Merge remote-tracking branch 'upstream/master'

.editorconfig

@@ -8,3 +8,6 @@ insert_final_newline = true
 indent_style = space
 indent_size = 4
 charset = utf-8
+
+[*.jinja2]
+insert_final_newline = false

Pipfile

@@ -17,7 +17,6 @@ eth-account = "*"
 eth-tester = "*"
 laser-ethereum = ">=0.5.20"
 "jinja2" = "*"
-attrs = ">=17.0.0"
 rlp = "<1.0.0"
 [dev-packages]
 pylint = "*"

Pipfile.lock

@@ -23,20 +23,6 @@
             ],
             "version": "==0.24.0"
         },
-        "attrdict": {
-            "hashes": [
-                "sha256:86aeb6d3809e0344409f8148d7cac9eabce5f0b577c160b5e90d10df3f8d2ad3"
-            ],
-            "version": "==2.0.0"
-        },
-        "attrs": {
-            "hashes": [
-                "sha256:1c7960ccfd6a005cd9f7ba884e6316b5e430a3f1a6c37c5f87d8b43f83b54ec9",
-                "sha256:a17a9573a6f475c99b551c0e0a812707ddda1ec9653bed04c13841404ed6f450"
-            ],
-            "index": "pypi",
-            "version": "==17.4.0"
-        },
         "btrees": {
             "hashes": [
                 "sha256:46b02cb69b26a5238db771ea1955b503df73ecf254bb8063af4c61999fc75b5c",
@@ -595,14 +581,6 @@
             ],
             "version": "==1.6.3"
         },
-        "attrs": {
-            "hashes": [
-                "sha256:1c7960ccfd6a005cd9f7ba884e6316b5e430a3f1a6c37c5f87d8b43f83b54ec9",
-                "sha256:a17a9573a6f475c99b551c0e0a812707ddda1ec9653bed04c13841404ed6f450"
-            ],
-            "index": "pypi",
-            "version": "==17.4.0"
-        },
         "isort": {
             "hashes": [
                 "sha256:1153601da39a25b14ddc54955dbbacbb6b2d19135386699e2ad58517953b34af",

README.md

@@ -33,11 +33,11 @@ Documentation has moved to the [Wiki page](https://github.com/ConsenSys/mythril/
 - [HITBSecConf 2018 conference paper](https://github.com/b-mueller/smashing-smart-contracts/blob/master/smashing-smart-contracts-1of1.pdf)
 - [EDCon Toronto 2018 - Mythril: Find bugs and verify security properties in your contracts](https://www.youtube.com/watch?v=NJ9StJThxZY&feature=youtu.be&t=3h3m18s)
 
+## Mythril is Hiring
 
-## Acknowledgements
+[ConsenSys Diligence](https://consensys.net/diligence/) is building a dedicated Mythril team. If you're a coder and/or Ethereum security enthusiast who wants to do interesting and challenging work for a decentralized organization, check out the open positions below. Feel free to apply though the form on the careers website. or ping [b-mueller](http://github.com/b-mueller/) on [Gitter](https://gitter.im/ConsenSys/mythril).
 
-- JSON RPC library is adapted from [ethjsonrpc](https://github.com/ConsenSys/ethjsonrpc) (it doesn't seem to be maintained anymore, and I needed to make some changes to it).
-
-- The signature data in `signatures.json` was initially obtained from the [Ethereum Function Signature Database](https://www.4byte.directory).
-
-- Many features, bugfixes and analysis modules have been added by [contributors](https://github.com/b-mueller/mythril/graphs/contributors).
+- [Developer - Security Analysis Tools](https://new.consensys.net/careers/?gh_jid=1129067)
+- [Developer - Security Analysis Tools (Part Time)](https://new.consensys.net/careers/?gh_jid=1129048)
+- [Lead Developer - Security Analysis Engine](https://new.consensys.net/careers/?gh_jid=1127291)
+- [Lead Software Engineer - Auditor Security Tools](https://new.consensys.net/careers/?gh_jid=1127282)

mythril/analysis/callgraph.py

@@ -1,6 +1,7 @@
 import re
 
 from jinja2 import Environment, PackageLoader, select_autoescape
+from laser.ethereum.svm import NodeFlags
 import z3
 
 default_opts = {
@@ -95,15 +96,17 @@ def extract_nodes(statespace, color_map):
         code_split = []
         for instruction in instructions:
             if instruction['opcode'].startswith("PUSH"):
-                code_split.append("%d %s %s" % (instruction['address'], instruction['opcode'], instruction['argument']))
-                # code_split.append("{instruction['address']} {instruction['opcode']} {instruction['argument']}")
-            elif instruction['opcode'].startswith("JUMPDEST"):
-                code_split.append("%d %s %s" % (instruction['address'], instruction['opcode'], node.function_name))
+                code_line = "%d %s %s" % (instruction['address'], instruction['opcode'], instruction['argument'])
+            elif instruction['opcode'].startswith("JUMPDEST") and NodeFlags.FUNC_ENTRY in node.flags and instruction['address'] == node.start_addr:
+                code_line = node.function_name
             else:
-                code_split.append("%d %s" % (instruction['address'], instruction['opcode']))
+                code_line = "%d %s" % (instruction['address'], instruction['opcode'])
 
