Generates the body of a wrapper function from a contract specified using requires, assigns, frees, ensures, clauses attached to a function symbol. More...
#include <dfcc_wrapper_program.h>
Collaboration diagram for dfcc_wrapper_programt:Public Member Functions | |
| dfcc_wrapper_programt (const dfcc_contract_modet contract_mode, const symbolt &wrapper_symbol, const symbolt &wrapped_symbol, const dfcc_contract_functionst &contract_functions, const symbolt &caller_write_set_symbol, goto_modelt &goto_model, message_handlert &message_handler, dfcc_libraryt &library, dfcc_instrumentt &instrument, dfcc_lift_memory_predicatest &memory_predicates) | |
| void | add_to_dest (goto_programt &dest, std::set< irep_idt > &dest_fp_contracts) |
Adds the whole program to dest and the discovered function pointer contracts dest_fp_contracts. More... | |
Protected Member Functions | |
| void | add_to_dest (goto_programt &dest) |
Adds the whole generated program to dest, which is meant to be a part of the body of the wrapper_symbol. More... | |
| void | encode_requires_write_set () |
| Encodes the empty write set used to check for side effects in requires. More... | |
| void | encode_ensures_write_set () |
| Encodes the empty write set used to check for side effects in ensures. More... | |
| void | encode_contract_write_set () |
| Encodes the write set of the contract being checked/replaced (populated by calling functions provided in contract_functions) More... | |
| void | encode_is_fresh_set () |
| Encodes the object set used to evaluate is fresh predicates,. More... | |
| void | encode_requires_clauses () |
| Encodes preconditions, instruments them to check for side effects. More... | |
| void | encode_ensures_clauses () |
| Encodes postconditions, instruments them to check for side effects. More... | |
| void | encode_function_call () |
| Encodes the function call section of the wrapper program. More... | |
| void | encode_checked_function_call () |
| Creates a checked function call to the wrapped function, passing it the contract-derived write set as parameter. More... | |
| void | encode_havoced_function_call () |
| Creates instructions that havoc the contract write set, create a nondet return value, nondeterministically free the freeable part of the write set. More... | |
Detailed Description
Generates the body of a wrapper function from a contract specified using requires, assigns, frees, ensures, clauses attached to a function symbol.
The desired mode CHECK or REPLACE is given to the constructor of the class.
The body of the wrapper is divided into a number of sections represented as separate goto_programs:
- preamble
- create is_fresh_set, requires_write_set, ensures_write_set, contract_write_set variables
- link_is_fresh
- link the is_fresh_set to requires_write_set and ensures_write_set
- in REPLACE mode, link the caller_write_set to the contract_write_set so that deallocations and allocations are reflected in the caller
- preconditions
- evaluate preconditions, checking side effects against requires_write_set
- history
- declare and snapshot history variables
- write_set_checks
- populate the contract write set and check it for inclusion against the caller write set if REPLACE mode is selected.
- function_call
- in CHECK mode CALL retval = foo(params, contract_write_set);const symbol_exprt contract_write_setSymbol for the write set object derived from the contract.Definition: dfcc_wrapper_program.h:144
- in REPLACE mode CALL foo::havoc(contract_write_set);CALL deallocate_freeable(contract_write_set, caller_write_set);ASSIGN retval = nondetconst symbol_exprt caller_write_setDefinition: dfcc_wrapper_program.h:135
- in CHECK mode
- link_allocated_caller in REPLACE mode, links the allocated set of the caller to the ensures_write_set, so that allocations performed by is fresh in post conditions get recorded in the caller write set and are considered as assignable for the caller (In CHECK mode, the caller write set comes from the proof harness and is NULL and ignored). CALL link_allocated(ensures_write_set, caller_write_set);const symbol_exprt ensures_write_setSymbol for the write set used to check ensures clauses for side effects.Definition: dfcc_wrapper_program.h:156
- link_deallocated_contract links the deallocated set of the contract_write_set to the ensures_write_set, so that was_freed predicates can be evaluated in the post conditions. CALL link_allocated(ensures_write_set, caller_write_set);
- postconditions
- evaluate preconditions, checking side effects against ensures_write_set
- postamble
- release all object sets and write set variables
There a private method per type of contract clause, which adds contents encoding the semantics of the clause to the appropriate section when called.
The public method add_to_dest calls the private methods to populate the sections, and then adds the contents of these sections in order to the given destination program.
Definition at line 95 of file dfcc_wrapper_program.h.
