CBMC
Loading...
Searching...
No Matches
graphml_witness.cpp
Go to the documentation of this file.
1/*******************************************************************\
2
3Module: Witnesses for Traces and Proofs
4
5Author: Daniel Kroening
6
7\*******************************************************************/
8
11
12#include "graphml_witness.h"
13
14#include <util/arith_tools.h>
15#include <util/byte_operators.h>
16#include <util/c_types.h>
17#include <util/cprover_prefix.h>
18#include <util/find_symbols.h>
19#include <util/namespace.h>
20#include <util/pointer_predicates.h>
21#include <util/prefix.h>
22#include <util/ssa_expr.h>
23#include <util/string_constant.h>
24#include <util/symbol.h>
25
26#include <ansi-c/expr2c.h>
27#include <goto-symex/symex_target_equation.h>
28#include <langapi/language_util.h>
29#include <langapi/mode.h>
30
31#include "goto_program.h"
32#include "goto_trace.h"
33
34static std::string
35expr_to_string(const namespacet &ns, const irep_idt &id, const exprt &expr)
36{
37 if(get_mode_from_identifier(ns, id) == ID_C)
38 return expr2c(expr, ns, expr2c_configurationt::clean_configuration);
39 else
40 return from_expr(ns, id, expr);
41}
42
43void graphml_witnesst::remove_l0_l1(exprt &expr)
44{
45 if(expr.id()==ID_symbol)
46 {
47 if(is_ssa_expr(expr))
48 expr=to_ssa_expr(expr).get_original_expr();
49 else
50 {
51 std::string identifier = id2string(to_symbol_expr(expr).identifier());
52
53 std::string::size_type l0_l1=identifier.find_first_of("!@");
54 if(l0_l1!=std::string::npos)
55 {
56 identifier.resize(l0_l1);
57 to_symbol_expr(expr).identifier(identifier);
58 }
59 }
60
61 return;
62 }
63 else if(expr.id() == ID_string_constant)
64 {
65 std::string output_string = expr_to_string(ns, "", expr);
66 if(!xmlt::is_printable_xml(output_string))
67 expr = to_string_constant(expr).to_array_expr();
68 }
69
70 Forall_operands(it, expr)
71 remove_l0_l1(*it);
72}
73
74std::string graphml_witnesst::convert_assign_rec(
75 const irep_idt &identifier,
76 const code_assignt &assign)
77{
78 const auto cit = cache.find({identifier.get_no(), &assign.read()});
79 if(cit != cache.end())
80 return cit->second;
81
82 std::string result;
83
84 if(assign.rhs().id() == ID_array_list)
85 {
86 const array_list_exprt &array_list = to_array_list_expr(assign.rhs());
87 const auto &ops = array_list.operands();
88
89 for(std::size_t listidx = 0; listidx != ops.size(); listidx += 2)
90 {
91 const index_exprt index{assign.lhs(), ops[listidx]};
92 if(!result.empty())
93 result += ' ';
94 result +=
95 convert_assign_rec(identifier, code_assignt{index, ops[listidx + 1]});
96 }
97 }
98 else if(assign.rhs().id() == ID_array)
99 {
100 const array_typet &type = to_array_type(assign.rhs().type());
101
102 unsigned i=0;
103 for(const auto &op : assign.rhs().operands())
104 {
105 index_exprt index(
106 assign.lhs(), from_integer(i++, c_index_type()), type.element_type());
107 if(!result.empty())
108 result+=' ';
109 result += convert_assign_rec(identifier, code_assignt(index, op));
110 }
111 }
112 else if(assign.rhs().id()==ID_struct ||
113 assign.rhs().id()==ID_union)
114 {
115 // dereferencing may have resulted in an lhs that is the first
116 // struct member; undo this
117 if(
118 assign.lhs().id() == ID_member &&
119 assign.lhs().type() != assign.rhs().type())
120 {
121 code_assignt tmp=assign;
122 tmp.lhs()=to_member_expr(assign.lhs()).struct_op();
123
124 return convert_assign_rec(identifier, tmp);
125 }
126 else if(assign.lhs().id()==ID_byte_extract_little_endian ||
127 assign.lhs().id()==ID_byte_extract_big_endian)
128 {
129 code_assignt tmp=assign;
130 tmp.lhs()=to_byte_extract_expr(assign.lhs()).op();
131
