Description: Control Flow Graph (CFG)

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

CodeSonar can construct control flow graphs (CFGs). With these graphs enabled, you can navigate through a program's control flow structure as well as its dependence structure.

The sequential flow of control through the program is represented by control-flow edges (CFG_EDGE) between points (PDG_VERTEX), a structure known as a control flow graph, or CFG for short.

For example, consider the following example program and its corresponding CFG (with printf() calls collapsed to 'print' points).

/* Return a+b */
static int add(int a, int b){
    return a + b;
}

/* Sum 0 through 10. */
void main()
{
    int sum, i;
    sum = 0;
    i = 1;
    while ( i<11 ) {
        sum = add(sum, i);
        i = add(i, 1);
    }
    printf("sum = %d\n", sum);
    printf("i = %d\n", i);
}

Intraprocedural and Interprocedural CFGs

Each function is associated with an intraprocedural CFG that models control flow between points strictly within the function based on the assumption that all function calls are atomic operations.

The inter-procedural CFG is a single graph that models the control flow between points in the entire project.

Control-Flow Edge

Edges in the CFG are called control flow edges.

Each control-flow edge is labeled: an edge leaving a conditional is labeled either True or False; an edge leaving a switch is labeled with generated strings representing the case; an unconditional edge is labeled True.

Control passes into a function from the last actual-in parameter to be evaluated, and returns from the function's exit point to the next sequential instruction after the call site. The CFG successor of every return statement in a function is the function's unique program point of kind exit.

The order of evaluation of actual parameters is explicit in the CFG, even though this order is not defined by the ANSI C standard, and is compiler specific.

Evaluation is right-to-left (this matches the evaluation order of most popular compilers).
Control flows through actual-in parameters, which in general may contain expressions that must be evaluated, and through actual-out parameters, which represent the assignment of the return value to a temporary variable. Control does not flow through formal parameters.

Language	CFG Edges from a point	Types
Intraprocedural	Interprocedural	CFG Edge	CFG Edge Set
C++	point::cfg_targets()	point::cfg_inter_targets()	typedef cfg_edge	class cfg_edge_set
Python	point.cfg_targets()	point.cfg_inter_targets()	pair (point, edge_label)	class cfg_edge_set
C	cs_pdg_vertex_cfg_targets()	cs_pdg_vertex_cfg_inter_targets()	typedef cs_cfg_edge	typedef cs_cfg_edge_set, typedef cs_const_cfg_edge_set

Language

CFG Edges from a point

Types

Intraprocedural

Interprocedural

CFG Edge

CFG Edge Set

C++

point::cfg_targets()

point::cfg_inter_targets()

typedef cfg_edge

class cfg_edge_set