cbmc/flow__insensitive__analysis_8h_source.html

 /*******************************************************************\


 Module: Flow Insensitive Static Analysis


 Author: Daniel Kroening, kroening@kroening.com

         CM Wintersteiger


 \*******************************************************************/


 #ifndef CPROVER_ANALYSES_FLOW_INSENSITIVE_ANALYSIS_H

 #define CPROVER_ANALYSES_FLOW_INSENSITIVE_ANALYSIS_H


 #include <queue>

 #include <map>

 #include <iosfwd>

 #include <unordered_set>


 #include <goto-programs/goto_functions.h>


 // don't use me -- I am just a base class

 // please derive from me

 class flow_insensitive_abstract_domain_baset

 {

 public:

   flow_insensitive_abstract_domain_baset():

     changed(false)

   {

   }


   typedef goto_programt::const_targett locationt;


   virtual void initialize(const namespacet &ns)=0;


   virtual bool transform(

     const namespacet &ns,

     const irep_idt &function_from,

     locationt from,

     const irep_idt &function_to,

     locationt to) = 0;


   virtual ~flow_insensitive_abstract_domain_baset()

   {

   }


   virtual void output(

     const namespacet &,

     std::ostream &) const

   {

   }


   typedef std::unordered_set<exprt, irep_hash> expr_sett;


   virtual void get_reference_set(

     const namespacet &,

     const exprt &,

     expr_sett &expr_set)

   {

     // dummy, overload me!

     expr_set.clear();

   }


   virtual void clear(void)=0;


 protected:

   bool changed;

   // utilities


   // get guard of a conditional edge

   exprt get_guard(locationt from, locationt to) const;


   // get lhs that return value is assigned to

   // for an edge that returns from a function

   exprt get_return_lhs(locationt to) const;

 };


 class flow_insensitive_analysis_baset

 {

 public:

   typedef flow_insensitive_abstract_domain_baset statet;

   typedef goto_programt::const_targett locationt;


   std::set<locationt, goto_programt::target_less_than> seen_locations;


   std::map<locationt, unsigned, goto_programt::target_less_than> statistics;


   bool seen(const locationt &l)

   {

     return (seen_locations.find(l)!=seen_locations.end());

   }


   explicit flow_insensitive_analysis_baset(const namespacet &_ns):

     ns(_ns),

     initialized(false)

   {

   }


   virtual void initialize(const goto_programt &)

   {

     if(!initialized)

     {

       initialized=true;

     }

   }


   virtual void initialize(const goto_functionst &)

   {

     if(!initialized)

     {

       initialized=true;

     }

   }


   virtual void update(const goto_programt &goto_program);


   virtual void update(const goto_functionst &goto_functions);


   virtual void

   operator()(const irep_idt &function_id, const goto_programt &goto_program);


   virtual void operator()(

     const goto_functionst &goto_functions);


   virtual ~flow_insensitive_analysis_baset()

   {

   }


   virtual void clear()

   {

     initialized=false;

   }


   virtual void output(

     const goto_functionst &goto_functions,

     std::ostream &out);


   virtual void output(

     const irep_idt &function_id,

     const goto_programt &goto_program,

     std::ostream &out);


 protected:

   const namespacet &ns;


   typedef std::priority_queue<

     locationt,

     std::vector<locationt>,

     goto_programt::target_less_than>

     working_sett;


   locationt get_next(working_sett &working_set);


   void put_in_working_set(

     working_sett &working_set,

     locationt l)

   {

     working_set.push(l);

   }


   // true = found something new

   bool fixedpoint(

     const irep_idt &function_id,

     const goto_programt &goto_program,

     const goto_functionst &goto_functions);


   void fixedpoint(

     const goto_functionst &goto_functions);


   // true = found something new

   bool visit(

     const irep_idt &function_id,

     locationt l,

     working_sett &working_set,

     const goto_programt &goto_program,

     const goto_functionst &goto_functions);


   static locationt successor(locationt l)

   {

     l++;

     return l;

   }


   typedef std::set<irep_idt> functions_donet;

   functions_donet functions_done;


   typedef std::set<irep_idt> recursion_sett;

   recursion_sett recursion_set;


   bool initialized;


   // function calls

   bool do_function_call_rec(

     const irep_idt &calling_function,

     locationt l_call,

     const exprt &function,

     const exprt::operandst &arguments,

     statet &new_state,

     const goto_functionst &goto_functions);


   bool do_function_call(

     const irep_idt &calling_function,

     locationt l_call,

     const goto_functionst &goto_functions,

     const goto_functionst::function_mapt::const_iterator f_it,

     const exprt::operandst &arguments,

     statet &new_state);


   // abstract methods


   virtual statet &get_state()=0;

   virtual const statet &get_state() const=0;


   typedef flow_insensitive_abstract_domain_baset::expr_sett expr_sett;


   virtual void get_reference_set(

     const exprt &expr,

     expr_sett &expr_set)=0;

 };


 template<typename T>

 class flow_insensitive_analysist:public flow_insensitive_analysis_baset

 {

 public:

   // constructor

   explicit flow_insensitive_analysist(const namespacet &_ns):

     flow_insensitive_analysis_baset(_ns)

   {

   }


   typedef goto_programt::const_targett locationt;


   virtual void clear()

   {

     state.clear();

     flow_insensitive_analysis_baset::clear();

   }


   T &get_data() { return state; }

   const T &get_data() const { return state; }


 protected:

   T state; // one global state


   virtual statet &get_state() { return state; }


   virtual const statet &get_state() const { return state; }


   void get_reference_set(

     const exprt &expr,

     expr_sett &expr_set)

   {

     state.get_reference_set(ns, expr, expr_set);

   }


 private:

   // to enforce that T is derived from abstract_domain_baset

   void dummy(const T &s) { const statet &x=dummy1(s); (void)x; }

 };


 #endif // CPROVER_ANALYSES_FLOW_INSENSITIVE_ANALYSIS_H

dstringt
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Definition: dstring.h:38

exprt
Base class for all expressions.
Definition: expr.h:56

exprt::operandst
std::vector< exprt > operandst
Definition: expr.h:58

flow_insensitive_abstract_domain_baset
Definition: flow_insensitive_analysis.h:37

flow_insensitive_abstract_domain_baset::expr_sett
std::unordered_set< exprt, irep_hash > expr_sett
Definition: flow_insensitive_analysis.h:65

flow_insensitive_abstract_domain_baset::get_guard
exprt get_guard(locationt from, locationt to) const
Definition: flow_insensitive_analysis.cpp:19

flow_insensitive_abstract_domain_baset::output
virtual void output(const namespacet &, std::ostream &) const
Definition: flow_insensitive_analysis.h:59

flow_insensitive_abstract_domain_baset::~flow_insensitive_abstract_domain_baset
virtual ~flow_insensitive_abstract_domain_baset()
Definition: flow_insensitive_analysis.h:55

flow_insensitive_abstract_domain_baset::initialize
virtual void initialize(const namespacet &ns)=0

flow_insensitive_abstract_domain_baset::clear
virtual void clear(void)=0

flow_insensitive_abstract_domain_baset::get_reference_set
virtual void get_reference_set(const namespacet &, const exprt &, expr_sett &expr_set)
Definition: flow_insensitive_analysis.h:67

flow_insensitive_abstract_domain_baset::flow_insensitive_abstract_domain_baset
flow_insensitive_abstract_domain_baset()
Definition: flow_insensitive_analysis.h:39

flow_insensitive_abstract_domain_baset::changed
bool changed
Definition: flow_insensitive_analysis.h:79

flow_insensitive_abstract_domain_baset::get_return_lhs
exprt get_return_lhs(locationt to) const
Definition: flow_insensitive_analysis.cpp:31

flow_insensitive_abstract_domain_baset::transform
virtual bool transform(const namespacet &ns, const irep_idt &function_from, locationt from, const irep_idt &function_to, locationt to)=0

flow_insensitive_abstract_domain_baset::locationt
goto_programt::const_targett locationt
Definition: flow_insensitive_analysis.h:44

flow_insensitive_analysis_baset
Definition: flow_insensitive_analysis.h:91

flow_insensitive_analysis_baset::clear
virtual void clear()
Definition: flow_insensitive_analysis.h:141

flow_insensitive_analysis_baset::functions_done
functions_donet functions_done
Definition: flow_insensitive_analysis.h:197

flow_insensitive_analysis_baset::~flow_insensitive_analysis_baset
virtual ~flow_insensitive_analysis_baset()
Definition: flow_insensitive_analysis.h:137

flow_insensitive_analysis_baset::recursion_sett
std::set< irep_idt > recursion_sett
Definition: flow_insensitive_analysis.h:199

flow_insensitive_analysis_baset::initialized
bool initialized
Definition: flow_insensitive_analysis.h:202

flow_insensitive_analysis_baset::get_state
virtual const statet & get_state() const =0

flow_insensitive_analysis_baset::statistics
std::map< locationt, unsigned, goto_programt::target_less_than > statistics
Definition: flow_insensitive_analysis.h:98

flow_insensitive_analysis_baset::output
virtual void output(const goto_functionst &goto_functions, std::ostream &out)
Definition: flow_insensitive_analysis.cpp:58

flow_insensitive_analysis_baset::working_sett
std::priority_queue< locationt, std::vector< locationt >, goto_programt::target_less_than > working_sett
Definition: flow_insensitive_analysis.h:162

flow_insensitive_analysis_baset::operator()
virtual void operator()(const irep_idt &function_id, const goto_programt &goto_program)
Definition: flow_insensitive_analysis.cpp:51

flow_insensitive_analysis_baset::get_reference_set
virtual void get_reference_set(const exprt &expr, expr_sett &expr_set)=0

flow_insensitive_analysis_baset::get_next
locationt get_next(working_sett &working_set)
Definition: flow_insensitive_analysis.cpp:80

