semanticcpg apidocs/io.joern.x2cpg.passes.controlflow.cfgcreation

io.joern.x2cpg.passes.controlflow.cfgcreation

package io.joern.x2cpg.passes.controlflow.cfgcreation

Type members

Classlikes

case class Cfg(entryNode: Option[CfgNode], edges: List[CfgEdge], fringe: List[(CfgNode, CfgEdgeType)], labeledNodes: Map[String, CfgNode], breaks: List[CfgNode], continues: List[CfgNode], caseLabels: List[CfgNode], jumpsToLabel: List[(CfgNode, String)])

A control flow graph that is under construction, consisting of:

A control flow graph that is under construction, consisting of:

Value parameters:
breaks

unresolved breaks collected along the way

caseLabels

labels beginning with "case"

continues

unresolved continues collected along the way

edges

control flow edges between nodes of the code property graph.

entryNode

the control flow graph's first node, that is, the node to which a CFG that appends this CFG should attach itself to.

fringe

nodes of the CFG for which an outgoing edge type is already known but the destination node is not. These nodes are connected when another CFG is appended to this CFG. In addition to these three core building blocks, we store labels and jump statements that have not been resolved and may be resolvable as parent sub trees or sibblings are translated.

jumpsToLabel

unresolved gotos, labeled break and labeld continues collected along the way

labeledNodes

labels contained in the abstract syntax tree from which this CPG was generated

Companion:
object
object Cfg
Companion:
class
class CfgCreator(entryNode: Method, diffGraph: DiffGraphBuilder)

Translation of abstract syntax trees into control flow graphs

Translation of abstract syntax trees into control flow graphs

The problem of translating an abstract syntax tree into a corresponding control flow graph can be formulated as a recursive problem in which sub trees of the syntax tree are translated and their corresponding control flow graphs are connected according to the control flow semantics of the root node. For example, consider the abstract syntax tree for an if-statement:

             (  if )
            /       \
        (x < 10)  (x += 1)
          / \       / \
         x  10     x   1

This tree can be translated into a control flow graph, by translating the sub tree rooted in x < 10 and that of x += 1 and connecting their control flow graphs according to the semantics of if:

          [x < 10]----
             |t     f|
          [x +=1 ]   |
             |

The semantics of if dictate that the first sub tree to the left is a condition, which is connected to the CFG of the second sub tree - the body of the if statement - via a control flow edge with the true label (indicated in the illustration by t), and to the CFG of any follow-up code via a false edge (indicated by f).

A problem that becomes immediately apparent in the illustration is that the result of translating a sub tree may leave us with edges for which a source node is known but the destination node depends on parents or siblings that were not considered in the translation. For example, we know that an outgoing edge from [x<10] must exist, but we do not yet know where it should lead. We refer to the set of nodes of the control flow graph with outgoing edges for which the destination node is yet to be determined as the "fringe" of the control flow graph.

Companion:
object
object CfgCreator
Companion:
class
case class CfgEdge(src: CfgNode, dst: CfgNode, edgeType: CfgEdgeType)