Skip to content

Commit 55a5fd9

Browse files
pgebalpgebal
authored
Fix SMT logic error when assigning to an array of contracts or functions (#15322)
1 parent f99c239 commit 55a5fd9

File tree

4 files changed

+42
-0
lines changed

4 files changed

+42
-0
lines changed

Changelog.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@ Bugfixes:
2828
* SMTChecker: Fix error that reports invalid number of verified checks for BMC and CHC engines.
2929
* SMTChecker: Fix formatting of unary minus expressions in invariants.
3030
* SMTChecker: Fix internal compiler error when reporting proved targets for BMC engine.
31+
* SMTChecker: Fix SMT logic error when assigning to an array of contracts or functions.
3132
* TypeChecker: Fix segfault when assigning nested tuple to tuple.
3233
* Yul AST: Fix ``nativeSrc`` attributes in optimized IR AST referring to locations in unoptimized IR.
3334
* Yul IR Code Generation: Deterministic order of Yul subobjects.

libsolidity/formal/SymbolicTypes.cpp

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -110,6 +110,14 @@ SortPointer smtSort(frontend::Type const& _type)
110110
// in the tuple's name.
111111
if (auto tupleSort = std::dynamic_pointer_cast<TupleSort>(array->range))
112112
tupleName = tupleSort->name;
113+
else if (isContract(*baseType))
114+
// use a common sort for contracts so inheriting contracts do not cause conflicting SMT types
115+
// solc handles types mismtach
116+
tupleName = "contract";
117+
else if (isFunction(*baseType))
118+
// use a common sort for functions so pure and view modifier do not cause conflicting SMT types
119+
// solc handles types mismtach
120+
tupleName = "function";
113121
else if (
114122
baseType->category() == frontend::Type::Category::Integer ||
115123
baseType->category() == frontend::Type::Category::FixedPoint

test/libsolidity/smtCheckerTests/types/array_of_contracts.sol

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
contract A {}
2+
3+
contract B is A {}
4+
5+
contract C {
6+
A[10] a;
7+
B[10] b;
8+
9+
function f() public returns(address) {
10+
a = b;
11+
return address(a[0]);
12+
}
13+
}
14+
// ====
15+
// SMTEngine: all
16+
// ----
17+
// Info 1391: CHC: 1 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.

test/libsolidity/smtCheckerTests/types/array_of_functions.sol

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
contract C {
2+
function() external returns(uint)[1] a;
3+
4+
function b() external pure returns(uint) {
5+
return 1;
6+
}
7+
8+
function test() public returns(uint) {
9+
a = [this.b];
10+
return a[0]();
11+
}
12+
}
13+
// ====
14+
// SMTEngine: all
15+
// ----
16+
// Info 1391: CHC: 1 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.

0 commit comments

Comments
 (0)