Fix review comments

Author: sergeypospelov

usvm-core/src/main/kotlin/org/usvm/constraints/TypeConstraints.kt

@@ -1,60 +1,27 @@
 package org.usvm.constraints
 
-import org.usvm.INITIAL_CONCRETE_ADDRESS
-import org.usvm.INITIAL_INPUT_ADDRESS
 import org.usvm.NULL_ADDRESS
 import org.usvm.UBoolExpr
 import org.usvm.UConcreteHeapAddress
 import org.usvm.UConcreteHeapRef
 import org.usvm.UHeapRef
 import org.usvm.UNullRef
 import org.usvm.memory.map
-import org.usvm.types.UTypeSystem
 import org.usvm.model.UModel
+import org.usvm.model.UTypeModel
 import org.usvm.solver.USatResult
 import org.usvm.solver.USolverResult
 import org.usvm.solver.UUnsatResult
 import org.usvm.types.USingleTypeStream
 import org.usvm.types.UTypeRegion
 import org.usvm.types.UTypeStream
+import org.usvm.types.UTypeSystem
 import org.usvm.uctx
 
 interface UTypeEvaluator<Type> {
     fun evalIs(ref: UHeapRef, type: Type): UBoolExpr
 }
 
-class UTypeModel<Type>(
-    val typeSystem: UTypeSystem<Type>,
-    typeStreamByAddr: Map<UConcreteHeapAddress, UTypeStream<Type>>,
-) : UTypeEvaluator<Type> {
-    private val typeStreamByAddr = typeStreamByAddr.toMutableMap()
-
-    fun typeStream(ref: UConcreteHeapRef): UTypeStream<Type> =
-        typeStreamByAddr[ref.address] ?: typeSystem.topTypeStream()
-
-    override fun evalIs(ref: UHeapRef, type: Type): UBoolExpr =
-        when (ref) {
-            is UConcreteHeapRef -> {
-                if (ref.address == NULL_ADDRESS) {
-                    ref.ctx.trueExpr
-                } else {
-                    require(ref.address <= INITIAL_INPUT_ADDRESS)
-
-                    val evaluatedTypeStream = typeStream(ref)
-                    val typeStream = evaluatedTypeStream.filterBySupertype(type)
-                    if (!typeStream.isEmpty) {
-                        typeStreamByAddr[ref.address] = typeStream
-                        ref.ctx.trueExpr
-                    } else {
-                        ref.ctx.falseExpr
-                    }
-                }
-            }
-
-            else -> error("Expecting concrete ref, but got $ref")
-        }
-}
-
 /**
  * A mutable collection of type constraints. Represents a conjunction of constraints of four kinds:
  * 1. x <: T, i.e. object referenced in x inherits T (supertype constraints for x)
@@ -79,7 +46,7 @@ class UTypeConstraints<Type>(
     }
 
     /**
-     * Returns if current type and equality constraints are unsatisfiable (syntactically).
+     * Returns true if the current type and equality constraints are unsatisfiable (syntactically).
      */
     var isContradicting = false
         private set
@@ -117,16 +84,15 @@ class UTypeConstraints<Type>(
      */
     fun addSupertype(ref: UHeapRef, type: Type) {
         when (ref) {
+            is UNullRef -> return
+
             is UConcreteHeapRef -> {
-                require(ref.address >= INITIAL_CONCRETE_ADDRESS)
                 val concreteType = concreteRefToType.getValue(ref.address)
                 if (!typeSystem.isSupertype(type, concreteType)) {
                     contradiction()
                 }
             }
 
-            is UNullRef -> return
-
             else -> {
                 val constraints = this[ref]
                 val newConstraints = constraints.addSupertype(type)
@@ -156,16 +122,15 @@ class UTypeConstraints<Type>(
      */
     fun excludeSupertype(ref: UHeapRef, type: Type) {
         when (ref) {
+            is UNullRef -> contradiction() // the [ref] can't be equal to null
+
             is UConcreteHeapRef -> {
-                require(ref.address >= INITIAL_CONCRETE_ADDRESS)
                 val concreteType = concreteRefToType.getValue(ref.address)
                 if (typeSystem.isSupertype(type, concreteType)) {
                     contradiction()
                 }
             }
 
