gnovm: inability to catch unused variables at compile time allows for nuisance programs: deviation from Go #3426
Labels
🐞 bug
Something isn't working
Comments
odeke-em
added a commit
to odeke-em/gno
that referenced
this issue
Jan 8, 2025
Adds a fuzzer for Transpile, which found bugs: * gnolang#3425 * gnolang#3426 * partially gnolang#3428 Updates gnolang#3087
odeke-em
added a commit
to odeke-em/gno
that referenced
this issue
Jan 8, 2025
Adds a fuzzer for Transpile, which found bugs: * gnolang#3425 * gnolang#3426 * partially gnolang#3428 Updates gnolang#3087
odeke-em
added a commit
to odeke-em/gno
that referenced
this issue
Jan 8, 2025
Adds a fuzzer for Transpile, which found bugs: * gnolang#3425 * gnolang#3426 * partially gnolang#3428 Updates gnolang#3087
odeke-em
added a commit
to odeke-em/gno
that referenced
this issue
Jan 8, 2025
Adds a fuzzer for Transpile, which found bugs: * gnolang#3425 * gnolang#3426 * partially gnolang#3428 Updates gnolang#3087
n2p5
added a commit
that referenced
this issue
Jan 9, 2025
Adds a fuzzer for Transpile, which found bugs: * #3425 in which this following Go program crashed the transpiler ```go package A import(""//" ""/***/) ``` * #3426 which generated an input that revealed the fact that Gno deviates from Go by allowing unused variables yet Go's standard is strict on unused variables like this program ```go package main func main() { const c1 = 1 < 8 main() 1 } ``` which we shouldn't allow * partially #3428 which revealed the discrepancy in Gno that the overflow detection is still lacking as the following program is invalid Go but Gno allowed it to run ```go package main func main() { const c1 = int8(1) << 8 println(c1) } ``` because 1<<8 (256) is higher than the range of int8 for which the maximum is `(1<<7) - 1 aka 127` Updates #3087 Co-authored-by: Nathan Toups <[email protected]>
albttx
pushed a commit
that referenced
this issue
Jan 10, 2025
Adds a fuzzer for Transpile, which found bugs: * #3425 in which this following Go program crashed the transpiler ```go package A import(""//" ""/***/) ``` * #3426 which generated an input that revealed the fact that Gno deviates from Go by allowing unused variables yet Go's standard is strict on unused variables like this program ```go package main func main() { const c1 = 1 < 8 main() 1 } ``` which we shouldn't allow * partially #3428 which revealed the discrepancy in Gno that the overflow detection is still lacking as the following program is invalid Go but Gno allowed it to run ```go package main func main() { const c1 = int8(1) << 8 println(c1) } ``` because 1<<8 (256) is higher than the range of int8 for which the maximum is `(1<<7) - 1 aka 127` Updates #3087 Co-authored-by: Nathan Toups <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
While doing security analysis and fuzzing for Gno programs that shall be passed into the gnovm to cause it to misbehave, if we look at this invalid Go program yet valid Gno program
Go result
The Go compiler will flag it as https://go.dev/play/p/OUgbMlbefsj
Gno result
The result will be ran and run out of memory https://play.gno.land/p/Bg71TmlsEfA
Diagnosis
The red herring here is the unused variable which should be reported at compile time as failed, but Gno will accept it and try to run the program. This is a deviation from Go's specification and expectations. We need tests as well to ensure that unused variables aren't left littered.
Kindly cc-ing @thehowl @jaekwon @moul @petar-dambovaliev @veorq
The text was updated successfully, but these errors were encountered: