2018-10-15 15:32:17 +00:00
|
|
|
/*
|
|
|
|
This file is part of solidity.
|
|
|
|
|
|
|
|
solidity is free software: you can redistribute it and/or modify
|
|
|
|
it under the terms of the GNU General Public License as published by
|
|
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
|
|
(at your option) any later version.
|
|
|
|
|
|
|
|
solidity is distributed in the hope that it will be useful,
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
GNU General Public License for more details.
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
along with solidity. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <libsolidity/formal/SymbolicTypes.h>
|
|
|
|
|
|
|
|
#include <libsolidity/ast/Types.h>
|
|
|
|
#include <memory>
|
|
|
|
|
|
|
|
using namespace std;
|
|
|
|
using namespace dev::solidity;
|
|
|
|
|
2018-11-21 14:13:50 +00:00
|
|
|
smt::SortPointer dev::solidity::smtSort(Type const& _type)
|
|
|
|
{
|
|
|
|
switch (smtKind(_type.category()))
|
|
|
|
{
|
|
|
|
case smt::Kind::Int:
|
|
|
|
return make_shared<smt::Sort>(smt::Kind::Int);
|
|
|
|
case smt::Kind::Bool:
|
|
|
|
return make_shared<smt::Sort>(smt::Kind::Bool);
|
2018-11-21 15:57:02 +00:00
|
|
|
case smt::Kind::Function:
|
|
|
|
{
|
|
|
|
auto fType = dynamic_cast<FunctionType const*>(&_type);
|
|
|
|
solAssert(fType, "");
|
|
|
|
vector<smt::SortPointer> parameterSorts = smtSort(fType->parameterTypes());
|
|
|
|
auto returnTypes = fType->returnParameterTypes();
|
2018-12-10 16:23:36 +00:00
|
|
|
smt::SortPointer returnSort;
|
|
|
|
// TODO change this when we support tuples.
|
|
|
|
if (returnTypes.size() == 0)
|
|
|
|
// We cannot declare functions without a return sort, so we use the smallest.
|
|
|
|
returnSort = make_shared<smt::Sort>(smt::Kind::Bool);
|
|
|
|
else if (returnTypes.size() > 1)
|
|
|
|
// Abstract sort.
|
|
|
|
returnSort = make_shared<smt::Sort>(smt::Kind::Int);
|
|
|
|
else
|
|
|
|
returnSort = smtSort(*returnTypes.at(0));
|
2018-11-21 15:57:02 +00:00
|
|
|
return make_shared<smt::FunctionSort>(parameterSorts, returnSort);
|
|
|
|
}
|
2018-11-22 10:24:12 +00:00
|
|
|
case smt::Kind::Array:
|
|
|
|
{
|
2018-11-09 16:06:30 +00:00
|
|
|
if (isMapping(_type.category()))
|
|
|
|
{
|
|
|
|
auto mapType = dynamic_cast<MappingType const*>(&_type);
|
|
|
|
solAssert(mapType, "");
|
|
|
|
return make_shared<smt::ArraySort>(smtSort(*mapType->keyType()), smtSort(*mapType->valueType()));
|
|
|
|
}
|
2019-02-20 11:34:52 +00:00
|
|
|
else
|
|
|
|
{
|
|
|
|
solAssert(isArray(_type.category()), "");
|
|
|
|
auto arrayType = dynamic_cast<ArrayType const*>(&_type);
|
|
|
|
solAssert(arrayType, "");
|
|
|
|
return make_shared<smt::ArraySort>(make_shared<smt::Sort>(smt::Kind::Int), smtSort(*arrayType->baseType()));
|
|
|
|
}
|
2018-11-22 10:24:12 +00:00
|
|
|
}
|
2018-12-10 16:23:36 +00:00
|
|
|
default:
|
|
|
|
// Abstract case.
