cbmc/interval__analysis_8cpp_source.html

/*******************************************************************\


Module: Interval Analysis


Author: Daniel Kroening, kroening@kroening.com


\*******************************************************************/


#include "interval_analysis.h"


#include <util/find_symbols.h>


#include "ai.h"

#include "interval_domain.h"


void instrument_intervals(

  const ait<interval_domaint> &interval_analysis,

  goto_functionst::goto_functiont &goto_function)

{

  std::set<symbol_exprt> symbols;


  for(const auto &i : goto_function.body.instructions)

    i.apply([&symbols](const exprt &e) { find_symbols(e, symbols); });


  Forall_goto_program_instructions(i_it, goto_function.body)

  {

    if(i_it==goto_function.body.instructions.begin())

    {

      // first instruction, we instrument

    }

    else

    {

      goto_programt::const_targett previous = std::prev(i_it);


      if(previous->is_goto() && !previous->condition().is_true())

      {

        // we follow a branch, instrument

      }

      else if(previous->is_function_call())

      {

        // we follow a function call, instrument

      }

      else if(i_it->is_target() || i_it->is_function_call())

      {

        // we are a target or a function call, instrument

      }

      else

        continue; // don't instrument

    }


    const interval_domaint &d=interval_analysis[i_it];


    exprt::operandst assertion;


    for(const auto &symbol_expr : symbols)

    {

      exprt tmp=d.make_expression(symbol_expr);

      if(!tmp.is_true())

        assertion.push_back(tmp);

    }


    if(!assertion.empty())

    {

      goto_programt::targett t=i_it;

      goto_function.body.insert_before_swap(i_it);

      i_it++; // goes to original instruction

      *t = goto_programt::make_assumption(

        conjunction(assertion), i_it->source_location());

    }

  }

}


void interval_analysis(goto_modelt &goto_model)

{

  ait<interval_domaint> interval_analysis;


  const namespacet ns(goto_model.symbol_table);

  interval_analysis(goto_model.goto_functions, ns);


  for(auto &gf_entry : goto_model.goto_functions.function_map)

    instrument_intervals(interval_analysis, gf_entry.second);

}


ai.h
Abstract Interpretation.

ait
ait supplies three of the four components needed: an abstract interpreter (in this case handling func...
Definition ai.h:562

exprt
Base class for all expressions.
Definition expr.h:56

exprt::operandst
std::vector< exprt > operandst
Definition expr.h:58

goto_functionst::function_map
function_mapt function_map
Definition goto_functions.h:29

goto_functionst::goto_functiont
::goto_functiont goto_functiont
Definition goto_functions.h:27

goto_modelt
Definition goto_model.h:27

goto_modelt::symbol_table
symbol_tablet symbol_table
Symbol table.
Definition goto_model.h:31

goto_modelt::goto_functions
goto_functionst goto_functions
GOTO functions.
Definition goto_model.h:34

goto_programt::make_assumption
static instructiont make_assumption(const exprt &g, const source_locationt &l=source_locationt::nil())
Definition goto_program.h:945

goto_programt::targett
instructionst::iterator targett
Definition goto_program.h:614

goto_programt::const_targett
instructionst::const_iterator const_targett
Definition goto_program.h:615

interval_domaint
Definition interval_domain.h:24

interval_domaint::make_expression
exprt make_expression(const symbol_exprt &) const
Definition interval_domain.cpp:408

namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition namespace.h:91

find_symbols
static bool find_symbols(symbol_kindt, const typet &, std::function< bool(const symbol_exprt &)>, std::unordered_set< irep_idt > &bindings, const std::vector< irep_idt > &subs_to_find)
Find identifiers with id ID_symbol of the sub expressions and the subs with ID in subs_to_find consid...
Definition find_symbols.cpp:152

find_symbols.h

Forall_goto_program_instructions
#define Forall_goto_program_instructions(it, program)
Definition goto_program.h:1234

interval_analysis
void interval_analysis(goto_modelt &goto_model)
Initialises the abstract interpretation over interval domain and instruments instructions using inter...
Definition interval_analysis.cpp:90

instrument_intervals
void instrument_intervals(const ait< interval_domaint > &interval_analysis, goto_functionst::goto_functiont &goto_function)
Instruments all "post-branch" instructions with assumptions about variable intervals.
Definition interval_analysis.cpp:30

interval_analysis.h
Interval Analysis.

interval_domain.h
Interval Domain.

conjunction
exprt conjunction(const exprt::operandst &op)
1) generates a conjunction for two or more operands 2) for one operand, returns the operand 3) return...
Definition std_expr.cpp:83