A first attempt to implement element and array types connection

Author: sergeypospelov

usvm-core/src/main/kotlin/org/usvm/constraints/TypeConstraints.kt

@@ -30,14 +30,14 @@ interface UTypeEvaluator<Type> {
  * Manages allocated objects separately from input ones. Indeed, we know the type of an allocated object
  * precisely, thus we can evaluate the subtyping constraints for them concretely (modulo generic type variables).
  */
-class UTypeConstraints<Type>(
+open class UTypeConstraints<Type>(
     private val typeSystem: UTypeSystem<Type>,
     private val equalityConstraints: UEqualityConstraints,
-    private val concreteRefToType: MutableMap<UConcreteHeapAddress, Type> = mutableMapOf(),
+    protected val concreteRefToType: MutableMap<UConcreteHeapAddress, Type> = mutableMapOf(),
     symbolicRefToTypeRegion: MutableMap<USymbolicHeapRef, UTypeRegion<Type>> = mutableMapOf(),
 ) : UTypeEvaluator<Type> {
     init {
-        equalityConstraints.subscribe(::intersectConstraints)
+        equalityConstraints.subscribe(::intersectRegions)
     }
 
     val symbolicRefToTypeRegion get(): Map<USymbolicHeapRef, UTypeRegion<Type>> = _symbolicRefToTypeRegion
@@ -57,7 +57,7 @@ class UTypeConstraints<Type>(
         )
     }
 
-    private fun contradiction() {
+    protected fun contradiction() {
         isContradicting = true
     }
 
@@ -68,11 +68,13 @@ class UTypeConstraints<Type>(
         concreteRefToType[ref] = type
     }
 
-    private fun getRegion(symbolicRef: USymbolicHeapRef) =
-        _symbolicRefToTypeRegion[equalityConstraints.equalReferences.find(symbolicRef)] ?: topTypeRegion
+    fun getTypeRegion(symbolicRef: USymbolicHeapRef, useRepresentative: Boolean = false): UTypeRegion<Type> {
+        val representative = if (useRepresentative) equalityConstraints.equalReferences.find(symbolicRef) else symbolicRef
+        return _symbolicRefToTypeRegion[representative] ?: topTypeRegion
+    }
 
 
-    private fun setRegion(symbolicRef: USymbolicHeapRef, value: UTypeRegion<Type>) {
+    private fun setTypeRegion(symbolicRef: USymbolicHeapRef, value: UTypeRegion<Type>) {
         _symbolicRefToTypeRegion[equalityConstraints.equalReferences.find(symbolicRef)] = value
     }
 
@@ -96,23 +98,7 @@ class UTypeConstraints<Type>(
             }
 
             is USymbolicHeapRef -> {
-                val constraints = getRegion(ref)
-                val newConstraints = constraints.addSupertype(type)
-                if (newConstraints.isContradicting) {
-                    // the only left option here is to be equal to null
-                    equalityConstraints.makeEqual(ref, ref.uctx.nullRef)
-                } else {
-                    // Inferring new symbolic disequalities here
-                    for ((key, value) in _symbolicRefToTypeRegion.entries) {
-                        // TODO: cache intersections?
-                        if (key != ref && value.intersect(newConstraints).isEmpty) {
-                            // If we have two inputs of incomparable reference types, then they are either non equal,
-                            // or both nulls
-                            equalityConstraints.makeNonEqualOrBothNull(ref, key)
-                        }
-                    }
-                    setRegion(ref, newConstraints)
-                }
+                updateRegionCanBeEqualNull(ref) { it.addSupertype(type) }
             }
 
             else -> error("Provided heap ref must be either concrete or purely symbolic one, found $ref")
@@ -139,23 +125,7 @@ class UTypeConstraints<Type>(
             }
 
             is USymbolicHeapRef -> {
-                val constraints = getRegion(ref)
-                val newConstraints = constraints.excludeSupertype(type)
-                equalityConstraints.makeNonEqual(ref, ref.uctx.nullRef)
-                if (newConstraints.isContradicting || equalityConstraints.isContradicting) {
-                    // the [ref] can't be equal to null
-                    contradiction()
-                } else {
-                    // Inferring new symbolic disequalities here
-                    for ((key, value) in _symbolicRefToTypeRegion.entries) {
-                        // TODO: cache intersections?
-                        if (key != ref && value.intersect(newConstraints).isEmpty) {
-                            // If we have two inputs of incomparable reference types, then they are non equal
-                            equalityConstraints.makeNonEqual(ref, key)
-                        }
-                    }
-                    setRegion(ref, newConstraints)
-                }
+                updateRegionCannotBeEqualNull(ref) { it.excludeSupertype(type) }
             }
 
