CBMC
boolbv_index.cpp
Go to the documentation of this file.
1 /*******************************************************************\
2 
3 Module:
4 
5 Author: Daniel Kroening, kroening@kroening.com
6 
7 \*******************************************************************/
8 
9 #include "boolbv.h"
10 
11 #include <algorithm>
12 
13 #include <util/arith_tools.h>
14 #include <util/byte_operators.h>
15 #include <util/cprover_prefix.h>
16 #include <util/pointer_expr.h>
17 #include <util/pointer_offset_size.h>
18 #include <util/simplify_expr.h>
19 #include <util/std_expr.h>
20 
21 bvt boolbvt::convert_index(const index_exprt &expr)
22 {
23  const exprt &array=expr.array();
24  const exprt &index=expr.index();
25 
26  const typet &array_op_type = array.type();
27 
28  bvt bv;
29 
30  if(array_op_type.id()==ID_array)
31  {
32  const array_typet &array_type=
33  to_array_type(array_op_type);
34 
35  // see if the array size is constant
36 
37  if(is_unbounded_array(array_type))
38  {
39  // use array decision procedure
40 
41  if(has_byte_operator(expr))
42  {
43  const index_exprt final_expr =
44  to_index_expr(lower_byte_operators(expr, ns));
45  CHECK_RETURN(final_expr != expr);
46  bv = convert_bv(final_expr);
47 
48  // record type if array is a symbol
49  const exprt &final_array = final_expr.array();
50  if(
51  final_array.id() == ID_symbol || final_array.id() == ID_nondet_symbol)
52  {
53  const auto &array_width_opt = bv_width.get_width_opt(array_type);
54  (void)map.get_literals(
55  final_array.get(ID_identifier),
56  array_type,
57  array_width_opt.value_or(0));
58  }
59 
60  // make sure we have the index in the cache
61  convert_bv(final_expr.index());
62  }
63  else
64  {
65  // free variables
66  bv = prop.new_variables(boolbv_width(expr.type()));
67 
68  record_array_index(expr);
69 
70  // record type if array is a symbol
71  if(array.id() == ID_symbol || array.id() == ID_nondet_symbol)
72  {
73  const auto &array_width_opt = bv_width.get_width_opt(array_type);
74  (void)map.get_literals(
75  array.get(ID_identifier), array_type, array_width_opt.value_or(0));
76  }
77 
78  // make sure we have the index in the cache
79  convert_bv(index);
80  }
81 
82  return bv;
83  }
84 
85  // Must have a finite size
86  mp_integer array_size =
87  numeric_cast_v<mp_integer>(to_constant_expr(array_type.size()));
88 
89  {
90  // see if the index address is constant
91  // many of these are compacted by simplify_expr
92  // but variable location writes will block this
93  auto maybe_index_value = numeric_cast<mp_integer>(index);
94  if(maybe_index_value.has_value())
95  {
96  return convert_index(array, maybe_index_value.value());
97  }
98  }
99 
100  // Special case : arrays of one thing (useful for constants)
101  // TODO : merge with ACTUAL_ARRAY_HACK so that ranges of the same
102  // value, bit-patterns with the same value, etc. are treated like
103  // this rather than as a series of individual options.
