Package it.unive.lisa.analysis.nonrelational.heap

Class HeapEnvironment<T extends NonRelationalHeapDomain<T>>

java.lang.Object

it.unive.lisa.analysis.lattices.FunctionalLattice<M,Identifier,T>

it.unive.lisa.analysis.nonrelational.VariableLift<M,E,T>

it.unive.lisa.analysis.nonrelational.Environment<HeapEnvironment<T>,SymbolicExpression,T>

it.unive.lisa.analysis.nonrelational.heap.HeapEnvironment<T>

Type Parameters:

T - the concrete instance of the NonRelationalHeapDomain whose instances are mapped in this environment

All Implemented Interfaces:

BaseLattice<HeapEnvironment<T>>, HeapDomain<HeapEnvironment<T>>, HeapSemanticOperation, MemoryOracle, Lattice<HeapEnvironment<T>>, ScopedObject<HeapEnvironment<T>>, SemanticDomain<HeapEnvironment<T>,SymbolicExpression,Identifier>, StructuredObject, java.lang.Iterable<java.util.Map.Entry<Identifier,T>>

public class HeapEnvironment<T extends NonRelationalHeapDomain<T>>
extends Environment<HeapEnvironment<T>,SymbolicExpression,T>
implements HeapDomain<HeapEnvironment<T>>

An environment for a NonRelationalHeapDomain, that maps Identifiers to instances of such domain. This is a FunctionalLattice, that is, it implements a function mapping keys (identifiers) to values (instances of the domain), and lattice operations are automatically lifted for individual elements of the environment if they are mapped to the same key.

Nested Class Summary

Nested classes/interfaces inherited from class it.unive.lisa.analysis.lattices.FunctionalLattice

FunctionalLattice.FunctionalLift<V extends Lattice<V>>, FunctionalLattice.KeyFunctionalLift<K>

Nested classes/interfaces inherited from interface it.unive.lisa.analysis.heap.HeapSemanticOperation

HeapSemanticOperation.HeapReplacement

Field Summary

Fields inherited from class it.unive.lisa.analysis.lattices.FunctionalLattice

function, lattice

Fields inherited from interface it.unive.lisa.analysis.Lattice

BOTTOM_STRING, TOP_STRING

Constructor Summary

Constructors

Constructor	Description
HeapEnvironment(T domain)	Builds an empty environment.
HeapEnvironment(T domain, java.util.Map<Identifier,T> function)	Builds an empty environment from a given mapping.
HeapEnvironment(T domain, java.util.Map<Identifier,T> function, java.util.List<HeapSemanticOperation.HeapReplacement> substitution)	Builds an environment containing the given mapping.

Method Summary

Modifier and Type	Method	Description
Satisfiability	alias(SymbolicExpression x, SymbolicExpression y, ProgramPoint pp, SemanticOracle oracle)	Yields whether or not the two given expressions are aliases, that is, if they point to the same region of memory.
HeapEnvironment<T>	bottom()	Yields the bottom element of this lattice.
boolean	equals(java.lang.Object obj)
java.util.List<HeapSemanticOperation.HeapReplacement>	getSubstitution()	Yields the substitution, in the form of a list of HeapSemanticOperation.HeapReplacements that must be processed in their order of appearance, that the creation of this heap domain caused.
int	hashCode()
boolean	isBottom()	Yields true if and only if this object represents the bottom of the lattice.
Satisfiability	isReachableFrom(SymbolicExpression x, SymbolicExpression y, ProgramPoint pp, SemanticOracle oracle)	Yields whether or not the Identifier represented (directly or after rewriting) by the second expression is reachable starting from the Identifier represented (directly or after rewriting) by the first expression.
boolean	isTop()	Yields true if and only if this object represents the top of the lattice.
boolean	lessOrEqualAux(HeapEnvironment<T> other)	Yields true if and only if this lattice element is in relation with (usually represented through ≤) the given one, assuming that base cases have already been handled.
HeapEnvironment<T>	mk(T lattice, java.util.Map<Identifier,T> function)	Builds a instance of this class from the given lattice instance and the given mapping.
ExpressionSet	rewrite(SymbolicExpression expression, ProgramPoint pp, SemanticOracle oracle)	Rewrites the given expression to a simpler form containing no sub expressions regarding the heap (that is, HeapExpressions).
HeapEnvironment<T>	smallStepSemantics(SymbolicExpression expression, ProgramPoint pp, SemanticOracle oracle)	Yields a copy of this domain, that has been modified accordingly to the semantics of the given expression.
HeapEnvironment<T>	top()	Yields the top element of this lattice.

