Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

make_symbolic_address constraints #1317

Open
disconnect3d opened this issue Jan 1, 2019 · 3 comments
Open

make_symbolic_address constraints #1317

disconnect3d opened this issue Jan 1, 2019 · 3 comments
Assignees
@feliam
Labels
idea priority-low
Milestone
Performance Optim...

Comments

@disconnect3d
Copy link
Member

disconnect3d commented Jan 1, 2019
edited
Loading

There is some code in make_symbolic_address which is not reachable:

https://github.com/trailofbits/manticore/blob/master/manticore/ethereum/manticore.py#L136-L152

It seems that the return self.constraints.new_bitvec(160, name=name, avoid_collisions=avoid_collisions) should be in the if condition? return should be a symbolic_address variable instead.

EDIT:
The initial issue has been fixed, but there is some discussion and concerns regarding the constraints we apply in make_symbolic_address. TLDR: We should delay those contraints until a moment they are used.
@disconnect3d disconnect3d changed the title Unreachable code in make_symbolic_address Unreachable code in evm's make_symbolic_address Jan 1, 2019
@disconnect3d disconnect3d mentioned this issue Jan 1, 2019
Merged
@disconnect3d
Copy link
Member Author

disconnect3d commented Jan 2, 2019
edited
Loading

Please see PR #1318.

For now it brings back the constrains for symbolic addresses.

I have one concern for that: we apply a constrain such as OR(0, <account addresses...>) when we create the symbolic address. This means that when we do:

m = ManticoreEVM()

sa1 = m.make_symbolic_address()

owner = m.create_account(balance=1)

sa2 = m.make_symbolic_address()

contract = m.solidity_create_contract(...)

sa3 = m.make_symbolic_address()

The symbolic addresses have such constrains:

  • sa1 = 0
  • sa2 = OR(0, owner)
  • sa3 = OR(0, owner, contract)

This behavior is tested in #1318.

Is this solution good enough for our needs? Maybe the constrain should be applied only if the user explicitly wants it? Or maybe there should be a flag to not apply the constrains? (I bet users might not be that aware to use a flag to explicitly set the constrains).

On the other hand it would probably be good to delay the constrains as much as possible (e.g. when the symbolic address is used). However this may take some effort to implement properly.

@feliam
Copy link
Contributor

feliam commented Jan 3, 2019

The name "make_symbolic_address" may be misleading.
We should check some usecases. For example how this compares with just making a free symbolic 160bitvec?

This constraining thing is a way to hint the values to be used in the concretization.
I'm thinking we could use a free symbolic 160 bitvec as an address and taint it with some specific taints: ADDRESS, USERADDRESS, CONTRACTADDRESS.
Then let the concretization procedure check for it and make it so it ranges over the interesting values. (aka delay the constraint as much as possible)

@disconnect3d
Copy link
Member Author

@feliam I'm putting it as idea and priority-low as I am not sure if we want to focus on this atm.

@disconnect3d disconnect3d changed the title Unreachable code in evm's make_symbolic_address make_symbolic_address constraints Jan 9, 2019
@ehennenfent ehennenfent added this to the Performance Optimizations milestone Jan 22, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@feliam feliam

Labels
idea priority-low
Projects
None yet
Milestone
Performance Optimizations
Development

No branches or pull requests
3 participants
@feliam @ehennenfent @disconnect3d