mirror of
https://github.com/ethereum/solidity
synced 2023-10-03 13:03:40 +00:00
Merge pull request #11860 from ethereum/smt_static_array
[SMTChecker] Add static array length constraint
This commit is contained in:
commit
78afd71ab7
@ -551,6 +551,11 @@ smtutil::Expression symbolicUnknownConstraints(smtutil::Expression _expr, fronte
|
|||||||
solAssert(_type, "");
|
solAssert(_type, "");
|
||||||
if (isEnum(*_type) || isInteger(*_type) || isAddress(*_type) || isFixedBytes(*_type))
|
if (isEnum(*_type) || isInteger(*_type) || isAddress(*_type) || isFixedBytes(*_type))
|
||||||
return _expr >= minValue(_type) && _expr <= maxValue(_type);
|
return _expr >= minValue(_type) && _expr <= maxValue(_type);
|
||||||
|
else if (
|
||||||
|
auto arrayType = dynamic_cast<ArrayType const*>(_type);
|
||||||
|
arrayType && !arrayType->isDynamicallySized()
|
||||||
|
)
|
||||||
|
return smtutil::Expression::tuple_get(_expr, 1) == arrayType->length();
|
||||||
else if (isArray(*_type) || isMapping(*_type))
|
else if (isArray(*_type) || isMapping(*_type))
|
||||||
/// Length cannot be negative.
|
/// Length cannot be negative.
|
||||||
return smtutil::Expression::tuple_get(_expr, 1) >= 0;
|
return smtutil::Expression::tuple_get(_expr, 1) >= 0;
|
||||||
|
@ -1,9 +1,6 @@
|
|||||||
contract C
|
contract C
|
||||||
{
|
{
|
||||||
function f(uint[2] memory a, uint[2] memory b, uint[2] memory c) public pure {
|
function f(uint[2] memory a, uint[2] memory b, uint[2] memory c) public pure {
|
||||||
require(a.length > 0);
|
|
||||||
require(b.length > 0);
|
|
||||||
require(c.length > 0);
|
|
||||||
require(c[0] == 42);
|
require(c[0] == 42);
|
||||||
require(a[0] == 2);
|
require(a[0] == 2);
|
||||||
b[0] = 1;
|
b[0] = 1;
|
||||||
@ -19,5 +16,4 @@ contract C
|
|||||||
// ====
|
// ====
|
||||||
// SMTEngine: all
|
// SMTEngine: all
|
||||||
// ----
|
// ----
|
||||||
// Warning 6368: (467-471): CHC: Out of bounds access happens here.
|
// Warning 6328: (385-402): CHC: Assertion violation happens here.
|
||||||
// Warning 6328: (460-477): CHC: Assertion violation happens here.
|
|
||||||
|
@ -24,8 +24,3 @@ contract C
|
|||||||
// SMTEngine: all
|
// SMTEngine: all
|
||||||
// SMTIgnoreCex: yes
|
// SMTIgnoreCex: yes
|
||||||
// ----
|
// ----
|
||||||
// Warning 6368: (165-169): CHC: Out of bounds access happens here.
|
|
||||||
// Warning 6368: (178-182): CHC: Out of bounds access happens here.
|
|
||||||
// Warning 6368: (190-195): CHC: Out of bounds access happens here.
|
|
||||||
// Warning 6368: (314-318): CHC: Out of bounds access happens here.
|
|
||||||
// Warning 6368: (440-445): CHC: Out of bounds access happens here.
|
|
||||||
|
@ -27,7 +27,4 @@ contract C
|
|||||||
// SMTEngine: all
|
// SMTEngine: all
|
||||||
// SMTIgnoreCex: yes
|
// SMTIgnoreCex: yes
|
||||||
// ----
|
// ----
|
||||||
// Warning 6368: (353-369): CHC: Out of bounds access happens here.
|
|
||||||
// Warning 6368: (353-372): CHC: Out of bounds access happens here.
|
|
||||||
// Warning 6368: (463-477): CHC: Out of bounds access happens here.
|
|
||||||
// Warning 6328: (456-487): CHC: Assertion violation happens here.
|
// Warning 6328: (456-487): CHC: Assertion violation happens here.
|
||||||
|
@ -30,10 +30,6 @@ contract C
|
|||||||
// SMTEngine: all
|
// SMTEngine: all
|
||||||
// SMTIgnoreCex: yes
|
// SMTIgnoreCex: yes
|
||||||
// ----
|
// ----
|
||||||
// Warning 6368: (314-328): CHC: Out of bounds access happens here.
|
|
||||||
// Warning 6368: (367-383): CHC: Out of bounds access happens here.
|
|
||||||
// Warning 6368: (367-386): CHC: Out of bounds access happens here.
|
|
||||||
// Warning 6368: (497-511): CHC: Out of bounds access happens here.
|
|
||||||
// Warning 6328: (860-880): CHC: Assertion violation happens here.
|
// Warning 6328: (860-880): CHC: Assertion violation happens here.
|
||||||
// Warning 6368: (936-952): CHC: Out of bounds access might happen here.
|
// Warning 6368: (936-952): CHC: Out of bounds access might happen here.
