SoliDiffy: AST Differencing for Solidity Smart Contracts

TL;DR

SoliDiffy is a novel AST-based differencing tool for Solidity smart contracts that accurately captures structural changes, outperforming line-based methods in success rate and script brevity, aiding vulnerability detection and repair.

Contribution

It introduces the first AST differencing tool for Solidity, capable of generating sound structural edit scripts that improve over traditional line-based methods.

Findings

Achieved 96.1% diffing success rate on large contract dataset.

Produced significantly shorter and more accurate edit scripts.

Outperformed state-of-the-art line-based differencing methods.

Abstract

Structured code differencing is the act of comparing the hierarchical structure of code via its abstract syntax tree (AST) to capture modifications. AST-based source code differencing enables tasks such as vulnerability detection and automated repair where traditional line-based differencing falls short. We introduce SoliDiffy, the first AST differencing tool for Solidity smart contracts with the ability to generate an edit script that soundly shows the structural differences between two smart-contracts using insert, delete, update, move operations. In our evaluation on 353,262 contract pairs, SoliDiffy achieved a 96.1% diffing success rate, surpassing the state-of-the-art, and produced significantly shorter edit scripts. Additional experiments on 925 real-world commits further confirmed its superiority compared to Git line-based differencing. SoliDiffy provides accurate representations of smart contract evolution even in the existence of multiple complex modifications to the source code. SoliDiffy is made publicly available at https://github.com/mojtaba-eshghie/SoliDiffy.