Add allowCalls cheatcode

src/kontrol/kdist/cheatcodes.md

@@ -76,8 +76,8 @@ module FOUNDRY-CHEAT-CODES
         </expectEmit>
         <whitelist>
           <isCallWhitelistActive> false </isCallWhitelistActive>
+          <allowedCallsList> .List </allowedCallsList>
           <isStorageWhitelistActive> false </isStorageWhitelistActive>
-          <addressList> .List </addressList>
           <storageSlotList> .List </storageSlotList>
         </whitelist>
         <mockCalls>
@@ -946,6 +946,7 @@ A `StorageSlot` pair is formed from an address and a storage index.
 
 ```k
     syntax StorageSlot ::= "{" Int "|" Int "}"
+    syntax CallToAddress ::= "{" Int "|" Bytes "}"
  // ------------------------------------------
 ```
 
@@ -965,15 +966,14 @@ If the address is not in the whitelist `WLIST` then `KEVM` goes into an error st
 
 ```k
     rule [foundry.catchNonWhitelistedCalls]:
-         <k> (#call _ ACCTTO _ _ _ _ false
-          ~> #popCallStack
-          ~> #popWorldState) => #end KONTROL_WHITELISTCALL ... </k>
+         <k> (#call _ ACCTTO _ _ _ CALLDATA false
+          ~> #return _ _) => #end KONTROL_WHITELISTCALL ... </k>
          <whitelist>
            <isCallWhitelistActive> true </isCallWhitelistActive>
-           <addressList> WLIST </addressList>
+           <allowedCallsList> WLIST </allowedCallsList>
            ...
          </whitelist>
-      requires notBool ACCTTO in WLIST
+      requires notBool ({ACCTTO|CALLDATA} in WLIST orBool {ACCTTO|b"*"} in WLIST)
       [priority(40)]
 ```
 
@@ -1003,9 +1003,32 @@ function allowCallsToAddress(address) external;
 Adds an account address to the whitelist. The execution of the modified KEVM will stop when a call has been made to an address which is not in the whitelist.
 
 ```k
-    rule [foundry.allowCallsToAddress]:
-         <k> #cheatcode_call SELECTOR ARGS => #loadAccount #asWord(ARGS) ~> #addAddressToWhitelist #asWord(ARGS) ... </k>
-         requires SELECTOR ==Int selector ( "allowCallsToAddress(address)" )
+    rule [foundry.allowAllCallsToAddress]:
+         <k> #cheatcode_call SELECTOR ARGS
+          => #loadAccount #asWord(ARGS)
+          ~> #setAllowedAllCalls #asWord(ARGS) ... </k>
+         requires SELECTOR ==Int selector("allowCallsToAddress(address)")
+```
+
+#### `allowCalls` - Add an account address and calldata prefix to a whitelist.
+
+```
+function allowCalls(address, bytes calldata data) external;
+```
+
+Adds an account address and calldata prefix to the whitelist. The execution of the modified KEVM will stop when a call has been made to an address and/or with calldata which are not in the whitelist.
+
+```k
+    rule [foundry.allowCalls]:
+         <k> #cheatcode_call SELECTOR ARGS
+          => #loadAccount #asWord(#range(ARGS, 0, 32))
+          ~> #etchAccountIfEmpty #asWord(#range(ARGS, 0, 32))
+         ~> #setAllowedCall 
+               #asWord(#range(ARGS, 0, 32)) 
+               #range(ARGS, #asWord(#range(ARGS, 32, 32)) +Int 32, #asWord(#range(ARGS, #asWord(#range(ARGS, 32, 32)), 32)))
+         ...
+         </k>
+         requires SELECTOR ==Int selector ( "allowCalls(address,bytes)" )
 ```
 
