Upgrade certora spec files and CI to certora-cli v6 (#732)

mmv08 · web-flow · commit 3da1415a028c · 2024-02-05T15:18:31.000+01:00
This PR updates the certora cli to the latest available v6 version. The
main breaking change is that ghosts have to be marked persistent if we
don't want them to be HAVOC'ed on, let's say, an external call.
diff --git a/.github/workflows/certora.yml b/.github/workflows/certora.yml
@@ -29,7 +29,7 @@ jobs:
               with: { java-version: "17", java-package: jre, distribution: semeru }
 
             - name: Install certora cli
-              run: pip install -Iv certora-cli==5.0.5
+              run: pip install -Iv certora-cli==6.3.1
 
             - name: Install solc
               run: |
diff --git a/certora/specs/ModuleReach.spec b/certora/specs/ModuleReach.spec
@@ -21,18 +21,19 @@ methods {
 definition reachableOnly(method f) returns bool =
     f.selector != sig:simulateAndRevert(address,bytes).selector;
 
-ghost reach(address, address) returns bool {
+persistent ghost reach(address, address) returns bool {
     init_state axiom forall address X. forall address Y. reach(X, Y) == (X == Y || to_mathint(Y) == 0);
 }
 
-ghost mapping(address => address) ghostModules {
+persistent ghost mapping(address => address) ghostModules {
     init_state axiom forall address X. to_mathint(ghostModules[X]) == 0;
 }
 
-ghost address SENTINEL {
+persistent ghost address SENTINEL {
     axiom to_mathint(SENTINEL) == 1;    
 }
-ghost address NULL {
+
+persistent ghost address NULL {
     axiom to_mathint(NULL) == 0;    
 }
 
diff --git a/certora/specs/NativeTokenRefund.spec b/certora/specs/NativeTokenRefund.spec
@@ -7,7 +7,7 @@ methods {
     function getSafeGuard() external returns (address) envfree;
 }
 
-ghost uint256 gasPriceEnv {
+persistent ghost uint256 gasPriceEnv {
     init_state axiom gasPriceEnv == 1;
 }
 
diff --git a/certora/specs/OwnerReach.spec b/certora/specs/OwnerReach.spec
@@ -24,24 +24,25 @@ definition reachableOnly(method f) returns bool =
 
 definition MAX_UINT256() returns uint256 = 0xffffffffffffffffffffffffffffffff;
 
-ghost reach(address, address) returns bool {
+persistent ghost reach(address, address) returns bool {
     init_state axiom forall address X. forall address Y. reach(X, Y) == (X == Y || to_mathint(Y) == 0);
 }
 
-ghost mapping(address => address) ghostOwners {
+persistent ghost mapping(address => address) ghostOwners {
     init_state axiom forall address X. to_mathint(ghostOwners[X]) == 0;
 }
 
-ghost ghostSuccCount(address) returns mathint {
+persistent ghost ghostSuccCount(address) returns mathint {
     init_state axiom forall address X. ghostSuccCount(X) == 0;
 }
 
-ghost uint256 ghostOwnerCount;
+persistent ghost uint256 ghostOwnerCount;
 
-ghost address SENTINEL {
+persistent ghost address SENTINEL {
     axiom to_mathint(SENTINEL) == 1;
 }
-ghost address NULL {
+
+persistent ghost address NULL {
     axiom to_mathint(NULL) == 0;
 }
 
diff --git a/certora/specs/Safe.spec b/certora/specs/Safe.spec
@@ -50,7 +50,7 @@ rule nonceMonotonicity(method f) filtered {
 
 
 // The singleton is a private variable, so we need to use a ghost variable to track it.
-ghost address ghostSingletonAddress {
+persistent ghost address ghostSingletonAddress {
     init_state axiom ghostSingletonAddress == 0;
 }
 
@@ -69,7 +69,7 @@ invariant singletonAddressNeverChanges()
     ghostSingletonAddress == 0
     filtered { f -> reachableOnly(f) && f.selector != sig:getStorageAt(uint256,uint256).selector }
 
-ghost address fallbackHandlerAddress {
+persistent ghost address fallbackHandlerAddress {
     init_state axiom fallbackHandlerAddress == 0;
 }
 
diff --git a/certora/specs/Signatures.spec b/certora/specs/Signatures.spec
@@ -33,22 +33,9 @@ methods {
 
 definition MAX_UINT256() returns uint256 = 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff;
 
-ghost mapping(bytes => mapping(uint256 => uint8)) mySigSplitV;
-ghost mapping(bytes => mapping(uint256 => bytes32)) mySigSplitR;
-ghost mapping(bytes => mapping(uint256 => bytes32)) mySigSplitS;
-
-// This is needed for the execTransaction <> signatures rule
-ghost transactionHashGhost(
-        address /*to */,
-        uint256 /*value */,
-        bytes,
-        Enum.Operation /*operation*/,
-        uint256 /*safeTxGas */,
-        uint256 /*baseGas*/,
-        uint256 /*gasPrice*/,
-        address /*gasToken*/,
-        address /*refundReceiver*/,
-        uint256 /*_nonce*/ ) returns bytes32 ;
+persistent ghost mapping(bytes => mapping(uint256 => uint8)) mySigSplitV;
+persistent ghost mapping(bytes => mapping(uint256 => bytes32)) mySigSplitR;
+persistent ghost mapping(bytes => mapping(uint256 => bytes32)) mySigSplitS;
 
 function signatureSplitGhost(bytes signatures, uint256 pos) returns (uint8,bytes32,bytes32) {
     return (mySigSplitV[signatures][pos], mySigSplitR[signatures][pos], mySigSplitS[signatures][pos]);

