Introducing the C/C++ libraries

Overview

There is an extensive QL library for analyzing C/C++ code. The QL classes in this library present the data from a snapshot database in an object-oriented form and provide abstractions and predicates to help you with common analysis tasks. The library is implemented as a set of QL modules, that is, files with the extension .qll. The module cpp.qll imports all the core library modules, so you can include the complete library by beginning your query with:

import cpp

The rest of this topic briefly summarizes the most important QL classes and predicates provided by this library.

You can find related classes and features using the query console’s auto-complete feature. You can also press F3 to jump to the definition of any element (QL library files are opened in new tabs in the console).

Summary of the library classes

The most commonly used standard QL library classes are organized as follows:

Preprocessor logic

  • Include#include directives (defined in the Include.qll library)
  • Macro, MacroInvocation#define directives and uses (defined in the Macro.qll library)
  • PreprocessorIf, PreprocessorElse, PreprocessorIfdef, PreprocessorIfndef, PreprocessorEndif — conditional processing directives (defined in the Preprocessor.qll library)

Symbol table

  • Function — all functions, including member functions (defined in the Function.qll library)
    • MemberFunction
  • Variable (defined in the Variable.qll library)
    • LocalScopeVariable— local variables and parameters
      • Parameter
    • MemberVariable — member variables of classes
    • GlobalOrNamespaceVariable — global variables
  • Type — built-in and user-defined types (defined in the Type.qll library)
    • Class — classes and structs
    • Enum — enums, including scoped enums
    • TypedefType — typedefs
    • ArrayType — arrays
    • PointerType — pointers
    • SpecifiedType — qualifiers such as const, volatile, or restrict
  • Namespace — namespaces (defined in the Namespace.qll library)
    • GlobalNamespace — the global namespace
  • Initializer — initializers for variables (defined in the Initializer.qll library)

Abstract syntax tree

Control flow graph

External data

  • Diagnostic — messages (such as errors or warnings) that were produced by the compiler
  • XMLParent — XML data that was added to the snapshot
    • XMLFile
    • XMLElement
  • ExternalData — any CSV data that has been imported into the snapshot

What next?