10 files changed, 655 insertions, 18 deletions
diff --git a/libsolidity/codegen/ABIFunctions.cpp b/libsolidity/codegen/ABIFunctions.cpp
index 080be359..00f59065 100644
--- a/libsolidity/codegen/ABIFunctions.cpp
+++ b/libsolidity/codegen/ABIFunctions.cpp
@@ -22,9 +22,13 @@
 
 #include <libsolidity/codegen/ABIFunctions.h>
 
+#include <libsolidity/ast/AST.h>
+#include <libsolidity/codegen/CompilerUtils.h>
+
 #include <libdevcore/Whiskers.h>
 
-#include <libsolidity/ast/AST.h>
+#include <boost/algorithm/string/join.hpp>
+#include <boost/range/adaptor/reversed.hpp>
 
 using namespace std;
 using namespace dev;
@@ -99,6 +103,79 @@ string ABIFunctions::tupleEncoder(
 	});
 }
 
+string ABIFunctions::tupleDecoder(TypePointers const& _types, bool _fromMemory)
+{
+	string functionName = string("abi_decode_tuple_");
+	for (auto const& t: _types)
+		functionName += t->identifier();
+	if (_fromMemory)
+		functionName += "_fromMemory";
+
+	solAssert(!_types.empty(), "");
+
+	return createFunction(functionName, [&]() {
+		TypePointers decodingTypes;
+		for (auto const& t: _types)
+			decodingTypes.emplace_back(t->decodingType());
+
+		Whiskers templ(R"(
+			function <functionName>(headStart, dataEnd) -> <valueReturnParams> {
+				if slt(sub(dataEnd, headStart), <minimumSize>) { revert(0, 0) }
+				<decodeElements>
+			}
+		)");
+		templ("functionName", functionName);
+		templ("minimumSize", to_string(headSize(decodingTypes)));
+
+		string decodeElements;
+		vector<string> valueReturnParams;
+		size_t headPos = 0;
+		size_t stackPos = 0;
+		for (size_t i = 0; i < _types.size(); ++i)
+		{
+			solAssert(_types[i], "");
+			solAssert(decodingTypes[i], "");
+			size_t sizeOnStack = _types[i]->sizeOnStack();
+			solAssert(sizeOnStack == decodingTypes[i]->sizeOnStack(), "");
+			solAssert(sizeOnStack > 0, "");
+			vector<string> valueNamesLocal;
+			for (size_t j = 0; j < sizeOnStack; j++)
+			{
+				valueNamesLocal.push_back("value" + to_string(stackPos));
+				valueReturnParams.push_back("value" + to_string(stackPos));
+				stackPos++;
+			}
+			bool dynamic = decodingTypes[i]->isDynamicallyEncoded();
+			Whiskers elementTempl(
+				dynamic ?
+				R"(
+				{
+					let offset := <load>(add(headStart, <pos>))
+					if gt(offset, 0xffffffffffffffff) { revert(0, 0) }
+					<values> := <abiDecode>(add(headStart, offset), dataEnd)
+				}
+				)" :
+				R"(
+				{
+					let offset := <pos>
+					<values> := <abiDecode>(add(headStart, offset), dataEnd)
+				}
+				)"
+			);
+			elementTempl("load", _fromMemory ? "mload" : "calldataload");
+			elementTempl("values", boost::algorithm::join(valueNamesLocal, ", "));
+			elementTempl("pos", to_string(headPos));
+			elementTempl("abiDecode", abiDecodingFunction(*_types[i], _fromMemory, true));
+			decodeElements += elementTempl.render();
+			headPos += dynamic ? 0x20 : decodingTypes[i]->calldataEncodedSize();
+		}
+		templ("valueReturnParams", boost::algorithm::join(valueReturnParams, ", "));
+		templ("decodeElements", decodeElements);
+
+		return templ.render();
+	});
+}
+
 string ABIFunctions::requestedFunctions()
 {
 	string result;
@@ -141,10 +218,9 @@ string ABIFunctions::cleanupFunction(Type const& _type, bool _revertOnFailure)
 			solUnimplemented("Fixed point types not implemented.");
 			break;
 		case Type::Category::Array:
-			solAssert(false, "Array cleanup requested.");
-			break;
 		case Type::Category::Struct:
-			solAssert(false, "Struct cleanup requested.");
+			solAssert(_type.dataStoredIn(DataLocation::Storage), "Cleanup requested for non-storage reference type.");
+			templ("body", "cleaned := value");
 			break;
 		case Type::Category::FixedBytes:
 		{
@@ -168,7 +244,7 @@ string ABIFunctions::cleanupFunction(Type const& _type, bool _revertOnFailure)
 		{
 			size_t members = dynamic_cast<EnumType const&>(_type).numberOfMembers();
 			solAssert(members > 0, "empty enum should have caused a parser error.");
-			Whiskers w("switch lt(value, <members>) case 0 { <failure> } cleaned := value");
+			Whiskers w("if iszero(lt(value, <members>)) { <failure> } cleaned := value");
 			w("members", to_string(members));
 			if (_revertOnFailure)
 				w("failure", "revert(0, 0)");
@@ -367,6 +443,24 @@ string ABIFunctions::combineExternalFunctionIdFunction()
 	});
 }
 
