certora-cli-beta-mirror 7.30.1__py3-none-any.whl → 8.0.0__py3-none-any.whl

certora_cli/CertoraProver/certoraContextValidator.py

@@ -13,6 +13,7 @@
 #     You should have received a copy of the GNU General Public License
 #     along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
+
 import logging
 import os
 import re
@@ -21,7 +22,8 @@ import itertools
 import tempfile
 import fnmatch
 from pathlib import Path
-from typing import Dict, List, Tuple, Set, Any, Union, Optional
+from wcmatch import glob
+from typing import Dict, List, Tuple, Set, Any, Union, OrderedDict
 
 import CertoraProver.certoraContext as Ctx
 import CertoraProver.certoraContextAttributes as Attrs
@@ -31,6 +33,7 @@ from Shared import certoraUtils as Util
 from Shared import certoraAttrUtil as AttrUtil
 from CertoraProver.certoraProjectScanner import scan_project
 
+
 scripts_dir_path = Path(__file__).parent.resolve()  # containing directory
 sys.path.insert(0, str(scripts_dir_path))
 
@@ -43,10 +46,28 @@ class CertoraContextValidator:
     def __init__(self, context: CertoraContext):
         self.context = context
 
+    def handle_concord_attrs(self) -> None:
+        if Attrs.is_concord_app():
+            for attr in (Attrs.ConcordAttributes.unsupported_attributes()):
+                attr_name = attr.get_conf_key()
+                if getattr(self.context, attr_name):
+                    if attr.arg_type == AttrUtil.AttrArgType.BOOLEAN:
+                        setattr(self.context, attr_name, False)
+                    else:
+                        setattr(self.context, attr_name, None)
+                    raise Util.CertoraUserInputError(f"Concord does not support {attr_name}")
+            if not self.context.check_method:
+                raise Util.CertoraUserInputError("'check_method' attribute/flag is mandatory when running Concord")
+            contracts = getattr(self.context, 'contracts', None)
+            if not contracts:
+                raise Util.CertoraUserInputError("No contracts were specified for Concord")
+            if len(contracts) != 2:
+                raise Util.CertoraUserInputError(f"expecting 2 contracts for Concord, got {len(contracts)}: {contracts}")
+
     def handle_ranger_attrs(self) -> None:
         # unset unsupported attributes
         if Attrs.is_ranger_app():
-            for attr in Attrs.RangerAttributes.ranger_unsupported_attributes():
+            for attr in Attrs.RangerAttributes.unsupported_attributes():
                 attr_name = attr.get_conf_key()
                 if getattr(self.context, attr_name):
                     if attr.arg_type == AttrUtil.AttrArgType.BOOLEAN:
@@ -64,16 +85,16 @@ class CertoraContextValidator:
                                        f"ignoring the set value of {self.context.loop_iter}")
             self.context.loop_iter = self.context.loop_iter or Util.DEFAULT_RANGER_LOOP_ITER
 
-            for attr in Attrs.RangerAttributes.ranger_true_by_default_attributes():
+            for attr in Attrs.RangerAttributes.true_by_default_attributes():
                 attr_name = attr.get_conf_key()
                 setattr(self.context, attr_name, True)
 
         else:
             if self.context.range:
-                # self.context.range = None
+                self.context.range = None
                 validation_logger.info("the 'range' attribute is ignored when not running from the Ranger App")
             if self.context.ranger_failure_limit:
-                # self.context.ranger_failure_limit = None
+                self.context.ranger_failure_limit = None
                 validation_logger.info("the 'ranger_failure_limit' is ignored when not running from the Ranger App")
 
     def validate(self) -> None:
@@ -162,6 +183,12 @@ class CertoraContextValidator:
             if len(context.files) > 1:
                 raise Util.CertoraUserInputError("Rust projects must specify exactly one executable in 'files'.")
 
