An edge of a regular call instruction.

A fall-through after a call instruction. This is indeed a pseudo edge as there's no direct control flow from a call instruction to its fall-through.

A fall-through representing C++ exception flows. If there is a function call which causes raising exceptions, then this edge will be used.

An edge of a call instruction to an external function or PLT.

An edge of a jmp instruction to an external function or PLT.

A simple fall-through case. This type is created when an edge cuts in two consecutive instructions.

An implicit edge that is not explicitly visible from the current CALL instruction, but visible within the function. If there is a path in the callee that calls a function, then we create an implicit edge from a caller to any of the callees.

An edge from an indirect call instruction.

An edge from an indirect jmp instruction.

An edge of a conditional jump that is exercised when the condition is false.

An edge of a conditional jump that is exercised when the condition is true.

An edge of a direct jump, e.g., JMP +0x42.

A false conditional edge only visible from an IR-level CFG, because there is a control-flow inside a machine instruction.

A true conditional edge only visible from an IR-level CFG, because there is a control-flow inside a machine instruction.

A direct jump edge only visible from an IR-level CFG, because there is a control-flow inside a machine instruction.

A fall-through after a no return call instruction. This edge will never be executed. We have this edge to include all "codes" compiler emitted. If we do not consider such "unreachable" codes from CFG building, we'll never see this edge in the result CFG.

An edge of a recursive call instruction.

An edge of a function return.

Unknown edge type. This should be an error case.