             else -> error("Provided heap ref must be either concrete or purely symbolic one, found $ref")
@@ -165,7 +135,7 @@ class UTypeConstraints<Type>(
     /**
      * @return a type stream corresponding to the [ref].
      */
-    internal fun readTypeStream(ref: UHeapRef): UTypeStream<Type> =
+    internal fun getTypeStream(ref: UHeapRef): UTypeStream<Type> =
         when (ref) {
             is UConcreteHeapRef -> {
                 val concreteType = concreteRefToType[ref.address]
@@ -180,15 +150,61 @@ class UTypeConstraints<Type>(
             is UNullRef -> error("Null ref should be handled explicitly earlier")
 
             is USymbolicHeapRef -> {
-                getRegion(ref).typeStream
+                getTypeRegion(ref).typeStream
             }
 
             else -> error("Unexpected ref: $ref")
         }
 
-    private fun intersectConstraints(ref1: USymbolicHeapRef, ref2: USymbolicHeapRef) {
-        val newRegion = getRegion(ref1).intersect(getRegion(ref2))
-        setRegion(ref1, newRegion)
+    private fun intersectRegions(ref1: USymbolicHeapRef, ref2: USymbolicHeapRef) {
+        val region = getTypeRegion(ref2)
+        updateRegionCanBeEqualNull(ref1, region::intersect)
+    }
+
+    protected fun updateRegionCannotBeEqualNull(
+        ref: USymbolicHeapRef,
+        regionMapper: (UTypeRegion<Type>) -> UTypeRegion<Type>,
+    ) {
+        val region = getTypeRegion(ref)
+        val newRegion = regionMapper(region)
+        if (newRegion == region) {
+            return
+        }
+        equalityConstraints.makeNonEqual(ref, ref.uctx.nullRef)
+        if (newRegion.isEmpty || equalityConstraints.isContradicting) {
+            contradiction()
+            return
+        }
+        for ((key, value) in _symbolicRefToTypeRegion.entries) {
+            // TODO: cache intersections?
+            if (key != ref && value.intersect(newRegion).isEmpty) {
+                // If we have two inputs of incomparable reference types, then they are non equal
+                equalityConstraints.makeNonEqual(ref, key)
+            }
+        }
+        setTypeRegion(ref, newRegion)
+    }
+
+    protected fun updateRegionCanBeEqualNull(
+        ref: USymbolicHeapRef,
+        regionMapper: (UTypeRegion<Type>) -> UTypeRegion<Type>,
+    ) {
+        val region = getTypeRegion(ref)
+        val newRegion = regionMapper(region)
+        if (newRegion == region) {
+            return
+        }
+        if (newRegion.isEmpty) {
+            equalityConstraints.makeEqual(ref, ref.uctx.nullRef)
+        }
+        for ((key, value) in _symbolicRefToTypeRegion.entries) {
+            // TODO: cache intersections?
+            if (key != ref && value.intersect(newRegion).isEmpty) {
+                // If we have two inputs of incomparable reference types, then they are non equal
+                equalityConstraints.makeNonEqualOrBothNull(ref, key)
+            }
+        }
+        setTypeRegion(ref, newRegion)
     }
 
     /**
@@ -209,9 +225,9 @@ class UTypeConstraints<Type>(
                     // accordingly to the [UIsExpr] specification, [nullRef] always satisfies the [type]
                     return@mapper symbolicRef.ctx.trueExpr
                 }
-                val typeRegion = getRegion(symbolicRef)
+                val typeRegion = getTypeRegion(symbolicRef)
 
