From 88d5e9e104fb6a12955def50a1b38edef9b468e0 Mon Sep 17 00:00:00 2001
From: Stevengre <zhaojianhong96@gmail.com>
Date: Mon, 16 Mar 2026 05:36:27 +0000
Subject: [PATCH 1/2] test(prove-rs): add write-volatile-pubkey-array red repro
 with show snapshot

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 ..._volatile_pubkey_array-fail.repro.expected | 14 +++++++
 .../write_volatile_pubkey_array-fail.rs       | 37 +++++++++++++++++++
 .../src/tests/integration/test_integration.py |  2 +
 3 files changed, 53 insertions(+)
 create mode 100644 kmir/src/tests/integration/data/prove-rs/show/write_volatile_pubkey_array-fail.repro.expected
 create mode 100644 kmir/src/tests/integration/data/prove-rs/write_volatile_pubkey_array-fail.rs

diff --git a/kmir/src/tests/integration/data/prove-rs/show/write_volatile_pubkey_array-fail.repro.expected b/kmir/src/tests/integration/data/prove-rs/show/write_volatile_pubkey_array-fail.repro.expected
new file mode 100644
index 000000000..48de7bb26
--- /dev/null
+++ b/kmir/src/tests/integration/data/prove-rs/show/write_volatile_pubkey_array-fail.repro.expected
@@ -0,0 +1,14 @@
+
+┌─ 1 (root, init)
+│   #execTerminator ( terminator ( ... kind: terminatorKindCall ( ... func: operandC
+│   span: 0
+│
+│  (122 steps)
+└─ 3 (stuck, leaf)
+    #traverseProjection ( toStack ( 3 , local ( 3 ) ) , Aggregate ( variantIdx ( 0 )
+
+
+┌─ 2 (root, leaf, target, terminal)
+│   #EndProgram ~> .K
+
+
diff --git a/kmir/src/tests/integration/data/prove-rs/write_volatile_pubkey_array-fail.rs b/kmir/src/tests/integration/data/prove-rs/write_volatile_pubkey_array-fail.rs
new file mode 100644
index 000000000..226770ce2
--- /dev/null
+++ b/kmir/src/tests/integration/data/prove-rs/write_volatile_pubkey_array-fail.rs
@@ -0,0 +1,37 @@
+#![allow(invalid_reference_casting)]
+
+fn main() {
+    let _keep: fn(&AccountInfo<'_>, Pubkey) = repro;
+}
+
+#[inline(never)]
+#[no_mangle]
+pub fn repro(account: &AccountInfo<'_>, replacement: Pubkey) {
+    account.assign(replacement);
+    assert_eq!(*account.owner, replacement);
+}
+
+struct AccountInfo<'a> {
+    owner: &'a Pubkey,
+}
+
+impl<'a> AccountInfo<'a> {
+    #[inline(never)]
+    fn assign(&self, new_owner: Pubkey) {
+        unsafe {
+            std::ptr::write_volatile(
+                self.owner as *const Pubkey as *mut [u8; 32],
+                new_owner.to_bytes(),
+            );
+        }
+    }
+}
+
+#[derive(Clone, Copy, Debug, PartialEq, Eq)]
+struct Pubkey([u8; 32]);
+
+impl Pubkey {
+    fn to_bytes(self) -> [u8; 32] {
+        self.0
+    }
+}
diff --git a/kmir/src/tests/integration/test_integration.py b/kmir/src/tests/integration/test_integration.py
index 8c59cce9b..c200f6f53 100644
--- a/kmir/src/tests/integration/test_integration.py
+++ b/kmir/src/tests/integration/test_integration.py
@@ -40,8 +40,10 @@
     'test_offset_from-fail': ['testing'],
     'iter-eq-copied-take-dereftruncate': ['repro'],
     'spl-multisig-iter-eq-copied-next': ['repro'],
+    'write_volatile_pubkey_array-fail': ['repro'],
 }
 PROVE_SHOW_SPECS = [
+    'write_volatile_pubkey_array-fail',
     'local-raw-fail',
     'interior-mut-fail',
     'interior-mut3-fail',

From 9afd2943f44390c7b3d99dbcc7cf22a3bb274892 Mon Sep 17 00:00:00 2001
From: Stevengre <zhaojianhong96@gmail.com>
Date: Mon, 16 Mar 2026 06:59:10 +0000
Subject: [PATCH 2/2] fix(rt): cancel SingletonArray+Field(0)+ConstantIndex(0)
 in traversal

Add a traversal rule that eliminates the three-element projection chain
SingletonArray+Field(0)+ConstantIndex(0) on single-element Aggregates,
reducing it to just Field(0).

