CBMC
Loading...
Searching...
No Matches
memory_predicates.cpp
Go to the documentation of this file.
1/*******************************************************************\
2
3Module: Predicates to specify memory footprint in function contracts.
4
5Author: Felipe R. Monteiro
6
7Date: July 2021
8
9\*******************************************************************/
10
13
14#include "memory_predicates.h"
15
16#include <util/arith_tools.h>
17#include <util/c_types.h>
18#include <util/config.h>
19#include <util/fresh_symbol.h>
20#include <util/prefix.h>
21
22#include <ansi-c/ansi_c_language.h>
23#include <ansi-c/goto-conversion/goto_convert_functions.h>
24#include <linking/static_lifetime_init.h>
25
26#include "instrument_spec_assigns.h"
27#include "utils.h"
28
29std::set<irep_idt> &functions_in_scope_visitort::function_calls()
30{
31 return function_set;
32}
33
34void functions_in_scope_visitort::operator()(const goto_programt &prog)
35{
36 messaget log{message_handler};
37
38 forall_goto_program_instructions(ins, prog)
39 {
40 if(ins->is_function_call())
41 {
42 const auto &function = ins->call_function();
43
44 if(function.id() != ID_symbol)
45 {
46 log.error().source_location = ins->source_location();
47 log.error() << "Function pointer used in function invoked by "
48 "function contract: "
49 << messaget::eom;
50 throw 0;
51 }
52 else
53 {
54 const irep_idt &fun_name = to_symbol_expr(function).get_identifier();
55 if(function_set.find(fun_name) == function_set.end())
56 {
57 function_set.insert(fun_name);
58 auto called_fun = goto_functions.function_map.find(fun_name);
59 if(called_fun == goto_functions.function_map.end())
60 {
61 log.warning() << "Could not find function '" << fun_name
62 << "' in goto-program." << messaget::eom;
63 throw 0;
64 }
65 if(called_fun->second.body_available())
66 {
67 const goto_programt &program = called_fun->second.body;
68 (*this)(program);
69 }
70 else
71 {
72 log.warning() << "No body for function: " << fun_name
73 << "invoked from function contract." << messaget::eom;
74 }
75 }
76 }
77 }
78 }
79}
80
81std::set<goto_programt::targett, goto_programt::target_less_than> &
86
91
92void find_is_fresh_calls_visitort::operator()(goto_programt &prog)
93{
94 Forall_goto_program_instructions(ins, prog)
95 {
96 if(ins->is_function_call())
97 {
98 const auto &function = ins->call_function();
99
100 if(function.id() == ID_symbol)
101 {
102 const irep_idt &fun_name = to_symbol_expr(function).get_identifier();
103
104 if(fun_name == (CPROVER_PREFIX + std::string("is_fresh")))
105 {
106 function_set.insert(ins);
107 }
108 }
109 }
110 }
111}
112
122
132
133//
134//
135// Code largely copied from model_argc_argv.cpp
136//
137//
138
143
144void is_fresh_baset::add_memory_map_decl(goto_programt &program)
145{
146 source_locationt source_location;
147 add_pragma_disable_assigns_check(source_location);
148 auto memmap_type = get_memmap_type();
149 program.add(
150 goto_programt::make_decl(memmap_symbol.symbol_expr(), source_location));
151 program.add(goto_programt::make_assignment(
152 memmap_symbol.symbol_expr(),
153 array_of_exprt(
154 from_integer(0, get_memmap_type().element_type()), get_memmap_type()),
155 source_location));
156}
157
158void is_fresh_baset::add_memory_map_dead(goto_programt &program)
159{
160 source_locationt source_location;
161 add_pragma_disable_assigns_check(source_location);
162 program.add(
163 goto_programt::make_dead(memmap_symbol.symbol_expr(), source_location));
164}
165
166void is_fresh_baset::add_declarations(const std::string &decl_string)
167{
168 messaget log{message_handler};
169 log.debug() << "Creating declarations: \n" << decl_string << "\n";
170
171 std::istringstream iss(decl_string);
172
173 ansi_c_languaget ansi_c_language;
174 configt::ansi_ct::preprocessort pp = config.ansi_c.preprocessor;
175 config.ansi_c.preprocessor = configt::ansi_ct::preprocessort::NONE;
176 ansi_c_language.parse(iss, "", log.get_message_handler());
177 config.ansi_c.preprocessor = pp;
178
179 symbol_tablet tmp_symbol_table;
180 ansi_c_language.typecheck(
181 tmp_symbol_table, "<built-in-library>", log.get_message_handler());
182 exprt value = nil_exprt();
183
184 goto_functionst tmp_functions;
185
186 // Add the new functions into the goto functions table.