+string ABIFunctions::splitExternalFunctionIdFunction()
+{
+	string functionName = "split_external_function_id";
+	return createFunction(functionName, [&]() {
+		return Whiskers(R"(
+			function <functionName>(combined) -> addr, selector {
+				combined := <shr64>(combined)
+				selector := and(combined, 0xffffffff)
+				addr := <shr32>(combined)
+			}
+		)")
+		("functionName", functionName)
+		("shr32", shiftRightFunction(32, false))
+		("shr64", shiftRightFunction(64, false))
+		.render();
+	});
+}
+
 string ABIFunctions::abiEncodingFunction(
 	Type const& _from,
 	Type const& _to,
@@ -483,7 +577,7 @@ string ABIFunctions::abiEncodingFunctionCalldataArray(
 		_to.identifier() +
 		(_encodeAsLibraryTypes ? "_library" : "");
 	return createFunction(functionName, [&]() {
-		solUnimplementedAssert(fromArrayType.isByteArray(), "");
+		solUnimplementedAssert(fromArrayType.isByteArray(), "Only byte arrays can be encoded from calldata currently.");
 		// TODO if this is not a byte array, we might just copy byte-by-byte anyway,
 		// because the encoding is position-independent, but we have to check that.
 		Whiskers templ(R"(
@@ -754,7 +848,7 @@ string ABIFunctions::abiEncodingFunctionStruct(
 		_to.identifier() +
 		(_encodeAsLibraryTypes ? "_library" : "");
 
-	solUnimplementedAssert(!_from.dataStoredIn(DataLocation::CallData), "");
+	solUnimplementedAssert(!_from.dataStoredIn(DataLocation::CallData), "Encoding struct from calldata is not yet supported.");
 	solAssert(&_from.structDefinition() == &_to.structDefinition(), "");
 
 	return createFunction(functionName, [&]() {
@@ -963,6 +1057,307 @@ string ABIFunctions::abiEncodingFunctionFunctionType(
 		});
 }
 