104  #define UNIFORM_ARRAY_HACK
105  #ifdef UNIFORM_ARRAY_HACK
106  bool is_uniform = array.id() == ID_array_of;
107 
108  if(array.is_constant() || array.id() == ID_array)
109  {
110  is_uniform = array.operands().size() <= 1 ||
111  std::all_of(
112  ++array.operands().begin(),
113  array.operands().end(),
114  [&array](const exprt &expr) {
115  return expr == to_multi_ary_expr(array).op0();
116  });
117  }
118 
119  if(is_uniform && prop.has_set_to())
120  {
121  static int uniform_array_counter; // Temporary hack
122 
123  const std::string identifier = CPROVER_PREFIX "internal_uniform_array_" +
124  std::to_string(uniform_array_counter++);
125 
126  symbol_exprt result(identifier, expr.type());
127  bv = convert_bv(result);
128 
129  // return an unconstrained value in case of an empty array (the access is
130  // necessarily out-of-bounds)
131  if(!array.has_operands())
132  return bv;
133 
134  equal_exprt value_equality(result, to_multi_ary_expr(array).op0());
135 
136  binary_relation_exprt lower_bound(
137  from_integer(0, index.type()), ID_le, index);
138  binary_relation_exprt upper_bound(
139  index, ID_lt, from_integer(array_size, index.type()));
140 
141  and_exprt range_condition(std::move(lower_bound), std::move(upper_bound));
142  implies_exprt implication(
143  std::move(range_condition), std::move(value_equality));
144 
145  // Simplify may remove the lower bound if the type
146  // is correct.
147  prop.l_set_to_true(convert(simplify_expr(implication, ns)));
148 
149  return bv;
150  }
151  #endif
152 
153  #define ACTUAL_ARRAY_HACK
154  #ifdef ACTUAL_ARRAY_HACK
155  // More useful when updates to concrete locations in
156  // actual arrays are compacted by simplify_expr
157  if((array.is_constant() || array.id() == ID_array) && prop.has_set_to())
158  {
159  #ifdef CONSTANT_ARRAY_HACK
160  // TODO : Compile the whole array into a single relation
161  #endif
162 
163  // Symbol for output
164  static int actual_array_counter; // Temporary hack
165 
166  const std::string identifier = CPROVER_PREFIX "internal_actual_array_" +
167  std::to_string(actual_array_counter++);
168 
169  symbol_exprt result(identifier, expr.type());
170  bv = convert_bv(result);
171 
172  // add implications
173 
174 #ifdef COMPACT_EQUAL_CONST
175  bv_utils.equal_const_register(convert_bv(index)); // Definitely
176  bv_utils.equal_const_register(convert_bv(result)); // Maybe
177 #endif
178 
179  exprt::operandst::const_iterator it = array.operands().begin();
180 
181  for(mp_integer i=0; i<array_size; i=i+1)
182  {
183  INVARIANT(
184  it != array.operands().end(),
185  "this loop iterates over the array, so `it` shouldn't be increased "
186  "past the array's end");
187 
188  // Cache comparisons and equalities
189  prop.l_set_to_true(convert(implies_exprt(
190  equal_exprt(index, from_integer(i, index.type())),
191  equal_exprt(result, *it++))));
192  }
193 
194  return bv;
195  }
196 
197 #endif
198 
199 
200  // TODO : As with constant index, there is a trade-off
201  // of when it is best to flatten the whole array and
202  // when it is best to use the array theory and then use
203  // one or more of the above encoding strategies.
204 
205  // get literals for the whole array
206  const std::size_t width = boolbv_width(expr.type());
207 
208  const bvt &array_bv =
209  convert_bv(array, numeric_cast_v<std::size_t>(array_size * width));
210 
211  // TODO: maybe a shifter-like construction would be better
212  // Would be a lot more compact but propagate worse
213 
214  if(prop.has_set_to())
215  {
216  // free variables
217  bv = prop.new_variables(width);
218 
219  // add implications
220 
221 #ifdef COMPACT_EQUAL_CONST
222  bv_utils.equal_const_register(convert_bv(index)); // Definitely
223 #endif
224 
225  bvt equal_bv;
226  equal_bv.resize(width);
227 
228  for(mp_integer i=0; i<array_size; i=i+1)
229  {
230  mp_integer offset=i*width;
231 
232  for(std::size_t j=0; j<width; j++)
233  equal_bv[j] = prop.lequal(
234  bv[j], array_bv[numeric_cast_v<std::size_t>(offset + j)]);
235 
236  prop.l_set_to_true(prop.limplies(