132 return convert_assign_rec(identifier, tmp);
133 }
134
135 const typet &lhs_type = assign.lhs().type();
136 const struct_union_typet::componentst &components =
137 (lhs_type.id() == ID_struct_tag || lhs_type.id() == ID_union_tag)
138 ? ns.follow_tag(to_struct_or_union_tag_type(lhs_type)).components()
139 : to_struct_union_type(lhs_type).components();
140
141 exprt::operandst::const_iterator it=
142 assign.rhs().operands().begin();
143 for(const auto &comp : components)
144 {
145 DATA_INVARIANT(
146 comp.type().id() != ID_code, "struct member must not be of code type");
147 if(
148 comp.get_is_padding() ||
149 // for some reason #is_padding gets lost in *some* cases
150 comp.get_name().starts_with("$pad"))
151 continue;
152
153 INVARIANT(
154 it != assign.rhs().operands().end(), "expression must have operands");
155
156 member_exprt member(
157 assign.lhs(),
158 comp.get_name(),
159 it->type());
160 if(!result.empty())
161 result+=' ';
162 result+=convert_assign_rec(identifier, code_assignt(member, *it));
163 ++it;
164
165 // for unions just assign to the first member
166 if(assign.rhs().id()==ID_union)
167 break;
168 }
169 }
170 else if(assign.rhs().id() == ID_with)
171 {
172 const with_exprt &with_expr = to_with_expr(assign.rhs());
173
174 if(!result.empty())
175 result += ' ';
176
177 if(with_expr.where().id() == ID_member_name)
178 {
179 const member_exprt member{
180 assign.lhs(),
181 with_expr.where().get(ID_component_name),
182 with_expr.new_value().type()};
183 result += convert_assign_rec(
184 identifier, code_assignt(member, with_expr.new_value()));
185 }
186 else
187 {
188 const index_exprt index{assign.lhs(), with_expr.where()};
189 result += convert_assign_rec(
190 identifier, code_assignt(index, with_expr.new_value()));
191 }
192 }
193 else
194 {
195 exprt clean_rhs=assign.rhs();
196 remove_l0_l1(clean_rhs);
197
198 exprt clean_lhs = assign.lhs();
199 remove_l0_l1(clean_lhs);
200 std::string lhs = expr_to_string(ns, identifier, clean_lhs);
201
202 if(
203 lhs.find("#return_value") != std::string::npos ||
204 (lhs.find('$') != std::string::npos &&
205 has_prefix(lhs, "return_value___VERIFIER_nondet_")))
206 {
207 lhs="\\result";
208 }
209
210 result = lhs + " = " + expr_to_string(ns, identifier, clean_rhs) + ";";
211 }
212
213 cache.insert({{identifier.get_no(), &assign.read()}, result});
214 return result;
215}
216
217static bool filter_out(
218 const goto_tracet &goto_trace,
219 const goto_tracet::stepst::const_iterator &prev_it,
220 goto_tracet::stepst::const_iterator &it)
221{
222 if(
223 it->hidden &&
224 (!it->pc->is_assign() || it->pc->assign_rhs().id() != ID_side_effect ||
225 it->pc->assign_rhs().get(ID_statement) != ID_nondet))
226 return true;
227
228 if(!it->is_assignment() && !it->is_goto() && !it->is_assert())
229 return true;
230
231 // we filter out steps with the same source location
232 // TODO: if these are assignments we should accumulate them into
233 // a single edge
234 if(
235 prev_it != goto_trace.steps.end() &&
236 prev_it->pc->source_location() == it->pc->source_location())
237 return true;
238
239 if(it->is_goto() && it->pc->condition() == true)
240 return true;
241
242 const source_locationt &source_location = it->pc->source_location();
243
244 if(source_location.is_nil() ||
245 source_location.get_file().empty() ||
246 source_location.is_built_in() ||
247 source_location.get_line().empty())
248 {
249 const irep_idt id = source_location.get_function();
250 // Do not filter out assertions in functions the name of which starts with
251 // CPROVER_PREFIX, because we need to maintain those as violation nodes:
252 // these are assertions generated, for examples, for memory leaks.
253 if(!id.starts_with(CPROVER_PREFIX) || !it->is_assert())
254 return true;
255 }
256
257 return false;
258}
259
260static bool contains_symbol_prefix(const exprt &expr, const std::string &prefix)
261{
262 if(
263 expr.id() == ID_symbol &&
264 to_symbol_expr(expr).identifier().starts_with(prefix))
265 {
266 return true;
267 }
268
269 for(const auto &op : expr.operands())
270 {
271 if(contains_symbol_prefix(op, prefix))
272 return true;
273 }
274 return false;
275}
276
279static bool is_function_built_in_or_extern(
280 const namespacet &ns,
281 const irep_idt &function_id)
282{
283 const symbolt *symbol_ptr = nullptr;
284 if(ns.lookup(function_id, symbol_ptr))
285 return true; // not found -- not a user function
286
287 if(symbol_ptr->type.id() != ID_code)
288 return true; // not a function
289
290 if(symbol_ptr->value.is_nil())
291 return true; // no body (truly extern)
292
293 if(symbol_ptr->location.is_built_in())
294 return true; // body from a built-in library source
295
296 return false;
297}
298
303static bool all_symbols_in_scope(const exprt &expr, const irep_idt &function_id)
304{
305 find_symbols_sett symbols;
306 find_symbols(expr, symbols);
307
308 for(const auto &symbol_id : symbols)
309 {
310 if(id2string(symbol_id).find(CPROVER_PREFIX) != std::string::npos)
311 continue;
312
313 std::string symbol_str = id2string(symbol_id);
314 auto scope_sep = symbol_str.find("::");
315
316 if(scope_sep != std::string::npos)
317 {
318 if(symbol_str.substr(0, scope_sep) != id2string(function_id))
319 return false;
320 }
321 }
322
323 return true;
324}
325
327void graphml_witnesst::operator()(const goto_tracet &goto_trace)
328{
329 unsigned int max_thread_idx = 0;
330 bool trace_has_violation = false;
331 for(goto_tracet::stepst::const_iterator it = goto_trace.steps.begin();
332 it != goto_trace.steps.end();
333 ++it)
334 {
335 if(it->thread_nr > max_thread_idx)
336 max_thread_idx = it->thread_nr;
337 if(it->is_assert() && !it->cond_value)
338 trace_has_violation = true;
339 }
340
341 graphml.key_values["sourcecodelang"]="C";
342
343 const graphmlt::node_indext sink=graphml.add_node();
344 graphml[sink].node_name="sink";
345 graphml[sink].is_violation=false;
346 graphml[sink].has_invariant=false;
347
348 if(max_thread_idx > 0 && trace_has_violation)
349 {
350 std::vector<graphmlt::node_indext> nodes;
351
352 for(unsigned int i = 0; i <= max_thread_idx + 1; ++i)
353 {
354 nodes.push_back(graphml.add_node());
355 graphml[nodes.back()].node_name = "N" + std::to_string(i);
356 graphml[nodes.back()].is_violation = i == max_thread_idx + 1;
357 graphml[nodes.back()].has_invariant = false;
358 }
359
360 for(auto it = nodes.cbegin(); std::next(it) != nodes.cend(); ++it)
361 {
362 xmlt edge("edge");
363 edge.set_attribute("source", graphml[*it].node_name);
364 edge.set_attribute("target", graphml[*std::next(it)].node_name);
365 const auto thread_id = std::distance(nodes.cbegin(), it);
366 xmlt &data = edge.new_element("data");
367 data.set_attribute("key", "createThread");
368 data.data = std::to_string(thread_id);
369 if(thread_id == 0)
370 {
371 xmlt &data = edge.new_element("data");
372 data.set_attribute("key", "enterFunction");
373 data.data = "main";
374 }
375 graphml[*std::next(it)].in[*it].xml_node = edge;
376 graphml[*it].out[*std::next(it)].xml_node = edge;
377 }
378
379 // we do not provide any further details as CPAchecker does not seem to
380 // handle more detailed concurrency witnesses
381 return;
382 }
383
384 // step numbers start at 1
385 std::vector<std::size_t> step_to_node(goto_trace.steps.size()+1, 0);
386
387 goto_tracet::stepst::const_iterator prev_it=goto_trace.steps.end();
388 for(goto_tracet::stepst::const_iterator
389 it=goto_trace.steps.begin();
390 it!=goto_trace.steps.end();
391 it++) // we cannot replace this by a ranged for
392 {
393 if(filter_out(goto_trace, prev_it, it))
394 {
395 step_to_node[it->step_nr]=sink;
396
397 continue;
398 }
399
400 // skip declarations followed by an immediate assignment
401 goto_tracet::stepst::const_iterator next=it;
402 ++next;
403 if(
404 next != goto_trace.steps.end() &&
405 next->type == goto_trace_stept::typet::ASSIGNMENT &&
406 it->full_lhs == next->full_lhs &&
407 it->pc->source_location() == next->pc->source_location())
408 {
409 step_to_node[it->step_nr]=sink;
410
411 continue;
412 }
413
414 prev_it=it;
415
416 const source_locationt &source_location = it->pc->source_location();
417
418 const graphmlt::node_indext node=graphml.add_node();
419 graphml[node].node_name=
420 std::to_string(it->pc->location_number)+"."+std::to_string(it->step_nr);
421 graphml[node].file=source_location.get_file();
422 graphml[node].line=source_location.get_line();
423 graphml[node].is_violation=
424 it->type==goto_trace_stept::typet::ASSERT && !it->cond_value;
425 graphml[node].has_invariant=false;
426
427 step_to_node[it->step_nr]=node;
428 }
429
430 unsigned thread_id = 0;
431
432 // build edges
433 for(goto_tracet::stepst::const_iterator
434 it=goto_trace.steps.begin();
435 it!=goto_trace.steps.end();
436 ) // no ++it
437 {
438 const std::size_t from=step_to_node[it->step_nr];
439
440 // no outgoing edges from sinks or violation nodes
441 if(from == sink || graphml[from].is_violation)
442 {
443 ++it;
444 continue;
445 }
446
447 auto next = std::next(it);
448 for(; next != goto_trace.steps.end() &&
449 (step_to_node[next->step_nr] == sink ||
450 pointee_address_equalt{}(it->pc, next->pc)); // NOLINT
451 ++next)
452 {
453 // advance
454 }
455 const std::size_t to=
456 next==goto_trace.steps.end()?
