CBMC
All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Modules Pages
ai.h
Go to the documentation of this file.
1/*******************************************************************\
2
3Module: Abstract Interpretation
4
5Author: Daniel Kroening, kroening@kroening.com
6
7\*******************************************************************/
8
44
45#ifndef CPROVER_ANALYSES_AI_H
46#define CPROVER_ANALYSES_AI_H
47
48#include <iosfwd>
49#include <memory>
50
51#include <util/deprecate.h>
52#include <util/json.h>
53#include <util/message.h>
54#include <util/xml.h>
55
56#include <goto-programs/goto_model.h>
57
58#include "ai_domain.h"
59#include "ai_history.h"
60#include "ai_storage.h"
61#include "is_threaded.h"
62
115
116class ai_baset
117{
118public:
119 typedef ai_domain_baset statet;
120 typedef ai_storage_baset::cstate_ptrt cstate_ptrt;
121 typedef ai_history_baset::trace_ptrt trace_ptrt;
122 typedef ai_history_baset::trace_sett trace_sett;
123 typedef ai_storage_baset::ctrace_set_ptrt ctrace_set_ptrt;
124 typedef goto_programt::const_targett locationt;
125
126 ai_baset(
127 std::unique_ptr<ai_history_factory_baset> &&hf,
128 std::unique_ptr<ai_domain_factory_baset> &&df,
129 std::unique_ptr<ai_storage_baset> &&st,
130 message_handlert &mh)
131 : history_factory(std::move(hf)),
132 domain_factory(std::move(df)),
133 storage(std::move(st)),
134 message_handler(mh)
135 {
136 }
137
138 virtual ~ai_baset()
139 {
140 }
141
143 void operator()(
144 const irep_idt &function_id,
145 const goto_programt &goto_program,
146 const namespacet &ns)
147 {
148 goto_functionst goto_functions;
149 initialize(function_id, goto_program);
150 trace_ptrt p = entry_state(goto_program);
151 fixedpoint(p, function_id, goto_program, goto_functions, ns);
152 finalize();
153 }
154
156 void operator()(
157 const goto_functionst &goto_functions,
158 const namespacet &ns)
159 {
160 initialize(goto_functions);
161 trace_ptrt p = entry_state(goto_functions);
162 fixedpoint(p, goto_functions, ns);
163 finalize();
164 }
165
167 void operator()(const abstract_goto_modelt &goto_model)
168 {
169 const namespacet ns(goto_model.get_symbol_table());
170 initialize(goto_model.get_goto_functions());
171 trace_ptrt p = entry_state(goto_model.get_goto_functions());
172 fixedpoint(p, goto_model.get_goto_functions(), ns);
173 finalize();
174 }
175
177 void operator()(
178 const irep_idt &function_id,
179 const goto_functionst::goto_functiont &goto_function,
180 const namespacet &ns)
181 {
182 goto_functionst goto_functions;
183 initialize(function_id, goto_function);
184 trace_ptrt p = entry_state(goto_function.body);
185 fixedpoint(p, function_id, goto_function.body, goto_functions, ns);
186 finalize();
187 }
188
198
204 virtual ctrace_set_ptrt abstract_traces_after(locationt l) const
205 {
208 INVARIANT(!l->is_end_function(), "No state after the last instruction");
209 return storage->abstract_traces_before(std::next(l));
210 }
211
225
234 virtual cstate_ptrt abstract_state_after(locationt l) const
235 {
238 INVARIANT(!l->is_end_function(), "No state after the last instruction");
239 return abstract_state_before(std::next(l));
240 }
241
243 virtual cstate_ptrt abstract_state_before(const trace_ptrt &p) const
244 {
245 return storage->abstract_state_before(p, *domain_factory);
246 }
247
248 virtual cstate_ptrt abstract_state_after(const trace_ptrt &p) const
249 {
250 locationt l = p->current_location();
251 INVARIANT(!l->is_end_function(), "No state after the last instruction");
252
253 locationt n = std::next(l);
254
255 auto step_return = p->step(
256 n,
257 *(storage->abstract_traces_before(n)),
258 ai_history_baset::no_caller_history);
259 // Caller history not needed as this is a local step
260
261 return storage->abstract_state_before(step_return.second, *domain_factory);
262 }
263
265 virtual void clear()
266 {
267 storage->clear();
268 }
269
276 virtual void output(
277 const namespacet &ns,
278 const irep_idt &function_id,
279 const goto_programt &goto_program,
280 std::ostream &out) const;
