up

bench/reachability-benchmark/baselines/codeql/README.md

@@ -0,0 +1,25 @@
+# CodeQL baseline
+
+Deterministic baseline runner that emits a benchmark submission for one or more cases using CodeQL when available. If CodeQL is not installed, it still produces a schema‑valid submission marking all sinks as `unreachable`, so CI and comparisons remain stable.
+
+## Usage
+```bash
+# One case
+baselines/codeql/run_case.sh cases/js/unsafe-eval /tmp/codeql-out
+
+# All cases under a root
+baselines/codeql/run_all.sh cases /tmp/codeql-all
+```
+
+Outputs:
+- Per-case: `<out>/submission.json`
+- All cases: `<out>/submission.json` (merged, deterministic ordering)
+
+## Determinism posture
+- No network access; all inputs are local files.
+- Stable ordering of cases and sinks.
+- If CodeQL is missing or analysis fails, the runner falls back to a deterministic “all unreachable” submission.
+
+## Requirements
+- Python 3.11+.
+- Optional: `codeql` CLI on PATH for real analysis (not required for offline deterministic fallback).