-        truncated_code = '\n'.join(code_split) if (len(code_split) < 7) else '\n'.join(
-            code_split[:6]) + "\n(click to expand +)"
+            code_line = re.sub("([0-9a-f]{8})[0-9a-f]+", lambda m: m.group(1) + "(...)", code_line)
+            code_split.append(code_line)
+
+        truncated_code = '\n'.join(code_split) if (len(code_split) < 7) \
+            else '\n'.join(code_split[:6]) + "\n(click to expand +)"
 
         nodes.append({
             'id': str(node_key),
@@ -142,7 +145,7 @@ def extract_edges(statespace):
 
 def generate_graph(statespace, title="Mythril / Ethereum LASER Symbolic VM", physics=False, phrackify=False):
     env = Environment(loader=PackageLoader('mythril.analysis'), autoescape=select_autoescape(['html', 'xml']))
-    template = env.get_template('graph.html')
+    template = env.get_template('callgraph.html')
 
     graph_opts = default_opts
     accounts = statespace.accounts

mythril/analysis/report.py

@@ -1,14 +1,15 @@
 import hashlib
 import json
+from jinja2 import PackageLoader, Environment
 
 class Issue:
 
-    def __init__(self, contract, function, pc, title, _type="Informational", description="", debug=""):
+    def __init__(self, contract, function, address, title, _type="Informational", description="", debug=""):
 
         self.title = title
         self.contract = contract
         self.function = function
-        self.pc = pc
+        self.address = address
         self.description = description
         self.type = _type
         self.debug = debug
@@ -18,7 +19,7 @@ class Issue:
 
     def as_dict(self):
 
-        issue = {'title': self.title, 'description':self.description, 'function': self.function, 'type': self.type, 'address': self.pc, 'debug': self.debug}
+        issue = {'title': self.title, 'description':self.description, 'function': self.function, 'type': self.type, 'address': self.address, 'debug': self.debug}
 
         if self.filename and self.lineno:
             issue['filename'] = self.filename
@@ -30,13 +31,14 @@ class Issue:
         return issue
 
     def add_code_info(self, contract):
-        if self.pc:
-            codeinfo = contract.get_source_info(self.pc)
+        if self.address:
+            codeinfo = contract.get_source_info(self.address)
             self.filename = codeinfo.filename
             self.code = codeinfo.code
             self.lineno = codeinfo.lineno
 
 class Report:
+    environment = Environment(loader=PackageLoader('mythril.analysis'), trim_blocks=True)
 
     def __init__(self, verbose=False):
         self.issues = {}
@@ -45,76 +47,20 @@ class Report:
 
     def append_issue(self, issue):
         m = hashlib.md5()
-        m.update((issue.contract + str(issue.pc) + issue.title).encode('utf-8'))
+        m.update((issue.contract + str(issue.address) + issue.title).encode('utf-8'))
         self.issues[m.digest()] = issue
 
     def as_text(self):
-        text = ""
-
-        for key, issue in self.issues.items():
-
-            text += "==== " + issue.title + " ====\n"
-            text += "Type: " + issue.type + "\n"
-
-            if len(issue.contract):
-                text += "Contract: " + issue.contract + "\n"
-            else:
-                text += "Contract: Unknown\n"
-
-            text += "Function name: " + issue.function + "\n"
-            text += "PC address: " + str(issue.pc) + "\n"
-
-            text += issue.description + "\n--------------------\n"
-
-            if issue.filename and issue.lineno:
-                text += "In file: " + issue.filename + ":" + str(issue.lineno)
-
-            if issue.code:
-                text += "\n\n" + issue.code + "\n\n--------------------\n"
-
-            if self.verbose and issue.debug:
-                text += "\nDEBUGGING INFORMATION:\n\n" + issue.debug + "\n--------------------\n"
-
-            text += "\n"
-
-        return text
+        filename = list(self.issues.values())[0].filename
+        template = Report.environment.get_template('report_as_text.jinja2')
+        return template.render(filename=filename, issues=self.issues, verbose=self.verbose)
 
     def as_json(self):
-        issues = []
-        for key, issue in self.issues.items():
-            issues.append(issue.as_dict())
+        issues = [issue.as_dict() for key, issue in self.issues.items()]
         result = {'success': True, 'error': None, 'issues': issues}
         return json.dumps(result)
 
     def as_markdown(self):
-        text = ""
-
-        for key, issue in self.issues.items():
-
-            if text == "":
-                if (issue.filename):
-                    text += "# Analysis results for " + issue.filename
-               
-            text += "\n\n## " + issue.title + "\n\n"
-            text += "- Type: " + issue.type + "\n"
-
-            if len(issue.contract):
-                text += "- Contract: " + issue.contract + "\n"
-            else:
-                text += "- Contract: Unknown\n"
-
-            text += "- Function name: `" + issue.function + "`\n"
-            text += "- PC address: " + str(issue.pc) + "\n\n"
-
-            text += "### Description\n\n" + issue.description
-
-            if issue.filename and issue.lineno:
-                text += "\nIn *%s:%d*\n" % (issue.filename, issue.lineno)
-
-            if issue.code:
-                text += "\n```\n" + issue.code + "\n```"
-
-            if self.verbose and issue.debug:
-                text += "\n\n### Debugging Information\n" + issue.debug
-
-        return text
+        filename = list(self.issues.values())[0].filename
+        template = Report.environment.get_template('report_as_markdown.jinja2')
+        return template.render(filename=filename, issues=self.issues, verbose=self.verbose)

mythril/analysis/templates/report_as_markdown.jinja2

@@ -0,0 +1,37 @@
+# Analysis results for {{ filename }}
+{% if issues %}
+{% for key, issue in issues.items() %}
+
+## {{ issue.title }}
+
+- Type: {{ issue.type }}
+- Contract: {{ issue.contract | default("Unknown") }}
+- Function name: `{{ issue.function }}`
+- PC address: {{ issue.address }}
+
+### Description
+
+{{ issue.description.rstrip() }}
+{% if issue.filename and issue.lineno %}
+In file: {{ issue.filename }}:{{ issue.lineno }}
+{% endif %}
+{% if issue.code %}
+
+### Code
+
+```
+{{ issue.code }}
+```
+{% endif %}
+{% if verbose and issue.debug %}
+--------------------
+### Debugging Information:
+
+{{ issue.debug }}
+
+{% endif %}
+{% endfor %}
+{% else %}
+
+The analysis was completed successfully. No issues were detected.
+{% endif %}

