[compiler v2] New Borrow Analysis (aptos-labs#11892)

* [compiler v2] New Borrow Analysis

This is a major rewrite of the reference safety analysis. This PR closes aptos-labs#11251 which shows the problem with the previous version: essentially, it is necessary to allow for a sequence of instructions an "unsafe" borrow graph and only enforce safety at particular instruction boundaries. The simplest example to demonstrate the problem is `f(&mut s.x, &mut s.y)`. If broken down to instructions, at some point there will be a reference to `&mut s` where at the same time there is another one `&mut s.f`, which is unsafe if those refs would be passed as function parameters. The rewrite does the following:

- Instead of checking safety of borrow operations at the time they are performed, the graph is now constructed first, and later checked for safety at particular instructions (read ref, write ref, and function calls)
- The borrow graph stays mostly the same, instead of Skip edges for graph glueing which became overly complex, glueing is now performed by graph renaming.
- There are various enhancements in error reporting (and potentially because of the delayed borrow checking also some regressions)

It might be useful to review the new version without diff from scratch.

* Adding some ASCII graphics to the documentation of the analysis domain.

* Adding a copy of the new analysis in `reference_safety_processor_v2.rs`. This allows for review from the basics.

* Updating reference safety:

- Unifying the three borrow safety checks now in `check_graph_safety`. Documenting them more concisely in the module overview with a sketch of a more formal semantics.
- Reducing graph safety checks to argument locals, removing some false positives.
- Covering a missed violation of using the same reference multiple times in an argument list

* Minor renamings, fixing tests

* Addressing reviewer comments

* Updating reference_safety_processor_v2, renaming more local to temp

* Fixing tests

* Change permutations to combinations

* Addressing reviewer comments.

* Final touches for merge

Author: wrwg

.github/workflows/coverage-move-only.yaml

@@ -50,7 +50,7 @@ jobs:
         with:
           tool: nextest,cargo-llvm-cov
       - run: docker run --detach -p 5432:5432 cimg/postgres:14.2
-      - run: cargo llvm-cov --ignore-run-fail -p aptos-framework -p "move*" -p e2e-move-tests --lcov --jobs 32 --output-path lcov_unit.info
+      - run: cargo llvm-cov --ignore-run-fail -p aptos-framework -p "move*" --lcov --jobs 32 --output-path lcov_unit.info
         env:
           INDEXER_DATABASE_URL: postgresql://postgres@localhost/postgres
       - uses: actions/upload-artifact@v3

third_party/move/move-compiler-v2/src/lib.rs

@@ -9,7 +9,7 @@ pub mod flow_insensitive_checkers;
 pub mod function_checker;
 pub mod inliner;
 pub mod logging;
-mod options;
+pub mod options;
 pub mod pipeline;
 
 use crate::pipeline::{

third_party/move/move-compiler-v2/src/pipeline/reference_safety_processor.rs

@@ -115,7 +115,7 @@ fun ability::no_key($t0: address) {
   6: return ()
 }
 
-============ after MemorySafetyProcessor: ================
+============ after ReferenceSafetyProcessor: ================
 