187 goto_model.goto_functions.function_map[ensures_fn_name].copy_from(
188 tmp_functions.function_map[ensures_fn_name]);
189
190 goto_model.goto_functions.function_map[requires_fn_name].copy_from(
191 tmp_functions.function_map[requires_fn_name]);
192
193 for(const auto &symbol_pair : tmp_symbol_table.symbols)
194 {
195 if(
196 symbol_pair.first == memmap_name ||
197 symbol_pair.first == ensures_fn_name ||
198 symbol_pair.first == requires_fn_name || symbol_pair.first == "malloc")
199 {
200 goto_model.symbol_table.insert(symbol_pair.second);
201 }
202 // Parameters are stored as scoped names in the symbol table.
203 else if(
204 (has_prefix(
205 id2string(symbol_pair.first), id2string(ensures_fn_name) + "::") ||
206 has_prefix(
207 id2string(symbol_pair.first), id2string(requires_fn_name) + "::")) &&
208 goto_model.symbol_table.add(symbol_pair.second))
209 {
210 UNREACHABLE;
211 }
212 }
213
214 if(goto_model.can_produce_function(INITIALIZE_FUNCTION))
215 recreate_initialize_function(goto_model, message_handler);
216}
217
218void is_fresh_baset::update_fn_call(
219 goto_programt::targett &ins,
220 const std::string &fn_name,
221 bool add_address_of)
222{
223 // adjusting the expression for the first argument, if required
224 if(add_address_of)
225 {
226 INVARIANT(
227 as_const(*ins).call_arguments().size() > 0,
228 "Function must have arguments");
229 ins->call_arguments()[0] = address_of_exprt(ins->call_arguments()[0]);
230 }
231
232 // fixing the function name.
233 to_symbol_expr(ins->call_function()).set_identifier(fn_name);
234
235 // pass the memory mmap
236 ins->call_arguments().push_back(address_of_exprt(
237 index_exprt(memmap_symbol.symbol_expr(), from_integer(0, c_index_type()))));
238}
239
240/* Declarations for contract enforcement */
241
242is_fresh_enforcet::is_fresh_enforcet(
243 goto_modelt &goto_model,
244 message_handlert &message_handler,
245 const irep_idt &_fun_id)
246 : is_fresh_baset(goto_model, message_handler, _fun_id)
247{
248 std::stringstream ssreq, ssensure, ssmemmap;
249 ssreq << CPROVER_PREFIX "enforce_requires_is_fresh";
250 this->requires_fn_name = ssreq.str();
251
252 ssensure << CPROVER_PREFIX "enforce_ensures_is_fresh";
253 this->ensures_fn_name = ssensure.str();
254
255 ssmemmap << CPROVER_PREFIX "is_fresh_memory_map_" << fun_id;
256 this->memmap_name = ssmemmap.str();
257
258 const auto &mode = goto_model.symbol_table.lookup_ref(_fun_id).mode;
259 this->memmap_symbol = get_fresh_aux_symbol(
260 get_memmap_type(),
261 "",
262 this->memmap_name,
263 source_locationt(),
264 mode,
265 goto_model.symbol_table);
266}
267
268void is_fresh_enforcet::create_declarations()
269{
270 // Check if symbols are already declared
271 if(goto_model.symbol_table.has_symbol(requires_fn_name))
272 return;
273
274 std::ostringstream oss;
275 std::string cprover_prefix(CPROVER_PREFIX);
276 oss << "_Bool " << requires_fn_name
277 << "(void **elem, " + cprover_prefix + "size_t size, _Bool *mmap) { \n"
278 << "#pragma CPROVER check push\n"
279 << "#pragma CPROVER check disable \"pointer\"\n"
280 << "#pragma CPROVER check disable \"pointer-primitive\"\n"
281 << "#pragma CPROVER check disable \"pointer-overflow\"\n"
282 << "#pragma CPROVER check disable \"signed-overflow\"\n"
283 << "#pragma CPROVER check disable \"unsigned-overflow\"\n"
284 << "#pragma CPROVER check disable \"conversion\"\n"
