = ""`, - * - `path = "T2.T1"` - * - * ```csharp - * class C { } - * ^ `t` - * - * class Base { } - * - * class Mid : Base> { } - * // ^^^ `immediateBase` - * // ^^ `tp` - * // ^^^^^^^^^^^ `baseMention` - * - * class Sub : Mid> { } - * // ^^^ `sub` - * // ^^^^^^^^^^ `immediateBaseMention` - * ``` - */ - - baseTypeMentionHasTypeParameterAt(immediateBase, baseMention, prefix, tp) and - t = immediateBaseMention.getTypeAt(path0) and - path0.isCons(tp, suffix) and - path = prefix.append(suffix) - ) - ) - ) - } - - overlay[caller?] - pragma[inline] - predicate baseTypeMentionHasNonTypeParameterAt( - Type sub, TypeMention baseMention, TypePath path, Type t - ) { - not t = sub.getATypeParameter() and baseTypeMentionHasTypeAt(sub, baseMention, path, t) - } - - overlay[caller?] - pragma[inline] - predicate baseTypeMentionHasTypeParameterAt( - Type sub, TypeMention baseMention, TypePath path, TypeParameter tp - ) { - tp = sub.getATypeParameter() and baseTypeMentionHasTypeAt(sub, baseMention, path, tp) - } } private import BaseTypes @@ -1503,76 +1391,135 @@ module Make1 Input1> { private module AccessBaseType { /** - * Holds if inferring types at `a` in environment `e` might depend on the type at - * `path` of `apos` having `base` as a transitive base type. + * Holds if the type of `target` at `apos` and `pathToTp` is type parameter `tp`, + * and an argument with root type `argRootType` may be able to be matched against + * `tp` via the `conditionSatisfiesConstraint` hierarchy. */ - private predicate relevantAccess( - Access a, AccessEnvironment e, AccessPosition apos, Type base + pragma[nomagic] + private predicate argRootTypeSatisfiesTargetTypeCand( + Type argRootType, Declaration target, AccessPosition apos, TypeParameter tp, + TypePath pathToTp ) { - exists(Declaration target, DeclarationPosition dpos | - target = a.getTarget(e) and + exists( + DeclarationPosition dpos, TypeMention condition, TypeMention constraint, + Type constraintRootType + | accessDeclarationPositionMatch(apos, dpos) and - declarationBaseType(target, dpos, base, _, _) + tp = target.getDeclaredType(dpos, pathToTp) and + conditionSatisfiesConstraintTypeAt(_, condition, constraint, TypePath::nil(), + constraintRootType) and + constraintRootType = target.getDeclaredType(dpos, TypePath::nil()) and + argRootType = condition.getTypeAt(TypePath::nil()) ) } + private newtype TRelevantTarget = + MkRelevantTarget(Declaration target, AccessPosition apos) { + argRootTypeSatisfiesTargetTypeCand(_, target, apos, _, _) + } + + private class RelevantTarget extends MkRelevantTarget { + Declaration target; + AccessPosition apos; + + RelevantTarget() { this = MkRelevantTarget(target, apos) } + + Type getTypeAt(TypePath path) { + exists(DeclarationPosition dpos | + accessDeclarationPositionMatch(apos, dpos) and + result = target.getDeclaredType(dpos, path) + ) + } + + string toString() { result = target.toString() + ", " + apos.toString() } + + Location getLocation() { result = target.getLocation() } + } + pragma[nomagic] - private Type inferTypeAt( - Access a, AccessEnvironment e, AccessPosition apos, TypeParameter tp, TypePath suffix + private predicate argRootTypeSatisfiesTargetTypeCand( + Type argRootType, Access a, AccessEnvironment e, Declaration target, AccessPosition apos, + TypeParameter tp, TypePath pathToTp ) { - relevantAccess(a, e, apos, _) and - exists(TypePath path0 | - result = a.getInferredType(e, apos, path0) and - path0.isCons(tp, suffix) - ) + target = a.getTarget(e) and + argRootTypeSatisfiesTargetTypeCand(argRootType, target, apos, tp, pathToTp) and + not exists(getTypeArgument(a, target, tp, _)) } + private newtype TRelevantAccess = + MkRelevantAccess(Access a, AccessPosition apos, AccessEnvironment e) { + argRootTypeSatisfiesTargetTypeCand(a.getInferredType(e, apos, TypePath::nil()), a, e, _, + apos, _, _) + } + + private class RelevantAccess extends MkRelevantAccess { + Access a; + AccessPosition apos; + AccessEnvironment e; + + RelevantAccess() { this = MkRelevantAccess(a, apos, e) } + + RelevantTarget getTarget() { result = MkRelevantTarget(a.getTarget(e), apos) } + + pragma[nomagic] + Type getTypeAt(TypePath path) { result = a.getInferredType(e, apos, path) } + + string toString() { result = a.toString() + ", " + apos.toString() } + + Location getLocation() { result = a.getLocation() } + } + + private module SatisfiesParameterConstraintInput implements + SatisfiesConstraintInputSig + { + predicate relevantConstraint(RelevantAccess at, RelevantTarget constraint) { + constraint = at.getTarget() + } + } + + private module SatisfiesParameterConstraint = + SatisfiesConstraint; + /** - * Holds if `baseMention` is a (transitive) base type mention of the - * type of `a` at position `apos` at path `pathToSub` in environment - * `e`, and `t` is mentioned (implicitly) at `path` inside `base`. + * Holds if the (transitive) base type `t` at `path` of `a` in environment `e` + * for some `AccessPosition` matches the type parameter `tp`, which is used in + * the declared types of `target`. * * For example, in * * ```csharp * class C { } * - * class Base { } + * class Base { + * // ^^ `tp` + * public C Method() { ... } + * // ^^^^^^ `target` + * } * * class Mid : Base> { } * * class Sub : Mid> { } * - * new Sub().ToString(); - * // ^^^^^^^^^^^^^^ node at `apos` - * // ^^^^^^^^^^^^^^^^^^^^^^^^^ `a` + * new Sub().Method(); // Note: `Sub` is a subtype of `Base>>` + * // ^^^^^^^^^^^^^^^^^^^^^^^ `a` * ``` * - * where the method call is an access, `new Sub()` is at the access - * position which is the receiver of a method call, and `pathToSub` is - * `""` we have: + * we have that type parameter `T2` of `Base` is matched as follows: * - * `baseMention` | `path` | `t` - * ------------- | ------------ | --- - * `Mid>` | `"T3"` | ``C`1`` - * `Mid>` | `"T3.T1"` | `int` - * `Base>` | `"T2"` | ``C`1`` - * `Base>` | `"T2.T1"` | ``C`1`` - * `Base>` | `"T2.T1.T1"` | `int` + * `path` | `t` + * --------- | ------- + * `""` | ``C`1`` + * `"T1"` | ``C`1`` + * `"T1.T1"` | `int` */ - predicate hasBaseTypeMention( - Access a, AccessEnvironment e, AccessPosition apos, TypeMention baseMention, - TypePath path, Type t + pragma[nomagic] + predicate baseTypeMatch( + Access a, AccessEnvironment e, Declaration target, TypePath path, Type t, TypeParameter tp ) { - relevantAccess(a, e, apos, getTypeMentionRoot(baseMention)) and - exists(Type sub | sub = a.getInferredType(e, apos, TypePath::nil()) | - baseTypeMentionHasNonTypeParameterAt(sub, baseMention, path, t) - or - exists(TypePath prefix, TypePath suffix, TypeParameter tp | - baseTypeMentionHasTypeParameterAt(sub, baseMention, prefix, tp) and - t = inferTypeAt(a, e, apos, tp, suffix) and - path = prefix.append(suffix) - ) + exists(AccessPosition apos, TypePath pathToTp | + argRootTypeSatisfiesTargetTypeCand(_, a, e, target, apos, tp, pathToTp) and + SatisfiesParameterConstraint::satisfiesConstraint(MkRelevantAccess(a, apos, e), + MkRelevantTarget(target, apos), pathToTp.appendInverse(path), t) ) } } @@ -1683,77 +1630,6 @@ module Make1 Input1> { } } - /** - * Holds if the type of `a` at `apos` in environment `e` has the base type `base`, - * and when viewed as an element of that type has the type `t` at `path`. - */ - pragma[nomagic] - private predicate accessBaseType( - Access a, AccessEnvironment e, AccessPosition apos, Type base, TypePath path, Type t - ) { - exists(TypeMention tm | - AccessBaseType::hasBaseTypeMention(a, e, apos, tm, path, t) and - base = getTypeMentionRoot(tm) - ) - } - - /** - * Holds if the declared type at `decl` for `dpos` at the `path` is `tp` - * and `path` starts with a type parameter of `base`. - */ - pragma[nomagic] - private predicate declarationBaseType( - Declaration decl, DeclarationPosition dpos, Type base, TypePath path, TypeParameter tp - ) { - tp = decl.getDeclaredType(dpos, path) and - base.getATypeParameter() = path.getHead() - } - - /** - * Holds if the (transitive) base type `t` at `path` of `a` in environment `e` - * for some `AccessPosition` matches the type parameter `tp`, which is used in - * the declared types of `target`. - * - * For example, in - * - * ```csharp - * class C { } - * - * class Base { - * // ^^ `tp` - * public C Method() { ... } - * // ^^^^^^ `target` - * } - * - * class Mid : Base> { } - * - * class Sub : Mid> { } - * - * new Sub().Method(); // Note: `Sub` is a subtype of `Base>>` - * // ^^^^^^^^^^^^^^^^^^^^^^^ `a` - * ``` - * - * we have that type parameter `T2` of `Base` is matched as follows: - * - * `path` | `t` - * --------- | ------- - * `""` | ``C`1`` - * `"T1"` | ``C`1`` - * `"T1.T1"` | `int` - */ - pragma[nomagic] - private predicate baseTypeMatch( - Access a, AccessEnvironment e, Declaration target, TypePath path, Type t, TypeParameter tp - ) { - not exists(getTypeArgument(a, target, tp, _)) and - target = a.getTarget(e) and - exists(AccessPosition apos, DeclarationPosition dpos, Type base, TypePath pathToTypeParam | - accessBaseType(a, e, apos, base, pathToTypeParam.appendInverse(path), t) and - declarationBaseType(target, dpos, base, pathToTypeParam, tp) and - accessDeclarationPositionMatch(apos, dpos) - ) - } - /** * Holds if for `a` and corresponding `target` in environment `e`, the type parameter * `tp` is matched by a type argument at the access with type `t` and type path @@ -1839,7 +1715,7 @@ module Make1 Input1> { directTypeMatch(a, e, target, path, t, tp) or // We can infer the type of `tp` by going up the type hiearchy - baseTypeMatch(a, e, target, path, t, tp) + AccessBaseType::baseTypeMatch(a, e, target, path, t, tp) or // We can infer the type of `tp` by a type constraint typeConstraintBaseTypeMatch(a, e, target, path, t, tp) From 7f1bebe8ba33a4e6a8df1526c1f17674349cfb08 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Sun, 17 May 2026 20:29:19 +0200 Subject: [PATCH 02/27] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- .../codeql/typeinference/internal/TypeInference.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/typeinference/codeql/typeinference/internal/TypeInference.qll b/shared/typeinference/codeql/typeinference/internal/TypeInference.qll index c6d657d7241f..348446765ae9 100644 --- a/shared/typeinference/codeql/typeinference/internal/TypeInference.qll +++ b/shared/typeinference/codeql/typeinference/internal/TypeInference.qll @@ -1714,7 +1714,7 @@ module Make1 Input1> { // We can infer the type of `tp` from one of the access positions directTypeMatch(a, e, target, path, t, tp) or - // We can infer the type of `tp` by going up the type hiearchy + // We can infer the type of `tp` by going up the type hierarchy AccessBaseType::baseTypeMatch(a, e, target, path, t, tp) or // We can infer the type of `tp` by a type constraint From 2902a19a50ddb5a71eeb32d12fe2cb1366589bda Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 14 May 2026 18:37:38 +0100 Subject: [PATCH 03/27] C++: Add more scanf testing. --- .../source-sink-tests/sources-and-sinks.cpp | 38 +++++++++++++++++++ .../scanf/scanfFormatLiteral.expected | 10 ++--- .../scanf/scanfFunctionCall.expected | 8 ++-- .../scanf/scanfFunctionCallOutput.expected | 6 +++ .../scanf/scanfFunctionCallOutput.ql | 5 +++ cpp/ql/test/library-tests/scanf/test.c | 4 +- 6 files changed, 61 insertions(+), 10 deletions(-) create mode 100644 cpp/ql/test/library-tests/scanf/scanfFunctionCallOutput.expected create mode 100644 cpp/ql/test/library-tests/scanf/scanfFunctionCallOutput.ql diff --git a/cpp/ql/test/library-tests/dataflow/source-sink-tests/sources-and-sinks.cpp b/cpp/ql/test/library-tests/dataflow/source-sink-tests/sources-and-sinks.cpp index e4947a112f8d..7757eb46dd31 100644 --- a/cpp/ql/test/library-tests/dataflow/source-sink-tests/sources-and-sinks.cpp +++ b/cpp/ql/test/library-tests/dataflow/source-sink-tests/sources-and-sinks.cpp @@ -131,3 +131,41 @@ void test_strsafe_gets() { StringCchGetsExA(dest, sizeof(dest), &end, &remaining, 0); // $ local_source } } + +int scanf_s(const char *format, ...); +int fscanf_s(FILE *stream, const char *format, ...); + +void test_scanf_s(FILE *stream) { + { + int n1, n2; + scanf_s( + "%d", + &n1, // $ MISSING: local_source + &n2); // $ MISSING: local_source + } + + { + int n; + fscanf_s(stream, "%d", &n); // $ MISSING: remote_source + } + + { + int n1, n2; + char buf[256]; + scanf_s("%d %s", + &n1, // $ MISSING: local_source + buf, // $ MISSING: local_source + 256, + &n2); // $ MISSING: local_source + } + + { + int n1, n2; + char buf[256]; + fscanf_s(stream, "%d %s", + &n1, // $ MISSING: remote_source + buf, // $ MISSING: remote_source + 256, + &n2); // $ MISSING: remote_source + } +} \ No newline at end of file diff --git a/cpp/ql/test/library-tests/scanf/scanfFormatLiteral.expected b/cpp/ql/test/library-tests/scanf/scanfFormatLiteral.expected index 263ea54b8cd3..9fcbb42a2166 100644 --- a/cpp/ql/test/library-tests/scanf/scanfFormatLiteral.expected +++ b/cpp/ql/test/library-tests/scanf/scanfFormatLiteral.expected @@ -1,5 +1,5 @@ -| test.c:18:2:18:6 | call to scanf | 0 | s | 0 | 0 | -| test.c:19:2:19:7 | call to fscanf | 0 | s | 10 | 10 | -| test.c:19:2:19:7 | call to fscanf | 1 | i | 0 | 0 | -| test.c:20:2:20:7 | call to sscanf | 0 | s | 0 | 0 | -| test.c:21:2:21:8 | call to swscanf | 0 | s | 10 | 10 | +| test.c:19:2:19:6 | call to scanf | 0 | s | 0 | 0 | +| test.c:20:2:20:7 | call to fscanf | 0 | s | 10 | 10 | +| test.c:20:2:20:7 | call to fscanf | 1 | i | 0 | 0 | +| test.c:21:2:21:7 | call to sscanf | 0 | s | 0 | 0 | +| test.c:22:2:22:8 | call to swscanf | 0 | s | 10 | 10 | diff --git a/cpp/ql/test/library-tests/scanf/scanfFunctionCall.expected b/cpp/ql/test/library-tests/scanf/scanfFunctionCall.expected index b0dce385b7bb..7e74a349f8bd 100644 --- a/cpp/ql/test/library-tests/scanf/scanfFunctionCall.expected +++ b/cpp/ql/test/library-tests/scanf/scanfFunctionCall.expected @@ -1,5 +1,5 @@ | ms.cpp:17:3:17:8 | call to sscanf | 0 | 1 | ms.cpp:17:24:17:30 | %I64i | non-wide | -| test.c:18:2:18:6 | call to scanf | 0 | 0 | test.c:18:8:18:11 | %s | non-wide | -| test.c:19:2:19:7 | call to fscanf | 0 | 1 | test.c:19:15:19:23 | %10s %i | non-wide | -| test.c:20:2:20:7 | call to sscanf | 0 | 1 | test.c:20:19:20:28 | %*i%s%*s | non-wide | -| test.c:21:2:21:8 | call to swscanf | 0 | 1 | test.c:21:21:21:26 | %10s | wide | +| test.c:19:2:19:6 | call to scanf | 0 | 0 | test.c:19:8:19:11 | %s | non-wide | +| test.c:20:2:20:7 | call to fscanf | 0 | 1 | test.c:20:15:20:23 | %10s %i | non-wide | +| test.c:21:2:21:7 | call to sscanf | 0 | 1 | test.c:21:19:21:28 | %*i%s%*s | non-wide | +| test.c:22:2:22:8 | call to swscanf | 0 | 1 | test.c:22:21:22:26 | %10s | wide | diff --git a/cpp/ql/test/library-tests/scanf/scanfFunctionCallOutput.expected b/cpp/ql/test/library-tests/scanf/scanfFunctionCallOutput.expected new file mode 100644 index 000000000000..f232db160da6 --- /dev/null +++ b/cpp/ql/test/library-tests/scanf/scanfFunctionCallOutput.expected @@ -0,0 +1,6 @@ +| ms.cpp:17:3:17:8 | call to sscanf | ms.cpp:17:33:17:36 | & ... | 0 | +| test.c:19:2:19:6 | call to scanf | test.c:19:14:19:19 | buffer | 0 | +| test.c:20:2:20:7 | call to fscanf | test.c:20:26:20:31 | buffer | 0 | +| test.c:20:2:20:7 | call to fscanf | test.c:20:34:20:34 | i | 1 | +| test.c:21:2:21:7 | call to sscanf | test.c:21:31:21:36 | buffer | 0 | +| test.c:22:2:22:8 | call to swscanf | test.c:22:29:22:35 | wbuffer | 0 | diff --git a/cpp/ql/test/library-tests/scanf/scanfFunctionCallOutput.ql b/cpp/ql/test/library-tests/scanf/scanfFunctionCallOutput.ql new file mode 100644 index 000000000000..a3d40604cfa8 --- /dev/null +++ b/cpp/ql/test/library-tests/scanf/scanfFunctionCallOutput.ql @@ -0,0 +1,5 @@ +import semmle.code.cpp.commons.Scanf + +from ScanfFunctionCall sfc, Expr e, int n +where e = sfc.getOutputArgument(n) +select sfc, e, n diff --git a/cpp/ql/test/library-tests/scanf/test.c b/cpp/ql/test/library-tests/scanf/test.c index c378eec72220..eb99bbec7adf 100644 --- a/cpp/ql/test/library-tests/scanf/test.c +++ b/cpp/ql/test/library-tests/scanf/test.c @@ -7,18 +7,20 @@ int scanf(const char *format, ...); int fscanf(FILE *stream, const char *format, ...); int sscanf(const char *s, const char *format, ...); int swscanf(const wchar_t* ws, const wchar_t* format, ...); +int scanf_s(const char *format, ...); int main(int argc, char *argv[]) { char buffer[256]; wchar_t wbuffer[256]; FILE *file; - int i; + int i, i2; scanf("%s", buffer); fscanf(file, "%10s %i", buffer, i); sscanf("Hello.", "%*i%s%*s", buffer); swscanf(L"Hello.", "%10s", wbuffer); + scanf_s("%d %s %d", &i, buffer, 10, &i2); return 0; } \ No newline at end of file From e38616a2ef2e5cfea320b12738e5113945b10a2a Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 18 May 2026 12:05:32 +0000 Subject: [PATCH 04/27] Release preparation for version 2.25.5 --- actions/ql/lib/CHANGELOG.md | 6 ++++++ .../0.4.36.md} | 9 +++++---- actions/ql/lib/codeql-pack.release.yml | 2 +- actions/ql/lib/qlpack.yml | 2 +- actions/ql/src/CHANGELOG.md | 14 ++++++++++++++ ...-15-untrusted-checkout-improvements-helpfile.md | 4 ---- ...-15-untrusted-checkout-improvements-metadata.md | 4 ---- .../2026-04-20-unpinned-tag-composite-actions.md | 4 ---- actions/ql/src/change-notes/released/0.6.28.md | 13 +++++++++++++ actions/ql/src/codeql-pack.release.yml | 2 +- actions/ql/src/qlpack.yml | 2 +- cpp/ql/lib/CHANGELOG.md | 6 ++++++ .../10.1.1.md} | 9 +++++---- cpp/ql/lib/codeql-pack.release.yml | 2 +- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/CHANGELOG.md | 6 ++++++ .../1.6.3.md} | 9 +++++---- cpp/ql/src/codeql-pack.release.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md | 4 ++++ .../Solorigate/lib/change-notes/released/1.7.67.md | 3 +++ .../Solorigate/lib/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/src/CHANGELOG.md | 4 ++++ .../Solorigate/src/change-notes/released/1.7.67.md | 3 +++ .../Solorigate/src/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +- csharp/ql/lib/CHANGELOG.md | 4 ++++ csharp/ql/lib/change-notes/released/6.0.1.md | 3 +++ csharp/ql/lib/codeql-pack.release.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/CHANGELOG.md | 4 ++++ csharp/ql/src/change-notes/released/1.7.3.md | 3 +++ csharp/ql/src/codeql-pack.release.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- go/ql/consistency-queries/CHANGELOG.md | 4 ++++ .../change-notes/released/1.0.50.md | 3 +++ go/ql/consistency-queries/codeql-pack.release.yml | 2 +- go/ql/consistency-queries/qlpack.yml | 2 +- go/ql/lib/CHANGELOG.md | 4 ++++ go/ql/lib/change-notes/released/7.1.1.md | 3 +++ go/ql/lib/codeql-pack.release.yml | 2 +- go/ql/lib/qlpack.yml | 2 +- go/ql/src/CHANGELOG.md | 4 ++++ go/ql/src/change-notes/released/1.6.3.md | 3 +++ go/ql/src/codeql-pack.release.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/lib/CHANGELOG.md | 6 ++++++ .../9.1.1.md} | 7 ++++--- java/ql/lib/codeql-pack.release.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/CHANGELOG.md | 6 ++++++ .../1.11.3.md} | 7 ++++--- java/ql/src/codeql-pack.release.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/CHANGELOG.md | 4 ++++ javascript/ql/lib/change-notes/released/2.7.1.md | 3 +++ javascript/ql/lib/codeql-pack.release.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/CHANGELOG.md | 4 ++++ javascript/ql/src/change-notes/released/2.3.10.md | 3 +++ javascript/ql/src/codeql-pack.release.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- misc/suite-helpers/CHANGELOG.md | 4 ++++ misc/suite-helpers/change-notes/released/1.0.50.md | 3 +++ misc/suite-helpers/codeql-pack.release.yml | 2 +- misc/suite-helpers/qlpack.yml | 2 +- python/ql/lib/CHANGELOG.md | 4 ++++ python/ql/lib/change-notes/released/7.1.1.md | 3 +++ python/ql/lib/codeql-pack.release.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/CHANGELOG.md | 4 ++++ python/ql/src/change-notes/released/1.8.3.md | 3 +++ python/ql/src/codeql-pack.release.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ruby/ql/lib/CHANGELOG.md | 4 ++++ ruby/ql/lib/change-notes/released/5.2.1.md | 3 +++ ruby/ql/lib/codeql-pack.release.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/CHANGELOG.md | 4 ++++ ruby/ql/src/change-notes/released/1.6.3.md | 3 +++ ruby/ql/src/codeql-pack.release.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- rust/ql/lib/CHANGELOG.md | 4 ++++ rust/ql/lib/change-notes/released/0.2.14.md | 3 +++ rust/ql/lib/codeql-pack.release.yml | 2 +- rust/ql/lib/qlpack.yml | 2 +- rust/ql/src/CHANGELOG.md | 4 ++++ rust/ql/src/change-notes/released/0.1.35.md | 3 +++ rust/ql/src/codeql-pack.release.yml | 2 +- rust/ql/src/qlpack.yml | 2 +- shared/concepts/CHANGELOG.md | 4 ++++ shared/concepts/change-notes/released/0.0.24.md | 3 +++ shared/concepts/codeql-pack.release.yml | 2 +- shared/concepts/qlpack.yml | 2 +- shared/controlflow/CHANGELOG.md | 4 ++++ shared/controlflow/change-notes/released/2.0.34.md | 3 +++ shared/controlflow/codeql-pack.release.yml | 2 +- shared/controlflow/qlpack.yml | 2 +- shared/dataflow/CHANGELOG.md | 4 ++++ shared/dataflow/change-notes/released/2.1.6.md | 3 +++ shared/dataflow/codeql-pack.release.yml | 2 +- shared/dataflow/qlpack.yml | 2 +- shared/mad/CHANGELOG.md | 4 ++++ shared/mad/change-notes/released/1.0.50.md | 3 +++ shared/mad/codeql-pack.release.yml | 2 +- shared/mad/qlpack.yml | 2 +- shared/quantum/CHANGELOG.md | 4 ++++ shared/quantum/change-notes/released/0.0.28.md | 3 +++ shared/quantum/codeql-pack.release.yml | 2 +- shared/quantum/qlpack.yml | 2 +- shared/rangeanalysis/CHANGELOG.md | 4 ++++ .../rangeanalysis/change-notes/released/1.0.50.md | 3 +++ shared/rangeanalysis/codeql-pack.release.yml | 2 +- shared/rangeanalysis/qlpack.yml | 2 +- shared/regex/CHANGELOG.md | 4 ++++ shared/regex/change-notes/released/1.0.50.md | 3 +++ shared/regex/codeql-pack.release.yml | 2 +- shared/regex/qlpack.yml | 2 +- shared/ssa/CHANGELOG.md | 4 ++++ shared/ssa/change-notes/released/2.0.26.md | 3 +++ shared/ssa/codeql-pack.release.yml | 2 +- shared/ssa/qlpack.yml | 2 +- shared/threat-models/CHANGELOG.md | 4 ++++ .../threat-models/change-notes/released/1.0.50.md | 3 +++ shared/threat-models/codeql-pack.release.yml | 2 +- shared/threat-models/qlpack.yml | 2 +- shared/tutorial/CHANGELOG.md | 4 ++++ shared/tutorial/change-notes/released/1.0.50.md | 3 +++ shared/tutorial/codeql-pack.release.yml | 2 +- shared/tutorial/qlpack.yml | 2 +- shared/typeflow/CHANGELOG.md | 4 ++++ shared/typeflow/change-notes/released/1.0.50.md | 3 +++ shared/typeflow/codeql-pack.release.yml | 2 +- shared/typeflow/qlpack.yml | 2 +- shared/typeinference/CHANGELOG.md | 4 ++++ .../typeinference/change-notes/released/0.0.31.md | 3 +++ shared/typeinference/codeql-pack.release.yml | 2 +- shared/typeinference/qlpack.yml | 2 +- shared/typetracking/CHANGELOG.md | 4 ++++ .../typetracking/change-notes/released/2.0.34.md | 3 +++ shared/typetracking/codeql-pack.release.yml | 2 +- shared/typetracking/qlpack.yml | 2 +- shared/typos/CHANGELOG.md | 4 ++++ shared/typos/change-notes/released/1.0.50.md | 3 +++ shared/typos/codeql-pack.release.yml | 2 +- shared/typos/qlpack.yml | 2 +- shared/util/CHANGELOG.md | 4 ++++ shared/util/change-notes/released/2.0.37.md | 3 +++ shared/util/codeql-pack.release.yml | 2 +- shared/util/qlpack.yml | 2 +- shared/xml/CHANGELOG.md | 4 ++++ shared/xml/change-notes/released/1.0.50.md | 3 +++ shared/xml/codeql-pack.release.yml | 2 +- shared/xml/qlpack.yml | 2 +- shared/yaml/CHANGELOG.md | 4 ++++ shared/yaml/change-notes/released/1.0.50.md | 3 +++ shared/yaml/codeql-pack.release.yml | 2 +- shared/yaml/qlpack.yml | 2 +- swift/ql/lib/CHANGELOG.md | 6 ++++++ .../6.6.0.md} | 7 ++++--- swift/ql/lib/codeql-pack.release.yml | 2 +- swift/ql/lib/qlpack.yml | 2 +- swift/ql/src/CHANGELOG.md | 4 ++++ swift/ql/src/change-notes/released/1.3.3.md | 3 +++ swift/ql/src/codeql-pack.release.yml | 2 +- swift/ql/src/qlpack.yml | 2 +- 167 files changed, 410 insertions(+), 115 deletions(-) rename actions/ql/lib/change-notes/{2026-04-15-poisonable-steps-additions-alterations.md => released/0.4.36.md} (92%) delete mode 100644 actions/ql/src/change-notes/2026-04-15-untrusted-checkout-improvements-helpfile.md delete mode 100644 actions/ql/src/change-notes/2026-04-15-untrusted-checkout-improvements-metadata.md delete mode 100644 actions/ql/src/change-notes/2026-04-20-unpinned-tag-composite-actions.md create mode 100644 actions/ql/src/change-notes/released/0.6.28.md rename cpp/ql/lib/change-notes/{2026-05-15-hasSocketInput-for-fscanf.md => released/10.1.1.md} (64%) rename cpp/ql/src/change-notes/{2026-05-15-cleartext-transmission-fp.md => released/1.6.3.md} (69%) create mode 100644 csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.67.md create mode 100644 csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.67.md create mode 100644 csharp/ql/lib/change-notes/released/6.0.1.md create mode 100644 csharp/ql/src/change-notes/released/1.7.3.md create mode 100644 go/ql/consistency-queries/change-notes/released/1.0.50.md create mode 100644 go/ql/lib/change-notes/released/7.1.1.md create mode 100644 go/ql/src/change-notes/released/1.6.3.md rename java/ql/lib/change-notes/{2026-04-21-path-injection-read-subkind.md => released/9.1.1.md} (88%) rename java/ql/src/change-notes/{2026-04-21-zipslip-exclude-read-sinks.md => released/1.11.3.md} (89%) create mode 100644 javascript/ql/lib/change-notes/released/2.7.1.md create mode 100644 javascript/ql/src/change-notes/released/2.3.10.md create mode 100644 misc/suite-helpers/change-notes/released/1.0.50.md create mode 100644 python/ql/lib/change-notes/released/7.1.1.md create mode 100644 python/ql/src/change-notes/released/1.8.3.md create mode 100644 ruby/ql/lib/change-notes/released/5.2.1.md create mode 100644 ruby/ql/src/change-notes/released/1.6.3.md create mode 100644 rust/ql/lib/change-notes/released/0.2.14.md create mode 100644 rust/ql/src/change-notes/released/0.1.35.md create mode 100644 shared/concepts/change-notes/released/0.0.24.md create mode 100644 shared/controlflow/change-notes/released/2.0.34.md create mode 100644 shared/dataflow/change-notes/released/2.1.6.md create mode 100644 shared/mad/change-notes/released/1.0.50.md create mode 100644 shared/quantum/change-notes/released/0.0.28.md create mode 100644 shared/rangeanalysis/change-notes/released/1.0.50.md create mode 100644 shared/regex/change-notes/released/1.0.50.md create mode 100644 shared/ssa/change-notes/released/2.0.26.md create mode 100644 shared/threat-models/change-notes/released/1.0.50.md create mode 100644 shared/tutorial/change-notes/released/1.0.50.md create mode 100644 shared/typeflow/change-notes/released/1.0.50.md create mode 100644 shared/typeinference/change-notes/released/0.0.31.md create mode 100644 shared/typetracking/change-notes/released/2.0.34.md create mode 100644 shared/typos/change-notes/released/1.0.50.md create mode 100644 shared/util/change-notes/released/2.0.37.md create mode 100644 shared/xml/change-notes/released/1.0.50.md create mode 100644 shared/yaml/change-notes/released/1.0.50.md rename swift/ql/lib/change-notes/{2026-05-11-declared-interface-type.md => released/6.6.0.md} (83%) create mode 100644 swift/ql/src/change-notes/released/1.3.3.md diff --git a/actions/ql/lib/CHANGELOG.md b/actions/ql/lib/CHANGELOG.md index 011af903a2a2..ddd0b0f1aec8 100644 --- a/actions/ql/lib/CHANGELOG.md +++ b/actions/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.4.36 + +### Minor Analysis Improvements + +* Altered 2 patterns in the `poisonable_steps` modelling. Extra sinks are detected in the following cases: scripts executed via python modules and `go run` in directories are detected as potential mechanisms of injection. For the go execution pattern, the pattern is updated to now ignore flags that occur between go and the specific command. This change may lead to more results being detected by the following queries: `actions/untrusted-checkout/high`, `actions/untrusted-checkout/critical`, `actions/untrusted-checkout-toctou/high`, `actions/untrusted-checkout-toctou/critical`, `actions/cache-poisoning/poisonable-step`, `actions/cache-poisoning/direct-cache` and `actions/artifact-poisoning/path-traversal`. + ## 0.4.35 No user-facing changes. diff --git a/actions/ql/lib/change-notes/2026-04-15-poisonable-steps-additions-alterations.md b/actions/ql/lib/change-notes/released/0.4.36.md similarity index 92% rename from actions/ql/lib/change-notes/2026-04-15-poisonable-steps-additions-alterations.md rename to actions/ql/lib/change-notes/released/0.4.36.md index 4a28280a3c88..1781776f932a 100644 --- a/actions/ql/lib/change-notes/2026-04-15-poisonable-steps-additions-alterations.md +++ b/actions/ql/lib/change-notes/released/0.4.36.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- -* Altered 2 patterns in the `poisonable_steps` modelling. Extra sinks are detected in the following cases: scripts executed via python modules and `go run` in directories are detected as potential mechanisms of injection. For the go execution pattern, the pattern is updated to now ignore flags that occur between go and the specific command. This change may lead to more results being detected by the following queries: `actions/untrusted-checkout/high`, `actions/untrusted-checkout/critical`, `actions/untrusted-checkout-toctou/high`, `actions/untrusted-checkout-toctou/critical`, `actions/cache-poisoning/poisonable-step`, `actions/cache-poisoning/direct-cache` and `actions/artifact-poisoning/path-traversal`. \ No newline at end of file +## 0.4.36 + +### Minor Analysis Improvements + +* Altered 2 patterns in the `poisonable_steps` modelling. Extra sinks are detected in the following cases: scripts executed via python modules and `go run` in directories are detected as potential mechanisms of injection. For the go execution pattern, the pattern is updated to now ignore flags that occur between go and the specific command. This change may lead to more results being detected by the following queries: `actions/untrusted-checkout/high`, `actions/untrusted-checkout/critical`, `actions/untrusted-checkout-toctou/high`, `actions/untrusted-checkout-toctou/critical`, `actions/cache-poisoning/poisonable-step`, `actions/cache-poisoning/direct-cache` and `actions/artifact-poisoning/path-traversal`. diff --git a/actions/ql/lib/codeql-pack.release.yml b/actions/ql/lib/codeql-pack.release.yml index 524302c92d3e..45433e3ec031 100644 --- a/actions/ql/lib/codeql-pack.release.yml +++ b/actions/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.4.35 +lastReleaseVersion: 0.4.36 diff --git a/actions/ql/lib/qlpack.yml b/actions/ql/lib/qlpack.yml index cf1232c01fb4..747298d69c6d 100644 --- a/actions/ql/lib/qlpack.yml +++ b/actions/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-all -version: 0.4.36-dev +version: 0.4.36 library: true warnOnImplicitThis: true dependencies: diff --git a/actions/ql/src/CHANGELOG.md b/actions/ql/src/CHANGELOG.md index 0a7fa1ce8309..1670f0af5be8 100644 --- a/actions/ql/src/CHANGELOG.md +++ b/actions/ql/src/CHANGELOG.md @@ -1,3 +1,17 @@ +## 0.6.28 + +### Query Metadata Changes + +* Adjusted the name of `actions/untrusted-checkout/high` to more clearly describe which parts of the scenario are in a privileged context. + +### Minor Analysis Improvements + +* The `actions/unpinned-tag` query now analyzes composite action metadata (`action.yml`/`action.yaml` files) in addition to workflow files, providing more comprehensive detection of unpinned action references across the entire Actions ecosystem. + +### Bug Fixes + +* Fixed help file descriptions for queries: `actions/untrusted-checkout/critical`, `actions/untrusted-checkout/high`, `actions/untrusted-checkout/medium`. Previously the messages were unclear as to why and how the vulnerabilities could occur. + ## 0.6.27 No user-facing changes. diff --git a/actions/ql/src/change-notes/2026-04-15-untrusted-checkout-improvements-helpfile.md b/actions/ql/src/change-notes/2026-04-15-untrusted-checkout-improvements-helpfile.md deleted file mode 100644 index 2555bc03d3d1..000000000000 --- a/actions/ql/src/change-notes/2026-04-15-untrusted-checkout-improvements-helpfile.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: fix ---- -* Fixed help file descriptions for queries: `actions/untrusted-checkout/critical`, `actions/untrusted-checkout/high`, `actions/untrusted-checkout/medium`. Previously the messages were unclear as to why and how the vulnerabilities could occur. \ No newline at end of file diff --git a/actions/ql/src/change-notes/2026-04-15-untrusted-checkout-improvements-metadata.md b/actions/ql/src/change-notes/2026-04-15-untrusted-checkout-improvements-metadata.md deleted file mode 100644 index 78f97da0f17c..000000000000 --- a/actions/ql/src/change-notes/2026-04-15-untrusted-checkout-improvements-metadata.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: queryMetadata ---- -* Adjusted the name of `actions/untrusted-checkout/high` to more clearly describe which parts of the scenario are in a privileged context. \ No newline at end of file diff --git a/actions/ql/src/change-notes/2026-04-20-unpinned-tag-composite-actions.md b/actions/ql/src/change-notes/2026-04-20-unpinned-tag-composite-actions.md deleted file mode 100644 index 7e00965a17cf..000000000000 --- a/actions/ql/src/change-notes/2026-04-20-unpinned-tag-composite-actions.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `actions/unpinned-tag` query now analyzes composite action metadata (`action.yml`/`action.yaml` files) in addition to workflow files, providing more comprehensive detection of unpinned action references across the entire Actions ecosystem. \ No newline at end of file diff --git a/actions/ql/src/change-notes/released/0.6.28.md b/actions/ql/src/change-notes/released/0.6.28.md new file mode 100644 index 000000000000..23a7aa24ee38 --- /dev/null +++ b/actions/ql/src/change-notes/released/0.6.28.md @@ -0,0 +1,13 @@ +## 0.6.28 + +### Query Metadata Changes + +* Adjusted the name of `actions/untrusted-checkout/high` to more clearly describe which parts of the scenario are in a privileged context. + +### Minor Analysis Improvements + +* The `actions/unpinned-tag` query now analyzes composite action metadata (`action.yml`/`action.yaml` files) in addition to workflow files, providing more comprehensive detection of unpinned action references across the entire Actions ecosystem. + +### Bug Fixes + +* Fixed help file descriptions for queries: `actions/untrusted-checkout/critical`, `actions/untrusted-checkout/high`, `actions/untrusted-checkout/medium`. Previously the messages were unclear as to why and how the vulnerabilities could occur. diff --git a/actions/ql/src/codeql-pack.release.yml b/actions/ql/src/codeql-pack.release.yml index 0748b12112f0..90f3f09295a6 100644 --- a/actions/ql/src/codeql-pack.release.yml +++ b/actions/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.27 +lastReleaseVersion: 0.6.28 diff --git a/actions/ql/src/qlpack.yml b/actions/ql/src/qlpack.yml index 2c9811c780ad..894ba6fec690 100644 --- a/actions/ql/src/qlpack.yml +++ b/actions/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-queries -version: 0.6.28-dev +version: 0.6.28 library: false warnOnImplicitThis: true groups: [actions, queries] diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index 828b87791179..3b95c10fbb57 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 10.1.1 + +### Minor Analysis Improvements + +* The `RemoteFlowSourceFunction` model for `fscanf` (and variants) now implements `hasSocketInput` to reflect that these functions may read from a socket. + ## 10.1.0 ### New Features diff --git a/cpp/ql/lib/change-notes/2026-05-15-hasSocketInput-for-fscanf.md b/cpp/ql/lib/change-notes/released/10.1.1.md similarity index 64% rename from cpp/ql/lib/change-notes/2026-05-15-hasSocketInput-for-fscanf.md rename to cpp/ql/lib/change-notes/released/10.1.1.md index 842d52dd8bfd..f89a429fae6e 100644 --- a/cpp/ql/lib/change-notes/2026-05-15-hasSocketInput-for-fscanf.md +++ b/cpp/ql/lib/change-notes/released/10.1.1.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- -* The `RemoteFlowSourceFunction` model for `fscanf` (and variants) now implements `hasSocketInput` to reflect that these functions may read from a socket. \ No newline at end of file +## 10.1.1 + +### Minor Analysis Improvements + +* The `RemoteFlowSourceFunction` model for `fscanf` (and variants) now implements `hasSocketInput` to reflect that these functions may read from a socket. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index a85b2d36d7c5..940a668bbf36 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 10.1.0 +lastReleaseVersion: 10.1.1 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 88d4dafaebb1..dd55ebe6c3a4 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 10.1.1-dev +version: 10.1.1 groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index 3a9d4fae927b..901d20922831 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 1.6.3 + +### Minor Analysis Improvements + +* The 'Cleartext transmission of sensitive information' query (`cpp/cleartext-transmission`) no longer raises an alert on calls to `fscanf` (and variants) when the call reads from an "obviously local" `FILE` stream such as `stdin`. + ## 1.6.2 No user-facing changes. diff --git a/cpp/ql/src/change-notes/2026-05-15-cleartext-transmission-fp.md b/cpp/ql/src/change-notes/released/1.6.3.md similarity index 69% rename from cpp/ql/src/change-notes/2026-05-15-cleartext-transmission-fp.md rename to cpp/ql/src/change-notes/released/1.6.3.md index 6fcb3e1c88b2..bd2b7c9bdb1e 100644 --- a/cpp/ql/src/change-notes/2026-05-15-cleartext-transmission-fp.md +++ b/cpp/ql/src/change-notes/released/1.6.3.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- -* The 'Cleartext transmission of sensitive information' query (`cpp/cleartext-transmission`) no longer raises an alert on calls to `fscanf` (and variants) when the call reads from an "obviously local" `FILE` stream such as `stdin`. \ No newline at end of file +## 1.6.3 + +### Minor Analysis Improvements + +* The 'Cleartext transmission of sensitive information' query (`cpp/cleartext-transmission`) no longer raises an alert on calls to `fscanf` (and variants) when the call reads from an "obviously local" `FILE` stream such as `stdin`. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index 5f5beb68311a..00b51441d882 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.6.2 +lastReleaseVersion: 1.6.3 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index ddd0014f2e02..a57263b53fc5 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 1.6.3-dev +version: 1.6.3 groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index 4cb7b5569687..eefb35f174ad 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.67 + +No user-facing changes. + ## 1.7.66 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.67.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.67.md new file mode 100644 index 000000000000..6ae3bdfde833 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.67.md @@ -0,0 +1,3 @@ +## 1.7.67 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index 7d0a2c0bc078..0293fdade8f5 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.66 +lastReleaseVersion: 1.7.67 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index c5cfa0dcd89b..51b34483e1bf 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.67-dev +version: 1.7.67 groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index 4cb7b5569687..eefb35f174ad 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.67 + +No user-facing changes. + ## 1.7.66 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.67.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.67.md new file mode 100644 index 000000000000..6ae3bdfde833 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.67.md @@ -0,0 +1,3 @@ +## 1.7.67 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index 7d0a2c0bc078..0293fdade8f5 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.66 +lastReleaseVersion: 1.7.67 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index c9f0acac983d..81f347373c52 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.67-dev +version: 1.7.67 groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index 1d7f42a9075e..17fd83bcda76 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 6.0.1 + +No user-facing changes. + ## 6.0.0 ### Breaking Changes diff --git a/csharp/ql/lib/change-notes/released/6.0.1.md b/csharp/ql/lib/change-notes/released/6.0.1.md new file mode 100644 index 000000000000..35b17912c81a --- /dev/null +++ b/csharp/ql/lib/change-notes/released/6.0.1.md @@ -0,0 +1,3 @@ +## 6.0.1 + +No user-facing changes. diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index f8c4fa43ccb7..d1f3c68c8120 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 6.0.0 +lastReleaseVersion: 6.0.1 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 0e03db99ca91..1605a359ad80 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 6.0.1-dev +version: 6.0.1 groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index 32243acfb97f..8c4388fe2bb6 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.3 + +No user-facing changes. + ## 1.7.2 No user-facing changes. diff --git a/csharp/ql/src/change-notes/released/1.7.3.md b/csharp/ql/src/change-notes/released/1.7.3.md new file mode 100644 index 000000000000..a629082e2155 --- /dev/null +++ b/csharp/ql/src/change-notes/released/1.7.3.md @@ -0,0 +1,3 @@ +## 1.7.3 + +No user-facing changes. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index 39bbba86c198..9f9661b1e77a 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.2 +lastReleaseVersion: 1.7.3 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index de201743065f..84a1271fcad4 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 1.7.3-dev +version: 1.7.3 groups: - csharp - queries diff --git a/go/ql/consistency-queries/CHANGELOG.md b/go/ql/consistency-queries/CHANGELOG.md index a6b6055373af..512a5732ccd9 100644 --- a/go/ql/consistency-queries/CHANGELOG.md +++ b/go/ql/consistency-queries/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.50 + +No user-facing changes. + ## 1.0.49 No user-facing changes. diff --git a/go/ql/consistency-queries/change-notes/released/1.0.50.md b/go/ql/consistency-queries/change-notes/released/1.0.50.md new file mode 100644 index 000000000000..c1e5becd9fc7 --- /dev/null +++ b/go/ql/consistency-queries/change-notes/released/1.0.50.md @@ -0,0 +1,3 @@ +## 1.0.50 + +No user-facing changes. diff --git a/go/ql/consistency-queries/codeql-pack.release.yml b/go/ql/consistency-queries/codeql-pack.release.yml index 596617977df1..856137cc5db6 100644 --- a/go/ql/consistency-queries/codeql-pack.release.yml +++ b/go/ql/consistency-queries/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.49 +lastReleaseVersion: 1.0.50 diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index 49572c215bbd..a3f2fd4897a8 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 1.0.50-dev +version: 1.0.50 groups: - go - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index 5043d924be06..54afc3a977b8 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 7.1.1 + +No user-facing changes. + ## 7.1.0 ### New Features diff --git a/go/ql/lib/change-notes/released/7.1.1.md b/go/ql/lib/change-notes/released/7.1.1.md new file mode 100644 index 000000000000..849fd4da3283 --- /dev/null +++ b/go/ql/lib/change-notes/released/7.1.1.md @@ -0,0 +1,3 @@ +## 7.1.1 + +No user-facing changes. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index dcaaa76112a6..8e970df6cae3 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 7.1.0 +lastReleaseVersion: 7.1.1 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index 16ddb133517d..95fc95a0fc0a 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 7.1.1-dev +version: 7.1.1 groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index ddda5dc4829c..84d9ae7de593 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.6.3 + +No user-facing changes. + ## 1.6.2 No user-facing changes. diff --git a/go/ql/src/change-notes/released/1.6.3.md b/go/ql/src/change-notes/released/1.6.3.md new file mode 100644 index 000000000000..a000ecf70252 --- /dev/null +++ b/go/ql/src/change-notes/released/1.6.3.md @@ -0,0 +1,3 @@ +## 1.6.3 + +No user-facing changes. diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index 5f5beb68311a..00b51441d882 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.6.2 +lastReleaseVersion: 1.6.3 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index 5fdc63fe363d..df9d76530855 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 1.6.3-dev +version: 1.6.3 groups: - go - queries diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index 2187f00c3997..a6c0cfc278ad 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 9.1.1 + +### Minor Analysis Improvements + +* Introduced a new sink kind `path-injection[read]` for Models-as-Data rows that only read from a path (such as `ClassLoader.getResource`, `FileInputStream`, `FileReader`, `Files.readAllBytes`, and related APIs). The general `java/path-injection` query continues to consider both `path-injection` and `path-injection[read]` sinks. + ## 9.1.0 ### New Features diff --git a/java/ql/lib/change-notes/2026-04-21-path-injection-read-subkind.md b/java/ql/lib/change-notes/released/9.1.1.md similarity index 88% rename from java/ql/lib/change-notes/2026-04-21-path-injection-read-subkind.md rename to java/ql/lib/change-notes/released/9.1.1.md index bcd9479d2afd..e4681c58644d 100644 --- a/java/ql/lib/change-notes/2026-04-21-path-injection-read-subkind.md +++ b/java/ql/lib/change-notes/released/9.1.1.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 9.1.1 + +### Minor Analysis Improvements + * Introduced a new sink kind `path-injection[read]` for Models-as-Data rows that only read from a path (such as `ClassLoader.getResource`, `FileInputStream`, `FileReader`, `Files.readAllBytes`, and related APIs). The general `java/path-injection` query continues to consider both `path-injection` and `path-injection[read]` sinks. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index 83ec2b42fcdd..02e630d33846 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 9.1.0 +lastReleaseVersion: 9.1.1 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index e5ebb1d2131c..5f6482c1ae2b 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 9.1.1-dev +version: 9.1.1 groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index fd13cbdcf830..fbbc339797b2 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 1.11.3 + +### Minor Analysis Improvements + +* The `java/zipslip` query no longer reports archive entry names that flow only to read-only path sinks such as `ClassLoader.getResource`, `FileInputStream`, and `FileReader`. The query now restricts its sinks to the `path-injection` kind and deliberately excludes the new `path-injection[read]` sub-kind, matching the Zip Slip threat model of unsafe archive extraction. + ## 1.11.2 No user-facing changes. diff --git a/java/ql/src/change-notes/2026-04-21-zipslip-exclude-read-sinks.md b/java/ql/src/change-notes/released/1.11.3.md similarity index 89% rename from java/ql/src/change-notes/2026-04-21-zipslip-exclude-read-sinks.md rename to java/ql/src/change-notes/released/1.11.3.md index ee6889240526..02f6fe7f16c5 100644 --- a/java/ql/src/change-notes/2026-04-21-zipslip-exclude-read-sinks.md +++ b/java/ql/src/change-notes/released/1.11.3.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 1.11.3 + +### Minor Analysis Improvements + * The `java/zipslip` query no longer reports archive entry names that flow only to read-only path sinks such as `ClassLoader.getResource`, `FileInputStream`, and `FileReader`. The query now restricts its sinks to the `path-injection` kind and deliberately excludes the new `path-injection[read]` sub-kind, matching the Zip Slip threat model of unsafe archive extraction. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index 3e341cf85d52..220561dc648b 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.11.2 +lastReleaseVersion: 1.11.3 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index 3776af914c2c..1d3c3c5b7163 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 1.11.3-dev +version: 1.11.3 groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index 53708faed093..c201b3a4b134 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.7.1 + +No user-facing changes. + ## 2.7.0 ### New Features diff --git a/javascript/ql/lib/change-notes/released/2.7.1.md b/javascript/ql/lib/change-notes/released/2.7.1.md new file mode 100644 index 000000000000..e7c89e7954f9 --- /dev/null +++ b/javascript/ql/lib/change-notes/released/2.7.1.md @@ -0,0 +1,3 @@ +## 2.7.1 + +No user-facing changes. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index 6a6c87f537da..820fb65a5c74 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.7.0 +lastReleaseVersion: 2.7.1 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index 623a7f4db2f2..ff45431ce7a4 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 2.7.1-dev +version: 2.7.1 groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index 615c030de52a..1a69291d1453 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.3.10 + +No user-facing changes. + ## 2.3.9 No user-facing changes. diff --git a/javascript/ql/src/change-notes/released/2.3.10.md b/javascript/ql/src/change-notes/released/2.3.10.md new file mode 100644 index 000000000000..bc91b8aba456 --- /dev/null +++ b/javascript/ql/src/change-notes/released/2.3.10.md @@ -0,0 +1,3 @@ +## 2.3.10 + +No user-facing changes. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index 079eb5bfb0c3..a4a2f98d5094 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.3.9 +lastReleaseVersion: 2.3.10 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 593c00324664..ad653e83497a 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 2.3.10-dev +version: 2.3.10 groups: - javascript - queries diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md index d6d070a91bb9..8e20945c6bfd 100644 --- a/misc/suite-helpers/CHANGELOG.md +++ b/misc/suite-helpers/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.50 + +No user-facing changes. + ## 1.0.49 No user-facing changes. diff --git a/misc/suite-helpers/change-notes/released/1.0.50.md b/misc/suite-helpers/change-notes/released/1.0.50.md new file mode 100644 index 000000000000..c1e5becd9fc7 --- /dev/null +++ b/misc/suite-helpers/change-notes/released/1.0.50.md @@ -0,0 +1,3 @@ +## 1.0.50 + +No user-facing changes. diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml index 596617977df1..856137cc5db6 100644 --- a/misc/suite-helpers/codeql-pack.release.yml +++ b/misc/suite-helpers/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.49 +lastReleaseVersion: 1.0.50 diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index 802112d0fc81..4d751d815ec5 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 1.0.50-dev +version: 1.0.50 groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index 8ede35e9bdc6..3d09821803b5 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 7.1.1 + +No user-facing changes. + ## 7.1.0 ### New Features diff --git a/python/ql/lib/change-notes/released/7.1.1.md b/python/ql/lib/change-notes/released/7.1.1.md new file mode 100644 index 000000000000..849fd4da3283 --- /dev/null +++ b/python/ql/lib/change-notes/released/7.1.1.md @@ -0,0 +1,3 @@ +## 7.1.1 + +No user-facing changes. diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index dcaaa76112a6..8e970df6cae3 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 7.1.0 +lastReleaseVersion: 7.1.1 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index 724d270b4e87..826b35068691 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 7.1.1-dev +version: 7.1.1 groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index 8676d754d015..544b9778d4dd 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.8.3 + +No user-facing changes. + ## 1.8.2 No user-facing changes. diff --git a/python/ql/src/change-notes/released/1.8.3.md b/python/ql/src/change-notes/released/1.8.3.md new file mode 100644 index 000000000000..5b25a447c302 --- /dev/null +++ b/python/ql/src/change-notes/released/1.8.3.md @@ -0,0 +1,3 @@ +## 1.8.3 + +No user-facing changes. diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index 559af8348bb0..8071ef421ab4 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.8.2 +lastReleaseVersion: 1.8.3 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index 0544fddc168f..ee265ad65e9f 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 1.8.3-dev +version: 1.8.3 groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index e8dd84283c66..07859d0f0e6a 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 5.2.1 + +No user-facing changes. + ## 5.2.0 ### New Features diff --git a/ruby/ql/lib/change-notes/released/5.2.1.md b/ruby/ql/lib/change-notes/released/5.2.1.md new file mode 100644 index 000000000000..8d65db4e16d0 --- /dev/null +++ b/ruby/ql/lib/change-notes/released/5.2.1.md @@ -0,0 +1,3 @@ +## 5.2.1 + +No user-facing changes. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index 9e57a36a7dce..1684d0e72a28 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 5.2.0 +lastReleaseVersion: 5.2.1 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index cfdaf454426f..29c765d88eef 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 5.2.1-dev +version: 5.2.1 groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index 927a40e596db..c874059c1510 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.6.3 + +No user-facing changes. + ## 1.6.2 No user-facing changes. diff --git a/ruby/ql/src/change-notes/released/1.6.3.md b/ruby/ql/src/change-notes/released/1.6.3.md new file mode 100644 index 000000000000..a000ecf70252 --- /dev/null +++ b/ruby/ql/src/change-notes/released/1.6.3.md @@ -0,0 +1,3 @@ +## 1.6.3 + +No user-facing changes. diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index 5f5beb68311a..00b51441d882 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.6.2 +lastReleaseVersion: 1.6.3 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index beaf92c0d8a3..a745eae0790a 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 1.6.3-dev +version: 1.6.3 groups: - ruby - queries diff --git a/rust/ql/lib/CHANGELOG.md b/rust/ql/lib/CHANGELOG.md index 30ae7d73b67f..d85d27d88d67 100644 --- a/rust/ql/lib/CHANGELOG.md +++ b/rust/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.14 + +No user-facing changes. + ## 0.2.13 ### New Features diff --git a/rust/ql/lib/change-notes/released/0.2.14.md b/rust/ql/lib/change-notes/released/0.2.14.md new file mode 100644 index 000000000000..f2d005e62853 --- /dev/null +++ b/rust/ql/lib/change-notes/released/0.2.14.md @@ -0,0 +1,3 @@ +## 0.2.14 + +No user-facing changes. diff --git a/rust/ql/lib/codeql-pack.release.yml b/rust/ql/lib/codeql-pack.release.yml index 979eb20092e9..c53820a76d54 100644 --- a/rust/ql/lib/codeql-pack.release.yml +++ b/rust/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.13 +lastReleaseVersion: 0.2.14 diff --git a/rust/ql/lib/qlpack.yml b/rust/ql/lib/qlpack.yml index 47f846eb02b0..03f5418863c8 100644 --- a/rust/ql/lib/qlpack.yml +++ b/rust/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-all -version: 0.2.14-dev +version: 0.2.14 groups: rust extractor: rust dbscheme: rust.dbscheme diff --git a/rust/ql/src/CHANGELOG.md b/rust/ql/src/CHANGELOG.md index 4b735337c908..ad1e8ef3bfe4 100644 --- a/rust/ql/src/CHANGELOG.md +++ b/rust/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.35 + +No user-facing changes. + ## 0.1.34 No user-facing changes. diff --git a/rust/ql/src/change-notes/released/0.1.35.md b/rust/ql/src/change-notes/released/0.1.35.md new file mode 100644 index 000000000000..5ac57c1d9776 --- /dev/null +++ b/rust/ql/src/change-notes/released/0.1.35.md @@ -0,0 +1,3 @@ +## 0.1.35 + +No user-facing changes. diff --git a/rust/ql/src/codeql-pack.release.yml b/rust/ql/src/codeql-pack.release.yml index a1d4333b19bf..6a5806eec2bf 100644 --- a/rust/ql/src/codeql-pack.release.yml +++ b/rust/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.34 +lastReleaseVersion: 0.1.35 diff --git a/rust/ql/src/qlpack.yml b/rust/ql/src/qlpack.yml index ec76e8f1265b..1de0db6c3454 100644 --- a/rust/ql/src/qlpack.yml +++ b/rust/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-queries -version: 0.1.35-dev +version: 0.1.35 groups: - rust - queries diff --git a/shared/concepts/CHANGELOG.md b/shared/concepts/CHANGELOG.md index 59942922ea09..e2de29754550 100644 --- a/shared/concepts/CHANGELOG.md +++ b/shared/concepts/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.24 + +No user-facing changes. + ## 0.0.23 No user-facing changes. diff --git a/shared/concepts/change-notes/released/0.0.24.md b/shared/concepts/change-notes/released/0.0.24.md new file mode 100644 index 000000000000..84995db2aff6 --- /dev/null +++ b/shared/concepts/change-notes/released/0.0.24.md @@ -0,0 +1,3 @@ +## 0.0.24 + +No user-facing changes. diff --git a/shared/concepts/codeql-pack.release.yml b/shared/concepts/codeql-pack.release.yml index cc2195603d84..b956773a07f5 100644 --- a/shared/concepts/codeql-pack.release.yml +++ b/shared/concepts/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.23 +lastReleaseVersion: 0.0.24 diff --git a/shared/concepts/qlpack.yml b/shared/concepts/qlpack.yml index 6943387bae25..a56c1d8efb2d 100644 --- a/shared/concepts/qlpack.yml +++ b/shared/concepts/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/concepts -version: 0.0.24-dev +version: 0.0.24 groups: shared library: true dependencies: diff --git a/shared/controlflow/CHANGELOG.md b/shared/controlflow/CHANGELOG.md index 9c6d7c09d178..dc02f115c998 100644 --- a/shared/controlflow/CHANGELOG.md +++ b/shared/controlflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.34 + +No user-facing changes. + ## 2.0.33 No user-facing changes. diff --git a/shared/controlflow/change-notes/released/2.0.34.md b/shared/controlflow/change-notes/released/2.0.34.md new file mode 100644 index 000000000000..fd170d38ce6d --- /dev/null +++ b/shared/controlflow/change-notes/released/2.0.34.md @@ -0,0 +1,3 @@ +## 2.0.34 + +No user-facing changes. diff --git a/shared/controlflow/codeql-pack.release.yml b/shared/controlflow/codeql-pack.release.yml index 92e23200b4d6..339a3ce7c57a 100644 --- a/shared/controlflow/codeql-pack.release.yml +++ b/shared/controlflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.33 +lastReleaseVersion: 2.0.34 diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index 7fbe2fd4ea99..e96e7aa69a28 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 2.0.34-dev +version: 2.0.34 groups: shared library: true dependencies: diff --git a/shared/dataflow/CHANGELOG.md b/shared/dataflow/CHANGELOG.md index 9e4ca0a0ea81..7ecbeda3b216 100644 --- a/shared/dataflow/CHANGELOG.md +++ b/shared/dataflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.1.6 + +No user-facing changes. + ## 2.1.5 No user-facing changes. diff --git a/shared/dataflow/change-notes/released/2.1.6.md b/shared/dataflow/change-notes/released/2.1.6.md new file mode 100644 index 000000000000..39543a53672f --- /dev/null +++ b/shared/dataflow/change-notes/released/2.1.6.md @@ -0,0 +1,3 @@ +## 2.1.6 + +No user-facing changes. diff --git a/shared/dataflow/codeql-pack.release.yml b/shared/dataflow/codeql-pack.release.yml index a890ff0111c9..1c810b60c4a3 100644 --- a/shared/dataflow/codeql-pack.release.yml +++ b/shared/dataflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.1.5 +lastReleaseVersion: 2.1.6 diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index 34336f4c3221..e599587f88ae 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 2.1.6-dev +version: 2.1.6 groups: shared library: true dependencies: diff --git a/shared/mad/CHANGELOG.md b/shared/mad/CHANGELOG.md index 5d5551d10a36..964c1bb1d98e 100644 --- a/shared/mad/CHANGELOG.md +++ b/shared/mad/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.50 + +No user-facing changes. + ## 1.0.49 No user-facing changes. diff --git a/shared/mad/change-notes/released/1.0.50.md b/shared/mad/change-notes/released/1.0.50.md new file mode 100644 index 000000000000..c1e5becd9fc7 --- /dev/null +++ b/shared/mad/change-notes/released/1.0.50.md @@ -0,0 +1,3 @@ +## 1.0.50 + +No user-facing changes. diff --git a/shared/mad/codeql-pack.release.yml b/shared/mad/codeql-pack.release.yml index 596617977df1..856137cc5db6 100644 --- a/shared/mad/codeql-pack.release.yml +++ b/shared/mad/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.49 +lastReleaseVersion: 1.0.50 diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index 5631fbf1a734..60567e24cb42 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 1.0.50-dev +version: 1.0.50 groups: shared library: true dependencies: diff --git a/shared/quantum/CHANGELOG.md b/shared/quantum/CHANGELOG.md index be06e2108a8a..7153b9314b18 100644 --- a/shared/quantum/CHANGELOG.md +++ b/shared/quantum/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.28 + +No user-facing changes. + ## 0.0.27 No user-facing changes. diff --git a/shared/quantum/change-notes/released/0.0.28.md b/shared/quantum/change-notes/released/0.0.28.md new file mode 100644 index 000000000000..1b4fdd478196 --- /dev/null +++ b/shared/quantum/change-notes/released/0.0.28.md @@ -0,0 +1,3 @@ +## 0.0.28 + +No user-facing changes. diff --git a/shared/quantum/codeql-pack.release.yml b/shared/quantum/codeql-pack.release.yml index dbab90d69898..3462db7d348f 100644 --- a/shared/quantum/codeql-pack.release.yml +++ b/shared/quantum/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.27 +lastReleaseVersion: 0.0.28 diff --git a/shared/quantum/qlpack.yml b/shared/quantum/qlpack.yml index 794f238b6e90..58005b74255a 100644 --- a/shared/quantum/qlpack.yml +++ b/shared/quantum/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/quantum -version: 0.0.28-dev +version: 0.0.28 groups: shared library: true dependencies: diff --git a/shared/rangeanalysis/CHANGELOG.md b/shared/rangeanalysis/CHANGELOG.md index 8b457ef59270..e2a893046c95 100644 --- a/shared/rangeanalysis/CHANGELOG.md +++ b/shared/rangeanalysis/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.50 + +No user-facing changes. + ## 1.0.49 No user-facing changes. diff --git a/shared/rangeanalysis/change-notes/released/1.0.50.md b/shared/rangeanalysis/change-notes/released/1.0.50.md new file mode 100644 index 000000000000..c1e5becd9fc7 --- /dev/null +++ b/shared/rangeanalysis/change-notes/released/1.0.50.md @@ -0,0 +1,3 @@ +## 1.0.50 + +No user-facing changes. diff --git a/shared/rangeanalysis/codeql-pack.release.yml b/shared/rangeanalysis/codeql-pack.release.yml index 596617977df1..856137cc5db6 100644 --- a/shared/rangeanalysis/codeql-pack.release.yml +++ b/shared/rangeanalysis/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.49 +lastReleaseVersion: 1.0.50 diff --git a/shared/rangeanalysis/qlpack.yml b/shared/rangeanalysis/qlpack.yml index e43819bf36ee..5a61b8d5eb91 100644 --- a/shared/rangeanalysis/qlpack.yml +++ b/shared/rangeanalysis/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rangeanalysis -version: 1.0.50-dev +version: 1.0.50 groups: shared library: true dependencies: diff --git a/shared/regex/CHANGELOG.md b/shared/regex/CHANGELOG.md index 639cede00af6..bb83dfc0a1ff 100644 --- a/shared/regex/CHANGELOG.md +++ b/shared/regex/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.50 + +No user-facing changes. + ## 1.0.49 No user-facing changes. diff --git a/shared/regex/change-notes/released/1.0.50.md b/shared/regex/change-notes/released/1.0.50.md new file mode 100644 index 000000000000..c1e5becd9fc7 --- /dev/null +++ b/shared/regex/change-notes/released/1.0.50.md @@ -0,0 +1,3 @@ +## 1.0.50 + +No user-facing changes. diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml index 596617977df1..856137cc5db6 100644 --- a/shared/regex/codeql-pack.release.yml +++ b/shared/regex/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.49 +lastReleaseVersion: 1.0.50 diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index 242382c6a1f3..a3c25f8f13e0 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 1.0.50-dev +version: 1.0.50 groups: shared library: true dependencies: diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md index 9cfbb004657b..f9145f2c88b7 100644 --- a/shared/ssa/CHANGELOG.md +++ b/shared/ssa/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.26 + +No user-facing changes. + ## 2.0.25 No user-facing changes. diff --git a/shared/ssa/change-notes/released/2.0.26.md b/shared/ssa/change-notes/released/2.0.26.md new file mode 100644 index 000000000000..9b1fe95f5774 --- /dev/null +++ b/shared/ssa/change-notes/released/2.0.26.md @@ -0,0 +1,3 @@ +## 2.0.26 + +No user-facing changes. diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml index f54d86201189..63d57bef4816 100644 --- a/shared/ssa/codeql-pack.release.yml +++ b/shared/ssa/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.25 +lastReleaseVersion: 2.0.26 diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index 9e510c43dd0c..1ddb7e74af22 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 2.0.26-dev +version: 2.0.26 groups: shared library: true dependencies: diff --git a/shared/threat-models/CHANGELOG.md b/shared/threat-models/CHANGELOG.md index a6b6055373af..512a5732ccd9 100644 --- a/shared/threat-models/CHANGELOG.md +++ b/shared/threat-models/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.50 + +No user-facing changes. + ## 1.0.49 No user-facing changes. diff --git a/shared/threat-models/change-notes/released/1.0.50.md b/shared/threat-models/change-notes/released/1.0.50.md new file mode 100644 index 000000000000..c1e5becd9fc7 --- /dev/null +++ b/shared/threat-models/change-notes/released/1.0.50.md @@ -0,0 +1,3 @@ +## 1.0.50 + +No user-facing changes. diff --git a/shared/threat-models/codeql-pack.release.yml b/shared/threat-models/codeql-pack.release.yml index 596617977df1..856137cc5db6 100644 --- a/shared/threat-models/codeql-pack.release.yml +++ b/shared/threat-models/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.49 +lastReleaseVersion: 1.0.50 diff --git a/shared/threat-models/qlpack.yml b/shared/threat-models/qlpack.yml index 14e33e435d13..2473e135f4d6 100644 --- a/shared/threat-models/qlpack.yml +++ b/shared/threat-models/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/threat-models -version: 1.0.50-dev +version: 1.0.50 library: true groups: shared dataExtensions: diff --git a/shared/tutorial/CHANGELOG.md b/shared/tutorial/CHANGELOG.md index 5fcacc0b8b5b..c98a035d149e 100644 --- a/shared/tutorial/CHANGELOG.md +++ b/shared/tutorial/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.50 + +No user-facing changes. + ## 1.0.49 No user-facing changes. diff --git a/shared/tutorial/change-notes/released/1.0.50.md b/shared/tutorial/change-notes/released/1.0.50.md new file mode 100644 index 000000000000..c1e5becd9fc7 --- /dev/null +++ b/shared/tutorial/change-notes/released/1.0.50.md @@ -0,0 +1,3 @@ +## 1.0.50 + +No user-facing changes. diff --git a/shared/tutorial/codeql-pack.release.yml b/shared/tutorial/codeql-pack.release.yml index 596617977df1..856137cc5db6 100644 --- a/shared/tutorial/codeql-pack.release.yml +++ b/shared/tutorial/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.49 +lastReleaseVersion: 1.0.50 diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index 10b77ca04381..fa05472a305c 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 1.0.50-dev +version: 1.0.50 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typeflow/CHANGELOG.md b/shared/typeflow/CHANGELOG.md index fbfdb4311615..de43834a84e7 100644 --- a/shared/typeflow/CHANGELOG.md +++ b/shared/typeflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.50 + +No user-facing changes. + ## 1.0.49 No user-facing changes. diff --git a/shared/typeflow/change-notes/released/1.0.50.md b/shared/typeflow/change-notes/released/1.0.50.md new file mode 100644 index 000000000000..c1e5becd9fc7 --- /dev/null +++ b/shared/typeflow/change-notes/released/1.0.50.md @@ -0,0 +1,3 @@ +## 1.0.50 + +No user-facing changes. diff --git a/shared/typeflow/codeql-pack.release.yml b/shared/typeflow/codeql-pack.release.yml index 596617977df1..856137cc5db6 100644 --- a/shared/typeflow/codeql-pack.release.yml +++ b/shared/typeflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.49 +lastReleaseVersion: 1.0.50 diff --git a/shared/typeflow/qlpack.yml b/shared/typeflow/qlpack.yml index 9301be5228f9..fe6ae27a1d1a 100644 --- a/shared/typeflow/qlpack.yml +++ b/shared/typeflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeflow -version: 1.0.50-dev +version: 1.0.50 groups: shared library: true dependencies: diff --git a/shared/typeinference/CHANGELOG.md b/shared/typeinference/CHANGELOG.md index 1652285654aa..3bbb96e59a9a 100644 --- a/shared/typeinference/CHANGELOG.md +++ b/shared/typeinference/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.31 + +No user-facing changes. + ## 0.0.30 No user-facing changes. diff --git a/shared/typeinference/change-notes/released/0.0.31.md b/shared/typeinference/change-notes/released/0.0.31.md new file mode 100644 index 000000000000..99e11d52c92a --- /dev/null +++ b/shared/typeinference/change-notes/released/0.0.31.md @@ -0,0 +1,3 @@ +## 0.0.31 + +No user-facing changes. diff --git a/shared/typeinference/codeql-pack.release.yml b/shared/typeinference/codeql-pack.release.yml index 0c61b463bab3..54b504d06ecb 100644 --- a/shared/typeinference/codeql-pack.release.yml +++ b/shared/typeinference/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.30 +lastReleaseVersion: 0.0.31 diff --git a/shared/typeinference/qlpack.yml b/shared/typeinference/qlpack.yml index 1db3c0e95acc..dfefd717254b 100644 --- a/shared/typeinference/qlpack.yml +++ b/shared/typeinference/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeinference -version: 0.0.31-dev +version: 0.0.31 groups: shared library: true dependencies: diff --git a/shared/typetracking/CHANGELOG.md b/shared/typetracking/CHANGELOG.md index ecdded5ceda8..313862d5bc72 100644 --- a/shared/typetracking/CHANGELOG.md +++ b/shared/typetracking/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.34 + +No user-facing changes. + ## 2.0.33 No user-facing changes. diff --git a/shared/typetracking/change-notes/released/2.0.34.md b/shared/typetracking/change-notes/released/2.0.34.md new file mode 100644 index 000000000000..fd170d38ce6d --- /dev/null +++ b/shared/typetracking/change-notes/released/2.0.34.md @@ -0,0 +1,3 @@ +## 2.0.34 + +No user-facing changes. diff --git a/shared/typetracking/codeql-pack.release.yml b/shared/typetracking/codeql-pack.release.yml index 92e23200b4d6..339a3ce7c57a 100644 --- a/shared/typetracking/codeql-pack.release.yml +++ b/shared/typetracking/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.33 +lastReleaseVersion: 2.0.34 diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index 436b35815f01..905cc886823a 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 2.0.34-dev +version: 2.0.34 groups: shared library: true dependencies: diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md index 617fa5638b45..5838cd3c5355 100644 --- a/shared/typos/CHANGELOG.md +++ b/shared/typos/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.50 + +No user-facing changes. + ## 1.0.49 No user-facing changes. diff --git a/shared/typos/change-notes/released/1.0.50.md b/shared/typos/change-notes/released/1.0.50.md new file mode 100644 index 000000000000..c1e5becd9fc7 --- /dev/null +++ b/shared/typos/change-notes/released/1.0.50.md @@ -0,0 +1,3 @@ +## 1.0.50 + +No user-facing changes. diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml index 596617977df1..856137cc5db6 100644 --- a/shared/typos/codeql-pack.release.yml +++ b/shared/typos/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.49 +lastReleaseVersion: 1.0.50 diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index 4057cfb57844..65791cd6efdf 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 1.0.50-dev +version: 1.0.50 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/CHANGELOG.md b/shared/util/CHANGELOG.md index 51488029e964..24a4f7d09a29 100644 --- a/shared/util/CHANGELOG.md +++ b/shared/util/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.37 + +No user-facing changes. + ## 2.0.36 No user-facing changes. diff --git a/shared/util/change-notes/released/2.0.37.md b/shared/util/change-notes/released/2.0.37.md new file mode 100644 index 000000000000..7d0b67a34af0 --- /dev/null +++ b/shared/util/change-notes/released/2.0.37.md @@ -0,0 +1,3 @@ +## 2.0.37 + +No user-facing changes. diff --git a/shared/util/codeql-pack.release.yml b/shared/util/codeql-pack.release.yml index 7e4aaa0dd676..108259a74002 100644 --- a/shared/util/codeql-pack.release.yml +++ b/shared/util/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.36 +lastReleaseVersion: 2.0.37 diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index cff240056a43..d7dd7255df0c 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 2.0.37-dev +version: 2.0.37 groups: shared library: true dependencies: null diff --git a/shared/xml/CHANGELOG.md b/shared/xml/CHANGELOG.md index 9f60f66ff728..96dfbcadf568 100644 --- a/shared/xml/CHANGELOG.md +++ b/shared/xml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.50 + +No user-facing changes. + ## 1.0.49 No user-facing changes. diff --git a/shared/xml/change-notes/released/1.0.50.md b/shared/xml/change-notes/released/1.0.50.md new file mode 100644 index 000000000000..c1e5becd9fc7 --- /dev/null +++ b/shared/xml/change-notes/released/1.0.50.md @@ -0,0 +1,3 @@ +## 1.0.50 + +No user-facing changes. diff --git a/shared/xml/codeql-pack.release.yml b/shared/xml/codeql-pack.release.yml index 596617977df1..856137cc5db6 100644 --- a/shared/xml/codeql-pack.release.yml +++ b/shared/xml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.49 +lastReleaseVersion: 1.0.50 diff --git a/shared/xml/qlpack.yml b/shared/xml/qlpack.yml index 748ac73e0f8d..8de2d725b225 100644 --- a/shared/xml/qlpack.yml +++ b/shared/xml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/xml -version: 1.0.50-dev +version: 1.0.50 groups: shared library: true dependencies: diff --git a/shared/yaml/CHANGELOG.md b/shared/yaml/CHANGELOG.md index a13e3308874d..e006acbeb214 100644 --- a/shared/yaml/CHANGELOG.md +++ b/shared/yaml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.50 + +No user-facing changes. + ## 1.0.49 No user-facing changes. diff --git a/shared/yaml/change-notes/released/1.0.50.md b/shared/yaml/change-notes/released/1.0.50.md new file mode 100644 index 000000000000..c1e5becd9fc7 --- /dev/null +++ b/shared/yaml/change-notes/released/1.0.50.md @@ -0,0 +1,3 @@ +## 1.0.50 + +No user-facing changes. diff --git a/shared/yaml/codeql-pack.release.yml b/shared/yaml/codeql-pack.release.yml index 596617977df1..856137cc5db6 100644 --- a/shared/yaml/codeql-pack.release.yml +++ b/shared/yaml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.49 +lastReleaseVersion: 1.0.50 diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index 54d582bb9fab..6c817def5005 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 1.0.50-dev +version: 1.0.50 groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/CHANGELOG.md b/swift/ql/lib/CHANGELOG.md index e7979dbf0ed4..01461fd5bfeb 100644 --- a/swift/ql/lib/CHANGELOG.md +++ b/swift/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 6.6.0 + +### New Features + +* The `TypeDecl` class now defines a `getDeclaredInterfaceType` predicate, which yields the declared interface type of the type declaration. + ## 6.5.0 ### New Features diff --git a/swift/ql/lib/change-notes/2026-05-11-declared-interface-type.md b/swift/ql/lib/change-notes/released/6.6.0.md similarity index 83% rename from swift/ql/lib/change-notes/2026-05-11-declared-interface-type.md rename to swift/ql/lib/change-notes/released/6.6.0.md index c62130ee099a..98de23680a32 100644 --- a/swift/ql/lib/change-notes/2026-05-11-declared-interface-type.md +++ b/swift/ql/lib/change-notes/released/6.6.0.md @@ -1,4 +1,5 @@ ---- -category: feature ---- +## 6.6.0 + +### New Features + * The `TypeDecl` class now defines a `getDeclaredInterfaceType` predicate, which yields the declared interface type of the type declaration. diff --git a/swift/ql/lib/codeql-pack.release.yml b/swift/ql/lib/codeql-pack.release.yml index 2813c8e210f0..4d7f31f2d8e2 100644 --- a/swift/ql/lib/codeql-pack.release.yml +++ b/swift/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 6.5.0 +lastReleaseVersion: 6.6.0 diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index 921af77ca70c..e1d436bb7f6a 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 6.5.1-dev +version: 6.6.0 groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/CHANGELOG.md b/swift/ql/src/CHANGELOG.md index f7b811010377..4bd8088718a6 100644 --- a/swift/ql/src/CHANGELOG.md +++ b/swift/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.3.3 + +No user-facing changes. + ## 1.3.2 No user-facing changes. diff --git a/swift/ql/src/change-notes/released/1.3.3.md b/swift/ql/src/change-notes/released/1.3.3.md new file mode 100644 index 000000000000..27a88ea0061a --- /dev/null +++ b/swift/ql/src/change-notes/released/1.3.3.md @@ -0,0 +1,3 @@ +## 1.3.3 + +No user-facing changes. diff --git a/swift/ql/src/codeql-pack.release.yml b/swift/ql/src/codeql-pack.release.yml index 86a9cb32d86b..eb1f7dabc842 100644 --- a/swift/ql/src/codeql-pack.release.yml +++ b/swift/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.3.2 +lastReleaseVersion: 1.3.3 diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index 5354c5ee4d5f..e3e90856f70a 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 1.3.3-dev +version: 1.3.3 groups: - swift - queries From 16235d7acaefbca3b811490b9b061e58fb25c08e Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Mon, 18 May 2026 13:20:31 +0100 Subject: [PATCH 05/27] C++: Add a 'call' column to 'hasRemoteFlowSource' and 'hasLocalFlowSource' to support modeling of 'scanf_s'. --- .../code/cpp/models/implementations/Scanf.qll | 22 ++++++++++++----- .../code/cpp/models/interfaces/FlowSource.qll | 24 +++++++++++++++++-- .../semmle/code/cpp/security/FlowSources.qll | 5 ++-- .../CWE/CWE-020/ExternalAPIsSpecific.qll | 5 +--- .../CWE/CWE-311/CleartextTransmission.ql | 3 +-- 5 files changed, 42 insertions(+), 17 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/Scanf.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/Scanf.qll index f1b3edbe3370..d7efc44afb58 100644 --- a/cpp/ql/lib/semmle/code/cpp/models/implementations/Scanf.qll +++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/Scanf.qll @@ -69,13 +69,24 @@ abstract private class ScanfFunctionModel extends ArrayFunction, TaintFunction, } } +private predicate hasFlowSource( + ScanfFunction func, ScanfFunctionCall call, FunctionOutput output, string description +) { + exists(int n, Expr arg | + call.getScanfFunction() = func and + call.getOutputArgument(_) = arg and + call.getArgument(n) = arg and + output.isParameterDeref(n) and + description = "value read by " + func.getName() + ) +} + /** * The standard function `scanf` and its assorted variants */ private class ScanfModel extends ScanfFunctionModel, LocalFlowSourceFunction instanceof Scanf { - override predicate hasLocalFlowSource(FunctionOutput output, string description) { - output.isParameterDeref(any(int i | i >= this.getArgsStartPosition())) and - description = "value read by " + this.getName() + override predicate hasLocalFlowSource(Call call, FunctionOutput output, string description) { + hasFlowSource(this, call, output, description) } } @@ -83,9 +94,8 @@ private class ScanfModel extends ScanfFunctionModel, LocalFlowSourceFunction ins * The standard function `fscanf` and its assorted variants */ private class FscanfModel extends ScanfFunctionModel, RemoteFlowSourceFunction instanceof Fscanf { - override predicate hasRemoteFlowSource(FunctionOutput output, string description) { - output.isParameterDeref(any(int i | i >= this.getArgsStartPosition())) and - description = "value read by " + this.getName() + override predicate hasRemoteFlowSource(Call call, FunctionOutput output, string description) { + hasFlowSource(this, call, output, description) } override predicate hasSocketInput(FunctionInput input) { diff --git a/cpp/ql/lib/semmle/code/cpp/models/interfaces/FlowSource.qll b/cpp/ql/lib/semmle/code/cpp/models/interfaces/FlowSource.qll index d2103f83bc0e..cf28fd0d6d30 100644 --- a/cpp/ql/lib/semmle/code/cpp/models/interfaces/FlowSource.qll +++ b/cpp/ql/lib/semmle/code/cpp/models/interfaces/FlowSource.qll @@ -18,7 +18,17 @@ abstract class RemoteFlowSourceFunction extends Function { /** * Holds if remote data described by `description` flows from `output` of a call to this function. */ - abstract predicate hasRemoteFlowSource(FunctionOutput output, string description); + predicate hasRemoteFlowSource(FunctionOutput output, string description) { + this.hasRemoteFlowSource(_, output, description) + } + + /** + * Holds if remote data described by `description` flows from `output` of `call` to this function. + */ + predicate hasRemoteFlowSource(Call call, FunctionOutput output, string description) { + call.getTarget() = this and + this.hasRemoteFlowSource(output, description) + } /** * Holds if remote data from this source comes from a socket or stream @@ -35,7 +45,17 @@ abstract class LocalFlowSourceFunction extends Function { /** * Holds if data described by `description` flows from `output` of a call to this function. */ - abstract predicate hasLocalFlowSource(FunctionOutput output, string description); + predicate hasLocalFlowSource(FunctionOutput output, string description) { + this.hasLocalFlowSource(_, output, description) + } + + /** + * Holds if data described by `description` flows from `output` of `call` to this function. + */ + predicate hasLocalFlowSource(Call call, FunctionOutput output, string description) { + call.getTarget() = this and + this.hasLocalFlowSource(output, description) + } } /** A library function that sends data over a network connection. */ diff --git a/cpp/ql/lib/semmle/code/cpp/security/FlowSources.qll b/cpp/ql/lib/semmle/code/cpp/security/FlowSources.qll index eba6f9339ffe..33695fdd51ab 100644 --- a/cpp/ql/lib/semmle/code/cpp/security/FlowSources.qll +++ b/cpp/ql/lib/semmle/code/cpp/security/FlowSources.qll @@ -28,8 +28,7 @@ private class RemoteModelSource extends RemoteFlowSource { RemoteModelSource() { exists(CallInstruction call, RemoteFlowSourceFunction func, FunctionOutput output | - call.getStaticCallTarget() = func and - func.hasRemoteFlowSource(output, sourceType) and + func.hasRemoteFlowSource(call.getConvertedResultExpression(), output, sourceType) and this = callOutput(call, output) ) } @@ -46,7 +45,7 @@ private class LocalModelSource extends LocalFlowSource { LocalModelSource() { exists(CallInstruction call, LocalFlowSourceFunction func, FunctionOutput output | call.getStaticCallTarget() = func and - func.hasLocalFlowSource(output, sourceType) and + func.hasLocalFlowSource(call.getConvertedResultExpression(), output, sourceType) and this = callOutput(call, output) ) } diff --git a/cpp/ql/src/Security/CWE/CWE-020/ExternalAPIsSpecific.qll b/cpp/ql/src/Security/CWE/CWE-020/ExternalAPIsSpecific.qll index f0876800874c..f98b295cb74e 100644 --- a/cpp/ql/src/Security/CWE/CWE-020/ExternalAPIsSpecific.qll +++ b/cpp/ql/src/Security/CWE/CWE-020/ExternalAPIsSpecific.qll @@ -44,10 +44,7 @@ class ExternalApiDataNode extends DataFlow::Node { /** A configuration for tracking flow from `RemoteFlowSource`s to `ExternalApiDataNode`s. */ private module UntrustedDataToExternalApiConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { - exists(RemoteFlowSourceFunction remoteFlow | - remoteFlow = source.asExpr().(Call).getTarget() and - remoteFlow.hasRemoteFlowSource(_, _) - ) + any(RemoteFlowSourceFunction remoteFlow).hasRemoteFlowSource(source.asExpr(), _, _) } predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode } diff --git a/cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql b/cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql index 392650022e20..207aec189b2e 100644 --- a/cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql +++ b/cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql @@ -94,9 +94,8 @@ class Recv extends SendRecv instanceof RemoteFlowSourceFunction { } override Expr getDataExpr(Call call) { - call.getTarget() = this and exists(FunctionOutput output, int arg | - super.hasRemoteFlowSource(output, _) and + super.hasRemoteFlowSource(call, output, _) and output.isParameterDeref(arg) and result = call.getArgument(arg) ) From 5add24be59bd1f35d33a304da0aad5f553f8f3e3 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 14 May 2026 18:38:34 +0100 Subject: [PATCH 06/27] C++: Add scanf_s models. --- cpp/ql/lib/semmle/code/cpp/commons/Scanf.qll | 8 +++++++- .../source-sink-tests/sources-and-sinks.cpp | 18 +++++++++--------- .../scanf/scanfFormatLiteral.expected | 3 +++ .../scanf/scanfFunctionCall.expected | 1 + .../scanf/scanfFunctionCallOutput.expected | 4 ++++ 5 files changed, 24 insertions(+), 10 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/commons/Scanf.qll b/cpp/ql/lib/semmle/code/cpp/commons/Scanf.qll index 98280a522cfd..b5d6bcc9de80 100644 --- a/cpp/ql/lib/semmle/code/cpp/commons/Scanf.qll +++ b/cpp/ql/lib/semmle/code/cpp/commons/Scanf.qll @@ -34,6 +34,7 @@ class Scanf extends ScanfFunction instanceof TopLevelFunction { Scanf() { this.hasGlobalOrStdOrBslName("scanf") or // scanf(format, args...) this.hasGlobalOrStdOrBslName("wscanf") or // wscanf(format, args...) + this.hasGlobalOrStdOrBslName("scanf_s") or // scanf_s(format, args...) this.hasGlobalName("_scanf_l") or // _scanf_l(format, locale, args...) this.hasGlobalName("_wscanf_l") } @@ -50,6 +51,7 @@ class Fscanf extends ScanfFunction instanceof TopLevelFunction { Fscanf() { this.hasGlobalOrStdOrBslName("fscanf") or // fscanf(src_stream, format, args...) this.hasGlobalOrStdOrBslName("fwscanf") or // fwscanf(src_stream, format, args...) + this.hasGlobalOrStdOrBslName("fscanf_s") or // fscanf_s(src_stream, format, args...) this.hasGlobalName("_fscanf_l") or // _fscanf_l(src_stream, format, locale, args...) this.hasGlobalName("_fwscanf_l") } @@ -66,8 +68,12 @@ class Sscanf extends ScanfFunction instanceof TopLevelFunction { Sscanf() { this.hasGlobalOrStdOrBslName("sscanf") or // sscanf(src_stream, format, args...) this.hasGlobalOrStdOrBslName("swscanf") or // swscanf(src, format, args...) + this.hasGlobalOrStdOrBslName("sscanf_s") or // sscanf_s(src, format, args...) + this.hasGlobalOrStdOrBslName("swscanf_s") or // swscanf_s(src, format, args...) this.hasGlobalName("_sscanf_l") or // _sscanf_l(src, format, locale, args...) - this.hasGlobalName("_swscanf_l") + this.hasGlobalName("_swscanf_l") or // _swscanf_l(src, format, locale, args...) + this.hasGlobalName("_sscanf_s_l") or // _sscanf_s_l(src, format, locale, args...) + this.hasGlobalName("_swscanf_s_l") // _swscanf_s_l(src, format, locale, args...) } override int getInputParameterIndex() { result = 0 } diff --git a/cpp/ql/test/library-tests/dataflow/source-sink-tests/sources-and-sinks.cpp b/cpp/ql/test/library-tests/dataflow/source-sink-tests/sources-and-sinks.cpp index 7757eb46dd31..bca2dd136c13 100644 --- a/cpp/ql/test/library-tests/dataflow/source-sink-tests/sources-and-sinks.cpp +++ b/cpp/ql/test/library-tests/dataflow/source-sink-tests/sources-and-sinks.cpp @@ -140,32 +140,32 @@ void test_scanf_s(FILE *stream) { int n1, n2; scanf_s( "%d", - &n1, // $ MISSING: local_source - &n2); // $ MISSING: local_source + &n1, // $ local_source + &n2); // $ local_source } { int n; - fscanf_s(stream, "%d", &n); // $ MISSING: remote_source + fscanf_s(stream, "%d", &n); // $ remote_source } { int n1, n2; char buf[256]; scanf_s("%d %s", - &n1, // $ MISSING: local_source - buf, // $ MISSING: local_source + &n1, // $ local_source + buf, // $ local_source 256, - &n2); // $ MISSING: local_source + &n2); // $ local_source } { int n1, n2; char buf[256]; fscanf_s(stream, "%d %s", - &n1, // $ MISSING: remote_source - buf, // $ MISSING: remote_source + &n1, // $ remote_source + buf, // $ remote_source 256, - &n2); // $ MISSING: remote_source + &n2); // $ remote_source } } \ No newline at end of file diff --git a/cpp/ql/test/library-tests/scanf/scanfFormatLiteral.expected b/cpp/ql/test/library-tests/scanf/scanfFormatLiteral.expected index 9fcbb42a2166..f6fc707b4945 100644 --- a/cpp/ql/test/library-tests/scanf/scanfFormatLiteral.expected +++ b/cpp/ql/test/library-tests/scanf/scanfFormatLiteral.expected @@ -3,3 +3,6 @@ | test.c:20:2:20:7 | call to fscanf | 1 | i | 0 | 0 | | test.c:21:2:21:7 | call to sscanf | 0 | s | 0 | 0 | | test.c:22:2:22:8 | call to swscanf | 0 | s | 10 | 10 | +| test.c:23:2:23:8 | call to scanf_s | 0 | d | 0 | 0 | +| test.c:23:2:23:8 | call to scanf_s | 1 | s | 0 | 0 | +| test.c:23:2:23:8 | call to scanf_s | 2 | d | 0 | 0 | diff --git a/cpp/ql/test/library-tests/scanf/scanfFunctionCall.expected b/cpp/ql/test/library-tests/scanf/scanfFunctionCall.expected index 7e74a349f8bd..ba658bd6d2f5 100644 --- a/cpp/ql/test/library-tests/scanf/scanfFunctionCall.expected +++ b/cpp/ql/test/library-tests/scanf/scanfFunctionCall.expected @@ -3,3 +3,4 @@ | test.c:20:2:20:7 | call to fscanf | 0 | 1 | test.c:20:15:20:23 | %10s %i | non-wide | | test.c:21:2:21:7 | call to sscanf | 0 | 1 | test.c:21:19:21:28 | %*i%s%*s | non-wide | | test.c:22:2:22:8 | call to swscanf | 0 | 1 | test.c:22:21:22:26 | %10s | wide | +| test.c:23:2:23:8 | call to scanf_s | 0 | 0 | test.c:23:10:23:19 | %d %s %d | non-wide | diff --git a/cpp/ql/test/library-tests/scanf/scanfFunctionCallOutput.expected b/cpp/ql/test/library-tests/scanf/scanfFunctionCallOutput.expected index f232db160da6..2efb7094a33c 100644 --- a/cpp/ql/test/library-tests/scanf/scanfFunctionCallOutput.expected +++ b/cpp/ql/test/library-tests/scanf/scanfFunctionCallOutput.expected @@ -4,3 +4,7 @@ | test.c:20:2:20:7 | call to fscanf | test.c:20:34:20:34 | i | 1 | | test.c:21:2:21:7 | call to sscanf | test.c:21:31:21:36 | buffer | 0 | | test.c:22:2:22:8 | call to swscanf | test.c:22:29:22:35 | wbuffer | 0 | +| test.c:23:2:23:8 | call to scanf_s | test.c:23:22:23:23 | & ... | 0 | +| test.c:23:2:23:8 | call to scanf_s | test.c:23:26:23:31 | buffer | 1 | +| test.c:23:2:23:8 | call to scanf_s | test.c:23:34:23:35 | 10 | 2 | +| test.c:23:2:23:8 | call to scanf_s | test.c:23:38:23:40 | & ... | 3 | From 5f10a882085bf93489c86929a5e423f2692f98a0 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 14 May 2026 19:24:59 +0100 Subject: [PATCH 07/27] C++: Handle size arguments in 'getOutputArgument'. --- cpp/ql/lib/semmle/code/cpp/commons/Scanf.qll | 47 ++++++++++++++++++- .../scanf/scanfFunctionCallOutput.expected | 3 +- 2 files changed, 46 insertions(+), 4 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/commons/Scanf.qll b/cpp/ql/lib/semmle/code/cpp/commons/Scanf.qll index b5d6bcc9de80..6ae59eac23e8 100644 --- a/cpp/ql/lib/semmle/code/cpp/commons/Scanf.qll +++ b/cpp/ql/lib/semmle/code/cpp/commons/Scanf.qll @@ -25,6 +25,15 @@ abstract class ScanfFunction extends Function { * (rather than a `char*`). */ predicate isWideCharDefault() { exists(this.getName().indexOf("wscanf")) } + + /** Holds if this is one of the `scanf_s` variants. */ + predicate isSVariant() { + exists(string name | name = this.getName() | + name.matches("%\\_s") + or + name.matches("%\\_s\\_l") + ) + } } /** @@ -103,6 +112,14 @@ class Snscanf extends ScanfFunction instanceof TopLevelFunction { int getInputLengthParameterIndex() { result = 1 } } +private predicate isCharLike(Type t) { t instanceof CharType or t instanceof Wchar_t } + +private predicate isStringLike(Type t) { + isCharLike(t.(PointerType).getBaseType()) + or + isCharLike(t.(ArrayType).getBaseType()) +} + /** * A call to one of the `scanf` functions. */ @@ -136,14 +153,40 @@ class ScanfFunctionCall extends FunctionCall { */ predicate isWideCharDefault() { this.getScanfFunction().isWideCharDefault() } + bindingset[this, k] + pragma[inline_late] + private predicate isSizeArgument(int k) { + // The first vararg is never the size argument since a size argument must + // always follow a string buffer argument. + k > 0 and + isStringLike(this.getArgument(this.getScanfFunction().getNumberOfParameters() + k - 1) + .getUnspecifiedType()) + } + /** * Gets the output argument at position `n` in the vararg list of this call. * * The range of `n` is from `0` to `this.getNumberOfOutputArguments() - 1`. */ Expr getOutputArgument(int n) { - result = this.getArgument(this.getTarget().getNumberOfParameters() + n) and - n >= 0 + exists(ScanfFunction target | target = this.getScanfFunction() | + // If this is an S variant then every string buffer argument has a + // corresponding size argument immediately following it, so we need to + // skip over those size arguments when counting the output arguments. + if target.isSVariant() + then + result = + rank[n + 1](Expr arg, int k | + k >= 0 and + arg = this.getArgument(target.getNumberOfParameters() + k) and + not this.isSizeArgument(k) + | + arg order by k + ) + else ( + n >= 0 and result = this.getArgument(target.getNumberOfParameters() + n) + ) + ) } /** diff --git a/cpp/ql/test/library-tests/scanf/scanfFunctionCallOutput.expected b/cpp/ql/test/library-tests/scanf/scanfFunctionCallOutput.expected index 2efb7094a33c..87998b4c367b 100644 --- a/cpp/ql/test/library-tests/scanf/scanfFunctionCallOutput.expected +++ b/cpp/ql/test/library-tests/scanf/scanfFunctionCallOutput.expected @@ -6,5 +6,4 @@ | test.c:22:2:22:8 | call to swscanf | test.c:22:29:22:35 | wbuffer | 0 | | test.c:23:2:23:8 | call to scanf_s | test.c:23:22:23:23 | & ... | 0 | | test.c:23:2:23:8 | call to scanf_s | test.c:23:26:23:31 | buffer | 1 | -| test.c:23:2:23:8 | call to scanf_s | test.c:23:34:23:35 | 10 | 2 | -| test.c:23:2:23:8 | call to scanf_s | test.c:23:38:23:40 | & ... | 3 | +| test.c:23:2:23:8 | call to scanf_s | test.c:23:38:23:40 | & ... | 2 | From 19781e53e710aa07a644543d76879af8c5752d2e Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Mon, 18 May 2026 13:24:59 +0100 Subject: [PATCH 08/27] C++: Add change notes. --- cpp/ql/lib/change-notes/2026-05-15-secure-scanf.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 cpp/ql/lib/change-notes/2026-05-15-secure-scanf.md diff --git a/cpp/ql/lib/change-notes/2026-05-15-secure-scanf.md b/cpp/ql/lib/change-notes/2026-05-15-secure-scanf.md new file mode 100644 index 000000000000..0b8d5a79a725 --- /dev/null +++ b/cpp/ql/lib/change-notes/2026-05-15-secure-scanf.md @@ -0,0 +1,5 @@ +--- +category: minorAnalysis +--- +* Added flow source models for `scanf_s` and related functions. +* Added a `Call` column to `LocalFlowSourceFunction::hasLocalFlowSource` and `RemoteFlowSourceFunction::hasRemoteFlowSource`. The old predicates without a `Call` column continue to be supported. \ No newline at end of file From 9f6400096206c559de6fc4698c480a20b013aa14 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 18 May 2026 15:20:31 +0000 Subject: [PATCH 09/27] Post-release preparation for codeql-cli-2.25.5 --- actions/ql/lib/qlpack.yml | 2 +- actions/ql/src/qlpack.yml | 2 +- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- go/ql/consistency-queries/qlpack.yml | 2 +- go/ql/lib/qlpack.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- misc/suite-helpers/qlpack.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- rust/ql/lib/qlpack.yml | 2 +- rust/ql/src/qlpack.yml | 2 +- shared/concepts/qlpack.yml | 2 +- shared/controlflow/qlpack.yml | 2 +- shared/dataflow/qlpack.yml | 2 +- shared/mad/qlpack.yml | 2 +- shared/quantum/qlpack.yml | 2 +- shared/rangeanalysis/qlpack.yml | 2 +- shared/regex/qlpack.yml | 2 +- shared/ssa/qlpack.yml | 2 +- shared/threat-models/qlpack.yml | 2 +- shared/tutorial/qlpack.yml | 2 +- shared/typeflow/qlpack.yml | 2 +- shared/typeinference/qlpack.yml | 2 +- shared/typetracking/qlpack.yml | 2 +- shared/typos/qlpack.yml | 2 +- shared/util/qlpack.yml | 2 +- shared/xml/qlpack.yml | 2 +- shared/yaml/qlpack.yml | 2 +- swift/ql/lib/qlpack.yml | 2 +- swift/ql/src/qlpack.yml | 2 +- 41 files changed, 41 insertions(+), 41 deletions(-) diff --git a/actions/ql/lib/qlpack.yml b/actions/ql/lib/qlpack.yml index 747298d69c6d..ae4a57aa944a 100644 --- a/actions/ql/lib/qlpack.yml +++ b/actions/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-all -version: 0.4.36 +version: 0.4.37-dev library: true warnOnImplicitThis: true dependencies: diff --git a/actions/ql/src/qlpack.yml b/actions/ql/src/qlpack.yml index 894ba6fec690..33ab175fb180 100644 --- a/actions/ql/src/qlpack.yml +++ b/actions/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-queries -version: 0.6.28 +version: 0.6.29-dev library: false warnOnImplicitThis: true groups: [actions, queries] diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index dd55ebe6c3a4..bca102a1048a 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 10.1.1 +version: 10.1.2-dev groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index a57263b53fc5..74055b4cf11a 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 1.6.3 +version: 1.6.4-dev groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index 51b34483e1bf..659dd5b0038c 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.67 +version: 1.7.68-dev groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index 81f347373c52..c7f243d86f09 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.67 +version: 1.7.68-dev groups: - csharp - solorigate diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 1605a359ad80..b3a0dab73036 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 6.0.1 +version: 6.0.2-dev groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index 84a1271fcad4..bfb1852bacbf 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 1.7.3 +version: 1.7.4-dev groups: - csharp - queries diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index a3f2fd4897a8..4c65036e5cfa 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 1.0.50 +version: 1.0.51-dev groups: - go - queries diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index 95fc95a0fc0a..f12cd33e5e07 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 7.1.1 +version: 7.1.2-dev groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index df9d76530855..40ad8f32001b 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 1.6.3 +version: 1.6.4-dev groups: - go - queries diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index 5f6482c1ae2b..aa9a2957362a 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 9.1.1 +version: 9.1.2-dev groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index 1d3c3c5b7163..2005542ba0dc 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 1.11.3 +version: 1.11.4-dev groups: - java - queries diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index ff45431ce7a4..6e8e84b394d8 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 2.7.1 +version: 2.7.2-dev groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index ad653e83497a..e58cb3d2d94f 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 2.3.10 +version: 2.3.11-dev groups: - javascript - queries diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index 4d751d815ec5..fd00605cfd11 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 1.0.50 +version: 1.0.51-dev groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index 826b35068691..981ab78ff33e 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 7.1.1 +version: 7.1.2-dev groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index ee265ad65e9f..2fc026ff4803 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 1.8.3 +version: 1.8.4-dev groups: - python - queries diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index 29c765d88eef..df8efbe68de1 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 5.2.1 +version: 5.2.2-dev groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index a745eae0790a..b68d13e5908b 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 1.6.3 +version: 1.6.4-dev groups: - ruby - queries diff --git a/rust/ql/lib/qlpack.yml b/rust/ql/lib/qlpack.yml index 03f5418863c8..062c2f4e6354 100644 --- a/rust/ql/lib/qlpack.yml +++ b/rust/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-all -version: 0.2.14 +version: 0.2.15-dev groups: rust extractor: rust dbscheme: rust.dbscheme diff --git a/rust/ql/src/qlpack.yml b/rust/ql/src/qlpack.yml index 1de0db6c3454..67966540de6e 100644 --- a/rust/ql/src/qlpack.yml +++ b/rust/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-queries -version: 0.1.35 +version: 0.1.36-dev groups: - rust - queries diff --git a/shared/concepts/qlpack.yml b/shared/concepts/qlpack.yml index a56c1d8efb2d..c51537b22287 100644 --- a/shared/concepts/qlpack.yml +++ b/shared/concepts/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/concepts -version: 0.0.24 +version: 0.0.25-dev groups: shared library: true dependencies: diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index e96e7aa69a28..e33617ca4f0c 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 2.0.34 +version: 2.0.35-dev groups: shared library: true dependencies: diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index e599587f88ae..2058b35be646 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 2.1.6 +version: 2.1.7-dev groups: shared library: true dependencies: diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index 60567e24cb42..fb135546a90f 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 1.0.50 +version: 1.0.51-dev groups: shared library: true dependencies: diff --git a/shared/quantum/qlpack.yml b/shared/quantum/qlpack.yml index 58005b74255a..951cce392ae9 100644 --- a/shared/quantum/qlpack.yml +++ b/shared/quantum/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/quantum -version: 0.0.28 +version: 0.0.29-dev groups: shared library: true dependencies: diff --git a/shared/rangeanalysis/qlpack.yml b/shared/rangeanalysis/qlpack.yml index 5a61b8d5eb91..41f319731b0f 100644 --- a/shared/rangeanalysis/qlpack.yml +++ b/shared/rangeanalysis/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rangeanalysis -version: 1.0.50 +version: 1.0.51-dev groups: shared library: true dependencies: diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index a3c25f8f13e0..198bf43da040 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 1.0.50 +version: 1.0.51-dev groups: shared library: true dependencies: diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index 1ddb7e74af22..5f8de945745c 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 2.0.26 +version: 2.0.27-dev groups: shared library: true dependencies: diff --git a/shared/threat-models/qlpack.yml b/shared/threat-models/qlpack.yml index 2473e135f4d6..c3ac3656b3aa 100644 --- a/shared/threat-models/qlpack.yml +++ b/shared/threat-models/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/threat-models -version: 1.0.50 +version: 1.0.51-dev library: true groups: shared dataExtensions: diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index fa05472a305c..e68fe7948ff1 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 1.0.50 +version: 1.0.51-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typeflow/qlpack.yml b/shared/typeflow/qlpack.yml index fe6ae27a1d1a..482138349acb 100644 --- a/shared/typeflow/qlpack.yml +++ b/shared/typeflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeflow -version: 1.0.50 +version: 1.0.51-dev groups: shared library: true dependencies: diff --git a/shared/typeinference/qlpack.yml b/shared/typeinference/qlpack.yml index dfefd717254b..d7dbeae2e09e 100644 --- a/shared/typeinference/qlpack.yml +++ b/shared/typeinference/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeinference -version: 0.0.31 +version: 0.0.32-dev groups: shared library: true dependencies: diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index 905cc886823a..891f8d0b1b17 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 2.0.34 +version: 2.0.35-dev groups: shared library: true dependencies: diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index 65791cd6efdf..b4705122b0ae 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 1.0.50 +version: 1.0.51-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index d7dd7255df0c..6190a3b42755 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 2.0.37 +version: 2.0.38-dev groups: shared library: true dependencies: null diff --git a/shared/xml/qlpack.yml b/shared/xml/qlpack.yml index 8de2d725b225..c8e51461daeb 100644 --- a/shared/xml/qlpack.yml +++ b/shared/xml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/xml -version: 1.0.50 +version: 1.0.51-dev groups: shared library: true dependencies: diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index 6c817def5005..c499501ab260 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 1.0.50 +version: 1.0.51-dev groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index e1d436bb7f6a..5e2f7c2942df 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 6.6.0 +version: 6.6.1-dev groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index e3e90856f70a..da4df6ae6d93 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 1.3.3 +version: 1.3.4-dev groups: - swift - queries From dc80a029cbb3cee49e91555c6b4b55391f22b492 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 13 May 2026 09:43:48 +0200 Subject: [PATCH 10/27] C#: Streamline the AddOperatorCall logic for prefix and postfix unary operators. --- .../Entities/Expressions/PostfixUnary.cs | 9 ++++++--- .../Entities/Expressions/Unary.cs | 11 +++++++---- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/PostfixUnary.