### String Substring Extraction (C++) Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/commons/Dependency.qll/type.Dependency%24DependencyOptions Contains predicates for extracting portions of a string. Functions are available to get substrings based on start and end indices, or by specifying a starting or ending point. ```csharp /** * Returns the substring of the receiver ending at the given 0-based exclusive offset. * @param endIndex The 0-based exclusive end index. * @returns The substring from the beginning up to the end index. */ string prefix(int endIndex); /** * Returns the substring of the receiver which starts and ends at the given indices. * Both indices are 0-based. The start index is inclusive and the end index is exclusive. * @param startIndex The 0-based inclusive start index. * @param endIndex The 0-based exclusive end index. * @returns The substring between the specified indices. */ string substring(int startIndex, int endIndex); /** * Returns the substring of the receiver starting at the given 0-based inclusive offset. * @param startIndex The 0-based inclusive start index. * @returns The substring from the start index to the end of the string. */ string suffix(int startIndex); ``` -------------------------------- ### Opcode::VarArgsStart Class Documentation Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/ir/implementation/Opcode.qll/type.Opcode%24Opcode%24VarArgsStart Documentation for the Opcode::VarArgsStart class, its import path, supertypes, and predicates. ```APIDOC ## Class Opcode::VarArgsStart The `Opcode` for a `VarArgsStartInstruction`. See the `VarArgsStartInstruction` documentation for more details. ### Import path `import semmle.code.cpp.ir.IR` ### Direct supertypes * TVarArgsStart * UnaryOpcode ### Indirect supertypes * Opcode * TOpcode ### Predicates * **toString** Gets a textual representation of this element. ### Inherited predicates * **getReadMemoryAccess** Gets the kind of memory access performed by this instruction’s `MemoryOperand`. Holds only for opcodes that read from memory. | from Opcode * **getWriteMemoryAccess** Gets the kind of memory access performed by this instruction’s result. Holds only for opcodes with a memory result. | from Opcode * **hasAddressOperand** Holds if the instruction has an `AddressOperand`. | from Opcode * **hasBufferSizeOperand** Holds if the instruction has a `BufferSizeOperand`. | from Opcode * **hasMayReadMemoryAccess** Holds if the instruction’s read memory access is a `may` read, as opposed to a `must` read. | from Opcode * **hasMayWriteMemoryAccess** Holds if the instruction’s write memory access is a `may` write, as opposed to a `must` write. | from Opcode * **hasOperand** Holds if the instruction must have an operand with the specified `OperandTag`. | from Opcode * **hasOperandInternal** Holds if the instruction must have an operand with the specified `OperandTag`, ignoring `AddressOperandTag` and `BufferSizeOperandTag`. | from UnaryOpcode ``` -------------------------------- ### Get Defining Argument for DefinitionByReferenceNode (C++) Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll/type.DataFlowPrivate%24ReturnNode Retrieves the argument that defines a `DefinitionByReferenceNode`. This is useful for tracking the value of a reference argument after a function call has returned. For example, in `f(&x)`, it gets `&x` for the node representing `x`'s new value. ```ql /** * Gets the argument that defines this `DefinitionByReferenceNode`, if any. This predicate should be used instead of `asExpr` when referring to the value of a reference argument _after_ the call has returned. For example, in `f(&x)`, this predicate will have `&x` as its result for the `Node` that represents the new value of `x`. */ asDefiningArgument() and from Node /** * Gets the argument that defines this `DefinitionByReferenceNode`, if any. */ asDefiningArgument() and from Node ``` -------------------------------- ### C++ Constructor Call Example Source: https://codeql.github.com/codeql-standard-libraries/cpp/cpp.qll/module.cpp Shows an example of calling a C++ constructor to create an object. ```cpp struct S { S(void) {} }; S s; ``` -------------------------------- ### Get Pointer Indirection Level Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/models/interfaces/PointerWrapper.qll/type.PointerWrapper%24PointerWrapper Determines the level of pointer indirection for a given type. For example, a `int**` would have an indirection level of 2. ```codeql /** * Gets the pointer indirection level of this type. */ from Type t select t.getPointerIndirectionLevel() ``` -------------------------------- ### Opcode::InitializeParameter Documentation Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/ir/implementation/Opcode.qll/type.Opcode%24Opcode%24InitializeParameter Detailed documentation for the `Opcode::InitializeParameter` class, including its import path, supertypes, and available predicates for analyzing its properties and behaviors within the CodeQL C/C++ standard libraries. ```APIDOC ## Class Opcode::InitializeParameter The `Opcode` for an `InitializeParameterInstruction`. See the `InitializeParameterInstruction` documentation for more details. ### Import path `import semmle.code.cpp.ir.IR` ### Direct supertypes * IndirectWriteOpcode * TInitializeParameter ### Indirect supertypes * IndirectMemoryAccessOpcode * Opcode * TOpcode ### Predicates | Predicate | Description | |---|---| | toString | Gets a textual representation of this element. | ### Inherited predicates | Predicate | Description | From | |---|---|---| | getReadMemoryAccess | Gets the kind of memory access performed by this instruction’s `MemoryOperand`. Holds only for opcodes that read from memory. | Opcode | | getWriteMemoryAccess | Gets the kind of memory access performed by this instruction’s result. Holds only for opcodes with a memory result. | IndirectWriteOpcode | | hasAddressOperand | Holds if the instruction has an `AddressOperand`. | IndirectMemoryAccessOpcode | | hasBufferSizeOperand | Holds if the instruction has a `BufferSizeOperand`. | Opcode | | hasMayReadMemoryAccess | Holds if the instruction’s read memory access is a `may` read, as opposed to a `must` read. | Opcode | | hasMayWriteMemoryAccess | Holds if the instruction’s write memory access is a `may` write, as opposed to a `must` write. | Opcode | | hasOperand | Holds if the instruction must have an operand with the specified `OperandTag`. | Opcode | | hasOperandInternal | Holds if the instruction must have an operand with the specified `OperandTag`, ignoring `AddressOperandTag` and `BufferSizeOperandTag`. | Opcode | ``` -------------------------------- ### Import CodeQL C/C++ Points-To Library Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/pointsto/PointsTo.qll/module.PointsTo This code snippet shows how to import the necessary CodeQL library for performing points-to analysis on C/C++ code. It requires the `semmle.code.cpp.pointsto.PointsTo` module. ```ql import semmle.code.cpp.pointsto.PointsTo ``` -------------------------------- ### C++ Octal Literal Example Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/exprs/Literal.qll/type.Literal%24OctalLiteral This code snippet demonstrates the usage of an octal literal in C++. Octal literals are numerical constants represented in base-8, always starting with a '0'. This example shows how to assign an octal value to a character variable. ```cpp char esc = 033; ``` -------------------------------- ### ConstructorInit Class Documentation Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/exprs/Call.qll/type.Call%24ConstructorInit Provides detailed information about the ConstructorInit class, including its import path, supertypes, subtypes, and available predicates for C++ code analysis. ```APIDOC ## Class ConstructorInit An initialization of a base class or member variable performed as part of a constructor’s explicit initializer list or implicit actions. This is a QL root class for representing various types of constructor initializations. ### Import path `import cpp` ### Direct supertypes * @ctorinit * Expr ### Indirect supertypes * @cfgnode * @element * @expr * ControlFlowNode * ControlFlowNodeBase * Element * ElementBase * Locatable * StmtParent * TStmtParent ### Known direct subtypes * ConstructorBaseInit * ConstructorFieldInit ### Predicates * **getAPrimaryQlClass**() : string Gets the name of a primary CodeQL class to which this element belongs. * **toString**() : string Gets a textual representation of this expression. ``` -------------------------------- ### Get Name Qualifier Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/Class.qll/type.Class%24ClassTemplateInstantiation Retrieves a name qualifier for a qualifying namespace or user-defined type. For example, given `X::`, this predicate would return `X` as the `NameQualifyingElement`. ```codeql getANameQualifier() :: NameQualifyingElement ``` -------------------------------- ### Get Simple Type Name in C++ Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/Class.qll/type.Class%24TemplateClass Retrieves the simple name of a C++ type, excluding any template parameters. For example, for `myType`, it returns `myType`. ```ql /** * @brief Gets the simple name of this type, without any template parameters. * For example if the name of the type is `"myType"`, the simple name is just `"myType"`. * @return The simple name of the type. */ string getgetSimpleName() { // Implementation details... return ""; } ``` -------------------------------- ### RawOperands Module Overview Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/ir/implementation/internal/TOperand.qll/module.TOperand%24RawOperands Provides an overview of the RawOperands module, its import path, and its functionality. ```APIDOC ## Module RawOperands Provides wrappers for the constructors of each branch of `TOperand` that is used by the raw IR stage. These wrappers are not parameterized because it is not possible to invoke an IPA constructor via a class alias. ### Import path `import semmle.code.cpp.ir.implementation.internal.TOperand` ### Imports Shared| Reexports some branches from `TOperand` so they can be used in stage modules without importing `TOperand` itself. ---|--- ### Predicates chiOperand| Returns the Chi operand with the specified parameters. ---|--- phiOperand| Returns the Phi operand with the specified parameters. reusedPhiOperand| ### Aliases TChiOperand| ---|--- TPhiOperand| ``` -------------------------------- ### Get Function Entry Point Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/exprs/Call.qll/type.Call%24OverloadedPointerDereferenceFunction Retrieves the first node in a function's control flow graph. This is essential for control flow analysis and understanding the start of function execution. It applies to `Function` objects. ```codeql /** * Gets the first node in this function’s control flow graph. * @kind function * @name getEntryPoint * @tags * api-documentation */ getEntryPoint() { // Implementation details would go here } ``` -------------------------------- ### C++ Comment Examples Source: https://codeql.github.com/codeql-standard-libraries/cpp/cpp.qll/module.cpp Demonstrates both C++ style single-line comments and C style multi-line comments. ```cpp // C++ style single-line comment ``` ```cpp /* C style comment */ ``` -------------------------------- ### Opcode::InitializeIndirection Class Documentation Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/ir/implementation/Opcode.qll/type.Opcode%24Opcode%24InitializeIndirection Details about the Opcode::InitializeIndirection class, including its import path, supertypes, and predicates. ```APIDOC ## Class Opcode::InitializeIndirection The `Opcode` for an `InitializeIndirectionInstruction`. See the `InitializeIndirectionInstruction` documentation for more details. ### Import path `import semmle.code.cpp.ir.IR` ### Direct supertypes * EntireAllocationWriteOpcode * TInitializeIndirection ### Indirect supertypes * EntireAllocationAccessOpcode * Opcode * TOpcode ### Predicates | Predicate Name | Description | |-----------------------|-------------------------------------------------------------------------------------------------------| | toString | Gets a textual representation of this element. | ### Inherited predicates | Predicate Name | Description | Source Type | |-----------------------|-------------------------------------------------------------------------------------------------------|----------------------------| | getReadMemoryAccess | Gets the kind of memory access performed by this instruction’s `MemoryOperand`. Holds only for opcodes that read from memory. | Opcode | | getWriteMemoryAccess | Gets the kind of memory access performed by this instruction’s result. Holds only for opcodes with a memory result. | EntireAllocationWriteOpcode| | hasAddressOperand | Holds if the instruction has an `AddressOperand`. | EntireAllocationAccessOpcode| | hasBufferSizeOperand | Holds if the instruction has a `BufferSizeOperand`. | Opcode | | hasMayReadMemoryAccess| Holds if the instruction’s read memory access is a `may` read, as opposed to a `must` read. | Opcode | | hasMayWriteMemoryAccess| Holds if the instruction’s write memory access is a `may` write, as opposed to a `must` write. | Opcode | | hasOperand | Holds if the instruction must have an operand with the specified `OperandTag`. | Opcode | | hasOperandInternal | Holds if the instruction must have an operand with the specified `OperandTag`, ignoring `AddressOperandTag` and `BufferSizeOperandTag`. | Opcode | ``` -------------------------------- ### C Style Multi-line Comment Example Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/Comments.qll/type.Comments%24Comment Illustrates a C style multi-line comment, which starts with '/*' and is also recognized by the CodeQL C++ library. ```csharp /* C style comment */ ``` -------------------------------- ### BuiltInOperationInstruction Class Documentation Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll/type.Instruction%24BuiltInOperationInstruction Provides detailed information about the BuiltInOperationInstruction class, including its import path, supertypes, and fields. ```APIDOC ## Class BuiltInOperationInstruction An instruction representing a built-in operation. This is used to represent a variety of intrinsic operations provided by the compiler implementation, such as vector arithmetic. ### Import path `import semmle.code.cpp.ir.implementation.unaliased_ssa.Instruction` ### Direct supertypes * Instruction ### Indirect supertypes * TStageInstruction ### Known direct subtypes ### Fields | operation | |---|---| ### Predicates | getBuiltInOperation | Gets the language-specific `BuiltInOperation` object that specifies the operation that is performed by this instruction. | |---|---| ``` -------------------------------- ### Get Class Derivation Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/Class.qll/type.Class%24ClassTemplateInstantiation Retrieves the `index`-th class derivation of a class/struct. For example, `public B` in `class D : public A, public B, public C` would be derivation 1. ```codeql getDerivation(int index) :: Class ``` -------------------------------- ### Example Usage of char32_t Type in C++ Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/Type.qll/type.Type%24Char32Type Demonstrates the declaration of a C/C++ char32_t variable. This type is available starting with C11 and C++11. It is part of the 'cpp' import path in CodeQL. ```cpp char32_t c32; ``` -------------------------------- ### BuiltInVarArgsStart Class Documentation Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/exprs/BuiltInOperations.qll/type.BuiltInOperations%24BuiltInVarArgsStart Provides detailed information about the BuiltInVarArgsStart class, including its purpose, inheritance, and predicates for analysis. ```APIDOC ## Class BuiltInVarArgsStart A C/C++ `__builtin_va_start` built-in operation (used by some implementations of `va_start`). ```cpp __builtin_va_list ap; __builtin_va_start(ap, last_named_param); ``` ### Import path `import cpp` ### Direct supertypes * @vastartexpr * VarArgsExpr ### Indirect supertypes * @builtin_op * @cfgnode * @element * @expr * @var_args_expr * BuiltInOperation * ControlFlowNode * ControlFlowNodeBase * Element * ElementBase * Expr * Locatable * StmtParent * TStmtParent ### Predicates - **getAPrimaryQlClass()** Gets the name of a primary CodeQL class to which this element belongs. - **getLastNamedParameter()** Gets the argument that specifies the last named parameter before the ellipsis. - **getVAList()** Gets the `va_list` argument. - **toString()** Gets a textual representation of this expression. ``` -------------------------------- ### Initialization and Uninitialized Values Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll/module.Instruction Instructions related to initialization processes, including groups of allocations and uninitialized values. ```APIDOC ## UninitializedGroupInstruction ### Description An instruction that initializes a set of allocations that are each assigned the same “virtual variable”. ### Method N/A (Represents a code construct) ### Endpoint N/A ### Parameters None ### Request Example N/A ### Response N/A ## UninitializedInstruction ### Description An instruction that returns an uninitialized value. ### Method N/A (Represents a code construct) ### Endpoint N/A ### Parameters None ### Request Example N/A ### Response N/A ``` -------------------------------- ### Get matching #if, #ifdef, or #ifndef directive Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/Preprocessor.qll/type.Preprocessor%24PreprocessorBranchDirective The `getIf` predicate returns the initial preprocessor directive (`#if`, `#ifdef`, or `#ifndef`) that starts a conditional compilation block. This helps in identifying the beginning of a branch. ```codeql getIf() | Gets the `#if`, `#ifdef` or `#ifndef` directive which matches this branching directive. ``` -------------------------------- ### SslContextMethod Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/security/boostorg/asio/protocols.qll/type.protocols%24BoostorgAsio%24SslContextMethod Information about SslContextMethod. ```APIDOC ## SslContextMethod ### Description Represents an SslContextMethod. ### SslContextMethod Represents an SslContextMethod. - **Source Type**: (Implicitly SslContextMethod) ``` -------------------------------- ### Get Function Entry Point Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/MemberFunction.qll/type.MemberFunction%24MoveAssignmentOperator Retrieves the first node in a function's control flow graph. This is essential for control flow analysis and understanding the execution start of a function. ```codeql /** * @brief Gets the first node in this function’s control flow graph. * @from Function */ getEntryPoint() ``` -------------------------------- ### Get Derivation Information of a Class Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/TemplateParameter.qll/type.TemplateParameter%24TemplateTemplateParameterInstantiation Retrieves the `index`-th class derivation of a class/struct. For example, `public B` in `class D : public A, public B, public C { ... };` would be derivation 1. ```ql getDerivation(int index) from Class ``` -------------------------------- ### C++ Compilation Command Example Source: https://codeql.github.com/codeql-standard-libraries/cpp/cpp.qll/module.cpp Shows an example of a compiler invocation command that compiles multiple source files. ```bash g++ file1.cpp file2.cpp file3.cpp ``` -------------------------------- ### Template Instantiation Details Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/Function.qll/type.Function%24DeductionGuide Predicates for retrieving details about template arguments used during instantiation. ```APIDOC ## Inherited Predicates for Template Instantiation Details ### getATemplateArgument - **Description**: Gets a template argument used to instantiate this declaration from a template. When called on a template, this will return a template parameter type for both typed and non-typed parameters. - **Source**: from Declaration ### getATemplateArgumentKind - **Description**: Gets a template argument used to instantiate this declaration from a template. When called on a template, this will return a non-typed template parameter value. - **Source**: from Declaration ``` -------------------------------- ### Get Simple Name of C++ User Type Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/Class.qll/type.Class%24NestedClass Extracts the simple name of a C++ user type, excluding any template parameters. For example, for 'myType', it returns 'myType'. Useful for display and comparison. ```ql userType.getSimpleName() ``` -------------------------------- ### Get Function Entry Point in C++ Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/MemberFunction.qll/type.MemberFunction%24ConversionOperator Identifies the first node in a function's control flow graph. This is crucial for control flow analysis and understanding the function's execution start. ```ql /** * Gets the first node in this function’s control flow graph. * @param Function The function to get the entry point for. * @returns The entry point node of the control flow graph. */ getEntryPoint() : ControlFlowNode ``` -------------------------------- ### Importing C/C++ Parameter Library in CodeQL Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/Parameter.qll/module.Parameter This snippet shows how to import the CodeQL C/C++ parameter library. It requires no external dependencies beyond the standard CodeQL setup for C/C++ analysis. ```codeql import semmle.code.cpp.Parameter ``` -------------------------------- ### C++ Inline Expectations Test Annotation Example Source: https://codeql.github.com/codeql-standard-libraries/cpp/codeql/util/test/InlineExpectationsTest.qll/module.InlineExpectationsTest Illustrates how to annotate C++ source code with expected results for inline expectations tests. Expected results are marked using comments starting with '$', followed by `tag=expected-value`. This example shows single and multiple expectations per comment, including handling of constant values and the result of arithmetic operations. It also covers the syntax for marking spurious and missing results. ```cpp int i = x + 5; // $ const=5 int j = y + (7 - 3) // $ const=7 const=3 const=4 // The result of the subtraction is a constant. // Example with SPURIOUS and MISSING annotations: // $ tag1=value1 SPURIOUS: tag2=value2 MISSING: tag3=value3 ``` -------------------------------- ### Element Predicates Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/exprs/Call.qll/type.Call%24ConstructorDirectInit Predicates for retrieving information about elements, such as their source, location, and enclosing contexts. ```APIDOC ## Inherited predicates ### findRootCause Gets the source of this element: either itself or a macro that expanded to this element. ### fromSource Holds if this element may be from source. This predicate holds for all elements, except for those in the dummy file, whose name is the empty string. The dummy file contains declarations that are built directly into the compiler. ### getEnclosingElement Gets the closest `Element` enclosing this one. ### getFile Gets the primary file where this element occurs. ### getLocation Gets the location of this expression. ### getNameQualifier Gets the name qualifier associated with this element. For example, the name qualifier of `N::f()` is `N`. ``` -------------------------------- ### Instruction Methods Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll/type.Instruction%24ConvertToNonVirtualBaseInstruction This section covers common methods available for all Instruction objects, providing information about their operands, results, and properties. ```APIDOC ## Instruction API Documentation ### Description Provides access to information about an instruction, including its operands, result, and various properties. ### Methods available on `Instruction` and its subclasses: * **getUnconvertedResultExpression** * **Description**: Gets the unconverted form of the `Expr` whose result is computed by this instruction, if any. * **Source**: `Instruction` * **getUniqueId** * **Description**: Gets a string identifier for this function that is unique among all instructions in the same function. * **Source**: `Instruction` * **hasMemoryResult** * **Description**: Holds if this instruction produces a memory result. * **Source**: `Instruction` * **hasResultMayMemoryAccess** * **Description**: Holds if the memory access performed by this instruction’s result will not always write to every bit in the memory location. This is most commonly used for memory accesses that may or may not actually occur depending on runtime state (for example, the write side effect of an output parameter that is not written to on all paths), or for accesses where the memory location is a conservative estimate of the memory that might actually be accessed at runtime (for example, the global side effects of a function call). * **Source**: `Instruction` * **hasSortKeys** * **Description**: INTERNAL: Do not use. * **Source**: `Instruction` * **isGLValue** * **Description**: Holds if the result produced by this instruction is a glvalue. If this holds, the result of the instruction represents the address of a location, and the type of the location is given by `getResultType()`. If this does not hold, the result of the instruction represents a value whose type is given by `getResultType()`. * **Source**: `Instruction` * **isResultConflated** * **Description**: Holds if this is an instruction with a memory result that represents a conflation of more than one memory allocation. * **Source**: `Instruction` * **isResultModeled** * **Description**: Holds if the result of this instruction is precisely modeled in SSA. Always holds for a register result. For a memory