module callgraph

Author: fergarrui

src/api/bytecode/ewasm/EWasmModule.ts

@@ -0,0 +1,6 @@
+import { WasmBinary } from "./WasmBinary";
+
+export interface EWasmModule {
+  binary: WasmBinary
+  dotCallGraph: string
+}

src/api/bytecode/ewasm/FunctionBody.ts

@@ -23,13 +23,13 @@ export const formatOpcodes = (opcodes: WasmOpcode[], importsPayload: WasmImportS
   let formattedCode = ''
   let indentation = 0
   for (const op of opcodes) {
-    formattedCode += `${tab.repeat(indentation)}${op.opcode.name} ${op.immediates}`
+    formattedCode += `${tab.repeat(indentation)} <${op.depth}> ${op.opcode.name} ${op.immediates}`
     if (WasmOpcodes.isCall(op)) {
       const callIdx: number = parseInt(op.immediates[0], 16)
       let functionCalledName = ''
       if (callIdx < importsPayload.imports.length) {
         const imp = importsPayload.imports[callIdx];
-        functionCalledName = `${imp.moduleName}.${imp.fieldName}`
+        functionCalledName = `${imp.moduleName}_${imp.fieldName}`
       } else {
         const fun = codePayload.functions[callIdx]
         if (fun) {

src/api/bytecode/ewasm/OpcodeImmediateType.ts

@@ -1,7 +1,7 @@
 export enum OpcodeImmediateType {
 
   U32, // varuint32
-  I32, // varuint32
+  I32, // varint32
   I64, // varint64
   BYTE,
   VECTOR_U32

src/api/bytecode/ewasm/WasmBinaryParser.ts

@@ -5,7 +5,7 @@ import { WasmSection, WasmTypeSectionPayload, WasmSectionPayload, WasmExportSect
 import { WasmSectionType, WasmType, WasmValueType, getWasmValueType, getExternalType, WasmExternalKind } from "./wasmTypes";
 import { FuncType, printSignature } from "./FuncType";
 import { FunctionBody, FunctionLocal, formatOpcodes } from "./FunctionBody";
-import { WasmOpcode, WasmOpcodeDefinition, WasmOpcodes, Immediate } from "./WasmOpcodes";
+import { WasmOpcode, WasmOpcodeDefinition, WasmOpcodes, Immediate, BlockType } from "./WasmOpcodes";
 import { OpcodeImmediateType } from "./OpcodeImmediateType";
 
 
@@ -59,6 +59,16 @@ export class WasmBinaryParser {
     };
     const wasmPostProcessed = this.postProcess(wasmBinary);
     // console.log(JSON.stringify(wasmPostProcessed))
+    const cod: WasmCodeSectionPayload = findSection(wasmPostProcessed.sections, WasmSectionType.Code).payload as WasmCodeSectionPayload
+    let i = 0
+    let outp = ''
+    for (const o of cod.functions) {
+      outp += `== ${i} == \n`
+      outp += o.formattedOpcodes
+      i++
+    }
+    const fs = require('fs')
+    fs.writeFileSync('./output.txt', outp)
     return wasmPostProcessed
   }
 
@@ -99,8 +109,6 @@ export class WasmBinaryParser {
     for(const fun of codeSectionPayload.functions) {
       const formattedOpcodes = formatOpcodes(fun.opcodes, importSectionPayload, codeSectionPayload)
       fun.formattedOpcodes = formattedOpcodes
-      // deleting opcodes for now, not really needed in the response, maybe in the future
-      delete fun.opcodes
     }
     return wasmBinary
   }
@@ -282,6 +290,8 @@ export class WasmBinaryParser {
   parseFunctionBytecode(bytecode: Buffer): WasmOpcode[] {
     const reader = new BytesReader(bytecode)
     const opcodes: WasmOpcode[] = []
+    let depth = 0
+    let blockType: BlockType = BlockType.NONE
     while(!reader.finished()) {
       const opcodeByte = reader.readBytesToNumber(1)
       const immediates: string[] = []
@@ -321,10 +331,35 @@ export class WasmBinaryParser {
           immediates.push(valueFormatted)
         }
       }
-      opcodes.push({
+      const newOpcode = {
         opcode: opcodeDefinition,
-        immediates
-      })
+        immediates,
+        depth,
+        blockType
+      };
+      opcodes.push(newOpcode)
+      if(WasmOpcodes.isBlockEnd(newOpcode)) {
+        depth--
+      }
+      if(WasmOpcodes.isBlockStart(newOpcode)) {
+        depth++
+      }
+      // if(newOpcode.opcode.name === 'block') {
+      //   blockType = BlockType.BLOCK
+      // }
+      // if (newOpcode.opcode.name === 'loop') {
+      //   blockType = BlockType.LOOP
+      // }
+      // if(newOpcode.opcode.name === 'if') {
+      //   blockType = BlockType.IF
+      // }
+      // if(newOpcode.opcode.name === 'else') {
+      //   blockType = BlockType.ELSE
+      // }
+      // if(depth === 0) {
+      //   blockType = BlockType.NONE
+      // }
+      
     }
     return opcodes
   }

