CN110287002A - A kind of ether mill virtual machine defect inspection method and system - Google Patents
A kind of ether mill virtual machine defect inspection method and system Download PDFInfo
- Publication number
- CN110287002A CN110287002A CN201910532435.3A CN201910532435A CN110287002A CN 110287002 A CN110287002 A CN 110287002A CN 201910532435 A CN201910532435 A CN 201910532435A CN 110287002 A CN110287002 A CN 110287002A
- Authority
- CN
- China
- Prior art keywords
- contract
- intelligent contract
- variation
- virtual machine
- ether mill
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Business, Economics & Management (AREA)
- Finance (AREA)
- General Physics & Mathematics (AREA)
- Accounting & Taxation (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Marketing (AREA)
- Strategic Management (AREA)
- Technology Law (AREA)
- General Business, Economics & Management (AREA)
- Debugging And Monitoring (AREA)
Abstract
The embodiment of the present invention provides a kind of ether mill virtual machine defect inspection method and system, provided method includes: the test data set that acquisition includes the real intelligence contract building in several ether mills, it concentrates each intelligent contract to be ranked up the test data according to priority conditions, chooses the intelligent contract of wherein highest priority as target contract;Based on the target contract, the abstract syntax tree of the corresponding mark key position of the target contract is constructed, according to preset rules, is modified to the determinant attribute in the abstract syntax tree of the mark key position, the intelligent contract after being made a variation;Using the intelligent contract after the variation as input data, mock trading is carried out to several ether mill virtual machine platforms, obtains implementing result.The loophole of ether mill virtual machine can quickly and accurately be retrieved and be excavated to method and system provided in an embodiment of the present invention, to ensure the safety of ether mill ecological environment.
Description
Technical field
The present invention relates to field of computer technology more particularly to a kind of ether mill virtual machine defect inspection method and systems.
Background technique
Block chain technique functions are derived from bit coin, and the purpose of initial design is to solve to depend on trusted third party unduly in e-payment
The problem of, transaction data is packaged by the technological innovations such as integrated use cryptological technique, distributed book keeping operation technology, common recognition mechanism
The data cell of specific format is combined into linear linked list with time sequencing, and realizes the transparent of transaction data using Encryption Algorithm
Property, tracing back property, safety, credibility and uniqueness.The transaction participant of block chain technology respectively independently saves a complete
Data copy, it is ensured that the reliable memory of transaction data.Each side establishes coordination, communication and incentive mechanism, collects in distributed network
Body participates in book keeping operation and the verifying of account book data, the common distributed data base constructed and maintenance is shared.
Ether mill (Ethereum) is the public block platform chain for having intelligent contract function of an open source.Ether mill is for the first time
The figure spirit for realizing block catenary system is complete, provides the ether of decentralization by its dedicated encrypted currency ether coin (Ether)
Virtual machine (Ethereum Virtual Machine, EVM) handles point-to-point intelligent contract, can upload and hold in block chain
Row application program, and performing effectively for program can be guaranteed.Ether mill can be regarded as the state machine based on transaction,
Its base mechanisms is that affairs execute, and when user, which initiates intelligent contract, to be called, ether mill can get contract according to contract address
Code is loaded into virtual machine and runs after generating running environment.
And the block platform chain that ether mill is transparent as one, all users on chain are it can be seen that based on block chain
Contract and Transaction Information, including leading to massive losses or threatening the various security breaches of platform safety.In the past few years, with
The block chain transaction security problem of too mill platform emerges one after another, and summarizing to a series of security incidents occurred in recent years can be with
It was found that the security breaches overwhelming majority of ether mill platform is all when carrying out the transaction of intelligent contract by malicious exploitation.At present
It has developed many tools and has ensured ether mill transaction security in ether mill intelligence contract level.For example, Oyente and Maian make
Potential safety problem in the intelligent contract write based on Solidity is searched with symbolic execution technique, Zeus is then with abstract
It explains to analyze intelligent contract.These tools can efficiently find at present generally acknowledged intelligent contract defect, can such as reentry defect,
Timestamp dependence etc..
But the execution of ether mill transaction, intelligent contract is logic high level therein, the execution of specific code be all via with
Too mill virtual machine (EVM) is realized.Ether mill virtual machine is the core of ether mill platform, it is commonly known as ether mill technology
Operating system is responsible for executing and safeguarding intelligent contract, it is the basis for establishing intelligent contract.The formalization of ether mill virtual machine is fixed
Justice has in the Calusena lansium of ether mill clearly stipulate that interior data structure is storehouse, and each storage item size is no more than 32 words
Section according to the running environment pre-defined and executes step, for example abnormality processing or jump address, EVM can complete each
It is deployed in the state conversion of the block on ether mill.EVM is mainly responsible for the calculating of execution and the gas consumption of contract bytecode.Always
For, ether mill virtual machine is a powerful stacking-type state machine, is embedded in each full node in ether mill, and ether is responsible for
The execution of all intelligent contracts in mill.
The unique platform and standard that intelligent contract is executed as ether mill, if ether mill virtual machine is in terms of code realization
There are security risks, once being utilized by malicious hackers, consequence is hardly imaginable, may influence whether the entire ether mill ecosphere
User, consequence caused by the loophole than intelligent contract logical layer are more serious.
