CBMC
analyze_symbol.h
Go to the documentation of this file.
1 /*******************************************************************\
2 
3 Module: Symbol Analyzer
4 
5 Author: Malte Mues <mail.mues@gmail.com>
6  Daniel Poetzl
7 
8 \*******************************************************************/
9 
12 
13 #ifndef CPROVER_MEMORY_ANALYZER_ANALYZE_SYMBOL_H
14 #define CPROVER_MEMORY_ANALYZER_ANALYZE_SYMBOL_H
15 
16 #include <map>
17 #include <string>
18 
19 #include "gdb_api.h"
20 
21 #include <ansi-c/expr2c_class.h>
22 
23 #include <util/message.h>
24 #include <util/namespace.h>
25 #include <util/pointer_expr.h>
26 #include <util/std_code.h>
27 #include <util/symbol_table.h>
28 
29 #include <goto-programs/allocate_objects.h>
30 
31 class gdb_apit;
32 class exprt;
33 class source_locationt;
34 
36 class gdb_value_extractort
37 {
38 public:
39  gdb_value_extractort(
40  const symbol_tablet &symbol_table,
41  const std::vector<std::string> &args);
42 
47  void analyze_symbols(const std::list<std::string> &symbols);
48 
51  std::string get_snapshot_as_c_code();
52 
59  symbol_tablet get_snapshot_as_symbol_table();
60 
61  using pointer_valuet = gdb_apit::pointer_valuet;
62  using memory_addresst = gdb_apit::memory_addresst;
63 
64  void create_gdb_process()
65  {
66  gdb_api.create_gdb_process();
67  }
68  bool run_gdb_to_breakpoint(const std::string &breakpoint)
69  {
70  return gdb_api.run_gdb_to_breakpoint(breakpoint);
71  }
72  void run_gdb_from_core(const std::string &corefile)
73  {
74  gdb_api.run_gdb_from_core(corefile);
75  }
76 
77 private:
78  gdb_apit gdb_api;
79 
82  symbol_tablet symbol_table;
83  const namespacet ns;
84  expr2ct c_converter;
85  allocate_objectst allocate_objects;
86 
88  std::map<exprt, exprt> assignments;
89 
92  std::map<exprt, memory_addresst> outstanding_assignments;
93 
96  std::map<memory_addresst, exprt> values;
97 
98  struct memory_scopet
99  {
100  private:
101  size_t begin_int;
102  mp_integer byte_size;
103  irep_idt name;
104 
108  size_t address2size_t(const memory_addresst &point) const;
109 
113  bool check_containment(const size_t &point_int) const
114  {
115  return point_int >= begin_int && (begin_int + byte_size) > point_int;
116  }
117 
118  public:
119  memory_scopet(
120  const memory_addresst &begin,
121  const mp_integer &byte_size,
122  const irep_idt &name);
123 
127  bool contains(const memory_addresst &point) const
128  {
129  return check_containment(address2size_t(point));
130  }
131 
136  mp_integer
137  distance(const memory_addresst &point, mp_integer member_size) const;
138 
141  irep_idt id() const
142  {
143  return name;
144  }
145 
148  mp_integer size() const
149  {
150  return byte_size;
151  }
152  };
153 
155  std::vector<memory_scopet> dynamically_allocated;
156 
158  std::map<irep_idt, pointer_valuet> memory_map;
159 
160  bool has_known_memory_location(const irep_idt &id) const
161  {
162  return memory_map.count(id) != 0;
163  }
164 
168  std::vector<memory_scopet>::iterator find_dynamic_allocation(irep_idt name);
169 
173  std::vector<memory_scopet>::iterator
174  find_dynamic_allocation(const memory_addresst &point);
175 
179  mp_integer get_malloc_size(irep_idt name);
180 
192  optionalt<std::string>
193  get_malloc_pointee(const memory_addresst &point, mp_integer member_size);
194 
198  mp_integer get_type_size(const typet &type) const;
199 
204  void analyze_symbol(const irep_idt &symbol_name);
205 
210  void add_assignment(const exprt &lhs, const exprt &value);
211 
218  exprt get_array_value(
219  const exprt &expr,
220  const exprt &array,
221  const source_locationt &location);
222 
232  exprt get_expr_value(
233  const exprt &expr,
234  const exprt &zero_expr,
235  const source_locationt &location);
236 
242  exprt get_struct_value(
243  const exprt &expr,
