circle-ir 3.8.4 → 3.9.7

package/README.md

@@ -1,12 +1,14 @@
 # circle-ir
 
-A high-performance Static Application Security Testing (SAST) library for detecting security vulnerabilities through taint analysis. Works in Node.js and browsers.
+A high-performance Static Application Security Testing (SAST) library for detecting security vulnerabilities through taint analysis, and code quality findings through an extensible analysis-pass pipeline. Works in Node.js and browsers.
 
 ## Features
 
 - **Taint Analysis**: Track data flow from sources (user input) to sinks (dangerous operations)
 - **Multi-language Support**: Java, JavaScript/TypeScript, Python, Rust, Bash/Shell
 - **High Accuracy**: 100% on OWASP Benchmark, 100% on Juliet Test Suite, 97.7% TPR on SecuriBench Micro
+- **11-Pass Pipeline**: Security taint passes + quality passes (dead code, missing await, N+1, doc coverage, TODO markers)
+- **Cross-File Analysis**: `analyzeProject()` surfaces taint flows that span multiple files
 - **Universal**: Works in Node.js and browsers with environment-agnostic core
 - **Zero External Dependencies**: Core analysis runs without network calls or external services
 - **Browser Compatible**: Tree-sitter WASM for universal parsing
@@ -31,12 +33,19 @@ await initAnalyzer();
 // Analyze Java code
 const result = await analyze(code, 'MyClass.java', 'java');
 
-// Check for vulnerabilities
+// Security taint flows
 for (const flow of result.taint.flows || []) {
   console.log(`Found ${flow.sink_type} vulnerability`);
   console.log(`  Source: line ${flow.source_line}`);
   console.log(`  Sink: line ${flow.sink_line}`);
 }
+
+// Quality findings from analysis passes (dead-code, missing-await, n-plus-one, etc.)
+for (const finding of result.findings || []) {
+  console.log(`[${finding.severity}] ${finding.rule_id} at line ${finding.line}`);
+  console.log(`  ${finding.message}`);
+  if (finding.fix) console.log(`  Fix: ${finding.fix}`);
+}
 ```
 
 ### Browser
@@ -78,7 +87,7 @@ interface AnalyzerOptions {
 
 ### `analyze(code, filePath, language, options?)`
 
-Analyze source code and return Circle-IR output.
+Analyze a single file and return Circle-IR output.
 
 ```typescript
 const result = await analyze(code, 'File.java', 'java');
@@ -92,6 +101,38 @@ result.dfg        // Data flow graph
 result.taint      // Taint sources, sinks, flows
 result.imports    // Import statements
 result.exports    // Exported symbols
+result.findings   // SastFinding[] from all 11 analysis passes
+```
+
+### `analyzeProject(files, options?)`
+
+Analyze multiple files together to detect cross-file taint flows.
+
+```typescript
+import { analyzeProject } from 'circle-ir';
+
+const result = await analyzeProject([
+  { code: controllerCode, filePath: 'UserController.java', language: 'java' },
+  { code: serviceCode,    filePath: 'UserService.java',    language: 'java' },
+  { code: daoCode,        filePath: 'UserDao.java',        language: 'java' },
+]);
+
+// Per-file analysis (same as analyze() per file)
+for (const { file, analysis } of result.files) {
+  console.log(`${file}: ${analysis.taint.flows?.length ?? 0} intra-file flows`);
+}
+
+// Cross-file taint paths (the key deliverable)
+for (const path of result.taint_paths) {
+  console.log(`Cross-file ${path.sink.type}: ${path.source.file} → ${path.sink.file}`);
+  console.log(`  Confidence: ${path.confidence.toFixed(2)}, CWE: ${path.sink.cwe}`);
+}
+
+// Resolved inter-file method calls
+console.log(`${result.cross_file_calls.length} cross-file calls resolved`);
+
+// Project metadata
+console.log(`${result.meta.total_files} files, ${result.meta.total_loc} LOC`);
 ```
 
 ### `analyzeForAPI(code, filePath, language, options?)`
@@ -169,6 +210,42 @@ sources:
     tainted_args: [return]
 ```
 
+## SAST Findings & Quality Passes
+
+The 11-pass pipeline emits `SastFinding[]` via `result.findings`. Each finding is SARIF 2.1.0-aligned:
+
+```typescript
+interface SastFinding {
+  id: string;           // e.g. "dead-code-42"
+  rule_id: string;      // e.g. "dead-code"
+  category: PassCategory; // 'security' | 'reliability' | 'performance' | 'maintainability' | 'architecture'
+  severity: string;     // 'critical' | 'high' | 'medium' | 'low'
+  level: SarifLevel;    // 'error' | 'warning' | 'note' | 'none'
+  message: string;
+  file: string;
+  line: number;
+  cwe?: string;         // e.g. "CWE-561"
+  fix?: string;         // Instance-specific remediation hint
+  evidence?: Record<string, unknown>;
+}
+```
+
+**Current passes** (see [docs/PASSES.md](docs/PASSES.md) for the full registry):
+
+| Pass | rule_id | Category | CWE | Level |
+|------|---------|----------|-----|-------|
+| TaintMatcherPass | _(produces flows)_ | security | — | error |
+| ConstantPropagationPass | _(reduces FP)_ | security | — | — |
+| LanguageSourcesPass | _(enriches sources)_ | security | — | — |
+| SinkFilterPass | _(filters sinks)_ | security | — | — |
+| TaintPropagationPass | _(propagates taint)_ | security | — | error |
+| InterproceduralPass | _(cross-method)_ | security | — | error |
+| DeadCodePass | `dead-code` | reliability | CWE-561 | warning |
+| MissingAwaitPass | `missing-await` | reliability | CWE-252 | warning |
+| NPlusOnePass | `n-plus-one` | performance | CWE-1049 | warning |
+| MissingPublicDocPass | `missing-public-doc` | maintainability | — | note |
+| TodoInProdPass | `todo-in-prod` | maintainability | — | note |
+
 ## Key Analysis Features
 
 - **Constant Propagation**: Eliminates false positives by tracking variable values and detecting dead code
@@ -191,11 +268,11 @@ All scores below are for **circle-ir static analysis only** (no LLM).
 
