Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce incompleteGlobal analysis round, other changes #120

Merged
merged 28 commits into from
Dec 18, 2023
Merged

Introduce incompleteGlobal analysis round, other changes #120

merged 28 commits into from
Dec 18, 2023

Conversation

sifislag
Copy link
Collaborator

@sifislag sifislag commented Dec 15, 2023
edited
Loading

The main change of this PR is the introduction of an incompleteGlobal analysis round, before the instantiation of the typical main global analysis. This allows us to verify which of the variables that are pushed to the stack and have the values of valid JUMPDESTs are actually used as jump targets, overriding the BlockPushesLabel() facts used by PrivateFunctionCall() which is essential our context sensitivity algorithms. The result of this is a reduction of the number of contexts of our global CFG analysis, lightening the load of the function inference logic as well.

Other changes:

  • Refactor, making results of PublicFunction, PublicFunctionJump relations consistent in both preTrans and postTrans local analysis instantiations.
  • Now introduce PublicFunction context element on public function "call-site" instead of starting block, giving us a minor precision improvement.
  • Use the HeuristicBlockCloner's global analysis to filter PublicFunction instances found by preTrans, by ensuring the function selector is used in the comparisons. Allows us to support selectors of 1 and 2 bytes without imprecision. Closes Improve public function inference when the function selector is smaller than 3 bytes #91.
  • Increase completeness of receive() support, use special selector value of 0xeeeeeeee

Will run some final benchmarks and post the results before merging.

RESULTS

All runs have a timeout of 200s and are performed using --disable_scalable_fallback

Transactional-Shrinking

viaIR contracts see the biggest benefit with a reduction in timeouts and no increase in execution time. In the other two datasets we notice an increase in the average execution time but no new timeouts.

results over 3k ir contracts (via-ir-dec23):

2866 contracts decompiled/analyzed by dec23-ir-master-200 (0 exclusively)
2880 contracts decompiled/analyzed by dec23-ir-unsound-200 (14 exclusively)

ANALYTIC: decomp_time                       
dec23-ir-master-200 (common): 20948.068742275238 (+0.123%)          
dec23-ir-unsound-200 (common): 20922.326548814774
                                                                    
ANALYTIC: Analytics_JumpToMany            
dec23-ir-master-200 (common): 5425                                  
dec23-ir-unsound-200 (common): 5456 (+0.5714%)
                                                                    
ANALYTIC: Analytics_PublicFunction          
dec23-ir-master-200 (common): 61316                                 
dec23-ir-unsound-200 (common): 61263 (-0.08644%)
                                                                    
ANALYTIC: Analytics_ReachableBlocks               
dec23-ir-master-200 (common): 1265532                               
dec23-ir-unsound-200 (common): 1265532
                                                                    
ANALYTIC: Analytics_UnreachableBlock                
dec23-ir-master-200 (common): 29734                                 
dec23-ir-unsound-200 (common): 29734        
                                                                    
ANALYTIC: Analytics_ReachableBlocksInTAC           
dec23-ir-master-200 (common): 1264073 (-0.005616%)                  
dec23-ir-unsound-200 (common): 1264144
                                                                    
ANALYTIC: Analytics_BlockHasNoTACBlock      
dec23-ir-master-200 (common): 1459 (+5.115%)                        
dec23-ir-unsound-200 (common): 1388   
                                                                    
ANALYTIC: Analytics_DeadBlocks          
dec23-ir-master-200 (common): 12216 (+0.7339%)                      
dec23-ir-unsound-200 (common): 12127              
                                                                    
ANALYTIC: Analytics_PolymorphicTargetSameCtx
dec23-ir-master-200 (common): 761                                   
dec23-ir-unsound-200 (common): 761                             
                                                                    
ANALYTIC: Analytics_LocalBlockEdge              
dec23-ir-master-200 (common): 1796030                               
dec23-ir-unsound-200 (common): 1795110 (-0.05122%)                                                                                       
                                                                    
ANALYTIC: Analytics_StmtMissingOperand        
dec23-ir-master-200 (common): 587 (+0.6861%)                        
dec23-ir-unsound-200 (common): 583
                                                                                                                                         
ANALYTIC: Analytics_PrivateFunctionMatchesMetadata
dec23-ir-master-200 (common): 82382 (-0.002428%)                                                                                                                                                                                                                                  
dec23-ir-unsound-200 (common): 82384
                                                                    
ANALYTIC: Analytics_PrivateFunctionMatchesMetadataIncorrectArgs                                                                          
dec23-ir-master-200 (common): 2203 (+0.04541%)                                                                                           
dec23-ir-unsound-200 (common): 2202                                                                                                                                                                                                                                               
                                                                    
