certora-cli-beta-mirror 7.31.0__py3-none-any.whl → 8.0.0__py3-none-any.whl

certora_cli/CertoraProver/certoraVerifyGenerator.py

@@ -47,10 +47,6 @@ class CertoraVerifyGenerator:
             # we need to build once because of the early typechecking...
             self.update_certora_verify_struct(False)
 
-        elif self.context.assert_contracts is not None:
-            contract_to_check_asserts_for = self.context.assert_contracts
-            self.certora_verify_struct = {"type": "assertion",
-                                          "primaryContracts": contract_to_check_asserts_for}
         elif self.context.equivalence_contracts is not None:
             if self.context.method is None:
                 raise Util.CertoraUserInputError("Argument `method` is required for equivalence checks")
@@ -63,6 +59,15 @@ class CertoraVerifyGenerator:
                 "primary_contract": equiv_contracts[0],
                 "secondary_contract": equiv_contracts[1]
             }
+        elif context.is_concord_app:
+            if len(context.contracts) != 2:
+                raise Util.CertoraUserInputError(f"Expecting 2 contracts but got {len(context.contracts)}: {context.contracts}")
+            contract_list = list(context.contracts)
+            self.certora_verify_struct = {
+                "type": "equivalence",
+                "primary_contract": contract_list[0],
+                "secondary_contract": contract_list[1]
+            }
 
     def update_certora_verify_struct(self, in_certora_sources: bool) -> None:
         """

certora_cli/CertoraProver/splitRules.py

@@ -96,8 +96,10 @@ class SplitRulesHandler():
         rule_flag = Attrs.EvmProverAttributes.RULE.get_flag()
         split_rules_flag = Attrs.EvmProverAttributes.SPLIT_RULES.get_flag()
         msg_flag = Attrs.CommonAttributes.MSG.get_flag()
+
         # it is important to use the cache, when the difference between the runs is only the rules that apply
         build_cache_flag = Attrs.EvmProverAttributes.BUILD_CACHE.get_flag()
+
         group_id_flag = Attrs.EvmProverAttributes.GROUP_ID.get_flag()
         disable_local_typechecking_flag = Attrs.EvmProverAttributes.DISABLE_LOCAL_TYPECHECKING.get_flag()
 

certora_cli/CertoraProver/storageExtension.py

@@ -32,8 +32,6 @@ from CertoraProver.certoraBuildDataClasses import ContractInSDC
 from CertoraProver import erc7201
 from Shared import certoraUtils as Util
 from CertoraProver.certoraBuildDataClasses import SDC
-from CertoraProver.Compiler.CompilerCollectorFactory import get_relevant_compiler
-from CertoraProver.certoraContextClass import CertoraContext
 
 NameSpacedStorage: TypeAlias = Tuple[str, str]
 NewStorageFields = List[Dict[str, Any]]
@@ -351,36 +349,3 @@ def validate_new_fields(
         raise Util.CertoraUserInputError(f"Slot {slot} added to {target_contract.name} by {ext} is already mapped by {target_contract.name}")
     if var in target_vars:
         raise Util.CertoraUserInputError(f"Var '{var}' added to {target_contract.name} by {ext} is already declared by {target_contract.name}")
-
-
-def add_harness_to_compiler_map(original_file: str, harness_file: Any, context: CertoraContext) -> None:
-    """
-    Associates the generated harness file with the same compiler version as the original file.
-
-    This ensures the harness contract is compiled with the same Solidity compiler version
-    as the contract it's extending, maintaining compatibility.
-
-    Args:
-        original_file (str): Path to the original source file
-        harness_file (Any): File-like object representing the generated harness file
-        context (CertoraContext): The context object containing compiler mapping information
-
-    Returns:
-        None
-    """
-    # Validate prerequisites before updating compiler map
-    if context.compiler_map is None:
-        storage_extension_logger.debug("Cannot add compiler for harness: compiler_map is None (not a dict). Using the default compiler")
-        return
-
-    # Get the compiler version used for the original file
-    compiler_version = get_relevant_compiler(Path(original_file), context)
-
-    # Extract just the filename from the harness file path
-    harness_filename = Path(harness_file.name).name
-
-    # Add the compiler version to the context using glob pattern for the harness file
-    map_key = f"*{harness_filename}"
-    context.compiler_map[map_key] = compiler_version
-
-    storage_extension_logger.debug(f"Added compiler mapping: {map_key} -> {compiler_version}")

