Sync audit formal verification (#294)

* Certora's formal verification effort for Manifest (#259) * Certora's formal verification effort for Manifest - Verification rules are in `programs/manifest/src/certora/spec` - Mock for red-black tree in `cvt_db_mock.rs` - Mock for QuoteAtomsPerBaseAtoms in `quantities_certora.rs` - Uses conditional compilation with feature `certora` to plug in the mocks - See the accompanying audit report for additional details * specs: add rules for matching mechanism --------- Co-authored-by: caballa <[email protected]> * Fix build * More making certora compile * More fixes * add updated script * Fix verify * Update rbtree * Fix list of rules for violated rules * Remove expected to be violated rules * Cleanup * Update logs * comment on batch update * Processor * quantities * utils * Update github action * Fix lint * Fix unused * Unused * action remove with * remove container * remove container * Fix yml --------- Co-authored-by: nisarg-certora <[email protected]> Co-authored-by: caballa <[email protected]>
CKS-Systems · Nov 25, 2024 · 0689dae · 0689dae
1 parent a43f7e4
commit 0689dae
Show file tree

Hide file tree

Showing 146 changed files with 13,515 additions and 973 deletions.
diff --git a/.github/workflows/ci-certora.yml b/.github/workflows/ci-certora.yml
@@ -0,0 +1,51 @@
+name: Certora Formal Verification
+on:
+  schedule:
+    - cron: "0 0 * * *"
+  workflow_dispatch:
+
+env:
+  SOLANA_VERSION: '1.18.16'
+
+jobs:
+  verification:
+    name: Formal Verification
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup python
+        uses: actions/setup-python@v5
+
+      - name: Install certora CLI
+        run: pip install certora-cli
+
+      - name: Install solana
+        run: |
+          sh -c "$(curl -sSfL https://release.solana.com/v${{ env.SOLANA_VERSION }}/install)"
+          export PATH="$HOME/.local/share/solana/install/active_release/bin:$PATH"
+
+      - name: Install certora platform tools
+        run: |
+          mkdir $HOME/platform-tools-certora
+          wget https://github.com/Certora/certora-solana-platform-tools/releases/download/linux-x86_64-ubuntu-20.04-10-22-2024/platform-tools-linux-x86_64.tar.bz2
+          cd $HOME
+          tar -xvjf platform-tools-linux-x86_64.tar.bz2 -C $HOME/platform-tools-certora
+          export PLATFORM_TOOLS_DIR=$HOME/.cache/solana/v1.41
+          mv $PLATFORM_TOOLS_DIR/platform-tools $PLATFORM_TOOLS_DIR/platform-tools.backup
+          ln -sf $HOME/platform-tools-certora $PLATFORM_TOOLS_DIR/platform-tools
+
+      - name: Install just
+        uses: extractions/setup-just@v2
+
+      - name: Run formal verification
+        run: |
+          cd programs/manifest
+          just build-sbf
+          python3 verify-manifest.py -r rules.json
+          python3 verify-manifest.py -r rules-rb-tree.json
+        env:
+          CERTORA: ""
+          CERTORA_CLI: certoraRun
+          CERTORAKEY: ${{ secrets.CERTORAKEY }}