new infoleak with infra changes

- new infoleak detector based on abstract interpretation - new abstract interpretation shared lib - added support for instantiation of struct/record with abstract function - supported more new grammar - fixed some test suite labeling - updated divz detector - updated parser for priority of operand_preset and cast_destination - other small fixes
Veridise · Mar 6, 2024 · 975c8d8 · 975c8d8
1 parent 82d063a
commit 975c8d8
Show file tree

Hide file tree

Showing 16 changed files with 816 additions and 314 deletions.
diff --git a/README.md b/README.md
@@ -93,14 +93,14 @@ options:
   This will produce the following output:
 
   ```
-  |   id | program        | function   | detector   | result   | info           |
-  |------|----------------|------------|------------|----------|----------------|
-  |    0 | infoleak0.aleo | ex0        | infoleak   | unsafe   | [('r0', 'r0')] |
-  |    1 | infoleak0.aleo | ex1        | infoleak   | safe     | []             |
-  |    2 | infoleak0.aleo | ex2        | infoleak   | unsafe   | [('r0', 'r1')] |
+  |   id | program        | function   | detector   | result   | info                 |
+  |------|----------------|------------|------------|----------|----------------------|
+  |    0 | infoleak0.aleo | ex0        | infoleak   | unsafe   | ['output r0 as u8;'] |
+  |    1 | infoleak0.aleo | ex1        | infoleak   | safe     | []                   |
+  |    2 | infoleak0.aleo | ex2        | infoleak   | unsafe   | ['output r1 as i8;'] |
   ```
 
-  where the info column provides more information about the detected vulnerability. For example, in function `ex0` there's information leakage from variable `r0` to `r0` (direct returning of input), and in `ex2` from `r0` to `r1`. 
+  where the info column provides more information about the detected vulnerability. For example, in function `ex0` there's information leakage of `r0` via output command. 
 
 ### Calling from Source
 

diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [project]
 name = "vanguard"
-version = "0.0.3"
+version = "0.0.4"
 authors = [
   { name="Yanju Chen", email="yanju@veridise.com" },
 ]

