refactor: move runtime local access to slot-backed frames#1059
refactor: move runtime local access to slot-backed frames#1059
Conversation
Stevengre
force-pushed
the
codex/20260411-locals-refactor
branch
from
39b2264 to
9710753
Compare
Initial implementation of CSE on the slotStore branch (PR #1059): - _cse.py: clean CSE pipeline (callee proof, cover path extraction, summary rule generation, add-module reuse) - cse-simple-callee.rs: simple test program (double(x) = x + x) - test_cse_callee_proof: verifies callee proof completes with covers - cse-spec.md: full specification with slotStore-based design Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Migrate all cheatcode rules from old locals/stack-based Reference format to the new slotStore-based format (PR #1059): p-token.md: - PAccByteRef: (Int, Place, Mutability, Int) → (SlotPlace, Mutability, Int) - Remove #adjustRef for PAccByteRef (no stack offsets needed) - #mkPAccByteRef: resolve PtrLocal via slotStore instead of stack - #mkPAccByteRefLen: use SlotPlace instead of (Int, Place) - #mkPAccountRef: Reference/PtrLocal use slotPlace(SLOT, proj) spl-token.md: - #forceSetPlaceValue: <locals> → <ownedSlots> + <slotStore> - #traverseProjection write rules: toLocal → toSlot, toStack → removed - #setSPLBorrowData: Reference/PtrLocal use slotPlace(SLOT, proj) - #execSPLSolMemset: <locals> → <ownedSlots> in StackFrame Build passes (make build). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Stevengre
changed the title
Stevengre
changed the title
Stevengre
changed the title
Stevengre
changed the base branch from
master
to
_update-deps/runtimeverification/k
Stevengre
force-pushed
the
codex/20260411-locals-refactor
branch
4 times, most recently
from
2021234 to
ecc115d
Compare
Stevengre
force-pushed
the
codex/20260411-locals-refactor
branch
2 times, most recently
from
6b39123 to
ce91d6a
Compare
Stevengre
force-pushed
the
codex/20260411-locals-refactor
branch
from
ce91d6a to
4bb4318
Compare
|
Some ideas for better performance:
|
| ListItem ( 0 ) | ||
| ListItem ( 1 ) | ||
| ListItem ( 2 ) | ||
| ListItem ( 3 ) | ||
| ListItem ( 4 ) | ||
| ListItem ( 5 ) | ||
| ListItem ( 6 ) | ||
| ListItem ( 7 ) | ||
| ListItem ( 8 ) | ||
| ListItem ( 9 ) | ||
| ListItem ( 10 ) | ||
| ListItem ( 11 ) | ||
| ListItem ( 12 ) | ||
| ListItem ( 13 ) | ||
| ListItem ( 14 ) | ||
| ListItem ( 15 ) |
There was a problem hiding this comment.
Are these lists always just counting up from 0? THen do we need the list at all?
| ListItem ( 22 ) | ||
| ListItem ( 23 ) | ||
| ListItem ( 24 ) | ||
| ListItem ( 25 ) | ||
| ListItem ( 26 ) | ||
| ListItem ( 27 ) | ||
| ListItem ( 28 ) | ||
| ListItem ( 29 ) | ||
| ListItem ( 30 ) | ||
| ListItem ( 31 ) | ||
| ListItem ( 32 ) | ||
| ListItem ( 33 ) | ||
| ListItem ( 34 ) | ||
| ListItem ( 35 ) | ||
| ListItem ( 36 ) | ||
| ListItem ( 37 ) | ||
| ListItem ( 38 ) |
There was a problem hiding this comment.
I see here that we have an example where there are multiple call frames, and so it now starts at 22 and goes to 38. But it still just counts by 1. So I tihnk we really only need to store, for each frame, the start index (here 22), and the width (here 16), just two integers instead of a list of integers. Then we can use basic arithmetic to figure out the slot index. Would that work?
|
I think in general, doing map accesses for both CSE and symbolic execution may not perform as well as doing list access. So I'm not sure this will actually do better for our proof performance than how the semantics is currently arranged. What about this change makes you think CSE will work better? |
|
@ehildenb After discussing with Daniel and Maria, we found an easy way to specify the references and pointers in arguments. This is to implement existing traverse-projection as a function so that we can write something like Another solution for this using For the specification:
I think we still need to provide better support for map, especially the map with concrete key or int/string/id key (this should cover most of cases). Otherwise, it's hard to reason programs like C and Java directly. Additionally, it may introduce more complexity to the semantics and make the semantics harder to understand. And I think the change should be relatively small. For this reason, even though map may not be the best way to model, I'd like to keep this PR as a performance test for the haskell backend. |
2 participants
Context
This PR refactors KMIR runtime locals from per-frame value lists into slot-backed storage. The
<locals>cell still represents the current frame's MIR local index order, but it now stores runtime slot ids. The actualTypedLocaldata lives in the global<slotStore>, and<nextSlot>allocates fresh slots for new frames.The motivation is not just renaming storage:
OFFSET-style reference and pointer bookkeeping by giving runtime locals stable slot identitieslocal(i)indexesSummary
<slotStore>,<nextSlot>,SlotPlace, and#frameSlotId.local(i)through the current frame's slot list before reading or updating<slotStore>.rust-call/ closure calls, then reserve and initialize the callee's slots from that value list.raw_eq, to work with slot-backed locals.<locals>as slot ids plus<slotStore>entries.slotstore-symbolic-branchproof coverage and updates affected exec/prove/show snapshots for the new runtime configuration shape.