Skip to main content

Browse the archive

https://github.com/trailofbits/manticore
05 April 2024, 22:53:39 UTC
sort by:
Revision Author Date Message Commit Date
19ade05 Mark Mossberg 11 December 2018, 22:39:43 UTC fmt 11 December 2018, 22:39:43 UTC
f34e669 Mark Mossberg 11 December 2018, 22:16:58 UTC Add contributors 11 December 2018, 22:16:58 UTC
b2ca28b Mark Mossberg 11 December 2018, 22:11:44 UTC Update desc 11 December 2018, 22:11:44 UTC
f70bc86 Mark Mossberg 11 December 2018, 22:04:02 UTC update 11 December 2018, 22:04:02 UTC
53e9bc8 Mark Mossberg 11 December 2018, 22:03:37 UTC add changelog 11 December 2018, 22:03:37 UTC
0a68e6c Mark Mossberg 11 December 2018, 21:31:07 UTC Add instructions for native install 11 December 2018, 21:31:07 UTC
cad7d55 Mark Mossberg 11 December 2018, 17:06:05 UTC bump vers 11 December 2018, 17:06:05 UTC
b11697b Disconnect3d 10 December 2018, 19:59:45 UTC Fix multiple symbolic args solidity_create_contract (#1294) * Fix multiple symbolic args solidity_create_contract The `test_create_contract_two_instances` test was crashing before this PR, due to calling `make_symbolic_buffer` twice with the same buffer name (`'INITARGS'`) in `make_symbolic_arguments`. Here's an example of such crash (from a bit different test code/when I was developing it, but the idea/error is the same): ``` Error Traceback (most recent call last): File "/usr/lib/python3.6/unittest/case.py", line 59, in testPartExecutor yield File "/usr/lib/python3.6/unittest/case.py", line 605, in run testMethod() File "/home/dc/manticore_project/tests/eth_general.py", line 432, in test_create_two_instances_of_contract_no_args contract2 = self.mevm.solidity_create_contract(source_code, owner=owner, args=None) File "/home/dc/manticore_project/manticore/ethereum/manticore.py", line 587, in solidity_create_contract args = self.make_symbolic_arguments(constructor_types) File "/home/dc/manticore_project/manticore/ethereum/manticore.py", line 542, in make_symbolic_arguments return ABI.deserialize(types, self.make_symbolic_buffer(32, name="INITARGS")) File "/home/dc/manticore_project/manticore/ethereum/manticore.py", line 113, in make_symbolic_buffer return self.constraints.new_array(index_bits=256, name=name, index_max=size, value_bits=8, taint=frozenset(), avoid_collisions=avoid_collisions) File "/home/dc/manticore_project/manticore/core/smtlib/constraints.py", line 348, in new_array raise ValueError(f'Name {name} already used') ValueError: Name INITARGS already used ``` * Add avoid_collision arg to make_symbolic_buffer 10 December 2018, 19:59:45 UTC
f12d97e Disconnect3d 10 December 2018, 19:59:07 UTC Fix command.sh not saved in ethereum (#1289) * Fix command.sh not saved in ethereum For native binaries Manticore saves `command.sh` and `manticore.yml` in a `_did_finish_run_callback`. For ethereum binaries this callback is called two times (not sure why), so we supress it instead: https://github.com/trailofbits/manticore/blob/c29f7cf8672014cf02cfc1271ec1d0a3cb3983af/manticore/ethereum/manticore.py#L1523-L1526 This PR moves this logic to a `ManticoreBase._save_run_data` method, so it can be used in both native and ethereum Manticore engines. As a result: * native engine works as it worked * ethereum engine will now save `command.sh` file * ethereum engine will now print the elapsed time Additionally, a bug with `command.sh` output has been fixed: when one passed argument that had spaces, e.g.: ``` manticore "path to contract/with_spaces.sol" ``` Resulted in a `command.sh`: `manticore path to contract/with_spaces.sol` which is wrong. This has been fixed by processing all arguments with `shlex.quote`, so they are quoted properly. * Update solidity timeout test 10 December 2018, 19:59:07 UTC
b1fa6b2 Disconnect3d 10 December 2018, 17:56:15 UTC More explicit smt errors (#1293) 10 December 2018, 17:56:15 UTC
8f520bd Stephan Tolksdorf 10 December 2018, 10:45:34 UTC Add a command line option for preconstraining symbolic human transactions (#1220) Fixes issue #731. 10 December 2018, 10:45:34 UTC
567fec2 Disconnect3d 10 December 2018, 10:44:38 UTC Add combo1 to txaccount cli description (#1292) 10 December 2018, 10:44:38 UTC
a2243f6 Disconnect3d 09 December 2018, 22:42:40 UTC Move benchmark->prof script and fix it (#1285) * Move benchmark->prof script and fix it * Better scripts/prof.py help 09 December 2018, 22:42:40 UTC
0f0579e Disconnect3d 07 December 2018, 14:13:44 UTC Rename SolverException to SolverError (#1288) 07 December 2018, 14:13:44 UTC
c4a81ac Yan Ivnitskiy 06 December 2018, 20:08:28 UTC Remove unecessary unicorn hack (#1290) 06 December 2018, 20:08:28 UTC
c29f7cf Mark Mossberg 04 December 2018, 23:29:28 UTC silence ply (#1284) 04 December 2018, 23:29:28 UTC
eb1de77 Disconnect3d 04 December 2018, 22:27:50 UTC Detectors fixes (#1283) * Fix name shadowing in detector tests * Fixes #1102 * Fix isinstance with None 04 December 2018, 22:27:50 UTC
8d108d8 Mark Mossberg 04 December 2018, 22:11:03 UTC Add not implemented stub for execute() in state parent (#1282) 04 December 2018, 22:11:03 UTC
6850fe2 disconnect3d 04 December 2018, 20:08:02 UTC Hotfix: solidity timeout test 04 December 2018, 20:08:02 UTC
cae2fa9 disconnect3d 04 December 2018, 18:24:38 UTC Hotfix ethereum's Manticore logging 04 December 2018, 18:24:40 UTC
