public LinearEqualitiesForUnsafeCode Join(LinearEqualitiesForUnsafeCode prevState, Set <BoxedExpression> bottompointers, APC pc)
{
LinearEqualitiesForUnsafeCode thiscloned = (LinearEqualitiesForUnsafeCode)this.Clone();
LinearEqualitiesForUnsafeCode prevcloned = (LinearEqualitiesForUnsafeCode)prevState.Clone();
IAbstractDomain joined = base.Join(prevState);
var result = new LinearEqualitiesForUnsafeCode((LinearEqualitiesEnvironment <BoxedExpression>)joined, this.bdecoder, this.context, this.mdDecoder);
Set <BoxedExpression> thisvariables = thiscloned.Variables;
Set <BoxedExpression> prevvariables = prevcloned.Variables;
//For each pointer such that in a branch it is null and in the other is assigned to an allocated area of memory, we trace information only from
//this branch, ignoring the other one
foreach (BoxedExpression ptr in bottompointers)
{
BoxedExpression temp;
if (ptr.TryGetAssociatedInfo(pc, AssociatedInfo.WritableBytes, out temp) ||
ptr.TryGetAssociatedInfo(pc, AssociatedInfo.ArrayLength, out temp))
{
if (this.Variables.Contains(temp) && prevState.Variables.Contains(temp))
{
// Francesco: I added this check because it seems that something is wrong with the tracking for the null pointers
// (method System.Web.UI.WebControls.ObjectDataSourceView.GetResolvedMethodData(...) of System.Web.dll)
// The check should not influence the soundness (we are losing information)
continue;
}
else
{
RefineWithNullPointerInformation(pc, temp, thiscloned, prevcloned, ref result);
}
}
}
return(result);
}
/// <summary>
/// This is a version of the join which causes a partial propagation of the information from Intervals to Symbolic upper bounds
/// </summary>
/// <param name="a">The other element</param>
sealed public override IAbstractDomain Join(IAbstractDomain a)
{
if (this.IsBottom)
{
return(a);
}
if (a.IsBottom)
{
return(this);
}
if (this.IsTop)
{
return(this);
}
if (a.IsTop)
{
return(a);
}
var r = a as Pentagons <Variable, Expression>;
Contract.Assume(r != null);
// These two lines have a weak notion of closure, which essentially avoids dropping "x < y" if it is implied by the intervals abstract domain
// It seems that it is as precise as the expensive join
var joinRightPart = this.Right.Join(r.Right, this.Left, r.Left);
var joinLeftPart = this.Left.Join(r.Left);
return(this.Factory(joinLeftPart, joinRightPart));
}
IAbstractDomain IAbstractDomain.Widening(IAbstractDomain prev)
{
var other = prev as EnumDefined <Variable, Type, Expression>;
Contract.Assume(other != null);
return(this.Widening(other));
}
public IAbstractDomain /*!*/ Join(IAbstractDomain /*!*/ a)
{
IAbstractDomain /*!*/ result;
if (AbstractDomainsHelper.TryTrivialJoin(this, a, out result))
{
return(result);
}
Debug.Assert(a is SymbolicExpressionsAbstractDomain <Expression>, "Expecting an instance of SymbolicExpressionsAbstractDomain. Found " + a);
//^ assert a is SymbolicExpressionsAbstractDomain<Expression>;
SymbolicExpressionsAbstractDomain <Expression> right = a as SymbolicExpressionsAbstractDomain <Expression>;
FunctionalAbstractDomain <Expression, FlatAbstractDomainWithComparer <Expression> > joinSymbolicExpressions =
(FunctionalAbstractDomain <Expression, FlatAbstractDomainWithComparer <Expression> >) this.var2exp.Join(right.var2exp); // Join the symbolic expression bindings
Debug.Assert(!joinSymbolicExpressions.IsBottom, "The join of two non-bottom expression environments cannot be bottom");
//^ assert !joinSymbolicExpressions.IsBottom;
/*
* if (joinSymbolicExpressions.IsTop)
* {
* return this.Top;
* }
* else
* {*/
return(new SymbolicExpressionsAbstractDomain <Expression>(joinSymbolicExpressions, this.decoder, this.encoder));
