Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segmentation fault in solc in function solidity::frontend::experimental::Analysis::annotationContainer, file libsolidity/experimental/analysis/Analysis.cpp #15177

Closed
djuricmilan opened this issue Jun 4, 2024 · 6 comments
Closed

Segmentation fault in solc in function solidity::frontend::experimental::Analysis::annotationContainer, file libsolidity/experimental/analysis/Analysis.cpp #15177

djuricmilan opened this issue Jun 4, 2024 · 6 comments
Labels
bug 🐛 experimental

Comments

@djuricmilan
Copy link

djuricmilan commented Jun 4, 2024
edited
Loading

Description

When fuzzing the 0.8.24 release of solc with AFL++, I encountered a NULL-pointer dereference in solidity::frontend::experimental::Analysis::annotationContainer

The segfault appears to be triggered at:

solidity/libsolidity/experimental/analysis/Analysis.cpp

Line 139 in e11b9ed

solAssert(_node.id() > 0);

Environment

  • Compiler version: 0.8.24
  • Target EVM version (as per compiler settings): N/A
  • Framework/IDE (e.g. Truffle or Remix): N/A
  • EVM execution environment / backend / blockchain client: N/A
  • Operating system: Linux 5.15.0-101-generic Ubuntu x86_64 GNU/Linux

Steps to Reproduce

CMake flags

-DBoost_USE_STATIC_LIBS=OFF

PoC

//=4/t C {erimental solidity;
    /// @irBct C {      addres coin;
         type c= 2|4: (,8-1): Modi2;
//{
    /// @irBct C {      add2.X = 1; p2.Y

##Full backtrace

gef➤  bt
#0  solidity::frontend::experimental::Analysis::annotationContainer (this=0x55555743ac80, _node=...) at /build/source/libsolidity/experimental/analysis/Analysis.cpp:131
#1  0x0000555555ac3521 in solidity::frontend::experimental::detail::AnnotationFetcher<solidity::frontend::experimental::TypeInference>::get (this=0x7fffffffb1a8, _node=...) at /build/source/libsolidity/experimental/analysis/Analysis.cpp:108
#2  0x000055555633d064 in solidity::frontend::experimental::Analysis::annotation<solidity::frontend::experimental::TypeInference> (this=0x7ffff774c4c0, _node=...) at /build/source/libsolidity/experimental/analysis/Analysis.h:81
#3  solidity::frontend::experimental::TypeInference::annotation (_node=..., this=<optimized out>) at /build/source/libsolidity/experimental/analysis/TypeInference.cpp:1200
#4  solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0::operator()<std::shared_ptr<solidity::frontend::Expression> >(std::shared_ptr<solidity::frontend::Expression>) const (this=<optimized out>, _expr=...) at /build/source/libsolidity/experimental/analysis/TypeInference.cpp:580
#5  ranges::invoke_fn::operator()<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0&, std::shared_ptr<solidity::frontend::Expression> const&>(solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0&, std::shared_ptr<solidity::frontend::Expression> const&) const (this=<optimized out>, f=..., args=...) at /build/source/build/deps/include/range/v3/functional/invoke.hpp:142
#6  ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0>::operator()<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > > >(__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >) (this=<optimized out>, its=...) at /build/source/build/deps/include/range/v3/functional/indirect.hpp:55
#7  ranges::invoke_fn::operator()<ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0>&, __gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >&>(ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0>&, __gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >&) const (this=<optimized out>, f=..., args=...) at /build/source/build/deps/include/range/v3/functional/invoke.hpp:142
#8  ranges::semiregular_box<ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::operator()<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >&, true, 0>(__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >&) & (this=<optimized out>, args=...) at /build/source/build/deps/include/range/v3/utility/semiregular_box.hpp:230
#9  ranges::invoke_fn::operator()<ranges::semiregular_box<ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >&, __gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >&>(ranges::semiregular_box<ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >&, __gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >&) const (this=<optimized out>, f=..., args=...) at /build/source/build/deps/include/range/v3/functional/invoke.hpp:142
#10 ranges::reference_wrapper<ranges::semiregular_box<ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> > >::operator()<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >&>(__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >&) const (this=<optimized out>, args=...) at /build/source/build/deps/include/range/v3/functional/reference_wrapper.hpp:109
#11 ranges::invoke_fn::operator()<ranges::reference_wrapper<ranges::semiregular_box<ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> > > const&, __gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >&>(ranges::reference_wrapper<ranges::semiregular_box<ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> > > const&, __gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >&) const (this=<optimized out>, f=..., args=...) at /build/source/build/deps/include/range/v3/functional/invoke.hpp:142
#12 ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false>::read(__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >) const (this=<optimized out>, it=...) at /build/source/build/deps/include/range/v3/view/transform.hpp:143
#13 ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> >::read<ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false>, std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable> >() const (this=<optimized out>) at /build/source/build/deps/include/range/v3/view/adaptor.hpp:301
#14 ranges::range_access::read<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >(ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > const&) (pos=...) at /build/source/build/deps/include/range/v3/detail/range_access.hpp:107
#15 ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >::operator*<concepts::detail::CPP_true_fn(concepts::detail::Nil)>() const (this=<optimized out>) at /build/source/build/deps/include/range/v3/iterator/basic_iterator.hpp:587
#16 0x000055555633cbf8 in std::__do_uninit_copy<ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable>*>(ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable>*) (__first=..., __last=..., __result=<optimized out>) at /nix/store/h2abv2l8irqj942i5rq9wbrj42kbsh5y-gcc-12.3.0/include/c++/12.3.0/bits/stl_uninitialized.h:120
#17 std::__uninitialized_copy<false>::__uninit_copy<ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable>*>(ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable>*) (__first=..., __last=..., __result=<optimized out>) at /nix/store/h2abv2l8irqj942i5rq9wbrj42kbsh5y-gcc-12.3.0/include/c++/12.3.0/bits/stl_uninitialized.h:137
#18 std::uninitialized_copy<ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable>*>(ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable>*) (__first=..., __last=..., __result=<optimized out>) at /nix/store/h2abv2l8irqj942i5rq9wbrj42kbsh5y-gcc-12.3.0/include/c++/12.3.0/bits/stl_uninitialized.h:184
#19 std::__uninitialized_copy_a<ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable>*, std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable> >(ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable>*, std::allocator<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable> >&) (__first=..., __last=..., __result=0x55555743f690) at /nix/store/h2abv2l8irqj942i5rq9wbrj42kbsh5y-gcc-12.3.0/include/c++/12.3.0/bits/stl_uninitialized.h:372
#20 0x000055555631bb2a in std::vector<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable>, std::allocator<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable> > >::_M_assign_aux<ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > > >(ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, std::forward_iterator_tag) (this=0x7fffffffb460, __first=..., __last=...) at /nix/store/h2abv2l8irqj942i5rq9wbrj42kbsh5y-gcc-12.3.0/include/c++/12.3.0/bits/vector.tcc:339
#21 std::vector<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable>, std::allocator<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable> > >::_M_assign_dispatch<ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > > >(ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, std::__false_type) (this=0x7fffffffb460, __first=..., __last=...) at /nix/store/h2abv2l8irqj942i5rq9wbrj42kbsh5y-gcc-12.3.0/include/c++/12.3.0/bits/stl_vector.h:1737
#22 std::vector<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable>, std::allocator<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable> > >::assign<ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, void>(ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >) (this=0x7fffffffb460, __first=..., __last=...) at /nix/store/h2abv2l8irqj942i5rq9wbrj42kbsh5y-gcc-12.3.0/include/c++/12.3.0/bits/stl_vector.h:824
#23 ranges::detail::to_container::fn<meta::id<std::vector<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable>, std::allocator<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable> > > > >::impl<std::vector<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable>, std::allocator<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable> > >, ranges::basic_iterator<ranges::adaptor_cursor<__gnu_cxx::__normal_iterator<std::shared_ptr<solidity::frontend::Expression> const*, std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > >, ranges::iter_transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, ranges::indirected<solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >::adaptor<false> > >, ranges::transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0> >(ranges::transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0>&&, std::integral_constant<bool, true>) (rng=...) at /build/source/build/deps/include/range/v3/range/conversion.hpp:330
#24 ranges::detail::to_container::fn<meta::id<std::vector<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable>, std::allocator<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable> > > > >::operator()<ranges::transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0>, true, 0, 0>(ranges::transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0>&&) const (rng=..., this=<optimized out>) at /build/source/build/deps/include/range/v3/range/conversion.hpp:346
#25 ranges::detail::operator|<ranges::transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0>, meta::id<std::vector<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable>, std::allocator<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable> > > > >(ranges::transform_view<ranges::ref_view<std::vector<std::shared_ptr<solidity::frontend::Expression>, std::allocator<std::shared_ptr<solidity::frontend::Expression> > > const>, solidity::frontend::experimental::TypeInference::endVisit(solidity::frontend::TupleExpression const&)::$_0>&&, ranges::detail::to_container::closure<meta::id<std::vector<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable>, std::allocator<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable> > > >, ranges::detail::to_container::fn<meta::id<std::vector<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable>, std::allocator<std::variant<std::monostate, solidity::frontend::experimental::TypeConstant, solidity::frontend::experimental::TypeVariable> > > > > > (*)(ranges::detail::to_container)) (rng=...) at /build/source/build/deps/include/range/v3/range/conversion.hpp:54
#26 solidity::frontend::experimental::TypeInference::endVisit (this=0x7fffffffcfd8, _tupleExpression=...) at /build/source/libsolidity/experimental/analysis/TypeInference.cpp:583
#27 0x00005555563127d6 in solidity::frontend::experimental::TypeInference::visit (this=0x7fffffffcfd8, _binaryOperation=...) at /build/source/libsolidity/experimental/analysis/TypeInference.cpp:335
#28 0x000055555596acd5 in solidity::frontend::BinaryOperation::accept (this=0x555557436630, _visitor=...) at /build/source/libsolidity/ast/AST_accept.h:875
#29 0x00005555563127b7 in solidity::frontend::experimental::TypeInference::visit (this=0x7fffffffcfd8, _binaryOperation=...) at /build/source/libsolidity/experimental/analysis/TypeInference.cpp:332
#30 0x000055555596acd5 in solidity::frontend::BinaryOperation::accept (this=0x5555574366a0, _visitor=...) at /build/source/libsolidity/ast/AST_accept.h:875
#31 0x0000555556312bf2 in solidity::frontend::experimental::TypeInference::visit (this=0x7fffffffcfd8, _binaryOperation=...) at /build/source/libsolidity/experimental/analysis/TypeInference.cpp:350
#32 0x000055555596acd5 in solidity::frontend::BinaryOperation::accept (this=0x555557436710, _visitor=...) at /build/source/libsolidity/ast/AST_accept.h:875
#33 0x0000555556328ac8 in solidity::frontend::experimental::TypeInference::visit (this=0x7fffffffcfd8, _typeDefinition=...) at /build/source/libsolidity/experimental/analysis/TypeInference.cpp:796