285 << " *elem = malloc(size); \n"
286 << " if (!*elem) return 0; \n"
287 << " mmap[" + cprover_prefix + "POINTER_OBJECT(*elem)] = 1; \n"
288 << " return 1; \n"
289 << "#pragma CPROVER check pop\n"
290 << "} \n"
291 << "\n"
292 << "_Bool " << ensures_fn_name
293 << "(void *elem, " + cprover_prefix + "size_t size, _Bool *mmap) { \n"
294 << "#pragma CPROVER check push\n"
295 << "#pragma CPROVER check disable \"pointer\"\n"
296 << "#pragma CPROVER check disable \"pointer-primitive\"\n"
297 << "#pragma CPROVER check disable \"pointer-overflow\"\n"
298 << "#pragma CPROVER check disable \"signed-overflow\"\n"
299 << "#pragma CPROVER check disable \"unsigned-overflow\"\n"
300 << "#pragma CPROVER check disable \"conversion\"\n"
301 << " _Bool ok = (!mmap[" + cprover_prefix + "POINTER_OBJECT(elem)] && "
302 << cprover_prefix + "r_ok(elem, size)); \n"
303 << " mmap[" + cprover_prefix << "POINTER_OBJECT(elem)] = 1; \n"
304 << " return ok; \n"
305 << "#pragma CPROVER check pop\n"
306 << "}";
307
308 add_declarations(oss.str());
309}
310
315
320
321is_fresh_replacet::is_fresh_replacet(
322 goto_modelt &goto_model,
323 message_handlert &message_handler,
324 const irep_idt &_fun_id)
325 : is_fresh_baset(goto_model, message_handler, _fun_id)
326{
327 std::stringstream ssreq, ssensure, ssmemmap;
328 ssreq << CPROVER_PREFIX "replace_requires_is_fresh";
329 this->requires_fn_name = ssreq.str();
330
331 ssensure << CPROVER_PREFIX "replace_ensures_is_fresh";
332 this->ensures_fn_name = ssensure.str();
333
334 ssmemmap << CPROVER_PREFIX "is_fresh_memory_map_" << fun_id;
335 this->memmap_name = ssmemmap.str();
336
337 const auto &mode = goto_model.symbol_table.lookup_ref(_fun_id).mode;
338 this->memmap_symbol = get_fresh_aux_symbol(
339 get_memmap_type(),
340 "",
341 this->memmap_name,
342 source_locationt(),
343 mode,
344 goto_model.symbol_table);
345}
346
347void is_fresh_replacet::create_declarations()
348{
349 // Check if symbols are already declared
350 if(goto_model.symbol_table.has_symbol(requires_fn_name))
351 return;
352
353 std::ostringstream oss;
354 std::string cprover_prefix(CPROVER_PREFIX);
355 oss << "static _Bool " << requires_fn_name
356 << "(void *elem, " + cprover_prefix + "size_t size, _Bool *mmap) { \n"
357 << "#pragma CPROVER check push\n"
358 << "#pragma CPROVER check disable \"pointer\"\n"
359 << "#pragma CPROVER check disable \"pointer-primitive\"\n"
360 << "#pragma CPROVER check disable \"pointer-overflow\"\n"
361 << "#pragma CPROVER check disable \"signed-overflow\"\n"
362 << "#pragma CPROVER check disable \"unsigned-overflow\"\n"
363 << "#pragma CPROVER check disable \"conversion\"\n"
364 << " _Bool r_ok = " + cprover_prefix + "r_ok(elem, size); \n"
365 << " if (mmap[" + cprover_prefix + "POINTER_OBJECT(elem)]"
366 << " != 0 || !r_ok) return 0; \n"
367 << " mmap[" << cprover_prefix + "POINTER_OBJECT(elem)] = 1; \n"
368 << " return 1; \n"
369 << "#pragma CPROVER check pop\n"
370 << "} \n"
371 << " \n"
372 << "_Bool " << ensures_fn_name
373 << "(void **elem, " + cprover_prefix + "size_t size, _Bool *mmap) { \n"
374 << "#pragma CPROVER check push\n"
375 << "#pragma CPROVER check disable \"pointer\"\n"
376 << "#pragma CPROVER check disable \"pointer-primitive\"\n"
377 << "#pragma CPROVER check disable \"pointer-overflow\"\n"
378 << "#pragma CPROVER check disable \"signed-overflow\"\n"