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/PostfixUnary.cs index 051a03e9f8c2..0ccb8cd7a85a 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/PostfixUnary.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/PostfixUnary.cs @@ -22,11 +22,14 @@ protected override void PopulateExpression(TextWriter trapFile) { Create(Context, operand, this, 0); - if ((operatorKind == ExprKind.POST_INCR || operatorKind == ExprKind.POST_DECR) && - Kind == ExprKind.OPERATOR_INVOCATION) + if (Kind == ExprKind.OPERATOR_INVOCATION) { AddOperatorCall(trapFile, Syntax); - trapFile.mutator_invocation_mode(this, 2); + + if (operatorKind == ExprKind.POST_INCR || operatorKind == ExprKind.POST_DECR) + { + trapFile.mutator_invocation_mode(this, 2); + } } } } diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Unary.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Unary.cs index 699c3810d116..c063a5ef0155 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Unary.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Unary.cs @@ -24,12 +24,15 @@ public static Unary Create(ExpressionNodeInfo info) protected override void PopulateExpression(TextWriter trapFile) { Create(Context, Syntax.Operand, this, 0); - AddOperatorCall(trapFile, Syntax); - if ((operatorKind == ExprKind.PRE_INCR || operatorKind == ExprKind.PRE_DECR) && - Kind == ExprKind.OPERATOR_INVOCATION) + if (Kind == ExprKind.OPERATOR_INVOCATION) { - trapFile.mutator_invocation_mode(this, 1); + AddOperatorCall(trapFile, Syntax); + + if (operatorKind == ExprKind.PRE_INCR || operatorKind == ExprKind.PRE_DECR) + { + trapFile.mutator_invocation_mode(this, 1); + } } } } From a72cef6fda366fe81cc96c8b003fb6961f98b4bc Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 13 May 2026 09:58:45 +0200 Subject: [PATCH 11/27] C#: Rename Unary to PrefixUnary. --- .../Entities/Expressions/Factory.cs | 18 +++++++++--------- .../Expressions/{Unary.cs => PrefixUnary.cs} | 8 ++++---- 2 files changed, 13 insertions(+), 13 deletions(-) rename csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/{Unary.cs => PrefixUnary.cs} (77%) diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Factory.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Factory.cs index ed8dae3738fc..8b945e2ef17e 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Factory.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Factory.cs @@ -109,10 +109,10 @@ internal static Expression Create(ExpressionNodeInfo info) return MemberAccess.Create(info, (MemberAccessExpressionSyntax)info.Node); case SyntaxKind.UnaryMinusExpression: - return Unary.Create(info.SetKind(ExprKind.MINUS)); + return PrefixUnary.Create(info.SetKind(ExprKind.MINUS)); case SyntaxKind.UnaryPlusExpression: - return Unary.Create(info.SetKind(ExprKind.PLUS)); + return PrefixUnary.Create(info.SetKind(ExprKind.PLUS)); case SyntaxKind.SimpleLambdaExpression: return Lambda.Create(info, (SimpleLambdaExpressionSyntax)info.Node); @@ -146,16 +146,16 @@ internal static Expression Create(ExpressionNodeInfo info) return Name.Create(info); case SyntaxKind.LogicalNotExpression: - return Unary.Create(info.SetKind(ExprKind.LOG_NOT)); + return PrefixUnary.Create(info.SetKind(ExprKind.LOG_NOT)); case SyntaxKind.BitwiseNotExpression: - return Unary.Create(info.SetKind(ExprKind.BIT_NOT)); + return PrefixUnary.Create(info.SetKind(ExprKind.BIT_NOT)); case SyntaxKind.PreIncrementExpression: - return Unary.Create(info.SetKind(ExprKind.PRE_INCR)); + return PrefixUnary.Create(info.SetKind(ExprKind.PRE_INCR)); case SyntaxKind.PreDecrementExpression: - return Unary.Create(info.SetKind(ExprKind.PRE_DECR)); + return PrefixUnary.Create(info.SetKind(ExprKind.PRE_DECR)); case SyntaxKind.ThisExpression: return This.CreateExplicit(info); @@ -164,10 +164,10 @@ internal static Expression Create(ExpressionNodeInfo info) return PropertyFieldAccess.Create(info); case SyntaxKind.AddressOfExpression: - return Unary.Create(info.SetKind(ExprKind.ADDRESS_OF)); + return PrefixUnary.Create(info.SetKind(ExprKind.ADDRESS_OF)); case SyntaxKind.PointerIndirectionExpression: - return Unary.Create(info.SetKind(ExprKind.POINTER_INDIRECTION)); + return PrefixUnary.Create(info.SetKind(ExprKind.POINTER_INDIRECTION)); case SyntaxKind.DefaultExpression: return Default.Create(info); @@ -248,7 +248,7 @@ internal static Expression Create(ExpressionNodeInfo info) return RangeExpression.Create(info); case SyntaxKind.IndexExpression: - return Unary.Create(info.SetKind(ExprKind.INDEX)); + return PrefixUnary.Create(info.SetKind(ExprKind.INDEX)); case SyntaxKind.SwitchExpression: return Switch.Create(info); diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Unary.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/PrefixUnary.cs similarity index 77% rename from csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Unary.cs rename to csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/PrefixUnary.cs index c063a5ef0155..11e744e0c05c 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Unary.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/PrefixUnary.cs @@ -4,9 +4,9 @@ namespace Semmle.Extraction.CSharp.Entities.Expressions { - internal class Unary : Expression + internal class PrefixUnary : Expression { - private Unary(ExpressionNodeInfo info, ExprKind kind) + private PrefixUnary(ExpressionNodeInfo info, ExprKind kind) : base(info.SetKind(UnaryOperatorKind(info.Context, info.Kind, info.Node))) { operatorKind = kind; @@ -14,9 +14,9 @@ private Unary(ExpressionNodeInfo info, ExprKind kind) private readonly ExprKind operatorKind; - public static Unary Create(ExpressionNodeInfo info) + public static PrefixUnary Create(ExpressionNodeInfo info) { - var ret = new Unary(info, info.Kind); + var ret = new PrefixUnary(info, info.Kind); ret.TryPopulate(); return ret; } From 30a5769e20645eef226238cbfea0e935eb6aa613 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 13 May 2026 10:03:07 +0200 Subject: [PATCH 12/27] C#: Simplify and streamline the implementation of Prefix and Postfix unary expressions. --- .../Entities/Expressions/Factory.cs | 6 +++--- .../Entities/Expressions/PostfixUnary.cs | 10 ++++------ .../Entities/Expressions/PrefixUnary.cs | 7 +------ 3 files changed, 8 insertions(+), 15 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Factory.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Factory.cs index 8b945e2ef17e..70760590070e 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Factory.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Factory.cs @@ -58,10 +58,10 @@ internal static Expression Create(ExpressionNodeInfo info) return Invocation.Create(info); case SyntaxKind.PostIncrementExpression: - return PostfixUnary.Create(info.SetKind(ExprKind.POST_INCR), ((PostfixUnaryExpressionSyntax)info.Node).Operand); + return PostfixUnary.Create(info.SetKind(ExprKind.POST_INCR)); case SyntaxKind.PostDecrementExpression: - return PostfixUnary.Create(info.SetKind(ExprKind.POST_DECR), ((PostfixUnaryExpressionSyntax)info.Node).Operand); + return PostfixUnary.Create(info.SetKind(ExprKind.POST_DECR)); case SyntaxKind.AwaitExpression: return Await.Create(info); @@ -254,7 +254,7 @@ internal static Expression Create(ExpressionNodeInfo info) return Switch.Create(info); case SyntaxKind.SuppressNullableWarningExpression: - return PostfixUnary.Create(info.SetKind(ExprKind.SUPPRESS_NULLABLE_WARNING), ((PostfixUnaryExpressionSyntax)info.Node).Operand); + return PostfixUnary.Create(info.SetKind(ExprKind.SUPPRESS_NULLABLE_WARNING)); case SyntaxKind.WithExpression: return WithExpression.Create(info); diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/PostfixUnary.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/PostfixUnary.cs index 0ccb8cd7a85a..dd7682bf7bb6 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/PostfixUnary.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/PostfixUnary.cs @@ -4,23 +4,21 @@ namespace Semmle.Extraction.CSharp.Entities.Expressions { - internal class PostfixUnary : Expression + internal class PostfixUnary : Expression { - private PostfixUnary(ExpressionNodeInfo info, ExprKind kind, ExpressionSyntax operand) + private PostfixUnary(ExpressionNodeInfo info, ExprKind kind) : base(info.SetKind(UnaryOperatorKind(info.Context, kind, info.Node))) { - this.operand = operand; operatorKind = kind; } - private readonly ExpressionSyntax operand; private readonly ExprKind operatorKind; - public static Expression Create(ExpressionNodeInfo info, ExpressionSyntax operand) => new PostfixUnary(info, info.Kind, operand).TryPopulate(); + public static Expression Create(ExpressionNodeInfo info) => new PostfixUnary(info, info.Kind).TryPopulate(); protected override void PopulateExpression(TextWriter trapFile) { - Create(Context, operand, this, 0); + Create(Context, Syntax.Operand, this, 0); if (Kind == ExprKind.OPERATOR_INVOCATION) { diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/PrefixUnary.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/PrefixUnary.cs index 11e744e0c05c..ca58a8aeb283 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/PrefixUnary.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/PrefixUnary.cs @@ -14,12 +14,7 @@ private PrefixUnary(ExpressionNodeInfo info, ExprKind kind) private readonly ExprKind operatorKind; - public static PrefixUnary Create(ExpressionNodeInfo info) - { - var ret = new PrefixUnary(info, info.Kind); - ret.TryPopulate(); - return ret; - } + public static Expression Create(ExpressionNodeInfo info) => new PrefixUnary(info, info.Kind).TryPopulate(); protected override void PopulateExpression(TextWriter trapFile) { From 422a6bd670811d8afd4d692feafe8df301da2418 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 20 May 2026 10:59:10 +0200 Subject: [PATCH 13/27] C#: Remove the prelim C# 14 footnote from the documentation. --- .../supported-versions-compilers.rst | 39 +++++++++---------- 1 file changed, 19 insertions(+), 20 deletions(-) diff --git a/docs/codeql/reusables/supported-versions-compilers.rst b/docs/codeql/reusables/supported-versions-compilers.rst index 3e1cd49b4ce5..b73c9d7e6e97 100644 --- a/docs/codeql/reusables/supported-versions-compilers.rst +++ b/docs/codeql/reusables/supported-versions-compilers.rst @@ -11,23 +11,23 @@ Microsoft extensions (up to VS 2022), Arm Compiler 5 [5]_","``.cpp``, ``.c++``, ``.cxx``, ``.hpp``, ``.hh``, ``.h++``, ``.hxx``, ``.c``, ``.cc``, ``.h``" - C#,C# up to 14 [6]_,"Microsoft Visual Studio up to 2019 with .NET up to 4.8, + C#,C# up to 14,"Microsoft Visual Studio up to 2019 with .NET up to 4.8, .NET Core up to 3.1 - .NET 5, .NET 6, .NET 7, .NET 8, .NET 9, .NET 10 [6]_","``.sln``, ``.slnx``, ``.csproj``, ``.cs``, ``.cshtml``, ``.xaml``" + .NET 5, .NET 6, .NET 7, .NET 8, .NET 9, .NET 10","``.sln``, ``.slnx``, ``.csproj``, ``.cs``, ``.cshtml``, ``.xaml``" GitHub Actions,"Not applicable",Not applicable,"``.github/workflows/*.yml``, ``.github/workflows/*.yaml``, ``**/action.yml``, ``**/action.yaml``" Go (aka Golang), "Go up to 1.26", "Go 1.11 or more recent", ``.go`` - Java,"Java 7 to 26 [7]_","javac (OpenJDK and Oracle JDK), + Java,"Java 7 to 26 [6]_","javac (OpenJDK and Oracle JDK), - Eclipse compiler for Java (ECJ) [8]_",``.java`` + Eclipse compiler for Java (ECJ) [7]_",``.java`` Kotlin,"Kotlin 1.8.0 to 2.3.2\ *x*","kotlinc",``.kt`` - JavaScript,ECMAScript 2022 or lower,Not applicable,"``.js``, ``.jsx``, ``.mjs``, ``.es``, ``.es6``, ``.htm``, ``.html``, ``.xhtm``, ``.xhtml``, ``.vue``, ``.hbs``, ``.ejs``, ``.njk``, ``.json``, ``.yaml``, ``.yml``, ``.raml``, ``.xml`` [9]_" - Python [10]_,"2.7, 3.5, 3.6, 3.7, 3.8, 3.9, 3.10, 3.11, 3.12, 3.13",Not applicable,``.py`` - Ruby [11]_,"up to 3.3",Not applicable,"``.rb``, ``.erb``, ``.gemspec``, ``Gemfile``" - Rust [12]_,"Rust editions 2021 and 2024","Rust compiler","``.rs``, ``Cargo.toml``" - Swift [13]_ [14]_,"Swift 5.4-6.3","Swift compiler","``.swift``" - TypeScript [15]_,"2.6-5.9",Standard TypeScript compiler,"``.ts``, ``.tsx``, ``.mts``, ``.cts``" + JavaScript,ECMAScript 2022 or lower,Not applicable,"``.js``, ``.jsx``, ``.mjs``, ``.es``, ``.es6``, ``.htm``, ``.html``, ``.xhtm``, ``.xhtml``, ``.vue``, ``.hbs``, ``.ejs``, ``.njk``, ``.json``, ``.yaml``, ``.yml``, ``.raml``, ``.xml`` [8]_" + Python [9]_,"2.7, 3.5, 3.6, 3.7, 3.8, 3.9, 3.10, 3.11, 3.12, 3.13",Not applicable,``.py`` + Ruby [10]_,"up to 3.3",Not applicable,"``.rb``, ``.erb``, ``.gemspec``, ``Gemfile``" + Rust [11]_,"Rust editions 2021 and 2024","Rust compiler","``.rs``, ``Cargo.toml``" + Swift [12]_ [13]_,"Swift 5.4-6.3","Swift compiler","``.swift``" + TypeScript [14]_,"2.6-5.9",Standard TypeScript compiler,"``.ts``, ``.tsx``, ``.mts``, ``.cts``" .. container:: footnote-group @@ -36,13 +36,12 @@ .. [3] Objective-C, Objective-C++, C++/CLI, and C++/CX are not supported. .. [4] Support for the clang-cl compiler is preliminary. .. [5] Support for the Arm Compiler (armcc) is preliminary. - .. [6] Support for .NET 10 is preliminary and code that uses language features new to C# 14 is not yet fully supported for extraction and analysis. - .. [7] Builds that execute on Java 7 to 26 can be analyzed. The analysis understands standard language features in Java 8 to 26; "preview" and "incubator" features are not supported. Source code using Java language versions older than Java 8 are analyzed as Java 8 code. - .. [8] ECJ is supported when the build invokes it via the Maven Compiler plugin or the Takari Lifecycle plugin. - .. [9] JSX and Flow code, YAML, JSON, HTML, and XML files may also be analyzed with JavaScript files. - .. [10] The extractor requires Python 3 to run. To analyze Python 2.7 you should install both versions of Python. - .. [11] Requires glibc 2.17. - .. [12] Requires ``rustup`` and ``cargo`` to be installed. Features from nightly toolchains are not supported. - .. [13] Support for the analysis of Swift requires macOS. - .. [14] Embedded Swift is not supported. - .. [15] TypeScript analysis is performed by running the JavaScript extractor with TypeScript enabled. This is the default. + .. [6] Builds that execute on Java 7 to 26 can be analyzed. The analysis understands standard language features in Java 8 to 26; "preview" and "incubator" features are not supported. Source code using Java language versions older than Java 8 are analyzed as Java 8 code. + .. [7] ECJ is supported when the build invokes it via the Maven Compiler plugin or the Takari Lifecycle plugin. + .. [8] JSX and Flow code, YAML, JSON, HTML, and XML files may also be analyzed with JavaScript files. + .. [9] The extractor requires Python 3 to run. To analyze Python 2.7 you should install both versions of Python. + .. [10] Requires glibc 2.17. + .. [11] Requires ``rustup`` and ``cargo`` to be installed. Features from nightly toolchains are not supported. + .. [12] Support for the analysis of Swift requires macOS. + .. [13] Embedded Swift is not supported. + .. [14] TypeScript analysis is performed by running the JavaScript extractor with TypeScript enabled. This is the default. From 462a7bc4236e26a0cf03938e9d5c4cb505b49103 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 20 May 2026 10:59:52 +0200 Subject: [PATCH 14/27] C#: Add change-note. --- csharp/ql/lib/change-notes/2026-05-20-csharp14-dotnet10.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 csharp/ql/lib/change-notes/2026-05-20-csharp14-dotnet10.md diff --git a/csharp/ql/lib/change-notes/2026-05-20-csharp14-dotnet10.md b/csharp/ql/lib/change-notes/2026-05-20-csharp14-dotnet10.md new file mode 100644 index 000000000000..f4c8d6f50d94 --- /dev/null +++ b/csharp/ql/lib/change-notes/2026-05-20-csharp14-dotnet10.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Full support for C# 14 / .NET 10. All new language features are now supported by the extractor. QL library and data flow support for the new C# 14 language constructs and generated MaD models for the .NET 10 runtime. From e408540d36a945ec2817b3961fd9cbf8522de533 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 20 May 2026 11:08:41 +0200 Subject: [PATCH 15/27] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- csharp/ql/lib/change-notes/2026-05-20-csharp14-dotnet10.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/csharp/ql/lib/change-notes/2026-05-20-csharp14-dotnet10.md b/csharp/ql/lib/change-notes/2026-05-20-csharp14-dotnet10.md index f4c8d6f50d94..84e3833860ad 100644 --- a/csharp/ql/lib/change-notes/2026-05-20-csharp14-dotnet10.md +++ b/csharp/ql/lib/change-notes/2026-05-20-csharp14-dotnet10.md @@ -1,4 +1,4 @@ --- category: minorAnalysis --- -* Full support for C# 14 / .NET 10. All new language features are now supported by the extractor. QL library and data flow support for the new C# 14 language constructs and generated MaD models for the .NET 10 runtime. +* Full support for C# 14 / .NET 10. All new language features are now supported by the extractor. The QL library and data flow analysis now support the new C# 14 language constructs and include generated Models as Data (MaD) models for the .NET 10 runtime. From e6c5f944ba67923d2d1fffcdd71974db0da03bb7 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 20 May 2026 18:13:35 +0100 Subject: [PATCH 16/27] C++: Add missing format string part in test. --- .../dataflow/source-sink-tests/sources-and-sinks.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cpp/ql/test/library-tests/dataflow/source-sink-tests/sources-and-sinks.cpp b/cpp/ql/test/library-tests/dataflow/source-sink-tests/sources-and-sinks.cpp index bca2dd136c13..24114ac32179 100644 --- a/cpp/ql/test/library-tests/dataflow/source-sink-tests/sources-and-sinks.cpp +++ b/cpp/ql/test/library-tests/dataflow/source-sink-tests/sources-and-sinks.cpp @@ -139,7 +139,7 @@ void test_scanf_s(FILE *stream) { { int n1, n2; scanf_s( - "%d", + "%d %d", &n1, // $ local_source &n2); // $ local_source } @@ -152,7 +152,7 @@ void test_scanf_s(FILE *stream) { { int n1, n2; char buf[256]; - scanf_s("%d %s", + scanf_s("%d %s %d", &n1, // $ local_source buf, // $ local_source 256, @@ -162,7 +162,7 @@ void test_scanf_s(FILE *stream) { { int n1, n2; char buf[256]; - fscanf_s(stream, "%d %s", + fscanf_s(stream, "%d %s %d", &n1, // $ remote_source buf, // $ remote_source 256, From 25d20399f3cfca9b96226ce061ddc33b75a1ae59 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 20 May 2026 18:43:07 +0100 Subject: [PATCH 17/27] C++: Add models for _scanf_s_l, wscanf_s and _wscanf_s_l. --- cpp/ql/lib/semmle/code/cpp/commons/Scanf.qll | 5 ++- .../code/cpp/models/implementations/Scanf.qll | 5 ++- .../source-sink-tests/sources-and-sinks.cpp | 40 ++++++++++++++++++- 3 files changed, 47 insertions(+), 3 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/commons/Scanf.qll b/cpp/ql/lib/semmle/code/cpp/commons/Scanf.qll index 6ae59eac23e8..72204dd5310d 100644 --- a/cpp/ql/lib/semmle/code/cpp/commons/Scanf.qll +++ b/cpp/ql/lib/semmle/code/cpp/commons/Scanf.qll @@ -44,8 +44,11 @@ class Scanf extends ScanfFunction instanceof TopLevelFunction { this.hasGlobalOrStdOrBslName("scanf") or // scanf(format, args...) this.hasGlobalOrStdOrBslName("wscanf") or // wscanf(format, args...) this.hasGlobalOrStdOrBslName("scanf_s") or // scanf_s(format, args...) + this.hasGlobalOrStdOrBslName("wscanf_s") or // wscanf_s(format, args...) this.hasGlobalName("_scanf_l") or // _scanf_l(format, locale, args...) - this.hasGlobalName("_wscanf_l") + this.hasGlobalName("_wscanf_l") or // _wscanf_l(format, locale, args...) + this.hasGlobalName("_scanf_s_l") or // _scanf_s_l(format, locale, args...) + this.hasGlobalName("_wscanf_s_l") // _wscanf_s_l(format, locale, args...) } override int getInputParameterIndex() { none() } diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/Scanf.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/Scanf.qll index d7efc44afb58..2c82e5423239 100644 --- a/cpp/ql/lib/semmle/code/cpp/models/implementations/Scanf.qll +++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/Scanf.qll @@ -30,7 +30,10 @@ abstract private class ScanfFunctionModel extends ArrayFunction, TaintFunction, ( if exists(this.getLengthParameterIndex()) then result = this.getLengthParameterIndex() + 2 - else result = 2 + else + if exists(this.(ScanfFunction).getInputParameterIndex()) + then result = 2 + else result = 1 ) } diff --git a/cpp/ql/test/library-tests/dataflow/source-sink-tests/sources-and-sinks.cpp b/cpp/ql/test/library-tests/dataflow/source-sink-tests/sources-and-sinks.cpp index 24114ac32179..3f55832d31a7 100644 --- a/cpp/ql/test/library-tests/dataflow/source-sink-tests/sources-and-sinks.cpp +++ b/cpp/ql/test/library-tests/dataflow/source-sink-tests/sources-and-sinks.cpp @@ -168,4 +168,42 @@ void test_scanf_s(FILE *stream) { 256, &n2); // $ remote_source } -} \ No newline at end of file +} + +typedef void *locale_t; + +int wscanf_s(const wchar_t *format, ...); +int _scanf_s_l(const char *format, locale_t locale, ...); +int _wscanf_s_l(const wchar_t *format, locale_t locale, ...); + +void test_additional_scanf_s_variants(locale_t locale) { + { + int n1, n2; + wchar_t buf[256]; + wscanf_s(L"%d %s %d", + &n1, // $ local_source + buf, // $ local_source + 256, + &n2); // $ local_source + } + + { + int n1, n2; + char buf[256]; + _scanf_s_l("%d %s %d", locale, + &n1, // $ local_source + buf, // $ local_source + 256, + &n2); // $ local_source + } + + { + int n1, n2; + wchar_t buf[256]; + _wscanf_s_l(L"%d %s %d", locale, + &n1, // $ local_source + buf, // $ local_source + 256, + &n2); // $ local_source + } +} From a33af092443b10998430f8a0dcf0d58b5d9d4ae3 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 20 May 2026 18:59:04 +0100 Subject: [PATCH 18/27] C++: Add models for _fscanf_s_l, fwscanf_s and _fwscanf_s_l. --- cpp/ql/lib/semmle/code/cpp/commons/Scanf.qll | 5 ++- .../source-sink-tests/sources-and-sinks.cpp | 35 ++++++++++++++++++- 2 files changed, 38 insertions(+), 2 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/commons/Scanf.qll b/cpp/ql/lib/semmle/code/cpp/commons/Scanf.qll index 72204dd5310d..5128a94c1730 100644 --- a/cpp/ql/lib/semmle/code/cpp/commons/Scanf.qll +++ b/cpp/ql/lib/semmle/code/cpp/commons/Scanf.qll @@ -64,8 +64,11 @@ class Fscanf extends ScanfFunction instanceof TopLevelFunction { this.hasGlobalOrStdOrBslName("fscanf") or // fscanf(src_stream, format, args...) this.hasGlobalOrStdOrBslName("fwscanf") or // fwscanf(src_stream, format, args...) this.hasGlobalOrStdOrBslName("fscanf_s") or // fscanf_s(src_stream, format, args...) + this.hasGlobalOrStdOrBslName("fwscanf_s") or // fwscanf_s(src_stream, format, args...) this.hasGlobalName("_fscanf_l") or // _fscanf_l(src_stream, format, locale, args...) - this.hasGlobalName("_fwscanf_l") + this.hasGlobalName("_fwscanf_l") or // _fwscanf_l(src_stream, format, locale, args...) + this.hasGlobalName("_fscanf_s_l") or // _fscanf_s_l(src_stream, format, locale, args...) + this.hasGlobalName("_fwscanf_s_l") // _fwscanf_s_l(src_stream, format, locale, args...) } override int getInputParameterIndex() { result = 0 } diff --git a/cpp/ql/test/library-tests/dataflow/source-sink-tests/sources-and-sinks.cpp b/cpp/ql/test/library-tests/dataflow/source-sink-tests/sources-and-sinks.cpp index 3f55832d31a7..7edd46344382 100644 --- a/cpp/ql/test/library-tests/dataflow/source-sink-tests/sources-and-sinks.cpp +++ b/cpp/ql/test/library-tests/dataflow/source-sink-tests/sources-and-sinks.cpp @@ -175,8 +175,11 @@ typedef void *locale_t; int wscanf_s(const wchar_t *format, ...); int _scanf_s_l(const char *format, locale_t locale, ...); int _wscanf_s_l(const wchar_t *format, locale_t locale, ...); +int fwscanf_s(FILE *stream, const wchar_t *format, ...); +int _fscanf_s_l(FILE *stream, const char *format, locale_t locale, ...); +int _fwscanf_s_l(FILE *stream, const wchar_t *format, locale_t locale, ...); -void test_additional_scanf_s_variants(locale_t locale) { +void test_additional_scanf_s_variants(FILE *stream, locale_t locale) { { int n1, n2; wchar_t buf[256]; @@ -206,4 +209,34 @@ void test_additional_scanf_s_variants(locale_t locale) { 256, &n2); // $ local_source } + + { + int n1, n2; + wchar_t buf[256]; + fwscanf_s(stream, L"%d %s %d", + &n1, // $ remote_source + buf, // $ remote_source + 256, + &n2); // $ remote_source + } + + { + int n1, n2; + char buf[256]; + _fscanf_s_l(stream, "%d %s %d", locale, + &n1, // $ remote_source + buf, // $ remote_source + 256, + &n2); // $ remote_source + } + + { + int n1, n2; + wchar_t buf[256]; + _fwscanf_s_l(stream, L"%d %s %d", locale, + &n1, // $ remote_source + buf, // $ remote_source + 256, + &n2); // $ remote_source + } } From 6d6e9c0d47154a4fb2ca26db8906f5b767a088c4 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Thu, 21 May 2026 10:41:09 +0200 Subject: [PATCH 19/27] Util: Only compute dense ranks when needed --- shared/util/codeql/util/DenseRank.qll | 82 ++++++++++++++++++++++++--- 1 file changed, 73 insertions(+), 9 deletions(-) diff --git a/shared/util/codeql/util/DenseRank.qll b/shared/util/codeql/util/DenseRank.qll index 89ab865e9595..6521bcec21ba 100644 --- a/shared/util/codeql/util/DenseRank.qll +++ b/shared/util/codeql/util/DenseRank.qll @@ -55,13 +55,33 @@ signature module DenseRankInputSig { module DenseRank { private import Input + private int getARank() { result = getRank(_) } + + pragma[noinline] + private int getARankGap() { result = getARank() and not result - 1 = getARank() } + + pragma[noinline] + private predicate isDenseFrom(int i) { i = unique( | | getARankGap()) } + + pragma[noinline] + private int getRankNeedsDenseRank(Ranked r) { result = getRank(r) and not isDenseFrom(_) } + private int rankRank(Ranked r, int rnk) { - rnk = getRank(r) and - rnk = rank[result](int rnk0 | rnk0 = getRank(_) | rnk0) + rnk = getRankNeedsDenseRank(r) and + rnk = rank[result](int rnk0 | rnk0 = getRankNeedsDenseRank(_) | rnk0) } /** Gets the `Ranked` value for which the dense rank is `rnk`. */ - Ranked denseRank(int rnk) { rnk = rankRank(result, getRank(result)) } + pragma[nomagic] + Ranked denseRank(int rnk) { + rnk = rankRank(result, getRankNeedsDenseRank(result)) + or + exists(int i, int offset | + isDenseFrom(i) and + offset = i - 1 and + rnk = getRank(result) - offset + ) + } } /** Provides the input to `DenseRank1`. */ @@ -82,16 +102,38 @@ signature module DenseRankInputSig1 { module DenseRank1 { private import Input + private int getARank(C c) { result = getRank(c, _) } + + pragma[noinline] + private int getARankGap(C c) { result = getARank(c) and not result - 1 = getARank(c) } + + pragma[noinline] + private predicate isDenseFrom(C c, int i) { i = unique( | | getARankGap(c)) } + + pragma[noinline] + private int getRankNeedsDenseRank(C c, Ranked r) { + result = getRank(c, r) and not isDenseFrom(c, _) + } + private int rankRank(C c, Ranked r, int rnk) { - rnk = getRank(c, r) and - rnk = rank[result](int rnk0 | rnk0 = getRank(c, _) | rnk0) + rnk = getRankNeedsDenseRank(c, r) and + rnk = rank[result](int rnk0 | rnk0 = getRankNeedsDenseRank(c, _) | rnk0) } /** * Gets the `Ranked` value for which the dense rank in the context provided by * `c` is `rnk`. */ - Ranked denseRank(C c, int rnk) { rnk = rankRank(c, result, getRank(c, result)) } + pragma[nomagic] + Ranked denseRank(C c, int rnk) { + rnk = rankRank(c, result, getRankNeedsDenseRank(c, result)) + or + exists(int i, int offset | + isDenseFrom(c, i) and + offset = i - 1 and + rnk = getRank(c, result) - offset + ) + } } /** Provides the input to `DenseRank2`. */ @@ -116,16 +158,38 @@ signature module DenseRankInputSig2 { module DenseRank2 { private import Input + private int getARank(C1 c1, C2 c2) { result = getRank(c1, c2, _) } + + pragma[noinline] + private int getARankGap(C1 c1, C2 c2) { + result = getARank(c1, c2) and not result - 1 = getARank(c1, c2) + } + + pragma[noinline] + private predicate isDenseFrom(C1 c1, C2 c2, int i) { i = unique( | | getARankGap(c1, c2)) } + + pragma[noinline] + private int getRankNeedsDenseRank(C1 c1, C2 c2, Ranked r) { + result = getRank(c1, c2, r) and not isDenseFrom(c1, c2, _) + } + private int rankRank(C1 c1, C2 c2, Ranked r, int rnk) { - rnk = getRank(c1, c2, r) and - rnk = rank[result](int rnk0 | rnk0 = getRank(c1, c2, _) | rnk0) + rnk = getRankNeedsDenseRank(c1, c2, r) and + rnk = rank[result](int rnk0 | rnk0 = getRankNeedsDenseRank(c1, c2, _) | rnk0) } /** * Gets the `Ranked` value for which the dense rank in the context provided by * `c1` and `c2` is `rnk`. */ + pragma[nomagic] Ranked denseRank(C1 c1, C2 c2, int rnk) { - rnk = rankRank(c1, c2, result, getRank(c1, c2, result)) + rnk = rankRank(c1, c2, result, getRankNeedsDenseRank(c1, c2, result)) + or + exists(int i, int offset | + isDenseFrom(c1, c2, i) and + offset = i - 1 and + rnk = getRank(c1, c2, result) - offset + ) } } From 3ee45ff4b921b7b573284426e80d40c9132510f3 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Fri, 22 May 2026 10:07:52 +0200 Subject: [PATCH 20/27] Apply suggestion from @geoffw0 Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com> --- .../codeql/typeinference/internal/TypeInference.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/typeinference/codeql/typeinference/internal/TypeInference.qll b/shared/typeinference/codeql/typeinference/internal/TypeInference.qll index 348446765ae9..24a6392c6be1 100644 --- a/shared/typeinference/codeql/typeinference/internal/TypeInference.qll +++ b/shared/typeinference/codeql/typeinference/internal/TypeInference.qll @@ -391,7 +391,7 @@ module Make1 Input1> { * ``` * * the meaning is "`T` implements `Trait`" where the constraint is only - * valid for the specific `T`. Note that `condition` and `condition` are + * valid for the specific `T`. Note that `condition` and `constraint` are * identical in the two examples. To encode the difference, `abs` in the * first example should contain `T` whereas in the seconds example `abs` * should be empty. From ec7e38cd4db47acf9c2e9f2ff54f021c2146133e Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Tue, 19 May 2026 09:12:36 +0200 Subject: [PATCH 21/27] C#: Ensure that `Folder` entities exist for `Compilation` entities --- .../Entities/Compilations/Compilation.cs | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Compilations/Compilation.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Compilations/Compilation.cs index 2c74775460da..dd82f7077276 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Compilations/Compilation.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Compilations/Compilation.cs @@ -32,9 +32,13 @@ public override void Populate(TextWriter trapFile) { var assembly = Assembly.CreateOutputAssembly(Context); - trapFile.compilations(this, FileUtils.ConvertToUnix(cwd)); + var path = Context.ExtractionContext.PathTransformer.Transform(cwd); + trapFile.compilations(this, path.Value); trapFile.compilation_assembly(this, assembly); + // Ensure that a `Folder` entity exists + Folder.Create(Context, path); + // Arguments var expandedIndex = 0; for (var i = 0; i < args.Length; i++) From 9599f01ae0915a936b0c00f2e50b65e6310ddd52 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Fri, 22 May 2026 11:02:30 +0000 Subject: [PATCH 22/27] update codeql documentation --- .../codeql-changelog/codeql-cli-2.25.5.rst | 88 +++++++++++++++++++ .../codeql-changelog/index.rst | 1 + 2 files changed, 89 insertions(+) create mode 100644 docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.25.5.rst diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.25.5.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.25.5.rst new file mode 100644 index 000000000000..96ccad2e93e4 --- /dev/null +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.25.5.rst @@ -0,0 +1,88 @@ +.. _codeql-cli-2.25.5: + +========================== +CodeQL 2.25.5 (2026-05-21) +========================== + +.. contents:: Contents + :depth: 2 + :local: + :backlinks: none + +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. + +Security Coverage +----------------- + +CodeQL 2.25.5 runs a total of 496 security queries when configured with the Default suite (covering 169 CWE). The Extended suite enables an additional 131 queries (covering 32 more CWE). + +CodeQL CLI +---------- + +There are no user-facing CLI changes in this release. + +Query Packs +----------- + +Bug Fixes +~~~~~~~~~ + +GitHub Actions +"""""""""""""" + +* Fixed help file descriptions for queries: :code:`actions/untrusted-checkout/critical`, :code:`actions/untrusted-checkout/high`, :code:`actions/untrusted-checkout/medium`. Previously the messages were unclear as to why and how the vulnerabilities could occur. + +Minor Analysis Improvements +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +C/C++ +""""" + +* The 'Cleartext transmission of sensitive information' query (:code:`cpp/cleartext-transmission`) no longer raises an alert on calls to :code:`fscanf` (and variants) when the call reads from an "obviously local" :code:`FILE` stream such as :code:`stdin`. + +Java/Kotlin +""""""""""" + +* The :code:`java/zipslip` query no longer reports archive entry names that flow only to read-only path sinks such as :code:`ClassLoader.getResource`, :code:`FileInputStream`, and :code:`FileReader`. The query now restricts its sinks to the :code:`path-injection` kind and deliberately excludes the new :code:`path-injection[read]` sub-kind, matching the Zip Slip threat model of unsafe archive extraction. + +GitHub Actions +"""""""""""""" + +* The :code:`actions/unpinned-tag` query now analyzes composite action metadata (:code:`action.yml`\ /\ :code:`action.yaml` files) in addition to workflow files, providing more comprehensive detection of unpinned action references across the entire Actions ecosystem. + +Query Metadata Changes +~~~~~~~~~~~~~~~~~~~~~~ + +GitHub Actions +"""""""""""""" + +* Adjusted the name of :code:`actions/untrusted-checkout/high` to more clearly describe which parts of the scenario are in a privileged context. + +Language Libraries +------------------ + +Minor Analysis Improvements +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +C/C++ +""""" + +* The :code:`RemoteFlowSourceFunction` model for :code:`fscanf` (and variants) now implements :code:`hasSocketInput` to reflect that these functions may read from a socket. + +Java/Kotlin +""""""""""" + +* Introduced a new sink kind :code:`path-injection[read]` for Models-as-Data rows that only read from a path (such as :code:`ClassLoader.getResource`, :code:`FileInputStream`, :code:`FileReader`, :code:`Files.readAllBytes`, and related APIs). The general :code:`java/path-injection` query continues to consider both :code:`path-injection` and :code:`path-injection[read]` sinks. + +GitHub Actions +"""""""""""""" + +* Altered 2 patterns in the :code:`poisonable_steps` modelling. Extra sinks are detected in the following cases: scripts executed via python modules and :code:`go run` in directories are detected as potential mechanisms of injection. For the go execution pattern, the pattern is updated to now ignore flags that occur between go and the specific command. This change may lead to more results being detected by the following queries: :code:`actions/untrusted-checkout/high`, :code:`actions/untrusted-checkout/critical`, :code:`actions/untrusted-checkout-toctou/high`, :code:`actions/untrusted-checkout-toctou/critical`, :code:`actions/cache-poisoning/poisonable-step`, :code:`actions/cache-poisoning/direct-cache` and :code:`actions/artifact-poisoning/path-traversal`. + +New Features +~~~~~~~~~~~~ + +Swift +""""" + +* The :code:`TypeDecl` class now defines a :code:`getDeclaredInterfaceType` predicate, which yields the declared interface type of the type declaration. diff --git a/docs/codeql/codeql-overview/codeql-changelog/index.rst b/docs/codeql/codeql-overview/codeql-changelog/index.rst index c5d4fee45769..3ed98bad8d18 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/index.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/index.rst @@ -11,6 +11,7 @@ A list of queries for each suite and language `is available here Date: Sat, 16 May 2026 17:12:43 +0200 Subject: [PATCH 23/27] C++: Add ability to see if one template was generated from another --- cpp/ql/lib/semmle/code/cpp/Class.qll | 29 ++++++++++++++++++++-- cpp/ql/lib/semmle/code/cpp/Function.qll | 21 ++++++++++++++++ cpp/ql/lib/semmle/code/cpp/TypedefType.qll | 21 ++++++++++++++++ cpp/ql/lib/semmle/code/cpp/Variable.qll | 21 ++++++++++++++++ cpp/ql/lib/semmlecode.cpp.dbscheme | 20 +++++++++++++-- 5 files changed, 108 insertions(+), 4 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/Class.qll b/cpp/ql/lib/semmle/code/cpp/Class.qll index e67a9e76a7a4..74b2f1918c90 100644 --- a/cpp/ql/lib/semmle/code/cpp/Class.qll +++ b/cpp/ql/lib/semmle/code/cpp/Class.qll @@ -856,8 +856,10 @@ class AbstractClass extends Class { /** * A class template (this class also finds partial specializations - * of class templates). For example in the following code there is a - * `MyTemplateClass` template: + * of class templates). + * + * For example in the following code there is a `MyTemplateClass` + * template: * ``` * template * class MyTemplateClass { @@ -893,6 +895,29 @@ class TemplateClass extends Class { } override string getAPrimaryQlClass() { result = "TemplateClass" } + + /** + * Gets the class member template this template was generated from. + * + * This predicate only has results for templates that are members of class + * template instantiations. For example, for `MyTemplateClass::C` + * in the following code, this predicate holds for `MyTemplateClass::C`. + * ```cpp + * template + * class MyTemplateClass { + * template + * class C { + * ... + * }; + * }; + * + * template + * class MyTemplateClass; + * ``` + */ + TemplateClass getOriginalTemplate() { + class_template_generated_from(underlyingElement(this), unresolveElement(result)) + } } /** diff --git a/cpp/ql/lib/semmle/code/cpp/Function.qll b/cpp/ql/lib/semmle/code/cpp/Function.qll index 8d93ac0f2a3a..4b8e78d897e9 100644 --- a/cpp/ql/lib/semmle/code/cpp/Function.qll +++ b/cpp/ql/lib/semmle/code/cpp/Function.qll @@ -828,6 +828,27 @@ class TemplateFunction extends Function { * such things -- see FunctionTemplateSpecialization for further details. */ FunctionTemplateSpecialization getASpecialization() { result.getPrimaryTemplate() = this } + + /** + * Gets the class member template this template was generated from. + * + * This predicate only has results for templates that are members of class + * template instantiations. For example, for `MyTemplateClass::f` + * in the following code, this predicate holds for `MyTemplateClass::f`. + * ```cpp + * template + * class MyTemplateClass { + * template + * S f(); + * }; + * + * template + * class MyTemplateClass; + * ``` + */ + TemplateFunction getOriginalTemplate() { + function_template_generated_from(underlyingElement(this), unresolveElement(result)) + } } /** diff --git a/cpp/ql/lib/semmle/code/cpp/TypedefType.qll b/cpp/ql/lib/semmle/code/cpp/TypedefType.qll index 08d02eadb4d2..b79626ad8b86 100644 --- a/cpp/ql/lib/semmle/code/cpp/TypedefType.qll +++ b/cpp/ql/lib/semmle/code/cpp/TypedefType.qll @@ -130,6 +130,27 @@ class AliasTemplateType extends TypeAliasType { * ``` */ TypeAliasType getAnInstantiation() { result.isConstructedFrom(this) } + + /** + * Gets the class member template this template was generated from. + * + * This predicate only has results for templates that are members of class + * template instantiations. For example, for `MyTemplateClass::t` + * in the following code, this predicate holds for `MyTemplateClass::t`. + * ```cpp + * template + * class MyTemplateClass { + * template + * using t = S; + * }; + * + * template + * class MyTemplateClass; + * ``` + */ + AliasTemplateType getOriginalTemplate() { + alias_template_generated_from(underlyingElement(this), unresolveElement(result)) + } } /** diff --git a/cpp/ql/lib/semmle/code/cpp/Variable.qll b/cpp/ql/lib/semmle/code/cpp/Variable.qll index 8e68cc1927f7..7a87d95fcf28 100644 --- a/cpp/ql/lib/semmle/code/cpp/Variable.qll +++ b/cpp/ql/lib/semmle/code/cpp/Variable.qll @@ -614,6 +614,27 @@ class TemplateVariable extends Variable { result.isConstructedFrom(this) and not result.isSpecialization() } + + /** + * Gets the class member template this template was generated from. + * + * This predicate only has results for templates that are members of class + * template instantiations. For example, for `MyTemplateClass::x` + * in the following code, this predicate holds for `MyTemplateClass::x`. + * ```cpp + * template + * class MyTemplateClass { + * template + * static S x; + * }; + * + * template + * class MyTemplateClass; + * ``` + */ + TemplateVariable getOriginalTemplate() { + variable_template_generated_from(underlyingElement(this), unresolveElement(result)) + } } /** diff --git a/cpp/ql/lib/semmlecode.cpp.dbscheme b/cpp/ql/lib/semmlecode.cpp.dbscheme index 837c4e02326a..ef8d209a22e2 100644 --- a/cpp/ql/lib/semmlecode.cpp.dbscheme +++ b/cpp/ql/lib/semmlecode.cpp.dbscheme @@ -912,6 +912,10 @@ class_template_argument_value( int index: int ref, int arg_value: @expr ref ); +class_template_generated_from( + unique int template: @usertype ref, + int from: @usertype ref +) @user_or_decltype = @usertype | @decltype; @@ -943,6 +947,10 @@ function_template_argument_value( int index: int ref, int arg_value: @expr ref ); +function_template_generated_from( + unique int template: @function ref, + int from: @function ref +); is_variable_template(unique int id: @variable ref); variable_instantiation( @@ -959,6 +967,10 @@ variable_template_argument_value( int index: int ref, int arg_value: @expr ref ); +variable_template_generated_from( + unique int template: @variable ref, + int from: @variable ref +); is_alias_template(unique int id: @usertype ref); alias_instantiation( @@ -966,15 +978,19 @@ alias_instantiation( int from: @usertype ref ); alias_template_argument( - int variable_id: @usertype ref, + int type_id: @usertype ref, int index: int ref, int arg_type: @type ref ); alias_template_argument_value( - int variable_id: @usertype ref, + int type_id: @usertype ref, int index: int ref, int arg_value: @expr ref ); +alias_template_generated_from( + unique int template: @usertype ref, + int from: @usertype ref +); template_template_instantiation( int to: @usertype ref, From f98dfcd0a550d5a0fac36ce142f4e4f21650ca89 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Wed, 20 May 2026 10:08:58 +0200 Subject: [PATCH 24/27] C++: Add upgrade and downgrade scripts --- .../old.dbscheme | 2577 +++++++++++++++++ .../semmlecode.cpp.dbscheme | 2561 ++++++++++++++++ .../upgrade.properties | 6 + .../old.dbscheme | 2561 ++++++++++++++++ .../semmlecode.cpp.dbscheme | 2577 +++++++++++++++++ .../upgrade.properties | 2 + 6 files changed, 10284 insertions(+) create mode 100644 cpp/downgrades/ef8d209a22e27413aaaeff4446f0ecb9fa2c227b/old.dbscheme create mode 100644 cpp/downgrades/ef8d209a22e27413aaaeff4446f0ecb9fa2c227b/semmlecode.cpp.dbscheme create mode 100644 cpp/downgrades/ef8d209a22e27413aaaeff4446f0ecb9fa2c227b/upgrade.properties create mode 100644 cpp/ql/lib/upgrades/837c4e02326aee4582405d069263092e80a15d82/old.dbscheme create mode 100644 cpp/ql/lib/upgrades/837c4e02326aee4582405d069263092e80a15d82/semmlecode.cpp.dbscheme create mode 100644 cpp/ql/lib/upgrades/837c4e02326aee4582405d069263092e80a15d82/upgrade.properties diff --git a/cpp/downgrades/ef8d209a22e27413aaaeff4446f0ecb9fa2c227b/old.dbscheme b/cpp/downgrades/ef8d209a22e27413aaaeff4446f0ecb9fa2c227b/old.dbscheme new file mode 100644 index 000000000000..ef8d209a22e2 --- /dev/null +++ b/cpp/downgrades/ef8d209a22e27413aaaeff4446f0ecb9fa2c227b/old.dbscheme @@ -0,0 +1,2577 @@ + +/*- Compilations -*/ + +/** + * An invocation of the compiler. Note that more than one file may be + * compiled per invocation. For example, this command compiles three + * source files: + * + * gcc -c f1.c f2.c f3.c + * + * The `id` simply identifies the invocation, while `cwd` is the working + * directory from which the compiler was invoked. + */ +compilations( + /** + * An invocation of the compiler. Note that more than one file may + * be compiled per invocation. For example, this command compiles + * three source files: + * + * gcc -c f1.c f2.c f3.c + */ + unique int id : @compilation, + string cwd : string ref +); + +/** + * The arguments that were passed to the extractor for a compiler + * invocation. If `id` is for the compiler invocation + * + * gcc -c f1.c f2.c f3.c + * + * then typically there will be rows for + * + * num | arg + * --- | --- + * 0 | *path to extractor* + * 1 | `--mimic` + * 2 | `/usr/bin/gcc` + * 3 | `-c` + * 4 | f1.c + * 5 | f2.c + * 6 | f3.c + */ +#keyset[id, num] +compilation_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The expanded arguments that were passed to the extractor for a + * compiler invocation. This is similar to `compilation_args`, but + * for a `@someFile` argument, it includes the arguments from that + * file, rather than just taking the argument literally. + */ +#keyset[id, num] +compilation_expanded_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * Optionally, record the build mode for each compilation. + */ +compilation_build_mode( + unique int id : @compilation ref, + int mode : int ref +); + +/* +case @compilation_build_mode.mode of + 0 = @build_mode_none +| 1 = @build_mode_manual +| 2 = @build_mode_auto +; +*/ + +/** + * The source files that are compiled by a compiler invocation. + * If `id` is for the compiler invocation + * + * gcc -c f1.c f2.c f3.c + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | f1.c + * 1 | f2.c + * 2 | f3.c + * + * Note that even if those files `#include` headers, those headers + * do not appear as rows. + */ +#keyset[id, num] +compilation_compiling_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The time taken by the extractor for a compiler invocation. + * + * For each file `num`, there will be rows for + * + * kind | seconds + * ---- | --- + * 1 | CPU seconds used by the extractor frontend + * 2 | Elapsed seconds during the extractor frontend + * 3 | CPU seconds used by the extractor backend + * 4 | Elapsed seconds during the extractor backend + */ +#keyset[id, num, kind] +compilation_time( + int id : @compilation ref, + int num : int ref, + /* kind: + 1 = frontend_cpu_seconds + 2 = frontend_elapsed_seconds + 3 = extractor_cpu_seconds + 4 = extractor_elapsed_seconds + */ + int kind : int ref, + float seconds : float ref +); + +/** + * An error or warning generated by the extractor. + * The diagnostic message `diagnostic` was generated during compiler + * invocation `compilation`, and is the `file_number_diagnostic_number`th + * message generated while extracting the `file_number`th file of that + * invocation. + */ +#keyset[compilation, file_number, file_number_diagnostic_number] +diagnostic_for( + int diagnostic : @diagnostic ref, + int compilation : @compilation ref, + int file_number : int ref, + int file_number_diagnostic_number : int ref +); + +/** + * If extraction was successful, then `cpu_seconds` and + * `elapsed_seconds` are the CPU time and elapsed time (respectively) + * that extraction took for compiler invocation `id`. + */ +compilation_finished( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref +); + +/*- External data -*/ + +/** + * External data, loaded from CSV files during snapshot creation. See + * [Tutorial: Incorporating external data](https://help.semmle.com/wiki/display/SD/Tutorial%3A+Incorporating+external+data) + * for more information. + */ +externalData( + int id : @externalDataElement, + string path : string ref, + int column: int ref, + string value : string ref +); + +/*- Source location prefix -*/ + +/** + * The source location of the snapshot. + */ +sourceLocationPrefix(string prefix : string ref); + +/*- Files and folders -*/ + +/** + * The location of an element. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @file | @folder + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +/*- Lines of code -*/ + +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref +); + +/*- Diagnostic messages -*/ + +diagnostics( + unique int id: @diagnostic, + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location_default ref +); + +/*- C++ dbscheme -*/ + +extractor_version( + string codeql_version: string ref, + string frontend_version: string ref +) + +/** + * Gives the TRAP filename that `trap` is associated with. + * For debugging only. + */ +trap_filename( + int trap: @trap, + string filename: string ref +); + +/** + * Gives the tag name for `tag`. + * For debugging only. + */ +tag_name( + int tag: @tag, + string name: string ref +); + +@trap_or_tag = @tag | @trap; + +/** + * Gives the name for the source file. + */ +source_file_name( + int sf: @source_file, + string name: string ref +); + +/** + * In `build-mode: none` overlay mode, indicates that `source_file` + * (`/path/to/foo.c`) uses the TRAP file `trap_file`; i.e. it is the + * TRAP file corresponding to `foo.c`, something it transitively + * includes, or a template instantiation it transitively uses. + */ +source_file_uses_trap( + int source_file: @source_file ref, + int trap_file: @trap ref +); + +/** + * In `build-mode: none` overlay mode, indicates that the TRAP file + * `trap_file` uses tag `tag`. + */ +trap_uses_tag( + int trap_file: @trap ref, + int tag: @tag ref +); + +/** + * Holds if there is a definition of `element` in TRAP file or tag `t`. + */ +in_trap_or_tag( + int element: @element ref, + int t: @trap_or_tag ref +); + +pch_uses( + int pch: @pch ref, + int compilation: @compilation ref, + int id: @file ref +) + +#keyset[pch, compilation] +pch_creations( + int pch: @pch, + int compilation: @compilation ref, + int from: @file ref +) + +/** An element for which line-count information is available. */ +@sourceline = @file | @function | @variable | @enumconstant | @xmllocatable; + +fileannotations( + int id: @file ref, + int kind: int ref, + string name: string ref, + string value: string ref +); + +inmacroexpansion( + int id: @element ref, + int inv: @macroinvocation ref +); + +affectedbymacroexpansion( + int id: @element ref, + int inv: @macroinvocation ref +); + +case @macroinvocation.kind of + 1 = @macro_expansion +| 2 = @other_macro_reference +; + +macroinvocations( + unique int id: @macroinvocation, + int macro_id: @ppd_define ref, + int location: @location_default ref, + int kind: int ref +); + +macroparent( + unique int id: @macroinvocation ref, + int parent_id: @macroinvocation ref +); + +// a macroinvocation may be part of another location +// the way to find a constant expression that uses a macro +// is thus to find a constant expression that has a location +// to which a macro invocation is bound +macrolocationbind( + int id: @macroinvocation ref, + int location: @location_default ref +); + +#keyset[invocation, argument_index] +macro_argument_unexpanded( + int invocation: @macroinvocation ref, + int argument_index: int ref, + string text: string ref +); + +#keyset[invocation, argument_index] +macro_argument_expanded( + int invocation: @macroinvocation ref, + int argument_index: int ref, + string text: string ref +); + +case @function.kind of + 0 = @unknown_function +| 1 = @normal_function +| 2 = @constructor +| 3 = @destructor +| 4 = @conversion_function +| 5 = @operator +// ... 