ANALYTIC: Analytics_PrivateFunctionMatchesMetadataIncorrectReturnArgs
dec23-ir-master-200 (common): 1600 (+0.1879%)
dec23-ir-unsound-200 (common): 1597

ANALYTIC: Analytics_Contexts                                                                                                                                                                                                                                                      
dec23-ir-master-200 (common): 3881200 (+53.9%)                                                                                                                                                                                                                                    
dec23-ir-unsound-200 (common): 2521911

2k solc0.8 contracts over 10kb (solc08-over10k):

1980 contracts decompiled/analyzed by dec23-large-master-200 (0 exclusively)
1981 contracts decompiled/analyzed by dec23-large-unsound-200 (1 exclusively)

ANALYTIC: decomp_time
dec23-large-master-200 (common): 13397.00133228302
dec23-large-unsound-200 (common): 15676.011434793472 (+17.01%)

ANALYTIC: Analytics_JumpToMany
dec23-large-master-200 (common): 436
dec23-large-unsound-200 (common): 436

ANALYTIC: Analytics_PublicFunction
dec23-large-master-200 (common): 80120
dec23-large-unsound-200 (common): 80090 (-0.03744%)

ANALYTIC: Analytics_ReachableBlocks
dec23-large-master-200 (common): 1631364
dec23-large-unsound-200 (common): 1631364

ANALYTIC: Analytics_UnreachableBlock
dec23-large-master-200 (common): 28720
dec23-large-unsound-200 (common): 28720

ANALYTIC: Analytics_ReachableBlocksInTAC
dec23-large-master-200 (common): 1631182
dec23-large-unsound-200 (common): 1631182

ANALYTIC: Analytics_BlockHasNoTACBlock
dec23-large-master-200 (common): 182
dec23-large-unsound-200 (common): 182

ANALYTIC: Analytics_DeadBlocks
dec23-large-master-200 (common): 2267
dec23-large-unsound-200 (common): 2267

ANALYTIC: Analytics_PolymorphicTargetSameCtx
dec23-large-master-200 (common): 1262 (+0.1587%)
dec23-large-unsound-200 (common): 1260

ANALYTIC: Analytics_LocalBlockEdge
dec23-large-master-200 (common): 1776089 (-0.001126%)
dec23-large-unsound-200 (common): 1776109

ANALYTIC: Analytics_StmtMissingOperand
dec23-large-master-200 (common): 83
dec23-large-unsound-200 (common): 83

ANALYTIC: Analytics_Contexts
dec23-large-master-200 (common): 2538793 (+17.44%)
dec23-large-unsound-200 (common): 2161745

2k contracts with metadata (metadata-dataset1):

1990 contracts decompiled/analyzed by some config
1990 contracts decompiled/analyzed by all configs (common)

ANALYTIC: decomp_time
dec23-metadata-master-200 (common): 11313.415241718292
dec23-metadata-unsound-200 (common): 12820.136463880539 (+13.32%)

ANALYTIC: Analytics_JumpToMany
dec23-metadata-master-200 (common): 358
dec23-metadata-unsound-200 (common): 358

ANALYTIC: Analytics_PublicFunction
dec23-metadata-master-200 (common): 77907
dec23-metadata-unsound-200 (common): 77901 (-0.007701%)

ANALYTIC: Analytics_ReachableBlocks
dec23-metadata-master-200 (common): 1229995
dec23-metadata-unsound-200 (common): 1229995

ANALYTIC: Analytics_UnreachableBlock
dec23-metadata-master-200 (common): 11664
dec23-metadata-unsound-200 (common): 11664

ANALYTIC: Analytics_ReachableBlocksInTAC
dec23-metadata-master-200 (common): 1229901
dec23-metadata-unsound-200 (common): 1229901

ANALYTIC: Analytics_BlockHasNoTACBlock
dec23-metadata-master-200 (common): 94
dec23-metadata-unsound-200 (common): 94

ANALYTIC: Analytics_DeadBlocks
dec23-metadata-master-200 (common): 1272
dec23-metadata-unsound-200 (common): 1272

ANALYTIC: Analytics_PolymorphicTargetSameCtx
dec23-metadata-master-200 (common): 736 (+0.2725%)
dec23-metadata-unsound-200 (common): 734

ANALYTIC: Analytics_LocalBlockEdge
dec23-metadata-master-200 (common): 1427369
dec23-metadata-unsound-200 (common): 1427310 (-0.004133%)

ANALYTIC: Analytics_StmtMissingOperand
dec23-metadata-master-200 (common): 86
dec23-metadata-unsound-200 (common): 86

ANALYTIC: Analytics_PrivateFunctionMatchesMetadata
dec23-metadata-master-200 (common): 104265
dec23-metadata-unsound-200 (common): 104265

