Go to the documentation of this file.
193 const exprt &src_expr,
214 const exprt &address,
217 const exprt &pointer,
221 const exprt &address,
240 const exprt &asserted_expr,
242 const std::string &property_class,
244 const exprt &src_expr,
361 "Flag " +
id2string(flag_name) +
" set twice at \n" +
363 if(flag != new_value)
378 "Flag " +
id2string(flag_name) +
" disabled twice at \n" +
399 *flag_pair.first = flag_pair.second;
411 if(rhs.
id() == ID_implies)
415 and_exprt(std::move(lhs), rhs_implication.lhs()), rhs_implication.rhs());
427 for(
const auto &instruction : gf_entry.second.body.instructions)
429 if(!instruction.is_function_call())
432 const auto &
function = instruction.call_function();
434 function.
id() != ID_symbol ||
439 const auto function_line =
function.source_location().as_string();
443 "allocated_memory' is "
444 "deprecated and scheduled for deletion "
446 log.
warning() <<
"Please avoid using this intrinsic. For more "
447 "information, please check issue "
451 instruction.call_arguments();
453 args.size() != 2 || args[0].type().id() != ID_unsignedbv ||
454 args[1].type().id() != ID_unsignedbv)
459 args[0].type() == args[1].type(),
460 "arguments of allocated_memory must have same type");
468 if(lhs.
id() == ID_index)
470 else if(lhs.
id() == ID_member)
472 else if(lhs.
id() == ID_symbol)
527 std::vector<exprt> disjuncts;
528 for(
const auto &enum_value : enum_values)
557 if(distance_type.
id() == ID_signedbv)
564 "shift distance is negative",
573 if(op_type.
id() == ID_unsignedbv || op_type.
id() == ID_signedbv)
580 "shift distance too large",
586 if(op_type.
id() == ID_signedbv && expr.
id() == ID_shl)
593 "shift operand is negative",
604 "shift of non-integer type",
641 const auto &type = expr.
type();
643 if(type.id() == ID_signedbv)
657 or_exprt(int_min_neq, minus_one_neq),
658 "result of signed mod is not representable",
674 if(type.
id() != ID_signedbv && type.
id() != ID_unsignedbv)
677 if(expr.
id() == ID_typecast)
682 const typet &old_type = op.type();
684 if(type.
id() == ID_signedbv)
688 if(old_type.
id() == ID_signedbv)
691 if(new_width >= old_width)
701 and_exprt(no_overflow_lower, no_overflow_upper),
702 "arithmetic overflow on signed type conversion",
708 else if(old_type.
id() == ID_unsignedbv)
711 if(new_width >= old_width + 1)
719 "arithmetic overflow on unsigned to signed type conversion",
725 else if(old_type.
id() == ID_floatbv)
739 and_exprt(no_overflow_lower, no_overflow_upper),
740 "arithmetic overflow on float to signed integer type conversion",
747 else if(type.
id() == ID_unsignedbv)
751 if(old_type.
id() == ID_signedbv)
755 if(new_width >= old_width - 1)
763 "arithmetic overflow on signed to unsigned type conversion",
779 and_exprt(no_overflow_lower, no_overflow_upper),
780 "arithmetic overflow on signed to unsigned type conversion",
787 else if(old_type.
id() == ID_unsignedbv)
790 if(new_width >= old_width)
798 "arithmetic overflow on unsigned to unsigned type conversion",
804 else if(old_type.
id() == ID_floatbv)
818 and_exprt(no_overflow_lower, no_overflow_upper),
819 "arithmetic overflow on float to unsigned integer type conversion",
847 if(expr.
id() == ID_div)
850 if(type.
id() == ID_signedbv)
861 "arithmetic overflow on signed division",
870 else if(expr.
id() == ID_unary_minus)
872 if(type.
id() == ID_signedbv)
882 "arithmetic overflow on signed unary minus",
888 else if(type.
id() == ID_unsignedbv)
898 "arithmetic overflow on unsigned unary minus",
907 else if(expr.
id() == ID_shl)
909 if(type.
id() == ID_signedbv)
912 const auto &op = shl_expr.op();
914 const auto op_width = op_type.get_width();
915 const auto &distance = shl_expr.distance();
916 const auto &distance_type = distance.type();
920 exprt neg_value_shift;
922 if(op_type.id() == ID_unsignedbv)
930 exprt neg_dist_shift;
932 if(distance_type.id() == ID_unsignedbv)
943 distance, ID_gt,
from_integer(op_width, distance_type));
948 new_type.set_width(op_width * 2);
959 bool allow_shift_into_sign_bit =
true;
967 allow_shift_into_sign_bit =
false;
970 else if(
mode == ID_cpp)
977 allow_shift_into_sign_bit =
false;
981 const unsigned number_of_top_bits =
982 allow_shift_into_sign_bit ? op_width : op_width + 1;
986 new_type.get_width() - 1,
987 new_type.get_width() - number_of_top_bits,
990 const exprt top_bits_zero =
1005 "arithmetic overflow on signed shl",
1023 for(std::size_t i = 1; i < expr.
operands().size(); i++)
1035 std::string kind = type.
id() == ID_unsignedbv ?
