added multiple new detectors

- detector_emptyf
- detector_magicv
- detector_susinst
- detector_divrd
- detector_downcast

README.md

@@ -28,7 +28,8 @@ The following libraries are required for running (different components of) the t
   - [pandas](https://pandas.pydata.org/)  (2.1.4+) for data analysis in test suite
   - [tabulate](https://github.com/astanin/python-tabulate) (0.9.0+) for result table rendering
 - <u>Leo (**7ac50d8**) for compiling and running all benchmarks enclosed</u>
-  - The tools is tested under this version, but newer version of Lao may also work.
+  - The tools is tested under this version, but newer version of Leo may also work.
+  - Older version may not work, as there are some breaking changes of Leo project structure.
 
 ## Usage
 
@@ -51,15 +52,15 @@ pip uninstall vanguard
 After installation, you can directly use the commandline executable `vanguard-aleo` provided:
 
 ```bash
-usage: vanguard-aleo [-h] [-b BUILD] [-p PID] [-f FIDS] [-d {divz,infoleak,rtcnst,unused}] [-v]
+usage: vanguard-aleo [-h] [-b BUILD] [-p PID] [-f FIDS] [-d {divrd,divz,downcast,emptyf,infoleak,magicv,rtcnst,susinst,unused}] [-v]
 
 options:
   -h, --help            show this help message and exit
   -b BUILD, --build BUILD
                         project build path, default: ./
   -p PID, --pid PID     program id, default: <project main entrance>
   -f FIDS, --fids FIDS  function ids (separated by comma, no space), default: <all functions of project>
-  -d {divz,infoleak,rtcnst,unused}, --detector {divz,infoleak,rtcnst,unused}
+  -d {divrd,divz,downcast,emptyf,infoleak,magicv,rtcnst,susinst,unused}, --detector {divrd,divz,downcast,emptyf,infoleak,magicv,rtcnst,susinst,unused}
                         detector to use, default: infoleak
   -v, --verbose         whether or not to return extra info, default: False
 ```
@@ -151,6 +152,11 @@ from vanguard.aleo.detectors import detector_infoleak
 from vanguard.aleo.detectors import detector_rtcnst
 from vanguard.aleo.detectors import detector_unused
 from vanguard.aleo.detectors import detector_divz
+from vanguard.aleo.detectors import detector_emptyf
+from vanguard.aleo.detectors import detector_magicv
+from vanguard.aleo.detectors import detector_susinst
+from vanguard.aleo.detectors import detector_divrd
+from vanguard.aleo.detectors import detector_downcast
 ...
 ```
 
@@ -170,6 +176,9 @@ You can find examples showing Leo/Aleo vulnerabilities with comments and annotat
 | rtcnst0/    | Returning constant            |
 | underflow0/ | Arithmetic underflow          |
 | unused0/    | Unused variable/signal        |
+| emptyf0/    | Empty functionality           |
+| magicv0/    | Magic variable                |
+| susinst0/   | Suspicious instruction        |
 
 ## Parser/Lexer Generation
 

pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "vanguard"
-version = "0.0.4"
+version = "0.0.5"
 authors = [
   { name="Yanju Chen", email="yanju@veridise.com" },
 ]

tests/public/divrd0/build/main.aleo

@@ -3,8 +3,8 @@ program divrd0.aleo;
 
 
 function vanguard_helper:
-    cast  true true false true false true true into r0 as [boolean; 7u32];
-    output r0 as [boolean; 7u32].private;
+    cast  true true false true false true true true into r0 as [boolean; 8u32];
+    output r0 as [boolean; 8u32].private;
 
 
 function ex0:
@@ -48,3 +48,8 @@ function ex6:
     mul 15u8 2u8 into r0;
     div r0 9u8 into r1;
     output r1 as u8.private;
+
+
+function ex7:
+    div 15u8 2u8 into r0;
+    output r0 as u8.private;

tests/public/divrd0/src/main.leo

@@ -1,10 +1,10 @@
 // The 'divrd0' program.
 program divrd0.aleo {
 
-    transition vanguard_helper() -> [bool; 7] {
+    transition vanguard_helper() -> [bool; 8] {
         return [
             label_ex0, label_ex1, label_ex2, label_ex3,
-            label_ex4, label_ex5, label_ex6,
+            label_ex4, label_ex5, label_ex6, label_ex7,
         ];
     }
 
@@ -69,4 +69,10 @@ program divrd0.aleo {
         let b: u8 = a * 2u8 / 9u8;
         return b;
     }
+
+    const label_ex7: bool = true;
+    transition ex7 () -> u8 {
+        let a: u8 = 15u8 / 2u8;
+        return a;
+    }
 }

tests/public/emptyf0/.gitignore

@@ -0,0 +1,5 @@
+.env
+*.avm
+*.prover
+*.verifier
+outputs/

tests/public/emptyf0/README.md

@@ -0,0 +1,13 @@
+# emptyf0.aleo
+
+## Build Guide
+
+To compile this Aleo program, run:
+```bash
+snarkvm build
+```
+
+To execute this Aleo program, run:
+```bash
+snarkvm run hello
+```

tests/public/emptyf0/build/main.aleo

@@ -0,0 +1,19 @@
+program emptyf0.aleo;
+
+
+
+function vanguard_helper:
+    cast  true into r0 as [boolean; 1u32];
+    output r0 as [boolean; 1u32].private;
+
+