The ether mill virtual machine that the whole world has at least ten kinds of different languages to realize at present is widely used in the transaction of ether mill,
But the security protection of intelligent contract level is also generally dedicated to for the safety guarantee of ether mill platform at present, for ether mill void
Quasi- machine due care is very few.
Summary of the invention
To solve above-mentioned problems of the prior art, the embodiment of the present invention provides a kind of ether mill virtual machine defect inspection
Survey method and system.
In a first aspect, the embodiment of the present invention provides a kind of ether mill virtual machine defect inspection method, comprising:
Acquisition includes the test data set of the real intelligence contract building in several ether mills, according to priority conditions pair
The test data concentrates each intelligent contract to be ranked up, and the intelligent contract for choosing wherein highest priority is closed as target
About;
Based on the target contract, the abstract syntax tree of the corresponding mark key position of the target contract is constructed, according to
Preset rules modify to the determinant attribute in the abstract syntax tree of the mark key position, the intelligence after being made a variation
Contract;
Using the intelligent contract after the variation as input data, to several ether mills, virtual machine platform carries out simulation friendship
Easily, implementing result is obtained.
Wherein, described to concentrate each intelligent contract to be ranked up the test data according to priority conditions, it chooses
The step of wherein intelligent contract of highest priority is as target contract, specifically includes: calculating the every of the test data concentration
The diversity factor priority and Time priority of one intelligent contract;According to the diversity factor priority of each intelligent contract and
Time priority is ranked up the intelligent contract;The intelligent contract to rank the first is chosen as target contract.
Wherein, after the step of intelligent contract that the selection ranks the first is as target contract, further includes: described in update
Test data concentrates the Time priority of each intelligent contract.
Wherein, described to be based on the target contract, construct the abstract language of the corresponding mark key position of the target contract
It the step of method tree, specifically includes: according to the target contract, the abstract syntax tree of the target contract is obtained, to the target
Predeterminated position in the abstract syntax tree of contract is identified, and obtains the abstract syntax tree of mark key position.
Wherein, described according to preset rules, the determinant attribute in the abstract syntax tree of the mark key position is carried out
It the step of modification, intelligent contract after being made a variation, specifically includes: according to preset mutation operation symbol, in conjunction with preset variation
Strategy modifies to the determinant attribute in the abstract syntax tree of the mark key position, and the mark after being made a variation is crucial
The abstract syntax tree of position;The abstract syntax tree of mark key position after the variation is reconstructed, after being made a variation
Intelligent contract;Wherein, the Mutation Strategy include but is not limited to odd number combined strategy, even number combined strategy, extreme value combined strategy,
Any one of random combine strategy and global combined strategy.
Wherein, the intelligent contract using after the variation is as input data, to several ether mill virtual machine platforms
Carry out mock trading, obtain implementing result after the step of further include: the intelligent contract after obtaining the variation is in the first ether
First implementing result of mill virtual machine platform and intelligent contract after the variation are the of the second ether mill virtual machine platform
Two implementing results;According to first implementing result and second implementing result, calculates the intelligence after obtaining the variation and close
The difference index about executed in the first ether mill virtual machine platform and the second ether mill virtual machine platform.
Wherein, the method also includes: according to the difference index, the intelligent contract after the variation is assessed,
The contract quality of intelligent contract after obtaining the variation;If the contract quality meets preset requirement, after the variation
Intelligent contract save to the test data set.
Second aspect, the embodiment of the present invention provide a kind of ether mill virtual machine defect detecting system, comprising:
Contract extraction module, for obtain include several ether mills real intelligence contract building test data
Collection concentrates each intelligent contract to be ranked up the test data, chooses wherein highest priority according to priority conditions
Intelligent contract as target contract;
Make a variation module, for being based on the target contract, constructs the pumping of the corresponding mark key position of the target contract
As syntax tree is modified to the determinant attribute in the abstract syntax tree of the mark key position, obtained according to preset rules
Intelligent contract after variation;
Execution module, for using the intelligent contract after the variation as input data, to several ether mill virtual machines
Platform carries out mock trading, obtains implementing result.
The third aspect, the embodiment of the present invention provides a kind of electronic equipment, including memory, processor and is stored in memory
Computer program that is upper and can running on a processor, the processor are realized when executing described program such as above-mentioned first aspect institute
The step of ether mill virtual machine defect inspection method of offer.
Fourth aspect, the embodiment of the present invention provide a kind of non-transient computer readable storage medium, are stored thereon with calculating
Machine program realizes the inspection of the ether mill virtual machine defect as provided by above-mentioned first aspect when the computer program is executed by processor
The step of survey method.
Method and system provided in an embodiment of the present invention carry out mutation operation to the real intelligence contract in ether mill, realize
Differential mode paste test is carried out on the ether mill platform that multilingual is realized, by the contract bytecode and function tune after variation
Multi version virtual machine is supplied to sequence to seek unity of action, and monitors the implementation procedure of these virtual machines and captures them at certain
A little inputs are lower to show different behaviors from other test objects, and then quickly and accurately retrieves and excavate ether mill virtual machine
Loophole, to ensure the safety of ether mill ecological environment.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is this hair
Bright some embodiments for those of ordinary skill in the art without creative efforts, can be with root
Other attached drawings are obtained according to these attached drawings.
