Skip to content

Commit 76480fe

Browse files
shaunazzopardishaunazzopardi
authored
Update README.md
1 parent ea22704 commit 76480fe

File tree

1 file changed

+17
-23
lines changed

1 file changed

+17
-23
lines changed

README.md

Lines changed: 17 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -1,38 +1,32 @@
11
# solidity-static-analysis
22
WIP Static analysis for Solidity, based on https://github.com/shaunazzopardi/solidity-cfg-builder and https://github.com/gordonpace/contractlarva.
33

4-
Tools
5-
---
64

7-
Over-approximation based Static Analysis (α)
8-
-----------
5+
## Static Analysis with Residual/Quotient Analysis
96

10-
Using a control-flow graph representation of a Solidity smart contract we attempt to prove properties (as symbolic automata, namely [Dynamic Event Automata or DEAs](https://github.com/gordonpace/contractlarva)) of smart contracts statically. This is constructed by considering every possible configuration of function calls. See ./StaticAnalysis/SCSemantics.hs
7+
Using a control-flow graph representation of a Solidity smart contract we attempt to prove properties (as symbolic automata, namely [Dynamic Event Automata or DEAs](https://github.com/gordonpace/contractlarva)) of smart contracts statically: by over-approximating the control-flow of a Solidity smart contract (see [solidity-cfg-builder](https://github.com/shaunazzopardi/solidity-cfg-builder), and ./EA/EA.hs) we synchronously compose with the DEAs. If the synchronous composotion is empty then the smart contract cannot violate the DEA.
118

12-
Residual/Quotient Analysis (α)
13-
-----------
9+
The previous static analysis may fail, therefore we reduce from a DEA the parts that have been proven safe leaving a residual that we still have to prove against the smart contract. The smart contract can then be monitored with this residual DEA, e.g. by [instrumenting the smart contract with the DEA logic](https://github.com/gordonpace/contractlarva), or as a [separate smart contract](https://github.com/shaunazzopardi/ethereuem-runtime-verification/).
1410

15-
The previous static analysis may fail, therefore we are developing methods to reduce from a property parts that can be proved safe using residual analysis, leaving a residual that we still have to prove against the smart contract. See ./StaticAnalysis/Residuals.hs
11+
Limitations:
12+
-----------------
13+
1. Currently only limited to DEA with only bad states.
1614

17-
Features:
15+
## Building the tool
1816

19-
1. This contains utilities to perform a reachability reduction of a DEA (limited to DEAs with only bad states).
20-
2. Synchronous compositions of a DEA with a control-flow graph
21-
3. Residuals of a DEA against a control-flow graph
22-
4. (WIP) Residual of a DEA against a DEA (i.e. can be used to reduce the first DEA with what the second DEA ensures, so that we can just monitor the residual and the second DEA).
17+
Requirements: [GHC](https://www.haskell.org/ghc/) (e.g. install the full [Haskell Platform](https://www.haskell.org/platform/))
2318

24-
Monitoring Smart Contracts (α)
25-
-----------
26-
(Not static analysis, will be moved out of here at some point)
19+
Compilation: Run the following command in the src folder:
2720

28-
https://github.com/gordonpace/contractlarva monitors smart contracts for properties as symbolic automata by instrumenting smart contract with business logic of the properties. Here we are working on a tool to move this logic to its own smart contract, with the monitored smart contract calling this monitor upon a given event. See ./DEAToSC.hs and ./DEA/ParsingToSmartContract.hs
21+
> ghc -o solidity-static-analysis Main.hs
2922
30-
Current limitations:
23+
## Tool usage:
3124

32-
1. Instrumentation in original smart contract must be done manually (i.e. <i>call</i>s or <i>delegatecall</i>s to the respective event trigger method in the monitor smart contract).
33-
2. Event trigger methods in the monitor smart contract have untyped parameters that need to be manually typed.
25+
For correct results always make sure that the Solidity code compiles with a Solidity compiler.
3426

35-
Partial Evaluator (experimental)
36-
-----------
27+
To use the tool pass the location of a solidity file and the preferred location of the output to the executable, e.g. execute:
3728

38-
I am also currently attempting to develop a partial evaluation approach to Solidity smart contracts, which could be used to strengthen the current static analysis that ignores variable state.
29+
> "./solidity-static-analysis" &lt;solidity-code.sol&gt; &lt;property.dea&gt; &lt;residual.dea&gt;
30+
31+
## License
32+
This project is licensed under the terms of the [Apache 2.0 license](LICENSE).

0 commit comments

Comments
 (0)