From 3fc4276a46b9805804c1ab6f4b0d5b185688b1a0 Mon Sep 17 00:00:00 2001 From: Wolfgang Grieskamp Date: Wed, 13 Mar 2024 13:34:06 -0700 Subject: [PATCH] [compiler-v2] Making v2 the basis of the prover (step #1) (#12462) * [compiler-v2] Making v2 the basis of the prover (step #1) This adds the missing parts to let compiler v2 fully support the specification language, and switches the prover to use v2 as the basis for verification of v1 bytecode. There is one further step needed to run the prover also on the code generated by v2 but that one is smaller than here. Notice that with this, we are dogfooding the v2 compiler frontend in production with the Move prover. There is no switching back and forth, code for the v1 prover integration has been removed. In more detail this does the following: - There are two new env processors, the spec_checker and the spec_rewriter: - `spec_checker` checks the correct use of Move functions in the specification language. Those functions must be 'pure' and not depend on state or use certain other constructs. The checker is to be run as part of the regular compiler chain. - `spec_rewriter` rewrites specification expressions by converting used Move functions into specification functions, and doing other transformations to lift a Move expression into the specification language. This is only run by the prover itself. - Inlining has been extended to deal with specification constructs. - To support the inlining refactoring and the new processors, a new module `rewrite_target` is introduced which allows to collect functions and specification elements in a program in a unified fashion, rewriting them, and writing back to the environment. This new data structure has been inspired by the current design of the inliner and naturally extends it. - A lot of ugliness has been ripped out of the model builder infrastructure (e.g. `TryImplAsSpec` mode is gone, as this is now handled by the `spec_rewriter`). More should come in step #2. - Multiple test cases have been added. - The prover driver has been adapted to use the new components. * Fixing some unit tests * Making hopefully all tests pass: - Adding tuple support to the specification language as they are created by the inliner. - Fixing an issue in memory usage calculation - Adding a flag `--aptos` to the prover command line for easier debugging, avoiding the CLI. * Disabling a condition for CI because of timeout. * Rebasing GitOrigin-RevId: 2141444ca406992a2d16de2b50a42ac584c49818 --- aptos-framework/doc/reconfiguration_with_dkg.md | 4 +++- aptos-framework/sources/reconfiguration_with_dkg.spec.move | 5 +++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/aptos-framework/doc/reconfiguration_with_dkg.md b/aptos-framework/doc/reconfiguration_with_dkg.md index 231ce0b06..f64d57763 100644 --- a/aptos-framework/doc/reconfiguration_with_dkg.md +++ b/aptos-framework/doc/reconfiguration_with_dkg.md @@ -164,8 +164,10 @@ Abort if no DKG is in progress. requires chain_status::is_operating(); include stake::ResourceRequirement; include stake::GetReconfigStartTimeRequirement; -include features::spec_periodical_reward_rate_decrease_enabled() ==> staking_config::StakingRewardsConfigEnabledRequirement; +include features::spec_periodical_reward_rate_decrease_enabled( +) ==> staking_config::StakingRewardsConfigEnabledRequirement; aborts_if false; +pragma verify_duration_estimate = 600; diff --git a/aptos-framework/sources/reconfiguration_with_dkg.spec.move b/aptos-framework/sources/reconfiguration_with_dkg.spec.move index fd5709dd5..d03da0033 100644 --- a/aptos-framework/sources/reconfiguration_with_dkg.spec.move +++ b/aptos-framework/sources/reconfiguration_with_dkg.spec.move @@ -12,8 +12,10 @@ spec aptos_framework::reconfiguration_with_dkg { requires chain_status::is_operating(); include stake::ResourceRequirement; include stake::GetReconfigStartTimeRequirement; - include features::spec_periodical_reward_rate_decrease_enabled() ==> staking_config::StakingRewardsConfigEnabledRequirement; + include features::spec_periodical_reward_rate_decrease_enabled( + ) ==> staking_config::StakingRewardsConfigEnabledRequirement; aborts_if false; + pragma verify_duration_estimate = 600; // TODO: set because of timeout (property proved). } spec finish(account: &signer) { @@ -59,5 +61,4 @@ spec aptos_framework::reconfiguration_with_dkg { requires dkg::has_incomplete_session(); aborts_if false; } - }