From b2f05c7301dfd17a500fa1fd686af97743f26d3e Mon Sep 17 00:00:00 2001
From: Tom Hvitved <hvitved@github.com>
Date: Tue, 10 Dec 2024 20:02:51 +0100
Subject: [PATCH] wip

---
 .../semmle/tests/OverflowDestination.expected |  4 ---
 .../dataflow/global/DataFlowPath.expected     |  6 ----
 .../global/TaintTrackingPath.expected         |  6 ----
 .../reverse-flow/ReverseFlow.expected         | 36 -------------------
 .../frameworks/GoMicro/LogInjection.expected  |  8 -----
 .../frameworks/Twirp/RequestForgery.expected  | 24 -------------
 .../dataflow/capture/inlinetest.expected      | 13 -------
 .../dataflow/capture/test.expected            |  2 --
 .../dataflow/partial/test.expected            |  2 --
 .../codeql/dataflow/internal/DataFlowImpl.qll | 10 +++---
 .../dataflow/internal/DataFlowImplCommon.qll  |  2 +-
 11 files changed, 6 insertions(+), 107 deletions(-)

diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected
index 4b564a924395c..d913797370730 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected
@@ -5,7 +5,6 @@ edges
 | overflowdestination.cpp:27:2:27:15 | *... = ... | overflowdestination.cpp:30:17:30:20 | *arg1 | provenance |  |
 | overflowdestination.cpp:43:8:43:10 | fgets output argument | overflowdestination.cpp:46:15:46:17 | *src | provenance |  |
 | overflowdestination.cpp:50:52:50:54 | *src | overflowdestination.cpp:50:52:50:54 | *src | provenance |  |
-| overflowdestination.cpp:50:52:50:54 | *src | overflowdestination.cpp:50:52:50:54 | *src [Reverse] | provenance | DataFlowFunction |
 | overflowdestination.cpp:50:52:50:54 | *src | overflowdestination.cpp:53:15:53:17 | *src | provenance |  |
 | overflowdestination.cpp:57:52:57:54 | *src | overflowdestination.cpp:60:15:60:17 | *src | provenance |  |
 | overflowdestination.cpp:60:15:60:17 | *src | overflowdestination.cpp:64:16:64:19 | *src2 | provenance |  |
@@ -13,7 +12,6 @@ edges
 | overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:76:30:76:32 | *src | provenance |  |
 | overflowdestination.cpp:75:30:75:32 | *src | overflowdestination.cpp:50:52:50:54 | *src | provenance |  |
 | overflowdestination.cpp:75:30:75:32 | *src | overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument | provenance |  |
-| overflowdestination.cpp:75:30:75:32 | *src | overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument | provenance | DataFlowFunction |
 | overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument | overflowdestination.cpp:76:30:76:32 | *src | provenance |  |
 | overflowdestination.cpp:76:30:76:32 | *src | overflowdestination.cpp:57:52:57:54 | *src | provenance |  |
 nodes
@@ -26,7 +24,6 @@ nodes
 | overflowdestination.cpp:46:15:46:17 | *src | semmle.label | *src |
 | overflowdestination.cpp:50:52:50:54 | *src | semmle.label | *src |
 | overflowdestination.cpp:50:52:50:54 | *src | semmle.label | *src |
-| overflowdestination.cpp:50:52:50:54 | *src [Reverse] | semmle.label | *src [Reverse] |
 | overflowdestination.cpp:53:15:53:17 | *src | semmle.label | *src |
 | overflowdestination.cpp:57:52:57:54 | *src | semmle.label | *src |
 | overflowdestination.cpp:60:15:60:17 | *src | semmle.label | *src |
@@ -37,7 +34,6 @@ nodes
 | overflowdestination.cpp:76:30:76:32 | *src | semmle.label | *src |
 subpaths
 | overflowdestination.cpp:75:30:75:32 | *src | overflowdestination.cpp:50:52:50:54 | *src | overflowdestination.cpp:50:52:50:54 | *src | overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument |
-| overflowdestination.cpp:75:30:75:32 | *src | overflowdestination.cpp:50:52:50:54 | *src | overflowdestination.cpp:50:52:50:54 | *src [Reverse] | overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument |
 #select
 | overflowdestination.cpp:30:2:30:8 | call to strncpy | main.cpp:6:27:6:30 | **argv | overflowdestination.cpp:30:17:30:20 | *arg1 | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
 | overflowdestination.cpp:46:2:46:7 | call to memcpy | overflowdestination.cpp:43:8:43:10 | fgets output argument | overflowdestination.cpp:46:15:46:17 | *src | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
diff --git a/csharp/ql/test/library-tests/dataflow/global/DataFlowPath.expected b/csharp/ql/test/library-tests/dataflow/global/DataFlowPath.expected
index 40d9fc13fa9a5..9b1aeb058703e 100644
--- a/csharp/ql/test/library-tests/dataflow/global/DataFlowPath.expected
+++ b/csharp/ql/test/library-tests/dataflow/global/DataFlowPath.expected
@@ -45,8 +45,6 @@ edges
 | Capture.cs:92:30:92:40 | [post] access to local variable captureOut3 : (...) => ... [captured sink32] : String | Capture.cs:93:15:93:20 | access to local variable sink32 | provenance |  |
 | Capture.cs:114:23:117:13 | [post] (...) => ... : (...) => ... [captured sink40] : String | Capture.cs:123:9:123:33 | [post] access to local function CaptureOutMultipleLambdas : CaptureOutMultipleLambdas [captured sink40] : String | provenance |  |
 | Capture.cs:116:26:116:39 | "taint source" : String | Capture.cs:352:9:352:9 | [post] access to parameter a : (...) => ... [captured sink40] : String | provenance |  |
-| Capture.cs:116:26:116:39 | "taint source" : String | Capture.cs:352:9:352:9 | access to parameter a [Reverse] : (...) => ... [captured sink40] : String | provenance |  |
-| Capture.cs:116:26:116:39 | "taint source" : String | Capture.cs:352:9:352:9 | access to parameter a [Reverse] : (...) => ... [captured sink40] : String | provenance |  |
 | Capture.cs:123:9:123:33 | [post] access to local function CaptureOutMultipleLambdas : CaptureOutMultipleLambdas [captured sink40] : String | Capture.cs:124:15:124:20 | access to local variable sink40 | provenance |  |
 | Capture.cs:127:25:127:31 | tainted : String | Capture.cs:134:9:134:23 | access to local function CaptureThrough1 : CaptureThrough1 [captured tainted] : String | provenance |  |
 | Capture.cs:127:25:127:31 | tainted : String | Capture.cs:146:9:146:23 | access to local function CaptureThrough2 : CaptureThrough2 [captured tainted] : String | provenance |  |
@@ -149,8 +147,6 @@ edges
 | Capture.cs:352:9:352:9 | access to parameter a : (...) => ... [captured s] : String | Capture.cs:217:19:217:19 | access to parameter s | provenance |  |
 | Capture.cs:352:9:352:9 | access to parameter a : (...) => ... [captured sink39] : String | Capture.cs:55:27:58:17 | (...) => ... : (...) => ... [captured sink39] : String | provenance |  |
 | Capture.cs:352:9:352:9 | access to parameter a : (...) => ... [captured sink39] : String | Capture.cs:57:27:57:32 | access to parameter sink39 | provenance |  |
-| Capture.cs:352:9:352:9 | access to parameter a [Reverse] : (...) => ... [captured sink40] : String | Capture.cs:350:34:350:34 | a [Reverse] : (...) => ... [captured sink40] : String | provenance |  |
-| Capture.cs:352:9:352:9 | access to parameter a [Reverse] : (...) => ... [captured sink40] : String | Capture.cs:350:34:350:34 | a [Reverse] : (...) => ... [captured sink40] : String | provenance |  |
 | Capture.cs:355:45:355:45 | x : String | Capture.cs:357:11:357:11 | access to parameter x : String | provenance |  |
