• Stars
    star
    933
  • Rank 48,976 (Top 1.0 %)
  • Language
    C++
  • License
    Other
  • Created over 6 years ago
  • Updated 29 days ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A LLVM-based static analysis framework.

PhASAR logo

PhASAR a LLVM-based Static Analysis Framework

C++ Standard GitHub license

Version 0323

Secure Software Engineering Group

PhASAR is primarily developed and maintained by the Secure Software Engineering Group at Heinz Nixdorf Institute (University of Paderborn) and Fraunhofer IEM.

Lead developers of PhASAR are: Fabian Schiebel (@fabianbs96)([email protected]), Martin Mory (@MMory)([email protected]), Philipp Dominik Schubert (@pdschubert)([email protected]) and others.

Required version of the C++ standard

PhASAR requires C++-17.

However, building in C++20 mode is supported as an experimental feature. You may enable this by turning the cmake option PHASAR_EXPERIMENTAL_CXX20 on. Although phasar currently does not make use of C++20 features (except for some concepts behind an #ifdef border), your client application that just uses phasar as a library may want to use C++20 ealier.

Currently supported version of LLVM

PhASAR is currently set up to support LLVM-14.0.*

What is PhASAR?

PhASAR is a LLVM-based static analysis framework written in C++. It allows users to specify arbitrary data-flow problems which are then solved in a fully-automated manner on the specified LLVM IR target code. Computing points-to information, call-graph(s), etc. is done by the framework, thus you can focus on what matters.

Breaking Changes

To keep PhASAR in a state that it is well suited for state-of-the-art research in static analysis, as well as for productive use, we have to make breaking changes. Please refer to Breaking Changes for detailed information on what was broken recently and how to migrate.

How do I get started with PhASAR?

We have some documentation on PhASAR in our Wiki. You probably would like to read this README first.

Please also have a look on PhASAR's project directory and notice the project directory examples/ as well as the custom tool tools/example-tool/myphasartool.cpp.

Building PhASAR

It is recommended to compile PhASAR yourself in order to get the full C++ experience and to have full control over the build mode. However, you may also want to try out one of the pre-built versions of PhASAR or the Docker container.

As a shortcut for the very first PhASAR build on your system, you can use our bootstrap script. Please note that you must have python installed for the script to work properly.

./bootstrap.sh

Note: If you want to do changes within PhASAR, it is recommended to build it in Debug mode:

./bootstrap.sh -DCMAKE_BUILD_TYPE=Debug

The bootstrap script may ask for superuser permissions (to install the dependencies); however it is not recommended to start the whole script with sudo.

For subsequent builds, see Compiling PhASAR.

Please help us to improve PhASAR

You are using PhASAR and would like to help us in the future? Then please support us by filling out this web form.

By giving us feedback you help to decide in what direction PhASAR should stride in the future and give us clues about our user base. Thank you very much!

Installation

PhASAR can be installed using the installer scripts as explained in the following.

Installing PhASAR on an Ubuntu system

In the following, we would like to give an complete example of how to install PhASAR using an Ubuntu or Unix-like system.

Therefore, we provide an installation script. To install PhASAR, just navigate to the top-level directory of PhASAR and use the following command:

./bootstrap.sh --install

The bootstrap script may ask for superuser permissions.

Done!

Installing PhASAR a MacOS system

Due to unfortunate updates to MacOS and the handling of C++, especially on the newer M1 processors, we can't support native development on Mac. The easiest solution to develop PhASAR on a Mac right now is to use dockers development environments. Clone this repository as described in their documentation. Afterwards, you have to login once manually, as a root user by running docker exec -it -u root <container name> /bin/bash to complete the rest of the install process as described in this readme (install submodules, run bootstrap.sh, ...). Now you can just attach your docker container to VS Code or any other IDE, which supports remote development.

Compiling PhASAR (if not already done using the installation scripts)

Set the system's variables for the C and C++ compiler to clang:

export CC=/usr/local/bin/clang
export CXX=/usr/local/bin/clang++

You may need to adjust the paths according to your system. When you cloned PhASAR from Github you need to initialize PhASAR's submodules before building it:

git submodule update --init

If you downloaded PhASAR as a compressed release (e.g. .zip or .tar.gz) you can use the init-submodules-release.sh script that manually clones the required submodules:

utils/init-submodules-release.sh

Navigate into the PhASAR directory. The following commands will do the job and compile the PhASAR framework:

mkdir build
cd build/
cmake -G Ninja -DCMAKE_BUILD_TYPE=Release ..
ninja -j $(nproc) # or use a different number of cores to compile it
sudo ninja install # only if you wish to install PhASAR system wide

When you have used the bootstrap.sh script to install PhASAR, the above steps are already done. Use them as a reference if you wish to modify PhASAR and recompile it.