6 = @builtin_function deprecated // GCC built-in functions, e.g. __builtin___memcpy_chk +| 7 = @user_defined_literal +| 8 = @deduction_guide +; + +functions( + unique int id: @function, + string name: string ref, + int kind: int ref +); + +builtin_functions( + int id: @function ref +) + +function_entry_point( + int id: @function ref, + unique int entry_point: @stmt ref +); + +function_return_type( + int id: @function ref, + int return_type: @type ref +); + +/** + * If `function` is a coroutine, then this gives the `std::experimental::resumable_traits` + * instance associated with it, and the variables representing the `handle` and `promise` + * for it. + */ +coroutine( + unique int function: @function ref, + int traits: @type ref +); + +/* +case @coroutine_placeholder_variable.kind of + 1 = @handle +| 2 = @promise +| 3 = @init_await_resume +; +*/ + +coroutine_placeholder_variable( + unique int placeholder_variable: @variable ref, + int kind: int ref, + int function: @function ref +) + +/** The `new` function used for allocating the coroutine state, if any. */ +coroutine_new( + unique int function: @function ref, + int new: @function ref +); + +/** The `delete` function used for deallocating the coroutine state, if any. */ +coroutine_delete( + unique int function: @function ref, + int delete: @function ref +); + +purefunctions(unique int id: @function ref); + +function_deleted(unique int id: @function ref); + +function_defaulted(unique int id: @function ref); + +function_prototyped(unique int id: @function ref) + +deduction_guide_for_class( + int id: @function ref, + int class_template: @usertype ref +) + +member_function_this_type( + unique int id: @function ref, + int this_type: @type ref +); + +#keyset[id, type_id] +fun_decls( + int id: @fun_decl, + int function: @function ref, + int type_id: @type ref, + string name: string ref, + int location: @location_default ref +); +fun_def(unique int id: @fun_decl ref); +fun_specialized(unique int id: @fun_decl ref); +fun_implicit(unique int id: @fun_decl ref); +fun_decl_specifiers( + int id: @fun_decl ref, + string name: string ref +) +#keyset[fun_decl, index] +fun_decl_throws( + int fun_decl: @fun_decl ref, + int index: int ref, + int type_id: @type ref +); +/* an empty throw specification is different from none */ +fun_decl_empty_throws(unique int fun_decl: @fun_decl ref); +fun_decl_noexcept( + int fun_decl: @fun_decl ref, + int constant: @expr ref +); +fun_decl_empty_noexcept(int fun_decl: @fun_decl ref); +fun_decl_typedef_type( + unique int fun_decl: @fun_decl ref, + int typedeftype_id: @usertype ref +); + +/* +case @fun_requires.kind of + 1 = @template_attached +| 2 = @function_attached +; +*/ + +fun_requires( + int id: @fun_decl ref, + int kind: int ref, + int constraint: @expr ref +); + +param_decl_bind( + unique int id: @var_decl ref, + int index: int ref, + int fun_decl: @fun_decl ref +); + +#keyset[id, type_id] +var_decls( + int id: @var_decl, + int variable: @variable ref, + int type_id: @type ref, + string name: string ref, + int location: @location_default ref +); +var_def(unique int id: @var_decl ref); +var_specialized(int id: @var_decl ref); +var_decl_specifiers( + int id: @var_decl ref, + string name: string ref +) +is_structured_binding(unique int id: @variable ref); +var_requires( + int id: @var_decl ref, + int constraint: @expr ref +); + +type_decls( + unique int id: @type_decl, + int type_id: @type ref, + int location: @location_default ref +); +type_def(unique int id: @type_decl ref); +type_decl_top( + unique int type_decl: @type_decl ref +); +type_requires( + int id: @type_decl ref, + int constraint: @expr ref +); + +namespace_decls( + unique int id: @namespace_decl, + int namespace_id: @namespace ref, + int location: @location_default ref, + int bodylocation: @location_default ref +); + +case @using.kind of + 1 = @using_declaration +| 2 = @using_directive +| 3 = @using_enum_declaration +; + +usings( + unique int id: @using, + int element_id: @element ref, + int location: @location_default ref, + int kind: int ref +); + +/** The element which contains the `using` declaration. */ +using_container( + int parent: @element ref, + int child: @using ref +); + +static_asserts( + unique int id: @static_assert, + int condition : @expr ref, + string message : string ref, + int location: @location_default ref, + int enclosing : @element ref +); + +// each function has an ordered list of parameters +#keyset[id, type_id] +#keyset[function, index, type_id] +params( + int id: @parameter, + int function: @parameterized_element ref, + int index: int ref, + int type_id: @type ref +); + +overrides( + int new: @function ref, + int old: @function ref +); + +#keyset[id, type_id] +membervariables( + int id: @membervariable, + int type_id: @type ref, + string name: string ref +); + +#keyset[id, type_id] +globalvariables( + int id: @globalvariable, + int type_id: @type ref, + string name: string ref +); + +#keyset[id, type_id] +localvariables( + int id: @localvariable, + int type_id: @type ref, + string name: string ref +); + +autoderivation( + unique int var: @variable ref, + int derivation_type: @type ref +); + +orphaned_variables( + int var: @localvariable ref, + int function: @function ref +) + +enumconstants( + unique int id: @enumconstant, + int parent: @usertype ref, + int index: int ref, + int type_id: @type ref, + string name: string ref, + int location: @location_default ref +); + +@variable = @localscopevariable | @globalvariable | @membervariable; + +@localscopevariable = @localvariable | @parameter; + +/** + * Built-in types are the fundamental types, e.g., integral, floating, and void. + */ +case @builtintype.kind of + 1 = @errortype +| 2 = @unknowntype +| 3 = @void +| 4 = @boolean +| 5 = @char +| 6 = @unsigned_char +| 7 = @signed_char +| 8 = @short +| 9 = @unsigned_short +| 10 = @signed_short +| 11 = @int +| 12 = @unsigned_int +| 13 = @signed_int +| 14 = @long +| 15 = @unsigned_long +| 16 = @signed_long +| 17 = @long_long +| 18 = @unsigned_long_long +| 19 = @signed_long_long +// ... 20 Microsoft-specific __int8 +// ... 21 Microsoft-specific __int16 +// ... 22 Microsoft-specific __int32 +// ... 23 Microsoft-specific __int64 +| 24 = @float +| 25 = @double +| 26 = @long_double +| 27 = @complex_float // C99-specific _Complex float +| 28 = @complex_double // C99-specific _Complex double +| 29 = @complex_long_double // C99-specific _Complex long double +| 30 = @imaginary_float // C99-specific _Imaginary float +| 31 = @imaginary_double // C99-specific _Imaginary double +| 32 = @imaginary_long_double // C99-specific _Imaginary long double +| 33 = @wchar_t // Microsoft-specific +| 34 = @decltype_nullptr // C++11 +| 35 = @int128 // __int128 +| 36 = @unsigned_int128 // unsigned __int128 +| 37 = @signed_int128 // signed __int128 +| 38 = @float128 // __float128 +| 39 = @complex_float128 // _Complex __float128 +// ... 40 _Decimal32 +// ... 41 _Decimal64 +// ... 42 _Decimal128 +| 43 = @char16_t +| 44 = @char32_t +| 45 = @std_float32 // _Float32 +| 46 = @float32x // _Float32x +| 47 = @std_float64 // _Float64 +| 48 = @float64x // _Float64x +| 49 = @std_float128 // _Float128 +// ... 50 _Float128x +| 51 = @char8_t +| 52 = @float16 // _Float16 +| 53 = @complex_float16 // _Complex _Float16 +| 54 = @fp16 // __fp16 +| 55 = @std_bfloat16 // __bf16 +| 56 = @std_float16 // std::float16_t +| 57 = @complex_std_float32 // _Complex _Float32 +| 58 = @complex_float32x // _Complex _Float32x +| 59 = @complex_std_float64 // _Complex _Float64 +| 60 = @complex_float64x // _Complex _Float64x +| 61 = @complex_std_float128 // _Complex _Float128 +| 62 = @mfp8 // __mfp8 +| 63 = @scalable_vector_count // __SVCount_t +| 64 = @complex_fp16 // _Complex __fp16 +| 65 = @complex_std_bfloat16 // _Complex __bf16 +| 66 = @complex_std_float16 // _Complex std::float16_t +; + +builtintypes( + unique int id: @builtintype, + string name: string ref, + int kind: int ref, + int size: int ref, + int sign: int ref, + int alignment: int ref +); + +/** + * Derived types are types that are directly derived from existing types and + * point to, refer to, transform type data to return a new type. + */ +case @derivedtype.kind of + 1 = @pointer +| 2 = @reference +| 3 = @type_with_specifiers +| 4 = @array +| 5 = @gnu_vector +| 6 = @routineptr +| 7 = @routinereference +| 8 = @rvalue_reference // C++11 +// ... 9 type_conforming_to_protocols deprecated +| 10 = @block +| 11 = @scalable_vector // Arm SVE +; + +derivedtypes( + unique int id: @derivedtype, + string name: string ref, + int kind: int ref, + int type_id: @type ref +); + +pointerishsize(unique int id: @derivedtype ref, + int size: int ref, + int alignment: int ref); + +arraysizes( + unique int id: @derivedtype ref, + int num_elements: int ref, + int bytesize: int ref, + int alignment: int ref +); + +tupleelements( + unique int id: @derivedtype ref, + int num_elements: int ref +); + +typedefbase( + unique int id: @usertype ref, + int type_id: @type ref +); + +/** + * An instance of the C++11 `decltype` operator or C23 `typeof`/`typeof_unqual` + * operator taking an expression as its argument. For example: + * ``` + * int a; + * decltype(1+a) b; + * typeof(1+a) c; + * ``` + * Here `expr` is `1+a`. + * + * Sometimes an additional pair of parentheses around the expression + * changes the semantics of the decltype, e.g. + * ``` + * struct A { double x; }; + * const A* a = new A(); + * decltype( a->x ); // type is double + * decltype((a->x)); // type is const double& + * ``` + * (Please consult the C++11 standard for more details). + * `parentheses_would_change_meaning` is `true` iff that is the case. + */ + +/* +case @decltype.kind of +| 0 = @decltype +| 1 = @typeof // The frontend does not differentiate between typeof and typeof_unqual +; +*/ + +#keyset[id, expr] +decltypes( + int id: @decltype, + int expr: @expr ref, + int kind: int ref, + int base_type: @type ref, + boolean parentheses_would_change_meaning: boolean ref +); + +case @type_operator.kind of + 0 = @typeof // The frontend does not differentiate between typeof and typeof_unqual +| 1 = @underlying_type +| 2 = @bases +| 3 = @direct_bases +| 4 = @add_lvalue_reference +| 5 = @add_pointer +| 6 = @add_rvalue_reference +| 7 = @decay +| 8 = @make_signed +| 9 = @make_unsigned +| 10 = @remove_all_extents +| 11 = @remove_const +| 12 = @remove_cv +| 13 = @remove_cvref +| 14 = @remove_extent +| 15 = @remove_pointer +| 16 = @remove_reference_t +| 17 = @remove_restrict +| 18 = @remove_volatile +| 19 = @remove_reference +; + +type_operators( + unique int id: @type_operator, + int arg_type: @type ref, + int kind: int ref, + int base_type: @type ref +) + +case @usertype.kind of + 0 = @unknown_usertype +| 1 = @struct +| 2 = @class +| 3 = @union +| 4 = @enum +// ... 5 = @typedef deprecated // classic C: typedef typedef type name +// ... 6 = @template deprecated +| 7 = @template_parameter +| 8 = @template_template_parameter +| 9 = @proxy_class // a proxy class associated with a template parameter +// ... 10 objc_class deprecated +// ... 11 objc_protocol deprecated +// ... 12 objc_category deprecated +| 13 = @scoped_enum +// ... 14 = @using_alias deprecated // a using name = type style typedef +| 15 = @template_struct +| 16 = @template_class +| 17 = @template_union +| 18 = @alias +; + +usertypes( + unique int id: @usertype, + string name: string ref, + int kind: int ref +); + +usertypesize( + unique int id: @usertype ref, + int size: int ref, + int alignment: int ref +); + +usertype_final(unique int id: @usertype ref); + +usertype_uuid( + unique int id: @usertype ref, + string uuid: string ref +); + +/* +case @usertype.alias_kind of +| 0 = @typedef +| 1 = @alias +*/ + +usertype_alias_kind( + int id: @usertype ref, + int alias_kind: int ref +) + +nontype_template_parameters( + int id: @expr ref +); + +type_template_type_constraint( + int id: @usertype ref, + int constraint: @expr ref +); + +mangled_name( + unique int id: @declaration ref, + int mangled_name : @mangledname, + boolean is_complete: boolean ref +); + +is_pod_class(unique int id: @usertype ref); +is_standard_layout_class(unique int id: @usertype ref); + +is_complete(unique int id: @usertype ref); + +is_class_template(unique int id: @usertype ref); +class_instantiation( + int to: @usertype ref, + int from: @usertype ref +); +class_template_argument( + int type_id: @usertype ref, + int index: int ref, + int arg_type: @type ref +); +class_template_argument_value( + int type_id: @usertype ref, + int index: int ref, + int arg_value: @expr ref +); +class_template_generated_from( + unique int template: @usertype ref, + int from: @usertype ref +) + +@user_or_decltype = @usertype | @decltype; + +is_proxy_class_for( + unique int id: @usertype ref, + int templ_param_id: @user_or_decltype ref +); + +type_mentions( + unique int id: @type_mention, + int type_id: @type ref, + int location: @location_default ref, + // a_symbol_reference_kind from the frontend. + int kind: int ref +); + +is_function_template(unique int id: @function ref); +function_instantiation( + unique int to: @function ref, + int from: @function ref +); +function_template_argument( + int function_id: @function ref, + int index: int ref, + int arg_type: @type ref +); +function_template_argument_value( + int function_id: @function ref, + int index: int ref, + int arg_value: @expr ref +); +function_template_generated_from( + unique int template: @function ref, + int from: @function ref +); + +is_variable_template(unique int id: @variable ref); +variable_instantiation( + unique int to: @variable ref, + int from: @variable ref +); +variable_template_argument( + int variable_id: @variable ref, + int index: int ref, + int arg_type: @type ref +); +variable_template_argument_value( + int variable_id: @variable ref, + int index: int ref, + int arg_value: @expr ref +); +variable_template_generated_from( + unique int template: @variable ref, + int from: @variable ref +); + +is_alias_template(unique int id: @usertype ref); +alias_instantiation( + unique int to: @usertype ref, + int from: @usertype ref +); +alias_template_argument( + int type_id: @usertype ref, + int index: int ref, + int arg_type: @type ref +); +alias_template_argument_value( + int type_id: @usertype ref, + int index: int ref, + int arg_value: @expr ref +); +alias_template_generated_from( + unique int template: @usertype ref, + int from: @usertype ref +); + +template_template_instantiation( + int to: @usertype ref, + int from: @usertype ref +); +template_template_argument( + int type_id: @usertype ref, + int index: int ref, + int arg_type: @type ref +); +template_template_argument_value( + int type_id: @usertype ref, + int index: int ref, + int arg_value: @expr ref +); + +@concept = @concept_template | @concept_id; + +concept_templates( + unique int concept_id: @concept_template, + string name: string ref, + int location: @location_default ref +); +concept_instantiation( + unique int to: @concept_id ref, + int from: @concept_template ref +); +is_type_constraint(int concept_id: @concept_id ref); +concept_template_argument( + int concept_id: @concept ref, + int index: int ref, + int arg_type: @type ref +); +concept_template_argument_value( + int concept_id: @concept ref, + int index: int ref, + int arg_value: @expr ref +); + +routinetypes( + unique int id: @routinetype, + int return_type: @type ref +); + +routinetypeargs( + int routine: @routinetype ref, + int index: int ref, + int type_id: @type ref +); + +ptrtomembers( + unique int id: @ptrtomember, + int type_id: @type ref, + int class_id: @type ref +); + +/* + specifiers for types, functions, and variables + + "public", + "protected", + "private", + + "const", + "volatile", + "static", + + "pure", + "virtual", + "sealed", // Microsoft + "__interface", // Microsoft + "inline", + "explicit", + + "near", // near far extension + "far", // near far extension + "__ptr32", // Microsoft + "__ptr64", // Microsoft + "__sptr", // Microsoft + "__uptr", // Microsoft + "dllimport", // Microsoft + "dllexport", // Microsoft + "thread", // Microsoft + "naked", // Microsoft + "microsoft_inline", // Microsoft + "forceinline", // Microsoft + "selectany", // Microsoft + "nothrow", // Microsoft + "novtable", // Microsoft + "noreturn", // Microsoft + "noinline", // Microsoft + "noalias", // Microsoft + "restrict", // Microsoft +*/ + +specifiers( + unique int id: @specifier, + unique string str: string ref +); + +typespecifiers( + int type_id: @type ref, + int spec_id: @specifier ref +); + +funspecifiers( + int func_id: @function ref, + int spec_id: @specifier ref +); + +varspecifiers( + int var_id: @accessible ref, + int spec_id: @specifier ref +); + +explicit_specifier_exprs( + unique int func_id: @function ref, + int constant: @expr ref +) + +attributes( + unique int id: @attribute, + int kind: int ref, + string name: string ref, + string name_space: string ref, + int location: @location_default ref +); + +case @attribute.kind of + 0 = @gnuattribute +| 1 = @stdattribute +| 2 = @declspec +| 3 = @msattribute +| 4 = @alignas +// ... 5 @objc_propertyattribute deprecated +; + +attribute_args( + unique int id: @attribute_arg, + int kind: int ref, + int attribute: @attribute ref, + int index: int ref, + int location: @location_default ref +); + +case @attribute_arg.kind of + 0 = @attribute_arg_empty +| 1 = @attribute_arg_token +| 2 = @attribute_arg_constant +| 3 = @attribute_arg_type +| 4 = @attribute_arg_constant_expr +| 5 = @attribute_arg_expr +; + +attribute_arg_value( + unique int arg: @attribute_arg ref, + string value: string ref +); +attribute_arg_type( + unique int arg: @attribute_arg ref, + int type_id: @type ref +); +attribute_arg_constant( + unique int arg: @attribute_arg ref, + int constant: @expr ref +) +attribute_arg_expr( + unique int arg: @attribute_arg ref, + int expr: @expr ref +) +attribute_arg_name( + unique int arg: @attribute_arg ref, + string name: string ref +); + +typeattributes( + int type_id: @type ref, + int spec_id: @attribute ref +); + +funcattributes( + int func_id: @function ref, + int spec_id: @attribute ref +); + +varattributes( + int var_id: @accessible ref, + int spec_id: @attribute ref +); + +namespaceattributes( + int namespace_id: @namespace ref, + int spec_id: @attribute ref +); + +stmtattributes( + int stmt_id: @stmt ref, + int spec_id: @attribute ref +); + +@type = @builtintype + | @derivedtype + | @usertype + | @routinetype + | @ptrtomember + | @decltype + | @type_operator; + +unspecifiedtype( + unique int type_id: @type ref, + int unspecified_type_id: @type ref +); + +member( + int parent: @type ref, + int index: int ref, + int child: @member ref +); + +@enclosingfunction_child = @usertype | @variable | @namespace + +enclosingfunction( + unique int child: @enclosingfunction_child ref, + int parent: @function ref +); + +derivations( + unique int derivation: @derivation, + int sub: @type ref, + int index: int ref, + int super: @type ref, + int location: @location_default ref +); + +derspecifiers( + int der_id: @derivation ref, + int spec_id: @specifier ref +); + +/** + * Contains the byte offset of the base class subobject within the derived + * class. Only holds for non-virtual base classes, but see table + * `virtual_base_offsets` for offsets of virtual base class subobjects. + */ +direct_base_offsets( + unique int der_id: @derivation ref, + int offset: int ref +); + +/** + * Contains the byte offset of the virtual base class subobject for class + * `super` within a most-derived object of class `sub`. `super` can be either a + * direct or indirect base class. + */ +#keyset[sub, super] +virtual_base_offsets( + int sub: @usertype ref, + int super: @usertype ref, + int offset: int ref +); + +frienddecls( + unique int id: @frienddecl, + int type_id: @type ref, + int decl_id: @declaration ref, + int location: @location_default ref +); + +@declaredtype = @usertype ; + +@declaration = @function + | @declaredtype + | @variable + | @enumconstant + | @frienddecl + | @concept_template; + +@member = @membervariable + | @function + | @declaredtype + | @enumconstant; + +@locatable = @diagnostic + | @declaration + | @ppd_include + | @ppd_define + | @macroinvocation + /*| @funcall*/ + | @xmllocatable + | @attribute + | @attribute_arg; + +@namedscope = @namespace | @usertype; + +@element = @locatable + | @file + | @folder + | @specifier + | @type + | @expr + | @namespace + | @initialiser + | @stmt + | @derivation + | @comment + | @preprocdirect + | @fun_decl + | @var_decl + | @type_decl + | @namespace_decl + | @using + | @namequalifier + | @specialnamequalifyingelement + | @static_assert + | @type_mention + | @lambdacapture; + +@exprparent = @element; + +comments( + unique int id: @comment, + string contents: string ref, + int location: @location_default ref +); + +commentbinding( + int id: @comment ref, + int element: @element ref +); + +exprconv( + int converted: @expr ref, + unique int conversion: @expr ref +); + +compgenerated(unique int id: @element ref); + +/** + * `destructor_call` destructs the `i`'th entity that should be + * destructed following `element`. Note that entities should be + * destructed in reverse construction order, so for a given `element` + * these should be called from highest to lowest `i`. + */ +#keyset[element, destructor_call] +#keyset[element, i] +synthetic_destructor_call( + int element: @element ref, + int i: int ref, + int destructor_call: @routineexpr ref +); + +namespaces( + unique int id: @namespace, + string name: string ref +); + +namespace_inline( + unique int id: @namespace ref +); + +namespacembrs( + int parentid: @namespace ref, + unique int memberid: @namespacembr ref +); + +@namespacembr = @declaration | @namespace; + +exprparents( + int expr_id: @expr ref, + int child_index: int ref, + int parent_id: @exprparent ref +); + +expr_isload(unique int expr_id: @expr ref); + +@cast = @c_style_cast + | @const_cast + | @dynamic_cast + | @reinterpret_cast + | @static_cast + ; + +/* +case @conversion.kind of + 0 = @simple_conversion // a numeric conversion, qualification conversion, or a reinterpret_cast +| 1 = @bool_conversion // conversion to 'bool' +| 2 = @base_class_conversion // a derived-to-base conversion +| 3 = @derived_class_conversion // a base-to-derived conversion +| 4 = @pm_base_class_conversion // a derived-to-base conversion of a pointer to member +| 5 = @pm_derived_class_conversion // a base-to-derived conversion of a pointer to member +| 6 = @glvalue_adjust // an adjustment of the type of a glvalue +| 7 = @prvalue_adjust // an adjustment of the type of a prvalue +; +*/ +/** + * Describes the semantics represented by a cast expression. This is largely + * independent of the source syntax of the cast, so it is separate from the + * regular expression kind. + */ +conversionkinds( + unique int expr_id: @cast ref, + int kind: int ref +); + +@conversion = @cast + | @array_to_pointer + | @parexpr + | @reference_to + | @ref_indirect + | @temp_init + | @c11_generic + ; + +/* +case @funbindexpr.kind of + 0 = @normal_call // a normal call +| 1 = @virtual_call // a virtual call +| 2 = @adl_call // a call whose target is only found by ADL +; +*/ +iscall( + unique int caller: @funbindexpr ref, + int kind: int ref +); + +numtemplatearguments( + unique int expr_id: @expr ref, + int num: int ref +); + +specialnamequalifyingelements( + unique int id: @specialnamequalifyingelement, + unique string name: string ref +); + +@namequalifiableelement = @expr | @namequalifier; +@namequalifyingelement = @namespace + | @specialnamequalifyingelement + | @usertype + | @decltype; + +namequalifiers( + unique int id: @namequalifier, + unique int qualifiableelement: @namequalifiableelement ref, + int qualifyingelement: @namequalifyingelement ref, + int location: @location_default ref +); + +varbind( + int expr: @varbindexpr ref, + int var: @accessible ref +); + +funbind( + int expr: @funbindexpr ref, + int fun: @function ref +); + +@any_new_expr = @new_expr + | @new_array_expr; + +@new_or_delete_expr = @any_new_expr + | @delete_expr + | @delete_array_expr; + +@prefix_crement_expr = @preincrexpr | @predecrexpr; + +@postfix_crement_expr = @postincrexpr | @postdecrexpr; + +@increment_expr = @preincrexpr | @postincrexpr; + +@decrement_expr = @predecrexpr | @postdecrexpr; + +@crement_expr = @increment_expr | @decrement_expr; + +@un_arith_op_expr = @arithnegexpr + | @unaryplusexpr + | @conjugation + | @realpartexpr + | @imagpartexpr + | @crement_expr + ; + +@un_bitwise_op_expr = @complementexpr; + +@un_log_op_expr = @notexpr; + +@un_op_expr = @address_of + | @indirect + | @un_arith_op_expr + | @un_bitwise_op_expr + | @builtinaddressof + | @vec_fill + | @un_log_op_expr + | @co_await + | @co_yield + ; + +@bin_log_op_expr = @andlogicalexpr | @orlogicalexpr; + +@cmp_op_expr = @eq_op_expr | @rel_op_expr; + +@eq_op_expr = @eqexpr | @neexpr; + +@rel_op_expr = @gtexpr + | @ltexpr + | @geexpr + | @leexpr + | @spaceshipexpr + ; + +@bin_bitwise_op_expr = @lshiftexpr + | @rshiftexpr + | @andexpr + | @orexpr + | @xorexpr + ; + +@p_arith_op_expr = @paddexpr + | @psubexpr + | @pdiffexpr + ; + +@bin_arith_op_expr = @addexpr + | @subexpr + | @mulexpr + | @divexpr + | @remexpr + | @jmulexpr + | @jdivexpr + | @fjaddexpr + | @jfaddexpr + | @fjsubexpr + | @jfsubexpr + | @minexpr + | @maxexpr + | @p_arith_op_expr + ; + +@bin_op_expr = @bin_arith_op_expr + | @bin_bitwise_op_expr + | @cmp_op_expr + | @bin_log_op_expr + ; + +@op_expr = @un_op_expr + | @bin_op_expr + | @assign_expr + | @conditionalexpr + ; + +@assign_arith_expr = @assignaddexpr + | @assignsubexpr + | @assignmulexpr + | @assigndivexpr + | @assignremexpr + ; + +@assign_bitwise_expr = @assignandexpr + | @assignorexpr + | @assignxorexpr + | @assignlshiftexpr + | @assignrshiftexpr + ; + +@assign_pointer_expr = @assignpaddexpr + | @assignpsubexpr + ; + +@assign_op_expr = @assign_arith_expr + | @assign_bitwise_expr + | @assign_pointer_expr + ; + +@assign_expr = @assignexpr | @assign_op_expr | @blockassignexpr + +/* + Binary encoding of the allocator form. + + case @allocator.form of + 0 = plain + | 1 = alignment + ; +*/ + +/** + * The allocator function associated with a `new` or `new[]` expression. + * The `form` column specified whether the allocation call contains an alignment + * argument. + */ +expr_allocator( + unique int expr: @any_new_expr ref, + int func: @function ref, + int form: int ref +); + +/* + Binary encoding of the deallocator form. + + case @deallocator.form of + 0 = plain + | 1 = size + | 2 = alignment + | 4 = destroying_delete + ; +*/ + +/** + * The deallocator function associated with a `delete`, `delete[]`, `new`, or + * `new[]` expression. For a `new` or `new[]` expression, the deallocator is the + * one used to free memory if the initialization throws an exception. + * The `form` column specifies whether the deallocation call contains a size + * argument, and alignment argument, or both. + */ +expr_deallocator( + unique int expr: @new_or_delete_expr ref, + int func: @function ref, + int form: int ref +); + +/** + * Holds if the `@conditionalexpr` is of the two operand form + * `guard ? : false`. + */ +expr_cond_two_operand( + unique int cond: @conditionalexpr ref +); + +/** + * The guard of `@conditionalexpr` `guard ? true : false` + */ +expr_cond_guard( + unique int cond: @conditionalexpr ref, + int guard: @expr ref +); + +/** + * The expression used when the guard of `@conditionalexpr` + * `guard ? true : false` holds. For the two operand form + * `guard ?: false` consider using `expr_cond_guard` instead. + */ +expr_cond_true( + unique int cond: @conditionalexpr ref, + int true: @expr ref +); + +/** + * The expression used when the guard of `@conditionalexpr` + * `guard ? true : false` does not hold. + */ +expr_cond_false( + unique int cond: @conditionalexpr ref, + int false: @expr ref +); + +/** A string representation of the value. */ +values( + unique int id: @value, + string str: string ref +); + +/** The actual text in the source code for the value, if any. */ +valuetext( + unique int id: @value ref, + string text: string ref +); + +valuebind( + int val: @value ref, + unique int expr: @expr ref +); + +fieldoffsets( + unique int id: @variable ref, + int byteoffset: int ref, + int bitoffset: int ref +); + +bitfield( + unique int id: @variable ref, + int bits: int ref, + int declared_bits: int ref +); + +/* TODO +memberprefix( + int member: @expr ref, + int prefix: @expr ref +); +*/ + +/* + kind(1) = mbrcallexpr + kind(2) = mbrptrcallexpr + kind(3) = mbrptrmbrcallexpr + kind(4) = ptrmbrptrmbrcallexpr + kind(5) = mbrreadexpr // x.y + kind(6) = mbrptrreadexpr // p->y + kind(7) = mbrptrmbrreadexpr // x.*pm + kind(8) = mbrptrmbrptrreadexpr // x->*pm + kind(9) = staticmbrreadexpr // static x.y + kind(10) = staticmbrptrreadexpr // static p->y +*/ +/* TODO +memberaccess( + int member: @expr ref, + int kind: int ref +); +*/ + +initialisers( + unique int init: @initialiser, + int var: @accessible ref, + unique int expr: @expr ref, + int location: @location_default ref +); + +braced_initialisers( + int init: @initialiser ref +); + +/** + * An ancestor for the expression, for cases in which we cannot + * otherwise find the expression's parent. + */ +expr_ancestor( + int exp: @expr ref, + int ancestor: @element ref +); + +exprs( + unique int id: @expr, + int kind: int ref, + int location: @location_default ref +); + +expr_reuse( + int reuse: @expr ref, + int original: @expr ref, + int value_category: int ref +) + +/* + case @value.category of + 1 = prval + | 2 = xval + | 3 = lval + ; +*/ +expr_types( + int id: @expr ref, + int typeid: @type ref, + int value_category: int ref +); + +case @expr.kind of + 1 = @errorexpr +| 2 = @address_of // & AddressOfExpr +| 3 = @reference_to // ReferenceToExpr (implicit?) +| 4 = @indirect // * PointerDereferenceExpr +| 5 = @ref_indirect // ReferenceDereferenceExpr (implicit?) +// ... +| 8 = @array_to_pointer // (???) +| 9 = @vacuous_destructor_call // VacuousDestructorCall +// ... +| 11 = @assume // Microsoft +| 12 = @parexpr +| 13 = @arithnegexpr +| 14 = @unaryplusexpr +| 15 = @complementexpr +| 16 = @notexpr +| 17 = @conjugation // GNU ~ operator +| 18 = @realpartexpr // GNU __real +| 19 = @imagpartexpr // GNU __imag +| 20 = @postincrexpr +| 21 = @postdecrexpr +| 22 = @preincrexpr +| 23 = @predecrexpr +| 24 = @conditionalexpr +| 25 = @addexpr +| 26 = @subexpr +| 27 = @mulexpr +| 28 = @divexpr +| 29 = @remexpr +| 30 = @jmulexpr // C99 mul imaginary +| 31 = @jdivexpr // C99 div imaginary +| 32 = @fjaddexpr // C99 add real + imaginary +| 33 = @jfaddexpr // C99 add imaginary + real +| 34 = @fjsubexpr // C99 sub real - imaginary +| 35 = @jfsubexpr // C99 sub imaginary - real +| 36 = @paddexpr // pointer add (pointer + int or int + pointer) +| 37 = @psubexpr // pointer sub (pointer - integer) +| 38 = @pdiffexpr // difference between two pointers +| 39 = @lshiftexpr +| 40 = @rshiftexpr +| 41 = @andexpr +| 42 = @orexpr +| 43 = @xorexpr +| 44 = @eqexpr +| 45 = @neexpr +| 46 = @gtexpr +| 47 = @ltexpr +| 48 = @geexpr +| 49 = @leexpr +| 50 = @minexpr // GNU minimum +| 51 = @maxexpr // GNU maximum +| 52 = @assignexpr +| 53 = @assignaddexpr +| 54 = @assignsubexpr +| 55 = @assignmulexpr +| 56 = @assigndivexpr +| 57 = @assignremexpr +| 58 = @assignlshiftexpr +| 59 = @assignrshiftexpr +| 60 = @assignandexpr +| 61 = @assignorexpr +| 62 = @assignxorexpr +| 63 = @assignpaddexpr // assign pointer add +| 64 = @assignpsubexpr // assign pointer sub +| 65 = @andlogicalexpr +| 66 = @orlogicalexpr +| 67 = @commaexpr +| 68 = @subscriptexpr // access to member of an array, e.g., a[5] +// ... 69 @objc_subscriptexpr deprecated +// ... 70 @cmdaccess deprecated +// ... +| 73 = @virtfunptrexpr +| 74 = @callexpr +// ... 75 @msgexpr_normal deprecated +// ... 76 @msgexpr_super deprecated +// ... 77 @atselectorexpr deprecated +// ... 78 @atprotocolexpr deprecated +| 79 = @vastartexpr +| 80 = @vaargexpr +| 81 = @vaendexpr +| 82 = @vacopyexpr +// ... 83 @atencodeexpr deprecated +| 84 = @varaccess +| 85 = @thisaccess +// ... 86 @objc_box_expr deprecated +| 87 = @new_expr +| 88 = @delete_expr +| 89 = @throw_expr +| 90 = @condition_decl // a variable declared in a condition, e.g., if(int x = y > 2) +| 91 = @braced_init_list +| 92 = @type_id +| 93 = @runtime_sizeof +| 94 = @runtime_alignof +| 95 = @sizeof_pack +| 96 = @expr_stmt // GNU extension +| 97 = @routineexpr +| 98 = @type_operand // used to access a type in certain contexts (haven't found any examples yet....) +| 99 = @offsetofexpr // offsetof ::= type and field +| 100 = @hasassignexpr // __has_assign ::= type +| 101 = @hascopyexpr // __has_copy ::= type +| 102 = @hasnothrowassign // __has_nothrow_assign ::= type +| 103 = @hasnothrowconstr // __has_nothrow_constructor ::= type +| 104 = @hasnothrowcopy // __has_nothrow_copy ::= type +| 105 = @hastrivialassign // __has_trivial_assign ::= type +| 106 = @hastrivialconstr // __has_trivial_constructor ::= type +| 107 = @hastrivialcopy // __has_trivial_copy ::= type +| 108 = @hasuserdestr // __has_user_destructor ::= type +| 109 = @hasvirtualdestr // __has_virtual_destructor ::= type +| 110 = @isabstractexpr // __is_abstract ::= type +| 111 = @isbaseofexpr // __is_base_of ::= type type +| 112 = @isclassexpr // __is_class ::= type +| 113 = @isconvtoexpr // __is_convertible_to ::= type type +| 114 = @isemptyexpr // __is_empty ::= type +| 115 = @isenumexpr // __is_enum ::= type +| 116 = @ispodexpr // __is_pod ::= type +| 117 = @ispolyexpr // __is_polymorphic ::= type +| 118 = @isunionexpr // __is_union ::= type +| 119 = @typescompexpr // GNU __builtin_types_compatible ::= type type +| 120 = @intaddrexpr // frontend internal builtin, used to implement offsetof +// ... +| 122 = @hastrivialdestructor // __has_trivial_destructor ::= type +| 123 = @literal +| 124 = @uuidof +| 127 = @aggregateliteral +| 128 = @delete_array_expr +| 129 = @new_array_expr +// ... 130 @objc_array_literal deprecated +// ... 131 @objc_dictionary_literal deprecated +| 132 = @foldexpr +// ... +| 200 = @ctordirectinit +| 201 = @ctorvirtualinit +| 202 = @ctorfieldinit +| 203 = @ctordelegatinginit +| 204 = @dtordirectdestruct +| 205 = @dtorvirtualdestruct +| 206 = @dtorfielddestruct +// ... +| 210 = @static_cast +| 211 = @reinterpret_cast +| 212 = @const_cast +| 213 = @dynamic_cast +| 214 = @c_style_cast +| 215 = @lambdaexpr +| 216 = @param_ref +| 217 = @noopexpr +// ... +| 294 = @istriviallyconstructibleexpr +| 295 = @isdestructibleexpr +| 296 = @isnothrowdestructibleexpr +| 297 = @istriviallydestructibleexpr +| 298 = @istriviallyassignableexpr +| 299 = @isnothrowassignableexpr +| 300 = @istrivialexpr +| 301 = @isstandardlayoutexpr +| 302 = @istriviallycopyableexpr +| 303 = @isliteraltypeexpr +| 304 = @hastrivialmoveconstructorexpr +| 305 = @hastrivialmoveassignexpr +| 306 = @hasnothrowmoveassignexpr +| 307 = @isconstructibleexpr +| 308 = @isnothrowconstructibleexpr +| 309 = @hasfinalizerexpr +| 310 = @isdelegateexpr +| 311 = @isinterfaceclassexpr +| 312 = @isrefarrayexpr +| 313 = @isrefclassexpr +| 314 = @issealedexpr +| 315 = @issimplevalueclassexpr +| 316 = @isvalueclassexpr +| 317 = @isfinalexpr +| 319 = @noexceptexpr +| 320 = @builtinshufflevector +| 321 = @builtinchooseexpr +| 322 = @builtinaddressof +| 323 = @vec_fill +| 324 = @builtinconvertvector +| 325 = @builtincomplex +| 326 = @spaceshipexpr +| 327 = @co_await +| 328 = @co_yield +| 329 = @temp_init +| 330 = @isassignable +| 331 = @isaggregate +| 332 = @hasuniqueobjectrepresentations +| 333 = @builtinbitcast +| 334 = @builtinshuffle +| 335 = @blockassignexpr +| 336 = @issame +| 337 = @isfunction +| 338 = @islayoutcompatible +| 339 = @ispointerinterconvertiblebaseof +| 340 = @isarray +| 341 = @arrayrank +| 342 = @arrayextent +| 343 = @isarithmetic +| 344 = @iscompletetype +| 345 = @iscompound +| 346 = @isconst +| 347 = @isfloatingpoint +| 348 = @isfundamental +| 349 = @isintegral +| 350 = @islvaluereference +| 351 = @ismemberfunctionpointer +| 352 = @ismemberobjectpointer +| 353 = @ismemberpointer +| 354 = @isobject +| 355 = @ispointer +| 356 = @isreference +| 357 = @isrvaluereference +| 358 = @isscalar +| 359 = @issigned +| 360 = @isunsigned +| 361 = @isvoid +| 362 = @isvolatile +| 363 = @reuseexpr +| 364 = @istriviallycopyassignable +| 365 = @isassignablenopreconditioncheck +| 366 = @referencebindstotemporary +| 367 = @issameas +| 368 = @builtinhasattribute +| 369 = @ispointerinterconvertiblewithclass +| 370 = @builtinispointerinterconvertiblewithclass +| 371 = @iscorrespondingmember +| 372 = @builtiniscorrespondingmember +| 373 = @isboundedarray +| 374 = @isunboundedarray +| 375 = @isreferenceable +| 378 = @isnothrowconvertible +| 379 = @referenceconstructsfromtemporary +| 380 = @referenceconvertsfromtemporary +| 381 = @isconvertible +| 382 = @isvalidwinrttype +| 383 = @iswinclass +| 384 = @iswininterface +| 385 = @istriviallyequalitycomparable +| 386 = @isscopedenum +| 387 = @istriviallyrelocatable +| 388 = @datasizeof +| 389 = @c11_generic +| 390 = @requires_expr +| 391 = @nested_requirement +| 392 = @compound_requirement +| 393 = @concept_id +| 394 = @isinvocable +| 395 = @isnothrowinvocable +| 396 = @isbitwisecloneable +; + +@var_args_expr = @vastartexpr + | @vaendexpr + | @vaargexpr + | @vacopyexpr + ; + +@builtin_op = @var_args_expr + | @noopexpr + | @offsetofexpr + | @intaddrexpr + | @hasassignexpr + | @hascopyexpr + | @hasnothrowassign + | @hasnothrowconstr + | @hasnothrowcopy + | @hastrivialassign + | @hastrivialconstr + | @hastrivialcopy + | @hastrivialdestructor + | @hasuserdestr + | @hasvirtualdestr + | @isabstractexpr + | @isbaseofexpr + | @isclassexpr + | @isconvtoexpr + | @isemptyexpr + | @isenumexpr + | @ispodexpr + | @ispolyexpr + | @isunionexpr + | @typescompexpr + | @builtinshufflevector + | @builtinconvertvector + | @builtinaddressof + | @istriviallyconstructibleexpr + | @isdestructibleexpr + | @isnothrowdestructibleexpr + | @istriviallydestructibleexpr + | @istriviallyassignableexpr + | @isnothrowassignableexpr + | @istrivialexpr + | @isstandardlayoutexpr + | @istriviallycopyableexpr + | @isliteraltypeexpr + | @hastrivialmoveconstructorexpr + | @hastrivialmoveassignexpr + | @hasnothrowmoveassignexpr + | @isconstructibleexpr + | @isnothrowconstructibleexpr + | @hasfinalizerexpr + | @isdelegateexpr + | @isinterfaceclassexpr + | @isrefarrayexpr + | @isrefclassexpr + | @issealedexpr + | @issimplevalueclassexpr + | @isvalueclassexpr + | @isfinalexpr + | @builtinchooseexpr + | @builtincomplex + | @isassignable + | @isaggregate + | @hasuniqueobjectrepresentations + | @builtinbitcast + | @builtinshuffle + | @issame + | @isfunction + | @islayoutcompatible + | @ispointerinterconvertiblebaseof + | @isarray + | @arrayrank + | @arrayextent + | @isarithmetic + | @iscompletetype + | @iscompound + | @isconst + | @isfloatingpoint + | @isfundamental + | @isintegral + | @islvaluereference + | @ismemberfunctionpointer + | @ismemberobjectpointer + | @ismemberpointer + | @isobject + | @ispointer + | @isreference + | @isrvaluereference + | @isscalar + | @issigned + | @isunsigned + | @isvoid + | @isvolatile + | @istriviallycopyassignable + | @isassignablenopreconditioncheck + | @referencebindstotemporary + | @issameas + | @builtinhasattribute + | @ispointerinterconvertiblewithclass + | @builtinispointerinterconvertiblewithclass + | @iscorrespondingmember + | @builtiniscorrespondingmember + | @isboundedarray + | @isunboundedarray + | @isreferenceable + | @isnothrowconvertible + | @referenceconstructsfromtemporary + | @referenceconvertsfromtemporary + | @isconvertible + | @isvalidwinrttype + | @iswinclass + | @iswininterface + | @istriviallyequalitycomparable + | @isscopedenum + | @istriviallyrelocatable + | @isinvocable + | @isnothrowinvocable + | @isbitwisecloneable + ; + +compound_requirement_is_noexcept( + int expr: @compound_requirement ref +); + +new_allocated_type( + unique int expr: @new_expr ref, + int type_id: @type ref +); + +new_array_allocated_type( + unique int expr: @new_array_expr ref, + int type_id: @type ref +); + +param_ref_to_this( + int expr: @param_ref ref +) + +/** + * The field being initialized by an initializer expression within an aggregate + * initializer for a class/struct/union. Position is used to sort repeated initializers. + */ +#keyset[aggregate, position] +aggregate_field_init( + int aggregate: @aggregateliteral ref, + int initializer: @expr ref, + int field: @membervariable ref, + int position: int ref, + boolean is_designated: boolean ref +); + +/** + * The index of the element being initialized by an initializer expression + * within an aggregate initializer for an array. Position is used to sort repeated initializers. + */ +#keyset[aggregate, position] +aggregate_array_init( + int aggregate: @aggregateliteral ref, + int initializer: @expr ref, + int element_index: int ref, + int position: int ref, + boolean is_designated: boolean ref +); + +@ctorinit = @ctordirectinit + | @ctorvirtualinit + | @ctorfieldinit + | @ctordelegatinginit; +@dtordestruct = @dtordirectdestruct + | @dtorvirtualdestruct + | @dtorfielddestruct; + + +condition_decl_bind( + unique int expr: @condition_decl ref, + unique int decl: @declaration ref +); + +typeid_bind( + unique int expr: @type_id ref, + int type_id: @type ref +); + +uuidof_bind( + unique int expr: @uuidof ref, + int type_id: @type ref +); + +@sizeof_or_alignof = @runtime_sizeof | @runtime_alignof | @datasizeof | @sizeof_pack; + +sizeof_bind( + unique int expr: @sizeof_or_alignof ref, + int type_id: @type ref +); + +code_block( + unique int block: @literal ref, + unique int routine: @function ref +); + +lambdas( + unique int expr: @lambdaexpr ref, + string default_capture: string ref, + boolean has_explicit_return_type: boolean ref, + boolean has_explicit_parameter_list: boolean ref +); + +lambda_capture( + unique int id: @lambdacapture, + int lambda: @lambdaexpr ref, + int index: int ref, + int field: @membervariable ref, + boolean captured_by_reference: boolean ref, + boolean is_implicit: boolean ref, + int location: @location_default ref +); + +@funbindexpr = @routineexpr + | @new_expr + | @delete_expr + | @delete_array_expr + | @ctordirectinit + | @ctorvirtualinit + | @ctordelegatinginit + | @dtordirectdestruct + | @dtorvirtualdestruct; + +@varbindexpr = @varaccess | @ctorfieldinit | @dtorfielddestruct; +@addressable = @function | @variable ; +@accessible = @addressable | @enumconstant ; + +@access = @varaccess | @routineexpr ; + +fold( + int expr: @foldexpr ref, + string operator: string ref, + boolean is_left_fold: boolean ref +); + +stmts( + unique int id: @stmt, + int kind: int ref, + int location: @location_default ref +); + +case @stmt.kind of + 1 = @stmt_expr +| 2 = @stmt_if +| 3 = @stmt_while +| 4 = @stmt_goto +| 5 = @stmt_label +| 6 = @stmt_return +| 7 = @stmt_block +| 8 = @stmt_end_test_while // do { ... } while ( ... ) +| 9 = @stmt_for +| 10 = @stmt_switch_case +| 11 = @stmt_switch +| 13 = @stmt_asm // "asm" statement or the body of an asm function +| 15 = @stmt_try_block +| 16 = @stmt_microsoft_try // Microsoft +| 17 = @stmt_decl +| 18 = @stmt_set_vla_size // C99 +| 19 = @stmt_vla_decl // C99 +| 25 = @stmt_assigned_goto // GNU +| 26 = @stmt_empty +| 27 = @stmt_continue +| 28 = @stmt_break +| 29 = @stmt_range_based_for // C++11 +// ... 30 @stmt_at_autoreleasepool_block deprecated +// ... 31 @stmt_objc_for_in deprecated +// ... 32 @stmt_at_synchronized deprecated +| 33 = @stmt_handler +// ... 34 @stmt_finally_end deprecated +| 35 = @stmt_constexpr_if +| 37 = @stmt_co_return +| 38 = @stmt_consteval_if +| 39 = @stmt_not_consteval_if +| 40 = @stmt_leave +; + +type_vla( + int type_id: @type ref, + int decl: @stmt_vla_decl ref +); + +variable_vla( + int var: @variable ref, + int decl: @stmt_vla_decl ref +); + +type_is_vla(unique int type_id: @derivedtype ref) + +if_initialization( + unique int if_stmt: @stmt_if ref, + int init_id: @stmt ref +); + +if_then( + unique int if_stmt: @stmt_if ref, + int then_id: @stmt ref +); + +if_else( + unique int if_stmt: @stmt_if ref, + int else_id: @stmt ref +); + +constexpr_if_initialization( + unique int constexpr_if_stmt: @stmt_constexpr_if ref, + int init_id: @stmt ref +); + +constexpr_if_then( + unique int constexpr_if_stmt: @stmt_constexpr_if ref, + int then_id: @stmt ref +); + +constexpr_if_else( + unique int constexpr_if_stmt: @stmt_constexpr_if ref, + int else_id: @stmt ref +); + +@stmt_consteval_or_not_consteval_if = @stmt_consteval_if | @stmt_not_consteval_if; + +consteval_if_then( + unique int constexpr_if_stmt: @stmt_consteval_or_not_consteval_if ref, + int then_id: @stmt ref +); + +consteval_if_else( + unique int constexpr_if_stmt: @stmt_consteval_or_not_consteval_if ref, + int else_id: @stmt ref +); + +while_body( + unique int while_stmt: @stmt_while ref, + int body_id: @stmt ref +); + +do_body( + unique int do_stmt: @stmt_end_test_while ref, + int body_id: @stmt ref +); + +switch_initialization( + unique int switch_stmt: @stmt_switch ref, + int init_id: @stmt ref +); + +#keyset[switch_stmt, index] +switch_case( + int switch_stmt: @stmt_switch ref, + int index: int ref, + int case_id: @stmt_switch_case ref +); + +switch_body( + unique int switch_stmt: @stmt_switch ref, + int body_id: @stmt ref +); + +@stmt_for_or_range_based_for = @stmt_for + | @stmt_range_based_for; + +for_initialization( + unique int for_stmt: @stmt_for_or_range_based_for ref, + int init_id: @stmt ref +); + +for_condition( + unique int for_stmt: @stmt_for ref, + int condition_id: @expr ref +); + +for_update( + unique int for_stmt: @stmt_for ref, + int update_id: @expr ref +); + +for_body( + unique int for_stmt: @stmt_for ref, + int body_id: @stmt ref +); + +@stmtparent = @stmt | @expr_stmt ; +stmtparents( + unique int id: @stmt ref, + int index: int ref, + int parent: @stmtparent ref +); + +ishandler(unique int block: @stmt_block ref); + +@cfgnode = @stmt | @expr | @function | @initialiser ; + +stmt_decl_bind( + int stmt: @stmt_decl ref, + int num: int ref, + int decl: @declaration ref +); + +stmt_decl_entry_bind( + int stmt: @stmt_decl ref, + int num: int ref, + int decl_entry: @element ref +); + +@parameterized_element = @function | @stmt_block | @requires_expr; + +blockscope( + unique int block: @stmt_block ref, + int enclosing: @parameterized_element ref +); + +@jump = @stmt_goto | @stmt_break | @stmt_continue | @stmt_leave; + +@jumporlabel = @jump | @stmt_label | @literal; + +jumpinfo( + unique int id: @jumporlabel ref, + string str: string ref, + int target: @stmt ref +); + +preprocdirects( + unique int id: @preprocdirect, + int kind: int ref, + int location: @location_default ref +); +case @preprocdirect.kind of + 0 = @ppd_if +| 1 = @ppd_ifdef +| 2 = @ppd_ifndef +| 3 = @ppd_elif +| 4 = @ppd_else +| 5 = @ppd_endif +| 6 = @ppd_plain_include +| 7 = @ppd_define +| 8 = @ppd_undef +| 9 = @ppd_line +| 10 = @ppd_error +| 11 = @ppd_pragma +| 12 = @ppd_objc_import +| 13 = @ppd_include_next +| 14 = @ppd_ms_import +| 15 = @ppd_elifdef +| 16 = @ppd_elifndef +| 17 = @ppd_embed +| 18 = @ppd_warning +; + +@ppd_include = @ppd_plain_include | @ppd_objc_import | @ppd_include_next | @ppd_ms_import; + +@ppd_branch = @ppd_if | @ppd_ifdef | @ppd_ifndef | @ppd_elif | @ppd_elifdef | @ppd_elifndef; + +preprocpair( + int begin : @ppd_branch ref, + int elseelifend : @preprocdirect ref +); + +preproctrue(int branch : @ppd_branch ref); +preprocfalse(int branch : @ppd_branch ref); + +preproctext( + unique int id: @preprocdirect ref, + string head: string ref, + string body: string ref +); + +includes( + unique int id: @ppd_include ref, + int included: @file ref +); + +embeds( + unique int id: @ppd_embed ref, + int included: @file ref +); + +link_targets( + int id: @link_target, + int binary: @file ref +); + +link_parent( + int element : @element ref, + int link_target : @link_target ref +); + +/*- Database metadata -*/ + +/** + * The CLI will automatically emit applicable tuples for this table, + * such as `databaseMetadata("isOverlay", "true")` when building an + * overlay database. + */ +databaseMetadata( + string metadataKey: string ref, + string value: string ref +); + +/*- Overlay support -*/ + +/** + * The CLI will automatically emit tuples for each new/modified/deleted file + * when building an overlay database. + */ +overlayChangedFiles( + string path: string ref +); + +/*- XML Files -*/ + +xmlEncoding( + unique int id: @file ref, + string encoding: string ref +); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref +); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref +); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref +); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref +); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref +); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref +); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref +); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref +); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; diff --git a/cpp/downgrades/ef8d209a22e27413aaaeff4446f0ecb9fa2c227b/semmlecode.cpp.dbscheme b/cpp/downgrades/ef8d209a22e27413aaaeff4446f0ecb9fa2c227b/semmlecode.cpp.dbscheme new file mode 100644 index 000000000000..837c4e02326a --- /dev/null +++ b/cpp/downgrades/ef8d209a22e27413aaaeff4446f0ecb9fa2c227b/semmlecode.cpp.dbscheme @@ -0,0 +1,2561 @@ + +/*- Compilations -*/ + +/** + * An invocation of the compiler. Note that more than one file may be + * compiled per invocation. For example, this command compiles three + * source files: + * + * gcc -c f1.c f2.c f3.c + * + * The `id` simply identifies the invocation, while `cwd` is the working + * directory from which the compiler was invoked. + */ +compilations( + /** + * An invocation of the compiler. Note that more than one file may + * be compiled per invocation. For example, this command compiles + * three source files: + * + * gcc -c f1.c f2.c f3.c + */ + unique int id : @compilation, + string cwd : string ref +); + +/** + * The arguments that were passed to the extractor for a compiler + * invocation. If `id` is for the compiler invocation + * + * gcc -c f1.c f2.c f3.c + * + * then typically there will be rows for + * + * num | arg + * --- | --- + * 0 | *path to extractor* + * 1 | `--mimic` + * 2 | `/usr/bin/gcc` + * 3 | `-c` + * 4 | f1.c + * 5 | f2.c + * 6 | f3.c + */ +#keyset[id, num] +compilation_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The expanded arguments that were passed to the extractor for a + * compiler invocation. This is similar to `compilation_args`, but + * for a `@someFile` argument, it includes the arguments from that + * file, rather than just taking the argument literally. + */ +#keyset[id, num] +compilation_expanded_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * Optionally, record the build mode for each compilation. + */ +compilation_build_mode( + unique int id : @compilation ref, + int mode : int ref +); + +/* +case @compilation_build_mode.mode of + 0 = @build_mode_none +| 1 = @build_mode_manual +| 2 = @build_mode_auto +; +*/ + +/** + * The source files that are compiled by a compiler invocation. + * If `id` is for the compiler invocation + * + * gcc -c f1.c f2.c f3.c + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | f1.c + * 1 | f2.c + * 2 | f3.c + * + * Note that even if those files `#include` headers, those headers + * do not appear as rows. + */ +#keyset[id, num] +compilation_compiling_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The time taken by the extractor for a compiler invocation. + * + * For each file `num`, there will be rows for + * + * kind | seconds + * ---- | --- + * 1 | CPU seconds used by the extractor frontend + * 2 | Elapsed seconds during the extractor frontend + * 3 | CPU seconds used by the extractor backend + * 4 | Elapsed seconds during the extractor backend + */ +#keyset[id, num, kind] +compilation_time( + int id : @compilation ref, + int num : int ref, + /* kind: + 1 = frontend_cpu_seconds + 2 = frontend_elapsed_seconds + 3 = extractor_cpu_seconds + 4 = extractor_elapsed_seconds + */ + int kind : int ref, + float seconds : float ref +); + +/** + * An error or warning generated by the extractor. + * The diagnostic message `diagnostic` was generated during compiler + * invocation `compilation`, and is the `file_number_diagnostic_number`th + * message generated while extracting the `file_number`th file of that + * invocation. + */ +#keyset[compilation, file_number, file_number_diagnostic_number] +diagnostic_for( + int diagnostic : @diagnostic ref, + int compilation : @compilation ref, + int file_number : int ref, + int file_number_diagnostic_number : int ref +); + +/** + * If extraction was successful, then `cpu_seconds` and + * `elapsed_seconds` are the CPU time and elapsed time (respectively) + * that extraction took for compiler invocation `id`. + */ +compilation_finished( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref +); + +/*- External data -*/ + +/** + * External data, loaded from CSV files during snapshot creation. See + * [Tutorial: Incorporating external data](https://help.semmle.com/wiki/display/SD/Tutorial%3A+Incorporating+external+data) + * for more information. + */ +externalData( + int id : @externalDataElement, + string path : string ref, + int column: int ref, + string value : string ref +); + +/*- Source location prefix -*/ + +/** + * The source location of the snapshot. + */ +sourceLocationPrefix(string prefix : string ref); + +/*- Files and folders -*/ + +/** + * The location of an element. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @file | @folder + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +/*- Lines of code -*/ + +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref +); + +/*- Diagnostic messages -*/ + +diagnostics( + unique int id: @diagnostic, + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location_default ref +); + +/*- C++ dbscheme -*/ + +extractor_version( + string codeql_version: string ref, + string frontend_version: string ref +) + +/** + * Gives the TRAP filename that `trap` is associated with. + * For debugging only. + */ +trap_filename( + int trap: @trap, + string filename: string ref +); + +/** + * Gives the tag name for `tag`. + * For debugging only. + */ +tag_name( + int tag: @tag, + string name: string ref +); + +@trap_or_tag = @tag | @trap; + +/** + * Gives the name for the source file. + */ +source_file_name( + int sf: @source_file, + string name: string ref +); + +/** + * In `build-mode: none` overlay mode, indicates that `source_file` + * (`/path/to/foo.c`) uses the TRAP file `trap_file`; i.e. it is the + * TRAP file corresponding to `foo.c`, something it transitively + * includes, or a template instantiation it transitively uses. + */ +source_file_uses_trap( + int source_file: @source_file ref, + int trap_file: @trap ref +); + +/** + * In `build-mode: none` overlay mode, indicates that the TRAP file + * `trap_file` uses tag `tag`. + */ +trap_uses_tag( + int trap_file: @trap ref, + int tag: @tag ref +); + +/** + * Holds if there is a definition of `element` in TRAP file or tag `t`. + */ +in_trap_or_tag( + int element: @element ref, + int t: @trap_or_tag ref +); + +pch_uses( + int pch: @pch ref, + int compilation: @compilation ref, + int id: @file ref +) + +#keyset[pch, compilation] +pch_creations( + int pch: @pch, + int compilation: @compilation ref, + int from: @file ref +) + +/** An element for which line-count information is available. */ +@sourceline = @file | @function | @variable | @enumconstant | @xmllocatable; + +fileannotations( + int id: @file ref, + int kind: int ref, + string name: string ref, + string value: string ref +); + +inmacroexpansion( + int id: @element ref, + int inv: @macroinvocation ref +); + +affectedbymacroexpansion( + int id: @element ref, + int inv: @macroinvocation ref +); + +case @macroinvocation.kind of + 1 = @macro_expansion +| 2 = @other_macro_reference +; + +macroinvocations( + unique int id: @macroinvocation, + int macro_id: @ppd_define ref, + int location: @location_default ref, + int kind: int ref +); + +macroparent( + unique int id: @macroinvocation ref, + int parent_id: @macroinvocation ref +); + +// a macroinvocation may be part of another location +// the way to find a constant expression that uses a macro +// is thus to find a constant expression that has a location +// to which a macro invocation is bound +macrolocationbind( + int id: @macroinvocation ref, + int location: @location_default ref +); + +#keyset[invocation, argument_index] +macro_argument_unexpanded( + int invocation: @macroinvocation ref, + int argument_index: int ref, + string text: string ref +); + +#keyset[invocation, argument_index] +macro_argument_expanded( + int invocation: @macroinvocation ref, + int argument_index: int ref, + string text: string ref +); + +case @function.kind of + 0 = @unknown_function +| 1 = @normal_function +| 2 = @constructor +| 3 = @destructor +| 4 = @conversion_function +| 5 = @operator +// ... 6 = @builtin_function deprecated // GCC built-in functions, e.g. __builtin___memcpy_chk +| 7 = @user_defined_literal +| 8 = @deduction_guide +; + +functions( + unique int id: @function, + string name: string ref, + int kind: int ref +); + +builtin_functions( + int id: @function ref +) + +function_entry_point( + int id: @function ref, + unique int entry_point: @stmt ref +); + +function_return_type( + int id: @function ref, + int return_type: @type ref +); + +/** + * If `function` is a coroutine, then this gives the `std::experimental::resumable_traits` + * instance associated with it, and the variables representing the `handle` and `promise` + * for it. + */ +coroutine( + unique int function: @function ref, + int traits: @type ref +); + +/* +case @coroutine_placeholder_variable.kind of + 1 = @handle +| 2 = @promise +| 3 = @init_await_resume +; +*/ + +coroutine_placeholder_variable( + unique int placeholder_variable: @variable ref, + int kind: int ref, + int function: @function ref +) + +/** The `new` function used for allocating the coroutine state, if any. */ +coroutine_new( + unique int function: @function ref, + int new: @function ref +); + +/** The `delete` function used for deallocating the coroutine state, if any. */ +coroutine_delete( + unique int function: @function ref, + int delete: @function ref +); + +purefunctions(unique int id: @function ref); + +function_deleted(unique int id: @function ref); + +function_defaulted(unique int id: @function ref); + +function_prototyped(unique int id: @function ref) + +deduction_guide_for_class( + int id: @function ref, + int class_template: @usertype ref +) + +member_function_this_type( + unique int id: @function ref, + int this_type: @type ref +); + +#keyset[id, type_id] +fun_decls( + int id: @fun_decl, + int function: @function ref, + int type_id: @type ref, + string name: string ref, + int location: @location_default ref +); +fun_def(unique int id: @fun_decl ref); +fun_specialized(unique int id: @fun_decl ref); +fun_implicit(unique int id: @fun_decl ref); +fun_decl_specifiers( + int id: @fun_decl ref, + string name: string ref +) +#keyset[fun_decl, index] +fun_decl_throws( + int fun_decl: @fun_decl ref, + int index: int ref, + int type_id: @type ref +); +/* an empty throw specification is different from none */ +fun_decl_empty_throws(unique int fun_decl: @fun_decl ref); +fun_decl_noexcept( + int fun_decl: @fun_decl ref, + int constant: @expr ref +); +fun_decl_empty_noexcept(int fun_decl: @fun_decl ref); +fun_decl_typedef_type( + unique int fun_decl: @fun_decl ref, + int typedeftype_id: @usertype ref +); + +/* +case @fun_requires.kind of + 1 = @template_attached +| 2 = @function_attached +; +*/ + +fun_requires( + int id: @fun_decl ref, + int kind: int ref, + int constraint: @expr ref +); + +param_decl_bind( + unique int id: @var_decl ref, + int index: int ref, + int fun_decl: @fun_decl ref +); + +#keyset[id, type_id] +var_decls( + int id: @var_decl, + int variable: @variable ref, + int type_id: @type ref, + string name: string ref, + int location: @location_default ref +); +var_def(unique int id: @var_decl ref); +var_specialized(int id: @var_decl ref); +var_decl_specifiers( + int id: @var_decl ref, + string name: string ref +) +is_structured_binding(unique int id: @variable ref); +var_requires( + int id: @var_decl ref, + int constraint: @expr ref +); + +type_decls( + unique int id: @type_decl, + int type_id: @type ref, + int location: @location_default ref +); +type_def(unique int id: @type_decl ref); +type_decl_top( + unique int type_decl: @type_decl ref +); +type_requires( + int id: @type_decl ref, + int constraint: @expr ref +); + +namespace_decls( + unique int id: @namespace_decl, + int namespace_id: @namespace ref, + int location: @location_default ref, + int bodylocation: @location_default ref +); + +case @using.kind of + 1 = @using_declaration +| 2 = @using_directive +| 3 = @using_enum_declaration +; + +usings( + unique int id: @using, + int element_id: @element ref, + int location: @location_default ref, + int kind: int ref +); + +/** The element which contains the `using` declaration. */ +using_container( + int parent: @element ref, + int child: @using ref +); + +static_asserts( + unique int id: @static_assert, + int condition : @expr ref, + string message : string ref, + int location: @location_default ref, + int enclosing : @element ref +); + +// each function has an ordered list of parameters +#keyset[id, type_id] +#keyset[function, index, type_id] +params( + int id: @parameter, + int function: @parameterized_element ref, + int index: int ref, + int type_id: @type ref +); + +overrides( + int new: @function ref, + int old: @function ref +); + +#keyset[id, type_id] +membervariables( + int id: @membervariable, + int type_id: @type ref, + string name: string ref +); + +#keyset[id, type_id] +globalvariables( + int id: @globalvariable, + int type_id: @type ref, + string name: string ref +); + +#keyset[id, type_id] +localvariables( + int id: @localvariable, + int type_id: @type ref, + string name: string ref +); + +autoderivation( + unique int var: @variable ref, + int derivation_type: @type ref +); + +orphaned_variables( + int var: @localvariable ref, + int function: @function ref +) + +enumconstants( + unique int id: @enumconstant, + int parent: @usertype ref, + int index: int ref, + int type_id: @type ref, + string name: string ref, + int location: @location_default ref +); + +@variable = @localscopevariable | @globalvariable | @membervariable; + +@localscopevariable = @localvariable | @parameter; + +/** + * Built-in types are the fundamental types, e.g., integral, floating, and void. + */ +case @builtintype.kind of + 1 = @errortype +| 2 = @unknowntype +| 3 = @void +| 4 = @boolean +| 5 = @char +| 6 = @unsigned_char +| 7 = @signed_char +| 8 = @short +| 9 = @unsigned_short +| 10 = @signed_short +| 11 = @int +| 12 = @unsigned_int +| 13 = @signed_int +| 14 = @long +| 15 = @unsigned_long +| 16 = @signed_long +| 17 = @long_long +| 18 = @unsigned_long_long +| 19 = @signed_long_long +// ... 20 Microsoft-specific __int8 +// ... 21 Microsoft-specific __int16 +// ... 22 Microsoft-specific __int32 +// ... 23 Microsoft-specific __int64 +| 24 = @float +| 25 = @double +| 26 = @long_double +| 27 = @complex_float // C99-specific _Complex float +| 28 = @complex_double // C99-specific _Complex double +| 29 = @complex_long_double // C99-specific _Complex long double +| 30 = @imaginary_float // C99-specific _Imaginary float +| 31 = @imaginary_double // C99-specific _Imaginary double +| 32 = @imaginary_long_double // C99-specific _Imaginary long double +| 33 = @wchar_t // Microsoft-specific +| 34 = @decltype_nullptr // C++11 +| 35 = @int128 // __int128 +| 36 = @unsigned_int128 // unsigned __int128 +| 37 = @signed_int128 // signed __int128 +| 38 = @float128 // __float128 +| 39 = @complex_float128 // _Complex __float128 +// ... 40 _Decimal32 +// ... 41 _Decimal64 +// ... 42 _Decimal128 +| 43 = @char16_t +| 44 = @char32_t +| 45 = @std_float32 // _Float32 +| 46 = @float32x // _Float32x +| 47 = @std_float64 // _Float64 +| 48 = @float64x // _Float64x +| 49 = @std_float128 // _Float128 +// ... 50 _Float128x +| 51 = @char8_t +| 52 = @float16 // _Float16 +| 53 = @complex_float16 // _Complex _Float16 +| 54 = @fp16 // __fp16 +| 55 = @std_bfloat16 // __bf16 +| 56 = @std_float16 // std::float16_t +| 57 = @complex_std_float32 // _Complex _Float32 +| 58 = @complex_float32x // _Complex _Float32x +| 59 = @complex_std_float64 // _Complex _Float64 +| 60 = @complex_float64x // _Complex _Float64x +| 61 = @complex_std_float128 // _Complex _Float128 +| 62 = @mfp8 // __mfp8 +| 63 = @scalable_vector_count // __SVCount_t +| 64 = @complex_fp16 // _Complex __fp16 +| 65 = @complex_std_bfloat16 // _Complex __bf16 +| 66 = @complex_std_float16 // _Complex std::float16_t +; + +builtintypes( + unique int id: @builtintype, + string name: string ref, + int kind: int ref, + int size: int ref, + int sign: int ref, + int alignment: int ref +); + +/** + * Derived types are types that are directly derived from existing types and + * point to, refer to, transform type data to return a new type. + */ +case @derivedtype.kind of + 1 = @pointer +| 2 = @reference +| 3 = @type_with_specifiers +| 4 = @array +| 5 = @gnu_vector +| 6 = @routineptr +| 7 = @routinereference +| 8 = @rvalue_reference // C++11 +// ... 9 type_conforming_to_protocols deprecated +| 10 = @block +| 11 = @scalable_vector // Arm SVE +; + +derivedtypes( + unique int id: @derivedtype, + string name: string ref, + int kind: int ref, + int type_id: @type ref +); + +pointerishsize(unique int id: @derivedtype ref, + int size: int ref, + int alignment: int ref); + +arraysizes( + unique int id: @derivedtype ref, + int num_elements: int ref, + int bytesize: int ref, + int alignment: int ref +); + +tupleelements( + unique int id: @derivedtype ref, + int num_elements: int ref +); + +typedefbase( + unique int id: @usertype ref, + int type_id: @type ref +); + +/** + * An instance of the C++11 `decltype` operator or C23 `typeof`/`typeof_unqual` + * operator taking an expression as its argument. For example: + * ``` + * int a; + * decltype(1+a) b; + * typeof(1+a) c; + * ``` + * Here `expr` is `1+a`. + * + * Sometimes an additional pair of parentheses around the expression + * changes the semantics of the decltype, e.g. + * ``` + * struct A { double x; }; + * const A* a = new A(); + * decltype( a->x ); // type is double + * decltype((a->x)); // type is const double& + * ``` + * (Please consult the C++11 standard for more details). + * `parentheses_would_change_meaning` is `true` iff that is the case. + */ + +/* +case @decltype.kind of +| 0 = @decltype +| 1 = @typeof // The frontend does not differentiate between typeof and typeof_unqual +; +*/ + +#keyset[id, expr] +decltypes( + int id: @decltype, + int expr: @expr ref, + int kind: int ref, + int base_type: @type ref, + boolean parentheses_would_change_meaning: boolean ref +); + +case @type_operator.kind of + 0 = @typeof // The frontend does not differentiate between typeof and typeof_unqual +| 1 = @underlying_type +| 2 = @bases +| 3 = @direct_bases +| 4 = @add_lvalue_reference +| 5 = @add_pointer +| 6 = @add_rvalue_reference +| 7 = @decay +| 8 = @make_signed +| 9 = @make_unsigned +| 10 = @remove_all_extents +| 11 = @remove_const +| 12 = @remove_cv +| 13 = @remove_cvref +| 14 = @remove_extent +| 15 = @remove_pointer +| 16 = @remove_reference_t +| 17 = @remove_restrict +| 18 = @remove_volatile +| 19 = @remove_reference +; + +type_operators( + unique int id: @type_operator, + int arg_type: @type ref, + int kind: int ref, + int base_type: @type ref +) + +case @usertype.kind of + 0 = @unknown_usertype +| 1 = @struct +| 2 = @class +| 3 = @union +| 4 = @enum +// ... 5 = @typedef deprecated // classic C: typedef typedef type name +// ... 6 = @template deprecated +| 7 = @template_parameter +| 8 = @template_template_parameter +| 9 = @proxy_class // a proxy class associated with a template parameter +// ... 10 objc_class deprecated +// ... 11 objc_protocol deprecated +// ... 12 objc_category deprecated +| 13 = @scoped_enum +// ... 14 = @using_alias deprecated // a using name = type style typedef +| 15 = @template_struct +| 16 = @template_class +| 17 = @template_union +| 18 = @alias +; + +usertypes( + unique int id: @usertype, + string name: string ref, + int kind: int ref +); + +usertypesize( + unique int id: @usertype ref, + int size: int ref, + int alignment: int ref +); + +usertype_final(unique int id: @usertype ref); + +usertype_uuid( + unique int id: @usertype ref, + string uuid: string ref +); + +/* +case @usertype.alias_kind of +| 0 = @typedef +| 1 = @alias +*/ + +usertype_alias_kind( + int id: @usertype ref, + int alias_kind: int ref +) + +nontype_template_parameters( + int id: @expr ref +); + +type_template_type_constraint( + int id: @usertype ref, + int constraint: @expr ref +); + +mangled_name( + unique int id: @declaration ref, + int mangled_name : @mangledname, + boolean is_complete: boolean ref +); + +is_pod_class(unique int id: @usertype ref); +is_standard_layout_class(unique int id: @usertype ref); + +is_complete(unique int id: @usertype ref); + +is_class_template(unique int id: @usertype ref); +class_instantiation( + int to: @usertype ref, + int from: @usertype ref +); +class_template_argument( + int type_id: @usertype ref, + int index: int ref, + int arg_type: @type ref +); +class_template_argument_value( + int type_id: @usertype ref, + int index: int ref, + int arg_value: @expr ref +); + +@user_or_decltype = @usertype | @decltype; + +is_proxy_class_for( + unique int id: @usertype ref, + int templ_param_id: @user_or_decltype ref +); + +type_mentions( + unique int id: @type_mention, + int type_id: @type ref, + int location: @location_default ref, + // a_symbol_reference_kind from the frontend. + int kind: int ref +); + +is_function_template(unique int id: @function ref); +function_instantiation( + unique int to: @function ref, + int from: @function ref +); +function_template_argument( + int function_id: @function ref, + int index: int ref, + int arg_type: @type ref +); +function_template_argument_value( + int function_id: @function ref, + int index: int ref, + int arg_value: @expr ref +); + +is_variable_template(unique int id: @variable ref); +variable_instantiation( + unique int to: @variable ref, + int from: @variable ref +); +variable_template_argument( + int variable_id: @variable ref, + int index: int ref, + int arg_type: @type ref +); +variable_template_argument_value( + int variable_id: @variable ref, + int index: int ref, + int arg_value: @expr ref +); + +is_alias_template(unique int id: @usertype ref); +alias_instantiation( + unique int to: @usertype ref, + int from: @usertype ref +); +alias_template_argument( + int variable_id: @usertype ref, + int index: int ref, + int arg_type: @type ref +); +alias_template_argument_value( + int variable_id: @usertype ref, + int index: int ref, + int arg_value: @expr ref +); + +template_template_instantiation( + int to: @usertype ref, + int from: @usertype ref +); +template_template_argument( + int type_id: @usertype ref, + int index: int ref, + int arg_type: @type ref +); +template_template_argument_value( + int type_id: @usertype ref, + int index: int ref, + int arg_value: @expr ref +); + +@concept = @concept_template | @concept_id; + +concept_templates( + unique int concept_id: @concept_template, + string name: string ref, + int location: @location_default ref +); +concept_instantiation( + unique int to: @concept_id ref, + int from: @concept_template ref +); +is_type_constraint(int concept_id: @concept_id ref); +concept_template_argument( + int concept_id: @concept ref, + int index: int ref, + int arg_type: @type ref +); +concept_template_argument_value( + int concept_id: @concept ref, + int index: int ref, + int arg_value: @expr ref +); + +routinetypes( + unique int id: @routinetype, + int return_type: @type ref +); + +routinetypeargs( + int routine: @routinetype ref, + int index: int ref, + int type_id: @type ref +); + +ptrtomembers( + unique int id: @ptrtomember, + int type_id: @type ref, + int class_id: @type ref +); + +/* + specifiers for types, functions, and variables + + "public", + "protected", + "private", + + "const", + "volatile", + "static", + + "pure", + "virtual", + "sealed", // Microsoft + "__interface", // Microsoft + "inline", + "explicit", + + "near", // near far extension + "far", // near far extension + "__ptr32", // Microsoft + "__ptr64", // Microsoft + "__sptr", // Microsoft + "__uptr", // Microsoft + "dllimport", // Microsoft + "dllexport", // Microsoft + "thread", // Microsoft + "naked", // Microsoft + "microsoft_inline", // Microsoft + "forceinline", // Microsoft + "selectany", // Microsoft + "nothrow", // Microsoft + "novtable", // Microsoft + "noreturn", // Microsoft + "noinline", // Microsoft + "noalias", // Microsoft + "restrict", // Microsoft +*/ + +specifiers( + unique int id: @specifier, + unique string str: string ref +); + +typespecifiers( + int type_id: @type ref, + int spec_id: @specifier ref +); + +funspecifiers( + int func_id: @function ref, + int spec_id: @specifier ref +); + +varspecifiers( + int var_id: @accessible ref, + int spec_id: @specifier ref +); + +explicit_specifier_exprs( + unique int func_id: @function ref, + int constant: @expr ref +) + +attributes( + unique int id: @attribute, + int kind: int ref, + string name: string ref, + string name_space: string ref, + int location: @location_default ref +); + +case @attribute.kind of + 0 = @gnuattribute +| 1 = @stdattribute +| 2 = @declspec +| 3 = @msattribute +| 4 = @alignas +// ... 5 @objc_propertyattribute deprecated +; + +attribute_args( + unique int id: @attribute_arg, + int kind: int ref, + int attribute: @attribute ref, + int index: int ref, + int location: @location_default ref +); + +case @attribute_arg.kind of + 0 = @attribute_arg_empty +| 1 = @attribute_arg_token +| 2 = @attribute_arg_constant +| 3 = @attribute_arg_type +| 4 = @attribute_arg_constant_expr +| 5 = @attribute_arg_expr +; + +attribute_arg_value( + unique int arg: @attribute_arg ref, + string value: string ref +); +attribute_arg_type( + unique int arg: @attribute_arg ref, + int type_id: @type ref +); +attribute_arg_constant( + unique int arg: @attribute_arg ref, + int constant: @expr ref +) +attribute_arg_expr( + unique int arg: @attribute_arg ref, + int expr: @expr ref +) +attribute_arg_name( + unique int arg: @attribute_arg ref, + string name: string ref +); + +typeattributes( + int type_id: @type ref, + int spec_id: @attribute ref +); + +funcattributes( + int func_id: @function ref, + int spec_id: @attribute ref +); + +varattributes( + int var_id: @accessible ref, + int spec_id: @attribute ref +); + +namespaceattributes( + int namespace_id: @namespace ref, + int spec_id: @attribute ref +); + +stmtattributes( + int stmt_id: @stmt ref, + int spec_id: @attribute ref +); + +@type = @builtintype + | @derivedtype + | @usertype + | @routinetype + | @ptrtomember + | @decltype + | @type_operator; + +unspecifiedtype( + unique int type_id: @type ref, + int unspecified_type_id: @type ref +); + +member( + int parent: @type ref, + int index: int ref, + int child: @member ref +); + +@enclosingfunction_child = @usertype | @variable | @namespace + +enclosingfunction( + unique int child: @enclosingfunction_child ref, + int parent: @function ref +); + +derivations( + unique int derivation: @derivation, + int sub: @type ref, + int index: int ref, + int super: @type ref, + int location: @location_default ref +); + +derspecifiers( + int der_id: @derivation ref, + int spec_id: @specifier ref +); + +/** + * Contains the byte offset of the base class subobject within the derived + * class. Only holds for non-virtual base classes, but see table + * `virtual_base_offsets` for offsets of virtual base class subobjects. + */ +direct_base_offsets( + unique int der_id: @derivation ref, + int offset: int ref +); + +/** + * Contains the byte offset of the virtual base class subobject for class + * `super` within a most-derived object of class `sub`. `super` can be either a + * direct or indirect base class. + */ +#keyset[sub, super] +virtual_base_offsets( + int sub: @usertype ref, + int super: @usertype ref, + int offset: int ref +); + +frienddecls( + unique int id: @frienddecl, + int type_id: @type ref, + int decl_id: @declaration ref, + int location: @location_default ref +); + +@declaredtype = @usertype ; + +@declaration = @function + | @declaredtype + | @variable + | @enumconstant + | @frienddecl + | @concept_template; + +@member = @membervariable + | @function + | @declaredtype + | @enumconstant; + +@locatable = @diagnostic + | @declaration + | @ppd_include + | @ppd_define + | @macroinvocation + /*| @funcall*/ + | @xmllocatable + | @attribute + | @attribute_arg; + +@namedscope = @namespace | @usertype; + +@element = @locatable + | @file + | @folder + | @specifier + | @type + | @expr + | @namespace + | @initialiser + | @stmt + | @derivation + | @comment + | @preprocdirect + | @fun_decl + | @var_decl + | @type_decl + | @namespace_decl + | @using + | @namequalifier + | @specialnamequalifyingelement + | @static_assert + | @type_mention + | @lambdacapture; + +@exprparent = @element; + +comments( + unique int id: @comment, + string contents: string ref, + int location: @location_default ref +); + +commentbinding( + int id: @comment ref, + int element: @element ref +); + +exprconv( + int converted: @expr ref, + unique int conversion: @expr ref +); + +compgenerated(unique int id: @element ref); + +/** + * `destructor_call` destructs the `i`'th entity that should be + * destructed following `element`. Note that entities should be + * destructed in reverse construction order, so for a given `element` + * these should be called from highest to lowest `i`. + */ +#keyset[element, destructor_call] +#keyset[element, i] +synthetic_destructor_call( + int element: @element ref, + int i: int ref, + int destructor_call: @routineexpr ref +); + +namespaces( + unique int id: @namespace, + string name: string ref +); + +namespace_inline( + unique int id: @namespace ref +); + +namespacembrs( + int parentid: @namespace ref, + unique int memberid: @namespacembr ref +); + +@namespacembr = @declaration | @namespace; + +exprparents( + int expr_id: @expr ref, + int child_index: int ref, + int parent_id: @exprparent ref +); + +expr_isload(unique int expr_id: @expr ref); + +@cast = @c_style_cast + | @const_cast + | @dynamic_cast + | @reinterpret_cast + | @static_cast + ; + +/* +case @conversion.kind of + 0 = @simple_conversion // a numeric conversion, qualification conversion, or a reinterpret_cast +| 1 = @bool_conversion // conversion to 'bool' +| 2 = @base_class_conversion // a derived-to-base conversion +| 3 = @derived_class_conversion // a base-to-derived conversion +| 4 = @pm_base_class_conversion // a derived-to-base conversion of a pointer to member +| 5 = @pm_derived_class_conversion // a base-to-derived conversion of a pointer to member +| 6 = @glvalue_adjust // an adjustment of the type of a glvalue +| 7 = @prvalue_adjust // an adjustment of the type of a prvalue +; +*/ +/** + * Describes the semantics represented by a cast expression. This is largely + * independent of the source syntax of the cast, so it is separate from the + * regular expression kind. + */ +conversionkinds( + unique int expr_id: @cast ref, + int kind: int ref +); + +@conversion = @cast + | @array_to_pointer + | @parexpr + | @reference_to + | @ref_indirect + | @temp_init + | @c11_generic + ; + +/* +case @funbindexpr.kind of + 0 = @normal_call // a normal call +| 1 = @virtual_call // a virtual call +| 2 = @adl_call // a call whose target is only found by ADL +; +*/ +iscall( + unique int caller: @funbindexpr ref, + int kind: int ref +); + +numtemplatearguments( + unique int expr_id: @expr ref, + int num: int ref +); + +specialnamequalifyingelements( + unique int id: @specialnamequalifyingelement, + unique string name: string ref +); + +@namequalifiableelement = @expr | @namequalifier; +@namequalifyingelement = @namespace + | @specialnamequalifyingelement + | @usertype + | @decltype; + +namequalifiers( + unique int id: @namequalifier, + unique int qualifiableelement: @namequalifiableelement ref, + int qualifyingelement: @namequalifyingelement ref, + int location: @location_default ref +); + +varbind( + int expr: @varbindexpr ref, + int var: @accessible ref +); + +funbind( + int expr: @funbindexpr ref, + int fun: @function ref +); + +@any_new_expr = @new_expr + | @new_array_expr; + +@new_or_delete_expr = @any_new_expr + | @delete_expr + | @delete_array_expr; + +@prefix_crement_expr = @preincrexpr | @predecrexpr; + +@postfix_crement_expr = @postincrexpr | @postdecrexpr; + +@increment_expr = @preincrexpr | @postincrexpr; + +@decrement_expr = @predecrexpr | @postdecrexpr; + +@crement_expr = @increment_expr | @decrement_expr; + +@un_arith_op_expr = @arithnegexpr + | @unaryplusexpr + | @conjugation + | @realpartexpr + | @imagpartexpr + | @crement_expr + ; + +@un_bitwise_op_expr = @complementexpr; + +@un_log_op_expr = @notexpr; + +@un_op_expr = @address_of + | @indirect + | @un_arith_op_expr + | @un_bitwise_op_expr + | @builtinaddressof + | @vec_fill + | @un_log_op_expr + | @co_await + | @co_yield + ; + +@bin_log_op_expr = @andlogicalexpr | @orlogicalexpr; + +@cmp_op_expr = @eq_op_expr | @rel_op_expr; + +@eq_op_expr = @eqexpr | @neexpr; + +@rel_op_expr = @gtexpr + | @ltexpr + | @geexpr + | @leexpr + | @spaceshipexpr + ; + +@bin_bitwise_op_expr = @lshiftexpr + | @rshiftexpr + | @andexpr + | @orexpr + | @xorexpr + ; + +@p_arith_op_expr = @paddexpr + | @psubexpr + | @pdiffexpr + ; + +@bin_arith_op_expr = @addexpr + | @subexpr + | @mulexpr + | @divexpr + | @remexpr + | @jmulexpr + | @jdivexpr + | @fjaddexpr + | @jfaddexpr + | @fjsubexpr + | @jfsubexpr + | @minexpr + | @maxexpr + | @p_arith_op_expr + ; + +@bin_op_expr = @bin_arith_op_expr + | @bin_bitwise_op_expr + | @cmp_op_expr + | @bin_log_op_expr + ; + +@op_expr = @un_op_expr + | @bin_op_expr + | @assign_expr + | @conditionalexpr + ; + +@assign_arith_expr = @assignaddexpr + | @assignsubexpr + | @assignmulexpr + | @assigndivexpr + | @assignremexpr + ; + +@assign_bitwise_expr = @assignandexpr + | @assignorexpr + | @assignxorexpr + | @assignlshiftexpr + | @assignrshiftexpr + ; + +@assign_pointer_expr = @assignpaddexpr + | @assignpsubexpr + ; + +@assign_op_expr = @assign_arith_expr + | @assign_bitwise_expr + | @assign_pointer_expr + ; + +@assign_expr = @assignexpr | @assign_op_expr | @blockassignexpr + +/* + Binary encoding of the allocator form. + + case @allocator.form of + 0 = plain + | 1 = alignment + ; +*/ + +/** + * The allocator function associated with a `new` or `new[]` expression. + * The `form` column specified whether the allocation call contains an alignment + * argument. + */ +expr_allocator( + unique int expr: @any_new_expr ref, + int func: @function ref, + int form: int ref +); + +/* + Binary encoding of the deallocator form. + + case @deallocator.form of + 0 = plain + | 1 = size + | 2 = alignment + | 4 = destroying_delete + ; +*/ + +/** + * The deallocator function associated with a `delete`, `delete[]`, `new`, or + * `new[]` expression. For a `new` or `new[]` expression, the deallocator is the + * one used to free memory if the initialization throws an exception. + * The `form` column specifies whether the deallocation call contains a size + * argument, and alignment argument, or both. + */ +expr_deallocator( + unique int expr: @new_or_delete_expr ref, + int func: @function ref, + int form: int ref +); + +/** + * Holds if the `@conditionalexpr` is of the two operand form + * `guard ? : false`. + */ +expr_cond_two_operand( + unique int cond: @conditionalexpr ref +); + +/** + * The guard of `@conditionalexpr` `guard ? true : false` + */ +expr_cond_guard( + unique int cond: @conditionalexpr ref, + int guard: @expr ref +); + +/** + * The expression used when the guard of `@conditionalexpr` + * `guard ? true : false` holds. For the two operand form + * `guard ?: false` consider using `expr_cond_guard` instead. + */ +expr_cond_true( + unique int cond: @conditionalexpr ref, + int true: @expr ref +); + +/** + * The expression used when the guard of `@conditionalexpr` + * `guard ? true : false` does not hold. + */ +expr_cond_false( + unique int cond: @conditionalexpr ref, + int false: @expr ref +); + +/** A string representation of the value. */ +values( + unique int id: @value, + string str: string ref +); + +/** The actual text in the source code for the value, if any. */ +valuetext( + unique int id: @value ref, + string text: string ref +); + +valuebind( + int val: @value ref, + unique int expr: @expr ref +); + +fieldoffsets( + unique int id: @variable ref, + int byteoffset: int ref, + int bitoffset: int ref +); + +bitfield( + unique int id: @variable ref, + int bits: int ref, + int declared_bits: int ref +); + +/* TODO +memberprefix( + int member: @expr ref, + int prefix: @expr ref +); +*/ + +/* + kind(1) = mbrcallexpr + kind(2) = mbrptrcallexpr + kind(3) = mbrptrmbrcallexpr + kind(4) = ptrmbrptrmbrcallexpr + kind(5) = mbrreadexpr // x.y + kind(6) = mbrptrreadexpr // p->y + kind(7) = mbrptrmbrreadexpr // x.*pm + kind(8) = mbrptrmbrptrreadexpr // x->*pm + kind(9) = staticmbrreadexpr // static x.y + kind(10) = staticmbrptrreadexpr // static p->y +*/ +/* TODO +memberaccess( + int member: @expr ref, + int kind: int ref +); +*/ + +initialisers( + unique int init: @initialiser, + int var: @accessible ref, + unique int expr: @expr ref, + int location: @location_default ref +); + +braced_initialisers( + int init: @initialiser ref +); + +/** + * An ancestor for the expression, for cases in which we cannot + * otherwise find the expression's parent. + */ +expr_ancestor( + int exp: @expr ref, + int ancestor: @element ref +); + +exprs( + unique int id: @expr, + int kind: int ref, + int location: @location_default ref +); + +expr_reuse( + int reuse: @expr ref, + int original: @expr ref, + int value_category: int ref +) + +/* + case @value.category of + 1 = prval + | 2 = xval + | 3 = lval + ; +*/ +expr_types( + int id: @expr ref, + int typeid: @type ref, + int value_category: int ref +); + +case @expr.kind of + 1 = @errorexpr +| 2 = @address_of // & AddressOfExpr +| 3 = @reference_to // ReferenceToExpr (implicit?) +| 4 = @indirect // * PointerDereferenceExpr +| 5 = @ref_indirect // ReferenceDereferenceExpr (implicit?) +// ... +| 8 = @array_to_pointer // (???) +| 9 = @vacuous_destructor_call // VacuousDestructorCall +// ... +| 11 = @assume // Microsoft +| 12 = @parexpr +| 13 = @arithnegexpr +| 14 = @unaryplusexpr +| 15 = @complementexpr +| 16 = @notexpr +| 17 = @conjugation // GNU ~ operator +| 18 = @realpartexpr // GNU __real +| 19 = @imagpartexpr // GNU __imag +| 20 = @postincrexpr +| 21 = @postdecrexpr +| 22 = @preincrexpr +| 23 = @predecrexpr +| 24 = @conditionalexpr +| 25 = @addexpr +| 26 = @subexpr +| 27 = @mulexpr +| 28 = @divexpr +| 29 = @remexpr +| 30 = @jmulexpr // C99 mul imaginary +| 31 = @jdivexpr // C99 div imaginary +| 32 = @fjaddexpr // C99 add real + imaginary +| 33 = @jfaddexpr // C99 add imaginary + real +| 34 = @fjsubexpr // C99 sub real - imaginary +| 35 = @jfsubexpr // C99 sub imaginary - real +| 36 = @paddexpr // pointer add (pointer + int or int + pointer) +| 37 = @psubexpr // pointer sub (pointer - integer) +| 38 = @pdiffexpr // difference between two pointers +| 39 = @lshiftexpr +| 40 = @rshiftexpr +| 41 = @andexpr +| 42 = @orexpr +| 43 = @xorexpr +| 44 = @eqexpr +| 45 = @neexpr +| 46 = @gtexpr +| 47 = @ltexpr +| 48 = @geexpr +| 49 = @leexpr +| 50 = @minexpr // GNU minimum +| 51 = @maxexpr // GNU maximum +| 52 = @assignexpr +| 53 = @assignaddexpr +| 54 = @assignsubexpr +| 55 = @assignmulexpr +| 56 = @assigndivexpr +| 57 = @assignremexpr +| 58 = @assignlshiftexpr +| 59 = @assignrshiftexpr +| 60 = @assignandexpr +| 61 = @assignorexpr +| 62 = @assignxorexpr +| 63 = @assignpaddexpr // assign pointer add +| 64 = @assignpsubexpr // assign pointer sub +| 65 = @andlogicalexpr +| 66 = @orlogicalexpr +| 67 = @commaexpr +| 68 = @subscriptexpr // access to member of an array, e.g., a[5] +// ... 69 @objc_subscriptexpr deprecated +// ... 70 @cmdaccess deprecated +// ... +| 73 = @virtfunptrexpr +| 74 = @callexpr +// ... 75 @msgexpr_normal deprecated +// ... 76 @msgexpr_super deprecated +// ... 77 @atselectorexpr deprecated +// ... 78 @atprotocolexpr deprecated +| 79 = @vastartexpr +| 80 = @vaargexpr +| 81 = @vaendexpr +| 82 = @vacopyexpr +// ... 83 @atencodeexpr deprecated +| 84 = @varaccess +| 85 = @thisaccess +// ... 86 @objc_box_expr deprecated +| 87 = @new_expr +| 88 = @delete_expr +| 89 = @throw_expr +| 90 = @condition_decl // a variable declared in a condition, e.g., if(int x = y > 2) +| 91 = @braced_init_list +| 92 = @type_id +| 93 = @runtime_sizeof +| 94 = @runtime_alignof +| 95 = @sizeof_pack +| 96 = @expr_stmt // GNU extension +| 97 = @routineexpr +| 98 = @type_operand // used to access a type in certain contexts (haven't found any examples yet....) +| 99 = @offsetofexpr // offsetof ::= type and field +| 100 = @hasassignexpr // __has_assign ::= type +| 101 = @hascopyexpr // __has_copy ::= type +| 102 = @hasnothrowassign // __has_nothrow_assign ::= type +| 103 = @hasnothrowconstr // __has_nothrow_constructor ::= type +| 104 = @hasnothrowcopy // __has_nothrow_copy ::= type +| 105 = @hastrivialassign // __has_trivial_assign ::= type +| 106 = @hastrivialconstr // __has_trivial_constructor ::= type +| 107 = @hastrivialcopy // __has_trivial_copy ::= type +| 108 = @hasuserdestr // __has_user_destructor ::= type +| 109 = @hasvirtualdestr // __has_virtual_destructor ::= type +| 110 = @isabstractexpr // __is_abstract ::= type +| 111 = @isbaseofexpr // __is_base_of ::= type type +| 112 = @isclassexpr // __is_class ::= type +| 113 = @isconvtoexpr // __is_convertible_to ::= type type +| 114 = @isemptyexpr // __is_empty ::= type +| 115 = @isenumexpr // __is_enum ::= type +| 116 = @ispodexpr // __is_pod ::= type +| 117 = @ispolyexpr // __is_polymorphic ::= type +| 118 = @isunionexpr // __is_union ::= type +| 119 = @typescompexpr // GNU __builtin_types_compatible ::= type type +| 120 = @intaddrexpr // frontend internal builtin, used to implement offsetof +// ... +| 122 = @hastrivialdestructor // __has_trivial_destructor ::= type +| 123 = @literal +| 124 = @uuidof +| 127 = @aggregateliteral +| 128 = @delete_array_expr +| 129 = @new_array_expr +// ... 130 @objc_array_literal deprecated +// ... 131 @objc_dictionary_literal deprecated +| 132 = @foldexpr +// ... +| 200 = @ctordirectinit +| 201 = @ctorvirtualinit +| 202 = @ctorfieldinit +| 203 = @ctordelegatinginit +| 204 = @dtordirectdestruct +| 205 = @dtorvirtualdestruct +| 206 = @dtorfielddestruct +// ... +| 210 = @static_cast +| 211 = @reinterpret_cast +| 212 = @const_cast +| 213 = @dynamic_cast +| 214 = @c_style_cast +| 215 = @lambdaexpr +| 216 = @param_ref +| 217 = @noopexpr +// ... +| 294 = @istriviallyconstructibleexpr +| 295 = @isdestructibleexpr +| 296 = @isnothrowdestructibleexpr +| 297 = @istriviallydestructibleexpr +| 298 = @istriviallyassignableexpr +| 299 = @isnothrowassignableexpr +| 300 = @istrivialexpr +| 301 = @isstandardlayoutexpr +| 302 = @istriviallycopyableexpr +| 303 = @isliteraltypeexpr +| 304 = @hastrivialmoveconstructorexpr +| 305 = @hastrivialmoveassignexpr +| 306 = @hasnothrowmoveassignexpr +| 307 = @isconstructibleexpr +| 308 = @isnothrowconstructibleexpr +| 309 = @hasfinalizerexpr +| 310 = @isdelegateexpr +| 311 = @isinterfaceclassexpr +| 312 = @isrefarrayexpr +| 313 = @isrefclassexpr +| 314 = @issealedexpr +| 315 = @issimplevalueclassexpr +| 316 = @isvalueclassexpr +| 317 = @isfinalexpr +| 319 = @noexceptexpr +| 320 = @builtinshufflevector +| 321 = @builtinchooseexpr +| 322 = @builtinaddressof +| 323 = @vec_fill +| 324 = @builtinconvertvector +| 325 = @builtincomplex +| 326 = @spaceshipexpr +| 327 = @co_await +| 328 = @co_yield +| 329 = @temp_init +| 330 = @isassignable +| 331 = @isaggregate +| 332 = @hasuniqueobjectrepresentations +| 333 = @builtinbitcast +| 334 = @builtinshuffle +| 335 = @blockassignexpr +| 336 = @issame +| 337 = @isfunction +| 338 = @islayoutcompatible +| 339 = @ispointerinterconvertiblebaseof +| 340 = @isarray +| 341 = @arrayrank +| 342 = @arrayextent +| 343 = @isarithmetic +| 344 = @iscompletetype +| 345 = @iscompound +| 346 = @isconst +| 347 = @isfloatingpoint +| 348 = @isfundamental +| 349 = @isintegral +| 350 = @islvaluereference +| 351 = @ismemberfunctionpointer +| 352 = @ismemberobjectpointer +| 353 = @ismemberpointer +| 354 = @isobject +| 355 = @ispointer +| 356 = @isreference +| 357 = @isrvaluereference +| 358 = @isscalar +| 359 = @issigned +| 360 = @isunsigned +| 361 = @isvoid +| 362 = @isvolatile +| 363 = @reuseexpr +| 364 = @istriviallycopyassignable +| 365 = @isassignablenopreconditioncheck +| 366 = @referencebindstotemporary +| 367 = @issameas +| 368 = @builtinhasattribute +| 369 = @ispointerinterconvertiblewithclass +| 370 = @builtinispointerinterconvertiblewithclass +| 371 = @iscorrespondingmember +| 372 = @builtiniscorrespondingmember +| 373 = @isboundedarray +| 374 = @isunboundedarray +| 375 = @isreferenceable +| 378 = @isnothrowconvertible +| 379 = @referenceconstructsfromtemporary +| 380 = @referenceconvertsfromtemporary +| 381 = @isconvertible +| 382 = @isvalidwinrttype +| 383 = @iswinclass +| 384 = @iswininterface +| 385 = @istriviallyequalitycomparable +| 386 = @isscopedenum +| 387 = @istriviallyrelocatable +| 388 = @datasizeof +| 389 = @c11_generic +| 390 = @requires_expr +| 391 = @nested_requirement +| 392 = @compound_requirement +| 393 = @concept_id +| 394 = @isinvocable +| 395 = @isnothrowinvocable +| 396 = @isbitwisecloneable +; + +@var_args_expr = @vastartexpr + | @vaendexpr + | @vaargexpr + | @vacopyexpr + ; + +@builtin_op = @var_args_expr + | @noopexpr + | @offsetofexpr + | @intaddrexpr + | @hasassignexpr + | @hascopyexpr + | @hasnothrowassign + | @hasnothrowconstr + | @hasnothrowcopy + | @hastrivialassign + | @hastrivialconstr + | @hastrivialcopy + | @hastrivialdestructor + | @hasuserdestr + | @hasvirtualdestr + | @isabstractexpr + | @isbaseofexpr + | @isclassexpr + | @isconvtoexpr + | @isemptyexpr + | @isenumexpr + | @ispodexpr + | @ispolyexpr + | @isunionexpr + | @typescompexpr + | @builtinshufflevector + | @builtinconvertvector + | @builtinaddressof + | @istriviallyconstructibleexpr + | @isdestructibleexpr + | @isnothrowdestructibleexpr + | @istriviallydestructibleexpr + | @istriviallyassignableexpr + | @isnothrowassignableexpr + | @istrivialexpr + | @isstandardlayoutexpr + | @istriviallycopyableexpr + | @isliteraltypeexpr + | @hastrivialmoveconstructorexpr + | @hastrivialmoveassignexpr + | @hasnothrowmoveassignexpr + | @isconstructibleexpr + | @isnothrowconstructibleexpr + | @hasfinalizerexpr + | @isdelegateexpr + | @isinterfaceclassexpr + | @isrefarrayexpr + | @isrefclassexpr + | @issealedexpr + | @issimplevalueclassexpr + | @isvalueclassexpr + | @isfinalexpr + | @builtinchooseexpr + | @builtincomplex + | @isassignable + | @isaggregate + | @hasuniqueobjectrepresentations + | @builtinbitcast + | @builtinshuffle + | @issame + | @isfunction + | @islayoutcompatible + | @ispointerinterconvertiblebaseof + | @isarray + | @arrayrank + | @arrayextent + | @isarithmetic + | @iscompletetype + | @iscompound + | @isconst + | @isfloatingpoint + | @isfundamental + | @isintegral + | @islvaluereference + | @ismemberfunctionpointer + | @ismemberobjectpointer + | @ismemberpointer + | @isobject + | @ispointer + | @isreference + | @isrvaluereference + | @isscalar + | @issigned + | @isunsigned + | @isvoid + | @isvolatile + | @istriviallycopyassignable + | @isassignablenopreconditioncheck + | @referencebindstotemporary + | @issameas + | @builtinhasattribute + | @ispointerinterconvertiblewithclass + | @builtinispointerinterconvertiblewithclass + | @iscorrespondingmember + | @builtiniscorrespondingmember + | @isboundedarray + | @isunboundedarray + | @isreferenceable + | @isnothrowconvertible + | @referenceconstructsfromtemporary + | @referenceconvertsfromtemporary + | @isconvertible + | @isvalidwinrttype + | @iswinclass + | @iswininterface + | @istriviallyequalitycomparable + | @isscopedenum + | @istriviallyrelocatable + | @isinvocable + | @isnothrowinvocable + | @isbitwisecloneable + ; + +compound_requirement_is_noexcept( + int expr: @compound_requirement ref +); + +new_allocated_type( + unique int expr: @new_expr ref, + int type_id: @type ref +); + +new_array_allocated_type( + unique int expr: @new_array_expr ref, + int type_id: @type ref +); + +param_ref_to_this( + int expr: @param_ref ref +) + +/** + * The field being initialized by an initializer expression within an aggregate + * initializer for a class/struct/union. Position is used to sort repeated initializers. + */ +#keyset[aggregate, position] +aggregate_field_init( + int aggregate: @aggregateliteral ref, + int initializer: @expr ref, + int field: @membervariable ref, + int position: int ref, + boolean is_designated: boolean ref +); + +/** + * The index of the element being initialized by an initializer expression + * within an aggregate initializer for an array. Position is used to sort repeated initializers. + */ +#keyset[aggregate, position] +aggregate_array_init( + int aggregate: @aggregateliteral ref, + int initializer: @expr ref, + int element_index: int ref, + int position: int ref, + boolean is_designated: boolean ref +); + +@ctorinit = @ctordirectinit + | @ctorvirtualinit + | @ctorfieldinit + | @ctordelegatinginit; +@dtordestruct = @dtordirectdestruct + | @dtorvirtualdestruct + | @dtorfielddestruct; + + +condition_decl_bind( + unique int expr: @condition_decl ref, + unique int decl: @declaration ref +); + +typeid_bind( + unique int expr: @type_id ref, + int type_id: @type ref +); + +uuidof_bind( + unique int expr: @uuidof ref, + int type_id: @type ref +); + +@sizeof_or_alignof = @runtime_sizeof | @runtime_alignof | @datasizeof | @sizeof_pack; + +sizeof_bind( + unique int expr: @sizeof_or_alignof ref, + int type_id: @type ref +); + +code_block( + unique int block: @literal ref, + unique int routine: @function ref +); + +lambdas( + unique int expr: @lambdaexpr ref, + string default_capture: string ref, + boolean has_explicit_return_type: boolean ref, + boolean has_explicit_parameter_list: boolean ref +); + +lambda_capture( + unique int id: @lambdacapture, + int lambda: @lambdaexpr ref, + int index: int ref, + int field: @membervariable ref, + boolean captured_by_reference: boolean ref, + boolean is_implicit: boolean ref, + int location: @location_default ref +); + +@funbindexpr = @routineexpr + | @new_expr + | @delete_expr + | @delete_array_expr + | @ctordirectinit + | @ctorvirtualinit + | @ctordelegatinginit + | @dtordirectdestruct + | @dtorvirtualdestruct; + +@varbindexpr = @varaccess | @ctorfieldinit | @dtorfielddestruct; +@addressable = @function | @variable ; +@accessible = @addressable | @enumconstant ; + +@access = @varaccess | @routineexpr ; + +fold( + int expr: @foldexpr ref, + string operator: string ref, + boolean is_left_fold: boolean ref +); + +stmts( + unique int id: @stmt, + int kind: int ref, + int location: @location_default ref +); + +case @stmt.kind of + 1 = @stmt_expr +| 2 = @stmt_if +| 3 = @stmt_while +| 4 = @stmt_goto +| 5 = @stmt_label +| 6 = @stmt_return +| 7 = @stmt_block +| 8 = @stmt_end_test_while // do { ... } while ( ... ) +| 9 = @stmt_for +| 10 = @stmt_switch_case +| 11 = @stmt_switch +| 13 = @stmt_asm // "asm" statement or the body of an asm function +| 15 = @stmt_try_block +| 16 = @stmt_microsoft_try // Microsoft +| 17 = @stmt_decl +| 18 = @stmt_set_vla_size // C99 +| 19 = @stmt_vla_decl // C99 +| 25 = @stmt_assigned_goto // GNU +| 26 = @stmt_empty +| 27 = @stmt_continue +| 28 = @stmt_break +| 29 = @stmt_range_based_for // C++11 +// ... 30 @stmt_at_autoreleasepool_block deprecated +// ... 31 @stmt_objc_for_in deprecated +// ... 32 @stmt_at_synchronized deprecated +| 33 = @stmt_handler +// ... 