"unsigned" :
"signed";
1039 "arithmetic overflow on " + kind +
" " + expr.
id_string(),
1046 else if(expr.
operands().size() == 2)
1048 std::string kind = type.
id() == ID_unsignedbv ?
"unsigned" :
"signed";
1053 "arithmetic overflow on " + kind +
" " + expr.
id_string(),
1063 std::string kind = type.
id() == ID_unsignedbv ?
"unsigned" :
"signed";
1067 "arithmetic overflow on " + kind +
" " + expr.
id_string(),
1083 if(type.
id() != ID_floatbv)
1088 if(expr.
id() == ID_typecast)
1093 if(op.type().id() == ID_floatbv)
1099 std::move(overflow_check),
1100 "arithmetic overflow on floating-point typecast",
1111 "arithmetic overflow on floating-point typecast",
1120 else if(expr.
id() == ID_div)
1127 std::move(overflow_check),
1128 "arithmetic overflow on floating-point division",
1136 else if(expr.
id() == ID_mod)
1141 else if(expr.
id() == ID_unary_minus)
1146 else if(expr.
id() == ID_plus || expr.
id() == ID_mult || expr.
id() == ID_minus)
1156 std::string kind = expr.
id() == ID_plus
1158 : expr.
id() == ID_minus
1160 : expr.
id() == ID_mult ?
"multiplication" :
"";
1163 std::move(overflow_check),
1164 "arithmetic overflow on floating-point " + kind,
1172 else if(expr.
operands().size() >= 3)
1189 if(expr.
type().
id() != ID_floatbv)
1193 expr.
id() != ID_plus && expr.
id() != ID_mult && expr.
id() != ID_div &&
1194 expr.
id() != ID_minus)
1201 if(expr.
id() == ID_div)
1210 div_expr.op0(),
from_integer(0, div_expr.dividend().type())),
1212 div_expr.op1(),
from_integer(0, div_expr.divisor().type())));
1216 isnan =
or_exprt(zero_div_zero, div_inf);
1218 else if(expr.
id() == ID_mult)
1229 mult_expr.op1(),
from_integer(0, mult_expr.op1().type())));
1233 mult_expr.op1(),
from_integer(0, mult_expr.op1().type())),
1236 isnan =
or_exprt(inf_times_zero, zero_times_inf);
1238 else if(expr.
id() == ID_plus)
1259 else if(expr.
id() == ID_minus)
1308 "same object violation",
1314 for(
const auto &pointer : expr.
operands())
1321 for(
const auto &c : conditions)
1325 "pointer relation: " + c.description,
1326 "pointer arithmetic",
1342 if(expr.
id() != ID_plus && expr.
id() != ID_minus)
1347 "pointer arithmetic expected to have exactly 2 operands");
1352 if(object_type.
id() != ID_empty)
1359 exprt offset_operand = binary_expr.
lhs().
type().
id() == ID_pointer
1361 : binary_expr.
lhs();
1379 for(
const auto &c : conditions)
1383 "pointer arithmetic: " + c.description,
1384 "pointer arithmetic",
1393 const exprt &src_expr,
1403 if(expr.
type().
id() == ID_empty)
1415 size = size_of_expr_opt.value();
1420 for(
const auto &c : conditions)
1424 "dereference failure: " + c.description,
1425 "pointer dereference",
1442 const exprt pointer =
1443 (expr.
id() == ID_r_ok || expr.
id() == ID_w_ok || expr.
id() == ID_rw_ok)
1449 if(pointer.
id() == ID_symbol)
1457 const auto size_of_expr_opt =
1460 const exprt size = !size_of_expr_opt.has_value()
1462 : size_of_expr_opt.value();
1466 for(
const auto &c : conditions)
1471 "pointer primitives",
1491 expr.
id() == ID_w_ok || expr.
id() == ID_rw_ok ||
1492 expr.
id() == ID_is_dynamic_object;
1497 const exprt &address,
1504 conditions.push_front(*maybe_null_condition);
1519 if(expr.
