solidity/docs/control-structures.rst

888 lines
34 KiB
ReStructuredText
Raw Normal View History

2015-12-07 20:16:25 +00:00
##################################
Expressions and Control Structures
##################################
.. index:: ! parameter, parameter;input, parameter;output, function parameter, parameter;function, return variable, variable;return, return
.. index:: if, else, while, do/while, for, break, continue, return, switch, goto
2015-12-07 20:16:25 +00:00
Control Structures
===================
2018-09-20 12:50:26 +00:00
Most of the control structures known from curly-braces languages are available in Solidity:
There is: ``if``, ``else``, ``while``, ``do``, ``for``, ``break``, ``continue``, ``return``, with
2016-08-16 13:06:08 +00:00
the usual semantics known from C or JavaScript.
2015-12-07 20:16:25 +00:00
2019-09-02 15:25:59 +00:00
Solidity also supports exception handling in the form of ``try``/``catch``-statements,
but only for :ref:`external function calls <external-function-calls>` and
2021-02-04 14:58:06 +00:00
contract creation calls. Errors can be created using the :ref:`revert statement <revert-statement>`.
2019-09-02 15:25:59 +00:00
2020-09-12 07:20:36 +00:00
Parentheses can *not* be omitted for conditionals, but curly braces can be omitted
2015-12-07 20:16:25 +00:00
around single-statement bodies.
Note that there is no type conversion from non-boolean to boolean types as
there is in C and JavaScript, so ``if (1) { ... }`` is *not* valid
Solidity.
2015-12-07 20:16:25 +00:00
.. index:: ! function;call, function;internal, function;external
.. _function-calls:
2015-12-07 20:16:25 +00:00
Function Calls
==============
.. _internal-function-calls:
2015-12-07 20:16:25 +00:00
Internal Function Calls
-----------------------
Functions of the current contract can be called directly ("internally"), also recursively, as seen in
this nonsensical example:
.. code-block:: solidity
2015-12-07 20:16:25 +00:00
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.4.22 <0.9.0;
2017-07-10 21:58:23 +00:00
// This will report a warning
contract C {
2018-08-09 13:36:00 +00:00
function g(uint a) public pure returns (uint ret) { return a + f(); }
2017-12-12 18:47:30 +00:00
function f() internal pure returns (uint ret) { return g(7) + f(); }
2015-12-07 20:16:25 +00:00
}
These function calls are translated into simple jumps inside the EVM. This has
the effect that the current memory is not cleared, i.e. passing memory references
to internally-called functions is very efficient. Only functions of the same
2019-12-12 13:23:11 +00:00
contract instance can be called internally.
2015-12-07 20:16:25 +00:00
2018-09-20 12:50:26 +00:00
You should still avoid excessive recursion, as every internal function call
2019-12-12 13:23:11 +00:00
uses up at least one stack slot and there are only 1024 slots available.
2018-09-20 12:50:26 +00:00
.. _external-function-calls:
2015-12-07 20:16:25 +00:00
External Function Calls
-----------------------
The expressions ``this.g(8);`` and ``c.g(2);`` (where ``c`` is a contract
2016-09-05 14:29:08 +00:00
instance) are also valid function calls, but this time, the function
2015-12-07 20:16:25 +00:00
will be called "externally", via a message call and not directly via jumps.
Please note that function calls on ``this`` cannot be used in the constructor,
as the actual contract has not been created yet.
2016-09-05 14:29:08 +00:00
2015-12-07 20:16:25 +00:00
Functions of other contracts have to be called externally. For an external call,
all function arguments have to be copied to memory.
.. note::
A function call from one contract to another does not create its own transaction,
it is a message call as part of the overall transaction.
2019-12-12 13:23:11 +00:00
When calling functions of other contracts, you can specify the amount of Wei or
gas sent with the call with the special options ``{value: 10, gas: 10000}``.
Note that it is discouraged to specify gas values explicitly, since the gas costs
of opcodes can change in the future. Any Wei you send to the contract is added
to the total balance of that contract:
.. code-block:: solidity
2016-05-11 19:48:59 +00:00
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.6.2 <0.9.0;
2017-07-10 21:58:23 +00:00
2015-12-07 20:16:25 +00:00
contract InfoFeed {
2017-12-12 18:47:30 +00:00
function info() public payable returns (uint ret) { return 42; }
2015-12-07 20:16:25 +00:00
}
2016-05-18 15:05:28 +00:00
2015-12-07 20:16:25 +00:00
contract Consumer {
2016-05-11 19:53:45 +00:00
InfoFeed feed;
function setFeed(InfoFeed addr) public { feed = addr; }
function callFeed() public { feed.info{value: 10, gas: 800}(); }
2015-12-07 20:16:25 +00:00
}
You need to use the modifier ``payable`` with the ``info`` function because
otherwise, the ``value`` option would not be available.
