|
| bool | check_break (const irep_idt &loop_id, unsigned unwind) override |
| | Defines condition for interrupting symbolic execution for incremental BMC. More...
|
| |
| bool | should_stop_unwind (const symex_targett::sourcet &source, const call_stackt &context, unsigned unwind) override |
| | Determine whether to unwind a loop. More...
|
| |
| void | log_unwinding (unsigned unwind) |
| |
| void | symex_step (const get_goto_functiont &get_goto_function, statet &state) override |
| | show progress More...
|
| |
| void | merge_goto (const symex_targett::sourcet &source, goto_statet &&goto_state, statet &state) override |
| | Merge a single branch, the symbolic state of which is held in goto_state, into the current overall symbolic state. More...
|
| |
| bool | get_unwind_recursion (const irep_idt &identifier, unsigned thread_nr, unsigned unwind) override |
| |
| std::unique_ptr< statet > | initialize_entry_point_state (const get_goto_functiont &get_goto_function) |
| | Initialize the symbolic execution and the given state with the beginning of the entry point function. More...
|
| |
| void | symex_threaded_step (statet &state, const get_goto_functiont &get_goto_function) |
| | Invokes symex_step and verifies whether additional threads can be executed. More...
|
| |
| void | execute_next_instruction (const get_goto_functiont &get_goto_function, statet &state) |
| | Executes the instruction state.source.pc Case-switches over the type of the instruction being executed and calls another function appropriate to the instruction type, for example symex_function_call if the current instruction is a function call, symex_goto if the current instruction is a goto, etc. More...
|
| |
| void | kill_instruction_local_symbols (statet &state) |
| | Kills any variables in instruction_local_symbols (these are currently always let-bound variables defined in the course of executing the current instruction), then clears instruction_local_symbols. More...
|
| |
| void | print_symex_step (statet &state) |
| | Prints the route of symex as it walks through the code. More...
|
| |
| messaget::mstreamt & | print_callstack_entry (const symex_targett::sourcet &target) |
| |
| exprt | clean_expr (exprt expr, statet &state, bool write) |
| | Clean up an expression. More...
|
| |
| void | trigger_auto_object (const exprt &, statet &) |
| |
| void | initialize_auto_object (const exprt &, statet &) |
| |
| void | process_array_expr (statet &, exprt &) |
| | Given an expression, find the root object and the offset into it. More...
|
| |
| exprt | make_auto_object (const typet &, statet &) |
| |
| virtual void | dereference (exprt &, statet &, bool write) |
| | Replace all dereference operations within expr with explicit references to the objects they may refer to. More...
|
| |
| symbol_exprt | cache_dereference (exprt &dereference_result, statet &state) |
| |
| void | dereference_rec (exprt &expr, statet &state, bool write, bool is_in_quantifier) |
| | If expr is a dereference_exprt, replace it with explicit references to the objects it may point to. More...
|
| |
| exprt | address_arithmetic (const exprt &, statet &, bool keep_array) |
| | Transforms an lvalue expression by replacing any dereference operations it contains with explicit references to the objects they may point to (using goto_symext::dereference_rec), and translates byte_extract, member and index operations into integer offsets from a root symbol (if any). More...
|
| |
| virtual void | symex_goto (statet &state) |
| | Symbolically execute a GOTO instruction. More...
|
| |
| void | symex_unreachable_goto (statet &state) |
| | Symbolically execute a GOTO instruction in the context of unreachable code. More...
|
| |
| void | symex_set_return_value (statet &state, const exprt &return_value) |
| | Symbolically execute a SET_RETURN_VALUE instruction. More...
|
| |
| virtual void | symex_start_thread (statet &state) |
| | Symbolically execute a START_THREAD instruction. More...
|
| |
| virtual void | symex_atomic_begin (statet &state) |
| | Symbolically execute an ATOMIC_BEGIN instruction. More...
|
| |
| virtual void | symex_atomic_end (statet &state) |
| | Symbolically execute an ATOMIC_END instruction. More...
|
| |
| virtual void | symex_decl (statet &state) |
| | Symbolically execute a DECL instruction. More...
|
| |
| virtual void | symex_decl (statet &state, const symbol_exprt &expr) |
| | Symbolically execute a DECL instruction for the given symbol or simulate such an execution for a synthetic symbol. More...
