cbmc/analyze__symbol_8h_source.html

 /*******************************************************************\


 Module: Symbol Analyzer


 Author: Malte Mues <mail.mues@gmail.com>

         Daniel Poetzl


 \*******************************************************************/


 #ifndef CPROVER_MEMORY_ANALYZER_ANALYZE_SYMBOL_H

 #define CPROVER_MEMORY_ANALYZER_ANALYZE_SYMBOL_H


 #include <ansi-c/expr2c_class.h>


 #include <util/namespace.h>

 #include <util/symbol_table.h>


 #include <ansi-c/allocate_objects.h>


 #include "gdb_api.h"


 #include <map>

 #include <string>


 class pointer_typet;

 class source_locationt;


 class gdb_value_extractort

 {

 public:

   gdb_value_extractort(

     const symbol_table_baset &symbol_table,

     const std::vector<std::string> &args);


   void analyze_symbols(const std::list<std::string> &symbols);


   std::string get_snapshot_as_c_code();


   symbol_tablet get_snapshot_as_symbol_table();


   using pointer_valuet = gdb_apit::pointer_valuet;

   using memory_addresst = gdb_apit::memory_addresst;


   void create_gdb_process()

   {

     gdb_api.create_gdb_process();

   }

   bool run_gdb_to_breakpoint(const std::string &breakpoint)

   {

     return gdb_api.run_gdb_to_breakpoint(breakpoint);

   }

   void run_gdb_from_core(const std::string &corefile)

   {

     gdb_api.run_gdb_from_core(corefile);

   }


 private:

   gdb_apit gdb_api;


   symbol_tablet symbol_table;

   const namespacet ns;

   expr2ct c_converter;

   allocate_objectst allocate_objects;


   std::map<exprt, exprt> assignments;


   std::map<exprt, memory_addresst> outstanding_assignments;


   std::map<memory_addresst, exprt> values;


   struct memory_scopet

   {

   private:

     size_t begin_int;

     mp_integer byte_size;

     irep_idt name;


     size_t address2size_t(const memory_addresst &point) const;


     bool check_containment(const size_t &point_int) const

     {

       return point_int >= begin_int && (begin_int + byte_size) > point_int;

     }


   public:

     memory_scopet(

       const memory_addresst &begin,

       const mp_integer &byte_size,

       const irep_idt &name);


     bool contains(const memory_addresst &point) const

     {

       return check_containment(address2size_t(point));

     }


     mp_integer

     distance(const memory_addresst &point, mp_integer member_size) const;


     irep_idt id() const

     {

       return name;

     }


     mp_integer size() const

     {

       return byte_size;

     }

   };


   std::vector<memory_scopet> dynamically_allocated;


   std::map<irep_idt, pointer_valuet> memory_map;


   bool has_known_memory_location(const irep_idt &id) const

   {

     return memory_map.count(id) != 0;

   }


   std::vector<memory_scopet>::iterator find_dynamic_allocation(irep_idt name);


   std::vector<memory_scopet>::iterator

   find_dynamic_allocation(const memory_addresst &point);


   mp_integer get_malloc_size(irep_idt name);


   std::optional<std::string>

   get_malloc_pointee(const memory_addresst &point, mp_integer member_size);


   mp_integer get_type_size(const typet &type) const;


   void analyze_symbol(const irep_idt &symbol_name);


   void add_assignment(const exprt &lhs, const exprt &value);


   exprt get_array_value(

     const exprt &expr,

     const exprt &array,

     const source_locationt &location);


   exprt get_expr_value(

     const exprt &expr,

     const exprt &zero_expr,

     const source_locationt &location);


   exprt get_struct_value(

     const exprt &expr,

     const exprt &zero_expr,

     const source_locationt &location);


   exprt get_union_value(

     const exprt &expr,

     const exprt &zero_expr,

     const source_locationt &location);


   exprt get_pointer_value(

     const exprt &expr,

     const exprt &zero_expr,

     const source_locationt &location);