457 sink:step_to_node[next->step_nr];
458
459 switch(it->type)
460 {
461 case goto_trace_stept::typet::ASSIGNMENT:
462 case goto_trace_stept::typet::ASSERT:
463 case goto_trace_stept::typet::GOTO:
464 case goto_trace_stept::typet::SPAWN:
465 {
466 xmlt edge(
467 "edge",
468 {{"source", graphml[from].node_name},
469 {"target", graphml[to].node_name}},
470 {});
471
472 {
473 xmlt &data_f = edge.new_element("data");
474 data_f.set_attribute("key", "originfile");
475 data_f.data = id2string(graphml[from].file);
476
477 xmlt &data_l = edge.new_element("data");
478 data_l.set_attribute("key", "startline");
479 data_l.data = id2string(graphml[from].line);
480
481 xmlt &data_t = edge.new_element("data");
482 data_t.set_attribute("key", "threadId");
483 data_t.data = std::to_string(it->thread_nr);
484 }
485
486 const auto lhs_object = it->get_lhs_object();
487 if(
488 it->type == goto_trace_stept::typet::ASSIGNMENT &&
489 lhs_object.has_value())
490 {
491 const std::string &lhs_id = id2string(lhs_object->identifier());
492 if(lhs_id.find("pthread_create::thread") != std::string::npos)
493 {
494 xmlt &data_t = edge.new_element("data");
495 data_t.set_attribute("key", "createThread");
496 data_t.data = std::to_string(++thread_id);
497 }
498 else if(
499 !contains_symbol_prefix(
500 it->full_lhs_value, SYMEX_DYNAMIC_PREFIX "::dynamic_object") &&
501 !contains_symbol_prefix(
502 it->full_lhs, SYMEX_DYNAMIC_PREFIX "::dynamic_object") &&
503 lhs_id.find("thread") == std::string::npos &&
504 lhs_id.find("mutex") == std::string::npos &&
505 (!it->full_lhs_value.is_constant() ||
506 !it->full_lhs_value.has_operands() ||
507 !has_prefix(
508 id2string(
509 to_multi_ary_expr(it->full_lhs_value).op0().get(ID_value)),
510 "INVALID-")))
511 {
512 // Determine effective scope from lhs_id: the prefix before the
513 // first "::" matches function_id in CBMC's C naming convention
514 // (e.g., "main::1::x" -> "main").
