aboutsummaryrefslogblamecommitdiffstats
path: root/test/libsolidity/SMTChecker.cpp
blob: 736aa46c40347cdef0ec73b888ce004b887ce15f (plain) (tree)




































                                                                        
          
                                                       



































                                                                                               














                                                                                         
                                                 

                                                    
                                                                     



                                                         
                                                        
                                       


                                                                                   

 






                                                                          
                                                                





















                                                                                           















                                                             
                                              
 
                                           










                                                        
                                                                               










                                                        

                                                                               











                                                        

                                                      













                                                        





























                                                        

















                                                        

















                                                                 

 
                                             











                                                        
                                                                

























                                                                















































                                                                










                                                        

















































                                                                      




                                        
                                  




                                                   
                                                                                       



                                                 
                                                                                       

                                                  
                                                                                            






                                                                
                                  










                                                                


                                                   
                                                                                       



                                                 
                                                                                       

                                                  
                                                                                              


                                                  
                                                                                        

                                               
                                  

                               


                                        










                                                                

 


















































                                                                                 
                                                                
                                      
                                                     







                                                                

















                                                                          








                                                       
 
 













































                                                                 

                                                       









                                                        

                                                       








                                                   










































































                                                                               









                                                              

                                       
                                                   





                                        




                           
/*
    This file is part of solidity.

    solidity is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    solidity is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with solidity.  If not, see <http://www.gnu.org/licenses/>.
*/
/**
 * Unit tests for the SMT checker.
 */

#include <test/libsolidity/AnalysisFramework.h>

#include <boost/test/unit_test.hpp>

#include <string>

using namespace std;

namespace dev
{
namespace solidity
{
namespace test
{

class SMTCheckerFramework: public AnalysisFramework
{
protected:
    virtual std::pair<SourceUnit const*, ErrorList>
    parseAnalyseAndReturnError(
        std::string const& _source,
        bool _reportWarnings = false,
        bool _insertVersionPragma = true,
        bool _allowMultipleErrors = false
    )
    {
        return AnalysisFramework::parseAnalyseAndReturnError(
            "pragma experimental SMTChecker;\n" + _source,
            _reportWarnings,
            _insertVersionPragma,
            _allowMultipleErrors
        );
    }
};

BOOST_FIXTURE_TEST_SUITE(SMTChecker, SMTCheckerFramework)

BOOST_AUTO_TEST_CASE(smoke_test)
{
    string text = R"(
        contract C { }
    )";
    CHECK_SUCCESS_NO_WARNINGS(text);
}

BOOST_AUTO_TEST_CASE(simple_overflow)
{
    string text = R"(
        contract C {
            function f(uint a, uint b) public pure returns (uint) { return a + b; }
        }
    )";
    CHECK_WARNING(text, "Overflow (resulting value larger than");
}

BOOST_AUTO_TEST_CASE(warn_on_typecast)
{
    string text = R"(
        contract C {
            function f() public pure returns (uint) {
                return uint8(1);
            }
        }
    )";
    CHECK_WARNING(text, "Assertion checker does not yet implement this expression.");
}

BOOST_AUTO_TEST_CASE(warn_on_struct)
{
    string text = R"(
        pragma experimental ABIEncoderV2;
        contract C {
            struct A { uint a; uint b; }
            function f() public pure returns (A memory) {
                return A({ a: 1, b: 2 });
            }
        }
    )";
    CHECK_WARNING_ALLOW_MULTI(text, (vector<string>{
        "Experimental feature",
        "Assertion checker does not yet implement this expression.",
        "Assertion checker does not yet support the type of this variable."
    }));
}

BOOST_AUTO_TEST_CASE(simple_assert)
{
    string text = R"(
        contract C {
            function f(uint a) public pure { assert(a == 2); }
        }
    )";
    CHECK_WARNING(text, "Assertion violation happens here");
}

BOOST_AUTO_TEST_CASE(simple_assert_with_require)
{
    string text = R"(
        contract C {
            function f(uint a) public pure { require(a < 10); assert(a < 20); }
        }
    )";
    CHECK_SUCCESS_NO_WARNINGS(text);
}

BOOST_AUTO_TEST_CASE(assignment_in_declaration)
{
    string text = R"(
        contract C {
            function f() public pure { uint a = 2; assert(a == 2); }
        }
    )";
    CHECK_SUCCESS_NO_WARNINGS(text);
}

