80 const std::string &extra_options)
96 options.
set_option(
"built-in-assertions",
true);
101 options.
set_option(
"show-goto-symex-steps",
false);
127 "max-field-sensitivity-array-size",
136 <<
"--no-array-field-sensitivity and --max-field-sensitivity-array-size"
140 options.
set_option(
"no-array-field-sensitivity",
true);
190 log.
warning() <<
"**** WARNING: Complexity-limited analysis may yield "
191 "unsound verification results"
195 if(
cmdline.
isset(
"symex-complexity-failed-child-loops-limit"))
198 "symex-complexity-failed-child-loops-limit",
202 log.
warning() <<
"**** WARNING: Complexity-limited analysis may yield "
203 "unsound verification results"
210 "unwinding-assertions",
219 log.
warning() <<
"**** WARNING: Use --unwinding-assertions to obtain "
220 "sound verification results"
229 <<
"**** WARNING: Depth-bounded analysis may yield unsound verification "
240 log.
warning() <<
"**** WARNING: Use --unwinding-assertions to obtain "
241 "sound verification results"
252 "self-loops-to-assumptions",
257 options.
set_option(
"java-unwind-enum-static",
true);
272 <<
"**** WARNING: --partial-loops may yield unsound verification results"
292 "cannot use --string-printable with --no-refine-strings",
293 "--string-printable");
299 "cannot use --string-input-value with --no-refine-strings",
300 "--string-input-value");
308 "cannot use --max-nondet-string-length with --no-refine-strings",
309 "--max-nondet-string-length");
321 "symex-coverage-report",
326 options.
set_option(
"validate-ssa-equation",
true);
331 options.
set_option(
"validate-goto-model",
true);
335 "symex-cache-dereferences",
cmdline.
isset(
"symex-cache-dereferences"));
341 options.
set_option(
"symex-driven-lazy-loading",
true);
342 for(
const char *
opt :
345 "reachability-slice",
346 "reachability-slice-fb" })
350 throw std::string(
"Option ") +
opt +
351 " can't be used with --symex-driven-lazy-loading";
362 options.
set_option(
"allow-pointer-unsoundness",
true);
365 options.
set_option(
"show-goto-symex-steps",
true);
403 debug_stream <<
"\nOptions: \n";
404 options.output(debug_stream);
405 debug_stream << messaget::eom;
427 log.
error() <<
"Please give exactly one class name, "
428 <<
"and/or use -jar jarfile or --gb goto-binary"
437 std::replace(main_class.begin(), main_class.end(),
'/',
'.');
461 std::istringstream unused;
477 std::unique_ptr<abstract_goto_modelt> goto_model_ptr;
479 if(get_goto_program_ret != -1)
480 return get_goto_program_ret;
533 std::unique_ptr<goto_verifiert> verifier =
nullptr;
539 std::make_unique<stop_on_fail_verifiert<java_single_path_symex_checkert>>(
555 verifier = std::make_unique<
591 const resultt result = (*verifier)();
597 std::unique_ptr<abstract_goto_modelt> &goto_model_ptr,
600 if(options.
is_set(
"context-include") || options.
is_set(
"context-exclude"))
607 std::make_unique<class_hierarchyt>(lazy_goto_model.
symbol_table);
631 auto final_goto_model_ptr =
633 std::move(lazy_goto_model));
634 if(final_goto_model_ptr ==
nullptr)
639 std::unique_ptr<abstract_goto_modelt>(final_goto_model_ptr.get());
640 final_goto_model_ptr.release();
670 std::make_unique<lazy_goto_modelt>(std::move(lazy_goto_model));
687 bool using_symex_driven_loading =
692 function.get_function_id(),
700 auto function_is_stub = [&symbol_table, &model](
const irep_idt &id) {
712 if(using_symex_driven_loading)
720 function.get_function_id(),
731 function.get_function_id(),
743 for(
const irep_idt &new_symbol_name : new_symbols)
746 symbol_table.
lookup_ref(new_symbol_name), symbol_table);
753 if(using_symex_driven_loading)
758 goto_function.body.update();
759 function.compute_location_numbers();
760 goto_function.body.compute_loop_numbers();
817 log.
