Rebase

Author: sergeypospelov

usvm-core/src/main/kotlin/org/usvm/Composition.kt

@@ -32,15 +32,15 @@ open class UComposer<Field, Type>(
         typeEvaluator.evalIs(composedAddress, type)
     }
 
-    fun <RegionId : URegionId<Key>, Key, Sort : USort> transformHeapReading(
+    fun <RegionId : URegionId<Key, Sort>, Key, Sort : USort> transformHeapReading(
         expr: UHeapReading<RegionId, Key, Sort>,
         key: Key
     ): UExpr<Sort> = with(expr) {
         val instantiator = { key: Key, memoryRegion: UMemoryRegion<RegionId, Key, Sort> ->
             // Create a copy of this heap to avoid its modification
             val heapToApplyUpdates = heapEvaluator.toMutableHeap()
             memoryRegion.applyTo(heapToApplyUpdates)
-            region.regionId.read(key, sort, heapToApplyUpdates)
+            region.regionId.read(heapToApplyUpdates, key)
         }
 
         val mappedRegion = region.map(this@UComposer, instantiator)

usvm-core/src/main/kotlin/org/usvm/ExprTranslator.kt

@@ -0,0 +1,120 @@
+package org.usvm
+
+import org.ksmt.utils.mkConst
+
+open class UExprTranslator<Field, Type> internal constructor(
+    ctx: UContext,
+) : UExprTransformer<Field, Type>(ctx) {
+    private val observers = mutableListOf<UTranslationObserver>()
+
+    internal fun attachObserver(observer: UTranslationObserver) {
+        observers += observer
+    }
+
+    open fun <Sort : USort> translate(expr: UExpr<Sort>): UExpr<Sort> = apply(expr)
+
+    // TODO: why do we have this function in UExprTransformer?
+    override fun <Sort : USort> transform(expr: USymbol<Sort>): UExpr<Sort> {
+        error("You must override `transform` function in org.usvm.UExprTranslator for ${expr::class}")
+    }
+
+    override fun <Sort : USort> transform(expr: URegisterReading<Sort>): UExpr<Sort> {
+        val registerConst = expr.sort.mkConst("r${expr.idx}")
+        observers.forEach { it.newRegisterReadingTranslated(expr.idx, registerConst) }
+        return registerConst
+    }
+
+    // TODO: why do we have this function in UExprTransformer?
+    override fun <Sort : USort> transform(expr: UHeapReading<*, *, *>): UExpr<Sort> =
+        error("You must override `transform` function in UExprTranslator for ${expr::class}")
+
+    // TODO: why do we have this function in UExprTransformer?
+    override fun <Sort : USort> transform(expr: UMockSymbol<Sort>): UExpr<Sort> =
+        error("You must override `transform` function in UExprTranslator for ${expr::class}")
+
+    @Suppress("UNREACHABLE_CODE", "UNUSED_VARIABLE")
+    override fun <Method, Sort : USort> transform(expr: UIndexedMethodReturnValue<Method, Sort>): UExpr<Sort> {
+        val const: UExpr<Sort> = TODO("Not yet implemented")
+        observers.forEach { it.newIndexedMethodReturnValueTranslated(expr.method, expr.callIndex, const) }
+        return const
+    }
+
+    override fun transform(expr: UNullRef): UExpr<UAddressSort> = expr.sort.mkConst("null")
+
+    override fun transform(expr: UConcreteHeapRef): UExpr<UAddressSort> {
+        error("Unexpected UConcreteHeapRef $expr in UExprTranslator, that has to be impossible by construction!")
+    }
+
+    override fun transform(expr: UIsExpr<Type>): UBoolExpr {
+        error("Unexpected UIsExpr $expr in UExprTranslator, that has to be impossible by construction!")
