toolCHAINZ
diff --git a/‎jingle/src/analysis/compound/reducer.rs‎
Lines changed: 56 additions & 39 deletions b/‎jingle/src/analysis/compound/reducer.rs‎
Lines changed: 56 additions & 39 deletions
diff --git a/‎jingle/src/analysis/cpa/final_reducer.rs‎
Lines changed: 5 additions & 5 deletions b/‎jingle/src/analysis/cpa/final_reducer.rs‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎jingle/src/analysis/cpa/mod.rs‎
Lines changed: 8 additions & 7 deletions b/‎jingle/src/analysis/cpa/mod.rs‎
Lines changed: 8 additions & 7 deletions
diff --git a/‎jingle/src/analysis/cpa/reducer.rs‎
Lines changed: 20 additions & 16 deletions b/‎jingle/src/analysis/cpa/reducer.rs‎
Lines changed: 20 additions & 16 deletions
@@ -9,18 +9,21 @@ pub struct CompoundReducer<'op, A: ConfigurableProgramAnalysis, B: ConfigurableP
     b: B::Reducer<'op>,
 }
 
-impl<'op, A: ConfigurableProgramAnalysis, B: ConfigurableProgramAnalysis>
-    Residue<'op, CompoundState2<A::State, B::State>> for CompoundReducer<'op, A, B>
+impl<'r, A: ConfigurableProgramAnalysis, B: ConfigurableProgramAnalysis>
+    Residue<CompoundState2<A::State, B::State>> for CompoundReducer<'r, A, B>
+where
+    A::Reducer<'r>: Residue<A::State>,
+    B::Reducer<'r>: Residue<B::State>,
 {
     type Output = (
-        <A::Reducer<'op> as Residue<'op, A::State>>::Output,
-        <B::Reducer<'op> as Residue<'op, B::State>>::Output,
+        <A::Reducer<'r> as Residue<A::State>>::Output,
+        <B::Reducer<'r> as Residue<B::State>>::Output,
     );
 
     fn new() -> Self {
         Self {
-            a: <A::Reducer<'op> as Residue<'op, A::State>>::new(),
-            b: <B::Reducer<'op> as Residue<'op, B::State>>::new(),
+            a: <A::Reducer<'r> as Residue<A::State>>::new(),
+            b: <B::Reducer<'r> as Residue<B::State>>::new(),
         }
     }
 
@@ -29,7 +32,9 @@ impl<'op, A: ConfigurableProgramAnalysis, B: ConfigurableProgramAnalysis>
         (a.finalize(), b.finalize())
     }
 
-    fn merged_state(
+    // Method-level op lifetime is `'op`; it is late-bound by the trait and
+    // is independent from the impl's `'r` lifetime parameter.
+    fn merged_state<'op>(
         &mut self,
         curr_state: &CompoundState2<A::State, B::State>,
         dest_state: &CompoundState2<A::State, B::State>,
@@ -42,7 +47,7 @@ impl<'op, A: ConfigurableProgramAnalysis, B: ConfigurableProgramAnalysis>
             .merged_state(&curr_state.s2, &dest_state.s2, &merged_state.s2, op);
     }
 
-    fn new_state(
+    fn new_state<'op>(
         &mut self,
         state: &CompoundState2<A::State, B::State>,
         dest_state: &CompoundState2<A::State, B::State>,
@@ -59,18 +64,21 @@ pub struct CompoundReducer2<'op, A: ConfigurableProgramAnalysis, B: Configurable
     b: B::Reducer<'op>,
 }
 
-impl<'op, A: ConfigurableProgramAnalysis, B: ConfigurableProgramAnalysis>
-    Residue<'op, CompoundState2<A::State, B::State>> for CompoundReducer2<'op, A, B>
+impl<'r, A: ConfigurableProgramAnalysis, B: ConfigurableProgramAnalysis>
+    Residue<CompoundState2<A::State, B::State>> for CompoundReducer2<'r, A, B>
+where
+    A::Reducer<'r>: Residue<A::State>,
+    B::Reducer<'r>: Residue<B::State>,
 {
     type Output = (
-        <A::Reducer<'op> as Residue<'op, A::State>>::Output,
-        <B::Reducer<'op> as Residue<'op, B::State>>::Output,
+        <A::Reducer<'r> as Residue<A::State>>::Output,
+        <B::Reducer<'r> as Residue<B::State>>::Output,
     );
 
     fn new() -> Self {
         Self {
-            a: <A::Reducer<'op> as Residue<'op, A::State>>::new(),
-            b: <B::Reducer<'op> as Residue<'op, B::State>>::new(),
+            a: <A::Reducer<'r> as Residue<A::State>>::new(),
+            b: <B::Reducer<'r> as Residue<B::State>>::new(),
         }
     }
 
