CBMC
ssa_step.cpp
Go to the documentation of this file.
1 /*******************************************************************\
2 
3 Module: Symbolic Execution
4 
5 Author: Romain Brenguier <romain.brenguier@diffblue.com>
6 
7 *******************************************************************/
8 
9 #include "ssa_step.h"
10 
11 #include <util/format_expr.h>
12 
13 void SSA_stept::output(std::ostream &out) const
14 {
15  out << "Thread " << source.thread_nr;
16 
17  if(source.pc->source_location().is_not_nil())
18  out << " " << source.pc->source_location() << '\n';
19  else
20  out << '\n';
21 
22  switch(type)
23  {
24  case goto_trace_stept::typet::ASSERT:
25  out << "ASSERT " << format(cond_expr) << '\n';
26  break;
27  case goto_trace_stept::typet::ASSUME:
28  out << "ASSUME " << format(cond_expr) << '\n';
29  break;
30  case goto_trace_stept::typet::LOCATION:
31  out << "LOCATION" << '\n';
32  break;
33  case goto_trace_stept::typet::INPUT:
34  out << "INPUT" << '\n';
35  break;
36  case goto_trace_stept::typet::OUTPUT:
37  out << "OUTPUT" << '\n';
38  break;
39 
40  case goto_trace_stept::typet::DECL:
41  out << "DECL" << '\n';
42  out << format(ssa_lhs) << '\n';
43  break;
44 
45  case goto_trace_stept::typet::ASSIGNMENT:
46  out << "ASSIGNMENT (";
47  switch(assignment_type)
48  {
49  case symex_targett::assignment_typet::HIDDEN:
50  out << "HIDDEN";
51  break;
52  case symex_targett::assignment_typet::STATE:
53  out << "STATE";
54  break;
55  case symex_targett::assignment_typet::VISIBLE_ACTUAL_PARAMETER:
56  out << "VISIBLE_ACTUAL_PARAMETER";
57  break;
58  case symex_targett::assignment_typet::HIDDEN_ACTUAL_PARAMETER:
59  out << "HIDDEN_ACTUAL_PARAMETER";
60  break;
61  case symex_targett::assignment_typet::PHI:
62  out << "PHI";
63  break;
64  case symex_targett::assignment_typet::GUARD:
65  out << "GUARD";
66  break;
67  default:
68  {
69  }
70  }
71 
72  out << ")\n";
73  break;
74 
75  case goto_trace_stept::typet::DEAD:
76  out << "DEAD\n";
77  break;
78  case goto_trace_stept::typet::FUNCTION_CALL:
79  out << "FUNCTION_CALL\n";
80  break;
81  case goto_trace_stept::typet::FUNCTION_RETURN:
82  out << "FUNCTION_RETURN\n";
83  break;
84  case goto_trace_stept::typet::CONSTRAINT:
85  out << "CONSTRAINT\n";
86  break;
87  case goto_trace_stept::typet::SHARED_READ:
88  out << "SHARED READ\n";
89  break;
90  case goto_trace_stept::typet::SHARED_WRITE:
91  out << "SHARED WRITE\n";
92  break;
93  case goto_trace_stept::typet::ATOMIC_BEGIN:
94  out << "ATOMIC_BEGIN\n";
95  break;
96  case goto_trace_stept::typet::ATOMIC_END:
97  out << "AUTOMIC_END\n";
98  break;
99  case goto_trace_stept::typet::SPAWN:
100  out << "SPAWN\n";
101  break;
102  case goto_trace_stept::typet::MEMORY_BARRIER:
103  out << "MEMORY_BARRIER\n";
104  break;
105  case goto_trace_stept::typet::GOTO:
106  out << "IF " << format(cond_expr) << " GOTO\n";
107  break;
108 
109  case goto_trace_stept::typet::NONE:
110  UNREACHABLE;
111  }
112 
113  if(is_assert() || is_assume() || is_assignment() || is_constraint())
114  out << format(cond_expr) << '\n';
115 
116  if(is_assert() || is_constraint())
117  out << comment << '\n';
118 
119  if(is_shared_read() || is_shared_write())
120  out << format(ssa_lhs) << '\n';
121 
122  out << "Guard: " << format(guard) << '\n';
123 }
124 
128 void SSA_stept::validate(const namespacet &ns, const validation_modet vm) const
129 {
130  validate_full_expr(guard, ns, vm);
131 
132  switch(type)
133  {
134  case goto_trace_stept::typet::ASSERT:
