github
diff --git a/‎java/ql/lib/semmle/code/java/dataflow/DataFlow.qll‎
Lines changed: 1 addition & 1 deletion b/‎java/ql/lib/semmle/code/java/dataflow/DataFlow.qll‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎java/ql/lib/semmle/code/java/dataflow/TaintTracking.qll‎
Lines changed: 1 addition & 1 deletion b/‎java/ql/lib/semmle/code/java/dataflow/TaintTracking.qll‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplSpecific.qll‎
Lines changed: 3 additions & 0 deletions b/‎java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplSpecific.qll‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎shared/dataflow/codeql/dataflow/DataFlow.qll‎
Lines changed: 145 additions & 56 deletions b/‎shared/dataflow/codeql/dataflow/DataFlow.qll‎
Lines changed: 145 additions & 56 deletions
@@ -10,6 +10,6 @@ import java
 module DataFlow {
   private import semmle.code.java.dataflow.internal.DataFlowImplSpecific
   private import codeql.dataflow.DataFlow
-  import DataFlowMake<Location, JavaDataFlow>
+  import DataFlowMakeOverlay<Location, JavaDataFlow>
   import Public
 }
@@ -13,5 +13,5 @@ module TaintTracking {
   private import semmle.code.java.dataflow.internal.DataFlowImplSpecific
   private import semmle.code.java.dataflow.internal.TaintTrackingImplSpecific
   private import codeql.dataflow.TaintTracking
-  import TaintFlowMake<Location, JavaDataFlow, JavaTaintTracking>
+  import TaintFlowMakeOverlay<Location, JavaDataFlow, JavaTaintTracking>
 }
@@ -6,6 +6,7 @@ module;
 
 private import semmle.code.Location
 private import codeql.dataflow.DataFlow
+private import semmle.code.java.Overlay
 
 module Private {
   import DataFlowPrivate
@@ -29,4 +30,6 @@ module JavaDataFlow implements InputSig<Location> {
   predicate mayBenefitFromCallContext = Private::mayBenefitFromCallContext/1;
 
   predicate viableImplInCallContext = Private::viableImplInCallContext/2;
+
+  predicate isEvaluatingInOverlay = isOverlay/0;
 }
@@ -349,6 +349,18 @@ signature module InputSig<LocationSig Location> {
 
   /** Holds if `fieldFlowBranchLimit` should be ignored for flow going into/out of `c`. */
   default predicate ignoreFieldFlowBranchLimit(DataFlowCallable c) { none() }
+
+  /**
+   * Holds if the evaluator is currently evaluating with an overlay. The
+   * implementation of this predicate needs to be `overlay[local]`. For a
+   * language with no overlay support, `none()` is a valid implementation.
+   *
+   * When called from a local predicate, this predicate holds if we are in the
+   * overlay-only local evaluation. When called from a global predicate, this
+   * predicate holds if we are evaluating globally with overlay and base both
+   * visible.
+   */
+  default predicate isEvaluatingInOverlay() { none() }
 }
 
 module Configs<LocationSig Location, InputSig<Location> Lang> {
@@ -645,10 +657,8 @@ private module PathGraphSigMod {
   }
 }
 
-module DataFlowMake<LocationSig Location, InputSig<Location> Lang> {
+private module DataFlowMakeCore<LocationSig Location, InputSig<Location> Lang> {
   private import Lang
-  private import internal.DataFlowImpl::MakeImpl<Location, Lang>
-  private import internal.DataFlowImplStage1::MakeImplStage1<Location, Lang>
   import Configs<Location, Lang>
 
   /**
@@ -691,59 +701,6 @@ module DataFlowMake<LocationSig Location, InputSig<Location> Lang> {
     predicate flowToExpr(DataFlowExpr sink);
   }
 
