Package it.unive.lisa.analysis.traces
Class TracePartitioning<A extends it.unive.lisa.analysis.AbstractState<A,H,V,T>,H extends it.unive.lisa.analysis.heap.HeapDomain<H>,V extends it.unive.lisa.analysis.value.ValueDomain<V>,T extends it.unive.lisa.analysis.value.TypeDomain<T>>
- java.lang.Object
-
- it.unive.lisa.analysis.lattices.FunctionalLattice<TracePartitioning<A,H,V,T>,ExecutionTrace,A>
-
- it.unive.lisa.analysis.traces.TracePartitioning<A,H,V,T>
-
- Type Parameters:
A- the type ofAbstractStatethat this is being partitionedH- the type ofHeapDomainembedded in the abstract statesV- the type ofValueDomainembedded in the abstract statesT- the type ofTypeDomainembedded in the abstract states
- All Implemented Interfaces:
it.unive.lisa.analysis.AbstractState<TracePartitioning<A,H,V,T>,H,V,T>,it.unive.lisa.analysis.BaseLattice<TracePartitioning<A,H,V,T>>,it.unive.lisa.analysis.Lattice<TracePartitioning<A,H,V,T>>,it.unive.lisa.analysis.SemanticDomain<TracePartitioning<A,H,V,T>,it.unive.lisa.symbolic.SymbolicExpression,it.unive.lisa.symbolic.value.Identifier>,java.lang.Iterable<java.util.Map.Entry<ExecutionTrace,A>>
public class TracePartitioning<A extends it.unive.lisa.analysis.AbstractState<A,H,V,T>,H extends it.unive.lisa.analysis.heap.HeapDomain<H>,V extends it.unive.lisa.analysis.value.ValueDomain<V>,T extends it.unive.lisa.analysis.value.TypeDomain<T>> extends it.unive.lisa.analysis.lattices.FunctionalLattice<TracePartitioning<A,H,V,T>,ExecutionTrace,A> implements it.unive.lisa.analysis.AbstractState<TracePartitioning<A,H,V,T>,H,V,T>
The trace partitioning abstract domain that splits execution traces to increase precision of the analysis. Individual traces are identified byExecutionTraces composed of tokens representing the conditions traversed during the analysis. Note that allTraceTokens represent intraprocedural control-flow constructs, as calls are abstracted away before reaching this domain.
Traces are never merged: instead, we limit the size of the traces we can track, and we leave the choice of when and where to compact traces to other analysis components. Specifically, anExecutionTracewill contain at mostMAX_CONDITIONSBranchingtokens, and will track at mostMAX_LOOP_ITERATIONSiterations for each loop (throughLoopIterationtokens) before summarizing the next ones with aLoopSummarytoken. Both values are editable and customizable before the analysis starts.
As this class extendsFunctionalLattice, one access individual traces and their approximations usingFunctionalLattice.getKeys(),FunctionalLattice.getValues(),FunctionalLattice.getMap()or by iterating over the instance itself. Approximations of different traces can instead be collapsed and accessed by queryinggetHeapState(),getValueState(), andgetTypeState(), orcollapse().- See Also:
- https://doi.org/10.1145/1275497.1275501
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class it.unive.lisa.analysis.lattices.FunctionalLattice
it.unive.lisa.analysis.lattices.FunctionalLattice.FunctionalLift<V extends it.unive.lisa.analysis.Lattice<V>>, it.unive.lisa.analysis.lattices.FunctionalLattice.KeyFunctionalLift<K extends java.lang.Object>
-
-
Field Summary
Fields Modifier and Type Field Description static intMAX_CONDITIONSThe maximum number ofBranchingtokens that a trace can contain.static intMAX_LOOP_ITERATIONSThe maximum number ofLoopIterationtokens that a trace can contain for each loop appearing in it, before collapsing the next ones in a singleLoopSummarytoken.
-
Constructor Summary
Constructors Constructor Description TracePartitioning(A lattice)Builds a new instance of this domain.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description TracePartitioning<A,H,V,T>assign(it.unive.lisa.symbolic.value.Identifier id, it.unive.lisa.symbolic.SymbolicExpression expression, it.unive.lisa.program.cfg.ProgramPoint pp)TracePartitioning<A,H,V,T>assume(it.unive.lisa.symbolic.SymbolicExpression expression, it.unive.lisa.program.cfg.ProgramPoint src, it.unive.lisa.program.cfg.ProgramPoint dest)TracePartitioning<A,H,V,T>bottom()Acollapse()Collapses all of the traces contained in this domain, returning a unique abstract state that over-approximates all of them.TracePartitioning<A,H,V,T>forgetIdentifier(it.unive.lisa.symbolic.value.Identifier id)TracePartitioning<A,H,V,T>forgetIdentifiersIf(java.util.function.Predicate<it.unive.lisa.symbolic.value.Identifier> test)<D extends it.unive.lisa.analysis.SemanticDomain<?,?,?>>
java.util.Collection<D>getAllDomainInstances(java.lang.Class<D> domain)HgetHeapState()TgetTypeState()VgetValueState()TracePartitioning<A,H,V,T>mk(A lattice, java.util.Map<ExecutionTrace,A> function)TracePartitioning<A,H,V,T>popScope(it.unive.lisa.analysis.ScopeToken token)TracePartitioning<A,H,V,T>pushScope(it.unive.lisa.analysis.ScopeToken token)it.unive.lisa.analysis.representation.DomainRepresentationrepresentation()it.unive.lisa.analysis.SemanticDomain.Satisfiabilitysatisfies(it.unive.lisa.symbolic.SymbolicExpression expression, it.unive.lisa.program.cfg.ProgramPoint pp)TracePartitioning<A,H,V,T>smallStepSemantics(it.unive.lisa.symbolic.SymbolicExpression expression, it.unive.lisa.program.cfg.ProgramPoint pp)TracePartitioning<A,H,V,T>top()java.lang.StringtoString()TracePartitioning<A,H,V,T>withTopHeap()TracePartitioning<A,H,V,T>withTopType()TracePartitioning<A,H,V,T>withTopValue()-
Methods inherited from class it.unive.lisa.analysis.lattices.FunctionalLattice
equals, functionalLift, getKeys, getMap, getState, getValues, glbAux, glbKeys, hashCode, isBottom, isTop, iterator, lessOrEqualAux, lubAux, lubKeys, mkNewFunction, narrowingAux, putState, wideningAux
-
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
-
-
-
-
Field Detail
-
MAX_LOOP_ITERATIONS
public static int MAX_LOOP_ITERATIONS
The maximum number ofLoopIterationtokens that a trace can contain for each loop appearing in it, before collapsing the next ones in a singleLoopSummarytoken.
-
MAX_CONDITIONS
public static int MAX_CONDITIONS
The maximum number ofBranchingtokens that a trace can contain.
-
-
Constructor Detail
-
TracePartitioning
public TracePartitioning(A lattice)
Builds a new instance of this domain.- Parameters:
lattice- a singleton of the underlying abstract states
-
-
Method Detail
-
getAllDomainInstances
public <D extends it.unive.lisa.analysis.SemanticDomain<?,?,?>> java.util.Collection<D> getAllDomainInstances(java.lang.Class<D> domain)
-
top
public TracePartitioning<A,H,V,T> top()
-
bottom
public TracePartitioning<A,H,V,T> bottom()
-
assign
public TracePartitioning<A,H,V,T> assign(it.unive.lisa.symbolic.value.Identifier id, it.unive.lisa.symbolic.SymbolicExpression expression, it.unive.lisa.program.cfg.ProgramPoint pp) throws it.unive.lisa.analysis.SemanticException
-
smallStepSemantics
public TracePartitioning<A,H,V,T> smallStepSemantics(it.unive.lisa.symbolic.SymbolicExpression expression, it.unive.lisa.program.cfg.ProgramPoint pp) throws it.unive.lisa.analysis.SemanticException
- Specified by:
smallStepSemanticsin interfaceit.unive.lisa.analysis.SemanticDomain<A extends it.unive.lisa.analysis.AbstractState<A,H,V,T>,H extends it.unive.lisa.analysis.heap.HeapDomain<H>,V extends it.unive.lisa.analysis.value.ValueDomain<V>>- Throws:
it.unive.lisa.analysis.SemanticException
-
assume
public TracePartitioning<A,H,V,T> assume(it.unive.lisa.symbolic.SymbolicExpression expression, it.unive.lisa.program.cfg.ProgramPoint src, it.unive.lisa.program.cfg.ProgramPoint dest) throws it.unive.lisa.analysis.SemanticException
-
forgetIdentifier
public TracePartitioning<A,H,V,T> forgetIdentifier(it.unive.lisa.symbolic.value.Identifier id) throws it.unive.lisa.analysis.SemanticException
-
forgetIdentifiersIf
public TracePartitioning<A,H,V,T> forgetIdentifiersIf(java.util.function.Predicate<it.unive.lisa.symbolic.value.Identifier> test) throws it.unive.lisa.analysis.SemanticException
- Specified by:
forgetIdentifiersIfin interfaceit.unive.lisa.analysis.SemanticDomain<A extends it.unive.lisa.analysis.AbstractState<A,H,V,T>,H extends it.unive.lisa.analysis.heap.HeapDomain<H>,V extends it.unive.lisa.analysis.value.ValueDomain<V>>- Throws:
it.unive.lisa.analysis.SemanticException
-
satisfies
public it.unive.lisa.analysis.SemanticDomain.Satisfiability satisfies(it.unive.lisa.symbolic.SymbolicExpression expression, it.unive.lisa.program.cfg.ProgramPoint pp) throws it.unive.lisa.analysis.SemanticException
-
pushScope
public TracePartitioning<A,H,V,T> pushScope(it.unive.lisa.analysis.ScopeToken token) throws it.unive.lisa.analysis.SemanticException
-
popScope
public TracePartitioning<A,H,V,T> popScope(it.unive.lisa.analysis.ScopeToken token) throws it.unive.lisa.analysis.SemanticException
-
representation
public it.unive.lisa.analysis.representation.DomainRepresentation representation()
-
getHeapState
public H getHeapState()
-
getValueState
public V getValueState()
-
getTypeState
public T getTypeState()
-
withTopHeap
public TracePartitioning<A,H,V,T> withTopHeap()
-
withTopValue
public TracePartitioning<A,H,V,T> withTopValue()
-
withTopType
public TracePartitioning<A,H,V,T> withTopType()
-
mk
public TracePartitioning<A,H,V,T> mk(A lattice, java.util.Map<ExecutionTrace,A> function)
- Specified by:
mkin classit.unive.lisa.analysis.lattices.FunctionalLattice<TracePartitioning<A extends it.unive.lisa.analysis.AbstractState<A,H,V,T>,H extends it.unive.lisa.analysis.heap.HeapDomain<H>,V extends it.unive.lisa.analysis.value.ValueDomain<V>,T extends it.unive.lisa.analysis.value.TypeDomain<T>>,ExecutionTrace,A extends it.unive.lisa.analysis.AbstractState<A,H,V,T>>
-
collapse
public A collapse()
Collapses all of the traces contained in this domain, returning a unique abstract state that over-approximates all of them.- Returns:
- the collapsed state
-
toString
public java.lang.String toString()
- Specified by:
toStringin interfaceit.unive.lisa.analysis.BaseLattice<A extends it.unive.lisa.analysis.AbstractState<A,H,V,T>>- Overrides:
toStringin classit.unive.lisa.analysis.lattices.FunctionalLattice<TracePartitioning<A extends it.unive.lisa.analysis.AbstractState<A,H,V,T>,H extends it.unive.lisa.analysis.heap.HeapDomain<H>,V extends it.unive.lisa.analysis.value.ValueDomain<V>,T extends it.unive.lisa.analysis.value.TypeDomain<T>>,ExecutionTrace,A extends it.unive.lisa.analysis.AbstractState<A,H,V,T>>
-
-