diff --git a/Changelog.md b/Changelog.md index 71cff3e1f37d..a3dfc541d174 100644 --- a/Changelog.md +++ b/Changelog.md @@ -28,6 +28,7 @@ Bugfixes: * SMTChecker: Fix error that reports invalid number of verified checks for BMC and CHC engines. * SMTChecker: Fix formatting of unary minus expressions in invariants. * SMTChecker: Fix internal compiler error when reporting proved targets for BMC engine. + * SMTChecker: Fix SMT logic error when assigning to an array of contracts or functions. * TypeChecker: Fix segfault when assigning nested tuple to tuple. * Yul AST: Fix ``nativeSrc`` attributes in optimized IR AST referring to locations in unoptimized IR. * Yul IR Code Generation: Deterministic order of Yul subobjects. diff --git a/libsolidity/formal/SymbolicTypes.cpp b/libsolidity/formal/SymbolicTypes.cpp index 350e18bdcf77..4a4ac8175f08 100644 --- a/libsolidity/formal/SymbolicTypes.cpp +++ b/libsolidity/formal/SymbolicTypes.cpp @@ -110,6 +110,14 @@ SortPointer smtSort(frontend::Type const& _type) // in the tuple's name. if (auto tupleSort = std::dynamic_pointer_cast(array->range)) tupleName = tupleSort->name; + else if (isContract(*baseType)) + // use a common sort for contracts so inheriting contracts do not cause conflicting SMT types + // solc handles types mismtach + tupleName = "contract"; + else if (isFunction(*baseType)) + // use a common sort for functions so pure and view modifier do not cause conflicting SMT types + // solc handles types mismtach + tupleName = "function"; else if ( baseType->category() == frontend::Type::Category::Integer || baseType->category() == frontend::Type::Category::FixedPoint diff --git a/test/libsolidity/smtCheckerTests/types/array_of_contracts.sol b/test/libsolidity/smtCheckerTests/types/array_of_contracts.sol new file mode 100644 index 000000000000..89d2420323e3 --- /dev/null +++ b/test/libsolidity/smtCheckerTests/types/array_of_contracts.sol @@ -0,0 +1,17 @@ +contract A {} + +contract B is A {} + +contract C { + A[10] a; + B[10] b; + + function f() public returns(address) { + a = b; + return address(a[0]); + } +} +// ==== +// SMTEngine: all +// ---- +// Info 1391: CHC: 1 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them. diff --git a/test/libsolidity/smtCheckerTests/types/array_of_functions.sol b/test/libsolidity/smtCheckerTests/types/array_of_functions.sol new file mode 100644 index 000000000000..58a73d4ced53 --- /dev/null +++ b/test/libsolidity/smtCheckerTests/types/array_of_functions.sol @@ -0,0 +1,16 @@ +contract C { + function() external returns(uint)[1] a; + + function b() external pure returns(uint) { + return 1; + } + + function test() public returns(uint) { + a = [this.b]; + return a[0](); + } +} +// ==== +// SMTEngine: all +// ---- +// Info 1391: CHC: 1 verification condition(s) proved safe! Enable the model checker option "show proved safe" to see all of them.