-
Notifications
You must be signed in to change notification settings - Fork 5.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do not crash on invalid index access #5096
Conversation
Need to add tests. |
fc34789
to
af92198
Compare
bytes[32] memory a; | ||
a[8**90][8**90][1 - 8**90]; | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is failing with an assertion, to be fixed by this PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
af92198
to
e298c8e
Compare
@@ -0,0 +1,3 @@ | |||
contract C { | |||
function f(bytes32[1263941234127518272][500] memory) public pure {} | |||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is failing with an assertion, to be fixed by this PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
bytes[32] memory a; | ||
a[8**90][8**90][8**90*0.1]; | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is failing with an assertion, to be fixed by this PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
bytes32 b; | ||
b[888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888]; | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is failing with an assertion, to be fixed by this PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
e298c8e
to
2ac25ea
Compare
resultType = make_shared<TypeType>(make_shared<ArrayType>( | ||
DataLocation::Memory, | ||
typeType.actualType(), | ||
length->literalValue(nullptr) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we are missing another test case here for too large rational numbers.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be already covered by e.g. array_multidim_rational.sol
. Is that correct or do you have another test in mind?
@chriseth please review this, the last failure is due to the need of checking |
length->literalValue(nullptr) | ||
)); | ||
else | ||
if (!expectType(*index, IntegerType(256)) || type(*index)->category() != Type::Category::RationalNumber) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
expectType already creates an error message
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, yeah, it was like that before, but then if we make expectType
return a bool, should not the condition be negated?
a68b481
to
851596a
Compare
Codecov Report
@@ Coverage Diff @@
## develop #5096 +/- ##
===========================================
+ Coverage 88.02% 88.02% +<.01%
===========================================
Files 314 314
Lines 31782 31784 +2
Branches 3748 3749 +1
===========================================
+ Hits 27976 27978 +2
Misses 2537 2537
Partials 1269 1269
|
libsolidity/analysis/TypeChecker.cpp
Outdated
{ | ||
auto baseType = dynamic_cast<ArrayType const*>(arrayType->baseType().get()); | ||
if (arrayType->location() == DataLocation::Memory || arrayType->location() == DataLocation::CallData) | ||
if ((baseType && !baseType->validForCalldata()) || !arrayType->validForCalldata()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If the base type is not valid for calldata, why should the type itself be? This rather sounds like the change should be inside validForCalldata
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This PR needs to be split into multiple PRs.
I split out #5188 and #5195. Since these PRs are very related to each other, I based my decision on where to split them on the parts of the compiler they change and not on the test cases they cover. This PR now depends on #5195, because the new signature of |
After checking again, it became clear that #5195 already fixed the remaining bug that this PR is trying to fix. I will close it now as this change does not seem to be needed anymore. |
Fixes #5057.
Depends on #5195.
Another instance of this https://github.com/ethereum/solidity/blob/develop/libsolidity/analysis/TypeChecker.cpp#L2253 uses
hasErrors()
.I think that is unreliable and we may just use
fatalError
inexpectType
.