Not sure on adding constraints for bools after all. Sounds nice and easy and probably worthwhile for bool vars, but then what about var a: bool[100] or var a: { bool, { bool[10], { { bool, bool, bool }, bool } } };..? The former would add 100 new constraints and the latter would require constraints with a bunch of TupleAccesses which may boil down in ASM but then may not.
So I'm trying to think of problems that could arise and/or be exploited if a bool var was 2. The only thing I can think of is if someone multiplied a bool by a factor, e.g., b as int * 10 expecting either 0 or 10 and if b was 2 they'd get 20. So perhaps the answer is to disallow casting from bool to integer. But maybe there are other vulnerabilities?
Not sure on adding constraints for bools after all. Sounds nice and easy and probably worthwhile for bool vars, but then what about
var a: bool[100]orvar a: { bool, { bool[10], { { bool, bool, bool }, bool } } };..? The former would add 100 new constraints and the latter would require constraints with a bunch ofTupleAccesseswhich may boil down in ASM but then may not.So I'm trying to think of problems that could arise and/or be exploited if a bool var was 2. The only thing I can think of is if someone multiplied a bool by a factor, e.g.,
b as int * 10expecting either0or10and ifbwas 2 they'd get20. So perhaps the answer is to disallow casting from bool to integer. But maybe there are other vulnerabilities?Originally posted by @otrho in https://github.com/essential-contributions/pint/issues/729#issuecomment-2212873482