{Solidity:​log}

Posted by Solidity Team on March 23, 2021

On March 20, 2021, a bug in Solidity's bytecode optimizer was found by differential fuzzing. The bug is fixed with version 0.8.3 released on March 23, 2021. The bug is present in all prior versions of Solidity. We assigned the bug a severity level of "medium". Technical Details Summary: The bytecode optimizer incorrectly re-used previously evaluated Keccak-256 hashes. You are unlikely to be affected if you do not compute Keccak-256 hashes in inline assembly. Solidity's bytecode optimizer has a step that can compute Keccak-256 hashes, if the...

Posted by Solidity Team on March 2, 2021

Solidity v0.8.2 adds an optimizer stage that can inline small amounts of code to save gas and provides more means to work with code documentation by exporting inline comments and allowing custom natspec tags. Notable New Features Inliner This release adds a simple inliner to the low-level optimizer of Solidity. It can inline short functions that do not contain control-flow branches or opcodes with side-effects. If you want to learn more about the inliner, read this post. Custom Natspec and Exported Documentation It is now possible to use documentation...

Posted by Christian Reitwiessner on March 2, 2021

Solidity v0.8.2 adds a simple inliner to the low-level optimizer of Solidity. In this post, we examine how it works and take a look at synergies with other steps of the optimizer. Low-Level Inliner The Low-Level Inliner is a component of the low-level optimizer of the Solidity compiler. To save gas, it can inline short functions that do not contain control-flow branches or opcodes with side-effects. The decision to inline or not is based on the trade-off parameter "runs": The combined code deposit cost and execution...

Posted by Franziska Heintel on February 15, 2021

The Solidity programming language is an open-source project governed by a core team. We rely on the community’s feedback, input and contributions to make the language as effective, safe and useful as possible. In this post, we will walk you through the various different ways how you can get involved contributing to Solidity! Do not hesitate to contact us in case anything is left unclear after reading the post. Overview of Contribution Opportunities There are plenty of options how you can contribute to...

Posted by Bhargava Shastry on February 10, 2021

Security vulnerabilities and bugs detract from software quality. To discover them early, at best before they are released, we have adopted fuzz testing: feeding randomly generated programs to the Solidity compiler and observing the compilation runtime and code generated. Since Q1 2019, the Solidity compiler is fuzz tested via Google's open-source software fuzz (oss-fuzz) framework. In this post, we briefly describe the work that has been done on this front, and work that is currently in progress. Fuzzer Overview Broadly speaking, we have developed two...

Posted by Franziska Heintel on February 1, 2021

In our effort to foster exchange of information, encourage more developers to give feedback about Solidity and join the discussions on language design and future direction of the compiler, we are happy to launch the Solidity forum today! Moving forward the Solidity forum will be the dedicated place to discuss topics and questions related to… The design of the Solidity programming language. The Solidity compiler. Useful Solidity tips and code snippets. Solidity documentation and its translation. Discussions and announcements about Solidity releases. It will not be the...

Posted by Solidity Team on January 27, 2021

Solidity v0.8.1 introduces many new features for the SMTChecker (see below), updates the emscripten version for building soljson.js to 2.0.12, allows to catch panic errors and adds other small improvements. Notable New Features SMTChecker Counterexamples and Synthesis of External Functions The SMTChecker already reports transaction traces as counterexamples to failing verification targets, but 0.8.1 adds internal calls, msg.value and synthesized unknown code called externally in the form of reentrant calls to counterexamples. A recent blog post presents that topic in more detail. How to select SMTChecker targets Prior to 0.8.1, the SMTChecker...

Posted by Franziska Heintel on January 26, 2021

Before we dive into the results we want to extend a big thank you to all of the Solidity developers that participated in the very first Solidity Developer Survey, which we conducted at the end of last year! We were overwhelmed by the high quality of the submissions and are happy to extract important insights from your input. In this post, we'll be summarizing and commenting on the results of the survey. Please note that none of the questions in the survey were...

Posted by Solidity Team on December 16, 2020

Solidity 0.8.0 is a breaking release of the Solidity compiler and language. Some of the new features of this release have been elaborated in the 0.8.x preview release post. Please consider the preview release binary superseded and do not use it anymore. Notable New Features and Changes As per usual, this breaking release does not include many features but rather changes that require a backwards-incompatible adjustment in syntax or semantics. For a detailed explanation, please see the documentation. The change that will affect most users is...

Posted by Solidity Team on December 16, 2020

Solidity v0.7.6 adds better support for calldata types. Furthermore, the fallback function can now have a parameter and explicitly return data. Notable New Features Detection of Overflowing Unicode Direction Markers The winning entry in the Solidity Underhanded Contest used a clever combination of Unicode direction markers to deceive the reader about the semantics of a time-locked upgrade mechanism. Starting from Solidity 0.7.6, the parser will reject comments and Unicode strings where the text direction is not properly reset before the end of the comment or string. Better Support for...