+string ABIFunctions::abiDecodingFunction(Type const& _type, bool _fromMemory, bool _forUseOnStack)
+{
+	// The decoding function has to perform bounds checks unless it decodes a value type.
+	// Conversely, bounds checks have to be performed before the decoding function
+	// of a value type is called.
+
+	TypePointer decodingType = _type.decodingType();
+	solAssert(decodingType, "");
+
+	if (auto arrayType = dynamic_cast<ArrayType const*>(decodingType.get()))
+	{
+		if (arrayType->dataStoredIn(DataLocation::CallData))
+		{
+			solAssert(!_fromMemory, "");
+			return abiDecodingFunctionCalldataArray(*arrayType);
+		}
+		else if (arrayType->isByteArray())
+			return abiDecodingFunctionByteArray(*arrayType, _fromMemory);
+		else
+			return abiDecodingFunctionArray(*arrayType, _fromMemory);
+	}
+	else if (auto const* structType = dynamic_cast<StructType const*>(decodingType.get()))
+		return abiDecodingFunctionStruct(*structType, _fromMemory);
+	else if (auto const* functionType = dynamic_cast<FunctionType const*>(decodingType.get()))
+		return abiDecodingFunctionFunctionType(*functionType, _fromMemory, _forUseOnStack);
+	else
+		return abiDecodingFunctionValueType(_type, _fromMemory);
+}
+
+string ABIFunctions::abiDecodingFunctionValueType(const Type& _type, bool _fromMemory)
+{
+	TypePointer decodingType = _type.decodingType();
+	solAssert(decodingType, "");
+	solAssert(decodingType->sizeOnStack() == 1, "");
+	solAssert(decodingType->isValueType(), "");
+	solAssert(decodingType->calldataEncodedSize() == 32, "");
+	solAssert(!decodingType->isDynamicallyEncoded(), "");
+
+	string functionName =
+		"abi_decode_" +
+		_type.identifier() +
+		(_fromMemory ? "_fromMemory" : "");
+	return createFunction(functionName, [&]() {
+		Whiskers templ(R"(
+			function <functionName>(offset, end) -> value {
+				value := <cleanup>(<load>(offset))
+			}
+		)");
+		templ("functionName", functionName);
+		templ("load", _fromMemory ? "mload" : "calldataload");
+		// Cleanup itself should use the type and not decodingType, because e.g.
+		// the decoding type of an enum is a plain int.
+		templ("cleanup", cleanupFunction(_type, true));
+		return templ.render();
+	});
+
+}
+
+string ABIFunctions::abiDecodingFunctionArray(ArrayType const& _type, bool _fromMemory)
+{
+	solAssert(_type.dataStoredIn(DataLocation::Memory), "");
+	solAssert(!_type.isByteArray(), "");
+
+	string functionName =
+		"abi_decode_" +
+		_type.identifier() +
+		(_fromMemory ? "_fromMemory" : "");
+
+	solAssert(!_type.dataStoredIn(DataLocation::Storage), "");
+
+	return createFunction(functionName, [&]() {
+		string load = _fromMemory ? "mload" : "calldataload";
+		bool dynamicBase = _type.baseType()->isDynamicallyEncoded();
+		Whiskers templ(
+			R"(
+				// <readableTypeName>
+				function <functionName>(offset, end) -> array {
+					if iszero(slt(add(offset, 0x1f), end)) { revert(0, 0) }
+					let length := <retrieveLength>
+					array := <allocate>(<allocationSize>(length))
+					let dst := array
+					<storeLength> // might update offset and dst
+					let src := offset
+					<staticBoundsCheck>
+					for { let i := 0 } lt(i, length) { i := add(i, 1) }
+					{
+						let elementPos := <retrieveElementPos>
+						mstore(dst, <decodingFun>(elementPos, end))
+						dst := add(dst, 0x20)
+						src := add(src, <baseEncodedSize>)
+					}
+				}
+			)"
+		);
+		templ("functionName", functionName);
+		templ("readableTypeName", _type.toString(true));
+		templ("retrieveLength", !_type.isDynamicallySized() ? toCompactHexWithPrefix(_type.length()) : load + "(offset)");
+		templ("allocate", allocationFunction());
+		templ("allocationSize", arrayAllocationSizeFunction(_type));
+		if (_type.isDynamicallySized())
+			templ("storeLength", "mstore(array, length) offset := add(offset, 0x20) dst := add(dst, 0x20)");
+		else
+			templ("storeLength", "");
+		if (dynamicBase)
+		{
+			templ("staticBoundsCheck", "");
+			templ("retrieveElementPos", "add(offset, " + load + "(src))");
+			templ("baseEncodedSize", "0x20");
+		}
+		else
+		{
+			string baseEncodedSize = toCompactHexWithPrefix(_type.baseType()->calldataEncodedSize());
+			templ("staticBoundsCheck", "if gt(add(src, mul(length, " + baseEncodedSize + ")), end) { revert(0, 0) }");
+			templ("retrieveElementPos", "src");
+			templ("baseEncodedSize", baseEncodedSize);
+		}
+		templ("decodingFun", abiDecodingFunction(*_type.baseType(), _fromMemory, false));
+		return templ.render();
+	});
+}
+
+string ABIFunctions::abiDecodingFunctionCalldataArray(ArrayType const& _type)
+{
+	// This does not work with arrays of complex types - the array access
+	// is not yet implemented in Solidity.
+	solAssert(_type.dataStoredIn(DataLocation::CallData), "");
+	if (!_type.isDynamicallySized())
+		solAssert(_type.length() < u256("0xffffffffffffffff"), "");
+	solAssert(!_type.baseType()->isDynamicallyEncoded(), "");
+	solAssert(_type.baseType()->calldataEncodedSize() < u256("0xffffffffffffffff"), "");
+
+	string functionName =
+		"abi_decode_" +
+		_type.identifier();
+	return createFunction(functionName, [&]() {
+		string templ;
+		if (_type.isDynamicallySized())
+			templ = R"(
+				// <readableTypeName>
+				function <functionName>(offset, end) -> arrayPos, length {
+					if iszero(slt(add(offset, 0x1f), end)) { revert(0, 0) }
+					length := calldataload(offset)
+					if gt(length, 0xffffffffffffffff) { revert(0, 0) }
+					arrayPos := add(offset, 0x20)
+					if gt(add(arrayPos, mul(<length>, <baseEncodedSize>)), end) { revert(0, 0) }
+				}
+			)";
+		else
+			templ = R"(
+				// <readableTypeName>
+				function <functionName>(offset, end) -> arrayPos {
+					arrayPos := offset
+					if gt(add(arrayPos, mul(<length>, <baseEncodedSize>)), end) { revert(0, 0) }
+				}
+			)";
+		Whiskers w{templ};
+		w("functionName", functionName);
+		w("readableTypeName", _type.toString(true));
+		w("baseEncodedSize", toCompactHexWithPrefix(_type.isByteArray() ? 1 : _type.baseType()->calldataEncodedSize()));
+		w("length", _type.isDynamicallyEncoded() ? "length" : toCompactHexWithPrefix(_type.length()));
+		return w.render();
+	});
+}
+
+string ABIFunctions::abiDecodingFunctionByteArray(ArrayType const& _type, bool _fromMemory)
+{
+	solAssert(_type.dataStoredIn(DataLocation::Memory), "");
+	solAssert(_type.isByteArray(), "");
+
+	string functionName =
+		"abi_decode_" +
+		_type.identifier() +
+		(_fromMemory ? "_fromMemory" : "");
+
+	return createFunction(functionName, [&]() {
+		Whiskers templ(
+			R"(
+				function <functionName>(offset, end) -> array {
+					if iszero(slt(add(offset, 0x1f), end)) { revert(0, 0) }
+					let length := <load>(offset)
+					array := <allocate>(<allocationSize>(length))
+					mstore(array, length)
+					let src := add(offset, 0x20)
+					let dst := add(array, 0x20)
+					if gt(add(src, length), end) { revert(0, 0) }
+					<copyToMemFun>(src, dst, length)
+				}
+			)"
+		);
+		templ("functionName", functionName);
+		templ("load", _fromMemory ? "mload" : "calldataload");
+		templ("allocate", allocationFunction());
+		templ("allocationSize", arrayAllocationSizeFunction(_type));
+		templ("copyToMemFun", copyToMemoryFunction(!_fromMemory));
+		return templ.render();
+	});
+}
+
+string ABIFunctions::abiDecodingFunctionStruct(StructType const& _type, bool _fromMemory)
+{
+	string functionName =
+		"abi_decode_" +
+		_type.identifier() +
+		(_fromMemory ? "_fromMemory" : "");
+
+	solUnimplementedAssert(!_type.dataStoredIn(DataLocation::CallData), "");
+
+	return createFunction(functionName, [&]() {
+		Whiskers templ(R"(
+			// <readableTypeName>
+			function <functionName>(headStart, end) -> value {
+				if slt(sub(end, headStart), <minimumSize>) { revert(0, 0) }
+				value := <allocate>(<memorySize>)
+				<#members>
+				{
+					// <memberName>
+					<decode>
+				}
+				</members>
+			}
+		)");
+		templ("functionName", functionName);
+		templ("readableTypeName", _type.toString(true));
+		templ("allocate", allocationFunction());
+		solAssert(_type.memorySize() < u256("0xffffffffffffffff"), "");
+		templ("memorySize", toCompactHexWithPrefix(_type.memorySize()));
+		size_t headPos = 0;
+		vector<map<string, string>> members;
+		for (auto const& member: _type.members(nullptr))
+		{
+			solAssert(member.type, "");
+			solAssert(member.type->canLiveOutsideStorage(), "");
+			auto decodingType = member.type->decodingType();
+			solAssert(decodingType, "");
+			bool dynamic = decodingType->isDynamicallyEncoded();
+			Whiskers memberTempl(
+				dynamic ?
+				R"(
+					let offset := <load>(add(headStart, <pos>))
+					if gt(offset, 0xffffffffffffffff) { revert(0, 0) }
+					mstore(add(value, <memoryOffset>), <abiDecode>(add(headStart, offset), end))
+				)" :
+				R"(
+					let offset := <pos>
+					mstore(add(value, <memoryOffset>), <abiDecode>(add(headStart, offset), end))
+				)"
+			);
+			memberTempl("load", _fromMemory ? "mload" : "calldataload");
+			memberTempl("pos", to_string(headPos));
+			memberTempl("memoryOffset", toCompactHexWithPrefix(_type.memoryOffsetOfMember(member.name)));
+			memberTempl("abiDecode", abiDecodingFunction(*member.type, _fromMemory, false));
+
+			members.push_back({});
+			members.back()["decode"] = memberTempl.render();
+			members.back()["memberName"] = member.name;
+			headPos += dynamic ? 0x20 : decodingType->calldataEncodedSize();
+		}
+		templ("members", members);
+		templ("minimumSize", toCompactHexWithPrefix(headPos));
+		return templ.render();
+	});
+}
+
+string ABIFunctions::abiDecodingFunctionFunctionType(FunctionType const& _type, bool _fromMemory, bool _forUseOnStack)
+{
+	solAssert(_type.kind() == FunctionType::Kind::External, "");
+
+	string functionName =
+		"abi_decode_" +
+		_type.identifier() +
+		(_fromMemory ? "_fromMemory" : "") +
+		(_forUseOnStack ? "_onStack" : "");
+
+	return createFunction(functionName, [&]() {
+		if (_forUseOnStack)
+		{
+			return Whiskers(R"(
+				function <functionName>(offset, end) -> addr, function_selector {
+					addr, function_selector := <splitExtFun>(<load>(offset))
+				}
+			)")
+			("functionName", functionName)
+			("load", _fromMemory ? "mload" : "calldataload")
+			("splitExtFun", splitExternalFunctionIdFunction())
+			.render();
+		}
+		else
+		{
+			return Whiskers(R"(
+				function <functionName>(offset, end) -> fun {
+					fun := <cleanExtFun>(<load>(offset))
+				}
+			)")
+			("functionName", functionName)
+			("load", _fromMemory ? "mload" : "calldataload")
+			("cleanExtFun", cleanupCombinedExternalFunctionIdFunction())
+			.render();
+		}
+	});
+}
+
 string ABIFunctions::copyToMemoryFunction(bool _fromCalldata)
 {
 	string functionName = "copy_" + string(_fromCalldata ? "calldata" : "memory") + "_to_memory";
@@ -988,8 +1383,8 @@ string ABIFunctions::copyToMemoryFunction(bool _fromCalldata)
 					{
 						mstore(add(dst, i), mload(add(src, i)))
 					}
-					switch eq(i, length)
-					case 0 {
+					if gt(i, length)
+					{
 						// clear end
 						mstore(add(dst, length), 0)
 					}
@@ -1098,6 +1493,33 @@ string ABIFunctions::arrayLengthFunction(ArrayType const& _type)
 	});
 }
 
+string ABIFunctions::arrayAllocationSizeFunction(ArrayType const& _type)
+{
+	solAssert(_type.dataStoredIn(DataLocation::Memory), "");
+	string functionName = "array_allocation_size_" + _type.identifier();
+	return createFunction(functionName, [&]() {
+		Whiskers w(R"(
+			function <functionName>(length) -> size {
+				// Make sure we can allocate memory without overflow
+				if gt(length, 0xffffffffffffffff) { revert(0, 0) }
+				size := <allocationSize>
+				<addLengthSlot>
+			}
+		)");
+		w("functionName", functionName);
+		if (_type.isByteArray())
+			// Round up
+			w("allocationSize", "and(add(length, 0x1f), not(0x1f))");
+		else
+			w("allocationSize", "mul(length, 0x20)");
+		if (_type.isDynamicallySized())
+			w("addLengthSlot", "size := add(size, 0x20)");
+		else
+			w("addLengthSlot", "");
+		return w.render();
+	});
+}
+
 string ABIFunctions::arrayDataAreaFunction(ArrayType const& _type)
 {
 	string functionName = "array_dataslot_" + _type.identifier();
@@ -1189,6 +1611,25 @@ string ABIFunctions::nextArrayElementFunction(ArrayType const& _type)
 	});
 }
 
+string ABIFunctions::allocationFunction()
+{
+	string functionName = "allocateMemory";
+	return createFunction(functionName, [&]() {
+		return Whiskers(R"(
+			function <functionName>(size) -> memPtr {
+				memPtr := mload(<freeMemoryPointer>)
+				let newFreePtr := add(memPtr, size)
+				// protect against overflow
+				if or(gt(newFreePtr, 0xffffffffffffffff), lt(newFreePtr, memPtr)) { revert(0, 0) }
+				mstore(<freeMemoryPointer>, newFreePtr)
+			}
+		)")
+		("freeMemoryPointer", to_string(CompilerUtils::freeMemoryPointer))
+		("functionName", functionName)
+		.render();
+	});
+}
+
 string ABIFunctions::createFunction(string const& _name, function<string ()> const& _creator)
 {
 	if (!m_requestedFunctions.count(_name))
diff --git a/libsolidity/codegen/ABIFunctions.h b/libsolidity/codegen/ABIFunctions.h
index e61f68bc..2b582e84 100644
--- a/libsolidity/codegen/ABIFunctions.h
+++ b/libsolidity/codegen/ABIFunctions.h
@@ -66,6 +66,16 @@ public:
 		bool _encodeAsLibraryTypes = false
 	);
 