 ## Documentation
 
+- [Pass & Metric Registry](docs/PASSES.md) - Canonical list of every pass and metric with rule_id, CWE, and status
 - [Circle-IR Specification](docs/SPEC.md) - IR format specification
 - [Architecture Guide](docs/ARCHITECTURE.md) - Detailed system architecture
-- [Contributing Guide](CONTRIBUTING.md) - How to contribute
 - [Changelog](CHANGELOG.md) - Version history
-- [TODO](TODO.md) - Pending improvements and roadmap
+- [TODO](TODO.md) - Phase-based roadmap
 
 ## License
 

package/dist/analysis/dfg-verifier.d.ts

@@ -6,6 +6,7 @@
  * pattern matching alone.
  */
 import type { DFG, DFGDef, CallInfo, TaintSource, TaintSink, TaintSanitizer } from '../types/index.js';
+import { CodeGraph } from '../graph/index.js';
 /**
  * Result of DFG verification
  */
@@ -46,23 +47,11 @@ export interface VerifierConfig {
  * DFGVerifier - Verifies taint flows using def-use chains
  */
 export declare class DFGVerifier {
-    private dfg;
-    private calls;
+    private graph;
     private sanitizers;
     private config;
-    private defById;
-    private defsByLine;
-    private defsByVar;
-    private usesByDefId;
-    private usesByLine;
-    private callsByLine;
     private sanitizerLines;
-    private chainsByFromDef;
-    constructor(dfg: DFG, calls: CallInfo[], sanitizers: TaintSanitizer[], config?: VerifierConfig);
-    /**
-     * Build lookup maps for efficient querying
-     */
-    private buildLookupMaps;
+    constructor(graphOrDfg: CodeGraph | DFG, callsOrSanitizers: CallInfo[] | TaintSanitizer[], sanitizersOrConfig?: TaintSanitizer[] | VerifierConfig, config?: VerifierConfig);
     /**
      * Verify if taint flows from source to sink
      */

package/dist/analysis/dfg-verifier.js

@@ -5,81 +5,53 @@
  * the data flow graph. This provides a more precise validation than
  * pattern matching alone.
  */
+import { CodeGraph } from '../graph/index.js';
 /**
  * DFGVerifier - Verifies taint flows using def-use chains
  */
 export class DFGVerifier {
-    dfg;
-    calls;
+    graph;
     sanitizers;
     config;
-    // Lookup maps
-    defById = new Map();
-    defsByLine = new Map();
-    defsByVar = new Map();
-    usesByDefId = new Map();
-    usesByLine = new Map();
-    callsByLine = new Map();
-    sanitizerLines = new Set();
-    // Chain lookup for faster traversal
-    chainsByFromDef = new Map();
-    constructor(dfg, calls, sanitizers, config = {}) {
-        this.dfg = dfg;
-        this.calls = calls;
-        this.sanitizers = sanitizers;
-        this.config = {
-            maxDepth: config.maxDepth ?? 30,
-            requireDirectFlow: config.requireDirectFlow ?? false,
-            allowFieldFlows: config.allowFieldFlows ?? true,
-        };
-        this.buildLookupMaps();
-    }
-    /**
-     * Build lookup maps for efficient querying
-     */
-    buildLookupMaps() {
-        for (const def of this.dfg.defs) {
-            this.defById.set(def.id, def);
-            const byLine = this.defsByLine.get(def.line) ?? [];
-            byLine.push(def);
-            this.defsByLine.set(def.line, byLine);
-            const byVar = this.defsByVar.get(def.variable) ?? [];
-            byVar.push(def);
-            this.defsByVar.set(def.variable, byVar);
-        }
-        for (const use of this.dfg.uses) {
-            const byLine = this.usesByLine.get(use.line) ?? [];
-            byLine.push(use);
-            this.usesByLine.set(use.line, byLine);
-            if (use.def_id !== null) {
-                const byDefId = this.usesByDefId.get(use.def_id) ?? [];
-                byDefId.push(use);
-                this.usesByDefId.set(use.def_id, byDefId);
-            }
-        }
-        for (const call of this.calls) {
-            const byLine = this.callsByLine.get(call.location.line) ?? [];
-            byLine.push(call);
-            this.callsByLine.set(call.location.line, byLine);
-        }
-        for (const sanitizer of this.sanitizers) {
-            this.sanitizerLines.add(sanitizer.line);
+    sanitizerLines;
+    constructor(graphOrDfg, callsOrSanitizers, sanitizersOrConfig, config = {}) {
+        // Support both new CodeGraph signature and legacy (dfg, calls, sanitizers, config) signature
+        if (graphOrDfg instanceof CodeGraph) {
+            this.graph = graphOrDfg;
+            this.sanitizers = callsOrSanitizers;
+            const cfg = sanitizersOrConfig;
+            this.config = {
+                maxDepth: cfg?.maxDepth ?? 30,
+                requireDirectFlow: cfg?.requireDirectFlow ?? false,
+                allowFieldFlows: cfg?.allowFieldFlows ?? true,
+            };
         }
-        // Build chain lookup
-        if (this.dfg.chains) {
-            for (const chain of this.dfg.chains) {
-                const byFromDef = this.chainsByFromDef.get(chain.from_def) ?? [];
-                byFromDef.push(chain);
-                this.chainsByFromDef.set(chain.from_def, byFromDef);
-            }
+        else {
+            // Legacy: (dfg, calls, sanitizers, config)
+            const dfg = graphOrDfg;
+            const calls = callsOrSanitizers;
+            const sanitizers = sanitizersOrConfig ?? [];
+            this.graph = new CodeGraph({
+                meta: { circle_ir: '3.0', file: '', language: 'java', loc: 0, hash: '' },
+                types: [], calls, cfg: { blocks: [], edges: [] }, dfg,
+                taint: { sources: [], sinks: [], sanitizers },
+                imports: [], exports: [], unresolved: [], enriched: {},
+            });
+            this.sanitizers = sanitizers;
+            this.config = {
+                maxDepth: config.maxDepth ?? 30,
+                requireDirectFlow: config.requireDirectFlow ?? false,
+                allowFieldFlows: config.allowFieldFlows ?? true,
+            };
         }
+        this.sanitizerLines = new Set(this.sanitizers.map(s => s.line));
     }
     /**
      * Verify if taint flows from source to sink
      */
     verify(source, sink) {
         // Find definitions at the source line
-        const sourceDefs = this.defsByLine.get(source.line) ?? [];
+        const sourceDefs = this.graph.defsAtLine(source.line);
         if (sourceDefs.length === 0) {
             return {
                 verified: false,
@@ -156,9 +128,9 @@ export class DFGVerifier {
                 };
             }
             // Explore via def-use chains (if available)
-            const chains = this.chainsByFromDef.get(state.def.id) ?? [];
+            const chains = this.graph.chainsFrom(state.def.id);
             for (const chain of chains) {
-                const nextDef = this.defById.get(chain.to_def);
+                const nextDef = this.graph.defById.get(chain.to_def);
                 if (!nextDef || state.visited.has(nextDef.id))
                     continue;
                 const step = {
@@ -177,10 +149,10 @@ export class DFGVerifier {
                 });
             }
             // Explore via uses of the current definition
-            const uses = this.usesByDefId.get(state.def.id) ?? [];
+            const uses = this.graph.usesOfDef(state.def.id);
             for (const use of uses) {
                 // Find definitions at the use line
-                const nextDefs = this.defsByLine.get(use.line) ?? [];
+                const nextDefs = this.graph.defsAtLine(use.line);
                 for (const nextDef of nextDefs) {
                     if (state.visited.has(nextDef.id))
                         continue;
@@ -206,8 +178,8 @@ export class DFGVerifier {
                 }
             }
             // Explore same-variable definitions at later lines
-            const laterDefs = (this.defsByVar.get(state.def.variable) ?? [])
-                .filter(d => d.line > state.def.line && d.line <= sink.line && !state.visited.has(d.id))
+            const laterDefs = this.graph.laterDefsOfVar(state.def.variable, state.def.line, sink.line)
+                .filter(d => !state.visited.has(d.id))
                 .slice(0, 5); // Limit branching
             for (const nextDef of laterDefs) {
                 const step = {
@@ -233,15 +205,13 @@ export class DFGVerifier {
      */
     reachesSink(def, sink) {
         // Check uses at sink line
-        const uses = this.usesByLine.get(sink.line) ?? [];
-        for (const use of uses) {
+        for (const use of this.graph.usesAtLine(sink.line)) {
             if (use.variable === def.variable || use.def_id === def.id) {
                 return true;
             }
         }
         // Check call arguments at sink line
-        const calls = this.callsByLine.get(sink.line) ?? [];
-        for (const call of calls) {
+        for (const call of this.graph.callsAtLine(sink.line)) {
             for (const arg of call.arguments) {
                 if (arg.variable === def.variable) {
                     return true;
@@ -250,8 +220,7 @@ export class DFGVerifier {
         }
         // Check if definition is at or before sink line with same variable
         if (def.line <= sink.line) {
-            const laterDefs = (this.defsByVar.get(def.variable) ?? [])
-                .filter(d => d.line > def.line && d.line <= sink.line);
+            const laterDefs = this.graph.laterDefsOfVar(def.variable, def.line, sink.line);
             // If no redefinition between def and sink, it reaches
             if (laterDefs.length === 0) {
                 return true;
@@ -264,7 +233,7 @@ export class DFGVerifier {
      */
     determineFlowType(fromDef, toDef, useLine) {
         // Check for call at the line
-        const calls = this.callsByLine.get(useLine) ?? [];
+        const calls = this.graph.callsAtLine(useLine);
         if (calls.length > 0) {
             // If the variable changed, it's a return assignment
             if (fromDef.variable !== toDef.variable) {