certora_cli/Mutate/mutateApp.py

@@ -710,6 +710,7 @@ class MutateApp:
     dump_csv: Optional[Path]
     sync: bool
     wait_for_original_run: bool
+    url_visibility: Vf.UrlVisibilityOptions
     collect_file: Optional[Path]
     poll_timeout: Optional[int]
     max_timeout_attempts_count: Optional[int]
@@ -722,7 +723,7 @@ class MutateApp:
     def __init__(self, args_list: List[str]) -> None:
         self.mutation_test_id = ''
         self.numb_of_jobs: int = 0
-        self.backup_paths: List[Path] = []
+        self.backup_path: Optional[Path] = None
         self.sources_dir: Optional[Path] = None
         self.with_split_stats_data = False
         self.manual_mutants_list: List[Mutant] = list()
@@ -881,9 +882,9 @@ class MutateApp:
                                                      " verification results. Please remove or replace the mutation")
 
     def restore_backups(self) -> None:
-        for backup_path in self.backup_paths:
-            Util.restore_backup(backup_path)
-        self.backup_paths = []
+        if self.backup_path:
+            Util.restore_backup(self.backup_path)
+        self.backup_path = None
 
     def submit_soroban(self) -> None:
 
@@ -930,12 +931,14 @@ class MutateApp:
         # run mutants
         mutant_runs = []
         try:
-            self.backup_paths = []
             for mutant in all_mutants:
                 # call certoraRun for each mutant we found
                 mutant_runs.append(self.run_mutant_soroban(mutant))
+                self.restore_backups()
         finally:
-            self.restore_backups()
+            if self.backup_path:
+                mutation_logger.warning("Not empty backup path")
+                self.restore_backups()
 
         # wrap it all up and make the input for the 2nd step: the collector
         assert self.collect_file, "submit_soroban: no collect_file"
@@ -1143,10 +1146,11 @@ class MutateApp:
     def run_mutant_soroban(self, mutant: Mutant) -> MutantJob:
         file_to_mutate = Path(mutant.original_filename)
         # create a backup copy (if needed) by adding '.backup' to the end of the file
-        if Util.get_backup_path(file_to_mutate) not in self.backup_paths:
-            backup_file = Util.create_backup(file_to_mutate)
-            assert backup_file, f"run_mutant_soroban: create_backup for {file_to_mutate} failed"
-            self.backup_paths.append(backup_file)
+        if self.backup_path and Util.get_backup_path(file_to_mutate) != self.backup_path:
+            raise Util.ImplementationError("backup_path is set but does not match the file to mutate")
+        if not self.backup_path:
+            self.backup_path = Util.create_backup(file_to_mutate)
+            assert self.backup_path, f"run_mutant_soroban: create_backup for {file_to_mutate} failed"
         shutil.copy(mutant.filename, file_to_mutate)
 
         try:
@@ -1405,6 +1409,8 @@ class MutateApp:
         certora_args = [str(conf_file), "--run_source", "MUTATION", "--msg", msg]
         if self.wait_for_original_run:
             certora_args.append("--wait_for_results")
+        if self.url_visibility:
+            certora_args.extend(["--url_visibility", str(self.url_visibility)])
         if self.with_split_stats_data and os.environ.get("WITH_AUTOCONFING", False) == '1':
             certora_args += ['--prover_resource_files', f"ac:{MConstants.SPLIT_STATS_DATA}"]
         if mutation_test_id:

certora_cli/Mutate/mutateAttributes.py

@@ -250,6 +250,17 @@ class MutateAttributes(AttrUtil.Attributes):
         }
     )
 