 #### `allowChangesToStorage` - Add an account address and a storage slot to a whitelist.
@@ -1588,19 +1611,6 @@ If the flag is false, it skips comparison, assuming success; otherwise, it compa
     rule #checkTopics(ListItem(CHECK) CHECKS, ListItem(V1) L1, ListItem(V2) L2) => #checkTopic(CHECK, V1, V2) andBool #checkTopics(CHECKS, L1, L2) requires size(L1) ==Int size(L2)
 ```
 
-- `#addAddressToWhitelist` enables the whitelist restriction for calls and adds an address to the whitelist.
-
-```k
-    syntax KItem ::= "#addAddressToWhitelist" Int [symbol(foundry_addAddressToWhitelist)]
- // -------------------------------------------------------------------------------------
-    rule <k> #addAddressToWhitelist ACCT => .K ... </k>
-        <whitelist>
-          <isCallWhitelistActive> _ => true </isCallWhitelistActive>
-          <addressList> WLIST => WLIST ListItem(ACCT) </addressList>
-          ...
-        </whitelist>
-```
-
 - `#addStorageSlotToWhitelist` enables the whitelist restriction for storage chagnes and adds a `StorageSlot` item to the whitelist.
 
 ```k
@@ -1632,6 +1642,27 @@ If the flag is false, it skips comparison, assuming success; otherwise, it compa
     rule <k> #etchAccountIfEmpty _ => .K ... </k> [owise]
 ```
 
+- `#setAllowedCall ALLOWEDACCOUNT ALLOWEDCALLDATA` and `setAllowedAllCalls ALLOWEDACCOUNT` will update the `<allowedCallsList>` list with the given account and calldata.
+
+```k
+    syntax KItem ::= "#setAllowedCall" Account Bytes [symbol(foundry_setAllowedCall)]
+    syntax KItem ::= "#setAllowedAllCalls" Account [symbol(foundry_setAllowedAllCalls)]
+ // ---------------------------------------------------------------------------------
+    rule <k> #setAllowedCall ALLOWEDACCOUNT ALLOWEDCALLDATA => .K ... </k>
+         <whitelist>
+            <isCallWhitelistActive> _ => true </isCallWhitelistActive>
+            <allowedCallsList> ALLOWEDCALLS => ALLOWEDCALLS ListItem({ALLOWEDACCOUNT|ALLOWEDCALLDATA}) </allowedCallsList>
+            ...
+         </whitelist>
+
+   rule <k> #setAllowedAllCalls ALLOWEDACCOUNT => .K ... </k>
+      <whitelist>
+         <isCallWhitelistActive> _ => true </isCallWhitelistActive>
+         <allowedCallsList> ALLOWEDCALLS => ALLOWEDCALLS ListItem({ALLOWEDACCOUNT|b"*"}) </allowedCallsList>
+         ...
+      </whitelist>
+```
+
 - `#setMockCall MOCKADDRESS MOCKCALLDATA MOCKRETURN` will update the `<mockcalls>` mapping for the given account.
 
 ```k
@@ -1745,6 +1776,7 @@ Selectors for **implemented** cheat code functions.
     rule ( selector ( "prank(address)" )                           => 3395723175 )
     rule ( selector ( "prank(address,address)" )                   => 1206193358 )
     rule ( selector ( "allowCallsToAddress(address)" )             => 1850795572 )
+    rule ( selector ( "allowCalls(address,bytes)" )                => 1808051021 )
     rule ( selector ( "allowChangesToStorage(address,uint256)" )   => 4207417100 )
     rule ( selector ( "infiniteGas()" )                            => 3986649939 )
     rule ( selector ( "setGas(uint256)" )                          => 3713137314 )

src/kontrol/kdist/kontrol_lemmas.md

@@ -188,5 +188,18 @@ module KONTROL-AUX-LEMMAS
       requires 0 <Int X andBool 0 <=Int Z andBool ( Z +Int 1) modInt X ==Int 0
       [simplification, concrete(X, Z), preserves-definedness]
 
