Skip to content

Commit

Permalink
fix bad abi encoding in createBytes4
Browse files Browse the repository at this point in the history
  • Loading branch information
karmacoma-eth committed Jul 23, 2024
1 parent fcadd92 commit d2826fc
Show file tree
Hide file tree
Showing 3 changed files with 43 additions and 6 deletions.
2 changes: 1 addition & 1 deletion src/halmos/cheatcodes.py
Original file line number Diff line number Diff line change
Expand Up @@ -188,7 +188,7 @@ def create_string(ex, arg):

def create_bytes4(ex, arg):
name = name_of(extract_string_argument(arg, 0))
return uint256(create_generic(ex, 32, name, "bytes4"))
return Concat(create_generic(ex, 32, name, "bytes4"), con(0, size_bits=224))


def create_bytes32(ex, arg):
Expand Down
11 changes: 10 additions & 1 deletion tests/expected/all.json
Original file line number Diff line number Diff line change
Expand Up @@ -931,14 +931,23 @@
"num_bounded_loops": null
},
{
"name": "check_createBytes4()",
"name": "check_createBytes4_basic()",
"exitcode": 0,
"num_models": 0,
"models": null,
"num_paths": null,
"time": null,
"num_bounded_loops": null
},
{
"name": "check_createBytes4_finds_selector()",
"exitcode": 1,
"num_models": 1,
"models": null,
"num_paths": null,
"time": null,
"num_bounded_loops": null
},
{
"name": "check_createInt()",
"exitcode": 0,
Expand Down
36 changes: 32 additions & 4 deletions tests/regression/test/HalmosCheatCode.t.sol
Original file line number Diff line number Diff line change
@@ -1,9 +1,16 @@
// SPDX-License-Identifier: AGPL-3.0
pragma solidity >=0.8.0 <0.9.0;

import "forge-std/Test.sol";
import {SymTest} from "halmos-cheatcodes/SymTest.sol";

contract HalmosCheatCodeTest is SymTest {
contract Beep {
function boop() public pure returns (uint256) {
return 42;
}
}

contract HalmosCheatCodeTest is SymTest, Test {
function check_createUint() public {
uint x = svm.createUint(256, 'x');
uint y = svm.createUint(160, 'y');
Expand Down Expand Up @@ -52,14 +59,35 @@ contract HalmosCheatCodeTest is SymTest {
assert(0 <= y && y <= type(uint256).max);
}

function check_createBytes4() public {
function check_createBytes4_basic() public {
bytes4 x = svm.createBytes4('x');

uint256 r;
assembly {
r := returndatasize()
}
assert(r == 32);

uint256 x_uint = uint256(uint32(x));
assert(0 <= x_uint && x_uint <= type(uint32).max);
assertLe(x_uint, type(uint32).max);
uint y; assembly { y := x }
assert(0 <= y && y <= type(uint256).max);
assertLe(y, type(uint256).max);
}

/// @dev we expect a counterexample
/// (meaning that createBytes4 is able to find the selector for boop())
function check_createBytes4_finds_selector() public {
Beep beep = new Beep();

bytes4 selector = svm.createBytes4("selector");
(bool succ, bytes memory ret) = address(beep).call(abi.encode(selector));
vm.assume(succ);
uint256 val = abi.decode(ret, (uint256));

assertNotEq(val, 42);
}


function check_createAddress() public {
address x = svm.createAddress('x');
uint y; assembly { y := x }
Expand Down

0 comments on commit d2826fc

Please sign in to comment.