result, a modeled result is connected to its actual uses. An unmodeled result has no uses. * **Source**: `Instruction` * **toString** * **Description**: Gets a textual representation of this element. * **Source**: `Instruction` ``` -------------------------------- ### C++ Typeid Operator Example Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/exprs/Cast.qll/type.Cast%24TypeidOperator This snippet demonstrates the usage of the C++ `typeid` operator to obtain run-time type information about a pointer and print its name. It highlights how to get the `std::type_info` object and use the `.name()` method. ```cpp Base *ptr = new Derived; const std::type_info &info1 = typeid(ptr); printf("the type of ptr is: %s\n", typeid(ptr).name()); ``` -------------------------------- ### Type Conversion and Object Handling Instructions Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll/module.Instruction Details on instructions used for type conversions, object address manipulation, and handling object completeness. ```APIDOC ## Type Conversion and Object Handling Instructions This category covers instructions that facilitate type casting, address adjustments, and object structure analysis. ### CheckedConvertOrNullInstruction An instruction that converts the address of a polymorphic object to the address of a different subobject of the same polymorphic object, returning a null address if the dynamic type of the object is not compatible with the result type. - **Method**: Not applicable (CodeQL predicate) - **Endpoint**: Not applicable ### CheckedConvertOrThrowInstruction An instruction that converts the address of a polymorphic object to the address of a different subobject of the same polymorphic object, throwing an exception if the dynamic type of the object is not compatible with the result type. - **Method**: Not applicable (CodeQL predicate) - **Endpoint**: Not applicable ### CompleteObjectAddressInstruction An instruction that returns the address of the complete object that contains the subobject pointed to by its operand. - **Method**: Not applicable (CodeQL predicate) - **Endpoint**: Not applicable ### ConvertInstruction An instruction that converts the value of its operand to a value of a different type. - **Method**: Not applicable (CodeQL predicate) - **Endpoint**: Not applicable ### ConvertToBaseInstruction An instruction that converts from the address of a derived class to the address of a base class. - **Method**: Not applicable (CodeQL predicate) - **Endpoint**: Not applicable ### ConvertToDerivedInstruction An instruction that converts from the address of a base class to the address of a direct non-virtual derived class. - **Method**: Not applicable (CodeQL predicate) - **Endpoint**: Not applicable ### ConvertToNonVirtualBaseInstruction An instruction that converts from the address of a derived class to the address of a direct non-virtual base class. - **Method**: Not applicable (CodeQL predicate) - **Endpoint**: Not applicable ### ConvertToVirtualBaseInstruction An instruction that converts from the address of a derived class to the address of a virtual base class. - **Method**: Not applicable (CodeQL predicate) - **Endpoint**: Not applicable ``` -------------------------------- ### CodeQL C/C++ XmlAttribute Predicate Examples Source: https://codeql.github.com/codeql-standard-libraries/cpp/codeql/xml/Xml.qll/type.Xml%24Make%24XmlAttribute Illustrates the direct use of predicates provided by the `XmlAttribute` class in CodeQL for C/C++. This includes getting the parent element, attribute name, value, and namespace information. ```CodeQL import codeql.xml.Xml from XmlAttribute attr select attr.getElement(), attr.getName(), attr.getValue(), attr.getNamespace(), attr.hasNamespace() ``` -------------------------------- ### Get Indirect Argument for a Node (C++) Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll/type.DataFlowPrivate%24ReturnNode Retrieves the argument going into a function for a node that represents the indirect value of the argument after a number of loads. For example, in `void f(int**); ... f(x);`, `n.asIndirectArgument(1)` represents `*x` and `n.asIndirectArgument(2)` represents `**x`. ```ql /** * Gets the the argument going into a function for a node that represents the indirect value of the argument after any non-zero number of loads. */ asIndirectArgument() and from Node /** * Gets the the argument going into a function for a node that represents the indirect value of the argument after `index` loads. For example, in: `cpp void f(int**); ... int** x = ...; f(x);` The node `n` such that `n.asIndirectArgument(1)` represents the value of `*x` going into `f`, and the node `n` such that `n.asIndirectArgument(2)` represents the value of `**x` going into `f`. */ asIndirectArgument() and from Node ``` -------------------------------- ### Class DeductionGuide Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/Function.qll/type.Function%24DeductionGuide Information about the DeductionGuide class, representing C++ deduction guides. ```APIDOC ## Class DeductionGuide ### Description A C++ deduction guide [N4659 17.9]. ### Import path `import cpp` ### Direct supertypes * Function ### Indirect supertypes * @cfgnode * @declaration * @element * @function * AccessHolder * ControlFlowNode * ControlFlowNodeBase * Declaration * Element * ElementBase * Locatable * TAccessHolder ### Predicates getTemplateClass| Gets the class template for which this is a deduction guide. ``` -------------------------------- ### MakeImpl Module Overview Source: https://codeql.github.com/codeql-standard-libraries/cpp/codeql/dataflow/internal/DataFlowImpl.qll/module.DataFlowImpl%24MakeImpl Provides an overview of the MakeImpl module, including its import path, sub-modules, and module signatures. ```APIDOC ## Module MakeImpl ### Description Provides constructs for data flow computations within the CodeQL C/C++ standard libraries, including default state implementations and methods for constructing data flow computations with pruning and overlay merging. ### Import Path `import codeql.dataflow.internal.DataFlowImpl` ### Sub-Modules - **DefaultState**: Provides default `FlowState` implementations given a `StateConfigSig`. - **Impl**: Constructs a data flow computation given a full input configuration, and an initial stage 1 pruning. - **OverlayImpl**: Constructs a data flow computation given a full input configuration, and an initial stage 1 pruning with merging of overlay and