src/api/bytecode/ewasm/WasmOpcodes.ts

@@ -215,6 +215,11 @@ export class WasmOpcodes {
   static isCall(opcode: WasmOpcode): boolean {
     return opcode.opcode.name === 'call'
   }
+
+  static isDirectBranch(opcode: WasmOpcode): boolean {
+    return opcode.opcode.name === 'br' ||
+      opcode.opcode.name === 'br_if'
+  }
 }
 
 export interface WasmOpcodeDefinition {
@@ -227,10 +232,20 @@ export interface Immediate {
   type: OpcodeImmediateType
 }
 
+export enum BlockType {
+  NONE,
+  BLOCK,
+  LOOP,
+  IF,
+  ELSE
+}
+
 
 export interface WasmOpcode {
   opcode: WasmOpcodeDefinition
   immediates: string[]
+  depth: number
+  blockType?: BlockType
 }
 
 WasmOpcodes.populate()

src/api/bytecode/ewasm/callgraph/WasmCallGraph.ts

@@ -0,0 +1,5 @@
+import { WasmCallGraphFunction } from "./WasmCallGraphFunction";
+
+export interface WasmCallGraph {
+  functions: Map<number, WasmCallGraphFunction>
+}

src/api/bytecode/ewasm/callgraph/WasmCallGraphFunction.ts

@@ -0,0 +1,4 @@
+export interface WasmCallGraphFunction {
+  name: string
+  calling: number[]
+}

src/api/bytecode/ewasm/callgraph/WasmCallgraphCreator.ts

@@ -0,0 +1,48 @@
+import { injectable } from "inversify";
+import { FunctionBody } from "../FunctionBody";
+import { WasmOpcodes } from "../WasmOpcodes";
+import { WasmBinary } from "../WasmBinary";
+import { findSection, WasmCodeSectionPayload, WasmImportSectionPayload } from "../WasmSection";
+import { WasmSectionType } from "../wasmTypes";
+import { WasmCallGraph } from "./WasmCallGraph";
+
+@injectable()
+export class WasmCallgraphCreator {
+
+  createCallgraph(wasm: WasmBinary): WasmCallGraph {
+    const callGraph: WasmCallGraph = {
+      functions : new Map()
+    }
+    let offset = 0
+    const functions: FunctionBody[] = (findSection(wasm.sections, WasmSectionType.Code).payload as WasmCodeSectionPayload).functions
+    const importsSection = findSection(wasm.sections, WasmSectionType.Import)
+    if (importsSection) {
+      const importsPayload: WasmImportSectionPayload = importsSection.payload as WasmImportSectionPayload
+      if (importsPayload.imports.length > 0) {
+        importsPayload.imports.forEach((imp, index) => {
+          offset++
+          callGraph.functions.set(index, {
+            calling: [],
+            name: `${imp.moduleName}_${imp.fieldName}`
+          })
+        })
+      }
+    }
+    let funIndex = 0
+    for(const fun of functions) {
+      const funCalling: number[] = []
+      fun.opcodes.filter(op => WasmOpcodes.isCall(op)).forEach(op => {
+        const callee: number = parseInt(op.immediates[0], 16)
+        if(!funCalling.includes(callee)) {
+          funCalling.push(callee)
+        }
+      })
+      callGraph.functions.set(funIndex + offset, {
+        calling: funCalling,
+        name: fun.exportedName? fun.exportedName : fun.name
+      })
+      funIndex++
+    }
+    return callGraph
+  }
+}

