Package it.unive.lisa.analysis

Class AnalysisState<A extends AbstractState<A,​H,​V,​T>,​H extends HeapDomain<H>,​V extends ValueDomain<V>,​T extends TypeDomain<T>>

    • Constructor Detail

      • AnalysisState

        public AnalysisState​(A state,
                     SymbolicExpression computedExpression)
        Builds a new state.
        Parameters:
        state - the AbstractState to embed in this analysis state
        computedExpression - the expression that has been computed

      • AnalysisState

        public AnalysisState​(A state,
                     SymbolicExpression computedExpression,
                     SymbolAliasing aliasing)
        Builds a new state.
        Parameters:
        state - the AbstractState to embed in this analysis state
        computedExpression - the expression that has been computed
        aliasing - the symbol aliasing information

      • AnalysisState

        public AnalysisState​(A state,
                     ExpressionSet<SymbolicExpression> computedExpressions)
        Builds a new state.
        Parameters:
        state - the AbstractState to embed in this analysis state
        computedExpressions - the expressions that have been computed

      • AnalysisState

        public AnalysisState​(A state,
                     ExpressionSet<SymbolicExpression> computedExpressions,
                     SymbolAliasing aliasing)
        Builds a new state.
        Parameters:
        state - the AbstractState to embed in this analysis state
        computedExpressions - the expressions that have been computed
        aliasing - the symbol aliasing information

    • Method Detail

      • getState

        public A getState()
        Yields the AbstractState embedded into this analysis state, containing abstract values for program variables and memory locations.
        Returns:
        the abstract state

      • getAliasing

        public SymbolAliasing getAliasing()
        Yields the symbol aliasing information, that can be used to resolve targets of calls when the names used in the call are different from the ones in the target's signature.
        Returns:
        the aliasing information

      • getComputedExpressions

        public ExpressionSet<SymbolicExpression> getComputedExpressions()
        Yields the last computed expression. This is an instance of SymbolicExpression that will contain markers for all abstract values that would be present on the stack, as well as variable identifiers for values that should be read from the state. These are tied together in a form of expression that abstract domains are able to interpret. The collection returned by this method usually contains one expression, but instances created through lattice operations (e.g., lub) might contain more.
        Returns:
        the last computed expression

      • alias

        public AnalysisState<A,​H,​V,​T> alias​(Symbol toAlias,
                                                      Symbol alias)
        Registers an alias for the given symbol. Any previous aliases will be deleted.
        Parameters:
        toAlias - the symbol being aliased
        alias - the alias for toAlias
        Returns:
        a copy of this analysis state, with the new alias

      • assign

        public AnalysisState<A,​H,​V,​T> assign​(SymbolicExpression id,
                                                       SymbolicExpression expression,
                                                       ProgramPoint pp)
                                                throws SemanticException
        Yields a copy of this analysis state, where the symbolic expression id has been assigned to value: if id is not an Identifier, then it is rewritten before performing the assignment.
        Parameters:
        id - the symbolic expression to be assigned
        expression - the expression to assign
        pp - the program point that where this operation is being evaluated
        Returns:
        a copy of this analysis state, modified by the assignment
        Throws:
        SemanticException - if an error occurs during the computation

      • assume

        public AnalysisState<A,​H,​V,​T> assume​(SymbolicExpression expression,
                                                       ProgramPoint pp)
                                                throws SemanticException
        Description copied from interface: SemanticDomain
        Yields a copy of this domain, modified by assuming that the given expression holds. It is required that the returned domain is in relation with this one. A safe (but imprecise) implementation of this method can always return this.
        Specified by:
        assume in interface SemanticDomain<A extends AbstractState<A,​H,​V,​T>,​H extends HeapDomain<H>,​V extends ValueDomain<V>>
        Parameters:
        expression - the expression to assume to hold.
        pp - the program point that where this operation is being evaluated
        Returns:
        the (optionally) modified copy of this domain
        Throws:
        SemanticException - if an error occurs during the computation

      • popScope

        public AnalysisState<A,​H,​V,​T> popScope​(ScopeToken scope)
                                                  throws SemanticException
        Description copied from interface: SemanticDomain
        Pops the scope identified by the given token from the domain. This causes all the visible variables (i.e. that are not mapped to a scope) to be removed from the domain, while the local variables that were associated to the given scope token (and thus hidden) will become visible again.
        Specified by:
        popScope in interface SemanticDomain<A extends AbstractState<A,​H,​V,​T>,​H extends HeapDomain<H>,​V extends ValueDomain<V>>
        Parameters:
        scope - the token of the scope to be restored
        Returns:
        a copy of this domain where the local variables have been removed, while the variables mapped to the given scope are visible again
        Throws:
        SemanticException - if an error occurs during the computation