 | Capture.cs:357:11:357:11 | access to parameter x : String | Capture.cs:273:19:273:19 | x : String | provenance |  |
 | GlobalDataFlow.cs:18:9:18:23 | access to field SinkField0 : String | GlobalDataFlow.cs:19:15:19:29 | access to field SinkField0 | provenance |  |
@@ -654,8 +650,6 @@ nodes
 | Capture.cs:352:9:352:9 | access to parameter a : (...) => ... [captured s] : String | semmle.label | access to parameter a : (...) => ... [captured s] : String |
 | Capture.cs:352:9:352:9 | access to parameter a : (...) => ... [captured sink39] : String | semmle.label | access to parameter a : (...) => ... [captured sink39] : String |
 | Capture.cs:352:9:352:9 | access to parameter a : (...) => ... [captured sink39] : String | semmle.label | access to parameter a : (...) => ... [captured sink39] : String |
-| Capture.cs:352:9:352:9 | access to parameter a [Reverse] : (...) => ... [captured sink40] : String | semmle.label | access to parameter a [Reverse] : (...) => ... [captured sink40] : String |
-| Capture.cs:352:9:352:9 | access to parameter a [Reverse] : (...) => ... [captured sink40] : String | semmle.label | access to parameter a [Reverse] : (...) => ... [captured sink40] : String |
 | Capture.cs:355:45:355:45 | x : String | semmle.label | x : String |
 | Capture.cs:357:11:357:11 | access to parameter x : String | semmle.label | access to parameter x : String |
 | GlobalDataFlow.cs:18:9:18:23 | access to field SinkField0 : String | semmle.label | access to field SinkField0 : String |
diff --git a/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected b/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected
index 4649d24ae20a2..9a1f1e58b3c74 100644
--- a/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected
+++ b/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected
@@ -55,8 +55,6 @@ edges
 | Capture.cs:92:30:92:40 | [post] access to local variable captureOut3 : (...) => ... [captured sink32] : String | Capture.cs:93:15:93:20 | access to local variable sink32 | provenance |  |
 | Capture.cs:114:23:117:13 | [post] (...) => ... : (...) => ... [captured sink40] : String | Capture.cs:123:9:123:33 | [post] access to local function CaptureOutMultipleLambdas : CaptureOutMultipleLambdas [captured sink40] : String | provenance |  |
 | Capture.cs:116:26:116:39 | "taint source" : String | Capture.cs:352:9:352:9 | [post] access to parameter a : (...) => ... [captured sink40] : String | provenance |  |
-| Capture.cs:116:26:116:39 | "taint source" : String | Capture.cs:352:9:352:9 | access to parameter a [Reverse] : (...) => ... [captured sink40] : String | provenance |  |
-| Capture.cs:116:26:116:39 | "taint source" : String | Capture.cs:352:9:352:9 | access to parameter a [Reverse] : (...) => ... [captured sink40] : String | provenance |  |
 | Capture.cs:123:9:123:33 | [post] access to local function CaptureOutMultipleLambdas : CaptureOutMultipleLambdas [captured sink40] : String | Capture.cs:124:15:124:20 | access to local variable sink40 | provenance |  |
 | Capture.cs:127:25:127:31 | tainted : String | Capture.cs:134:9:134:23 | access to local function CaptureThrough1 : CaptureThrough1 [captured tainted] : String | provenance |  |
 | Capture.cs:127:25:127:31 | tainted : String | Capture.cs:146:9:146:23 | access to local function CaptureThrough2 : CaptureThrough2 [captured tainted] : String | provenance |  |
@@ -159,8 +157,6 @@ edges
 | Capture.cs:352:9:352:9 | access to parameter a : (...) => ... [captured s] : String | Capture.cs:217:19:217:19 | access to parameter s | provenance |  |
 | Capture.cs:352:9:352:9 | access to parameter a : (...) => ... [captured sink39] : String | Capture.cs:55:27:58:17 | (...) => ... : (...) => ... [captured sink39] : String | provenance |  |
 | Capture.cs:352:9:352:9 | access to parameter a : (...) => ... [captured sink39] : String | Capture.cs:57:27:57:32 | access to parameter sink39 | provenance |  |
-| Capture.cs:352:9:352:9 | access to parameter a [Reverse] : (...) => ... [captured sink40] : String | Capture.cs:350:34:350:34 | a [Reverse] : (...) => ... [captured sink40] : String | provenance |  |
-| Capture.cs:352:9:352:9 | access to parameter a [Reverse] : (...) => ... [captured sink40] : String | Capture.cs:350:34:350:34 | a [Reverse] : (...) => ... [captured sink40] : String | provenance |  |
 | Capture.cs:355:45:355:45 | x : String | Capture.cs:357:11:357:11 | access to parameter x : String | provenance |  |
 | Capture.cs:357:11:357:11 | access to parameter x : String | Capture.cs:273:19:273:19 | x : String | provenance |  |
 | GlobalDataFlow.cs:18:9:18:23 | access to field SinkField0 : String | GlobalDataFlow.cs:19:15:19:29 | access to field SinkField0 | provenance |  |
@@ -724,8 +720,6 @@ nodes
 | Capture.cs:352:9:352:9 | access to parameter a : (...) => ... [captured s] : String | semmle.label | access to parameter a : (...) => ... [captured s] : String |
 | Capture.cs:352:9:352:9 | access to parameter a : (...) => ... [captured sink39] : String | semmle.label | access to parameter a : (...) => ... [captured sink39] : String |
 | Capture.cs:352:9:352:9 | access to parameter a : (...) => ... [captured sink39] : String | semmle.label | access to parameter a : (...) => ... [captured sink39] : String |
-| Capture.cs:352:9:352:9 | access to parameter a [Reverse] : (...) => ... [captured sink40] : String | semmle.label | access to parameter a [Reverse] : (...) => ... [captured sink40] : String |
-| Capture.cs:352:9:352:9 | access to parameter a [Reverse] : (...) => ... [captured sink40] : String | semmle.label | access to parameter a [Reverse] : (...) => ... [captured sink40] : String |
 | Capture.cs:355:45:355:45 | x : String | semmle.label | x : String |
 | Capture.cs:357:11:357:11 | access to parameter x : String | semmle.label | access to parameter x : String |
 | GlobalDataFlow.cs:18:9:18:23 | access to field SinkField0 : String | semmle.label | access to field SinkField0 : String |
diff --git a/csharp/ql/test/library-tests/dataflow/reverse-flow/ReverseFlow.expected b/csharp/ql/test/library-tests/dataflow/reverse-flow/ReverseFlow.expected
index 094bd412c3ef1..d899ddc7cb174 100644
--- a/csharp/ql/test/library-tests/dataflow/reverse-flow/ReverseFlow.expected
+++ b/csharp/ql/test/library-tests/dataflow/reverse-flow/ReverseFlow.expected
@@ -16,16 +16,8 @@ edges
 | ReverseFlow.cs:16:17:16:24 | access to field Nested [Reverse] : A [field Field] : String | ReverseFlow.cs:16:17:16:17 | access to parameter a [Reverse] : A [field Nested, field Field] : String | provenance |  |
 | ReverseFlow.cs:17:12:17:12 | [post] access to local variable b : A [field Field] : String | ReverseFlow.cs:16:13:16:13 | access to local variable b [Reverse] : A [field Field] : String | provenance |  |
 | ReverseFlow.cs:17:12:17:12 | [post] access to local variable b : A [field Field] : String | ReverseFlow.cs:16:13:16:13 | access to local variable b [Reverse] : A [field Field] : String | provenance |  |
