refactor(solana): split PromoteStoresToMemcpy into multiple files (#8336)

b923324d63bc0fdefeff0007c11ca3b7047abc49

Author: caballa

src/main/kotlin/sbf/cfg/PointerOptimizations.kt

@@ -58,7 +58,7 @@ fun runSimplePTAOptimizations(cfg: MutableSbfCFG, globals: GlobalVariables) {
 fun runPTAOptimizations(prog: SbfCallGraph, memSummaries: MemorySummaries): SbfCallGraph {
     return prog.transformSingleEntry { entryCFG ->
         val optEntryCFG = entryCFG.clone(entryCFG.getName())
-        promoteStoresToMemcpy(optEntryCFG, prog.getGlobals(), memSummaries)
+        promoteMemcpy(optEntryCFG, prog.getGlobals(), memSummaries)
         removeUselessDefinitions(optEntryCFG)
         promoteMemset(optEntryCFG, prog.getGlobals(), memSummaries)
         markLoadedAsNumForPTA(optEntryCFG)

src/main/kotlin/sbf/cfg/PromoteMemcpy/MemcpyCodegen.kt

@@ -0,0 +1,172 @@
+/*
+ *     The Certora Prover
+ *     Copyright (C) 2025  Certora Ltd.
+ *
+ *     This program is free software: you can redistribute it and/or modify
+ *     it under the terms of the GNU General Public License as published by
+ *     the Free Software Foundation, version 3 of the License.
+ *
+ *     This program is distributed in the hope that it will be useful,
+ *     but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *     GNU General Public License for more details.
+ *
+ *     You should have received a copy of the GNU General Public License
+ *     along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+package sbf.cfg
+
+import datastructures.stdcollections.*
+
+fun emitMemcpyVariant(
+    srcWidth: ULong,
+    dstWidth: ULong,
+    srcMemAccess: MemAccess,
+    dstMemAccess: MemAccess,
+    metaData: MetaData
+): List<SbfInstruction>? = when {
+    srcWidth == dstWidth ->
+        emitMemcpy(srcMemAccess.reg, srcMemAccess.offset, dstMemAccess.reg, dstMemAccess.offset, srcWidth, metaData)
+    srcWidth == 8UL && dstWidth < 8UL ->
+        emitMemcpyTrunc(srcMemAccess.reg, srcMemAccess.offset, dstMemAccess.reg, dstMemAccess.offset, dstWidth, metaData)
+    dstWidth == 8UL && srcWidth < 8UL ->
+        emitMemcpyZExt(srcMemAccess.reg, srcMemAccess.offset, dstMemAccess.reg, dstMemAccess.offset, srcWidth, metaData)
+    else -> null
+}
+
+/**
+ * @property loads The original loads
+ * @property stores The original stores
+ * @property insts The new code that will replace [loads] and [stores]
+ *
+ * [loads] must be in the same basic block.
+ * [stores] must be in the same basic block.
+ * However [loads] and [stores] can be in different blocks.
+ */
+data class MemcpyRewrite(
+    val loads: List<LocatedSbfInstruction>,
+    val stores: List<LocatedSbfInstruction>,
+    val insts: List<SbfInstruction>
+) {
+    init {
+        check(loads.isNotEmpty())
+        check(stores.isNotEmpty())
+        check(loads.size == stores.size)
+        // All loads must be in the same block
+        check(loads.map { it.label }.distinct().size == 1) {
+            "All loads must be in the same basic block"
+        }
+        // All stores must be in the same block
+        check(stores.map { it.label }.distinct().size == 1) {
+            "All stores must be in the same basic block"
+        }
+    }
+}
+
+/**
+ *  Apply each rewrite from [rewrites].
+ *
+ *  Stores are removed but loads are left intact because they can be used by other instructions.
+ *  Subsequent optimizations will remove the load instructions if they are dead.
+ *
+ *  Recall that all loads (stores) must be in the same basic block, **but** loads and stores
+ *  can be in different blocks.
+ **/
+fun applyRewrites(cfg: MutableSbfCFG, rewrites: List<MemcpyRewrite>) {
+    val sortedRewrites = sortRewrites(rewrites)
