[compiler-v2] Making v2 the basis of the prover (step #1)

[wrwg]

This adds the missing parts to let compiler v2 fully support the specification language, and switches the prover to use v2 as the basis for verification of v1 bytecode. There is one further step needed to run the prover also on the code generated by v2 but that one is smaller than here. Notice that with this, we are dogfooding the v2 compiler frontend in production with the Move prover. There is no switching back and forth, code for the v1 prover integration has been removed. In more detail this does the following:

• There are two new env processors, the spec_checker and the spec_rewriter:
  • spec_checker checks the correct use of Move functions in the specification language. Those functions must be 'pure' and not depend on state or use certain other constructs. The checker is to be run as part of the regular compiler chain.
  • spec_rewriter rewrites specification expressions by converting used Move functions into specification functions, and doing other transformations to lift a Move expression into the specification language. This is only run by the prover itself.
• Inlining has been extended to deal with specification constructs.
• To support the inlining refactoring and the new processors, a new module rewrite_target is introduced which allows to collect functions and specification elements in a program in a unified fashion, rewriting them, and writing back to the environment. This new data structure has been inspired by the current design of the inliner and naturally extends it.
• A lot of ugliness has been ripped out of the model builder infrastructure (e.g. TryImplAsSpec mode is gone, as this is now handled by the spec_rewriter). More should come in step 2.
• Multiple test cases have been added.
• The prover driver has been adapted to use the new components.

[trunk-io]

⏱️ 25h 25m total CI duration on this PR

Job	Cumulative Duration	Recent Runs
rust-unit-tests	9h 1m	🟥 🟥 🟥 🟥 🟩 (+4 more)
windows-build	3h 26m	🟩 🟩 🟩 🟩 🟩 (+5 more)
rust-move-tests	2h 36m	🟩 🟩 🟥 🟥 🟥 (+4 more)
rust-move-unit-coverage	2h 9m	🟩 🟩 🟩 🟩 🟩 (+4 more)
rust-smoke-tests	1h 33m	⬜ 🟩 🟩
execution-performance / single-node-performance	1h 6m	🟩 🟩 🟩
rust-lints	1h 6m	🟩 🟩 🟩 🟩 🟩 (+4 more)
forge-e2e-test / forge	46m	🟩 🟩 🟩
rust-images / rust-all	40m	🟩 🟩 🟩
run-tests-main-branch	40m	🟩 🟩 🟩 🟩 🟩 (+4 more)
forge-compat-test / forge	38m	🟩 🟩 🟩
check	35m	🟩 ⬜ 🟩 🟩 🟩 (+5 more)
cli-e2e-tests / run-cli-tests	19m	🟩 🟩 🟩
general-lints	19m	🟩 🟩 🟩 🟩 🟩 (+4 more)
check-dynamic-deps	17m	🟩 🟩 🟩 🟩 🟩 (+5 more)
semgrep/ci	4m	🟩 🟩 🟩 🟩 🟩 (+5 more)
node-api-compatibility-tests / node-api-compatibility-tests	3m	🟩 🟩 🟩
file_change_determinator	2m	🟩 ⬜ 🟩 🟩 🟩 (+5 more)
file_change_determinator	2m	🟩 🟩 🟩 🟩 🟩 (+4 more)
permission-check	38s	🟩 🟩 🟩 🟩 🟩 (+5 more)
permission-check	35s	🟩 🟩 🟩 🟩 🟩 (+5 more)
file_change_determinator	33s	🟩 🟩 🟩
permission-check	33s	🟩 🟩 🟩 🟩 🟩 (+5 more)
execution-performance / file_change_determinator	32s	🟩 🟩 🟩
permission-check	25s	🟩 🟩 🟩 🟩 🟩 (+5 more)
permission-check	13s	🟩 🟩 🟩
determine-docker-build-metadata	10s	🟩 🟩 🟩

🚨 3 jobs on the last run were significantly faster/slower than expected

Job	Duration	vs 7d avg	Delta
run-tests-main-branch	7m	4m
general-lints	3m	2m
windows-build	12m	20m

_{settings ⋅ feedback ⋅ docs ⋅ learn more about trunk.io}

[rahxephon89]

I noticed that there are some TODOs. Will they be handled soon in subsequent PRs?

[rahxephon89]

typo: instanted => instantiated?

[wrwg]

Done in the next commit

[codecov]

Codecov Report

Attention: Patch coverage is 91.98444% with 103 lines in your changes are missing coverage. Please review.

Project coverage is 63.9%. Comparing base (0c7a0ae) to head (dc42126).