135  case goto_trace_stept::typet::ASSUME:
136  case goto_trace_stept::typet::GOTO:
137  case goto_trace_stept::typet::CONSTRAINT:
138  validate_full_expr(cond_expr, ns, vm);
139  break;
140  case goto_trace_stept::typet::DECL:
141  validate_full_expr(ssa_lhs, ns, vm);
142  validate_full_expr(ssa_full_lhs, ns, vm);
143  validate_full_expr(original_full_lhs, ns, vm);
144  break;
145  case goto_trace_stept::typet::ASSIGNMENT:
146  validate_full_expr(ssa_lhs, ns, vm);
147  validate_full_expr(ssa_full_lhs, ns, vm);
148  validate_full_expr(original_full_lhs, ns, vm);
149  validate_full_expr(ssa_rhs, ns, vm);
150  DATA_CHECK(
151  vm,
152  ssa_lhs.get_original_expr().type() == ssa_rhs.type(),
153  "Type inequality in SSA assignment\nlhs-type: " +
154  ssa_lhs.get_original_expr().type().id_string() +
155  "\nrhs-type: " + ssa_rhs.type().id_string());
156  break;
157  case goto_trace_stept::typet::INPUT:
158  case goto_trace_stept::typet::OUTPUT:
159  for(const auto &expr : io_args)
160  validate_full_expr(expr, ns, vm);
161  break;
162  case goto_trace_stept::typet::FUNCTION_CALL:
163  for(const auto &expr : ssa_function_arguments)
164  validate_full_expr(expr, ns, vm);
165  case goto_trace_stept::typet::FUNCTION_RETURN:
166  {
167  const symbolt *symbol;
168  DATA_CHECK(
169  vm,
170  called_function.empty() || !ns.lookup(called_function, symbol),
171  "unknown function identifier " + id2string(called_function));
172  }
173  break;
174  case goto_trace_stept::typet::NONE:
175  case goto_trace_stept::typet::LOCATION:
176  case goto_trace_stept::typet::DEAD:
177  case goto_trace_stept::typet::SHARED_READ:
178  case goto_trace_stept::typet::SHARED_WRITE:
179  case goto_trace_stept::typet::SPAWN:
180  case goto_trace_stept::typet::MEMORY_BARRIER:
181  case goto_trace_stept::typet::ATOMIC_BEGIN:
182  case goto_trace_stept::typet::ATOMIC_END:
183  break;
184  }
185 }
186 
187 irep_idt SSA_stept::get_property_id() const
188 {
189  PRECONDITION(is_assert());
190 
191  irep_idt property_id;
192 
193  if(source.pc->is_assert())
194  {
195  property_id = source.pc->source_location().get_property_id();
196  }
197  else if(source.pc->is_goto())
198  {
199  // this is likely an unwinding assertion
200  property_id = id2string(source.pc->source_location().get_function()) +
201  ".unwind." + std::to_string(source.pc->loop_number);
202  }
203  else if(source.pc->is_function_call())
204  {
205  // this is likely a recursion unwinding assertion
206  property_id =
207  id2string(source.pc->source_location().get_function()) + ".recursion";
208  }
209  else
210  {
211  UNREACHABLE;
212  }
213 
214  return property_id;
215 }
216 
217 SSA_assignment_stept::SSA_assignment_stept(
218  symex_targett::sourcet source,
219  exprt _guard,
220  ssa_exprt _ssa_lhs,
221  exprt _ssa_full_lhs,
222  exprt _original_full_lhs,
223  exprt _ssa_rhs,
224  symex_targett::assignment_typet _assignment_type)
225  : SSA_stept(source, goto_trace_stept::typet::ASSIGNMENT)
226 {
227  guard = std::move(_guard);
228  ssa_lhs = std::move(_ssa_lhs);
229  ssa_full_lhs = std::move(_ssa_full_lhs);
230  original_full_lhs = std::move(_original_full_lhs);
231  ssa_rhs = std::move(_ssa_rhs);
232  assignment_type = _assignment_type;
233  cond_expr = equal_exprt{ssa_lhs, ssa_rhs};
234  hidden = assignment_type != symex_targett::assignment_typet::STATE &&
235  assignment_type !=
236  symex_targett::assignment_typet::VISIBLE_ACTUAL_PARAMETER;
237 }
UNREACHABLE
#define UNREACHABLE
This should be used to mark dead code.
Definition: invariant.h:503
dstringt
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Definition: dstring.h:36
SSA_assignment_stept::SSA_assignment_stept
SSA_assignment_stept(symex_targett::sourcet source, exprt guard, ssa_exprt ssa_lhs, exprt ssa_full_lhs, exprt original_full_lhs, exprt ssa_rhs, symex_targett::assignment_typet assignment_type)
Definition: ssa_step.cpp:217
symex_targett::assignment_typet
assignment_typet
Definition: symex_target.h:68
SSA_stept::validate
void validate(const namespacet &ns, const validation_modet vm) const
Check that the SSA step is well-formed.
Definition: ssa_step.cpp:128
format
static format_containert< T > format(const T &o)
Definition: format.h:37
goto_trace_stept::typet::LOCATION
@ LOCATION
DATA_CHECK
#define DATA_CHECK(vm, condition, message)
This macro takes a condition which denotes a well-formedness criterion on goto programs,...
Definition: validate.h:22
SSA_stept::output
void output(std::ostream &out) const
Definition: ssa_step.cpp:13
goto_trace_stept::typet::ASSUME
@ ASSUME
SSA_stept::comment
std::string comment
Definition: ssa_step.h:151
typet
The type of an expression, extends irept.
Definition: type.h:28
SSA_stept
Single SSA step in the equation.
Definition: ssa_step.h:46
symex_targett::sourcet::pc
goto_programt::const_targett pc
Definition: symex_target.h:42
SSA_stept::is_assert
bool is_assert() const
Definition: ssa_step.h:52
symex_targett::sourcet::thread_nr
unsigned thread_nr
Definition: symex_target.h:38
SSA_stept::assignment_type
symex_targett::assignment_typet assignment_type
Definition: ssa_step.h:146
exprt
Base class for all expressions.
Definition: expr.h:55
to_string
std::string to_string(const string_not_contains_constraintt &expr)
Used for debug printing.
Definition: string_constraint.cpp:58
SSA_stept::guard
exprt guard
Definition: ssa_step.h:139
goto_trace_stept
Step of the trace of a GOTO program.
Definition: goto_trace.h:49
SSA_stept::source
symex_targett::sourcet source
Definition: ssa_step.h:49
SSA_stept::called_function
irep_idt called_function
Definition: ssa_step.h:165
equal_exprt
Equality.
Definition: std_expr.h:1305
ssa_exprt::get_original_expr
const exprt & get_original_expr() const
Definition: ssa_expr.h:33
SSA_stept::ssa_function_arguments
std::vector< exprt > ssa_function_arguments
Definition: ssa_step.h:168
ssa_step.h
SSA_stept::is_constraint
bool is_constraint() const
Definition: ssa_step.h:72
symex_targett::assignment_typet::STATE
@ STATE
SSA_stept::is_shared_write
bool is_shared_write() const
Definition: ssa_step.h:107
SSA_stept::is_shared_read
bool is_shared_read() const
Definition: ssa_step.h:102
symex_targett::assignment_typet::VISIBLE_ACTUAL_PARAMETER
@ VISIBLE_ACTUAL_PARAMETER
SSA_stept::io_args
std::list< exprt > io_args
Definition: ssa_step.h:161
ssa_exprt
Expression providing an SSA-renamed symbol of expressions.
