139 gcc_version.
get(
"gcc");
144 const bool validate_only =
cmdline.
isset(
"validate-goto-binary");
146 if(validate_only ||
cmdline.
isset(
"validate-goto-model"))
161 log.
status() <<
"Adding nondeterministic initialization "
162 "of matching static/global variables"
178 bool unwindset_file_given=
cmdline.
isset(
"unwindset-file");
180 if(unwindset_given && unwindset_file_given)
181 throw "only one of --unwindset and --unwindset-file supported at a "
184 if(unwind_given || unwindset_given || unwindset_file_given)
191 if(unwindset_file_given)
193 unwindset.parse_unwindset_file(
199 unwindset.parse_unwindset(
204 bool continue_as_loops=
cmdline.
isset(
"continue-as-loops");
206 bool unwinding_assertions =
cmdline.
isset(
"unwinding-assertions") ||
207 (!continue_as_loops && !partial_loops &&
209 if(continue_as_loops)
211 if(unwinding_assertions)
213 throw "unwinding assertions cannot be used with "
214 "--continue-as-loops";
216 else if(partial_loops)
217 throw "partial loops cannot be used with --continue-as-loops";
223 if(unwinding_assertions)
230 else if(partial_loops)
234 else if(continue_as_loops)
240 goto_unwind(
goto_model, unwindset, unwind_strategy);
245 bool have_file=!filename.empty() && filename!=
"-";
254 throw "failed to open file "+filename;
261 std::cout << result <<
'\n';
279 std::cout <<
"////\n";
280 std::cout <<
"//// Function: " << gf_entry.first <<
'\n';
281 std::cout <<
"////\n\n";
287 i_it->output(std::cout);
288 std::cout <<
"Is threaded: " << (is_threaded(i_it)?
"True":
"False")
355 std::cout <<
">>>>\n";
356 std::cout <<
">>>> " << gf_entry.first <<
'\n';
357 std::cout <<
">>>>\n";
358 local_bitvector_analysis.
output(std::cout, gf_entry.second, ns);
376 local_safe_pointers(gf_entry.second.body);
377 std::cout <<
">>>>\n";
378 std::cout <<
">>>> " << gf_entry.first <<
'\n';
379 std::cout <<
">>>>\n";
381 local_safe_pointers.
output(std::cout, gf_entry.second.body, ns);
385 std::cout, gf_entry.second.body, ns);
403 sese_region_analysis(gf_entry.second.body);
404 std::cout <<
">>>>\n";
405 std::cout <<
">>>> " << gf_entry.first <<
'\n';
406 std::cout <<
">>>>\n";
407 sese_region_analysis.
output(std::cout, gf_entry.second.body, ns);
475 custom_bitvector_analysis.
check(
495 points_to.
output(std::cout);
683 for(
auto const &ins : pair.second.body.instructions)
685 if(ins.code().is_not_nil())
687 if(ins.has_condition())
689 log.
status() <<
"[guard] " << ins.condition().pretty()
729 const bool is_header =
cmdline.
isset(
"dump-c-type-header");
802 call_graph.
output(std::cout);
818 call_graph.
output(std::cout);
866 log.
status() <<
"Removing calls to functions without a body"
931 "Invalid number of positional arguments passed",
933 "goto-instrument needs one input and one output file, aside from other "
1012 if(!result.has_value())
1041 log.
status() <<
"Adding up to " << max_argc <<
" command line arguments"
1184 log.
warning() <<
"**** WARNING: transformed loops will not be unwound "
1185 <<
"after applying loop contracts. Note that transformed "
1186 <<
"loops require at least unwinding bounds 2 to pass "
1196 "Redundant options detected",
1207 std::set<irep_idt> to_replace(
1216 "Mutually exclusive options detected",
1226 bool allow_recursive_calls =
1229 std::set<std::string> to_exclude_from_nondet_static(
1237 to_enforce.
empty() ? std::optional<irep_idt>{}
1238 : std::optional<irep_idt>{to_enforce.front()},
1239 allow_recursive_calls,
1241 loop_contract_config,
1242 to_exclude_from_nondet_static,
1254 std::set<std::string> to_replace(
1258 std::set<std::string> to_enforce(
1262 std::set<std::string> to_exclude_from_nondet_static(
1290 else if(
cmdline.
isset(
"remove-const-function-pointers"))
1312 log.
status() <<
"Inlining calls of function '" <<
function <<
"'"
1323 bool have_file=!filename.empty() && filename!=
"-";
1333 throw "failed to open file "+filename;
1340 std::cout << result <<
'\n';
1361 log.
status() <<
"Removing calls to functions without a body"
1377 log.
warning() <<
"**** WARNING: Constant propagation as performed by "
1378 "goto-instrument is not expected to be sound. Do not use "
1379 "--constant-propagator if soundness is important for your "
1392 c_object_factory_options);
1396 object_factory_parameters,
1401 *generate_implementation,
1411 c_object_factory_options);
1413 auto options_split =
1415 if(options_split.size() < 2)
1417 "not enough arguments for this option",
"--generate-havocing-body"};
1419 if(options_split.size() == 2)
1422 std::string{
"havoc,"} + options_split.back(),
1423 object_factory_parameters,
1427 std::regex(options_split[0]),
1428 *generate_implementation,
1435 for(
size_t i = 1; i + 1 < options_split.size(); i += 2)
1438 std::string{
"havoc,"} + options_split[i + 1],
1439 object_factory_parameters,
1445 *generate_implementation,
1459 log.
status() <<
"Adding checks for uninitialized local variables"
1478 log.
status() <<
"Adding nondeterministic initialization "
1479 "of static/global variables except for "
1480 "the specified ones."
1482 std::set<std::string> to_exclude(
1489 log.
status() <<
"Adding nondeterministic initialization "
1490 "of static/global variables"
1499 log.
status() <<
"Slicing away initializations of unused global variables"
1562 const unsigned max_var=
1565 const unsigned max_po_trans=
1571 log.
status() <<
"Adding weak memory (TSO) Instrumentation"
1577 log.
status() <<
"Adding weak memory (PSO) Instrumentation"
1583 log.
status() <<
"Adding weak memory (RMO) Instrumentation"
1587 else if(mm==
"power")
1589 log.
status() <<
"Adding weak memory (Power) Instrumentation"
1595 log.
error() <<
"Unknown weak memory model '" << mm <<
"'"
1670 if(step_case && base_case)
1671 throw "please specify only one of --step-case and --base-case";
1672 else if(!step_case && !base_case)
1673 throw "please specify one of --step-case and --base-case";
1678 throw "please give k>=1";
1680 log.
status() <<
"Instrumenting k-induction for k=" << k <<
", "
1681 << (base_case ?
"base case" :
"step case") <<
messaget::eom;
1747 log.
status() <<
"Performing a function pointer reachability slice"
1764 log.
warning() <<
"**** WARNING: Experimental option --full-slice, "
1765 <<
"analysis results may be unsound. See "
1766 <<
"https://github.com/diffblue/cbmc/issues/260"
1799 log.
status() <<
"Slicing away initializations of unused global variables"
1810 if(
cmdline.
isset(
"aggressive-slice-preserve-function"))
1818 if(
cmdline.
isset(
"aggressive-slice-preserve-functions-containing"))
1823 cmdline.
isset(
"aggressive-slice-preserve-all-direct-paths");
1825 aggressive_slicer.
doit();
1861 "Usage: \tPurpose:\n"
1863 " {bgoto-instrument} [{y-?}] [{y-h}] [{y--help}] \t show this help\n"
1864 " {bgoto-instrument} {y--version} \t show version and exit\n"
1865 " {bgoto-instrument} [options] {uin} [{uout}] \t perform analysis or"
1866 " instrumentation\n"
1870 " {y--horn} \t print program as constrained horn clauses\n"
1875 " {y--show-symbol-table} \t show loaded symbol table\n"
1876 " {y--list-symbols} \t list symbols with type information\n"
1879 " {y--show-locations} \t show all source locations\n"
1880 " {y--dot} \t generate CFG graph in DOT format\n"
1881 " {y--print-internal-representation} \t show verbose internal"
1882 " representation of the program\n"
1883 " {y--list-undefined-functions} \t list functions without body\n"
1884 " {y--list-calls-args} \t list all function calls with their arguments\n"
1885 " {y--call-graph} \t show graph of function calls\n"
1886 " {y--reachable-call-graph} \t show graph of function calls potentially"
1887 " reachable from main function\n"
1890 " {y--validate-goto-binary} \t check the well-formedness of the passed in"
1891 " goto binary and then exit\n"
1892 " {y--interpreter} \t do concrete execution\n"
1894 "Data-flow analyses:\n"
1895 " {y--show-struct-alignment} \t show struct members that might be"
1896 " concurrently accessed\n"
1897 " {y--show-threaded} \t show instructions that may be executed by more than"
1899 " {y--show-local-safe-pointers} \t show pointer expressions that are"
1900 " trivially dominated by a not-null check\n"
1901 " {y--show-safe-dereferences} \t show pointer expressions that are"
1902 " trivially dominated by a not-null check *and* used as a dereference"
1904 " {y--show-value-sets} \t show points-to information (using value sets)\n"
1905 " {y--show-global-may-alias} \t show may-alias information over globals\n"
1906 " {y--show-local-bitvector-analysis} \t show procedure-local pointer"
1908 " {y--escape-analysis} \t perform escape analysis\n"
1909 " {y--show-escape-analysis} \t show results of escape analysis\n"
1910 " {y--custom-bitvector-analysis} \t perform configurable bitvector"
