cbmc/goto__state_8cpp_source.html

/*******************************************************************\


Module: Symbolic Execution


Author: Romain Brenguier, romain.brenguier@diffblue.com


\*******************************************************************/


#include "goto_state.h"


#include <util/format_expr.h>


#include "goto_symex_can_forward_propagate.h"

#include "goto_symex_state.h"


void goto_statet::output_propagation_map(std::ostream &out)

{

  sharing_mapt<irep_idt, exprt>::viewt view;

  propagation.get_view(view);


  for(const auto &name_value : view)

  {

    out << name_value.first << " <- " << format(name_value.second) << "\n";

  }

}

void goto_statet::output_propagation_map(std::ostream &out) {…}


void goto_statet::apply_condition(

  const exprt &condition,

  const goto_symex_statet &previous_state,

  const namespacet &ns)

{

  if(auto and_expr = expr_try_dynamic_cast<and_exprt>(condition))

  {

    // A == B && C == D && E == F ...

    // -->

    // Apply each condition individually

    for(const auto &op : and_expr->operands())

      apply_condition(op, previous_state, ns);

  }

  else if(auto not_expr = expr_try_dynamic_cast<not_exprt>(condition))

  {

    const exprt &operand = not_expr->op();

    if(auto notequal_expr = expr_try_dynamic_cast<notequal_exprt>(operand))

    {

      // !(A != B)

      // -->

      // A == B

      apply_condition(

        equal_exprt{notequal_expr->lhs(), notequal_expr->rhs()},

        previous_state,

        ns);

    }

    else if(auto equal_expr = expr_try_dynamic_cast<equal_exprt>(operand))

    {

      // !(A == B)

      // -->

      // A != B

      apply_condition(

        notequal_exprt{equal_expr->lhs(), equal_expr->rhs()},

        previous_state,

        ns);

    }

    else

    {

      // !A

      // -->

      // A == false

      apply_condition(equal_exprt{operand, false_exprt{}}, previous_state, ns);

    }

  }

  else if(auto equal_expr = expr_try_dynamic_cast<equal_exprt>(condition))

  {

    // Base case: try to apply a single equality constraint

    exprt lhs = equal_expr->lhs();

    exprt rhs = equal_expr->rhs();

    if(is_ssa_expr(rhs))

      std::swap(lhs, rhs);


    if(is_ssa_expr(lhs) && goto_symex_can_forward_propagatet(ns)(rhs))

    {

      const ssa_exprt &ssa_lhs = to_ssa_expr(lhs);

      INVARIANT(

        !ssa_lhs.get_level_2().empty(),

        "apply_condition operand should be L2 renamed");


      if(

        previous_state.threads.size() == 1 ||

        previous_state.write_is_shared(ssa_lhs, ns) !=

          goto_symex_statet::write_is_shared_resultt::SHARED)

      {

        const ssa_exprt l1_lhs = remove_level_2(ssa_lhs);

        const irep_idt &l1_identifier = l1_lhs.get_identifier();


        level2.increase_generation(

          l1_identifier, l1_lhs, previous_state.get_l2_name_provider());


        const auto propagation_entry = propagation.find(l1_identifier);

        if(!propagation_entry.has_value())

          propagation.insert(l1_identifier, rhs);

        else if(propagation_entry->get() != rhs)

          propagation.replace(l1_identifier, rhs);


        value_set.assign(l1_lhs, rhs, ns, true, false);

      }

    }

  }

  else if(

    can_cast_expr<symbol_exprt>(condition) && condition.type() == bool_typet())

  {

    // A

    // -->

    // A == true

    apply_condition(equal_exprt{condition, true_exprt()}, previous_state, ns);

  }

  else if(

    can_cast_expr<notequal_exprt>(condition) &&

    expr_checked_cast<notequal_exprt>(condition).lhs().type() == bool_typet{})

  {

    // A != (true|false)

    // -->

    // A == (false|true)

    const notequal_exprt &notequal_expr =

      expr_dynamic_cast<notequal_exprt>(condition);

    exprt lhs = notequal_expr.lhs();

    exprt rhs = notequal_expr.rhs();

    if(is_ssa_expr(rhs))

      std::swap(lhs, rhs);


    if(!is_ssa_expr(lhs) || !goto_symex_can_forward_propagatet(ns)(rhs))

      return;