281
288 virtual jsont output_json(
289 const namespacet &ns,
290 const irep_idt &function_id,
291 const goto_programt &goto_program) const;
292
299 virtual xmlt output_xml(
300 const namespacet &ns,
301 const irep_idt &function_id,
302 const goto_programt &goto_program) const;
303
305 virtual void output(
306 const namespacet &ns,
307 const goto_functionst &goto_functions,
308 std::ostream &out) const;
309
311 void output(
312 const goto_modelt &goto_model,
313 std::ostream &out) const
314 {
315 const namespacet ns(goto_model.symbol_table);
316 output(ns, goto_model.goto_functions, out);
317 }
318
320 void output(
321 const namespacet &ns,
322 const goto_functionst::goto_functiont &goto_function,
323 std::ostream &out) const
324 {
325 output(ns, irep_idt(), goto_function.body, out);
326 }
327
329 virtual jsont output_json(
330 const namespacet &ns,
331 const goto_functionst &goto_functions) const;
332
334 jsont output_json(
335 const goto_modelt &goto_model) const
336 {
337 const namespacet ns(goto_model.symbol_table);
338 return output_json(ns, goto_model.goto_functions);
339 }
340
342 jsont output_json(
343 const namespacet &ns,
344 const goto_programt &goto_program) const
345 {
346 return output_json(ns, irep_idt(), goto_program);
347 }
348
350 jsont output_json(
351 const namespacet &ns,
352 const goto_functionst::goto_functiont &goto_function) const
353 {
354 return output_json(ns, irep_idt(), goto_function.body);
355 }
356
358 virtual xmlt output_xml(
359 const namespacet &ns,
360 const goto_functionst &goto_functions) const;
361
363 xmlt output_xml(
364 const goto_modelt &goto_model) const
365 {
366 const namespacet ns(goto_model.symbol_table);
367 return output_xml(ns, goto_model.goto_functions);
368 }
369
371 xmlt output_xml(
372 const namespacet &ns,
373 const goto_programt &goto_program) const
374 {
375 return output_xml(ns, irep_idt(), goto_program);
376 }
377
379 xmlt output_xml(
380 const namespacet &ns,
381 const goto_functionst::goto_functiont &goto_function) const
382 {
383 return output_xml(ns, irep_idt(), goto_function.body);
384 }
385
386protected:
389 virtual void
390 initialize(const irep_idt &function_id, const goto_programt &goto_program);
391
393 virtual void initialize(
394 const irep_idt &function_id,
395 const goto_functionst::goto_functiont &goto_function);
396
399 virtual void initialize(const goto_functionst &goto_functions);
400
403 virtual void finalize();
404
407 trace_ptrt entry_state(const goto_programt &goto_program);
408
411 trace_ptrt entry_state(const goto_functionst &goto_functions);
412
414 typedef trace_sett working_sett;
415
417 trace_ptrt get_next(working_sett &working_set);
418
423
426 virtual bool fixedpoint(
427 trace_ptrt starting_trace,
428 const irep_idt &function_id,
429 const goto_programt &goto_program,
430 const goto_functionst &goto_functions,
431 const namespacet &ns);
432
433 virtual void fixedpoint(
434 trace_ptrt starting_trace,
435 const goto_functionst &goto_functions,
436 const namespacet &ns);
437
442 virtual bool visit(
443 const irep_idt &function_id,
444 trace_ptrt p,
445 working_sett &working_set,
446 const goto_programt &goto_program,
447 const goto_functionst &goto_functions,
448 const namespacet &ns);
449
450 // function calls and return are special cases
451 // different kinds of analysis handle these differently so these are virtual
452 // visit_function_call handles which function(s) to call,
453 // while visit_edge_function_call handles a single call
454 virtual bool visit_function_call(
455 const irep_idt &function_id,
456 trace_ptrt p_call,
457 working_sett &working_set,
458 const goto_programt &goto_program,
459 const goto_functionst &goto_functions,
460 const namespacet &ns);
461
462 virtual bool visit_end_function(
463 const irep_idt &function_id,
464 trace_ptrt p,
465 working_sett &working_set,
466 const goto_programt &goto_program,
467 const goto_functionst &goto_functions,
468 const namespacet &ns);
469
470 // The most basic step, computing one edge / transformer application.
