Improve MHP precision using ancestor locksets

[dabund24]

closes #1805

Summary

Handle the following cases:

1. When creating $t_1$, $t_0$ must hold a lock $l$. If $l$ is not released before $t_1$ is definitely joined into $t_0$, $t_1$ is protected by $l$.
2. When creating $t_1$, $t_0$ must hold a lock $l$. If $l$ is definitely acquired in $t_1$, everything after the acquisition must happen after program points in $t_0$, where $l$ was definitely not yet released.

Both cases can be generalized to a transitive version.

Analyses

For now, the following analyses are planned

• case 1:
  • creation locksets:
    • flow-insensitive
    • $T\to 2^{T\times L}$
    • $t_1\mapsto \{ (t_0,l) \}$ means " $t_1$ could be protected by $l$ locked in $t_0$, since $l$ must be held in $t_0$ when $t_1$ gets created"
  • tainted creation locksets:
    • flow-insensitive
    • $T\to 2^{T\times L}$
    • $t_1\mapsto\{(t_0,l)\}$ means " $t_1$ may have been created, but cannot be protected by $l$ locked in $t_0$, since $l$ may get unlocked before $t_1$ is definitely joined into $t_0$"
  • transitive descendants:
    • flow-insensitive
    • $T\to2^T$
    • $t_0\mapsto\{t_1\}$ means " $t_1$ is an ancestor of $t_0$"
  • transitively expand creation locksets and tainted creation locksets using the transitive descendants analysis
• case 2:
  most-likely the analyses described in https://onlinelibrary.wiley.com/doi/10.1002/cpe.70203

Further TODOs/Things to think about

• case 1:
  • what about non-unique thread ids?
  • what if ana.thread.domain is plain?
  • what if ana.thread.include-node is false?