379 << "#pragma CPROVER check disable \"unsigned-overflow\"\n"
380 << "#pragma CPROVER check disable \"conversion\"\n"
381 << " *elem = malloc(size); \n"
382 << " return (*elem != 0); \n"
383 << "#pragma CPROVER check pop\n"
384 << "} \n";
385
386 add_declarations(oss.str());
387}
388
393
ansi_c_language.h
config
configt config
Definition config.cpp:25
from_integer
constant_exprt from_integer(const mp_integer &int_value, const typet &type)
Definition arith_tools.cpp:99
arith_tools.h
as_const
const T & as_const(T &value)
Return a reference to the same object but ensures the type is const.
Definition as_const.h:14
unsigned_char_type
unsignedbv_typet unsigned_char_type()
Definition c_types.cpp:127
c_index_type
bitvector_typet c_index_type()
Definition c_types.cpp:16
c_types.h
address_of_exprt
Operator to return the address of an object.
Definition pointer_expr.h:540
ai_baset::clear
virtual void clear()
Reset the abstract state.
Definition ai.h:265
ait
ait supplies three of the four components needed: an abstract interpreter (in this case handling func...
Definition ai.h:562
ansi_c_languaget
Definition ansi_c_language.h:35
array_of_exprt
Array constructor from single element.
Definition std_expr.h:1558
array_typet
Arrays with given size.
Definition std_types.h:807
configt::ansi_c
struct configt::ansi_ct ansi_c
dstringt
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Definition dstring.h:38
exprt
Base class for all expressions.
Definition expr.h:56
find_is_fresh_calls_visitort
Predicate to be used with the exprt::visit() function.
Definition memory_predicates.h:100
find_is_fresh_calls_visitort::clear_set
void clear_set()
Definition memory_predicates.cpp:87
find_is_fresh_calls_visitort::operator()
void operator()(goto_programt &prog)
Definition memory_predicates.cpp:92
find_is_fresh_calls_visitort::is_fresh_calls
std::set< goto_programt::targett, goto_programt::target_less_than > & is_fresh_calls()
Definition memory_predicates.cpp:82
find_is_fresh_calls_visitort::function_set
std::set< goto_programt::targett, goto_programt::target_less_than > function_set
Definition memory_predicates.h:115
functions_in_scope_visitort::operator()
void operator()(const goto_programt &prog)
Definition memory_predicates.cpp:34
functions_in_scope_visitort::goto_functions
const goto_functionst & goto_functions
Definition memory_predicates.h:137
functions_in_scope_visitort::function_calls
std::set< irep_idt > & function_calls()
Definition memory_predicates.cpp:29
functions_in_scope_visitort::function_set
std::set< irep_idt > function_set
Definition memory_predicates.h:139
functions_in_scope_visitort::message_handler
message_handlert & message_handler
Definition memory_predicates.h:138
goto_functionst
A collection of goto functions.
Definition goto_functions.h:25
goto_functionst::function_map
function_mapt function_map
Definition goto_functions.h:29
goto_modelt
Definition goto_model.h:27
goto_modelt::can_produce_function
bool can_produce_function(const irep_idt &id) const override
Determines if this model can produce a body for the given function.
Definition goto_model.h:95
goto_modelt::symbol_table
symbol_tablet symbol_table
Symbol table.
Definition goto_model.h:31
goto_modelt::goto_functions
goto_functionst goto_functions
GOTO functions.
Definition goto_model.h:34
goto_programt
A generic container class for the GOTO intermediate representation of one function.
