remove storage keyword

nivcertora · nivcertora · commit 0b0399fa064e · 2024-03-05T09:49:15.000+02:00
diff --git a/CVLByExample/QuantifierExamples/DoublyLinkedList/certora/spec/dll-linkedcorrectly.spec b/CVLByExample/QuantifierExamples/DoublyLinkedList/certora/spec/dll-linkedcorrectly.spec
@@ -30,37 +30,37 @@ ghost prevstar(address, address) returns bool {
 
 // HOOKS
 
-hook Sstore currentContract.dll.head address newHead STORAGE {
+hook Sstore currentContract.dll.head address newHead {
     ghostHead = newHead;
 }
-hook Sstore currentContract.dll.tail address newTail STORAGE {
+hook Sstore currentContract.dll.tail address newTail {
     ghostTail = newTail;
 }
 
-hook Sstore currentContract.dll.accounts[KEY address key].next address newNext STORAGE {
+hook Sstore currentContract.dll.accounts[KEY address key].next address newNext {
     ghostNext[key] = newNext;
 }
 
-hook Sstore currentContract.dll.accounts[KEY address key].prev address newPrev STORAGE {
+hook Sstore currentContract.dll.accounts[KEY address key].prev address newPrev {
     ghostPrev[key] = newPrev;
 }
-hook Sstore currentContract.dll.accounts[KEY address key].value uint256 newValue STORAGE {
+hook Sstore currentContract.dll.accounts[KEY address key].value uint256 newValue {
     ghostValue[key] = newValue;
 }
 
-hook Sload address head currentContract.dll.head STORAGE {
+hook Sload address head currentContract.dll.head {
     require ghostHead == head;
 }
-hook Sload address tail currentContract.dll.tail STORAGE {
+hook Sload address tail currentContract.dll.tail {
     require ghostTail == tail;
 }
-hook Sload address next currentContract.dll.accounts[KEY address key].next STORAGE {
+hook Sload address next currentContract.dll.accounts[KEY address key].next {
     require ghostNext[key] == next;
 }
-hook Sload address prev currentContract.dll.accounts[KEY address key].prev STORAGE {
+hook Sload address prev currentContract.dll.accounts[KEY address key].prev {
     require ghostPrev[key] == prev;
 }
-hook Sload uint256 value currentContract.dll.accounts[KEY address key].value STORAGE {
+hook Sload uint256 value currentContract.dll.accounts[KEY address key].value {
     require ghostValue[key] == value;
 }
 
diff --git a/CVLByExample/QuantifierExamples/EnumerableSet/certora/spec/set.spec b/CVLByExample/QuantifierExamples/EnumerableSet/certora/spec/set.spec
@@ -29,15 +29,15 @@ ghost uint256 ghostLength {
 // HOOKS
 // Store hook to synchronize ghostLength with the length of the set._inner._values array. 
 // We need to use (offset 0) here, as there is no keyword yet to access the length.
-hook Sstore currentContract.set.(offset 0) uint256 newLength STORAGE {
+hook Sstore currentContract.set.(offset 0) uint256 newLength {
     ghostLength = newLength;
 }
 // Store hook to synchronize ghostValues array with set._inner._values.
-hook Sstore currentContract.set._inner._values[INDEX uint256 index] bytes32 newValue STORAGE {
+hook Sstore currentContract.set._inner._values[INDEX uint256 index] bytes32 newValue {
     ghostValues[index] = newValue;
 }
 // Store hook to synchronize ghostIndexes array with set._inner._indexes.
-hook Sstore currentContract.set._inner._indexes[KEY bytes32 value] uint256 newIndex STORAGE {
+hook Sstore currentContract.set._inner._indexes[KEY bytes32 value] uint256 newIndex {
     ghostIndexes[value] = newIndex;
 }
 
@@ -51,13 +51,13 @@ hook Sstore currentContract.set._inner._indexes[KEY bytes32 value] uint256 newIn
 
