GitBross Home Explore Help
Register Sign In
sol_Bo8des9o
/
openzeppelin-contracts
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 94d9cc3d93
Branches Tags
openzeppelin-co...
/
.github
/
workflows
/
formal-verification.yml

formal-verification.yml 2.7 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788 
  1. name: formal verification
    2. 

  2. 

  3. on:
    4. 

  4.   pull_request:
    5. 

  5.     types:
    6. 

  6.       - opened
    7. 

  7.       - reopened
    8. 

  8.       - synchronize
    9. 

  9.       - labeled
    10. 

  10.   workflow_dispatch: {}
    11. 

  11. 

  12. env:
    13. 

  13.   PIP_VERSION: '3.11'
    14. 

  14.   JAVA_VERSION: '11'
    15. 

  15.   SOLC_VERSION: '0.8.27'
    16. 

  16. 

  17. concurrency: ${{ github.workflow }}-${{ github.ref }}
    18. 

  18. 

  19. jobs:
    20. 

  20.   apply-diff:
    21. 

  21.     runs-on: ubuntu-latest
    22. 

  22.     steps:
    23. 

  23.       - uses: actions/checkout@v5
    24. 

  24.       - name: Apply patches
    25. 

  25.         run: make -C certora apply
    26. 

  26. 

  27.   verify:
    28. 

  28.     runs-on: ubuntu-latest
    29. 

  29.     if: github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'formal-verification')
    30. 

  30.     steps:
    31. 

  31.       - uses: actions/checkout@v5
    32. 

  32.         with:
    33. 

  33.           fetch-depth: 0
    34. 

  34.       - name: Set up environment
    35. 

  35.         uses: ./.github/actions/setup
    36. 

  36.       - name: identify specs that need to be run
    37. 

  37.         id: arguments
    38. 

  38.         run: |
    39. 

  39.           if [[ ${{ github.event_name }} = 'pull_request' ]];
    40. 

  40.           then
    41. 

  41.             RESULT=$(git diff ${{ github.event.pull_request.head.sha }}..${{ github.event.pull_request.base.sha }} --name-only certora/specs/*.spec | while IFS= read -r file; do [[ -f $file ]] && basename "${file%.spec}"; done | tr "\n" " ")
    42. 

  42.           else
    43. 

  43.             RESULT='--all'
    44. 

  44.           fi
    45. 

  45.           echo "result=$RESULT" >> "$GITHUB_OUTPUT"
    46. 

  46.       - name: Install python
    47. 

  47.         uses: actions/setup-python@v5
    48. 

  48.         with:
    49. 

  49.           python-version: ${{ env.PIP_VERSION }}
    50. 

  50.           cache: 'pip'
    51. 

  51.           cache-dependency-path: 'fv-requirements.txt'
    52. 

  52.       - name: Install python packages
    53. 

  53.         run: pip install -r fv-requirements.txt
    54. 

  54.       - name: Install java
    55. 

  55.         uses: actions/setup-java@v5
    56. 

  56.         with:
    57. 

  57.           distribution: temurin
    58. 

  58.           java-version: ${{ env.JAVA_VERSION }}
    59. 

  59.       - name: Install solc
    60. 

  60.         run: |
    61. 

  61.           wget https://github.com/ethereum/solidity/releases/download/v${{ env.SOLC_VERSION }}/solc-static-linux
    62. 

  62.           sudo mv solc-static-linux /usr/local/bin/solc
    63. 

  63.           chmod +x /usr/local/bin/solc
    64. 

  64.       - name: Verify specification
    65. 

  65.         run: |
    66. 

  66.           make -C certora apply
    67. 

  67.           node certora/run.js ${{ steps.arguments.outputs.result }} -p 1 -v >> "$GITHUB_STEP_SUMMARY"
    68. 

  68.         env:
    69. 

  69.           CERTORAKEY: ${{ secrets.CERTORAKEY }}
    70. 

  70. 

  71.   halmos:
    72. 

  72.     runs-on: ubuntu-latest
    73. 

  73.     steps:
    74. 

  74.       - uses: actions/checkout@v5
    75. 

  75.       - name: Set up environment
    76. 

  76.         uses: ./.github/actions/setup
    77. 

  77.       - name: Install python
    78. 

  78.         uses: actions/setup-python@v5
    79. 

  79.         with:
    80. 

  80.           python-version: ${{ env.PIP_VERSION }}
    81. 

  81.           cache: 'pip'
    82. 

  82.           cache-dependency-path: 'fv-requirements.txt'
    83. 

  83.       - name: Install python packages
    84. 

  84.         run: pip install -r fv-requirements.txt
    85. 

  85.       - name: Run Halmos
    86. 

  86.         run: halmos --match-test '^symbolic|^testSymbolic' -vv
    87. 

  87.         env:
    88. 

  88.           HALMOS_ALLOW_DOWNLOAD: 1
    89.