139 gcc_version.
get(
"gcc");
161 log.
status() <<
"Adding nondeterministic initialization "
162 "of matching static/global variables"
181 throw "only one of --unwindset and --unwindset-file supported at a "
209 bool unwinding_assertions =
cmdline.
isset(
"unwinding-assertions") ||
214 if(unwinding_assertions)
216 throw "unwinding assertions cannot be used with "
217 "--continue-as-loops";
219 else if(partial_loops)
220 throw "partial loops cannot be used with --continue-as-loops";
226 if(unwinding_assertions)
233 else if(partial_loops)
257 throw "failed to open file "+filename;
264 std::cout << result <<
'\n';
282 std::cout <<
"////\n";
283 std::cout <<
"//// Function: " <<
gf_entry.first <<
'\n';
284 std::cout <<
"////\n\n";
291 std::cout <<
"Is threaded: " << (is_threaded(
i_it)?
"True":
"False")
358 std::cout <<
">>>>\n";
359 std::cout <<
">>>> " <<
gf_entry.first <<
'\n';
360 std::cout <<
">>>>\n";
380 std::cout <<
">>>>\n";
381 std::cout <<
">>>> " <<
gf_entry.first <<
'\n';
382 std::cout <<
">>>>\n";
388 std::cout,
gf_entry.second.body, ns);
407 std::cout <<
">>>>\n";
408 std::cout <<
">>>> " <<
gf_entry.first <<
'\n';
409 std::cout <<
">>>>\n";
686 for(
auto const &
ins :
pair.second.body.instructions)
688 if(
ins.code().is_not_nil())
690 if(
ins.has_condition())
805 call_graph.
output(std::cout);
821 call_graph.
output(std::cout);
869 log.
status() <<
"Removing calls to functions without a body"
934 "Invalid number of positional arguments passed",
936 "goto-instrument needs one input and one output file, aside from other "
1015 if(!result.has_value())
1044 log.
status() <<
"Adding up to " << max_argc <<
" command line arguments"
1195 log.
warning() <<
"**** WARNING: transformed loops will not be unwound "
1196 <<
"after applying loop contracts. Note that transformed "
1197 <<
"loops require at least unwinding bounds 2 to pass "
1207 "Redundant options detected",
1218 std::set<irep_idt> to_replace(
1227 "Mutually exclusive options detected",
1237 bool allow_recursive_calls =
1240 std::set<std::string> to_exclude_from_nondet_static(
1248 to_enforce.empty() ? std::optional<irep_idt>{}
1249 : std::optional<irep_idt>{
to_enforce.front()},
1250 allow_recursive_calls,
1252 loop_contract_config,
1253 to_exclude_from_nondet_static,
1265 std::set<std::string> to_replace(
1273 std::set<std::string> to_exclude_from_nondet_static(
1286 contracts.apply_loop_contracts(to_exclude_from_nondet_static);
1301 else if(
cmdline.
isset(
"remove-const-function-pointers"))
1323 log.
status() <<
"Inlining calls of function '" << function <<
"'"
1344 throw "failed to open file "+filename;
1351 std::cout << result <<
'\n';
1372 log.
status() <<
"Removing calls to functions without a body"
1388 log.
warning() <<
"**** WARNING: Constant propagation as performed by "
1389 "goto-instrument is not expected to be sound. Do not use "
1390 "--constant-propagator if soundness is important for your "
1407 object_factory_parameters,
1429 "not enough arguments for this option",
"--generate-havocing-body"};
1435 object_factory_parameters,
1452 object_factory_parameters,
1472 log.
status() <<
"Adding checks for uninitialized local variables"
1491 log.
status() <<
"Adding nondeterministic initialization "
1492 "of static/global variables except for "
1493 "the specified ones."
1502 log.
status() <<
"Adding nondeterministic initialization "
1503 "of static/global variables"
1512 log.
status() <<
"Slicing away initializations of unused global variables"
1575 const unsigned max_var=
1578 const unsigned max_po_trans=
1584 log.
status() <<
"Adding weak memory (TSO) Instrumentation"
1590 log.
status() <<
"Adding weak memory (PSO) Instrumentation"
1596 log.
status() <<
"Adding weak memory (RMO) Instrumentation"
1600 else if(
mm==
"power")
1602 log.
status() <<
"Adding weak memory (Power) Instrumentation"
1608 log.
error() <<
"Unknown weak memory model '" <<
mm <<
"'"
1683 if(step_case && base_case)
1684 throw "please specify only one of --step-case and --base-case";
1685 else if(!step_case && !base_case)
1686 throw "please specify one of --step-case and --base-case";
1691 throw "please give k>=1";
1693 log.
status() <<
"Instrumenting k-induction for k=" << k <<
", "
1694 << (base_case ?
