From 67ab717140f8600c37d46c77e73e0289232646e1 Mon Sep 17 00:00:00 2001
From: waffles <waffles@arbitraryexecution.com>
Date: Thu, 18 Nov 2021 13:46:15 -0500
Subject: [PATCH] Fixed loop when merging stacks which will now correctly
 identify the JUMPDEST when iterating over different basic blocks.

---
 .../value_analysis/value_set_analysis.py      |  25 ++++-------
 tests/function_modifiers.evm                  | Bin 0 -> 587 bytes
 tests/function_modifiers.sol                  |  42 ++++++++++++++++++
 3 files changed, 51 insertions(+), 16 deletions(-)
 create mode 100644 tests/function_modifiers.evm
 create mode 100644 tests/function_modifiers.sol

diff --git a/evm_cfg_builder/value_analysis/value_set_analysis.py b/evm_cfg_builder/value_analysis/value_set_analysis.py
index 1617c18..cb992ab 100644
--- a/evm_cfg_builder/value_analysis/value_set_analysis.py
+++ b/evm_cfg_builder/value_analysis/value_set_analysis.py
@@ -343,26 +343,19 @@ def merge_stack(stacks: List[Stack], authorized_values):
 
     _max_number_of_elements = len(authorized_values) if authorized_values else 100
 
-    found = True
-    i = 0
-    while found:
-        vals: Optional[Set[int]] = set()
-        found = False
-        for stack in stacks:
-            elems = stack.get_elems()
-            if len(elems) <= i:
-                continue
-            found = True
-            next_vals = elems[i].get_vals()
+    for stack in stacks:
+        stack_elems = stack.get_elems()
+        for item in stack_elems:
+            vals = set()
+            next_vals = item.get_vals()
             if next_vals is None:
                 vals = None
                 break
+
             vals |= next_vals
-            if len(vals) > _max_number_of_elements:
-                vals = None
-                break
-        stack_elements.append(AbsStackElem(authorized_values, vals))
-        i = i + 1
+            if len(stack_elements) < _max_number_of_elements:
+                stack_elements.append(AbsStackElem(authorized_values, vals))
+
     newSt = Stack(authorized_values)
     newSt.set_elems(stack_elements)
     return newSt
diff --git a/tests/function_modifiers.evm b/tests/function_modifiers.evm
new file mode 100644
index 0000000000000000000000000000000000000000..6d2c82aa3d9d946fd1d35bc3cdea57c925f6914c
GIT binary patch
literal 587
zcmYdjNN@;BU@;R&Wbg`4U@%R1Ak&b{yDwc{B$2^Cydl~5`{N5hW)+axyYzH4khv7d
zJbcS(2atII$UJ(zK@Z6M9Uh&)(C|0fq(L;1AsT2BkR6c7kdnwK85W)35SYkNIB`NE
z<32E_VIuQ{&k&_;aHai;j7m_YbFeDi2v@o*kx?6}^f*ZAVsumQz?D8tWb}tB{e*66
zA|rDmV+2H&Q2<>wfgyo$Lcj!|G(!Rtl+h3Zw2gsl0!#6KEI_Ogte6?9IFT_ak+C=o
z7z~WriHtQsMgkkmKo%H-70gIv>}yP9ycrhV6ci8;7M;jAw=t248^#4XK%oifmPE!K
z2@K7QEs2b+VbPN&f>a`;E<>fJAfyr*pEM;hz7C6?5HN89STR;-H;KXJ8zHQJi&8QR
z(uyOLgcNRTsoG9&bd7wK%XMOb>oOrn=VSL-%ofLR%~-Xh{({Yll;ZrHWM>8r76xMg
DOoHpE

literal 0
HcmV?d00001

diff --git a/tests/function_modifiers.sol b/tests/function_modifiers.sol
new file mode 100644
index 0000000..833bac2
--- /dev/null
+++ b/tests/function_modifiers.sol
@@ -0,0 +1,42 @@
+//SPDX-License-Identifier: Unlicense
+pragma solidity ^0.8.0;
+
+import "hardhat/console.sol";
+
+contract Something {
+    address public owner;
+    uint blockNumber = 1337;
+    constructor() {
+        owner = msg.sender;
+    }
+
+    function a() public view returns (uint) {
+        return 1;
+    }
+
+    function b() public pure returns (uint) {
+        return 2;
+    }
+
+    function c() external pure returns (uint) {
+        return 3;
+    }
+
+    function d() internal pure returns (uint) {
+        return 4;
+    }
+
+    function e() private pure returns (uint) {
+        return 5;
+    }
+
+    function f() internal returns (uint) {
+        return 6;
+    }
+
+    function z() public payable returns (uint) {
+        d();
+        e();
+        return 6;
+    }
+}