cerc-io/solidity
16
0
Fork 0
mirror of https://github.com/ethereum/solidity synced 2023-10-03 13:03:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

[SMTChecker] Add support to constructors

Browse Source
This commit is contained in:
Leonardo Alt 2019-09-26 16:12:27 +02:00
parent 301215f186
commit a352abe00d
46 changed files with 1051 additions and 172 deletions
Changelog.md
libsolidity/formal
BMC.cppCHC.cppCHC.hSMTEncoder.cppSMTEncoder.h
test/libsolidity/smtCheckerTests
complex/slither
const_state_variables.soldata_dependency.sol
functions
constructor_base_basic.solconstructor_hierarchy.solconstructor_hierarchy_2.solconstructor_hierarchy_3.solconstructor_hierarchy_4.solconstructor_hierarchy_diamond.solconstructor_hierarchy_diamond_2.solconstructor_hierarchy_diamond_3.solconstructor_hierarchy_diamond_empty_middle.solconstructor_hierarchy_diamond_empty_middle_empty_base.solconstructor_hierarchy_empty_chain.solconstructor_hierarchy_empty_middle.solconstructor_hierarchy_empty_middle_no_invocation.solconstructor_hierarchy_mixed_chain.solconstructor_hierarchy_mixed_chain_empty_base.solconstructor_hierarchy_mixed_chain_with_params.solconstructor_hierarchy_mixed_chain_with_params_2.solconstructor_hierarchy_modifier.solconstructor_hierarchy_same_var.solconstructor_simple.solconstructor_state_value.solconstructor_state_value_inherited.solconstructor_state_value_parameter.sol
inheritance
constructor_hierarchy_mixed_chain_with_params.solconstructor_state_variable_init.solconstructor_state_variable_init_base.solconstructor_state_variable_init_chain.solconstructor_state_variable_init_chain_alternate.solconstructor_state_variable_init_chain_run_all.solconstructor_state_variable_init_chain_run_all_2.solconstructor_state_variable_init_diamond.solconstructor_state_variable_init_diamond_middle.solconstructor_state_variable_init_function_call.solfunctions_1.solfunctions_2.solfunctions_3.solimplicit_constructor_hierarchy.solimplicit_only_constructor_hierarchy.sol

1
Changelog.md
View File

@ -6,6 +6,7 @@ Language Features:
Compiler Features: Compiler Features:
* SMTChecker: Add support to constructors including constructor inheritance.
* Yul: When compiling via Yul, string literals from the Solidity code are kept as string literals if every character is safely printable. * Yul: When compiling via Yul, string literals from the Solidity code are kept as string literals if every character is safely printable.
* Yul Optimizer: Perform loop-invariant code motion. * Yul Optimizer: Perform loop-invariant code motion.

26
libsolidity/formal/BMC.cpp
View File

@ -110,11 +110,6 @@ bool BMC::visit(ContractDefinition const& _contract)
{ {
initContract(_contract); initContract(_contract);
/// Check targets created by state variable initialization.
smt::Expression constraints = m_context.assertions();
checkVerificationTargets(constraints);
m_verificationTargets.clear();
SMTEncoder::visit(_contract); SMTEncoder::visit(_contract);
return false; return false;
@ -122,6 +117,17 @@ bool BMC::visit(ContractDefinition const& _contract)
void BMC::endVisit(ContractDefinition const& _contract) void BMC::endVisit(ContractDefinition const& _contract)
{ {
if (auto constructor = _contract.constructor())
constructor->accept(*this);
else
{
inlineConstructorHierarchy(_contract);
/// Check targets created by state variable initialization.
smt::Expression constraints = m_context.assertions();
checkVerificationTargets(constraints);
m_verificationTargets.clear();
}
SMTEncoder::endVisit(_contract); SMTEncoder::endVisit(_contract);
} }
@ -132,10 +138,14 @@ bool BMC::visit(FunctionDefinition const& _function)
solAssert(m_currentContract, ""); solAssert(m_currentContract, "");
auto const& hierarchy = m_currentContract->annotation().linearizedBaseContracts; auto const& hierarchy = m_currentContract->annotation().linearizedBaseContracts;
if (find(hierarchy.begin(), hierarchy.end(), contract) == hierarchy.end()) if (find(hierarchy.begin(), hierarchy.end(), contract) == hierarchy.end())
initializeStateVariables(*contract); createStateVariables(*contract);
if (m_callStack.empty()) if (m_callStack.empty())
{
reset(); reset();
initFunction(_function);
resetStateVariables();
}
/// Already visits the children. /// Already visits the children.
SMTEncoder::visit(_function); SMTEncoder::visit(_function);
@ -447,10 +457,6 @@ void BMC::inlineFunctionCall(FunctionCall const& _funCall)
// The reason why we need to pushCallStack here instead of visit(FunctionDefinition) // The reason why we need to pushCallStack here instead of visit(FunctionDefinition)
// is that there we don't have `_funCall`. // is that there we don't have `_funCall`.
pushCallStack({funDef, &_funCall}); pushCallStack({funDef, &_funCall});
// If an internal function is called to initialize
// a state variable.
if (m_callStack.empty())
initFunction(*funDef);
funDef->accept(*this); funDef->accept(*this);
} }

