Cumulative updates

Author: amoeller

README.md

@@ -88,6 +88,7 @@ where `<source>` can be a file or a directory containing `.tip` files and
 `[out]` is an output directory (default: ./out).
 
 To see the possible options, run `tip` without options.
+Option `-verbose` is recommended when developing and testing analyses.
 
 ## Help to Scala novices
 

examples/interval0.tip

@@ -0,0 +1,12 @@
+main() {
+    var x,y;
+    y = 0;
+    x = 7;
+    x = x + 1;
+    while (input) {
+        x = 7;
+        x = x+1;
+        y = y+1;
+    }
+    return 0;
+}

src/tip/Tip.scala

@@ -123,14 +123,14 @@ object Tip extends App {
         | immediately after the analysis name (default: use the simple fixpoint solver):
         |
         | wl       use the worklist solver
-        | wli      use the worklist solver with init
-        | wliw     use the worklist solver with init and widening
-        | wliwn    use the worklist solver with init, widening, and narrowing
-        | wlip     use the worklist solver with init and propagation
-        | iwli     use the worklist solver with init, interprocedural version
-        | iwlip    use the worklist solver with init and propagation, interprocedural version
-        | csiwlip  use the worklist solver with init and propagation, context-sensitive (with call string) interprocedural version
-        | cfiwlip  use the worklist solver with init and propagation, context-sensitive (with functional approach) interprocedural version
+        | wlr      use the worklist solver with reachability
+        | wlrw     use the worklist solver with reachability and widening
+        | wlrwn    use the worklist solver with reachability, widening, and narrowing
+        | wlrp     use the worklist solver with reachability and propagation
+        | iwlr     use the worklist solver with reachability, interprocedural version
+        | iwlrp    use the worklist solver with reachability and propagation, interprocedural version
+        | csiwlrp  use the worklist solver with reachability and propagation, context-sensitive (with call string) interprocedural version
+        | cfiwlrp  use the worklist solver with reachability and propagation, context-sensitive (with functional approach) interprocedural version
         | ide      use the IDE solver
         |
         | e.g. -sign wl  will run the sign analysis using the basic worklist solver

src/tip/analysis/FlowSensitiveAnalysis.scala

@@ -33,7 +33,7 @@ object FlowSensitiveAnalysis {
   def select(kind: Analysis.Value, options: AnalysisOption.Value, cfg: FragmentCfg)(implicit declData: DeclarationData): Option[FlowSensitiveAnalysis[_]] = {
 
