cbmc/full__slicer_8cpp_source.html

/*******************************************************************\


Module: Slicing


Author: Daniel Kroening, kroening@kroening.com


\*******************************************************************/


#include "full_slicer.h"

#include "full_slicer_class.h"


#include <util/find_symbols.h>


#include <goto-programs/adjust_float_expressions.h>

#include <goto-programs/remove_skip.h>


void full_slicert::add_dependencies(

  const cfgt::nodet &node,

  queuet &queue,

  const dependence_grapht &dep_graph,

  const dep_node_to_cfgt &dep_node_to_cfg)

{

  const dependence_grapht::nodet &d_node=

    dep_graph[dep_graph[node.PC].get_node_id()];


  for(dependence_grapht::edgest::const_iterator

      it=d_node.in.begin();

      it!=d_node.in.end();

      ++it)

    add_to_queue(queue, dep_node_to_cfg[it->first], node.PC);

}


void full_slicert::add_function_calls(

  const cfgt::nodet &node,

  queuet &queue,

  const goto_functionst &goto_functions)

{

  goto_functionst::function_mapt::const_iterator f_it =

    goto_functions.function_map.find(node.function_id);

  CHECK_RETURN(f_it != goto_functions.function_map.end());


  CHECK_RETURN(!f_it->second.body.instructions.empty());

  goto_programt::const_targett begin_function=

    f_it->second.body.instructions.begin();


  const auto &entry = cfg.get_node(begin_function);

  for(const auto &in_edge : entry.in)

    add_to_queue(queue, in_edge.first, node.PC);

}


void full_slicert::add_decl_dead(

  const cfgt::nodet &node,

  queuet &queue,

  decl_deadt &decl_dead)

{

  if(decl_dead.empty())

    return;


  find_symbols_sett syms;


  node.PC->apply([&syms](const exprt &e) { find_symbols(e, syms); });


  for(find_symbols_sett::const_iterator

      it=syms.begin();

      it!=syms.end();

      ++it)

  {

    decl_deadt::iterator entry=decl_dead.find(*it);

    if(entry==decl_dead.end())

      continue;


    while(!entry->second.empty())

    {

      add_to_queue(queue, entry->second.top(), node.PC);

      entry->second.pop();

    }


    decl_dead.erase(entry);

  }

}


void full_slicert::add_jumps(

  queuet &queue,

  jumpst &jumps,

  const dependence_grapht::post_dominators_mapt &post_dominators)

{

  // Based on:

  // On slicing programs with jump statements

  // Hiralal Agrawal, PLDI'94

  // Figure 7:

  // Slice = the slice obtained using the conventional slicing algorithm;

  // do {

  //   Traverse the postdominator tree using the preorder traversal,

  //   and for each jump statement, J, encountered that is

  //     (i) not in Slice and

  //     (ii) whose nearest postdominator in Slice is different from

  //          the nearest lexical successor in Slice) do {

  //            Add J to Slice;

  //            Add the transitive closure of the dependences of J to Slice;

  //          }

  // } until no new jump statements may be added to Slice;

  // For each goto statement, Goto L, in Slice, if the statement

  // labeled L is not in Slice then associate the label L with its

  // nearest postdominator in Slice;

  // return (Slice);


  for(jumpst::iterator

      it=jumps.begin();

      it!=jumps.end();

      ) // no ++it

  {

    jumpst::iterator next=it;

    ++next;


    const cfgt::nodet &j=cfg[*it];


    // is j in the slice already?

    if(j.node_required)

    {

      jumps.erase(it);

      it=next;

      continue;

    }


    // check nearest lexical successor in slice

    goto_programt::const_targett lex_succ=j.PC;

    for( ; !lex_succ->is_end_function(); ++lex_succ)

    {

      if(cfg.get_node(lex_succ).node_required)

        break;

    }

    if(lex_succ->is_end_function())

    {

      it=next;

      continue;

    }


    const irep_idt &id = j.function_id;

    const cfg_post_dominatorst &pd=post_dominators.at(id);


    const auto &j_PC_node = pd.get_node(j.PC);


    // find the nearest post-dominator in slice

    if(!pd.dominates(lex_succ, j_PC_node))

    {

      add_to_queue(queue, *it, lex_succ);

      jumps.erase(it);