"base case" :
"step case") <<
messaget::eom;
1760 log.
status() <<
"Performing a function pointer reachability slice"
1777 log.
warning() <<
"**** WARNING: Experimental option --full-slice, "
1778 <<
"analysis results may be unsound. See "
1779 <<
"https://github.com/diffblue/cbmc/issues/260"
1812 log.
status() <<
"Slicing away initializations of unused global variables"
1823 if(
cmdline.
isset(
"aggressive-slice-preserve-function"))
1831 if(
cmdline.
isset(
"aggressive-slice-preserve-functions-containing"))
1836 cmdline.
isset(
"aggressive-slice-preserve-all-direct-paths");
1874 "Usage: \tPurpose:\n"
1876 " {bgoto-instrument} [{y-?}] [{y-h}] [{y--help}] \t show this help\n"
1877 " {bgoto-instrument} {y--version} \t show version and exit\n"
1878 " {bgoto-instrument} [options] {uin} [{uout}] \t perform analysis or"
1879 " instrumentation\n"
1883 " {y--horn} \t print program as constrained horn clauses\n"
1888 " {y--show-symbol-table} \t show loaded symbol table\n"
1889 " {y--list-symbols} \t list symbols with type information\n"
1892 " {y--show-locations} \t show all source locations\n"
1893 " {y--dot} \t generate CFG graph in DOT format\n"
1894 " {y--print-internal-representation} \t show verbose internal"
1895 " representation of the program\n"
1896 " {y--list-undefined-functions} \t list functions without body\n"
1897 " {y--list-calls-args} \t list all function calls with their arguments\n"
1898 " {y--call-graph} \t show graph of function calls\n"
1899 " {y--reachable-call-graph} \t show graph of function calls potentially"
1900 " reachable from main function\n"
1903 " {y--validate-goto-binary} \t check the well-formedness of the passed in"
1904 " goto binary and then exit\n"
1905 " {y--interpreter} \t do concrete execution\n"
1907 "Data-flow analyses:\n"
1908 " {y--show-struct-alignment} \t show struct members that might be"
1909 " concurrently accessed\n"
1910 " {y--show-threaded} \t show instructions that may be executed by more than"
1912 " {y--show-local-safe-pointers} \t show pointer expressions that are"
1913 " trivially dominated by a not-null check\n"
1914 " {y--show-safe-dereferences} \t show pointer expressions that are"
1915 " trivially dominated by a not-null check *and* used as a dereference"
1917 " {y--show-value-sets} \t show points-to information (using value sets)\n"
1918 " {y--show-global-may-alias} \t show may-alias information over globals\n"
1919 " {y--show-local-bitvector-analysis} \t show procedure-local pointer"
1921 " {y--escape-analysis} \t perform escape analysis\n"
1922 " {y--show-escape-analysis} \t show results of escape analysis\n"
1923 " {y--custom-bitvector-analysis} \t perform configurable bitvector"
1925 " {y--show-custom-bitvector-analysis} \t show results of configurable"
1926 " bitvector analysis\n"
1927 " {y--interval-analysis} \t perform interval analysis\n"
1928 " {y--show-intervals} \t show results of interval analysis\n"
1929 " {y--show-uninitialized} \t show maybe-uninitialized variables\n"
1930 " {y--show-points-to} \t show points-to information\n"
1931 " {y--show-rw-set} \t show read-write sets\n"
1932 " {y--show-call-sequences} \t show function call sequences\n"
1933 " {y--show-reaching-definitions} \t show reaching definitions\n"
1934 " {y--show-dependence-graph} \t show program-dependence graph\n"
1935 " {y--show-sese-regions} \t show single-entry-single-exit regions\n"
1938 " {y--no-assertions} \t ignore user assertions\n"
1941 " {y--stack-depth} {un} \t add check that call stack size of non-inlined"
1942 " functions never exceeds {un}\n"
1943 " {y--race-check} \t add floating-point data race checks\n"
1945 "Semantic transformations:\n"
1947 " {y--isr} {ufunction} \t instruments an interrupt service routine\n"
1948 " {y--mmio} \t instruments memory-mapped I/O\n"
1949 " {y--nondet-static} \t add nondeterministic initialization of variables"
1950 " with static lifetime\n"
1951 " {y--nondet-static-exclude} {ue} \t same as nondet-static except for the"
1952 " variable {ue} (use multiple times if required)\n"
1953 " {y--nondet-static-matching} {ur} \t add nondeterministic initialization"
1954 " of variables with static lifetime matching regex {ur}\n"
1955 " {y--function-enter} {uf}, {y--function-exit} {uf}, {y--branch} {uf} \t"
1956 " instruments a call to {uf} at the beginning, the exit, or a branch point,"
1958 " {y--splice-call} {ucaller},{ucallee} \t prepends a call to {ucallee} in"
