cbmc/c__nondet__symbol__factory_8cpp_source.html

/*******************************************************************\


Module: C Nondet Symbol Factory


Author: Diffblue Ltd.


\*******************************************************************/


#include "c_nondet_symbol_factory.h"


#include <util/arith_tools.h>

#include <util/c_types.h>

#include <util/fresh_symbol.h>

#include <util/namespace.h>

#include <util/nondet_bool.h>

#include <util/pointer_expr.h>

#include <util/std_expr.h>

#include <util/symbol.h>


#include <goto-programs/goto_functions.h>


#include "allocate_objects.h"

#include "c_object_factory_parameters.h"


void symbol_factoryt::gen_nondet_init(

  code_blockt &assignments,

  const exprt &expr,

  const std::size_t depth,

  recursion_sett recursion_set,

  const bool assign_const)

{

  const typet &type = expr.type();


  if(!assign_const && expr.type().get_bool(ID_C_constant))

  {

    return;

  }


  if(type.id()==ID_pointer)

  {

    // dereferenced type

    const pointer_typet &pointer_type=to_pointer_type(type);

    const typet &base_type = pointer_type.base_type();


    if(base_type.id() == ID_code)

    {

      // Handle the pointer-to-code case separately:

      // leave as nondet_ptr to allow `remove_function_pointers`

      // to replace the pointer.

      assignments.add(code_frontend_assignt{

        expr, side_effect_expr_nondett{pointer_type, loc}});

      return;

    }


    if(base_type.id() == ID_struct_tag)

    {

      const irep_idt struct_tag =

        to_struct_tag_type(base_type).get_identifier();


      if(

        recursion_set.find(struct_tag) != recursion_set.end() &&

        depth >= object_factory_params.max_nondet_tree_depth)

      {

        assignments.add(

          code_frontend_assignt{expr, null_pointer_exprt{pointer_type}, loc});


        return;

      }

    }


    code_blockt non_null_inst;


    typet object_type = base_type;

    if(object_type.id() == ID_empty)

      object_type = char_type();


    exprt init_expr = allocate_objects.allocate_object(

      non_null_inst, expr, object_type, lifetime);


    gen_nondet_init(non_null_inst, init_expr, depth + 1, recursion_set, true);


    if(depth < object_factory_params.min_null_tree_depth)

    {

      // Add the following code to assignments:

      // <expr> = <aoe>;

      assignments.append(non_null_inst);

    }

    else

    {

      // Add the following code to assignments:

      //           IF !NONDET(_Bool) THEN GOTO <label1>

      //           <expr> = <null pointer>

      //           GOTO <label2>

      // <label1>: <expr> = &tmp$<temporary_counter>;

      //           <code from recursive call to gen_nondet_init() with

      //             tmp$<temporary_counter>>

      // And the next line is labelled label2

      const code_frontend_assignt set_null_inst{

        expr, null_pointer_exprt{pointer_type}, loc};


      code_ifthenelset null_check(

        side_effect_expr_nondett(bool_typet(), loc),

        std::move(set_null_inst),

        std::move(non_null_inst));


      assignments.add(std::move(null_check));

    }

  }

  else if(type.id() == ID_struct_tag)

  {

    const auto &struct_tag_type = to_struct_tag_type(type);


    const irep_idt struct_tag = struct_tag_type.get_identifier();


    recursion_set.insert(struct_tag);


    const auto &struct_type = to_struct_type(ns.follow_tag(struct_tag_type));


    for(const auto &component : struct_type.components())

    {

      const typet &component_type = component.type();


      if(!assign_const && component_type.get_bool(ID_C_constant))

      {

        continue;

      }


      const irep_idt name = component.get_name();


      member_exprt me(expr, name, component_type);

      me.add_source_location() = loc;


      gen_nondet_init(assignments, me, depth, recursion_set, assign_const);

    }

  }

  else if(type.id() == ID_array)

  {

    gen_nondet_array_init(assignments, expr, depth, recursion_set);

  }

  else

  {

    // If type is a ID_c_bool then add the following code to assignments:

    //   <expr> = NONDET(_BOOL);

    // Else add the following code to assignments:

    //   <expr> = NONDET(type);

    exprt rhs = type.id() == ID_c_bool ? get_nondet_bool(type, loc)

                                       : side_effect_expr_nondett(type, loc);

    code_frontend_assignt assign(expr, rhs);

    assign.add_source_location()=loc;


    assignments.add(std::move(assign));

  }

}

void symbol_factoryt::gen_nondet_init( {…}


void symbol_factoryt::gen_nondet_array_init(

  code_blockt &assignments,

  const exprt &expr,

  std::size_t depth,

  const recursion_sett &recursion_set)

{

  auto const &array_type = to_array_type(expr.type());

  const auto &size = array_type.size();

