diff --git a/libsolidity/AST.cpp b/libsolidity/AST.cpp index 179461152..c37e8c374 100644 --- a/libsolidity/AST.cpp +++ b/libsolidity/AST.cpp @@ -603,7 +603,17 @@ void MemberAccess::checkTypeRequirements() if (!m_type) BOOST_THROW_EXCEPTION(createTypeError("Member \"" + *m_memberName + "\" not found or not " "visible in " + type.toString())); - m_isLValue = (type.getCategory() == Type::Category::Struct); + // This should probably move somewhere else. + if (type.getCategory() == Type::Category::Struct) + m_isLValue = true; + else if (type.getCategory() == Type::Category::Array) + { + auto const& arrayType(dynamic_cast(type)); + m_isLValue = (*m_memberName == "length" && + arrayType.getLocation() != ArrayType::Location::CallData && arrayType.isDynamicallySized()); + } + else + m_isLValue = false; } void IndexAccess::checkTypeRequirements() diff --git a/libsolidity/CompilerContext.cpp b/libsolidity/CompilerContext.cpp index 01a71d7c9..8d32a1a53 100644 --- a/libsolidity/CompilerContext.cpp +++ b/libsolidity/CompilerContext.cpp @@ -40,7 +40,12 @@ void CompilerContext::addMagicGlobal(MagicVariableDeclaration const& _declaratio void CompilerContext::addStateVariable(VariableDeclaration const& _declaration) { m_stateVariables[&_declaration] = m_stateVariablesSize; - m_stateVariablesSize += _declaration.getType()->getStorageSize(); + bigint newSize = bigint(m_stateVariablesSize) + _declaration.getType()->getStorageSize(); + if (newSize >= bigint(1) << 256) + BOOST_THROW_EXCEPTION(TypeError() + << errinfo_comment("State variable does not fit in storage.") + << errinfo_sourceLocation(_declaration.getLocation())); + m_stateVariablesSize = u256(newSize); } void CompilerContext::startFunction(Declaration const& _function) diff --git a/libsolidity/ExpressionCompiler.cpp b/libsolidity/ExpressionCompiler.cpp index 94f65b93f..183864ec7 100644 --- a/libsolidity/ExpressionCompiler.cpp +++ b/libsolidity/ExpressionCompiler.cpp @@ -534,19 +534,25 @@ void ExpressionCompiler::endVisit(MemberAccess const& _memberAccess) { solAssert(member == "length", "Illegal array member."); auto const& type = dynamic_cast(*_memberAccess.getExpression().getType()); - solAssert(type.isByteArray(), "Non byte arrays not yet implemented here."); - switch (type.getLocation()) + if (!type.isDynamicallySized()) { - case ArrayType::Location::CallData: - m_context << eth::Instruction::SWAP1 << eth::Instruction::POP; - break; - case ArrayType::Location::Storage: - m_context << eth::Instruction::SLOAD; - break; - default: - solAssert(false, "Unsupported array location."); - break; + CompilerUtils(m_context).popStackElement(type); + m_context << type.getLength(); } + else + switch (type.getLocation()) + { + case ArrayType::Location::CallData: + m_context << eth::Instruction::SWAP1 << eth::Instruction::POP; + break; + case ArrayType::Location::Storage: + m_currentLValue = LValue(m_context, LValue::LValueType::Storage, _memberAccess.getType()); + m_currentLValue.retrieveValueIfLValueNotRequested(_memberAccess); + break; + default: + solAssert(false, "Unsupported array location."); + break; + } break; } default: @@ -559,19 +565,55 @@ bool ExpressionCompiler::visit(IndexAccess const& _indexAccess) _indexAccess.getBaseExpression().accept(*this); Type const& baseType = *_indexAccess.getBaseExpression().getType(); - solAssert(baseType.getCategory() == Type::Category::Mapping, ""); - Type const& keyType = *dynamic_cast(baseType).getKeyType(); - m_context << u256(0); - solAssert(_indexAccess.getIndexExpression(), "Index expression expected."); - appendExpressionCopyToMemory(keyType, *_indexAccess.getIndexExpression()); - solAssert(baseType.getSizeOnStack() == 1, - "Unexpected: Not exactly one stack slot