//}
}
public IAbstractDomain /*!*/ Meet(IAbstractDomain /*!*/ a)
{
IAbstractDomain trivialMeet;
if (AbstractDomainsHelper.TryTrivialMeet(this, a, out trivialMeet))
{
return(trivialMeet);
}
Debug.Assert(a is SymbolicExpressionsAbstractDomain <Expression>,
"Expecting an instance of SymbolicExpressionsAbstractDomain. Found " + a); //^ assert a is SymbolicExpressionsAbstractDomain<Expression>;
SymbolicExpressionsAbstractDomain <Expression> right = a as SymbolicExpressionsAbstractDomain <Expression>;
FunctionalAbstractDomain <Expression, FlatAbstractDomainWithComparer <Expression> > meetSymbolicExpressions =
(FunctionalAbstractDomain <Expression, FlatAbstractDomainWithComparer <Expression> >) this.var2exp.Meet(right.var2exp); // Meet the symbolic expression bindings
Debug.Assert(!meetSymbolicExpressions.IsTop, "The meet of two non-top expression environments cannot be top ");
// ^ assert !joinSymbolicExpressions.IsTop;
if (meetSymbolicExpressions.IsBottom)
{
return(this.Bottom);
}
else
{
return(new SymbolicExpressionsAbstractDomain <Expression>(meetSymbolicExpressions, this.decoder, this.encoder));
}
}
public override IAbstractDomain Join(IAbstractDomain a)
{
if (this.IsBottom)
{
return(a);
}
if (a.IsBottom)
{
return(this);
}
if (this.IsTop)
{
return(this);
}
if (a.IsTop)
{
return(a);
}
var r = a as PentagonsPlus <Variable, Expression>;
Contract.Assume(r != null, "Error cannot compare a cartesian abstract element with a " + a.GetType());
// These two lines have a weak notion of closure, which essentially avoids dropping "x <= y" if it is implied by the intervals abstract domain
// It seems that it is as precise as the expensive join
var joinLeftPart = this.Left.Join(r.Left, this.Right.Left, r.Right.Left);
Contract.Assert(joinLeftPart != null);
var joinRightPart = this.Right.Join(r.Right) as Pentagons <Variable, Expression>;
Contract.Assume(joinRightPart != null);
return(new PentagonsPlus <Variable, Expression>(joinLeftPart, joinRightPart, this.ExpressionManager));
}
public IAbstractDomain Join(IAbstractDomain a)
{
IAbstractDomain result;
if (AbstractDomainsHelper.TryTrivialJoin(this, a, out result))
{
return(result);
}
BoundedDisjunction <Variable, Expression> asDisjunctionDomain = a as BoundedDisjunction <Variable, Expression>;
Debug.Assert(asDisjunctionDomain != null);
INumericalAbstractDomain <Variable, Expression>[] joinDisjuncts = new INumericalAbstractDomain <Variable, Expression> [this.disjuncts.Length + asDisjunctionDomain.disjuncts.Length];
// Copy both the domains
for (int i = 0; i < this.disjuncts.Length; i++)
{
joinDisjuncts[i] = this.disjuncts[i];
}
for (int i = 0; i < asDisjunctionDomain.disjuncts.Length; i++)
{
joinDisjuncts[this.disjuncts.Length + i] = asDisjunctionDomain.disjuncts[i];
}
return(new BoundedDisjunction <Variable, Expression>(joinDisjuncts));
}
IAbstractDomain IAbstractDomain.Meet(IAbstractDomain a)
{
var other = a as EnumDefined <Variable, Type, Expression>;
Contract.Assume(other != null);
return(this.Meet(other));
}
IAbstractDomain IAbstractDomain.Meet(IAbstractDomain a)
{
var tmp = a as SegmentLimit <Variable>;
Contract.Assume(tmp != null);
return(this.Meet(tmp));
}
bool IAbstractDomain.LessEqual(IAbstractDomain a)
{
var other = a as SegmentLimit <Variable>;
Contract.Assume(other != null);
return(this.LessEqual(other));
}
IAbstractDomain IAbstractDomain.Meet(IAbstractDomain a)
{
var other = a as ArrayStateAD <NumericalAbstractDomain, ArrayAbstractDomain, Variable, Expression>;
Contract.Assume(other != null);
return(this.Meet(other));
}
IAbstractDomain IAbstractDomain.Widening(IAbstractDomain prev)
{