ANALYTIC: Analytics_PrivateFunctionMatchesMetadataIncorrectArgs
dec23-metadata-master-200 (common): 505
dec23-metadata-unsound-200 (common): 505

ANALYTIC: Analytics_PrivateFunctionMatchesMetadataIncorrectReturnArgs
dec23-metadata-master-200 (common): 730
dec23-metadata-unsound-200 (common): 730

ANALYTIC: Analytics_Contexts
dec23-metadata-master-200 (common): 1826948 (+21.72%)
dec23-metadata-unsound-200 (common): 1500998

Plain Transactional

Again, a minor reduction in the number of contexts and increase in the average execution time. Doesn't really give great benefit anywhere.

via-ir-dec23:

2602 contracts decompiled/analyzed by dec23-ir-master-trans-200 (0 exclusively)
2602 contracts decompiled/analyzed by dec23-ir-unsound-trans-200 (0 exclusively)

ANALYTIC: decomp_time
dec23-ir-master-trans-200 (common): 16918.658376932144
dec23-ir-unsound-trans-200 (common): 18542.089124679565 (+9.596%)

ANALYTIC: Analytics_JumpToMany
dec23-ir-master-trans-200 (common): 7553
dec23-ir-unsound-trans-200 (common): 7553

ANALYTIC: Analytics_PublicFunction
dec23-ir-master-trans-200 (common): 52208
dec23-ir-unsound-trans-200 (common): 52194 (-0.02682%)

ANALYTIC: Analytics_ReachableBlocks
dec23-ir-master-trans-200 (common): 1022113
dec23-ir-unsound-trans-200 (common): 1022113

ANALYTIC: Analytics_UnreachableBlock
dec23-ir-master-trans-200 (common): 25090
dec23-ir-unsound-trans-200 (common): 25090

ANALYTIC: Analytics_ReachableBlocksInTAC
dec23-ir-master-trans-200 (common): 1019992
dec23-ir-unsound-trans-200 (common): 1019992

ANALYTIC: Analytics_BlockHasNoTACBlock
dec23-ir-master-trans-200 (common): 2121
dec23-ir-unsound-trans-200 (common): 2121

ANALYTIC: Analytics_DeadBlocks
dec23-ir-master-trans-200 (common): 15010
dec23-ir-unsound-trans-200 (common): 15280 (+1.799%)

ANALYTIC: Analytics_PolymorphicTargetSameCtx
dec23-ir-master-trans-200 (common): 1967
dec23-ir-unsound-trans-200 (common): 1973 (+0.305%)

ANALYTIC: Analytics_LocalBlockEdge
dec23-ir-master-trans-200 (common): 1426408 (-0.06348%)
dec23-ir-unsound-trans-200 (common): 1427314

ANALYTIC: Analytics_StmtMissingOperand
dec23-ir-master-trans-200 (common): 699
dec23-ir-unsound-trans-200 (common): 699

ANALYTIC: Analytics_PrivateFunctionMatchesMetadata
dec23-ir-master-trans-200 (common): 61974
dec23-ir-unsound-trans-200 (common): 61974

ANALYTIC: Analytics_PrivateFunctionMatchesMetadataIncorrectArgs
dec23-ir-master-trans-200 (common): 1550
dec23-ir-unsound-trans-200 (common): 1550

ANALYTIC: Analytics_PrivateFunctionMatchesMetadataIncorrectReturnArgs
dec23-ir-master-trans-200 (common): 951
dec23-ir-unsound-trans-200 (common): 951

ANALYTIC: Analytics_Contexts
dec23-ir-master-trans-200 (common): 5820182 (+7.586%)
dec23-ir-unsound-trans-200 (common): 5409804

metadata-dataset1:

1842 contracts decompiled/analyzed by dec23-metadata-master-trans-200 (0 exclusively)
1842 contracts decompiled/analyzed by dec23-metadata-unsound-trans-200 (0 exclusively)

ANALYTIC: decomp_time
dec23-metadata-master-trans-200 (common): 10633.035330295563
dec23-metadata-unsound-trans-200 (common): 12469.912697076797 (+17.28%)

ANALYTIC: Analytics_JumpToMany
dec23-metadata-master-trans-200 (common): 187
dec23-metadata-unsound-trans-200 (common): 187

ANALYTIC: Analytics_PublicFunction
dec23-metadata-master-trans-200 (common): 71587
dec23-metadata-unsound-trans-200 (common): 71582 (-0.006985%)

ANALYTIC: Analytics_ReachableBlocks
dec23-metadata-master-trans-200 (common): 1119714
dec23-metadata-unsound-trans-200 (common): 1119714

ANALYTIC: Analytics_UnreachableBlock
dec23-metadata-master-trans-200 (common): 10962
dec23-metadata-unsound-trans-200 (common): 10962

