github
diff --git a/‎cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/ProductFlow.qll
Lines changed: 8 additions & 8 deletions b/‎cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/ProductFlow.qll
Lines changed: 8 additions & 8 deletions
diff --git a/‎cpp/ql/test/experimental/query-tests/Security/CWE/CWE-078/WordexpTainted.expected
Lines changed: 1 addition & 1 deletion b/‎cpp/ql/test/experimental/query-tests/Security/CWE/CWE-078/WordexpTainted.expected
Lines changed: 1 addition & 1 deletion
diff --git a/‎cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/AllocMultiplicationOverflow/AllocMultiplicationOverflow.expected
Lines changed: 3 additions & 3 deletions b/‎cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/AllocMultiplicationOverflow/AllocMultiplicationOverflow.expected
Lines changed: 3 additions & 3 deletions
diff --git a/‎cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/array-access/ArrayAccessProductFlow.expected
Lines changed: 39 additions & 39 deletions b/‎cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/array-access/ArrayAccessProductFlow.expected
Lines changed: 39 additions & 39 deletions
@@ -507,13 +507,13 @@ module ProductFlow {
     private predicate pathSuccPlus(TNodePair n1, TNodePair n2) = fastTC(pathSucc/2)(n1, n2)
 
     private predicate localPathStep1(Flow1::PathNode pred, Flow1::PathNode succ) {
-      Flow1::PathGraph::edges(pred, succ) and
+      Flow1::PathGraph::edges(pred, succ, _, _) and
       pragma[only_bind_out](pred.getNode().getEnclosingCallable()) =
         pragma[only_bind_out](succ.getNode().getEnclosingCallable())
     }
 
     private predicate localPathStep2(Flow2::PathNode pred, Flow2::PathNode succ) {
-      Flow2::PathGraph::edges(pred, succ) and
+      Flow2::PathGraph::edges(pred, succ, _, _) and
       pragma[only_bind_out](pred.getNode().getEnclosingCallable()) =
         pragma[only_bind_out](succ.getNode().getEnclosingCallable())
     }
@@ -530,7 +530,7 @@ module ProductFlow {
       TJump()
 
     private predicate intoImpl1(Flow1::PathNode pred1, Flow1::PathNode succ1, DataFlowCall call) {
-      Flow1::PathGraph::edges(pred1, succ1) and
+      Flow1::PathGraph::edges(pred1, succ1, _, _) and
       pred1.getNode().(ArgumentNode).getCall() = call and
       succ1.getNode() instanceof ParameterNode
     }
@@ -543,7 +543,7 @@ module ProductFlow {
     }
 
     private predicate outImpl1(Flow1::PathNode pred1, Flow1::PathNode succ1, DataFlowCall call) {
-      Flow1::PathGraph::edges(pred1, succ1) and
+      Flow1::PathGraph::edges(pred1, succ1, _, _) and
       exists(ReturnKindExt returnKind |
         succ1.getNode() = returnKind.getAnOutNode(call) and
         pred1.getNode().(ReturnNodeExt).getKind() = returnKind
@@ -558,7 +558,7 @@ module ProductFlow {
     }
 
     private predicate intoImpl2(Flow2::PathNode pred2, Flow2::PathNode succ2, DataFlowCall call) {
-      Flow2::PathGraph::edges(pred2, succ2) and
+      Flow2::PathGraph::edges(pred2, succ2, _, _) and
       pred2.getNode().(ArgumentNode).getCall() = call and
       succ2.getNode() instanceof ParameterNode
     }
@@ -571,7 +571,7 @@ module ProductFlow {
     }
 