var other = prev as SegmentLimit <Variable>;
Contract.Assume(other != null);
return(this.Widening(other));
}
IAbstractDomain IAbstractDomain.Meet(IAbstractDomain a)
{
var other = a as SymbolicExpressionTracker <Variable, Expression>;
Contract.Assume(a != null);
return(this.Meet(other));
}
IAbstractDomain IAbstractDomain.Widening(IAbstractDomain prev)
{
var other = prev as ScalarFromArrayTracking;
Contract.Assume(other != null);
return(this.Widening(other));
}
IAbstractDomain IAbstractDomain.Meet(IAbstractDomain a)
{
var other = a as ScalarFromArrayTracking;
Contract.Assume(other != null);
return(this.Meet(other));
}
bool IAbstractDomain.LessEqual(IAbstractDomain a)
{
var other = a as ScalarFromArrayTracking;
Contract.Assume(other != null);
return(this.LessEqual(other));
}
IAbstractDomain IAbstractDomain.Widening(IAbstractDomain prev)
{
var other = prev as NonRelationalValueAbstraction <Variable, Expression>;
Contract.Assume(other != null);
return(this.Widening(other));
}
IAbstractDomain IAbstractDomain.Meet(IAbstractDomain a)
{
var other = a as NonRelationalValueAbstraction <Variable, Expression>;
Contract.Assume(other != null);
return(this.Meet(other));
}
IAbstractDomain IAbstractDomain.Widening(IAbstractDomain prev)
{
var other = prev as SymbolicExpressionTracker <Variable, Expression>;
Contract.Assume(prev != null);
return(this.Widening(other));
}
public override IAbstractDomain Widening(IAbstractDomain prev)
{
var other = prev as ArrayStateAD <NumericalAbstractDomain, ArrayAbstractDomain, Variable, Expression>;
Contract.Assume(other != null);
return(this.Widening(other));
}
public override IAbstractDomain Widening(IAbstractDomain prev)
{
var previous = (SimpleArrayAbstractDomain <Variable, Expression>)prev;
var leftWidened = (INumericalAbstractDomain <Variable, Expression>) this.Left.Widening(previous.Left);
var rightWidened = (SimpleArrayPropertiesAbstractDomain <Variable, Expression>) this.Right.Widening(previous.Right);
var widened = new SimpleArrayAbstractDomain <Variable, Expression>(leftWidened, rightWidened);
return((IAbstractDomain)widened);
}
private static INumericalAbstractDomain <Variable, Expression> SmashTogether(INumericalAbstractDomain <Variable, Expression>[] asDisjunction)
{
IAbstractDomain result = asDisjunction[0];
for (int i = 1; i < asDisjunction.Length; i++)
{
result = result.Join(asDisjunction[i]);
}
return((INumericalAbstractDomain <Variable, Expression>)result);
}
public bool LessEqual(IAbstractDomain a)
{
bool r;
if (AbstractDomainsHelper.TryTrivialLessEqual(this, a, out r))
{
return(r);
}
INumericalAbstractDomain <Variable, Expression> leftSmashed = SmashTogether(this, true);
INumericalAbstractDomain <Variable, Expression> rightSmashed = SmashTogether(a, true);
return(leftSmashed.LessEqual(rightSmashed));
}
override public bool LessEqual(IAbstractDomain /*!*/ a)
{
bool result;
if (AbstractDomainsHelper.TryTrivialLess(this, a, out result))
{
return(result);
}
ProductIntervalsWeakUpperBounds <Expression> r = a as ProductIntervalsWeakUpperBounds <Expression>;
bool b1 = this.Left.LessEqual(r.Left);
bool b2 = this.Right.LessEqual(r.Right);
return(b1 & b2);
}
/// <summary>
/// Pointwise order
/// </summary>
public bool LessEqual(IAbstractDomain /*!*/ a)
{
bool result;
if (AbstractDomainsHelper.TryTrivialLessEqual(this, a, out result))
{
return(result);
}
Debug.Assert(a is SymbolicExpressionsAbstractDomain <Expression>
, "Expecting an instance of SymbolicExpressionsAbstractDomain. Found " + a); //^ assert a is SymbolicExpressionsAbstractDomain<Expression>;
SymbolicExpressionsAbstractDomain <Expression> right = a as SymbolicExpressionsAbstractDomain <Expression>;