id() == ID_index)
1522 (expr.
id() == ID_count_leading_zeros &&
1524 (expr.
id() == ID_count_trailing_zeros &&
1537 if(array_type.
id() == ID_pointer)
1538 throw "index got pointer as array type";
1539 else if(array_type.
id() != ID_array && array_type.
id() != ID_vector)
1540 throw "bounds check expected array or vector type, got " +
1549 if(index.
type().
id() != ID_unsignedbv)
1553 index.
id() == ID_typecast &&
1560 const auto i = numeric_cast<mp_integer>(index);
1562 if(!i.has_value() || *i < 0)
1574 effective_offset, p_offset.
type())};
1581 effective_offset, ID_ge, std::move(zero));
1585 name +
" lower bound",
1609 exprt in_bounds_of_some_explicit_allocation =
1615 std::move(in_bounds_of_some_explicit_allocation), inequality);
1619 name +
" dynamic object upper bound",
1628 const exprt &size = array_type.
id() == ID_array
1632 if(size.
is_nil() && !array_type.
get_bool(ID_C_flexible_array_member))
1637 else if(size.
id() == ID_infinity)
1641 expr.
array().
id() == ID_member &&
1652 const auto type_size_opt =
1663 name +
" upper bound",
1676 name +
" upper bound",
1690 if(expr.
id() == ID_count_leading_zeros)
1692 else if(expr.
id() == ID_count_trailing_zeros)
1699 "count " + name +
" zeros is undefined for value zero",
1707 const exprt &asserted_expr,
1709 const std::string &property_class,
1711 const exprt &src_expr,
1715 exprt simplified_expr =
1723 exprt guarded_expr = guard(simplified_expr);
1725 if(
assertions.insert(std::make_pair(src_expr, guarded_expr)).second)
1729 std::move(guarded_expr), source_location)
1731 std::move(guarded_expr), source_location));
1733 std::string source_expr_string;
1736 t->source_location_nonconst().set_comment(
1737 comment +
" in " + source_expr_string);
1738 t->source_location_nonconst().set_property_class(property_class);
1747 if(expr.
id() == ID_exists || expr.
id() == ID_forall)
1750 if(expr.
id() == ID_dereference)
1754 else if(expr.
id() == ID_index)
1762 for(
const auto &operand : expr.
operands())
1770 expr.
id() == ID_and || expr.
id() == ID_or || expr.
id() == ID_implies);
1773 "'" + expr.
id_string() +
"' must be Boolean, but got " + expr.
pretty());
1777 for(
const auto &op : expr.
operands())
1781 "'" + expr.
id_string() +
"' takes Boolean operands only, but got " +
1784 auto new_guard = [&guard, &constraints](
exprt expr) {
1798 "first argument of if must be boolean, but got " + if_expr.
cond().
pretty());
1803 auto new_guard = [&guard, &if_expr](
exprt expr) {
1810 auto new_guard = [&guard, &if_expr](
exprt expr) {
1834 if(member_offset_opt.has_value())
1864 if(div_expr.
type().
id() == ID_signedbv)
1866 else if(div_expr.
type().
id() == ID_floatbv)
1877 if(expr.
type().
id() == ID_signedbv || expr.
type().
id() == ID_unsignedbv)
1882 expr.
operands().size() == 2 && expr.
id() == ID_minus &&
1883 expr.
operands()[0].type().id() == ID_pointer &&
1884 expr.
operands()[1].type().id() == ID_pointer)
1889 else if(expr.
type().
id() == ID_floatbv)
1894 else if(expr.
type().
id() == ID_pointer)
1902 if(expr.
id() == ID_exists || expr.
id() == ID_forall)
1907 auto new_guard = [&guard, &quantifier_expr](
exprt expr) {
1908 return guard(
forall_exprt(quantifier_expr.symbol(), expr));
1911 check_rec(quantifier_expr.where(), new_guard);
1914 else if(expr.
id() == ID_address_of)
1919 else if(expr.
id() == ID_and || expr.
id() == ID_or || expr.
id() == ID_implies)
1924 else if(expr.
id() == ID_if)
1930 expr.
id() == ID_member &&
1940 if(expr.
type().
id() == ID_c_enum_tag)
1943 if(expr.
id() == ID_index)
1947 else if(expr.
id() == ID_div)
1951 else if(expr.
id() == ID_shl || expr.
id() == ID_ashr || expr.
id() == ID_lshr)
1955 if(expr.
id() == ID_shl && expr.
type().
id() == ID_signedbv)
1958 else if(expr.
id() == ID_mod)
1964 expr.
