FAQ

• How to use PhASAR with SVF?: To enable alias information from SVF, you need to set the CMake variable PHASAR_USE_SVF to ON and make sure that CMake finds your SVF installation, i.e., if you did not install SVF system-wide you may need to set the CMake variable SVF_ROOT to where you have installed SVF.
  To use SVF's alias information from within PhASAR, you may checkout the SVFPointsToSet or use the corresponding AliasAnalysisType in the LLVMAliasSet.
  CAUTION: If you have multiple LLVM versions installed, please make sure that PhASAR and SVF are linking to the same LLVM version; otherwise the analysis will likely crash! Since SVF does not fix the LLVM version, you may need to pass the CMake variable LLVM_DIR when compiling SVF.
• My Analysis is running slow: There can be multiple reasons for long running times. One common reason is imprecise alias information; oftentimes it helps to filter alias sets. The FilteredLLVMAliasSet class may help there. If you use the IFDSSolver or the IDESolver (or the functions solveIFDSProblem() or solveIDEProblem()), you may want to try out the IterativeIDESolver, which implements various performance optimizations; it has the same interface as the IDESolver and can mostly be used as drop-in replacement. Alternatively, you may consider using SparseIFDS/SparseIDE by using, e.g., the SparseLLVMBasedICFGView, which wraps a pointer to LLVMBasedICFG. This way, the analysis will not compute results for all facts at all instructions, where the fact is live; it will only compute results at instructions, where the facts are actually being used.
• How to use PhASAR for Taint Analysis?: PhASAR already contains some prototype implementations of taint analysis: The IFDSTaintAnalysis (header, source) and the field-sensitive IDEExtendedTaintAnalysis (header, source); you may look here for inspiration. Apart from that, the IFDS/IDE algorithms are a natural good fit for taint analysis, so you may want to read Writing an IFDS analysis and Writing an IDE analysis. To configure a (generic) taint analysis with actual sources, sinks, and sanitizers, PhASAR provides the LLVMTaintConfig class that can read JSON configs (for an example, you may look here: double-free-config.json; Schema) and accepts callbacks.
• How to run PhASAR?: PhASAR provides a command-line tool phasar-cli that can be used to run any of the analyses that PhASAR provides. You may look here for more information.
  NOTE: The concrete analyses provided within PhASAR are mostly proof-of-concept implementations that are still in prototype stage. We highly encourage you to write your own analyses by making use of PhASAR's infrastructure.