139 gcc_version.
get(
"gcc");
161 log.
status() <<
"Adding nondeterministic initialization "
162 "of matching static/global variables"
181 throw "only one of --unwindset and --unwindset-file supported at a "
209 bool unwinding_assertions =
cmdline.
isset(
"unwinding-assertions") ||
214 if(unwinding_assertions)
216 throw "unwinding assertions cannot be used with "
217 "--continue-as-loops";
219 else if(partial_loops)
220 throw "partial loops cannot be used with --continue-as-loops";
226 if(unwinding_assertions)
233 else if(partial_loops)
257 throw "failed to open file "+filename;
264 std::cout << result <<
'\n';
282 std::cout <<
"////\n";
283 std::cout <<
"//// Function: " <<
gf_entry.first <<
'\n';
284 std::cout <<
"////\n\n";
291 std::cout <<
"Is threaded: " << (is_threaded(
i_it)?
"True":
"False")
358 std::cout <<
">>>>\n";
359 std::cout <<
">>>> " <<
gf_entry.first <<
'\n';
360 std::cout <<
">>>>\n";
380 std::cout <<
">>>>\n";
381 std::cout <<
">>>> " <<
gf_entry.first <<
'\n';
382 std::cout <<
">>>>\n";
388 std::cout,
gf_entry.second.body, ns);
407 std::cout <<
">>>>\n";
408 std::cout <<
">>>> " <<
gf_entry.first <<
'\n';
409 std::cout <<
">>>>\n";
686 for(
auto const &
ins :
pair.second.body.instructions)
688 if(
ins.code().is_not_nil())
690 if(
ins.has_condition())
805 call_graph.
output(std::cout);
821 call_graph.
output(std::cout);
869 log.
status() <<
"Removing calls to functions without a body"
934 "Invalid number of positional arguments passed",
936 "goto-instrument needs one input and one output file, aside from other "
1015 if(!result.has_value())
1044 log.
status() <<
"Adding up to " << max_argc <<
" command line arguments"
1187 log.
warning() <<
"**** WARNING: transformed loops will not be unwound "
1188 <<
"after applying loop contracts. Note that transformed "
1189 <<
"loops require at least unwinding bounds 2 to pass "
1199 "Redundant options detected",
1210 std::set<irep_idt> to_replace(
1219 "Mutually exclusive options detected",
1229 bool allow_recursive_calls =
1232 std::set<std::string> to_exclude_from_nondet_static(
1240 to_enforce.empty() ? std::optional<irep_idt>{}
1241 : std::optional<irep_idt>{
to_enforce.front()},
1242 allow_recursive_calls,
1244 loop_contract_config,
1245 to_exclude_from_nondet_static,
1257 std::set<std::string> to_replace(
1265 std::set<std::string> to_exclude_from_nondet_static(
1278 contracts.apply_loop_contracts(to_exclude_from_nondet_static);
1293 else if(
cmdline.
isset(
"remove-const-function-pointers"))
1315 log.
status() <<
"Inlining calls of function '" << function <<
"'"
1336 throw "failed to open file "+filename;
1343 std::cout << result <<
'\n';
1364 log.
status() <<
"Removing calls to functions without a body"
1380 log.
warning() <<
"**** WARNING: Constant propagation as performed by "
1381 "goto-instrument is not expected to be sound. Do not use "
1382 "--constant-propagator if soundness is important for your "
1399 object_factory_parameters,
1421 "not enough arguments for this option",
"--generate-havocing-body"};
1427 object_factory_parameters,
1444 object_factory_parameters,
1464 log.
status() <<
"Adding checks for uninitialized local variables"
1483 log.
status() <<
"Adding nondeterministic initialization "
1484 "of static/global variables except for "
1485 "the specified ones."
1494 log.
status() <<
"Adding nondeterministic initialization "
1495 "of static/global variables"
1504 log.
status() <<
"Slicing away initializations of unused global variables"
1567 const unsigned max_var=
1570 const unsigned max_po_trans=
1576 log.
status() <<
"Adding weak memory (TSO) Instrumentation"
1582 log.
status() <<
"Adding weak memory (PSO) Instrumentation"
1588 log.
status() <<
"Adding weak memory (RMO) Instrumentation"
1592 else if(
mm==
"power")
1594 log.
status() <<
"Adding weak memory (Power) Instrumentation"
1600 log.
error() <<
"Unknown weak memory model '" <<
mm <<
"'"
1675 if(step_case && base_case)
1676 throw "please specify only one of --step-case and --base-case";
1677 else if(!step_case && !base_case)
1678 throw "please specify one of --step-case and --base-case";
1683 throw "please give k>=1";
1685 log.
status() <<
"Instrumenting k-induction for k=" << k <<
", "
1686 << (base_case ?
