cbmc/dfcc__contract__clauses__codegen_8cpp_source.html

/*******************************************************************\


Module: Dynamic frame condition checking for function contracts


Author: Remi Delmas, delmasrd@amazon.com

Date: February 2023


\*******************************************************************/

#include "dfcc_contract_clauses_codegen.h"


#include <util/c_types.h>

#include <util/expr_util.h>

#include <util/fresh_symbol.h>

#include <util/invariant.h>

#include <util/mathematical_expr.h>

#include <util/namespace.h>

#include <util/pointer_expr.h>

#include <util/pointer_offset_size.h>

#include <util/std_expr.h>


#include <goto-programs/goto_model.h>


#include <ansi-c/c_expr.h>

#include <ansi-c/goto-conversion/destructor.h>

#include <goto-instrument/contracts/utils.h>

#include <langapi/language_util.h>


#include "dfcc_library.h"

#include "dfcc_utils.h"


dfcc_contract_clauses_codegent::dfcc_contract_clauses_codegent(

  goto_modelt &goto_model,

  message_handlert &message_handler,

  dfcc_libraryt &library)

  : goto_model(goto_model),

    message_handler(message_handler),

    log(message_handler),

    library(library),

    ns(goto_model.symbol_table)

{

}


void dfcc_contract_clauses_codegent::gen_spec_assigns_instructions(

  const irep_idt &language_mode,

  const exprt::operandst &assigns_clause,

  goto_programt &dest)

{

  for(const auto &expr : assigns_clause)

  {

    if(

      auto target_group =

        expr_try_dynamic_cast<conditional_target_group_exprt>(expr))

    {

      encode_assignable_target_group(language_mode, *target_group, dest);

    }

    else

    {

      encode_assignable_target(language_mode, expr, dest);

    }

  }


  // inline resulting program and check for loops

  inline_and_check_warnings(dest);

  dest.update();

  PRECONDITION_WITH_DIAGNOSTICS(

    is_loop_free(dest, ns, log),

    "loops in assigns clause specification functions must be unwound before "

    "contracts instrumentation");

}


void dfcc_contract_clauses_codegent::gen_spec_frees_instructions(

  const irep_idt &language_mode,

  const exprt::operandst &frees_clause,

  goto_programt &dest)

{

  for(const auto &expr : frees_clause)

  {

    if(

      auto target_group =

        expr_try_dynamic_cast<conditional_target_group_exprt>(expr))

    {

      encode_freeable_target_group(language_mode, *target_group, dest);

    }

    else

    {

      encode_freeable_target(language_mode, expr, dest);

    }

  }


  // inline resulting program and check for loops

  inline_and_check_warnings(dest);

  PRECONDITION_WITH_DIAGNOSTICS(

    is_loop_free(dest, ns, log),

    "loops in assigns clause specification functions must be unwound before "

    "contracts instrumentation");

}


void dfcc_contract_clauses_codegent::encode_assignable_target_group(

  const irep_idt &language_mode,

  const conditional_target_group_exprt &group,

  goto_programt &dest)

{

  const source_locationt &source_location = group.source_location();


  // clean up side effects from the condition expression if needed

  cleanert cleaner(goto_model.symbol_table, log.get_message_handler());

  exprt condition(group.condition());

  std::list<irep_idt> new_vars;

  if(has_subexpr(condition, ID_side_effect))

    new_vars = cleaner.clean(condition, dest, language_mode);


  // Jump target if condition is false

  auto goto_instruction = dest.add(goto_programt::make_incomplete_goto(

    boolean_negate(condition), source_location));


  for(const auto &target : group.targets())

    encode_assignable_target(language_mode, target, dest);


  auto label_instruction = dest.add(goto_programt::make_skip(source_location));

  goto_instruction->complete_goto(label_instruction);


  destruct_locals(new_vars, dest, ns);

