B'SST: Bitcoin-like Script Symbolic Tracer v0.1.2 released

The latest version of a highly regarded analysis tool for Bitcoin and Elements scripts has been released, boasting several new enhancements and features aimed at improving the user experience and analytical capabilities.

This advanced tool can be accessed via its GitHub repository.

Notably, the release includes a revamped plugin system that allows plugins to integrate with various stages of the analysis process, offering both observation and modification capabilities. Alongside this update, new plugins have been introduced to enrich the functionality further. Users now have the ability to assert stack values and witnesses as well as make assumptions about data placeholders, facilitating a more precise analysis. Detailed guidance on these additions is available in the README's "Assertions" and "Assumptions" sections.

A significant improvement is the support for dynamic analysis of opcodes such as PICK, ROLL, and CHECKMULTISIG. This feature caters to scenarios where opcode arguments are not statically known, enhancing the tool's adaptability. Additionally, aliases for witnesses can be set for clearer reporting, with syntax provided for users to implement this feature effectively.

A new setting has been introduced (--produce-model-values-for), which allows users to specify patterns for which model values should be generated. While data references are not included by default, they can be enabled if needed. The tool also supports generating multiple model value samples per analyzed value, increasing the range of insights that can be obtained from the analysis, although it is noted that these samples are generated independently.

The report now includes byte sizes of model value samples when the --report-model-value-sizes option is activated, adding another layer of detail to the analysis. This enhancement, coupled with the new features focused on malleability analysis, assists in calculating total witness sizes and understanding potential variations in size across different execution paths. Notably, values that remain consistent across 'child' execution paths are grouped together in the report, providing clarity on value constancy despite branching.

For those particularly interested in malleability analysis, two plugins: and, offer valuable functionality, with their details explained in the plugins/

The release also encompasses other less prominent improvements and necessary bug fixes. Users interested in exploring all the updates and changes in depth can refer to the full release notes provided in the linked release notes document.