Merge branch 'main' into foundry-darwin

.github/workflows/build.yml

@@ -2,50 +2,57 @@ name: "Build"
 on:
   pull_request:
   push:
+    branches:
+      main
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
 jobs:
-  build:
+  nix-build:
     strategy:
       matrix:
        os: [ ubuntu-latest, macos-latest ]
-       # we need this to map platform names as used by github to
-       # the attribute names defined in release.nix
        include:
          - os: ubuntu-latest
-           os_attr: linux
+           os_attr: x86_64-linux
          - os: macos-latest
-           os_attr: darwin
+           os_attr: x86_64-macos
       fail-fast: false
     runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v3
-      - uses: cachix/install-nix-action@v22
-        with:
-          nix_path: nixpkgs=channel:nixos-unstable
-          extra_nix_config: |
-            access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
-      - uses: cachix/cachix-action@v12
-        with:
-          name: hevm
-          signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
-      - name: run cabal check
-        run: nix-shell --pure --command "cabal check --verbose=3"
+      - uses: DeterminateSystems/nix-installer-action@main
+      - uses: DeterminateSystems/magic-nix-cache-action@main
       - name: build hevm
-        run: nix build .#withTests -L
+        run: nix build .#ci -L
       - name: Upload artifacts
-        if: matrix.os == 'ubuntu-latest'
         uses: actions/upload-artifact@v3
         with:
-          name: hevm-x86_64-linux
+          name: hevm-${{ matrix.os_attr }}
           path: result/bin/hevm
+
+  extra-tests:
+    strategy:
+      matrix:
+       os: [ ubuntu-latest, macos-latest ]
+       include:
+         - os: ubuntu-latest
+         - os: macos-latest
+      fail-fast: false
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@v3
+      - uses: DeterminateSystems/nix-installer-action@main
+      - uses: DeterminateSystems/magic-nix-cache-action@main
+      # can't be run in nix build due to network usage
       - name: run rpc tests
         run: nix-shell --pure --command "cabal run rpc-tests"
+      # if we run this in nix build we often get killed due to oom in ci
       - name: run ethereum tests
-        run: nix-shell --command "cabal run ethereum-tests"
+        run: nix-shell --pure --command "cabal run ethereum-tests"
+
   build-windows:
     name: build (windows-latest)
     runs-on: windows-latest
@@ -73,19 +80,55 @@ jobs:
             gmp:p
             openssl:p
       - uses: haskell/actions/setup@v2
-        id: cabal
+        id: setup
         with:
-          ghc-version: '9.2'
-      - name: run cabal check
-        run: cabal check --verbose=3
-      - name: build and install dependencies
+          ghc-version: '9.2.8'
+
+      - name: build and install c dependencies
         run: |
           echo "::group::Installing libsecp256k1"
           ./.github/scripts/install-libsecp256k1.sh
           echo "::endgroup::"
           echo "::group::Installing libff"
           ./.github/scripts/install-libff.sh
           echo "::endgroup::"
+      - name: Configure the build
+        run: |
+          cabal configure --disable-tests --disable-benchmarks --disable-documentation
+          cabal build --dry-run
+          # The last step generates dist-newstyle/cache/plan.json for the cache key.
+
+      - name: Restore cached dependencies
+        uses: actions/cache/restore@v3
+        id: cache
+        env:
+          key: ${{ runner.os }}-ghc-${{ steps.setup.outputs.ghc-version }}-cabal-${{ steps.setup.outputs.cabal-version }}
+        with:
+          path: ${{ steps.setup.outputs.cabal-store }}
+          key: ${{ env.key }}-plan-${{ hashFiles('**/plan.json') }}
+          restore-keys: ${{ env.key }}-
+
+      - name: Install haskell dependencies
+        run: cabal build all --only-dependencies
+
+      # Cache dependencies already, so that we do not have to rebuild them should the subsequent steps fail.
+      - name: Save cached dependencies
+        uses: actions/cache/save@v3
+        # Caches are immutable, trying to save with the same key would error.
+        if: ${{ steps.cache.outputs.cache-primary-key != steps.cache.outputs.cache-matched-key }}
+        with:
+          path: ${{ steps.setup.outputs.cabal-store }}
+          key: ${{ steps.cache.outputs.cache-primary-key }}
+
       - name: build hevm library
         run: |
           cabal build --extra-include-dirs="$HOME/.local/include" --extra-lib-dirs="$HOME/.local/lib"
+
+  cabal-check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: DeterminateSystems/nix-installer-action@main
+      - uses: DeterminateSystems/magic-nix-cache-action@main
+      - name: run cabal check
+        run: nix develop -c cabal check --verbose=3

.github/workflows/check-dependencies.yml

@@ -13,11 +13,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: cachix/install-nix-action@v21
-        with:
-          nix_path: nixpkgs=channel:nixos-unstable
-          extra_nix_config: |
-            access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+      - uses: DeterminateSystems/nix-installer-action@main
+      - uses: DeterminateSystems/magic-nix-cache-action@main
       - name: lookup nix versions
         id: nixpkgs
         run: |

.github/workflows/publish-docs.yml

@@ -8,11 +8,9 @@ jobs:
   build-and-deploy:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-        with:
-          submodules: recursive
-
-      - uses: cachix/install-nix-action@v21
+      - uses: actions/checkout@v3
+      - uses: DeterminateSystems/nix-installer-action@main
+      - uses: DeterminateSystems/magic-nix-cache-action@main
 
