From f4b5f67ee07dabc25b5baab0a94f3420606fd0ea Mon Sep 17 00:00:00 2001 From: Martin Holst Swende Date: Sat, 3 Jun 2017 19:01:22 +0200 Subject: [PATCH 1/6] core/vm: improved jumpdest analysis --- core/vm/analysis.go | 44 ++++++++++++++++++++++++++++++++-------- core/vm/analysis_test.go | 37 +++++++++++++++++++++++++++++++++ 2 files changed, 72 insertions(+), 9 deletions(-) create mode 100644 core/vm/analysis_test.go diff --git a/core/vm/analysis.go b/core/vm/analysis.go index d5f048d1d..b27dee8dc 100644 --- a/core/vm/analysis.go +++ b/core/vm/analysis.go @@ -41,21 +41,47 @@ func (d destinations) has(codehash common.Hash, code []byte, dest *big.Int) bool m = jumpdests(code) d[codehash] = m } - return (m[udest/8] & (1 << (udest % 8))) != 0 + return OpCode(code[udest]) == JUMPDEST && (m[udest/8]&(0x80>>(udest%8))) == 0 + // return (m[udest/8] & (1 << (udest % 8))) != 0 +} + +type bitvec struct { + m []byte +} + +func (bits *bitvec) addone(pos uint64) { + bits.m[pos/8] |= 0x80 >> (pos % 8) +} +func (bits *bitvec) addOneByte(pos uint64) { + bits.m[pos/8] |= 0xFF >> (pos % 8) + bits.m[pos/8+1] |= ^(0xFF >> (pos % 8)) } // jumpdests creates a map that contains an entry for each // PC location that is a JUMPDEST instruction. func jumpdests(code []byte) []byte { - m := make([]byte, len(code)/8+1) - for pc := uint64(0); pc < uint64(len(code)); pc++ { + //The map is 4 bytes longer than necessary, in case the code + // ends with a PUSH32, the algorithm will push zeroes onto the + // bitvector outside the bounds of the actual code. + m := make([]byte, len(code)/8+1+4) + bits := &bitvec{m} + for pc := uint64(0); pc < uint64(len(code)); { op := OpCode(code[pc]) - if op == JUMPDEST { - m[pc/8] |= 1 << (pc % 8) - } else if op >= PUSH1 && op <= PUSH32 { - a := uint64(op) - uint64(PUSH1) + 1 - pc += a + + if op >= PUSH1 && op <= PUSH32 { + numbits := op - PUSH1 + 1 + pc++ + for ; numbits >= 8; numbits -= 8 { + bits.addOneByte(pc) // 8 + pc += 8 + } + for ; numbits > 0; numbits-- { + bits.addone(pc) + pc++ + } + } else { + pc++ } } - return m + return bits.m } diff --git a/core/vm/analysis_test.go b/core/vm/analysis_test.go new file mode 100644 index 000000000..17c578e95 --- /dev/null +++ b/core/vm/analysis_test.go @@ -0,0 +1,37 @@ +package vm + +import "testing" + +func TestJumpDestAnalysis(t *testing.T) { + tests := []struct { + code []byte + exp byte + which int + }{ + {[]byte{byte(PUSH1), 0x01, 0x01, 0x01}, 0x40, 0}, + {[]byte{byte(PUSH1), byte(PUSH1), byte(PUSH1), byte(PUSH1)}, 0x50, 0}, + {[]byte{byte(PUSH8), byte(PUSH8), byte(PUSH8), byte(PUSH8), byte(PUSH8), byte(PUSH8), byte(PUSH8), byte(PUSH8), 0x01, 0x01, 0x01}, 0x7F, 0}, + {[]byte{byte(PUSH8), 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01}, 0x80, 1}, + {[]byte{0x01, 0x01, 0x01, 0x01, 0x01, byte(PUSH2), byte(PUSH2), byte(PUSH2), 0x01, 0x01, 0x01}, 0x03, 0}, + {[]byte{0x01, 0x01, 0x01, 0x01, 0x01, byte(PUSH2), 0x01, 0x01, 0x01, 0x01, 0x01}, 0x00, 1}, + {[]byte{byte(PUSH3), 0x01, 0x01, 0x01, byte(PUSH1), 0x01, 0x01, 0x01, 0x01, 0x01, 0x01}, 0x74, 0}, + {[]byte{byte(PUSH3), 0x01, 0x01, 0x01, byte(PUSH1), 0x01, 0x01, 0x01, 0x01, 0x01, 0x01}, 0x00, 1}, + {[]byte{0x01, byte(PUSH8), 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01}, 0x3F, 0}, + {[]byte{0x01, byte(PUSH8), 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01}, 0xC0, 1}, + {[]byte{byte(PUSH16), 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01}, 0x7F, 0}, + {[]byte{byte(PUSH16), 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01}, 0xFF, 1}, + {[]byte{byte(PUSH16), 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01}, 0x80, 2}, + {[]byte{byte(PUSH8), 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, byte(PUSH1), 0x01}, 0x7f, 0}, + {[]byte{byte(PUSH8), 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, byte(PUSH1), 0x01}, 0xA0, 1}, + {[]byte{byte(PUSH32)}, 0x7F, 0}, + {[]byte{byte(PUSH32)}, 0xFF, 1}, + {[]byte{byte(PUSH32)}, 0xFF, 2}, + } + for _, test := range tests { + ret := jumpdests(test.code) + if ret[test.which] != test.exp { + t.Fatalf("expected %x, got %02x", test.exp, ret[test.which]) + } + } + +} From 967e097faa51850a01053624cc74f300edf9770b Mon Sep 17 00:00:00 2001 From: Martin Holst Swende Date: Mon, 14 Aug 2017 10:57:54 +0200 Subject: [PATCH 2/6] core/vm: Address review concerns --- core/vm/analysis.go | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/core/vm/analysis.go b/core/vm/analysis.go index b27dee8dc..3ff862695 100644 --- a/core/vm/analysis.go +++ b/core/vm/analysis.go @@ -25,7 +25,7 @@ import ( // destinations stores one map per contract (keyed by hash of code). // The maps contain an entry for each location of a JUMPDEST // instruction. -type destinations map[common.Hash][]byte +type destinations map[common.Hash]bitvec // has checks whether code has a JUMPDEST at dest. func (d destinations) has(codehash common.Hash, code []byte, dest *big.Int) bool { @@ -41,20 +41,25 @@ func (d destinations) has(codehash common.Hash, code []byte, dest *big.Int) bool m = jumpdests(code) d[codehash] = m } - return OpCode(code[udest]) == JUMPDEST && (m[udest/8]&(0x80>>(udest%8))) == 0 + return OpCode(code[udest]) == JUMPDEST && m.codeSegment(udest) // return (m[udest/8] & (1 << (udest % 8))) != 0 } -type bitvec struct { - m []byte +// bitvec is a bit vector which maps bytes in a program +// An unset bit means the byte is a code-segemnt, a set bit means it's data-segment +type bitvec []byte + +func (bits *bitvec) set(pos uint64) { + (*bits)[pos/8] |= 0x80 >> (pos % 8) +} +func (bits *bitvec) set8(pos uint64) { + (*bits)[pos/8] |= 0xFF >> (pos % 8) + (*bits)[pos/8+1] |= ^(0xFF >> (pos % 8)) } -func (bits *bitvec) addone(pos uint64) { - bits.m[pos/8] |= 0x80 >> (pos % 8) -} -func (bits *bitvec) addOneByte(pos uint64) { - bits.m[pos/8] |= 0xFF >> (pos % 8) - bits.m[pos/8+1] |= ^(0xFF >> (pos % 8)) +// codeSegment checks if the position is in a code segment +func (bits *bitvec) codeSegment(pos uint64) bool { + return ((*bits)[pos/8] & (0x80 >> (pos % 8))) == 0 } // jumpdests creates a map that contains an entry for each @@ -64,7 +69,7 @@ func jumpdests(code []byte) []byte { // ends with a PUSH32, the algorithm will push zeroes onto the // bitvector outside the bounds of the actual code. m := make([]byte, len(code)/8+1+4) - bits := &bitvec{m} + bits := bitvec(m) for pc := uint64(0); pc < uint64(len(code)); { op := OpCode(code[pc]) @@ -72,16 +77,16 @@ func jumpdests(code []byte) []byte { numbits := op - PUSH1 + 1 pc++ for ; numbits >= 8; numbits -= 8 { - bits.addOneByte(pc) // 8 + bits.set8(pc) // 8 pc += 8 } for ; numbits > 0; numbits-- { - bits.addone(pc) + bits.set(pc) pc++ } } else { pc++ } } - return bits.m + return bits } From 54b1de67e2cbe700a4086d33b10501578dbeaaaf Mon Sep 17 00:00:00 2001 From: Felix Lange Date: Thu, 24 Aug 2017 13:09:53 +0200 Subject: [PATCH 3/6] core/vm: make jumpdest code nicer --- core/vm/analysis.go | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/core/vm/analysis.go b/core/vm/analysis.go index 3ff862695..08415fc1e 100644 --- a/core/vm/analysis.go +++ b/core/vm/analysis.go @@ -42,7 +42,6 @@ func (d destinations) has(codehash common.Hash, code []byte, dest *big.Int) bool d[codehash] = m } return OpCode(code[udest]) == JUMPDEST && m.codeSegment(udest) - // return (m[udest/8] & (1 << (udest % 8))) != 0 } // bitvec is a bit vector which maps bytes in a program @@ -68,8 +67,7 @@ func jumpdests(code []byte) []byte { //The map is 4 bytes longer than necessary, in case the code // ends with a PUSH32, the algorithm will push zeroes onto the // bitvector outside the bounds of the actual code. - m := make([]byte, len(code)/8+1+4) - bits := bitvec(m) + bits := make(bitvec, len(code)/8+1+4) for pc := uint64(0); pc < uint64(len(code)); { op := OpCode(code[pc]) From d6681ed36037c48bc95c7940e9914b9369e35170 Mon Sep 17 00:00:00 2001 From: Martin Holst Swende Date: Fri, 8 Sep 2017 12:47:44 +0200 Subject: [PATCH 4/6] core/vm: Rename + updated doc on jumpdest analysis --- core/vm/analysis.go | 8 ++++---- core/vm/analysis_test.go | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/core/vm/analysis.go b/core/vm/analysis.go