Too-large field literals silently truncated #4631
Comments
|
Note that this is currently used to determine which field we're using as we can use |
|
@TomAFrench which code does that? |
… literals (#5247) # Description ## Problem\* Resolves <!-- Link to GitHub Issue --> ## Summary\* This PR updates the `is_bn254` function so we don't rely on the footgun-y behaviour being reported in #4631 in order to determine the field choice ## Additional Context ## Documentation\* Check one: - [x] No documentation needed. - [ ] Documentation included in this PR. - [ ] **[For Experimental Features]** Documentation to be submitted in a separate PR. # PR Checklist\* - [x] I have tested the changes locally. - [x] I have formatted the changes with [Prettier](https://prettier.io/) and/or `cargo fmt` on default settings.
|
Some more things I found. There are already range checks for unsigned integers: fn main(x: u8) {
let too_large: u8 = 256; // The literal `2⁸` cannot fit into `u8` which has range `0..=255`
assert(x == too_large);
}It even works when the type is inferred from usage: fn main(x: u8) {
let too_large = 256; // 2⁸ does not fit within the type bounds for u8
assert(x == too_large);
}The same thing happens for signed integers: fn main(x: i8) {
let too_large = 256; // 2⁸ does not fit within the type bounds for i8
assert(x == too_large);
}However, this compiles fine: fn main(x: i8) {
let too_large = 255;
assert(x == too_large);
}In reality the maximum value of fn main(x: i8) {
let too_large = 255;
println(too_large);
assert(x == too_large);
}we get So, I'll try to fix this too as part of this issue. I might also change the error message to include the possible range of values, like Rust does. |
|
And things get a bit more tricky. This program: fn main() {
foo(21888242871839275222246405745257275088548364400416034343698204186575808495874)
}
fn foo(_x: u8) {}gives this error: and this program compiles fine: fn main() {
foo(21888242871839275222246405745257275088548364400416034343698204186575808495617)
}
fn foo(_x: u8) {}The reason is that numeric literals are stored as at least at the point where this check is done (in codegen): noir/compiler/noirc_evaluator/src/ssa/ssa_gen/context.rs Lines 274 to 277 in 03e25b4 and the information of whether the literal was positive or negative is totally lost, making it impossible to check if the value fits or not into the target type. So two options:
Maybe 2 is better as doing these checks before codegen is probably preferred, though it might involve a larger change. |
|
Actually, So I think it would make sense to change it there first. Or maybe there's a way to get the raw input to I'll timebox working on this, then jump to another issue and eventually come back to this one. |
|
I captured another issue for checking overflow/underflow of other integer types: #5372 |
# Description ## Problem Resolves #4631 ## Summary Changes the lexer to error if an integer literal is greater than or equal to the field element modulus. ## Additional Context None. ## Documentation\* Check one: - [x] No documentation needed. - [ ] Documentation included in this PR. - [ ] **[For Experimental Features]** Documentation to be submitted in a separate PR. # PR Checklist\* - [x] I have tested the changes locally. - [x] I have formatted the changes with [Prettier](https://prettier.io/) and/or `cargo fmt` on default settings.
Aim
The following program, with the included
Prover.toml, should fail to be solved when runningnargo execute:main.nr:Prover.toml:Expected Behavior
The program should fail to compile because of an invalid
Fieldliteral.Bug
The program successfully compiles and executes, solving an assertion that:
To Reproduce
Project Impact
None
Impact Context
No response
Workaround
None
Workaround Description
No response
Additional Context
No response
Installation Method
None
Nargo Version
No response
NoirJS Version
No response
Would you like to submit a PR for this Issue?
None
Support Needs
No response
The text was updated successfully, but these errors were encountered: