CBMC
custom_bitvector_analysis.cpp
Go to the documentation of this file.
1 /*******************************************************************\
2 
3 Module: Field-insensitive, location-sensitive bitvector analysis
4 
5 Author: Daniel Kroening, kroening@kroening.com
6 
7 \*******************************************************************/
8 
11 
12 #include "custom_bitvector_analysis.h"
13 
14 #include <util/expr_util.h>
15 #include <util/pointer_expr.h>
16 #include <util/simplify_expr.h>
17 #include <util/string_constant.h>
18 #include <util/xml_irep.h>
19 
20 #include <langapi/language_util.h>
21 
22 #include <iostream>
23 
24 void custom_bitvector_domaint::set_bit(
25  const irep_idt &identifier,
26  unsigned bit_nr,
27  modet mode)
28 {
29  switch(mode)
30  {
31  case modet::SET_MUST:
32  set_bit(must_bits[identifier], bit_nr);
33  break;
34 
35  case modet::CLEAR_MUST:
36  clear_bit(must_bits[identifier], bit_nr);
37  break;
38 
39  case modet::SET_MAY:
40  set_bit(may_bits[identifier], bit_nr);
41  break;
42 
43  case modet::CLEAR_MAY:
44  clear_bit(may_bits[identifier], bit_nr);
45  break;
46  }
47 }
48 
49 void custom_bitvector_domaint::set_bit(
50  const exprt &lhs,
51  unsigned bit_nr,
52  modet mode)
53 {
54  irep_idt id=object2id(lhs);
55  if(!id.empty())
56  set_bit(id, bit_nr, mode);
57 }
58 
59 irep_idt custom_bitvector_domaint::object2id(const exprt &src)
60 {
61  if(src.id()==ID_symbol)
62  {
63  return to_symbol_expr(src).get_identifier();
64  }
65  else if(src.id()==ID_dereference)
66  {
67  const exprt &op=to_dereference_expr(src).pointer();
68 
69  if(op.id()==ID_address_of)
70  {
71  return object2id(to_address_of_expr(op).object());
72  }
73  else if(op.id()==ID_typecast)
74  {
75  irep_idt op_id=object2id(to_typecast_expr(op).op());
76 
77  if(op_id.empty())
78  return irep_idt();
79  else
80  return '*'+id2string(op_id);
81  }
82  else
83  {
84  irep_idt op_id=object2id(op);
85 
86  if(op_id.empty())
87  return irep_idt();
88  else
89  return '*'+id2string(op_id);
90  }
91  }
92  else if(src.id()==ID_member)
93  {
94  const auto &m=to_member_expr(src);
95  const exprt &op=m.compound();
96 
97  irep_idt op_id=object2id(op);
98 
99  if(op_id.empty())
100  return irep_idt();
101  else
102  return id2string(op_id)+'.'+
103  id2string(m.get_component_name());
104  }
105  else if(src.id()==ID_typecast)
106  return object2id(to_typecast_expr(src).op());
107  else
108  return irep_idt();
109 }
110 
111 void custom_bitvector_domaint::assign_lhs(
112  const exprt &lhs,
113  const vectorst &vectors)
114 {
115  irep_idt id=object2id(lhs);
116  if(!id.empty())
117  assign_lhs(id, vectors);
118 }
119 
120 void custom_bitvector_domaint::assign_lhs(
121  const irep_idt &identifier,
122  const vectorst &vectors)
123 {
124  // we erase blank ones to avoid noise
125 
126  if(vectors.must_bits==0)
127  must_bits.erase(identifier);
128  else
129  must_bits[identifier]=vectors.must_bits;
130 
131  if(vectors.may_bits==0)
132  may_bits.erase(identifier);
133  else
134  may_bits[identifier]=vectors.may_bits;
135 }
136 
137 custom_bitvector_domaint::vectorst
138  custom_bitvector_domaint::get_rhs(const irep_idt &identifier) const
139 {
140  vectorst vectors;
141 
142  bitst::const_iterator may_it=may_bits.find(identifier);
143  if(may_it!=may_bits.end())
144  vectors.may_bits=may_it->second;
145 
146  bitst::const_iterator must_it=must_bits.find(identifier);
147  if(must_it!=must_bits.end())
148  vectors.must_bits=must_it->second;
149 
150  return vectors;
151 }
152 
153 custom_bitvector_domaint::vectorst
154  custom_bitvector_domaint::get_rhs(const exprt &rhs) const
155 {
156  if(rhs.id()==ID_symbol ||
157  rhs.id()==ID_dereference)
158  {
159  const irep_idt identifier=object2id(rhs);
160  return get_rhs(identifier);
161  }
162  else if(rhs.id()==ID_typecast)
163  {
