{"id":10264,"library":"staticfg","title":"StaticFG","description":"StaticFG is a Python library (current version 0.9.5) designed to generate control flow graphs (CFGs) for Python 3 programs. It parses Python source code, builds an Abstract Syntax Tree (AST), and then transforms it into a CFG, which can be visualized using Graphviz. The project is actively maintained with a moderate release cadence.","status":"active","version":"0.9.5","language":"en","source_language":"en","source_url":"https://github.com/coetaur0/staticfg","tags":["static analysis","control flow graph","AST","code analysis","visualization"],"install":[{"cmd":"pip install staticfg","lang":"bash","label":"Install core StaticFG library"},{"cmd":"pip install graphviz","lang":"bash","label":"Install Python Graphviz bindings (required for visualization)"}],"dependencies":[{"reason":"Required for building visual representations of the CFGs using Python bindings. While technically optional for core CFG object generation, it's essential for the primary visualization use case.","package":"graphviz","optional":false}],"imports":[{"symbol":"CFGBuilder","correct":"from staticfg import CFGBuilder"},{"note":"The `CFG` class, representing the generated graph, is not directly exposed at the top-level `staticfg` package. It resides in the `staticfg.cfg` submodule.","wrong":"from staticfg import CFG","symbol":"CFG","correct":"from staticfg.cfg import CFG"}],"quickstart":{"code":"import os\nfrom staticfg import CFGBuilder\n\n# Define a simple Python function as a string\ncode = \"\"\"\ndef greet(name):\n    if name:\n        message = f\"Hello, {name}!\"\n    else:\n        message = \"Hello, World!\"\n    print(message)\n\"\"\"\n\n# Build the CFG from the source string\n# The first argument 'greet_cfg' is the name of the CFG (often the function name)\n# The second argument is the source code string\ncfg = CFGBuilder().build_from_src('greet_cfg', code)\n\n# To visualize, you need the Graphviz system tool installed and in your PATH.\n# The output will be 'greet_cfg.pdf' in the current directory.\ntry:\n    cfg.build_visual('greet_cfg', 'pdf')\n    print(\"CFG 'greet_cfg.pdf' generated successfully.\")\nexcept Exception as e:\n    print(f\"Could not build visual graph. Make sure Graphviz (dot command) is installed and in your PATH. Error: {e}\")\n    # In a real application, you might log this error or notify the user.","lang":"python","description":"Demonstrates how to build a control flow graph from a Python string and attempt to visualize it as a PDF. Note that the Graphviz *system tool* (providing the `dot` command) must be installed and in your system's PATH for visualization to succeed."},"warnings":[{"fix":"Install Graphviz on your operating system (e.g., `sudo apt-get install graphviz` on Debian/Ubuntu, `brew install graphviz` on macOS, or download from graphviz.org for Windows). Then verify `dot -V` works in your terminal.","message":"Visualizing CFGs using `build_visual()` requires the `graphviz` *system tool* (specifically the `dot` command) to be installed on your operating system and accessible in your system's PATH. This is in addition to the Python `graphviz` package. Without it, visualization methods will fail with a `FileNotFoundError` or `subprocess.CalledProcessError`.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Simplify complex code structures if CFG output is unexpected, or manually verify the generated graph against the expected control flow for correctness.","message":"StaticFG builds CFGs by parsing Python Abstract Syntax Trees (ASTs). While generally robust, it might not perfectly represent all highly complex or dynamically generated Python constructs. Some advanced features or highly dynamic code might result in an incomplete or misleading CFG.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Import the `CFG` class explicitly from its submodule: `from staticfg.cfg import CFG`.","message":"The `CFG` class, which represents the generated control flow graph, is not directly importable from the top-level `staticfg` package. Attempting `from staticfg import CFG` will result in an `AttributeError`.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-17T00:00:00.000Z","next_check":"2026-07-16T00:00:00.000Z","problems":[{"fix":"Install Graphviz for your operating system (e.g., `sudo apt-get install graphviz` on Debian/Ubuntu, `brew install graphviz` on macOS, or download from graphviz.org for Windows). Ensure the `dot` command is accessible from your shell.","cause":"The Graphviz system package (which provides the 'dot' command) is not installed on your operating system or is not in your system's PATH.","error":"FileNotFoundError: [Errno 2] No such file or directory: 'dot'"},{"fix":"This is less common. Try simplifying the input Python code to isolate the problematic construct. Ensure the directory where `build_visual` attempts to save the output has write permissions.","cause":"While 'dot' is found, the input DOT file generated by StaticFG might be malformed due to an issue with the Python code's AST processing, or 'dot' is installed but cannot access temporary files.","error":"subprocess.CalledProcessError: Command '['dot', '-Tpdf', 'temp.dot']' returned non-zero exit status 1. [stderr: b'Error: test.dot: syntax error in line 1...']"},{"fix":"Import `CFG` explicitly from `staticfg.cfg`: `from staticfg.cfg import CFG`.","cause":"Attempting to import the `CFG` class directly from the top-level `staticfg` package.","error":"AttributeError: module 'staticfg' has no attribute 'CFG'"},{"fix":"Install the Python `graphviz` package: `pip install graphviz`.","cause":"The Python `graphviz` package, which `staticfg` uses for visualization bindings, is not installed.","error":"ModuleNotFoundError: No module named 'graphviz'"}]}