Merge develop into release for 0.4.23

.travis.yml

@@ -159,7 +159,8 @@ cache:
 install:
     - test $SOLC_INSTALL_DEPS_TRAVIS != On || (scripts/install_deps.sh)
     - test "$TRAVIS_OS_NAME" != "linux" || (scripts/install_cmake.sh)
-#    - if [ "$TRAVIS_BRANCH" != release -a -z "$TRAVIS_TAG" ]; then SOLC_TESTS=Off; fi
+    # Disable tests unless run on the release branch, on tags or with daily cron
+    #- if [ "$TRAVIS_BRANCH" != release -a -z "$TRAVIS_TAG" -a "$TRAVIS_EVENT_TYPE" != cron ]; then SOLC_TESTS=Off; fi
     - SOLC_TESTS=Off
     - if [ "$TRAVIS_BRANCH" = release -o -n "$TRAVIS_TAG" ]; then echo -n > prerelease.txt; else date -u +"nightly.%Y.%-m.%-d" > prerelease.txt; fi
     - echo -n "$TRAVIS_COMMIT" > commit_hash.txt

CMakeLists.txt

@@ -8,7 +8,7 @@ include(EthPolicy)
 eth_policy()
 
 # project name and version should be set after cmake_policy CMP0048
-set(PROJECT_VERSION "0.4.22")
+set(PROJECT_VERSION "0.4.23")
 project(solidity VERSION ${PROJECT_VERSION})
 
 option(SOLC_LINK_STATIC "Link solc executable statically on supported platforms" OFF)

Changelog.md

@@ -1,3 +1,16 @@
+### 0.4.23 (2018-04-19)
+
+Features:
+ * Build system: Support Ubuntu Bionic.
+ * SMTChecker: Integration with CVC4 SMT solver
+ * Syntax Checker: Warn about functions named "constructor".
+
+Bugfixes:
+ * Type Checker: Improve error message for failed function overload resolution.
+ * Type Checker: Do not complain about new-style constructor and fallback function to have the same name.
+ * Type Checker: Detect multiple constructor declarations in the new syntax and old syntax.
+ * Type Checker: Explicit conversion of ``bytesXX`` to ``contract`` is properly disallowed.
+
 ### 0.4.22 (2018-04-16)
 
 Features:
@@ -25,7 +38,6 @@ Features:
  * Syntax Tests: Add source locations to syntax test expectations.
  * Type Checker: Improve documentation and warnings for accessing contract members inherited from ``address``.
 
-
 Bugfixes:
  * Code Generator: Allow ``block.blockhash`` without being called.
  * Code Generator: Do not include internal functions in the runtime bytecode which are only referenced in the constructor.

README.md

@@ -14,6 +14,6 @@ Solidity is still under development. So please do not hesitate and open an [issu
 See the [Solidity documentation](https://solidity.readthedocs.io/en/latest/installing-solidity.html#building-from-source) for build instructions.
 
 ## How to Contribute
-Please see our contribution guidelines in [the Solidity documentation](https://solidity.readthedocs.io/en/latest/contributing.html).
+Please see our [contribution guidelines](https://solidity.readthedocs.io/en/latest/contributing.html) in the Solidity documentation.
 
 Any contributions are welcome!

ReleaseChecklist.md

@@ -1,15 +1,16 @@
 Checklist for making a release:
 
- - [ ] Check that all "nextrelease" issues and pull requests are merged to ``develop``.
- - [ ] Create a commit in ``develop`` that updates the ``Changelog`` to include a release date (run the tests locally to update the bug list).
+ - [ ] Ensure that a Github project exists for the release.
+ - [ ] Check that all issues and pull requests from the Github project to be released are merged to ``develop``.
+ - [ ] Create a commit in ``develop`` that updates the ``Changelog`` to include a release date (run ``./scripts/tests.sh`` to update the bug list). Sort the changelog entries alphabetically and correct any errors you notice.
  - [ ] Create a pull request and wait for the tests, merge it.
  - [ ] Create a pull request from ``develop`` to ``release``, wait for the tests, then merge it.
  - [ ] Make a final check that there are no platform-dependency issues in the ``solc-test-bytecode`` repository.
  - [ ] Wait for the tests for the commit on ``release``, create a release in Github, creating the tag.
  - [ ] Thank voluntary contributors in the Github release page (use ``git shortlog -s -n -e origin/release..origin/develop``).
  - [ ] Wait for the CI runs on the tag itself (they should push artefacts onto the Github release page).
  - [ ] Run ``scripts/release_ppa.sh release`` to create the PPA release (you need the relevant openssl key).
- - [ ] Check that the Docker release was pushed to Docker Hub (this still seems to have problems).
+ - [ ] Check that the Docker release was pushed to Docker Hub (this still seems to have problems, run ``./scripts/docker_deploy_manual.sh release``).
  - [ ] Update the homebrew realease in https://github.com/ethereum/homebrew-ethereum/blob/master/solidity.rb (version and hash)
  - [ ] Update the default version on readthedocs.
  - [ ] Make a release of ``solc-js``: Increment the version number, create a pull request for that, merge it after tests succeeded.

cmake/EthCompilerSettings.cmake

@@ -43,27 +43,6 @@ if (("${CMAKE_CXX_COMPILER_ID}" MATCHES "GNU") OR ("${CMAKE_CXX_COMPILER_ID}" MA
 	# TODO - Track down what breaks if we do NOT do this.
 	add_compile_options(-Wno-unknown-pragmas)
 
-	# To get the code building on FreeBSD and Arch Linux we seem to need the following
-	# warning suppression to work around some issues in Boost headers.
-	#
-	# See the following reports:
-	#     https://github.com/ethereum/webthree-umbrella/issues/384
-	#     https://github.com/ethereum/webthree-helpers/pull/170
-	#
-	# The issue manifest as warnings-as-errors like the following:
-	#
-	#     /usr/local/include/boost/multiprecision/cpp_int.hpp:181:4: error:
-	#         right operand of shift expression '(1u << 63u)' is >= than the precision of the left operand
-	#
-	# -fpermissive is a pretty nasty way to address this.   It is described as follows:
-	#
-	#    Downgrade some diagnostics about nonconformant code from errors to warnings.
-	#    Thus, using -fpermissive will allow some nonconforming code to compile.
-	#
-	# NB: Have to use this form for the setting, so that it only applies to C++ builds.
-	# Applying -fpermissive to a C command-line (ie. secp256k1) gives a build error.
-	set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fpermissive")
-
 	# Configuration-specific compiler settings.
 	set(CMAKE_CXX_FLAGS_DEBUG          "-O0 -g -DETH_DEBUG")
 	set(CMAKE_CXX_FLAGS_MINSIZEREL     "-Os -DNDEBUG")
@@ -82,18 +61,6 @@ if (("${CMAKE_CXX_COMPILER_ID}" MATCHES "GNU") OR ("${CMAKE_CXX_COMPILER_ID}" MA
 
 	# Additional Clang-specific compiler settings.
 	elseif ("${CMAKE_CXX_COMPILER_ID}" MATCHES "Clang")
-
-		# A couple of extra warnings suppressions which we seemingly
-		# need when building with Clang.
-		#
-		# TODO - Nail down exactly where these warnings are manifesting and
-		# try to suppress them in a more localized way.   Notes in this file
-		# indicate that the first is needed for sepc256k1 and that the
-		# second is needed for the (clog, cwarn) macros.  These will need
-		# testing on at least OS X and Ubuntu.
-		add_compile_options(-Wno-unused-function)
-		add_compile_options(-Wno-dangling-else)
-
 		if ("${CMAKE_SYSTEM_NAME}" MATCHES "Darwin")
 			# Set stack size to 16MB - by default Apple's clang defines a stack size of 8MB, some tests require more.
 			set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,-stack_size -Wl,0x1000000")

cmake/FindCVC4.cmake

@@ -0,0 +1,4 @@
+find_path(CVC4_INCLUDE_DIR cvc4/cvc4.h)
+find_library(CVC4_LIBRARY NAMES cvc4 )
+include(FindPackageHandleStandardArgs)
+find_package_handle_standard_args(CVC4 DEFAULT_MSG CVC4_LIBRARY CVC4_INCLUDE_DIR)

cmake/FindGMP.cmake

@@ -0,0 +1,3 @@
+find_library(GMP_LIBRARY NAMES gmp )
+include(FindPackageHandleStandardArgs)
+find_package_handle_standard_args(GMP DEFAULT_MSG GMP_LIBRARY)

docs/bugs.json

@@ -1,4 +1,12 @@
 [
+    {
+        "name": "OneOfTwoConstructorsSkipped",
+        "summary": "If a contract has both a new-style constructor (using the constructor keyword) and an old-style constructor (a function with the same name as the contract) at the same time, one of them will be ignored.",
+        "description": "If a contract has both a new-style constructor (using the constructor keyword) and an old-style constructor (a function with the same name as the contract) at the same time, one of them will be ignored. There will be a compiler warning about the old-style constructor, so contracts only using new-style constructors are fine.",
+        "introduced": "0.4.22",
+        "fixed": "0.4.23",
+        "severity": "very low"
+    },
     {
         "name": "ZeroFunctionSelector",
         "summary": "It is possible to craft the name of a function such that it is executed instead of the fallback function in very specific circumstances.",

docs/bugs_by_version.json

@@ -423,9 +423,15 @@
         "released": "2018-03-07"
     }, 
     "0.4.22": {
-        "bugs": [], 
+        "bugs": [
+            "OneOfTwoConstructorsSkipped"
+        ], 
         "released": "2018-04-16"
     }, 
+    "0.4.23": {
+        "bugs": [], 
+        "released": "2018-04-19"
+    }, 
     "0.4.3": {
         "bugs": [
             "ZeroFunctionSelector", 

