Menu
Home
People
Places
Arts
History
Plants & Animals
Science
Life & Culture
Technology
Reference.org
Call graph
open-in-new
<h2 id="basic-concepts">Basic concepts</h2> <p>Call graphs can be dynamic or static.<a class="footnote-ref" id="fnref:4" href="#fn:4"><sup>4</sup></a> A dynamic call graph is a record of an execution of the program, for example as output by a profiler. Thus, a dynamic call graph can be exact, but only describes one run of the program. A static call graph is a call graph intended to represent every possible run of the program. The exact static call graph is an <a href="/facts/Undecidable_problem/QBxmXBbY">undecidable problem</a>, so static call graph algorithms are generally overapproximations. That is, every call relationship that occurs is represented in the graph, and possibly also some call relationships that would never occur in actual runs of the program. </p><p>Call graphs can be defined to represent varying degrees of precision. A more precise call graph more precisely approximates the behavior of the real program, at the cost of taking longer to compute and more memory to store. The most precise call graph is fully <i>context-sensitive</i>, which means that for each procedure, the graph contains a separate node for each <a href="/facts/Call_stack/1sMt713v">call stack</a> that procedure can be activated with. A fully context-sensitive call graph is called a calling context tree. This can be computed dynamically easily, although it may take up a large amount of memory. Calling context trees are usually not computed statically, because it would take too long for a large program. The least precise call graph is <i>context-insensitive</i>, which means that there is only one node for each procedure. </p><p>With languages that feature <a href="/facts/Dynamic_dispatch/211NC5eu">dynamic dispatch</a> (i.e. <a href="/facts/Java_(programming_language)/9ScgFyAL">Java</a> or <a href="/facts/C%2B%2B/Et0F2qn9">C++</a>),<a class="footnote-ref" id="fnref:5" href="#fn:5"><sup>5</sup></a> <a href="/facts/First-class_function/dtMzp81k">first-class functions</a> (i.e. <a href="/facts/Python_(programming_language)/YbuGqofa">Python</a> or <a href="/facts/Racket_(programming_language)/5n7LW08b">Racket</a>), or <a href="/facts/Function_pointer/PEhvvsQB">function pointers</a> (i.e. <a href="/facts/C_(programming_language)/Ky2No763">C</a>), computing a static call graph precisely requires <a href="/facts/Alias_analysis/802TeVPk">alias analysis</a> results. Conversely, computing precise aliasing requires a call graph. Many static analysis systems solve the apparent infinite regress by computing both simultaneously. </p> <h2 id="usages">Usages</h2> <p>Call graphs can be used in different ways. One simple application of call graphs is finding procedures that are never called. Call graphs can act as documentation for humans to <a href="/facts/Program_comprehension/yFbCoMN0">understand programs</a>.<a class="footnote-ref" id="fnref:6" href="#fn:6"><sup>6</sup></a> Call graphs can also be used to detect anomalies of program execution or code injection attacks.<a class="footnote-ref" id="fnref:7" href="#fn:7"><sup>7</sup></a> </p> <h2 id="software">Software</h2> <h3><a href="/facts/Free_software/IaoVtJXn">Free software</a> call graph generators</h3> <h4>Run-time call graph (most of tools listed are profilers with call graph functionality)</h4> <ul><li><a href="/facts/Gprof/cqj01RCn">gprof</a> : included in BSD or part of the <a href="/facts/GNU_Binary_Utilities/J44lMK6U">GNU Binary Utilities</a></li> <li>callgrind : part of <a href="/facts/Valgrind/XDJA4Es2">Valgrind</a></li> <li><a href="https://kcachegrind.github.io/html/Home.html">KCachegrind</a> : powerful tool to generate and analyze call graphs based on data generated by callgrind</li> <li>Mac OS X Activity Monitor : Apple GUI process monitor Activity Monitor has a built-in call graph generator that can sample processes and return a call graph. This function is only available in <a href="/facts/Mac_OS_X/Y93vVpTm">Mac OS X</a> Leopard</li> <li>OpenPAT : includes the control_flow tool which automatically creates a <a href="/facts/Graph_visualization/uhh73BVo">Graphviz</a> call-graph picture from runtime measurements.