174
libsolidity/formal/CHC.cpp
View File

@ -65,6 +65,15 @@ void CHC::analyze(SourceUnit const& _source)
m_context.setAssertionAccumulation(false); m_context.setAssertionAccumulation(false);
m_variableUsage.setFunctionInlining(false); m_variableUsage.setFunctionInlining(false);
auto boolSort = make_shared<smt::Sort>(smt::Kind::Bool);
auto genesisSort = make_shared<smt::FunctionSort>(
vector<smt::SortPointer>(),
boolSort
);
m_genesisPredicate = createSymbolicBlock(genesisSort, "genesis");
auto genesis = (*m_genesisPredicate)({});
addRule(genesis, genesis.name);
_source.accept(*this); _source.accept(*this);
} }
@ -94,10 +103,10 @@ bool CHC::visit(ContractDefinition const& _contract)
else else
m_stateSorts.push_back(smt::smtSort(*var->type())); m_stateSorts.push_back(smt::smtSort(*var->type()));
clearIndices(); clearIndices(&_contract);
string interfaceName = "interface_" + _contract.name() + "_" + to_string(_contract.id()); string suffix = _contract.name() + "_" + to_string(_contract.id());
m_interfacePredicate = createSymbolicBlock(interfaceSort(), interfaceName); m_interfacePredicate = createSymbolicBlock(interfaceSort(), "interface_" + suffix);
// TODO create static instances for Bool/Int sorts in SolverInterface. // TODO create static instances for Bool/Int sorts in SolverInterface.
auto boolSort = make_shared<smt::Sort>(smt::Kind::Bool); auto boolSort = make_shared<smt::Sort>(smt::Kind::Bool);
@ -105,27 +114,11 @@ bool CHC::visit(ContractDefinition const& _contract)
vector<smt::SortPointer>(), vector<smt::SortPointer>(),
boolSort boolSort
); );
m_errorPredicate = createSymbolicBlock(errorFunctionSort, "error");
// If the contract has a constructor it is handled as a function. m_errorPredicate = createSymbolicBlock(errorFunctionSort, "error_" + suffix);
// Otherwise we zero-initialize all state vars. m_constructorPredicate = createSymbolicBlock(constructorSort(), "implicit_constructor_" + to_string(_contract.id()));
if (!_contract.constructor()) auto stateExprs = currentStateVariables();
{ setCurrentBlock(*m_interfacePredicate, &stateExprs);
string constructorName = "constructor_" + _contract.name() + "_" + to_string(_contract.id());
m_constructorPredicate = createSymbolicBlock(constructorSort(), constructorName);
smt::Expression constructorPred = (*m_constructorPredicate)({});
addRule(constructorPred, constructorName);
for (auto const& var: m_stateVariables)
{
auto const& symbVar = m_context.variable(*var);
symbVar->increaseIndex();
m_interface->declareVariable(symbVar->currentName(), symbVar->sort());
m_context.setZeroValue(*symbVar);
}
connectBlocks(constructorPred, interface());
}
SMTEncoder::visit(_contract); SMTEncoder::visit(_contract);
return false; return false;
@ -136,6 +129,23 @@ void CHC::endVisit(ContractDefinition const& _contract)
if (!shouldVisit(_contract)) if (!shouldVisit(_contract))
return; return;
for (auto const& var: m_stateVariables)
{
solAssert(m_context.knownVariable(*var), "");
m_context.setZeroValue(*var);
}
auto genesisPred = (*m_genesisPredicate)({});
auto implicitConstructor = (*m_constructorPredicate)(currentStateVariables());
connectBlocks(genesisPred, implicitConstructor);
m_currentBlock = implicitConstructor;
if (auto constructor = _contract.constructor())
constructor->accept(*this);
else
inlineConstructorHierarchy(_contract);
connectBlocks(m_currentBlock, interface());
for (unsigned i = 0; i < m_verificationTargets.size(); ++i) for (unsigned i = 0; i < m_verificationTargets.size(); ++i)
{ {
auto const& target = m_verificationTargets.at(i); auto const& target = m_verificationTargets.at(i);
@ -152,6 +162,16 @@ bool CHC::visit(FunctionDefinition const& _function)
if (!shouldVisit(_function)) if (!shouldVisit(_function))
return false; return false;
// This is the case for base constructor inlining.
if (m_currentFunction)
{
solAssert(m_currentFunction->isConstructor(), "");
solAssert(_function.isConstructor(), "");
solAssert(_function.scope() != m_currentContract, "");
SMTEncoder::visit(_function);
return false;
}
solAssert(!m_currentFunction, "Inlining internal function calls not yet implemented"); solAssert(!m_currentFunction, "Inlining internal function calls not yet implemented");
m_currentFunction = &_function; m_currentFunction = &_function;
@ -163,20 +183,11 @@ bool CHC::visit(FunctionDefinition const& _function)
auto functionPred = predicate(*functionEntryBlock, currentFunctionVariables()); auto functionPred = predicate(*functionEntryBlock, currentFunctionVariables());
auto bodyPred = predicate(*bodyBlock); auto bodyPred = predicate(*bodyBlock);
// Store the constraints related to variable initialization. connectBlocks(m_currentBlock, functionPred);
smt::Expression const& initAssertions = m_context.assertions();
m_context.pushSolver();
connectBlocks(interface(), functionPred);
connectBlocks(functionPred, bodyPred); connectBlocks(functionPred, bodyPred);
m_context.popSolver();
setCurrentBlock(*bodyBlock); setCurrentBlock(*bodyBlock);
// We need to re-add the constraints that were created for initialization of variables.
m_context.addAssertion(initAssertions);
SMTEncoder::visit(*m_currentFunction); SMTEncoder::visit(*m_currentFunction);
return false; return false;
@ -187,10 +198,37 @@ void CHC::endVisit(FunctionDefinition const& _function)
if (!shouldVisit(_function)) if (!shouldVisit(_function))
return; return;
// This is the case for base constructor inlining.
if (m_currentFunction != &_function)
{
solAssert(m_currentFunction && m_currentFunction->isConstructor(), "");
solAssert(_function.isConstructor(), "");
solAssert(_function.scope() != m_currentContract, "");
}
else
{
// We create an extra exit block for constructors that simply
// connects to the interface in case an explicit constructor
// exists in the hierarchy.
// It is not connected directly here, as normal functions are,
// because of the case where there are only implicit constructors.
// This is done in endVisit(ContractDefinition).
if (_function.isConstructor())
{
auto constructorExit = createBlock(&_function, "exit_");
connectBlocks(m_currentBlock, predicate(*constructorExit));
setCurrentBlock(*constructorExit);
}
else
{
connectBlocks(m_currentBlock, interface()); connectBlocks(m_currentBlock, interface());
clearIndices(m_currentContract, m_currentFunction);
solAssert(&_function == m_currentFunction, ""); auto stateExprs = currentStateVariables();
setCurrentBlock(*m_interfacePredicate, &stateExprs);
}
m_currentFunction = nullptr; m_currentFunction = nullptr;
}
SMTEncoder::endVisit(_function); SMTEncoder::endVisit(_function);
} }
@ -445,7 +483,6 @@ void CHC::reset()
m_verificationTargets.clear(); m_verificationTargets.clear();
m_safeAssertions.clear(); m_safeAssertions.clear();
m_unknownFunctionCallSeen = false; m_unknownFunctionCallSeen = false;
m_blockCounter = 0;
m_breakDest = nullptr; m_breakDest = nullptr;
m_continueDest = nullptr; m_continueDest = nullptr;
} }
@ -470,28 +507,31 @@ bool CHC::shouldVisit(FunctionDefinition const& _function) const
{ {
if ( if (
_function.isPublic() && _function.isPublic() &&
_function.isImplemented() && _function.isImplemented()
!_function.isConstructor()
) )
return true; return true;
return false; return false;
} }
void CHC::setCurrentBlock(smt::SymbolicFunctionVariable const& _block) void CHC::setCurrentBlock(
smt::SymbolicFunctionVariable const& _block,
vector<smt::Expression> const* _arguments
)
{ {
m_context.popSolver(); m_context.popSolver();
clearIndices(); solAssert(m_currentContract, "");
clearIndices(m_currentContract, m_currentFunction);
m_context.pushSolver(); m_context.pushSolver();
if (_arguments)
m_currentBlock = predicate(_block, *_arguments);
else
m_currentBlock = predicate(_block); m_currentBlock = predicate(_block);
} }
smt::SortPointer CHC::constructorSort() smt::SortPointer CHC::constructorSort()
{ {
solAssert(m_currentContract, ""); // TODO this will change once we support function calls.
auto boolSort = make_shared<smt::Sort>(smt::Kind::Bool); return interfaceSort();
if (!m_currentContract->constructor())
return make_shared<smt::FunctionSort>(vector<smt::SortPointer>{}, boolSort);
return sort(*m_currentContract->constructor());
} }
smt::SortPointer CHC::interfaceSort() smt::SortPointer CHC::interfaceSort()
@ -556,19 +596,6 @@ unique_ptr<smt::SymbolicFunctionVariable> CHC::createSymbolicBlock(smt::SortPoin
return block; return block;
} }
smt::Expression CHC::constructor()
{
solAssert(m_currentContract, "");
if (!m_currentContract->constructor())
return (*m_constructorPredicate)({});
vector<smt::Expression> paramExprs;
for (auto const& var: m_currentContract->constructor()->parameters())
paramExprs.push_back(m_context.variable(*var)->currentValue());
return (*m_constructorPredicate)(paramExprs);
}
smt::Expression CHC::interface() smt::Expression CHC::interface()
{ {
vector<smt::Expression> paramExprs; vector<smt::Expression> paramExprs;
@ -613,39 +640,33 @@ void CHC::connectBlocks(smt::Expression const& _from, smt::Expression const& _to
addRule(edge, _from.name + "_to_" + _to.name); addRule(edge, _from.name + "_to_" + _to.name);
} }
vector<smt::Expression> CHC::currentStateVariables()
{
solAssert(m_currentContract, "");
vector<smt::Expression> exprs;
for (auto const& var: m_stateVariables)
exprs.push_back(m_context.variable(*var)->currentValue());
return exprs;
}
vector<smt::Expression> CHC::currentFunctionVariables() vector<smt::Expression> CHC::currentFunctionVariables()
{ {
solAssert(m_currentFunction, "");
vector<smt::Expression> paramExprs; vector<smt::Expression> paramExprs;
for (auto const& var: m_stateVariables) if (m_currentFunction)
paramExprs.push_back(m_context.variable(*var)->currentValue());
for (auto const& var: m_currentFunction->parameters() + m_currentFunction->returnParameters()) for (auto const& var: m_currentFunction->parameters() + m_currentFunction->returnParameters())
paramExprs.push_back(m_context.variable(*var)->currentValue()); paramExprs.push_back(m_context.variable(*var)->currentValue());
return paramExprs; return currentStateVariables() + paramExprs;
} }
vector<smt::Expression> CHC::currentBlockVariables() vector<smt::Expression> CHC::currentBlockVariables()
{ {
solAssert(m_currentFunction, "");
vector<smt::Expression> paramExprs; vector<smt::Expression> paramExprs;
if (m_currentFunction)
for (auto const& var: m_currentFunction->localVariables()) for (auto const& var: m_currentFunction->localVariables())
paramExprs.push_back(m_context.variable(*var)->currentValue()); paramExprs.push_back(m_context.variable(*var)->currentValue());
return currentFunctionVariables() + paramExprs; return currentFunctionVariables() + paramExprs;
} }
void CHC::clearIndices()
{
for (auto const& var: m_stateVariables)
m_context.variable(*var)->resetIndex();
if (m_currentFunction)
{
for (auto const& var: m_currentFunction->parameters() + m_currentFunction->returnParameters())
m_context.variable(*var)->resetIndex();
for (auto const& var: m_currentFunction->localVariables())
m_context.variable(*var)->resetIndex();
}
}
string CHC::predicateName(ASTNode const* _node) string CHC::predicateName(ASTNode const* _node)
{ {
string prefix; string prefix;
@ -674,7 +695,6 @@ smt::Expression CHC::predicate(
return _block(_arguments); return _block(_arguments);
} }
void CHC::addRule(smt::Expression const& _rule, string const& _ruleName) void CHC::addRule(smt::Expression const& _rule, string const& _ruleName)
{ {
m_interface->addRule(_rule, _ruleName); m_interface->addRule(_rule, _ruleName);

20
libsolidity/formal/CHC.h
View File

@ -83,7 +83,7 @@ private:
void eraseKnowledge(); void eraseKnowledge();
bool shouldVisit(ContractDefinition const& _contract) const; bool shouldVisit(ContractDefinition const& _contract) const;
bool shouldVisit(FunctionDefinition const& _function) const; bool shouldVisit(FunctionDefinition const& _function) const;
void setCurrentBlock(smt::SymbolicFunctionVariable const& _block); void setCurrentBlock(smt::SymbolicFunctionVariable const& _block, std::vector<smt::Expression> const* _arguments = nullptr);
//@} //@}
/// Sort helpers. /// Sort helpers.
@ -99,8 +99,6 @@ private:
/// @returns a new block of given _sort and _name. /// @returns a new block of given _sort and _name.
std::unique_ptr<smt::SymbolicFunctionVariable> createSymbolicBlock(smt::SortPointer _sort, std::string const& _name); std::unique_ptr<smt::SymbolicFunctionVariable> createSymbolicBlock(smt::SortPointer _sort, std::string const& _name);
/// Constructor predicate over current variables.
smt::Expression constructor();
/// Interface predicate over current variables. /// Interface predicate over current variables.
smt::Expression interface(); smt::Expression interface();
/// Error predicate over current variables. /// Error predicate over current variables.
@ -116,17 +114,16 @@ private:
void connectBlocks(smt::Expression const& _from, smt::Expression const& _to, smt::Expression const& _constraints = smt::Expression(true)); void connectBlocks(smt::Expression const& _from, smt::Expression const& _to, smt::Expression const& _constraints = smt::Expression(true));
/// @returns the current symbolic values of the current state variables.
std::vector<smt::Expression> currentStateVariables();
/// @returns the current symbolic values of the current function's /// @returns the current symbolic values of the current function's
/// input and output parameters. /// input and output parameters.
std::vector<smt::Expression> currentFunctionVariables(); std::vector<smt::Expression> currentFunctionVariables();
/// @returns the samve as currentFunctionVariables plus /// @returns the same as currentFunctionVariables plus
/// local variables. /// local variables.
std::vector<smt::Expression> currentBlockVariables(); std::vector<smt::Expression> currentBlockVariables();
/// Sets the SSA indices of the variables in scope to 0.
/// Used when starting a new block.
void clearIndices();
/// @returns the predicate name for a given node. /// @returns the predicate name for a given node.
std::string predicateName(ASTNode const* _node); std::string predicateName(ASTNode const* _node);
/// @returns a predicate application over the current scoped variables. /// @returns a predicate application over the current scoped variables.
@ -152,8 +149,11 @@ private:
/// Predicates. /// Predicates.
//@{ //@{
/// Constructor predicate. /// Genesis predicate.
/// Default constructor sets state vars to 0. std::unique_ptr<smt::SymbolicFunctionVariable> m_genesisPredicate;
/// Implicit constructor predicate.
/// Explicit constructors are handled as functions.
std::unique_ptr<smt::SymbolicFunctionVariable> m_constructorPredicate; std::unique_ptr<smt::SymbolicFunctionVariable> m_constructorPredicate;
/// Artificial Interface predicate. /// Artificial Interface predicate.

223
libsolidity/formal/SMTEncoder.cpp
View File

@ -22,6 +22,7 @@
#include <libsolidity/formal/SymbolicTypes.h> #include <libsolidity/formal/SymbolicTypes.h>
#include <boost/range/adaptors.hpp> #include <boost/range/adaptors.hpp>
#include <boost/range/adaptor/reversed.hpp>
using namespace std; using namespace std;
using namespace dev; using namespace dev;
@ -39,11 +40,28 @@ bool SMTEncoder::visit(ContractDefinition const& _contract)
solAssert(m_currentContract, ""); solAssert(m_currentContract, "");
for (auto const& node: _contract.subNodes()) for (auto const& node: _contract.subNodes())
if (!dynamic_pointer_cast<FunctionDefinition>(node)) if (
!dynamic_pointer_cast<FunctionDefinition>(node) &&
!dynamic_pointer_cast<VariableDeclaration>(node)
)
node->accept(*this); node->accept(*this);
vector<FunctionDefinition const*> resolvedFunctions = _contract.definedFunctions(); vector<FunctionDefinition const*> resolvedFunctions = _contract.definedFunctions();
for (auto const& base: _contract.annotation().linearizedBaseContracts) for (auto const& base: _contract.annotation().linearizedBaseContracts)
{
// Look for all the constructor invocations bottom up.
if (auto const& constructor = base->constructor())
for (auto const& invocation: constructor->modifiers())
{
auto refDecl = invocation->name()->annotation().referencedDeclaration;
if (auto const& baseContract = dynamic_cast<ContractDefinition const*>(refDecl))
{
solAssert(!m_baseConstructorCalls.count(baseContract), "");
m_baseConstructorCalls[baseContract] = invocation.get();
}
}
// Check for function overrides.
for (auto const& baseFunction: base->definedFunctions()) for (auto const& baseFunction: base->definedFunctions())
{ {
if (baseFunction->isConstructor()) if (baseFunction->isConstructor())
@ -62,10 +80,19 @@ bool SMTEncoder::visit(ContractDefinition const& _contract)
if (!overridden) if (!overridden)
resolvedFunctions.push_back(baseFunction); resolvedFunctions.push_back(baseFunction);
} }
}
// Functions are visited first since they might be used
// for state variable initialization which is part of
// the constructor.
// Constructors are visited as part of the constructor
// hierarchy inlining.
for (auto const& function: resolvedFunctions) for (auto const& function: resolvedFunctions)
if (!function->isConstructor())
function->accept(*this); function->accept(*this);
// Constructors need to be handled by the engines separately.
return false; return false;
} }
@ -73,13 +100,16 @@ void SMTEncoder::endVisit(ContractDefinition const& _contract)
{ {
m_context.resetAllVariables(); m_context.resetAllVariables();
m_baseConstructorCalls.clear();
solAssert(m_currentContract == &_contract, ""); solAssert(m_currentContract == &_contract, "");
m_currentContract = nullptr; m_currentContract = nullptr;
} }
void SMTEncoder::endVisit(VariableDeclaration const& _varDecl) void SMTEncoder::endVisit(VariableDeclaration const& _varDecl)
{ {
if (_varDecl.isLocalVariable() && _varDecl.type()->isValueType() &&_varDecl.value()) // State variables are handled by the constructor.
if (_varDecl.isLocalVariable() &&_varDecl.value())
assignment(_varDecl, *_varDecl.value()); assignment(_varDecl, *_varDecl.value());
} }
@ -90,25 +120,22 @@ bool SMTEncoder::visit(ModifierDefinition const&)
bool SMTEncoder::visit(FunctionDefinition const& _function) bool SMTEncoder::visit(FunctionDefinition const& _function)
{ {
// Not visited by a function call
if (m_callStack.empty())
initFunction(_function);
m_modifierDepthStack.push_back(-1); m_modifierDepthStack.push_back(-1);
if (_function.isConstructor()) if (_function.isConstructor())
{ inlineConstructorHierarchy(dynamic_cast<ContractDefinition const&>(*_function.scope()));
m_errorReporter.warning(
_function.location(), // Base constructors' parameters should be set by explicit calls,
"Assertion checker does not yet support constructors." // but the most derived one needs to be initialized.
); if (_function.scope() == m_currentContract)
} initializeLocalVariables(_function);
else
{
_function.parameterList().accept(*this); _function.parameterList().accept(*this);
if (_function.returnParameterList()) if (_function.returnParameterList())
_function.returnParameterList()->accept(*this); _function.returnParameterList()->accept(*this);
visitFunctionOrModifier(); visitFunctionOrModifier();
}
return false; return false;
} }
@ -130,27 +157,87 @@ void SMTEncoder::visitFunctionOrModifier()
solAssert(m_modifierDepthStack.back() < int(function.modifiers().size()), ""); solAssert(m_modifierDepthStack.back() < int(function.modifiers().size()), "");
ASTPointer<ModifierInvocation> const& modifierInvocation = function.modifiers()[m_modifierDepthStack.back()]; ASTPointer<ModifierInvocation> const& modifierInvocation = function.modifiers()[m_modifierDepthStack.back()];
solAssert(modifierInvocation, ""); solAssert(modifierInvocation, "");
modifierInvocation->accept(*this); auto refDecl = modifierInvocation->name()->annotation().referencedDeclaration;
auto const& modifierDef = dynamic_cast<ModifierDefinition const&>( if (dynamic_cast<ContractDefinition const*>(refDecl))
*modifierInvocation->name()->annotation().referencedDeclaration visitFunctionOrModifier();
); else if (auto modifierDef = dynamic_cast<ModifierDefinition const*>(refDecl))
vector<smt::Expression> modifierArgsExpr; inlineModifierInvocation(modifierInvocation.get(), modifierDef);
if (auto const* arguments = modifierInvocation->arguments()) else
{ solAssert(false, "");
auto const& modifierParams = modifierDef.parameters();
solAssert(modifierParams.size() == arguments->size(), "");
for (unsigned i = 0; i < arguments->size(); ++i)
modifierArgsExpr.push_back(expr(*arguments->at(i), modifierParams.at(i)->type()));
}
initializeFunctionCallParameters(modifierDef, modifierArgsExpr);
pushCallStack({&modifierDef, modifierInvocation.get()});
modifierDef.body().accept(*this);
popCallStack();
} }
--m_modifierDepthStack.back(); --m_modifierDepthStack.back();
} }
void SMTEncoder::inlineModifierInvocation(ModifierInvocation const* _invocation, CallableDeclaration const* _definition)
{
solAssert(_invocation, "");
_invocation->accept(*this);
vector<smt::Expression> args;
if (auto const* arguments = _invocation->arguments())
{
auto const& modifierParams = _definition->parameters();
solAssert(modifierParams.size() == arguments->size(), "");
for (unsigned i = 0; i < arguments->size(); ++i)
args.push_back(expr(*arguments->at(i), modifierParams.at(i)->type()));
}
initializeFunctionCallParameters(*_definition, args);
pushCallStack({_definition, _invocation});
if (auto modifier = dynamic_cast<ModifierDefinition const*>(_definition))
{
modifier->body().accept(*this);
popCallStack();
}
else if (auto function = dynamic_cast<FunctionDefinition const*>(_definition))
{
if (function->isImplemented())
function->accept(*this);
// Functions are popped from the callstack in endVisit(FunctionDefinition)
}
}
void SMTEncoder::inlineConstructorHierarchy(ContractDefinition const& _contract)
{
auto const& hierarchy = m_currentContract->annotation().linearizedBaseContracts;
auto it = find(begin(hierarchy), end(hierarchy), &_contract);
solAssert(it != end(hierarchy), "");
auto nextBase = it + 1;
// Initialize the base contracts here as long as their constructors are implicit,
// stop when the first explicit constructor is found.
while (nextBase != end(hierarchy))
{
if (auto baseConstructor = (*nextBase)->constructor())
{
createLocalVariables(*baseConstructor);
// If any subcontract explicitly called baseConstructor, use those arguments.
if (m_baseConstructorCalls.count(*nextBase))
inlineModifierInvocation(m_baseConstructorCalls.at(*nextBase), baseConstructor);
else if (baseConstructor->isImplemented())
{
// The first constructor found is handled like a function
// and its pushed into the callstack there.
// This if avoids duplication in the callstack.
if (!m_callStack.empty())
pushCallStack({baseConstructor, nullptr});
baseConstructor->accept(*this);
// popped by endVisit(FunctionDefinition)
}
break;
}
else
{
initializeStateVariables(**nextBase);
++nextBase;
}
}
initializeStateVariables(_contract);
}
bool SMTEncoder::visit(PlaceholderStatement const&) bool SMTEncoder::visit(PlaceholderStatement const&)
{ {
solAssert(!m_callStack.empty(), ""); solAssert(!m_callStack.empty(), "");
@ -551,20 +638,25 @@ void SMTEncoder::initContract(ContractDefinition const& _contract)
solAssert(m_currentContract == nullptr, ""); solAssert(m_currentContract == nullptr, "");
m_currentContract = &_contract; m_currentContract = &_contract;
initializeStateVariables(_contract); m_context.reset();
m_context.pushSolver();
createStateVariables(_contract);
clearIndices(m_currentContract, nullptr);
} }
void SMTEncoder::initFunction(FunctionDefinition const& _function) void SMTEncoder::initFunction(FunctionDefinition const& _function)
{ {
solAssert(m_callStack.empty(), ""); solAssert(m_callStack.empty(), "");
solAssert(m_currentContract, "");
m_context.reset(); m_context.reset();
m_context.pushSolver(); m_context.pushSolver();
m_pathConditions.clear(); m_pathConditions.clear();
pushCallStack({&_function, nullptr}); pushCallStack({&_function, nullptr});
m_uninterpretedTerms.clear(); m_uninterpretedTerms.clear();
resetStateVariables(); createStateVariables(*m_currentContract);
initializeLocalVariables(_function); createLocalVariables(_function);
m_arrayAssignmentHappened = false; m_arrayAssignmentHappened = false;
clearIndices(m_currentContract, &_function);
} }
void SMTEncoder::visitAssert(FunctionCall const& _funCall) void SMTEncoder::visitAssert(FunctionCall const& _funCall)
@ -1239,26 +1331,61 @@ void SMTEncoder::initializeFunctionCallParameters(CallableDeclaration const& _fu
} }
} }
void SMTEncoder::initializeStateVariables(ContractDefinition const& _contract) void SMTEncoder::createStateVariables(ContractDefinition const& _contract)
{ {
for (auto var: _contract.stateVariablesIncludingInherited()) for (auto var: _contract.stateVariablesIncludingInherited())
createVariable(*var); createVariable(*var);
} }
void SMTEncoder::initializeLocalVariables(FunctionDefinition const& _function) void SMTEncoder::initializeStateVariables(ContractDefinition const& _contract)
{
for (auto var: _contract.stateVariables())
{
solAssert(m_context.knownVariable(*var), "");
m_context.setZeroValue(*var);
}
for (auto var: _contract.stateVariables())
if (var->value())
{
var->value()->accept(*this);
assignment(*var, *var->value());
}
}
void SMTEncoder::createLocalVariables(FunctionDefinition const& _function)
{ {
for (auto const& variable: _function.localVariables()) for (auto const& variable: _function.localVariables())
if (createVariable(*variable)) createVariable(*variable);
m_context.setZeroValue(*variable);
for (auto const& param: _function.parameters()) for (auto const& param: _function.parameters())
if (createVariable(*param)) createVariable(*param);
m_context.setUnknownValue(*param);
if (_function.returnParameterList()) if (_function.returnParameterList())
for (auto const& retParam: _function.returnParameters()) for (auto const& retParam: _function.returnParameters())
if (createVariable(*retParam)) createVariable(*retParam);
}
void SMTEncoder::initializeLocalVariables(FunctionDefinition const& _function)
{
for (auto const& variable: _function.localVariables())
{
solAssert(m_context.knownVariable(*variable), "");
m_context.setZeroValue(*variable);
}
for (auto const& param: _function.parameters())
{
solAssert(m_context.knownVariable(*param), "");
m_context.setUnknownValue(*param);
}
if (_function.returnParameterList())
for (auto const& retParam: _function.returnParameters())
{
solAssert(m_context.knownVariable(*retParam), "");
m_context.setZeroValue(*retParam); m_context.setZeroValue(*retParam);
}
} }
void SMTEncoder::resetStateVariables() void SMTEncoder::resetStateVariables()
@ -1438,6 +1565,20 @@ void SMTEncoder::resetVariableIndices(VariableIndices const& _indices)
m_context.variable(*var.first)->index() = var.second; m_context.variable(*var.first)->index() = var.second;
} }
void SMTEncoder::clearIndices(ContractDefinition const* _contract, FunctionDefinition const* _function)
{
solAssert(_contract, "");
for (auto var: _contract->stateVariablesIncludingInherited())
m_context.variable(*var)->resetIndex();
if (_function)
{
for (auto const& var: _function->parameters() + _function->returnParameters())
m_context.variable(*var)->resetIndex();
for (auto const& var: _function->localVariables())
m_context.variable(*var)->resetIndex();
}
}
Expression const* SMTEncoder::leftmostBase(IndexAccess const& _indexAccess) Expression const* SMTEncoder::leftmostBase(IndexAccess const& _indexAccess)
{ {
Expression const* base = &_indexAccess.baseExpression(); Expression const* base = &_indexAccess.baseExpression();

13
libsolidity/formal/SMTEncoder.h
View File

@ -122,6 +122,12 @@ protected:
/// visit depth. /// visit depth.
void visitFunctionOrModifier(); void visitFunctionOrModifier();
/// Inlines a modifier or base constructor call.
void inlineModifierInvocation(ModifierInvocation const* _invocation, CallableDeclaration const* _definition);
/// Inlines the constructor hierarchy into a single constructor.
void inlineConstructorHierarchy(ContractDefinition const& _contract);
/// Defines a new global variable or function. /// Defines a new global variable or function.
void defineGlobalVariable(std::string const& _name, Expression const& _expr, bool _increaseIndex = false); void defineGlobalVariable(std::string const& _name, Expression const& _expr, bool _increaseIndex = false);
@ -161,7 +167,9 @@ protected:
using CallStackEntry = std::pair<CallableDeclaration const*, ASTNode const*>; using CallStackEntry = std::pair<CallableDeclaration const*, ASTNode const*>;
void createStateVariables(ContractDefinition const& _contract);
void initializeStateVariables(ContractDefinition const& _contract); void initializeStateVariables(ContractDefinition const& _contract);
void createLocalVariables(FunctionDefinition const& _function);
void initializeLocalVariables(FunctionDefinition const& _function); void initializeLocalVariables(FunctionDefinition const& _function);
void initializeFunctionCallParameters(CallableDeclaration const& _function, std::vector<smt::Expression> const& _callArgs); void initializeFunctionCallParameters(CallableDeclaration const& _function, std::vector<smt::Expression> const& _callArgs);
void resetStateVariables(); void resetStateVariables();
@ -209,6 +217,9 @@ protected:
VariableIndices copyVariableIndices(); VariableIndices copyVariableIndices();
/// Resets the variable indices. /// Resets the variable indices.
void resetVariableIndices(VariableIndices const& _indices); void resetVariableIndices(VariableIndices const& _indices);
/// Used when starting a new block.
void clearIndices(ContractDefinition const* _contract, FunctionDefinition const* _function = nullptr);
/// @returns variables that are touched in _node's subtree. /// @returns variables that are touched in _node's subtree.
std::set<VariableDeclaration const*> touchedVariables(ASTNode const& _node); std::set<VariableDeclaration const*> touchedVariables(ASTNode const& _node);
@ -253,6 +264,8 @@ protected:
/// Needs to be a stack because of function calls. /// Needs to be a stack because of function calls.
std::vector<int> m_modifierDepthStack; std::vector<int> m_modifierDepthStack;
std::map<ContractDefinition const*, ModifierInvocation const*> m_baseConstructorCalls;
ContractDefinition const* m_currentContract = nullptr; ContractDefinition const* m_currentContract = nullptr;
/// Stores the context of the encoding. /// Stores the context of the encoding.

3
test/libsolidity/smtCheckerTests/complex/slither/const_state_variables.sol
View File

@ -53,6 +53,5 @@ contract MyConc{
// ---- // ----
// Warning: (773-792): This declaration shadows an existing declaration. // Warning: (773-792): This declaration shadows an existing declaration.
// Warning: (1009-1086): Function state mutability can be restricted to view // Warning: (1009-1086): Function state mutability can be restricted to view
// Warning: (874-879): Underflow (resulting value less than 0) happens here. // Warning: (985-1002): Underflow (resulting value less than 0) happens here.
// Warning: (874-879): Overflow (resulting value larger than 2**256 - 1) happens here.
// Warning: (985-1002): Overflow (resulting value larger than 2**256 - 1) happens here. // Warning: (985-1002): Overflow (resulting value larger than 2**256 - 1) happens here.

1
test/libsolidity/smtCheckerTests/complex/slither/data_dependency.sol
View File

@ -137,4 +137,3 @@ contract PropagateThroughReturnValue {
// Warning: (748-755): Assertion checker does not yet support this expression. // Warning: (748-755): Assertion checker does not yet support this expression.
// Warning: (748-751): Assertion checker does not yet implement type struct Reference.St storage pointer // Warning: (748-751): Assertion checker does not yet implement type struct Reference.St storage pointer
// Warning: (748-770): Assertion checker does not yet implement such assignments. // Warning: (748-770): Assertion checker does not yet implement such assignments.
// Warning: (849-905): Assertion checker does not yet support constructors.

2
test/libsolidity/smtCheckerTests/functions/constructor_base_basic.sol
View File

@ -13,5 +13,3 @@ contract B is A {
} }
} }
// ---- // ----
// Warning: (56-90): Assertion checker does not yet support constructors.
// Warning: (113-151): Assertion checker does not yet support constructors.

18
test/libsolidity/smtCheckerTests/functions/constructor_hierarchy.sol
View File

@ -1,6 +1,16 @@
pragma experimental SMTChecker; pragma experimental SMTChecker;
contract C { constructor(uint) public {} } contract C {
contract A is C { constructor() C(2) public {} } uint a;
constructor(uint x) public {
a = x;
}
}
contract A is C {
constructor() C(2) public {
assert(a == 2);
assert(a == 3);
}
}
// ---- // ----
// Warning: (45-72): Assertion checker does not yet support constructors. // Warning: (166-180): Assertion violation happens here
// Warning: (93-121): Assertion checker does not yet support constructors.

13
test/libsolidity/smtCheckerTests/functions/constructor_hierarchy_2.sol
View File

@ -1,10 +1,7 @@
pragma experimental SMTChecker; pragma experimental SMTChecker;
contract C { constructor(uint) public {} } contract C { uint a; constructor(uint x) public { a = x; } }
contract A is C { constructor() C(2) public {} } contract A is C { constructor() C(2) public { assert(a == 2); } }
contract B is C { constructor() C(3) public {} } contract B is C { constructor() C(3) public { assert(a == 3); } }
contract J is C { constructor() C(3) public {} } contract J is C { constructor() C(3) public { assert(a == 4); } }
// ---- // ----
// Warning: (45-72): Assertion checker does not yet support constructors. // Warning: (271-285): Assertion violation happens here
// Warning: (93-121): Assertion checker does not yet support constructors.
// Warning: (142-170): Assertion checker does not yet support constructors.
// Warning: (191-219): Assertion checker does not yet support constructors.

22
test/libsolidity/smtCheckerTests/functions/constructor_hierarchy_3.sol Normal file
View File

@ -0,0 +1,22 @@
pragma experimental SMTChecker;
contract C {
uint a;
constructor(uint x) public {
a = x;
}
}
contract B is C {
constructor(uint x) public {
a = x;
}
}
contract A is B {
constructor(uint x) B(x) C(x + 2) public {
assert(a == x);
assert(a == x + 1);
}
}
// ----
// Warning: (244-262): Assertion violation happens here

23
test/libsolidity/smtCheckerTests/functions/constructor_hierarchy_4.sol Normal file
View File

@ -0,0 +1,23 @@
pragma experimental SMTChecker;
contract C {
uint a;
constructor(uint x) public {
a = x;
}
}
contract B is C {
constructor(uint x) public {
a = x;
}
}
contract A is B {
constructor(uint x) C(x + 2) B(x + 1) public {
assert(a == x + 1);
}
}
// ----
// Warning: (212-217): Overflow (resulting value larger than 2**256 - 1) happens here
// Warning: (203-208): Overflow (resulting value larger than 2**256 - 1) happens here
// Warning: (242-247): Overflow (resulting value larger than 2**256 - 1) happens here

29
test/libsolidity/smtCheckerTests/functions/constructor_hierarchy_diamond.sol Normal file
View File

@ -0,0 +1,29 @@
pragma experimental SMTChecker;
contract C {
uint a;
constructor(uint x) public {
a = x;
}
}
contract B1 is C {
constructor(uint x) public {
a = x;
}
}
contract B2 is C {
constructor(uint x) C(x + 2) public {
a = x;
}
}
contract A is B2, B1 {
constructor(uint x) B2(x) B1(x) public {
assert(a == x);
assert(a == x + 1);
}
}
// ----
// Warning: (205-210): Overflow (resulting value larger than 2**256 - 1) happens here
// Warning: (321-339): Assertion violation happens here

29
test/libsolidity/smtCheckerTests/functions/constructor_hierarchy_diamond_2.sol Normal file
View File

@ -0,0 +1,29 @@
pragma experimental SMTChecker;
contract C {
uint a;
constructor(uint x) public {
a = x;
}
}
contract B1 is C {
constructor(uint x) public {
a = x;
}
}
contract B2 is C {
constructor(uint x) C(x + 2) public {
a = x;
}
}
contract A is B2, B1 {
constructor(uint x) B1(x) B2(x) public {
assert(a == x);
assert(a == x + 1);
}
}
// ----
// Warning: (205-210): Overflow (resulting value larger than 2**256 - 1) happens here
// Warning: (321-339): Assertion violation happens here

34
test/libsolidity/smtCheckerTests/functions/constructor_hierarchy_diamond_3.sol Normal file
View File

@ -0,0 +1,34 @@
pragma experimental SMTChecker;
contract C {
uint a;
constructor(uint x) public {
a = x;
}
}
contract B1 is C {
uint b1;
constructor(uint x) public {
b1 = x + a;
}
}
contract B2 is C {
uint b2;
constructor(uint x) C(x + 2) public {
b2 = x + a;
}
}
contract A is B2, B1 {
constructor(uint x) B2(x) B1(x) public {
assert(b1 == b2);
assert(b1 != b2);
}
}
// ----
// Warning: (165-170): Underflow (resulting value less than 0) happens here
// Warning: (165-170): Overflow (resulting value larger than 2**256 - 1) happens here
// Warning: (230-235): Overflow (resulting value larger than 2**256 - 1) happens here
// Warning: (253-258): Overflow (resulting value larger than 2**256 - 1) happens here
// Warning: (353-369): Assertion violation happens here

23
test/libsolidity/smtCheckerTests/functions/constructor_hierarchy_diamond_empty_middle.sol Normal file
View File

@ -0,0 +1,23 @@
pragma experimental SMTChecker;
contract C {
uint a;
constructor() public {
a = 2;
}
}
contract B is C {
}
contract B2 is C {
}
contract A is B, B2 {
constructor(uint x) public {
assert(a == 2);
assert(a == 3);
}
}
// ----
// Warning: (171-177): Unused function parameter. Remove or comment out the variable name to silence this warning.
// Warning: (208-222): Assertion violation happens here

19
test/libsolidity/smtCheckerTests/functions/constructor_hierarchy_diamond_empty_middle_empty_base.sol Normal file
View File

@ -0,0 +1,19 @@
pragma experimental SMTChecker;
contract C {
uint a;
constructor() public {
a = 2;
}
}
contract B is C {
}
contract B2 is C {
constructor() public {
assert(a == 2);
}
}
contract A is B, B2 {
}

22
test/libsolidity/smtCheckerTests/functions/constructor_hierarchy_empty_chain.sol Normal file
View File

@ -0,0 +1,22 @@
pragma experimental SMTChecker;
contract F {
uint a;
constructor() public {
a = 2;
}
}
contract E is F {}
contract D is E {}
contract C is D {}
contract B is C {}
contract A is B {
constructor(uint x) public {
assert(a == 2);
assert(a == 3);
}
}
// ----
// Warning: (201-207): Unused function parameter. Remove or comment out the variable name to silence this warning.
// Warning: (238-252): Assertion violation happens here

20
test/libsolidity/smtCheckerTests/functions/constructor_hierarchy_empty_middle.sol Normal file
View File

@ -0,0 +1,20 @@
pragma experimental SMTChecker;
contract C {
uint a;
constructor() public {
a = 2;
}
}
contract B is C {
}
contract A is B {
constructor(uint x) B() public {
assert(a == 2);
assert(a == 3);
}
}
// ----
// Warning: (145-151): Unused function parameter. Remove or comment out the variable name to silence this warning.
// Warning: (186-200): Assertion violation happens here

19
test/libsolidity/smtCheckerTests/functions/constructor_hierarchy_empty_middle_no_invocation.sol Normal file
View File

@ -0,0 +1,19 @@
pragma experimental SMTChecker;
contract C {
uint a;
constructor() public {
a = 2;
}
}
contract B is C {
}
contract A is B {
constructor(uint x) public {
assert(a == 3);
}
}
// ----
// Warning: (145-151): Unused function parameter. Remove or comment out the variable name to silence this warning.
// Warning: (164-178): Assertion violation happens here

30
test/libsolidity/smtCheckerTests/functions/constructor_hierarchy_mixed_chain.sol Normal file
View File

@ -0,0 +1,30 @@
pragma experimental SMTChecker;
contract F {
uint a;
constructor() public {
a = 2;
}
}
contract E is F {}
contract D is E {
constructor() public {
a = 3;
}
}
contract C is D {}
contract B is C {
constructor() public {
a = 4;
}
}
contract A is B {
constructor(uint x) public {
assert(a == 4);
assert(a == 5);
}
}
// ----
// Warning: (275-281): Unused function parameter. Remove or comment out the variable name to silence this warning.
// Warning: (312-326): Assertion violation happens here

24
test/libsolidity/smtCheckerTests/functions/constructor_hierarchy_mixed_chain_empty_base.sol Normal file
View File

@ -0,0 +1,24 @@
pragma experimental SMTChecker;
contract F {
uint a;
constructor() public {
a = 2;
}
}
contract E is F {}
contract D is E {
constructor() public {
a = 3;
}
}
contract C is D {}
contract B is C {
constructor() public {
assert(a == 3);
a = 4;
}
}
contract A is B {
}

29
test/libsolidity/smtCheckerTests/functions/constructor_hierarchy_mixed_chain_with_params.sol Normal file
View File

@ -0,0 +1,29 @@
pragma experimental SMTChecker;
contract F {
uint a;
constructor(uint x) public {
a = x;
}
}
contract E is F {}
contract D is E {
constructor() public {
a = 3;
}
}
contract C is D {}
contract B is C {
constructor(uint x) F(x + 1) public {
}
}
contract A is B {
constructor(uint x) B(x) public {
assert(a == 3);
assert(a == 4);
}
}
// ----
// Warning: (234-239): Overflow (resulting value larger than 2**256 - 1) happens here
// Warning: (329-343): Assertion violation happens here

27
test/libsolidity/smtCheckerTests/functions/constructor_hierarchy_mixed_chain_with_params_2.sol Normal file
View File

@ -0,0 +1,27 @@
pragma experimental SMTChecker;
contract F {
uint a;
constructor(uint x) public {
a = x;
}
}
contract E is F {}
contract D is E {
constructor() public {
a = 3;
}
}
contract C is D {}
contract B is C {
constructor() F(1) public {
assert(a == 3);
assert(a == 2);
}
}
contract A is B {
}
// ----
// Warning: (260-274): Assertion violation happens here
// Warning: (260-274): Assertion violation happens here

17
test/libsolidity/smtCheckerTests/functions/constructor_hierarchy_modifier.sol Normal file
View File

@ -0,0 +1,17 @@
pragma experimental SMTChecker;
contract C {
uint a;
modifier n { _; a = 7; }
constructor(uint x) n public {
a = x;
}
}
contract A is C {
modifier m { a = 5; _; }
constructor() C(2) public {
assert(a == 4);
}
}
// ----
// Warning: (202-216): Assertion violation happens here

16
test/libsolidity/smtCheckerTests/functions/constructor_hierarchy_same_var.sol Normal file
View File

@ -0,0 +1,16 @@
pragma experimental SMTChecker;
contract C {
uint a;
constructor(uint x) public {
a = x;
}
}
contract A is C {
constructor() C(2) public {
assert(a == 0);
assert(C.a == 0);
}
}
// ----
// Warning: (148-162): Assertion violation happens here

16
test/libsolidity/smtCheckerTests/functions/constructor_simple.sol Normal file
View File

@ -0,0 +1,16 @@
pragma experimental SMTChecker;
contract C {
uint x;
constructor() public {
assert(x == 0);
x = 10;
}
function f(uint y) public view {
assert(y == x);
}
}
// ----
// Warning: (148-162): Assertion violation happens here

16
test/libsolidity/smtCheckerTests/functions/constructor_state_value.sol Normal file
View File

@ -0,0 +1,16 @@
pragma experimental SMTChecker;
contract C {
uint x = 5;
constructor() public {
assert(x == 5);
x = 10;
}
function f(uint y) public view {
assert(y == x);
}
}
// ----
// Warning: (152-166): Assertion violation happens here

18
test/libsolidity/smtCheckerTests/functions/constructor_state_value_inherited.sol Normal file
View File

@ -0,0 +1,18 @@
pragma experimental SMTChecker;
contract B {
uint x = 5;
}
contract C is B {
constructor() public {
assert(x == 5);
x = 10;
}
function f(uint y) public view {
assert(y == x);
}
}
// ----
// Warning: (172-186): Assertion violation happens here

17
test/libsolidity/smtCheckerTests/functions/constructor_state_value_parameter.sol Normal file
View File

@ -0,0 +1,17 @@
pragma experimental SMTChecker;
contract C {
uint x = 5;
constructor(uint a, uint b) public {
assert(x == 5);
x = a + b;
}
function f(uint y) public view {
assert(y == x);
}
}
// ----
// Warning: (169-183): Assertion violation happens here
// Warning: (122-127): Overflow (resulting value larger than 2**256 - 1) happens here

