Merge pull request #2219 from ethereum/develop

Release for version 0.4.11

Author: chriseth

.gitignore

@@ -1,5 +1,5 @@
-.commit_hash.txt
-.prerelease.txt
+commit_hash.txt
+prerelease.txt
 
 # Compiled Object files
 *.slo

.travis.yml

@@ -44,6 +44,7 @@ env:
         - SOLC_INSTALL_DEPS_TRAVIS=On
         - SOLC_RELEASE=On
         - SOLC_TESTS=On
+        - SOLC_STOREBYTECODE=Off
         - SOLC_DOCKER=Off
 
 matrix:
@@ -61,13 +62,15 @@ matrix:
           compiler: gcc
           env:
               - ZIP_SUFFIX=ubuntu-trusty
+              - SOLC_STOREBYTECODE=On
 
         - os: linux
           dist: trusty
           sudo: required
           compiler: clang
           env:
               - ZIP_SUFFIX=ubuntu-trusty-clang
+              - SOLC_STOREBYTECODE=On
 
         # Documentation target, which generates documentation using Phoenix / ReadTheDocs.
         - os: linux
@@ -113,6 +116,8 @@ matrix:
               - SOLC_INSTALL_DEPS_TRAVIS=Off
               - SOLC_RELEASE=Off
               - SOLC_TESTS=Off
+              - ZIP_SUFFIX=emscripten
+              - SOLC_STOREBYTECODE=On
 
         # OS X Mavericks (10.9)
         # https://en.wikipedia.org/wiki/OS_X_Mavericks
@@ -175,18 +180,20 @@ cache:
 install:
     - test $SOLC_INSTALL_DEPS_TRAVIS != On || (scripts/install_deps.sh)
     - test "$TRAVIS_OS_NAME" != "linux" || (scripts/install_cmake.sh)
+    - if [ "$TRAVIS_BRANCH" = release ]; then echo -n > prerelease.txt; else date -u +"nightly.%Y.%-m.%-d" > prerelease.txt; fi
     - echo -n "$TRAVIS_COMMIT" > commit_hash.txt
-    - test $SOLC_DOCKER != On || (docker build -t ethereum/solc:build -f scripts/Dockerfile .)
 
 before_script:
     - test $SOLC_EMSCRIPTEN != On || (scripts/build_emscripten.sh)
+    - test $SOLC_DOCKER != On || (scripts/docker_build.sh)
     - test $SOLC_RELEASE != On || (scripts/build.sh $SOLC_BUILD_TYPE
       && scripts/release.sh $ZIP_SUFFIX
       && scripts/create_source_tarball.sh)
 
 script:
     - test $SOLC_DOCS != On || (scripts/docs.sh)
     - test $SOLC_TESTS != On || (cd $TRAVIS_BUILD_DIR && scripts/tests.sh)
+    - test $SOLC_STOREBYTECODE != On || (cd $TRAVIS_BUILD_DIR && scripts/bytecodecompare/storebytecode.sh)
 
 deploy:
     # This is the deploy target for the Emscripten build.
@@ -223,11 +230,8 @@ deploy:
 
       overwrite: true
       file_glob: true
-      file:
-          - $TRAVIS_BUILD_DIR/solidity*.zip
-          - $TRAVIS_BUILD_DIR/solidity*tar.gz
+      file: $TRAVIS_BUILD_DIR/upload/*
       skip_cleanup: true
       on:
           all_branches: true
           tags: true
-          condition: $SOLC_RELEASE == On

CMakeLists.txt

@@ -8,7 +8,7 @@ include(EthPolicy)
 eth_policy()
 
 # project name and version should be set after cmake_policy CMP0048
-set(PROJECT_VERSION "0.4.10")
+set(PROJECT_VERSION "0.4.11")
 project(solidity VERSION ${PROJECT_VERSION})
 