Files	Patch %	Lines
...hird_party/move/move-model/src/pureness_checker.rs	83.4%	17 Missing ⚠️
...move-compiler-v2/src/env_pipeline/spec_rewriter.rs	95.1%	16 Missing ⚠️
third_party/move/move-compiler-v2/src/inliner.rs	87.6%	16 Missing ⚠️
third_party/move/move-prover/src/cli.rs	36.3%	14 Missing ⚠️
third_party/move/move-model/src/model.rs	90.4%	12 Missing ⚠️
third_party/move/move-model/src/ty.rs	68.7%	10 Missing ⚠️
third_party/move/move-model/src/exp_rewriter.rs	90.6%	6 Missing ⚠️
...ove-compiler-v2/src/env_pipeline/rewrite_target.rs	95.9%	5 Missing ⚠️
...d_party/move/move-model/src/builder/exp_builder.rs	89.1%	4 Missing ⚠️
.../move-prover/boogie-backend/src/spec_translator.rs	90.9%	2 Missing ⚠️
... and 1 more

Additional details and impacted files

@@           Coverage Diff            @@
##             main   #12462    +/-   ##
========================================
  Coverage    63.9%    63.9%            
========================================
  Files         812      816     +4     
  Lines      180090   180664   +574     
========================================
+ Hits       115116   115548   +432     
- Misses      64974    65116   +142     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[wrwg]

I noticed that there are some TODOs. Will they be handled soon in subsequent PRs?

Yes, there is a bug linked with those TODOs and its related to that first the receiver style PR needs to land. #12437

[vineethk]

Did a shallow review to unblock, as a detailed review would take time. Mainly looked at if there was anything majorly affecting the current compiler pipeline. Might be worth coming back and looking at some of the code once the prover is fully integrated.

I only have minor comments, but feel free to merge without addressing those (and then address them later in a followup commit).

[vineethk]

Please add documentation for the enums.

[wrwg]

Done

[vineethk]

Suggested change

	/// Stack of functions currently visting
	/// Stack of functions currently visiting

[wrwg]

Done

[vineethk]

Is this test deleted intentionally?

[wrwg]

Thanks for catching, fixed.

[github-actions]

✅ Forge suite compat success on aptos-node-v1.9.5 ==> dc42126a926cc6265652681b264511fc7aeca793

Compatibility test results for aptos-node-v1.9.5 ==> dc42126a926cc6265652681b264511fc7aeca793 (PR)
1. Check liveness of validators at old version: aptos-node-v1.9.5
compatibility::simple-validator-upgrade::liveness-check : committed: 6896 txn/s, latency: 4802 ms, (p50: 4800 ms, p90: 7500 ms, p99: 8700 ms), latency samples: 241360
2. Upgrading first Validator to new version: dc42126a926cc6265652681b264511fc7aeca793
compatibility::simple-validator-upgrade::single-validator-upgrade : committed: 704 txn/s, latency: 35455 ms, (p50: 40700 ms, p90: 53800 ms, p99: 55900 ms), latency samples: 57780
3. Upgrading rest of first batch to new version: dc42126a926cc6265652681b264511fc7aeca793
compatibility::simple-validator-upgrade::half-validator-upgrade : committed: 323 txn/s, submitted: 573 txn/s, expired: 249 txn/s, latency: 37771 ms, (p50: 45100 ms, p90: 56400 ms, p99: 61000 ms), latency samples: 27500
4. upgrading second batch to new version: dc42126a926cc6265652681b264511fc7aeca793
compatibility::simple-validator-upgrade::rest-validator-upgrade : committed: 2208 txn/s, latency: 13124 ms, (p50: 13000 ms, p90: 18100 ms, p99: 18500 ms), latency samples: 106000
5. check swarm health
Compatibility test for aptos-node-v1.9.5 ==> dc42126a926cc6265652681b264511fc7aeca793 passed
Test Ok

• Grafana dashboard
• Humio Logs
• Axiom Logs
• Test runner output
• Test run is land-blocking

[github-actions]

✅ Forge suite realistic_env_max_load success on dc42126a926cc6265652681b264511fc7aeca793

two traffics test: inner traffic : committed: 8517 txn/s, latency: 4614 ms, (p50: 4500 ms, p90: 5400 ms, p99: 9800 ms), latency samples: 3671160
two traffics test : committed: 100 txn/s, latency: 1827 ms, (p50: 1800 ms, p90: 2000 ms, p99: 6000 ms), latency samples: 1720
Latency breakdown for phase 0: ["QsBatchToPos: max: 0.223, avg: 0.203", "QsPosToProposal: max: 0.262, avg: 0.235", "ConsensusProposalToOrdered: max: 0.473, avg: 0.414", "ConsensusOrderedToCommit: max: 0.312, avg: 0.296", "ConsensusProposalToCommit: max: 0.721, avg: 0.710"]
Max round gap was 1 [limit 4] at version 1652076. Max no progress secs was 4.726328 [limit 15] at version 1652076.
Test Ok

• Grafana dashboard
• Humio Logs
• Axiom Logs
• Test runner output
• Test run is land-blocking

[brmataptos]

This path is part of the compiler testing, not the prover testing.

[brmataptos]

This has broken the no-simplification tests below. Please fix it.