From 811bb770c51bc63f9ccb2bff014482ba9c760132 Mon Sep 17 00:00:00 2001 From: chriseth Date: Thu, 16 Feb 2017 15:49:59 +0100 Subject: [PATCH 1/2] Change effect of assert to invalid opcode. --- docs/control-structures.rst | 9 ++++++--- docs/miscellaneous.rst | 2 +- libsolidity/codegen/ExpressionCompiler.cpp | 5 ++--- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/docs/control-structures.rst b/docs/control-structures.rst index df8ac729c5be..f1b2e6dac399 100644 --- a/docs/control-structures.rst +++ b/docs/control-structures.rst @@ -398,10 +398,13 @@ Currently, Solidity automatically generates a runtime exception in the following While a user-provided exception is generated in the following situations: #. Calling ``throw``. -#. The condition of ``assert(condition)`` is not met. Internally, Solidity performs a revert operation (instruction ``0xfd``) when a user-provided exception is thrown. In contrast, it performs an invalid operation -(instruction ``0xfe``) if a runtime exception is encountered. In both cases, this causes +(instruction ``0xfe``) if a runtime exception is encountered or the condition of an ``assert`` call is not met. In both cases, this causes the EVM to revert all changes made to the state. The reason for this is that there is no safe way to continue execution, because an expected effect did not occur. Because we want to retain the atomicity of transactions, the safest thing to do is to revert all changes and make the whole transaction -(or at least call) without effect. \ No newline at end of file +(or at least call) without effect. + +If contracts are written so that ``assert`` is only used to test internal conditions and ``throw`` or +``revert`` is used in case of malformed input, a formal analysis tool that verifies that the invalid +opcode can never be reached can be used to check for the absence of errors assuming valid inputs. diff --git a/docs/miscellaneous.rst b/docs/miscellaneous.rst index 3c57507efe4d..80326bab290a 100644 --- a/docs/miscellaneous.rst +++ b/docs/miscellaneous.rst @@ -461,7 +461,7 @@ Global Variables - ``ecrecover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) returns (address)``: recover address associated with the public key from elliptic curve signature, return zero on error - ``addmod(uint x, uint y, uint k) returns (uint)``: compute ``(x + y) % k`` where the addition is performed with arbitrary precision and does not wrap around at ``2**256`` - ``mulmod(uint x, uint y, uint k) returns (uint)``: compute ``(x * y) % k`` where the multiplication is performed with arbitrary precision and does not wrap around at ``2**256`` -- ``assert(bool condition)``: throws if the condition is false +- ``assert(bool condition)``: throws if the condition is false (using an invalid opcode) - ``this`` (current contract's type): the current contract, explicitly convertible to ``address`` - ``super``: the contract one level higher in the inheritance hierarchy - ``selfdestruct(address recipient)``: destroy the current contract, sending its funds to the given address diff --git a/libsolidity/codegen/ExpressionCompiler.cpp b/libsolidity/codegen/ExpressionCompiler.cpp index 2ed19a833ccb..41cfcb69a89c 100644 --- a/libsolidity/codegen/ExpressionCompiler.cpp +++ b/libsolidity/codegen/ExpressionCompiler.cpp @@ -875,9 +875,8 @@ bool ExpressionCompiler::visit(FunctionCall const& _functionCall) // jump if condition was met m_context << Instruction::ISZERO << Instruction::ISZERO; auto success = m_context.appendConditionalJump(); - // condition was not met, abort - m_context << u256(0) << u256(0); - m_context << Instruction::REVERT; + // condition was not met, flag an error + m_context << Instruction::INVALID; // the success branch m_context << success; break; From 4b1e8111cc2469808d08e1718d3edd64b2cc4484 Mon Sep 17 00:00:00 2001 From: chriseth Date: Thu, 23 Feb 2017 19:42:38 +0100 Subject: [PATCH 2/2] Remove assert for now. --- docs/control-structures.rst | 6 +--- docs/miscellaneous.rst | 3 +- libsolidity/analysis/GlobalContext.cpp | 5 ++-- test/libsolidity/SolidityEndToEndTest.cpp | 36 +++++++++++------------ 4 files changed, 23 insertions(+), 27 deletions(-) diff --git a/docs/control-structures.rst b/docs/control-structures.rst index f1b2e6dac399..019714f8edf6 100644 --- a/docs/control-structures.rst +++ b/docs/control-structures.rst @@ -400,11 +400,7 @@ While a user-provided exception is generated in the following situations: #. Calling ``throw``. Internally, Solidity performs a revert operation (instruction ``0xfd``) when a user-provided exception is thrown. In contrast, it performs an invalid operation -(instruction ``0xfe``) if a runtime exception is encountered or the condition of an ``assert`` call is not met. In both cases, this causes +(instruction ``0xfe``) if a runtime exception