Control Flow Graph

control flow graph

A control-flow graph represents blocks’ computation or flow control during program and application execution. Developed by France E. Allen, a control-flow graph is primarily used in static analysis, where it is responsible for demonstrating the flow inside the program unit. The following are a few characteristics of a control-flow graph that will help you understand it better.

Control Flow Graph

The following are a few characteristics of a control flow graph that will help you understand it better.

  1. It is entirely process-oriented 
  2. It pinpoints all the possible paths that you can take during a program execution
  3. It comprises edges to show paths and nodes to show blocks

As a phoneme is the smallest unit of language that has the capability to change language, a basic block is the simplest unit of a control flow in any program. It is formed when different operations are sequenced together to execute properly. As such, if an operation falters or raises an issue, the block stops the execution. The basic block is a branch-free code sequence that begins with a labeled operation. The control enters a block at its first operation but exits at a branch, jump, or any other operation which also happens to be the signature operation of a block. This can be distinguished easily as:

  1. Entry Block: Point of entry of control in the control flow graph.
  2. Exit Block: Where the control leaves the block. 

The control-flow graph is also denoted as “cfg,” which is quite common in coding and programming. As you know, a basic block only operates when the entire sequence of operations is executed together. All the operational blocks incorporated in a flow diagram, including the start node, end node, and the flow between the nodes, comprise a control-flow graph. A cfg has a node for every basic block, while for every possible transfer between these blocks, the cfg has an edge. Now that you know the relationship between a cfg and a block, let us look at how they help in coding.

Determining the Leader

A basic block is simply a collection of three address code statements. The only way for a control to enter the block is through the first line, termed “leader.” There is no possibility of a jump or goto between the block, as the control exits only through the last statement. All the statements between the first and last one are a part of the basic block. This is how you can determine the leader in a basic block: 

  • The first line of any block will always be its leader. 
  • Moreover, the conditional or unconditional goto can also help determine the leader. It doesn’t matter if you are given the conditional or the unconditional goto because it will lead you directly to the leader. 
  • Keeping the goto in mind, another important point is that the line next to the one that has the mention of goto, is also a leader. Most students mistake this for the line directly after the address, which has goto labels.

So far, you have learned to determine the leader in many ways. However, one of the most common questions after determining all the leaders is what to do with the statements between the leaders. The following breakdown will help answer this question in a very simple manner. 

  1. The first statement is always the leader L1 (for understanding purposes)
  2. The address of conditional and unconditional goto is also a leader L2
  3. The statement that comes after the goto statement is also the leader L3

All the statements between the L1 and L2 will be a part of the first basic block. Similarly, the statements between L2 and L3 will be a part of the second basic block, and so on.

Variations in Control Flow Graphs

There can be many variations in the control-flow graph based on the statements and loops in question. However, the principle at heart remains the same. Let us look at some of the different types of images and loops to help you better understand the concept of flow-graph.

If-else: The if-else statement is used when you want to perform two operations for a single statement. As the name suggests, it is used to perform two different operations, i.e., one is for the correctness of any condition, and the other is for the incorrectness. If-else statements can be useful when the block you are working on cannot be executed simultaneously with the rest. Using this statement, you will have the option for an otherwise case with the given condition. A simple example of the if-else statement and its function is given below. 

In C language, if you want to determine whether the number is odd or even, you can simply use the following method:


int main(){    

int number=0;    

printf("enter a number:");    

scanf("%d",n number);     


printf("%d is even number",number); 



printf("%d is odd number",number);    


return 0;  


The respective output will be seen as:

Enter a number: 8

8 is an even number

Enter a number: 7

7 is an odd number 

The control flow graph of the if-else statement would be something like:

control flow graph

As you can see, the execution process becomes relatively simpler with the if-else statement because it does not restrict the block to a singular option. Programmers prefer this ease of use and incorporate this in coding regularly. 

The control-flow graph works similarly for other loops and statements such as while, do-while, and so on.


We used control flow graphs in static analysis to represent blocks’ computation or flow control when executing programs or applications. Cfgs and basic blocks are helpful components in coding, and we’ve discussed their benefits, how they work, and some of their variations. We hope this helps you in your secure software development. For more advice and information, take a look at our other articles about the related analytical processes, such as lexical, data flow, and taint analysis.

Leave a Comment

Your email address will not be published. Required fields are marked *

Related Posts

Regex is a useful string of characters that defines a search pattern. In the security world, regular
When developing an application or any other software, the security of the finalized product is one of
Sometimes the development teams employ unconventional practices to fix bugs or add new features without realizing the
Scroll to Top