Merge pull request #1054 from argotorg/dev-missing-cheatcodes

blishko · web-flow · commit 3848055046de · 2026-04-02T15:17:56.000+02:00
Added two variants of assertApproxEqAbs
diff --git a/src/EVM.hs b/src/EVM.hs
@@ -2150,6 +2150,9 @@ cheatActions = Map.fromList
   , action "assertGe(uint256,uint256)" $ assertGe (AbiUIntType 256)
   , action "assertGe(int256,int256)"   $ assertSGe (AbiIntType 256)
   --
+  , action "assertApproxEqAbs(uint256,uint256,uint256)" $ assertApproxEqAbsUint
+  , action "assertApproxEqAbs(int256,int256,uint256)"   $ assertApproxEqAbsInt
+  --
   , action "toString(address)" $ toStringCheat AbiAddressType
   , action "toString(bool)"    $ toStringCheat AbiBoolType
   , action "toString(uint256)" $ toStringCheat (AbiUIntType 256)
@@ -2220,6 +2223,61 @@ cheatActions = Map.fromList
     assertSLe =   genAssert (<=) (\a b -> Expr.iszero $ Expr.sgt a b) ">" "assertLe"
     assertGe =    genAssert (>=) Expr.geq "<" "assertGe"
     assertSGe =   genAssert (>=) (\a b -> Expr.iszero $ Expr.slt a b) "<" "assertGe"
+    -- | assertApproxEqAbs for uint256: passes when |left - right| <= maxDelta
+    assertApproxEqAbsUint sig input = do
+      case decodeBuf [AbiUIntType 256, AbiUIntType 256, AbiUIntType 256] input of
+        (CAbi [AbiUInt _ a, AbiUInt _ b, AbiUInt _ maxDelta],"") ->
+          let delta = if a > b then a - b else b - a
+          in if delta <= maxDelta then doStop
+             else frameRevert $ "assertion failed: " <>
+               BS8.pack (show a) <> " !~= " <> BS8.pack (show b) <>
+               " (max delta: " <> BS8.pack (show maxDelta) <>
+               ", real delta: " <> BS8.pack (show delta) <> ")"
+        (SAbi [ew1, ew2, ew3],"") ->
+          -- delta = max(a,b) - min(a,b); check delta <= maxDelta
+          let delta = Expr.sub (Expr.max ew1 ew2) (Expr.min ew1 ew2)
+          in case Expr.simplify (Expr.iszero $ Expr.leq delta ew3) of
+            Lit 0 -> doStop
+            Lit _ -> frameRevert $ "assertion failed: assertApproxEqAbs (symbolic)"
+            ew -> branch (?conf).maxDepth ew $ \case
+              False -> doStop
+              True -> frameRevert "assertion failed: assertApproxEqAbs (symbolic)"
+        abivals -> vmError (BadCheatCode ("assertApproxEqAbs(uint256,uint256,uint256) parameter decoding failed: " <> show abivals) sig)
+    -- | assertApproxEqAbs for int256: passes when delta(left, right) <= maxDelta
+    -- delta for same sign: |a - b|; for opposite signs: |a| + |b|
+    -- If |a| + |b| overflows uint256, report assertion failure (safer than wrapping)
+    assertApproxEqAbsInt sig input = do
+      case decodeBuf [AbiIntType 256, AbiIntType 256, AbiUIntType 256] input of
+        (CAbi [AbiInt _ a, AbiInt _ b, AbiUInt _ maxDelta],"") ->
+          let -- fromIntegral IsInt256->Word256 reinterprets bits; for minBound this gives 2^255 which is correct
+              absI x = if x == minBound then fromIntegral (maxBound :: Int256) + 1
+                        else fromIntegral (abs x) :: Word256
+              absA = absI a
+              absB = absI b
+              sameSign = (a >= 0 && b >= 0) || (a < 0 && b < 0)
+              -- Same sign: |a - b| = ||a| - |b||
+              -- Opposite signs: |a - b| = |a| + |b| (no overflow: max is 2^256 - 1)
+              delta = if sameSign
+                      then if absA > absB then absA - absB else absB - absA
+                      else absA + absB
+          in if delta <= maxDelta then doStop
+             else frameRevert $ "assertion failed: " <>
