TheDude
/
mythril
mirror of https://github.com/ConsenSys/mythril
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Experimental stuff

Browse Source
integer_experimental
Bernhard Mueller 6 years ago
parent 19ba9b895a
commit bd45c34c6c
1 changed files with 36 additions and 17 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 53
      mythril/analysis/modules/integer.py

53
mythril/analysis/modules/integer.py
Unescape View File

@ -14,6 +14,7 @@ from mythril.laser.ethereum.util import get_concrete_int
from mythril.laser.ethereum.state.annotation import StateAnnotation from mythril.laser.ethereum.state.annotation import StateAnnotation
from mythril.analysis.modules.base import DetectionModule from mythril.analysis.modules.base import DetectionModule
from copy import copy from copy import copy
from mythril.laser.smt import simplify
from mythril.laser.smt import ( from mythril.laser.smt import (
BVAddNoOverflow, BVAddNoOverflow,
@ -77,7 +78,8 @@ class IntegerOverflowUnderflowModule(DetectionModule):
"there's a possible state where op1 + op0 > 2^32 - 1" "there's a possible state where op1 + op0 > 2^32 - 1"
), ),
entrypoint="callback", entrypoint="callback",
pre_hooks=["ADD", "MUL", "EXP", "SUB", "SSTORE", "JUMPI", "STOP", "RETURN"], # pre_hooks=["ADD", "MUL", "EXP", "SUB", "SSTORE", "JUMPI", "STOP", "RETURN"],
pre_hooks=["MUL", "SSTORE", "JUMPI", "STOP", "RETURN"],
) )
def reset_module(self): def reset_module(self):
@ -304,27 +306,44 @@ class IntegerOverflowUnderflowModule(DetectionModule):
ostate = annotation.overflowing_state ostate = annotation.overflowing_state
try: # This check can be disabled if the constraints are to difficult for z3 to solve
# This check can be disabled if the constraints are to difficult for z3 to solve # within any reasonable time.
# within any reasonable time.
if DISABLE_EFFECT_CHECK: if ostate.get_current_instruction()['address'] != 1587:
constraints = ostate.mstate.constraints + [annotation.constraint] continue
else:
constraints = state.mstate.constraints + [annotation.constraint] log.info(
"Potential overflow: {} at {}".format(
log.info( annotation.operator, ostate.get_current_instruction()["address"]
"Potential overflow: {} at {}".format(
annotation.operator, ostate.get_current_instruction()["address"]
)
) )
)
'''
if DISABLE_EFFECT_CHECK:
constraints = ostate.mstate.constraints + [annotation.constraint]
else:
constraints = state.mstate.constraints + [annotation.constraint]
'''
try:
solver.get_model(state.mstate.constraints)
logging.info("get_model(state.mstate.constraints) SUCCEEDED (end state is reachable)")
except UnsatError:
logging.info("get_model(state.mstate.constraints) failed (end state is unreachable)")
try:
solver.get_model([annotation.constraint])
logging.info("get_model([annotation.constraint]) SUCCEEDED (integer can overflow)")
except UnsatError:
logging.info("get_model([annotation.constraint]) failed (integer cannot overflow)")
try:
transaction_sequence = solver.get_transaction_sequence( transaction_sequence = solver.get_transaction_sequence(
state, constraints state, state.mstate.constraints + [annotation.constraint]
) )
log.info("SAT") log.info("SUCCEEDED: Combined constraints were solved ")
except UnsatError: except UnsatError:
log.info("UNSAT") log.info("Solving combined constraints failed")
continue continue
_type = "Underflow" if annotation.operator == "subtraction" else "Overflow" _type = "Underflow" if annotation.operator == "subtraction" else "Overflow"

Write Preview
Loading…
Cancel
Save