github
diff --git a/‎cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll‎
Lines changed: 4 additions & 0 deletions b/‎cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected‎
Lines changed: 4 additions & 4 deletions b/‎cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎cpp/ql/test/library-tests/dataflow/fields/dataflow-ir-consistency.expected‎
Lines changed: 6 additions & 6 deletions b/‎cpp/ql/test/library-tests/dataflow/fields/dataflow-ir-consistency.expected‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected‎
Lines changed: 944 additions & 944 deletions b/‎cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected‎
Lines changed: 944 additions & 944 deletions
diff --git a/‎cpp/ql/test/library-tests/syntax-zoo/dataflow-ir-consistency.expected‎
Lines changed: 167 additions & 73 deletions b/‎cpp/ql/test/library-tests/syntax-zoo/dataflow-ir-consistency.expected‎
Lines changed: 167 additions & 73 deletions
diff --git a/‎cpp/ql/test/query-tests/Security/CWE/CWE-022/SAMATE/TaintedPath/TaintedPath.expected‎
Lines changed: 3 additions & 3 deletions b/‎cpp/ql/test/query-tests/Security/CWE/CWE-022/SAMATE/TaintedPath/TaintedPath.expected‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/TaintedPath.expected‎
Lines changed: 18 additions & 18 deletions b/‎cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/TaintedPath.expected‎
Lines changed: 18 additions & 18 deletions
diff --git a/‎cpp/ql/test/query-tests/Security/CWE/CWE-078/SAMATE/ExecTainted/ExecTainted.expected‎
Lines changed: 9 additions & 9 deletions b/‎cpp/ql/test/query-tests/Security/CWE/CWE-078/SAMATE/ExecTainted/ExecTainted.expected‎
Lines changed: 9 additions & 9 deletions
@@ -363,6 +363,8 @@ class InstructionNode extends Node0 {
 
   /** Gets the instruction corresponding to this node. */
   Instruction getInstruction() { result = instr }
+
+  override string toStringImpl() { result = instr.getAst().toString() }
 }
 
 /**
@@ -376,6 +378,8 @@ class OperandNode extends Node, Node0 {
 
   /** Gets the operand corresponding to this node. */
   Operand getOperand() { result = node.getOperand() }
+
+  override string toStringImpl() { result = op.getDef().getAst().toString() }
 }
 
 /**
 
@@ -1,8 +1,8 @@
 uniqueEnclosingCallable
-| globals.cpp:9:5:9:19 | VariableAddress indirection | Node should have one enclosing callable but has 0. |
-| globals.cpp:9:5:9:19 | VariableAddress indirection | Node should have one enclosing callable but has 0. |
-| globals.cpp:16:12:16:26 | VariableAddress indirection | Node should have one enclosing callable but has 0. |
-| globals.cpp:16:12:16:26 | VariableAddress indirection | Node should have one enclosing callable but has 0. |
+| globals.cpp:9:5:9:19 | flowTestGlobal1 indirection | Node should have one enclosing callable but has 0. |
+| globals.cpp:9:5:9:19 | flowTestGlobal1 indirection | Node should have one enclosing callable but has 0. |
+| globals.cpp:16:12:16:26 | flowTestGlobal2 indirection | Node should have one enclosing callable but has 0. |
+| globals.cpp:16:12:16:26 | flowTestGlobal2 indirection | Node should have one enclosing callable but has 0. |
 uniqueType
 uniqueNodeLocation
 | BarrierGuard.cpp:2:11:2:13 | (unnamed parameter 0) | Node should have one location but has 6. |
 
@@ -33,10 +33,10 @@ postIsNotPre
 | D.cpp:56:15:56:24 | new indirection | PostUpdateNode should not equal its pre-update node. |
 postHasUniquePre
 uniquePostUpdate
-| aliasing.cpp:70:11:70:11 | VariableAddress indirection | Node has multiple PostUpdateNodes. |
-| aliasing.cpp:77:11:77:11 | VariableAddress indirection | Node has multiple PostUpdateNodes. |
-| aliasing.cpp:84:11:84:11 | VariableAddress indirection | Node has multiple PostUpdateNodes. |
-| aliasing.cpp:91:11:91:11 | VariableAddress indirection | Node has multiple PostUpdateNodes. |
+| aliasing.cpp:70:11:70:11 | definition of w indirection | Node has multiple PostUpdateNodes. |
+| aliasing.cpp:77:11:77:11 | definition of w indirection | Node has multiple PostUpdateNodes. |
+| aliasing.cpp:84:11:84:11 | definition of w indirection | Node has multiple PostUpdateNodes. |
+| aliasing.cpp:91:11:91:11 | definition of w indirection | Node has multiple PostUpdateNodes. |
 | complex.cpp:22:3:22:5 | this indirection | Node has multiple PostUpdateNodes. |
 | complex.cpp:25:7:25:7 | this indirection | Node has multiple PostUpdateNodes. |
 | complex.cpp:42:10:42:14 | inner indirection | Node has multiple PostUpdateNodes. |
@@ -45,8 +45,8 @@ uniquePostUpdate
 | complex.cpp:54:6:54:10 | inner indirection | Node has multiple PostUpdateNodes. |
 | complex.cpp:55:6:55:10 | inner indirection | Node has multiple PostUpdateNodes. |
 | complex.cpp:56:6:56:10 | inner indirection | Node has multiple PostUpdateNodes. |
-| struct_init.c:26:16:26:20 | VariableAddress indirection | Node has multiple PostUpdateNodes. |
-| struct_init.c:41:16:41:20 | VariableAddress indirection | Node has multiple PostUpdateNodes. |
+| struct_init.c:26:16:26:20 | definition of outer indirection | Node has multiple PostUpdateNodes. |
+| struct_init.c:41:16:41:20 | definition of outer indirection | Node has multiple PostUpdateNodes. |
 postIsInSameCallable
 reverseRead
 argHasPostUpdate
 
@@ -1,8 +1,8 @@
 edges
-| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | fgets output argument | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | Convert indirection |
+| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | fgets output argument | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | (const char *)... indirection |
 nodes
 | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | fgets output argument | semmle.label | fgets output argument |
-| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | Convert indirection | semmle.label | Convert indirection |
+| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | (const char *)... indirection | semmle.label | (const char *)... indirection |
 subpaths
 #select
-| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | fgets output argument | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | Convert indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | fgets output argument | user input (string read by fgets) |
+| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | fgets output argument | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | (const char *)... indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | fgets output argument | user input (string read by fgets) |
@@ -1,32 +1,32 @@
 edges
-| test.c:8:27:8:30 | argv | test.c:17:11:17:18 | Convert indirection |
-| test.c:8:27:8:30 | argv indirection | test.c:17:11:17:18 | Convert indirection |
-| test.c:8:27:8:30 | argv indirection | test.c:17:11:17:18 | Convert indirection |
-| test.c:8:27:8:30 | argv indirection | test.c:32:11:32:18 | Convert indirection |
-| test.c:8:27:8:30 | argv indirection | test.c:32:11:32:18 | Convert indirection |
+| test.c:8:27:8:30 | argv | test.c:17:11:17:18 | (const char *)... indirection |
+| test.c:8:27:8:30 | argv indirection | test.c:17:11:17:18 | (const char *)... indirection |
+| test.c:8:27:8:30 | argv indirection | test.c:17:11:17:18 | (const char *)... indirection |
+| test.c:8:27:8:30 | argv indirection | test.c:32:11:32:18 | (const char *)... indirection |
+| test.c:8:27:8:30 | argv indirection | test.c:32:11:32:18 | (const char *)... indirection |
 | test.c:8:27:8:30 | argv indirection | test.c:57:10:57:16 | access to array indirection |
 | test.c:8:27:8:30 | argv indirection | test.c:57:10:57:16 | access to array indirection |
-| test.c:37:17:37:24 | scanf output argument | test.c:38:11:38:18 | Convert indirection |
-| test.c:43:17:43:24 | scanf output argument | test.c:44:11:44:18 | Convert indirection |
+| test.c:37:17:37:24 | scanf output argument | test.c:38:11:38:18 | (const char *)... indirection |
+| test.c:43:17:43:24 | scanf output argument | test.c:44:11:44:18 | (const char *)... indirection |
 nodes
 | test.c:8:27:8:30 | argv | semmle.label | argv |
 | test.c:8:27:8:30 | argv indirection | semmle.label | argv indirection |
 | test.c:8:27:8:30 | argv indirection | semmle.label | argv indirection |
-| test.c:17:11:17:18 | Convert indirection | semmle.label | Convert indirection |
-| test.c:32:11:32:18 | Convert indirection | semmle.label | Convert indirection |
+| test.c:17:11:17:18 | (const char *)... indirection | semmle.label | (const char *)... indirection |
+| test.c:32:11:32:18 | (const char *)... indirection | semmle.label | (const char *)... indirection |
 | test.c:37:17:37:24 | scanf output argument | semmle.label | scanf output argument |
-| test.c:38:11:38:18 | Convert indirection | semmle.label | Convert indirection |
+| test.c:38:11:38:18 | (const char *)... indirection | semmle.label | (const char *)... indirection |
 | test.c:43:17:43:24 | scanf output argument | semmle.label | scanf output argument |
-| test.c:44:11:44:18 | Convert indirection | semmle.label | Convert indirection |
+| test.c:44:11:44:18 | (const char *)... indirection | semmle.label | (const char *)... indirection |
 | test.c:57:10:57:16 | access to array indirection | semmle.label | access to array indirection |
 subpaths
 #select
-| test.c:17:11:17:18 | fileName | test.c:8:27:8:30 | argv | test.c:17:11:17:18 | Convert indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:8:27:8:30 | argv | user input (a command-line argument) |
-| test.c:17:11:17:18 | fileName | test.c:8:27:8:30 | argv indirection | test.c:17:11:17:18 | Convert indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:8:27:8:30 | argv indirection | user input (a command-line argument) |
-| test.c:17:11:17:18 | fileName | test.c:8:27:8:30 | argv indirection | test.c:17:11:17:18 | Convert indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:8:27:8:30 | argv indirection | user input (a command-line argument) |
-| test.c:32:11:32:18 | fileName | test.c:8:27:8:30 | argv indirection | test.c:32:11:32:18 | Convert indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:8:27:8:30 | argv indirection | user input (a command-line argument) |
-| test.c:32:11:32:18 | fileName | test.c:8:27:8:30 | argv indirection | test.c:32:11:32:18 | Convert indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:8:27:8:30 | argv indirection | user input (a command-line argument) |
-| test.c:38:11:38:18 | fileName | test.c:37:17:37:24 | scanf output argument | test.c:38:11:38:18 | Convert indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:37:17:37:24 | scanf output argument | user input (value read by scanf) |
-| test.c:44:11:44:18 | fileName | test.c:43:17:43:24 | scanf output argument | test.c:44:11:44:18 | Convert indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:43:17:43:24 | scanf output argument | user input (value read by scanf) |