 // Load hook to synchronize ghostLength with the length of the set._inner._values array. 
 // Again we use (offset 0) here, as there is no keyword yet to access the length.
-hook Sload uint256 length currentContract.set.(offset 0) STORAGE {
+hook Sload uint256 length currentContract.set.(offset 0) {
     require ghostLength == length;
 }
-hook Sload bytes32 value currentContract.set._inner._values[INDEX uint256 index] STORAGE {
+hook Sload bytes32 value currentContract.set._inner._values[INDEX uint256 index] {
     require ghostValues[index] == value;
 }
-hook Sload uint256 index currentContract.set._inner._indexes[KEY bytes32 value] STORAGE {
+hook Sload uint256 index currentContract.set._inner._indexes[KEY bytes32 value] {
     require ghostIndexes[value] == index;
 }
 
diff --git a/CVLByExample/QuantifierExamples/SinglyLinkedList/certora/spec/list-reach.spec b/CVLByExample/QuantifierExamples/SinglyLinkedList/certora/spec/list-reach.spec
@@ -42,7 +42,7 @@ definition updateSucc(bytes32 a, bytes32 b) returns bool = forall bytes32 X. for
             (reach@old(X, Y) && !(reach@old(X, a) && a != Y && reach@old(a, Y))) ||
             (reach@old(X, a) && reach@old(b, Y)));
 
-hook Sstore currentContract.list.elements[KEY bytes32 key].nextKey bytes32 newNextKey STORAGE {
+hook Sstore currentContract.list.elements[KEY bytes32 key].nextKey bytes32 newNextKey {
     bytes32 otherKey;
     
     require reachSuccInvariant(otherKey);
@@ -56,24 +56,24 @@ hook Sstore currentContract.list.elements[KEY bytes32 key].nextKey bytes32 newNe
     assert reachSuccInvariant(otherKey), "Successor invariant not preserved";
 }
 
-hook Sstore currentContract.list.elements[KEY bytes32 key].valid uint256 value STORAGE {
+hook Sstore currentContract.list.elements[KEY bytes32 key].valid uint256 value {
     ghostValid[key] = value != 0;
 }
 
-hook Sstore currentContract.list.head bytes32 newHead STORAGE {
+hook Sstore currentContract.list.head bytes32 newHead {
     ghostHead = newHead;
 }
 
-hook Sload bytes32 nextKey currentContract.list.elements[KEY bytes32 key].nextKey STORAGE {
+hook Sload bytes32 nextKey currentContract.list.elements[KEY bytes32 key].nextKey {
     require ghostSucc[key] == nextKey;
     require reachSuccInvariant(key);
 }
 
-hook Sload bytes32 head currentContract.list.head STORAGE {
+hook Sload bytes32 head currentContract.list.head {
     require ghostHead == head;
 }
 
-hook Sload uint256 valueValid currentContract.list.elements[KEY bytes32 key].valid STORAGE {
+hook Sload uint256 valueValid currentContract.list.elements[KEY bytes32 key].valid {
     require valueValid != 0 <=> ghostValid[key];
 }
 
diff --git a/CVLByExample/Storage/certora/specs/storage.spec b/CVLByExample/Storage/certora/specs/storage.spec
@@ -128,7 +128,7 @@ ghost mapping(address => mathint) numOfOperations {
 }
 
 /// hook on a complex data structure, a mapping to a struct with a dynamic array
-hook Sstore _customers[KEY address a].accounts[INDEX uint256 i].accountBalance uint256 new_value (uint old_value) STORAGE {
+hook Sstore _customers[KEY address a].accounts[INDEX uint256 i].accountBalance uint256 new_value (uint old_value) {
     require  old_value == accountBalanceMirror[a][i]; // Need this inorder to sync on insert of new element  
     accountBalanceMirror[a][i] = new_value;
     numOfOperations[a] = old_value + 1;
diff --git a/CVLByExample/Structs/BankAccounts/certora/specs/structs.spec b/CVLByExample/Structs/BankAccounts/certora/specs/structs.spec
@@ -123,7 +123,7 @@ ghost mapping(address => uint256) numOfAccounts {
 
 /// Store hook to synchronize numOfAccounts with the length of the customers[KEY address a].accounts array.
 /// We need to use (offset 32) here, as there is no keyword yet to access the length.
-hook Sstore _customers[KEY address user].(offset 32) uint256 newLength STORAGE {
+hook Sstore _customers[KEY address user].(offset 32) uint256 newLength {
     if (newLength > numOfAccounts[user])
         require accountBalanceMirror[user][require_uint256(newLength-1)] == 0 ;   
     numOfAccounts[user] = newLength;
@@ -138,19 +138,19 @@ invariant checkNumOfAccounts(address user)
 
