From 7ef5586cc7e960326c523443ed54ebc3d6dede9c Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Thu, 19 Jun 2025 19:39:38 +0100
Subject: [PATCH 1/6] Rust: Translate more legacy models -> new models (mostly
 guesswork for these last few cases).

---
 .../codeql/rust/frameworks/async-rs.model.yml |  4 +--
 .../codeql/rust/frameworks/futures.model.yml  | 30 +++++++++----------
 .../lib/codeql/rust/frameworks/libc.model.yml | 14 ++++-----
 3 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/rust/ql/lib/codeql/rust/frameworks/async-rs.model.yml b/rust/ql/lib/codeql/rust/frameworks/async-rs.model.yml
index 8276574e73af..d90504d77c86 100644
--- a/rust/ql/lib/codeql/rust/frameworks/async-rs.model.yml
+++ b/rust/ql/lib/codeql/rust/frameworks/async-rs.model.yml
@@ -1,6 +1,6 @@
 extensions:
   - addsTo:
       pack: codeql/rust-all
-      extensible: sourceModelDeprecated
+      extensible: sourceModel
     data:
-      - ["repo:https://github.com/async-rs/async-std:async-std", "<crate::net::tcp::stream::TcpStream>::connect", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "remote", "manual"]
+      - ["<async-std::net::tcp::stream::TcpStream>::connect", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "remote", "manual"]
diff --git a/rust/ql/lib/codeql/rust/frameworks/futures.model.yml b/rust/ql/lib/codeql/rust/frameworks/futures.model.yml
index b1fa17f58762..cd9f476f8fb1 100644
--- a/rust/ql/lib/codeql/rust/frameworks/futures.model.yml
+++ b/rust/ql/lib/codeql/rust/frameworks/futures.model.yml
@@ -1,19 +1,19 @@
 extensions:
   - addsTo:
       pack: codeql/rust-all
-      extensible: summaryModelDeprecated
+      extensible: summaryModel
     data:
-      - ["repo:https://github.com/rust-lang/futures-rs:futures-executor", "crate::local_pool::block_on", "Argument[0]", "ReturnValue", "value", "manual"]
-      - ["repo:https://github.com/rust-lang/futures-rs:futures-util", "<crate::io::buf_reader::BufReader>::new", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["repo:https://github.com/rust-lang/futures-rs:futures-util", "crate::io::AsyncReadExt::read", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
-      - ["repo:https://github.com/rust-lang/futures-rs:futures-util", "crate::io::AsyncReadExt::read", "Argument[self].Reference", "Argument[0].Reference", "taint", "manual"]
-      - ["repo:https://github.com/rust-lang/futures-rs:futures-util", "crate::io::AsyncReadExt::read_to_end", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
-      - ["repo:https://github.com/rust-lang/futures-rs:futures-util", "crate::io::AsyncReadExt::read_to_end", "Argument[self].Reference", "Argument[0].Reference", "taint", "manual"]
-      - ["repo:https://github.com/rust-lang/futures-rs:futures-util", "crate::io::AsyncBufReadExt::read_line", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
-      - ["repo:https://github.com/rust-lang/futures-rs:futures-util", "crate::io::AsyncBufReadExt::read_line", "Argument[self].Reference", "Argument[0].Reference", "taint", "manual"]
-      - ["repo:https://github.com/rust-lang/futures-rs:futures-util", "crate::io::AsyncBufReadExt::read_until", "Argument[self]", "Argument[1].Reference", "taint", "manual"]
-      - ["repo:https://github.com/rust-lang/futures-rs:futures-util", "crate::io::AsyncBufReadExt::read_until", "Argument[self].Reference", "Argument[1].Reference", "taint", "manual"]
-      - ["repo:https://github.com/rust-lang/futures-rs:futures-util", "crate::io::AsyncBufReadExt::fill_buf", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"]
-      - ["repo:https://github.com/rust-lang/futures-rs:futures-util", "crate::io::AsyncBufReadExt::lines", "Argument[self]", "ReturnValue", "taint", "manual"]
-      - ["repo:https://github.com/rust-lang/futures-rs:futures-util", "crate::stream::stream::StreamExt::next", "Argument[self]", "ReturnValue.Future.Field[core::option::Option::Some(0)]", "taint", "manual"]
-      - ["repo:https://github.com/rust-lang/futures-rs:futures-util", "<crate::io::buf_reader::BufReader as crate::if_std::AsyncBufRead>::poll_fill_buf", "Argument[self].Reference", "ReturnValue.Field[core::task::poll::Poll::Ready(0)].Field[core::result::Result::Ok(0)]", "taint", "manual"]
+      - ["futures_executor::local_pool::block_on", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["<futures_util::io::buf_reader::BufReader>::new", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["futures-util::io::AsyncReadExt::read", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
+      - ["futures-util::io::AsyncReadExt::read", "Argument[self].Reference", "Argument[0].Reference", "taint", "manual"]
+      - ["futures-util::io::AsyncReadExt::read_to_end", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
+      - ["futures-util::io::AsyncReadExt::read_to_end", "Argument[self].Reference", "Argument[0].Reference", "taint", "manual"]
+      - ["futures-util::io::AsyncBufReadExt::read_line", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
+      - ["futures-util::io::AsyncBufReadExt::read_line", "Argument[self].Reference", "Argument[0].Reference", "taint", "manual"]
+      - ["futures-util::io::AsyncBufReadExt::read_until", "Argument[self]", "Argument[1].Reference", "taint", "manual"]
+      - ["futures-util::io::AsyncBufReadExt::read_until", "Argument[self].Reference", "Argument[1].Reference", "taint", "manual"]
+      - ["futures-util::io::AsyncBufReadExt::fill_buf", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"]
+      - ["futures-util::io::AsyncBufReadExt::lines", "Argument[self]", "ReturnValue", "taint", "manual"]
+      - ["<alloc::boxed::Box as core::iter::traits::iterator::Iterator>::next", "Argument[self]", "ReturnValue.Future.Field[core::option::Option::Some(0)]", "taint", "manual"]
+      - ["<futures-util::io::buf_reader::BufReader as futures_io::if_std::AsyncBufRead>::poll_fill_buf", "Argument[self].Reference", "ReturnValue.Field[core::task::poll::Poll::Ready(0)].Field[core::result::Result::Ok(0)]", "taint", "manual"]
diff --git a/rust/ql/lib/codeql/rust/frameworks/libc.model.yml b/rust/ql/lib/codeql/rust/frameworks/libc.model.yml
index ce44a71732ec..efce0df7ffb7 100644
--- a/rust/ql/lib/codeql/rust/frameworks/libc.model.yml
+++ b/rust/ql/lib/codeql/rust/frameworks/libc.model.yml
@@ -1,14 +1,14 @@
 extensions:
   - addsTo:
       pack: codeql/rust-all
-      extensible: sourceModelDeprecated
+      extensible: sourceModel
     data:
-      - ["repo:https://github.com/rust-lang/libc:libc", "::free", "Argument[0]", "pointer-invalidate", "manual"]
+      - ["libc::free", "Argument[0]", "pointer-invalidate", "manual"]
   - addsTo:
       pack: codeql/rust-all
-      extensible: sinkModelDeprecated
+      extensible: sinkModel
     data:
-      - ["repo:https://github.com/rust-lang/libc:libc", "::malloc", "Argument[0]", "alloc-size", "manual"]
-      - ["repo:https://github.com/rust-lang/libc:libc", "::aligned_alloc", "Argument[1]", "alloc-size", "manual"]
-      - ["repo:https://github.com/rust-lang/libc:libc", "::calloc", "Argument[0,1]", "alloc-size", "manual"]
-      - ["repo:https://github.com/rust-lang/libc:libc", "::realloc", "Argument[1]", "alloc-size", "manual"]
+      - ["libc::malloc", "Argument[0]", "alloc-size", "manual"]
+      - ["libc::aligned_alloc", "Argument[1]", "alloc-size", "manual"]
+      - ["libc::calloc", "Argument[0,1]", "alloc-size", "manual"]
+      - ["libc::realloc", "Argument[1]", "alloc-size", "manual"]

From a1e9a4eddfd0263916b579668c9c35a3eeb9bbe3 Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Thu, 3 Jul 2025 15:52:48 +0100
Subject: [PATCH 2/6] Rust: Accept test .expected changes.

---
 .../dataflow/global/inline-flow.expected      |   2 +-
 .../dataflow/sources/TaintSources.expected    |   1 -
 .../library-tests/dataflow/sources/test.rs    |   2 +-
 .../dataflow/sources/test_futures_io.rs       |  28 +--
 .../UncontrolledAllocationSize.expected       | 201 ++++++++----------
 .../test/query-tests/security/CWE-770/main.rs |  10 +-
 .../CWE-825/AccessInvalidPointer.expected     |   7 -
 .../security/CWE-825/deallocation.rs          |   4 +-
 8 files changed, 107 insertions(+), 148 deletions(-)

diff --git a/rust/ql/test/library-tests/dataflow/global/inline-flow.expected b/rust/ql/test/library-tests/dataflow/global/inline-flow.expected
index da5840528f5c..30b39421ac20 100644
--- a/rust/ql/test/library-tests/dataflow/global/inline-flow.expected
+++ b/rust/ql/test/library-tests/dataflow/global/inline-flow.expected
@@ -1,5 +1,5 @@
 models
-| 1 | Summary: repo:https://github.com/rust-lang/futures-rs:futures-executor; crate::local_pool::block_on; Argument[0]; ReturnValue; value |
+| 1 | Summary: futures_executor::local_pool::block_on; Argument[0]; ReturnValue; value |
 edges
 | main.rs:12:28:14:1 | { ... } | main.rs:17:13:17:23 | get_data(...) | provenance |  |
 | main.rs:13:5:13:13 | source(...) | main.rs:12:28:14:1 | { ... } | provenance |  |
diff --git a/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected b/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected
index 4d95b9bb61b9..0e170f5f44cb 100644
--- a/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected
+++ b/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected
@@ -75,7 +75,6 @@
 | test.rs:779:22:779:50 | ...::new | Flow source 'RemoteSource' of type remote (DEFAULT). |
 | test.rs:806:16:806:29 | ...::args | Flow source 'CommandLineArgs' of type commandargs (DEFAULT). |
 | test.rs:806:16:806:29 | ...::args | Flow source 'CommandLineArgs' of type commandargs (DEFAULT). |
-| test_futures_io.rs:19:15:19:32 | ...::connect | Flow source 'RemoteSource' of type remote (DEFAULT). |
 | web_frameworks.rs:11:31:11:31 | a | Flow source 'RemoteSource' of type remote (DEFAULT). |
 | web_frameworks.rs:11:31:11:31 | a | Flow source 'RemoteSource' of type remote (DEFAULT). |
 | web_frameworks.rs:22:14:22:18 | TuplePat | Flow source 'RemoteSource' of type remote (DEFAULT). |
diff --git a/rust/ql/test/library-tests/dataflow/sources/test.rs b/rust/ql/test/library-tests/dataflow/sources/test.rs
index f0154c57014f..0ee8ac2e45b9 100644
--- a/rust/ql/test/library-tests/dataflow/sources/test.rs
+++ b/rust/ql/test/library-tests/dataflow/sources/test.rs
@@ -214,7 +214,7 @@ fn test_io_stdin() -> std::io::Result<()> {
     {
         let mut buffer = Vec::<u8>::new();
         let _bytes = std::io::stdin().read_to_end(&mut buffer)?; // $ Alert[rust/summary/taint-sources]
-        sink(&buffer); // $ hasTaintFlow -- @hvitved: works in CI, but not for me locally
+        sink(&buffer); // $ MISSING: hasTaintFlow
     }
 
     {
diff --git a/rust/ql/test/library-tests/dataflow/sources/test_futures_io.rs b/rust/ql/test/library-tests/dataflow/sources/test_futures_io.rs
index 67dce4b21cc7..4cff19432a4e 100644
--- a/rust/ql/test/library-tests/dataflow/sources/test_futures_io.rs
+++ b/rust/ql/test/library-tests/dataflow/sources/test_futures_io.rs
@@ -16,21 +16,21 @@ use std::task::{Context, Poll};
 
 async fn test_futures_rustls_futures_io() -> io::Result<()> {
     let url = "www.example.com:443";
-    let tcp = TcpStream::connect(url).await?; // $ Alert[rust/summary/taint-sources]
-    sink(&tcp); // $ hasTaintFlow=url
+    let tcp = TcpStream::connect(url).await?; // $ MISSING: Alert[rust/summary/taint-sources]
+    sink(&tcp); // $ MISSING: hasTaintFlow=url
     let config = rustls::ClientConfig::builder()
         .with_root_certificates(rustls::RootCertStore::empty())
         .with_no_client_auth();
     let connector = TlsConnector::from(Arc::new(config));
     let server_name = rustls::pki_types::ServerName::try_from("www.example.com").unwrap();
     let mut reader = connector.connect(server_name, tcp).await?;
-    sink(&reader); // $ hasTaintFlow=url
+    sink(&reader); // $ MISSING: hasTaintFlow=url
 
     {
         // using the `AsyncRead` trait (low-level)
         let mut buffer = [0u8; 64];
         let mut pinned = Pin::new(&mut reader);
-        sink(&pinned); // $ hasTaintFlow=url
+        sink(&pinned); // $ MISSING: hasTaintFlow=url
         let mut cx = Context::from_waker(futures::task::noop_waker_ref());
         let bytes_read = pinned.poll_read(&mut cx, &mut buffer); // we cannot correctly resolve this call, since it relies on `Deref`
         if let Poll::Ready(Ok(n)) = bytes_read {
@@ -43,7 +43,7 @@ async fn test_futures_rustls_futures_io() -> io::Result<()> {
         // using the `AsyncReadExt::read` extension method (higher-level)
         let mut buffer1 = [0u8; 64];
         let bytes_read1 = futures::io::AsyncReadExt::read(&mut reader, &mut buffer1).await?;
-        sink(&buffer1[..bytes_read1]); // $ hasTaintFlow=url
+        sink(&buffer1[..bytes_read1]); // $ MISSING: hasTaintFlow=url
 
         let mut buffer2 = [0u8; 64];
         let bytes_read2 = reader.read(&mut buffer2).await?; // we cannot resolve the `read` call, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
@@ -52,16 +52,16 @@ async fn test_futures_rustls_futures_io() -> io::Result<()> {
     }
 
     let mut reader2 = futures::io::BufReader::new(reader);
-    sink(&reader2); // $ hasTaintFlow=url
+    sink(&reader2); // $ MISSING: hasTaintFlow=url
 
     {
         // using the `AsyncBufRead` trait (low-level)
         let mut pinned = Pin::new(&mut reader2);
-        sink(&pinned); // $ hasTaintFlow=url
+        sink(&pinned); // $ MISSING: hasTaintFlow=url
         let mut cx = Context::from_waker(futures::task::noop_waker_ref());
         let buffer = pinned.poll_fill_buf(&mut cx);
         if let Poll::Ready(Ok(buf)) = buffer {
-            sink(&buffer); // $ hasTaintFlow=url
+            sink(&buffer); // $ MISSING: hasTaintFlow=url
             sink(buf); // $ MISSING: hasTaintFlow=url
         }
 