"base case" :
"step case") <<
messaget::eom;
1752 log.
status() <<
"Performing a function pointer reachability slice"
1769 log.
warning() <<
"**** WARNING: Experimental option --full-slice, "
1770 <<
"analysis results may be unsound. See "
1771 <<
"https://github.com/diffblue/cbmc/issues/260"
1804 log.
status() <<
"Slicing away initializations of unused global variables"
1815 if(
cmdline.
isset(
"aggressive-slice-preserve-function"))
1823 if(
cmdline.
isset(
"aggressive-slice-preserve-functions-containing"))
1828 cmdline.
isset(
"aggressive-slice-preserve-all-direct-paths");
1866 "Usage: \tPurpose:\n"
1868 " {bgoto-instrument} [{y-?}] [{y-h}] [{y--help}] \t show this help\n"
1869 " {bgoto-instrument} {y--version} \t show version and exit\n"
1870 " {bgoto-instrument} [options] {uin} [{uout}] \t perform analysis or"
1871 " instrumentation\n"
1875 " {y--horn} \t print program as constrained horn clauses\n"
1880 " {y--show-symbol-table} \t show loaded symbol table\n"
1881 " {y--list-symbols} \t list symbols with type information\n"
1884 " {y--show-locations} \t show all source locations\n"
1885 " {y--dot} \t generate CFG graph in DOT format\n"
1886 " {y--print-internal-representation} \t show verbose internal"
1887 " representation of the program\n"
1888 " {y--list-undefined-functions} \t list functions without body\n"
1889 " {y--list-calls-args} \t list all function calls with their arguments\n"
1890 " {y--call-graph} \t show graph of function calls\n"
1891 " {y--reachable-call-graph} \t show graph of function calls potentially"
1892 " reachable from main function\n"
1895 " {y--validate-goto-binary} \t check the well-formedness of the passed in"
1896 " goto binary and then exit\n"
1897 " {y--interpreter} \t do concrete execution\n"
1899 "Data-flow analyses:\n"
1900 " {y--show-struct-alignment} \t show struct members that might be"
1901 " concurrently accessed\n"
1902 " {y--show-threaded} \t show instructions that may be executed by more than"
1904 " {y--show-local-safe-pointers} \t show pointer expressions that are"
1905 " trivially dominated by a not-null check\n"
1906 " {y--show-safe-dereferences} \t show pointer expressions that are"
1907 " trivially dominated by a not-null check *and* used as a dereference"
1909 " {y--show-value-sets} \t show points-to information (using value sets)\n"
1910 " {y--show-global-may-alias} \t show may-alias information over globals\n"
1911 " {y--show-local-bitvector-analysis} \t show procedure-local pointer"
1913 " {y--escape-analysis} \t perform escape analysis\n"
1914 " {y--show-escape-analysis} \t show results of escape analysis\n"
1915 " {y--custom-bitvector-analysis} \t perform configurable bitvector"
1917 " {y--show-custom-bitvector-analysis} \t show results of configurable"
1918 " bitvector analysis\n"
1919 " {y--interval-analysis} \t perform interval analysis\n"
1920 " {y--show-intervals} \t show results of interval analysis\n"
1921 " {y--show-uninitialized} \t show maybe-uninitialized variables\n"
1922 " {y--show-points-to} \t show points-to information\n"
1923 " {y--show-rw-set} \t show read-write sets\n"
1924 " {y--show-call-sequences} \t show function call sequences\n"
1925 " {y--show-reaching-definitions} \t show reaching definitions\n"
1926 " {y--show-dependence-graph} \t show program-dependence graph\n"
1927 " {y--show-sese-regions} \t show single-entry-single-exit regions\n"
1930 " {y--no-assertions} \t ignore user assertions\n"
1933 " {y--stack-depth} {un} \t add check that call stack size of non-inlined"
1934 " functions never exceeds {un}\n"
1935 " {y--race-check} \t add floating-point data race checks\n"
1937 "Semantic transformations:\n"
1939 " {y--isr} {ufunction} \t instruments an interrupt service routine\n"
1940 " {y--mmio} \t instruments memory-mapped I/O\n"
1941 " {y--nondet-static} \t add nondeterministic initialization of variables"
1942 " with static lifetime\n"
1943 " {y--nondet-static-exclude} {ue} \t same as nondet-static except for the"
1944 " variable {ue} (use multiple times if required)\n"
1945 " {y--nondet-static-matching} {ur} \t add nondeterministic initialization"
1946 " of variables with static lifetime matching regex {ur}\n"
1947 " {y--function-enter} {uf}, {y--function-exit} {uf}, {y--branch} {uf} \t"
1948 " instruments a call to {uf} at the beginning, the exit, or a branch point,"
1950 " {y--splice-call} {ucaller},{ucallee} \t prepends a call to {ucallee} in"
1951 " the body of {ucaller}\n"
1952 " {y--check-call-sequence} {useq} \t instruments checks to assert that all"
1953 " call sequences match {useq}\n"
1954 " {y--undefined-function-is-assume-false} \t convert each call to an"
1955 " undefined function to assume(false)\n"
1960 " {y--add-library} \t add models of C library functions\n"
1962 " {y--model-argc-argv} {un} \t model up to {un} command line arguments\n"
1963 " {y--remove-function-body} {uf} remove the implementation of function {uf}"
1964 " (may be repeated)\n"
1968 "Semantics-preserving transformations:\n"
1969 " {y--ensure-one-backedge-per-target} \t transform loop bodies such that"
1970 " there is a single edge back to the loop head\n"
1971 " {y--drop-unused-functions} \t drop functions trivially unreachable from"
1974 " {y--constant-propagator} \t propagate constants and simplify"
1976 " {y--inline} \t perform full inlining\n"
1977 " {y--partial-inline} \t perform partial inlining\n"
1978 " {y--function-inline} {ufunction} \t transitively inline all calls"
1979 " {ufunction} makes\n"
1980 " {y--no-caching} \t disable caching of intermediate results during"
1981 " transitive function inlining\n"
1982 " {y--log} {ufile} \t log in JSON format which code segments were inlined,"
1983 " use with {y--function-inline}\n"
1984 " {y--remove-function-pointers} \t replace function pointers by case"
1985 " statement over function calls\n"
1987 " {y--value-set-fi-fp-removal} \t build flow-insensitive value set and"
1988 " replace function pointers by a case statement over the possible"
1989 " assignments. If the set of possible assignments is empty the function"
1990 " pointer is removed using the standard remove-function-pointers pass.\n"
1992 "Loop information and transformations:\n"
1994 " {y--unwindset-file_<file>} \t read unwindset from file\n"
1995 " {y--partial-loops} \t permit paths with partial loops\n"
1996 " {y--unwinding-assertions} \t generate unwinding assertions"
1997 " (enabled by default)\n"
1998 " {y--no-unwinding-assertions} \t do not generate unwinding assertions\n"
1999 " {y--continue-as-loops} \t add loop for remaining iterations after"
2001 " {y--k-induction} {uk} \t check loops with k-induction\n"
2002 " {y--step-case} \t k-induction: do step-case\n"
2003 " {y--base-case} \t k-induction: do base-case\n"
2004 " {y--havoc-loops} \t over-approximate all loops\n"
2005 " {y--accelerate} \t add loop accelerators\n"
2006 " {y--z3} \t use Z3 when computing loop accelerators\n"
2007 " {y--skip-loops {uloop-ids} \t add gotos to skip selected loops during"
2009 " {y--show-lexical-loops} \t show single-entry-single-back-edge loops\n"
2010 " {y--show-natural-loops} \t show natural loop heads\n"
2012 "Memory model instrumentations:\n"
2018 " {y--full-slice} \t slice away instructions that don't affect assertions\n"
2019 " {y--property} {uid} \t slice with respect to specific property only\n"
2020 " {y--slice-global-inits} \t slice away initializations of unused global"
2022 " {y--aggressive-slice} \t remove bodies of any functions not on the"
2023 " shortest path between the start function and the function containing the"
2024 " property/properties\n"
2025 " {y--aggressive-slice-call-depth} {un} \t used with aggressive-slice,"
2026 " preserves all functions within {un} function calls of the functions on"
2027 " the shortest path\n"
2028 " {y--aggressive-slice-preserve-function} {uf} \t force the aggressive"
2029 " slicer to preserve function {uf}\n"
2030 " {y--aggressive-slice-preserve-functions-containing} {uf} \t force the"
2031 " aggressive slicer to preserve all functions with names containing {uf}\n"
2032 " {y--aggressive-slice-preserve-all-direct-paths} \t force aggressive"
2033 " slicer to preserve all direct paths\n"
2045 "User-interface options:\n"
2047 " {y--xml} \t output files in XML where supported\n"
2048 " {y--xml-ui} \t use XML-formatted output\n"
2049 " {y--json-ui} \t use JSON-formatted output\n"
2050 " {y--verbosity} {u#} \t verbosity level\n"
void accelerate_functions(goto_modelt &goto_model, message_handlert &message_handler, bool use_z3, guard_managert &guard_manager)
void add_failed_symbols(symbol_table_baset &symbol_table)
Create a failed-dereference symbol for all symbols in the given table that need one (i....
