https://github.com/allisterb/silver
Static analyzer and formal verifier for Stratis smart contracts
https://github.com/allisterb/silver
blockchain dotnet formal-verification smart-contracts static-analysis stratis
Last synced: about 2 months ago
JSON representation
Static analyzer and formal verifier for Stratis smart contracts
- Host: GitHub
- URL: https://github.com/allisterb/silver
- Owner: allisterb
- License: mit
- Created: 2022-01-04T16:44:32.000Z (over 3 years ago)
- Default Branch: master
- Last Pushed: 2023-10-13T01:11:16.000Z (over 1 year ago)
- Last Synced: 2024-10-29T08:28:36.788Z (7 months ago)
- Topics: blockchain, dotnet, formal-verification, smart-contracts, static-analysis, stratis
- Language: Jupyter Notebook
- Homepage:
- Size: 2.99 MB
- Stars: 5
- Watchers: 3
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Silver
![]()
[](https://www.nuget.org/packages/Silver.CodeAnalysis/)
## About
Silver is a [static analysis](https://en.wikipedia.org/wiki/Static_program_analysis) and [formal verification](https://en.wikipedia.org/wiki/Formal_verification)
tool for Stratis smart contracts. Silver can analyze both C# source code using a Roslyn diagnostic analyzer and CIL code in a .NET bytecode assembly
and can run both inside Visual Studio and on the command line.
Silver can [validate](https://github.com/allisterb/Silver/blob/master/src/Silver.CodeAnalysis.Cs/Silver.CodeAnalysis.Cs/Validator.cs) C# code using a Roslyn diagnostic analyzer according to the same [rules](https://github.com/stratisproject/StratisFullNode/blob/master/Documentation/Features/SmartContracts/Clr-execution-and-validation.md) for types and members used by the Stratis CLR VM for smart contracts. All the [validation policies](https://github.com/stratisproject/StratisFullNode/blob/master/src/Stratis.SmartContracts.CLR.Validation/DeterminismPolicy.cs) currently in use will be ported to the Roslyn analyzer.
Silver can disassemble smart contract CIL code in a .NET bytecode assembly:

and statically analyze it using the [Analysis.Net](https://github.com/edgardozoppi/analysis-net/tree/master) framework e.g. the following is a [call-graph](https://en.wikipedia.org/wiki/Call_graph) analysis of the methods in the [Address Mapper](https://github.com/stratisproject/CirrusSmartContracts/tree/master/Mainnet/AddressMapper) contract.
Silver can [output graphs](https://github.com/allisterb/Silver/tree/master/src/Silver.Drawing) in different formats like PNG images:

or in the DGML format which are natively supported in Visual Studio:
Silver can formally verify smart contracts in C# using the Spec# compiler from Microsoft Research:

See the [wiki](https://github.com/allisterb/Silver/wiki) for more in-depth technical information and documentation.
## Building
### Requirements
* [NET 6.0](https://dotnet.microsoft.com/en-us/download/dotnet/6.0)
* Mono (on *nix/MacOs)
* libgdiplus (on *nix/MacOs, for graph drawing)### Known issues
The verifier is currently broken on non-Windows as the Spec# verifier depends on some Windows specific code in the compiler to write .PDB files which are needed to verify an assembly. Everything else should work cross-platform including the analyzers and compiler.### Steps
1. Ensure requirements are installed
2. Clone this git repo and submodules: `git clone https://github.com/allisterb/Silver.git --recurse-submodules`
3. Run .`/build` or `build.cmd` in the root repo directory. Build should complete without errors.
4. Run `./silver install` to download and install the external tools needed.
5. Compile and analyze one of the example projects e.g. `./silver compile examples\AddressMapper\AddressMapper.csproj` and ` silver dis examples/AddressMapper/bin/Debug/netcoreapp2.1/AddressMapper.dll`
6. On Windows you can verify one of the example projects e.g. ` silver verify examples\SimpleVerifiableContracts\SimpleVerifiableContracts.csproj` or ` silver compile examples\SimpleVerifiableContracts\SimpleVerifiableContracts.csproj --verify`### Usage
See `silver help` for the different commands and actions.