From 63b0dd68c9913be57febbc3b7e7e9d5fa0709d48 Mon Sep 17 00:00:00 2001
From: Mathias Vorreiter Pedersen <mapeder@microsoft.com>
Date: Fri, 25 Apr 2025 12:18:42 +0100
Subject: [PATCH 1/4] C++: Add a test with missing summaries.

---
 .../dataflow/modelgenerator/dataflow/summaries.cpp     | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/summaries.cpp b/cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/summaries.cpp
index 8b6da3e8ac57..f3c045fb339d 100644
--- a/cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/summaries.cpp
+++ b/cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/summaries.cpp
@@ -198,4 +198,14 @@ int get_x_from_union(U* u) {
 //contentbased-summary=;;true;set_x_in_union;(U *,int);;Argument[1];Argument[*0].Union[*U];value;dfc-generated
 void set_x_in_union(U* u, int x) {
     u->x = x;
+}
+
+struct HasInt {
+    int x;
+};
+
+
+int copy_struct(HasInt *out, const HasInt *in) {
+    *out = *in;
+    return 1;
 }
\ No newline at end of file

From 2f265395af0d8994081037f2e783e4266bdad196 Mon Sep 17 00:00:00 2001
From: Mathias Vorreiter Pedersen <mapeder@microsoft.com>
Date: Fri, 25 Apr 2025 12:19:25 +0100
Subject: [PATCH 2/4] C++: Add missing predicate to grab the parameter position
 of a return kind.

---
 .../src/utils/modelgenerator/internal/CaptureModels.qll   | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/cpp/ql/src/utils/modelgenerator/internal/CaptureModels.qll b/cpp/ql/src/utils/modelgenerator/internal/CaptureModels.qll
index e6bbfe1e5c9a..58acfa011186 100644
--- a/cpp/ql/src/utils/modelgenerator/internal/CaptureModels.qll
+++ b/cpp/ql/src/utils/modelgenerator/internal/CaptureModels.qll
@@ -295,6 +295,14 @@ module ModelGeneratorInput implements ModelGeneratorInputSig<Location, CppDataFl
     result = qualifierString()
   }
 
+  DataFlowPrivate::ParameterPosition getReturnKindParamPosition(DataFlowPrivate::ReturnKind k) {
+    exists(int argumentIndex, int indirectionIndex |
+      k.isIndirectReturn(argumentIndex) and
+      k.getIndirectionIndex() = indirectionIndex and
+      result = DataFlowPrivate::TIndirectionPosition(argumentIndex, indirectionIndex)
+    )
+  }
+
   string getReturnValueString(DataFlowPrivate::ReturnKind k) {
     k.isNormalReturn() and
     exists(int indirectionIndex | indirectionIndex = k.getIndirectionIndex() |

From 79c03100f890eac87059acc872718d56fa46cb3e Mon Sep 17 00:00:00 2001
From: Mathias Vorreiter Pedersen <mapeder@microsoft.com>
Date: Fri, 25 Apr 2025 12:29:38 +0100
Subject: [PATCH 3/4] C++: Accept test changes.

---
 .../dataflow/modelgenerator/dataflow/summaries.cpp       | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/summaries.cpp b/cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/summaries.cpp
index f3c045fb339d..ffd4956215ae 100644
--- a/cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/summaries.cpp
+++ b/cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/summaries.cpp
@@ -131,6 +131,8 @@ namespace Models {
 
 //summary=;;true;toplevel_function;(int *);;Argument[0];ReturnValue;taint;df-generated
 //summary=;;true;toplevel_function;(int *);;Argument[*0];ReturnValue;taint;df-generated
+//summary=;;true;toplevel_function;(int *);;Argument[0];Argument[*0];taint;df-generated
+//contentbased-summary=;;true;toplevel_function;(int *);;Argument[0];Argument[*0];taint;dfc-generated
 //contentbased-summary=;;true;toplevel_function;(int *);;Argument[0];ReturnValue;taint;dfc-generated
 //contentbased-summary=;;true;toplevel_function;(int *);;Argument[*0];ReturnValue;value;dfc-generated
 int toplevel_function(int* p) {
@@ -204,7 +206,12 @@ struct HasInt {
     int x;
 };
 
