diff --git a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
index 0ecb4ac596a..3f1ea39de09 100644
--- a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
+++ b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
@@ -239,6 +239,14 @@ class DefinitionByReferenceNode extends InstructionNode {
   Parameter getParameter() {
     exists(CallInstruction ci | result = ci.getStaticCallTarget().getParameter(instr.getIndex()))
   }
+
+  override string toString() {
+    // This string should be unique enough to be helpful but common enough to
+    // avoid storing too many different strings.
+    result =
+      instr.getPrimaryInstruction().(CallInstruction).getStaticCallTarget().getName() +
+        " output argument"
+  }
 }
 
 /**
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/funcs/funcsLocal.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/funcs/funcsLocal.expected
index 556c2fca192..c4dc83315e4 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/funcs/funcsLocal.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/funcs/funcsLocal.expected
@@ -1,10 +1,10 @@
 edges
-| funcsLocal.c:16:8:16:9 | BufferMayWriteSideEffect | funcsLocal.c:17:9:17:10 | (const char *)... |
-| funcsLocal.c:16:8:16:9 | BufferMayWriteSideEffect | funcsLocal.c:17:9:17:10 | i1 |
+| funcsLocal.c:16:8:16:9 | fread output argument | funcsLocal.c:17:9:17:10 | (const char *)... |
+| funcsLocal.c:16:8:16:9 | fread output argument | funcsLocal.c:17:9:17:10 | i1 |
 | funcsLocal.c:16:8:16:9 | i1 | funcsLocal.c:17:9:17:10 | (const char *)... |
 | funcsLocal.c:16:8:16:9 | i1 | funcsLocal.c:17:9:17:10 | i1 |
-| funcsLocal.c:26:8:26:9 | BufferMustWriteSideEffect | funcsLocal.c:27:9:27:10 | (const char *)... |
-| funcsLocal.c:26:8:26:9 | BufferMustWriteSideEffect | funcsLocal.c:27:9:27:10 | i3 |
+| funcsLocal.c:26:8:26:9 | fgets output argument | funcsLocal.c:27:9:27:10 | (const char *)... |
+| funcsLocal.c:26:8:26:9 | fgets output argument | funcsLocal.c:27:9:27:10 | i3 |
 | funcsLocal.c:26:8:26:9 | i3 | funcsLocal.c:27:9:27:10 | (const char *)... |
 | funcsLocal.c:26:8:26:9 | i3 | funcsLocal.c:27:9:27:10 | i3 |
 | funcsLocal.c:31:13:31:17 | call to fgets | funcsLocal.c:32:9:32:10 | (const char *)... |
@@ -13,12 +13,12 @@ edges
 | funcsLocal.c:31:13:31:17 | call to fgets | funcsLocal.c:32:9:32:10 | i4 |
 | funcsLocal.c:31:13:31:17 | call to fgets | funcsLocal.c:32:9:32:10 | i4 |
 | funcsLocal.c:31:13:31:17 | call to fgets | funcsLocal.c:32:9:32:10 | i4 |
-| funcsLocal.c:31:19:31:21 | BufferMustWriteSideEffect | funcsLocal.c:32:9:32:10 | (const char *)... |
-| funcsLocal.c:31:19:31:21 | BufferMustWriteSideEffect | funcsLocal.c:32:9:32:10 | i4 |
+| funcsLocal.c:31:19:31:21 | fgets output argument | funcsLocal.c:32:9:32:10 | (const char *)... |
+| funcsLocal.c:31:19:31:21 | fgets output argument | funcsLocal.c:32:9:32:10 | i4 |
 | funcsLocal.c:31:19:31:21 | i41 | funcsLocal.c:32:9:32:10 | (const char *)... |
 | funcsLocal.c:31:19:31:21 | i41 | funcsLocal.c:32:9:32:10 | i4 |
-| funcsLocal.c:36:7:36:8 | BufferMustWriteSideEffect | funcsLocal.c:37:9:37:10 | (const char *)... |
-| funcsLocal.c:36:7:36:8 | BufferMustWriteSideEffect | funcsLocal.c:37:9:37:10 | i5 |
+| funcsLocal.c:36:7:36:8 | gets output argument | funcsLocal.c:37:9:37:10 | (const char *)... |
+| funcsLocal.c:36:7:36:8 | gets output argument | funcsLocal.c:37:9:37:10 | i5 |
 | funcsLocal.c:36:7:36:8 | i5 | funcsLocal.c:37:9:37:10 | (const char *)... |
 | funcsLocal.c:36:7:36:8 | i5 | funcsLocal.c:37:9:37:10 | i5 |