mythril/analysis/templates/report_as_text.jinja2

@@ -0,0 +1,29 @@
+{% if issues %}
+{% for key, issue in issues.items() %}
+==== {{ issue.title }} ====
+Type: {{ issue.type }}
+Contract: {{ issue.contract | default("Unknown") }}
+Function name: {{ issue.function }}
+PC address: {{ issue.address }}
+{{ issue.description }}
+--------------------
+{% if issue.filename and issue.lineno %}
+In file: {{ issue.filename }}:{{ issue.lineno }}
+{% endif %}
+{% if issue.code %}
+
+{{ issue.code }}
+
+--------------------
+{% endif %}
+{% if verbose and issue.debug %}
+--------------------
+DEBUGGING INFORMATION:
+
+{{ issue.debug }}
+{% endif %}
+
+{% endfor %}
+{% else %}
+The analysis was completed successfully. No issues were detected.
+{% endif %}

mythril/interfaces/cli.py

@@ -202,8 +202,8 @@ def main():
                                              max_depth=args.max_depth)
                 outputs = {
                     'json': report.as_json(),
-                    'text': report.as_text() or "The analysis was completed successfully. No issues were detected.",
-                    'markdown': report.as_markdown() or "The analysis was completed successfully. No issues were detected."
+                    'text': report.as_text(),
+                    'markdown': report.as_markdown()
                 }
                 print(outputs[args.outform])
 

mythril/support/truffle.py

@@ -80,7 +80,7 @@ def analyze_truffle_project(args):
 
                 for issue in issues:
 
-                    index = helper.get_instruction_index(disassembly.instruction_list, issue.pc)
+                    index = helper.get_instruction_index(disassembly.instruction_list, issue.address)
 
                     if index:
                             try:

requirements.txt

@@ -2,7 +2,7 @@ rlp<1.0.0
 ethereum>=2.3.0
 ZODB>=5.3.0
 z3-solver>=4.5
-laser-ethereum>=0.17.8
+laser-ethereum>=0.17.12
 requests
 BTrees
 plyvel
@@ -18,5 +18,4 @@ eth-rlp>=0.1.0
 eth-tester>=0.1.0b21
 coverage
 jinja2
-attrs
 pytest

setup.py

@@ -5,7 +5,7 @@ import os
 # Package version (vX.Y.Z). It must match git tag being used for CircleCI
 # deployment; otherwise the build will failed.
 
-VERSION = "v0.17.9"
+VERSION = "v0.17.12"
 
 class VerifyVersionCommand(install):
   """Custom command to verify that the git tag matches our version"""
@@ -307,7 +307,7 @@ setup(
         'ethereum>=2.3.0',
         'ZODB>=5.3.0',
         'z3-solver>=4.5',
-        'laser-ethereum>=0.17.8',
+        'laser-ethereum>=0.17.12',
         'requests',
         'BTrees',
         'py-solc',
@@ -323,7 +323,6 @@ setup(
         'eth-tester>=0.1.0b21',
         'coverage',
         'jinja2',
-        'attrs',
         'rlp<1.0.0'
     ],
 
@@ -331,7 +330,11 @@ setup(
 
     extras_require={
     },
-
+    
+    package_data={
+        'mythril.analysis': ['templates/*']
+    },
+    
     include_package_data=True,
 
     scripts=['myth'],

solidity_examples/ether_send.sol

@@ -28,7 +28,4 @@ contract Crowdfunding {
     return balances[msg.sender];
   }
 
-  function() public payable {
-    invest();
-  }
-}
+}

tests/report_test.py

@@ -44,12 +44,12 @@ def reports():
     return results
 
 
-def _assert_empty(changed_files):
+def _assert_empty(changed_files, postfix):
     """ Asserts there are no changed files and otherwise builds error message"""
     message = ""
     for input_file in changed_files:
-        output_expected = (TESTDATA_OUTPUTS_EXPECTED / (input_file.name + ".json")).read_text().splitlines(1)
-        output_current = (TESTDATA_OUTPUTS_CURRENT / (input_file.name + ".json")).read_text().splitlines(1)
+        output_expected = (TESTDATA_OUTPUTS_EXPECTED / (input_file.name + postfix)).read_text().splitlines(1)
+        output_current = (TESTDATA_OUTPUTS_CURRENT / (input_file.name + postfix)).read_text().splitlines(1)
 
         difference = ''.join(difflib.unified_diff(output_expected, output_current))
         message += "Found differing file for input: {} \n Difference: \n {} \n".format(str(input_file), str(difference))
@@ -75,12 +75,12 @@ def _get_changed_files(postfix, report_builder, reports):
 
 
 def test_json_report(reports):
-    _assert_empty(_get_changed_files('.json', lambda report: _fix_path(_fix_debug_data(report.as_json())).strip(), reports))
+    _assert_empty(_get_changed_files('.json', lambda report: _fix_path(_fix_debug_data(report.as_json())).strip(), reports), '.json')
 
 
 def test_markdown_report(reports):
-    _assert_empty(_get_changed_files('.markdown', lambda report: _fix_path(report.as_markdown()), reports))
+    _assert_empty(_get_changed_files('.markdown', lambda report: _fix_path(report.as_markdown()), reports), '.markdown')
 