}


void dfcc_contract_clauses_codegent::encode_assignable_target(

  const irep_idt &language_mode,

  const exprt &target,

  goto_programt &dest)

{

  const source_locationt &source_location = target.source_location();


  if(can_cast_expr<side_effect_expr_function_callt>(target))

  {

    // A function call target `foo(params)` becomes `CALL foo(params);`

    const auto &funcall = to_side_effect_expr_function_call(target);

    code_function_callt code_function_call(to_symbol_expr(funcall.function()));

    auto &arguments = code_function_call.arguments();

    for(auto &arg : funcall.arguments())

      arguments.emplace_back(arg);

    dest.add(

      goto_programt::make_function_call(code_function_call, source_location));

  }

  else if(is_assignable(target))

  {

    // An lvalue `target` becomes

    //` CALL __CPROVER_assignable(&target, sizeof(target), is_ptr_to_ptr);`

    const auto &size =

      size_of_expr(target.type(), namespacet(goto_model.symbol_table));


    if(!size.has_value())

    {

      throw invalid_source_file_exceptiont{

        "no definite size for lvalue assigns clause target " +

          from_expr_using_mode(ns, language_mode, target),

        target.source_location()};

    }

    // we have to build the symbol manually because it might not

    // be present in the symbol table if the user program does not already

    // use it.

    code_function_callt code_function_call(

      symbol_exprt(CPROVER_PREFIX "assignable", empty_typet()));

    auto &arguments = code_function_call.arguments();


    // ptr

    arguments.emplace_back(typecast_exprt::conditional_cast(

      address_of_exprt{target}, pointer_type(empty_typet())));


    // size

    arguments.emplace_back(size.value());


    // is_ptr_to_ptr

    arguments.emplace_back(make_boolean_expr(target.type().id() == ID_pointer));


    dest.add(

      goto_programt::make_function_call(code_function_call, source_location));

  }

  else

  {

    // any other type of target is unsupported

    throw invalid_source_file_exceptiont(

      "unsupported assigns clause target " +

        from_expr_using_mode(ns, language_mode, target),

      target.source_location());

  }

}


void dfcc_contract_clauses_codegent::encode_freeable_target_group(

  const irep_idt &language_mode,

  const conditional_target_group_exprt &group,

  goto_programt &dest)

{

  const source_locationt &source_location = group.source_location();


  // clean up side effects from the condition expression if needed

  cleanert cleaner(goto_model.symbol_table, log.get_message_handler());

  exprt condition(group.condition());

  std::list<irep_idt> new_vars;

  if(has_subexpr(condition, ID_side_effect))

    new_vars = cleaner.clean(condition, dest, language_mode);


  // Jump target if condition is false

  auto goto_instruction = dest.add(goto_programt::make_incomplete_goto(

    boolean_negate(condition), source_location));


  for(const auto &target : group.targets())

    encode_freeable_target(language_mode, target, dest);


  auto label_instruction = dest.add(goto_programt::make_skip(source_location));

  goto_instruction->complete_goto(label_instruction);


  destruct_locals(new_vars, dest, ns);

}


void dfcc_contract_clauses_codegent::encode_freeable_target(

  const irep_idt &language_mode,

  const exprt &target,

  goto_programt &dest)

{

  const source_locationt &source_location = target.source_location();


  if(can_cast_expr<side_effect_expr_function_callt>(target))

  {

    const auto &funcall = to_side_effect_expr_function_call(target);

    if(can_cast_expr<symbol_exprt>(funcall.function()))

    {

      // for calls to user-defined functions a call expression `foo(params)`

      // becomes an instruction `CALL foo(params);`

      code_function_callt code_function_call(

        to_symbol_expr(funcall.function()));

      auto &arguments = code_function_call.arguments();

      for(auto &arg : funcall.arguments())

        arguments.emplace_back(arg);

      dest.add(

        goto_programt::make_function_call(code_function_call, source_location));