237  convert(equal_exprt(index, from_integer(i, index.type()))),
238  prop.land(equal_bv)));
239  }
240  }
241  else
242  {
243  bv.resize(width);
244 
245 #ifdef COMPACT_EQUAL_CONST
246  bv_utils.equal_const_register(convert_bv(index)); // Definitely
247 #endif
248 
249  typet constant_type=index.type(); // type of index operand
250 
251  DATA_INVARIANT(
252  array_size > 0,
253  "non-positive array sizes are forbidden in goto programs");
254 
255  for(mp_integer i=0; i<array_size; i=i+1)
256  {
257  literalt e =
258  convert(equal_exprt(index, from_integer(i, constant_type)));
259 
260  mp_integer offset=i*width;
261 
262  for(std::size_t j=0; j<width; j++)
263  {
264  literalt l = array_bv[numeric_cast_v<std::size_t>(offset + j)];
265 
266  if(i==0) // this initializes bv
267  bv[j]=l;
268  else
269  bv[j]=prop.lselect(e, l, bv[j]);
270  }
271  }
272  }
273  }
274  else
275  return conversion_failed(expr);
276 
277  return bv;
278 }
279 
281 bvt boolbvt::convert_index(
282  const exprt &array,
283  const mp_integer &index)
284 {
285  const array_typet &array_type = to_array_type(array.type());
286 
287  std::size_t width = boolbv_width(array_type.element_type());
288 
289  // TODO: If the underlying array can use one of the
290  // improvements given above then it may be better to use
291  // the array theory for short chains of updates and then
292  // the improved array handling rather than full flattening.
293  // Note that the calculation is non-trivial as the cost of
294  // full flattening is amortised against all uses of
295  // the array (constant and variable indexes) and updated
296  // versions of it.
297 
298  const bvt &tmp=convert_bv(array); // recursive call
299 
300  mp_integer offset=index*width;
301 
302  if(offset>=0 &&
303  offset+width<=mp_integer(tmp.size()))
304  {
305  // in bounds
306 
307  // The assertion below is disabled as we want to be able
308  // to run CBMC without simplifier.
309  // Expression simplification should remove these cases
310  // assert(array.id()!=ID_array_of &&
311  // array.id()!=ID_array);
312  // If not there are large improvements possible as above
313 
314  std::size_t offset_int = numeric_cast_v<std::size_t>(offset);
315  return bvt(tmp.begin() + offset_int, tmp.begin() + offset_int + width);
316  }
317  else if(array.id() == ID_member || array.id() == ID_index)
318  {
319  // out of bounds for the component, but not necessarily outside the bounds
320  // of the underlying object
321  object_descriptor_exprt o;
322  o.build(array, ns);
323  CHECK_RETURN(o.offset().id() != ID_unknown);
324 
325  const auto subtype_bytes_opt =
326  pointer_offset_size(array_type.element_type(), ns);
327  CHECK_RETURN(subtype_bytes_opt.has_value());
328 
329  exprt new_offset = simplify_expr(
330  plus_exprt(
331  o.offset(), from_integer(index * (*subtype_bytes_opt), o.offset().type())),
332  ns);
333 
334  byte_extract_exprt be =
335  make_byte_extract(o.root_object(), new_offset, array_type.element_type());
336 
337  return convert_bv(be);
338  }
339  else if(
340  array.id() == ID_byte_extract_big_endian ||
341  array.id() == ID_byte_extract_little_endian)
342  {
343  const byte_extract_exprt &byte_extract_expr = to_byte_extract_expr(array);
344 
345  const auto subtype_bytes_opt =
346  pointer_offset_size(array_type.element_type(), ns);
347  CHECK_RETURN(subtype_bytes_opt.has_value());
348 
349  // add offset to index
350  exprt new_offset = simplify_expr(
351  plus_exprt{
352  byte_extract_expr.offset(),
353  from_integer(
354  index * (*subtype_bytes_opt), byte_extract_expr.offset().type())},
355  ns);
356 
357  byte_extract_exprt be = byte_extract_expr;
358  be.offset() = new_offset;
359  be.type() = array_type.element_type();
360 
361  return convert_bv(be);
362  }
363  else
364  {
365  // out of bounds
366  return prop.new_variables(width);
367  }
368 }
from_integer
constant_exprt from_integer(const mp_integer &int_value, const typet &type)
Definition: arith_tools.cpp:100
arith_tools.h
has_byte_operator
bool has_byte_operator(const exprt &src)
Return true iff src or one of its operands contain a byte extract or byte update expression.
