StaticFG
StaticFG is a Python library (current version 0.9.5) designed to generate control flow graphs (CFGs) for Python 3 programs. It parses Python source code, builds an Abstract Syntax Tree (AST), and then transforms it into a CFG, which can be visualized using Graphviz. The project is actively maintained with a moderate release cadence.
Common errors
-
FileNotFoundError: [Errno 2] No such file or directory: 'dot'
cause The Graphviz system package (which provides the 'dot' command) is not installed on your operating system or is not in your system's PATH.fixInstall Graphviz for your operating system (e.g., `sudo apt-get install graphviz` on Debian/Ubuntu, `brew install graphviz` on macOS, or download from graphviz.org for Windows). Ensure the `dot` command is accessible from your shell. -
subprocess.CalledProcessError: Command '['dot', '-Tpdf', 'temp.dot']' returned non-zero exit status 1. [stderr: b'Error: test.dot: syntax error in line 1...']
cause While 'dot' is found, the input DOT file generated by StaticFG might be malformed due to an issue with the Python code's AST processing, or 'dot' is installed but cannot access temporary files.fixThis is less common. Try simplifying the input Python code to isolate the problematic construct. Ensure the directory where `build_visual` attempts to save the output has write permissions. -
AttributeError: module 'staticfg' has no attribute 'CFG'
cause Attempting to import the `CFG` class directly from the top-level `staticfg` package.fixImport `CFG` explicitly from `staticfg.cfg`: `from staticfg.cfg import CFG`. -
ModuleNotFoundError: No module named 'graphviz'
cause The Python `graphviz` package, which `staticfg` uses for visualization bindings, is not installed.fixInstall the Python `graphviz` package: `pip install graphviz`.
Warnings
- gotcha Visualizing CFGs using `build_visual()` requires the `graphviz` *system tool* (specifically the `dot` command) to be installed on your operating system and accessible in your system's PATH. This is in addition to the Python `graphviz` package. Without it, visualization methods will fail with a `FileNotFoundError` or `subprocess.CalledProcessError`.
- gotcha StaticFG builds CFGs by parsing Python Abstract Syntax Trees (ASTs). While generally robust, it might not perfectly represent all highly complex or dynamically generated Python constructs. Some advanced features or highly dynamic code might result in an incomplete or misleading CFG.
- gotcha The `CFG` class, which represents the generated control flow graph, is not directly importable from the top-level `staticfg` package. Attempting `from staticfg import CFG` will result in an `AttributeError`.
Install
-
pip install staticfg -
pip install graphviz
Imports
- CFGBuilder
from staticfg import CFGBuilder
- CFG
from staticfg import CFG
from staticfg.cfg import CFG
Quickstart
import os
from staticfg import CFGBuilder
# Define a simple Python function as a string
code = """
def greet(name):
if name:
message = f"Hello, {name}!"
else:
message = "Hello, World!"
print(message)
"""
# Build the CFG from the source string
# The first argument 'greet_cfg' is the name of the CFG (often the function name)
# The second argument is the source code string
cfg = CFGBuilder().build_from_src('greet_cfg', code)
# To visualize, you need the Graphviz system tool installed and in your PATH.
# The output will be 'greet_cfg.pdf' in the current directory.
try:
cfg.build_visual('greet_cfg', 'pdf')
print("CFG 'greet_cfg.pdf' generated successfully.")
except Exception as e:
print(f"Could not build visual graph. Make sure Graphviz (dot command) is installed and in your PATH. Error: {e}")
# In a real application, you might log this error or notify the user.