+
+    if (sortedRewrites.isEmpty()) {
+        return
+    }
+
+    // Add metadata to all load and store instructions
+    for (rewrite in sortedRewrites) {
+        val loadBlock = checkNotNull(cfg.getMutableBlock(rewrite.loads.first().label))
+        for (loadLocInst in rewrite.loads) {
+            addMemcpyPromotionAnnotation(loadBlock, loadLocInst)
+        }
+
+        val storeBlock = checkNotNull(cfg.getMutableBlock(rewrite.stores.first().label))
+        for (storeLocInst in rewrite.stores) {
+            addMemcpyPromotionAnnotation(storeBlock, storeLocInst)
+        }
+    }
+
+    // Group rewrites by the block containing their loads
+    val rewritesByBlock = sortedRewrites.groupBy { it.loads.first().label }
+
+    // Add memcpy instructions block by block
+    // We need to add the memcpy instructions before the first load.
+    // For an explanation, see test13 in PromoteStoresToMemcpyTest.kt
+    for ((label, blockRewrites) in rewritesByBlock) {
+        val block = checkNotNull(cfg.getMutableBlock(label))
+        var numAdded = 0
+        for (rewrite in blockRewrites) {
+            val loads = rewrite.loads.sortedBy { it.pos }
+            val firstLoad = loads.first()
+            val insertPoint = firstLoad.pos + numAdded
+            numAdded += rewrite.insts.size
+            block.addAll(insertPoint, rewrite.insts)
+        }
+    }
+
+
+    // Collect block labels that contain stores
+    val storeBlockLabels = sortedRewrites.map { it.stores.first().label }.toSet()
+
+    // Finally, remove the store instructions marked with `MEMCPY_PROMOTION` metadata
+    // We scan all blocks to find annotated stores
+    for (label in storeBlockLabels) {
+        val toRemove = ArrayList<LocatedSbfInstruction>()
+        val block = checkNotNull(cfg.getMutableBlock(label))
+        for (locInst in block.getLocatedInstructions()) {
+            val inst = locInst.inst
+            if (inst is SbfInstruction.Mem && !inst.isLoad &&
+                inst.metaData.getVal(SbfMeta.MEMCPY_PROMOTION) != null) {
+                toRemove.add(locInst)
+            }
+        }
+
+        for ((numRemoved, locInst) in toRemove.withIndex()) {
+            val adjPos = locInst.pos - numRemoved
+            val inst = block.getInstruction(adjPos)
+            check(inst is SbfInstruction.Mem && !inst.isLoad) {
+                "applyRewrites expects a store instruction"
+            }
+            block.removeAt(adjPos)
+        }
+    }
+}
+
+/**
+ * Sort [rewrites] by the position of their first load in the block.
+ *
+ * This simplifies adjusting insertion points as we insert the emitted code.
+ * Without sorting, tracking insertion point adjustments would be unnecessarily complicated.
+ */
+private fun sortRewrites(rewrites: List<MemcpyRewrite>): List<MemcpyRewrite> {
+    // Group rewrites by the block containing their loads
+    val rewritesByBlock = rewrites.groupBy { it.loads.first().label }
+
+    // Sort rewrites within each block by position of first load
+    val sortedRewrites = mutableListOf<MemcpyRewrite>()
+
+    for ((_, blockRewrites) in rewritesByBlock) {
+        val sorted = blockRewrites.sortedBy { rewrite ->
+            rewrite.loads.minOf { it.pos }
+        }
+        sortedRewrites.addAll(sorted)
+    }
+
+    return sortedRewrites
+}
+
+private fun addMemcpyPromotionAnnotation(bb: MutableSbfBasicBlock, locInst: LocatedSbfInstruction) {
+    val inst = locInst.inst
+    if (inst is SbfInstruction.Mem) {
+        val newMetaData = inst.metaData + SbfMeta.MEMCPY_PROMOTION()
+        val newInst = inst.copy(metaData = newMetaData)
+        bb.replaceInstruction(locInst.pos, newInst)
+    }
+}