1959 " the body of {ucaller}\n"
1960 " {y--check-call-sequence} {useq} \t instruments checks to assert that all"
1961 " call sequences match {useq}\n"
1962 " {y--undefined-function-is-assume-false} \t convert each call to an"
1963 " undefined function to assume(false)\n"
1968 " {y--add-library} \t add models of C library functions\n"
1970 " {y--model-argc-argv} {un} \t model up to {un} command line arguments\n"
1971 " {y--remove-function-body} {uf} \t remove the implementation of function"
1972 " {uf} (may be repeated)\n"
1973 " {y--remove-function-body-regex} {uregex} \t remove the implementation of"
1974 " functions matching regular expression {uregex}\n"
1978 "Semantics-preserving transformations:\n"
1979 " {y--ensure-one-backedge-per-target} \t transform loop bodies such that"
1980 " there is a single edge back to the loop head\n"
1981 " {y--drop-unused-functions} \t drop functions trivially unreachable from"
1984 " {y--constant-propagator} \t propagate constants and simplify"
1986 " {y--inline} \t perform full inlining\n"
1987 " {y--partial-inline} \t perform partial inlining\n"
1988 " {y--function-inline} {ufunction} \t transitively inline all calls"
1989 " {ufunction} makes\n"
1990 " {y--no-caching} \t disable caching of intermediate results during"
1991 " transitive function inlining\n"
1992 " {y--log} {ufile} \t log in JSON format which code segments were inlined,"
1993 " use with {y--function-inline}\n"
1994 " {y--remove-function-pointers} \t replace function pointers by case"
1995 " statement over function calls\n"
1997 " {y--value-set-fi-fp-removal} \t build flow-insensitive value set and"
1998 " replace function pointers by a case statement over the possible"
1999 " assignments. If the set of possible assignments is empty the function"
2000 " pointer is removed using the standard remove-function-pointers pass.\n"
2002 "Loop information and transformations:\n"
2004 " {y--unwindset-file_<file>} \t read unwindset from file\n"
2005 " {y--partial-loops} \t permit paths with partial loops\n"
2006 " {y--unwinding-assertions} \t generate unwinding assertions"
2007 " (enabled by default)\n"
2008 " {y--no-unwinding-assertions} \t do not generate unwinding assertions\n"
2009 " {y--continue-as-loops} \t add loop for remaining iterations after"
2011 " {y--k-induction} {uk} \t check loops with k-induction\n"
2012 " {y--step-case} \t k-induction: do step-case\n"
2013 " {y--base-case} \t k-induction: do base-case\n"
2014 " {y--havoc-loops} \t over-approximate all loops\n"
2015 " {y--accelerate} \t add loop accelerators\n"
2016 " {y--z3} \t use Z3 when computing loop accelerators\n"
2017 " {y--skip-loops {uloop-ids} \t add gotos to skip selected loops during"
2019 " {y--show-lexical-loops} \t show single-entry-single-back-edge loops\n"
2020 " {y--show-natural-loops} \t show natural loop heads\n"
2022 "Memory model instrumentations:\n"
2028 " {y--full-slice} \t slice away instructions that don't affect assertions\n"
2029 " {y--property} {uid} \t slice with respect to specific property only\n"
2030 " {y--slice-global-inits} \t slice away initializations of unused global"
2032 " {y--aggressive-slice} \t remove bodies of any functions not on the"
2033 " shortest path between the start function and the function containing the"
2034 " property/properties\n"
2035 " {y--aggressive-slice-call-depth} {un} \t used with aggressive-slice,"
2036 " preserves all functions within {un} function calls of the functions on"
2037 " the shortest path\n"
2038 " {y--aggressive-slice-preserve-function} {uf} \t force the aggressive"
2039 " slicer to preserve function {uf}\n"
2040 " {y--aggressive-slice-preserve-functions-containing} {uf} \t force the"
2041 " aggressive slicer to preserve all functions with names containing {uf}\n"
2042 " {y--aggressive-slice-preserve-all-direct-paths} \t force aggressive"
2043 " slicer to preserve all direct paths\n"
2055 "User-interface options:\n"
2057 " {y--xml} \t output files in XML where supported\n"
2058 " {y--xml-ui} \t use XML-formatted output\n"
2059 " {y--json-ui} \t use JSON-formatted output\n"
2060 " {y--verbosity} {u#} \t verbosity level\n"
void accelerate_functions(goto_modelt &goto_model, message_handlert &message_handler, bool use_z3, guard_managert &guard_manager)
void add_failed_symbols(symbol_table_baset &symbol_table)
Create a failed-dereference symbol for all symbols in the given table that need one (i....