515 irep_idt scope_function = it->function_id;
516 auto sep = lhs_id.find("::");
517 if(sep != std::string::npos)
518 scope_function = lhs_id.substr(0, sep);
519
520 // Skip assumptions from __CPROVER_initialize,
521 // built-in/extern functions, or with out-of-scope
522 // symbols in the RHS
523 code_assignt assign{it->full_lhs, it->full_lhs_value};
524 if(
525 scope_function != CPROVER_PREFIX "initialize" &&
526 !is_function_built_in_or_extern(ns, scope_function) &&
527 all_symbols_in_scope(assign.rhs(), scope_function))
528 {
529 xmlt &val = edge.new_element("data");
530 val.set_attribute("key", "assumption");
531
532 val.data = convert_assign_rec(lhs_id, assign);
533
534 if(!scope_function.empty())
535 {
536 xmlt &val_s = edge.new_element("data");
537 val_s.set_attribute("key", "assumption.scope");
538 val_s.data = id2string(scope_function);
539 }
540
541 if(has_prefix(val.data, "\\result ="))
542 {
543 xmlt &val_f = edge.new_element("data");
544 val_f.set_attribute("key", "assumption.resultfunction");
545 val_f.data = id2string(it->function_id);
546 }
547 }
548 }
549 }
550 else if(it->type == goto_trace_stept::typet::GOTO && it->pc->is_goto())
551 {
552 }
553
554 graphml[to].in[from].xml_node = edge;
555 graphml[from].out[to].xml_node = edge;
556
557 break;
558 }
559
560 case goto_trace_stept::typet::DECL:
561 case goto_trace_stept::typet::FUNCTION_CALL:
562 case goto_trace_stept::typet::FUNCTION_RETURN:
563 case goto_trace_stept::typet::LOCATION:
564 case goto_trace_stept::typet::ASSUME:
565 case goto_trace_stept::typet::INPUT:
566 case goto_trace_stept::typet::OUTPUT:
567 case goto_trace_stept::typet::SHARED_READ:
568 case goto_trace_stept::typet::SHARED_WRITE:
569 case goto_trace_stept::typet::MEMORY_BARRIER:
570 case goto_trace_stept::typet::ATOMIC_BEGIN:
571 case goto_trace_stept::typet::ATOMIC_END:
572 case goto_trace_stept::typet::DEAD:
573 case goto_trace_stept::typet::CONSTRAINT:
574 case goto_trace_stept::typet::NONE:
575 // ignore
576 break;
577 }
578
579 it=next;
580 }
581}
582
584void graphml_witnesst::operator()(const symex_target_equationt &equation)
585{
586 graphml.key_values["sourcecodelang"]="C";
587
588 const graphmlt::node_indext sink=graphml.add_node();
589 graphml[sink].node_name="sink";
590 graphml[sink].is_violation=false;
591 graphml[sink].has_invariant=false;
592
593 // step numbers start at 1
594 std::vector<std::size_t> step_to_node(equation.SSA_steps.size()+1, 0);
595
596 std::size_t step_nr=1;
597 for(symex_target_equationt::SSA_stepst::const_iterator
598 it=equation.SSA_steps.begin();
599 it!=equation.SSA_steps.end();
600 it++, step_nr++) // we cannot replace this by a ranged for
601 {
602 const source_locationt &source_location = it->source.pc->source_location();
603
604 if(
605 it->hidden ||
606 (!it->is_assignment() && !it->is_goto() && !it->is_assert()) ||
607 (it->is_goto() && it->source.pc->condition() == true) ||
608 source_location.is_nil() || source_location.is_built_in() ||
609 source_location.get_line().empty())
610 {
611 step_to_node[step_nr]=sink;
612
613 continue;
614 }
615
616 // skip declarations followed by an immediate assignment
617 symex_target_equationt::SSA_stepst::const_iterator next=it;
618 ++next;
619 if(
620 next != equation.SSA_steps.end() && next->is_assignment() &&
621 it->ssa_full_lhs == next->ssa_full_lhs &&
622 it->source.pc->source_location() == next->source.pc->source_location())
623 {
624 step_to_node[step_nr]=sink;
625
626 continue;
627 }
628
629 const graphmlt::node_indext node=graphml.add_node();
630 graphml[node].node_name=
631 std::to_string(it->source.pc->location_number)+"."+
632 std::to_string(step_nr);
633 graphml[node].file=source_location.get_file();
634 graphml[node].line=source_location.get_line();
635 graphml[node].is_violation=false;
636 graphml[node].has_invariant=false;
637
638 step_to_node[step_nr]=node;
639 }
640
641 // build edges
642 step_nr=1;
643 for(symex_target_equationt::SSA_stepst::const_iterator
644 it=equation.SSA_steps.begin();
645 it!=equation.SSA_steps.end();
646 ) // no ++it
647 {
648 const std::size_t from=step_to_node[step_nr];
649
650 if(from==sink)
651 {
652 ++it;
653 ++step_nr;
654 continue;
655 }
656
657 symex_target_equationt::SSA_stepst::const_iterator next=it;
658 std::size_t next_step_nr=step_nr;
659 for(++next, ++next_step_nr;
660 next!=equation.SSA_steps.end() &&
661 (step_to_node[next_step_nr]==sink || it->source.pc==next->source.pc);
662 ++next, ++next_step_nr)
663 {
664 // advance
665 }
666 const std::size_t to=
667 next==equation.SSA_steps.end()?