+    URL_VISIBILITY = MutateAttributeDefinition(
+        attr_validation_func=Vf.validate_url_visibility,
+        argparse_args={
+            'nargs': AttrUtil.SINGLE_OR_NONE_OCCURRENCES,
+            'action': AttrUtil.UniqueStore,
+            'default': None,  # 'default': when --url_visibility was not used
+            # when --url_visibility was used without an argument its probably because the link should be public
+            'const': str(Vf.UrlVisibilityOptions.PUBLIC)
+        }
+    )
+
 
 def get_args(args_list: List[str]) -> Dict:
 

certora_cli/Shared/certoraAttrUtil.py

@@ -167,9 +167,12 @@ class Attributes:
         table.add_column(Text("Description"), width=desc_col_width)
         table.add_column(Text("Default"), width=default_col_width)
 
+        unsupported_attribute_names = [attr.name for attr in cls.unsupported_attributes()]
         for name in dir(cls):
             if name in cls.hide_attributes():
                 continue
+            if name in unsupported_attribute_names:
+                continue
             if name.isupper():
                 attr = getattr(cls, name, None)
                 assert isinstance(attr, AttributeDefinition), "print_attr_help: type(attr) == Attribute"
@@ -190,11 +193,9 @@ class Attributes:
             v.name = name
             return v
 
-        if not cls._attribute_list:
-            cls._attribute_list = [set_name(name) for name in dir(cls) if name.isupper()]
-            cls._all_conf_names = [attr.name.lower() for attr in cls.attribute_list()]
-            #  'compiler_map' does not have a matching 'compiler' attribute
-            cls._all_map_attrs = [attr for attr in cls._all_conf_names if attr.endswith(Util.MAP_SUFFIX)]
+        cls._attribute_list = [set_name(name) for name in dir(cls) if name.isupper()]
+        cls._all_conf_names = [attr.name.lower() for attr in cls.attribute_list()]
+        cls._all_map_attrs = [attr for attr in cls._all_conf_names if attr.endswith(Util.MAP_SUFFIX)]
 
     @classmethod
     def hide_attributes(cls) -> List[str]:
@@ -203,3 +204,8 @@ class Attributes:
         :return: A list of attribute names to be hidden.
         """
         return []
+
+    @classmethod
+    def unsupported_attributes(cls) -> list:
+        # Return a list of AttributeDefinition objects that are unsupported
+        return []

certora_cli/Shared/certoraUtils.py

@@ -114,7 +114,8 @@ EVM_SOURCE_EXTENSIONS = (SOL_EXT, VY_EXT, YUL_EXT)
 EVM_EXTENSIONS = EVM_SOURCE_EXTENSIONS + ('.tac', '.json')
 SOLANA_EXEC_EXTENSION = '.so'
 SOROBAN_EXEC_EXTENSION = '.wasm'
-VALID_FILE_EXTENSIONS = ['.conf'] + list(EVM_EXTENSIONS) + [SOLANA_EXEC_EXTENSION, SOROBAN_EXEC_EXTENSION]
+VALID_EVM_EXTENSIONS = list(EVM_EXTENSIONS) + ['.conf']
+VALID_FILE_EXTENSIONS = VALID_EVM_EXTENSIONS + [SOLANA_EXEC_EXTENSION, SOROBAN_EXEC_EXTENSION]
 # Type alias definition, not a variable
 CompilerVersion = Tuple[int, int, int]
 MAP_SUFFIX = '_map'
@@ -368,11 +369,8 @@ def remove_file(file_path: Union[str, Path]) -> None:  # TODO - accept only Path
         except OSError:
             pass
     else:
-        try:
-            # When we upgrade to Python 3.8, we can use unlink(missing_ok=True) and remove the try/except clauses
-            file_path.unlink()
-        except FileNotFoundError:
-            pass
+        file_path.unlink(missing_ok=True)
+
 
 def abs_norm_path(file_path: Union[str, Path]) -> Path:
     """
@@ -959,18 +957,6 @@ def flatten_set_list(set_list: List[Set[Any]]) -> List[Any]:
     return list(ret_set)
 
 
-def is_relative_to(path1: Path, path2: Path) -> bool:
-    """certora-cli currently requires python3.8 and it's the last version without support for is_relative_to.
-    Shamelessly copying.
-    """
-    # return path1.is_relative_to(path2)
-    try:
-        path1.relative_to(path2)
-        return True
-    except ValueError:
-        return False
-
-
 def find_jar(jar_name: str) -> Path:
     # if we are a dev running certoraRun.py (local version), we want to get the local jar
     # if we are a dev running an installed version of certoraRun, we want to get the installed jar
@@ -982,7 +968,7 @@ def find_jar(jar_name: str) -> Path:
 
     if certora_home != "":
         local_certora_path = Path(certora_home) / CERTORA_JARS / jar_name
-        if is_relative_to(Path(__file__), Path(certora_home)) and local_certora_path.is_file():
+        if Path(__file__).is_relative_to(Path(certora_home)) and local_certora_path.is_file():
             return local_certora_path
 
     return get_package_resource(CERTORA_JARS / jar_name)
@@ -997,31 +983,46 @@ def get_package_resource(resource: Path) -> Path:
     return Path(__file__).parents[2] / resource
 
 
-def is_java_installed() -> bool:
+def get_java_version() -> str:
     """
-    Check that java is installed and with a version that is suitable for running certora jars
-    @return True on success
+    Retrieve installed java version
+    @return installed java version on success or empty string
     """
     # Check if java exists on the machine
     java = which("java")
     if java is None:
+        return ''
+
+    try:
+        java_version_str = subprocess.check_output(['java', '-version'], stderr=subprocess.STDOUT).decode()
+        java_version = re.search(r'version \"([\d\.]+)\"', java_version_str).groups()[0]  # type: ignore[union-attr]
+
+        return java_version
+    except (subprocess.CalledProcessError, AttributeError):
+        typecheck_logger.debug("Couldn't find the installed Java version.")
+        return ''
+
+
+def is_java_installed(java_version: str) -> bool:
+    """
+    Check that java is installed and with a version that is suitable for running certora jars
+    @return True on success
+    """
+    if not java_version:
         typecheck_logger.warning(
             f"`java` is not installed. Installing Java version {MIN_JAVA_VERSION} or later will enable faster "
             f"CVL specification syntax checking before uploading to the cloud.")
         return False
 
-    try:
-        java_version_str = subprocess.check_output(['java', '-version'], stderr=subprocess.STDOUT).decode()
-        major_java_version = re.search(r'version \"(\d+).*', java_version_str).groups()[0]  # type: ignore[union-attr]
+    else:
+        major_java_version = java_version.split('.')[0]
         if int(major_java_version) < MIN_JAVA_VERSION:
             typecheck_logger.warning("Installed Java version is too old to check CVL specification files locally. "
                                      f" Java version should be at least {MIN_JAVA_VERSION} to allow local java-based "
                                      "type checking")
 
             return False
-    except (subprocess.CalledProcessError, AttributeError):
-        typecheck_logger.warning("Couldn't find the installed Java version.")
-        return False
+
     return True
 
 

certora_cli/Shared/certoraValidateFuncs.py

@@ -91,7 +91,7 @@ class RunSources(Util.NoValEnum):
     MUTATION = auto()
     BENCHMARK = auto()
     LIGHT_TEST = auto()
-    RERUN = auto()
+    REPORT = auto()
 
 
 class WaitForResultOptions(Util.NoValEnum):
@@ -99,6 +99,11 @@ class WaitForResultOptions(Util.NoValEnum):
     ALL = auto()
 
 
+class UrlVisibilityOptions(Util.NoValEnum):
+    PRIVATE = auto()
+    PUBLIC = auto()
+
+
 def is_solc_file_valid(orig_filename: Optional[str]) -> str:
     """
     Verifies that a given --solc argument is valid:
@@ -124,7 +129,7 @@ def is_solc_file_valid(orig_filename: Optional[str]) -> str:
         if filename.endswith(f".{suffix}"):
             raise Util.CertoraUserInputError(f"wrong Solidity executable given: {filename}")
 
-    # see https://docs.python.org/3.8/library/shutil.html#shutil.which. We use no mask to give a precise error
+    # see https://docs.python.org/3.9/library/shutil.html#shutil.which. We use no mask to give a precise error
     solc_location = shutil.which(filename, os.F_OK)
     if solc_location is not None:
         solc_path = Path(solc_location)
@@ -425,7 +430,7 @@ def validate_contract_extension_attr(map: Any) -> Dict[str, List[Dict[str, Any]]
     return map
 
