github
diff --git a/‎csharp/ql/integration-tests/posix/query-suite/csharp-code-quality.qls.expected
Lines changed: 2 additions & 0 deletions b/‎csharp/ql/integration-tests/posix/query-suite/csharp-code-quality.qls.expected
Lines changed: 2 additions & 0 deletions
diff --git a/‎csharp/ql/lib/semmle/code/csharp/dataflow/Nullness.qll
Lines changed: 7 additions & 2 deletions b/‎csharp/ql/lib/semmle/code/csharp/dataflow/Nullness.qll
Lines changed: 7 additions & 2 deletions
diff --git a/‎csharp/ql/lib/semmle/code/csharp/frameworks/system/Diagnostics.qll
Lines changed: 1 addition & 3 deletions b/‎csharp/ql/lib/semmle/code/csharp/frameworks/system/Diagnostics.qll
Lines changed: 1 addition & 3 deletions
diff --git a/‎csharp/ql/src/CSI/NullAlways.ql
Lines changed: 1 addition & 0 deletions b/‎csharp/ql/src/CSI/NullAlways.ql
Lines changed: 1 addition & 0 deletions
diff --git a/‎csharp/ql/src/CSI/NullMaybe.ql
Lines changed: 1 addition & 0 deletions b/‎csharp/ql/src/CSI/NullMaybe.ql
Lines changed: 1 addition & 0 deletions
diff --git a/‎csharp/ql/src/change-notes/2025-06-03-dereferece-extension-method.md
Lines changed: 4 additions & 0 deletions b/‎csharp/ql/src/change-notes/2025-06-03-dereferece-extension-method.md
Lines changed: 4 additions & 0 deletions
diff --git a/‎csharp/ql/test/query-tests/Nullness/A.cs
Lines changed: 7 additions & 7 deletions b/‎csharp/ql/test/query-tests/Nullness/A.cs
Lines changed: 7 additions & 7 deletions
diff --git a/‎csharp/ql/test/query-tests/Nullness/Assert.cs
Lines changed: 5 additions & 5 deletions b/‎csharp/ql/test/query-tests/Nullness/Assert.cs
Lines changed: 5 additions & 5 deletions
diff --git a/‎csharp/ql/test/query-tests/Nullness/B.cs
Lines changed: 2 additions & 2 deletions b/‎csharp/ql/test/query-tests/Nullness/B.cs
Lines changed: 2 additions & 2 deletions
diff --git a/‎csharp/ql/test/query-tests/Nullness/C.cs
Lines changed: 29 additions & 29 deletions b/‎csharp/ql/test/query-tests/Nullness/C.cs
Lines changed: 29 additions & 29 deletions
@@ -2,6 +2,8 @@ ql/csharp/ql/src/API Abuse/CallToGCCollect.ql
 ql/csharp/ql/src/API Abuse/FormatInvalid.ql
 ql/csharp/ql/src/API Abuse/NoDisposeCallOnLocalIDisposable.ql
 ql/csharp/ql/src/Bad Practices/Control-Flow/ConstantCondition.ql
+ql/csharp/ql/src/CSI/NullAlways.ql
+ql/csharp/ql/src/CSI/NullMaybe.ql
 ql/csharp/ql/src/Dead Code/DeadStoreOfLocal.ql
 ql/csharp/ql/src/Language Abuse/MissedReadonlyOpportunity.ql
 ql/csharp/ql/src/Likely Bugs/Collections/ContainerLengthCmpOffByOne.ql
 
@@ -544,8 +544,13 @@ class Dereference extends G::DereferenceableExpr {
         p.hasExtensionMethodModifier() and
         not emc.isConditional()
       |
-        p.fromSource() // assume all non-source extension methods perform a dereference
-        implies
+        // Assume all non-source extension methods on
+        // (1) nullable types are null-safe
+        // (2) non-nullable types are doing a dereference.
+        p.fromLibrary() and
+        not p.getAnnotatedType().isNullableRefType()
+        or
+        p.fromSource() and
         exists(
           Ssa::ImplicitParameterDefinition def,
           AssignableDefinitions::ImplicitParameterDefinition pdef
 