void print_struct_alignment_problems(const symbol_table_baset &symbol_table, std::ostream &out)
void cprover_c_library_factory(const std::set< irep_idt > &functions, const symbol_table_baset &symbol_table, symbol_table_baset &dest_symbol_table, message_handlert &message_handler)
#define HELP_ANSI_C_LANGUAGE
void branch(goto_modelt &goto_model, const irep_idt &id)
void parse_c_object_factory_options(const cmdlinet &cmdline, optionst &options)
Parse the c object factory parameters from a given command line.
static void list_calls_and_arguments(const namespacet &ns, const goto_programt &goto_program)
void check_call_sequence(const goto_modelt &goto_model)
void show_call_sequences(const irep_idt &caller, const goto_programt &goto_program)
Memory-mapped I/O Instrumentation for Goto Programs.
void show_class_hierarchy(const class_hierarchyt &hierarchy, ui_message_handlert &message_handler, bool children_only)
Output the class hierarchy.
#define HELP_SHOW_CLASS_HIERARCHY
The aggressive slicer removes the body of all the functions except those on the shortest path,...
virtual void output(const namespacet &ns, const irep_idt &function_id, const goto_programt &goto_program, std::ostream &out) const
Output the abstract states for a single function.
ait supplies three of the four components needed: an abstract interpreter (in this case handling func...
A call graph (https://en.wikipedia.org/wiki/Call_graph) for a GOTO model or GOTO functions collection...
void output_dot(std::ostream &out) const
void output(std::ostream &out) const
static call_grapht create_from_root_function(const goto_modelt &model, const irep_idt &root, bool collect_callsites)
void output_xml(std::ostream &out) const
Non-graph-based representation of the class hierarchy.
std::string get_value(char option) const
virtual bool isset(char option) const
std::list< std::string > get_comma_separated_values(const char *option) const
Collect all occurrences of option option and split their values on each comma, merging them into a si...
std::optional< std::string > value_opt(char option) const
const std::list< std::string > & get_values(const std::string &option) const
bool set(const cmdlinet &cmdline)
void set_from_symbol_table(const symbol_table_baset &)
struct configt::ansi_ct ansi_c
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
void get(const std::string &executable)
This is a may analysis (i.e.
void compute_loop_numbers()
function_mapt function_map
static irep_idt entry_point()
Get the identifier of the entry point to a goto model.
void register_languages() override
void help() override
display command line help
void instrument_goto_program()
void do_indirect_call_and_rtti_removal(bool force=false)
bool partial_inlining_done
bool function_pointer_removal_done
void do_partial_inlining()
void do_remove_const_function_pointers_only()
Remove function pointers that can be resolved by analysing const variables (i.e.
int doit() override
invoke main modules
void validate(const validation_modet vm=validation_modet::INVARIANT, const goto_model_validation_optionst &goto_model_validation_options=goto_model_validation_optionst{}) const override
Check that the goto model is well-formed.
symbol_tablet symbol_table
Symbol table.
goto_functionst goto_functions
GOTO functions.
A generic container class for the GOTO intermediate representation of one function.
