Getting Control Flow Graph from ANSI C code
I'm building tool for testing ansi c applications. Simply load code, view control flow graph, run test, mark all vertexes which was hit. I'm trying to build CFG all by myself from parsing code. Unfortunately It gets messed up if code is nested. GCC gives ability to get CFG from compiled code. I might write parser for its output, but I need line numbers for setting breakpoints. Is there way for getting line numbers when outputting Control Flow Graph with -fdump-tree-cfg or -fdump-tree-vcg?
Answer
For the control flow graph of a C Program you could look at existing Python parsers for C:
- PyCParser
- pycparser
- pyclibrary (fork of pyclibrary )
- joern
- CoFlo C/C++ control flow graph generator and analyzer
Call graphs are a closely related construct to control flow graphs. There are several approaches available to create call graphs (function dependencies) for C code. This might prove of help for progressing with control flow graph generation. Ways to create dependency graphs in C:
Using cflow:
- cflow +pycflow2dot +dot (GPL, BSD) cflow is robust, because it can handle code which cannot compile, e.g. missing includes. If preprocessor directives are heavily used, it may need the
--cppoption to preprocess the code. - cflow + cflow2dot + dot (GPL v2, GPL v3, Eclipse Public License (EPL) v1) (note that cflow2dot needs some path fixing before it works)
- cflow +cflow2dot.bash (GPL v2, ?)
- cflow +cflow2vcg (GPL v2 , GPL v2)
- enhanced cflow (GPL v2) with list to exclude symbols from graph
- cflow +pycflow2dot +dot (GPL, BSD) cflow is robust, because it can handle code which cannot compile, e.g. missing includes. If preprocessor directives are heavily used, it may need the
Using cscope:
- cscope (BSD)
- cscope +callgraphviz +dot +xdot
- cscope +vim CCTree (C Call-Tree Explorer)
- cscope +ccglue
- cscope +CodeQuery for C, C++, Python & Java
- cscope +Python html producer
- cscope +calltree.sh
ncc (cflow like)
- KCachegrind (KDE dependency viewer)
- Calltree
The following tools unfortunately require that the code be compilable, because they depend on output from gcc:
- CodeViz (GPL v2) (weak point: needs compilable source, because it uses gcc to dump cdepn files)
- gcc +egypt +dot (GPL v*, Perl = GPL | Artistic license, EPL v1) (
egyptusesgccto produceRTL, so fails for any buggy source code, or even in case you just want to focus on a single file from a larger project. Therefore, it is not very useful compared to the more robustcflow-based toolchains. Note that egypt has by default good support for excluding library calls from the graph, to make it cleaner.
Also, file dependency graphs for C/C++ can be created with crowfood.