Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixing missing concKeccakSimpExpr for wordToAddr, maybeLitByte, etc. #619

Merged
merged 5 commits into from
Jan 6, 2025
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,11 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## Fixed
- We now try to simplify expressions fully before trying to cast them to a concrete value
This should improve issues when "Unexpected Symbolic Arguments to Opcode" was
unnecessarily output

## [0.54.2] - 2024-12-12

## Fixed
Expand Down
5 changes: 3 additions & 2 deletions cli/cli.hs
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ import EVM.Types hiding (word, Env, Symbolic)
import EVM.Types qualified
import EVM.UnitTest
import EVM.Effects
import EVM.Expr (maybeLitWordSimp, maybeLitAddrSimp)

data AssertionType = DSTest | Forge
deriving (Eq, Show, Read, ParseField)
Expand Down Expand Up @@ -489,7 +490,7 @@ vmFromCommand cmd = do
putStrLn "Error, must provide at least (rpc + address) or code"
exitFailure

let ts' = case maybeLitWord ts of
let ts' = case maybeLitWordSimp ts of
Just t -> t
Nothing -> internalError "unexpected symbolic timestamp when executing vm test"

Expand All @@ -511,7 +512,7 @@ vmFromCommand cmd = do
then InitCode bs mempty
else RuntimeCode (ConcreteRuntimeCode bs)
address = if cmd.create
then addr (.address) (Concrete.createAddress (fromJust $ maybeLitAddr origin) (W64 $ word64 (.nonce) 0))
then addr (.address) (Concrete.createAddress (fromJust $ maybeLitAddrSimp origin) (W64 $ word64 (.nonce) 0))
else addr (.address) (LitAddr 0xacab)

vm0 baseFee miner ts blockNum prevRan c = makeVm $ VMOpts
Expand Down
30 changes: 14 additions & 16 deletions src/EVM.hs
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ import EVM.Types qualified as Expr (Expr(Gas))
import EVM.Sign qualified
import EVM.Concrete qualified as Concrete
import EVM.CheatsTH
import EVM.Expr (maybeLitByte, maybeLitWordSimp, maybeLitAddrSimp)

import Control.Monad (unless, when)
import Control.Monad.ST (ST)
Expand Down Expand Up @@ -296,12 +297,9 @@ exec1 = do
stk = vm.state.stack
self = vm.state.contract
this = fromMaybe (internalError "state contract") (Map.lookup self vm.env.contracts)

fees@FeeSchedule {..} = vm.block.schedule

doStop = finishFrame (FrameReturned mempty)

litSelf = maybeLitAddr self
litSelf = maybeLitAddrSimp self

if isJust litSelf && (fromJust litSelf) > 0x0 && (fromJust litSelf) <= 0xa then do
-- call to precompile
Expand Down Expand Up @@ -741,7 +739,7 @@ exec1 = do
Lit v -> v
_ -> 0
storage_cost =
case (maybeLitWord current, maybeLitWord new) of
case (maybeLitWordSimp current, maybeLitWordSimp new) of
(Just current', Just new') ->
if (current' == new') then g_sload
else if (current' == original) && (original == 0) then g_sset
Expand All @@ -759,7 +757,7 @@ exec1 = do
assign (#state % #stack) xs
modifying (#env % #contracts % ix self % #storage) (writeStorage x new)

case (maybeLitWord current, maybeLitWord new) of
case (maybeLitWordSimp current, maybeLitWordSimp new) of
(Just current', Just new') ->
unless (current' == new') $
if current' == original then
Expand Down Expand Up @@ -914,7 +912,7 @@ exec1 = do
output <- readMemory xOffset xSize
let
codesize = fromMaybe (internalError "processing opcode RETURN. Cannot return dynamically sized abstract data")
. maybeLitWord . bufLength $ output
. maybeLitWordSimp . bufLength $ output
maxsize = vm.block.maxCodeSize
creation = case vm.frames of
[] -> vm.tx.isCreate
Expand Down Expand Up @@ -1176,7 +1174,7 @@ precompiledContract this xGas precompileAddr recipient xValue inOffset inSize ou
vm <- get
case result' of
Nothing -> case stk of
x:_ -> case maybeLitWord x of
x:_ -> case maybeLitWordSimp x of
Just 0 ->
pure ()
Just 1 ->
Expand Down Expand Up @@ -1591,28 +1589,28 @@ forceAddr n msg continue = case wordToAddr n of
Just c -> continue c