 
 def test_text_report(reports):
-    _assert_empty(_get_changed_files('.text', lambda report: _fix_path(report.as_text()), reports))
+    _assert_empty(_get_changed_files('.text', lambda report: _fix_path(report.as_text()), reports), '.text')

tests/testdata/input_contracts/ether_send.sol

@@ -28,7 +28,4 @@ contract Crowdfunding {
     return balances[msg.sender];
   }
 
-  function() public payable {
-    invest();
-  }
-}
+}

tests/testdata/inputs/ether_send.sol.o

@@ -1 +1 @@
-606060405260043610610078576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff16806312065fe01461008257806327e235e3146100ab57806356885cd8146100f85780636c343ffe1461010d5780638da5cb5b14610122578063e8b5e51f14610177575b610080610181565b005b341561008d57600080fd5b6100956101ec565b6040518082815260200191505060405180910390f35b34156100b657600080fd5b6100e2600480803573ffffffffffffffffffffffffffffffffffffffff16906020019091905050610232565b6040518082815260200191505060405180910390f35b341561010357600080fd5b61010b61024a565b005b341561011857600080fd5b61012061028d565b005b341561012d57600080fd5b610135610342565b604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b61017f610181565b005b60025434118015610193575060035434105b151561019e57600080fd5b346000803373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060008282540192505081905550565b60008060003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002054905090565b60006020528060005260406000206000915090505481565b33600160006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff160217905550565b600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff161415156102e957600080fd5b3373ffffffffffffffffffffffffffffffffffffffff166108fc3073ffffffffffffffffffffffffffffffffffffffff16319081150290604051600060405180830381858888f19350505050151561034057600080fd5b565b600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff16815600a165627a7a72305820bbf8d45345e3ef7004b6445155bc5f20c8a6dc61dec2637ed9f5eb80f5b2ab0a0029
+608060405260043610610078576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff16806312065fe01461007d57806327e235e3146100a857806356885cd8146100ff5780636c343ffe146101165780638da5cb5b1461012d578063e8b5e51f14610184575b600080fd5b34801561008957600080fd5b5061009261018e565b6040518082815260200191505060405180910390f35b3480156100b457600080fd5b506100e9600480360381019080803573ffffffffffffffffffffffffffffffffffffffff1690602001909291905050506101d4565b6040518082815260200191505060405180910390f35b34801561010b57600080fd5b506101146101ec565b005b34801561012257600080fd5b5061012b61022f565b005b34801561013957600080fd5b506101426102eb565b604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b61018c610311565b005b60008060003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002054905090565b60006020528060005260406000206000915090505481565b33600160006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff160217905550565b600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff1614151561028b57600080fd5b3373ffffffffffffffffffffffffffffffffffffffff166108fc3073ffffffffffffffffffffffffffffffffffffffff16319081150290604051600060405180830381858888f193505050501580156102e8573d6000803e3d6000fd5b50565b600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b60025434118015610323575060035434105b151561032e57600080fd5b346000803373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020600082825401925050819055505600a165627a7a72305820402df619c16e4325eb7830ed063880a283ac25dff982b6a5be67138df0c209550029

tests/testdata/outputs_expected/calls.sol.o.markdown

@@ -108,4 +108,4 @@ The return value of an external call is not checked. Note that execution continu
 
 ### Description
 
-The return value of an external call is not checked. Note that execution continue even if the called contract throws.
+The return value of an external call is not checked. Note that execution continue even if the called contract throws.

