C++: Fix asDefinition to not only work for SSA definitions.

MathiasVP · MathiasVP · commit a556152b9d2b · 2026-01-23T16:23:21.000Z
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
@@ -312,6 +312,13 @@ class Node extends TIRDataFlowNode {
    */
   Expr asDefinition() { result = this.asDefinition(_) }
 
+  private predicate isCertainStore() {
+    exists(SsaImpl::Definition def |
+      SsaImpl::defToNode(this, def, _) and
+      def.isCertain()
+    )
+  }
+
   /**
    * Gets the definition associated with this node, if any.
    *
@@ -361,11 +368,10 @@ class Node extends TIRDataFlowNode {
    * pointed to by `p`.
    */
   Expr asDefinition(boolean uncertain) {
-    exists(StoreInstruction store, SsaImpl::Definition def |
+    exists(StoreInstruction store |
       store = this.asInstruction() and
       result = asDefinitionImpl(store) and
-      SsaImpl::defToNode(this, def, _) and
-      if def.isCertain() then uncertain = false else uncertain = true
+      if this.isCertainStore() then uncertain = false else uncertain = true
     )
   }
 
diff --git a/cpp/ql/test/library-tests/dataflow/asDefinition/test.cpp b/cpp/ql/test/library-tests/dataflow/asDefinition/test.cpp
@@ -10,9 +10,9 @@ void test() {
   y = 44; // $ asDefinition="... = ..."
   use(y);
 
-  int x = 43; // $ MISSING: asDefinition=43
-  x = 44; // $ MISSING: asDefinition="... = ..."
+  int x = 43; // $ asDefinition=43
+  x = 44; // $ asDefinition="... = ..."
 
   S s;
-  s.x = 42; // $ MISSING: asDefinition="... = ..."
+  s.x = 42; // $ asDefinition="... = ..."
 }