#34 0x000055555596b8b6 in solidity::frontend::TypeDefinition::accept (this=0x555557431b50, _visitor=...) at /build/source/libsolidity/ast/AST_accept.h:1101
#35 0x0000555555963cc9 in solidity::frontend::ASTNode::listAccept<std::shared_ptr<solidity::frontend::ASTNode> > (_list=..., _visitor=...) at /build/source/libsolidity/ast/AST.h:101
#36 0x0000555555963c2e in solidity::frontend::SourceUnit::accept (this=0x555557435830, _visitor=...) at /build/source/libsolidity/ast/AST_accept.h:43
#37 0x0000555556305972 in solidity::frontend::experimental::TypeInference::analyze (this=0x7fffffffcfd8, _sourceUnit=...) at /build/source/libsolidity/experimental/analysis/TypeInference.cpp:127
#38 0x0000555555ac48cc in solidity::frontend::experimental::Analysis::check(std::vector<std::shared_ptr<solidity::frontend::SourceUnit const>, std::allocator<std::shared_ptr<solidity::frontend::SourceUnit const> > > const&)::$_0::operator()<std::integral_constant<unsigned long, 0ul>, std::integral_constant<unsigned long, 1ul>, std::integral_constant<unsigned long, 2ul>, std::integral_constant<unsigned long, 3ul>, std::integral_constant<unsigned long, 4ul>, std::integral_constant<unsigned long, 5ul> >(std::integral_constant<unsigned long, 0ul>, std::integral_constant<unsigned long, 1ul>, std::integral_constant<unsigned long, 2ul>, std::integral_constant<unsigned long, 3ul>, std::integral_constant<unsigned long, 4ul>, std::integral_constant<unsigned long, 5ul>) const::{lambda(auto:1&&)#2}::operator()<solidity::frontend::experimental::TypeInference>(solidity::frontend::experimental::TypeInference&&) const (_step=..., this=<optimized out>) at /build/source/libsolidity/experimental/analysis/Analysis.cpp:176
#39 solidity::frontend::experimental::Analysis::check(std::vector<std::shared_ptr<solidity::frontend::SourceUnit const>, std::allocator<std::shared_ptr<solidity::frontend::SourceUnit const> > > const&)::$_0::operator()<std::integral_constant<unsigned long, 0ul>, std::integral_constant<unsigned long, 1ul>, std::integral_constant<unsigned long, 2ul>, std::integral_constant<unsigned long, 3ul>, std::integral_constant<unsigned long, 4ul>, std::integral_constant<unsigned long, 5ul> >(std::integral_constant<unsigned long, 0ul>, std::integral_constant<unsigned long, 1ul>, std::integral_constant<unsigned long, 2ul>, std::integral_constant<unsigned long, 3ul>, std::integral_constant<unsigned long, 4ul>, std::integral_constant<unsigned long, 5ul>) const (this=<optimized out>, _indexTuple=..., _indexTuple=..., _indexTuple=..., _indexTuple=..., _indexTuple=..., _indexTuple=...) at /build/source/libsolidity/experimental/analysis/Analysis.cpp:174
#40 std::__invoke_impl<bool, solidity::frontend::experimental::Analysis::check(std::vector<std::shared_ptr<solidity::frontend::SourceUnit const>, std::allocator<std::shared_ptr<solidity::frontend::SourceUnit const> > > const&)::$_0, std::integral_constant<unsigned long, 0ul>, std::integral_constant<unsigned long, 1ul>, std::integral_constant<unsigned long, 2ul>, std::integral_constant<unsigned long, 3ul>, std::integral_constant<unsigned long, 4ul>, std::integral_constant<unsigned long, 5ul> >(std::__invoke_other, solidity::frontend::experimental::Analysis::check(std::vector<std::shared_ptr<solidity::frontend::SourceUnit const>, std::allocator<std::shared_ptr<solidity::frontend::SourceUnit const> > > const&)::$_0&&, std::integral_constant<unsigned long, 0ul>&&, std::integral_constant<unsigned long, 1ul>&&, std::integral_constant<unsigned long, 2ul>&&, std::integral_constant<unsigned long, 3ul>&&, std::integral_constant<unsigned long, 4ul>&&, std::integral_constant<unsigned long, 5ul>&&) (__f=..., __args=..., __args=..., __args=..., __args=..., __args=..., __args=...) at /nix/store/h2abv2l8irqj942i5rq9wbrj42kbsh5y-gcc-12.3.0/include/c++/12.3.0/bits/invoke.h:61
#41 std::__invoke<solidity::frontend::experimental::Analysis::check(std::vector<std::shared_ptr<solidity::frontend::SourceUnit const>, std::allocator<std::shared_ptr<solidity::frontend::SourceUnit const> > > const&)::$_0, std::integral_constant<unsigned long, 0ul>, std::integral_constant<unsigned long, 1ul>, std::integral_constant<unsigned long, 2ul>, std::integral_constant<unsigned long, 3ul>, std::integral_constant<unsigned long, 4ul>, std::integral_constant<unsigned long, 5ul> >(solidity::frontend::experimental::Analysis::check(std::vector<std::shared_ptr<solidity::frontend::SourceUnit const>, std::allocator<std::shared_ptr<solidity::frontend::SourceUnit const> > > const&)::$_0&&, std::integral_constant<unsigned long, 0ul>&&, std::integral_constant<unsigned long, 1ul>&&, std::integral_constant<unsigned long, 2ul>&&, std::integral_constant<unsigned long, 3ul>&&, std::integral_constant<unsigned long, 4ul>&&, std::integral_constant<unsigned long, 5ul>&&) (__fn=..., __args=..., __args=..., __args=..., __args=..., __args=..., __args=...) at /nix/store/h2abv2l8irqj942i5rq9wbrj42kbsh5y-gcc-12.3.0/include/c++/12.3.0/bits/invoke.h:96
#42 std::__apply_impl<solidity::frontend::experimental::Analysis::check(std::vector<std::shared_ptr<solidity::frontend::SourceUnit const>, std::allocator<std::shared_ptr<solidity::frontend::SourceUnit const> > > const&)::$_0, std::tuple<std::integral_constant<unsigned long, 0ul>, std::integral_constant<unsigned long, 1ul>, std::integral_constant<unsigned long, 2ul>, std::integral_constant<unsigned long, 3ul>, std::integral_constant<unsigned long, 4ul>, std::integral_constant<unsigned long, 5ul> >, 0ul, 1ul, 2ul, 3ul, 4ul, 5ul>(solidity::frontend::experimental::Analysis::check(std::vector<std::shared_ptr<solidity::frontend::SourceUnit const>, std::allocator<std::shared_ptr<solidity::frontend::SourceUnit const> > > const&)::$_0&&, std::tuple<std::integral_constant<unsigned long, 0ul>, std::integral_constant<unsigned long, 1ul>, std::integral_constant<unsigned long, 2ul>, std::integral_constant<unsigned long, 3ul>, std::integral_constant<unsigned long, 4ul>, std::integral_constant<unsigned long, 5ul> >&&, std::integer_sequence<unsigned long, 0ul, 1ul, 2ul, 3ul, 4ul, 5ul>) (__f=..., __t=...) at /nix/store/h2abv2l8irqj942i5rq9wbrj42kbsh5y-gcc-12.3.0/include/c++/12.3.0/tuple:1852