-| ReverseFlow.cs:17:12:17:12 | access to local variable b [Reverse] : A [field Field] : String | ReverseFlow.cs:16:13:16:13 | access to local variable b [Reverse] : A [field Field] : String | provenance |  |
-| ReverseFlow.cs:17:12:17:12 | access to local variable b [Reverse] : A [field Field] : String | ReverseFlow.cs:16:13:16:13 | access to local variable b [Reverse] : A [field Field] : String | provenance |  |
-| ReverseFlow.cs:17:12:17:12 | access to local variable b [Reverse] : A [field Field] : String | ReverseFlow.cs:16:13:16:13 | access to local variable b [Reverse] : A [field Field] : String | provenance |  |
-| ReverseFlow.cs:17:12:17:12 | access to local variable b [Reverse] : A [field Field] : String | ReverseFlow.cs:16:13:16:13 | access to local variable b [Reverse] : A [field Field] : String | provenance |  |
 | ReverseFlow.cs:20:22:20:22 | a [Reverse] : A [field Field] : String | ReverseFlow.cs:17:12:17:12 | [post] access to local variable b : A [field Field] : String | provenance |  |
 | ReverseFlow.cs:20:22:20:22 | a [Reverse] : A [field Field] : String | ReverseFlow.cs:17:12:17:12 | [post] access to local variable b : A [field Field] : String | provenance |  |
-| ReverseFlow.cs:20:22:20:22 | a [Reverse] : A [field Field] : String | ReverseFlow.cs:17:12:17:12 | access to local variable b [Reverse] : A [field Field] : String | provenance |  |
-| ReverseFlow.cs:20:22:20:22 | a [Reverse] : A [field Field] : String | ReverseFlow.cs:17:12:17:12 | access to local variable b [Reverse] : A [field Field] : String | provenance |  |
-| ReverseFlow.cs:20:22:20:22 | a [Reverse] : A [field Field] : String | ReverseFlow.cs:17:12:17:12 | access to local variable b [Reverse] : A [field Field] : String | provenance |  |
-| ReverseFlow.cs:20:22:20:22 | a [Reverse] : A [field Field] : String | ReverseFlow.cs:17:12:17:12 | access to local variable b [Reverse] : A [field Field] : String | provenance |  |
 | ReverseFlow.cs:22:9:22:9 | [post] access to parameter a : A [field Field] : String | ReverseFlow.cs:20:22:20:22 | a [Reverse] : A [field Field] : String | provenance |  |
 | ReverseFlow.cs:22:9:22:9 | [post] access to parameter a : A [field Field] : String | ReverseFlow.cs:20:22:20:22 | a [Reverse] : A [field Field] : String | provenance |  |
 | ReverseFlow.cs:22:19:22:35 | call to method Source<String> : String | ReverseFlow.cs:22:9:22:9 | [post] access to parameter a : A [field Field] : String | provenance |  |
@@ -46,16 +38,8 @@ edges
 | ReverseFlow.cs:33:17:33:27 | access to field Nested [Reverse] : A [field Field] : String | ReverseFlow.cs:33:17:33:20 | this access [Reverse] : A [field Nested, field Field] : String | provenance |  |
 | ReverseFlow.cs:34:9:34:9 | [post] access to local variable b : A [field Field] : String | ReverseFlow.cs:33:13:33:13 | access to local variable b [Reverse] : A [field Field] : String | provenance |  |
 | ReverseFlow.cs:34:9:34:9 | [post] access to local variable b : A [field Field] : String | ReverseFlow.cs:33:13:33:13 | access to local variable b [Reverse] : A [field Field] : String | provenance |  |
-| ReverseFlow.cs:34:9:34:9 | access to local variable b [Reverse] : A [field Field] : String | ReverseFlow.cs:33:13:33:13 | access to local variable b [Reverse] : A [field Field] : String | provenance |  |
-| ReverseFlow.cs:34:9:34:9 | access to local variable b [Reverse] : A [field Field] : String | ReverseFlow.cs:33:13:33:13 | access to local variable b [Reverse] : A [field Field] : String | provenance |  |
-| ReverseFlow.cs:34:9:34:9 | access to local variable b [Reverse] : A [field Field] : String | ReverseFlow.cs:33:13:33:13 | access to local variable b [Reverse] : A [field Field] : String | provenance |  |
-| ReverseFlow.cs:34:9:34:9 | access to local variable b [Reverse] : A [field Field] : String | ReverseFlow.cs:33:13:33:13 | access to local variable b [Reverse] : A [field Field] : String | provenance |  |
 | ReverseFlow.cs:37:17:37:18 | this [Reverse] : A [field Field] : String | ReverseFlow.cs:34:9:34:9 | [post] access to local variable b : A [field Field] : String | provenance |  |
 | ReverseFlow.cs:37:17:37:18 | this [Reverse] : A [field Field] : String | ReverseFlow.cs:34:9:34:9 | [post] access to local variable b : A [field Field] : String | provenance |  |
-| ReverseFlow.cs:37:17:37:18 | this [Reverse] : A [field Field] : String | ReverseFlow.cs:34:9:34:9 | access to local variable b [Reverse] : A [field Field] : String | provenance |  |
-| ReverseFlow.cs:37:17:37:18 | this [Reverse] : A [field Field] : String | ReverseFlow.cs:34:9:34:9 | access to local variable b [Reverse] : A [field Field] : String | provenance |  |
-| ReverseFlow.cs:37:17:37:18 | this [Reverse] : A [field Field] : String | ReverseFlow.cs:34:9:34:9 | access to local variable b [Reverse] : A [field Field] : String | provenance |  |
-| ReverseFlow.cs:37:17:37:18 | this [Reverse] : A [field Field] : String | ReverseFlow.cs:34:9:34:9 | access to local variable b [Reverse] : A [field Field] : String | provenance |  |
 | ReverseFlow.cs:39:9:39:12 | [post] this access : A [field Field] : String | ReverseFlow.cs:37:17:37:18 | this [Reverse] : A [field Field] : String | provenance |  |
 | ReverseFlow.cs:39:9:39:12 | [post] this access : A [field Field] : String | ReverseFlow.cs:37:17:37:18 | this [Reverse] : A [field Field] : String | provenance |  |
 | ReverseFlow.cs:39:22:39:38 | call to method Source<String> : String | ReverseFlow.cs:39:9:39:12 | [post] this access : A [field Field] : String | provenance |  |
@@ -72,16 +56,8 @@ edges
 | ReverseFlow.cs:52:20:52:20 | access to parameter a [Reverse] : A [field Field] : String | ReverseFlow.cs:49:22:49:22 | a [Reverse] : A [field Field] : String | provenance |  |
 | ReverseFlow.cs:53:12:53:12 | [post] access to local variable b : A [field Nested, field Field] : String | ReverseFlow.cs:52:9:52:9 | [post] access to local variable b [Reverse] : A [field Nested, field Field] : String | provenance |  |
 | ReverseFlow.cs:53:12:53:12 | [post] access to local variable b : A [field Nested, field Field] : String | ReverseFlow.cs:52:9:52:9 | [post] access to local variable b [Reverse] : A [field Nested, field Field] : String | provenance |  |
-| ReverseFlow.cs:53:12:53:12 | access to local variable b [Reverse] : A [field Nested, field Field] : String | ReverseFlow.cs:52:9:52:9 | [post] access to local variable b [Reverse] : A [field Nested, field Field] : String | provenance |  |
-| ReverseFlow.cs:53:12:53:12 | access to local variable b [Reverse] : A [field Nested, field Field] : String | ReverseFlow.cs:52:9:52:9 | [post] access to local variable b [Reverse] : A [field Nested, field Field] : String | provenance |  |
-| ReverseFlow.cs:53:12:53:12 | access to local variable b [Reverse] : A [field Nested, field Field] : String | ReverseFlow.cs:52:9:52:9 | [post] access to local variable b [Reverse] : A [field Nested, field Field] : String | provenance |  |