BOOST_AUTO_TEST_CASE(function_call_does_not_clear_local_vars)
{
    string text = R"(
        contract C {
            function f() public {
                uint a = 3;
                this.f();
                assert(a == 3);
                f();
                assert(a == 3);
            }
        }
    )";
    CHECK_SUCCESS_NO_WARNINGS(text);
}

BOOST_AUTO_TEST_CASE(branches_merge_variables)
{
    // Branch does not touch variable a
    string text = R"(
        contract C {
            function f(uint x) public pure {
                uint a = 3;
                if (x > 10) {
                }
                assert(a == 3);
            }
        }
    )";
    CHECK_SUCCESS_NO_WARNINGS(text);
    // Positive branch touches variable a, but assertion should still hold.
    text = R"(
    contract C {
            function f(uint x) public pure {
                uint a = 3;
                if (x > 10) {
                    a = 3;
                }
                assert(a == 3);
            }
        }
    )";
    CHECK_SUCCESS_NO_WARNINGS(text);
    // Negative branch touches variable a, but assertion should still hold.
    text = R"(
        contract C {
            function f(uint x) public pure {
                uint a = 3;
                if (x > 10) {
                } else {
                    a = 3;
                }
                assert(a == 3);
            }
        }
    )";
    CHECK_SUCCESS_NO_WARNINGS(text);
    // Variable is not merged, if it is only read.
    text = R"(
        contract C {
            function f(uint x) public pure {
                uint a = 3;
                if (x > 10) {
                    assert(a == 3);
                } else {
                    assert(a == 3);
                }
                assert(a == 3);
            }
        }
    )";
    CHECK_SUCCESS_NO_WARNINGS(text);
    // Variable is reset in both branches
    text = R"(
        contract C {
            function f(uint x) public pure {
                uint a = 2;
                if (x > 10) {
                    a = 3;
                } else {
                    a = 3;
                }
                assert(a == 3);
            }
        }
    )";
    CHECK_SUCCESS_NO_WARNINGS(text);
    // Variable is reset in both branches
    text = R"(
        contract C {
            function f(uint x) public pure {
                uint a = 2;
                if (x > 10) {
                    a = 3;
                } else {
                    a = 4;
                }
                assert(a >= 3);
            }
        }
    )";
    CHECK_SUCCESS_NO_WARNINGS(text);
}

BOOST_AUTO_TEST_CASE(branches_assert_condition)
{
    string text = R"(
        contract C {
            function f(uint x) public pure {
                if (x > 10) {
                    assert(x > 9);
                }
                else
                {
                    assert(x < 11);
                }
            }
        }
    )";
    CHECK_SUCCESS_NO_WARNINGS(text);
    text = R"(
        contract C {
            function f(uint x) public pure {
                if (x > 10) {
                    assert(x > 9);
                }
                else if (x > 2)
                {
                    assert(x <= 10 && x > 2);
                }
                else
                {
                   assert(0 <= x && x <= 2);
                }
            }
        }
    )";
    CHECK_SUCCESS_NO_WARNINGS(text);
}

BOOST_AUTO_TEST_CASE(ways_to_merge_variables)
{
    string text = R"(
        contract C {
            function f(uint x) public pure {
                uint a = 3;
                if (x > 10) {
                    a++;
                }
                assert(a == 3);
            }
        }
    )";
    CHECK_WARNING(text, "Assertion violation happens here");
    text = R"(
        contract C {
            function f(uint x) public pure {
                uint a = 3;
                if (x > 10) {
                    ++a;
                }
                assert(a == 3);
            }
        }
    )";
    CHECK_WARNING(text, "Assertion violation happens here");
    text = R"(
        contract C {
            function f(uint x) public pure {
                uint a = 3;
                if (x > 10) {
                    a = 5;
                }
                assert(a == 3);
            }
        }
    )";
    CHECK_WARNING(text, "Assertion violation happens here");
}

BOOST_AUTO_TEST_CASE(bool_simple)
{
    string text = R"(
        contract C {
            function f(bool x) public pure {
                assert(x);
            }
        }
    )";
    CHECK_WARNING(text, "Assertion violation happens here");
    text = R"(
        contract C {
            function f(bool x, bool y) public pure {
                assert(x == y);
            }
        }
    )";
    CHECK_WARNING(text, "Assertion violation happens here");
    text = R"(
        contract C {
            function f(bool x, bool y) public pure {
                bool z = x || y;
                assert(!(x && y) || z);
            }
        }
    )";
    CHECK_SUCCESS_NO_WARNINGS(text);
    text = R"(
        contract C {
            function f(bool x) public pure {
                if(x) {
                    assert(x);
                } else {
                    assert(!x);
                }
            }
        }
    )";
    CHECK_SUCCESS_NO_WARNINGS(text);
    text = R"(
        contract C {
            function f(bool x) public pure {
                bool y = x;
                assert(x == y);
            }
        }
    )";
    CHECK_SUCCESS_NO_WARNINGS(text);
    text = R"(
        contract C {
            function f(bool x) public pure {
                require(x);
                bool y;
                y = false;
                assert(x || y);
            }
        }
    )";
    CHECK_SUCCESS_NO_WARNINGS(text);
}