src/main/kotlin/sbf/cfg/PromoteMemcpy/MemcpyPattern.kt

@@ -0,0 +1,211 @@
+/*
+ *     The Certora Prover
+ *     Copyright (C) 2025  Certora Ltd.
+ *
+ *     This program is free software: you can redistribute it and/or modify
+ *     it under the terms of the GNU General Public License as published by
+ *     the Free Software Foundation, version 3 of the License.
+ *
+ *     This program is distributed in the hope that it will be useful,
+ *     but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *     GNU General Public License for more details.
+ *
+ *     You should have received a copy of the GNU General Public License
+ *     along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+package sbf.cfg
+
+import log.Logger
+import log.LoggerTypes
+import sbf.SolanaConfig
+import sbf.disassembler.SbfRegister
+import sbf.domains.FiniteInterval
+import sbf.domains.SetOfFiniteIntervals
+import kotlin.math.absoluteValue
+
+private val logger = Logger(LoggerTypes.SBF_MEMCPY_PROMOTION)
+private fun dbg(msg: () -> Any) { logger.debug(msg)}
+
+/**
+ * Represent a memcpy pattern, i.e., sequence of load/store pairs
+ **/
+class MemcpyPattern {
+    /** Class invariants:
+     *  0. `loads.size == stores.size`
+     *  1. `forall 0 <= i < size-1 :: distance(loads[i ],loads[i+1]) == distance(stores[i ], stores[i+1])`
+     *  2. `forall i,j, i!=j :: loads[i ].region == loads[j ].region && stores[i ].region == stores[j ].region`
+     *  3. `forall i,j, i!=j :: loads[i ].reg == loads[j ].reg && stores[i ].reg == stores[j ].reg`
+     **/
+    private val loads = mutableListOf<MemAccess>()
+    private val stores = mutableListOf<MemAccess>()
+    private val loadLocInsts = mutableListOf<LocatedSbfInstruction>()
+    private val storeLocInsts = mutableListOf<LocatedSbfInstruction>()
+
+    fun getStores(): List<LocatedSbfInstruction> = storeLocInsts
+    fun getLoads(): List<LocatedSbfInstruction> = loadLocInsts
+
+    /**
+     * Return false if it cannot maintain all class invariants (See above).
+     * Otherwise, it will add the [load]/[store] pair as part of a memcpy.
+     **/
+    fun add(load: MemAccess,
+            loadLocInst: LocatedSbfInstruction,
+            store: MemAccess,
+            storeLocInst: LocatedSbfInstruction
+    ): Boolean {
+        check(loadLocInst.label == storeLocInst.label)
+        {"can only promote pairs of load-store within the same block"}
+
+        if (loads.isEmpty()) {
+            loads.add(load)
+            stores.add(store)
+            loadLocInsts.add(loadLocInst)
+            storeLocInsts.add(storeLocInst)
+            return true
+        } else {
+            val lastLoad = loads.last()
+            val lastStore = stores.last()
+            // class invariant #3
+            if (lastLoad.reg != load.reg || lastStore.reg != store.reg) {
+                return false
+            }
+            // class invariant #2
+            if (lastLoad.region != load.region || lastStore.region != store.region) {
+                return false
+            }
+            // class invariant #1
+            val loadDiff = (load.offset - lastLoad.offset).absoluteValue
+            val storeDiff = (store.offset - lastStore.offset).absoluteValue
+            return if (loadDiff == storeDiff) {
+                loads.add(load)
+                stores.add(store)
+                loadLocInsts.add(loadLocInst)
+                storeLocInsts.add(storeLocInst)
+                true
+            } else {
+                false
+            }
+        }
+    }
+
+    data class MemcpyArgs(
+        val srcReg: SbfRegister,
+        val srcStart: Long,
+        val dstReg: SbfRegister,
+        val dstStart: Long,
+        val size: ULong,
+        val metadata: MetaData
+    )
+
+    /**
+     * Return non-null if
+     * (1) source and destination do not overlap and
+     * (2) the sequence of loads and stores accesses memory in the same ordering (decreasing or increasing) and
+     * (3) the sequences form a consecutive range of bytes without holes in between.
+     */
+    fun canBePromoted(minSizeToBePromoted: ULong): MemcpyArgs?  {
+        val name = "canBePromoted"
+        check(loads.size == stores.size) {
+            "$name expects same number of loads and stores: $loads and $stores"
+        }
+        check(loadLocInsts.size == storeLocInsts.size) {
+            "$name expects same number of loads and stores: $loadLocInsts and $storeLocInsts"
+        }
+        check(loads.size == loadLocInsts.size) {