      • lubAux

        public AnalysisState<A,​H,​V,​T> lubAux​(AnalysisState<A,​H,​V,​T> other)
                                                throws SemanticException
        Description copied from class: BaseLattice
        Performs the least upper bound operation between this lattice element and the given one, assuming that base cases have already been handled. In particular, it is guaranteed that:
        • other is not null
        • other is neither top nor bottom
        • this is neither top nor bottom
        • this and other are not the same object (according both to == and to Object.equals(Object))
        Specified by:
        lubAux in class BaseLattice<AnalysisState<A extends AbstractState<A,​H,​V,​T>,​H extends HeapDomain<H>,​V extends ValueDomain<V>,​T extends TypeDomain<T>>>
        Parameters:
        other - the other lattice element
        Returns:
        the least upper bound between this and other
        Throws:
        SemanticException - if an error occurs during the computation

      • wideningAux

        public AnalysisState<A,​H,​V,​T> wideningAux​(AnalysisState<A,​H,​V,​T> other)
                                                     throws SemanticException
        Description copied from class: BaseLattice
        Performs the widening operation between this lattice element and the given one, assuming that base cases have already been handled. In particular, it is guaranteed that:
        • other is not null
        • other is neither top nor bottom
        • this is neither top nor bottom
        • this and other are not the same object (according both to == and to Object.equals(Object))
        Specified by:
        wideningAux in class BaseLattice<AnalysisState<A extends AbstractState<A,​H,​V,​T>,​H extends HeapDomain<H>,​V extends ValueDomain<V>,​T extends TypeDomain<T>>>
        Parameters:
        other - the other lattice element
        Returns:
        the widening between this and other
        Throws:
        SemanticException - if an error occurs during the computation

      • lessOrEqualAux

        public boolean lessOrEqualAux​(AnalysisState<A,​H,​V,​T> other)
                       throws SemanticException
        Description copied from class: BaseLattice
        Yields true if and only if this lattice element is in relation with (usually represented through ≤) the given one, assuming that base cases have already been handled. In particular, it is guaranteed that:
        • other is not null
        • other is neither top nor bottom
        • this is neither top nor bottom
        • this and other are not the same object (according both to == and to Object.equals(Object))
        Specified by:
        lessOrEqualAux in class BaseLattice<AnalysisState<A extends AbstractState<A,​H,​V,​T>,​H extends HeapDomain<H>,​V extends ValueDomain<V>,​T extends TypeDomain<T>>>
        Parameters:
        other - the other lattice element
        Returns:
        true if and only if that condition holds
        Throws:
        SemanticException - if an error occurs during the computation

      • top

        public AnalysisState<A,​H,​V,​T> top()
        Description copied from interface: Lattice
        Yields the top element of this lattice. The returned element should be unique across different calls to this method, since Lattice.isTop() uses reference equality by default. If the value returned by this method is not a singleton, override Lattice.isTop() accordingly to provide a coherent test.
        Specified by:
        top in interface Lattice<A extends AbstractState<A,​H,​V,​T>>
        Returns:
        the top element

      • bottom

        public AnalysisState<A,​H,​V,​T> bottom()
        Description copied from interface: Lattice
        Yields the bottom element of this lattice. The returned element should be unique across different calls to this method, since Lattice.isBottom() uses reference equality by default. If the value returned by this method is not a singleton, override Lattice.isBottom() accordingly to provide a coherent test.
        Specified by:
        bottom in interface Lattice<A extends AbstractState<A,​H,​V,​T>>
        Returns:
        the bottom element

      • isTop

        public boolean isTop()
        Description copied from interface: Lattice
        Yields true if and only if this object represents the top of the lattice. The default implementation of this method uses reference equality between this and the value returned by Lattice.top(), thus assuming that the top element is a singleton. If this is not the case, override this method accordingly to provide a coherent test.
        Specified by:
        isTop in interface Lattice<A extends AbstractState<A,​H,​V,​T>>
        Returns:
        true if this is the top of the lattice

      • isBottom

        public boolean isBottom()
        Description copied from interface: Lattice
        Yields true if and only if this object represents the bottom of the lattice. The default implementation of this method uses reference equality between this and the value returned by Lattice.bottom(), thus assuming that the bottom element is a singleton. If this is not the case, override this method accordingly to provide a coherent test.
        Specified by:
        isBottom in interface Lattice<A extends AbstractState<A,​H,​V,​T>>
        Returns:
        true if this is the bottom of the lattice

      • getDomainInstance

        public <D> D getDomainInstance​(java.lang.Class<D> domain)
        Description copied from interface: SemanticDomain
        Yields the instance of a specific domain, of class domain, contained inside the domain. If this domain is an instance of the specified class, then this is returned. Otherwise, inner domains are recursively checked (enabling retrieval of semantic domains through Cartesian products or other types of combinations), returning the first that is instance of domain.

        The default implementation of this method returns this if domain.isAssignableFrom(getClass()) == true, otherwise it returns null.
        Specified by:
        getDomainInstance in interface SemanticDomain<A extends AbstractState<A,​H,​V,​T>,​H extends HeapDomain<H>,​V extends ValueDomain<V>>
        Type Parameters:
        D - the type of domain to retrieve
        Parameters:
        domain - the class of the domain instance to retrieve
        Returns:
        the instance of that domain, or null