|
|
|
|
return make_shared<smt::Sort>(smt::Kind::Int);
|
2018-11-21 14:13:50 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-11-21 15:57:02 +00:00
|
|
|
vector<smt::SortPointer> dev::solidity::smtSort(vector<TypePointer> const& _types)
|
|
|
|
{
|
|
|
|
vector<smt::SortPointer> sorts;
|
|
|
|
for (auto const& type: _types)
|
|
|
|
sorts.push_back(smtSort(*type));
|
|
|
|
return sorts;
|
|
|
|
}
|
|
|
|
|
2018-11-21 14:13:50 +00:00
|
|
|
smt::Kind dev::solidity::smtKind(Type::Category _category)
|
2018-10-25 14:00:09 +00:00
|
|
|
{
|
|
|
|
if (isNumber(_category))
|
2018-11-21 14:13:50 +00:00
|
|
|
return smt::Kind::Int;
|
2018-10-25 14:00:09 +00:00
|
|
|
else if (isBool(_category))
|
2018-11-21 14:13:50 +00:00
|
|
|
return smt::Kind::Bool;
|
2018-12-10 16:23:36 +00:00
|
|
|
else if (isFunction(_category))
|
|
|
|
return smt::Kind::Function;
|
2019-02-20 11:34:52 +00:00
|
|
|
else if (isMapping(_category) || isArray(_category))
|
2018-11-09 16:06:30 +00:00
|
|
|
return smt::Kind::Array;
|
2018-12-10 16:23:36 +00:00
|
|
|
// Abstract case.
|
|
|
|
return smt::Kind::Int;
|
2018-10-25 14:00:09 +00:00
|
|
|
}
|
|
|
|
|
2018-10-15 15:32:17 +00:00
|
|
|
bool dev::solidity::isSupportedType(Type::Category _category)
|
|
|
|
{
|
2018-10-17 16:00:42 +00:00
|
|
|
return isNumber(_category) ||
|
2018-11-09 16:06:30 +00:00
|
|
|
isBool(_category) ||
|
2019-02-20 11:34:52 +00:00
|
|
|
isMapping(_category) ||
|
|
|
|
isArray(_category);
|
2018-12-10 16:23:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
bool dev::solidity::isSupportedTypeDeclaration(Type::Category _category)
|
|
|
|
{
|
|
|
|
return isSupportedType(_category) ||
|
2018-10-17 16:00:42 +00:00
|
|
|
isFunction(_category);
|
2018-10-17 13:56:44 +00:00
|
|
|
}
|
|
|
|
|
2018-10-17 16:00:42 +00:00
|
|
|
pair<bool, shared_ptr<SymbolicVariable>> dev::solidity::newSymbolicVariable(
|
2018-10-17 13:56:44 +00:00
|
|
|
Type const& _type,
|
|
|
|
std::string const& _uniqueName,
|
|
|
|
smt::SolverInterface& _solver
|
|
|
|
)
|
|
|
|
{
|
2018-10-17 16:00:42 +00:00
|
|
|
bool abstract = false;
|
|
|
|
shared_ptr<SymbolicVariable> var;
|
2018-10-18 13:03:52 +00:00
|
|
|
TypePointer type = _type.shared_from_this();
|
2018-12-10 16:23:36 +00:00
|
|
|
if (!isSupportedTypeDeclaration(_type))
|
2018-10-17 16:00:42 +00:00
|
|
|
{
|
|
|
|
abstract = true;
|
2018-10-18 13:03:52 +00:00
|
|
|
var = make_shared<SymbolicIntVariable>(make_shared<IntegerType>(256), _uniqueName, _solver);
|
2018-10-17 16:00:42 +00:00
|
|
|
}
|
|
|
|
else if (isBool(_type.category()))
|
2018-10-18 13:03:52 +00:00
|
|
|
var = make_shared<SymbolicBoolVariable>(type, _uniqueName, _solver);
|
2018-10-17 16:00:42 +00:00
|
|
|
else if (isFunction(_type.category()))
|
2018-12-10 16:23:36 +00:00
|
|
|
var = make_shared<SymbolicFunctionVariable>(type, _uniqueName, _solver);
|
2018-10-17 13:56:44 +00:00
|
|
|
else if (isInteger(_type.category()))
|
2018-10-18 13:03:52 +00:00
|
|
|
var = make_shared<SymbolicIntVariable>(type, _uniqueName, _solver);
|
2018-10-22 08:29:03 +00:00
|
|
|
else if (isFixedBytes(_type.category()))
|
|
|
|
{
|
|
|
|
auto fixedBytesType = dynamic_cast<FixedBytesType const*>(type.get());