2016-09-05 14:29:08 +00:00
.. warning::
Be careful that ``feed.info{value: 10, gas: 800}`` only locally sets the
2019-12-12 13:23:11 +00:00
``value`` and amount of ``gas`` sent with the function call, and the
parentheses at the end perform the actual call. So in this case, the
function is not called and the ``value`` and ``gas`` settings are lost.
2020-09-21 09:49:25 +00:00
Due to the fact that the EVM considers a call to a non-existing contract to
always succeed, Solidity uses the ``extcodesize`` opcode to check that
the contract that is about to be called actually exists (it contains code)
and causes an exception if it does not.
Note that this check is not performed in case of :ref:`low-level calls <address_related>` which
operate on addresses rather than contract instances.
2020-09-21 09:49:25 +00:00
Function calls also cause exceptions if the called contract itself
throws an exception or goes out of gas.
.. warning::
Any interaction with another contract imposes a potential danger, especially
if the source code of the contract is not known in advance. The
current contract hands over control to the called contract and that may potentially
do just about anything. Even if the called contract inherits from a known parent contract,
the inheriting contract is only required to have a correct interface. The
implementation of the contract, however, can be completely arbitrary and thus,
pose a danger. In addition, be prepared in case it calls into other contracts of
your system or even back into the calling contract before the first
call returns. This means
that the called contract can change state variables of the calling contract
via its functions. Write your functions in a way that, for example, calls to
external functions happen after any changes to state variables in your contract
so your contract is not vulnerable to a reentrancy exploit.
.. note::
2020-04-03 14:29:17 +00:00
Before Solidity 0.6.2, the recommended way to specify the value and gas was to
use ``f.value(x).gas(g)()``. This was deprecated in Solidity 0.6.2 and is no
longer possible since Solidity 0.7.0.
2015-12-07 20:16:25 +00:00
Named Calls and Anonymous Function Parameters
---------------------------------------------
2018-09-20 12:50:26 +00:00
Function call arguments can be given by name, in any order,
2016-08-17 09:04:40 +00:00
if they are enclosed in ``{ }`` as can be seen in the following
example. The argument list has to coincide by name with the list of
parameters from the function declaration, but can be in arbitrary order.
2015-12-07 20:16:25 +00:00
.. code-block:: solidity
2015-12-07 20:16:25 +00:00
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.4.0 <0.9.0;
contract C {
2018-08-09 13:36:00 +00:00
mapping(uint => uint) data;
function f() public {
set({value: 2, key: 3});
2017-07-10 22:07:27 +00:00
}
2016-05-18 15:05:28 +00:00
2018-08-09 13:36:00 +00:00
function set(uint key, uint value) public {
data[key] = value;
2016-05-11 19:53:45 +00:00
}
2018-08-09 13:36:00 +00:00
}
2016-05-18 15:05:28 +00:00
2016-08-17 09:04:40 +00:00
Omitted Function Parameter Names
--------------------------------
The names of unused parameters (especially return parameters) can be omitted.
Those parameters will still be present on the stack, but they are inaccessible.
2016-05-18 15:05:28 +00:00
.. code-block:: solidity
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.4.22 <0.9.0;
contract C {
2016-08-16 07:41:50 +00:00
// omitted name for parameter
2017-12-12 18:47:30 +00:00
function func(uint k, uint) public pure returns(uint) {
2016-05-11 19:53:45 +00:00
return k;
}
2015-12-07 20:16:25 +00:00
}
2015-12-07 20:16:25 +00:00
2016-07-11 13:04:33 +00:00
.. index:: ! new, contracts;creating
.. _creating-contracts:
2016-08-18 17:03:41 +00:00
Creating Contracts via ``new``
==============================
2016-07-11 13:04:33 +00:00
2018-09-20 12:50:26 +00:00
A contract can create other contracts using the ``new`` keyword. The full
code of the contract being created has to be known when the creating contract
is compiled so recursive creation-dependencies are not possible.