status() <<
"Running GOTO functions transformation passes"
820 bool using_symex_driven_loading =
825 if(using_symex_driven_loading)
838 log.
status() <<
"Adding nondeterministic initialization "
839 "of static/global variables"
869 log.
error() <<
"--reachability-slice and --reachability-slice-fb "
874 log.
status() <<
"Performing a forwards-backwards reachability slice"
900 log.
warning() <<
"**** WARNING: Experimental option --full-slice, "
901 <<
"analysis results may be unsound. See "
902 <<
"https://github.com/diffblue/cbmc/issues/260"
974 "Usage: \tPurpose:\n"
976 " {bjbmc} [{y-?}] [{y-h}] [{y--help}] \t show this help\n"
989 "Analysis options:\n"
991 " {y--symex-coverage-report} {uf} \t generate a Cobertura XML coverage"
993 " {y--property} {uid} \t only check one specific property\n"
994 " {y--trace} \t give a counterexample trace for failed properties\n"
995 " {y--stop-on-fail} \t stop analysis once a failed property is detected"
996 " (implies {y--trace})\n"
997 " {y--localize-faults} \t localize faults (experimental)\n"
1000 "Platform options:\n"
1003 "Program representations:\n"
1004 " {y--show-parse-tree} \t show parse tree\n"
1005 " {y--show-symbol-table} \t show loaded symbol table\n"
1006 " {y--list-symbols} \t list symbols with type information\n"
1008 " {y--drop-unused-functions} \t drop functions trivially unreachable"
1009 " from main function\n"
1012 "Program instrumentation options:\n"
1013 " {y--no-assertions} \t ignore user assertions\n"
1014 " {y--no-assumptions} \t ignore user assumptions\n"
1015 " {y--mm} {uMM} \t memory consistency model for concurrent programs\n"
1017 " {y--full-slice} \t run full slicer (experimental)\n"
1019 "Java Bytecode frontend options:\n"
1023 " {y--java-threading} \t enable java multi-threading support"
1025 " {y--java-unwind-enum-static} \t unwind loops in static initialization of"
1027 " {y--symex-driven-lazy-loading} \t only load functions when first entered"
1028 " by symbolic execution. Note that {y--show-symbol-table},"
1029 " {y--show-goto-functions}, {y--show-properties} output will be restricted"
1030 " to loaded methods in this case, and only output after the symex phase.\n"
1032 "Semantic transformations:\n"
1033 " {y--nondet-static} \t add nondeterministic initialization of variables"
1034 " with static lifetime\n"
1039 "Backend options:\n"
1043 " {y--arrays-uf-never} \t never turn arrays into uninterpreted functions\n"
1044 " {y--arrays-uf-always} \t always turn arrays into uninterpreted"
1048 " {y--version} \t show version and exit\n"
1054 " {y--verbosity} {u#} \t verbosity level\n"
void add_failed_symbol_if_needed(const symbolt &symbol, symbol_table_baset &symbol_table)
Create a failed-dereference symbol for the given base symbol if it is pointer-typed,...
void add_failed_symbols(symbol_table_baset &symbol_table)
Create a failed-dereference symbol for all symbols in the given table that need one (i....
void adjust_float_expressions(exprt &expr, const exprt &rounding_mode)
Replaces arithmetic operations and typecasts involving floating point numbers with their equivalent f...
Goto Verifier for Verifying all Properties.
Goto verifier for verifying all properties that stores traces and localizes faults.
Goto verifier for verifying all properties that stores traces.
std::unique_ptr< languaget > new_ansi_c_language()
void show_class_hierarchy(const class_hierarchyt &hierarchy, ui_message_handlert &message_handler, bool children_only)
Output the class hierarchy.
#define HELP_SHOW_CLASS_HIERARCHY
Abstract interface to eager or lazy GOTO models.
virtual bool can_produce_function(const irep_idt &id) const =0
Determines if this model can produce a body for the given function.
virtual const symbol_tablet & get_symbol_table() const =0
Accessor to get the symbol table.
virtual const goto_functionst & get_goto_functions() const =0
Accessor to get a raw goto_functionst.