|
| |
| virtual void | symex_dead (statet &state) |
| | Symbolically execute a DEAD instruction. More...
|
| |
| void | symex_dead (statet &state, const symbol_exprt &symbol_expr) |
| | Kill a symbol, as if it had been the subject of a DEAD instruction. More...
|
| |
| virtual void | symex_other (statet &state) |
| | Symbolically execute an OTHER instruction. More...
|
| |
| void | symex_assert (const goto_programt::instructiont &, statet &) |
| |
| void | apply_goto_condition (goto_symex_statet ¤t_state, goto_statet &jump_taken_state, goto_statet &jump_not_taken_state, const exprt &original_guard, const exprt &new_guard, const namespacet &ns) |
| | Propagate constants and points-to information implied by a GOTO condition. More...
|
| |
| void | try_filter_value_sets (goto_symex_statet &state, exprt condition, const value_sett &original_value_set, value_sett *jump_taken_value_set, value_sett *jump_not_taken_value_set, const namespacet &ns) |
| | Try to filter value sets based on whether possible values of a pointer-typed symbol make the condition true or false. More...
|
| |
| virtual void | vcc (const exprt &cond, const irep_idt &property_id, const std::string &msg, statet &state) |
| | Symbolically execute a verification condition (assertion). More...
|
| |
| virtual void | symex_assume (statet &state, const exprt &cond) |
| | Symbolically execute an ASSUME instruction or simulate such an execution for a synthetic assumption. More...
|
| |
| void | symex_assume_l2 (statet &, const exprt &cond) |
| |
| void | merge_gotos (statet &state) |
| | Merge all branches joining at the current program point. More...
|
| |
| void | phi_function (const goto_statet &goto_state, statet &dest_state) |
| | Merge the SSA assignments from goto_state into dest_state. More...
|
| |
| virtual void | loop_bound_exceeded (statet &state, const exprt &guard) |
| |
| virtual void | symex_function_call (const get_goto_functiont &get_goto_function, statet &state, const goto_programt::instructiont &instruction) |
| | Symbolically execute a FUNCTION_CALL instruction. More...
|
| |
| virtual void | locality (const irep_idt &function_identifier, goto_symext::statet &state, const goto_functionst::goto_functiont &goto_function) |
| | Preserves locality of parameters of a given function by applying L1 renaming to them. More...
|
| |
| virtual void | symex_end_of_function (statet &) |
| | Symbolically execute a END_FUNCTION instruction. More...
|
| |
| virtual void | symex_function_call_symbol (const get_goto_functiont &get_goto_function, statet &state, const exprt &lhs, const symbol_exprt &function, const exprt::operandst &arguments) |
| | Symbolic execution of a call to a function call. More...
|
| |
| virtual void | symex_function_call_post_clean (const get_goto_functiont &get_goto_function, statet &state, const exprt &cleaned_lhs, const symbol_exprt &function, const exprt::operandst &cleaned_arguments) |
| | Symbolic execution of a function call by inlining. More...
|
| |
| void | parameter_assignments (const irep_idt &function_identifier, const goto_functionst::goto_functiont &goto_function, statet &state, const exprt::operandst &arguments) |
| | Iterates over arguments and assigns them to the parameters, which are symbols whose name and type are deduced from the type of goto_function. More...
|
| |
| void | symex_throw (statet &state) |
| | Symbolically execute a THROW instruction. More...
|
| |
| void | symex_catch (statet &state) |
| | Symbolically execute a CATCH instruction. More...
|
| |
| virtual void | do_simplify (exprt &expr) |
| |
| void | symex_assign (statet &state, const exprt &lhs, const exprt &rhs) |
| | Symbolically execute an ASSIGN instruction or simulate such an execution for a synthetic assignment. More...
|
| |
| bool | constant_propagate_assignment_with_side_effects (statet &state, symex_assignt &symex_assign, const exprt &lhs, const exprt &rhs) |
| | Attempt to constant propagate side effects of the assignment (if any) More...
|
| |
| void | constant_propagate_empty_string (statet &state, symex_assignt &symex_assign, const function_application_exprt &f_l1) |
| | Create an empty string constant. More...
|
| |
| bool | constant_propagate_string_concat (statet &state, symex_assignt &symex_assign, const function_application_exprt &f_l1) |
| | Attempt to constant propagate string concatenation. More...