  PRECONDITION(size.is_constant());

  auto const array_size = numeric_cast<mp_integer>(to_constant_expr(size));

  DATA_INVARIANT(

    array_size.has_value() && *array_size >= 0,

    "Arrays should have positive size");

  for(mp_integer index = 0; index < *array_size; ++index)

  {

    gen_nondet_init(

      assignments,

      index_exprt(expr, from_integer(index, size_type())),

      depth,

      recursion_set);

  }

}

void symbol_factoryt::gen_nondet_array_init( {…}


symbol_exprt c_nondet_symbol_factory(

  code_blockt &init_code,

  symbol_table_baset &symbol_table,

  const irep_idt base_name,

  const typet &type,

  const source_locationt &loc,

  const c_object_factory_parameterst &object_factory_parameters,

  const lifetimet lifetime)

{

  const symbolt &main_symbol = get_fresh_aux_symbol(

    type,

    id2string(goto_functionst::entry_point()),

    id2string(base_name),

    loc,

    ID_C,

    symbol_table);

  symbol_exprt main_symbol_expr=main_symbol.symbol_expr();


  symbol_factoryt state(

    symbol_table,

    loc,

    goto_functionst::entry_point(),

    object_factory_parameters,

    lifetime);


  code_blockt assignments;

  state.gen_nondet_init(assignments, main_symbol_expr);


  state.add_created_symbol(main_symbol);

  state.declare_created_symbols(init_code);


  init_code.append(assignments);


  state.mark_created_symbols_as_input(init_code);


  return main_symbol_expr;

}

symbol_exprt c_nondet_symbol_factory( {…}

allocate_objects.h

lifetimet
lifetimet
Selects the kind of objects allocated.
Definition allocate_objects.h:17

from_integer
constant_exprt from_integer(const mp_integer &int_value, const typet &type)
Definition arith_tools.cpp:99

arith_tools.h

c_nondet_symbol_factory
symbol_exprt c_nondet_symbol_factory(code_blockt &init_code, symbol_table_baset &symbol_table, const irep_idt base_name, const typet &type, const source_locationt &loc, const c_object_factory_parameterst &object_factory_parameters, const lifetimet lifetime)
Creates a symbol and generates code so that it can vary over all possible values for its type.
Definition c_nondet_symbol_factory.cpp:203

c_nondet_symbol_factory.h
C Nondet Symbol Factory.

c_object_factory_parameters.h

pointer_type
pointer_typet pointer_type(const typet &subtype)
Definition c_types.cpp:235

char_type
bitvector_typet char_type()
Definition c_types.cpp:106

c_types.h

ait
ait supplies three of the four components needed: an abstract interpreter (in this case handling func...
Definition ai.h:562

allocate_objectst::allocate_object
exprt allocate_object(code_blockt &assignments, const exprt &target_expr, const typet &allocate_type, const lifetimet lifetime, const irep_idt &basename_prefix="tmp")
Allocates a new object, either by creating a local variable with automatic lifetime,...
Definition allocate_objects.cpp:34

bool_typet
The Boolean type.
Definition std_types.h:36

code_blockt
A codet representing sequential composition of program statements.
Definition std_code.h:130

code_blockt::append
void append(const code_blockt &extra_block)
Add all the codets from extra_block to the current code_blockt.
Definition std_code.cpp:86

code_blockt::add
void add(const codet &code)
Definition std_code.h:168

code_frontend_assignt
A codet representing an assignment in the program.
Definition std_code.h:24

code_ifthenelset
codet representation of an if-then-else statement.
Definition std_code.h:460

dstringt
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Definition dstring.h:38

exprt
Base class for all expressions.
Definition expr.h:56

exprt::type
typet & type()
Return the type of the expression.
Definition expr.h:84

exprt::add_source_location
source_locationt & add_source_location()
Definition expr.h:236

goto_functionst::entry_point
static irep_idt entry_point()
Get the identifier of the entry point to a goto model.
Definition goto_functions.h:97

index_exprt
Array index operator.
Definition std_expr.h:1470

irept::get_bool
bool get_bool(const irep_idt &name) const
Definition irep.cpp:57

irept::id
const irep_idt & id() const
Definition irep.h:388

member_exprt
Extract member of struct or union.
Definition std_expr.h:2971

namespace_baset::follow_tag
const union_typet & follow_tag(const union_tag_typet &) const
Follow type tag of union type.
Definition namespace.cpp:49

null_pointer_exprt
The null pointer constant.
Definition pointer_expr.h:909

pointer_typet
The pointer type These are both 'bitvector_typet' (they have a width) and 'type_with_subtypet' (they ...
Definition pointer_expr.h:24

pointer_typet::base_type
const typet & base_type() const
The type of the data what we point to.
Definition pointer_expr.h:35

