Package it.unive.lisa.analysis.traces

Class TracePartitioning<A extends it.unive.lisa.analysis.AbstractState<A>>

  • Type Parameters:
    A - the type of AbstractState that this is being partitioned
    All Implemented Interfaces:
    it.unive.lisa.analysis.AbstractState<TracePartitioning<A>>, it.unive.lisa.analysis.BaseLattice<TracePartitioning<A>>, it.unive.lisa.analysis.heap.MemoryOracle, it.unive.lisa.analysis.Lattice<TracePartitioning<A>>, it.unive.lisa.analysis.ScopedObject<TracePartitioning<A>>, it.unive.lisa.analysis.SemanticDomain<TracePartitioning<A>,​it.unive.lisa.symbolic.SymbolicExpression,​it.unive.lisa.symbolic.value.Identifier>, it.unive.lisa.analysis.SemanticOracle, it.unive.lisa.analysis.type.TypeOracle, it.unive.lisa.analysis.value.ValueOracle, it.unive.lisa.util.representation.StructuredObject, java.lang.Iterable<java.util.Map.Entry<ExecutionTrace,​A>>
    public class TracePartitioning<A extends it.unive.lisa.analysis.AbstractState<A>>
extends it.unive.lisa.analysis.lattices.FunctionalLattice<TracePartitioning<A>,​ExecutionTrace,​A>
implements it.unive.lisa.analysis.AbstractState<TracePartitioning<A>>
    The trace partitioning abstract domain that splits execution traces to increase precision of the analysis. Individual traces are identified by ExecutionTraces composed of tokens representing the conditions traversed during the analysis. Note that all TraceTokens represent intraprocedural control-flow constructs, as calls are abstracted away before reaching this domain.

    Traces are never merged: instead, we limit the size of the traces we can track, and we leave the choice of when and where to compact traces to other analysis components. Specifically, an ExecutionTrace will contain at most MAX_CONDITIONS Branching tokens, and will track at most MAX_LOOP_ITERATIONS iterations for each loop (through LoopIteration tokens) before summarizing the next ones with a LoopSummary token. Both values are editable and customizable before the analysis starts.

    As this class extends FunctionalLattice, one access individual traces and their approximations using FunctionalLattice.getKeys(), FunctionalLattice.getValues(), FunctionalLattice.getMap() or by iterating over the instance itself. Approximations of different traces can instead be collapsed and accessed by querying collapse().
    See Also:
    https://doi.org/10.1145/1275497.1275501

    • Nested Class Summary

      • Nested classes/interfaces inherited from class it.unive.lisa.analysis.lattices.FunctionalLattice

        it.unive.lisa.analysis.lattices.FunctionalLattice.FunctionalLift<V extends it.unive.lisa.analysis.Lattice<V>>, it.unive.lisa.analysis.lattices.FunctionalLattice.KeyFunctionalLift<K extends java.lang.Object>

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static int MAX_CONDITIONS
      The maximum number of Branching tokens that a trace can contain.
      static int MAX_LOOP_ITERATIONS
      The maximum number of LoopIteration tokens that a trace can contain for each loop appearing in it, before collapsing the next ones in a single LoopSummary token.