package/dist/analysis/dfg-verifier.js.map

@@ -1 +1 @@
-{"version":3,"file":"dfg-verifier.js","sourceRoot":"","sources":["../../src/analysis/dfg-verifier.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAqDH;;GAEG;AACH,MAAM,OAAO,WAAW;IACd,GAAG,CAAM;IACT,KAAK,CAAa;IAClB,UAAU,CAAmB;IAC7B,MAAM,CAA2B;IAEzC,cAAc;IACN,OAAO,GAAwB,IAAI,GAAG,EAAE,CAAC;IACzC,UAAU,GAA0B,IAAI,GAAG,EAAE,CAAC;IAC9C,SAAS,GAA0B,IAAI,GAAG,EAAE,CAAC;IAC7C,WAAW,GAA0B,IAAI,GAAG,EAAE,CAAC;IAC/C,UAAU,GAA0B,IAAI,GAAG,EAAE,CAAC;IAC9C,WAAW,GAA4B,IAAI,GAAG,EAAE,CAAC;IACjD,cAAc,GAAgB,IAAI,GAAG,EAAE,CAAC;IAEhD,oCAAoC;IAC5B,eAAe,GAA4B,IAAI,GAAG,EAAE,CAAC;IAE7D,YACE,GAAQ,EACR,KAAiB,EACjB,UAA4B,EAC5B,SAAyB,EAAE;QAE3B,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACf,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,MAAM,GAAG;YACZ,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,EAAE;YAC/B,iBAAiB,EAAE,MAAM,CAAC,iBAAiB,IAAI,KAAK;YACpD,eAAe,EAAE,MAAM,CAAC,eAAe,IAAI,IAAI;SAChD,CAAC;QAEF,IAAI,CAAC,eAAe,EAAE,CAAC;IACzB,CAAC;IAED;;OAEG;IACK,eAAe;QACrB,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;YAChC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;YAE9B,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YACnD,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACjB,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;YAEtC,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;YACrD,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAChB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QAC1C,CAAC;QAED,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;YAChC,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YACnD,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACjB,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;YAEtC,IAAI,GAAG,CAAC,MAAM,KAAK,IAAI,EAAE,CAAC;gBACxB,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;gBACvD,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAClB,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YAC5C,CAAC;QACH,CAAC;QAED,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YAC9D,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClB,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QACnD,CAAC;QAED,KAAK,MAAM,SAAS,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACxC,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAC1C,CAAC;QAED,qBAAqB;QACrB,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC;YACpB,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC;gBACpC,MAAM,SAAS,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;gBACjE,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBACtB,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;YACtD,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,MAAmB,EAAE,IAAe;QACzC,sCAAsC;QACtC,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAE1D,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO;gBACL,QAAQ,EAAE,KAAK;gBACf,UAAU,EAAE,CAAC;gBACb,MAAM,EAAE,+CAA+C,MAAM,CAAC,IAAI,EAAE;aACrE,CAAC;QACJ,CAAC;QAED,4DAA4D;QAC5D,MAAM,QAAQ,GAAuB,EAAE,CAAC;QAExC,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;YACnC,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;YAC5C,IAAI,IAAI,EAAE,CAAC;gBACT,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtB,CAAC;QACH,CAAC;QAED,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,OAAO;gBACL,QAAQ,EAAE,KAAK;gBACf,UAAU,EAAE,GAAG,EAAG,wCAAwC;gBAC1D,MAAM,EAAE,4CAA4C,MAAM,CAAC,IAAI,mBAAmB,IAAI,CAAC,IAAI,GAAG;aAC/F,CAAC;QACJ,CAAC;QAED,oDAAoD;QACpD,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAE/C,+BAA+B;QAC/B,MAAM,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;QACvD,IAAI,eAAe,EAAE,CAAC;YACpB,OAAO;gBACL,QAAQ,EAAE,KAAK;gBACf,UAAU,EAAE,GAAG;gBACf,MAAM,EAAE,0BAA0B,eAAe,CAAC,IAAI,OAAO,eAAe,CAAC,MAAM,EAAE;gBACrF,IAAI,EAAE,QAAQ;gBACd,gBAAgB,EAAE,QAAQ,CAAC,MAAM,GAAG,CAAC;aACtC,CAAC;QACJ,CAAC;QAED,qDAAqD;QACrD,MAAM,UAAU,GAAG,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC;QAEtD,OAAO;YACL,QAAQ,EAAE,IAAI;YACd,UAAU;YACV,MAAM,EAAE,aAAa,QAAQ,CAAC,MAAM,wBAAwB,MAAM,CAAC,IAAI,YAAY,IAAI,CAAC,IAAI,EAAE;YAC9F,IAAI,EAAE,QAAQ;YACd,gBAAgB,EAAE,QAAQ,CAAC,MAAM,GAAG,CAAC;SACtC,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,QAAQ,CAAC,SAAiB,EAAE,IAAe;QAOjD,MAAM,WAAW,GAAqB;YACpC,KAAK,EAAE,SAAS,CAAC,EAAE;YACnB,QAAQ,EAAE,SAAS,CAAC,QAAQ;YAC5B,IAAI,EAAE,SAAS,CAAC,IAAI;YACpB,IAAI,EAAE,SAAS,CAAC,IAAI;YACpB,QAAQ,EAAE,QAAQ;SACnB,CAAC;QAEF,MAAM,KAAK,GAAkB,CAAC;gBAC5B,GAAG,EAAE,SAAS;gBACd,KAAK,EAAE,CAAC,WAAW,CAAC;gBACpB,OAAO,EAAE,IAAI,GAAG,CAAC,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;aACjC,CAAC,CAAC;QAEH,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,EAAG,CAAC;YAE7B,oBAAoB;YACpB,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;gBAC9C,SAAS;YACX,CAAC;YAED,+CAA+C;YAC/C,IAAI,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,CAAC;gBACtC,OAAO;oBACL,KAAK,EAAE,KAAK,CAAC,KAAK;oBAClB,MAAM,EAAE,KAAK,CAAC,KAAK,CAAC,MAAM;oBAC1B,aAAa,EAAE,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,IAAI,CAAC,CAAC,QAAQ,KAAK,YAAY,CAAC;iBAC9F,CAAC;YACJ,CAAC;YAED,4CAA4C;YAC5C,MAAM,MAAM,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC;YAC5D,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;gBAC3B,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBAC/C,IAAI,CAAC,OAAO,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;oBAAE,SAAS;gBAExD,MAAM,IAAI,GAAqB;oBAC7B,KAAK,EAAE,OAAO,CAAC,EAAE;oBACjB,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,QAAQ,EAAE,YAAY;iBACvB,CAAC;gBAEF,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBAC1C,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;gBAE3B,KAAK,CAAC,IAAI,CAAC;oBACT,GAAG,EAAE,OAAO;oBACZ,KAAK,EAAE,CAAC,GAAG,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC;oBAC7B,OAAO,EAAE,UAAU;iBACpB,CAAC,CAAC;YACL,CAAC;YAED,6CAA6C;YAC7C,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC;YACtD,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;gBACvB,mCAAmC;gBACnC,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;gBAErD,