164  return get_rhs(to_typecast_expr(rhs).op());
165  }
166  else if(rhs.id()==ID_if)
167  {
168  // need to merge both
169  vectorst v_true=get_rhs(to_if_expr(rhs).true_case());
170  vectorst v_false=get_rhs(to_if_expr(rhs).false_case());
171  return merge(v_true, v_false);
172  }
173 
174  return vectorst();
175 }
176 
177 unsigned custom_bitvector_analysist::get_bit_nr(
178  const exprt &string_expr)
179 {
180  if(string_expr.id()==ID_typecast)
181  return get_bit_nr(to_typecast_expr(string_expr).op());
182  else if(string_expr.id()==ID_address_of)
183  return get_bit_nr(to_address_of_expr(string_expr).object());
184  else if(string_expr.id()==ID_index)
185  return get_bit_nr(to_index_expr(string_expr).array());
186  else if(string_expr.id()==ID_string_constant)
187  return bits.number(to_string_constant(string_expr).get_value());
188  else
189  return bits.number("(unknown)");
190 }
191 
192 std::set<exprt> custom_bitvector_analysist::aliases(
193  const exprt &src,
194  locationt loc)
195 {
196  if(src.id()==ID_symbol)
197  {
198  std::set<exprt> result;
199  result.insert(src);
200  return result;
201  }
202  else if(src.id()==ID_dereference)
203  {
204  exprt pointer=to_dereference_expr(src).pointer();
205 
206  const std::set<exprt> alias_set =
207  local_may_alias_factory(loc).get(loc, pointer);
208 
209  std::set<exprt> result;
210 
211  for(const auto &alias : alias_set)
212  if(alias.type().id() == ID_pointer)
213  result.insert(dereference_exprt(alias));
214 
215  result.insert(src);
216 
217  return result;
218  }
219  else if(src.id()==ID_typecast)
220  {
221  return aliases(to_typecast_expr(src).op(), loc);
222  }
223  else
224  return std::set<exprt>();
225 }
226 
227 void custom_bitvector_domaint::assign_struct_rec(
228  locationt from,
229  const exprt &lhs,
230  const exprt &rhs,
231  custom_bitvector_analysist &cba,
232  const namespacet &ns)
233 {
234  if(lhs.type().id() == ID_struct || lhs.type().id() == ID_struct_tag)
235  {
236  const struct_typet &struct_type=
237  to_struct_type(ns.follow(lhs.type()));
238 
239  // assign member-by-member
240  for(const auto &c : struct_type.components())
241  {
242  member_exprt lhs_member(lhs, c),
243  rhs_member(rhs, c);
244  assign_struct_rec(from, lhs_member, rhs_member, cba, ns);
245  }
246  }
247  else
248  {
249  // may alias other stuff
250  std::set<exprt> lhs_set=cba.aliases(lhs, from);
251 
252  vectorst rhs_vectors=get_rhs(rhs);
253 
254  for(const auto &lhs_alias : lhs_set)
255  {
256  assign_lhs(lhs_alias, rhs_vectors);
257  }
258 
259  // is it a pointer?
260  if(lhs.type().id()==ID_pointer)
261  {
262  dereference_exprt lhs_deref(lhs);
263  dereference_exprt rhs_deref(rhs);
264  assign_lhs(lhs_deref, get_rhs(rhs_deref));
265  }
266  }
267 }
268 
269 void custom_bitvector_domaint::transform(
270  const irep_idt &function_from,
271  trace_ptrt trace_from,
272  const irep_idt &function_to,
273  trace_ptrt trace_to,
274  ai_baset &ai,
275  const namespacet &ns)
276 {
277  locationt from{trace_from->current_location()};
278  locationt to{trace_to->current_location()};
279 
280  // upcast of ai
281  custom_bitvector_analysist &cba=
282  static_cast<custom_bitvector_analysist &>(ai);
283 
284  const goto_programt::instructiont &instruction=*from;
285 
286  switch(instruction.type())
287  {
288  case ASSIGN:
289  assign_struct_rec(
290  from, instruction.assign_lhs(), instruction.assign_rhs(), cba, ns);
291  break;
292 
293  case DECL:
294  {
295  const auto &decl_symbol = instruction.decl_symbol();
296  assign_lhs(decl_symbol, vectorst());
297 
298  // is it a pointer?
299  if(decl_symbol.type().id() == ID_pointer)
300  assign_lhs(dereference_exprt(decl_symbol), vectorst());
301  }
302  break;
303 
304  case DEAD:
305  assign_lhs(instruction.dead_symbol(), vectorst());
306 
307  // is it a pointer?
