Implement IsRuntimeCode() & bug fixes.

msuiche · msuiche · commit eaa1c7ba814b · 2017-06-22T12:50:08.000+04:00
Add wiki images.
diff --git a/porosity/porosity/Contract.cpp b/porosity/porosity/Contract.cpp
@@ -1024,4 +1024,41 @@ Contract::decompile(
 
     decompiled_code.print();
     printf("LOC: %d\n", decompiled_code.loc());
+}
+
+bool
+Contract::IsRuntimeCode(
+    bytes code
+)
+/*++
+    Description: 
+        This function analyze the input bytecode to know if it is the runtime code.
+        If not it returns the offset of the runtime bytecode in m_runtimeOffset
+--*/
+{
+    bool hasCODECOPY = false;
+    bool leaveFunction = false;
+
+    dev::eth::eachInstruction(code, [&](uint32_t _offset, Instruction _instr, u256 const& _data) {
+        porosity::printInstruction(_offset, _instr, _data);
+
+        if (leaveFunction) {
+            if (hasCODECOPY && !m_runtimeOffset) {
+                m_runtimeOffset = _offset;
+                if (g_VerboseLevel >= 5) printf("Runtime function found at offset = 0x%x\n", _offset);
+            }
+            return;
+        }
+
+        switch (_instr) {
+            case Instruction::CODECOPY:
+                hasCODECOPY = true;
+                break;
+            case Instruction::RETURN:
+                leaveFunction = true;
+                break;
+        }
+    });
+
+    return !hasCODECOPY;
 }
diff --git a/porosity/porosity/Contract.h b/porosity/porosity/Contract.h
@@ -24,7 +24,17 @@ using namespace dev::eth;
 class Contract {
 public:
     Contract(bytes bytecode) {
-        m_byteCodeRuntime = bytecode;
+        m_byteCode = bytecode;
+        if (IsRuntimeCode(bytecode)) {
+            m_byteCodeRuntime = bytecode;
+        }
+        else {
+            // In the caes IsRuntimeCode() didn't return the offset we move on.
+            if (!m_runtimeOffset) return;
+
+            bytes runtimeCode(bytecode.begin() + m_runtimeOffset, bytecode.end());
+            m_byteCodeRuntime = runtimeCode;
+        }
 
         getBasicBlocks();
     }
@@ -39,6 +49,11 @@ class Contract {
         void
     );
 
+    bool
+    IsRuntimeCode(
+        bytes bytecode
+    );
+
     string
     getGraphNodeColor(
         NodeType _type
@@ -240,5 +255,6 @@ class Contract {
     nlohmann::json m_abi_json;
     bytes m_byteCode;
     bytes m_byteCodeRuntime;
+    uint32_t m_runtimeOffset = 0;
 };
 #endif
diff --git a/porosity/porosity/Debug.cpp b/porosity/porosity/Debug.cpp
@@ -199,7 +199,7 @@ void debug() {
         amount","type":"uint256"}],"name":"Sent","type":"event"}]
 #endif
 