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;oBAC/B,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;wBAAE,SAAS;oBAE5C,kCAAkC;oBAClC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,eAAe,IAAI,OAAO,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;wBAC7D,SAAS;oBACX,CAAC;oBAED,MAAM,QAAQ,GAAG,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;oBAEtE,MAAM,IAAI,GAAqB;wBAC7B,KAAK,EAAE,OAAO,CAAC,EAAE;wBACjB,QAAQ,EAAE,OAAO,CAAC,QAAQ;wBAC1B,IAAI,EAAE,OAAO,CAAC,IAAI;wBAClB,IAAI,EAAE,OAAO,CAAC,IAAI;wBAClB,QAAQ;qBACT,CAAC;oBAEF,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;oBAC1C,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;oBAE3B,KAAK,CAAC,IAAI,CAAC;wBACT,GAAG,EAAE,OAAO;wBACZ,KAAK,EAAE,CAAC,GAAG,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC;wBAC7B,OAAO,EAAE,UAAU;qBACpB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,mDAAmD;YACnD,MAAM,SAAS,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;iBAC7D,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;iBACvF,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAE,kBAAkB;YAEnC,KAAK,MAAM,OAAO,IAAI,SAAS,EAAE,CAAC;gBAChC,MAAM,IAAI,GAAqB;oBAC7B,KAAK,EAAE,OAAO,CAAC,EAAE;oBACjB,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,QAAQ,EAAE,YAAY;iBACvB,CAAC;gBAEF,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBAC1C,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;gBAE3B,KAAK,CAAC,IAAI,CAAC;oBACT,GAAG,EAAE,OAAO;oBACZ,KAAK,EAAE,CAAC,GAAG,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC;oBAC7B,OAAO,EAAE,UAAU;iBACpB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACK,WAAW,CAAC,GAAW,EAAE,IAAe;QAC9C,0BAA0B;QAC1B,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAClD,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,IAAI,GAAG,CAAC,QAAQ,KAAK,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,CAAC,EAAE,EAAE,CAAC;gBAC3D,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,oCAAoC;QACpC,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QACpD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACjC,IAAI,GAAG,CAAC,QAAQ,KAAK,GAAG,CAAC,QAAQ,EAAE,CAAC;oBAClC,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;QACH,CAAC;QAED,mEAAmE;QACnE,IAAI,GAAG,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YAC1B,MAAM,SAAS,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;iBACvD,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,GAAG,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,CAAC;YAEzD,sDAAsD;YACtD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC3B,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACK,iBAAiB,CACvB,OAAe,EACf,KAAa,EACb,OAAe;QAEf,6BAA6B;QAC7B,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QAClD,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,oDAAoD;YACpD,IAAI,OAAO,CAAC,QAAQ,KAAK,KAAK,CAAC,QAAQ,EAAE,CAAC;gBACxC,OAAO,QAAQ,CAAC;YAClB,CAAC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,yBAAyB;QACzB,IAAI,KAAK,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YAC3B,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,oBAAoB;QACpB,IAAI,OAAO,CAAC,QAAQ,KAAK,KAAK,CAAC,QAAQ,EAAE,CAAC;YACxC,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,OAAO,YAAY,CAAC;IACtB,CAAC;IAED;;OAEG;IACK,cAAc,CAAC,KAAyB;QAC9C,sBAAsB;QACtB,MAAM,WAAW,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC;QACvD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,OAAO,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACpE,CAAC;QAED,kCAAkC;QAClC,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9D,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,IAAsB;QAC5C,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9B,IAAI,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvC,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC;YACjE,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACK,mBAAmB,CAAC,IAAsB;QAChD,IAAI,UAAU,GAAG,GAAG,CAAC,CAAE,oCAAoC;QAE3D,wBAAwB;QACxB,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,UAAU,IAAI,IAAI,CAAC;QACrB,CAAC;QAED,yBAAyB;QACzB,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpB,UAAU,IAAI,IAAI,CAAC;QACrB,CAAC;QACD,IAAI,IAAI,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YACrB,UAAU,IAAI,GAAG,CAAC;QACpB,CAAC;QAED,0BAA0B;QAC1B,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,MAAM,CAAC;QACzE,UAAU,IAAI,UAAU,GAAG,IAAI,CAAC;QAEhC,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC,CAAC;IAClD,CAAC;IAED;;OAEG;IACH,SAAS,CACP,OAAsB,EACtB,KAAkB;QAElB,MAAM,OAAO,GAAG,IAAI,GAAG,EAA8B,CAAC;QAEtD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,MAAM,GAAG,GAAG,GAAG,MAAM,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;gBACzC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YAC3B,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,OAAwC;QAO/C,IAAI,QAAQ,GAAG,CAAC,CAAC;QACjB,IAAI,WAAW,GAAG,CAAC,CAAC;QACpB,IAAI,SAAS,GAAG,CAAC,CAAC;QAClB,IAAI,eAAe,GAAG,CAAC,CAAC;QAExB,KAAK,MAAM,MAAM,IAAI,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;YACtC,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACpB,QAAQ,EAAE,CAAC;gBACX,eAAe,IAAI,MAAM,CAAC,UAAU,CAAC;YACvC,CAAC;iBAAM,IAAI,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC/C,SAAS,EAAE,CAAC;YACd,CAAC;iBAAM,CAAC;gBACN,WAAW,EAAE,CAAC;YAChB,CAAC;QACH,CAAC;QAED,OAAO;YACL,KAAK,EAAE,OAAO,CAAC,IAAI;YACnB,QAAQ;YACR,WAAW;YACX,SAAS;YACT,aAAa,EAAE,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC,eAAe,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;SAC7D,CAAC;IACJ,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAC7B,GAAQ,EACR,KAAiB,EACjB,MAAmB,EACnB,IAAe,EACf,aAA+B,EAAE,EACjC,SAAyB,EAAE;IAE3B,MAAM,QAAQ,GAAG,IAAI,WAAW,CAAC,GAAG,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;IACjE,OAAO,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,wBAAwB,CAAC,MAA0B;IACjE,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,gBAAgB,CAAC;IACjE,KAAK,CAAC,IAAI,CAAC,GAAG,MAAM,KAAK,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,GAAG,GAAG,CAAC,eAAe,CAAC,CAAC;IAC7E,KAAK,CAAC,IAAI,CAAC,WAAW,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IAEvC,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;QAChB,KAAK,CAAC,IAAI,CAAC,gBAAgB,MAAM,CAAC,IAAI,CAAC,MAAM,QAAQ,CAAC,CAAC;QACvD,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACrB,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;YACrC,KAAK,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,QAAQ,KAAK,IAAI,CAAC,QAAQ,GAAG,CAAC,CAAC;QAC3E,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,gBAAgB,IAAI,MAAM,CAAC,gBAAgB,GAAG,CAAC,EAAE,CAAC;QAC3D,KAAK,CAAC,IAAI,CAAC,4BAA4B,MAAM,CAAC,gBAAgB,EAAE,CAAC,CAAC;IACpE,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