Constructor & Destructor Documentation
◆ dfcc_wrapper_programt()
| dfcc_wrapper_programt::dfcc_wrapper_programt | ( | const dfcc_contract_modet | contract_mode, |
| const symbolt & | wrapper_symbol, | ||
| const symbolt & | wrapped_symbol, | ||
| const dfcc_contract_functionst & | contract_functions, | ||
| const symbolt & | caller_write_set_symbol, | ||
| goto_modelt & | goto_model, | ||
| message_handlert & | message_handler, | ||
| dfcc_libraryt & | library, | ||
| dfcc_instrumentt & | instrument, | ||
| dfcc_lift_memory_predicatest & | memory_predicates | ||
| ) |
- Parameters
-
contract_mode checking or replacement mode for the contract wrapper_symbol function symbol receiving the generated instructions wrapped_symbol function symbol being checked or replaced contract_functions contains the contract expressions and the assigns/frees/havoc functions symbols derived from the contract caller_write_set_symbol symbol representing the write set passed to the wrapper function by its caller. goto_model the goto model being transformed message_handler used for debug/warning/error messages library the contracts instrumentation library instrument the instrumenter class for goto functions/goto programs memory_predicates handler for user-defed memory predicates, used to adjust call parameters for user defined predicates used in requires and ensures clauses.
Definition at line 144 of file dfcc_wrapper_program.cpp.
Member Function Documentation
◆ add_to_dest() [1/2]
|
protected |
Adds the whole generated program to dest, which is meant to be a part of the body of the wrapper_symbol.
Definition at line 244 of file dfcc_wrapper_program.cpp.
◆ add_to_dest() [2/2]
| void dfcc_wrapper_programt::add_to_dest | ( | goto_programt & | dest, |
| std::set< irep_idt > & | dest_fp_contracts | ||
| ) |
Adds the whole program to dest and the discovered function pointer contracts dest_fp_contracts.
Definition at line 235 of file dfcc_wrapper_program.cpp.
◆ encode_checked_function_call()
|
protected |
Creates a checked function call to the wrapped function, passing it the contract-derived write set as parameter.
Definition at line 656 of file dfcc_wrapper_program.cpp.
◆ encode_contract_write_set()
|
protected |
Encodes the write set of the contract being checked/replaced (populated by calling functions provided in contract_functions)
- Adds declaration of write set and pointer to write set to preamble
- Adds initialisation function call in write_set_checks
- Adds contract::c_assigns and contract::frees function call in write_set_checks
- Adds release function call in postamble
Definition at line 414 of file dfcc_wrapper_program.cpp.
◆ encode_ensures_clauses()
|
protected |
Encodes postconditions, instruments them to check for side effects.
Definition at line 588 of file dfcc_wrapper_program.cpp.
◆ encode_ensures_write_set()
|
protected |
Encodes the empty write set used to check for side effects in ensures.
- Adds declaration of write set and pointer to write set to preamble
- Adds initialisation function call in preamble
- Adds alloc/deallocation checking assertion in postamble
- Adds release function call in postamble
Definition at line 331 of file dfcc_wrapper_program.cpp.
◆ encode_function_call()
|
protected |
Encodes the function call section of the wrapper program.
Definition at line 648 of file dfcc_wrapper_program.cpp.
◆ encode_havoced_function_call()
|
protected |
Creates instructions that havoc the contract write set, create a nondet return value, nondeterministically free the freeable part of the write set.
Definition at line 692 of file dfcc_wrapper_program.cpp.
◆ encode_is_fresh_set()
|
protected |
Encodes the object set used to evaluate is fresh predicates,.
- Adds declaration of object set and pointer to set to preamble
- Adds initialisation function call in preamble
- Adds release function call in postamble
Definition at line 502 of file dfcc_wrapper_program.cpp.
◆ encode_requires_clauses()
|
protected |
Encodes preconditions, instruments them to check for side effects.
Definition at line 537 of file dfcc_wrapper_program.cpp.
◆ encode_requires_write_set()
|
protected |
Encodes the empty write set used to check for side effects in requires.
- Adds declaration of write set and pointer to write set to preamble
- Adds initialisation function call in preamble
- Adds alloc/deallocation checking assertion in postamble
- Adds release function call in postamble
Definition at line 259 of file dfcc_wrapper_program.cpp.
Member Data Documentation
◆ addr_of_contract_write_set
|
protected |
Symbol for the pointer to the write set object derived from the contract.
Definition at line 147 of file dfcc_wrapper_program.h.
◆ addr_of_ensures_write_set
|
protected |
Symbol for the pointer to the write set used to check ensures clauses.