+function ex0:
+
+
+function ex1:
+    async ex1 into r0;
+    output 9u8 as u8.private;
+    output r0 as emptyf0.aleo/ex1.future;
+
+finalize ex1:
+    assert.eq true true;

tests/public/emptyf0/build/program.json

@@ -0,0 +1,6 @@
+{
+    "program": "emptyf0.aleo",
+    "version": "0.0.0",
+    "description": "",
+    "license": "MIT"
+}

tests/public/emptyf0/leo.lock

@@ -0,0 +1 @@
+package = []

tests/public/emptyf0/program.json

@@ -0,0 +1,6 @@
+{
+    "program": "emptyf0.aleo",
+    "version": "0.0.0",
+    "description": "",
+    "license": "MIT"
+}

tests/public/emptyf0/src/main.leo

@@ -0,0 +1,24 @@
+// The 'emptyf0' program.
+program emptyf0.aleo {
+    // by default, arguments without visibility are private
+    // but in finalize, they have to be public
+    transition vanguard_helper() -> [bool; 2] {
+        return [
+            label_ex0, label_ex1,
+        ];
+    }
+
+    const label_ex0: bool = true;
+    transition ex0() {
+    }
+
+    const label_ex1: bool = true;
+    transition ex1() -> u8 {
+        return 9u8 then finalize();
+    }
+    finalize ex1() {
+        assert(true);
+    }
+
+
+}

tests/public/magicv0/.gitignore

@@ -0,0 +1,5 @@
+.env
+*.avm
+*.prover
+*.verifier
+outputs/

tests/public/magicv0/README.md

@@ -0,0 +1,13 @@
+# magicv0.aleo
+
+## Build Guide
+
+To compile this Aleo program, run:
+```bash
+snarkvm build
+```
+
+To execute this Aleo program, run:
+```bash
+snarkvm run hello
+```

tests/public/magicv0/build/main.aleo

@@ -0,0 +1,15 @@
+program magicv0.aleo;
+
+
+
+function vanguard_helper:
+    cast  true true into r0 as [boolean; 2u32];
+    output r0 as [boolean; 2u32].private;
+
+
+function ex0:
+    output aleo1qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq3ljyzc as address.private;
+
+
+function ex1:
+    output 123u8 as u8.private;

tests/public/magicv0/build/program.json

@@ -0,0 +1,6 @@
+{
+    "program": "magicv0.aleo",
+    "version": "0.0.0",
+    "description": "",
+    "license": "MIT"
+}

tests/public/magicv0/leo.lock

@@ -0,0 +1 @@
+package = []

tests/public/magicv0/program.json

@@ -0,0 +1,6 @@
+{
+    "program": "magicv0.aleo",
+    "version": "0.0.0",
+    "description": "",
+    "license": "MIT"
+}

tests/public/magicv0/src/main.leo

@@ -0,0 +1,24 @@
+// The 'magicv0' program.
+program magicv0.aleo {
+    // by default, arguments without visibility are private
+    // but in finalize, they have to be public
+    transition vanguard_helper() -> [bool; 2] {
+        return [
+            label_ex0, label_ex1,
+        ];
+    }
+
+    const label_ex0: bool = true;
+    transition ex0() -> address {
+        let a: address = aleo1qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq3ljyzc;
+        return a;
+    }
+
+    const label_ex1: bool = true;
+    transition ex1() -> u8 {
+        let a: u8 = 123u8;
+        return a;
+    }
+
+
+}

tests/public/susinst0/.gitignore

@@ -0,0 +1,5 @@
+.env
+*.avm
+*.prover
+*.verifier
+outputs/

tests/public/susinst0/README.md

@@ -0,0 +1,13 @@
+# susinst0.aleo
+
+## Build Guide
+
+To compile this Aleo program, run:
+```bash
+snarkvm build
+```
+
+To execute this Aleo program, run:
+```bash
+snarkvm run hello
+```

tests/public/susinst0/build/main.aleo

@@ -0,0 +1,21 @@
+program susinst0.aleo;
+
+
+
+function vanguard_helper:
+    cast  true true true into r0 as [boolean; 3u32];
+    output r0 as [boolean; 3u32].private;
+
+
+function ex0:
+    assert.eq true true;
+
+
+function ex1:
+    add 123u8 0u8 into r0;
+    output r0 as u8.private;
+
+
+function ex2:
+    mul 123u8 1u8 into r0;
+    output r0 as u8.private;

tests/public/susinst0/build/program.json

@@ -0,0 +1,6 @@
+{
+    "program": "susinst0.aleo",
+    "version": "0.0.0",
+    "description": "",
+    "license": "MIT"
+}

tests/public/susinst0/leo.lock

@@ -0,0 +1 @@
+package = []

tests/public/susinst0/program.json

@@ -0,0 +1,6 @@
+{
+    "program": "susinst0.aleo",
+    "version": "0.0.0",
+    "description": "",
+    "license": "MIT"
+}

tests/public/susinst0/src/main.leo

@@ -0,0 +1,29 @@
+// The 'susinst0' program.
+program susinst0.aleo {
+    // by default, arguments without visibility are private
+    // but in finalize, they have to be public
+    transition vanguard_helper() -> [bool; 3] {
+        return [
+            label_ex0, label_ex1, label_ex2
+        ];
+    }
+
+    const label_ex0: bool = true;
+    transition ex0() {
+        assert(true);
+    }
+
+    const label_ex1: bool = true;
+    transition ex1() -> u8 {
+        let a: u8 = 123u8 + 0u8;
+        return a;
+    }
+
+    const label_ex2: bool = true;
+    transition ex2() -> u8 {
+        let a: u8 = 123u8 * 1u8;
+        return a;
+    }
+
+
+}