1912 " {y--show-custom-bitvector-analysis} \t show results of configurable"
1913 " bitvector analysis\n"
1914 " {y--interval-analysis} \t perform interval analysis\n"
1915 " {y--show-intervals} \t show results of interval analysis\n"
1916 " {y--show-uninitialized} \t show maybe-uninitialized variables\n"
1917 " {y--show-points-to} \t show points-to information\n"
1918 " {y--show-rw-set} \t show read-write sets\n"
1919 " {y--show-call-sequences} \t show function call sequences\n"
1920 " {y--show-reaching-definitions} \t show reaching definitions\n"
1921 " {y--show-dependence-graph} \t show program-dependence graph\n"
1922 " {y--show-sese-regions} \t show single-entry-single-exit regions\n"
1925 " {y--no-assertions} \t ignore user assertions\n"
1928 " {y--stack-depth} {un} \t add check that call stack size of non-inlined"
1929 " functions never exceeds {un}\n"
1930 " {y--race-check} \t add floating-point data race checks\n"
1932 "Semantic transformations:\n"
1934 " {y--isr} {ufunction} \t instruments an interrupt service routine\n"
1935 " {y--mmio} \t instruments memory-mapped I/O\n"
1936 " {y--nondet-static} \t add nondeterministic initialization of variables"
1937 " with static lifetime\n"
1938 " {y--nondet-static-exclude} {ue} \t same as nondet-static except for the"
1939 " variable {ue} (use multiple times if required)\n"
1940 " {y--nondet-static-matching} {ur} \t add nondeterministic initialization"
1941 " of variables with static lifetime matching regex {ur}\n"
1942 " {y--function-enter} {uf}, {y--function-exit} {uf}, {y--branch} {uf} \t"
1943 " instruments a call to {uf} at the beginning, the exit, or a branch point,"
1945 " {y--splice-call} {ucaller},{ucallee} \t prepends a call to {ucallee} in"
1946 " the body of {ucaller}\n"
1947 " {y--check-call-sequence} {useq} \t instruments checks to assert that all"
1948 " call sequences match {useq}\n"
1949 " {y--undefined-function-is-assume-false} \t convert each call to an"
1950 " undefined function to assume(false)\n"
1955 " {y--add-library} \t add models of C library functions\n"
1957 " {y--model-argc-argv} {un} \t model up to {un} command line arguments\n"
1958 " {y--remove-function-body} {uf} remove the implementation of function {uf}"
1959 " (may be repeated)\n"
1963 "Semantics-preserving transformations:\n"
1964 " {y--ensure-one-backedge-per-target} \t transform loop bodies such that"
1965 " there is a single edge back to the loop head\n"
1966 " {y--drop-unused-functions} \t drop functions trivially unreachable from"
1969 " {y--constant-propagator} \t propagate constants and simplify"
1971 " {y--inline} \t perform full inlining\n"
1972 " {y--partial-inline} \t perform partial inlining\n"
1973 " {y--function-inline} {ufunction} \t transitively inline all calls"
1974 " {ufunction} makes\n"
1975 " {y--no-caching} \t disable caching of intermediate results during"
1976 " transitive function inlining\n"
1977 " {y--log} {ufile} \t log in JSON format which code segments were inlined,"
1978 " use with {y--function-inline}\n"
1979 " {y--remove-function-pointers} \t replace function pointers by case"
1980 " statement over function calls\n"
1982 " {y--value-set-fi-fp-removal} \t build flow-insensitive value set and"
1983 " replace function pointers by a case statement over the possible"
1984 " assignments. If the set of possible assignments is empty the function"
1985 " pointer is removed using the standard remove-function-pointers pass.\n"
1987 "Loop information and transformations:\n"
1989 " {y--unwindset-file_<file>} \t read unwindset from file\n"
1990 " {y--partial-loops} \t permit paths with partial loops\n"
1991 " {y--unwinding-assertions} \t generate unwinding assertions"
1992 " (enabled by default)\n"
1993 " {y--no-unwinding-assertions} \t do not generate unwinding assertions\n"
1994 " {y--continue-as-loops} \t add loop for remaining iterations after"
1996 " {y--k-induction} {uk} \t check loops with k-induction\n"
1997 " {y--step-case} \t k-induction: do step-case\n"
1998 " {y--base-case} \t k-induction: do base-case\n"
1999 " {y--havoc-loops} \t over-approximate all loops\n"
2000 " {y--accelerate} \t add loop accelerators\n"
2001 " {y--z3} \t use Z3 when computing loop accelerators\n"
2002 " {y--skip-loops {uloop-ids} \t add gotos to skip selected loops during"
2004 " {y--show-lexical-loops} \t show single-entry-single-back-edge loops\n"
2005 " {y--show-natural-loops} \t show natural loop heads\n"
2007 "Memory model instrumentations:\n"
2013 " {y--full-slice} \t slice away instructions that don't affect assertions\n"
2014 " {y--property} {uid} \t slice with respect to specific property only\n"
2015 " {y--slice-global-inits} \t slice away initializations of unused global"