@@ -41,9 +41,7 @@ class SystemDiagnosticsDebugClass extends SystemDiagnosticsClass {
   /** Gets an `Assert(bool, ...)` method. */
   Method getAssertMethod() {
     result.getDeclaringType() = this and
-    result.hasName("Assert") and
-    result.getParameter(0).getType() instanceof BoolType and
-    result.getReturnType() instanceof VoidType
+    result.hasName("Assert")
   }
 }
 
 
@@ -9,6 +9,7 @@
  *       correctness
  *       exceptions
  *       external/cwe/cwe-476
+ *       quality
  */
 
 import csharp
 
@@ -10,6 +10,7 @@
  *       correctness
  *       exceptions
  *       external/cwe/cwe-476
+ *       quality
  */
 
 import csharp
 
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The queries `cs/dereferenced-value-is-always-null` and `cs/dereferenced-value-may-be-null` have been improved to reduce false positives. The queries no longer assume that expressions are dereferenced when passed as the receiver (`this` parameter) to extension methods where that parameter is a nullable type.
@@ -5,7 +5,7 @@ class A
     public void Lock()
     {
         object synchronizedAlways = null;
-        lock (synchronizedAlways) // BAD (always)
+        lock (synchronizedAlways) // $ Alert[cs/dereferenced-value-is-always-null]
         {
             synchronizedAlways.GetHashCode(); // GOOD
         }
@@ -14,7 +14,7 @@ public void Lock()
     public void ArrayAssignTest()
     {
         int[] arrayNull = null;
-        arrayNull[0] = 10; // BAD (always)
+        arrayNull[0] = 10; // $ Alert[cs/dereferenced-value-is-always-null]
 
         int[] arrayOk;
         arrayOk = new int[10];
@@ -28,10 +28,10 @@ public void Access()
         object methodAccess = null;
         object methodCall = null;
 
-        Console.WriteLine(arrayAccess[1]); // BAD (always)
-        Console.WriteLine(fieldAccess.Length); // BAD (always)
-        Func<String> tmp = methodAccess.ToString; // BAD (always)
-        Console.WriteLine(methodCall.ToString()); // BAD (always)
+        Console.WriteLine(arrayAccess[1]); // $ Alert[cs/dereferenced-value-is-always-null]
+        Console.WriteLine(fieldAccess.Length); // $ Alert[cs/dereferenced-value-is-always-null]
+        Func<String> tmp = methodAccess.ToString; // $ Alert[cs/dereferenced-value-is-always-null]
+        Console.WriteLine(methodCall.ToString()); // $ Alert[cs/dereferenced-value-is-always-null]
 
         Console.WriteLine(arrayAccess[1]); // GOOD
         Console.WriteLine(fieldAccess.Length); // GOOD
@@ -47,7 +47,7 @@ public void OutOrRef()
 
         object varRef = null;
         TestMethod2(ref varRef);
-        varRef.ToString(); // BAD (always)
+        varRef.ToString(); // $ Alert[cs/dereferenced-value-is-always-null]
 
         varRef = null;
         TestMethod3(ref varRef);
 
@@ -12,23 +12,23 @@ void Fn(bool b)
 
         s = b ? null : "";
         Assert.IsNull(s);
-        Console.WriteLine(s.Length); // BAD (always)
+        Console.WriteLine(s.Length); // $ Alert[cs/dereferenced-value-is-always-null]
 
         s = b ? null : "";
         Assert.IsNotNull(s);
         Console.WriteLine(s.Length); // GOOD
 
         s = b ? null : "";
         Assert.IsTrue(s == null);
-        Console.WriteLine(s.Length); // BAD (always)
+        Console.WriteLine(s.Length); // $ Alert[cs/dereferenced-value-is-always-null]
 
         s = b ? null : "";
         Assert.IsTrue(s != null);
         Console.WriteLine(s.Length); // GOOD
 
         s = b ? null : "";
         Assert.IsFalse(s != null);
-        Console.WriteLine(s.Length); // BAD (always)
+        Console.WriteLine(s.Length); // $ Alert[cs/dereferenced-value-is-always-null]
 
         s = b ? null : "";
         Assert.IsFalse(s == null);
@@ -44,10 +44,10 @@ void Fn(bool b)
 
         s = b ? null : "";
         Assert.IsTrue(s == null && b);
-        Console.WriteLine(s.Length); // BAD (always)
+        Console.WriteLine(s.Length); // $ Alert[cs/dereferenced-value-is-always-null]
 
