Merge pull request #8616 from ethereum/develop

Merge develop into release for 0.6.5

Author: chriseth

.circleci/config.yml

@@ -122,6 +122,10 @@ defaults:
       name: command line tests
       command: ./test/cmdlineTests.sh
 
+  - run_docs_pragma_min_version: &run_docs_pragma_min_version
+      name: docs pragma version check
+      command: ./scripts/docs_version_pragma_check.sh
+
   - test_ubuntu1604_clang: &test_ubuntu1604_clang
       docker:
         - image: ethereum/solidity-buildpack-deps:ubuntu1604-clang-ossfuzz-<< pipeline.parameters.ubuntu-1604-clang-ossfuzz-docker-image-rev >>
@@ -303,6 +307,18 @@ jobs:
           name: Linting Python Scripts
           command: ./scripts/pylint_all.py
 
+  chk_antlr_grammar:
+    docker:
+      - image: buildpack-deps:eoan
+    steps:
+      - checkout
+      - run:
+          name: Install Java
+          command: apt -q update && apt install -y openjdk-14-jdk
+      - run:
+          name: Run tests
+          command: ./scripts/test_antlr_grammar.sh
+
   chk_buglist:
     docker:
       - image: circleci/node
@@ -335,6 +351,15 @@ jobs:
             pip install --user z3-solver
       - run: *run_proofs
 
+  chk_docs_pragma_min_version:
+    docker:
+      - image: ethereum/solidity-buildpack-deps:ubuntu1904-<< pipeline.parameters.ubuntu-1904-docker-image-rev >>
+    environment:
+      TERM: xterm
+    steps:
+      - checkout
+      - run: *run_docs_pragma_min_version
+
   b_ubu_clang: &build_ubuntu1904_clang
     docker:
       - image: ethereum/solidity-buildpack-deps:ubuntu1904-clang-<< pipeline.parameters.ubuntu-1904-clang-docker-image-rev >>
@@ -768,6 +793,8 @@ workflows:
       - chk_buglist: *workflow_trigger_on_tags
       - chk_proofs: *workflow_trigger_on_tags
       - chk_pylint: *workflow_trigger_on_tags
+      - chk_antlr_grammar: *workflow_trigger_on_tags
+      - chk_docs_pragma_min_version: *workflow_trigger_on_tags
 
       # build-only
       - b_docs: *workflow_trigger_on_tags

.clang-format

@@ -6,26 +6,35 @@
 # Note that clang-format cannot express the style that closing parentheses
 # behave similar to closing curly braces in a multi-line setting in that
 # they have to be on a line of their own at the same indentation level
-# as the opening part.
+# as the opening part (aka "dangling parenthesis", see https://reviews.llvm.org/D33029).
 
 Language: Cpp
 BasedOnStyle: LLVM
+AccessModifierOffset: -4
+AlignAfterOpenBracket: AlwaysBreak
 AlignEscapedNewlinesLeft: true
 AlwaysBreakAfterReturnType: None
+AlwaysBreakTemplateDeclarations: Yes
 BinPackArguments: false
 BinPackParameters: false
 BreakBeforeBinaryOperators: All
 BreakBeforeBraces: Allman
 ColumnLimit: 120
 ContinuationIndentWidth: 4
+FixNamespaceComments: false
 IndentWidth: 4
 KeepEmptyLinesAtTheStartOfBlocks: false
 MaxEmptyLinesToKeep: 2
 PenaltyBreakBeforeFirstCallParameter: 2000
+PointerAlignment: Left
 SpaceAfterCStyleCast: true
+SpaceAfterTemplateKeyword: false
+SpaceBeforeCtorInitializerColon: false
+SpaceBeforeInheritanceColon: false
 SpaceBeforeParens: ControlStatements
+SpaceBeforeRangeBasedForLoopColon: false
 TabWidth: 4
-UseTab: ForIndentation
+UseTab: Always
 
 # Local Variables:
 # mode: yaml

.github/ISSUE_TEMPLATE/general.md

@@ -1,21 +0,0 @@
----
-name: General Feedback
-about: Any general feedback (neither feature request nor bug reports)
----
-
-<!--## Prerequisites
-
-- First, many thanks for taking part in the community. We really appreciate that.
-- Read the [contributing guidelines](http://solidity.readthedocs.io/en/latest/contributing.html).
-- Support questions are better asked in one of the following locations:
-	- [Solidity chat](https://gitter.im/ethereum/solidity)
-	- [Stack Overflow](https://ethereum.stackexchange.com/)
-- Ensure the issue isn't already reported.
-
-*Delete the above section and the instructions in the sections below before submitting*
--->
-## Description
-
-<!--
-Please describe the purpose of your ticket.
--->

.github/PULL_REQUEST_TEMPLATE.md

@@ -10,7 +10,9 @@ include(EthPolicy)
 eth_policy()
 
 # project name and version should be set after cmake_policy CMP0048
-set(PROJECT_VERSION "0.6.4")
+set(PROJECT_VERSION "0.6.5")
+# OSX target needed in order to support std::visit
+set(CMAKE_OSX_DEPLOYMENT_TARGET "10.14")
 project(solidity VERSION ${PROJECT_VERSION} LANGUAGES C CXX)
 
 include(TestBigEndian)

CMakeLists.txt

@@ -141,7 +141,7 @@ struct MeanSigma
 double const d = 0;
 int i = 0;
 int j = 0;
-char* s;
+char* s = nullptr;
 MeanAndSigma ms meanAndSigma(std::vector<float> const& _v, Accuracy _a);
 Derived* x = dynamic_cast<Derived*>(base);
 for (auto i = x->begin(); i != x->end(); ++i) {}

CODING_STYLE.md

@@ -1,3 +1,28 @@
+### 0.6.5 (2020-04-06)
+
+Important Bugfixes:
+ * Code Generator: Restrict the length of dynamic memory arrays to 64 bits during creation at runtime fixing a possible overflow.
+
+
+Language Features:
+ * Allow local storage variables to be declared without initialization, as long as they are assigned before they are accessed.
+ * State variables can be marked ``immutable`` which causes them to be read-only, but assignable in the constructor. The value will be stored directly in the code.
+
+
+Compiler Features:
+ * Commandline Interface: Enable output of storage layout with `--storage-layout`.
+ * Metadata: Added support for IPFS hashes of large files that need to be split in multiple chunks.
+
+
+Bugfixes:
+ * Inheritance: Allow public state variables to override functions with dynamic memory types in their return values.
+ * Inline Assembly: Fix internal error when accessing invalid constant variables.
+ * Inline Assembly: Fix internal error when accessing functions.
+ * JSON AST: Always add pointer suffix for memory reference types.
+ * Reference Resolver: Fix internal error when accessing invalid struct members.
+ * Type Checker: Fix internal errors when assigning nested tuples.
+
+
 ### 0.6.4 (2020-03-10)
 
 Language Features:
@@ -18,7 +43,6 @@ Bugfixes:
  * SMTChecker: Fix internal errors when analysing tuples.
  * Yul AST Import: correctly import blocks as statements, switch statements and string literals.
 
-
 ### 0.6.3 (2020-02-18)
 
 Language Features:
@@ -32,6 +56,7 @@ Compiler Features:
  * Code Generator: Use ``calldatacopy`` instead of ``codecopy`` to zero out memory past input.
  * Debug: Provide reason strings for compiler-generated internal reverts when using the ``--revert-strings`` option or the ``settings.debug.revertStrings`` setting on ``debug`` mode.
  * Yul Optimizer: Prune functions that call each other but are otherwise unreferenced.
+ * SMTChecker: CHC support to internal function calls.
 
 
 Bugfixes:
@@ -120,6 +145,12 @@ Compiler Features:
  * ABIEncoderV2: Do not warn about enabled ABIEncoderV2 anymore (the pragma is still needed, though).
 
 
+### 0.5.17 (2020-03-17)
+
+Bugfixes:
+ * Type Checker: Disallow overriding of private functions.
+
+
 ### 0.5.16 (2020-01-02)
 
 Backported Bugfixes:

Changelog.md

@@ -12,6 +12,7 @@ Solidity is a statically typed, contract-oriented, high-level language for imple
 - [Development](#development)
 - [Maintainers](#maintainers)
 - [License](#license)
+- [Security](#security)
 
 ## Background
 
@@ -75,3 +76,7 @@ releases [in the projects section](https://github.com/ethereum/solidity/projects
 Solidity is licensed under [GNU General Public License v3.0](LICENSE.txt).
 
 Some third-party code has its [own licensing terms](cmake/templates/license.h.in).
+
+## Security
+
+The security policy may be [found here](SECURITY.md).

