github
diff --git a/‎.github/workflows/generate-query-help-docs.yml‎
Lines changed: 0 additions & 60 deletions b/‎.github/workflows/generate-query-help-docs.yml‎
Lines changed: 0 additions & 60 deletions
diff --git a/‎cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.ql‎
Lines changed: 27 additions & 12 deletions b/‎cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.ql‎
Lines changed: 27 additions & 12 deletions
diff --git a/‎docs/codeql/query-help-markdown.py‎
Lines changed: 0 additions & 256 deletions b/‎docs/codeql/query-help-markdown.py‎
Lines changed: 0 additions & 256 deletions
diff --git a/‎java/change-notes/2021-03-23-guava-collections-and-preconditions.md‎
Lines changed: 2 additions & 0 deletions b/‎java/change-notes/2021-03-23-guava-collections-and-preconditions.md‎
Lines changed: 2 additions & 0 deletions
@@ -38,24 +38,39 @@ predicate isNonEscapingArgument(Expr escaped) {
   )
 }
 
+pragma[noinline]
+predicate callToMemsetWithRelevantVariable(
+  LocalVariable v, VariableAccess acc, FunctionCall call, MemsetFunction memset
+) {
+  not v.isStatic() and
+  // Reference-typed variables get special treatment in `variableAddressEscapesTree` so we leave them
+  // out of this query.
+  not v.getUnspecifiedType() instanceof ReferenceType and
+  call.getTarget() = memset and
+  acc = v.getAnAccess() and
+  // `v` escapes as the argument to `memset`
+  variableAddressEscapesTree(acc, call.getArgument(0).getFullyConverted())
+}
+
+pragma[noinline]
+predicate relevantVariable(LocalVariable v, FunctionCall call, MemsetFunction memset) {
+  exists(VariableAccess acc, VariableAccess anotherAcc |
+    callToMemsetWithRelevantVariable(v, acc, call, memset) and
+    // `v` is not only just used in the call to `memset`.
+    anotherAcc = v.getAnAccess() and
+    acc != anotherAcc and
+    not anotherAcc.isUnevaluated()
+  )
+}
+
 from FunctionCall call, LocalVariable v, MemsetFunction memset
 where
-  call.getTarget() = memset and
+  relevantVariable(v, call, memset) and
   not isFromMacroDefinition(call) and
-  // `v` escapes as the argument to `memset`
-  variableAddressEscapesTree(v.getAnAccess(), call.getArgument(0).getFullyConverted()) and
-  // ... and `v` doesn't escape anywhere else.
+  // `v` doesn't escape anywhere else.
   forall(Expr escape | variableAddressEscapesTree(v.getAnAccess(), escape) |
     isNonEscapingArgument(escape)
   ) and
-  not v.isStatic() and
-  // Reference-typed variables get special treatment in `variableAddressEscapesTree` so we leave them
-  // out of this query.
-  not v.getUnspecifiedType() instanceof ReferenceType and
-  // `v` is not only just used in the call to `memset`.
-  exists(Access acc |
-    acc = v.getAnAccess() and not call.getArgument(0).getAChild*() = acc and not acc.isUnevaluated()
-  ) and
   // There is no later use of `v`.
   not v.getAnAccess() = call.getASuccessor*() and
   // Not using the `-fno-builtin-memset` flag
 
@@ -0,0 +1,2 @@
+lgtm,codescanning
+* Increase coverage of the Guava framework, including flow steps through various collection utilities in `com.google.common.collect`, as well as through `Preconditions.checkNotNull`.
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+lgtm,codescanning`
	`2`	+* Increase coverage of the Guava framework, including flow steps through various collection utilities in `com.google.common.collect`, as well as through `Preconditions.checkNotNull`.