Merge pull request #9522 from ethereum/smt_fix_tuple_pop

[SMTChecker] Fix ICE in tuples again
2023-10-03 13:03:40 +00:00 · 2020-07-27 19:03:12 +02:00 · 2020-07-27 19:03:12 +02:00 · 0a42ac2a5a
commit 0a42ac2a5a
parent da189a6678 b207222af7
3 changed files with 22 additions and 4 deletions
--- a/libsolidity/formal/SMTEncoder.cpp
+++ b/libsolidity/formal/SMTEncoder.cpp
@ -1100,7 +1100,11 @@ void SMTEncoder::arrayPop(FunctionCall const& _funCall)

 void SMTEncoder::arrayPushPopAssign(Expression const& _expr, smtutil::Expression const& _array)
 {
-	if (auto const* id = dynamic_cast<Identifier const*>(&_expr))
+	Expression const* expr = &_expr;
+	if (auto const* tupleExpr = dynamic_cast<TupleExpression const*>(expr))
+		expr = innermostTuple(*tupleExpr);
+
+	if (auto const* id = dynamic_cast<Identifier const*>(expr))
 	{
 		auto varDecl = identifierToVariable(*id);
 		solAssert(varDecl, "");
@ -1108,9 +1112,9 @@ void SMTEncoder::arrayPushPopAssign(Expression const& _expr, smtutil::Expression
 			resetReferences(*varDecl);
 		m_context.addAssertion(m_context.newValue(*varDecl) == _array);
 	}
-	else if (auto const* indexAccess = dynamic_cast<IndexAccess const*>(&_expr))
+	else if (auto const* indexAccess = dynamic_cast<IndexAccess const*>(expr))
 		arrayIndexAssignment(*indexAccess, _array);
-	else if (auto const* funCall = dynamic_cast<FunctionCall const*>(&_expr))
+	else if (auto const* funCall = dynamic_cast<FunctionCall const*>(expr))
 	{
 		FunctionType const& funType = dynamic_cast<FunctionType const&>(*funCall->expression().annotation().type);
 		if (funType.kind() == FunctionType::Kind::ArrayPush)
@ -1132,7 +1136,7 @@ void SMTEncoder::arrayPushPopAssign(Expression const& _expr, smtutil::Expression
 			arrayPushPopAssign(memberAccess->expression(), symbArray->currentValue());
 		}
 	}
-	else if (dynamic_cast<MemberAccess const*>(&_expr))
+	else if (dynamic_cast<MemberAccess const*>(expr))
 		m_errorReporter.warning(
 			9599_error,
 			_expr.location(),
--- a/test/libsolidity/smtCheckerTests/types/tuple_array_pop_1.sol
+++ b/test/libsolidity/smtCheckerTests/types/tuple_array_pop_1.sol
@ -0,0 +1,7 @@
+pragma experimental SMTChecker;
+contract C {
+	int[] a;
+	function f() public { (a).pop();}
+}
+// ----
+// Warning 2529: (78-87): Empty array "pop" detected here.
--- a/test/libsolidity/smtCheckerTests/types/tuple_array_pop_2.sol
+++ b/test/libsolidity/smtCheckerTests/types/tuple_array_pop_2.sol
@ -0,0 +1,7 @@
+pragma experimental SMTChecker;
+contract C {
+	int[] a;
+	function f() public { (((((a))))).pop();}
+}
+// ----
+// Warning 2529: (78-95): Empty array "pop" detected here.