io.joern.x2cpg.passes.controlflow.cfgcreation
Members list
Type members
Classlikes
A control flow graph that is under construction, consisting of:
A control flow graph that is under construction, consisting of:
Attributes
- breaks
unresolved breaks collected along the way together with an integer value which indicates the number of loop/switch levels to break
- caseLabels
labels beginning with "case"
- continues
unresolved continues collected along the way together with an integer value which indicates the number of loop/switch levels after which to continue
- edges
control flow edges between nodes of the code property graph.
- entryNode
the control flow graph's first node, that is, the node to which a CFG that appends this CFG should attach itself to.
- fringe
nodes of the CFG for which an outgoing edge type is already known but the destination node is not. These nodes are connected when another CFG is appended to this CFG. In addition to these three core building blocks, we store labels and jump statements that have not been resolved and may be resolvable as parent sub trees or sibblings are translated.
- jumpsToLabel
unresolved gotos, labeled break and labeld continues collected along the way
- labeledNodes
labels contained in the abstract syntax tree from which this CPG was generated
- Companion:
- object
- Graph
- Supertypes
- trait Serializabletrait Producttrait Equalsclass Objecttrait Matchableclass Any
Translation of abstract syntax trees into control flow graphs
Translation of abstract syntax trees into control flow graphs
The problem of translating an abstract syntax tree into a corresponding control flow graph can be formulated as a recursive problem in which sub trees of the syntax tree are translated and their corresponding control flow graphs are connected according to the control flow semantics of the root node. For example, consider the abstract syntax tree for an if-statement:
( if )
/ \
(x < 10) (x += 1)
/ \ / \
x 10 x 1
This tree can be translated into a control flow graph, by translating the sub tree rooted in x < 10
and that of
x+= 1
and connecting their control flow graphs according to the semantics of if
:
[x < 10]----
|t f|
[x +=1 ] |
|
The semantics of if dictate that the first sub tree to the left is a condition, which is connected to the CFG of the
second sub tree - the body of the if statement - via a control flow edge with the true
label (indicated in the
illustration by t
), and to the CFG of any follow-up code via a false
edge (indicated by f
).
A problem that becomes immediately apparent in the illustration is that the result of translating a sub tree may leave us with edges for which a source node is known but the destination node depends on parents or siblings that were not considered in the translation. For example, we know that an outgoing edge from [x<10] must exist, but we do not yet know where it should lead. We refer to the set of nodes of the control flow graph with outgoing edges for which the destination node is yet to be determined as the "fringe" of the control flow graph.
Attributes
- Companion:
- object
- Graph
- Supertypes
- class Objecttrait Matchableclass Any
Attributes
- Companion:
- class
- Graph
- Supertypes
- class Objecttrait Matchableclass Any
- Self type
- CfgCreator.type
Attributes
- Graph
- Supertypes
- trait Serializabletrait Producttrait Equalsclass Objecttrait Matchableclass Any