PhASAR is a LLVM-based static analysis framework written in C++. It allows users to specify arbitrary data-flow problems which are then solved in a fully-automated manner on the specified LLVM IR target code. Computing points-to information, call-graph(s), etc. is done by the framework, thus you can focus on what matters.

You can find available literature on PhASAR here.

• IFDS/IDE solver: Interprocedural data-flow solvers based on the IFDS/IDE algorithm
• WPDS solver (experimental): Data-flow solver based on weighted pushdown systems. Can solve any IFDS/IDE problem
• Sparse analysis: SparseIFDS/SparseIDE/SparseWPDS for improved performance
• Call-graph construction: Several algorithms (CHA, RTA, VTA, alias-based)
• Type-hierarchy construction: Extract high-level C++ type information from LLVM IR
• Points-to/alias infrastructure: High-performance alias analyses for LLVM IR. Integration with state-of-the-art alias/points-to information from SVF supported
• Interprocedural CFG (ICFG): Connecting control-flow with call-graph information
• Path-tracking: Improve results-reporting by reconstruct concrete data-flow paths from IFDS/IDE results
• Monotone solver: Simple intra-procedural analysis engine, based on Monotone Frameworks
• Taint analysis: Infrastructure for taint-configuration & IFDS/IDE-based taint analysis
• Modern C++20 API: Modular, easy-to use interfaces, also for non C++ experts

We have some documentation on PhASAR in our Wiki. You probably would like to read this README first.

Please also have a look at PhASAR's project directory, in particular the examples directory and the custom tool tools/example-tool/myphasartool.cpp.

You can find PhASAR's API reference here.

PhASAR requires at least C++20.

PhASAR supports C++20 modules as an experimental feature.

PhASAR supports LLVM versions between LLVM-16 and LLVM-22.1, using LLVM-16 by default. We actively test PhASAR with LLVM-16 and LLVM-22.1, so if something does not work, try these versions instead. Specify the PHASAR_LLVM_VERSION cmake variable to change the LLVM version to use.

To keep PhASAR in a state that is well suited for state-of-the-art research in static analysis, as well as for productive use, we have to make breaking changes. Please refer to Breaking Changes for detailed information on what was broken recently and how to migrate.

Please refer to BUILD.md for instructions on how to build PhASAR.

The following example shows how to use PhASAR's core concepts of IFDS/IDE analysis, alias analysis, type-hierarchy, call-graph, and taint analysis:

#include "phasar.h"

// Load the target LLVM IR
auto IRDB = psr::LLVMProjectIRDB::loadOrExit("target.ll");

// Build alias information, a type-hierarchy, and a taint configuration
// (sources/sinks can come from IR annotations, a JSON file, or callbacks)
psr::LLVMAliasSet AS(&IRDB);
psr::DIBasedTypeHierarchy TH(IRDB);
psr::LLVMTaintConfig TC(IRDB);

// Build the interprocedural CFG using VTA call-graph construction
psr::LLVMBasedICFG ICFG(&IRDB, psr::CallGraphAnalysisType::VTA,
                         {"main"}, &TH, &AS);

// Instantiate and solve the taint analysis
psr::IFDSTaintAnalysis Problem(&IRDB, &AS, &TC, {"main"});
psr::solveIFDSProblem(Problem, ICFG);

// Inspect detected leaks
for (const auto &[Inst, Facts] : Problem.Leaks) {
  llvm::outs() << "Leak at: " << psr::llvmIRToString(Inst) << '\n';
}

For more examples, including how to write a custom analysis, see examples/how-to/.

We recommend using PhASAR as a library with cmake, using FetchContent or as git submodule.

Assuming you have checked out phasar in external/phasar, the phasar-related cmake commands may look like this:

add_subdirectory(external/phasar EXCLUDE_FROM_ALL)            # Build phasar with your tool

...

target_link_libraries(yourphasartool
    ...
    phasar # Make your tool link against phasar
)

Depending on your use of PhASAR you also may need to add LLVM to your build.

For more information please consult our PhASAR wiki pages.

If you have PhASAR installed, Use-PhASAR-as-a-library may be a good start.

To export the recipe and dependencies, execute from the repo root:

• conan export utils/conan/llvm-core/ --version 15.0.7 --user secure-software-engineering
• conan export utils/conan/clang/ --version 15.0.7 --user secure-software-engineering
• conan export .
• View exported: conan list "phasar/*"
• Consume the package

If you just want to use phasar-cli:

• conan install --tool-requires phasar/... --build=missing -of .
• source conanbuild.sh
• phasar-cli --help

You are very welcome to contribute to the PhASAR project. Just raise an issue or a pull request on GitHub.

For details see Contributing to PhASAR and Coding Conventions.

PhASAR is primarily developed and maintained by the Secure Software Engineering Group at Heinz Nixdorf Institute (University of Paderborn) and Fraunhofer IEM.

PhASAR was initially developed by Philipp Dominik Schubert (@pdschubert)(philipp.schubert@upb.de).

Currently, PhASAR is maintained by

• Fabian Schiebel (@fabianbs96)(fabian.schiebel@uni-paderborn.de)
• Sriteja Kummita (@sritejakv)
• Lucas Briese (@jusito)
• Martin Mory (@MMory)(martin.mory@upb.de)
• others