34 @stmt_finally_end deprecated +| 35 = @stmt_constexpr_if +| 37 = @stmt_co_return +| 38 = @stmt_consteval_if +| 39 = @stmt_not_consteval_if +| 40 = @stmt_leave +; + +type_vla( + int type_id: @type ref, + int decl: @stmt_vla_decl ref +); + +variable_vla( + int var: @variable ref, + int decl: @stmt_vla_decl ref +); + +type_is_vla(unique int type_id: @derivedtype ref) + +if_initialization( + unique int if_stmt: @stmt_if ref, + int init_id: @stmt ref +); + +if_then( + unique int if_stmt: @stmt_if ref, + int then_id: @stmt ref +); + +if_else( + unique int if_stmt: @stmt_if ref, + int else_id: @stmt ref +); + +constexpr_if_initialization( + unique int constexpr_if_stmt: @stmt_constexpr_if ref, + int init_id: @stmt ref +); + +constexpr_if_then( + unique int constexpr_if_stmt: @stmt_constexpr_if ref, + int then_id: @stmt ref +); + +constexpr_if_else( + unique int constexpr_if_stmt: @stmt_constexpr_if ref, + int else_id: @stmt ref +); + +@stmt_consteval_or_not_consteval_if = @stmt_consteval_if | @stmt_not_consteval_if; + +consteval_if_then( + unique int constexpr_if_stmt: @stmt_consteval_or_not_consteval_if ref, + int then_id: @stmt ref +); + +consteval_if_else( + unique int constexpr_if_stmt: @stmt_consteval_or_not_consteval_if ref, + int else_id: @stmt ref +); + +while_body( + unique int while_stmt: @stmt_while ref, + int body_id: @stmt ref +); + +do_body( + unique int do_stmt: @stmt_end_test_while ref, + int body_id: @stmt ref +); + +switch_initialization( + unique int switch_stmt: @stmt_switch ref, + int init_id: @stmt ref +); + +#keyset[switch_stmt, index] +switch_case( + int switch_stmt: @stmt_switch ref, + int index: int ref, + int case_id: @stmt_switch_case ref +); + +switch_body( + unique int switch_stmt: @stmt_switch ref, + int body_id: @stmt ref +); + +@stmt_for_or_range_based_for = @stmt_for + | @stmt_range_based_for; + +for_initialization( + unique int for_stmt: @stmt_for_or_range_based_for ref, + int init_id: @stmt ref +); + +for_condition( + unique int for_stmt: @stmt_for ref, + int condition_id: @expr ref +); + +for_update( + unique int for_stmt: @stmt_for ref, + int update_id: @expr ref +); + +for_body( + unique int for_stmt: @stmt_for ref, + int body_id: @stmt ref +); + +@stmtparent = @stmt | @expr_stmt ; +stmtparents( + unique int id: @stmt ref, + int index: int ref, + int parent: @stmtparent ref +); + +ishandler(unique int block: @stmt_block ref); + +@cfgnode = @stmt | @expr | @function | @initialiser ; + +stmt_decl_bind( + int stmt: @stmt_decl ref, + int num: int ref, + int decl: @declaration ref +); + +stmt_decl_entry_bind( + int stmt: @stmt_decl ref, + int num: int ref, + int decl_entry: @element ref +); + +@parameterized_element = @function | @stmt_block | @requires_expr; + +blockscope( + unique int block: @stmt_block ref, + int enclosing: @parameterized_element ref +); + +@jump = @stmt_goto | @stmt_break | @stmt_continue | @stmt_leave; + +@jumporlabel = @jump | @stmt_label | @literal; + +jumpinfo( + unique int id: @jumporlabel ref, + string str: string ref, + int target: @stmt ref +); + +preprocdirects( + unique int id: @preprocdirect, + int kind: int ref, + int location: @location_default ref +); +case @preprocdirect.kind of + 0 = @ppd_if +| 1 = @ppd_ifdef +| 2 = @ppd_ifndef +| 3 = @ppd_elif +| 4 = @ppd_else +| 5 = @ppd_endif +| 6 = @ppd_plain_include +| 7 = @ppd_define +| 8 = @ppd_undef +| 9 = @ppd_line +| 10 = @ppd_error +| 11 = @ppd_pragma +| 12 = @ppd_objc_import +| 13 = @ppd_include_next +| 14 = @ppd_ms_import +| 15 = @ppd_elifdef +| 16 = @ppd_elifndef +| 17 = @ppd_embed +| 18 = @ppd_warning +; + +@ppd_include = @ppd_plain_include | @ppd_objc_import | @ppd_include_next | @ppd_ms_import; + +@ppd_branch = @ppd_if | @ppd_ifdef | @ppd_ifndef | @ppd_elif | @ppd_elifdef | @ppd_elifndef; + +preprocpair( + int begin : @ppd_branch ref, + int elseelifend : @preprocdirect ref +); + +preproctrue(int branch : @ppd_branch ref); +preprocfalse(int branch : @ppd_branch ref); + +preproctext( + unique int id: @preprocdirect ref, + string head: string ref, + string body: string ref +); + +includes( + unique int id: @ppd_include ref, + int included: @file ref +); + +embeds( + unique int id: @ppd_embed ref, + int included: @file ref +); + +link_targets( + int id: @link_target, + int binary: @file ref +); + +link_parent( + int element : @element ref, + int link_target : @link_target ref +); + +/*- Database metadata -*/ + +/** + * The CLI will automatically emit applicable tuples for this table, + * such as `databaseMetadata("isOverlay", "true")` when building an + * overlay database. + */ +databaseMetadata( + string metadataKey: string ref, + string value: string ref +); + +/*- Overlay support -*/ + +/** + * The CLI will automatically emit tuples for each new/modified/deleted file + * when building an overlay database. + */ +overlayChangedFiles( + string path: string ref +); + +/*- XML Files -*/ + +xmlEncoding( + unique int id: @file ref, + string encoding: string ref +); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref +); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref +); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref +); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref +); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref +); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref +); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref +); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref +); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; diff --git a/cpp/downgrades/ef8d209a22e27413aaaeff4446f0ecb9fa2c227b/upgrade.properties b/cpp/downgrades/ef8d209a22e27413aaaeff4446f0ecb9fa2c227b/upgrade.properties new file mode 100644 index 000000000000..f77cdddbbe10 --- /dev/null +++ b/cpp/downgrades/ef8d209a22e27413aaaeff4446f0ecb9fa2c227b/upgrade.properties @@ -0,0 +1,6 @@ +description: Capture information about one template being generated from another +compatibility: full +class_template_generated_from.rel: delete +function_template_generated_from.rel: delete +variable_template_generated_from.rel: delete +alias_template_generated_from.rel: delete diff --git a/cpp/ql/lib/upgrades/837c4e02326aee4582405d069263092e80a15d82/old.dbscheme b/cpp/ql/lib/upgrades/837c4e02326aee4582405d069263092e80a15d82/old.dbscheme new file mode 100644 index 000000000000..837c4e02326a --- /dev/null +++ b/cpp/ql/lib/upgrades/837c4e02326aee4582405d069263092e80a15d82/old.dbscheme @@ -0,0 +1,2561 @@ + +/*- Compilations -*/ + +/** + * An invocation of the compiler. Note that more than one file may be + * compiled per invocation. For example, this command compiles three + * source files: + * + * gcc -c f1.c f2.c f3.c + * + * The `id` simply identifies the invocation, while `cwd` is the working + * directory from which the compiler was invoked. + */ +compilations( + /** + * An invocation of the compiler. Note that more than one file may + * be compiled per invocation. For example, this command compiles + * three source files: + * + * gcc -c f1.c f2.c f3.c + */ + unique int id : @compilation, + string cwd : string ref +); + +/** + * The arguments that were passed to the extractor for a compiler + * invocation. If `id` is for the compiler invocation + * + * gcc -c f1.c f2.c f3.c + * + * then typically there will be rows for + * + * num | arg + * --- | --- + * 0 | *path to extractor* + * 1 | `--mimic` + * 2 | `/usr/bin/gcc` + * 3 | `-c` + * 4 | f1.c + * 5 | f2.c + * 6 | f3.c + */ +#keyset[id, num] +compilation_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The expanded arguments that were passed to the extractor for a + * compiler invocation. This is similar to `compilation_args`, but + * for a `@someFile` argument, it includes the arguments from that + * file, rather than just taking the argument literally. + */ +#keyset[id, num] +compilation_expanded_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * Optionally, record the build mode for each compilation. + */ +compilation_build_mode( + unique int id : @compilation ref, + int mode : int ref +); + +/* +case @compilation_build_mode.mode of + 0 = @build_mode_none +| 1 = @build_mode_manual +| 2 = @build_mode_auto +; +*/ + +/** + * The source files that are compiled by a compiler invocation. + * If `id` is for the compiler invocation + * + * gcc -c f1.c f2.c f3.c + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | f1.c + * 1 | f2.c + * 2 | f3.c + * + * Note that even if those files `#include` headers, those headers + * do not appear as rows. + */ +#keyset[id, num] +compilation_compiling_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The time taken by the extractor for a compiler invocation. + * + * For each file `num`, there will be rows for + * + * kind | seconds + * ---- | --- + * 1 | CPU seconds used by the extractor frontend + * 2 | Elapsed seconds during the extractor frontend + * 3 | CPU seconds used by the extractor backend + * 4 | Elapsed seconds during the extractor backend + */ +#keyset[id, num, kind] +compilation_time( + int id : @compilation ref, + int num : int ref, + /* kind: + 1 = frontend_cpu_seconds + 2 = frontend_elapsed_seconds + 3 = extractor_cpu_seconds + 4 = extractor_elapsed_seconds + */ + int kind : int ref, + float seconds : float ref +); + +/** + * An error or warning generated by the extractor. + * The diagnostic message `diagnostic` was generated during compiler + * invocation `compilation`, and is the `file_number_diagnostic_number`th + * message generated while extracting the `file_number`th file of that + * invocation. + */ +#keyset[compilation, file_number, file_number_diagnostic_number] +diagnostic_for( + int diagnostic : @diagnostic ref, + int compilation : @compilation ref, + int file_number : int ref, + int file_number_diagnostic_number : int ref +); + +/** + * If extraction was successful, then `cpu_seconds` and + * `elapsed_seconds` are the CPU time and elapsed time (respectively) + * that extraction took for compiler invocation `id`. + */ +compilation_finished( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref +); + +/*- External data -*/ + +/** + * External data, loaded from CSV files during snapshot creation. See + * [Tutorial: Incorporating external data](https://help.semmle.com/wiki/display/SD/Tutorial%3A+Incorporating+external+data) + * for more information. + */ +externalData( + int id : @externalDataElement, + string path : string ref, + int column: int ref, + string value : string ref +); + +/*- Source location prefix -*/ + +/** + * The source location of the snapshot. + */ +sourceLocationPrefix(string prefix : string ref); + +/*- Files and folders -*/ + +/** + * The location of an element. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @file | @folder + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +/*- Lines of code -*/ + +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref +); + +/*- Diagnostic messages -*/ + +diagnostics( + unique int id: @diagnostic, + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location_default ref +); + +/*- C++ dbscheme -*/ + +extractor_version( + string codeql_version: string ref, + string frontend_version: string ref +) + +/** + * Gives the TRAP filename that `trap` is associated with. + * For debugging only. + */ +trap_filename( + int trap: @trap, + string filename: string ref +); + +/** + * Gives the tag name for `tag`. + * For debugging only. + */ +tag_name( + int tag: @tag, + string name: string ref +); + +@trap_or_tag = @tag | @trap; + +/** + * Gives the name for the source file. + */ +source_file_name( + int sf: @source_file, + string name: string ref +); + +/** + * In `build-mode: none` overlay mode, indicates that `source_file` + * (`/path/to/foo.c`) uses the TRAP file `trap_file`; i.e. it is the + * TRAP file corresponding to `foo.c`, something it transitively + * includes, or a template instantiation it transitively uses. + */ +source_file_uses_trap( + int source_file: @source_file ref, + int trap_file: @trap ref +); + +/** + * In `build-mode: none` overlay mode, indicates that the TRAP file + * `trap_file` uses tag `tag`. + */ +trap_uses_tag( + int trap_file: @trap ref, + int tag: @tag ref +); + +/** + * Holds if there is a definition of `element` in TRAP file or tag `t`. + */ +in_trap_or_tag( + int element: @element ref, + int t: @trap_or_tag ref +); + +pch_uses( + int pch: @pch ref, + int compilation: @compilation ref, + int id: @file ref +) + +#keyset[pch, compilation] +pch_creations( + int pch: @pch, + int compilation: @compilation ref, + int from: @file ref +) + +/** An element for which line-count information is available. */ +@sourceline = @file | @function | @variable | @enumconstant | @xmllocatable; + +fileannotations( + int id: @file ref, + int kind: int ref, + string name: string ref, + string value: string ref +); + +inmacroexpansion( + int id: @element ref, + int inv: @macroinvocation ref +); + +affectedbymacroexpansion( + int id: @element ref, + int inv: @macroinvocation ref +); + +case @macroinvocation.kind of + 1 = @macro_expansion +| 2 = @other_macro_reference +; + +macroinvocations( + unique int id: @macroinvocation, + int macro_id: @ppd_define ref, + int location: @location_default ref, + int kind: int ref +); + +macroparent( + unique int id: @macroinvocation ref, + int parent_id: @macroinvocation ref +); + +// a macroinvocation may be part of another location +// the way to find a constant expression that uses a macro +// is thus to find a constant expression that has a location +// to which a macro invocation is bound +macrolocationbind( + int id: @macroinvocation ref, + int location: @location_default ref +); + +#keyset[invocation, argument_index] +macro_argument_unexpanded( + int invocation: @macroinvocation ref, + int argument_index: int ref, + string text: string ref +); + +#keyset[invocation, argument_index] +macro_argument_expanded( + int invocation: @macroinvocation ref, + int argument_index: int ref, + string text: string ref +); + +case @function.kind of + 0 = @unknown_function +| 1 = @normal_function +| 2 = @constructor +| 3 = @destructor +| 4 = @conversion_function +| 5 = @operator +// ... 6 = @builtin_function deprecated // GCC built-in functions, e.g. __builtin___memcpy_chk +| 7 = @user_defined_literal +| 8 = @deduction_guide +; + +functions( + unique int id: @function, + string name: string ref, + int kind: int ref +); + +builtin_functions( + int id: @function ref +) + +function_entry_point( + int id: @function ref, + unique int entry_point: @stmt ref +); + +function_return_type( + int id: @function ref, + int return_type: @type ref +); + +/** + * If `function` is a coroutine, then this gives the `std::experimental::resumable_traits` + * instance associated with it, and the variables representing the `handle` and `promise` + * for it. + */ +coroutine( + unique int function: @function ref, + int traits: @type ref +); + +/* +case @coroutine_placeholder_variable.kind of + 1 = @handle +| 2 = @promise +| 3 = @init_await_resume +; +*/ + +coroutine_placeholder_variable( + unique int placeholder_variable: @variable ref, + int kind: int ref, + int function: @function ref +) + +/** The `new` function used for allocating the coroutine state, if any. */ +coroutine_new( + unique int function: @function ref, + int new: @function ref +); + +/** The `delete` function used for deallocating the coroutine state, if any. */ +coroutine_delete( + unique int function: @function ref, + int delete: @function ref +); + +purefunctions(unique int id: @function ref); + +function_deleted(unique int id: @function ref); + +function_defaulted(unique int id: @function ref); + +function_prototyped(unique int id: @function ref) + +deduction_guide_for_class( + int id: @function ref, + int class_template: @usertype ref +) + +member_function_this_type( + unique int id: @function ref, + int this_type: @type ref +); + +#keyset[id, type_id] +fun_decls( + int id: @fun_decl, + int function: @function ref, + int type_id: @type ref, + string name: string ref, + int location: @location_default ref +); +fun_def(unique int id: @fun_decl ref); +fun_specialized(unique int id: @fun_decl ref); +fun_implicit(unique int id: @fun_decl ref); +fun_decl_specifiers( + int id: @fun_decl ref, + string name: string ref +) +#keyset[fun_decl, index] +fun_decl_throws( + int fun_decl: @fun_decl ref, + int index: int ref, + int type_id: @type ref +); +/* an empty throw specification is different from none */ +fun_decl_empty_throws(unique int fun_decl: @fun_decl ref); +fun_decl_noexcept( + int fun_decl: @fun_decl ref, + int constant: @expr ref +); +fun_decl_empty_noexcept(int fun_decl: @fun_decl ref); +fun_decl_typedef_type( + unique int fun_decl: @fun_decl ref, + int typedeftype_id: @usertype ref +); + +/* +case @fun_requires.kind of + 1 = @template_attached +| 2 = @function_attached +; +*/ + +fun_requires( + int id: @fun_decl ref, + int kind: int ref, + int constraint: @expr ref +); + +param_decl_bind( + unique int id: @var_decl ref, + int index: int ref, + int fun_decl: @fun_decl ref +); + +#keyset[id, type_id] +var_decls( + int id: @var_decl, + int variable: @variable ref, + int type_id: @type ref, + string name: string ref, + int location: @location_default ref +); +var_def(unique int id: @var_decl ref); +var_specialized(int id: @var_decl ref); +var_decl_specifiers( + int id: @var_decl ref, + string name: string ref +) +is_structured_binding(unique int id: @variable ref); +var_requires( + int id: @var_decl ref, + int constraint: @expr ref +); + +type_decls( + unique int id: @type_decl, + int type_id: @type ref, + int location: @location_default ref +); +type_def(unique int id: @type_decl ref); +type_decl_top( + unique int type_decl: @type_decl ref +); +type_requires( + int id: @type_decl ref, + int constraint: @expr ref +); + +namespace_decls( + unique int id: @namespace_decl, + int namespace_id: @namespace ref, + int location: @location_default ref, + int bodylocation: @location_default ref +); + +case @using.kind of + 1 = @using_declaration +| 2 = @using_directive +| 3 = @using_enum_declaration +; + +usings( + unique int id: @using, + int element_id: @element ref, + int location: @location_default ref, + int kind: int ref +); + +/** The element which contains the `using` declaration. */ +using_container( + int parent: @element ref, + int child: @using ref +); + +static_asserts( + unique int id: @static_assert, + int condition : @expr ref, + string message : string ref, + int location: @location_default ref, + int enclosing : @element ref +); + +// each function has an ordered list of parameters +#keyset[id, type_id] +#keyset[function, index, type_id] +params( + int id: @parameter, + int function: @parameterized_element ref, + int index: int ref, + int type_id: @type ref +); + +overrides( + int new: @function ref, + int old: @function ref +); + +#keyset[id, type_id] +membervariables( + int id: @membervariable, + int type_id: @type ref, + string name: string ref +); + +#keyset[id, type_id] +globalvariables( + int id: @globalvariable, + int type_id: @type ref, + string name: string ref +); + +#keyset[id, type_id] +localvariables( + int id: @localvariable, + int type_id: @type ref, + string name: string ref +); + +autoderivation( + unique int var: @variable ref, + int derivation_type: @type ref +); + +orphaned_variables( + int var: @localvariable ref, + int function: @function ref +) + +enumconstants( + unique int id: @enumconstant, + int parent: @usertype ref, + int index: int ref, + int type_id: @type ref, + string name: string ref, + int location: @location_default ref +); + +@variable = @localscopevariable | @globalvariable | @membervariable; + +@localscopevariable = @localvariable | @parameter; + +/** + * Built-in types are the fundamental types, e.g., integral, floating, and void. + */ +case @builtintype.kind of + 1 = @errortype +| 2 = @unknowntype +| 3 = @void +| 4 = @boolean +| 5 = @char +| 6 = @unsigned_char +| 7 = @signed_char +| 8 = @short +| 9 = @unsigned_short +| 10 = @signed_short +| 11 = @int +| 12 = @unsigned_int +| 13 = @signed_int +| 14 = @long +| 15 = @unsigned_long +| 16 = @signed_long +| 17 = @long_long +| 18 = @unsigned_long_long +| 19 = @signed_long_long +// ... 20 Microsoft-specific __int8 +// ... 21 Microsoft-specific __int16 +// ... 22 Microsoft-specific __int32 +// ... 23 Microsoft-specific __int64 +| 24 = @float +| 25 = @double +| 26 = @long_double +| 27 = @complex_float // C99-specific _Complex float +| 28 = @complex_double // C99-specific _Complex double +| 29 = @complex_long_double // C99-specific _Complex long double +| 30 = @imaginary_float // C99-specific _Imaginary float +| 31 = @imaginary_double // C99-specific _Imaginary double +| 32 = @imaginary_long_double // C99-specific _Imaginary long double +| 33 = @wchar_t // Microsoft-specific +| 34 = @decltype_nullptr // C++11 +| 35 = @int128 // __int128 +| 36 = @unsigned_int128 // unsigned __int128 +| 37 = @signed_int128 // signed __int128 +| 38 = @float128 // __float128 +| 39 = @complex_float128 // _Complex __float128 +// ... 40 _Decimal32 +// ... 41 _Decimal64 +// ... 42 _Decimal128 +| 43 = @char16_t +| 44 = @char32_t +| 45 = @std_float32 // _Float32 +| 46 = @float32x // _Float32x +| 47 = @std_float64 // _Float64 +| 48 = @float64x // _Float64x +| 49 = @std_float128 // _Float128 +// ... 50 _Float128x +| 51 = @char8_t +| 52 = @float16 // _Float16 +| 53 = @complex_float16 // _Complex _Float16 +| 54 = @fp16 // __fp16 +| 55 = @std_bfloat16 // __bf16 +| 56 = @std_float16 // std::float16_t +| 57 = @complex_std_float32 // _Complex _Float32 +| 58 = @complex_float32x // _Complex _Float32x +| 59 = @complex_std_float64 // _Complex _Float64 +| 60 = @complex_float64x // _Complex _Float64x +| 61 = @complex_std_float128 // _Complex _Float128 +| 62 = @mfp8 // __mfp8 +| 63 = @scalable_vector_count // __SVCount_t +| 64 = @complex_fp16 // _Complex __fp16 +| 65 = @complex_std_bfloat16 // _Complex __bf16 +| 66 = @complex_std_float16 // _Complex std::float16_t +; + +builtintypes( + unique int id: @builtintype, + string name: string ref, + int kind: int ref, + int size: int ref, + int sign: int ref, + int alignment: int ref +); + +/** + * Derived types are types that are directly derived from existing types and + * point to, refer to, transform type data to return a new type. + */ +case @derivedtype.kind of + 1 = @pointer +| 2 = @reference +| 3 = @type_with_specifiers +| 4 = @array +| 5 = @gnu_vector +| 6 = @routineptr +| 7 = @routinereference +| 8 = @rvalue_reference // C++11 +// ... 9 type_conforming_to_protocols deprecated +| 10 = @block +| 11 = @scalable_vector // Arm SVE +; + +derivedtypes( + unique int id: @derivedtype, + string name: string ref, + int kind: int ref, + int type_id: @type ref +); + +pointerishsize(unique int id: @derivedtype ref, + int size: int ref, + int alignment: int ref); + +arraysizes( + unique int id: @derivedtype ref, + int num_elements: int ref, + int bytesize: int ref, + int alignment: int ref +); + +tupleelements( + unique int id: @derivedtype ref, + int num_elements: int ref +); + +typedefbase( + unique int id: @usertype ref, + int type_id: @type ref +); + +/** + * An instance of the C++11 `decltype` operator or C23 `typeof`/`typeof_unqual` + * operator taking an expression as its argument. For example: + * ``` + * int a; + * decltype(1+a) b; + * typeof(1+a) c; + * ``` + * Here `expr` is `1+a`. + * + * Sometimes an additional pair of parentheses around the expression + * changes the semantics of the decltype, e.g. + * ``` + * struct A { double x; }; + * const A* a = new A(); + * decltype( a->x ); // type is double + * decltype((a->x)); // type is const double& + * ``` + * (Please consult the C++11 standard for more details). + * `parentheses_would_change_meaning` is `true` iff that is the case. + */ + +/* +case @decltype.kind of +| 0 = @decltype +| 1 = @typeof // The frontend does not differentiate between typeof and typeof_unqual +; +*/ + +#keyset[id, expr] +decltypes( + int id: @decltype, + int expr: @expr ref, + int kind: int ref, + int base_type: @type ref, + boolean parentheses_would_change_meaning: boolean ref +); + +case @type_operator.kind of + 0 = @typeof // The frontend does not differentiate between typeof and typeof_unqual +| 1 = @underlying_type +| 2 = @bases +| 3 = @direct_bases +| 4 = @add_lvalue_reference +| 5 = @add_pointer +| 6 = @add_rvalue_reference +| 7 = @decay +| 8 = @make_signed +| 9 = @make_unsigned +| 10 = @remove_all_extents +| 11 = @remove_const +| 12 = @remove_cv +| 13 = @remove_cvref +| 14 = @remove_extent +| 15 = @remove_pointer +| 16 = @remove_reference_t +| 17 = @remove_restrict +| 18 = @remove_volatile +| 19 = @remove_reference +; + +type_operators( + unique int id: @type_operator, + int arg_type: @type ref, + int kind: int ref, + int base_type: @type ref +) + +case @usertype.kind of + 0 = @unknown_usertype +| 1 = @struct +| 2 = @class +| 3 = @union +| 4 = @enum +// ... 5 = @typedef deprecated // classic C: typedef typedef type name +// ... 6 = @template deprecated +| 7 = @template_parameter +| 8 = @template_template_parameter +| 9 = @proxy_class // a proxy class associated with a template parameter +// ... 10 objc_class deprecated +// ... 11 objc_protocol deprecated +// ... 12 objc_category deprecated +| 13 = @scoped_enum +// ... 14 = @using_alias deprecated // a using name = type style typedef +| 15 = @template_struct +| 16 = @template_class +| 17 = @template_union +| 18 = @alias +; + +usertypes( + unique int id: @usertype, + string name: string ref, + int kind: int ref +); + +usertypesize( + unique int id: @usertype ref, + int size: int ref, + int alignment: int ref +); + +usertype_final(unique int id: @usertype ref); + +usertype_uuid( + unique int id: @usertype ref, + string uuid: string ref +); + +/* +case @usertype.alias_kind of +| 0 = @typedef +| 1 = @alias +*/ + +usertype_alias_kind( + int id: @usertype ref, + int alias_kind: int ref +) + +nontype_template_parameters( + int id: @expr ref +); + +type_template_type_constraint( + int id: @usertype ref, + int constraint: @expr ref +); + +mangled_name( + unique int id: @declaration ref, + int mangled_name : @mangledname, + boolean is_complete: boolean ref +); + +is_pod_class(unique int id: @usertype ref); +is_standard_layout_class(unique int id: @usertype ref); + +is_complete(unique int id: @usertype ref); + +is_class_template(unique int id: @usertype ref); +class_instantiation( + int to: @usertype ref, + int from: @usertype ref +); +class_template_argument( + int type_id: @usertype ref, + int index: int ref, + int arg_type: @type ref +); +class_template_argument_value( + int type_id: @usertype ref, + int index: int ref, + int arg_value: @expr ref +); + +@user_or_decltype = @usertype | @decltype; + +is_proxy_class_for( + unique int id: @usertype ref, + int templ_param_id: @user_or_decltype ref +); + +type_mentions( + unique int id: @type_mention, + int type_id: @type ref, + int location: @location_default ref, + // a_symbol_reference_kind from the frontend. + int kind: int ref +); + +is_function_template(unique int id: @function ref); +function_instantiation( + unique int to: @function ref, + int from: @function ref +); +function_template_argument( + int function_id: @function ref, + int index: int ref, + int arg_type: @type ref +); +function_template_argument_value( + int function_id: @function ref, + int index: int ref, + int arg_value: @expr ref +); + +is_variable_template(unique int id: @variable ref); +variable_instantiation( + unique int to: @variable ref, + int from: @variable ref +); +variable_template_argument( + int variable_id: @variable ref, + int index: int ref, + int arg_type: @type ref +); +variable_template_argument_value( + int variable_id: @variable ref, + int index: int ref, + int arg_value: @expr ref +); + +is_alias_template(unique int id: @usertype ref); +alias_instantiation( + unique int to: @usertype ref, + int from: @usertype ref +); +alias_template_argument( + int variable_id: @usertype ref, + int index: int ref, + int arg_type: @type ref +); +alias_template_argument_value( + int variable_id: @usertype ref, + int index: int ref, + int arg_value: @expr ref +); + +template_template_instantiation( + int to: @usertype ref, + int from: @usertype ref +); +template_template_argument( + int type_id: @usertype ref, + int index: int ref, + int arg_type: @type ref +); +template_template_argument_value( + int type_id: @usertype ref, + int index: int ref, + int arg_value: @expr ref +); + +@concept = @concept_template | @concept_id; + +concept_templates( + unique int concept_id: @concept_template, + string name: string ref, + int location: @location_default ref +); +concept_instantiation( + unique int to: @concept_id ref, + int from: @concept_template ref +); +is_type_constraint(int concept_id: @concept_id ref); +concept_template_argument( + int concept_id: @concept ref, + int index: int ref, + int arg_type: @type ref +); +concept_template_argument_value( + int concept_id: @concept ref, + int index: int ref, + int arg_value: @expr ref +); + +routinetypes( + unique int id: @routinetype, + int return_type: @type ref +); + +routinetypeargs( + int routine: @routinetype ref, + int index: int ref, + int type_id: @type ref +); + +ptrtomembers( + unique int id: @ptrtomember, + int type_id: @type ref, + int class_id: @type ref +); + +/* + specifiers for types, functions, and variables + + "public", + "protected", + "private", + + "const", + "volatile", + "static", + + "pure", + "virtual", + "sealed", // Microsoft + "__interface", // Microsoft + "inline", + "explicit", + + "near", // near far extension + "far", // near far extension + "__ptr32", // Microsoft + "__ptr64", // Microsoft + "__sptr", // Microsoft + "__uptr", // Microsoft + "dllimport", // Microsoft + "dllexport", // Microsoft + "thread", // Microsoft + "naked", // Microsoft + "microsoft_inline", // Microsoft + "forceinline", // Microsoft + "selectany", // Microsoft + "nothrow", // Microsoft + "novtable", // Microsoft + "noreturn", // Microsoft + "noinline", // Microsoft + "noalias", // Microsoft + "restrict", // Microsoft +*/ + +specifiers( + unique int id: @specifier, + unique string str: string ref +); + +typespecifiers( + int type_id: @type ref, + int spec_id: @specifier ref +); + +funspecifiers( + int func_id: @function ref, + int spec_id: @specifier ref +); + +varspecifiers( + int var_id: @accessible ref, + int spec_id: @specifier ref +); + +explicit_specifier_exprs( + unique int func_id: @function ref, + int constant: @expr ref +) + +attributes( + unique int id: @attribute, + int kind: int ref, + string name: string ref, + string name_space: string ref, + int location: @location_default ref +); + +case @attribute.kind of + 0 = @gnuattribute +| 1 = @stdattribute +| 2 = @declspec +| 3 = @msattribute +| 4 = @alignas +// ... 5 @objc_propertyattribute deprecated +; + +attribute_args( + unique int id: @attribute_arg, + int kind: int ref, + int attribute: @attribute ref, + int index: int ref, + int location: @location_default ref +); + +case @attribute_arg.kind of + 0 = @attribute_arg_empty +| 1 = @attribute_arg_token +| 2 = @attribute_arg_constant +| 3 = @attribute_arg_type +| 4 = @attribute_arg_constant_expr +| 5 = @attribute_arg_expr +; + +attribute_arg_value( + unique int arg: @attribute_arg ref, + string value: string ref +); +attribute_arg_type( + unique int arg: @attribute_arg ref, + int type_id: @type ref +); +attribute_arg_constant( + unique int arg: @attribute_arg ref, + int constant: @expr ref +) +attribute_arg_expr( + unique int arg: @attribute_arg ref, + int expr: @expr ref +) +attribute_arg_name( + unique int arg: @attribute_arg ref, + string name: string ref +); + +typeattributes( + int type_id: @type ref, + int spec_id: @attribute ref +); + +funcattributes( + int func_id: @function ref, + int spec_id: @attribute ref +); + +varattributes( + int var_id: @accessible ref, + int spec_id: @attribute ref +); + +namespaceattributes( + int namespace_id: @namespace ref, + int spec_id: @attribute ref +); + +stmtattributes( + int stmt_id: @stmt ref, + int spec_id: @attribute ref +); + +@type = @builtintype + | @derivedtype + | @usertype + | @routinetype + | @ptrtomember + | @decltype + | @type_operator; + +unspecifiedtype( + unique int type_id: @type ref, + int unspecified_type_id: @type ref +); + +member( + int parent: @type ref, + int index: int ref, + int child: @member ref +); + +@enclosingfunction_child = @usertype | @variable | @namespace + +enclosingfunction( + unique int child: @enclosingfunction_child ref, + int parent: @function ref +); + +derivations( + unique int derivation: @derivation, + int sub: @type ref, + int index: int ref, + int super: @type ref, + int location: @location_default ref +); + +derspecifiers( + int der_id: @derivation ref, + int spec_id: @specifier ref +); + +/** + * Contains the byte offset of the base class subobject within the derived + * class. Only holds for non-virtual base classes, but see table + * `virtual_base_offsets` for offsets of virtual base class subobjects. + */ +direct_base_offsets( + unique int der_id: @derivation ref, + int offset: int ref +); + +/** + * Contains the byte offset of the virtual base class subobject for class + * `super` within a most-derived object of class `sub`. `super` can be either a + * direct or indirect base class. + */ +#keyset[sub, super] +virtual_base_offsets( + int sub: @usertype ref, + int super: @usertype ref, + int offset: int ref +); + +frienddecls( + unique int id: @frienddecl, + int type_id: @type ref, + int decl_id: @declaration ref, + int location: @location_default ref +); + +@declaredtype = @usertype ; + +@declaration = @function + | @declaredtype + | @variable + | @enumconstant + | @frienddecl + | @concept_template; + +@member = @membervariable + | @function + | @declaredtype + | @enumconstant; + +@locatable = @diagnostic + | @declaration + | @ppd_include + | @ppd_define + | @macroinvocation + /*| @funcall*/ + | @xmllocatable + | @attribute + | @attribute_arg; + +@namedscope = @namespace | @usertype; + +@element = @locatable + | @file + | @folder + | @specifier + | @type + | @expr + | @namespace + | @initialiser + | @stmt + | @derivation + | @comment + | @preprocdirect + | @fun_decl + | @var_decl + | @type_decl + | @namespace_decl + | @using + | @namequalifier + | @specialnamequalifyingelement + | @static_assert + | @type_mention + | @lambdacapture; + +@exprparent = @element; + +comments( + unique int id: @comment, + string contents: string ref, + int location: @location_default ref +); + +commentbinding( + int id: @comment ref, + int element: @element ref +); + +exprconv( + int converted: @expr ref, + unique int conversion: @expr ref +); + +compgenerated(unique int id: @element ref); + +/** + * `destructor_call` destructs the `i`'th entity that should be + * destructed following `element`. Note that entities should be + * destructed in reverse construction order, so for a given `element` + * these should be called from highest to lowest `i`. + */ +#keyset[element, destructor_call] +#keyset[element, i] +synthetic_destructor_call( + int element: @element ref, + int i: int ref, + int destructor_call: @routineexpr ref +); + +namespaces( + unique int id: @namespace, + string name: string ref +); + +namespace_inline( + unique int id: @namespace ref +); + +namespacembrs( + int parentid: @namespace ref, + unique int memberid: @namespacembr ref +); + +@namespacembr = @declaration | @namespace; + +exprparents( + int expr_id: @expr ref, + int child_index: int ref, + int parent_id: @exprparent ref +); + +expr_isload(unique int expr_id: @expr ref); + +@cast = @c_style_cast + | @const_cast + | @dynamic_cast + | @reinterpret_cast + | @static_cast + ; + +/* +case @conversion.kind of + 0 = @simple_conversion // a numeric conversion, qualification conversion, or a reinterpret_cast +| 1 = @bool_conversion // conversion to 'bool' +| 2 = @base_class_conversion // a derived-to-base conversion +| 3 = @derived_class_conversion // a base-to-derived conversion +| 4 = @pm_base_class_conversion // a derived-to-base conversion of a pointer to member +| 5 = @pm_derived_class_conversion // a base-to-derived conversion of a pointer to member +| 6 = @glvalue_adjust // an adjustment of the type of a glvalue +| 7 = @prvalue_adjust // an adjustment of the type of a prvalue +; +*/ +/** + * Describes the semantics represented by a cast expression. This is largely + * independent of the source syntax of the cast, so it is separate from the + * regular expression kind. + */ +conversionkinds( + unique int expr_id: @cast ref, + int kind: int ref +); + +@conversion = @cast + | @array_to_pointer + | @parexpr + | @reference_to + | @ref_indirect + | @temp_init + | @c11_generic + ; + +/* +case @funbindexpr.kind of + 0 = @normal_call // a normal call +| 1 = @virtual_call // a virtual call +| 2 = @adl_call // a call whose target is only found by ADL +; +*/ +iscall( + unique int caller: @funbindexpr ref, + int kind: int ref +); + +numtemplatearguments( + unique int expr_id: @expr ref, + int num: int ref +); + +specialnamequalifyingelements( + unique int id: @specialnamequalifyingelement, + unique string name: string ref +); + +@namequalifiableelement = @expr | @namequalifier; +@namequalifyingelement = @namespace + | @specialnamequalifyingelement + | @usertype + | @decltype; + +namequalifiers( + unique int id: @namequalifier, + unique int qualifiableelement: @namequalifiableelement ref, + int qualifyingelement: @namequalifyingelement ref, + int location: @location_default ref +); + +varbind( + int expr: @varbindexpr ref, + int var: @accessible ref +); + +funbind( + int expr: @funbindexpr ref, + int fun: @function ref +); + +@any_new_expr = @new_expr + | @new_array_expr; + +@new_or_delete_expr = @any_new_expr + | @delete_expr + | @delete_array_expr; + +@prefix_crement_expr = @preincrexpr | @predecrexpr; + +@postfix_crement_expr = @postincrexpr | @postdecrexpr; + +@increment_expr = @preincrexpr | @postincrexpr; + +@decrement_expr = @predecrexpr | @postdecrexpr; + +@crement_expr = @increment_expr | @decrement_expr; + +@un_arith_op_expr = @arithnegexpr + | @unaryplusexpr + | @conjugation + | @realpartexpr + | @imagpartexpr + | @crement_expr + ; + +@un_bitwise_op_expr = @complementexpr; + +@un_log_op_expr = @notexpr; + +@un_op_expr = @address_of + | @indirect + | @un_arith_op_expr + | @un_bitwise_op_expr + | @builtinaddressof + | @vec_fill + | @un_log_op_expr + | @co_await + | @co_yield + ; + +@bin_log_op_expr = @andlogicalexpr | @orlogicalexpr; + +@cmp_op_expr = @eq_op_expr | @rel_op_expr; + +@eq_op_expr = @eqexpr | @neexpr; + +@rel_op_expr = @gtexpr + | @ltexpr + | @geexpr + | @leexpr + | @spaceshipexpr + ; + +@bin_bitwise_op_expr = @lshiftexpr + | @rshiftexpr + | @andexpr + | @orexpr + | @xorexpr + ; + +@p_arith_op_expr = @paddexpr + | @psubexpr + | @pdiffexpr + ; + +@bin_arith_op_expr = @addexpr + | @subexpr + | @mulexpr + | @divexpr + | @remexpr + | @jmulexpr + | @jdivexpr + | @fjaddexpr + | @jfaddexpr + | @fjsubexpr + | @jfsubexpr + | @minexpr + | @maxexpr + | @p_arith_op_expr + ; + +@bin_op_expr = @bin_arith_op_expr + | @bin_bitwise_op_expr + | @cmp_op_expr + | @bin_log_op_expr + ; + +@op_expr = @un_op_expr + | @bin_op_expr + | @assign_expr + | @conditionalexpr + ; + +@assign_arith_expr = @assignaddexpr + | @assignsubexpr + | @assignmulexpr + | @assigndivexpr + | @assignremexpr + ; + +@assign_bitwise_expr = @assignandexpr + | @assignorexpr + | @assignxorexpr + | @assignlshiftexpr + | @assignrshiftexpr + ; + +@assign_pointer_expr = @assignpaddexpr + | @assignpsubexpr + ; + +@assign_op_expr = @assign_arith_expr + | @assign_bitwise_expr + | @assign_pointer_expr + ; + +@assign_expr = @assignexpr | @assign_op_expr | @blockassignexpr + +/* + Binary encoding of the allocator form. + + case @allocator.form of + 0 = plain + | 1 = alignment + ; +*/ + +/** + * The allocator function associated with a `new` or `new[]` expression. + * The `form` column specified whether the allocation call contains an alignment + * argument. + */ +expr_allocator( + unique int expr: @any_new_expr ref, + int func: @function ref, + int form: int ref +); + +/* + Binary encoding of the deallocator form. + + case @deallocator.form of + 0 = plain + | 1 = size + | 2 = alignment + | 4 = destroying_delete + ; +*/ + +/** + * The deallocator function associated with a `delete`, `delete[]`, `new`, or + * `new[]` expression. For a `new` or `new[]` expression, the deallocator is the + * one used to free memory if the initialization throws an exception. + * The `form` column specifies whether the deallocation call contains a size + * argument, and alignment argument, or both. + */ +expr_deallocator( + unique int expr: @new_or_delete_expr ref, + int func: @function ref, + int form: int ref +); + +/** + * Holds if the `@conditionalexpr` is of the two operand form + * `guard ? : false`. + */ +expr_cond_two_operand( + unique int cond: @conditionalexpr ref +); + +/** + * The guard of `@conditionalexpr` `guard ? true : false` + */ +expr_cond_guard( + unique int cond: @conditionalexpr ref, + int guard: @expr ref +); + +/** + * The expression used when the guard of `@conditionalexpr` + * `guard ? true : false` holds. For the two operand form + * `guard ?: false` consider using `expr_cond_guard` instead. + */ +expr_cond_true( + unique int cond: @conditionalexpr ref, + int true: @expr ref +); + +/** + * The expression used when the guard of `@conditionalexpr` + * `guard ? true : false` does not hold. + */ +expr_cond_false( + unique int cond: @conditionalexpr ref, + int false: @expr ref +); + +/** A string representation of the value. */ +values( + unique int id: @value, + string str: string ref +); + +/** The actual text in the source code for the value, if any. */ +valuetext( + unique int id: @value ref, + string text: string ref +); + +valuebind( + int val: @value ref, + unique int expr: @expr ref +); + +fieldoffsets( + unique int id: @variable ref, + int byteoffset: int ref, + int bitoffset: int ref +); + +bitfield( + unique int id: @variable ref, + int bits: int ref, + int declared_bits: int ref +); + +/* TODO +memberprefix( + int member: @expr ref, + int prefix: @expr ref +); +*/ + +/* + kind(1) = mbrcallexpr + kind(2) = mbrptrcallexpr + kind(3) = mbrptrmbrcallexpr + kind(4) = ptrmbrptrmbrcallexpr + kind(5) = mbrreadexpr // x.y + kind(6) = mbrptrreadexpr // p->y + kind(7) = mbrptrmbrreadexpr // x.*pm + kind(8) = mbrptrmbrptrreadexpr // x->*pm + kind(9) = staticmbrreadexpr // static x.y + kind(10) = staticmbrptrreadexpr // static p->y +*/ +/* TODO +memberaccess( + int member: @expr ref, + int kind: int ref +); +*/ + +initialisers( + unique int init: @initialiser, + int var: @accessible ref, + unique int expr: @expr ref, + int location: @location_default ref +); + +braced_initialisers( + int init: @initialiser ref +); + +/** + * An ancestor for the expression, for cases in which we cannot + * otherwise find the expression's parent. + */ +expr_ancestor( + int exp: @expr ref, + int ancestor: @element ref +); + +exprs( + unique int id: @expr, + int kind: int ref, + int location: @location_default ref +); + +expr_reuse( + int reuse: @expr ref, + int original: @expr ref, + int value_category: int ref +) + +/* + case @value.category of + 1 = prval + | 2 = xval + | 3 = lval + ; +*/ +expr_types( + int id: @expr ref, + int typeid: @type ref, + int value_category: int ref +); + +case @expr.kind of + 1 = @errorexpr +| 2 = @address_of // & AddressOfExpr +| 3 = @reference_to // ReferenceToExpr (implicit?) +| 4 = @indirect // * PointerDereferenceExpr +| 5 = @ref_indirect // ReferenceDereferenceExpr (implicit?) +// ... +| 8 = @array_to_pointer // (???) +| 9 = @vacuous_destructor_call // VacuousDestructorCall +// ... +| 11 = @assume // Microsoft +| 12 = @parexpr +| 13 = @arithnegexpr +| 14 = @unaryplusexpr +| 15 = @complementexpr +| 16 = @notexpr +| 17 = @conjugation // GNU ~ operator +| 18 = @realpartexpr // GNU __real +| 19 = @imagpartexpr // GNU __imag +| 20 = @postincrexpr +| 21 = @postdecrexpr +| 22 = @preincrexpr +| 23 = @predecrexpr +| 24 = @conditionalexpr +| 25 = @addexpr +| 26 = @subexpr +| 27 = @mulexpr +| 28 = @divexpr +| 29 = @remexpr +| 30 = @jmulexpr // C99 mul imaginary +| 31 = @jdivexpr // C99 div imaginary +| 32 = @fjaddexpr // C99 add real + imaginary +| 33 = @jfaddexpr // C99 add imaginary + real +| 34 = @fjsubexpr // C99 sub real - imaginary +| 35 = @jfsubexpr // C99 sub imaginary - real +| 36 = @paddexpr // pointer add (pointer + int or int + pointer) +| 37 = @psubexpr // pointer sub (pointer - integer) +| 38 = @pdiffexpr // difference between two pointers +| 39 = @lshiftexpr +| 40 = @rshiftexpr +| 41 = @andexpr +| 42 = @orexpr +| 43 = @xorexpr +| 44 = @eqexpr +| 45 = @neexpr +| 46 = @gtexpr +| 47 = @ltexpr +| 48 = @geexpr +| 49 = @leexpr +| 50 = @minexpr // GNU minimum +| 51 = @maxexpr // GNU maximum +| 52 = @assignexpr +| 53 = @assignaddexpr +| 54 = @assignsubexpr +| 55 = @assignmulexpr +| 56 = @assigndivexpr +| 57 = @assignremexpr +| 58 = @assignlshiftexpr +| 59 = @assignrshiftexpr +| 60 = @assignandexpr +| 61 = @assignorexpr +| 62 = @assignxorexpr +| 63 = @assignpaddexpr // assign pointer add +| 64 = @assignpsubexpr // assign pointer sub +| 65 = @andlogicalexpr +| 66 = @orlogicalexpr +| 67 = @commaexpr +| 68 = @subscriptexpr // access to member of an array, e.g., a[5] +// ... 69 @objc_subscriptexpr deprecated +// ... 70 @cmdaccess deprecated +// ... +| 73 = @virtfunptrexpr +| 74 = @callexpr +// ... 75 @msgexpr_normal deprecated +// ... 76 @msgexpr_super deprecated +// ... 77 @atselectorexpr deprecated +// ... 78 @atprotocolexpr deprecated +| 79 = @vastartexpr +| 80 = @vaargexpr +| 81 = @vaendexpr +| 82 = @vacopyexpr +// ... 83 @atencodeexpr deprecated +| 84 = @varaccess +| 85 = @thisaccess +// ... 86 @objc_box_expr deprecated +| 87 = @new_expr +| 88 = @delete_expr +| 89 = @throw_expr +| 90 = @condition_decl // a variable declared in a condition, e.g., if(int x = y > 2) +| 91 = @braced_init_list +| 92 = @type_id +| 93 = @runtime_sizeof +| 94 = @runtime_alignof +| 95 = @sizeof_pack +| 96 = @expr_stmt // GNU extension +| 97 = @routineexpr +| 98 = @type_operand // used to access a type in certain contexts (haven't found any examples yet....) +| 99 = @offsetofexpr // offsetof ::= type and field +| 100 = @hasassignexpr // __has_assign ::= type +| 101 = @hascopyexpr // __has_copy ::= type +| 102 = @hasnothrowassign // __has_nothrow_assign ::= type +| 103 = @hasnothrowconstr // __has_nothrow_constructor ::= type +| 104 = @hasnothrowcopy // __has_nothrow_copy ::= type +| 105 = @hastrivialassign // __has_trivial_assign ::= type +| 106 = @hastrivialconstr // __has_trivial_constructor ::= type +| 107 = @hastrivialcopy // __has_trivial_copy ::= type +| 108 = @hasuserdestr // __has_user_destructor ::= type +| 109 = @hasvirtualdestr // __has_virtual_destructor ::= type +| 110 = @isabstractexpr // __is_abstract ::= type +| 111 = @isbaseofexpr // __is_base_of ::= type type +| 112 = @isclassexpr // __is_class ::= type +| 113 = @isconvtoexpr // __is_convertible_to ::= type type +| 114 = @isemptyexpr // __is_empty ::= type +| 115 = @isenumexpr // __is_enum ::= type +| 116 = @ispodexpr // __is_pod ::= type +| 117 = @ispolyexpr // __is_polymorphic ::= type +| 118 = @isunionexpr // __is_union ::= type +| 119 = @typescompexpr // GNU __builtin_types_compatible ::= type type +| 120 = @intaddrexpr // frontend internal builtin, used to implement offsetof +// ... +| 122 = @hastrivialdestructor // __has_trivial_destructor ::= type +| 123 = @literal +| 124 = @uuidof +| 127 = @aggregateliteral +| 128 = @delete_array_expr +| 129 = @new_array_expr +// ... 130 @objc_array_literal deprecated +// ... 131 @objc_dictionary_literal deprecated +| 132 = @foldexpr +// ... +| 200 = @ctordirectinit +| 201 = @ctorvirtualinit +| 202 = @ctorfieldinit +| 203 = @ctordelegatinginit +| 204 = @dtordirectdestruct +| 205 = @dtorvirtualdestruct +| 206 = @dtorfielddestruct +// ... +| 210 = @static_cast +| 211 = @reinterpret_cast +| 212 = @const_cast +| 213 = @dynamic_cast +| 214 = @c_style_cast +| 215 = @lambdaexpr +| 216 = @param_ref +| 217 = @noopexpr +// ... +| 294 = @istriviallyconstructibleexpr +| 295 = @isdestructibleexpr +| 296 = @isnothrowdestructibleexpr +| 297 = @istriviallydestructibleexpr +| 298 = @istriviallyassignableexpr +| 299 = @isnothrowassignableexpr +| 300 = @istrivialexpr +| 301 = @isstandardlayoutexpr +| 302 = @istriviallycopyableexpr +| 303 = @isliteraltypeexpr +| 304 = @hastrivialmoveconstructorexpr +| 305 = @hastrivialmoveassignexpr +| 306 = @hasnothrowmoveassignexpr +| 307 = @isconstructibleexpr +| 308 = @isnothrowconstructibleexpr +| 309 = @hasfinalizerexpr +| 310 = @isdelegateexpr +| 311 = @isinterfaceclassexpr +| 312 = @isrefarrayexpr +| 313 = @isrefclassexpr +| 314 = @issealedexpr +| 315 = @issimplevalueclassexpr +| 316 = @isvalueclassexpr +| 317 = @isfinalexpr +| 319 = @noexceptexpr +| 320 = @builtinshufflevector +| 321 = @builtinchooseexpr +| 322 = @builtinaddressof +| 323 = @vec_fill +| 324 = @builtinconvertvector +| 325 = @builtincomplex +| 326 = @spaceshipexpr +| 327 = @co_await +| 328 = @co_yield +| 329 = @temp_init +| 330 = @isassignable +| 331 = @isaggregate +| 332 = @hasuniqueobjectrepresentations +| 333 = @builtinbitcast +| 334 = @builtinshuffle +| 335 = @blockassignexpr +| 336 = @issame +| 337 = @isfunction +| 338 = @islayoutcompatible +| 339 = @ispointerinterconvertiblebaseof +| 340 = @isarray +| 341 = @arrayrank +| 342 = @arrayextent +| 343 = @isarithmetic +| 344 = @iscompletetype +| 345 = @iscompound +| 346 = @isconst +| 347 = @isfloatingpoint +| 348 = @isfundamental +| 349 = @isintegral +| 350 = @islvaluereference +| 351 = @ismemberfunctionpointer +| 352 = @ismemberobjectpointer +| 353 = @ismemberpointer +| 354 = @isobject +| 355 = @ispointer +| 356 = @isreference +| 357 = @isrvaluereference +| 358 = @isscalar +| 359 = @issigned +| 360 = @isunsigned +| 361 = @isvoid +| 362 = @isvolatile +| 363 = @reuseexpr +| 364 = @istriviallycopyassignable +| 365 = @isassignablenopreconditioncheck +| 366 = @referencebindstotemporary +| 367 = @issameas +| 368 = @builtinhasattribute +| 369 = @ispointerinterconvertiblewithclass +| 370 = @builtinispointerinterconvertiblewithclass +| 371 = @iscorrespondingmember +| 372 = @builtiniscorrespondingmember +| 373 = @isboundedarray +| 374 = @isunboundedarray +| 375 = @isreferenceable +| 378 = @isnothrowconvertible +| 379 = @referenceconstructsfromtemporary +| 380 = @referenceconvertsfromtemporary +| 381 = @isconvertible +| 382 = @isvalidwinrttype +| 383 = @iswinclass +| 384 = @iswininterface +| 385 = @istriviallyequalitycomparable +| 386 = @isscopedenum +| 387 = @istriviallyrelocatable +| 388 = @datasizeof +| 389 = @c11_generic +| 390 = @requires_expr +| 391 = @nested_requirement +| 392 = @compound_requirement +| 393 = @concept_id +| 394 = @isinvocable +| 395 = @isnothrowinvocable +| 396 = @isbitwisecloneable +; + +@var_args_expr = @vastartexpr + | @vaendexpr + | @vaargexpr + | @vacopyexpr + ; + +@builtin_op = @var_args_expr + | @noopexpr + | @offsetofexpr + | @intaddrexpr + | @hasassignexpr + | @hascopyexpr + | @hasnothrowassign + | @hasnothrowconstr + | @hasnothrowcopy + | @hastrivialassign + | @hastrivialconstr + | @hastrivialcopy + | @hastrivialdestructor + | @hasuserdestr + | @hasvirtualdestr + | @isabstractexpr + | @isbaseofexpr + | @isclassexpr + | @isconvtoexpr + | @isemptyexpr + | @isenumexpr + | @ispodexpr + | @ispolyexpr + | @isunionexpr + | @typescompexpr + | @builtinshufflevector + | @builtinconvertvector + | @builtinaddressof + | @istriviallyconstructibleexpr + | @isdestructibleexpr + | @isnothrowdestructibleexpr + | @istriviallydestructibleexpr + | @istriviallyassignableexpr + | @isnothrowassignableexpr + | @istrivialexpr + | @isstandardlayoutexpr + | @istriviallycopyableexpr + | @isliteraltypeexpr + | @hastrivialmoveconstructorexpr + | @hastrivialmoveassignexpr + | @hasnothrowmoveassignexpr + | @isconstructibleexpr + | @isnothrowconstructibleexpr + | @hasfinalizerexpr + | @isdelegateexpr + | @isinterfaceclassexpr + | @isrefarrayexpr + | @isrefclassexpr + | @issealedexpr + | @issimplevalueclassexpr + | @isvalueclassexpr + | @isfinalexpr + | @builtinchooseexpr + | @builtincomplex + | @isassignable + | @isaggregate + | @hasuniqueobjectrepresentations + | @builtinbitcast + | @builtinshuffle + | @issame + | @isfunction + | @islayoutcompatible + | @ispointerinterconvertiblebaseof + | @isarray + | @arrayrank + | @arrayextent + | @isarithmetic + | @iscompletetype + | @iscompound + | @isconst + | @isfloatingpoint + | @isfundamental + | @isintegral + | @islvaluereference + | @ismemberfunctionpointer + | @ismemberobjectpointer + | @ismemberpointer + | @isobject + | @ispointer + | @isreference + | @isrvaluereference + | @isscalar + | @issigned + | @isunsigned + | @isvoid + | @isvolatile + | @istriviallycopyassignable + | @isassignablenopreconditioncheck + | @referencebindstotemporary + | @issameas + | @builtinhasattribute + | @ispointerinterconvertiblewithclass + | @builtinispointerinterconvertiblewithclass + | @iscorrespondingmember + | @builtiniscorrespondingmember + | @isboundedarray + | @isunboundedarray + | @isreferenceable + | @isnothrowconvertible + | @referenceconstructsfromtemporary + | @referenceconvertsfromtemporary + | @isconvertible + | @isvalidwinrttype + | @iswinclass + | @iswininterface + | @istriviallyequalitycomparable + | @isscopedenum + | @istriviallyrelocatable + | @isinvocable + | @isnothrowinvocable + | @isbitwisecloneable + ; + +compound_requirement_is_noexcept( + int expr: @compound_requirement ref +); + +new_allocated_type( + unique int expr: @new_expr ref, + int type_id: @type ref +); + +new_array_allocated_type( + unique int expr: @new_array_expr ref, + int type_id: @type ref +); + +param_ref_to_this( + int expr: @param_ref ref +) + +/** + * The field being initialized by an initializer expression within an aggregate + * initializer for a class/struct/union. Position is used to sort repeated initializers. + */ +#keyset[aggregate, position] +aggregate_field_init( + int aggregate: @aggregateliteral ref, + int initializer: @expr ref, + int field: @membervariable ref, + int position: int ref, + boolean is_designated: boolean ref +); + +/** + * The index of the element being initialized by an initializer expression + * within an aggregate initializer for an array. Position is used to sort repeated initializers. + */ +#keyset[aggregate, position] +aggregate_array_init( + int aggregate: @aggregateliteral ref, + int initializer: @expr ref, + int element_index: int ref, + int position: int ref, + boolean is_designated: boolean ref +); + +@ctorinit = @ctordirectinit + | @ctorvirtualinit + | @ctorfieldinit + | @ctordelegatinginit; +@dtordestruct = @dtordirectdestruct + | @dtorvirtualdestruct + | @dtorfielddestruct; + + +condition_decl_bind( + unique int expr: @condition_decl ref, + unique int decl: @declaration ref +); + +typeid_bind( + unique int expr: @type_id ref, + int type_id: @type ref +); + +uuidof_bind( + unique int expr: @uuidof ref, + int type_id: @type ref +); + +@sizeof_or_alignof = @runtime_sizeof | @runtime_alignof | @datasizeof | @sizeof_pack; + +sizeof_bind( + unique int expr: @sizeof_or_alignof ref, + int type_id: @type ref +); + +code_block( + unique int block: @literal ref, + unique int routine: @function ref +); + +lambdas( + unique int expr: @lambdaexpr ref, + string default_capture: string ref, + boolean has_explicit_return_type: boolean ref, + boolean has_explicit_parameter_list: boolean ref +); + +lambda_capture( + unique int id: @lambdacapture, + int lambda: @lambdaexpr ref, + int index: int ref, + int field: @membervariable ref, + boolean captured_by_reference: boolean ref, + boolean is_implicit: boolean ref, + int location: @location_default ref +); + +@funbindexpr = @routineexpr + | @new_expr + | @delete_expr + | @delete_array_expr + | @ctordirectinit + | @ctorvirtualinit + | @ctordelegatinginit + | @dtordirectdestruct + | @dtorvirtualdestruct; + +@varbindexpr = @varaccess | @ctorfieldinit | @dtorfielddestruct; +@addressable = @function | @variable ; +@accessible = @addressable | @enumconstant ; + +@access = @varaccess | @routineexpr ; + +fold( + int expr: @foldexpr ref, + string operator: string ref, + boolean is_left_fold: boolean ref +); + +stmts( + unique int id: @stmt, + int kind: int ref, + int location: @location_default ref +); + +case @stmt.kind of + 1 = @stmt_expr +| 2 = @stmt_if +| 3 = @stmt_while +| 4 = @stmt_goto +| 5 = @stmt_label +| 6 = @stmt_return +| 7 = @stmt_block +| 8 = @stmt_end_test_while // do { ... } while ( ... ) +| 9 = @stmt_for +| 10 = @stmt_switch_case +| 11 = @stmt_switch +| 13 = @stmt_asm // "asm" statement or the body of an asm function +| 15 = @stmt_try_block +| 16 = @stmt_microsoft_try // Microsoft +| 17 = @stmt_decl +| 18 = @stmt_set_vla_size // C99 +| 19 = @stmt_vla_decl // C99 +| 25 = @stmt_assigned_goto // GNU +| 26 = @stmt_empty +| 27 = @stmt_continue +| 28 = @stmt_break +| 29 = @stmt_range_based_for // C++11 +// ... 