Analysis View

This page describes the different elements of the analysis view in the MythX dashboard

Instruction Coverage

MythX uses different analysis techniques to get you the best results. Two of these analyses, symbolic execution and fuzzing, use a similar approach for finding vulnerabilities. During analysis, they will simulate the executions of a smart contract. As time goes on, they will cover more and more. The instruction coverage graph shows you exactly how coverage progressed throughout an analysis.

How can you use instruction coverage?

Answer 1: Coverage gives a sense of the depth of the analysis. The more instructions are covered, the less room there is for undetected bugs. So, is the coverage at the end of your standard analysis too low? Then you should probably run a deep scan!

100% coverage does not mean there are no bugs! There is always a possibility that the analysis has missed a critical state.

Answer 2: How coverage progresses over time, gives you an insight into the inner-workings of the MythX platform. As you can see in example graph, coverage grows quickly at first. But after a bit, coverage will stagnate, and grow much more slowly. With this information, you can decide wether you need a standard, or deep scan.

Standard Scan (2 minutes)

Get static analysis results for your smart contract
Benefit from the quick initial coverage of fuzzing and symbolic execution

Deep Scan (45 minutes)

Get static analysis results for your smart contract
Benefit from the thorough analysis coverage provided by fuzzing and symbolic execution

Does a deep scan not-provide enough coverage for you? Contact us at info[at]mythx.io

Line Coverage

The instruction coverage graph shows the progression of coverage over time. However, it doesn't show you which lines the analysis reaches. Line coverage shows you precisely this. On the left-hand side of the analysis view, you'll find green indications that show which lines are covered.

When the analysis covers a line and finds no issues, then this doesn't mean there aren't any issues. There can always be an execution of the program that wasn't covered, but that would trigger a bug.

"Testing can only show the presence of bugs, not their absence" - pp. Dijkstra.

Underapproximation

The goal of providing line coverage is to show you which lines the analysis reached for sure. So the line coverage is an underapproximation of the lines covered during the analysis. If a line is green, you can be sure that the analysis covered it. However, if there is no green indication, then that doesn't necessarily mean that we were not able to cover it.

Currently, line coverage is limited to the lines of the main contract. Coverage of libraries and other contracts, for example, will not have coverage indications.

PreviousUsing Promo Codes NextGitHub Badges

Last updated 3 years ago