+	/// @returns name of an assembly function to ABI-decode values of @a _types
+	/// into memory. If @a _fromMemory is true, decodes from memory instead of
+	/// from calldata.
+	/// Can allocate memory.
+	/// Inputs: <source_offset> <source_end> (layout reversed on stack)
+	/// Outputs: <value0> <value1> ... <valuen>
+	/// The values represent stack slots. If a type occupies more or less than one
+	/// stack slot, it takes exactly that number of values.
+	std::string tupleDecoder(TypePointers const& _types, bool _fromMemory = false);
+
 	/// @returns concatenation of all generated functions.
 	std::string requestedFunctions();
 
@@ -87,6 +97,10 @@ private:
 	/// for use in the ABI.
 	std::string combineExternalFunctionIdFunction();
 
+	/// @returns a function that splits the address and selector from a single value
+	/// for use in the ABI.
+	std::string splitExternalFunctionIdFunction();
+
 	/// @returns the name of the ABI encoding function with the given type
 	/// and queues the generation of the function to the requested functions.
 	/// @param _fromStack if false, the input value was just loaded from storage
@@ -146,6 +160,31 @@ private:
 		bool _fromStack
 	);
 
+	/// @returns the name of the ABI decoding function for the given type
+	/// and queues the generation of the function to the requested functions.
+	/// The caller has to ensure that no out of bounds access (at least to the static
+	/// part) can happen inside this function.
+	/// @param _fromMemory if decoding from memory instead of from calldata
+	/// @param _forUseOnStack if the decoded value is stored on stack or in memory.
+	std::string abiDecodingFunction(
+		Type const& _Type,
+		bool _fromMemory,
+		bool _forUseOnStack
+	);
+
+	/// Part of @a abiDecodingFunction for value types.
+	std::string abiDecodingFunctionValueType(Type const& _type, bool _fromMemory);
+	/// Part of @a abiDecodingFunction for "regular" array types.
+	std::string abiDecodingFunctionArray(ArrayType const& _type, bool _fromMemory);
+	/// Part of @a abiDecodingFunction for calldata array types.
+	std::string abiDecodingFunctionCalldataArray(ArrayType const& _type);
+	/// Part of @a abiDecodingFunction for byte array types.
+	std::string abiDecodingFunctionByteArray(ArrayType const& _type, bool _fromMemory);
+	/// Part of @a abiDecodingFunction for struct types.
+	std::string abiDecodingFunctionStruct(StructType const& _type, bool _fromMemory);
+	/// Part of @a abiDecodingFunction for array types.
+	std::string abiDecodingFunctionFunctionType(FunctionType const& _type, bool _fromMemory, bool _forUseOnStack);
+
 	/// @returns a function that copies raw bytes of dynamic length from calldata
 	/// or memory to memory.
 	/// Pads with zeros and might write more than exactly length.
@@ -158,6 +197,10 @@ private:
 	std::string roundUpFunction();
 
 	std::string arrayLengthFunction(ArrayType const& _type);
+	/// @returns the name of a function that computes the number of bytes required
+	/// to store an array in memory given its length (internally encoded, not ABI encoded).
+	/// The function reverts for too large lengthes.
+	std::string arrayAllocationSizeFunction(ArrayType const& _type);
 	/// @returns the name of a function that converts a storage slot number
 	/// or a memory pointer to the slot number / memory pointer for the data position of an array
 	/// which is stored in that slot / memory area.
@@ -166,6 +209,12 @@ private:
 	/// Only works for memory arrays and storage arrays that store one item per slot.
 	std::string nextArrayElementFunction(ArrayType const& _type);
 
+	/// @returns the name of a function that allocates memory.
+	/// Modifies the "free memory pointer"
+	/// Arguments: size
+	/// Return value: pointer
+	std::string allocationFunction();
+
 	/// Helper function that uses @a _creator to create a function and add it to
 	/// @a m_requestedFunctions if it has not been created yet and returns @a _name in both
 	/// cases.
diff --git a/libsolidity/codegen/Compiler.cpp b/libsolidity/codegen/Compiler.cpp
index 44264a07..d3afada5 100644
--- a/libsolidity/codegen/Compiler.cpp
+++ b/libsolidity/codegen/Compiler.cpp
@@ -51,6 +51,7 @@ void Compiler::compileClone(
 	map<ContractDefinition const*, eth::Assembly const*> const& _contracts
 )
 {
+	solAssert(!_contract.isLibrary(), "");
 	ContractCompiler runtimeCompiler(nullptr, m_runtimeContext, m_optimize);
 	ContractCompiler cloneCompiler(&runtimeCompiler, m_context, m_optimize);
 	m_runtimeSub = cloneCompiler.compileClone(_contract, _contracts);
diff --git a/libsolidity/codegen/CompilerContext.cpp b/libsolidity/codegen/CompilerContext.cpp
index ce9c3b7f..7a88475a 100644
--- a/libsolidity/codegen/CompilerContext.cpp
+++ b/libsolidity/codegen/CompilerContext.cpp
@@ -319,14 +319,19 @@ void CompilerContext::appendInlineAssembly(
 	ErrorList errors;
 	ErrorReporter errorReporter(errors);
 	auto scanner = make_shared<Scanner>(CharStream(_assembly), "--CODEGEN--");
-	auto parserResult = assembly::Parser(errorReporter).parse(scanner);
+	auto parserResult = assembly::Parser(errorReporter, assembly::AsmFlavour::Strict).parse(scanner);
 #ifdef SOL_OUTPUT_ASM
 	cout << assembly::AsmPrinter()(*parserResult) << endl;
 #endif
 	assembly::AsmAnalysisInfo analysisInfo;
 	bool analyzerResult = false;
 	if (parserResult)
-		analyzerResult = assembly::AsmAnalyzer(analysisInfo, errorReporter, false, identifierAccess.resolve).analyze(*parserResult);
+		analyzerResult = assembly::AsmAnalyzer(
+			analysisInfo,
+			errorReporter,
+			assembly::AsmFlavour::Strict,
+			identifierAccess.resolve
+		).analyze(*parserResult);
 	if (!parserResult || !errorReporter.errors().empty() || !analyzerResult)
 	{
 		string message =
@@ -347,6 +352,9 @@ void CompilerContext::appendInlineAssembly(
 
 	solAssert(errorReporter.errors().empty(), "Failed to analyze inline assembly block.");
 	assembly::CodeGenerator::assemble(*parserResult, analysisInfo, *m_asm, identifierAccess, _system);
+
+	// Reset the source location to the one of the node (instead of the CODEGEN source location)
+	updateSourceLocation();
 }
 