Definition at line 159 of file dfcc_wrapper_program.h.
◆ addr_of_is_fresh_set
|
protected |
Symbol for the pointer to the is_fresh object set.
Definition at line 165 of file dfcc_wrapper_program.h.
◆ addr_of_requires_write_set
|
protected |
Symbol for the pointer to the write set used to check requires clauses.
Definition at line 153 of file dfcc_wrapper_program.h.
◆ caller_write_set
|
protected |
Definition at line 135 of file dfcc_wrapper_program.h.
◆ contract_code_type
|
protected |
Definition at line 134 of file dfcc_wrapper_program.h.
◆ contract_functions
|
protected |
Definition at line 132 of file dfcc_wrapper_program.h.
◆ contract_lambda_parameters
|
protected |
Vector of arguments to use to instantiate the lambdas wrapping the contract clauses.
Definition at line 182 of file dfcc_wrapper_program.h.
◆ contract_mode
|
protected |
Definition at line 129 of file dfcc_wrapper_program.h.
◆ contract_symbol
|
protected |
Definition at line 133 of file dfcc_wrapper_program.h.
◆ contract_write_set
|
protected |
Symbol for the write set object derived from the contract.
Definition at line 144 of file dfcc_wrapper_program.h.
◆ converter
|
protected |
Definition at line 178 of file dfcc_wrapper_program.h.
◆ ensures_write_set
|
protected |
Symbol for the write set used to check ensures clauses for side effects.
Definition at line 156 of file dfcc_wrapper_program.h.
◆ function_call
|
protected |
Definition at line 194 of file dfcc_wrapper_program.h.
◆ function_pointer_contracts
|
protected |
Set of required or ensured contracts for function pointers discovered when processing the contract of interest.
Definition at line 169 of file dfcc_wrapper_program.h.
◆ goto_model
|
protected |
Definition at line 171 of file dfcc_wrapper_program.h.
◆ history
|
protected |
Definition at line 192 of file dfcc_wrapper_program.h.
◆ instrument
|
protected |
Definition at line 175 of file dfcc_wrapper_program.h.
◆ is_fresh_set
|
protected |
Symbol for the object set used to evaluate is_fresh predicates.
Definition at line 162 of file dfcc_wrapper_program.h.
◆ library
|
protected |
Definition at line 174 of file dfcc_wrapper_program.h.
◆ link_allocated_caller
|
protected |
Definition at line 195 of file dfcc_wrapper_program.h.
◆ link_deallocated_contract
|
protected |
Definition at line 196 of file dfcc_wrapper_program.h.
◆ link_is_fresh
|
protected |
Definition at line 190 of file dfcc_wrapper_program.h.
◆ log
|
protected |
Definition at line 173 of file dfcc_wrapper_program.h.
◆ memory_predicates
|
protected |
Definition at line 176 of file dfcc_wrapper_program.h.
◆ message_handler
|
protected |
Definition at line 172 of file dfcc_wrapper_program.h.
◆ ns
|
protected |
Definition at line 177 of file dfcc_wrapper_program.h.
◆ postamble
|
protected |
Definition at line 198 of file dfcc_wrapper_program.h.
◆ postconditions
|
protected |
Definition at line 197 of file dfcc_wrapper_program.h.
◆ preamble
|
protected |
Definition at line 189 of file dfcc_wrapper_program.h.
◆ preconditions
|
protected |
Definition at line 191 of file dfcc_wrapper_program.h.
◆ requires_write_set
|
protected |
Symbol for the write set used to check requires clauses for side effects.
Definition at line 150 of file dfcc_wrapper_program.h.
◆ return_value_opt
|
protected |
Symbol for the return value of the wrapped function.
Definition at line 141 of file dfcc_wrapper_program.h.
◆ wrapped_symbol
|
protected |
Definition at line 131 of file dfcc_wrapper_program.h.
◆ wrapper_sl
|
protected |
Source location with wrapper function name as function name.
Definition at line 138 of file dfcc_wrapper_program.h.
◆ wrapper_symbol
|
protected |
Definition at line 130 of file dfcc_wrapper_program.h.
◆ write_set_checks
|
protected |
Definition at line 193 of file dfcc_wrapper_program.h.
The documentation for this class was generated from the following files:
- /home/runner/work/cbmc/cbmc/src/goto-instrument/contracts/dynamic-frames/dfcc_wrapper_program.h
- /home/runner/work/cbmc/cbmc/src/goto-instrument/contracts/dynamic-frames/dfcc_wrapper_program.cpp