 
-def validate_input_file(file: str) -> str:
+def validate_evm_input_file(file: str) -> str:
     # [file[:contractName] ...] or CONF_FILE.conf or TAC_FILE.tac
 
     if Util.SOL_EXT in file:
@@ -469,12 +474,12 @@ def validate_input_file(file: str) -> str:
         except Exception as e:
             raise Util.CertoraUserInputError(f"Cannot access file {file} : {e}")
         return file
-    elif any(file.endswith(ext) for ext in Util.VALID_FILE_EXTENSIONS):
+    elif any(file.endswith(ext) for ext in Util.VALID_EVM_EXTENSIONS):
         validate_readable_file(file)
         return file
 
     raise Util.CertoraUserInputError(
-        f"input file {file} is not in one of the supported types ({Util.VALID_FILE_EXTENSIONS})")
+        f"input file {file} is not in one of the supported types ({Util.VALID_EVM_EXTENSIONS})")
 
 
 def validate_json_file(file: str) -> str:
@@ -545,13 +550,6 @@ def validate_struct_link(link: str) -> str:
     return link
 
 
-def validate_assert_contracts(contract: str) -> str:
-    if not re.match(Util.SOLIDITY_ID_STRING_RE, contract):
-        raise Util.CertoraUserInputError(
-            f"Contract name {contract} can include only alphanumeric characters, dollar signs or underscores")
-    return contract
-
-
 def validate_equivalence_contracts(equiv_string: str) -> str:
     if not re.match(f'^{Util.SOLIDITY_ID_SUBSTRING_RE}={Util.SOLIDITY_ID_SUBSTRING_RE}$', equiv_string):
         raise Util.CertoraUserInputError(
@@ -760,6 +758,16 @@ def validate_git_hash(git_hash: str) -> str:
         raise Util.CertoraUserInputError("Git hash must consist of between 1 and 40 characters")
     return git_hash
 
+def validate_check_method_flag(method: str) -> str:
+    if '.' in method:
+        raise Util.CertoraUserInputError(f"Malformed `check_mathod` argument '{method}': checked method cannot contain a dot. Use only the method name without the contract prefix."
+                                         "the contract part is not allowed in `--check_method`")
+    if ' ' in method:
+        raise Util.CertoraUserInputError(f"Malformed method '{method}' in `--check_method`: remove all whitespace")
+
+    if not __validate_matching_parens(method):
+        raise Util.CertoraUserInputError(f"Malformed method '{method}' in `--check_method`: unmatched parenthesis")
+    return method
 
 def validate_method_flag(method: str) -> str:
     contract_and_method = method.split('.')
@@ -995,6 +1003,10 @@ def validate_wait_for_results(value: str) -> str:
     return __validate_enum_value(value, WaitForResultOptions)
 
 
+def validate_url_visibility(value: str) -> str:
+    return __validate_enum_value(value, UrlVisibilityOptions)
+
+
 def validate_json5_file(file: str) -> str:
     file_exists_and_readable(file)
 

certora_cli/Shared/proverCommon.py

@@ -156,11 +156,13 @@ def ensure_version_compatibility(context: CertoraContext) -> None:
         """
         validate_version_and_branch(context)
 
+
 # --------------------------------------------------------------------------- #
 # Verification helpers
 # --------------------------------------------------------------------------- #
 
-def run_local(context: CertoraContext, timings: Dict, additional_commands: Optional[List[str]] = None, compare_with_expected_file: bool = False) -> int:
+def run_local(context: CertoraContext, timings: Dict, additional_commands: Optional[List[str]] = None,
+              compare_with_expected_file: bool = False) -> int:
     """
     Run the verifier locally and return its exit code (0 = success).
     Args:
@@ -187,7 +189,7 @@ def run_local(context: CertoraContext, timings: Dict, additional_commands: Optio
 
     if rc == 0:
         Util.print_completion_message("Finished running verifier:")
-        print("\t%s", " ".join(cmd))
+        print(f'\t{" ".join(cmd)}')
         timings.setdefault("buildTime", 0.0)  # ensure key exists
         return 0
 