BOOST_AUTO_TEST_CASE(bool_int_mixed)
{
    string text = R"(
        contract C {
            function f(bool x) public pure {
                uint a;
                if(x)
                    a = 1;
                assert(!x || a > 0);
            }
        }
    )";
    CHECK_SUCCESS_NO_WARNINGS(text);
    text = R"(
        contract C {
            function f(bool x, uint a) public pure {
                require(!x || a > 0);
                uint b = a;
                assert(!x || b > 0);
            }
        }
    )";
    CHECK_SUCCESS_NO_WARNINGS(text);
    text = R"(
        contract C {
            function f(bool x, bool y) public pure {
                uint a;
                if (x) {
                    if (y) {
                        a = 0;
                    } else {
                        a = 1;
                    }
                } else {
                    if (y) {
                        a = 1;
                    } else {
                        a = 0;
                    }
                }
                bool xor_x_y = (x && !y) || (!x && y);
                assert(!xor_x_y || a > 0);
            }
        }
    )";
    CHECK_SUCCESS_NO_WARNINGS(text);
}

BOOST_AUTO_TEST_CASE(storage_value_vars)
{
    string text = R"(
        contract C
        {
            address a;
            bool b;
            uint c;
            function f(uint x) public {
                if (x == 0)
                {
                    a = 0x0000000000000000000000000000000000000100;
                    b = true;
                }
                else
                {
                    a = 0x0000000000000000000000000000000000000200;
                    b = false;
                }
                assert(a > 0x0000000000000000000000000000000000000000 && b);
            }
        }
    )";
    CHECK_WARNING(text, "Assertion violation happens here");
    text = R"(
        contract C
        {
            address a;
            bool b;
            uint c;
            function f() public view {
                assert(c > 0);
            }
        }
    )";
    CHECK_WARNING(text, "Assertion violation happens here");
    text = R"(
        contract C
        {
            function f(uint x) public {
                if (x == 0)
                {
                    a = 0x0000000000000000000000000000000000000100;
                    b = true;
                }
                else
                {
                    a = 0x0000000000000000000000000000000000000200;
                    b = false;
                }
                assert(b == (a < 0x0000000000000000000000000000000000000200));
            }

            function g() public view {
                require(a < 0x0000000000000000000000000000000000000100);
                assert(c >= 0);
            }
            address a;
            bool b;
            uint c;
        }
    )";
    CHECK_SUCCESS_NO_WARNINGS(text);
    text = R"(
        contract C
        {
            function f() public view {
                assert(c > 0);
            }
            uint c;
        }
    )";
    CHECK_WARNING(text, "Assertion violation happens here");

}

BOOST_AUTO_TEST_CASE(while_loop_simple)
{
    // Check that variables are cleared
    string text = R"(
        contract C {
            function f(uint x) public pure {
                x = 2;
                while (x > 1) {
                    x = 2;
                }
                assert(x == 2);
            }
        }
    )";
    CHECK_WARNING(text, "Assertion violation happens here");
    // Check that condition is assumed.
    text = R"(
        contract C {
            function f(uint x) public pure {
                while (x == 2) {
                    assert(x == 2);
                }
            }
        }
    )";
    CHECK_SUCCESS_NO_WARNINGS(text);
    // Check that condition is not assumed after the body anymore
    text = R"(
        contract C {
            function f(uint x) public pure {
                while (x == 2) {
                }
                assert(x == 2);
            }
        }
    )";
    CHECK_WARNING(text, "Assertion violation happens here");
    // Check that negation of condition is not assumed after the body anymore
    text = R"(
        contract C {
            function f(uint x) public pure {
                while (x == 2) {
                }
                assert(x != 2);
            }
        }
    )";
    CHECK_WARNING(text, "Assertion violation happens here");
    // Check that side-effects of condition are taken into account
    text = R"(
        contract C {
            function f(uint x, uint y) public pure {
                x = 7;
                while ((x = y) > 0) {
                }
                assert(x == 7);
            }
        }
    )";
    CHECK_WARNING(text, "Assertion violation happens here");
}

