ethereum-analyzer

• Usage
  • Solidity Control Flow Graph (CFG) Generation
  • Solidity Linter (WIP)
  • EVM CFG Generation

Usage

Solidity Control Flow Graph (CFG) Generation

stack build --profile &&\
  solc --combined-json ast examples/etherscan.io/CryptoKittiesCore.sol |\
  stack exec -- ea-analyze &&\
  find work/ -name "*.dot" -exec dot -Tpng -O \{\} \;

generates CFGs like

whose original code looks like

function tokensOfOwner(address _owner) external view returns(uint256[] ownerTokens) {
  uint256 tokenCount = balanceOf(_owner);
  if (tokenCount == 0) {
    return new uint256[](0);
  } else {
    uint256[] memory result = new uint256[](tokenCount);
    uint256 totalCats = totalSupply();
    uint256 resultIndex = 0;
    uint256 catId;
    for (catId = 1; catId <= totalCats; catId++) {
      if (kittyIndexToOwner[catId] == _owner) {
        result[resultIndex] = catId;
        resultIndex++;
      }
    }
    return result;
  }
}

Solidity Linter (WIP)

stack build
solc --combined-json ast\
  examples/analysis-benchmark/selfdestruct-over-suicide.sol |\
  stack exec ea-analyze

EVM CFG Generation

stack build
cat examples/etherscan.io/CryptoKittiesSalesAuction.evm | stack exec -- ea-bytecode-vis --outDot=work/tmp.dot &&\
  dot -Tpng work/tmp.dot -O

generates a pretty large CFG for the whole EVM bytecode sequence, part of which looks like