Merge pull request #14582 from holiman/jumpdest_improv

core/vm: improve jumpdest analysis

Merge pull request #14582 from holiman/jumpdest_improv
core/vm: improve jumpdest analysis
bce5d837 · Péter Szilágyi · GitHub · 43c8a191 · 96ddf27a · bce5d837
Unverified Commit bce5d837 authored 7 years ago by Péter Szilágyi Committed by GitHub 7 years ago
Hide whitespace changes
Inline Side-by-side

Showing with 96 additions and 14 deletions

analysis.go core/vm/analysis.go +43 -14

analysis_test.go core/vm/analysis_test.go +53 -0

No files found.
--- a/core/vm/analysis.go
+++ b/core/vm/analysis.go
@@ -25,7 +25,7 @@ import (
 // destinations stores one map per contract (keyed by hash of code).
 // The maps contain an entry for each location of a JUMPDEST
 // instruction.
-type destinations map[common.Hash][]byte
+type destinations map[common.Hash]bitvec

 // has checks whether code has a JUMPDEST at dest.
 func (d destinations) has(codehash common.Hash, code []byte, dest *big.Int) bool {
@@ -38,24 +38,53 @@ func (d destinations) has(codehash common.Hash, code []byte, dest *big.Int) bool

 	m, analysed := d[codehash]
 	if !analysed {
-		m = jumpdests(code)
+		m = codeBitmap(code)
 		d[codehash] = m
 	}
-	return (m[udest/8] & (1 << (udest % 8))) != 0
+	return OpCode(code[udest]) == JUMPDEST && m.codeSegment(udest)
 }

-// jumpdests creates a map that contains an entry for each
-// PC location that is a JUMPDEST instruction.
-func jumpdests(code []byte) []byte {
-	m := make([]byte, len(code)/8+1)
-	for pc := uint64(0); pc < uint64(len(code)); pc++ {
+// bitvec is a bit vector which maps bytes in a program.
+// An unset bit means the byte is an opcode, a set bit means
+// it's data (i.e. argument of PUSHxx).
+type bitvec []byte
+
+func (bits *bitvec) set(pos uint64) {
+	(*bits)[pos/8] |= 0x80 >> (pos % 8)
+}
+func (bits *bitvec) set8(pos uint64) {
+	(*bits)[pos/8] |= 0xFF >> (pos % 8)
+	(*bits)[pos/8+1] |= ^(0xFF >> (pos % 8))
+}
+
+// codeSegment checks if the position is in a code segment.
+func (bits *bitvec) codeSegment(pos uint64) bool {
+	return ((*bits)[pos/8] & (0x80 >> (pos % 8))) == 0
+}
+
+// codeBitmap collects data locations in code.
+func codeBitmap(code []byte) bitvec {
+	// The bitmap is 4 bytes longer than necessary, in case the code
+	// ends with a PUSH32, the algorithm will push zeroes onto the
+	// bitvector outside the bounds of the actual code.
+	bits := make(bitvec, len(code)/8+1+4)
+	for pc := uint64(0); pc < uint64(len(code)); {
 		op := OpCode(code[pc])
-		if op == JUMPDEST {
-			m[pc/8] |= 1 << (pc % 8)
-		} else if op >= PUSH1 && op <= PUSH32 {
-			a := uint64(op) - uint64(PUSH1) + 1
-			pc += a
+
+		if op >= PUSH1 && op <= PUSH32 {
+			numbits := op - PUSH1 + 1
+			pc++
+			for ; numbits >= 8; numbits -= 8 {
+				bits.set8(pc) // 8
+				pc += 8
+			}
+			for ; numbits > 0; numbits-- {
+				bits.set(pc)
+				pc++
+			}
+		} else {
+			pc++
 		}
 	}
-	return m
+	return bits
 }
--- a/core/vm/analysis_test.go
+++ b/core/vm/analysis_test.go
+// Copyright 2017 The go-ethereum Authors
+// This file is part of the go-ethereum library.
+//
+// The go-ethereum library is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Lesser General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// The go-ethereum library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
+
+package vm
+
+import "testing"
+
+func TestJumpDestAnalysis(t *testing.T) {
+	tests := []struct {
+		code  []byte
+		exp   byte
+		which int
+	}{
+		{[]byte{byte(PUSH1), 0x01, 0x01, 0x01}, 0x40, 0},
+		{[]byte{byte(PUSH1), byte(PUSH1), byte(PUSH1), byte(PUSH1)}, 0x50, 0},
+		{[]byte{byte(PUSH8), byte(PUSH8), byte(PUSH8), byte(PUSH8), byte(PUSH8), byte(PUSH8), byte(PUSH8), byte(PUSH8), 0x01, 0x01, 0x01}, 0x7F, 0},
+		{[]byte{byte(PUSH8), 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01}, 0x80, 1},
+		{[]byte{0x01, 0x01, 0x01, 0x01, 0x01, byte(PUSH2), byte(PUSH2), byte(PUSH2), 0x01, 0x01, 0x01}, 0x03, 0},
+		{[]byte{0x01, 0x01, 0x01, 0x01, 0x01, byte(PUSH2), 0x01, 0x01, 0x01, 0x01, 0x01}, 0x00, 1},
+		{[]byte{byte(PUSH3), 0x01, 0x01, 0x01, byte(PUSH1), 0x01, 0x01, 0x01, 0x01, 0x01, 0x01}, 0x74, 0},
+		{[]byte{byte(PUSH3), 0x01, 0x01, 0x01, byte(PUSH1), 0x01, 0x01, 0x01, 0x01, 0x01, 0x01}, 0x00, 1},
+		{[]byte{0x01, byte(PUSH8), 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01}, 0x3F, 0},
+		{[]byte{0x01, byte(PUSH8), 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01}, 0xC0, 1},
+		{[]byte{byte(PUSH16), 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01}, 0x7F, 0},
+		{[]byte{byte(PUSH16), 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01}, 0xFF, 1},
+		{[]byte{byte(PUSH16), 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01}, 0x80, 2},
+		{[]byte{byte(PUSH8), 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, byte(PUSH1), 0x01}, 0x7f, 0},
+		{[]byte{byte(PUSH8), 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, byte(PUSH1), 0x01}, 0xA0, 1},
+		{[]byte{byte(PUSH32)}, 0x7F, 0},
+		{[]byte{byte(PUSH32)}, 0xFF, 1},
+		{[]byte{byte(PUSH32)}, 0xFF, 2},
+	}
+	for _, test := range tests {
+		ret := codeBitmap(test.code)
+		if ret[test.which] != test.exp {
+			t.Fatalf("expected %x, got %02x", test.exp, ret[test.which])
+		}
+	}
+
+}