 /// This Sload is required in order to eliminate adding unintializaed account balance to sumBalances.
 /// (offset 32) is the location of the size of the mapping. It is used because the field `size` is not yet supported in cvl.  
-hook Sload uint256 length _customers[KEY address user].(offset 32) STORAGE {
+hook Sload uint256 length _customers[KEY address user].(offset 32) {
     require numOfAccounts[user] == length; 
 }
 
 /// hook on a complex data structure, a mapping to a struct with a dynamic array
-hook Sstore _customers[KEY address a].accounts[INDEX uint256 i].accountBalance uint256 new_value (uint old_value) STORAGE {
+hook Sstore _customers[KEY address a].accounts[INDEX uint256 i].accountBalance uint256 new_value (uint old_value) {
     require  old_value == accountBalanceMirror[a][i]; // Need this inorder to sync on insert of new element  
     sumBalances =  sumBalances + new_value - old_value ;
     accountBalanceMirror[a][i] = new_value;
 }
 
 /// Sload on a struct field.
-hook Sload uint256 value  _customers[KEY address a].accounts[INDEX uint256 i].accountBalance   STORAGE {
+hook Sload uint256 value  _customers[KEY address a].accounts[INDEX uint256 i].accountBalance   {
     // when balance load, safely assume it is less than the sum of all values
     require to_mathint(value) <= sumBalances;
     require to_mathint(i) <= to_mathint(numOfAccounts[a]-1);
diff --git a/DEFI/ConstantProductPool/certora/spec/ConstantProductPool.spec b/DEFI/ConstantProductPool/certora/spec/ConstantProductPool.spec
@@ -238,7 +238,7 @@ ghost mathint sumBalances{
 /* here we state when and how the ghost is updated */
 hook Sstore _balances[KEY address a] uint256 new_balance
 // the old value that balances[a] holds before the store
-    (uint256 old_balance) STORAGE {
+    (uint256 old_balance) {
   sumBalances = sumBalances + new_balance - old_balance;
 }
 
diff --git a/DEFI/ERC20/certora/specs/ERC20Broken.spec b/DEFI/ERC20/certora/specs/ERC20Broken.spec
@@ -114,7 +114,7 @@ ghost mathint sum_of_balances {
     init_state axiom sum_of_balances == 0;
 }
 
-hook Sstore _balances[KEY address a] uint new_value (uint old_value) STORAGE {
+hook Sstore _balances[KEY address a] uint new_value (uint old_value) {
     // when balance changes, update ghost
     sum_of_balances = sum_of_balances + new_value - old_value;
 }
diff --git a/DEFI/ERC20/certora/specs/ERC20Fixed.spec b/DEFI/ERC20/certora/specs/ERC20Fixed.spec
@@ -99,13 +99,13 @@ persistent ghost mathint sum_of_balances {
     init_state axiom sum_of_balances == 0;
 }
 
-hook Sstore _balances[KEY address a] uint new_value (uint old_value) STORAGE {
+hook Sstore _balances[KEY address a] uint new_value (uint old_value) {
     // when balance changes, update ghost
     sum_of_balances = sum_of_balances + new_value - old_value;
 }
 
 // This `sload` makes `sum_of_balances >= to_mathint(balance)` hold at the beginning of each rule.
-hook Sload uint256 balance _balances[KEY address a]  STORAGE {
+hook Sload uint256 balance _balances[KEY address a]  {
   require sum_of_balances >= to_mathint(balance);
 }
 
diff --git a/DEFI/ERC20/certora/specs/ERC20Full.spec b/DEFI/ERC20/certora/specs/ERC20Full.spec
@@ -81,11 +81,11 @@ ghost mathint numberOfChangesOfBalances {
 // overflows Alice's balance when receiving a transfer. This is not possible unless the contract is deployed into an 
 // already used address (or upgraded from corrupted state).
 // We restrict such behavior by making sure no balance is greater than the sum of balances.
-hook Sload uint256 balance _balances[KEY address addr] STORAGE {
+hook Sload uint256 balance _balances[KEY address addr] {
     require sumOfBalances >= to_mathint(balance);
 }
 