id() == ID_plus || expr.
id() == ID_minus || expr.
id() == ID_mult ||
1965 expr.
id() == ID_unary_minus)
1969 else if(expr.
id() == ID_typecast)
1972 expr.
id() == ID_le || expr.
id() == ID_lt || expr.
id() == ID_ge ||
1975 else if(expr.
id() == ID_dereference)
1984 expr.
id() == ID_count_leading_zeros || expr.
id() == ID_count_trailing_zeros)
1998 bool modified =
false;
2003 if(op_result.has_value())
2010 if(expr.
id() == ID_r_ok || expr.
id() == ID_w_ok || expr.
id() == ID_rw_ok)
2014 expr.
operands().size() == 2,
"r/w_ok must have two operands");
2021 for(
const auto &c : conditions)
2022 conjuncts.push_back(c.assertion);
2030 return std::move(expr);
2036 const irep_idt &function_identifier,
2039 const auto &function_symbol =
ns.
lookup(function_identifier);
2040 mode = function_symbol.mode;
2047 bool did_something =
false;
2050 util_make_unique<local_bitvector_analysist>(goto_function,
ns);
2061 for(
const auto &d : pragmas)
2065 if(matched.has_value())
2067 auto named_check = matched.value();
2068 auto name = named_check.first;
2069 auto status = named_check.second;
2073 case check_statust::ENABLE:
2074 resetter.
set_flag(*flag,
true, name);
2076 case check_statust::DISABLE:
2077 resetter.
set_flag(*flag,
false, name);
2079 case check_statust::CHECKED:
2113 t->source_location_nonconst().set_property_class(
"error label");
2114 t->source_location_nonconst().set_comment(
"error label " + label);
2115 t->source_location_nonconst().set(
"user-provided",
true);
2122 const irep_idt &statement = code.get_statement();
2124 if(statement == ID_expression)
2128 else if(statement == ID_printf)
2130 for(
const auto &op : code.operands())
2195 std::move(address_of_expr),
2223 "dynamically allocated memory never freed",
2235 if(instruction.source_location().is_nil())
2237 instruction.source_location_nonconst().id(
irep_idt());
2239 if(!it->source_location().get_file().empty())
2240 instruction.source_location_nonconst().set_file(
2241 it->source_location().get_file());
2243 if(!it->source_location().get_line().empty())
2244 instruction.source_location_nonconst().set_line(
2245 it->source_location().get_line());
2247 if(!it->source_location().get_function().empty())
2248 instruction.source_location_nonconst().set_function(
2249 it->source_location().get_function());
2251 if(!it->source_location().get_column().empty())
2253 instruction.source_location_nonconst().set_column(
2254 it->source_location().get_column());
2276 const exprt &address,
2286 const exprt in_bounds_of_some_explicit_allocation =
2301 in_bounds_of_some_explicit_allocation,
2303 "deallocated dynamic object"));
2310 in_bounds_of_some_explicit_allocation,
2317 const or_exprt object_bounds_violation(
2323 in_bounds_of_some_explicit_allocation,
2325 "pointer outside dynamic object bounds"));
2330 const or_exprt object_bounds_violation(
2336 in_bounds_of_some_explicit_allocation,
2338 "pointer outside object bounds"));
2346 "invalid integer address"));
2354 const exprt &address,
2375 const exprt &pointer,
2389 std::move(upper_bound), ID_le,
plus_exprt{a.first, a.second}};
2391 alloc_disjuncts.push_back(
2392 and_exprt{std::move(lb_check), std::move(ub_check)});
2398 const irep_idt &function_identifier,
2405 goto_check.
goto_check(function_identifier, goto_function);
2420 goto_check.
goto_check(gf_entry.first, gf_entry.second);
2452 auto col = s.find(
":");
2454 if(col == std::string::npos)
2457 auto name = s.substr(col + 1);
2463 if(!s.compare(0, 6,
"enable"))
2464 status = check_statust::ENABLE;
2465 else if(!s.compare(0, 7,
"disable"))
2466 status = check_statust::DISABLE;
2467 else if(!s.compare(0, 7,
"checked"))
2468 status = check_statust::CHECKED;
2473 return std::pair<irep_idt, check_statust>{name, status};
Class that provides messages with a built-in verbosity 'level'.
#define Forall_goto_program_instructions(it, program)
#define UNREACHABLE
This should be used to mark dead code.
