Creating a Control Flow Graph

Control flow graphs can be created for individual functions and methods in PHP programs, as well as for a top-level script.

The first step is to load an individual Script or a System, which is defined as a map from locations (of PHP files) to scripts (ASTs for the files):

alias System = map[loc fileloc, Script scr];

Here, we load all of Drupal 7.14:

import lang::php::ast::AbstractSyntax;
import lang::php::util::System;
import lang::php::util::Utils;

System sys = loadBinary("Drupal", "7.14");

Several modules should be imported to work with control flow graphs:

import lang::php::analysis::NamePaths;
import lang::php::analysis::cfg::CFG;
import lang::php::analysis::cfg::Label;
import lang::php::analysis::cfg::FlowEdge;

NamePaths includes definitions of name paths, which are lists of name "items" which uniquely identify the names of variables, functions, methods, etc in a script. CFG defines control flow graphs, which include control flow nodes and edges. The nodes are defined in CFG, while the edges are defined in FlowEdge. Label defines labels, which are used to label individual expressions and statements, with edges then going between labels.

With these modules, one can then import the logic used to build a control flow graph:

import lang::php::analysis::cfg::BuildCFG;

This contains a function buildCFG. The buildCFG function then either expects a location of a PHP source file (which it will load for you from disk) or a script (which is in the System map). If you know which file in the System you want to build a CFG for, you could do this:

cfgmap = buildCFGs(sys[l]);

This will generate a map from name paths to control flow graphs, with one graph generated for the top level and one for each function or method in the file.