+        if context.url_visibility and context.local:
+            validation_logger.info("'url_visibility' has no effect in local tool runs")
+        set_attr_default(context, attr_name=Attrs.CommonAttributes.URL_VISIBILITY.name.lower(),
+                         ci_value=str(Vf.UrlVisibilityOptions.PUBLIC),
+                         default_value=str(Vf.UrlVisibilityOptions.PRIVATE))
+
     def check_args_post_argparse(self) -> None:
         """
         Performs checks over the arguments after basic argparse parsing
@@ -216,10 +243,18 @@ class CertoraContextValidator:
         if context.compilation_steps_only and context.build_only:
             raise Util.CertoraUserInputError("cannot use both 'compilation_steps_only' and 'build_only'")
 
-        set_wait_for_results_default(context)
+        set_attr_default(context, attr_name=Attrs.CommonAttributes.WAIT_FOR_RESULTS.name.lower(),
+                         ci_value=str(Vf.WaitForResultOptions.ALL),
+                         default_value=str(Vf.WaitForResultOptions.NONE))
         if context.wait_for_results and context.wait_for_results != str(Vf.WaitForResultOptions.NONE) and context.local:
             validation_logger.warning("'wait_for_results' has no effect in local tool runs")
 
+        if context.url_visibility and context.local:
+            validation_logger.info("'url_visibility' has no effect in local tool runs")
+        set_attr_default(context, attr_name=Attrs.CommonAttributes.URL_VISIBILITY.name.lower(),
+                         ci_value=str(Vf.UrlVisibilityOptions.PUBLIC),
+                         default_value=str(Vf.UrlVisibilityOptions.PRIVATE))
+
         # packages must be in a normal form (no unneeded . or ..)
         if context.packages:
             for idx, el in enumerate(context.packages):
@@ -375,19 +410,15 @@ def convert_to_compiler_map(context: CertoraContext) -> None:
     if context.solc_map:
         context.compiler_map = context.solc_map
         context.solc_map = None
-    if context.solc:
-        context.compiler_map = {'*.sol': f'{context.solc}'}
-    if context.vyper:
-        context.compiler_map = {'*.vy': f'{context.vyper}'}
+
 
 def check_vyper_flag(context: CertoraContext) -> None:
     if context.vyper:
-        non_vy_paths = [path for path in context.files if not path.endswith(".vy")]
-        if non_vy_paths:
-            raise Util.CertoraUserInputError(f"vyper attribute can only be set for Vyper files: {non_vy_paths}")
+        vy_paths = [path for path in context.files if path.endswith(".vy")]
+        if not vy_paths:
+            validation_logger.warning("vyper attribute was set but no Vyper files were set")
         if context.solc:
             raise Util.CertoraUserInputError("cannot set both vyper attribute and solc attribute")
-        context.solc = context.vyper
 
 def check_contract_name_arg_inputs(context: CertoraContext) -> None:
     """
@@ -429,14 +460,6 @@ def check_contract_name_arg_inputs(context: CertoraContext) -> None:
         check_conflicting_link_args(context)
 
     context.verified_contract_files = []
-    if context.assert_contracts is not None:
-        for assert_arg in context.assert_contracts:
-            contract = Util.get_trivial_contract_name(assert_arg)
-            if contract not in contract_names:
-                __suggest_contract_name(f"'assert' argument, {contract}, doesn't match any contract name", contract,
-                                        contract_names, contract_to_file)
-            else:
-                context.verified_contract_files.append(contract_to_file[contract])
 
     context.spec_file = None
 
@@ -582,31 +605,32 @@ def check_mode_of_operation(context: CertoraContext) -> None:
 
     @param context: A namespace including all CLI arguments provided
     @raise an CertoraUserInputError when:
-        1. .conf|.tac|.json file is used with --assert_contracts flags
-        2. when both --assert_contracts and --verify flags were given
-        3. when the file is not .tac|.conf|.json and neither --assert_contracts nor --verify were used
-        4. If either --bytecode_jsons or --bytecode_spec was used without the other.
+        1. when both --equivalence_contracts and --verify flags were given
+        2. when the file is not .tac|.conf|.json and neither --equivalence_contracts nor --verify were used
+        3. If either --bytecode_jsons or --bytecode_spec was used without the other.
     """
     context.is_verify = context.verify is not None and len(context.verify) > 0
-    context.is_assert = context.assert_contracts is not None and len(context.assert_contracts) > 0
     context.is_bytecode = context.bytecode_jsons is not None and len(context.bytecode_jsons) > 0
-    context.is_equivalence = context.equivalence_contracts is not None
+    context.is_equivalence = context.equivalence_contracts is not None or context.is_concord_app
 