flow_insensitive_analysis_baset::flow_insensitive_analysis_baset
flow_insensitive_analysis_baset(const namespacet &_ns)
Definition: flow_insensitive_analysis.h:105

flow_insensitive_analysis_baset::recursion_set
recursion_sett recursion_set
Definition: flow_insensitive_analysis.h:200

flow_insensitive_analysis_baset::seen_locations
std::set< locationt, goto_programt::target_less_than > seen_locations
Definition: flow_insensitive_analysis.h:96

flow_insensitive_analysis_baset::fixedpoint
bool fixedpoint(const irep_idt &function_id, const goto_programt &goto_program, const goto_functionst &goto_functions)
Definition: flow_insensitive_analysis.cpp:96

flow_insensitive_analysis_baset::get_state
virtual statet & get_state()=0

flow_insensitive_analysis_baset::ns
const namespacet & ns
Definition: flow_insensitive_analysis.h:156

flow_insensitive_analysis_baset::seen
bool seen(const locationt &l)
Definition: flow_insensitive_analysis.h:100

flow_insensitive_analysis_baset::visit
bool visit(const irep_idt &function_id, locationt l, working_sett &working_set, const goto_programt &goto_program, const goto_functionst &goto_functions)
Definition: flow_insensitive_analysis.cpp:125

flow_insensitive_analysis_baset::functions_donet
std::set< irep_idt > functions_donet
Definition: flow_insensitive_analysis.h:196

flow_insensitive_analysis_baset::successor
static locationt successor(locationt l)
Definition: flow_insensitive_analysis.h:190

flow_insensitive_analysis_baset::update
virtual void update(const goto_programt &goto_program)
Definition: flow_insensitive_analysis.cpp:399

flow_insensitive_analysis_baset::expr_sett
flow_insensitive_abstract_domain_baset::expr_sett expr_sett
Definition: flow_insensitive_analysis.h:226

flow_insensitive_analysis_baset::do_function_call_rec
bool do_function_call_rec(const irep_idt &calling_function, locationt l_call, const exprt &function, const exprt::operandst &arguments, statet &new_state, const goto_functionst &goto_functions)
Definition: flow_insensitive_analysis.cpp:273

flow_insensitive_analysis_baset::locationt
goto_programt::const_targett locationt
Definition: flow_insensitive_analysis.h:94

flow_insensitive_analysis_baset::initialize
virtual void initialize(const goto_programt &)
Definition: flow_insensitive_analysis.h:111

flow_insensitive_analysis_baset::initialize
virtual void initialize(const goto_functionst &)
Definition: flow_insensitive_analysis.h:119

flow_insensitive_analysis_baset::put_in_working_set
void put_in_working_set(working_sett &working_set, locationt l)
Definition: flow_insensitive_analysis.h:166

flow_insensitive_analysis_baset::do_function_call
bool do_function_call(const irep_idt &calling_function, locationt l_call, const goto_functionst &goto_functions, const goto_functionst::function_mapt::const_iterator f_it, const exprt::operandst &arguments, statet &new_state)
Definition: flow_insensitive_analysis.cpp:190

flow_insensitive_analysis_baset::statet
flow_insensitive_abstract_domain_baset statet
Definition: flow_insensitive_analysis.h:93

flow_insensitive_analysist
Definition: flow_insensitive_analysis.h:236

flow_insensitive_analysist::get_reference_set
void get_reference_set(const exprt &expr, expr_sett &expr_set)
Definition: flow_insensitive_analysis.h:262

flow_insensitive_analysist::state
T state
Definition: flow_insensitive_analysis.h:256

flow_insensitive_analysist::locationt
goto_programt::const_targett locationt
Definition: flow_insensitive_analysis.h:244

flow_insensitive_analysist::flow_insensitive_analysist
flow_insensitive_analysist(const namespacet &_ns)
Definition: flow_insensitive_analysis.h:239

flow_insensitive_analysist::get_state
virtual const statet & get_state() const
Definition: flow_insensitive_analysis.h:260

flow_insensitive_analysist::get_data
T & get_data()
Definition: flow_insensitive_analysis.h:252

flow_insensitive_analysist::get_state
virtual statet & get_state()
Definition: flow_insensitive_analysis.h:258

flow_insensitive_analysist::dummy
void dummy(const T &s)
Definition: flow_insensitive_analysis.h:271

flow_insensitive_analysist::clear
virtual void clear()
Definition: flow_insensitive_analysis.h:246

flow_insensitive_analysist::get_data
const T & get_data() const
Definition: flow_insensitive_analysis.h:253

goto_functionst
A collection of goto functions.
Definition: goto_functions.h:25

goto_programt
A generic container class for the GOTO intermediate representation of one function.
Definition: goto_program.h:73

goto_programt::const_targett
instructionst::const_iterator const_targett
Definition: goto_program.h:615

namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition: namespace.h:94

goto_functions.h
Goto Programs with Functions.

goto_programt::instructiont::target_less_than
A total order over targett and const_targett.
Definition: goto_program.h:392