# Sequence diagram for AST-based keccak256 gas lint

[Dargon789]

Reviewer's Guide

Introduces a new AST-based linting infrastructure and simplifies the keccak gas lint to an early AST pass, adds multiple CI and security workflows plus a sample counter project, tightens path handling for corpus, benchmarks and test utilities, and makes assorted UX, documentation, and minor correctness tweaks across the codebase.

Sequence diagram for AST-based keccak256 gas lint

sequenceDiagram
    participant CompilerSession as CompilerSession
    participant LintContext as LintContext
    participant EarlyLintVisitor as EarlyLintVisitor
    participant AsmKeccak256 as AsmKeccak256
    participant ExprNode as Expr

    CompilerSession->>LintContext: new(sess, with_description)
    CompilerSession->>EarlyLintVisitor: construct(ctx, passes=[AsmKeccak256])

    loop walk_ast
        CompilerSession->>EarlyLintVisitor: visit_expr(expr)
        activate EarlyLintVisitor
        EarlyLintVisitor->>AsmKeccak256: check_expr(ctx, expr)
        activate AsmKeccak256
        AsmKeccak256->>ExprNode: inspect kind
        alt expr is Call to Ident Keccak256
            AsmKeccak256->>LintContext: emit(ASM_KECCAK256, expr.span)
            LintContext->>CompilerSession: create_diagnostic
        else other expressions
            AsmKeccak256-->>EarlyLintVisitor: no_op
        end
        deactivate AsmKeccak256
        EarlyLintVisitor-->>CompilerSession: walk_expr_children
        deactivate EarlyLintVisitor
    end

Loading

Class diagram for new linting infrastructure and keccak256 gas lint

classDiagram
    direction LR

    class Linter {
        <<trait>>
        +type Language
        +type Lint
        +lint(input_pathbufs)
    }

    class Lint {
        <<trait>>
        +id() str
        +severity() Severity
        +description() str
        +help() str
    }

    class LintContext {
        -sess Session
        -desc bool
        +new(sess, with_description) LintContext
        +emit(lint, span)
    }

    class EarlyLintPass {
        <<trait>>
        +check_expr(ctx, expr)
        +check_item_struct(ctx, strukt)
        +check_item_function(ctx, func)
        +check_variable_definition(ctx, var)
    }

    class EarlyLintVisitor {
        +ctx LintContext
        +passes EarlyLintPass[]
        +visit_expr(expr)
        +visit_variable_definition(var)
        +visit_item_struct(strukt)
        +visit_item_function(func)
    }

    class AsmKeccak256 {
        +new()
        +check_expr(ctx, expr)
    }

    class Session
    class Severity
    class Expr {
        +kind ExprKind
        +span Span
    }
    class ExprKind {
        <<enum>>
        Call
        Ident
        Other
    }
    class Span

    Linter --> Lint : uses
    Linter --> LintContext : uses
    LintContext --> Session : holds
    LintContext --> Lint : emit

    EarlyLintVisitor --> LintContext : holds
    EarlyLintVisitor --> EarlyLintPass : "*" passes

    AsmKeccak256 ..|> EarlyLintPass : implements

    EarlyLintVisitor --> Expr : visits
    Expr --> ExprKind : has
    Expr --> Span : has

    AsmKeccak256 --> Expr : analyzes

    class ASM_KECCAK256 {
        <<static_lint>>
        +id : str
        +severity : Severity
        +description : str
        +help : str
    }

    ASM_KECCAK256 ..|> Lint
    AsmKeccak256 --> ASM_KECCAK256 : emits

Loading

Class diagram for sample Counter Solidity contract

classDiagram
    direction LR

    class Counter {
        -uint256 number
        +setNumber(newNumber_uint256)
        +increment()
        +number() uint256
    }

