DeforaNetworks/manticore
3
0
Fork 0
Code Releases Activity
manticore/examples/evm/coverage.sol
feliam 8591bff45f EVM support (#521) 
* WIP New Policy class

* WIP pubsub

* Update Signal tests

* EVM support - Wip

* EVM support - dependencies fixed

* EVM support - fix decree merge

* fix decode instrucion event

* Fix small bugs in evm opcodes (too many arguments + wrong LOG name) (#380)

Fix wrong call parameters + typo

* Fix Create/Call

* Fix depth

* Default fixed point in arithmetic simplifier

* small fixes from github comments

* Fix event decode_instruction signature

* wip wip

* Auto tests for evm

* New EVM tests

* Ran 9556  FAILED (failures=166, errors=8, skipped=62)

* Fix some arithmetic instructions

* Ran 9556  FAILED (failures=136, errors=8, skipped=62)

* More instructions - Optimizing symbolic memory

* Added gas to opcodes description - FIX DELEGATECALL POPS

* Add wip wallet example

* The tests

* Solidity constructors need argument after bytecode

* Simple integer overflow working

* Good merge

* Good good merge

* WIP manticore refactor

* Fix default old-style initial state

* context now working

* Fix context serialization

* Fix test models.  Can not set a state constraints

* typo

* A few typos (constraints setter) and use of public properties in internal methods

* Fix init wallet example

* State __init__ needs to initialize platform constraints

* Internal methods use internal properties

* Better attack modeling

* Better example layout

* Storage backup on CALL is now faster .. and correct

* Add LOG support

* Minimal SE test

* Added examples

* Send ether bugfix

* EVM: Fix wrong balance destination on CALL + decrease caller balance on CREATE

* New balance management

* Trying to maintain known hashes

* Known hash concretization policy

* CALLDATA max size bugfix

* Minimal SE example

* Remove evm tests

* add -> enqueue

* @m.init

* Fix workspace url

* Some test skipped

* Ad Fixme to platform specific stuff in State

* add -> enqueue

* Enqueue created state

* Fix m.init

Use a messy hack to adhere to the spec (callback func receive 1 state argument)

* Add _coverage_file ivar to Manticore

* Fix symbolic files

* remove extra enqueue

* Fixing __main__

* comments

* Fix visitors oddity

* setup merged

* remove duplicates and add pysha3

* Remove EVMTests import

* Refactor platform specific code out of ManticoreOutput (#505)

* Initial moving work

* Clean

* Make linux.generate_workspace_files work

* Fix

* clean

* Add test

* Test workspace for platform files

* Skip EVM cpu pretty print

* Remove bad import

* Fix coverage.py for testing

* Clean comment

* Comment hack

* Print evm cpu

* pretty print evm world instead of platform

* delet old scripts/examples

* delet old tests

* Remove z3 install script

* Array.max_size can be None, include check for that

* Rm unused _symbolic_files

add_symbolic_files was moved to linux, so this is not needed

* Rm unused args

* Import evm

* Rm dup function

* Rm stray prints

* Add docs for new classmethod apis

* minimal

* minimal example

* fix minimal

* Fair symbolic SHA3 handling

* Simple mapping example

* coverage example

* fix tests

* fix minimal

* Some eko fixes

* New SETH

* integer_overflow refactored

* Fixing the examples

* init_bytecode -> init
'

* Concrete reentrancy exampole

* concrete reentrancy selfdestruct

* Update minimal.py

* It's a new Minimal

* Integer overflow example

* New minimal

* minimal fix

* Examples last minute fixes

* Remove debug print

* add plugin.py

* Fixing event subscription

* remove temp params

* Remove param

* Update uncovered will_exec callback prototype

* Clean up debug output

* Automatically generated intruction tests

* Uninplemented instruction test removed

* Unused concretization policy removed

* Fixes enabling default bplugins

* solc from PATH

* Removed unused import

* Logger name updated
2017-10-17 19:47:20 -03:00

121 lines
3.2 KiB
Solidity
Raw Blame History

/* There is two main functions `explore` and `explore2`
`explore` is the first level of exploration, you have to call it multiple times to explore the path
`explore2` is a bit more complex, the owner has to call first the `enable_exploration` function
*/
pragma solidity ^0.4.15;
contract Coverage{
address private owner;
// only used for more complex exploration
bool private exploration = false;
mapping(address => uint) private balances;
event Give(address, address, uint);
event Take(address, address, uint);
modifier onlyowner {
require(msg.sender==owner);
_;
}
modifier onlyExplorationOn{
require(exploration);
_;
}
function Coverage()
public
{
owner = msg.sender;
}
function enable_exploration()
public
onlyowner
{
exploration = true;
}
function balanceOf(address user)
returns (uint)
{
return balances[user];
}
function add(address user, uint val)
private
{
// comment the require to trigger overflow
require(balances[user] + val >= val);
balances[user] += val;
}
function remove(address user, uint val)
private
{
// comment the require to trigger underflow
require(balances[user] >= val);
balances[user] -= val;
}
// Entry point for simple exploration
// Anyone can give or take to anyone
// But if you cant take to someone poorer than you
function explore(uint value, address user, bool give)
public
{
// do not play if you are empty
if(balances[msg.sender] == 0){
balances[msg.sender] = 42;
return;
}
if(give){
remove(msg.sender, value);
add(user, value);
Give(msg.sender, user, value);
}
else{
if( balances[user] > balances[msg.sender]){
uint diff;
// only keep the minimum that can be taken
diff = balances[user] - balances[msg.sender];
value = diff >value ? value : diff;
add(msg.sender, value);
remove(user, value);
Take(msg.sender, user, value);
}
else{
// If you try to take to someone poorer than you
// you will give it the value
remove(msg.sender, value);
add(user, value);
Give(msg.sender, user, value);
}
}
}
// Same as explore, but you can really take to anyone
function explore2(uint value, address user, bool give)
onlyExplorationOn
public
{
if(give){
remove(msg.sender, value);
add(user, value);
Give(msg.sender, user, value);
}
else{
uint diff;
// only keep the minimum that can be taken
diff = balances[user] - balances[msg.sender];
value = diff >value ? value : diff;
add(msg.sender, value);
remove(user, value);
Take(msg.sender, user, value);
}
}
}
View Git Blame Copy Permalink