The document presents 'ast2cfg', a framework for control flow graph (CFG) analysis and visualization of Ada programs. It details how CFGs are constructed from Ada's abstract syntax tree (AST) and discusses software components like ast2cfg and cfg2dot, which facilitate this process. The framework aims to enhance Ada program analysis and optimization, supported by examples and a live demonstration.

1. Ast2Cfg - A Framework for CFG-Based Analysis
and Visualisation of Ada Programs
Georg Kienesberger - Vienna University of Technology
FOSDEM’09
Free and Open Source Software Developers’ European Meeting
7-8 February 2009 - Brussels, Belgium
These slides are licensed under a Creative Commons Attribution-Share Alike 3.0 Austria License. http://creativecommons.org 1

2. 1 Overview
2 CFG and AST
3 The Software
4 Live Demonstration of Ast2Cfg, Cfg2Dot
5 Examples
2

3. Overview
• Control Flow Graph (CFG) used in many
analysis/optimisation methods
3

4. Overview
• Control Flow Graph (CFG) used in many
analysis/optimisation methods
• ISO/IEC 15291:1999 - Ada Semantic Interface Specification
(ASIS) implemented by ASIS-for-GNAT
3

5. Overview
• Control Flow Graph (CFG) used in many
analysis/optimisation methods
• ISO/IEC 15291:1999 - Ada Semantic Interface Specification
(ASIS) implemented by ASIS-for-GNAT
• traverse Abstract Syntax Tree (AST) and build CFG
3

6. Overview
• Control Flow Graph (CFG) used in many
analysis/optimisation methods
• ISO/IEC 15291:1999 - Ada Semantic Interface Specification
(ASIS) implemented by ASIS-for-GNAT
• traverse Abstract Syntax Tree (AST) and build CFG
• Framework
3

7. Control Flow Graph (CFG)
• directed graph
• nodes represent statements
• There is an edge from node u to node v if v can follow u in
some execution sequence.
• unique start node called root or initial node
4

8. Example: The Source Code
procedure Test is
A: array (1 .. 3) of Natural;
S: Natural;
K: Natural;
begin
A := (1,2,3);
S := 0;
K := A’First;
loop
if K <= A’Last then
S := S + A(K);
K := K + 1;
else
exit;
end if;
end loop;
end Test;
5

9. Example: The Control Flow Graph (CFG)
A := (1,2,3);
S := 0;
K := A’First;
loop
if K <= A’Last
S := S + A(K);
exit;
K := K + 1;
end if;
end loop;
6

10. Example: The Control Flow Graph (CFG)
A := (1,2,3);
S := 0;
K := A’First;
loop
if K <= A’Last
S := S + A(K);
exit;
K := K + 1;
end if;
end loop;
6

11. Example: The Control Flow Graph (CFG)
A := (1,2,3);
S := 0;
K := A’First;
loop
if K <= A’Last
S := S + A(K);
exit;
K := K + 1;
end if;
end loop;
6

12. Example: The ASIS Abstract Syntax Tree (AST) - 1
7

13. Example: The ASIS Abstract Syntax Tree (AST) - 1
7

14. Example: The ASIS Abstract Syntax Tree (ASIS) - 2
8

15. Example: The ASIS Abstract Syntax Tree (ASIS) - 3
9

16. Example: The ASIS Abstract Syntax Tree (AST) - 4
10

17. The Software
• Ast2Cfg - the framework, designed as a library
• Cfg2Dot - uses Ast2Cfg, outputs the CFG structure in dot
format
• Ast2Dot - uses ASIS directly to output the AST in dot format
• available under GPLv2 (Ast2Dot) or GPLv3 (Ast2Cfg,
Cfg2Dot)
11

18. The Structure of the Transformation Process
Transformation
Pre Op
Traversal
.adt
Post
Child Has Finished
File
AST Post Op
Structure CFG
12

19. Flow World: The Main Data Structure
• World Object
13

20. Flow World: The Main Data Structure
• World Object
• Flow Object
• Pkg Object
• CFG Object
• Node Object
13

21. Flow World: The Main Data Structure
• World Object
• Flow Object
• Pkg Object
• CFG Object
• Node Object
• Pkg/CFG Tree (implicit structure)
13

22. Example: Pkg/CFG Tree
Default_PKG
(body)
procedure Outer CFG is
package Outer Pkg is
end Outer Pkg;
Outer_CFG
package body Outer Pkg is
(body)
package Inner Pkg is
end Inner Pkg;
procedure Inner CFG is
begin Outer_Pkg Outer_Pkg
end Inner CFG; (spec) (body)
end Outer Pkg;
begin
end Outer CFG; Inner_Pkg Inner_CFG
(spec) (body)
14

23. Flow World: The Main Data Structure (contd.)
• World Object
• Flow Object
• Pkg Object
• CFG Object
• Node Object
• Pkg/CFG Tree (implicit structure)
• Parameter Tree (saved in nodes)
15