-                if (typeRegion.addSupertype(type).isContradicting) {
+                if (typeRegion.addSupertype(type).isEmpty) {
                     symbolicRef.ctx.falseExpr
                 } else {
                     symbolicRef.uctx.mkIsExpr(symbolicRef, type)

usvm-core/src/main/kotlin/org/usvm/memory/HeapRefSplitting.kt

@@ -26,7 +26,7 @@ infix fun <T> GuardedExpr<T>.withAlso(guard: UBoolExpr) = GuardedExpr(expr, guar
  * @param symbolicHeapRef an ite made of all [USymbolicHeapRef]s with its guard, the single [USymbolicHeapRef] if it's
  * the single [USymbolicHeapRef] in the base expression or `null` if there are no [USymbolicHeapRef]s at all.
  */
-internal data class SplitHeapRefs(
+data class SplitHeapRefs(
     val concreteHeapRefs: List<GuardedExpr<UConcreteHeapRef>>,
     val symbolicHeapRef: GuardedExpr<UHeapRef>?,
 )
@@ -43,7 +43,7 @@ internal data class SplitHeapRefs(
  * @param ignoreNullRefs if true, then null references will be ignored. It means that all leafs with nulls
  * considered unsatisfiable, so we assume their guards equal to false, and they won't be added to the result.
  */
-internal fun splitUHeapRef(
+fun splitUHeapRef(
     ref: UHeapRef,
     initialGuard: UBoolExpr = ref.ctx.trueExpr,
     ignoreNullRefs: Boolean = true,
@@ -75,7 +75,7 @@ internal fun splitUHeapRef(
  * @param ignoreNullRefs if true, then null references will be ignored. It means that all leafs with nulls
  * considered unsatisfiable, so we assume their guards equal to false.
  */
-internal inline fun withHeapRef(
+inline fun withHeapRef(
     ref: UHeapRef,
     initialGuard: UBoolExpr,
     crossinline blockOnConcrete: (GuardedExpr<UConcreteHeapRef>) -> Unit,
@@ -104,9 +104,9 @@ internal inline fun withHeapRef(
     }
 }
 
-private const val LEFT_CHILD = 0
-private const val RIGHT_CHILD = 1
-private const val DONE = 2
+const val LEFT_CHILD = 0
+const val RIGHT_CHILD = 1
+const val DONE = 2
 
 
 /**
@@ -118,7 +118,7 @@ private const val DONE = 2
  * considered unsatisfiable, so we assume their guards equal to false. If [ignoreNullRefs] is true and [this] is
  * [UNullRef], throws an [IllegalArgumentException].
  */
-internal inline fun <Sort : USort> UHeapRef.map(
+inline fun <Sort : USort> UHeapRef.map(
     crossinline concreteMapper: (UConcreteHeapRef) -> UExpr<Sort>,
     crossinline symbolicMapper: (USymbolicHeapRef) -> UExpr<Sort>,
     ignoreNullRefs: Boolean = true,

usvm-core/src/main/kotlin/org/usvm/memory/Memory.kt

@@ -162,5 +162,5 @@ open class UMemoryBase<Field, Type, Method>(
         UMemoryBase(ctx, typeConstraints, stack.clone(), heap.toMutableHeap(), mocker)
 
     override fun typeStreamOf(ref: UHeapRef): UTypeStream<Type> =
-        types.readTypeStream(ref)
+        types.getTypeStream(ref)
 }

usvm-core/src/main/kotlin/org/usvm/model/LazyModels.kt

@@ -117,7 +117,7 @@ class ULazyHeapModel<Field, ArrayType>(
         // All the expressions in the model are interpreted, therefore, they must
         // have concrete addresses. Moreover, the model knows only about input values
         // which have addresses less or equal than INITIAL_INPUT_ADDRESS
-        require(ref is UConcreteHeapRef && ref.address <= INITIAL_INPUT_ADDRESS)
+        require(ref is UConcreteHeapRef && ref.address <= INITIAL_INPUT_ADDRESS) { "Unexpected ref: $ref" }
 
         val resolvedRegion = resolvedInputFields[field]
         val regionId = UInputFieldId(field, sort, contextHeap = null)
@@ -142,7 +142,7 @@ class ULazyHeapModel<Field, ArrayType>(
         // All the expressions in the model are interpreted, therefore, they must
         // have concrete addresses. Moreover, the model knows only about input values
         // which have addresses less or equal than INITIAL_INPUT_ADDRESS
-        require(ref is UConcreteHeapRef && ref.address <= INITIAL_INPUT_ADDRESS)
+        require(ref is UConcreteHeapRef && ref.address <= INITIAL_INPUT_ADDRESS) { "Unexpected ref: $ref" }
 