b1e6795 disconnect3d 04 December 2018, 18:13:06 UTC Hotfix: bring back detectors logging When Manticore is run with detectors, their logging is missing the stateid: ``` --- Logging error --- Traceback (most recent call last): File "/usr/lib/python3.6/logging/__init__.py", line 993, in emit msg = self.format(record) File "/usr/lib/python3.6/logging/__init__.py", line 839, in format return fmt.format(record) File "/usr/lib/python3.6/logging/__init__.py", line 579, in format s = self.formatMessage(record) File "/usr/lib/python3.6/logging/__init__.py", line 548, in formatMessage return self._style.format(record) File "/usr/lib/python3.6/logging/__init__.py", line 391, in format return self._fmt % record.__dict__ KeyError: 'stateid' ``` 04 December 2018, 18:13:07 UTC
c6e1c42 Disconnect3d 04 December 2018, 17:42:48 UTC Rebased: add test for "arguments_linux_armv7" binary (#1216) * add test for "arguments_linux_armv7" binary * Refactor/clean the code * More tests asserts * Fix/remove resource warnings in tests * Binary tests: add --no-color, use proper python path * Fix test_basic_arm assert * Fix arm test * Debug on travis :_: * more debug * Travis debug prints * debug * Fix merge conflict * Fix visited assert? * Fix test binaries * Remove debugs and change regex assertions * Use sys.executable instead of /proc/self/exe to retrieve Python interperter path in tests (see comment). * Fix timeout solidity test and wrong type published It turned out that when we executed Manticore with `--timeout`, it ended up with an exception: ``` 2018-12-04 05:13:27,780: [7836] m.c.manticore:INFO: Verbosity set to 1. 2018-12-04 05:13:31,136: [7892] m.c.executor:ERROR: Exception: 'str' object has no attribute 'testcase' Traceback (most recent call last): File "/home/dc/manticore_project/manticore/core/executor.py", line 471, in run self._publish('will_terminate_state', current_state, current_state_id, 'Shutdown')# TerminateState('Shutdown')) File "/home/dc/manticore_project/manticore/utils/event.py", line 122, in _publish self._publish_impl(_name, *args, **kwargs) File "/home/dc/manticore_project/manticore/utils/event.py", line 130, in _publish_impl callback(robj(), *args, **kwargs) File "/home/dc/manticore_project/manticore/ethereum/manticore.py", line 1100, in _terminate_state_callback e.testcase = False # Do not generate a testcase file AttributeError: 'str' object has no attribute 'testcase' ``` Which occured because we published a string instead of exception instance in `executor.py:471`: ``` self._publish('will_terminate_state', current_state, current_state_id, 'Shutdown') ``` This has been fixed by changing the `'Shutdown'` to `TerminateState('Shutdown')`. * Fix amd/arm visited assertions * Fix binary tests * Fix binary tests 04 December 2018, 17:42:48 UTC
702f414 disconnect3d 04 December 2018, 11:42:01 UTC Fix native.cpu logging 04 December 2018, 11:42:01 UTC
c72c8cc Catena cyber 03 December 2018, 21:55:00 UTC Rewrite tests to be more compact (#1146) * Reorder all memory writes in test_x86 * More compact tests with mem.write * Reorder all memory checks in test_x86 * More compact tests with asserts memory * Reorder memory writes in test_dyn * Compact tests memory writes in test_dyn * Reorder memory writes * Compact memory writes * reorder meomry checks * compact memory checks * reorder memory checks * compact memory checks * reorder memory writes * compact memory writes * reorder memory checks * compact memory checks * Updates make_tests for tests to be more compact 03 December 2018, 21:55:00 UTC
74d620f Yan Ivnitskiy 03 December 2018, 21:38:44 UTC Implement FPSE-like memory model (#1127) Implements am fpse-like memory model. 03 December 2018, 21:38:44 UTC
1699045 Disconnect3d 03 December 2018, 20:20:55 UTC Make Manticore installable for separate targets (#1257) * WIP * WIP * WIP * Optimize imports * WIP * WIP * WIP * Fix setup.py comment * Move abitypes to ethereum * WIP: sth works lol * Set verbosity from args * WIP * Fix evm logging + minor refactor * Move ply dependency to evm setup * NOTE: Removed Manticore.evm * Check deps on setup, other improvements * Proper ethereum/__init__ external imports * Fix logging * Fix imports in tests * Fix scripts imports * Fix imports in example scripts * Fix tests? * Remove debug print * Fix circular import * Fix imports in tests * Fix verbosity test * Fix typo * Fix typo in test * Fix measure cov * Small review fixes * Reviewfix: move STDIN_INPUT~ to consts.stdin_size * Reviewfix: dont alias evm/native main funcs * Fix missing consts.stdin_size * Remove redundant list() call * Fix types in docstrings * Use relative imports * Fix types in docstring * Move invoke_model back to native State * Split only to manticore, manticore[native] * Fix dev and dev-noks setup extras * Review fixes * Move core/cpu -> native/cpu * Update Changelog * Import fixes * Fix test imports * Fix cpu automatic tests imports * Fix imports in tests * Fix imports & deprecated warning * Fix imports * Fix imports * Fix imports * Fix travis measure_cov path * Add comment about native deps * Use ManticoreBase.verbosity as static method * Fix docs build * Fix loger test * Move imports: from manticore import issymbolic, istainted * Docs fixes * Fix issymbolic import in test 03 December 2018, 20:20:55 UTC
f9506c8 Hidde-Jan Jongsma 27 November 2018, 17:45:24 UTC Add missing `f`-string (#1281) 27 November 2018, 17:45:24 UTC
