How to generate a Control Flow Graph from Assembly?

Question

For context, I'm attempting to write a decompiler from AVM2 (ActionScript Virtual machine 2) bytecode/assembly to high-level ActionScript 3 code. As far as I am aware, this requires me to analyze the assembly and generate resulting Control Flow Graph from this, in order to deduce structures such as loops, and conditional branching (if/else).

Given some assembly like:

0         getlocal0         
1         pushscope         
2         findpropstrict    {, private, }::trace
4         pushstring        "one"
6         callproperty      {, private, }::trace (1)
9         pop               
10        pushbyte          5
12        pushbyte          3
14        ifngt             L1

18        findpropstrict    {, private, }::trace
20        pushstring        "two"
22        callproperty      {, private, }::trace (1)
25        pop               

L1: 
26        findpropstrict    {, private, }::trace
28        pushstring        "three"
30        callproperty      {, private, }::trace (1)
33        coerce_a          
34        setlocal1         
35        getlocal1         
36        returnvalue       
37        kill              1

What is an algorithm to generate a Control Flow Graph?

Answer 1

I figured this out. Basically, keep a list of labels (which in my case are indices to instructions in an array). Each list of instructions between the labels are blocks (which are vertices in the graph). Label the instruction after each branch (so that the branch is the last instruction of the block, that way you can figure out what kind of edge it is. Alternatively, you could tag on the branch type to the edge.), and the target of each branch.

Once you have the labels, just split them up into blocks. I loop through each sorted index in the labels and if the last block's last instruction was a branch, I add an edge from it to the target. If not, I add an edge from it to the current block (as a fall-through node).