README.md

@@ -0,0 +1,52 @@
+# Security Policy
+
+The Solidity team and community take all security bugs in Solidity seriously.
+We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions.
+
+## Scope
+
+Bugs in the Solidity repository are in scope.
+Bugs in third-party dependencies e.g., jsoncpp, boost etc. are not in scope unless they result in a Solidity specific bug.
+
+Only bugs that have a demonstrable security impact on smart contracts are in scope.
+For example, a Solidity program whose optimization is incorrect (e.g., leads to an incorrect output) qualifies as a security bug.
+Please note that the [rules][2] of the [Ethereum bounty program][1] have precedence over this security policy.
+
+## Supported Versions
+
+As a general rule, only the latest release gets security updates.
+Exceptions may be made when the current breaking release is relatively new, e.g. less than three months old.
+If you are reporting a bug, please state clearly the Solidity version(s) it affects.
+
+Example 1: Assuming the current release is `0.6.3` and a security bug has been found in it that affects both `0.5.x` and `0.6.x` trees, we may not only patch `0.6.3` (the bug-fix release numbered `0.6.4`) but `0.5.x` as well (the bug-fix release numbered `0.5.(x+1)`).
+
+Example 2: Assuming the current release is `0.6.25` and a security bug has been found in it, we may only patch `0.6.25` (in the bug-fix release numbered `0.6.26`) even if the bug affects a previous tree such as `0.5.x`.
+
+## Reporting a Vulnerability
+
+To report a vulnerability, please follow the instructions stated in the [Ethereum bounty program][1].
+
+In the bug report, please include all details necessary to reproduce the vulnerability such as:
+
+- Input program that triggers the bug
+- Compiler version affected
+- Target EVM version
+- Framework/IDE if applicable
+- EVM execution environment/client if applicable
+- Operating system
+
+Please include steps to reproduce the bug you have found in as much detail as possible.
+
+Once we have received your bug report, we will try to reproduce it and provide a more detailed response.
+Once the reported bug has been successfully reproduced, the Solidity team will work on a fix.
+
+The Solidity team maintains the following JSON-formatted lists of patched security vulnerabilities:
+
+- [Summary of known security vulnerabilities][3]
+- [List of security vulnerabilities affecting a specific version of the compiler][4].
+
+
+[1]: https://bounty.ethereum.org/
+[2]: https://bounty.ethereum.org/#rules
+[3]: https://solidity.readthedocs.io/en/develop/bugs.html
+[4]: https://github.com/ethereum/solidity/blob/develop/docs/bugs_by_version.json

SECURITY.md

@@ -26,6 +26,17 @@ eth_add_cxx_compiler_flag_if_supported(-Wimplicit-fallthrough)
 # Prevent the path of the source directory from ending up in the binary via __FILE__ macros.
 eth_add_cxx_compiler_flag_if_supported("-fmacro-prefix-map=${CMAKE_SOURCE_DIR}=/solidity")
 
+# -Wpessimizing-move warns when a call to std::move would prevent copy elision
+# if the argument was not wrapped in a call.  This happens when moving a local
+# variable in a return statement when the variable is the same type as the
+# return type or using a move to create a new object from a temporary object.
+eth_add_cxx_compiler_flag_if_supported(-Wpessimizing-move)
+
+# -Wredundant-move warns when an implicit move would already be made, so the
+# std::move call is not needed, such as when moving a local variable in a return
+# that is different from the return type.
+eth_add_cxx_compiler_flag_if_supported(-Wredundant-move)
+
 if (("${CMAKE_CXX_COMPILER_ID}" MATCHES "GNU") OR ("${CMAKE_CXX_COMPILER_ID}" MATCHES "Clang"))
 	# Enables all the warnings about constructions that some users consider questionable,
 	# and that are easy to avoid.  Also enable some extra warning flags that are not

cmake/EthCompilerSettings.cmake

@@ -292,8 +292,9 @@ Consider you have the following pre-0.5.0 contract already deployed:
 
 ::
 
-    // This will not compile with the current version of the compiler
     pragma solidity ^0.4.25;
+    // This will report a warning until version 0.4.25 of the compiler
+    // This will not compile after 0.5.0
     contract OldContract {
         function someOldFunction(uint8 a) {
             //...
@@ -369,8 +370,8 @@ Old version:
 
 ::
 
-    // This will not compile
     pragma solidity ^0.4.25;
+    // This will not compile after 0.5.0
 
     contract OtherContract {
         uint x;
@@ -396,7 +397,7 @@ Old version:
             // Throw is fine in this version.
             if (x > 100)
                 throw;
-            bytes b = new bytes(x);
+            bytes memory b = new bytes(x);
             y = -3 >> 1;
             // y == -1 (wrong, should be -2)
             do {
@@ -431,14 +432,15 @@ New version:
 
 ::
 
-    pragma solidity >=0.5.0 <0.7.0;
+    pragma solidity >=0.5.0 <0.5.99;
+    // This will not compile after 0.6.0
 
     contract OtherContract {
         uint x;
         function f(uint y) external {
             x = y;
         }
-        receive() payable external {}
+        function() payable external {}
     }
 
     contract New {