Exporting Graphs
Joern is used in academic research as a source for
intermediate graph representations of code, particularly in machine
learning and vulnerability discovery applications [e.g., 1,2,3,4,5]. To support
this use-case, Joern provides both plotting capabilities in the
interactive console as well as the joern-export command line
utility.
In summary, Joern can create the following graph representations for C/C++ code:
- Abstract Syntax Trees (AST)
- Control Flow Graphs (CFG)
- Control Dependence Graphs (CDG)
- Data Dependence Graphs (DDG)
- Program Dependence graphs (PDG)
- Code Property Graphs (CPG14)
The command line tool joern-export#
All of these representations can be plotted and exported into the graphviz dot format to enable processing with third party tools or via external scripts.
To parse the code in /src/directory and dump Program Dependence
Graphs for all methods into the directory outdir, you can run the
following commands on the system shell:
For a complete overview of options, run joern-export --help.
Plotting and Exporting on the Joern Console#
If you would like to explore graph representations interactively, you
can do so on the Joern shell. To this end, we define
the following steps on method nodes to dump representations in dot
format.
You can also plot and view representations using the following queries:
Note that the ossdataflow layer needs to have been calculated for
the source CPG via run.ossdataflow.
Example#
Generate the CPG along with the data flow layer for a sample function
named myfunc.
You can now plot the AST as follows:
You can obtain the dot representation of the AST as well:
Dumping representations for all functions from the shell#
You can also dump all representations into the directory out using
References#
Research that employs Joern as an extraction tool for intermediate representations of code:
(5) SPIDER: Enabling Fast Patch Propagation In Related Software Repositories, Machiry et al., S&P'20