Loading

File-Level Changes

Change	Details	Files
Refactor linting infrastructure and update ASM keccak gas lint to operate on the AST as an early pass.	Introduce a generic Linter trait, Lint trait, LintContext, EarlyLintPass, and EarlyLintVisitor for AST-based linting with diagnostic emission via solar’s Session Replace the previous LateLintPass/HIR-based implementation of AsmKeccak256 with an EarlyLintPass that flags calls to the built-in keccak256 identifier using solar_ast Expr/ExprKind Adjust imports and lint declaration for ASM_KECCAK256 to use the new linter module and solar_ast/solar_interface APIs; remove now-unused helper structs and functions	crates/lint/src/linter.rs crates/lint/src/sol/gas/keccak.rs
Harden filesystem handling for fuzzing corpus replay, benchmark project cleanup, and script testing utilities.	Canonicalize the corpus directory and candidate paths before reading, skip non-canonical or out-of-tree files, and ensure in-memory corpus entries store canonical paths Canonicalize entries under the benchmark temp project root and only delete paths confirmed to live under the root, logging suspicious paths In script testing, validate file names for traversal characters and ensure canonicalized files remain within the source directory before copying	crates/evm/evm/src/executors/corpus.rs benches/src/lib.rs crates/test-utils/src/script.rs
Tighten UX and correctness of the cast mktx command and simplify gas simulation output token handling.	Require --from when --raw-unsigned is specified and remove the previous implicit zero-address fallback; pass the TransactionRequest by value into CastTxBuilder Remove allow_negative_numbers from CLI arg definitions where no longer desired In script simulation, stop deriving a chain-specific token symbol and instead always print "ETH" and remove token_symbol from the JSON output	crates/cast/src/cmd/mktx.rs crates/script/src/simulate.rs
Adjust documentation generation behavior for dev comments, function headings, and enum variant docs.	Simplify dev comment rendering to use italic formatting instead of a special list-aware writer method, and remove write_dev_content Change function headings to use the item’s identifier plus a parenthesized list of parameter types rather than the full signature, and update inheritdoc merging to key on function name Include variant custom tags when building enum variant tables but filter them out from the main enum section comments; add a Vec -> Comments conversion helper and minor iteration/formatting tweaks	crates/doc/src/writer/as_doc.rs crates/doc/src/writer/buf_writer.rs crates/doc/src/parser/comment.rs
Extend CI and security tooling with dependency update automation, container/image scanning, CodeQL, deploy, and Docker workflows, plus CircleCI configs.	Replace the reusable cargo-update workflow with an in-repo job that runs cargo update, captures a log, and opens a PR against a fixed branch with a crafted title/body Add GitHub Actions workflows for Docker builds/publishing/signing, Google GKE deployment, Snyk container scans, CodeQL analysis, APIsec scans, and a basic Rust build/test deploy pipeline Introduce multiple CircleCI configs for Rust builds/tests and some placeholder project-specific flows	.github/workflows/dependencies.yml .github/workflows/docker.yml .github/workflows/google.yml .github/workflows/snyk-container.yml .github/workflows/codeql.yml .github/workflows/deploy.yml .github/workflows/apisec-scan.yml .circleci/ci_cargo.yml .circleci/cargo.yml .circleci/config.yml .circleci/ci-web3-gamefi.yml .circleci/web3_defi_gamefi.yml
Add a sample counter Foundry Solidity project with its own config, scripts, tests, and CI.	Introduce a minimal Counter.sol contract with increment/setNumber functions, a deployment Script, and a Forge-based test suite Add a local foundry.toml, .gitignore, and vendored forge-std and openzeppelin-contracts libraries for the counter project Provide a README with basic Foundry usage and a dedicated GitHub Action workflow to format, build, and test the counter project	counter/src/Counter.sol counter/script/Counter.s.sol counter/test/Counter.t.sol counter/foundry.toml counter/.gitignore counter/lib/forge-std counter/lib/openzeppelin-contracts counter/README.md counter/.github/workflows/test.yml
Introduce Remix-style Solidity test support artifacts and issue templates.	Add remix_tests.sol and remix_accounts.sol libraries under .deps to provide assertion helpers and pre-funded account access patterns Create GitHub issue templates for bugs, feature requests, and a custom template to standardize issue reporting	.deps/remix-tests/remix_tests.sol .deps/remix-tests/remix_accounts.sol .github/ISSUE_TEMPLATE/bug_report.md .github/ISSUE_TEMPLATE/feature_request.md .github/ISSUE_TEMPLATE/custom.md
Tweak test configuration, CLI suggestion sorting, artifact matching, and verification input wiring.	Update nextest config to group chisel tests serially, lengthen the default slow-timeout, and add another integration test filter override Switch Jaro-Winkler similarity candidate sorting from total_cmp to partial_cmp with a safe fallback in CLI suggestions and contract scoring to avoid panics on NaN Fix Vyper verification input to clone the vyper compiler settings from the context in-place rather than cloning the whole context; slightly relax a test cfg guard in the optimizer tests	.config/nextest.toml crates/cli/src/utils/suggestions.rs crates/common/src/contracts.rs crates/verify/src/etherscan/standard_json.rs crates/forge/tests/cli/test_optimizer.rs
Miscellaneous configuration and cosmetic tweaks.	Add alloy-hardforks as a workspace dependency for forge Simplify flake.nix dev shell configuration and remove extra hardening tweaks and dprint dependency Insert some formatting markers in script-sequence (lines with only "#") and leave an empty codesandbox tasks file and .gitmodules stub	crates/forge/Cargo.toml flake.nix crates/script-sequence/src/sequence.rs .codesandbox/tasks.json .gitmodules

Possibly linked issues

• Dargon789 patch 2 #245: The PR delivers the unified cheatcodes/lint refactors, Anvil/CLI updates, and CI changes outlined in the issue.

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

Originally posted by @sourcery-ai[bot] in #291 (comment)