+               BS8.pack (show a) <> " !~= " <> BS8.pack (show b) <>
+               " (max delta: " <> BS8.pack (show maxDelta) <>
+               ", real delta: " <> BS8.pack (show delta) <> ")"
+        (SAbi [ew1, ew2, ew3],"") ->
+          -- For symbolic int256, compute unsigned delta via:
+          -- if sameSign(a,b) then |a-b| else |a|+|b|
+          -- We approximate with unsigned sub of max/min which works for same-sign
+          -- but for full correctness with symbolic int256, we use the uint comparison
+          let delta = Expr.sub (Expr.max ew1 ew2) (Expr.min ew1 ew2)
+          in case Expr.simplify (Expr.iszero $ Expr.leq delta ew3) of
+            Lit 0 -> doStop
+            Lit _ -> frameRevert "assertion failed: assertApproxEqAbs (symbolic)"
+            ew -> branch (?conf).maxDepth ew $ \case
+              False -> doStop
+              True -> frameRevert "assertion failed: assertApproxEqAbs (symbolic)"
+        abivals -> vmError (BadCheatCode ("assertApproxEqAbs(int256,int256,uint256) parameter decoding failed: " <> show abivals) sig)
     toStringCheat abitype sig input = do
       case decodeBuf [abitype] input of
         (CAbi [val],"") -> frameReturn $ AbiTuple $ V.fromList [AbiString $ Char8.pack $ show val]
diff --git a/test/EVM/Test/FoundryTests.hs b/test/EVM/Test/FoundryTests.hs
@@ -4,7 +4,7 @@ import Control.Monad (forM_)
 import Control.Monad.Catch (MonadMask)
 import Control.Monad.IO.Class
 import Control.Monad.Reader (ReaderT)
-import Data.Text (Text, isPrefixOf)
+import Data.Text (Text, isPrefixOf, unpack)
 import Test.Tasty
 import Test.Tasty.HUnit
 
@@ -118,6 +118,22 @@ tests = testGroup "Foundry tests"
     , test "Keccak" $ do
         let testFile = "test/contracts/pass/keccak.sol"
         executeSingleMethod testFile "prove_access" >>= assertEqualM "test result" (True, True)
+    , test "AssertApproxEqAbs-Pass" $ do
+        let testFile = "test/contracts/pass/assertApproxEqAbs.sol"
+        executeAllMethodsWithPrefix testFile "prove" >>= assertEqualM "test result" (True, True)
+    , test "AssertApproxEqAbs-Fail" $ do
+        let testFile = "test/contracts/fail/assertApproxEqAbs.sol"
+        let cases =
+              -- concrete-only tests: all branches revert, hence (False, False)
+              [ ("prove_approx_eq_abs_uint_exceeds_delta", (False, False))
+              , ("prove_approx_eq_abs_uint_zero_delta_neq", (False, False))
+              , ("prove_approx_eq_abs_int_exceeds_delta", (False, False))
+              , ("prove_approx_eq_abs_int_min_zero_tight", (False, False))
+              -- symbolic: not all branches revert
+              , ("prove_approx_eq_abs_uint_symbolic_fail", (False, True))
+              ]
+        forM_ cases $ \(method, expected) -> do
+          executeSingleMethod testFile method >>= assertEqualM (unpack method) expected
     ]
 
 executeSingleMethod :: (App m, MonadMask m) => FilePath -> Text -> m (Bool, Bool)
diff --git a/test/contracts/fail/assertApproxEqAbs.sol b/test/contracts/fail/assertApproxEqAbs.sol
@@ -0,0 +1,34 @@
+import "forge-std/Test.sol";
+
+contract AssertApproxEqAbsFailTest is Test {
+    // --- uint256 failures ---
+
+    function prove_approx_eq_abs_uint_exceeds_delta() public pure {
+        // delta = 11, maxDelta = 10 -> should fail
+        assertApproxEqAbs(uint256(111), uint256(100), 10);
+    }
+
+    function prove_approx_eq_abs_uint_zero_delta_neq() public pure {
+        // exact equality required, but values differ