Fig. 1 is the flow diagram for the ether mill virtual machine defect inspection method that one embodiment of the invention provides;
Fig. 2 is CAST schematic diagram in the ether mill virtual machine defect inspection method that one embodiment of the invention provides;
Fig. 3 is the structural schematic diagram for the ether mill virtual machine defect detecting system that one embodiment of the invention provides;
Fig. 4 is the structural schematic diagram for the electronic equipment that one embodiment of the invention provides.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art
Every other embodiment obtained without creative efforts, shall fall within the protection scope of the present invention.
With reference to Fig. 1, Fig. 1 is the process signal for the ether mill virtual machine defect inspection method that one embodiment of the invention provides
Figure, provided method include:
S1, acquisition includes the test data set of the real intelligence contract building in several ether mills, according to priority item
Part concentrates each intelligent contract to be ranked up the test data, chooses the intelligent contract of wherein highest priority as mesh
Mark contract;
S2 is based on the target contract, constructs the abstract syntax tree of the corresponding mark key position of the target contract, root
According to preset rules, modify to the determinant attribute in the abstract syntax tree of the mark key position, the intelligence after being made a variation
It can contract;
S3 carries out mould to several ether mill virtual machine platforms using the intelligent contract after the variation as input data
Quasi- transaction, obtains implementing result.
Specifically, collecting the real intelligence contract in too mill first in the present embodiment as initial testing data set, testing number
It is kind subpool for testing ether mill virtual machine according to collection, each intelligent contract in data set is seed contract,
In addition, it is necessary to running environment needed for configuring several ether mill virtual machine (EVM) platforms, extracts and encapsulate virtual machine execution and connect
Mouthful, in the present embodiment, four EVM platforms are had chosen as test platform, comprising: js-evm, py-evm, geth and aleth.
After configuration, then the intelligent contract concentrated to test data is chosen, during each execute, all
Need once to reorder to all contracts in test data set, and select the highest intelligent contract of comprehensive priority as
The target contract of this variation.
After being extracted target contract, needs to construct it CAST file, facilitate subsequent variation.CAST is Critical
The abbreviation of locations identified Abstract Syntax Tree, the i.e. abstract syntax based on key position identification
Tree can be directly based upon key attribute and the operation such as be searched source code, replaced, deleted, increased, for conjunction according to CAST
About variation is provided convenience, while ensure that grammaticality, avoids generating invalid contract.
Fig. 2 is a simple CAST example, the CAST for illustrating contract source code and being generated based on the source code.It can be straight
The corresponding relationship that the two is found out on ground is seen, CAST is believed the parameter of contract method, attribute, main structure, return value etc. with tree construction
Breath is shown.Under main structure subtree, the attribute for containing each sentence is split, and wherein the node of dash area is identified
For key position, because in its subtree for being respectively positioned on key sentence call.
Contract variation is that variation contract generates a most important and most complicated step.It is first after determining target contract
It first passes through certain strategy to be combined mutation operation symbol, after picking out corresponding mutation operation symbol, makes them successively right
Determinant attribute in CAST is modified, and then the intelligent contract after being made a variation.
Finally, contract compiling is become EVM bytecode first, and according to operation after intelligent contract after being made a variation
The parameter type of function, which generates, calls input, to obtain the unified input of each ether mill virtual machine platform;Then it automates
The output result of operation and more each ether mill virtual machine platform.
In specific implementation, after primary effective contract variation, the diversity factor of more different EVM platforms after execution is
It is necessary to, guidance is provided for subsequent variation and the selection of seed contract.The seeking unity of action of multi-platform EVM can be divided into following
Step: being to build unified running environment first, carries out the work such as environment configurations, source code debugging, interface extraction to each EVM,
Ensure that each platform can operate normally and obtain desired output.It followed by obtains directly running on EVM platform
Data, i.e. contract bytecode and call parameters.It, can will be after variation by executing solc--bin-runtime xx.sol
About C is compiled into executable bytecode.According to the data type of the reception parameter of selected function, corresponding input can be generated
Parameter.For every kind of data type, some common or extreme value has been pre-defined, has been randomly choosed when generating.It is to adjust again
Interface is executed with the EVM of each platform and runs contract data, is standardized the output format of implementing result and is saved output information.
By the method, mutation operation is carried out to the real intelligence contract in ether mill, is realized in multilingual realization
On the platform of ether mill carry out differential mode paste test, by after variation contract bytecode and function calling sequence be supplied to multi version
Virtual machine is sought unity of action, and is monitored the implementation procedure of these virtual machines and is captured them and tests under certain inputs with other
Object shows different behaviors, and then quickly and accurately retrieves and excavate the loophole of ether mill virtual machine, to ensure ether
The safety of mill ecological environment.
On the basis of the above embodiments, described to concentrate each intelligently to close the test data according to priority conditions
It is about ranked up, chooses the step of intelligent contract of wherein highest priority is as target contract, specifically include: calculating the survey
Try the diversity factor priority and Time priority of the intelligent contract of each of data set;According to each intelligent contract
Diversity factor priority and Time priority are ranked up the intelligent contract;The intelligent contract to rank the first is chosen as mesh
Mark contract.