+    //
+    // List simplifications for `allowCalls`
+    //
+
+    // List membership check simplification for lists with a single element
+    rule KI:KItem in ListItem(KI:KItem) => true [simplification]
+    rule KI:KItem in ListItem(KJ:KItem) => KI ==K KJ [simplification]
+
+    // Recursive list membership check for lists with multiple elements
+    rule KI:KItem in (ListItem(KI) Rest) => true [simplification]
+    rule KI:KItem in (ListItem(KJ) Rest) => KI in Rest [simplification]
+    rule KI:KItem in .List => false [simplification]
+
 endmodule
 ```

src/kontrol/prove.py

@@ -1038,8 +1038,8 @@ def _init_cterm(
         'ISEVENTEXPECTED_CELL': FALSE,
         'ISCALLWHITELISTACTIVE_CELL': FALSE,
         'ISSTORAGEWHITELISTACTIVE_CELL': FALSE,
-        'ADDRESSLIST_CELL': list_empty(),
         'STORAGESLOTLIST_CELL': list_empty(),
+        'ALLOWEDCALLSLIST_CELL': list_empty(),
         'MOCKCALLS_CELL': KApply('.MockCallCellMap'),
         'MOCKFUNCTIONS_CELL': KApply('.MockFunctionCellMap'),
         'ACTIVETRACING_CELL': TRUE if trace_options.active_tracing else FALSE,
@@ -1425,7 +1425,7 @@ def _final_term(
         'ISEVENTEXPECTED_CELL': KVariable('ISEVENTEXPECTED_FINAL'),
         'ISCALLWHITELISTACTIVE_CELL': KVariable('ISCALLWHITELISTACTIVE_FINAL'),
         'ISSTORAGEWHITELISTACTIVE_CELL': KVariable('ISSTORAGEWHITELISTACTIVE_FINAL'),
-        'ADDRESSLIST_CELL': KVariable('ADDRESSLIST_FINAL'),
+        'ALLOWEDCALLSLIST_CELL': KVariable('ALLOWEDCALLSLIST_FINAL'),
         'STORAGESLOTLIST_CELL': KVariable('STORAGESLOTLIST_FINAL'),
     }
 

src/tests/integration/test-data/end-to-end-prove-all

@@ -1,3 +1,5 @@
+AllowChangesTest.testAllowCalls(uint256)
+AllowChangesTest.testAllowCalls_failIfNotWhitelisted(uint256)
 CounterTest.test_Increment()
 RandomVarTest.test_custom_names()
 RandomVarTest.test_randomBool()

src/tests/integration/test-data/foundry/test/AllowChangesTest.t.sol

@@ -42,13 +42,11 @@ contract AllowChangesTest is Test, KontrolCheats {
 	}
 	function testFailAllowCallsToAddress() public {
 		kevm.allowCallsToAddress(address(canChange));
-		kevm.allowChangesToStorage(address(canChange), 0);
 
 		cannotChange.changeSlot0(10245);
 	}
 
 	function testFailAllowChangesToStorage() public {
-		kevm.allowCallsToAddress(address(canChange));
 		kevm.allowChangesToStorage(address(canChange), 0);
 
 		canChange.changeSlot1(23452);

src/tests/integration/test-data/show/AccountParamsTest.testDealConcrete().trace.expected

@@ -258,12 +258,12 @@ module SUMMARY-TEST%ACCOUNTPARAMSTEST.TESTDEALCONCRETE():0
                <isCallWhitelistActive>
                  false
                </isCallWhitelistActive>
+               <allowedCallsList>
+                 .List
+               </allowedCallsList>
                <isStorageWhitelistActive>
                  false
                </isStorageWhitelistActive>
-               <addressList>
-                 .List
-               </addressList>
                <storageSlotList>
                  .List
                </storageSlotList>

src/tests/integration/test-data/show/AddConst.applyOp(uint256).cse.expected

@@ -189,12 +189,12 @@ module SUMMARY-SRC%CSE%ADDCONST.APPLYOP(UINT256):0
                <isCallWhitelistActive>
                  false
                </isCallWhitelistActive>
+               <allowedCallsList>
+                 .List
+               </allowedCallsList>
                <isStorageWhitelistActive>
                  false
                </isStorageWhitelistActive>
-               <addressList>
-                 .List
-               </addressList>
                <storageSlotList>
                  .List
                </storageSlotList>
@@ -368,12 +368,12 @@ module SUMMARY-SRC%CSE%ADDCONST.APPLYOP(UINT256):0
                <isCallWhitelistActive>
                  false
                </isCallWhitelistActive>
+               <allowedCallsList>
+                 .List
+               </allowedCallsList>