Definition: byte_operators.cpp:61
make_byte_extract
byte_extract_exprt make_byte_extract(const exprt &_op, const exprt &_offset, const typet &_type)
Construct a byte_extract_exprt with endianness and byte width matching the current configuration.
Definition: byte_operators.cpp:48
byte_operators.h
Expression classes for byte-level operators.
lower_byte_operators
exprt lower_byte_operators(const exprt &src, const namespacet &ns)
Rewrite an expression possibly containing byte-extract or -update expressions to more fundamental ope...
Definition: lower_byte_operators.cpp:2641
to_byte_extract_expr
const byte_extract_exprt & to_byte_extract_expr(const exprt &expr)
Definition: byte_operators.h:70
and_exprt
Boolean AND.
Definition: std_expr.h:2120
array_typet
Arrays with given size.
Definition: std_types.h:807
array_typet::element_type
const typet & element_type() const
The type of the elements of the array.
Definition: std_types.h:827
array_typet::size
const exprt & size() const
Definition: std_types.h:840
arrayst::ns
const namespacet & ns
Definition: arrays.h:56
arrayst::record_array_index
void record_array_index(const index_exprt &expr)
Definition: arrays.cpp:45
binary_relation_exprt
A base class for relations, i.e., binary predicates whose two operands have the same type.
Definition: std_expr.h:762
boolbv_mapt::get_literals
const bvt & get_literals(const irep_idt &identifier, const typet &type, std::size_t width)
Definition: boolbv_map.cpp:41
boolbv_widtht::get_width_opt
virtual std::optional< std::size_t > get_width_opt(const typet &type) const
Definition: boolbv_width.h:31
boolbvt::convert_index
virtual bvt convert_index(const exprt &array, const mp_integer &index)
index operator with constant index
Definition: boolbv_index.cpp:281
boolbvt::convert_bv
virtual const bvt & convert_bv(const exprt &expr, const std::optional< std::size_t > expected_width={})
Convert expression to vector of literalts, using an internal cache to speed up conversion if availabl...
Definition: boolbv.cpp:39
boolbvt::is_unbounded_array
bool is_unbounded_array(const typet &type) const override
Definition: boolbv.cpp:533
boolbvt::bv_width
boolbv_widtht bv_width
Definition: boolbv.h:116
boolbvt::bv_utils
bv_utilst bv_utils
Definition: boolbv.h:117
boolbvt::conversion_failed
bvt conversion_failed(const exprt &expr)
Print that the expression of x has failed conversion, then return a vector of x's width.
Definition: boolbv.cpp:94
boolbvt::boolbv_width
virtual std::size_t boolbv_width(const typet &type) const
Definition: boolbv.h:102
boolbvt::map
boolbv_mapt map
Definition: boolbv.h:123
byte_extract_exprt
Expression of type type extracted from some object op starting at position offset (given in number of...
Definition: byte_operators.h:29
byte_extract_exprt::offset
exprt & offset()
Definition: byte_operators.h:47
equal_exprt
Equality.
Definition: std_expr.h:1361
exprt
Base class for all expressions.
Definition: expr.h:56
exprt::has_operands
bool has_operands() const
Return true if there is at least one operand.
Definition: expr.h:91
exprt::type
typet & type()
Return the type of the expression.
Definition: expr.h:84
exprt::is_constant
bool is_constant() const
Return whether the expression is a constant.
Definition: expr.h:212
exprt::operands
operandst & operands()
Definition: expr.h:94
implies_exprt
Boolean implication.
Definition: std_expr.h:2183
index_exprt
Array index operator.