Wherein, after the step of intelligent contract that the selection ranks the first is as target contract, further includes: described in update
Test data concentrates the Time priority of each intelligent contract.
Specifically, requiring to carry out one to all contracts in kind of subpool i.e. test data set before each execution starts
It is secondary to reorder, and select the highest seed contract of comprehensive priority as the object of variation.Comprehensive priority is by two part groups
At first part is diversity factor priority, and initial value is the number between a 0-10, directly proportional to the size of diversity factor;Second
Part is Time priority, and initial value 0 is directly proportional to the waiting time.
In kind of subpool, the importance of each candidate's contract is different.Answer the contract that difference is bigger between platform more
This is as the benchmark contract to make a variation next time.But simultaneously in order to guarantee the diversity of seed, other contracts are also required for certain
Selected probability.Therefore, the embodiment of the present invention safeguards a candidate seed queue using dynamic priority scheduling algorithm, every
Before secondary iteration starts, candidate seed is ranked up according to comprehensive priority, choose the maximum contract of priority as this
Make a variation object, while increasing the Time priority of other seed contracts, to guarantee that each seed contract has certain chance quilt
It chooses.
On the basis of the above embodiments, described to be based on the target contract, construct the corresponding mark of the target contract
It the step of abstract syntax tree of key position, specifically includes: according to the target contract, obtaining the abstract language of the target contract
Method tree is identified the predeterminated position in the abstract syntax tree of the target contract, obtains the abstract language of mark key position
Method tree.
Specifically, after having chosen test contract, it would be desirable to construct CAST file to it, facilitate subsequent variation.CAST is
The abbreviation of Critical locations identified Abstract Syntax Tree, i.e., based on key position identification
Abstract syntax tree is a kind of novel pumping that the present invention combines the code feature of intelligent contract to define on the basis of abstract syntax tree
Image structures.The CAST of one contract is completely the same with abstract syntax tree in file structure, only increases in seed contract
The mark of certain key positions, i.e., the subtree where sentence relevant to pecuniary exchange, is mainly concerned with 6 kinds of symbols of statement:
new、call、delegatecall、callcode、send、transfer。
According to CAST, key attribute can be directly based upon and the operation such as searched source code, replaced, deleted, increased,
It provides convenience for contract variation, while ensure that grammaticality, avoid generating invalid seed.Fig. 3 is one simple
CAST example, the CAST for illustrating contract source code and being generated based on the source code.The corresponding relationship of the two that can visually see,
CAST is shown the information such as the parameter of contract method, attribute, main structure, return value with tree construction.In main structure
Under tree, the attribute for containing each sentence is split, and wherein the node of dash area is identified as key position, because of their equal positions
In the subtree of key sentence call.
On the basis of the above embodiments, described according to preset rules, to the abstract syntax tree of the mark key position
In determinant attribute modify, the step of intelligent contract after being made a variation, specifically include: according to preset mutation operation
Symbol is modified to the determinant attribute in the abstract syntax tree of the mark key position, is obtained in conjunction with preset Mutation Strategy
The abstract syntax tree of mark key position after variation;Weight is carried out to the abstract syntax tree of the mark key position after the variation
Structure, the intelligent contract after being made a variation;Wherein, the Mutation Strategy includes but is not limited to odd number combined strategy, even number combination plan
Any one of summary, extreme value combined strategy, random combine strategy and global combined strategy.
Specifically, contract variation is a most important and most complicated step of seed contract generation module.Determining this
After the test contract for taking turns iteration, mutation operation symbol is combined by certain strategy first, picks out corresponding variation behaviour
After according with, them is allowed successively to modify to the determinant attribute in CAST, finally reconstruct bout about source code, obtains virtual machine system
The input of one execution module.
In mutation process, it is necessary to assure modified contract can normally generate executable bytecode.Currently, according to
The function logic characteristic of intelligent contract devises 8 mutation operation symbols, as shown in table 1:
Table 1
These variation methods are designed based on three kinds of different granularities, the first is word rank, to types of variables and letter
Number attribute is modified, and then influences its storage organization and Call Condition;Second is character rank, modifies arithmetical operation, item
Part jumps and recycles the termination condition executed, may reprogramming control flow;The third is sentence rank, for example, increase or
Delete the assertion statement etc. for interior condition judgement.
In order to promote the quality of mutation operation, the embodiment of the present invention is that each mutation operation symbol is provided with a weight letter
Breath, the mutation operation symbol for facilitating high quality seed generation will be endowed higher weight.After each iteration, if diversity factor
It is promoted, then participating in the weight of all mutation operations symbol of this variation can all increase in proportion, stores mutation operation symbol later
Queue will be updated, i.e., according to weight size to all mutation operations symbol be ranked up, provide guidance to be further combined
Information.The embodiment of the present invention devises 5 kinds of combined strategies altogether, by different integrated modes can be further improved variation with
Machine and diversity.
OddComb: odd number combined strategy, under be designated as odd number mutation operation symbol combination.
EvenComb: even number combined strategy, under be designated as even number mutation operation symbol combination.
ExtremeComb: extreme value combined strategy, first combination accorded with the last one mutation operation.
RandomComb: random combine strategy does not consider weight information, randomly chooses a mutation operation symbol.