308  if(instruction.dead_symbol().type().id() == ID_pointer)
309  assign_lhs(dereference_exprt(instruction.dead_symbol()), vectorst());
310  break;
311 
312  case FUNCTION_CALL:
313  {
314  const exprt &function = instruction.call_function();
315 
316  if(function.id()==ID_symbol)
317  {
318  const irep_idt &identifier=to_symbol_expr(function).get_identifier();
319 
320  if(
321  identifier == CPROVER_PREFIX "set_must" ||
322  identifier == CPROVER_PREFIX "clear_must" ||
323  identifier == CPROVER_PREFIX "set_may" ||
324  identifier == CPROVER_PREFIX "clear_may")
325  {
326  if(instruction.call_arguments().size() == 2)
327  {
328  unsigned bit_nr = cba.get_bit_nr(instruction.call_arguments()[1]);
329 
330  // initialize to make Visual Studio happy
331  modet mode = modet::SET_MUST;
332 
333  if(identifier == CPROVER_PREFIX "set_must")
334  mode=modet::SET_MUST;
335  else if(identifier == CPROVER_PREFIX "clear_must")
336  mode=modet::CLEAR_MUST;
337  else if(identifier == CPROVER_PREFIX "set_may")
338  mode=modet::SET_MAY;
339  else if(identifier == CPROVER_PREFIX "clear_may")
340  mode=modet::CLEAR_MAY;
341  else
342  UNREACHABLE;
343 
344  exprt lhs = instruction.call_arguments()[0];
345 
346  if(lhs.type().id()==ID_pointer)
347  {
348  if(
349  lhs.is_constant() &&
350  is_null_pointer(to_constant_expr(lhs))) // NULL means all
351  {
352  if(mode==modet::CLEAR_MAY)
353  {
354  for(auto &bit : may_bits)
355  clear_bit(bit.second, bit_nr);
356 
357  // erase blank ones
358  erase_blank_vectors(may_bits);
359  }
360  else if(mode==modet::CLEAR_MUST)
361  {
362  for(auto &bit : must_bits)
363  clear_bit(bit.second, bit_nr);
364 
365  // erase blank ones
366  erase_blank_vectors(must_bits);
367  }
368  }
369  else
370  {
371  dereference_exprt deref(lhs);
372 
373  // may alias other stuff
374  std::set<exprt> lhs_set=cba.aliases(deref, from);
375 
376  for(const auto &l : lhs_set)
377  {
378  set_bit(l, bit_nr, mode);
379  }
380  }
381  }
382  }
383  }
384  else if(identifier=="memcpy" ||
385  identifier=="memmove")
386  {
387  if(instruction.call_arguments().size() == 3)
388  {
389  // we copy all tracked bits from op1 to op0
390  // we do not consider any bits attached to the size op2
391  dereference_exprt lhs_deref(instruction.call_arguments()[0]);
392  dereference_exprt rhs_deref(instruction.call_arguments()[1]);
393 
394  assign_struct_rec(from, lhs_deref, rhs_deref, cba, ns);
395  }
396  }
397  else
398  {
399  // only if there is an actual call, i.e., we have a body
400  if(function_from != function_to)
401  {
402  const code_typet &code_type=
403  to_code_type(ns.lookup(identifier).type);
404 
405  code_function_callt::argumentst::const_iterator arg_it =
406  instruction.call_arguments().begin();
407  for(const auto &param : code_type.parameters())
408  {
409  const irep_idt &p_identifier=param.get_identifier();
410  if(p_identifier.empty())
411  continue;
412 
413  // there may be a mismatch in the number of arguments
414  if(arg_it == instruction.call_arguments().end())
415  break;
416 
417  // assignments arguments -> parameters
418  symbol_exprt p=ns.lookup(p_identifier).symbol_expr();
419  // may alias other stuff
420  std::set<exprt> lhs_set=cba.aliases(p, from);
421 
422  vectorst rhs_vectors=get_rhs(*arg_it);
423 
424  for(const auto &lhs : lhs_set)
425  {
426  assign_lhs(lhs, rhs_vectors);
427  }
428 
429  // is it a pointer?
430  if(p.type().id()==ID_pointer)
431  {
432  dereference_exprt lhs_deref(p);
433  dereference_exprt rhs_deref(*arg_it);
434  assign_lhs(lhs_deref, get_rhs(rhs_deref));
435  }
436 
437  ++arg_it;
438  }
439  }
440  }
441  }
442  }
443  break;
444 
445  case OTHER:
446  {
447  const auto &code = instruction.get_other();
448  const irep_idt &statement = code.get_statement();
449 
450  if(
451  statement == ID_set_may || statement == ID_set_must ||
452  statement == ID_clear_may || statement == ID_clear_must)
453  {
454  DATA_INVARIANT(
455  code.operands().size() == 2, "set/clear_may/must has two operands");
456 
457  unsigned bit_nr = cba.get_bit_nr(code.op1());
458 
459  // initialize to make Visual Studio happy
460  modet mode = modet::SET_MUST;
461 
462  if(statement == ID_set_must)
463  mode=modet::SET_MUST;
464  else if(statement == ID_clear_must)
465  mode=modet::CLEAR_MUST;
466  else if(statement == ID_set_may)
467  mode=modet::SET_MAY;
468  else if(statement == ID_clear_may)
469  mode=modet::CLEAR_MAY;
470  else
471  UNREACHABLE;
472 
473  exprt lhs = code.op0();
474 
475  if(lhs.type().id()==ID_pointer)
476  {
477  if(
478  lhs.is_constant() &&
479  is_null_pointer(to_constant_expr(lhs))) // NULL means all
480  {
481  if(mode==modet::CLEAR_MAY)
482  {
483  for(bitst::iterator b_it=may_bits.begin();
484  b_it!=may_bits.end();
485  b_it++)
486  clear_bit(b_it->second, bit_nr);
487 
488  // erase blank ones
489  erase_blank_vectors(may_bits);
490  }
491  else if(mode==modet::CLEAR_MUST)
492  {
493  for(bitst::iterator b_it=must_bits.begin();
494  b_it!=must_bits.end();
495  b_it++)
496  clear_bit(b_it->second, bit_nr);
497 
498  // erase blank ones
499  erase_blank_vectors(must_bits);
500  }
501  }
502  else
503  {
504  dereference_exprt deref(lhs);
505 
506  // may alias other stuff
507  std::set<exprt> lhs_set=cba.aliases(deref, from);
508 
509  for(const auto &l : lhs_set)
510  {
511  set_bit(l, bit_nr, mode);
512  }
513  }
514  }
515  }
516  }
517  break;
518 
519  case GOTO:
520  if(has_get_must_or_may(instruction.condition()))
521  {
522  exprt guard = instruction.condition();
523 
524  // Comparing iterators is safe as the target must be within the same list
525  // of instructions because this is a GOTO.