index 08415fc1e..e6a2df7b0 100644 --- a/core/vm/analysis.go +++ b/core/vm/analysis.go @@ -38,7 +38,7 @@ func (d destinations) has(codehash common.Hash, code []byte, dest *big.Int) bool m, analysed := d[codehash] if !analysed { - m = jumpdests(code) + m = codeBitmap(code) d[codehash] = m } return OpCode(code[udest]) == JUMPDEST && m.codeSegment(udest) @@ -61,9 +61,9 @@ func (bits *bitvec) codeSegment(pos uint64) bool { return ((*bits)[pos/8] & (0x80 >> (pos % 8))) == 0 } -// jumpdests creates a map that contains an entry for each -// PC location that is a JUMPDEST instruction. -func jumpdests(code []byte) []byte { +// jumpdests creates a bitmap of the code, where 1 represents a DATA-segment, +// and 0 represents code-segment +func codeBitmap(code []byte) []byte { //The map is 4 bytes longer than necessary, in case the code // ends with a PUSH32, the algorithm will push zeroes onto the // bitvector outside the bounds of the actual code. diff --git a/core/vm/analysis_test.go b/core/vm/analysis_test.go index 17c578e95..3d4e709db 100644 --- a/core/vm/analysis_test.go +++ b/core/vm/analysis_test.go @@ -28,7 +28,7 @@ func TestJumpDestAnalysis(t *testing.T) { {[]byte{byte(PUSH32)}, 0xFF, 2}, } for _, test := range tests { - ret := jumpdests(test.code) + ret := codeBitmap(test.code) if ret[test.which] != test.exp { t.Fatalf("expected %x, got %02x", test.exp, ret[test.which]) } From 42a5b54bf50a340bce624da91bffbf2827dad622 Mon Sep 17 00:00:00 2001 From: Felix Lange Date: Sun, 10 Sep 2017 21:04:36 +0200 Subject: [PATCH 5/6] core/vm: improve bitvec comments --- core/vm/analysis.go | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/core/vm/analysis.go b/core/vm/analysis.go index e6a2df7b0..f9c4298d3 100644 --- a/core/vm/analysis.go +++ b/core/vm/analysis.go @@ -44,8 +44,9 @@ func (d destinations) has(codehash common.Hash, code []byte, dest *big.Int) bool return OpCode(code[udest]) == JUMPDEST && m.codeSegment(udest) } -// bitvec is a bit vector which maps bytes in a program -// An unset bit means the byte is a code-segemnt, a set bit means it's data-segment +// bitvec is a bit vector which maps bytes in a program. +// An unset bit means the byte is an opcode, a set bit means +// it's data (i.e. argument of PUSHxx). type bitvec []byte func (bits *bitvec) set(pos uint64) { @@ -56,15 +57,14 @@ func (bits *bitvec) set8(pos uint64) { (*bits)[pos/8+1] |= ^(0xFF >> (pos % 8)) } -// codeSegment checks if the position is in a code segment +// codeSegment checks if the position is in a code segment. func (bits *bitvec) codeSegment(pos uint64) bool { return ((*bits)[pos/8] & (0x80 >> (pos % 8))) == 0 } -// jumpdests creates a bitmap of the code, where 1 represents a DATA-segment, -// and 0 represents code-segment -func codeBitmap(code []byte) []byte { - //The map is 4 bytes longer than necessary, in case the code +// codeBitmap collects data locations in code. +func codeBitmap(code []byte) bitvec { + // The bitmap is 4 bytes longer than necessary, in case the code // ends with a PUSH32, the algorithm will push zeroes onto the // bitvector outside the bounds of the actual code. bits := make(bitvec, len(code)/8+1+4) From 96ddf27a48491ce7d6e189e228d681cc38632954 Mon Sep 17 00:00:00 2001 From: Martin Holst Swende Date: Mon, 13 Nov 2017 22:04:53 +0100 Subject: [PATCH 6/6] core/vm: copyright header on test-file --- core/vm/analysis_test.go | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/core/vm/analysis_test.go b/core/vm/analysis_test.go index 3d4e709db..a64f90ed9 100644 --- a/core/vm/analysis_test.go +++ b/core/vm/analysis_test.go @@ -1,3 +1,19 @@ +// Copyright 2017 The go-ethereum Authors +// This file is part of the go-ethereum library. +// +// The go-ethereum library is free software: you can redistribute it and/or modify +// it under the terms of the GNU Lesser General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// The go-ethereum library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public License +// along with the go-ethereum library. If not, see . + package vm import "testing"