471 bool visit_edge(
472 const irep_idt &function_id,
473 trace_ptrt p,
474 const irep_idt &to_function_id,
475 locationt to_l,
476 trace_ptrt caller_history,
477 const namespacet &ns,
478 working_sett &working_set);
479
480 virtual bool visit_edge_function_call(
481 const irep_idt &calling_function_id,
482 trace_ptrt p_call,
483 locationt l_return,
484 const irep_idt &callee_function_id,
485 working_sett &working_set,
486 const goto_programt &callee,
487 const goto_functionst &goto_functions,
488 const namespacet &ns);
489
491 std::unique_ptr<ai_history_factory_baset> history_factory;
492
494 std::unique_ptr<ai_domain_factory_baset> domain_factory;
495
498 virtual bool merge(const statet &src, trace_ptrt from, trace_ptrt to)
499 {
500 statet &dest = get_state(to);
501 return domain_factory->merge(dest, src, from, to);
502 }
503
505 virtual std::unique_ptr<statet> make_temporary_state(const statet &s)
506 {
507 return domain_factory->copy(s);
508 }
509
510 // Domain and history storage
511 std::unique_ptr<ai_storage_baset> storage;
512
515 virtual statet &get_state(trace_ptrt p)
516 {
517 return storage->get_state(p, *domain_factory);
518 }
519
520 // Logging
521 message_handlert &message_handler;
522};
523
524// Perform interprocedural analysis by simply recursing in the interpreter
525// This can lead to a call stack overflow if the domain has a large height
526class ai_recursive_interproceduralt : public ai_baset
527{
528public:
529 ai_recursive_interproceduralt(
530 std::unique_ptr<ai_history_factory_baset> &&hf,
531 std::unique_ptr<ai_domain_factory_baset> &&df,
532 std::unique_ptr<ai_storage_baset> &&st,
533 message_handlert &mh)
534 : ai_baset(std::move(hf), std::move(df), std::move(st), mh)
535 {
536 }
537
538protected:
539 // Override the function that handles a single function call edge
540 bool visit_edge_function_call(
541 const irep_idt &calling_function_id,
542 trace_ptrt p_call,
543 locationt l_return,
544 const irep_idt &callee_function_id,
545 working_sett &working_set,
546 const goto_programt &callee,
547 const goto_functionst &goto_functions,
548 const namespacet &ns) override;
549};
550
560template <typename domainT>
561class ait : public ai_recursive_interproceduralt
562{
563public:
564 // constructor
574
575 explicit ait(std::unique_ptr<ai_domain_factory_baset> &&df)
576 : ai_recursive_interproceduralt(
577 std::make_unique<
578 ai_history_factory_default_constructort<ahistoricalt>>(),
579 std::move(df),
580 std::make_unique<location_sensitive_storaget>(),
581 no_logging)
582 {
583 }
584
585 typedef goto_programt::const_targett locationt;
586
588 // The older interface for non-modifying access
589 // Not recommended as it will throw an exception if a location has not
590 // been reached in an analysis and there is no (other) way of telling
591 // if a location has been reached.
