Jon-Becker / heimdall-rs

Heimdall is an advanced EVM smart contract toolkit specializing in bytecode analysis and extracting information from unverified contracts.
http://heimdall.rs
MIT License
1.19k stars 124 forks source link

Benchmarking the decompile module of heimdall #285

Closed sifislag closed 4 months ago

sifislag commented 9 months ago

Component

Other (please specify)

Question

Hi, I'm working on the Gigahorse decompiler and I'm interested in evaluating it against heimdall. In the past for black-box comparisons we've opted for high-level metrics, mainly:

Wanted to create an issue to verify that I'm using heimdall correctly.

I'm invoking it using: heimdall decompile filename -vvv -d --include-sol --skip-resolving. Any other flags I should be aware of?

Code to identify external call sigs (recognize lines that are like *call*(abi.encode(selector_hex, ...):

    selectors = set()
    for call in [line  for line in text if "call" in line]:
        if "abi.encode" not in call:
            continue
        selectors.add(call.split("abi.encode(")[1][:10])

    selectors_filtered = set([sel for sel in selectors if sel.startswith("0x")])

Code to identify event sigs (recognize lines that are like emit Event_event_sig(...):

    event_sigs = set()
    for event in [line  for line in text if "emit Event_" in line]:
        event_sigs.add(event.split("emit Event_")[1][:8])

Do the above seem about right or can external calls and events appear in the decompiler output in a different way? I'd also like to have some more low-level metrics (for example bytecode block reachable from contract's public function) but these would probably be harder to get.

Thanks, Sifis

Jon-Becker commented 9 months ago

Hey! Sorry for the late reply, been pretty busy lately.

That seems to be accurate so far, but it might be easier to parse the yul output: --include-yul over solidity.

as an aside, im drastically improving the decompilation output now :D