24. Example: Parameter Tree
Assignment Node 1.3.9:
Idents: V,FuncA,FuncA,FuncB
V(FuncA(X)) := FuncA(FuncB(0,Y));
Parameter Node 1.3.8: Parameter Node 1.3.13: Node 1.3.19:
ASSIGN/LHS ASSIGN/RHS CFG END
V: array(a..b)
of Integer; Parameter Node 1.3.10: Parameter Call Node 1.3.14:
Variable: V Dest: FuncA
V(FuncA(X)) := IDX/COMP FUNC/PARAM/ROOT
FuncA(FuncB(0,Y));
Parameter Call Node 1.3.11: Parameter Call Node 1.3.16:
Dest: FuncA Dest: FuncB
FUNC/PARAM/ROOT FUNC/PARAM/ROOT
Parameter Node 1.3.12: Parameter Node 1.3.17: Parameter Node 1.3.18:
Variable: X Variable: Y
PARAM/NODE PARAM/NODE PARAM/NODE
16

25. Flow Types: An Overview
Flow Object
CFG Object Node Object Pkg Object
.
. .
. .
.
. . .
abstract
concrete
17

26. Flow Types: Package
Pkg Object
Body Object Spec Object
Def Object Simple Spec Object
Simple Body Object Gen Object
Prot Object Single Prot Object
abstract
Prot Type Object
concrete
18

27. Flow Types: CFG
CFG Object
Body Object Spec Object
Abort Object Generic Object
Block Object Task Type Object
Entry Object Single Task Object
Except Object
Func Object
Init Object
Proc Object
abstract
Task Object
concrete
19

28. Flow Types: Node
Node Object
Return Node Object
Call Node Object
Terminate Node Object
Accept Node Object
Param Node Object
Entry Call Node Object
Param Alloc Node Object
Abort Node Object
Loop Node Object
Param Call Node Object
Finite Loop Node Object
Jump Node Object
Infinite Loop Node Object
Goto Jump Node Object
Assign Node Object
Exit Jump Node Object
Branch Node Object
Trivial Exit Jump Node Object
Complex Exit Jump Node Object
abstract
concrete
20

29. Usage
with Ada.Text IO; use Ada.Text IO; with Ast2Cfg.Pkgs; use Ast2Cfg.Pkgs;
with Ast2Cfg.Control; with Ast2Cfg.Flow World; with Ast2Cfg.Output;
procedure Run is
World: Ast2Cfg.Flow World.World Object Ptr;
Pkgs: Pkg Class Ptr List.Object;
Pkg: Pkg Class Ptr := null;
begin
-- Initialisations
Ast2Cfg.Output.Set Level(Ast2Cfg.Output.Warning);
Ast2Cfg.Control.Init("−CN foo.adt bar.adt");
-- Fill the World with flow data
World := Ast2Cfg.Control.Generate;
-- Output the name of all top-level packages
Pkgs := Ast2Cfg.Flow World.Get Pkgs(World.all);
Pkg Class Ptr List.Reset(Pkgs);
while Pkg Class Ptr List.Has Next(Pkgs) loop
Pkg Class Ptr List.Get Next(Pkgs, Pkg);
Put Line(Get Name(Pkg.all));
end loop;
-- Finalisation
Ast2Cfg.Control.Final;
end Run;
21

30. Excursus on the Command Line
22

31. Examples: If Statement
Branch Node 1.2.5:
if/case
Node 1.2.7:
Node 1.2.14:
Idents: >
elsif (false) then
if (X>10) then
if (X>10) then
null; Parameter Node 1.2.8: Node 1.2.12: Node 1.2.16:
elsif (false) then
null; STMT/PAR null; null;
end if;
Parameter Call Node 1.2.9: Node 1.2.6:
Dest: >
FUNC/PARAM/ROOT end if/case
Parameter Node 1.2.10: Parameter Node 1.2.11: Node 1.2.18:
Variable: X
PARAM/NODE PARAM/NODE CFG END
23

32. Examples: Case Statement
Branch Node 1.3.9:
Name: Start
Idents: X
if/case
Node 1.3.11: Node 1.3.15:
Node 1.3.19:
Idents: A Idents: B
<<Start> case X is
> when others =>
when A => when B =>
when A =>
null;
when B => Goto Jump Node 1.3.23:
null; Node 1.3.13: Node 1.3.17:
Target: Start
when others => Idents: Start
goto Start; null; null;
goto Start;
end case;
Node 1.3.10:
end if/case
Node 1.3.24:
CFG END
24

33. Examples: Loop Statement
Infinite Loop Node 1.6.12:
Name: Loop1
Loop1: loop
Call Node 1.6.15:
Dest: Increment
Idents: Increment
Increment(X);
Loop1: loop
Increment(X); C-Exit Jump Node 1.6.20:
exit Loop1 Parameter Call Node 1.6.16:
Target: Loop1
when Condition; Dest: Increment
Idents: Loop1,Condition
end loop Loop1; PROC/PARAM/ROOT
exit Loop1 when Condition;
Parameter Node 1.6.17: Parameter Node 1.6.19: Node 1.6.22:
Variable: X
PARAM/NODE STMT/PAR Loop End
Parameter Call Node 1.6.21: Node 1.6.23:
Dest: Condition
FUNC/PARAM/ROOT CFG END
25

