Solsmith/Assembly.cpp at master · HighBe/Solsmith · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
#include "Assembly.h"
#include "Function.h"
#include <iostream>

extern vector<Variable> AssemblyVarList; // 存放内联函数中的变量
extern vector<Variable> VariableList;//存放状态变量
extern vector<Variable> LocalVarList;//存放局部变量
extern vector<Variable> GlobalVarList;//存放全局变量
extern vector<sfunction> FuncReturnList;//存放函数名和返回值类型
extern string infunc;//记录当前在生成哪个函数中的内容，避免调用当前函数

vector<sfunction> AssemblyFunctionList;

string AssemblyAssign(int l);

// 内联汇编中的变量和函数中的局部变量可以直接互相赋值，但是内联汇编中的变量和状态变量不能直接赋值
// uint256 a = 12;a是状态变量，要赋值给内联函数中的变量a_a，需要先定义一个局部变量aValue.
// aValue := sload(a.slot),之后再用aValue进行操作  ，暂时不使用状态变量作为右值
// 如果要将a_a赋值给a，需要使用sstore(a.slot,a_a)
// 没找到给storage类型的数组赋值的方法，暂时放弃再内联汇编中使用数组
string inlineassembly() {
    /*
    let x := y
    let res := add(x,div(x,y))
    */

    AssemblyFunctionList.clear();
    AssemblyVarList.clear(); // 清空之前创建的变量

    string res = "assembly{\n";
    //随机定义数个变量
    int tmp = rand() % 1 + 1;

    for (int i = 0; i < tmp; ++i) {
        string varname = "aa" + getName(i);
        int varval = rand() % 10;
        res += "let " + varname + ":= " + to_string(varval) + "\n";
        AssemblyVarList.emplace_back(Variable("assemblyvar", varname, varval));
    }
    tmp = rand() % 3+1;
    for (int i = 0; i < tmp; ++i) res += assemblyfunc(i);

    res += AssemblyAssign(rand() % 2 + 1);
    tmp = rand() % 2 + 1;
    for (int i = 0; i < tmp; ++i) {
        switch (rand() % 3) {
        case 0:
            res += assemblyfor(0);
            break;
        case 1:
            res += assemblyif(0);
            break;
        }
    }
    res += "}\n";
    return res;
}
// 获取左值
string getLvalue(){
    string res = "";
    int ls = LocalVarList.size() + AssemblyVarList.size();//等号左边可以是状态变量和局部变量
    int tmp = rand() % ls;
    if(tmp < LocalVarList.size()){
        res += LocalVarList[tmp].Variablename;
    }else if(tmp < LocalVarList.size() + AssemblyVarList.size()){
        res += AssemblyVarList[tmp - LocalVarList.size()].Variablename;
    }
    return res;
}
// 获取右值
string getRvalue(){
    string res;
    int rs = LocalVarList.size() + AssemblyVarList.size();//等号左边可以是状态变量和局部变量
    int tmp = rand() % (rs + rs/2);
    if(tmp < LocalVarList.size()){
        res = LocalVarList[tmp].Variablename;
    }else if(tmp < LocalVarList.size() + AssemblyVarList.size()){
        res = AssemblyVarList[tmp - LocalVarList.size()].Variablename;
    }else{
        res = to_string(rand() % 100);
    }
    return res;
}
string AssemblyKeccak(){
    string res = "keccak256(";
    res += to_string(rand() % 10) + ",";
    res += to_string(rand() % 33) + ")";
    return res;
}
string mload(){
    string res = "mload("+ to_string(rand()%10) + ")";
    return res;
}
// 生成 加减乘除取余操作
string AssemblyOp(int deep){
    string res = "";
    if(deep >= 3) return to_string(rand() % 50 + 1);
    if(deep == 0) res += getLvalue() + " := ";
    switch (rand() % 5)
    {
    case 0:
        res += "add(";
        break;
    case 1:
        res += "sub(";
        break;
    case 2:
        res += "mul(";
        break;
    case 3:
        res += "div("; // 如果除数为零，div结果为0，不需要额外处理
        break;
    case 4:
        res += "mod(";
        break;
    }
    switch (rand()%5)
    {
    case 0:
        res += getRvalue();
        break;
    case 1:
        res += mload();
        break;
    case 2:
        // res += AssemblyKeccak();
        res += to_string(rand() % 50);
        break;
    case 3:
        res += to_string(rand() % 50);
        break;
    case 4:
        res += AssemblyOp(deep+1);
        break;
    }
    res += ",";
    switch (rand() % 5)
    {
    case 0:
        res += getRvalue();
        break;
    case 1:
        res += mload();
        break;
    case 2:
        //res += AssemblyKeccak();
        res += to_string(rand() % 50);
        break;
    case 3:
        res += to_string(rand() % 50);
        break;
    case 4:
        res += AssemblyOp(deep+1);
        break;
    }
    res += ")";
    return res;
}
string AssemblyMstore(){
    string res = "";
    res += "mstore(" + to_string(rand()%10) + "," ;
    switch (rand() % 4)
    {
    case 0:
        res += to_string(rand() % 50);
        break;
    case 1:
        res += getRvalue();
        break;
    case 2:
    case 3:
        res += AssemblyOp(1);
        break;
    }
    res += ")";
    return res;
}
// 给状态变量赋值
string AssemblySstore() {
    string res = "sstore(";
    res += VariableList[rand() % VariableList.size()].Variablename + ",";
    res += AssemblyOp(1);
    res += ")";
    return res;
}
// 生成l条赋值语句
string AssemblyAssign(int l){
    string res = "";
    for(int m = 0;m < l;++ m){
        switch(rand() % 6){
        case 0:
        case 1:
        case 2:
            res += AssemblyOp(0) + "\n";
            break;
        case 3:
            res += AssemblyMstore() + "\n";
            break;
        case 4:
            res += getLvalue() + ":=" + mload() + "\n";
            break;
        case 5:
            if(rand() % 3 == 1) // 适当降低函数调用的次数
                res += getLvalue() + ":=" + callassemblyfunc() + "\n";
            break;
        case 6:
            res += AssemblySstore() + "\n";
            break;
        }
    }
    return res;
}