-| ReverseFlow.cs:53:12:53:12 | access to local variable b [Reverse] : A [field Nested, field Field] : String | ReverseFlow.cs:52:9:52:9 | [post] access to local variable b [Reverse] : A [field Nested, field Field] : String | provenance |  |
 | ReverseFlow.cs:56:22:56:22 | a [Reverse] : A [field Nested, field Field] : String | ReverseFlow.cs:53:12:53:12 | [post] access to local variable b : A [field Nested, field Field] : String | provenance |  |
 | ReverseFlow.cs:56:22:56:22 | a [Reverse] : A [field Nested, field Field] : String | ReverseFlow.cs:53:12:53:12 | [post] access to local variable b : A [field Nested, field Field] : String | provenance |  |
-| ReverseFlow.cs:56:22:56:22 | a [Reverse] : A [field Nested, field Field] : String | ReverseFlow.cs:53:12:53:12 | access to local variable b [Reverse] : A [field Nested, field Field] : String | provenance |  |
-| ReverseFlow.cs:56:22:56:22 | a [Reverse] : A [field Nested, field Field] : String | ReverseFlow.cs:53:12:53:12 | access to local variable b [Reverse] : A [field Nested, field Field] : String | provenance |  |
-| ReverseFlow.cs:56:22:56:22 | a [Reverse] : A [field Nested, field Field] : String | ReverseFlow.cs:53:12:53:12 | access to local variable b [Reverse] : A [field Nested, field Field] : String | provenance |  |
-| ReverseFlow.cs:56:22:56:22 | a [Reverse] : A [field Nested, field Field] : String | ReverseFlow.cs:53:12:53:12 | access to local variable b [Reverse] : A [field Nested, field Field] : String | provenance |  |
 | ReverseFlow.cs:58:9:58:9 | [post] access to parameter a : A [field Nested, field Field] : String | ReverseFlow.cs:56:22:56:22 | a [Reverse] : A [field Nested, field Field] : String | provenance |  |
 | ReverseFlow.cs:58:9:58:9 | [post] access to parameter a : A [field Nested, field Field] : String | ReverseFlow.cs:56:22:56:22 | a [Reverse] : A [field Nested, field Field] : String | provenance |  |
 | ReverseFlow.cs:58:9:58:16 | [post] access to field Nested : A [field Field] : String | ReverseFlow.cs:58:9:58:9 | [post] access to parameter a : A [field Nested, field Field] : String | provenance |  |
@@ -135,10 +111,6 @@ nodes
 | ReverseFlow.cs:16:17:16:24 | access to field Nested [Reverse] : A [field Field] : String | semmle.label | access to field Nested [Reverse] : A [field Field] : String |
 | ReverseFlow.cs:17:12:17:12 | [post] access to local variable b : A [field Field] : String | semmle.label | [post] access to local variable b : A [field Field] : String |
 | ReverseFlow.cs:17:12:17:12 | [post] access to local variable b : A [field Field] : String | semmle.label | [post] access to local variable b : A [field Field] : String |
-| ReverseFlow.cs:17:12:17:12 | access to local variable b [Reverse] : A [field Field] : String | semmle.label | access to local variable b [Reverse] : A [field Field] : String |
-| ReverseFlow.cs:17:12:17:12 | access to local variable b [Reverse] : A [field Field] : String | semmle.label | access to local variable b [Reverse] : A [field Field] : String |
-| ReverseFlow.cs:17:12:17:12 | access to local variable b [Reverse] : A [field Field] : String | semmle.label | access to local variable b [Reverse] : A [field Field] : String |
-| ReverseFlow.cs:17:12:17:12 | access to local variable b [Reverse] : A [field Field] : String | semmle.label | access to local variable b [Reverse] : A [field Field] : String |
 | ReverseFlow.cs:20:22:20:22 | a [Reverse] : A [field Field] : String | semmle.label | a [Reverse] : A [field Field] : String |
 | ReverseFlow.cs:20:22:20:22 | a [Reverse] : A [field Field] : String | semmle.label | a [Reverse] : A [field Field] : String |
 | ReverseFlow.cs:22:9:22:9 | [post] access to parameter a : A [field Field] : String | semmle.label | [post] access to parameter a : A [field Field] : String |
@@ -163,10 +135,6 @@ nodes
 | ReverseFlow.cs:33:17:33:27 | access to field Nested [Reverse] : A [field Field] : String | semmle.label | access to field Nested [Reverse] : A [field Field] : String |
 | ReverseFlow.cs:34:9:34:9 | [post] access to local variable b : A [field Field] : String | semmle.label | [post] access to local variable b : A [field Field] : String |
 | ReverseFlow.cs:34:9:34:9 | [post] access to local variable b : A [field Field] : String | semmle.label | [post] access to local variable b : A [field Field] : String |
-| ReverseFlow.cs:34:9:34:9 | access to local variable b [Reverse] : A [field Field] : String | semmle.label | access to local variable b [Reverse] : A [field Field] : String |
-| ReverseFlow.cs:34:9:34:9 | access to local variable b [Reverse] : A [field Field] : String | semmle.label | access to local variable b [Reverse] : A [field Field] : String |
-| ReverseFlow.cs:34:9:34:9 | access to local variable b [Reverse] : A [field Field] : String | semmle.label | access to local variable b [Reverse] : A [field Field] : String |
-| ReverseFlow.cs:34:9:34:9 | access to local variable b [Reverse] : A [field Field] : String | semmle.label | access to local variable b [Reverse] : A [field Field] : String |
 | ReverseFlow.cs:37:17:37:18 | this [Reverse] : A [field Field] : String | semmle.label | this [Reverse] : A [field Field] : String |
 | ReverseFlow.cs:37:17:37:18 | this [Reverse] : A [field Field] : String | semmle.label | this [Reverse] : A [field Field] : String |
 | ReverseFlow.cs:39:9:39:12 | [post] this access : A [field Field] : String | semmle.label | [post] this access : A [field Field] : String |
@@ -187,10 +155,6 @@ nodes
 | ReverseFlow.cs:52:20:52:20 | access to parameter a [Reverse] : A [field Field] : String | semmle.label | access to parameter a [Reverse] : A [field Field] : String |
 | ReverseFlow.cs:53:12:53:12 | [post] access to local variable b : A [field Nested, field Field] : String | semmle.label | [post] access to local variable b : A [field Nested, field Field] : String |
 | ReverseFlow.cs:53:12:53:12 | [post] access to local variable b : A [field Nested, field Field] : String | semmle.label | [post] access to local variable b : A [field Nested, field Field] : String |
-| ReverseFlow.cs:53:12:53:12 | access to local variable b [Reverse] : A [field Nested, field Field] : String | semmle.label | access to local variable b [Reverse] : A [field Nested, field Field] : String |
-| ReverseFlow.cs:53:12:53:12 | access to local variable b [Reverse] : A [field Nested, field Field] : String | semmle.label | access to local variable b [Reverse] : A [field Nested, field Field] : String |
-| ReverseFlow.cs:53:12:53:12 | access to local variable b [Reverse] : A [field Nested, field Field] : String | semmle.label | access to local variable b [Reverse] : A [field Nested, field Field] : String |
-| ReverseFlow.cs:53:12:53:12 | access to local variable b [Reverse] : A [field Nested, field Field] : String | semmle.label | access to local variable b [Reverse] : A [field Nested, field Field] : String |
 | ReverseFlow.cs:56:22:56:22 | a [Reverse] : A [field Nested, field Field] : String | semmle.label | a [Reverse] : A [field Nested, field Field] : String |