+    }
+
+    override fun transform(expr: UInputArrayLengthReading<Type>): USizeExpr =
+        transformExprAfterTransformed(expr, expr.address) { address ->
+            translateRegionReading(expr.region, address)
+        }
+
+    override fun <Sort : USort> transform(expr: UInputArrayReading<Type, Sort>): UExpr<Sort> =
+        transformExprAfterTransformed(expr, expr.address, expr.index) { address, index ->
+            translateRegionReading(expr.region, address to index)
+        }
+
+    override fun <Sort : USort> transform(expr: UAllocatedArrayReading<Type, Sort>): UExpr<Sort> =
+        transformExprAfterTransformed(expr, expr.index) { index ->
+            translateRegionReading(expr.region, index)
+        }
+
+    override fun <Sort : USort> transform(expr: UInputFieldReading<Field, Sort>): UExpr<Sort> =
+        transformExprAfterTransformed(expr, expr.address) { address ->
+            translateRegionReading(expr.region, address)
+        }
+
+    private val regionToTranslator = mutableMapOf<URegionId<*, *>, URegionTranslator<*, *, *, *>>()
+        .withDefault { regionId ->
+            val regionTranslator = regionId.translator(this)
+            observers.forEach { it.newRegionTranslator(regionId, regionTranslator) }
+            regionTranslator
+        }
+
+    open fun <Key, Sort : USort> translateRegionReading(
+        region: UMemoryRegion<URegionId<Key, Sort>, Key, Sort>,
+        key: Key,
+    ): UExpr<Sort> {
+        @Suppress("UNCHECKED_CAST")
+        val translator =
+            regionToTranslator.getValue(region.regionId) as URegionTranslator<URegionId<Key, Sort>, Key, Sort, *>
+        return translator.translateReading(region, key)
+    }
+}
+
+internal typealias RegionTranslatorConstructor<T, U> = (UExprTranslator<*, *>) -> URegionTranslator<URegionId<T, U>, T, U, *>
+
+// TODO: maybe split this function into virtual function of URegionID
+internal val <Key, Sort : USort> URegionId<Key, Sort>.translator: RegionTranslatorConstructor<Key, Sort>
+    get() = { translator ->
+        val ctx = sort.uctx
+        @Suppress("UNCHECKED_CAST")
+        when (this) {
+            is UInputArrayId<*, Sort> -> U2DArrayRegionTranslator(translator, ctx.addressSort, ctx.sizeSort, this)
+            is UAllocatedArrayId<*, Sort> -> U1DArrayRegionTranslator(translator, ctx.sizeSort, this)
+            is UInputArrayLengthId<*> -> U1DArrayRegionTranslator(translator, ctx.addressSort, this)
+            is UInputFieldRegionId<*, Sort> -> U1DArrayRegionTranslator(translator, ctx.addressSort, this)
+            else -> error("Unexpected regionId: $this")
+        } as URegionTranslator<URegionId<Key, Sort>, Key, Sort, *>
+    }
+
+// TODO: looks odd, because we duplicate StackEvaluator::eval, MockEvaluator::eval with slightly changed signature...
+internal interface UTranslationObserver {
+    fun newRegionTranslator(
+        regionId: URegionId<*, *>,
+        translator: URegionTranslator<*, *, *, *>,
+    )
+
+    fun <Sort : USort> newRegisterReadingTranslated(idx: Int, translated: UExpr<Sort>)
+
+    fun <Method, Sort : USort> newIndexedMethodReturnValueTranslated(
+        method: Method,
+        callIndex: Int,
+        translated: UExpr<Sort>,
+    )
+}