2016-07-11 13:04:33 +00:00
.. code-block:: solidity
2016-07-11 13:04:33 +00:00
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.7.0 <0.9.0;
2016-07-11 13:04:33 +00:00
contract D {
2018-08-09 13:36:00 +00:00
uint public x;
2020-06-23 16:11:34 +00:00
constructor(uint a) payable {
2016-07-11 13:04:33 +00:00
x = a;
}
}
2016-08-18 17:03:41 +00:00
2016-07-11 13:04:33 +00:00
contract C {
D d = new D(4); // will be executed as part of C's constructor
2017-12-12 18:47:30 +00:00
function createD(uint arg) public {
2016-07-11 13:04:33 +00:00
D newD = new D(arg);
2018-08-09 13:36:00 +00:00
newD.x();
2016-07-11 13:04:33 +00:00
}
2017-12-12 18:47:30 +00:00
function createAndEndowD(uint arg, uint amount) public payable {
2016-07-11 13:04:33 +00:00
// Send ether along with the creation
D newD = new D{value: amount}(arg);
2018-08-09 13:36:00 +00:00
newD.x();
2016-07-11 13:04:33 +00:00
}
}
2018-09-20 12:50:26 +00:00
As seen in the example, it is possible to send Ether while creating
an instance of ``D`` using the ``value`` option, but it is not possible
to limit the amount of gas.
If the creation fails (due to out-of-stack, not enough balance or other problems),
an exception is thrown.
2016-07-11 13:04:33 +00:00
Salted contract creations / create2
-----------------------------------
When creating a contract, the address of the contract is computed from
the address of the creating contract and a counter that is increased with
each contract creation.
If you specify the option ``salt`` (a bytes32 value), then contract creation will
use a different mechanism to come up with the address of the new contract:
It will compute the address from the address of the creating contract,
the given salt value, the (creation) bytecode of the created contract and the constructor
arguments.
In particular, the counter ("nonce") is not used. This allows for more flexibility
in creating contracts: You are able to derive the address of the
new contract before it is created. Furthermore, you can rely on this address
also in case the creating
contracts creates other contracts in the meantime.
The main use-case here is contracts that act as judges for off-chain interactions,
which only need to be created if there is a dispute.
.. code-block:: solidity
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.7.0 <0.9.0;
contract D {
uint public x;
2020-06-23 16:11:34 +00:00
constructor(uint a) {
x = a;
}
}
contract C {
function createDSalted(bytes32 salt, uint arg) public {
// This complicated expression just tells you how the address
// can be pre-computed. It is just there for illustration.
// You actually only need ``new D{salt: salt}(arg)``.
address predictedAddress = address(uint160(uint(keccak256(abi.encodePacked(
2020-12-14 15:10:00 +00:00
bytes1(0xff),
address(this),
salt,
keccak256(abi.encodePacked(
type(D).creationCode,
arg
))
)))));
D d = new D{salt: salt}(arg);
require(address(d) == predictedAddress);
}
}
.. warning::
There are some peculiarities in relation to salted creation. A contract can be
re-created at the same address after having been destroyed. Yet, it is possible
for that newly created contract to have a different deployed bytecode even
though the creation bytecode has been the same (which is a requirement because
otherwise the address would change). This is due to the fact that the compiler
can query external state that might have changed between the two creations
and incorporate that into the deployed bytecode before it is stored.
2015-12-07 20:16:25 +00:00
Order of Evaluation of Expressions
==================================
The evaluation order of expressions is not specified (more formally, the order
in which the children of one node in the expression tree are evaluated is not
specified, but they are of course evaluated before the node itself). It is only
guaranteed that statements are executed in order and short-circuiting for
2019-11-27 22:14:03 +00:00
boolean expressions is done.
2015-12-07 20:16:25 +00:00
.. index:: ! assignment
Assignment
==========
.. index:: ! assignment;destructuring
Destructuring Assignments and Returning Multiple Values
-------------------------------------------------------
2019-12-12 13:23:11 +00:00
Solidity internally allows tuple types, i.e. a list of objects
of potentially different types whose number is a constant at
compile-time. Those tuples can be used to return multiple values at the same time.
These can then either be assigned to newly declared variables
or to pre-existing variables (or LValues in general).
2018-09-20 12:50:26 +00:00
Tuples are not proper types in Solidity, they can only be used to form syntactic
groupings of expressions.
2015-12-07 20:16:25 +00:00
.. code-block:: solidity
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.5.0 <0.9.0;
2017-07-10 21:58:23 +00:00
2015-12-07 20:16:25 +00:00
contract C {
uint index;
2016-05-11 19:53:45 +00:00
2017-12-12 18:47:30 +00:00
function f() public pure returns (uint, bool, uint) {
2016-05-11 19:53:45 +00:00
return (7, true, 2);
}
2017-12-12 18:47:30 +00:00
function g() public {
2018-08-09 13:36:00 +00:00
// Variables declared with type and assigned from the returned tuple,
2018-08-09 19:10:53 +00:00
// not all elements have to be specified (but the number must match).