tests/testdata/outputs_expected/ether_send.sol.o.easm

@@ -1,4 +1,4 @@
-0 PUSH1 0x60
+0 PUSH1 0x80
 2 PUSH1 0x40
 4 MSTORE
 5 PUSH1 0x04
@@ -16,383 +16,405 @@
 54 DUP1
 55 PUSH4 0x12065fe0
 60 EQ
-61 PUSH2 0x0082
+61 PUSH2 0x007d
 64 JUMPI
 65 DUP1
 66 PUSH4 0x27e235e3
 71 EQ
-72 PUSH2 0x00ab
+72 PUSH2 0x00a8
 75 JUMPI
 76 DUP1
 77 PUSH4 0x56885cd8
 82 EQ
-83 PUSH2 0x00f8
+83 PUSH2 0x00ff
 86 JUMPI
 87 DUP1
 88 PUSH4 0x6c343ffe
 93 EQ
-94 PUSH2 0x010d
+94 PUSH2 0x0116
 97 JUMPI
 98 DUP1
 99 PUSH4 0x8da5cb5b
 104 EQ
-105 PUSH2 0x0122
+105 PUSH2 0x012d
 108 JUMPI
 109 DUP1
 110 PUSH4 0xe8b5e51f
 115 EQ
-116 PUSH2 0x0177
+116 PUSH2 0x0184
 119 JUMPI
 120 JUMPDEST
-121 PUSH2 0x0080
-124 PUSH2 0x0181
-127 JUMP
-128 JUMPDEST
-129 STOP
-130 JUMPDEST
-131 CALLVALUE
-132 ISZERO
-133 PUSH2 0x008d
-136 JUMPI
-137 PUSH1 0x00
-139 DUP1
-140 REVERT
-141 JUMPDEST
-142 PUSH2 0x0095
-145 PUSH2 0x01ec
-148 JUMP
-149 JUMPDEST
-150 PUSH1 0x40
-152 MLOAD
-153 DUP1
-154 DUP3
-155 DUP2
-156 MSTORE
-157 PUSH1 0x20
-159 ADD
-160 SWAP2
-161 POP
-162 POP
-163 PUSH1 0x40
-165 MLOAD
-166 DUP1
-167 SWAP2
-168 SUB
-169 SWAP1
-170 RETURN
-171 JUMPDEST
-172 CALLVALUE
-173 ISZERO
-174 PUSH2 0x00b6
-177 JUMPI
-178 PUSH1 0x00
-180 DUP1
-181 REVERT
-182 JUMPDEST
-183 PUSH2 0x00e2
-186 PUSH1 0x04
-188 DUP1
-189 DUP1
-190 CALLDATALOAD
-191 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
-212 AND
-213 SWAP1
-214 PUSH1 0x20
-216 ADD
-217 SWAP1
-218 SWAP2
-219 SWAP1
-220 POP
-221 POP
-222 PUSH2 0x0232
-225 JUMP
-226 JUMPDEST
-227 PUSH1 0x40
-229 MLOAD
-230 DUP1
-231 DUP3
-232 DUP2
-233 MSTORE
-234 PUSH1 0x20
-236 ADD
-237 SWAP2
-238 POP
-239 POP
-240 PUSH1 0x40
-242 MLOAD
-243 DUP1
+121 PUSH1 0x00
+123 DUP1
+124 REVERT
+125 JUMPDEST
+126 CALLVALUE
+127 DUP1
+128 ISZERO
+129 PUSH2 0x0089
+132 JUMPI
+133 PUSH1 0x00
+135 DUP1
+136 REVERT
+137 JUMPDEST
+138 POP
+139 PUSH2 0x0092
+142 PUSH2 0x018e
+145 JUMP
+146 JUMPDEST
+147 PUSH1 0x40
+149 MLOAD
+150 DUP1
+151 DUP3
+152 DUP2
+153 MSTORE
+154 PUSH1 0x20
+156 ADD
+157 SWAP2
+158 POP
+159 POP
+160 PUSH1 0x40
+162 MLOAD
+163 DUP1
+164 SWAP2
+165 SUB
+166 SWAP1
+167 RETURN
+168 JUMPDEST
+169 CALLVALUE
+170 DUP1
+171 ISZERO
+172 PUSH2 0x00b4
+175 JUMPI
+176 PUSH1 0x00
+178 DUP1
+179 REVERT
+180 JUMPDEST
+181 POP
+182 PUSH2 0x00e9
+185 PUSH1 0x04
+187 DUP1
+188 CALLDATASIZE
+189 SUB
+190 DUP2
+191 ADD
+192 SWAP1
+193 DUP1
+194 DUP1
+195 CALLDATALOAD
+196 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+217 AND
+218 SWAP1
+219 PUSH1 0x20
+221 ADD
+222 SWAP1
+223 SWAP3
+224 SWAP2
+225 SWAP1
+226 POP
+227 POP
+228 POP
+229 PUSH2 0x01d4
+232 JUMP
+233 JUMPDEST
+234 PUSH1 0x40
+236 MLOAD
+237 DUP1
+238 DUP3
+239 DUP2
+240 MSTORE
+241 PUSH1 0x20
+243 ADD
 244 SWAP2
-245 SUB
-246 SWAP1
-247 RETURN
-248 JUMPDEST
-249 CALLVALUE
-250 ISZERO
-251 PUSH2 0x0103
-254 JUMPI
-255 PUSH1 0x00
+245 POP
+246 POP
+247 PUSH1 0x40
+249 MLOAD
+250 DUP1
+251 SWAP2
+252 SUB
+253 SWAP1
+254 RETURN
+255 JUMPDEST
+256 CALLVALUE
 257 DUP1
-258 REVERT
-259 JUMPDEST
-260 PUSH2 0x010b
-263 PUSH2 0x024a
-266 JUMP
+258 ISZERO
+259 PUSH2 0x010b
+262 JUMPI
+263 PUSH1 0x00
+265 DUP1
+266 REVERT
 267 JUMPDEST
-268 STOP
-269 JUMPDEST
-270 CALLVALUE
-271 ISZERO
-272 PUSH2 0x0118
-275 JUMPI
-276 PUSH1 0x00
-278 DUP1
-279 REVERT
-280 JUMPDEST
-281 PUSH2 0x0120
-284 PUSH2 0x028d
-287 JUMP
-288 JUMPDEST
-289 STOP
+268 POP
+269 PUSH2 0x0114
+272 PUSH2 0x01ec
+275 JUMP
+276 JUMPDEST
+277 STOP
+278 JUMPDEST
+279 CALLVALUE
+280 DUP1
+281 ISZERO
+282 PUSH2 0x0122
+285 JUMPI
+286 PUSH1 0x00
+288 DUP1
+289 REVERT
 290 JUMPDEST
-291 CALLVALUE
-292 ISZERO
-293 PUSH2 0x012d
-296 JUMPI
-297 PUSH1 0x00
-299 DUP1
-300 REVERT
+291 POP
+292 PUSH2 0x012b
+295 PUSH2 0x022f
+298 JUMP
+299 JUMPDEST
+300 STOP
 301 JUMPDEST
-302 PUSH2 0x0135
-305 PUSH2 0x0342
-308 JUMP
-309 JUMPDEST
-310 PUSH1 0x40
-312 MLOAD
-313 DUP1
-314 DUP3
-315 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
-336 AND
-337 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
-358 AND
-359 DUP2
-360 MSTORE
-361 PUSH1 0x20
-363 ADD
-364 SWAP2
-365 POP
-366 POP
-367 PUSH1 0x40
-369 MLOAD
-370 DUP1
-371 SWAP2
-372 SUB
-373 SWAP1
-374 RETURN
-375 JUMPDEST
-376 PUSH2 0x017f
-379 PUSH2 0x0181
-382 JUMP
-383 JUMPDEST
-384 STOP
-385 JUMPDEST
-386 PUSH1 0x02
-388 SLOAD
-389 CALLVALUE
-390 GT
-391 DUP1
-392 ISZERO
-393 PUSH2 0x0193
-396 JUMPI
-397 POP
-398 PUSH1 0x03
-400 SLOAD
-401 CALLVALUE
-402 LT
-403 JUMPDEST
-404 ISZERO
-405 ISZERO
-406 PUSH2 0x019e
-409 JUMPI
-410 PUSH1 0x00
-412 DUP1
-413 REVERT
-414 JUMPDEST
-415 CALLVALUE
-416 PUSH1 0x00
-418 DUP1
-419 CALLER
-420 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
-441 AND
-442 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
-463 AND
-464 DUP2
-465 MSTORE
-466 PUSH1 0x20
-468 ADD
-469 SWAP1
-470 DUP2
-471 MSTORE
-472 PUSH1 0x20
-474 ADD
+302 CALLVALUE
+303 DUP1
+304 ISZERO
+305 PUSH2 0x0139
+308 JUMPI
+309 PUSH1 0x00
+311 DUP1
+312 REVERT
+313 JUMPDEST
+314 POP
+315 PUSH2 0x0142
+318 PUSH2 0x02eb
+321 JUMP
+322 JUMPDEST
+323 PUSH1 0x40
+325 MLOAD
+326 DUP1
+327 DUP3
+328 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+349 AND
+350 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+371 AND
+372 DUP2
+373 MSTORE
+374 PUSH1 0x20
+376 ADD
+377 SWAP2
+378 POP
+379 POP
+380 PUSH1 0x40
+382 MLOAD
+383 DUP1
+384 SWAP2
+385 SUB
+386 SWAP1
+387 RETURN
+388 JUMPDEST
+389 PUSH2 0x018c