2d3de3e Petar Ivanov 27 November 2018, 12:10:17 UTC Incorrect branching based on instance type (#1280) The else condition can never be fulfilled as it is the same as the one inside the if statement. 27 November 2018, 12:10:17 UTC
b2374c3 feliam 21 November 2018, 13:47:43 UTC BitvecConcat simplification fix (#1275) * BitvecConcat needs size not end * Add regression test for concat simplification 21 November 2018, 13:47:43 UTC
0e082d2 Mark Mossberg 19 November 2018, 17:48:57 UTC Add MJ10 (#1273) 19 November 2018, 17:48:57 UTC
3c6df93 Disconnect3d 17 November 2018, 18:27:42 UTC Remove kwargs from ManticoreEVM (#1271) * Remove kwargs from ManticoreEVM Removing `kwargs` from `ManticoreEVM` as it is not needed here. It is because it is passed to `Manticore` which uses `kwargs` only in the case when the `path_or_state` is a path. The `ManticoreEVM` passes this argument as already created `State` so the `kwargs` are never used for `ManticoreEVM`. This will also prevent users from using old API that has been removed e.g. `ManticoreEVM(verbosity=5)`. * Fix init 17 November 2018, 18:27:42 UTC
48304e7 Alan 16 November 2018, 22:30:59 UTC Fixed setstate reference before assignment (#1270) 16 November 2018, 22:30:59 UTC
9a0c7c9 Chris B 14 November 2018, 10:28:05 UTC Fixes #1067 (#1254) * moved repeated code into functions in separate file * changed repeated code to function calls * fix trailing whitespace in docstring detected by pep8 check * line 1525 of manticore/ethereum/__init__.py was missing leading white space * pep8 expects 2 blank lines between function definitions. Rookie move, rookie. * Update string_formatting.py * changing format strings to f strings * Update string_formatting.py change format strings to f strings * small change because CI failed, need to push again * change F format strings to f format strings, moved external functions into __init__ file where they are used. * Combined contract_addr and evm_program_counter in to one function, write_findings 14 November 2018, 10:28:05 UTC
8ea1944 Disconnect3d 13 November 2018, 16:06:16 UTC Update README.md (#1269) * Update README.md * Update README.md 13 November 2018, 16:06:16 UTC
60abe81 Disconnect3d 13 November 2018, 10:20:39 UTC Fix Docker instructions (#1266) Previously, we suggested to mount `-v $PWD/examples:/home/manticore/examples` which overwritten the `/home/manticore` that stored also a virtualenv containing the installed Manticore. This resulted in Manticore not working. 13 November 2018, 10:20:39 UTC
4d6c00d Disconnect3d 09 November 2018, 01:46:18 UTC Change generate_testcase name to have a default val (#1267) * Change generate_testcase name to have a default val * Update manticore/ethereum/__init__.py * Update manticore/ethereum/__init__.py * Fix tests and better assertions * Fix test * Fix tests: use set instead of list * Fix test 09 November 2018, 01:46:18 UTC
4f1a0de Mark Mossberg 07 November 2018, 21:12:55 UTC Fix solidity relative path issue (#1263) * use os.path.dirname * Use os cwd to get working dir of relative path, rather than parsing the parsing breaks if you have ../ stuff going on in the relative path 07 November 2018, 21:12:55 UTC
0c00826 feliam 07 November 2018, 17:41:25 UTC Fix. (#1265) * Fix. Invalidate ArrayProxy concrete cache on symbolic writes * typo 07 November 2018, 17:41:25 UTC
8086cb0 feliam 06 November 2018, 16:45:30 UTC New simplification with tests and new state.solve_minmax aux fuc (#1261) * New simplification with tests and new state.solve_minmax aux fuc * CC * CC * Oops, fix concat endianess * Forgot to initialize begining * tests solve_minmax * Absurd mappings test 06 November 2018, 16:45:30 UTC
8032a06 Mark Mossberg 05 November 2018, 22:52:17 UTC Copy event system state during state fork (#1215) * full copy the _forwards * Forward events when we load * Add more documentation on the Eventful API * move into Eventful * copy signals too * rename * rm * use proper type hint 05 November 2018, 22:52:17 UTC
e4e0829 Stephan Tolksdorf 05 November 2018, 17:38:23 UTC Fix exception handling in EVM.transact._pre_func (#1246) * Fix exception handling in EVM.transact._pre_func Fixes issue 1237. * Fix duplicate pre-instruction events for EVM instructions with args that need to be concretized * Add a test for a CALL with concretized args to eth_general.py 05 November 2018, 17:38:23 UTC
c59c7dc Stephan Tolksdorf 05 November 2018, 13:00:31 UTC Fix event forwarding after state fork in EVM message call (#1256) Fixes issue #1255. Also adds type hints to some private attributes of the EVMWorld class. 05 November 2018, 13:00:31 UTC
7bbec7b Alex A 05 November 2018, 12:35:51 UTC Added STMDA and STMDB instructions semantics (#1245) * Added STMDA and STMDB instructions semantics STM and STMIB are already implemented. STMDA and STMDB simply call the helper function _STM(). This function is modified to support decrementing the address. See also ARM Architecture Reference Manual. * Refactored LDM/STM-related code, added docstrings and unit tests * checked if the S bit is set (usermode), which is unsupported * refactored the _LDM() and _STM() functions to be easier to understand * if PC is specified in the registers of LDM, change mode if necessary * added the missing LDM* and STM* instructions semantics * added docstring to _LDM() and _STM() * added unit tests for all the instructions (+ check writeback) 05 November 2018, 12:35:51 UTC