src/api/bytecode/ewasm/callgraph/WasmGraphVizService.ts

@@ -0,0 +1,36 @@
+import { WasmCallGraph } from "./WasmCallGraph";
+import { injectable } from "inversify";
+
+@injectable()
+export class WasmGraphVizService {
+
+  convertToDot(callGraph: WasmCallGraph): string {
+    let graph = `digraph " " {
+      graph [splines=ortho]
+      node[shape=plain style=filled fontname="Courier"]
+      `
+
+    graph+= `
+    ${this.createBody(callGraph)}
+    }`
+    console.log(graph)
+    return graph
+  }
+
+  private createBody(callGraph: WasmCallGraph): string {
+    let body = ''
+    callGraph.functions.forEach((value, key) => {
+      body += `${key} [label=${value.name}]
+        ${this.createRelations(value.calling, key)}
+        `
+      
+    })
+    return body
+  }
+
+  private createRelations(calling: number[], index: number): string {
+    let relations = ''
+    relations += calling.map(c => `${index} -> ${c}`).join('\n')
+    return relations
+  }
+}

src/api/bytecode/ewasm/cfg/WasmCFGBlock.ts

@@ -0,0 +1,6 @@
+import { WasmOpcode } from "../WasmOpcodes";
+
+export interface WasmCFGBlock {
+  opcodes: WasmOpcode[]
+  
+}

src/api/bytecode/ewasm/cfg/WasmCFGCreator.ts

@@ -0,0 +1,10 @@
+import { injectable } from "inversify";
+import { WasmOpcode } from "../WasmOpcodes";
+
+@injectable()
+export class WasmCFGCreator {
+
+  createFunctionCfg(opcodes: WasmOpcode[]) {
+    
+  }
+}

src/api/bytecode/ewasm/te.ts

@@ -6,6 +6,7 @@ import { EwasmService } from "../service/EwasmService";
 import { WasmBinary } from "../../bytecode/ewasm/WasmBinary";
 import { Web3Configuration } from "../../blockchain/Web3Configuration";
 import { logger } from '../../../Logger'
+import { EWasmModule } from "../../bytecode/ewasm/EWasmModule";
 
 @Route('ewasm')
 @provideSingleton(EwasmController)
@@ -36,7 +37,7 @@ export class EwasmController extends Controller {
   }
 
   @Post('analyze')
-  async analyze(@Body() source: StringBodyRequest ): Promise<WasmBinary> {
+  async analyze(@Body() source: StringBodyRequest ): Promise<EWasmModule> {
     try {
       return this.ewasmService.analyze(source.request)
     } catch(error) {

src/api/service/controller/EwasmController.ts

@@ -5,6 +5,13 @@ import { WasmBinary } from "../../bytecode/ewasm/WasmBinary";
 import { Web3Configuration } from "../../blockchain/Web3Configuration";
 import { IWeb3 } from "../../blockchain/IWeb3";
 import { Web3Instance } from "../../blockchain/Web3Instance";
+import { findSection, WasmCodeSectionPayload } from "../../bytecode/ewasm/WasmSection";
+import { WasmSectionType } from "../../bytecode/ewasm/wasmTypes";
+import { WasmCFGCreator } from "../../bytecode/ewasm/cfg/WasmCFGCreator";
+import { EWasmModule } from "../../bytecode/ewasm/EWasmModule";
+import { WasmCallgraphCreator } from "../../bytecode/ewasm/callgraph/WasmCallgraphCreator";
+import { WasmCallGraph } from "../../bytecode/ewasm/callgraph/WasmCallGraph";
+import { WasmGraphVizService } from "../../bytecode/ewasm/callgraph/WasmGraphVizService";
 
 const wabt = require("wabt")()
 const commandExists = require('command-exists').sync
@@ -15,20 +22,37 @@ var fs = require('fs')
 @injectable()
 export class EwasmService {
 