+392 PUSH2 0x0311
+395 JUMP
+396 JUMPDEST
+397 STOP
+398 JUMPDEST
+399 PUSH1 0x00
+401 DUP1
+402 PUSH1 0x00
+404 CALLER
+405 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+426 AND
+427 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+448 AND
+449 DUP2
+450 MSTORE
+451 PUSH1 0x20
+453 ADD
+454 SWAP1
+455 DUP2
+456 MSTORE
+457 PUSH1 0x20
+459 ADD
+460 PUSH1 0x00
+462 SHA3
+463 SLOAD
+464 SWAP1
+465 POP
+466 SWAP1
+467 JUMP
+468 JUMPDEST
+469 PUSH1 0x00
+471 PUSH1 0x20
+473 MSTORE
+474 DUP1
 475 PUSH1 0x00
-477 SHA3
-478 PUSH1 0x00
-480 DUP3
-481 DUP3
-482 SLOAD
-483 ADD
-484 SWAP3
-485 POP
+477 MSTORE
+478 PUSH1 0x40
+480 PUSH1 0x00
+482 SHA3
+483 PUSH1 0x00
+485 SWAP2
 486 POP
-487 DUP2
-488 SWAP1
-489 SSTORE
-490 POP
+487 SWAP1
+488 POP
+489 SLOAD
+490 DUP2
 491 JUMP
 492 JUMPDEST
-493 PUSH1 0x00
-495 DUP1
+493 CALLER
+494 PUSH1 0x01
 496 PUSH1 0x00
-498 CALLER
-499 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
-520 AND
-521 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
-542 AND
-543 DUP2
-544 MSTORE
-545 PUSH1 0x20
-547 ADD
-548 SWAP1
-549 DUP2
-550 MSTORE
-551 PUSH1 0x20
-553 ADD
-554 PUSH1 0x00
-556 SHA3
-557 SLOAD
-558 SWAP1
-559 POP
-560 SWAP1
-561 JUMP
-562 JUMPDEST
-563 PUSH1 0x00
-565 PUSH1 0x20
-567 MSTORE
-568 DUP1
-569 PUSH1 0x00
-571 MSTORE
-572 PUSH1 0x40
-574 PUSH1 0x00
-576 SHA3
-577 PUSH1 0x00
-579 SWAP2
-580 POP
-581 SWAP1
-582 POP
-583 SLOAD
-584 DUP2
-585 JUMP
-586 JUMPDEST
-587 CALLER
-588 PUSH1 0x01
-590 PUSH1 0x00
-592 PUSH2 0x0100
-595 EXP
-596 DUP2
-597 SLOAD
-598 DUP2
-599 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
-620 MUL
-621 NOT
-622 AND
-623 SWAP1
-624 DUP4
-625 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
-646 AND
-647 MUL
-648 OR
-649 SWAP1
-650 SSTORE
-651 POP
-652 JUMP
-653 JUMPDEST
-654 PUSH1 0x01
-656 PUSH1 0x00
-658 SWAP1
-659 SLOAD
-660 SWAP1
-661 PUSH2 0x0100
-664 EXP
-665 SWAP1
-666 DIV
-667 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
-688 AND
-689 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
-710 AND
-711 CALLER
-712 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
-733 AND
-734 EQ
-735 ISZERO
-736 ISZERO
-737 PUSH2 0x02e9
-740 JUMPI
+498 PUSH2 0x0100
+501 EXP
+502 DUP2
+503 SLOAD
+504 DUP2
+505 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+526 MUL
+527 NOT
+528 AND
+529 SWAP1
+530 DUP4
+531 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+552 AND
+553 MUL
+554 OR
+555 SWAP1
+556 SSTORE
+557 POP
+558 JUMP
+559 JUMPDEST
+560 PUSH1 0x01
+562 PUSH1 0x00
+564 SWAP1
+565 SLOAD
+566 SWAP1
+567 PUSH2 0x0100
+570 EXP
+571 SWAP1
+572 DIV
+573 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+594 AND
+595 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+616 AND
+617 CALLER
+618 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+639 AND
+640 EQ
+641 ISZERO
+642 ISZERO
+643 PUSH2 0x028b
+646 JUMPI
+647 PUSH1 0x00
+649 DUP1
+650 REVERT
+651 JUMPDEST
+652 CALLER
+653 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+674 AND
+675 PUSH2 0x08fc
+678 ADDRESS
+679 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+700 AND
+701 BALANCE
+702 SWAP1
+703 DUP2
+704 ISZERO
+705 MUL
+706 SWAP1
+707 PUSH1 0x40
+709 MLOAD
+710 PUSH1 0x00
+712 PUSH1 0x40
+714 MLOAD
+715 DUP1
+716 DUP4
+717 SUB
+718 DUP2
+719 DUP6
+720 DUP9
+721 DUP9
+722 CALL
+723 SWAP4
+724 POP
+725 POP
+726 POP
+727 POP
+728 ISZERO
+729 DUP1
+730 ISZERO
+731 PUSH2 0x02e8
+734 JUMPI
+735 RETURNDATASIZE
+736 PUSH1 0x00
+738 DUP1
+739 RETURNDATACOPY
+740 RETURNDATASIZE
 741 PUSH1 0x00
-743 DUP1
-744 REVERT
-745 JUMPDEST
-746 CALLER
-747 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
-768 AND
-769 PUSH2 0x08fc
-772 ADDRESS
-773 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
-794 AND
-795 BALANCE
-796 SWAP1
-797 DUP2
-798 ISZERO
-799 MUL
-800 SWAP1
-801 PUSH1 0x40
-803 MLOAD
-804 PUSH1 0x00
-806 PUSH1 0x40
-808 MLOAD
-809 DUP1
-810 DUP4
-811 SUB
-812 DUP2
-813 DUP6
-814 DUP9
-815 DUP9
-816 CALL
-817 SWAP4
-818 POP
-819 POP
-820 POP
-821 POP
-822 ISZERO
-823 ISZERO
-824 PUSH2 0x0340
-827 JUMPI
-828 PUSH1 0x00
-830 DUP1
-831 REVERT
-832 JUMPDEST
-833 JUMP
-834 JUMPDEST
-835 PUSH1 0x01
-837 PUSH1 0x00
-839 SWAP1
-840 SLOAD
-841 SWAP1
-842 PUSH2 0x0100
-845 EXP
-846 SWAP1
-847 DIV
-848 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
-869 AND
+743 REVERT
+744 JUMPDEST
+745 POP
+746 JUMP
+747 JUMPDEST
+748 PUSH1 0x01
+750 PUSH1 0x00
+752 SWAP1
+753 SLOAD
+754 SWAP1
+755 PUSH2 0x0100
+758 EXP
+759 SWAP1
+760 DIV
+761 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+782 AND
+783 DUP2
+784 JUMP
+785 JUMPDEST
+786 PUSH1 0x02
+788 SLOAD
+789 CALLVALUE
+790 GT
+791 DUP1
+792 ISZERO
+793 PUSH2 0x0323
+796 JUMPI
+797 POP
+798 PUSH1 0x03
+800 SLOAD
+801 CALLVALUE
+802 LT
+803 JUMPDEST
+804 ISZERO
+805 ISZERO
+806 PUSH2 0x032e
+809 JUMPI
+810 PUSH1 0x00
+812 DUP1
+813 REVERT
+814 JUMPDEST
+815 CALLVALUE
+816 PUSH1 0x00
+818 DUP1
+819 CALLER
+820 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+841 AND
+842 PUSH20 0xffffffffffffffffffffffffffffffffffffffff
+863 AND
+864 DUP2
+865 MSTORE
+866 PUSH1 0x20
+868 ADD
+869 SWAP1
 870 DUP2
-871 JUMP
-872 STOP
+871 MSTORE
+872 PUSH1 0x20
+874 ADD
+875 PUSH1 0x00
+877 SHA3
+878 PUSH1 0x00
+880 DUP3
+881 DUP3
+882 SLOAD
+883 ADD
+884 SWAP3
+885 POP
+886 POP
+887 DUP2
+888 SWAP1
+889 SSTORE
+890 POP
+891 JUMP
+892 STOP

