199 const exprt &src_expr,
217 std::optional<goto_check_ct::conditiont>
220 const exprt &address,
223 const exprt &pointer,
227 const exprt &address,
246 const exprt &asserted_expr,
248 const std::string &property_class,
251 const exprt &src_expr,
372 "Flag " +
id2string(flag_name) +
" set twice at \n" +
374 if(flag != new_value)
389 "Flag " +
id2string(flag_name) +
" disabled twice at \n" +
410 *flag_pair.first = flag_pair.second;
422 if(rhs.
id() == ID_implies)
426 and_exprt(std::move(lhs), rhs_implication.lhs()), rhs_implication.rhs());
438 for(
const auto &instruction : gf_entry.second.body.instructions)
440 if(!instruction.is_function_call())
443 const auto &
function = instruction.call_function();
445 function.
id() != ID_symbol ||
451 instruction.call_arguments();
453 args.size() != 2 || args[0].type().id() != ID_unsignedbv ||
454 args[1].type().id() != ID_unsignedbv)
459 args[0].type() == args[1].type(),
460 "arguments of allocated_memory must have same type");
468 if(lhs.
id() == ID_index)
470 else if(lhs.
id() == ID_member)
472 else if(lhs.
id() == ID_symbol)
532 "floating-point division by zero",
533 "float-division-by-zero",
547 for(
const auto &d : pragmas)
549 if(d.first ==
"disable:enum-range-check")
577 if(distance_type.
id() == ID_signedbv)
584 "shift distance is negative",
594 if(op_type.
id() == ID_unsignedbv || op_type.
id() == ID_signedbv)
601 "shift distance too large",
608 if(op_type.
id() == ID_signedbv && expr.
id() == ID_shl)
615 "shift operand is negative",
627 "shift of non-integer type",
666 const auto &type = expr.
type();
668 if(type.id() == ID_signedbv)
682 or_exprt(int_min_neq, minus_one_neq),
683 "result of signed mod is not representable",
700 if(type.
id() != ID_signedbv && type.
id() != ID_unsignedbv)
703 if(expr.
id() == ID_typecast)
708 const typet &old_type = op.type();
710 if(type.
id() == ID_signedbv)
714 if(old_type.
id() == ID_signedbv)
717 if(new_width >= old_width)
727 and_exprt(no_overflow_lower, no_overflow_upper),
728 "arithmetic overflow on signed type conversion",
735 else if(old_type.
id() == ID_unsignedbv)
738 if(new_width >= old_width + 1)
746 "arithmetic overflow on unsigned to signed type conversion",
753 else if(old_type.
id() == ID_floatbv)
767 and_exprt(no_overflow_lower, no_overflow_upper),
768 "arithmetic overflow on float to signed integer type conversion",
776 else if(type.
id() == ID_unsignedbv)
780 if(old_type.
id() == ID_signedbv)
784 if(new_width >= old_width - 1)
792 "arithmetic overflow on signed to unsigned type conversion",
809 and_exprt(no_overflow_lower, no_overflow_upper),
810 "arithmetic overflow on signed to unsigned type conversion",
818 else if(old_type.
id() == ID_unsignedbv)
821 if(new_width >= old_width)
829 "arithmetic overflow on unsigned to unsigned type conversion",
836 else if(old_type.
id() == ID_floatbv)
850 and_exprt(no_overflow_lower, no_overflow_upper),
851 "arithmetic overflow on float to unsigned integer type conversion",
880 if(expr.
id() == ID_div)
883 if(type.
id() == ID_signedbv)
894 "arithmetic overflow on signed division",
904 else if(expr.
id() == ID_unary_minus)
906 if(type.
id() == ID_signedbv)
916 "arithmetic overflow on signed unary minus",
923 else if(type.
id() == ID_unsignedbv)
933 "arithmetic overflow on unsigned unary minus",
943 else if(expr.
id() == ID_shl)
945 if(type.
id() == ID_signedbv)
948 const auto &op = shl_expr.op();
950 const auto op_width = op_type.get_width();
951 const auto &distance = shl_expr.distance();
952 const auto &distance_type = distance.type();
956 exprt neg_value_shift;
958 if(op_type.id() == ID_unsignedbv)
966 exprt neg_dist_shift;
968 if(distance_type.id() == ID_unsignedbv)
979 distance, ID_gt,
from_integer(op_width, distance_type));
984 new_type.set_width(op_width * 2);
995 bool allow_shift_into_sign_bit =
true;
1003 allow_shift_into_sign_bit =
false;
1006 else if(
mode == ID_cpp)
1013 allow_shift_into_sign_bit =
false;
1017 const unsigned number_of_top_bits =
1018 allow_shift_into_sign_bit ? op_width : op_width + 1;
1022 new_type.get_width() - number_of_top_bits,
1025 const exprt top_bits_zero =
1040 "arithmetic overflow on signed shl",
1059 for(std::size_t i = 1; i < expr.
operands().size(); i++)
1071 std::string kind = type.
id() == ID_unsignedbv ?
