tldr-core 0.1.6

Core analysis engine for TLDR code analysis tool
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143

//! Alias Analysis Module
//!
//! Flow-insensitive Andersen-style points-to analysis for determining when
//! two references may or must refer to the same object.
//!
//! ## Overview
//!
//! This module implements alias analysis with the following capabilities:
//!
//! - **May-alias**: Sound check for potential aliasing (no false negatives)
//! - **Must-alias**: Precise check for definite aliasing (no false positives)
//! - **Points-to sets**: Track what abstract locations variables may reference
//!
//! ## Algorithm
//!
//! Uses Andersen's subset-based analysis (1994):
//! - Flow-insensitive (processes all statements once)
//! - Complexity: O(n^3) time, O(n^2) space
//! - Key property: Inclusion constraints `pts(x) >= pts(y)` for `x = y`
//!
//! ## Usage
//!
//! ```rust,ignore
//! use tldr_core::alias::{compute_alias_from_ssa, AliasInfo};
//!
//! let alias_info = compute_alias_from_ssa(&ssa_function)?;
//!
//! if alias_info.may_alias_check("x_0", "y_0") {
//!     println!("x and y may point to same object");
//! }
//!
//! if alias_info.must_alias_check("x_0", "p_0") {
//!     println!("x definitely aliases p");
//! }
//! ```
//!
//! ## References
//!
//! - Andersen, L. O. (1994). Program Analysis and Specialization for the C
//!   Programming Language. PhD thesis, University of Copenhagen.
//! - See `spec.md` for detailed specification.

// Phase 1: Types (implemented)
mod types;

// Phase 2: Constraint generation (implemented)
mod constraints;

// Phase 3: Fixed-point solver (implemented)
mod solver;

// Phase 7: Output formatting (implemented)
mod format;

// Re-exports
pub use constraints::{Constraint, ConstraintExtractor};
pub use format::AliasOutputFormat;
pub use solver::{AliasSolver, MAX_ITERATIONS};
pub use types::{
    AbstractLocation, AliasError, AliasInfo, Confidence, UncertainAlias, MAX_FIELD_DEPTH,
};

// SSA types needed for the public API
use crate::ssa::types::SsaFunction;

// =============================================================================
// Public API: Main Entry Points (Phase 4)
// =============================================================================

/// Compute alias analysis from SSA form.
///
/// This is the main entry point for alias analysis. It extracts constraints
/// from the SSA function, runs the fixed-point solver, and returns complete
/// alias information.
///
/// # Arguments
/// * `ssa` - SSA form of the function to analyze
///
/// # Returns
/// * `Ok(AliasInfo)` - Complete alias analysis results
/// * `Err(AliasError)` - If analysis fails (e.g., invalid SSA, iteration limit)
///
/// # Algorithm
/// 1. Extract constraints from SSA (phi functions, assignments, calls)
/// 2. Initialize points-to sets from allocations and parameters
/// 3. Run fixed-point iteration until convergence
/// 4. Derive may-alias from points-to overlap
/// 5. Derive must-alias from direct copies (excluding phi targets)
/// 6. Add conservative parameter aliasing
///
/// # Example
/// ```rust,ignore
/// use tldr_core::alias::compute_alias_from_ssa;
/// use tldr_core::ssa::types::SsaFunction;
///
/// let ssa: SsaFunction = /* construct SSA */;
/// let alias_info = compute_alias_from_ssa(&ssa)?;
///
/// // Check if two variables may alias
/// if alias_info.may_alias_check("x_0", "y_0") {
///     println!("x and y may point to same object");
/// }
///
/// // Check what x points to
/// let pts = alias_info.get_points_to("x_0");
/// println!("x points to: {:?}", pts);
/// ```
///
/// # TIGER Mitigations
/// - TIGER-3: Validates all SSA references before processing
/// - TIGER-14: Validates phi source counts match predecessors
/// - TIGER-2: Returns error if fixed-point iteration exceeds limit
/// - TIGER-6: Computes transitive closure for must-alias
pub fn compute_alias_from_ssa(ssa: &SsaFunction) -> Result<AliasInfo, AliasError> {
    // Phase 2: Extract constraints from SSA
    let extractor = ConstraintExtractor::extract_from_ssa(ssa)?;

    // Phase 3: Run fixed-point solver
    let mut solver = AliasSolver::new(&extractor);
    solver.solve()?;

    // Build and return alias info
    Ok(solver.build_alias_info(&ssa.function))
}

/// Compute alias analysis for a function (convenience wrapper).
///
/// This is a convenience wrapper that takes an SSA function reference
/// and returns alias analysis results. Use this when you have an SSA
/// function ready for analysis.
///
/// # Arguments
/// * `ssa` - Reference to SSA function
///
/// # Returns
/// * `Ok(AliasInfo)` - Alias analysis results
/// * `Err(AliasError)` - If analysis fails
pub fn compute_alias(ssa: &SsaFunction) -> Result<AliasInfo, AliasError> {
    compute_alias_from_ssa(ssa)
}

#[cfg(test)]
mod alias_tests;