526  if(to!=from->get_target())
527  guard = boolean_negate(guard);
528 
529  const exprt result2 = simplify_expr(eval(guard, cba), ns);
530 
531  if(result2.is_false())
532  make_bottom();
533  }
534  break;
535 
536  case CATCH:
537  case THROW:
538  DATA_INVARIANT(false, "Exceptions must be removed before analysis");
539  break;
540  case SET_RETURN_VALUE:
541  DATA_INVARIANT(false, "SET_RETURN_VALUE must be removed before analysis");
542  break;
543  case ATOMIC_BEGIN: // Ignoring is a valid over-approximation
544  case ATOMIC_END: // Ignoring is a valid over-approximation
545  case END_FUNCTION: // No action required
546  case LOCATION: // No action required
547  case START_THREAD: // Require a concurrent analysis at higher level
548  case END_THREAD: // Require a concurrent analysis at higher level
549  case SKIP: // No action required
550  case ASSERT: // No action required
551  case ASSUME: // Ignoring is a valid over-approximation
552  break;
553  case INCOMPLETE_GOTO:
554  case NO_INSTRUCTION_TYPE:
555  DATA_INVARIANT(false, "Only complete instructions can be analyzed");
556  break;
557  }
558 }
559 
560 void custom_bitvector_domaint::output(
561  std::ostream &out,
562  const ai_baset &ai,
563  const namespacet &) const
564 {
565  if(has_values.is_known())
566  {
567  out << has_values.to_string() << '\n';
568  return;
569  }
570 
571  const custom_bitvector_analysist &cba=
572  static_cast<const custom_bitvector_analysist &>(ai);
573 
574  for(const auto &bit : may_bits)
575  {
576  out << bit.first << " MAY:";
577  bit_vectort b=bit.second;
578 
579  for(unsigned i=0; b!=0; i++, b>>=1)
580  if(b&1)
581  {
582  assert(i<cba.bits.size());
583  out << ' '
584  << cba.bits[i];
585  }
586 
587  out << '\n';
588  }
589 
590  for(const auto &bit : must_bits)
591  {
592  out << bit.first << " MUST:";
593  bit_vectort b=bit.second;
594 
595  for(unsigned i=0; b!=0; i++, b>>=1)
596  if(b&1)
597  {
598  assert(i<cba.bits.size());
599  out << ' '
600  << cba.bits[i];
601  }
602 
603  out << '\n';
604  }
605 }
606 
607 bool custom_bitvector_domaint::merge(
608  const custom_bitvector_domaint &b,
609  trace_ptrt,
610  trace_ptrt)
611 {
612  bool changed=has_values.is_false();
613  has_values=tvt::unknown();
614 
615  // first do MAY
616  bitst::iterator it=may_bits.begin();
617  for(const auto &bit : b.may_bits)
618  {
619  while(it!=may_bits.end() && it->first<bit.first)
620  ++it;
621  if(it==may_bits.end() || bit.first<it->first)
622  {
623  may_bits.insert(it, bit);
624  changed=true;
625  }
626  else if(it!=may_bits.end())
627  {
628  bit_vectort &a_bits=it->second;
629  bit_vectort old=a_bits;
630  a_bits|=bit.second;
631  if(old!=a_bits)
632  changed=true;
633 
634  ++it;
635  }
636  }
637 
638  // now do MUST
639  it=must_bits.begin();
640  for(auto &bit : b.must_bits)
641  {
642  while(it!=must_bits.end() && it->first<bit.first)
643  {
644  it=must_bits.erase(it);
645  changed=true;
646  }
647  if(it==must_bits.end() || bit.first<it->first)
648  {
649  must_bits.insert(it, bit);
650  changed=true;
651  }
652  else if(it!=must_bits.end())
653  {
654  bit_vectort &a_bits=it->second;
655  bit_vectort old=a_bits;
656  a_bits&=bit.second;
657  if(old!=a_bits)
658  changed=true;
659 
660  ++it;
661  }
662  }
663 
664  // erase blank ones
665  erase_blank_vectors(may_bits);
666  erase_blank_vectors(must_bits);
667 
668  return changed;
669 }
670 
672 void custom_bitvector_domaint::erase_blank_vectors(bitst &bits)
673 {
674  for(bitst::iterator a_it=bits.begin();
675  a_it!=bits.end();
676  ) // no a_it++
677  {
678  if(a_it->second==0)
679  a_it=bits.erase(a_it);
680  else
681  a_it++;
682  }
683 }
684 
685 bool custom_bitvector_domaint::has_get_must_or_may(const exprt &src)
686 {
687  if(src.id() == ID_get_must || src.id() == ID_get_may)
