feat: indirect syscall detection from assembly

Makefile

@@ -11,7 +11,7 @@ get:
 .PHONY: get_lint
 get_lint:
 	@if [ ! -f ./bin/golangci-lint ]; then \
-		curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.57.2; \
+		curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.63.0; \
 	fi;
 
 .PHONY: lint

README.md

@@ -93,7 +93,7 @@ make analyser
 #### Analyze Command
 
 ```sh
-./bin/analyzer analyze [command options]
+./bin/analyzer analyze [command options] arg[source path]
 ```
 
 #### Analyze Options
@@ -111,7 +111,7 @@ make analyser
 #### Trace Command
 
 ```sh
-./bin/analyzer trace [command options]
+./bin/analyzer trace [command options] arg[source path]
 ```
 
 #### Trace Options
@@ -120,7 +120,8 @@ make analyser
 |-----------------------|----------------------------------------------------------------------------------------|---------|
 | `--vm-profile value`  | Path to the VM profile config file (required).                                         | None    |
 | `--function value`    | Name of the function to trace. Include package name (e.g., `syscall.read`). (required) | None    |
-| `--help, -h`         | Show help.                                                                             | None    |
+| `--source-type value` | Assembly or go source code.                                                            | None    |
+| `--help, -h`          | Show help.                                                                             | None    |
 
 ## Example Usage
 
@@ -134,7 +135,7 @@ make analyser
 ### Running a Trace
 
 ```sh
-./bin/analyzer trace --vm-profile=./profile/cannon/cannon-64.yaml --function=syscall.read
+./bin/analyzer trace --vm-profile=./profile/cannon/cannon-64.yaml --function=syscall.read sample.asm
 
 ````
 

analyzer/opcode/opcode.go

@@ -23,18 +23,11 @@ func NewAnalyser(profile *profile.VMProfile) analyzer.Analyzer {
 }
 
 func (op *opcode) Analyze(path string, withTrace bool) ([]*analyzer.Issue, error) {
-	var err error
-	var callGraph asmparser.CallGraph
-
-	switch op.profile.GOARCH {
-	case "mips32", "mips64":
-		callGraph, err = mips.NewParser().Parse(path)
-	default:
-		return nil, fmt.Errorf("unsupported GOARCH %s", op.profile.GOARCH)
-	}
+	callGraph, err := op.buildCallGraph(path)
 	if err != nil {
 		return nil, err
 	}
+
 	absPath, err := filepath.Abs(path)
 	if err != nil {
 		return nil, err
@@ -43,7 +36,7 @@ func (op *opcode) Analyze(path string, withTrace bool) ([]*analyzer.Issue, error
 	for _, segment := range callGraph.Segments() {
 		for _, instruction := range segment.Instructions() {
 			if !op.isAllowedOpcode(instruction.OpcodeHex(), instruction.Funct()) {
-				source, err := common.TraceAsmCaller(absPath, callGraph, segment.Label())
+				source, err := common.TraceAsmCaller(absPath, callGraph, segment.Label(), endCondition)
 				if err != nil { // non-reachable portion ignored
 					continue
 				}
@@ -62,11 +55,37 @@ func (op *opcode) Analyze(path string, withTrace bool) ([]*analyzer.Issue, error
 	return issues, nil
 }
 
+func (op *opcode) buildCallGraph(path string) (asmparser.CallGraph, error) {
+	var (
+		err       error
+		callGraph asmparser.CallGraph
+	)
+
+	// Select the correct parser based on architecture.
+	switch op.profile.GOARCH {
+	case "mips32", "mips64":
+		callGraph, err = mips.NewParser().Parse(path)
+	default:
+		return nil, fmt.Errorf("unsupported GOARCH: %s", op.profile.GOARCH)
+	}
+	if err != nil {
+		return nil, fmt.Errorf("error parsing assembly file: %w", err)
+	}
+	return callGraph, nil
+}
+
 // TraceStack generates callstack for a function to debug
 func (op *opcode) TraceStack(path string, function string) (*analyzer.IssueSource, error) {
-	return nil, fmt.Errorf("stack trace is not supported for assembly code")
+	graph, err := op.buildCallGraph(path)
+	if err != nil {
+		return nil, err
+	}
+	absPath, err := filepath.Abs(path)
+	if err != nil {
+		return nil, err
+	}
+	return common.TraceAsmCaller(absPath, graph, function, endCondition)
 }
-
 func (op *opcode) isAllowedOpcode(opcode, funct string) bool {
 	return slices.ContainsFunc(op.profile.AllowedOpcodes, func(instr profile.OpcodeInstruction) bool {
 		if !strings.EqualFold(instr.Opcode, opcode) {
@@ -80,3 +99,10 @@ func (op *opcode) isAllowedOpcode(opcode, funct string) bool {
 		})
 	})
 }
+
+func endCondition(function string) bool {
+	return function == "runtime.rt0_go" || // start point of a go program
+		function == "main.main" || // main
+		strings.Contains(function, ".init.") || // all init functions
+		strings.HasSuffix(function, ".init") // vars
+}

analyzer/syscall/asm_syscall.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"path/filepath"
 	"slices"
+	"strings"
 
 	"github.com/ChainSafe/vm-compat/analyzer"
 	"github.com/ChainSafe/vm-compat/asmparser"
@@ -13,8 +14,6 @@ import (
 	"github.com/ChainSafe/vm-compat/profile"
 )
 
-var syscallAPISForAsm = append(syscallAPIs, "runtime/internal/syscall.Syscall6")
-
 // asmSyscallAnalyser analyzes system calls in assembly files.
 type asmSyscallAnalyser struct {
 	profile *profile.VMProfile
@@ -29,76 +28,93 @@ func NewAssemblySyscallAnalyser(profile *profile.VMProfile) analyzer.Analyzer {
 //
 //nolint:cyclop
 func (a *asmSyscallAnalyser) Analyze(path string, withTrace bool) ([]*analyzer.Issue, error) {
-	var (
-		err       error
-		callGraph asmparser.CallGraph
-	)
-
-	// Select the correct parser based on architecture.
-	switch a.profile.GOARCH {
-	case "mips32", "mips64":
-		callGraph, err = mips.NewParser().Parse(path)
-	default:
-		return nil, fmt.Errorf("unsupported GOARCH: %s", a.profile.GOARCH)
-	}
+	callGraph, err := a.buildCallGraph(path)
 	if err != nil {
-		return nil, fmt.Errorf("error parsing assembly file: %w", err)
+		return nil, err
 	}
-
-	issues := make([]*analyzer.Issue, 0)
-
 	absPath, err := filepath.Abs(path)
 	if err != nil {
 		return nil, err
 	}
 
+	issues := make([]*analyzer.Issue, 0)
 	// Iterate through segments and check for syscall.
 	for _, segment := range callGraph.Segments() {
-		segmentLabel := segment.Label()
 		for _, instruction := range segment.Instructions() {
 			if !instruction.IsSyscall() {
 				continue
 			}
-			// Ignore indirect syscall calling from syscall apis
-			if slices.Contains(syscallAPISForAsm, segmentLabel) {
-				continue
-			}
-			syscallNum, err := segment.RetrieveSyscallNum(instruction)
+			syscalls, err := callGraph.RetrieveSyscallNum(segment, instruction)
 			if err != nil {
 				return nil, fmt.Errorf("failed to retrieve syscall number: %w", err)
 			}
+			for _, syscall := range syscalls {
+				// Categorize syscall
+				if slices.Contains(a.profile.AllowedSycalls, syscall.Number) {
+					continue
+				}
+				source, err := common.TraceAsmCaller(absPath, callGraph, syscall.Segment.Label(), endCondition)
+				if err != nil { // non-reachable portion ignored
+					continue
+				}
+				if !withTrace {
+					source.CallStack = nil
+				}
 
-			// Categorize syscall
-			if slices.Contains(a.profile.AllowedSycalls, syscallNum) {
-				continue
-			}
-			// Better to develop a new algo to check all segments at once like go_syscall
-			source, err := common.TraceAsmCaller(absPath, callGraph, segment.Label())
-			if err != nil { // non-reachable portion ignored
-				continue
-			}
-			if !withTrace {
-				source.CallStack = nil
-			}
+				severity := analyzer.IssueSeverityCritical
+				message := fmt.Sprintf("Potential Incompatible Syscall Detected: %d", syscall.Number)
+				if slices.Contains(a.profile.NOOPSyscalls, syscall.Number) {
+					message = fmt.Sprintf("Potential NOOP Syscall Detected: %d", syscall.Number)
+					severity = analyzer.IssueSeverityWarning
+				}
 
-			severity := analyzer.IssueSeverityCritical
-			message := fmt.Sprintf("Potential Incompatible Syscall Detected: %d", syscallNum)
-			if slices.Contains(a.profile.NOOPSyscalls, syscallNum) {
-				message = fmt.Sprintf("Potential NOOP Syscall Detected: %d", syscallNum)
-				severity = analyzer.IssueSeverityWarning
+				issues = append(issues, &analyzer.Issue{
+					Severity: severity,
+					Message:  message,
+					Sources:  source,
+				})
 			}
-
-			issues = append(issues, &analyzer.Issue{
-				Severity: severity,
-				Message:  message,
-				Sources:  source,
-			})
 		}
 	}
 	return issues, nil
 }
 
+func (a *asmSyscallAnalyser) buildCallGraph(path string) (asmparser.CallGraph, error) {
+	var (
+		err       error
+		callGraph asmparser.CallGraph
+	)
+
+	// Select the correct parser based on architecture.
+	switch a.profile.GOARCH {
+	case "mips32", "mips64":
+		callGraph, err = mips.NewParser().Parse(path)
+	default:
+		return nil, fmt.Errorf("unsupported GOARCH: %s", a.profile.GOARCH)
+	}
+	if err != nil {
+		return nil, fmt.Errorf("error parsing assembly file: %w", err)
+	}
+	return callGraph, nil
+}
+
 // TraceStack generates callstack for a function to debug
 func (a *asmSyscallAnalyser) TraceStack(path string, function string) (*analyzer.IssueSource, error) {
-	return nil, fmt.Errorf("stack trace is not supported for assembly code")
+	graph, err := a.buildCallGraph(path)
+	if err != nil {
+		return nil, err
+	}
+
+	absPath, err := filepath.Abs(path)
+	if err != nil {
+		return nil, err
+	}
+	return common.TraceAsmCaller(absPath, graph, function, endCondition)
+}
+
+func endCondition(function string) bool {
+	return function == "runtime.rt0_go" || // start point of a go program
+		function == "main.main" || // main
+		strings.Contains(function, ".init.") || // all init functions
+		strings.HasSuffix(function, ".init") // vars
 }