34. Examples: A few words on the word static
Infinite Loop Node 1.1.5:
loop
procedure Not A Loop is
I: Integer := 0;
begin T-Exit Jump Node 1.1.8:
loop exit;
exit;
I := I + 1;
end loop;
Node 1.1.16:
end Not A Loop;
Loop End
Node 1.1.17:
CFG END
not a loop.adb:7:09: warning: unreachable code
26

35. Examples: A few words on the word static (2)
Infinite Loop Node 1.1.5:
loop
C-Exit Jump Node 1.1.8:
procedure Not A Loop 2 is
I: Integer := 10; Idents: >=
begin
exit when I >= 10;
loop
exit when I >= 10;
I := I + 1;
end loop; Assignment Node 1.1.14:
Node 1.1.19:
end Not A Loop 2; Idents: I,+
Loop End
I := I + 1;
Node 1.1.20:
CFG END
27

36. Examples: Tasks
Node 1.3.1:
select/acc
Node 1.4.4:
−− Caller Object Node 1.3.4:
Task Object.Entry1; Idents: Condition
select
Entry Call Node1.6.7: or
−− Called Object Dest: Task_Object.Entry1
select Idents: Task_Object.Entry1
accept Entry1 do Task_Object.Entry1;
null; Accept Node1.3.8: Accept Node1.4.8:
end Entry1; Dest: CFG[1.4.0] Dest: CFG[1.5.0]
or accept Entry1 do accept Entry2 do
when Condition => Node 1.6.9:
accept Entry2 do
null; CFG END
end Entry2; Node 1.3.3:
end select;
end select
Node 1.5.4:
CFG END
28

37. Examples: Protected Objects
package body Prot Pkg is
Prot_Pkg
protected body (body)
Prot Type is --VARS-- Entry Call Node2.2.3:
Prot_Obj: {ST: Prot_Type} Dest: Prot_Obj.Entry1
entry Entry1 Idents: Prot_Obj.Entry1
(A: in Integer) Prot_Obj.Entry1(0);
when True is
begin Prot_Type Init_CFG
(body) (body) Parameter Call Node 2.2.4: Node 2.2.6:
null; Dest: Prot_Obj.Entry1
end Entry1; PROC/PARAM/ROOT CFG END
end Prot Type;
Entry1 Parameter Node 2.2.5:
Prot Obj: Prot Type; (body)
--PARAMS-- PARAM/NODE
begin A: {ST: Integer}
Prot Obj.Entry1(0);
end Prot Pkg;
29

38. Examples: Types
Types
(spec)
--TYPES--
Rec_Type_0
[COMPONENTS]
F: {CT: Float}
B: {CT: Boolean}
package Types is Rec_Type_1 {ST: Rec_Type_0}
type Rec Type 0 is
tagged F
record INIT
F: Float := abs(3.14);
B: Boolean;
end record;
Parameter Node 1.0.2:
type Rec Type 1 is INIT/NODE
new Rec Type 0
with null record;
Parameter Call Node 1.0.4:
end Types; Dest: abs
FUNC/PARAM/ROOT
Parameter Node 1.0.5:
PARAM/NODE
30

39. Further Information & Downloads
• http://cfg.w3x.org
• For comments, bug reports and feature requests please
contact us:
• cfg@w3x.org
31

40. Further Information & Downloads
• http://cfg.w3x.org
• For comments, bug reports and feature requests please
contact us:
• cfg@w3x.org
• Raul Fechete and Georg Kienesberger. Generating control flow graphs for Ada
programs. Technical Report 183/1-139, Department of Automation, TU
Vienna, September 2007.
31

41. Further Information & Downloads
• http://cfg.w3x.org
• For comments, bug reports and feature requests please
contact us:
• cfg@w3x.org
• Raul Fechete and Georg Kienesberger. Generating control flow graphs for Ada
programs. Technical Report 183/1-139, Department of Automation, TU
Vienna, September 2007.
• Raul Fechete, Georg Kienesberger, and Johann Blieberger. A Framework for
CFG-based Static Program Analysis of Ada Programs. In Ada-Europe’2008
International Conference on Reliable Software Technologies, pages 130-143,
Venice, Italy, June 2008.
31

42. Further Information & Downloads
• http://cfg.w3x.org
• For comments, bug reports and feature requests please
contact us:
• cfg@w3x.org
• Raul Fechete and Georg Kienesberger. Generating control flow graphs for Ada
programs. Technical Report 183/1-139, Department of Automation, TU
Vienna, September 2007.
• Raul Fechete, Georg Kienesberger, and Johann Blieberger. A Framework for
CFG-based Static Program Analysis of Ada Programs. In Ada-Europe’2008
International Conference on Reliable Software Technologies, pages 130-143,
Venice, Italy, June 2008.
• updated documentation in the next few months
31

43. The End
Thank you very much!
Any questions?
http://cfg.w3x.org
These slides are licensed under a Creative Commons Attribution-Share Alike 3.0 Austria License. http://creativecommons.org
32