Building Software Security Analysis Repo from scratch - SVF-tools/Software-Security-Analysis GitHub Wiki

These are instructions for building LLVM, SVF, and the assignments (Software-Security-Analysis) from scratch. This is useful if you like to work with your own editor or terminal or have trouble with Docker, the image, or VSCode (M1 Macs currently do). If you encounter some problem, please check this document Trouble-Shooting-for-IDE.

0 - Pre-requisites

These instructions are for UNIX systems like Linux or macOS. Windows Subsystem for Linux might do as well.

1 - Install Packages

Ubuntu/Debian

Install CMake through your package manager. Some possibilities (these commands may require use of sudo):

• Debian and Ubuntu based systems

$ sudo apt-get update
$ sudo apt-get install -y cmake git gcc g++ libtinfo-dev libzstd-dev libz-dev zip unzip wget curl xz-utils

MacOS

• macOS using Homebrew. If you haven't installed Homebrew, run the following command in your terminal.

$ /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

If Homebrew is installed, run the following commands in your terminal (cmake version >=3.23 is required).

$ brew install cmake git wget xz

2 - Build SVF

This part is applicable to both Ubuntu/Debian and MacOS. Grab the SVF sources.

git clone https://github.com/SVF-tools/SVF.git
cd SVF

Build. This should take a few minutes. The default build creates Release-build and downloads/builds the matching LLVM and Z3 dependencies under the SVF directory.

bash build.sh

The current SVF build uses LLVM 21.1.0; after a successful build you should have these directories:

SVF/Release-build
SVF/llvm-21.1.0.obj
SVF/z3.obj

If you want a debug SVF build as well, run bash build.sh debug instead and configure Software-Security-Analysis with -DCMAKE_BUILD_TYPE=Debug.

Finally, move up one level.

cd ..

3 - Build Software-Security-Analysis

This part is applicable to both Ubuntu/Debian and MacOS. Grab the Software-Security-Analysis sources.

git clone https://github.com/SVF-tools/Software-Security-Analysis
cd Software-Security-Analysis

Set SVF_DIR (the SVF source code directory you just built SVF), LLVM_DIR and Z3_DIR environmental variables so that you can build Software-Security-Analysis using SVF, LLVM and Z3 as libraries. Type the following:

source env.sh

If success, you may see the output in the terminal like this:

SVF_DIR=/your_path_to_SVF
LLVM_DIR=/your_path_to_SVF/llvm-21.1.0.obj
Z3_DIR=/your_path_to_SVF/z3.obj

The SVF_DIR, LLVM_DIR, and Z3_DIR are the paths to the SVF source code, LLVM, and Z3 respectively.

If SVF is not in the sibling directory ../SVF, either edit env.sh or pass the paths directly to CMake with -DSVF_DIR=... -DLLVM_DIR=... -DZ3_DIR=....

Configure. Use an out-of-source build directory so generated files do not pollute the repository checkout.

cmake -S . -B build -DCMAKE_BUILD_TYPE=Release

Build. (-j8 utilize multi-cores on your machine)

cmake --build build -j8

Congratulations! All built.

4 - Running and debugging your assignments

This part is applicable to both Ubuntu/Debian and MacOS. Grab the SVF sources.

If you take a peek in the build/bin directory, you can see your assignments, the hello world program, and the svfir program. To run the hello world program for example, you can

build/bin/hello

With your favourite text editor, you can modify the sources in directories like Assignment-1 or HelloWorld, run cmake --build build -j8 again from the Software-Security-Analysis directory, and then rerun your programs.