|
| |
| bool | constant_propagate_string_substring (statet &state, symex_assignt &symex_assign, const function_application_exprt &f_l1) |
| | Attempt to constant propagate getting a substring of a string. More...
|
| |
| bool | constant_propagate_integer_to_string (statet &state, symex_assignt &symex_assign, const function_application_exprt &f_l1) |
| | Attempt to constant propagate converting an integer to a string. More...
|
| |
| bool | constant_propagate_delete_char_at (statet &state, symex_assignt &symex_assign, const function_application_exprt &f_l1) |
| | Attempt to constant propagate deleting a character from a string. More...
|
| |
| bool | constant_propagate_delete (statet &state, symex_assignt &symex_assign, const function_application_exprt &f_l1) |
| | Attempt to constant propagate deleting a substring from a string. More...
|
| |
| bool | constant_propagate_set_length (statet &state, symex_assignt &symex_assign, const function_application_exprt &f_l1) |
| | Attempt to constant propagate setting the length of a string. More...
|
| |
| bool | constant_propagate_set_char_at (statet &state, symex_assignt &symex_assign, const function_application_exprt &f_l1) |
| | Attempt to constant propagate setting the char at the given index. More...
|
| |
| bool | constant_propagate_trim (statet &state, symex_assignt &symex_assign, const function_application_exprt &f_l1) |
| | Attempt to constant propagate trim operations. More...
|
| |
| bool | constant_propagate_case_change (statet &state, symex_assignt &symex_assign, const function_application_exprt &f_l1, bool to_upper) |
| | Attempt to constant propagate case changes, both upper and lower. More...
|
| |
| bool | constant_propagate_replace (statet &state, symex_assignt &symex_assign, const function_application_exprt &f_l1) |
| | Attempt to constant proagate character replacement. More...
|
| |
| void | assign_string_constant (statet &state, symex_assignt &symex_assign, const ssa_exprt &length, const constant_exprt &new_length, const ssa_exprt &char_array, const array_exprt &new_char_array) |
| | Assign constant string length and string data given by a char array to given ssa variables. More...
|
| |
| const symbolt & | get_new_string_data_symbol (statet &state, symex_assignt &symex_assign, const std::string &aux_symbol_name, const ssa_exprt &char_array, const array_exprt &new_char_array) |
| | Installs a new symbol in the symbol table to represent the given character array, and assigns the character array to the symbol. More...
|
| |
| void | associate_array_to_pointer (statet &state, symex_assignt &symex_assign, const array_exprt &new_char_array, const address_of_exprt &string_data) |
| | Generate array to pointer association primitive. More...
|
| |
| std::optional< std::reference_wrapper< const array_exprt > > | try_evaluate_constant_string (const statet &state, const exprt &content) |
| |
| void | havoc_rec (statet &state, const guardt &guard, const exprt &dest) |
| |
| void | lift_lets (statet &, exprt &) |
| | Execute any let expressions in expr using symex_assignt::assign_symbol. More...
|
| |
| void | lift_let (statet &state, const let_exprt &let_expr) |
| | Execute a single let expression, which should not have any nested let expressions (use lift_lets instead if there might be). More...
|
| |
| virtual void | symex_va_start (statet &, const exprt &lhs, const side_effect_exprt &) |
| |
| virtual void | symex_allocate (statet &state, const exprt &lhs, const side_effect_exprt &code) |
| | Symbolically execute an assignment instruction that has an allocate on the right hand side. More...
|
| |
| virtual void | symex_cpp_delete (statet &state, const codet &code) |
| | Symbolically execute an OTHER instruction that does a CPP delete More...
|
| |
| virtual void | symex_cpp_new (statet &state, const exprt &lhs, const side_effect_exprt &code) |
| | Handles side effects of type 'new' for C++ and 'new array' for C++ and Java language modes. More...
|
| |
| virtual void | symex_printf (statet &state, const exprt &rhs) |
| | Symbolically execute an OTHER instruction that does a CPP printf More...
|
| |
| virtual void | symex_input (statet &state, const codet &code) |
| | Symbolically execute an OTHER instruction that does a CPP input. More...
|
| |
| virtual void | symex_output (statet &state, const codet &code) |
| | Symbolically execute an OTHER instruction that does a CPP output. More...
|
| |
| void | rewrite_quantifiers (exprt &, statet &) |
| |
Inheritance diagram for symex_bmc_incremental_one_loopt: