mirror of
https://github.com/ethereum/solidity
synced 2023-10-03 13:03:40 +00:00
Merge pull request #9706 from ethereum/smt_fix_tuple_lvalue
[SMTChecker] Fix unary operator on lvalue tuple
This commit is contained in:
commit
c9ca1d1814
@ -20,6 +20,7 @@ Bugfixes:
|
||||
* SMTChecker: Fix internal error in BMC function inlining.
|
||||
* SMTChecker: Fix internal error on array implicit conversion.
|
||||
* SMTChecker: Fix internal error on fixed bytes index access.
|
||||
* SMTChecker: Fix internal error on lvalue unary operators with tuples.
|
||||
* SMTChecker: Fix soundness of array ``pop``.
|
||||
* References Resolver: Fix internal bug when using constructor for library.
|
||||
* Yul Optimizer: Make function inlining order more resilient to whether or not unrelated source files are present.
|
||||
|
@ -49,9 +49,7 @@ public:
|
||||
|
||||
// Z3 "basic resources" limit.
|
||||
// This is used to make the runs more deterministic and platform/machine independent.
|
||||
// The tests start failing for Z3 with less than 10000000,
|
||||
// so using double that.
|
||||
static int const resourceLimit = 20000000;
|
||||
static int const resourceLimit = 12500000;
|
||||
|
||||
private:
|
||||
void declareFunction(std::string const& _name, Sort const& _sort);
|
||||
|
@ -463,12 +463,14 @@ void SMTEncoder::endVisit(UnaryOperation const& _op)
|
||||
|
||||
createExpr(_op);
|
||||
|
||||
auto const* subExpr = innermostTuple(_op.subExpression());
|
||||
|
||||
switch (_op.getOperator())
|
||||
{
|
||||
case Token::Not: // !
|
||||
{
|
||||
solAssert(smt::isBool(_op.annotation().type->category()), "");
|
||||
defineExpr(_op, !expr(_op.subExpression()));
|
||||
defineExpr(_op, !expr(*subExpr));
|
||||
break;
|
||||
}
|
||||
case Token::Inc: // ++ (pre- or postfix)
|
||||
@ -476,8 +478,8 @@ void SMTEncoder::endVisit(UnaryOperation const& _op)
|
||||
{
|
||||
auto cat = _op.annotation().type->category();
|
||||
solAssert(smt::isInteger(cat) || smt::isFixedPoint(cat), "");
|
||||
solAssert(_op.subExpression().annotation().willBeWrittenTo, "");
|
||||
if (auto identifier = dynamic_cast<Identifier const*>(&_op.subExpression()))
|
||||
solAssert(subExpr->annotation().willBeWrittenTo, "");
|
||||
if (auto identifier = dynamic_cast<Identifier const*>(subExpr))
|
||||
{
|
||||
auto decl = identifierToVariable(*identifier);
|
||||
solAssert(decl, "");
|
||||
@ -486,12 +488,12 @@ void SMTEncoder::endVisit(UnaryOperation const& _op)
|
||||
defineExpr(_op, _op.isPrefixOperation() ? newValue : innerValue);
|
||||
assignment(*decl, newValue);
|
||||
}
|
||||
else if (dynamic_cast<IndexAccess const*>(&_op.subExpression()))
|
||||
else if (dynamic_cast<IndexAccess const*>(subExpr))
|
||||
{
|
||||
auto innerValue = expr(_op.subExpression());
|
||||
auto innerValue = expr(*subExpr);
|
||||
auto newValue = _op.getOperator() == Token::Inc ? innerValue + 1 : innerValue - 1;
|
||||
defineExpr(_op, _op.isPrefixOperation() ? newValue : innerValue);
|
||||
arrayIndexAssignment(_op.subExpression(), newValue);
|
||||
arrayIndexAssignment(*subExpr, newValue);
|
||||
}
|
||||
else
|
||||
m_errorReporter.warning(
|
||||
@ -504,25 +506,24 @@ void SMTEncoder::endVisit(UnaryOperation const& _op)
|
||||
}
|
||||
case Token::Sub: // -
|
||||
{
|
||||
defineExpr(_op, 0 - expr(_op.subExpression()));
|
||||
defineExpr(_op, 0 - expr(*subExpr));
|
||||
break;
|
||||
}
|
||||
case Token::Delete:
|
||||
{
|
||||
auto const& subExpr = _op.subExpression();
|
||||
if (auto decl = identifierToVariable(subExpr))
|
||||
if (auto decl = identifierToVariable(*subExpr))
|
||||
{
|
||||
m_context.newValue(*decl);
|
||||
m_context.setZeroValue(*decl);
|
||||
}
|
||||
else
|
||||
{
|
||||
solAssert(m_context.knownExpression(subExpr), "");
|
||||
auto const& symbVar = m_context.expression(subExpr);
|
||||
solAssert(m_context.knownExpression(*subExpr), "");
|
||||
auto const& symbVar = m_context.expression(*subExpr);
|
||||
symbVar->increaseIndex();
|
||||
m_context.setZeroValue(*symbVar);
|
||||
if (dynamic_cast<IndexAccess const*>(&_op.subExpression()))
|
||||
arrayIndexAssignment(_op.subExpression(), symbVar->currentValue());
|
||||
if (dynamic_cast<IndexAccess const*>(subExpr))
|
||||
arrayIndexAssignment(*subExpr, symbVar->currentValue());
|
||||
else
|
||||
m_errorReporter.warning(
|
||||
2683_error,
|
||||
@ -1122,9 +1123,7 @@ void SMTEncoder::arrayPop(FunctionCall const& _funCall)
|
||||
|
||||
void SMTEncoder::arrayPushPopAssign(Expression const& _expr, smtutil::Expression const& _array)
|
||||
{
|
||||
Expression const* expr = &_expr;
|
||||
if (auto const* tupleExpr = dynamic_cast<TupleExpression const*>(expr))
|
||||
expr = innermostTuple(*tupleExpr);
|
||||
Expression const* expr = innermostTuple(_expr);
|
||||
|
||||
if (auto const* id = dynamic_cast<Identifier const*>(expr))
|
||||
{
|
||||
@ -1461,9 +1460,7 @@ void SMTEncoder::assignment(
|
||||
"Tuple assignments should be handled by tupleAssignment."
