Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dynamic buffers via SMT lists #500

Open
wants to merge 36 commits into
base: master
Choose a base branch
from
Open

Dynamic buffers via SMT lists #500

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
36 commits
Select commit Hold shift + click to select a range
7d6db3c
dynamic buffers WIP
MrChico Aug 12, 2020
a0ffadb
using smt lists instead!
MrChico Aug 16, 2020
c91ad37
WIP
MrChico Aug 18, 2020
9053505
more WIP
MrChico Aug 19, 2020
2776c03
wip dynbuffer
MrChico Aug 20, 2020
120376c
more wip
MrChico Aug 20, 2020
b1b9d43
optimize as many static cases as possible
MrChico Aug 25, 2020
3a36f12
things are getting better
MrChico Aug 26, 2020
029a003
correcter
MrChico Aug 26, 2020
8d91c14
callsemantics are back; more accurate SSTORE accounting; almost all
MrChico Aug 27, 2020
d84f4cf
all tests passing, things seem pretty good
MrChico Aug 27, 2020
6c37844
tests passing
MrChico Aug 27, 2020
0bd6a32
bump origstorage
MrChico Aug 27, 2020
3f8ed9c
generalize EXP to admit symbolic args
MrChico Aug 31, 2020
86a771f
clean up of test.hs, refactor EVM.Fetch.oracle
MrChico Sep 1, 2020
d5b070f
fix
MrChico Sep 2, 2020
1ed0233
dynamic bytes testcase
MrChico Sep 2, 2020
d16bc07
fix readsWord
MrChico Sep 2, 2020
561d771
assumptions to improve smt performance
MrChico Sep 4, 2020
3f93f09
optimize concrete case
MrChico Sep 4, 2020
c1376dc
simplifications and more testing
MrChico Sep 6, 2020
1149e7e
update sbv
MrChico Sep 7, 2020
b4178a0
run only z3 tests for now
MrChico Sep 7, 2020
97ac686
allow calldata to be either a buffer or pseudodynamic (old approach)
MrChico Sep 8, 2020
0884f9c
put dynamic buffer test in dapp-test instead of hevm
MrChico Sep 9, 2020
f59a912
fix rebase fuckups
MrChico Sep 14, 2020
90fb4f7
don't change which tests are run
MrChico Sep 14, 2020
35e8d51
fix concrete RETURNDATA
MrChico Sep 15, 2020
c124771
simplify refunds
MrChico Sep 15, 2020
b41dd3e
fix SSTORE accounting
MrChico Sep 15, 2020
174f487
fix memory access accounting in concrete case
MrChico Sep 15, 2020
248e232
fix calldataload
MrChico Sep 15, 2020
5472d0b
turn on z3 dynamic tests
MrChico Sep 16, 2020
39f4524
sketch of a new structure
MrChico Oct 14, 2020
6a88b66
sketches of spain
MrChico Oct 27, 2020
42c48a6
wip
MrChico Jan 12, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion haskell.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ in self-hs: super-hs:

sbv_prepatch = pkgs.haskell.lib.dontCheck (self-hs.callCabal2nix "sbv" (builtins.fetchGit {
url = "https://github.com/LeventErkok/sbv/";
rev = "91637c043d206530bc64d7eac88d2f80e8db0b85";
rev = "fe5f5aff026307a1582cc7eafbbabd26796ef434";
}) {inherit (pkgs) z3;});

in {
Expand Down
2 changes: 1 addition & 1 deletion nix/hevm-tests/default.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,6 @@ in
yulEquivalence-cvc4 = runWithSolver ./yul-equivalence.nix "cvc4";

# z3 takes 3hrs to run these tests on a fast machine, and even then ~180 timeout
#smtChecker-z3 = runWithSolver ./smt-checker.nix "z3";
smtChecker-z3 = runWithSolver ./smt-checker.nix "z3";
smtChecker-cvc4 = runWithSolver ./smt-checker.nix "cvc4";
}
103 changes: 79 additions & 24 deletions nix/hevm-tests/smt-checker.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,35 @@ let
"types/array_dynamic_3_fail.sol"
];

z3Timeout = [
"operators/compound_assignment_division_1.sol"
"operators/compound_assignment_division_2.sol"
"operators/delete_array_index_2d.sol"
];

dynamic = [
# OpCalldatacopy
"loops/for_loop_array_assignment_memory_memory.sol"
"loops/for_loop_array_assignment_memory_storage.sol"
"loops/while_loop_array_assignment_memory_memory.sol"
"loops/while_loop_array_assignment_memory_storage.sol"
"types/address_call.sol"
"types/address_delegatecall.sol"
"types/address_staticcall.sol"
"types/array_aliasing_storage_2.sol"
"types/array_aliasing_storage_3.sol"
"types/array_aliasing_storage_5.sol"
"types/array_branch_1d.sol"
"types/array_branches_1d.sol"
"types/array_dynamic_parameter_1.sol"
"types/array_dynamic_parameter_1_fail.sol"
"types/bytes_1.sol"
"types/bytes_2.sol"
"types/bytes_2_fail.sol"
"types/mapping_unsupported_key_type_1.sol"
"types/function_type_array_as_reference_type.sol"
];

ignored = [

# --- constructor arguments ---
Expand Down Expand Up @@ -115,26 +144,26 @@ let
# OpJump
"complex/slither/external_function.sol"

# OpCalldatacopy
"loops/for_loop_array_assignment_memory_memory.sol"
"loops/for_loop_array_assignment_memory_storage.sol"
"loops/while_loop_array_assignment_memory_memory.sol"
"loops/while_loop_array_assignment_memory_storage.sol"
"types/address_call.sol"
"types/address_delegatecall.sol"
"types/address_staticcall.sol"
"types/array_aliasing_storage_2.sol"
"types/array_aliasing_storage_3.sol"
"types/array_aliasing_storage_5.sol"
"types/array_branch_1d.sol"
"types/array_branches_1d.sol"
"types/array_dynamic_parameter_1.sol"
"types/array_dynamic_parameter_1_fail.sol"
"types/bytes_1.sol"
"types/bytes_2.sol"
"types/bytes_2_fail.sol"
"types/mapping_unsupported_key_type_1.sol"
"types/function_type_array_as_reference_type.sol"
# # OpCalldatacopy
# "loops/for_loop_array_assignment_memory_memory.sol"
# "loops/for_loop_array_assignment_memory_storage.sol"
# "loops/while_loop_array_assignment_memory_memory.sol"
# "loops/while_loop_array_assignment_memory_storage.sol"
# "types/address_call.sol"
# "types/address_delegatecall.sol"
# "types/address_staticcall.sol"
# "types/array_aliasing_storage_2.sol"
# "types/array_aliasing_storage_3.sol"
# "types/array_aliasing_storage_5.sol"
# "types/array_branch_1d.sol"
# "types/array_branches_1d.sol"
# "types/array_dynamic_parameter_1.sol"
# "types/array_dynamic_parameter_1_fail.sol"
# "types/bytes_1.sol"
# "types/bytes_2.sol"
# "types/bytes_2_fail.sol"
# "types/mapping_unsupported_key_type_1.sol"
# "types/function_type_array_as_reference_type.sol"
Comment on lines +147 to +166
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you mean to leave these commented?


# OpBlockhash
"special/blockhash.sol"
Expand Down Expand Up @@ -223,8 +252,8 @@ let
# symbolic` on all contracts within.
# $1 == input file
# $2 == hevm smt backend
# $3 == dynamic?
checkWithHevm = pkgs.writeShellScript "checkWithHevm" ''

# write json file to store for later debugging
testName=$(${testName} $1)
json=$out/jsonFiles/$testName.json
Expand All @@ -236,7 +265,7 @@ let

explore() {
set -x
hevm_output=$(${timeout} 90s ${hevm} symbolic --code "$1" --solver "$2" --json-file "$3" $4 2>&1)
hevm_output=$(${timeout} 90s ${hevm} symbolic --code "$1" --solver "$2" --json-file "$3" $4 $5 2>&1)
status=$?
set +x

Expand Down Expand Up @@ -273,10 +302,15 @@ let
iterations="--max-iterations 3"
fi

dynamic=""
if ! [[ -z "$3" ]]; then
dynamic="--calldata-model DynamicCD"
fi

${echo}
${echo} exploring runtime bytecode:
bin_runtime=$(${jq} -r --arg c $contract -c '.contracts[$c]."bin-runtime"' $json)
explore "$bin_runtime" "$2" "$json" "$iterations"
explore "$bin_runtime" "$2" "$json" "$iterations" "$dynamic"
done

exit 0
Expand Down Expand Up @@ -305,14 +339,35 @@ let
exit 0
fi

z3Timeouts=(${toString z3Timeout})
if [[ " ''${z3Timeouts[@]} " =~ " ''${testName} " ]] && [[ $2 = "z3" ]]; then
${echo} "skipping test:" ${testName}
${echo} "${strings.ignore}"
exit 0
fi

dynamicFlag=""
dynamicTests=(${toString dynamic})
if [[ " ''${dynamicTests[@]} " =~ " ''${testName} " ]]; then
# echo $2
if [[ $2 = "z3" ]]; then
dynamicFlag=1
else
${echo} "skipping test:" ${testName}
${echo} "${strings.ignore}"

exit 0
fi
fi

${grep} -q 'Error trying to invoke SMT solver.' $1
if [ $? == 0 ]; then ${echo} ${strings.smtCheckerFailed} && exit; fi
${grep} -q 'Assertion checker does not yet implement' $1
if [ $? == 0 ]; then ${echo} ${strings.smtCheckerFailed} && exit; fi
${grep} -q 'Assertion checker does not yet support' $1
if [ $? == 0 ]; then ${echo} ${strings.smtCheckerFailed} && exit; fi

hevm_output=$(${checkWithHevm} $1 $2 2>&1)
hevm_output=$(${checkWithHevm} $1 $2 "$dynamicFlag" 2>&1)
echo "$hevm_output"

${grep} -q '${strings.timeout}' <<< "$hevm_output"
Expand Down
7 changes: 7 additions & 0 deletions src/dapp-tests/bytes.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
contract Bytes
{
function f(bytes memory b1, bytes memory b2) public pure {
b1 = b2;
assert(b1[1] == b2[1]);
}
}
4 changes: 4 additions & 0 deletions src/dapp-tests/integration/tests.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,10 @@ test_hevm_symbolic() {
solc --bin-runtime -o . --overwrite AB.sol
hevm equivalence --code-a $(<A.bin-runtime) --code-b $(<B.bin-runtime) --solver cvc4
rm -rf A.bin-runtime B.bin-runtime

# simple dynamic calldata example
solc --bin-runtime -o . --overwrite bytes.sol
timeout 2m hevm symbolic --code $(<Bytes.bin-runtime) --calldata-model DynamicCD
}

test_hevm_symbolic
Expand Down
2 changes: 1 addition & 1 deletion src/dapp-tests/shell.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,5 +5,5 @@
pkgs.mkShell {
name = "dapp-tests";

buildInputs = with pkgs; [ killall cacert bashInteractive curl dapp gnumake hevm procps seth solc ];
buildInputs = with pkgs; [ coreutils killall cacert bashInteractive curl dapp gnumake hevm procps seth solc ];
}
Loading