- The
peckdirectory contains a parser that transforms a Solidity contract into an intermediate representation (IR), and derives Datalog facts that encode the contract’s IR. You must not edit any files in this folder.. - The
projectdirectory contains the code template for your project. Technical details on the IR and its representation in Datalog can be found inproject/README-IR.md. Theproject/test_contractsdirectory contains example test contracts with annotated ground truth in comments. Theproject/analyze.dlandproject/analyze.pyare the main source files for the analysis.
The project requires python 3.7, solc 0.5.7 and souffle 1.5.1. On the evaluation machine, we will use python 3.7.9. You will need the following software and library:
- Solidity: https://github.com/ethereum/solidity
- Graphviz: https://gitlab.com/graphviz/graphviz/
- Souffle: https://github.com/souffle-lang/souffle
- py-solc: https://github.com/ethereum/py-solc
Make sure you have the required executables and versions in your system’s PATH. For Solidity and Souffle, you can find specific versions under the Github release page.
$ python --version
Python 3.7.9
$ solc --version
solc, the solidity compiler commandline interface
Version: 0.5.7
$ souffle --version
Souffle: 1.5.1
Then create a python virtual environment and install python dependencies.
$ python -m venv venv
$ source venv/bin/activate
$ pip install --upgrade pip
$ pip install -e .
Try it out:
$ cd project
$ python analyze.py test_contracts/0.sol
Tainted
You can also inspect the contract’s control flow graph / Datalog representation:
$ python analyze.py --visualize test_contracts/0.sol
$ ls test_contract_out
facts.pdf graph.pdf