diff --git a/tests/environment-test.ipynb b/tests/environment-test.ipynb
@@ -10,106 +10,106 @@
      "name": "stdout",
      "output_type": "stream",
      "text": [
-      "# parsing: treasure_hunt_v006.aleo ... 0.36554503440856934s\n",
-      "# parsing: aleo_monopoly_workshop.aleo ... 0.1255810260772705s\n",
-      "# parsing: treasure_hunt_v010.aleo ... 0.24871206283569336s\n",
-      "# parsing: zk_sra_encryption_v0_0_2.aleo ... 0.16360116004943848s\n",
-      "# parsing: aleo_monopoly_workshop4.aleo ... 0.1220407485961914s\n",
-      "# parsing: football_game_v008.aleo ... 0.5778369903564453s\n",
-      "# parsing: uniswap_v5.aleo ... 0.22901225090026855s\n",
-      "# parsing: wheres_alex_v018.aleo ... 0.12906479835510254s\n",
-      "# parsing: aleo_name_service_registry_v2.aleo ... 0.2705061435699463s\n",
-      "# parsing: aleo_monopoly_game4.aleo ... 0.10615396499633789s\n",
-      "# parsing: arcane_rfq_amm_v000004.aleo ... 0.15807294845581055s\n",
-      "# parsing: aleo_monopoly_workshop8.aleo ... 0.17359280586242676s\n",
-      "# parsing: aleo_monopoly_workshop10.aleo ... 0.16000795364379883s\n",
-      "# parsing: football_game_v004.aleo ... 0.47535204887390137s\n",
-      "# parsing: who_is_dash_pash_v20203.aleo ... 0.12885785102844238s\n",
-      "# parsing: wheres_alex_v014.aleo ... 0.14920496940612793s\n",
-      "# parsing: football_game_v012.aleo ... 0.467663049697876s\n",
-      "# parsing: tyron_app_test1.aleo ... 0.12160015106201172s\n",
-      "# parsing: distrofund_private_transfer_v2.aleo ... 0.2230231761932373s\n",
-      "# parsing: wheres_alex_v015.aleo ... 0.12886977195739746s\n",
-      "# parsing: football_game_v005.aleo ... 0.5462970733642578s\n",
-      "# parsing: zk_deck_shuffle_v0_0_1.aleo ... 3.310209035873413s\n",
-      "# parsing: aleo_monopoly_workshop9.aleo ... 0.4012451171875s\n",
-      "# parsing: arcane_rfq_amm_v000005.aleo ... 0.14769268035888672s\n",
-      "# parsing: aleo_name_service_registry_v3.aleo ... 0.24764513969421387s\n",
-      "# parsing: wheres_the_babycat.aleo ... 0.12900996208190918s\n",
-      "# parsing: wheres_alex_v019.aleo ... 0.15206503868103027s\n",
-      "# parsing: football_game_v009.aleo ... 0.5451600551605225s\n",
-      "# parsing: aleo_monopoly_workshop5.aleo ... 0.1286182403564453s\n",
-      "# parsing: credits.aleo ... 0.07400774955749512s\n",
-      "# parsing: treasure_hunt_v007.aleo ... 0.3282780647277832s\n",
-      "# parsing: council_v0001.aleo ... 0.10122108459472656s\n",
-      "# parsing: arcane_rfq_amm_v000002.aleo ... 0.24701595306396484s\n",
-      "# parsing: aleoswap05.aleo ... 0.324937105178833s\n",
-      "# parsing: aleo_game_shop.aleo ... 0.14039397239685059s\n",
-      "# parsing: football_game_v002.aleo ... 0.32152605056762695s\n",
-      "# parsing: wheres_alex_v012.aleo ... 0.1226961612701416s\n",
-      "# parsing: aleo_store_nft.aleo ... 0.16280078887939453s\n",
-      "# parsing: whos_the_father_v002.aleo ... 0.15648913383483887s\n",
-      "# parsing: graph_coloring_v1.aleo ... 0.9867310523986816s\n",
-      "# parsing: whoes_the_dragon_v01.aleo ... 0.20185399055480957s\n",
-      "# parsing: aleo_monopoly_workshop2.aleo ... 0.11683821678161621s\n",
-      "# parsing: zk_bitwise_stack_v0_0_1.aleo ... 0.4006638526916504s\n",
-      "# parsing: distrofund_private_transfer.aleo ... 0.2171032428741455s\n",
-      "# parsing: wheres_luna_v020.aleo ... 0.1642930507659912s\n",
-      "# parsing: aleo_monopoly_workshop3.aleo ... 0.12447500228881836s\n",
-      "# parsing: king_of_cat_v001.aleo ... 0.12898683547973633s\n",
-      "# parsing: treasure_hunt_v001.aleo ... 0.2535240650177002s\n",
-      "# parsing: whos_the_father_v003.aleo ... 0.12888002395629883s\n",
-      "# parsing: graph_coloring.aleo ... 1.1264252662658691s\n",
-      "# parsing: wheres_alex_v013.aleo ... 0.12445330619812012s\n",
-      "# parsing: aleo_monopoly_game16.aleo ... 0.1283130645751953s\n",