2018-08-09 13:36:00 +00:00
(uint x, , uint y) = f();
2016-05-11 19:53:45 +00:00
// Common trick to swap values -- does not work for non-value storage types.
(x, y) = (y, x);
// Components can be left out (also for variable declarations).
(index, , ) = f(); // Sets the index to 7
2016-05-11 19:53:45 +00:00
}
2015-12-07 20:16:25 +00:00
}
2018-09-20 12:50:26 +00:00
It is not possible to mix variable declarations and non-declaration assignments,
i.e. the following is not valid: ``(x, uint y) = (1, 2);``
.. note::
Prior to version 0.5.0 it was possible to assign to tuples of smaller size, either
filling up on the left or on the right side (which ever was empty). This is
now disallowed, so both sides have to have the same number of components.
.. warning::
Be careful when assigning to multiple variables at the same time when
reference types are involved, because it could lead to unexpected
copying behaviour.
2015-12-07 20:16:25 +00:00
Complications for Arrays and Structs
------------------------------------
2019-12-05 15:58:03 +00:00
The semantics of assignments are more complicated for non-value types like arrays and structs,
including ``bytes`` and ``string``, see :ref:`Data location and assignment behaviour <data-location-assignment>` for details.
2015-12-07 20:16:25 +00:00
In the example below the call to ``g(x)`` has no effect on ``x`` because it creates
an independent copy of the storage value in memory. However, ``h(x)`` successfully modifies ``x``
because only a reference and not a copy is passed.
2019-01-21 10:33:11 +00:00
.. code-block:: solidity
2019-01-21 10:33:11 +00:00
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.4.22 <0.9.0;
2019-01-21 10:33:11 +00:00
2019-06-26 15:09:50 +00:00
contract C {
2019-01-21 10:33:11 +00:00
uint[20] x;
2019-06-26 15:09:50 +00:00
function f() public {
2019-01-21 10:33:11 +00:00
g(x);
h(x);
}
2019-06-26 15:09:50 +00:00
function g(uint[20] memory y) internal pure {
2019-01-21 10:33:11 +00:00
y[2] = 3;
}
2019-06-26 15:09:50 +00:00
function h(uint[20] storage y) internal {
2019-01-21 10:33:11 +00:00
y[3] = 4;
}
}
2016-07-04 14:51:02 +00:00
.. index:: ! scoping, declarations, default value
.. _default-value:
2015-12-07 20:16:25 +00:00
2016-05-11 21:02:28 +00:00
Scoping and Declarations
========================
2016-05-11 19:47:05 +00:00
2019-12-12 13:23:11 +00:00
A variable which is declared will have an initial default
value whose byte-representation is all zeros.
The "default values" of variables are the typical "zero-state"
of whatever the type is. For example, the default value for a ``bool``
is ``false``. The default value for the ``uint`` or ``int``
types is ``0``. For statically-sized arrays and ``bytes1`` to
``bytes32``, each individual
element will be initialized to the default value corresponding
to its type. For dynamically-sized arrays, ``bytes``
and ``string``, the default value is an empty array or string.
For the ``enum`` type, the default value is its first member.
2016-05-11 19:47:05 +00:00
2018-06-15 10:30:28 +00:00
Scoping in Solidity follows the widespread scoping rules of C99
2018-02-15 10:43:53 +00:00
(and many other languages): Variables are visible from the point right after their declaration
2019-12-12 13:23:11 +00:00
until the end of the smallest ``{ }``-block that contains the declaration.
As an exception to this rule, variables declared in the
2018-02-15 10:43:53 +00:00
initialization part of a for-loop are only visible until the end of the for-loop.
2019-12-12 13:23:11 +00:00
Variables that are parameter-like (function parameters, modifier parameters,
catch parameters, ...) are visible inside the code block that follows -
the body of the function/modifier for a function and modifier parameter and the catch block
for a catch parameter.
2018-02-15 10:43:53 +00:00
Variables and other items declared outside of a code block, for example functions, contracts,
2018-09-20 12:50:26 +00:00
user-defined types, etc., are visible even before they were declared. This means you can
2018-02-15 10:43:53 +00:00
use state variables before they are declared and call functions recursively.
As a consequence, the following examples will compile without warnings, since
2018-06-15 10:30:28 +00:00
the two variables have the same name but disjoint scopes.
2018-02-15 10:43:53 +00:00
.. code-block:: solidity
2018-02-15 10:43:53 +00:00
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.5.0 <0.9.0;
2018-02-15 10:43:53 +00:00
contract C {
function minimalScoping() pure public {
{
2018-08-09 13:36:00 +00:00
uint same;
same = 1;
2018-02-15 10:43:53 +00:00
}
{
2018-08-09 13:36:00 +00:00
uint same;
same = 3;
2018-02-15 10:43:53 +00:00
}
}
}
As a special example of the C99 scoping rules, note that in the following,
the first assignment to ``x`` will actually assign the outer and not the inner variable.
