Welcome

Hello and a warm welcome to the revive Solidity compiler book!

Warning

Solidity on PVM is running on the pallet-revive runtime. This introduces observable semantic differences in comparison with the EVM.

Study the differences section carefully. Ignoring these differences may lead to defunct contracts.

Notable examples:

The 63/64 gas rule isn’t implemented in the pallet (introduces potential DoS vector when calling other contracts)

Contract instantiation works differently (by hash instead of by code)

The gas model implemented by pallet-revive differs from Ethereum

The heap size is fixed instead of gas-metered and there’s a fixed amount of stack size (contracts working fine on EVM may trap on PVM)

Target audience

Solidity dApp developers should read the user guide. Solidity on PolkaVM introduces important differences to EVM which should be well understood.
Contributors will find the developer guide helpful for getting up to speed.

Other Polkadot contracts resources

Head to contracts.polkadot.io for more general information about contracts on Polkadot.

About

This mdBook documents the revive Solidity compiler project. The content is found under book/. Run make book to observe changes.

`resolc` user guide

resolc is a Solidity v0.8 compiler for Polkadot native smart contracts. Solidity compiled with resolc targets PolaVM (PVM). Thanks to additional compiler optimizations and the PVM JIT, contract code can execute much faster than the EVM equivalent. resolc supports almost all Solidity v0.8 features including inline assembly, offering a high level of comptability with the Ethereum Solidity reference implementation.

`revive` vs. `resolc` nomenclature

revive is the name of the overarching “Solidity to PolkaVM” compiler project, which contains multiple components (for example the Yul parser, the code generation library, the resolc executable itself, and many more things).

resolc is the name of the compiler driver executable, combining many revive components in a single and easy to use binary application.

In other words, revive is the whole compiler infrastructure (more like LLVM) and resolc is a user-facing single-entrypoint compiler frontend (more like clang).

Installation

Building Solidity contracts for PolkaVM requires installing the following two compilers:

solc: The Ethereum Solidity reference compiler implementation.
resolc: The revive Solidity compiler YUL frontend and PolkaVM code generator.

`resolc` binary releases

resolc is supported an all major operating systems and installation is straightforward. Please find our binary releases for the following platforms:

Linux (MUSL)
MacOS (universal)
Windows
Wasm via emscripten

Installing the `solc` dependency

resolc uses solc during the compilation process, please refer to the Ethereum Solidity documentation for installation instructions.

`revive` NPM package

We distribute the revive compiler as node.js module.

Buidling `resolc` from source

Please follow the build instructions in the revive README.md.

CLI usage

We aim to keep the resolc CLI usage close to solc. There are a few things and options worthwhile to know about in resolc which do not exist in the Ethereum world. This chapter explains those in more detail than the CLI help message.

Tip

For the complete help about CLI options, please see resolc --help.

LLVM optimization levels

-O, --optimization <OPTIMIZATION>

resolc exposes the optimization level setting for the LLVM backend. The performance and size of compiled contracts varies widely between different optimization levels. (This is independent of --newyork which selects the IR lowering pipeline.)

Valid levels are the following:

0: No optimizations are applied.
1: Basic optimizations for execution time.
2: Advanced optimizations for execution time.
3: Aggressive optimizations for execution time.
s: Optimize for code size.
z: Aggressively optimize for code size.

By default, -Oz is applied.

newyork IR pipeline

--newyork

Enables the newyork optimizer to reduced compiled contract code size, by routing Yul lowering through the experimental newyork IR pipeline instead of the standard Yul-to-LLVM path. Composes with --yul, --combined-json, and the default Solidity mode. In standard JSON mode this flag is rejected; enable the pipeline via the settings.polkavm.newyork input field instead. Off by default.

Stack size

--stack-size <STACK_SIZE>

PVM is a register machine with a traditional stack memory space for local variables. This controls the total amount of stack space the contract can use.

You are incentivized to keep this value as small as possible:

Increasing the stack size will increase gas costs due to increased startup costs.
The stack size contributes to the total memory size a contract can use, which includes the contract’s code size.

Default value: 131072

Warning

If the contract uses more stack memory than configured, it will compile fine but eventually revert execution at runtime!

Heap size

--heap-size <HEAP_SIZE>

Unlike the EVM, due to the lack of dynamic memory metering, PVM contracts emulate the EVM heap memory with a static buffer. Consequentially, instead of infinite memory with exponentially growing gas costs, PVM contracts have a finite amount of memory with constant gas costs available.

You are incentivized to keep this value as small as possible: 1.Increasing the heap size will increase startup costs. 2.The heap size contributes to the total memory size a contract can use, which includes the contract’s code size

Default value: 131072

Warning

If the contract uses more heap memory than configured, it will compile fine but eventually revert execution at runtime!

solc

--solc <SOLC>

Specify the path to the solc executable. By default, the one in ${PATH} is used.

Debug artifacts

--debug-output-dir <DEBUG_OUTPUT_DIRECTORY>

Dump all intermediary compiler artifacts to files in the specified directory. This includes the Yul IR, optimized and unoptimized LLVM IR, the ELF object and the PVM assembly. When the newyork pipeline is active, the newyork IR is additionally dumped (the final IR, a pre-late-pass snapshot, and heap and memory optimization data). Useful for debugging and development purposes.

Debug info

-g

Generate source based debug information in the output code file. Useful for debugging and development purposes and disabled by default.

Deploy time linking

--link [--libraries <LIBRARIES>] <INPUT_FILES>

In Solidity, 3 things can happen with libraries:

They are not externally callable and thus can be inlined.
1. The solc Solidity optimizer inlines those (usually the case). Note: resolc always activates the solc Solidity optimizer.
2. If the solc Solidity optimizer is disabled or for some reason fails to inline them (both rare), they are not inlined and require linking.
They are externally callable but still linked at compile time. This is the case if at compile time the library address is known (i.e. --libraries supplied in CLI or the corresponding setting in STD JSON input).
They are linked at deploy time. This happens when the compiler does not know the library address (i.e. --libraries flag is missing or the provided libraries are incomplete, same for STD JSON input). This case is rare because it’s discourage and should never be used by production dApps.

In cases 1.2 and 3:

Some of the produced code blobs will be in the “unlinked” raw ELF object format and not yet deployable.
To make them deployable, they need to be “linked” (done using the resolc --link linker mode explained below).
The compiler emitted DELEGATECALL instructions to call non-inlined (unlinked) libraries. The contract deployer must make sure to deploy any libraries prior to contract deployment.

Warning

Using deploy time linking is officially discouraged. Mainly due to bytecode hashes changing after the fact. We decided to support it in resolc regardless, due to popular request.

Similar to how it works in solc, --libraries may be used to provide libraries during linking mode.

Unlike with solc, where linking implies a simple string substitution mechanism, resolc needs to resolve actual missing ELF symbols. This is due to how factory dependencies work in PVM. As a consequence, it isn’t sufficient to just provide the unlinked blobs to the linker. Instead, they must be provided in the exact same directory structure the Solidity source code was found during compile time.

Example:

The contract src/foo/bar.sol:Bar is involved in deploy time linking. It may be a factory dependency.
The contract blob needs to be provided inside a relative src/foo/ directory to --link. Otherwise symbol resolution may fail.

Note

Tooling is supposed to take care of this. In the future, we may append explicit linkage data to simplify the deploy time linking feature.

