search

ethereum / solidity

Solidity, the Smart Contract Programming Language
https://soliditylang.org
GNU General Public License v3.0
23.05k stars 5.7k forks source link

[SMTChecker] Unreachable code inside a loop with if statement and break statement in its body is not detected #14218

Open pgebal opened 1 year ago

pgebal commented 1 year ago

Environment

Steps to Reproduce

Use the following standard json settings file:

{
    "language": "Solidity",
    "sources": {
        "C.sol": {
            "urls": ["./C.sol"]
        }
    },
    "settings": {
        "modelChecker": {
            "contracts": {
                "C.sol": ["C"]
            },
            "engine": "bmc",
            "showUnproved": true,
            "solvers": ["z3"],
            "targets": ["assert"]
        }
    }
}

to compile the following contract

contract C {
        function f() public pure {
            uint x = 0;
            while (x < 3) {
                if (x >= 0) {
                    ++x;
                    break;
                }
                ++x;
            }
            assert(x == 1);
        }
    }

unreachable code in line 9 is not reported.

pgebal commented 1 week ago

I've given a bad example. It's not about any unreachable code. It's about when a conditation or an assert is used in unreachable code. Example:

contract C {
        function f() public pure {
            uint x = 0;
            while (x < 3) {
                if (x >= 0) {
                    ++x;
                    break;
                }
                if (x == 1)
                             x == 2;
            }
            assert(x == 1);
        }
    }

Then condition in line 9 should be reported as unreachable.