cbmc/array__pool_8cpp_source.html

 /*******************************************************************\


 Module: String solver


 Author: Romain Brenguier, romain.brenguier@diffblue.com


 \*******************************************************************/


 #include "array_pool.h"


 #include <util/pointer_expr.h>


 symbol_exprt symbol_generatort::

 operator()(const irep_idt &prefix, const typet &type)

 {

   std::ostringstream buf;

   buf << "string_refinement#" << prefix << "#" << ++symbol_count;

   irep_idt name(buf.str());

   symbol_exprt result(name, type);

 #ifdef DEBUG

   created_symbols.push_back(result);

 #endif

   return result;

 }


 exprt array_poolt::get_or_create_length(const array_string_exprt &s)

 {

   if(const auto &if_expr = expr_try_dynamic_cast<if_exprt>((exprt)s))

   {

     return if_exprt{

       if_expr->cond(),

       get_or_create_length(to_array_string_expr(if_expr->true_case())),

       get_or_create_length(to_array_string_expr(if_expr->false_case()))};

   }


   auto emplace_result =

     length_of_array.emplace(s, symbol_exprt(s.length_type()));

   if(emplace_result.second)

   {

     emplace_result.first->second =

       fresh_symbol("string_length", s.length_type());

   }


   return emplace_result.first->second;

 }


 std::optional<exprt>

 array_poolt::get_length_if_exists(const array_string_exprt &s) const

 {

   auto find_result = length_of_array.find(s);

   if(find_result != length_of_array.end())

     return find_result->second;

   return {};

 }


 array_string_exprt

 array_poolt::fresh_string(const typet &index_type, const typet &char_type)

 {

   array_typet array_type{char_type, infinity_exprt(index_type)};

   symbol_exprt content = fresh_symbol("string_content", array_type);

   array_string_exprt str = to_array_string_expr(content);

   arrays_of_pointers.emplace(

     address_of_exprt(index_exprt(str, from_integer(0, index_type))), str);


   // add length to length_of_array map

   get_or_create_length(str);


   return str;

 }


 array_string_exprt array_poolt::make_char_array_for_char_pointer(

   const exprt &char_pointer,

   const typet &char_array_type)

 {

   PRECONDITION(char_pointer.type().id() == ID_pointer);

   PRECONDITION(char_array_type.id() == ID_array);

   PRECONDITION(

     to_array_type(char_array_type).element_type().id() == ID_unsignedbv ||

     to_array_type(char_array_type).element_type().id() == ID_signedbv);


   if(char_pointer.id() == ID_if)

   {

     const if_exprt &if_expr = to_if_expr(char_pointer);

     const array_string_exprt t =

       make_char_array_for_char_pointer(if_expr.true_case(), char_array_type);

     const array_string_exprt f =

       make_char_array_for_char_pointer(if_expr.false_case(), char_array_type);

     const array_typet array_type(

       to_array_type(char_array_type).element_type(),

       if_exprt(

         if_expr.cond(),

         to_array_type(t.type()).size(),

         to_array_type(f.type()).size()));

     // BEWARE: this expression is possibly type-inconsistent and must not be

     // used for any purposes other than passing it to concretization.

     // Array if-exprts must be replaced (using substitute_array_access) before

     // passing the lemmas to the solver.

     return to_array_string_expr(if_exprt(if_expr.cond(), t, f, array_type));

   }


   const bool is_constant_array =

     char_pointer.id() == ID_address_of &&

     to_address_of_expr(char_pointer).object().id() == ID_index &&

     to_index_expr(to_address_of_expr(char_pointer).object()).array().id() ==

       ID_array;


   if(is_constant_array)

   {

     return to_array_string_expr(

       to_index_expr(to_address_of_expr(char_pointer).object()).array());

   }

   const std::string symbol_name = "char_array_" + id2string(char_pointer.id());

   const auto array_sym =

     to_array_string_expr(fresh_symbol(symbol_name, char_array_type));

   const auto insert_result =

     arrays_of_pointers.insert({char_pointer, array_sym});


   // add length to length_of_array map

   get_or_create_length(array_sym);


   return to_array_string_expr(insert_result.first->second);

 }


 static void attempt_assign_length_from_type(

   const array_string_exprt &array_expr,

   std::unordered_map<array_string_exprt, exprt, irep_hash> &length_of_array,

   symbol_generatort &symbol_generator)

 {

   DATA_INVARIANT(

     array_expr.id() != ID_if,

     "attempt_assign_length_from_type does not handle if exprts");

   // This invariant seems always true, but I don't know why.