To debug an executable in the command line, simply run your assignment with a debugger (like LLDB or GDB). If you want to use VSCode, just skip this:

lldb build/bin/hello

See the following table for running and debugging other executables in Labs and Assignments:

Lab/Assignment	"program"	"args"
Lab-Exercise-1	"${workspaceFolder}/build/bin/lab1"	"test1"
Lab-Exercise-2	"${workspaceFolder}/build/bin/lab2"	"test1"
Lab-Exercise-3	"${workspaceFolder}/build/bin/lab3"	"test1"
Assignment-1	"${workspaceFolder}/build/bin/ass1"	"-icfg", "Assignment-1/Tests/testcases/icfg/test1.ll" "-pta", "Assignment-1/Tests/testcases/pta/test1.ll" "-taint", "Assignment-1/Tests/testcases/taint/test1.ll"
Assignment-2	"${workspaceFolder}/build/bin/ass2"	"Assignment-2/Tests/testcases/sse/test1.ll"
Assignment-3	"${workspaceFolder}/build/bin/ass3"	"Assignment-3/Tests/ae/test1.ll"

Some resources on LLDB:

• Tutorial
• A simpler tutorial
• LLDB for GDB users (useful reference even for those new to either)

5. - Run with VSCode

VSCode is a source-code editor. This part is applicable to both Ubuntu/Debian and MacOS. Grab the SVF sources.

Install VSCode

• Visual Studio Code is a source-code editor. It can be installed by downloading it from the official website https://code.visualstudio.com/.

Install VSCode Plugins C/C++ and CodeLLDB

• Install the necessary extensions for C/C++ development in VSCode, like the Microsoft C/C++ extension for IntelliSense, debugging, and code browsing.

6. Setup VSCode CMake build

   Guide on how to set up the CMake build system within VSCode, including configuring tasks and launch JSON files for building and debugging.

   • First, open the project under the project folder Software-Security-Analysis.
   • Then, open the file .vscode/tasks.json and add the following content.

The following is the default content.

{
  "tasks": [
    {
      "label": "C/C++: cpp build active file",
      "type": "shell",
      // We assume that SVF is installed under the same folder as Software-Security-Analysis 
      // You need to change LLVM_DIR, SVF_DIR and Z3_DIR to the correct paths if you installed SVF in a different location.
      "command": "cmake -S . -B build -DCMAKE_BUILD_TYPE=Release -DSVF_DIR=../SVF -DLLVM_DIR=../SVF/llvm-21.1.0.obj -DZ3_DIR=../SVF/z3.obj && cmake --build build -j8",
      "options": {
        "cwd": "${workspaceFolder}"
      },
      "group": {
        "kind": "build",
        "isDefault": true
      },
      "detail": "Task generated by Debugger."
    }
  ],
  "version": "2.0.0"
}

Use the following for launch.json for running and debugging

{
  "version": "0.2.0",
  "configurations": [
    {
      "name": "(debug) Launch C++",
      "type": "cppdbg",
      "request": "launch",
      // Please change to the executable of your current lab or assignment
      // |  Lab/Assignment  | "program"                          | "args"  |
      // |  Lab-Exercise-1  | "${workspaceFolder}/build/bin/lab1"      | "test1" |
      // |  Lab-Exercise-2  | "${workspaceFolder}/build/bin/lab2"      | "test1" |
      // |  Lab-Exercise-3  | "${workspaceFolder}/build/bin/lab3"      | "test1" |
      // |  Assignment-1    | "${workspaceFolder}/build/bin/ass1"      | "-icfg", "Assignment-1/Tests/testcases/icfg/test1.ll" |
      // |  Assignment-2    | "${workspaceFolder}/build/bin/ass2"      | "Assignment-2/Tests/testcases/sse/test1.ll" |
      // |  Assignment-3    | "${workspaceFolder}/build/bin/ass3"      | "Assignment-3/Tests/ae/test1.ll" |
      "program": "${workspaceFolder}/build/bin/hello",
      "args": [], // may input the test llvm bc file or other options and flags the program may use
      "cwd": "${workspaceFolder}",
      "preLaunchTask": "C/C++: cpp build active file",
      "MIMode": "lldb"  // change to "gdb" if you are using non-MacOS system
    }
  ]
}

Then Click Run And Debug and click the triangle button to start the build process.

If success you can see the following output from the DEBUG CONSOLE.

6. Troubleshooting and known problems when configuring your IDE

https://github.com/SVF-tools/Software-Security-Analysis/wiki/Trouble-Shooting-for-IDE