In any case, you will get a warning about the outer variable being shadowed.
.. code-block:: solidity
2018-02-15 10:43:53 +00:00
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.5.0 <0.9.0;
2018-08-09 13:36:00 +00:00
// This will report a warning
2018-02-15 10:43:53 +00:00
contract C {
function f() pure public returns (uint) {
uint x = 1;
{
x = 2; // this will assign to the outer variable
uint x;
}
return x; // x has value 2
}
}
2018-06-15 10:30:28 +00:00
.. warning::
2019-12-12 13:23:11 +00:00
Before version 0.5.0 Solidity followed the same scoping rules as
JavaScript, that is, a variable declared anywhere within a function would be in scope
2018-09-20 12:50:26 +00:00
for the entire function, regardless where it was declared. The following example shows a code snippet that used
2018-06-15 10:30:28 +00:00
to compile but leads to an error starting from version 0.5.0.
.. code-block:: solidity
2018-06-15 10:30:28 +00:00
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.5.0 <0.9.0;
2018-08-09 13:36:00 +00:00
// This will not compile
2018-06-15 10:30:28 +00:00
contract C {
function f() pure public returns (uint) {
x = 2;
uint x;
return x;
}
}
2020-09-30 22:05:19 +00:00
2021-04-08 15:34:13 +00:00
.. index:: ! safe math, safemath, checked, unchecked
2020-09-30 22:05:19 +00:00
.. _unchecked:
Checked or Unchecked Arithmetic
===============================
An overflow or underflow is the situation where the resulting value of an arithmetic operation,
when executed on an unrestricted integer, falls outside the range of the result type.
Prior to Solidity 0.8.0, arithmetic operations would always wrap in case of
under- or overflow leading to widespread use of libraries that introduce
additional checks.
Since Solidity 0.8.0, all arithmetic operations revert on over- and underflow by default,
thus making the use of these libraries unnecessary.
To obtain the previous behaviour, an ``unchecked`` block can be used:
.. code-block:: solidity
2020-09-30 22:05:19 +00:00
// SPDX-License-Identifier: GPL-3.0
2020-12-16 18:00:49 +00:00
pragma solidity ^0.8.0;
2020-09-30 22:05:19 +00:00
contract C {
function f(uint a, uint b) pure public returns (uint) {
2021-04-08 15:34:13 +00:00
// This subtraction will wrap on underflow.
2020-09-30 22:05:19 +00:00
unchecked { return a - b; }
}
function g(uint a, uint b) pure public returns (uint) {
2021-04-08 15:34:13 +00:00
// This subtraction will revert on underflow.
2020-09-30 22:05:19 +00:00
return a - b;
}
}
The call to ``f(2, 3)`` will return ``2**256-1``, while ``g(2, 3)`` will cause
a failing assertion.
The ``unchecked`` block can be used everywhere inside a block, but not as a replacement
for a block. It also cannot be nested.
The setting only affects the statements that are syntactically inside the block.
Functions called from within an ``unchecked`` block do not inherit the property.
.. note::
To avoid ambiguity, you cannot use ``_;`` inside an ``unchecked`` block.
The following operators will cause a failing assertion on overflow or underflow
and will wrap without an error if used inside an unchecked block:
``++``, ``--``, ``+``, binary ``-``, unary ``-``, ``*``, ``/``, ``%``, ``**``
``+=``, ``-=``, ``*=``, ``/=``, ``%=``
.. warning::
It is not possible to disable the check for division by zero
or modulo by zero using the ``unchecked`` block.
.. note::
Bitwise operators do not perform overflow or underflow checks.
This is particularly visible when using bitwise shifts (``<<``, ``>>``, ``<<=``, ``>>=``) in
place of integer division and multiplication by a power of 2.
For example ``type(uint256).max << 3`` does not revert even though ``type(uint256).max * 8`` would.
2020-09-30 22:05:19 +00:00
.. note::
The second statement in ``int x = type(int).min; -x;`` will result in an overflow
because the negative range can hold one more value than the positive range.
Explicit type conversions will always truncate and never cause a failing assertion
with the exception of a conversion from an integer to an enum type.
.. index:: ! exception, ! throw, ! assert, ! require, ! revert, ! errors
2016-07-04 14:51:02 +00:00
2018-09-20 12:27:02 +00:00
.. _assert-and-require:
2017-06-15 16:36:16 +00:00
Error handling: Assert, Require, Revert and Exceptions
======================================================
Solidity uses state-reverting exceptions to handle errors.