Definition: ssa_expr.h:16
namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition: namespace.h:90
exprt::type
typet & type()
Return the type of the expression.
Definition: expr.h:84
namespacet::lookup
bool lookup(const irep_idt &name, const symbolt *&symbol) const override
See documentation for namespace_baset::lookup().
Definition: namespace.cpp:138
goto_trace_stept::typet::OUTPUT
@ OUTPUT
goto_trace_stept::typet::FUNCTION_RETURN
@ FUNCTION_RETURN
goto_trace_stept::typet::DECL
@ DECL
SSA_stept::ssa_lhs
ssa_exprt ssa_lhs
Definition: ssa_step.h:143
id2string
const std::string & id2string(const irep_idt &d)
Definition: irep.h:47
symex_targett::assignment_typet::HIDDEN_ACTUAL_PARAMETER
@ HIDDEN_ACTUAL_PARAMETER
goto_trace_stept::typet::ASSERT
@ ASSERT
goto_trace_stept::typet::NONE
@ NONE
SSA_stept::ssa_full_lhs
exprt ssa_full_lhs
Definition: ssa_step.h:144
SSA_stept::cond_expr
exprt cond_expr
Definition: ssa_step.h:149
PRECONDITION
#define PRECONDITION(CONDITION)
Definition: invariant.h:463
irept::id_string
const std::string & id_string() const
Definition: irep.h:399
goto_trace_stept::typet::ASSIGNMENT
@ ASSIGNMENT
validation_modet
validation_modet
Definition: validation_mode.h:12
dstringt::empty
bool empty() const
Definition: dstring.h:88
goto_trace_stept::typet::INPUT
@ INPUT
goto_trace_stept::typet::ATOMIC_END
@ ATOMIC_END
SSA_stept::hidden
bool hidden
Definition: ssa_step.h:137
goto_trace_stept::typet::SPAWN
@ SPAWN
goto_trace_stept::typet::MEMORY_BARRIER
@ MEMORY_BARRIER
goto_trace_stept::typet::SHARED_WRITE
@ SHARED_WRITE
format_expr.h
symex_targett::assignment_typet::PHI
@ PHI
goto_trace_stept::typet::GOTO
@ GOTO
SSA_stept::original_full_lhs
exprt original_full_lhs
Definition: ssa_step.h:144
symbolt
Symbol table entry.
Definition: symbol.h:27
SSA_stept::type
goto_trace_stept::typet type
Definition: ssa_step.h:50
SSA_stept::is_assignment
bool is_assignment() const
Definition: ssa_step.h:62
SSA_stept::ssa_rhs
exprt ssa_rhs
Definition: ssa_step.h:145
goto_trace_stept::typet::ATOMIC_BEGIN
@ ATOMIC_BEGIN
validate_full_expr
void validate_full_expr(const exprt &expr, const namespacet &ns, const validation_modet vm)
Check that the given expression is well-formed (full check, including checks of all subexpressions an...
Definition: validate_expressions.cpp:114
symex_targett::assignment_typet::GUARD
@ GUARD
goto_trace_stept::typet::SHARED_READ
@ SHARED_READ
symex_targett::sourcet
Identifies source in the context of symbolic execution.
Definition: symex_target.h:36
symex_targett::assignment_typet::HIDDEN
@ HIDDEN
goto_trace_stept::typet::FUNCTION_CALL
@ FUNCTION_CALL
SSA_stept::get_property_id
irep_idt get_property_id() const
Returns the property ID if this is a step resulting from an ASSERT, or builds a unique name for an un...
Definition: ssa_step.cpp:187
goto_trace_stept::typet::DEAD
@ DEAD
goto_trace_stept::typet::CONSTRAINT
@ CONSTRAINT
SSA_stept::is_assume
bool is_assume() const
Definition: ssa_step.h:57