      • Fields inherited from class it.unive.lisa.analysis.lattices.FunctionalLattice

        function, lattice

      • Fields inherited from interface it.unive.lisa.analysis.Lattice

        BOTTOM_STRING, TOP_STRING

    • Constructor Summary

      Constructors 
      Constructor Description
      TracePartitioning​(A lattice)
      Builds a new instance of this domain.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      it.unive.lisa.analysis.lattices.Satisfiability alias​(it.unive.lisa.symbolic.SymbolicExpression x, it.unive.lisa.symbolic.SymbolicExpression y, it.unive.lisa.program.cfg.ProgramPoint pp, it.unive.lisa.analysis.SemanticOracle oracle)  
      TracePartitioning<A> assign​(it.unive.lisa.symbolic.value.Identifier id, it.unive.lisa.symbolic.SymbolicExpression expression, it.unive.lisa.program.cfg.ProgramPoint pp, it.unive.lisa.analysis.SemanticOracle oracle)  
      TracePartitioning<A> assume​(it.unive.lisa.symbolic.SymbolicExpression expression, it.unive.lisa.program.cfg.ProgramPoint src, it.unive.lisa.program.cfg.ProgramPoint dest, it.unive.lisa.analysis.SemanticOracle oracle)  
      TracePartitioning<A> bottom()  
      A collapse()
      Collapses all of the traces contained in this domain, returning a unique abstract state that over-approximates all of them.
      TracePartitioning<A> forgetIdentifier​(it.unive.lisa.symbolic.value.Identifier id)  
      TracePartitioning<A> forgetIdentifiersIf​(java.util.function.Predicate<it.unive.lisa.symbolic.value.Identifier> test)  
      <D extends it.unive.lisa.analysis.SemanticDomain<?,​?,​?>>
      java.util.Collection<D>      		 getAllDomainInstances​(java.lang.Class<D> domain)  
      it.unive.lisa.type.Type getDynamicTypeOf​(it.unive.lisa.symbolic.SymbolicExpression e, it.unive.lisa.program.cfg.ProgramPoint pp, it.unive.lisa.analysis.SemanticOracle oracle)  
      java.util.Set<it.unive.lisa.type.Type> getRuntimeTypesOf​(it.unive.lisa.symbolic.SymbolicExpression e, it.unive.lisa.program.cfg.ProgramPoint pp, it.unive.lisa.analysis.SemanticOracle oracle)  
      it.unive.lisa.analysis.lattices.Satisfiability isReachableFrom​(it.unive.lisa.symbolic.SymbolicExpression x, it.unive.lisa.symbolic.SymbolicExpression y, it.unive.lisa.program.cfg.ProgramPoint pp, it.unive.lisa.analysis.SemanticOracle oracle)  
      boolean knowsIdentifier​(it.unive.lisa.symbolic.value.Identifier id)  
      TracePartitioning<A> mk​(A lattice, java.util.Map<ExecutionTrace,​A> function)  
      TracePartitioning<A> popScope​(it.unive.lisa.analysis.ScopeToken token)  
      TracePartitioning<A> pushScope​(it.unive.lisa.analysis.ScopeToken token)  
      it.unive.lisa.util.representation.StructuredRepresentation representation()  
      it.unive.lisa.analysis.lattices.ExpressionSet rewrite​(it.unive.lisa.analysis.lattices.ExpressionSet expressions, it.unive.lisa.program.cfg.ProgramPoint pp, it.unive.lisa.analysis.SemanticOracle oracle)  
      it.unive.lisa.analysis.lattices.ExpressionSet rewrite​(it.unive.lisa.symbolic.SymbolicExpression expression, it.unive.lisa.program.cfg.ProgramPoint pp, it.unive.lisa.analysis.SemanticOracle oracle)  
      it.unive.lisa.analysis.lattices.Satisfiability satisfies​(it.unive.lisa.symbolic.SymbolicExpression expression, it.unive.lisa.program.cfg.ProgramPoint pp, it.unive.lisa.analysis.SemanticOracle oracle)  
      TracePartitioning<A> smallStepSemantics​(it.unive.lisa.symbolic.SymbolicExpression expression, it.unive.lisa.program.cfg.ProgramPoint pp, it.unive.lisa.analysis.SemanticOracle oracle)  
      A stateOfUnknown​(ExecutionTrace key)  
      TracePartitioning<A> top()  
      java.lang.String toString()  
      TracePartitioning<A> withTopMemory()  
      TracePartitioning<A> withTopTypes()  
      TracePartitioning<A> withTopValues()  

      • Methods inherited from class it.unive.lisa.analysis.lattices.FunctionalLattice

        equals, functionalLift, getKeys, getMap, getOtDefault, getState, getValues, glbAux, glbKeys, hashCode, isBottom, isTop, iterator, lessOrEqualAux, lubAux, lubKeys, mkNewFunction, narrowingAux, putState, wideningAux

      • Methods inherited from class java.lang.Object

        clone, finalize, getClass, notify, notifyAll, wait, wait, wait

      • Methods inherited from interface it.unive.lisa.analysis.BaseLattice

        glb, lessOrEqual, lub, narrowing, widening

      • Methods inherited from interface java.lang.Iterable

        forEach, spliterator

      • Methods inherited from interface it.unive.lisa.analysis.Lattice

        isBottom, isTop

      • Methods inherited from interface it.unive.lisa.analysis.heap.MemoryOracle

        areMutuallyReachable, reachableFrom

      • Methods inherited from interface it.unive.lisa.analysis.SemanticDomain

        forgetIdentifiers, getDomainInstance

    • Field Detail

      • MAX_LOOP_ITERATIONS

        public static int MAX_LOOP_ITERATIONS
        The maximum number of LoopIteration tokens that a trace can contain for each loop appearing in it, before collapsing the next ones in a single LoopSummary token.