</li> <li><a href="https://github.com/google/pprof">pprof</a>, open source tool for visualization and analysis of profile data, to be used in conjunction with <a href="https://web.archive.org/web/20150904193554/http://gperftools.googlecode.com/git/doc/cpuprofile.html">gperftools</a>.</li> <li><a href="/facts/CodeAnalyst/RxES45HP">CodeAnalyst</a> from <a href="/facts/AMD/CB1G7QTb">AMD</a> (released under GPL)</li> <li><a href="http://makepp.sourceforge.net/gallery/">makeppgraph</a> is a dependency graph generator (at module level) for builds performed with <a href="/facts/Make_(software)/5q1DQ4ot">makepp</a>.</li> <li><a href="https://github.com/01org/IntelSEAPI/wiki">Intel(R) Single Event API</a> (free, open-source)</li></ul> <h4>Static for getting call graphs without running application</h4> C/C++ <ul><li><a href="/facts/Sourcetrail/npF7kjyb">Sourcetrail</a> creates a static call graph, that can be dynamically explored by the user. Also supports Python and Java</li> <li><a href="/facts/Doxygen/Uw1w2lNh">doxygen</a> : Uses <a href="/facts/Graphviz/nf5D4paX">Graphviz</a> to generate static call/inheritance diagrams</li> <li><a href="https://github.com/chaudron/cally">Cally</a>: a tool that uses GCC's Register Transfer Language (RTL) files to build a caller or callee call graphs for C projects.</li> <li><a href="/facts/GNU_cflow/7JefaA3B">cflow</a> : GNU cflow is able to generate the direct and inverted call graph of a C program</li> <li><a href="http://www.gson.org/egypt/">egypt</a> : a small <a href="/facts/Perl/fx31kjlT">Perl</a> script that uses gcc and <a href="/facts/Graphviz/nf5D4paX">Graphviz</a> to generate the static call graph of a C program.</li> <li><a href="http://www.analizo.org/">Analizo</a>: calculates source code metrics, generates dependency graphs.</li> <li><a href="https://www.vim.org/scripts/script.php?script_id=2368">CCTree</a> : Native <a href="/facts/Vim_(text_editor)/JXAYMDgt">Vim</a> plugin that can display static call graphs by reading a <a href="/facts/Cscope/cexz463h">cscope</a> database. Works for C programs.</li> <li><a href="https://github.com/petersenna/codeviz">codeviz</a> : a static call graph generator (the program is <i>not</i> run). Implemented as a patch to <a href="/facts/GNU_Compiler_Collection/t07jh01k">gcc</a>; works for C and C++ programs.</li> <li><a href="http://toolchainguru.blogspot.com/2011/03/c-calltrees-in-bash-revisited.html">calltree.sh</a> : Bash shell functions that glue together cscope, graphviz, and a sampling of dot-rendering tools to display "caller" and "callee" relationships above, below, and/or between the C functions you specify.</li> <li><a href="https://sourceforge.net/projects/tceetree/">tceetree</a> : like calltree.sh, it connects <a href="/facts/Cscope/cexz463h">Cscope</a> and <a href="/facts/Graphviz/nf5D4paX">Graphviz</a>, but it is an executable rather than a bash script.</li></ul> Go <ul><li><a href="https://github.com/ofabry/go-callvis">go-callvis</a> : an interactive call graph generator for Go programs whose output can be drawn with <a href="/facts/Graphviz/nf5D4paX">Graphviz</a></li></ul> Multi-language <ul><li><a href="https://github.com/koknat/callGraph">callGraph</a> : open-source call graph generator for awk, bash, basic, dart, fortran, go, lua, javascript, julia, kotlin, matlab, perl, pascal, php, python, R, raku, ruby, rust, scala, swift, tcl, and typescript.</li></ul> .NET <ul><li><a href="/facts/NDepend/gK18zBaM">NDepend</a> :is a static analysis tool for .NET code. This tool supports a large number of code metrics, allows for visualization of dependencies using directed graphs and dependency matrix.</li></ul> PHP, Perl and Python <ul><li><a href="https://metacpan.org/module/Devel::NYTProf">Devel::NYTProf</a> : a Perl performance analyser and call chart generator</li> <li><a href="http://phpcallgraph.sourceforge.net/">phpCallGraph</a> : a call graph generator for PHP programs that uses <a href="/facts/Graphviz/nf5D4paX">Graphviz</a>. It is written in PHP and requires at least PHP 5.2.</li> <li><a href="http://pycallgraph.slowchop.com/">pycallgraph</a> <a href="https://web.archive.org/web/20070525064354/http://pycallgraph.slowchop.com/">Archived</a> 2007-05-25 at the <a href="/facts/Wayback_Machine/nmQ3a6JC">Wayback Machine</a> : a call graph generator for Python programs that uses <a href="/facts/Graphviz/nf5D4paX">Graphviz</a>.</li> <li><a href="https://github.com/davidfraser/pyan">pyan</a> : a static call graph generator for Python programs that uses <a href="/facts/Graphviz/nf5D4paX">Graphviz</a>.</li> <li><a href="https://github.com/jrfonseca/gprof2dot">gprof2dot</a> : A call graph generator written in Python that converts profiling data for many languages/runtimes to a <a href="/facts/Graphviz/nf5D4paX">Graphviz</a> callgraph.</li> <li><a href="https://github.com/scottrogowski/code2flow">code2flow</a>: A call graph generator for Python and Javascript programs that uses <a href="/facts/Graphviz/nf5D4paX">Graphviz</a></li> <li><a href="https://github.com/carlsborg/rcviz">rcviz</a> : Python module for rendering runtime-generated call graphs with <a href="/facts/Graphviz/nf5D4paX">Graphviz</a>. Each node represents an invocation of a function with the parameters passed to it and the return value.</li></ul> XQuery <ul><li><a href="https://en.wikibooks.org/wiki/XQuery/Call_Graphs">XQuery Call Graphs from the XQuery Wikibook</a>: A call graph generator for an XQuery function module that uses <a href="/facts/Graphviz/nf5D4paX">Graphviz</a></li></ul> <h3>Proprietary call graph generators</h3> <a href="/facts/LDRA_Testbed/IUQhzndt">LDRA Testbed</a> Static and dynamic analysis engines for both host and embedded software, with a myriad of reports including call graphs. Project Analyzer Static code analyzer and call graph generator for Visual Basic code <a href="/facts/Visual_Expert/lSUrbmTY">Visual Expert</a> <a href="/facts/Static_program_analysis/b56nr6QM">Static code analyzer</a> and call graph generator for <a href="/facts/Oracle_Database/FHv5g732">Oracle</a> <a href="/facts/PL/SQL/LLghPhdc">PL/SQL</a>, <a href="/facts/Microsoft_SQL_Server/eCdt2JBL">SQLServer</a> <a href="/facts/Transact-SQL/J1ArBRyF">Transact-SQL</a>, <a href="/facts/C_Sharp_(programming_language)/UC2gxeyb">C#</a> and <a href="/facts/PowerBuilder/XdFCQTMV">PowerBuilder</a> code <a href="/facts/VTune/JX3Saa0h">Intel VTune Performance Analyzer</a> Instrumenting profiler to show call graph and execution statistics <a href="/facts/DMS_Software_Reengineering_Toolkit/G3Xeppn0">DMS Software Reengineering Toolkit</a> Customizable program analysis tool with static whole-program global call graph extraction for C, Java and COBOL <h3>Other, related tools</h3> <a href="/facts/Graphviz/nf5D4paX">Graphviz</a> Turns a text representation of any graph (including a call graph) into a picture. <a href="/facts/Tsort/TIkWzlnn">tsort</a> Command-line utility that performs a topological sort. <h2 id="sample-graph">Sample graph</h2> <p>A sample call graph generated from <a href="/facts/Gprof/cqj01RCn">gprof</a> analyzing itself: </p> index called name |index called name 72384/72384 sym_id_parse [54] | 1508/1508 cg_dfn [15] [3] 72384 match [3] |[13] 1508 pre_visit [13] ---------------------- |---------------------- 4/9052 cg_tally [32] | 1508/1508 cg_assemble [38] 3016/9052 hist_print [49] |[14] 1508 propagate_time [14] 6032/9052 propagate_flags [52] |---------------------- [4] 9052 sym_lookup [4] | 2 cg_dfn [15] ---------------------- | 1507/1507 cg_assemble [38] 5766/5766 core_create_function_syms [41]|[15] 1507+2 cg_dfn [15] [5] 5766 core_sym_class [5] | 1509/1509 is_numbered [9] ---------------------- | 1508/1508 is_busy [11] 24/1537 parse_spec [19] | 1508/1508 pre_visit [13] 1513/1537 core_create_function_syms [41]| 1508/1508 post_visit [12] [6] 1537 sym_init [6] | 2 cg_dfn [15] ---------------------- |---------------------- 1511/1511 core_create_function_syms [41]| 1505/1505 hist_print [49] [7] 1511 get_src_info [7] |[16] 1505 print_line [16] ---------------------- | 2/9 print_name_only [25] 2/1510 arc_add [31] |---------------------- 1508/1510 cg_assemble [38] | 1430/1430 core_create_function_syms [41] [8] 1510 arc_lookup [8] |[17] 1430 source_file_lookup_path [17] ---------------------- |---------------------- 1509/1509 cg_dfn [15] | 24/24 sym_id_parse [54] [9] 1509 is_numbered [9] |[18] 24 parse_id [18] ---------------------- | 24/24 parse_spec [19] 1508/1508 propagate_flags [52] |---------------------- [10] 1508 inherit_flags [10] | 24/24 parse_id [18] ---------------------- |[19] 24 parse_spec [19] 1508/1508 cg_dfn [15] | 24/1537 sym_init [6] [11] 1508 is_busy [11] |---------------------- ---------------------- | 24/24 main [1210] 1508/1508 cg_dfn [15] |[20] 24 sym_id_add [20] [12] 1508 post_visit [12] | <h2 id="see-also">See also</h2> <ul><li><a href="/facts/Software_visualization/IrgGTPEV">Software visualization</a></li> <li><a href="/facts/Dependency_graph/AVC2CjGX">Dependency graph</a></li></ul> <h2 id="references">References</h2> <ol> <li id="fn:1"><p>Callahan, D.; Carle, A.; Hall, M. W.; Kennedy, K. (April 1990). "Constructing the procedure call multigraph". IEEE Transactions on Software Engineering. 16 (4): 483–487. doi:10.1109/32.54302. <a href="/wiki/Mary_Hall_(computer_scientist)" target="_blank">/wiki/Mary_Hall_(computer_scientist)</a> <a href="#fnref:1" class="footnote-back-ref">↩</a></p></li> <li id="fn:2"><p>Uday Khedker; Amitabha Sanyal; Bageshri Sathe (2009). Data Flow Analysis: Theory and Practice. CRC Press. p. 234. ISBN 978-0-8493-3251-7. <a href="978-0-8493-3251-7" target="_blank">978-0-8493-3251-7</a> <a href="#fnref:2" class="footnote-back-ref">↩</a></p></li> <li id="fn:3"><p>Pankaj Jalote (1997). An Integrated Approach to Software Engineering. Springer Science & Business Media. p. 372. ISBN 978-0-387-94899-7. <a href="978-0-387-94899-7" target="_blank">978-0-387-94899-7</a> <a href="#fnref:3" class="footnote-back-ref">↩</a></p></li> <li id="fn:4"><p>Ryder, B.G. (May 1979). "Constructing the Call Graph of a Program". IEEE Transactions on Software Engineering. SE-5 (3): 216–226. doi:10.1109/tse.1979.234183. S2CID 16527042. <a href="/wiki/Doi_(identifier)" target="_blank">/wiki/Doi_(identifier)</a> <a href="#fnref:4" class="footnote-back-ref">↩</a></p></li> <li id="fn:5"><p>Grove, David; DeFouw, Greg; Dean, Jeffrey; Chambers, Craig; Grove, David; DeFouw, Greg; Dean, Jeffrey; Chambers, Craig (9 October 1997). "Call graph construction in object-oriented languages". ACM SIGPLAN Notices. 32 (10). ACM: 108, 108–124, 124. doi:10.1145/263700.264352. <a href="https://doi.org/10.1145%2F263700.264352" target="_blank">https://doi.org/10.1145%2F263700.264352</a> <a href="#fnref:5" class="footnote-back-ref">↩</a></p></li> <li id="fn:6"><p>Eisenbarth, T.; Koschke, R.; Simon, D. (2001). "Aiding program comprehension by static and dynamic feature analysis". Proceedings IEEE International Conference on Software Maintenance. ICSM 2001. pp. 602–611. doi:10.1109/icsm.2001.972777. ISBN 0-7695-1189-9. S2CID 5934718. <a href="0-7695-1189-9" target="_blank">0-7695-1189-9</a> <a href="#fnref:6" class="footnote-back-ref">↩</a></p></li> <li id="fn:7"><p>Gao, Debin; Reiter, Michael K.; Song, Dawn (25 October 2004). "Gray-box extraction of execution graphs for anomaly detection". Proceedings of the 11th ACM conference on Computer and communications security - CCS '04. ACM. pp. 318–329. doi:10.1145/1030083.1030126. ISBN 1581139616. S2CID 1189805. <a href="1581139616" target="_blank">1581139616</a> <a href="#fnref:7" class="footnote-back-ref">↩</a></p></li> </ol>