-    if (context.project_sanity or context.foundry) and (context.is_verify or context.is_assert or context.is_bytecode or context.is_equivalence):
-        raise Util.CertoraUserInputError("The 'project_sanity' and 'foundry' options cannot coexist with the 'verify', 'assert_contract' or 'bytecode_jsons' options")
+    if (context.project_sanity or context.foundry) and \
+       (context.is_verify or context.is_bytecode or context.is_equivalence):
+        raise Util.CertoraUserInputError("The 'project_sanity' and 'foundry' options cannot coexist with the 'verify', "
+                                         "'assert_contract' or 'bytecode_jsons' options")
 
     if context.project_sanity and context.foundry:
         raise Util.CertoraUserInputError("The 'project_sanity' and 'foundry' options cannot coexist")
 
-    if len(list(filter(None, [context.is_verify, context.is_assert, context.is_equivalence]))) > 1:
-        raise Util.CertoraUserInputError("only one option of 'assert_contracts', 'verify', 'equivalence' can be used")
+    if len(list(filter(None, [context.is_verify, context.is_equivalence]))) > 1:
+        raise Util.CertoraUserInputError("only one option of 'verify', 'equivalence' can be used")
 
     has_bytecode_spec = context.bytecode_spec is not None
     if has_bytecode_spec != context.is_bytecode:
         raise Util.CertoraUserInputError("Must use 'bytecode' together with 'bytecode_spec'")
 
     if not context.files and not any((context.is_bytecode, context.project_sanity, context.foundry)):
-        raise Util.CertoraUserInputError("Should always provide input files, unless 'bytecode_jsons' or 'project_sanity' or 'foundry' are used")
+        raise Util.CertoraUserInputError("Should always provide input files, unless 'bytecode_jsons' or "
+                                         "'project_sanity' or 'foundry' are used")
 
     if context.is_bytecode and context.files:
         raise Util.CertoraUserInputError("Cannot use 'bytecode_jsons' with other files")
@@ -620,7 +644,8 @@ def check_mode_of_operation(context: CertoraContext) -> None:
         if not context.files:
             file_contract_pairs = _get_project_file_contract_pairs(context)
             main_contract = file_contract_pairs[0][1]  # any contract
-            context.files = [f"{file}:{contract}" if file.stem != contract else str(file) for file, contract in file_contract_pairs]
+            context.files = \
+                [f"{file}:{contract}" if file.stem != contract else str(file) for file, contract in file_contract_pairs]
         else:
             first = context.files[0]
             if ':' in first:
@@ -632,12 +657,14 @@ def check_mode_of_operation(context: CertoraContext) -> None:
 
         context.verify = f"{main_contract}:{spec_file_name}"
         context.is_verify = True
-        # In this mode we want to make life easy for the user, so use the auto-dispatcher mode to avoid many unresolved calls
+        # In this mode we want to make life easy for the user,
+        # so use the auto-dispatcher mode to avoid many unresolved calls
         context.auto_dispatcher = True
 
     if context.foundry:
         file_contract_pairs = _get_project_file_contract_pairs(context)
-        test_pairs = [(file, contract) for file, contract in file_contract_pairs if file.stem.endswith(".t") and 'lib' not in file.parents]
+        test_pairs = [(file, contract) for file, contract in file_contract_pairs
+                      if file.stem.endswith(".t") and 'lib' not in file.parents]
         context.files = [f"{file}:{contract}" for file, contract in test_pairs]
         main_contract = test_pairs[0][1]  # any contract
         spec_file_name = _generate_temp_spec(context, "use builtin rule verifyFoundryFuzzTestsNoRevert;\n")
@@ -645,7 +672,8 @@ def check_mode_of_operation(context: CertoraContext) -> None:
         context.foundry_tests_mode = True
         context.verify = f"{main_contract}:{spec_file_name}"
         context.is_verify = True
-        # In this mode we want to make life easy for the user, so use the auto-dispatcher mode to avoid many unresolved calls
+        # In this mode we want to make life easy for the user,
+        # so use the auto-dispatcher mode to avoid many unresolved calls
         context.auto_dispatcher = True
 
     if context.files:
@@ -658,49 +686,30 @@ def check_mode_of_operation(context: CertoraContext) -> None:
         for input_file in context.files:
             special_file_type = next((suffix for suffix in special_file_suffixes if input_file.endswith(suffix)), None)
 
-            if special_file_type:
-                if len(context.files) > 1:
-                    raise Util.CertoraUserInputError(
-                        f"No other files are allowed with a file of type {special_file_type}")
-                if context.is_assert:
-                    raise Util.CertoraUserInputError(
-                        f"Option 'assert_contracts' cannot be used with a {special_file_type} file {input_file}")
+            if special_file_type and len(context.files) > 1:
+                raise Util.CertoraUserInputError(
+                    f"No other files are allowed with a file of type {special_file_type}")
 
