DefExc: Define widen by join.

[jerhard]

Previously, DefExc used the widening operator as implemented by Lattice.StdCousot -- which is not a valid widening operator (as of now), because it just returns the second argument:

analyzer/src/domains/lattice.ml

Lines 35 to 39 in 0a88b34

	module StdCousot =
	struct
	let widen x y = y
	let narrow x y = x
	end

So now we define the widen simply by the join for DefExc.

More generally speaking, there are 16 includes of StdCousot in the code base (not counting those in arrayDomain_deprecated and intDomain_unused). At some of these places, the widen might not be overridden and the resulting behavior might be unsound.

[jerhard]

We maybe should consider to simply remove widen from Lattice.StdCousot, as to be sound, it would either have to rely on a passed join operator (given that our domains only have finite ascending chains), or always would have to return top.

[vogler]

Searching for S.Dom.widen, the only place where we don't do S.Dom.widen old (S.Dom.join old tmp) in the solver seems to be this:

analyzer/src/solvers/sLR.ml

Line 69 in 0a88b34

if HM.mem globals x then S.Dom.widen old tmp

So, as it's used currently, it shouldn't be unsound (except for slr3 maybe).

We should probably just remove StdCousot alltogether. In order to replace widen with let widen = B.join, it'd need to be functorized.

[jerhard]

I tried to remove StdCousot here, but somehow it makes test 09/03 fail, because some races are not detected anymore.

[jerhard]

Ok, now that @michael-schwarz fixed it, should we just merge this?

[michael-schwarz]

Apparently this behavior was intended and the solvers are written in a way such that they always did a join, before calling widen (as Ralf mentioned above).
However, in today's Gobcon the consensus was that this should be abandoned and that every domain needs to specify widen in a way s.t. join a b \leq widen a b.