Manticore 0.3.7

Thanks to our external contributors!

• sobolevn
• G-11-P

Ethereum

• Use crytic-compile 0.2.2 #2530
• Multi-transaction analysis now uses fixed attacker and owner contracts #2464

Native

• [Added API] Retrieve list of unimplemented syscalls #2491
• Add FXSAVE/FXRSTOR concrete support on x86 #2511
• Add last_executed_pc property to CPU #2475
• Support LD_LIBRARY_PATH #2476
• Optional will/did_read_memory events #2488
• Fixed base address handling on Linux #2500
• Add ENDBR-style NOPs #2533
• Support epoll-related syscalls #2529

Other

• [Added API] Add fork policy for providing explicit values #2514
• Fixed Constant Folding #2524
• Add simplifications for subtraction #2504
• Parent state ID, last PC now available in state descriptors #2479, #2471
• States now contain a reference to the current manticore instance #2486
• fast_fail config to exit after first state exception #2487
• Scaling bugfix for large solver queries #2502
• Don't fork when only one solution is found for Concretize #2527

Manticore 0.3.6

0.3.6 - 2021-06-10

Thanks to our external contributors!

• timgates42

Ethereum

• [Changed API] Default to quick mode: disable detectors and gas #2457
• Allow symbolic balances from the beginning of execution #1818
• Disable EVM Events in Testcases #2417

Native

• [Added API] Syscall-specific hooks #2389
• Fix wildcard behavior in symbolic files #2454
• Bugfixes for control transfer between Manticore & Unicorn #1796

Other

• Run multiple SMT solvers in parallel, take the fastest response #2420
• Add socket for TUI #1620
• Memory usage improvements in expression system #2394
• Support for Boolector #2410
• Solver Statistics API #2415
• Allow duplicated config options #2397

Manticore 0.3.5

0.3.5 - 2020-11-06

Thanks to our external contributors!

• wolfo
• geohot
• romits800

Ethereum

• Made EVM module ignore runtime gas calculations by default #1816
• Updated gas calculations for calls to empty accounts #1774
• Fixed account existence checks for selfdestruct and call #1801

Native

• [Added API] new strlen models #1725
• [Added API] State-specific hooks #1777
• Improved system call argument handling #1785
• Improved stat support for file descriptors #1780
• Support symbolic-length reads from sockets #1786
• Add stubs for sendto #1791

WASM

• Fix type confusion when importing external functions #1803

Other

• Made Yices2 the default SMT Solver #1820
• [Added API] Added an API for introspecting live states #1775
• Changed default multiprocessing type to threading #1779
• Improved array serialization performance #1756
• Fix name collisions in SMT variables #1792

Manticore 0.3.4

0.3.4 - 2020-06-26

Thanks to our external contributors!

• jimpo
• langston-barrett

Ethereum

• Support and test against EVM Istanbul #1676
• [Added API] Added a manticore-verifier script for checking properties of smart contracts #1717
• Fixed RETURNDATASIZE #1612
• Added strategies for symbolic SHA3 replacement #1609
• Fixed GAS instruction #1633
• Improved balance-related exploration #1615
• Add __format__ to EVM accounts #1613
• Discard basic blocks that unavoidably REVERT #1630
• Extract printable bytes from return data #1671
• Support CHAINID, EXTCODEHASH, and SELFBALANCE instructions #1644
• [Changed API] Renamed several arguments in EVM API, including gaslimit --> gas #1652
• Explore states that self-destruct #1699
• Lazy solving for the Ethereum leak detector #1727

Native

• Support for ARM modified-immediate encodings #1638
• Support for /proc/self/maps #1639
• Support for llseek #1640
• Support for arm_fadvise64_64 #1648
• Allow symbolic sockets in accept #1618
• Fixes to open #1657
• Overhauled filesystem emulation #1673
• Fixed system call argument concretization #1697
• [Added API] Add a symbolic model for strcpy #1681

WASM

• Delay branch condition concretization for better coverage #1641

Other

• [Added API] Added a snapshot system #1710
• Transparent compression for state files #1624
• Unify around singleton interface for solver #1649
• Use __slots__ to reduce memory usage in expression system #1635
• [Removed API] Removed policy argument from ManticoreBase, added outputspace_url to optionally separate working files from output files #1651
• Disable broken get_related logic #1674
• Disable flaky Z3 tactics #1691
• Remove Keystone engine from dependencies #1684
• Improved error messages #1632, #1704
• Made ConstraintSets hashable #1703
• Added system to dynamically enable/disable plugins #1696 #1708
• Re-establish support for Yices and CVC4 #1714
• Improved constant folding and constraint set slicing #1706

Manticore 0.3.3

0.3.3 - 2020-01-30

Thanks to our external contributors!