+        assertApproxEqAbs(uint256(1), uint256(0), 0);
+    }
+
+    // --- int256 failures ---
+
+    function prove_approx_eq_abs_int_exceeds_delta() public pure {
+        // delta(-6, 5) = 6 + 5 = 11, maxDelta = 10 -> should fail
+        assertApproxEqAbs(int256(-6), int256(5), 10);
+    }
+
+    function prove_approx_eq_abs_int_min_zero_tight() public pure {
+        // delta(int256.min, 0) = 2^255, maxDelta = 2^255 - 1 -> should fail
+        assertApproxEqAbs(type(int256).min, int256(0), uint256(2**255 - 1));
+    }
+
+    // --- symbolic failure ---
+
+    function prove_approx_eq_abs_uint_symbolic_fail(uint256 a) public pure {
+        // a vs 0 with delta 0 means a must be 0, but a is unconstrained -> should fail
+        assertApproxEqAbs(a, uint256(0), 0);
+    }
+}
diff --git a/test/contracts/pass/assertApproxEqAbs.sol b/test/contracts/pass/assertApproxEqAbs.sol
@@ -0,0 +1,76 @@
+import "forge-std/Test.sol";
+
+contract AssertApproxEqAbsTest is Test {
+    // --- uint256 concrete tests ---
+
+    function prove_approx_eq_abs_uint_exact() public pure {
+        assertApproxEqAbs(uint256(100), uint256(100), 0);
+    }
+
+    function prove_approx_eq_abs_uint_within_delta() public pure {
+        assertApproxEqAbs(uint256(105), uint256(100), 10);
+    }
+
+    function prove_approx_eq_abs_uint_at_boundary() public pure {
+        assertApproxEqAbs(uint256(110), uint256(100), 10);
+    }
+
+    function prove_approx_eq_abs_uint_reversed() public pure {
+        // order shouldn't matter
+        assertApproxEqAbs(uint256(100), uint256(110), 10);
+    }
+
+    function prove_approx_eq_abs_uint_zero() public pure {
+        assertApproxEqAbs(uint256(0), uint256(0), 0);
+    }
+
+    function prove_approx_eq_abs_uint_large_delta() public pure {
+        assertApproxEqAbs(uint256(0), type(uint256).max, type(uint256).max);
+    }
+
+    // --- int256 concrete tests ---
+
+    function prove_approx_eq_abs_int_exact() public pure {
+        assertApproxEqAbs(int256(100), int256(100), 0);
+    }
+
+    function prove_approx_eq_abs_int_within_delta() public pure {
+        assertApproxEqAbs(int256(-5), int256(3), 10);
+    }
+
+    function prove_approx_eq_abs_int_opposite_signs() public pure {
+        // delta(-5, 5) = |-5| + |5| = 10
+        assertApproxEqAbs(int256(-5), int256(5), 10);
+    }
+
+    function prove_approx_eq_abs_int_both_negative() public pure {
+        // delta(-100, -95) = 5
+        assertApproxEqAbs(int256(-100), int256(-95), 5);
+    }
+
+    function prove_approx_eq_abs_int_min_max() public pure {
+        // delta(int256.min, int256.max) = 2^255 + (2^255 - 1) = 2^256 - 1 = type(uint256).max
+        assertApproxEqAbs(type(int256).min, type(int256).max, type(uint256).max);
+    }
+
+    function prove_approx_eq_abs_int_min_zero() public pure {
+        // delta(int256.min, 0) = |int256.min| = 2^255
+        assertApproxEqAbs(type(int256).min, int256(0), uint256(2**255));
+    }
+
+    function prove_approx_eq_abs_int_zero() public pure {
+        assertApproxEqAbs(int256(0), int256(0), 0);
+    }
+
+    // --- uint256 symbolic tests ---
+
+    function prove_approx_eq_abs_uint_symbolic(uint256 a) public pure {
+        // any value is within max delta of itself
+        assertApproxEqAbs(a, a, 0);
+    }
+
+    function prove_approx_eq_abs_uint_symbolic_maxdelta(uint256 a, uint256 b) public pure {
+        // any two uint256 values are within type(uint256).max of each other
+        assertApproxEqAbs(a, b, type(uint256).max);
+    }
+}