 | ReverseFlow.cs:56:22:56:22 | a [Reverse] : A [field Nested, field Field] : String | semmle.label | a [Reverse] : A [field Nested, field Field] : String |
 | ReverseFlow.cs:58:9:58:9 | [post] access to parameter a : A [field Nested, field Field] : String | semmle.label | [post] access to parameter a : A [field Nested, field Field] : String |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/LogInjection.expected b/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/LogInjection.expected
index ba2933e510f33..b5614b13a45c6 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/LogInjection.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/LogInjection.expected
@@ -3,20 +3,14 @@ edges
 | main.go:18:46:18:48 | definition of req | main.go:21:28:21:31 | name | provenance |  |
 | main.go:18:46:18:48 | definition of req | main.go:21:28:21:31 | name | provenance |  |
 | main.go:18:46:18:48 | definition of req [Reverse] | proto/Hello.pb.micro.go:85:53:85:54 | definition of in | provenance |  |
-| main.go:18:46:18:48 | definition of req [Reverse] | proto/Hello.pb.micro.go:86:37:86:38 | in [Reverse] | provenance |  |
-| main.go:18:46:18:48 | definition of req [Reverse] | proto/Hello.pb.micro.go:86:37:86:38 | in [Reverse] | provenance |  |
 | proto/Hello.pb.micro.go:85:53:85:54 | definition of in | proto/Hello.pb.micro.go:85:53:85:54 | definition of in [Reverse] | provenance |  |
 | proto/Hello.pb.micro.go:85:53:85:54 | definition of in | proto/Hello.pb.micro.go:86:37:86:38 | in | provenance |  |
 | proto/Hello.pb.micro.go:85:53:85:54 | definition of in | proto/Hello.pb.micro.go:86:37:86:38 | in | provenance |  |
 | proto/Hello.pb.micro.go:85:53:85:54 | definition of in [Reverse] | proto/Hello.pb.micro.go:85:53:85:54 | definition of in | provenance |  |
-| proto/Hello.pb.micro.go:85:53:85:54 | definition of in [Reverse] | proto/Hello.pb.micro.go:86:37:86:38 | in [Reverse] | provenance |  |
-| proto/Hello.pb.micro.go:85:53:85:54 | definition of in [Reverse] | proto/Hello.pb.micro.go:86:37:86:38 | in [Reverse] | provenance |  |
 | proto/Hello.pb.micro.go:86:37:86:38 | in | main.go:18:46:18:48 | definition of req | provenance |  |
 | proto/Hello.pb.micro.go:86:37:86:38 | in | main.go:18:46:18:48 | definition of req | provenance |  |
 | proto/Hello.pb.micro.go:86:37:86:38 | in | proto/Hello.pb.micro.go:85:53:85:54 | definition of in | provenance |  |
 | proto/Hello.pb.micro.go:86:37:86:38 | in | proto/Hello.pb.micro.go:85:53:85:54 | definition of in | provenance |  |
-| proto/Hello.pb.micro.go:86:37:86:38 | in [Reverse] | proto/Hello.pb.micro.go:85:53:85:54 | definition of in [Reverse] | provenance |  |
-| proto/Hello.pb.micro.go:86:37:86:38 | in [Reverse] | proto/Hello.pb.micro.go:85:53:85:54 | definition of in [Reverse] | provenance |  |
 nodes
 | main.go:18:46:18:48 | definition of req | semmle.label | definition of req |
 | main.go:18:46:18:48 | definition of req | semmle.label | definition of req |
@@ -27,8 +21,6 @@ nodes
 | proto/Hello.pb.micro.go:85:53:85:54 | definition of in [Reverse] | semmle.label | definition of in [Reverse] |
 | proto/Hello.pb.micro.go:86:37:86:38 | in | semmle.label | in |
 | proto/Hello.pb.micro.go:86:37:86:38 | in | semmle.label | in |
-| proto/Hello.pb.micro.go:86:37:86:38 | in [Reverse] | semmle.label | in [Reverse] |
-| proto/Hello.pb.micro.go:86:37:86:38 | in [Reverse] | semmle.label | in [Reverse] |
 subpaths
 #select
 | main.go:21:28:21:31 | name | main.go:18:46:18:48 | definition of req | main.go:21:28:21:31 | name | This log entry depends on a $@. | main.go:18:46:18:48 | definition of req | user-provided value |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected b/go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected
index eca3eb3ab7071..2d61e4280357d 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected
@@ -12,15 +12,9 @@ edges
 | rpc/notes/service.twirp.go:428:93:428:95 | definition of req [pointer, Body] | rpc/notes/service.twirp.go:428:93:428:95 | definition of req [Reverse] [pointer, Body] | provenance |  |
 | rpc/notes/service.twirp.go:428:93:428:95 | definition of req [pointer, Body] | rpc/notes/service.twirp.go:438:40:438:42 | req [pointer, Body] | provenance |  |
 | rpc/notes/service.twirp.go:428:93:428:95 | definition of req [pointer, Body] | rpc/notes/service.twirp.go:438:40:438:42 | req [pointer, Body] | provenance |  |
-| rpc/notes/service.twirp.go:436:36:436:38 | req [Reverse] [pointer, Body] | rpc/notes/service.twirp.go:428:93:428:95 | definition of req [Reverse] [pointer, Body] | provenance |  |
-| rpc/notes/service.twirp.go:436:36:436:38 | req [Reverse] [pointer, Body] | rpc/notes/service.twirp.go:428:93:428:95 | definition of req [Reverse] [pointer, Body] | provenance |  |
-| rpc/notes/service.twirp.go:438:40:438:42 | req [Reverse] [pointer, Body] | rpc/notes/service.twirp.go:428:93:428:95 | definition of req [Reverse] [pointer, Body] | provenance |  |
-| rpc/notes/service.twirp.go:438:40:438:42 | req [Reverse] [pointer, Body] | rpc/notes/service.twirp.go:428:93:428:95 | definition of req [Reverse] [pointer, Body] | provenance |  |
 | rpc/notes/service.twirp.go:438:40:438:42 | req [pointer, Body] | rpc/notes/service.twirp.go:529:101:529:103 | definition of req [pointer, Body] | provenance |  |
 | rpc/notes/service.twirp.go:438:40:438:42 | req [pointer, Body] | rpc/notes/service.twirp.go:529:101:529:103 | definition of req [pointer, Body] | provenance |  |
 | rpc/notes/service.twirp.go:446:97:446:99 | definition of req [Reverse] [pointer, Body] | rpc/notes/service.twirp.go:428:93:428:95 | definition of req [pointer, Body] | provenance |  |
-| rpc/notes/service.twirp.go:446:97:446:99 | definition of req [Reverse] [pointer, Body] | rpc/notes/service.twirp.go:436:36:436:38 | req [Reverse] [pointer, Body] | provenance |  |
-| rpc/notes/service.twirp.go:446:97:446:99 | definition of req [Reverse] [pointer, Body] | rpc/notes/service.twirp.go:436:36:436:38 | req [Reverse] [pointer, Body] | provenance |  |
 | rpc/notes/service.twirp.go:455:23:455:25 | implicit dereference [Reverse] [Body] | rpc/notes/service.twirp.go:455:23:455:25 | req [Reverse] [pointer, Body] | provenance |  |
 | rpc/notes/service.twirp.go:455:23:455:25 | req [Reverse] [pointer, Body] | rpc/notes/service.twirp.go:446:97:446:99 | definition of req [Reverse] [pointer, Body] | provenance |  |
 | rpc/notes/service.twirp.go:455:23:455:30 | selection of Body | rpc/notes/service.twirp.go:455:23:455:30 | selection of Body [Reverse] | provenance | Src:MaD:1  |
@@ -30,8 +24,6 @@ edges
 | rpc/notes/service.twirp.go:493:2:493:2 | capture variable reqContent | rpc/notes/service.twirp.go:495:35:495:44 | reqContent | provenance |  |
 | rpc/notes/service.twirp.go:495:35:495:44 | reqContent | server/main.go:19:56:19:61 | definition of params | provenance |  |
 | rpc/notes/service.twirp.go:529:101:529:103 | definition of req [Reverse] [pointer, Body] | rpc/notes/service.twirp.go:428:93:428:95 | definition of req [pointer, Body] | provenance |  |
