From 8e25240282c8d9166fed2ba2fc7fdac3fa1cbe27 Mon Sep 17 00:00:00 2001
From: Mathias Vorreiter Pedersen <mathiasvp@github.com>
Date: Wed, 13 May 2026 13:07:56 +0100
Subject: [PATCH] C++: Add a FP caused by missing certainty around SSA writes
 from Uninitialized instructions.

---
 .../dataflow/dataflow-tests/dataflow-consistency.expected | 1 +
 .../dataflow/dataflow-tests/test-source-sink.expected     | 2 ++
 .../test/library-tests/dataflow/dataflow-tests/test.cpp   | 8 ++++++++
 .../dataflow/dataflow-tests/uninitialized.expected        | 2 ++
 4 files changed, 13 insertions(+)

diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected
index 4e145427a36..77ee5c4abb6 100644
--- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected
+++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected
@@ -143,6 +143,7 @@ postWithInFlow
 | test.cpp:1153:5:1153:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:1165:5:1165:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:1195:5:1195:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
+| test.cpp:1337:5:1337:13 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
 viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test-source-sink.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test-source-sink.expected
index 5ee2ca86cbc..a4c83c44066 100644
--- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test-source-sink.expected
+++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test-source-sink.expected
@@ -171,6 +171,7 @@ astFlow
 | test.cpp:1312:7:1312:12 | call to source | test.cpp:1313:8:1313:24 | ... ? ... : ... |
 | test.cpp:1312:7:1312:12 | call to source | test.cpp:1314:8:1314:8 | x |
 | test.cpp:1329:11:1329:16 | call to source | test.cpp:1330:10:1330:10 | i |
+| test.cpp:1335:10:1335:15 | buffer | test.cpp:1336:10:1336:18 | access to array |
 | true_upon_entry.cpp:17:11:17:16 | call to source | true_upon_entry.cpp:21:8:21:8 | x |
 | true_upon_entry.cpp:27:9:27:14 | call to source | true_upon_entry.cpp:29:8:29:8 | x |
 | true_upon_entry.cpp:33:11:33:16 | call to source | true_upon_entry.cpp:39:8:39:8 | x |
@@ -393,6 +394,7 @@ irFlow
 | test.cpp:1312:7:1312:12 | call to source | test.cpp:1314:8:1314:8 | x |
 | test.cpp:1318:13:1318:18 | call to source | test.cpp:1327:10:1327:10 | i |
 | test.cpp:1329:11:1329:16 | call to source | test.cpp:1330:10:1330:10 | i |
+| test.cpp:1337:17:1337:24 | call to source | test.cpp:1336:10:1336:18 | access to array |
 | true_upon_entry.cpp:9:11:9:16 | call to source | true_upon_entry.cpp:13:8:13:8 | x |
 | true_upon_entry.cpp:17:11:17:16 | call to source | true_upon_entry.cpp:21:8:21:8 | x |
 | true_upon_entry.cpp:27:9:27:14 | call to source | true_upon_entry.cpp:29:8:29:8 | x |
diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp
index 892d49b0085..f87671464f9 100644
--- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp
+++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp
@@ -1329,3 +1329,11 @@ void nsdmi_test() {
   nsdmi y(source());
   sink(y.i); // $ ir ast
 }
+
+void certain_def_uninitialized_instruction_test() {
+  for(int i = 0; i < 10; i++) {
+    char buffer[10];
+    sink(buffer[0]); // $ SPURIOUS: ir ast
+    buffer[0] = source();
+  }
+}
\ No newline at end of file
diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/uninitialized.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/uninitialized.expected
index 52bbcabb1e3..0850b577dcb 100644
--- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/uninitialized.expected
+++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/uninitialized.expected
@@ -59,3 +59,5 @@
 | test.cpp:1137:7:1137:10 | data | test.cpp:1138:5:1138:8 | data |
 | test.cpp:1137:7:1137:10 | data | test.cpp:1139:4:1139:7 | data |
 | test.cpp:1137:7:1137:10 | data | test.cpp:1140:10:1140:13 | data |
+| test.cpp:1335:10:1335:15 | buffer | test.cpp:1336:10:1336:15 | buffer |
+| test.cpp:1335:10:1335:15 | buffer | test.cpp:1337:5:1337:10 | buffer |