688  return true;
689 
690  forall_operands(it, src)
691  if(has_get_must_or_may(*it))
692  return true;
693 
694  return false;
695 }
696 
697 exprt custom_bitvector_domaint::eval(
698  const exprt &src,
699  custom_bitvector_analysist &custom_bitvector_analysis) const
700 {
701  if(src.id() == ID_get_must || src.id() == ID_get_may)
702  {
703  if(src.operands().size()==2)
704  {
705  unsigned bit_nr =
706  custom_bitvector_analysis.get_bit_nr(to_binary_expr(src).op1());
707 
708  exprt pointer = to_binary_expr(src).op0();
709 
710  if(pointer.type().id()!=ID_pointer)
711  return src;
712 
713  if(
714  pointer.is_constant() &&
715  is_null_pointer(to_constant_expr(pointer))) // NULL means all
716  {
717  if(src.id() == ID_get_may)
718  {
719  for(const auto &bit : may_bits)
720  if(get_bit(bit.second, bit_nr))
721  return true_exprt();
722 
723  return false_exprt();
724  }
725  else if(src.id() == ID_get_must)
726  {
727  return false_exprt();
728  }
729  else
730  return src;
731  }
732  else
733  {
734  custom_bitvector_domaint::vectorst v=
735  get_rhs(dereference_exprt(pointer));
736 
737  bool value=false;
738 
739  if(src.id() == ID_get_must)
740  value=get_bit(v.must_bits, bit_nr);
741  else if(src.id() == ID_get_may)
742  value=get_bit(v.may_bits, bit_nr);
743 
744  if(value)
745  return true_exprt();
746  else
747  return false_exprt();
748  }
749  }
750  else
751  return src;
752  }
753  else
754  {
755  exprt tmp=src;
756  Forall_operands(it, tmp)
757  *it=eval(*it, custom_bitvector_analysis);
758 
759  return tmp;
760  }
761 }
762 
763 void custom_bitvector_analysist::instrument(goto_functionst &)
764 {
765 }
766 
767 void custom_bitvector_analysist::check(
768  const goto_modelt &goto_model,
769  bool use_xml,
770  std::ostream &out)
771 {
772  unsigned pass=0, fail=0, unknown=0;
773 
774  for(const auto &gf_entry : goto_model.goto_functions.function_map)
775  {
776  if(!gf_entry.second.body.has_assertion())
777  continue;
778 
779  // TODO this is a hard-coded hack
780  if(gf_entry.first == "__actual_thread_spawn")
781  continue;
782 
783  if(!use_xml)
784  out << "******** Function " << gf_entry.first << '\n';
785 
786  forall_goto_program_instructions(i_it, gf_entry.second.body)
787  {
788  exprt result;
789  irep_idt description;
790 
791  if(i_it->is_assert())
792  {
793  if(!custom_bitvector_domaint::has_get_must_or_may(i_it->condition()))
794  {
795  continue;
796  }
797 
798  if(operator[](i_it).has_values.is_false())
799  continue;
800 
801  exprt tmp = eval(i_it->condition(), i_it);
802  const namespacet ns(goto_model.symbol_table);
803  result = simplify_expr(std::move(tmp), ns);
804 
805  description = i_it->source_location().get_comment();
806  }
807  else
808  continue;
809 
810  if(use_xml)
811  {
812  out << "<result status=\"";
813  if(result.is_true())
814  out << "SUCCESS";
815  else if(result.is_false())
816  out << "FAILURE";
817  else
818  out << "UNKNOWN";
819  out << "\">\n";
820  out << xml(i_it->source_location());
821  out << "<description>"
822  << description
823  << "</description>\n";
824  out << "</result>\n\n";
825  }
826  else
827  {
828  out << i_it->source_location();
829  if(!description.empty())
830  out << ", " << description;
831  out << ": ";
832  const namespacet ns(goto_model.symbol_table);
833  out << from_expr(ns, gf_entry.first, result);
834  out << '\n';
835  }
836 
837  if(result.is_true())
838  pass++;
839  else if(result.is_false())
840  fail++;
841  else
842  unknown++;
843  }
844 
845  if(!use_xml)
846  out << '\n';
847  }
848 
849  if(!use_xml)
850  out << "SUMMARY: " << pass << " pass, " << fail << " fail, "
851  << unknown << " unknown\n";
852 }
custom_bitvector_domaint::modet::CLEAR_MAY
@ CLEAR_MAY
UNREACHABLE
#define UNREACHABLE
This should be used to mark dead code.
