{"id":13629952,"url":"https://github.com/NASA-SW-VnV/ikos","last_synced_at":"2025-04-17T13:30:59.571Z","repository":{"id":37577037,"uuid":"107311216","full_name":"NASA-SW-VnV/ikos","owner":"NASA-SW-VnV","description":"Static analyzer for C/C++ based on the theory of Abstract Interpretation.","archived":false,"fork":false,"pushed_at":"2024-10-01T05:37:02.000Z","size":5246,"stargazers_count":2036,"open_issues_count":35,"forks_count":153,"subscribers_count":52,"default_branch":"master","last_synced_at":"2024-10-29T15:36:17.333Z","etag":null,"topics":["abstract-interpretation","program-analysis","software-verification","static-analysis"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/NASA-SW-VnV.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.pdf","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-10-17T18:55:29.000Z","updated_at":"2024-10-29T11:07:04.000Z","dependencies_parsed_at":"2023-02-19T09:46:40.966Z","dependency_job_id":"530ab165-10b4-4778-a56f-2be31ae7d0cd","html_url":"https://github.com/NASA-SW-VnV/ikos","commit_stats":null,"previous_names":[],"tags_count":14,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NASA-SW-VnV%2Fikos","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NASA-SW-VnV%2Fikos/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NASA-SW-VnV%2Fikos/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NASA-SW-VnV%2Fikos/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/NASA-SW-VnV","download_url":"https://codeload.github.com/NASA-SW-VnV/ikos/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223757073,"owners_count":17197490,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["abstract-interpretation","program-analysis","software-verification","static-analysis"],"created_at":"2024-08-01T22:01:25.261Z","updated_at":"2025-04-17T13:30:59.561Z","avatar_url":"https://github.com/NASA-SW-VnV.png","language":"C++","readme":"IKOS\n====\n\n[![License](https://img.shields.io/badge/license-NOSA%201.3-blue.svg)](LICENSE.pdf)\n[![Release](https://img.shields.io/badge/release-v3.5-orange.svg)](https://github.com/NASA-SW-VnV/ikos/releases/tag/v3.5)\n[![Linux Build](https://github.com/NASA-SW-VnV/ikos/actions/workflows/build-linux.yml/badge.svg)](https://github.com/NASA-SW-VnV/ikos/actions/workflows/build-linux.yml)\n[![MacOS Build](https://github.com/NASA-SW-VnV/ikos/actions/workflows/build-macos.yml/badge.svg)](https://github.com/NASA-SW-VnV/ikos/actions/workflows/build-macos.yml)\n\nIKOS (Inference Kernel for Open Static Analyzers) is a static analyzer for C/C++ based on the theory of Abstract Interpretation.\n\nIntroduction\n------------\n\nIKOS started as a C++ library designed to facilitate the development of sound static analyzers based on [Abstract Interpretation](https://www.di.ens.fr/~cousot/AI/IntroAbsInt.html). Specialization of a static analyzer for an application or family of applications is critical for achieving both precision and scalability. Developing such an analyzer is arduous and requires significant expertise in Abstract Interpretation.\n\nIKOS provides a generic and efficient implementation of state-of-the-art Abstract Interpretation data structures and algorithms, such as control-flow graphs, fixpoint iterators, numerical abstract domains, etc. IKOS is independent of a particular programming language.\n\nIKOS also provides a C and C++ static analyzer based on [LLVM](https://llvm.org). It implements scalable analyses for detecting and proving the absence of runtime errors in C and C++ programs.\n\nLicense\n-------\n\nIKOS has been released under the NASA Open Source Agreement version 1.3, see [LICENSE.pdf](LICENSE.pdf)\n\nContact\n-------\n\nikos@lists.nasa.gov\n\nRelease notes\n-------------\n\nSee [Releases](https://github.com/NASA-SW-VnV/ikos/releases).\n\nTroubleshooting\n---------------\n\nSee [TROUBLESHOOTING.md](TROUBLESHOOTING.md)\n\nInstallation\n------------\n\nTo install IKOS on **Linux** or **macOS**, we recommend to use **[Homebrew](https://brew.sh/)**.\n\nFirst, install **Homebrew** by following [these instructions](https://docs.brew.sh/Installation).