         val key = ref to index
 
@@ -164,7 +164,7 @@ class ULazyHeapModel<Field, ArrayType>(
         // All the expressions in the model are interpreted, therefore, they must
         // have concrete addresses. Moreover, the model knows only about input values
         // which have addresses less or equal than INITIAL_INPUT_ADDRESS
-        require(ref is UConcreteHeapRef && ref.address <= INITIAL_INPUT_ADDRESS)
+        require(ref is UConcreteHeapRef && ref.address <= INITIAL_INPUT_ADDRESS) { "Unexpected ref: $ref" }
 
         val resolvedRegion = resolvedInputLengths[arrayType]
         val regionId = UInputArrayLengthId(arrayType, ref.uctx.sizeSort, contextHeap = null)

usvm-core/src/main/kotlin/org/usvm/solver/USoftConstraintsProvider.kt

@@ -52,7 +52,7 @@ class USoftConstraintsProvider<Field, Type>(override val ctx: UContext) : UTrans
     fun provide(initialExpr: UExpr<*>): Set<UBoolExpr> =
         caches.getOrElse(initialExpr) {
             apply(initialExpr)
-            provide(initialExpr)
+            caches.getValue(initialExpr)
         }
 
     // region The most common methods
@@ -97,10 +97,9 @@ class USoftConstraintsProvider<Field, Type>(override val ctx: UContext) : UTrans
         expr: UConcreteHeapRef,
     ): UExpr<UAddressSort> = error("Illegal operation since UConcreteHeapRef must not be translated into a solver")
 
-    override fun transform(expr: UNullRef): UExpr<UAddressSort> = expr
+    override fun transform(expr: UNullRef): UExpr<UAddressSort> = transformExpr(expr)
 
-    override fun transform(expr: UIsExpr<Type>): UBoolExpr =
-        error("Illegal operation since UIsExpr should not be translated into a SMT solver")
+    override fun transform(expr: UIsExpr<Type>): UBoolExpr = transformExpr(expr)
 
     override fun transform(
         expr: UInputArrayLengthReading<Type>,

usvm-core/src/main/kotlin/org/usvm/types/TypeRegion.kt

@@ -16,8 +16,6 @@ open class UTypeRegion<Type>(
     val subtypes: PersistentSet<Type> = persistentSetOf(),
     val notSubtypes: PersistentSet<Type> = persistentSetOf(),
 ) : Region<UTypeRegion<Type>> {
-    val isContradicting get() = typeStream.isEmpty
-
     /**
      * Returns region that represents empty set of types. Called when type
      * constraints contradict, for example if X <: Y and X </: Y.
@@ -37,7 +35,7 @@ open class UTypeRegion<Type>(
      *  - t is final && t </: X && X <: t
      */
     open fun addSupertype(supertype: Type): UTypeRegion<Type> {
-        if (isContradicting || supertypes.any { typeSystem.isSupertype(supertype, it) }) {
+        if (isEmpty || supertypes.any { typeSystem.isSupertype(supertype, it) }) {
             return this
         }
 
@@ -84,7 +82,7 @@ open class UTypeRegion<Type>(
      *  X <: u && u <: t && X </: t, i.e. if [supertypes] contains subtype of [notSupertype]
      */
     open fun excludeSupertype(notSupertype: Type): UTypeRegion<Type> {
-        if (isContradicting || notSupertypes.any { typeSystem.isSupertype(it, notSupertype) }) {
+        if (isEmpty || notSupertypes.any { typeSystem.isSupertype(it, notSupertype) }) {
             return this
         }
 
@@ -108,8 +106,8 @@ open class UTypeRegion<Type>(
      *  - t <: X && u <: t && u </: X, i.e. if [notSubtypes] contains subtype of [subtype]
      *  - t <: X && X <: u && t </: u
      */
-    protected open fun addSubtype(subtype: Type): UTypeRegion<Type> {
-        if (isContradicting || subtypes.any { typeSystem.isSupertype(it, subtype) }) {
+    open fun addSubtype(subtype: Type): UTypeRegion<Type> {
+        if (isEmpty || subtypes.any { typeSystem.isSupertype(it, subtype) }) {
             return this
         }
 