JS NPM package

The resolc compiler driver is published as an NPM package under @parity/resolc.

It’s usable from Node.js code or directly from the command line:

npx @parity/resolc@latest --bin crates/integration/contracts/flipper.sol -o /tmp/out

Note

While the npm package makes a nice portable option, it doesn’t expose all options.

Tooling integration

resolc achieved successful integration with a variety of third party developer tools.

Solidity toolkits

Support for resolc is available in forks of the hardhat and foundry Solidity toolkits:

Compiler explorer

resolc is available on godbolt.org for the Solidity and Yul input languages. See also the announcement post on the forum.

Remix IDE

There is remix IDE fork with resolc support at remix.polkadot.io. Unfortunately this is no longer actively maintained (there might be bugs and outdated resolc versions).

Standard JSON interface

The revive compiler is mostly compatible with the solc standard JSON interface. There are a few differences and additional (PVM related) input configurations:

The `settings.polkavm` object

Used to configure PVM specific compiler settings.

`settings.polkavm.debugInformation`

A boolean value allowing to enable debug information. Corresponds to resolc -g.

`settings.polkavm.newyork`

A boolean value allowing to enable the experimental newyork IR pipeline for Yul lowering. Corresponds to resolc --newyork. Off by default.

The output JSON includes which pipeline actually ran, via the top-level resolc_pipeline field ("newyork" or "yul" for the standard Yul-to-LLVM pipeline).

The `settings.polkavm.memoryConfig` object

Used to apply PVM specific memory configuration settings.

`settings.polkavm.memoryConfig.heapSize`

A numerical value allowing to configure the contract heap size. Corresponds to resolc --heap-size.

`settings.polkavm.memoryConfig.stackSize`

A numerical value allowing to configure the contract stack size. Corresponds to resolc --stack-size.

The `settings.optimizer` object

The settings.optimizer object is augmented with support for PVM specific optimization settings.

`settings.optimizer.mode`

A single char value to configure the LLVM optimizer settings. Corresponds to resolc -O.

`settings.llvmArguments`

Allows to specify arbitrary command line arguments to LLVM initialization. Used mainly for development and debugging purposes.

The `settings.outputSelection` object

Used to select desired outputs.

The “all” (`*`) wildcard

Resolc supports the “all” (*) wildcard for the file-level (first-level) and contract-level (second-level) keys. A file-level key can be either the wildcard or a specific file name, whereas the contract-level key can only be the wildcard for robustness reasons.

Thus, output can be requested in 2 ways:

// All files and all contracts:
{
  "settings": {
    "outputSelection": {
      "*": {
        "*": [/* specific contract-level output fields */],
        "": [/* specific file-level output fields */]
      }
    }
  }
}

// Specific files and all their contracts:
{
  "settings": {
    "outputSelection": {
      "path/to/my/file.sol": {
        "*": [/* specific contract-level output fields */],
        "": [/* specific file-level output fields */]
      },
      // Rest of files...
    }
  }
}

The contract-level `evm` output selection

Note

Currently, resolc supports requesting either the full evm output, or one more level of specificity, such as evm.bytecode.

When requesting code generation, such as evm.bytecode or evm.assembly, the resolc compilation process additionally needs ast, metadata, irOptimized, and evm.methodIdentifiers selectors. These selectors will be automatically added if code generation is needed, but will only be included in the output if explicitly requested.

{
  "settings": {
    "outputSelection": {
      "path/to/my/file1.sol": {
        // Contracts in this file will generate bytecode.
        // Only these fields of the JSON output selection will be in the `contracts` output.
        "*": ["abi", "evm.methodIdentifiers", "metadata", "evm.bytecode"],
        // Only this field of the JSON output selection will be in the `sources` output.
        "": ["ast"]
      },
      "path/to/my/file2.sol": {
        // No contracts in this file will generate bytecode.
        "*": ["abi", "evm.methodIdentifiers", "metadata"],
        // No `ast` will be in the `sources` output (only the automatically added `id`,
        // similar to solc as this is not a configurable output selection).
        "": []
      },
    }
  }
}

Differences to EVM

This section highlights some potentially observable differences in the YUL EVM dialect translation compared to Ethereum Solidity.

Solidity developers deploying dApps to pallet-revive ought to read and understand this section well.

Deploy code vs. runtime code

Our contract runtime does not differentiate between runtime code and deploy (constructor) code. Instead, both are emitted into a single PVM contract code blob and live on-chain. Therefore, in EVM terminology, the deploy code equals the runtime code.

Tip

In constructor code, the codesize instruction will return the call data size instead of the actual code blob size.

Solidity

We are aware of the following differences in the translation of Solidity code.

The `63/64` gas rule

pallet-revive doesn’t apply the 63/64 gas rule. We strongly advice to change any code calling untrusted contracts to supply a limited amount of gas only!

`address.creationCode`

This returns the bytecode keccak256 hash instead.

YUL functions

The below list contains noteworthy differences in the translation of YUL functions.

Note

Many functions receive memory buffer offset pointer or size arguments. The PVM pointer size is 32 bit, supplying memory offset or buffer size values above 2^32-1 may lead to OutOfGas errors trap contract execution.

The solc compiler ought to always emit valid memory references, so Solidity dApp authors don’t need to worry about this unless they deal with low level assembly code.

In general, revive preserves the memory layout, meaning low level memory operations are supported. However, a few caveats apply:

The EVM linear heap memory is emulated using a fixed byte buffer of 128kb. This implies that the maximum memory a contract can use is limited to 128kb (on Ethereum, contract memory is capped by gas and therefore varies).
Thus, accessing memory offsets larger than the fixed buffer size will trap the contract at runtime with an OutOfBound error.
The compiler might detect and optimize unused memory reads and writes, leading to a different msize compared to what the EVM would see.

`calldataload`, `calldatacopy`

In the constructor code, the offset is ignored and this always returns 0.

Warning

pallet-revive restricts the calldata size (to 128kb at the time of writing).

`codecopy`

Only supported in constructor code.

`create`, `create2`

Deployments on revive work different than on EVM. In a nutshell: Instead of supplying the deploy code concatenated with the constructor arguments (the EVM deploy model), the revive runtime expects two pointers:

A buffer containing the code hash to deploy.
The constructor arguments buffer.

To make contract instantiation using the new keyword in Solidity work seamlessly, revive translates the dataoffset and datasize instructions so that they assume the contract hash instead of the contract code. The hash is always of constant size. Thus, revive is able to supply the expected code hash and constructor arguments pointer to the runtime.

Warning

This might fall apart in code creating contracts inside assembly blocks. We strongly discourage using the create family opcodes to manually craft deployments in assembly blocks! Usually, the reason for using assembly blocks is to save gas, which is likely futile on revive due to the underlying differences in the VM architectures, gas models and transaction costs.

`dataoffset`

Returns the contract hash.

`datasize`

Returns the contract hash size (constant value of 32).

`revert`, `return`

pallet-revive restricts the returndata size (to 128kb at the time of writing).

`prevrandao`, `difficulty`

Translates to a constant value of 2500000000000000.

`pc`, `extcodecopy`

Only valid to use in EVM (they also have no use case in PVM) and produce a compile time error.

`blobhash`, `blobbasefee`

Related to the Ethereum rollup model and produce a compile time error. Polkadot offers a superior rollup model, removing the use case for blob data related opcodes.