@@ -69,8 +69,8 @@ async fn test_futures_rustls_futures_io() -> io::Result<()> {
         let buffer2 = Pin::new(&mut reader2).poll_fill_buf(&mut cx);
         match (buffer2) {
             Poll::Ready(Ok(buf)) => {
-                sink(&buffer2); // $ hasTaintFlow=url
-                sink(buf); // $ hasTaintFlow=url
+                sink(&buffer2); // $ MISSING: hasTaintFlow=url
+                sink(buf); // $ MISSING: hasTaintFlow=url
             }
             _ => {
                 // ...
@@ -88,7 +88,7 @@ async fn test_futures_rustls_futures_io() -> io::Result<()> {
         // using the `AsyncRead` trait (low-level)
         let mut buffer = [0u8; 64];
         let mut pinned = Pin::new(&mut reader2);
-        sink(&pinned); // $ hasTaintFlow=url
+        sink(&pinned); // $ MISSING: hasTaintFlow=url
         let mut cx = Context::from_waker(futures::task::noop_waker_ref());
         let bytes_read = pinned.poll_read(&mut cx, &mut buffer);
         sink(&buffer); // $ MISSING: hasTaintFlow=url
@@ -101,7 +101,7 @@ async fn test_futures_rustls_futures_io() -> io::Result<()> {
         // using the `AsyncReadExt::read` extension method (higher-level)
         let mut buffer1 = [0u8; 64];
         let bytes_read1 = futures::io::AsyncReadExt::read(&mut reader2, &mut buffer1).await?;
-        sink(&buffer1[..bytes_read1]); // $ hasTaintFlow=url
+        sink(&buffer1[..bytes_read1]); // $ MISSING: hasTaintFlow=url
 