     val typedCfg = options match {
-      case AnalysisOption.iwli | AnalysisOption.iwlip | AnalysisOption.`csiwlip` | AnalysisOption.`cfiwlip` | AnalysisOption.`ide` =>
+      case AnalysisOption.`iwlr` | AnalysisOption.`iwlrp` | AnalysisOption.`csiwlrp` | AnalysisOption.`cfiwlrp` | AnalysisOption.`ide` =>
         cfg match {
           case w: InterproceduralProgramCfg => Right(w)
           case _ => throw new RuntimeException(s"Whole CFG needed")
@@ -67,43 +67,43 @@ object FlowSensitiveAnalysis {
           case Analysis.constprop => new ConstantPropagationAnalysisWorklistSolver(typedCfg.left.get)
           case _ => throw new RuntimeException(s"Unsupported solver option `$options` for the analysis $kind")
         })
-      case AnalysisOption.`wli` =>
+      case AnalysisOption.`wlr` =>
         Some(kind match {
-          case Analysis.sign => new IntraprocSignAnalysisWorklistSolverWithInit(typedCfg.left.get)
-          case Analysis.interval => new IntervalAnalysisWorklistSolverWithInit(typedCfg.left.get)
+          case Analysis.sign => new IntraprocSignAnalysisWorklistSolverWithReachability(typedCfg.left.get)
+          case Analysis.interval => new IntervalAnalysisWorklistSolverWithReachability(typedCfg.left.get)
           case _ => throw new RuntimeException(s"Unsupported solver option `$options` for the analysis $kind")
         })
-      case AnalysisOption.`wliw` =>
+      case AnalysisOption.`wlrw` =>
         Some(kind match {
           case Analysis.interval => new IntervalAnalysisWorklistSolverWithWidening(typedCfg.left.get)
           case _ => throw new RuntimeException(s"Unsupported solver option `$options` for the analysis $kind")
         })
-      case AnalysisOption.`wliwn` =>
+      case AnalysisOption.`wlrwn` =>
         Some(kind match {
           case Analysis.interval => new IntervalAnalysisWorklistSolverWithWideningAndNarrowing(typedCfg.left.get)
           case _ => throw new RuntimeException(s"Unsupported solver option `$options` for the analysis $kind")
         })
-      case AnalysisOption.`wlip` =>
+      case AnalysisOption.`wlrp` =>
         Some(kind match {
-          case Analysis.sign => new IntraprocSignAnalysisWorklistSolverWithInitAndPropagation(typedCfg.left.get)
+          case Analysis.sign => new IntraprocSignAnalysisWorklistSolverWithReachabilityAndPropagation(typedCfg.left.get)
           case _ => throw new RuntimeException(s"Unsupported solver option `$options` for the analysis $kind")
         })
-      case AnalysisOption.`iwli` =>
+      case AnalysisOption.`iwlr` =>
         Some(kind match {
-          case Analysis.sign => new InterprocSignAnalysisWorklistSolverWithInit(typedCfg.right.get)
+          case Analysis.sign => new InterprocSignAnalysisWorklistSolverWithReachability(typedCfg.right.get)
           case _ => throw new RuntimeException(s"Unsupported solver option `$options` for the analysis $kind")
         })
-      case AnalysisOption.`iwlip` =>
+      case AnalysisOption.`iwlrp` =>
         Some(kind match {
-          case Analysis.sign => new InterprocSignAnalysisWorklistSolverWithInitAndPropagation(typedCfg.right.get)
+          case Analysis.sign => new InterprocSignAnalysisWorklistSolverWithReachabilityAndPropagation(typedCfg.right.get)
           case _ => throw new RuntimeException(s"Unsupported solver option `$options` for the analysis $kind")
         })
-      case AnalysisOption.`csiwlip` =>
+      case AnalysisOption.`csiwlrp` =>
         Some(kind match {
           case Analysis.sign => new CallStringSignAnalysis(typedCfg.right.get)
           case _ => throw new RuntimeException(s"Unsupported solver option `$options` for the analysis $kind")
         })
-      case AnalysisOption.`cfiwlip` =>
+      case AnalysisOption.`cfiwlrp` =>
         Some(kind match {
           case Analysis.sign => new FunctionalSignAnalysis(typedCfg.right.get)
           case _ => throw new RuntimeException(s"Unsupported solver option `$options` for the analysis $kind")
@@ -121,40 +121,40 @@ object FlowSensitiveAnalysis {
     *
     * - Enabled: use the simple fixpoint solver
     * - wl: use the worklist solver
-    * - wli: use the worklist solver with init
-    * - wliw: use the worklist solver with init and widening
-    * - wliwn: use the worklist solver with init, widening, and narrowing
-    * - wlip: use the worklist solver with init and propagation
-    * - iwli: use the worklist solver with init, interprocedural version
-    * - iwlip: use the worklist solver with init and propagation, interprocedural version
-    * - csiwlip: use the worklist solver with init and propagation, context-sensitive (with call string) interprocedural version
-    * - cfiwlip: use the worklist solver with init and propagation, context-sensitive (with functional approach) interprocedural version
+    * - wlr: use the worklist solver with reachability
+    * - wlrw: use the worklist solver with reachability and widening
+    * - wlrwn: use the worklist solver with reachability, widening, and narrowing
+    * - wlrp: use the worklist solver with reachability and propagation
+    * - iwlr: use the worklist solver with reachability, interprocedural version
+    * - iwlrp: use the worklist solver with reachability and propagation, interprocedural version
+    * - csiwlrp: use the worklist solver with reachability and propagation, context-sensitive (with call string) interprocedural version
+    * - cfiwlrp: use the worklist solver with reachability and propagation, context-sensitive (with functional approach) interprocedural version
     * - ide: use the IDE solver
     */
   object AnalysisOption extends Enumeration {
-    val simple, Disabled, wl, wli, wliw, wliwn, wlip, iwli, iwlip, csiwlip, cfiwlip, ide = Value
+    val simple, Disabled, wl, wlr, wlrw, wlrwn, wlrp, iwlr, iwlrp, csiwlrp, cfiwlrp, ide = Value
 
     def interprocedural(v: Value): Boolean =
       v match {
-        case `iwli` => true
-        case `iwlip` => true
-        case `csiwlip` => true
-        case `cfiwlip` => true
+        case `iwlr` => true
+        case `iwlrp` => true
+        case `csiwlrp` => true
+        case `cfiwlrp` => true
         case `ide` => true
         case _ => false
       }
 
