These tests look good overall. I would also add several more tests:

• One that makes the storage fresh, then which reads/writes multiple storage values, and checks that we don't accidentally get aliasing between them somehow.
• One that makes the storage fresh, then reads two different values, and puts a precondition (assume) that they are distinct value (not equal to each other), and then does something with those values.
• One which reads a storage variable, but then bounds the result to something very small. This is to check if we can efficiently generate random numbers within a bound.

sounds good, will add such

added a test here that I think it covers first 2 bullets

not clear though on how a test for 3rd one should look like?

Hmmm, the third test maybe doesn't make sense, I agree. That one can probably be left for now, and if we encounter unexpected behavior with the tool we can report it and get a test added then.

The main concern is that a user may want to do this:

vm.freshStorage(address(counter));
vm.bound(counter.a(), 10, 20);

This basically would be saying: set the storage to all symbolic, but the value of a should be between 10 and 20. Currently, I assume this would cause a lot of reverts because the counter.a() read will happen before the call to bound.

I'm not sure there is anything you can do about this in Foundry, it should work fine in Kontrol. But instead, for Foundry, you would have to do:

vm.freshStorage(address(counter));
uint256 a = vm.freshUInt(256, 10, 20); // produces the fresh value _and_ bounds it
counter.setA(a);

Then we know that the storage is all symbolic, but the correct bounds exist on a.

The above is psuedocode, btw, just trying to brainstorm how to solve this issue of having a fully symbolic storage, but also allowing some bounds on specific values.

I guess I would prefer the name freshUInt, freshAddress, for example, rather than random. Maybe they can be included in the forge-std, but then just simplify down to teh random variants? The reason is because we want to use the same cheatcodes as Foundry directly, but for us they're not random, but symbolic. fresh captures both random and symbolic as sub-categories.

the randomAddress and uint are already added, going to work on the fresh* cheatcodes and maybe look into aliasing existing

I actually don't see why these should hold.... As far as I can see, a, b, and c should all be fresh, meaning they could be zero as well as any other number.

yes, that's correct, they could be 0 though is unlikely. I will remove these assertions as they could fail the test

the randomness though follows the fuzzing rules where you can specify a seed and have deterministic values. So maybe could leave the assertions but set a certain seed that will always generate non zero values for this sequence... will think if this is of any value for given test

@ehildenb I removed the assertions and added a test using seed / producing deterministic values here:

Also ported Kontrol tests using same seed:

Nice, that's cool.

what does this mean exactly, fresh to me indicates that the account's storage is reset/cleared

yeah, agree it's confusing, it's basically random values, in #4072 there were 2 more suggestions for the name: symbolicStorage and setArbitraryStorage I personally like the setArbitraryStorage one or randomStorage, CC @ehildenb for thoughts

I like setArbitraryStorage

Arbitrary sounds good to me too!

Fresh is just shorter/easier to say.

kk, will stick with setArbitraryStorage then

changed, pls recheck

can we describe what fresh means, not obvious

added, pls recheck (did a force push to keep PR clean)

I would like these tests to be all in forge

we're also seeing that there are 2 ways to write tests, one in testdata/... .sol and other in forgetest!, which i'm not too fond of

yep, will move them all under forge/tests/it then

I reverted the change, indeed they should stay in cheats testdata, got
Will follow up with a PR to cleanup force/cli/test_cmd.rs as it is now a catch all thingy

why was this changed? again the point of all these substitution is so that if the test output changes you can just run the test suite once with SNAPSHOTS=overwrite and it will be updated normally. now you have to do that and also re-add manually ... since those are manual filters

yep, reverted, please check (got wrong the SNAPSHOTS=overwrite usage but now clear, thank you)

what's considered "untouched" here? eg in a single test calling the same contract two times from test scope would result in slot being cold on first call, and warm on second due to how our EVM works. is this expected?

yep, that's the expected behavior, subsequent loads of same slot should return same value

unless explicitly rewritten

hmm, I think this would never be cold because revm marks slot as warm during execution of opcode?

though it looks like tests are passing? would need to look closer

I think it might be because we're reading the value instead of a key in interpreter.stack().peek(0). on step_end stack already contains read value

yes, that's my take too, the opcode is not yet executed / slot marked as warm at this point

ah interpreter.current_opcode() returns next opcode in step_end, so it's fine

yes, that's my take too, the opcode is not yet executed / slot marked as warm at this point

I was thinking that we're entering ensure_arbitrary_storage after revm executed the opcode, so it's my bad

though can we document what's happening here anyway? especially that this would happen before sload even though we are in _end hook

sure, will add comment to make this clear

@klkvr please check 16f068f Had to accommodate copy from arbitrary storage scenario pointed here #8807 (comment) too, so a little bit bigger change, ptal. thanks!

this won't work for forking but Ig it's out of scope?

Indeed, wasn't discussed to work for forking but could be added later if needed

should this be set in test_data?

good point, not sure we should be adding a new TEST_DATA_WITH_SEED (we don't have one for isolate either) but default tests shouldn't run with seed - since there's no option to set it inline I've added a test that runs contracts matching WithSeed (excluded from defaults), hope this makes sense
pls check 7e69723

can collapse into one get().or_else(|| ), also this panics if call.input.len() < 4, use call.input.get(..4)

changed in 7e69723

should move the SLOAD check outside into step_end, and make it call one arbitrary_storage_end to avoid callsite bloat

changed in 7e69723

should not gen unless either is true

yep, changed in 7e69723

please add it to if cfg!(feature = "isolate-by-default") branch below too, tests with --features=isolate-by-default are failing because we're overriding it there

sorry, missed running the test with feature set locally, added here 02086f9 (had to add mock function test too)

had to add mock function test too

hmm, wondering why would it break with --isolate?

ah, I see, it's because we're ignoring bytecode_address when handling isolated calls

not sure how to handle this now, probably not a big deal

could be solved by instead of altering bytecode_address changing target address bytecode for duration of the call, though it would introduce new edge cases

let's keep it ignored for now

this should just have the op::SLOAD check and the others inside of the arbitrary_storage_end function; please be very mindful of what goes in step and step_end because these functions are called millions of times

oh, ok, will do a PR to change this, mind to explain the difference? (was thinking that is better to check if is arbitrary or copy of arbitrary storage first and only if one of them is true check if a SLOAD (which is more likely), as arbitrary and copy are not so commons)

They are called on execution of every single opcode, meaning tens to hundreds of thousands per single execution of a test

we want them optimized for the common path of "do nothing" as most of these checks will be false most of the time; this means they should be always inlined and the checks should always be small in size so that these functions fit in as few cache lines as possible

because they are so hot this matters a lot

wrt the checks order, the thinking is not correct because checking opcode is 1 or 2 instructions, while the others are hashmap lookups which are in the order of hundreds or thousands

in either case the most common and cheapest check is the SLOAD one, the rest should be outlined because most opcodes are not SLOAD

ideally hooks like these could be installed separately as custom opcodes, however we dont really have a framework for doing this currently

thank you, makes total sense, will follow up with a PR to get it inline

Re hashmap lookups - my logic was that it won't affect too much execution when cheatcodes not used (hence empty hashmap and no need to check the opcode)

wonder if better to have arbitrary storage as an option, made a draft PR here #8848