C++: mass enable diff-informed data flow

[d10c]

An auto-generated patch that enables diff-informed data flow in the obvious cases.

Builds on #18342 and https://github.com/github/codeql-patch/pull/88

[Copilot]

Pull Request Overview

Enables diff-informed data flow analysis by injecting an observeDiffInformedIncrementalMode stub into multiple DataFlow and TaintTracking configurations.

• Adds a stub predicate observeDiffInformedIncrementalMode() { any() } to enable diff-informed incremental analysis.
• Applies across various security checks (CWE rules) and likely-bugs modules.
• Prepares QL libraries for improved incremental performance on code changes.

Reviewed Changes

Copilot reviewed 12 out of 12 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql	Added stub observeDiffInformedIncrementalMode
cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.ql	Added stub observeDiffInformedIncrementalMode
cpp/ql/src/Security/CWE/CWE-611/XXE.ql	Added stub observeDiffInformedIncrementalMode
cpp/ql/src/Security/CWE/CWE-497/PotentiallyExposedSystemData.ql	Added stub observeDiffInformedIncrementalMode
cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql	Added stub observeDiffInformedIncrementalMode
cpp/ql/src/Security/CWE/CWE-190/IntegerOverflowTainted.ql	Added stub observeDiffInformedIncrementalMode
cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql	Added stub observeDiffInformedIncrementalMode
cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql	Added stub observeDiffInformedIncrementalMode
cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql	Added stub observeDiffInformedIncrementalMode
cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.qll	Added stub observeDiffInformedIncrementalMode
cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql	Added stub observeDiffInformedIncrementalMode
cpp/ql/lib/experimental/semmle/code/cpp/security/PrivateCleartextWrite.qll	Added stub observeDiffInformedIncrementalMode

Comments suppressed due to low confidence (2)

cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql:34

• [nitpick] Add a brief comment above this predicate explaining its role in enabling diff-informed incremental analysis to help future maintainers understand its purpose.

predicate observeDiffInformedIncrementalMode() { any() }

cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql:34

• No tests were added to verify that diff-informed data flow actually takes effect. Consider adding regression tests for one or two representative modules to validate this new mode behaves as expected.

predicate observeDiffInformedIncrementalMode() { any() }

[d10c]

It turns out that some of the generated changes in the PRs were not correct, e.g. because they should have also generated a getASelected{Source,Sink}Location() override but didn't (see Chuan-kai's comment here). So for now I'm putting them back in Draft until I make sure (via the patch script) that we are correctly handling all 3 documented query patterns, starting with the simplest one (both source and sink are used as location sources). Thanks for the review and stay tuned for an update as to what has changed in the meantime!