244  const exprt &zero_expr,
245  const source_locationt &location);
246 
252  exprt get_union_value(
253  const exprt &expr,
254  const exprt &zero_expr,
255  const source_locationt &location);
256 
264  exprt get_pointer_value(
265  const exprt &expr,
266  const exprt &zero_expr,
267  const source_locationt &location);
268 
276  exprt get_pointer_to_member_value(
277  const exprt &expr,
278  const pointer_valuet &pointer_value,
279  const source_locationt &location);
280 
288  exprt get_non_char_pointer_value(
289  const exprt &expr,
290  const pointer_valuet &value,
291  const source_locationt &location);
292 
300  exprt get_pointer_to_function_value(
301  const exprt &expr,
302  const pointer_valuet &pointer_value,
303  const source_locationt &location);
304 
315  exprt get_char_pointer_value(
316  const exprt &expr,
317  const memory_addresst &memory_location,
318  const source_locationt &location);
319 
321  void process_outstanding_assignments();
322 
326  std::string get_gdb_value(const exprt &expr);
327 
333  bool points_to_member(
334  pointer_valuet &pointer_value,
335  const pointer_typet &expected_type);
336 };
337 
338 #endif // CPROVER_MEMORY_ANALYZER_ANALYZE_SYMBOL_H
dstringt
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Definition: dstring.h:36
symbol_tablet
The symbol table.
Definition: symbol_table.h:13
gdb_apit::pointer_valuet
Data associated with the value of a pointer, i.e.
Definition: gdb_api.h:77
mp_integer
BigInt mp_integer
Definition: smt_terms.h:17
gdb_value_extractort::gdb_value_extractort
gdb_value_extractort(const symbol_tablet &symbol_table, const std::vector< std::string > &args)
Definition: analyze_symbol.cpp:24
typet
The type of an expression, extends irept.
Definition: type.h:28
gdb_value_extractort::get_snapshot_as_symbol_table
symbol_tablet get_snapshot_as_symbol_table()
Get memory snapshot as symbol table Build a new symbol_tablet and for each lhs symbol from collected ...
Definition: analyze_symbol.cpp:189
gdb_value_extractort::memory_scopet::byte_size
mp_integer byte_size
Definition: analyze_symbol.h:102
gdb_value_extractort::get_pointer_value
exprt get_pointer_value(const exprt &expr, const exprt &zero_expr, const source_locationt &location)
Call gdb_apit::get_memory on expr then split based on the points-to type being char type or not.
Definition: analyze_symbol.cpp:491
gdb_value_extractort::get_expr_value
exprt get_expr_value(const exprt &expr, const exprt &zero_expr, const source_locationt &location)
Case analysis on the typet of expr 1) For integers, booleans, and enums: call gdb_apit::get_value dir...
Definition: analyze_symbol.cpp:604
gdb_value_extractort::memory_scopet::distance
mp_integer distance(const memory_addresst &point, mp_integer member_size) const
Compute the distance of point from the beginning of this scope.
Definition: analyze_symbol.cpp:51
gdb_value_extractort::analyze_symbols
void analyze_symbols(const std::list< std::string > &symbols)
For each input symbol in symbols: map its value address to its symbol_exprt (via the values map) and ...
Definition: analyze_symbol.cpp:109
gdb_value_extractort::get_struct_value
exprt get_struct_value(const exprt &expr, const exprt &zero_expr, const source_locationt &location)
For each of the members of the struct: call get_expr_value.
Definition: analyze_symbol.cpp:687
gdb_value_extractort::ns
const namespacet ns
Definition: analyze_symbol.h:83
gdb_value_extractort::get_union_value
exprt get_union_value(const exprt &expr, const exprt &zero_expr, const source_locationt &location)
For each of the members of the struct: call get_expr_value.
Definition: analyze_symbol.cpp:720
gdb_value_extractort::has_known_memory_location
bool has_known_memory_location(const irep_idt &id) const
Definition: analyze_symbol.h:160
exprt
Base class for all expressions.
