[TS] Support globals and imports (#323)

Author: Lipen

buildSrc/src/main/kotlin/Dependencies.kt

@@ -6,7 +6,7 @@ object Versions {
     const val clikt = "5.0.0"
     const val detekt = "1.23.7"
     const val ini4j = "0.5.4"
-    const val jacodb = "d3e97200d6"
+    const val jacodb = "bb51484fb4"
     const val juliet = "1.3.2"
     const val junit = "5.9.3"
     const val kotlin = "2.1.0"

usvm-ts/src/main/kotlin/org/usvm/api/TsMock.kt

@@ -22,12 +22,14 @@ fun mockMethodCall(
             result = when (sort) {
                 is UAddressSort -> makeSymbolicRefUntyped()
 
-                is TsUnresolvedSort -> ctx.mkFakeValue(
-                    scope,
-                    makeSymbolicPrimitive(ctx.boolSort),
-                    makeSymbolicPrimitive(ctx.fp64Sort),
-                    makeSymbolicRefUntyped()
-                )
+                is TsUnresolvedSort -> scope.calcOnState {
+                    mkFakeValue(
+                        scope = scope,
+                        boolValue = makeSymbolicPrimitive(ctx.boolSort),
+                        fpValue = makeSymbolicPrimitive(ctx.fp64Sort),
+                        refValue = makeSymbolicRefUntyped(),
+                    )
+                }
 
                 else -> makeSymbolicPrimitive(sort)
             }

usvm-ts/src/main/kotlin/org/usvm/api/TsTest.kt

@@ -30,7 +30,12 @@ sealed interface TsTestValue {
     data object TsUnknown : TsTestValue
     data object TsNull : TsTestValue
     data object TsUndefined : TsTestValue
-    data object TsException : TsTestValue
+
+    sealed interface TsException : TsTestValue {
+        data object UnknownException : TsException
+        data class StringException(val message: String) : TsException
+        data class ObjectException(val value: TsTestValue) : TsException
+    }
 
     data class TsBoolean(val value: Boolean) : TsTestValue
 

usvm-ts/src/main/kotlin/org/usvm/machine/TsContext.kt

@@ -8,15 +8,20 @@ import org.jacodb.ets.model.EtsArrayType
 import org.jacodb.ets.model.EtsBooleanType
 import org.jacodb.ets.model.EtsEnumValueType
 import org.jacodb.ets.model.EtsGenericType
+import org.jacodb.ets.model.EtsLocal
+import org.jacodb.ets.model.EtsMethod
 import org.jacodb.ets.model.EtsNullType
 import org.jacodb.ets.model.EtsNumberType
+import org.jacodb.ets.model.EtsParameterRef
 import org.jacodb.ets.model.EtsRefType
 import org.jacodb.ets.model.EtsScene
 import org.jacodb.ets.model.EtsStringType
+import org.jacodb.ets.model.EtsThis
 import org.jacodb.ets.model.EtsType
 import org.jacodb.ets.model.EtsUndefinedType
 import org.jacodb.ets.model.EtsUnionType
 import org.jacodb.ets.model.EtsUnknownType
+import org.jacodb.ets.model.EtsValue
 import org.usvm.UAddressSort
 import org.usvm.UBoolExpr
 import org.usvm.UBoolSort
@@ -111,6 +116,23 @@ class TsContext(
         return heapRefToStringConstant[ref]
     }
 
+    fun getLocalIdx(local: EtsValue, method: EtsMethod): Int? =
+        // Note: below, 'n' means the number of arguments
+        when (local) {
+            // Note: 'this' has index 0
+            is EtsThis -> 0
+
+            // Note: arguments have indices from 1 to n
+            is EtsParameterRef -> local.index + 1
+
+            // Note: locals have indices starting from (n+1)
+            is EtsLocal -> method.locals.indexOfFirst { it.name == local.name }
+                .takeIf { it >= 0 }
+                ?.let { it + method.parameters.size + 1 }
+
+            else -> error("Unexpected local: $local")
+        }
+
     fun typeToSort(type: EtsType): USort = when (type) {
         is EtsBooleanType -> boolSort
         is EtsNumberType -> fp64Sort
@@ -272,7 +294,7 @@ class TsContext(
     fun UConcreteHeapRef.extractRef(scope: TsStepScope): UHeapRef {
         return scope.calcOnState { extractRef(memory) }
     }
-    
+
     // This is an identifier for a special function representing the 'resolve' function used in promises.
     // It is not a real function in the code, but we need it to handle promise resolution.
     val resolveFunctionRef: UConcreteHeapRef = allocateConcreteRef()