         s = b ? null : "";
         Assert.IsFalse(s != null || !b);
-        Console.WriteLine(s.Length); // BAD (always)
+        Console.WriteLine(s.Length); // $ Alert[cs/dereferenced-value-is-always-null]
     }
 }
@@ -10,7 +10,7 @@ public void OperatorCall()
         B neqCallAlways = null;
 
         if (eqCallAlways == null)
-            eqCallAlways.ToString(); // BAD (always)
+            eqCallAlways.ToString(); // $ Alert[cs/dereferenced-value-is-always-null]
 
         if (b2 != null)
             b2.ToString(); // GOOD
@@ -21,7 +21,7 @@ public void OperatorCall()
 
         if (neqCallAlways != null) { }
         else
-            neqCallAlways.ToString(); // BAD (always)
+            neqCallAlways.ToString(); // $ Alert[cs/dereferenced-value-is-always-null]
     }
 
     public static bool operator ==(B b1, B b2)
 
@@ -15,7 +15,7 @@ public void NotTest()
 
         if (!(o != null))
         {
-            o.GetHashCode(); // BAD (always)
+            o.GetHashCode(); // $ Alert[cs/dereferenced-value-is-always-null]
         }
     }
 
@@ -39,7 +39,7 @@ public void AssertTest()
     {
         var s = Maybe() ? null : "";
         Debug.Assert(s == null);
-        s.ToString(); // BAD (always)
+        s.ToString(); // $ Alert[cs/dereferenced-value-is-always-null]
 
         s = Maybe() ? null : "";
         Debug.Assert(s != null);
@@ -50,22 +50,22 @@ public void AssertNullTest()
     {
         var o1 = new object();
         AssertNull(o1);
-        o1.ToString(); // BAD (always) (false negative)
+        o1.ToString(); // $ MISSING: Alert[cs/dereferenced-value-is-always-null]
 
         var o2 = Maybe() ? null : "";
         Assert.IsNull(o2);
-        o2.ToString(); // BAD (always)
+        o2.ToString(); // $ Alert[cs/dereferenced-value-is-always-null]
     }
 
     public void AssertNotNullTest()
     {
-        var o1 = Maybe() ? null : new object();
+        var o1 = Maybe() ? null : new object(); // $ Source[cs/dereferenced-value-may-be-null]
         AssertNonNull(o1);
-        o1.ToString(); // GOOD (false positive)
+        o1.ToString(); // $ SPURIOUS (false positive): Alert[cs/dereferenced-value-may-be-null]
 
-        var o2 = Maybe() ? null : new object();
+        var o2 = Maybe() ? null : new object(); // $ Source[cs/dereferenced-value-may-be-null]
         AssertNonNull(o1);
-        o2.ToString(); // BAD (maybe)
+        o2.ToString(); // $ Alert[cs/dereferenced-value-may-be-null]
 
         var o3 = Maybe() ? null : new object();
         Assert.IsNotNull(o3);
@@ -91,16 +91,16 @@ public void InstanceOf()
 
     public void Lock()
     {
-        var o = Maybe() ? null : new object();
-        lock (o) // BAD (maybe)
+        var o = Maybe() ? null : new object(); // $ Source[cs/dereferenced-value-may-be-null]
+        lock (o) // $ Alert[cs/dereferenced-value-may-be-null]
             o.ToString(); // GOOD
     }
 
     public void Foreach(IEnumerable<int> list)
     {
         if (Maybe())
-            list = null;
-        foreach (var x in list) // BAD (maybe)
+            list = null; // $ Source[cs/dereferenced-value-may-be-null]
+        foreach (var x in list) // $ Alert[cs/dereferenced-value-may-be-null]
         {
             x.ToString(); // GOOD
             list.ToString(); // GOOD
@@ -159,23 +159,23 @@ public void DoWhile()
         s = null;
         do
         {
-            s.ToString(); // BAD (always)
+            s.ToString(); // $ Alert[cs/dereferenced-value-is-always-null]
             s = null;
         }
         while (s != null);
 
         s = null;
         do
         {
-            s.ToString(); // BAD (always)
+            s.ToString(); // $ Alert[cs/dereferenced-value-is-always-null]
         }
         while (s != null);
 