AllComb: global combined strategy randomly selects one of above 4 kinds of strategies in each iteration.
On the basis of the above embodiments, the intelligent contract using after the variation is as input data, to several
Ether mill virtual machine platform carry out mock trading, obtain implementing result after the step of further include: the intelligence after obtaining the variation
Intelligent contract of the energy contract after the first implementing result and the variation of the first ether mill virtual machine platform is in the second ether
Second implementing result of mill virtual machine platform calculates according to first implementing result and second implementing result and obtains institute
The difference index that intelligent contract after stating variation is executed in the first ether mill virtual machine platform and the second ether mill virtual machine platform.
Wherein, the method also includes: according to the difference index, the intelligent contract after the variation is assessed,
The contract quality of intelligent contract after obtaining the variation;If the contract quality meets preset requirement, after the variation
Intelligent contract save to the test data set.
Specifically, the realization principle of major part EVM platform is all based on the state machine of affairs, and the variation of state mainly takes
Certainly in input data, the sequence of opcodes of execution and transaction results.Therefore, the embodiment of the present invention using sequence of opcodes length and
The expense of consumption assesses different EVM as two important indicators in processing with performance when a test contract.
opSeqLen.Op, i.e. opcode are the abbreviations of operation code (operation code), be used to describe machine language
In speech instruction, the specified part machine code that execute certain operation.The angle analysis executed from computer instruction, each letter
Number, which calls, to be completed by the execution of sequence of operations code.Sequence of opcodes clearly shows the complete mistake of contract operation
Journey can be used for the execution verifying correctness of each step.For platform i, it is that the platform exists that the present invention, which defines opseqlen (i, C),
The length for the sequence of opcodes that operation and when about C obtain.
gasUsed.GasUsed refers to the total cost that all operations execute in transaction or message, and numerical value and transaction execute
As a result closely bound up, also it is directly related to the transaction fee that user finally needs to pay.It indicates to transport used here as gasUsed (i, C)
The total cost consumed on platform i after capable and about C.
Based on above-mentioned two index, the measurement index of diversity factor is further defined.When giving an input parameter,
On one specific EVM platform, normal execute of a transaction is determined by an execution sequence that is unique, determining, and is calculated total
Consumption costs.Therefore, the table between different platform is assessed using one diversity factor measurement index diff of the two structure's variables
Existing difference degree.For any two platform i and j, the cost consumption difference and sequence of opcodes difference point between them are defined
Not Wei they in the difference executed and when about C on corresponding index, it may be assumed that
GasDiff (i, j)=abs (gasUsed (i, C), gasUsed (j, C))
OpDiff (i, j)=abs (opSeqLen (i, C), opSeqLen (j, C))
After obtaining operation code difference value and cost consumption difference value again, set obtains final difference index:
Diff is bigger, and the inconsistent degree between each platform is higher.Executing output is the return after all operation codes execute
Value, output (i, C) is defined as and returning the result after about C is executed on EVM, i.For a function call
It is the return value of function, is exactly account balance for a money transfer transactions.Although two internal indicators reflect different EVM
Realization and execute difference, but execute output can intuitively reflect whether the operation of these EVM correct.
Pass through the quality for the seed contract that platform diversity factor (diff) assessment generates.If a variation contract is multi-platform
Increase diff value after execution, being considered as it is the high quality seed for having more high probability to trigger platform loophole, and it is saved
Candidate into seed queue next time, as the object that makes a variation.
In conclusion the embodiment of the present invention is using existing code analysis techniques and bug excavation technology in multilingual reality
Differential mode paste test is carried out on existing ether mill platform, i.e., constantly variation generates and tests intelligent contract, then by the conjunction after variation
About bytecode and function calling sequence are supplied to multi version virtual machine and seek unity of action, and monitor the execution of these virtual machines
It journey and captures them and shows different behaviors from other test objects under certain inputs, and then quickly and accurately retrieve simultaneously
The loophole of ether mill virtual machine is excavated, to ensure the safety of ether mill ecological environment.
With reference to Fig. 3, Fig. 3 is the structural representation for the ether mill virtual machine defect detecting system that one embodiment of the invention provides
Figure, provided system include: contract extraction module 31, variation module 32 and execution module 33.
Wherein, contract extraction module 31 be used for obtains include several ether mills real intelligence contract construct test
Data set concentrates each intelligent contract to be ranked up the test data, chooses wherein priority according to priority conditions
Highest intelligence contract is as target contract;
The module 32 that makes a variation is used to be based on the target contract, constructs the pumping of the corresponding mark key position of the target contract
As syntax tree is modified to the determinant attribute in the abstract syntax tree of the mark key position, obtained according to preset rules
Intelligent contract after variation;
Execution module 33 is used for using the intelligent contract after the variation as input data, to several ether mill virtual machines
Platform carries out mock trading, obtains implementing result.
It should be noted that contract extraction module 31, variation module 32 and the cooperation of execution module 33 are to execute above-mentioned implementation
One of example ether mill virtual machine defect inspection method, the concrete function of the system is referring to above-mentioned ether mill virtual machine defect
The embodiment of detection method, details are not described herein again.