usvm-ts/src/main/kotlin/org/usvm/machine/expr/ExprUtil.kt

@@ -2,14 +2,19 @@ package org.usvm.machine.expr
 
 import io.ksmt.sort.KFp64Sort
 import io.ksmt.utils.asExpr
+import org.jacodb.ets.model.EtsStringType
 import org.usvm.UBoolExpr
 import org.usvm.UBoolSort
 import org.usvm.UExpr
+import org.usvm.UHeapRef
 import org.usvm.USort
 import org.usvm.api.makeSymbolicPrimitive
 import org.usvm.isFalse
 import org.usvm.machine.TsContext
+import org.usvm.machine.TsSizeSort
 import org.usvm.machine.interpreter.TsStepScope
+import org.usvm.machine.state.TsMethodResult
+import org.usvm.machine.state.TsState
 import org.usvm.machine.types.EtsFakeType
 import org.usvm.machine.types.ExprWithTypeConstraint
 import org.usvm.types.single
@@ -182,3 +187,47 @@ fun TsContext.mkNullishExpr(
     // Non-reference types (numbers, booleans, strings) are never nullish
     return mkFalse()
 }
+
+fun TsState.throwException(reason: String) {
+    val ref = ctx.mkStringConstantRef(reason)
+    methodResult = TsMethodResult.TsException(ref, EtsStringType)
+}
+
+fun TsContext.checkUndefinedOrNullPropertyRead(
+    scope: TsStepScope,
+    instance: UHeapRef,
+    propertyName: String,
+): Unit? {
+    val ref = instance.unwrapRef(scope)
+    val condition = mkAnd(
+        mkNot(mkHeapRefEq(ref, mkUndefinedValue())),
+        mkNot(mkHeapRefEq(ref, mkTsNullValue())),
+    )
+    return scope.fork(
+        condition,
+        blockOnFalseState = { throwException("Undefined or null property access: $propertyName of $ref") }
+    )
+}
+
+fun TsContext.checkNegativeIndexRead(
+    scope: TsStepScope,
+    index: UExpr<TsSizeSort>,
+): Unit? {
+    val condition = mkBvSignedGreaterOrEqualExpr(index, mkBv(0))
+    return scope.fork(
+        condition,
+        blockOnFalseState = { throwException("Negative index access: $index") }
+    )
+}
+
+fun TsContext.checkReadingInRange(
+    scope: TsStepScope,
+    index: UExpr<TsSizeSort>,
+    length: UExpr<TsSizeSort>,
+): Unit? {
+    val condition = mkBvSignedLessExpr(index, length)
+    return scope.fork(
+        condition,
+        blockOnFalseState = { throwException("Index out of bounds: $index, length: $length") }
+    )
+}