Thrown when users pass incorrect command line arguments, for example passing no files to analysis or ...
void output(std::ostream &out, const goto_functiont &goto_function, const namespacet &ns) const
A very simple, cheap analysis to determine when dereference operations are trivially guarded by a che...
static unsigned eval_verbosity(const std::string &user_input, const message_levelt default_verbosity, message_handlert &dest)
Parse a (user-)provided string as a verbosity level and set it as the verbosity of dest.
message_handlert & get_message_handler()
mstreamt & warning() const
mstreamt & status() const
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
bool lookup(const irep_idt &name, const symbolt *&symbol) const override
See documentation for namespace_baset::lookup().
bool is_set(const std::string &option) const
N.B. opts.is_set("foo") does not imply opts.get_bool_option("foo")
void set_option(const std::string &option, const bool value)
ui_message_handlert ui_message_handler
Expression to hold a symbol (variable)
typet type
Type of symbol.
irep_idt name
The unique identifier.
virtual uit get_ui() const
void parse_unwind(const std::string &unwind)
void parse_unwindset(const std::list< std::string > &unwindset, abstract_goto_modelt &goto_model, message_handlert &message_handler)
void parse_unwindset_file(const std::string &file_name, abstract_goto_modelt &goto_model, message_handlert &message_handler)
This template class implements a data-flow analysis which keeps track of what values different variab...
void concurrency(value_setst &value_sets, goto_modelt &goto_model)
Encoding for Threaded Goto Programs.
#define HELP_CONFIG_LIBRARY
#define HELP_REPLACE_CALL
#define HELP_DISABLE_SIDE_EFFECT_CHECK
#define FLAG_REPLACE_CALL
#define FLAG_ENFORCE_CONTRACT
#define HELP_LOOP_CONTRACTS
#define FLAG_LOOP_CONTRACTS
#define HELP_LOOP_CONTRACTS_NO_UNWIND
#define HELP_ENFORCE_CONTRACT
#define HELP_LOOP_CONTRACTS_FILE
#define FLAG_DISABLE_SIDE_EFFECT_CHECK
#define FLAG_LOOP_CONTRACTS_NO_UNWIND
void count_eloc(const goto_modelt &goto_model)
void print_global_state_size(const goto_modelt &goto_model)
void print_path_lengths(const goto_modelt &goto_model)
void list_eloc(const goto_modelt &goto_model)
#define HELP_GOTO_PROGRAM_STATS
void cprover_cpp_library_factory(const std::set< irep_idt > &functions, const symbol_table_baset &symbol_table, symbol_table_baset &dest_symbol_table, message_handlert &message_handler)
static void show_goto_functions(const goto_modelt &goto_model)
Field-insensitive, location-sensitive bitvector analysis.
Field-Sensitive Program Dependence Analysis, Litvak et al., FSE 2010.
#define FLAG_ENFORCE_CONTRACT_REC
#define HELP_ENFORCE_CONTRACT_REC
void document_properties_latex(const goto_modelt &goto_model, std::ostream &out)
void document_properties_html(const goto_modelt &goto_model, std::ostream &out)
#define HELP_DOCUMENT_PROPERTIES
void dot(const goto_modelt &src, std::ostream &out)
Dump Goto-Program as DOT Graph.
void dump_cpp(const goto_functionst &src, const bool use_system_headers, const bool use_all_headers, const bool include_harness, const namespacet &ns, std::ostream &out)
void dump_c(const goto_functionst &src, const bool use_system_headers, const bool use_all_headers, const bool include_harness, const namespacet &ns, std::ostream &out)
void dump_c_type_header(const goto_functionst &src, const bool use_system_headers, const bool use_all_headers, const bool include_harness, const namespacet &ns, const std::string module, std::ostream &out)
bool ensure_one_backedge_per_target(goto_programt::targett &it, goto_programt &goto_program)
Ensure one backedge per target.
Field-insensitive, location-sensitive, over-approximative escape analysis.
Document and give macros for the exit codes of CPROVER binaries.
#define CPROVER_EXIT_CONVERSION_FAILED
Failure to convert / write to another format.
#define CPROVER_EXIT_INTERNAL_ERROR
An error has been encountered during processing the requested analysis.
#define CPROVER_EXIT_USAGE_ERROR
A usage error is returned when the command line is invalid or conflicting.
#define CPROVER_EXIT_SUCCESS
Success indicates the required analysis has been performed without error.
void property_slicer(goto_functionst &goto_functions, const namespacet &ns, const std::list< std::string > &properties, message_handlert &message_handler)
void full_slicer(goto_functionst &goto_functions, const namespacet &ns, const slicing_criteriont &criterion, message_handlert &message_handler)
void function_exit(goto_modelt &goto_model, const irep_idt &id)
void function_enter(goto_modelt &goto_model, const irep_idt &id)
Function Entering and Exiting.
void configure_gcc(const gcc_versiont &gcc_version)
std::unique_ptr< generate_function_bodiest > generate_function_bodies_factory(const std::string &options, const c_object_factory_parameterst &object_factory_parameters, const symbol_tablet &symbol_table, message_handlert &message_handler)
Create the type that actually generates the functions.
void generate_function_bodies(const std::regex &functions_regex, const generate_function_bodiest &generate_function_body, goto_modelt &model, message_handlert &message_handler, bool ignore_no_match)
Generate function bodies with some default behavior: assert-false, assume-false, assert-false-assume-...
