Merge pull request #10777 from blishko/smt-fix-checked

[SMTChecker] Fix BMC crash related to `unchecked` blocks
This commit is contained in:
Leonardo 2021-01-15 16:46:32 +01:00 committed by GitHub
commit 726c5ff68c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 51 additions and 0 deletions

View File

@ -528,7 +528,9 @@ void BMC::inlineFunctionCall(FunctionCall const& _funCall)
// is that there we don't have `_funCall`. // is that there we don't have `_funCall`.
pushCallStack({funDef, &_funCall}); pushCallStack({funDef, &_funCall});
pushPathCondition(currentPathConditions()); pushPathCondition(currentPathConditions());
auto oldChecked = std::exchange(m_checked, true);
funDef->accept(*this); funDef->accept(*this);
m_checked = oldChecked;
popPathCondition(); popPathCondition();
} }

View File

@ -0,0 +1,17 @@
pragma experimental SMTChecker;
contract C {
function f(uint x) internal pure {
unchecked {
uint y = x - 1;
assert(y < x); // should fail, underflow can happen, we are inside unchecked block
}
}
function g(uint x) public pure {
unchecked { f(x); }
}
}
// ====
// SMTEngine: bmc
// ----
// Warning 4661: (117-130): BMC: Assertion violation happens here.
// Warning 4661: (117-130): BMC: Assertion violation happens here.

View File

@ -0,0 +1,18 @@
pragma experimental SMTChecker;
contract C {
modifier m() {
unchecked{}
_;
}
function t() m internal pure {}
function f() public pure {
unchecked { t(); }
}
}
// ----

View File

@ -0,0 +1,14 @@
pragma experimental SMTChecker;
contract C {
function f(uint x) internal pure {
unchecked {
uint y = x - 1;
assert(y < x); // should fail, underflow can happen, we are inside unchecked block
}
}
function g(uint x) public pure {
unchecked { f(x); }
}
}
// ----
// Warning 6328: (117-130): CHC: Assertion violation happens here.\nCounterexample:\n\nx = 0\n\nTransaction trace:\nC.constructor()\nC.g(0)\n C.f(0) -- internal call