-hook Sstore _balances[KEY address addr] uint256 newValue (uint256 oldValue) STORAGE {
+hook Sstore _balances[KEY address addr] uint256 newValue (uint256 oldValue) {
     sumOfBalances = sumOfBalances - oldValue + newValue;
     numberOfChangesOfBalances = numberOfChangesOfBalances + 1;
 }
diff --git a/DEFI/Immutable/Immutable.spec b/DEFI/Immutable/Immutable.spec
@@ -32,7 +32,7 @@ rule HavocProoved(env e){
 
 // ghost uint ghostUint256;
 
-// hook Sload uint256 _MY_UINT currentContract.MY_UINT STORAGE {
+// hook Sload uint256 _MY_UINT currentContract.MY_UINT {
 //     require ghostUint256 == _MY_UINT;
 // }
 
diff --git a/DEFI/LiquidityPool/certora/specs/Full.spec b/DEFI/LiquidityPool/certora/specs/Full.spec
@@ -45,11 +45,11 @@ definition poll_functions(method f) returns bool = f.selector == sig:withdraw(ui
 ghost uint256 ghostReentrancyStatus;
 ghost bool lock_status_on_call;
 
-hook Sload uint256 status currentContract._status STORAGE {
+hook Sload uint256 status currentContract._status {
     require ghostReentrancyStatus == status;
 }
 
-hook Sstore currentContract._status uint256 status STORAGE {
+hook Sstore currentContract._status uint256 status {
     ghostReentrancyStatus = status;
 }
 
diff --git a/RealBugsFound/MakerDao/certora/specs/Vat.spec b/RealBugsFound/MakerDao/certora/specs/Vat.spec
@@ -21,23 +21,23 @@ ghost mapping(bytes32 => uint256) ArtGhost {
     init_state axiom forall bytes32 ilk. ArtGhost[ilk] == 0;
 }
 
-hook Sload uint256 v currentContract.ilks[KEY bytes32 ilk].(offset 0) STORAGE {
+hook Sload uint256 v currentContract.ilks[KEY bytes32 ilk].(offset 0) {
     require ArtGhost[ilk] == v;
 }
 
 // Updating ArtGhost in sync with sumOfVaultDebtGhost.
-hook Sstore currentContract.ilks[KEY bytes32 ilk].(offset 0) uint256 newArt (uint256 oldArt) STORAGE {
+hook Sstore currentContract.ilks[KEY bytes32 ilk].(offset 0) uint256 newArt (uint256 oldArt) {
     havoc sumOfVaultDebtGhost assuming to_mathint(sumOfVaultDebtGhost@new()) == to_mathint(sumOfVaultDebtGhost@old()) + 
     to_mathint((newArt * rateGhost[ilk]) - (oldArt * rateGhost[ilk]));
     ArtGhost[ilk] = newArt;
 }
 
-hook Sload uint256 v currentContract.ilks[KEY bytes32 ilk].(offset 32) STORAGE {
+hook Sload uint256 v currentContract.ilks[KEY bytes32 ilk].(offset 32) {
     require rateGhost[ilk] == v;
 }
 
 // Updating RateGhost in sync with sumOfVaultDebtGhost.
-hook Sstore currentContract.ilks[KEY bytes32 ilk].(offset 32) uint256 newRate (uint256 oldRate) STORAGE {
+hook Sstore currentContract.ilks[KEY bytes32 ilk].(offset 32) uint256 newRate (uint256 oldRate) {
     havoc sumOfVaultDebtGhost assuming to_mathint(sumOfVaultDebtGhost@new()) == 
         to_mathint(sumOfVaultDebtGhost@old() + (ArtGhost[ilk] * newRate) - (ArtGhost[ilk] * oldRate));
     rateGhost[ilk] = newRate;