    }

  }

  else if(can_cast_type<pointer_typet>(target.type()))

  {

    // A plain `target` becomes `CALL __CPROVER_freeable(target);`

    code_function_callt code_function_call(

      dfcc_utilst::get_function_symbol(

        goto_model.symbol_table, CPROVER_PREFIX "freeable")

        .symbol_expr());

    auto &arguments = code_function_call.arguments();

    arguments.emplace_back(target);


    dest.add(

      goto_programt::make_function_call(code_function_call, source_location));

  }

  else

  {

    // any other type of target is unsupported

    throw invalid_source_file_exceptiont(

      "unsupported frees clause target " +

        from_expr_using_mode(ns, language_mode, target),

      target.source_location());

  }

}


void dfcc_contract_clauses_codegent::inline_and_check_warnings(

  goto_programt &goto_program)

{

  std::set<irep_idt> no_body;

  std::set<irep_idt> missing_function;

  std::set<irep_idt> recursive_call;

  std::set<irep_idt> not_enough_arguments;


  dfcc_utilst::inline_program(

    goto_model,

    goto_program,

    no_body,

    recursive_call,

    missing_function,

    not_enough_arguments,

    message_handler);


  // check that the only no body / missing functions are the cprover builtins

  for(const auto &id : no_body)

  {

    INVARIANT(

      library.is_front_end_builtin(id),

      "no body for '" + id2string(id) + "' when inlining goto program");

  }


  for(auto it : missing_function)

  {

    INVARIANT(

      library.is_front_end_builtin(it),

      "missing function '" + id2string(it) + "' when inlining goto program");

  }


  INVARIANT(

    recursive_call.empty(), "recursive calls found when inlining goto program");


  INVARIANT(

    not_enough_arguments.empty(),

    "not enough arguments when inlining goto program");

}


c_expr.h
API to expression classes that are internal to the C frontend.

pointer_type
pointer_typet pointer_type(const typet &subtype)
Definition c_types.cpp:235

c_types.h

address_of_exprt
Operator to return the address of an object.
Definition pointer_expr.h:540

ait
ait supplies three of the four components needed: an abstract interpreter (in this case handling func...
Definition ai.h:562

cleanert
Class that allows to clean expressions of side effects and to generate havoc_slice expressions.
Definition utils.h:37

cleanert::clean
std::list< irep_idt > clean(exprt &guard, goto_programt &dest, const irep_idt &mode)
Definition utils.h:47

code_function_callt
goto_instruction_codet representation of a function call statement.
Definition goto_instruction_code.h:271

conditional_target_group_exprt
A class for an expression that represents a conditional target or a list of targets sharing a common ...
Definition c_expr.h:233

dfcc_contract_clauses_codegent::encode_freeable_target_group
void encode_freeable_target_group(const irep_idt &language_mode, const conditional_target_group_exprt &group, goto_programt &dest)
Generates GOTO instructions to build the representation of the given conditional target group.
Definition dfcc_contract_clauses_codegen.cpp:187

dfcc_contract_clauses_codegent::encode_assignable_target
void encode_assignable_target(const irep_idt &language_mode, const exprt &target, goto_programt &dest)
Generates GOTO instructions to build the representation of the given assignable target.
Definition dfcc_contract_clauses_codegen.cpp:125

dfcc_contract_clauses_codegent::encode_assignable_target_group
void encode_assignable_target_group(const irep_idt &language_mode, const conditional_target_group_exprt &group, goto_programt &dest)
Generates GOTO instructions to build the representation of the given conditional target group.
Definition dfcc_contract_clauses_codegen.cpp:98

dfcc_contract_clauses_codegent::log
messaget log
Definition dfcc_contract_clauses_codegen.h:79

dfcc_contract_clauses_codegent::gen_spec_assigns_instructions
void gen_spec_assigns_instructions(const irep_idt &language_mode, const exprt::operandst &assigns_clause, goto_programt &dest)
Generates instructions encoding the assigns_clause targets and adds them to dest.
Definition dfcc_contract_clauses_codegen.cpp:43