 | funcsLocal.c:41:13:41:16 | call to gets | funcsLocal.c:42:9:42:10 | (const char *)... |
@@ -27,38 +27,38 @@ edges
 | funcsLocal.c:41:13:41:16 | call to gets | funcsLocal.c:42:9:42:10 | i6 |
 | funcsLocal.c:41:13:41:16 | call to gets | funcsLocal.c:42:9:42:10 | i6 |
 | funcsLocal.c:41:13:41:16 | call to gets | funcsLocal.c:42:9:42:10 | i6 |
-| funcsLocal.c:41:18:41:20 | BufferMustWriteSideEffect | funcsLocal.c:42:9:42:10 | (const char *)... |
-| funcsLocal.c:41:18:41:20 | BufferMustWriteSideEffect | funcsLocal.c:42:9:42:10 | i6 |
+| funcsLocal.c:41:18:41:20 | gets output argument | funcsLocal.c:42:9:42:10 | (const char *)... |
+| funcsLocal.c:41:18:41:20 | gets output argument | funcsLocal.c:42:9:42:10 | i6 |
 | funcsLocal.c:41:18:41:20 | i61 | funcsLocal.c:42:9:42:10 | (const char *)... |
 | funcsLocal.c:41:18:41:20 | i61 | funcsLocal.c:42:9:42:10 | i6 |
 nodes
-| funcsLocal.c:16:8:16:9 | BufferMayWriteSideEffect | semmle.label | BufferMayWriteSideEffect |
+| funcsLocal.c:16:8:16:9 | fread output argument | semmle.label | fread output argument |
 | funcsLocal.c:16:8:16:9 | i1 | semmle.label | i1 |
 | funcsLocal.c:17:9:17:10 | (const char *)... | semmle.label | (const char *)... |
 | funcsLocal.c:17:9:17:10 | (const char *)... | semmle.label | (const char *)... |
 | funcsLocal.c:17:9:17:10 | i1 | semmle.label | i1 |
-| funcsLocal.c:26:8:26:9 | BufferMustWriteSideEffect | semmle.label | BufferMustWriteSideEffect |
+| funcsLocal.c:26:8:26:9 | fgets output argument | semmle.label | fgets output argument |
 | funcsLocal.c:26:8:26:9 | i3 | semmle.label | i3 |
 | funcsLocal.c:27:9:27:10 | (const char *)... | semmle.label | (const char *)... |
 | funcsLocal.c:27:9:27:10 | (const char *)... | semmle.label | (const char *)... |
 | funcsLocal.c:27:9:27:10 | i3 | semmle.label | i3 |
 | funcsLocal.c:31:13:31:17 | call to fgets | semmle.label | call to fgets |
 | funcsLocal.c:31:13:31:17 | call to fgets | semmle.label | call to fgets |
-| funcsLocal.c:31:19:31:21 | BufferMustWriteSideEffect | semmle.label | BufferMustWriteSideEffect |
+| funcsLocal.c:31:19:31:21 | fgets output argument | semmle.label | fgets output argument |
 | funcsLocal.c:31:19:31:21 | i41 | semmle.label | i41 |
 | funcsLocal.c:32:9:32:10 | (const char *)... | semmle.label | (const char *)... |
 | funcsLocal.c:32:9:32:10 | (const char *)... | semmle.label | (const char *)... |
 | funcsLocal.c:32:9:32:10 | i4 | semmle.label | i4 |
 | funcsLocal.c:32:9:32:10 | i4 | semmle.label | i4 |
 | funcsLocal.c:32:9:32:10 | i4 | semmle.label | i4 |
-| funcsLocal.c:36:7:36:8 | BufferMustWriteSideEffect | semmle.label | BufferMustWriteSideEffect |
+| funcsLocal.c:36:7:36:8 | gets output argument | semmle.label | gets output argument |
 | funcsLocal.c:36:7:36:8 | i5 | semmle.label | i5 |
 | funcsLocal.c:37:9:37:10 | (const char *)... | semmle.label | (const char *)... |
 | funcsLocal.c:37:9:37:10 | (const char *)... | semmle.label | (const char *)... |
 | funcsLocal.c:37:9:37:10 | i5 | semmle.label | i5 |
 | funcsLocal.c:41:13:41:16 | call to gets | semmle.label | call to gets |
 | funcsLocal.c:41:13:41:16 | call to gets | semmle.label | call to gets |
-| funcsLocal.c:41:18:41:20 | BufferMustWriteSideEffect | semmle.label | BufferMustWriteSideEffect |
+| funcsLocal.c:41:18:41:20 | gets output argument | semmle.label | gets output argument |
 | funcsLocal.c:41:18:41:20 | i61 | semmle.label | i61 |
 | funcsLocal.c:42:9:42:10 | (const char *)... | semmle.label | (const char *)... |
 | funcsLocal.c:42:9:42:10 | (const char *)... | semmle.label | (const char *)... |