     def contextsensitive(v: Value): Boolean =
       v match {
-        case `csiwlip` => true
-        case `cfiwlip` => true
+        case `csiwlrp` => true
+        case `cfiwlrp` => true
         case _ => false
       }
 
     def withWidening(v: Value): Boolean =
       v match {
-        case `wliw` => true
-        case `wliwn` => true
+        case `wlrw` => true
+        case `wlrwn` => true
         case _ => false
       }
   }

src/tip/analysis/IntervalAnalysis.scala

@@ -79,9 +79,9 @@ abstract class IntervalAnalysis(cfg: FragmentCfg)(implicit declData: Declaration
 /**
   * Interval analysis, using the worklist solver with init and widening.
   */
-class IntervalAnalysisWorklistSolverWithInit(cfg: ProgramCfg)(implicit declData: DeclarationData)
+class IntervalAnalysisWorklistSolverWithReachability(cfg: ProgramCfg)(implicit declData: DeclarationData)
     extends IntervalAnalysis(cfg)
-    with WorklistFixpointSolverWithInit[CfgNode]
+    with WorklistFixpointSolverWithReachability[CfgNode]
     with ForwardDependencies {
 
   val first = cfg.funEntries.values.toSet[CfgNode]
@@ -92,7 +92,7 @@ class IntervalAnalysisWorklistSolverWithInit(cfg: ProgramCfg)(implicit declData:
   */
 class IntervalAnalysisWorklistSolverWithWidening(cfg: ProgramCfg)(implicit declData: DeclarationData)
     extends IntervalAnalysis(cfg)
-    with WorklistFixpointSolverWithInitAndSimpleWidening[CfgNode]
+    with WorklistFixpointSolverWithReachabilityAndWidening[CfgNode]
     with ForwardDependencies {
 
   import tip.cfg.CfgOps._
@@ -111,28 +111,38 @@ class IntervalAnalysisWorklistSolverWithWidening(cfg: ProgramCfg)(implicit declD
     }
   }
 
-  def backedge(src: CfgNode, dst: CfgNode): Boolean = cfg.rank(src) > cfg.rank(dst)
+  def loophead(n: CfgNode): Boolean = indep(n).exists(cfg.rank(_) > cfg.rank(n))
+
+  type IntervalLatticeElement = lattice.sublattice.sublattice.sublattice.Element
 
   private def minB(b: lattice.sublattice.sublattice.sublattice.Num) = B.filter(b <= _).min
 
   private def maxB(a: lattice.sublattice.sublattice.sublattice.Num) = B.filter(_ <= a).max
 
-  def widen(s: lattice.sublattice.Element): lattice.sublattice.Element = {
-    import lattice.sublattice.sublattice.sublattice._
-    import lattice.sublattice._
-    s match {
-      case lattice.sublattice.Bottom => s
-      case lattice.sublattice.Lift(m) => ??? //<--- Complete here
+  def widenInterval(x: IntervalLatticeElement, y: IntervalLatticeElement): IntervalLatticeElement =
+    (x, y) match {
+      case (lattice.sublattice.sublattice.sublattice.EmptyInterval, _) => y
+      case (_, lattice.sublattice.sublattice.sublattice.EmptyInterval) => x
+      case ((l1, h1), (l2, h2)) => ??? //<--- Complete here
+    }
+
+  def widen(x: lattice.sublattice.Element, y: lattice.sublattice.Element): lattice.sublattice.Element =
+    (x, y) match {
+      case (lattice.sublattice.Bottom, _) => y
+      case (_, lattice.sublattice.Bottom) => x
+      case (lattice.sublattice.Lift(xm), lattice.sublattice.Lift(ym)) =>
+        lattice.sublattice.Lift(declaredVars.map { v =>
+          v -> widenInterval(xm(v), ym(v))
+        }.toMap)
     }
-  }
 }
 
 /**
   * Interval analysis, using the worklist solver with init, widening, and narrowing.
   */
 class IntervalAnalysisWorklistSolverWithWideningAndNarrowing(cfg: ProgramCfg)(implicit declData: DeclarationData)
     extends IntervalAnalysisWorklistSolverWithWidening(cfg)
-    with WorklistFixpointSolverWithInitAndSimpleWideningAndNarrowing[CfgNode] {
+    with WorklistFixpointSolverWithReachabilityAndWideningAndNarrowing[CfgNode] {
 
   val narrowingSteps = 5
 }

src/tip/analysis/SignAnalysis.scala

@@ -244,7 +244,7 @@ abstract class SimpleSignAnalysis(cfg: ProgramCfg)(implicit val declData: Declar
 }
 
 /**
-  * Base class for sign analysis with lifted lattice.
+  * Base class for sign analysis with lifted lattice, where the extra bottom element represents "unreachable".
   */
 abstract class LiftedSignAnalysis(cfg: ProgramCfg)(implicit val declData: DeclarationData)
     extends FlowSensitiveAnalysis[CfgNode](cfg)
@@ -295,28 +295,29 @@ class IntraprocSignAnalysisWorklistSolver(cfg: ProgramCfg)(implicit override val
     with SimpleWorklistFixpointSolver[CfgNode]
 
 /**
-  * Intraprocedural sign analysis that uses [[tip.solvers.WorklistFixpointSolverWithInit]],
+  * Intraprocedural sign analysis that uses [[tip.solvers.WorklistFixpointSolverWithReachability]],
   * with all function entries as start nodes.
   */
-class IntraprocSignAnalysisWorklistSolverWithInit(cfg: ProgramCfg)(implicit override val declData: DeclarationData)
+class IntraprocSignAnalysisWorklistSolverWithReachability(cfg: ProgramCfg)(implicit override val declData: DeclarationData)
     extends LiftedSignAnalysis(cfg)
-    with WorklistFixpointSolverWithInit[CfgNode] {
+    with WorklistFixpointSolverWithReachability[CfgNode] {
 
   def transferUnlifted(n: CfgNode, s: lattice.sublattice.sublattice.Element): lattice.sublattice.sublattice.Element = localTransfer(n, s)
 }
 
 /**
   * Intraprocedural sign analysis that uses [[tip.solvers.WorklistFixpointPropagationSolver]].
   */
-class IntraprocSignAnalysisWorklistSolverWithInitAndPropagation(cfg: ProgramCfg)(implicit override val declData: DeclarationData)
-    extends IntraprocSignAnalysisWorklistSolverWithInit(cfg)
+class IntraprocSignAnalysisWorklistSolverWithReachabilityAndPropagation(cfg: ProgramCfg)(implicit override val declData: DeclarationData)
+    extends IntraprocSignAnalysisWorklistSolverWithReachability(cfg)
     with WorklistFixpointPropagationSolver[CfgNode]
 
 /**
-  * Interprocedural sign analysis that uses [[tip.solvers.WorklistFixpointSolverWithInit]].
+  * Interprocedural sign analysis that uses [[tip.solvers.WorklistFixpointSolverWithReachability]],
+  * with the entry of the main function as the only start node.
   */
-class InterprocSignAnalysisWorklistSolverWithInit(val cfg: InterproceduralProgramCfg)(implicit override val declData: DeclarationData)
-    extends IntraprocSignAnalysisWorklistSolverWithInit(cfg)
+class InterprocSignAnalysisWorklistSolverWithReachability(val cfg: InterproceduralProgramCfg)(implicit override val declData: DeclarationData)
+    extends IntraprocSignAnalysisWorklistSolverWithReachability(cfg)
     with InterprocSignAnalysisFunctions
     with InterproceduralForwardDependencies {
 
@@ -328,8 +329,8 @@ class InterprocSignAnalysisWorklistSolverWithInit(val cfg: InterproceduralProgra
   * Note that this class uses [[tip.analysis.ForwardDependencies]] which has no interprocedural outdeps,
   * and it does not use indeps.
   */
-class InterprocSignAnalysisWorklistSolverWithInitAndPropagation(val cfg: InterproceduralProgramCfg)(implicit override val declData: DeclarationData)
-    extends IntraprocSignAnalysisWorklistSolverWithInitAndPropagation(cfg)
+class InterprocSignAnalysisWorklistSolverWithReachabilityAndPropagation(val cfg: InterproceduralProgramCfg)(implicit override val declData: DeclarationData)
+    extends IntraprocSignAnalysisWorklistSolverWithReachabilityAndPropagation(cfg)
     with InterprocSignAnalysisFunctionsWithPropagation
     with ForwardDependencies {
 

src/tip/cfg/FragmentCfg.scala

@@ -135,7 +135,7 @@ class FragmentCfg(private[cfg] val graphEntries: Set[CfgNode], private[cfg] val
     * rank(x) < rank(y) iff y is visited after x in a depth-first
     * visit of the control-flow graph
     */
-  def rank: Map[CfgNode, Int] = {
+  lazy val rank: Map[CfgNode, Int] = {
     def rankRec(elems: List[CfgNode], visited: List[List[CfgNode]], level: Int): Map[CfgNode, Int] = {
       val curLevel = elems.map { x =>
         x -> level

src/tip/solvers/FixpointSolvers.scala

@@ -236,12 +236,14 @@ trait SimpleWorklistFixpointSolver[N] extends WorklistFixpointSolver[N] {
 }
 