forceConcrete :: VMOps t => Expr EWord -> String -> (W256 -> EVM t s ()) -> EVM t s ()
forceConcrete n msg continue = case maybeLitWord n of
forceConcrete n msg continue = case maybeLitWordSimp n of
Nothing -> do
vm <- get
partial $ UnexpectedSymbolicArg vm.state.pc (getOpName vm.state) msg (wrap [n])
Just c -> continue c

forceConcreteAddr :: VMOps t => Expr EAddr -> String -> (Addr -> EVM t s ()) -> EVM t s ()
forceConcreteAddr n msg continue = case maybeLitAddr n of
forceConcreteAddr n msg continue = case maybeLitAddrSimp n of
Nothing -> do
vm <- get
partial $ UnexpectedSymbolicArg vm.state.pc (getOpName vm.state) msg (wrap [n])
Just c -> continue c

forceConcreteAddr2 :: VMOps t => (Expr EAddr, Expr EAddr) -> String -> ((Addr, Addr) -> EVM t s ()) -> EVM t s ()
forceConcreteAddr2 (n,m) msg continue = case (maybeLitAddr n, maybeLitAddr m) of
forceConcreteAddr2 (n,m) msg continue = case (maybeLitAddrSimp n, maybeLitAddrSimp m) of
(Just c, Just d) -> continue (c,d)
_ -> do
vm <- get
partial $ UnexpectedSymbolicArg vm.state.pc (getOpName vm.state) msg (wrap [n, m])

forceConcrete2 :: VMOps t => (Expr EWord, Expr EWord) -> String -> ((W256, W256) -> EVM t s ()) -> EVM t s ()
forceConcrete2 (n,m) msg continue = case (maybeLitWord n, maybeLitWord m) of
forceConcrete2 (n,m) msg continue = case (maybeLitWordSimp n, maybeLitWordSimp m) of
(Just c, Just d) -> continue (c, d)
_ -> do
vm <- get
Expand Down Expand Up @@ -1664,7 +1662,7 @@ accessAccountForGas addr = do
accessStorageForGas :: Expr EAddr -> Expr EWord -> EVM t s Bool
accessStorageForGas addr key = do
accessedStrkeys <- use (#tx % #subState % #accessedStorageKeys)
case maybeLitWord key of
case maybeLitWordSimp key of
Just litword -> do
let accessed = member (addr, litword) accessedStrkeys
assign (#tx % #subState % #accessedStorageKeys) (insert (addr, litword) accessedStrkeys)
Expand All @@ -1689,7 +1687,7 @@ cheat gas (inOffset, inSize) (outOffset, outSize) xs = do
input <- readMemory (Expr.add inOffset (Lit 4)) (Expr.sub inSize (Lit 4))
calldata <- readMemory inOffset inSize
abi <- readBytes 4 (Lit 0) <$> readMemory inOffset (Lit 4)
let newContext = CallContext cheatCode cheatCode outOffset outSize (Lit 0) (maybeLitWord abi) calldata vm.env.contracts vm.tx.subState
let newContext = CallContext cheatCode cheatCode outOffset outSize (Lit 0) (maybeLitWordSimp abi) calldata vm.env.contracts vm.tx.subState

