Exporting Graphs
Joern is used in academic research as a source for
intermediate graph representations of code, particularly in machine
learning and vulnerability discovery applications [e.g., 1,2,3,4,5]. To support
this use-case, Joern provides both plotting capabilities in the
interactive console as well as the joern-export
command line
utility.
In summary, Joern can create the following graph representations for C/C++ code:
- Abstract Syntax Trees (AST)
- Control Flow Graphs (CFG)
- Control Dependence Graphs (CDG)
- Data Dependence Graphs (DDG)
- Program Dependence graphs (PDG)
- Code Property Graphs (CPG14)
joern-export
#
The command line tool All of these representations can be plotted and exported into the graphviz dot format to enable processing with third party tools or via external scripts.
To parse the code in /src/directory
and dump Program Dependence
Graphs for all methods into the directory outdir
, you can run the
following commands on the system shell:
For a complete overview of options, run joern-export --help
.
#
Plotting and Exporting on the Joern ConsoleIf you would like to explore graph representations interactively, you
can do so on the Joern shell. To this end, we define
the following steps on method
nodes to dump representations in dot
format.
You can also plot and view representations using the following queries:
Note that the ossdataflow
layer needs to have been calculated for
the source CPG via run.ossdataflow
.
#
ExampleGenerate the CPG along with the data flow layer for a sample function
named myfunc
.
You can now plot the AST as follows:
You can obtain the dot representation of the AST as well:
#
Dumping representations for all functions from the shellYou can also dump all representations into the directory out
using
#
ReferencesResearch that employs Joern as an extraction tool for intermediate representations of code:
(5) SPIDER: Enabling Fast Patch Propagation In Related Software Repositories, Machiry et al., S&P'20