@@ -134,8 +132,8 @@ open class UTypeRegion<Type>(
      *  - u <: X && t <: u && t </: X, i.e. if [subtypes] contains supertype of [notSubtype]
      *  - t is final && t </: X && X <: t
      */
-    protected open fun excludeSubtype(notSubtype: Type): UTypeRegion<Type> {
-        if (isContradicting || notSubtypes.any { typeSystem.isSupertype(notSubtype, it) }) {
+    open fun excludeSubtype(notSubtype: Type): UTypeRegion<Type> {
+        if (isEmpty || notSubtypes.any { typeSystem.isSupertype(notSubtype, it) }) {
             return this
         }
 
@@ -153,9 +151,12 @@ open class UTypeRegion<Type>(
         return UTypeRegion(typeSystem, newTypeStream, notSubtypes = newNotSubtypes)
     }
 
-    override val isEmpty: Boolean = isContradicting
+    override val isEmpty: Boolean = typeStream.isEmpty
 
     override fun intersect(other: UTypeRegion<Type>): UTypeRegion<Type> {
+        if (this == other) {
+            return this
+        }
         // TODO: optimize things up by not re-allocating type regions after each operation
         val otherSize = other.size
         val thisSize = this.size
@@ -164,6 +165,9 @@ open class UTypeRegion<Type>(
         } else {
             this to other
         }
+        if (smallRegion.isEmpty) {
+            return smallRegion
+        }
 
         val result1 = smallRegion.supertypes.fold(largeRegion) { acc, t -> acc.addSupertype(t) }
         val result2 = smallRegion.notSupertypes.fold(result1) { acc, t -> acc.excludeSupertype(t) }
@@ -172,6 +176,9 @@ open class UTypeRegion<Type>(
     }
 
     override fun subtract(other: UTypeRegion<Type>): UTypeRegion<Type> {
+        if (isEmpty || other.isEmpty) {
+            return this
+        }
         if (other.notSupertypes.isNotEmpty() || other.notSubtypes.isEmpty() || other.supertypes.size + other.subtypes.size != 1) {
             TODO("For now, we are able to subtract only positive singleton type constraints")
         }

usvm-core/src/test/kotlin/org/usvm/types/TypeSolverTest.kt

@@ -148,6 +148,29 @@ class TypeSolverTest {
         assertIs<UUnsatResult<UModelBase<Field, TestType>>>(resultWithEqConstraint)
     }
 
+    @Test
+    fun `Test symbolic ref -- different types 3 refs`(): Unit = with(ctx) {
+        val ref0 = ctx.mkRegisterReading(0, addressSort)
+        val ref1 = ctx.mkRegisterReading(1, addressSort)
+        val ref2 = ctx.mkRegisterReading(2, addressSort)
+
+        pc += mkIsExpr(ref0, interfaceAB)
+        pc += mkIsExpr(ref1, interfaceBC1)
+        pc += mkIsExpr(ref2, interfaceAC)
+        pc += mkHeapRefEq(ref0, nullRef).not()
+        pc += mkHeapRefEq(ref1, nullRef).not()
+        pc += mkHeapRefEq(ref2, nullRef).not()
+
+        val resultWithoutEqConstraint = solver.check(pc)
+        val model = assertIs<USatResult<UModelBase<Field, TestType>>>(resultWithoutEqConstraint).model
+        assertNotEquals(model.eval(ref0), model.eval(ref1))
+
+        pc += mkHeapRefEq(ref0, ref1)
+        pc += mkHeapRefEq(ref1, ref2)
+
+        assertTrue(pc.isFalse)
+    }
+
     @Test
     fun `Test symbolic ref -- different interface types but same base type`(): Unit = with(ctx) {
         val ref0 = ctx.mkRegisterReading(0, addressSort)

usvm-jvm/src/main/kotlin/org/usvm/machine/JcTypeSystem.kt

@@ -8,6 +8,7 @@ import org.jacodb.api.JcRefType
 import org.jacodb.api.JcType
 import org.jacodb.api.ext.isAssignable
 import org.jacodb.api.ext.objectType
+import org.jacodb.api.ext.packageName
 import org.jacodb.api.ext.toType
 import org.jacodb.impl.features.HierarchyExtensionImpl
 import org.usvm.types.USupportTypeStream
@@ -43,6 +44,17 @@ class JcTypeSystem(
         else -> error("Unknown type $t")
     }
 