dfcc_contract_clauses_codegent::goto_model
goto_modelt & goto_model
Definition dfcc_contract_clauses_codegen.h:77

dfcc_contract_clauses_codegent::encode_freeable_target
void encode_freeable_target(const irep_idt &language_mode, const exprt &target, goto_programt &dest)
Generates GOTO instructions to build the representation of the given freeable target.
Definition dfcc_contract_clauses_codegen.cpp:214

dfcc_contract_clauses_codegent::library
dfcc_libraryt & library
Definition dfcc_contract_clauses_codegen.h:80

dfcc_contract_clauses_codegent::message_handler
message_handlert & message_handler
Definition dfcc_contract_clauses_codegen.h:78

dfcc_contract_clauses_codegent::gen_spec_frees_instructions
void gen_spec_frees_instructions(const irep_idt &language_mode, const exprt::operandst &frees_clause, goto_programt &dest)
Generates instructions encoding the frees_clause targets and adds them to dest.
Definition dfcc_contract_clauses_codegen.cpp:71

dfcc_contract_clauses_codegent::inline_and_check_warnings
void inline_and_check_warnings(goto_programt &goto_program)
Inlines all calls in the given program and checks that the only missing functions or functions withou...
Definition dfcc_contract_clauses_codegen.cpp:260

dfcc_contract_clauses_codegent::ns
namespacet ns
Definition dfcc_contract_clauses_codegen.h:81

dfcc_contract_clauses_codegent::dfcc_contract_clauses_codegent
dfcc_contract_clauses_codegent(goto_modelt &goto_model, message_handlert &message_handler, dfcc_libraryt &library)
Definition dfcc_contract_clauses_codegen.cpp:31

dfcc_libraryt
Class interface to library types and functions defined in cprover_contracts.c.
Definition dfcc_library.h:164

dfcc_libraryt::is_front_end_builtin
bool is_front_end_builtin(const irep_idt &function_id) const
Returns true iff the given function_id is one of __CPROVER_assignable, __CPROVER_object_whole,...
Definition dfcc_library.cpp:198

dstringt
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Definition dstring.h:38

empty_typet
The empty type.
Definition std_types.h:51

exprt
Base class for all expressions.
Definition expr.h:56

exprt::operandst
std::vector< exprt > operandst
Definition expr.h:58

exprt::type
typet & type()
Return the type of the expression.
Definition expr.h:84

exprt::source_location
const source_locationt & source_location() const
Definition expr.h:231

goto_modelt
Definition goto_model.h:27

goto_modelt::symbol_table
symbol_tablet symbol_table
Symbol table.
Definition goto_model.h:31

goto_programt
A generic container class for the GOTO intermediate representation of one function.
Definition goto_program.h:72

goto_programt::update
void update()
Update all indices.
Definition goto_program.cpp:619

goto_programt::make_skip
static instructiont make_skip(const source_locationt &l=source_locationt::nil())
Definition goto_program.h:890

goto_programt::make_function_call
static instructiont make_function_call(const code_function_callt &_code, const source_locationt &l=source_locationt::nil())
Create a function call instruction.
Definition goto_program.h:1089

goto_programt::add
targett add(instructiont &&instruction)
Adds a given instruction at the end.
Definition goto_program.h:738

goto_programt::make_incomplete_goto
static instructiont make_incomplete_goto(const exprt &_cond, const source_locationt &l=source_locationt::nil())
Definition goto_program.h:1010

invalid_source_file_exceptiont
Thrown when we can't handle something in an input source file.
Definition exception_utils.h:172

irept::id
const irep_idt & id() const
Definition irep.h:388

message_handlert
Definition message.h:27

messaget::get_message_handler
message_handlert & get_message_handler()
Definition message.h:183

namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition namespace.h:91

source_locationt
Definition source_location.h:20

symbol_exprt
Expression to hold a symbol (variable)
Definition std_expr.h:131

typecast_exprt::conditional_cast
static exprt conditional_cast(const exprt &expr, const typet &type)
Definition std_expr.h:2081