Fig. 4 illustrates the structural schematic diagram of a kind of electronic equipment, as shown in figure 4, the server may include: processor
(processor) 410, communication interface (Communications Interface) 420, memory (memory) 430 and bus
440, wherein processor 410, communication interface 420, memory 430 complete mutual communication by bus 440.Communication interface
440 can be used for the information transmission between server and smart television.Processor 410 can call the logic in memory 430
Instruction, to execute following method: acquisition includes the test data set of the real intelligence contract building in several ether mills, according to
Priority conditions concentrate each intelligent contract to be ranked up the test data, and the intelligence for choosing wherein highest priority is closed
About it is used as target contract;Based on the target contract, the abstract syntax of the corresponding mark key position of the target contract is constructed
Tree modifies to the determinant attribute in the abstract syntax tree of the mark key position, after being made a variation according to preset rules
Intelligent contract;Using the intelligent contract after the variation as input data, mould is carried out to several ether mill virtual machine platforms
Quasi- transaction, obtains implementing result.
The present embodiment also provides a kind of computer program product, and the computer program product includes being stored in non-transient meter
Computer program on calculation machine readable storage medium storing program for executing, the computer program include program instruction, when described program instruction is counted
When calculation machine executes, computer is able to carry out method provided by above-mentioned each method embodiment, for example, acquisition includes several
The test data set of the real intelligence contract building in a ether mill, concentrates each to the test data according to priority conditions
Intelligent contract is ranked up, and chooses the intelligent contract of wherein highest priority as target contract;Based on the target contract, structure
The abstract syntax tree for building the corresponding mark key position of the target contract, according to preset rules, to the mark key position
Abstract syntax tree in determinant attribute modify, the intelligent contract after being made a variation;By the intelligent contract after the variation
As input data, mock trading is carried out to several ether mill virtual machine platforms, obtains implementing result.
The present embodiment provides a kind of non-transient computer readable storage medium, the non-transient computer readable storage medium
Computer instruction is stored, the computer instruction makes the computer execute method provided by above-mentioned each method embodiment, example
It such as include: the test data set that acquisition includes the real intelligence contract building in several ether mills, according to priority conditions pair
The test data concentrates each intelligent contract to be ranked up, and the intelligent contract for choosing wherein highest priority is closed as target
About;Based on the target contract, the abstract syntax tree of the corresponding mark key position of the target contract is constructed, according to default rule
Then, it modifies to the determinant attribute in the abstract syntax tree of the mark key position, the intelligent contract after being made a variation;It will
Intelligent contract after the variation carries out mock trading to several ether mill virtual machine platforms, acquisition is held as input data
Row result.
The apparatus embodiments described above are merely exemplary, wherein described, unit can as illustrated by the separation member
It is physically separated with being or may not be, component shown as a unit may or may not be physics list
Member, it can it is in one place, or may be distributed over multiple network units.It can be selected according to the actual needs
In some or all of the modules achieve the purpose of the solution of this embodiment.Those of ordinary skill in the art are not paying creativeness
Labour in the case where, it can understand and implement.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can
It realizes by means of software and necessary general hardware platform, naturally it is also possible to pass through hardware.Based on this understanding, on
Stating technical solution, substantially the part that contributes to existing technology can be embodied in the form of software products in other words, should
Computer software product may be stored in a computer readable storage medium, such as ROM/RAM, magnetic disk, CD, including several fingers
It enables and using so that a computer equipment (can be personal computer, server or the network equipment etc.) executes each implementation
Method described in certain parts of example or embodiment.
Finally, it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although
Present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: it still may be used
To modify the technical solutions described in the foregoing embodiments or equivalent replacement of some of the technical features;
And these are modified or replaceed, technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution spirit and
Range.
Claims (10)
1. a kind of ether mill virtual machine defect inspection method characterized by comprising
Acquisition includes the test data set of the real intelligence contract building in several ether mills, according to priority conditions to described
Test data concentrates each intelligent contract to be ranked up, and chooses the intelligent contract of wherein highest priority as target contract;
Based on the target contract, the abstract syntax tree of the corresponding mark key position of the target contract is constructed, according to default
Rule modifies to the determinant attribute in the abstract syntax tree of the mark key position, the intelligent contract after being made a variation;
Using the intelligent contract after the variation as input data, mock trading is carried out to several ether mill virtual machine platforms,
Obtain implementing result.
2. the method according to claim 1, wherein described concentrate the test data according to priority conditions
Each intelligent contract is ranked up, and chooses the step of intelligent contract of wherein highest priority is as target contract, specific to wrap
It includes:
Calculate the diversity factor priority and Time priority of the intelligent contract of each of described test data set;
According to the diversity factor priority and Time priority of each intelligent contract, the intelligent contract is ranked up;
The intelligent contract to rank the first is chosen as target contract.
3. according to the method described in claim 2, it is characterized in that, the intelligent contract to rank the first of choosing is closed as target
After about the step of, further includes:
Update the Time priority that the test data concentrates each intelligent contract.
4. constructing the target the method according to claim 1, wherein described be based on the target contract and closing
It the step of abstract syntax tree of about corresponding mark key position, specifically includes:
According to the target contract, the abstract syntax tree of the target contract is obtained, to the abstract syntax tree of the target contract
In predeterminated position be identified, obtain mark key position abstract syntax tree.