Such an exception undoes all changes made to the
state in the current call (and all its sub-calls) and
flags an error to the caller.
When exceptions happen in a sub-call, they "bubble up" (i.e.,
2021-02-04 14:58:06 +00:00
exceptions are rethrown) automatically unless they are caught in
a ``try/catch`` statement. Exceptions to this rule are ``send``
and the low-level functions ``call``, ``delegatecall`` and
``staticcall``: they return ``false`` as their first return value in case
2017-06-16 17:14:21 +00:00
of an exception instead of "bubbling up".
2015-12-07 20:16:25 +00:00
.. warning::
The low-level functions ``call``, ``delegatecall`` and
``staticcall`` return ``true`` as their first return value
if the account called is non-existent, as part of the design
of the EVM. Account existence must be checked prior to calling if needed.
2015-12-07 20:16:25 +00:00
2021-02-04 14:58:06 +00:00
Exceptions can contain error data that is passed back to the caller
in the form of :ref:`error instances <errors>`.
The built-in errors ``Error(string)`` and ``Panic(uint256)`` are
used by special functions, as explained below. ``Error`` is used for "regular" error conditions
while ``Panic`` is used for errors that should not be present in bug-free code.
2020-10-15 15:56:20 +00:00
Panic via ``assert`` and Error via ``require``
----------------------------------------------
2015-12-07 20:16:25 +00:00
The convenience functions ``assert`` and ``require`` can be used to check for conditions and throw an exception
if the condition is not met.
2016-09-05 14:29:08 +00:00
2020-10-15 15:56:20 +00:00
The ``assert`` function creates an error of type ``Panic(uint256)``.
The same error is created by the compiler in certain situations as listed below.
Assert should only be used to test for internal
errors, and to check invariants. Properly functioning code should
2020-10-15 15:56:20 +00:00
never create a Panic, not even on invalid external input.
If this happens, then there
is a bug in your contract which you should fix. Language analysis
tools can evaluate your contract to identify the conditions and
2020-10-15 15:56:20 +00:00
function calls which will cause a Panic.
A Panic exception is generated in the following situations.
The error code supplied with the error data indicates the kind of panic.
#. 0x00: Used for generic compiler inserted panics.
2020-10-15 15:56:20 +00:00
#. 0x01: If you call ``assert`` with an argument that evaluates to false.
#. 0x11: If an arithmetic operation results in underflow or overflow outside of an ``unchecked { ... }`` block.
#. 0x12; If you divide or modulo by zero (e.g. ``5 / 0`` or ``23 % 0``).
#. 0x21: If you convert a value that is too big or negative into an enum type.
#. 0x22: If you access a storage byte array that is incorrectly encoded.
2020-10-15 15:56:20 +00:00
#. 0x31: If you call ``.pop()`` on an empty array.
#. 0x32: If you access an array, ``bytesN`` or an array slice at an out-of-bounds or negative index (i.e. ``x[i]`` where ``i >= x.length`` or ``i < 0``).
#. 0x41: If you allocate too much memory or create an array that is too large.
#. 0x51: If you call a zero-initialized variable of internal function type.
2021-02-04 14:58:06 +00:00
The ``require`` function either creates an error without any data or
an error of type ``Error(string)``. It
2020-10-15 15:56:20 +00:00
should be used to ensure valid conditions
that cannot be detected until execution time.
This includes conditions on inputs
or return values from calls to external contracts.
2021-02-04 14:58:06 +00:00
.. note::
It is currently not possible to use custom errors in combination
with ``require``. Please use ``if (!condition) revert CustomError();`` instead.
An ``Error(string)`` exception (or an exception without data) is generated
by the compiler
2020-11-19 09:49:40 +00:00
in the following situations:
2017-03-16 00:43:25 +00:00
2021-02-04 14:58:06 +00:00
#. Calling ``require(x)`` where ``x`` evaluates to ``false``.
#. If you use ``revert()`` or ``revert("description")``.
2020-11-19 09:49:40 +00:00
#. If you perform an external function call targeting a contract that contains no code.
#. If your contract receives Ether via a public function without
``payable`` modifier (including the constructor and the fallback function).
#. If your contract receives Ether via a public getter function.
For the following cases, the error data from the external call
(if provided) is forwarded. This mean that it can either cause
an `Error` or a `Panic` (or whatever else was given):
#. If a ``.transfer()`` fails.
#. If you call a function via a message call but it does not finish
properly (i.e., it runs out of gas, has no matching function, or
throws an exception itself), except when a low level operation
``call``, ``send``, ``delegatecall``, ``callcode`` or ``staticcall``
is used. The low level operations never throw exceptions but
indicate failures by returning ``false``.
