Fix last_name edge cases with Solady library

Author: smonicas

slither/slithir/utils/ssa.py

@@ -345,6 +345,7 @@ def last_name(
         LocalIRVariable,
     ],
     init_vars: Dict[str, LocalIRVariable],
+    new_variables: List[Union[StateIRVariable, LocalIRVariable]],
 ) -> Union[StateIRVariable, LocalIRVariable,]:
     candidates = []
     # Todo optimize by creating a variables_ssa_written attribute
@@ -357,9 +358,11 @@ def last_name(
                 candidates.append(lvalue)
     if n.variable_declaration and n.variable_declaration.name == var.name:
         candidates.append(LocalIRVariable(n.variable_declaration))
-    if n.type == NodeType.ENTRYPOINT:
-        if var.name in init_vars:
-            candidates.append(init_vars[var.name])
+    if var.name in init_vars:
+        candidates.append(init_vars[var.name])
+    for v in new_variables:
+        if v.name == var.name:
+            candidates.append(v)
     assert candidates
     return max(candidates, key=lambda v: v.index)
 
@@ -493,9 +496,25 @@ def fix_phi_rvalues_and_storage_ref(
 ) -> None:
     for ir in node.irs_ssa:
         if isinstance(ir, (Phi)) and not ir.rvalues:
-            variables = [
-                last_name(dst, ir.lvalue, init_local_variables_instances) for dst in ir.nodes
-            ]
+            # We need to order nodes so that a node with an Assignment operation is first
+            # as the other node may use the variable assigned
+            nodes = []
+            for n in ir.nodes:
+                assignment = False
+                for irr in n.irs:
+                    if isinstance(irr, Assignment):
+                        nodes.insert(0, n)
+                        assignment = True
+                        break
+                if not assignment:
+                    nodes.append(n)
+            # Keep track of the new variables in this set of nodes. We need to pass it to last_name
+            # in case a node has an Assignment operation and the following one uses the variable assigned
+            variables = []
+            for dst in nodes:
+                variables.append(
+                    last_name(dst, ir.lvalue, init_local_variables_instances, variables)
+                )
             ir.rvalues = variables
         if isinstance(ir, (Phi, PhiCallback)):
             if isinstance(ir.lvalue, LocalIRVariable):

tests/e2e/solc_parsing/test_ast_parsing.py

@@ -476,6 +476,7 @@ def make_version(minor: int, patch_min: int, patch_max: int) -> List[str]:
     Test("scope/inherited_function_scope.sol", ["0.8.24"]),
     Test("using_for_global_user_defined_operator_1.sol", ["0.8.24"]),
     Test("require-error.sol", ["0.8.27"]),
+    Test("yul-solady.sol", ["0.8.27"]),
 ]
 # create the output folder if needed
 try:

tests/e2e/solc_parsing/test_data/compile/yul-solady.sol-0.8.27-compact.zip

@@ -0,0 +1,9 @@
+{
+  "C": {
+    "_checkpointPushDiff(uint256,uint256,uint256,bool)": "digraph{\n0[label=\"Node Type: ENTRY_POINT 0\n\"];\n0->1;\n1[label=\"Node Type: INLINE ASM 1\n\"];\n1->2;\n2[label=\"Node Type: NEW VARIABLE 2\n\"];\n2->3;\n3[label=\"Node Type: EXPRESSION 3\n\"];\n3->4;\n4[label=\"Node Type: BEGIN_LOOP 4\n\"];\n4->6;\n5[label=\"Node Type: END_LOOP 5\n\"];\n5->25;\n6[label=\"Node Type: NEW VARIABLE 6\n\"];\n6->7;\n7[label=\"Node Type: EXPRESSION 7\n\"];\n7->8;\n8[label=\"Node Type: IF_LOOP 8\n\"];\n8->5[label=\"True\"];\n8->9[label=\"False\"];\n9[label=\"Node Type: IF 9\n\"];\n9->11[label=\"True\"];\n9->10[label=\"False\"];\n10[label=\"Node Type: END_IF 10\n\"];\n10->23;\n11[label=\"Node Type: IF 11\n\"];\n11->13[label=\"True\"];\n11->12[label=\"False\"];\n12[label=\"Node Type: END_IF 12\n\"];\n12->15;\n13[label=\"Node Type: EXPRESSION 13\n\"];\n13->14;\n14[label=\"Node Type: EXPRESSION 14\n\"];\n14->12;\n15[label=\"Node Type: EXPRESSION 15\n\"];\n15->16;\n16[label=\"Node Type: IF 16\n\"];\n16->18[label=\"True\"];\n16->17[label=\"False\"];\n17[label=\"Node Type: END_IF 17\n\"];\n17->20;\n18[label=\"Node Type: EXPRESSION 18\n\"];\n18->19;\n19[label=\"Node Type: BREAK 19\n\"];\n19->17;\n20[label=\"Node Type: EXPRESSION 20\n\"];\n20->21;\n21[label=\"Node Type: EXPRESSION 21\n\"];\n21->22;\n22[label=\"Node Type: BREAK 22\n\"];\n22->10;\n23[label=\"Node Type: NEW VARIABLE 23\n\"];\n23->24;\n24[label=\"Node Type: EXPRESSION 24\n\"];\n24->8;\n25[label=\"Node Type: END INLINE ASM 25\n\"];\n25->26;\n26[label=\"Node Type: RETURN 26\n\"];\n}\n"
+  },
+  "Initializable": {
+    "_initializableSlot()": "digraph{\n0[label=\"Node Type: ENTRY_POINT 0\n\"];\n0->1;\n1[label=\"Node Type: RETURN 1\n\"];\n}\n",
+    "initializer()": "digraph{\n0[label=\"Node Type: ENTRY_POINT 0\n\"];\n0->1;\n1[label=\"Node Type: NEW VARIABLE 1\n\"];\n1->2;\n2[label=\"Node Type: INLINE ASM 2\n\"];\n2->3;\n3[label=\"Node Type: NEW VARIABLE 3\n\"];\n3->4;\n4[label=\"Node Type: EXPRESSION 4\n\"];\n4->5;\n5[label=\"Node Type: EXPRESSION 5\n\"];\n5->6;\n6[label=\"Node Type: IF 6\n\"];\n6->8[label=\"True\"];\n6->7[label=\"False\"];\n7[label=\"Node Type: END_IF 7\n\"];\n7->13;\n8[label=\"Node Type: IF 8\n\"];\n8->10[label=\"True\"];\n8->9[label=\"False\"];\n9[label=\"Node Type: END_IF 9\n\"];\n9->12;\n10[label=\"Node Type: EXPRESSION 10\n\"];\n10->11;\n11[label=\"Node Type: EXPRESSION 11\n\"];\n11->9;\n12[label=\"Node Type: EXPRESSION 12\n\"];\n12->7;\n13[label=\"Node Type: END INLINE ASM 13\n\"];\n13->14;\n14[label=\"Node Type: _ 14\n\"];\n14->15;\n15[label=\"Node Type: INLINE ASM 15\n\"];\n15->16;\n16[label=\"Node Type: IF 16\n\"];\n16->18[label=\"True\"];\n16->17[label=\"False\"];\n17[label=\"Node Type: END_IF 17\n\"];\n17->21;\n18[label=\"Node Type: EXPRESSION 18\n\"];\n18->19;\n19[label=\"Node Type: EXPRESSION 19\n\"];\n19->20;\n20[label=\"Node Type: EXPRESSION 20\n\"];\n20->17;\n21[label=\"Node Type: END INLINE ASM 21\n\"];\n}\n"
+  }
+}