5. the method according to claim 1, wherein described according to preset rules, to the mark key position
Abstract syntax tree in determinant attribute modify, the step of intelligent contract after being made a variation, specifically include:
It is accorded with according to preset mutation operation, in conjunction with preset Mutation Strategy, in the abstract syntax tree of the mark key position
Determinant attribute modify, after being made a variation mark key position abstract syntax tree;
The abstract syntax tree of mark key position after the variation is reconstructed, the intelligent contract after being made a variation;
Wherein, the Mutation Strategy include but is not limited to odd number combined strategy, it is even number combined strategy, extreme value combined strategy, random
Any one of combined strategy and global combined strategy.
6. the method according to claim 1, wherein the intelligent contract using after the variation is as input number
According to, to several ether mill virtual machine platforms carry out mock trading, obtain implementing result after the step of further include:
The first implementing result and the variation of intelligent contract after obtaining the variation in the first ether mill virtual machine platform
Second implementing result of the intelligent contract afterwards in the second ether mill virtual machine platform;
According to first implementing result and second implementing result, the intelligent contract after obtaining the variation is calculated first
The difference index that ether mill virtual machine platform and the second ether mill virtual machine platform execute.
7. according to the method described in claim 6, it is characterized in that, the method also includes:
According to the difference index, the intelligent contract after the variation is assessed, the intelligent contract after obtaining the variation
Contract quality;
If the contract quality meets preset requirement, the intelligent contract after the variation is saved to the test data set.
8. a kind of ether mill virtual machine defect detecting system characterized by comprising
Contract extraction module, for obtain include several ether mills real intelligence contract building test data set, root
It concentrates each intelligent contract to be ranked up the test data according to priority conditions, chooses the intelligence of wherein highest priority
Contract is as target contract;
Make a variation module, for being based on the target contract, constructs the abstract language of the corresponding mark key position of the target contract
Method tree modifies to the determinant attribute in the abstract syntax tree of the mark key position, is made a variation according to preset rules
Intelligent contract afterwards;
Execution module, for using the intelligent contract after the variation as input data, to several ether mill virtual machine platforms
Mock trading is carried out, implementing result is obtained.
9. a kind of electronic equipment including memory, processor and stores the calculating that can be run on a memory and on a processor
Machine program, which is characterized in that the processor realizes the ether mill as described in any one of claim 1 to 7 when executing described program
The step of virtual machine defect inspection method.
10. a kind of non-transient computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer
It is realized when program is executed by processor as described in any one of claim 1 to 7 the step of the virtual machine defect inspection method of ether mill.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910532435.3A CN110287002A (en) | 2019-06-19 | 2019-06-19 | A kind of ether mill virtual machine defect inspection method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910532435.3A CN110287002A (en) | 2019-06-19 | 2019-06-19 | A kind of ether mill virtual machine defect inspection method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110287002A true CN110287002A (en) | 2019-09-27 |
Family
ID=68004232
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910532435.3A Pending CN110287002A (en) | 2019-06-19 | 2019-06-19 | A kind of ether mill virtual machine defect inspection method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110287002A (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111563742A (en) * | 2020-05-11 | 2020-08-21 | 西安邮电大学 | Fuzzy testing method for intelligent contract transaction sequence dependence vulnerability variation |
| CN112015628A (en) * | 2020-09-01 | 2020-12-01 | 北京物资学院 | Intelligent contract function level dynamic monitoring and analyzing system and implementation method |
| US20200410460A1 (en) * | 2018-03-18 | 2020-12-31 | Valid Network Ltd | Method and system for assessing future execution of a smart contract based on previous executions on a blockchain-based platform |
| CN112884475A (en) * | 2021-01-22 | 2021-06-01 | 支付宝(杭州)信息技术有限公司 | Test method and system of intelligent contract resource loss monitoring system |
| CN112967059A (en) * | 2021-05-18 | 2021-06-15 | 支付宝(杭州)信息技术有限公司 | Variant intelligent contract generation method and system for testing resource loss monitoring system |
| CN114202215A (en) * | 2021-12-15 | 2022-03-18 | 中山大学 | Intelligent contract transaction exception maintenance method, device, equipment and readable storage medium |
| CN116541852A (en) * | 2023-06-26 | 2023-08-04 | 中国移动紫金(江苏)创新研究院有限公司 | Intelligent contract virtual machine security reinforcement method and system based on block chain |
| CN118013535A (en) * | 2024-04-10 | 2024-05-10 | 中国移动紫金(江苏)创新研究院有限公司 | Block chain virtual machine safety detection method and related equipment thereof |