592 DEPRECATED(SINCE(2019, 08, 01, "use abstract_state_{before,after} instead"))
593 const domainT &operator[](locationt l) const
594 {
595 auto p = storage->abstract_state_before(l, *domain_factory);
596
597 if(p.use_count() == 1)
598 {
599 // Would be unsafe to return the dereferenced object
600 throw std::out_of_range("failed to find state");
601 }
602
603 return static_cast<const domainT &>(*p);
604 }
605
606protected:
607 // Support the legacy get_state interface which is needed for a few domains
608 // This is one of the few users of the legacy get_state(locationt) method
609 // in location_sensitive_storaget.
610 DEPRECATED(SINCE(2019, 08, 01, "use get_state(trace_ptrt p) instead"))
611 virtual statet &get_state(locationt l)
612 {
613 auto &s = dynamic_cast<location_sensitive_storaget &>(*storage);
614 return s.get_state(l, *domain_factory);
615 }
616
617 using ai_baset::get_state;
618
619private:
622 void dummy(const domainT &s) { const statet &x=s; (void)x; }
623
624 // To keep the old constructor interface we disable logging
625 null_message_handlert no_logging;
626};
627
649template<typename domainT>
650class concurrency_aware_ait:public ait<domainT>
651{
652public:
653 using statet = typename ait<domainT>::statet;
654 using locationt = typename statet::locationt;
655
656 // constructor
660 explicit concurrency_aware_ait(std::unique_ptr<ai_domain_factory_baset> &&df)
661 : ait<domainT>(std::move(df))
662 {
663 }
664
665 virtual bool merge_shared(
666 const statet &src,
667 locationt from,
668 locationt to,
669 const namespacet &ns)
670 {
671 statet &dest=this->get_state(to);
672 return static_cast<domainT &>(dest).merge_shared(
673 static_cast<const domainT &>(src), from, to, ns);
674 }
675
676protected:
677 using working_sett = ai_baset::working_sett;
678
679 void fixedpoint(
680 ai_baset::trace_ptrt start_trace,
681 const goto_functionst &goto_functions,
682 const namespacet &ns) override
683 {
684 ai_baset::fixedpoint(start_trace, goto_functions, ns);
685
686 is_threadedt is_threaded(goto_functions);
687
688 // construct an initial shared state collecting the results of all
689 // functions
690 goto_programt tmp;
691 tmp.add_instruction();
692 goto_programt::const_targett sh_target = tmp.instructions.begin();
693 ai_baset::trace_ptrt target_hist =
694 ai_baset::history_factory->epoch(sh_target);
695 statet &shared_state = ait<domainT>::get_state(sh_target);
696
697 struct wl_entryt
698 {
699 wl_entryt(
700 const irep_idt &_function_id,
701 const goto_programt &_goto_program,
702 locationt _location)
703 : function_id(_function_id),
704 goto_program(&_goto_program),
705 location(_location)
706 {
707 }
708
709 irep_idt function_id;
710 const goto_programt *goto_program;
711 locationt location;
712 };
713
714 typedef std::list<wl_entryt> thread_wlt;
715 thread_wlt thread_wl;
716
717 for(const auto &gf_entry : goto_functions.function_map)
718 {
719 forall_goto_program_instructions(t_it, gf_entry.second.body)
720 {
721 if(is_threaded(t_it))
722 {
723 thread_wl.push_back(
724 wl_entryt(gf_entry.first, gf_entry.second.body, t_it));
725
726 goto_programt::const_targett l_end =
727 gf_entry.second.body.instructions.end();
728 --l_end;
729
730 merge_shared(shared_state, l_end, sh_target, ns);
731 }
732 }
733 }
734
735 // now feed in the shared state into all concurrently executing
736 // functions, and iterate until the shared state stabilizes
737 bool new_shared = true;
738 while(new_shared)
739 {
740 new_shared = false;
741
742 for(const auto &wl_entry : thread_wl)
743 {
744 working_sett working_set;
745 ai_baset::trace_ptrt t(
746 ai_baset::history_factory->epoch(wl_entry.location));
747 ai_baset::put_in_working_set(working_set, t);
748
749 statet &begin_state = ait<domainT>::get_state(wl_entry.location);
750 ait<domainT>::merge(begin_state, target_hist, t);
751
752 while(!working_set.empty())
753 {
754 ai_baset::trace_ptrt p = ai_baset::get_next(working_set);
755 goto_programt::const_targett l = p->current_location();
756
757 ai_baset::visit(
758 wl_entry.function_id,
759 p,
760 working_set,
761 *(wl_entry.goto_program),
762 goto_functions,
763 ns);
764
765 // the underlying domain must make sure that the final state
766 // carries all possible values; otherwise we would need to
767 // merge over each and every state
768 if(l->is_end_function())
769 new_shared |= merge_shared(shared_state, l, sh_target, ns);
770 }
771 }
772 }
773 }
774};
775
776#endif // CPROVER_ANALYSES_AI_H
ai_domain.h
Abstract Interpretation Domain.