Definition: invariant.h:503
struct_union_typet::components
const componentst & components() const
Definition: std_types.h:147
dstringt
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Definition: dstring.h:36
custom_bitvector_domaint::assign_lhs
void assign_lhs(const exprt &, const vectorst &)
Definition: custom_bitvector_analysis.cpp:111
custom_bitvector_domaint::object2id
static irep_idt object2id(const exprt &)
Definition: custom_bitvector_analysis.cpp:59
SET_RETURN_VALUE
@ SET_RETURN_VALUE
Definition: goto_program.h:45
custom_bitvector_domaint::merge
bool merge(const custom_bitvector_domaint &b, trace_ptrt from, trace_ptrt to)
Definition: custom_bitvector_analysis.cpp:607
Forall_operands
#define Forall_operands(it, expr)
Definition: expr.h:27
to_struct_type
const struct_typet & to_struct_type(const typet &type)
Cast a typet to a struct_typet.
Definition: std_types.h:308
custom_bitvector_domaint::vectorst::must_bits
bit_vectort must_bits
Definition: custom_bitvector_analysis.h:82
custom_bitvector_domaint::modet::SET_MAY
@ SET_MAY
goto_programt::instructiont::get_other
const goto_instruction_codet & get_other() const
Get the statement for OTHER.
Definition: goto_program.h:321
to_dereference_expr
const dereference_exprt & to_dereference_expr(const exprt &expr)
Cast an exprt to a dereference_exprt.
Definition: pointer_expr.h:716
ai_baset::locationt
goto_programt::const_targett locationt
Definition: ai.h:126
custom_bitvector_domaint::assign_struct_rec
void assign_struct_rec(locationt from, const exprt &lhs, const exprt &rhs, custom_bitvector_analysist &, const namespacet &)
Definition: custom_bitvector_analysis.cpp:227
custom_bitvector_domaint::erase_blank_vectors
void erase_blank_vectors(bitst &)
erase blank bitvectors
Definition: custom_bitvector_analysis.cpp:672
to_index_expr
const index_exprt & to_index_expr(const exprt &expr)
Cast an exprt to an index_exprt.
Definition: std_expr.h:1478
to_if_expr
const if_exprt & to_if_expr(const exprt &expr)
Cast an exprt to an if_exprt.
Definition: std_expr.h:2403
custom_bitvector_analysis.h
dereference_exprt
Operator to dereference a pointer.
Definition: pointer_expr.h:659
custom_bitvector_domaint::get_rhs
vectorst get_rhs(const exprt &) const
Definition: custom_bitvector_analysis.cpp:154
custom_bitvector_domaint::modet::CLEAR_MUST
@ CLEAR_MUST
custom_bitvector_domaint::must_bits
bitst must_bits
Definition: custom_bitvector_analysis.h:96
to_string_constant
const string_constantt & to_string_constant(const exprt &expr)
Definition: string_constant.h:40
string_constant.h
exprt
Base class for all expressions.
Definition: expr.h:55
xml_irep.h
goto_modelt
Definition: goto_model.h:25
exprt::op0
exprt & op0()
Definition: expr.h:125
custom_bitvector_analysist::eval
exprt eval(const exprt &src, locationt loc)
Definition: custom_bitvector_analysis.h:156
irep_idt
dstringt irep_idt
Definition: irep.h:37
custom_bitvector_domaint::set_bit
void set_bit(const exprt &, unsigned bit_nr, modet)
Definition: custom_bitvector_analysis.cpp:49
custom_bitvector_analysist::instrument
void instrument(goto_functionst &)
Definition: custom_bitvector_analysis.cpp:763
custom_bitvector_analysist::aliases
std::set< exprt > aliases(const exprt &, locationt loc)
Definition: custom_bitvector_analysis.cpp:192
exprt::is_true
bool is_true() const
Return whether the expression is a constant representing true.
Definition: expr.cpp:34
goto_functionst::function_map
function_mapt function_map
Definition: goto_functions.h:29
symbol_exprt
Expression to hold a symbol (variable)
Definition: std_expr.h:112
goto_programt::instructiont::decl_symbol
const symbol_exprt & decl_symbol() const
Get the declared symbol for DECL.
Definition: goto_program.h:235
custom_bitvector_domaint::may_bits
bitst may_bits
Definition: custom_bitvector_analysis.h:96
goto_programt::instructiont::call_arguments
const exprt::operandst & call_arguments() const
Get the arguments of a FUNCTION_CALL.
Definition: goto_program.h:307
ai_domain_baset::trace_ptrt
ai_history_baset::trace_ptrt trace_ptrt
Definition: ai_domain.h:74
exprt::is_false
bool is_false() const
Return whether the expression is a constant representing false.
Definition: expr.cpp:43
tvt::is_known
bool is_known() const
Definition: threeval.h:28
custom_bitvector_domaint::clear_bit
static void clear_bit(bit_vectort &dest, unsigned bit_nr)
Definition: custom_bitvector_analysis.h:132
to_binary_expr
const binary_exprt & to_binary_expr(const exprt &expr)
Cast an exprt to a binary_exprt.