         let mut buffer2 = [0u8; 64];
         let bytes_read2 = reader2.read(&mut buffer2).await?; // we cannot resolve the `read` call, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
@@ -111,10 +111,10 @@ async fn test_futures_rustls_futures_io() -> io::Result<()> {
     {
         // using the `AsyncBufRead` trait (low-level)
         let mut pinned = Pin::new(&mut reader2);
-        sink(&pinned); // $ hasTaintFlow=url
+        sink(&pinned); // $ MISSING: hasTaintFlow=url
         let mut cx = Context::from_waker(futures::task::noop_waker_ref());
         let buffer = pinned.poll_fill_buf(&mut cx);
-        sink(&buffer); // $ hasTaintFlow=url
+        sink(&buffer); // $ MISSING: hasTaintFlow=url
         if let Poll::Ready(Ok(buf)) = buffer {
             sink(buf); // $ MISSING: hasTaintFlow=url
         }
diff --git a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected
index 9dfda11b5245..3eafac92b139 100644
--- a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected
+++ b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected
@@ -49,11 +49,6 @@
 | main.rs:210:40:210:50 | grow_zeroed | main.rs:317:13:317:26 | ...::args | main.rs:210:40:210:50 | grow_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
 | main.rs:210:40:210:50 | grow_zeroed | main.rs:317:13:317:26 | ...::args | main.rs:210:40:210:50 | grow_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
 | main.rs:213:36:213:41 | shrink | main.rs:317:13:317:26 | ...::args | main.rs:213:36:213:41 | shrink | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
-| main.rs:219:13:219:24 | ...::malloc | main.rs:317:13:317:26 | ...::args | main.rs:219:13:219:24 | ...::malloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
-| main.rs:220:13:220:31 | ...::aligned_alloc | main.rs:317:13:317:26 | ...::args | main.rs:220:13:220:31 | ...::aligned_alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
-| main.rs:222:13:222:24 | ...::calloc | main.rs:317:13:317:26 | ...::args | main.rs:222:13:222:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
-| main.rs:223:13:223:24 | ...::calloc | main.rs:317:13:317:26 | ...::args | main.rs:223:13:223:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
-| main.rs:224:13:224:25 | ...::realloc | main.rs:317:13:317:26 | ...::args | main.rs:224:13:224:25 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
 | main.rs:230:13:230:44 | ...::try_with_capacity_in | main.rs:317:13:317:26 | ...::args | main.rs:230:13:230:44 | ...::try_with_capacity_in | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
 | main.rs:231:13:231:40 | ...::with_capacity_in | main.rs:317:13:317:26 | ...::args | main.rs:231:13:231:40 | ...::with_capacity_in | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
 | main.rs:284:22:284:38 | ...::alloc | main.rs:308:25:308:38 | ...::args | main.rs:284:22:284:38 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:308:25:308:38 | ...::args | user-provided value |
@@ -67,43 +62,43 @@ edges
 | main.rs:18:41:18:41 | v | main.rs:35:9:35:10 | s6 | provenance |  |
 | main.rs:18:41:18:41 | v | main.rs:35:49:35:49 | v | provenance |  |
 | main.rs:20:9:20:10 | l2 | main.rs:21:31:21:32 | l2 | provenance |  |
-| main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | main.rs:20:14:20:63 | ... .unwrap() | provenance | MaD:35 |
+| main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | main.rs:20:14:20:63 | ... .unwrap() | provenance | MaD:31 |
 | main.rs:20:14:20:63 | ... .unwrap() | main.rs:20:9:20:10 | l2 | provenance |  |
-| main.rs:20:50:20:50 | v | main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | provenance | MaD:44 |
+| main.rs:20:50:20:50 | v | main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | provenance | MaD:40 |
 | main.rs:21:31:21:32 | l2 | main.rs:21:13:21:29 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
-| main.rs:21:31:21:32 | l2 | main.rs:22:31:22:44 | l2.align_to(...) [Ok] | provenance | MaD:40 |
-| main.rs:21:31:21:32 | l2 | main.rs:23:31:23:44 | l2.align_to(...) [Ok] | provenance | MaD:40 |
+| main.rs:21:31:21:32 | l2 | main.rs:22:31:22:44 | l2.align_to(...) [Ok] | provenance | MaD:36 |
+| main.rs:21:31:21:32 | l2 | main.rs:23:31:23:44 | l2.align_to(...) [Ok] | provenance | MaD:36 |
 | main.rs:21:31:21:32 | l2 | main.rs:24:38:24:39 | l2 | provenance |  |
-| main.rs:22:31:22:44 | l2.align_to(...) [Ok] | main.rs:22:31:22:53 | ... .unwrap() | provenance | MaD:35 |
+| main.rs:22:31:22:44 | l2.align_to(...) [Ok] | main.rs:22:31:22:53 | ... .unwrap() | provenance | MaD:31 |
 | main.rs:22:31:22:53 | ... .unwrap() | main.rs:22:13:22:29 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
-| main.rs:23:31:23:44 | l2.align_to(...) [Ok] | main.rs:23:31:23:53 | ... .unwrap() | provenance | MaD:35 |
-| main.rs:23:31:23:53 | ... .unwrap() | main.rs:23:31:23:68 | ... .pad_to_align() | provenance | MaD:46 |
+| main.rs:23:31:23:44 | l2.align_to(...) [Ok] | main.rs:23:31:23:53 | ... .unwrap() | provenance | MaD:31 |
+| main.rs:23:31:23:53 | ... .unwrap() | main.rs:23:31:23:68 | ... .pad_to_align() | provenance | MaD:42 |
 | main.rs:23:31:23:68 | ... .pad_to_align() | main.rs:23:13:23:29 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
 | main.rs:24:38:24:39 | l2 | main.rs:24:13:24:36 | ...::alloc_zeroed | provenance | MaD:18 Sink:MaD:18 |
 | main.rs:29:9:29:10 | l4 | main.rs:30:31:30:32 | l4 | provenance |  |
 | main.rs:29:14:29:64 | ...::from_size_align_unchecked(...) | main.rs:29:9:29:10 | l4 | provenance |  |
-| main.rs:29:60:29:60 | v | main.rs:29:14:29:64 | ...::from_size_align_unchecked(...) | provenance | MaD:45 |
+| main.rs:29:60:29:60 | v | main.rs:29:14:29:64 | ...::from_size_align_unchecked(...) | provenance | MaD:41 |
 | main.rs:30:31:30:32 | l4 | main.rs:30:13:30:29 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
 | main.rs:32:9:32:10 | l5 | main.rs:33:31:33:32 | l5 | provenance |  |
 | main.rs:32:14:32:118 | ...::from_size_align_unchecked(...) | main.rs:32:9:32:10 | l5 | provenance |  |
-| main.rs:32:60:32:60 | v | main.rs:32:60:32:89 | ... * ... | provenance | MaD:37 |
-| main.rs:32:60:32:89 | ... * ... | main.rs:32:14:32:118 | ...::from_size_align_unchecked(...) | provenance | MaD:45 |
+| main.rs:32:60:32:60 | v | main.rs:32:60:32:89 | ... * ... | provenance | MaD:33 |
+| main.rs:32:60:32:89 | ... * ... | main.rs:32:14:32:118 | ...::from_size_align_unchecked(...) | provenance | MaD:41 |
 | main.rs:33:31:33:32 | l5 | main.rs:33:13:33:29 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
 | main.rs:35:9:35:10 | s6 | main.rs:36:60:36:61 | s6 | provenance |  |
 | main.rs:35:15:35:49 | ... * ... | main.rs:35:9:35:10 | s6 | provenance |  |
-| main.rs:35:49:35:49 | v | main.rs:35:15:35:49 | ... * ... | provenance | MaD:36 |
+| main.rs:35:49:35:49 | v | main.rs:35:15:35:49 | ... * ... | provenance | MaD:32 |
 | main.rs:36:9:36:10 | l6 | main.rs:37:31:37:32 | l6 | provenance |  |
 | main.rs:36:9:36:10 | l6 [Layout.size] | main.rs:37:31:37:32 | l6 [Layout.size] | provenance |  |
 | main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) | main.rs:36:9:36:10 | l6 | provenance |  |
 | main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) [Layout.size] | main.rs:36:9:36:10 | l6 [Layout.size] | provenance |  |
-| main.rs:36:60:36:61 | s6 | main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) | provenance | MaD:45 |
-| main.rs:36:60:36:61 | s6 | main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) [Layout.size] | provenance | MaD:31 |
+| main.rs:36:60:36:61 | s6 | main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) | provenance | MaD:41 |
+| main.rs:36:60:36:61 | s6 | main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) [Layout.size] | provenance | MaD:27 |
 | main.rs:37:31:37:32 | l6 | main.rs:37:13:37:29 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
-| main.rs:37:31:37:32 | l6 | main.rs:39:60:39:68 | l6.size() | provenance | MaD:49 |
-| main.rs:37:31:37:32 | l6 [Layout.size] | main.rs:39:60:39:68 | l6.size() | provenance | MaD:32 |
+| main.rs:37:31:37:32 | l6 | main.rs:39:60:39:68 | l6.size() | provenance | MaD:45 |
+| main.rs:37:31:37:32 | l6 [Layout.size] | main.rs:39:60:39:68 | l6.size() | provenance | MaD:28 |
 | main.rs:39:9:39:10 | l7 | main.rs:40:31:40:32 | l7 | provenance |  |
 | main.rs:39:14:39:72 | ...::from_size_align_unchecked(...) | main.rs:39:9:39:10 | l7 | provenance |  |
-| main.rs:39:60:39:68 | l6.size() | main.rs:39:14:39:72 | ...::from_size_align_unchecked(...) | provenance | MaD:45 |
+| main.rs:39:60:39:68 | l6.size() | main.rs:39:14:39:72 | ...::from_size_align_unchecked(...) | provenance | MaD:41 |
 | main.rs:40:31:40:32 | l7 | main.rs:40:13:40:29 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
 | main.rs:43:44:43:51 | ...: usize | main.rs:50:41:50:41 | v | provenance |  |
 | main.rs:43:44:43:51 | ...: usize | main.rs:51:41:51:45 | ... + ... | provenance |  |
@@ -111,47 +106,47 @@ edges
 | main.rs:43:44:43:51 | ...: usize | main.rs:54:48:54:53 | ... * ... | provenance |  |
 | main.rs:43:44:43:51 | ...: usize | main.rs:58:34:58:34 | v | provenance |  |
 | main.rs:43:44:43:51 | ...: usize | main.rs:67:46:67:46 | v | provenance |  |
-| main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | main.rs:50:31:50:51 | ... .unwrap() [tuple.0] | provenance | MaD:35 |
+| main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | main.rs:50:31:50:51 | ... .unwrap() [tuple.0] | provenance | MaD:31 |
 | main.rs:50:31:50:51 | ... .unwrap() [tuple.0] | main.rs:50:31:50:53 | ... .0 | provenance |  |
 | main.rs:50:31:50:53 | ... .0 | main.rs:50:13:50:29 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
-| main.rs:50:41:50:41 | v | main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | provenance | MaD:47 |
-| main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | main.rs:51:31:51:55 | ... .unwrap() [tuple.0] | provenance | MaD:35 |
+| main.rs:50:41:50:41 | v | main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | provenance | MaD:43 |
+| main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | main.rs:51:31:51:55 | ... .unwrap() [tuple.0] | provenance | MaD:31 |
 | main.rs:51:31:51:55 | ... .unwrap() [tuple.0] | main.rs:51:31:51:57 | ... .0 | provenance |  |
 | main.rs:51:31:51:57 | ... .0 | main.rs:51:13:51:29 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
-| main.rs:51:41:51:45 | ... + ... | main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | provenance | MaD:47 |
-| main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | main.rs:53:31:53:58 | ... .unwrap() | provenance | MaD:35 |
+| main.rs:51:41:51:45 | ... + ... | main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | provenance | MaD:43 |
+| main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | main.rs:53:31:53:58 | ... .unwrap() | provenance | MaD:31 |
 | main.rs:53:31:53:58 | ... .unwrap() | main.rs:53:13:53:29 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
-| main.rs:53:48:53:48 | v | main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | provenance | MaD:48 |
-| main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | main.rs:54:31:54:63 | ... .unwrap() | provenance | MaD:35 |
+| main.rs:53:48:53:48 | v | main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | provenance | MaD:44 |
+| main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | main.rs:54:31:54:63 | ... .unwrap() | provenance | MaD:31 |
 | main.rs:54:31:54:63 | ... .unwrap() | main.rs:54:13:54:29 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
-| main.rs:54:48:54:53 | ... * ... | main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | provenance | MaD:48 |
+| main.rs:54:48:54:53 | ... * ... | main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | provenance | MaD:44 |
 | main.rs:58:9:58:20 | TuplePat [tuple.0] | main.rs:58:10:58:11 | k1 | provenance |  |
 | main.rs:58:10:58:11 | k1 | main.rs:59:31:59:32 | k1 | provenance |  |
-| main.rs:58:24:58:35 | l3.repeat(...) [Ok, tuple.0] | main.rs:58:24:58:66 | ... .expect(...) [tuple.0] | provenance | MaD:34 |
+| main.rs:58:24:58:35 | l3.repeat(...) [Ok, tuple.0] | main.rs:58:24:58:66 | ... .expect(...) [tuple.0] | provenance | MaD:30 |
 | main.rs:58:24:58:66 | ... .expect(...) [tuple.0] | main.rs:58:9:58:20 | TuplePat [tuple.0] | provenance |  |
-| main.rs:58:34:58:34 | v | main.rs:58:24:58:35 | l3.repeat(...) [Ok, tuple.0] | provenance | MaD:47 |
+| main.rs:58:34:58:34 | v | main.rs:58:24:58:35 | l3.repeat(...) [Ok, tuple.0] | provenance | MaD:43 |
 | main.rs:59:31:59:32 | k1 | main.rs:59:13:59:29 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
 | main.rs:59:31:59:32 | k1 | main.rs:60:34:60:35 | k1 | provenance |  |
 | main.rs:59:31:59:32 | k1 | main.rs:64:48:64:49 | k1 | provenance |  |
 | main.rs:60:9:60:20 | TuplePat [tuple.0] | main.rs:60:10:60:11 | k2 | provenance |  |
 | main.rs:60:10:60:11 | k2 | main.rs:61:31:61:32 | k2 | provenance |  |
-| main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | main.rs:60:24:60:45 | ... .unwrap() [tuple.0] | provenance | MaD:35 |
+| main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | main.rs:60:24:60:45 | ... .unwrap() [tuple.0] | provenance | MaD:31 |
 | main.rs:60:24:60:45 | ... .unwrap() [tuple.0] | main.rs:60:9:60:20 | TuplePat [tuple.0] | provenance |  |
-| main.rs:60:34:60:35 | k1 | main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | provenance | MaD:42 |
+| main.rs:60:34:60:35 | k1 | main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | provenance | MaD:38 |
 | main.rs:61:31:61:32 | k2 | main.rs:61:13:61:29 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
-| main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | main.rs:64:31:64:59 | ... .unwrap() | provenance | MaD:35 |
+| main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | main.rs:64:31:64:59 | ... .unwrap() | provenance | MaD:31 |
 | main.rs:64:31:64:59 | ... .unwrap() | main.rs:64:13:64:29 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
-| main.rs:64:48:64:49 | k1 | main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | provenance | MaD:43 |
+| main.rs:64:48:64:49 | k1 | main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | provenance | MaD:39 |
 | main.rs:67:9:67:10 | l4 | main.rs:68:31:68:32 | l4 | provenance |  |
-| main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | main.rs:67:14:67:56 | ... .unwrap() | provenance | MaD:35 |
+| main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | main.rs:67:14:67:56 | ... .unwrap() | provenance | MaD:31 |
 | main.rs:67:14:67:56 | ... .unwrap() | main.rs:67:9:67:10 | l4 | provenance |  |
-| main.rs:67:46:67:46 | v | main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | provenance | MaD:41 |
+| main.rs:67:46:67:46 | v | main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | provenance | MaD:37 |
 | main.rs:68:31:68:32 | l4 | main.rs:68:13:68:29 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
 | main.rs:86:35:86:42 | ...: usize | main.rs:87:54:87:54 | v | provenance |  |
 | main.rs:87:9:87:14 | layout | main.rs:88:31:88:36 | layout | provenance |  |
-| main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | main.rs:87:18:87:67 | ... .unwrap() | provenance | MaD:35 |
+| main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | main.rs:87:18:87:67 | ... .unwrap() | provenance | MaD:31 |
 | main.rs:87:18:87:67 | ... .unwrap() | main.rs:87:9:87:14 | layout | provenance |  |
-| main.rs:87:54:87:54 | v | main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | provenance | MaD:44 |
+| main.rs:87:54:87:54 | v | main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | provenance | MaD:40 |
 | main.rs:88:31:88:36 | layout | main.rs:88:13:88:29 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
 | main.rs:91:38:91:45 | ...: usize | main.rs:92:47:92:47 | v | provenance |  |
 | main.rs:91:38:91:45 | ...: usize | main.rs:101:51:101:51 | v | provenance |  |
@@ -162,16 +157,16 @@ edges
 | main.rs:91:38:91:45 | ...: usize | main.rs:161:55:161:55 | v | provenance |  |
 | main.rs:92:9:92:10 | l1 | main.rs:96:35:96:36 | l1 | provenance |  |
 | main.rs:92:9:92:10 | l1 | main.rs:102:35:102:36 | l1 | provenance |  |
-| main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | main.rs:92:14:92:57 | ... .unwrap() | provenance | MaD:35 |
+| main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | main.rs:92:14:92:57 | ... .unwrap() | provenance | MaD:31 |
 | main.rs:92:14:92:57 | ... .unwrap() | main.rs:92:9:92:10 | l1 | provenance |  |
-| main.rs:92:47:92:47 | v | main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | provenance | MaD:41 |
+| main.rs:92:47:92:47 | v | main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | provenance | MaD:37 |
 | main.rs:96:35:96:36 | l1 | main.rs:96:17:96:33 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
 | main.rs:96:35:96:36 | l1 | main.rs:109:35:109:36 | l1 | provenance |  |
 | main.rs:96:35:96:36 | l1 | main.rs:111:35:111:36 | l1 | provenance |  |
 | main.rs:101:13:101:14 | l3 | main.rs:103:35:103:36 | l3 | provenance |  |
-| main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | main.rs:101:18:101:61 | ... .unwrap() | provenance | MaD:35 |
+| main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | main.rs:101:18:101:61 | ... .unwrap() | provenance | MaD:31 |
 | main.rs:101:18:101:61 | ... .unwrap() | main.rs:101:13:101:14 | l3 | provenance |  |
-| main.rs:101:51:101:51 | v | main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | provenance | MaD:41 |
+| main.rs:101:51:101:51 | v | main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | provenance | MaD:37 |
 | main.rs:102:35:102:36 | l1 | main.rs:102:17:102:33 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
 | main.rs:102:35:102:36 | l1 | main.rs:109:35:109:36 | l1 | provenance |  |
 | main.rs:102:35:102:36 | l1 | main.rs:111:35:111:36 | l1 | provenance |  |
@@ -182,28 +177,28 @@ edges
 | main.rs:111:35:111:36 | l1 | main.rs:111:17:111:33 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
 | main.rs:111:35:111:36 | l1 | main.rs:146:35:146:36 | l1 | provenance |  |
 | main.rs:145:13:145:14 | l9 | main.rs:148:35:148:36 | l9 | provenance |  |
-| main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | main.rs:145:18:145:61 | ... .unwrap() | provenance | MaD:35 |
+| main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | main.rs:145:18:145:61 | ... .unwrap() | provenance | MaD:31 |
 | main.rs:145:18:145:61 | ... .unwrap() | main.rs:145:13:145:14 | l9 | provenance |  |
-| main.rs:145:51:145:51 | v | main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | provenance | MaD:41 |
+| main.rs:145:51:145:51 | v | main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | provenance | MaD:37 |
 | main.rs:146:35:146:36 | l1 | main.rs:146:17:146:33 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
 | main.rs:146:35:146:36 | l1 | main.rs:177:31:177:32 | l1 | provenance |  |
 | main.rs:148:35:148:36 | l9 | main.rs:148:17:148:33 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
 | main.rs:151:9:151:11 | l10 | main.rs:152:31:152:33 | l10 | provenance |  |
-| main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | main.rs:151:15:151:78 | ... .unwrap() | provenance | MaD:35 |
+| main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | main.rs:151:15:151:78 | ... .unwrap() | provenance | MaD:31 |
 | main.rs:151:15:151:78 | ... .unwrap() | main.rs:151:9:151:11 | l10 | provenance |  |
-| main.rs:151:48:151:68 | ...::min(...) | main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | provenance | MaD:41 |
-| main.rs:151:62:151:62 | v | main.rs:151:48:151:68 | ...::min(...) | provenance | MaD:39 |
+| main.rs:151:48:151:68 | ...::min(...) | main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | provenance | MaD:37 |
+| main.rs:151:62:151:62 | v | main.rs:151:48:151:68 | ...::min(...) | provenance | MaD:35 |
 | main.rs:152:31:152:33 | l10 | main.rs:152:13:152:29 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
 | main.rs:154:9:154:11 | l11 | main.rs:155:31:155:33 | l11 | provenance |  |
-| main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | main.rs:154:15:154:78 | ... .unwrap() | provenance | MaD:35 |
+| main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | main.rs:154:15:154:78 | ... .unwrap() | provenance | MaD:31 |
 | main.rs:154:15:154:78 | ... .unwrap() | main.rs:154:9:154:11 | l11 | provenance |  |
-| main.rs:154:48:154:68 | ...::max(...) | main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | provenance | MaD:41 |
-| main.rs:154:62:154:62 | v | main.rs:154:48:154:68 | ...::max(...) | provenance | MaD:38 |
+| main.rs:154:48:154:68 | ...::max(...) | main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | provenance | MaD:37 |
+| main.rs:154:62:154:62 | v | main.rs:154:48:154:68 | ...::max(...) | provenance | MaD:34 |
 | main.rs:155:31:155:33 | l11 | main.rs:155:13:155:29 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
 | main.rs:161:13:161:15 | l13 | main.rs:162:35:162:37 | l13 | provenance |  |
-| main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | main.rs:161:19:161:68 | ... .unwrap() | provenance | MaD:35 |
+| main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | main.rs:161:19:161:68 | ... .unwrap() | provenance | MaD:31 |
 | main.rs:161:19:161:68 | ... .unwrap() | main.rs:161:13:161:15 | l13 | provenance |  |
-| main.rs:161:55:161:55 | v | main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | provenance | MaD:44 |
+| main.rs:161:55:161:55 | v | main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | provenance | MaD:40 |
 | main.rs:162:35:162:37 | l13 | main.rs:162:17:162:33 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
 | main.rs:162:35:162:37 | l13 | main.rs:169:35:169:37 | l13 | provenance |  |
 | main.rs:169:35:169:37 | l13 | main.rs:169:17:169:33 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
@@ -211,9 +206,9 @@ edges
 | main.rs:183:29:183:36 | ...: usize | main.rs:192:46:192:46 | v | provenance |  |
 | main.rs:183:29:183:36 | ...: usize | main.rs:202:48:202:48 | v | provenance |  |
 | main.rs:192:9:192:10 | l2 | main.rs:193:38:193:39 | l2 | provenance |  |
-| main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | main.rs:192:14:192:56 | ... .unwrap() | provenance | MaD:35 |
+| main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | main.rs:192:14:192:56 | ... .unwrap() | provenance | MaD:31 |
 | main.rs:192:14:192:56 | ... .unwrap() | main.rs:192:9:192:10 | l2 | provenance |  |
-| main.rs:192:46:192:46 | v | main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | provenance | MaD:41 |
+| main.rs:192:46:192:46 | v | main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | provenance | MaD:37 |
 | main.rs:193:38:193:39 | l2 | main.rs:193:32:193:36 | alloc | provenance | MaD:24 Sink:MaD:24 |
 | main.rs:193:38:193:39 | l2 | main.rs:193:32:193:36 | alloc | provenance | MaD:10 Sink:MaD:10 |
 | main.rs:193:38:193:39 | l2 | main.rs:194:45:194:46 | l2 | provenance |  |
@@ -242,52 +237,40 @@ edges
 | main.rs:210:60:210:61 | l2 | main.rs:210:40:210:50 | grow_zeroed | provenance | MaD:23 Sink:MaD:23 |
 | main.rs:210:60:210:61 | l2 | main.rs:210:40:210:50 | grow_zeroed | provenance | MaD:8 Sink:MaD:8 |
 | main.rs:213:51:213:52 | l2 | main.rs:213:36:213:41 | shrink | provenance | MaD:9 Sink:MaD:9 |
-| main.rs:217:27:217:34 | ...: usize | main.rs:219:26:219:26 | v | provenance |  |
-| main.rs:219:26:219:26 | v | main.rs:219:13:219:24 | ...::malloc | provenance | MaD:28 Sink:MaD:28 |
-| main.rs:219:26:219:26 | v | main.rs:220:36:220:36 | v | provenance |  |
-| main.rs:220:36:220:36 | v | main.rs:220:13:220:31 | ...::aligned_alloc | provenance | MaD:26 Sink:MaD:26 |
-| main.rs:220:36:220:36 | v | main.rs:222:30:222:30 | v | provenance |  |
-| main.rs:222:30:222:30 | v | main.rs:222:13:222:24 | ...::calloc | provenance | MaD:27 Sink:MaD:27 |
-| main.rs:222:30:222:30 | v | main.rs:223:26:223:26 | v | provenance |  |
-| main.rs:223:26:223:26 | v | main.rs:223:13:223:24 | ...::calloc | provenance | MaD:27 Sink:MaD:27 |
-| main.rs:223:26:223:26 | v | main.rs:224:31:224:31 | v | provenance |  |
-| main.rs:224:31:224:31 | v | main.rs:224:13:224:25 | ...::realloc | provenance | MaD:29 Sink:MaD:29 |
 | main.rs:227:24:227:31 | ...: usize | main.rs:230:46:230:46 | v | provenance |  |
 | main.rs:230:46:230:46 | v | main.rs:230:13:230:44 | ...::try_with_capacity_in | provenance | MaD:3 Sink:MaD:3 |
 | main.rs:230:46:230:46 | v | main.rs:231:42:231:42 | v | provenance |  |
 | main.rs:231:42:231:42 | v | main.rs:231:13:231:40 | ...::with_capacity_in | provenance | MaD:4 Sink:MaD:4 |
-| main.rs:279:24:279:41 | ...: String | main.rs:280:21:280:47 | user_input.parse() [Ok] | provenance | MaD:50 |
+| main.rs:279:24:279:41 | ...: String | main.rs:280:21:280:47 | user_input.parse() [Ok] | provenance | MaD:46 |
 | main.rs:280:9:280:17 | num_bytes | main.rs:282:54:282:62 | num_bytes | provenance |  |
 | main.rs:280:21:280:47 | user_input.parse() [Ok] | main.rs:280:21:280:48 | TryExpr | provenance |  |
 | main.rs:280:21:280:48 | TryExpr | main.rs:280:9:280:17 | num_bytes | provenance |  |
-| main.rs:280:21:280:48 | TryExpr | main.rs:280:21:280:77 | ... * ... | provenance | MaD:37 |
+| main.rs:280:21:280:48 | TryExpr | main.rs:280:21:280:77 | ... * ... | provenance | MaD:33 |
 | main.rs:280:21:280:77 | ... * ... | main.rs:280:9:280:17 | num_bytes | provenance |  |
 | main.rs:282:9:282:14 | layout | main.rs:284:40:284:45 | layout | provenance |  |
-| main.rs:282:18:282:66 | ...::from_size_align(...) [Ok] | main.rs:282:18:282:75 | ... .unwrap() | provenance | MaD:35 |
+| main.rs:282:18:282:66 | ...::from_size_align(...) [Ok] | main.rs:282:18:282:75 | ... .unwrap() | provenance | MaD:31 |
 | main.rs:282:18:282:75 | ... .unwrap() | main.rs:282:9:282:14 | layout | provenance |  |
-| main.rs:282:54:282:62 | num_bytes | main.rs:282:18:282:66 | ...::from_size_align(...) [Ok] | provenance | MaD:44 |
+| main.rs:282:54:282:62 | num_bytes | main.rs:282:18:282:66 | ...::from_size_align(...) [Ok] | provenance | MaD:40 |
 | main.rs:284:40:284:45 | layout | main.rs:284:22:284:38 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
-| main.rs:308:25:308:38 | ...::args | main.rs:308:25:308:40 | ...::args(...) [element] | provenance | Src:MaD:30  |
-| main.rs:308:25:308:40 | ...::args(...) [element] | main.rs:308:25:308:47 | ... .nth(...) [Some] | provenance | MaD:51 |
-| main.rs:308:25:308:47 | ... .nth(...) [Some] | main.rs:308:25:308:74 | ... .unwrap_or(...) | provenance | MaD:33 |
+| main.rs:308:25:308:38 | ...::args | main.rs:308:25:308:40 | ...::args(...) [element] | provenance | Src:MaD:26  |
+| main.rs:308:25:308:40 | ...::args(...) [element] | main.rs:308:25:308:47 | ... .nth(...) [Some] | provenance | MaD:47 |
+| main.rs:308:25:308:47 | ... .nth(...) [Some] | main.rs:308:25:308:74 | ... .unwrap_or(...) | provenance | MaD:29 |
 | main.rs:308:25:308:74 | ... .unwrap_or(...) | main.rs:279:24:279:41 | ...: String | provenance |  |
 | main.rs:317:9:317:9 | v | main.rs:320:34:320:34 | v | provenance |  |
 | main.rs:317:9:317:9 | v | main.rs:321:42:321:42 | v | provenance |  |
 | main.rs:317:9:317:9 | v | main.rs:322:36:322:36 | v | provenance |  |
 | main.rs:317:9:317:9 | v | main.rs:323:27:323:27 | v | provenance |  |
-| main.rs:317:9:317:9 | v | main.rs:324:25:324:25 | v | provenance |  |
 | main.rs:317:9:317:9 | v | main.rs:325:22:325:22 | v | provenance |  |
-| main.rs:317:13:317:26 | ...::args | main.rs:317:13:317:28 | ...::args(...) [element] | provenance | Src:MaD:30  |
-| main.rs:317:13:317:28 | ...::args(...) [element] | main.rs:317:13:317:35 | ... .nth(...) [Some] | provenance | MaD:51 |
-| main.rs:317:13:317:35 | ... .nth(...) [Some] | main.rs:317:13:317:65 | ... .unwrap_or(...) | provenance | MaD:33 |
-| main.rs:317:13:317:65 | ... .unwrap_or(...) | main.rs:317:13:317:82 | ... .parse() [Ok] | provenance | MaD:50 |
-| main.rs:317:13:317:82 | ... .parse() [Ok] | main.rs:317:13:317:91 | ... .unwrap() | provenance | MaD:35 |
+| main.rs:317:13:317:26 | ...::args | main.rs:317:13:317:28 | ...::args(...) [element] | provenance | Src:MaD:26  |
+| main.rs:317:13:317:28 | ...::args(...) [element] | main.rs:317:13:317:35 | ... .nth(...) [Some] | provenance | MaD:47 |
+| main.rs:317:13:317:35 | ... .nth(...) [Some] | main.rs:317:13:317:65 | ... .unwrap_or(...) | provenance | MaD:29 |
+| main.rs:317:13:317:65 | ... .unwrap_or(...) | main.rs:317:13:317:82 | ... .parse() [Ok] | provenance | MaD:46 |
+| main.rs:317:13:317:82 | ... .parse() [Ok] | main.rs:317:13:317:91 | ... .unwrap() | provenance | MaD:31 |
 | main.rs:317:13:317:91 | ... .unwrap() | main.rs:317:9:317:9 | v | provenance |  |
 | main.rs:320:34:320:34 | v | main.rs:12:36:12:43 | ...: usize | provenance |  |
 | main.rs:321:42:321:42 | v | main.rs:43:44:43:51 | ...: usize | provenance |  |
 | main.rs:322:36:322:36 | v | main.rs:91:38:91:45 | ...: usize | provenance |  |
 | main.rs:323:27:323:27 | v | main.rs:183:29:183:36 | ...: usize | provenance |  |
-| main.rs:324:25:324:25 | v | main.rs:217:27:217:34 | ...: usize | provenance |  |
 | main.rs:325:22:325:22 | v | main.rs:227:24:227:31 | ...: usize | provenance |  |
 models
 | 1 | Sink: <alloc::alloc::Global as core::alloc::Allocator>::allocate; Argument[0]; alloc-layout |
@@ -315,32 +298,28 @@ models
 | 23 | Sink: lang:std; <crate::alloc::System as crate::alloc::Allocator>::grow_zeroed; Argument[2]; alloc-layout |
 | 24 | Sink: lang:std; <crate::alloc::System as crate::alloc::global::GlobalAlloc>::alloc; Argument[0]; alloc-layout |
 | 25 | Sink: lang:std; <crate::alloc::System as crate::alloc::global::GlobalAlloc>::alloc_zeroed; Argument[0]; alloc-layout |
-| 26 | Sink: repo:https://github.com/rust-lang/libc:libc; ::aligned_alloc; Argument[1]; alloc-size |
-| 27 | Sink: repo:https://github.com/rust-lang/libc:libc; ::calloc; Argument[0,1]; alloc-size |
-| 28 | Sink: repo:https://github.com/rust-lang/libc:libc; ::malloc; Argument[0]; alloc-size |
-| 29 | Sink: repo:https://github.com/rust-lang/libc:libc; ::realloc; Argument[1]; alloc-size |
-| 30 | Source: std::env::args; ReturnValue.Element; commandargs |
-| 31 | Summary: <core::alloc::layout::Layout>::from_size_align_unchecked; Argument[0]; ReturnValue.Field[core::alloc::layout::Layout::size]; value |
-| 32 | Summary: <core::alloc::layout::Layout>::size; Argument[self].Field[core::alloc::layout::Layout::size]; ReturnValue; value |
-| 33 | Summary: <core::option::Option>::unwrap_or; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value |
-| 34 | Summary: <core::result::Result>::expect; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
-| 35 | Summary: <core::result::Result>::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
-| 36 | Summary: <core::usize as core::ops::arith::Mul>::mul; Argument[0]; ReturnValue; taint |
-| 37 | Summary: <core::usize as core::ops::arith::Mul>::mul; Argument[self]; ReturnValue; taint |
-| 38 | Summary: core::cmp::max; Argument[0]; ReturnValue; value |
-| 39 | Summary: core::cmp::min; Argument[0]; ReturnValue; value |
-| 40 | Summary: lang:core; <crate::alloc::layout::Layout>::align_to; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
-| 41 | Summary: lang:core; <crate::alloc::layout::Layout>::array; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
-| 42 | Summary: lang:core; <crate::alloc::layout::Layout>::extend; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)].Field[0]; taint |
-| 43 | Summary: lang:core; <crate::alloc::layout::Layout>::extend_packed; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
-| 44 | Summary: lang:core; <crate::alloc::layout::Layout>::from_size_align; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
-| 45 | Summary: lang:core; <crate::alloc::layout::Layout>::from_size_align_unchecked; Argument[0]; ReturnValue; taint |
-| 46 | Summary: lang:core; <crate::alloc::layout::Layout>::pad_to_align; Argument[self]; ReturnValue; taint |
-| 47 | Summary: lang:core; <crate::alloc::layout::Layout>::repeat; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)].Field[0]; taint |
-| 48 | Summary: lang:core; <crate::alloc::layout::Layout>::repeat_packed; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
-| 49 | Summary: lang:core; <crate::alloc::layout::Layout>::size; Argument[self]; ReturnValue; taint |
-| 50 | Summary: lang:core; <str>::parse; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
-| 51 | Summary: lang:core; crate::iter::traits::iterator::Iterator::nth; Argument[self].Element; ReturnValue.Field[core::option::Option::Some(0)]; value |
+| 26 | Source: std::env::args; ReturnValue.Element; commandargs |
+| 27 | Summary: <core::alloc::layout::Layout>::from_size_align_unchecked; Argument[0]; ReturnValue.Field[core::alloc::layout::Layout::size]; value |
+| 28 | Summary: <core::alloc::layout::Layout>::size; Argument[self].Field[core::alloc::layout::Layout::size]; ReturnValue; value |
+| 29 | Summary: <core::option::Option>::unwrap_or; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value |
+| 30 | Summary: <core::result::Result>::expect; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
+| 31 | Summary: <core::result::Result>::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
+| 32 | Summary: <core::usize as core::ops::arith::Mul>::mul; Argument[0]; ReturnValue; taint |
+| 33 | Summary: <core::usize as core::ops::arith::Mul>::mul; Argument[self]; ReturnValue; taint |
+| 34 | Summary: core::cmp::max; Argument[0]; ReturnValue; value |
+| 35 | Summary: core::cmp::min; Argument[0]; ReturnValue; value |
+| 36 | Summary: lang:core; <crate::alloc::layout::Layout>::align_to; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
+| 37 | Summary: lang:core; <crate::alloc::layout::Layout>::array; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
+| 38 | Summary: lang:core; <crate::alloc::layout::Layout>::extend; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)].Field[0]; taint |
+| 39 | Summary: lang:core; <crate::alloc::layout::Layout>::extend_packed; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
+| 40 | Summary: lang:core; <crate::alloc::layout::Layout>::from_size_align; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
+| 41 | Summary: lang:core; <crate::alloc::layout::Layout>::from_size_align_unchecked; Argument[0]; ReturnValue; taint |
+| 42 | Summary: lang:core; <crate::alloc::layout::Layout>::pad_to_align; Argument[self]; ReturnValue; taint |
+| 43 | Summary: lang:core; <crate::alloc::layout::Layout>::repeat; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)].Field[0]; taint |
+| 44 | Summary: lang:core; <crate::alloc::layout::Layout>::repeat_packed; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
+| 45 | Summary: lang:core; <crate::alloc::layout::Layout>::size; Argument[self]; ReturnValue; taint |
+| 46 | Summary: lang:core; <str>::parse; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
+| 47 | Summary: lang:core; crate::iter::traits::iterator::Iterator::nth; Argument[self].Element; ReturnValue.Field[core::option::Option::Some(0)]; value |
 nodes
 | main.rs:12:36:12:43 | ...: usize | semmle.label | ...: usize |
 | main.rs:18:13:18:31 | ...::realloc | semmle.label | ...::realloc |
@@ -524,17 +503,6 @@ nodes
 | main.rs:210:60:210:61 | l2 | semmle.label | l2 |
 | main.rs:213:36:213:41 | shrink | semmle.label | shrink |
 | main.rs:213:51:213:52 | l2 | semmle.label | l2 |
-| main.rs:217:27:217:34 | ...: usize | semmle.label | ...: usize |
-| main.rs:219:13:219:24 | ...::malloc | semmle.label | ...::malloc |
-| main.rs:219:26:219:26 | v | semmle.label | v |
-| main.rs:220:13:220:31 | ...::aligned_alloc | semmle.label | ...::aligned_alloc |
-| main.rs:220:36:220:36 | v | semmle.label | v |
-| main.rs:222:13:222:24 | ...::calloc | semmle.label | ...::calloc |
-| main.rs:222:30:222:30 | v | semmle.label | v |
-| main.rs:223:13:223:24 | ...::calloc | semmle.label | ...::calloc |
-| main.rs:223:26:223:26 | v | semmle.label | v |
-| main.rs:224:13:224:25 | ...::realloc | semmle.label | ...::realloc |
-| main.rs:224:31:224:31 | v | semmle.label | v |
 | main.rs:227:24:227:31 | ...: usize | semmle.label | ...: usize |
 | main.rs:230:13:230:44 | ...::try_with_capacity_in | semmle.label | ...::try_with_capacity_in |
 | main.rs:230:46:230:46 | v | semmle.label | v |
@@ -566,6 +534,5 @@ nodes
 | main.rs:321:42:321:42 | v | semmle.label | v |
 | main.rs:322:36:322:36 | v | semmle.label | v |
 | main.rs:323:27:323:27 | v | semmle.label | v |
-| main.rs:324:25:324:25 | v | semmle.label | v |
 | main.rs:325:22:325:22 | v | semmle.label | v |
 subpaths
diff --git a/rust/ql/test/query-tests/security/CWE-770/main.rs b/rust/ql/test/query-tests/security/CWE-770/main.rs
index 0b39862ef324..d71f7bd0e39b 100644
--- a/rust/ql/test/query-tests/security/CWE-770/main.rs
+++ b/rust/ql/test/query-tests/security/CWE-770/main.rs
@@ -216,12 +216,12 @@ unsafe fn test_system_alloc(v: usize) {
 
