From 4f2dba60debff54b52a5474fb1f80818b6a477e8 Mon Sep 17 00:00:00 2001
From: simonegazza <simone.gazza@studenti.unipr.it>
Date: Fri, 3 Feb 2023 19:28:20 +0100
Subject: [PATCH 1/4] Add VariableAllocationSite for variable referencing

---
 .../heap/pointbased/PointBasedHeap.java       | 19 +++++--
 .../pointbased/VariableAllocationSite.java    | 51 +++++++++++++++++++
 2 files changed, 65 insertions(+), 5 deletions(-)
 create mode 100644 lisa/lisa-analyses/src/main/java/it/unive/lisa/analysis/heap/pointbased/VariableAllocationSite.java

diff --git a/lisa/lisa-analyses/src/main/java/it/unive/lisa/analysis/heap/pointbased/PointBasedHeap.java b/lisa/lisa-analyses/src/main/java/it/unive/lisa/analysis/heap/pointbased/PointBasedHeap.java
index b9a69adf1..17d3a5a86 100644
--- a/lisa/lisa-analyses/src/main/java/it/unive/lisa/analysis/heap/pointbased/PointBasedHeap.java
+++ b/lisa/lisa-analyses/src/main/java/it/unive/lisa/analysis/heap/pointbased/PointBasedHeap.java
@@ -426,9 +426,12 @@ public ExpressionSet<ValueExpression> visit(HeapDereference expression, Expressi
 			Set<ValueExpression> result = new HashSet<>();
 
 			for (ValueExpression ref : arg)
-				if (ref instanceof MemoryPointer)
-					result.add(((MemoryPointer) ref).getReferencedLocation());
-				else if (ref instanceof Identifier) {
+				if (ref instanceof MemoryPointer) {
+					HeapLocation location = ((MemoryPointer) ref).getReferencedLocation();
+					if (location instanceof VariableAllocationSite)
+						result.add(((VariableAllocationSite) location).getIdentifier());
+					else result.add(location);
+				} else if (ref instanceof Identifier) {
 					// this could be aliasing!
 					Identifier id = (Identifier) ref;
 					if (heapEnv.getKeys().contains(id))
@@ -458,10 +461,16 @@ public ExpressionSet<ValueExpression> visit(Identifier expression, Object... par
 				throws SemanticException {
 			if (!(expression instanceof MemoryPointer) && heapEnv.getKeys().contains(expression))
 				return new ExpressionSet<>(resolveIdentifier(expression));
-
+			else if (!(expression instanceof MemoryPointer)) {
+				VariableAllocationSite site = new VariableAllocationSite(expression.getStaticType(), expression, expression.getCodeLocation());
+				if (expression.hasRuntimeTypes())
+					site.setRuntimeTypes(expression.getRuntimeTypes(null));
+				return new ExpressionSet<>(site);
+			}
+			
 			return new ExpressionSet<>(expression);
 		}
-
+		
 		private Set<ValueExpression> resolveIdentifier(Identifier v) {
 			Set<ValueExpression> result = new HashSet<>();
 			for (AllocationSite site : heapEnv.getState(v)) {
diff --git a/lisa/lisa-analyses/src/main/java/it/unive/lisa/analysis/heap/pointbased/VariableAllocationSite.java b/lisa/lisa-analyses/src/main/java/it/unive/lisa/analysis/heap/pointbased/VariableAllocationSite.java
new file mode 100644
index 000000000..867fa67ae
--- /dev/null
+++ b/lisa/lisa-analyses/src/main/java/it/unive/lisa/analysis/heap/pointbased/VariableAllocationSite.java
@@ -0,0 +1,51 @@
+package it.unive.lisa.analysis.heap.pointbased;
+
+import java.util.Objects;
+
+import it.unive.lisa.program.cfg.CodeLocation;
+import it.unive.lisa.symbolic.value.Identifier;
+import it.unive.lisa.type.Type;
+
+public class VariableAllocationSite extends AllocationSite {
+	private Identifier identifier;
+	
+	public VariableAllocationSite(Type staticType, Identifier identifier, CodeLocation location) {
+		super(staticType, "&" + identifier.getName(), false, location);
+		this.identifier = identifier;
+	}
+
+	@Override
+	public String toString() {
+		return getName();
+	}
+
+	@Override
+	public int hashCode() {
+		final int prime = 31;
+		int result = super.hashCode();
+		result = prime * result + Objects.hash(identifier);
+		return result;
+	}
+
+	@Override
+	public boolean equals(Object obj) {
+		if (this == obj)
+			return true;
+		if (!super.equals(obj))
+			return false;
+		if (getClass() != obj.getClass())
+			return false;
+		VariableAllocationSite other = (VariableAllocationSite) obj;
+		return Objects.equals(identifier, other.identifier);
+	}
+
+	/** 
+	 * Yields the identifier.
+	 * 
+	 * @return the identifier
+	 */
+	public Identifier getIdentifier() {
+		return identifier;
+	}
+	
+}