 # Let's find our dependencies

Changelog.md

@@ -1,3 +1,27 @@
+### 0.4.11 (2017-05-03)
+
+Features:
+ * Implement the Standard JSON Input / Output API
+ * Support ``interface`` contracts.
+ * C API (``jsonCompiler``): Add the ``compileStandard()`` method to process a Standard JSON I/O.
+ * Commandline interface: Add the ``--standard-json`` parameter to process a Standard JSON I/O.
+ * Commandline interface: Support ``--allow-paths`` to define trusted import paths. Note: the
+   path(s) of the supplied source file(s) is always trusted.
+ * Inline Assembly: Storage variable access using ``_slot`` and ``_offset`` suffixes.
+ * Inline Assembly: Disallow blocks with unbalanced stack.
+ * Static analyzer: Warn about statements without effects.
+ * Static analyzer: Warn about unused local variables, parameters, and return parameters.
+ * Syntax checker: issue deprecation warning for unary '+'
+
+Bugfixes:
+ * Assembly output: Implement missing AssemblyItem types.
+ * Compiler interface: Fix a bug where source indexes could be inconsistent between Solidity compiled
+   with different compilers (clang vs. gcc) or compiler settings. The bug was visible in AST
+   and source mappings.
+ * Gas Estimator: Reflect the most recent fee schedule.
+ * Type system: Contract inheriting from base with unimplemented constructor should be abstract.
+ * Optimizer: Number representation bug in the constant optimizer fixed.
+
 ### 0.4.10 (2017-03-15)
 
 Features:

appveyor.yml

@@ -34,6 +34,10 @@ branches:
 os: Visual Studio 2015
 configuration:
     - RelWithDebInfo
+environment:
+  # This is used for pushing to solidity-test-bytecodes
+  priv_key:
+    secure: yYGwg4rhCdHfwuv2mFjaNEDwAx3IKUbp0D5fMGpaKefnfk+BiMS5bqSHRiOj91PZ91P9pUk2Vu+eNuS4hTFCf1zFGfrOhlJ4Ij0xSyU5m/LQr590Mo+f7W94Xc8ubgo6j2hp9qH/szTqTzmAkmxKO5TLlWjVzVny2t/s5o5UprLS1/MdzDNLjpVNXR03oKfdWUV9a2l6+PejXCbqyUCagh6BByZqeAPbDcil6eAfxu4EPX83Fuurof+KqFzIWycBG5qK1pTipn2pxiA0QKuUrD8y8VNL0S23NTgxoxSp7nPVMd3K0qRSzPM5lrqS7Z8i3evkVwPbuhu0gSiV08jGVahH2snQ3JGYsH2D4KmVn/xiVBeJ0lRplYlfZF0GUu7iJ+DDxi6wBPhW9A25/NyD/mx7Ub2dLheyWi8AjdSCzhfRD+4We8FQQeHRo3Q0kAohFmlCXdXhrcwOOloId8r6xYwg+hWxHTt2Oe9CKwXfmiPjgl/Gd6lYgLpyyfJ8drQ6tjO/pybLEa10v74qYNdVW5LaLIsRUM9Jm/FDVTrOGYtPndi87mF+/tBJIaXXNz0EMl5xvsKW0SBfUMV49zoDDKZZgWyO9U/cfViEUi7Sdn9QLsBWLZfSgBQNkq3WGZVKPq58OxEWT9dUghQHlSVh2qWF/NUx0TRBjiJl9JM56ENTMD00y18eDcXNCeLLVYB+R1axabUPdXivrO+BrWQK94IWxKEJ+YYN8WVJWAO5T/EBDKwgiXGneePwJ75WP7XCLtuYxqjC+CeW3xBVCzCEeZB/VVBvt7fhmtcoeZZ6tAS10h0yY5WWZ/EUVorj+c/FrMm7Nlpcrd1p4hciffePSLVg+yvy9/xTuM9trYWMgj4xcDQbYsaeItHO2Z3EiUoCgNdUw6rONiNwS/XBApWhCcklWm0/g62h2gOa7/hnKG6p2omQzYw+cOzWbF9+DBzoTSXXZXqbUshVee+CD+iYJKleGYSdbMdM89HW4HyskHk6HgM1ggE8CsgD1pMhXtqLTYZBlvsZCBkHPkD9NhGD2DtrNOmJOW8xwkL2/Il6roDF4n856XNdsjvd++rvQoKr58SkyApCJeCo3sfVres0W22g+7If2b2kWC4/DphrFkeaceFzJOctBUrwstvQBXIVOcadU978A3E7jvTaMR4JL9kC/iPOUVNjNRNM/gNvTlf3CIyMMszFeftjEBGnCZaSpht2RtNapRQQb6QPkOP88nufQVZq/TP1ECmvdTUWJ7kSnAupu6u8oH2x2IIm/KKeIwSYU5rGxjRb36DwgXCHcwfRYo3VNorwTeZGj4q1TSM9PuvgzNg//gKZW6VRa+HdNm/40ZGpDsOrr55tOBqfpq9k5RmevqW/OMZS3xUuArKdYLQY75t9eWcbHSgFN2ZY1KEdyEEvVKgs6Q4lEnSSulGxroRxTU5BOoA0V4tCeCUoSPD3FB93WsO9fBPzNsqOuBtDdIkApefzc1pT38uKpmVfggKUsoWUdqMXAWqCDWr2uw9EE900RJpEY6mIEWhkcro5LAMwaqByOGpqFFUkH+UWTC102eVHEmjxKpC6c6cSzoKKU6Ckd+jVRFO7TvmVe1MKCwjXj8lcAfAM2gQ+XehtrQdIBhAmCrnzurfz2u9tKVdpiADC1ig+kMs1/HX2713LYVXzDKdk+duQ94SVtGv9F2Iv+KN5oq4UFgll6VGt7GHsJOrYYf/wrOfB09IkpmjNygvcpmmSdcXXF8ulDD6KHTGEGUlFwLOpEwKx+zX2ZvviStHhN8KsoTKSVSueDmSSI63HdTS7FxfrHJc1yAzsdqEN5g5eV/z2Fn34qy64mdFSAZMF5zsbWZYFpc9ef3llF5aRcuD90JWT2VC7rB2jeGEtiwGkDlqKzxqRvJk06wTK6+n5RncN66bDaksulOPJMAR/bRW7dinV8T6yIvybuhqDetxJQP6eyAnW4xr1YxIAG4BXGZV6XAPTgOG2oGvMdncxkcLQHXVu07x39ySqP/m2MBxn0zF3DmaqrSPIRMhS8gG3d/23Jux3YHDEOBHjdJSdwqs5F5+QBFPV2rmJnpcSoW4d3M119XI20L914c62R7wY4e6+qmi3ydQU9g6p8psZgaE3TuMsyzX3k4C30nC/3gWT+zl253NjZwfbzIdHu5LWNDY9kEHtKzLP
 # NB: Appveyor cache is disabled, because it is proving very unreliable.
 # We can re-enable it when we find a way to mitigate the unreliability
 # issues.  Have automated builds be reliable is the more important thing.
@@ -43,7 +47,14 @@ configuration:
 #init:
 #    - ps: iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))
 install:
+    - ps: $fileContent = "-----BEGIN RSA PRIVATE KEY-----`n"
+    - ps: $fileContent += $env:priv_key.Replace(' ', "`n")
+    - ps: $fileContent += "`n-----END RSA PRIVATE KEY-----`n"
+    - ps: Set-Content c:\users\appveyor\.ssh\id_rsa $fileContent
     - git submodule update --init --recursive
+    - ps: $prerelease = "nightly."
+    - ps: $prerelease += Get-Date -format "yyyy.M.d"
+    - ps: Set-Content prerelease.txt $prerelease
     - scripts/install_deps.bat
     - set ETHEREUM_DEPS_PATH=%APPVEYOR_BUILD_FOLDER%\deps\install
 before_build:
@@ -54,15 +65,12 @@ build_script:
     - msbuild solidity.sln /p:Configuration=%CONFIGURATION% /m:%NUMBER_OF_PROCESSORS% /v:minimal
     - cd %APPVEYOR_BUILD_FOLDER%
     - scripts\release.bat %CONFIGURATION%
+    - scripts\bytecodecompare\storebytecode.bat %CONFIGURATION% %APPVEYOR_REPO_COMMIT%
 