Requires an incremental goto checker that is a goto_trace_providert and fault_localization_providert.
std::string get_value(char option) const
virtual bool isset(char option) const
std::list< std::string > get_comma_separated_values(const char *option) const
Collect all occurrences of option option and split their values on each comma, merging them into a si...
const std::list< std::string > & get_values(const std::string &option) const
bool set(const cmdlinet &cmdline)
std::string object_bits_info()
struct configt::javat java
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
void convert_function(const irep_idt &identifier, goto_functionst::goto_functiont &result)
::goto_functiont goto_functiont
static irep_idt entry_point()
Get the identifier of the entry point to a goto model.
A goto function, consisting of function body (see body) and parameter identifiers (see parameter_iden...
Interface providing access to a single function in a GOTO model, plus its associated symbol table.
void validate(const validation_modet vm=validation_modet::INVARIANT, const goto_model_validation_optionst &goto_model_validation_options=goto_model_validation_optionst{}) const override
Check that the goto model is well-formed.
goto_functionst goto_functions
GOTO functions.
Thrown when users pass incorrect command line arguments, for example passing no files to analysis or ...
bool show_loaded_functions(const abstract_goto_modelt &goto_model)
void get_command_line_options(optionst &)
bool can_generate_function_body(const irep_idt &name)
std::unique_ptr< class_hierarchyt > class_hierarchy
bool show_loaded_symbols(const abstract_goto_modelt &goto_model)
virtual int doit() override
invoke main modules
std::optional< prefix_filtert > method_context
See java_bytecode_languaget::method_context.
virtual void help() override
display command line help
bool stub_objects_are_not_null
void process_goto_function(goto_model_functiont &function, const abstract_goto_modelt &, const optionst &)
java_object_factory_parameterst object_factory_params
bool process_goto_functions(goto_modelt &goto_model, const optionst &options)
int get_goto_program(std::unique_ptr< abstract_goto_modelt > &goto_model, const optionst &)
jbmc_parse_optionst(int argc, const char **argv)
bool generate_function_body(const irep_idt &function_name, symbol_table_baset &symbol_table, goto_functiont &function, bool body_available)
static void set_default_options(optionst &)
Set the options that have default values.
A symbol table wrapper that records which entries have been updated/removedA caller can pass a journa...
virtual const symbol_tablet & get_symbol_table() const override
std::unordered_set< irep_idt > changesett
const changesett & get_inserted() const
A GOTO model that produces function bodies on demand.
void load_all_functions() const
Eagerly loads all functions from the symbol table.
void validate(const validation_modet vm=validation_modet::INVARIANT, const goto_model_validation_optionst &goto_model_validation_options=goto_model_validation_optionst{}) const override
Check that the goto model is well-formed.
static lazy_goto_modelt from_handler_object(THandler &handler, const optionst &options, message_handlert &message_handler)
Create a lazy_goto_modelt from a object that defines function/module pass handlers.
void initialize(const std::vector< std::string > &files, const optionst &options)
Performs initial symbol table and language_filest initialization from a given commandline and parsed ...
symbol_tablet & symbol_table
Reference to symbol_table in the internal goto_model.
static std::unique_ptr< goto_modelt > process_whole_model_and_freeze(lazy_goto_modelt &&model)
The model returned here has access to the functions we've already loaded but is frozen in the sense t...
static unsigned eval_verbosity(const std::string &user_input, const message_levelt default_verbosity, message_handlert &dest)
Parse a (user-)provided string as a verbosity level and set it as the verbosity of dest.
mstreamt & warning() const
mstreamt & status() const
void conditional_output(mstreamt &mstream, const std::function< void(mstreamt &)> &output_generator) const
Generate output to message_stream using output_generator if the configured verbosity is at least as h...
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
bool is_set(const std::string &option) const
N.B. opts.is_set("foo") does not imply opts.get_bool_option("foo")
json_objectt to_json() const
Returns the options as JSON key value pairs.
bool get_bool_option(const std::string &option) const
void set_option(const std::string &option, const bool value)
const std::string get_option(const std::string &option) const
xmlt to_xml() const
Returns the options in XML format.
virtual void usage_error()
void log_version_and_architecture(const std::string &front_end)
Write version and system architecture to log.status().
ui_message_handlert ui_message_handler
Stops when the first failing property is found and localizes the fault Requires an incremental goto c...
