PhASAR can now be shipped using Docker.
To build your own Docker container use
$ docker build -t phasar:latest in PhASAR’s root directory. You can also pull a pre-built image. We are currently implementing an automated pipeline that updates the pre-built container with each new commit made to the code base. Test your container using
$ docker run phasar --help. For more information please refer to our Wiki on Github https://github.com/secure-software-engineering/phasar/wiki/Using-PhASAR-with-Docker.
PhASAR now supports LLVM 9. Checkout our development branch on Github (https://github.com/secure-software-engineering/phasar/tree/development). Moving from LLVM 8 to LLVM 9 did not break any of PhASAR’s code. We only needed to make a small adjustment to the top-level CMakeLists.txt. Therefore, LLVM 8 is still supported and can be used without trouble: users need to adjust the
find_package(LLVM [...] line of the top-level CMakeLists.txt. Have fun hacking on PhASAR!
The next PhASAR release will come along, among others, with an improved textual reporter concept that simplifies and unifies the generation of text reports across all analyses/solvers. We are sure that this is highly important to be able to provide meaningful results to users of PhASAR who are not experts in the field, but just wish to use one of the existing static analysis.
In addition, we are currently working on a feature to generate graphical reports as well. We are able to reuse large parts of the Clang Static Analyzer infrastructure which allows us, for instance, to map our LLVM IR based analysis results back to the original C/C++ source code and display them in form of a html report in a web browser. Of course, we will provide example usages for some of our interesting built-in analyses.
We are currently working on support for LLVM 8. Luckily, moving to LLVM 8 does not seem to break too many things in PhASAR. We fixed all breaking changes in the
llvm-8.0.0 branch on Github (https://github.com/secure-software-engineering/phasar/tree/llvm-8.0.0). One of the changes made to LLVM 8 worth mentioning is the removal of the terminator instruction class
llvm::TerminatorInst. Instead of using
llvm::isa, one has to use
bool llvm::Instruction::isTerminator() const in order to check for terminator instructions. After being able to successfully compile and link PhASAR against LLVM 8, we are now checking the semantically correctness of the analysis framework in combination with LLVM 8. The
llvm-8.0.0 branch will be promptly merged into
development after having assessed the semantically correctness.
Due to the many friendly emails that we received, it came to our attention that people do not only wish to use PhASAR as a standalone static analysis tool for general purpose and security data-flow analysis, but also wish to build performance optimizations based on PhASAR’s inter-procedural static analysis results.
For this reason, we are currently building a full-LTO pass that wraps PhASAR’s functionalities into an ordinary LLVM pass. Thus, we allow a tighter coupling between LLVM and PhASAR; other LLVM optimization passes will be able to directly access PhASAR inter-procedural static analysis information that may allow more aggressive performance optimizations.
In order to be able to perform code transformations based on static analysis, the analysis must be sound. For other applications—including security analysis—soundy analyses might be sufficient (A soundy analysis uses sensible under-approximations to cope with certain language features such as C’s setjmp()/longjmp() that would otherwise degrade precision.). Hence, we will add a new option to PhASAR that allows to control the level of soundness.
The latest version of PhASAR v1218 is now available. Please check https://github.com/secure-software-engineering/phasar/wiki/PhASAR’s-Releases for details. Among other features, we added infrastructure for backward control-flow graphs. These graphs can be used in order to solve backward data-flow problems.
Today, we will release a minor update (1018) that includes various bug fixes, improved code quality, as well as some minor changes in the API (mostly renaming).
In addition, we will switch to a monthly release plan to avoid expensive, breaking changes and to keep our users up-to-date.
Next week we will release a major update that includes various bug fixes, faster compiles, heavy performance optimizations and novel features. To take just one small example, we were able to reduce the overall runtime of a complete analysis run on clang from several hours to several minutes.
The slides and the analysis code of our taint analysis toy-example, that we presented at our tutorial, are now available at phasar.org/download.
We have prepared the material for our tutorial given @PLDI 2018. If you participate in the tutorial, we kindly ask you to install Phasar on your machine before the tutorial, so we can get right into working with it from the start in order to maximize your learning experience. As many C++ projects Phasar does have a considerable compile time and we would like you to be productive from the very beginning and not to wait for the compiler to be done. Also some of our provided pre-packaged options for the tutorial are quite large, so we would like you to download and install your preferred option ahead of time.
There are three options to work with Phasar during the tutorial:
1. Using a VirtualBox VM
2. Using a Docker container
3. With a cloned copy of the source code
Please have a detailed look at phasar.org/tutorial and phasar.org/download.
We are looking forward to an interesting tutorial with you.