         s = "";
         do
         {
-            s.ToString(); // BAD (maybe)
-            s = null;
+            s.ToString(); // $ Alert[cs/dereferenced-value-may-be-null]
+            s = null; // $ Source[cs/dereferenced-value-may-be-null]
         }
         while (true);
     }
@@ -193,15 +193,15 @@ public void While()
         s = null;
         while (b)
         {
-            s.ToString(); // BAD (always)
+            s.ToString(); // $ Alert[cs/dereferenced-value-is-always-null]
             s = null;
         }
 
         s = "";
         while (true)
         {
-            s.ToString(); // BAD (maybe)
-            s = null;
+            s.ToString(); // $ Alert[cs/dereferenced-value-may-be-null]
+            s = null; // $ Source[cs/dereferenced-value-may-be-null]
         }
     }
 
@@ -215,12 +215,12 @@ public void If()
         }
 
         if (s == null)
-            s.ToString(); // BAD (always)
+            s.ToString(); // $ Alert[cs/dereferenced-value-is-always-null]
 
         s = "";
         if (s != null && s.Length % 2 == 0)
-            s = null;
-        s.ToString(); // BAD (maybe)
+            s = null; // $ Source[cs/dereferenced-value-may-be-null]
+        s.ToString(); // $ Alert[cs/dereferenced-value-may-be-null]
     }
 
     public void For()
@@ -230,23 +230,23 @@ public void For()
         {
             s.ToString(); // GOOD
         }
-        s.ToString(); // BAD (always)
+        s.ToString(); // $ Alert[cs/dereferenced-value-is-always-null]
 
         for (s = null; s == null; s = null)
         {
-            s.ToString(); // BAD (always)
+            s.ToString(); // $ Alert[cs/dereferenced-value-is-always-null]
         }
 
-        for (s = ""; ; s = null)
+        for (s = ""; ; s = null) // $ Source[cs/dereferenced-value-may-be-null]
         {
-            s.ToString(); // BAD (maybe)
+            s.ToString(); // $ Alert[cs/dereferenced-value-may-be-null]
         }
     }
 
     public void ArrayAssignTest()
     {
         int[] a = null;
-        a[0] = 10; // BAD (always)
+        a[0] = 10; // $ Alert[cs/dereferenced-value-is-always-null]
 
         a = new int[10];
         a[0] = 42; // GOOD
@@ -257,8 +257,8 @@ public void Access()
         int[] ia = null;
         string[] sa = null;
 
-        ia[1] = 0; // BAD (always)
-        var temp = sa.Length; // BAD (always)
+        ia[1] = 0; // $ Alert[cs/dereferenced-value-is-always-null]
+        var temp = sa.Length; // $ Alert[cs/dereferenced-value-is-always-null]
 