+{"version":3,"file":"dfg-verifier.js","sourceRoot":"","sources":["../../src/analysis/dfg-verifier.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAYH,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AA0C9C;;GAEG;AACH,MAAM,OAAO,WAAW;IACd,KAAK,CAAY;IACjB,UAAU,CAAmB;IAC7B,MAAM,CAA2B;IACjC,cAAc,CAAc;IAEpC,YACE,UAA2B,EAC3B,iBAAgD,EAChD,kBAAsD,EACtD,SAAyB,EAAE;QAE3B,6FAA6F;QAC7F,IAAI,UAAU,YAAY,SAAS,EAAE,CAAC;YACpC,IAAI,CAAC,KAAK,GAAG,UAAU,CAAC;YACxB,IAAI,CAAC,UAAU,GAAG,iBAAqC,CAAC;YACxD,MAAM,GAAG,GAAG,kBAAgD,CAAC;YAC7D,IAAI,CAAC,MAAM,GAAG;gBACZ,QAAQ,EAAE,GAAG,EAAE,QAAQ,IAAI,EAAE;gBAC7B,iBAAiB,EAAE,GAAG,EAAE,iBAAiB,IAAI,KAAK;gBAClD,eAAe,EAAE,GAAG,EAAE,eAAe,IAAI,IAAI;aAC9C,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,2CAA2C;YAC3C,MAAM,GAAG,GAAG,UAAiB,CAAC;YAC9B,MAAM,KAAK,GAAG,iBAA+B,CAAC;YAC9C,MAAM,UAAU,GAAG,kBAAsC,IAAI,EAAE,CAAC;YAChE,IAAI,CAAC,KAAK,GAAG,IAAI,SAAS,CAAC;gBACzB,IAAI,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE;gBACxE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,GAAG;gBACrD,KAAK,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,UAAU,EAAE;gBAC7C,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE;aACvD,CAAC,CAAC;YACH,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;YAC7B,IAAI,CAAC,MAAM,GAAG;gBACZ,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,EAAE;gBAC/B,iBAAiB,EAAE,MAAM,CAAC,iBAAiB,IAAI,KAAK;gBACpD,eAAe,EAAE,MAAM,CAAC,eAAe,IAAI,IAAI;aAChD,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,cAAc,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAClE,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,MAAmB,EAAE,IAAe;QACzC,sCAAsC;QACtC,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAEtD,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO;gBACL,QAAQ,EAAE,KAAK;gBACf,UAAU,EAAE,CAAC;gBACb,MAAM,EAAE,+CAA+C,MAAM,CAAC,IAAI,EAAE;aACrE,CAAC;QACJ,CAAC;QAED,4DAA4D;QAC5D,MAAM,QAAQ,GAAuB,EAAE,CAAC;QAExC,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;YACnC,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;YAC5C,IAAI,IAAI,EAAE,CAAC;gBACT,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtB,CAAC;QACH,CAAC;QAED,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,OAAO;gBACL,QAAQ,EAAE,KAAK;gBACf,UAAU,EAAE,GAAG,EAAG,wCAAwC;gBAC1D,MAAM,EAAE,4CAA4C,MAAM,CAAC,IAAI,mBAAmB,IAAI,CAAC,IAAI,GAAG;aAC/F,CAAC;QACJ,CAAC;QAED,oDAAoD;QACpD,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAE/C,+BAA+B;QAC/B,MAAM,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;QACvD,IAAI,eAAe,EAAE,CAAC;YACpB,OAAO;gBACL,QAAQ,EAAE,KAAK;gBACf,UAAU,EAAE,GAAG;gBACf,MAAM,EAAE,0BAA0B,eAAe,CAAC,IAAI,OAAO,eAAe,CAAC,MAAM,EAAE;gBACrF,IAAI,EAAE,QAAQ;gBACd,gBAAgB,EAAE,QAAQ,CAAC,MAAM,GAAG,CAAC;aACtC,CAAC;QACJ,CAAC;QAED,qDAAqD;QACrD,MAAM,UAAU,GAAG,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC;QAEtD,OAAO;YACL,QAAQ,EAAE,IAAI;YACd,UAAU;YACV,MAAM,EAAE,aAAa,QAAQ,CAAC,MAAM,wBAAwB,MAAM,CAAC,IAAI,YAAY,IAAI,CAAC,IAAI,EAAE;YAC9F,IAAI,EAAE,QAAQ;YACd,gBAAgB,EAAE,QAAQ,CAAC,MAAM,GAAG,CAAC;SACtC,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,QAAQ,CAAC,SAAiB,EAAE,IAAe;QAOjD,MAAM,WAAW,GAAqB;YACpC,KAAK,EAAE,SAAS,CAAC,EAAE;YACnB,QAAQ,EAAE,SAAS,CAAC,QAAQ;YAC5B,IAAI,EAAE,SAAS,CAAC,IAAI;YACpB,IAAI,EAAE,SAAS,CAAC,IAAI;YACpB,QAAQ,EAAE,QAAQ;SACnB,CAAC;QAEF,MAAM,KAAK,GAAkB,CAAC;gBAC5B,GAAG,EAAE,SAAS;gBACd,KAAK,EAAE,CAAC,WAAW,CAAC;gBACpB,OAAO,EAAE,IAAI,GAAG,CAAC,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;aACjC,CAAC,CAAC;QAEH,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,EAAG,CAAC;YAE7B,oBAAoB;YACpB,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;gBAC9C,SAAS;YACX,CAAC;YAED,+CAA+C;YAC/C,IAAI,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,CAAC;gBACtC,OAAO;oBACL,KAAK,EAAE,KAAK,CAAC,KAAK;oBAClB,MAAM,EAAE,KAAK,CAAC,KAAK,CAAC,MAAM;oBAC1B,aAAa,EAAE,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,IAAI,CAAC,CAAC,QAAQ,KAAK,YAAY,CAAC;iBAC9F,CAAC;YACJ,CAAC;YAED,4CAA4C;YAC5C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACnD,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;gBAC3B,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBACrD,IAAI,CAAC,OAAO,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;oBAAE,SAAS;gBAExD,MAAM,IAAI,GAAqB;oBAC7B,KAAK,EAAE,OAAO,CAAC,EAAE;oBACjB,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,QAAQ,EAAE,YAAY;iBACvB,CAAC;gBAEF,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBAC1C,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;gBAE3B,KAAK,CAAC,IAAI,CAAC;oBACT,GAAG,EAAE,OAAO;oBACZ,KAAK,EAAE,CAAC,GAAG,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC;oBAC7B,OAAO,EAAE,UAAU;iBACpB,CAAC,CAAC;YACL,CAAC;YAED,6CAA6C;YAC7C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChD,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;gBACvB,mCAAmC;gBACnC,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;gBAEjD,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;oBAC/B,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;wBAAE,SAAS;oBAE5C,kCAAkC;oBAClC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,eAAe,IAAI,OAAO,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;wBAC7D,SAAS;oBACX,CAAC;oBAED,MAAM,QAAQ,GAAG,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;oBAEtE,MAAM,IAAI,GAAqB;wBAC7B,KAAK,EAAE,OAAO,CAAC,EAAE;wBACjB,QAAQ,EAAE,OAAO,CAAC,QAAQ;wBAC1B,IAAI,EAAE,OAAO,CAAC,IAAI