"unsigned" :
"signed";
1075 "arithmetic overflow on " + kind +
" " + expr.
id_string(),
1083 else if(expr.
operands().size() == 2)
1085 std::string kind = type.
id() == ID_unsignedbv ?
"unsigned" :
"signed";
1090 "arithmetic overflow on " + kind +
" " + expr.
id_string(),
1101 std::string kind = type.
id() == ID_unsignedbv ?
"unsigned" :
"signed";
1105 "arithmetic overflow on " + kind +
" " + expr.
id_string(),
1122 if(type.
id() != ID_floatbv)
1127 if(expr.
id() == ID_typecast)
1132 if(op.type().id() == ID_floatbv)
1138 std::move(overflow_check),
1139 "arithmetic overflow on floating-point typecast",
1151 "arithmetic overflow on floating-point typecast",
1161 else if(expr.
id() == ID_div)
1168 std::move(overflow_check),
1169 "arithmetic overflow on floating-point division",
1178 else if(expr.
id() == ID_mod)
1183 else if(expr.
id() == ID_unary_minus)
1188 else if(expr.
id() == ID_plus || expr.
id() == ID_mult || expr.
id() == ID_minus)
1198 std::string kind = expr.
id() == ID_plus ?
"addition"
1199 : expr.
id() == ID_minus ?
"subtraction"
1200 : expr.
id() == ID_mult ?
"multiplication"
1204 std::move(overflow_check),
1205 "arithmetic overflow on floating-point " + kind,
1214 else if(expr.
operands().size() >= 3)
1231 if(expr.
type().
id() != ID_floatbv)
1235 expr.
id() != ID_plus && expr.
id() != ID_mult && expr.
id() != ID_div &&
1236 expr.
id() != ID_minus)
1243 if(expr.
id() == ID_div)
1252 div_expr.op0(),
from_integer(0, div_expr.dividend().type())),
1254 div_expr.op1(),
from_integer(0, div_expr.divisor().type())));
1260 else if(expr.
id() == ID_mult)
1271 mult_expr.op1(),
from_integer(0, mult_expr.op1().type())));
1275 mult_expr.op1(),
from_integer(0, mult_expr.op1().type())),
1280 else if(expr.
id() == ID_plus)
1301 else if(expr.
id() == ID_minus)
1351 "same object violation",
1358 for(
const auto &pointer : expr.
operands())
1365 for(
const auto &c : conditions)
1369 "pointer relation: " + c.description,
1370 "pointer arithmetic",
1387 if(expr.
id() != ID_plus && expr.
id() != ID_minus)
1392 "pointer arithmetic expected to have exactly 2 operands");
1397 if(object_type.
id() != ID_empty)
1404 exprt offset_operand = binary_expr.
lhs().
type().
id() == ID_pointer
1406 : binary_expr.
lhs();
1424 for(
const auto &c : conditions)
1428 "pointer arithmetic: " + c.description,
1429 "pointer arithmetic",
1439 const exprt &src_expr,
1449 if(expr.
type().
id() == ID_empty)
1461 size = size_of_expr_opt.value();
1466 for(
const auto &c : conditions)
1470 "dereference failure: " + c.description,
1471 "pointer dereference",
1489 const exprt pointer =
1490 (expr.
id() == ID_r_ok || expr.
id() == ID_w_ok || expr.
id() == ID_rw_ok)
1498 if(pointer.
id() == ID_symbol)
1508 for(
const auto &c : conditions)
1513 "pointer primitives",
1534 expr.
id() == ID_w_ok || expr.
id() == ID_rw_ok ||
1536 expr.
id() == ID_is_dynamic_object;
1541 const exprt &address,
1548 conditions.push_front(*maybe_null_condition);
1563 if(expr.
id() == ID_index)
1566 (expr.
id() == ID_count_leading_zeros &&
1568 (expr.
id() == ID_count_trailing_zeros &&
1581 if(array_type.
id() == ID_pointer)
1582 throw "index got pointer as array type";
1583 else if(array_type.
id() != ID_array && array_type.
id() != ID_vector)
1584 throw "bounds check expected array or vector type, got " +
1593 if(index.
type().
id() != ID_unsignedbv)
1597 index.
id() == ID_typecast &&
1604 const auto i = numeric_cast<mp_integer>(index);
1606 if(!i.has_value() || *i < 0)
1618 effective_offset, p_offset.
type())};
1625 effective_offset, ID_ge, std::move(zero));
1629 name +
" lower bound",
1654 exprt in_bounds_of_some_explicit_allocation =
1660 std::move(in_bounds_of_some_explicit_allocation), inequality);
1664 name +
" dynamic object upper bound",
1674 const exprt &size = array_type.
id() == ID_array
1678 if(size.
is_nil() && !array_type.
get_bool(ID_C_flexible_array_member))
1683 else if(size.
id() == ID_infinity)
1687 expr.
array().
id() == ID_member &&
1698 const auto type_size_opt =
1709 name +
" upper bound",
1723 name +
" upper bound",
1738 if(expr.
id() == ID_count_leading_zeros)
1740 else if(expr.
id() == ID_count_trailing_zeros)
1747 "count " + name +
" zeros is undefined for value zero",
1756 const exprt &asserted_expr,
1758 const std::string &property_class,
1761 const exprt &src_expr,
1765 exprt simplified_expr =
1775 if(
assertions.insert(std::make_pair(src_expr, guarded_expr)).second)
1777 std::string source_expr_string;
1789 std::move(guarded_expr), annotated_location));
1797 std::move(guarded_expr), annotated_location));
1805 if(expr.
id() == ID_exists || expr.
id() == ID_forall)
1808 if(expr.
id() == ID_dereference)
1812 else if(expr.
id() == ID_index)
1820 for(
const auto &operand : expr.
operands())
1828 expr.
id() == ID_and || expr.
id() == ID_or || expr.
id() == ID_implies);
1831 "'" + expr.
id_string() +
"' must be Boolean, but got " + expr.
pretty());
1835 for(
const auto &op : expr.
operands())
1839 "'" + expr.
id_string() +
"' takes Boolean operands only, but got " +
1842 auto new_guard = [&
guard, &constraints](
exprt expr) {
1856 "first argument of if must be boolean, but got " + if_expr.
cond().
pretty());
1861 auto new_guard = [&
guard, &if_expr](
exprt expr) {
1868 auto new_guard = [&
guard, &if_expr](
exprt expr) {
1892 if(member_offset_opt.has_value())
1921 div_expr.
type().
id() == ID_signedbv ||
1922 div_expr.
type().
id() == ID_unsignedbv || div_expr.
type().
id() == ID_c_bool)
1927 else if(div_expr.
type().
id() == ID_floatbv)
1936 if(div_expr.
type().
id() == ID_signedbv)
1938 else if(div_expr.
type().
id() == ID_floatbv)
1949 if(expr.
type().
id() == ID_signedbv || expr.
type().
id() == ID_unsignedbv)
1954 expr.
operands().size() == 2 && expr.
id() == ID_minus &&
1955 expr.
operands()[0].type().id() == ID_pointer &&
1956 expr.
operands()[1].type().id() == ID_pointer)
1961 else if(expr.
type().
id() == ID_floatbv)
1966 else if(expr.
type().
id() == ID_pointer)
1974 if(expr.
id() == ID_exists || expr.
id() == ID_forall)
1979 auto new_guard = [&
guard, &quantifier_expr](
exprt expr) {
1983 check_rec(quantifier_expr.where(), new_guard);
1986 else if(expr.
id() == ID_address_of)
1991 else if(expr.
id() == ID_and || expr.
id() == ID_or || expr.
id() == ID_implies)
1996 else if(expr.
id() == ID_if)
2002 expr.
id() == ID_member &&
2009 for(
const auto &op : expr.
operands())
2012 if(expr.
type().
id() == ID_c_enum_tag)
2015 if(expr.
id() == ID_index)
2019 else if(expr.
id() == ID_div)
2023 else if(expr.
id() == ID_shl || expr.
id() == ID_ashr || expr.
id() == ID_lshr)
2027 if(expr.
id() == ID_shl && expr.
type().
id() == ID_signedbv)
2030 else if(expr.
id() == ID_mod)
2036 expr.
id() == ID_plus || expr.
id() == ID_minus || expr.
id() == ID_mult ||
2037 expr.
id() == ID_unary_minus)
2041 else if(expr.
id() == ID_typecast)
2044 expr.
id() == ID_le || expr.
