SIF (Solidity Instrumentation Framework) is a framework to query and instrument Solidity smart contracts.
You can try SIF online by clicking
With SIF, you can easily query syntactic information from the AST of smart contracts and make changes to it. SIF is able to generate source code from the AST of Solidity contracts reflecting code instrumentations.
- Download the Solidity Compiler from here
- Build SIF
In this folder
mkdir build
cd build
cmake ..
make
The executable called sif will be in folder build/sif/
# Generate ASTs
# Generate Text AST
solc --ast contract_name.sol >> contract_name.ast
# Generate JSON AST
solc --ast-compact-json contract_name.sol >> contract_name.json
# Run SIF
sif -a contract_name.ast -j contract_name.json -o generated_contract.sol
If -o output_file_name is ommited, the generated code will be printed to the standard output (usually the screen).
Command Line Options
-a, --ast arg AST in plain text file name
-j, --json arg AST in compact JSON format file name
-o, --output arg Output file name
-h, --help Print help message
-v, --visitor_arg arg extra arguments for the AST visitor
-s, --silent Silent mode (does not print out the generated source code)
If you want to use SIF to instrument and analyse the AST, you should implement the function visit() in LibSif/ASTVisitor.cpp and re-build SIF.
Here is an example of implement the code, which prints all function names and changes all function_names to "func".
void visit(ASTNode* node) {
if (node->get_node_type() == NodeTypeFunctionDefinition) {
FunctionDefinitionNode* fd = (FunctionDefinitionNode*) node;
std::cout << fd->get_name();
fd->set_name("func");
}
}
Each AST class has sufficient functions to retrieve information and make changes to the AST. Function prototypes can be found in LibSif/ASTNode.hpp.
We started writing the documentation for SIF but it is still in progress. A preliminary version can be found here:.
In the directory Tools, we provide 7 examples of using SIF to analyse the source code. You can learn how to use SIF to instrument smart contracts by reading our implementation of these tools.
Assertion Analyser inserts property assertions to operations susceptible to arithmetic vulnerabilities.
AST Diff compares smart contracts in syntax level.
CG_Generator is easy to follow, it generates a control graph for the smart contract by recording function calls.
CFG_Generator can be used to generate control-flow graphs for functions. It supports control flows including branches and loops.
Fault Seeder seeds faults to smart contracts.
Function Listing lists function definitions and in which contracts they are defined.
Sif Rename renames existing identifiers.
Tools can be compiled by replacing the original ASTVisitor.cpp by the one you want to use. The graph generation of CG_Generator and CFG_Generator is based on the graphviz toolkit. Make sure you have the tool on your machine and the command "dot" is available. On Ubuntu, you can simply install grahviz by using the command
sudo apt install graphviz.
If you use SIF for your research, please kindly cite our work describing the SIF framework in your paper.
@inproceedings{peng2019sif,
title={SIF: A Framework for Solidity Contract Instrumentation and Analysis},
author={Peng, Chao and Akca, Sefa and Rajan, Ajitha},
booktitle={2019 26th Asia-Pacific Software Engineering Conference (APSEC)},
pages={466--473},
year={2019},
organization={IEEE}
}
Peng, C., Akca, S. and Rajan, A., 2019, December. SIF: A Framework for Solidity Contract Instrumentation and Analysis. In 2019 26th Asia-Pacific Software Engineering Conference (APSEC) (pp. 466-473). IEEE.
SIF is a very new framework for Solidity smart contract code instrumentation and analysis.
We welcome issues and pull request raised on Github. All types of contributions to this project are highly appreciated.
Contact details can be found at the author's homepage: https://chao-peng.github.io