-
+//contentbased-summary=;;true;copy_struct;(HasInt *,const HasInt *);;Argument[1];Argument[*0];taint;dfc-generated
+//contentbased-summary=;;true;copy_struct;(HasInt *,const HasInt *);;Argument[1];Argument[*1];taint;dfc-generated
+//contentbased-summary=;;true;copy_struct;(HasInt *,const HasInt *);;Argument[*1];Argument[*0];value;dfc-generated
+//summary=;;true;copy_struct;(HasInt *,const HasInt *);;Argument[1];Argument[*0];taint;df-generated
+//summary=;;true;copy_struct;(HasInt *,const HasInt *);;Argument[1];Argument[*1];taint;df-generated
+//summary=;;true;copy_struct;(HasInt *,const HasInt *);;Argument[*1];Argument[*0];taint;df-generated
 int copy_struct(HasInt *out, const HasInt *in) {
     *out = *in;
     return 1;

From e942ec9964a0b73ff2814eb4becee477bba3b185 Mon Sep 17 00:00:00 2001
From: Mathias Vorreiter Pedersen <mathiasvp@github.com>
Date: Mon, 28 Apr 2025 10:39:11 +0100
Subject: [PATCH 4/4] C++: Fix annotations after #19311.

---
 .../dataflow/modelgenerator/dataflow/summaries.cpp   | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/summaries.cpp b/cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/summaries.cpp
index 50e94d95c8b6..74869a69994e 100644
--- a/cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/summaries.cpp
+++ b/cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/summaries.cpp
@@ -129,9 +129,9 @@ namespace Models {
     }
 }
 
-//summary=;;true;toplevel_function;(int *);;Argument[0];ReturnValue;taint;df-generated
-//summary=;;true;toplevel_function;(int *);;Argument[*0];ReturnValue;taint;df-generated
-//summary=;;true;toplevel_function;(int *);;Argument[0];Argument[*0];taint;df-generated
+//heuristic-summary=;;true;toplevel_function;(int *);;Argument[0];ReturnValue;taint;df-generated
+//heuristic-summary=;;true;toplevel_function;(int *);;Argument[*0];ReturnValue;taint;df-generated
+//heuristic-summary=;;true;toplevel_function;(int *);;Argument[0];Argument[*0];taint;df-generated
 //contentbased-summary=;;true;toplevel_function;(int *);;Argument[0];Argument[*0];taint;dfc-generated
 //contentbased-summary=;;true;toplevel_function;(int *);;Argument[0];ReturnValue;taint;dfc-generated
 //contentbased-summary=;;true;toplevel_function;(int *);;Argument[*0];ReturnValue;value;dfc-generated
@@ -209,9 +209,9 @@ struct HasInt {
 //contentbased-summary=;;true;copy_struct;(HasInt *,const HasInt *);;Argument[1];Argument[*0];taint;dfc-generated
 //contentbased-summary=;;true;copy_struct;(HasInt *,const HasInt *);;Argument[1];Argument[*1];taint;dfc-generated
 //contentbased-summary=;;true;copy_struct;(HasInt *,const HasInt *);;Argument[*1];Argument[*0];value;dfc-generated
-//summary=;;true;copy_struct;(HasInt *,const HasInt *);;Argument[1];Argument[*0];taint;df-generated
-//summary=;;true;copy_struct;(HasInt *,const HasInt *);;Argument[1];Argument[*1];taint;df-generated
-//summary=;;true;copy_struct;(HasInt *,const HasInt *);;Argument[*1];Argument[*0];taint;df-generated
+//heuristic-summary=;;true;copy_struct;(HasInt *,const HasInt *);;Argument[1];Argument[*0];taint;df-generated
+//heuristic-summary=;;true;copy_struct;(HasInt *,const HasInt *);;Argument[1];Argument[*1];taint;df-generated
+//heuristic-summary=;;true;copy_struct;(HasInt *,const HasInt *);;Argument[*1];Argument[*0];taint;df-generated
 int copy_struct(HasInt *out, const HasInt *in) {
     *out = *in;
     return 1;