-      "# parsing: arcane_rfq_amm_v000003.aleo ... 0.14718389511108398s\n",
-      "# parsing: zk_ml_dna_v0.aleo ... 0.15928435325622559s\n",
-      "# parsing: double_color_ball.aleo ... 2.7822608947753906s\n",
-      "# parsing: wheres_alex_v010.aleo ... 0.11071991920471191s\n",
-      "# parsing: lymphography_decision_tree_v1.aleo ... 0.17121195793151855s\n",
-      "# parsing: arcane_amm_v2_0.aleo ... 0.2006239891052246s\n",
-      "# parsing: zk_bitwise_stack_v0_0_3.aleo ... 0.7765522003173828s\n",
-      "# parsing: imma_find_alex_v01.aleo ... 0.13179302215576172s\n",
-      "# parsing: sklearn_mlp_mnist_1.aleo ... 0.12671494483947754s\n",
-      "# parsing: treasure_hunt_v002.aleo ... 0.257781982421875s\n",
-      "# parsing: wheres_luna_v019.aleo ... 0.12881684303283691s\n",
-      "# parsing: whos_the_father_v001.aleo ... 0.12896108627319336s\n",
-      "# parsing: treasure_hunt_v003.aleo ... 0.29941868782043457s\n",
-      "# parsing: zk_bitwise_stack_v0_0_2.aleo ... 0.3985929489135742s\n",
-      "# parsing: wheres_jojo_v008.aleo ... 0.12965607643127441s\n",
-      "# parsing: arcane_rfq_amm_v000001.aleo ... 0.16470789909362793s\n",
-      "# parsing: zk_ml_dna_1700237585_v0.aleo ... 0.15587306022644043s\n",
-      "# parsing: aleoswap06.aleo ... 0.3032219409942627s\n",
-      "# parsing: nft_store_yong.aleo ... 0.16216278076171875s\n",
-      "# parsing: wheres_alex_v011.aleo ... 0.10870790481567383s\n",
-      "# parsing: football_random_v011.aleo ... 0.4026451110839844s\n",
-      "# parsing: testalphav1x1.aleo ... 0.4599008560180664s\n",
-      "# parsing: zk_bitwise_stack_v0_0_5.aleo ... 0.9710831642150879s\n",
-      "# parsing: hialstestv1.aleo ... 0.3415040969848633s\n",
-      "# parsing: what_does_gary_do_v001.aleo ... 0.1300978660583496s\n",
-      "# parsing: aleo_monopoly_workshop6.aleo ... 0.150360107421875s\n",
-      "# parsing: treasure_hunt_v004.aleo ... 0.2849142551422119s\n",
-      "# parsing: zk_ml_dna_1700246715_v0.aleo ... 0.15957093238830566s\n",
-      "# parsing: football_game_v010.aleo ... 0.5442087650299072s\n",
-      "# parsing: wheres_alex_v016.aleo ... 0.12591171264648438s\n",
-      "# parsing: football_game_v006.aleo ... 0.5015170574188232s\n",
-      "# parsing: arcane_rfq_amm_v000006.aleo ... 0.17210102081298828s\n",
-      "# parsing: treasure_hunt_v008.aleo ... 0.2880980968475342s\n",
-      "# parsing: aleo_name_service_registry_v1.aleo ... 0.2518031597137451s\n",
-      "# parsing: treasure_hunt_v009.aleo ... 0.3172299861907959s\n",
-      "# parsing: lymphography_xgboost_v1.aleo ... 0.3400380611419678s\n",
-      "# parsing: football_game_v007.aleo ... 0.5114998817443848s\n",
-      "# parsing: wheres_alex_v017.aleo ... 0.12790989875793457s\n",
-      "# parsing: wheres_alex_probably_weeds.aleo ... 0.1284809112548828s\n",
-      "# parsing: treasure_hunt_v005.aleo ... 0.3078649044036865s\n",
-      "# parsing: zk_sra_encryption_v0_0_1.aleo ... 0.0902097225189209s\n",
-      "# parsing: twoalkilining.aleo ... 0.1731257438659668s\n",
-      "# parsing: zkhack_mnist_v2.aleo ... 0.1536550521850586s\n",
-      "# parsing: wheres_joe_v019.aleo ... 0.13042306900024414s\n",
-      "# parsing: wheres_alex_by_joey11_v1.aleo ... 0.12970590591430664s\n",
-      "# parsing: aleo_monopoly_workshop7.aleo ... 0.12551403045654297s\n",
-      "# parsing: zk_bitwise_stack_v0_0_4.aleo ... 0.7628638744354248s\n",
-      "# parsing: alphaswap_v1.aleo ... 0.5072779655456543s\n"
+      "# parsing: treasure_hunt_v006.aleo ... 0.34779787063598633s\n",
+      "# parsing: aleo_monopoly_workshop.aleo ... 0.12547612190246582s\n",
+      "# parsing: treasure_hunt_v010.aleo ... 0.2432699203491211s\n",
+      "# parsing: zk_sra_encryption_v0_0_2.aleo ... 0.16161203384399414s\n",
+      "# parsing: aleo_monopoly_workshop4.aleo ... 0.11990594863891602s\n",
+      "# parsing: football_game_v008.aleo ... 0.5488848686218262s\n",
