The old transformation for conditional throw jumps (conditional jumps with the target pointing to an invalid statement) was broken and this resulted in dead code. This PR introduces a fix me and @iliastsa wrote for it.
Issue/fix explanation
The issue of the old code was that because the target of the JUMPI statement was an invalid statement causing the halting of the program's execution, the valid continuation of the control flow was the fallthrough of the JUMPI statement. However the new statements were inserted after the same JUMPI statement, effectively overriding the old fallthrough, resulting in unreachable code.
The fix is more complex than the code it replaces because it needs to insert two generated blocks relative to that JUMPI statement.
Effect
We checked the effect of this fix in 3 datasets:
4k recent/fresh contracts: 12 new blocks reachable out of 1133407 total reachable
2k contracts from the memory modeling dataset: 6029 new blocks reachable out of 448522 total reachable (1.3%)
800 old contracts with value (ethscrape dataset): 15260 new blocks reachable out of 287139 total reachable (5.3%)
It seems that this is a pattern no longer produced by the solidity compiler but it can cause a pretty significant increase in coverage for old contracts.
Overview
The old transformation for conditional throw jumps (conditional jumps with the target pointing to an invalid statement) was broken and this resulted in dead code. This PR introduces a fix me and @iliastsa wrote for it.
Issue/fix explanation
The issue of the old code was that because the target of the
JUMPIstatement was an invalid statement causing the halting of the program's execution, the valid continuation of the control flow was the fallthrough of theJUMPIstatement. However the new statements were inserted after the sameJUMPIstatement, effectively overriding the old fallthrough, resulting in unreachable code.The fix is more complex than the code it replaces because it needs to insert two generated blocks relative to that
JUMPIstatement.Effect
We checked the effect of this fix in 3 datasets:
It seems that this is a pattern no longer produced by the solidity compiler but it can cause a pretty significant increase in coverage for old contracts.