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
const r_or_w_ok_exprt & to_r_or_w_ok_expr(const exprt &expr)
std::string array_name(const namespacet &ns, const exprt &expr)
const unsignedbv_typet & to_unsignedbv_type(const typet &type)
Cast a typet to an unsignedbv_typet.
static exprt conditional_cast(const exprt &expr, const typet &type)
void collect_allocations(const goto_functionst &goto_functions)
Fill the list of allocations allocationst with <address, size> for every allocation instruction.
void undefined_shift_check(const shift_exprt &, const guardt &)
const unary_exprt & to_unary_expr(const exprt &expr)
Cast an exprt to a unary_exprt.
A base class for multi-ary expressions Associativity is not specified.
bool has_subexpr(const exprt &expr, const std::function< bool(const exprt &)> &pred)
returns true if the expression has a subexpression that satisfies pred
std::string as_string() const
exprt conjunction(const exprt::operandst &op)
1) generates a conjunction for two or more operands 2) for one operand, returns the operand 3) return...
const div_exprt & to_div_expr(const exprt &expr)
Cast an exprt to a div_exprt.
optionalt< goto_check_ct::conditiont > get_pointer_is_null_condition(const exprt &address, const exprt &size)
void check_rec_if(const if_exprt &if_expr, const guardt &guard)
Check an if expression: check the if-condition alone, and then check the true/false-cases with the gu...
void nan_check(const exprt &, const guardt &)
void check_rec_div(const div_exprt &div_expr, const guardt &guard)
Check that a division is valid: check for division by zero, overflow and NaN (for floating point numb...
bool enable_pointer_check
void build(const exprt &expr, const namespacet &ns)
Given an expression expr, attempt to find the underlying object it represents by skipping over type c...
void set_function(const irep_idt &function)
bool enable_div_by_zero_check
exprt null_pointer(const exprt &pointer)
const goto_instruction_codet & get_other() const
Get the statement for OTHER.
flag_overridet(const source_locationt &source_location)
const dereference_exprt & to_dereference_expr(const exprt &expr)
Cast an exprt to a dereference_exprt.
source_locationt & source_location_nonconst()
void integer_overflow_check(const exprt &, const guardt &)
#define CHECK_RETURN(CONDITION)
std::string array_name(const exprt &)
The type of an expression, extends irept.
const irept::named_subt & get_pragmas() const
conditionst get_pointer_dereferenceable_conditions(const exprt &address, const exprt &size)
bool enable_assert_to_assume
std::string pretty(unsigned indent=0, unsigned max_indent=0) const
const floatbv_typet & to_floatbv_type(const typet &type)
Cast a typet to a floatbv_typet.
const index_exprt & to_index_expr(const exprt &expr)
Cast an exprt to an index_exprt.
const if_exprt & to_if_expr(const exprt &expr)
Cast an exprt to an if_exprt.
named_check_statust match_named_check(const irep_idt &named_check) const
Matches a named-check string of the form.
void bounds_check(const exprt &, const guardt &)
typet type
Type of symbol.
Operator to dereference a pointer.
const constant_exprt & size() const
bool is_dynamic_heap() const
The trinary if-then-else operator.
void remove_skip(goto_programt &goto_program, goto_programt::targett begin, goto_programt::targett end)
remove unnecessary skip statements
std::vector< c_enum_membert > memberst
void mod_overflow_check(const mod_exprt &, const guardt &)
check a mod expression for the case INT_MIN % -1
std::set< std::pair< exprt, exprt > > assertionst
bool enable_signed_overflow_check
Split an expression into a base object and a (byte) offset.
std::unique_ptr< languaget > get_language_from_mode(const irep_idt &mode)
Get the language corresponding to the given mode.
void add_pragma(const irep_idt &pragma)
targett add(instructiont &&instruction)
Adds a given instruction at the end.
The plus expression Associativity is not specified.
void transform(std::function< optionalt< exprt >(exprt)>)
Apply given transformer to all expressions; no return value means no change needed.
std::map< irep_idt, bool * > name_to_flag
Maps a named-check name to the corresponding boolean flag.
Base class for all expressions.
Generic base class for unary expressions.