+            "$name: $loads and $loadLocInsts should have same size"
+        }
+        check(stores.size == storeLocInsts.size) {
+            "$name: $stores and $storeLocInsts should have same size"
+        }
+
+        // Ensure that no overlaps between source and destination
+        fun noOverlaps(srcRegion: MemAccessRegion, srcStart: Long,
+                       dstRegion: MemAccessRegion, dstStart: Long,
+                       size: ULong): Boolean {
+
+            if (srcRegion == MemAccessRegion.STACK && dstRegion == MemAccessRegion.STACK) {
+                val i1 = FiniteInterval.mkInterval(srcStart, size.toLong())
+                val i2 = FiniteInterval.mkInterval(dstStart, size.toLong())
+                return (!i1.overlap(i2))
+            } else if (srcRegion != dstRegion && srcRegion != MemAccessRegion.ANY && dstRegion != MemAccessRegion.ANY) {
+                return true
+            } else {
+                return if (SolanaConfig.optimisticMemcpyPromotion()) {
+                    dbg {
+                        "$name: we cannot prove that no overlaps between $loadLocInsts and $storeLocInsts"
+                    }
+                    true
+                } else {
+                    false
+                }
+            }
+        }
+
+        /**
+         *  Find a single interval for all loads and another single interval for all stores.
+         *  If it cannot then it removes the last inserted load and store and try again.
+         *  This is a greedy approach, so it's not optimal.
+         */
+        fun getRangeForLoadsAndStores(): Pair<FiniteInterval, FiniteInterval>? {
+            while (loads.isNotEmpty()) { // this loop is needed by test24
+                var srcIntervals = SetOfFiniteIntervals.new()
+                var dstIntervals = SetOfFiniteIntervals.new()
+                var prevLoad: MemAccess? = null
+                var prevStore: MemAccess? = null
+                for ((load, store) in loads.zip(stores)) {
+                    if (prevLoad != null && prevStore != null) {
+                        val loadDist = load.offset - prevLoad.offset
+                        val storeDist = store.offset - prevStore.offset
+                        if (loadDist != storeDist) {
+                            // loads and stores have different ordering, so it's not a memcpy
+                            // Note that we completely give up here even if we could also try smaller
+                            // number of pairs of load-store.
+                            return null
+                        }
+                    }
+                    srcIntervals = srcIntervals.add(FiniteInterval.mkInterval(load.offset, load.width.toLong()))
+                    dstIntervals = dstIntervals.add(FiniteInterval.mkInterval(store.offset, store.width.toLong()))
+
+                    prevLoad = load
+                    prevStore = store
+                }
+                val srcSingleton = srcIntervals.getSingleton()
+                val dstSingleton = dstIntervals.getSingleton()
+                if (srcSingleton != null && dstSingleton != null) {
+                    return srcSingleton to dstSingleton
+                } else {
+                    // Before we return null we remove the last inserted pair and try again
+                    loads.removeLast()
+                    stores.removeLast()
+                    loadLocInsts.removeLast()
+                    storeLocInsts.removeLast()
+                }
+            }
+            return null
+        }
+
+        if (loads.isEmpty()) {
+            return null
+        }
+        val p = getRangeForLoadsAndStores() ?: return null
+        val srcRange = p.first
+        val dstRange = p.second
+        return if (srcRange.size() == dstRange.size() && srcRange.size() >= minSizeToBePromoted) {
+            val srcReg = loads.first().reg
+            val dstReg = stores.first().reg
+            val srcRegion = loads.first().region
+            val dstRegion = stores.first().region
+            // We will use the metadata of the first load as metadata of the promoted memcpy
+            val metadata = loadLocInsts.first().inst.metaData
+            if (noOverlaps(srcRegion, srcRange.l, dstRegion, dstRange.l, srcRange.size())) {
+                MemcpyArgs(srcReg, srcRange.l, dstReg, dstRange.l, srcRange.size(), metadata)
+            } else {
+                null
+            }
+        } else {
+            null
+        }
+    }
+}