After compilation using cmake the following two binaries can be found in the build/tools directory:

  • phasar-cli - the PhASAR command-line tool (previously called phasar-llvm) that provides access to analyses that are already implemented within PhASAR. Use this if you don't want to build an own tool on top of PhASAR.
  • myphasartool - an example tool that shows how tools can be build on top of PhASAR

Use the command:

$ ./phasar-cli --help

in order to display the manual and help message.

Please be careful and check if errors occur during the compilation.

When using CMake to compile PhASAR the following optional parameters can be used:

Parameter : Type Effect
BUILD_SHARED_LIBS : BOOL Build shared libraries -- Not recommended anymore. You may want to use PHASAR_BUILD_DYNLIB instead (default is OFF)
PHASAR_BUILD_DYNLIB : BOOL Build one fat shared library (default is OFF)
CMAKE_BUILD_TYPE : STRING Build PhASAR in 'Debug', 'RelWithDebInfo' or 'Release' mode (default is 'Debug')
CMAKE_INSTALL_PREFIX : PATH Path where PhASAR will be installed if "ninja install” is invoked or the “install” target is built (default is /usr/local/phasar)
PHASAR_CUSTOM_CONFIG_INSTALL_DIR : PATH If set, customizes the directory, where configuration files for PhASAR are installed (default is /usr/local/.phasar-config)
PHASAR_ENABLE_DYNAMIC_LOG : BOOL Makes it possible to switch the logger on and off at runtime (default is ON)
PHASAR_BUILD_DOC : BOOL Build PhASAR documentation (default is OFF)
PHASAR_BUILD_UNITTESTS : BOOL Build PhASAR unit tests (default is ON)
PHASAR_BUILD_IR : BOOL Build PhASAR IR (required for running the unit tests) (default is ON)
PHASAR_BUILD_OPENSSL_TS_UNITTESTS : BOOL Build PhASAR unit tests that require OpenSSL (default is OFF)
PHASAR_ENABLE_PAMM : STRING Enable the performance measurement mechanism ('Off', 'Core' or 'Full', default is Off)
PHASAR_ENABLE_PIC : BOOL Build Position-Independed Code (default is ON)
PHASAR_ENABLE_WARNINGS : BOOL Enable compiler warnings (default is ON)
PHASAR_EXPERIMENTAL_CXX20 : BOOL Build phasar in C++20 mode. This is an experimental feature (default is OFF)

You can use these parameters either directly or modify the installer-script bootstrap.sh

A remark on compile time

C++'s long compile times are always a pain. As shown in the above, when using cmake the compilation can easily be run in parallel, resulting in shorter compilation times. Make use of it!

Running a test solver

To test if everything works as expected please run the following command:

$ phasar-cli -m test/llvm_test_code/basic/module_cpp.ll -D ifds-solvertest

If you obtain output other than a segmentation fault or an exception terminating the program abnormally everything works as expected.

How to use PhASAR?

We recomment using phasar as a library with cmake.

If you already have installed phasar, Use-PhASAR-as-a-library may be a good start.

Otherwise, we recommend adding PhASAR as a git submodule to your repository. In this case, just add_subdirectory the phasar submodule directory and add phasar's include folder to your include_directories within your CMakeLists.txt.

Assuming you have checked out phasar in external/phasar, the phasar-related cmake commands may look like this:

set(PHASAR_BUILD_UNITTESTS OFF)              # -- Don't build PhASAR's unittests with *your* tool
set(PHASAR_BUILD_IR OFF)                     # --
add_subdirectory(external/phasar)            # Build phasar with your tool
include_directories(external/phasar/include) # To find PhASAR's headers
link_libraries(nlohmann_json::nlohmann:json) # To find the json headers

...

target_link_libraries(yourphasartool
    ...
    phasar # Make your tool link against phasar
)

Depending on your use of PhASAR you also may need to add LLVM to your build.

For more information please consult our PhASAR wiki pages.

Installing PhASAR's Git pre-commit hook

You are very much welcome to contribute to the PhASAR project. Please make sure that you install our pre-commit hook that ensures your commit adheres to the most important coding rules of the PhASAR project. For more details please consult Coding Conventions and Contributing to PhASAR.