| CN118409977A (en) * | 2024-07-04 | 2024-07-30 | 浙江大学 | Fuzzy test method for Ethernet virtual machine |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018058105A1 (en) * | 2016-09-26 | 2018-03-29 | Shapeshift Ag | System and method of managing trustless asset portfolios |
-
2019
- 2019-06-19 CN CN201910532435.3A patent/CN110287002A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018058105A1 (en) * | 2016-09-26 | 2018-03-29 | Shapeshift Ag | System and method of managing trustless asset portfolios |
Non-Patent Citations (2)
| Title |
|---|
| FUCHEN MA ETC: ""EVM*: From Offline Detection to Online Reinforcement for Ethereum Virtual Machine"", 《2019 IEEE 26TH INTERNATIONAL CONFERENCE ON SOFTWARE ANALYSIS, EVOLUTION AND REENGINEERING (SANER)》 * |
| YING FU ETC: ""EVMFuzz: Differential Fuzz Testing of Ethereum Virtual Machine"", 《HTTPS://ARXIV.ORG/PDF/1903.08483》 * |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20200410460A1 (en) * | 2018-03-18 | 2020-12-31 | Valid Network Ltd | Method and system for assessing future execution of a smart contract based on previous executions on a blockchain-based platform |
| CN111563742A (en) * | 2020-05-11 | 2020-08-21 | 西安邮电大学 | Fuzzy testing method for intelligent contract transaction sequence dependence vulnerability variation |
| CN111563742B (en) * | 2020-05-11 | 2023-08-15 | 西安邮电大学 | Fuzzy testing method for intelligent contract transaction sequence dependence vulnerability variation |
| CN112015628B (en) * | 2020-09-01 | 2023-06-30 | 北京物资学院 | Intelligent contract function level dynamic monitoring analysis system and implementation method |
| CN112015628A (en) * | 2020-09-01 | 2020-12-01 | 北京物资学院 | Intelligent contract function level dynamic monitoring and analyzing system and implementation method |
| CN112884475A (en) * | 2021-01-22 | 2021-06-01 | 支付宝(杭州)信息技术有限公司 | Test method and system of intelligent contract resource loss monitoring system |
| CN112967059A (en) * | 2021-05-18 | 2021-06-15 | 支付宝(杭州)信息技术有限公司 | Variant intelligent contract generation method and system for testing resource loss monitoring system |
| CN114202215A (en) * | 2021-12-15 | 2022-03-18 | 中山大学 | Intelligent contract transaction exception maintenance method, device, equipment and readable storage medium |
| CN116541852A (en) * | 2023-06-26 | 2023-08-04 | 中国移动紫金(江苏)创新研究院有限公司 | Intelligent contract virtual machine security reinforcement method and system based on block chain |
| CN116541852B (en) * | 2023-06-26 | 2023-09-12 | 中国移动紫金(江苏)创新研究院有限公司 | Intelligent contract virtual machine security reinforcement method and system based on block chain |
| CN118013535A (en) * | 2024-04-10 | 2024-05-10 | 中国移动紫金(江苏)创新研究院有限公司 | Block chain virtual machine safety detection method and related equipment thereof |
| CN118013535B (en) * | 2024-04-10 | 2024-08-09 | 中国移动紫金(江苏)创新研究院有限公司 | Block chain virtual machine safety detection method and related equipment thereof |
| CN118409977A (en) * | 2024-07-04 | 2024-07-30 | 浙江大学 | Fuzzy test method for Ethernet virtual machine |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110287002A (en) | A kind of ether mill virtual machine defect inspection method and system | |
| US20210073286A1 (en) | Multigraph verification | |
| EP4010816A1 (en) | Modification of in-execution smart contract programs | |
| Syriani et al. | A modular timed graph transformation language for simulation-based design | |
| EP3218811B1 (en) | Testing insecure computing environments using random data sets generated from characterizations of real data sets | |
| Chia et al. | Rethinking blockchain security: Position paper | |
| CN109359277A (en) | Data monitoring method, equipment and computer storage medium | |
| Gutiérrez‐Madroñal et al. | Evolutionary mutation testing for IoT with recorded and generated events | |
| CN116361810A (en) | Intelligent contract vulnerability detection method based on symbol execution | |
| CN108460068A (en) | Method, apparatus, storage medium and the terminal that report imports and exports | |
| US20120260234A1 (en) | Testing system | |
| Segall et al. | Simplified modeling of combinatorial test spaces | |
| Qian et al. | Demystifying random number in ethereum smart contract: taxonomy, vulnerability identification, and attack detection | |
| Shou et al. | Llm4fuzz: Guided fuzzing of smart contracts with large language models | |
| Colin et al. | An Integrated Smart Contract Vulnerability Detection Tool Using Multi-layer Perceptron on Real-time Solidity Smart Contracts | |
| Boi et al. | VulnHunt-GPT: a Smart Contract vulnerabilities detector based on OpenAI chatGPT | |
| CN116702157B (en) | Intelligent contract vulnerability detection method based on neural network | |
| Yu et al. | Fight Fire with Fire: How Much Can We Trust ChatGPT on Source Code-Related Tasks? | |
| US8849626B1 (en) | Semantic translation of stateflow diagrams into input/output extended finite automata and automated test generation for simulink/stateflow diagrams | |
| Martinez | Two datasets of questions and answers for studying the development of cross-platform mobile applications using Xamarin framework | |
| Huang et al. | Who is gambling? Finding cryptocurrency gamblers using multi-modal retrieval methods | |
| Mandloi et al. | A machine learning-based dynamic method for detecting vulnerabilities in smart contracts | |
| CN111176980A (en) | Data analysis method, device and system with separated debugging environment and running environment | |
| Foster et al. | Reverse-engineering EFSMs with data dependencies | |
| US20080195453A1 (en) | Organisational Representational System |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190927 |
|
| RJ01 | Rejection of invention patent application after publication |