pushTrace $ FrameTrace newContext
next
Expand All @@ -1698,7 +1696,7 @@ cheat gas (inOffset, inSize) (outOffset, outSize) xs = do
{ state = vm1.state { stack = xs }
, context = newContext
}
case maybeLitWord abi of
case maybeLitWordSimp abi of
Nothing -> partial $ UnexpectedSymbolicArg vm.state.pc (getOpName vm.state) "symbolic cheatcode selector" (wrap [abi])
Just (unsafeInto -> abi') ->
case Map.lookup abi' cheatActions of
Expand Down Expand Up @@ -2054,7 +2052,7 @@ delegateCall this gasGiven xTo xContext xValue xInOffset xInSize xOutOffset xOut
_ -> do
burn' xGas $ do
calldata <- readMemory xInOffset xInSize
abi <- maybeLitWord . readBytes 4 (Lit 0) <$> readMemory xInOffset (Lit 4)
abi <- maybeLitWordSimp . readBytes 4 (Lit 0) <$> readMemory xInOffset (Lit 4)
let newContext = CallContext
{ target = xTo
, context = xContext
Expand Down
3 changes: 2 additions & 1 deletion src/EVM/ABI.hs
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ module EVM.ABI

import EVM.Expr (readWord, isLitWord)
import EVM.Types
import EVM.Expr (maybeLitWordSimp)

import Control.Applicative ((<|>))
import Control.Monad (replicateM, replicateM_, forM_, void)
Expand Down Expand Up @@ -511,7 +512,7 @@ decodeBuf tps buf =
else
let
vs = decodeStaticArgs 0 (length tps) buf
asBS = mconcat $ fmap word256Bytes (mapMaybe maybeLitWord vs)
asBS = mconcat $ fmap word256Bytes (mapMaybe maybeLitWordSimp vs)
in if not (all isLitWord vs)
then SAbi vs
else case runGetOrFail (getAbiSeq (length tps) tps) (BSLazy.fromStrict asBS) of
Expand Down
3 changes: 2 additions & 1 deletion src/EVM/Dapp.hs
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import EVM.ABI
import EVM.Concrete
import EVM.Solidity
import EVM.Types
import EVM.Expr (maybeLitByte, maybeLitWordSimp)

import Control.Arrow ((>>>), second)
import Data.Aeson (Value)
Expand Down Expand Up @@ -138,7 +139,7 @@ srcMap dapp contr opIndex = do

findSrc :: Contract -> DappInfo -> Maybe SolcContract
findSrc c dapp = do
hash <- maybeLitWord c.codehash
hash <- maybeLitWordSimp c.codehash
case Map.lookup hash dapp.solcByHash of
Just (_, v) -> Just v
Nothing -> lookupCode c.code dapp
Expand Down
34 changes: 27 additions & 7 deletions src/EVM/Expr.hs
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ import Data.ByteString (ByteString)
import Data.ByteString qualified as BS
import Data.DoubleWord (Int256, Word256(Word256), Word128(Word128))
import Data.List
import Data.Map qualified as LMap
import Data.Map.Strict qualified as Map
import Data.Maybe (mapMaybe, isJust, fromMaybe)
import Data.Semigroup (Any, Any(..), getAny)
Expand Down Expand Up @@ -1326,13 +1327,10 @@ exprToAddr _ = Nothing

-- TODO: make this smarter, probably we will need to use the solver here?
wordToAddr :: Expr EWord -> Maybe (Expr EAddr)
wordToAddr = go . simplify
where
go :: Expr EWord -> Maybe (Expr EAddr)
go = \case
WAddr a -> Just a
Lit a -> Just $ LitAddr (truncateToAddr a)
_ -> Nothing
wordToAddr e = case (concKeccakSimpExpr e) of
WAddr a -> Just a
Lit a -> Just $ LitAddr (truncateToAddr a)
_ -> Nothing

litCode :: BS.ByteString -> [Expr Byte]
litCode bs = fmap LitByte (BS.unpack bs)
Expand Down Expand Up @@ -1616,3 +1614,25 @@ checkLHSConstProp a = isJust $ mapPropM_ lhsConstHelper a
-- Commutative operators should have the constant on the LHS
checkLHSConst :: Expr a -> Bool
checkLHSConst a = isJust $ mapExprM_ lhsConstHelper a