07841ae Alex A 04 November 2018, 19:12:31 UTC Added CBZ, TBB and TBH instructions semantics (#1243) * Added CBZ, TBB and TBH instructions semantics CBZ was not implemented while CBNZ was. As far as Manticore is concerned, CBZ is the same as CBNZ, but with two possible destination addresses exchanged. TBB and TBH instructions are often used for switches. According to the ARM documentation, the base register contains the address of a table of bytes/half-words, and the index register contains an index into this table. The selected value is then shifted left by one and zero-extended to 32-bits before being added to the current PC. If the PC register is used as the base, the table is then located immediately after the instruction. See also ARM Architecture Reference Manual Thumb-2 Supplement. * Added docstring and comments to instructions * Added unit tests for the cbz/cbnz/tbb/tbh instructions * Taking into account the review 04 November 2018, 19:12:31 UTC
240f9d5 Alex A 04 November 2018, 19:11:06 UTC Added ADR, ADDW and SUBW instructions semantics (#1244) * Added ADR, ADDW and SUBW instructions semantics These 3 instructions can be used to load PC-relative addresses. The ADDW and SUBW instructions can also be used with other source registers. When the PC register is used as the source, the ARM documentation specifies that the offset is added or subtracted from ALIGN(pc, 4). See also the ARM Architecture Reference Manual Thumb-2 Supplement. * Added docstring to instructions * Added unit tests for the adr/addw/subw instructions * Taking into account the review 04 November 2018, 19:11:06 UTC
9c9fb92 Alex A 03 November 2018, 12:42:52 UTC Fix wrong mode being pickled for the initial state only (#1241) * Fix wrong mode being pickled for the initial state only If the entrypoint of an program is located on a Thumb mode instruction (if the least significant bit of the entrypoint is set), the wrong mode will be saved in the pickled initial state because the mode switching is only happening later. This commit fixes this issue by switching mode before the pickling, and unsetting the LSbit of the PC to avoid reading the wrong instruction bytes. * Added unit test for thumb mode entrypoint * Refactored the unit test to remove nested code * Inverted success's default value 03 November 2018, 12:42:52 UTC
e0f5f67 Alex A 03 November 2018, 11:48:50 UTC Use the address of symbolic conditional instructions (#1239) * Use the address of symbolic conditional instructions When two symbolic conditional instructions follow sequentially, the two paths of the first instruction will be explored. But when the exploration reaches the second instruction, because the at_symbolic_conditional flag has already been set by the first one, only one of the two possible paths will be explored. This commit fixes this issue by replacing the boolean flag by the address of the instruction, which ensure the flag has been set for the current instruction. * Added unit test for chained symbolic conditionals * Add a comment about code assembled to 0x1004 * Added more comments to the unit test 03 November 2018, 11:48:50 UTC
84c6abb Stephan Tolksdorf 03 November 2018, 00:37:10 UTC Fix type check for caller arg in ManticoreEVM._transaction (#1238) The error was introduced in commit e18016a. 03 November 2018, 00:37:10 UTC
bea8617 Evgeniy Filatov 03 November 2018, 00:33:43 UTC added timeout support for ManticoreEVM (#1186) * added timeout for solidity manticore runner * added tests for solidity timeout * Update test_binaries.py * added timeout to config 03 November 2018, 00:33:43 UTC
b0715ff Alex A 02 November 2018, 23:16:09 UTC Fix TypeError when rendering a symbolic register value (#1250) 02 November 2018, 23:16:09 UTC
fb5b100 Disconnect3d 02 November 2018, 23:15:22 UTC Add support for cross directory imports (#1233) * Add support for cross directory imports * Fix travis build * Fix tests * WIP * Fix tests * Add to multi_tx_analysis * Fix codeclimate * Use fstring formatting 02 November 2018, 23:15:22 UTC
594f5f7 Alex A 02 November 2018, 11:04:34 UTC Fix emulation being performed in the wrong mode (#1240) * Fix emulation being performed in the wrong mode After the merge of the PR referenced at the end of this message into the master branch of Unicorn in July 2016, the emulation mode is set according to the least significant of bit of the program counter when it is updated. When an instruction is not implemented at Manticore's level and emulation is used, the PC value passed to the emu_start() function will trigger a switch of the current mode, setting it back to ARM mode instead of Thumb mode. This commit fixes this issue by ensuring that the least significant bit of the PC is set when Thumb mode emulation is performed. See https://github.com/unicorn-engine/unicorn/pull/592 * Don't check mode if arch isn't ARM * Log instruction during emulation * Added unit test for thumb mode emulation * Reuse code from test_armv7cpu.py * Add assertion for cpu mode * Check if Unicorn stayed in Thumb mode 02 November 2018, 11:04:34 UTC