-    if not any([context.is_assert, context.is_verify, context.is_bytecode, context.equivalence_contracts,
-                special_file_type]) and not context.build_only:
+    if (
+        not Attrs.is_concord_app() and
+        not any([context.is_verify, context.is_bytecode,
+                 context.equivalence_contracts, special_file_type]) and not context.build_only):
         raise Util.CertoraUserInputError("You must use 'verify' when running the Certora Prover")
 
+def find_matching_contracts(context: CertoraContext, pattern: str) -> List[str]:
+    result = []
+    for contract in context.contract_to_file:
+        if fnmatch.fnmatch(contract, pattern):
+            result.append(context.contract_to_file[contract])
+    return result
 
-def _normalize_maps(context: CertoraContext, map_attr_name: str, map_attr: Dict) -> Dict[str, str]:
-    """
-
-    :param context:
-    :param map_attr_name: name of the attribute e.g. solc_optimize_map
-    :param map_attr: the value of the map attribute, a dictionary mapping contract/file to a value
-    :return:
-
-    all solc_XXX_map attributes are used to set attributes for the Solidity compiler. The value is based on the
-    Solidity file to be compiled, therefore it translates all keys to a relative path to a file
-    """
-
-    def find_matching_files(context: CertoraContext, pattern: str) -> List[str]:
-        file_part = pattern.split(':')[0]
-        if Path(file_part).suffix == "":  # no suffix means the key is a contract
-            matching_contracts = fnmatch.filter(context.contracts, pattern)  # find matching contracts
-            return [context.contract_to_file[contract] for contract in matching_contracts]
-        else:
-            return [file_part]
-
-    new_map_attr: Dict[str, str] = {}
-    for (pattern, value) in map_attr.copy().items():
-        matching_files = find_matching_files(context, pattern)
-        for file in matching_files:
-            file = str(Path(file).resolve(strict=False).relative_to(Path.cwd()))
-            attr_value = new_map_attr.get(file)
-            if attr_value is None:  # key in file paths but no mapping yet
-                new_map_attr[file] = value
-    return new_map_attr
+def find_matching_files(context: CertoraContext, pattern: str) -> List[str]:
+    result = []
 
+    for path in context.file_paths:
+        if glob.globmatch(path, pattern, flags=glob.GLOBSTAR):
+            result.append(path)
+    return result
 
 def check_map_attributes(context: CertoraContext) -> None:
 
@@ -718,27 +727,24 @@ def check_map_attributes(context: CertoraContext) -> None:
         # we also check the map value was not set to False explicitly in the conf file
         if base_attr and map_attr and not (base_attr is False and context.conf_options.get(base_attr) is not None):
             raise Util.CertoraUserInputError(f"You cannot use both '{attr_prefix}' and '{map_attr_name}' arguments")
-        if not isinstance(map_attr, dict):
-            raise RuntimeError(f"map_attr is not dictionary, got {map_attr}")
-        map_attr = _normalize_maps(context, map_attr_name, map_attr)
-        setattr(context, f"{map_attr_name}", map_attr)
-
-        sources_mappings: Dict[str, Optional[str]] = {file_path: None for file_path in context.file_paths}  # initially mapping files to None
-        for file in sources_mappings.keys():
-            match: Optional[str] = None
-            for (pattern, value) in map_attr.items():
-                if fnmatch.fnmatch(file, pattern):
-                    match = pattern
-                    break
-            if not match:
-                raise Util.CertoraUserInputError(f"No matching for {file} in {map_attr_name}. Pattens: {map_attr}")
-            elif not sources_mappings.get(file):  # key in file paths but no mapping yet
-                sources_mappings[file] = match
-
-        # Now we check if all sources were mapped
-        paths_not_set = [path for path, value in sources_mappings.items() if value is None]
-        if paths_not_set:
-            raise Util.CertoraUserInputError(f"{' '.join(paths_not_set)} was not set in {map_attr_name}")
+        if not isinstance(map_attr, OrderedDict):
+            raise RuntimeError(f"`map_attr` is not an ordered dictionary, got {map_attr}")
+
+        # will check that all the contract files are matched
+        file_list: Dict[str, bool] = {path: False for path in context.file_paths}
+
+        for key, value in map_attr.items():
+            pattern = key.split(':')[0]  # ignore the contract part
+            if Path(pattern).suffix == "":
+                for path in find_matching_contracts(context, pattern):
+                    file_list[path] = True
+            else:
+                for path in find_matching_files(context, pattern):
+                    file_list[path] = True
+
+        none_keys = [k for k, v in file_list.items() if v is False]
+        if none_keys:
+            raise Util.CertoraUserInputError(f"The following files are not matched in {map_attr_name}: {none_keys}")
 