docs/security-considerations.rst

@@ -225,9 +225,6 @@ Minor Details
 =============
 
 - In ``for (var i = 0; i < arrayName.length; i++) { ... }``, the type of ``i`` will be ``uint8``, because this is the smallest type that is required to hold the value ``0``. If the array has more than 255 elements, the loop will not terminate.
-- The ``constant`` keyword for functions is currently not enforced by the compiler.
-  Furthermore, it is not enforced by the EVM, so a contract function that "claims"
-  to be constant might still cause changes to the state.
 - Types that do not occupy the full 32 bytes might contain "dirty higher order bits".
   This is especially important if you access ``msg.data`` - it poses a malleability risk:
   You can craft transactions that call a function ``f(uint8 x)`` with a raw byte argument
@@ -239,6 +236,22 @@ Minor Details
 Recommendations
 ***************
 
+Take Warnings Seriously
+=======================
+
+If the compiler warns you about something, you should better change it.
+Even if you do not think that this particular warning has security
+implications, there might be another issue buried beneath it.
+Any compiler warning we issue can be silenced by slight changes to the
+code.
+
+Also try to enable the "0.5.0" safety features as early as possible
+by adding ``pragma experimental "v0.5.0";``. Note that in this case,
+the word ``experimental`` does not mean that the safety features are in any
+way risky, it is just a way to enable some features that are
+not yet part of the latest version of Solidity due to backwards
+compatibility.
+
 Restrict the Amount of Ether
 ============================
 

libdevcore/JSON.cpp

@@ -27,6 +27,11 @@
 
 using namespace std;
 
+static_assert(
+	(JSONCPP_VERSION_MAJOR == 1) && (JSONCPP_VERSION_MINOR == 7) && (JSONCPP_VERSION_PATCH == 7),
+	"Unexpected jsoncpp version: " JSONCPP_VERSION_STRING ". Expecting 1.7.7."
+);
+
 namespace dev
 {
 

libsolidity/CMakeLists.txt

@@ -6,15 +6,35 @@ find_package(Z3 QUIET)
 if (${Z3_FOUND})
   include_directories(${Z3_INCLUDE_DIR})
   add_definitions(-DHAVE_Z3)
-  message("Z3 SMT solver found. This enables optional SMT checking.")
+  message("Z3 SMT solver found. This enables optional SMT checking with Z3.")
+  list(REMOVE_ITEM sources "${CMAKE_CURRENT_SOURCE_DIR}/formal/CVC4Interface.cpp")
 else()
-  message("Z3 SMT solver NOT found. Optional SMT checking will not be available. Please install Z3 if it is desired.")
   list(REMOVE_ITEM sources "${CMAKE_CURRENT_SOURCE_DIR}/formal/Z3Interface.cpp")
+  find_package(GMP QUIET)
+  find_package(CVC4 QUIET)
+  if (${CVC4_FOUND})
+    if (${GMP_FOUND})
+      include_directories(${CVC4_INCLUDE_DIR})
+      add_definitions(-DHAVE_CVC4)
+      message("CVC4 SMT solver and GMP found. This enables optional SMT checking with CVC4.")
+    else()
+      message("CVC4 SMT solver found but its dependency GMP was NOT found. Optional SMT checking with CVC4 will not be available. Please install GMP if it is desired.")
+      list(REMOVE_ITEM sources "${CMAKE_CURRENT_SOURCE_DIR}/formal/CVC4Interface.cpp")
+    endif()
+  else()
+    message("No SMT solver found (Z3 or CVC4). Optional SMT checking will not be available. Please install Z3 or CVC4 if it is desired.")
+    list(REMOVE_ITEM sources "${CMAKE_CURRENT_SOURCE_DIR}/formal/CVC4Interface.cpp")
+  endif()
 endif()
 
 add_library(solidity ${sources} ${headers})
 target_link_libraries(solidity PUBLIC evmasm devcore)
 
 if (${Z3_FOUND})
   target_link_libraries(solidity PUBLIC ${Z3_LIBRARY})
-endif()
+endif()
+
+if (${CVC4_FOUND} AND ${GMP_FOUND})
+  target_link_libraries(solidity PUBLIC ${CVC4_LIBRARY})
+  target_link_libraries(solidity PUBLIC ${GMP_LIBRARY})
+endif()

libsolidity/analysis/SyntaxChecker.cpp

@@ -237,8 +237,13 @@ bool SyntaxChecker::visit(FunctionDefinition const& _function)
 		if (v050)
 			m_errorReporter.syntaxError(_function.location(), "Functions without implementation cannot have modifiers.");
 		else
-			m_errorReporter.warning( _function.location(), "Modifiers of functions without implementation are ignored." );
+			m_errorReporter.warning(_function.location(), "Modifiers of functions without implementation are ignored." );
 	}
+	if (_function.name() == "constructor")
+		m_errorReporter.warning(_function.location(),
+			"This function is named \"constructor\" but is not the constructor of the contract. "
+			"If you intend this to be a constructor, use \"constructor(...) { ... }\" without the \"function\" keyword to define it."
+		);
 	return true;
 }