-  /**
-   * Constructs a global data flow computation.
-   */
-  module Global<ConfigSig Config> implements GlobalFlowSig {
-    private module C implements FullStateConfigSig {
-      import DefaultState<Config>
-      import Config
-
-      predicate accessPathLimit = Config::accessPathLimit/0;
-
-      predicate isAdditionalFlowStep(Node node1, Node node2, string model) {
-        Config::isAdditionalFlowStep(node1, node2) and model = "Config"
-      }
-    }
-
-    private module Stage1 = ImplStage1<C>;
-
-    import Stage1::PartialFlow
-
-    private module Flow = Impl<C, Stage1::Stage1NoState>;
-
-    import Flow
-  }
-
-  /**
-   * Constructs a global data flow computation using flow state.
-   */
-  module GlobalWithState<StateConfigSig Config> implements GlobalFlowSig {
-    private module C implements FullStateConfigSig {
-      import Config
-
-      predicate accessPathLimit = Config::accessPathLimit/0;
-
-      predicate isAdditionalFlowStep(Node node1, Node node2, string model) {
-        Config::isAdditionalFlowStep(node1, node2) and model = "Config"
-      }
-
-      predicate isAdditionalFlowStep(
-        Node node1, FlowState state1, Node node2, FlowState state2, string model
-      ) {
-        Config::isAdditionalFlowStep(node1, state1, node2, state2) and model = "Config"
-      }
-    }
-
-    private module Stage1 = ImplStage1<C>;
-
-    import Stage1::PartialFlow
-
-    private module Flow = Impl<C, Stage1::Stage1WithState>;
-
-    import Flow
-  }
-
   signature class PathNodeSig {
     /** Gets a textual representation of this element. */
     string toString();
@@ -1141,3 +1098,135 @@ module DataFlowMake<LocationSig Location, InputSig<Location> Lang> {
     import PathGraph
   }
 }
+
+module DataFlowMake<LocationSig Location, InputSig<Location> Lang> {
+  import DataFlowMakeCore<Location, Lang>
+  private import Lang
+  private import internal.DataFlowImpl::MakeImpl<Location, Lang>
+  private import internal.DataFlowImplStage1::MakeImplStage1<Location, Lang>
+
+  /**
+   * Constructs a global data flow computation.
+   */
+  module Global<ConfigSig Config> implements GlobalFlowSig {
+    private module C implements FullStateConfigSig {
+      import DefaultState<Config>
+      import Config
+
+      predicate accessPathLimit = Config::accessPathLimit/0;
+
+      predicate isAdditionalFlowStep(Node node1, Node node2, string model) {
+        Config::isAdditionalFlowStep(node1, node2) and model = "Config"
+      }
+
+      predicate observeOverlayInformedIncrementalMode() { none() }
+    }
+
+    private module Stage1 = ImplStage1<C>;
+
+    import Stage1::PartialFlow
+
+    private module Flow = Impl<C, Stage1::Stage1NoState>;
+
+    import Flow
+  }
+
+  /**
+   * Constructs a global data flow computation using flow state.
+   */
+  module GlobalWithState<StateConfigSig Config> implements GlobalFlowSig {
+    private module C implements FullStateConfigSig {
+      import Config
+
+      predicate accessPathLimit = Config::accessPathLimit/0;
+
+      predicate isAdditionalFlowStep(Node node1, Node node2, string model) {
+        Config::isAdditionalFlowStep(node1, node2) and model = "Config"
+      }
+
+      predicate isAdditionalFlowStep(
+        Node node1, FlowState state1, Node node2, FlowState state2, string model
+      ) {
+        Config::isAdditionalFlowStep(node1, state1, node2, state2) and model = "Config"
+      }
+
+      predicate observeOverlayInformedIncrementalMode() { none() }
+    }
+
+    private module Stage1 = ImplStage1<C>;
+
+    import Stage1::PartialFlow
+
+    private module Flow = Impl<C, Stage1::Stage1WithState>;
+
+    import Flow
+  }
+}
+
+module DataFlowMakeOverlay<LocationSig Location, InputSig<Location> Lang> {
+  import DataFlowMake<Location, Lang>
+  private import Lang
+  private import internal.DataFlowImpl::MakeImpl<Location, Lang>
+  private import internal.DataFlowImplStage1::MakeImplStage1<Location, Lang>
+
+  /**
+   * Constructs a global data flow computation.
+   */
+  module Global<ConfigSig Config> implements GlobalFlowSig {
+    private module C implements FullStateConfigSig {
+      import DefaultState<Config>
+      import Config
+
+      predicate accessPathLimit = Config::accessPathLimit/0;
+
+      predicate isAdditionalFlowStep(Node node1, Node node2, string model) {
+        Config::isAdditionalFlowStep(node1, node2) and model = "Config"
+      }
+
+      predicate observeOverlayInformedIncrementalMode() {
+        not Config::observeDiffInformedIncrementalMode()
+      }
+    }
+
+    private module Stage1 = ImplStage1<C>;
+
+    import Stage1::PartialFlow
+
+    private module Flow = OverlayImpl<C, Stage1::Stage1NoState>;
+
+    import Flow
+  }
+
+  /**
+   * Constructs a global data flow computation using flow state.
+   */
+  module GlobalWithState<StateConfigSig Config> implements GlobalFlowSig {
+    private module C implements FullStateConfigSig {
+      import Config
+
+      predicate accessPathLimit = Config::accessPathLimit/0;
+
+      predicate isAdditionalFlowStep(Node node1, Node node2, string model) {
+        Config::isAdditionalFlowStep(node1, node2) and model = "Config"
+      }
+
+      predicate isAdditionalFlowStep(
+        Node node1, FlowState state1, Node node2, FlowState state2, string model
+      ) {
+        Config::isAdditionalFlowStep(node1, state1, node2, state2) and model = "Config"
+      }
+
+      predicate observeOverlayInformedIncrementalMode() {
+        not Config::observeDiffInformedIncrementalMode()
+      }
+    }
+
+    private module Stage1 = ImplStage1<C>;
+
+    import Stage1::PartialFlow
+
+    private module Flow = OverlayImpl<C, Stage1::Stage1WithState>;
+
+    import Flow
+  }
+}
Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,6 @@ import java`
`10`	`10`	`module DataFlow {`
`11`	`11`	`private import semmle.code.java.dataflow.internal.DataFlowImplSpecific`
`12`	`12`	`private import codeql.dataflow.DataFlow`
`13`		`- import DataFlowMake<Location, JavaDataFlow>`
	`13`	`+ import DataFlowMakeOverlay<Location, JavaDataFlow>`
`14`	`14`	`import Public`
`15`	`15`	`}`
Original file line number	Diff line number	Diff line change
`@@ -13,5 +13,5 @@ module TaintTracking {`
`13`	`13`	`private import semmle.code.java.dataflow.internal.DataFlowImplSpecific`
`14`	`14`	`private import semmle.code.java.dataflow.internal.TaintTrackingImplSpecific`
`15`	`15`	`private import codeql.dataflow.TaintTracking`
`16`		`- import TaintFlowMake<Location, JavaDataFlow, JavaTaintTracking>`
	`16`	`+ import TaintFlowMakeOverlay<Location, JavaDataFlow, JavaTaintTracking>`
`17`	`17`	`}`