Original file line number	Diff line number	Diff line change
`@@ -30,37 +30,37 @@ ghost prevstar(address, address) returns bool {`
`30`	`30`
`31`	`31`	`// HOOKS`
`32`	`32`
`33`		`-hook Sstore currentContract.dll.head address newHead STORAGE {`
	`33`	`+hook Sstore currentContract.dll.head address newHead {`
`34`	`34`	`ghostHead = newHead;`
`35`	`35`	`}`
`36`		`-hook Sstore currentContract.dll.tail address newTail STORAGE {`
	`36`	`+hook Sstore currentContract.dll.tail address newTail {`
`37`	`37`	`ghostTail = newTail;`
`38`	`38`	`}`
`39`	`39`
`40`		`-hook Sstore currentContract.dll.accounts[KEY address key].next address newNext STORAGE {`
	`40`	`+hook Sstore currentContract.dll.accounts[KEY address key].next address newNext {`
`41`	`41`	`ghostNext[key] = newNext;`
`42`	`42`	`}`
`43`	`43`
`44`		`-hook Sstore currentContract.dll.accounts[KEY address key].prev address newPrev STORAGE {`
	`44`	`+hook Sstore currentContract.dll.accounts[KEY address key].prev address newPrev {`
`45`	`45`	`ghostPrev[key] = newPrev;`
`46`	`46`	`}`
`47`		`-hook Sstore currentContract.dll.accounts[KEY address key].value uint256 newValue STORAGE {`
	`47`	`+hook Sstore currentContract.dll.accounts[KEY address key].value uint256 newValue {`
`48`	`48`	`ghostValue[key] = newValue;`
`49`	`49`	`}`
`50`	`50`
`51`		`-hook Sload address head currentContract.dll.head STORAGE {`
	`51`	`+hook Sload address head currentContract.dll.head {`
`52`	`52`	`require ghostHead == head;`
`53`	`53`	`}`
`54`		`-hook Sload address tail currentContract.dll.tail STORAGE {`
	`54`	`+hook Sload address tail currentContract.dll.tail {`
`55`	`55`	`require ghostTail == tail;`
`56`	`56`	`}`
`57`		`-hook Sload address next currentContract.dll.accounts[KEY address key].next STORAGE {`
	`57`	`+hook Sload address next currentContract.dll.accounts[KEY address key].next {`
`58`	`58`	`require ghostNext[key] == next;`
`59`	`59`	`}`
`60`		`-hook Sload address prev currentContract.dll.accounts[KEY address key].prev STORAGE {`
	`60`	`+hook Sload address prev currentContract.dll.accounts[KEY address key].prev {`
`61`	`61`	`require ghostPrev[key] == prev;`
`62`	`62`	`}`
`63`		`-hook Sload uint256 value currentContract.dll.accounts[KEY address key].value STORAGE {`
	`63`	`+hook Sload uint256 value currentContract.dll.accounts[KEY address key].value {`
`64`	`64`	`require ghostValue[key] == value;`
`65`	`65`	`}`
`66`	`66`
Original file line number	Diff line number	Diff line change
`@@ -29,15 +29,15 @@ ghost uint256 ghostLength {`
`29`	`29`	`// HOOKS`
`30`	`30`	`// Store hook to synchronize ghostLength with the length of the set._inner._values array.`
`31`	`31`	`// We need to use (offset 0) here, as there is no keyword yet to access the length.`
`32`		`-hook Sstore currentContract.set.(offset 0) uint256 newLength STORAGE {`
	`32`	`+hook Sstore currentContract.set.(offset 0) uint256 newLength {`
`33`	`33`	`ghostLength = newLength;`
`34`	`34`	`}`
`35`	`35`	`// Store hook to synchronize ghostValues array with set._inner._values.`
`36`		`-hook Sstore currentContract.set._inner._values[INDEX uint256 index] bytes32 newValue STORAGE {`
	`36`	`+hook Sstore currentContract.set._inner._values[INDEX uint256 index] bytes32 newValue {`
`37`	`37`	`ghostValues[index] = newValue;`
`38`	`38`	`}`
`39`	`39`	`// Store hook to synchronize ghostIndexes array with set._inner._indexes.`
`40`		`-hook Sstore currentContract.set._inner._indexes[KEY bytes32 value] uint256 newIndex STORAGE {`