+    fun isArrayElemType(elemType: JcType, arrayType: JcType): Boolean {
+        if (arrayType !is JcArrayType) {
+            return false
+        }
+        return isSupertype(arrayType.elementType, elemType)
+    }
+
+    fun arrayTypeOf(type: JcType): JcType {
+        return type.classpath.arrayTypeOf(type)
+    }
+
     private val topTypeStream by lazy { USupportTypeStream.from(this, cp.objectType) }
 
     override fun topTypeStream(): UTypeStream<JcType> =

usvm-jvm/src/main/kotlin/org/usvm/machine/constraints/JcTypeConstraints.kt

@@ -0,0 +1,123 @@
+//package org.usvm.machine.constraints
+//
+//import org.jacodb.api.JcArrayType
+//import org.jacodb.api.JcType
+//import org.usvm.UBoolExpr
+//import org.usvm.UConcreteHeapRef
+//import org.usvm.UHeapRef
+//import org.usvm.UNullRef
+//import org.usvm.USymbolicHeapRef
+//import org.usvm.constraints.UEqualityConstraints
+//import org.usvm.constraints.UTypeConstraints
+//import org.usvm.machine.JcTypeSystem
+//import org.usvm.machine.jctx
+//import org.usvm.memory.map
+//
+//class JcTypeConstraints(
+//    private val typeSystem: JcTypeSystem,
+//    private val equalityConstraints: UEqualityConstraints,
+//) : UTypeConstraints<JcType>(typeSystem, equalityConstraints) {
+//
+//    fun evalIsElementOfArray(elemRef: UHeapRef, arrayRef: UHeapRef): UBoolExpr {
+//        val ctx = elemRef.jctx
+//        return elemRef.map(
+//            concreteMapper = { concreteElemRef ->
+//                val elemType = concreteRefToType.getValue(concreteElemRef.address)
+//                arrayRef.map(
+//                    concreteMapper = { concreteArrayRef ->
+//                        val arrayType = concreteRefToType.getValue(concreteArrayRef.address)
+//                        if (typeSystem.isArrayElemType(elemType, arrayType)) {
+//                            ctx.trueExpr
+//                        } else {
+//                            ctx.falseExpr
+//                        }
+//                    },
+//                    symbolicMapper = { symbolicArrayRef ->
+//                        val arrayTypeRegion = getTypeRegion(symbolicArrayRef)
+//                        val arrayTypeOfElement = typeSystem.arrayTypeOf(elemType)
+//                        val newArrayTypeRegion = arrayTypeRegion.addSubtype(arrayTypeOfElement)
+//                        if (newArrayTypeRegion.isEmpty) {
+//                            ctx.falseExpr
+//                        } else {
+//                            evalIsSupertype(arrayRef, arrayTypeOfElement)
+//                        }
+//                    },
+//                    ignoreNullRefs = true
+//                )
+//            },
+//            symbolicMapper = mapper@{ symbolicElemRef ->
+//                if (symbolicElemRef == ctx.nullRef) {
+//                    return@mapper ctx.trueExpr
+//                }
+//
+//                val elemTypeRegion = getTypeRegion(symbolicElemRef)
+//                arrayRef.map(
+//                    concreteMapper = { concreteArrayRef ->
+//                        val concreteArrayType = concreteRefToType.getValue(concreteArrayRef.address) as JcArrayType
+//                        evalIs(symbolicElemRef, concreteArrayType.elementType)
+//                    },
+//                    symbolicMapper = { symbolicArrayRef ->
+//                        val arrayTypeRegion = getTypeRegion(symbolicArrayRef)
+//                        // actually, we need to map type region here
+//                        val newArrayTypeRegion = arrayTypeRegion.intersect(elemTypeRegion)
+//                        if (newArrayTypeRegion.isEmpty) {
+//                            ctx.falseExpr
+//                        } else {
+//                            ctx.mkElementOfArrayTypeExpr(elemRef, arrayRef)
+//                        }
+//                    },
+//                    ignoreNullRefs = true
+//                )
+//            },
+//            ignoreNullRefs = false
+//        )
+//    }
+//
+//    fun addIsElementOfArray(elemRef: UHeapRef, arrayRef: UHeapRef) {
+//        when (elemRef) {
+//            is UConcreteHeapRef -> {
+//                val elemType = concreteRefToType.getValue(elemRef.address)
+//                when (arrayRef) {
+//                    is UConcreteHeapRef -> {
+//                        val arrayType = concreteRefToType.getValue(arrayRef.address) as JcArrayType
+//                        if (typeSystem.isArrayElemType(elemType, arrayType)) {
+//                            contradiction()
+//                        }
+//                    }
+//
+//                    is UNullRef -> error("Null ref should be handled explicitly earlier")
+//                    is USymbolicHeapRef -> {
+//                        val arrayTypeOfElement = typeSystem.arrayTypeOf(elemType)
+//                        updateRegionCannotBeEqualNull(arrayRef) { it.addSubtype(arrayTypeOfElement) }
+//                    }
+//
+//                    else -> error("Unexpected ref: $arrayRef")
+//                }
+//            }
+//
+//            is UNullRef -> return
+//            is USymbolicHeapRef -> {
+//                when (arrayRef) {
+//                    is UConcreteHeapRef -> {
+//                        val arrayType = concreteRefToType.getValue(arrayRef.address) as JcArrayType
+//                        updateRegionCanBeEqualNull(elemRef) { it.addSupertype(arrayType) }
+//                    }
+//
+//                    is UNullRef -> error("Null ref should be handled explicitly earlier")
+//                    is USymbolicHeapRef -> {
+//                        val elemTypeRegion = getTypeRegion(elemRef)
+//                        val arrayTypeRegion = getTypeRegion(arrayRef)
+//                        // actually, we need to map type regions here
+//                        updateRegionCanBeEqualNull(elemRef) { it.intersect(arrayTypeRegion) }
+//                        // actually, we need to map type regions here
+//                        updateRegionCannotBeEqualNull(arrayRef) { it.intersect(elemTypeRegion) }
+//                    }
+//
+//                    else -> error("Unexpected ref: $arrayRef")
+//                }
+//            }
+//
+//            else -> error("Unexpected ref: $arrayRef")
+//        }
+//    }
+//}