         ia[1] = 0; // BAD (always), but not first
         temp = sa.Length; // BAD (always), but not first
Original file line number	Diff line number	Diff line change
`@@ -41,9 +41,7 @@ class SystemDiagnosticsDebugClass extends SystemDiagnosticsClass {`
`41`	`41`	/** Gets an `Assert(bool, ...)` method. */
`42`	`42`	`Method getAssertMethod() {`
`43`	`43`	`result.getDeclaringType() = this and`
`44`		`- result.hasName("Assert") and`
`45`		`- result.getParameter(0).getType() instanceof BoolType and`
`46`		`- result.getReturnType() instanceof VoidType`
	`44`	`+ result.hasName("Assert")`
`47`	`45`	`}`
`48`	`46`	`}`
`49`	`47`
-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +category: minorAnalysis
 +---
 +* The queries `cs/dereferenced-value-is-always-null` and `cs/dereferenced-value-may-be-null` have been improved to reduce false positives. The queries no longer assume that expressions are dereferenced when passed as the receiver (`this` parameter) to extension methods where that parameter is a nullable type.
Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,7 @@ public void NotTest()`
`15`	`15`
`16`	`16`	`if (!(o != null))`
`17`	`17`	`{`
`18`		`- o.GetHashCode(); // BAD (always)`
	`18`	`+ o.GetHashCode(); // $ Alert[cs/dereferenced-value-is-always-null]`
`19`	`19`	`}`
`20`	`20`	`}`
`21`	`21`
`@@ -39,7 +39,7 @@ public void AssertTest()`
`39`	`39`	`{`
`40`	`40`	`var s = Maybe() ? null : "";`
`41`	`41`	`Debug.Assert(s == null);`
`42`		`- s.ToString(); // BAD (always)`
	`42`	`+ s.ToString(); // $ Alert[cs/dereferenced-value-is-always-null]`
`43`	`43`
`44`	`44`	`s = Maybe() ? null : "";`
`45`	`45`	`Debug.Assert(s != null);`
`@@ -50,22 +50,22 @@ public void AssertNullTest()`
`50`	`50`	`{`
`51`	`51`	`var o1 = new object();`
`52`	`52`	`AssertNull(o1);`
`53`		`- o1.ToString(); // BAD (always) (false negative)`
	`53`	`+ o1.ToString(); // $ MISSING: Alert[cs/dereferenced-value-is-always-null]`
`54`	`54`
`55`	`55`	`var o2 = Maybe() ? null : "";`
`56`	`56`	`Assert.IsNull(o2);`
`57`		`- o2.ToString(); // BAD (always)`
	`57`	`+ o2.ToString(); // $ Alert[cs/dereferenced-value-is-always-null]`
`58`	`58`	`}`
`59`	`59`
`60`	`60`	`public void AssertNotNullTest()`
`61`	`61`	`{`
`62`		`- var o1 = Maybe() ? null : new object();`
	`62`	`+ var o1 = Maybe() ? null : new object(); // $ Source[cs/dereferenced-value-may-be-null]`
`63`	`63`	`AssertNonNull(o1);`
`64`		`- o1.ToString(); // GOOD (false positive)`
	`64`	`+ o1.ToString(); // $ SPURIOUS (false positive): Alert[cs/dereferenced-value-may-be-null]`
`65`	`65`
`66`		`- var o2 = Maybe() ? null : new object();`
	`66`	`+ var o2 = Maybe() ? null : new object(); // $ Source[cs/dereferenced-value-may-be-null]`
`67`	`67`	`AssertNonNull(o1);`
`68`		`- o2.ToString(); // BAD (maybe)`
	`68`	`+ o2.ToString(); // $ Alert[cs/dereferenced-value-may-be-null]`
`69`	`69`
`70`	`70`	`var o3 = Maybe() ? null : new object();`
`71`	`71`	`Assert.IsNotNull(o3);`
`@@ -91,16 +91,16 @@ public void InstanceOf()`
`91`	`91`
`92`	`92`	`public void Lock()`
`93`	`93`	`{`
`94`		`- var o = Maybe() ? null : new object();`
`95`		`- lock (o) // BAD (maybe)`
	`94`	`+ var o = Maybe() ? null : new object(); // $ Source[cs/dereferenced-value-may-be-null]`
	`95`	`+ lock (o) // $ Alert[cs/dereferenced-value-may-be-null]`
`96`	`96`	`o.ToString(); // GOOD`
`97`	`97`	`}`
`98`	`98`
`99`	`99`	`public void Foreach(IEnumerable<int> list)`
`100`	`100`	`{`
`101`	`101`	`if (Maybe())`
`102`		`- list = null;`
`103`		`- foreach (var x in list) // BAD (maybe)`
	`102`	`+ list = null; // $ Source[cs/dereferenced-value-may-be-null]`
	`103`	`+ foreach (var x in list) // $ Alert[cs/dereferenced-value-may-be-null]`
