semanticcpg apidocs/io.joern.x2cpg.passes.controlflow.cfgcreation

io.joern.x2cpg.passes.controlflow.cfgcreation

package io.joern.x2cpg.passes.controlflow.cfgcreation

Members list

Concise view

Type members

Classlikes

A control flow graph that is under construction, consisting of:

Attributes

breaks: unresolved breaks collected along the way together with an integer value which indicates the number of loop/switch levels to break
caseLabels: labels beginning with "case"
continues: unresolved continues collected along the way together with an integer value which indicates the number of loop/switch levels after which to continue
edges: control flow edges between nodes of the code property graph.
entryNode: the control flow graph's first node, that is, the node to which a CFG that appends this CFG should attach itself to.
fringe: nodes of the CFG for which an outgoing edge type is already known but the destination node is not. These nodes are connected when another CFG is appended to this CFG. In addition to these three core building blocks, we store labels and jump statements that have not been resolved and may be resolvable as parent sub trees or sibblings are translated.
jumpsToLabel: unresolved gotos, labeled break and labeld continues collected along the way
labeledNodes: labels contained in the abstract syntax tree from which this CPG was generated
Companion:: object
Graph
Supertypes: trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any

Attributes

Companion:: class
Graph
Supertypes: trait Product
trait Mirror
class Object
trait Matchable
class Any
Self type: Cfg.type

Translation of abstract syntax trees into control flow graphs

The problem of translating an abstract syntax tree into a corresponding control flow graph can be formulated as a recursive problem in which sub trees of the syntax tree are translated and their corresponding control flow graphs are connected according to the control flow semantics of the root node. For example, consider the abstract syntax tree for an if-statement:

             (  if )
            /       \
        (x < 10)  (x += 1)
          / \       / \
         x  10     x   1

This tree can be translated into a control flow graph, by translating the sub tree rooted in x < 10 and that of x+= 1 and connecting their control flow graphs according to the semantics of if:

          [x < 10]----
             |t     f|
          [x +=1 ]   |
             |

The semantics of if dictate that the first sub tree to the left is a condition, which is connected to the CFG of the second sub tree - the body of the if statement - via a control flow edge with the true label (indicated in the illustration by t), and to the CFG of any follow-up code via a false edge (indicated by f).

A problem that becomes immediately apparent in the illustration is that the result of translating a sub tree may leave us with edges for which a source node is known but the destination node depends on parents or siblings that were not considered in the translation. For example, we know that an outgoing edge from [x<10] must exist, but we do not yet know where it should lead. We refer to the set of nodes of the control flow graph with outgoing edges for which the destination node is yet to be determined as the "fringe" of the control flow graph.

Attributes

Companion:: object
Graph
Supertypes: class Object
trait Matchable
class Any

Attributes

Companion:: class
Graph
Supertypes: class Object
trait Matchable
class Any
Self type: CfgCreator.type

Attributes

Graph
Supertypes: trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any

Generated with