Definition: std_expr.h:1465
index_exprt::array
exprt & array()
Definition: std_expr.h:1495
index_exprt::index
exprt & index()
Definition: std_expr.h:1505
irept::get
const irep_idt & get(const irep_idt &name) const
Definition: irep.cpp:44
irept::id
const irep_idt & id() const
Definition: irep.h:388
object_descriptor_exprt
Split an expression into a base object and a (byte) offset.
Definition: pointer_expr.h:181
object_descriptor_exprt::offset
exprt & offset()
Definition: pointer_expr.h:223
object_descriptor_exprt::build
void build(const exprt &expr, const namespacet &ns)
Given an expression expr, attempt to find the underlying object it represents by skipping over type c...
Definition: pointer_expr.cpp:114
object_descriptor_exprt::root_object
static const exprt & root_object(const exprt &expr)
Definition: pointer_expr.cpp:186
plus_exprt
The plus expression Associativity is not specified.
Definition: std_expr.h:1002
prop_conv_solvert::convert
literalt convert(const exprt &expr) override
Convert a Boolean expression and return the corresponding literal.
Definition: prop_conv_solver.cpp:154
prop_conv_solvert::prop
propt & prop
Definition: prop_conv_solver.h:130
propt::l_set_to_true
void l_set_to_true(literalt a)
Definition: prop.h:52
propt::land
virtual literalt land(literalt a, literalt b)=0
propt::limplies
virtual literalt limplies(literalt a, literalt b)=0
propt::lselect
virtual literalt lselect(literalt a, literalt b, literalt c)=0
propt::new_variables
virtual bvt new_variables(std::size_t width)
generates a bitvector of given width with new variables
Definition: prop.cpp:30
propt::lequal
virtual literalt lequal(literalt a, literalt b)=0
propt::has_set_to
virtual bool has_set_to() const
Definition: prop.h:81
symbol_exprt
Expression to hold a symbol (variable)
Definition: std_expr.h:131
typet
The type of an expression, extends irept.
Definition: type.h:29
cprover_prefix.h
CPROVER_PREFIX
#define CPROVER_PREFIX
Definition: cprover_prefix.h:14
implication
static exprt implication(exprt lhs, exprt rhs)
Definition: goto_check_c.cpp:419
bvt
std::vector< literalt > bvt
Definition: literal.h:201
pointer_expr.h
API to expression classes for Pointers.
pointer_offset_size
std::optional< mp_integer > pointer_offset_size(const typet &type, const namespacet &ns)
Compute the size of a type in bytes, rounding up to full bytes.
Definition: pointer_offset_size.cpp:91
pointer_offset_size.h
Pointer Logic.
simplify_expr
exprt simplify_expr(exprt src, const namespacet &ns)
Definition: simplify_expr.cpp:3242
simplify_expr.h
mp_integer
BigInt mp_integer
Definition: smt_terms.h:17
CHECK_RETURN
#define CHECK_RETURN(CONDITION)
Definition: invariant.h:495
DATA_INVARIANT
#define DATA_INVARIANT(CONDITION, REASON)
This condition should be used to document that assumptions that are made on goto_functions,...
Definition: invariant.h:534
std_expr.h
API to expression classes.
to_constant_expr
const constant_exprt & to_constant_expr(const exprt &expr)
Cast an exprt to a constant_exprt.
Definition: std_expr.h:3045
to_multi_ary_expr
const multi_ary_exprt & to_multi_ary_expr(const exprt &expr)
Cast an exprt to a multi_ary_exprt.
Definition: std_expr.h:987
to_index_expr
const index_exprt & to_index_expr(const exprt &expr)
Cast an exprt to an index_exprt.
Definition: std_expr.h:1533
to_array_type
const array_typet & to_array_type(const typet &type)
Cast a typet to an array_typet.
Definition: std_types.h:888
to_string
std::string to_string(const string_not_contains_constraintt &expr)
Used for debug printing.
Definition: string_constraint.cpp:58
validation_modet::INVARIANT
@ INVARIANT