 unsafe fn test_libc_alloc(v: usize) {
     let m1 = libc::malloc(256);
-    let _ = libc::malloc(v); // $ Alert[rust/uncontrolled-allocation-size]=arg1
-    let _ = libc::aligned_alloc(8, v); // $ Alert[rust/uncontrolled-allocation-size]=arg1
+    let _ = libc::malloc(v); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1
+    let _ = libc::aligned_alloc(8, v); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1
     let _ = libc::aligned_alloc(v, 8);
-    let _ = libc::calloc(64, v); // $ Alert[rust/uncontrolled-allocation-size]=arg1
-    let _ = libc::calloc(v, std::mem::size_of::<i64>()); // $ Alert[rust/uncontrolled-allocation-size]=arg1
-    let _ = libc::realloc(m1, v); // $ Alert[rust/uncontrolled-allocation-size]=arg1
+    let _ = libc::calloc(64, v); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1
+    let _ = libc::calloc(v, std::mem::size_of::<i64>()); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1
+    let _ = libc::realloc(m1, v); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1
 }
 
 unsafe fn test_vectors(v: usize) {
diff --git a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected
index f0c67e6f5d84..399c8f76316e 100644
--- a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected
+++ b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected
@@ -8,7 +8,6 @@
 | deallocation.rs:86:7:86:8 | m2 | deallocation.rs:70:3:70:21 | ...::dealloc | deallocation.rs:86:7:86:8 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:3:70:21 | ...::dealloc | invalid |
 | deallocation.rs:90:7:90:8 | m2 | deallocation.rs:70:3:70:21 | ...::dealloc | deallocation.rs:90:7:90:8 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:3:70:21 | ...::dealloc | invalid |
 | deallocation.rs:95:5:95:31 | ...::write::<...> | deallocation.rs:70:3:70:21 | ...::dealloc | deallocation.rs:95:5:95:31 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:70:3:70:21 | ...::dealloc | invalid |
-| deallocation.rs:115:13:115:18 | my_ptr | deallocation.rs:112:3:112:12 | ...::free | deallocation.rs:115:13:115:18 | my_ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:112:3:112:12 | ...::free | invalid |
 | deallocation.rs:130:14:130:15 | p1 | deallocation.rs:123:23:123:40 | ...::dangling | deallocation.rs:130:14:130:15 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:123:23:123:40 | ...::dangling | invalid |
 | deallocation.rs:130:14:130:15 | p1 | deallocation.rs:123:23:123:40 | ...::dangling | deallocation.rs:130:14:130:15 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:123:23:123:40 | ...::dangling | invalid |
 | deallocation.rs:131:14:131:15 | p2 | deallocation.rs:124:21:124:42 | ...::dangling_mut | deallocation.rs:131:14:131:15 | p2 | This operation dereferences a pointer that may be $@. | deallocation.rs:124:21:124:42 | ...::dangling_mut | invalid |
@@ -32,8 +31,6 @@ edges
 | deallocation.rs:70:23:70:35 | [post] m2 as ... | deallocation.rs:90:7:90:8 | m2 | provenance |  |
 | deallocation.rs:70:23:70:35 | [post] m2 as ... | deallocation.rs:95:33:95:34 | m2 | provenance |  |
 | deallocation.rs:95:33:95:34 | m2 | deallocation.rs:95:5:95:31 | ...::write::<...> | provenance | MaD:2 Sink:MaD:2 |
-| deallocation.rs:112:3:112:12 | ...::free | deallocation.rs:112:14:112:40 | [post] my_ptr as ... | provenance | Src:MaD:10 MaD:10 |
-| deallocation.rs:112:14:112:40 | [post] my_ptr as ... | deallocation.rs:115:13:115:18 | my_ptr | provenance |  |
 | deallocation.rs:123:6:123:7 | p1 | deallocation.rs:130:14:130:15 | p1 | provenance |  |
 | deallocation.rs:123:23:123:40 | ...::dangling | deallocation.rs:123:23:123:42 | ...::dangling(...) | provenance | Src:MaD:6 MaD:6 |
 | deallocation.rs:123:23:123:40 | ...::dangling | deallocation.rs:123:23:123:42 | ...::dangling(...) | provenance | Src:MaD:3 MaD:3 |
@@ -60,7 +57,6 @@ models
 | 7 | Source: lang:core; crate::ptr::dangling_mut; ReturnValue; pointer-invalidate |
 | 8 | Source: lang:core; crate::ptr::drop_in_place; Argument[0]; pointer-invalidate |
 | 9 | Source: lang:core; crate::ptr::null; ReturnValue; pointer-invalidate |
-| 10 | Source: repo:https://github.com/rust-lang/libc:libc; ::free; Argument[0]; pointer-invalidate |
 nodes
 | deallocation.rs:20:3:20:21 | ...::dealloc | semmle.label | ...::dealloc |
 | deallocation.rs:20:23:20:24 | [post] m1 | semmle.label | [post] m1 |
@@ -78,9 +74,6 @@ nodes
 | deallocation.rs:90:7:90:8 | m2 | semmle.label | m2 |
 | deallocation.rs:95:5:95:31 | ...::write::<...> | semmle.label | ...::write::<...> |
 | deallocation.rs:95:33:95:34 | m2 | semmle.label | m2 |
-| deallocation.rs:112:3:112:12 | ...::free | semmle.label | ...::free |
-| deallocation.rs:112:14:112:40 | [post] my_ptr as ... | semmle.label | [post] my_ptr as ... |
-| deallocation.rs:115:13:115:18 | my_ptr | semmle.label | my_ptr |
 | deallocation.rs:123:6:123:7 | p1 | semmle.label | p1 |
 | deallocation.rs:123:23:123:40 | ...::dangling | semmle.label | ...::dangling |
 | deallocation.rs:123:23:123:40 | ...::dangling | semmle.label | ...::dangling |
diff --git a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs
index 89ef0470e99d..0d8f977387b6 100644
--- a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs
+++ b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs
@@ -109,10 +109,10 @@ pub fn test_libc() {
 		let v1 = *my_ptr; // GOOD
 		println!("	v1 = {v1}");
 
-		libc::free(my_ptr as *mut libc::c_void); // $ Source[rust/access-invalid-pointer]=free
+		libc::free(my_ptr as *mut libc::c_void); // $ MISSING: Source[rust/access-invalid-pointer]=free
 		// (my_ptr is now dangling)
 
-		let v2 = *my_ptr; // $ Alert[rust/access-invalid-pointer]=free
+		let v2 = *my_ptr; // $ MISSING: Alert[rust/access-invalid-pointer]=free
 		println!("	v2 = {v2} (!)"); // corrupt in practice
 	}
 }

From c7de873a22216deb2eb652a0eb3a387f903d1a7e Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Mon, 7 Jul 2025 18:55:21 +0100
Subject: [PATCH 3/6] Rust: Update the libc models.