usvm-ts/src/main/kotlin/org/usvm/machine/expr/ReadArray.kt

@@ -0,0 +1,135 @@
+package org.usvm.machine.expr
+
+import io.ksmt.utils.asExpr
+import org.jacodb.ets.model.EtsArrayAccess
+import org.jacodb.ets.model.EtsArrayType
+import org.jacodb.ets.model.EtsBooleanType
+import org.jacodb.ets.model.EtsNumberType
+import org.jacodb.ets.model.EtsUnknownType
+import org.usvm.UConcreteHeapRef
+import org.usvm.UExpr
+import org.usvm.UHeapRef
+import org.usvm.api.typeStreamOf
+import org.usvm.isAllocatedConcreteHeapRef
+import org.usvm.machine.TsContext
+import org.usvm.machine.TsSizeSort
+import org.usvm.machine.interpreter.TsStepScope
+import org.usvm.machine.types.mkFakeValue
+import org.usvm.sizeSort
+import org.usvm.types.first
+import org.usvm.util.mkArrayIndexLValue
+import org.usvm.util.mkArrayLengthLValue
+
+internal fun TsExprResolver.handleArrayAccess(
+    value: EtsArrayAccess,
+): UExpr<*>? = with(ctx) {
+    // Resolve the array.
+    val array = resolve(value.array) ?: return null
+    check(array.sort == addressSort) {
+        "Expected address sort for array, got: ${array.sort}"
+    }
+    val arrayRef = array.asExpr(addressSort)
+
+    // Check for undefined or null array access.
+    checkUndefinedOrNullPropertyRead(scope, arrayRef, propertyName = "[]") ?: return null
+
+    // Resolve the index.
+    val resolvedIndex = resolve(value.index) ?: return null
+    check(resolvedIndex.sort == fp64Sort) {
+        "Expected fp64 sort for index, got: ${resolvedIndex.sort}"
+    }
+    val index = resolvedIndex.asExpr(fp64Sort)
+
+    // Convert the index to a bit-vector.
+    val bvIndex = mkFpToBvExpr(
+        roundingMode = fpRoundingModeSortDefaultValue(),
+        value = index,
+        bvSize = sizeSort.sizeBits.toInt(),
+        isSigned = true,
+    ).asExpr(sizeSort)
+
+    // Determine the array type.
+    val arrayType = if (isAllocatedConcreteHeapRef(arrayRef)) {
+        scope.calcOnState { memory.typeStreamOf(arrayRef).first() }
+    } else {
+        value.array.type
+    }
+    check(arrayType is EtsArrayType) {
+        "Expected EtsArrayType, got: ${value.array.type}"
+    }
+
+    // Read the array element.
+    readArray(scope, arrayRef, bvIndex, arrayType)
+}
+
+fun TsContext.readArray(
+    scope: TsStepScope,
+    array: UHeapRef,
+    index: UExpr<TsSizeSort>,
+    arrayType: EtsArrayType,
+): UExpr<*>? {
+    // Read the array length.
+    val length = scope.calcOnState {
+        val lengthLValue = mkArrayLengthLValue(array, arrayType)
+        memory.read(lengthLValue)
+    }
+
+    // Check for out-of-bounds access.
+    checkNegativeIndexRead(scope, index) ?: return null
+    checkReadingInRange(scope, index, length) ?: return null
+
+    // Determine the element sort.
+    val sort = typeToSort(arrayType.elementType)
+
+    // If the element type is known, we can read it directly.
+    if (sort !is TsUnresolvedSort) {
+        val lValue = mkArrayIndexLValue(
+            sort = sort,
+            ref = array,
+            index = index,
+            type = arrayType,
+        )
+        return scope.calcOnState { memory.read(lValue) }
+    }
+
+    // Concrete arrays with the unresolved sort should consist of fake objects only.
+    if (array is UConcreteHeapRef) {
+        // Read a fake object from the array.
+        val lValue = mkArrayIndexLValue(
+            sort = addressSort,
+            ref = array,
+            index = index,
+            type = arrayType,
+        )
+        return scope.calcOnState { memory.read(lValue) }
+    }
+
+    // If the element type is unresolved, we need to create a fake object
+    // that can hold boolean, number, and reference values.
+    // We read all three types from the array and combine them into a fake object.
+    return scope.calcOnState {
+        val boolArrayType = EtsArrayType(EtsBooleanType, dimensions = 1)
+        val boolLValue = mkArrayIndexLValue(boolSort, array, index, boolArrayType)
+        val bool = memory.read(boolLValue)
+
+        val numberArrayType = EtsArrayType(EtsNumberType, dimensions = 1)
+        val fpLValue = mkArrayIndexLValue(fp64Sort, array, index, numberArrayType)
+        val fp = memory.read(fpLValue)
+
+        val unknownArrayType = EtsArrayType(EtsUnknownType, dimensions = 1)
+        val refLValue = mkArrayIndexLValue(addressSort, array, index, unknownArrayType)
+        val ref = memory.read(refLValue)
+
+        // If the read reference is already a fake object, we can return it directly.
+        // Otherwise, we need to create a new fake object and write it back to the memory.
+        // TODO: Think about the type constraint to get a consistent array resolution later
+        if (ref.isFakeObject()) {
+            ref
+        } else {
+            val fakeObj = mkFakeValue(scope, bool, fp, ref)
+            lValuesToAllocatedFakeObjects += refLValue to fakeObj
+            memory.write(refLValue, fakeObj, guard = trueExpr)
+            fakeObj
+        }
+    }
+}