152401c Alex A 01 November 2018, 22:19:15 UTC Allow file offsets not aligned on page size (#1242) * Allow file offsets not aligned on page size When mapping into memory uncommon ELF executables having their segments file offsets not aligned on the system page size, the call to mmap_function() will fail silently. It will actually return 0xffffffff, which isn't checked anywhere and will only be detected when trying to read/write/free the memory area. Because this ELF files triggering this issue are programmatically crafted from binaries into a proprietary format, it won't be happening for all other executables. But Manticore should support binaries as generic as possible. This commit allows mapping into memory files having offsets not aligned on the system page size by simply aligning the file offset when mmap'ing, and returning a pointer shifted from the necessary correction. When munmap'ing the memory, the address is aligned again to recovery the initial one given when mmap'ing. * Fixed the size passed to mmap and added comments * Fixed the size passed to unmap * Added unit test for unaligned mappings * Update comment * Added new asserts, reformatted comments * Checking if the CI fails because of the removed cast 01 November 2018, 22:19:15 UTC
fc83f8f Disconnect3d 01 November 2018, 18:44:09 UTC Exclude tests from package (#1248) 01 November 2018, 18:44:09 UTC
a040d56 feliam 31 October 2018, 23:06:32 UTC Let EVMAccount control the gas of the transaction. (#1235) * Let EVMAccount control the gas of the transaction. Forgiving default added * Let EVMAccount control the gas of the transaction. Forgiving default added 31 October 2018, 23:06:32 UTC
220a481 Alex A 31 October 2018, 14:55:04 UTC Fix missing % operator (#1232) 31 October 2018, 14:55:04 UTC
4365bc0 Mark Mossberg 31 October 2018, 02:13:44 UTC Manticore 0.2.2 (#1229) * Bump version numbers, changelog skeleton * Initial changelog writeup * Add contributors * fix contributors * Updated `CHANGELOG.md` to reflect the new features in #1054 * Update `CHANGELOG.md` to reflect new feature from #1138 31 October 2018, 02:13:44 UTC
3a7857f Disconnect3d 30 October 2018, 16:59:45 UTC Add RaceConditionDetector (#1138) * Add RaceCondition detector * Review fixes * Add RaceConditionDetector test * Fix codeclimate issue * RaceConditionDetector: fixes and 2nd test * Remove pc from detector testcases As it is not used in there and may change between solc versions * Fix codeclimate and tests * Cache is_in_function in RaceCondDetector * Better is_in_function cache for RaceCondDetector * Fix parser -> eth_flags 30 October 2018, 16:59:45 UTC
bd094dd feliam 30 October 2018, 15:24:34 UTC Make account address provider more yellow (#1054) * DAO detector + bugfixes * The actual benchmark tests * The actual benchmark tests * CC * Experiment reporting the finding at a JUMPI * Fix taint. Detect returned overflowded data * DAO -> Reentrancy * DAO -> reentrancy, C -> Benchmark * DAO -> reentrancy, C -> Benchmark * Allow function names to have numbers * Fix contract names in benchmark * Fix contract names in benchmark * Move default plugin registration * Better regexp * Fix minimal_bytecode example * Fix Array Slice and test * add tests * correct other bug * implement bytesM * BROKEN partial progress * need bytearray here * rm cmt * add basic tests for bytesM and bytes symbolic * correct bytes symbolic test * Refactor, clean bytesM handling * Add initial symbolic 'bytes' handling * refactor tests * Unify symbolic/concrete bytes handling in bytesM/bytes * Rm import * Rm debug assert * cc * Visitor/migrate/simplify fixes to make the seth refactor pass * Fix concolic? * Fix concolic? * CC * bytesM fix * Fix address and caller concretization on symb tx * Fix/refactor symbolic address/caller concretization * Fix caller concretization * Fix expression visiting * Fix account policy refactor * Accept numbers in function names abitypes * Simplify installation instructions to recommend install manticore only for the current user * Simple recursive length prefix encoding implementation * Contracts created by other contracts have correct addresses (#966) * Increment caller's nonce on transaction * Handle more nonce incrementing edge cases * merge new master * merge * Workaround for a name collision in pysha3 * Removed duplicate code and improved error reporting * Fix a syntax error related to the use of `+=` * `create_address` -> `new_address` * Updated the rlp encoding library to support py3 unicode and byte strings * Remove sha3 workaround since it was fixed in pysha3 1.0.2 Also relevant: https://github.com/tiran/pysha3/issues/12 * Fix comment indentation * Added comments and fixed a bug related to py3 refactor * added doctests for RLP encoding * Simplify the nonce assignment * Simplify nonce increment * Simplify an isinstance * Simplify another isinstance * No more `long` in Python3 * Yellow paper "ish" account addresses * More support for Yellow paper "ish" addressing * Remove unnecessary whitespace * Temporary solution for human generated account nonce tracking * Use `EVMWorld` for nonce accounting instead of `EVMAccount` * No need for `_get_nonce` to be private anymore * Added a missing import that's also missing in master * Allow `create_account` to be called without `address` * Simplify `get_nonce` to avoid keeping all states in memory * Change an error type because it's not an EVM problem * Fix nonce incrementing semantics * Raise an error if a contract with a contract with a symbolic address creates another contract * Don't fail catestrophically if Manticore isn't run from