tests/testdata/outputs_expected/ether_send.sol.o.json

@@ -7,7 +7,7 @@
             "description": "In the function `withdrawfunds()` a non-zero amount of Ether is sent to msg.sender.\n\nThere is a check on storage index 1. This storage slot can be written to by calling the function `crowdfunding()`.",
             "function": "withdrawfunds()",
             "type": "Warning",
-            "address": 816,
+            "address": 722,
             "debug": "<DEBUG-DATA>"
         },
         {
@@ -15,7 +15,7 @@
             "description": "A possible integer overflow exists in the function `invest()`.\nThe addition or multiplication may result in a value higher than the maximum representable integer.",
             "function": "invest()",
             "type": "Warning",
-            "address": 483,
+            "address": 883,
             "debug": "<DEBUG-DATA>"
         }
     ]

tests/testdata/outputs_expected/ether_send.sol.o.markdown

@@ -5,7 +5,7 @@
 - Type: Warning
 - Contract: Unknown
 - Function name: `withdrawfunds()`
-- PC address: 816
+- PC address: 722
 
 ### Description
 
@@ -18,9 +18,9 @@ There is a check on storage index 1. This storage slot can be written to by call
 - Type: Warning
 - Contract: Unknown
 - Function name: `invest()`
-- PC address: 483
+- PC address: 883
 
 ### Description
 
 A possible integer overflow exists in the function `invest()`.
-The addition or multiplication may result in a value higher than the maximum representable integer.
+The addition or multiplication may result in a value higher than the maximum representable integer.

tests/testdata/outputs_expected/ether_send.sol.o.text

@@ -2,7 +2,7 @@
 Type: Warning
 Contract: Unknown
 Function name: withdrawfunds()
-PC address: 816
+PC address: 722
 In the function `withdrawfunds()` a non-zero amount of Ether is sent to msg.sender.
 