-            is UNullRef -> contradiction() // the [ref] can't be equal to null
-
             else -> {
                 val constraints = this[ref]
                 val newConstraints = constraints.excludeSupertype(type)
@@ -178,8 +143,7 @@ class UTypeConstraints<Type>(
                     for ((key, value) in symbolicRefToTypeRegion.entries) {
                         // TODO: cache intersections?
                         if (key != ref && value.intersect(newConstraints).isEmpty) {
-                            // If we have two inputs of incomparable reference types, then they are either non equal,
-                            // or both nulls
+                            // If we have two inputs of incomparable reference types, then they are non equal
                             equalityConstraints.makeNonEqual(ref, key)
                         }
                     }
@@ -195,7 +159,6 @@ class UTypeConstraints<Type>(
     internal fun readTypeStream(ref: UHeapRef): UTypeStream<Type> =
         when (ref) {
             is UConcreteHeapRef -> {
-                require(ref.address >= INITIAL_CONCRETE_ADDRESS)
                 val concreteType = concreteRefToType[ref.address]
                 val typeStream = if (concreteType == null) {
                     typeSystem.topTypeStream()
@@ -310,24 +273,25 @@ class UTypeConstraints<Type>(
                         // to have the common type with [heapRef], therefore they can't be equal or
                         // some of them equals null
                         val disjunct = mutableListOf<UBoolExpr>()
-                        potentialConflictingRefs.mapTo(disjunct) { ref ->
-                            with(ref.uctx) { ref.neq(heapRef) }
-                        }
-                        potentialConflictingRefs.mapTo(disjunct) { ref ->
-                            with(ref.uctx) { ref.eq(nullRef) }
+                        with(heapRef.uctx) {
+                            // can't be equal to heapRef
+                            potentialConflictingRefs.mapTo(disjunct) { it.neq(heapRef) }
+                            // some of them is null
+                            potentialConflictingRefs.mapTo(disjunct) { it.eq(nullRef) }
+                            disjunct += heapRef.eq(nullRef)
                         }
                         bannedRefEqualities += heapRef.ctx.mkOr(disjunct)
 
                         // start a new group
                         nextRegion = region
                         potentialConflictingRefs.clear()
                         potentialConflictingRefs.add(heapRef)
-                    } else if (nextRegion === region) {
+                    } else if (nextRegion == region) {
                         // the current [heapRef] gives the same region as the potentialConflictingRefs, so it's better
                         // to keep only the [heapRef] to minimize the disequalities amount in the result disjunction
                         potentialConflictingRefs.clear()
                         potentialConflictingRefs.add(heapRef)
-                    } else if (nextRegion !== currentRegion) {
+                    } else if (nextRegion != currentRegion) {
                         // no conflict detected, but the current region became smaller
                         potentialConflictingRefs.add(heapRef)
                     }
@@ -354,9 +318,9 @@ class UTypeConstraints<Type>(
                 // because if the cluster is bigger, then we called region.isEmpty previously at least once
                 check(cluster.size == 1)
                 return UUnsatResult()
-            } else {
-                typeStream
             }
+
+            typeStream
         }
 
         val typeModel = UTypeModel(typeSystem, allConcreteRefToType)
@@ -365,5 +329,5 @@ class UTypeConstraints<Type>(
 }
 
 class UTypeUnsatResult<Type>(
-    val expressionsToAssert: List<UBoolExpr>,
+    val referenceDisequalitiesDisjuncts: List<UBoolExpr>,
 ) : UUnsatResult<UTypeModel<Type>>()

usvm-core/src/main/kotlin/org/usvm/memory/HeapRefSplitting.kt

@@ -40,6 +40,8 @@ internal data class SplitHeapRefs(
  * leafs in the [ref] ite. Otherwise, it will contain an ite with the guard protecting from bubbled up concrete refs.
  *
  * @param initialGuard an initial value for the accumulated guard.
+ * @param ignoreNullRefs if true, then null references will be ignored. It means that all leafs with nulls
+ * considered unsatisfiable, so we assume their guards equal to false, and they won't be added to the result.
  */
 internal fun splitUHeapRef(
     ref: UHeapRef,
@@ -291,7 +293,10 @@ internal inline fun filter(
 
             completelyMapped.single()?.withAlso(initialGuard)
         }
-
-        else -> (ref with initialGuard).takeIf(predicate)
+        else -> if (ref != ref.uctx.nullRef || !ignoreNullRefs) {
+            (ref with initialGuard).takeIf(predicate)
+        } else {
+            null
+        }
     }
 }

usvm-core/src/main/kotlin/org/usvm/model/LazyModelDecoder.kt

@@ -9,7 +9,6 @@ import org.usvm.UAddressSort
 import org.usvm.UConcreteHeapRef
 import org.usvm.UContext
 import org.usvm.UExpr
-import org.usvm.constraints.UTypeModel
 import org.usvm.memory.UMemoryBase
 import org.usvm.solver.UExprTranslator
 