#define HELP_REPLACE_FUNCTION_BODY
Field-insensitive, location-sensitive, over-approximative escape analysis.
static void transform_assertions_assumptions(goto_programt &goto_program, bool enable_assertions, bool enable_built_in_assertions, bool enable_assumptions)
Checks for Errors in C and Java Programs.
void goto_check_c(const irep_idt &function_identifier, goto_functionst::goto_functiont &goto_function, const namespacet &ns, const optionst &options, message_handlert &message_handler)
#define PARSE_OPTIONS_GOTO_CHECK(cmdline, options)
void goto_inline(goto_modelt &goto_model, message_handlert &message_handler, bool adjust_function)
Inline every function call into the entry_point() function.
void goto_function_inline(goto_modelt &goto_model, const irep_idt function, message_handlert &message_handler, bool adjust_function, bool caching)
Transitively inline all function calls made from a particular function.
void goto_partial_inline(goto_modelt &goto_model, message_handlert &message_handler, unsigned smallfunc_limit, bool adjust_function)
Inline all function calls to functions either marked as "inlined" or smaller than smallfunc_limit (by...
jsont goto_function_inline_and_log(goto_modelt &goto_model, const irep_idt function, message_handlert &message_handler, bool adjust_function, bool caching)
Function Inlining This gives a number of different interfaces to the function inlining functionality ...
#define forall_goto_program_instructions(it, program)
void remove_pointers(goto_modelt &goto_model, value_setst &value_sets, message_handlert &message_handler)
Remove dereferences in all expressions contained in the program goto_model.
#define HELP_REMOVE_POINTERS
void dfcc(const optionst &options, goto_modelt &goto_model, const irep_idt &harness_id, const std::optional< irep_idt > &to_check, const bool allow_recursive_calls, const std::set< irep_idt > &to_replace, const loop_contract_configt loop_contract_config, const std::set< std::string > &to_exclude_from_nondet_static, message_handlert &message_handler)
Applies function contracts transformation to GOTO model, using the dynamic frame condition checking a...
void havoc_loops(goto_modelt &goto_model)
void horn_encoding(const goto_modelt &goto_model, std::ostream &out)
bool insert_final_assert_false(goto_modelt &goto_model, const std::string &function_to_instrument, message_handlert &message_handler)
Transform a goto program by inserting assert(false) at the end of a given function function_to_instru...
Insert final assert false into a function.
#define HELP_INSERT_FINAL_ASSERT_FALSE
void interpreter(const goto_modelt &goto_model, message_handlert &message_handler)
Interpreter for GOTO Programs.
static void interrupt(value_setst &value_sets, const symbol_tablet &symbol_table, const irep_idt &function_id, goto_programt &goto_program, const symbol_exprt &interrupt_handler, const rw_set_baset &isr_rw_set, message_handlert &message_handler)
Interrupt Instrumentation for Goto Programs.
void interval_analysis(goto_modelt &goto_model)
Initialises the abstract interpretation over interval domain and instruments instructions using inter...
Over-approximate Concurrency for Threaded Goto Programs.
void k_induction(goto_modelt &goto_model, bool base_case, bool step_case, unsigned k)
void label_function_pointer_call_sites(goto_modelt &goto_model)
This ensures that call instructions can be only one of two things:
Label function pointer call sites across a goto model.
Compute lexical loops in a goto_function.
void show_lexical_loops(const goto_modelt &goto_model, std::ostream &out)
void link_to_library(goto_modelt &goto_model, message_handlert &message_handler, const std::function< void(const std::set< irep_idt > &, const symbol_tablet &, symbol_tablet &, message_handlert &)> &library)
Complete missing function definitions using the library.
Field-insensitive, location-sensitive bitvector analysis.
Local safe pointer analysis.
void show_loop_ids(ui_message_handlert::uit ui, const goto_modelt &goto_model)
void mm_io(symbol_tablet &symbol_table, goto_functionst &goto_functions, message_handlert &message_handler)
Perform Memory-mapped I/O instrumentation.
static void mmio(value_setst &value_sets, const symbol_tablet &symbol_table, const irep_idt &function_id, goto_programt &goto_program, message_handlert &message_handler)
Memory-mapped I/O Instrumentation for Goto Programs.
bool model_argc_argv(goto_modelt &goto_model, unsigned max_argc, message_handlert &message_handler)
Set up argv with up to max_argc pointers into an array of 4096 bytes.
Initialize command line arguments.
Compute natural loops in a goto_function.
void show_natural_loops(const goto_modelt &goto_model, std::ostream &out)
void nondet_static_matching(goto_modelt &goto_model, const std::string ®ex)
Nondeterministically initializes global scope variables that match the given regex.
static void nondet_static(const namespacet &ns, goto_modelt &goto_model, const irep_idt &fct_name)
Nondeterministically initializes global scope variables in a goto-function.
Nondeterministically initializes global scope variables, except for constants (such as string literal...
void parse_nondet_volatile_options(const cmdlinet &cmdline, optionst &options)
void nondet_volatile(goto_modelt &goto_model, const optionst &options)
Havoc reads from volatile expressions, if enabled in the options.
#define HELP_NONDET_VOLATILE
void parameter_assignments(symbol_table_baset &symbol_table, goto_functionst &goto_functions)
removes returns
Add parameter assignments.
std::string align_center_with_border(const std::string &text)
Utility for displaying help centered messages borderered by "* *".
std::string banner_string(const std::string &front_end, const std::string &version)
Field-sensitive, location-insensitive points-to analysis.
static void race_check(value_setst &value_sets, symbol_table_baset &symbol_table, const irep_idt &function_id, goto_programt &goto_program, w_guardst &w_guards, message_handlert &message_handler)
Race Detection for Threaded Goto Programs.
void reachability_slicer(goto_modelt &goto_model, const bool include_forward_reachability, message_handlert &message_handler)
Perform reachability slicing on goto_model, with respect to the criterion given by all properties.
void function_path_reachability_slicer(goto_modelt &goto_model, const std::list< std::string > &functions_list, message_handlert &message_handler)
Perform reachability slicing on goto_model for selected functions.
#define HELP_FP_REACHABILITY_SLICER
#define HELP_REACHABILITY_SLICER
Range-based reaching definitions analysis (following Field- Sensitive Program Dependence Analysis,...
static bool read_goto_binary(const std::string &filename, symbol_tablet &, goto_functionst &, message_handlert &)
Read a goto binary from a file, but do not update config.
void remove_asm(goto_functionst &goto_functions, symbol_tablet &symbol_table, message_handlert &message_handler)
Replaces inline assembly instructions in the goto program (i.e., instructions of kind OTHER with a co...
bool has_asm(const goto_functionst &goto_functions)
returns true iff the given goto functions use asm instructions
Remove 'asm' statements by compiling them into suitable standard goto program instructions.
Remove calls to functions without a body.
#define HELP_REMOVE_CALLS_NO_BODY
#define HELP_REMOVE_CONST_FUNCTION_POINTERS
void remove_functions(goto_modelt &goto_model, const std::list< std::string > &names, message_handlert &message_handler)
Remove the body of all functions listed in "names" such that an analysis will treat it as a side-effe...
static void remove_functions_regex(goto_modelt &goto_model, const std::regex &pattern, const std::string &pattern_as_str, message_handlert &message_handler)
Remove functions matching a regular expression pattern.
Remove function definition.
void remove_function_pointers(message_handlert &_message_handler, goto_modelt &goto_model, bool only_remove_const_fps)
Remove Indirect Function Calls.
void restore_returns(goto_modelt &goto_model)
restores return statements
void remove_returns(symbol_table_baset &symbol_table, goto_functionst &goto_functions)
removes returns
Replace function returns by assignments to global variables.
void remove_skip(goto_programt &goto_program, goto_programt::targett begin, goto_programt::targett end)
remove unnecessary skip statements
void remove_unused_functions(goto_modelt &goto_model, message_handlert &message_handler)
void remove_virtual_functions(symbol_table_baset &symbol_table, goto_functionst &goto_functions)
Remove virtual function calls from all functions in the specified list and replace them with their mo...
Functions for replacing virtual function call with a static function calls in functions,...