 [variant baseline]
 fun ability::invalid_copy() {
@@ -126,43 +126,43 @@ fun ability::invalid_copy() {
      var $t4: ability::Impotent
      # live vars:
      # graph: {}
-     # local_to_label: {}
-     # global_to_label: {}
+     # locals: {}
+     # globals: {}
      # moved: {}
      #
   0: $t2 := false
      # live vars: $t2
      # graph: {}
-     # local_to_label: {}
-     # global_to_label: {}
+     # locals: {}
+     # globals: {}
      # moved: {}
      #
   1: $t1 := pack ability::Impotent($t2)
      # live vars: $t1
      # graph: {}
-     # local_to_label: {}
-     # global_to_label: {}
+     # locals: {}
+     # globals: {}
      # moved: {$t2}
      #
   2: $t0 := move($t1)
      # live vars: $t0
      # graph: {}
-     # local_to_label: {}
-     # global_to_label: {}
+     # locals: {}
+     # globals: {}
      # moved: {$t1,$t2}
      #
   3: $t3 := copy($t0)
      # live vars: $t0
      # graph: {}
-     # local_to_label: {}
-     # global_to_label: {}
+     # locals: {}
+     # globals: {}
      # moved: {$t1,$t2}
      #
   4: $t4 := move($t0)
      # live vars:
      # graph: {}
-     # local_to_label: {}
-     # global_to_label: {}
+     # locals: {}
+     # globals: {}
      # moved: {$t0,$t1,$t2}
      #
   5: return ()
@@ -174,30 +174,30 @@ fun ability::invalid_move_to($t0: &signer) {
      var $t1: ability::Impotent
      var $t2: bool
      # live vars: $t0
-     # graph: {}
-     # local_to_label: {}
-     # global_to_label: {}
+     # graph: {@1000000=external[borrow(false) -> @2000000],@2000000=derived[]}
+     # locals: {$t0=@2000000}
+     # globals: {}
      # moved: {}
      #
   0: $t2 := false
      # live vars: $t0, $t2
-     # graph: {}
-     # local_to_label: {}
-     # global_to_label: {}
+     # graph: {@1000000=external[borrow(false) -> @2000000],@2000000=derived[]}
+     # locals: {$t0=@2000000}
+     # globals: {}
      # moved: {}
      #
   1: $t1 := pack ability::Impotent($t2)
      # live vars: $t0, $t1
-     # graph: {}
-     # local_to_label: {}
-     # global_to_label: {}
+     # graph: {@1000000=external[borrow(false) -> @2000000],@2000000=derived[]}
+     # locals: {$t0=@2000000}
+     # globals: {}
      # moved: {$t2}
      #
   2: move_to<ability::Impotent>($t0, $t1)
      # live vars:
      # graph: {}
-     # local_to_label: {}
-     # global_to_label: {}
+     # locals: {}
+     # globals: {}
      # moved: {$t0,$t1,$t2}
      #
   3: return ()
@@ -214,50 +214,50 @@ fun ability::no_key($t0: address) {
      var $t6: bool
      # live vars: $t0
      # graph: {}
-     # local_to_label: {}
-     # global_to_label: {}
+     # locals: {}
+     # globals: {}
      # moved: {}
      #
   0: $t1 := copy($t0)
      # live vars: $t0, $t1
      # graph: {}
-     # local_to_label: {}
-     # global_to_label: {}
+     # locals: {}
+     # globals: {}
      # moved: {}
      #
   1: $t2 := move_from<ability::Impotent>($t1)
      # live vars: $t0
      # graph: {}
-     # local_to_label: {}
-     # global_to_label: {}
+     # locals: {}
+     # globals: {}
      # moved: {}
      #
   2: $t3 := move_from<ability::S<ability::Impotent>>($t0)
      # live vars: $t0
      # graph: {}
-     # local_to_label: {}
-     # global_to_label: {}
+     # locals: {}
+     # globals: {}
      # moved: {}
      #
   3: $t4 := borrow_global<ability::Impotent>($t0)
      # live vars: $t0
      # graph: {}
-     # local_to_label: {}
-     # global_to_label: {}
+     # locals: {}
+     # globals: {}
      # moved: {}
      #
   4: $t5 := borrow_global<ability::Impotent>($t0)
      # live vars: $t0
      # graph: {}
-     # local_to_label: {}
-     # global_to_label: {}
+     # locals: {}
+     # globals: {}
      # moved: {}
      #
   5: $t6 := exists<ability::Impotent>($t0)
      # live vars:
      # graph: {}
-     # local_to_label: {}
-     # global_to_label: {}
+     # locals: {}
+     # globals: {}
      # moved: {$t0}
      #
   6: return ()

third_party/move/move-compiler-v2/tests/ability-checker/ability_violation.exp

@@ -104,29 +104,29 @@ fun assign::assign_struct($t0: &mut assign::S) {
   5: return ()
 }
 
-============ after MemorySafetyProcessor: ================
+============ after ReferenceSafetyProcessor: ================
 
