From d89967ce8ea71ecdd92f2fe9cd250ea8677e34e9 Mon Sep 17 00:00:00 2001
From: Mathias Vorreiter Pedersen <mathiasvp@github.com>
Date: Wed, 21 Jan 2026 20:27:39 +0000
Subject: [PATCH 1/2] C++: Add ''isLiveAtEndOfBlock' predicate to 'Definition'.

---
 .../code/cpp/ir/dataflow/internal/SsaImpl.qll       | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll
index d4a80ff25c80..28541a3837be 100644
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll
@@ -940,6 +940,11 @@ module SsaCached {
     SsaImpl::phiHasInputFromBlock(phi, inp, bb)
   }
 
+  cached
+  predicate ssaDefReachesEndOfBlock(IRBlock bb, Definition def) {
+    SsaImpl::ssaDefReachesEndOfBlock(bb, def, _)
+  }
+
   predicate variableRead = SsaInput::variableRead/4;
 
   predicate variableWrite = SsaInput::variableWrite/4;
@@ -1176,6 +1181,14 @@ class Definition extends SsaImpl::Definition {
     SsaImpl::uncertainWriteDefinitionInput(this, result)
   }
 
+  /**
+   * Holds if this SSA definition is live at the end of basic block `bb`.
+   * That is, this definition reaches the end of basic block `bb`, at which
+   * point it is still live, without crossing another SSA definition of the
+   * same source variable.
+   */
+  predicate isLiveAtEndOfBlock(IRBlock bb) { ssaDefReachesEndOfBlock(bb, this) }
+
   /**
    * Gets a definition that ultimately defines this SSA definition and is
    * not itself a phi node.

From 60ee92d8346b2efc91e513cd16103ca34f258eab Mon Sep 17 00:00:00 2001
From: Mathias Vorreiter Pedersen <mathiasvp@github.com>
Date: Wed, 21 Jan 2026 20:28:28 +0000
Subject: [PATCH 2/2] C++: Drive-by fix: Don't use the uncached
 ''getAPhiInputOrPriorDefinition' predicate. Instead, cache it and call it
 like we are supposed to.

---
 .../lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll   | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll
index 28541a3837be..fb24a1db69fd 100644
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll
@@ -940,6 +940,11 @@ module SsaCached {
     SsaImpl::phiHasInputFromBlock(phi, inp, bb)
   }
 
+  cached
+  predicate uncertainWriteDefinitionInput(Definition uncertain, Definition inp) {
+    SsaImpl::uncertainWriteDefinitionInput(uncertain, inp)
+  }
+
   cached
   predicate ssaDefReachesEndOfBlock(IRBlock bb, Definition def) {
     SsaImpl::ssaDefReachesEndOfBlock(bb, def, _)
@@ -1178,7 +1183,7 @@ class Definition extends SsaImpl::Definition {
   private Definition getAPhiInputOrPriorDefinition() {
     result = this.(PhiNode).getAnInput()
     or
-    SsaImpl::uncertainWriteDefinitionInput(this, result)
+    uncertainWriteDefinitionInput(this, result)
   }
 
   /**