#define HELP_REPLACE_CALLS
void parse_function_pointer_restriction_options_from_cmdline(const cmdlinet &cmdline, optionst &options)
void restrict_function_pointers(message_handlert &message_handler, goto_modelt &goto_model, const optionst &options)
Apply function pointer restrictions to a goto_model.
Given goto functions and a list of function parameters or globals that are function pointers with lis...
#define RESTRICT_FUNCTION_POINTER_OPT
#define RESTRICT_FUNCTION_POINTER_FROM_FILE_OPT
#define HELP_RESTRICT_FUNCTION_POINTER
#define RESTRICT_FUNCTION_POINTER_BY_NAME_OPT
static std::optional< exprt > rewrite_rw_ok(exprt expr, const namespacet &ns)
Rewrite r/w/rw_ok expressions to ones including prophecy variables recording the state.
void rewrite_union(exprt &expr)
We rewrite u.c for unions u into byte_extract(u, 0), and { .c = v } into byte_update(NIL,...
Race Detection for Threaded Goto Programs.
Single-entry, single-exit region analysis.
void label_properties(goto_modelt &goto_model)
Set the properties to check.
#define HELP_SHOW_GOTO_FUNCTIONS
void show_locations(ui_message_handlert::uit ui, const irep_idt function_id, const goto_programt &goto_program)
void show_properties(const namespacet &ns, const irep_idt &identifier, message_handlert &message_handler, ui_message_handlert::uit ui, const goto_programt &goto_program)
#define HELP_SHOW_PROPERTIES
void show_symbol_table(const symbol_table_baset &symbol_table, ui_message_handlert &ui)
void show_symbol_table_brief(const symbol_table_baset &symbol_table, ui_message_handlert &ui)
void show_value_sets(ui_message_handlert::uit ui, const goto_modelt &goto_model, const value_set_analysist &value_set_analysis)
static bool skip_loops(goto_programt &goto_program, const loop_idst &loop_ids, messaget &message)
Skip over selected loops by adding gotos.
void slice_global_inits(goto_modelt &goto_model, message_handlert &message_handler)
Remove initialization of global variables that are not used in any function reachable from the entry ...
Remove initializations of unused global variables.
bool splice_call(goto_functionst &goto_functions, const std::string &callercallee, const symbol_table_baset &symbol_table, message_handlert &message_handler)
Harnessing for goto functions.
#define CHECK_RETURN(CONDITION)
#define PRECONDITION(CONDITION)
static void stack_depth(goto_programt &goto_program, const symbol_exprt &symbol, const std::size_t i_depth, const exprt &max_depth)
unsigned safe_string2unsigned(const std::string &str, int base)
unsigned unsafe_string2unsigned(const std::string &str, int base)
std::size_t safe_string2size_t(const std::string &str, int base)
void string_abstraction(goto_modelt &goto_model, message_handlert &message_handler)
void split_string(const std::string &s, char delim, std::vector< std::string > &result, bool strip, bool remove_empty)
This is unused by this implementation of guards, but can be used by other implementations of the same...
Loop contract configurations.
void thread_exit_instrumentation(goto_programt &goto_program)
void mutex_init_instrumentation(const symbol_tablet &symbol_table, goto_programt &goto_program, typet lock_type)
void list_undefined_functions(const goto_modelt &goto_model, std::ostream &os)
void undefined_function_abort_path(goto_modelt &goto_model)
Handling of functions without body.
#define widen_if_needed(s)
void add_uninitialized_locals_assertions(goto_modelt &goto_model)
void show_uninitialized(const goto_modelt &goto_model, std::ostream &out)
#define HELP_UNINITIALIZED_CHECK
void value_set_fi_fp_removal(goto_modelt &goto_model, message_handlert &message_handler)
Builds the flow-insensitive value set for all function pointers and replaces function pointers with a...
flow insensitive value set function pointer removal
const char * CBMC_VERSION
void weak_memory(memory_modelt model, value_setst &value_sets, goto_modelt &goto_model, bool SCC, instrumentation_strategyt event_strategy, bool no_cfg_kill, bool no_dependencies, loop_strategyt duplicate_body, unsigned input_max_var, unsigned input_max_po_trans, bool render_po, bool render_file, bool render_function, bool cav11_option, bool hide_internals, message_handlert &message_handler, bool ignore_arrays)
instrumentation_strategyt
static void write_goto_binary(std::ostream &out, const symbol_table_baset &symbol_table, const goto_functionst &goto_functions, irep_serializationt &irepconverter)
Writes a goto program to disc, using goto binary format.
1.9.8