---
 .../lib/codeql/rust/frameworks/libc.model.yml |  15 +-
 .../UncontrolledAllocationSize.expected       | 201 ++++++++++--------
 .../test/query-tests/security/CWE-770/main.rs |  10 +-
 .../CWE-825/AccessInvalidPointer.expected     |   7 +
 .../security/CWE-825/deallocation.rs          |   4 +-
 5 files changed, 141 insertions(+), 96 deletions(-)

diff --git a/rust/ql/lib/codeql/rust/frameworks/libc.model.yml b/rust/ql/lib/codeql/rust/frameworks/libc.model.yml
index efce0df7ffb7..314f1ca0ba9f 100644
--- a/rust/ql/lib/codeql/rust/frameworks/libc.model.yml
+++ b/rust/ql/lib/codeql/rust/frameworks/libc.model.yml
@@ -3,12 +3,17 @@ extensions:
       pack: codeql/rust-all
       extensible: sourceModel
     data:
-      - ["libc::free", "Argument[0]", "pointer-invalidate", "manual"]
+      - ["libc::unix::free", "Argument[0]", "pointer-invalidate", "manual"]
+      - ["libc::windows::free", "Argument[0]", "pointer-invalidate", "manual"]
   - addsTo:
       pack: codeql/rust-all
       extensible: sinkModel
     data:
-      - ["libc::malloc", "Argument[0]", "alloc-size", "manual"]
-      - ["libc::aligned_alloc", "Argument[1]", "alloc-size", "manual"]
-      - ["libc::calloc", "Argument[0,1]", "alloc-size", "manual"]
-      - ["libc::realloc", "Argument[1]", "alloc-size", "manual"]
+      - ["libc::unix::malloc", "Argument[0]", "alloc-size", "manual"]
+      - ["libc::windows::malloc", "Argument[0]", "alloc-size", "manual"]
+      - ["libc::unix::aligned_alloc", "Argument[1]", "alloc-size", "manual"]
+      - ["libc::windows::aligned_alloc", "Argument[1]", "alloc-size", "manual"]
+      - ["libc::unix::calloc", "Argument[0,1]", "alloc-size", "manual"]
+      - ["libc::windows::calloc", "Argument[0,1]", "alloc-size", "manual"]
+      - ["libc::unix::realloc", "Argument[1]", "alloc-size", "manual"]
+      - ["libc::windows::realloc", "Argument[1]", "alloc-size", "manual"]
diff --git a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected
index 3eafac92b139..5e99e62b9d27 100644
--- a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected
+++ b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected
@@ -49,6 +49,11 @@
 | main.rs:210:40:210:50 | grow_zeroed | main.rs:317:13:317:26 | ...::args | main.rs:210:40:210:50 | grow_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
 | main.rs:210:40:210:50 | grow_zeroed | main.rs:317:13:317:26 | ...::args | main.rs:210:40:210:50 | grow_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
 | main.rs:213:36:213:41 | shrink | main.rs:317:13:317:26 | ...::args | main.rs:213:36:213:41 | shrink | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
+| main.rs:219:13:219:24 | ...::malloc | main.rs:317:13:317:26 | ...::args | main.rs:219:13:219:24 | ...::malloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
+| main.rs:220:13:220:31 | ...::aligned_alloc | main.rs:317:13:317:26 | ...::args | main.rs:220:13:220:31 | ...::aligned_alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
+| main.rs:222:13:222:24 | ...::calloc | main.rs:317:13:317:26 | ...::args | main.rs:222:13:222:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
+| main.rs:223:13:223:24 | ...::calloc | main.rs:317:13:317:26 | ...::args | main.rs:223:13:223:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
+| main.rs:224:13:224:25 | ...::realloc | main.rs:317:13:317:26 | ...::args | main.rs:224:13:224:25 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
 | main.rs:230:13:230:44 | ...::try_with_capacity_in | main.rs:317:13:317:26 | ...::args | main.rs:230:13:230:44 | ...::try_with_capacity_in | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
 | main.rs:231:13:231:40 | ...::with_capacity_in | main.rs:317:13:317:26 | ...::args | main.rs:231:13:231:40 | ...::with_capacity_in | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
 | main.rs:284:22:284:38 | ...::alloc | main.rs:308:25:308:38 | ...::args | main.rs:284:22:284:38 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:308:25:308:38 | ...::args | user-provided value |
@@ -62,43 +67,43 @@ edges
 | main.rs:18:41:18:41 | v | main.rs:35:9:35:10 | s6 | provenance |  |
 | main.rs:18:41:18:41 | v | main.rs:35:49:35:49 | v | provenance |  |
 | main.rs:20:9:20:10 | l2 | main.rs:21:31:21:32 | l2 | provenance |  |
-| main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | main.rs:20:14:20:63 | ... .unwrap() | provenance | MaD:31 |
+| main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | main.rs:20:14:20:63 | ... .unwrap() | provenance | MaD:35 |
 | main.rs:20:14:20:63 | ... .unwrap() | main.rs:20:9:20:10 | l2 | provenance |  |
-| main.rs:20:50:20:50 | v | main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | provenance | MaD:40 |
+| main.rs:20:50:20:50 | v | main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | provenance | MaD:44 |
 | main.rs:21:31:21:32 | l2 | main.rs:21:13:21:29 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
-| main.rs:21:31:21:32 | l2 | main.rs:22:31:22:44 | l2.align_to(...) [Ok] | provenance | MaD:36 |
-| main.rs:21:31:21:32 | l2 | main.rs:23:31:23:44 | l2.align_to(...) [Ok] | provenance | MaD:36 |
+| main.rs:21:31:21:32 | l2 | main.rs:22:31:22:44 | l2.align_to(...) [Ok] | provenance | MaD:40 |
+| main.rs:21:31:21:32 | l2 | main.rs:23:31:23:44 | l2.align_to(...) [Ok] | provenance | MaD:40 |
 | main.rs:21:31:21:32 | l2 | main.rs:24:38:24:39 | l2 | provenance |  |
-| main.rs:22:31:22:44 | l2.align_to(...) [Ok] | main.rs:22:31:22:53 | ... .unwrap() | provenance | MaD:31 |
+| main.rs:22:31:22:44 | l2.align_to(...) [Ok] | main.rs:22:31:22:53 | ... .unwrap() | provenance | MaD:35 |
 | main.rs:22:31:22:53 | ... .unwrap() | main.rs:22:13:22:29 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
-| main.rs:23:31:23:44 | l2.align_to(...) [Ok] | main.rs:23:31:23:53 | ... .unwrap() | provenance | MaD:31 |
-| main.rs:23:31:23:53 | ... .unwrap() | main.rs:23:31:23:68 | ... .pad_to_align() | provenance | MaD:42 |
+| main.rs:23:31:23:44 | l2.align_to(...) [Ok] | main.rs:23:31:23:53 | ... .unwrap() | provenance | MaD:35 |
+| main.rs:23:31:23:53 | ... .unwrap() | main.rs:23:31:23:68 | ... .pad_to_align() | provenance | MaD:46 |
 | main.rs:23:31:23:68 | ... .pad_to_align() | main.rs:23:13:23:29 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
 | main.rs:24:38:24:39 | l2 | main.rs:24:13:24:36 | ...::alloc_zeroed | provenance | MaD:18 Sink:MaD:18 |
 | main.rs:29:9:29:10 | l4 | main.rs:30:31:30:32 | l4 | provenance |  |
 | main.rs:29:14:29:64 | ...::from_size_align_unchecked(...) | main.rs:29:9:29:10 | l4 | provenance |  |
-| main.rs:29:60:29:60 | v | main.rs:29:14:29:64 | ...::from_size_align_unchecked(...) | provenance | MaD:41 |
+| main.rs:29:60:29:60 | v | main.rs:29:14:29:64 | ...::from_size_align_unchecked(...) | provenance | MaD:45 |
 | main.rs:30:31:30:32 | l4 | main.rs:30:13:30:29 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
 | main.rs:32:9:32:10 | l5 | main.rs:33:31:33:32 | l5 | provenance |  |
 | main.rs:32:14:32:118 | ...::from_size_align_unchecked(...) | main.rs:32:9:32:10 | l5 | provenance |  |
-| main.rs:32:60:32:60 | v | main.rs:32:60:32:89 | ... * ... | provenance | MaD:33 |
-| main.rs:32:60:32:89 | ... * ... | main.rs:32:14:32:118 | ...::from_size_align_unchecked(...) | provenance | MaD:41 |
+| main.rs:32:60:32:60 | v | main.rs:32:60:32:89 | ... * ... | provenance | MaD:37 |
+| main.rs:32:60:32:89 | ... * ... | main.rs:32:14:32:118 | ...::from_size_align_unchecked(...) | provenance | MaD:45 |
 | main.rs:33:31:33:32 | l5 | main.rs:33:13:33:29 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
 | main.rs:35:9:35:10 | s6 | main.rs:36:60:36:61 | s6 | provenance |  |
 | main.rs:35:15:35:49 | ... * ... | main.rs:35:9:35:10 | s6 | provenance |  |
-| main.rs:35:49:35:49 | v | main.rs:35:15:35:49 | ... * ... | provenance | MaD:32 |
+| main.rs:35:49:35:49 | v | main.rs:35:15:35:49 | ... * ... | provenance | MaD:36 |
 | main.rs:36:9:36:10 | l6 | main.rs:37:31:37:32 | l6 | provenance |  |
 | main.rs:36:9:36:10 | l6 [Layout.size] | main.rs:37:31:37:32 | l6 [Layout.size] | provenance |  |
 | main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) | main.rs:36:9:36:10 | l6 | provenance |  |
 | main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) [Layout.size] | main.rs:36:9:36:10 | l6 [Layout.size] | provenance |  |
-| main.rs:36:60:36:61 | s6 | main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) | provenance | MaD:41 |
-| main.rs:36:60:36:61 | s6 | main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) [Layout.size] | provenance | MaD:27 |
+| main.rs:36:60:36:61 | s6 | main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) | provenance | MaD:45 |
+| main.rs:36:60:36:61 | s6 | main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) [Layout.size] | provenance | MaD:31 |
 | main.rs:37:31:37:32 | l6 | main.rs:37:13:37:29 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
-| main.rs:37:31:37:32 | l6 | main.rs:39:60:39:68 | l6.size() | provenance | MaD:45 |
-| main.rs:37:31:37:32 | l6 [Layout.size] | main.rs:39:60:39:68 | l6.size() | provenance | MaD:28 |
+| main.rs:37:31:37:32 | l6 | main.rs:39:60:39:68 | l6.size() | provenance | MaD:49 |
+| main.rs:37:31:37:32 | l6 [Layout.size] | main.rs:39:60:39:68 | l6.size() | provenance | MaD:32 |
 | main.rs:39:9:39:10 | l7 | main.rs:40:31:40:32 | l7 | provenance |  |
 | main.rs:39:14:39:72 | ...::from_size_align_unchecked(...) | main.rs:39:9:39:10 | l7 | provenance |  |
-| main.rs:39:60:39:68 | l6.size() | main.rs:39:14:39:72 | ...::from_size_align_unchecked(...) | provenance | MaD:41 |
+| main.rs:39:60:39:68 | l6.size() | main.rs:39:14:39:72 | ...::from_size_align_unchecked(...) | provenance | MaD:45 |
 | main.rs:40:31:40:32 | l7 | main.rs:40:13:40:29 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
 | main.rs:43:44:43:51 | ...: usize | main.rs:50:41:50:41 | v | provenance |  |
 | main.rs:43:44:43:51 | ...: usize | main.rs:51:41:51:45 | ... + ... | provenance |  |
@@ -106,47 +111,47 @@ edges
 | main.rs:43:44:43:51 | ...: usize | main.rs:54:48:54:53 | ... * ... | provenance |  |
 | main.rs:43:44:43:51 | ...: usize | main.rs:58:34:58:34 | v | provenance |  |
 | main.rs:43:44:43:51 | ...: usize | main.rs:67:46:67:46 | v | provenance |  |
-| main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | main.rs:50:31:50:51 | ... .unwrap() [tuple.0] | provenance | MaD:31 |
+| main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | main.rs:50:31:50:51 | ... .unwrap() [tuple.0] | provenance | MaD:35 |
 | main.rs:50:31:50:51 | ... .unwrap() [tuple.0] | main.rs:50:31:50:53 | ... .0 | provenance |  |
 | main.rs:50:31:50:53 | ... .0 | main.rs:50:13:50:29 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
-| main.rs:50:41:50:41 | v | main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | provenance | MaD:43 |
-| main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | main.rs:51:31:51:55 | ... .unwrap() [tuple.0] | provenance | MaD:31 |
+| main.rs:50:41:50:41 | v | main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | provenance | MaD:47 |
+| main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | main.rs:51:31:51:55 | ... .unwrap() [tuple.0] | provenance | MaD:35 |
 | main.rs:51:31:51:55 | ... .unwrap() [tuple.0] | main.rs:51:31:51:57 | ... .0 | provenance |  |
 | main.rs:51:31:51:57 | ... .0 | main.rs:51:13:51:29 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
-| main.rs:51:41:51:45 | ... + ... | main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | provenance | MaD:43 |
-| main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | main.rs:53:31:53:58 | ... .unwrap() | provenance | MaD:31 |
+| main.rs:51:41:51:45 | ... + ... | main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | provenance | MaD:47 |
+| main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | main.rs:53:31:53:58 | ... .unwrap() | provenance | MaD:35 |
 | main.rs:53:31:53:58 | ... .unwrap() | main.rs:53:13:53:29 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
-| main.rs:53:48:53:48 | v | main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | provenance | MaD:44 |
-| main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | main.rs:54:31:54:63 | ... .unwrap() | provenance | MaD:31 |
+| main.rs:53:48:53:48 | v | main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | provenance | MaD:48 |
+| main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | main.rs:54:31:54:63 | ... .unwrap() | provenance | MaD:35 |
 | main.rs:54:31:54:63 | ... .unwrap() | main.rs:54:13:54:29 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
-| main.rs:54:48:54:53 | ... * ... | main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | provenance | MaD:44 |
+| main.rs:54:48:54:53 | ... * ... | main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | provenance | MaD:48 |
 | main.rs:58:9:58:20 | TuplePat [tuple.0] | main.rs:58:10:58:11 | k1 | provenance |  |
 | main.rs:58:10:58:11 | k1 | main.rs:59:31:59:32 | k1 | provenance |  |
-| main.rs:58:24:58:35 | l3.repeat(...) [Ok, tuple.0] | main.rs:58:24:58:66 | ... .expect(...) [tuple.0] | provenance | MaD:30 |
+| main.rs:58:24:58:35 | l3.repeat(...) [Ok, tuple.0] | main.rs:58:24:58:66 | ... .expect(...) [tuple.0] | provenance | MaD:34 |
 | main.rs:58:24:58:66 | ... .expect(...) [tuple.0] | main.rs:58:9:58:20 | TuplePat [tuple.0] | provenance |  |
-| main.rs:58:34:58:34 | v | main.rs:58:24:58:35 | l3.repeat(...) [Ok, tuple.0] | provenance | MaD:43 |
+| main.rs:58:34:58:34 | v | main.rs:58:24:58:35 | l3.repeat(...) [Ok, tuple.0] | provenance | MaD:47 |
 | main.rs:59:31:59:32 | k1 | main.rs:59:13:59:29 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
 | main.rs:59:31:59:32 | k1 | main.rs:60:34:60:35 | k1 | provenance |  |
 | main.rs:59:31:59:32 | k1 | main.rs:64:48:64:49 | k1 | provenance |  |
 | main.rs:60:9:60:20 | TuplePat [tuple.0] | main.rs:60:10:60:11 | k2 | provenance |  |
 | main.rs:60:10:60:11 | k2 | main.rs:61:31:61:32 | k2 | provenance |  |
-| main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | main.rs:60:24:60:45 | ... .unwrap() [tuple.0] | provenance | MaD:31 |
+| main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | main.rs:60:24:60:45 | ... .unwrap() [tuple.0] | provenance | MaD:35 |
 | main.rs:60:24:60:45 | ... .unwrap() [tuple.0] | main.rs:60:9:60:20 | TuplePat [tuple.0] | provenance |  |
-| main.rs:60:34:60:35 | k1 | main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | provenance | MaD:38 |
+| main.rs:60:34:60:35 | k1 | main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | provenance | MaD:42 |
 | main.rs:61:31:61:32 | k2 | main.rs:61:13:61:29 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
-| main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | main.rs:64:31:64:59 | ... .unwrap() | provenance | MaD:31 |
+| main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | main.rs:64:31:64:59 | ... .unwrap() | provenance | MaD:35 |
 | main.rs:64:31:64:59 | ... .unwrap() | main.rs:64:13:64:29 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
-| main.rs:64:48:64:49 | k1 | main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | provenance | MaD:39 |
+| main.rs:64:48:64:49 | k1 | main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | provenance | MaD:43 |
 | main.rs:67:9:67:10 | l4 | main.rs:68:31:68:32 | l4 | provenance |  |
-| main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | main.rs:67:14:67:56 | ... .unwrap() | provenance | MaD:31 |
+| main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | main.rs:67:14:67:56 | ... .unwrap() | provenance | MaD:35 |
 | main.rs:67:14:67:56 | ... .unwrap() | main.rs:67:9:67:10 | l4 | provenance |  |
-| main.rs:67:46:67:46 | v | main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | provenance | MaD:37 |
+| main.rs:67:46:67:46 | v | main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | provenance | MaD:41 |
 | main.rs:68:31:68:32 | l4 | main.rs:68:13:68:29 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
 | main.rs:86:35:86:42 | ...: usize | main.rs:87:54:87:54 | v | provenance |  |
 | main.rs:87:9:87:14 | layout | main.rs:88:31:88:36 | layout | provenance |  |
-| main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | main.rs:87:18:87:67 | ... .unwrap() | provenance | MaD:31 |
+| main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | main.rs:87:18:87:67 | ... .unwrap() | provenance | MaD:35 |
 | main.rs:87:18:87:67 | ... .unwrap() | main.rs:87:9:87:14 | layout | provenance |  |
-| main.rs:87:54:87:54 | v | main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | provenance | MaD:40 |
+| main.rs:87:54:87:54 | v | main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | provenance | MaD:44 |
 | main.rs:88:31:88:36 | layout | main.rs:88:13:88:29 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
 | main.rs:91:38:91:45 | ...: usize | main.rs:92:47:92:47 | v | provenance |  |
 | main.rs:91:38:91:45 | ...: usize | main.rs:101:51:101:51 | v | provenance |  |
@@ -157,16 +162,16 @@ edges
 | main.rs:91:38:91:45 | ...: usize | main.rs:161:55:161:55 | v | provenance |  |
 | main.rs:92:9:92:10 | l1 | main.rs:96:35:96:36 | l1 | provenance |  |
 | main.rs:92:9:92:10 | l1 | main.rs:102:35:102:36 | l1 | provenance |  |
-| main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | main.rs:92:14:92:57 | ... .unwrap() | provenance | MaD:31 |
+| main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | main.rs:92:14:92:57 | ... .unwrap() | provenance | MaD:35 |
 | main.rs:92:14:92:57 | ... .unwrap() | main.rs:92:9:92:10 | l1 | provenance |  |
-| main.rs:92:47:92:47 | v | main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | provenance | MaD:37 |
+| main.rs:92:47:92:47 | v | main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | provenance | MaD:41 |
 | main.rs:96:35:96:36 | l1 | main.rs:96:17:96:33 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
 | main.rs:96:35:96:36 | l1 | main.rs:109:35:109:36 | l1 | provenance |  |
 | main.rs:96:35:96:36 | l1 | main.rs:111:35:111:36 | l1 | provenance |  |
 | main.rs:101:13:101:14 | l3 | main.rs:103:35:103:36 | l3 | provenance |  |
-| main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | main.rs:101:18:101:61 | ... .unwrap() | provenance | MaD:31 |
+| main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | main.rs:101:18:101:61 | ... .unwrap() | provenance | MaD:35 |
 | main.rs:101:18:101:61 | ... .unwrap() | main.rs:101:13:101:14 | l3 | provenance |  |
-| main.rs:101:51:101:51 | v | main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | provenance | MaD:37 |
+| main.rs:101:51:101:51 | v | main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | provenance | MaD:41 |
 | main.rs:102:35:102:36 | l1 | main.rs:102:17:102:33 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
 | main.rs:102:35:102:36 | l1 | main.rs:109:35:109:36 | l1 | provenance |  |
 | main.rs:102:35:102:36 | l1 | main.rs:111:35:111:36 | l1 | provenance |  |
@@ -177,28 +182,28 @@ edges
 | main.rs:111:35:111:36 | l1 | main.rs:111:17:111:33 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
 | main.rs:111:35:111:36 | l1 | main.rs:146:35:146:36 | l1 | provenance |  |
 | main.rs:145:13:145:14 | l9 | main.rs:148:35:148:36 | l9 | provenance |  |
-| main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | main.rs:145:18:145:61 | ... .unwrap() | provenance | MaD:31 |
+| main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | main.rs:145:18:145:61 | ... .unwrap() | provenance | MaD:35 |
 | main.rs:145:18:145:61 | ... .unwrap() | main.rs:145:13:145:14 | l9 | provenance |  |
-| main.rs:145:51:145:51 | v | main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | provenance | MaD:37 |
+| main.rs:145:51:145:51 | v | main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | provenance | MaD:41 |
 | main.rs:146:35:146:36 | l1 | main.rs:146:17:146:33 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
 | main.rs:146:35:146:36 | l1 | main.rs:177:31:177:32 | l1 | provenance |  |
 | main.rs:148:35:148:36 | l9 | main.rs:148:17:148:33 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
 | main.rs:151:9:151:11 | l10 | main.rs:152:31:152:33 | l10 | provenance |  |
-| main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | main.rs:151:15:151:78 | ... .unwrap() | provenance | MaD:31 |
+| main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | main.rs:151:15:151:78 | ... .unwrap() | provenance | MaD:35 |
 | main.rs:151:15:151:78 | ... .unwrap() | main.rs:151:9:151:11 | l10 | provenance |  |
-| main.rs:151:48:151:68 | ...::min(...) | main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | provenance | MaD:37 |
-| main.rs:151:62:151:62 | v | main.rs:151:48:151:68 | ...::min(...) | provenance | MaD:35 |
+| main.rs:151:48:151:68 | ...::min(...) | main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | provenance | MaD:41 |
+| main.rs:151:62:151:62 | v | main.rs:151:48:151:68 | ...::min(...) | provenance | MaD:39 |
 | main.rs:152:31:152:33 | l10 | main.rs:152:13:152:29 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
 | main.rs:154:9:154:11 | l11 | main.rs:155:31:155:33 | l11 | provenance |  |
-| main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | main.rs:154:15:154:78 | ... .unwrap() | provenance | MaD:31 |
+| main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | main.rs:154:15:154:78 | ... .unwrap() | provenance | MaD:35 |
 | main.rs:154:15:154:78 | ... .unwrap() | main.rs:154:9:154:11 | l11 | provenance |  |
-| main.rs:154:48:154:68 | ...::max(...) | main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | provenance | MaD:37 |
-| main.rs:154:62:154:62 | v | main.rs:154:48:154:68 | ...::max(...) | provenance | MaD:34 |
+| main.rs:154:48:154:68 | ...::max(...) | main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | provenance | MaD:41 |
+| main.rs:154:62:154:62 | v | main.rs:154:48:154:68 | ...::max(...) | provenance | MaD:38 |
 | main.rs:155:31:155:33 | l11 | main.rs:155:13:155:29 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
 | main.rs:161:13:161:15 | l13 | main.rs:162:35:162:37 | l13 | provenance |  |
-| main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | main.rs:161:19:161:68 | ... .unwrap() | provenance | MaD:31 |
+| main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | main.rs:161:19:161:68 | ... .unwrap() | provenance | MaD:35 |
 | main.rs:161:19:161:68 | ... .unwrap() | main.rs:161:13:161:15 | l13 | provenance |  |
-| main.rs:161:55:161:55 | v | main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | provenance | MaD:40 |
+| main.rs:161:55:161:55 | v | main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | provenance | MaD:44 |
 | main.rs:162:35:162:37 | l13 | main.rs:162:17:162:33 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
 | main.rs:162:35:162:37 | l13 | main.rs:169:35:169:37 | l13 | provenance |  |
 | main.rs:169:35:169:37 | l13 | main.rs:169:17:169:33 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
@@ -206,9 +211,9 @@ edges
 | main.rs:183:29:183:36 | ...: usize | main.rs:192:46:192:46 | v | provenance |  |
 | main.rs:183:29:183:36 | ...: usize | main.rs:202:48:202:48 | v | provenance |  |
 | main.rs:192:9:192:10 | l2 | main.rs:193:38:193:39 | l2 | provenance |  |
-| main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | main.rs:192:14:192:56 | ... .unwrap() | provenance | MaD:31 |
+| main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | main.rs:192:14:192:56 | ... .unwrap() | provenance | MaD:35 |
 | main.rs:192:14:192:56 | ... .unwrap() | main.rs:192:9:192:10 | l2 | provenance |  |
-| main.rs:192:46:192:46 | v | main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | provenance | MaD:37 |
+| main.rs:192:46:192:46 | v | main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | provenance | MaD:41 |
 | main.rs:193:38:193:39 | l2 | main.rs:193:32:193:36 | alloc | provenance | MaD:24 Sink:MaD:24 |
 | main.rs:193:38:193:39 | l2 | main.rs:193:32:193:36 | alloc | provenance | MaD:10 Sink:MaD:10 |
 | main.rs:193:38:193:39 | l2 | main.rs:194:45:194:46 | l2 | provenance |  |
@@ -237,40 +242,52 @@ edges
 | main.rs:210:60:210:61 | l2 | main.rs:210:40:210:50 | grow_zeroed | provenance | MaD:23 Sink:MaD:23 |
 | main.rs:210:60:210:61 | l2 | main.rs:210:40:210:50 | grow_zeroed | provenance | MaD:8 Sink:MaD:8 |
 | main.rs:213:51:213:52 | l2 | main.rs:213:36:213:41 | shrink | provenance | MaD:9 Sink:MaD:9 |
+| main.rs:217:27:217:34 | ...: usize | main.rs:219:26:219:26 | v | provenance |  |
+| main.rs:219:26:219:26 | v | main.rs:219:13:219:24 | ...::malloc | provenance | MaD:28 Sink:MaD:28 |
+| main.rs:219:26:219:26 | v | main.rs:220:36:220:36 | v | provenance |  |
+| main.rs:220:36:220:36 | v | main.rs:220:13:220:31 | ...::aligned_alloc | provenance | MaD:26 Sink:MaD:26 |
+| main.rs:220:36:220:36 | v | main.rs:222:30:222:30 | v | provenance |  |
+| main.rs:222:30:222:30 | v | main.rs:222:13:222:24 | ...::calloc | provenance | MaD:27 Sink:MaD:27 |
+| main.rs:222:30:222:30 | v | main.rs:223:26:223:26 | v | provenance |  |
+| main.rs:223:26:223:26 | v | main.rs:223:13:223:24 | ...::calloc | provenance | MaD:27 Sink:MaD:27 |
+| main.rs:223:26:223:26 | v | main.rs:224:31:224:31 | v | provenance |  |
+| main.rs:224:31:224:31 | v | main.rs:224:13:224:25 | ...::realloc | provenance | MaD:29 Sink:MaD:29 |
 | main.rs:227:24:227:31 | ...: usize | main.rs:230:46:230:46 | v | provenance |  |
 | main.rs:230:46:230:46 | v | main.rs:230:13:230:44 | ...::try_with_capacity_in | provenance | MaD:3 Sink:MaD:3 |
 | main.rs:230:46:230:46 | v | main.rs:231:42:231:42 | v | provenance |  |
 | main.rs:231:42:231:42 | v | main.rs:231:13:231:40 | ...::with_capacity_in | provenance | MaD:4 Sink:MaD:4 |
-| main.rs:279:24:279:41 | ...: String | main.rs:280:21:280:47 | user_input.parse() [Ok] | provenance | MaD:46 |
+| main.rs:279:24:279:41 | ...: String | main.rs:280:21:280:47 | user_input.parse() [Ok] | provenance | MaD:50 |
 | main.rs:280:9:280:17 | num_bytes | main.rs:282:54:282:62 | num_bytes | provenance |  |
 | main.rs:280:21:280:47 | user_input.parse() [Ok] | main.rs:280:21:280:48 | TryExpr | provenance |  |
 | main.rs:280:21:280:48 | TryExpr | main.rs:280:9:280:17 | num_bytes | provenance |  |
-| main.rs:280:21:280:48 | TryExpr | main.rs:280:21:280:77 | ... * ... | provenance | MaD:33 |
+| main.rs:280:21:280:48 | TryExpr | main.rs:280:21:280:77 | ... * ... | provenance | MaD:37 |
 | main.rs:280:21:280:77 | ... * ... | main.rs:280:9:280:17 | num_bytes | provenance |  |
 | main.rs:282:9:282:14 | layout | main.rs:284:40:284:45 | layout | provenance |  |
-| main.rs:282:18:282:66 | ...::from_size_align(...) [Ok] | main.rs:282:18:282:75 | ... .unwrap() | provenance | MaD:31 |
+| main.rs:282:18:282:66 | ...::from_size_align(...) [Ok] | main.rs:282:18:282:75 | ... .unwrap() | provenance | MaD:35 |
 | main.rs:282:18:282:75 | ... .unwrap() | main.rs:282:9:282:14 | layout | provenance |  |
-| main.rs:282:54:282:62 | num_bytes | main.rs:282:18:282:66 | ...::from_size_align(...) [Ok] | provenance | MaD:40 |
+| main.rs:282:54:282:62 | num_bytes | main.rs:282:18:282:66 | ...::from_size_align(...) [Ok] | provenance | MaD:44 |
 | main.rs:284:40:284:45 | layout | main.rs:284:22:284:38 | ...::alloc | provenance | MaD:17 Sink:MaD:17 |
-| main.rs:308:25:308:38 | ...::args | main.rs:308:25:308:40 | ...::args(...) [element] | provenance | Src:MaD:26  |
-| main.rs:308:25:308:40 | ...::args(...) [element] | main.rs:308:25:308:47 | ... .nth(...) [Some] | provenance | MaD:47 |
-| main.rs:308:25:308:47 | ... .nth(...) [Some] | main.rs:308:25:308:74 | ... .unwrap_or(...) | provenance | MaD:29 |
+| main.rs:308:25:308:38 | ...::args | main.rs:308:25:308:40 | ...::args(...) [element] | provenance | Src:MaD:30  |
+| main.rs:308:25:308:40 | ...::args(...) [element] | main.rs:308:25:308:47 | ... .nth(...) [Some] | provenance | MaD:51 |
+| main.rs:308:25:308:47 | ... .nth(...) [Some] | main.rs:308:25:308:74 | ... .unwrap_or(...) | provenance | MaD:33 |
 | main.rs:308:25:308:74 | ... .unwrap_or(...) | main.rs:279:24:279:41 | ...: String | provenance |  |
 | main.rs:317:9:317:9 | v | main.rs:320:34:320:34 | v | provenance |  |
 | main.rs:317:9:317:9 | v | main.rs:321:42:321:42 | v | provenance |  |
 | main.rs:317:9:317:9 | v | main.rs:322:36:322:36 | v | provenance |  |
 | main.rs:317:9:317:9 | v | main.rs:323:27:323:27 | v | provenance |  |
+| main.rs:317:9:317:9 | v | main.rs:324:25:324:25 | v | provenance |  |
 | main.rs:317:9:317:9 | v | main.rs:325:22:325:22 | v | provenance |  |
-| main.rs:317:13:317:26 | ...::args | main.rs:317:13:317:28 | ...::args(...) [element] | provenance | Src:MaD:26  |
-| main.rs:317:13:317:28 | ...::args(...) [element] | main.rs:317:13:317:35 | ... .nth(...) [Some] | provenance | MaD:47 |
-| main.rs:317:13:317:35 | ... .nth(...) [Some] | main.rs:317:13:317:65 | ... .unwrap_or(...) | provenance | MaD:29 |
-| main.rs:317:13:317:65 | ... .unwrap_or(...) | main.rs:317:13:317:82 | ... .parse() [Ok] | provenance | MaD:46 |
-| main.rs:317:13:317:82 | ... .parse() [Ok] | main.rs:317:13:317:91 | ... .unwrap() | provenance | MaD:31 |
+| main.rs:317:13:317:26 | ...::args | main.rs:317:13:317:28 | ...::args(...) [element] | provenance | Src:MaD:30  |
+| main.rs:317:13:317:28 | ...::args(...) [element] | main.rs:317:13:317:35 | ... .nth(...) [Some] | provenance | MaD:51 |
+| main.rs:317:13:317:35 | ... .nth(...) [Some] | main.rs:317:13:317:65 | ... .unwrap_or(...) | provenance | MaD:33 |
+| main.rs:317:13:317:65 | ... .unwrap_or(...) | main.rs:317:13:317:82 | ... .parse() [Ok] | provenance | MaD:50 |
+| main.rs:317:13:317:82 | ... .parse() [Ok] | main.rs:317:13:317:91 | ... .unwrap() | provenance | MaD:35 |
 | main.rs:317:13:317:91 | ... .unwrap() | main.rs:317:9:317:9 | v | provenance |  |
 | main.rs:320:34:320:34 | v | main.rs:12:36:12:43 | ...: usize | provenance |  |
 | main.rs:321:42:321:42 | v | main.rs:43:44:43:51 | ...: usize | provenance |  |
 | main.rs:322:36:322:36 | v | main.rs:91:38:91:45 | ...: usize | provenance |  |
 | main.rs:323:27:323:27 | v | main.rs:183:29:183:36 | ...: usize | provenance |  |
+| main.rs:324:25:324:25 | v | main.rs:217:27:217:34 | ...: usize | provenance |  |
 | main.rs:325:22:325:22 | v | main.rs:227:24:227:31 | ...: usize | provenance |  |
 models
 | 1 | Sink: <alloc::alloc::Global as core::alloc::Allocator>::allocate; Argument[0]; alloc-layout |
@@ -298,28 +315,32 @@ models
 | 23 | Sink: lang:std; <crate::alloc::System as crate::alloc::Allocator>::grow_zeroed; Argument[2]; alloc-layout |
 | 24 | Sink: lang:std; <crate::alloc::System as crate::alloc::global::GlobalAlloc>::alloc; Argument[0]; alloc-layout |
 | 25 | Sink: lang:std; <crate::alloc::System as crate::alloc::global::GlobalAlloc>::alloc_zeroed; Argument[0]; alloc-layout |
-| 26 | Source: std::env::args; ReturnValue.Element; commandargs |
-| 27 | Summary: <core::alloc::layout::Layout>::from_size_align_unchecked; Argument[0]; ReturnValue.Field[core::alloc::layout::Layout::size]; value |
-| 28 | Summary: <core::alloc::layout::Layout>::size; Argument[self].Field[core::alloc::layout::Layout::size]; ReturnValue; value |
-| 29 | Summary: <core::option::Option>::unwrap_or; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value |
-| 30 | Summary: <core::result::Result>::expect; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
-| 31 | Summary: <core::result::Result>::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
-| 32 | Summary: <core::usize as core::ops::arith::Mul>::mul; Argument[0]; ReturnValue; taint |
-| 33 | Summary: <core::usize as core::ops::arith::Mul>::mul; Argument[self]; ReturnValue; taint |
-| 34 | Summary: core::cmp::max; Argument[0]; ReturnValue; value |
-| 35 | Summary: core::cmp::min; Argument[0]; ReturnValue; value |
-| 36 | Summary: lang:core; <crate::alloc::layout::Layout>::align_to; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
-| 37 | Summary: lang:core; <crate::alloc::layout::Layout>::array; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
-| 38 | Summary: lang:core; <crate::alloc::layout::Layout>::extend; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)].Field[0]; taint |
-| 39 | Summary: lang:core; <crate::alloc::layout::Layout>::extend_packed; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
-| 40 | Summary: lang:core; <crate::alloc::layout::Layout>::from_size_align; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
-| 41 | Summary: lang:core; <crate::alloc::layout::Layout>::from_size_align_unchecked; Argument[0]; ReturnValue; taint |
-| 42 | Summary: lang:core; <crate::alloc::layout::Layout>::pad_to_align; Argument[self]; ReturnValue; taint |
-| 43 | Summary: lang:core; <crate::alloc::layout::Layout>::repeat; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)].Field[0]; taint |
-| 44 | Summary: lang:core; <crate::alloc::layout::Layout>::repeat_packed; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
-| 45 | Summary: lang:core; <crate::alloc::layout::Layout>::size; Argument[self]; ReturnValue; taint |
-| 46 | Summary: lang:core; <str>::parse; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
-| 47 | Summary: lang:core; crate::iter::traits::iterator::Iterator::nth; Argument[self].Element; ReturnValue.Field[core::option::Option::Some(0)]; value |
+| 26 | Sink: libc::unix::aligned_alloc; Argument[1]; alloc-size |
+| 27 | Sink: libc::unix::calloc; Argument[0,1]; alloc-size |
+| 28 | Sink: libc::unix::malloc; Argument[0]; alloc-size |
+| 29 | Sink: libc::unix::realloc; Argument[1]; alloc-size |
+| 30 | Source: std::env::args; ReturnValue.Element; commandargs |
+| 31 | Summary: <core::alloc::layout::Layout>::from_size_align_unchecked; Argument[0]; ReturnValue.Field[core::alloc::layout::Layout::size]; value |
+| 32 | Summary: <core::alloc::layout::Layout>::size; Argument[self].Field[core::alloc::layout::Layout::size]; ReturnValue; value |
+| 33 | Summary: <core::option::Option>::unwrap_or; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value |
+| 34 | Summary: <core::result::Result>::expect; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
+| 35 | Summary: <core::result::Result>::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
+| 36 | Summary: <core::usize as core::ops::arith::Mul>::mul; Argument[0]; ReturnValue; taint |
+| 37 | Summary: <core::usize as core::ops::arith::Mul>::mul; Argument[self]; ReturnValue; taint |
+| 38 | Summary: core::cmp::max; Argument[0]; ReturnValue; value |
+| 39 | Summary: core::cmp::min; Argument[0]; ReturnValue; value |
+| 40 | Summary: lang:core; <crate::alloc::layout::Layout>::align_to; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
+| 41 | Summary: lang:core; <crate::alloc::layout::Layout>::array; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
+| 42 | Summary: lang:core; <crate::alloc::layout::Layout>::extend; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)].Field[0]; taint |
+| 43 | Summary: lang:core; <crate::alloc::layout::Layout>::extend_packed; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
+| 44 | Summary: lang:core; <crate::alloc::layout::Layout>::from_size_align; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
+| 45 | Summary: lang:core; <crate::alloc::layout::Layout>::from_size_align_unchecked; Argument[0]; ReturnValue; taint |
+| 46 | Summary: lang:core; <crate::alloc::layout::Layout>::pad_to_align; Argument[self]; ReturnValue; taint |
+| 47 | Summary: lang:core; <crate::alloc::layout::Layout>::repeat; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)].Field[0]; taint |
+| 48 | Summary: lang:core; <crate::alloc::layout::Layout>::repeat_packed; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
+| 49 | Summary: lang:core; <crate::alloc::layout::Layout>::size; Argument[self]; ReturnValue; taint |
+| 50 | Summary: lang:core; <str>::parse; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
+| 51 | Summary: lang:core; crate::iter::traits::iterator::Iterator::nth; Argument[self].Element; ReturnValue.Field[core::option::Option::Some(0)]; value |
 nodes
 | main.rs:12:36:12:43 | ...: usize | semmle.label | ...: usize |
 | main.rs:18:13:18:31 | ...::realloc | semmle.label | ...::realloc |
@@ -503,6 +524,17 @@ nodes
 | main.rs:210:60:210:61 | l2 | semmle.label | l2 |
 | main.rs:213:36:213:41 | shrink | semmle.label | shrink |
 | main.rs:213:51:213:52 | l2 | semmle.label | l2 |
+| main.rs:217:27:217:34 | ...: usize | semmle.label | ...: usize |
+| main.rs:219:13:219:24 | ...::malloc | semmle.label | ...::malloc |
+| main.rs:219:26:219:26 | v | semmle.label | v |
+| main.rs:220:13:220:31 | ...::aligned_alloc | semmle.label | ...::aligned_alloc |
+| main.rs:220:36:220:36 | v | semmle.label | v |
+| main.rs:222:13:222:24 | ...::calloc | semmle.label | ...::calloc |
+| main.rs:222:30:222:30 | v | semmle.label | v |
+| main.rs:223:13:223:24 | ...::calloc | semmle.label | ...::calloc |
+| main.rs:223:26:223:26 | v | semmle.label | v |
+| main.rs:224:13:224:25 | ...::realloc | semmle.label | ...::realloc |
+| main.rs:224:31:224:31 | v | semmle.label | v |
 | main.rs:227:24:227:31 | ...: usize | semmle.label | ...: usize |
 | main.rs:230:13:230:44 | ...::try_with_capacity_in | semmle.label | ...::try_with_capacity_in |
 | main.rs:230:46:230:46 | v | semmle.label | v |
@@ -534,5 +566,6 @@ nodes
 | main.rs:321:42:321:42 | v | semmle.label | v |
 | main.rs:322:36:322:36 | v | semmle.label | v |
 | main.rs:323:27:323:27 | v | semmle.label | v |
+| main.rs:324:25:324:25 | v | semmle.label | v |
 | main.rs:325:22:325:22 | v | semmle.label | v |
 subpaths
diff --git a/rust/ql/test/query-tests/security/CWE-770/main.rs b/rust/ql/test/query-tests/security/CWE-770/main.rs
index d71f7bd0e39b..0b39862ef324 100644
--- a/rust/ql/test/query-tests/security/CWE-770/main.rs
+++ b/rust/ql/test/query-tests/security/CWE-770/main.rs
@@ -216,12 +216,12 @@ unsafe fn test_system_alloc(v: usize) {
 