                <isStorageWhitelistActive>
                  false
                </isStorageWhitelistActive>
-               <addressList>
-                 .List
-               </addressList>
                <storageSlotList>
                  .List
                </storageSlotList>

src/tests/integration/test-data/show/AddrTest.test_addr_true().trace.expected

@@ -218,12 +218,12 @@ module SUMMARY-TEST%ADDRTEST.TEST-ADDR-TRUE():0
                <isCallWhitelistActive>
                  false
                </isCallWhitelistActive>
+               <allowedCallsList>
+                 .List
+               </allowedCallsList>
                <isStorageWhitelistActive>
                  false
                </isStorageWhitelistActive>
-               <addressList>
-                 .List
-               </addressList>
                <storageSlotList>
                  .List
                </storageSlotList>

src/tests/integration/test-data/show/ArithmeticCallTest.test_double_add(uint256,uint256).cse.expected

@@ -450,12 +450,12 @@ module SUMMARY-TEST%ARITHMETICCALLTEST.TEST-DOUBLE-ADD(UINT256,UINT256):0
                <isCallWhitelistActive>
                  false
                </isCallWhitelistActive>
+               <allowedCallsList>
+                 .List
+               </allowedCallsList>
                <isStorageWhitelistActive>
                  false
                </isStorageWhitelistActive>
-               <addressList>
-                 .List
-               </addressList>
                <storageSlotList>
                  .List
                </storageSlotList>
@@ -859,12 +859,12 @@ module SUMMARY-TEST%ARITHMETICCALLTEST.TEST-DOUBLE-ADD(UINT256,UINT256):0
                <isCallWhitelistActive>
                  false
                </isCallWhitelistActive>
+               <allowedCallsList>
+                 .List
+               </allowedCallsList>
                <isStorageWhitelistActive>
                  false
                </isStorageWhitelistActive>
-               <addressList>
-                 .List
-               </addressList>
                <storageSlotList>
                  .List
                </storageSlotList>
@@ -1250,12 +1250,12 @@ module SUMMARY-TEST%ARITHMETICCALLTEST.TEST-DOUBLE-ADD(UINT256,UINT256):0
                <isCallWhitelistActive>
                  false
                </isCallWhitelistActive>
+               <allowedCallsList>
+                 .List
+               </allowedCallsList>
                <isStorageWhitelistActive>
                  false
                </isStorageWhitelistActive>
-               <addressList>
-                 .List
-               </addressList>
                <storageSlotList>
                  .List
                </storageSlotList>
@@ -1643,12 +1643,12 @@ module SUMMARY-TEST%ARITHMETICCALLTEST.TEST-DOUBLE-ADD(UINT256,UINT256):0
                <isCallWhitelistActive>
                  false
                </isCallWhitelistActive>
+               <allowedCallsList>
+                 .List
+               </allowedCallsList>
                <isStorageWhitelistActive>
                  false
                </isStorageWhitelistActive>
-               <addressList>
-                 .List
-               </addressList>
                <storageSlotList>
                  .List
                </storageSlotList>
@@ -2037,12 +2037,12 @@ module SUMMARY-TEST%ARITHMETICCALLTEST.TEST-DOUBLE-ADD(UINT256,UINT256):0
                <isCallWhitelistActive>
                  false
                </isCallWhitelistActive>
+               <allowedCallsList>
+                 .List
+               </allowedCallsList>
                <isStorageWhitelistActive>
                  false
                </isStorageWhitelistActive>
-               <addressList>
-                 .List
-               </addressList>
                <storageSlotList>
                  .List
                </storageSlotList>