Skip to content

Fixes u256 overflow in logical shift optimization rule and adds tests. #6248

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 13, 2019
Merged

Fixes u256 overflow in logical shift optimization rule and adds tests. #6248

merged 1 commit into from
Mar 13, 2019

Conversation

bshastry
Copy link
Contributor

Description

(closes #6246 )

This PR fixes incorrect shift optimization due to u256 overflow in the addition of shift sizes.

Checklist

  • Code compiles correctly
  • All tests are passing
  • New tests have been created which fail without the change (if possible)
  • README / documentation was extended, if necessary
  • Changelog entry (if change is visible to the user)
  • Used meaningful commit messages

@bshastry bshastry requested a review from axic March 12, 2019 13:24
axic
axic reviewed Mar 12, 2019
View reviewed changes
libevmasm/RuleList.h Outdated
@@ -46,6 +46,11 @@ template <class S> S modWorkaround(S const& _a, S const& _b)
return (S)(bigint(_a) % bigint(_b));
}

template <class S> S minOfu256Add(S const& _a, S const& _b, S const& _c)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please move to libdevcore/CommonData.h after bigintShiftLeftWorkaround.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are you sure that this makes a nice helper function? It's rather cryptic - I don't think it's apparent what it does without looking at the implementation. And it's not like we're working around a bug in boost here or something like that...

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I also think it should just be inlined.

axic
axic requested changes Mar 12, 2019
View reviewed changes
Copy link
Member

@axic axic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add a changelog and a buglist entry.

Also include it in the end to end tests (where the other shift combinations are).

@chriseth
Copy link
Contributor

It's currently not possible to test this in the end to end tests. I will fix that.

@chriseth
Copy link
Contributor

Ah sorry, I confused this with the peephole optimizer. Of course it is possible to test these via the execution framework.

axic
axic reviewed Mar 12, 2019
View reviewed changes
axic
axic reviewed Mar 12, 2019
View reviewed changes
test/libsolidity/SolidityEndToEndTest.cpp
@@ -15109,11 +15109,21 @@ BOOST_AUTO_TEST_CASE(bitwise_shifting_constantinople_combined)
c := shl(0xd0, shl(0x40, a))
}
}
function shl_combined_overflow(uint a) public returns (uint c) {
assembly {
c := shl(0x01, shl(not(0x00), a))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think there is a need for these, just supply a large value in callContractFunction below.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't understand - it only works for constants. Supply a large value where?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought it has two inputs, sorry.

@bshastry bshastry force-pushed the shiftopt-fix-overflow branch from e0000f9 to 3b55767 Compare March 12, 2019 15:07
@codecov
Copy link

codecov bot commented Mar 12, 2019
edited
Loading

Codecov Report

Merging #6248 into develop will decrease coverage by <.01%.
The diff coverage is 0%.

Impacted file tree graph

@@             Coverage Diff             @@
##           develop    #6248      +/-   ##
===========================================
- Coverage    26.76%   26.76%   -0.01%     
===========================================
  Files          381      381              
  Lines        36573    36577       +4     
  Branches      4336     4336              
===========================================
  Hits          9789     9789              
- Misses       26115    26119       +4     
  Partials       669      669
Flag Coverage Δ
#syntax 26.76% <0%> (-0.01%) ⬇️

@chriseth chriseth force-pushed the shiftopt-fix-overflow branch 3 times, most recently from 21b7a96 to fa693e2 Compare March 12, 2019 15:43
@codecov
Copy link

codecov bot commented Mar 12, 2019
edited
Loading

Codecov Report

Merging #6248 into develop will decrease coverage by <.01%.
The diff coverage is 0%.

Impacted file tree graph

@@             Coverage Diff             @@
##           develop    #6248      +/-   ##
===========================================
- Coverage    26.76%   26.76%   -0.01%     
===========================================
  Files          381      381              
  Lines        36573    36577       +4     
  Branches      4336     4336              
===========================================
  Hits          9789     9789              
- Misses       26115    26119       +4     
  Partials       669      669
Flag Coverage Δ
#syntax 26.76% <0%> (-0.01%) ⬇️

axic
axic reviewed Mar 12, 2019
View reviewed changes
docs/bugs.json Outdated
"name": "DoubleShiftSizeOverflow",
"summary": "Double bitwise shifts by large constants whose sum overflows 256 bits can result in unexpected values.",
"description": "Nested logical shift operations whose total shift size is 2**256 or more are incorrectly optimized. This only applies to shifts by numbers of bits that are compile-time constant expressions.",
"introduced": "0.5.5",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indentation?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Weird, I thought I fixed it...

chriseth
chriseth reviewed Mar 12, 2019
View reviewed changes
@chriseth chriseth force-pushed the shiftopt-fix-overflow branch from fa693e2 to 2e46df7 Compare March 12, 2019 15:52
bshastry
bshastry commented Mar 12, 2019
View reviewed changes
Copy link
Contributor Author

@bshastry bshastry left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the yulOptimizer tests may fail on homestead

@chriseth chriseth force-pushed the shiftopt-fix-overflow branch from 2e46df7 to 34c6cbe Compare March 12, 2019 16:13
@codecov
Copy link

codecov bot commented Mar 12, 2019
edited
Loading

Codecov Report

Merging #6248 into develop will increase coverage by <.01%.
The diff coverage is 91.66%.

Impacted file tree graph

@@             Coverage Diff             @@
##           develop    #6248      +/-   ##
===========================================
+ Coverage    87.96%   87.96%   +<.01%     
===========================================
  Files          381      381              
  Lines        36779    36801      +22     
  Branches      4336     4340       +4     
===========================================
+ Hits         32353    32373      +20     
  Misses        2952     2952              
- Partials      1474     1476       +2
Flag Coverage Δ
#all 87.96% <91.66%> (ø) ⬆️
#syntax 26.75% <8.33%> (-0.02%) ⬇️

@chriseth chriseth force-pushed the shiftopt-fix-overflow branch from 34c6cbe to 7b5f784 Compare March 12, 2019 21:01
@chriseth
Copy link
Contributor

Changed severity to "low". The situation is comparable to ConstantOptimizerSubtraction.

@chriseth chriseth force-pushed the shiftopt-fix-overflow branch from 7b5f784 to d725b0f Compare March 12, 2019 21:04
ekpyron
ekpyron requested changes Mar 12, 2019
View reviewed changes
@chriseth chriseth force-pushed the shiftopt-fix-overflow branch from d725b0f to 515fa87 Compare March 13, 2019 10:19
@chriseth
Copy link
Contributor

Updated.

ekpyron
ekpyron approved these changes Mar 13, 2019
View reviewed changes
Copy link
Member

@ekpyron ekpyron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I hope I'm not missing something else, but I think it's fine now :-).

@chriseth chriseth merged commit 58a3f3c into develop Mar 13, 2019
@axic axic deleted the shiftopt-fix-overflow branch March 13, 2019 11:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@axic axic axic requested changes

@chriseth chriseth chriseth left review comments

@ekpyron ekpyron ekpyron approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

u256 overflow in logical shift optimization rule leads to incorrect computation
4 participants
@bshastry @chriseth @axic @ekpyron