 test_script:
     - cd %APPVEYOR_BUILD_FOLDER%
-    - cd deps\install\x64\eth
-    - ps: $ethProc = Start-Process eth.exe --test
-    - ps: Start-Sleep -s 100
     - cd %APPVEYOR_BUILD_FOLDER%\build\test\%CONFIGURATION%
-    - copy "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\redist\x86\Microsoft.VC140.CRT\msvc*.dll" .
-    - soltest.exe --show-progress -- --ipcpath \\.\pipe\geth.ipc
+    - soltest.exe --show-progress -- --no-ipc
 
 artifacts:
     - path: solidity-windows.zip

docs/assembly.rst

@@ -11,7 +11,7 @@ differs from standalone assembly and then specify assembly itself.
 
 TODO: Write about how scoping rules of inline assembly are a bit different
 and the complications that arise when for example using internal functions
-of libraries. Furhermore, write about the symbols defined by the compiler.
+of libraries. Furthermore, write about the symbols defined by the compiler.
 
 Inline Assembly
 ===============
@@ -29,7 +29,7 @@ arising when writing manual assembly by the following features:
 * labels: ``let x := 10  repeat: x := sub(x, 1) jumpi(repeat, eq(x, 0))``
 * loops: ``for { let i := 0 } lt(i, x) { i := add(i, 1) } { y := mul(2, y) }``
 * switch statements: ``switch x case 0: { y := mul(x, 2) } default: { y := 0 }``
-* function calls: ``function f(x) -> (y) { switch x case 0: { y := 1 } default: { y := mul(x, f(sub(x, 1))) }   }``
+* function calls: ``function f(x) -> y { switch x case 0: { y := 1 } default: { y := mul(x, f(sub(x, 1))) }   }``
 
 .. note::
     Of the above, loops, function calls and switch statements are not yet implemented.
@@ -323,9 +323,12 @@ Access to External Variables and Functions
 ------------------------------------------
 
 Solidity variables and other identifiers can be accessed by simply using their name.
-For storage and memory variables, this will push the address and not the value onto the
-stack. Also note that non-struct and non-array storage variable addresses occupy two slots
-on the stack: One for the address and one for the byte offset inside the storage slot.
+For memory variables, this will push the address and not the value onto the
+stack. Storage variables are different: Values in storage might not occupy a
+full storage slot, so their "address" is composed of a slot and a byte-offset
+inside that slot. To retrieve the slot pointed to by the variable ``x``, you
+used ``x_slot`` and to retrieve the byte-offset you used ``x_offset``.
+
 In assignments (see below), we can even use local Solidity variables to assign to.
 
 Functions external to inline assembly can also be accessed: The assembly will
@@ -340,17 +343,13 @@ changes during the call, and thus references to local variables will be wrong.
 
 .. code::
 
-    pragma solidity ^0.4.0;
+    pragma solidity ^0.4.11;
 
     contract C {
         uint b;
         function f(uint x) returns (uint r) {
             assembly {
-                b pop // remove the offset, we know it is zero
-                sload
-                x
-                mul
-                =: r  // assign to return variable r
+                r := mul(x, sload(b_slot)) // ignore the offset, we know it is zero
             }
         }
     }
@@ -567,7 +566,7 @@ The following example implements the power function by square-and-multiply.
 .. code::
 
     assembly {
-        function power(base, exponent) -> (result) {
+        function power(base, exponent) -> result {
             switch exponent
             0: { result := 1 }
             1: { result := base }
@@ -702,12 +701,12 @@ The following assembly will be generated::
       }
       default: { jump(invalidJumpLabel) }
       // memory allocator
-      function $allocate(size) -> (pos) {
+      function $allocate(size) -> pos {
         pos := mload(0x40)
         mstore(0x40, add(pos, size))
       }
       // the contract function
-      function f(x) -> (y) {
+      function f(x) -> y {
         y := 1
         for { let i := 0 } lt(i, x) { i := add(i, 1) } {
           y := mul(2, y)