#. If you create a contract using the ``new`` keyword but the contract
creation :ref:`does not finish properly<creating-contracts>`.
2017-02-10 13:31:40 +00:00
You can optionally provide a message string for ``require``, but not for ``assert``.
2020-10-15 15:56:20 +00:00
.. note::
If you do not provide a string argument to ``require``, it will revert
with empty error data, not even including the error selector.
The following example shows how you can use ``require`` to check conditions on inputs
and ``assert`` for internal error checking.
.. code-block:: solidity
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.5.0 <0.9.0;
contract Sharer {
function sendHalf(address payable addr) public payable returns (uint balance) {
require(msg.value % 2 == 0, "Even value required.");
uint balanceBeforeTransfer = address(this).balance;
addr.transfer(msg.value / 2);
// Since transfer throws an exception on failure and
// cannot call back here, there should be no way for us to
// still have half of the money.
assert(address(this).balance == balanceBeforeTransfer - msg.value / 2);
return address(this).balance;
}
}
Internally, Solidity performs a revert operation (instruction
2020-10-15 15:56:20 +00:00
``0xfd``). This causes
the EVM to revert all changes made to the state. The reason for reverting
is that there is no safe way to continue execution, because an expected effect
did not occur. Because we want to keep the atomicity of transactions, the
safest action is to revert all changes and make the whole transaction
(or at least call) without effect.
2020-10-15 15:56:20 +00:00
In both cases, the caller can react on such failures using ``try``/``catch``, but
the changes in the caller will always be reverted.
.. note::
2020-10-15 15:56:20 +00:00
Panic exceptions used to use the ``invalid`` opcode before Solidity 0.8.0,
which consumed all gas available to the call.
Exceptions that use ``require`` used to consume all gas until before the Metropolis release.
2021-02-04 14:58:06 +00:00
.. _revert-statement:
``revert``
----------
2021-02-04 14:58:06 +00:00
A direct revert can be triggered using the ``revert`` statement and the ``revert`` function.
The ``revert`` statement takes a custom error as direct argument without parentheses:
revert CustomError(arg1, arg2);
2021-02-04 14:58:06 +00:00
For backards-compatibility reasons, there is also the ``revert()`` function, which uses parentheses
and accepts a string:
revert();
revert("description");
The error data will be passed back to the caller and can be caught there.
Using ``revert()`` causes a revert without any error data while ``revert("description")``
will create an ``Error(string)`` error.
Using a custom error instance will usually be much cheaper than a string description,
because you can use the name of the error to describe it, which is encoded in only
four bytes. A longer description can be supplied via NatSpec which does not incur
any costs.
The following example shows how to use an error string and a custom error instance
together with ``revert`` and the equivalent ``require``:
.. code-block:: solidity
// SPDX-License-Identifier: GPL-3.0
2021-02-04 14:58:06 +00:00
pragma solidity ^0.8.4;
contract VendingMachine {
2021-02-04 14:58:06 +00:00
address owner;
error Unauthorized();
function buy(uint amount) public payable {
if (amount > msg.value / 2 ether)
revert("Not enough Ether provided.");
2018-01-03 14:30:01 +00:00
// Alternative way to do it:
require(
amount <= msg.value / 2 ether,
"Not enough Ether provided."
);
// Perform the purchase.
}
2021-02-04 14:58:06 +00:00
function withdraw() public {
if (msg.sender != owner)
revert Unauthorized();
payable(msg.sender).transfer(address(this).balance);
}
}
2021-02-04 14:58:06 +00:00
The two ways ``if (!condition) revert(...);`` and ``require(condition, ...);`` are
equivalent as long as the arguments to ``revert`` and ``require`` do not have side-effects,
for example if they are just strings.
.. note::
The ``require`` function is evaluated just as any other function.
This means that all arguments are evaluated before the function itself is executed.
In particular, in ``require(condition, f())`` the function ``f`` is executed even if
``condition`` is true.
The provided string is :ref:`abi-encoded <ABI>` as if it were a call to a function ``Error(string)``.
In the above example, ``revert("Not enough Ether provided.");`` returns the following hexadecimal as error return data:
.. code::
0x08c379a0 // Function selector for Error(string)
0x0000000000000000000000000000000000000000000000000000000000000020 // Data offset
0x000000000000000000000000000000000000000000000000000000000000001a // String length
0x4e6f7420656e6f7567682045746865722070726f76696465642e000000000000 // String data
The provided message can be retrieved by the caller using ``try``/``catch`` as shown below.