    }

    else

    {

      // check whether the nearest post-dominator is different from

      // lex_succ

      goto_programt::const_targett nearest=lex_succ;

      std::size_t post_dom_size=0;

      for(cfg_dominatorst::target_sett::const_iterator d_it =

            j_PC_node.dominators.begin();

          d_it != j_PC_node.dominators.end();

          ++d_it)

      {

        const auto &node = cfg.get_node(*d_it);

        if(node.node_required)

        {

          const irep_idt &id2 = node.function_id;

          INVARIANT(id==id2,

                    "goto/jump expected to be within a single function");


          const auto &postdom_node = pd.get_node(*d_it);


          if(postdom_node.dominators.size() > post_dom_size)

          {

            nearest=*d_it;

            post_dom_size = postdom_node.dominators.size();

          }

        }

      }

      if(nearest!=lex_succ)

      {

        add_to_queue(queue, *it, nearest);

        jumps.erase(it);

      }

    }


    it=next;

  }

}


void full_slicert::fixedpoint(

  goto_functionst &goto_functions,

  queuet &queue,

  jumpst &jumps,

  decl_deadt &decl_dead,

  const dependence_grapht &dep_graph)

{

  std::vector<cfgt::entryt> dep_node_to_cfg;

  dep_node_to_cfg.reserve(dep_graph.size());


  for(dependence_grapht::node_indext i = 0; i < dep_graph.size(); ++i)

    dep_node_to_cfg.push_back(cfg.get_node_index(dep_graph[i].PC));


  // process queue until empty

  while(!queue.empty())

  {

    while(!queue.empty())

    {

      cfgt::entryt e=queue.top();

      cfgt::nodet &node=cfg[e];

      queue.pop();


      // already done by some earlier iteration?

      if(node.node_required)

        continue;


      // node is required

      node.node_required=true;


      // add data and control dependencies of node

      add_dependencies(node, queue, dep_graph, dep_node_to_cfg);


      // retain all calls of the containing function

      add_function_calls(node, queue, goto_functions);


      // find all the symbols it uses to add declarations

      add_decl_dead(node, queue, decl_dead);

    }


    // add any required jumps

    add_jumps(queue, jumps, dep_graph.cfg_post_dominators());

  }

}


static bool implicit(goto_programt::const_targett target)

{

  // some variables are used during symbolic execution only


  const irep_idt &statement = target->code().get_statement();

  if(statement==ID_array_copy)

    return true;


  if(!target->is_assign())

    return false;


  const exprt &a_lhs = target->assign_lhs();

  if(a_lhs.id() != ID_symbol)

    return false;


  const symbol_exprt &s = to_symbol_expr(a_lhs);


  return s.get_identifier() == rounding_mode_identifier();

}


void full_slicert::operator()(

  goto_functionst &goto_functions,

  const namespacet &ns,

  const slicing_criteriont &criterion,

  message_handlert &message_handler)

{

  // build the CFG data structure

  cfg(goto_functions);

  for(const auto &gf_entry : goto_functions.function_map)

  {

    forall_goto_program_instructions(i_it, gf_entry.second.body)

      cfg.get_node(i_it).function_id = gf_entry.first;

  }


  // fill queue with according to slicing criterion

  queuet queue;

  // gather all unconditional jumps as they may need to be included

  jumpst jumps;

  // declarations or dead instructions may be necessary as well

  decl_deadt decl_dead;


  for(const auto &instruction_and_index : cfg.entries())

  {

    const auto &instruction = instruction_and_index.first;

    const auto instruction_node_index = instruction_and_index.second;

    if(criterion(cfg[instruction_node_index].function_id, instruction))

      add_to_queue(queue, instruction_node_index, instruction);

    else if(implicit(instruction))

      add_to_queue(queue, instruction_node_index, instruction);

    else if(

      (instruction->is_goto() && instruction->condition().is_true()) ||

      instruction->is_throw())

      jumps.push_back(instruction_node_index);

    else if(instruction->is_decl())

    {

      const auto &s = instruction->decl_symbol();

      decl_dead[s.get_identifier()].push(instruction_node_index);

    }

    else if(instruction->is_dead())

    {

      const auto &s = instruction->dead_symbol();

      decl_dead[s.get_identifier()].push(instruction_node_index);

    }

  }


  // compute program dependence graph (and post-dominators)

  dependence_grapht dep_graph(ns, message_handler);

  dep_graph(goto_functions, ns);


  // compute the fixedpoint

  fixedpoint(goto_functions, queue, jumps, decl_dead, dep_graph);