A base class for binary expressions.
const union_typet & follow_tag(const union_tag_typet &) const
Follow type tag of union type.
void invalidate(const exprt &lhs)
Remove all assertions containing the symbol in lhs as well as all assertions containing dereference.
std::list< std::string > value_listt
void check_rec_logical_op(const exprt &expr, const guardt &guard)
Check a logical operation: check each operand in separation while extending the guarding condition as...
bool is_true() const
Return whether the expression is a constant representing true.
optionalt< std::pair< irep_idt, check_statust > > named_check_statust
optional (named-check, status) pair
struct configt::ansi_ct ansi_c
const bitvector_typet & to_bitvector_type(const typet &type)
Cast a typet to a bitvector_typet.
std::set< bool * > disabled_flags
exprt make_binary(const exprt &expr)
splits an expression with >=3 operands into nested binary expressions
function_mapt function_map
Expression to hold a symbol (variable)
void check_rec_address(const exprt &expr, const guardt &guard)
Check an address-of expression: if it is a dereference then check the pointer if it is an index then ...
std::map< bool *, bool > flags_to_reset
void pointer_primitive_check(const exprt &expr, const guardt &guard)
Generates VCCs to check that pointers passed to pointer primitives are either null or valid.
const minus_exprt & to_minus_expr(const exprt &expr)
Cast an exprt to a minus_exprt.
const exprt::operandst & call_arguments() const
Get the arguments of a FUNCTION_CALL.
static instructiont make_assignment(const code_assignt &_code, const source_locationt &l=source_locationt::nil())
Create an assignment instruction.
void goto_check_c(const irep_idt &function_identifier, goto_functionst::goto_functiont &goto_function, const namespacet &ns, const optionst &options, message_handlert &message_handler)
Fixed-width bit-vector with unsigned binary interpretation.
static const exprt & root_object(const exprt &expr)
const binary_exprt & to_binary_expr(const exprt &expr)
Cast an exprt to a binary_exprt.
const exprt & pointer() const
std::list< conditiont > conditionst
bool enable_float_overflow_check
const exprt & size() const
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
typet & type()
Return the type of the expression.
bool lookup(const irep_idt &name, const symbolt *&symbol) const override
See documentation for namespace_baset::lookup().
bool enable_unsigned_overflow_check
goto_programt::const_targett current_target
void check_rec_arithmetic_op(const exprt &expr, const guardt &guard)
Check that an arithmetic operation is valid: overflow check, NaN-check (for floating point numbers),...
exprt disjunction(const exprt::operandst &op)
1) generates a disjunction for two or more operands 2) for one operand, returns the operand 3) return...
goto_functionst::goto_functiont goto_functiont
optionalt< exprt > rw_ok_check(exprt)
expand the r_ok, w_ok and rw_ok predicates
static instructiont make_assertion(const exprt &g, const source_locationt &l=source_locationt::nil())
void check(const exprt &expr)
Initiate the recursively analysis of expr with its ‘guard’ set to TRUE.
bool has_prefix(const std::string &s, const std::string &prefix)
const mod_exprt & to_mod_expr(const exprt &expr)
Cast an exprt to a mod_exprt.
bool enable_pointer_primitive_check
void enum_range_check(const exprt &, const guardt &)
#define DATA_INVARIANT(CONDITION, REASON)
This condition should be used to document that assumptions that are made on goto_functions,...
const mult_exprt & to_mult_expr(const exprt &expr)
Cast an exprt to a mult_exprt.
bool can_cast_expr< object_size_exprt >(const exprt &base)
The null pointer constant.
const symbol_exprt & dead_symbol() const
Get the symbol for DEAD.
const std::string & id2string(const irep_idt &d)
void float_overflow_check(const exprt &, const guardt &)
const source_locationt & source_location() const
static optionalt< smt_termt > get_identifier(const exprt &expr, const std::unordered_map< exprt, smt_identifier_termt, irep_hash > &expression_handle_identifiers, const std::unordered_map< exprt, smt_identifier_termt, irep_hash > &expression_identifiers)
conditiont(const exprt &_assertion, const std::string &_description)
const c_enum_tag_typet & to_c_enum_tag_type(const typet &type)
Cast a typet to a c_enum_tag_typet.
#define forall_operands(it, expr)
static exprt implication(exprt lhs, exprt rhs)
bool enable_undefined_shift_check
A Boolean expression returning true, iff operation kind would result in an overflow when applied to o...
const exprt & struct_op() const
A base class for expressions that are predicates, i.e., Boolean-typed, and that take exactly two argu...
#define PRECONDITION(CONDITION)
const source_locationt & find_source_location() const
Get a source_locationt from the expression or from its operands (non-recursively).
const irep_idt & get_identifier() const
exprt boolean_negate(const exprt &src)
negate a Boolean expression, possibly removing a not_exprt, and swapping false and true
~flag_overridet()
Restore the values of all flags that have been modified via set_flag.
exprt object_upper_bound(const exprt &pointer, const exprt &access_size)
std::unique_ptr< local_bitvector_analysist > local_bitvector_analysis
class symbol_exprt symbol_expr() const
Produces a symbol_exprt for a symbol.
bool is_integer_address() const
const plus_exprt & to_plus_expr(const exprt &expr)
Cast an exprt to a plus_exprt.