id() == ID_lt || expr.
id() == ID_ge ||
2047 else if(expr.
id() == ID_dereference)
2056 expr.
id() == ID_count_leading_zeros || expr.
id() == ID_count_trailing_zeros)
2082 "dynamically allocated memory never freed",
2091 const irep_idt &function_identifier,
2094 const auto &function_symbol =
ns.
lookup(function_identifier);
2095 mode = function_symbol.mode;
2102 bool did_something =
false;
2105 std::make_unique<local_bitvector_analysist>(goto_function,
ns);
2116 for(
const auto &d : pragmas)
2120 if(matched.has_value())
2122 auto named_check = matched.value();
2123 auto name = named_check.first;
2124 auto status = named_check.second;
2128 case check_statust::ENABLE:
2129 resetter.
set_flag(*flag,
true, name);
2131 case check_statust::DISABLE:
2132 resetter.
set_flag(*flag,
false, name);
2134 case check_statust::CHECKED:
2164 annotated_location.
set_comment(
"error label " + label);
2165 annotated_location.
set(
"user-provided",
true);
2183 const irep_idt &statement = code.get_statement();
2185 if(statement == ID_expression)
2189 else if(statement == ID_printf)
2191 for(
const auto &op : code.operands())
2249 (function_identifier ==
"abort" || function_identifier ==
"exit" ||
2250 function_identifier ==
"_Exit" ||
2251 (i.
labels.size() == 1 && i.
labels.front() ==
"__VERIFIER_abort")))
2271 std::move(address_of_expr),
2291 if(instruction.source_location().is_nil())
2293 instruction.source_location_nonconst().id(
irep_idt());
2295 if(!it->source_location().get_file().empty())
2296 instruction.source_location_nonconst().set_file(
2297 it->source_location().get_file());
2299 if(!it->source_location().get_line().empty())
2300 instruction.source_location_nonconst().set_line(
2301 it->source_location().get_line());
2303 if(!it->source_location().get_function().empty())
2304 instruction.source_location_nonconst().set_function(
2305 it->source_location().get_function());
2307 if(!it->source_location().get_column().empty())
2309 instruction.source_location_nonconst().set_column(
2310 it->source_location().get_column());
2351 const exprt &address,
2361 const exprt in_bounds_of_some_explicit_allocation =
2376 in_bounds_of_some_explicit_allocation,
2378 "deallocated dynamic object"));
2385 in_bounds_of_some_explicit_allocation,
2392 const or_exprt object_bounds_violation(
2398 in_bounds_of_some_explicit_allocation,
2400 "pointer outside dynamic object bounds"));
2405 const or_exprt object_bounds_violation(
2411 in_bounds_of_some_explicit_allocation,
2413 "pointer outside object bounds"));
2421 "invalid integer address"));
2427 std::optional<goto_check_ct::conditiont>
2429 const exprt &address,
2450 const exprt &pointer,
2464 std::move(upper_bound), ID_le,
plus_exprt{a.first, a.second}};
2466 alloc_disjuncts.push_back(
2467 and_exprt{std::move(lb_check), std::move(ub_check)});
2473 const irep_idt &function_identifier,
2480 goto_check.
goto_check(function_identifier, goto_function);
2495 goto_check.
goto_check(gf_entry.first, gf_entry.second);
2527 auto col = s.find(
":");
2529 if(col == std::string::npos)
2532 auto name = s.substr(col + 1);
2538 if(!s.compare(0, 6,
"enable"))
2539 status = check_statust::ENABLE;
2540 else if(!s.compare(0, 7,
"disable"))
2541 status = check_statust::DISABLE;
2542 else if(!s.compare(0, 7,
"checked"))
2543 status = check_statust::CHECKED;
2548 return std::pair<irep_idt, check_statust>{name, status};
std::string array_name(const namespacet &ns, const exprt &expr)
API to expression classes for bitvectors.
const shift_exprt & to_shift_expr(const exprt &expr)
Cast an exprt to a shift_exprt.
const count_trailing_zeros_exprt & to_count_trailing_zeros_expr(const exprt &expr)
Cast an exprt to a count_trailing_zeros_exprt.
const shl_exprt & to_shl_expr(const exprt &expr)
Cast an exprt to a shl_exprt.
const count_leading_zeros_exprt & to_count_leading_zeros_expr(const exprt &expr)
Cast an exprt to a count_leading_zeros_exprt.
const floatbv_typet & to_floatbv_type(const typet &type)
Cast a typet to a floatbv_typet.
const signedbv_typet & to_signedbv_type(const typet &type)
Cast a typet to a signedbv_typet.
const bitvector_typet & to_bitvector_type(const typet &type)
Cast a typet to a bitvector_typet.
const unsignedbv_typet & to_unsignedbv_type(const typet &type)
Cast a typet to an unsignedbv_typet.