  // now replace those instructions that are not needed

  // by skips


  for(auto &gf_entry : goto_functions.function_map)

  {

    if(gf_entry.second.body_available())

    {

      Forall_goto_program_instructions(i_it, gf_entry.second.body)

      {

        const auto &cfg_node = cfg.get_node(i_it);

        if(

          !i_it->is_end_function() && // always retained

          !cfg_node.node_required)

        {

          i_it->turn_into_skip();

        }

#ifdef DEBUG_FULL_SLICERT

        else

        {

          std::string c="ins:"+std::to_string(i_it->location_number);

          c+=" req by:";

          for(std::set<unsigned>::const_iterator req_it =

                cfg_node.required_by.begin();

              req_it != cfg_node.required_by.end();

              ++req_it)

          {

            if(req_it != cfg_node.required_by.begin())

              c+=",";

            c+=std::to_string(*req_it);

          }

          i_it->source_location.set_column(c);  // for show-goto-functions

          i_it->source_location.set_comment(c); // for dump-c

        }

#endif

      }

    }

  }


  // remove the skips

  remove_skip(goto_functions);

}


void full_slicer(

  goto_functionst &goto_functions,

  const namespacet &ns,

  const slicing_criteriont &criterion,

  message_handlert &message_handler)

{

  full_slicert()(goto_functions, ns, criterion, message_handler);

}


void full_slicer(

  goto_functionst &goto_functions,

  const namespacet &ns,

  message_handlert &message_handler)

{

  assert_criteriont a;

  full_slicert()(goto_functions, ns, a, message_handler);

}


void full_slicer(goto_modelt &goto_model, message_handlert &message_handler)

{

  assert_criteriont a;

  const namespacet ns(goto_model.symbol_table);

  full_slicert()(goto_model.goto_functions, ns, a, message_handler);

}


void property_slicer(

  goto_functionst &goto_functions,

  const namespacet &ns,

  const std::list<std::string> &properties,

  message_handlert &message_handler)

{

  properties_criteriont p(properties);

  full_slicert()(goto_functions, ns, p, message_handler);

}


void property_slicer(

  goto_modelt &goto_model,

  const std::list<std::string> &properties,

  message_handlert &message_handler)

{

  const namespacet ns(goto_model.symbol_table);

  property_slicer(goto_model.goto_functions, ns, properties, message_handler);

}


slicing_criteriont::~slicing_criteriont()

{

}


rounding_mode_identifier
irep_idt rounding_mode_identifier()
Return the identifier of the program symbol used to store the current rounding mode.
Definition adjust_float_expressions.cpp:24

adjust_float_expressions.h
Symbolic Execution.

ait
ait supplies three of the four components needed: an abstract interpreter (in this case handling func...
Definition ai.h:562

assert_criteriont
Definition full_slicer_class.h:112

cfg_baset::entries
const entry_mapt & entries() const
Get a map from program points to their corresponding node indices.
Definition cfg.h:259

cfg_baset< cfg_nodet >::entryt
base_grapht::node_indext entryt
Definition cfg.h:91

cfg_baset::get_node
nodet & get_node(const goto_programt::const_targett &program_point)
Get the CFG graph node relating to program_point.
Definition cfg.h:245

cfg_baset::get_node_index
entryt get_node_index(const goto_programt::const_targett &program_point) const
Get the graph node index for program_point.
Definition cfg.h:239

dependence_grapht
Definition dependence_graph.h:221

dependence_grapht::post_dominators_mapt
std::map< irep_idt, cfg_post_dominatorst > post_dominators_mapt
Definition dependence_graph.h:226

dstringt
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Definition dstring.h:38

exprt
Base class for all expressions.
Definition expr.h:56

full_slicert
Definition full_slicer_class.h:39

full_slicert::add_function_calls
void add_function_calls(const cfgt::nodet &node, queuet &queue, const goto_functionst &goto_functions)
Definition full_slicer.cpp:36

full_slicert::jumpst
std::list< cfgt::entryt > jumpst
Definition full_slicer_class.h:66

full_slicert::add_to_queue
void add_to_queue(queuet &queue, const cfgt::entryt &entry, goto_programt::const_targett reason)
Definition full_slicer_class.h:97

full_slicert::decl_deadt
std::unordered_map< irep_idt, queuet > decl_deadt
Definition full_slicer_class.h:67

full_slicert::add_dependencies
void add_dependencies(const cfgt::nodet &node, queuet &queue, const dependence_grapht &dep_graph, const dep_node_to_cfgt &dep_node_to_cfg)
Definition full_slicer.cpp:20