668 sink:step_to_node[next_step_nr];
669
670 switch(it->type)
671 {
672 case goto_trace_stept::typet::ASSIGNMENT:
673 case goto_trace_stept::typet::ASSERT:
674 case goto_trace_stept::typet::GOTO:
675 case goto_trace_stept::typet::SPAWN:
676 {
677 xmlt edge(
678 "edge",
679 {{"source", graphml[from].node_name},
680 {"target", graphml[to].node_name}},
681 {});
682
683 {
684 xmlt &data_f = edge.new_element("data");
685 data_f.set_attribute("key", "originfile");
686 data_f.data = id2string(graphml[from].file);
687
688 xmlt &data_l = edge.new_element("data");
689 data_l.set_attribute("key", "startline");
690 data_l.data = id2string(graphml[from].line);
691 }
692
693 if(
694 (it->is_assignment() || it->is_decl()) && it->ssa_rhs.is_not_nil() &&
695 it->ssa_full_lhs.is_not_nil())
696 {
697 irep_idt identifier = it->ssa_lhs.get_object_name();
698
699 // Determine effective scope from identifier: the prefix before the
700 // first "::" matches function_id in CBMC's C naming convention
701 // (e.g., "main::1::x" -> "main").
702 irep_idt scope_function = it->source.function_id;
703 std::string id_str = id2string(identifier);
704 auto sep = id_str.find("::");
705 if(sep != std::string::npos)
706 scope_function = id_str.substr(0, sep);
707
708 code_assignt assign(it->ssa_lhs, it->ssa_rhs);
709
710 if(
711 scope_function != CPROVER_PREFIX "initialize" &&
712 !is_function_built_in_or_extern(ns, scope_function) &&
713 all_symbols_in_scope(assign.rhs(), scope_function))
714 {
715 graphml[to].has_invariant = true;
716 graphml[to].invariant = convert_assign_rec(identifier, assign);
717
718 if(!scope_function.empty())
719 {
720 graphml[to].invariant_scope = id2string(scope_function);
721 }
722 }
723 }
724
725 graphml[to].in[from].xml_node = edge;
726 graphml[from].out[to].xml_node = edge;
727
728 break;
729 }
730
731 case goto_trace_stept::typet::DECL:
732 case goto_trace_stept::typet::FUNCTION_CALL:
733 case goto_trace_stept::typet::FUNCTION_RETURN:
734 case goto_trace_stept::typet::LOCATION:
735 case goto_trace_stept::typet::ASSUME:
736 case goto_trace_stept::typet::INPUT:
737 case goto_trace_stept::typet::OUTPUT:
738 case goto_trace_stept::typet::SHARED_READ:
739 case goto_trace_stept::typet::SHARED_WRITE:
740 case goto_trace_stept::typet::MEMORY_BARRIER:
741 case goto_trace_stept::typet::ATOMIC_BEGIN:
742 case goto_trace_stept::typet::ATOMIC_END:
743 case goto_trace_stept::typet::DEAD:
744 case goto_trace_stept::typet::CONSTRAINT:
745 case goto_trace_stept::typet::NONE:
746 // ignore
747 break;
748 }
749
750 it=next;
751 step_nr=next_step_nr;
752 }
753}
from_integer
constant_exprt from_integer(const mp_integer &int_value, const typet &type)
Definition arith_tools.cpp:99
arith_tools.h
byte_operators.h
Expression classes for byte-level operators.
to_byte_extract_expr
const byte_extract_exprt & to_byte_extract_expr(const exprt &expr)
Definition byte_operators.h:70
c_index_type
bitvector_typet c_index_type()
Definition c_types.cpp:16
c_types.h
ait
ait supplies three of the four components needed: an abstract interpreter (in this case handling func...
Definition ai.h:566
array_list_exprt
Array constructor from a list of index-element pairs Operands are index/value pairs,...
Definition std_expr.h:1632
array_typet
Arrays with given size.
Definition std_types.h:807
array_typet::element_type
const typet & element_type() const
The type of the elements of the array.
Definition std_types.h:827
code_assignt
A goto_instruction_codet representing an assignment in the program.
Definition goto_instruction_code.h:22
code_assignt::rhs
exprt & rhs()
Definition goto_instruction_code.h:47
code_assignt::lhs
exprt & lhs()
Definition goto_instruction_code.h:42
dstringt
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Definition dstring.h:38
dstringt::get_no
unsigned get_no() const
Definition dstring.h:182
exprt
Base class for all expressions.
Definition expr.h:57
exprt::type
typet & type()
Return the type of the expression.
