cbmc/goto__state_8cpp_source.html

 /*******************************************************************\


 Module: Symbolic Execution


 Author: Romain Brenguier, romain.brenguier@diffblue.com


 \*******************************************************************/


 #include "goto_state.h"


 #include <util/format_expr.h>


 #include "goto_symex_can_forward_propagate.h"

 #include "goto_symex_state.h"


 void goto_statet::output_propagation_map(std::ostream &out)

 {

   sharing_mapt<irep_idt, exprt>::viewt view;

   propagation.get_view(view);


   for(const auto &name_value : view)

   {

     out << name_value.first << " <- " << format(name_value.second) << "\n";

   }

 }


 void goto_statet::apply_condition(

   const exprt &condition,

   const goto_symex_statet &previous_state,

   const namespacet &ns)

 {

   if(auto and_expr = expr_try_dynamic_cast<and_exprt>(condition))

   {

     // A == B && C == D && E == F ...

     // -->

     // Apply each condition individually

     for(const auto &op : and_expr->operands())

       apply_condition(op, previous_state, ns);

   }

   else if(auto not_expr = expr_try_dynamic_cast<not_exprt>(condition))

   {

     const exprt &operand = not_expr->op();

     if(auto notequal_expr = expr_try_dynamic_cast<notequal_exprt>(operand))

     {

       // !(A != B)

       // -->

       // A == B

       apply_condition(

         equal_exprt{notequal_expr->lhs(), notequal_expr->rhs()},

         previous_state,

         ns);

     }

     else if(auto equal_expr = expr_try_dynamic_cast<equal_exprt>(operand))

     {

       // !(A == B)

       // -->

       // A != B

       apply_condition(

         notequal_exprt{equal_expr->lhs(), equal_expr->rhs()},

         previous_state,

         ns);

     }

     else

     {

       // !A

       // -->

       // A == false

       apply_condition(equal_exprt{operand, false_exprt{}}, previous_state, ns);

     }

   }

   else if(auto equal_expr = expr_try_dynamic_cast<equal_exprt>(condition))

   {

     // Base case: try to apply a single equality constraint

     exprt lhs = equal_expr->lhs();

     exprt rhs = equal_expr->rhs();

     if(is_ssa_expr(rhs))

       std::swap(lhs, rhs);


     if(is_ssa_expr(lhs) && goto_symex_can_forward_propagatet(ns)(rhs))

     {

       const ssa_exprt &ssa_lhs = to_ssa_expr(lhs);

       INVARIANT(

         !ssa_lhs.get_level_2().empty(),

         "apply_condition operand should be L2 renamed");


       if(

         previous_state.threads.size() == 1 ||

         previous_state.write_is_shared(ssa_lhs, ns) !=

           goto_symex_statet::write_is_shared_resultt::SHARED)

       {

         const ssa_exprt l1_lhs = remove_level_2(ssa_lhs);

         const irep_idt &l1_identifier = l1_lhs.get_identifier();


         level2.increase_generation(

           l1_identifier, l1_lhs, previous_state.get_l2_name_provider());


         const auto propagation_entry = propagation.find(l1_identifier);

         if(!propagation_entry.has_value())

           propagation.insert(l1_identifier, rhs);

         else if(propagation_entry->get() != rhs)

           propagation.replace(l1_identifier, rhs);


         value_set.assign(l1_lhs, rhs, ns, true, false);

       }

     }

   }

   else if(

     can_cast_expr<symbol_exprt>(condition) && condition.type() == bool_typet())

   {

     // A

     // -->

     // A == true

     apply_condition(equal_exprt{condition, true_exprt()}, previous_state, ns);

   }

   else if(

     can_cast_expr<notequal_exprt>(condition) &&

     expr_checked_cast<notequal_exprt>(condition).lhs().type() == bool_typet{})

   {

     // A != (true|false)

     // -->

     // A == (false|true)

     const notequal_exprt &notequal_expr =

       expr_dynamic_cast<notequal_exprt>(condition);

     exprt lhs = notequal_expr.lhs();

     exprt rhs = notequal_expr.rhs();

     if(is_ssa_expr(rhs))

       std::swap(lhs, rhs);


     if(!is_ssa_expr(lhs) || !goto_symex_can_forward_propagatet(ns)(rhs))

       return;


     PRECONDITION(rhs.is_constant());

     apply_condition(equal_exprt{lhs, boolean_negate(rhs)}, previous_state, ns);