Difference regarding the `solc` `via-ir` mode

There are two different compilation pipelines available in solc and there are small differences between them.

Since resolc processes the YUL IR, always assume the solc IR based codegen behavior for contracts compiled with the revive compiler.

Example: State variable initialization order in inheritance

With via-ir, base constructors run before derived state variables are initialized:

contract InnerContract {
    uint public innerConstructedStartTokenId;

    constructor() {
        innerConstructedStartTokenId = _startTokenId();
    }

    function _startTokenId() internal view virtual returns (uint) {
        return 0;
    }
}

contract Test is InnerContract {
    uint public START_TOKEN_ID = 1;

    constructor() InnerContract() {
    }

    function _startTokenId() internal view virtual override returns (uint) {
        return START_TOKEN_ID;
    }
}

Here, innerConstructedStartTokenId in Test returns 0 (with legacy EVM codegen it’d return 1).

Rust contract libraries

Note

This is not yet implemented but something for consideration on the roadmap.

Solidity - tightly coupled to the EVM - introduces some inherent inefficiencies that are by design and either needs to be followed or can’t be easily worked around, even with efforts like better optimized compiler and VM implementations. This represents a technical dead end. So far the EVM sees no adoption beyond the blockchain industry. Chances are that the EVM end up deprecated for technical reasons (or maybe not and the RISC-V idea gets abandoned, who knows).

PVM, however, is a general purpose VM. It supports LLVM based mainstream programming languages like Rust. It’s a common software engineering practice to compose applications from pieces written in multiple languages, using each to their own strength. For example, AI solutions traditionally use the python scripting language for convenient developer experience, while the underlying AI models get implemented in a lower level language such as C++.

The same pattern can of course be applied to dApps, where we’d expect application specific languages like Solidity mixed with libraries implementing computationally complex algorithms in a lower level language. Business logic and user interfaces are naturally implemented as regular Solidity dApps which can include (link against) Rust libraries. Rust is a fast, safe low level language and the Polkadot SDK is written in Rust itself, making it an excellent choice.

For example, ZK proof verifiers or expensive DeFi primitives would benefit greatly from Rust implementations.

revive provides tooling support and a small Rust contracts SDK for seamless integration with Rust libraries.

`revive-runner` sandbox

Running contract code usually requires a blockchain node. While local dev nodes can be used, sometimes it’s just not desirable to do so. Instead, it can be much more convenient to run and debug contract code with a stripped down environment.

This is where the revive-runner comes in handy. In a nutshell, it is a single-binary no-blockchain pallet-revive runtime.

Installation and usage

Inside the root revive repository directory, install it from source (requires Rust installed):

make install-revive-runner

After installing, see revive-runner --help for usage help.

Trace logs

The standard RUST_LOG environment variable controls the log output from the contract execution. This includes revive runtime logs and PVM execution trace logs. Sometimes it’s convenient to have more fine granular insight. Some useful filters:

RUST_LOG=runtime=trace: The pallet-revive runtime trace logs.
RUST_LOG=polkavm=trace: Low level PolkaVM instruction tracing.

Automatic contract instantiation

To avoid running the constract in an unitialized state, revive-runner automatically instantiates the contract before calling it (constructor arguments can be provided).

Example

Suppose we want to trace the syscalls of the execution of a compiled contract file Flipper.pvm:

RUST_LOG=runtime=trace revive-runner -f Flipper.pvm
[DEBUG runtime::revive] Contract memory usage: purgable=6144/3145728 KB baseline=103063/1572864
[TRACE runtime::revive::strace] call_data_size() = Ok(0) gas_consumed: Weight { ref_time: 985209, proof_size: 0 }
[TRACE runtime::revive::strace] value_transferred(out_ptr: 4294836096) = Ok(()) gas_consumed: Weight { ref_time: 2937634, proof_size: 0 }
[TRACE runtime::revive::strace] call_data_copy(out_ptr: 131216, out_len: 0, offset: 0) = Ok(()) gas_consumed: Weight { ref_time: 4084483, proof_size: 0 }
[TRACE runtime::revive::strace] seal_return(flags: 0, data_ptr: 131216, data_len: 0) = Err(TrapReason::Return(ReturnData { flags: 0, data: [] })) gas_consumed: Weight { ref_time: 5510615, proof_size: 0 }
[TRACE runtime::revive] frame finished with: Ok(ExecReturnValue { flags: (empty), data: [] })
[TRACE runtime::revive::strace] call_data_size() = Ok(0) gas_consumed: Weight { ref_time: 985209, proof_size: 0 }
[TRACE runtime::revive::strace] seal_return(flags: 1, data_ptr: 131088, data_len: 0) = Err(TrapReason::Return(ReturnData { flags: 1, data: [] })) gas_consumed: Weight { ref_time: 2456669, proof_size: 0 }
[TRACE runtime::revive] frame finished with: Ok(ExecReturnValue { flags: REVERT, data: [] })

Developer guide

This chapter covers internal aspects of the compiler and helps contributors getting started with the revive codebase.

Contributor guide

The revive compiler is an open source software project and we gladly accept quality contributions from anyone!

Getting started

A quick reference on how to build the Solidity compiler is maintained in the project’s README.md.

Using the `Makefile`

The Makefile comprehensively encapsulates all development aspects of this codebase. It is kept concise and readable. Please read and use it! You’ll learn for example:

How to build and install a resolc development version.
How to run tests and benchmarks.
How to cross-compile resolc.

As a general rule-of-thumb: If make test runs fine locally, chances for green CI pipelines are good.

Codebase organization

For the most parts, revive is a rather standard Rust workspace codebase. There are some non-Rust dependencies, which sometimes complicates things a little bit.

The `crates/` dir

All Rust crates live under the crates/ directory. The workspace automatically considers any crate found therein. If you need to add a new create, please implement it there.

Compiler library crates should be named with the revive- prefix. The crate location doesn’t need the prefix.

Dependencies

Dependencies should be added as workspace dependencies. Try to avoid pinning dependencies whenever possible. If possible, add dev dependencies as dev-dependencies only.

Please do always include the Cargo.lock dependency lock file with your PR. Please don’t run cargo update together with other changes (it is preferred to update the lock file in a dedicated dependency update PR).

Contribution rules

Changes must be submitted via a pull request (PR) to the github upstream repository.
Ensure that your branch passes make test locally when submitting a pull request.
A PR must not be merged until CI fully passes. Exceptions can be made (for example to fix CI issues itself).
No force pushes to the main branch and open PR branches.
Maintainers can request changes or deny contributions at their own discretion.

Style guide

We require the official Rust formatter and clippy linter. In addition to that, please also consider the following best-effort aspects:

Avoid magic numbers and strings. Instead, add them as module constants.
Avoid abbreviated variable and function names. Always provide meaningful and readable symbols.
Don’t write macros and don’t use third party macros for things that can easily be expressed in few lines of code or outlined into functions.
Avoid import aliasing. Please use the parent or fully qualified path for conflicting symbols.
Any inline comments must provide additional semantic meaning, explain counter-intuitive behavior or highlight non-obvious design decisions. In other words, try to make the code expressive enough to a degree it doesn’t need comments expressing the same thing again in the English language. Delete such comments if your AI assistant generated them.
Public items must have a meaningful doc comment.
Provide meaningful panic messages to .expect() or just use .unwrap().

AI policy

Contributors may use whatever AI assistance tools they wish to whatever degree they wish in the process of creating their contribution, given they acknowledge the following:

Project maintainers may reject any contribution (or portions of it) if the contribution shows signs of problematic involvement of generative AI.

Judgement of “problematic involvement” lies at the sole discretion of project maintainers. No proof (whether a contribution was in fact AI generated or not) is required. Rationale:

No one enjoys reading soulless and uncanny LLM slop. Please review and fix any AI slop yourself prior to submitting a PR.
A Solidity compiler is security sensitive software. Even miniscule mistakes can ultimately lead to loss of funds. AI models are inherently stochastic. They regurarly fail to capture important nuances or produce straight hallucinations. Code that was “blindly” generated has no home here.
revive is a large codebase. Generative AI assistants may not have enough “context window” to sufficiently capture correctness, consistency and style aspects of the codebase. We’d like to keep this codebase maintainable by humans for the forseeable future.

Compiler architecture and internals

revive relies on solc, the Ethereum Solidity compiler, as the Solidity frontend to process smart contracts written in Solidity. LLVM, a popular and powerful compiler framework, is used as the compiler backend and does the heavy lifting in terms of optimizitations and RISC-V code generation.

revive mainly takes care of lowering the Yul intermediate representation (IR) produced by solc to LLVM IR. This approach provides a good balance between maintaining a high level of Ethereum compatibility, good contract performance and feasible engineering efforts.

`resolc`

resolc is the overarching compiler driver library and binary.

When compiling a Solidity source file with resolc, the following steps happen under the hood:

solc is used to lower the Solidity source code into YUL intermediate representation.
revive lowers the YUL IR into LLVM IR.
LLVM optimizes the code and emits a RISC-V ELF shared object (through LLD).
The PolkaVM linker finally links the ELF shared object into a PolkaVM blob.

This compilation process can be visualized as follows:

Architecture Overview

Reproducible contract builds

Because on-chain contract code is identified via its code blob hash, it is crucial to maintain reproducible contract builds. A given compiler version must reproduce the contract build exactly on every target platform resolc supports via the official binary releases.

To ensure this, we employ the following measures:

The code generation must be fully deterministic. For example iterating over standard HashMap invalidates this due to its internal state, making it an invalid operation in revive. To circumvent that, a BTreeMap can be used instead.
We release fully statically linked resolc binaries. This prevents dynamic linking of potentially differentiating libraries.
The only non-bundled dependency is the solc compiler. This is considered fine because the same properties apply to solc.

The `revive` compiler libraries

The main compiler logic is implemented in the revive-yul and revive-llvm-context crates.

The Yul library implements a lexer and parser and lowers the resulting tree into LLVM IR. It does so by emitting LL using the LLVM builder and our own revive-llvm-context compiler context crate. The revive LLVM context crate encapsulates code generation logic (decoupled from the parser).

The Yul library also implements a simple visitor interface (see visitor.rs). If you want to work with the AST, it is strongly recommended to implement visitors. The LLVM code generation is implemented using a dedicated trait for historical reasons only.

EVM heap memory

PVM doesn’t offer a similar API. Hence the emitted contract code emulates the linear EVM heap memory using a static byte buffer. Data inside this byte buffer is kept big endian for EVM compatibility reasons (unaligned access is allowed and makes optimizing this non-trivial).

Unlike with the EVM, where heap memory usage is gas metered, our heap size is static (the size is user controllable via a setting flag). The compiler emits bound checks to prevent overflows.

The LLVM dependency

LLVM is a special non Rust dependency. We interface its builder interface via the inkwell wrapper crate.

We use upstream LLVM, but release and use our custom builds. We require the compiler builtins specifically built for the PVM rv64emacb target and always leave assertions on. Furthermore, we need cross builds because resolc itself targets emscripten and musl. The revive-llvm-builer functions as a cross-platform build script and is used to build and release the LLVM dependency.

We also maintain the lld-sys crate for interfacing with LLD. The LLVM linker is used during the compilation process, but we don’t want to distribute another binary.

Custom optimizations

An experimental newyork optimizer introduces a custom IR layer between Yul and LLVM IR to capture optimization opportunities that neither solc nor LLVM can realize on their own. solc optimizes for EVM gas on a 256-bit big-endian stack machine, while LLVM lacks the domain knowledge to understand EVM memory semantics or Solidity patterns. The newyork IR bridges this gap with passes for type narrowing, memory optimization, function deduplication, and more.

The newyork optimizer

The newyork crate (crates/newyork/) introduces an additional intermediate representation (IR) layer between Yul and LLVM IR. It enables domain-specific optimizations that neither solc nor LLVM can perform on their own, because they lack semantic knowledge about the cross-domain compilation from EVM to PolkaVM.

Note

The newyork optimizer is experimental. It is gated behind the --newyork CLI flag or the settings.polkavm.newyork field in standard JSON input, and not yet enabled by default.

Motivation

The EVM and PolkaVM are fundamentally different machines:

Property	EVM	PolkaVM (RISC-V)
Word size	256-bit	64-bit
Endianness	Big-endian	Little-endian
Architecture	Stack machine	Register-based
Memory model	Linear with free pointer convention	Flat address space

solc optimizes Yul IR for EVM gas costs on a 256-bit big-endian stack machine. LLVM, on the other hand, operates at too low a level to understand EVM memory semantics or Solidity patterns. By the time Yul reaches LLVM IR, the high-level intent is lost.

The newyork IR sits between these two worlds and recovers enough semantic information to make optimization decisions that neither compiler can make alone.

Pipeline overview

                    ┌──────────────────────────────────────────────────┐
Yul AST ──────────► │                  newyork IR                      │ ──► LLVM IR ──► RISC-V
            from_yul│                                                  │ to_llvm
                    │  1. inline                                       │
                    │  2. simplify (pass 1)                            │
                    │  3. dedup (exact + fuzzy)                        │
                    │  4. mem_opt + fmp_prop + keccak_fold             │
                    │  5. simplify (pass 2)                            │
                    │  6. mapping_access_outlining + guard_narrow      │
                    │  7. simplify (pass 3)                            │
                    │  8. dedup (exact + fuzzy, pass 2)                │
                    │  ── recursive on subobjects ──                   │
                    │  9. type_inference (iterative narrowing)         │
                    │ 10. late inline loop: inline, simplify, outline, │
                    │     guard-narrow, simplify, dedup, narrow        │
                    │ 11. heap_opt (analysis)                          │
                    │ 12. validate                                     │
                    └──────────────────────────────────────────────────┘

The optimizer runs the following passes in order:

Inlining – custom heuristics tuned for PolkaVM call overhead, with Tarjan SCC-based recursion detection and quadratic leave-overhead modeling.
Simplify (pass 1) – constant folding, algebraic identities, strength reduction (mul by power-of-2 to shl), copy propagation, dead code elimination, environment read CSE (callvalue, caller, origin, etc.), and revert pattern outlining (panic selectors, custom error selectors).
Function deduplication – exact structural match, then fuzzy dedup (functions differing only in literal constants are parameterized and merged, up to 4 differing positions).
Memory optimization – load-after-store elimination, keccak256 fusion (mstore + keccak256 sequences into Keccak256Single/Keccak256Pair nodes), free memory pointer propagation (replaces mload(0x40) with a known constant), and constant keccak256 folding (precomputes hashes of compile-time-constant inputs).
Simplify (pass 2) – cleans up dead code and new constant expressions exposed by memory optimization and keccak folding.
Compound outlining – detects keccak256_pair + sload/sstore sequences and fuses them into MappingSLoad/MappingSStore IR nodes, eliminating intermediate hash values. Guard narrowing – detects if gt(val, MASK) { revert } and iszero(eq(val, and(val, MASK))) patterns and inserts AND-mask narrowing, giving type inference proof that values fit in fewer bits.
Simplify (pass 3) – propagates opportunities created by compound outlining and guard narrowing.
Function deduplication (pass 2) – catches new duplicates exposed by guard narrowing and compound outlining canonicalization.
Type inference – narrows 256-bit values to smaller widths (I1, I8, I32, I64, I128, I160) where provable. Runs iteratively for up to 4 cascading refinement rounds, combining forward min-width propagation, backward use-context demands, transparent-operation demand propagation, and interprocedural parameter/return narrowing.
Late inline loop – now that narrowing and simplification have shrunk wrapper functions below the inline thresholds, re-runs inlining, simplification, mapping access outlining, guard narrowing, deduplication, and type inference to collect the residual opportunities.
Heap analysis – analyzes memory access patterns (alignment, static offsets, taintedness, escaping regions) to determine which accesses can use native little-endian layout, skipping byte-swap operations. Uses GCD-based alignment propagation and per-region taint tracking.
Validation – checks SSA well-formedness (use-before-def, multiple definitions), yield count consistency, and function reference correctness.

Steps 1-8 run recursively on subobjects (deployed contract code), where optimization impact is greatest. Steps 9-12 run on the full object tree.

IR design

The newyork IR is an SSA form with structured control flow, inspired by MLIR’s SCF dialect. Key design choices:

Explicit types with address spaces: Every value carries a bit-width (I1, I8, I32, I64, I128, I160, I256) and pointers carry address space information (Heap, Stack, Storage, Code). All values start as I256 and are narrowed by type inference.
Pure expressions vs. effectful statements: Expressions compute values without side effects; statements perform memory, storage, or control flow effects. This separation simplifies analysis and rewriting.
Semantic annotations: Memory operations are tagged with region information (Scratch, FreePointerSlot, Dynamic). Storage operations carry static slot values when known at compile time.
Structured control flow: If, Switch, and For nodes preserve the high-level structure from Yul, with explicit region arguments and yields for value flow across control edges.

For per-operation detail — printed syntax, operand and result types, and more — see the newyork IR reference.

Key optimizations explained

Type narrowing

EVM operates on 256-bit words, but most values in practice fit in 32 or 64 bits. The type inference pass performs bidirectional analysis:

Forward: computes minimum width from literal values and operation semantics (e.g., add(I64, I8) produces I65, rounded up to I128).
Backward use tracking: classifies each value’s uses into 9 context categories (MemoryOffset, MemoryValue, StorageAccess, Comparison, Arithmetic, FunctionArg, FunctionReturn, ExternalCall, General). All categories conservatively demand the full I256 width by default; the categorization is what enables the interprocedural phase to selectively relax the demand for narrowed function arguments. Earlier versions narrowed directly from the use category, but that was unsound for memory offsets — mload(2^128) aliased to mload(0) because the bounds check ran on an already-truncated value (commit ccca38df).
Transparent demand propagation: for modular-arithmetic operations (Add, Sub, Mul, And, Or, Xor), propagates narrow demands backward through operands, exploiting the property that trunc(op(a,b), N) == op(trunc(a,N), trunc(b,N)).
Interprocedural: iteratively narrows function parameter and return types in up to four rounds, combining four narrowing strategies — body-driven parameter narrowing, caller-driven parameter narrowing, forward-based return narrowing, and demand-based return narrowing — and re-running full inference between rounds. Parameters are clamped to at least I32 (XLEN on PolkaVM).

This allows LLVM to emit native 32/64-bit instructions instead of software-emulated 256-bit arithmetic, and eliminates expensive multi-instruction comparison sequences (16-20 RISC-V instructions for i256 comparisons reduced to 1-2 for i64).

Guard narrowing

Solidity emits runtime guards that prove values fit in narrow ranges (e.g., address validation via if gt(val, 2^160-1) { revert }). The guard narrowing pass detects these patterns and inserts explicit AND-mask narrowing after the guard. This gives downstream type inference proof that the value fits in fewer bits, enabling cascading narrowing of comparisons, arithmetic, and memory operations that use the guarded value.

Two pattern families are recognized:

GT-based guards: if gt(val, MASK) { <terminates> } where MASK is a boundary value like 2^N - 1
EQ-based guards: iszero(eq(val, and(val, MASK))) patterns common in Solidity’s address validation

Heap optimization

PVM doesn’t provide EVM-compatible linear memory, so the compiler emulates it using a byte buffer with byte-swap operations for big-endian compatibility. The heap analysis pass determines which memory accesses can use native little-endian layout by analyzing access patterns:

Tracks alignment and static offset information for all memory accesses using GCD-based propagation
Propagates taintedness when addresses escape to external calls, are written by external sources (codecopy, calldatacopy), or use unaligned access patterns
Tracks variable-accessed offsets to prevent mode mismatches between native and byte-swap accesses to the same location
Handles loop-carried variables conservatively (marked as non-literal to prevent false constant propagation)

The codegen backend supports four memory access modes: AllNative (all accesses skip byte-swap), InlineNative (constant-offset accesses use native layout), InlineByteSwap (constant-offset accesses use inline byte-swap), and ByteSwap (standard byte-swap through helper functions).

Free memory pointer range proof

The Solidity free memory pointer (mload(0x40)) always fits in 32 bits — sbrk enforces FMP < heap_size on every store, regardless of which memory mode the contract uses. After every literal mload(0x40), codegen emits a trunc N → zext 256 chain (where N is bits(heap_size - 1), e.g. 17 for the 131,072-byte default heap). The trunc-extend round-trip is a no-op semantically, but exposes the bound to LLVM’s IPSCCP range analysis, which then propagates it through every add(fmp, K) and eliminates the trailing safe_truncate_int_to_xlen overflow checks at every FMP-derived offset use. Despite only affecting a single codegen site, this is the single largest contributor to the optimizer’s code-size reduction.

A subtle gating issue: the byte-order mode (InlineNative / ByteSwap) and the value bound on FMP are independent invariants. fmp_native_safe() and can_use_native(0x40) protect against mixing little-endian writers with big-endian readers on the FMP slot, which would corrupt the stored offset; the value bound is unrelated and holds in every mode. Earlier versions of the codegen gated the load-side range proof on the byte-order checks, which suppressed the optimization for any contract with dynamic memory accesses. Decoupling the two reasonings — keeping the byte-order gate on the store side, dropping it from the load-side range proof — is what makes the multiplicative IPSCCP effect available to OZ-class contracts.

