runtimeverification
diff --git a/‎kmir/src/kmir/kdist/mir-semantics/rt/data.md‎
Lines changed: 35 additions & 31 deletions b/‎kmir/src/kmir/kdist/mir-semantics/rt/data.md‎
Lines changed: 35 additions & 31 deletions
diff --git a/‎kmir/src/kmir/kdist/mir-semantics/rt/decoding.md‎
Lines changed: 173 additions & 0 deletions b/‎kmir/src/kmir/kdist/mir-semantics/rt/decoding.md‎
Lines changed: 173 additions & 0 deletions
diff --git a/‎kmir/src/kmir/kdist/mir-semantics/rt/value.md‎
Lines changed: 11 additions & 0 deletions b/‎kmir/src/kmir/kdist/mir-semantics/rt/value.md‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎kmir/src/tests/integration/data/exec-smir/arrays/array_inlined.rs‎
Lines changed: 18 additions & 0 deletions b/‎kmir/src/tests/integration/data/exec-smir/arrays/array_inlined.rs‎
Lines changed: 18 additions & 0 deletions
@@ -9,6 +9,7 @@ requires "../ty.md"
 requires "./types.md"
 requires "./value.md"
 requires "./numbers.md"
+requires "./decoding.md"
 
 module RT-DATA
   imports INT
@@ -24,8 +25,10 @@ module RT-DATA
 
   imports RT-VALUE-SYNTAX
   imports RT-NUMBERS
+  imports RT-DECODING
   imports RT-TYPES
   imports KMIR-CONFIGURATION
+
 ```
 
 ## Operations on local variables
@@ -74,20 +77,21 @@ To ensure the sort coercions above do not cause any harm, some definedness-relat
 
 ### Evaluating Items to `Value`s
 
-Some built-in operations (`RValue` or type casts) use constructs that will evaluate to a value of sort `Value`.
-The basic operations of reading and writing those values can use K's "heating" and "cooling" rules to describe their evaluation.
-Other uses of heating and cooling are to _read_ local variables as operands.
-A `TypedValue` stored as a local is trivially rewritten to `Value` by projecting out the value.
+Many rules for MIR constructs in this module use heating and cooling
+to evaluate expressions to results or read local variables as operands.
+The `Evaluation` sort gathers all constructs that can evaluate to a `Value`, defined together with `Value`.
+
+First, a `TypedValue` stored in a local is trivially rewritten to `Value` by projecting out the value.
 It is an error to read `NewLocal` or `Moved`.
 
 ```k
-  syntax Evaluation ::= TypedValue | Value // other sorts are added at the first use site
-
-  syntax KResult ::= Value
+  syntax Evaluation ::= TypedValue
 
   rule <k> typedValue(VAL, _, _) => VAL ... </k> [priority(100)]
 ```
 
+Other subsorts of `Evaluation` are defined when first used.
+
 ### `thunk`
 
 We also create a subsort of `Value` that is a `thunk` which takes an `Evaluation` as an argument.
@@ -1232,47 +1236,47 @@ What can be supported without additional layout consideration is trivial casts b
 
 | CastKind                     | Description |
 |------------------------------|-------------|
-| PointerExposeProvenance      |             |
+| PointerExposeAddress         |             |
 | PointerWithExposedProvenance |             |
 | FnPtrToPtr                   |             |
 
 ## Decoding constants from their bytes representation to values
 
 The `Value` sort above operates at a higher level than the bytes representation found in the MIR syntax for constant values.
 The bytes have to be interpreted according to the given `TypeInfo` to produce the higher-level value.
-This is currently only defined for `PrimitiveType`s (primitive types in MIR).
 
 ```k
   syntax Evaluation ::= #decodeConstant ( ConstantKind, Ty, TypeInfo )
+```
 
-  //////////////////////////////////////////////////////////////////////////////////////
-  // decoding the correct amount of bytes depending on base type size
+For allocated constants without provenance, the decoder works directly with the bytes.
 