To install the pre-commit hook, please run the following commands in PhASAR's root directory:

pip install pre-commit
pre-commit install

Thanks. And have fun with the project.

More Repositories

1

FlowDroid

FlowDroid Static Data Flow Tracker
Java
1,053
star
2

DroidBench

A micro-benchmark suite to assess the stability of taint-analysis tools for Android
Java
268
star
3

SuSi

SuSi - our tool to automatically discover sources and sinks in the Android framework
Java
143
star
4

tamiflex

TamiFlex facilitates static analysis of programs that use reflection and custom class loaders
Java
42
star
5

PointerBench

A points-to and alias analysis benchmark suite
Java
35
star
6

COVA

COVA - A static analysis tool to compute path conditions
Python
32
star
7

TypeEvalPy

A Micro-benchmarking Framework for Python Type Inference Tools
Python
27
star
8

boomerang

Boomerang is a on-demand context and flow-sensitive pointer analysis for Java.
Java
23
star
9

swan

Security methods for WeAkNess detection
Java
19
star
10

sootdiff

SootDiff - Bytecode Comparison Across Different Java Compilers
Java
19
star
11

DroidForce

DroidForce Project Repository. See our ARES'2014 paper for the details on DroidForce.
Java
18
star
12

SootFX

A Static Code Feature Extraction Tool for Java and Android
Java
18
star
13

secucheck

Soot-based taint analysis with internal Java fluent interface for security specifications in fluentTQL implemented with MagpieBridge to support multiple IDEs.
Java
16
star
14

authcheck

Analysis for access-control vulnerabilities in Java Spring Security applications.
JavaScript
14
star
15

SPLlift

Java
14
star
16

Jimple-Interpreter

Soot based Jimple interpreter
Java
14
star
17

HeaderGen

HeaderGen annotates Jupyter notebooks using static analysis. Improves PyCG's call graph analysis by supporting external libraries and flow-sensitivity.
Jupyter Notebook
13
star
18

SPDS-experiments

Java
11
star
19

secucheck-core

Taint Analysis on top of Soot.
Java
10
star
20

ideal

IDE/AL - Alias-Aware Framework for Interprocedural Dataflow Analysis
Java
10
star
21

android-instrumentation-tutorial

Logos
10
star
22

denial-of-app-attack

Denial-Of-App Attack
Java
8
star
23

cheetah

Eclipse plugin for a JIT taint analysis
Java
8
star
24

opcua-scanner

An opcua client scanning for servers in a network
Java
8
star
25

rose

Research Tool for Online Social Environments
JavaScript
7
star
26

upcy

UpCy automatically finds compatible updates for Maven dependencies.
Java
7
star
27

achilles-benchmark-depscanners

Achilles - Benchmark for assessing OSS-Vulnerability Scanners 59
Java
7
star
28

PathExpression

An implementation of Tarjan's PathExpression algorithm
Java
4
star
29

SparseBoomerang

Sparse Demand-Driven Pointer Analysis
Java
4
star
30

jadx-taintdoc

Jadx extended to ease documentation of taint flows
Java
4
star
31

neck

C++
3
star
32

spring-petclinic-kotlin

Vulnerable version of the Spring PetClinic application in Kotlin
Kotlin
2
star
33

cards

Component-based Assumptions and Restrictions for Dataflow Specifications
Java
1
star
34

FlowStar

Common base project for taint analyses such as FlowDroid et al.
1
star
35

modguard

Java
1
star
36

soot-infoflow-testgenerator

Test case generator for FlowDroid
1
star
37

tamiflex.benchmarks

Automatically exported from code.google.com/p/tamiflex.benchmarks
Diff
1
star
38

TS4J

A fluent interface for defining and computing typestate analyses
Java
1
star
39

crimestop

1
star
40

visuflow

VisuFlow - An Eclipse plugin that helps static code developers in writing static analyses on top of Soot.
Java
1
star
41

ivy

JavaScript
1
star
42

CogniCrypt-IntelliJ

Static Code Analysis for Crypto-API misuse detection. IDE Plugin for IntelliJ and Android Studio
Java
1
star
43

SparseIDE

Sparse IDE/IFDS solver and client implementation
1
star
44

paper-idesolverxx

Supplementary website for the paper "Scaling Interprocedural Static Data-Flow Analysis to Large C/C++ Applications"
HTML
1
star