Soundness traps for FMP optimizations

The FMP slot is small but easy to mis-optimize. The codebase carries several regression tests for previously-found soundness bugs; new FMP-related changes should be verified against them:

mload_at_fmp_slot (crates/integration/src/tests.rs, fixed in 1fd6063c): tests mload(0x40) and offsets near it (0x21, 0x3f, 0x42) on a contract that also performs dynamic mloads. Catches byte-order mismatches when one access goes native (LE) and another goes byte-swap (BE). The fix blocks native mode for FMP whenever has_dynamic_accesses is true.
mload_huge_offset_traps (fixed in ccca38df): tests that mload(2^128) and mload(2^255) correctly trap via the gas-exhaustion path. Catches UseContext::MemoryOffset narrowing bypassing the safe_truncate_int_to_xlen overflow check at the use site — mload(2^128) aliasing to mload(0) and returning the zero-initialized scratch slot. The fix classifies MemoryOffset as I256 so it doesn’t drive narrowing; the bounds check at the use site catches out-of-range.
FMP i32 shortcut removal (dbcfc921): an earlier optimization stored only 4 bytes at offset 0x40 instead of the full 32-byte EVM word, breaking any inline assembly using mstore(0x40, ...) for non-FMP purposes. Caused a cascade of 249/251 retester failures via allocator corruption. No dedicated regression test was added — the retester corpus was sufficient coverage — but the lesson generalizes: writes to 0x40 must store the full word, even when the high bits are provably zero, because the slot is part of the same 32-byte memory region read by other code.

When adding an optimization that touches FMP, distinguish carefully between: the byte-order encoding at the slot (must be consistent between writers and readers), the value bound (FMP < heap_size, always true), and the stored width (must be 32 bytes for mstore(0x40, ...), even though only the low N bits are non-zero).

Known limitation: dynamic full-word stores to the FMP word

The fmp_could_be_unbounded analysis flags a static mstore(0x40, untrusted) and any dynamic-offset mstore8, but not a dynamic-offset full-word mstore. Such a store whose i256 offset wraps (mod 2²⁵⁶) to the FMP word [0x40, 0x5f] overwrites the free pointer with an arbitrary value, which the load-side range proof would then truncate — a miscompile.

This is a deliberate, documented gap rather than a bug fix because there is no cheap sound discriminator. A store hits the FMP word iff its offset lands in [0x40, 0x5f], which is in-bounds — safe_truncate_int_to_xlen only traps offsets ≥ heap_size — and 256-bit wrap lets any computed add(base, k) reach 0x40 with an adversarial operand, so the offset cannot be proven to miss the slot from width/range information. The only sound recognizer (treat add(fmp, small_const) as ≥ 0x80 by induction on FMP-boundedness) needs new FMP-derivation dataflow, is fragile, and still misses dynamic-index array stores. Conservatively flagging every dynamic full-word store (as the rare dynamic mstore8 does, where it is free) disables the FMP range proof for essentially every contract — measured at roughly +9% / +30 KB on the OpenZeppelin corpus.

The gap is unreachable from solc output: solc’s dynamic memory stores are all free-pointer-relative (≥ 0x80) and never target 0x40. Only hand-written Yul (resolc --yul) with an offset engineered to equal 0x40 reaches it.

Keccak256 fusion and folding

Two complementary optimizations target the common Solidity pattern of hashing values for storage slot computation:

Fusion: Recognizes mstore + keccak256 sequences and fuses them into dedicated IR nodes (Keccak256Single, Keccak256Pair), eliminating intermediate memory traffic.
Constant folding: When all keccak256 inputs are compile-time constants, the hash is computed at compile time and replaced with a literal.

Known limitation: constant-folding drops the fused-keccak scratch write-back

The fused Keccak256Pair/Keccak256Single helpers write their inputs back to scratch memory ([0, 0x40) / [0, 0x20)), and fusion dead-eliminates the original mstores because that write-back reproduces them. Constant-folding the fused node to a literal removes the helper, so the scratch is left unwritten — a later mload from [0, 0x40) that the optimizer cannot forward (across a region/call boundary) would read stale memory.

This gap is deliberately left open: it is solc-unreachable (solc treats scratch as volatile and never re-reads it as data after a keccak), and every sound fix is a code-size regression because the dropped write-back means the current output is already short the stores (disabling the fold falls back to the runtime keccak helper, +0.78% on the OZ corpus, with no later mem_opt pass to clean re-emitted writes). Only hand-written Yul that reads scratch after a constant-operand keccak across a boundary can observe it.

Compound outlining (mapping access)

Solidity mapping accesses follow a predictable pattern: hash a key with a storage slot, then load/store the result. The compound outlining pass detects keccak256_pair(key, slot) followed by sload/sstore and fuses them into MappingSLoad/MappingSStore IR nodes. These are lowered to outlined helper functions (__revive_mapping_sload, __revive_mapping_sstore) that combine the hash computation with the storage operation, eliminating intermediate values and redundant byte-swaps.

Fuzzy function deduplication

Solidity generates many near-identical functions that differ only in literal constants (e.g., error selectors, storage slot offsets). Fuzzy deduplication identifies such groups, parameterizes the differing literals (up to 4 positions), and replaces all copies with calls to a single shared implementation.

Revert pattern outlining

The simplify pass detects common revert patterns and replaces them with compact IR nodes:

Panic reverts: Solidity Panic(uint256) sequences (selector 0x4e487b71 + encoded panic code) are collapsed into PanicRevert { code } nodes, which are lowered to shared helper functions.
Custom error reverts: ABI-encoded custom error reverts with known selectors are collapsed into CustomErrorRevert { selector, args } nodes.

These patterns appear dozens of times in typical contracts, and outlining them into shared blocks eliminates significant code duplication.

Outlined helper functions

The LLVM codegen backend generates approximately 15 types of outlined helper functions for common operations:

Storage: __revive_sload_word, __revive_sstore_word (handle byte-swap internally)
Mapping: __revive_mapping_sload, __revive_mapping_sstore (keccak256 + storage in one call)
Callvalue: __revive_callvalue, __revive_callvalue_nonzero (boolean optimization for non-payable checks)
Calldataload: __revive_calldataload (outlined when >= 20 call sites)
Memory: __revive_store_bswap, __revive_exit_checked, __revive_return_word
Errors: __revive_error_string_revert_N, __revive_custom_error_N (per data-word count)
Keccak wrappers: __keccak256_slot_N (one noinline wrapper per constant slot, internally dispatching to __revive_keccak256_two_words)

Additionally, common exit patterns (revert with constant length, zero-value returns) are deduplicated into shared LLVM basic blocks, saving hundreds of instruction copies in large contracts.

Codesize results

Integration test contracts

Reproducible with cargo test --package revive-integration -- codesize for the Via Yul IR column (crates/integration/codesize.json) and cargo test --package revive-integration --features newyork -- codesize for the Via newyork IR column (crates/integration/codesize_newyork.json).

Contract	Via Yul IR (bytes)	Via newyork IR (bytes)	Reduction
Baseline	838	493	−41.2%
Computation	2,368	1,217	−48.6%
DivisionArithmetics	11,444	7,370	−35.6%
ERC20	18,057	8,726	−51.7%
Events	1,614	909	−43.7%
FibonacciIterative	1,373	969	−29.4%
Flipper	2,205	1,058	−52.0%
SHA1	7,830	6,264	−20.0%

OpenZeppelin contracts

Measured against real-world contracts generated with the OpenZeppelin Wizard. The numbers below are a development snapshot.

Contract	Via newyork IR (bytes)
oz_gov	81,840
erc721	52,634
erc20	45,703
oz_stable	45,052
oz_rwa	41,581
erc1155	33,087
oz_simple_erc20	17,024
proxy	3,748
Total	320,669

For comparison, building the same contracts without the newyork optimizer at the equivalent snapshot produced 563,526 bytes total — a reduction of about −43% across the corpus.

