Open drortirosh opened 2 years ago
Hi @drortirosh , thanks for the issue!
The tool does in fact recognize the extra require, but:
It is unfortunate that such a small property becomes a complicated problem behind the scenes. If you switch the require to an arithmetic instead of a bitwise operation you might have better luck.
The following sample is based on the standard "overflow" sample of the SMTChecker. There is an added "require" which makes sure the addition can never overflow - but the SMTChecker doesn't recognize it.
running the normal
solc overflow.sol --model-checker-targets "underflow,overflow" --model-checker-engine all --model-checker-show-unproved
Fails and claims that "Overflow can happen here" with parameter_y = 2**256 - 1
The SMT failed to see that checking an "OR'ed" value is equivalent to checking them separately (actually, I compare them to type(uint128).max, which mean I can even multiply them without overflow..