const source_locationt & source_location
std::list< allocationt > allocationst
void conversion_check(const exprt &, const guardt &)
std::function< exprt(exprt)> guardt
exprt deallocated(const exprt &pointer, const namespacet &ns)
const std::string & id_string() const
bool simplify(exprt &expr, const namespacet &ns)
exprt dead_object(const exprt &pointer, const namespacet &ns)
Binary multiplication Associativity is not specified.
const pointer_typet & to_pointer_type(const typet &type)
Cast a typet to a pointer_typet.
exprt simplify_expr(exprt src, const namespacet &ns)
exprt integer_address(const exprt &pointer)
bool has_condition() const
Does this instruction have a condition?
const unary_minus_exprt & to_unary_minus_expr(const exprt &expr)
Cast an exprt to a unary_minus_exprt.
void pointer_validity_check(const dereference_exprt &expr, const exprt &src_expr, const guardt &guard)
Generates VCCs for the validity of the given dereferencing operation.
pointer_typet pointer_type(const typet &subtype)
bool is_set_return_value() const
const symbol_exprt & to_symbol_expr(const exprt &expr)
Cast an exprt to a symbol_exprt.
void check_rec(const exprt &expr, const guardt &guard)
Recursively descend into expr and run the appropriate check for each sub-expression,...
exprt object_size(const exprt &pointer)
bool is_static_lifetime() const
const irep_idt & id() const
bool is_end_function() const
A goto function, consisting of function body (see body) and parameter identifiers (see parameter_iden...
std::vector< exprt > operandst
exprt::operandst argumentst
const count_trailing_zeros_exprt & to_count_trailing_zeros_expr(const exprt &expr)
Cast an exprt to a count_trailing_zeros_exprt.
The Boolean constant false.
const shl_exprt & to_shl_expr(const exprt &expr)
Cast an exprt to a shl_exprt.
bool enable_enum_range_check
const exprt & call_lhs() const
Get the lhs of a FUNCTION_CALL (may be nil)
const exprt & assign_rhs() const
Get the rhs of the assignment for ASSIGN.
bool enable_memory_leak_check
bool is_dynamic_local() const
void from_integer(const mp_integer &i)
exprt object_lower_bound(const exprt &pointer, const exprt &offset)
nonstd::optional< T > optionalt
void mod_by_zero_check(const mod_exprt &, const guardt &)
std::pair< exprt, exprt > allocationt
void bounds_check_index(const index_exprt &, const guardt &)
exprt pointer_offset(const exprt &pointer)
const shift_exprt & to_shift_expr(const exprt &expr)
Cast an exprt to a shift_exprt.
exprt null_object(const exprt &pointer)
void pointer_overflow_check(const exprt &, const guardt &)
conditionst get_pointer_points_to_valid_memory_conditions(const exprt &address, const exprt &size)
void clear()
Clear the goto program.
static ieee_floatt plus_infinity(const ieee_float_spect &_spec)
const exprt & return_value() const
Get the return value of a SET_RETURN_VALUE instruction.
const signedbv_typet & to_signedbv_type(const typet &type)
Cast a typet to a signedbv_typet.
bitvector_typet char_type()
void add_all_disable_named_check_pragmas(source_locationt &source_location) const
Adds "disable" pragmas for all named checks on the given source location.
void set_flag(bool &flag, bool new_value, const irep_idt &flag_name)
Store the current value of flag and then set its value to new_value.
void goto_check(const irep_idt &function_identifier, goto_functiont &goto_function)
std::size_t get_width() const
A side_effect_exprt that returns a non-deterministically chosen value.
::goto_functiont goto_functiont
bool is_zero() const
Return whether the expression is a constant representing 0.
Extract member of struct or union.
instructionst instructions
The list of instructions in the goto program.
exprt & divisor()
The divisor of a division is the number the dividend is being divided by.
Deprecated expression utility functions.
A collection of goto functions.
A base class for shift and rotate operators.
C enum tag type, i.e., c_enum_typet with an identifier.
optionalt< mp_integer > pointer_offset_size(const typet &type, const namespacet &ns)
Compute the size of a type in bytes, rounding up to full bytes.
goto_functionst goto_functions
GOTO functions.
const quantifier_exprt & to_quantifier_expr(const exprt &expr)
Cast an exprt to a quantifier_exprt.
A Boolean expression returning true, iff negation would result in an overflow when applied to the (si...
const exprt & assign_lhs() const
Get the lhs of the assignment for ASSIGN.