-  // Boolean: should be one byte with value one or zero
-  rule <k> #decodeConstant(constantKindAllocated(allocation(BYTES, _, _, _)), _TY, typeInfoPrimitiveType(primTypeBool))
-        => BoolVal(false) ... </k>
-    requires 0 ==Int Bytes2Int(BYTES, LE, Unsigned) andBool lengthBytes(BYTES) ==Int 1
+```k
+  rule <k> #decodeConstant(
+              constantKindAllocated(allocation(BYTES, provenanceMap(.ProvenanceMapEntries), _, _)),
+              _TY,
+              TYPEINFO
+            )
+        => #decodeValue(BYTES, TYPEINFO, TYPEMAP)
+        ...
+       </k>
+       <types> TYPEMAP </types>
+```
 
-  rule <k> #decodeConstant(constantKindAllocated(allocation(BYTES, _, _, _)), _TY, typeInfoPrimitiveType(primTypeBool))
-        => BoolVal(true) ... </k>
-    requires 1 ==Int Bytes2Int(BYTES, LE, Unsigned) andBool lengthBytes(BYTES) ==Int 1
+Zero-sized types can be decoded trivially into their respective representation.
 
-  // Integer: handled in separate module for numeric operation_s
-  rule <k> #decodeConstant(constantKindAllocated(allocation(BYTES, _, _, _)), _TY, TYPEINFO)
-        => #decodeInteger(BYTES, #intTypeOf(TYPEINFO)) ... </k>
-    requires #isIntType(TYPEINFO)
-     andBool lengthBytes(BYTES) ==K #bitWidth(#intTypeOf(TYPEINFO)) /Int 8
-     [preserves-definedness]
+**FIXME test the new cases for tuple and array/slice**
 
