CodeQL library for C and C++

When analyzing C or C++ code, you can use the large collection of classes in the CodeQL library for C and C++.

About the CodeQL library for C and C++¶

There is an extensive library for analyzing CodeQL databases extracted from C/C++ projects. The classes in this library present the data from a database in an object-oriented form and provide abstractions and predicates to help you with common analysis tasks. The library is implemented as a set of QL modules, that is, files with the extension .qll. The module cpp.qll imports all the core C/C++ library modules, so you can include the complete library by beginning your query with:

The rest of this topic summarizes the available CodeQL classes and corresponding C/C++ constructs.

Commonly-used library classes¶

The most commonly used standard library classes are listed below. The listing is broken down by functionality. Each library class is annotated with a C/C++ construct it corresponds to.

Declaration classes¶

This table lists Declaration classes representing C/C++ declarations.

Example syntax	CodeQL class	Remarks
`int` var `;`	GlobalVariable
`namespace` N `{` … `float` var `;` … `}`	NamespaceVariable
`int` func `( void ) {` … `float` var `;` … `}`	LocalVariable	See also Initializer
`class` C `{` … `int` var `;` … `}`	MemberVariable
`int` func `(const char` param `);`	Function
`template < typename` T `>` `void` func `(` T `param);`	TemplateFunction
`int` func `(const char` format* `, ...)` `{` … `}`	FormattingFunction
func `< int, float > (` … `);`	FunctionTemplateInstantiation
`template < typename` T `>` func `< int,` T `> (` … `) {` … `}`	FunctionTemplateSpecialization
`class` C `{` … `int` func `( float` param `);` … `};`	MemberFunction
`class` C `{` … `int` func `( float` param `) const;` … `};`	ConstMemberFunction
`class` C `{` … `virtual int` func `(` … `) {` … `} };`	VirtualFunction
`class` C `{` … C `(` … `) {` … `}` … `};`	Constructor
`C::operator float () const;`	ConversionOperator
`class` C `{` … `~` C `( void ) {` … `}` … `};`	Destructor
`class` C `{` … C `( const` D `&` d `) {` … `}` … `};`	ConversionConstructor
C `&` C `:: operator= (const` C `& );`	CopyAssignmentOperator
C `&` C `:: operator= (` C `&& );`	MoveAssignmentOperator
C `::` C `(const` C `& );`	CopyConstructor
C `::` C `(` C `&& );`	MoveConstructor
C `::` C `(void);`	NoArgConstructor	Default constructor
`enum` en `{` val1 `,` val2 … `}`	EnumConstant
`friend void` func `( int );` `friend class` B `;`	FriendDecl
`int` func `( void ) {` … `enum` en `{` val1 `,` val2 … `};` … `}`	LocalEnum
`class` C `{` … `enum` en `{` val1 `,` val2 … `}` … `}`	NestedEnum
`enum class` en `: short {` val1 `,` val2 … `}`	ScopedEnum
`class` C `{` … `virtual void` func `( int ) = 0;` … `};`	AbstractClass
`template < int , float > class` C `{` … `};`	ClassTemplateInstantiation
`template < > class` C `<` Type `> {` … `};`	FullClassTemplateSpecialization
`template < typename` T `>` `class` C `<` T `,` 5 `> {` … `};`	PartialClassTemplateSpecialization
`int` func `( void ) {` … `class` C `{` … `};` … `}`	LocalClass
`class` C `{` … `class` D `{` … `};` … `};`	NestedClass
`class` C `{` Type var `;` Type func `(` Parameter… `) {` … `}`… `};`	Class
`struct` S `{` … Type var `;` Type func `(` Parameter… `) {` … `}`… `};`	Struct Class
`union` U `{` Type var1 `;` Type var2 `;` … `};`	Union Struct Class
`template < typename` T `>` `struct` C `:` T `{` … `};`	ProxyClass	Appears only in uninstantiated templates
`int` func `( void ) {` … `struct` S `{` … `};` … `}`	LocalStruct
`class` C `{` … `struct` S `{` … `};` … `};`	NestedStruct
`int ` func* `( void ) {` … `union` U `{` … `};` … `}`	LocalUnion
`class` C `{` … `union` U `{` … `};` … `};`	NestedUnion
`typedef int` T `;`	TypedefType
`int` func `( void ) {` … `typedef int` T `;` … `}`	LocalTypedefType
`class` C `{` … `typedef int` T `;` … `};`	NestedTypedefType
`class` V `:` … `public` B … `{` … `};`	ClassDerivation
`class` V `:` … `virtual` B … `{` … `};`	VirtualClassDerivation
`template < typename` T `>` `class` C `{` … `};`	TemplateClass
`int` foo `(` Type param1 `,` Type param2 … `);`	Parameter
`template <typename` T `>` T t `;`	TemplateVariable	Since C++14

Statement classes¶

This table lists subclasses of Stmt representing C/C++ statements.