-#if 0
+#if 1
         Contract Coin({ 0x60, 0x60, 0x60, 0x40, 0x52, 0x60, 0xe0, 0x60, 0x02, 0x0a, 0x60, 0x00, 0x35, 0x04, 0x63, 0x07, 0x54, 0x61, 0x72, 0x81, 0x14, 0x61, 0x00, 0x3c, 0x57, 0x80, 0x63, 0x27, 0xe2, 0x35, 0xe3, 0x14, 0x61, 0x00, 0x4e, 0x57, 0x80, 0x63, 0x40, 0xc1, 0x0f, 0x19, 0x14, 0x61, 0x00, 0x66, 0x57, 0x80, 0x63, 0xd0, 0x67, 0x9d, 0x34, 0x14, 0x61, 0x00, 0x8c, 0x57, 0x5b, 0x00, 0x5b, 0x61, 0x00, 0xbb, 0x60, 0x00, 0x54, 0x60, 0x01, 0x60, 0xa0, 0x60, 0x02, 0x0a, 0x03, 0x16, 0x81, 0x56, 0x5b, 0x61, 0x00, 0xbb, 0x60, 0x04, 0x35, 0x60, 0x01, 0x60, 0x20, 0x52, 0x60, 0x00, 0x90, 0x81, 0x52, 0x60, 0x40, 0x90, 0x20, 0x54, 0x81, 0x56, 0x5b, 0x61, 0x00, 0x3a, 0x60, 0x04, 0x35, 0x60, 0x24, 0x35, 0x60, 0x00, 0x54, 0x60, 0x01, 0x60, 0xa0, 0x60, 0x02, 0x0a, 0x03, 0x90, 0x81, 0x16, 0x33, 0x91, 0x90, 0x91, 0x16, 0x14, 0x61, 0x00, 0xc5, 0x57, 0x61, 0x00, 0xe4, 0x56, 0x5b, 0x61, 0x00, 0x3a, 0x60, 0x04, 0x35, 0x60, 0x24, 0x35, 0x60, 0x01, 0x60, 0xa0, 0x60, 0x02, 0x0a, 0x03, 0x33, 0x16, 0x60, 0x00, 0x90, 0x81, 0x52, 0x60, 0x01, 0x60, 0x20, 0x52, 0x60, 0x40, 0x90, 0x20, 0x54, 0x81, 0x90, 0x10, 0x15, 0x61, 0x00, 0xe8, 0x57, 0x61, 0x00, 0xe4, 0x56, 0x5b, 0x60, 0x60, 0x90, 0x81, 0x52, 0x60, 0x20, 0x90, 0xf3, 0x5b, 0x60, 0x01, 0x60, 0xa0, 0x60, 0x02, 0x0a, 0x03, 0x82, 0x16, 0x60, 0x00, 0x90, 0x81, 0x52, 0x60, 0x01, 0x60, 0x20, 0x52, 0x60, 0x40, 0x90, 0x20, 0x80, 0x54, 0x82, 0x01, 0x90, 0x55, 0x5b, 0x50, 0x50, 0x56, 0x5b, 0x60, 0x40, 0x60, 0x00, 0x81, 0x81, 0x20, 0x80, 0x54, 0x84, 0x90, 0x03, 0x90, 0x55, 0x60, 0x01, 0x60, 0xa0, 0x60, 0x02, 0x0a, 0x03, 0x80, 0x85, 0x16, 0x80, 0x83, 0x52, 0x92, 0x90, 0x91, 0x20, 0x80, 0x54, 0x84, 0x01, 0x90, 0x55, 0x33, 0x16, 0x60, 0x60, 0x90, 0x81, 0x52, 0x60, 0x80, 0x91, 0x90, 0x91, 0x52, 0x60, 0xa0, 0x82, 0x90, 0x52, 0x7f, 0x39, 0x90, 0xdb, 0x2d, 0x31, 0x86, 0x23, 0x02, 0xa6, 0x85, 0xe8, 0x08, 0x6b, 0x57, 0x55, 0x07, 0x2a, 0x6e, 0x2b, 0x5b, 0x78, 0x0a, 0xf1, 0xee, 0x81, 0xec, 0xe3, 0x5e, 0xe3, 0xcd, 0x33, 0x45, 0x90, 0x80, 0xa1, 0x50, 0x50, 0x56 });
     //  .\solc.exe --bin-runtime --optimize E:\eth\simple.sol --abi --hashes
     if (g_VerboseLevel > 2) Coin.printInstructions();
@@ -230,7 +230,7 @@ void debug() {
 
 #endif
 
-#if 0
+#if 1
     Contract reverseMe(ThreeFuncMath);
     reverseMe.setABI("", "[{\"constant\":false,\"inputs\":[{\"name\":\"a\",\"type\":\"uint256\"}],\"name\":\"double\",\"outputs\":[{\"name\":\"\",\"type\":\"uint256\"}],\"type\":\"function\"},{\"constant\":false,\"inputs\":[{\"name\":\"a\",\"type\":\"uint256\"}],\"name\":\"triple\",\"outputs\":[{\"name\":\"\",\"type\":\"uint256\"}], \"type\":\"function\"}]");
     reverseMe.setData({ 0xee, 0xe9, 0x72, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x45, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 });
@@ -247,6 +247,8 @@ void debug() {
     reverseMe.decompile(DOUBLE_FUNCTION_HASH);
     printf("------------\n");
     reverseMe.decompile(TRIPLE_FUNCTION_HASH);
+
+    printf("After execution.\n%s\n", reverseMe.getGraphviz(false).c_str());
 #endif
 
     Contract vulnerable(VulnerableContract);
diff --git a/porosity/porosity/VMState.cpp b/porosity/porosity/VMState.cpp
@@ -31,17 +31,21 @@ u256 address_mask("0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF");
 #define IsStackEntryTypeTainted(type) (type & (UserInput | UserInputTainted))
 #define IsMasking160bitsAddress(x) ((x)->value.compare(address_mask) == 0)
 
+#define IsStackIndexPresent(x) (m_stack.size() > x)
+
 inline void 
 VMState::SwapStackRegisters(
     uint32_t index_a,
     uint32_t index_b
 )
 {
-    StackRegister oldValue = m_stack[index_a];
-    StackRegister newValue = m_stack[index_b];
+    if (IsStackIndexPresent(index_a) && IsStackIndexPresent(index_b)) {
+        StackRegister oldValue = m_stack[index_a];
+        StackRegister newValue = m_stack[index_b];
 
-    m_stack[index_b] = oldValue;
-    m_stack[index_a] = newValue;
+        m_stack[index_b] = oldValue;
+        m_stack[index_a] = newValue;
+    }
 }
 
 std::string random_string(size_t length)
@@ -122,7 +126,12 @@ VMState::popStack(
     void
 )
 {
-    m_stack.erase(m_stack.begin());
+    if (m_stack.size()) {
+        m_stack.erase(m_stack.begin());
+    }
+    else {
+        printf("ERROR: Stack Underflow.\n");
+    }
 }
 
 bool
diff --git a/wiki/double-triple-cfg.png b/wiki/double-triple-cfg.png
