cbmc/flow__insensitive__analysis_8h_source.html

/*******************************************************************\


Module: Flow Insensitive Static Analysis


Author: Daniel Kroening, kroening@kroening.com

        CM Wintersteiger


\*******************************************************************/


#ifndef CPROVER_ANALYSES_FLOW_INSENSITIVE_ANALYSIS_H

#define CPROVER_ANALYSES_FLOW_INSENSITIVE_ANALYSIS_H


#include <queue>

#include <map>

#include <iosfwd>

#include <unordered_set>


#include <goto-programs/goto_functions.h>


// don't use me -- I am just a base class

// please derive from me


class flow_insensitive_abstract_domain_baset

{

public:


  flow_insensitive_abstract_domain_baset():

    changed(false)

  {

  }


  typedef goto_programt::const_targett locationt;


  virtual void initialize(const namespacet &ns)=0;


  virtual bool transform(

    const namespacet &ns,

    const irep_idt &function_from,

    locationt from,

    const irep_idt &function_to,

    locationt to) = 0;


  virtual ~flow_insensitive_abstract_domain_baset()

  {

  }


  virtual void output(

    const namespacet &,

    std::ostream &) const

  {

  }


  typedef std::unordered_set<exprt, irep_hash> expr_sett;


  virtual void get_reference_set(

    const namespacet &,

    const exprt &,

    expr_sett &expr_set)

  {

    // dummy, overload me!

    expr_set.clear();

  }


  virtual void clear(void)=0;


protected:

  bool changed;

  // utilities


  // get guard of a conditional edge

  exprt get_guard(locationt from, locationt to) const;


  // get lhs that return value is assigned to

  // for an edge that returns from a function

  exprt get_return_lhs(locationt to) const;

};


class flow_insensitive_analysis_baset

{

public:

  typedef flow_insensitive_abstract_domain_baset statet;

  typedef goto_programt::const_targett locationt;


  std::set<locationt, goto_programt::target_less_than> seen_locations;


  std::map<locationt, unsigned, goto_programt::target_less_than> statistics;


  bool seen(const locationt &l)

  {

    return (seen_locations.find(l)!=seen_locations.end());

  }


  explicit flow_insensitive_analysis_baset(const namespacet &_ns):

    ns(_ns),

    initialized(false)

  {

  }


  virtual void initialize(const goto_programt &)

  {

    if(!initialized)

    {

      initialized=true;

    }

  }


  virtual void initialize(const goto_functionst &)

  {

    if(!initialized)

    {

      initialized=true;

    }

  }


  virtual void update(const goto_programt &goto_program);


  virtual void update(const goto_functionst &goto_functions);


  virtual void

  operator()(const irep_idt &function_id, const goto_programt &goto_program);


  virtual void operator()(

    const goto_functionst &goto_functions);


  virtual ~flow_insensitive_analysis_baset()

  {

  }


  virtual void clear()

  {

    initialized=false;

  }


  virtual void output(

    const goto_functionst &goto_functions,

    std::ostream &out);


  virtual void output(

    const irep_idt &function_id,

    const goto_programt &goto_program,

    std::ostream &out);


protected:

  const namespacet &ns;


  typedef std::priority_queue<

    locationt,

    std::vector<locationt>,

    goto_programt::target_less_than>

    working_sett;


  locationt get_next(working_sett &working_set);


  void put_in_working_set(

    working_sett &working_set,

    locationt l)

  {

    working_set.push(l);

  }


  // true = found something new

  bool fixedpoint(

    const irep_idt &function_id,

    const goto_programt &goto_program,

    const goto_functionst &goto_functions);


  void fixedpoint(

    const goto_functionst &goto_functions);


  // true = found something new

  bool visit(

    const irep_idt &function_id,

    locationt l,

    working_sett &working_set,

    const goto_programt &goto_program,

    const goto_functionst &goto_functions);


  static locationt successor(locationt l)

  {

    l++;

    return l;

  }


  typedef std::set<irep_idt> functions_donet;

  functions_donet functions_done;


  typedef std::set<irep_idt> recursion_sett;

  recursion_sett recursion_set;


  bool initialized;


  // function calls

  bool do_function_call_rec(

    const irep_idt &calling_function,

    locationt l_call,

    const exprt &function,

    const exprt::operandst &arguments,

    statet &new_state,

    const goto_functionst &goto_functions);


  bool do_function_call(

    const irep_idt &calling_function,

    locationt l_call,

    const goto_functionst &goto_functions,

    const goto_functionst::function_mapt::const_iterator f_it,

    const exprt::operandst &arguments,

    statet &new_state);


  // abstract methods


  virtual statet &get_state()=0;

  virtual const statet &get_state() const=0;


  typedef flow_insensitive_abstract_domain_baset::expr_sett expr_sett;


  virtual void get_reference_set(

    const exprt &expr,

    expr_sett &expr_set)=0;

};


template<typename T>


class flow_insensitive_analysist:public flow_insensitive_analysis_baset

{

public:

  // constructor


  explicit flow_insensitive_analysist(const namespacet &_ns):

    flow_insensitive_analysis_baset(_ns)

  {

  }


  typedef goto_programt::const_targett locationt;


  virtual void clear()

  {

    state.clear();

    flow_insensitive_analysis_baset::clear();

  }


  T &get_data() { return state; }

  const T &get_data() const { return state; }


protected:

  T state; // one global state


  virtual statet &get_state() { return state; }


  virtual const statet &get_state() const { return state; }


  void get_reference_set(

    const exprt &expr,

    expr_sett &expr_set)

  {

    state.get_reference_set(ns, expr, expr_set);

  }


private:

  // to enforce that T is derived from abstract_domain_baset

  void dummy(const T &s) { const statet &x=dummy1(s); (void)x; }

};


#endif // CPROVER_ANALYSES_FLOW_INSENSITIVE_ANALYSIS_H

ai_baset::clear
virtual void clear()
Reset the abstract state.
Definition ai.h:265

ait
ait supplies three of the four components needed: an abstract interpreter (in this case handling func...
Definition ai.h:562

dstringt
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Definition dstring.h:38

exprt
Base class for all expressions.
Definition expr.h:56

exprt::operandst
std::vector< exprt > operandst
Definition expr.h:58

flow_insensitive_abstract_domain_baset
Definition flow_insensitive_analysis.h:37

flow_insensitive_abstract_domain_baset::expr_sett
std::unordered_set< exprt, irep_hash > expr_sett
Definition flow_insensitive_analysis.h:65

flow_insensitive_abstract_domain_baset::get_guard
exprt get_guard(locationt from, locationt to) const
Definition flow_insensitive_analysis.cpp:19

flow_insensitive_abstract_domain_baset::output
virtual void output(const namespacet &, std::ostream &) const
Definition flow_insensitive_analysis.h:59

flow_insensitive_abstract_domain_baset::~flow_insensitive_abstract_domain_baset
virtual ~flow_insensitive_abstract_domain_baset()
Definition flow_insensitive_analysis.h:55

flow_insensitive_abstract_domain_baset::initialize
virtual void initialize(const namespacet &ns)=0

flow_insensitive_abstract_domain_baset::clear
virtual void clear(void)=0

flow_insensitive_abstract_domain_baset::get_reference_set
virtual void get_reference_set(const namespacet &, const exprt &, expr_sett &expr_set)
Definition flow_insensitive_analysis.h:67

flow_insensitive_abstract_domain_baset::flow_insensitive_abstract_domain_baset
flow_insensitive_abstract_domain_baset()
Definition flow_insensitive_analysis.h:39

flow_insensitive_abstract_domain_baset::changed
bool changed
Definition flow_insensitive_analysis.h:79

flow_insensitive_abstract_domain_baset::get_return_lhs
exprt get_return_lhs(locationt to) const
Definition flow_insensitive_analysis.cpp:31

flow_insensitive_abstract_domain_baset::transform
virtual bool transform(const namespacet &ns, const irep_idt &function_from, locationt from, const irep_idt &function_to, locationt to)=0

flow_insensitive_abstract_domain_baset::locationt
goto_programt::const_targett locationt
Definition flow_insensitive_analysis.h:44

flow_insensitive_analysis_baset
Definition flow_insensitive_analysis.h:91

flow_insensitive_analysis_baset::clear
virtual void clear()
Definition flow_insensitive_analysis.h:141

flow_insensitive_analysis_baset::functions_done
functions_donet functions_done
Definition flow_insensitive_analysis.h:197

flow_insensitive_analysis_baset::~flow_insensitive_analysis_baset
virtual ~flow_insensitive_analysis_baset()
Definition flow_insensitive_analysis.h:137

flow_insensitive_analysis_baset::recursion_sett
std::set< irep_idt > recursion_sett
Definition flow_insensitive_analysis.h:199

flow_insensitive_analysis_baset::initialized
bool initialized
Definition flow_insensitive_analysis.h:202

flow_insensitive_analysis_baset::statistics
std::map< locationt, unsigned, goto_programt::target_less_than > statistics
Definition flow_insensitive_analysis.h:98

flow_insensitive_analysis_baset::output
virtual void output(const goto_functionst &goto_functions, std::ostream &out)
Definition flow_insensitive_analysis.cpp:58

flow_insensitive_analysis_baset::working_sett
std::priority_queue< locationt, std::vector< locationt >, goto_programt::target_less_than > working_sett
Definition flow_insensitive_analysis.h:162

flow_insensitive_analysis_baset::operator()
virtual void operator()(const irep_idt &function_id, const goto_programt &goto_program)
Definition flow_insensitive_analysis.cpp:51

flow_insensitive_analysis_baset::get_reference_set
virtual void get_reference_set(const exprt &expr, expr_sett &expr_set)=0

flow_insensitive_analysis_baset::get_next
locationt get_next(working_sett &working_set)
Definition flow_insensitive_analysis.cpp:80