Example syntax	CodeQL class	Remarks
`__asm__ ("` movb %bh, (%eax) `");`	AsmStmt	Specific to a given CPU instruction set
`{` Stmt… `}`	BlockStmt
`catch (` Parameter `)` BlockStmt	CatchBlock
`catch ( ... )` BlockStmt	CatchAnyBlock
`goto ` labelptr* `;`	ComputedGotoStmt	GNU extension; use with LabelLiteral
Type i `,` j `;`	DeclStmt
`if (` Expr `)` Stmt `else` Stmt	IfStmt
`switch (` Expr `) {` SwitchCase… `}`	SwitchStmt
`do` Stmt `while (` Expr `)`	DoStmt
`for (` DeclStmt `;` Expr `;` Expr `)` Stmt	ForStmt
`for (` DeclStmt `:` Expr `)` Stmt	RangeBasedForStmt
`while (` Expr `)` Stmt	WhileStmt
Expr `;`	ExprStmt
`__try {` … `} __except (` Expr `) {` … `}`	MicrosoftTryExceptStmt	Structured exception handling (SEH) under Windows
`__try {` … `} __finally {` … `}`	MicrosoftTryFinallyStmt	Structured exception handling (SEH) under Windows
`return` Expr `;`	ReturnStmt
`case` Expr `:`	SwitchCase
`try {` Stmt… `}` CatchBlock… CatchAnyBlock	TryStmt
`void` func `(void) try {` Stmt… `}` CatchBlock… CatchAnyBlock	FunctionTryStmt
`;`	EmptyStmt
`break;`	BreakStmt
`continue;`	ContinueStmt
`goto` LabelStmt `;`	GotoStmt
slabel `:`	LabelStmt
`float` arr `[` Expr `] [` Expr `];`	VlaDeclStmt	C99 variable-length array

Expression classes¶

This table lists subclasses of Expr representing C/C++ expressions.

Example syntax	CodeQL class(es)	Remarks
`{` Expr… `}`	ArrayAggregateLiteral ClassAggregateLiteral
`alignof (` Expr `)`	AlignofExprOperator
`alignof (` Type `)`	AlignofTypeOperator
Expr `[` Expr `]`	ArrayExpr
`__assume (` Expr `)`	AssumeExpr	Microsoft extension
`static_assert (` Expr `,` StringLiteral `)` `_Static_assert (` Expr `,` StringLiteral `)`	StaticAssert	C++11 C11
`__noop;`	BuiltInNoOp	Microsoft extension
Expr `(` Expr… `)`	ExprCall
func `(` Expr… `)` instance `.` func `(` Expr… `)`	FunctionCall
Expr `,` Expr	CommaExpr
`if (` Type arg `=` Expr `)`	ConditionDeclExpr
`(` Type `)` Expr	CStyleCast
`const_cast <` Type `> (` Expr `)`	ConstCast
`dynamic_cast <` Type `> (` Expr `)`	DynamicCast
`reinterpret_cast <` Type `> (` Expr `)`	ReinterpretCast
`static_cast <` Type `> (` Expr `)`	StaticCast
`template < typename...` T `>` `auto` sum `(` T … t `)` `{ return (` t `+ ... + 0 ); }`	FoldExpr	Appears only in uninstantiated templates
`int` func `(` format `, ... );`	FormattingFunctionCall
`[ = ] ( float` b `) -> float` `{ return` captured `*` b `; }`	LambdaExpression	C++11
`^ int ( int` x `, int` y `) {` `{` Stmt… `; return` x `+` y `; }`	BlockExpr	Apple extension
`void ` labelptr* `= &&` label `;`	LabelLiteral	GNU extension; use with ComputedGotoStmt
“%3d %s\n”	FormatLiteral
0xdbceffca	HexLiteral
0167	OctalLiteral
‘c’	CharLiteral
“abcdefgh”, L”wide”	StringLiteral
`new` Type `[` Expr `]`	NewArrayExpr
`new` Type	NewExpr
`delete [ ]` Expr `;`	DeleteArrayExpr
`delete` Expr `;`	DeleteExpr
`noexcept (` Expr `)`	NoExceptExpr
Expr `=` Expr	AssignExpr	See also Initializer
Expr `+=` Expr	AssignAddExpr AssignPointerAddExpr
Expr `/=` Expr	AssignDivExpr
Expr `*=` Expr	AssignMulExpr
Expr `%=` Expr	AssignRemExpr
Expr `-=` Expr	AssignSubExpr AssignPointerSubExpr
Expr `&=` Expr	AssignAndExpr
Expr `<<=` Expr	AssignLShiftExpr
Expr ``	=`` Expr	AssignOrExpr
Expr `>>=` Expr	AssignRShiftExpr
Expr `^=` Expr	AssignXorExpr
Expr `+` Expr	AddExpr PointerAddExpr ImaginaryRealAddExpr RealImaginaryAddExpr	C99 C99
Expr `/` Expr	DivExpr ImaginaryDivExpr	C99
Expr `>?` Expr	MaxExpr	GNU extension
Expr `<?` Expr	MinExpr	GNU extension
Expr `*` Expr	MulExpr ImaginaryMulExpr	C99
Expr `%` Expr	RemExpr
Expr `-` Expr	SubExpr PointerDiffExpr PointerSubExpr ImaginaryRealSubExpr RealImaginarySubExpr	C99 C99
Expr `&` Expr	BitwiseAndExpr
Expr `\|` Expr	BitwiseOrExpr
Expr `^` Expr	BitwiseXorExpr
Expr `<<` Expr	LShiftExpr
Expr `>>` Expr	RShiftExpr
Expr `&&` Expr	LogicalAndExpr
Expr `\|\|` Expr	LogicalOrExpr
Expr `==` Expr	EQExpr
Expr `!=` Expr	NEExpr
Expr `>=` Expr	GEExpr
Expr `>` Expr	GTExpr
Expr `<=` Expr	LEExpr
Expr `<` Expr	LTExpr
Expr `?` Expr `:` Expr	ConditionalExpr
`&` Expr	AddressOfExpr
`*` Expr	PointerDereferenceExpr
Expr `--`	PostfixDecrExpr
`--` Expr	PrefixDecrExpr
Expr `++`	PostfixIncrExpr
`++` Expr	PrefixIncrExpr
`__imag (` Expr `)`	ImaginaryPartExpr	GNU extension
`__real (` Expr `)`	RealPartExpr	GNU extension
`-` Expr	UnaryMinusExpr
`+` Expr	UnaryPlusExpr
`~` Expr	ComplementExpr ConjugationExpr	GNU extension
`!` Expr	NotExpr
`int` vect `__attribute__` `( ( vector_size (` 16 `) ) )` `= {` 3 `,` 8 `,` 32 `,` 33 `};`	VectorFillOperation	GNU extension
`sizeof (` Expr `)`	SizeofExprOperator
`sizeof (` Type `)`	SizeofTypeOperator
`template < typename...` T `>` `int` count `(` T `&&...` t `)` `{ return sizeof... (` t `); }`	SizeofPackOperator
`( {` Stmt… `;` Expr `} )`	StmtExpr	GNU/Clang extension
`this`	ThisExpr
`throw (` Expr `);`	ThrowExpr
`throw;`	ReThrowExpr
`typeid (` Expr `)` `typeid (` Type `)`	TypeidOperator
`__uuidof (` Expr `)`	UuidofOperator	Microsoft extension