@@ -52,20 +51,18 @@ open class ULazyModelDecoder<Field, Type, Method>(
      * equivalence classes of addresses and work with their number in the future.
      */
     private fun buildMapping(model: KModel): AddressesMapping {
-        // Translated null has to be equal to evaluated null, because it is of KUninterpretedSort and translatedNullRef
-        // defined as mkUninterpretedSortValue(addressSort, 0).
-        val evaluatedNullRef = model.eval(translatedNullRef, isComplete = true)
+        val interpreterdNullRef = model.eval(translatedNullRef, isComplete = true)
 
         val result = mutableMapOf<KExpr<KUninterpretedSort>, UConcreteHeapRef>()
-        // Except the null value, it has the NULL_ADDRESS
-        result[evaluatedNullRef] = ctx.mkConcreteHeapRef(NULL_ADDRESS)
+        // The null value has the NULL_ADDRESS
+        result[interpreterdNullRef] = ctx.mkConcreteHeapRef(NULL_ADDRESS)
 
         val universe = model.uninterpretedSortUniverse(ctx.addressSort) ?: return result
         // All the numbers are enumerated from the INITIAL_INPUT_ADDRESS to the Int.MIN_VALUE
         var counter = INITIAL_INPUT_ADDRESS
 
         for (interpretedAddress in universe) {
-            if (interpretedAddress == evaluatedNullRef) {
+            if (interpretedAddress == interpreterdNullRef) {
                 continue
             }
             result[interpretedAddress] = ctx.mkConcreteHeapRef(counter--)

usvm-core/src/main/kotlin/org/usvm/model/LazyModels.kt

@@ -4,6 +4,7 @@ import io.ksmt.solver.KModel
 import io.ksmt.utils.asExpr
 import io.ksmt.utils.cast
 import org.usvm.INITIAL_INPUT_ADDRESS
+import org.usvm.NULL_ADDRESS
 import org.usvm.UBoolExpr
 import org.usvm.UComposer
 import org.usvm.UConcreteHeapRef
@@ -96,10 +97,22 @@ class ULazyHeapModel<Field, ArrayType>(
     private val resolvedInputArrays = mutableMapOf<ArrayType, UReadOnlyMemoryRegion<USymbolicArrayIndex, out USort>>()
     private val resolvedInputLengths = mutableMapOf<ArrayType, UReadOnlyMemoryRegion<UHeapRef, USizeSort>>()
 
+    /**
+     * To resolve nullRef, we need to:
+     * * translate it
+     * * evaluate the translated value in the [model]
+     * * map the evaluated value with the [addressesMapping]
+     *
+     * Actually, its address should always be equal 0.
+     */
     private val nullRef = model
         .eval(translator.translate(translator.ctx.nullRef))
         .mapAddress(addressesMapping) as UConcreteHeapRef
 
+    init {
+        check(nullRef.address == NULL_ADDRESS)
+    }
+
     override fun <Sort : USort> readField(ref: UHeapRef, field: Field, sort: Sort): UExpr<Sort> {
         // All the expressions in the model are interpreted, therefore, they must
         // have concrete addresses. Moreover, the model knows only about input values

usvm-core/src/main/kotlin/org/usvm/model/Model.kt

@@ -13,7 +13,6 @@ import org.usvm.ULValue
 import org.usvm.UMockEvaluator
 import org.usvm.URegisterLValue
 import org.usvm.USort
-import org.usvm.constraints.UTypeModel
 import org.usvm.memory.UReadOnlySymbolicHeap
 import org.usvm.memory.UReadOnlySymbolicMemory
 import org.usvm.types.UTypeStream