2017 " {y--aggressive-slice} \t remove bodies of any functions not on the"
2018 " shortest path between the start function and the function containing the"
2019 " property/properties\n"
2020 " {y--aggressive-slice-call-depth} {un} \t used with aggressive-slice,"
2021 " preserves all functions within {un} function calls of the functions on"
2022 " the shortest path\n"
2023 " {y--aggressive-slice-preserve-function} {uf} \t force the aggressive"
2024 " slicer to preserve function {uf}\n"
2025 " {y--aggressive-slice-preserve-functions-containing} {uf} \t force the"
2026 " aggressive slicer to preserve all functions with names containing {uf}\n"
2027 " {y--aggressive-slice-preserve-all-direct-paths} \t force aggressive"
2028 " slicer to preserve all direct paths\n"
2040 "User-interface options:\n"
2042 " {y--xml} \t output files in XML where supported\n"
2043 " {y--xml-ui} \t use XML-formatted output\n"
2044 " {y--json-ui} \t use JSON-formatted output\n"
2045 " {y--verbosity} {u#} \t verbosity level\n"
void accelerate_functions(goto_modelt &goto_model, message_handlert &message_handler, bool use_z3, guard_managert &guard_manager)
void add_failed_symbols(symbol_table_baset &symbol_table)
Create a failed-dereference symbol for all symbols in the given table that need one (i....
void print_struct_alignment_problems(const symbol_table_baset &symbol_table, std::ostream &out)
void cprover_c_library_factory(const std::set< irep_idt > &functions, const symbol_table_baset &symbol_table, symbol_table_baset &dest_symbol_table, message_handlert &message_handler)
#define HELP_ANSI_C_LANGUAGE
void branch(goto_modelt &goto_model, const irep_idt &id)
void parse_c_object_factory_options(const cmdlinet &cmdline, optionst &options)
Parse the c object factory parameters from a given command line.
static void list_calls_and_arguments(const namespacet &ns, const goto_programt &goto_program)
void check_call_sequence(const goto_modelt &goto_model)
void show_call_sequences(const irep_idt &caller, const goto_programt &goto_program)
Memory-mapped I/O Instrumentation for Goto Programs.
void show_class_hierarchy(const class_hierarchyt &hierarchy, ui_message_handlert &message_handler, bool children_only)
Output the class hierarchy.
#define HELP_SHOW_CLASS_HIERARCHY
The aggressive slicer removes the body of all the functions except those on the shortest path,...
std::list< std::string > user_specified_properties
void doit()
Removes the body of all functions except those on the shortest path or functions that are reachable f...
std::list< std::string > name_snippets
void preserve_functions(const std::list< std::string > &function_list)
Adds a list of functions to the set of functions for the aggressive slicer to preserve.
bool preserve_all_direct_paths
virtual void output(const namespacet &ns, const irep_idt &function_id, const goto_programt &goto_program, std::ostream &out) const
Output the abstract states for a single function.
ait supplies three of the four components needed: an abstract interpreter (in this case handling func...
A call graph (https://en.wikipedia.org/wiki/Call_graph) for a GOTO model or GOTO functions collection...
void output_dot(std::ostream &out) const
void output(std::ostream &out) const
static call_grapht create_from_root_function(const goto_modelt &model, const irep_idt &root, bool collect_callsites)
void output_xml(std::ostream &out) const
Non-graph-based representation of the class hierarchy.
void output_dot(std::ostream &) const
Output class hierarchy in Graphviz DOT format.
std::string get_value(char option) const
virtual bool isset(char option) const
std::list< std::string > get_comma_separated_values(const char *option) const
Collect all occurrences of option option and split their values on each comma, merging them into a si...
const std::list< std::string > & get_values(const std::string &option) const
void apply_loop_contracts(const std::set< std::string > &to_exclude_from_nondet_init={})
Applies loop contract transformations.
void enforce_contracts(const std::set< std::string > &to_enforce, const std::set< std::string > &to_exclude_from_nondet_init={})
Turn requires & ensures into assumptions and assertions for each of the named functions.
void replace_calls(const std::set< std::string > &to_replace)
Replace all calls to each function in the to_replace set with that function's contract.
bool set(const cmdlinet &cmdline)
void set_from_symbol_table(const symbol_table_baset &)
struct configt::ansi_ct ansi_c
void check(const goto_modelt &, bool xml, std::ostream &)
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
void instrument(goto_modelt &)
void get(const std::string &executable)
This is a may analysis (i.e.
void compute_loop_numbers()
function_mapt function_map
static irep_idt entry_point()
Get the identifier of the entry point to a goto model.
void register_languages() override
void help() override
display command line help
void instrument_goto_program()
void do_indirect_call_and_rtti_removal(bool force=false)
bool partial_inlining_done
bool function_pointer_removal_done
void do_partial_inlining()
void do_remove_const_function_pointers_only()
Remove function pointers that can be resolved by analysing const variables (i.e.
int doit() override
invoke main modules
void validate(const validation_modet vm=validation_modet::INVARIANT, const goto_model_validation_optionst &goto_model_validation_options=goto_model_validation_optionst{}) const override
Check that the goto model is well-formed.
symbol_tablet symbol_table
Symbol table.
goto_functionst goto_functions
GOTO functions.
A generic container class for the GOTO intermediate representation of one function.
jsont output_log_json() const
void output_dot(std::ostream &out) const
Thrown when users pass incorrect command line arguments, for example passing no files to analysis or ...
void output(std::ostream &out, const goto_functiont &goto_function, const namespacet &ns) const
A very simple, cheap analysis to determine when dereference operations are trivially guarded by a che...
void output_safe_dereferences(std::ostream &stream, const goto_programt &program, const namespacet &ns)
Output safely dereferenced expressions per instruction in human-readable format.
void output(std::ostream &stream, const goto_programt &program, const namespacet &ns)
Output non-null expressions per instruction in human-readable format.
static unsigned eval_verbosity(const std::string &user_input, const message_levelt default_verbosity, message_handlert &dest)
Parse a (user-)provided string as a verbosity level and set it as the verbosity of dest.
mstreamt & warning() const
mstreamt & status() const
message_handlert & get_message_handler()
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
bool lookup(const irep_idt &name, const symbolt *&symbol) const override
See documentation for namespace_baset::lookup().
bool is_set(const std::string &option) const
N.B. opts.is_set("foo") does not imply opts.get_bool_option("foo")
void set_option(const std::string &option, const bool value)
ui_message_handlert ui_message_handler
void output(std::ostream &out) const
void output(std::ostream &out, const goto_programt &goto_program, const namespacet &ns) const
Expression to hold a symbol (variable)
typet type
Type of symbol.
irep_idt name
The unique identifier.
virtual uit get_ui() const
This template class implements a data-flow analysis which keeps track of what values different variab...
void concurrency(value_setst &value_sets, goto_modelt &goto_model)
Encoding for Threaded Goto Programs.
#define HELP_CONFIG_LIBRARY
#define HELP_REPLACE_CALL
#define HELP_DISABLE_SIDE_EFFECT_CHECK
#define FLAG_REPLACE_CALL
#define FLAG_ENFORCE_CONTRACT
#define HELP_LOOP_CONTRACTS
#define FLAG_LOOP_CONTRACTS
#define HELP_LOOP_CONTRACTS_NO_UNWIND
#define HELP_ENFORCE_CONTRACT
#define HELP_LOOP_CONTRACTS_FILE
#define FLAG_DISABLE_SIDE_EFFECT_CHECK
#define FLAG_LOOP_CONTRACTS_NO_UNWIND
void count_eloc(const goto_modelt &goto_model)
void print_global_state_size(const goto_modelt &goto_model)
void print_path_lengths(const goto_modelt &goto_model)
void list_eloc(const goto_modelt &goto_model)
#define HELP_GOTO_PROGRAM_STATS
void cprover_cpp_library_factory(const std::set< irep_idt > &functions, const symbol_table_baset &symbol_table, symbol_table_baset &dest_symbol_table, message_handlert &message_handler)
static void show_goto_functions(const goto_modelt &goto_model)
Field-insensitive, location-sensitive bitvector analysis.
Field-Sensitive Program Dependence Analysis, Litvak et al., FSE 2010.
#define FLAG_ENFORCE_CONTRACT_REC
#define HELP_ENFORCE_CONTRACT_REC
void document_properties_latex(const goto_modelt &goto_model, std::ostream &out)
void document_properties_html(const goto_modelt &goto_model, std::ostream &out)
#define HELP_DOCUMENT_PROPERTIES
void dot(const goto_modelt &src, std::ostream &out)
Dump Goto-Program as DOT Graph.
void dump_cpp(const goto_functionst &src, const bool use_system_headers, const bool use_all_headers, const bool include_harness, const namespacet &ns, std::ostream &out)
void dump_c(const goto_functionst &src, const bool use_system_headers, const bool use_all_headers, const bool include_harness, const namespacet &ns, std::ostream &out)
void dump_c_type_header(const goto_functionst &src, const bool use_system_headers, const bool use_all_headers, const bool include_harness, const namespacet &ns, const std::string module, std::ostream &out)
bool ensure_one_backedge_per_target(goto_programt::targett &it, goto_programt &goto_program)
Ensure one backedge per target.