API to expression classes that are internal to the C frontend.
static exprt guard(const exprt::operandst &guards, exprt cond)
pointer_typet pointer_type(const typet &subtype)
signedbv_typet pointer_diff_type()
bitvector_typet char_type()
Operator to return the address of an object.
const exprt & size() const
A base class for binary expressions.
A Boolean expression returning true, iff operation kind would result in an overflow when applied to o...
A base class for expressions that are predicates, i.e., Boolean-typed, and that take exactly two argu...
A base class for relations, i.e., binary predicates whose two operands have the same type.
std::size_t get_width() const
A goto_instruction_codet representing an assignment in the program.
exprt::operandst argumentst
struct configt::ansi_ct ansi_c
Operator to dereference a pointer.
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
A Boolean expression returning true, iff the value of an enum-typed symbol equals one of the enum's d...
Base class for all expressions.
const source_locationt & find_source_location() const
Get a source_locationt from the expression or from its operands (non-recursively).
std::vector< exprt > operandst
bool is_true() const
Return whether the expression is a constant representing true.
source_locationt & add_source_location()
bool is_boolean() const
Return whether the expression represents a Boolean.
const source_locationt & source_location() const
bool is_false() const
Return whether the expression is a constant representing false.
bool is_zero() const
Return whether the expression is a constant representing 0.
typet & type()
Return the type of the expression.
The Boolean constant false.
~flag_overridet()
Restore the values of all flags that have been modified via set_flag.
void disable_flag(bool &flag, const irep_idt &flag_name)
Sets the given flag to false, overriding any previous value.
void set_flag(bool &flag, bool new_value, const irep_idt &flag_name)
Store the current value of flag and then set its value to new_value.
std::map< bool *, bool > flags_to_reset
flag_overridet(const source_locationt &source_location)
std::set< bool * > disabled_flags
const source_locationt & source_location
std::optional< std::pair< irep_idt, check_statust > > named_check_statust
optional (named-check, status) pair
named_check_statust match_named_check(const irep_idt &named_check) const
Matches a named-check string of the form.
void goto_check(const irep_idt &function_identifier, goto_functiont &goto_function)
void check_rec(const exprt &expr, const guardt &guard)
Recursively descend into expr and run the appropriate check for each sub-expression,...
void check_rec_logical_op(const exprt &expr, const guardt &guard)
Check a logical operation: check each operand in separation while extending the guarding condition as...
bool enable_float_div_by_zero_check
void check_rec_address(const exprt &expr, const guardt &guard)
Check an address-of expression: if it is a dereference then check the pointer if it is an index then ...
std::function< exprt(exprt)> guardt
std::string array_name(const exprt &)
void collect_allocations(const goto_functionst &goto_functions)
Fill the list of allocations allocationst with <address, size> for every allocation instruction.
bool enable_pointer_check
void memory_leak_check(const irep_idt &function_id)
exprt is_in_bounds_of_some_explicit_allocation(const exprt &pointer, const exprt &size)
std::optional< goto_check_ct::conditiont > get_pointer_is_null_condition(const exprt &address, const exprt &size)
void enum_range_check(const exprt &, const guardt &)
void invalidate(const exprt &lhs)
Remove all assertions containing the symbol in lhs as well as all assertions containing dereference.
void float_div_by_zero_check(const div_exprt &, const guardt &)
check_statust
activation statuses for named checks
void float_overflow_check(const exprt &, const guardt &)
bool enable_pointer_primitive_check
void mod_overflow_check(const mod_exprt &, const guardt &)
check a mod expression for the case INT_MIN % -1
bool requires_pointer_primitive_check(const exprt &expr)
Returns true if the given expression is a pointer primitive that requires validation of the operand t...
std::map< irep_idt, bool * > name_to_flag
Maps a named-check name to the corresponding boolean flag.
std::list< conditiont > conditionst
bool enable_float_overflow_check
bool enable_conversion_check
void check_rec_div(const div_exprt &div_expr, const guardt &guard)
Check that a division is valid: check for division by zero, overflow and NaN (for floating point numb...
bool enable_pointer_overflow_check
void pointer_primitive_check(const exprt &expr, const guardt &guard)
Generates VCCs to check that pointers passed to pointer primitives are either null or valid.
