44 if(expr.
id()==ID_symbol)
50 std::string identifier=
54 if(l0_l1!=std::string::npos)
56 identifier.resize(l0_l1);
63 else if(expr.
id() == ID_string_constant)
79 if(cit !=
cache.end())
84 if(assign.
rhs().
id() == ID_array_list)
87 const auto &ops = array_list.
operands();
89 for(std::size_t listidx = 0; listidx != ops.size(); listidx += 2)
98 else if(assign.
rhs().
id() == ID_array)
112 else if(assign.
rhs().
id()==ID_struct ||
113 assign.
rhs().
id()==ID_union)
118 assign.
lhs().
id() == ID_member &&
126 else if(assign.
lhs().
id()==ID_byte_extract_little_endian ||
127 assign.
lhs().
id()==ID_byte_extract_big_endian)
137 (lhs_type.
id() == ID_struct_tag || lhs_type.
id() == ID_union_tag)
141 exprt::operandst::const_iterator it=
143 for(
const auto &comp : components)
146 comp.type().id() != ID_code,
"struct member must not be of code type");
148 comp.get_is_padding() ||
150 comp.get_name().starts_with(
"$pad"))
154 it != assign.
rhs().
operands().end(),
"expression must have operands");
166 if(assign.
rhs().
id()==ID_union)
170 else if(assign.
rhs().
id() == ID_with)
173 const auto &ops = with_expr.
operands();
175 for(std::size_t i = 1; i < ops.size(); i += 2)
180 if(ops[i].
id() == ID_member_name)
183 assign.
lhs(), ops[i].
get(ID_component_name), ops[i + 1].type()};
205 lhs.find(
"#return_value") != std::string::npos ||
206 (lhs.find(
'$') != std::string::npos &&
207 has_prefix(lhs,
"return_value___VERIFIER_nondet_")))
221 const goto_tracet::stepst::const_iterator &prev_it,
222 goto_tracet::stepst::const_iterator &it)
226 (!it->pc->is_assign() || it->pc->assign_rhs().id() != ID_side_effect ||
227 it->pc->assign_rhs().get(ID_statement) != ID_nondet))
230 if(!it->is_assignment() && !it->is_goto() && !it->is_assert())
237 prev_it != goto_trace.
steps.end() &&
238 prev_it->pc->source_location() == it->pc->source_location())
241 if(it->is_goto() && it->pc->condition().is_true())
246 if(source_location.
is_nil() ||
265 expr.
id() == ID_symbol &&
271 for(
const auto &op : expr.
operands())
282 unsigned int max_thread_idx = 0;
283 bool trace_has_violation =
false;
284 for(goto_tracet::stepst::const_iterator it = goto_trace.
steps.begin();
285 it != goto_trace.
steps.end();
288 if(it->thread_nr > max_thread_idx)
289 max_thread_idx = it->thread_nr;
290 if(it->is_assert() && !it->cond_value)
291 trace_has_violation =
true;
297 graphml[sink].node_name=
"sink";
298 graphml[sink].is_violation=
false;
299 graphml[sink].has_invariant=
false;
301 if(max_thread_idx > 0 && trace_has_violation)
303 std::vector<graphmlt::node_indext> nodes;
305 for(
unsigned int i = 0; i <= max_thread_idx + 1; ++i)
309 graphml[nodes.back()].is_violation = i == max_thread_idx + 1;
310 graphml[nodes.back()].has_invariant =
false;
313 for(
auto it = nodes.cbegin(); std::next(it) != nodes.cend(); ++it)
318 const auto thread_id = std::distance(nodes.cbegin(), it);
328 graphml[*std::next(it)].
in[*it].xml_node = edge;
329 graphml[*it].
out[*std::next(it)].xml_node = edge;
338 std::vector<std::size_t> step_to_node(goto_trace.
steps.size()+1, 0);
340 goto_tracet::stepst::const_iterator prev_it=goto_trace.
steps.end();
341 for(goto_tracet::stepst::const_iterator
342 it=goto_trace.
steps.begin();
343 it!=goto_trace.