ai_history.h
Abstract Interpretation history.
ai_storage.h
Abstract Interpretation Storage.
abstract_goto_modelt
Abstract interface to eager or lazy GOTO models.
Definition abstract_goto_model.h:22
abstract_goto_modelt::get_symbol_table
virtual const symbol_tablet & get_symbol_table() const =0
Accessor to get the symbol table.
abstract_goto_modelt::get_goto_functions
virtual const goto_functionst & get_goto_functions() const =0
Accessor to get a raw goto_functionst.
ahistoricalt
The common case of history is to only care about where you are now, not how you got there!...
Definition ai_history.h:155
ai_baset
This is the basic interface of the abstract interpreter with default implementations of the core func...
Definition ai.h:117
ai_baset::~ai_baset
virtual ~ai_baset()
Definition ai.h:138
ai_baset::abstract_state_after
virtual cstate_ptrt abstract_state_after(const trace_ptrt &p) const
Definition ai.h:248
ai_baset::output_xml
xmlt output_xml(const namespacet &ns, const goto_functionst::goto_functiont &goto_function) const
Output the abstract states for a single function as XML.
Definition ai.h:379
ai_baset::locationt
goto_programt::const_targett locationt
Definition ai.h:124
ai_baset::ai_baset
ai_baset(std::unique_ptr< ai_history_factory_baset > &&hf, std::unique_ptr< ai_domain_factory_baset > &&df, std::unique_ptr< ai_storage_baset > &&st, message_handlert &mh)
Definition ai.h:126
ai_baset::operator()
void operator()(const goto_functionst &goto_functions, const namespacet &ns)
Run abstract interpretation on a whole program.
Definition ai.h:156
ai_baset::abstract_traces_after
virtual ctrace_set_ptrt abstract_traces_after(locationt l) const
Returns all of the histories that have reached the end of the instruction.
Definition ai.h:204
ai_baset::visit
virtual bool visit(const irep_idt &function_id, trace_ptrt p, working_sett &working_set, const goto_programt &goto_program, const goto_functionst &goto_functions, const namespacet &ns)
Perform one step of abstract interpretation from trace t Depending on the instruction type it may com...
Definition ai.cpp:267
ai_baset::storage
std::unique_ptr< ai_storage_baset > storage
Definition ai.h:511
ai_baset::get_state
virtual statet & get_state(trace_ptrt p)
Get the state for the given history, creating it with the factory if it doesn't exist.
Definition ai.h:515
ai_baset::trace_sett
ai_history_baset::trace_sett trace_sett
Definition ai.h:122
ai_baset::output_json
jsont output_json(const namespacet &ns, const goto_programt &goto_program) const
Output the abstract states for a single function as JSON.
Definition ai.h:342
ai_baset::operator()
void operator()(const irep_idt &function_id, const goto_programt &goto_program, const namespacet &ns)
Run abstract interpretation on a single function.
