80 lines
3.2 KiB
Plaintext
80 lines
3.2 KiB
Plaintext
// BSD 3-Clause License
|
|
//
|
|
// Copyright (c) 2020, The Ohio State Univerisity. All rights reserved.
|
|
//
|
|
// Redistribution and use in source and binary forms, with or without
|
|
// modification, are permitted provided that the following conditions are met:
|
|
//
|
|
// * Redistributions of source code must retain the above copyright notice, this
|
|
// list of conditions and the following disclaimer.
|
|
//
|
|
// * Redistributions in binary form must reproduce the above copyright notice,
|
|
// this list of conditions and the following disclaimer in the documentation
|
|
// and/or other materials provided with the distribution.
|
|
//
|
|
// * Neither the name of the copyright holder nor the names of its
|
|
// contributors may be used to endorse or promote products derived from
|
|
// this software without specific prior written permission.
|
|
//
|
|
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
|
// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
|
|
// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
|
// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
|
// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
|
// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
// Note: Unchecked return call value
|
|
|
|
#include "types.dl"
|
|
#include "opcode.dl"
|
|
|
|
|
|
// Filter and obtain the pairs (x, y) with the dependency relationship
|
|
.decl depends(x:Variable, y:Variable)
|
|
depends(x, x) :-
|
|
use(x, _, _, _, _, _).
|
|
|
|
depends(x, x) :-
|
|
def(x, _, _, _, _).
|
|
|
|
depends(x, y) :-
|
|
def(x, stmt, _, x_cd, x_cn),
|
|
use(y, stmt, _, _, x_cd, x_cn).
|
|
|
|
depends(x, z) :-
|
|
depends(x, y),
|
|
depends(y, z).
|
|
|
|
|
|
// Step1: Obtain all the call and their return values
|
|
.decl Step1(gas_var:Variable, target_var:Variable, value_var:Variable, call_success:Variable, call_loc:number, call_cn:number)
|
|
.output Step1
|
|
Step1(gas_var, target_var, value_var, call_success, call_loc, call_cn) :-
|
|
op_CALL(_, gas_var, target_var, value_var, _, _, _, _, call_success, call_loc, 1, call_cn).
|
|
|
|
|
|
// Step2: Find all the calls with jumpi, which means the call is checked in some if-else conditions
|
|
.decl Step2(call_loc:number, call_cn:number)
|
|
.output Step2
|
|
Step2(call_loc, call_cn) :-
|
|
Step1(_, _, _, call_success, call_loc, call_cn),
|
|
op_JUMPI(_, _, jumpi_cond_var, jumpi_loc, 1, call_cn),
|
|
jumpi_loc > call_loc,
|
|
depends(jumpi_cond_var, call_success).
|
|
|
|
|
|
// Step3: Get all the calls and remove ones that are checked so that we can get all the unchecked calls
|
|
.decl Step3(call_loc:number, call_cn:number, cs_val:Value, gas_val:Value, target_val:Value, value_val:Value)
|
|
.output Step3
|
|
Step3(call_loc, call_cn, cs_val, gas_val, target_val, value_val) :-
|
|
Step1(gas_var, target_var, value_var, cs_success, call_loc, call_cn),
|
|
!Step2(call_loc, _),
|
|
value(cs_success, cs_val),
|
|
value(gas_var, gas_val),
|
|
value(target_var, target_val),
|
|
value(value_var, value_val).
|