void print_struct_alignment_problems(const symbol_table_baset &symbol_table, std::ostream &out)
void cprover_c_library_factory(const std::set< irep_idt > &functions, const symbol_table_baset &symbol_table, symbol_table_baset &dest_symbol_table, message_handlert &message_handler)
#define HELP_ANSI_C_LANGUAGE
void branch(goto_modelt &goto_model, const irep_idt &id)
void parse_c_object_factory_options(const cmdlinet &cmdline, optionst &options)
Parse the c object factory parameters from a given command line.
static void list_calls_and_arguments(const namespacet &ns, const goto_programt &goto_program)
void check_call_sequence(const goto_modelt &goto_model)
void show_call_sequences(const irep_idt &caller, const goto_programt &goto_program)
Memory-mapped I/O Instrumentation for Goto Programs.
void show_class_hierarchy(const class_hierarchyt &hierarchy, ui_message_handlert &message_handler, bool children_only)
Output the class hierarchy.
#define HELP_SHOW_CLASS_HIERARCHY
The aggressive slicer removes the body of all the functions except those on the shortest path,...
virtual void output(const namespacet &ns, const irep_idt &function_id, const goto_programt &goto_program, std::ostream &out) const
Output the abstract states for a single function.
ait supplies three of the four components needed: an abstract interpreter (in this case handling func...
A call graph (https://en.wikipedia.org/wiki/Call_graph) for a GOTO model or GOTO functions collection...
void output_dot(std::ostream &out) const
void output(std::ostream &out) const
static call_grapht create_from_root_function(const goto_modelt &model, const irep_idt &root, bool collect_callsites)
void output_xml(std::ostream &out) const
Non-graph-based representation of the class hierarchy.
std::string get_value(char option) const
virtual bool isset(char option) const
std::list< std::string > get_comma_separated_values(const char *option) const
Collect all occurrences of option option and split their values on each comma, merging them into a si...
std::optional< std::string > value_opt(char option) const
const std::list< std::string > & get_values(const std::string &option) const
bool set(const cmdlinet &cmdline)
void set_from_symbol_table(const symbol_table_baset &)
struct configt::ansi_ct ansi_c
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
void get(const std::string &executable)
This is a may analysis (i.e.
void compute_loop_numbers()
function_mapt function_map
static irep_idt entry_point()
Get the identifier of the entry point to a goto model.
void register_languages() override
void help() override
display command line help
void instrument_goto_program()
void do_indirect_call_and_rtti_removal(bool force=false)
bool partial_inlining_done
bool function_pointer_removal_done
void do_partial_inlining()
void do_remove_const_function_pointers_only()
Remove function pointers that can be resolved by analysing const variables (i.e.
int doit() override
invoke main modules
void validate(const validation_modet vm=validation_modet::INVARIANT, const goto_model_validation_optionst &goto_model_validation_options=goto_model_validation_optionst{}) const override
Check that the goto model is well-formed.
symbol_tablet symbol_table
Symbol table.
goto_functionst goto_functions
GOTO functions.
A generic container class for the GOTO intermediate representation of one function.