Evaluates to true if the operand is infinite.
void add_guarded_property(const exprt &asserted_expr, const std::string &comment, const std::string &property_class, const source_locationt &source_location, const exprt &src_expr, const guardt &guard)
Include the asserted_expr in the code conditioned by the guard.
const implies_exprt & to_implies_expr(const exprt &expr)
Cast an exprt to a implies_exprt.
const typecast_exprt & to_typecast_expr(const exprt &expr)
Cast an exprt to a typecast_exprt.
enum configt::ansi_ct::c_standardt c_standard
goto_check_ct(const namespacet &_ns, const optionst &_options, message_handlert &_message_handler)
bool get_bool_option(const std::string &option) const
void bounds_check_bit_count(const unary_exprt &, const guardt &)
optionst::value_listt error_labelst
A base class for relations, i.e., binary predicates whose two operands have the same type.
bool has_symbol_expr(const exprt &src, const irep_idt &identifier, bool include_bound_symbols)
Returns true if one of the symbol expressions in src has identifier identifier; if include_bound_symb...
exprt is_in_bounds_of_some_explicit_allocation(const exprt &pointer, const exprt &size)
const typet & base_type() const
The type of the data what we point to.
bool is_uninitialized() const
const array_typet & to_array_type(const typet &type)
Cast a typet to an array_typet.
exprt same_object(const exprt &p1, const exprt &p2)
void disable_flag(bool &flag, const irep_idt &flag_name)
Sets the given flag to false, overriding any previous value.
A generic container class for the GOTO intermediate representation of one function.
void div_by_zero_check(const div_exprt &, const guardt &)
bool check_rec_member(const member_exprt &member, const guardt &guard)
Check that a member expression is valid:
const vector_typet & to_vector_type(const typet &type)
Cast a typet to a vector_typet.
optionalt< exprt > size_of_expr(const typet &type, const namespacet &ns)
const member_exprt & to_member_expr(const exprt &expr)
Cast an exprt to a member_exprt.
instructionst::const_iterator const_targett
constant_exprt to_expr() const
const exprt & condition() const
Get the condition of gotos, assume, assert.
static instructiont make_assumption(const exprt &g, const source_locationt &l=source_locationt::nil())
const address_of_exprt & to_address_of_expr(const exprt &expr)
Cast an exprt to an address_of_exprt.
check_statust
activation statuses for named checks
static irep_idt entry_point()
Get the identifier of the entry point to a goto model.
Operator to return the address of an object.
source_locationt & add_source_location()
void insert_before_swap(targett target)
Insertion that preserves jumps to "target".
Semantic type conversion.
signedbv_typet pointer_diff_type()
The pointer type These are both 'bitvector_typet' (they have a width) and 'type_with_subtypet' (they ...
unsignedbv_typet size_type()
A constant literal expression.
bool enable_conversion_check
IEEE-floating-point equality.
bool is_function_call() const
bool is_boolean() const
Return whether the expression represents a Boolean.
static bool is_built_in(const std::string &s)
mstreamt & warning() const
optionalt< exprt > member_offset_expr(const member_exprt &member_expr, const namespacet &ns)
static std::string comment(const rw_set_baset::entryt &entry, bool write)
const multi_ary_exprt & to_multi_ary_expr(const exprt &expr)
Cast an exprt to a multi_ary_exprt.
This class represents an instruction in the GOTO intermediate representation.
const binary_relation_exprt & to_binary_relation_expr(const exprt &expr)
Cast an exprt to a binary_relation_exprt.
bool is_target() const
Is this node a branch target?
const irep_idt & get_value() const
const source_locationt & source_location() const
symbol_tablet symbol_table
Symbol table.
void add_active_named_check_pragmas(source_locationt &source_location) const
Adds "checked" pragmas for all currently active named checks on the given source location.
void pointer_rel_check(const binary_exprt &, const guardt &)
bool enable_pointer_overflow_check
bool requires_pointer_primitive_check(const exprt &expr)
Returns true if the given expression is a pointer primitive that requires validation of the operand t...
const exprt & call_function() const
Get the function that is called for FUNCTION_CALL.
const value_listt & get_list_option(const std::string &option) const
bool get_bool(const irep_idt &name) const
static ieee_floatt minus_infinity(const ieee_float_spect &_spec)
instructionst::iterator targett
const count_leading_zeros_exprt & to_count_leading_zeros_expr(const exprt &expr)
Cast an exprt to a count_leading_zeros_exprt.
Modulo defined as lhs-(rhs * truncate(lhs/rhs)).
const memberst & members() const
error_labelst error_labels
enum configt::cppt::cpp_standardt cpp_standard
1.8.17