;wBAClB,IAAI,EAAE,OAAO,CAAC,IAAI;wBAClB,QAAQ;qBACT,CAAC;oBAEF,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;oBAC1C,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;oBAE3B,KAAK,CAAC,IAAI,CAAC;wBACT,GAAG,EAAE,OAAO;wBACZ,KAAK,EAAE,CAAC,GAAG,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC;wBAC7B,OAAO,EAAE,UAAU;qBACpB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,mDAAmD;YACnD,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC;iBACvF,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;iBACrC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAE,kBAAkB;YAEnC,KAAK,MAAM,OAAO,IAAI,SAAS,EAAE,CAAC;gBAChC,MAAM,IAAI,GAAqB;oBAC7B,KAAK,EAAE,OAAO,CAAC,EAAE;oBACjB,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,QAAQ,EAAE,YAAY;iBACvB,CAAC;gBAEF,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBAC1C,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;gBAE3B,KAAK,CAAC,IAAI,CAAC;oBACT,GAAG,EAAE,OAAO;oBACZ,KAAK,EAAE,CAAC,GAAG,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC;oBAC7B,OAAO,EAAE,UAAU;iBACpB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACK,WAAW,CAAC,GAAW,EAAE,IAAe;QAC9C,0BAA0B;QAC1B,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACnD,IAAI,GAAG,CAAC,QAAQ,KAAK,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,CAAC,EAAE,EAAE,CAAC;gBAC3D,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,oCAAoC;QACpC,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACrD,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACjC,IAAI,GAAG,CAAC,QAAQ,KAAK,GAAG,CAAC,QAAQ,EAAE,CAAC;oBAClC,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;QACH,CAAC;QAED,mEAAmE;QACnE,IAAI,GAAG,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YAC1B,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YAC/E,sDAAsD;YACtD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC3B,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACK,iBAAiB,CACvB,OAAe,EACf,KAAa,EACb,OAAe;QAEf,6BAA6B;QAC7B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAC9C,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,oDAAoD;YACpD,IAAI,OAAO,CAAC,QAAQ,KAAK,KAAK,CAAC,QAAQ,EAAE,CAAC;gBACxC,OAAO,QAAQ,CAAC;YAClB,CAAC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,yBAAyB;QACzB,IAAI,KAAK,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YAC3B,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,oBAAoB;QACpB,IAAI,OAAO,CAAC,QAAQ,KAAK,KAAK,CAAC,QAAQ,EAAE,CAAC;YACxC,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,OAAO,YAAY,CAAC;IACtB,CAAC;IAED;;OAEG;IACK,cAAc,CAAC,KAAyB;QAC9C,sBAAsB;QACtB,MAAM,WAAW,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC;QACvD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,OAAO,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACpE,CAAC;QAED,kCAAkC;QAClC,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9D,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,IAAsB;QAC5C,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9B,IAAI,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvC,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC;YACjE,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACK,mBAAmB,CAAC,IAAsB;QAChD,IAAI,UAAU,GAAG,GAAG,CAAC,CAAE,oCAAoC;QAE3D,wBAAwB;QACxB,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,UAAU,IAAI,IAAI,CAAC;QACrB,CAAC;QAED,yBAAyB;QACzB,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpB,UAAU,IAAI,IAAI,CAAC;QACrB,CAAC;QACD,IAAI,IAAI,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YACrB,UAAU,IAAI,GAAG,CAAC;QACpB,CAAC;QAED,0BAA0B;QAC1B,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,MAAM,CAAC;QACzE,UAAU,IAAI,UAAU,GAAG,IAAI,CAAC;QAEhC,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC,CAAC;IAClD,CAAC;IAED;;OAEG;IACH,SAAS,CACP,OAAsB,EACtB,KAAkB;QAElB,MAAM,OAAO,GAAG,IAAI,GAAG,EAA8B,CAAC;QAEtD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,MAAM,GAAG,GAAG,GAAG,MAAM,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;gBACzC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YAC3B,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,OAAwC;QAO/C,IAAI,QAAQ,GAAG,CAAC,CAAC;QACjB,IAAI,WAAW,GAAG,CAAC,CAAC;QACpB,IAAI,SAAS,GAAG,CAAC,CAAC;QAClB,IAAI,eAAe,GAAG,CAAC,CAAC;QAExB,KAAK,MAAM,MAAM,IAAI,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;YACtC,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACpB,QAAQ,EAAE,CAAC;gBACX,eAAe,IAAI,MAAM,CAAC,UAAU,CAAC;YACvC,CAAC;iBAAM,IAAI,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC/C,SAAS,EAAE,CAAC;YACd,CAAC;iBAAM,CAAC;gBACN,WAAW,EAAE,CAAC;YAChB,CAAC;QACH,CAAC;QAED,OAAO;YACL,KAAK,EAAE,OAAO,CAAC,IAAI;YACnB,QAAQ;YACR,WAAW;YACX,SAAS;YACT,aAAa,EAAE,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC,eAAe,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;SAC7D,CAAC;IACJ,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAC7B,GAAQ,EACR,KAAiB,EACjB,MAAmB,EACnB,IAAe,EACf,aAA+B,EAAE,EACjC,SAAyB,EAAE;IAE3B,MAAM,QAAQ,GAAG,IAAI,WAAW,CAAC,GAAG,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;IACjE,OAAO,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,wBAAwB,CAAC,MAA0B;IACjE,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,gBAAgB,CAAC;IACjE,KAAK,CAAC,IAAI,CAAC,GAAG,MAAM,KAAK,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,GAAG,GAAG,CAAC,eAAe,CAAC,CAAC;IAC7E,KAAK,CAAC,IAAI,CAAC,WAAW,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IAEvC,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;QAChB,KAAK,CAAC,IAAI,CAAC,gBAAgB,MAAM,CAAC,IAAI,CAAC,MAAM,QAAQ,CAAC,CAAC;QACvD,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACrB,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;YACrC,KAAK,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,QAAQ,KAAK,IAAI,CAAC,QAAQ,GAAG,CAAC,CAAC;QAC3E,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,gBAAgB,IAAI,MAAM,CAAC,gBAAgB,GAAG,CAAC,EAAE,CAAC;QAC3D,KAAK,CAAC,IAAI,CAAC,4BAA4B,MAAM,CAAC,gBAAgB,EAAE,CAAC,CAAC;IACpE,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/dist/analysis/interprocedural.d.ts