	`40`	`+hook Sstore currentContract.set._inner._indexes[KEY bytes32 value] uint256 newIndex {`
`41`	`41`	`ghostIndexes[value] = newIndex;`
`42`	`42`	`}`
`43`	`43`
`@@ -51,13 +51,13 @@ hook Sstore currentContract.set._inner._indexes[KEY bytes32 value] uint256 newIn`
`51`	`51`
`52`	`52`	`// Load hook to synchronize ghostLength with the length of the set._inner._values array.`
`53`	`53`	`// Again we use (offset 0) here, as there is no keyword yet to access the length.`
`54`		`-hook Sload uint256 length currentContract.set.(offset 0) STORAGE {`
	`54`	`+hook Sload uint256 length currentContract.set.(offset 0) {`
`55`	`55`	`require ghostLength == length;`
`56`	`56`	`}`
`57`		`-hook Sload bytes32 value currentContract.set._inner._values[INDEX uint256 index] STORAGE {`
	`57`	`+hook Sload bytes32 value currentContract.set._inner._values[INDEX uint256 index] {`
`58`	`58`	`require ghostValues[index] == value;`
`59`	`59`	`}`
`60`		`-hook Sload uint256 index currentContract.set._inner._indexes[KEY bytes32 value] STORAGE {`
	`60`	`+hook Sload uint256 index currentContract.set._inner._indexes[KEY bytes32 value] {`
`61`	`61`	`require ghostIndexes[value] == index;`
`62`	`62`	`}`
`63`	`63`
Original file line number	Diff line number	Diff line change
`@@ -42,7 +42,7 @@ definition updateSucc(bytes32 a, bytes32 b) returns bool = forall bytes32 X. for`
`42`	`42`	`(reach@old(X, Y) && !(reach@old(X, a) && a != Y && reach@old(a, Y))) \|\|`
`43`	`43`	`(reach@old(X, a) && reach@old(b, Y)));`
`44`	`44`
`45`		`-hook Sstore currentContract.list.elements[KEY bytes32 key].nextKey bytes32 newNextKey STORAGE {`
	`45`	`+hook Sstore currentContract.list.elements[KEY bytes32 key].nextKey bytes32 newNextKey {`
`46`	`46`	`bytes32 otherKey;`
`47`	`47`
`48`	`48`	`require reachSuccInvariant(otherKey);`
`@@ -56,24 +56,24 @@ hook Sstore currentContract.list.elements[KEY bytes32 key].nextKey bytes32 newNe`
`56`	`56`	`assert reachSuccInvariant(otherKey), "Successor invariant not preserved";`
`57`	`57`	`}`
`58`	`58`
`59`		`-hook Sstore currentContract.list.elements[KEY bytes32 key].valid uint256 value STORAGE {`
	`59`	`+hook Sstore currentContract.list.elements[KEY bytes32 key].valid uint256 value {`
`60`	`60`	`ghostValid[key] = value != 0;`
`61`	`61`	`}`
`62`	`62`
`63`		`-hook Sstore currentContract.list.head bytes32 newHead STORAGE {`
	`63`	`+hook Sstore currentContract.list.head bytes32 newHead {`
`64`	`64`	`ghostHead = newHead;`
`65`	`65`	`}`
`66`	`66`
`67`		`-hook Sload bytes32 nextKey currentContract.list.elements[KEY bytes32 key].nextKey STORAGE {`
	`67`	`+hook Sload bytes32 nextKey currentContract.list.elements[KEY bytes32 key].nextKey {`
`68`	`68`	`require ghostSucc[key] == nextKey;`
`69`	`69`	`require reachSuccInvariant(key);`
`70`	`70`	`}`
`71`	`71`
`72`		`-hook Sload bytes32 head currentContract.list.head STORAGE {`
	`72`	`+hook Sload bytes32 head currentContract.list.head {`
`73`	`73`	`require ghostHead == head;`
`74`	`74`	`}`
`75`	`75`
`76`		`-hook Sload uint256 valueValid currentContract.list.elements[KEY bytes32 key].valid STORAGE {`
	`76`	`+hook Sload uint256 valueValid currentContract.list.elements[KEY bytes32 key].valid {`
`77`	`77`	`require valueValid != 0 <=> ghostValid[key];`
`78`	`78`	`}`
`79`	`79`
Original file line number	Diff line number	Diff line change
`@@ -128,7 +128,7 @@ ghost mapping(address => mathint) numOfOperations {`
`128`	`128`	`}`
`129`	`129`
