- The
peck
directory contains a parser that transforms a Solidity contract into an intermediate representation (IR), and derives Datalog facts that encode the contract’s IR. You must not edit any files in this folder.. - The
project
directory contains the code template for your project. Technical details on the IR and its representation in Datalog can be found inproject/README-IR.md
. Theproject/test_contracts
directory contains example test contracts with annotated ground truth in comments. Theproject/analyze.dl
andproject/analyze.py
are the main source files for the analysis.
The project requires python 3.7
, solc 0.5.7
and souffle 1.5.1
. On the evaluation machine, we will use python 3.7.9
. You will need the following software and library:
- Solidity: https://github.com/ethereum/solidity
- Graphviz: https://gitlab.com/graphviz/graphviz/
- Souffle: https://github.com/souffle-lang/souffle
- py-solc: https://github.com/ethereum/py-solc
Make sure you have the required executables and versions in your system’s PATH. For Solidity and Souffle, you can find specific versions under the Github release page.
$ python --version
Python 3.7.9
$ solc --version
solc, the solidity compiler commandline interface
Version: 0.5.7
$ souffle --version
Souffle: 1.5.1
Then create a python virtual environment and install python dependencies.
$ python -m venv venv
$ source venv/bin/activate
$ pip install --upgrade pip
$ pip install -e .
Try it out:
$ cd project
$ python analyze.py test_contracts/0.sol
Tainted
You can also inspect the contract’s control flow graph / Datalog representation:
$ python analyze.py --visualize test_contracts/0.sol
$ ls test_contract_out
facts.pdf graph.pdf