     private predicate outImpl2(Flow2::PathNode pred2, Flow2::PathNode succ2, DataFlowCall call) {
-      Flow2::PathGraph::edges(pred2, succ2) and
+      Flow2::PathGraph::edges(pred2, succ2, _, _) and
       exists(ReturnKindExt returnKind |
         succ2.getNode() = returnKind.getAnOutNode(call) and
         pred2.getNode().(ReturnNodeExt).getKind() = returnKind
@@ -590,7 +590,7 @@ module ProductFlow {
       Declaration predDecl, Declaration succDecl, Flow1::PathNode pred1, Flow1::PathNode succ1,
       TKind kind
     ) {
-      Flow1::PathGraph::edges(pred1, succ1) and
+      Flow1::PathGraph::edges(pred1, succ1, _, _) and
       predDecl != succDecl and
       pred1.getNode().getEnclosingCallable() = predDecl and
       succ1.getNode().getEnclosingCallable() = succDecl and
@@ -610,7 +610,7 @@ module ProductFlow {
       Declaration predDecl, Declaration succDecl, Flow2::PathNode pred2, Flow2::PathNode succ2,
       TKind kind
     ) {
-      Flow2::PathGraph::edges(pred2, succ2) and
+      Flow2::PathGraph::edges(pred2, succ2, _, _) and
       predDecl != succDecl and
       pred2.getNode().getEnclosingCallable() = predDecl and
       succ2.getNode().getEnclosingCallable() = succDecl and
 
@@ -1,5 +1,5 @@
 edges
-| test.cpp:22:27:22:30 | **argv | test.cpp:29:13:29:20 | *filePath |
+| test.cpp:22:27:22:30 | **argv | test.cpp:29:13:29:20 | *filePath | provenance |  |
 nodes
 | test.cpp:22:27:22:30 | **argv | semmle.label | **argv |
 | test.cpp:29:13:29:20 | *filePath | semmle.label | *filePath |
 
@@ -1,7 +1,7 @@
 edges
-| test.cpp:22:17:22:21 | ... * ... | test.cpp:23:33:23:37 | size1 |
-| test.cpp:37:24:37:27 | size | test.cpp:37:46:37:49 | size |
-| test.cpp:45:36:45:40 | ... * ... | test.cpp:37:24:37:27 | size |
+| test.cpp:22:17:22:21 | ... * ... | test.cpp:23:33:23:37 | size1 | provenance |  |
+| test.cpp:37:24:37:27 | size | test.cpp:37:46:37:49 | size | provenance |  |
+| test.cpp:45:36:45:40 | ... * ... | test.cpp:37:24:37:27 | size | provenance |  |
 nodes
 | test.cpp:13:33:13:37 | ... * ... | semmle.label | ... * ... |
 | test.cpp:15:31:15:35 | ... * ... | semmle.label | ... * ... |
 
