Greetings everyone.
Today we are proud to announce the release of a new exciting tool of the Dfinance network. Please give it up for the Move Unscrambler.
The Move Unscrambler is a tool that conducts statistical analysis of written Move code (the input) and produces an output in form of a readable description of what the code does. The output is so simple that it can be understood by anyone, no technical skills required. The Dfinance team is happy to be the first to launch such a tool for the Move ecosystem, and we believe that this tool is just the first step towards a Business-Driven Development (BDD) approach which will empower business users to verify that the developed code answers their needs and requirements.
The Unscrambler features annotated graphs that display code dependencies and visualizes the entire code structure. The tool also indicates possible problems and risks and provides information for these issues prevention and/or resolution.
Upcoming Features
One of the most exciting features of the Move Unscrambler is the ability to operate as a dependency resolver. The cherry on the top is that it can work both online and offline. This way, a user can inspect the dependencies of either already deployed code (e.g an online instrument or service), or recursively check code residing on the local drive.
Another remarkable feature of the new tool is the integrated binary adapter. It analyses the bytecode resulting from the compilation of a script or module that contains addresses and verifies that the addresses correspond to the Move standard length (20 bytes for DFI and 16 bytes for Libra).
On top of the above, the Unscrambler is also an excellent disassembler that can restore 99% of the original Move code. It can be tested as follows:
1. The source code is compiled
source.move -> compiler => source.mv
2. The bytecode is disassembled
source.mv -> Unscrambler => disassembled-source.move
3. The source code that was restored by the disassembler is compiled
disassembled-source.move -> compiler => new-source.mv
4. The results of step 1 and step 3 compilations are compared
source.mv == new-source.mv
Built-in Static analyzer
Two of the key reasons why we created the Move Unscrambler is to enable a fast iteration cycle, enabling creators to read and understand how the deployed (and even undeployed) instruments work, without the need to know how to code. Below is a brief list of all the types of analysis that the tool supports:
- reversed evaluation
- arithmetic analysis
- control flow analysis
- reachability analysis
- dead code detection
- cross-module cycles detection
- possible values on the min-max basis and arithmetic analysis
The biggest advantage of reversed evaluation and arithmetic analysis is that it allows users to track all the operations performed on each of the values of the examined code. More so, this also helps to define the boundaries of these values on each of the performed operations on the code. This way, users may find potential issues, and, in some cases, calculate invalid, unexpected, or random data - otherwise known as fuzzing tests.
For the developers among you, below is an example of how it works:
This example will be compiled, but an overflow error may occur during the runtime.
Another example:
This example can be turned the other way round, but the result will remain the same.
The above illustrations make it seem simple, yet take a closer look and you will notice that the second example is actually 100 times bigger and has dependencies among various modules. This is why the Move Unscrambler can make the work of your Move developers easier and more productive.
Output
The modular output-gen system of the Move Unscrambler supports several output formats:
- JSON, YAML
- Markdown, HTML
- SVG for diagrams & graphs
We do hope that the new tool will come in handy for all Dfinance users. The Unscrambler is already available for testing, so please give it a try and send us your feedback through our regular social channels! As always, we invite you to subscribe to our newsletter and stay updated about upcoming releases.
