Skip to content

Add data flow analysis engine #2801

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 14 commits into
base: dev
Choose a base branch
from
Open

Add data flow analysis engine #2801

wants to merge 14 commits into from

Conversation

mathcelo
Copy link
Collaborator

Pull Request Title

Add data flow analysis engine with reentrancy detector

Description

PR introduces a general data flow analysis engine to Slither, along with a proof-of-concept reentrancy detector that demonstrates the engine's capabilities.

Summary

The existing reentrancy detector uses data flow in an ad-hoc manner specific to reentrancy detection. This contribution provides a general-purpose data flow analysis framework that can be extended for various static analysis techniques.

Key Changes

Data Flow Engine (slither/analyses/data_flow/engine/)

  • engine.py: Core data flow analysis engine
  • analysis.py: Analysis framework integration
  • domain.py: Abstract domain definitions
  • direction.py: Analysis direction support (currently forward analysis)

Proof of Concept Reentrancy Detector (slither/analyses/data_flow/analyses/reentrancy/)

  • analysis/analysis.py: Data flow-based reentrancy analysis implementation
  • analysis/domain.py: Domain-specific abstractions for reentrancy
  • core/state.py: State representation for reentrancy analysis

Technical Implementation

  • Integration: Uses SlithIR operations to determine program states
  • Analysis Direction: Implements forward data flow analysis with capability for backward analysis
  • Dependencies: Added loguru for logging purposes
  • Compatibility: No modifications to existing Slither internals or breaking changes

Testing

  • Copied existing reentrancy test cases to new test directory for the data flow-based detector
  • Best test results observed with Solidity 0.8.0, with similar but not identical results for other versions
  • New detector placed alongside existing detectors in standard location

Future Work

This engine provides the foundation for interval analysis (coming soon). The reentrancy detector is a proof of concept, not a production replacement.

Files Added

slither/analyses/data_flow/
├── analyses
│   └── reentrancy
│       ├── analysis
│       │   ├── analysis.py
│       │   └── domain.py
│       └── core
│           └── state.py
└── engine
    ├── analysis.py
    ├── direction.py
    ├── domain.py
    └── engine.py

Dependencies

  • Added: loguru (for logging)

Backward Compatibility

No breaking changes. All existing functionality remains unaffected.

@mathcelo mathcelo requested a review from smonicas as a code owner September 19, 2025 16:27
@mathcelo mathcelo added the enhancement New feature or request label Sep 19, 2025
@CLAassistant
Copy link

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smonicas smonicas Awaiting requested review from smonicas smonicas is a code owner

Assignees

@smonicas smonicas

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mathcelo @CLAassistant @smonicas