|
|
|
|
solAssert(fixedBytesType, "");
|
|
|
|
var = make_shared<SymbolicFixedBytesVariable>(fixedBytesType->numBytes(), _uniqueName, _solver);
|
|
|
|
}
|
2018-10-17 13:56:44 +00:00
|
|
|
else if (isAddress(_type.category()))
|
2018-10-18 13:03:52 +00:00
|
|
|
var = make_shared<SymbolicAddressVariable>(_uniqueName, _solver);
|
2019-03-06 00:10:43 +00:00
|
|
|
else if (isEnum(_type.category()))
|
|
|
|
var = make_shared<SymbolicEnumVariable>(type, _uniqueName, _solver);
|
2018-10-17 16:00:42 +00:00
|
|
|
else if (isRational(_type.category()))
|
|
|
|
{
|
|
|
|
auto rational = dynamic_cast<RationalNumberType const*>(&_type);
|
|
|
|
solAssert(rational, "");
|
|
|
|
if (rational->isFractional())
|
2018-10-18 13:03:52 +00:00
|
|
|
var = make_shared<SymbolicIntVariable>(make_shared<IntegerType>(256), _uniqueName, _solver);
|
2018-10-17 16:00:42 +00:00
|
|
|
else
|
2018-10-18 13:03:52 +00:00
|
|
|
var = make_shared<SymbolicIntVariable>(type, _uniqueName, _solver);
|
2018-10-17 16:00:42 +00:00
|
|
|
}
|
2018-11-09 16:06:30 +00:00
|
|
|
else if (isMapping(_type.category()))
|
|
|
|
var = make_shared<SymbolicMappingVariable>(type, _uniqueName, _solver);
|
2019-02-20 11:34:52 +00:00
|
|
|
else if (isArray(_type.category()))
|
|
|
|
var = make_shared<SymbolicArrayVariable>(type, _uniqueName, _solver);
|
2018-10-17 13:56:44 +00:00
|
|
|
else
|
|
|
|
solAssert(false, "");
|
2018-10-17 16:00:42 +00:00
|
|
|
return make_pair(abstract, var);
|
2018-10-15 15:32:17 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
bool dev::solidity::isSupportedType(Type const& _type)
|
|
|
|
{
|
|
|
|
return isSupportedType(_type.category());
|
|
|
|
}
|
|
|
|
|
2018-12-10 16:23:36 +00:00
|
|
|
bool dev::solidity::isSupportedTypeDeclaration(Type const& _type)
|
|
|
|
{
|
|
|
|
return isSupportedTypeDeclaration(_type.category());
|
|
|
|
}
|
|
|
|
|
2018-10-15 15:32:17 +00:00
|
|
|
bool dev::solidity::isInteger(Type::Category _category)
|
|
|
|
{
|
2018-10-17 13:56:44 +00:00
|
|
|
return _category == Type::Category::Integer;
|
2018-10-15 15:32:17 +00:00
|
|
|
}
|
|
|
|
|
2018-10-17 16:00:42 +00:00
|
|
|
bool dev::solidity::isRational(Type::Category _category)
|
2018-10-15 15:32:17 +00:00
|
|
|
{
|
2018-10-17 16:00:42 +00:00
|
|
|
return _category == Type::Category::RationalNumber;
|
2018-10-15 15:32:17 +00:00
|
|
|
}
|
|
|
|
|
2018-10-22 08:29:03 +00:00
|
|
|
bool dev::solidity::isFixedBytes(Type::Category _category)
|
|
|
|
{
|
|
|
|
return _category == Type::Category::FixedBytes;
|
|
|
|
}
|
|
|
|
|
2018-10-17 13:56:44 +00:00
|
|
|
bool dev::solidity::isAddress(Type::Category _category)
|
|
|
|
{
|
|
|
|
return _category == Type::Category::Address;
|
|
|
|
}
|
|
|
|
|
2019-03-06 00:10:43 +00:00
|
|
|
bool dev::solidity::isEnum(Type::Category _category)
|
|
|
|
{
|
|
|
|
return _category == Type::Category::Enum;
|
|
|
|
}
|
|
|
|
|
2018-10-17 13:56:44 +00:00
|
|
|
bool dev::solidity::isNumber(Type::Category _category)
|
|
|
|
{
|
|
|
|
return isInteger(_category) ||
|
2018-10-17 16:00:42 +00:00
|
|
|
isRational(_category) ||
|
2018-10-22 08:29:03 +00:00
|
|
|
isFixedBytes(_category) ||