    PRECONDITION(rhs.is_constant());

    apply_condition(equal_exprt{lhs, boolean_negate(rhs)}, previous_state, ns);

  }

}

void goto_statet::apply_condition( {…}

ait
ait supplies three of the four components needed: an abstract interpreter (in this case handling func...
Definition ai.h:562

bool_typet
The Boolean type.
Definition std_types.h:36

dstringt
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Definition dstring.h:38

equal_exprt
Equality.
Definition std_expr.h:1366

exprt
Base class for all expressions.
Definition expr.h:56

exprt::is_constant
bool is_constant() const
Return whether the expression is a constant.
Definition expr.h:212

exprt::type
typet & type()
Return the type of the expression.
Definition expr.h:84

false_exprt
The Boolean constant false.
Definition std_expr.h:3199

goto_statet::level2
symex_level2t level2
Definition goto_state.h:38

goto_statet::apply_condition
void apply_condition(const exprt &condition, const goto_symex_statet &previous_state, const namespacet &ns)
Given a condition that must hold on this path, propagate as much knowledge as possible.
Definition goto_state.cpp:43

goto_statet::propagation
sharing_mapt< irep_idt, exprt > propagation
Definition goto_state.h:71

goto_statet::value_set
value_sett value_set
Uses level 1 names, and is used to do dereferencing.
Definition goto_state.h:51

goto_statet::output_propagation_map
void output_propagation_map(std::ostream &)
Print the constant propagation map in a human-friendly format.
Definition goto_state.cpp:19

goto_symex_can_forward_propagatet
Definition goto_symex_can_forward_propagate.h:19

goto_symex_statet
Central data structure: state.
Definition goto_symex_state.h:42

goto_symex_statet::write_is_shared_resultt::SHARED
@ SHARED

namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition namespace.h:91

notequal_exprt
Disequality.
Definition std_expr.h:1425

sharing_mapt::viewt
std::vector< view_itemt > viewt
View of the key-value pairs in the map.
Definition sharing_map.h:388

ssa_exprt
Expression providing an SSA-renamed symbol of expressions.
Definition ssa_expr.h:17

ssa_exprt::get_level_2
const irep_idt get_level_2() const
Definition ssa_expr.h:73

true_exprt
The Boolean constant true.
Definition std_expr.h:3190

value_sett::assign
void assign(const exprt &lhs, const exprt &rhs, const namespacet &ns, bool is_simplified, bool add_to_sets)
Transforms this value-set by executing executing the assignment lhs := rhs against it.
Definition value_set.cpp:1484

boolean_negate
exprt boolean_negate(const exprt &src)
negate a Boolean expression, possibly removing a not_exprt, and swapping false and true
Definition expr_util.cpp:103

format
static format_containert< T > format(const T &o)
Definition format.h:37

format_expr.h

goto_state.h
goto_statet class definition

goto_symex_can_forward_propagate.h
GOTO Symex constant propagation.

goto_symex_state.h
Symbolic Execution.

PRECONDITION
#define PRECONDITION(CONDITION)
Definition invariant.h:463

INVARIANT
#define INVARIANT(CONDITION, REASON)
This macro uses the wrapper function 'invariant_violated_string'.
Definition invariant.h:423

remove_level_2
ssa_exprt remove_level_2(ssa_exprt ssa)
Definition ssa_expr.cpp:219

is_ssa_expr
bool is_ssa_expr(const exprt &expr)
Definition ssa_expr.h:125

to_ssa_expr
const ssa_exprt & to_ssa_expr(const exprt &expr)
Cast a generic exprt to an ssa_exprt.
Definition ssa_expr.h:145

symex_level2t::increase_generation
std::size_t increase_generation(const irep_idt &l1_identifier, const ssa_exprt &lhs, std::function< std::size_t(const irep_idt &)> fresh_l2_name_provider)
Allocates a fresh L2 name for the given L1 identifier, and makes it the latest generation on this pat...
Definition renaming_level.cpp:137