      • MAX_CONDITIONS

        public static int MAX_CONDITIONS
        The maximum number of Branching tokens that a trace can contain.

    • Constructor Detail

      • TracePartitioning

        public TracePartitioning​(A lattice)
        Builds a new instance of this domain.
        Parameters:
        lattice - a singleton of the underlying abstract states

    • Method Detail

      • getAllDomainInstances

        public <D extends it.unive.lisa.analysis.SemanticDomain<?,​?,​?>> java.util.Collection<D> getAllDomainInstances​(java.lang.Class<D> domain)
        Specified by:
        getAllDomainInstances in interface it.unive.lisa.analysis.SemanticDomain<TracePartitioning<A extends it.unive.lisa.analysis.AbstractState<A>>,​it.unive.lisa.symbolic.SymbolicExpression,​it.unive.lisa.symbolic.value.Identifier>

      • top

        public TracePartitioning<A> top()
        Specified by:
        top in interface it.unive.lisa.analysis.Lattice<A extends it.unive.lisa.analysis.AbstractState<A>>

      • bottom

        public TracePartitioning<A> bottom()
        Specified by:
        bottom in interface it.unive.lisa.analysis.Lattice<A extends it.unive.lisa.analysis.AbstractState<A>>

      • assign

        public TracePartitioning<A> assign​(it.unive.lisa.symbolic.value.Identifier id,
                                   it.unive.lisa.symbolic.SymbolicExpression expression,
                                   it.unive.lisa.program.cfg.ProgramPoint pp,
                                   it.unive.lisa.analysis.SemanticOracle oracle)
                            throws it.unive.lisa.analysis.SemanticException
        Specified by:
        assign in interface it.unive.lisa.analysis.SemanticDomain<TracePartitioning<A extends it.unive.lisa.analysis.AbstractState<A>>,​it.unive.lisa.symbolic.SymbolicExpression,​it.unive.lisa.symbolic.value.Identifier>
        Throws:
        it.unive.lisa.analysis.SemanticException

      • smallStepSemantics

        public TracePartitioning<A> smallStepSemantics​(it.unive.lisa.symbolic.SymbolicExpression expression,
                                               it.unive.lisa.program.cfg.ProgramPoint pp,
                                               it.unive.lisa.analysis.SemanticOracle oracle)
                                        throws it.unive.lisa.analysis.SemanticException
        Specified by:
        smallStepSemantics in interface it.unive.lisa.analysis.SemanticDomain<TracePartitioning<A extends it.unive.lisa.analysis.AbstractState<A>>,​it.unive.lisa.symbolic.SymbolicExpression,​it.unive.lisa.symbolic.value.Identifier>
        Throws:
        it.unive.lisa.analysis.SemanticException

      • assume

        public TracePartitioning<A> assume​(it.unive.lisa.symbolic.SymbolicExpression expression,
                                   it.unive.lisa.program.cfg.ProgramPoint src,
                                   it.unive.lisa.program.cfg.ProgramPoint dest,
                                   it.unive.lisa.analysis.SemanticOracle oracle)
                            throws it.unive.lisa.analysis.SemanticException
        Specified by:
        assume in interface it.unive.lisa.analysis.SemanticDomain<TracePartitioning<A extends it.unive.lisa.analysis.AbstractState<A>>,​it.unive.lisa.symbolic.SymbolicExpression,​it.unive.lisa.symbolic.value.Identifier>
        Throws:
        it.unive.lisa.analysis.SemanticException

