feat(spl): adjustRef for spl domain data

Author: Stevengre

kmir/src/kmir/kdist/mir-semantics/symbolic/spl-token.md

@@ -89,10 +89,10 @@ module KMIR-SPL-TOKEN
 ## Helper syntax
 
 ```k
-  syntax Value ::= SPLRefCell ( Place , Value )
+  syntax Value ::= SPLRefCell ( Value , Value ) // Reference to the buffer, value in the cell
                  | SPLDataBuffer ( Value )
-                 | SPLDataBorrow ( Place , Value )
-                 | SPLDataBorrowMut ( Place , Value )
+                 | SPLDataBorrow ( Value , Value ) // Reference to the buffer, borrowed value
+                 | SPLDataBorrowMut ( Value , Value )
                  | SPLPubkeyRef ( Value )
 ```
 
@@ -156,6 +156,18 @@ module KMIR-SPL-TOKEN
   rule #isSPLPackFunc("solana_program_pack::<spl_token_interface::state::Mint as solana_program_pack::Pack>::pack") => true
   // mock mint
   rule #isSPLPackFunc("Mint::pack") => true
+
+  // Adjust references when moving across stack frames
+  rule #adjustRef(SPLRefCell(PLACE, VAL), OFFSET) => SPLRefCell(#adjustRef(PLACE, OFFSET), #adjustRef(VAL, OFFSET))
+  rule #adjustRef(SPLDataBorrow(PLACE, VAL), OFFSET) => SPLDataBorrow(#adjustRef(PLACE, OFFSET), #adjustRef(VAL, OFFSET))
+  rule #adjustRef(SPLDataBorrowMut(PLACE, VAL), OFFSET) => SPLDataBorrowMut(#adjustRef(PLACE, OFFSET), #adjustRef(VAL, OFFSET))
+  rule #adjustRef(SPLDataBuffer(VAL), OFFSET) => SPLDataBuffer(#adjustRef(VAL, OFFSET))
+  rule #adjustRef(SPLPubkeyRef(VAL), OFFSET) => SPLPubkeyRef(#adjustRef(VAL, OFFSET))
+  // COption values are pure data; adjusting references is a no-op
+  rule #adjustRef(VAL, _) => VAL
+    requires #isSplCOptionPubkey(VAL) orBool #isSplCOptionU64(VAL)
+    [simplification]
+
 ```
 
 
@@ -169,29 +181,39 @@ module KMIR-SPL-TOKEN
               ListItem(SPLPubkeyRef(Aggregate(variantIdx(0), ListItem(Range(?SplAccountKey:List)))))              // pub key: &'a Pubkey
               ListItem(
                   SPLRefCell(
-                    place(
-                      LOCAL,
-                      appendP(PROJS, projectionElemDeref projectionElemField(fieldIdx(1), #hack()) .ProjectionElems)
+                    Reference(
+                      0,
+                      place(
+                        LOCAL,
+                        appendP(PROJS, projectionElemDeref projectionElemField(fieldIdx(1), #hack()) .ProjectionElems)
+                      ),
+                      mutabilityNot,
+                      metadata(noMetadataSize, 0, noMetadataSize)
                     ),
                     Integer(?SplLamports:Int, 64, false)
                   )
               ) // lamports: Rc<RefCell<&'a mut u64>>
               ListItem( // data: Rc<RefCell<&'a mut [u8]>>
                   SPLRefCell(
-                    place(
-                      LOCAL,
-                      appendP(PROJS, projectionElemDeref projectionElemField(fieldIdx(2), #hack()) .ProjectionElems)
+                    Reference(
+                      0,
+                      place(
+                        LOCAL,
+                        appendP(PROJS, projectionElemDeref projectionElemField(fieldIdx(2), #hack()) .ProjectionElems)
+                      ),
+                      mutabilityNot,
+                      metadata(noMetadataSize, 0, noMetadataSize)
                     ),
                     SPLDataBuffer( // data: Rc<RefCell<&'a mut [u8]>>, Aggregate is for &account.data
                       Aggregate(variantIdx(0),
                         ListItem(Aggregate(variantIdx(0), ListItem(Range(?SplMintKey:List))))        // Account.mint: Pubkey
                         ListItem(Aggregate(variantIdx(0), ListItem(Range(?SplTokenOwnerKey:List))))  // Account.owner: Pubkey
                         ListItem(Integer(?SplAmount:Int, 64, false))             // Account.amount: u64
-                        ListItem(?SplDelegateCOpt:Value)                         // Account.delegate: COption<Pubkey>
+                        ListItem(Aggregate(variantIdx(0), .List)) // COption<Pubkey> default None
                         ListItem(Integer(?SplAccountState:Int, 8, false))        // Account.state: AccountState (repr u8)