 There is a check on storage index 1. This storage slot can be written to by calling the function `crowdfunding()`.
@@ -12,7 +12,7 @@ There is a check on storage index 1. This storage slot can be written to by call
 Type: Warning
 Contract: Unknown
 Function name: invest()
-PC address: 483
+PC address: 883
 A possible integer overflow exists in the function `invest()`.
 The addition or multiplication may result in a value higher than the maximum representable integer.
 --------------------

tests/testdata/outputs_expected/exceptions.sol.o.markdown

@@ -9,7 +9,7 @@
 
 ### Description
 
-A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. 
+A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking.
 
 ## Exception state
 
@@ -20,7 +20,7 @@ A reachable exception (opcode 0xfe) has been detected. This can be caused by typ
 
 ### Description
 
-A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. 
+A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking.
 
 ## Exception state
 
@@ -31,7 +31,7 @@ A reachable exception (opcode 0xfe) has been detected. This can be caused by typ
 
 ### Description
 
-A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. 
+A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking.
 
 ## Exception state
 
@@ -42,4 +42,4 @@ A reachable exception (opcode 0xfe) has been detected. This can be caused by typ
 
 ### Description
 
-A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking. 
+A reachable exception (opcode 0xfe) has been detected. This can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. This is acceptable in most situations. Note however that `assert()` should only be used to check invariants. Use `require()` for regular input checking.

tests/testdata/outputs_expected/kinds_of_calls.sol.o.markdown

@@ -20,4 +20,4 @@ This contract executes a message call to an address provided as a function argum
 
 ### Description
 
-The return value of an external call is not checked. Note that execution continue even if the called contract throws.
+The return value of an external call is not checked. Note that execution continue even if the called contract throws.

tests/testdata/outputs_expected/metacoin.sol.o.markdown

@@ -10,4 +10,4 @@
 ### Description
 
 A possible integer overflow exists in the function `sendToken(address,uint256)`.
-The addition or multiplication may result in a value higher than the maximum representable integer.
+The addition or multiplication may result in a value higher than the maximum representable integer.

tests/testdata/outputs_expected/multi_contracts.sol.markdown

@@ -15,4 +15,4 @@ In *<TESTDATA>/inputs/multi_contracts.sol:14*
 
 ```
 msg.sender.transfer(2 ether)
-```
+```

tests/testdata/outputs_expected/multi_contracts.sol.o.markdown

@@ -10,4 +10,4 @@
 ### Description
 
 In the function `_function_0x8a4068dd` a non-zero amount of Ether is sent to msg.sender.
-It seems that this function can be called without restrictions.
+It seems that this function can be called without restrictions.

tests/testdata/outputs_expected/origin.sol.o.markdown

@@ -10,4 +10,4 @@
 ### Description
 
 Function transferOwnership(address) retrieves the transaction origin (tx.origin) using the ORIGIN opcode. Use tx.sender instead.
-See also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin
+See also: https://solidity.readthedocs.io/en/develop/security-considerations.html#tx-origin

tests/testdata/outputs_expected/overflow.sol.markdown

@@ -49,4 +49,4 @@ In *<TESTDATA>/inputs/overflow.sol:11*
 
 ```
 balances[msg.sender] - _value
-```
+```

tests/testdata/outputs_expected/overflow.sol.o.markdown

@@ -34,4 +34,4 @@ The addition or multiplication may result in a value higher than the maximum rep
 ### Description
 
 A possible integer underflow exists in the function `sendeth(address,uint256)`.
-The subtraction may result in a value < 0.
+The subtraction may result in a value < 0.

tests/testdata/outputs_expected/returnvalue.sol.o.markdown

@@ -31,4 +31,4 @@ This contract executes a message call to to another contract. Make sure that the
 
 ### Description
 
-The return value of an external call is not checked. Note that execution continue even if the called contract throws.
+The return value of an external call is not checked. Note that execution continue even if the called contract throws.

tests/testdata/outputs_expected/suicide.sol.markdown

@@ -16,4 +16,4 @@ In *<TESTDATA>/inputs/suicide.sol:4*
 
 ```
 selfdestruct(addr)
-```
+```

tests/testdata/outputs_expected/suicide.sol.o.markdown

@@ -11,4 +11,4 @@
 
 The function `_function_0xcbf0b0c0` executes the SUICIDE instruction. The remaining Ether is sent to an address provided as a function argument.
 
-It seems that this function can be called without restrictions.
+It seems that this function can be called without restrictions.

tests/testdata/outputs_expected/underflow.sol.markdown

@@ -49,4 +49,4 @@ In *<TESTDATA>/inputs/underflow.sol:11*
 
 ```
 balances[msg.sender] - _value
-```
+```

tests/testdata/outputs_expected/underflow.sol.o.markdown

@@ -34,4 +34,4 @@ The addition or multiplication may result in a value higher than the maximum rep
 ### Description
 
 A possible integer underflow exists in the function `sendeth(address,uint256)`.
-The subtraction may result in a value < 0.
+The subtraction may result in a value < 0.