Improve memOutOfBounds precision by querying size/length of particular variable

[sim642]

This is a continuation of #2030.

It is necessary to make the analysis relational between the address base size and the offset (PR to come) but already on its own reveals some issues.

[Copilot]

Pull request overview

This PR continues the memOutOfBounds precision improvements by making size/length queries target a specific base variable (rather than querying over a mixed points-to set), and simplifies the BlobSize query API accordingly.

Changes:

• Simplify Queries.BlobSize from a {exp; base_address} record parameter to just exp.
• Update the base analysis’ BlobSize query implementation to require base (no-offset) addresses and to cast blob sizes to ptrdiff for downstream arithmetic.
• Update memOutOfBounds and base’s pointer-target sizing helpers to query BlobSize/EvalLength on AddrOf (Var v, NoOffset).

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.

File	Description
src/domains/queries.ml	Changes the BlobSize query type and related compare/hash/pretty logic.
src/analyses/memOutOfBounds.ml	Queries blob size/array length using a base-address expression per pointee to improve precision.
src/analyses/base.ml	Adjusts BlobSize query handling (offset handling + casting) and updates callers to use base-address queries.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[sim642]

On sv-benchmarks with level02 and 90s, this makes no difference to verdicts.
Also this makes no difference to the dashboard checks comparison.
But that's expected because the values are joined currently anyway. This just avoids joining the sizes multiple times with themselves.