full_slicert::fixedpoint
void fixedpoint(goto_functionst &goto_functions, queuet &queue, jumpst &jumps, decl_deadt &decl_dead, const dependence_grapht &dep_graph)
Definition full_slicer.cpp:190

full_slicert::add_decl_dead
void add_decl_dead(const cfgt::nodet &node, queuet &queue, decl_deadt &decl_dead)
Definition full_slicer.cpp:54

full_slicert::cfg
cfgt cfg
Definition full_slicer_class.h:62

full_slicert::operator()
void operator()(goto_functionst &goto_functions, const namespacet &ns, const slicing_criteriont &criterion, message_handlert &message_handler)
Definition full_slicer.cpp:254

full_slicert::queuet
std::stack< cfgt::entryt > queuet
Definition full_slicer_class.h:65

full_slicert::dep_node_to_cfgt
std::vector< cfgt::entryt > dep_node_to_cfgt
Definition full_slicer_class.h:64

full_slicert::add_jumps
void add_jumps(queuet &queue, jumpst &jumps, const dependence_grapht::post_dominators_mapt &post_dominators)
Definition full_slicer.cpp:85

goto_functionst
A collection of goto functions.
Definition goto_functions.h:25

goto_functionst::function_map
function_mapt function_map
Definition goto_functions.h:29

goto_modelt
Definition goto_model.h:27

goto_modelt::symbol_table
symbol_tablet symbol_table
Symbol table.
Definition goto_model.h:31

goto_modelt::goto_functions
goto_functionst goto_functions
GOTO functions.
Definition goto_model.h:34

goto_programt::const_targett
instructionst::const_iterator const_targett
Definition goto_program.h:614

grapht::nodet
N nodet
Definition graph.h:169

grapht< dep_nodet >::node_indext
nodet::node_indext node_indext
Definition graph.h:173

message_handlert
Definition message.h:27

namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition namespace.h:91

properties_criteriont
Definition full_slicer_class.h:140

slicing_criteriont
Definition full_slicer.h:37

slicing_criteriont::~slicing_criteriont
virtual ~slicing_criteriont()
Definition full_slicer.cpp:392

symbol_exprt
Expression to hold a symbol (variable)
Definition std_expr.h:131

symbol_exprt::get_identifier
const irep_idt & get_identifier() const
Definition std_expr.h:160

find_symbols
static bool find_symbols(symbol_kindt, const typet &, std::function< bool(const symbol_exprt &)>, std::unordered_set< irep_idt > &bindings, const std::vector< irep_idt > &subs_to_find)
Find identifiers with id ID_symbol of the sub expressions and the subs with ID in subs_to_find consid...
Definition find_symbols.cpp:152

find_symbols.h

find_symbols_sett
std::unordered_set< irep_idt > find_symbols_sett
Definition find_symbols.h:22

implicit
static bool implicit(goto_programt::const_targett target)
Definition full_slicer.cpp:234

property_slicer
void property_slicer(goto_functionst &goto_functions, const namespacet &ns, const std::list< std::string > &properties, message_handlert &message_handler)
Definition full_slicer.cpp:373

full_slicer
void full_slicer(goto_functionst &goto_functions, const namespacet &ns, const slicing_criteriont &criterion, message_handlert &message_handler)
Definition full_slicer.cpp:348

full_slicer.h
Slicing.

full_slicer_class.h
Goto Program Slicing.

forall_goto_program_instructions
#define forall_goto_program_instructions(it, program)
Definition goto_program.h:1228

Forall_goto_program_instructions
#define Forall_goto_program_instructions(it, program)
Definition goto_program.h:1233

remove_skip
void remove_skip(goto_programt &goto_program, goto_programt::targett begin, goto_programt::targett end)
remove unnecessary skip statements
Definition remove_skip.cpp:87

remove_skip.h
Program Transformation.

CHECK_RETURN
#define CHECK_RETURN(CONDITION)
Definition invariant.h:495

INVARIANT
#define INVARIANT(CONDITION, REASON)
This macro uses the wrapper function 'invariant_violated_string'.
Definition invariant.h:423

to_symbol_expr
const symbol_exprt & to_symbol_expr(const exprt &expr)
Cast an exprt to a symbol_exprt.
Definition std_expr.h:272

dep_nodet
Definition dependence_graph.h:59