|
||||||
// Warning 6368: (936-955): CHC: Out of bounds access might happen here.
|
// Warning 6368: (936-955): CHC: Out of bounds access might happen here.
|
||||||
|
@ -0,0 +1,12 @@
|
|||||||
|
contract C {
|
||||||
|
function f(address[2] memory a) public pure {
|
||||||
|
assert(a.length == 2); // should hold
|
||||||
|
assert(a.length < 2); // should fail
|
||||||
|
assert(a.length > 2); // should fail
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// ====
|
||||||
|
// SMTEngine: all
|
||||||
|
// ----
|
||||||
|
// Warning 6328: (102-122): CHC: Assertion violation happens here.\nCounterexample:\n\na = [9, 9]\n\nTransaction trace:\nC.constructor()\nC.f([9, 9])
|
||||||
|
// Warning 6328: (141-161): CHC: Assertion violation happens here.\nCounterexample:\n\na = [9, 9]\n\nTransaction trace:\nC.constructor()\nC.f([9, 9])
|
@ -0,0 +1,12 @@
|
|||||||
|
contract C {
|
||||||
|
function f() public pure returns (address[2] memory a) {
|
||||||
|
assert(a.length == 2); // should hold
|
||||||
|
assert(a.length < 2); // should fail
|
||||||
|
assert(a.length > 2); // should fail
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// ====
|
||||||
|
// SMTEngine: all
|
||||||
|
// ----
|
||||||
|
// Warning 6328: (113-133): CHC: Assertion violation happens here.\nCounterexample:\n\na = [0, 0]\n\nTransaction trace:\nC.constructor()\nC.f()
|
||||||
|
// Warning 6328: (152-172): CHC: Assertion violation happens here.\nCounterexample:\n\na = [0, 0]\n\nTransaction trace:\nC.constructor()\nC.f()
|
@ -0,0 +1,13 @@
|
|||||||
|
contract C {
|
||||||
|
function f() public pure {
|
||||||
|
address[2] memory a;
|
||||||
|
assert(a.length == 2); // should hold
|
||||||
|
assert(a.length < 2); // should fail
|
||||||
|
assert(a.length > 2); // should fail
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// ====
|
||||||
|
// SMTEngine: all
|
||||||
|
// ----
|
||||||
|
// Warning 6328: (106-126): CHC: Assertion violation happens here.\nCounterexample:\n\na = [0, 0]\n\nTransaction trace:\nC.constructor()\nC.f()
|
||||||
|
// Warning 6328: (145-165): CHC: Assertion violation happens here.\nCounterexample:\n\na = [0, 0]\n\nTransaction trace:\nC.constructor()\nC.f()
|
@ -0,0 +1,23 @@
|
|||||||
|
contract C {
|
||||||
|
uint[2] a;
|
||||||
|
uint x = f();
|
||||||
|
constructor() {
|
||||||
|
assert(a.length == 2); // should hold
|
||||||
|
assert(x == 2); // should hold
|
||||||
|
assert(a.length < 2); // should fail
|
||||||
|
assert(a.length > 2); // should fail
|
||||||
|
}
|
||||||
|
function f() internal view returns (uint) {
|
||||||
|
assert(a.length == 2); // should hold
|
||||||
|
assert(a.length < 2); // should fail
|
||||||
|
assert(a.length > 2); // should fail
|
||||||
|
return a.length;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// ====
|
||||||
|
// SMTEngine: all
|
||||||
|
// ----
|
||||||
|
// Warning 6328: (132-152): CHC: Assertion violation happens here.\nCounterexample:\na = [0, 0], x = 2\n\nTransaction trace:\nC.constructor()
|
||||||
|
// Warning 6328: (171-191): CHC: Assertion violation happens here.\nCounterexample:\na = [0, 0], x = 2\n\nTransaction trace:\nC.constructor()
|
||||||
|
// Warning 6328: (298-318): CHC: Assertion violation happens here.\nCounterexample:\na = [0, 0], x = 0\n\nTransaction trace:\nC.constructor()
|
||||||
|
// Warning 6328: (337-357): CHC: Assertion violation happens here.\nCounterexample:\na = [0, 0], x = 0\n\nTransaction trace:\nC.constructor()
|
@ -0,0 +1,13 @@
|
|||||||
|
contract C {
|
||||||
|
uint[2] a;
|
||||||
|
function f() public view {
|
||||||
|
assert(a.length == 2); // should hold
|
||||||
|
assert(a.length < 2); // should fail
|
||||||
|
assert(a.length > 2); // should fail
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// ====
|
||||||
|
// SMTEngine: all
|
||||||
|
// ----
|
||||||
|
// Warning 6328: (95-115): CHC: Assertion violation happens here.\nCounterexample:\na = [0, 0]\n\nTransaction trace:\nC.constructor()\nState: a = [0, 0]\nC.f()
|
||||||
|
// Warning 6328: (134-154): CHC: Assertion violation happens here.\nCounterexample:\na = [0, 0]\n\nTransaction trace:\nC.constructor()\nState: a = [0, 0]\nC.f()
|
Loading…
Reference in New Issue
Block a user