steps.end();
348 step_to_node[it->step_nr]=sink;
354 goto_tracet::stepst::const_iterator next=it;
357 next != goto_trace.
steps.end() &&
359 it->full_lhs == next->full_lhs &&
360 it->pc->source_location() == next->pc->source_location())
362 step_to_node[it->step_nr]=sink;
378 graphml[node].has_invariant=
false;
380 step_to_node[it->step_nr]=node;
386 for(goto_tracet::stepst::const_iterator
387 it=goto_trace.
steps.begin();
388 it!=goto_trace.
steps.end();
391 const std::size_t from=step_to_node[it->step_nr];
394 if(from == sink ||
graphml[from].is_violation)
400 auto next = std::next(it);
401 for(; next != goto_trace.
steps.end() &&
402 (step_to_node[next->step_nr] == sink ||
408 const std::size_t to=
409 next==goto_trace.
steps.end()?
410 sink:step_to_node[next->step_nr];
421 {{
"source",
graphml[from].node_name},
422 {
"target",
graphml[to].node_name}},
439 const auto lhs_object = it->get_lhs_object();
442 lhs_object.has_value())
444 const std::string &lhs_id =
id2string(lhs_object->get_identifier());
445 if(lhs_id.find(
"pthread_create::thread") != std::string::npos)
456 lhs_id.find(
"thread") == std::string::npos &&
457 lhs_id.find(
"mutex") == std::string::npos &&
458 (!it->full_lhs_value.is_constant() ||
459 !it->full_lhs_value.has_operands() ||
471 if(!it->function_id.empty())
475 irep_idt function_id = it->function_id;
476 const symbolt *symbol_ptr =
nullptr;
479 function_id = lhs_id.substr(0, lhs_id.find(
"::"));
531 graphml[sink].node_name=
"sink";
532 graphml[sink].is_violation=
false;
533 graphml[sink].has_invariant=
false;
536 std::vector<std::size_t> step_to_node(equation.
SSA_steps.size()+1, 0);
538 std::size_t step_nr=1;
539 for(symex_target_equationt::SSA_stepst::const_iterator
548 (!it->is_assignment() && !it->is_goto() && !it->is_assert()) ||
549 (it->is_goto() && it->source.pc->condition().is_true()) ||
553 step_to_node[step_nr]=sink;
559 symex_target_equationt::SSA_stepst::const_iterator next=it;
562 next != equation.
SSA_steps.end() && next->is_assignment() &&
563 it->ssa_full_lhs == next->ssa_full_lhs &&
564 it->source.pc->source_location() == next->source.pc->source_location())
566 step_to_node[step_nr]=sink;
577 graphml[node].is_violation=
false;
578 graphml[node].has_invariant=
false;
580 step_to_node[step_nr]=node;
585 for(symex_target_equationt::SSA_stepst::const_iterator
590 const std::size_t from=step_to_node[step_nr];
599 symex_target_equationt::SSA_stepst::const_iterator next=it;
600 std::size_t next_step_nr=step_nr;
601 for(++next, ++next_step_nr;
603 (step_to_node[next_step_nr]==sink || it->source.pc==next->source.pc);
604 ++next, ++next_step_nr)
608 const std::size_t to=
610 sink:step_to_node[next_step_nr];
621 {{
"source",
graphml[from].node_name},
622 {
"target",
graphml[to].node_name}},
636 (it->is_assignment() || it->is_decl()) && it->ssa_rhs.is_not_nil() &&
637 it->ssa_full_lhs.is_not_nil())
639 irep_idt identifier = it->ssa_lhs.get_object_name();
641 graphml[to].has_invariant =
true;
673 step_nr=next_step_nr;
Expression classes for byte-level operators.
const byte_extract_exprt & to_byte_extract_expr(const exprt &expr)
bitvector_typet c_index_type()
Array constructor from a list of index-element pairs Operands are index/value pairs,...
const typet & element_type() const
The type of the elements of the array.
A goto_instruction_codet representing an assignment in the program.
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Base class for all expressions.
typet & type()
Return the type of the expression.
void operator()(const goto_tracet &goto_trace)
counterexample witness
std::unordered_map< std::pair< unsigned int, const irept::dt * >, std::string, pair_hash< unsigned int, const irept::dt * > > cache
void remove_l0_l1(exprt &expr)
std::string convert_assign_rec(const irep_idt &identifier, const code_assignt &assign)
const edgest & in(node_indext n) const
nodet::node_indext node_indext
node_indext add_node(arguments &&... values)
const edgest & out(node_indext n) const
const irep_idt & get(const irep_idt &name) const
const irep_idt & id() const
Extract member of struct or union.
const exprt & struct_op() const
const union_typet & follow_tag(const union_tag_typet &) const
Follow type tag of union type.
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
bool lookup(const irep_idt &name, const symbolt *&symbol) const override
See documentation for namespace_baset::lookup().
const irep_idt & get_function() const
const irep_idt & get_line() const
const irep_idt & get_file() const
static bool is_built_in(const std::string &s)
const exprt & get_original_expr() const
array_exprt to_array_expr() const
convert string into array constant
const componentst & components() const
std::vector< componentt > componentst
void set_identifier(const irep_idt &identifier)
Inheriting the interface of symex_targett this class represents the SSA form of the input program as ...
The type of an expression, extends irept.
Operator to update elements in structs and arrays.
void set_attribute(const std::string &attribute, unsigned value)
xmlt & new_element(const std::string &key)
static bool is_printable_xml(const std::string &s)
Determine whether s does not contain any characters that cannot be escaped in XML 1....
bool has_prefix(const std::string &s, const std::string &prefix)
std::string expr2c(const exprt &expr, const namespacet &ns, const expr2c_configurationt &configuration)
#define Forall_operands(it, expr)
static std::string expr_to_string(const namespacet &ns, const irep_idt &id, const exprt &expr)
static bool contains_symbol_prefix(const exprt &expr, const std::string &prefix)
static bool filter_out(const goto_tracet &goto_trace, const goto_tracet::stepst::const_iterator &prev_it, goto_tracet::stepst::const_iterator &it)
Witnesses for Traces and Proofs.
const std::string & id2string(const irep_idt &d)
const std::string thread_id
std::string from_expr(const namespacet &ns, const irep_idt &identifier, const exprt &expr)
const irep_idt & get_mode_from_identifier(const namespacet &ns, const irep_idt &identifier)
Get the mode of the given identifier's symbol.
Various predicates over pointers in programs.
#define SYMEX_DYNAMIC_PREFIX
#define DATA_INVARIANT(CONDITION, REASON)
This condition should be used to document that assumptions that are made on goto_functions,...
const ssa_exprt & to_ssa_expr(const exprt &expr)
Cast a generic exprt to an ssa_exprt.
bool is_ssa_expr(const exprt &expr)
const symbol_exprt & to_symbol_expr(const exprt &expr)
Cast an exprt to a symbol_exprt.
const array_list_exprt & to_array_list_expr(const exprt &expr)
const multi_ary_exprt & to_multi_ary_expr(const exprt &expr)
Cast an exprt to a multi_ary_exprt.
const with_exprt & to_with_expr(const exprt &expr)
Cast an exprt to a with_exprt.
const member_exprt & to_member_expr(const exprt &expr)
Cast an exprt to a member_exprt.
const array_typet & to_array_type(const typet &type)
Cast a typet to an array_typet.
const struct_union_typet & to_struct_union_type(const typet &type)
Cast a typet to a struct_union_typet.
const struct_or_union_tag_typet & to_struct_or_union_tag_type(const typet &type)
Cast a typet to a struct_or_union_tag_typet.
const string_constantt & to_string_constant(const exprt &expr)
std::string to_string(const string_not_contains_constraintt &expr)
Used for debug printing.
static expr2c_configurationt clean_configuration
This prints compilable C that loses some of the internal details of the GOTO program.
Functor to check whether iterators from different collections point at the same object.
Generate Equation using Symbolic Execution.
1.9.1