Definition: expr.h:55
gdb_value_extractort::memory_scopet::begin_int
size_t begin_int
Definition: analyze_symbol.h:101
gdb_apit::memory_addresst
Memory address imbued with the explicit boolean data indicating if the address is null or not.
Definition: gdb_api.h:37
namespace.h
gdb_apit
Interface for running and querying GDB.
Definition: gdb_api.h:30
gdb_api.h
gdb_value_extractort::memory_scopet::check_containment
bool check_containment(const size_t &point_int) const
Helper function that check if a point in memory points inside this scope.
Definition: analyze_symbol.h:113
gdb_value_extractort::create_gdb_process
void create_gdb_process()
Definition: analyze_symbol.h:64
namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition: namespace.h:90
gdb_value_extractort::pointer_valuet
gdb_apit::pointer_valuet pointer_valuet
Definition: analyze_symbol.h:61
expr2ct
Definition: expr2c_class.h:30
gdb_value_extractort::points_to_member
bool points_to_member(pointer_valuet &pointer_value, const pointer_typet &expected_type)
Analyzes the pointer_value to decide if it point to a struct or a union (or array)
Definition: analyze_symbol.cpp:465
gdb_value_extractort::values
std::map< memory_addresst, exprt > values
Storing pairs <address, symbol> such that at address is stored the value of symbol.
Definition: analyze_symbol.h:96
gdb_value_extractort::get_gdb_value
std::string get_gdb_value(const exprt &expr)
Extract a stringified value from and c-converted expr.
Definition: analyze_symbol.cpp:751
gdb_value_extractort::get_malloc_size
mp_integer get_malloc_size(irep_idt name)
Search for the size of the allocated memory for name.
Definition: analyze_symbol.cpp:80
gdb_value_extractort
Interface for extracting values from GDB (building on gdb_apit)
Definition: analyze_symbol.h:36
gdb_value_extractort::get_type_size
mp_integer get_type_size(const typet &type) const
Wrapper for call get_offset_pointer_bits.
Definition: analyze_symbol.cpp:102
gdb_value_extractort::get_char_pointer_value
exprt get_char_pointer_value(const exprt &expr, const memory_addresst &memory_location, const source_locationt &location)
If memory_location is found among values then return the symbol expression associated with it.
Definition: analyze_symbol.cpp:228
gdb_value_extractort::memory_scopet::size
mp_integer size() const
Getter for the allocation size of this memory scope.
Definition: analyze_symbol.h:148
gdb_value_extractort::get_pointer_to_member_value
exprt get_pointer_to_member_value(const exprt &expr, const pointer_valuet &pointer_value, const source_locationt &location)
Call get_subexpression_at_offset to get the correct member expression.
Definition: analyze_symbol.cpp:274
pointer_expr.h
gdb_value_extractort::memory_scopet::contains
bool contains(const memory_addresst &point) const
Check if point points somewhere in this memory scope.
Definition: analyze_symbol.h:127
gdb_value_extractort::run_gdb_to_breakpoint
bool run_gdb_to_breakpoint(const std::string &breakpoint)
Definition: analyze_symbol.h:68
gdb_value_extractort::memory_scopet::name
irep_idt name
Definition: analyze_symbol.h:103
gdb_value_extractort::memory_scopet::id
irep_idt id() const
Getter for the name of this memory scope.
Definition: analyze_symbol.h:141
expr2c_class.h
gdb_value_extractort::memory_map
std::map< irep_idt, pointer_valuet > memory_map
Keep track of the memory location for the analyzed symbols.
Definition: analyze_symbol.h:158
gdb_value_extractort::get_pointer_to_function_value
exprt get_pointer_to_function_value(const exprt &expr, const pointer_valuet &pointer_value, const source_locationt &location)
Extract the function name from pointer_value, check it has a symbol and return the associated symbol ...
