* core: Fix -cfg_il to use a visitor to find all function definitions

* dataflow: IL: Add a debugging string to Noop

* analyzing: AST_to_IL: Give labels more descriptive names

* analyzing: CFG_build: Make sure labels are resolved

We did not create a dummy node to apply pending labels to when the
preceeding statement exited the function. We must create the dummy node
and label it, otherwise some `goto` may be left unresolved.

This also fixes the "Could not resolve label: _label" warnings that we
had been observing for a while.

Fixes: 20cd8a78 ("Add support for Break and Continue in IL (#3925)")

Closes #4265

test plan:
make test # test included

* Yoann's review

* Clarify purpose of test and rewrite changelog entry

This closes #4305

test plan:
test file included

* Apply language-independent filtering to regex and generic targets like
for all languages.

* Update changelog

* ocamlformat after merge
Co-authored-by: Yoann Padioleau <pad@returntocorp.com>
Co-authored-by: pad <pad@r2c.dev>

* [TestInfra] add test infrastructure to check for maturity level

This is more formal support to actually check whether a certain
language meet a certain maturity level for the tests.

This closes https://github.com/returntocorp/semgrep/issues/4300

test plan:
test file included
make test

* Fix CI failures on dummy-benchmarks

This fix a regression introduced by
https://github.com/returntocorp/semgrep/pull/4313
It was not caught at that time because the circle CI job
use the develop image to get the stats and this develop was still
the old one at the moment of the offending PR, so we got the
error at the following PR

test plan:
$ ./run-benchmarks --dummy --upload
now works

* comment

* Revert "Revert "feat(timing): profile config resolution and nosem handling timing (#4292)" (#4312)"

This reverts commit 7f5ac6f2.

* fixup! Revert "Revert "feat(timing): profile config resolution and nosem handling timing (#4292)" (#4312)"

This reverts commit 3e91c386.

This will give us more visibility into where semgrep is slow and where
performance improvements will have the highest impact

There seems to be a 7-10% slowdown from 0.70.0 to 0.73.0, we update the
baseline while we investigate the issue.

Closes #3881

test plan:
make test # tests included

I plan to add some regression testing checking
the maturity level of each language, but it was better
to cleanup the file before

test plan:
make test

test plan:
test file included
make test

test-plan:
cd parsing-stats
./run-lang kotlin
cat lang/kotlin/stat.json
=> 98.96%!

This will help #4300

test plan:
test file included

Co-authored-by: Yoann Padioleau <pad@returntocorp.com>

test plan:
test file included
make test

also under a pipenv shell for semgrep:
./scripts/generate-cheatsheet terminates

Even when --disable-nosem was set, we were still going through
all the findings and reading their files to see if there were nosem
comments for those findings.

With this PR we no longer do this unnecessary work

* scala for loops to generic

* tests

* changelog

* add comment pointing to scala docs

The python wrapper now calls the core with -config. We don't need
anymore the rule->mini-rule gymnastic.

test plan:
make test

* [PHP] allow public method pattern for semgrep

This closes https://github.com/returntocorp/semgrep/issues/4262

test plan:
test file included

* changelog

* [Internal] Rename Dataflow.ml to Dataflow_core.ml (for multicore)

This is because in ocaml 4.12.0+domains (a.k.a. OCaml multicore
preview) the compiler-libs of OCaml contains a file called dataflow.ml
which then takes precedence over our own Dataflow.ml
(This could be solved by not using a flat namespace)

test plan:
opam switch 4.12.0+domains
make

Note that make test currently fails under 4.12.0+domains
but just one test fails!
```
│ [FAIL]        memory limits                                                                  0   stack warning.                                                   │
```

* forgot to install ocamformat in my 4.12.0+domains opam switch

Passing the body of the block as yet another argument had some
undesirable (?) side effects. For example, given `f(x) { |n| puts n }`,
pattern `f(...)` matched the entire block rather than just `f(x)`, and
`f($X)` did not match anything!

Helps #3880

test plan:
make test # tests included

* recognize metavariables in patterns, add test

* changelog

* fix test

* fix(test): dont treat todoruleid as false positive

When passing --test-ignore-todo dont return non zero exit code
when a rule fires on a line tagged with todoruleid

* fixup! fix(test): dont treat todoruleid as false positive

* Deduplicate rules by id

* Rules run in deterministic order

* Rules run in deterministic order

* Test

* Changelog

* I literally pulled develop and forgot to merge

* Diff rules based on behavior and id

* Changelog

* Use only metadata to dedup

* changelog, update semgrep-main

* remove accidentally added file

* add test

This will allow to use semgrep inside other projects

test plan:
see related PR in xxx-semgrep

Release 0.73.0

* Rename Pcre_settings module -> SPcre ('S' is for Semgrep)

* Add semgrep rule to enforce use of SPcre

* Explain module name

* Add a script for my own use to output timing information I care about

* Update with more information

* Latest version of scripts

* analyzing: cfg: Fix `try` blocks ending in `return`

When building the CFG of a `try-catch` we connect the end of the
try-block to the beginning of the catch-block. But, if the CFG of the
try-block ended in `return`, this did not happen, and the catch-block
became dead code, despite something in the try-block could throw an
exception.

Closes #4091

test plan:
make test # tests included

* Yoann's review

* Fix changelog after rebase

test plan:
make test # test included

The error also triggered with:

    rules:
    - id: test
      patterns:
      - pattern-regex: IHDR
      message: Semgrep found a match
      languages: [regex]
      severity: WARNING

Follows #4264
Closes #4258

test plan:
make test # test included

* [Kotlin] use latest tree-sitter-kotlin with new scanner.c

This parses 96.9% of our Kotlin corupus

test plan:
make test

* use latest semgrep-kotlin fixing ASI pbs with ellipsis