Definition ai.h:143
ai_baset::abstract_traces_before
virtual ctrace_set_ptrt abstract_traces_before(locationt l) const
Returns all of the histories that have reached the start of the instruction.
Definition ai.h:194
ai_baset::abstract_state_after
virtual cstate_ptrt abstract_state_after(locationt l) const
Get a copy of the abstract state after the given instruction, without needing to know what kind of do...
Definition ai.h:234
ai_baset::visit_edge
bool visit_edge(const irep_idt &function_id, trace_ptrt p, const irep_idt &to_function_id, locationt to_l, trace_ptrt caller_history, const namespacet &ns, working_sett &working_set)
Definition ai.cpp:328
ai_baset::output
virtual void output(const namespacet &ns, const irep_idt &function_id, const goto_programt &goto_program, std::ostream &out) const
Output the abstract states for a single function.
Definition ai.cpp:39
ai_baset::output_xml
xmlt output_xml(const namespacet &ns, const goto_programt &goto_program) const
Output the abstract states for a single function as XML.
Definition ai.h:371
ai_baset::output_json
jsont output_json(const goto_modelt &goto_model) const
Output the abstract states for a whole program as JSON.
Definition ai.h:334
ai_baset::message_handler
message_handlert & message_handler
Definition ai.h:521
ai_baset::visit_end_function
virtual bool visit_end_function(const irep_idt &function_id, trace_ptrt p, working_sett &working_set, const goto_programt &goto_program, const goto_functionst &goto_functions, const namespacet &ns)
Definition ai.cpp:520
ai_baset::abstract_state_before
virtual cstate_ptrt abstract_state_before(const trace_ptrt &p) const
The same interfaces but with histories.
Definition ai.h:243
ai_baset::visit_function_call
virtual bool visit_function_call(const irep_idt &function_id, trace_ptrt p_call, working_sett &working_set, const goto_programt &goto_program, const goto_functionst &goto_functions, const namespacet &ns)
Definition ai.cpp:441
ai_baset::entry_state
trace_ptrt entry_state(const goto_programt &goto_program)
Set the abstract state of the entry location of a single function to the entry state required by the ...
Definition ai.cpp:179
ai_baset::operator()
void operator()(const abstract_goto_modelt &goto_model)
Run abstract interpretation on a whole program.
Definition ai.h:167
ai_baset::visit_edge_function_call
virtual bool visit_edge_function_call(const irep_idt &calling_function_id, trace_ptrt p_call, locationt l_return, const irep_idt &callee_function_id, working_sett &working_set, const goto_programt &callee, const goto_functionst &goto_functions, const namespacet &ns)
Definition ai.cpp:413
ai_baset::output
void output(const goto_modelt &goto_model, std::ostream &out) const
Output the abstract states for a whole program.
Definition ai.h:311
ai_baset::clear
virtual void clear()
Reset the abstract state.
Definition ai.h:265
ai_baset::domain_factory
std::unique_ptr< ai_domain_factory_baset > domain_factory
For creating domain objects.
Definition ai.h:494
ai_baset::statet
ai_domain_baset statet
Definition ai.h:119
ai_baset::ctrace_set_ptrt
ai_storage_baset::ctrace_set_ptrt ctrace_set_ptrt
Definition ai.h:123
ai_baset::initialize
virtual void initialize(const irep_idt &function_id, const goto_programt &goto_program)
Initialize all the abstract states for a single function.
Definition ai.cpp:194
ai_baset::output_xml
xmlt output_xml(const goto_modelt &goto_model) const
Output the abstract states for the whole program as XML.
Definition ai.h:363
ai_baset::output_json
jsont output_json(const namespacet &ns, const goto_functionst::goto_functiont &goto_function) const
Output the abstract states for a single function as JSON.
Definition ai.h:350
ai_baset::fixedpoint
virtual bool fixedpoint(trace_ptrt starting_trace, const irep_idt &function_id, const goto_programt &goto_program, const goto_functionst &goto_functions, const namespacet &ns)
Run the fixedpoint algorithm until it reaches a fixed point.
