12bca24774
Without path condition, verification targets created inside ternary operator ignore the condition of the operator inside the branches. This led to false positives. Further updates: - Function calls should consider the conditions under which they are called, otherwise the analysis may report false positives. The fix proposed here is to add the current path condition to the edge that propagates error from a function call. - Increment error index after function call This is necessary for the analysis of the ternary operator to work correctly. No information should leak from a function call inside a ternary operator in the first branch to the second branch, including whether or not an error would have occured in the first branch. However, for the execution that continues after the function call, we still need to ensure that under the current path condition the error has not occurred in that function call. It would be better to isolate the analysis of the branches to separate clauses, but I do not see an easy way for that now. In this way, even though the function call in first branch is included in the clause of the second branch, no information leaks. - Additonal test for ternary operator This tests the behaviour of SMTChecker on ternary operator with function calls inside both branches. Specifically, it tests that SMTChecker successfully detects a violation of a verification target in the second branch when the same target is present also in the first branch, but there it cannot be triggered because of the operator's condition. |
||
|---|---|---|
| .circleci | ||
| .github | ||
| cmake | ||
| docs | ||
| libevmasm | ||
| liblangutil | ||
| libsmtutil | ||
| libsolc | ||
| libsolidity | ||
| libsolutil | ||
| libyul | ||
| scripts | ||
| snap | ||
| solc | ||
| test | ||
| tools | ||
| .clang-format | ||
| .dockerignore | ||
| .editorconfig | ||
| .gitattributes | ||
| .gitignore | ||
| Changelog.md | ||
| CMakeLists.txt | ||
| CODE_OF_CONDUCT.md | ||
| codecov.yml | ||
| CODING_STYLE.md | ||
| CONTRIBUTING.md | ||
| LICENSE.txt | ||
| README.md | ||
| ReleaseChecklist.md | ||
| ReviewChecklist.md | ||
| SECURITY.md | ||
The Solidity Contract-Oriented Programming Language
You can talk to us on Gitter and Matrix, tweet at us on Twitter or create a new topic in the Solidity forum. Questions, feedback, and suggestions are welcome!
Solidity is a statically typed, contract-oriented, high-level language for implementing smart contracts on the Ethereum platform.
For a good overview and starting point, please check out the official Solidity Language Portal.
Table of Contents
Background
Solidity is a statically-typed curly-braces programming language designed for developing smart contracts that run on the Ethereum Virtual Machine. Smart contracts are programs that are executed inside a peer-to-peer network where nobody has special authority over the execution, and thus they allow anyone to implement tokens of value, ownership, voting, and other kinds of logic.
When deploying contracts, you should use the latest released version of Solidity. This is because breaking changes, as well as new features and bug fixes, are introduced regularly. We currently use a 0.x version number to indicate this fast pace of change.
Build and Install
Instructions about how to build and install the Solidity compiler can be found in the Solidity documentation.
Example
A "Hello World" program in Solidity is of even less use than in other languages, but still:
// SPDX-License-Identifier: MIT
pragma solidity >=0.6.0 <0.9.0;
contract HelloWorld {
function helloWorld() external pure returns (string memory) {
return "Hello, World!";
}
}
To get started with Solidity, you can use Remix, which is a browser-based IDE. Here are some example contracts:
Documentation
The Solidity documentation is hosted using Read the Docs.
Development
Solidity is still under development. Contributions are always welcome! Please follow the Developers Guide if you want to help.
You can find our current feature and bug priorities for forthcoming releases in the projects section.
Maintainers
The Solidity programming language and compiler are open-source community projects governed by a core team. The core team is sponsored by the Ethereum Foundation.
License
Solidity is licensed under GNU General Public License v3.0.
Some third-party code has its own licensing terms.
Security
The security policy may be found here.