 FunctionDefinition const& CompilerContext::resolveVirtualFunction(
diff --git a/libsolidity/codegen/CompilerContext.h b/libsolidity/codegen/CompilerContext.h
index 7743fd3f..a155a3a5 100644
--- a/libsolidity/codegen/CompilerContext.h
+++ b/libsolidity/codegen/CompilerContext.h
@@ -174,6 +174,9 @@ public:
 	eth::AssemblyItem appendData(bytes const& _data) { return m_asm->append(_data); }
 	/// Appends the address (virtual, will be filled in by linker) of a library.
 	void appendLibraryAddress(std::string const& _identifier) { m_asm->appendLibraryAddress(_identifier); }
+	/// Appends a zero-address that can be replaced by something else at deploy time (if the
+	/// position in bytecode is known).
+	void appendDeployTimeAddress() { m_asm->append(eth::PushDeployTimeAddress); }
 	/// Resets the stack of visited nodes with a new stack having only @c _node
 	void resetVisitedNodes(ASTNode const* _node);
 	/// Pops the stack of visited nodes
@@ -187,8 +190,8 @@ public:
 	CompilerContext& operator<<(u256 const& _value) { m_asm->append(_value); return *this; }
 	CompilerContext& operator<<(bytes const& _data) { m_asm->append(_data); return *this; }
 
-	/// Appends inline assembly. @a _replacements are string-matching replacements that are performed
-	/// prior to parsing the inline assembly.
+	/// Appends inline assembly (strict mode).
+	/// @a _replacements are string-matching replacements that are performed prior to parsing the inline assembly.
 	/// @param _localVariables assigns stack positions to variables with the last one being the stack top
 	/// @param _system if true, this is a "system-level" assembly where all functions use named labels.
 	void appendInlineAssembly(
diff --git a/libsolidity/codegen/CompilerUtils.cpp b/libsolidity/codegen/CompilerUtils.cpp
index f9b181ae..533aca5c 100644
--- a/libsolidity/codegen/CompilerUtils.cpp
+++ b/libsolidity/codegen/CompilerUtils.cpp
@@ -121,7 +121,7 @@ void CompilerUtils::storeInMemoryDynamic(Type const& _type, bool _padToWordBound
 {
 	if (auto ref = dynamic_cast<ReferenceType const*>(&_type))
 	{
-		solUnimplementedAssert(ref->location() == DataLocation::Memory, "");
+		solUnimplementedAssert(ref->location() == DataLocation::Memory, "Only in-memory reference type can be stored.");
 		storeInMemoryDynamic(IntegerType(256), _padToWordBoundaries);
 	}
 	else if (auto str = dynamic_cast<StringLiteralType const*>(&_type))
@@ -319,6 +319,23 @@ void CompilerUtils::abiEncodeV2(
 	m_context << ret.tag();
 }
 
+void CompilerUtils::abiDecodeV2(TypePointers const& _parameterTypes, bool _fromMemory)
+{
+	// stack: <source_offset>
+	auto ret = m_context.pushNewTag();
+	m_context << Instruction::SWAP1;
+	if (_fromMemory)
+		// TODO pass correct size for the memory case
+		m_context << (u256(1) << 63);
+	else
+		m_context << Instruction::CALLDATASIZE;
+	m_context << Instruction::SWAP1;
+	string decoderName = m_context.abiFunctions().tupleDecoder(_parameterTypes, _fromMemory);
+	m_context.appendJumpTo(m_context.namedTag(decoderName));
+	m_context.adjustStackOffset(int(sizeOnStack(_parameterTypes)) - 3);
+	m_context << ret.tag();
+}
+
 void CompilerUtils::zeroInitialiseMemoryArray(ArrayType const& _type)
 {
 	auto repeat = m_context.newTag();
diff --git a/libsolidity/codegen/CompilerUtils.h b/libsolidity/codegen/CompilerUtils.h
index ad3989ad..3cde281b 100644
--- a/libsolidity/codegen/CompilerUtils.h
+++ b/libsolidity/codegen/CompilerUtils.h
@@ -146,6 +146,13 @@ public:
 		bool _encodeAsLibraryTypes = false
 	);
 
+	/// Decodes data from ABI encoding into internal encoding. If @a _fromMemory is set to true,
+	/// the data is taken from memory instead of from calldata.
+	/// Can allocate memory.
+	/// Stack pre: <source_offset>
+	/// Stack post: <value0> <value1> ... <valuen>
+	void abiDecodeV2(TypePointers const& _parameterTypes, bool _fromMemory = false);
+
 	/// Zero-initialises (the data part of) an already allocated memory array.
 	/// Length has to be nonzero!
 	/// Stack pre: <length> <memptr>
diff --git a/libsolidity/codegen/ContractCompiler.cpp b/libsolidity/codegen/ContractCompiler.cpp
index 74565ae4..f463db94 100644
--- a/libsolidity/codegen/ContractCompiler.cpp
+++ b/libsolidity/codegen/ContractCompiler.cpp
@@ -64,6 +64,12 @@ void ContractCompiler::compileContract(
 )
 {
 	CompilerContext::LocationSetter locationSetter(m_context, _contract);
+
+	if (_contract.isLibrary())
+		// Check whether this is a call (true) or a delegatecall (false).
+		// This has to be the first code in the contract.
+		appendDelegatecallCheck();
+
 	initializeContext(_contract, _contracts);
 	appendFunctionSelector(_contract);
 	appendMissingFunctions();
@@ -75,8 +81,13 @@ size_t ContractCompiler::compileConstructor(
 )
 {
 	CompilerContext::LocationSetter locationSetter(m_context, _contract);
-	initializeContext(_contract, _contracts);
-	return packIntoContractCreator(_contract);
+	if (_contract.isLibrary())
+		return deployLibrary(_contract);
+	else
+	{
+		initializeContext(_contract, _contracts);
+		return packIntoContractCreator(_contract);
+	}
 }
 