Definition expr.h:85
exprt::operands
operandst & operands()
Definition expr.h:95
goto_trace_stept::typet::SPAWN
@ SPAWN
goto_trace_stept::typet::ASSERT
@ ASSERT
goto_trace_stept::typet::ATOMIC_END
@ ATOMIC_END
goto_trace_stept::typet::GOTO
@ GOTO
goto_trace_stept::typet::OUTPUT
@ OUTPUT
goto_trace_stept::typet::MEMORY_BARRIER
@ MEMORY_BARRIER
goto_trace_stept::typet::SHARED_WRITE
@ SHARED_WRITE
goto_trace_stept::typet::SHARED_READ
@ SHARED_READ
goto_trace_stept::typet::LOCATION
@ LOCATION
goto_trace_stept::typet::DECL
@ DECL
goto_trace_stept::typet::ASSIGNMENT
@ ASSIGNMENT
goto_trace_stept::typet::INPUT
@ INPUT
goto_trace_stept::typet::NONE
@ NONE
goto_trace_stept::typet::DEAD
@ DEAD
goto_trace_stept::typet::FUNCTION_RETURN
@ FUNCTION_RETURN
goto_trace_stept::typet::ASSUME
@ ASSUME
goto_trace_stept::typet::CONSTRAINT
@ CONSTRAINT
goto_trace_stept::typet::ATOMIC_BEGIN
@ ATOMIC_BEGIN
goto_trace_stept::typet::FUNCTION_CALL
@ FUNCTION_CALL
goto_tracet
Trace of a GOTO program.
Definition goto_trace.h:177
graphml_witnesst::ns
const namespacet & ns
Definition graphml_witness.h:40
graphml_witnesst::operator()
void operator()(const goto_tracet &goto_trace)
counterexample witness
Definition graphml_witness.cpp:327
graphml_witnesst::cache
std::unordered_map< std::pair< unsigned int, const irept::dt * >, std::string, pair_hash< unsigned int, const irept::dt * > > cache
Definition graphml_witness.h:70
graphml_witnesst::remove_l0_l1
void remove_l0_l1(exprt &expr)
Definition graphml_witness.cpp:43
graphml_witnesst::convert_assign_rec
std::string convert_assign_rec(const irep_idt &identifier, const code_assignt &assign)
Definition graphml_witness.cpp:74
graphml_witnesst::graphml
graphmlt graphml
Definition graphml_witness.h:41
graphmlt::key_values
key_valuest key_values
Definition graphml.h:67
grapht< xml_graph_nodet >::node_indext
nodet::node_indext node_indext
Definition graph.h:173
grapht::out
const edgest & out(node_indext n) const
Definition graph.h:227
grapht::add_node
node_indext add_node(arguments &&... values)
Definition graph.h:180
grapht::in
const edgest & in(node_indext n) const
Definition graph.h:222
index_exprt
Array index operator.
Definition std_expr.h:1431
irept::id
const irep_idt & id() const
Definition irep.h:388
irept::is_nil
bool is_nil() const
Definition irep.h:368
member_exprt
Extract member of struct or union.
Definition std_expr.h:2866
namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition namespace.h:91
namespacet::lookup
bool lookup(const irep_idt &name, const symbolt *&symbol) const override
See documentation for namespace_baset::lookup().
Definition namespace.cpp:134
sharing_treet::read
const dt & read() const
Definition irep.h:240
source_locationt
Definition source_location.h:20
source_locationt::get_function
const irep_idt & get_function() const
Definition source_location.h:64
source_locationt::get_file
const irep_idt & get_file() const
Definition source_location.h:36
source_locationt::get_line
const irep_idt & get_line() const
Definition source_location.h:46
source_locationt::is_built_in
static bool is_built_in(const std::string &s)
Definition source_location.cpp:16
struct_union_typet::componentst
std::vector< componentt > componentst
Definition std_types.h:140
symbolt
Symbol table entry.
Definition symbol.h:28
symex_target_equationt
Inheriting the interface of symex_targett this class represents the SSA form of the input program as ...
Definition symex_target_equation.h:34
symex_target_equationt::SSA_steps
SSA_stepst SSA_steps
Definition symex_target_equation.h:251
typet
The type of an expression, extends irept.
Definition type.h:29
with_exprt
Operator to update elements in structs and arrays.
Definition std_expr.h:2520
xmlt
Definition xml.h:21
xmlt::new_element
xmlt & new_element(const std::string &key)
Definition xml.h:95
xmlt::set_attribute
void set_attribute(const std::string &attribute, unsigned value)
Definition xml.cpp:198
xmlt::data
std::string data
Definition xml.h:39
xmlt::is_printable_xml
static bool is_printable_xml(const std::string &s)
Determine whether s does not contain any characters that cannot be escaped in XML 1....
Definition xml.cpp:160
has_prefix
bool has_prefix(const std::string &s, const std::string &prefix)
Definition converter.cpp:13
cprover_prefix.h
CPROVER_PREFIX
#define CPROVER_PREFIX
Definition cprover_prefix.h:14
expr2c
std::string expr2c(const exprt &expr, const namespacet &ns, const expr2c_configurationt &configuration)
Definition expr2c.cpp:4198
Forall_operands
#define Forall_operands(it, expr)
Definition expr.h:28
find_symbols
static bool find_symbols(symbol_kindt, const typet &, std::function< bool(const symbol_exprt &)>, std::unordered_set< irep_idt > &bindings, const std::vector< irep_idt > &subs_to_find)
Find identifiers with id ID_symbol of the sub expressions and the subs with ID in subs_to_find consid...
