[Prover] code refactor for bitwise operation analysis (aptos-labs#16785)

* improve error message

* refactor code

Author: rahxephon89

third_party/move/move-model/src/ty.rs

@@ -1103,6 +1103,29 @@ impl Type {
         false
     }
 
+    /// Returns compatible number type if `self` and `ty` are compatible number types.
+    pub fn is_compatible_num_type(&self, ty: &Type) -> Option<Type> {
+        let skip_reference_self = self.skip_reference();
+        let skip_reference_ty = ty.skip_reference();
+        if !skip_reference_self.is_number() || !skip_reference_ty.is_number() {
+            return None;
+        }
+        match (skip_reference_self, skip_reference_ty) {
+            (Type::Primitive(PrimitiveType::Num), Type::Primitive(PrimitiveType::Num)) => {
+                Some(Type::Primitive(PrimitiveType::Num))
+            },
+            (Type::Primitive(PrimitiveType::Num), _) => Some(skip_reference_ty.clone()),
+            (_, Type::Primitive(PrimitiveType::Num)) => Some(skip_reference_self.clone()),
+            _ => {
+                if skip_reference_self == skip_reference_ty {
+                    Some(skip_reference_self.clone())
+                } else {
+                    None
+                }
+            },
+        }
+    }
+
     /// Returns true if this is an address or signer type.
     pub fn is_signer_or_address(&self) -> bool {
         matches!(

third_party/move/move-prover/boogie-backend/src/boogie_helpers.rs

@@ -13,7 +13,7 @@ use move_core_types::account_address::AccountAddress;
 use move_model::{
     ast::{Address, MemoryLabel, TempIndex, Value},
     model::{
-        FieldEnv, FieldId, FunctionEnv, GlobalEnv, ModuleEnv, QualifiedInstId, SpecFunId,
+        FieldEnv, FieldId, FunctionEnv, GlobalEnv, Loc, ModuleEnv, QualifiedInstId, SpecFunId,
         StructEnv, StructId, SCRIPT_MODULE_NAME,
     },
     pragmas::INTRINSIC_TYPE_MAP,
@@ -29,6 +29,7 @@ use num::BigUint;
 pub const MAX_MAKE_VEC_ARGS: usize = 4;
 pub const TABLE_NATIVE_SPEC_ERROR: &str =
     "Native functions defined in Table cannot be used as specification functions";
+const NUM_TYPE_BASE_ERROR: &str = "cannot infer concrete integer type from `num`, consider using a concrete integer type or explicit type cast";
 
 /// Return boogie name of given module.
 pub fn boogie_module_name(env: &ModuleEnv<'_>) -> String {
@@ -347,7 +348,10 @@ pub fn boogie_bv_type(env: &GlobalEnv, ty: &Type) -> String {
             Signer => "$signer".to_string(),
             Bool => "bool".to_string(),
             Range | EventStore => panic!("unexpected type"),
-            Num => "<<num is not unsupported here>>".to_string(),
+            Num => {
+                //TODO(tengzhang): add error message with accurate location info
+                "<<num is not unsupported here>>".to_string()
+            },
         },
         Vector(et) => format!("Vec ({})", boogie_bv_type(env, et)),
         Struct(mid, sid, inst) => {
@@ -361,6 +365,24 @@ pub fn boogie_bv_type(env: &GlobalEnv, ty: &Type) -> String {
     }
 }
 
+/// Return boogie BV type for a number type.
+pub fn boogie_num_type_base_bv(env: &GlobalEnv, loc: Option<Loc>, ty: &Type) -> String {
+    let base = match ty.skip_reference() {
+        Type::Primitive(PrimitiveType::U8) => "Bv8",
+        Type::Primitive(PrimitiveType::U16) => "Bv16",
+        Type::Primitive(PrimitiveType::U32) => "Bv32",
+        Type::Primitive(PrimitiveType::U64) => "Bv64",
+        Type::Primitive(PrimitiveType::U128) => "Bv128",
+        Type::Primitive(PrimitiveType::U256) => "Bv256",
+        Type::Primitive(PrimitiveType::Num) => {
+            env.error(&loc.unwrap_or_default(), NUM_TYPE_BASE_ERROR);
+            "<<num is not unsupported here>>"
+        },
+        _ => unreachable!(),
+    };
+    base.to_string()
+}
+
 pub fn boogie_type_param(_env: &GlobalEnv, idx: u16) -> String {
     format!("#{}", idx)
 }
@@ -392,7 +414,7 @@ pub fn boogie_num_type_string_capital(num: &str, bv_flag: bool) -> String {
     [pre, num].join("")
 }
 
-pub fn boogie_num_type_base(ty: &Type) -> String {
+pub fn boogie_num_type_base(env: &GlobalEnv, loc: Option<Loc>, ty: &Type) -> String {
     use PrimitiveType::*;
     use Type::*;
     match ty {
@@ -403,7 +425,10 @@ pub fn boogie_num_type_base(ty: &Type) -> String {
             U64 => "64".to_string(),
             U128 => "128".to_string(),
             U256 => "256".to_string(),
-            Num => "<<num is not unsupported here>>".to_string(),
+            Num => {
+                env.error(&loc.unwrap_or_default(), NUM_TYPE_BASE_ERROR);
+                "<<num is not unsupported here>>".to_string()
+            },
             _ => format!("<<unsupported {:?}>>", ty),
         },
         _ => format!("<<unsupported {:?}>>", ty),
@@ -425,6 +450,7 @@ pub fn boogie_type_suffix_bv(env: &GlobalEnv, ty: &Type, bv_flag: bool) -> Strin
             U256 => boogie_num_type_string("256", bv_flag),
             Num => {
                 if bv_flag {
+                    //TODO(tengzhang): add error message with accurate location info
                     "<<num is not unsupported here>>".to_string()
                 } else {
                     "num".to_string()