This pattern arises from pointer casts like `*const Pubkey as *mut [u8; 32]`
in write_volatile calls. The three projections together mean "treat the
struct as a one-element array, take field 0, index element 0" which is
equivalent to just "take field 0".

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 kmir/src/kmir/kdist/mir-semantics/rt/data.md       | 11 +++++++++++
 ...write_volatile_pubkey_array-fail.repro.expected | 14 --------------
 ...rray-fail.rs => write_volatile_pubkey_array.rs} |  0
 kmir/src/tests/integration/test_integration.py     |  3 +--
 4 files changed, 12 insertions(+), 16 deletions(-)
 delete mode 100644 kmir/src/tests/integration/data/prove-rs/show/write_volatile_pubkey_array-fail.repro.expected
 rename kmir/src/tests/integration/data/prove-rs/{write_volatile_pubkey_array-fail.rs => write_volatile_pubkey_array.rs} (100%)

diff --git a/kmir/src/kmir/kdist/mir-semantics/rt/data.md b/kmir/src/kmir/kdist/mir-semantics/rt/data.md
index f76620160..0dba629bd 100644
--- a/kmir/src/kmir/kdist/mir-semantics/rt/data.md
+++ b/kmir/src/kmir/kdist/mir-semantics/rt/data.md
@@ -452,6 +452,17 @@ This is done without consideration of the validity of the Downcast[^downcast].
 [^downcast]: See discussion in https://github.com/rust-lang/rust/issues/93688#issuecomment-1032929496.
 
 ```k
+  // fast elimination: SingletonArray + Field(0) + ConstantIndex(0) on a single-element Aggregate
+  rule <k> #traverseProjection(
+             DEST,
+             Aggregate(IDX, ARGS),
+             projectionElemSingletonArray projectionElemField(fieldIdx(0), TY) projectionElemConstantIndex(0, 0, false) PROJS,
+             CTXTS
+           )
+        => #traverseProjection(DEST, Aggregate(IDX, ARGS), projectionElemField(fieldIdx(0), TY) PROJS, CTXTS) ... </k>
+    requires size(ARGS) ==Int 1
+    [preserves-definedness]
+
   rule <k> #traverseProjection(
              DEST,
              Aggregate(IDX, ARGS),
diff --git a/kmir/src/tests/integration/data/prove-rs/show/write_volatile_pubkey_array-fail.repro.expected b/kmir/src/tests/integration/data/prove-rs/show/write_volatile_pubkey_array-fail.repro.expected
deleted file mode 100644
index 48de7bb26..000000000
--- a/kmir/src/tests/integration/data/prove-rs/show/write_volatile_pubkey_array-fail.repro.expected
+++ /dev/null
@@ -1,14 +0,0 @@
-
-┌─ 1 (root, init)
-│   #execTerminator ( terminator ( ... kind: terminatorKindCall ( ... func: operandC
-│   span: 0
-│
-│  (122 steps)
-└─ 3 (stuck, leaf)
-    #traverseProjection ( toStack ( 3 , local ( 3 ) ) , Aggregate ( variantIdx ( 0 )
-
-
-┌─ 2 (root, leaf, target, terminal)
-│   #EndProgram ~> .K
-
-
diff --git a/kmir/src/tests/integration/data/prove-rs/write_volatile_pubkey_array-fail.rs b/kmir/src/tests/integration/data/prove-rs/write_volatile_pubkey_array.rs
similarity index 100%
rename from kmir/src/tests/integration/data/prove-rs/write_volatile_pubkey_array-fail.rs
rename to kmir/src/tests/integration/data/prove-rs/write_volatile_pubkey_array.rs
diff --git a/kmir/src/tests/integration/test_integration.py b/kmir/src/tests/integration/test_integration.py
index c200f6f53..6e9ec7133 100644
--- a/kmir/src/tests/integration/test_integration.py
+++ b/kmir/src/tests/integration/test_integration.py
@@ -40,10 +40,9 @@
     'test_offset_from-fail': ['testing'],
     'iter-eq-copied-take-dereftruncate': ['repro'],
     'spl-multisig-iter-eq-copied-next': ['repro'],
-    'write_volatile_pubkey_array-fail': ['repro'],
+    'write_volatile_pubkey_array': ['repro'],
 }
 PROVE_SHOW_SPECS = [
-    'write_volatile_pubkey_array-fail',
     'local-raw-fail',
     'interior-mut-fail',
     'interior-mut3-fail',