-                        ListItem(?SplIsNativeCOpt:Value)                         // Account.is_native: COption<u64>
+                        ListItem(Aggregate(variantIdx(0), .List)) // COption<u64> default None
                         ListItem(Integer(?SplDelegatedAmount:Int, 64, false))    // Account.delegated_amount: u64
-                        ListItem(?SplCloseAuthCOpt:Value)                        // Account.close_authority: COption<Pubkey>
+                        ListItem(Aggregate(variantIdx(0), .List)) // COption<Pubkey> default None
                     )
                   )
                 )
@@ -217,9 +239,9 @@ module KMIR-SPL-TOKEN
       andBool 0 <=Int ?SplAmount andBool ?SplAmount <Int (1 <<Int 64)
       andBool 0 <=Int ?SplAccountState andBool ?SplAccountState <Int 256
       andBool 0 <=Int ?SplDelegatedAmount andBool ?SplDelegatedAmount <Int (1 <<Int 64)
-      andBool #isSplCOptionPubkey(?SplDelegateCOpt)
-      andBool #isSplCOptionPubkey(?SplCloseAuthCOpt)
-      andBool #isSplCOptionU64(?SplIsNativeCOpt)
+              andBool #isSplCOptionPubkey(Aggregate(variantIdx(0), .List))
+      andBool #isSplCOptionPubkey(Aggregate(variantIdx(0), .List))
+      andBool #isSplCOptionU64(Aggregate(variantIdx(0), .List))
     [priority(30), preserves-definedness]
 
   rule [cheatcode-is-spl-mint]:
@@ -230,26 +252,36 @@ module KMIR-SPL-TOKEN
               ListItem(SPLPubkeyRef(Aggregate(variantIdx(0), ListItem(Range(?SplMintAccountKey:List)))))    // pub key: &'a Pubkey
               ListItem(
                   SPLRefCell(
-                    place(
-                      LOCAL,
-                      appendP(PROJS, projectionElemDeref projectionElemField(fieldIdx(1), #hack()) .ProjectionElems)
+                    Reference(
+                      0,
+                      place(
+                        LOCAL,
+                        appendP(PROJS, projectionElemDeref projectionElemField(fieldIdx(1), #hack()) .ProjectionElems)
+                      ),
+                      mutabilityNot,
+                      metadata(noMetadataSize, 0, noMetadataSize)
                     ),
                     Integer(?SplMintLamports:Int, 64, false)
                   )
               )
               ListItem(
                   SPLRefCell(
-                    place(
-                      LOCAL,
-                      appendP(PROJS, projectionElemDeref projectionElemField(fieldIdx(2), #hack()) .ProjectionElems)
+                    Reference(
+                      0,
+                      place(
+                        LOCAL,
+                        appendP(PROJS, projectionElemDeref projectionElemField(fieldIdx(2), #hack()) .ProjectionElems)
+                      ),
+                      mutabilityNot,
+                      metadata(noMetadataSize, 0, noMetadataSize)
                     ),
                     SPLDataBuffer(
                       Aggregate(variantIdx(0),
-                        ListItem(?SplMintAuthorityCOpt:Value)
+                        ListItem(Aggregate(variantIdx(0), .List))
                         ListItem(Integer(?SplMintSupply:Int, 64, false))
                         ListItem(Integer(?SplMintDecimals:Int, 8, false))
                         ListItem(BoolVal(false))
-                        ListItem(?SplMintFreezeAuthorityCOpt:Value)
+                        ListItem(Aggregate(variantIdx(0), .List))
                       )
                     )
                   )
@@ -270,10 +302,10 @@ module KMIR-SPL-TOKEN
       andBool #isSplPubkey(?SplMintOwnerKey)
       andBool 0 <=Int ?SplMintLamports andBool ?SplMintLamports <Int 18446744073709551616
       andBool 0 <=Int ?SplMintRentEpoch andBool ?SplMintRentEpoch <Int 18446744073709551616
-      andBool #isSplCOptionPubkey(?SplMintAuthorityCOpt)
+      andBool #isSplCOptionPubkey(Aggregate(variantIdx(0), .List))
       andBool 0 <=Int ?SplMintSupply andBool ?SplMintSupply <Int (1 <<Int 64)
       andBool 0 <=Int ?SplMintDecimals andBool ?SplMintDecimals <Int 256
-      andBool #isSplCOptionPubkey(?SplMintFreezeAuthorityCOpt)
+      andBool #isSplCOptionPubkey(Aggregate(variantIdx(0), .List))
     [priority(30), preserves-definedness]
 ```
 