is encountered. In both cases, this causes the EVM to revert all changes made to the state. The reason for this is that there is no safe way to continue execution, because an expected effect did not occur. Because we want to retain the atomicity of transactions, the safest thing to do is to revert all changes and make the whole transaction (or at least call) without effect. - -If contracts are written so that ``assert`` is only used to test internal conditions and ``throw`` or -``revert`` is used in case of malformed input, a formal analysis tool that verifies that the invalid -opcode can never be reached can be used to check for the absence of errors assuming valid inputs. diff --git a/docs/miscellaneous.rst b/docs/miscellaneous.rst index 80326bab290a..6e272eaa91c8 100644 --- a/docs/miscellaneous.rst +++ b/docs/miscellaneous.rst @@ -435,7 +435,7 @@ The following is the order of precedence for operators, listed in order of evalu | *16* | Comma operator | ``,`` | +------------+-------------------------------------+--------------------------------------------+ -.. index:: block, coinbase, difficulty, number, block;number, timestamp, block;timestamp, msg, data, gas, sender, value, now, gas price, origin, assert, revert, keccak256, ripemd160, sha256, ecrecover, addmod, mulmod, cryptography, this, super, selfdestruct, balance, send +.. index:: block, coinbase, difficulty, number, block;number, timestamp, block;timestamp, msg, data, gas, sender, value, now, gas price, origin, revert, keccak256, ripemd160, sha256, ecrecover, addmod, mulmod, cryptography, this, super, selfdestruct, balance, send Global Variables ================ @@ -461,7 +461,6 @@ Global Variables - ``ecrecover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) returns (address)``: recover address associated with the public key from elliptic curve signature, return zero on error - ``addmod(uint x, uint y, uint k) returns (uint)``: compute ``(x + y) % k`` where the addition is performed with arbitrary precision and does not wrap around at ``2**256`` - ``mulmod(uint x, uint y, uint k) returns (uint)``: compute ``(x * y) % k`` where the multiplication is performed with arbitrary precision and does not wrap around at ``2**256`` -- ``assert(bool condition)``: throws if the condition is false (using an invalid opcode) - ``this`` (current contract's type): the current contract, explicitly convertible to ``address`` - ``super``: the contract one level higher in the inheritance hierarchy - ``selfdestruct(address recipient)``: destroy the current contract, sending its funds to the given address diff --git a/libsolidity/analysis/GlobalContext.cpp b/libsolidity/analysis/GlobalContext.cpp index 4f100cd0ee4a..069d10f5fd4b 100644 --- a/libsolidity/analysis/GlobalContext.cpp +++ b/libsolidity/analysis/GlobalContext.cpp @@ -66,8 +66,9 @@ m_magicVariables(vector>{make_shared< make_shared(strings{"bytes32", "uint8", "bytes32", "bytes32"}, strings{"address"}, FunctionType::Location::ECRecover)), make_shared("ripemd160", make_shared(strings(), strings{"bytes20"}, FunctionType::Location::RIPEMD160, true)), - make_shared("assert", - make_shared(strings{"bool"}, strings{}, FunctionType::Location::Assert)), +// Disabled until decision about semantics of assert is made. +// make_shared("assert", +// make_shared(strings{"bool"}, strings{}, FunctionType::Location::Assert)), make_shared("revert", make_shared(strings(), strings(), FunctionType::Location::Revert))}) { diff --git a/test/libsolidity/SolidityEndToEndTest.cpp b/test/libsolidity/SolidityEndToEndTest.cpp index 68f8fbef3242..19665a26fb7e 100644 --- a/test/libsolidity/SolidityEndToEndTest.cpp +++ b/test/libsolidity/SolidityEndToEndTest.cpp @@ -9083,24 +9083,24 @@ BOOST_AUTO_TEST_CASE(invalid_instruction) BOOST_CHECK(callContractFunction("f()") == encodeArgs()); } -BOOST_AUTO_TEST_CASE(assert) -{ - char const* sourceCode = R"( - contract C { - function f() { - assert(false); - } - function g(bool val) returns (bool) { - assert(val == true); - return true; - } - } - )"; - compileAndRun(sourceCode, 0, "C"); - BOOST_CHECK(callContractFunction("f()") == encodeArgs()); - BOOST_CHECK(callContractFunction("g(bool)", false) == encodeArgs()); - BOOST_CHECK(callContractFunction("g(bool)", true) == encodeArgs(true)); -} +//BOOST_AUTO_TEST_CASE(assert) +//{ +// char const* sourceCode = R"( +// contract C { +// function f() { +// assert(false); +// } +// function g(bool val) returns (bool) { +// assert(val == true); +// return true; +// } +// } +// )"; +// compileAndRun(sourceCode, 0, "C"); +// BOOST_CHECK(callContractFunction("f()") == encodeArgs()); +// BOOST_CHECK(callContractFunction("g(bool)", false) == encodeArgs()); +// BOOST_CHECK(callContractFunction("g(bool)", true) == encodeArgs(true)); +//} BOOST_AUTO_TEST_CASE(revert) {