 unsafe fn test_libc_alloc(v: usize) {
     let m1 = libc::malloc(256);
-    let _ = libc::malloc(v); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1
-    let _ = libc::aligned_alloc(8, v); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1
+    let _ = libc::malloc(v); // $ Alert[rust/uncontrolled-allocation-size]=arg1
+    let _ = libc::aligned_alloc(8, v); // $ Alert[rust/uncontrolled-allocation-size]=arg1
     let _ = libc::aligned_alloc(v, 8);
-    let _ = libc::calloc(64, v); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1
-    let _ = libc::calloc(v, std::mem::size_of::<i64>()); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1
-    let _ = libc::realloc(m1, v); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1
+    let _ = libc::calloc(64, v); // $ Alert[rust/uncontrolled-allocation-size]=arg1
+    let _ = libc::calloc(v, std::mem::size_of::<i64>()); // $ Alert[rust/uncontrolled-allocation-size]=arg1
+    let _ = libc::realloc(m1, v); // $ Alert[rust/uncontrolled-allocation-size]=arg1
 }
 
 unsafe fn test_vectors(v: usize) {
diff --git a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected
index 399c8f76316e..2bd8de26923c 100644
--- a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected
+++ b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected
@@ -8,6 +8,7 @@
 | deallocation.rs:86:7:86:8 | m2 | deallocation.rs:70:3:70:21 | ...::dealloc | deallocation.rs:86:7:86:8 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:3:70:21 | ...::dealloc | invalid |
 | deallocation.rs:90:7:90:8 | m2 | deallocation.rs:70:3:70:21 | ...::dealloc | deallocation.rs:90:7:90:8 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:3:70:21 | ...::dealloc | invalid |
 | deallocation.rs:95:5:95:31 | ...::write::<...> | deallocation.rs:70:3:70:21 | ...::dealloc | deallocation.rs:95:5:95:31 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:70:3:70:21 | ...::dealloc | invalid |
+| deallocation.rs:115:13:115:18 | my_ptr | deallocation.rs:112:3:112:12 | ...::free | deallocation.rs:115:13:115:18 | my_ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:112:3:112:12 | ...::free | invalid |
 | deallocation.rs:130:14:130:15 | p1 | deallocation.rs:123:23:123:40 | ...::dangling | deallocation.rs:130:14:130:15 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:123:23:123:40 | ...::dangling | invalid |
 | deallocation.rs:130:14:130:15 | p1 | deallocation.rs:123:23:123:40 | ...::dangling | deallocation.rs:130:14:130:15 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:123:23:123:40 | ...::dangling | invalid |
 | deallocation.rs:131:14:131:15 | p2 | deallocation.rs:124:21:124:42 | ...::dangling_mut | deallocation.rs:131:14:131:15 | p2 | This operation dereferences a pointer that may be $@. | deallocation.rs:124:21:124:42 | ...::dangling_mut | invalid |
@@ -31,6 +32,8 @@ edges
 | deallocation.rs:70:23:70:35 | [post] m2 as ... | deallocation.rs:90:7:90:8 | m2 | provenance |  |
 | deallocation.rs:70:23:70:35 | [post] m2 as ... | deallocation.rs:95:33:95:34 | m2 | provenance |  |
 | deallocation.rs:95:33:95:34 | m2 | deallocation.rs:95:5:95:31 | ...::write::<...> | provenance | MaD:2 Sink:MaD:2 |
+| deallocation.rs:112:3:112:12 | ...::free | deallocation.rs:112:14:112:40 | [post] my_ptr as ... | provenance | Src:MaD:10 MaD:10 |
+| deallocation.rs:112:14:112:40 | [post] my_ptr as ... | deallocation.rs:115:13:115:18 | my_ptr | provenance |  |
 | deallocation.rs:123:6:123:7 | p1 | deallocation.rs:130:14:130:15 | p1 | provenance |  |
 | deallocation.rs:123:23:123:40 | ...::dangling | deallocation.rs:123:23:123:42 | ...::dangling(...) | provenance | Src:MaD:6 MaD:6 |
 | deallocation.rs:123:23:123:40 | ...::dangling | deallocation.rs:123:23:123:42 | ...::dangling(...) | provenance | Src:MaD:3 MaD:3 |
@@ -57,6 +60,7 @@ models
 | 7 | Source: lang:core; crate::ptr::dangling_mut; ReturnValue; pointer-invalidate |
 | 8 | Source: lang:core; crate::ptr::drop_in_place; Argument[0]; pointer-invalidate |
 | 9 | Source: lang:core; crate::ptr::null; ReturnValue; pointer-invalidate |
+| 10 | Source: libc::unix::free; Argument[0]; pointer-invalidate |
 nodes
 | deallocation.rs:20:3:20:21 | ...::dealloc | semmle.label | ...::dealloc |
 | deallocation.rs:20:23:20:24 | [post] m1 | semmle.label | [post] m1 |
@@ -74,6 +78,9 @@ nodes
 | deallocation.rs:90:7:90:8 | m2 | semmle.label | m2 |
 | deallocation.rs:95:5:95:31 | ...::write::<...> | semmle.label | ...::write::<...> |
 | deallocation.rs:95:33:95:34 | m2 | semmle.label | m2 |
+| deallocation.rs:112:3:112:12 | ...::free | semmle.label | ...::free |
+| deallocation.rs:112:14:112:40 | [post] my_ptr as ... | semmle.label | [post] my_ptr as ... |
+| deallocation.rs:115:13:115:18 | my_ptr | semmle.label | my_ptr |
 | deallocation.rs:123:6:123:7 | p1 | semmle.label | p1 |
 | deallocation.rs:123:23:123:40 | ...::dangling | semmle.label | ...::dangling |
 | deallocation.rs:123:23:123:40 | ...::dangling | semmle.label | ...::dangling |
diff --git a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs
index 0d8f977387b6..89ef0470e99d 100644
--- a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs
+++ b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs
@@ -109,10 +109,10 @@ pub fn test_libc() {
 		let v1 = *my_ptr; // GOOD
 		println!("	v1 = {v1}");
 
-		libc::free(my_ptr as *mut libc::c_void); // $ MISSING: Source[rust/access-invalid-pointer]=free
+		libc::free(my_ptr as *mut libc::c_void); // $ Source[rust/access-invalid-pointer]=free
 		// (my_ptr is now dangling)
 
-		let v2 = *my_ptr; // $ MISSING: Alert[rust/access-invalid-pointer]=free
+		let v2 = *my_ptr; // $ Alert[rust/access-invalid-pointer]=free
 		println!("	v2 = {v2} (!)"); // corrupt in practice
 	}
 }

From f57d691424fc8256947a71fa6c510884c89609c5 Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Tue, 8 Jul 2025 09:33:50 +0100
Subject: [PATCH 4/6] Rust: Fix typo in model.

