cbmc/ai__domain_8h_source.html

 /*******************************************************************\


 Module: Abstract Interpretation


 Author: Daniel Kroening, kroening@kroening.com


 \*******************************************************************/


 #ifndef CPROVER_ANALYSES_AI_DOMAIN_H

 #define CPROVER_ANALYSES_AI_DOMAIN_H


 #include <util/json.h>

 #include <util/xml.h>


 #include "ai_history.h"


 // forward reference the abstract interpreter interface

 class ai_baset;


 class ai_domain_baset

 {

 protected:

   ai_domain_baset()

   {

   }


   ai_domain_baset(const ai_domain_baset &old)

   {

   }


 public:

   virtual ~ai_domain_baset()

   {

   }


   typedef goto_programt::const_targett locationt;

   typedef ai_history_baset::trace_ptrt trace_ptrt;


   virtual void transform(

     const irep_idt &function_from,

     trace_ptrt from,

     const irep_idt &function_to,

     trace_ptrt to,

     ai_baset &ai,

     const namespacet &ns) = 0;


   virtual void

   output(std::ostream &, const ai_baset &, const namespacet &) const

   {

   }


   virtual jsont output_json(const ai_baset &ai, const namespacet &ns) const;


   virtual xmlt output_xml(const ai_baset &ai, const namespacet &ns) const;


   virtual void make_bottom() = 0;


   virtual void make_top() = 0;


   virtual void make_entry()

   {

     make_top();

   }


   virtual bool is_bottom() const = 0;


   virtual bool is_top() const = 0;


   virtual bool ai_simplify(exprt &condition, const namespacet &) const

   {

     (void)condition; // unused parameter

     return true;

   }


   virtual bool ai_simplify_lhs(exprt &condition, const namespacet &ns) const;


   virtual exprt to_predicate(void) const

   {

     if(is_bottom())

       return false_exprt();

     else

       return true_exprt();

   }

 };


 // No virtual interface is complete without a factory!

 class ai_domain_factory_baset

 {

 public:

   typedef ai_domain_baset statet;

   typedef ai_domain_baset::locationt locationt;

   typedef ai_domain_baset::trace_ptrt trace_ptrt;


   virtual ~ai_domain_factory_baset()

   {

   }


   virtual std::unique_ptr<statet> make(locationt l) const = 0;

   virtual std::unique_ptr<statet> copy(const statet &s) const = 0;


   // Not domain construction but requires knowing the precise type of statet

   virtual bool

   merge(statet &dest, const statet &src, trace_ptrt from, trace_ptrt to)

     const = 0;

 };

 // Converting make to take a trace_ptr instead of a location would

 // require removing the backwards-compatible

 //  location_sensitive_storaget::get_state(locationt l)

 // function which is used by some of the older domains


 // It would be great to have a single (templated) default implementation.

 // However, a default constructor is not part of the ai_domain_baset interface

 // and there are some domains which don't have one.  So we need to separate the

 // methods.

 template <typename domainT>

 class ai_domain_factoryt : public ai_domain_factory_baset

 {

 public:

   typedef ai_domain_factory_baset::statet statet;

   typedef ai_domain_factory_baset::locationt locationt;

   typedef ai_domain_factory_baset::trace_ptrt trace_ptrt;


   std::unique_ptr<statet> copy(const statet &s) const override

   {

     return std::make_unique<domainT>(static_cast<const domainT &>(s));

   }


   bool merge(statet &dest, const statet &src, trace_ptrt from, trace_ptrt to)

     const override

   {

     // For backwards compatability, use the location version

     return static_cast<domainT &>(dest).merge(

       static_cast<const domainT &>(src), from, to);

   }

 };


 template <typename domainT>

 class ai_domain_factory_default_constructort

   : public ai_domain_factoryt<domainT>

 {

 public:

   typedef ai_domain_factory_baset::statet statet;

   typedef ai_domain_factory_baset::locationt locationt;

   typedef ai_domain_factory_baset::trace_ptrt trace_ptrt;


   std::unique_ptr<statet> make(locationt l) const override

   {

     auto d = std::make_unique<domainT>();

     CHECK_RETURN(d->is_bottom());

     return std::unique_ptr<statet>(d.release());

   }

 };


 template <typename domainT>

 class ai_domain_factory_location_constructort

   : public ai_domain_factoryt<domainT>

 {

 public:

   typedef ai_domain_factory_baset::statet statet;

   typedef ai_domain_factory_baset::locationt locationt;

   typedef ai_domain_factory_baset::trace_ptrt trace_ptrt;


   std::unique_ptr<statet> make(locationt l) const override

   {

     auto d = std::make_unique<domainT>(l);

     CHECK_RETURN(d->is_bottom());

     return std::unique_ptr<statet>(d.release());

   }

 };


 #endif

ai_history.h
Abstract Interpretation history.

ai_baset
This is the basic interface of the abstract interpreter with default implementations of the core func...
Definition: ai.h:117

ai_domain_baset
The interface offered by a domain, allows code to manipulate domains without knowing their exact type...
Definition: ai_domain.h:54

ai_domain_baset::is_bottom
virtual bool is_bottom() const =0

ai_domain_baset::transform
virtual void transform(const irep_idt &function_from, trace_ptrt from, const irep_idt &function_to, trace_ptrt to, ai_baset &ai, const namespacet &ns)=0
how function calls are treated: a) there is an edge from each call site to the function head b) there...