@@ -79,7 +87,7 @@ impl<'op, A: ConfigurableProgramAnalysis, B: ConfigurableProgramAnalysis>
         (a.finalize(), b.finalize())
     }
 
-    fn merged_state(
+    fn merged_state<'op>(
         &mut self,
         curr_state: &CompoundState2<A::State, B::State>,
         dest_state: &CompoundState2<A::State, B::State>,
@@ -92,7 +100,7 @@ impl<'op, A: ConfigurableProgramAnalysis, B: ConfigurableProgramAnalysis>
             .merged_state(&curr_state.s2, &dest_state.s2, &merged_state.s2, op);
     }
 
-    fn new_state(
+    fn new_state<'op>(
         &mut self,
         state: &CompoundState2<A::State, B::State>,
         dest_state: &CompoundState2<A::State, B::State>,
@@ -116,23 +124,27 @@ pub struct CompoundReducer3<
 }
 
 impl<
-    'op,
+    'r,
     A: ConfigurableProgramAnalysis,
     B: ConfigurableProgramAnalysis,
     C: ConfigurableProgramAnalysis,
-> Residue<'op, CompoundState3<A::State, B::State, C::State>> for CompoundReducer3<'op, A, B, C>
+> Residue<CompoundState3<A::State, B::State, C::State>> for CompoundReducer3<'r, A, B, C>
+where
+    A::Reducer<'r>: Residue<A::State>,
+    B::Reducer<'r>: Residue<B::State>,
+    C::Reducer<'r>: Residue<C::State>,
 {
     type Output = (
-        <A::Reducer<'op> as Residue<'op, A::State>>::Output,
-        <B::Reducer<'op> as Residue<'op, B::State>>::Output,
-        <C::Reducer<'op> as Residue<'op, C::State>>::Output,
+        <A::Reducer<'r> as Residue<A::State>>::Output,
+        <B::Reducer<'r> as Residue<B::State>>::Output,
+        <C::Reducer<'r> as Residue<C::State>>::Output,
     );
 
     fn new() -> Self {
         Self {
-            a: <A::Reducer<'op> as Residue<'op, A::State>>::new(),
-            b: <B::Reducer<'op> as Residue<'op, B::State>>::new(),
-            c: <C::Reducer<'op> as Residue<'op, C::State>>::new(),
+            a: <A::Reducer<'r> as Residue<A::State>>::new(),
+            b: <B::Reducer<'r> as Residue<B::State>>::new(),
+            c: <C::Reducer<'r> as Residue<C::State>>::new(),
         }
     }
 
@@ -141,7 +153,7 @@ impl<
         (a.finalize(), b.finalize(), c.finalize())
     }
 
-    fn merged_state(
+    fn merged_state<'op>(
         &mut self,
         curr_state: &CompoundState3<A::State, B::State, C::State>,
         dest_state: &CompoundState3<A::State, B::State, C::State>,
@@ -156,7 +168,7 @@ impl<
             .merged_state(&curr_state.s3, &dest_state.s3, &merged_state.s3, op);
     }
 
-    fn new_state(
+    fn new_state<'op>(
         &mut self,
         state: &CompoundState3<A::State, B::State, C::State>,
         dest_state: &CompoundState3<A::State, B::State, C::State>,
@@ -183,27 +195,32 @@ pub struct CompoundReducer4<
 }
 
 impl<
-    'op,
+    'r,
     A: ConfigurableProgramAnalysis,
     B: ConfigurableProgramAnalysis,
     C: ConfigurableProgramAnalysis,
     D: ConfigurableProgramAnalysis,
-> Residue<'op, CompoundState4<A::State, B::State, C::State, D::State>>
-    for CompoundReducer4<'op, A, B, C, D>
+> Residue<CompoundState4<A::State, B::State, C::State, D::State>>
+    for CompoundReducer4<'r, A, B, C, D>
+where
+    A::Reducer<'r>: Residue<A::State>,
+    B::Reducer<'r>: Residue<B::State>,
+    C::Reducer<'r>: Residue<C::State>,
+    D::Reducer<'r>: Residue<D::State>,
 {
     type Output = (
-        <A::Reducer<'op> as Residue<'op, A::State>>::Output,
-        <B::Reducer<'op> as Residue<'op, B::State>>::Output,
-        <C::Reducer<'op> as Residue<'op, C::State>>::Output,
-        <D::Reducer<'op> as Residue<'op, D::State>>::Output,
+        <A::Reducer<'r> as Residue<A::State>>::Output,
+        <B::Reducer<'r> as Residue<B::State>>::Output,
+        <C::Reducer<'r> as Residue<C::State>>::Output,
+        <D::Reducer<'r> as Residue<D::State>>::Output,
     );
 