usvm-core/src/main/kotlin/org/usvm/model/UTypeModel.kt

@@ -0,0 +1,44 @@
+package org.usvm.model
+
+import org.usvm.INITIAL_INPUT_ADDRESS
+import org.usvm.NULL_ADDRESS
+import org.usvm.UBoolExpr
+import org.usvm.UConcreteHeapAddress
+import org.usvm.UConcreteHeapRef
+import org.usvm.UHeapRef
+import org.usvm.constraints.UTypeEvaluator
+import org.usvm.types.UTypeStream
+import org.usvm.types.UTypeSystem
+
+class UTypeModel<Type>(
+    val typeSystem: UTypeSystem<Type>,
+    typeStreamByAddr: Map<UConcreteHeapAddress, UTypeStream<Type>>,
+) : UTypeEvaluator<Type> {
+    private val typeStreamByAddr = typeStreamByAddr.toMutableMap()
+
+    fun typeStream(ref: UConcreteHeapRef): UTypeStream<Type> =
+        typeStreamByAddr[ref.address] ?: typeSystem.topTypeStream()
+
+    override fun evalIs(ref: UHeapRef, type: Type): UBoolExpr =
+        when {
+            ref is UConcreteHeapRef && ref.address == NULL_ADDRESS -> ref.ctx.trueExpr
+
+            ref is UConcreteHeapRef -> {
+                // All the expressions in the model are interpreted, therefore, they must
+                // have concrete addresses. Moreover, the model knows only about input values
+                // which have addresses less or equal than INITIAL_INPUT_ADDRESS
+                require(ref.address <= INITIAL_INPUT_ADDRESS)
+
+                val evaluatedTypeStream = typeStream(ref)
+                val typeStream = evaluatedTypeStream.filterBySupertype(type)
+                if (!typeStream.isEmpty) {
+                    typeStreamByAddr[ref.address] = typeStream
+                    ref.ctx.trueExpr
+                } else {
+                    ref.ctx.falseExpr
+                }
+            }
+
+            else -> error("Expecting concrete ref, but got $ref")
+        }
+}

usvm-core/src/main/kotlin/org/usvm/solver/Solver.kt

@@ -149,7 +149,7 @@ open class USolverBase<Field, Type, Method>(
                     )
 
                     // in case of failure, assert reference disequality expressions
-                    is UTypeUnsatResult<Type> -> typeResult.expressionsToAssert
+                    is UTypeUnsatResult<Type> -> typeResult.referenceDisequalitiesDisjuncts
                         .map(translator::translate)
                         .forEach(smtSolver::assert)
 

usvm-core/src/main/kotlin/org/usvm/types/SupportTypeStream.kt

@@ -92,7 +92,7 @@ class USupportTypeStream<Type> private constructor(
         }
     }
 
-    override fun take(n: Int): Collection<Type> =
+    override fun take(n: Int): List<Type> =
         cachingSequence.take(n).toList()
 
     override val isEmpty: Boolean

usvm-core/src/main/kotlin/org/usvm/types/TypeStream.kt

@@ -53,7 +53,7 @@ interface UTypeStream<Type> {
 /**
  * An empty type stream.
  */
-class UEmptyTypeStream<Type> : UTypeStream<Type> {
+class UEmptyTypeStream<Type> private constructor() : UTypeStream<Type> {
     override fun filterBySupertype(type: Type): UTypeStream<Type> = this
 
     override fun filterBySubtype(type: Type): UTypeStream<Type> = this
@@ -66,6 +66,13 @@ class UEmptyTypeStream<Type> : UTypeStream<Type> {
 
     override val isEmpty: Boolean
         get() = true
+
+    companion object {
+        @Suppress("UNCHECKED_CAST")
+        operator fun <Type> invoke() = instance as UEmptyTypeStream<Type>
+
+        val instance = UEmptyTypeStream<Nothing>()
+    }
 }
 
 fun <Type> UTypeStream<Type>.takeFirst(): Type = take(1).single()

usvm-core/src/test/kotlin/org/usvm/TestUtil.kt

@@ -1,9 +1,5 @@
 package org.usvm
 
-import org.usvm.types.USingleTypeStream
-import org.usvm.types.UTypeStream
-import org.usvm.types.UTypeSystem
-
 typealias Field = java.lang.reflect.Field
 typealias Type = kotlin.reflect.KClass<*>
 typealias Method = kotlin.reflect.KFunction<*>