   exprt get_pointer_to_member_value(

     const exprt &expr,

     const pointer_valuet &pointer_value,

     const source_locationt &location);


   exprt get_non_char_pointer_value(

     const exprt &expr,

     const pointer_valuet &value,

     const source_locationt &location);


   exprt get_pointer_to_function_value(

     const exprt &expr,

     const pointer_valuet &pointer_value,

     const source_locationt &location);


   exprt get_char_pointer_value(

     const exprt &expr,

     const memory_addresst &memory_location,

     const source_locationt &location);


   void process_outstanding_assignments();


   std::string get_gdb_value(const exprt &expr);


   bool points_to_member(

     pointer_valuet &pointer_value,

     const pointer_typet &expected_type);

 };


 #endif // CPROVER_MEMORY_ANALYZER_ANALYZE_SYMBOL_H

allocate_objects.h

allocate_objectst
Definition: allocate_objects.h:27

dstringt
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Definition: dstring.h:38

expr2ct
Definition: expr2c_class.h:35

exprt
Base class for all expressions.
Definition: expr.h:56

gdb_apit
Interface for running and querying GDB.
Definition: gdb_api.h:30

gdb_apit::run_gdb_to_breakpoint
bool run_gdb_to_breakpoint(const std::string &breakpoint)
Run gdb to the given breakpoint.
Definition: gdb_api.cpp:345

gdb_apit::create_gdb_process
void create_gdb_process()
Create a new gdb process for analysing the binary indicated by the first element in args
Definition: gdb_api.cpp:67

gdb_apit::run_gdb_from_core
void run_gdb_from_core(const std::string &corefile)
Run gdb with the given core file.
Definition: gdb_api.cpp:275

gdb_value_extractort
Interface for extracting values from GDB (building on gdb_apit)
Definition: analyze_symbol.h:33

gdb_value_extractort::get_gdb_value
std::string get_gdb_value(const exprt &expr)
Extract a stringified value from and c-converted expr.
Definition: analyze_symbol.cpp:754

gdb_value_extractort::get_pointer_to_member_value
exprt get_pointer_to_member_value(const exprt &expr, const pointer_valuet &pointer_value, const source_locationt &location)
Call get_subexpression_at_offset to get the correct member expression.
Definition: analyze_symbol.cpp:274

gdb_value_extractort::allocate_objects
allocate_objectst allocate_objects
Definition: analyze_symbol.h:81

gdb_value_extractort::run_gdb_to_breakpoint
bool run_gdb_to_breakpoint(const std::string &breakpoint)
Definition: analyze_symbol.h:64

gdb_value_extractort::memory_map
std::map< irep_idt, pointer_valuet > memory_map
Keep track of the memory location for the analyzed symbols.
Definition: analyze_symbol.h:154

gdb_value_extractort::gdb_api
gdb_apit gdb_api
Definition: analyze_symbol.h:74

gdb_value_extractort::outstanding_assignments
std::map< exprt, memory_addresst > outstanding_assignments
Mapping pointer expression for which get_non_char_pointer_value returned nil expression to memory loc...
Definition: analyze_symbol.h:88

gdb_value_extractort::c_converter
expr2ct c_converter
Definition: analyze_symbol.h:80

gdb_value_extractort::pointer_valuet
gdb_apit::pointer_valuet pointer_valuet
Definition: analyze_symbol.h:57

gdb_value_extractort::analyze_symbol
void analyze_symbol(const irep_idt &symbol_name)
Assign the gdb-extracted value for symbol_name to its symbol expression and then process outstanding ...
Definition: analyze_symbol.cpp:148

gdb_value_extractort::has_known_memory_location
bool has_known_memory_location(const irep_idt &id) const
Definition: analyze_symbol.h:156

gdb_value_extractort::get_char_pointer_value
exprt get_char_pointer_value(const exprt &expr, const memory_addresst &memory_location, const source_locationt &location)
If memory_location is found among values then return the symbol expression associated with it.
Definition: analyze_symbol.cpp:228

gdb_value_extractort::get_pointer_to_function_value
exprt get_pointer_to_function_value(const exprt &expr, const pointer_valuet &pointer_value, const source_locationt &location)
Extract the function name from pointer_value, check it has a symbol and return the associated symbol ...
Definition: analyze_symbol.cpp:340

gdb_value_extractort::process_outstanding_assignments
void process_outstanding_assignments()
Call add_assignment for each pair in outstanding_assignments.
Definition: analyze_symbol.cpp:745

gdb_value_extractort::get_array_value
exprt get_array_value(const exprt &expr, const exprt &array, const source_locationt &location)
Iterate over array and fill its operands with the results of calling get_expr_value on index expressi...
Definition: analyze_symbol.cpp:580

gdb_value_extractort::add_assignment
void add_assignment(const exprt &lhs, const exprt &value)
Create assignment lhs := value (see analyze_symbol)
Definition: analyze_symbol.cpp:222

gdb_value_extractort::dynamically_allocated
std::vector< memory_scopet > dynamically_allocated
Keep track of the dynamically allocated memory.
Definition: analyze_symbol.h:151

gdb_value_extractort::run_gdb_from_core
void run_gdb_from_core(const std::string &corefile)
Definition: analyze_symbol.h:68

gdb_value_extractort::assignments
std::map< exprt, exprt > assignments
Sequence of assignments collected during analyze_symbols.
Definition: analyze_symbol.h:84

gdb_value_extractort::get_snapshot_as_c_code
std::string get_snapshot_as_c_code()
Get memory snapshot as C code.
Definition: analyze_symbol.cpp:174

gdb_value_extractort::values
std::map< memory_addresst, exprt > values
Storing pairs <address, symbol> such that at address is stored the value of symbol.
Definition: analyze_symbol.h:92

gdb_value_extractort::gdb_value_extractort
gdb_value_extractort(const symbol_table_baset &symbol_table, const std::vector< std::string > &args)
Definition: analyze_symbol.cpp:24

gdb_value_extractort::get_expr_value
exprt get_expr_value(const exprt &expr, const exprt &zero_expr, const source_locationt &location)
Case analysis on the typet of expr 1) For integers, booleans, and enums: call gdb_apit::get_value dir...
Definition: analyze_symbol.cpp:604

gdb_value_extractort::get_type_size
mp_integer get_type_size(const typet &type) const
Wrapper for call get_offset_pointer_bits.
Definition: analyze_symbol.cpp:102

gdb_value_extractort::analyze_symbols
void analyze_symbols(const std::list< std::string > &symbols)
For each input symbol in symbols: map its value address to its symbol_exprt (via the values map) and ...
Definition: analyze_symbol.cpp:109

gdb_value_extractort::points_to_member
bool points_to_member(pointer_valuet &pointer_value, const pointer_typet &expected_type)
Analyzes the pointer_value to decide if it point to a struct or a union (or array)
Definition: analyze_symbol.cpp:465

gdb_value_extractort::get_malloc_size
mp_integer get_malloc_size(irep_idt name)
Search for the size of the allocated memory for name.
Definition: analyze_symbol.cpp:80

gdb_value_extractort::get_malloc_pointee
std::optional< std::string > get_malloc_pointee(const memory_addresst &point, mp_integer member_size)
Build the pointee string for address point assuming it points to a dynamic allocation of ‘n’ elements...
Definition: analyze_symbol.cpp:89

gdb_value_extractort::create_gdb_process
void create_gdb_process()
Definition: analyze_symbol.h:60

gdb_value_extractort::get_pointer_value
exprt get_pointer_value(const exprt &expr, const exprt &zero_expr, const source_locationt &location)
Call gdb_apit::get_memory on expr then split based on the points-to type being char type or not.
Definition: analyze_symbol.cpp:491

gdb_value_extractort::symbol_table
symbol_tablet symbol_table
External symbol table – extracted from read_goto_binary We only expect to analyse symbols located the...
Definition: analyze_symbol.h:78

gdb_value_extractort::get_struct_value
exprt get_struct_value(const exprt &expr, const exprt &zero_expr, const source_locationt &location)
For each of the members of the struct: call get_expr_value.
Definition: analyze_symbol.cpp:687

gdb_value_extractort::find_dynamic_allocation
std::vector< memory_scopet >::iterator find_dynamic_allocation(irep_idt name)
Search for a memory scope allocated under name.
Definition: analyze_symbol.cpp:61

gdb_value_extractort::get_union_value
exprt get_union_value(const exprt &expr, const exprt &zero_expr, const source_locationt &location)
For each of the members of the struct: call get_expr_value.
Definition: analyze_symbol.cpp:723

gdb_value_extractort::get_snapshot_as_symbol_table
symbol_tablet get_snapshot_as_symbol_table()
Get memory snapshot as symbol table Build a new symbol_tablet and for each lhs symbol from collected ...
Definition: analyze_symbol.cpp:189

gdb_value_extractort::get_non_char_pointer_value
exprt get_non_char_pointer_value(const exprt &expr, const pointer_valuet &value, const source_locationt &location)
Similar to get_char_pointer_value.
Definition: analyze_symbol.cpp:361

gdb_value_extractort::memory_addresst
gdb_apit::memory_addresst memory_addresst
Definition: analyze_symbol.h:58

gdb_value_extractort::ns
const namespacet ns
Definition: analyze_symbol.h:79

namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition: namespace.h:94

pointer_typet
The pointer type These are both 'bitvector_typet' (they have a width) and 'type_with_subtypet' (they ...
Definition: pointer_expr.h:24

source_locationt
Definition: source_location.h:20

symbol_table_baset
The symbol table base class interface.
Definition: symbol_table_base.h:23

symbol_tablet
The symbol table.
Definition: symbol_table.h:14

typet
The type of an expression, extends irept.
Definition: type.h:29

expr2c_class.h

gdb_api.h
Low-level interface to gdb.

namespace.h

mp_integer
BigInt mp_integer
Definition: smt_terms.h:17

gdb_apit::memory_addresst
Memory address imbued with the explicit boolean data indicating if the address is null or not.
Definition: gdb_api.h:37

gdb_apit::pointer_valuet
Data associated with the value of a pointer, i.e.
Definition: gdb_api.h:77

gdb_value_extractort::memory_scopet
Definition: analyze_symbol.h:95

gdb_value_extractort::memory_scopet::distance
mp_integer distance(const memory_addresst &point, mp_integer member_size) const
Compute the distance of point from the beginning of this scope.
Definition: analyze_symbol.cpp:51

gdb_value_extractort::memory_scopet::begin_int
size_t begin_int
Definition: analyze_symbol.h:97

gdb_value_extractort::memory_scopet::byte_size
mp_integer byte_size
Definition: analyze_symbol.h:98

gdb_value_extractort::memory_scopet::check_containment
bool check_containment(const size_t &point_int) const
Helper function that check if a point in memory points inside this scope.
Definition: analyze_symbol.h:109

gdb_value_extractort::memory_scopet::name
irep_idt name
Definition: analyze_symbol.h:99

gdb_value_extractort::memory_scopet::memory_scopet
memory_scopet(const memory_addresst &begin, const mp_integer &byte_size, const irep_idt &name)
Definition: analyze_symbol.cpp:35

gdb_value_extractort::memory_scopet::size
mp_integer size() const
Getter for the allocation size of this memory scope.
Definition: analyze_symbol.h:144

gdb_value_extractort::memory_scopet::contains
bool contains(const memory_addresst &point) const
Check if point points somewhere in this memory scope.
Definition: analyze_symbol.h:123

gdb_value_extractort::memory_scopet::address2size_t
size_t address2size_t(const memory_addresst &point) const
Convert base-16 memory address to a natural number.
Definition: analyze_symbol.cpp:45

gdb_value_extractort::memory_scopet::id
irep_idt id() const
Getter for the name of this memory scope.
Definition: analyze_symbol.h:137

symbol_table.h
Author: Diffblue Ltd.