CBMC
value_set_fi_fp_removal.cpp
Go to the documentation of this file.
1 /*******************************************************************\
2 
3 Module: value_set_fi_Fp_removal
4 
5 Author: Daniel Kroening, kroening@kroening.com
6 
7 \*******************************************************************/
8 
9 #include "value_set_fi_fp_removal.h"
10 
11 #include <util/message.h>
12 #include <util/namespace.h>
13 #include <util/pointer_expr.h>
14 
15 #include <goto-programs/goto_model.h>
16 #include <goto-programs/remove_function_pointers.h>
17 
18 #include <pointer-analysis/value_set_analysis_fi.h>
19 
20 void value_set_fi_fp_removal(
21  goto_modelt &goto_model,
22  message_handlert &message_handler)
23 {
24  messaget message(message_handler);
25  message.status() << "Doing FI value set analysis" << messaget::eom;
26 
27  const namespacet ns(goto_model.symbol_table);
28  value_set_analysis_fit value_sets(ns);
29  value_sets(goto_model.goto_functions);
30 
31  message.status() << "Instrumenting" << messaget::eom;
32 
33  // now replace aliases by addresses
34  for(auto &f : goto_model.goto_functions.function_map)
35  {
36  for(auto target = f.second.body.instructions.begin();
37  target != f.second.body.instructions.end();
38  target++)
39  {
40  if(target->is_function_call())
41  {
42  const auto &function = as_const(*target).call_function();
43  if(function.id() == ID_dereference)
44  {
45  message.status() << "CALL at " << target->source_location() << ":"
46  << messaget::eom;
47 
48  const auto &pointer = to_dereference_expr(function).pointer();
49  auto addresses = value_sets.get_values(f.first, target, pointer);
50 
51  std::unordered_set<symbol_exprt, irep_hash> functions;
52 
53  for(const auto &address : addresses)
54  {
55  // is this a plain function address?
56  // strip leading '&'
57  if(address.id() == ID_object_descriptor)
58  {
59  const auto &od = to_object_descriptor_expr(address);
60  const auto &object = od.object();
61  if(object.type().id() == ID_code && object.id() == ID_symbol)
62  functions.insert(to_symbol_expr(object));
63  }
64  }
65 
66  for(const auto &f : functions)
67  message.status()
68  << " function: " << f.get_identifier() << messaget::eom;
69 
70  if(functions.size() > 0)
71  {
72  remove_function_pointer(
73  message_handler,
74  goto_model.symbol_table,
75  f.second.body,
76  f.first,
77  target,
78  functions);
79  }
80  }
81  }
82  }
83  }
84  goto_model.goto_functions.update();
85 }
messaget
Class that provides messages with a built-in verbosity 'level'.
Definition: message.h:154
value_set_fi_fp_removal
void value_set_fi_fp_removal(goto_modelt &goto_model, message_handlert &message_handler)
Builds the flow-insensitive value set for all function pointers and replaces function pointers with a...
Definition: value_set_fi_fp_removal.cpp:20
to_dereference_expr
const dereference_exprt & to_dereference_expr(const exprt &expr)
Cast an exprt to a dereference_exprt.
Definition: pointer_expr.h:716
messaget::status
mstreamt & status() const
Definition: message.h:414
goto_model.h
goto_modelt
Definition: goto_model.h:25
messaget::eom
static eomt eom
Definition: message.h:297
goto_functionst::function_map
function_mapt function_map
Definition: goto_functions.h:29
namespace.h
value_set_analysis_fit
Definition: value_set_analysis_fi.h:20
to_object_descriptor_expr
const object_descriptor_exprt & to_object_descriptor_expr(const exprt &expr)
Cast an exprt to an object_descriptor_exprt.
Definition: pointer_expr.h:238
namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition: namespace.h:90
as_const
const T & as_const(T &value)
Return a reference to the same object but ensures the type is const.
Definition: as_const.h:14
messaget::mstreamt::source_location
source_locationt source_location
Definition: message.h:247
dereference_exprt::pointer
exprt & pointer()
Definition: pointer_expr.h:673
pointer_expr.h
value_set_fi_fp_removal.h
to_symbol_expr
const symbol_exprt & to_symbol_expr(const exprt &expr)
Cast an exprt to a symbol_exprt.
Definition: std_expr.h:222
message_handlert
Definition: message.h:27
value_set_analysis_fi.h
remove_function_pointer
void remove_function_pointer(message_handlert &message_handler, symbol_tablet &symbol_table, goto_programt &goto_program, const irep_idt &function_id, goto_programt::targett target, const std::unordered_set< symbol_exprt, irep_hash > &functions)
Replace a call to a dynamic function at location target in the given goto-program by a case-split ove...
Definition: remove_function_pointers.cpp:377
value_set_analysis_fit::get_values
std::vector< exprt > get_values(const irep_idt &function_id, locationt l, const exprt &expr) override
Definition: value_set_analysis_fi.cpp:197
goto_modelt::goto_functions
goto_functionst goto_functions
GOTO functions.
Definition: goto_model.h:33
goto_functionst::update
void update()
Definition: goto_functions.h:83
message.h
remove_function_pointers.h
goto_modelt::symbol_table
symbol_tablet symbol_table
Symbol table.
Definition: goto_model.h:30