Scott Moore

Interestingly, ADTs might have the right behavior: ``` .type Pair = P {?x: number, ?y: number} .decl n(x: number) n(0). n(x) :- r($P(_, x)). .decl r(p: Pair) r($P(x, y)) :-...

There's also the notebook tutorial that's included as an example when you start the MATE system: https://github.com/GaloisInc/MATE/blob/main/jupyter/examples/cpg-tutorial-no-solutions.ipynb and https://github.com/GaloisInc/MATE/blob/main/jupyter/examples/cpg-tutorial-with-solutions.ipynb. Perhaps we should point these out in the docs as well?...

Can you provide more information about your experiment? What context-sensitivity setting did you use when invoking cclyzer++? Can you share the bitcode file?

Thanks, this will be very helpful for us to debug!

I had a chance to start looking into this. My initial run is still going, but I'm seeing fairly different behavior---it seems to be spending all its time in var_points_to...

I'm also curious what's the largest parameter number you see in `func_type_param.csv.gz` in your facts directory?

The context-insensitive analysis of `make` (at least the bitcode I got using gllvm) finished for me in around 155 minutes on a single thread and doesn't seem to have triggered...

The unification-based context insensitive analysis is quicker, and it is possible that higher context-sensitivity with either analysis could also be faster (depending on the program). I'm also not sure what...

Thinking about this a bit more, a potential problem is that `type_compatible` computes a subset of the cartesian product of types. If you have lots of types (particularly structs or...

I think the way to try the second option would be passing `--magic-transform="type_compatible, type_compatible_up_to_arg"` to souffle during program generation. If you give that a try and it helps, let us...