Definition ai.cpp:229
ai_baset::make_temporary_state
virtual std::unique_ptr< statet > make_temporary_state(const statet &s)
Make a copy of a state.
Definition ai.h:505
ai_baset::trace_ptrt
ai_history_baset::trace_ptrt trace_ptrt
Definition ai.h:121
ai_baset::put_in_working_set
void put_in_working_set(working_sett &working_set, trace_ptrt t)
Definition ai.h:419
ai_baset::get_next
trace_ptrt get_next(working_sett &working_set)
Get the next location from the work queue.
Definition ai.cpp:211
ai_baset::working_sett
trace_sett working_sett
The work queue, sorted using the history's ordering operator.
Definition ai.h:414
ai_baset::merge
virtual bool merge(const statet &src, trace_ptrt from, trace_ptrt to)
Merge the state src, flowing from tracet from to tracet to, into the state currently stored for trace...
Definition ai.h:498
ai_baset::abstract_state_before
virtual cstate_ptrt abstract_state_before(locationt l) const
Get a copy of the abstract state before the given instruction, without needing to know what kind of d...
Definition ai.h:221
ai_baset::output_xml
virtual xmlt output_xml(const namespacet &ns, const irep_idt &function_id, const goto_programt &goto_program) const
Output the abstract states for a single function as XML.
Definition ai.cpp:136
ai_baset::operator()
void operator()(const irep_idt &function_id, const goto_functionst::goto_functiont &goto_function, const namespacet &ns)
Run abstract interpretation on a single function.
Definition ai.h:177
ai_baset::output
void output(const namespacet &ns, const goto_functionst::goto_functiont &goto_function, std::ostream &out) const
Output the abstract states for a function.
Definition ai.h:320
ai_baset::output_json
virtual jsont output_json(const namespacet &ns, const irep_idt &function_id, const goto_programt &goto_program) const
Output the abstract states for a single function as JSON.
Definition ai.cpp:83
ai_baset::history_factory
std::unique_ptr< ai_history_factory_baset > history_factory
For creating history objects.
Definition ai.h:491
ai_baset::finalize
virtual void finalize()
Override this to add a cleanup or post-processing step after fixedpoint has run.
Definition ai.cpp:206
ai_baset::cstate_ptrt
ai_storage_baset::cstate_ptrt cstate_ptrt
Definition ai.h:120
ai_domain_baset
The interface offered by a domain, allows code to manipulate domains without knowing their exact type...
Definition ai_domain.h:54
ai_domain_baset::locationt
goto_programt::const_targett locationt
Definition ai_domain.h:72
ai_domain_factory_default_constructort
Definition ai_domain.h:223
ai_history_baset::trace_ptrt
std::shared_ptr< const ai_history_baset > trace_ptrt
History objects are intended to be immutable so they can be shared to reduce memory overhead.
Definition ai_history.h:43
ai_history_baset::no_caller_history
static const trace_ptrt no_caller_history
Definition ai_history.h:121
ai_history_baset::trace_sett
std::set< trace_ptrt, compare_historyt > trace_sett
Definition ai_history.h:79
ai_history_factory_default_constructort
An easy factory implementation for histories that don't need parameters.
Definition ai_history.h:255
ai_recursive_interproceduralt
Definition ai.h:527
ai_recursive_interproceduralt::ai_recursive_interproceduralt
ai_recursive_interproceduralt(std::unique_ptr< ai_history_factory_baset > &&hf, std::unique_ptr< ai_domain_factory_baset > &&df, std::unique_ptr< ai_storage_baset > &&st, message_handlert &mh)
Definition ai.h:529
ai_recursive_interproceduralt::visit_edge_function_call
bool visit_edge_function_call(const irep_idt &calling_function_id, trace_ptrt p_call, locationt l_return, const irep_idt &callee_function_id, working_sett &working_set, const goto_programt &callee, const goto_functionst &goto_functions, const namespacet &ns) override
Definition ai.cpp:539
ai_storage_baset::ctrace_set_ptrt
std::shared_ptr< const trace_sett > ctrace_set_ptrt
Definition ai_storage.h:54
ai_storage_baset::cstate_ptrt
std::shared_ptr< const statet > cstate_ptrt
Definition ai_storage.h:49
ait
ait supplies three of the four components needed: an abstract interpreter (in this case handling func...
