CodeQL documentation
CodeQL resources

CodeQL library for C and C++

When analyzing C or C++ code, you can use the large collection of classes in the CodeQL library for C and C++.

About the CodeQL library for C and C++

There is an extensive library for analyzing CodeQL databases extracted from C/C++ projects. The classes in this library present the data from a database in an object-oriented form and provide abstractions and predicates to help you with common analysis tasks. The library is implemented as a set of QL modules, that is, files with the extension .qll. The module cpp.qll imports all the core C/C++ library modules, so you can include the complete library by beginning your query with:

import cpp

The rest of this topic summarizes the available CodeQL classes and corresponding C/C++ constructs.

Commonly-used library classes

The most commonly used standard library classes are listed below. The listing is broken down by functionality. Each library class is annotated with a C/C++ construct it corresponds to.

Declaration classes

This table lists Declaration classes representing C/C++ declarations.

Example syntax CodeQL class Remarks
int var ; GlobalVariable  
namespace N {float var ;} NamespaceVariable  
int func ( void ) {float var ;} LocalVariable See also Initializer
class C {int var ;} MemberVariable  
int func (const char param ); Function  
template < typename T >
void func ( T param);
 TemplateFunction  
int func (const char* format , ...)
{}
 FormattingFunction  
func < int, float > (); FunctionTemplateInstantiation  
template < typename T >
func < int, T > () {}
 FunctionTemplateSpecialization  
class C {
int func ( float param );};
 MemberFunction  
class C {
int func ( float param ) const;};
 ConstMemberFunction  
class C {virtual int func () {} }; VirtualFunction  
class C {C () {}}; Constructor  
C::operator float () const; ConversionOperator  
class C {~ C ( void ) {}}; Destructor  
class C {
C ( const D & d ) {}};
 ConversionConstructor  
C & C :: operator= (const C & ); CopyAssignmentOperator  
C & C :: operator= ( C && ); MoveAssignmentOperator  
C :: C (const C & ); CopyConstructor  
C :: C ( C && ); MoveConstructor  
C :: C (void); NoArgConstructor Default constructor
enum en { val1 , val2} EnumConstant  
friend void func ( int );
friend class B ;
 FriendDecl  
int func ( void ) {
enum en { val1 , val2};}
 LocalEnum  
class C {
enum en { val1 , val2}}
 NestedEnum  
enum class en : short { val1 , val2} ScopedEnum  
class C {
virtual void func ( int ) = 0;};
 AbstractClass  
template < int , float > class C {}; ClassTemplateInstantiation  
template < > class C < Type > {}; FullClassTemplateSpecialization  
template < typename T >
class C < T , 5 > {};
 PartialClassTemplateSpecialization  
int func ( void ) {class C {};} LocalClass  
class C {class D {};}; NestedClass  
class C {
Type var ;
Type func ( Parameter) {}};
 Class  
struct S {
Type var ;
Type func ( Parameter) {}};
Struct
Class

  
union U {
Type var1 ;
Type var2 ;};
Union
Struct
Class
  
template < typename T >
struct C : T {};
 ProxyClass Appears only in uninstantiated templates
int func ( void ) {
struct S {};}
 LocalStruct  
class C {
struct S {};};
 NestedStruct  
int * func ( void ) {union U {};} LocalUnion  
class C {union U {};}; NestedUnion  
typedef int T ; TypedefType  
int func ( void ) {
typedef int T ;}
 LocalTypedefType  
class C {
typedef int T ;};
 NestedTypedefType  
class V :public B{}; ClassDerivation  
class V :virtual B{}; VirtualClassDerivation  
template < typename T >
class C {};
 TemplateClass  
int foo ( Type param1 , Type param2); Parameter  
template <typename T > T t ; TemplateVariable Since C++14

Statement classes

This table lists subclasses of Stmt representing C/C++ statements.