     fn new() -> Self {
         Self {
-            a: <A::Reducer<'op> as Residue<'op, A::State>>::new(),
-            b: <B::Reducer<'op> as Residue<'op, B::State>>::new(),
-            c: <C::Reducer<'op> as Residue<'op, C::State>>::new(),
-            d: <D::Reducer<'op> as Residue<'op, D::State>>::new(),
+            a: <A::Reducer<'r> as Residue<A::State>>::new(),
+            b: <B::Reducer<'r> as Residue<B::State>>::new(),
+            c: <C::Reducer<'r> as Residue<C::State>>::new(),
+            d: <D::Reducer<'r> as Residue<D::State>>::new(),
         }
     }
 
@@ -212,7 +229,7 @@ impl<
         (a.finalize(), b.finalize(), c.finalize(), d.finalize())
     }
 
-    fn merged_state(
+    fn merged_state<'op>(
         &mut self,
         curr_state: &CompoundState4<A::State, B::State, C::State, D::State>,
         dest_state: &CompoundState4<A::State, B::State, C::State, D::State>,
@@ -229,7 +246,7 @@ impl<
             .merged_state(&curr_state.s4, &dest_state.s4, &merged_state.s4, op);
     }
 
-    fn new_state(
+    fn new_state<'op>(
         &mut self,
         state: &CompoundState4<A::State, B::State, C::State, D::State>,
         dest_state: &CompoundState4<A::State, B::State, C::State, D::State>,
 
@@ -66,7 +66,7 @@ where
     }
 }
 
-impl<'a, S> Residue<'a, S> for FinalReducer<S>
+impl<S> Residue<S> for FinalReducer<S>
 where
     S: AbstractState,
 {
@@ -76,11 +76,11 @@ where
     ///
     /// The source `state` has at least one successor, so it is not final.
     /// The `dest_state` is recorded as a potential final state (to be verified later).
-    fn new_state(
+    fn new_state<'op>(
         &mut self,
         state: &S,
         dest_state: &S,
-        _op: &Option<crate::analysis::pcode_store::PcodeOpRef<'a>>,
+        _op: &Option<crate::analysis::pcode_store::PcodeOpRef<'op>>,
     ) {
         // The source state has successors, so it's not final
         if !self.non_final_states.iter().any(|s| s == state) {
@@ -98,12 +98,12 @@ where
     /// When states are merged, the current state is also a non-final state since
     /// it produced successors. We update references to the original destination
     /// state to point to the merged state.
-    fn merged_state(
+    fn merged_state<'op>(
         &mut self,
         curr_state: &S,
         original_merged_state: &S,
         merged_state: &S,
-        _op: &Option<crate::analysis::pcode_store::PcodeOpRef<'a>>,
+        _op: &Option<crate::analysis::pcode_store::PcodeOpRef<'op>>,
     ) {
         // The current state has successors, so it's not final
         if !self.non_final_states.iter().any(|s| s == curr_state) {
 
@@ -37,9 +37,10 @@ pub trait ConfigurableProgramAnalysis: Sized {
     type State: AbstractState + Debug;
 
     // Reducer is a generic associated type parameterized by an op lifetime `'op`.
-    // This allows reducers to be expressed that accept/store `PcodeOpRef<'op>`
-    // without requiring clones.
-    type Reducer<'op>: residue::Residue<'op, Self::State>;
+    // Reducer types are expected to implement `Residue<S>` (the op lifetime is
+    // carried by the methods). This lets reducer implementations accept
+    // `PcodeOpRef<'op>` in method calls without putting the lifetime on the trait.
+    type Reducer<'op>: residue::Residue<Self::State>;
 }
 