the main thread * Fixes an issue (also extant in master) where local variables were being overwritten in a loop See https://github.com/trailofbits/manticore/pull/1054#pullrequestreview-161804134 * Switch to using Py3 f-Strings * Raise an error if a contract with a symbolic address tries to create another contract See https://github.com/trailofbits/manticore/pull/1054#pullrequestreview-161783324 * Syntax tweaks to satisfy Code Climate * Whitespace tweaks to satisfy Code Climate * Clean up nonce initialization and incrementing See https://github.com/trailofbits/manticore/pull/1054#discussion_r223547433 * Added missing object name * Fix address calculation in 'CREATE' transactions * Fix `pyevmasm` to version 0.1.0 until we update unit tests to match the new gas cost calculations in 0.1.1 * Add a unit test for RLP that delegates to the doctests in `utils/rlp.py` 30 October 2018, 15:24:34 UTC
b1c7f10 Mark Mossberg 30 October 2018, 13:08:07 UTC don't show misleading msg if state count is 0 (#1228) 30 October 2018, 13:08:07 UTC
4340322 Mark Mossberg 30 October 2018, 09:51:07 UTC Fix warning logic (#1227) 30 October 2018, 09:51:07 UTC
4005bfc Mark Mossberg 29 October 2018, 09:00:51 UTC Improve exceptions and errors (#1218) * Fix vague EthereumErrors * errors * Revert some changes 29 October 2018, 09:00:51 UTC
a7bf228 Stephan Tolksdorf 26 October 2018, 23:18:48 UTC Fix all ResourceWarnings triggered by the test suite (#1224) * Prevent ResourceWarnings in Z3Solver._stop_proc * Wrap temporary uses of open in with statement * Close program file in platforms.linux.Linux destructor * Close files opened in tests This commit also ensures that the tempdir created in _create_openat_state in test_linux.py is deleted at the end of the test. * Fix binary file open modes * Enable ResourceWarnings in Travis build * Fix codeclimate issue: bad indent * Suppress harmless ResourceWarning emitted during the initial abitypes parser table generation 26 October 2018, 23:18:48 UTC
de81323 Alan 26 October 2018, 23:17:37 UTC Add AbandonState Exception (Fixes #1222) (#1226) * add AbandonState exception class * check instanceof exception when state is terminating 26 October 2018, 23:17:37 UTC
815c33c Disconnect3d 26 October 2018, 20:49:51 UTC Revert "Add AbandonState exception" (#1225) * Revert "Add AbandonState exception (#1222)" This reverts commit cd0a91a0fc7583e0ca6210fbada775c49812b645. 26 October 2018, 20:49:51 UTC
22ab330 Srinivas P G 26 October 2018, 19:09:02 UTC Fixes issue #170: Cannot control input size from cli (#1192) * add new argument for input_size and change function calls to include this argument * * Update - variable name to `stdin_size` - symbolic input size doc * default stdin_size global constant * Update __main__.py * Update __main__.py * update __init__.py to import STDIN_INPUT_DEFAULT_SIZE 26 October 2018, 19:09:02 UTC
cd0a91a Alan 26 October 2018, 18:34:09 UTC Add AbandonState exception (#1222) * add AbandonState exception class * check instanceof exception when state is terminating 26 October 2018, 18:34:09 UTC
ae992ab Mark Mossberg 24 October 2018, 18:20:46 UTC Add convenience assertion & generate API (#1221) * add condition param * invert API, rename to only_if * Fully doc * return bool if testcase was generated * add a unit test 24 October 2018, 18:20:46 UTC
2a634b7 Mark Mossberg 24 October 2018, 05:58:28 UTC Eth updates (#1195) * Add offset param to interface for extract a uint of variable with * add leniency for g * Rename attr * other change * bugs * Automatically truncate sym vars that are too big This is opinionated. Users use m.make_symbolic_value() to pass symbolic arguments to contract functions. this creates a 256 bitvec by default. if they do this for an argument that is not 256 bits, an `address` for example, this would previously cause an AssertionError in ZEXTEND because we're trying to ZEXTEND down to a smaller size (160 bits). Manticore has all the information it needs to do the right thing here, and automatically truncate the symbolic variable, so this implements that. * Fix logic bug in _readBE * make padding default False because it's never used? * h tx * clean comment * clearer comment * fix bug, size should always be nbytes * move type forgiveness up to the serialize() level * fix logic bug - correctly loop * update callsites correctly * better err msg * fix * add tests for str args to ctor 24 October 2018, 05:58:28 UTC
75bbd8a Stephan Tolksdorf 24 October 2018, 03:28:57 UTC Fix handling of overloaded functions and some other issues in SolidityMetadata (#1212) * Fix constructor and fallback function handling in Solidity metadata import Also adds a tuple length check to ABI._serialize_tuple. Fixes issue #1209. * Fix handling of overloaded functions and some other issues in SolidityMetadata Fixes issue #1210. This commit - rewrites SolidityMetadata.