void bounds_check_index(const index_exprt &, const guardt &)
bool enable_signed_overflow_check
void check(const exprt &expr)
Initiate the recursively analysis of expr with its ‘guard’ set to TRUE.
conditionst get_pointer_dereferenceable_conditions(const exprt &address, const exprt &size)
bool check_rec_member(const member_exprt &member, const guardt &guard)
Check that a member expression is valid:
goto_functionst::goto_functiont goto_functiont
void bounds_check(const exprt &, const guardt &)
std::pair< exprt, exprt > allocationt
void pointer_overflow_check(const exprt &, const guardt &)
bool enable_memory_leak_check
void add_guarded_property(const exprt &asserted_expr, const std::string &comment, const std::string &property_class, bool is_fatal, const source_locationt &source_location, const exprt &src_expr, const guardt &guard)
Include the asserted_expr in the code conditioned by the guard.
void conversion_check(const exprt &, const guardt &)
void check_rec_if(const if_exprt &if_expr, const guardt &guard)
Check an if expression: check the if-condition alone, and then check the true/false-cases with the gu...
void integer_overflow_check(const exprt &, const guardt &)
bool enable_assert_to_assume
bool enable_memory_cleanup_check
void nan_check(const exprt &, const guardt &)
bool enable_undefined_shift_check
std::list< allocationt > allocationst
bool enable_enum_range_check
goto_programt::const_targett current_target
void add_all_checked_named_check_pragmas(source_locationt &source_location) const
Adds "checked" pragmas for all named checks on the given source location (prevents any the instanciat...
void div_by_zero_check(const div_exprt &, const guardt &)
optionst::value_listt error_labelst
void add_active_named_check_pragmas(source_locationt &source_location) const
Adds "checked" pragmas for all currently active named checks on the given source location.
void pointer_rel_check(const binary_exprt &, const guardt &)
goto_check_ct(const namespacet &_ns, const optionst &_options, message_handlert &_message_handler)
conditionst get_pointer_points_to_valid_memory_conditions(const exprt &address, const exprt &size)
bool enable_unsigned_overflow_check
void bounds_check_bit_count(const unary_exprt &, const guardt &)
bool enable_div_by_zero_check
void check_shadow_memory_api_calls(const goto_programt::instructiont &)
error_labelst error_labels
void check_rec_arithmetic_op(const exprt &expr, const guardt &guard)
Check that an arithmetic operation is valid: overflow check, NaN-check (for floating point numbers),...
void undefined_shift_check(const shift_exprt &, const guardt &)
std::unique_ptr< local_bitvector_analysist > local_bitvector_analysis
void mod_by_zero_check(const mod_exprt &, const guardt &)
std::set< std::pair< exprt, exprt > > assertionst
void pointer_validity_check(const dereference_exprt &expr, const exprt &src_expr, const guardt &guard)
Generates VCCs for the validity of the given dereferencing operation.
A collection of goto functions.
function_mapt function_map
::goto_functiont goto_functiont
static irep_idt entry_point()
Get the identifier of the entry point to a goto model.
A goto function, consisting of function body (see body) and parameter identifiers (see parameter_iden...
symbol_tablet symbol_table
Symbol table.
goto_functionst goto_functions
GOTO functions.
This class represents an instruction in the GOTO intermediate representation.
bool is_end_function() const
const exprt & condition() const
Get the condition of gotos, assume, assert.
const exprt & call_lhs() const
Get the lhs of a FUNCTION_CALL (may be nil)
bool is_target() const
Is this node a branch target?
bool is_set_return_value() const
const exprt & call_function() const
Get the function that is called for FUNCTION_CALL.
bool has_condition() const
Does this instruction have a condition?
const exprt & return_value() const
Get the return value of a SET_RETURN_VALUE instruction.
const goto_instruction_codet & get_other() const
Get the statement for OTHER.
source_locationt & source_location_nonconst()
const exprt & assign_rhs() const
Get the rhs of the assignment for ASSIGN.
const source_locationt & source_location() const
const symbol_exprt & dead_symbol() const
Get the symbol for DEAD.
bool is_function_call() const
const exprt & assign_lhs() const
Get the lhs of the assignment for ASSIGN.
const exprt::operandst & call_arguments() const
Get the arguments of a FUNCTION_CALL.
A generic container class for the GOTO intermediate representation of one function.
static instructiont make_assumption(const exprt &g, const source_locationt &l=source_locationt::nil())
instructionst instructions
The list of instructions in the goto program.
void clear()
Clear the goto program.
void insert_before_swap(targett target)
Insertion that preserves jumps to "target".
instructionst::const_iterator const_targett
static instructiont make_assignment(const code_assignt &_code, const source_locationt &l=source_locationt::nil())
Create an assignment instruction.
targett add(instructiont &&instruction)
Adds a given instruction at the end.
static instructiont make_assertion(const exprt &g, const source_locationt &l=source_locationt::nil())
IEEE-floating-point equality.
constant_exprt to_expr() const
static ieee_floatt plus_infinity(const ieee_float_spect &_spec)
static ieee_floatt minus_infinity(const ieee_float_spect &_spec)
void from_integer(const mp_integer &i)
The trinary if-then-else operator.
bool get_bool(const irep_idt &name) const
std::string pretty(unsigned indent=0, unsigned max_indent=0) const
const std::string & id_string() const
void set(const irep_idt &name, const irep_idt &value)
const irep_idt & id() const
Evaluates to true if the operand is infinite.
Extract member of struct or union.
const exprt & struct_op() const
Class that provides messages with a built-in verbosity 'level'.
Modulo defined as lhs-(rhs * truncate(lhs/rhs)).
exprt & divisor()
The divisor of a division is the number the dividend is being divided by.
Binary multiplication Associativity is not specified.
A base class for multi-ary expressions Associativity is not specified.
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
bool lookup(const irep_idt &name, const symbolt *&symbol) const override
See documentation for namespace_baset::lookup().
The null pointer constant.
Split an expression into a base object and a (byte) offset.
void build(const exprt &expr, const namespacet &ns)
Given an expression expr, attempt to find the underlying object it represents by skipping over type c...
static const exprt & root_object(const exprt &expr)
bool get_bool_option(const std::string &option) const
const value_listt & get_list_option(const std::string &option) const
std::list< std::string > value_listt
The plus expression Associativity is not specified.
The pointer type These are both 'bitvector_typet' (they have a width) and 'type_with_subtypet' (they ...
const typet & base_type() const
The type of the data what we point to.
const exprt & pointer() const
const exprt & pointer() const
A base class for shift and rotate operators.
A side_effect_exprt that returns a non-deterministically chosen value.
void set_comment(const irep_idt &comment)
bool property_fatal() const
void set_property_class(const irep_idt &property_class)
const irept::named_subt & get_pragmas() const
void add_pragma(const irep_idt &pragma)
static bool is_built_in(const std::string &s)
std::string as_string() const
void set_function(const irep_idt &function)
Expression to hold a symbol (variable)
const irep_idt & get_identifier() const
class symbol_exprt symbol_expr() const
Produces a symbol_exprt for a symbol.
typet type
Type of symbol.
Semantic type conversion.
static exprt conditional_cast(const exprt &expr, const typet &type)
The type of an expression, extends irept.
Generic base class for unary expressions.
A Boolean expression returning true, iff negation would result in an overflow when applied to the (si...
Fixed-width bit-vector with unsigned binary interpretation.
const constant_exprt & size() const
exprt make_binary(const exprt &expr)
splits an expression with >=3 operands into nested binary expressions
bool has_subexpr(const exprt &expr, const std::function< bool(const exprt &)> &pred)
returns true if the expression has a subexpression that satisfies pred
exprt boolean_negate(const exprt &src)
negate a Boolean expression, possibly removing a not_exprt, and swapping false and true
Deprecated expression utility functions.
bool has_symbol_expr(const exprt &src, const irep_idt &identifier, bool include_bound_symbols)
Returns true if one of the symbol expressions in src has identifier identifier; if include_bound_symb...
API to expression classes for floating-point arithmetic.
void goto_check_c(const irep_idt &function_identifier, goto_functionst::goto_functiont &goto_function, const namespacet &ns, const optionst &options, message_handlert &message_handler)
static exprt implication(exprt lhs, exprt rhs)
#define Forall_goto_program_instructions(it, program)
const std::string & id2string(const irep_idt &d)
Abstract interface to support a programming language.
Field-insensitive, location-sensitive bitvector analysis.
API to expression classes for 'mathematical' expressions.
const quantifier_exprt & to_quantifier_expr(const exprt &expr)
Cast an exprt to a quantifier_exprt.
std::unique_ptr< languaget > get_language_from_mode(const irep_idt &mode)
Get the language corresponding to the given mode.