`104`	`104`	`{`
`105`	`105`	`x.ToString(); // GOOD`
`106`	`106`	`list.ToString(); // GOOD`
`@@ -159,23 +159,23 @@ public void DoWhile()`
`159`	`159`	`s = null;`
`160`	`160`	`do`
`161`	`161`	`{`
`162`		`- s.ToString(); // BAD (always)`
	`162`	`+ s.ToString(); // $ Alert[cs/dereferenced-value-is-always-null]`
`163`	`163`	`s = null;`
`164`	`164`	`}`
`165`	`165`	`while (s != null);`
`166`	`166`
`167`	`167`	`s = null;`
`168`	`168`	`do`
`169`	`169`	`{`
`170`		`- s.ToString(); // BAD (always)`
	`170`	`+ s.ToString(); // $ Alert[cs/dereferenced-value-is-always-null]`
`171`	`171`	`}`
`172`	`172`	`while (s != null);`
`173`	`173`
`174`	`174`	`s = "";`
`175`	`175`	`do`
`176`	`176`	`{`
`177`		`- s.ToString(); // BAD (maybe)`
`178`		`- s = null;`
	`177`	`+ s.ToString(); // $ Alert[cs/dereferenced-value-may-be-null]`
	`178`	`+ s = null; // $ Source[cs/dereferenced-value-may-be-null]`
`179`	`179`	`}`
`180`	`180`	`while (true);`
`181`	`181`	`}`
`@@ -193,15 +193,15 @@ public void While()`
`193`	`193`	`s = null;`
`194`	`194`	`while (b)`
`195`	`195`	`{`
`196`		`- s.ToString(); // BAD (always)`
	`196`	`+ s.ToString(); // $ Alert[cs/dereferenced-value-is-always-null]`
`197`	`197`	`s = null;`
`198`	`198`	`}`
`199`	`199`
`200`	`200`	`s = "";`
`201`	`201`	`while (true)`
`202`	`202`	`{`
`203`		`- s.ToString(); // BAD (maybe)`
`204`		`- s = null;`
	`203`	`+ s.ToString(); // $ Alert[cs/dereferenced-value-may-be-null]`
	`204`	`+ s = null; // $ Source[cs/dereferenced-value-may-be-null]`
`205`	`205`	`}`
`206`	`206`	`}`
`207`	`207`
`@@ -215,12 +215,12 @@ public void If()`
`215`	`215`	`}`
`216`	`216`
`217`	`217`	`if (s == null)`
`218`		`- s.ToString(); // BAD (always)`
	`218`	`+ s.ToString(); // $ Alert[cs/dereferenced-value-is-always-null]`
`219`	`219`
`220`	`220`	`s = "";`
`221`	`221`	`if (s != null && s.Length % 2 == 0)`
`222`		`- s = null;`
`223`		`- s.ToString(); // BAD (maybe)`
	`222`	`+ s = null; // $ Source[cs/dereferenced-value-may-be-null]`
	`223`	`+ s.ToString(); // $ Alert[cs/dereferenced-value-may-be-null]`
`224`	`224`	`}`
`225`	`225`
`226`	`226`	`public void For()`
`@@ -230,23 +230,23 @@ public void For()`
`230`	`230`	`{`
`231`	`231`	`s.ToString(); // GOOD`
`232`	`232`	`}`
`233`		`- s.ToString(); // BAD (always)`
	`233`	`+ s.ToString(); // $ Alert[cs/dereferenced-value-is-always-null]`
`234`	`234`
`235`	`235`	`for (s = null; s == null; s = null)`
`236`	`236`	`{`
`237`		`- s.ToString(); // BAD (always)`
	`237`	`+ s.ToString(); // $ Alert[cs/dereferenced-value-is-always-null]`
`238`	`238`	`}`
`239`	`239`
`240`		`- for (s = ""; ; s = null)`
	`240`	`+ for (s = ""; ; s = null) // $ Source[cs/dereferenced-value-may-be-null]`
`241`	`241`	`{`
`242`		`- s.ToString(); // BAD (maybe)`
	`242`	`+ s.ToString(); // $ Alert[cs/dereferenced-value-may-be-null]`
`243`	`243`	`}`
`244`	`244`	`}`
`245`	`245`
`246`	`246`	`public void ArrayAssignTest()`
`247`	`247`	`{`
`248`	`248`	`int[] a = null;`
`249`		`- a[0] = 10; // BAD (always)`
	`249`	`+ a[0] = 10; // $ Alert[cs/dereferenced-value-is-always-null]`
`250`	`250`
`251`	`251`	`a = new int[10];`
`252`	`252`	`a[0] = 42; // GOOD`
`@@ -257,8 +257,8 @@ public void Access()`
`257`	`257`	`int[] ia = null;`
`258`	`258`	`string[] sa = null;`
`259`	`259`
`260`		`- ia[1] = 0; // BAD (always)`
`261`		`- var temp = sa.Length; // BAD (always)`
	`260`	`+ ia[1] = 0; // $ Alert[cs/dereferenced-value-is-always-null]`
	`261`	`+ var temp = sa.Length; // $ Alert[cs/dereferenced-value-is-always-null]`
`262`	`262`
`263`	`263`	`ia[1] = 0; // BAD (always), but not first`
`264`	`264`	`temp = sa.Length; // BAD (always), but not first`