      • forgetIdentifier

        public TracePartitioning<A> forgetIdentifier​(it.unive.lisa.symbolic.value.Identifier id)
                                      throws it.unive.lisa.analysis.SemanticException
        Specified by:
        forgetIdentifier in interface it.unive.lisa.analysis.SemanticDomain<TracePartitioning<A extends it.unive.lisa.analysis.AbstractState<A>>,​it.unive.lisa.symbolic.SymbolicExpression,​it.unive.lisa.symbolic.value.Identifier>
        Throws:
        it.unive.lisa.analysis.SemanticException

      • forgetIdentifiersIf

        public TracePartitioning<A> forgetIdentifiersIf​(java.util.function.Predicate<it.unive.lisa.symbolic.value.Identifier> test)
                                         throws it.unive.lisa.analysis.SemanticException
        Specified by:
        forgetIdentifiersIf in interface it.unive.lisa.analysis.SemanticDomain<TracePartitioning<A extends it.unive.lisa.analysis.AbstractState<A>>,​it.unive.lisa.symbolic.SymbolicExpression,​it.unive.lisa.symbolic.value.Identifier>
        Throws:
        it.unive.lisa.analysis.SemanticException

      • satisfies

        public it.unive.lisa.analysis.lattices.Satisfiability satisfies​(it.unive.lisa.symbolic.SymbolicExpression expression,
                                                                it.unive.lisa.program.cfg.ProgramPoint pp,
                                                                it.unive.lisa.analysis.SemanticOracle oracle)
                                                         throws it.unive.lisa.analysis.SemanticException
        Specified by:
        satisfies in interface it.unive.lisa.analysis.SemanticDomain<TracePartitioning<A extends it.unive.lisa.analysis.AbstractState<A>>,​it.unive.lisa.symbolic.SymbolicExpression,​it.unive.lisa.symbolic.value.Identifier>
        Throws:
        it.unive.lisa.analysis.SemanticException

      • pushScope

        public TracePartitioning<A> pushScope​(it.unive.lisa.analysis.ScopeToken token)
                               throws it.unive.lisa.analysis.SemanticException
        Specified by:
        pushScope in interface it.unive.lisa.analysis.ScopedObject<A extends it.unive.lisa.analysis.AbstractState<A>>
        Throws:
        it.unive.lisa.analysis.SemanticException

      • popScope

        public TracePartitioning<A> popScope​(it.unive.lisa.analysis.ScopeToken token)
                              throws it.unive.lisa.analysis.SemanticException
        Specified by:
        popScope in interface it.unive.lisa.analysis.ScopedObject<A extends it.unive.lisa.analysis.AbstractState<A>>
        Throws:
        it.unive.lisa.analysis.SemanticException

      • representation

        public it.unive.lisa.util.representation.StructuredRepresentation representation()
        Specified by:
        representation in interface it.unive.lisa.util.representation.StructuredObject
        Overrides:
        representation in class it.unive.lisa.analysis.lattices.FunctionalLattice<TracePartitioning<A extends it.unive.lisa.analysis.AbstractState<A>>,​ExecutionTrace,​A extends it.unive.lisa.analysis.AbstractState<A>>

      • collapse

        public A collapse()
        Collapses all of the traces contained in this domain, returning a unique abstract state that over-approximates all of them.
        Returns:
        the collapsed state

      • toString

        public java.lang.String toString()
        Specified by:
        toString in interface it.unive.lisa.analysis.BaseLattice<A extends it.unive.lisa.analysis.AbstractState<A>>
        Overrides:
        toString in class it.unive.lisa.analysis.lattices.FunctionalLattice<TracePartitioning<A extends it.unive.lisa.analysis.AbstractState<A>>,​ExecutionTrace,​A extends it.unive.lisa.analysis.AbstractState<A>>

      • rewrite

        public it.unive.lisa.analysis.lattices.ExpressionSet rewrite​(it.unive.lisa.symbolic.SymbolicExpression expression,
                                                             it.unive.lisa.program.cfg.ProgramPoint pp,
                                                             it.unive.lisa.analysis.SemanticOracle oracle)
                                                      throws it.unive.lisa.analysis.SemanticException
        Specified by:
        rewrite in interface it.unive.lisa.analysis.heap.MemoryOracle
        Throws:
        it.unive.lisa.analysis.SemanticException