#43 std::apply<solidity::frontend::experimental::Analysis::check(std::vector<std::shared_ptr<solidity::frontend::SourceUnit const>, std::allocator<std::shared_ptr<solidity::frontend::SourceUnit const> > > const&)::$_0, std::tuple<std::integral_constant<unsigned long, 0ul>, std::integral_constant<unsigned long, 1ul>, std::integral_constant<unsigned long, 2ul>, std::integral_constant<unsigned long, 3ul>, std::integral_constant<unsigned long, 4ul>, std::integral_constant<unsigned long, 5ul> > >(solidity::frontend::experimental::Analysis::check(std::vector<std::shared_ptr<solidity::frontend::SourceUnit const>, std::allocator<std::shared_ptr<solidity::frontend::SourceUnit const> > > const&)::$_0&&, std::tuple<std::integral_constant<unsigned long, 0ul>, std::integral_constant<unsigned long, 1ul>, std::integral_constant<unsigned long, 2ul>, std::integral_constant<unsigned long, 3ul>, std::integral_constant<unsigned long, 4ul>, std::integral_constant<unsigned long, 5ul> >&&) (__f=..., __t=...) at /nix/store/h2abv2l8irqj942i5rq9wbrj42kbsh5y-gcc-12.3.0/include/c++/12.3.0/tuple:1863
#44 solidity::frontend::experimental::Analysis::check (this=0x55555743ac80, _sourceUnits=...) at /build/source/libsolidity/experimental/analysis/Analysis.cpp:173
#45 0x0000555555a7a460 in solidity::frontend::CompilerStack::analyzeExperimental (this=this@entry=0x55555742ebb0) at /build/source/libsolidity/interface/CompilerStack.cpp:679
#46 0x0000555555a78d92 in solidity::frontend::CompilerStack::analyze (this=this@entry=0x55555742ebb0) at /build/source/libsolidity/interface/CompilerStack.cpp:505
#47 0x0000555555a80194 in solidity::frontend::CompilerStack::parseAndAnalyze (this=0x55555742ebb0, _stopAfter=<optimized out>) at /build/source/libsolidity/interface/CompilerStack.cpp:690
#48 solidity::frontend::CompilerStack::compile (this=0x55555742ebb0, _stopAfter=<optimized out>) at /build/source/libsolidity/interface/CompilerStack.cpp:723
#49 0x000055555589aeaa in solidity::frontend::CommandLineInterface::compile (this=this@entry=0x7fffffffddf8) at /build/source/solc/CommandLineInterface.cpp:900
#50 0x0000555555893ab3 in solidity::frontend::CommandLineInterface::processInput (this=this@entry=0x7fffffffddf8) at /build/source/solc/CommandLineInterface.cpp:769
#51 0x0000555555893307 in solidity::frontend::CommandLineInterface::run (this=0x7fffffffddf8, _argc=0x2, _argv=0x7fffffffe2d8) at /build/source/solc/CommandLineInterface.cpp:682
#52 0x0000555555874643 in main (argc=0x2, argv=0x7fffffffe2d8) at /build/source/solc/main.cpp:40
gef➤  x _node
Cannot access memory at address 0x0
gef➤  c
Continuing.
UndefinedBehaviorSanitizer:DEADLYSIGNAL
==72406==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x000000000008 (pc 0x555555ac27a3 bp 0x555557431890 sp 0x7fffffffb040 T72406)
==72406==The signal is caused by a READ memory access.
==72406==Hint: address points to the zero page.
    #0 0x555555ac27a3  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0x56e7a3)
    #1 0x555555ac3520  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0x56f520)
    #2 0x55555633d063  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0xde9063)
    #3 0x55555633cbf7  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0xde8bf7)
    #4 0x55555631bb29  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0xdc7b29)
    #5 0x5555563127d5  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0xdbe7d5)
    #6 0x55555596acd4  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0x416cd4)
    #7 0x5555563127b6  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0xdbe7b6)
    #8 0x55555596acd4  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0x416cd4)
    #9 0x555556312bf1  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0xdbebf1)
    #10 0x55555596acd4  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0x416cd4)
    #11 0x555556328ac7  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0xdd4ac7)
    #12 0x55555596b8b5  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0x4178b5)
    #13 0x555555963cc8  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0x40fcc8)
    #14 0x555555963c2d  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0x40fc2d)
    #15 0x555556305971  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0xdb1971)
    #16 0x555555ac48cb  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0x5708cb)
    #17 0x555555a7a45f  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0x52645f)
    #18 0x555555a78d91  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0x524d91)
    #19 0x555555a80193  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0x52c193)
    #20 0x55555589aea9  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0x346ea9)
    #21 0x555555893ab2  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0x33fab2)
    #22 0x555555893306  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0x33f306)
    #23 0x555555874642  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0x320642)
    #24 0x7ffff7a16fcd  (/nix/store/p9ysh5rk109gyjj3cn6jr54znvvlahfl-glibc-2.38-66/lib/libc.so.6+0x27fcd) (BuildId: 26495ff69df462534fb238dc0fb1608f6f75576a)
    #25 0x7ffff7a17088  (/nix/store/p9ysh5rk109gyjj3cn6jr54znvvlahfl-glibc-2.38-66/lib/libc.so.6+0x28088) (BuildId: 26495ff69df462534fb238dc0fb1608f6f75576a)
    #26 0x555555843904  (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0x2ef904)