Definition find_symbols.cpp:152
find_symbols.h
find_symbols_sett
std::unordered_set< irep_idt > find_symbols_sett
Definition find_symbols.h:22
goto_program.h
Concrete Goto Program.
goto_trace.h
Traces of GOTO Programs.
all_symbols_in_scope
static bool all_symbols_in_scope(const exprt &expr, const irep_idt &function_id)
Check if all symbols in an expression are in scope.
Definition graphml_witness.cpp:303
expr_to_string
static std::string expr_to_string(const namespacet &ns, const irep_idt &id, const exprt &expr)
Definition graphml_witness.cpp:35
is_function_built_in_or_extern
static bool is_function_built_in_or_extern(const namespacet &ns, const irep_idt &function_id)
Check if a function is built-in (CPROVER library), has no body, or does not exist in the symbol table...
Definition graphml_witness.cpp:279
contains_symbol_prefix
static bool contains_symbol_prefix(const exprt &expr, const std::string &prefix)
Definition graphml_witness.cpp:260
filter_out
static bool filter_out(const goto_tracet &goto_trace, const goto_tracet::stepst::const_iterator &prev_it, goto_tracet::stepst::const_iterator &it)
Definition graphml_witness.cpp:217
graphml_witness.h
Witnesses for Traces and Proofs.
id2string
const std::string & id2string(const irep_idt &d)
Definition irep.h:44
thread_id
const std::string thread_id
Definition java_bytecode_concurrency_instrumentation.cpp:25
from_expr
std::string from_expr(const namespacet &ns, const irep_idt &identifier, const exprt &expr)
Definition language_util.cpp:39
language_util.h
get_mode_from_identifier
const irep_idt & get_mode_from_identifier(const namespacet &ns, const irep_idt &identifier)
Get the mode of the given identifier's symbol.
Definition mode.cpp:66
pointer_predicates.h
Various predicates over pointers in programs.
SYMEX_DYNAMIC_PREFIX
#define SYMEX_DYNAMIC_PREFIX
Definition pointer_predicates.h:17
DATA_INVARIANT
#define DATA_INVARIANT(CONDITION, REASON)
This condition should be used to document that assumptions that are made on goto_functions,...
Definition invariant.h:534
INVARIANT
#define INVARIANT(CONDITION, REASON)
This macro uses the wrapper function 'invariant_violated_string'.
Definition invariant.h:423
ssa_expr.h
is_ssa_expr
bool is_ssa_expr(const exprt &expr)
Definition ssa_expr.h:125
to_ssa_expr
const ssa_exprt & to_ssa_expr(const exprt &expr)
Cast a generic exprt to an ssa_exprt.
Definition ssa_expr.h:145
to_array_list_expr
const array_list_exprt & to_array_list_expr(const exprt &expr)
Definition std_expr.h:1670
to_multi_ary_expr
const multi_ary_exprt & to_multi_ary_expr(const exprt &expr)
Cast an exprt to a multi_ary_exprt.
Definition std_expr.h:991
to_member_expr
const member_exprt & to_member_expr(const exprt &expr)
Cast an exprt to a member_exprt.
Definition std_expr.h:2953
to_symbol_expr
const symbol_exprt & to_symbol_expr(const exprt &expr)
Cast an exprt to a symbol_exprt.
Definition std_expr.h:221
to_with_expr
const with_exprt & to_with_expr(const exprt &expr)
Cast an exprt to a with_exprt.
Definition std_expr.h:2573
to_struct_or_union_tag_type
const struct_or_union_tag_typet & to_struct_or_union_tag_type(const typet &type)
Cast a typet to a struct_or_union_tag_typet.
Definition std_types.h:478
to_array_type
const array_typet & to_array_type(const typet &type)
Cast a typet to an array_typet.
Definition std_types.h:888
to_struct_union_type
const struct_union_typet & to_struct_union_type(const typet &type)
Cast a typet to a struct_union_typet.
Definition std_types.h:214
string_constant.h
to_string_constant
const string_constantt & to_string_constant(const exprt &expr)
Definition string_constant.h:48
expr2c_configurationt::clean_configuration
static expr2c_configurationt clean_configuration
This prints compilable C that loses some of the internal details of the GOTO program.
Definition expr2c.h:52
pointee_address_equalt
Functor to check whether iterators from different collections point at the same object.
Definition goto_program.h:1196
symbol.h
Symbol table entry.
symex_target_equation.h
Generate Equation using Symbolic Execution.