 size_t ContractCompiler::compileClone(
@@ -122,6 +133,7 @@ void ContractCompiler::appendCallValueCheck()
 
 void ContractCompiler::appendInitAndConstructorCode(ContractDefinition const& _contract)
 {
+	solAssert(!_contract.isLibrary(), "Tried to initialize library.");
 	CompilerContext::LocationSetter locationSetter(m_context, _contract);
 	// Determine the arguments that are used for the base constructors.
 	std::vector<ContractDefinition const*> const& bases = _contract.annotation().linearizedBaseContracts;
@@ -163,6 +175,7 @@ void ContractCompiler::appendInitAndConstructorCode(ContractDefinition const& _c
 size_t ContractCompiler::packIntoContractCreator(ContractDefinition const& _contract)
 {
 	solAssert(!!m_runtimeCompiler, "");
+	solAssert(!_contract.isLibrary(), "Tried to use contract creator or library.");
 
 	appendInitAndConstructorCode(_contract);
 
@@ -188,6 +201,34 @@ size_t ContractCompiler::packIntoContractCreator(ContractDefinition const& _cont
 	return m_context.runtimeSub();
 }
 
+size_t ContractCompiler::deployLibrary(ContractDefinition const& _contract)
+{
+	solAssert(!!m_runtimeCompiler, "");
+	solAssert(_contract.isLibrary(), "Tried to deploy contract as library.");
+
+	CompilerContext::LocationSetter locationSetter(m_context, _contract);
+
+	solAssert(m_context.runtimeSub() != size_t(-1), "Runtime sub not registered");
+	m_context.pushSubroutineSize(m_context.runtimeSub());
+	m_context.pushSubroutineOffset(m_context.runtimeSub());
+	m_context.appendInlineAssembly(R"(
+	{
+		// If code starts at 11, an mstore(0) writes to the full PUSH20 plus data
+		// without the need for a shift.
+		let codepos := 11
+		codecopy(codepos, subOffset, subSize)
+		// Check that the first opcode is a PUSH20
+		switch eq(0x73, byte(0, mload(codepos)))
+		case 0 { invalid() }
+		mstore(0, address())
+		mstore8(codepos, 0x73)
+		return(codepos, subSize)
+	}
+	)", {"subSize", "subOffset"});
+
+	return m_context.runtimeSub();
+}
+
 void ContractCompiler::appendBaseConstructor(FunctionDefinition const& _constructor)
 {
 	CompilerContext::LocationSetter locationSetter(m_context, _constructor);
@@ -244,11 +285,26 @@ void ContractCompiler::appendConstructor(FunctionDefinition const& _constructor)
 	_constructor.accept(*this);
 }
 
+void ContractCompiler::appendDelegatecallCheck()
+{
+	// Special constant that will be replaced by the address at deploy time.
+	// At compilation time, this is just "PUSH20 00...000".
+	m_context.appendDeployTimeAddress();
+	m_context << Instruction::ADDRESS << Instruction::EQ;
+	// The result on the stack is
+	// "We have not been called via DELEGATECALL".
+}
+
 void ContractCompiler::appendFunctionSelector(ContractDefinition const& _contract)
 {
 	map<FixedHash<4>, FunctionTypePointer> interfaceFunctions = _contract.interfaceFunctions();
 	map<FixedHash<4>, const eth::AssemblyItem> callDataUnpackerEntryPoints;
 
+	if (_contract.isLibrary())
+	{
+		solAssert(m_context.stackHeight() == 1, "CALL / DELEGATECALL flag expected.");
+	}
+
 	FunctionDefinition const* fallback = _contract.fallbackFunction();
 	eth::AssemblyItem notFound = m_context.newTag();
 	// directly jump to fallback if the data is too short to contain a function selector
@@ -260,7 +316,7 @@ void ContractCompiler::appendFunctionSelector(ContractDefinition const& _contrac
 	if (!interfaceFunctions.empty())
 		CompilerUtils(m_context).loadFromMemory(0, IntegerType(CompilerUtils::dataStartOffset * 8), true);
 
-	// stack now is: 1 0 <funhash>
+	// stack now is: <can-call-non-view-functions>? <funhash>
 	for (auto const& it: interfaceFunctions)
 	{
 		callDataUnpackerEntryPoints.insert(std::make_pair(it.first, m_context.newTag()));
@@ -272,6 +328,7 @@ void ContractCompiler::appendFunctionSelector(ContractDefinition const& _contrac
 	m_context << notFound;
 	if (fallback)
 	{
+		solAssert(!_contract.isLibrary(), "");
 		if (!fallback->isPayable())
 			appendCallValueCheck();
 