side_effect_expr_nondett
A side_effect_exprt that returns a non-deterministically chosen value.
Definition std_code.h:1520

source_locationt
Definition source_location.h:20

symbol_exprt
Expression to hold a symbol (variable)
Definition std_expr.h:131

symbol_factoryt
Definition c_nondet_symbol_factory.h:22

symbol_factoryt::gen_nondet_array_init
void gen_nondet_array_init(code_blockt &assignments, const exprt &expr, std::size_t depth, const recursion_sett &recursion_set)
Generate initialisation code for each array element.
Definition c_nondet_symbol_factory.cpp:167

symbol_factoryt::gen_nondet_init
void gen_nondet_init(code_blockt &assignments, const exprt &expr, const std::size_t depth=0, recursion_sett recursion_set=recursion_sett(), const bool assign_const=true)
Creates a nondet for expr, including calling itself recursively to make appropriate symbols to point ...
Definition c_nondet_symbol_factory.cpp:37

symbol_factoryt::allocate_objects
allocate_objectst allocate_objects
Definition c_nondet_symbol_factory.h:28

symbol_factoryt::add_created_symbol
void add_created_symbol(const symbolt &symbol)
Definition c_nondet_symbol_factory.h:57

symbol_factoryt::recursion_sett
std::set< irep_idt > recursion_sett
Definition c_nondet_symbol_factory.h:33

symbol_factoryt::mark_created_symbols_as_input
void mark_created_symbols_as_input(code_blockt &init_code)
Definition c_nondet_symbol_factory.h:67

symbol_factoryt::ns
namespacet ns
Definition c_nondet_symbol_factory.h:25

symbol_factoryt::object_factory_params
const c_object_factory_parameterst & object_factory_params
Definition c_nondet_symbol_factory.h:26

symbol_factoryt::declare_created_symbols
void declare_created_symbols(code_blockt &init_code)
Definition c_nondet_symbol_factory.h:62

symbol_factoryt::loc
const source_locationt & loc
Definition c_nondet_symbol_factory.h:24

symbol_factoryt::lifetime
const lifetimet lifetime
Definition c_nondet_symbol_factory.h:30

symbol_table_baset
The symbol table base class interface.
Definition symbol_table_base.h:23

symbolt
Symbol table entry.
Definition symbol.h:28

symbolt::symbol_expr
class symbol_exprt symbol_expr() const
Produces a symbol_exprt for a symbol.
Definition symbol.cpp:121

typet
The type of an expression, extends irept.
Definition type.h:29

get_fresh_aux_symbol
symbolt & get_fresh_aux_symbol(const typet &type, const std::string &name_prefix, const std::string &basename_prefix, const source_locationt &source_location, const irep_idt &symbol_mode, const namespacet &ns, symbol_table_baset &symbol_table)
Installs a fresh-named symbol with respect to the given namespace ns with the requested name pattern ...
Definition fresh_symbol.cpp:32

fresh_symbol.h
Fresh auxiliary symbol creation.

goto_functions.h
Goto Programs with Functions.

id2string
const std::string & id2string(const irep_idt &d)
Definition irep.h:44

namespace.h

nondet_bool.h
Nondeterministic boolean helper.

get_nondet_bool
exprt get_nondet_bool(const typet &type, const source_locationt &source_location)
Definition nondet_bool.h:21

pointer_expr.h
API to expression classes for Pointers.

to_pointer_type
const pointer_typet & to_pointer_type(const typet &type)
Cast a typet to a pointer_typet.
Definition pointer_expr.h:93

DATA_INVARIANT
#define DATA_INVARIANT(CONDITION, REASON)
This condition should be used to document that assumptions that are made on goto_functions,...
Definition invariant.h:534

PRECONDITION
#define PRECONDITION(CONDITION)
Definition invariant.h:463

component
auto component(T &struct_expr, const irep_idt &name, const namespacet &ns) -> decltype(struct_expr.op0())
Definition std_expr.cpp:97

std_expr.h
API to expression classes.

to_constant_expr
const constant_exprt & to_constant_expr(const exprt &expr)
Cast an exprt to a constant_exprt.
Definition std_expr.h:3172

to_struct_type
const struct_typet & to_struct_type(const typet &type)
Cast a typet to a struct_typet.
Definition std_types.h:308

to_struct_tag_type
const struct_tag_typet & to_struct_tag_type(const typet &type)
Cast a typet to a struct_tag_typet.
Definition std_types.h:518

to_array_type
const array_typet & to_array_type(const typet &type)
Cast a typet to an array_typet.
Definition std_types.h:888

c_object_factory_parameterst
Definition c_object_factory_parameters.h:15

symbol.h
Symbol table entry.

size_type
#define size_type
Definition unistd.c:186