       - name: build docs
         run: nix-shell --pure --command "cd doc && mdbook build"

.github/workflows/release.yml

@@ -10,11 +10,8 @@ jobs:
     runs-on: macos-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: cachix/install-nix-action@v22
-        with:
-          nix_path: nixpkgs=channel:nixos-unstable
-          extra_nix_config: |
-            access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+      - uses: DeterminateSystems/nix-installer-action@main
+      - uses: DeterminateSystems/magic-nix-cache-action@main
       - name: build hevm
         run: |
           nix build .#redistributable --out-link hevmMacos
@@ -29,11 +26,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: cachix/install-nix-action@v22
-        with:
-          nix_path: nixpkgs=channel:nixos-unstable
-          extra_nix_config: |
-            access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+      - uses: DeterminateSystems/nix-installer-action@main
+      - uses: DeterminateSystems/magic-nix-cache-action@main
       - name: build hevm
         run: |
           nix build .#redistributable --out-link hevmLinux

.hlint.yaml

@@ -1,15 +1,7 @@
-# HLint configuration file
-# https://github.com/ndmitchell/hlint
-##########################
+# ignored / annoying rules
 
-# This file contains a template configuration file, which is typically
-# placed as .hlint.yaml in the root of your project
-
-
-# Warnings currently triggered by your code
 - ignore: {name: "Use fewer imports"}
 - ignore: {name: "Use if"}
-- ignore: {name: "Use newtype instead of data"}
 - ignore: {name: "Redundant bracket"}
 - ignore: {name: "Reduce duplication"}
 - ignore: {name: "Redundant return"}
@@ -28,4 +20,17 @@
 - ignore: {name: "Use underscore"}
 - ignore: {name: "Functor law"}
 - ignore: {name: "Use record patterns"}
-#[ { "ignore": { "within": '**.*' } } ]
+
+# custom rules
+
+# we should use witch
+- functions:
+  - {name: fromIntegral, within: [], message: "use into or tryFrom from Witch"}
+  - {name: fromInteger, within: [], message: "use into or tryFrom from Witch"}
+  - {name: toIntegral, within: [], message: "use into or tryFrom from Witch"}
+  - {name: toInteger, within: [], message: "use into or tryFrom from Witch"}
+
+# we should use internalError
+- error: {lhs: error, rhs: internalError}
+# we should use pure
+- error: {lhs: return, rhs: pure}

CHANGELOG.md

@@ -5,6 +5,57 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## Unreleased
+
+## Fixed
+
+- CopySlice wraparound issue especially during CopyCallBytesToMemory
+- Contracts deployed during symbolic execution are created with an empty storage (instead of abstract in previous versions)
+- EVM.Solidity.toCode to include contractName in error string
+- Better cex reconstruction in cases where branches do not refer to all input variables in calldata
+- Correctly handle empty bytestring compiled contracts' JSON
+
+## Changed
+
+### UI
+
+- 'check' prefix now recognized as a function signature to symbolically execute for Dapps
+- symbolic solidity tests no longer consider reverts to be a failure, and check only for the ds-test failed bit or unser defined assertion failures (i.e. `Panic(0x01)`)
+- `vm.prank` now works correctly when passed a symbolic address
+- The `--initial-storage` flag no longer accepts a concrete prestore (valid values are now `Empty` or `Abstract`)
+- The visual debugger has been removed
+- All concrete ds-test executors have been removed (i.e. plain, fuzzer, invariant)
+- Rpc caching and state serialization has been removed (i.e. all `--cache` / `--state` flags)
+- The various `DAPP_TEST` variables are no longer observed
+
+### Internals
+
+- Contract addresses can now be fully symbolic
+- Contract balances can now be fully symbolic
+- Contract code can now be fully abstract. Calls into contracts with unknown code will fail with `UnexpectedSymbolicArg`.
+- Run expression simplification on branch conditions
+
+## API Changes
+
+Support for fully symbolic contract addresses required some very extensive changes to our storage model:
+
+- A new type has been added to `Expr` that can represent concrete or symbolic addresses
+- The contracts mapping is now keyed on terms of type `Expr EAddr` (instead of `Addr`)
+- Storage has been moved from a global storage mapping in `vm.env` into a per contract one
+- Terms of type `Expr Storage` now model a per contract store (i.e. W256 -> W256)
+- A new type has been added to `Expr`: `EContract`. It has one constructor that
+  is a simplified view of the full `Contract` typed used in the `VM` storage mapping.
+- `Success` nodes in `Expr End` now return a mapping from `Expr EAddr` to `Expr EContract` instead of an `Expr Storage`.
+- Nonces are now modeled as a `Maybe Word64` (where `Nothing` can be read as "symbolic").
+- `Expr Storage` no longer has an `EmptyStore` constructor (use `ConcreteStore mempty` instead)
+- Contract balances are now fully symbolic
+- Contract code can now be unknown. There is a new constructor for `ContractCode` to represent this (`UnknownCode`)
+- `VMOpts` no longer takes an initial store, and instead takes a `baseState`
+  which can be either `EmptyBase` or `AbstractBase`. This controls whether
+  storage should be inialized as empty or fully abstract. Regardless of this
+  setting contracts that are deployed at runtime via a call to
+  `CREATE`/`CREATE2` have zero initialized storage.
+
 ## [0.51.3] - 2023-07-14
 
 ## Fixed