Field-insensitive, location-sensitive, over-approximative escape analysis.
Document and give macros for the exit codes of CPROVER binaries.
#define CPROVER_EXIT_CONVERSION_FAILED
Failure to convert / write to another format.
#define CPROVER_EXIT_INTERNAL_ERROR
An error has been encountered during processing the requested analysis.
#define CPROVER_EXIT_USAGE_ERROR
A usage error is returned when the command line is invalid or conflicting.
#define CPROVER_EXIT_SUCCESS
Success indicates the required analysis has been performed without error.
void property_slicer(goto_functionst &goto_functions, const namespacet &ns, const std::list< std::string > &properties, message_handlert &message_handler)
void full_slicer(goto_functionst &goto_functions, const namespacet &ns, const slicing_criteriont &criterion, message_handlert &message_handler)
void function_exit(goto_modelt &goto_model, const irep_idt &id)
void function_enter(goto_modelt &goto_model, const irep_idt &id)
Function Entering and Exiting.
void configure_gcc(const gcc_versiont &gcc_version)
std::unique_ptr< generate_function_bodiest > generate_function_bodies_factory(const std::string &options, const c_object_factory_parameterst &object_factory_parameters, const symbol_tablet &symbol_table, message_handlert &message_handler)
Create the type that actually generates the functions.
void generate_function_bodies(const std::regex &functions_regex, const generate_function_bodiest &generate_function_body, goto_modelt &model, message_handlert &message_handler)
Generate function bodies with some default behavior: assert-false, assume-false, assert-false-assume-...
#define HELP_REPLACE_FUNCTION_BODY
Field-insensitive, location-sensitive, over-approximative escape analysis.
static void transform_assertions_assumptions(goto_programt &goto_program, bool enable_assertions, bool enable_built_in_assertions, bool enable_assumptions)
Checks for Errors in C and Java Programs.
void goto_check_c(const irep_idt &function_identifier, goto_functionst::goto_functiont &goto_function, const namespacet &ns, const optionst &options, message_handlert &message_handler)
#define PARSE_OPTIONS_GOTO_CHECK(cmdline, options)
void goto_inline(goto_modelt &goto_model, message_handlert &message_handler, bool adjust_function)
Inline every function call into the entry_point() function.
void goto_function_inline(goto_modelt &goto_model, const irep_idt function, message_handlert &message_handler, bool adjust_function, bool caching)
Transitively inline all function calls made from a particular function.
void goto_partial_inline(goto_modelt &goto_model, message_handlert &message_handler, unsigned smallfunc_limit, bool adjust_function)
Inline all function calls to functions either marked as "inlined" or smaller than smallfunc_limit (by...
jsont goto_function_inline_and_log(goto_modelt &goto_model, const irep_idt function, message_handlert &message_handler, bool adjust_function, bool caching)
Function Inlining This gives a number of different interfaces to the function inlining functionality ...
#define forall_goto_program_instructions(it, program)
void remove_pointers(goto_modelt &goto_model, value_setst &value_sets, message_handlert &message_handler)
Remove dereferences in all expressions contained in the program goto_model.
#define HELP_REMOVE_POINTERS
void dfcc(const optionst &options, goto_modelt &goto_model, const irep_idt &harness_id, const std::optional< irep_idt > &to_check, const bool allow_recursive_calls, const std::set< irep_idt > &to_replace, const loop_contract_configt loop_contract_config, const std::set< std::string > &to_exclude_from_nondet_static, message_handlert &message_handler)
Applies function contracts transformation to GOTO model, using the dynamic frame condition checking a...
void havoc_loops(goto_modelt &goto_model)
void horn_encoding(const goto_modelt &goto_model, std::ostream &out)
bool insert_final_assert_false(goto_modelt &goto_model, const std::string &function_to_instrument, message_handlert &message_handler)
Transform a goto program by inserting assert(false) at the end of a given function function_to_instru...
Insert final assert false into a function.
#define HELP_INSERT_FINAL_ASSERT_FALSE
void interpreter(const goto_modelt &goto_model, message_handlert &message_handler)
Interpreter for GOTO Programs.
static void interrupt(value_setst &value_sets, const symbol_tablet &symbol_table, const irep_idt &function_id, goto_programt &goto_program, const symbol_exprt &interrupt_handler, const rw_set_baset &isr_rw_set, message_handlert &message_handler)
Interrupt Instrumentation for Goto Programs.
void interval_analysis(goto_modelt &goto_model)
Initialises the abstract interpretation over interval domain and instruments instructions using inter...
Over-approximate Concurrency for Threaded Goto Programs.
void k_induction(goto_modelt &goto_model, bool base_case, bool step_case, unsigned k)
void label_function_pointer_call_sites(goto_modelt &goto_model)
This ensures that call instructions can be only one of two things:
Label function pointer call sites across a goto model.
Compute lexical loops in a goto_function.
void show_lexical_loops(const goto_modelt &goto_model, std::ostream &out)
void link_to_library(goto_modelt &goto_model, message_handlert &message_handler, const std::function< void(const std::set< irep_idt > &, const symbol_tablet &, symbol_tablet &, message_handlert &)> &library)
Complete missing function definitions using the library.
Field-insensitive, location-sensitive bitvector analysis.
Local safe pointer analysis.
void show_loop_ids(ui_message_handlert::uit ui, const goto_modelt &goto_model)
void mm_io(symbol_tablet &symbol_table, goto_functionst &goto_functions, message_handlert &message_handler)
Perform Memory-mapped I/O instrumentation.
static void mmio(value_setst &value_sets, const symbol_tablet &symbol_table, const irep_idt &function_id, goto_programt &goto_program, message_handlert &message_handler)
Memory-mapped I/O Instrumentation for Goto Programs.
bool model_argc_argv(goto_modelt &goto_model, unsigned max_argc, message_handlert &message_handler)
Set up argv with up to max_argc pointers into an array of 4096 bytes.
Initialize command line arguments.
Compute natural loops in a goto_function.
void show_natural_loops(const goto_modelt &goto_model, std::ostream &out)
void nondet_static_matching(goto_modelt &goto_model, const std::string ®ex)
Nondeterministically initializes global scope variables that match the given regex.
static void nondet_static(const namespacet &ns, goto_modelt &goto_model, const irep_idt &fct_name)
Nondeterministically initializes global scope variables in a goto-function.
Nondeterministically initializes global scope variables, except for constants (such as string literal...
void parse_nondet_volatile_options(const cmdlinet &cmdline, optionst &options)
void nondet_volatile(goto_modelt &goto_model, const optionst &options)
Havoc reads from volatile expressions, if enabled in the options.
#define HELP_NONDET_VOLATILE
void parameter_assignments(symbol_table_baset &symbol_table, goto_functionst &goto_functions)
removes returns
Add parameter assignments.
std::string align_center_with_border(const std::string &text)
Utility for displaying help centered messages borderered by "* *".
std::string banner_string(const std::string &front_end, const std::string &version)
Field-sensitive, location-insensitive points-to analysis.
static void race_check(value_setst &value_sets, symbol_table_baset &symbol_table, const irep_idt &function_id, goto_programt &goto_program, w_guardst &w_guards, message_handlert &message_handler)
Race Detection for Threaded Goto Programs.
void reachability_slicer(goto_modelt &goto_model, const bool include_forward_reachability, message_handlert &message_handler)
Perform reachability slicing on goto_model, with respect to the criterion given by all properties.
void function_path_reachability_slicer(goto_modelt &goto_model, const std::list< std::string > &functions_list, message_handlert &message_handler)
Perform reachability slicing on goto_model for selected functions.
#define HELP_FP_REACHABILITY_SLICER
#define HELP_REACHABILITY_SLICER
Range-based reaching definitions analysis (following Field- Sensitive Program Dependence Analysis,...
static bool read_goto_binary(const std::string &filename, symbol_tablet &, goto_functionst &, message_handlert &)
Read a goto binary from a file, but do not update config.
void remove_asm(goto_functionst &goto_functions, symbol_tablet &symbol_table, message_handlert &message_handler)
Replaces inline assembly instructions in the goto program (i.e., instructions of kind OTHER with a co...
bool has_asm(const goto_functionst &goto_functions)
returns true iff the given goto functions use asm instructions
Remove 'asm' statements by compiling them into suitable standard goto program instructions.
Remove calls to functions without a body.
#define HELP_REMOVE_CALLS_NO_BODY
#define HELP_REMOVE_CONST_FUNCTION_POINTERS
void remove_functions(goto_modelt &goto_model, const std::list< std::string > &names, message_handlert &message_handler)
Remove the body of all functions listed in "names" such that an analysis will treat it as a side-effe...
Remove function definition.
void remove_function_pointers(message_handlert &_message_handler, goto_modelt &goto_model, bool only_remove_const_fps)
Remove Indirect Function Calls.
void restore_returns(goto_modelt &goto_model)
restores return statements
void remove_returns(symbol_table_baset &symbol_table, goto_functionst &goto_functions)
removes returns
Replace function returns by assignments to global variables.
void remove_skip(goto_programt &goto_program, goto_programt::targett begin, goto_programt::targett end)
remove unnecessary skip statements
void remove_unused_functions(goto_modelt &goto_model, message_handlert &message_handler)
void remove_virtual_functions(symbol_table_baset &symbol_table, goto_functionst &goto_functions)
Remove virtual function calls from all functions in the specified list and replace them with their mo...
