diff --git a/analyzer/opcode/opcode.go b/analyzer/opcode/opcode.go index f976305..20b8abd 100644 --- a/analyzer/opcode/opcode.go +++ b/analyzer/opcode/opcode.go @@ -40,6 +40,9 @@ func (op *opcode) Analyze(path string, withTrace bool) ([]*analyzer.Issue, error if err != nil { // non-reachable portion ignored continue } + if common.ShouldIgnoreSource(source, op.profile.IgnoredFunctions) { + continue + } if !withTrace { source.CallStack = nil } diff --git a/analyzer/syscall/asm_syscall.go b/analyzer/syscall/asm_syscall.go index b73e405..7544693 100644 --- a/analyzer/syscall/asm_syscall.go +++ b/analyzer/syscall/asm_syscall.go @@ -63,6 +63,10 @@ func (a *asmSyscallAnalyser) Analyze(path string, withTrace bool) ([]*analyzer.I if err != nil { // non-reachable portion ignored continue } + if common.ShouldIgnoreSource(source, a.profile.IgnoredFunctions) { + continue + } + if !withTrace { source.CallStack = nil } diff --git a/common/stack_tracer.go b/common/stack_tracer.go index 19cfdc1..1239dac 100644 --- a/common/stack_tracer.go +++ b/common/stack_tracer.go @@ -3,6 +3,7 @@ package common import ( "fmt" "path/filepath" + "slices" "github.com/ChainSafe/vm-compat/analyzer" "github.com/ChainSafe/vm-compat/asmparser" @@ -58,3 +59,13 @@ func TraceAsmCaller( } return src, nil } + +func ShouldIgnoreSource(callStack *analyzer.CallStack, functions []string) bool { + if callStack != nil { + if slices.Contains(functions, callStack.Function) { + return true + } + return ShouldIgnoreSource(callStack.CallStack, functions) + } + return false +} diff --git a/profile/cannon/cannon-32.yaml b/profile/cannon/cannon-32.yaml index acb8cbc..69096f6 100644 --- a/profile/cannon/cannon-32.yaml +++ b/profile/cannon/cannon-32.yaml @@ -2,6 +2,9 @@ vm: Cannon goos: linux goarch: mips ignored_functions: + - 'syscall.setrlimit' + - 'runtime.morestack' + - 'runtime.abort' allowed_opcodes: - opcode: '0x2' diff --git a/profile/cannon/cannon-64.yaml b/profile/cannon/cannon-64.yaml index 864246d..bb7defe 100644 --- a/profile/cannon/cannon-64.yaml +++ b/profile/cannon/cannon-64.yaml @@ -2,6 +2,9 @@ vm: Cannon goos: linux goarch: mips64 ignored_functions: + - 'syscall.setrlimit' + - 'runtime.morestack' + - 'runtime.abort' allowed_opcodes: - opcode: '0x2' diff --git a/profile/profile.go b/profile/profile.go index eacf6bf..9544bca 100644 --- a/profile/profile.go +++ b/profile/profile.go @@ -16,12 +16,13 @@ type OpcodeInstruction struct { // VMProfile represents the configuration for a specific VM. type VMProfile struct { - VMName string `yaml:"vm"` - GOOS string `yaml:"goos"` - GOARCH string `yaml:"goarch"` - AllowedOpcodes []OpcodeInstruction `yaml:"allowed_opcodes"` - AllowedSycalls []int `yaml:"allowed_syscalls"` - NOOPSyscalls []int `yaml:"noop_syscalls"` + VMName string `yaml:"vm"` + GOOS string `yaml:"goos"` + GOARCH string `yaml:"goarch"` + AllowedOpcodes []OpcodeInstruction `yaml:"allowed_opcodes"` + AllowedSycalls []int `yaml:"allowed_syscalls"` + NOOPSyscalls []int `yaml:"noop_syscalls"` + IgnoredFunctions []string `yaml:"ignored_functions"` } func (p *VMProfile) SetDefaults() { diff --git a/profile/readme.md b/profile/readme.md index 2c4aa2e..b884681 100644 --- a/profile/readme.md +++ b/profile/readme.md @@ -12,7 +12,10 @@ A VM profile consists of the following fields: - `allowed_opcodes`: List of permitted opcodes with optional function values. - `allowed_syscalls`: List of system calls allowed by the VM. - `noop_syscalls`: List of system calls treated as no-ops by the VM. -- `ignored_functions`: List of functions or blocks disabled on the VM (e.g., due to multithreading restrictions). +- `ignored_functions`: List of functions or blocks disabled on the VM due to they might never be called in usual scenarios. + Example: + - 'syscall.setrlimit': Only executed in certain condition that doesn't meet with cannon, https://go.dev/src/syscall/rlimit.go + - 'runtime.morestack': Should execute in case of stack overflow, but not in usual case. ## Getting Opcode and Syscall Information Determining the correct opcodes and syscalls for a VM requires extensive research on the targeted VM