From eb7b3862ac5089615710d07c9a56b8edc0472394 Mon Sep 17 00:00:00 2001
From: Alex Beregszaszi <alex@rtfs.hu>
Date: Tue, 7 Aug 2018 12:13:52 +0100
Subject: Properly handle invalid references used together with _slot and
 _offset.

---
 Changelog.md                                                     | 1 +
 libsolidity/analysis/ReferencesResolver.cpp                      | 2 ++
 .../syntaxTests/inlineAssembly/storage_reference_on_function.sol | 9 +++++++++
 3 files changed, 12 insertions(+)
 create mode 100644 test/libsolidity/syntaxTests/inlineAssembly/storage_reference_on_function.sol

diff --git a/Changelog.md b/Changelog.md
index e00f74b3..037451ed 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -83,6 +83,7 @@ Bugfixes:
  * Fix NatSpec json output for `@notice` and `@dev` tags on contract definitions.
  * References Resolver: Do not crash on using ``_slot`` and ``_offset`` suffixes on their own.
  * References Resolver: Enforce ``storage`` as data location for mappings.
+ * References Resolver: Properly handle invalid references used together with ``_slot`` and ``_offset``.
  * References Resolver: Report error instead of assertion fail when FunctionType has an undeclared type as parameter.
  * Type Checker: Disallow assignments to mappings within tuple assignments as well.
  * Type Checker: Allow assignments to local variables of mapping types.
diff --git a/libsolidity/analysis/ReferencesResolver.cpp b/libsolidity/analysis/ReferencesResolver.cpp
index 5458c1b0..b888ecd6 100644
--- a/libsolidity/analysis/ReferencesResolver.cpp
+++ b/libsolidity/analysis/ReferencesResolver.cpp
@@ -262,6 +262,8 @@ bool ReferencesResolver::visit(InlineAssembly const& _inlineAssembly)
 				return size_t(-1);
 			}
 			declarations = m_resolver.nameFromCurrentScope(realName);
+			if (!dynamic_cast<VariableDeclaration const*>(declarations.front()))
+				return size_t(-1);
 		}
 		if (declarations.size() != 1)
 			return size_t(-1);
diff --git a/test/libsolidity/syntaxTests/inlineAssembly/storage_reference_on_function.sol b/test/libsolidity/syntaxTests/inlineAssembly/storage_reference_on_function.sol
new file mode 100644
index 00000000..6838e7a4
--- /dev/null
+++ b/test/libsolidity/syntaxTests/inlineAssembly/storage_reference_on_function.sol
@@ -0,0 +1,9 @@
+contract C {
+    function f() pure public {
+        assembly {
+            let x := f_slot
+        }
+    }
+}
+// ----
+// DeclarationError: (84-90): Identifier not found.
-- 
cgit v1.2.3


From 05cc7e79e1bf484c71ce93510fbfbf2c3e415cc6 Mon Sep 17 00:00:00 2001
From: Alex Beregszaszi <alex@rtfs.hu>
Date: Tue, 7 Aug 2018 13:17:56 +0100
Subject: More precise error message if using non-variables with _slot/_offset

---
 libsolidity/analysis/ReferencesResolver.cpp                       | 2 --
 libsolidity/analysis/TypeChecker.cpp                              | 8 +++++++-
 .../syntaxTests/inlineAssembly/storage_reference_on_function.sol  | 2 +-
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/libsolidity/analysis/ReferencesResolver.cpp b/libsolidity/analysis/ReferencesResolver.cpp
index b888ecd6..5458c1b0 100644
--- a/libsolidity/analysis/ReferencesResolver.cpp
+++ b/libsolidity/analysis/ReferencesResolver.cpp
@@ -262,8 +262,6 @@ bool ReferencesResolver::visit(InlineAssembly const& _inlineAssembly)
 				return size_t(-1);
 			}
 			declarations = m_resolver.nameFromCurrentScope(realName);
-			if (!dynamic_cast<VariableDeclaration const*>(declarations.front()))
-				return size_t(-1);
 		}
 		if (declarations.size() != 1)
 			return size_t(-1);
diff --git a/libsolidity/analysis/TypeChecker.cpp b/libsolidity/analysis/TypeChecker.cpp
index 7cec7c43..d98d6af1 100644
--- a/libsolidity/analysis/TypeChecker.cpp
+++ b/libsolidity/analysis/TypeChecker.cpp
@@ -867,6 +867,7 @@ bool TypeChecker::visit(InlineAssembly const& _inlineAssembly)
 			return size_t(-1);
 		Declaration const* declaration = ref->second.declaration;
 		solAssert(!!declaration, "");
+		bool requiresStorage = ref->second.isSlot || ref->second.isOffset;
 		if (auto var = dynamic_cast<VariableDeclaration const*>(declaration))
 		{
 			if (var->isConstant())
@@ -874,7 +875,7 @@ bool TypeChecker::visit(InlineAssembly const& _inlineAssembly)
 				m_errorReporter.typeError(_identifier.location, "Constant variables not supported by inline assembly.");
 				return size_t(-1);
 			}
-			else if (ref->second.isSlot || ref->second.isOffset)
+			else if (requiresStorage)
 			{
 				if (!var->isStateVariable() && !var->type()->dataStoredIn(DataLocation::Storage))
 				{
@@ -906,6 +907,11 @@ bool TypeChecker::visit(InlineAssembly const& _inlineAssembly)
 				return size_t(-1);
 			}
 		}
+		else if (requiresStorage)
+		{
+			m_errorReporter.typeError(_identifier.location, "The suffixes _offset and _slot can only be used on storage variables.");
+			return size_t(-1);
+		}
 		else if (_context == julia::IdentifierContext::LValue)
 		{
 			m_errorReporter.typeError(_identifier.location, "Only local variables can be assigned to in inline assembly.");
diff --git a/test/libsolidity/syntaxTests/inlineAssembly/storage_reference_on_function.sol b/test/libsolidity/syntaxTests/inlineAssembly/storage_reference_on_function.sol
index 6838e7a4..9165654f 100644
--- a/test/libsolidity/syntaxTests/inlineAssembly/storage_reference_on_function.sol
+++ b/test/libsolidity/syntaxTests/inlineAssembly/storage_reference_on_function.sol
@@ -6,4 +6,4 @@ contract C {
     }
 }
 // ----
-// DeclarationError: (84-90): Identifier not found.
+// TypeError: (84-90): The suffixes _offset and _slot can only be used on storage variables.
-- 
cgit v1.2.3