Original file line number	Diff line number	Diff line change
`@@ -21,18 +21,19 @@ methods {`
`21`	`21`	`definition reachableOnly(method f) returns bool =`
`22`	`22`	`f.selector != sig:simulateAndRevert(address,bytes).selector;`
`23`	`23`
`24`		`-ghost reach(address, address) returns bool {`
	`24`	`+persistent ghost reach(address, address) returns bool {`
`25`	`25`	`init_state axiom forall address X. forall address Y. reach(X, Y) == (X == Y \|\| to_mathint(Y) == 0);`
`26`	`26`	`}`
`27`	`27`
`28`		`-ghost mapping(address => address) ghostModules {`
	`28`	`+persistent ghost mapping(address => address) ghostModules {`
`29`	`29`	`init_state axiom forall address X. to_mathint(ghostModules[X]) == 0;`
`30`	`30`	`}`
`31`	`31`
`32`		`-ghost address SENTINEL {`
	`32`	`+persistent ghost address SENTINEL {`
`33`	`33`	`axiom to_mathint(SENTINEL) == 1;`
`34`	`34`	`}`
`35`		`-ghost address NULL {`
	`35`	`+`
	`36`	`+persistent ghost address NULL {`
`36`	`37`	`axiom to_mathint(NULL) == 0;`
`37`	`38`	`}`
`38`	`39`
Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@ methods {`
`7`	`7`	`function getSafeGuard() external returns (address) envfree;`
`8`	`8`	`}`
`9`	`9`
`10`		`-ghost uint256 gasPriceEnv {`
	`10`	`+persistent ghost uint256 gasPriceEnv {`
`11`	`11`	`init_state axiom gasPriceEnv == 1;`
`12`	`12`	`}`
`13`	`13`
Original file line number	Diff line number	Diff line change
`@@ -24,24 +24,25 @@ definition reachableOnly(method f) returns bool =`
`24`	`24`
`25`	`25`	`definition MAX_UINT256() returns uint256 = 0xffffffffffffffffffffffffffffffff;`
`26`	`26`
`27`		`-ghost reach(address, address) returns bool {`
	`27`	`+persistent ghost reach(address, address) returns bool {`
`28`	`28`	`init_state axiom forall address X. forall address Y. reach(X, Y) == (X == Y \|\| to_mathint(Y) == 0);`
`29`	`29`	`}`
`30`	`30`
`31`		`-ghost mapping(address => address) ghostOwners {`
	`31`	`+persistent ghost mapping(address => address) ghostOwners {`
`32`	`32`	`init_state axiom forall address X. to_mathint(ghostOwners[X]) == 0;`
`33`	`33`	`}`
`34`	`34`
`35`		`-ghost ghostSuccCount(address) returns mathint {`
	`35`	`+persistent ghost ghostSuccCount(address) returns mathint {`
`36`	`36`	`init_state axiom forall address X. ghostSuccCount(X) == 0;`
`37`	`37`	`}`
`38`	`38`
`39`		`-ghost uint256 ghostOwnerCount;`
	`39`	`+persistent ghost uint256 ghostOwnerCount;`
`40`	`40`
`41`		`-ghost address SENTINEL {`
	`41`	`+persistent ghost address SENTINEL {`
`42`	`42`	`axiom to_mathint(SENTINEL) == 1;`
`43`	`43`	`}`
`44`		`-ghost address NULL {`
	`44`	`+`
	`45`	`+persistent ghost address NULL {`
`45`	`46`	`axiom to_mathint(NULL) == 0;`
`46`	`47`	`}`
`47`	`48`
Original file line number	Diff line number	Diff line change
`@@ -50,7 +50,7 @@ rule nonceMonotonicity(method f) filtered {`
`50`	`50`
`51`	`51`
`52`	`52`	`// The singleton is a private variable, so we need to use a ghost variable to track it.`
`53`		`-ghost address ghostSingletonAddress {`
	`53`	`+persistent ghost address ghostSingletonAddress {`
`54`	`54`	`init_state axiom ghostSingletonAddress == 0;`
`55`	`55`	`}`
`56`	`56`
`@@ -69,7 +69,7 @@ invariant singletonAddressNeverChanges()`
`69`	`69`	`ghostSingletonAddress == 0`
`70`	`70`	`filtered { f -> reachableOnly(f) && f.selector != sig:getStorageAt(uint256,uint256).selector }`
`71`	`71`
`72`		`-ghost address fallbackHandlerAddress {`
	`72`	`+persistent ghost address fallbackHandlerAddress {`
`73`	`73`	`init_state axiom fallbackHandlerAddress == 0;`
`74`	`74`	`}`
`75`	`75`