Add ranked "and N more" reporting module

[Copilot]

Queries that report multiple related entities per finding (fields, parameters, call sites, etc.) have no standard way to cap result noise while communicating how many were omitted. This adds a reusable LimitResults module to handle that pattern.

New module: src/qtil/results/LimitResults.qll

• LimitResultsConfigSig<Finding, Entity> — signature to implement (both types must have toString()):
  • problem/2 — finding-to-entity relationship
  • message/3 — message template; receives remaining (e.g. " (and 2 more)" or "")
  • default placeholderString/1 — display string for an entity; defaults to entity.toString()
  • default orderBy/1 — ascending sort key for entities; defaults to placeholderString(entity), allowing ordering to be overridden independently of the display string
  • default maxResults/0 — cap per finding; defaults to 3
  • default andMoreText/1 — customisable "and N more" suffix text; defaults to " (and N more)"
• LimitResults<Finding, Entity, Config> — exposes:
  • query predicate problems(finding, msg, entity, entityStr): the primary query entry point; ranks entities per finding by orderBy(), reports the top maxResults(), appends andMoreText(n) when capped, and sets entityStr to placeholderString(entity)
  • hasLimitedResult(finding, entity, message): underlying predicate for advanced use

Usage

Only problem and message must be implemented — all other predicates have sensible defaults. Instantiating the module is all that's needed; Results::problems is automatically part of the query output with no from/where/select boilerplate:

module MyConfig implements LimitResultsConfigSig<IncompleteInitialization, Field> {
  predicate problem(IncompleteInitialization init, Field f) { f = init.getField() }

  bindingset[remaining]
  string message(IncompleteInitialization init, Field f, string remaining) {
    result = init.getKindStr() + " does not initialize non-static data member $@" + remaining + "."
  }
}

module Results = LimitResults<IncompleteInitialization, Field, MyConfig>;
// Results::problems is automatically part of the query output.

LimitResults is exported via Qtil.qll and documented in README.md.

---

⌨️ Start Copilot coding agent tasks without leaving your editor — available in VS Code, Visual Studio, JetBrains IDEs and Eclipse.

[MichaelRFairhurst]

This code:

from IncompleteInitialization init, Field f, string message
where Results::hasLimitedResult(init, f, message)
select init, message, f, f.getName()

should not be necessary. It should automatically declared by means of a query predicate

module LimitResults<...> {
  ....
  query predicate problems(T1 t1, string msg, T2 t2, string t2str) {
     hasLimitedResult(t1, t2, msg) and
     t2str = t2.toString()
   }
 }

Add default predicates for ease of use, such as the following:

signature module ... {
  default int maxResults() { result = 3 }
  default string placeholderString(T2 t2) { result = t2.toString() }
}

allowing for users to override maxResults but they do not have to declare it.

Consider ordering by placeholderString.

[MichaelRFairhurst]

See previous comment

[Copilot]

This code:

...

Done in ba7bd9d:

• Added query predicate problems(Finding finding, string msg, Entity entity, string entityStr) — instantiating module Results = LimitResults<...> is all that's needed; no from/where/select boilerplate.
• Replaced orderBy with default string placeholderString(Entity entity) { result = entity.toString() } — doubles as both the ordering key and the entityStr in problems.
• Added default int maxResults() { result = 3 }.
• Both Finding and Entity are now FiniteStringableType (required by CodeQL for query predicate arguments).

[MichaelRFairhurst]

Add documentation to README.md

[MichaelRFairhurst]

documentation error: should be "Finding " + finding.getName() + " has entity $@" + remaining + "."

[Copilot]

Fixed in d58a5a0 — the example now uses "Finding " + finding.getName() + " has entity $@" + remaining + ".".

[MichaelRFairhurst]

Delete this code block, the above paragraph covers it already.

[Copilot]

Removed in d58a5a0.

[MichaelRFairhurst]

Make "also used as the ordering key (ascending)" the default behavior.

E.g., add a new default string orderBy(Entity e) { result = getPlaceholderString(e) }.

[Copilot]

Done in d58a5a0 — added default string orderBy(Entity entity) { result = placeholderString(entity) } to the signature. The ranking now uses Config::orderBy(e), keeping placeholderString as purely the display string. Users can override orderBy independently.

[MichaelRFairhurst]

Add a default string andMoreText(int total) predicate

[Copilot]

Done in d58a5a0 — added bindingset[n] default string andMoreText(int n) { result = " (and " + n + " more)" } to the signature. The hasLimitedResult predicate now calls Config::andMoreText(total - Config::maxResults()) for the suffix.

[MichaelRFairhurst]

In this case, we shouldn't use unit tests and should use a query test.

Simply import LimitResults and then expect

| BugA | "finding 1 for Bug A" | ....... |
| BugA | "finding 2 for Bug A" | .........
... etc

[Copilot]

Converted in d58a5a0. The test now just implements problem and message, instantiates the module, and re-exports Results::problems as a top-level query predicate. The .expected file contains the tabular rows directly.

[MichaelRFairhurst]

delete this .gitignore

[Copilot]

Deleted in d58a5a0.

[Copilot]

Add documentation to README.md

Added in d58a5a0 — LimitResults is documented in README.md under the Query Formatting section with a usage example and description of the defaults.