Example syntax CodeQL class Remarks
__asm__ (" movb %bh, (%eax) "); AsmStmt Specific to a given CPU instruction set
{ Stmt} BlockStmt  
catch ( Parameter ) BlockStmt CatchBlock  
catch ( ... ) BlockStmt CatchAnyBlock  
goto * labelptr ; ComputedGotoStmt GNU extension; use with LabelLiteral
Type i , j ; DeclStmt  
if ( Expr ) Stmt else Stmt IfStmt  
switch ( Expr ) { SwitchCase} SwitchStmt  
do Stmt while ( Expr ) DoStmt  
for ( DeclStmt ; Expr ; Expr ) Stmt ForStmt  
for ( DeclStmt : Expr ) Stmt RangeBasedForStmt  
while ( Expr ) Stmt WhileStmt  
Expr ; ExprStmt  
__try {} __except ( Expr ) {} MicrosoftTryExceptStmt Structured exception handling (SEH) under Windows
__try {} __finally {} MicrosoftTryFinallyStmt Structured exception handling (SEH) under Windows
return Expr ; ReturnStmt  
case Expr : SwitchCase  
try { Stmt} CatchBlockCatchAnyBlock TryStmt  
void func (void) try { Stmt}
CatchBlockCatchAnyBlock
 FunctionTryStmt  
; EmptyStmt  
break; BreakStmt  
continue; ContinueStmt  
goto LabelStmt ; GotoStmt  
slabel : LabelStmt  
float arr [ Expr ] [ Expr ]; VlaDeclStmt C99 variable-length array

Expression classes

This table lists subclasses of Expr representing C/C++ expressions.

Example syntax CodeQL class(es) Remarks
{ Expr}
ArrayAggregateLiteral
ClassAggregateLiteral
  
alignof ( Expr ) AlignofExprOperator  
alignof ( Type ) AlignofTypeOperator  
Expr [ Expr ] ArrayExpr  
__assume ( Expr ) AssumeExpr Microsoft extension
static_assert ( Expr , StringLiteral ) _Static_assert ( Expr , StringLiteral ) StaticAssert
C++11
C11
__noop; BuiltInNoOp Microsoft extension
Expr ( Expr) ExprCall  
func ( Expr)
instance . func ( Expr)
 FunctionCall  
Expr , Expr CommaExpr  
if ( Type arg = Expr ) ConditionDeclExpr  
( Type ) Expr CStyleCast  
const_cast < Type > ( Expr ) ConstCast  
dynamic_cast < Type > ( Expr ) DynamicCast  
reinterpret_cast < Type > ( Expr ) ReinterpretCast  
static_cast < Type > ( Expr ) StaticCast  
template < typename... T >
auto sum ( T t )
{ return ( t + ... + 0 ); }
 FoldExpr Appears only in uninstantiated templates
int func ( format , ... ); FormattingFunctionCall  
[ = ] ( float b ) -> float
{ return captured * b ; }
 LambdaExpression C++11
^ int ( int x , int y ) {
{ Stmt; return x + y ; }
 BlockExpr Apple extension
void * labelptr = && label ; LabelLiteral GNU extension; use with ComputedGotoStmt
“%3d %s\n” FormatLiteral  
0xdbceffca HexLiteral  
0167 OctalLiteral  
‘c’ CharLiteral  
“abcdefgh”, L”wide” StringLiteral  
new Type [ Expr ] NewArrayExpr  
new Type NewExpr  
delete [ ] Expr ; DeleteArrayExpr  
delete Expr ; DeleteExpr  
noexcept ( Expr ) NoExceptExpr  
Expr = Expr AssignExpr See also Initializer
Expr += Expr
AssignAddExpr
AssignPointerAddExpr
  
Expr /= Expr AssignDivExpr  
Expr *= Expr AssignMulExpr  
Expr %= Expr AssignRemExpr  
Expr -= Expr
AssignSubExpr
AssignPointerSubExpr
  
Expr &= Expr AssignAndExpr  
Expr <<= Expr AssignLShiftExpr  
Expr `` =`` Expr AssignOrExpr
Expr >>= Expr AssignRShiftExpr  
Expr ^= Expr AssignXorExpr  
Expr + Expr
AddExpr
PointerAddExpr
ImaginaryRealAddExpr
RealImaginaryAddExpr


C99
C99
Expr / Expr
DivExpr
ImaginaryDivExpr

C99
Expr >? Expr MaxExpr GNU extension
Expr <? Expr MinExpr GNU extension
Expr * Expr
MulExpr
ImaginaryMulExpr