Definition: analyze_symbol.cpp:340
std_code.h
optionalt
nonstd::optional< T > optionalt
Definition: optional.h:35
gdb_value_extractort::add_assignment
void add_assignment(const exprt &lhs, const exprt &value)
Create assignment lhs := value (see analyze_symbol)
Definition: analyze_symbol.cpp:222
source_locationt
Definition: source_location.h:18
gdb_value_extractort::c_converter
expr2ct c_converter
Definition: analyze_symbol.h:84
gdb_apit::create_gdb_process
void create_gdb_process()
Create a new gdb process for analysing the binary indicated by the first element in args
Definition: gdb_api.cpp:69
gdb_value_extractort::allocate_objects
allocate_objectst allocate_objects
Definition: analyze_symbol.h:85
gdb_value_extractort::memory_addresst
gdb_apit::memory_addresst memory_addresst
Definition: analyze_symbol.h:62
gdb_value_extractort::memory_scopet::address2size_t
size_t address2size_t(const memory_addresst &point) const
Convert base-16 memory address to a natural number.
Definition: analyze_symbol.cpp:45
gdb_value_extractort::dynamically_allocated
std::vector< memory_scopet > dynamically_allocated
Keep track of the dynamically allocated memory.
Definition: analyze_symbol.h:155
gdb_value_extractort::get_array_value
exprt get_array_value(const exprt &expr, const exprt &array, const source_locationt &location)
Iterate over array and fill its operands with the results of calling get_expr_value on index expressi...
Definition: analyze_symbol.cpp:580
gdb_apit::run_gdb_to_breakpoint
bool run_gdb_to_breakpoint(const std::string &breakpoint)
Run gdb to the given breakpoint.
Definition: gdb_api.cpp:335
gdb_value_extractort::get_non_char_pointer_value
exprt get_non_char_pointer_value(const exprt &expr, const pointer_valuet &value, const source_locationt &location)
Similar to get_char_pointer_value.
Definition: analyze_symbol.cpp:361
gdb_value_extractort::process_outstanding_assignments
void process_outstanding_assignments()
Call add_assignment for each pair in outstanding_assignments.
Definition: analyze_symbol.cpp:742
gdb_apit::run_gdb_from_core
void run_gdb_from_core(const std::string &corefile)
Run gdb with the given core file.
Definition: gdb_api.cpp:277
gdb_value_extractort::outstanding_assignments
std::map< exprt, memory_addresst > outstanding_assignments
Mapping pointer expression for which get_non_char_pointer_value returned nil expression to memory loc...
Definition: analyze_symbol.h:92
allocate_objectst
Definition: allocate_objects.h:26
gdb_value_extractort::assignments
std::map< exprt, exprt > assignments
Sequence of assignments collected during analyze_symbols.
Definition: analyze_symbol.h:88
symbol_table.h
Author: Diffblue Ltd.
pointer_typet
The pointer type These are both 'bitvector_typet' (they have a width) and 'type_with_subtypet' (they ...
Definition: pointer_expr.h:23
gdb_value_extractort::find_dynamic_allocation
std::vector< memory_scopet >::iterator find_dynamic_allocation(irep_idt name)
Search for a memory scope allocated under name.
Definition: analyze_symbol.cpp:61
message.h
gdb_value_extractort::analyze_symbol
void analyze_symbol(const irep_idt &symbol_name)
Assign the gdb-extracted value for symbol_name to its symbol expression and then process outstanding ...
Definition: analyze_symbol.cpp:148
gdb_value_extractort::memory_scopet::memory_scopet
memory_scopet(const memory_addresst &begin, const mp_integer &byte_size, const irep_idt &name)
Definition: analyze_symbol.cpp:35
allocate_objects.h
gdb_value_extractort::get_snapshot_as_c_code
std::string get_snapshot_as_c_code()
Get memory snapshot as C code.
Definition: analyze_symbol.cpp:174
gdb_value_extractort::memory_scopet
Definition: analyze_symbol.h:98
gdb_value_extractort::get_malloc_pointee
optionalt< std::string > get_malloc_pointee(const memory_addresst &point, mp_integer member_size)
Build the pointee string for address point assuming it points to a dynamic allocation of ā€˜nā€™ elements...
Definition: analyze_symbol.cpp:89
gdb_value_extractort::run_gdb_from_core
void run_gdb_from_core(const std::string &corefile)
Definition: analyze_symbol.h:72
gdb_value_extractort::gdb_api
gdb_apit gdb_api
Definition: analyze_symbol.h:78
gdb_value_extractort::symbol_table
symbol_tablet symbol_table
External symbol table ā€“ extracted from read_goto_binary We only expect to analyse symbols located the...
Definition: analyze_symbol.h:82