+      "# parsing: uniswap_v5.aleo ... 0.2239542007446289s\n",
+      "# parsing: wheres_alex_v018.aleo ... 0.12740397453308105s\n",
+      "# parsing: aleo_name_service_registry_v2.aleo ... 0.24753427505493164s\n",
+      "# parsing: aleo_monopoly_game4.aleo ... 0.12900400161743164s\n",
+      "# parsing: arcane_rfq_amm_v000004.aleo ... 0.1556079387664795s\n",
+      "# parsing: aleo_monopoly_workshop8.aleo ... 0.18530797958374023s\n",
+      "# parsing: aleo_monopoly_workshop10.aleo ... 0.16002297401428223s\n",
+      "# parsing: football_game_v004.aleo ... 0.4669189453125s\n",
+      "# parsing: who_is_dash_pash_v20203.aleo ... 0.1273338794708252s\n",
+      "# parsing: wheres_alex_v014.aleo ... 0.14441990852355957s\n",
+      "# parsing: football_game_v012.aleo ... 0.45942187309265137s\n",
+      "# parsing: tyron_app_test1.aleo ... 0.11498069763183594s\n",
+      "# parsing: distrofund_private_transfer_v2.aleo ... 0.19888782501220703s\n",
+      "# parsing: wheres_alex_v015.aleo ... 0.12262892723083496s\n",
+      "# parsing: football_game_v005.aleo ... 0.5159265995025635s\n",
+      "# parsing: zk_deck_shuffle_v0_0_1.aleo ... 3.3427340984344482s\n",
+      "# parsing: aleo_monopoly_workshop9.aleo ... 0.40294814109802246s\n",
+      "# parsing: arcane_rfq_amm_v000005.aleo ... 0.14778709411621094s\n",
+      "# parsing: aleo_name_service_registry_v3.aleo ... 0.24942994117736816s\n",
+      "# parsing: wheres_the_babycat.aleo ... 0.13100290298461914s\n",
+      "# parsing: wheres_alex_v019.aleo ... 0.15442514419555664s\n",
+      "# parsing: football_game_v009.aleo ... 0.5510199069976807s\n",
+      "# parsing: aleo_monopoly_workshop5.aleo ... 0.12297701835632324s\n",
+      "# parsing: credits.aleo ... 0.07080316543579102s\n",
+      "# parsing: treasure_hunt_v007.aleo ... 0.32471489906311035s\n",
+      "# parsing: council_v0001.aleo ... 0.11010289192199707s\n",
+      "# parsing: arcane_rfq_amm_v000002.aleo ... 0.2603728771209717s\n",
+      "# parsing: aleoswap05.aleo ... 0.31355762481689453s\n",
+      "# parsing: aleo_game_shop.aleo ... 0.1441662311553955s\n",
+      "# parsing: football_game_v002.aleo ... 0.32427000999450684s\n",
+      "# parsing: wheres_alex_v012.aleo ... 0.12132596969604492s\n",
+      "# parsing: aleo_store_nft.aleo ... 0.16173624992370605s\n",
+      "# parsing: whos_the_father_v002.aleo ... 0.1543598175048828s\n",
+      "# parsing: graph_coloring_v1.aleo ... 1.006282091140747s\n",
+      "# parsing: whoes_the_dragon_v01.aleo ... 0.20656824111938477s\n",
+      "# parsing: aleo_monopoly_workshop2.aleo ... 0.11718130111694336s\n",
+      "# parsing: zk_bitwise_stack_v0_0_1.aleo ... 0.4026181697845459s\n",
+      "# parsing: distrofund_private_transfer.aleo ... 0.21562480926513672s\n",
+      "# parsing: wheres_luna_v020.aleo ... 0.16715312004089355s\n",
+      "# parsing: aleo_monopoly_workshop3.aleo ... 0.1257779598236084s\n",
+      "# parsing: king_of_cat_v001.aleo ... 0.1271648406982422s\n",
+      "# parsing: treasure_hunt_v001.aleo ... 0.24799370765686035s\n",
+      "# parsing: whos_the_father_v003.aleo ... 0.12563395500183105s\n",
+      "# parsing: graph_coloring.aleo ... 1.125340223312378s\n",
+      "# parsing: wheres_alex_v013.aleo ... 0.1239628791809082s\n",
+      "# parsing: aleo_monopoly_game16.aleo ... 0.1281447410583496s\n",
+      "# parsing: arcane_rfq_amm_v000003.aleo ... 0.15100908279418945s\n",
+      "# parsing: zk_ml_dna_v0.aleo ... 0.16376709938049316s\n",
+      "# parsing: double_color_ball.aleo ... 2.8149960041046143s\n",
+      "# parsing: wheres_alex_v010.aleo ... 0.11389803886413574s\n",
+      "# parsing: lymphography_decision_tree_v1.aleo ... 0.17242002487182617s\n",
+      "# parsing: arcane_amm_v2_0.aleo ... 0.19998979568481445s\n",
+      "# parsing: zk_bitwise_stack_v0_0_3.aleo ... 0.7781190872192383s\n",
+      "# parsing: imma_find_alex_v01.aleo ... 0.12848210334777832s\n",
