Implement assert() #1678
Implement assert() #1678
Conversation
|
I think this shouldn't be a breaking change given we allow user methods to shadow globals. (Even with the other PR it will only be a warning.) |
| case Location::Assert: | ||
| { | ||
| arguments.front()->accept(*this); | ||
| utils().convertType(*arguments.front()->annotation().type, *function.parameterTypes().front(), true); |
There was a problem hiding this comment.
You can actually use false here.
|
@chriseth Updated both. |
Changelog.md
Outdated
| @@ -1,6 +1,7 @@ | |||
| ### 0.4.10 (unreleased) | |||
|
|
|||
| Features: | |||
| * Add ``assert(condition)`` to abort execution. | |||
There was a problem hiding this comment.
This is a bit too sloppy (people might stop reading here). What about:
Add ``assert(condition)``, which throws if condition is false.
There was a problem hiding this comment.
I can change these late today. Can you approve it? Would like to merge it before the weekend.
docs/miscellaneous.rst
Outdated
| @@ -460,6 +460,7 @@ Global Variables | |||
| - ``ecrecover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) returns (address)``: recover address associated with the public key from elliptic curve signature, return zero on error | |||
| - ``addmod(uint x, uint y, uint k) returns (uint)``: compute ``(x + y) % k`` where the addition is performed with arbitrary precision and does not wrap around at ``2**256`` | |||
| - ``mulmod(uint x, uint y, uint k) returns (uint)``: compute ``(x * y) % k`` where the multiplication is performed with arbitrary precision and does not wrap around at ``2**256`` | |||
| - ``assert(bool condition)``: throws if the condition is not met | |||
|
@axic @chriseth Could you please provide some more information about why you decided to treat assert-statements similar to throw-statements by encoding them using revert instructions? Based on an earlier discussion (#1598) it would seem more natural to me to treat assertions like runtime errors (e.g., division by zero) by encoding them using invalid instructions. Just to provide some background, I'm working on a formal analysis tool for EVM bytecode and it would be very useful if errors (i.e., implicit or explicit assertion violations) could be distinguished from parameter validation (i.e., explicit throws or assumption/precondition violations in the verification community). |
|
@wuestholz thanks for your input and for closely following the progress here! I indeed spent some thoughts on this but it seems not enough :-) So the idea would be that safety conditions are violated if and only if |
|
Please see #1702 |
|
|
|
@axic @chriseth Thank you very much for the quick reply! It seems like there are certain discrepancies here. I believe my view is consistent with what @chriseth wrote above. All errors or violations of safety conditions would use @chriseth What exactly do you mean by failed calls? For instance, does this include calls that run out of gas? Another way to express such input validation would be a precondition or an assume-statement: I understand the point about providing some indication of what went wrong (e.g., using a message). I think this would be nice for both errors and throws/reverts. The cleanest solution might be to advocate an |
|
My motivation was to use Then again we could think about having:
I don't see the possibility to introducing an
Note, |
|
assume / assert sounds good. @axic your comment about not being able to specify a message only concerns messages where callers might react to automatically. If you want to provide a message to the user, you can do that also with an invalid opcode: |
|
@chriseth @axic Great that If deprecating |
Implement #1130.