__init__ to fix the handling of overloaded functions, - separates the abi items for functions, events, constructor and fallback function into separate properties (though the event items are not yet publicly exposed), - removes the `abi` property, - removes the `add_function` method, - adds a decorator for deprecating functions, - deprecates the `functions` and `hashes` properties due to their problematic handling of the fallback function and adds `function_signatures` and `function_selectors` as replacements, - deprecates the `get_hash` method, which seems redundant in its current form, - adds static methods for constructing function and tuple type signatures that can handle ABIv2 tuple arguments, - adds the `constructor_abi`, `has_non_default_constructor` and `has_non_default_fallback_function` properties, and - adds some docstrings and type annotations. * Don't pass sym arg if one is not declared * Fix SolidityMetada.get_func_argument_types * Add type checks for the selector arguments to the SolidityMetadata.get_* methods * Add tests for the new and changed methods in SolidityMetadata * Fix the eth_detectors.py tests None of the test contracts actually has a constructor that accepts arguments. * Replace ValueError with TypeError in SolidityMetadata method argument type checks 24 October 2018, 03:28:57 UTC
72dc3ec Catena cyber 22 October 2018, 18:32:40 UTC Implements some missing X86 XMM instructions (#1120) * Adds X86 instructions (like pcmpgtd) * Unimplemented instructions egt logges as warnings * Adds tests for SSE instructions such as pmaxub xmm4, xmm3 * Coding style * Tests corrections * test_PMAXUB_symbolic * Update manticore/core/cpu/x86.py Co-Authored-By: catenacyber <contact@catenacyber.fr> * Adds docstrings * Update x86.py 22 October 2018, 18:32:40 UTC
d161243 Disconnect3d 22 October 2018, 14:02:37 UTC Properly split z3 command (#1208) 22 October 2018, 14:02:37 UTC
18b829b Stephan Tolksdorf 22 October 2018, 14:01:10 UTC Fix fallback function matching in ethereum.FilterFunctions (#1197) * Fix fallback function matching in ethereum.FilterFunctions.will_open_transaction_callback and add test Fixes issue #1196. * Update eth_general.py 22 October 2018, 14:01:10 UTC
98190d8 Disconnect3d 20 October 2018, 11:25:49 UTC Remove ethereum.py (#1198) 20 October 2018, 11:25:49 UTC
5c44a34 Disconnect3d 18 October 2018, 09:03:19 UTC Convert format strings to literal string interpolation [rebased] (#1194) * Convert format strings to literal string interpolation This commit converts most (only a couple of exceptions) of the formatted strings in Manticore to follow PEP-0498, literal string interpolation. * Converted most format strings to f-strings, except for some in tests * Fixing codeclimate issues * Updated the new format strings that appeared after merging, fixed a flipped set of parameters * Fixed another incorrect quote typo * fixed extra quote typo 18 October 2018, 09:03:19 UTC
217634a Moksh Jain 17 October 2018, 20:22:29 UTC String representation for Manticore EVM (#1188) * __str__ and __repr__ for ManticoreEVM * make __repr__ call __str__ 17 October 2018, 20:22:29 UTC
79851a4 Srinivas P G 17 October 2018, 13:44:27 UTC Issue 1071 --> Global lock held for a bit long (#1187) - Problem: * Global lock need to be held until the required variables are fetched * Lock should be released further while processing further - Fix: * Scope the lock loop until the variables are set - Uncertain: * A similar scenario in `choice` function, should it be fixed as well? * Do we have to explicitly unlock? * Should there be any error handle for failures in lock loop? 17 October 2018, 13:44:27 UTC
3074e34 Mark Mossberg 16 October 2018, 22:22:00 UTC Fix logic (#1190) 16 October 2018, 22:22:00 UTC
efc8325 Mark Mossberg 15 October 2018, 07:04:58 UTC Fix logic in warning check (#1191) It used to falsely warn if there were 0 declared arguments, and 0 were given. 15 October 2018, 07:04:58 UTC
444c3d2 Mark Mossberg 11 October 2018, 05:34:12 UTC Delete ethereum.py (#1185) it was accidentally added back 11 October 2018, 05:34:12 UTC
e153ded Mark Mossberg 10 October 2018, 12:58:05 UTC Fix detect reentrancy adv. cli (#1183) * Fix detect reentrancy adv. cli * Update __main__.py 10 October 2018, 12:58:05 UTC
d23adfa feliam 10 October 2018, 12:57:14 UTC Change selfdestruct list to a set to avoid dups (#1180) * Change selfdestruct list to a set to avoid dups * Fix for selfdestruct decoupled account deletion and test for it added * Remove comment 10 October 2018, 12:57:14 UTC
d3fc20e Yan Ivnitskiy 10 October 2018, 02:31:55 UTC Introduce a configuration system (#1139) This PR introduces a config/globals management system that addresses a few concerns about manticore: 1. The lack of a method to update certain configuration constants from Manticore's environment (such as solver timeout). 2. The ability to maintain a configuration file with a set of persistent flags and settings to simplify manticore invocation. (i.e. always enable all EVM detectors) 3. Make a central global place for configuration constants. ## Implementation This PR adds the `manticore.utils.config` module. It implements a way to create and set configuration groups. Manticore's `main` tries loading all groups/values from yaml files in `$PWD` (file can be `.manticore.yml`, `manticore.yml`, `.mcore.yml`, or `mcore.yml`). A `manticore.yml` is also now produced in workspace directory upon a run's completion. Variable values take the following precedence, lowest to highest: 1. The default value declared in the top of a module. 2. The configuration file read 3. The CLI if the variable is also a command line argument. (All command line arguments can be set in the yml under the key `cli`) New flag, `--config` has been added to specify a config file if it's not one of the files that are automatically discovered. `--config-print` dumps all declared constants that can be set. Declaring a configuration group is pretty straightforward. The following is a snippet from the top of `solver.py`: ``` consts = config.get_group('smt') consts.add('timeout', default=240, description='Timeout, in seconds, for each Z3 invocation') consts.add('memory', default=16384, description='Max memory for Z3 to use (in Megabytes)') consts.add('maxsolutions', default=10000, description='Maximum solutions to provide when solving for all values') ``` Then using it later is as simple as referring to `consts.memory` or `consts.timeout`. Fixes #372 <!-- Reviewable:start --> --- This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/trailofbits/manticore/1139) <!-- Reviewable:end --> 10 October 2018, 02:31:55 UTC