Definition: std_expr.h:660
coverage_criteriont::ASSUME
@ ASSUME
namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition: namespace.h:90
THROW
@ THROW
Definition: goto_program.h:50
exprt::type
typet & type()
Return the type of the expression.
Definition: expr.h:84
namespacet::lookup
bool lookup(const irep_idt &name, const symbolt *&symbol) const override
See documentation for namespace_baset::lookup().
Definition: namespace.cpp:138
coverage_criteriont::LOCATION
@ LOCATION
GOTO
@ GOTO
Definition: goto_program.h:34
to_code_type
const code_typet & to_code_type(const typet &type)
Cast a typet to a code_typet.
Definition: std_types.h:744
goto_programt::instructiont::type
goto_program_instruction_typet type() const
What kind of instruction?
Definition: goto_program.h:351
custom_bitvector_domaint::output
void output(std::ostream &out, const ai_baset &ai, const namespacet &ns) const final override
Definition: custom_bitvector_analysis.cpp:560
DATA_INVARIANT
#define DATA_INVARIANT(CONDITION, REASON)
This condition should be used to document that assumptions that are made on goto_functions,...
Definition: invariant.h:510
custom_bitvector_domaint::modet
modet
Definition: custom_bitvector_analysis.h:122
custom_bitvector_domaint::modet::SET_MUST
@ SET_MUST
goto_programt::instructiont::dead_symbol
const symbol_exprt & dead_symbol() const
Get the symbol for DEAD.
Definition: goto_program.h:251
id2string
const std::string & id2string(const irep_idt &d)
Definition: irep.h:47
xml
xmlt xml(const irep_idt &property_id, const property_infot &property_info)
Definition: properties.cpp:110
forall_operands
#define forall_operands(it, expr)
Definition: expr.h:20
language_util.h
symbol_exprt::get_identifier
const irep_idt & get_identifier() const
Definition: std_expr.h:142
dereference_exprt::pointer
exprt & pointer()
Definition: pointer_expr.h:673
boolean_negate
exprt boolean_negate(const exprt &src)
negate a Boolean expression, possibly removing a not_exprt, and swapping false and true
Definition: expr_util.cpp:127
pointer_expr.h
custom_bitvector_domaint
Definition: custom_bitvector_analysis.h:23
simplify_expr
exprt simplify_expr(exprt src, const namespacet &ns)
Definition: simplify_expr.cpp:2931
NO_INSTRUCTION_TYPE
@ NO_INSTRUCTION_TYPE
Definition: goto_program.h:33
custom_bitvector_analysist
Definition: custom_bitvector_analysis.h:148
to_symbol_expr
const symbol_exprt & to_symbol_expr(const exprt &expr)
Cast an exprt to a symbol_exprt.
Definition: std_expr.h:222
code_typet
Base type of functions.
Definition: std_types.h:538
OTHER
@ OTHER
Definition: goto_program.h:37
irept::id
const irep_idt & id() const
Definition: irep.h:396
tvt::unknown
static tvt unknown()
Definition: threeval.h:33
dstringt::empty
bool empty() const
Definition: dstring.h:88
tvt::to_string
const char * to_string() const
Definition: threeval.cpp:13
false_exprt
The Boolean constant false.
Definition: std_expr.h:3016
goto_programt::instructiont::assign_rhs
const exprt & assign_rhs() const
Get the rhs of the assignment for ASSIGN.
Definition: goto_program.h:221
END_FUNCTION
@ END_FUNCTION
Definition: goto_program.h:42
SKIP
@ SKIP
Definition: goto_program.h:38
code_typet::parameters
const parameterst & parameters() const
Definition: std_types.h:655
tvt::is_false
bool is_false() const
Definition: threeval.h:26
custom_bitvector_domaint::vectorst::may_bits
bit_vectort may_bits
Definition: custom_bitvector_analysis.h:82
simplify_expr.h
numberingt::size
size_type size() const
Definition: numbering.h:66
member_exprt
Extract member of struct or union.
Definition: std_expr.h:2793
expr_util.h
Deprecated expression utility functions.
ASSIGN
@ ASSIGN
Definition: goto_program.h:46
goto_functionst
A collection of goto functions.
Definition: goto_functions.h:24
custom_bitvector_domaint::has_get_must_or_may
static bool has_get_must_or_may(const exprt &)
Definition: custom_bitvector_analysis.cpp:685
ai_domain_baset::locationt
goto_programt::const_targett locationt
Definition: ai_domain.h:73
local_may_alias_factoryt::get
std::set< exprt > get(const goto_programt::const_targett t, const exprt &src) const
custom_bitvector_domaint::bit_vectort
unsigned long long bit_vectort
Definition: custom_bitvector_analysis.h:76
struct_typet
Structure type, corresponds to C style structs.
Definition: std_types.h:230
CATCH
@ CATCH
Definition: goto_program.h:51
goto_modelt::goto_functions
goto_functionst goto_functions
GOTO functions.