UndefinedBehaviorSanitizer can not provide additional info.
SUMMARY: UndefinedBehaviorSanitizer: SEGV (/nix/store/24cpfziar0vqjwxm78jdjhpqjs4hamam-solidity/bin/solc+0x56e7a3) 
==72406==ABORTING
[Inferior 1 (process 72406) exited with code 01]
@matheusaaguiar
Copy link
Collaborator

Hi @djuricmilan ! Thanks for the report.
Could you clarify what PoC is about? Also could you provide the Solidity code repro that generated such seg fault?

@djuricmilan
Copy link
Author

Hi @matheusaaguiar,

PoC is the solidity code that causes the segfault when invoked with solc, version 0.8.24:

solc poc.sol

@matheusaaguiar
Copy link
Collaborator

@djuricmilan , sorry, but I am confused, that is far from a valid Solidity code.

@ekpyron
Copy link
Member

ekpyron commented Jun 10, 2024

This is the result of fuzzing, so random (well mutated) code that should still retain valid compiler behaviour (as in proper errors instead of crashes or segfaults).
The curious thing here is that the segfault is in experimental analysis, which should only be invoked at all with pragma experimental solidity; (by the way, there's no stability guarantees for that compiler mode and it will involve a lot of invalid behaviour - that's to be expected at the current stage and we're not interested in crashes, if it involves a full valid pragma experimental solidity; at this point).

But the reproduction does not involve such a pragma, so the question is why experimental analysis runs in the first place.

However, I can't reproduce the behaviour with 0.8.24 myself.

@djuricmilan
Copy link
Author

Ok, I attached the actual PoC that caused the segfault to this comment. Apologies from my side, I was fooled by my terminal multiplexer that simply did not display all the bytes when printing the PoC... The PoC indeed starts with a valid pragma experimental solidity statement, so you I assume the crash is not relevant.
bug2.zip

@matheusaaguiar
Copy link
Collaborator

Thanks for confirming. Since this happened with experimental, we can close this issue.

@r0qs r0qs mentioned this issue Jun 26, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug 🐛 experimental
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@cameel @ekpyron @djuricmilan @matheusaaguiar