@@ -292,8 +324,9 @@ expose the wrapped payload directly.
     [priority(30), preserves-definedness]
 
   syntax KItem ::= #finishSPLRcDeref ( Evaluation , Place , MaybeBasicBlockIdx ) [seqstrict(1)]
-                  | #resolveSPLRcRef ( Value , Place , MaybeBasicBlockIdx )
-                  | #finishResolvedSPLRc ( Place , MaybeBasicBlockIdx )
+                 | #resolveSPLRcRef ( Value , Place , MaybeBasicBlockIdx )
+                 | #finishResolvedSPLRc ( Place , MaybeBasicBlockIdx )
+                 | #writeThroughRef ( Value , Value ) [seqstrict(2)]
 
   rule <k> #finishSPLRcDeref(Reference(OFFSET, PLACE, MUT, META), DEST, TARGET)
         => #resolveSPLRcRef(Reference(OFFSET, PLACE, MUT, META), DEST, TARGET)
@@ -339,6 +372,31 @@ expose the wrapped payload directly.
         => #setLocalValue(DEST, SPLRefCell(PLACE, VAL)) ~> #continueAt(TARGET)
        ...
       </k>
+
+  // Cross-frame write helper for SPL ref cells
+  rule <k> #writeThroughRef(Reference(0, place(local(I), PROJS), _, _), VAL)
+        => #forceSetPlaceValue(place(local(I), PROJS), VAL)
+       ...
+      </k>
+      <locals> LOCALS </locals>
+    requires 0 <=Int I andBool I <Int size(LOCALS)
+     andBool isTypedLocal(LOCALS[I])
+
+  rule <k> #writeThroughRef(Reference(OFFSET, place(local(I), PROJS), _, _), VAL)
+        => #traverseProjection(
+             toStack(OFFSET, local(I)),
+             #localFromFrame({STACK[OFFSET -Int 1]}:>StackFrame, local(I), OFFSET),
+             PROJS,
+             .Contexts
+           )
+           ~> #writeProjection(VAL)
+       ...
+      </k>
+      <stack> STACK </stack>
+    requires 0 <Int OFFSET
+     andBool OFFSET <=Int size(STACK)
+     andBool isStackFrame(STACK[OFFSET -Int 1])
+     andBool 0 <=Int I
 ```
 
 ## Pubkey references
@@ -369,7 +427,7 @@ expose the wrapped payload directly.
 
 ```k
   // Step 1
-  syntax Context ::= CtxSPLRefCell ( Place )
+  syntax Context ::= CtxSPLRefCell ( Value )
   rule <k> #traverseProjection(
              DEST,
              SPLRefCell(PLACE, VAL),
@@ -382,14 +440,14 @@ expose the wrapped payload directly.
              PROJS,
              CtxSPLRefCell(PLACE) CTXTS
            )
-        ...
-       </k>
+       ...
+      </k>
     [priority(30)]
   rule #buildUpdate(VAL, CtxSPLRefCell(PLACE) CTXS) => #buildUpdate(SPLRefCell(PLACE, VAL), CTXS)
   rule #projectionsFor(CtxSPLRefCell(_) CTXS, PROJS) => #projectionsFor(CTXS, projectionElemDeref PROJS)
 
   // Step 2 
-  syntax Context ::= CtxSPLDataBorrow ( Place )
+  syntax Context ::= CtxSPLDataBorrow ( Value )
   rule <k> #traverseProjection(
              DEST,
              SPLDataBorrow(PLACE, VAL),
@@ -402,13 +460,13 @@ expose the wrapped payload directly.
              PROJS,
              CtxSPLDataBorrow(PLACE) CTXTS
            )
-        ...
-       </k>
+       ...
+      </k>
     [priority(30)]
   rule #buildUpdate(VAL, CtxSPLDataBorrow(PLACE) CTXS) => #buildUpdate(SPLDataBorrow(PLACE, SPLDataBuffer(VAL)), CTXS)
   rule #projectionsFor(CtxSPLDataBorrow(_) CTXS, PROJS) => #projectionsFor(CTXS, projectionElemDeref PROJS)
 
