cbmc/dfcc__contract__handler_8cpp_source.html

 /*******************************************************************\


 Module: Dynamic frame condition checking for function contracts


 Author: Remi Delmas, delmasrd@amazon.com

 Date: August 2022


 \*******************************************************************/


 #include "dfcc_contract_handler.h"


 #include <util/arith_tools.h>

 #include <util/c_types.h>

 #include <util/expr_util.h>

 #include <util/format_type.h>

 #include <util/fresh_symbol.h>

 #include <util/invariant.h>

 #include <util/mathematical_expr.h>

 #include <util/namespace.h>

 #include <util/pointer_offset_size.h>

 #include <util/std_expr.h>


 #include <goto-programs/goto_model.h>

 #include <goto-programs/remove_function_pointers.h>


 #include <ansi-c/c_expr.h>

 #include <goto-instrument/contracts/utils.h>

 #include <langapi/language_util.h>


 #include "dfcc_instrument.h"

 #include "dfcc_library.h"

 #include "dfcc_spec_functions.h"

 #include "dfcc_wrapper_program.h"


 std::map<irep_idt, dfcc_contract_functionst>

   dfcc_contract_handlert::contract_cache;


 dfcc_contract_handlert::dfcc_contract_handlert(

   goto_modelt &goto_model,

   message_handlert &message_handler,

   dfcc_libraryt &library,

   dfcc_instrumentt &instrument,

   dfcc_lift_memory_predicatest &memory_predicates,

   dfcc_spec_functionst &spec_functions,

   dfcc_contract_clauses_codegent &contract_clauses_codegen)

   : goto_model(goto_model),

     message_handler(message_handler),

     log(message_handler),

     library(library),

     instrument(instrument),

     memory_predicates(memory_predicates),

     spec_functions(spec_functions),

     contract_clauses_codegen(contract_clauses_codegen),

     ns(goto_model.symbol_table)

 {

 }


 const dfcc_contract_functionst &

 dfcc_contract_handlert::get_contract_functions(const irep_idt &contract_id)

 {

   auto iter = dfcc_contract_handlert::contract_cache.find(contract_id);


   // return existing value

   if(iter != dfcc_contract_handlert::contract_cache.end())

     return iter->second;


   // insert new value

   return dfcc_contract_handlert::contract_cache

     .insert(

       {contract_id,

        dfcc_contract_functionst(

          get_pure_contract_symbol(contract_id),

          goto_model,

          message_handler,

          library,

          spec_functions,

          contract_clauses_codegen,

          instrument)})

     .first->second;

 }


 const std::size_t

 dfcc_contract_handlert::get_assigns_clause_size(const irep_idt &contract_id)

 {

   return get_contract_functions(contract_id).get_nof_assigns_targets();

 }


 void dfcc_contract_handlert::add_contract_instructions(

   const dfcc_contract_modet contract_mode,

   const irep_idt &wrapper_id,

   const irep_idt &wrapped_id,

   const irep_idt &contract_id,

   const symbolt &wrapper_write_set_symbol,

   goto_programt &dest,

   std::set<irep_idt> &function_pointer_contracts)

 {

   dfcc_wrapper_programt(

     contract_mode,

     dfcc_utilst::get_function_symbol(goto_model.symbol_table, wrapper_id),

     dfcc_utilst::get_function_symbol(goto_model.symbol_table, wrapped_id),

     get_contract_functions(contract_id),

     wrapper_write_set_symbol,

     goto_model,

     message_handler,

     library,

     instrument,

     memory_predicates)

     .add_to_dest(dest, function_pointer_contracts);

 }


 const symbolt &dfcc_contract_handlert::get_pure_contract_symbol(

   const irep_idt &contract_id,

   const std::optional<irep_idt> function_id_opt)

 {

   auto pure_contract_id = "contract::" + id2string(contract_id);

   const symbolt *pure_contract_symbol = nullptr;

   if(!ns.lookup(pure_contract_id, pure_contract_symbol))

   {

     if(function_id_opt.has_value())

     {

       auto function_id = function_id_opt.value();

       const auto &function_symbol =

         dfcc_utilst::get_function_symbol(goto_model.symbol_table, function_id);

       check_signature_compat(

         function_id,

         to_code_type(function_symbol.type),

         pure_contract_id,

         to_code_type(pure_contract_symbol->type));

     }

     return *pure_contract_symbol;

   }

   else

   {

     // The contract symbol might not have been created if the function had

     // no contract or a contract with all empty clauses (which is equivalent).

