12 #ifndef CPROVER_GOTO_SYMEX_GOTO_SYMEX_STATE_H
13 #define CPROVER_GOTO_SYMEX_GOTO_SYMEX_STATE_H
47 std::size_t max_field_sensitive_array_size,
99 template <levelt level = L2>
104 template <levelt level>
108 template <levelt level = L2>
118 bool rhs_is_simplified,
120 bool allow_pointer_unsoundness =
false);
131 template <levelt level>
143 static irep_idt id =
"goto_symex::\\guard";
167 std::function<std::size_t(
const irep_idt &)> index_generator,
182 std::unordered_map<ssa_exprt, a_s_w_entryt, irep_hash>
255 return lvalue.
id() == ID_string_constant || lvalue.
id() == ID_null_object ||
256 lvalue.
id() ==
"zero_string" || lvalue.
id() ==
"is_zero_string" ||
257 lvalue.
id() ==
"zero_string_length" || lvalue.
is_constant() ||
258 lvalue.
id() == ID_array;
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Base class for all expressions.
bool is_constant() const
Return whether the expression is a constant.
Control granularity of object accesses.
instructionst::const_iterator const_targett
Container for data that varies per program point, e.g.
Central data structure: state.
ssa_exprt declare(ssa_exprt ssa, const namespacet &ns)
Add invalid (or a failed symbol) to the value_set if ssa is a pointer, ensure that level2 index of sy...
goto_programt::const_targett saved_target
ssa_exprt add_object(const symbol_exprt &expr, std::function< std::size_t(const irep_idt &)> index_generator, const namespacet &ns)
Instantiate the object expr.
std::pair< unsigned, std::list< guardt > > a_s_r_entryt
std::stack< bool > record_events
bool l2_thread_write_encoding(const ssa_exprt &expr, const namespacet &ns)
thread encoding
renamedt< ssa_exprt, level > set_indices(ssa_exprt expr, const namespacet &ns)
Update values up to level.
goto_symex_statet(const goto_symex_statet &other, symex_target_equationt *const target)
Fake "copy constructor" that initializes the symex_target member.
exprt l2_rename_rvalues(exprt lvalue, const namespacet &ns)
shadow_memory_statet shadow_memory
static irep_idt guard_identifier()
call_stackt & call_stack()
const incremental_dirtyt * dirty
std::unordered_map< ssa_exprt, a_s_r_entryt, irep_hash > read_in_atomic_section
std::unordered_map< ssa_exprt, a_s_w_entryt, irep_hash > written_in_atomic_section
void rename_address(exprt &expr, const namespacet &ns)
renamedt< ssa_exprt, L2 > assignment(ssa_exprt lhs, const exprt &rhs, const namespacet &ns, bool rhs_is_simplified, bool record_value, bool allow_pointer_unsoundness=false)
guard_managert & guard_manager
bool l2_thread_read_encoding(ssa_exprt &expr, const namespacet &ns)
thread encoding
const call_stackt & call_stack() const
void print_backtrace(std::ostream &) const
Dumps the current state of symex, printing the function name and location number for each stack frame...
renamedt< exprt, level > rename(exprt expr, const namespacet &ns)
Rewrites symbol expressions in exprt, applying a suffix to each symbol reflecting its most recent ver...
symex_target_equationt * symex_target
std::unordered_map< irep_idt, typet > l1_typest
symbol_tablet symbol_table
contains symbols that are minted during symbolic execution, such as dynamically created objects etc.
std::list< guardt > a_s_w_entryt
void drop_l1_name(const irep_idt &l1_identifier)
Drops an L1 name from the local L2 map.
static bool is_read_only_object(const exprt &lvalue)
Returns true if lvalue is a read-only object, such as the null object.
field_sensitivityt field_sensitivity
write_is_shared_resultt write_is_shared(const ssa_exprt &expr, const namespacet &ns) const
symex_targett::sourcet source
bool has_saved_jump_target
This state is saved, with the PC pointing to the target of a GOTO.
renamedt< ssa_exprt, level > rename_ssa(ssa_exprt ssa, const namespacet &ns)
Version of rename which is specialized for SSA exprt.
std::function< std::size_t(const irep_idt &)> get_l2_name_provider() const
goto_symex_statet(const goto_symex_statet &other)=default
Dangerous, do not use.
goto_symex_statet(const symex_targett::sourcet &, std::size_t max_field_sensitive_array_size, bool should_simplify, guard_managert &manager, std::function< std::size_t(const irep_idt &)> fresh_l2_name_provider)
bool run_validation_checks
Should the additional validation checks be run?
std::vector< threadt > threads
std::function< std::size_t(const irep_idt &)> fresh_l2_name_provider
bool has_saved_next_instruction
This state is saved, with the PC pointing to the next instruction of a GOTO.
void drop_existing_l1_name(const irep_idt &l1_identifier)
Drops an L1 name from the local L2 map.
Wrapper for dirtyt that permits incremental population, ensuring each function is analysed exactly on...
const irep_idt & id() const
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Wrapper for expressions or types which have been renamed up to a given level.
The state maintained by the shadow memory instrumentation during symbolic execution.
void erase_if_exists(const key_type &k)
Erase element if it exists.
void erase(const key_type &k)
Erase element, element must exist in map.
Expression providing an SSA-renamed symbol of expressions.
Expression to hold a symbol (variable)
Inheriting the interface of symex_targett this class represents the SSA form of the input program as ...
The Boolean constant true.
The type of an expression, extends irept.
goto_statet class definition
Symex Shadow Memory Instrumentation State.
#define PRECONDITION(CONDITION)
API to expression classes.
threadt(guard_managert &guard_manager)
unsigned atomic_section_id
std::map< irep_idt, unsigned > function_frame
goto_programt::const_targett pc
This is unused by this implementation of guards, but can be used by other implementations of the same...
Functor to set the level 1 renaming of SSA expressions.
symex_renaming_levelt current_names
Identifies source in the context of symbolic execution.
1.9.1