@@ -7,6 +7,7 @@
  * - Handles method call chains
  */
 import type { CallInfo, TypeInfo, DFG, TaintSource, TaintSink, TaintSanitizer } from '../types/index.js';
+import { CodeGraph } from '../graph/index.js';
 /**
  * Represents a method in the call graph.
  */
@@ -65,8 +66,11 @@ export interface InterproceduralOptions {
 }
 /**
  * Perform inter-procedural taint analysis.
+ *
+ * Accepts either a CodeGraph (preferred) or the legacy (types, calls, dfg, ...)
+ * signature for backward compatibility.
  */
-export declare function analyzeInterprocedural(types: TypeInfo[], calls: CallInfo[], dfg: DFG, sources: TaintSource[], sinks: TaintSink[], sanitizers: TaintSanitizer[], options?: InterproceduralOptions): InterproceduralResult;
+export declare function analyzeInterprocedural(graphOrTypes: CodeGraph | TypeInfo[], callsOrSources: CallInfo[] | TaintSource[], dfgOrSinks: DFG | TaintSink[], sourcesOrSanitizers: TaintSource[] | TaintSanitizer[], sinksOrOptions?: TaintSink[] | InterproceduralOptions, sanitizersArg?: TaintSanitizer[], optionsArg?: InterproceduralOptions): InterproceduralResult;
 /**
  * Get summary of inter-procedural analysis.
  */