     // in that case we create a fresh symbol again with empty clauses.

     PRECONDITION_WITH_DIAGNOSTICS(

       function_id_opt.has_value(),

       "Contract '" + pure_contract_id +

         "' not found, the identifier of an existing function must be provided "

         "to derive a default contract");


     auto function_id = function_id_opt.value();

     const auto &function_symbol =

       dfcc_utilst::get_function_symbol(goto_model.symbol_table, function_id);


     log.warning() << "Contract '" << contract_id

                   << "' not found, deriving empty pure contract '"

                   << pure_contract_id << "' from function '" << function_id

                   << "'" << messaget::eom;


     symbolt new_symbol{

       pure_contract_id, function_symbol.type, function_symbol.mode};

     new_symbol.base_name = pure_contract_id;

     new_symbol.pretty_name = pure_contract_id;

     new_symbol.is_property = true;

     new_symbol.module = function_symbol.module;

     new_symbol.location = function_symbol.location;

     auto entry = goto_model.symbol_table.insert(std::move(new_symbol));

     INVARIANT(

       entry.second,

       "contract '" + id2string(function_symbol.display_name()) +

         "' already set at " + id2string(entry.first.location.as_string()));

     // this lookup will work and set the pointer

     // no need to check for signature compatibility

     ns.lookup(pure_contract_id, pure_contract_symbol);

     return *pure_contract_symbol;

   }

 }


 void dfcc_contract_handlert::check_signature_compat(

   const irep_idt &contract_id,

   const code_typet &contract_type,

   const irep_idt &pure_contract_id,

   const code_typet &pure_contract_type)

 {

   // can we turn a call to `contract` into a call to `pure_contract` ?

   bool compatible =

     function_is_type_compatible(true, contract_type, pure_contract_type, ns);


   if(!compatible)

   {

     std::ostringstream err_msg;

     err_msg << "dfcc_contract_handlert: function '" << contract_id

             << "' and the corresponding pure contract symbol '"

             << pure_contract_id << "' have incompatible type signatures:\n";


     err_msg << "- contract return type "

             << from_type(ns, contract_id, contract_type.return_type()) << "\n";


     for(const auto &param : contract_type.parameters())

     {

       err_msg << "- contract param type "

               << from_type(ns, contract_id, param.type()) << "\n";

     }


     err_msg << "- pure contract return type "

             << from_type(ns, pure_contract_id, pure_contract_type.return_type())

             << "\n";


     for(const auto &param : pure_contract_type.parameters())

     {

       err_msg << "- pure contract param type "

               << from_type(ns, pure_contract_id, param.type()) << "\n";

     }


     err_msg << "aborting."

             << "\n";

     throw invalid_source_file_exceptiont(

       err_msg.str(), contract_type.source_location());

   }

 }

arith_tools.h

c_expr.h
API to expression classes that are internal to the C frontend.