BOOST_AUTO_TEST_CASE(constant_condition)
{
    string text = R"(
        contract C {
            function f(uint x) public pure {
                if (x >= 0) { revert(); }
            }
        }
    )";
    CHECK_WARNING(text, "Condition is always true");
    text = R"(
        contract C {
            function f(uint x) public pure {
                if (x >= 10) { if (x < 10) { revert(); } }
            }
        }
    )";
    CHECK_WARNING(text, "Condition is always false");
    // a plain literal constant is fine
    text = R"(
        contract C {
            function f(uint) public pure {
                if (true) { revert(); }
            }
        }
    )";
    CHECK_SUCCESS_NO_WARNINGS(text);
}


BOOST_AUTO_TEST_CASE(for_loop)
{
    string text = R"(
        contract C {
            function f(uint x) public pure {
                require(x == 2);
                for (;;) {}
                assert(x == 2);
            }
        }
    )";
    CHECK_SUCCESS_NO_WARNINGS(text);
    text = R"(
        contract C {
            function f(uint x) public pure {
                for (; x == 2; ) {
                    assert(x == 2);
                }
            }
        }
    )";
    CHECK_SUCCESS_NO_WARNINGS(text);
    text = R"(
        contract C {
            function f(uint x) public pure {
                for (uint y = 2; x < 10; ) {
                    assert(y == 2);
                }
            }
        }
    )";
    CHECK_SUCCESS_NO_WARNINGS(text);
    text = R"(
        contract C {
            function f(uint x) public pure {
                for (uint y = 2; x < 10; y = 3) {
                    assert(y == 2);
                }
            }
        }
    )";
    CHECK_WARNING(text, "Assertion violation");
    text = R"(
        contract C {
            function f(uint x) public pure {
                uint y;
                for (y = 2; x < 10; ) {
                    y = 3;
                }
                assert(y == 3);
            }
        }
    )";
    CHECK_WARNING(text, "Assertion violation");
    text = R"(
        contract C {
            function f(uint x) public pure {
                uint y;
                for (y = 2; x < 10; ) {
                    y = 3;
                }
                assert(y == 2);
            }
        }
    )";
    CHECK_WARNING(text, "Assertion violation");
}

BOOST_AUTO_TEST_CASE(division)
{
    string text = R"(
        contract C {
            function f(uint x, uint y) public pure returns (uint) {
                return x / y;
            }
        }
    )";
    CHECK_WARNING(text, "Division by zero");
    text = R"(
        contract C {
            function f(uint x, uint y) public pure returns (uint) {
                require(y != 0);
                return x / y;
            }
        }
    )";
    CHECK_SUCCESS_NO_WARNINGS(text);
    text = R"(
        contract C {
            function f(int x, int y) public pure returns (int) {
                require(y != 0);
                return x / y;
            }
        }
    )";
    CHECK_WARNING(text, "Overflow");
    text = R"(
        contract C {
            function f(int x, int y) public pure returns (int) {
                require(y != 0);
                require(y != -1);
                return x / y;
            }
        }
    )";
    CHECK_SUCCESS_NO_WARNINGS(text);
}

BOOST_AUTO_TEST_CASE(division_truncates_correctly)
{
    string text = R"(
        contract C {
            function f(uint x, uint y) public pure {
                x = 7;
                y = 2;
                assert(x / y == 3);
            }
        }
    )";
    CHECK_SUCCESS_NO_WARNINGS(text);
    text = R"(
        contract C {
            function f(int x, int y) public pure {
                x = 7;
                y = 2;
                assert(x / y == 3);
            }
        }
    )";
    CHECK_SUCCESS_NO_WARNINGS(text);
    text = R"(
        contract C {
            function f(int x, int y) public pure {
                x = -7;
                y = 2;
                assert(x / y == -3);
            }
        }
    )";
    CHECK_SUCCESS_NO_WARNINGS(text);
    text = R"(
        contract C {
            function f(int x, int y) public pure {
                x = 7;
                y = -2;
                assert(x / y == -3);
            }
        }
    )";
    CHECK_SUCCESS_NO_WARNINGS(text);
    text = R"(
        contract C {
            function f(int x, int y) public pure {
                x = -7;
                y = -2;
                assert(x / y == 3);
            }
        }
    )";
    CHECK_SUCCESS_NO_WARNINGS(text);
}

BOOST_AUTO_TEST_SUITE_END()

}
}
}