From b57361861aacf83135c6748350704a3deb95b122 Mon Sep 17 00:00:00 2001
From: VincenzoArceri <vincenzoarceri.92@gmail.com>
Date: Sun, 5 Feb 2023 12:26:27 +0100
Subject: [PATCH 2/4] Variable allocation site creation made when referenced,
 javadoc spotless

---
 .../heap/pointbased/PointBasedHeap.java       | 29 +++++++++++-------
 .../pointbased/VariableAllocationSite.java    | 30 +++++++++++++++----
 2 files changed, 43 insertions(+), 16 deletions(-)

diff --git a/lisa/lisa-analyses/src/main/java/it/unive/lisa/analysis/heap/pointbased/PointBasedHeap.java b/lisa/lisa-analyses/src/main/java/it/unive/lisa/analysis/heap/pointbased/PointBasedHeap.java
index 17d3a5a86..0003beeb8 100644
--- a/lisa/lisa-analyses/src/main/java/it/unive/lisa/analysis/heap/pointbased/PointBasedHeap.java
+++ b/lisa/lisa-analyses/src/main/java/it/unive/lisa/analysis/heap/pointbased/PointBasedHeap.java
@@ -414,6 +414,16 @@ public ExpressionSet<ValueExpression> visit(HeapReference expression, Expression
 					if (expression.hasRuntimeTypes())
 						e.setRuntimeTypes(expression.getRuntimeTypes(null));
 					result.add(e);
+				} else if (loc instanceof Identifier && !(loc instanceof MemoryPointer)) {
+					VariableAllocationSite site = new VariableAllocationSite(loc.getStaticType(), (Identifier) loc,
+							loc.getCodeLocation());
+					MemoryPointer e = new MemoryPointer(
+							new ReferenceType(site.getStaticType()),
+							site,
+							site.getCodeLocation());
+					if (expression.hasRuntimeTypes())
+						e.setRuntimeTypes(expression.getRuntimeTypes(null));
+					result.add(e);
 				} else
 					result.add(loc);
 			return new ExpressionSet<>(result);
@@ -429,8 +439,11 @@ public ExpressionSet<ValueExpression> visit(HeapDereference expression, Expressi
 				if (ref instanceof MemoryPointer) {
 					HeapLocation location = ((MemoryPointer) ref).getReferencedLocation();
 					if (location instanceof VariableAllocationSite)
+						// if location is a variable allocation site, it
+						// rewrites to the pointed variable
 						result.add(((VariableAllocationSite) location).getIdentifier());
-					else result.add(location);
+					else
+						result.add(location);
 				} else if (ref instanceof Identifier) {
 					// this could be aliasing!
 					Identifier id = (Identifier) ref;
@@ -459,18 +472,14 @@ else if (id.getStaticType().isInMemoryType() || id.getStaticType().isUntyped())
 		@Override
 		public ExpressionSet<ValueExpression> visit(Identifier expression, Object... params)
 				throws SemanticException {
-			if (!(expression instanceof MemoryPointer) && heapEnv.getKeys().contains(expression))
-				return new ExpressionSet<>(resolveIdentifier(expression));
-			else if (!(expression instanceof MemoryPointer)) {
-				VariableAllocationSite site = new VariableAllocationSite(expression.getStaticType(), expression, expression.getCodeLocation());
-				if (expression.hasRuntimeTypes())
-					site.setRuntimeTypes(expression.getRuntimeTypes(null));
-				return new ExpressionSet<>(site);
+			if (!(expression instanceof MemoryPointer)) {
+				if (heapEnv.getKeys().contains(expression))
+					return new ExpressionSet<>(resolveIdentifier(expression));
 			}
-			
+
 			return new ExpressionSet<>(expression);
 		}
-		
+
 		private Set<ValueExpression> resolveIdentifier(Identifier v) {
 			Set<ValueExpression> result = new HashSet<>();
 			for (AllocationSite site : heapEnv.getState(v)) {
diff --git a/lisa/lisa-analyses/src/main/java/it/unive/lisa/analysis/heap/pointbased/VariableAllocationSite.java b/lisa/lisa-analyses/src/main/java/it/unive/lisa/analysis/heap/pointbased/VariableAllocationSite.java
index 867fa67ae..c9ac1cf1d 100644
--- a/lisa/lisa-analyses/src/main/java/it/unive/lisa/analysis/heap/pointbased/VariableAllocationSite.java
+++ b/lisa/lisa-analyses/src/main/java/it/unive/lisa/analysis/heap/pointbased/VariableAllocationSite.java
@@ -1,14 +1,32 @@
 package it.unive.lisa.analysis.heap.pointbased;
 