|
||||
);
|
||||
|
||||
Expression const* left = &_left;
|
||||
if (auto const* tuple = dynamic_cast<TupleExpression const*>(left))
|
||||
left = innermostTuple(*tuple);
|
||||
Expression const* left = innermostTuple(_left);
|
||||
|
||||
if (!smt::isSupportedType(_type->category()))
|
||||
{
|
||||
@ -1491,7 +1488,7 @@ void SMTEncoder::assignment(
|
||||
|
||||
void SMTEncoder::tupleAssignment(Expression const& _left, Expression const& _right)
|
||||
{
|
||||
auto lTuple = dynamic_cast<TupleExpression const*>(innermostTuple(dynamic_cast<TupleExpression const&>(_left)));
|
||||
auto lTuple = dynamic_cast<TupleExpression const*>(innermostTuple(_left));
|
||||
solAssert(lTuple, "");
|
||||
|
||||
auto const& lComponents = lTuple->components();
|
||||
@ -1917,10 +1914,12 @@ Expression const* SMTEncoder::leftmostBase(IndexAccess const& _indexAccess)
|
||||
return base;
|
||||
}
|
||||
|
||||
Expression const* SMTEncoder::innermostTuple(TupleExpression const& _tuple)
|
||||
Expression const* SMTEncoder::innermostTuple(Expression const& _expr)
|
||||
{
|
||||
solAssert(!_tuple.isInlineArray(), "");
|
||||
TupleExpression const* tuple = &_tuple;
|
||||
auto const* tuple = dynamic_cast<TupleExpression const*>(&_expr);
|
||||
if (!tuple || tuple->isInlineArray())
|
||||
return &_expr;
|
||||
|
||||
Expression const* expr = tuple;
|
||||
while (tuple && !tuple->isInlineArray() && tuple->components().size() == 1)
|
||||
{
|
||||
|
@ -54,8 +54,9 @@ public:
|
||||
/// @returns the leftmost identifier in a multi-d IndexAccess.
|
||||
static Expression const* leftmostBase(IndexAccess const& _indexAccess);
|
||||
|
||||
/// @returns the innermost element in a chain of 1-tuples.
|
||||
static Expression const* innermostTuple(TupleExpression const& _tuple);
|
||||
/// @returns the innermost element in a chain of 1-tuples if applicable,
|
||||
/// otherwise _expr.
|
||||
static Expression const* innermostTuple(Expression const& _expr);
|
||||
|
||||
/// @returns the FunctionDefinition of a FunctionCall
|
||||
/// if possible or nullptr.
|
||||
|
@ -0,0 +1,11 @@
|
||||
pragma experimental SMTChecker;
|
||||
contract C {
|
||||
function f(bool b) public pure {
|
||||
uint x;
|
||||
if (b) ++(x);
|
||||
if (b) --(x);
|
||||
if (b) delete(b);
|
||||
assert(x == 0);
|
||||
assert(!b);
|
||||
}
|
||||
}
|
@ -0,0 +1,11 @@
|
||||
pragma experimental SMTChecker;
|
||||
contract C {
|
||||
function f(bool b) public pure {
|
||||
uint x;
|
||||
if (b) ++((((((x))))));
|
||||
if (b) --((((((x))))));
|
||||
if (b) delete((((((b))))));
|
||||
assert(x == 0);
|
||||
assert(!b);
|
||||
}
|
||||
}
|
@ -0,0 +1,12 @@
|
||||
pragma experimental SMTChecker;
|
||||
contract C {
|
||||
function f(bool b) public pure {
|
||||
uint x;
|
||||
if (b) ++(x);
|
||||
else x += 1;
|
||||
assert(x == 1);
|
||||
assert(!b);
|
||||
}
|
||||
}
|
||||
// ----
|
||||
// Warning 6328: (140-150): Assertion violation happens here
|
Loading…
Reference in New Issue
Block a user