Methods inherited from class it.unive.lisa.analysis.nonrelational.Environment

assign, assume, eval

Methods inherited from class it.unive.lisa.analysis.nonrelational.VariableLift

forgetIdentifier, forgetIdentifiersIf, knowsIdentifier, lubKeys, popScope, pushScope, satisfies, stateOfUnknown

Methods inherited from class it.unive.lisa.analysis.lattices.FunctionalLattice

functionalLift, getKeys, getMap, getOtDefault, getState, getValues, glbAux, glbKeys, iterator, lubAux, mkNewFunction, narrowingAux, putState, representation, toString, wideningAux

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface it.unive.lisa.analysis.BaseLattice

glb, lessOrEqual, lub, narrowing, widening

Methods inherited from interface java.lang.Iterable

forEach, spliterator

Methods inherited from interface it.unive.lisa.analysis.heap.MemoryOracle

areMutuallyReachable, reachableFrom, rewrite

Methods inherited from interface it.unive.lisa.analysis.ScopedObject

popScope, pushScope

Methods inherited from interface it.unive.lisa.analysis.SemanticDomain

assign, assume, forgetIdentifier, forgetIdentifiers, forgetIdentifiersIf, getAllDomainInstances, getDomainInstance, knowsIdentifier, satisfies

Methods inherited from interface it.unive.lisa.util.representation.StructuredObject

representation

Constructor Detail

HeapEnvironment

public HeapEnvironment(T domain)

Builds an empty environment.

Parameters:

domain - a singleton instance to be used during semantic operations to retrieve top and bottom values

HeapEnvironment

public HeapEnvironment(T domain,
                       java.util.Map<Identifier,T> function)

Builds an empty environment from a given mapping.

Parameters:

domain - singleton instance to be used during semantic operations to retrieve top and bottom values

function - the initial mapping of this heap environment

HeapEnvironment

public HeapEnvironment(T domain,
                       java.util.Map<Identifier,T> function,
                       java.util.List<HeapSemanticOperation.HeapReplacement> substitution)

Builds an environment containing the given mapping. If function is null, the new environment is the top environment if lattice.isTop() holds, and it is the bottom environment if lattice.isBottom() holds.

Parameters:

domain - a singleton instance to be used during semantic operations to retrieve top and bottom values

function - the function representing the mapping contained in the new environment; can be null

substitution - the list of substitutions that has been generated together with the fresh instance being built

Method Detail

mk

public HeapEnvironment<T> mk(T lattice,
                             java.util.Map<Identifier,T> function)

Description copied from class: FunctionalLattice

Builds a instance of this class from the given lattice instance and the given mapping.

Specified by:

mk in class FunctionalLattice<HeapEnvironment<T extends NonRelationalHeapDomain<T>>,Identifier,T extends NonRelationalHeapDomain<T>>

Parameters:

lattice - an instance of lattice to be used during semantic operations to retrieve top and bottom values

function - the function representing the mapping contained in the new environment; can be null

Returns:

a new instance of this class

rewrite

public ExpressionSet rewrite(SymbolicExpression expression,
                             ProgramPoint pp,
                             SemanticOracle oracle)
                      throws SemanticException

Description copied from interface: MemoryOracle

Rewrites the given expression to a simpler form containing no sub expressions regarding the heap (that is, HeapExpressions). Every expression contained in the result can be safely cast to ValueExpression.

Specified by:

rewrite in interface MemoryOracle

Parameters:

expression - the expression to rewrite

pp - the program point where the rewrite happens

oracle - the oracle for inter-domain communication

Returns:

the rewritten expressions

Throws:

SemanticException - if something goes wrong while rewriting

getSubstitution

public java.util.List<HeapSemanticOperation.HeapReplacement> getSubstitution()

Description copied from interface: HeapSemanticOperation

Yields the substitution, in the form of a list of HeapSemanticOperation.HeapReplacements that must be processed in their order of appearance, that the creation of this heap domain caused. This substitution maps Identifiers in the pre-state to Identifiers in the post state. If no substitution needs to be applied, this method should return an empty list.

Specified by:

getSubstitution in interface HeapSemanticOperation

Returns:

the list of replacements

smallStepSemantics

public HeapEnvironment<T> smallStepSemantics(SymbolicExpression expression,
                                             ProgramPoint pp,
                                             SemanticOracle oracle)
                                      throws SemanticException

Description copied from interface: SemanticDomain

Yields a copy of this domain, that has been modified accordingly to the semantics of the given expression.

Specified by:

smallStepSemantics in interface SemanticDomain<HeapEnvironment<T extends NonRelationalHeapDomain<T>>,SymbolicExpression,Identifier>

Overrides:

smallStepSemantics in class Environment<HeapEnvironment<T extends NonRelationalHeapDomain<T>>,SymbolicExpression,T extends NonRelationalHeapDomain<T>>

Parameters:

expression - the expression whose semantics need to be computed

pp - the program point that where this operation is being evaluated

oracle - the oracle for inter-domain communication

Returns:

a copy of this domain, modified accordingly to the semantics of expression

Throws:

SemanticException - if an error occurs during the computation

top

public HeapEnvironment<T> top()

Description copied from interface: Lattice

Yields the top element of this lattice. The returned element should be unique across different calls to this method, since Lattice.isTop() uses reference equality by default. If the value returned by this method is not a singleton, override Lattice.isTop() accordingly to provide a coherent test.

Specified by:

top in interface Lattice<T extends NonRelationalHeapDomain<T>>

Returns:

the top element

bottom

public HeapEnvironment<T> bottom()

Description copied from interface: Lattice

Yields the bottom element of this lattice. The returned element should be unique across different calls to this method, since Lattice.isBottom() uses reference equality by default. If the value returned by this method is not a singleton, override Lattice.isBottom() accordingly to provide a coherent test.

Specified by:

bottom in interface Lattice<T extends NonRelationalHeapDomain<T>>

Returns:

the bottom element

isTop

public boolean isTop()

Description copied from class: FunctionalLattice

Yields true if and only if this object represents the top of the lattice. The default implementation of this method uses reference equality between this and the value returned by Lattice.top(), thus assuming that the top element is a singleton. If this is not the case, override this method accordingly to provide a coherent test.

By default, a functional lattice is the top lattice if the underlying lattice's isTop() holds and its function is null.

Specified by:

isTop in interface Lattice<T extends NonRelationalHeapDomain<T>>

Overrides:

isTop in class FunctionalLattice<HeapEnvironment<T extends NonRelationalHeapDomain<T>>,Identifier,T extends NonRelationalHeapDomain<T>>

Returns:

true if this is the top of the lattice

isBottom

public boolean isBottom()

Description copied from class: FunctionalLattice

Yields true if and only if this object represents the bottom of the lattice. The default implementation of this method uses reference equality between this and the value returned by Lattice.bottom(), thus assuming that the bottom element is a singleton. If this is not the case, override this method accordingly to provide a coherent test.

By default, a functional lattice is the top lattice if the underlying lattice's isBottom() holds and its function is null.

Specified by:

isBottom in interface Lattice<T extends NonRelationalHeapDomain<T>>

Overrides:

isBottom in class FunctionalLattice<HeapEnvironment<T extends NonRelationalHeapDomain<T>>,Identifier,T extends NonRelationalHeapDomain<T>>

Returns:

true if this is the bottom of the lattice

lessOrEqualAux

public boolean lessOrEqualAux(HeapEnvironment<T> other)
                       throws SemanticException

Description copied from interface: BaseLattice

Yields true if and only if this lattice element is in relation with (usually represented through ≤) the given one, assuming that base cases have already been handled. In particular, it is guaranteed that:

• other is not null
• other is neither top nor bottom
• this is neither top nor bottom
• this and other are not the same object (according both to == and to Object.equals(Object))

Specified by:

lessOrEqualAux in interface BaseLattice<T extends NonRelationalHeapDomain<T>>

Overrides:

lessOrEqualAux in class FunctionalLattice<HeapEnvironment<T extends NonRelationalHeapDomain<T>>,Identifier,T extends NonRelationalHeapDomain<T>>

Parameters:

other - the other lattice element

Returns:

true if and only if that condition holds

Throws:

SemanticException - if an error occurs during the computation

hashCode

public int hashCode()

Specified by:

hashCode in interface BaseLattice<T extends NonRelationalHeapDomain<T>>

Overrides:

hashCode in class FunctionalLattice<HeapEnvironment<T extends NonRelationalHeapDomain<T>>,Identifier,T extends NonRelationalHeapDomain<T>>

equals

public boolean equals(java.lang.Object obj)

Specified by:

equals in interface BaseLattice<T extends NonRelationalHeapDomain<T>>

Overrides:

equals in class FunctionalLattice<HeapEnvironment<T extends NonRelationalHeapDomain<T>>,Identifier,T extends NonRelationalHeapDomain<T>>

alias

public Satisfiability alias(SymbolicExpression x,
                            SymbolicExpression y,
                            ProgramPoint pp,
                            SemanticOracle oracle)
                     throws SemanticException

Description copied from interface: MemoryOracle

Yields whether or not the two given expressions are aliases, that is, if they point to the same region of memory. Note that, for this method to return Satisfiability.SATISFIED, both expressions should be pointers to other expressions.

Specified by:

alias in interface MemoryOracle

Parameters:

x - the first expression

y - the second expression

pp - the ProgramPoint where the computation happens

oracle - the oracle for inter-domain communication

Returns:

whether or not the two expressions are aliases

Throws:

SemanticException - if something goes wrong during the computation

isReachableFrom

public Satisfiability isReachableFrom(SymbolicExpression x,
                                      SymbolicExpression y,
                                      ProgramPoint pp,
                                      SemanticOracle oracle)
                               throws SemanticException

Description copied from interface: MemoryOracle

Yields whether or not the Identifier represented (directly or after rewriting) by the second expression is reachable starting from the Identifier represented (directly or after rewriting) by the first expression. Note that, for this method to return Satisfiability.SATISFIED, not only x needs to be a pointer to another expression, but the latter should be a pointer as well, and so on until y is reached.

Specified by:

isReachableFrom in interface MemoryOracle

Parameters:

x - the first expression

y - the second expression

pp - the ProgramPoint where the computation happens

oracle - the oracle for inter-domain communication

Returns:

whether or not the second expression can be reached from the first one

Throws:

SemanticException - if something goes wrong during the computation