• catenacyber

Ethereum

• [added API] Flag to only generate alive states when finalizing Manticore #1554
• Fix gas check #1587

Native

• [added API] Add post-instruction hooks #1579
• Fix issue with re-using stdio file descriptors after they'd been closed #1604

WASM

• [added API] getattr-style calls for WASM functions #1578
• [changed API] Pass state to function calls instead of constraint sets #1578
• [added API] Added read/write helper methods to memory instances #1589

Other

• [added API] Added streamlined state serialization interface #1596
• Fixed Z3 version parsing #1551
• Unique names for ArrayVars #1552
• Improve pickling and multiprocessing compatibility #1583
• Fix SMTLib visitor bug that broke the example tests #1577
• Optimize MinMax SMTLib operations #1599

Manticore 0.3.2

0.3.2 - 2019-11-11

Thanks to our external contributors!

• Srinivas11789
• catenacyber
• Boyan-MILANOV

Ethereum

• [added API] Use higher-level test generation to symbolically execute SHA3 #1526
• [added API] Added fast unsound SHA3 strategy #1549
• [added API] Added plugin for discarding states without changes to storage #1507
• [fixed API] Fix ADDMOD and MULMOD #1531
• Warn on missing bytecode #1534
• Simplifiy PC upon modification #1523

Native

• Better memory tests (#1506, 1524)
• Memory IO performance improvements #1509
• [added API] Expose ELF dynamic load addresses #1515
• Optimize instruction decoding (#1522, #1527)
• Add partial support for recvfrom syscall #1514
• [fixed API] Add will_write_memory event to write_bytes #1535
• Update supported Unicorn version #1536
• Fix file pointer leak in ELF interpreter #1538
• Deduplicate socket symbol names #1542
• Improve environment variable parsing #1545
• [fixed API] Reduce chance of orphaned did_execute_instruction event #1529

WASM

• [added API] Added initial support for webassembly #1495

Other

• Incorporate type checking (mypy) into CI #1544
• Fixes to smtlib (#1512, #1511)
• Remove runtime type checking from smtlib to improve performance #1543
• Logging improvements (#1518, #1520)
• Simplify unsigned division constant folding #1530
• Improve signed division logic #1540
• [changed API] Move to manticore-specific exception types #1537
• [changed API] Save profiling data in the workspace instead of the current directory #1539

Manticore 0.3.1

0.3.0 - 2019-08-06

Thanks to our external contributors!

• arcz

Ethereum

• Smart contracts are now compiled using Crytic-Compile #1406
• Added detector for strict comparisons to BALANCE #1481
• Added bitshift instructions #1498
• Added stub for STATICCALL (does not enforce static nature) #1494
• Updated EVM Examples #1486

Native

• Fixed getdents syscall #1472
• Fixed state merging examples #1482
• Support LSR.W on ARMV7 #1363
• Fixed CrackMe Example #1502
• Optimize CMPXCHG8B #1501
• Added fast_crash configuration setting that causes Manticore to immediately produce a finding on memory unsafety #1485

Other

• [changed API] Moved issymbolic into SMTLib to improve performance #1456
• Refactored API Docs #1469
• Fixed FileNotFound Error on state loading #1480

---

This change is 

Manticore 0.3.0

0.3.0 - 2019-06-06

Thanks to our external contributors!

• catenacyber
• binaryflesh

Major Changes

Executor Refactor (#1385)

We've completed a major refactor of the core executor that reorganizes Manticore's state machine to be more amenable toward use with the multiprocesssing module. This refactor introduces some small API changes:

• One must explicitly call the finalize method to dump test cases from a run
• The will_start_run event has been renamed to will_run
• The solver module requires explicitly accessing the Z3Solver singleton. from manticore.core.smtlib import solver becomes:

from manticore.core.smtlib.solver import Z3Solver
solver = Z3Solver.instance()

• manticore.running_states has been renamed to manticore._busy_states
  For more information about changes to the state machine, see the diagram in core/manticore.py

Blacken (#1438)

We've run the black autoformatter on the master branch of Manticore, and added a check for compliance to our CI. To ensure your code is properly formatted, run black -t py36 -l 100 . in your Manticore directory before committing.