CPROVER_PREFIX
#define CPROVER_PREFIX
Definition cprover_prefix.h:14

destruct_locals
void destruct_locals(const std::list< irep_idt > &vars, goto_programt &dest, const namespacet &ns)
Definition destructor.cpp:62

destructor.h
Destructor Calls.

dfcc_contract_clauses_codegen.h
Translates assigns and frees clauses of a function contract or loop contract into goto programs that ...

dfcc_library.h
Dynamic frame condition checking library loading.

dfcc_utils.h
Dynamic frame condition checking utility functions.

make_boolean_expr
constant_exprt make_boolean_expr(bool value)
returns true_exprt if given true and false_exprt otherwise
Definition expr_util.cpp:313

is_assignable
bool is_assignable(const exprt &expr)
Returns true iff the argument is one of the following:
Definition expr_util.cpp:24

has_subexpr
bool has_subexpr(const exprt &expr, const std::function< bool(const exprt &)> &pred)
returns true if the expression has a subexpression that satisfies pred
Definition expr_util.cpp:115

boolean_negate
exprt boolean_negate(const exprt &src)
negate a Boolean expression, possibly removing a not_exprt, and swapping false and true
Definition expr_util.cpp:103

expr_util.h
Deprecated expression utility functions.

fresh_symbol.h
Fresh auxiliary symbol creation.

goto_model.h
Symbol Table + CFG.

id2string
const std::string & id2string(const irep_idt &d)
Definition irep.h:44

from_expr_using_mode
std::string from_expr_using_mode(const namespacet &ns, const irep_idt &mode, const exprt &expr)
Formats an expression using the given namespace, using the given mode to retrieve the language printe...
Definition language_util.cpp:22

language_util.h

log
double log(double x)
Definition math.c:2449

mathematical_expr.h
API to expression classes for 'mathematical' expressions.

namespace.h

pointer_expr.h
API to expression classes for Pointers.

size_of_expr
std::optional< exprt > size_of_expr(const typet &type, const namespacet &ns)
Definition pointer_offset_size.cpp:287

pointer_offset_size.h
Pointer Logic.

invariant.h

PRECONDITION_WITH_DIAGNOSTICS
#define PRECONDITION_WITH_DIAGNOSTICS(CONDITION,...)
Definition invariant.h:464

INVARIANT
#define INVARIANT(CONDITION, REASON)
This macro uses the wrapper function 'invariant_violated_string'.
Definition invariant.h:423

to_side_effect_expr_function_call
side_effect_expr_function_callt & to_side_effect_expr_function_call(exprt &expr)
Definition std_code.h:1739

std_expr.h
API to expression classes.

to_symbol_expr
const symbol_exprt & to_symbol_expr(const exprt &expr)
Cast an exprt to a symbol_exprt.
Definition std_expr.h:272

dfcc_utilst::get_function_symbol
static symbolt & get_function_symbol(symbol_table_baset &, const irep_idt &function_id)
Returns the symbolt for function_id.
Definition dfcc_utils.cpp:72

dfcc_utilst::inline_program
static void inline_program(goto_modelt &goto_model, goto_programt &goto_program, std::set< irep_idt > &no_body, std::set< irep_idt > &recursive_call, std::set< irep_idt > &missing_function, std::set< irep_idt > &not_enough_arguments, message_handlert &message_handler)
Inlines the given program, and returns function symbols that caused warnings.
Definition dfcc_utils.cpp:487

is_loop_free
bool is_loop_free(const goto_programt &goto_program, const namespacet &ns, messaget &log)
Returns true iff the given program is loop-free, i.e.
Definition utils.cpp:271

utils.h