mirror of
https://github.com/ethereum/solidity
synced 2023-10-03 13:03:40 +00:00
Merge pull request #11146 from blishko/smt-fix-compound-assignment-to-push
[SMTChecker] Fix compound assignment to push
This commit is contained in:
commit
2f36e15009
@ -8,6 +8,7 @@ Compiler Features:
|
||||
|
||||
Bugfixes:
|
||||
* AST Output: Fix ``kind`` field of ``ModifierInvocation`` for base constructor calls.
|
||||
* SMTChecker: Fix false positive and false negative on ``push`` as LHS of a compound assignment.
|
||||
* SMTChecker: Fix internal error on public getter returning dynamic data on older EVM versions where these are not available.
|
||||
|
||||
|
||||
|
@ -373,32 +373,10 @@ void SMTEncoder::endVisit(VariableDeclarationStatement const& _varDecl)
|
||||
|
||||
bool SMTEncoder::visit(Assignment const& _assignment)
|
||||
{
|
||||
auto const& left = _assignment.leftHandSide();
|
||||
auto const& right = _assignment.rightHandSide();
|
||||
|
||||
if (auto const* memberAccess = isEmptyPush(left))
|
||||
{
|
||||
right.accept(*this);
|
||||
left.accept(*this);
|
||||
|
||||
auto const& memberExpr = memberAccess->expression();
|
||||
auto& symbArray = dynamic_cast<smt::SymbolicArrayVariable&>(*m_context.expression(memberExpr));
|
||||
smtutil::Expression oldElements = symbArray.elements();
|
||||
smtutil::Expression length = symbArray.length();
|
||||
symbArray.increaseIndex();
|
||||
m_context.addAssertion(symbArray.elements() == smtutil::Expression::store(
|
||||
oldElements,
|
||||
length - 1,
|
||||
expr(right)
|
||||
));
|
||||
m_context.addAssertion(symbArray.length() == length);
|
||||
|
||||
arrayPushPopAssign(memberExpr, symbArray.currentValue());
|
||||
defineExpr(_assignment, expr(left));
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
// RHS must be visited before LHS; as opposed to what Assignment::accept does
|
||||
_assignment.rightHandSide().accept(*this);
|
||||
_assignment.leftHandSide().accept(*this);
|
||||
return false;
|
||||
}
|
||||
|
||||
void SMTEncoder::endVisit(Assignment const& _assignment)
|
||||
@ -408,9 +386,6 @@ void SMTEncoder::endVisit(Assignment const& _assignment)
|
||||
Token op = _assignment.assignmentOperator();
|
||||
solAssert(TokenTraits::isAssignmentOp(op), "");
|
||||
|
||||
if (isEmptyPush(_assignment.leftHandSide()))
|
||||
return;
|
||||
|
||||
if (!smt::isSupportedType(*_assignment.annotation().type))
|
||||
{
|
||||
// Give it a new index anyway to keep the SSA scheme sound.
|
||||
@ -2022,6 +1997,8 @@ void SMTEncoder::assignment(
|
||||
dynamic_cast<MemberAccess const*>(left)
|
||||
)
|
||||
indexOrMemberAssignment(*left, _right);
|
||||
else if (isEmptyPush(*left))
|
||||
arrayPushPopAssign(*left, _right);
|
||||
else
|
||||
solAssert(false, "");
|
||||
}
|
||||
|
@ -0,0 +1,15 @@
|
||||
pragma experimental SMTChecker;
|
||||
|
||||
contract C {
|
||||
|
||||
int[] u;
|
||||
|
||||
function t() public {
|
||||
require(u.length == 0);
|
||||
u.push() -= 1;
|
||||
assert(u[0] < 0); // should hold
|
||||
assert(u[0] >= 0); // should fail
|
||||
}
|
||||
}
|
||||
// ----
|
||||
// Warning 6328: (161-178): CHC: Assertion violation happens here.\nCounterexample:\nu = [(- 1)]\n\nTransaction trace:\nC.constructor()\nState: u = []\nC.t()
|
Loading…
Reference in New Issue
Block a user