string AssemblyAssignNoFunc(int l) {
    string res = "";
    for (int m = 0; m < l; ++m) {
        switch (rand() % 6) {
        case 0:
        case 1:
        case 2:
            res += AssemblyOp(0) + "\n";
            break;
        case 3:
            res += AssemblyMstore() + "\n";
            break;
        case 4:
            res += getLvalue() + ":=" + mload() + "\n";
            break;
        case 5:
            res += AssemblySstore() + "\n";
            break;
        }
    }
    return res;
}

// i控制深度
// tmp表示有多少个内联汇编的变量 ，好像没什么用
string assemblyfor(int i) {
    if (i >= 2)return "";
    string var = "assemblyfor_";
    var.push_back('i' + i);
    string res = "for {let " + var + " := 0} lt(" + var + "," + to_string(rand() % 10) + ") {" + var + " := add(" + var +",1)}\n{\n";
    // 添加其他代码
    int l = rand() % 2;
    res += AssemblyAssign(l);
    switch (rand() % 3) {
    case 0:
        res += assemblyfor(i + 1);
        break;
    case 1:
        res += assemblyif(i + 1);
        break;
    case 2:
        break;
    }
    l = rand() % 2;
    res += AssemblyAssign(l);
    res += "}\n";
    return res;
}
// i控制深度
string assemblyif(int i) {
    string res;
    if (i >= 2) return res;
    switch (rand() % 3)
    {
    case 0:
        res += "if eq(";
        break;
    case 1:
        res += "if lt(";
        break;
    case 2:
        res += "if gt(";
        break;
    }
    res += AssemblyVarList[rand() % AssemblyVarList.size()].Variablename + "," + AssemblyVarList[rand() % AssemblyVarList.size()].Variablename + ")\n{\n";
    // 添加其他代码
    int l = rand() % 2;
    res += AssemblyAssign(l);
    switch (rand() % 3) {
    case 0:
        res += assemblyif(i + 1);
        break;
    case 1:
        res += assemblyfor(i + 1);
        break;
    case 2:
        break;
    }
    l = rand() % 2;
    res += AssemblyAssign(l);
    res += "}\n";
    return res;
}

string assemblyfunc(int i) {
    string assemblyfuncname = "assemblyfunc_" + getName(i);
    string res = "function " + assemblyfuncname + "(";
    int paranum = rand() % 3;
    switch (paranum) { //随机数量个参数
    case 0:
        res += "";
        break;
    case 1:
        res += "x";
        break;
    case 2:
        res += "x,y";
    }
    res += ") -> r { \n";
    int tmp = rand() % 3;
    for (int i = 0; i < tmp; ++i) {
        res += AssemblyAssignNoFunc(0);
    }
    switch (rand() % 3) {
    case 0:
        res += "return(0,0)\n";
        break;
    case 1:
        //res += "revert(0,0)\n";
        break;
    case 2:
        break;
    }
    res += "}\n";
    AssemblyFunctionList.emplace_back(sfunction(assemblyfuncname, paranum));
    return res;
}
// 调用内联汇编中的函数
string callassemblyfunc() {
    sfunction tmpF = AssemblyFunctionList[rand() % AssemblyFunctionList.size()];
    string res = tmpF.funcname + "(";
    for (int i = 0; i < tmpF.paranum; ++i) {
        if (rand()%5 != 1) {
            res += getRvalue(); // 正常的右值
        }
        else {
            // 函数参数是另一个函数，作为参数的函数的参数不能再是函数
            sfunction tmptmpF = AssemblyFunctionList[rand() % AssemblyFunctionList.size()];
            res += tmptmpF.funcname + "(";
            for (int j = 0; j < tmptmpF.paranum; ++j) {
                res += getRvalue();
                if (j != tmptmpF.paranum - 1) res += ",";
            }
            res += ")";
        }
        if (i != tmpF.paranum - 1) res += ",";
    }
    res += ")\n";
    return res;
}