fb70047 feliam 09 October 2018, 17:10:15 UTC Add specific ad-hoc delegatecall test and fix (#1179) 09 October 2018, 17:10:15 UTC
12d783a redyoshi49q 09 October 2018, 16:58:55 UTC Colored Output (#1177) * colored output implemented; command line option for the same still pending * command line option for disabling colors added * adjusted coding style as per pull request comments 09 October 2018, 16:58:55 UTC
d3d8175 Mark Mossberg 09 October 2018, 16:55:11 UTC Add check and warning for mismatched args (#1181) * Port code to namedtuple to make more readable self._hashes[0][0][0][0][0][0][0] X_x * fmt * Port * rm * hack to make logging work :( * add check and warn * rm prints * better msg 09 October 2018, 16:55:11 UTC
53bf99c Mark Mossberg 09 October 2018, 16:54:53 UTC Add optional param to apply constraint to state (#1182) * Add optional param to apply constraint to state * Add symmetric API for solve_buffer 09 October 2018, 16:54:53 UTC
2a4d62a feliam 05 October 2018, 19:18:04 UTC Fix Consensus-errors.1 & 2 (#1172) * Fix Consensus-errors.1 * jumpdest after a JUMPI must be checked only if condition (that could be symbolic) holds * handle create bytecode arguments vs. jumpdests * Update evm.py * revwed * revwed * revwed * revwed * Add test docstring 05 October 2018, 19:18:04 UTC
5b14177 feliam 04 October 2018, 21:24:22 UTC Extra verbose debug trace generator plugin (#1126) * Extra verbose debug trace generator plugin * CC * Reviewed * typo * reviewd 04 October 2018, 21:24:22 UTC
6b1241b feliam 04 October 2018, 17:34:37 UTC Fix sha3 symbolic (#1176) 04 October 2018, 17:34:37 UTC
98b9d36 Mark Mossberg 01 October 2018, 21:24:22 UTC Emit tx data in machine readable format (#1162) * initial * move dict transform out * docstr 01 October 2018, 21:24:22 UTC
2f3f382 Mark Mossberg 01 October 2018, 18:29:25 UTC Refactor eth state summary generation (#1161) * move summary out * move tx out * add Transaction.concretize() - initial port * little cleanup * port everything over * more clean * support conc_tx arg * move back in, since it's small now * clean * fill out docstring * refactor flagged - move into module scope * reduce complexity, we'll add it back when it's needed * dang * initial * clean * rm unnecessary * move back into _generate_testcase_callback * rm unused * move to bottom 01 October 2018, 18:29:25 UTC
6317009 Mark Mossberg 01 October 2018, 17:01:08 UTC Move transaction testcase generation code into transaction (#1159) * move summary out * move tx out * add Transaction.concretize() - initial port * little cleanup * port everything over * more clean * support conc_tx arg * move back in, since it's small now * clean * fill out docstring * refactor flagged - move into module scope * reduce complexity, we'll add it back when it's needed * dang 01 October 2018, 17:01:08 UTC
b700239 Mark Mossberg 28 September 2018, 22:01:59 UTC Refactor _generate_testcase_callback (#1155) * move summary out * move tx out 28 September 2018, 22:01:59 UTC
c5f8e04 Mark Mossberg 27 September 2018, 21:26:32 UTC Add missing TerminateState (#1156) 27 September 2018, 21:26:32 UTC
17ec659 Mark Mossberg 27 September 2018, 19:30:24 UTC Continue cleanup of ethereum package (#1154) * move ABI into separate module * move accounts out * fix circular import * add account * mv solidity stuff out add solidity file 27 September 2018, 19:30:24 UTC
c16fd11 Mark Mossberg 21 September 2018, 21:42:10 UTC small ethleak improvement (#1153) also check if dest can solve to > 1 21 September 2018, 21:42:10 UTC
f9b663c Mark Mossberg 21 September 2018, 19:05:38 UTC Explicit smtlib imports in memory (#1152) * Explicit imports Previously pycharm would mark the `from abc` line as redundant. but this is brittle because ABCMeta etc only happened to be imported as a result of modules inside .smtlib importing ABCMeta. if we followed pycharm's advice, and remove this abc import, and if solver.py decided not to import ABCMeta anymore, this could would break. so this makes it less brittle. * final unresolved refs * fix imports 21 September 2018, 19:05:38 UTC
e28a5a7 Mark Mossberg 21 September 2018, 18:39:02 UTC raise error instead of silently fail (#1149) * raise error instead of silently fail * Fix import * Global exceptions file (#1151) * initial exceptions.py * Rename SolverException * smtlib error * smt error refactoring * misc * SolverError properly inherit * revert solvererror rename to make pr simpler 21 September 2018, 18:39:02 UTC
32fce8a Mark Mossberg 20 September 2018, 21:51:28 UTC more descriptive err (#1148) 20 September 2018, 21:51:28 UTC
back to top