   // If we find a case where this is violated, try calling

   // attempt_assign_length_from_type on the true and false cases.

   const exprt &size_from_type = to_array_type(array_expr.type()).size();

   const exprt &size_to_assign =

     size_from_type != infinity_exprt(size_from_type.type())

       ? size_from_type

       : symbol_generator("string_length", array_expr.length_type());


   const auto emplace_result =

     length_of_array.emplace(array_expr, size_to_assign);

   INVARIANT(

     emplace_result.second,

     "attempt_assign_length_from_type should only be called when no entry"

     "for the array_string_exprt exists in the length_of_array map");

 }


 void array_poolt::insert(

   const exprt &pointer_expr,

   const array_string_exprt &array_expr)

 {

   const auto it_bool =

     arrays_of_pointers.insert(std::make_pair(pointer_expr, array_expr));


   INVARIANT(

     it_bool.second, "should not associate two arrays to the same pointer");


   if(length_of_array.find(array_expr) == length_of_array.end())

   {

     attempt_assign_length_from_type(array_expr, length_of_array, fresh_symbol);

   }

 }


 const std::unordered_map<array_string_exprt, exprt, irep_hash> &

 array_poolt::created_strings() const

 {

   return length_of_array;

 }


 array_string_exprt array_poolt::find(const exprt &pointer, const exprt &length)

 {

   const array_typet array_type(

     to_pointer_type(pointer.type()).base_type(), length);

   const array_string_exprt array =

     make_char_array_for_char_pointer(pointer, array_type);

   return array;

 }


 array_string_exprt of_argument(array_poolt &array_pool, const exprt &arg)

 {

   const auto string_argument = expr_checked_cast<struct_exprt>(arg);

   return array_pool.find(string_argument.op1(), string_argument.op0());

 }


 array_string_exprt get_string_expr(array_poolt &array_pool, const exprt &expr)

 {

   PRECONDITION(is_refined_string_type(expr.type()));

   const refined_string_exprt &str = to_string_expr(expr);

   return array_pool.find(str.content(), str.length());

 }

from_integer
constant_exprt from_integer(const mp_integer &int_value, const typet &type)
Definition: arith_tools.cpp:100

attempt_assign_length_from_type
static void attempt_assign_length_from_type(const array_string_exprt &array_expr, std::unordered_map< array_string_exprt, exprt, irep_hash > &length_of_array, symbol_generatort &symbol_generator)
Given an array_string_exprt, get the size of the underlying array.
Definition: array_pool.cpp:135

of_argument
array_string_exprt of_argument(array_poolt &array_pool, const exprt &arg)
Converts a struct containing a length and pointer to an array.
Definition: array_pool.cpp:193

get_string_expr
array_string_exprt get_string_expr(array_poolt &array_pool, const exprt &expr)
Fetch the string_exprt corresponding to the given refined_string_exprt.
Definition: array_pool.cpp:199

array_pool.h
Associates arrays and length to pointers, so that the string refinement can transform builtin functio...

char_type
bitvector_typet char_type()
Definition: c_types.cpp:106

address_of_exprt
Operator to return the address of an object.
Definition: pointer_expr.h:540

address_of_exprt::object
exprt & object()
Definition: pointer_expr.h:549

array_poolt
Correspondance between arrays and pointers string representations.
Definition: array_pool.h:42

array_poolt::arrays_of_pointers
std::unordered_map< exprt, array_string_exprt, irep_hash > arrays_of_pointers
Associate arrays to char pointers Invariant: Each array_string_exprt in this map has a corresponding ...
Definition: array_pool.h:95

array_poolt::get_length_if_exists
std::optional< exprt > get_length_if_exists(const array_string_exprt &s) const
As opposed to get_length(), do not create a new symbol if the length of the array_string_exprt does n...
Definition: array_pool.cpp:48

array_poolt::length_of_array
std::unordered_map< array_string_exprt, exprt, irep_hash > length_of_array
Associate length to arrays of infinite size.
Definition: array_pool.h:98

array_poolt::make_char_array_for_char_pointer
array_string_exprt make_char_array_for_char_pointer(const exprt &char_pointer, const typet &char_array_type)
Helper function for find.
Definition: array_pool.cpp:74

array_poolt::get_or_create_length
exprt get_or_create_length(const array_string_exprt &s)
Get the length of an array_string_exprt from the array_pool.
Definition: array_pool.cpp:26

array_poolt::insert
void insert(const exprt &pointer_expr, const array_string_exprt &array)
Definition: array_pool.cpp:160

array_poolt::fresh_string
array_string_exprt fresh_string(const typet &index_type, const typet &char_type)
Construct a string expression whose length and content are new variables.
Definition: array_pool.cpp:57

array_poolt::find
array_string_exprt find(const exprt &pointer, const exprt &length)
Creates a new array if the pointer is not pointing to an array.
Definition: array_pool.cpp:184

array_poolt::fresh_symbol
symbol_generatort & fresh_symbol
Generate fresh symbols.
Definition: array_pool.h:101

array_poolt::created_strings
const std::unordered_map< array_string_exprt, exprt, irep_hash > & created_strings() const
Return a map mapping all array_string_exprt of the array_pool to their length.
Definition: array_pool.cpp:179

array_string_exprt
Definition: string_expr.h:68

array_string_exprt::length_type
const typet & length_type() const
Definition: string_expr.h:70

array_typet
Arrays with given size.
Definition: std_types.h:807

array_typet::size
const exprt & size() const
Definition: std_types.h:840

dstringt
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Definition: dstring.h:38

exprt
Base class for all expressions.
Definition: expr.h:56

exprt::type
typet & type()
Return the type of the expression.
Definition: expr.h:84

if_exprt
The trinary if-then-else operator.
Definition: std_expr.h:2370

if_exprt::true_case
exprt & true_case()
Definition: std_expr.h:2397

if_exprt::false_case
exprt & false_case()
Definition: std_expr.h:2407

if_exprt::cond
exprt & cond()
Definition: std_expr.h:2387

index_exprt
Array index operator.
Definition: std_expr.h:1465

index_exprt::array
exprt & array()
Definition: std_expr.h:1495

infinity_exprt
An expression denoting infinity.
Definition: std_expr.h:3097

irept::id
const irep_idt & id() const
Definition: irep.h:388

pointer_typet::base_type
const typet & base_type() const
The type of the data what we point to.
Definition: pointer_expr.h:35

refined_string_exprt
Definition: string_expr.h:110

refined_string_exprt::length
const exprt & length() const
Definition: string_expr.h:129

refined_string_exprt::content
const exprt & content() const
Definition: string_expr.h:139

symbol_exprt
Expression to hold a symbol (variable)
Definition: std_expr.h:131

symbol_generatort
Generation of fresh symbols of a given type.
Definition: array_pool.h:22

symbol_generatort::operator()
symbol_exprt operator()(const irep_idt &prefix, const typet &type=bool_typet())
Generate a new symbol expression of the given type with some prefix.
Definition: array_pool.cpp:14

symbol_generatort::symbol_count
unsigned symbol_count
Definition: array_pool.h:31

typet
The type of an expression, extends irept.
Definition: type.h:29

id2string
const std::string & id2string(const irep_idt &d)
Definition: irep.h:44

pointer_expr.h
API to expression classes for Pointers.

to_pointer_type
const pointer_typet & to_pointer_type(const typet &type)
Cast a typet to a pointer_typet.
Definition: pointer_expr.h:93

to_address_of_expr
const address_of_exprt & to_address_of_expr(const exprt &expr)
Cast an exprt to an address_of_exprt.
Definition: pointer_expr.h:577

is_refined_string_type
bool is_refined_string_type(const typet &type)
Definition: refined_string_type.h:54

DATA_INVARIANT
#define DATA_INVARIANT(CONDITION, REASON)
This condition should be used to document that assumptions that are made on goto_functions,...
Definition: invariant.h:534

PRECONDITION
#define PRECONDITION(CONDITION)
Definition: invariant.h:463

INVARIANT
#define INVARIANT(CONDITION, REASON)
This macro uses the wrapper function 'invariant_violated_string'.
Definition: invariant.h:423

to_if_expr
const if_exprt & to_if_expr(const exprt &expr)
Cast an exprt to an if_exprt.
Definition: std_expr.h:2450

to_index_expr
const index_exprt & to_index_expr(const exprt &expr)
Cast an exprt to an index_exprt.
Definition: std_expr.h:1533

to_array_type
const array_typet & to_array_type(const typet &type)
Cast a typet to an array_typet.
Definition: std_types.h:888

to_array_string_expr
array_string_exprt & to_array_string_expr(exprt &expr)
Definition: string_expr.h:96

to_string_expr
refined_string_exprt & to_string_expr(exprt &expr)
Definition: string_expr.h:151

validation_modet::INVARIANT
@ INVARIANT