29
test/libsolidity/smtCheckerTests/inheritance/constructor_hierarchy_mixed_chain_with_params.sol Normal file
View File

@ -0,0 +1,29 @@
pragma experimental SMTChecker;
contract F {
uint a;
constructor(uint x) public {
a = x;
}
}
contract E is F {}
contract D is E {
constructor() public {
a = 3;
}
}
contract C is D {}
contract B is C {
constructor(uint x) F(x + 1) public {
}
}
contract A is B {
constructor(uint x) B(x) public {
assert(a == 3);
assert(a == 4);
}
}
// ----
// Warning: (234-239): Overflow (resulting value larger than 2**256 - 1) happens here
// Warning: (329-343): Assertion violation happens here

11
test/libsolidity/smtCheckerTests/inheritance/constructor_state_variable_init.sol Normal file
View File

@ -0,0 +1,11 @@
pragma experimental SMTChecker;
contract C {
uint x = 2;
constructor () public {
assert(x == 2);
assert(x == 3);
}
}
// ----
// Warning: (104-118): Assertion violation happens here

14
test/libsolidity/smtCheckerTests/inheritance/constructor_state_variable_init_base.sol Normal file
View File

@ -0,0 +1,14 @@
pragma experimental SMTChecker;
contract C {
uint x = 2;
}
contract D is C {
constructor() public {
assert(x == 2);
assert(x == 3);
}
}
// ----
// Warning: (124-138): Assertion violation happens here

22
test/libsolidity/smtCheckerTests/inheritance/constructor_state_variable_init_chain.sol Normal file
View File

@ -0,0 +1,22 @@
pragma experimental SMTChecker;
contract A {
uint x = 1;
}
contract B is A {
constructor() public { x = 2; }
}
contract C is B {
constructor() public { x = 3; }
}
contract D is C {
constructor() public {
assert(x == 3);
assert(x == 2);
}
}
// ----
// Warning: (232-246): Assertion violation happens here

21
test/libsolidity/smtCheckerTests/inheritance/constructor_state_variable_init_chain_alternate.sol Normal file
View File

@ -0,0 +1,21 @@
pragma experimental SMTChecker;
contract A {
uint x = 1;
}
contract B is A {
constructor() public { x = 2; }
}
contract C is B {
}
contract D is C {
constructor() public {
assert(x == 2);
assert(x == 3);
}
}
// ----
// Warning: (199-213): Assertion violation happens here

27
test/libsolidity/smtCheckerTests/inheritance/constructor_state_variable_init_chain_run_all.sol Normal file
View File

@ -0,0 +1,27 @@
pragma experimental SMTChecker;
contract C {
uint a;
constructor(uint x) public {
a = x;
}
}
contract B is C {
uint b;
constructor(uint x) public {
b = a + x;
}
}
contract A is B {
constructor(uint x) B(x) C(x + 2) public {
assert(a == x + 2);
assert(b == x + x + 2);
assert(a == x + 5);
}
}
// ----
// Warning: (162-167): Underflow (resulting value less than 0) happens here
// Warning: (162-167): Overflow (resulting value larger than 2**256 - 1) happens here
// Warning: (287-305): Assertion violation happens here

26
test/libsolidity/smtCheckerTests/inheritance/constructor_state_variable_init_chain_run_all_2.sol Normal file
View File

@ -0,0 +1,26 @@
pragma experimental SMTChecker;
contract C {
uint a;
constructor(uint x) public {
a = x;
}
}
contract B is C {
uint b;
constructor(uint x) public {
b = x + 10;
}
}
contract A is B {
constructor(uint x) B(x) C(x + 2) public {
assert(a == x + 2);
assert(b == x + 10);
assert(b == x + 5);
}
}
// ----
// Warning: (162-168): Overflow (resulting value larger than 2**256 - 1) happens here
// Warning: (285-303): Assertion violation happens here

20
test/libsolidity/smtCheckerTests/inheritance/constructor_state_variable_init_diamond.sol Normal file
View File

@ -0,0 +1,20 @@
pragma experimental SMTChecker;
contract A {
uint x = 2;
}
contract B is A {
}
contract C is A {
}
contract D is B, C {
constructor() public {
assert(x == 2);
assert(x == 3);
}
}
// ----
// Warning: (169-183): Assertion violation happens here

22
test/libsolidity/smtCheckerTests/inheritance/constructor_state_variable_init_diamond_middle.sol Normal file
View File

@ -0,0 +1,22 @@
pragma experimental SMTChecker;
contract A {
uint x = 1;
}
contract B is A {
constructor() public { x = 2; }
}
contract C is A {
constructor() public { x = 3; }
}
contract D is B, C {
constructor() public {
assert(x == 3);
assert(x == 4);
}
}
// ----
// Warning: (235-249): Assertion violation happens here

17
test/libsolidity/smtCheckerTests/inheritance/constructor_state_variable_init_function_call.sol Normal file
View File

@ -0,0 +1,17 @@
pragma experimental SMTChecker;
contract C {
uint x = f(2);
constructor () public {
assert(x == 2);
}
function f(uint y) internal view returns (uint) {
assert(y > 0);
assert(x == 0);
return y;
}
}
// ----
// Warning: (162-175): Assertion violation happens here
// Warning: (179-193): Assertion violation happens here

2
test/libsolidity/smtCheckerTests/inheritance/functions_1.sol
View File

@ -15,7 +15,7 @@ contract A {
// 2 warnings, B.f and A.g // 2 warnings, B.f and A.g
contract B is A { contract B is A {
function f() public view { function f() public view {
assert(x == 0); assert(x == 1);
} }
} }
// ---- // ----

2
test/libsolidity/smtCheckerTests/inheritance/functions_2.sol
View File

@ -17,7 +17,7 @@ contract B is A {
uint y; uint y;
function f() public view { function f() public view {
assert(x == 0); assert(x == 1);
} }
} }
// ---- // ----

8
test/libsolidity/smtCheckerTests/inheritance/functions_3.sol
View File

@ -17,10 +17,10 @@ contract B is A {
uint y; uint y;
function f() public view { function f() public view {
assert(x == 0); assert(x == 1);
} }
function h() public view { function h() public view {
assert(x == 2); assert(x == 1);
} }
} }
@ -29,10 +29,10 @@ contract C is B {
uint z; uint z;
function f() public view { function f() public view {
assert(x == 0); assert(x == 1);
} }
function i() public view { function i() public view {
assert(x == 0); assert(x == 1);
} }
} }
// ---- // ----

16
test/libsolidity/smtCheckerTests/inheritance/implicit_constructor_hierarchy.sol Normal file
View File

@ -0,0 +1,16 @@
pragma experimental SMTChecker;
contract A {
uint x;
constructor (uint y) public { assert(x == 0); x = y; }
}
contract B is A {
constructor () A(2) public { assert(x == 2); }
}
contract C is B {
function f() public view {
assert(x == 2);
}
}

20
test/libsolidity/smtCheckerTests/inheritance/implicit_only_constructor_hierarchy.sol Normal file
View File

@ -0,0 +1,20 @@
pragma experimental SMTChecker;
contract A {
uint x;
function h() public view {
assert(x == 0);
}
}
contract B is A {
function g() public view {
assert(x == 0);
}
}
contract C is B {
function f() public view {
assert(x == 0);
}
}