package/dist/analysis/interprocedural.js

@@ -6,10 +6,45 @@
  * - Tracks taint through return values
  * - Handles method call chains
  */
+import { CodeGraph } from '../graph/index.js';
 /**
  * Perform inter-procedural taint analysis.
+ *
+ * Accepts either a CodeGraph (preferred) or the legacy (types, calls, dfg, ...)
+ * signature for backward compatibility.
  */
-export function analyzeInterprocedural(types, calls, dfg, sources, sinks, sanitizers, options = {}) {
+export function analyzeInterprocedural(graphOrTypes, callsOrSources, dfgOrSinks, sourcesOrSanitizers, sinksOrOptions, sanitizersArg, optionsArg = {}) {
+    let graph;
+    let sources;
+    let sinks;
+    let sanitizers;
+    let options;
+    if (graphOrTypes instanceof CodeGraph) {
+        // New signature: (graph, sources, sinks, sanitizers, options?)
+        graph = graphOrTypes;
+        sources = callsOrSources;
+        sinks = dfgOrSinks;
+        sanitizers = sourcesOrSanitizers;
+        options = sinksOrOptions ?? {};
+    }
+    else {
+        // Legacy: (types, calls, dfg, sources, sinks, sanitizers, options?)
+        const types = graphOrTypes;
+        const calls = callsOrSources;
+        const dfg = dfgOrSinks;
+        sources = sourcesOrSanitizers;
+        sinks = sinksOrOptions ?? [];
+        sanitizers = sanitizersArg ?? [];
+        options = optionsArg;
+        graph = new CodeGraph({
+            meta: { circle_ir: '3.0', file: '', language: 'java', loc: 0, hash: '' },
+            types, calls, cfg: { blocks: [], edges: [] }, dfg,
+            taint: { sources: [], sinks: [], sanitizers },
+            imports: [], exports: [], unresolved: [], enriched: {},
+        });
+    }
+    const types = graph.ir.types;
+    const calls = graph.ir.calls;
     // Build method nodes from type information
     const methodNodes = buildMethodNodes(types);
     // Build call graph edges with receiver type resolution
@@ -25,8 +60,14 @@ export function analyzeInterprocedural(types, calls, dfg, sources, sinks, saniti
             taintedMethods.add(fqn);
         }
     }
-    // Build taint map from DFG
-    const taintedDefIds = buildTaintedDefIds(dfg, sources);
+    // Build taint map from DFG via CodeGraph (eliminates O(N) scan per source)
+    const seedIds = new Set();
+    for (const source of sources) {
+        for (const def of graph.defsAtLine(source.line)) {
+            seedIds.add(def.id);
+        }
+    }
+    const taintedDefIds = graph.propagateTaintedDefIds(seedIds);
     // Get tainted variables from constant propagation (tracks collections with tainted elements)
     const taintedVarsFromCP = options.taintedVariables ?? new Set();
     // Analyze each call to propagate taint
@@ -82,8 +123,8 @@ export function analyzeInterprocedural(types, calls, dfg, sources, sinks, saniti
         const taintedArgVars = [];
         for (const arg of call.arguments) {
             if (arg.variable) {
-                // Check 1: DFG-based taint tracking
-                const use = findUseAtLine(dfg, arg.variable, call.location.line);
+                // Check 1: DFG-based taint tracking (indexed lookup, no O(N) scan)
+                const use = graph.usesAtLine(call.location.line).find(u => u.variable === arg.variable) ?? null;
                 const isTaintedByDFG = use && use.def_id !== null && taintedDefIds.has(use.def_id);
                 // Check 2: Constant propagation taint tracking (for collections with tainted elements)
                 const isTaintedByCP = taintedVarsFromCP.has(arg.variable);
@@ -145,9 +186,9 @@ export function analyzeInterprocedural(types, calls, dfg, sources, sinks, saniti
         }
     }
     // Propagate taint through return values
-    propagateReturnTaint(types, dfg, taintedDefIds, taintedReturns, taintedMethods, methodNodes);
+    propagateReturnTaint(types, graph, taintedDefIds, taintedReturns, taintedMethods, methodNodes);
     // Iteratively propagate taint through call chains
-    propagateThroughCallChains(callEdges, methodNodes, taintedMethods, taintedReturns, dfg, taintedDefIds);
+    propagateThroughCallChains(callEdges, methodNodes, taintedMethods, taintedReturns, graph, taintedDefIds);
     return {
         methodNodes: methodNodes.byFqn,
         callEdges,
@@ -280,47 +321,6 @@ function buildCallEdges(calls, methodNodes, types) {
     }
     return edges;
 }
-/**
- * Build set of tainted definition IDs from sources.
- */
-function buildTaintedDefIds(dfg, sources) {
-    const taintedDefIds = new Set();
-    // Find definitions on source lines
-    // Only mark defs on the EXACT source line as tainted
-    // (The previous +1 heuristic incorrectly marked unrelated defs as tainted)
-    for (const source of sources) {
-        for (const def of dfg.defs) {
-            if (def.line === source.line) {
-                taintedDefIds.add(def.id);
-            }
-        }
-    }
-    // Propagate through chains
-    if (dfg.chains) {
-        let changed = true;
-        while (changed) {
-            changed = false;
-            for (const chain of dfg.chains) {
-                if (taintedDefIds.has(chain.from_def) && !taintedDefIds.has(chain.to_def)) {
-                    taintedDefIds.add(chain.to_def);
-                    changed = true;
-                }
-            }
-        }
-    }
-    return taintedDefIds;
-}
-/**
- * Find a use at a specific line.
- */
-function findUseAtLine(dfg, variable, line) {
-    for (const use of dfg.uses) {
-        if (use.variable === variable && use.line === line) {
-            return use;
-        }
-    }
-    return null;
-}
 /**
  * Find the method containing a specific line.
  * Returns method info along with class and package context.
@@ -344,17 +344,17 @@ function findMethodAtLine(types, line) {
  * Propagate taint through return values.
  * Tracks which parameters flow to the return value for precise taint mapping.
  */
-function propagateReturnTaint(types, dfg, taintedDefIds, taintedReturns, taintedMethods, methodNodes) {
+function propagateReturnTaint(types, graph, taintedDefIds, taintedReturns, taintedMethods, methodNodes) {
     // Find return statements that return tainted values
-    const returnDefs = dfg.defs.filter(d => d.kind === 'return');
+    const returnDefs = graph.ir.dfg.defs.filter(d => d.kind === 'return');
     for (const returnDef of returnDefs) {
         // Find the method this return is in
         const methodCtx = findMethodAtLine(types, returnDef.line);
         if (!methodCtx)
             continue;
         const fqn = buildMethodFQN(methodCtx.packageName, methodCtx.className, methodCtx.methodName);
-        // Find uses on the same line (the returned value)
-        const usesOnLine = dfg.uses.filter(u => u.line === returnDef.line);
+        // Find uses on the same line (the returned value) — indexed lookup
+        const usesOnLine = graph.usesAtLine(returnDef.line);
         for (const use of usesOnLine) {
             if (use.def_id !== null && taintedDefIds.has(use.def_id)) {
                 // This method returns a tainted value
@@ -383,7 +383,7 @@ function propagateReturnTaint(types, dfg, taintedDefIds, taintedReturns, tainted
 /**
  * Propagate taint through call chains iteratively.
  */
-function propagateThroughCallChains(callEdges, methodNodes, taintedMethods, taintedReturns, dfg, taintedDefIds) {
+function propagateThroughCallChains(callEdges, methodNodes, taintedMethods, taintedReturns, graph, taintedDefIds) {
     // Build reverse call graph (callee -> callers)
     const callersOf = new Map();
     for (const edge of callEdges) {
@@ -404,9 +404,9 @@ function propagateThroughCallChains(callEdges, methodNodes, taintedMethods, tain
             const callers = callersOf.get(methodName) ?? [];
             for (const edge of callers) {
                 // The call site now produces tainted data
-                // Find definitions at the call line (the variable receiving the return value)
-                for (const def of dfg.defs) {
-                    if (def.line === edge.callLine && !taintedDefIds.has(def.id)) {
+                // Use indexed lookup instead of O(N) scan through all defs
+                for (const def of graph.defsAtLine(edge.callLine)) {
+                    if (!taintedDefIds.has(def.id)) {
                         taintedDefIds.add(def.id);
                         changed = true;
                         // Mark the caller method as tainted
@@ -417,10 +417,12 @@ function propagateThroughCallChains(callEdges, methodNodes, taintedMethods, tain
                 }
             }
         }
-        // Propagate through chains again
-        if (dfg.chains) {
-            for (const chain of dfg.chains) {
-                if (taintedDefIds.has(chain.from_def) && !taintedDefIds.has(chain.to_def)) {
+        // Propagate through chains using indexed adjacency list
+        for (const [fromDef, chains] of graph.chainsByFromDef) {
+            if (!taintedDefIds.has(fromDef))
+                continue;
+            for (const chain of chains) {
+                if (!taintedDefIds.has(chain.to_def)) {
                     taintedDefIds.add(chain.to_def);
                     changed = true;
                 }