 
 def check_parametric_contracts(context: CertoraContext) -> None:
@@ -905,16 +911,17 @@ def check_files_input(file_list: List[str]) -> None:
             if file.endswith(Util.SOROBAN_EXEC_EXTENSION):
                 raise Util.CertoraUserInputError(f'The Soroban file {file} cannot be accompanied with other files')
 
-def set_wait_for_results_default(context: CertoraContext) -> None:
-    if context.wait_for_results is None:
+
+def set_attr_default(context: CertoraContext, attr_name: str, ci_value: str, default_value: str) -> None:
+    if getattr(context, attr_name, None) is None:
         if Util.is_ci_or_git_action():
-            context.wait_for_results = str(Vf.WaitForResultOptions.ALL)
+            setattr(context, attr_name, ci_value)
         else:
-            context.wait_for_results = str(Vf.WaitForResultOptions.NONE)
+            setattr(context, attr_name, default_value)
 
 
 def mode_has_spec_file(context: CertoraContext) -> bool:
-    return not context.is_assert and not context.is_tac and not context.is_equivalence
+    return not (context.is_tac or context.is_equivalence)
 
 
 def to_relative_paths(paths: Union[str, List[str]]) -> Union[str, List[str]]:

certora_cli/CertoraProver/certoraParseBuildScript.py

@@ -60,7 +60,7 @@ def add_solana_files_to_context(context: CertoraContext, json_obj: dict) -> None
 def run_rust_build(context: CertoraContext, build_cmd: List[str]) -> None:
 
     try:
-        build_script_logger.info(f"Building by calling {build_cmd}")
+        build_script_logger.info(f"Building by calling `{' '.join(build_cmd)}`")
         result = subprocess.run(build_cmd, capture_output=True, text=True)
 
         # Check if the script executed successfully
@@ -90,11 +90,12 @@ def run_rust_build(context: CertoraContext, build_cmd: List[str]) -> None:
 
         add_solana_files_to_context(context, json_obj)
 
-        if context.test == str(Util.TestValue.AFTER_BUILD_RUST):
-            raise Util.TestResultsReady(context)
         assert not context.files, f"run_rust_build: expecting files to be empty, got: {context.files}"
         context.files = [os.path.join(context.rust_project_directory, context.rust_executables)]
 
+        if context.test == str(Util.TestValue.AFTER_BUILD_RUST):
+            raise Util.TestResultsReady(context)
+
     except Util.TestResultsReady as e:
         raise e
     except FileNotFoundError as e:

certora_cli/CertoraProver/certoraVerifyGenerator.py

@@ -47,10 +47,6 @@ class CertoraVerifyGenerator:
             # we need to build once because of the early typechecking...
             self.update_certora_verify_struct(False)
 
-        elif self.context.assert_contracts is not None:
-            contract_to_check_asserts_for = self.context.assert_contracts
-            self.certora_verify_struct = {"type": "assertion",
-                                          "primaryContracts": contract_to_check_asserts_for}
         elif self.context.equivalence_contracts is not None:
             if self.context.method is None:
                 raise Util.CertoraUserInputError("Argument `method` is required for equivalence checks")
@@ -63,6 +59,15 @@ class CertoraVerifyGenerator:
                 "primary_contract": equiv_contracts[0],
                 "secondary_contract": equiv_contracts[1]
             }
+        elif context.is_concord_app:
+            if len(context.contracts) != 2:
+                raise Util.CertoraUserInputError(f"Expecting 2 contracts but got {len(context.contracts)}: {context.contracts}")
+            contract_list = list(context.contracts)
+            self.certora_verify_struct = {
+                "type": "equivalence",
+                "primary_contract": contract_list[0],
+                "secondary_contract": contract_list[1]
+            }
 
     def update_certora_verify_struct(self, in_certora_sources: bool) -> None:
         """

