Evaluator #120

chriseth · 2022-10-28T08:37:06Z

No description provided.

chriseth · 2022-10-28T08:38:19Z

src/encoder.rs

@@ -29,6 +30,7 @@ pub struct Encoder<InstructionsType> {
    ssa_tracker: SSATracker,
    output: Vec<SMTStatement>,
    interpreter: InstructionsType,


We probably want to change this name now.

leonardoalt · 2022-10-28T09:50:55Z

src/evm_builtins.rs

@@ -99,14 +99,14 @@ impl Instructions for EVMInstructions {
            "calldatasize" => single_return(evm_context::calldatasize(ssa).into()),
            "calldatacopy" => panic!("Builtin {} not implemented", builtin.name), // TODO
            "codesize" => single_return(evm_context::codesize(ssa).into()),
-            "codecopy" => panic!("Builtin {} not implemented", builtin.name), // TODO
+            "codecopy" => vec![], //panic!("Builtin {} not implemented", builtin.name), // TODO


Shouldn't this and extcodecopy havoc memory?

Yes, this is just to prevent the system from crashing on my example.

chriseth · 2022-11-01T16:49:57Z

This now uses the evaluator to determine if some branches cannot be reached at all (and then it does not encode them). This is a trace of the encoded opcodes filtered to mstore, datacopy, create, sload, sstore and call, executed on two transactions: First a call to "setUp()" and then "proveA()" (i.e. calldata is set accordingly). You can see that it does not encode any of the panics in the abi decoder and properly re-retrieves the address of the contract under test from storage:

=========== SETUP ===================
mstore(64, 128)
mstore(0, 35408467139433450592217433187231851964531694900788300625387963629091585785856)
mstore(4, 65)
datacopy(128, dataoffset("oTest_15"), datasize("oTest_15"))
_54 := create(0, 128, $_53)
   - _54 = address<oTest_15,0>
_75 := sload(0)
sstore(0, address<oTest_15,0>)
=========== CALL ===================
mstore(64, 128)
_68 := sload(0)
   - _68 = address<oTest_15,0>
mstore(128, 8964389696657244788749362684448106728022753484683927377131620019041577467904)
mstore(132, 0)
mstore(164, 0)
_110 := call($_106, address<oTest_15,0>, 0, 128, 68, 128, 32)
mstore(0, 35408467139433450592217433187231851964531694900788300625387963629091585785856)
mstore(4, 65)
mstore(64, $newFreePtr_113_1)
mstore(0, 35408467139433450592217433187231851964531694900788300625387963629091585785856)
mstore(4, 17)
mstore(0, 35408467139433450592217433187231851964531694900788300625387963629091585785856)
mstore(4, 1)

chriseth · 2022-11-02T14:33:10Z

Got this working now without the hack:

=========== SETUP ===================
mstore(40, 80)
mstore(0, 4e487b7100000000000000000000000000000000000000000000000000000000)
mstore(4, 41)
datacopy(80, dataoffset(dataref("oTest_15")), datasize(dataref("oTest_15")))
_54 := create(0, 80, sub(add(add(80, datasize(dataref("oTest_15"))), 0), 80))
   - _54 = address<oTest_15,0>
_75 := sload(0)
sstore(0, or(and($value_49_0, ffffffffffffffffffffffff0000000000000000000000000000000000000000), address<oTest_15,0>))
=========== CALL ===================
mstore(40, 80)
_70 := sload(0)
   - _70 = or(and($value_49_0, ffffffffffffffffffffffff0000000000000000000000000000000000000000), address<oTest_15,0>)
mstore(80, 13d1aa2e00000000000000000000000000000000000000000000000000000000)
mstore(84, 0)
mstore(a4, 0)
_112 := call($_108, address<oTest_15,0>, 0, 80, 44, 80, 20)
mstore(0, 4e487b7100000000000000000000000000000000000000000000000000000000)
mstore(4, 41)
mstore(40, add(80, and(add($value_108_0, 1f), ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0)))
mstore(0, 4e487b7100000000000000000000000000000000000000000000000000000000)
mstore(4, 11)
mstore(0, 4e487b7100000000000000000000000000000000000000000000000000000000)
mstore(4, 1)

chriseth force-pushed the evaluator branch from 1babe90 to 5585436 Compare October 28, 2022 08:37

chriseth changed the base branch from main to execution_position October 28, 2022 08:37

chriseth commented Oct 28, 2022

View reviewed changes

chriseth force-pushed the evaluator branch from 5585436 to 7b4c746 Compare October 28, 2022 08:46

leonardoalt reviewed Oct 28, 2022

View reviewed changes

chriseth force-pushed the evaluator branch from b57985c to c09f0cb Compare November 1, 2022 16:50

chriseth force-pushed the evaluator branch from c27ed54 to 81c211c Compare November 2, 2022 14:50

chriseth force-pushed the execution_position branch 2 times, most recently from 718e6f7 to 97486c6 Compare November 15, 2022 22:07

Base automatically changed from execution_position to main November 28, 2022 12:07

chriseth force-pushed the evaluator branch 4 times, most recently from 7859944 to 13f6b19 Compare January 2, 2023 15:15

Concrete evaluator.

f0dc67c

chriseth force-pushed the evaluator branch from 33ff9fb to f0dc67c Compare January 3, 2023 15:37

chriseth changed the base branch from main to shorter_literals January 3, 2023 15:37

extract state

50e5164

Base automatically changed from shorter_literals to main January 4, 2023 12:26

Support external calls from commandline.

18a5d28

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Evaluator #120

Evaluator #120

chriseth commented Oct 28, 2022

chriseth Oct 28, 2022

leonardoalt Oct 28, 2022

chriseth Oct 28, 2022

chriseth commented Nov 1, 2022

chriseth commented Nov 2, 2022

Evaluator #120

Are you sure you want to change the base?

Evaluator #120

Conversation

chriseth commented Oct 28, 2022

chriseth Oct 28, 2022

Choose a reason for hiding this comment

leonardoalt Oct 28, 2022

Choose a reason for hiding this comment

chriseth Oct 28, 2022

Choose a reason for hiding this comment

chriseth commented Nov 1, 2022

chriseth commented Nov 2, 2022