.. note::
There used to be a keyword called ``throw`` with the same semantics as ``revert()`` which
was deprecated in version 0.4.13 and removed in version 0.5.0.
2019-09-02 15:25:59 +00:00
.. _try-catch:
``try``/``catch``
-----------------
A failure in an external call can be caught using a try/catch statement, as follows:
.. code-block:: solidity
2019-09-02 15:25:59 +00:00
// SPDX-License-Identifier: GPL-3.0
2020-12-22 12:27:38 +00:00
pragma solidity >0.8.0;
2019-09-02 15:25:59 +00:00
interface DataFeed { function getData(address token) external returns (uint value); }
contract FeedConsumer {
DataFeed feed;
uint errorCount;
function rate(address token) public returns (uint value, bool success) {
// Permanently disable the mechanism if there are
// more than 10 errors.
require(errorCount < 10);
try feed.getData(token) returns (uint v) {
return (v, true);
} catch Error(string memory /*reason*/) {
// This is executed in case
// revert was called inside getData
// and a reason string was provided.
errorCount++;
return (0, false);
2020-12-22 12:27:38 +00:00
} catch Panic(uint /*errorCode*/) {
// This is executed in case of a panic,
// i.e. a serious error like division by zero
// or overflow. The error code can be used
// to determine the kind of error.
errorCount++;
return (0, false);
2019-09-02 15:25:59 +00:00
} catch (bytes memory /*lowLevelData*/) {
2020-10-15 15:56:20 +00:00
// This is executed in case revert() was used.
2019-09-02 15:25:59 +00:00
errorCount++;
return (0, false);
}
}
}
The ``try`` keyword has to be followed by an expression representing an external function call
or a contract creation (``new ContractName()``).
Errors inside the expression are not caught (for example if it is a complex expression
that also involves internal function calls), only a revert happening inside the external
call itself. The ``returns`` part (which is optional) that follows declares return variables
matching the types returned by the external call. In case there was no error,
these variables are assigned and the contract's execution continues inside the
first success block. If the end of the success block is reached, execution continues after the ``catch`` blocks.
2020-12-22 12:27:38 +00:00
Solidity supports different kinds of catch blocks depending on the
type of error:
2019-09-02 15:25:59 +00:00
2020-12-22 12:27:38 +00:00
- ``catch Error(string memory reason) { ... }``: This catch clause is executed if the error was caused by ``revert("reasonString")`` or
``require(false, "reasonString")`` (or an internal error that causes such an
exception).
- ``catch Panic(uint errorCode) { ... }``: If the error was caused by a panic, i.e. by a failing ``assert``, division by zero,
invalid array access, arithmetic overflow and others, this catch clause will be run.
2019-09-02 15:25:59 +00:00
2020-12-22 12:27:38 +00:00
- ``catch (bytes memory lowLevelData) { ... }``: This clause is executed if the error signature
does not match any other clause, if there was an error while decoding the error
message, or
if no error data was provided with the exception.
The declared variable provides access to the low-level error data in that case.
2019-09-02 15:25:59 +00:00
2020-12-22 12:27:38 +00:00
- ``catch { ... }``: If you are not interested in the error data, you can just use
``catch { ... }`` (even as the only catch clause) instead of the previous clause.
It is planned to support other types of error data in the future.
The strings ``Error`` and ``Panic`` are currently parsed as is and are not treated as an identifiers.
2019-09-02 15:25:59 +00:00
In order to catch all error cases, you have to have at least the clause
``catch { ...}`` or the clause ``catch (bytes memory lowLevelData) { ... }``.
The variables declared in the ``returns`` and the ``catch`` clause are only
in scope in the block that follows.
.. note::
If an error happens during the decoding of the return data
inside a try/catch-statement, this causes an exception in the currently
executing contract and because of that, it is not caught in the catch clause.
If there is an error during decoding of ``catch Error(string memory reason)``
and there is a low-level catch clause, this error is caught there.
.. note::
If execution reaches a catch-block, then the state-changing effects of
the external call have been reverted. If execution reaches
the success block, the effects were not reverted.
If the effects have been reverted, then execution either continues
in a catch block or the execution of the try/catch statement itself
reverts (for example due to decoding failures as noted above or
due to not providing a low-level catch clause).
2020-02-03 13:21:37 +00:00
.. note::
The reason behind a failed call can be manifold. Do not assume that
the error message is coming directly from the called contract:
The error might have happened deeper down in the call chain and the
called contract just forwarded it. Also, it could be due to an
out-of-gas situation and not a deliberate error condition:
The caller always retains 63/64th of the gas in a call and thus
even if the called contract goes out of gas, the caller still
2020-04-03 14:29:17 +00:00
has some gas left.