Definition: goto_model.h:33
DECL
@ DECL
Definition: goto_program.h:47
namespace_baset::follow
const typet & follow(const typet &) const
Resolve type symbol to the type it points to.
Definition: namespace.cpp:49
goto_programt::instructiont::assign_lhs
const exprt & assign_lhs() const
Get the lhs of the assignment for ASSIGN.
Definition: goto_program.h:207
numberingt::number
number_type number(const key_type &a)
Definition: numbering.h:37
custom_bitvector_domaint::vectorst
Definition: custom_bitvector_analysis.h:80
to_typecast_expr
const typecast_exprt & to_typecast_expr(const exprt &expr)
Cast an exprt to a typecast_exprt.
Definition: std_expr.h:2051
exprt::is_constant
bool is_constant() const
Return whether the expression is a constant.
Definition: expr.cpp:27
custom_bitvector_analysist::local_may_alias_factory
local_may_alias_factoryt local_may_alias_factory
Definition: custom_bitvector_analysis.h:175
ai_baset
This is the basic interface of the abstract interpreter with default implementations of the core func...
Definition: ai.h:118
CPROVER_PREFIX
#define CPROVER_PREFIX
Definition: cprover_prefix.h:14
custom_bitvector_domaint::eval
exprt eval(const exprt &src, custom_bitvector_analysist &) const
Definition: custom_bitvector_analysis.cpp:697
START_THREAD
@ START_THREAD
Definition: goto_program.h:39
FUNCTION_CALL
@ FUNCTION_CALL
Definition: goto_program.h:49
custom_bitvector_analysist::check
void check(const goto_modelt &, bool xml, std::ostream &)
Definition: custom_bitvector_analysis.cpp:767
to_member_expr
const member_exprt & to_member_expr(const exprt &expr)
Cast an exprt to a member_exprt.
Definition: std_expr.h:2886
ATOMIC_END
@ ATOMIC_END
Definition: goto_program.h:44
goto_programt::instructiont::condition
const exprt & condition() const
Get the condition of gotos, assume, assert.
Definition: goto_program.h:373
to_address_of_expr
const address_of_exprt & to_address_of_expr(const exprt &expr)
Cast an exprt to an address_of_exprt.
Definition: pointer_expr.h:408
DEAD
@ DEAD
Definition: goto_program.h:48
exprt::operands
operandst & operands()
Definition: expr.h:94
is_null_pointer
bool is_null_pointer(const constant_exprt &expr)
Returns true if expr has a pointer type and a value NULL; it also returns true when expr has value ze...
Definition: expr_util.cpp:315
ATOMIC_BEGIN
@ ATOMIC_BEGIN
Definition: goto_program.h:43
true_exprt
The Boolean constant true.
Definition: std_expr.h:3007
custom_bitvector_analysist::bits
bitst bits
Definition: custom_bitvector_analysis.h:164
ASSERT
@ ASSERT
Definition: goto_program.h:36
goto_programt::instructiont
This class represents an instruction in the GOTO intermediate representation.
Definition: goto_program.h:180
custom_bitvector_domaint::transform
void transform(const irep_idt &function_from, trace_ptrt trace_from, const irep_idt &function_to, trace_ptrt trace_to, ai_baset &ai, const namespacet &ns) final override
how function calls are treated: a) there is an edge from each call site to the function head b) there...
Definition: custom_bitvector_analysis.cpp:269
custom_bitvector_domaint::bitst
std::map< irep_idt, bit_vectort > bitst
Definition: custom_bitvector_analysis.h:78
custom_bitvector_domaint::has_values
tvt has_values
Definition: custom_bitvector_analysis.h:110
goto_modelt::symbol_table
symbol_tablet symbol_table
Symbol table.
Definition: goto_model.h:30
from_expr
std::string from_expr(const namespacet &ns, const irep_idt &identifier, const exprt &expr)
Definition: language_util.cpp:38
goto_programt::instructiont::call_function
const exprt & call_function() const
Get the function that is called for FUNCTION_CALL.
Definition: goto_program.h:279
END_THREAD
@ END_THREAD
Definition: goto_program.h:40
INCOMPLETE_GOTO
@ INCOMPLETE_GOTO
Definition: goto_program.h:52
forall_goto_program_instructions
#define forall_goto_program_instructions(it, program)
Definition: goto_program.h:1229
custom_bitvector_analysist::get_bit_nr
unsigned get_bit_nr(const exprt &)
Definition: custom_bitvector_analysis.cpp:177
binary_exprt::op0
exprt & op0()
Definition: expr.h:125
custom_bitvector_domaint::get_bit
static bool get_bit(const bit_vectort src, unsigned bit_nr)
Definition: custom_bitvector_analysis.h:138
to_constant_expr
const constant_exprt & to_constant_expr(const exprt &expr)
Cast an exprt to a constant_exprt.
Definition: std_expr.h:2992
custom_bitvector_domaint::make_bottom
void make_bottom() final override
no states
Definition: custom_bitvector_analysis.h:39