Open palinatolmach opened 3 weeks ago
Cheatcodes base: https://github.com/runtimeverification/kontrol-cheatcodes/blob/master/src/IKontrolCheatsBase.sol Some of their implementations: https://github.com/runtimeverification/kontrol-cheatcodes/blob/master/src/KontrolCheats.sol
The list of cheatcodes shared with the Foundry team contains
symbolicStorage(address)
: makes the storage of the given address fully symbolic.copyStorage(address, address)
: copies the storage of one contract to another.freshAddress() , freshBool()
: returns a symbolic address or bool value, respectively.freshBytes(uint256) external returns (bytes memory b)
: returns a symbolic bytes array of a given size; in Kontrol, the returnedbytes b
have dynamic size but we add an assumption onb.length
.freshUInt(uint8)
: returns a symbolic unsigned integer of a given size in bytes. We use thisfreshUInt
cheatcode to define fixed-length variations for unsigned (freshUInt256(), freshUInt248()
, etc.) and signed integers (freshSInt32(), freshSInt8()
, etc.).mockFunction(address callee, address calledContract, bytes calldata data)
: whenever a call is made tocallee
with calldatadata
, this cheatcode instead callscalledContract
with the same calldata. This functionality is similar to a delegate call made tocalledContract
fromcallee
. We use it to substitute a call to a client's function with another implementation that captures the primary logic of the original function but is easier to reason about. It was inspired by Foundry’smockCall
, which helps substitute a call with specified return data but allows capturing more observable behaviors than just the return value.expect*Call
cheatcodes: similar toexpectEmit
, these let us specify the expected call with itscallee
andcalldata
. We use these less frequently, but I think they can be useful even for fuzzing tests.