certora_cli/CertoraProver/splitRules.py

@@ -96,8 +96,10 @@ class SplitRulesHandler():
         rule_flag = Attrs.EvmProverAttributes.RULE.get_flag()
         split_rules_flag = Attrs.EvmProverAttributes.SPLIT_RULES.get_flag()
         msg_flag = Attrs.CommonAttributes.MSG.get_flag()
+
         # it is important to use the cache, when the difference between the runs is only the rules that apply
         build_cache_flag = Attrs.EvmProverAttributes.BUILD_CACHE.get_flag()
+
         group_id_flag = Attrs.EvmProverAttributes.GROUP_ID.get_flag()
         disable_local_typechecking_flag = Attrs.EvmProverAttributes.DISABLE_LOCAL_TYPECHECKING.get_flag()
 

certora_cli/CertoraProver/storageExtension.py

@@ -32,8 +32,6 @@ from CertoraProver.certoraBuildDataClasses import ContractInSDC
 from CertoraProver import erc7201
 from Shared import certoraUtils as Util
 from CertoraProver.certoraBuildDataClasses import SDC
-from CertoraProver.Compiler.CompilerCollectorFactory import get_relevant_compiler
-from CertoraProver.certoraContextClass import CertoraContext
 
 NameSpacedStorage: TypeAlias = Tuple[str, str]
 NewStorageFields = List[Dict[str, Any]]
@@ -351,36 +349,3 @@ def validate_new_fields(
         raise Util.CertoraUserInputError(f"Slot {slot} added to {target_contract.name} by {ext} is already mapped by {target_contract.name}")
     if var in target_vars:
         raise Util.CertoraUserInputError(f"Var '{var}' added to {target_contract.name} by {ext} is already declared by {target_contract.name}")
-
-
-def add_harness_to_compiler_map(original_file: str, harness_file: Any, context: CertoraContext) -> None:
-    """
-    Associates the generated harness file with the same compiler version as the original file.
-
-    This ensures the harness contract is compiled with the same Solidity compiler version
-    as the contract it's extending, maintaining compatibility.
-
-    Args:
-        original_file (str): Path to the original source file
-        harness_file (Any): File-like object representing the generated harness file
-        context (CertoraContext): The context object containing compiler mapping information
-
-    Returns:
-        None
-    """
-    # Validate prerequisites before updating compiler map
-    if context.compiler_map is None:
-        storage_extension_logger.debug("Cannot add compiler for harness: compiler_map is None (not a dict). Using the default compiler")
-        return
-
-    # Get the compiler version used for the original file
-    compiler_version = get_relevant_compiler(Path(original_file), context)
-
-    # Extract just the filename from the harness file path
-    harness_filename = Path(harness_file.name).name
-
-    # Add the compiler version to the context using glob pattern for the harness file
-    map_key = f"*{harness_filename}"
-    context.compiler_map[map_key] = compiler_version
-
-    storage_extension_logger.debug(f"Added compiler mapping: {map_key} -> {compiler_version}")

certora_cli/Mutate/mutateApp.py

@@ -710,6 +710,7 @@ class MutateApp:
     dump_csv: Optional[Path]
     sync: bool
     wait_for_original_run: bool
+    url_visibility: Vf.UrlVisibilityOptions
     collect_file: Optional[Path]
     poll_timeout: Optional[int]
     max_timeout_attempts_count: Optional[int]
@@ -722,7 +723,7 @@ class MutateApp:
     def __init__(self, args_list: List[str]) -> None:
         self.mutation_test_id = ''
         self.numb_of_jobs: int = 0
-        self.backup_paths: List[Path] = []
+        self.backup_path: Optional[Path] = None
         self.sources_dir: Optional[Path] = None
         self.with_split_stats_data = False
         self.manual_mutants_list: List[Mutant] = list()
@@ -881,9 +882,9 @@ class MutateApp:
                                                      " verification results. Please remove or replace the mutation")
 
     def restore_backups(self) -> None:
-        for backup_path in self.backup_paths:
-            Util.restore_backup(backup_path)
-        self.backup_paths = []
+        if self.backup_path:
+            Util.restore_backup(self.backup_path)
+        self.backup_path = None
 
     def submit_soroban(self) -> None:
 
@@ -930,12 +931,14 @@ class MutateApp:
         # run mutants
         mutant_runs = []
         try:
-            self.backup_paths = []
             for mutant in all_mutants:
                 # call certoraRun for each mutant we found
                 mutant_runs.append(self.run_mutant_soroban(mutant))
+                self.restore_backups()
         finally:
-            self.restore_backups()
+            if self.backup_path:
+                mutation_logger.warning("Not empty backup path")
+                self.restore_backups()
 