maybeLitByte :: Expr Byte -> Maybe Word8
msooseth marked this conversation as resolved.
Show resolved Hide resolved
maybeLitByte e = case (concKeccakSimpExpr e) of
(LitByte x) -> Just x
_ -> Nothing

maybeLitWordSimp :: Expr EWord -> Maybe W256
maybeLitWordSimp e = case (concKeccakSimpExpr e) of
(Lit w) -> Just w
(WAddr (LitAddr w)) -> Just (into w)
_ -> Nothing

maybeLitAddrSimp :: Expr EAddr -> Maybe Addr
maybeLitAddrSimp e = case (concKeccakSimpExpr e) of
(LitAddr a) -> Just a
_ -> Nothing

maybeConcStoreSimp :: Expr Storage -> Maybe (LMap.Map W256 W256)
maybeConcStoreSimp e = case (concKeccakSimpExpr e) of
(ConcreteStore s) -> Just s
_ -> Nothing

9 changes: 5 additions & 4 deletions src/EVM/Format.hs
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ import EVM.Dapp (DappContext(..), DappInfo(..), findSrc, showTraceLocation)
import EVM.Expr qualified as Expr
import EVM.Solidity (SolcContract(..), Method(..), contractName, abiMap)
import EVM.Types
import EVM.Expr (maybeLitWordSimp, maybeLitAddrSimp)

import Control.Arrow ((>>>))
import Optics.Core
Expand Down Expand Up @@ -211,7 +212,7 @@ showTrace trace =
[] ->
logn
firstTopic:restTopics ->
case maybeLitWord firstTopic of
case maybeLitWordSimp firstTopic of
Just topic ->
case Map.lookup topic dapp.eventMap of
Just (Event name _ argInfos) ->
Expand All @@ -229,7 +230,7 @@ showTrace trace =
-- ) anonymous;
let
sig = unsafeInto $ shiftR topic 224 :: FunctionSelector
usr = case maybeLitWord t2 of
usr = case maybeLitWordSimp t2 of
Just w ->
pack $ show (unsafeInto w :: Addr)
Nothing ->
Expand Down Expand Up @@ -274,7 +275,7 @@ showTrace trace =
where
showTopic :: AbiType -> Expr EWord -> Text
showTopic abiType topic =
case maybeLitWord (Expr.concKeccakSimpExpr topic) of
case maybeLitWordSimp (Expr.concKeccakSimpExpr topic) of
Just w -> head $ textValues [abiType] (ConcreteBuf (word256Bytes w))
_ -> "<symbolic>"

Expand Down Expand Up @@ -369,7 +370,7 @@ ppAddr addr alwaysShowAddr =
case (findSrc contract ?context.info) of
Just x -> Just (contractNamePart x.contractName)
Nothing -> Nothing
label = case do litAddr <- maybeLitAddr addr
label = case do litAddr <- maybeLitAddrSimp addr
Map.lookup litAddr ?context.labels of
Nothing -> ""
Just l -> "[" <> "\x1b[1m" <> l <> "\x1b[0m" <> "]"
Expand Down
3 changes: 2 additions & 1 deletion src/EVM/Solidity.hs
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,8 @@ import EVM.Types hiding (Success)

import Optics.Core
import Optics.Operators.Unsafe
import EVM.Effects;
import EVM.Effects
import EVM.Expr (maybeLitByte)

import Control.Applicative
import Control.Monad
Expand Down
3 changes: 2 additions & 1 deletion src/EVM/SymExec.hs
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ import EVM.Stepper (Stepper)
import EVM.Stepper qualified as Stepper
import EVM.Traversals
import EVM.Types
import EVM.Expr (maybeConcStoreSimp)
import GHC.Conc (getNumProcessors)
import GHC.Generics (Generic)
import Optics.Core
Expand Down Expand Up @@ -652,7 +653,7 @@ verify solvers opts preState maybepost = do
expandCex :: VM Symbolic s -> SMTCex -> SMTCex
expandCex prestate c = c { store = Map.union c.store concretePreStore }
where
concretePreStore = Map.mapMaybe (maybeConcreteStore . (.storage))
concretePreStore = Map.mapMaybe (maybeConcStoreSimp . (.storage))
. Map.filter (\v -> Expr.containsNode isConcreteStore v.storage)
$ (prestate.env.contracts)
isConcreteStore = \case
Expand Down
18 changes: 0 additions & 18 deletions src/EVM/Types.hs
Original file line number Diff line number Diff line change
Expand Up @@ -1266,24 +1266,6 @@ instance Show Nibble where

-- Conversions -------------------------------------------------------------------------------------

maybeLitByte :: Expr Byte -> Maybe Word8
maybeLitByte (LitByte x) = Just x
maybeLitByte _ = Nothing

maybeLitWord :: Expr EWord -> Maybe W256
maybeLitWord (Lit w) = Just w
maybeLitWord (WAddr (LitAddr w)) = Just (into w)
maybeLitWord _ = Nothing

maybeLitAddr :: Expr EAddr -> Maybe Addr
maybeLitAddr (LitAddr a) = Just a
maybeLitAddr _ = Nothing

maybeConcreteStore :: Expr Storage -> Maybe (Map W256 W256)
maybeConcreteStore (ConcreteStore s) = Just s
maybeConcreteStore _ = Nothing


word256 :: ByteString -> Word256
word256 xs | BS.length xs == 1 =
-- optimize one byte pushes
Expand Down
7 changes: 4 additions & 3 deletions src/EVM/UnitTest.hs
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ import EVM.Types
import EVM.Transaction (initTx)
import EVM.Stepper (Stepper)
import EVM.Stepper qualified as Stepper
import EVM.Expr (maybeLitWordSimp)

import Control.Monad (void, when, forM, forM_)
import Control.Monad.ST (RealWorld, ST, stToIO)
Expand Down Expand Up @@ -338,7 +339,7 @@ formatTestLog :: (?context :: DappContext) => Map W256 Event -> Expr Log -> Mayb
formatTestLog _ (LogEntry _ _ []) = Nothing
formatTestLog _ (GVar _) = internalError "unexpected global variable"
formatTestLog events (LogEntry _ args (topic:_)) =
case maybeLitWord topic >>= \t1 -> (Map.lookup t1 events) of
case maybeLitWordSimp topic >>= \t1 -> (Map.lookup t1 events) of
Nothing -> Nothing
Just (Event name _ argInfos) ->
case (name <> parenthesise (abiTypeSolidity <$> argTypes)) of
Expand Down Expand Up @@ -413,7 +414,7 @@ makeTxCall params (cd, cdProps) = do
assign (#state % #caller) params.caller
assign (#state % #gas) (toGas params.gasCall)
origin <- fromMaybe (initialContract (RuntimeCode (ConcreteRuntimeCode ""))) <$> use (#env % #contracts % at params.origin)
let insufficientBal = maybe False (\b -> b < params.gasprice * (into params.gasCall)) (maybeLitWord origin.balance)
let insufficientBal = maybe False (\b -> b < params.gasprice * (into params.gasCall)) (maybeLitWordSimp origin.balance)
when insufficientBal $ internalError "insufficient balance for gas cost"
vm <- get
put $ initTx vm
Expand Down Expand Up @@ -467,7 +468,7 @@ paramsFromRpc rpcinfo = do
, gaslimit
, baseFee
)
let ts' = fromMaybe (internalError "received unexpected symbolic timestamp via rpc") (maybeLitWord ts)
let ts' = fromMaybe (internalError "received unexpected symbolic timestamp via rpc") (maybeLitWordSimp ts)
pure $ TestVMParams
-- TODO: make this symbolic! It needs some tweaking to the way that our
-- symbolic interpreters work to allow us to symbolically exec constructor initialization
Expand Down
Loading
Loading