tests/e2e/solc_parsing/test_data/expected/yul-solady.sol-0.8.27-compact.json

@@ -0,0 +1,76 @@
+
+contract C {
+    // Snippet of the _checkpointPushDiff function that was making slither crashes 
+    // https://github.com/Vectorized/solady/blob/9298d096feb87de9a8873a704ff98f6892064c65/src/tokens/ERC20Votes.sol#L339-L361
+    function _checkpointPushDiff(uint256 lengthSlot, uint256 key, uint256 amount, bool isAdd)
+        private
+  returns(uint256 newValue)        
+    {
+        /// @solidity memory-safe-assembly
+        assembly {
+            let lengthSlotPacked := sload(lengthSlot)
+            for { let n := shr(208, shl(160, lengthSlotPacked)) } 1 {} {
+                if iszero(n) {
+                    if iszero(or(isAdd, iszero(amount))) {
+                        mstore(0x00, 0x5915f686) // `ERC5805CheckpointValueUnderflow()`.
+                        revert(0x1c, 0x04)
+                    }
+                    newValue := amount
+                    if iszero(or(eq(newValue, address()), shr(160, newValue))) {
+                        sstore(lengthSlot, or(or(key, shl(48, 1)), shl(96, newValue)))
+                        break
+                    }
+                    sstore(lengthSlot, or(or(key, shl(48, 1)), shl(96, address())))
+                    sstore(not(lengthSlot), newValue)
+                    break
+                }
+                let checkpointSlot := add(sub(n, 1), lengthSlot)
+            }
+        }
+    }
+}
+
+
+// Snippet of the Initializable contract that was making slither crashes
+// https://github.com/Vectorized/solady/blob/9298d096feb87de9a8873a704ff98f6892064c65/src/utils/Initializable.sol#L7
+contract Initializable {
+    bytes32 private constant _INTIALIZED_EVENT_SIGNATURE =
+        0xc7f505b2f371ae2175ee4913f4499e1f2633a7b5936321eed1cdaeb6115181d2;
+    bytes32 private constant _INITIALIZABLE_SLOT =
+        0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffbf601132;
+
+
+    function _initializableSlot() internal pure virtual returns (bytes32) {
+        return _INITIALIZABLE_SLOT;
+    }
+
+    modifier initializer() virtual {
+        bytes32 s = _initializableSlot();
+        /// @solidity memory-safe-assembly
+        assembly {
+            let i := sload(s)
+            // Set `initializing` to 1, `initializedVersion` to 1.
+            sstore(s, 3)
+            // If `!(initializing == 0 && initializedVersion == 0)`.
+            if i {
+                // If `!(address(this).code.length == 0 && initializedVersion == 1)`.
+                if iszero(lt(extcodesize(address()), eq(shr(1, i), 1))) {
+                    mstore(0x00, 0xf92ee8a9) // `InvalidInitialization()`.
+                    revert(0x1c, 0x04)
+                }
+                s := shl(shl(255, i), s) // Skip initializing if `initializing == 1`.
+            }
+        }
+        _;
+        /// @solidity memory-safe-assembly
+        assembly {
+            if s {
+                // Set `initializing` to 0, `initializedVersion` to 1.
+                sstore(s, 2)
+                // Emit the {Initialized} event.
+                mstore(0x20, 1)
+                log1(0x20, 0x20, _INTIALIZED_EVENT_SIGNATURE)
+            }
+        }
+    }
+}