A bunch of errors in CHC engine #15469

haoyang9804 · 2024-09-30T22:51:01Z

Description

Given a global function such as

function f(uint8 b) {
  uint16 a = b;
  a = a / a;
}

or a member function such as

function f(uint256 b) private returns (uint256) {
    b = b / b;
  }

CHC cannot detect "divide by 0" counterexample.

Given a public member function in a contract such as

contract C {
  function g(uint256 b) public returns (uint256) {
    return b = b / b;
  }
}

the output of CHC contains errors, such as

Warning: CHC: Division by zero happens here.
Counterexample:

b = 0
 = 0

Transaction trace:
C.constructor()
C.g(0)
  --> test2.sol:16:16:
   |
16 |     return b = b / b;
   |                ^^^^^

In the above warning message given by CHC, = 0 is misleading.

Environment

Compiler version:0.8.28
Operating system: macos

Steps to Reproduce

Here is a reproducible test program

function f(uint8 b) {
  uint16 a = b;
  a = a / a;
}

function g(uint8 b) {
  b = b / b;
}

contract C {
  function f(uint256 b) private returns (uint256) {
    b = b / b;
  }
  function g(uint256 b) public returns (uint256) {
    return b = b / b;
  }
}

The text was updated successfully, but these errors were encountered:

haoyang9804 added the bug 🐛 label Sep 30, 2024

pgebal self-assigned this Oct 24, 2024

pgebal added the smt label Oct 24, 2024

pgebal added this to SMT Checker Oct 24, 2024

github-project-automation bot moved this to To Do in SMT Checker Oct 24, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

A bunch of errors in CHC engine #15469

A bunch of errors in CHC engine #15469

haoyang9804 commented Sep 30, 2024

A bunch of errors in CHC engine #15469

A bunch of errors in CHC engine #15469

Comments

haoyang9804 commented Sep 30, 2024

Description

Environment

Steps to Reproduce