-| rpc/notes/service.twirp.go:529:101:529:103 | definition of req [Reverse] [pointer, Body] | rpc/notes/service.twirp.go:438:40:438:42 | req [Reverse] [pointer, Body] | provenance |  |
-| rpc/notes/service.twirp.go:529:101:529:103 | definition of req [Reverse] [pointer, Body] | rpc/notes/service.twirp.go:438:40:438:42 | req [Reverse] [pointer, Body] | provenance |  |
 | rpc/notes/service.twirp.go:529:101:529:103 | definition of req [pointer, Body] | rpc/notes/service.twirp.go:538:25:538:27 | req [pointer, Body] | provenance |  |
 | rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | rpc/notes/service.twirp.go:544:27:544:29 | buf | provenance |  |
 | rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | rpc/notes/service.twirp.go:544:27:544:29 | buf | provenance |  |
@@ -53,20 +45,12 @@ edges
 | rpc/notes/service.twirp.go:576:35:576:44 | reqContent | server/main.go:19:56:19:61 | definition of params | provenance |  |
 | rpc/notes/service.twirp.go:608:94:608:96 | definition of req [Reverse] [pointer, Body] | rpc/notes/service.twirp.go:382:66:382:68 | definition of req [pointer, Body] | provenance |  |
 | rpc/notes/service.twirp.go:608:94:608:96 | definition of req [pointer, Body] | rpc/notes/service.twirp.go:608:94:608:96 | definition of req [Reverse] [pointer, Body] | provenance |  |
-| rpc/notes/service.twirp.go:616:37:616:39 | req [Reverse] [pointer, Body] | rpc/notes/service.twirp.go:608:94:608:96 | definition of req [Reverse] [pointer, Body] | provenance |  |
-| rpc/notes/service.twirp.go:616:37:616:39 | req [Reverse] [pointer, Body] | rpc/notes/service.twirp.go:608:94:608:96 | definition of req [Reverse] [pointer, Body] | provenance |  |
-| rpc/notes/service.twirp.go:618:41:618:43 | req [Reverse] [pointer, Body] | rpc/notes/service.twirp.go:608:94:608:96 | definition of req [Reverse] [pointer, Body] | provenance |  |
-| rpc/notes/service.twirp.go:618:41:618:43 | req [Reverse] [pointer, Body] | rpc/notes/service.twirp.go:608:94:608:96 | definition of req [Reverse] [pointer, Body] | provenance |  |
 | rpc/notes/service.twirp.go:626:98:626:100 | definition of req [Reverse] [pointer, Body] | rpc/notes/service.twirp.go:608:94:608:96 | definition of req [pointer, Body] | provenance |  |
-| rpc/notes/service.twirp.go:626:98:626:100 | definition of req [Reverse] [pointer, Body] | rpc/notes/service.twirp.go:616:37:616:39 | req [Reverse] [pointer, Body] | provenance |  |
-| rpc/notes/service.twirp.go:626:98:626:100 | definition of req [Reverse] [pointer, Body] | rpc/notes/service.twirp.go:616:37:616:39 | req [Reverse] [pointer, Body] | provenance |  |
 | rpc/notes/service.twirp.go:635:23:635:25 | implicit dereference [Reverse] [Body] | rpc/notes/service.twirp.go:635:23:635:25 | req [Reverse] [pointer, Body] | provenance |  |
 | rpc/notes/service.twirp.go:635:23:635:25 | req [Reverse] [pointer, Body] | rpc/notes/service.twirp.go:626:98:626:100 | definition of req [Reverse] [pointer, Body] | provenance |  |
 | rpc/notes/service.twirp.go:635:23:635:30 | selection of Body | rpc/notes/service.twirp.go:635:23:635:30 | selection of Body [Reverse] | provenance | Src:MaD:1  |
 | rpc/notes/service.twirp.go:635:23:635:30 | selection of Body [Reverse] | rpc/notes/service.twirp.go:635:23:635:25 | implicit dereference [Reverse] [Body] | provenance |  |
 | rpc/notes/service.twirp.go:709:102:709:104 | definition of req [Reverse] [pointer, Body] | rpc/notes/service.twirp.go:608:94:608:96 | definition of req [pointer, Body] | provenance |  |
-| rpc/notes/service.twirp.go:709:102:709:104 | definition of req [Reverse] [pointer, Body] | rpc/notes/service.twirp.go:618:41:618:43 | req [Reverse] [pointer, Body] | provenance |  |
-| rpc/notes/service.twirp.go:709:102:709:104 | definition of req [Reverse] [pointer, Body] | rpc/notes/service.twirp.go:618:41:618:43 | req [Reverse] [pointer, Body] | provenance |  |
 | rpc/notes/service.twirp.go:718:25:718:27 | implicit dereference [Reverse] [Body] | rpc/notes/service.twirp.go:718:25:718:27 | req [Reverse] [pointer, Body] | provenance |  |
 | rpc/notes/service.twirp.go:718:25:718:27 | req [Reverse] [pointer, Body] | rpc/notes/service.twirp.go:709:102:709:104 | definition of req [Reverse] [pointer, Body] | provenance |  |
 | rpc/notes/service.twirp.go:718:25:718:32 | selection of Body | rpc/notes/service.twirp.go:718:25:718:32 | selection of Body [Reverse] | provenance | Src:MaD:1  |
@@ -90,10 +74,6 @@ nodes
 | rpc/notes/service.twirp.go:428:93:428:95 | definition of req [Reverse] [pointer, Body] | semmle.label | definition of req [Reverse] [pointer, Body] |
 | rpc/notes/service.twirp.go:428:93:428:95 | definition of req [pointer, Body] | semmle.label | definition of req [pointer, Body] |
 | rpc/notes/service.twirp.go:428:93:428:95 | definition of req [pointer, Body] | semmle.label | definition of req [pointer, Body] |
-| rpc/notes/service.twirp.go:436:36:436:38 | req [Reverse] [pointer, Body] | semmle.label | req [Reverse] [pointer, Body] |
-| rpc/notes/service.twirp.go:436:36:436:38 | req [Reverse] [pointer, Body] | semmle.label | req [Reverse] [pointer, Body] |
-| rpc/notes/service.twirp.go:438:40:438:42 | req [Reverse] [pointer, Body] | semmle.label | req [Reverse] [pointer, Body] |
-| rpc/notes/service.twirp.go:438:40:438:42 | req [Reverse] [pointer, Body] | semmle.label | req [Reverse] [pointer, Body] |
 | rpc/notes/service.twirp.go:438:40:438:42 | req [pointer, Body] | semmle.label | req [pointer, Body] |
 | rpc/notes/service.twirp.go:438:40:438:42 | req [pointer, Body] | semmle.label | req [pointer, Body] |
 | rpc/notes/service.twirp.go:446:97:446:99 | definition of req [Reverse] [pointer, Body] | semmle.label | definition of req [Reverse] [pointer, Body] |
@@ -126,10 +106,6 @@ nodes
 | rpc/notes/service.twirp.go:576:35:576:44 | reqContent | semmle.label | reqContent |
 | rpc/notes/service.twirp.go:608:94:608:96 | definition of req [Reverse] [pointer, Body] | semmle.label | definition of req [Reverse] [pointer, Body] |
 | rpc/notes/service.twirp.go:608:94:608:96 | definition of req [pointer, Body] | semmle.label | definition of req [pointer, Body] |
-| rpc/notes/service.twirp.go:616:37:616:39 | req [Reverse] [pointer, Body] | semmle.label | req [Reverse] [pointer, Body] |
-| rpc/notes/service.twirp.go:616:37:616:39 | req [Reverse] [pointer, Body] | semmle.label | req [Reverse] [pointer, Body] |
-| rpc/notes/service.twirp.go:618:41:618:43 | req [Reverse] [pointer, Body] | semmle.label | req [Reverse] [pointer, Body] |
-| rpc/notes/service.twirp.go:618:41:618:43 | req [Reverse] [pointer, Body] | semmle.label | req [Reverse] [pointer, Body] |
 | rpc/notes/service.twirp.go:626:98:626:100 | definition of req [Reverse] [pointer, Body] | semmle.label | definition of req [Reverse] [pointer, Body] |
 | rpc/notes/service.twirp.go:635:23:635:25 | implicit dereference [Reverse] [Body] | semmle.label | implicit dereference [Reverse] [Body] |
 | rpc/notes/service.twirp.go:635:23:635:25 | req [Reverse] [pointer, Body] | semmle.label | req [Reverse] [pointer, Body] |
