Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Data dependency: add "must depend on" #175

Open
montyly opened this issue Feb 19, 2019 · 4 comments
Open

Data dependency: add "must depend on" #175

montyly opened this issue Feb 19, 2019 · 4 comments
Assignees
@0xalpharush
Labels
0.7 enhancement New feature or request
Projects
H2 2020
Milestone
0.7.0

Comments

@montyly
Copy link
Member

montyly commented Feb 19, 2019

Right now, the data dependency is an over-approximation that merges all the dependencies coming from all the node's fathers.

As a result, in a code like:

function f(address destination) internal{
     // use of destination
}
function g() internal{
     f(msg.sender):
     f(owner); 
}

destination in f is both dependent of msg.sender and owner. We should have a must depend on mode, to detect if a variable is always dependent of another one.

We can implement it by adding a new mode in analyses/data_dependency/data_dependency.py, where only the dependencies present in all the node's fathers are kept.
@montyly montyly added the enhancement New feature or request label Feb 19, 2019
@montyly montyly added this to the 0.7.0 milestone Feb 19, 2019
@rajeevgopalakrishna rajeevgopalakrishna self-assigned this Apr 4, 2019
@rajeevgopalakrishna rajeevgopalakrishna removed their assignment May 20, 2019
@MatthewARinehart MatthewARinehart added this to Backlog in H2 2020 Aug 12, 2020
@montyly montyly added the 0.7 label Aug 22, 2020
@montyly
Copy link
Member Author

montyly commented Aug 12, 2022

TODO @montyly: write examples/testcases

@priyankabose
Copy link

@montyly I am planning to start implementing this in Slither. Just need a few clarifications. When you say that the "must depend on" mode should should only consider the dependencies present in all the node's fathers, do you mean by immediate fathers?

@0xalpharush
Copy link
Member

0xalpharush commented Apr 1, 2024
edited

Could this just be a constant value/ constant propagation analysis? If the variable was always msg.sender, it is a constant, and we can check if the value that must be depended on is equivalent to the constant value. Otherwise, it is not a constant/ undefined, and we can return false.

@priyankabose
Copy link

I have a clear idea now where to start after talking to @0xalpharush. I will start with the constants first.

@0xalpharush 0xalpharush mentioned this issue Apr 13, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@0xalpharush 0xalpharush

Labels
0.7 enhancement New feature or request
Projects
No open projects
H2 2020
  
Backlog
Milestone
0.7.0
Development

No branches or pull requests
4 participants
@priyankabose @rajeevgopalakrishna @montyly @0xalpharush