Thrown when users pass incorrect command line arguments, for example passing no files to analysis or ...
void output(std::ostream &out, const goto_functiont &goto_function, const namespacet &ns) const
A very simple, cheap analysis to determine when dereference operations are trivially guarded by a che...
static unsigned eval_verbosity(const std::string &user_input, const message_levelt default_verbosity, message_handlert &dest)
Parse a (user-)provided string as a verbosity level and set it as the verbosity of dest.
message_handlert & get_message_handler()
mstreamt & warning() const
mstreamt & status() const
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
bool lookup(const irep_idt &name, const symbolt *&symbol) const override
See documentation for namespace_baset::lookup().
bool is_set(const std::string &option) const
N.B. opts.is_set("foo") does not imply opts.get_bool_option("foo")
void set_option(const std::string &option, const bool value)
ui_message_handlert ui_message_handler
Expression to hold a symbol (variable)
typet type
Type of symbol.
irep_idt name
The unique identifier.
virtual uit get_ui() const
void parse_unwind(const std::string &unwind)
void parse_unwindset(const std::list< std::string > &unwindset, abstract_goto_modelt &goto_model, message_handlert &message_handler)
void parse_unwindset_file(const std::string &file_name, abstract_goto_modelt &goto_model, message_handlert &message_handler)
This template class implements a data-flow analysis which keeps track of what values different variab...
void concurrency(value_setst &value_sets, goto_modelt &goto_model)
Encoding for Threaded Goto Programs.
#define HELP_CONFIG_LIBRARY
#define HELP_REPLACE_CALL
#define HELP_DISABLE_SIDE_EFFECT_CHECK
#define FLAG_REPLACE_CALL
#define FLAG_ENFORCE_CONTRACT
#define HELP_LOOP_CONTRACTS
#define FLAG_LOOP_CONTRACTS
#define HELP_LOOP_CONTRACTS_NO_UNWIND
#define HELP_ENFORCE_CONTRACT
#define HELP_LOOP_CONTRACTS_FILE
#define FLAG_DISABLE_SIDE_EFFECT_CHECK
#define FLAG_LOOP_CONTRACTS_NO_UNWIND
void count_eloc(const goto_modelt &goto_model)
void print_global_state_size(const goto_modelt &goto_model)
void print_path_lengths(const goto_modelt &goto_model)
void list_eloc(const goto_modelt &goto_model)
#define HELP_GOTO_PROGRAM_STATS
void cprover_cpp_library_factory(const std::set< irep_idt > &functions, const symbol_table_baset &symbol_table, symbol_table_baset &dest_symbol_table, message_handlert &message_handler)
static void show_goto_functions(const goto_modelt &goto_model)
Field-insensitive, location-sensitive bitvector analysis.
Field-Sensitive Program Dependence Analysis, Litvak et al., FSE 2010.
#define FLAG_ENFORCE_CONTRACT_REC
#define HELP_ENFORCE_CONTRACT_REC
void document_properties_latex(const goto_modelt &goto_model, std::ostream &out)
void document_properties_html(const goto_modelt &goto_model, std::ostream &out)
#define HELP_DOCUMENT_PROPERTIES
void dot(const goto_modelt &src, std::ostream &out)
Dump Goto-Program as DOT Graph.
void dump_cpp(const goto_functionst &src, const bool use_system_headers, const bool use_all_headers, const bool include_harness, const namespacet &ns, std::ostream &out)
void dump_c(const goto_functionst &src, const bool use_system_headers, const bool use_all_headers, const bool include_harness, const namespacet &ns, std::ostream &out)
void dump_c_type_header(const goto_functionst &src, const bool use_system_headers, const bool use_all_headers, const bool include_harness, const namespacet &ns, const std::string module, std::ostream &out)
bool ensure_one_backedge_per_target(goto_programt::targett &it, goto_programt &goto_program)
Ensure one backedge per target.
Field-insensitive, location-sensitive, over-approximative escape analysis.
Document and give macros for the exit codes of CPROVER binaries.
#define CPROVER_EXIT_CONVERSION_FAILED
Failure to convert / write to another format.
#define CPROVER_EXIT_INTERNAL_ERROR
An error has been encountered during processing the requested analysis.
#define CPROVER_EXIT_USAGE_ERROR
A usage error is returned when the command line is invalid or conflicting.
#define CPROVER_EXIT_SUCCESS
Success indicates the required analysis has been performed without error.
void property_slicer(goto_functionst &goto_functions, const namespacet &ns, const std::list< std::string > &properties, message_handlert &message_handler)
void full_slicer(goto_functionst &goto_functions, const namespacet &ns, const slicing_criteriont &criterion, message_handlert &message_handler)
void function_exit(goto_modelt &goto_model, const irep_idt &id)
void function_enter(goto_modelt &goto_model, const irep_idt &id)
Function Entering and Exiting.
void configure_gcc(const gcc_versiont &gcc_version)
std::unique_ptr< generate_function_bodiest > generate_function_bodies_factory(const std::string &options, const c_object_factory_parameterst &object_factory_parameters, const symbol_tablet &symbol_table, message_handlert &message_handler)
Create the type that actually generates the functions.
void generate_function_bodies(const std::regex &functions_regex, const generate_function_bodiest &generate_function_body, goto_modelt &model, message_handlert &message_handler, bool ignore_no_match)
Generate function bodies with some default behavior: assert-false, assume-false, assert-false-assume-...
#define HELP_REPLACE_FUNCTION_BODY
Field-insensitive, location-sensitive, over-approximative escape analysis.
static void transform_assertions_assumptions(goto_programt &goto_program, bool enable_assertions, bool enable_built_in_assertions, bool enable_assumptions)
Checks for Errors in C and Java Programs.
void goto_check_c(const irep_idt &function_identifier, goto_functionst::goto_functiont &goto_function, const namespacet &ns, const optionst &options, message_handlert &message_handler)
#define PARSE_OPTIONS_GOTO_CHECK(cmdline, options)
void goto_inline(goto_modelt &goto_model, message_handlert &message_handler, bool adjust_function)
Inline every function call into the entry_point() function.
void goto_function_inline(goto_modelt &goto_model, const irep_idt function, message_handlert &message_handler, bool adjust_function, bool caching)
Transitively inline all function calls made from a particular function.
void goto_partial_inline(goto_modelt &goto_model, message_handlert &message_handler, unsigned smallfunc_limit, bool adjust_function)
Inline all function calls to functions either marked as "inlined" or smaller than smallfunc_limit (by...
jsont goto_function_inline_and_log(goto_modelt &goto_model, const irep_idt function, message_handlert &message_handler, bool adjust_function, bool caching)
Function Inlining This gives a number of different interfaces to the function inlining functionality ...
#define forall_goto_program_instructions(it, program)
void remove_pointers(goto_modelt &goto_model, value_setst &value_sets, message_handlert &message_handler)
Remove dereferences in all expressions contained in the program goto_model.
#define HELP_REMOVE_POINTERS
void dfcc(const optionst &options, goto_modelt &goto_model, const irep_idt &harness_id, const std::optional< irep_idt > &to_check, const bool allow_recursive_calls, const std::set< irep_idt > &to_replace, const loop_contract_configt loop_contract_config, const std::set< std::string > &to_exclude_from_nondet_static, message_handlert &message_handler)
Applies function contracts transformation to GOTO model, using the dynamic frame condition checking a...
void havoc_loops(goto_modelt &goto_model)
void horn_encoding(const goto_modelt &goto_model, std::ostream &out)
bool insert_final_assert_false(goto_modelt &goto_model, const std::string &function_to_instrument, message_handlert &message_handler)
Transform a goto program by inserting assert(false) at the end of a given function function_to_instru...
Insert final assert false into a function.
#define HELP_INSERT_FINAL_ASSERT_FALSE
void interpreter(const goto_modelt &goto_model, message_handlert &message_handler)
Interpreter for GOTO Programs.
static void interrupt(value_setst &value_sets, const symbol_tablet &symbol_table, const irep_idt &function_id, goto_programt &goto_program, const symbol_exprt &interrupt_handler, const rw_set_baset &isr_rw_set, message_handlert &message_handler)
Interrupt Instrumentation for Goto Programs.
void interval_analysis(goto_modelt &goto_model)
Initialises the abstract interpretation over interval domain and instruments instructions using inter...
Over-approximate Concurrency for Threaded Goto Programs.
void k_induction(goto_modelt &goto_model, bool base_case, bool step_case, unsigned k)
void label_function_pointer_call_sites(goto_modelt &goto_model)
This ensures that call instructions can be only one of two things:
Label function pointer call sites across a goto model.
Compute lexical loops in a goto_function.
void show_lexical_loops(const goto_modelt &goto_model, std::ostream &out)
void link_to_library(goto_modelt &goto_model, message_handlert &message_handler, const std::function< void(const std::set< irep_idt > &, const symbol_tablet &, symbol_tablet &, message_handlert &)> &library)
Complete missing function definitions using the library.
Field-insensitive, location-sensitive bitvector analysis.
Local safe pointer analysis.
void show_loop_ids(ui_message_handlert::uit ui, const goto_modelt &goto_model)
void mm_io(symbol_tablet &symbol_table, goto_functionst &goto_functions, message_handlert &message_handler)
Perform Memory-mapped I/O instrumentation.
static void mmio(value_setst &value_sets, const symbol_tablet &symbol_table, const irep_idt &function_id, goto_programt &goto_program, message_handlert &message_handler)
Memory-mapped I/O Instrumentation for Goto Programs.
bool model_argc_argv(goto_modelt &goto_model, unsigned max_argc, message_handlert &message_handler)
Set up argv with up to max_argc pointers into an array of 4096 bytes.
Initialize command line arguments.
Compute natural loops in a goto_function.
void show_natural_loops(const goto_modelt &goto_model, std::ostream &out)
void nondet_static_matching(goto_modelt &goto_model, const std::string ®ex)
Nondeterministically initializes global scope variables that match the given regex.
static void nondet_static(const namespacet &ns, goto_modelt &goto_model, const irep_idt &fct_name)
Nondeterministically initializes global scope variables in a goto-function.
Nondeterministically initializes global scope variables, except for constants (such as string literal...
void parse_nondet_volatile_options(const cmdlinet &cmdline, optionst &options)
void nondet_volatile(goto_modelt &goto_model, const optionst &options)
Havoc reads from volatile expressions, if enabled in the options.
#define HELP_NONDET_VOLATILE
void parameter_assignments(symbol_table_baset &symbol_table, goto_functionst &goto_functions)
removes returns
Add parameter assignments.
std::string align_center_with_border(const std::string &text)
Utility for displaying help centered messages borderered by "* *".
std::string banner_string(const std::string &front_end, const std::string &version)
Field-sensitive, location-insensitive points-to analysis.
static void race_check(value_setst &value_sets, symbol_table_baset &symbol_table, const irep_idt &function_id, goto_programt &goto_program, w_guardst &w_guards, message_handlert &message_handler)
Race Detection for Threaded Goto Programs.
void reachability_slicer(goto_modelt &goto_model, const bool include_forward_reachability, message_handlert &message_handler)
Perform reachability slicing on goto_model, with respect to the criterion given by all properties.
void function_path_reachability_slicer(goto_modelt &goto_model, const std::list< std::string > &functions_list, message_handlert &message_handler)
Perform reachability slicing on goto_model for selected functions.
#define HELP_FP_REACHABILITY_SLICER
#define HELP_REACHABILITY_SLICER
Range-based reaching definitions analysis (following Field- Sensitive Program Dependence Analysis,...
static bool read_goto_binary(const std::string &filename, symbol_tablet &, goto_functionst &, message_handlert &)
Read a goto binary from a file, but do not update config.
void remove_asm(goto_functionst &goto_functions, symbol_tablet &symbol_table, message_handlert &message_handler)
Replaces inline assembly instructions in the goto program (i.e., instructions of kind OTHER with a co...
bool has_asm(const goto_functionst &goto_functions)
returns true iff the given goto functions use asm instructions
Remove 'asm' statements by compiling them into suitable standard goto program instructions.
Remove calls to functions without a body.
#define HELP_REMOVE_CALLS_NO_BODY
#define HELP_REMOVE_CONST_FUNCTION_POINTERS
void remove_functions(goto_modelt &goto_model, const std::list< std::string > &names, message_handlert &message_handler)
Remove the body of all functions listed in "names" such that an analysis will treat it as a side-effe...
Remove function definition.
void remove_function_pointers(message_handlert &_message_handler, goto_modelt &goto_model, bool only_remove_const_fps)
Remove Indirect Function Calls.
void restore_returns(goto_modelt &goto_model)
restores return statements
void remove_returns(symbol_table_baset &symbol_table, goto_functionst &goto_functions)
removes returns
Replace function returns by assignments to global variables.
void remove_skip(goto_programt &goto_program, goto_programt::targett begin, goto_programt::targett end)
remove unnecessary skip statements
void remove_unused_functions(goto_modelt &goto_model, message_handlert &message_handler)
void remove_virtual_functions(symbol_table_baset &symbol_table, goto_functionst &goto_functions)
Remove virtual function calls from all functions in the specified list and replace them with their mo...
Functions for replacing virtual function call with a static function calls in functions,...
#define HELP_REPLACE_CALLS
void parse_function_pointer_restriction_options_from_cmdline(const cmdlinet &cmdline, optionst &options)
void restrict_function_pointers(message_handlert &message_handler, goto_modelt &goto_model, const optionst &options)
Apply function pointer restrictions to a goto_model.