30 @stmt_at_autoreleasepool_block deprecated +// ... 31 @stmt_objc_for_in deprecated +// ... 32 @stmt_at_synchronized deprecated +| 33 = @stmt_handler +// ... 34 @stmt_finally_end deprecated +| 35 = @stmt_constexpr_if +| 37 = @stmt_co_return +| 38 = @stmt_consteval_if +| 39 = @stmt_not_consteval_if +| 40 = @stmt_leave +; + +type_vla( + int type_id: @type ref, + int decl: @stmt_vla_decl ref +); + +variable_vla( + int var: @variable ref, + int decl: @stmt_vla_decl ref +); + +type_is_vla(unique int type_id: @derivedtype ref) + +if_initialization( + unique int if_stmt: @stmt_if ref, + int init_id: @stmt ref +); + +if_then( + unique int if_stmt: @stmt_if ref, + int then_id: @stmt ref +); + +if_else( + unique int if_stmt: @stmt_if ref, + int else_id: @stmt ref +); + +constexpr_if_initialization( + unique int constexpr_if_stmt: @stmt_constexpr_if ref, + int init_id: @stmt ref +); + +constexpr_if_then( + unique int constexpr_if_stmt: @stmt_constexpr_if ref, + int then_id: @stmt ref +); + +constexpr_if_else( + unique int constexpr_if_stmt: @stmt_constexpr_if ref, + int else_id: @stmt ref +); + +@stmt_consteval_or_not_consteval_if = @stmt_consteval_if | @stmt_not_consteval_if; + +consteval_if_then( + unique int constexpr_if_stmt: @stmt_consteval_or_not_consteval_if ref, + int then_id: @stmt ref +); + +consteval_if_else( + unique int constexpr_if_stmt: @stmt_consteval_or_not_consteval_if ref, + int else_id: @stmt ref +); + +while_body( + unique int while_stmt: @stmt_while ref, + int body_id: @stmt ref +); + +do_body( + unique int do_stmt: @stmt_end_test_while ref, + int body_id: @stmt ref +); + +switch_initialization( + unique int switch_stmt: @stmt_switch ref, + int init_id: @stmt ref +); + +#keyset[switch_stmt, index] +switch_case( + int switch_stmt: @stmt_switch ref, + int index: int ref, + int case_id: @stmt_switch_case ref +); + +switch_body( + unique int switch_stmt: @stmt_switch ref, + int body_id: @stmt ref +); + +@stmt_for_or_range_based_for = @stmt_for + | @stmt_range_based_for; + +for_initialization( + unique int for_stmt: @stmt_for_or_range_based_for ref, + int init_id: @stmt ref +); + +for_condition( + unique int for_stmt: @stmt_for ref, + int condition_id: @expr ref +); + +for_update( + unique int for_stmt: @stmt_for ref, + int update_id: @expr ref +); + +for_body( + unique int for_stmt: @stmt_for ref, + int body_id: @stmt ref +); + +@stmtparent = @stmt | @expr_stmt ; +stmtparents( + unique int id: @stmt ref, + int index: int ref, + int parent: @stmtparent ref +); + +ishandler(unique int block: @stmt_block ref); + +@cfgnode = @stmt | @expr | @function | @initialiser ; + +stmt_decl_bind( + int stmt: @stmt_decl ref, + int num: int ref, + int decl: @declaration ref +); + +stmt_decl_entry_bind( + int stmt: @stmt_decl ref, + int num: int ref, + int decl_entry: @element ref +); + +@parameterized_element = @function | @stmt_block | @requires_expr; + +blockscope( + unique int block: @stmt_block ref, + int enclosing: @parameterized_element ref +); + +@jump = @stmt_goto | @stmt_break | @stmt_continue | @stmt_leave; + +@jumporlabel = @jump | @stmt_label | @literal; + +jumpinfo( + unique int id: @jumporlabel ref, + string str: string ref, + int target: @stmt ref +); + +preprocdirects( + unique int id: @preprocdirect, + int kind: int ref, + int location: @location_default ref +); +case @preprocdirect.kind of + 0 = @ppd_if +| 1 = @ppd_ifdef +| 2 = @ppd_ifndef +| 3 = @ppd_elif +| 4 = @ppd_else +| 5 = @ppd_endif +| 6 = @ppd_plain_include +| 7 = @ppd_define +| 8 = @ppd_undef +| 9 = @ppd_line +| 10 = @ppd_error +| 11 = @ppd_pragma +| 12 = @ppd_objc_import +| 13 = @ppd_include_next +| 14 = @ppd_ms_import +| 15 = @ppd_elifdef +| 16 = @ppd_elifndef +| 17 = @ppd_embed +| 18 = @ppd_warning +; + +@ppd_include = @ppd_plain_include | @ppd_objc_import | @ppd_include_next | @ppd_ms_import; + +@ppd_branch = @ppd_if | @ppd_ifdef | @ppd_ifndef | @ppd_elif | @ppd_elifdef | @ppd_elifndef; + +preprocpair( + int begin : @ppd_branch ref, + int elseelifend : @preprocdirect ref +); + +preproctrue(int branch : @ppd_branch ref); +preprocfalse(int branch : @ppd_branch ref); + +preproctext( + unique int id: @preprocdirect ref, + string head: string ref, + string body: string ref +); + +includes( + unique int id: @ppd_include ref, + int included: @file ref +); + +embeds( + unique int id: @ppd_embed ref, + int included: @file ref +); + +link_targets( + int id: @link_target, + int binary: @file ref +); + +link_parent( + int element : @element ref, + int link_target : @link_target ref +); + +/*- Database metadata -*/ + +/** + * The CLI will automatically emit applicable tuples for this table, + * such as `databaseMetadata("isOverlay", "true")` when building an + * overlay database. + */ +databaseMetadata( + string metadataKey: string ref, + string value: string ref +); + +/*- Overlay support -*/ + +/** + * The CLI will automatically emit tuples for each new/modified/deleted file + * when building an overlay database. + */ +overlayChangedFiles( + string path: string ref +); + +/*- XML Files -*/ + +xmlEncoding( + unique int id: @file ref, + string encoding: string ref +); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref +); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref +); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref +); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref +); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref +); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref +); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref +); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref +); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; diff --git a/cpp/ql/lib/upgrades/837c4e02326aee4582405d069263092e80a15d82/semmlecode.cpp.dbscheme b/cpp/ql/lib/upgrades/837c4e02326aee4582405d069263092e80a15d82/semmlecode.cpp.dbscheme new file mode 100644 index 000000000000..ef8d209a22e2 --- /dev/null +++ b/cpp/ql/lib/upgrades/837c4e02326aee4582405d069263092e80a15d82/semmlecode.cpp.dbscheme @@ -0,0 +1,2577 @@ + +/*- Compilations -*/ + +/** + * An invocation of the compiler. Note that more than one file may be + * compiled per invocation. For example, this command compiles three + * source files: + * + * gcc -c f1.c f2.c f3.c + * + * The `id` simply identifies the invocation, while `cwd` is the working + * directory from which the compiler was invoked. + */ +compilations( + /** + * An invocation of the compiler. Note that more than one file may + * be compiled per invocation. For example, this command compiles + * three source files: + * + * gcc -c f1.c f2.c f3.c + */ + unique int id : @compilation, + string cwd : string ref +); + +/** + * The arguments that were passed to the extractor for a compiler + * invocation. If `id` is for the compiler invocation + * + * gcc -c f1.c f2.c f3.c + * + * then typically there will be rows for + * + * num | arg + * --- | --- + * 0 | *path to extractor* + * 1 | `--mimic` + * 2 | `/usr/bin/gcc` + * 3 | `-c` + * 4 | f1.c + * 5 | f2.c + * 6 | f3.c + */ +#keyset[id, num] +compilation_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The expanded arguments that were passed to the extractor for a + * compiler invocation. This is similar to `compilation_args`, but + * for a `@someFile` argument, it includes the arguments from that + * file, rather than just taking the argument literally. + */ +#keyset[id, num] +compilation_expanded_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * Optionally, record the build mode for each compilation. + */ +compilation_build_mode( + unique int id : @compilation ref, + int mode : int ref +); + +/* +case @compilation_build_mode.mode of + 0 = @build_mode_none +| 1 = @build_mode_manual +| 2 = @build_mode_auto +; +*/ + +/** + * The source files that are compiled by a compiler invocation. + * If `id` is for the compiler invocation + * + * gcc -c f1.c f2.c f3.c + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | f1.c + * 1 | f2.c + * 2 | f3.c + * + * Note that even if those files `#include` headers, those headers + * do not appear as rows. + */ +#keyset[id, num] +compilation_compiling_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The time taken by the extractor for a compiler invocation. + * + * For each file `num`, there will be rows for + * + * kind | seconds + * ---- | --- + * 1 | CPU seconds used by the extractor frontend + * 2 | Elapsed seconds during the extractor frontend + * 3 | CPU seconds used by the extractor backend + * 4 | Elapsed seconds during the extractor backend + */ +#keyset[id, num, kind] +compilation_time( + int id : @compilation ref, + int num : int ref, + /* kind: + 1 = frontend_cpu_seconds + 2 = frontend_elapsed_seconds + 3 = extractor_cpu_seconds + 4 = extractor_elapsed_seconds + */ + int kind : int ref, + float seconds : float ref +); + +/** + * An error or warning generated by the extractor. + * The diagnostic message `diagnostic` was generated during compiler + * invocation `compilation`, and is the `file_number_diagnostic_number`th + * message generated while extracting the `file_number`th file of that + * invocation. + */ +#keyset[compilation, file_number, file_number_diagnostic_number] +diagnostic_for( + int diagnostic : @diagnostic ref, + int compilation : @compilation ref, + int file_number : int ref, + int file_number_diagnostic_number : int ref +); + +/** + * If extraction was successful, then `cpu_seconds` and + * `elapsed_seconds` are the CPU time and elapsed time (respectively) + * that extraction took for compiler invocation `id`. + */ +compilation_finished( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref +); + +/*- External data -*/ + +/** + * External data, loaded from CSV files during snapshot creation. See + * [Tutorial: Incorporating external data](https://help.semmle.com/wiki/display/SD/Tutorial%3A+Incorporating+external+data) + * for more information. + */ +externalData( + int id : @externalDataElement, + string path : string ref, + int column: int ref, + string value : string ref +); + +/*- Source location prefix -*/ + +/** + * The source location of the snapshot. + */ +sourceLocationPrefix(string prefix : string ref); + +/*- Files and folders -*/ + +/** + * The location of an element. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @file | @folder + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +/*- Lines of code -*/ + +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref +); + +/*- Diagnostic messages -*/ + +diagnostics( + unique int id: @diagnostic, + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location_default ref +); + +/*- C++ dbscheme -*/ + +extractor_version( + string codeql_version: string ref, + string frontend_version: string ref +) + +/** + * Gives the TRAP filename that `trap` is associated with. + * For debugging only. + */ +trap_filename( + int trap: @trap, + string filename: string ref +); + +/** + * Gives the tag name for `tag`. + * For debugging only. + */ +tag_name( + int tag: @tag, + string name: string ref +); + +@trap_or_tag = @tag | @trap; + +/** + * Gives the name for the source file. + */ +source_file_name( + int sf: @source_file, + string name: string ref +); + +/** + * In `build-mode: none` overlay mode, indicates that `source_file` + * (`/path/to/foo.c`) uses the TRAP file `trap_file`; i.e. it is the + * TRAP file corresponding to `foo.c`, something it transitively + * includes, or a template instantiation it transitively uses. + */ +source_file_uses_trap( + int source_file: @source_file ref, + int trap_file: @trap ref +); + +/** + * In `build-mode: none` overlay mode, indicates that the TRAP file + * `trap_file` uses tag `tag`. + */ +trap_uses_tag( + int trap_file: @trap ref, + int tag: @tag ref +); + +/** + * Holds if there is a definition of `element` in TRAP file or tag `t`. + */ +in_trap_or_tag( + int element: @element ref, + int t: @trap_or_tag ref +); + +pch_uses( + int pch: @pch ref, + int compilation: @compilation ref, + int id: @file ref +) + +#keyset[pch, compilation] +pch_creations( + int pch: @pch, + int compilation: @compilation ref, + int from: @file ref +) + +/** An element for which line-count information is available. */ +@sourceline = @file | @function | @variable | @enumconstant | @xmllocatable; + +fileannotations( + int id: @file ref, + int kind: int ref, + string name: string ref, + string value: string ref +); + +inmacroexpansion( + int id: @element ref, + int inv: @macroinvocation ref +); + +affectedbymacroexpansion( + int id: @element ref, + int inv: @macroinvocation ref +); + +case @macroinvocation.kind of + 1 = @macro_expansion +| 2 = @other_macro_reference +; + +macroinvocations( + unique int id: @macroinvocation, + int macro_id: @ppd_define ref, + int location: @location_default ref, + int kind: int ref +); + +macroparent( + unique int id: @macroinvocation ref, + int parent_id: @macroinvocation ref +); + +// a macroinvocation may be part of another location +// the way to find a constant expression that uses a macro +// is thus to find a constant expression that has a location +// to which a macro invocation is bound +macrolocationbind( + int id: @macroinvocation ref, + int location: @location_default ref +); + +#keyset[invocation, argument_index] +macro_argument_unexpanded( + int invocation: @macroinvocation ref, + int argument_index: int ref, + string text: string ref +); + +#keyset[invocation, argument_index] +macro_argument_expanded( + int invocation: @macroinvocation ref, + int argument_index: int ref, + string text: string ref +); + +case @function.kind of + 0 = @unknown_function +| 1 = @normal_function +| 2 = @constructor +| 3 = @destructor +| 4 = @conversion_function +| 5 = @operator +// ... 6 = @builtin_function deprecated // GCC built-in functions, e.g. __builtin___memcpy_chk +| 7 = @user_defined_literal +| 8 = @deduction_guide +; + +functions( + unique int id: @function, + string name: string ref, + int kind: int ref +); + +builtin_functions( + int id: @function ref +) + +function_entry_point( + int id: @function ref, + unique int entry_point: @stmt ref +); + +function_return_type( + int id: @function ref, + int return_type: @type ref +); + +/** + * If `function` is a coroutine, then this gives the `std::experimental::resumable_traits` + * instance associated with it, and the variables representing the `handle` and `promise` + * for it. + */ +coroutine( + unique int function: @function ref, + int traits: @type ref +); + +/* +case @coroutine_placeholder_variable.kind of + 1 = @handle +| 2 = @promise +| 3 = @init_await_resume +; +*/ + +coroutine_placeholder_variable( + unique int placeholder_variable: @variable ref, + int kind: int ref, + int function: @function ref +) + +/** The `new` function used for allocating the coroutine state, if any. */ +coroutine_new( + unique int function: @function ref, + int new: @function ref +); + +/** The `delete` function used for deallocating the coroutine state, if any. */ +coroutine_delete( + unique int function: @function ref, + int delete: @function ref +); + +purefunctions(unique int id: @function ref); + +function_deleted(unique int id: @function ref); + +function_defaulted(unique int id: @function ref); + +function_prototyped(unique int id: @function ref) + +deduction_guide_for_class( + int id: @function ref, + int class_template: @usertype ref +) + +member_function_this_type( + unique int id: @function ref, + int this_type: @type ref +); + +#keyset[id, type_id] +fun_decls( + int id: @fun_decl, + int function: @function ref, + int type_id: @type ref, + string name: string ref, + int location: @location_default ref +); +fun_def(unique int id: @fun_decl ref); +fun_specialized(unique int id: @fun_decl ref); +fun_implicit(unique int id: @fun_decl ref); +fun_decl_specifiers( + int id: @fun_decl ref, + string name: string ref +) +#keyset[fun_decl, index] +fun_decl_throws( + int fun_decl: @fun_decl ref, + int index: int ref, + int type_id: @type ref +); +/* an empty throw specification is different from none */ +fun_decl_empty_throws(unique int fun_decl: @fun_decl ref); +fun_decl_noexcept( + int fun_decl: @fun_decl ref, + int constant: @expr ref +); +fun_decl_empty_noexcept(int fun_decl: @fun_decl ref); +fun_decl_typedef_type( + unique int fun_decl: @fun_decl ref, + int typedeftype_id: @usertype ref +); + +/* +case @fun_requires.kind of + 1 = @template_attached +| 2 = @function_attached +; +*/ + +fun_requires( + int id: @fun_decl ref, + int kind: int ref, + int constraint: @expr ref +); + +param_decl_bind( + unique int id: @var_decl ref, + int index: int ref, + int fun_decl: @fun_decl ref +); + +#keyset[id, type_id] +var_decls( + int id: @var_decl, + int variable: @variable ref, + int type_id: @type ref, + string name: string ref, + int location: @location_default ref +); +var_def(unique int id: @var_decl ref); +var_specialized(int id: @var_decl ref); +var_decl_specifiers( + int id: @var_decl ref, + string name: string ref +) +is_structured_binding(unique int id: @variable ref); +var_requires( + int id: @var_decl ref, + int constraint: @expr ref +); + +type_decls( + unique int id: @type_decl, + int type_id: @type ref, + int location: @location_default ref +); +type_def(unique int id: @type_decl ref); +type_decl_top( + unique int type_decl: @type_decl ref +); +type_requires( + int id: @type_decl ref, + int constraint: @expr ref +); + +namespace_decls( + unique int id: @namespace_decl, + int namespace_id: @namespace ref, + int location: @location_default ref, + int bodylocation: @location_default ref +); + +case @using.kind of + 1 = @using_declaration +| 2 = @using_directive +| 3 = @using_enum_declaration +; + +usings( + unique int id: @using, + int element_id: @element ref, + int location: @location_default ref, + int kind: int ref +); + +/** The element which contains the `using` declaration. */ +using_container( + int parent: @element ref, + int child: @using ref +); + +static_asserts( + unique int id: @static_assert, + int condition : @expr ref, + string message : string ref, + int location: @location_default ref, + int enclosing : @element ref +); + +// each function has an ordered list of parameters +#keyset[id, type_id] +#keyset[function, index, type_id] +params( + int id: @parameter, + int function: @parameterized_element ref, + int index: int ref, + int type_id: @type ref +); + +overrides( + int new: @function ref, + int old: @function ref +); + +#keyset[id, type_id] +membervariables( + int id: @membervariable, + int type_id: @type ref, + string name: string ref +); + +#keyset[id, type_id] +globalvariables( + int id: @globalvariable, + int type_id: @type ref, + string name: string ref +); + +#keyset[id, type_id] +localvariables( + int id: @localvariable, + int type_id: @type ref, + string name: string ref +); + +autoderivation( + unique int var: @variable ref, + int derivation_type: @type ref +); + +orphaned_variables( + int var: @localvariable ref, + int function: @function ref +) + +enumconstants( + unique int id: @enumconstant, + int parent: @usertype ref, + int index: int ref, + int type_id: @type ref, + string name: string ref, + int location: @location_default ref +); + +@variable = @localscopevariable | @globalvariable | @membervariable; + +@localscopevariable = @localvariable | @parameter; + +/** + * Built-in types are the fundamental types, e.g., integral, floating, and void. + */ +case @builtintype.kind of + 1 = @errortype +| 2 = @unknowntype +| 3 = @void +| 4 = @boolean +| 5 = @char +| 6 = @unsigned_char +| 7 = @signed_char +| 8 = @short +| 9 = @unsigned_short +| 10 = @signed_short +| 11 = @int +| 12 = @unsigned_int +| 13 = @signed_int +| 14 = @long +| 15 = @unsigned_long +| 16 = @signed_long +| 17 = @long_long +| 18 = @unsigned_long_long +| 19 = @signed_long_long +// ... 20 Microsoft-specific __int8 +// ... 21 Microsoft-specific __int16 +// ... 22 Microsoft-specific __int32 +// ... 23 Microsoft-specific __int64 +| 24 = @float +| 25 = @double +| 26 = @long_double +| 27 = @complex_float // C99-specific _Complex float +| 28 = @complex_double // C99-specific _Complex double +| 29 = @complex_long_double // C99-specific _Complex long double +| 30 = @imaginary_float // C99-specific _Imaginary float +| 31 = @imaginary_double // C99-specific _Imaginary double +| 32 = @imaginary_long_double // C99-specific _Imaginary long double +| 33 = @wchar_t // Microsoft-specific +| 34 = @decltype_nullptr // C++11 +| 35 = @int128 // __int128 +| 36 = @unsigned_int128 // unsigned __int128 +| 37 = @signed_int128 // signed __int128 +| 38 = @float128 // __float128 +| 39 = @complex_float128 // _Complex __float128 +// ... 40 _Decimal32 +// ... 41 _Decimal64 +// ... 42 _Decimal128 +| 43 = @char16_t +| 44 = @char32_t +| 45 = @std_float32 // _Float32 +| 46 = @float32x // _Float32x +| 47 = @std_float64 // _Float64 +| 48 = @float64x // _Float64x +| 49 = @std_float128 // _Float128 +// ... 50 _Float128x +| 51 = @char8_t +| 52 = @float16 // _Float16 +| 53 = @complex_float16 // _Complex _Float16 +| 54 = @fp16 // __fp16 +| 55 = @std_bfloat16 // __bf16 +| 56 = @std_float16 // std::float16_t +| 57 = @complex_std_float32 // _Complex _Float32 +| 58 = @complex_float32x // _Complex _Float32x +| 59 = @complex_std_float64 // _Complex _Float64 +| 60 = @complex_float64x // _Complex _Float64x +| 61 = @complex_std_float128 // _Complex _Float128 +| 62 = @mfp8 // __mfp8 +| 63 = @scalable_vector_count // __SVCount_t +| 64 = @complex_fp16 // _Complex __fp16 +| 65 = @complex_std_bfloat16 // _Complex __bf16 +| 66 = @complex_std_float16 // _Complex std::float16_t +; + +builtintypes( + unique int id: @builtintype, + string name: string ref, + int kind: int ref, + int size: int ref, + int sign: int ref, + int alignment: int ref +); + +/** + * Derived types are types that are directly derived from existing types and + * point to, refer to, transform type data to return a new type. + */ +case @derivedtype.kind of + 1 = @pointer +| 2 = @reference +| 3 = @type_with_specifiers +| 4 = @array +| 5 = @gnu_vector +| 6 = @routineptr +| 7 = @routinereference +| 8 = @rvalue_reference // C++11 +// ... 9 type_conforming_to_protocols deprecated +| 10 = @block +| 11 = @scalable_vector // Arm SVE +; + +derivedtypes( + unique int id: @derivedtype, + string name: string ref, + int kind: int ref, + int type_id: @type ref +); + +pointerishsize(unique int id: @derivedtype ref, + int size: int ref, + int alignment: int ref); + +arraysizes( + unique int id: @derivedtype ref, + int num_elements: int ref, + int bytesize: int ref, + int alignment: int ref +); + +tupleelements( + unique int id: @derivedtype ref, + int num_elements: int ref +); + +typedefbase( + unique int id: @usertype ref, + int type_id: @type ref +); + +/** + * An instance of the C++11 `decltype` operator or C23 `typeof`/`typeof_unqual` + * operator taking an expression as its argument. For example: + * ``` + * int a; + * decltype(1+a) b; + * typeof(1+a) c; + * ``` + * Here `expr` is `1+a`. + * + * Sometimes an additional pair of parentheses around the expression + * changes the semantics of the decltype, e.g. + * ``` + * struct A { double x; }; + * const A* a = new A(); + * decltype( a->x ); // type is double + * decltype((a->x)); // type is const double& + * ``` + * (Please consult the C++11 standard for more details). + * `parentheses_would_change_meaning` is `true` iff that is the case. + */ + +/* +case @decltype.kind of +| 0 = @decltype +| 1 = @typeof // The frontend does not differentiate between typeof and typeof_unqual +; +*/ + +#keyset[id, expr] +decltypes( + int id: @decltype, + int expr: @expr ref, + int kind: int ref, + int base_type: @type ref, + boolean parentheses_would_change_meaning: boolean ref +); + +case @type_operator.kind of + 0 = @typeof // The frontend does not differentiate between typeof and typeof_unqual +| 1 = @underlying_type +| 2 = @bases +| 3 = @direct_bases +| 4 = @add_lvalue_reference +| 5 = @add_pointer +| 6 = @add_rvalue_reference +| 7 = @decay +| 8 = @make_signed +| 9 = @make_unsigned +| 10 = @remove_all_extents +| 11 = @remove_const +| 12 = @remove_cv +| 13 = @remove_cvref +| 14 = @remove_extent +| 15 = @remove_pointer +| 16 = @remove_reference_t +| 17 = @remove_restrict +| 18 = @remove_volatile +| 19 = @remove_reference +; + +type_operators( + unique int id: @type_operator, + int arg_type: @type ref, + int kind: int ref, + int base_type: @type ref +) + +case @usertype.kind of + 0 = @unknown_usertype +| 1 = @struct +| 2 = @class +| 3 = @union +| 4 = @enum +// ... 5 = @typedef deprecated // classic C: typedef typedef type name +// ... 6 = @template deprecated +| 7 = @template_parameter +| 8 = @template_template_parameter +| 9 = @proxy_class // a proxy class associated with a template parameter +// ... 10 objc_class deprecated +// ... 11 objc_protocol deprecated +// ... 12 objc_category deprecated +| 13 = @scoped_enum +// ... 14 = @using_alias deprecated // a using name = type style typedef +| 15 = @template_struct +| 16 = @template_class +| 17 = @template_union +| 18 = @alias +; + +usertypes( + unique int id: @usertype, + string name: string ref, + int kind: int ref +); + +usertypesize( + unique int id: @usertype ref, + int size: int ref, + int alignment: int ref +); + +usertype_final(unique int id: @usertype ref); + +usertype_uuid( + unique int id: @usertype ref, + string uuid: string ref +); + +/* +case @usertype.alias_kind of +| 0 = @typedef +| 1 = @alias +*/ + +usertype_alias_kind( + int id: @usertype ref, + int alias_kind: int ref +) + +nontype_template_parameters( + int id: @expr ref +); + +type_template_type_constraint( + int id: @usertype ref, + int constraint: @expr ref +); + +mangled_name( + unique int id: @declaration ref, + int mangled_name : @mangledname, + boolean is_complete: boolean ref +); + +is_pod_class(unique int id: @usertype ref); +is_standard_layout_class(unique int id: @usertype ref); + +is_complete(unique int id: @usertype ref); + +is_class_template(unique int id: @usertype ref); +class_instantiation( + int to: @usertype ref, + int from: @usertype ref +); +class_template_argument( + int type_id: @usertype ref, + int index: int ref, + int arg_type: @type ref +); +class_template_argument_value( + int type_id: @usertype ref, + int index: int ref, + int arg_value: @expr ref +); +class_template_generated_from( + unique int template: @usertype ref, + int from: @usertype ref +) + +@user_or_decltype = @usertype | @decltype; + +is_proxy_class_for( + unique int id: @usertype ref, + int templ_param_id: @user_or_decltype ref +); + +type_mentions( + unique int id: @type_mention, + int type_id: @type ref, + int location: @location_default ref, + // a_symbol_reference_kind from the frontend. + int kind: int ref +); + +is_function_template(unique int id: @function ref); +function_instantiation( + unique int to: @function ref, + int from: @function ref +); +function_template_argument( + int function_id: @function ref, + int index: int ref, + int arg_type: @type ref +); +function_template_argument_value( + int function_id: @function ref, + int index: int ref, + int arg_value: @expr ref +); +function_template_generated_from( + unique int template: @function ref, + int from: @function ref +); + +is_variable_template(unique int id: @variable ref); +variable_instantiation( + unique int to: @variable ref, + int from: @variable ref +); +variable_template_argument( + int variable_id: @variable ref, + int index: int ref, + int arg_type: @type ref +); +variable_template_argument_value( + int variable_id: @variable ref, + int index: int ref, + int arg_value: @expr ref +); +variable_template_generated_from( + unique int template: @variable ref, + int from: @variable ref +); + +is_alias_template(unique int id: @usertype ref); +alias_instantiation( + unique int to: @usertype ref, + int from: @usertype ref +); +alias_template_argument( + int type_id: @usertype ref, + int index: int ref, + int arg_type: @type ref +); +alias_template_argument_value( + int type_id: @usertype ref, + int index: int ref, + int arg_value: @expr ref +); +alias_template_generated_from( + unique int template: @usertype ref, + int from: @usertype ref +); + +template_template_instantiation( + int to: @usertype ref, + int from: @usertype ref +); +template_template_argument( + int type_id: @usertype ref, + int index: int ref, + int arg_type: @type ref +); +template_template_argument_value( + int type_id: @usertype ref, + int index: int ref, + int arg_value: @expr ref +); + +@concept = @concept_template | @concept_id; + +concept_templates( + unique int concept_id: @concept_template, + string name: string ref, + int location: @location_default ref +); +concept_instantiation( + unique int to: @concept_id ref, + int from: @concept_template ref +); +is_type_constraint(int concept_id: @concept_id ref); +concept_template_argument( + int concept_id: @concept ref, + int index: int ref, + int arg_type: @type ref +); +concept_template_argument_value( + int concept_id: @concept ref, + int index: int ref, + int arg_value: @expr ref +); + +routinetypes( + unique int id: @routinetype, + int return_type: @type ref +); + +routinetypeargs( + int routine: @routinetype ref, + int index: int ref, + int type_id: @type ref +); + +ptrtomembers( + unique int id: @ptrtomember, + int type_id: @type ref, + int class_id: @type ref +); + +/* + specifiers for types, functions, and variables + + "public", + "protected", + "private", + + "const", + "volatile", + "static", + + "pure", + "virtual", + "sealed", // Microsoft + "__interface", // Microsoft + "inline", + "explicit", + + "near", // near far extension + "far", // near far extension + "__ptr32", // Microsoft + "__ptr64", // Microsoft + "__sptr", // Microsoft + "__uptr", // Microsoft + "dllimport", // Microsoft + "dllexport", // Microsoft + "thread", // Microsoft + "naked", // Microsoft + "microsoft_inline", // Microsoft + "forceinline", // Microsoft + "selectany", // Microsoft + "nothrow", // Microsoft + "novtable", // Microsoft + "noreturn", // Microsoft + "noinline", // Microsoft + "noalias", // Microsoft + "restrict", // Microsoft +*/ + +specifiers( + unique int id: @specifier, + unique string str: string ref +); + +typespecifiers( + int type_id: @type ref, + int spec_id: @specifier ref +); + +funspecifiers( + int func_id: @function ref, + int spec_id: @specifier ref +); + +varspecifiers( + int var_id: @accessible ref, + int spec_id: @specifier ref +); + +explicit_specifier_exprs( + unique int func_id: @function ref, + int constant: @expr ref +) + +attributes( + unique int id: @attribute, + int kind: int ref, + string name: string ref, + string name_space: string ref, + int location: @location_default ref +); + +case @attribute.kind of + 0 = @gnuattribute +| 1 = @stdattribute +| 2 = @declspec +| 3 = @msattribute +| 4 = @alignas +// ... 5 @objc_propertyattribute deprecated +; + +attribute_args( + unique int id: @attribute_arg, + int kind: int ref, + int attribute: @attribute ref, + int index: int ref, + int location: @location_default ref +); + +case @attribute_arg.kind of + 0 = @attribute_arg_empty +| 1 = @attribute_arg_token +| 2 = @attribute_arg_constant +| 3 = @attribute_arg_type +| 4 = @attribute_arg_constant_expr +| 5 = @attribute_arg_expr +; + +attribute_arg_value( + unique int arg: @attribute_arg ref, + string value: string ref +); +attribute_arg_type( + unique int arg: @attribute_arg ref, + int type_id: @type ref +); +attribute_arg_constant( + unique int arg: @attribute_arg ref, + int constant: @expr ref +) +attribute_arg_expr( + unique int arg: @attribute_arg ref, + int expr: @expr ref +) +attribute_arg_name( + unique int arg: @attribute_arg ref, + string name: string ref +); + +typeattributes( + int type_id: @type ref, + int spec_id: @attribute ref +); + +funcattributes( + int func_id: @function ref, + int spec_id: @attribute ref +); + +varattributes( + int var_id: @accessible ref, + int spec_id: @attribute ref +); + +namespaceattributes( + int namespace_id: @namespace ref, + int spec_id: @attribute ref +); + +stmtattributes( + int stmt_id: @stmt ref, + int spec_id: @attribute ref +); + +@type = @builtintype + | @derivedtype + | @usertype + | @routinetype + | @ptrtomember + | @decltype + | @type_operator; + +unspecifiedtype( + unique int type_id: @type ref, + int unspecified_type_id: @type ref +); + +member( + int parent: @type ref, + int index: int ref, + int child: @member ref +); + +@enclosingfunction_child = @usertype | @variable | @namespace + +enclosingfunction( + unique int child: @enclosingfunction_child ref, + int parent: @function ref +); + +derivations( + unique int derivation: @derivation, + int sub: @type ref, + int index: int ref, + int super: @type ref, + int location: @location_default ref +); + +derspecifiers( + int der_id: @derivation ref, + int spec_id: @specifier ref +); + +/** + * Contains the byte offset of the base class subobject within the derived + * class. Only holds for non-virtual base classes, but see table + * `virtual_base_offsets` for offsets of virtual base class subobjects. + */ +direct_base_offsets( + unique int der_id: @derivation ref, + int offset: int ref +); + +/** + * Contains the byte offset of the virtual base class subobject for class + * `super` within a most-derived object of class `sub`. `super` can be either a + * direct or indirect base class. + */ +#keyset[sub, super] +virtual_base_offsets( + int sub: @usertype ref, + int super: @usertype ref, + int offset: int ref +); + +frienddecls( + unique int id: @frienddecl, + int type_id: @type ref, + int decl_id: @declaration ref, + int location: @location_default ref +); + +@declaredtype = @usertype ; + +@declaration = @function + | @declaredtype + | @variable + | @enumconstant + | @frienddecl + | @concept_template; + +@member = @membervariable + | @function + | @declaredtype + | @enumconstant; + +@locatable = @diagnostic + | @declaration + | @ppd_include + | @ppd_define + | @macroinvocation + /*| @funcall*/ + | @xmllocatable + | @attribute + | @attribute_arg; + +@namedscope = @namespace | @usertype; + +@element = @locatable + | @file + | @folder + | @specifier + | @type + | @expr + | @namespace + | @initialiser + | @stmt + | @derivation + | @comment + | @preprocdirect + | @fun_decl + | @var_decl + | @type_decl + | @namespace_decl + | @using + | @namequalifier + | @specialnamequalifyingelement + | @static_assert + | @type_mention + | @lambdacapture; + +@exprparent = @element; + +comments( + unique int id: @comment, + string contents: string ref, + int location: @location_default ref +); + +commentbinding( + int id: @comment ref, + int element: @element ref +); + +exprconv( + int converted: @expr ref, + unique int conversion: @expr ref +); + +compgenerated(unique int id: @element ref); + +/** + * `destructor_call` destructs the `i`'th entity that should be + * destructed following `element`. Note that entities should be + * destructed in reverse construction order, so for a given `element` + * these should be called from highest to lowest `i`. + */ +#keyset[element, destructor_call] +#keyset[element, i] +synthetic_destructor_call( + int element: @element ref, + int i: int ref, + int destructor_call: @routineexpr ref +); + +namespaces( + unique int id: @namespace, + string name: string ref +); + +namespace_inline( + unique int id: @namespace ref +); + +namespacembrs( + int parentid: @namespace ref, + unique int memberid: @namespacembr ref +); + +@namespacembr = @declaration | @namespace; + +exprparents( + int expr_id: @expr ref, + int child_index: int ref, + int parent_id: @exprparent ref +); + +expr_isload(unique int expr_id: @expr ref); + +@cast = @c_style_cast + | @const_cast + | @dynamic_cast + | @reinterpret_cast + | @static_cast + ; + +/* +case @conversion.kind of + 0 = @simple_conversion // a numeric conversion, qualification conversion, or a reinterpret_cast +| 1 = @bool_conversion // conversion to 'bool' +| 2 = @base_class_conversion // a derived-to-base conversion +| 3 = @derived_class_conversion // a base-to-derived conversion +| 4 = @pm_base_class_conversion // a derived-to-base conversion of a pointer to member +| 5 = @pm_derived_class_conversion // a base-to-derived conversion of a pointer to member +| 6 = @glvalue_adjust // an adjustment of the type of a glvalue +| 7 = @prvalue_adjust // an adjustment of the type of a prvalue +; +*/ +/** + * Describes the semantics represented by a cast expression. This is largely + * independent of the source syntax of the cast, so it is separate from the + * regular expression kind. + */ +conversionkinds( + unique int expr_id: @cast ref, + int kind: int ref +); + +@conversion = @cast + | @array_to_pointer + | @parexpr + | @reference_to + | @ref_indirect + | @temp_init + | @c11_generic + ; + +/* +case @funbindexpr.kind of + 0 = @normal_call // a normal call +| 1 = @virtual_call // a virtual call +| 2 = @adl_call // a call whose target is only found by ADL +; +*/ +iscall( + unique int caller: @funbindexpr ref, + int kind: int ref +); + +numtemplatearguments( + unique int expr_id: @expr ref, + int num: int ref +); + +specialnamequalifyingelements( + unique int id: @specialnamequalifyingelement, + unique string name: string ref +); + +@namequalifiableelement = @expr | @namequalifier; +@namequalifyingelement = @namespace + | @specialnamequalifyingelement + | @usertype + | @decltype; + +namequalifiers( + unique int id: @namequalifier, + unique int qualifiableelement: @namequalifiableelement ref, + int qualifyingelement: @namequalifyingelement ref, + int location: @location_default ref +); + +varbind( + int expr: @varbindexpr ref, + int var: @accessible ref +); + +funbind( + int expr: @funbindexpr ref, + int fun: @function ref +); + +@any_new_expr = @new_expr + | @new_array_expr; + +@new_or_delete_expr = @any_new_expr + | @delete_expr + | @delete_array_expr; + +@prefix_crement_expr = @preincrexpr | @predecrexpr; + +@postfix_crement_expr = @postincrexpr | @postdecrexpr; + +@increment_expr = @preincrexpr | @postincrexpr; + +@decrement_expr = @predecrexpr | @postdecrexpr; + +@crement_expr = @increment_expr | @decrement_expr; + +@un_arith_op_expr = @arithnegexpr + | @unaryplusexpr + | @conjugation + | @realpartexpr + | @imagpartexpr + | @crement_expr + ; + +@un_bitwise_op_expr = @complementexpr; + +@un_log_op_expr = @notexpr; + +@un_op_expr = @address_of + | @indirect + | @un_arith_op_expr + | @un_bitwise_op_expr + | @builtinaddressof + | @vec_fill + | @un_log_op_expr + | @co_await + | @co_yield + ; + +@bin_log_op_expr = @andlogicalexpr | @orlogicalexpr; + +@cmp_op_expr = @eq_op_expr | @rel_op_expr; + +@eq_op_expr = @eqexpr | @neexpr; + +@rel_op_expr = @gtexpr + | @ltexpr + | @geexpr + | @leexpr + | @spaceshipexpr + ; + +@bin_bitwise_op_expr = @lshiftexpr + | @rshiftexpr + | @andexpr + | @orexpr + | @xorexpr + ; + +@p_arith_op_expr = @paddexpr + | @psubexpr + | @pdiffexpr + ; + +@bin_arith_op_expr = @addexpr + | @subexpr + | @mulexpr + | @divexpr + | @remexpr + | @jmulexpr + | @jdivexpr + | @fjaddexpr + | @jfaddexpr + | @fjsubexpr + | @jfsubexpr + | @minexpr + | @maxexpr + | @p_arith_op_expr + ; + +@bin_op_expr = @bin_arith_op_expr + | @bin_bitwise_op_expr + | @cmp_op_expr + | @bin_log_op_expr + ; + +@op_expr = @un_op_expr + | @bin_op_expr + | @assign_expr + | @conditionalexpr + ; + +@assign_arith_expr = @assignaddexpr + | @assignsubexpr + | @assignmulexpr + | @assigndivexpr + | @assignremexpr + ; + +@assign_bitwise_expr = @assignandexpr + | @assignorexpr + | @assignxorexpr + | @assignlshiftexpr + | @assignrshiftexpr + ; + +@assign_pointer_expr = @assignpaddexpr + | @assignpsubexpr + ; + +@assign_op_expr = @assign_arith_expr + | @assign_bitwise_expr + | @assign_pointer_expr + ; + +@assign_expr = @assignexpr | @assign_op_expr | @blockassignexpr + +/* + Binary encoding of the allocator form. + + case @allocator.form of + 0 = plain + | 1 = alignment + ; +*/ + +/** + * The allocator function associated with a `new` or `new[]` expression. + * The `form` column specified whether the allocation call contains an alignment + * argument. + */ +expr_allocator( + unique int expr: @any_new_expr ref, + int func: @function ref, + int form: int ref +); + +/* + Binary encoding of the deallocator form. + + case @deallocator.form of + 0 = plain + | 1 = size + | 2 = alignment + | 4 = destroying_delete + ; +*/ + +/** + * The deallocator function associated with a `delete`, `delete[]`, `new`, or + * `new[]` expression. For a `new` or `new[]` expression, the deallocator is the + * one used to free memory if the initialization throws an exception. + * The `form` column specifies whether the deallocation call contains a size + * argument, and alignment argument, or both. + */ +expr_deallocator( + unique int expr: @new_or_delete_expr ref, + int func: @function ref, + int form: int ref +); + +/** + * Holds if the `@conditionalexpr` is of the two operand form + * `guard ? : false`. + */ +expr_cond_two_operand( + unique int cond: @conditionalexpr ref +); + +/** + * The guard of `@conditionalexpr` `guard ? true : false` + */ +expr_cond_guard( + unique int cond: @conditionalexpr ref, + int guard: @expr ref +); + +/** + * The expression used when the guard of `@conditionalexpr` + * `guard ? true : false` holds. For the two operand form + * `guard ?: false` consider using `expr_cond_guard` instead. + */ +expr_cond_true( + unique int cond: @conditionalexpr ref, + int true: @expr ref +); + +/** + * The expression used when the guard of `@conditionalexpr` + * `guard ? true : false` does not hold. + */ +expr_cond_false( + unique int cond: @conditionalexpr ref, + int false: @expr ref +); + +/** A string representation of the value. */ +values( + unique int id: @value, + string str: string ref +); + +/** The actual text in the source code for the value, if any. */ +valuetext( + unique int id: @value ref, + string text: string ref +); + +valuebind( + int val: @value ref, + unique int expr: @expr ref +); + +fieldoffsets( + unique int id: @variable ref, + int byteoffset: int ref, + int bitoffset: int ref +); + +bitfield( + unique int id: @variable ref, + int bits: int ref, + int declared_bits: int ref +); + +/* TODO +memberprefix( + int member: @expr ref, + int prefix: @expr ref +); +*/ + +/* + kind(1) = mbrcallexpr + kind(2) = mbrptrcallexpr + kind(3) = mbrptrmbrcallexpr + kind(4) = ptrmbrptrmbrcallexpr + kind(5) = mbrreadexpr // x.y + kind(6) = mbrptrreadexpr // p->y + kind(7) = mbrptrmbrreadexpr // x.*pm + kind(8) = mbrptrmbrptrreadexpr // x->*pm + kind(9) = staticmbrreadexpr // static x.y + kind(10) = staticmbrptrreadexpr // static p->y +*/ +/* TODO +memberaccess( + int member: @expr ref, + int kind: int ref +); +*/ + +initialisers( + unique int init: @initialiser, + int var: @accessible ref, + unique int expr: @expr ref, + int location: @location_default ref +); + +braced_initialisers( + int init: @initialiser ref +); + +/** + * An ancestor for the expression, for cases in which we cannot + * otherwise find the expression's parent. + */ +expr_ancestor( + int exp: @expr ref, + int ancestor: @element ref +); + +exprs( + unique int id: @expr, + int kind: int ref, + int location: @location_default ref +); + +expr_reuse( + int reuse: @expr ref, + int original: @expr ref, + int value_category: int ref +) + +/* + case @value.category of + 1 = prval + | 2 = xval + | 3 = lval + ; +*/ +expr_types( + int id: @expr ref, + int typeid: @type ref, + int value_category: int ref +); + +case @expr.kind of + 1 = @errorexpr +| 2 = @address_of // & AddressOfExpr +| 3 = @reference_to // ReferenceToExpr (implicit?) +| 4 = @indirect // * PointerDereferenceExpr +| 5 = @ref_indirect // ReferenceDereferenceExpr (implicit?) +// ... +| 8 = @array_to_pointer // (???) +| 9 = @vacuous_destructor_call // VacuousDestructorCall +// ... +| 11 = @assume // Microsoft +| 12 = @parexpr +| 13 = @arithnegexpr +| 14 = @unaryplusexpr +| 15 = @complementexpr +| 16 = @notexpr +| 17 = @conjugation // GNU ~ operator +| 18 = @realpartexpr // GNU __real +| 19 = @imagpartexpr // GNU __imag +| 20 = @postincrexpr +| 21 = @postdecrexpr +| 22 = @preincrexpr +| 23 = @predecrexpr +| 24 = @conditionalexpr +| 25 = @addexpr +| 26 = @subexpr +| 27 = @mulexpr +| 28 = @divexpr +| 29 = @remexpr +| 30 = @jmulexpr // C99 mul imaginary +| 31 = @jdivexpr // C99 div imaginary +| 32 = @fjaddexpr // C99 add real + imaginary +| 33 = @jfaddexpr // C99 add imaginary + real +| 34 = @fjsubexpr // C99 sub real - imaginary +| 35 = @jfsubexpr // C99 sub imaginary - real +| 36 = @paddexpr // pointer add (pointer + int or int + pointer) +| 37 = @psubexpr // pointer sub (pointer - integer) +| 38 = @pdiffexpr // difference between two pointers +| 39 = @lshiftexpr +| 40 = @rshiftexpr +| 41 = @andexpr +| 42 = @orexpr +| 43 = @xorexpr +| 44 = @eqexpr +| 45 = @neexpr +| 46 = @gtexpr +| 47 = @ltexpr +| 48 = @geexpr +| 49 = @leexpr +| 50 = @minexpr // GNU minimum +| 51 = @maxexpr // GNU maximum +| 52 = @assignexpr +| 53 = @assignaddexpr +| 54 = @assignsubexpr +| 55 = @assignmulexpr +| 56 = @assigndivexpr +| 57 = @assignremexpr +| 58 = @assignlshiftexpr +| 59 = @assignrshiftexpr +| 60 = @assignandexpr +| 61 = @assignorexpr +| 62 = @assignxorexpr +| 63 = @assignpaddexpr // assign pointer add +| 64 = @assignpsubexpr // assign pointer sub +| 65 = @andlogicalexpr +| 66 = @orlogicalexpr +| 67 = @commaexpr +| 68 = @subscriptexpr // access to member of an array, e.g., a[5] +// ... 69 @objc_subscriptexpr deprecated +// ... 70 @cmdaccess deprecated +// ... +| 73 = @virtfunptrexpr +| 74 = @callexpr +// ... 75 @msgexpr_normal deprecated +// ... 76 @msgexpr_super deprecated +// ... 77 @atselectorexpr deprecated +// ... 78 @atprotocolexpr deprecated +| 79 = @vastartexpr +| 80 = @vaargexpr +| 81 = @vaendexpr +| 82 = @vacopyexpr +// ... 83 @atencodeexpr deprecated +| 84 = @varaccess +| 85 = @thisaccess +// ... 86 @objc_box_expr deprecated +| 87 = @new_expr +| 88 = @delete_expr +| 89 = @throw_expr +| 90 = @condition_decl // a variable declared in a condition, e.g., if(int x = y > 2) +| 91 = @braced_init_list +| 92 = @type_id +| 93 = @runtime_sizeof +| 94 = @runtime_alignof +| 95 = @sizeof_pack +| 96 = @expr_stmt // GNU extension +| 97 = @routineexpr +| 98 = @type_operand // used to access a type in certain contexts (haven't found any examples yet....) +| 99 = @offsetofexpr // offsetof ::= type and field +| 100 = @hasassignexpr // __has_assign ::= type +| 101 = @hascopyexpr // __has_copy ::= type +| 102 = @hasnothrowassign // __has_nothrow_assign ::= type +| 103 = @hasnothrowconstr // __has_nothrow_constructor ::= type +| 104 = @hasnothrowcopy // __has_nothrow_copy ::= type +| 105 = @hastrivialassign // __has_trivial_assign ::= type +| 106 = @hastrivialconstr // __has_trivial_constructor ::= type +| 107 = @hastrivialcopy // __has_trivial_copy ::= type +| 108 = @hasuserdestr // __has_user_destructor ::= type +| 109 = @hasvirtualdestr // __has_virtual_destructor ::= type +| 110 = @isabstractexpr // __is_abstract ::= type +| 111 = @isbaseofexpr // __is_base_of ::= type type +| 112 = @isclassexpr // __is_class ::= type +| 113 = @isconvtoexpr // __is_convertible_to ::= type type +| 114 = @isemptyexpr // __is_empty ::= type +| 115 = @isenumexpr // __is_enum ::= type +| 116 = @ispodexpr // __is_pod ::= type +| 117 = @ispolyexpr // __is_polymorphic ::= type +| 118 = @isunionexpr // __is_union ::= type +| 119 = @typescompexpr // GNU __builtin_types_compatible ::= type type +| 120 = @intaddrexpr // frontend internal builtin, used to implement offsetof +// ... +| 122 = @hastrivialdestructor // __has_trivial_destructor ::= type +| 123 = @literal +| 124 = @uuidof +| 127 = @aggregateliteral +| 128 = @delete_array_expr +| 129 = @new_array_expr +// ... 130 @objc_array_literal deprecated +// ... 