Stops when the first failing property is found.
The symbol table base class interface.
const symbolt & lookup_ref(const irep_idt &name) const
Find a symbol in the symbol table for read-only access.
bool has_symbol(const irep_idt &name) const
Check whether a symbol exists in the symbol table.
exprt value
Initial value of symbol.
irep_idt mode
Language mode.
virtual uit get_ui() const
#define HELP_CONFIG_PLATFORM
#define HELP_CONFIG_BACKEND
void convert_nondet(const irep_idt &function_identifier, goto_programt &goto_program, symbol_table_baset &symbol_table, message_handlert &message_handler, const java_object_factory_parameterst &user_object_factory_parameters, const irep_idt &mode)
For each instruction in the goto program, checks if it is an assignment from nondet and replaces it w...
Convert side_effect_expr_nondett expressions using java_object_factory.
static void show_goto_functions(const goto_modelt &goto_model)
Document and give macros for the exit codes of CPROVER binaries.
#define CPROVER_EXIT_INTERNAL_ERROR
An error has been encountered during processing the requested analysis.
#define CPROVER_EXIT_INCORRECT_TASK
The command line is correctly structured but cannot be carried out due to missing files,...
#define CPROVER_EXIT_PARSE_ERROR
An error during parsing of the input program.
#define CPROVER_EXIT_USAGE_ERROR
A usage error is returned when the command line is invalid or conflicting.
#define CPROVER_EXIT_SUCCESS
Success indicates the required analysis has been performed without error.
void property_slicer(goto_functionst &goto_functions, const namespacet &ns, const std::list< std::string > &properties, message_handlert &message_handler)
void full_slicer(goto_functionst &goto_functions, const namespacet &ns, const slicing_criteriont &criterion, message_handlert &message_handler)
static void transform_assertions_assumptions(goto_programt &goto_program, bool enable_assertions, bool enable_built_in_assertions, bool enable_assumptions)
Checks for Errors in C and Java Programs.
Goto Programs with Functions.
#define PARSE_OPTIONS_GOTO_TRACE(cmdline, options)
void instrument_preconditions(const goto_modelt &goto_model, goto_programt &goto_program)
const std::string & id2string(const irep_idt &d)
void parse_java_language_options(const cmdlinet &cmd, optionst &options)
Parse options that are java bytecode specific.
prefix_filtert get_context(const optionst &options)
std::unique_ptr< languaget > new_java_bytecode_language()
#define HELP_JAVA_METHOD_NAME
#define JAVA_BYTECODE_LANGUAGE_OPTIONS_HELP
#define HELP_JAVA_GOTO_BINARY
#define HELP_JAVA_CLASSPATH
#define HELP_JAVA_CLASS_NAME
Goto Checker using Bounded Model Checking for Java.
Goto Checker using Bounded Model Checking for Java.
void parse_java_object_factory_options(const cmdlinet &cmdline, optionst &options)
Parse the java object factory parameters from a given command line.
Goto Checker using Single Path Symbolic Execution for Java.
Goto Checker using Single Path Symbolic Execution for Java.
#define HELP_JAVA_TRACE_VALIDATION
JBMC Command Line Option Processing.
void json_interface(cmdlinet &cmdline, message_handlert &message_handler)
Parses the JSON-formatted command line from stdin.
#define HELP_JSON_INTERFACE
Abstract interface to support a programming language.
void show_loop_ids(ui_message_handlert::uit ui, const goto_modelt &goto_model)
void register_language(language_factoryt factory)
Register a language Note: registering a language is required for using the functions in language_util...
std::unique_ptr< languaget > get_language_from_mode(const irep_idt &mode)
Get the language corresponding to the given mode.
static void nondet_static(const namespacet &ns, goto_modelt &goto_model, const irep_idt &fct_name)
Nondeterministically initializes global scope variables in a goto-function.