Functions for replacing virtual function call with a static function calls in functions,...
#define HELP_REPLACE_CALLS
void parse_function_pointer_restriction_options_from_cmdline(const cmdlinet &cmdline, optionst &options)
void restrict_function_pointers(message_handlert &message_handler, goto_modelt &goto_model, const optionst &options)
Apply function pointer restrictions to a goto_model.
Given goto functions and a list of function parameters or globals that are function pointers with lis...
#define RESTRICT_FUNCTION_POINTER_OPT
#define RESTRICT_FUNCTION_POINTER_FROM_FILE_OPT
#define HELP_RESTRICT_FUNCTION_POINTER
#define RESTRICT_FUNCTION_POINTER_BY_NAME_OPT
static std::optional< exprt > rewrite_rw_ok(exprt expr, const namespacet &ns)
Rewrite r/w/rw_ok expressions to ones including prophecy variables recording the state.
void rewrite_union(exprt &expr)
We rewrite u.c for unions u into byte_extract(u, 0), and { .c = v } into byte_update(NIL,...
Race Detection for Threaded Goto Programs.
Single-entry, single-exit region analysis.
void label_properties(goto_modelt &goto_model)
Set the properties to check.
#define HELP_SHOW_GOTO_FUNCTIONS
void show_locations(ui_message_handlert::uit ui, const irep_idt function_id, const goto_programt &goto_program)
void show_properties(const namespacet &ns, const irep_idt &identifier, message_handlert &message_handler, ui_message_handlert::uit ui, const goto_programt &goto_program)
#define HELP_SHOW_PROPERTIES
void show_symbol_table(const symbol_table_baset &symbol_table, ui_message_handlert &ui)
void show_symbol_table_brief(const symbol_table_baset &symbol_table, ui_message_handlert &ui)
void show_value_sets(ui_message_handlert::uit ui, const goto_modelt &goto_model, const value_set_analysist &value_set_analysis)
static bool skip_loops(goto_programt &goto_program, const loop_idst &loop_ids, messaget &message)
Skip over selected loops by adding gotos.
void slice_global_inits(goto_modelt &goto_model, message_handlert &message_handler)
Remove initialization of global variables that are not used in any function reachable from the entry ...
Remove initializations of unused global variables.
bool splice_call(goto_functionst &goto_functions, const std::string &callercallee, const symbol_table_baset &symbol_table, message_handlert &message_handler)
Harnessing for goto functions.
#define CHECK_RETURN(CONDITION)
#define PRECONDITION(CONDITION)
static void stack_depth(goto_programt &goto_program, const symbol_exprt &symbol, const std::size_t i_depth, const exprt &max_depth)
unsigned safe_string2unsigned(const std::string &str, int base)
unsigned unsafe_string2unsigned(const std::string &str, int base)
std::size_t safe_string2size_t(const std::string &str, int base)
void string_abstraction(goto_modelt &goto_model, message_handlert &message_handler)
void split_string(const std::string &s, char delim, std::vector< std::string > &result, bool strip, bool remove_empty)
std::list< std::string > defines
preprocessort preprocessor
This is unused by this implementation of guards, but can be used by other implementations of the same...
Loop contract configurations.
void thread_exit_instrumentation(goto_programt &goto_program)
void mutex_init_instrumentation(const symbol_tablet &symbol_table, goto_programt &goto_program, typet lock_type)
void list_undefined_functions(const goto_modelt &goto_model, std::ostream &os)
void undefined_function_abort_path(goto_modelt &goto_model)
Handling of functions without body.
#define widen_if_needed(s)
void add_uninitialized_locals_assertions(goto_modelt &goto_model)
void show_uninitialized(const goto_modelt &goto_model, std::ostream &out)
#define HELP_UNINITIALIZED_CHECK
void value_set_fi_fp_removal(goto_modelt &goto_model, message_handlert &message_handler)
Builds the flow-insensitive value set for all function pointers and replaces function pointers with a...
flow insensitive value set function pointer removal
const char * CBMC_VERSION
void weak_memory(memory_modelt model, value_setst &value_sets, goto_modelt &goto_model, bool SCC, instrumentation_strategyt event_strategy, bool no_cfg_kill, bool no_dependencies, loop_strategyt duplicate_body, unsigned input_max_var, unsigned input_max_po_trans, bool render_po, bool render_file, bool render_function, bool cav11_option, bool hide_internals, message_handlert &message_handler, bool ignore_arrays)
instrumentation_strategyt
static void write_goto_binary(std::ostream &out, const symbol_table_baset &symbol_table, const goto_functionst &goto_functions, irep_serializationt &irepconverter)
Writes a goto program to disc, using goto binary format.
1.9.1