@@ -1,43 +1,43 @@
 edges
-| test.cpp:4:17:4:22 | call to malloc | test.cpp:6:9:6:11 | arr |
-| test.cpp:4:17:4:22 | call to malloc | test.cpp:10:9:10:11 | arr |
-| test.cpp:19:9:19:16 | *mk_array [p] | test.cpp:28:19:28:26 | call to mk_array [p] |
-| test.cpp:19:9:19:16 | *mk_array [p] | test.cpp:50:18:50:25 | call to mk_array [p] |
-| test.cpp:21:5:21:7 | *arr [post update] [p] | test.cpp:22:5:22:7 | *arr [p] |
-| test.cpp:21:5:21:24 | ... = ... | test.cpp:21:5:21:7 | *arr [post update] [p] |
-| test.cpp:21:13:21:18 | call to malloc | test.cpp:21:5:21:24 | ... = ... |
-| test.cpp:22:5:22:7 | *arr [p] | test.cpp:19:9:19:16 | *mk_array [p] |
-| test.cpp:28:19:28:26 | call to mk_array [p] | test.cpp:31:9:31:11 | *arr [p] |
-| test.cpp:28:19:28:26 | call to mk_array [p] | test.cpp:35:9:35:11 | *arr [p] |
-| test.cpp:31:9:31:11 | *arr [p] | test.cpp:31:13:31:13 | p |
-| test.cpp:35:9:35:11 | *arr [p] | test.cpp:35:13:35:13 | p |
-| test.cpp:39:27:39:29 | arr [p] | test.cpp:41:9:41:11 | *arr [p] |
-| test.cpp:39:27:39:29 | arr [p] | test.cpp:45:9:45:11 | *arr [p] |
-| test.cpp:41:9:41:11 | *arr [p] | test.cpp:41:13:41:13 | p |
-| test.cpp:45:9:45:11 | *arr [p] | test.cpp:45:13:45:13 | p |
-| test.cpp:50:18:50:25 | call to mk_array [p] | test.cpp:39:27:39:29 | arr [p] |
-| test.cpp:55:5:55:7 | *arr [post update] [p] | test.cpp:56:5:56:7 | *arr [p] |
-| test.cpp:55:5:55:24 | ... = ... | test.cpp:55:5:55:7 | *arr [post update] [p] |
-| test.cpp:55:13:55:18 | call to malloc | test.cpp:55:5:55:24 | ... = ... |
-| test.cpp:56:5:56:7 | *arr [p] | test.cpp:59:9:59:11 | *arr [p] |
-| test.cpp:56:5:56:7 | *arr [p] | test.cpp:63:9:63:11 | *arr [p] |
-| test.cpp:59:9:59:11 | *arr [p] | test.cpp:59:13:59:13 | p |
-| test.cpp:63:9:63:11 | *arr [p] | test.cpp:63:13:63:13 | p |
-| test.cpp:67:10:67:19 | **mk_array_p [p] | test.cpp:76:20:76:29 | *call to mk_array_p [p] |
-| test.cpp:67:10:67:19 | **mk_array_p [p] | test.cpp:98:18:98:27 | *call to mk_array_p [p] |
-| test.cpp:69:5:69:7 | *arr [post update] [p] | test.cpp:70:5:70:7 | *arr [p] |
-| test.cpp:69:5:69:25 | ... = ... | test.cpp:69:5:69:7 | *arr [post update] [p] |
-| test.cpp:69:14:69:19 | call to malloc | test.cpp:69:5:69:25 | ... = ... |
-| test.cpp:70:5:70:7 | *arr [p] | test.cpp:67:10:67:19 | **mk_array_p [p] |
-| test.cpp:76:20:76:29 | *call to mk_array_p [p] | test.cpp:79:9:79:11 | *arr [p] |
-| test.cpp:76:20:76:29 | *call to mk_array_p [p] | test.cpp:83:9:83:11 | *arr [p] |
-| test.cpp:79:9:79:11 | *arr [p] | test.cpp:79:14:79:14 | p |
-| test.cpp:83:9:83:11 | *arr [p] | test.cpp:83:14:83:14 | p |
-| test.cpp:87:28:87:30 | *arr [p] | test.cpp:89:9:89:11 | *arr [p] |
-| test.cpp:87:28:87:30 | *arr [p] | test.cpp:93:9:93:11 | *arr [p] |
-| test.cpp:89:9:89:11 | *arr [p] | test.cpp:89:14:89:14 | p |
-| test.cpp:93:9:93:11 | *arr [p] | test.cpp:93:14:93:14 | p |
-| test.cpp:98:18:98:27 | *call to mk_array_p [p] | test.cpp:87:28:87:30 | *arr [p] |
+| test.cpp:4:17:4:22 | call to malloc | test.cpp:6:9:6:11 | arr | provenance |  |
+| test.cpp:4:17:4:22 | call to malloc | test.cpp:10:9:10:11 | arr | provenance |  |
+| test.cpp:19:9:19:16 | *mk_array [p] | test.cpp:28:19:28:26 | call to mk_array [p] | provenance |  |
+| test.cpp:19:9:19:16 | *mk_array [p] | test.cpp:50:18:50:25 | call to mk_array [p] | provenance |  |
+| test.cpp:21:5:21:7 | *arr [post update] [p] | test.cpp:22:5:22:7 | *arr [p] | provenance |  |
+| test.cpp:21:5:21:24 | ... = ... | test.cpp:21:5:21:7 | *arr [post update] [p] | provenance |  |
+| test.cpp:21:13:21:18 | call to malloc | test.cpp:21:5:21:24 | ... = ... | provenance |  |
+| test.cpp:22:5:22:7 | *arr [p] | test.cpp:19:9:19:16 | *mk_array [p] | provenance |  |
+| test.cpp:28:19:28:26 | call to mk_array [p] | test.cpp:31:9:31:11 | *arr [p] | provenance |  |
+| test.cpp:28:19:28:26 | call to mk_array [p] | test.cpp:35:9:35:11 | *arr [p] | provenance |  |
+| test.cpp:31:9:31:11 | *arr [p] | test.cpp:31:13:31:13 | p | provenance |  |
+| test.cpp:35:9:35:11 | *arr [p] | test.cpp:35:13:35:13 | p | provenance |  |
+| test.cpp:39:27:39:29 | arr [p] | test.cpp:41:9:41:11 | *arr [p] | provenance |  |
+| test.cpp:39:27:39:29 | arr [p] | test.cpp:45:9:45:11 | *arr [p] | provenance |  |
+| test.cpp:41:9:41:11 | *arr [p] | test.cpp:41:13:41:13 | p | provenance |  |
+| test.cpp:45:9:45:11 | *arr [p] | test.cpp:45:13:45:13 | p | provenance |  |
+| test.cpp:50:18:50:25 | call to mk_array [p] | test.cpp:39:27:39:29 | arr [p] | provenance |  |
+| test.cpp:55:5:55:7 | *arr [post update] [p] | test.cpp:56:5:56:7 | *arr [p] | provenance |  |
+| test.cpp:55:5:55:24 | ... = ... | test.cpp:55:5:55:7 | *arr [post update] [p] | provenance |  |
+| test.cpp:55:13:55:18 | call to malloc | test.cpp:55:5:55:24 | ... = ... | provenance |  |
+| test.cpp:56:5:56:7 | *arr [p] | test.cpp:59:9:59:11 | *arr [p] | provenance |  |
+| test.cpp:56:5:56:7 | *arr [p] | test.cpp:63:9:63:11 | *arr [p] | provenance |  |
+| test.cpp:59:9:59:11 | *arr [p] | test.cpp:59:13:59:13 | p | provenance |  |
+| test.cpp:63:9:63:11 | *arr [p] | test.cpp:63:13:63:13 | p | provenance |  |
+| test.cpp:67:10:67:19 | **mk_array_p [p] | test.cpp:76:20:76:29 | *call to mk_array_p [p] | provenance |  |
+| test.cpp:67:10:67:19 | **mk_array_p [p] | test.cpp:98:18:98:27 | *call to mk_array_p [p] | provenance |  |
+| test.cpp:69:5:69:7 | *arr [post update] [p] | test.cpp:70:5:70:7 | *arr [p] | provenance |  |
+| test.cpp:69:5:69:25 | ... = ... | test.cpp:69:5:69:7 | *arr [post update] [p] | provenance |  |
+| test.cpp:69:14:69:19 | call to malloc | test.cpp:69:5:69:25 | ... = ... | provenance |  |
+| test.cpp:70:5:70:7 | *arr [p] | test.cpp:67:10:67:19 | **mk_array_p [p] | provenance |  |
+| test.cpp:76:20:76:29 | *call to mk_array_p [p] | test.cpp:79:9:79:11 | *arr [p] | provenance |  |
+| test.cpp:76:20:76:29 | *call to mk_array_p [p] | test.cpp:83:9:83:11 | *arr [p] | provenance |  |
+| test.cpp:79:9:79:11 | *arr [p] | test.cpp:79:14:79:14 | p | provenance |  |
+| test.cpp:83:9:83:11 | *arr [p] | test.cpp:83:14:83:14 | p | provenance |  |
+| test.cpp:87:28:87:30 | *arr [p] | test.cpp:89:9:89:11 | *arr [p] | provenance |  |
+| test.cpp:87:28:87:30 | *arr [p] | test.cpp:93:9:93:11 | *arr [p] | provenance |  |
+| test.cpp:89:9:89:11 | *arr [p] | test.cpp:89:14:89:14 | p | provenance |  |
+| test.cpp:93:9:93:11 | *arr [p] | test.cpp:93:14:93:14 | p | provenance |  |
+| test.cpp:98:18:98:27 | *call to mk_array_p [p] | test.cpp:87:28:87:30 | *arr [p] | provenance |  |
 nodes
 | test.cpp:4:17:4:22 | call to malloc | semmle.label | call to malloc |
 | test.cpp:6:9:6:11 | arr | semmle.label | arr |