usvm-jvm/src/main/kotlin/org/usvm/machine/state/JcState.kt

@@ -10,7 +10,6 @@ import org.usvm.UCallStack
 import org.usvm.UContext
 import org.usvm.UState
 import org.usvm.constraints.UPathConstraints
-import org.usvm.machine.JcContext
 import org.usvm.memory.UMemoryBase
 import org.usvm.model.UModelBase
 

usvm-jvm/src/samples/java/org/usvm/samples/objects/HiddenFieldExample.java

@@ -1,10 +1,10 @@
 package org.usvm.samples.objects;
 
-import static org.usvm.api.mock.UMockKt.assume;
-
 public class HiddenFieldExample {
     public int checkHiddenField(HiddenFieldSuperClass o) {
-        assume(!(o instanceof HiddenFieldSuccClass));
+        if (o instanceof HiddenFieldSuccClass) {
+            return 0;
+        }
 
         if (o.a == 1 && o.b == 2) {
             return 1;

usvm-jvm/src/samples/java/org/usvm/samples/types/PathDependentGenericsExample.java

@@ -42,11 +42,11 @@ private <T, K extends Number> void functionWithSeveralGenerics(List<K> firstValu
     }
 
     private <T> void functionWithOneGeneric(ClassWithOneGeneric<T> value) {
-        System.out.println();
+
     }
 
     private <T, K> void functionWithTwoGenerics(ClassWithTwoGenerics<T, K> value) {
-        System.out.println();
+
     }
 }
 

usvm-jvm/src/test/kotlin/org/usvm/samples/casts/CastClassTest.kt

@@ -9,7 +9,7 @@ import org.usvm.test.util.checkers.eq
 
 internal class CastClassTest : JavaMethodTestRunner() {
     @Test
-    @Disabled("Support instanceof")
+    @Disabled("Support assumptions")
     fun testThisTypeChoice() {
         checkDiscoveredProperties(
             CastClass::castToInheritor,

usvm-jvm/src/test/kotlin/org/usvm/samples/casts/InstanceOfExampleTest.kt

@@ -1,14 +1,11 @@
 package org.usvm.samples.casts
 
-import org.junit.jupiter.api.Disabled
 import org.junit.jupiter.api.Test
 import org.usvm.samples.JavaMethodTestRunner
 import org.usvm.test.util.checkers.eq
 import org.usvm.test.util.checkers.ge
 import org.usvm.test.util.checkers.ignoreNumberOfAnalysisResults
 