\n\nThen, simply run:\n```\n$ brew install nasa-sw-vnv/core/ikos\n```\n\nFor Windows, consider using [Windows Subsystem for Linux](https://learn.microsoft.com/en-us/windows/wsl/install).\n\nHow to run IKOS\n---------------\n\nSuppose we want to analyze the following C program in a file, called *loop.c*:\n\n```c\n 1: #include \u003cstdio.h\u003e\n 2: int a[10];\n 3: int main(int argc, char *argv[]) {\n 4:     size_t i = 0;\n 5:     for (;i \u003c 10; i++) {\n 6:         a[i] = i;\n 7:     }\n 8:     a[i] = i;\n 9:     printf(\"%i\", a[i]);\n10: }\n```\n\nTo analyze this program with IKOS, simply run:\n\n```\n$ ikos loop.c\n```\n\nYou shall see the following output. IKOS reports two occurrences of buffer overflow at line 8 and 9.\n\n```\n[*] Compiling loop.c\n[*] Running ikos preprocessor\n[*] Running ikos analyzer\n[*] Translating LLVM bitcode to AR\n[*] Running liveness analysis\n[*] Running widening hint analysis\n[*] Running interprocedural value analysis\n[*] Analyzing entry point 'main'\n[*] Checking properties for entry point 'main'\n\n# Time stats:\nclang        : 0.037 sec\nikos-analyzer: 0.023 sec\nikos-pp      : 0.007 sec\n\n# Summary:\nTotal number of checks                : 7\nTotal number of unreachable checks    : 0\nTotal number of safe checks           : 5\nTotal number of definite unsafe checks: 2\nTotal number of warnings              : 0\n\nThe program is definitely UNSAFE\n\n# Results\nloop.c: In function 'main':\nloop.c:8:10: error: buffer overflow, trying to access index 10 of global variable 'a' of 10 elements\n    a[i] = i;\n         ^\nloop.c: In function 'main':\nloop.c:9:18: error: buffer overflow, trying to access index 10 of global variable 'a' of 10 elements\n    printf(\"%i\", a[i]);\n                 ^\n```\n\nThe `ikos` command takes a source file (`.c`, `.cpp`) or a LLVM bitcode file (`.bc`) as input, analyzes it to find runtime errors (also called undefined behaviors), creates a result database `output.db` in the current working directory and prints a report.\n\nIn the report, each line has one of the following status:\n\n* **safe**: the statement is proven safe;\n* **error**: the statement always results into an error (or is unreachable);\n* **unreachable**: the statement is never executed;\n* **warning** may mean three things:\n   1. the statement results into an error for some executions, or\n   2. the static analyzer did not have enough information to conclude (check dependent on an external input, for instance), or\n   3. the static analyzer was not powerful enough to prove the absence of errors;\n\nBy default, ikos shows warnings and errors directly in your terminal, like a compiler would do.\n\nIf the analysis report is too big, you shall use:\n* `ikos-report output.db` to examine the report in your terminal\n* `ikos-view output.db` to examine the report in a web interface\n\nFurther information:\n* [Analyze a whole project with ikos-scan](analyzer/README.md#analyze-a-whole-project-with-ikos-scan)\n* [Examine a report with ikos-view](analyzer/README.md#examine-a-report-with-ikos-view)\n* [Analysis Options](analyzer/README.md#analysis-options)\n  - [Checks](analyzer/README.md#checks)\n  - [Numerical abstract domains](analyzer/README.md#numerical-abstract-domains)\n  - [Entry points](analyzer/README.md#entry-points)\n  - [Multi-threading](analyzer/README.md#multi-threading)\n  - [Optimization level](analyzer/README.md#optimization-level)\n  - [Inter-procedural vs Intra-procedural](analyzer/README.md#inter-procedural-vs-intra-procedural)\n  - [Fixpoint engine parameters](analyzer/README.md#fixpoint-engine-parameters)\n  - [Partitioning](analyzer/README.md#partitioning)\n  - [Hardware addresses](analyzer/README.md#hardware-addresses)\n  - [Other analysis options](analyzer/README.md#other-analysis-options)\n* [Report Options](analyzer/README.md#report-options)\n  - [Format](analyzer/README.md#format)\n  - [File](analyzer/README.md#file)\n  - [Status Filter](analyzer/README.md#status-filter)\n  - [Analysis Filter](analyzer/README.md#analysis-filter)\n  - [Verbosity](analyzer/README.md#verbosity)\n  - [Other report options](analyzer/README.md#other-report-options)\n* [APRON Support](analyzer/README.md#apron-support)\n* [Analysis Assumptions](analyzer/README.md#analysis-assumptions)\n* [Analyze an embedded software requiring a cross-compiler](analyzer/README.md#analyze-an-embedded-software-requiring-a-cross-compiler)\n* [Model library functions to reduce warnings](analyzer/README.md#model-library-functions-to-reduce-warnings)\n\nBuild from source\n-----------------\n\nBelow are instructions to build IKOS from source.\nThis is only for advanced users that want to either package IKOS for an operating system or to experiment with the codebase. Otherwise, please follow the instructions [above](#installation).\n\n### Dependencies\n\nTo build and run the analyzer, you will need the following dependencies:\n\n* A C++ compiler that supports C++14 (gcc \u003e= 4.9.2 or clang \u003e= 3.4)\n* CMake \u003e= 3.4.3\n* GMP \u003e= 4.3.1\n* Boost \u003e= 1.55\n* Python \u003e= 3.3\n* SQLite \u003e= 3.6.20\n* TBB \u003e= 2\n* LLVM and Clang 14.0.x\n* (Optional) APRON \u003e= 0.9.10\n\nMost of them can be installed using your package manager.\n\nNote: If you build LLVM from source, you need to enable run-time type information (RTTI).\n\n### Build and Install\n\nNow that you have all the dependencies on your system, you can build and install IKOS.\n\nAs you open the IKOS distribution, you shall see the following directory structure:\n\n```\n.\n├── CMakeLists.txt\n├── LICENSE.pdf\n├── README.md\n├── RELEASE_NOTES.md\n├── TROUBLESHOOTING.md\n├── analyzer\n├── ar\n├── cmake\n├── core\n├── doc\n├── frontend\n├── script\n└── test\n```\n\nIKOS uses the CMake build system. You will need to specify an installation directory that will contain all the binaries, libraries and headers after installation. If you do not specify this directory, CMake will install everything under `install` in the root directory of the distribution. In the following steps, we will install IKOS under `/path/to/ikos-install-directory`.\n\nHere are the steps to build and install IKOS:\n\n```\n$ mkdir build\n$ cd build\n$ cmake -DCMAKE_INSTALL_PREFIX=/path/to/ikos-install-directory ..\n$ make\n$ make install\n```\n\nThen, add IKOS in your PATH (consider adding this in your .bashrc):\n\n```\n$ PATH=\"/path/to/ikos-install-directory/bin:$PATH\"\n```\n\n### Tests\n\nTo build and run the tests, simply type:\n\n```\n$ make check\n```\n\nContributors\n------------\n\nSee [CONTRIBUTORS.md](CONTRIBUTORS.md)\n\nPublications\n------------\n\n* Sung Kook Kim, Arnaud J. Venet, Aditya V. Thakur. **Deterministic Parallel Fixpoint Computation.** In _Principles of Programming Languages (POPL 2020)_, New Orleans, Louisiana ([PDF](https://arxiv.org/pdf/1909.05951.pdf)).\n\n* Guillaume Brat, Jorge Navas, Nija Shi and Arnaud Venet. **IKOS: a Framework for Static Analysis based on Abstract Interpretation.** In _Proceedings of the International Conference on Software Engineering and Formal Methods (SEFM 2014)_, Grenoble, France ([PDF](http://ti.arc.nasa.gov/publications/16610/download/)).\n\n* Arnaud Venet. **The Gauge Domain: Scalable Analysis of Linear Inequality Invariants.** In _Proceedings of Computer Aided Verification (CAV 2012)_, Berkeley, California, USA 2012. Lecture Notes in Computer Science, pages 139-154, volume 7358, Springer 2012 ([PDF](http://ti.arc.nasa.gov/publications/4767/download/)).\n\nCoding Standards\n----------------\n\nSee [doc/CODING_STANDARDS.md](doc/CODING_STANDARDS.md)\n\nOverview of the source code\n---------------------------\n\nSee [doc/OVERVIEW.md](doc/OVERVIEW.md)\n","funding_links":[],"categories":["Static Code Analysis","C++","排序","Secure Programming"],"sub_categories":["静态代码分析","SAST"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FNASA-SW-VnV%2Fikos","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FNASA-SW-VnV%2Fikos","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FNASA-SW-VnV%2Fikos/lists"}