taken by subscriptable expression."); - m_context << eth::Instruction::SWAP1; - appendTypeMoveToMemory(IntegerType(256)); - m_context << u256(0) << eth::Instruction::SHA3; - - m_currentLValue = LValue(m_context, LValue::LValueType::Storage, _indexAccess.getType()); - m_currentLValue.retrieveValueIfLValueNotRequested(_indexAccess); + if (baseType.getCategory() == Type::Category::Mapping) + { + Type const& keyType = *dynamic_cast(baseType).getKeyType(); + m_context << u256(0); + solAssert(_indexAccess.getIndexExpression(), "Index expression expected."); + appendExpressionCopyToMemory(keyType, *_indexAccess.getIndexExpression()); + solAssert(baseType.getSizeOnStack() == 1, + "Unexpected: Not exactly one stack slot taken by subscriptable expression."); + m_context << eth::Instruction::SWAP1; + appendTypeMoveToMemory(IntegerType(256)); + m_context << u256(0) << eth::Instruction::SHA3; + m_currentLValue = LValue(m_context, LValue::LValueType::Storage, _indexAccess.getType()); + m_currentLValue.retrieveValueIfLValueNotRequested(_indexAccess); + } + else if (baseType.getCategory() == Type::Category::Array) + { + ArrayType const& arrayType = dynamic_cast(baseType); + solAssert(arrayType.getLocation() == ArrayType::Location::Storage, + "TODO: Index acces only implemented for storage arrays."); + solAssert(!arrayType.isByteArray(), "TODO: Index acces not implemented for byte arrays."); + solAssert(_indexAccess.getIndexExpression(), "Index expression expected."); + + _indexAccess.getIndexExpression()->accept(*this); + // retrieve length + if (arrayType.isDynamicallySized()) + m_context << eth::Instruction::DUP2 << eth::Instruction::SLOAD; + else + m_context << arrayType.getLength(); + // stack: + // check out-of-bounds access + m_context << eth::Instruction::DUP2 << eth::Instruction::LT; + eth::AssemblyItem legalAccess = m_context.appendConditionalJump(); + // out-of-bounds access throws exception (just STOP for now) + m_context << eth::Instruction::STOP; + + m_context << legalAccess; + // stack: + m_context << arrayType.getBaseType()->getStorageSize() << eth::Instruction::MUL; + if (arrayType.isDynamicallySized()) + { + m_context << eth::Instruction::SWAP1; + CompilerUtils(m_context).computeHashStatic(); + } + m_context << eth::Instruction::ADD; + m_currentLValue = LValue(m_context, LValue::LValueType::Storage, _indexAccess.getType()); + m_currentLValue.retrieveValueIfLValueNotRequested(_indexAccess); + } + else + solAssert(false, "Index access only allowed for mappings or arrays."); return false; } @@ -1049,7 +1091,7 @@ void ExpressionCompiler::LValue::retrieveValue(Location const& _location, bool _ { case LValueType::Stack: { - unsigned stackPos = m_context->baseToCurrentStackOffset(unsigned(m_baseStackOffset)); + unsigned stackPos = m_context->baseToCurrentStackOffset(m_baseStackOffset); if (stackPos >= 15) //@todo correct this by fetching earlier or moving to memory BOOST_THROW_EXCEPTION(CompilerError() << errinfo_sourceLocation(_location) << errinfo_comment("Stack too deep.")); @@ -1098,7 +1140,7 @@ void ExpressionCompiler::LValue::storeValue(Type const& _sourceType, Location co { case LValueType::Stack: { - unsigned stackDiff = m_context->baseToCurrentStackOffset(unsigned(m_baseStackOffset)) - m_size + 1; + unsigned stackDiff = m_context->baseToCurrentStackOffset(m_baseStackOffset) - m_size + 1; if (stackDiff > 16) BOOST_THROW_EXCEPTION(CompilerError() << errinfo_sourceLocation(_location) << errinfo_comment("Stack too deep.")); @@ -1201,7 +1243,7 @@ void ExpressionCompiler::LValue::setToZero(Location const& _location) const { case LValueType::Stack: { - unsigned stackDiff = m_context->baseToCurrentStackOffset(unsigned(m_baseStackOffset)); + unsigned