Definition ai.h:562
ait::ait
ait(std::unique_ptr< ai_domain_factory_baset > &&df)
Definition ai.h:575
ait::locationt
goto_programt::const_targett locationt
Definition ai.h:585
ait::no_logging
null_message_handlert no_logging
Definition ai.h:625
ait::dummy
void dummy(const domainT &s)
This function exists to enforce that domainT is derived from ai_domain_baset.
Definition ai.h:622
ait::get_state
virtual statet & get_state(locationt l)
Definition ai.h:611
ait::ait
ait()
Definition ai.h:565
concurrency_aware_ait
Base class for concurrency-aware abstract interpretation.
Definition ai.h:651
concurrency_aware_ait::working_sett
ai_baset::working_sett working_sett
Definition ai.h:677
concurrency_aware_ait::concurrency_aware_ait
concurrency_aware_ait(std::unique_ptr< ai_domain_factory_baset > &&df)
Definition ai.h:660
concurrency_aware_ait::merge_shared
virtual bool merge_shared(const statet &src, locationt from, locationt to, const namespacet &ns)
Definition ai.h:665
concurrency_aware_ait::concurrency_aware_ait
concurrency_aware_ait()
Definition ai.h:657
concurrency_aware_ait::fixedpoint
void fixedpoint(ai_baset::trace_ptrt start_trace, const goto_functionst &goto_functions, const namespacet &ns) override
Definition ai.h:679
concurrency_aware_ait::locationt
typename statet::locationt locationt
Definition ai.h:654
dstringt
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Definition dstring.h:38
goto_functionst
A collection of goto functions.
Definition goto_functions.h:25
goto_functionst::function_map
function_mapt function_map
Definition goto_functions.h:29
goto_functionst::goto_functiont
::goto_functiont goto_functiont
Definition goto_functions.h:27
goto_modelt
Definition goto_model.h:27
goto_modelt::symbol_table
symbol_tablet symbol_table
Symbol table.
Definition goto_model.h:31
goto_modelt::goto_functions
goto_functionst goto_functions
GOTO functions.
Definition goto_model.h:34
goto_programt
A generic container class for the GOTO intermediate representation of one function.
Definition goto_program.h:72
goto_programt::const_targett
instructionst::const_iterator const_targett
Definition goto_program.h:614
is_threadedt
Definition is_threaded.h:22
jsont
Definition json.h:27
location_sensitive_storaget
The most conventional storage; one domain per location.
Definition ai_storage.h:154
location_sensitive_storaget::get_state
statet & get_state(trace_ptrt p, const ai_domain_factory_baset &fac) override
Look up the analysis state for a given history, instantiating a new domain if required.
Definition ai_storage.h:193
message_handlert
Definition message.h:27
namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition namespace.h:91
null_message_handlert
Definition message.h:76
xmlt
Definition xml.h:21
SINCE
#define SINCE(year, month, day, msg)
Definition deprecate.h:26
DEPRECATED
#define DEPRECATED(msg)
Definition deprecate.h:23
goto_model.h
Symbol Table + CFG.
forall_goto_program_instructions
#define forall_goto_program_instructions(it, program)
Definition goto_program.h:1228
is_threaded.h
Over-approximate Concurrency for Threaded Goto Programs.
std
STL namespace.
INVARIANT
#define INVARIANT(CONDITION, REASON)
This macro uses the wrapper function 'invariant_violated_string'.
Definition invariant.h:423
irep_idt
dstringt irep_idt
Definition verification_result.h:16