   }

 }

binary_exprt::lhs
exprt & lhs()
Definition: std_expr.h:668

binary_exprt::rhs
exprt & rhs()
Definition: std_expr.h:678

bool_typet
The Boolean type.
Definition: std_types.h:36

dstringt
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Definition: dstring.h:38

dstringt::empty
bool empty() const
Definition: dstring.h:89

equal_exprt
Equality.
Definition: std_expr.h:1361

exprt
Base class for all expressions.
Definition: expr.h:56

exprt::type
typet & type()
Return the type of the expression.
Definition: expr.h:84

exprt::is_constant
bool is_constant() const
Return whether the expression is a constant.
Definition: expr.h:212

false_exprt
The Boolean constant false.
Definition: std_expr.h:3072

goto_statet::level2
symex_level2t level2
Definition: goto_state.h:38

goto_statet::apply_condition
void apply_condition(const exprt &condition, const goto_symex_statet &previous_state, const namespacet &ns)
Given a condition that must hold on this path, propagate as much knowledge as possible.
Definition: goto_state.cpp:43

goto_statet::propagation
sharing_mapt< irep_idt, exprt > propagation
Definition: goto_state.h:71

goto_statet::value_set
value_sett value_set
Uses level 1 names, and is used to do dereferencing.
Definition: goto_state.h:51

goto_statet::output_propagation_map
void output_propagation_map(std::ostream &)
Print the constant propagation map in a human-friendly format.
Definition: goto_state.cpp:19

goto_symex_can_forward_propagatet
Definition: goto_symex_can_forward_propagate.h:19

goto_symex_statet
Central data structure: state.
Definition: goto_symex_state.h:43

goto_symex_statet::write_is_shared_resultt::SHARED
@ SHARED

goto_symex_statet::write_is_shared
write_is_shared_resultt write_is_shared(const ssa_exprt &expr, const namespacet &ns) const
Definition: goto_symex_state.cpp:522

goto_symex_statet::get_l2_name_provider
std::function< std::size_t(const irep_idt &)> get_l2_name_provider() const
Definition: goto_symex_state.h:244

goto_symex_statet::threads
std::vector< threadt > threads
Definition: goto_symex_state.h:199

namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition: namespace.h:94

notequal_exprt
Disequality.
Definition: std_expr.h:1420

sharing_mapt::viewt
std::vector< view_itemt > viewt
View of the key-value pairs in the map.
Definition: sharing_map.h:388

ssa_exprt
Expression providing an SSA-renamed symbol of expressions.
Definition: ssa_expr.h:17

ssa_exprt::get_level_2
const irep_idt get_level_2() const
Definition: ssa_expr.h:73

symbol_exprt::get_identifier
const irep_idt & get_identifier() const
Definition: std_expr.h:160

true_exprt
The Boolean constant true.
Definition: std_expr.h:3063

value_sett::assign
void assign(const exprt &lhs, const exprt &rhs, const namespacet &ns, bool is_simplified, bool add_to_sets)
Transforms this value-set by executing executing the assignment lhs := rhs against it.
Definition: value_set.cpp:1486

boolean_negate
exprt boolean_negate(const exprt &src)
negate a Boolean expression, possibly removing a not_exprt, and swapping false and true
Definition: expr_util.cpp:103

format
static format_containert< T > format(const T &o)
Definition: format.h:37

format_expr.h

goto_state.h
goto_statet class definition

goto_symex_can_forward_propagate.h
GOTO Symex constant propagation.

goto_symex_state.h
Symbolic Execution.

PRECONDITION
#define PRECONDITION(CONDITION)
Definition: invariant.h:463

to_ssa_expr
const ssa_exprt & to_ssa_expr(const exprt &expr)
Cast a generic exprt to an ssa_exprt.
Definition: ssa_expr.h:145

is_ssa_expr
bool is_ssa_expr(const exprt &expr)
Definition: ssa_expr.h:125

remove_level_2
ssa_exprt remove_level_2(ssa_exprt ssa)

can_cast_expr< notequal_exprt >
bool can_cast_expr< notequal_exprt >(const exprt &base)
Definition: std_expr.h:1429

can_cast_expr< symbol_exprt >
bool can_cast_expr< symbol_exprt >(const exprt &base)
Definition: std_expr.h:256

symex_level2t::increase_generation
std::size_t increase_generation(const irep_idt &l1_identifier, const ssa_exprt &lhs, std::function< std::size_t(const irep_idt &)> fresh_l2_name_provider)
Allocates a fresh L2 name for the given L1 identifier, and makes it the latest generation on this pat...
Definition: renaming_level.cpp:137

validation_modet::INVARIANT
@ INVARIANT