Type classes¶

This table lists subclasses of Type representing C/C++ types.

Example syntax	CodeQL class	Remarks
`void`	VoidType
`_Bool` or `bool`	BoolType
`char16_t`	Char16Type	C11, C++11
`char32_t`	Char32Type	C11, C++11
`char`	PlainCharType
`signed char`	SignedCharType
`unsigned char`	UnsignedCharType
`int`	IntType
`long long`	LongLongType
`long`	LongType
`short`	ShortType
`wchar_t`	WideCharType
`nullptr_t`	NullPointerType
`double`	DoubleType
`long double`	LongDoubleType
`float`	FloatType
`auto`	AutoType
`decltype (` Expr `)`	Decltype
Type `[` n `]`	ArrayType
Type `( ^` blockptr `) (` Parameter… `)`	BlockType	Apple extension
Type `( ` funcptr* `) (` Parameter… `)`	FunctionPointerType
Type `( &` funcref `) (` Parameter… `)`	FunctionReferenceType
Type `__attribute__ ( ( vector_size (` n `) ) )`	GNUVectorType
Type `*`	PointerType
Type `&`	LValueReferenceType
Type `&&`	RValueReferenceType
Type `(` Class `::` membptr* `) (` Parameter… `)`	PointerToMemberType
`template < template < typename > class` C `>`	TemplateTemplateParameter
`template < typename` T `>`	TemplateParameter

Preprocessor classes¶

This table lists Preprocessor classes representing C/C++ preprocessing directives.

Example syntax	CodeQL class	Remarks
`#elif` condition	PreprocessorElif
`#if` condition	PreprocessorIf
`#ifdef` macro	PreprocessorIfdef
`#ifndef` macro	PreprocessorIfndef
`#else`	PreprocessorElse
`#endif`	PreprocessorEndif
`#line` line_number file_name	PreprocessorLine
`#pragma` pragma_property	PreprocessorPragma
`#undef` macro	PreprocessorUndef
`#warning` message	PreprocessorWarning
`#error` message	PreprocessorError
`#include` file_name	Include
`#import` file_name	Import	Apple/NeXT extension
`#include_next` file_name	IncludeNext	Apple/NeXT extension
`#define` macro …	Macro