@@ -291,6 +348,13 @@ void ContractCompiler::appendFunctionSelector(ContractDefinition const& _contrac
 		CompilerContext::LocationSetter locationSetter(m_context, functionType->declaration());
 
 		m_context << callDataUnpackerEntryPoints.at(it.first);
+		if (_contract.isLibrary() && functionType->stateMutability() > StateMutability::View)
+		{
+			// If the function is not a view function and is called without DELEGATECALL,
+			// we revert.
+			m_context << dupInstruction(2);
+			m_context.appendConditionalRevert();
+		}
 		m_context.setStackOffset(0);
 		// We have to allow this for libraries, because value of the previous
 		// call is still visible in the delegatecall.
@@ -322,6 +386,15 @@ void ContractCompiler::appendCalldataUnpacker(TypePointers const& _typeParameter
 {
 	// We do not check the calldata size, everything is zero-padded
 
+	if (m_context.experimentalFeatureActive(ExperimentalFeature::ABIEncoderV2))
+	{
+		// Use the new JULIA-based decoding function
+		auto stackHeightBefore = m_context.stackHeight();
+		CompilerUtils(m_context).abiDecodeV2(_typeParameters, _fromMemory);
+		solAssert(m_context.stackHeight() - stackHeightBefore == CompilerUtils(m_context).sizeOnStack(_typeParameters) - 1, "");
+		return;
+	}
+
 	//@todo this does not yet support nested dynamic arrays
 
 	// Retain the offset pointer as base_offset, the point from which the data offsets are computed.
@@ -432,6 +505,7 @@ void ContractCompiler::registerStateVariables(ContractDefinition const& _contrac
 
 void ContractCompiler::initializeStateVariables(ContractDefinition const& _contract)
 {
+	solAssert(!_contract.isLibrary(), "Tried to initialize state variables of library.");
 	for (VariableDeclaration const* variable: _contract.stateVariables())
 		if (variable->value() && !variable->isConstant())
 			ExpressionCompiler(m_context, m_optimise).appendStateVariableInitialization(*variable);
diff --git a/libsolidity/codegen/ContractCompiler.h b/libsolidity/codegen/ContractCompiler.h
index 7c5ee59f..1fd80d05 100644
--- a/libsolidity/codegen/ContractCompiler.h
+++ b/libsolidity/codegen/ContractCompiler.h
@@ -75,10 +75,19 @@ private:
 	/// with a new and initialized context. Adds the constructor code.
 	/// @returns the identifier of the runtime sub assembly
 	size_t packIntoContractCreator(ContractDefinition const& _contract);
+	/// Appends code that deploys the given contract as a library.
+	/// Will also add code that modifies the contract in memory by injecting the current address
+	/// for the call protector.
+	size_t deployLibrary(ContractDefinition const& _contract);
 	/// Appends state variable initialisation and constructor code.
 	void appendInitAndConstructorCode(ContractDefinition const& _contract);
 	void appendBaseConstructor(FunctionDefinition const& _constructor);
 	void appendConstructor(FunctionDefinition const& _constructor);
+	/// Appends code that returns a boolean flag on the stack that tells whether
+	/// the contract has been called via delegatecall (false) or regular call (true).
+	/// This is done by inserting a specific push constant as the first instruction
+	/// whose data will be modified in memory at deploy time.
+	void appendDelegatecallCheck();
 	void appendFunctionSelector(ContractDefinition const& _contract);
 	void appendCallValueCheck();
 	/// Creates code that unpacks the arguments for the given function represented by a vector of TypePointers.
diff --git a/libsolidity/codegen/ExpressionCompiler.cpp b/libsolidity/codegen/ExpressionCompiler.cpp
index bb8c4a94..61920592 100644
--- a/libsolidity/codegen/ExpressionCompiler.cpp
+++ b/libsolidity/codegen/ExpressionCompiler.cpp
@@ -765,7 +765,11 @@ bool ExpressionCompiler::visit(FunctionCall const& _functionCall)
 		case FunctionType::Kind::AddMod:
 		case FunctionType::Kind::MulMod:
 		{
-			for (unsigned i = 0; i < 3; i ++)
+			arguments[2]->accept(*this);
+			utils().convertType(*arguments[2]->annotation().type, IntegerType(256));
+			m_context << Instruction::DUP1 << Instruction::ISZERO;
+			m_context.appendConditionalInvalid();
+			for (unsigned i = 1; i < 3; i ++)
 			{
 				arguments[2 - i]->accept(*this);
 				utils().convertType(*arguments[2 - i]->annotation().type, IntegerType(256));
@@ -1014,6 +1018,30 @@ bool ExpressionCompiler::visit(MemberAccess const& _memberAccess)
 			_memberAccess.expression().accept(*this);
 		return false;
 	}
+	// Another special case for `this.f.selector` which does not need the address.
+	// There are other uses of `.selector` which do need the address, but we want this
+	// specific use to be a pure expression.
+	if (
+		_memberAccess.expression().annotation().type->category() == Type::Category::Function &&
+		member == "selector"
+	)
+		if (auto const* expr = dynamic_cast<MemberAccess const*>(&_memberAccess.expression()))
+			if (auto const* exprInt = dynamic_cast<Identifier const*>(&expr->expression()))
+				if (exprInt->name() == "this")
+					if (Declaration const* declaration = expr->annotation().referencedDeclaration)
+					{
+						u256 identifier;
+						if (auto const* variable = dynamic_cast<VariableDeclaration const*>(declaration))
+							identifier = FunctionType(*variable).externalIdentifier();
+						else if (auto const* function = dynamic_cast<FunctionDefinition const*>(declaration))
+							identifier = FunctionType(*function).externalIdentifier();
+						else
+							solAssert(false, "Contract member is neither variable nor function.");
+						m_context << identifier;
+						/// need to store store it as bytes4
+						utils().leftShiftNumberOnStack(224);
+						return false;
+					}
 
 	_memberAccess.expression().accept(*this);
 	switch (_memberAccess.expression().annotation().type->category())