CodeQL library for C/C++

Module RangeSSA

This library is a clone of semmle.code.cpp.controlflow.SSA, with only one difference: extra phi definitions are added after guards. For example:

    x = f();
    if (x < 10) {
      // Block 1
    } else {
      // Block 2

In standard SSA, basic blocks 1 and 2 do not need phi definitions for x, because they are dominated by the definition of x on the first line. In RangeSSA, however, we add phi definitions for x at the beginning of blocks 1 and 2. This is useful for range analysis because it enables us to deduce a more accurate range for x in the two branches of the if-statement.

Import path

import semmle.code.cpp.rangeanalysis.RangeSSA



Provides dominance predicates for control-flow nodes.


Provides classes and predicates for use in the SSA library.


Provides classes and predicates for working with C/C++ code.



The SSA logic comes in two versions: the standard SSA and range-analysis RangeSSA. This class provides the range-analysis SSA logic.


A definition of one or more SSA variables, including phi node definitions. An SSA variable is effectively the pair of a definition and the (non-SSA) variable that it defines. Note definitions and uses can be coincident, due to the presence of parameter definitions and phi nodes.