---
 .../codeql/rust/frameworks/async-rs.model.yml    |  2 +-
 .../dataflow/sources/TaintSources.expected       |  1 +
 .../dataflow/sources/test_futures_io.rs          | 16 ++++++++--------
 3 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/rust/ql/lib/codeql/rust/frameworks/async-rs.model.yml b/rust/ql/lib/codeql/rust/frameworks/async-rs.model.yml
index d90504d77c86..9e65ba1b1964 100644
--- a/rust/ql/lib/codeql/rust/frameworks/async-rs.model.yml
+++ b/rust/ql/lib/codeql/rust/frameworks/async-rs.model.yml
@@ -3,4 +3,4 @@ extensions:
       pack: codeql/rust-all
       extensible: sourceModel
     data:
-      - ["<async-std::net::tcp::stream::TcpStream>::connect", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "remote", "manual"]
+      - ["<async_std::net::tcp::stream::TcpStream>::connect", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "remote", "manual"]
diff --git a/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected b/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected
index 0e170f5f44cb..4d95b9bb61b9 100644
--- a/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected
+++ b/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected
@@ -75,6 +75,7 @@
 | test.rs:779:22:779:50 | ...::new | Flow source 'RemoteSource' of type remote (DEFAULT). |
 | test.rs:806:16:806:29 | ...::args | Flow source 'CommandLineArgs' of type commandargs (DEFAULT). |
 | test.rs:806:16:806:29 | ...::args | Flow source 'CommandLineArgs' of type commandargs (DEFAULT). |
+| test_futures_io.rs:19:15:19:32 | ...::connect | Flow source 'RemoteSource' of type remote (DEFAULT). |
 | web_frameworks.rs:11:31:11:31 | a | Flow source 'RemoteSource' of type remote (DEFAULT). |
 | web_frameworks.rs:11:31:11:31 | a | Flow source 'RemoteSource' of type remote (DEFAULT). |
 | web_frameworks.rs:22:14:22:18 | TuplePat | Flow source 'RemoteSource' of type remote (DEFAULT). |
diff --git a/rust/ql/test/library-tests/dataflow/sources/test_futures_io.rs b/rust/ql/test/library-tests/dataflow/sources/test_futures_io.rs
index 4cff19432a4e..0174c2045fe6 100644
--- a/rust/ql/test/library-tests/dataflow/sources/test_futures_io.rs
+++ b/rust/ql/test/library-tests/dataflow/sources/test_futures_io.rs
@@ -16,21 +16,21 @@ use std::task::{Context, Poll};
 
 async fn test_futures_rustls_futures_io() -> io::Result<()> {
     let url = "www.example.com:443";
-    let tcp = TcpStream::connect(url).await?; // $ MISSING: Alert[rust/summary/taint-sources]
-    sink(&tcp); // $ MISSING: hasTaintFlow=url
+    let tcp = TcpStream::connect(url).await?; // $ Alert[rust/summary/taint-sources]
+    sink(&tcp); // $ hasTaintFlow=url
     let config = rustls::ClientConfig::builder()
         .with_root_certificates(rustls::RootCertStore::empty())
         .with_no_client_auth();
     let connector = TlsConnector::from(Arc::new(config));
     let server_name = rustls::pki_types::ServerName::try_from("www.example.com").unwrap();
     let mut reader = connector.connect(server_name, tcp).await?;
-    sink(&reader); // $ MISSING: hasTaintFlow=url
+    sink(&reader); // $ hasTaintFlow=url
 
     {
         // using the `AsyncRead` trait (low-level)
         let mut buffer = [0u8; 64];
         let mut pinned = Pin::new(&mut reader);
-        sink(&pinned); // $ MISSING: hasTaintFlow=url
+        sink(&pinned); // $ hasTaintFlow=url
         let mut cx = Context::from_waker(futures::task::noop_waker_ref());
         let bytes_read = pinned.poll_read(&mut cx, &mut buffer); // we cannot correctly resolve this call, since it relies on `Deref`
         if let Poll::Ready(Ok(n)) = bytes_read {
@@ -52,12 +52,12 @@ async fn test_futures_rustls_futures_io() -> io::Result<()> {
     }
 
     let mut reader2 = futures::io::BufReader::new(reader);
-    sink(&reader2); // $ MISSING: hasTaintFlow=url
+    sink(&reader2); // $ hasTaintFlow=url
 
     {
         // using the `AsyncBufRead` trait (low-level)
         let mut pinned = Pin::new(&mut reader2);
-        sink(&pinned); // $ MISSING: hasTaintFlow=url
+        sink(&pinned); // $ hasTaintFlow=url
         let mut cx = Context::from_waker(futures::task::noop_waker_ref());
         let buffer = pinned.poll_fill_buf(&mut cx);
         if let Poll::Ready(Ok(buf)) = buffer {
@@ -88,7 +88,7 @@ async fn test_futures_rustls_futures_io() -> io::Result<()> {
         // using the `AsyncRead` trait (low-level)
         let mut buffer = [0u8; 64];
         let mut pinned = Pin::new(&mut reader2);
-        sink(&pinned); // $ MISSING: hasTaintFlow=url
+        sink(&pinned); // $ hasTaintFlow=url
         let mut cx = Context::from_waker(futures::task::noop_waker_ref());
         let bytes_read = pinned.poll_read(&mut cx, &mut buffer);
         sink(&buffer); // $ MISSING: hasTaintFlow=url
@@ -111,7 +111,7 @@ async fn test_futures_rustls_futures_io() -> io::Result<()> {
     {
         // using the `AsyncBufRead` trait (low-level)
         let mut pinned = Pin::new(&mut reader2);
-        sink(&pinned); // $ MISSING: hasTaintFlow=url
+        sink(&pinned); // $ hasTaintFlow=url
         let mut cx = Context::from_waker(futures::task::noop_waker_ref());
         let buffer = pinned.poll_fill_buf(&mut cx);
         sink(&buffer); // $ MISSING: hasTaintFlow=url

From 3dabd51cf73e190089aea6b104dfa1b9f9b9f49f Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Tue, 8 Jul 2025 11:24:57 +0100
Subject: [PATCH 5/6] Rust: Fix a summaryModelDeprecated that was causing
 problems.

---
 rust/ql/lib/codeql/rust/frameworks/stdlib/io.model.yml | 4 ++--
 rust/ql/test/library-tests/dataflow/sources/test.rs    | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/io.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/io.model.yml
index fc86d2fb908f..7aca1a852d9c 100644
--- a/rust/ql/lib/codeql/rust/frameworks/stdlib/io.model.yml
+++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/io.model.yml
@@ -19,8 +19,8 @@ extensions:
       - ["lang:std", "<crate::io::stdio::StdinLock as crate::io::Read>::read_to_string", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
       - ["lang:std", "<crate::fs::File as crate::io::Read>::read_to_string", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
       - ["lang:std", "crate::io::Read::read_to_string", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
-      - ["lang:std", ":<crate::io::stdio::Stdin as crate::io::Read>::read_to_end", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
-      - ["lang:std", ":<crate::io::stdio::StdinLock as crate::io::Read>::read_to_end", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
+      - ["lang:std", "<crate::io::stdio::Stdin as crate::io::Read>::read_to_end", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
+      - ["lang:std", "<crate::io::stdio::StdinLock as crate::io::Read>::read_to_end", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
       - ["lang:std", "<crate::fs::File as crate::io::Read>::read_to_end", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
       - ["lang:std", "crate::io::Read::read_to_end", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
       - ["lang:std", "<crate::io::stdio::Stdin as crate::io::Read>::read_exact", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
diff --git a/rust/ql/test/library-tests/dataflow/sources/test.rs b/rust/ql/test/library-tests/dataflow/sources/test.rs
index 0ee8ac2e45b9..16c0798a107e 100644
--- a/rust/ql/test/library-tests/dataflow/sources/test.rs
+++ b/rust/ql/test/library-tests/dataflow/sources/test.rs
@@ -214,7 +214,7 @@ fn test_io_stdin() -> std::io::Result<()> {
     {
         let mut buffer = Vec::<u8>::new();
         let _bytes = std::io::stdin().read_to_end(&mut buffer)?; // $ Alert[rust/summary/taint-sources]
-        sink(&buffer); // $ MISSING: hasTaintFlow
+        sink(&buffer); // $ hasTaintFlow
     }
 
     {

From 4dea5eef700548b812b74e766544bd87c558ce6b Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Thu, 10 Jul 2025 09:58:41 +0100
Subject: [PATCH 6/6] Rust: Fix futures_io models.

---
 .../codeql/rust/frameworks/futures.model.yml  | 22 +++++++++----------
 .../dataflow/sources/test_futures_io.rs       | 12 +++++-----
 2 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/rust/ql/lib/codeql/rust/frameworks/futures.model.yml b/rust/ql/lib/codeql/rust/frameworks/futures.model.yml
index cd9f476f8fb1..dd81e23fad68 100644
--- a/rust/ql/lib/codeql/rust/frameworks/futures.model.yml
+++ b/rust/ql/lib/codeql/rust/frameworks/futures.model.yml
@@ -5,15 +5,15 @@ extensions:
     data:
       - ["futures_executor::local_pool::block_on", "Argument[0]", "ReturnValue", "value", "manual"]
       - ["<futures_util::io::buf_reader::BufReader>::new", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["futures-util::io::AsyncReadExt::read", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
-      - ["futures-util::io::AsyncReadExt::read", "Argument[self].Reference", "Argument[0].Reference", "taint", "manual"]
-      - ["futures-util::io::AsyncReadExt::read_to_end", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
-      - ["futures-util::io::AsyncReadExt::read_to_end", "Argument[self].Reference", "Argument[0].Reference", "taint", "manual"]
-      - ["futures-util::io::AsyncBufReadExt::read_line", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
-      - ["futures-util::io::AsyncBufReadExt::read_line", "Argument[self].Reference", "Argument[0].Reference", "taint", "manual"]
-      - ["futures-util::io::AsyncBufReadExt::read_until", "Argument[self]", "Argument[1].Reference", "taint", "manual"]
-      - ["futures-util::io::AsyncBufReadExt::read_until", "Argument[self].Reference", "Argument[1].Reference", "taint", "manual"]
-      - ["futures-util::io::AsyncBufReadExt::fill_buf", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"]
-      - ["futures-util::io::AsyncBufReadExt::lines", "Argument[self]", "ReturnValue", "taint", "manual"]
+      - ["<_ as futures_util::io::AsyncReadExt>::read", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
+      - ["<_ as futures_util::io::AsyncReadExt>::read", "Argument[self].Reference", "Argument[0].Reference", "taint", "manual"]
+      - ["<_ as futures_util::io::AsyncReadExt>::read_to_end", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
+      - ["<_ as futures_util::io::AsyncReadExt>::read_to_end", "Argument[self].Reference", "Argument[0].Reference", "taint", "manual"]
+      - ["<_ as futures_util::io::AsyncBufReadExt>::read_line", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
+      - ["<_ as futures_util::io::AsyncBufReadExt>::read_line", "Argument[self].Reference", "Argument[0].Reference", "taint", "manual"]
+      - ["<_ as futures_util::io::AsyncBufReadExt>::read_until", "Argument[self]", "Argument[1].Reference", "taint", "manual"]
+      - ["<_ as futures_util::io::AsyncBufReadExt>::read_until", "Argument[self].Reference", "Argument[1].Reference", "taint", "manual"]
+      - ["<_ as futures_util::io::AsyncBufReadExt>::fill_buf", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"]
+      - ["<_ as futures_util::io::AsyncBufReadExt>::lines", "Argument[self]", "ReturnValue", "taint", "manual"]
       - ["<alloc::boxed::Box as core::iter::traits::iterator::Iterator>::next", "Argument[self]", "ReturnValue.Future.Field[core::option::Option::Some(0)]", "taint", "manual"]
-      - ["<futures-util::io::buf_reader::BufReader as futures_io::if_std::AsyncBufRead>::poll_fill_buf", "Argument[self].Reference", "ReturnValue.Field[core::task::poll::Poll::Ready(0)].Field[core::result::Result::Ok(0)]", "taint", "manual"]
+      - ["<_ as futures_io::if_std::AsyncBufRead>::poll_fill_buf", "Argument[self].Reference", "ReturnValue.Field[core::task::poll::Poll::Ready(0)].Field[core::result::Result::Ok(0)]", "taint", "manual"]
diff --git a/rust/ql/test/library-tests/dataflow/sources/test_futures_io.rs b/rust/ql/test/library-tests/dataflow/sources/test_futures_io.rs
index 0174c2045fe6..67dce4b21cc7 100644
--- a/rust/ql/test/library-tests/dataflow/sources/test_futures_io.rs
+++ b/rust/ql/test/library-tests/dataflow/sources/test_futures_io.rs
@@ -43,7 +43,7 @@ async fn test_futures_rustls_futures_io() -> io::Result<()> {
         // using the `AsyncReadExt::read` extension method (higher-level)
         let mut buffer1 = [0u8; 64];
         let bytes_read1 = futures::io::AsyncReadExt::read(&mut reader, &mut buffer1).await?;
-        sink(&buffer1[..bytes_read1]); // $ MISSING: hasTaintFlow=url
+        sink(&buffer1[..bytes_read1]); // $ hasTaintFlow=url
 
         let mut buffer2 = [0u8; 64];
         let bytes_read2 = reader.read(&mut buffer2).await?; // we cannot resolve the `read` call, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
@@ -61,7 +61,7 @@ async fn test_futures_rustls_futures_io() -> io::Result<()> {
         let mut cx = Context::from_waker(futures::task::noop_waker_ref());
         let buffer = pinned.poll_fill_buf(&mut cx);
         if let Poll::Ready(Ok(buf)) = buffer {
-            sink(&buffer); // $ MISSING: hasTaintFlow=url
+            sink(&buffer); // $ hasTaintFlow=url
             sink(buf); // $ MISSING: hasTaintFlow=url
         }
 
@@ -69,8 +69,8 @@ async fn test_futures_rustls_futures_io() -> io::Result<()> {
         let buffer2 = Pin::new(&mut reader2).poll_fill_buf(&mut cx);
         match (buffer2) {
             Poll::Ready(Ok(buf)) => {
-                sink(&buffer2); // $ MISSING: hasTaintFlow=url
-                sink(buf); // $ MISSING: hasTaintFlow=url
+                sink(&buffer2); // $ hasTaintFlow=url
+                sink(buf); // $ hasTaintFlow=url
             }
             _ => {
                 // ...
@@ -101,7 +101,7 @@ async fn test_futures_rustls_futures_io() -> io::Result<()> {
         // using the `AsyncReadExt::read` extension method (higher-level)
         let mut buffer1 = [0u8; 64];
         let bytes_read1 = futures::io::AsyncReadExt::read(&mut reader2, &mut buffer1).await?;
-        sink(&buffer1[..bytes_read1]); // $ MISSING: hasTaintFlow=url
+        sink(&buffer1[..bytes_read1]); // $ hasTaintFlow=url
 
         let mut buffer2 = [0u8; 64];
         let bytes_read2 = reader2.read(&mut buffer2).await?; // we cannot resolve the `read` call, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
@@ -114,7 +114,7 @@ async fn test_futures_rustls_futures_io() -> io::Result<()> {
         sink(&pinned); // $ hasTaintFlow=url
         let mut cx = Context::from_waker(futures::task::noop_waker_ref());
         let buffer = pinned.poll_fill_buf(&mut cx);
-        sink(&buffer); // $ MISSING: hasTaintFlow=url
+        sink(&buffer); // $ hasTaintFlow=url
         if let Poll::Ready(Ok(buf)) = buffer {
             sink(buf); // $ MISSING: hasTaintFlow=url
         }