base results. ### Module Signatures - **FullStateConfigSig**: An input configuration for data flow using flow state. This signature equals `StateConfigSig`, but requires explicit implementation of all predicates. ### Parameters | Parameter Name | Type Signature | Description | |---|---|---| | Location | `LocationSig` | Represents a location in the code. | | Lang | `InputSig` | Input signature for the language-specific location handling. | ``` -------------------------------- ### Get Used Interval for Memory Operands (C++) Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/ir/implementation/aliased_ssa/Operand.qll/type.Operand%24LoadOperand Checks if an operand totally overlaps with its definition and consumes a specific bit range relative to the start address of the definition. This is useful for fine-grained memory analysis and register allocation. ```cql /** * @brief Holds if the operand totally overlaps with its definition and consumes the bit range `[startBitOffset, endBitOffset)` relative to the start address of the definition. */ getUsedInterval() | from NonPhiMemoryOperand ``` -------------------------------- ### EQExpr::getAPrimaryQlClass Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/exprs/ComparisonOperation.qll/predicate.ComparisonOperation%24EQExpr%24getAPrimaryQlClass.0 Gets the name of a primary CodeQL class to which this element belongs. For most elements, this is simply the most precise syntactic category to which they belong; for example, `AddExpr` is a primary class, but `BinaryOperation` is not. This predicate can have multiple results if multiple primary classes match. For some elements, this predicate may not have a result. ```APIDOC ## EQExpr::getAPrimaryQlClass ### Description Gets the name of a primary CodeQL class to which this element belongs. For most elements, this is simply the most precise syntactic category to which they belong; for example, `AddExpr` is a primary class, but `BinaryOperation` is not. This predicate can have multiple results if multiple primary classes match. For some elements, this predicate may not have a result. ### Method N/A (This is a predicate, not an API endpoint) ### Endpoint N/A ### Parameters N/A ### Request Example N/A ### Response #### Success Response (200) - **string** - The name of a primary CodeQL class. #### Response Example ``` "AddExpr" "MyCustomClass" ``` ``` -------------------------------- ### CodeQL C/C++ InitializeThis Instruction Opcode Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/ir/implementation/Opcode.qll/type.Opcode%24Opcode%24InitializeThis This snippet describes the Opcode::InitializeThis class, used for InitializeThisInstruction in C/C++ code analysis with CodeQL. It details its import path and relationships to other CodeQL classes. ```CodeQL import semmle.code.cpp.ir.IR /** * The `Opcode` for an `InitializeThisInstruction`. * See the `InitializeThisInstruction` documentation for more details. */ class InitializeThis extends Opcode { InitializeThis() { this instanceof InitializeThisInstruction } /** Gets a textual representation of this element. */ string toString() { "InitializeThis" = result } } ``` -------------------------------- ### PointerToMemberBaseClassConversion::getAPrimaryQlClass Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/exprs/Cast.qll/predicate.Cast%24PointerToMemberBaseClassConversion%24getAPrimaryQlClass.0 Gets the name of a primary CodeQL class to which this element belongs. For most elements, this is simply the most precise syntactic category to which they belong; for example, AddExpr is a primary class, but BinaryOperation is not. This predicate can have multiple results if multiple primary classes match. For some elements, this predicate may not have a result. ```APIDOC ## Member predicate PointerToMemberBaseClassConversion::getAPrimaryQlClass ### Description Gets the name of a primary CodeQL class to which this element belongs. For most elements, this is simply the most precise syntactic category to which they belong; for example, `AddExpr` is a primary class, but `BinaryOperation` is not. This predicate can have multiple results if multiple primary classes match. For some elements, this predicate may not have a result. ### Method `string getAPrimaryQlClass()` ### Endpoint N/A (This is a library predicate, not an API endpoint) ### Parameters None ### Request Example N/A ### Response #### Success Response (200) - **string** - The name of a primary CodeQL class. #### Response Example ``` "AddExpr" ``` ``` -------------------------------- ### C++ ConstructorDirectInit Example Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/exprs/Call.qll/type.Call%24ConstructorDirectInit Demonstrates the usage of a direct base class constructor call within a C++ constructor's initializer list. This pattern is relevant to the 'ConstructorDirectInit' concept in CodeQL. ```cpp struct S { int a; S(int b): a(b) {} }; struct T: S { T(): S(33) {} // S(33) is a constructor call }; ``` -------------------------------- ### Instruction Methods Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/ir/implementation/raw/Instruction.qll/type.Instruction%24MulInstruction Provides details on methods for querying instruction properties and results. ```APIDOC ## GET /instruction ### Description Retrieves information about various properties and characteristics of an instruction. ### Method GET ### Endpoint /instruction ### Parameters #### Query Parameters - **method** (string) - Required - The name of the instruction method to call (e.g., `getUnconvertedResultExpression`, `hasMemoryResult`, `isGLValue`). #### Request Body None ### Request Example ```http GET /instruction?method=hasMemoryResult ``` ### Response #### Success Response (200) - **result** (boolean/string/object) - The result of the called instruction method. #### Response Example ```json { "result": true } ``` ## Instruction Methods Details: ### `getUnconvertedResultExpression` Gets the unconverted form of the `Expr` whose result is computed by this instruction, if any. ### `getUniqueId` Gets a string identifier for this function that is unique among all instructions in the same function. ### `hasMemoryResult` Holds if this instruction produces a memory result. ### `hasOperands` Holds if this instruction’s operands are `op1` and `op2`, in either order. (Specific to `BinaryInstruction`) ### `hasResultMayMemoryAccess` Holds if the memory access performed by this instruction’s result will not always write to every