diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll
index d9c4fd5eb26..cb1035f4ba3 100644
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll
@@ -192,22 +192,23 @@ private predicate sourceVariableHasBaseAndIndex(SourceVariable v, BaseSourceVari
   v.getIndirection() = ind
 }
 
-class DefImpl extends DefOrUseImpl, TDefImpl {
+abstract class DefImpl extends DefOrUseImpl {
   Operand address;
   int ind;
 
-  DefImpl() { this = TDefImpl(address, ind) }
+  bindingset[ind]
+  DefImpl() { any() }
 
-  override BaseSourceVariableInstruction getBase() { isDef(_, _, address, result, _, _) }
+  abstract int getIndirection();
+
+  abstract Node0Impl getValue();
+
+  abstract predicate isCertain();
 
   Operand getAddressOperand() { result = address }
 
-  int getIndirection() { isDef(_, _, address, _, result, ind) }
-
   override int getIndirectionIndex() { result = ind }
 
-  Node0Impl getValue() { isDef(_, result, address, _, _, _) }
-
   override string toString() { result = "DefImpl" }
 
   override IRBlock getBlock() { result = this.getAddressOperand().getUse().getBlock() }
@@ -217,15 +218,28 @@ class DefImpl extends DefOrUseImpl, TDefImpl {
   final override predicate hasIndexInBlock(IRBlock block, int index) {
     this.getAddressOperand().getUse() = block.getInstruction(index)
   }
+}
+
+private class DirectDef extends DefImpl, TDefImpl {
+  DirectDef() { this = TDefImpl(address, ind) }
+
+  override BaseSourceVariableInstruction getBase() { isDef(_, _, address, result, _, _) }
+
+  override int getIndirection() { isDef(_, _, address, _, result, ind) }
+
+  override Node0Impl getValue() { isDef(_, result, address, _, _, _) }
+
+  override predicate isCertain() { isDef(true, _, address, _, _, ind) }
 
   predicate isCertain() { isDef(true, _, address, _, _, ind) }
 }
 
-class UseImpl extends DefOrUseImpl, TUseImpl {
+abstract class UseImpl extends DefOrUseImpl {
   Operand operand;
   int ind;
 
-  UseImpl() { this = TUseImpl(operand, ind) }
+  bindingset[ind]
+  UseImpl() { any() }
 
   Operand getOperand() { result = operand }
 
@@ -239,13 +253,21 @@ class UseImpl extends DefOrUseImpl, TUseImpl {
 
   final override Cpp::Location getLocation() { result = operand.getLocation() }
 
-  final int getIndirection() { isUse(_, operand, _, result, ind) }
-
   override int getIndirectionIndex() { result = ind }
 
+  abstract int getIndirection();
+
+  abstract predicate isCertain();
+}
+
+private class DirectUse extends UseImpl, TUseImpl {
+  DirectUse() { this = TUseImpl(operand, ind) }
+
+  override int getIndirection() { isUse(_, operand, _, result, ind) }
+
   override BaseSourceVariableInstruction getBase() { isUse(_, operand, result, _, ind) }
 
-  predicate isCertain() { isUse(true, operand, _, _, ind) }
+  override predicate isCertain() { isUse(true, operand, _, _, ind) }
 }
 
 /**
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/ssa0/SsaInternals.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/ssa0/SsaInternals.qll
index d3093835843..bd665966670 100644
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/ssa0/SsaInternals.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/ssa0/SsaInternals.qll
@@ -63,18 +63,16 @@ abstract private class DefOrUseImpl extends TDefOrUseImpl {
   final SourceVariable getSourceVariable() {
     result.getBaseVariable() = this.getBaseSourceVariable()
   }
+
+  abstract predicate isCertain();
 }
 
-class DefImpl extends DefOrUseImpl, TDefImpl {
+abstract class DefImpl extends DefOrUseImpl {
   Operand address;
 
-  DefImpl() { this = TDefImpl(address) }
-
-  override BaseSourceVariableInstruction getBase() { isDef(_, _, address, result, _, _) }
-
   Operand getAddressOperand() { result = address }
 
-  Node0Impl getValue() { isDef(_, result, address, _, _, _) }
+  abstract Node0Impl getValue();
 
   override string toString() { result = address.toString() }
 
@@ -85,15 +83,23 @@ class DefImpl extends DefOrUseImpl, TDefImpl {
   final override predicate hasIndexInBlock(IRBlock block, int index) {
     this.getAddressOperand().getUse() = block.getInstruction(index)
   }
+}
+
+private class DirectDef extends DefImpl, TDefImpl {
+  DirectDef() { this = TDefImpl(address) }
+
+  override BaseSourceVariableInstruction getBase() { isDef(_, _, address, result, _, _) }
+
+  override Node0Impl getValue() { isDef(_, result, address, _, _, _) }
+
+  override predicate isCertain() { isDef(true, _, address, _, _, _) }
 
   predicate isCertain() { isDef(true, _, address, _, _, _) }
 }
 
-class UseImpl extends DefOrUseImpl, TUseImpl {
+abstract class UseImpl extends DefOrUseImpl {
   Operand operand;
 
-  UseImpl() { this = TUseImpl(operand) }
-
   Operand getOperand() { result = operand }
 
   override string toString() { result = operand.toString() }
@@ -105,10 +111,14 @@ class UseImpl extends DefOrUseImpl, TUseImpl {
   final override IRBlock getBlock() { result = operand.getUse().getBlock() }
 
   final override Cpp::Location getLocation() { result = operand.getLocation() }
+}
+
+private class DirectUse extends UseImpl, TUseImpl {
+  DirectUse() { this = TUseImpl(operand) }
 
   override BaseSourceVariableInstruction getBase() { isUse(_, operand, result, _, _) }
 
-  predicate isCertain() { isUse(true, operand, _, _, _) }
+  override predicate isCertain() { isUse(true, operand, _, _, _) }
 }
 
 private module SsaInput implements SsaImplCommon::InputSig {