diff --git a/java/ql/test/library-tests/dataflow/capture/inlinetest.expected b/java/ql/test/library-tests/dataflow/capture/inlinetest.expected
index b364a0beff418..d4c518ce7d170 100644
--- a/java/ql/test/library-tests/dataflow/capture/inlinetest.expected
+++ b/java/ql/test/library-tests/dataflow/capture/inlinetest.expected
@@ -76,27 +76,20 @@ edges
 | B.java:77:22:77:28 | param [Reverse] : B [elem] : String | B.java:71:19:71:23 | other [post update] : B [elem] : String | provenance |  |
 | B.java:78:18:81:5 | ...->... [Reverse] : new Runnable(...) { ... } [param, elem] : String | B.java:78:18:81:5 | param [Reverse] : B [elem] : String | provenance |  |
 | B.java:78:18:81:5 | param [Reverse] : B [elem] : String | B.java:77:22:77:28 | param [Reverse] : B [elem] : String | provenance |  |
-| B.java:78:18:81:5 | parameter this [Reverse] : new Runnable(...) { ... } [param, elem] : String | B.java:82:5:82:5 | r [Reverse] : new Runnable(...) { ... } [param, elem] : String | provenance |  |
-| B.java:78:18:81:5 | parameter this [Reverse] : new Runnable(...) { ... } [param, elem] : String | B.java:82:5:82:5 | r [Reverse] : new Runnable(...) { ... } [param, elem] : String | provenance |  |
 | B.java:78:18:81:5 | parameter this [Reverse] : new Runnable(...) { ... } [param, elem] : String | B.java:82:5:82:5 | r [post update] : new Runnable(...) { ... } [param, elem] : String | provenance |  |
 | B.java:80:7:80:11 | param [post update] : B [elem] : String | B.java:80:7:80:11 | this : new Runnable(...) { ... } [param, elem] : String | provenance |  |
 | B.java:80:7:80:11 | this : new Runnable(...) { ... } [param, elem] : String | B.java:78:18:81:5 | parameter this [Reverse] : new Runnable(...) { ... } [param, elem] : String | provenance |  |
 | B.java:80:20:80:39 | source(...) : String | B.java:80:7:80:11 | param [post update] : B [elem] : String | provenance |  |
 | B.java:82:5:82:5 | param : B [elem] : String | B.java:77:22:77:28 | param [Reverse] : B [elem] : String | provenance |  |
 | B.java:82:5:82:5 | param [Reverse] : B [elem] : String | B.java:77:22:77:28 | param [Reverse] : B [elem] : String | provenance |  |
-| B.java:82:5:82:5 | param [Reverse] : B [elem] : String | B.java:77:22:77:28 | param [Reverse] : B [elem] : String | provenance |  |
-| B.java:82:5:82:5 | r [Reverse] : new Runnable(...) { ... } [param, elem] : String | B.java:78:18:81:5 | ...->... [Reverse] : new Runnable(...) { ... } [param, elem] : String | provenance |  |
 | B.java:82:5:82:5 | r [Reverse] : new Runnable(...) { ... } [param, elem] : String | B.java:78:18:81:5 | ...->... [Reverse] : new Runnable(...) { ... } [param, elem] : String | provenance |  |
 | B.java:82:5:82:5 | r [Reverse] : new Runnable(...) { ... } [param, elem] : String | B.java:82:5:82:5 | param [Reverse] : B [elem] : String | provenance |  |
-| B.java:82:5:82:5 | r [Reverse] : new Runnable(...) { ... } [param, elem] : String | B.java:82:5:82:5 | param [Reverse] : B [elem] : String | provenance |  |
 | B.java:82:5:82:5 | r [post update] : new Runnable(...) { ... } [param, elem] : String | B.java:78:18:81:5 | ...->... [Reverse] : new Runnable(...) { ... } [param, elem] : String | provenance |  |
 | B.java:82:5:82:5 | r [post update] : new Runnable(...) { ... } [param, elem] : String | B.java:82:5:82:5 | param : B [elem] : String | provenance |  |
 | B.java:82:5:82:5 | r [post update] : new Runnable(...) { ... } [param, elem] : String | B.java:82:5:82:5 | r [Reverse] : new Runnable(...) { ... } [param, elem] : String | provenance |  |
 | B.java:88:22:88:44 | parameter this : new Runnable(...) { ... } [B b, elem] : String | B.java:88:35:88:35 | this : new Runnable(...) { ... } [B b, elem] : String | provenance |  |
 | B.java:88:35:88:35 | b : B [elem] : String | B.java:88:35:88:40 | b.elem | provenance |  |
 | B.java:88:35:88:35 | this : new Runnable(...) { ... } [B b, elem] : String | B.java:88:35:88:35 | b : B [elem] : String | provenance |  |
-| B.java:89:20:89:52 | parameter this [Reverse] : new Runnable(...) { ... } [B b, elem] : String | B.java:96:5:96:5 | r [Reverse] : new Runnable(...) { ... } [B b, elem] : String | provenance |  |
-| B.java:89:20:89:52 | parameter this [Reverse] : new Runnable(...) { ... } [B b, elem] : String | B.java:96:5:96:5 | r [Reverse] : new Runnable(...) { ... } [B b, elem] : String | provenance |  |
 | B.java:89:20:89:52 | parameter this [Reverse] : new Runnable(...) { ... } [B b, elem] : String | B.java:96:5:96:5 | r [post update] : new Runnable(...) { ... } [B b, elem] : String | provenance |  |
 | B.java:89:28:89:28 | b [post update] : B [elem] : String | B.java:89:28:89:28 | this : new Runnable(...) { ... } [B b, elem] : String | provenance |  |
 | B.java:89:28:89:28 | this : new Runnable(...) { ... } [B b, elem] : String | B.java:89:20:89:52 | parameter this [Reverse] : new Runnable(...) { ... } [B b, elem] : String | provenance |  |
@@ -108,8 +101,6 @@ edges
 | B.java:95:14:95:23 | r : new Runnable(...) { ... } [B b, elem] : String | B.java:96:5:96:5 | r : new Runnable(...) { ... } [B b, elem] : String | provenance |  |
 | B.java:95:14:95:23 | r [Reverse] : new Runnable(...) { ... } [B b, elem] : String | B.java:91:11:91:13 | src [post update] : new Runnable(...) { ... } [B b, elem] : String | provenance |  |
 | B.java:96:5:96:5 | r : new Runnable(...) { ... } [B b, elem] : String | B.java:88:22:88:44 | parameter this : new Runnable(...) { ... } [B b, elem] : String | provenance |  |
-| B.java:96:5:96:5 | r [Reverse] : new Runnable(...) { ... } [B b, elem] : String | B.java:95:14:95:23 | r [Reverse] : new Runnable(...) { ... } [B b, elem] : String | provenance |  |
-| B.java:96:5:96:5 | r [Reverse] : new Runnable(...) { ... } [B b, elem] : String | B.java:95:14:95:23 | r [Reverse] : new Runnable(...) { ... } [B b, elem] : String | provenance |  |
 | B.java:96:5:96:5 | r [post update] : new Runnable(...) { ... } [B b, elem] : String | B.java:95:14:95:23 | r [Reverse] : new Runnable(...) { ... } [B b, elem] : String | provenance |  |
 | B.java:102:5:102:6 | l1 [post update] : ArrayList [<element>] : String | B.java:103:12:103:13 | l1 : ArrayList [<element>] : String | provenance |  |
 | B.java:102:12:102:29 | source(...) : String | B.java:102:5:102:6 | l1 [post update] : ArrayList [<element>] : String | provenance | MaD:2 |
@@ -396,8 +387,6 @@ nodes
 | B.java:80:20:80:39 | source(...) : String | semmle.label | source(...) : String |
 | B.java:82:5:82:5 | param : B [elem] : String | semmle.label | param : B [elem] : String |
 | B.java:82:5:82:5 | param [Reverse] : B [elem] : String | semmle.label | param [Reverse] : B [elem] : String |
-| B.java:82:5:82:5 | param [Reverse] : B [elem] : String | semmle.label | param [Reverse] : B [elem] : String |
-| B.java:82:5:82:5 | r [Reverse] : new Runnable(...) { ... } [param, elem] : String | semmle.label | r [Reverse] : new Runnable(...) { ... } [param, elem] : String |
 | B.java:82:5:82:5 | r [Reverse] : new Runnable(...) { ... } [param, elem] : String | semmle.label | r [Reverse] : new Runnable(...) { ... } [param, elem] : String |
