Ship Your Analyses Using Docker

PhASAR can now be shipped using Docker.

To build your own Docker container use $ docker build -t phasar:latest in PhASAR’s root directory. You can also pull a pre-built image. We are currently implementing an automated pipeline that updates the pre-built container with each new commit made to the code base. Test your container using $ docker run phasar --help. For more information please refer to our Wiki on Github https://github.com/secure-software-engineering/phasar/wiki/Using-PhASAR-with-Docker.

Support for LLVM 9.0.0

PhASAR now supports LLVM 9. Checkout our development branch on Github (https://github.com/secure-software-engineering/phasar/tree/development). Moving from LLVM 8 to LLVM 9 did not break any of PhASAR’s code. We only needed to make a small adjustment to the top-level CMakeLists.txt. Therefore, LLVM 8 is still supported and can be used without trouble: users need to adjust the find_package(LLVM [...] line of the top-level CMakeLists.txt. Have fun hacking on PhASAR!

You Can’t Fight What You Can’t See: Emitting Reports

The next PhASAR release will come along, among others, with an improved textual reporter concept that simplifies and unifies the generation of text reports across all analyses/solvers. We are sure that this is highly important to be able to provide meaningful results to users of PhASAR who are not experts in the field, but just wish to use one of the existing static analysis.

In addition, we are currently working on a feature to generate graphical reports as well. We are able to reuse large parts of the Clang Static Analyzer infrastructure which allows us, for instance, to map our LLVM IR based analysis results back to the original C/C++ source code and display them in form of a html report in a web browser. Of course, we will provide example usages for some of our interesting built-in analyses.

Support for LLVM 8.0.0

We are currently working on support for LLVM 8. Luckily, moving to LLVM 8 does not seem to break too many things in PhASAR. We fixed all breaking changes in the llvm-8.0.0 branch on Github (https://github.com/secure-software-engineering/phasar/tree/llvm-8.0.0). One of the changes made to LLVM 8 worth mentioning is the removal of the terminator instruction class llvm::TerminatorInst. Instead of using llvm::dyn_cast or llvm::isa, one has to use bool llvm::Instruction::isTerminator() const in order to check for terminator instructions. After being able to successfully compile and link PhASAR against LLVM 8, we are now checking the semantically correctness of the analysis framework in combination with LLVM 8. The llvm-8.0.0 branch will be promptly merged into development after having assessed the semantically correctness.

Using PhASAR as a LLVM full-LTO pass

Due to the many friendly emails that we received, it came to our attention that people do not only wish to use PhASAR as a standalone static analysis tool for general purpose and security data-flow analysis, but also wish to build performance optimizations based on PhASAR’s inter-procedural static analysis results.

For this reason, we are currently building a full-LTO pass that wraps PhASAR’s functionalities into an ordinary LLVM pass. Thus, we allow a tighter coupling between LLVM and PhASAR; other LLVM optimization passes will be able to directly access PhASAR inter-procedural static analysis information that may allow more aggressive performance optimizations.

In order to be able to perform code transformations based on static analysis, the analysis must be sound. For other applications—including security analysis—soundy analyses might be sufficient (A soundy analysis uses sensible under-approximations to cope with certain language features such as C’s setjmp()/longjmp() that would otherwise degrade precision.). Hence, we will add a new option to PhASAR that allows to control the level of soundness.

New Release Plan

Today, we will release a minor update (1018) that includes various bug fixes, improved code quality, as well as some minor changes in the API (mostly renaming).

In addition, we will switch to a monthly release plan to avoid expensive, breaking changes and to keep our users up-to-date.

Upgrade Phasar to version 1.1

Next week we will release a major update that includes various bug fixes, faster compiles, heavy performance optimizations and novel features. To take just one small example, we were able to reduce the overall runtime of a complete analysis run on clang from several hours to several minutes.

Material for PLDI’18 tutorial now available

We have prepared the material for our tutorial givenĀ @PLDI 2018. If you participate in the tutorial, we kindly ask you to install Phasar on your machine before the tutorial, so we can get right into working with it from the start in order to maximize your learning experience. As many C++ projects Phasar does have a considerable compile time and we would like you to be productive from the very beginning and not to wait for the compiler to be done. Also some of our provided pre-packaged options for the tutorial are quite large, so we would like you to download and install your preferred option ahead of time.

There are three options to work with Phasar during the tutorial:
1. Using a VirtualBox VM
2. Using a Docker container
3. With a cloned copy of the source code

Please have a detailed look at phasar.org/tutorial and phasar.org/download.

We are looking forward to an interesting tutorial with you.