-  constructor(@inject(TYPES.WasmBinaryParser) private wasmParser: WasmBinaryParser) {}
+  constructor(
+    @inject(TYPES.WasmBinaryParser) private wasmParser: WasmBinaryParser,
+    @inject(TYPES.WasmCFGCreator) private cfgCreator: WasmCFGCreator,
+    @inject(TYPES.WasmCallgraphCreator) private callGraphCreator: WasmCallgraphCreator,
+    @inject(TYPES.WasmGraphVizService) private wasmGraphVizService: WasmGraphVizService
+    ) {}
 
-  analyze(codeInHex: string): WasmBinary {
+  analyze(codeInHex: string): EWasmModule {
     const wasm: Buffer = this.hexToBuffer(codeInHex)
     try {
       const binary: WasmBinary = this.wasmParser.parse(wasm)
-      return binary
+      const callGraph: WasmCallGraph = this.callGraphCreator.createCallgraph(binary)
+      const dotCallGraph: string = this.wasmGraphVizService.convertToDot(callGraph)
+
+      // removeme
+      // const sec = findSection(binary.sections, WasmSectionType.Code)
+      // const pay: WasmCodeSectionPayload = sec.payload as WasmCodeSectionPayload
+      // const f2 = pay.functions[2]
+      // this.cfgCreator.createFunctionCfg(f2.opcodes)
+      // end removeme
+      return {
+        binary,
+        dotCallGraph
+      }
     } catch (error) {
       console.log(error)
       throw new Error(`Error when analyzing ewasm bytecode: ${error.message}`)
     }
   }
 
-  async analyzeAddress(address: string, config: Web3Configuration): Promise<WasmBinary> {
+  async analyzeAddress(address: string, config: Web3Configuration): Promise<EWasmModule> {
     const iWeb3: IWeb3 = new Web3Instance(config)
     const web3 = iWeb3.getInstance()
     let contractCode = await web3.eth.getCode(address)

src/api/service/service/EwasmService.ts

@@ -22,6 +22,9 @@ import { ContractService } from '../api/service/service/ContractService';
 import { Solc } from '../api/service/service/Solc';
 import { EwasmService } from '../api/service/service/EwasmService';
 import { WasmBinaryParser } from '../api/bytecode/ewasm/WasmBinaryParser';
+import { WasmCFGCreator } from '../api/bytecode/ewasm/cfg/WasmCFGCreator';
+import { WasmCallgraphCreator } from '../api/bytecode/ewasm/callgraph/WasmCallgraphCreator';
+import { WasmGraphVizService } from '../api/bytecode/ewasm/callgraph/WasmGraphVizService';
 
 const iocContainer = new Container()
 const provide = makeProvideDecorator(iocContainer)
@@ -43,6 +46,9 @@ iocContainer.bind<ContractService>(TYPES.ContractService).to(ContractService)
 iocContainer.bind<WasmBinaryParser>(TYPES.WasmBinaryParser).to(WasmBinaryParser)
 iocContainer.bind<Solc>(TYPES.Solc).to(Solc)
 iocContainer.bind<EwasmService>(TYPES.EwasmService).to(EwasmService)
+iocContainer.bind<WasmCFGCreator>(TYPES.WasmCFGCreator).to(WasmCFGCreator)
+iocContainer.bind<WasmCallgraphCreator>(TYPES.WasmCallgraphCreator).to(WasmCallgraphCreator)
+iocContainer.bind<WasmGraphVizService>(TYPES.WasmGraphVizService).to(WasmGraphVizService)
 
 const provideNamed = (
   identifier: string | symbol | interfaces.Newable<any> | interfaces.Abstract<any>,

src/inversify/ioc.ts

@@ -12,6 +12,9 @@ const TYPES = {
   ContractService: Symbol.for('ContractService'),
   EwasmService: Symbol.for('EwasmService'),
   WasmBinaryParser: Symbol.for('WasmBinaryParser'),
+  WasmCFGCreator: Symbol.for('WasmCFGCreator'),
+  WasmCallgraphCreator: Symbol.for('WasmCallgraphCreator'),
+  WasmGraphVizService: Symbol.for('WasmGraphVizService'),
   Solc: Symbol.for('Solc')
 }