 | B.java:82:5:82:5 | r [post update] : new Runnable(...) { ... } [param, elem] : String | semmle.label | r [post update] : new Runnable(...) { ... } [param, elem] : String |
 | B.java:88:22:88:44 | parameter this : new Runnable(...) { ... } [B b, elem] : String | semmle.label | parameter this : new Runnable(...) { ... } [B b, elem] : String |
@@ -415,8 +404,6 @@ nodes
 | B.java:95:14:95:23 | r : new Runnable(...) { ... } [B b, elem] : String | semmle.label | r : new Runnable(...) { ... } [B b, elem] : String |
 | B.java:95:14:95:23 | r [Reverse] : new Runnable(...) { ... } [B b, elem] : String | semmle.label | r [Reverse] : new Runnable(...) { ... } [B b, elem] : String |
 | B.java:96:5:96:5 | r : new Runnable(...) { ... } [B b, elem] : String | semmle.label | r : new Runnable(...) { ... } [B b, elem] : String |
-| B.java:96:5:96:5 | r [Reverse] : new Runnable(...) { ... } [B b, elem] : String | semmle.label | r [Reverse] : new Runnable(...) { ... } [B b, elem] : String |
-| B.java:96:5:96:5 | r [Reverse] : new Runnable(...) { ... } [B b, elem] : String | semmle.label | r [Reverse] : new Runnable(...) { ... } [B b, elem] : String |
 | B.java:96:5:96:5 | r [post update] : new Runnable(...) { ... } [B b, elem] : String | semmle.label | r [post update] : new Runnable(...) { ... } [B b, elem] : String |
 | B.java:102:5:102:6 | l1 [post update] : ArrayList [<element>] : String | semmle.label | l1 [post update] : ArrayList [<element>] : String |
 | B.java:102:12:102:29 | source(...) : String | semmle.label | source(...) : String |
diff --git a/java/ql/test/library-tests/dataflow/capture/test.expected b/java/ql/test/library-tests/dataflow/capture/test.expected
index be493d849a94d..dbdf5e01436ef 100644
--- a/java/ql/test/library-tests/dataflow/capture/test.expected
+++ b/java/ql/test/library-tests/dataflow/capture/test.expected
@@ -50,7 +50,6 @@
 | A.java:23:11:23:13 | "C" : String | A.java:39:12:39:12 | a : new A(...) { ... } [String s] |
 | A.java:25:22:25:24 | "D" : String | A.java:4:5:4:7 | parameter this [Reverse] : Box [elem] |
 | A.java:25:22:25:24 | "D" : String | A.java:4:5:4:7 | this <constr(this)> [Reverse] : Box [elem] |
-| A.java:25:22:25:24 | "D" : String | A.java:4:5:4:7 | this <constr(this)> [post update] [Reverse] : Box [elem] |
 | A.java:25:22:25:24 | "D" : String | A.java:4:9:4:16 | e : String |
 | A.java:25:22:25:24 | "D" : String | A.java:4:21:4:24 | this <.field> [Reverse] : Box [elem] |
 | A.java:25:22:25:24 | "D" : String | A.java:4:21:4:24 | this <.field> [post update] : Box [elem] |
@@ -89,7 +88,6 @@
 | A.java:27:16:27:18 | "E" : String | A.java:14:11:14:20 | f2(...) : new A(...) { ... } [Box b2, ... (2)] |
 | A.java:27:16:27:18 | "E" : String | A.java:15:16:15:16 | a : new A(...) { ... } [Box b2, ... (2)] |
 | A.java:27:16:27:18 | "E" : String | A.java:15:16:15:22 | get(...) : String |
-| A.java:27:16:27:18 | "E" : String | A.java:26:14:26:26 | new Box(...) [Reverse] : Box [elem] |
 | A.java:27:16:27:18 | "E" : String | A.java:27:5:27:6 | b2 [Reverse] : Box [elem] |
 | A.java:27:16:27:18 | "E" : String | A.java:27:5:27:6 | b2 [post update] : Box [elem] |
 | A.java:27:16:27:18 | "E" : String | A.java:28:11:38:5 | Box b2 : Box [elem] |
diff --git a/java/ql/test/library-tests/dataflow/partial/test.expected b/java/ql/test/library-tests/dataflow/partial/test.expected
index 0c5af47d6161d..6c83f751f8afb 100644
--- a/java/ql/test/library-tests/dataflow/partial/test.expected
+++ b/java/ql/test/library-tests/dataflow/partial/test.expected
@@ -1,5 +1,4 @@
 edges
-| A.java:12:5:12:5 | b [Reverse] : Box [elem] | A.java:11:13:11:21 | new Box(...) [Reverse] : Box [elem] |
 | A.java:12:5:12:5 | b [post update] : Box [elem] | A.java:12:5:12:5 | b [Reverse] : Box [elem] |
 | A.java:12:5:12:5 | b [post update] : Box [elem] | A.java:13:12:13:12 | b : Box [elem] |
 | A.java:12:14:12:18 | src(...) : Object | A.java:12:5:12:5 | b [post update] : Box [elem] |
@@ -8,7 +7,6 @@ edges
 | A.java:17:13:17:16 | f1(...) : Box [elem] | A.java:18:8:18:8 | b : Box [elem] |
 | A.java:18:8:18:8 | b : Box [elem] | A.java:21:11:21:15 | b : Box [elem] |
 #select
-| 0 | A.java:11:13:11:21 | new Box(...) [Reverse] : Box [elem] |
 | 0 | A.java:12:5:12:5 | b [Reverse] : Box [elem] |
 | 0 | A.java:12:5:12:5 | b [post update] : Box [elem] |
 | 0 | A.java:12:5:12:18 | ...=... : Object |
diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll
index 262bc5f1d2729..c1fc6d794a77c 100644
--- a/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll
+++ b/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll
@@ -2055,8 +2055,8 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
 
         pragma[nomagic]
         private predicate fwdFlowOutCand(
-          DataFlowCallEx call, RetNodeEx ret, CcNoCall innercc, DataFlowCallable inner, NodeEx out,
-          ApApprox apa, boolean allowsFieldFlow
+          NormalDataFlowCall call, RetNodeEx ret, CcNoCall innercc, DataFlowCallable inner,
+          NodeEx out, ApApprox apa, boolean allowsFieldFlow
         ) {
           fwdFlowIntoRet(ret, _, innercc, _, _, _, apa, _) and
           inner = ret.getEnclosingCallable() and
@@ -2071,8 +2071,8 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
 
         pragma[nomagic]
         private predicate fwdFlowOutValidEdge(
-          DataFlowCallEx call, RetNodeEx ret, CcNoCall innercc, DataFlowCallable inner, NodeEx out,
-          CcNoCall outercc, ApApprox apa, boolean allowsFieldFlow
+          NormalDataFlowCall call, RetNodeEx ret, CcNoCall innercc, DataFlowCallable inner,
+          NodeEx out, CcNoCall outercc, ApApprox apa, boolean allowsFieldFlow
         ) {
           fwdFlowOutCand(call, ret, innercc, inner, out, apa, allowsFieldFlow) and
           FwdTypeFlow::typeFlowValidEdgeOut(call.projectToCall(), inner) and
@@ -2081,7 +2081,7 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
 
         pragma[inline]
         private predicate fwdFlowOut(
-          DataFlowCallEx call, DataFlowCallable inner, NodeEx out, FlowState state,
+          NormalDataFlowCall call, DataFlowCallable inner, NodeEx out, FlowState state,
           CcNoCall outercc, SummaryCtx summaryCtx, Typ t, Ap ap, ApApprox apa, TypOption stored
         ) {
           exists(RetNodeEx ret, CcNoCall innercc, boolean allowsFieldFlow |
diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll
index ecabe8d89227f..e3bb4f3247853 100644
--- a/shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll
+++ b/shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll
@@ -1245,7 +1245,7 @@ module MakeImplCommon<LocationSig Location, InputSig<Location> Lang> {
 
       ReverseParamNodeEx() {
         exists(ReturnPosition pos |
-          pos = getValueReturnPosition(this.asNodeReverse(true)) and
+          pos = getValueReturnPosition(this.asNodeReverse(false)) and
           c_ = pos.getCallable() and
           pos_.asReturnKind() = pos.getKind()
         )