-
-@Disabled("Support instanceof")
 internal class InstanceOfExampleTest : JavaMethodTestRunner() {
     @Test
     fun testSimpleInstanceOf() {
@@ -234,7 +231,6 @@ internal class InstanceOfExampleTest : JavaMethodTestRunner() {
     }
 
     @Test
-    @Disabled("Unexpected lvalue org.usvm.machine.JcStaticFieldRef@74414a78")
     fun testInstanceOfAsInternalExpressionsMap() {
         checkDiscoveredProperties(
             InstanceOfExample::instanceOfAsInternalExpressionsMap,
@@ -247,9 +243,8 @@ internal class InstanceOfExampleTest : JavaMethodTestRunner() {
     fun testSymbolicInstanceOf() {
         checkDiscoveredProperties(
             InstanceOfExample::symbolicInstanceOf,
-            eq(6),
-            { _, _, i, r -> i < 1 && r == null },
-            { _, _, i, r -> i > 3 && r == null },
+            eq(5),
+            { _, _, i, r -> (i < 1 || i > 3) && r == null },
             { _, o, _, _ -> o == null },
             { _, o, i, _ -> o != null && i > o.lastIndex },
             { _, o, i, r -> o != null && o[i] is CastClassFirstSucc && r is CastClassFirstSucc },

usvm-jvm/src/test/kotlin/org/usvm/samples/objects/HiddenFieldExampleTest.kt

@@ -8,12 +8,12 @@ import org.usvm.test.util.checkers.eq
 
 internal class HiddenFieldExampleTest : JavaMethodTestRunner() {
     @Test
-    @Disabled("Support instanceof")
     fun testCheckHiddenField() {
         checkDiscoveredProperties(
             HiddenFieldExample::checkHiddenField,
-            eq(4),
+            eq(5),
             { _, o, _ -> o == null },
+            { _, o, r -> o is HiddenFieldSuccClass && r == 0 },
             { _, o, r -> o != null && o.a != 1 && r == 2 },
             { _, o, r -> o != null && o.a == 1 && o.b != 2 && r == 2 },
             { _, o, r -> o != null && o.a == 1 && o.b == 2 && r == 1 },

usvm-jvm/src/test/kotlin/org/usvm/samples/structures/StandardStructuresTest.kt

@@ -9,7 +9,7 @@ import java.util.TreeMap
 
 internal class StandardStructuresTest : JavaMethodTestRunner() {
     @Test
-    @Disabled("Support instanceof")
+    @Disabled("Support creation of collections")
     fun testGetList() {
         checkDiscoveredProperties(
             StandardStructures::getList,
@@ -24,7 +24,7 @@ internal class StandardStructuresTest : JavaMethodTestRunner() {
     }
 
     @Test
-    @Disabled("Support instanceof")
+    @Disabled("Support creation of collections")
     fun testGetMap() {
         checkDiscoveredProperties(
             StandardStructures::getMap,
@@ -36,7 +36,7 @@ internal class StandardStructuresTest : JavaMethodTestRunner() {
     }
 
     @Test
-    @Disabled("Support instanceof")
+    @Disabled("Support creation of collections")
     fun testGetDeque() {
         checkDiscoveredProperties(
             StandardStructures::getDeque,

usvm-jvm/src/test/kotlin/org/usvm/samples/types/PathDependentGenericsExampleTest.kt

@@ -8,7 +8,6 @@ import org.usvm.test.util.checkers.eq
 
 internal class PathDependentGenericsExampleTest : JavaMethodTestRunner() {
     @Test
-    @Disabled("Support instanceof")
     fun testPathDependentGenerics() {
         checkDiscoveredProperties(
             PathDependentGenericsExample::pathDependentGenerics,