stackDiff = m_context->baseToCurrentStackOffset(m_baseStackOffset); if (stackDiff > 16) BOOST_THROW_EXCEPTION(CompilerError() << errinfo_sourceLocation(_location) << errinfo_comment("Stack too deep.")); diff --git a/libsolidity/Types.cpp b/libsolidity/Types.cpp index c0be0d93e..adcd2e542 100644 --- a/libsolidity/Types.cpp +++ b/libsolidity/Types.cpp @@ -555,6 +555,19 @@ bool ArrayType::operator==(Type const& _other) const return other.m_location == m_location; } +u256 ArrayType::getStorageSize() const +{ + if (isDynamicallySized()) + return 1; + else + { + bigint size = bigint(getLength()) * getBaseType()->getStorageSize(); + if (size >= bigint(1) << 256) + BOOST_THROW_EXCEPTION(TypeError() << errinfo_comment("Array too large for storage.")); + return max(1, u256(size)); + } +} + unsigned ArrayType::getSizeOnStack() const { if (m_location == Location::CallData) @@ -665,10 +678,12 @@ bool StructType::operator==(Type const& _other) const u256 StructType::getStorageSize() const { - u256 size = 0; + bigint size = 0; for (pair const& member: getMembers()) size += member.second->getStorageSize(); - return max(1, size); + if (size >= bigint(1) << 256) + BOOST_THROW_EXCEPTION(TypeError() << errinfo_comment("Struct too large for storage.")); + return max(1, u256(size)); } bool StructType::canLiveOutsideStorage() const diff --git a/libsolidity/Types.h b/libsolidity/Types.h index 0d24b7221..9961f03a3 100644 --- a/libsolidity/Types.h +++ b/libsolidity/Types.h @@ -303,6 +303,7 @@ public: virtual TypePointer unaryOperatorResult(Token::Value _operator) const override; virtual bool operator==(const Type& _other) const override; virtual bool isDynamicallySized() const { return m_hasDynamicLength; } + virtual u256 getStorageSize() const override; virtual unsigned getSizeOnStack() const override; virtual std::string toString() const override; virtual MemberList const& getMembers() const override { return s_arrayTypeMemberList; } diff --git a/test/SolidityEndToEndTest.cpp b/test/SolidityEndToEndTest.cpp index b63e9ad46..f52b52d1c 100644 --- a/test/SolidityEndToEndTest.cpp +++ b/test/SolidityEndToEndTest.cpp @@ -2667,6 +2667,107 @@ BOOST_AUTO_TEST_CASE(bytes_in_arguments) == encodeArgs(12, (8 + 9) * 3, 13, u256(innercalldata1.length()))); } +BOOST_AUTO_TEST_CASE(fixed_arrays_in_storage) +{ + char const* sourceCode = R"( + contract c { + struct Data { uint x; uint y; } + Data[2**10] data; + uint[2**10 + 3] ids; + function setIDStatic(uint id) { ids[2] = id; } + function setID(uint index, uint id) { ids[index] = id; } + function setData(uint index, uint x, uint y) { data[index].x = x; data[index].y = y; } + function getID(uint index) returns (uint) { return ids[index]; } + function getData(uint index) returns (uint x, uint y) { x = data[index].x; y = data[index].y; } + function getLengths() returns (uint l1, uint l2) { l1 = data.length; l2 = ids.length; } + } + )"; + compileAndRun(sourceCode); + BOOST_CHECK(callContractFunction("setIDStatic(uint256)", 11) == bytes()); + BOOST_CHECK(callContractFunction("getID(uint256)", 2) == encodeArgs(11)); + BOOST_CHECK(callContractFunction("setID(uint256,uint256)", 7, 8) == bytes()); + BOOST_CHECK(callContractFunction("getID(uint256)", 7) == encodeArgs(8)); + BOOST_CHECK(callContractFunction("setData(uint256,uint256,uint256)", 7, 8, 9) == bytes()); + BOOST_CHECK(callContractFunction("setData(uint256,uint256,uint256)", 8, 10, 11) == bytes()); + BOOST_CHECK(callContractFunction("getData(uint256)", 7) == encodeArgs(8, 9)); + BOOST_CHECK(callContractFunction("getData(uint256)", 8) == encodeArgs(10, 11)); + BOOST_CHECK(callContractFunction("getLengths()") == encodeArgs(u256(1) << 10, (u256(1) << 10) + 3)); +} + +BOOST_AUTO_TEST_CASE(dynamic_arrays_in_storage) +{ + char const* sourceCode = R"( + contract c { + struct Data { uint x; uint y; } + Data[] data; + uint[] ids; + function setIDStatic(uint id) { ids[2] = id; } + function setID(uint index, uint id) { ids[index] = id; } + function setData(uint index, uint x, uint y) { data[index].x = x; data[index].y = y; } + function getID(uint index) returns (uint) { return ids[index]; } + function getData(uint index) returns (uint x, uint y) { x = data[index].x; y = data[index].y; } + function getLengths() returns (uint l1, uint l2) { l1 = data.length; l2 = ids.length; } + function setLengths(uint l1, uint l2) { data.length = l1; ids.length = l2; } + } + )"; + compileAndRun(sourceCode); + BOOST_CHECK(callContractFunction("getLengths()") == encodeArgs(0, 0)); + BOOST_CHECK(callContractFunction("setLengths(uint256,uint256)", 48, 49) == bytes()); + BOOST_CHECK(callContractFunction("getLengths()") == encodeArgs(48, 49)); + BOOST_CHECK(callContractFunction("setIDStatic(uint256)", 11) == bytes()); + BOOST_CHECK(callContractFunction("getID(uint256)", 2) == encodeArgs(11)); + BOOST_CHECK(callContractFunction("setID(uint256,uint256)", 7, 8) == bytes()); + BOOST_CHECK(callContractFunction("getID(uint256)", 7) == encodeArgs(8)); + BOOST_CHECK(callContractFunction("setData(uint256,uint256,uint256)", 7, 8, 9) == bytes()); + BOOST_CHECK(callContractFunction("setData(uint256,uint256,uint256)", 8, 10, 11) == bytes()); + BOOST_CHECK(callContractFunction("getData(uint256)", 7) == encodeArgs(8, 9)); + BOOST_CHECK(callContractFunction("getData(uint256)", 8) == encodeArgs(10, 11)); +} + +BOOST_AUTO_TEST_CASE(fixed_out_of_bounds_array_access) +{ + char const* sourceCode = R"( + contract c { + uint[4] data; + function set(uint index, uint value) returns (bool) { data[index] = value; return true; } + function get(uint index) returns (uint) { return data[index]; } + function length() returns (uint) { return data.length; } + } + )"; + compileAndRun(sourceCode); + BOOST_CHECK(callContractFunction("length()") == encodeArgs(4)); + BOOST_CHECK(callContractFunction("set(uint256,uint256)", 3, 4) == encodeArgs(true)); + BOOST_CHECK(callContractFunction("set(uint256,uint256)", 4, 5) == bytes()); + BOOST_CHECK(callContractFunction("set(uint256,uint256)", 400, 5) == bytes()); + BOOST_CHECK(callContractFunction("get(uint256)", 3) == encodeArgs(4)); + BOOST_CHECK(callContractFunction("get(uint256)", 4) == bytes()); + BOOST_CHECK(callContractFunction("get(uint256)", 400) == bytes()); + BOOST_CHECK(callContractFunction("length()") == encodeArgs(4)); +} + +BOOST_AUTO_TEST_CASE(dynamic_out_of_bounds_array_access) +{ + char const* sourceCode = R"( + contract c { + uint[] data; + function enlarge(uint amount) returns (uint) { return data.length += amount; } + function set(uint index, uint value) returns (bool) { data[index] = value; return true; } + function get(uint index) returns (uint) { return data[index]; } + function length() returns (uint) { return data.length; } + } + )"; + compileAndRun(sourceCode); + BOOST_CHECK(callContractFunction("length()") == encodeArgs(0)); + BOOST_CHECK(callContractFunction("get(uint256)", 3) == bytes()); + BOOST_CHECK(callContractFunction("enlarge(uint256)", 4) == encodeArgs(4)); + BOOST_CHECK(callContractFunction("length()") == encodeArgs(4)); + BOOST_CHECK(callContractFunction("set(uint256,uint256)", 3, 4) == encodeArgs(true)); + BOOST_CHECK(callContractFunction("get(uint256)", 3) == encodeArgs(4)); + BOOST_CHECK(callContractFunction("length()") == encodeArgs(4)); + BOOST_CHECK(callContractFunction("set(uint256,uint256)", 4, 8) == bytes()); + BOOST_CHECK(callContractFunction("length()") == encodeArgs(4)); +} + BOOST_AUTO_TEST_SUITE_END() }