flow_insensitive_analysis_baset::flow_insensitive_analysis_baset
flow_insensitive_analysis_baset(const namespacet &_ns)
Definition flow_insensitive_analysis.h:105

flow_insensitive_analysis_baset::recursion_set
recursion_sett recursion_set
Definition flow_insensitive_analysis.h:200

flow_insensitive_analysis_baset::seen_locations
std::set< locationt, goto_programt::target_less_than > seen_locations
Definition flow_insensitive_analysis.h:96

flow_insensitive_analysis_baset::fixedpoint
bool fixedpoint(const irep_idt &function_id, const goto_programt &goto_program, const goto_functionst &goto_functions)
Definition flow_insensitive_analysis.cpp:96

flow_insensitive_analysis_baset::ns
const namespacet & ns
Definition flow_insensitive_analysis.h:156

flow_insensitive_analysis_baset::seen
bool seen(const locationt &l)
Definition flow_insensitive_analysis.h:100

flow_insensitive_analysis_baset::visit
bool visit(const irep_idt &function_id, locationt l, working_sett &working_set, const goto_programt &goto_program, const goto_functionst &goto_functions)
Definition flow_insensitive_analysis.cpp:125

flow_insensitive_analysis_baset::functions_donet
std::set< irep_idt > functions_donet
Definition flow_insensitive_analysis.h:196

flow_insensitive_analysis_baset::successor
static locationt successor(locationt l)
Definition flow_insensitive_analysis.h:190

flow_insensitive_analysis_baset::update
virtual void update(const goto_programt &goto_program)
Definition flow_insensitive_analysis.cpp:399

flow_insensitive_analysis_baset::expr_sett
flow_insensitive_abstract_domain_baset::expr_sett expr_sett
Definition flow_insensitive_analysis.h:226

flow_insensitive_analysis_baset::do_function_call_rec
bool do_function_call_rec(const irep_idt &calling_function, locationt l_call, const exprt &function, const exprt::operandst &arguments, statet &new_state, const goto_functionst &goto_functions)
Definition flow_insensitive_analysis.cpp:273

flow_insensitive_analysis_baset::locationt
goto_programt::const_targett locationt
Definition flow_insensitive_analysis.h:94

flow_insensitive_analysis_baset::initialize
virtual void initialize(const goto_programt &)
Definition flow_insensitive_analysis.h:111

flow_insensitive_analysis_baset::initialize
virtual void initialize(const goto_functionst &)
Definition flow_insensitive_analysis.h:119

flow_insensitive_analysis_baset::put_in_working_set
void put_in_working_set(working_sett &working_set, locationt l)
Definition flow_insensitive_analysis.h:166

flow_insensitive_analysis_baset::get_state
virtual const statet & get_state() const =0

flow_insensitive_analysis_baset::do_function_call
bool do_function_call(const irep_idt &calling_function, locationt l_call, const goto_functionst &goto_functions, const goto_functionst::function_mapt::const_iterator f_it, const exprt::operandst &arguments, statet &new_state)
Definition flow_insensitive_analysis.cpp:190

flow_insensitive_analysis_baset::statet
flow_insensitive_abstract_domain_baset statet
Definition flow_insensitive_analysis.h:93

flow_insensitive_analysis_baset::get_state
virtual statet & get_state()=0

flow_insensitive_analysist
Definition flow_insensitive_analysis.h:236

flow_insensitive_analysist::get_reference_set
void get_reference_set(const exprt &expr, expr_sett &expr_set)
Definition flow_insensitive_analysis.h:262

flow_insensitive_analysist::state
T state
Definition flow_insensitive_analysis.h:256

flow_insensitive_analysist::locationt
goto_programt::const_targett locationt
Definition flow_insensitive_analysis.h:244

flow_insensitive_analysist::flow_insensitive_analysist
flow_insensitive_analysist(const namespacet &_ns)
Definition flow_insensitive_analysis.h:239

flow_insensitive_analysist::get_state
virtual statet & get_state()
Definition flow_insensitive_analysis.h:258

flow_insensitive_analysist::get_data
T & get_data()
Definition flow_insensitive_analysis.h:252

flow_insensitive_analysist::dummy
void dummy(const T &s)
Definition flow_insensitive_analysis.h:271

flow_insensitive_analysist::clear
virtual void clear()
Definition flow_insensitive_analysis.h:246

flow_insensitive_analysist::get_state
virtual const statet & get_state() const
Definition flow_insensitive_analysis.h:260

flow_insensitive_analysist::get_data
const T & get_data() const
Definition flow_insensitive_analysis.h:253

goto_functionst
A collection of goto functions.
Definition goto_functions.h:25

goto_programt
A generic container class for the GOTO intermediate representation of one function.
Definition goto_program.h:72

goto_programt::const_targett
instructionst::const_iterator const_targett
Definition goto_program.h:614

namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition namespace.h:91

goto_functions.h
Goto Programs with Functions.

goto_programt::instructiont::target_less_than
A total order over targett and const_targett.
Definition goto_program.h:391