Relationship between CFG and call graph

[ShayYaari]

Hello,

First I want to thank you so much for your hard and amazing work in this project! As I'm new to static analysis and a beginner in using this project, I have 2 questions:

1. I'm trying to use both the CFG and the call graph analyses together and I'm wondering if there is an easy way to go from one to another. For example, given a ast.Call statement in one of the CFG blocks statements, to find its node in the call graph. In the other way, given a node in the call graph, find its block and ast.Call in the CFG.

2. I'm trying to work on an application to analyze and evaluate arguments in a specific function call in my program. Given a function in the call graph,I want to try and analyze the paths to its call and heuristically evaluate the arguments it is called with. It seems as I can find some data in the SSA, CFG and call graph that help to create some sort of an algorithm to find the paths and evaluate. However I'm not sure if there is better known approach to do so or some already implemented algorithms / research on this. Do you have some suggestions for me where can I find more information, or your recommendation?

Thanks!