+      "# parsing: sklearn_mlp_mnist_1.aleo ... 0.14882493019104004s\n",
+      "# parsing: treasure_hunt_v002.aleo ... 0.23104190826416016s\n",
+      "# parsing: wheres_luna_v019.aleo ... 0.1290280818939209s\n",
+      "# parsing: whos_the_father_v001.aleo ... 0.12782502174377441s\n",
+      "# parsing: treasure_hunt_v003.aleo ... 0.295212984085083s\n",
+      "# parsing: zk_bitwise_stack_v0_0_2.aleo ... 0.412182092666626s\n",
+      "# parsing: wheres_jojo_v008.aleo ... 0.13227605819702148s\n",
+      "# parsing: arcane_rfq_amm_v000001.aleo ... 0.17067408561706543s\n",
+      "# parsing: zk_ml_dna_1700237585_v0.aleo ... 0.15897893905639648s\n",
+      "# parsing: aleoswap06.aleo ... 0.3017849922180176s\n",
+      "# parsing: nft_store_yong.aleo ... 0.16585206985473633s\n",
+      "# parsing: wheres_alex_v011.aleo ... 0.11071419715881348s\n",
+      "# parsing: football_random_v011.aleo ... 0.3941667079925537s\n",
+      "# parsing: testalphav1x1.aleo ... 0.4517788887023926s\n",
+      "# parsing: zk_bitwise_stack_v0_0_5.aleo ... 0.9719009399414062s\n",
+      "# parsing: hialstestv1.aleo ... 0.3391139507293701s\n",
+      "# parsing: what_does_gary_do_v001.aleo ... 0.13190793991088867s\n",
+      "# parsing: aleo_monopoly_workshop6.aleo ... 0.14983606338500977s\n",
+      "# parsing: treasure_hunt_v004.aleo ... 0.2787461280822754s\n",
+      "# parsing: zk_ml_dna_1700246715_v0.aleo ... 0.15949177742004395s\n",
+      "# parsing: football_game_v010.aleo ... 0.5402669906616211s\n",
+      "# parsing: wheres_alex_v016.aleo ... 0.1281871795654297s\n",
+      "# parsing: football_game_v006.aleo ... 0.5075030326843262s\n",
+      "# parsing: arcane_rfq_amm_v000006.aleo ... 0.17911505699157715s\n",
+      "# parsing: treasure_hunt_v008.aleo ... 0.29166197776794434s\n",
+      "# parsing: aleo_name_service_registry_v1.aleo ... 0.25179481506347656s\n",
+      "# parsing: treasure_hunt_v009.aleo ... 0.3150472640991211s\n",
+      "# parsing: lymphography_xgboost_v1.aleo ... 0.33880114555358887s\n",
+      "# parsing: football_game_v007.aleo ... 0.5076649188995361s\n",
+      "# parsing: wheres_alex_v017.aleo ... 0.13222599029541016s\n",
+      "# parsing: wheres_alex_probably_weeds.aleo ... 0.13173818588256836s\n",
+      "# parsing: treasure_hunt_v005.aleo ... 0.3213942050933838s\n",
+      "# parsing: zk_sra_encryption_v0_0_1.aleo ... 0.09100961685180664s\n",
+      "# parsing: twoalkilining.aleo ... 0.176069974899292s\n",
+      "# parsing: zkhack_mnist_v2.aleo ... 0.1515669822692871s\n",
+      "# parsing: wheres_joe_v019.aleo ... 0.12791705131530762s\n",
+      "# parsing: wheres_alex_by_joey11_v1.aleo ... 0.12585806846618652s\n",
+      "# parsing: aleo_monopoly_workshop7.aleo ... 0.12298393249511719s\n",
+      "# parsing: zk_bitwise_stack_v0_0_4.aleo ... 0.7650339603424072s\n",
+      "# parsing: alphaswap_v1.aleo ... 0.519434928894043s\n"
      ]
     }
    ],

diff --git a/tests/public/infoleak0/build/main.aleo b/tests/public/infoleak0/build/main.aleo
@@ -46,7 +46,7 @@ mapping account_ex11:
 	value as u8.public;
 
 function vanguard_helper:
-    cast  true false true true true true true false true true true false true true true true true true true true true true true true true into r0 as [boolean; 25u32];
+    cast  true false true true true true true false true true true false true true true true true true true true true true true true false into r0 as [boolean; 25u32];
     output r0 as [boolean; 25u32].private;
 
 

diff --git a/tests/public/infoleak0/src/main.leo b/tests/public/infoleak0/src/main.leo
@@ -291,8 +291,8 @@ program infoleak0.aleo {
 
     // record leak
     // compilable, runnable
-    // label: bad
-    const label_ex24: bool = true;
+    // label: good (actual input record has all public fields)
+    const label_ex24: bool = false;
     record rec_ex24 {
         public owner: address,
         public data: u8,