ai_domain_baset::make_bottom
virtual void make_bottom()=0
no states

ai_domain_baset::ai_domain_baset
ai_domain_baset()
The constructor is expected to produce 'false' or 'bottom' A default constructor is not part of the d...
Definition: ai_domain.h:58

ai_domain_baset::make_entry
virtual void make_entry()
Make this domain a reasonable entry-point state For most domains top is sufficient.
Definition: ai_domain.h:121

ai_domain_baset::output_xml
virtual xmlt output_xml(const ai_baset &ai, const namespacet &ns) const
Definition: ai_domain.cpp:26

ai_domain_baset::to_predicate
virtual exprt to_predicate(void) const
Gives a Boolean condition that is true for all values represented by the domain.
Definition: ai_domain.h:160

ai_domain_baset::trace_ptrt
ai_history_baset::trace_ptrt trace_ptrt
Definition: ai_domain.h:73

ai_domain_baset::output_json
virtual jsont output_json(const ai_baset &ai, const namespacet &ns) const
Definition: ai_domain.cpp:17

ai_domain_baset::make_top
virtual void make_top()=0
all states – the analysis doesn't use this directly (see make_entry) and domains may refuse to implem...

ai_domain_baset::locationt
goto_programt::const_targett locationt
Definition: ai_domain.h:72

ai_domain_baset::ai_simplify_lhs
virtual bool ai_simplify_lhs(exprt &condition, const namespacet &ns) const
Simplifies the expression but keeps it as an l-value.
Definition: ai_domain.cpp:43

ai_domain_baset::output
virtual void output(std::ostream &, const ai_baset &, const namespacet &) const
Definition: ai_domain.h:104

ai_domain_baset::is_top
virtual bool is_top() const =0

ai_domain_baset::ai_simplify
virtual bool ai_simplify(exprt &condition, const namespacet &) const
also add
Definition: ai_domain.h:149

ai_domain_baset::~ai_domain_baset
virtual ~ai_domain_baset()
Definition: ai_domain.h:68

ai_domain_baset::ai_domain_baset
ai_domain_baset(const ai_domain_baset &old)
A copy constructor is part of the domain interface.
Definition: ai_domain.h:63

ai_domain_factory_baset
Definition: ai_domain.h:171

ai_domain_factory_baset::make
virtual std::unique_ptr< statet > make(locationt l) const =0

ai_domain_factory_baset::trace_ptrt
ai_domain_baset::trace_ptrt trace_ptrt
Definition: ai_domain.h:175

ai_domain_factory_baset::~ai_domain_factory_baset
virtual ~ai_domain_factory_baset()
Definition: ai_domain.h:177

ai_domain_factory_baset::locationt
ai_domain_baset::locationt locationt
Definition: ai_domain.h:174

ai_domain_factory_baset::copy
virtual std::unique_ptr< statet > copy(const statet &s) const =0

ai_domain_factory_baset::statet
ai_domain_baset statet
Definition: ai_domain.h:173

ai_domain_factory_baset::merge
virtual bool merge(statet &dest, const statet &src, trace_ptrt from, trace_ptrt to) const =0

ai_domain_factory_default_constructort
Definition: ai_domain.h:223

ai_domain_factory_default_constructort::trace_ptrt
ai_domain_factory_baset::trace_ptrt trace_ptrt
Definition: ai_domain.h:227

ai_domain_factory_default_constructort::make
std::unique_ptr< statet > make(locationt l) const override
Definition: ai_domain.h:229

ai_domain_factory_default_constructort::locationt
ai_domain_factory_baset::locationt locationt
Definition: ai_domain.h:226

ai_domain_factory_default_constructort::statet
ai_domain_factory_baset::statet statet
Definition: ai_domain.h:225

ai_domain_factory_location_constructort
Definition: ai_domain.h:240

ai_domain_factory_location_constructort::locationt
ai_domain_factory_baset::locationt locationt
Definition: ai_domain.h:243

ai_domain_factory_location_constructort::make
std::unique_ptr< statet > make(locationt l) const override
Definition: ai_domain.h:246

ai_domain_factory_location_constructort::trace_ptrt
ai_domain_factory_baset::trace_ptrt trace_ptrt
Definition: ai_domain.h:244

ai_domain_factory_location_constructort::statet
ai_domain_factory_baset::statet statet
Definition: ai_domain.h:242

ai_domain_factoryt
Definition: ai_domain.h:200

ai_domain_factoryt::statet
ai_domain_factory_baset::statet statet
Definition: ai_domain.h:202

ai_domain_factoryt::locationt
ai_domain_factory_baset::locationt locationt
Definition: ai_domain.h:203

ai_domain_factoryt::copy
std::unique_ptr< statet > copy(const statet &s) const override
Definition: ai_domain.h:206

ai_domain_factoryt::trace_ptrt
ai_domain_factory_baset::trace_ptrt trace_ptrt
Definition: ai_domain.h:204

ai_domain_factoryt::merge
bool merge(statet &dest, const statet &src, trace_ptrt from, trace_ptrt to) const override
Definition: ai_domain.h:211

ai_history_baset::trace_ptrt
std::shared_ptr< const ai_history_baset > trace_ptrt
History objects are intended to be immutable so they can be shared to reduce memory overhead.
Definition: ai_history.h:43

dstringt
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Definition: dstring.h:38

exprt
Base class for all expressions.
Definition: expr.h:56

false_exprt
The Boolean constant false.
Definition: std_expr.h:3077

goto_programt::const_targett
instructionst::const_iterator const_targett
Definition: goto_program.h:615

jsont
Definition: json.h:27

namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition: namespace.h:94

true_exprt
The Boolean constant true.
Definition: std_expr.h:3068

xmlt
Definition: xml.h:21

json.h

CHECK_RETURN
#define CHECK_RETURN(CONDITION)
Definition: invariant.h:495

xml.h