131 @objc_dictionary_literal deprecated +| 132 = @foldexpr +// ... +| 200 = @ctordirectinit +| 201 = @ctorvirtualinit +| 202 = @ctorfieldinit +| 203 = @ctordelegatinginit +| 204 = @dtordirectdestruct +| 205 = @dtorvirtualdestruct +| 206 = @dtorfielddestruct +// ... +| 210 = @static_cast +| 211 = @reinterpret_cast +| 212 = @const_cast +| 213 = @dynamic_cast +| 214 = @c_style_cast +| 215 = @lambdaexpr +| 216 = @param_ref +| 217 = @noopexpr +// ... +| 294 = @istriviallyconstructibleexpr +| 295 = @isdestructibleexpr +| 296 = @isnothrowdestructibleexpr +| 297 = @istriviallydestructibleexpr +| 298 = @istriviallyassignableexpr +| 299 = @isnothrowassignableexpr +| 300 = @istrivialexpr +| 301 = @isstandardlayoutexpr +| 302 = @istriviallycopyableexpr +| 303 = @isliteraltypeexpr +| 304 = @hastrivialmoveconstructorexpr +| 305 = @hastrivialmoveassignexpr +| 306 = @hasnothrowmoveassignexpr +| 307 = @isconstructibleexpr +| 308 = @isnothrowconstructibleexpr +| 309 = @hasfinalizerexpr +| 310 = @isdelegateexpr +| 311 = @isinterfaceclassexpr +| 312 = @isrefarrayexpr +| 313 = @isrefclassexpr +| 314 = @issealedexpr +| 315 = @issimplevalueclassexpr +| 316 = @isvalueclassexpr +| 317 = @isfinalexpr +| 319 = @noexceptexpr +| 320 = @builtinshufflevector +| 321 = @builtinchooseexpr +| 322 = @builtinaddressof +| 323 = @vec_fill +| 324 = @builtinconvertvector +| 325 = @builtincomplex +| 326 = @spaceshipexpr +| 327 = @co_await +| 328 = @co_yield +| 329 = @temp_init +| 330 = @isassignable +| 331 = @isaggregate +| 332 = @hasuniqueobjectrepresentations +| 333 = @builtinbitcast +| 334 = @builtinshuffle +| 335 = @blockassignexpr +| 336 = @issame +| 337 = @isfunction +| 338 = @islayoutcompatible +| 339 = @ispointerinterconvertiblebaseof +| 340 = @isarray +| 341 = @arrayrank +| 342 = @arrayextent +| 343 = @isarithmetic +| 344 = @iscompletetype +| 345 = @iscompound +| 346 = @isconst +| 347 = @isfloatingpoint +| 348 = @isfundamental +| 349 = @isintegral +| 350 = @islvaluereference +| 351 = @ismemberfunctionpointer +| 352 = @ismemberobjectpointer +| 353 = @ismemberpointer +| 354 = @isobject +| 355 = @ispointer +| 356 = @isreference +| 357 = @isrvaluereference +| 358 = @isscalar +| 359 = @issigned +| 360 = @isunsigned +| 361 = @isvoid +| 362 = @isvolatile +| 363 = @reuseexpr +| 364 = @istriviallycopyassignable +| 365 = @isassignablenopreconditioncheck +| 366 = @referencebindstotemporary +| 367 = @issameas +| 368 = @builtinhasattribute +| 369 = @ispointerinterconvertiblewithclass +| 370 = @builtinispointerinterconvertiblewithclass +| 371 = @iscorrespondingmember +| 372 = @builtiniscorrespondingmember +| 373 = @isboundedarray +| 374 = @isunboundedarray +| 375 = @isreferenceable +| 378 = @isnothrowconvertible +| 379 = @referenceconstructsfromtemporary +| 380 = @referenceconvertsfromtemporary +| 381 = @isconvertible +| 382 = @isvalidwinrttype +| 383 = @iswinclass +| 384 = @iswininterface +| 385 = @istriviallyequalitycomparable +| 386 = @isscopedenum +| 387 = @istriviallyrelocatable +| 388 = @datasizeof +| 389 = @c11_generic +| 390 = @requires_expr +| 391 = @nested_requirement +| 392 = @compound_requirement +| 393 = @concept_id +| 394 = @isinvocable +| 395 = @isnothrowinvocable +| 396 = @isbitwisecloneable +; + +@var_args_expr = @vastartexpr + | @vaendexpr + | @vaargexpr + | @vacopyexpr + ; + +@builtin_op = @var_args_expr + | @noopexpr + | @offsetofexpr + | @intaddrexpr + | @hasassignexpr + | @hascopyexpr + | @hasnothrowassign + | @hasnothrowconstr + | @hasnothrowcopy + | @hastrivialassign + | @hastrivialconstr + | @hastrivialcopy + | @hastrivialdestructor + | @hasuserdestr + | @hasvirtualdestr + | @isabstractexpr + | @isbaseofexpr + | @isclassexpr + | @isconvtoexpr + | @isemptyexpr + | @isenumexpr + | @ispodexpr + | @ispolyexpr + | @isunionexpr + | @typescompexpr + | @builtinshufflevector + | @builtinconvertvector + | @builtinaddressof + | @istriviallyconstructibleexpr + | @isdestructibleexpr + | @isnothrowdestructibleexpr + | @istriviallydestructibleexpr + | @istriviallyassignableexpr + | @isnothrowassignableexpr + | @istrivialexpr + | @isstandardlayoutexpr + | @istriviallycopyableexpr + | @isliteraltypeexpr + | @hastrivialmoveconstructorexpr + | @hastrivialmoveassignexpr + | @hasnothrowmoveassignexpr + | @isconstructibleexpr + | @isnothrowconstructibleexpr + | @hasfinalizerexpr + | @isdelegateexpr + | @isinterfaceclassexpr + | @isrefarrayexpr + | @isrefclassexpr + | @issealedexpr + | @issimplevalueclassexpr + | @isvalueclassexpr + | @isfinalexpr + | @builtinchooseexpr + | @builtincomplex + | @isassignable + | @isaggregate + | @hasuniqueobjectrepresentations + | @builtinbitcast + | @builtinshuffle + | @issame + | @isfunction + | @islayoutcompatible + | @ispointerinterconvertiblebaseof + | @isarray + | @arrayrank + | @arrayextent + | @isarithmetic + | @iscompletetype + | @iscompound + | @isconst + | @isfloatingpoint + | @isfundamental + | @isintegral + | @islvaluereference + | @ismemberfunctionpointer + | @ismemberobjectpointer + | @ismemberpointer + | @isobject + | @ispointer + | @isreference + | @isrvaluereference + | @isscalar + | @issigned + | @isunsigned + | @isvoid + | @isvolatile + | @istriviallycopyassignable + | @isassignablenopreconditioncheck + | @referencebindstotemporary + | @issameas + | @builtinhasattribute + | @ispointerinterconvertiblewithclass + | @builtinispointerinterconvertiblewithclass + | @iscorrespondingmember + | @builtiniscorrespondingmember + | @isboundedarray + | @isunboundedarray + | @isreferenceable + | @isnothrowconvertible + | @referenceconstructsfromtemporary + | @referenceconvertsfromtemporary + | @isconvertible + | @isvalidwinrttype + | @iswinclass + | @iswininterface + | @istriviallyequalitycomparable + | @isscopedenum + | @istriviallyrelocatable + | @isinvocable + | @isnothrowinvocable + | @isbitwisecloneable + ; + +compound_requirement_is_noexcept( + int expr: @compound_requirement ref +); + +new_allocated_type( + unique int expr: @new_expr ref, + int type_id: @type ref +); + +new_array_allocated_type( + unique int expr: @new_array_expr ref, + int type_id: @type ref +); + +param_ref_to_this( + int expr: @param_ref ref +) + +/** + * The field being initialized by an initializer expression within an aggregate + * initializer for a class/struct/union. Position is used to sort repeated initializers. + */ +#keyset[aggregate, position] +aggregate_field_init( + int aggregate: @aggregateliteral ref, + int initializer: @expr ref, + int field: @membervariable ref, + int position: int ref, + boolean is_designated: boolean ref +); + +/** + * The index of the element being initialized by an initializer expression + * within an aggregate initializer for an array. Position is used to sort repeated initializers. + */ +#keyset[aggregate, position] +aggregate_array_init( + int aggregate: @aggregateliteral ref, + int initializer: @expr ref, + int element_index: int ref, + int position: int ref, + boolean is_designated: boolean ref +); + +@ctorinit = @ctordirectinit + | @ctorvirtualinit + | @ctorfieldinit + | @ctordelegatinginit; +@dtordestruct = @dtordirectdestruct + | @dtorvirtualdestruct + | @dtorfielddestruct; + + +condition_decl_bind( + unique int expr: @condition_decl ref, + unique int decl: @declaration ref +); + +typeid_bind( + unique int expr: @type_id ref, + int type_id: @type ref +); + +uuidof_bind( + unique int expr: @uuidof ref, + int type_id: @type ref +); + +@sizeof_or_alignof = @runtime_sizeof | @runtime_alignof | @datasizeof | @sizeof_pack; + +sizeof_bind( + unique int expr: @sizeof_or_alignof ref, + int type_id: @type ref +); + +code_block( + unique int block: @literal ref, + unique int routine: @function ref +); + +lambdas( + unique int expr: @lambdaexpr ref, + string default_capture: string ref, + boolean has_explicit_return_type: boolean ref, + boolean has_explicit_parameter_list: boolean ref +); + +lambda_capture( + unique int id: @lambdacapture, + int lambda: @lambdaexpr ref, + int index: int ref, + int field: @membervariable ref, + boolean captured_by_reference: boolean ref, + boolean is_implicit: boolean ref, + int location: @location_default ref +); + +@funbindexpr = @routineexpr + | @new_expr + | @delete_expr + | @delete_array_expr + | @ctordirectinit + | @ctorvirtualinit + | @ctordelegatinginit + | @dtordirectdestruct + | @dtorvirtualdestruct; + +@varbindexpr = @varaccess | @ctorfieldinit | @dtorfielddestruct; +@addressable = @function | @variable ; +@accessible = @addressable | @enumconstant ; + +@access = @varaccess | @routineexpr ; + +fold( + int expr: @foldexpr ref, + string operator: string ref, + boolean is_left_fold: boolean ref +); + +stmts( + unique int id: @stmt, + int kind: int ref, + int location: @location_default ref +); + +case @stmt.kind of + 1 = @stmt_expr +| 2 = @stmt_if +| 3 = @stmt_while +| 4 = @stmt_goto +| 5 = @stmt_label +| 6 = @stmt_return +| 7 = @stmt_block +| 8 = @stmt_end_test_while // do { ... } while ( ... ) +| 9 = @stmt_for +| 10 = @stmt_switch_case +| 11 = @stmt_switch +| 13 = @stmt_asm // "asm" statement or the body of an asm function +| 15 = @stmt_try_block +| 16 = @stmt_microsoft_try // Microsoft +| 17 = @stmt_decl +| 18 = @stmt_set_vla_size // C99 +| 19 = @stmt_vla_decl // C99 +| 25 = @stmt_assigned_goto // GNU +| 26 = @stmt_empty +| 27 = @stmt_continue +| 28 = @stmt_break +| 29 = @stmt_range_based_for // C++11 +// ... 30 @stmt_at_autoreleasepool_block deprecated +// ... 31 @stmt_objc_for_in deprecated +// ... 32 @stmt_at_synchronized deprecated +| 33 = @stmt_handler +// ... 34 @stmt_finally_end deprecated +| 35 = @stmt_constexpr_if +| 37 = @stmt_co_return +| 38 = @stmt_consteval_if +| 39 = @stmt_not_consteval_if +| 40 = @stmt_leave +; + +type_vla( + int type_id: @type ref, + int decl: @stmt_vla_decl ref +); + +variable_vla( + int var: @variable ref, + int decl: @stmt_vla_decl ref +); + +type_is_vla(unique int type_id: @derivedtype ref) + +if_initialization( + unique int if_stmt: @stmt_if ref, + int init_id: @stmt ref +); + +if_then( + unique int if_stmt: @stmt_if ref, + int then_id: @stmt ref +); + +if_else( + unique int if_stmt: @stmt_if ref, + int else_id: @stmt ref +); + +constexpr_if_initialization( + unique int constexpr_if_stmt: @stmt_constexpr_if ref, + int init_id: @stmt ref +); + +constexpr_if_then( + unique int constexpr_if_stmt: @stmt_constexpr_if ref, + int then_id: @stmt ref +); + +constexpr_if_else( + unique int constexpr_if_stmt: @stmt_constexpr_if ref, + int else_id: @stmt ref +); + +@stmt_consteval_or_not_consteval_if = @stmt_consteval_if | @stmt_not_consteval_if; + +consteval_if_then( + unique int constexpr_if_stmt: @stmt_consteval_or_not_consteval_if ref, + int then_id: @stmt ref +); + +consteval_if_else( + unique int constexpr_if_stmt: @stmt_consteval_or_not_consteval_if ref, + int else_id: @stmt ref +); + +while_body( + unique int while_stmt: @stmt_while ref, + int body_id: @stmt ref +); + +do_body( + unique int do_stmt: @stmt_end_test_while ref, + int body_id: @stmt ref +); + +switch_initialization( + unique int switch_stmt: @stmt_switch ref, + int init_id: @stmt ref +); + +#keyset[switch_stmt, index] +switch_case( + int switch_stmt: @stmt_switch ref, + int index: int ref, + int case_id: @stmt_switch_case ref +); + +switch_body( + unique int switch_stmt: @stmt_switch ref, + int body_id: @stmt ref +); + +@stmt_for_or_range_based_for = @stmt_for + | @stmt_range_based_for; + +for_initialization( + unique int for_stmt: @stmt_for_or_range_based_for ref, + int init_id: @stmt ref +); + +for_condition( + unique int for_stmt: @stmt_for ref, + int condition_id: @expr ref +); + +for_update( + unique int for_stmt: @stmt_for ref, + int update_id: @expr ref +); + +for_body( + unique int for_stmt: @stmt_for ref, + int body_id: @stmt ref +); + +@stmtparent = @stmt | @expr_stmt ; +stmtparents( + unique int id: @stmt ref, + int index: int ref, + int parent: @stmtparent ref +); + +ishandler(unique int block: @stmt_block ref); + +@cfgnode = @stmt | @expr | @function | @initialiser ; + +stmt_decl_bind( + int stmt: @stmt_decl ref, + int num: int ref, + int decl: @declaration ref +); + +stmt_decl_entry_bind( + int stmt: @stmt_decl ref, + int num: int ref, + int decl_entry: @element ref +); + +@parameterized_element = @function | @stmt_block | @requires_expr; + +blockscope( + unique int block: @stmt_block ref, + int enclosing: @parameterized_element ref +); + +@jump = @stmt_goto | @stmt_break | @stmt_continue | @stmt_leave; + +@jumporlabel = @jump | @stmt_label | @literal; + +jumpinfo( + unique int id: @jumporlabel ref, + string str: string ref, + int target: @stmt ref +); + +preprocdirects( + unique int id: @preprocdirect, + int kind: int ref, + int location: @location_default ref +); +case @preprocdirect.kind of + 0 = @ppd_if +| 1 = @ppd_ifdef +| 2 = @ppd_ifndef +| 3 = @ppd_elif +| 4 = @ppd_else +| 5 = @ppd_endif +| 6 = @ppd_plain_include +| 7 = @ppd_define +| 8 = @ppd_undef +| 9 = @ppd_line +| 10 = @ppd_error +| 11 = @ppd_pragma +| 12 = @ppd_objc_import +| 13 = @ppd_include_next +| 14 = @ppd_ms_import +| 15 = @ppd_elifdef +| 16 = @ppd_elifndef +| 17 = @ppd_embed +| 18 = @ppd_warning +; + +@ppd_include = @ppd_plain_include | @ppd_objc_import | @ppd_include_next | @ppd_ms_import; + +@ppd_branch = @ppd_if | @ppd_ifdef | @ppd_ifndef | @ppd_elif | @ppd_elifdef | @ppd_elifndef; + +preprocpair( + int begin : @ppd_branch ref, + int elseelifend : @preprocdirect ref +); + +preproctrue(int branch : @ppd_branch ref); +preprocfalse(int branch : @ppd_branch ref); + +preproctext( + unique int id: @preprocdirect ref, + string head: string ref, + string body: string ref +); + +includes( + unique int id: @ppd_include ref, + int included: @file ref +); + +embeds( + unique int id: @ppd_embed ref, + int included: @file ref +); + +link_targets( + int id: @link_target, + int binary: @file ref +); + +link_parent( + int element : @element ref, + int link_target : @link_target ref +); + +/*- Database metadata -*/ + +/** + * The CLI will automatically emit applicable tuples for this table, + * such as `databaseMetadata("isOverlay", "true")` when building an + * overlay database. + */ +databaseMetadata( + string metadataKey: string ref, + string value: string ref +); + +/*- Overlay support -*/ + +/** + * The CLI will automatically emit tuples for each new/modified/deleted file + * when building an overlay database. + */ +overlayChangedFiles( + string path: string ref +); + +/*- XML Files -*/ + +xmlEncoding( + unique int id: @file ref, + string encoding: string ref +); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref +); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref +); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref +); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref +); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref +); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref +); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref +); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref +); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; diff --git a/cpp/ql/lib/upgrades/837c4e02326aee4582405d069263092e80a15d82/upgrade.properties b/cpp/ql/lib/upgrades/837c4e02326aee4582405d069263092e80a15d82/upgrade.properties new file mode 100644 index 000000000000..4cda5136f03d --- /dev/null +++ b/cpp/ql/lib/upgrades/837c4e02326aee4582405d069263092e80a15d82/upgrade.properties @@ -0,0 +1,2 @@ +description: Capture information about one template being generated from another +compatibility: backwards From 77f6caca008dce89141dabef26111d017b3ac3de Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Wed, 20 May 2026 16:48:37 +0200 Subject: [PATCH 25/27] C++: Update stats file --- cpp/ql/lib/semmlecode.cpp.dbscheme.stats | 2014 +++++++++++++--------- 1 file changed, 1178 insertions(+), 836 deletions(-) diff --git a/cpp/ql/lib/semmlecode.cpp.dbscheme.stats b/cpp/ql/lib/semmlecode.cpp.dbscheme.stats index f33a1a43f8b3..0b97bb3329b6 100644 --- a/cpp/ql/lib/semmlecode.cpp.dbscheme.stats +++ b/cpp/ql/lib/semmlecode.cpp.dbscheme.stats @@ -2,7 +2,7 @@ @compilation - 12549 + 12550 @externalDataElement @@ -10,7 +10,7 @@ @file - 64730 + 64732 @folder @@ -20,10 +20,6 @@ @diagnostic 356 - - @location_default - 46452145 - @trap 1 @@ -32,6 +28,10 @@ @tag 1 + + @location_default + 46452143 + @source_file 1 @@ -42,7 +42,7 @@ @macro_expansion - 40321988 + 40321986 @other_macro_reference @@ -58,7 +58,7 @@ @constructor - 687785 + 687816 @destructor @@ -82,15 +82,15 @@ @fun_decl - 4144463 + 4144339 @var_decl - 9432031 + 9431661 @type_decl - 1610929 + 1610928 @namespace_decl @@ -98,7 +98,7 @@ @using_declaration - 265914 + 265912 @using_directive @@ -126,7 +126,7 @@ @localvariable - 724660 + 724508 @enumconstant @@ -378,7 +378,7 @@ @routineptr - 673469 + 673499 @reference @@ -386,7 +386,7 @@ @gnu_vector - 670 + 671 @routinereference @@ -404,10 +404,6 @@ @scalable_vector 1 - - @decltype - 101817 - @typeof 811 @@ -488,9 +484,13 @@ @remove_reference 5688 + + @decltype + 101817 + @struct - 1036608 + 1036640 @union @@ -502,11 +502,11 @@ @template_parameter - 862599 + 862626 @alias - 1757438 + 1757492 @unknown_usertype @@ -522,7 +522,7 @@ @proxy_class - 50199 + 50200 @scoped_enum @@ -530,7 +530,7 @@ @template_struct - 210473 + 210479 @template_class @@ -554,7 +554,7 @@ @routinetype - 594947 + 594974 @ptrtomember @@ -582,15 +582,15 @@ @alignas - 2161 + 2160 @attribute_arg_token - 16428 + 16429 @attribute_arg_constant_expr - 71325 + 71243 @attribute_arg_expr @@ -610,11 +610,11 @@ @derivation - 491380 + 491402 @frienddecl - 760573 + 759702 @comment @@ -630,15 +630,15 @@ @namequalifier - 3051466 + 3051489 @value - 13547188 + 13547187 @initialiser - 2245055 + 2245054 @address_of @@ -662,7 +662,7 @@ @unaryplusexpr - 4110 + 4109 @complementexpr @@ -670,7 +670,7 @@ @notexpr - 355911 + 355910 @postincrexpr @@ -710,7 +710,7 @@ @remexpr - 15757 + 15758 @paddexpr @@ -782,7 +782,7 @@ @assignmulexpr - 11102 + 11103 @assigndivexpr @@ -838,7 +838,7 @@ @callexpr - 260811 + 260823 @vastartexpr @@ -866,7 +866,7 @@ @runtime_alignof - 50291 + 50293 @expr_stmt @@ -874,7 +874,7 @@ @routineexpr - 5708297 + 5708340 @type_operand @@ -890,7 +890,7 @@ @literal - 8053163 + 8052387 @aggregateliteral @@ -898,11 +898,11 @@ @c_style_cast - 6029389 + 6029390 @temp_init - 974915 + 974928 @errorexpr @@ -910,11 +910,11 @@ @reference_to - 1870180 + 1870000 @ref_indirect - 2077068 + 2077162 @vacuous_destructor_call @@ -982,23 +982,23 @@ @delete_expr - 11298 + 11299 @throw_expr - 23683 + 23664 @condition_decl - 406396 + 406399 @braced_init_list - 2091 + 2092 @type_id - 47139 + 47141 @sizeof_pack @@ -1106,7 +1106,7 @@ @ctordirectinit - 111043 + 111048 @ctorvirtualinit @@ -1122,7 +1122,7 @@ @dtordirectdestruct - 38824 + 38826 @dtorvirtualdestruct @@ -1130,7 +1130,7 @@ @dtorfielddestruct - 39193 + 39195 @static_cast @@ -1142,7 +1142,7 @@ @const_cast - 24072 + 24073 @dynamic_cast @@ -1154,7 +1154,7 @@ @param_ref - 163595 + 163499 @noopexpr @@ -1186,7 +1186,7 @@ @istrivialexpr - 3309 + 3310 @isstandardlayoutexpr @@ -1254,11 +1254,11 @@ @isfinalexpr - 9253 + 9254 @noexceptexpr - 30280 + 30165 @builtinshufflevector @@ -1430,7 +1430,7 @@ @reuseexpr - 841809 + 841815 @istriviallycopyassignable @@ -1574,15 +1574,15 @@ @stmt_goto - 156741 + 156745 @stmt_label - 77468 + 77471 @stmt_return - 1233357 + 1233416 @stmt_block @@ -1598,11 +1598,11 @@ @stmt_switch_case - 830946 + 830953 @stmt_switch - 409304 + 409307 @stmt_asm @@ -1614,7 +1614,7 @@ @stmt_empty - 426753 + 426756 @stmt_continue @@ -1626,7 +1626,7 @@ @stmt_try_block - 26275 + 26287 @stmt_microsoft_try @@ -1646,11 +1646,11 @@ @stmt_range_based_for - 6156 + 6157 @stmt_handler - 43026 + 43039 @stmt_constexpr_if @@ -1698,7 +1698,7 @@ @ppd_plain_include - 316207 + 316217 @ppd_define @@ -1718,7 +1718,7 @@ @ppd_line - 18779 + 18775 @ppd_error @@ -1780,11 +1780,11 @@ compilations - 12549 + 12550 id - 12549 + 12550 cwd @@ -1802,7 +1802,7 @@ 1 2 - 12549 + 12550 @@ -1828,11 +1828,11 @@ compilation_args - 1004725 + 1004756 id - 12549 + 12550 num @@ -1840,7 +1840,7 @@ arg - 29052 + 29053 @@ -2168,12 +2168,12 @@ 1 2 - 13304 + 13305 2 3 - 12591 + 12592 3 @@ -2199,7 +2199,7 @@ 1 2 - 19238 + 19239 2 @@ -2219,11 +2219,11 @@ compilation_expanded_args - 1004725 + 1004756 id - 12549 + 12550 num @@ -2231,7 +2231,7 @@ arg - 29052 + 29053 @@ -2559,12 +2559,12 @@ 1 2 - 13304 + 13305 2 3 - 12591 + 12592 3 @@ -2590,7 +2590,7 @@ 1 2 - 19238 + 19239 2 @@ -2920,7 +2920,7 @@ seconds - 19828 + 17867 @@ -3001,48 +3001,53 @@ 3 4 - 435 + 490 4 5 - 926 + 871 - 6 - 9 - 217 + 5 + 7 + 163 - 9 + 8 10 - 108 + 217 10 11 - 163 + 108 11 - 13 + 12 217 14 - 17 - 217 + 18 + 163 - 19 - 23 + 18 + 21 217 - 25 - 122 + 21 + 53 217 + + 116 + 117 + 54 + @@ -3109,42 +3114,47 @@ 3 4 - 1361 + 926 4 5 - 1089 + 1470 5 6 - 108 + 217 6 7 - 653 + 490 7 + 8 + 326 + + + 8 9 - 381 + 217 9 - 12 + 13 381 - 13 - 41 + 17 + 46 381 - 46 - 96 - 163 + 51 + 98 + 108 @@ -3192,17 +3202,17 @@ 4 5 - 54 + 108 - 5 - 6 + 166 + 167 54 - 202 - 203 - 108 + 179 + 180 + 54 @@ -3218,22 +3228,22 @@ 1 2 - 14108 + 11548 2 3 - 4140 + 4249 3 - 42 - 1525 + 4 + 1416 - 42 - 43 - 54 + 4 + 45 + 653 @@ -3249,22 +3259,27 @@ 1 2 - 13673 + 10949 2 3 - 3486 + 3922 3 4 - 1416 + 1307 4 - 63 - 1252 + 9 + 1416 + + + 9 + 67 + 272 @@ -3280,12 +3295,12 @@ 1 2 - 17159 + 16505 2 3 - 2669 + 1361 @@ -3561,19 +3576,19 @@ compilation_finished - 12549 + 12550 id - 12549 + 12550 cpu_seconds - 9184 + 8922 elapsed_seconds - 209 + 167 @@ -3587,7 +3602,7 @@ 1 2 - 12549 + 12550 @@ -3603,7 +3618,7 @@ 1 2 - 12549 + 12550 @@ -3619,16 +3634,16 @@ 1 2 - 7664 + 7161 2 3 - 1006 + 1247 3 - 35 + 31 513 @@ -3645,12 +3660,12 @@ 1 2 - 8555 + 8261 2 3 - 629 + 660 @@ -3666,71 +3681,61 @@ 1 2 - 52 + 41 2 3 - 20 - - - 7 - 8 10 - 8 - 9 - 20 + 4 + 5 + 10 9 10 - 10 - - - 10 - 11 - 10 + 20 - 11 - 12 + 16 + 17 10 - 20 - 21 + 22 + 23 10 - 35 - 36 + 25 + 26 10 - 43 - 44 + 28 + 29 10 - 135 - 136 + 76 + 77 10 - 279 - 280 + 290 + 291 10 - 298 - 299 + 350 + 351 10 - 325 - 326 + 362 + 363 10 @@ -3747,71 +3752,61 @@ 1 2 - 52 + 41 2 3 - 20 - - - 7 - 8 10 - 8 - 9 - 20 + 4 + 5 + 10 9 10 - 10 - - - 10 - 11 - 10 + 20 - 11 - 12 + 16 + 17 10 - 20 - 21 + 22 + 23 10 - 34 - 35 + 25 + 26 10 - 42 - 43 + 27 + 28 10 - 131 - 132 + 71 + 72 10 - 163 - 164 + 168 + 169 10 - 238 - 239 + 255 + 256 10 - 246 - 247 + 302 + 303 10 @@ -4049,11 +4044,11 @@ locations_default - 46452145 + 46452143 id - 46452145 + 46452143 file @@ -4069,7 +4064,7 @@ endLine - 7399913 + 7399912 endColumn @@ -4087,7 +4082,7 @@ 1 2 - 46452145 + 46452143 @@ -4103,7 +4098,7 @@ 1 2 - 46452145 + 46452143 @@ -4119,7 +4114,7 @@ 1 2 - 46452145 + 46452143 @@ -4135,7 +4130,7 @@ 1 2 - 46452145 + 46452143 @@ -4151,7 +4146,7 @@ 1 2 - 46452145 + 46452143 @@ -5107,7 +5102,7 @@ 1 2 - 4887912 + 4887911 2 @@ -5241,7 +5236,7 @@ 1 2 - 4956326 + 4956325 2 @@ -5581,15 +5576,15 @@ files - 64730 + 64732 id - 64730 + 64732 name - 64730 + 64732 @@ -5603,7 +5598,7 @@ 1 2 - 64730 + 64732 @@ -5619,7 +5614,7 @@ 1 2 - 64730 + 64732 @@ -5677,7 +5672,7 @@ containerparent - 77007 + 77009 parent @@ -5685,7 +5680,7 @@ child - 77007 + 77009 @@ -5750,7 +5745,7 @@ 1 2 - 77007 + 77009 @@ -7526,7 +7521,7 @@ fileannotations - 4169478 + 4169606 id @@ -7538,11 +7533,11 @@ name - 58282 + 58284 value - 39221 + 39223 @@ -7802,7 +7797,7 @@ 5 7 - 4067 + 4068 7 @@ -7858,7 +7853,7 @@ 1 2 - 58282 + 58284 @@ -7884,7 +7879,7 @@ 3 4 - 4067 + 4068 4 @@ -7894,7 +7889,7 @@ 6 8 - 3396 + 3397 8 @@ -7919,7 +7914,7 @@ 41 95 - 4434 + 4435 95 @@ -8021,7 +8016,7 @@ 1 2 - 39211 + 39212 2 @@ -8042,7 +8037,7 @@ 1 2 - 3375 + 3376 2 @@ -8052,7 +8047,7 @@ 4 5 - 3029 + 3030 5 @@ -8092,7 +8087,7 @@ 66 92 - 3050 + 3051 92 @@ -8117,11 +8112,11 @@ inmacroexpansion - 150057036 + 150057030 id - 24680986 + 24680985 inv @@ -8245,7 +8240,7 @@ affectedbymacroexpansion - 48755655 + 48755653 id @@ -8267,7 +8262,7 @@ 1 2 - 3848270 + 3848269 2 @@ -8287,7 +8282,7 @@ 5 12 - 535378 + 535377 12 @@ -8383,11 +8378,11 @@ macroinvocations - 40403427 + 40403426 id - 40403427 + 40403426 macro_id @@ -8413,7 +8408,7 @@ 1 2 - 40403427 + 40403426 @@ -8429,7 +8424,7 @@ 1 2 - 40403427 + 40403426 @@ -8445,7 +8440,7 @@ 1 2 - 40403427 + 40403426 @@ -8709,11 +8704,11 @@ macroparent - 33697132 + 33697131 id - 33697132 + 33697131 parent_id @@ -8731,7 +8726,7 @@ 1 2 - 33697132 + 33697131 @@ -8777,15 +8772,15 @@ macrolocationbind - 6005316 + 6005902 id - 4196688 + 4197329 location - 2266152 + 2266082 @@ -8799,12 +8794,12 @@ 1 2 - 3275887 + 3276557 2 3 - 487611 + 487596 3 @@ -8814,7 +8809,7 @@ 4 5 - 411570 + 411558 5 @@ -8835,27 +8830,27 @@ 1 2 - 1328971 + 1328930 2 3 - 479784 + 479769 3 4 - 7805 + 7804 4 5 - 425598 + 425585 5 522 - 23992 + 23991 @@ -8865,11 +8860,11 @@ macro_argument_unexpanded - 81889986 + 81891296 invocation - 26089169 + 26088765 argument_index @@ -8877,7 +8872,7 @@ text - 340730 + 340741 @@ -8891,22 +8886,22 @@ 1 2 - 9606074 + 9605164 2 3 - 9700727 + 9701025 3 4 - 4965932 + 4966085 4 67 - 1816434 + 1816490 @@ -8922,22 +8917,22 @@ 1 2 - 9787359 + 9786454 2 3 - 9718183 + 9718482 3 4 - 4810386 + 4810534 4 67 - 1773238 + 1773293 @@ -8962,7 +8957,7 @@ 646904 - 2488393 + 2488278 31 @@ -9005,52 +9000,52 @@ 1 2 - 39410 + 39411 2 3 - 61868 + 61870 3 4 - 20853 + 20854 4 5 - 34451 + 34452 5 6 - 38959 + 38961 6 9 - 30530 + 30531 9 15 - 28779 + 28780 15 26 - 25686 + 25687 26 57 - 26934 + 26935 57 517 - 25822 + 25823 518 @@ -9071,12 +9066,12 @@ 1 2 - 241381 + 241388 2 3 - 89211 + 89214 3 @@ -9091,11 +9086,11 @@ macro_argument_expanded - 81889986 + 81891296 invocation - 26089169 + 26088765 argument_index @@ -9103,7 +9098,7 @@ text - 206363 + 206369 @@ -9117,22 +9112,22 @@ 1 2 - 9606074 + 9605164 2 3 - 9700727 + 9701025 3 4 - 4965932 + 4966085 4 67 - 1816434 + 1816490 @@ -9148,22 +9143,22 @@ 1 2 - 12543862 + 12543042 2 3 - 8367978 + 8368235 3 4 - 4194263 + 4194392 4 9 - 983064 + 983095 @@ -9188,7 +9183,7 @@ 646904 - 2488393 + 2488278 31 @@ -9236,12 +9231,12 @@ 2 3 - 26661 + 26662 3 4 - 43143 + 43144 4 @@ -9271,17 +9266,17 @@ 19 51 - 15642 + 15643 51 251 - 15495 + 15496 251 - 1169172 - 9435 + 1169057 + 9436 @@ -9297,17 +9292,17 @@ 1 2 - 104277 + 104280 2 3 - 88257 + 88259 3 66 - 13828 + 13829 @@ -9508,26 +9503,26 @@ builtin_functions - 30698 + 30699 id - 30698 + 30699 function_entry_point - 1123577 + 1123627 id - 1120257 + 1120308 entry_point - 1123577 + 1123627 @@ -9541,7 +9536,7 @@ 1 2 - 1117475 + 1117525 2 @@ -9562,7 +9557,7 @@ 1 2 - 1123577 + 1123627 @@ -9572,7 +9567,7 @@ function_return_type - 4012557 + 4012556 id @@ -10110,11 +10105,11 @@ fun_decls - 4150369 + 4150246 id - 4144463 + 4144339 function @@ -10126,7 +10121,7 @@ name - 1668761 + 1668760 location @@ -10144,7 +10139,7 @@ 1 2 - 4144463 + 4144339 @@ -10160,7 +10155,7 @@ 1 2 - 4138556 + 4138433 2 @@ -10181,7 +10176,7 @@ 1 2 - 4144463 + 4144339 @@ -10197,7 +10192,7 @@ 1 2 - 4144463 + 4144339 @@ -10213,12 +10208,12 @@ 1 2 - 3812113 + 3812236 2 5 - 158976 + 158853 @@ -10271,12 +10266,12 @@ 1 2 - 3832293 + 3832416 2 4 - 138796 + 138673 @@ -10311,7 +10306,7 @@ 463 - 10298 + 10297 1107 @@ -10436,12 +10431,12 @@ 3 11 - 127968 + 128091 11 3169 - 36175 + 36052 @@ -10530,12 +10525,12 @@ 1 2 - 2387477 + 2387600 2 3 - 247939 + 247816 3 @@ -10556,12 +10551,12 @@ 1 2 - 2405934 + 2406057 2 3 - 229974 + 229851 3 @@ -10896,15 +10891,15 @@ fun_decl_noexcept - 139575 + 139581 fun_decl - 139575 + 139581 constant - 139139 + 139145 @@ -10918,7 +10913,7 @@ 1 2 - 139575 + 139581 @@ -10934,7 +10929,7 @@ 1 2 - 138703 + 138709 2 @@ -10949,22 +10944,22 @@ fun_decl_empty_noexcept - 1147165 + 1147042 fun_decl - 1147165 + 1147042 fun_decl_typedef_type - 2756 + 2755 fun_decl - 2756 + 2755 typedeftype_id @@ -10982,7 +10977,7 @@ 1 2 - 2756 + 2755 @@ -11219,11 +11214,11 @@ param_decl_bind - 7209190 + 7208821 id - 7209190 + 7208821 index @@ -11231,7 +11226,7 @@ fun_decl - 3482963 + 3482840 @@ -11245,7 +11240,7 @@ 1 2 - 7209190 + 7208821 @@ -11261,7 +11256,7 @@ 1 2 - 7209190 + 7208821 @@ -11296,12 +11291,12 @@ 343 - 16207 + 16206 615 - 28306 - 28307 + 28305 + 28306 123 @@ -11337,12 +11332,12 @@ 343 - 16207 + 16206 615 - 28306 - 28307 + 28305 + 28306 123 @@ -11369,7 +11364,7 @@ 3 4 - 593823 + 593700 4 @@ -11405,7 +11400,7 @@ 3 4 - 593823 + 593700 4 @@ -11425,15 +11420,15 @@ var_decls - 9438429 + 9438060 id - 9432031 + 9431661 variable - 9094637 + 9094636 type_id @@ -11441,7 +11436,7 @@ name - 840902 + 840901 location @@ -11459,7 +11454,7 @@ 1 2 - 9432031 + 9431661 @@ -11475,7 +11470,7 @@ 1 2 - 9425632 + 9425263 2 @@ -11496,7 +11491,7 @@ 1 2 - 9432031 + 9431661 @@ -11512,7 +11507,7 @@ 1 2 - 9432031 + 9431661 @@ -11528,12 +11523,12 @@ 1 2 - 8774469 + 8774837 2 5 - 320167 + 319798 @@ -11549,7 +11544,7 @@ 1 2 - 9042219 + 9042218 2 @@ -11591,12 +11586,12 @@ 1 2 - 8852726 + 8853095 2 4 - 241910 + 241540 @@ -11900,12 +11895,12 @@ 1 2 - 5693376 + 5693745 2 20 - 468316 + 467947 20 @@ -11926,12 +11921,12 @@ 1 2 - 5773110 + 5773479 2 2935 - 417251 + 416882 @@ -11968,7 +11963,7 @@ 1 2 - 6178181 + 6178180 2 @@ -12137,11 +12132,11 @@ type_decls - 1610929 + 1610928 id - 1610929 + 1610928 type_id @@ -12163,7 +12158,7 @@ 1 2 - 1610929 + 1610928 @@ -12179,7 +12174,7 @@ 1 2 - 1610929 + 1610928 @@ -12295,7 +12290,7 @@ type_requires - 7633 + 7634 id @@ -12734,19 +12729,19 @@ usings - 270034 + 270032 id - 270034 + 270032 element_id - 58576 + 58567 location - 26651 + 26652 kind @@ -12764,7 +12759,7 @@ 1 2 - 270034 + 270032 @@ -12780,7 +12775,7 @@ 1 2 - 270034 + 270032 @@ -12796,7 +12791,7 @@ 1 2 - 270034 + 270032 @@ -12812,7 +12807,7 @@ 1 2 - 50901 + 50892 2 @@ -12838,7 +12833,7 @@ 1 2 - 50901 + 50892 2 @@ -12864,7 +12859,7 @@ 1 2 - 58576 + 58567 @@ -12885,12 +12880,12 @@ 2 4 - 2275 + 2285 4 132 - 1939 + 1929 145 @@ -12916,12 +12911,12 @@ 2 4 - 2275 + 2285 4 132 - 1939 + 1929 145 @@ -12942,7 +12937,7 @@ 1 2 - 26651 + 26652 @@ -12961,8 +12956,8 @@ 10 - 25363 - 25364 + 25362 + 25363 10 @@ -12982,8 +12977,8 @@ 10 - 5373 - 5374 + 5372 + 5373 10 @@ -13015,7 +13010,7 @@ using_container - 575831 + 575839 parent @@ -13023,7 +13018,7 @@ child - 270034 + 270032 @@ -13088,22 +13083,22 @@ 1 2 - 95847 + 95840 2 3 - 119395 + 119399 3 4 - 19951 + 19952 4 5 - 26514 + 26515 5 @@ -13726,7 +13721,7 @@ params - 6969126 + 6969125 id @@ -14040,7 +14035,7 @@ 2 3 - 236496 + 236495 3 @@ -14572,19 +14567,19 @@ localvariables - 724660 + 724508 id - 724660 + 724508 type_id - 53317 + 53305 name - 101453 + 101431 @@ -14598,7 +14593,7 @@ 1 2 - 724660 + 724508 @@ -14614,7 +14609,7 @@ 1 2 - 724660 + 724508 @@ -14630,32 +14625,32 @@ 1 2 - 28825 + 28819 2 3 - 7801 + 7799 3 4 - 4034 + 4033 4 6 - 4058 + 4057 6 12 - 4106 + 4105 12 163 - 4002 + 4001 164 @@ -14676,17 +14671,17 @@ 1 2 - 38261 + 38253 2 3 - 6707 + 6705 3 5 - 4470 + 4469 5 @@ -14707,32 +14702,32 @@ 1 2 - 62429 + 62415 2 3 - 16010 + 16007 3 4 - 6527 + 6525 4 8 - 8141 + 8139 8 137 - 7617 + 7616 137 7546 - 727 + 726 @@ -14748,17 +14743,17 @@ 1 2 - 84435 + 84417 2 3 - 8396 + 8395 3 15 - 7669 + 7668 15 @@ -14841,15 +14836,15 @@ orphaned_variables - 43619 + 43621 var - 43619 + 43621 function - 40400 + 40402 @@ -14863,7 +14858,7 @@ 1 2 - 43619 + 43621 @@ -14879,7 +14874,7 @@ 1 2 - 39562 + 39564 2 @@ -16504,7 +16499,7 @@ type_id - 1926175 + 1926174 @@ -16757,7 +16752,7 @@ 1 2 - 1303435 + 1303434 2 @@ -17409,15 +17404,15 @@ typedefbase - 1757438 + 1757492 id - 1757438 + 1757492 type_id - 835004 + 835030 @@ -17431,7 +17426,7 @@ 1 2 - 1757438 + 1757492 @@ -17447,22 +17442,22 @@ 1 2 - 660513 + 660534 2 3 - 80561 + 80564 3 6 - 63744 + 63746 6 4525 - 30184 + 30185 @@ -18236,15 +18231,15 @@ usertypes - 4198876 + 4199005 id - 4198876 + 4199005 name - 949190 + 949198 kind @@ -18262,7 +18257,7 @@ 1 2 - 4198876 + 4199005 @@ -18278,7 +18273,7 @@ 1 2 - 4198876 + 4199005 @@ -18299,17 +18294,17 @@ 2 3 - 161123 + 161107 3 8 - 71345 + 71369 8 33450 - 35751 + 35752 @@ -18325,12 +18320,12 @@ 1 2 - 897376 + 897382 2 10 - 51813 + 51815 @@ -18465,8 +18460,8 @@ 10 - 12272 - 12273 + 12270 + 12271 10 @@ -18482,11 +18477,11 @@ usertypesize - 1420199 + 1420243 id - 1420199 + 1420243 size @@ -18508,7 +18503,7 @@ 1 2 - 1420199 + 1420243 @@ -18524,7 +18519,7 @@ 1 2 - 1420199 + 1420243 @@ -18782,11 +18777,11 @@ usertype_alias_kind - 1757438 + 1757492 id - 1757438 + 1757492 alias_kind @@ -18804,7 +18799,7 @@ 1 2 - 1757438 + 1757492 @@ -18835,11 +18830,11 @@ nontype_template_parameters - 753465 + 753499 id - 753465 + 753499 @@ -19050,59 +19045,59 @@ is_pod_class - 607922 + 607950 id - 607922 + 607950 is_standard_layout_class - 1181932 + 1181968 id - 1181932 + 1181968 is_complete - 1402166 + 1402209 id - 1402166 + 1402209 is_class_template - 230414 + 230421 id - 230414 + 230421 class_instantiation - 1182540 + 1182545 to - 1179520 + 1179556 from - 71723 + 71725 @@ -19116,12 +19111,12 @@ 1 2 - 1177402 + 1177470 2 8 - 2117 + 2086 @@ -19142,7 +19137,7 @@ 2 3 - 12769 + 12770 3 @@ -19167,17 +19162,17 @@ 10 17 - 5850 + 5860 17 52 - 5409 + 5399 52 4358 - 3742 + 3743 @@ -19187,11 +19182,11 @@ class_template_argument - 2998534 + 2998626 type_id - 1422055 + 1422098 index @@ -19199,7 +19194,7 @@ arg_type - 844136 + 844162 @@ -19213,27 +19208,27 @@ 1 2 - 599054 + 599073 2 3 - 433884 + 433897 3 4 - 263356 + 263364 4 8 - 107663 + 107667 8 113 - 18095 + 18096 @@ -19249,22 +19244,22 @@ 1 2 - 627907 + 627926 2 3 - 448038 + 448051 3 4 - 263419 + 263427 4 113 - 82690 + 82692 @@ -19372,22 +19367,22 @@ 1 2 - 523955 + 523971 2 3 - 174574 + 174580 3 5 - 77678 + 77680 5 44 - 63440 + 63442 44 @@ -19408,12 +19403,12 @@ 1 2 - 737060 + 737082 2 3 - 87806 + 87809 3 @@ -19428,11 +19423,11 @@ class_template_argument_value - 508345 + 508368 type_id - 208910 + 208919 index @@ -19440,7 +19435,7 @@ arg_value - 508211 + 508234 @@ -19454,17 +19449,17 @@ 1 2 - 159691 + 159699 2 3 - 42680 + 42682 3 8 - 6537 + 6538 @@ -19480,12 +19475,12 @@ 1 2 - 151947 + 151953 2 3 - 39830 + 39832 3 @@ -19623,7 +19618,7 @@ 1 2 - 508077 + 508100 2 @@ -19644,7 +19639,95 @@ 1 2 - 508211 + 508234 + + + + + + + + + class_template_generated_from + 61398 + + + template + 61398 + + + from + 3732 + + + + + template + from + + + 12 + + + 1 + 2 + 61398 + + + + + + + from + template + + + 12 + + + 1 + 2 + 1509 + + + 2 + 3 + 471 + + + 3 + 5 + 209 + + + 5 + 6 + 178 + + + 6 + 7 + 262 + + + 7 + 10 + 262 + + + 10 + 16 + 283 + + + 16 + 63 + 335 + + + 63 + 603 + 220 @@ -19654,15 +19737,15 @@ is_proxy_class_for - 50199 + 50200 id - 50199 + 50200 templ_param_id - 46896 + 46897 @@ -19676,7 +19759,7 @@ 1 2 - 50199 + 50200 @@ -19692,7 +19775,7 @@ 1 2 - 46141 + 46143 2 @@ -19719,7 +19802,7 @@ location - 5858727 + 5858726 kind @@ -19903,7 +19986,7 @@ 1 2 - 5813023 + 5813022 2 @@ -19924,7 +20007,7 @@ 1 2 - 5813023 + 5813022 2 @@ -19945,7 +20028,7 @@ 1 2 - 5858727 + 5858726 @@ -20014,15 +20097,15 @@ function_instantiation - 958487 + 958530 to - 958487 + 958530 from - 179842 + 179850 @@ -20036,7 +20119,7 @@ 1 2 - 958487 + 958530 @@ -20052,22 +20135,22 @@ 1 2 - 108830 + 108835 2 3 - 42144 + 42146 3 9 - 14215 + 14216 9 104 - 13511 + 13512 119 @@ -20082,11 +20165,11 @@ function_template_argument - 2445838 + 2445949 function_id - 1430522 + 1430587 index @@ -20094,7 +20177,7 @@ arg_type - 293265 + 293279 @@ -20108,22 +20191,22 @@ 1 2 - 770766 + 770800 2 3 - 406656 + 406674 3 4 - 169146 + 169154 4 15 - 83953 + 83956 @@ -20139,22 +20222,22 @@ 1 2 - 789608 + 789644 2 3 - 404778 + 404797 3 4 - 167001 + 167008 4 9 - 69133 + 69137 @@ -20292,12 +20375,12 @@ 1 2 - 171996 + 172004 2 3 - 25883 + 25884 3 @@ -20307,17 +20390,17 @@ 4 6 - 22429 + 22430 6 11 - 22932 + 22933 11 76 - 22999 + 23000 79 @@ -20338,12 +20421,12 @@ 1 2 - 252697 + 252708 2 3 - 31650 + 31651 3 @@ -20358,11 +20441,11 @@ function_template_argument_value - 445548 + 445568 function_id - 193655 + 193664 index @@ -20370,7 +20453,7 @@ arg_value - 442899 + 442919 @@ -20384,12 +20467,12 @@ 1 2 - 148996 + 149003 2 3 - 42211 + 42213 3 @@ -20410,12 +20493,12 @@ 1 2 - 142190 + 142197 2 3 - 36109 + 36110 3 @@ -20563,7 +20646,7 @@ 1 2 - 440251 + 440270 2 @@ -20584,7 +20667,110 @@ 1 2 - 442899 + 442919 + + + + + + + + + function_template_generated_from + 863408 + + + template + 863408 + + + from + 22129 + + + + + template + from + + + 12 + + + 1 + 2 + 863408 + + + + + + + from + template + + + 12 + + + 1 + 2 + 3587 + + + 2 + 3 + 1173 + + + 3 + 5 + 1676 + + + 5 + 8 + 1777 + + + 8 + 14 + 1676 + + + 16 + 20 + 1575 + + + 20 + 23 + 1676 + + + 23 + 32 + 1844 + + + 33 + 66 + 2045 + + + 70 + 79 + 1374 + + + 83 + 110 + 1844 + + + 111 + 370 + 1877 @@ -21088,28 +21274,76 @@ + + variable_template_generated_from + 492 + + + template + 492 + + + from + 246 + + + + + template + from + + + 12 + + + 1 + 2 + 492 + + + + + + + from + template + + + 12 + + + 2 + 3 + 246 + + + + + + + is_alias_template - 107388 + 107393 id - 107388 + 107393 alias_instantiation - 459629 + 459650 to - 459629 + 459650 from - 92200 + 92205 @@ -21123,7 +21357,7 @@ 1 2 - 459629 + 459650 @@ -21144,12 +21378,12 @@ 2 3 - 16797 + 16798 3 4 - 20015 + 20016 4 @@ -21169,7 +21403,7 @@ 8 10 - 7811 + 7812 10 @@ -21189,11 +21423,11 @@ alias_template_argument - 993020 + 993065 - variable_id - 566951 + type_id + 566977 index @@ -21201,12 +21435,12 @@ arg_type - 127706 + 127712 - variable_id + type_id index @@ -21215,29 +21449,29 @@ 1 2 - 276166 + 276179 2 3 - 182323 + 182331 3 4 - 86903 + 86907 4 10 - 21558 + 21559 - variable_id + type_id arg_type @@ -21246,17 +21480,17 @@ 1 2 - 277407 + 277419 2 3 - 181116 + 181124 3 4 - 88345 + 88349 4 @@ -21269,7 +21503,7 @@ index - variable_id + type_id 12 @@ -21381,7 +21615,7 @@ arg_type - variable_id + type_id 12 @@ -21389,12 +21623,12 @@ 1 2 - 78152 + 78156 2 3 - 20284 + 20285 3 @@ -21404,7 +21638,7 @@ 4 6 - 10460 + 10461 6 @@ -21430,12 +21664,12 @@ 1 2 - 108797 + 108801 2 3 - 17300 + 17301 3 @@ -21450,11 +21684,11 @@ alias_template_argument_value - 173170 + 173177 - variable_id - 160597 + type_id + 160604 index @@ -21462,12 +21696,12 @@ arg_value - 173170 + 173177 - variable_id + type_id index @@ -21476,7 +21710,7 @@ 1 2 - 159356 + 159363 2 @@ -21488,7 +21722,7 @@ - variable_id + type_id arg_value @@ -21497,7 +21731,7 @@ 1 2 - 158686 + 158693 2 @@ -21510,7 +21744,7 @@ index - variable_id + type_id 12 @@ -21572,7 +21806,7 @@ arg_value - variable_id + type_id 12 @@ -21580,7 +21814,7 @@ 1 2 - 173170 + 173177 @@ -21596,7 +21830,115 @@ 1 2 - 173170 + 173177 + + + + + + + + + alias_template_generated_from + 99816 + + + template + 99816 + + + from + 1911 + + + + + template + from + + + 12 + + + 1 + 2 + 99816 + + + + + + + from + template + + + 12 + + + 1 + 2 + 134 + + + 2 + 4 + 134 + + + 4 + 8 + 134 + + + 9 + 18 + 167 + + + 18 + 20 + 134 + + + 20 + 21 + 201 + + + 31 + 32 + 134 + + + 43 + 50 + 134 + + + 64 + 65 + 67 + + + 65 + 66 + 134 + + + 74 + 84 + 167 + + + 111 + 112 + 268 + + + 150 + 294 + 100 @@ -22270,22 +22612,22 @@ is_type_constraint - 36672 + 36673 concept_id - 36672 + 36673 concept_template_argument - 112670 + 112671 concept_id - 76125 + 76126 index @@ -22307,7 +22649,7 @@ 1 2 - 46316 + 46317 2 @@ -22643,15 +22985,15 @@ routinetypes - 594947 + 594974 id - 594947 + 594974 return_type - 279385 + 279398 @@ -22665,7 +23007,7 @@ 1 2 - 594947 + 594974 @@ -22681,12 +23023,12 @@ 1 2 - 230401 + 230412 2 3 - 34667 + 34669 3 @@ -23125,7 +23467,7 @@ 1 2 - 7705 + 7706 2 @@ -23146,7 +23488,7 @@ 1 2 - 7705 + 7706 2 @@ -23271,11 +23613,11 @@ typespecifiers - 849756 + 849782 type_id - 844650 + 844676 spec_id @@ -23293,12 +23635,12 @@ 1 2 - 839544 + 839570 2 3 - 5105 + 5106 @@ -23522,7 +23864,7 @@ varspecifiers - 3216567 + 3216566 var_id @@ -24764,11 +25106,11 @@ attribute_arg_value - 16428 + 16429 arg - 16428 + 16429 value @@ -24786,7 +25128,7 @@ 1 2 - 16428 + 16429 @@ -24920,15 +25262,15 @@ attribute_arg_constant - 71325 + 71243 arg - 71325 + 71243 constant - 71325 + 71243 @@ -24942,7 +25284,7 @@ 1 2 - 71325 + 71243 @@ -24958,7 +25300,7 @@ 1 2 - 71325 + 71243 @@ -25253,7 +25595,7 @@ namespaceattributes - 5900 + 5901 namespace_id @@ -25261,7 +25603,7 @@ spec_id - 5900 + 5901 @@ -25301,7 +25643,7 @@ 1 2 - 5900 + 5901 @@ -25379,11 +25721,11 @@ unspecifiedtype - 7381948 + 7381947 type_id - 7381948 + 7381947 unspecified_type_id @@ -25401,7 +25743,7 @@ 1 2 - 7381948 + 7381947 @@ -25442,7 +25784,7 @@ member - 4133758 + 4133757 parent @@ -25763,15 +26105,15 @@ enclosingfunction - 114593 + 114597 child - 114593 + 114597 parent - 68861 + 68863 @@ -25785,7 +26127,7 @@ 1 2 - 114593 + 114597 @@ -25801,7 +26143,7 @@ 1 2 - 37345 + 37346 2 @@ -25811,7 +26153,7 @@ 3 5 - 6038 + 6039 5 @@ -25826,15 +26168,15 @@ derivations - 491380 + 491402 derivation - 491380 + 491402 sub - 469990 + 470011 index @@ -25842,11 +26184,11 @@ super - 238951 + 238962 location - 34835 + 34836 @@ -25860,7 +26202,7 @@ 1 2 - 491380 + 491402 @@ -25876,7 +26218,7 @@ 1 2 - 491380 + 491402 @@ -25892,7 +26234,7 @@ 1 2 - 491380 + 491402 @@ -25908,7 +26250,7 @@ 1 2 - 491380 + 491402 @@ -25924,12 +26266,12 @@ 1 2 - 453729 + 453749 2 9 - 16260 + 16261 @@ -25945,12 +26287,12 @@ 1 2 - 453729 + 453749 2 8 - 16260 + 16261 @@ -25966,12 +26308,12 @@ 1 2 - 453729 + 453749 2 9 - 16260 + 16261 @@ -25987,12 +26329,12 @@ 1 2 - 453729 + 453749 2 8 - 16260 + 16261 @@ -26147,7 +26489,7 @@ 1 2 - 229194 + 229205 2 @@ -26168,7 +26510,7 @@ 1 2 - 229194 + 229205 2 @@ -26189,7 +26531,7 @@ 1 2 - 238515 + 238526 2 @@ -26210,7 +26552,7 @@ 1 2 - 233586 + 233597 2 @@ -26231,7 +26573,7 @@ 1 2 - 25849 + 25850 2 @@ -26267,7 +26609,7 @@ 1 2 - 25849 + 25850 2 @@ -26303,7 +26645,7 @@ 1 2 - 34835 + 34836 @@ -26319,7 +26661,7 @@ 1 2 - 28163 + 28164 2 @@ -26344,11 +26686,11 @@ derspecifiers - 493124 + 493146 der_id - 490944 + 490966 spec_id @@ -26366,7 +26708,7 @@ 1 2 - 488765 + 488787 2 @@ -26412,11 +26754,11 @@ direct_base_offsets - 464893 + 464914 der_id - 464893 + 464914 offset @@ -26434,7 +26776,7 @@ 1 2 - 464893 + 464914 @@ -26631,19 +26973,19 @@ frienddecls - 760573 + 759702 id - 760573 + 759702 type_id - 53845 + 53847 decl_id - 99677 + 99782 location @@ -26661,7 +27003,7 @@ 1 2 - 760573 + 759702 @@ -26677,7 +27019,7 @@ 1 2 - 760573 + 759702 @@ -26693,7 +27035,7 @@ 1 2 - 760573 + 759702 @@ -26714,17 +27056,17 @@ 2 3 - 24743 + 24778 3 8 - 4760 + 4794 8 17 - 4693 + 4627 17 @@ -26739,7 +27081,7 @@ 45 81 - 4693 + 4694 102 @@ -26765,17 +27107,17 @@ 2 3 - 24743 + 24778 3 8 - 4760 + 4794 8 17 - 4693 + 4627 17 @@ -26790,7 +27132,7 @@ 45 81 - 4693 + 4694 102 @@ -26811,7 +27153,7 @@ 1 2 - 52504 + 52506 2 @@ -26832,12 +27174,12 @@ 1 2 - 66652 + 66890 2 3 - 8180 + 8046 3 @@ -26847,17 +27189,17 @@ 9 24 - 7543 + 7544 24 - 127 - 7476 + 134 + 7544 135 191 - 704 + 637 @@ -26873,12 +27215,12 @@ 1 2 - 66652 + 66890 2 3 - 8180 + 8046 3 @@ -26888,17 +27230,17 @@ 9 24 - 7543 + 7544 24 - 127 - 7476 + 134 + 7544 135 191 - 704 + 637 @@ -26914,12 +27256,12 @@ 1 2 - 98470 + 98575 2 6 - 1206 + 1207 @@ -26939,7 +27281,7 @@ 2 - 22496 + 22469 368 @@ -26981,7 +27323,7 @@ 2 - 2841 + 2844 335 @@ -27000,7 +27342,7 @@ contents - 4246592 + 4246591 location @@ -27190,7 +27532,7 @@ converted - 9636898 + 9636897 conversion @@ -27239,22 +27581,22 @@ compgenerated - 9885829 + 9885625 id - 9885829 + 9885625 synthetic_destructor_call - 1661380 + 1661392 element - 1237278 + 1237287 i @@ -27262,7 +27604,7 @@ destructor_call - 1661380 + 1661392 @@ -27276,12 +27618,12 @@ 1 2 - 823569 + 823575 2 3 - 406951 + 406955 3 @@ -27302,12 +27644,12 @@ 1 2 - 823569 + 823575 2 3 - 406951 + 406955 3 @@ -27460,7 +27802,7 @@ 1 2 - 1661380 + 1661392 @@ -27476,7 +27818,7 @@ 1 2 - 1661380 + 1661392 @@ -27663,11 +28005,11 @@ exprparents - 19462196 + 19462195 expr_id - 19462196 + 19462195 child_index @@ -27675,7 +28017,7 @@ parent_id - 12945305 + 12945304 @@ -27689,7 +28031,7 @@ 1 2 - 19462196 + 19462195 @@ -27705,7 +28047,7 @@ 1 2 - 19462196 + 19462195 @@ -27869,22 +28211,22 @@ expr_isload - 6919046 + 6919045 expr_id - 6919046 + 6919045 conversionkinds - 6052845 + 6052846 expr_id - 6052845 + 6052846 kind @@ -27902,7 +28244,7 @@ 1 2 - 6052845 + 6052846 @@ -27946,8 +28288,8 @@ 1 - 5833723 - 5833724 + 5833724 + 5833725 1 @@ -27958,11 +28300,11 @@ iscall - 5772683 + 5772727 caller - 5772683 + 5772727 kind @@ -27980,7 +28322,7 @@ 1 2 - 5772683 + 5772727 @@ -28147,15 +28489,15 @@ namequalifiers - 3051466 + 3051489 id - 3051466 + 3051489 qualifiableelement - 3051466 + 3051489 qualifyingelement @@ -28163,7 +28505,7 @@ location - 558946 + 558951 @@ -28177,7 +28519,7 @@ 1 2 - 3051466 + 3051489 @@ -28193,7 +28535,7 @@ 1 2 - 3051466 + 3051489 @@ -28209,7 +28551,7 @@ 1 2 - 3051466 + 3051489 @@ -28225,7 +28567,7 @@ 1 2 - 3051466 + 3051489 @@ -28241,7 +28583,7 @@ 1 2 - 3051466 + 3051489 @@ -28257,7 +28599,7 @@ 1 2 - 3051466 + 3051489 @@ -28376,7 +28718,7 @@ 1 2 - 83267 + 83268 2 @@ -28386,7 +28728,7 @@ 6 7 - 396709 + 396712 7 @@ -28407,7 +28749,7 @@ 1 2 - 83267 + 83268 2 @@ -28417,7 +28759,7 @@ 6 7 - 396709 + 396712 7 @@ -28438,7 +28780,7 @@ 1 2 - 119491 + 119492 2 @@ -28448,7 +28790,7 @@ 4 5 - 412918 + 412921 5 @@ -28629,11 +28971,11 @@ expr_allocator - 44755 + 44756 expr - 44755 + 44756 func @@ -28655,7 +28997,7 @@ 1 2 - 44755 + 44756 @@ -28671,7 +29013,7 @@ 1 2 - 44755 + 44756 @@ -28755,11 +29097,11 @@ expr_deallocator - 52973 + 52976 expr - 52973 + 52976 func @@ -28781,7 +29123,7 @@ 1 2 - 52973 + 52976 @@ -28797,7 +29139,7 @@ 1 2 - 52973 + 52976 @@ -29046,11 +29388,11 @@ values - 13547188 + 13547187 id - 13547188 + 13547187 str @@ -29068,7 +29410,7 @@ 1 2 - 13547188 + 13547187 @@ -29114,11 +29456,11 @@ valuetext - 6648792 + 6648929 id - 6648792 + 6648929 text @@ -29136,7 +29478,7 @@ 1 2 - 6648792 + 6648929 @@ -29181,7 +29523,7 @@ val - 13547188 + 13547187 expr @@ -29199,7 +29541,7 @@ 1 2 - 13456978 + 13456977 2 @@ -29622,11 +29964,11 @@ initialisers - 2245055 + 2245054 init - 2245055 + 2245054 var @@ -29634,7 +29976,7 @@ expr - 2245055 + 2245054 location @@ -29652,7 +29994,7 @@ 1 2 - 2245055 + 2245054 @@ -29668,7 +30010,7 @@ 1 2 - 2245055 + 2245054 @@ -29684,7 +30026,7 @@ 1 2 - 2245055 + 2245054 @@ -29773,7 +30115,7 @@ 1 2 - 2245055 + 2245054 @@ -29789,7 +30131,7 @@ 1 2 - 2245055 + 2245054 @@ -29805,7 +30147,7 @@ 1 2 - 2245055 + 2245054 @@ -29903,26 +30245,26 @@ braced_initialisers - 67172 + 67182 init - 67172 + 67182 expr_ancestor - 1667324 + 1667337 exp - 1667324 + 1667337 ancestor - 834475 + 834481 @@ -29936,7 +30278,7 @@ 1 2 - 1667324 + 1667337 @@ -29957,7 +30299,7 @@ 2 3 - 807488 + 807494 3 @@ -29972,11 +30314,11 @@ exprs - 25220908 + 25220907 id - 25220908 + 25220907 kind @@ -29998,7 +30340,7 @@ 1 2 - 25220908 + 25220907 @@ -30014,7 +30356,7 @@ 1 2 - 25220908 + 25220907 @@ -30243,15 +30585,15 @@ expr_reuse - 841809 + 841815 reuse - 841809 + 841815 original - 841809 + 841815 value_category @@ -30269,7 +30611,7 @@ 1 2 - 841809 + 841815 @@ -30285,7 +30627,7 @@ 1 2 - 841809 + 841815 @@ -30301,7 +30643,7 @@ 1 2 - 841809 + 841815 @@ -30317,7 +30659,7 @@ 1 2 - 841809 + 841815 @@ -30369,11 +30711,11 @@ expr_types - 25220908 + 25220907 id - 25220908 + 25220907 typeid @@ -30395,7 +30737,7 @@ 1 2 - 25220908 + 25220907 @@ -30411,7 +30753,7 @@ 1 2 - 25220908 + 25220907 @@ -30672,11 +31014,11 @@ param_ref_to_this - 24978 + 24973 expr - 24978 + 24973 @@ -32019,15 +32361,15 @@ condition_decl_bind - 406396 + 406399 expr - 406396 + 406399 decl - 406396 + 406399 @@ -32041,7 +32383,7 @@ 1 2 - 406396 + 406399 @@ -32057,7 +32399,7 @@ 1 2 - 406396 + 406399 @@ -32067,15 +32409,15 @@ typeid_bind - 47139 + 47141 expr - 47139 + 47141 type_id - 15690 + 15691 @@ -32089,7 +32431,7 @@ 1 2 - 47139 + 47141 @@ -32105,12 +32447,12 @@ 1 2 - 2916 + 2917 2 3 - 12371 + 12372 3 @@ -33911,7 +34253,7 @@ location - 2675420 + 2675419 @@ -34428,15 +34770,15 @@ if_else - 434387 + 434390 if_stmt - 434387 + 434390 else_id - 434387 + 434390 @@ -34450,7 +34792,7 @@ 1 2 - 434387 + 434390 @@ -34466,7 +34808,7 @@ 1 2 - 434387 + 434390 @@ -34860,11 +35202,11 @@ switch_case - 830946 + 830953 switch_stmt - 409304 + 409307 index @@ -34872,7 +35214,7 @@ case_id - 830946 + 830953 @@ -34891,7 +35233,7 @@ 2 3 - 406438 + 406441 3 @@ -34917,7 +35259,7 @@ 2 3 - 406438 + 406441 3 @@ -35080,7 +35422,7 @@ 1 2 - 830946 + 830953 @@ -35096,7 +35438,7 @@ 1 2 - 830946 + 830953 @@ -35106,15 +35448,15 @@ switch_body - 409304 + 409307 switch_stmt - 409304 + 409307 body_id - 409304 + 409307 @@ -35128,7 +35470,7 @@ 1 2 - 409304 + 409307 @@ -35144,7 +35486,7 @@ 1 2 - 409304 + 409307 @@ -35602,11 +35944,11 @@ ishandler - 43026 + 43039 block - 43026 + 43039 @@ -35617,7 +35959,7 @@ stmt - 712863 + 712862 num @@ -35823,7 +36165,7 @@ stmt - 712863 + 712862 num @@ -36264,11 +36606,11 @@ preprocdirects - 5334449 + 5334448 id - 5334449 + 5334448 kind @@ -36290,7 +36632,7 @@ 1 2 - 5334449 + 5334448 @@ -36306,7 +36648,7 @@ 1 2 - 5334449 + 5334448 @@ -36711,15 +37053,15 @@ includes - 316281 + 316291 id - 316281 + 316291 included - 58261 + 58263 @@ -36733,7 +37075,7 @@ 1 2 - 316281 + 316291 @@ -36749,7 +37091,7 @@ 1 2 - 28831 + 28832 2 @@ -36774,7 +37116,7 @@ 11 47 - 4371 + 4372 47 @@ -36885,11 +37227,11 @@ link_parent - 30702235 + 30703622 element - 3901138 + 3901314 link_target @@ -36907,17 +37249,17 @@ 1 2 - 531747 + 531771 2 9 - 26989 + 26990 9 10 - 3342400 + 3342551 From 0e6257de2d55b4bb13a392e3bccd135794bd96d6 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Thu, 21 May 2026 10:11:20 +0200 Subject: [PATCH 26/27] C++: Fix QLDoc wording --- cpp/ql/lib/semmle/code/cpp/Class.qll | 2 +- cpp/ql/lib/semmle/code/cpp/Function.qll | 2 +- cpp/ql/lib/semmle/code/cpp/TypedefType.qll | 2 +- cpp/ql/lib/semmle/code/cpp/Variable.qll | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/Class.qll b/cpp/ql/lib/semmle/code/cpp/Class.qll index 74b2f1918c90..708cbdb4d50b 100644 --- a/cpp/ql/lib/semmle/code/cpp/Class.qll +++ b/cpp/ql/lib/semmle/code/cpp/Class.qll @@ -901,7 +901,7 @@ class TemplateClass extends Class { * * This predicate only has results for templates that are members of class * template instantiations. For example, for `MyTemplateClass::C` - * in the following code, this predicate holds for `MyTemplateClass::C`. + * in the following code, the result is `MyTemplateClass::C`. * ```cpp * template * class MyTemplateClass { diff --git a/cpp/ql/lib/semmle/code/cpp/Function.qll b/cpp/ql/lib/semmle/code/cpp/Function.qll index 4b8e78d897e9..f97addd2a0bd 100644 --- a/cpp/ql/lib/semmle/code/cpp/Function.qll +++ b/cpp/ql/lib/semmle/code/cpp/Function.qll @@ -834,7 +834,7 @@ class TemplateFunction extends Function { * * This predicate only has results for templates that are members of class * template instantiations. For example, for `MyTemplateClass::f` - * in the following code, this predicate holds for `MyTemplateClass::f`. + * in the following code, the result is `MyTemplateClass::f`. * ```cpp * template * class MyTemplateClass { diff --git a/cpp/ql/lib/semmle/code/cpp/TypedefType.qll b/cpp/ql/lib/semmle/code/cpp/TypedefType.qll index b79626ad8b86..69eb8f881d29 100644 --- a/cpp/ql/lib/semmle/code/cpp/TypedefType.qll +++ b/cpp/ql/lib/semmle/code/cpp/TypedefType.qll @@ -136,7 +136,7 @@ class AliasTemplateType extends TypeAliasType { * * This predicate only has results for templates that are members of class * template instantiations. For example, for `MyTemplateClass::t` - * in the following code, this predicate holds for `MyTemplateClass::t`. + * in the following code, the result is `MyTemplateClass::t`. * ```cpp * template * class MyTemplateClass { diff --git a/cpp/ql/lib/semmle/code/cpp/Variable.qll b/cpp/ql/lib/semmle/code/cpp/Variable.qll index 7a87d95fcf28..be46d69b41f4 100644 --- a/cpp/ql/lib/semmle/code/cpp/Variable.qll +++ b/cpp/ql/lib/semmle/code/cpp/Variable.qll @@ -620,7 +620,7 @@ class TemplateVariable extends Variable { * * This predicate only has results for templates that are members of class * template instantiations. For example, for `MyTemplateClass::x` - * in the following code, this predicate holds for `MyTemplateClass::x`. + * in the following code, the result is `MyTemplateClass::x`. * ```cpp * template * class MyTemplateClass { From 8ad461be98aba1b822452175aa15f69e1c764b4e Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Thu, 21 May 2026 10:11:41 +0200 Subject: [PATCH 27/27] C++: Add change note --- cpp/ql/lib/change-notes/2026-05-21-generated-from.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 cpp/ql/lib/change-notes/2026-05-21-generated-from.md diff --git a/cpp/ql/lib/change-notes/2026-05-21-generated-from.md b/cpp/ql/lib/change-notes/2026-05-21-generated-from.md new file mode 100644 index 000000000000..bf3ddcb1070b --- /dev/null +++ b/cpp/ql/lib/change-notes/2026-05-21-generated-from.md @@ -0,0 +1,4 @@ +--- +category: feature +--- +* Added a `getOriginalTemplate` predicate to `TemplateClass`, `TemplateFunction`, `TemplateVariable`, and `AliasTemplateType`, which yields the class member template the template was generated from. The predicates only have results for templates that are members of class template instantiations.