mirror of
https://github.com/ethereum/solidity
synced 2023-10-03 13:03:40 +00:00
Merge pull request #9706 from ethereum/smt_fix_tuple_lvalue
[SMTChecker] Fix unary operator on lvalue tuple
This commit is contained in:
commit
c9ca1d1814
@ -20,6 +20,7 @@ Bugfixes:
|
|||||||
* SMTChecker: Fix internal error in BMC function inlining.
|
* SMTChecker: Fix internal error in BMC function inlining.
|
||||||
* SMTChecker: Fix internal error on array implicit conversion.
|
* SMTChecker: Fix internal error on array implicit conversion.
|
||||||
* SMTChecker: Fix internal error on fixed bytes index access.
|
* SMTChecker: Fix internal error on fixed bytes index access.
|
||||||
|
* SMTChecker: Fix internal error on lvalue unary operators with tuples.
|
||||||
* SMTChecker: Fix soundness of array ``pop``.
|
* SMTChecker: Fix soundness of array ``pop``.
|
||||||
* References Resolver: Fix internal bug when using constructor for library.
|
* References Resolver: Fix internal bug when using constructor for library.
|
||||||
* Yul Optimizer: Make function inlining order more resilient to whether or not unrelated source files are present.
|
* Yul Optimizer: Make function inlining order more resilient to whether or not unrelated source files are present.
|
||||||
|
@ -49,9 +49,7 @@ public:
|
|||||||
|
|
||||||
// Z3 "basic resources" limit.
|
// Z3 "basic resources" limit.
|
||||||
// This is used to make the runs more deterministic and platform/machine independent.
|
// This is used to make the runs more deterministic and platform/machine independent.
|
||||||
// The tests start failing for Z3 with less than 10000000,
|
static int const resourceLimit = 12500000;
|
||||||
// so using double that.
|
|
||||||
static int const resourceLimit = 20000000;
|
|
||||||
|
|
||||||
private:
|
private:
|
||||||
void declareFunction(std::string const& _name, Sort const& _sort);
|
void declareFunction(std::string const& _name, Sort const& _sort);
|
||||||
|
@ -463,12 +463,14 @@ void SMTEncoder::endVisit(UnaryOperation const& _op)
|
|||||||
|
|
||||||
createExpr(_op);
|
createExpr(_op);
|
||||||
|
|
||||||
|
auto const* subExpr = innermostTuple(_op.subExpression());
|
||||||
|
|
||||||
switch (_op.getOperator())
|
switch (_op.getOperator())
|
||||||
{
|
{
|
||||||
case Token::Not: // !
|
case Token::Not: // !
|
||||||
{
|
{
|
||||||
solAssert(smt::isBool(_op.annotation().type->category()), "");
|
solAssert(smt::isBool(_op.annotation().type->category()), "");
|
||||||
defineExpr(_op, !expr(_op.subExpression()));
|
defineExpr(_op, !expr(*subExpr));
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case Token::Inc: // ++ (pre- or postfix)
|
case Token::Inc: // ++ (pre- or postfix)
|
||||||
@ -476,8 +478,8 @@ void SMTEncoder::endVisit(UnaryOperation const& _op)
|
|||||||
{
|
{
|
||||||
auto cat = _op.annotation().type->category();
|
auto cat = _op.annotation().type->category();
|
||||||
solAssert(smt::isInteger(cat) || smt::isFixedPoint(cat), "");
|
solAssert(smt::isInteger(cat) || smt::isFixedPoint(cat), "");
|
||||||
solAssert(_op.subExpression().annotation().willBeWrittenTo, "");
|
solAssert(subExpr->annotation().willBeWrittenTo, "");
|
||||||
if (auto identifier = dynamic_cast<Identifier const*>(&_op.subExpression()))
|
if (auto identifier = dynamic_cast<Identifier const*>(subExpr))
|
||||||
{
|
{
|
||||||
auto decl = identifierToVariable(*identifier);
|
auto decl = identifierToVariable(*identifier);
|
||||||
solAssert(decl, "");