      • rewrite

        public it.unive.lisa.analysis.lattices.ExpressionSet rewrite​(it.unive.lisa.analysis.lattices.ExpressionSet expressions,
                                                             it.unive.lisa.program.cfg.ProgramPoint pp,
                                                             it.unive.lisa.analysis.SemanticOracle oracle)
                                                      throws it.unive.lisa.analysis.SemanticException
        Specified by:
        rewrite in interface it.unive.lisa.analysis.heap.MemoryOracle
        Throws:
        it.unive.lisa.analysis.SemanticException

      • getRuntimeTypesOf

        public java.util.Set<it.unive.lisa.type.Type> getRuntimeTypesOf​(it.unive.lisa.symbolic.SymbolicExpression e,
                                                                it.unive.lisa.program.cfg.ProgramPoint pp,
                                                                it.unive.lisa.analysis.SemanticOracle oracle)
                                                         throws it.unive.lisa.analysis.SemanticException
        Specified by:
        getRuntimeTypesOf in interface it.unive.lisa.analysis.type.TypeOracle
        Throws:
        it.unive.lisa.analysis.SemanticException

      • getDynamicTypeOf

        public it.unive.lisa.type.Type getDynamicTypeOf​(it.unive.lisa.symbolic.SymbolicExpression e,
                                                it.unive.lisa.program.cfg.ProgramPoint pp,
                                                it.unive.lisa.analysis.SemanticOracle oracle)
                                         throws it.unive.lisa.analysis.SemanticException
        Specified by:
        getDynamicTypeOf in interface it.unive.lisa.analysis.type.TypeOracle
        Throws:
        it.unive.lisa.analysis.SemanticException

      • stateOfUnknown

        public A stateOfUnknown​(ExecutionTrace key)
        Specified by:
        stateOfUnknown in class it.unive.lisa.analysis.lattices.FunctionalLattice<TracePartitioning<A extends it.unive.lisa.analysis.AbstractState<A>>,​ExecutionTrace,​A extends it.unive.lisa.analysis.AbstractState<A>>

      • knowsIdentifier

        public boolean knowsIdentifier​(it.unive.lisa.symbolic.value.Identifier id)
        Specified by:
        knowsIdentifier in interface it.unive.lisa.analysis.SemanticDomain<TracePartitioning<A extends it.unive.lisa.analysis.AbstractState<A>>,​it.unive.lisa.symbolic.SymbolicExpression,​it.unive.lisa.symbolic.value.Identifier>

      • withTopMemory

        public TracePartitioning<A> withTopMemory()
        Specified by:
        withTopMemory in interface it.unive.lisa.analysis.AbstractState<A extends it.unive.lisa.analysis.AbstractState<A>>

      • withTopValues

        public TracePartitioning<A> withTopValues()
        Specified by:
        withTopValues in interface it.unive.lisa.analysis.AbstractState<A extends it.unive.lisa.analysis.AbstractState<A>>

      • withTopTypes

        public TracePartitioning<A> withTopTypes()
        Specified by:
        withTopTypes in interface it.unive.lisa.analysis.AbstractState<A extends it.unive.lisa.analysis.AbstractState<A>>

      • alias

        public it.unive.lisa.analysis.lattices.Satisfiability alias​(it.unive.lisa.symbolic.SymbolicExpression x,
                                                            it.unive.lisa.symbolic.SymbolicExpression y,
                                                            it.unive.lisa.program.cfg.ProgramPoint pp,
                                                            it.unive.lisa.analysis.SemanticOracle oracle)
                                                     throws it.unive.lisa.analysis.SemanticException
        Specified by:
        alias in interface it.unive.lisa.analysis.heap.MemoryOracle
        Throws:
        it.unive.lisa.analysis.SemanticException

      • isReachableFrom

        public it.unive.lisa.analysis.lattices.Satisfiability isReachableFrom​(it.unive.lisa.symbolic.SymbolicExpression x,
                                                                      it.unive.lisa.symbolic.SymbolicExpression y,
                                                                      it.unive.lisa.program.cfg.ProgramPoint pp,
                                                                      it.unive.lisa.analysis.SemanticOracle oracle)
                                                               throws it.unive.lisa.analysis.SemanticException
        Specified by:
        isReachableFrom in interface it.unive.lisa.analysis.heap.MemoryOracle
        Throws:
        it.unive.lisa.analysis.SemanticException