-  // zero-sized struct types
+```k
+  // zero-sized struct
   rule <k> #decodeConstant(constantKindZeroSized, _TY, typeInfoStructType(_, _, _))
         => Aggregate(variantIdx(0), .List) ... </k>
-
-  // TODO Char type
-  // rule #decodeConstant(constantKindAllocated(allocation(BYTES, _, _, _)), typeInfoPrimitiveType(primTypeChar)) => typedValue(Str(...), TY, mutabilityNot)
-  // TODO Float decoding: not supported natively in K
-
-  // unimplemented cases stored as thunks
+  // zero-sized tuple
+  rule <k> #decodeConstant(constantKindZeroSized, _TY, typeInfoTupleType(_))
+        => Aggregate(variantIdx(0), .List) ... </k>
+  // zero-sized array
+  rule <k> #decodeConstant(constantKindZeroSized, _TY, typeInfoArrayType(_, _))
+        => Range(.List) ... </k>
 ```
 
 ## Primitive operations on numeric data
 
@@ -0,0 +1,173 @@
+# Allocation Decoding in MIR-Semantics
+
+This module provides functions for decoding byte representations of various allocations into
+high-level `Value` representations used by the MIR semantics.
+
+When Rust code contains constants (arrays, structs, enums, etc.), the compiler stores these as
+byte sequences in the SMIR JSON output.
+The semantics needs to decode these bytes back into structured values that can be operated on at
+runtime.
+This module contains the decoding functions for different allocation types, handling the conversion
+from raw bytes to typed `Value` objects according to Rust's memory layout rules.
+
+```k
+requires "../ty.md"
+requires "value.md"
+requires "numbers.md"
+
+module RT-DECODING
+  imports BOOL
+  imports MAP
+
+  imports TYPES
+  imports RT-VALUE-SYNTAX
+  imports RT-NUMBERS
+  imports RT-TYPES
+```
+
+## Element Decoding Interface to turn bytes into a `Value`
+
+This recursive decoder function checks byte length and decodes the bytes to a `Value` of the given type.
+
+This is currently only defined for `PrimitiveType`s (primitive types in MIR).
+and arrays (where layout is trivial).
+
+### Decoding `PrimitiveType`s
+
+```k
+  syntax Evaluation ::= #decodeValue ( Bytes , TypeInfo , Map ) [function, total]
+                      | UnableToDecode( Bytes , TypeInfo )
+
+  // Boolean: should be one byte with value one or zero
+  rule #decodeValue(BYTES, typeInfoPrimitiveType(primTypeBool), _TYPEMAP) => BoolVal(false)
+    requires 0 ==Int Bytes2Int(BYTES, LE, Unsigned) andBool lengthBytes(BYTES) ==Int 1
+
+  rule #decodeValue(BYTES, typeInfoPrimitiveType(primTypeBool), _TYPEMAP) => BoolVal(true)
+    requires 1 ==Int Bytes2Int(BYTES, LE, Unsigned) andBool lengthBytes(BYTES) ==Int 1
+
+  // Integer: handled in separate module for numeric operation_s
+  rule #decodeValue(BYTES, TYPEINFO, _TYPEMAP) => #decodeInteger(BYTES, #intTypeOf(TYPEINFO))
+    requires #isIntType(TYPEINFO) andBool lengthBytes(BYTES) ==Int #elemSize(TYPEINFO)
+     [preserves-definedness]
+
+  // TODO Char type
+  // rule #decodeConstant(constantKindAllocated(allocation(BYTES, _, _, _)), typeInfoPrimitiveType(primTypeChar)) => typedValue(Str(...), TY, mutabilityNot)
+
+  // TODO Float decoding: not supported natively in K
+```
+
+
+### Array decoding
+
+Arrays are decoded iteratively, using a known (expected) length or the length of the byte array.
+
+```k
+rule #decodeValue(BYTES, typeInfoArrayType(ELEMTY, someTyConst(tyConst(LEN, _))), TYPEMAP)
+      => #decodeArrayAllocation(BYTES, {TYPEMAP[ELEMTY]}:>TypeInfo, readTyConstInt(LEN, TYPEMAP))
+  requires ELEMTY in_keys(TYPEMAP)
+   andBool isTypeInfo(TYPEMAP[ELEMTY])
+   andBool isInt(readTyConstInt(LEN, TYPEMAP))
+  [preserves-definedness]
+
+rule #decodeValue(BYTES, typeInfoArrayType(ELEMTY, noTyConst), TYPEMAP)
+      => #decodeSliceAllocation(BYTES, {TYPEMAP[ELEMTY]}:>TypeInfo)
+  requires ELEMTY in_keys(TYPEMAP)
+   andBool isTypeInfo(TYPEMAP[ELEMTY])
+```
+
+### Error marker (becomes thunk) for other (unimplemented) cases
+
+All unimplemented cases will become thunks by way of this default rule:
+
+```k
+  rule #decodeValue(BYTES, TYPEINFO, _TYPEMAP) => UnableToDecode(BYTES, TYPEINFO) [owise]
+```
+
+## Helper function to determine the expected byte length for a type
+
+```k
+  // TODO: this function should go into the rt/types.md module
+  syntax Int ::= #elemSize ( TypeInfo ) [function]
+```
+
+Known element sizes for common types:
+
+```k
+  rule #elemSize(typeInfoPrimitiveType(primTypeBool)) => 1
+  rule #elemSize(TYPEINFO) => #bitWidth(#intTypeOf(TYPEINFO)) /Int 8
+    requires #isIntType(TYPEINFO)
+
+  rule 0 <=Int #elemSize(_) => true [simplification, preserves-definedness]
+```
+
+
+
+## Array Allocations
+
+Array allocations contain homogeneous elements stored contiguously in memory.
+The main function `#decodeArrayAllocation` takes the raw bytes of an array allocation along with
+type information and converts it into a `Range` value containing the decoded elements.
+
+The decoding process:
+1. Takes the byte array, element type information, and array length
+2. Iteratively consumes elements from the front of the byte array
+3. Decodes each element according to its type using `#decodeElement`
+4. Accumulates the decoded elements into a list
+5. Returns a `Range` value containing all elements
+
+The byte consumption approach allows for validation - if there are surplus bytes or insufficient
+bytes for the declared array length, the function will get stuck rather than produce incorrect
+results.
+
+```k
+  syntax Value ::= #decodeArrayAllocation ( Bytes, TypeInfo, Int ) [function]
+                   // bytes, element type info, array length
+
+  rule #decodeArrayAllocation(BYTES, ELEMTYPEINFO, LEN)
+    => Range(#decodeArrayElements(BYTES, ELEMTYPEINFO, LEN, .List))
+
+  syntax List ::= #decodeArrayElements ( Bytes, TypeInfo, Int, List ) [function]
+                  // bytes, elem type info, remaining length, accumulated list
+
+  rule #decodeArrayElements(BYTES, _ELEMTYPEINFO, LEN, ACC)
+    => ACC
+    requires LEN <=Int 0
+     andBool lengthBytes(BYTES) ==Int 0  // exact match - no surplus bytes
+    [preserves-definedness]
+
+  rule #decodeArrayElements(BYTES, ELEMTYPEINFO, LEN, ACC)
+    => #decodeArrayElements(
+         substrBytes(BYTES, #elemSize(ELEMTYPEINFO), lengthBytes(BYTES)),
+         ELEMTYPEINFO,
+         LEN -Int 1,
+         ACC ListItem(#decodeValue(
+           substrBytes(BYTES, 0, #elemSize(ELEMTYPEINFO)),
+           ELEMTYPEINFO,
+           .Map // HACK
+         ))
+       )
+    requires LEN >Int 0
+     andBool lengthBytes(BYTES) >=Int #elemSize(ELEMTYPEINFO)  // enough bytes remaining
+    [preserves-definedness]
+```
+
+## Slice Allocations
+
+Slices are arrays with dynamic length.
+The `#decodeSliceAllocation` function computes the array length by dividing the total byte length
+by the element size, then uses the same element-by-element decoding approach as arrays.
+
+```k
+  syntax Value ::= #decodeSliceAllocation ( Bytes, TypeInfo ) [function]
+  // -------------------------------------------------------------------
+  rule #decodeSliceAllocation(BYTES, ELEMTYPEINFO)
+    => Range(#decodeArrayElements(BYTES, ELEMTYPEINFO,
+                                   lengthBytes(BYTES) /Int #elemSize(ELEMTYPEINFO), .List))
+    requires lengthBytes(BYTES) %Int #elemSize(ELEMTYPEINFO) ==Int 0  // element size divides cleanly
+     andBool 0 <Int #elemSize(ELEMTYPEINFO)
+    [preserves-definedness]
+```
+
+```k
+endmodule
+```
@@ -105,6 +105,17 @@ The local variables may be actual values (`typedValue`) or uninitialised (`NewLo
   rule valueOf(typedValue(V, _, _)) => V
 ```
 
+## Evaluating Items to `Value`s
+
+Many built-in operations (`RValue` or type casts) use `Operand`s that will evaluate to a value of sort `Value`.
+The basic operations of reading and writing those values can use K's "heating" and "cooling" rules to describe their evaluation to `Value`s.
+
+```k
+  syntax Evaluation ::= Value // other sorts are added at the first use site
+
+  syntax KResult ::= Value
+```
+
 ## A generic MIR Error sort
 
 ```k
 
@@ -0,0 +1,18 @@
+const I8_ARRAY: [i8; 3] = [1, -2, 3];
+const I32_ARRAY: [i32; 4] = [10, -20, 30, -40];
+
+fn main() {
+    
+    // Product of first two elements
+    let i8_product = I8_ARRAY[0] * I8_ARRAY[1];
+    let i32_product = I32_ARRAY[0] * I32_ARRAY[1];
+    
+    // Assertions
+
+    // these constants get allocated, which is not supported yet
+    // assert_eq!(i8_product, -2); // 1 * (-2) = -2
+    // assert_eq!(i32_product, -200); // 10 * -20 = -200
+
+    // therefore using a computation instead of constants
+    assert_eq!(i8_product as i32 * 100, i32_product);
+}