|
solAssert(decl, "");
|
||||||
@ -486,12 +488,12 @@ void SMTEncoder::endVisit(UnaryOperation const& _op)
|
|||||||
defineExpr(_op, _op.isPrefixOperation() ? newValue : innerValue);
|
defineExpr(_op, _op.isPrefixOperation() ? newValue : innerValue);
|
||||||
assignment(*decl, newValue);
|
assignment(*decl, newValue);
|
||||||
}
|
}
|
||||||
else if (dynamic_cast<IndexAccess const*>(&_op.subExpression()))
|
else if (dynamic_cast<IndexAccess const*>(subExpr))
|
||||||
{
|
{
|
||||||
auto innerValue = expr(_op.subExpression());
|
auto innerValue = expr(*subExpr);
|
||||||
auto newValue = _op.getOperator() == Token::Inc ? innerValue + 1 : innerValue - 1;
|
auto newValue = _op.getOperator() == Token::Inc ? innerValue + 1 : innerValue - 1;
|
||||||
defineExpr(_op, _op.isPrefixOperation() ? newValue : innerValue);
|
defineExpr(_op, _op.isPrefixOperation() ? newValue : innerValue);
|
||||||
arrayIndexAssignment(_op.subExpression(), newValue);
|
arrayIndexAssignment(*subExpr, newValue);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
m_errorReporter.warning(
|
m_errorReporter.warning(
|
||||||
@ -504,25 +506,24 @@ void SMTEncoder::endVisit(UnaryOperation const& _op)
|
|||||||
}
|
}
|
||||||
case Token::Sub: // -
|
case Token::Sub: // -
|
||||||
{
|
{
|
||||||
defineExpr(_op, 0 - expr(_op.subExpression()));
|
defineExpr(_op, 0 - expr(*subExpr));
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case Token::Delete:
|
case Token::Delete:
|
||||||
{
|
{
|
||||||
auto const& subExpr = _op.subExpression();
|
if (auto decl = identifierToVariable(*subExpr))
|
||||||
if (auto decl = identifierToVariable(subExpr))
|
|
||||||
{
|
{
|
||||||
m_context.newValue(*decl);
|
m_context.newValue(*decl);
|
||||||
m_context.setZeroValue(*decl);
|
m_context.setZeroValue(*decl);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
solAssert(m_context.knownExpression(subExpr), "");
|
solAssert(m_context.knownExpression(*subExpr), "");
|
||||||
auto const& symbVar = m_context.expression(subExpr);
|
auto const& symbVar = m_context.expression(*subExpr);
|
||||||
symbVar->increaseIndex();
|
symbVar->increaseIndex();
|
||||||
m_context.setZeroValue(*symbVar);
|
m_context.setZeroValue(*symbVar);
|
||||||
if (dynamic_cast<IndexAccess const*>(&_op.subExpression()))
|
if (dynamic_cast<IndexAccess const*>(subExpr))
|
||||||
arrayIndexAssignment(_op.subExpression(), symbVar->currentValue());
|
arrayIndexAssignment(*subExpr, symbVar->currentValue());
|
||||||
else
|
else
|
||||||
m_errorReporter.warning(
|
m_errorReporter.warning(
|
||||||
2683_error,
|
2683_error,
|
||||||
@ -1122,9 +1123,7 @@ void SMTEncoder::arrayPop(FunctionCall const& _funCall)
|
|||||||
|
|
||||||
void SMTEncoder::arrayPushPopAssign(Expression const& _expr, smtutil::Expression const& _array)
|
void SMTEncoder::arrayPushPopAssign(Expression const& _expr, smtutil::Expression const& _array)
|
||||||
{
|
{
|
||||||
Expression const* expr = &_expr;
|
Expression const* expr = innermostTuple(_expr);
|
||||||
if (auto const* tupleExpr = dynamic_cast<TupleExpression const*>(expr))
|
|
||||||
expr = innermostTuple(*tupleExpr);
|
|
||||||
|
|
||||||
if (auto const* id = dynamic_cast<Identifier const*>(expr))
|
if (auto const* id = dynamic_cast<Identifier const*>(expr))
|
||||||
{
|
{
|
||||||
@ -1461,9 +1460,7 @@ void SMTEncoder::assignment(
|
|||||||
"Tuple assignments should be handled by tupleAssignment."
|
"Tuple assignments should be handled by tupleAssignment."
|
||||||
);
|
);
|
||||||
|
|
||||||
Expression const* left = &_left;
|
Expression const* left = innermostTuple(_left);
|
||||||
if (auto const* tuple = dynamic_cast<TupleExpression const*>(left))
|
|
||||||
left = innermostTuple(*tuple);
|
|
||||||
|
|
||||||
if (!smt::isSupportedType(_type->category()))
|
if (!smt::isSupportedType(_type->category()))
|
||||||
{
|
{
|
||||||
@ -1491,7 +1488,7 @@ void SMTEncoder::assignment(
|
|||||||
|
|
||||||
void SMTEncoder::tupleAssignment(Expression const& _left, Expression const& _right)
|
void SMTEncoder::tupleAssignment(Expression const& _left, Expression const& _right)
|
||||||
{
|
{
|
||||||
auto lTuple = dynamic_cast<TupleExpression const*>(innermostTuple(dynamic_cast<TupleExpression const&>(_left)));
|
auto lTuple = dynamic_cast<TupleExpression const*>(innermostTuple(_left));
|
||||||
solAssert(lTuple, "");
|
solAssert(lTuple, "");
|
||||||
|
|
||||||
auto const& lComponents = lTuple->components();
|
auto const& lComponents = lTuple->components();
|
||||||
@ -1917,10 +1914,12 @@ Expression const* SMTEncoder::leftmostBase(IndexAccess const& _indexAccess)
|
|||||||
return base;
|
return base;
|
||||||
}
|
}
|
||||||
|
|
||||||
Expression const* SMTEncoder::innermostTuple(TupleExpression const& _tuple)
|
Expression const* SMTEncoder::innermostTuple(Expression const& _expr)
|
||||||
{
|
{
|
||||||
solAssert(!_tuple.isInlineArray(), "");
|
auto const* tuple = dynamic_cast<TupleExpression const*>(&_expr);
|
||||||
TupleExpression const* tuple = &_tuple;
|
if (!tuple || tuple->isInlineArray())
|
||||||
|
return &_expr;
|
||||||
|
|
||||||
Expression const* expr = tuple;
|
Expression const* expr = tuple;
|
||||||
while (tuple && !tuple->isInlineArray() && tuple->components().size() == 1)
|
while (tuple && !tuple->isInlineArray() && tuple->components().size() == 1)
|
||||||
{
|
{
|
||||||
|
@ -54,8 +54,9 @@ public:
|
|||||||
/// @returns the leftmost identifier in a multi-d IndexAccess.
|
/// @returns the leftmost identifier in a multi-d IndexAccess.
|
||||||
static Expression const* leftmostBase(IndexAccess const& _indexAccess);
|
static Expression const* leftmostBase(IndexAccess const& _indexAccess);
|
||||||
|
|
||||||
/// @returns the innermost element in a chain of 1-tuples.
|
/// @returns the innermost element in a chain of 1-tuples if applicable,
|
||||||
static Expression const* innermostTuple(TupleExpression const& _tuple);
|
/// otherwise _expr.
|
||||||
|
static Expression const* innermostTuple(Expression const& _expr);
|
||||||
|
|
||||||
/// @returns the FunctionDefinition of a FunctionCall
|
/// @returns the FunctionDefinition of a FunctionCall
|
||||||
/// if possible or nullptr.
|
/// if possible or nullptr.
|
||||||
|
@ -0,0 +1,11 @@
|
|||||||
|
pragma experimental SMTChecker;
|
||||||
|
contract C {
|
||||||
|
function f(bool b) public pure {
|
||||||
|
uint x;
|
||||||
|
if (b) ++(x);
|
||||||
|
if (b) --(x);
|
||||||
|
if (b) delete(b);
|
||||||
|
assert(x == 0);
|
||||||
|
assert(!b);
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,11 @@
|
|||||||
|
pragma experimental SMTChecker;
|
||||||
|
contract C {
|
||||||
|
function f(bool b) public pure {
|
||||||
|
uint x;
|
||||||
|
if (b) ++((((((x))))));
|
||||||
|
if (b) --((((((x))))));
|
||||||
|
if (b) delete((((((b))))));
|
||||||
|
assert(x == 0);
|
||||||
|
assert(!b);
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,12 @@
|
|||||||
|
pragma experimental SMTChecker;
|
||||||
|
contract C {
|
||||||
|
function f(bool b) public pure {
|
||||||
|
uint x;
|
||||||
|
if (b) ++(x);
|
||||||
|
else x += 1;
|
||||||
|
assert(x == 1);
|
||||||
|
assert(!b);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// ----
|
||||||
|
// Warning 6328: (140-150): Assertion violation happens here
|
Loading…
Reference in New Issue
Block a user