 /**
-  * The worklist-based fixpoint solver with initialization.
+  * The worklist-based fixpoint solver with reachability.
+  *
+  * This solver works for map lattices with lifted co-domains, where the extra bottom element typically represents "unreachable".
   */
-trait WorklistFixpointSolverWithInit[N] extends WorklistFixpointSolver[N] with MapLiftLatticeSolver[N] {
+trait WorklistFixpointSolverWithReachability[N] extends WorklistFixpointSolver[N] with MapLiftLatticeSolver[N] {
 
   /**
-    * The start locations.
+    * The start locations, used as the initial contents of the worklist.
     */
   val first: Set[N]
 
@@ -305,7 +307,7 @@ trait WorklistFixpointPropagationFunctions[N] extends ListSetWorklist[N] {
   * Note that with this approach, each abstract state represents the program point *after* the node
   * (for a forward analysis, and opposite for a backward analysis).
   */
-trait WorklistFixpointPropagationSolver[N] extends WorklistFixpointSolverWithInit[N] with WorklistFixpointPropagationFunctions[N] {
+trait WorklistFixpointPropagationSolver[N] extends WorklistFixpointSolverWithReachability[N] with WorklistFixpointPropagationFunctions[N] {
 
   val lattice: MapLattice[N, LiftLattice[Lattice]]
 
@@ -339,38 +341,39 @@ trait WorklistFixpointPropagationSolver[N] extends WorklistFixpointSolverWithIni
 }
 
 /**
-  * Worklist-based fixpoint solver with initialization and simple widening.
+  * Worklist-based fixpoint solver with reachability and widening.
   */
-trait WorklistFixpointSolverWithInitAndSimpleWidening[N] extends WorklistFixpointSolverWithInit[N] {
+trait WorklistFixpointSolverWithReachabilityAndWidening[N] extends WorklistFixpointSolverWithReachability[N] {
 
   /**
-    * Set widening function.
-    * @param s input lattice element
+    * Widening function.
+    * @param x lattice element from previous iteration
+    * @param y lattice element from this iteration
     * @return output lattice element
     */
-  def widen(s: lattice.sublattice.Element): lattice.sublattice.Element
+  def widen(x: lattice.sublattice.Element, y: lattice.sublattice.Element): lattice.sublattice.Element
 
   /**
-    * Tells whether (src,dst) is a back-edge.
+    * Tells whether `n` is a loop-head.
     */
-  def backedge(src: N, dst: N): Boolean
+  def loophead(n: N): Boolean
 
   override def process(n: N) = {
     val xn = x(n)
     FixpointSolvers.log.verb(s"Processing $n in state $xn")
     val y = funsub(n, x)
     if (y != xn) {
-      x += n -> (if (outdep(n).exists(backedge(n, _))) widen(y) else y)
+      x += n -> (if (loophead(n)) widen(xn, y) else y)
       add(outdep(n))
     }
   }
 }
 
 /**
-  * The worklist-based fixpoint solver with initialization, simple widening, and narrowing.
+  * The worklist-based fixpoint solver with reachability, widening, and (simple) narrowing.
   */
-trait WorklistFixpointSolverWithInitAndSimpleWideningAndNarrowing[N]
-    extends WorklistFixpointSolverWithInitAndSimpleWidening[N]
+trait WorklistFixpointSolverWithReachabilityAndWideningAndNarrowing[N]
+    extends WorklistFixpointSolverWithReachabilityAndWidening[N]
     with SimpleMapLatticeFixpointSolver[N] {
 
   /**
@@ -387,5 +390,5 @@ trait WorklistFixpointSolverWithInitAndSimpleWideningAndNarrowing[N]
     if (i <= 0) x else narrow(fun(x), i - 1) // uses the simple definition of 'fun' from SimpleMapLatticeFixpointSolver
 
   override def analyze(): lattice.Element =
-    narrow(super[WorklistFixpointSolverWithInitAndSimpleWidening].analyze(), narrowingSteps)
+    narrow(super[WorklistFixpointSolverWithReachabilityAndWidening].analyze(), narrowingSteps)
 }