Nondeterministically initializes global scope variables, except for constants (such as string literal...
std::string align_center_with_border(const std::string &text)
Utility for displaying help centered messages borderered by "* *".
std::string banner_string(const std::string &front_end, const std::string &version)
void parse_path_strategy_options(const cmdlinet &cmdline, optionst &options, message_handlert &message_handler)
add paths and exploration-strategy option, suitable to be invoked from front-ends.
std::string show_path_strategies()
suitable for displaying as a front-end help message
Storage of symbolic execution paths to resume.
int result_to_exit_code(resultt result)
resultt
The result of goto verifying.
void reachability_slicer(goto_modelt &goto_model, const bool include_forward_reachability, message_handlert &message_handler)
Perform reachability slicing on goto_model, with respect to the criterion given by all properties.
#define HELP_REACHABILITY_SLICER
void remove_exceptions(symbol_table_baset &symbol_table, goto_functionst &goto_functions, const class_hierarchyt &class_hierarchy, message_handlert &message_handler)
removes throws/CATCH-POP/CATCH-PUSH
Remove function exceptional returns.
void remove_instanceof(const irep_idt &function_identifier, goto_programt::targett target, goto_programt &goto_program, symbol_table_baset &symbol_table, const class_hierarchyt &class_hierarchy, message_handlert &message_handler)
Replace an instanceof in the expression or guard of the passed instruction of the given function body...
Remove Instance-of Operators.
void remove_java_new(const irep_idt &function_identifier, goto_programt::targett target, goto_programt &goto_program, symbol_table_baset &symbol_table, message_handlert &message_handler)
Replace every java_new or java_new_array by a malloc side-effect and zero initialization.
Remove Java New Operators.
void remove_returns(symbol_table_baset &symbol_table, goto_functionst &goto_functions)
removes returns
Replace function returns by assignments to global variables.
void remove_skip(goto_programt &goto_program, goto_programt::targett begin, goto_programt::targett end)
remove unnecessary skip statements
void remove_unused_functions(goto_modelt &goto_model, message_handlert &message_handler)
void remove_virtual_functions(symbol_table_baset &symbol_table, goto_functionst &goto_functions)
Remove virtual function calls from all functions in the specified list and replace them with their mo...
Functions for replacing virtual function call with a static function calls in functions,...
static void replace_java_nondet(goto_programt &goto_program)
Checks each instruction in the goto program to see whether it is a method returning nondet.
Replace Java Nondet expressions.
void set_properties(goto_programt &goto_program, std::unordered_set< irep_idt > &property_set)
void label_properties(goto_modelt &goto_model)
Set the properties to check.
#define HELP_SHOW_GOTO_FUNCTIONS
void show_properties(const namespacet &ns, const irep_idt &identifier, message_handlert &message_handler, ui_message_handlert::uit ui, const goto_programt &goto_program)
#define HELP_SHOW_PROPERTIES
void show_symbol_table(const symbol_table_baset &symbol_table, ui_message_handlert &ui)
void show_symbol_table_brief(const symbol_table_baset &symbol_table, ui_message_handlert &ui)
void java_generate_simple_method_stub(const irep_idt &function_name, symbol_table_baset &symbol_table, bool assume_non_null, const java_object_factory_parameterst &object_factory_parameters, message_handlert &message_handler)
Java simple opaque stub generation.
void parse_solver_options(const cmdlinet &cmdline, optionst &options)
Parse solver-related command-line parameters in cmdline and set corresponding values in options.
#define CHECK_RETURN(CONDITION)
#define UNREACHABLE
This should be used to mark dead code.
#define INITIALIZE_FUNCTION
Goto Verifier for stopping at the first failing property.
Goto Verifier for stopping at the first failing property and localizing the fault.
void replace(const union_find_replacet &replace_map, string_not_contains_constraintt &constraint)
#define HELP_STRING_REFINEMENT
void set(const optionst &)
Assigns the parameters from given options.
const char * CBMC_VERSION
void xml_interface(cmdlinet &cmdline, message_handlert &message_handler)
Parse XML-formatted commandline options from stdin.
#define HELP_XML_INTERFACE
1.9.1