In our downstream project, we have two dependencies: solidity and spdlog.
Both of them depend on fmtlib. Unfortunately, the versions of fmtlib they
use do not match, which leads to compilation failure.
The issue arises because spdlog attempts to use solidity's fmtlib, but the
specific version (v8.0.1) has a bug. Ref: https://github.com/gabime/spdlog/issues/2142
While we could keep this change in our own fork, we believe it would
be worthwhile to contribute it back to the upstream since spdlog is a
very popular logging library.
Signed-off-by: Jun Zhang <jun@junz.org>
When both CHC and BMC engines are used, the type of state variable
changes when trusted mode for external calls is used. This is because in
CHC engine, trusted mode means we pack more information into the
symbolic state. In BMC this type is always simple.
However, if BMC is run after CHC, in the current code state variables
are reset (and their declaration dumped into SMT-LIB script) before BMC
resets the type of the state variable.
The proposed solution is to simply reset the variable type before the
first variable of this type is created.
if a struct has a member that is a function pointer with `external`
attribute, and such a member is called, it is currently incorrectly
treated as a public getter in SMTEncoder.
The proposed fix is to make SMTEncoder::publicGetter more strict in
deciding whether an expression is a public getter.
The added condition, that the access happens on a state variable, is
exactly what is checked later with an assertion that is currently
failing.
Previously, we did not remember trusted external calls for later phase
when we compute possible verification targets for each function.
This led to false negative in cases where verification target can be
violated, but not by calling a public function directly, but only when
it is called as an external function from other function.
The added test cases witnesses this behaviour. The underflow in
`dec` cannot happen in any other way except what the `dec` is called
from `f`.
The same problem did not occur when the functions are called internally,
because for such cases, we have already been remembering these calls in
the callgraph in the CHC engine.