API to expression classes for Pointers.
const r_or_w_ok_exprt & to_r_or_w_ok_expr(const exprt &expr)
const dereference_exprt & to_dereference_expr(const exprt &expr)
Cast an exprt to a dereference_exprt.
bool can_cast_expr< object_size_exprt >(const exprt &base)
const pointer_typet & to_pointer_type(const typet &type)
Cast a typet to a pointer_typet.
const prophecy_r_or_w_ok_exprt & to_prophecy_r_or_w_ok_expr(const exprt &expr)
const address_of_exprt & to_address_of_expr(const exprt &expr)
Cast an exprt to an address_of_exprt.
bool can_cast_expr< prophecy_r_or_w_ok_exprt >(const exprt &base)
std::optional< exprt > size_of_expr(const typet &type, const namespacet &ns)
std::optional< exprt > member_offset_expr(const member_exprt &member_expr, const namespacet &ns)
std::optional< mp_integer > pointer_offset_size(const typet &type, const namespacet &ns)
Compute the size of a type in bytes, rounding up to full bytes.
exprt pointer_offset(const exprt &pointer)
exprt integer_address(const exprt &pointer)
exprt deallocated(const exprt &pointer, const namespacet &ns)
exprt object_size(const exprt &pointer)
exprt object_upper_bound(const exprt &pointer, const exprt &access_size)
exprt dead_object(const exprt &pointer, const namespacet &ns)
exprt same_object(const exprt &p1, const exprt &p2)
exprt null_object(const exprt &pointer)
exprt object_lower_bound(const exprt &pointer, const exprt &offset)
Various predicates over pointers in programs.
static std::string comment(const rw_set_baset::entryt &entry, bool write)
void remove_skip(goto_programt &goto_program, goto_programt::targett begin, goto_programt::targett end)
remove unnecessary skip statements
exprt simplify_expr(exprt src, const namespacet &ns)
#define CHECK_RETURN(CONDITION)
#define UNREACHABLE
This should be used to mark dead code.
#define DATA_INVARIANT(CONDITION, REASON)
This condition should be used to document that assumptions that are made on goto_functions,...
#define PRECONDITION(CONDITION)
exprt conjunction(const exprt::operandst &op)
1) generates a conjunction for two or more operands 2) for one operand, returns the operand 3) return...
exprt disjunction(const exprt::operandst &op)
1) generates a disjunction for two or more operands 2) for one operand, returns the operand 3) return...
API to expression classes.
const if_exprt & to_if_expr(const exprt &expr)
Cast an exprt to an if_exprt.
const symbol_exprt & to_symbol_expr(const exprt &expr)
Cast an exprt to a symbol_exprt.
const mod_exprt & to_mod_expr(const exprt &expr)
Cast an exprt to a mod_exprt.
const typecast_exprt & to_typecast_expr(const exprt &expr)
Cast an exprt to a typecast_exprt.
const unary_minus_exprt & to_unary_minus_expr(const exprt &expr)
Cast an exprt to a unary_minus_exprt.
const div_exprt & to_div_expr(const exprt &expr)
Cast an exprt to a div_exprt.
const minus_exprt & to_minus_expr(const exprt &expr)
Cast an exprt to a minus_exprt.
const multi_ary_exprt & to_multi_ary_expr(const exprt &expr)
Cast an exprt to a multi_ary_exprt.
const binary_exprt & to_binary_expr(const exprt &expr)
Cast an exprt to a binary_exprt.
const plus_exprt & to_plus_expr(const exprt &expr)
Cast an exprt to a plus_exprt.
const member_exprt & to_member_expr(const exprt &expr)
Cast an exprt to a member_exprt.
const unary_exprt & to_unary_expr(const exprt &expr)
Cast an exprt to a unary_exprt.
const implies_exprt & to_implies_expr(const exprt &expr)
Cast an exprt to a implies_exprt.
const binary_relation_exprt & to_binary_relation_expr(const exprt &expr)
Cast an exprt to a binary_relation_exprt.
const index_exprt & to_index_expr(const exprt &expr)
Cast an exprt to an index_exprt.
const mult_exprt & to_mult_expr(const exprt &expr)
Cast an exprt to a mult_exprt.
const vector_typet & to_vector_type(const typet &type)
Cast a typet to a vector_typet.
const array_typet & to_array_type(const typet &type)
Cast a typet to an array_typet.
enum configt::ansi_ct::c_standardt c_standard
enum configt::cppt::cpp_standardt cpp_standard
conditiont(const exprt &_assertion, const std::string &_description)
bool is_static_lifetime() const
bool is_dynamic_local() const
bool is_dynamic_heap() const
bool is_uninitialized() const
bool is_integer_address() const
1.9.1