+| test.c:17:11:17:18 | fileName | test.c:8:27:8:30 | argv | test.c:17:11:17:18 | (const char *)... indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:8:27:8:30 | argv | user input (a command-line argument) |
+| test.c:17:11:17:18 | fileName | test.c:8:27:8:30 | argv indirection | test.c:17:11:17:18 | (const char *)... indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:8:27:8:30 | argv indirection | user input (a command-line argument) |
+| test.c:17:11:17:18 | fileName | test.c:8:27:8:30 | argv indirection | test.c:17:11:17:18 | (const char *)... indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:8:27:8:30 | argv indirection | user input (a command-line argument) |
+| test.c:32:11:32:18 | fileName | test.c:8:27:8:30 | argv indirection | test.c:32:11:32:18 | (const char *)... indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:8:27:8:30 | argv indirection | user input (a command-line argument) |
+| test.c:32:11:32:18 | fileName | test.c:8:27:8:30 | argv indirection | test.c:32:11:32:18 | (const char *)... indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:8:27:8:30 | argv indirection | user input (a command-line argument) |
+| test.c:38:11:38:18 | fileName | test.c:37:17:37:24 | scanf output argument | test.c:38:11:38:18 | (const char *)... indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:37:17:37:24 | scanf output argument | user input (value read by scanf) |
+| test.c:44:11:44:18 | fileName | test.c:43:17:43:24 | scanf output argument | test.c:44:11:44:18 | (const char *)... indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:43:17:43:24 | scanf output argument | user input (value read by scanf) |
 | test.c:57:10:57:16 | access to array | test.c:8:27:8:30 | argv indirection | test.c:57:10:57:16 | access to array indirection | This argument to a file access function is derived from $@ and then passed to read(fileName), which calls fopen(filename). | test.c:8:27:8:30 | argv indirection | user input (a command-line argument) |
 | test.c:57:10:57:16 | access to array | test.c:8:27:8:30 | argv indirection | test.c:57:10:57:16 | access to array indirection | This argument to a file access function is derived from $@ and then passed to read(fileName), which calls fopen(filename). | test.c:8:27:8:30 | argv indirection | user input (a command-line argument) |
@@ -1,16 +1,16 @@
 edges
-| tests.cpp:26:15:26:23 | VariableAddress indirection | tests.cpp:51:12:51:20 | call to badSource indirection |
-| tests.cpp:33:34:33:39 | call to getenv indirection | tests.cpp:38:39:38:49 | Convert indirection |
-| tests.cpp:38:25:38:36 | strncat output argument | tests.cpp:26:15:26:23 | VariableAddress indirection |
-| tests.cpp:38:39:38:49 | Convert indirection | tests.cpp:38:25:38:36 | strncat output argument |
-| tests.cpp:51:12:51:20 | call to badSource indirection | tests.cpp:53:16:53:19 | Convert indirection |
+| tests.cpp:26:15:26:23 | badSource indirection | tests.cpp:51:12:51:20 | call to badSource indirection |
+| tests.cpp:33:34:33:39 | call to getenv indirection | tests.cpp:38:39:38:49 | (const char *)... indirection |
+| tests.cpp:38:25:38:36 | strncat output argument | tests.cpp:26:15:26:23 | badSource indirection |
+| tests.cpp:38:39:38:49 | (const char *)... indirection | tests.cpp:38:25:38:36 | strncat output argument |
+| tests.cpp:51:12:51:20 | call to badSource indirection | tests.cpp:53:16:53:19 | (const char *)... indirection |
 nodes
-| tests.cpp:26:15:26:23 | VariableAddress indirection | semmle.label | VariableAddress indirection |
+| tests.cpp:26:15:26:23 | badSource indirection | semmle.label | badSource indirection |
 | tests.cpp:33:34:33:39 | call to getenv indirection | semmle.label | call to getenv indirection |
 | tests.cpp:38:25:38:36 | strncat output argument | semmle.label | strncat output argument |
-| tests.cpp:38:39:38:49 | Convert indirection | semmle.label | Convert indirection |
+| tests.cpp:38:39:38:49 | (const char *)... indirection | semmle.label | (const char *)... indirection |
 | tests.cpp:51:12:51:20 | call to badSource indirection | semmle.label | call to badSource indirection |
-| tests.cpp:53:16:53:19 | Convert indirection | semmle.label | Convert indirection |
+| tests.cpp:53:16:53:19 | (const char *)... indirection | semmle.label | (const char *)... indirection |
 subpaths
 #select
-| tests.cpp:53:16:53:19 | data | tests.cpp:33:34:33:39 | call to getenv indirection | tests.cpp:53:16:53:19 | Convert indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | tests.cpp:33:34:33:39 | call to getenv indirection | user input (an environment variable) | tests.cpp:38:25:38:36 | strncat output argument | strncat output argument |
+| tests.cpp:53:16:53:19 | data | tests.cpp:33:34:33:39 | call to getenv indirection | tests.cpp:53:16:53:19 | (const char *)... indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | tests.cpp:33:34:33:39 | call to getenv indirection | user input (an environment variable) | tests.cpp:38:25:38:36 | strncat output argument | strncat output argument |
Original file line number	Diff line number	Diff line change
`@@ -363,6 +363,8 @@ class InstructionNode extends Node0 {`
`363`	`363`
`364`	`364`	`/** Gets the instruction corresponding to this node. */`
`365`	`365`	`Instruction getInstruction() { result = instr }`
	`366`	`+`
	`367`	`+ override string toStringImpl() { result = instr.getAst().toString() }`
`366`	`368`	`}`
`367`	`369`
`368`	`370`	`/**`
`@@ -376,6 +378,8 @@ class OperandNode extends Node, Node0 {`
`376`	`378`
`377`	`379`	`/** Gets the operand corresponding to this node. */`
`378`	`380`	`Operand getOperand() { result = node.getOperand() }`
	`381`	`+`
	`382`	`+ override string toStringImpl() { result = op.getDef().getAst().toString() }`
`379`	`383`	`}`
`380`	`384`
`381`	`385`	`/**`