-import java.util.Objects;
-
 import it.unive.lisa.program.cfg.CodeLocation;
 import it.unive.lisa.symbolic.value.Identifier;
 import it.unive.lisa.type.Type;
+import java.util.Objects;
 
+/**
+ * A variabile allocation site, namely an allocation site used by point-based
+ * analyses abstracting concrete pointers to variables containing primitive type
+ * values.
+ * 
+ * @author <a href="mailto:vincenzo.arceri@unipr.it">Vincenzo Arceri</a>
+ * @author <a href="mailto:simone.gazza@studenti.unipr.it">Simone Gazza</a>
+ */
 public class VariableAllocationSite extends AllocationSite {
-	private Identifier identifier;
-	
+
+	/**
+	 * The identifier pointed by this allocation site.
+	 */
+	private final Identifier identifier;
+
+	/**
+	 * Builds the variable allocation site
+	 * 
+	 * @param staticType the static type
+	 * @param identifier the identifier pointed by this allocation site
+	 * @param location   the location of this allocation site
+	 */
 	public VariableAllocationSite(Type staticType, Identifier identifier, CodeLocation location) {
 		super(staticType, "&" + identifier.getName(), false, location);
 		this.identifier = identifier;
@@ -39,7 +57,7 @@ public boolean equals(Object obj) {
 		return Objects.equals(identifier, other.identifier);
 	}
 
-	/** 
+	/**
 	 * Yields the identifier.
 	 * 
 	 * @return the identifier
@@ -47,5 +65,5 @@ public boolean equals(Object obj) {
 	public Identifier getIdentifier() {
 		return identifier;
 	}
-	
+
 }

From 98ef772a8b61d1f9d60530e18a04cc454b88c077 Mon Sep 17 00:00:00 2001
From: VincenzoArceri <vincenzoarceri.92@gmail.com>
Date: Tue, 7 Feb 2023 11:13:42 +0100
Subject: [PATCH 3/4] Fix rewriting of heap reference in point-based heap
 analysis

---
 .../heap/pointbased/PointBasedHeap.java       | 27 +++++++++++--------
 1 file changed, 16 insertions(+), 11 deletions(-)