C99
Expr % Expr RemExpr  
Expr - Expr
SubExpr
PointerDiffExpr
PointerSubExpr
ImaginaryRealSubExpr
RealImaginarySubExpr



C99
C99
Expr & Expr BitwiseAndExpr  
Expr | Expr BitwiseOrExpr  
Expr ^ Expr BitwiseXorExpr  
Expr << Expr LShiftExpr  
Expr >> Expr RShiftExpr  
Expr && Expr LogicalAndExpr  
Expr || Expr LogicalOrExpr  
Expr == Expr EQExpr  
Expr != Expr NEExpr  
Expr >= Expr GEExpr  
Expr > Expr GTExpr  
Expr <= Expr LEExpr  
Expr < Expr LTExpr  
Expr ? Expr : Expr ConditionalExpr  
& Expr AddressOfExpr  
* Expr PointerDereferenceExpr  
Expr -- PostfixDecrExpr  
-- Expr PrefixDecrExpr  
Expr ++ PostfixIncrExpr  
++ Expr PrefixIncrExpr  
__imag ( Expr ) ImaginaryPartExpr GNU extension
__real ( Expr ) RealPartExpr GNU extension
- Expr UnaryMinusExpr  
+ Expr UnaryPlusExpr  
~ Expr
ComplementExpr
ConjugationExpr

GNU extension
! Expr NotExpr  
int vect __attribute__
( ( vector_size ( 16 ) ) )
= { 3 , 8 , 32 , 33 };
 VectorFillOperation GNU extension
sizeof ( Expr ) SizeofExprOperator  
sizeof ( Type ) SizeofTypeOperator  
template < typename... T >
int count ( T &&... t )
{ return sizeof... ( t ); }
 SizeofPackOperator  
( { Stmt; Expr } ) StmtExpr GNU/Clang extension
this ThisExpr  
throw ( Expr ); ThrowExpr  
throw; ReThrowExpr  
typeid ( Expr )
typeid ( Type )
 TypeidOperator  
__uuidof ( Expr ) UuidofOperator Microsoft extension

Type classes

This table lists subclasses of Type representing C/C++ types.

Example syntax CodeQL class Remarks
void VoidType  
_Bool or bool BoolType  
char16_t Char16Type C11, C++11
char32_t Char32Type C11, C++11
char PlainCharType  
signed char SignedCharType  
unsigned char UnsignedCharType  
int IntType  
long long LongLongType  
long LongType  
short ShortType  
wchar_t WideCharType  
nullptr_t NullPointerType  
double DoubleType  
long double LongDoubleType  
float FloatType  
auto AutoType  
decltype ( Expr ) Decltype  
Type [ n ] ArrayType  
Type ( ^ blockptr ) ( Parameter) BlockType Apple extension
Type ( * funcptr ) ( Parameter) FunctionPointerType  
Type ( & funcref ) ( Parameter) FunctionReferenceType  
Type __attribute__ ( ( vector_size ( n ) ) ) GNUVectorType  
Type * PointerType  
Type & LValueReferenceType  
Type && RValueReferenceType  
Type ( Class *:: membptr ) ( Parameter) PointerToMemberType  
template < template < typename > class C > TemplateTemplateParameter  
template < typename T > TemplateParameter  

Preprocessor classes

This table lists Preprocessor classes representing C/C++ preprocessing directives.

Example syntax CodeQL class Remarks
#elif condition PreprocessorElif  
#if condition PreprocessorIf  
#ifdef macro PreprocessorIfdef  
#ifndef macro PreprocessorIfndef  
#else PreprocessorElse  
#endif PreprocessorEndif  
#line line_number file_name PreprocessorLine  
#pragma pragma_property PreprocessorPragma  
#undef macro PreprocessorUndef  
#warning message PreprocessorWarning  
#error message PreprocessorError  
#include file_name Include  
#import file_name Import Apple/NeXT extension
#include_next file_name IncludeNext Apple/NeXT extension
#define macro Macro  
  • © GitHub, Inc.
  • Terms
  • Privacy