Per-contract reductions in the integration suite range from roughly −20% (SHA1, where the bulk of the work is the SHA-1 inner loop and offers little to optimize) to about −52% (Flipper, where the optimizer strips away most of Solidity’s dispatch and storage-access scaffolding).

Development history and challenges

The first version of the newyork optimizer was authored collaboratively and reviewed extensively by the revive maintainers, as well as Claude Opus, Claude Fable, Qwen, Minimax and Deepseek LLMs, over a span of many months — from early February 2026 through mid-June 2026.

The development progressed through several distinct phases:

Phase 1 – Initial scaffolding: The first draft established the core IR data structures, Yul-to-newyork-IR translation, and LLVM codegen. Early commits focused on getting a correct round-trip through the new pipeline.

Phase 2 – Optimization passes: Once the baseline was stable, optimization passes were added iteratively: inlining, simplification, memory optimization, function deduplication, keccak256 fusion, and type inference. Each pass was validated against differential tests comparing EVM and PVM execution.

Phase 3 – Soundness hardening: Several type inference and narrowing approaches turned out to be unsound and had to be reworked:

An early type inference approach caused namespace collisions across subobjects and was scoped per-object.
Caller-based parameter narrowing was polluted by overly aggressive inference and replaced with body-based structural analysis.
Backward demand-driven narrowing required multiple iterations to become provably safe.

Phase 4 – Measuring and tuning: Systematic measurement of OpenZeppelin contracts revealed which optimizations had the most impact and which approaches regressed performance.

Throughout development the optimizer was validated against the existing integration and differential test suites (containing over 30,000 test cases), which run each contract on both EVM and PVM and assert identical state changes.

The newyork compiler pipeline introduced no new regressions over these test suites. This was achieved by careful manual reviews and many LLM bughunt loops. Additionally, a final security review by Anthropic’s Fable 5 LLM found no remaining soundness issues. As with any new compiler feature, it should still be treated as experimental as of now.

Approaches that did not work

Approach	Outcome
Storage bswap decomposition (4x bswap.i64)	Regressed: LLVM handles bswap.i256 better natively
NoInline on `__revive_int_truncate`	+62% regression: PolkaVM call overhead exceeds inline cost
Native FMP memory (inline sbrk)	Mixed: small contracts improved, large ones regressed from sbrk bloat
Shared overflow trap block	Mixed: prevented LLVM from eliminating individual dead overflow checks
Aggressive IR-level single-call inlining	Regressed large contracts (ERC20 +6.1%): merged bodies become monolithic functions LLVM can’t optimize, so large functions are deferred to LLVM’s inliner instead
Type-inference narrowing of `mload(0x40)` to I32	Regressed small contracts (+252 bytes): conflicts with the codegen FMP range proof; the bound is exposed via a trunc→zext pair instead
Full simplifier re-run after `mem_opt`	Mixed: helped small ERC20 (−293 bytes) but regressed the OZ stablecoin (+72 bytes); replaced by a targeted keccak-only fold

These results highlight a recurring theme: interacting well with LLVM’s own optimization passes is critical. Optimizations at the IR level can inadvertently inhibit LLVM’s downstream passes, sometimes causing surprising regressions.

Known limitations and future work

The following opportunities have been identified but are not yet implemented:

Memory optimization across loop boundaries: Tracked memory state is cleared around for loop condition, body, and post blocks, so load-after-store eliminations do not carry across loop iterations. Preserving loop-invariant state would recover more eliminations.
Adaptive inlining thresholds: Current thresholds are static constants. Profile-guided or contract-size-aware heuristics could improve decisions for diverse contract sizes.
Extended fuzzy deduplication: The current pass only parameterizes literals in Let bindings and SStore slots. Extending it to consider literals inside MStore, Return, Revert, and Log statements would find more deduplication opportunities.
Type checking in validation: The validator checks SSA well-formedness and structure, but not operation type consistency. Type discipline is maintained by construction (type inference and codegen), with LLVM’s IR verifier as the backstop.
Loop variable narrowing: Loop-carried variables are conservatively widened to I256. Reaching a fixed-point across loop iterations could allow narrower types for simple counters.
Functions with leave inside a for loop are not inlined: the IR-level inliner defers such functions to LLVM’s inliner, so they miss the interprocedural constant propagation and width narrowing the IR-level pass provides.

Debug output

Passing --debug-output-dir <path> makes the newyork pipeline write IR and analysis artifacts for each compiled contract into that directory. The dumps are produced automatically whenever the directory is set.

File	Content
`<file-stem>.newyork`	Final optimized IR, annotated with the inferred type widths
`<file-stem>.snapshot.newyork`	IR snapshot taken before the late passes (only when captured during translation)
`<file-stem>.heap.newyork`	Heap analysis summary (native regions/offsets, taintedness, escapes, dynamic accesses)
`<file-stem>.mem.newyork`	Memory optimization counters (loads/stores eliminated, keccak fusions, FMP loads eliminated)

Module reference

Module	Purpose
`lib.rs`	Pipeline orchestration and pass sequencing
`ir.rs`	Core IR data structures (types, expressions, statements, functions, objects)
`from_yul.rs`	Yul AST to newyork IR translation (two-pass with forward reference support)
`to_llvm.rs`	newyork IR to LLVM IR codegen with outlined helpers and narrowing
`simplify.rs`	Constant folding, algebraic identities, strength reduction, copy propagation, DCE, environment read CSE, revert outlining, callvalue hoisting, function deduplication (exact and fuzzy), constant keccak folding
`inline.rs`	Function inlining with PolkaVM-tuned heuristics (Tarjan SCC, leave elimination)
`type_inference.rs`	Bidirectional integer width narrowing with transparent demand propagation
`mem_opt.rs`	Load-after-store elimination, keccak256 fusion, FMP propagation
`heap_opt.rs`	Heap access pattern analysis, alignment tracking, byte-swap elimination
`mapping_access_outlining.rs`	Mapping access pattern detection and fusion (`keccak256_pair` + `sload`/`sstore`)
`guard_narrow.rs`	Guard pattern detection and AND-mask narrowing insertion
`validate.rs`	IR well-formedness checks (SSA, yields, function references)
`printer.rs`	Human-readable IR pretty printer with configurable output
`ssa.rs`	SSA construction helpers (scope management, phi-node merging)

newyork IR reference

A per-operation reference for the newyork IR: textual syntax, operand and result types, purity, region and static-slot annotations, and examples.

How to read this reference

This reference page enumerates every operation the newyork IR supports. It is a lookup, not a walkthrough: each entry is self-contained and intended to be reachable by anchor.

Operations are grouped by function (memory and storage writes, pure expressions, control flow, and so on) rather than alphabetically. Jump to a specific operation from the operation index below, or use the sidebar.

Every operation appears in two places in the codebase. The canonical Rust definition is a variant of either Expression or Statement in ir.rs. The textual rendering used by debug dumps and by this reference page is produced by the printer in printer.rs.

Note

Treat the printed syntax as a debug surface, not a stable input language: there is no parser for it, and printer details change when passes add new annotations.