         # wrap it all up and make the input for the 2nd step: the collector
         assert self.collect_file, "submit_soroban: no collect_file"
@@ -1143,10 +1146,11 @@ class MutateApp:
     def run_mutant_soroban(self, mutant: Mutant) -> MutantJob:
         file_to_mutate = Path(mutant.original_filename)
         # create a backup copy (if needed) by adding '.backup' to the end of the file
-        if Util.get_backup_path(file_to_mutate) not in self.backup_paths:
-            backup_file = Util.create_backup(file_to_mutate)
-            assert backup_file, f"run_mutant_soroban: create_backup for {file_to_mutate} failed"
-            self.backup_paths.append(backup_file)
+        if self.backup_path and Util.get_backup_path(file_to_mutate) != self.backup_path:
+            raise Util.ImplementationError("backup_path is set but does not match the file to mutate")
+        if not self.backup_path:
+            self.backup_path = Util.create_backup(file_to_mutate)
+            assert self.backup_path, f"run_mutant_soroban: create_backup for {file_to_mutate} failed"
         shutil.copy(mutant.filename, file_to_mutate)
 
         try:
@@ -1405,6 +1409,8 @@ class MutateApp:
         certora_args = [str(conf_file), "--run_source", "MUTATION", "--msg", msg]
         if self.wait_for_original_run:
             certora_args.append("--wait_for_results")
+        if self.url_visibility:
+            certora_args.extend(["--url_visibility", str(self.url_visibility)])
         if self.with_split_stats_data and os.environ.get("WITH_AUTOCONFING", False) == '1':
             certora_args += ['--prover_resource_files', f"ac:{MConstants.SPLIT_STATS_DATA}"]
         if mutation_test_id:

certora_cli/Mutate/mutateAttributes.py

@@ -250,6 +250,17 @@ class MutateAttributes(AttrUtil.Attributes):
         }
     )
 
+    URL_VISIBILITY = MutateAttributeDefinition(
+        attr_validation_func=Vf.validate_url_visibility,
+        argparse_args={
+            'nargs': AttrUtil.SINGLE_OR_NONE_OCCURRENCES,
+            'action': AttrUtil.UniqueStore,
+            'default': None,  # 'default': when --url_visibility was not used
+            # when --url_visibility was used without an argument its probably because the link should be public
+            'const': str(Vf.UrlVisibilityOptions.PUBLIC)
+        }
+    )
+
 
 def get_args(args_list: List[str]) -> Dict:
 

certora_cli/Shared/certoraAttrUtil.py

@@ -167,9 +167,12 @@ class Attributes:
         table.add_column(Text("Description"), width=desc_col_width)
         table.add_column(Text("Default"), width=default_col_width)
 
+        unsupported_attribute_names = [attr.name for attr in cls.unsupported_attributes()]
         for name in dir(cls):
             if name in cls.hide_attributes():
                 continue
+            if name in unsupported_attribute_names:
+                continue
             if name.isupper():
                 attr = getattr(cls, name, None)
                 assert isinstance(attr, AttributeDefinition), "print_attr_help: type(attr) == Attribute"
@@ -190,11 +193,9 @@ class Attributes:
             v.name = name
             return v
 
-        if not cls._attribute_list:
-            cls._attribute_list = [set_name(name) for name in dir(cls) if name.isupper()]
-            cls._all_conf_names = [attr.name.lower() for attr in cls.attribute_list()]
-            #  'compiler_map' does not have a matching 'compiler' attribute
-            cls._all_map_attrs = [attr for attr in cls._all_conf_names if attr.endswith(Util.MAP_SUFFIX)]
+        cls._attribute_list = [set_name(name) for name in dir(cls) if name.isupper()]
+        cls._all_conf_names = [attr.name.lower() for attr in cls.attribute_list()]
+        cls._all_map_attrs = [attr for attr in cls._all_conf_names if attr.endswith(Util.MAP_SUFFIX)]
 
     @classmethod
     def hide_attributes(cls) -> List[str]:
@@ -203,3 +204,8 @@ class Attributes:
         :return: A list of attribute names to be hidden.
         """
         return []
+
+    @classmethod
+    def unsupported_attributes(cls) -> list:
+        # Return a list of AttributeDefinition objects that are unsupported
+        return []