return(this.var2exp.LessEqual(right.var2exp)); // We do not need to compare the free variables, as they are a consequence
}
public IAbstractDomain Meet(IAbstractDomain a)
{
IAbstractDomain result;
if (AbstractDomainsHelper.TryTrivialMeet(this, a, out result))
{
return(result);
}
BoundedDisjunction <Variable, Expression> asDisjunctionDomain = a as BoundedDisjunction <Variable, Expression>;
Debug.Assert(asDisjunctionDomain != null);
INumericalAbstractDomain <Variable, Expression> left = SmashTogether(disjuncts);
INumericalAbstractDomain <Variable, Expression> right = SmashTogether(asDisjunctionDomain.disjuncts);
return(new BoundedDisjunction <Variable, Expression>((INumericalAbstractDomain <Variable, Expression>)left.Meet(right)));
}
public IAbstractDomain Widening(IAbstractDomain prev)
{
IAbstractDomain result;
if (AbstractDomainsHelper.TryTrivialJoin(this, prev, out result))
{
return(result);
}
BoundedDisjunction <Variable, Expression> asDisjunctionDomain = prev as BoundedDisjunction <Variable, Expression>;
Debug.Assert(asDisjunctionDomain != null);
INumericalAbstractDomain <Variable, Expression> left = SmashTogether(this.disjuncts);
INumericalAbstractDomain <Variable, Expression> right = SmashTogether(asDisjunctionDomain.disjuncts);
return(new BoundedDisjunction <Variable, Expression>((INumericalAbstractDomain <Variable, Expression>)left.Widening(right)));
}
static private INumericalAbstractDomain <Variable, Expression> SmashTogether(IAbstractDomain boundedDisjunction, bool p)
{
INumericalAbstractDomain <Variable, Expression> asNumericalDomain = (INumericalAbstractDomain <Variable, Expression>)boundedDisjunction;
Debug.Assert(boundedDisjunction != null);
if (p)
{ // It is a
BoundedDisjunction <Variable, Expression> asDisjunction = asNumericalDomain as BoundedDisjunction <Variable, Expression>;
Debug.Assert(asDisjunction != null);
return(SmashTogether(asDisjunction.disjuncts));
}
else
{
return(asNumericalDomain);
}
}
/// <summary>
/// The join operator improved in order to keep information about pointers that are null in a branch and != null in the other
/// In this case we trace the length of the pointer != null ignoring the other branch
/// </summary>
/// <param name="pc">is the target of the join.</param>
public IAbstractDomain Join(IAbstractDomain a, Set <BoxedExpression> bottomPointers, APC pc)
{
var joined = base.Join((IntervalEnvironment <BoxedExpression>)a);
IntervalsForUnsafeCode prev = new IntervalsForUnsafeCode((IntervalEnvironment <BoxedExpression>)a, this.context);
IntervalsForUnsafeCode result = new IntervalsForUnsafeCode((IntervalEnvironment <BoxedExpression>)joined, this.context);
//It traces all the pointers that in a branch are assigned to null and in the other are assigned to an allocated area of memory
//This information is used in order to refine the Join, as otherwise we would lose the size of the allocated memory
foreach (BoxedExpression ptr in bottomPointers)
{
BoxedExpression len;
// TODO: if this doesn't work, we need to pass in the pc to GetAssociatedInfo !
if (ptr.TryGetAssociatedInfo(pc, AssociatedInfo.WritableBytes, out len))
{
RefineNullVariable(pc, len, prev, result);
}
}
return(result);
}
/// <summary>
/// The pairwise widening
/// </summary>
public override IAbstractDomain Widening(IAbstractDomain prev)
{
if (this.IsBottom)
{
return(prev);
}
if (prev.IsBottom)
{
return(this);
}
var asIntWSUB = prev as Pentagons <Variable, Expression>;
Contract.Assume(asIntWSUB != null);
var widenLeft = this.Left.Widening(asIntWSUB.Left);
var widenRight = this.Right.Widening(asIntWSUB.Right);
return(this.Factory(widenLeft, widenRight));
}