Entry format

Each operation entry has the same shape:

Field	What it shows
Heading	The printed operation name (e.g. `mstore`) followed by the `Expression` or `Statement` variant it corresponds to in `ir.rs`.
Description	A short prose summary of what the operation does and any semantic notes worth knowing before reading the rest of the entry.
Syntax	The literal printer output, including any optional debug annotations (region tags, static-slot comments). Anything inside `/* ... */` is a debug-only annotation and is not part of the operation itself.
Example	A minimal printed snippet, using the printer’s actual `v0`/`v1`/… naming.
Operands	One row per input or structural participant in the printed syntax. Value operands list the narrowest type the operation guarantees (default `i256`; narrower widths only appear when type inference has narrowed an upstream definition). Vector-of-operands fields show `Vec<…>` as the type. Non-value participants such as nested regions are listed with an em-dash type to mark them as structural rather than as operands.
Result and purity	The type the operation produces (or none for statements that bind no value), followed by a purity label, either Pure or Effectful. Pure operations may be reordered, deduplicated, or eliminated by the simplifier; effectful ones may not. Effectful entries may carry a parenthetical describing the nature of the side effect when informative (e.g. “control flow”, “terminator”, or a note about revert/trap behavior).
Annotations	Operation-specific fields the printer surfaces as `/* ... /` comments in the dump (region tag for memory ops, static-slot hint for storage ops, type suffix for non-default widths). Listed here as a table of source field* → printed form.

Syntax notation

Syntax templates in each entry use the following conventions:

Notation	Meaning
`add`, `mload`, `if`, `else`, `case`, `let`, `yield`, …	Literal printer tokens: bare lowercase identifiers and keywords that the printer emits verbatim.
`$offset`, `$value`, `$key`, `$lhs`, `$rhs`, …	Role names (`$`-prefixed): placeholders for SSA value references the printer renders as `v` followed by a decimal id (`v0`, `v1`, …).
`<type>`, `<region>`, `<hex>`, `<id>`, `<bits>`, `<func_name>`, `<N>`, `<length>`, …	Metavariables: stand for compile-time fields (type tags, hex values, identifier strings, integer counts), not SSA values. The concrete values they take are enumerated in the Annotations section of each entry or in the type system reference.
`[…]`	Optional parts. Anything inside the brackets may or may not appear in any given dump, depending on the conditions described in the operation’s Annotations section.
`[: <type>]`	Optional type suffix on a value reference. Suppressed when the value’s type is the default `i256` integer; present otherwise (`: i32`, `: ptr<heap>`, …).
`/* … */`	Debug-only annotations the printer attaches to certain operations (memory region tag, static-slot hint, etc.).
`…`	Repetition: “more entries of the same shape.” Used in vector operand lists (`$arg_0, $arg_1, …`) and in multi-line block bodies (`{ … }`).

For instance, this template:

let $result[: <type>] := and($lhs[: <type>], $rhs[: <type>])

prints as:

let v2: i8 := and(v0, v1: i8)

$result rendered as v2 with an i8 type suffix, $lhs as v0 at the default i256 (type suffix omitted), and $rhs as v1 with an i8 type suffix.

Note

A value’s printed width is use-driven. Type inference assigns each value a forward width from its definition, then widens it to satisfy its uses. The type suffix shown for a value in an example (such as i8) is therefore only illustrative — a short example may not show the uses that determine it, and the same operation can appear with a wider suffix, or none (it is omitted for the default i256), in another program.

For instance, a value used as a memory offset widens to i64; as an address (a call target, extcodesize) to i160; stored as a full word (an mstore/sstore value) to i256; and an add/mul operand up to the i64 register width.

Operation index

Pure expressions

Type system

Every value in the IR carries a Type. The operation entries below refer to widths (i1…i256), address spaces (ptr<heap>, etc.), and memory regions (scratch, etc.) by their printed form; this section is the reference for those names.

`Type`

The umbrella enum, with these variants:

Variant	Printed as	Description
`Int(BitWidth)`	`i1`, `i8`, …, `i256`	An integer at one of the BitWidth widths.
`Ptr(AddressSpace)`	`ptr<heap>`, `ptr<stack>`, `ptr<storage>`, `ptr<code>`	A pointer tagged with its address space; see AddressSpace.
`Void`	`void`	Unit type. Used for statements that produce no value and for `void`-returning functions.

`BitWidth`

The rungs of integer width. Newly minted values default to I256; type inference narrows them down to one of the lower rungs when it can prove the upper bits are zero or unused.

Variant	Printed as	Typical use
`I1`	`i1`	Boolean. Result type of every comparison and `iszero`.
`I8`	`i8`	Byte values. The narrowest meaningful integer.
`I32`	`i32`	PolkaVM pointer width (XLEN); minimum width for function parameters under the rv64e ABI.
`I64`	`i64`	PolkaVM native register width; most narrowed values land here.
`I128`	`i128`	Two registers; arithmetic that overflows `i64` but doesn’t need full 256-bit emulation.
`I160`	`i160`	Ethereum addresses; result of `caller`, `origin`, mapping keys.
`I256`	`i256`	EVM word width. The default and conservative ceiling.

`AddressSpace`

The address space a pointer points into. Carried on every Ptr value so the codegen can lower loads and stores without a separate alias-analysis pass.

Variant	Printed as	Points into	Endianness
`Heap`	`ptr<heap>`	Emulated EVM linear memory (the simulated `mload`/`mstore` region).	Big-endian (by EVM contract).
`Stack`	`ptr<stack>`	Native PolkaVM stack allocations.	Little-endian (no swap).
`Storage`	`ptr<storage>`	Contract storage; key/value with 256-bit slots.	Big-endian on the wire.
`Code`	`ptr<code>`	Read-only code/data segment.	Big-endian.

`MemoryRegion`

A refinement carried by every memory load and store on top of AddressSpace::Heap. The tag tells later passes what kind of heap address an offset is hitting, which drives both free-memory-pointer propagation and byte-swap elimination.

Variant	Address range	Printed as	Meaning
`Scratch`	`0x00`–`0x3f`	`/* scratch */`	EVM scratch space; safe to touch without consulting the free memory pointer.
`FreePointerSlot`	exactly `0x40`	`/* free_ptr */`	Slot that stores the free memory pointer itself.
`Dynamic`	`0x80` and above	`/* dynamic */`	Real heap allocations.
`Unknown`	everything else (constants in `0x41`–`0x7f`, plus all non-constant offsets)	(suppressed)	Conservative fallback used when the offset isn’t a constant or doesn’t slot cleanly.

Pure expressions

Pure expressions produce values without side effects. The simplifier may freely reorder, deduplicate, and eliminate them. They appear on the right-hand side of a let binding, or as operands of other expressions and effectful statements; the operand positions accept SSA value references only, so any pure expression that is consumed elsewhere is first bound by a let. Examples in this section wrap each expression in a let v := … to give it somewhere to land.

`0x<hex>`

(Expression::Literal)

Source field	Printed as
`value: BigUint`	`0x<hex>` in the syntax position (not a comment annotation; it is the expression itself)
`value_type:` `Type`	`: <type>` suffix when `value_type` is not the default `Int(I256)`; suppressed otherwise

Name	Type	Notes
`lhs`	`i256`	Dividend.
`rhs`	`i256`	Divisor; `0` yields a result of `0`, not a trap.

Name	Type	Notes
`lhs`	`i256`	Dividend, treated as signed.
`rhs`	`i256`	Divisor, treated as signed; `0` yields `0`.

Name	Type	Notes
`lhs`	`i256`	Dividend.
`rhs`	`i256`	Divisor; `0` yields `0`.

Keyboard shortcuts

revive compiler book