MIT License
Puretea (pronounced purity) is an EVM purity checker implemented in Solidity/Yul.
It is a configurable library for checking code only containing a specific set of allowed instructions.
Warning: This is experimental software.
It comes with a few caveats:
PUSH
instructionsJUMPDEST
-analysis (see this talkThe library provides high level helpers:
/// Check if the submitted EVM code is well formed. Allows state modification.
function isMutating(bytes memory code) internal pure returns (bool);
/// Check if the submitted EVM code is well formed. Allows state reading.
function isView(bytes memory code) internal pure returns (bool);
/// Check if the submitted EVM code is well formed. Disallows state access beyond the current contract.
function isPureGlobal(bytes memory code) internal pure returns (bool);
/// Check if the submitted EVM code is well formed. Disallows any state access.
function isPureLocal(bytes memory code) internal pure returns (bool);
And also a low-level helper:
/// Check if submitted EVM code is well formed, and only contains opcodes permitted
/// by the mask. The mask is a bitmask where the lowest bit corresponds to opcode 0x00.
function check(bytes memory code, uint256 mask) private pure returns (bool satisfied);
Additionally in the test suite the generateMask
helper can be used to create custom masks.
The need for purity checkers is not something new. There have been two bigger efforts on the topic.
First for EIP-1011 implementations in Serpent and LLL were written, as well as a similar Solidity version existed at the time. Their aim was to restrict code which modifies the state.
Since these were created before the Byzantium release, the
STATICCALL
instruction was not supported yet, and compilers
relied on CALL
to reach precompiled contracts. Therefore the checkers had a few special cases:
JUMP
s and performed in-contract control flow via CALL
s)There is a lenghty write up about this by Sigma Prime.
The second example was Optimism's OVM 1.0, which had a SafetyChecker
.
The rule set of this is slightly more complicated:
REVERT
A lengthy write up was published by Consensys Diligence about it.
None of the above checkers are able to fully deal with arbitrary data (such as Solidity metadata), nor perform complete JUMPDEST
-analysis. Though the latter is possible and may not be too memory heavy on the average case.
The EVM Object Format described in EIP-3540 gives a structure and makes safety/purity checking easier, by separating data. EIP-3670 introduces some rules to remove certain "edge cases" from EVM code. While EOF is not supported in Puretea yet, it does follow EIP-3670's recommendation.
MIT