 /**
@@ -63,13 +64,13 @@ where
         &self,
         initial: I,
         pcode_store: &'op P,
-    ) -> <<Self as ConfigurableProgramAnalysis>::Reducer<'op> as residue::Residue<'op, Self::State>>::Output
-    where
-        Self::State: 'op,
+    ) -> <<Self as ConfigurableProgramAnalysis>::Reducer<'op> as residue::Residue<Self::State>>::Output
     {
         let initial = initial.borrow();
         // Construct the reducer specialized for the `'op` lifetime.
-        let mut reducer = <Self::Reducer<'op> as residue::Residue<'op, Self::State>>::new();
+        // The Reducer GAT yields a type whose `new()` constructs the reducer
+        // value; the `Residue` trait itself accepts op lifetimes on its methods.
+        let mut reducer = <Self::Reducer<'op> as residue::Residue<Self::State>>::new();
 
         let mut waitlist: VecDeque<Self::State> = VecDeque::new();
         let mut reached: VecDeque<Self::State> = VecDeque::new();
 
@@ -45,41 +45,44 @@ where
     }
 }
 
-impl<'a, N> Residue<'a, N> for CfgReducer<'a, N>
+impl<'a, N> Residue<N> for CfgReducer<'a, N>
 where
     N: LocationState + CfgState,
 {
     type Output = PcodeCfg<N, PcodeOpRef<'a>>;
+
     /// Record a reduction/transition from `state` to `dest_state` into the CFG.
     ///
-    /// This mirrors the logic previously implemented in the unwinding CPA's
-    /// `reduce` method, but generalized: we convert both CPA states into `N`
-    /// via the mapper and add nodes/edges to the cfg. If `op` is `None`,
-    /// only the source node is added (no edge).
-    fn new_state(&mut self, state: &N, dest_state: &N, op: &Option<PcodeOpRef<'a>>) {
+    /// The op lifetime is generic per-call (`'op`). We accept an `Option<PcodeOpRef<'op>>`
+    /// and convert the referenced operation into an owned `PcodeOpRef<'a>` for storage
+    /// inside the CFG so we don't retain references tied to the caller's borrow.
+    fn new_state<'op>(&mut self, state: &N, dest_state: &N, op: &Option<PcodeOpRef<'op>>) {
         self.cfg.add_node(state);
 
         if let Some(op) = op {
-            // Convert the wrapped op into an owned PcodeOperation before inserting.
-            // `PcodeOpRef` derefs to `PcodeOperation`; call `as_ref().clone()` to obtain an owned op.
-            let owned_op = op.clone();
+            // Clone the inner PcodeOperation into an owned value, then wrap it in a
+            // `PcodeOpRef<'a>` so the CFG stores an owned operation rather than borrowing
+            // from the caller's lifetime.
+            let owned = op.as_ref().clone();
+            let stored: PcodeOpRef<'a> = PcodeOpRef::from(owned);
             // add_edge will insert nodes if missing
-            self.cfg.add_edge(state, dest_state, owned_op);
+            self.cfg.add_edge(state, dest_state, stored);
         }
     }
 
     /// When two abstract states are merged in the CPA, adjust the recorded CFG
     /// so edges that previously pointed to the original `dest_state` now point
     /// to the `merged_state`.
     ///
-    /// This duplicates the behavior from the unwinding CPA's `merged` method in
-    /// a generic way.
-    fn merged_state(
+    /// The op lifetime is generic per-call (`'op`). Convert any provided op into
+    /// an owned `PcodeOpRef<'a>` before storing it in the CFG to avoid borrowing
+    /// across the caller's lifetime.
+    fn merged_state<'op>(
         &mut self,
         state: &N,
         dest_state: &N,
         merged_state: &N,
-        op: &Option<PcodeOpRef<'a>>,
+        op: &Option<PcodeOpRef<'op>>,
     ) {
         tracing::debug!("merged called: dest_state and merged_state provided");
         // If operation is not present we can't deterministically reconstruct
@@ -88,8 +91,9 @@ where
         // We only proceed when there is an op provided (matches unwinding impl).
         self.cfg.replace_and_combine_nodes(dest_state, merged_state);
         if let Some(op) = op {
-            let owned_op = op.clone();
-            self.cfg.add_edge(state, merged_state, owned_op);
+            let owned = op.as_ref().clone();
+            let stored: PcodeOpRef<'a> = PcodeOpRef::from(owned);
+            self.cfg.add_edge(state, merged_state, stored);
         }
     }