 [variant baseline]
 fun assign::assign_field($t0: &mut assign::S, $t1: u64) {
      var $t2: &mut u64
      # live vars: $t0, $t1
-     # graph: {}
-     # local_to_label: {}
-     # global_to_label: {}
+     # graph: {@1000000=external[borrow(true) -> @2000000],@2000000=derived[]}
+     # locals: {$t0=@2000000}
+     # globals: {}
      # moved: {}
      #
   0: $t2 := borrow_field<assign::S>.f($t0)
      # live vars: $t1, $t2
-     # graph: {L0=local($t0)[borrow_field(true) -> L1],L1=local($t2)[]}
-     # local_to_label: {$t0=L0,$t2=L1}
-     # global_to_label: {}
+     # graph: {@1=derived[],@1000000=external[borrow(true) -> @2000000],@2000000=derived[borrow_field(true) -> @1]}
+     # locals: {$t2=@1}
+     # globals: {}
      # moved: {}
      #
   1: write_ref($t2, $t1)
      # live vars:
      # graph: {}
-     # local_to_label: {}
-     # global_to_label: {}
+     # locals: {}
+     # globals: {}
      # moved: {}
      #
   2: return ()
@@ -137,23 +137,23 @@ fun assign::assign_field($t0: &mut assign::S, $t1: u64) {
 fun assign::assign_int($t0: &mut u64) {
      var $t1: u64
      # live vars: $t0
-     # graph: {}
-     # local_to_label: {}
-     # global_to_label: {}
+     # graph: {@1000000=external[borrow(true) -> @2000000],@2000000=derived[]}
+     # locals: {$t0=@2000000}
+     # globals: {}
      # moved: {}
      #
   0: $t1 := 42
      # live vars: $t0, $t1
-     # graph: {}
-     # local_to_label: {}
-     # global_to_label: {}
+     # graph: {@1000000=external[borrow(true) -> @2000000],@2000000=derived[]}
+     # locals: {$t0=@2000000}
+     # globals: {}
      # moved: {}
      #
   1: write_ref($t0, $t1)
      # live vars:
      # graph: {}
-     # local_to_label: {}
-     # global_to_label: {}
+     # locals: {}
+     # globals: {}
      # moved: {}
      #
   2: return ()
@@ -166,29 +166,29 @@ fun assign::assign_pattern($t0: assign::S, $t1: u64, $t2: u64): u64 {
      var $t4: assign::T
      # live vars: $t0
      # graph: {}
-     # local_to_label: {}
-     # global_to_label: {}
+     # locals: {}
+     # globals: {}
      # moved: {}
      #
   0: ($t1, $t4) := unpack assign::S($t0)
      # live vars: $t1, $t4
      # graph: {}
-     # local_to_label: {}
-     # global_to_label: {}
+     # locals: {}
+     # globals: {}
      # moved: {$t0}
      #
   1: $t2 := unpack assign::T($t4)
      # live vars: $t1, $t2
      # graph: {}
-     # local_to_label: {}
-     # global_to_label: {}
+     # locals: {}
+     # globals: {}
      # moved: {$t0,$t4}
      #
   2: $t3 := +($t1, $t2)
      # live vars: $t3
      # graph: {}
-     # local_to_label: {}
-     # global_to_label: {}
+     # locals: {}
+     # globals: {}
      # moved: {$t0,$t1,$t2,$t4}
      #
   3: return $t3
@@ -202,44 +202,44 @@ fun assign::assign_struct($t0: &mut assign::S) {
      var $t3: assign::T
      var $t4: u64
      # live vars: $t0
-     # graph: {}
-     # local_to_label: {}
-     # global_to_label: {}
+     # graph: {@1000000=external[borrow(true) -> @2000000],@2000000=derived[]}
+     # locals: {$t0=@2000000}
+     # globals: {}
      # moved: {}
      #
   0: $t2 := 42
      # live vars: $t0, $t2
-     # graph: {}
-     # local_to_label: {}
-     # global_to_label: {}
+     # graph: {@1000000=external[borrow(true) -> @2000000],@2000000=derived[]}
+     # locals: {$t0=@2000000}
+     # globals: {}
      # moved: {}
      #
   1: $t4 := 42
      # live vars: $t0, $t2, $t4
-     # graph: {}
-     # local_to_label: {}
-     # global_to_label: {}
+     # graph: {@1000000=external[borrow(true) -> @2000000],@2000000=derived[]}
+     # locals: {$t0=@2000000}
+     # globals: {}
      # moved: {}
      #
   2: $t3 := pack assign::T($t4)
      # live vars: $t0, $t2, $t3
-     # graph: {}
-     # local_to_label: {}
-     # global_to_label: {}
+     # graph: {@1000000=external[borrow(true) -> @2000000],@2000000=derived[]}
+     # locals: {$t0=@2000000}
+     # globals: {}
      # moved: {$t4}
      #
   3: $t1 := pack assign::S($t2, $t3)
      # live vars: $t0, $t1
-     # graph: {}
-     # local_to_label: {}
-     # global_to_label: {}
+     # graph: {@1000000=external[borrow(true) -> @2000000],@2000000=derived[]}
+     # locals: {$t0=@2000000}
+     # globals: {}
      # moved: {$t2,$t3,$t4}
      #
   4: write_ref($t0, $t1)
      # live vars:
      # graph: {}
-     # local_to_label: {}
-     # global_to_label: {}
+     # locals: {}
+     # globals: {}
      # moved: {$t2,$t3,$t4}
      #
   5: return ()