c_types.h

code_typet
Base type of functions.
Definition: std_types.h:583

code_typet::return_type
const typet & return_type() const
Definition: std_types.h:689

code_typet::parameters
const parameterst & parameters() const
Definition: std_types.h:699

dfcc_contract_clauses_codegent
Translates assigns and frees clauses of a function contract or loop contract into GOTO programs that ...
Definition: dfcc_contract_clauses_codegen.h:36

dfcc_contract_functionst
Generates GOTO functions modelling a contract assigns and frees clauses.
Definition: dfcc_contract_functions.h:64

dfcc_contract_functionst::get_nof_assigns_targets
const std::size_t get_nof_assigns_targets() const
Returns the maximum number of targets in the assigns clause.
Definition: dfcc_contract_functions.cpp:108

dfcc_contract_handlert::log
messaget log
Definition: dfcc_contract_handler.h:118

dfcc_contract_handlert::check_signature_compat
void check_signature_compat(const irep_idt &contract_id, const code_typet &contract_type, const irep_idt &pure_contract_id, const code_typet &pure_contract_type)
Throws an error if the type signatures are not compatible.
Definition: dfcc_contract_handler.cpp:171

dfcc_contract_handlert::spec_functions
dfcc_spec_functionst & spec_functions
Definition: dfcc_contract_handler.h:122

dfcc_contract_handlert::get_pure_contract_symbol
const symbolt & get_pure_contract_symbol(const irep_idt &contract_id, const std::optional< irep_idt > function_id_opt={})
Searches for a symbol named "contract::contract_id" in the symbol table.
Definition: dfcc_contract_handler.cpp:111

dfcc_contract_handlert::ns
namespacet ns
Definition: dfcc_contract_handler.h:124

dfcc_contract_handlert::contract_cache
static std::map< irep_idt, dfcc_contract_functionst > contract_cache
Definition: dfcc_contract_handler.h:127

dfcc_contract_handlert::memory_predicates
dfcc_lift_memory_predicatest & memory_predicates
Definition: dfcc_contract_handler.h:121

dfcc_contract_handlert::message_handler
message_handlert & message_handler
Definition: dfcc_contract_handler.h:117

dfcc_contract_handlert::contract_clauses_codegen
dfcc_contract_clauses_codegent & contract_clauses_codegen
Definition: dfcc_contract_handler.h:123

dfcc_contract_handlert::get_assigns_clause_size
const std::size_t get_assigns_clause_size(const irep_idt &contract_id)
Returns the size assigns clause of the given contract in number of targets.
Definition: dfcc_contract_handler.cpp:83

dfcc_contract_handlert::goto_model
goto_modelt & goto_model
Definition: dfcc_contract_handler.h:116

dfcc_contract_handlert::library
dfcc_libraryt & library
Definition: dfcc_contract_handler.h:119

dfcc_contract_handlert::add_contract_instructions
void add_contract_instructions(const dfcc_contract_modet contract_mode, const irep_idt &wrapper_id, const irep_idt &wrapped_id, const irep_idt &contract_id, const symbolt &wrapper_write_set_symbol, goto_programt &dest, std::set< irep_idt > &function_pointer_contracts)
Adds instructions in dest modeling contract checking, assuming that ret_t wrapper_id(params) is the f...
Definition: dfcc_contract_handler.cpp:88

dfcc_contract_handlert::instrument
dfcc_instrumentt & instrument
Definition: dfcc_contract_handler.h:120

dfcc_contract_handlert::dfcc_contract_handlert
dfcc_contract_handlert(goto_modelt &goto_model, message_handlert &message_handler, dfcc_libraryt &library, dfcc_instrumentt &instrument, dfcc_lift_memory_predicatest &memory_predicates, dfcc_spec_functionst &spec_functions, dfcc_contract_clauses_codegent &contract_clauses_codegen)
Definition: dfcc_contract_handler.cpp:38

dfcc_contract_handlert::get_contract_functions
const dfcc_contract_functionst & get_contract_functions(const irep_idt &contract_id)
Returns the dfcc_contract_functionst object for the given contract from the cache,...
Definition: dfcc_contract_handler.cpp:59

dfcc_instrumentt
This class instruments GOTO functions or instruction sequences for frame condition checking and loop ...
Definition: dfcc_instrument.h:44

dfcc_libraryt
Class interface to library types and functions defined in cprover_contracts.c.
Definition: dfcc_library.h:154

dfcc_lift_memory_predicatest
Definition: dfcc_lift_memory_predicates.h:37

dfcc_spec_functionst
This class rewrites GOTO functions that use the built-ins:
Definition: dfcc_spec_functions.h:44