diff --git a/lisa/lisa-analyses/src/main/java/it/unive/lisa/analysis/heap/pointbased/PointBasedHeap.java b/lisa/lisa-analyses/src/main/java/it/unive/lisa/analysis/heap/pointbased/PointBasedHeap.java
index 0003beeb8..71c32148f 100644
--- a/lisa/lisa-analyses/src/main/java/it/unive/lisa/analysis/heap/pointbased/PointBasedHeap.java
+++ b/lisa/lisa-analyses/src/main/java/it/unive/lisa/analysis/heap/pointbased/PointBasedHeap.java
@@ -404,7 +404,8 @@ public ExpressionSet<ValueExpression> visit(HeapReference expression, Expression
 				Object... params)
 				throws SemanticException {
 			Set<ValueExpression> result = new HashSet<>();
-
+			SymbolicExpression referred = expression.getExpression();
+			
 			for (ValueExpression loc : arg)
 				if (loc instanceof AllocationSite) {
 					MemoryPointer e = new MemoryPointer(
@@ -414,16 +415,20 @@ public ExpressionSet<ValueExpression> visit(HeapReference expression, Expression
 					if (expression.hasRuntimeTypes())
 						e.setRuntimeTypes(expression.getRuntimeTypes(null));
 					result.add(e);
-				} else if (loc instanceof Identifier && !(loc instanceof MemoryPointer)) {
-					VariableAllocationSite site = new VariableAllocationSite(loc.getStaticType(), (Identifier) loc,
-							loc.getCodeLocation());
-					MemoryPointer e = new MemoryPointer(
-							new ReferenceType(site.getStaticType()),
-							site,
-							site.getCodeLocation());
-					if (expression.hasRuntimeTypes())
-						e.setRuntimeTypes(expression.getRuntimeTypes(null));
-					result.add(e);
+				} else if (referred.hasRuntimeTypes() && referred.getRuntimeTypes(null).stream().anyMatch(t -> !t.isInMemoryType())) {
+//					if (loc.hasRuntimeTypes() && loc.getRuntimeTypes(null).stream().anyMatch(t -> !t.isInMemoryType())) {						
+						for (Type type : referred.getRuntimeTypes(null)) {
+							VariableAllocationSite site = new VariableAllocationSite(type, (Identifier) referred,
+									loc.getCodeLocation());
+							MemoryPointer e = new MemoryPointer(
+									new ReferenceType(type),
+									site,
+									site.getCodeLocation());
+							e.setRuntimeTypes(Collections.singleton(new ReferenceType(type)));
+							result.add(e);
+						}
+//					} else
+//						result.add(loc);
 				} else
 					result.add(loc);
 			return new ExpressionSet<>(result);

From 56d2ef10dad225579b2a93afd64dee17298f06ff Mon Sep 17 00:00:00 2001
From: Simone Gazza <gazza.sim@gmail.com>
Date: Wed, 8 Mar 2023 17:18:36 +0100
Subject: [PATCH 4/4] Add pushScope and popScope to HeapDereference

---
 .../lisa/symbolic/heap/HeapReference.java     | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/lisa/lisa-sdk/src/main/java/it/unive/lisa/symbolic/heap/HeapReference.java b/lisa/lisa-sdk/src/main/java/it/unive/lisa/symbolic/heap/HeapReference.java
index ad9deb1ea..337eb48d9 100644
--- a/lisa/lisa-sdk/src/main/java/it/unive/lisa/symbolic/heap/HeapReference.java
+++ b/lisa/lisa-sdk/src/main/java/it/unive/lisa/symbolic/heap/HeapReference.java
@@ -1,5 +1,6 @@
 package it.unive.lisa.symbolic.heap;
 
+import it.unive.lisa.analysis.ScopeToken;
 import it.unive.lisa.analysis.SemanticException;
 import it.unive.lisa.program.cfg.CodeLocation;
 import it.unive.lisa.symbolic.ExpressionVisitor;
@@ -75,4 +76,24 @@ public <T> T accept(ExpressionVisitor<T> visitor, Object... params) throws Seman
 		T l = expression.accept(visitor, params);
 		return visitor.visit(this, l, params);
 	}
+	
+	@Override
+	public SymbolicExpression pushScope(ScopeToken token) {
+		try {
+			return new HeapReference(getStaticType(), expression.pushScope(token), getCodeLocation());
+		} catch (SemanticException e) {
+			// TODO: this is here to make the code compile, change this ASAP
+			throw new IllegalStateException();
+		}
+	}
+	
+	@Override
+	public SymbolicExpression popScope(ScopeToken token) throws SemanticException {
+		try {
+			return new HeapReference(getStaticType(), expression.popScope(token), getCodeLocation());
+		} catch (SemanticException e) {
+			// TODO: this is here to make the code compile, change this ASAP
+			throw new IllegalStateException();
+		} 
+	}
 }