Given goto functions and a list of function parameters or globals that are function pointers with lis...
#define RESTRICT_FUNCTION_POINTER_OPT
#define RESTRICT_FUNCTION_POINTER_FROM_FILE_OPT
#define HELP_RESTRICT_FUNCTION_POINTER
#define RESTRICT_FUNCTION_POINTER_BY_NAME_OPT
static std::optional< exprt > rewrite_rw_ok(exprt expr, const namespacet &ns)
Rewrite r/w/rw_ok expressions to ones including prophecy variables recording the state.
void rewrite_union(exprt &expr)
We rewrite u.c for unions u into byte_extract(u, 0), and { .c = v } into byte_update(NIL,...
Race Detection for Threaded Goto Programs.
Single-entry, single-exit region analysis.
void label_properties(goto_modelt &goto_model)
Set the properties to check.
#define HELP_SHOW_GOTO_FUNCTIONS
void show_locations(ui_message_handlert::uit ui, const irep_idt function_id, const goto_programt &goto_program)
void show_properties(const namespacet &ns, const irep_idt &identifier, message_handlert &message_handler, ui_message_handlert::uit ui, const goto_programt &goto_program)
#define HELP_SHOW_PROPERTIES
void show_symbol_table(const symbol_table_baset &symbol_table, ui_message_handlert &ui)
void show_symbol_table_brief(const symbol_table_baset &symbol_table, ui_message_handlert &ui)
void show_value_sets(ui_message_handlert::uit ui, const goto_modelt &goto_model, const value_set_analysist &value_set_analysis)
static bool skip_loops(goto_programt &goto_program, const loop_idst &loop_ids, messaget &message)
Skip over selected loops by adding gotos.
void slice_global_inits(goto_modelt &goto_model, message_handlert &message_handler)
Remove initialization of global variables that are not used in any function reachable from the entry ...
Remove initializations of unused global variables.
bool splice_call(goto_functionst &goto_functions, const std::string &callercallee, const symbol_table_baset &symbol_table, message_handlert &message_handler)
Harnessing for goto functions.
#define CHECK_RETURN(CONDITION)
#define PRECONDITION(CONDITION)
static void stack_depth(goto_programt &goto_program, const symbol_exprt &symbol, const std::size_t i_depth, const exprt &max_depth)
unsigned safe_string2unsigned(const std::string &str, int base)
unsigned unsafe_string2unsigned(const std::string &str, int base)
std::size_t safe_string2size_t(const std::string &str, int base)
void string_abstraction(goto_modelt &goto_model, message_handlert &message_handler)
void split_string(const std::string &s, char delim, std::vector< std::string > &result, bool strip, bool remove_empty)
This is unused by this implementation of guards, but can be used by other implementations of the same...
Loop contract configurations.
void thread_exit_instrumentation(goto_programt &goto_program)
void mutex_init_instrumentation(const symbol_tablet &symbol_table, goto_programt &goto_program, typet lock_type)
void list_undefined_functions(const goto_modelt &goto_model, std::ostream &os)
void undefined_function_abort_path(goto_modelt &goto_model)
Handling of functions without body.
#define widen_if_needed(s)
void add_uninitialized_locals_assertions(goto_modelt &goto_model)
void show_uninitialized(const goto_modelt &goto_model, std::ostream &out)
#define HELP_UNINITIALIZED_CHECK
void value_set_fi_fp_removal(goto_modelt &goto_model, message_handlert &message_handler)
Builds the flow-insensitive value set for all function pointers and replaces function pointers with a...
flow insensitive value set function pointer removal
const char * CBMC_VERSION
void weak_memory(memory_modelt model, value_setst &value_sets, goto_modelt &goto_model, bool SCC, instrumentation_strategyt event_strategy, bool no_cfg_kill, bool no_dependencies, loop_strategyt duplicate_body, unsigned input_max_var, unsigned input_max_po_trans, bool render_po, bool render_file, bool render_function, bool cav11_option, bool hide_internals, message_handlert &message_handler, bool ignore_arrays)
instrumentation_strategyt
static void write_goto_binary(std::ostream &out, const symbol_table_baset &symbol_table, const goto_functionst &goto_functions, irep_serializationt &irepconverter)
Writes a goto program to disc, using goto binary format.
1.9.8