bit in the memory location. This is most commonly used for memory accesses that may or may not actually occur depending on runtime state (for example, the write side effect of an output parameter that is not written to on all paths), or for accesses where the memory location is a conservative estimate of the memory that might actually be accessed at runtime (for example, the global side effects of a function call). ### `hasSortKeys` INTERNAL: Do not use. ### `isGLValue` Holds if the result produced by this instruction is a glvalue. If this holds, the result of the instruction represents the address of a location, and the type of the location is given by `getResultType()`. If this does not hold, the result of the instruction represents a value whose type is given by `getResultType()`. ### `isResultConflated` Holds if this is an instruction with a memory result that represents a conflation of more than one memory allocation. ### `isResultModeled` Holds if the result of this instruction is precisely modeled in SSA. Always holds for a register result. For a memory result, a modeled result is connected to its actual uses. An unmodeled result has no uses. ### `toString` Gets a textual representation of this element. ``` -------------------------------- ### RealPartExpr::getAPrimaryQlClass Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/exprs/ArithmeticOperation.qll/predicate.ArithmeticOperation%24RealPartExpr%24getAPrimaryQlClass.0 Gets the name of a primary CodeQL class to which this element belongs. For most elements, this is simply the most precise syntactic category to which they belong; for example, `AddExpr` is a primary class, but `BinaryOperation` is not. This predicate can have multiple results if multiple primary classes match. For some elements, this predicate may not have a result. ```APIDOC ## RealPartExpr::getAPrimaryQlClass ### Description Gets the name of a primary CodeQL class to which this element belongs. For most elements, this is simply the most precise syntactic category to which they belong; for example, `AddExpr` is a primary class, but `BinaryOperation` is not. This predicate can have multiple results if multiple primary classes match. For some elements, this predicate may not have a result. ### Method N/A (This is a predicate, not an API endpoint) ### Endpoint N/A ### Parameters N/A ### Request Example N/A ### Response #### Success Response - **string** - The name of a primary CodeQL class. #### Response Example ``` "AddExpr" ``` ``` -------------------------------- ### Instruction Methods Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/ir/implementation/raw/Instruction.qll/type.Instruction%24ConvertToVirtualBaseInstruction This section details methods for inspecting instruction properties, results, and behavior. ```APIDOC ## Instruction API ### Methods - **getUnaryOperand()** - **Description**: Gets the sole operand of this instruction. - **Source**: `UnaryInstruction` - **getUnconvertedResultExpression()** - **Description**: Gets the unconverted form of the `Expr` whose result is computed by this instruction, if any. - **Source**: `Instruction` - **getUniqueId()** - **Description**: Gets a string identifier for this function that is unique among all instructions in the same function. - **Source**: `Instruction` - **hasMemoryResult()** - **Description**: Holds if this instruction produces a memory result. - **Source**: `Instruction` - **hasResultMayMemoryAccess()** - **Description**: Holds if the memory access performed by this instruction’s result will not always write to every bit in the memory location. This is most commonly used for memory accesses that may or may not actually occur depending on runtime state (for example, the write side effect of an output parameter that is not written to on all paths), or for accesses where the memory location is a conservative estimate of the memory that might actually be accessed at runtime (for example, the global side effects of a function call). - **Source**: `Instruction` - **hasSortKeys()** - **Description**: INTERNAL: Do not use. - **Source**: `Instruction` - **isGLValue()** - **Description**: Holds if the result produced by this instruction is a glvalue. If this holds, the result of the instruction represents the address of a location, and the type of the location is given by `getResultType()`. If this does not hold, the result of the instruction represents a value whose type is given by `getResultType()`. - **Source**: `Instruction` - **isResultConflated()** - **Description**: Holds if this is an instruction with a memory result that represents a conflation of more than one memory allocation. - **Source**: `Instruction` - **isResultModeled()** - **Description**: Holds if the result of this instruction is precisely modeled in SSA. Always holds for a register result. For a memory result, a modeled result is connected to its actual uses. An unmodeled result has no uses. - **Source**: `Instruction` - **toString()** - **Description**: Gets a textual representation of this element. - **Source**: `Instruction` ``` -------------------------------- ### RealImaginaryAddExpr::getAPrimaryQlClass Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/exprs/ArithmeticOperation.qll/predicate.ArithmeticOperation%24RealImaginaryAddExpr%24getAPrimaryQlClass.0 Gets the name of a primary CodeQL class to which this element belongs. For most elements, this is simply the most precise syntactic category to which they belong; for example, `AddExpr` is a primary class, but `BinaryOperation` is not. This predicate can have multiple results if multiple primary classes match. For some elements, this predicate may not have a result. ```APIDOC ## Member predicate RealImaginaryAddExpr::getAPrimaryQlClass ### Description Gets the name of a primary CodeQL class to which this element belongs. For most elements, this is simply the most precise syntactic category to which they belong; for example, `AddExpr` is a primary class, but `BinaryOperation` is not. This predicate can have multiple results if multiple primary classes match. For some elements, this predicate may not have a result. ### Method N/A (Predicate within a library) ### Endpoint N/A ### Parameters #### Path Parameters N/A #### Query Parameters N/A #### Request Body N/A ### Request Example N/A ### Response #### Success Response (200) - **string** - The name of a primary CodeQL class. #### Response Example ``` "AddExpr" ``` ``` -------------------------------- ### RequiresExpr::getAPrimaryQlClass Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/Concept.qll/predicate.Concept%24RequiresExpr%24getAPrimaryQlClass.0 Gets the name of a primary CodeQL class to which this element belongs. For most elements, this is simply the most precise syntactic category to which they belong; for example, `AddExpr` is a primary class, but `BinaryOperation` is not. This predicate can have multiple results if multiple primary classes match. For some elements, this predicate may not have a result. ```APIDOC ## Member predicate RequiresExpr::getAPrimaryQlClass ### Description Gets the name of a primary CodeQL class to which this element belongs. For most elements, this is simply the most precise syntactic category to which they belong; for example, `AddExpr` is a primary class, but `BinaryOperation` is not. This predicate can have multiple results if multiple primary classes match. For some elements, this predicate may not have a result. ### Method `string getAPrimaryQlClass()` ### Endpoint N/A (This is a predicate within the CodeQL library, not an API endpoint) ### Parameters None ### Request Example ``` // Example usage within a CodeQL query: from RequiresExpr re select re.getAPrimaryQlClass() ``` ### Response #### Success Response - **string**: The name of a primary CodeQL class. #### Response Example ``` "AddExpr" ``` ``` -------------------------------- ### CodeQL C/C++ DeclarationEntry Example Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/Declaration.qll/type.Declaration%24DeclarationEntry This example demonstrates a C++ code snippet that contains five declaration entries: a global variable, a local variable, a typedef, and two function declarations (one with a definition). These are all examples of DeclarationEntry in CodeQL. ```cpp extern int myGlobal; int myVariable; typedef char MyChar; void myFunction(); void myFunction() { // ... } ``` -------------------------------- ### Get Used Interval for Non-Phi Memory Operand in C++ with CodeQL Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/ir/implementation/unaliased_ssa/Operand.qll/type.Operand%24ChiPartialOperand Checks if an operand totally overlaps with its definition and specifies the bit range used relative to the definition's start address. Applicable to non-phi memory operands. ```codeql /** * @brief Holds if the operand totally overlaps with its definition and consumes the bit range `[startBitOffset, endBitOffset)` relative to the start address of the definition. * @from NonPhiMemoryOperand */ predicate getUsedInterval() { // Implementation details... } ``` -------------------------------- ### Charpred - InitializeDynamicAllocationInstruction Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll/type.Instruction%24InitializeDynamicAllocationInstruction Details about initializing dynamic allocation instructions within the Charpred context. ```APIDOC ## InitializeDynamicAllocationInstruction Charpred ### Description This section pertains to the initialization of dynamic allocation instructions within the Charpred context. Further details on specific predicates or methods are not provided in the input. ### Method N/A (Class/Type description) ### Endpoint Charpred ### Parameters N/A ### Request Example N/A ### Response N/A #### Response Example N/A ``` -------------------------------- ### Importing the C/C++ File Module in CodeQL Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/File.qll/module.File Demonstrates how to import the 'File' module from the CodeQL C/C++ standard libraries. This module provides access to classes representing files and folders within the build process. ```codeql import semmle.code.cpp.File ``` -------------------------------- ### Get Generating Macro for ComputedGotoStmt in C++ Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/stmts/Stmt.qll/predicate.Stmt%24ComputedGotoStmt%24getGeneratingMacro.0 This predicate, `ComputedGotoStmt::getGeneratingMacro`, retrieves the macro invocation that directly generates the entire statement. Unlike `isInMacroExpansion()`, it does not require the macro to generate the terminating semicolon. The example demonstrates its application with nested macros. ```c++ #define SOMEFUN a() #define FOO do { SOMEFUN; b(); } while (0) void f(void) { FOO; } ``` -------------------------------- ### Make::XmlLocatable Class Source: https://codeql.github.com/codeql-standard-libraries/cpp/codeql/xml/Xml.qll/type.Xml%24Make%24XmlLocatable Documentation for the `Make::XmlLocatable` class, including its import path, supertypes, and available predicates. ```APIDOC ## Class Make::XmlLocatable An XML element that has a location. ### Import path `import codeql.xml.Xml` ### Direct supertypes * XmlLocatableBase ### Predicates * **getLocation** Gets the location of this element. * **hasLocationInfo** Holds if this element is at the specified location. The location spans column `startcolumn` of line `startline` to column `endcolumn` of line `endline` in file `filepath`. For more information, see Locations. * **toString** Gets a textual representation of this element. ``` -------------------------------- ### Get Instruction Result Language Type (C++) Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/ir/implementation/raw/Instruction.qll/predicate.Instruction%24Instruction%24getResultLanguageType.0 Retrieves the language-specific type of the result produced by a C++ instruction. Most consumers should use getResultIRType() for a language-neutral type system. Example types include 'unsigned int', 'char32_t', and 'wchar_t'. ```ql /** * Gets the language-specific type of the result produced by this instruction. * Most consumers of the IR should use `getResultIRType()` instead. */ LanguageType getResultLanguageType() ``` -------------------------------- ### Get Greater Operand for Relational Instruction in CodeQL Source: https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll/type.Instruction%24CompareLEInstruction This predicate retrieves the operand that represents the 'greater' or 'greater-or-equal' side of a relational instruction. For example, in 'x <= 20', this predicate would return '20'. It is useful for analyzing the bounds or conditions within comparisons. ```codeql getGreater| Gets the operand on the “greater” (or “greater-or-equal”) side of this relational instruction, that is, the side that is larger if the overall instruction evaluates to `true`; for example on `x <= 20` this is the `20`, and on `y > 0` it is `y`. ```