Generate the whole program CFG?

Hi,all

Since the CFGs generated by clang-cc are for single function,can we
generate a large CFG for the whole program(we expand the callee's CFG in
the main function's CFG)?

1.Has clang offered this function?

2.what we should modify?(It seems that ASTs are also for single
function)

ZhuNan

Hi,all

Since the CFGs generated by clang-cc are for single function,can we
generate a large CFG for the whole program(we expand the callee's CFG in
the main function's CFG)?

1.Has clang offered this function?

There has been a little bit of work in Clang to provide whole-program CFGs. See include/clang/Analysis/CallGraph.h and the "clang-wpa" program (in tools/wpa).

2.what we should modify?(It seems that ASTs are also for single
function)

Each ASTContext holds a single translation unit. A program is made up of several translation units.

  - Doug

Hi ZhuNan,

While we plan on supporting interprocedural analysis, there are no plans to support building whole-program CFGs. Clang's CFGs are meant to be simple data structure that represent the control-flow within a function.

One can simulate a whole program CFG, however, by incrementally constructing CFGs for the functions that are analyzed, and having the analysis engine track the necessary information for call and returns. Any analysis that cares about context-sensitivy of function calls will need to do this anyway. A whole-program CFG also breaks down (or at least gets much more complicated) when one considers function pointers or any form of dynamic dispatch.

A primary motivation for not constructing whole-program CFGs is that it defers to the analysis the decision of what level and kind of inter-procedural analysis to perform. Some interprocedural analyses may use summaries, while others may directly simulate a function call by "inlining" its effects (i.e., constructing the called function's CFG and "stepping into" that function and directly evaluating the effects of its statements).

Ted