-  syntax Context ::= CtxSPLDataBorrowMut ( Place )
+  syntax Context ::= CtxSPLDataBorrowMut ( Value )
   rule <k> #traverseProjection(
              DEST,
              SPLDataBorrowMut(PLACE, VAL),
@@ -421,8 +479,8 @@ expose the wrapped payload directly.
              PROJS,
              CtxSPLDataBorrowMut(PLACE) CTXTS
            )
-        ...
-       </k>
+       ...
+      </k>
     [priority(30)]
   rule #buildUpdate(VAL, CtxSPLDataBorrowMut(PLACE) CTXS) => #buildUpdate(SPLDataBorrowMut(PLACE, SPLDataBuffer(VAL)), CTXS)
   rule #projectionsFor(CtxSPLDataBorrowMut(_) CTXS, PROJS) => #projectionsFor(CTXS, projectionElemDeref PROJS)
@@ -591,13 +649,14 @@ expose the wrapped payload directly.
   syntax KItem ::= #mkSPLAccountPack ( Evaluation , Evaluation , Place ) [seqstrict(1,2)]
 
   rule <k> #mkSPLAccountPack(ACCOUNT, SPLDataBorrowMut(PLACE, SPLDataBuffer(_)), DEST)
-        => #forceSetPlaceValue(
+        => #writeThroughRef(
              PLACE,
              SPLRefCell(PLACE, SPLDataBuffer(ACCOUNT))
            )
          ~> #setLocalValue(DEST, Aggregate(variantIdx(0), ListItem(Aggregate(variantIdx(0), .List))))
         ...
        </k>
+    requires isRef(PLACE)
 ```
 
 ```k

kmir/src/tests/integration/data/prove-rs/spl_token_domain_data.rs

@@ -127,12 +127,33 @@ fn test_spltoken_domain_data(
     multisig: &AccountInfo<'_>,
     rent: &AccountInfo<'_>,
 ) {
+    test_spl_account_pack_is_native_branch(acc);
+    test_spl_account_is_native_branch(acc);
     test_spl_account_domain_data(acc);
     test_spl_mint_domain_data(mint);
     test_spl_multisig_domain_data(multisig);
     test_spl_rent_domain_data(rent);
 }
 
+fn test_spl_account_pack_is_native_branch(acc: &AccountInfo<'_>) {
+    // Keep is_native symbolic and pack through an extra call frame to mirror process_burn’s cross-frame writeback
+    cheatcode_is_spl_account(acc);
+    let account = get_account(acc);
+    let mut borrow = acc.data.borrow_mut();
+    pack_account_inner(&mut borrow, &account);
+}
+
+fn pack_account_inner(buf: &mut [u8], account: &Account) {
+    Account::pack(account.clone(), buf).unwrap();
+}
+
+fn test_spl_account_is_native_branch(acc: &AccountInfo<'_>) {
+    // Keep is_native symbolic and exercise COption::<u64>::is_some to reproduce the ndbranch
+    cheatcode_is_spl_account(acc);
+    let account = get_account(acc);
+    let _ = account.is_native();
+}
+
 fn test_spl_account_domain_data(acc: &AccountInfo<'_>) {
     cheatcode_is_spl_account(acc);
 

kmir/src/tests/integration/test_integration.py

@@ -37,7 +37,12 @@
     'assume-cheatcode': ['check_assume'],
     'assume-cheatcode-conflict-fail': ['check_assume_conflict'],
     'transmute-bytes': ['bytes_to_u64', 'u64_to_bytes'],
-    'spl_token_domain_data': ['test_spl_account_domain_data', 'test_spl_mint_domain_data'],
+    'spl_token_domain_data': [
+        'test_spl_account_pack_is_native_branch',
+        'test_spl_account_is_native_branch',
+        'test_spl_account_domain_data',
+        'test_spl_mint_domain_data',
+    ],
 }
 PROVE_RS_SHOW_SPECS = [
     'local-raw-fail',