Support for statically-linked AArch64 binaries (#1424)

Contractor nkaretnikov spent several months adding support for AArch64 on Linux. As this is a brand new architecture, we've left in most of the debugging assertions, which may slow it down slightly.
We look forward to getting feedback on this architecture so we can eventually remove the debugging assertions.

Ethereum

• Added Symbolic EVM Tests for the Frontier fork. Note that we don't support any other forks (i.e. Constantinople) yet. (#1431, #1441)
• [fixed API] Fixed relative paths for .sol files (#1393)
• [fixed API] Support dynamic parameters in constructors (#1414)
• Fixed detector failure when PC is symbolic (#1395)
• Transfers from etherless contracts no longer report STOP (#1392)

Native

• Added stubs for missing system calls & downgraded most missing calls from exceptions to warnings (#1384)
• Fixed DECREE magic pages (#1413)
• Store x86 registers in a set instead of a list (#1415)
• Fix register boundary check for non-x86 architectures (#1429)
• Support movhps on x86 (#1444)

Other

• Only publish events when there is at least one subscriber (#1388)
• Added sandshrew example (#1396)
• Updated Unicorn to track latest master (#1440)
• [fixed API] Now respects coverage file argument (#1442)

Manticore 0.2.5

0.2.5 - 2019-03-18

Thanks to our external contributors!

• werew
• NicolaiSoeborg
• Joool

Manticore 0.2.5 added Unicorn preloading for quickly performing concrete emulation of native binaries until a target address is reached. In the EVM engine, apart from some fixes, this release added support for creating contracts from Truffle JSON artifacts (see json_create_contract).

Full changelog below.

Ethereum

• [added API] json_create_contract - support creating EVM contracts from Truffle JSON artifacts (#1376)
• [changed API] Moved default gas value to config module (#1346)
• [fixed API] Fixed account creation with a code field (#1371)
• [fixed API] Fixed an incorrect attribute in last_return (#1341)
• [refactor] Inlined get_possible solutions function as it's only used once (#1372)
• Fixed _check_jumpdest when run with detectors - this bug could lead to not detecting an int overflow due to tainting made by another detector (#1347)
• Made findings print addresses in hex (#1339)

Native

• [added API] Added Unicorn preloading, for quickly performing concrete emulation until a target address is reached. (#1356)
• Fixed incorrect return value in sys_lseek (#1355)
• Added check for missing native packages (#1367)

Other

• [added API] Added context managers for the config module, allowing for temporary configurations (#1345)
• Updated Capstone to 4.0.1 (#1312)
• Embedded parsetab.py so users no longer need to generate it (#1383)

Manticore 0.2.4

0.2.4 - 2019-01-10

Ethereum

• [added API] Fixed VerboseTrace plugin (#1305) and added VerboseTraceStdout plugin (#1305): those can be used to track EVM execution (m.regiser_plugin(VerboseTraceStdout()))
• [changed API] Made gas calculation faithfulness configurable: this way, you can choose whether you respect or ignore gas calculations with --evm.oog <opt> (see --help); also, the gas calculations has been decoupled into its own methods (#1279)
• [changed API] Changed default gas to 3000000 when creating contract (#1332)
• [changed API] Launching manticore from cli will display all registered plugins (#1301)
• Fixed a bug where it wasn't possible to call contract's function when its name started with an underscore (#1306)
• Fixed Transaction.is_human usage and changed it to a property (#1323)
• Fixed make_symbolic_address not preconstraining the symbolic address to be within all already-known addresses (#1318)
• Fixed bug where a terminated state became a running one if m.running_states or m.terminated_states were generated (#1326)

Native

• [added API] Added symbol resolution feature, so it is possible to grab a symbol address by using m.resolve(symbol) (#1302)
• [changed API] The stdin_size CLI argument has been moved to config constant and so has to be passed using --native.stdin_size instead of --stdin_size (#1337)
• Speeded up Armv7 execution a bit (#1313)
• Fixed sys_arch_prctl syscall when wrong code value was passed and raise a NotImplementedError instead of asserting for not supported code values (#1319)

Other

• We speed up Manticore engine by 5-10% via solver optimizations (#1334)
• [changed API] Fixed missing CLI arguments that came from config constants - note that timeout has to be passed using core.timeout now (#1337)
• We now explicitly require Python>=3.6 when using CLI or when importing Manticore (#1331)
• __main__ now fetches manticore version from installed modules (#1310)
• Refactored some of the codebase (events #1314, solver #1334, tests #1308, py2->py3 #1307, state/platform #1320, evm stuff #1329)
• Some other fixes and minor changes