dfcc_wrapper_programt
Generates the body of a wrapper function from a contract specified using requires,...
Definition: dfcc_wrapper_program.h:96

dfcc_wrapper_programt::add_to_dest
void add_to_dest(goto_programt &dest, std::set< irep_idt > &dest_fp_contracts)
Adds the whole program to dest and the discovered function pointer contracts dest_fp_contracts.
Definition: dfcc_wrapper_program.cpp:235

dstringt
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Definition: dstring.h:38

goto_modelt
Definition: goto_model.h:27

goto_modelt::symbol_table
symbol_tablet symbol_table
Symbol table.
Definition: goto_model.h:31

goto_programt
A generic container class for the GOTO intermediate representation of one function.
Definition: goto_program.h:73

invalid_source_file_exceptiont
Thrown when we can't handle something in an input source file.
Definition: exception_utils.h:172

message_handlert
Definition: message.h:27

messaget::warning
mstreamt & warning() const
Definition: message.h:396

messaget::eom
static eomt eom
Definition: message.h:289

namespacet::lookup
bool lookup(const irep_idt &name, const symbolt *&symbol) const override
See documentation for namespace_baset::lookup().
Definition: namespace.cpp:148

symbol_tablet::insert
virtual std::pair< symbolt &, bool > insert(symbolt symbol) override
Author: Diffblue Ltd.
Definition: symbol_table.cpp:17

symbolt
Symbol table entry.
Definition: symbol.h:28

symbolt::type
typet type
Type of symbol.
Definition: symbol.h:31

symbolt::value
exprt value
Initial value of symbol.
Definition: symbol.h:34

typet::source_location
const source_locationt & source_location() const
Definition: type.h:72

dfcc_contract_handler.h
Specialisation of dfcc_contract_handlert for contracts.

dfcc_contract_modet
dfcc_contract_modet
Enum type representing the contract checking and replacement modes.
Definition: dfcc_contract_mode.h:20

dfcc_instrument.h
Add instrumentation to a goto program to perform frame condition checks.

dfcc_library.h
Dynamic frame condition checking library loading.

dfcc_spec_functions.h
Translate functions that specify assignable and freeable targets declaratively into active functions ...

dfcc_wrapper_program.h
Generates the body of a wrapper function from a contract for contract checking or contract replacemen...

expr_util.h
Deprecated expression utility functions.

format_type.h

fresh_symbol.h
Fresh auxiliary symbol creation.

goto_model.h
Symbol Table + CFG.

id2string
const std::string & id2string(const irep_idt &d)
Definition: irep.h:44

from_type
std::string from_type(const namespacet &ns, const irep_idt &identifier, const typet &type)
Definition: language_util.cpp:52

language_util.h

log
double log(double x)
Definition: math.c:2776

mathematical_expr.h
API to expression classes for 'mathematical' expressions.

namespace.h

pointer_offset_size.h
Pointer Logic.

function_is_type_compatible
bool function_is_type_compatible(bool return_value_used, const code_typet &call_type, const code_typet &function_type, const namespacet &ns)
Returns true iff call_type can be converted to produce a function call of the same type as function_t...
Definition: remove_function_pointers.cpp:129

remove_function_pointers.h
Remove Indirect Function Calls.

invariant.h

PRECONDITION_WITH_DIAGNOSTICS
#define PRECONDITION_WITH_DIAGNOSTICS(CONDITION,...)
Definition: invariant.h:464

std_expr.h
API to expression classes.

to_code_type
const code_typet & to_code_type(const typet &type)
Cast a typet to a code_typet.
Definition: std_types.h:788

dfcc_utilst::get_function_symbol
static symbolt & get_function_symbol(symbol_table_baset &, const irep_idt &function_id)
Returns the symbolt for function_id.
Definition: dfcc_utils.cpp:72

utils.h

validation_modet::INVARIANT
@ INVARIANT