cbmc/ai__domain_8h_source.html

/*******************************************************************\


Module: Abstract Interpretation


Author: Daniel Kroening, kroening@kroening.com


\*******************************************************************/


#ifndef CPROVER_ANALYSES_AI_DOMAIN_H

#define CPROVER_ANALYSES_AI_DOMAIN_H


#include <util/json.h>

#include <util/xml.h>


#include "ai_history.h"


// forward reference the abstract interpreter interface

class ai_baset;


class ai_domain_baset

{

protected:


  ai_domain_baset()

  {

  }


  ai_domain_baset(const ai_domain_baset &old)

  {

  }


public:


  virtual ~ai_domain_baset()

  {

  }


  typedef goto_programt::const_targett locationt;

  typedef ai_history_baset::trace_ptrt trace_ptrt;


  virtual void transform(

    const irep_idt &function_from,

    trace_ptrt from,

    const irep_idt &function_to,

    trace_ptrt to,

    ai_baset &ai,

    const namespacet &ns) = 0;


  virtual void


  output(std::ostream &, const ai_baset &, const namespacet &) const

  {

  }


  virtual jsont output_json(const ai_baset &ai, const namespacet &ns) const;


  virtual xmlt output_xml(const ai_baset &ai, const namespacet &ns) const;


  virtual void make_bottom() = 0;


  virtual void make_top() = 0;


  virtual void make_entry()

  {

    make_top();

  }


  virtual bool is_bottom() const = 0;


  virtual bool is_top() const = 0;


  virtual bool ai_simplify(exprt &condition, const namespacet &) const

  {

    (void)condition; // unused parameter

    return true;

  }


  virtual bool ai_simplify_lhs(exprt &condition, const namespacet &ns) const;


  virtual exprt to_predicate(void) const

  {

    if(is_bottom())

      return false_exprt();

    else

      return true_exprt();

  }


};


// No virtual interface is complete without a factory!


class ai_domain_factory_baset

{

public:

  typedef ai_domain_baset statet;

  typedef ai_domain_baset::locationt locationt;

  typedef ai_domain_baset::trace_ptrt trace_ptrt;


  virtual ~ai_domain_factory_baset()

  {

  }


  virtual std::unique_ptr<statet> make(locationt l) const = 0;

  virtual std::unique_ptr<statet> copy(const statet &s) const = 0;


  // Not domain construction but requires knowing the precise type of statet

  virtual bool

  merge(statet &dest, const statet &src, trace_ptrt from, trace_ptrt to)

    const = 0;

};


// Converting make to take a trace_ptr instead of a location would

// require removing the backwards-compatible

//  location_sensitive_storaget::get_state(locationt l)

// function which is used by some of the older domains


// It would be great to have a single (templated) default implementation.

// However, a default constructor is not part of the ai_domain_baset interface

// and there are some domains which don't have one.  So we need to separate the

// methods.

template <typename domainT>


class ai_domain_factoryt : public ai_domain_factory_baset

{

public:

  typedef ai_domain_factory_baset::statet statet;

  typedef ai_domain_factory_baset::locationt locationt;

  typedef ai_domain_factory_baset::trace_ptrt trace_ptrt;


  std::unique_ptr<statet> copy(const statet &s) const override

  {

    return std::make_unique<domainT>(static_cast<const domainT &>(s));

  }


  bool merge(statet &dest, const statet &src, trace_ptrt from, trace_ptrt to)

    const override

  {

    // For backwards compatability, use the location version

    return static_cast<domainT &>(dest).merge(

      static_cast<const domainT &>(src), from, to);

  }


};


template <typename domainT>


class ai_domain_factory_default_constructort

  : public ai_domain_factoryt<domainT>

{

public:

  typedef ai_domain_factory_baset::statet statet;

  typedef ai_domain_factory_baset::locationt locationt;

  typedef ai_domain_factory_baset::trace_ptrt trace_ptrt;


  std::unique_ptr<statet> make(locationt l) const override

  {

    auto d = std::make_unique<domainT>();

    CHECK_RETURN(d->is_bottom());

    return std::unique_ptr<statet>(d.release());

  }


};


template <typename domainT>


class ai_domain_factory_location_constructort

  : public ai_domain_factoryt<domainT>

{

public:

  typedef ai_domain_factory_baset::statet statet;

  typedef ai_domain_factory_baset::locationt locationt;

  typedef ai_domain_factory_baset::trace_ptrt trace_ptrt;


  std::unique_ptr<statet> make(locationt l) const override

  {

    auto d = std::make_unique<domainT>(l);

    CHECK_RETURN(d->is_bottom());

    return std::unique_ptr<statet>(d.release());

  }


};


#endif

ai_history.h
Abstract Interpretation history.

ai_baset
This is the basic interface of the abstract interpreter with default implementations of the core func...
Definition ai.h:117

ai_domain_baset
The interface offered by a domain, allows code to manipulate domains without knowing their exact type...
Definition ai_domain.h:54

ai_domain_baset::is_bottom
virtual bool is_bottom() const =0

ai_domain_baset::transform
virtual void transform(const irep_idt &function_from, trace_ptrt from, const irep_idt &function_to, trace_ptrt to, ai_baset &ai, const namespacet &ns)=0
how function calls are treated: a) there is an edge from each call site to the function head b) there...

ai_domain_baset::make_bottom
virtual void make_bottom()=0
no states

ai_domain_baset::ai_domain_baset
ai_domain_baset()
The constructor is expected to produce 'false' or 'bottom' A default constructor is not part of the d...
Definition ai_domain.h:58

ai_domain_baset::make_entry
virtual void make_entry()
Make this domain a reasonable entry-point state For most domains top is sufficient.
Definition ai_domain.h:121

ai_domain_baset::output_xml
virtual xmlt output_xml(const ai_baset &ai, const namespacet &ns) const
Definition ai_domain.cpp:26

ai_domain_baset::to_predicate
virtual exprt to_predicate(void) const
Gives a Boolean condition that is true for all values represented by the domain.
Definition ai_domain.h:160

ai_domain_baset::trace_ptrt
ai_history_baset::trace_ptrt trace_ptrt
Definition ai_domain.h:73

ai_domain_baset::output_json
virtual jsont output_json(const ai_baset &ai, const namespacet &ns) const
Definition ai_domain.cpp:17

ai_domain_baset::make_top
virtual void make_top()=0
all states – the analysis doesn't use this directly (see make_entry) and domains may refuse to implem...

ai_domain_baset::locationt
goto_programt::const_targett locationt
Definition ai_domain.h:72

ai_domain_baset::ai_simplify_lhs
virtual bool ai_simplify_lhs(exprt &condition, const namespacet &ns) const
Simplifies the expression but keeps it as an l-value.
Definition ai_domain.cpp:43

ai_domain_baset::output
virtual void output(std::ostream &, const ai_baset &, const namespacet &) const
Definition ai_domain.h:104

ai_domain_baset::is_top
virtual bool is_top() const =0

ai_domain_baset::ai_simplify
virtual bool ai_simplify(exprt &condition, const namespacet &) const
also add
Definition ai_domain.h:149

ai_domain_baset::~ai_domain_baset
virtual ~ai_domain_baset()
Definition ai_domain.h:68

ai_domain_baset::ai_domain_baset
ai_domain_baset(const ai_domain_baset &old)
A copy constructor is part of the domain interface.
Definition ai_domain.h:63

ai_domain_factory_baset
Definition ai_domain.h:171

ai_domain_factory_baset::trace_ptrt
ai_domain_baset::trace_ptrt trace_ptrt
Definition ai_domain.h:175

ai_domain_factory_baset::~ai_domain_factory_baset
virtual ~ai_domain_factory_baset()
Definition ai_domain.h:177

ai_domain_factory_baset::locationt
ai_domain_baset::locationt locationt
Definition ai_domain.h:174

ai_domain_factory_baset::make
virtual std::unique_ptr< statet > make(locationt l) const =0

ai_domain_factory_baset::statet
ai_domain_baset statet
Definition ai_domain.h:173

ai_domain_factory_baset::copy
virtual std::unique_ptr< statet > copy(const statet &s) const =0

ai_domain_factory_baset::merge
virtual bool merge(statet &dest, const statet &src, trace_ptrt from, trace_ptrt to) const =0

ai_domain_factory_default_constructort
Definition ai_domain.h:223

ai_domain_factory_default_constructort::make
std::unique_ptr< statet > make(locationt l) const override
Definition ai_domain.h:229

ai_domain_factory_default_constructort::trace_ptrt
ai_domain_factory_baset::trace_ptrt trace_ptrt
Definition ai_domain.h:227

ai_domain_factory_default_constructort::locationt
ai_domain_factory_baset::locationt locationt
Definition ai_domain.h:226

ai_domain_factory_default_constructort::statet
ai_domain_factory_baset::statet statet
Definition ai_domain.h:225

ai_domain_factory_location_constructort
Definition ai_domain.h:240

ai_domain_factory_location_constructort::locationt
ai_domain_factory_baset::locationt locationt
Definition ai_domain.h:243

ai_domain_factory_location_constructort::make
std::unique_ptr< statet > make(locationt l) const override
Definition ai_domain.h:246

ai_domain_factory_location_constructort::trace_ptrt
ai_domain_factory_baset::trace_ptrt trace_ptrt
Definition ai_domain.h:244

ai_domain_factory_location_constructort::statet
ai_domain_factory_baset::statet statet
Definition ai_domain.h:242

ai_domain_factoryt
Definition ai_domain.h:200

ai_domain_factoryt::copy
std::unique_ptr< statet > copy(const statet &s) const override
Definition ai_domain.h:206

ai_domain_factoryt::statet
ai_domain_factory_baset::statet statet
Definition ai_domain.h:202

ai_domain_factoryt::locationt
ai_domain_factory_baset::locationt locationt
Definition ai_domain.h:203

ai_domain_factoryt::trace_ptrt
ai_domain_factory_baset::trace_ptrt trace_ptrt
Definition ai_domain.h:204

ai_domain_factoryt::merge
bool merge(statet &dest, const statet &src, trace_ptrt from, trace_ptrt to) const override
Definition ai_domain.h:211

ai_history_baset::trace_ptrt
std::shared_ptr< const ai_history_baset > trace_ptrt
History objects are intended to be immutable so they can be shared to reduce memory overhead.
Definition ai_history.h:43

ait
ait supplies three of the four components needed: an abstract interpreter (in this case handling func...
Definition ai.h:562

dstringt
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Definition dstring.h:38

exprt
Base class for all expressions.
Definition expr.h:56

false_exprt
The Boolean constant false.
Definition std_expr.h:3199

goto_programt::const_targett
instructionst::const_iterator const_targett
Definition goto_program.h:614

jsont
Definition json.h:27

namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition namespace.h:91

true_exprt
The Boolean constant true.
Definition std_expr.h:3190

xmlt
Definition xml.h:21

json.h

CHECK_RETURN
#define CHECK_RETURN(CONDITION)
Definition invariant.h:495

xml.h