certora_cli/certoraCVLFormatter.py

@@ -0,0 +1,76 @@
+#!/usr/bin/env python3
+#     The Certora Prover
+#     Copyright (C) 2025  Certora Ltd.
+#
+#     This program is free software: you can redistribute it and/or modify
+#     it under the terms of the GNU General Public License as published by
+#     the Free Software Foundation, version 3 of the License.
+#
+#     This program is distributed in the hope that it will be useful,
+#     but WITHOUT ANY WARRANTY; without even the implied warranty of
+#     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#     GNU General Public License for more details.
+#
+#     You should have received a copy of the GNU General Public License
+#     along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+
+import os
+import sys
+import argparse
+import subprocess
+from pathlib import Path
+
+scripts_dir_path = Path(__file__).parent.resolve()  # containing directory
+sys.path.insert(0, str(scripts_dir_path))
+
+from Shared import certoraUtils as Util
+from pathlib import Path
+
+FORMATTER_JAR = "ASTExtraction.jar"
+
+scripts_dir_path = Path(__file__).parent.resolve()
+sys.path.insert(0, str(scripts_dir_path))
+
+def spec_file_type(spec_file: str) -> str:
+    if not os.path.isfile(spec_file):
+        raise argparse.ArgumentTypeError(f"File {spec_file} does not exist")
+    return spec_file
+
+def run_formatter_from_jar(spec_file: str, overwrite: bool) -> None:
+    path_to_typechecker = Util.find_jar(FORMATTER_JAR)
+    cmd = ['java', '-jar', str(path_to_typechecker), 'format', '--file', spec_file]
+
+    result = subprocess.run(cmd, text=True, capture_output=True)
+
+    if result.returncode != 0:
+        raise Util.CertoraUserInputError(f"Error running formatter on {spec_file}: {result.stderr.strip() if result.stderr else ''}")
+
+    if overwrite:
+        with open(spec_file, 'w', encoding='utf-8') as f:
+            f.write(result.stdout)
+    else:
+        print(result.stdout, end='', file=sys.stdout)
+
+def parse_args() -> tuple[str, bool]:
+    parser = argparse.ArgumentParser()
+    parser.add_argument('spec_file', type=spec_file_type, help='Path to the .spec file')
+    parser.add_argument('-w', '--overwrite', action='store_true', help='If set, output is written to the spec file instead of stdout')
+
+    args = parser.parse_args()
+    return args.spec_file, args.overwrite
+
+
+def check_java_version() -> None:
+    if not (Util.is_java_installed(Util.get_java_version())):
+        raise Util.CertoraUserInputError(f"Java {Util.MIN_JAVA_VERSION} or higher is required to run the formatter. "
+                                         f"Please install Java and try again.")
+
+
+def entry_point() -> None:
+    spec_file, overwrite = parse_args()
+    check_java_version()
+    run_formatter_from_jar(spec_file, overwrite)
+
+if __name__ == '__main__':
+    entry_point()

certora_cli/certoraConcord.py

@@ -0,0 +1,39 @@
+#!/usr/bin/env python3
+#     The Certora Prover
+#     Copyright (C) 2025  Certora Ltd.
+#
+#     This program is free software: you can redistribute it and/or modify
+#     it under the terms of the GNU General Public License as published by
+#     the Free Software Foundation, version 3 of the License.
+#
+#     This program is distributed in the hope that it will be useful,
+#     but WITHOUT ANY WARRANTY; without even the implied warranty of
+#     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#     GNU General Public License for more details.
+#
+#     You should have received a copy of the GNU General Public License
+#     along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+
+import sys
+from pathlib import Path
+
+scripts_dir_path = Path(__file__).parent.resolve()  # containing directory
+sys.path.insert(0, str(scripts_dir_path))
+
+import CertoraProver.certoraContextAttributes as Attrs
+from certoraRun import run_certora
+from Shared.proverCommon import CertoraRunResult, catch_exits
+
+from typing import List, Optional
+
+
+def run_concord(args: List[str]) -> Optional[CertoraRunResult]:
+    return run_certora(args, Attrs.ConcordAttributes, prover_cmd=sys.argv[0])
+
+@catch_exits
+def entry_point() -> None:
+    run_concord(sys.argv[1:])
+
+if __name__ == '__main__':
+    entry_point()