ANALYTIC: Analytics_ReachableBlocksInTAC
dec23-metadata-master-trans-200 (common): 1119591
dec23-metadata-unsound-trans-200 (common): 1119591

ANALYTIC: Analytics_BlockHasNoTACBlock
dec23-metadata-master-trans-200 (common): 123
dec23-metadata-unsound-trans-200 (common): 123

ANALYTIC: Analytics_DeadBlocks
dec23-metadata-master-trans-200 (common): 3805
dec23-metadata-unsound-trans-200 (common): 3805

ANALYTIC: Analytics_PolymorphicTargetSameCtx
dec23-metadata-master-trans-200 (common): 2678 (+0.1496%)
dec23-metadata-unsound-trans-200 (common): 2674

ANALYTIC: Analytics_LocalBlockEdge
dec23-metadata-master-trans-200 (common): 1291262
dec23-metadata-unsound-trans-200 (common): 1291224 (-0.002943%)

ANALYTIC: Analytics_StmtMissingOperand
dec23-metadata-master-trans-200 (common): 76
dec23-metadata-unsound-trans-200 (common): 76

ANALYTIC: Analytics_PrivateFunctionMatchesMetadata
dec23-metadata-master-trans-200 (common): 95228
dec23-metadata-unsound-trans-200 (common): 95228

ANALYTIC: Analytics_PrivateFunctionMatchesMetadataIncorrectArgs
dec23-metadata-master-trans-200 (common): 232
dec23-metadata-unsound-trans-200 (common): 232

ANALYTIC: Analytics_PrivateFunctionMatchesMetadataIncorrectReturnArgs
dec23-metadata-master-trans-200 (common): 547
dec23-metadata-unsound-trans-200 (common): 547

ANALYTIC: Analytics_Contexts
dec23-metadata-master-trans-200 (common): 4668384 (+11.65%)
dec23-metadata-unsound-trans-200 (common): 4181344

sifislag added 28 commits December 6, 2023 18:03
@sifislag
Initial version of analysis with unsound pre-global analysis
3fdbf24
@sifislag
should be working n
d761c65
@sifislag
Added missing rule
e912e6d
@sifislag
Tweak StatementPushesUsedLabel, favoring completeness
49c45d8
@sifislag
Refactor global and local analysis components. Makes uses of the loca…
5547423 
…l component more clear.
@sifislag
Refactor, filter out invalid PublicFunction inferences
ee694a2
@sifislag
Filter out incorrect public functions
67a69d2
@sifislag
Improve completeness of FunctionSelectorVariable
402ec17
@sifislag
oops
ee73d43
@sifislag
use ValidPublicFunction. remove warning
8a81a64
@sifislag
differentiate receive and fallback selector
688e363
@sifislag
Refactor receive logic to support viaIr pattern
2fee342
@sifislag
Remove wrong public function inferences before transformations
94f15fc
@sifislag
remove 2nd check for wrongly infered public functions
7ce1b22
@sifislag
remove more
129c913
@sifislag
cleanup
44178dd
@sifislag
Allow for selectors smaller than 3 bytes
66bd7d0
@sifislag
remove heavy relations from debug.dl
7e50c3a
@sifislag
Create public function context on PublicFunctionJump instead of Publi…
8e77265 
…cFunction
@sifislag
Skip library_deploy_address in immutable refs.
9af8fb8
@sifislag
Refactor, allow MergeRequests and responses for fallthrough edges as …
b7ae3a4 
…well.
@sifislag
refactor remain ctx sens flavors
257ef87
@sifislag
Add missing plan
39dad48
@sifislag
Add more PublicFunction and PublicFunctionJump facts in preTrans, for…
decb1d9 
… completeness and consistency
@sifislag
Fix postTrans.PublicFunction
62c1c8a
@sifislag
fix fallback as well
352d78e
@sifislag
Create PreTransLocalAnalysisAlt to use when we don't filter public fu…
8d64679 
…nctions
@sifislag
Fix broken test
fd45249
@github-actions GitHub Actions
Copy link

Test Results (Souffle 2.3)

46 tests  ±0   46 ✔️ ±0   23m 31s ⏱️ + 5m 32s
  1 suites ±0     0 💤 ±0 
  1 files   ±0     0 ±0 

Results for commit fd45249. ± Comparison against base commit 02c8f5b.

@github-actions GitHub Actions
Copy link

Test Results (Souffle 2.4)

46 tests  ±0   46 ✔️ ±0   24m 7s ⏱️ + 6m 7s
  1 suites ±0     0 💤 ±0 
  1 files   ±0     0 ±0 

Results for commit fd45249. ± Comparison against base commit 02c8f5b.

@sifislag sifislag merged commit 5338247 into master Dec 18, 2023
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Improve public function inference when the function selector is smaller than 3 bytes
1 participant
@sifislag