Hello!

Context: I'm using CodeQL to feed into another security analysis tool, in a way that's different from normal usage. The main challenge I'm having is taking a function that CodeQL has found, and then finding that same function again during an LLVM pass. If there's a better way of doing this, please let me know!

Is there a way to get the C++ mangled name of a function? This seems to be the best way for my use case. I see calls to 'mangled_name' like here, but haven't been able to call that function myself. I believe this is based on the CodeQL dbschema, which I haven't been able to access myself, and I'm not sure is an intended us.

Motivating example:
This all comes from CodeQL only finding the untemplated version of a function in Hermes. I have tried to get a simplified test case, but have not been able to recreate the issue in my own code.

CodeQL:

import cpp
import semmle.code.cpp.Print

from Function f
where f.getName().matches("%onsumeAtom%")
select getIdentityString(f)

On command line:

Starting evaluation of temp.ql.
Evaluation completed (5.8s).
|                                    col0                                     |
+-----------------------------------------------------------------------------+
| void hermes::regex::Parser<RegexType, ForwardIterator>::consumeAtomEscape() |
Shutting down query evaluator.

My LLVM pass finds the function hermes::regex::Parser<hermes::regex::Regex<hermes::regex::UTF16RegexTraits>, char16_t const*>::consumeAtomEscape(), with the template resolved.

In general, it seems that the CodeQL function getIdentityString resolves templates, but not in this case.