third_party/move/move-prover/boogie-backend/src/bytecode_translator.rs

@@ -1589,7 +1589,11 @@ impl FunctionTranslator<'_> {
                                     if srcs_1_bv_flag {
                                         args_src_1_str = format!(
                                             "$bv2int.{}({})",
-                                            boogie_num_type_base(&local_ty_srcs_1),
+                                            boogie_num_type_base(
+                                                self.parent.env,
+                                                Some(self.fun_target.get_bytecode_loc(attr_id)),
+                                                &local_ty_srcs_1
+                                            ),
                                             args_src_1_str
                                         );
                                     }
@@ -1636,7 +1640,11 @@ impl FunctionTranslator<'_> {
                                             writer,
                                             "call {} := $int2bv{}({}({}));",
                                             dest_str,
-                                            boogie_num_type_base(&local_ty),
+                                            boogie_num_type_base(
+                                                self.parent.env,
+                                                Some(self.fun_target.get_bytecode_loc(attr_id)),
+                                                &local_ty
+                                            ),
                                             fun_name,
                                             args_str
                                         );
@@ -1675,7 +1683,11 @@ impl FunctionTranslator<'_> {
                                             writer,
                                             "call {} := $int2bv{}({}({}));",
                                             dest_str,
-                                            boogie_num_type_base(&local_ty),
+                                            boogie_num_type_base(
+                                                self.parent.env,
+                                                Some(self.fun_target.get_bytecode_loc(attr_id)),
+                                                &local_ty
+                                            ),
                                             fun_name,
                                             args_str
                                         );
@@ -1993,7 +2005,11 @@ impl FunctionTranslator<'_> {
                             let bv_flag = self.bv_flag(num_oper);
                             if bv_flag {
                                 let src_type = self.get_local_type(src);
-                                let base = boogie_num_type_base(&src_type);
+                                let base = boogie_num_type_base(
+                                    self.parent.env,
+                                    Some(self.fun_target.get_bytecode_loc(attr_id)),
+                                    &src_type,
+                                );
                                 emitln!(
                                     writer,
                                     "call {} := $CastBv{}to{}({});",
@@ -2302,7 +2318,11 @@ impl FunctionTranslator<'_> {
                                 | Type::Error
                                 | Type::Var(_) => unreachable!(),
                             };
-                            let src_type = boogie_num_type_base(&self.get_local_type(op2));
+                            let src_type = boogie_num_type_base(
+                                self.parent.env,
+                                Some(self.fun_target.get_bytecode_loc(attr_id)),
+                                &self.get_local_type(op2),
+                            );
                             emitln!(
                                 writer,
                                 "call {} := ${}{}From{}({}, {});",
@@ -2480,7 +2500,11 @@ impl FunctionTranslator<'_> {
                                 let op1_str = if !op1_bv_flag {
                                     format!(
                                         "$int2bv.{}({})",
-                                        boogie_num_type_base(op1_ty),
+                                        boogie_num_type_base(
+                                            self.parent.env,
+                                            Some(self.fun_target.get_bytecode_loc(attr_id)),
+                                            op1_ty
+                                        ),
                                         str_local(op1)
                                     )
                                 } else {
@@ -2489,7 +2513,11 @@ impl FunctionTranslator<'_> {
                                 let op2_str = if !op2_bv_flag {
                                     format!(
                                         "$int2bv.{}({})",
-                                        boogie_num_type_base(op2_ty),
+                                        boogie_num_type_base(
+                                            self.parent.env,
+                                            Some(self.fun_target.get_bytecode_loc(attr_id)),
+                                            op2_ty
+                                        ),
                                         str_local(op2)
                                     )
                                 } else {
@@ -2574,7 +2602,11 @@ impl FunctionTranslator<'_> {
                     let bv2int_str = if *num_oper_code == Bitwise {
                         format!(
                             "$int2bv.{}($abort_code)",
-                            boogie_num_type_base(&self.get_local_type(*code))
+                            boogie_num_type_base(
+                                self.parent.env,
+                                Some(self.fun_target.get_bytecode_loc(attr_id)),
+                                &self.get_local_type(*code)
+                            )
                         )
                     } else {
                         "$abort_code".to_string()
@@ -2594,7 +2626,11 @@ impl FunctionTranslator<'_> {
                 let int2bv_str = if *num_oper_code == Bitwise {
                     format!(
                         "$bv2int.{}({})",
-                        boogie_num_type_base(&self.get_local_type(*src)),
+                        boogie_num_type_base(
+                            self.parent.env,
+                            Some(self.fun_target.get_bytecode_loc(attr_id)),
+                            &self.get_local_type(*src)
+                        ),
                         str_local(*src)
                     )
                 } else {

third_party/move/move-prover/boogie-backend/src/lib.rs

@@ -216,7 +216,7 @@ pub fn add_prelude(
         .iter()
         .filter(|ty| ty.is_number() && !matches!(ty, Type::Primitive(PrimitiveType::Num)))
         .map(|ty| {
-            boogie_num_type_base(ty)
+            boogie_num_type_base(env, None, ty)
                 .parse::<usize>()
                 .expect("parse error")
         })