|
2019-03-06 00:10:43 +00:00
|
|
|
isAddress(_category) ||
|
|
|
|
isEnum(_category);
|
2018-10-17 13:56:44 +00:00
|
|
|
}
|
|
|
|
|
2018-10-15 15:32:17 +00:00
|
|
|
bool dev::solidity::isBool(Type::Category _category)
|
|
|
|
{
|
|
|
|
return _category == Type::Category::Bool;
|
|
|
|
}
|
|
|
|
|
2018-10-17 16:00:42 +00:00
|
|
|
bool dev::solidity::isFunction(Type::Category _category)
|
2018-10-15 15:32:17 +00:00
|
|
|
{
|
2018-10-17 16:00:42 +00:00
|
|
|
return _category == Type::Category::Function;
|
2018-10-15 15:32:17 +00:00
|
|
|
}
|
|
|
|
|
2018-11-09 16:06:30 +00:00
|
|
|
bool dev::solidity::isMapping(Type::Category _category)
|
|
|
|
{
|
|
|
|
return _category == Type::Category::Mapping;
|
|
|
|
}
|
|
|
|
|
2019-02-20 11:34:52 +00:00
|
|
|
bool dev::solidity::isArray(Type::Category _category)
|
|
|
|
{
|
|
|
|
return _category == Type::Category::Array;
|
|
|
|
}
|
|
|
|
|
2018-10-17 13:56:44 +00:00
|
|
|
smt::Expression dev::solidity::minValue(IntegerType const& _type)
|
2018-10-15 15:32:17 +00:00
|
|
|
{
|
2018-10-17 13:56:44 +00:00
|
|
|
return smt::Expression(_type.minValue());
|
2018-10-15 15:32:17 +00:00
|
|
|
}
|
|
|
|
|
2018-10-17 13:56:44 +00:00
|
|
|
smt::Expression dev::solidity::maxValue(IntegerType const& _type)
|
|
|
|
{
|
|
|
|
return smt::Expression(_type.maxValue());
|
|
|
|
}
|
2018-11-22 13:48:31 +00:00
|
|
|
|
|
|
|
void dev::solidity::smt::setSymbolicZeroValue(SymbolicVariable const& _variable, smt::SolverInterface& _interface)
|
|
|
|
{
|
|
|
|
setSymbolicZeroValue(_variable.currentValue(), _variable.type(), _interface);
|
|
|
|
}
|
|
|
|
|
|
|
|
void dev::solidity::smt::setSymbolicZeroValue(smt::Expression _expr, TypePointer const& _type, smt::SolverInterface& _interface)
|
|
|
|
{
|
2019-04-12 12:44:18 +00:00
|
|
|
solAssert(_type, "");
|
2018-11-22 13:48:31 +00:00
|
|
|
if (isInteger(_type->category()))
|
|
|
|
_interface.addAssertion(_expr == 0);
|
|
|
|
else if (isBool(_type->category()))
|
|
|
|
_interface.addAssertion(_expr == smt::Expression(false));
|
|
|
|
}
|
|
|
|
|
|
|
|
void dev::solidity::smt::setSymbolicUnknownValue(SymbolicVariable const& _variable, smt::SolverInterface& _interface)
|
|
|
|
{
|
|
|
|
setSymbolicUnknownValue(_variable.currentValue(), _variable.type(), _interface);
|
|
|
|
}
|
|
|
|
|
|
|
|
void dev::solidity::smt::setSymbolicUnknownValue(smt::Expression _expr, TypePointer const& _type, smt::SolverInterface& _interface)
|
|
|
|
{
|
2019-04-12 12:44:18 +00:00
|
|
|
solAssert(_type, "");
|
2019-03-06 00:10:43 +00:00
|
|
|
if (isEnum(_type->category()))
|
|
|
|
{
|
|
|
|
auto enumType = dynamic_cast<EnumType const*>(_type.get());
|
|
|
|
solAssert(enumType, "");
|
|
|
|
_interface.addAssertion(_expr >= 0);
|
|
|
|
_interface.addAssertion(_expr < enumType->numberOfMembers());
|
|
|
|
}
|
|
|
|
else if (isInteger(_type->category()))
|
2018-11-22 13:48:31 +00:00
|
|
|
{
|
|
|
|
auto intType = dynamic_cast<IntegerType const*>(_type.get());
|
|
|
|
solAssert(intType, "");
|
|
|
|
_interface.addAssertion(_expr >= minValue(*intType));
|
|
|
|
_interface.addAssertion(_expr <= maxValue(*intType));
|
|
|
|
}
|
|
|
|
}
|