`130`	`130`	`/// hook on a complex data structure, a mapping to a struct with a dynamic array`
`131`		`-hook Sstore _customers[KEY address a].accounts[INDEX uint256 i].accountBalance uint256 new_value (uint old_value) STORAGE {`
	`131`	`+hook Sstore _customers[KEY address a].accounts[INDEX uint256 i].accountBalance uint256 new_value (uint old_value) {`
`132`	`132`	`require old_value == accountBalanceMirror[a][i]; // Need this inorder to sync on insert of new element`
`133`	`133`	`accountBalanceMirror[a][i] = new_value;`
`134`	`134`	`numOfOperations[a] = old_value + 1;`
Original file line number	Diff line number	Diff line change
`@@ -238,7 +238,7 @@ ghost mathint sumBalances{`
`238`	`238`	`/* here we state when and how the ghost is updated */`
`239`	`239`	`hook Sstore _balances[KEY address a] uint256 new_balance`
`240`	`240`	`// the old value that balances[a] holds before the store`
`241`		`- (uint256 old_balance) STORAGE {`
	`241`	`+ (uint256 old_balance) {`
`242`	`242`	`sumBalances = sumBalances + new_balance - old_balance;`
`243`	`243`	`}`
`244`	`244`
Original file line number	Diff line number	Diff line change
`@@ -114,7 +114,7 @@ ghost mathint sum_of_balances {`
`114`	`114`	`init_state axiom sum_of_balances == 0;`
`115`	`115`	`}`
`116`	`116`
`117`		`-hook Sstore _balances[KEY address a] uint new_value (uint old_value) STORAGE {`
	`117`	`+hook Sstore _balances[KEY address a] uint new_value (uint old_value) {`
`118`	`118`	`// when balance changes, update ghost`
`119`	`119`	`sum_of_balances = sum_of_balances + new_value - old_value;`
`120`	`120`	`}`
Original file line number	Diff line number	Diff line change
`@@ -99,13 +99,13 @@ persistent ghost mathint sum_of_balances {`
`99`	`99`	`init_state axiom sum_of_balances == 0;`
`100`	`100`	`}`
`101`	`101`
`102`		`-hook Sstore _balances[KEY address a] uint new_value (uint old_value) STORAGE {`
	`102`	`+hook Sstore _balances[KEY address a] uint new_value (uint old_value) {`
`103`	`103`	`// when balance changes, update ghost`
`104`	`104`	`sum_of_balances = sum_of_balances + new_value - old_value;`
`105`	`105`	`}`
`106`	`106`
`107`	`107`	// This `sload` makes `sum_of_balances >= to_mathint(balance)` hold at the beginning of each rule.
`108`		`-hook Sload uint256 balance _balances[KEY address a] STORAGE {`
	`108`	`+hook Sload uint256 balance _balances[KEY address a] {`
`109`	`109`	`require sum_of_balances >= to_mathint(balance);`
`110`	`110`	`}`
`111`	`111`
Original file line number	Diff line number	Diff line change
`@@ -81,11 +81,11 @@ ghost mathint numberOfChangesOfBalances {`
`81`	`81`	`// overflows Alice's balance when receiving a transfer. This is not possible unless the contract is deployed into an`
`82`	`82`	`// already used address (or upgraded from corrupted state).`
`83`	`83`	`// We restrict such behavior by making sure no balance is greater than the sum of balances.`
`84`		`-hook Sload uint256 balance _balances[KEY address addr] STORAGE {`
	`84`	`+hook Sload uint256 balance _balances[KEY address addr] {`
`85`	`85`	`require sumOfBalances >= to_mathint(balance);`
`86`	`86`	`}`
`87`	`87`
`88`		`-hook Sstore _balances[KEY address addr] uint256 newValue (uint256 oldValue) STORAGE {`
	`88`	`+hook Sstore _balances[KEY address addr] uint256 newValue (uint256 oldValue) {`
`89`	`89`	`sumOfBalances = sumOfBalances - oldValue + newValue;`
`90`	`90`	`numberOfChangesOfBalances = numberOfChangesOfBalances + 1;`
`91`	`91`	`}`