You Can’t Fight What You Can’t See: Emitting Reports

The next PhASAR release will come along, among others, with an improved textual reporter concept that simplifies and unifies the generation of text reports across all analyses/solvers. We are sure that this is highly important to be able to provide meaningful results to users of PhASAR who are not experts in the field, but just wish to use one of the existing static analysis.

In addition, we are currently working on a feature to generate graphical reports as well. We are able to reuse large parts of the Clang Static Analyzer infrastructure which allows us, for instance, to map our LLVM IR based analysis results back to the original C/C++ source code and display them in form of a html report in a web browser. Of course, we will provide example usages for some of our interesting built-in analyses.

Support for LLVM 8.0.0

We are currently working on support for LLVM 8. Luckily, moving to LLVM 8 does not seem to break too many things in PhASAR. We fixed all breaking changes in the llvm-8.0.0 branch on Github (https://github.com/secure-software-engineering/phasar/tree/llvm-8.0.0). One of the changes made to LLVM 8 worth mentioning is the removal of the terminator instruction class llvm::TerminatorInst. Instead of using llvm::dyn_cast or llvm::isa, one has to use bool llvm::Instruction::isTerminator() const in order to check for terminator instructions. After being able to successfully compile and link PhASAR against LLVM 8, we are now checking the semantically correctness of the analysis framework in combination with LLVM 8. The llvm-8.0.0 branch will be promptly merged into development after having assessed the semantically correctness.

Using PhASAR as a LLVM full-LTO pass

Due to the many friendly emails that we received, it came to our attention that people do not only wish to use PhASAR as a standalone static analysis tool for general purpose and security data-flow analysis, but also wish to build performance optimizations based on PhASAR’s inter-procedural static analysis results.

For this reason, we are currently building a full-LTO pass that wraps PhASAR’s functionalities into an ordinary LLVM pass. Thus, we allow a tighter coupling between LLVM and PhASAR; other LLVM optimization passes will be able to directly access PhASAR inter-procedural static analysis information that may allow more aggressive performance optimizations.

In order to be able to perform code transformations based on static analysis, the analysis must be sound. For other applications—including security analysis—soundy analyses might be sufficient (A soundy analysis uses sensible under-approximations to cope with certain language features such as C’s setjmp()/longjmp() that would otherwise degrade precision.). Hence, we will add a new option to PhASAR that allows to control the level of soundness.

New Release Plan

Today, we will release a minor update (1018) that includes various bug fixes, improved code quality, as well as some minor changes in the API (mostly renaming).

In addition, we will switch to a monthly release plan to avoid expensive, breaking changes and to keep our users up-to-date.

Upgrade Phasar to version 1.1

Next week we will release a major update that includes various bug fixes, faster compiles, heavy performance optimizations and novel features. To take just one small example, we were able to reduce the overall runtime of a complete analysis run on clang from several hours to several minutes.

Material for PLDI’18 tutorial now available

We have prepared the material for our tutorial givenĀ @PLDI 2018. If you participate in the tutorial, we kindly ask you to install Phasar on your machine before the tutorial, so we can get right into working with it from the start in order to maximize your learning experience. As many C++ projects Phasar does have a considerable compile time and we would like you to be productive from the very beginning and not to wait for the compiler to be done. Also some of our provided pre-packaged options for the tutorial are quite large, so we would like you to download and install your preferred option ahead of time.

There are three options to work with Phasar during the tutorial:
1. Using a VirtualBox VM
2. Using a Docker container
3. With a cloned copy of the source code

Please have a detailed look at phasar.org/tutorial and phasar.org/download.

We are looking forward to an interesting tutorial with you.

Phasar @PLDI 2018

We will present the Phasar framework at the PLDI 2018 conference held in Philadelphia, Pennsylvania, United States.

We have implemented Phasar, a novel static-analysis framework on top of LLVM. Phasar provides various solvers that allow the solving of arbitrary monotone data-flow problems (distributive or not) in a fully automated manner. A user just has to provide the specific description of the problem to solve.

Phasar’s solver supports a context and flow-sensitive analysis, which is notoriously hard to scale.
Also, the C and C++ programming languages make it especially hard to statically analyze. This is due to their deliberately unsafe type system, function pointers and in case of C++ virtual dispatch and other powerful language constructs.
We will explain how Phasar uses summaries, tabulation and a compositional analysis approach to nevertheless scale to actual applications with millions of lines of code.

We will give an introduction to the framework, explain its relationship to LLVM, its architecture, and give hands-on examples of how to implement useful example analyses with Phasar. For the examples we will focus on security applications.

Before the tutorial, we will release Phasar as a well documented open-source project on Github.