Terminology
Basic Types
Expression (Expr)
An expression is a sequence of operators and their operands, that specifies a computation. - cppreference.com
Statement (Stmt)
Statements are fragments of the C program that are executed in sequence. - cppreference.com
Statement Expression (StmtExpr)
A compound statement enclosed in parentheses used as an expression (a GNU extension to C/C++). In the example below, b is the return value from the compound statement. int a = ({ int b = c + d; b; }); - AssignExpr
Relationships
Successor / Predecessor
Relationship of ControlFlowNodes, control flows from predecessor to successor.
Demo query:
from ControlFlowNode predecessor, ControlFlowNode successor
where predecessor=successor.getAPredecessor() and
successor.getEnclosingStmt().getEnclosingFunction().getName()="simple_block"
select predecessor, successor
Two result pairs:
void simple_block(){
if (my_rand()) {
printf( // Successor 1.
"simple_block 1\n" // Predecessor 1.
);
printf("simple_block 2\n");
} else {
printf( // Predecessor 2.
"simple_block else 1\n"
);
printf("simple_block else 2\n"); // Successor 2.
}
printf("return\n");
}
Parent / Child
Relationship of Stmts, parent precedes child in code. Children have at most one parent.
getAChild()returnsElementsgetChildStmt()returnsStmt
Demo query:
from Stmt parent, Stmt child
where parent.getAChild()=child and
child.getEnclosingFunction().getName()="simple_block"
select parent, child
A direct child of if:
void simple_block(){
if (my_rand())
{
printf("simple_block 1\n");
printf("simple_block 2\n");
}
else
{
printf("simple_block else 1\n");
printf("simple_block else 2\n");
}
printf("return\n");
}
Using getChildStmt() yields identical results in this case. The printf()s can be queried recursively (e.g. getAChild+()).