After three years of development the release of the new version of the GNU cflow utility 1.7 was announced. For those who are unaware of this utility, they should know that it is designed to build a visual graph of function calls in C programs, which can be used to simplify the study of application logic.
the chartor it is constructed solely from the analysis of the source texts, without the need to run the program, in addition to supporting the generation of direct and reverse flow graphs, as well as the generation of cross-reference lists for files with code.
The package is fully functional and compiles and runs on any GNU/Linux distribution and also on newer UNIX-like systems. It supports all line switch commands required by POSIX. It is capable of producing output in two formats: GNU cflow format (which is the default) and POSIX format.
Currently, the utility can only process C fonts, as this is the only deviation from the POSIX specifications, which requires the ability to process YACC and LEX Fonts, as well as binary object files.
The Emacs cflow-mode.el module works with files in the GNU cflow format (as opposed to POSIX format) and has been tested with Emacs 24.2.1.
Main new features of GNU cflow 1.7
In this new version of the release notable for implementing support for the "dot" output format ('–format=dot') to generate a DOT result for further processing in the Graphviz package.
In addition, it is also highlighted that added the ability to specify multiple startup functions by duplicating the '–main' options, which will be generated with a separate graph for each of these functions.
It is also noted that the option was added "–target=FUNCTION" to restrict the resulting graph to just one branch which includes certain functions (the “–target” option can be specified multiple times).
Another change that has been integrated in this new version of GNU cflow 1.7 is that new commands for chart navigation have been added a cflow-mode:”c” which is used to go to the calling function, “n” which is used to go to the next function in this nesting level and “p” to go to the previous function with the same level of nesting.
On the other hand, it is also mentioned in the announcement of this new version of GNU cflow 1.7 that also two vulnerabilities removed that were identified in 2019 causing memory corruption when processing specially crafted source texts in cflow.
Of the vulnerabilities that were fixed, the following are mentioned:
- The first vulnerability (CVE-2019-16165) occurs when memory is accessed after free (use-after-free) in parser code (referenced function in parser.c).
- The second vulnerability (CVE-2019-16166) is related to a buffer overflow in the nexttoken() function. In the opinion of the developers, these problems do not represent a security threat, as they are limited to abnormal termination of the utility.
Finally if you are interested in knowing more about it about this new version, you can check the details in the following link.
How to install cflow on Linux?
For those who are interested in being able to install this utility on their system, they should know that cflow is within the repositories of some of the main Linux distributions. I only have to mention that the new version has not yet been implemented in some of them, but it will be ready in a matter of days.
In the case of those who are users of Debian, Ubuntu or any derivative of these, they can install from the terminal by typing the following command:
sudo apt install cflow -y
In the case of users of Arch Linux, Manjaro or any other distribution derived from these, the installation must be done from the AUR repositories:
yay -s cflow
As for those who are interested in being able to compile the new version, they can obtain it from the following link