usvm-core/src/main/kotlin/org/usvm/Expressions.kt

@@ -127,7 +127,7 @@ class URegisterReading<Sort : USort> internal constructor(
     }
 }
 
-abstract class UHeapReading<RegionId : URegionId<Key>, Key, Sort : USort>(
+abstract class UHeapReading<RegionId : URegionId<Key, Sort>, Key, Sort : USort>(
     ctx: UContext,
     val region: UMemoryRegion<RegionId, Key, Sort>
 ) : USymbol<Sort>(ctx) {
@@ -138,7 +138,7 @@ class UInputFieldReading<Field, Sort : USort> internal constructor(
     ctx: UContext,
     region: UInputFieldRegion<Field, Sort>,
     val address: UHeapRef,
-) : UHeapReading<UInputFieldRegionId<Field>, UHeapRef, Sort>(ctx, region) {
+) : UHeapReading<UInputFieldRegionId<Field, Sort>, UHeapRef, Sort>(ctx, region) {
     @Suppress("UNCHECKED_CAST")
     override fun accept(transformer: KTransformerBase): KExpr<Sort> {
         require(transformer is UExprTransformer<*, *>)
@@ -162,7 +162,7 @@ class UAllocatedArrayReading<ArrayType, Sort : USort> internal constructor(
     ctx: UContext,
     region: UAllocatedArrayRegion<ArrayType, Sort>,
     val index: USizeExpr,
-) : UHeapReading<UAllocatedArrayId<ArrayType>, USizeExpr, Sort>(ctx, region) {
+) : UHeapReading<UAllocatedArrayId<ArrayType, Sort>, USizeExpr, Sort>(ctx, region) {
     @Suppress("UNCHECKED_CAST")
     override fun accept(transformer: KTransformerBase): KExpr<Sort> {
         require(transformer is UExprTransformer<*, *>)
@@ -192,7 +192,7 @@ class UInputArrayReading<ArrayType, Sort : USort> internal constructor(
     region: UInputArrayRegion<ArrayType, Sort>,
     val address: UHeapRef,
     val index: USizeExpr
-) : UHeapReading<UInputArrayId<ArrayType>, USymbolicArrayIndex, Sort>(ctx, region) {
+) : UHeapReading<UInputArrayId<ArrayType, Sort>, USymbolicArrayIndex, Sort>(ctx, region) {
     @Suppress("UNCHECKED_CAST")
     override fun accept(transformer: KTransformerBase): KExpr<Sort> {
         require(transformer is UExprTransformer<*, *>)

usvm-core/src/main/kotlin/org/usvm/Heap.kt

@@ -122,7 +122,7 @@ data class URegionHeap<Field, ArrayType>(
         arrayType: ArrayType,
     ): UInputArrayLengthRegion<ArrayType> =
         inputLengths[arrayType]
-            ?: emptyArrayLengthRegion(arrayType, ctx) { ref, region ->
+            ?: emptyArrayLengthRegion(arrayType, ctx.sizeSort) { ref, region ->
                 ctx.mkInputArrayLengthReading(region, ref)
             }
 

usvm-core/src/main/kotlin/org/usvm/MemoryRegions.kt

@@ -22,13 +22,14 @@ typealias UInstantiator<RegionId, Key, Sort> = (key: Key, UMemoryRegion<RegionId
  * @property defaultValue describes the initial values for the region. If [defaultValue] equals `null` then this region
  * is filled with symbolics.
  */
-data class UMemoryRegion<RegionId : URegionId<Key>, Key, Sort : USort>(
+data class UMemoryRegion<out RegionId : URegionId<Key, Sort>, Key, Sort : USort>(
     val regionId: RegionId,
-    val sort: Sort,
     val updates: UMemoryUpdates<Key, Sort>,
-    private val defaultValue: UExpr<Sort>?, // If defaultValue = null then this region is filled with symbolics
     private val instantiator: UInstantiator<RegionId, Key, Sort>,
 ) {
+    val sort: Sort get() = regionId.sort
+    private val defaultValue = regionId.defaultValue
+
     private fun read(key: Key, updates: UMemoryUpdates<Key, Sort>): UExpr<Sort> {
         val lastUpdatedElement = updates.lastUpdatedElementOrNull()
 
@@ -159,26 +160,28 @@ data class UMemoryRegion<RegionId : URegionId<Key>, Key, Sort : USort>(
         composer: UComposer<Field, Type>,
         instantiator: UInstantiator<RegionId, Key, Sort> = this.instantiator,
     ): UMemoryRegion<RegionId, Key, Sort> {
-        // Map the updates and the default value
+        // Map the updates and the regionId
+        @Suppress("UNCHECKED_CAST")
+        val mappedRegionId = regionId.map(composer) as RegionId
         val mappedUpdates = updates.map(regionId.keyMapper(composer), composer)
-        val mappedDefaultValue = defaultValue?.let { composer.compose(it) }
 
         // Note that we cannot use optimization with unchanged mappedUpdates and mappedDefaultValues here
         // since in a new region we might have an updated instantiator.
         // Therefore, we have to check their reference equality as well.
-        if (mappedUpdates === updates && mappedDefaultValue === defaultValue && instantiator === this.instantiator) {
+        if (mappedUpdates === updates && mappedRegionId === regionId && instantiator === this.instantiator) {
             return this
         }
 
-        return UMemoryRegion(regionId, sort, mappedUpdates, mappedDefaultValue, instantiator)
+        // Otherwise, construct a new region with mapped values and a new instantiator.
+        return UMemoryRegion(mappedRegionId, mappedUpdates, instantiator)
     }
 
     @Suppress("UNCHECKED_CAST")
     fun <Field, Type> applyTo(heap: USymbolicHeap<Field, Type>) {
         // Apply each update on the copy
         updates.forEach {
             when (it) {
-                is UPinpointUpdateNode<Key, Sort> -> regionId.write(it.key, sort, heap, it.value, it.guard)
+                is UPinpointUpdateNode<Key, Sort> -> regionId.write(heap, it.key, it.value, it.guard)
                 is URangedUpdateNode<*, *, *, Key, Sort> -> {
                     it.region.applyTo(heap)
 
@@ -198,7 +201,7 @@ data class UMemoryRegion<RegionId : URegionId<Key>, Key, Sort : USort>(
      * with values from memory region [fromRegion] read from range
      * of addresses [[keyConverter].convert([fromKey]) : [keyConverter].convert([toKey])]
      */
-    fun <ArrayType, OtherRegionId : UArrayId<ArrayType, SrcKey>, SrcKey> copyRange(
+    fun <ArrayType, OtherRegionId : UArrayId<ArrayType, SrcKey, Sort>, SrcKey> copyRange(
         fromRegion: UMemoryRegion<OtherRegionId, SrcKey, Sort>,
         fromKey: Key, toKey: Key,
         keyConverter: UMemoryKeyConverter<SrcKey, Key>,
@@ -243,7 +246,7 @@ class GuardBuilder(nonMatchingUpdates: UBoolExpr) {
 typealias USymbolicArrayIndex = Pair<UHeapRef, USizeExpr>
 
 fun heapRefEq(ref1: UHeapRef, ref2: UHeapRef): UBoolExpr =
-    ref1.uctx.mkHeapRefEq(ref1, ref2)  // TODO: use simplified equality!
+    ref1.uctx.mkHeapRefEq(ref1, ref2)
 
 @Suppress("UNUSED_PARAMETER")
 fun heapRefCmpSymbolic(ref1: UHeapRef, ref2: UHeapRef): UBoolExpr =
@@ -254,17 +257,16 @@ fun heapRefCmpConcrete(ref1: UHeapRef, ref2: UHeapRef): Boolean =
     error("Heap references should not be compared!")
 
 fun indexEq(idx1: USizeExpr, idx2: USizeExpr): UBoolExpr =
-    idx1.ctx.mkEq(idx1, idx2)  // TODO: use simplified equality!
+    idx1.ctx.mkEq(idx1, idx2)
 
 fun indexLeSymbolic(idx1: USizeExpr, idx2: USizeExpr): UBoolExpr =
-    idx1.ctx.mkBvSignedLessOrEqualExpr(idx1, idx2)  // TODO: use simplified comparison!
+    idx1.ctx.mkBvSignedLessOrEqualExpr(idx1, idx2)
 
 fun indexLeConcrete(idx1: USizeExpr, idx2: USizeExpr): Boolean =
     // TODO: to optimize things up, we could pass path constraints here and lookup the numeric bounds for idx1 and idx2
     idx1 == idx2 || (idx1 is UConcreteSize && idx2 is UConcreteSize && idx1.numberValue <= idx2.numberValue)
 
 fun refIndexEq(idx1: USymbolicArrayIndex, idx2: USymbolicArrayIndex): UBoolExpr = with(idx1.first.ctx) {
-    // TODO: use simplified operations!
     return@with (idx1.first eq idx2.first) and indexEq(idx1.second, idx2.second)
 }
 
@@ -301,9 +303,9 @@ fun refIndexRangeRegion(
     idx2: USymbolicArrayIndex,
 ): UArrayIndexRegion = indexRangeRegion(idx1.second, idx2.second)
 
-typealias UInputFieldRegion<Field, Sort> = UMemoryRegion<UInputFieldRegionId<Field>, UHeapRef, Sort>
-typealias UAllocatedArrayRegion<ArrayType, Sort> = UMemoryRegion<UAllocatedArrayId<ArrayType>, USizeExpr, Sort>
-typealias UInputArrayRegion<ArrayType, Sort> = UMemoryRegion<UInputArrayId<ArrayType>, USymbolicArrayIndex, Sort>
+typealias UInputFieldRegion<Field, Sort> = UMemoryRegion<UInputFieldRegionId<Field, Sort>, UHeapRef, Sort>
+typealias UAllocatedArrayRegion<ArrayType, Sort> = UMemoryRegion<UAllocatedArrayId<ArrayType, Sort>, USizeExpr, Sort>
+typealias UInputArrayRegion<ArrayType, Sort> = UMemoryRegion<UInputArrayId<ArrayType, Sort>, USymbolicArrayIndex, Sort>
 typealias UInputArrayLengthRegion<ArrayType> = UMemoryRegion<UInputArrayLengthId<ArrayType>, UHeapRef, USizeSort>
 
 typealias KeyMapper<Key> = (Key) -> Key
@@ -325,51 +327,47 @@ val <ArrayType> UInputArrayLengthRegion<ArrayType>.inputLengthArrayType
 fun <Field, Sort : USort> emptyInputFieldRegion(
     field: Field,
     sort: Sort,
-    instantiator: UInstantiator<UInputFieldRegionId<Field>, UHeapRef, Sort>,
+    instantiator: UInstantiator<UInputFieldRegionId<Field, Sort>, UHeapRef, Sort>,
 ): UInputFieldRegion<Field, Sort> = UMemoryRegion(
-    UInputFieldRegionId(field),
-    sort,
+    UInputFieldRegionId(field, sort),
     UEmptyUpdates(::heapRefEq, ::heapRefCmpConcrete, ::heapRefCmpSymbolic),
-    defaultValue = null,
     instantiator
 )
 
 fun <ArrayType, Sort : USort> emptyAllocatedArrayRegion(
     arrayType: ArrayType,
     address: UConcreteHeapAddress,
     sort: Sort,
-    instantiator: UInstantiator<UAllocatedArrayId<ArrayType>, USizeExpr, Sort>,
+    instantiator: UInstantiator<UAllocatedArrayId<ArrayType, Sort>, USizeExpr, Sort>,
 ): UAllocatedArrayRegion<ArrayType, Sort> {
     val updates = UTreeUpdates<USizeExpr, UArrayIndexRegion, Sort>(
         updates = emptyRegionTree(),
         ::indexRegion, ::indexRangeRegion, ::indexEq, ::indexLeConcrete, ::indexLeSymbolic
     )
-    val regionId = UAllocatedArrayId(arrayType, address)
-    return UMemoryRegion(regionId, sort, updates, sort.defaultValue(), instantiator)
+    val regionId = UAllocatedArrayId(arrayType, address, sort)
+    return UMemoryRegion(regionId, updates, instantiator)
 }
 
 fun <ArrayType, Sort : USort> emptyInputArrayRegion(
     arrayType: ArrayType,
     sort: Sort,
-    instantiator: UInstantiator<UInputArrayId<ArrayType>, USymbolicArrayIndex, Sort>,
+    instantiator: UInstantiator<UInputArrayId<ArrayType, Sort>, USymbolicArrayIndex, Sort>,
 ): UInputArrayRegion<ArrayType, Sort> {
     val updates = UTreeUpdates<USymbolicArrayIndex, UArrayIndexRegion, Sort>(
         updates = emptyRegionTree(),
         ::refIndexRegion, ::refIndexRangeRegion, ::refIndexEq, ::refIndexCmpConcrete, ::refIndexCmpSymbolic
     )
-    return UMemoryRegion(UInputArrayId(arrayType), sort, updates, defaultValue = null, instantiator)
+    return UMemoryRegion(UInputArrayId(arrayType, sort), updates, instantiator)
 }
 
 fun <ArrayType> emptyArrayLengthRegion(
     arrayType: ArrayType,
-    ctx: UContext,
+    sizeSort: USizeSort,
     instantiator: UInstantiator<UInputArrayLengthId<ArrayType>, UHeapRef, USizeSort>,
 ): UInputArrayLengthRegion<ArrayType> =
     UMemoryRegion(
-        UInputArrayLengthId(arrayType),
-        ctx.sizeSort,
+        UInputArrayLengthId(arrayType, sizeSort),
         UEmptyUpdates(::heapRefEq, ::heapRefCmpConcrete, ::heapRefCmpSymbolic),
-        defaultValue = null,
         instantiator
     )