docs/bugs.json

@@ -0,0 +1,103 @@
+[
+    {
+        "name": "ConstantOptimizerSubtraction",
+        "summary": "In some situations, the optimizer replaces certain numbers in the code with routines that compute different numbers.",
+        "description": "The optimizer tries to represent any number in the bytecode by routines that compute them with less gas. For some special numbers, an incorrect routine is generated. This could allow an attacker to e.g. trick victims about a specific amount of ether, or function calls to call different functions (or none at all).",
+        "link": "https://blog.ethereum.org/2017/05/03/solidity-optimizer-bug/",
+        "fixed": "0.4.11",
+        "severity": "low",
+        "conditions": {
+            "optimizer": true
+        }
+    },
+    {
+        "name": "IdentityPrecompileReturnIgnored",
+        "summary": "Failure of the identity precompile was ignored.",
+        "description": "Calls to the identity contract, which is used for copying memory, ignored its return value. On the public chain, calls to the identity precompile can be made in a way that they never fail, but this might be different on private chains.",
+        "severity": "low",
+        "fixed": "0.4.7"
+    },
+    {
+        "name": "OptimizerStateKnowledgeNotResetForJumpdest",
+        "summary": "The optimizer did not properly reset its internal state at jump destinations, which could lead to data corruption.",
+        "description": "The optimizer performs symbolic execution at certain stages. At jump destinations, multiple code paths join and thus it has to compute a common state from the incoming edges. Computing this common state was simplified to just use the empty state, but this implementation was not done properly. This bug can cause data corruption.",
+        "severity": "medium",
+        "introduced": "0.4.5",
+        "fixed": "0.4.6",
+        "conditions": {
+            "optimizer": true
+        }
+    },
+    {
+        "name": "HighOrderByteCleanStorage",
+        "summary": "For short types, the high order bytes were not cleaned properly and could overwrite existing data.",
+        "description": "Types shorter than 32 bytes are packed together into the same 32 byte storage slot, but storage writes always write 32 bytes. For some types, the higher order bytes were not cleaned properly, which made it sometimes possible to overwrite a variable in storage when writing to another one.",
+        "link": "https://blog.ethereum.org/2016/11/01/security-alert-solidity-variables-can-overwritten-storage/",
+        "severity": "high",
+        "introduced": "0.1.6",
+        "fixed": "0.4.4"
+    },
+    {
+        "name": "OptimizerStaleKnowledgeAboutSHA3",
+        "summary": "The optimizer did not properly reset its knowledge about SHA3 operations resulting in some hashes (also used for storage variable positions) not being calculated correctly.",
+        "description": "The optimizer performs symbolic execution in order to save re-evaluating expressions whose value is already known. This knowledge was not properly reset across control flow paths and thus the optimizer sometimes thought that the result of a SHA3 operation is already present on the stack. This could result in data corruption by accessing the wrong storage slot.",
+        "severity": "medium",
+        "fixed": "0.4.3",
+        "conditions": {
+            "optimizer": true
+        }
+    },
+    {
+        "name": "LibrariesNotCallableFromPayableFunctions",
+        "summary": "Library functions threw an exception when called from a call that received Ether.",
+        "description": "Library functions are protected against sending them Ether through a call. Since the DELEGATECALL opcode forwards the information about how much Ether was sent with a call, the library function incorrectly assumed that Ether was sent to the library and threw an exception.",
+        "severity": "low",
+        "introduced": "0.4.0",
+        "fixed": "0.4.2"
+    },
+    {
+        "name": "SendFailsForZeroEther",
+        "summary": "The send function did not provide enough gas to the recipient if no Ether was sent with it.",
+        "description": "The recipient of an Ether transfer automatically receives a certain amount of gas from the EVM to handle the transfer. In the case of a zero-transfer, this gas is not provided which causes the recipient to throw an exception.",
+        "severity": "low",
+        "fixed": "0.4.0"
+    },
+    {
+        "name": "DynamicAllocationInfiniteLoop",
+        "summary": "Dynamic allocation of an empty memory array caused an infinite loop and thus an exception.",
+        "description": "Memory arrays can be created provided a length. If this length is zero, code was generated that did not terminate and thus consumed all gas.",
+        "severity": "low",
+        "fixed": "0.3.6"
+    },
+    {
+        "name": "OptimizerClearStateOnCodePathJoin",
+        "summary": "The optimizer did not properly reset its internal state at jump destinations, which could lead to data corruption.",
+        "description": "The optimizer performs symbolic execution at certain stages. At jump destinations, multiple code paths join and thus it has to compute a common state from the incoming edges. Computing this common state was not done correctly. This bug can cause data corruption, but it is probably quite hard to use for targeted attacks.",
+        "severity": "low",
+        "fixed": "0.3.6",
+        "conditions": {
+            "optimizer": true
+        }
+    },
+    {
+        "name": "CleanBytesHigherOrderBits",
+        "summary": "The higher order bits of short bytesNN types were not cleaned before comparison.",
+        "description": "Two variables of type bytesNN were considered different if their higher order bits, which are not part of the actual value, were different. An attacker might use this to reach seemingly unreachable code paths by providing incorrectly formatted input data.",
+        "severity": "medium/high",
+        "fixed": "0.3.3"
+    },
+    {
+        "name": "ArrayAccessCleanHigherOrderBits",
+        "summary": "Access to array elements for arrays of types with less than 32 bytes did not correctly clean the higher order bits, causing corruption in other array elements.",
+        "description": "Multiple elements of an array of values that are shorter than 17 bytes are packed into the same storage slot. Writing to a single element of such an array did not properly clean the higher order bytes and thus could lead to data corruption.",
+        "severity": "medium/high",
+        "fixed": "0.3.1"
+    },
+    {
+        "name": "AncientCompiler",
+        "summary": "This compiler version is ancient and might contain several undocumented or undiscovered bugs.",
+        "description": "The list of bugs is only kept for compiler versions starting from 0.3.0, so older versions might contain undocumented bugs.",
+        "severity": "high",
+        "fixed": "0.3.0"
+    }
+]