Definition goto_program.h:72
goto_programt::make_dead
static instructiont make_dead(const symbol_exprt &symbol, const source_locationt &l=source_locationt::nil())
Definition goto_program.h:970
goto_programt::targett
instructionst::iterator targett
Definition goto_program.h:613
goto_programt::make_assignment
static instructiont make_assignment(const code_assignt &_code, const source_locationt &l=source_locationt::nil())
Create an assignment instruction.
Definition goto_program.h:1064
goto_programt::add
targett add(instructiont &&instruction)
Adds a given instruction at the end.
Definition goto_program.h:738
goto_programt::make_decl
static instructiont make_decl(const symbol_exprt &symbol, const source_locationt &l=source_locationt::nil())
Definition goto_program.h:963
index_exprt
Array index operator.
Definition std_expr.h:1470
infinity_exprt
An expression denoting infinity.
Definition std_expr.h:3224
is_fresh_baset
Definition memory_predicates.h:26
is_fresh_baset::create_ensures_fn_call
virtual void create_ensures_fn_call(goto_programt::targett &target)=0
is_fresh_baset::fun_id
const irep_idt & fun_id
Definition memory_predicates.h:56
is_fresh_baset::update_fn_call
void update_fn_call(goto_programt::targett &target, const std::string &name, bool add_address_of)
Definition memory_predicates.cpp:218
is_fresh_baset::ensures_fn_name
std::string ensures_fn_name
Definition memory_predicates.h:61
is_fresh_baset::message_handler
message_handlert & message_handler
Definition memory_predicates.h:55
is_fresh_baset::requires_fn_name
std::string requires_fn_name
Definition memory_predicates.h:60
is_fresh_baset::add_memory_map_decl
void add_memory_map_decl(goto_programt &program)
Definition memory_predicates.cpp:144
is_fresh_baset::update_requires
void update_requires(goto_programt &requires_)
Definition memory_predicates.cpp:113
is_fresh_baset::add_memory_map_dead
void add_memory_map_dead(goto_programt &program)
Definition memory_predicates.cpp:158
is_fresh_baset::get_memmap_type
array_typet get_memmap_type()
Definition memory_predicates.cpp:139
is_fresh_baset::goto_model
goto_modelt & goto_model
Definition memory_predicates.h:54
is_fresh_baset::add_declarations
void add_declarations(const std::string &decl_string)
Definition memory_predicates.cpp:166
is_fresh_baset::memmap_name
std::string memmap_name
Definition memory_predicates.h:59
is_fresh_baset::memmap_symbol
symbolt memmap_symbol
Definition memory_predicates.h:62
is_fresh_baset::update_ensures
void update_ensures(goto_programt &ensures)
Definition memory_predicates.cpp:123
is_fresh_baset::create_requires_fn_call
virtual void create_requires_fn_call(goto_programt::targett &target)=0
is_fresh_enforcet::is_fresh_enforcet
is_fresh_enforcet(goto_modelt &goto_model, message_handlert &message_handler, const irep_idt &_fun_id)
Definition memory_predicates.cpp:242
is_fresh_enforcet::create_ensures_fn_call
virtual void create_ensures_fn_call(goto_programt::targett &target)
Definition memory_predicates.cpp:316
is_fresh_enforcet::create_requires_fn_call
virtual void create_requires_fn_call(goto_programt::targett &target)
Definition memory_predicates.cpp:311
is_fresh_enforcet::create_declarations
virtual void create_declarations()
Definition memory_predicates.cpp:268
is_fresh_replacet::is_fresh_replacet
is_fresh_replacet(goto_modelt &goto_model, message_handlert &message_handler, const irep_idt &_fun_id)
Definition memory_predicates.cpp:321
is_fresh_replacet::create_ensures_fn_call
virtual void create_ensures_fn_call(goto_programt::targett &target)
Definition memory_predicates.cpp:394
is_fresh_replacet::create_declarations
virtual void create_declarations()
Definition memory_predicates.cpp:347
is_fresh_replacet::create_requires_fn_call
virtual void create_requires_fn_call(goto_programt::targett &target)
Definition memory_predicates.cpp:389
message_handlert
Definition message.h:27
messaget
Class that provides messages with a built-in verbosity 'level'.
Definition message.h:154
messaget::eom
static eomt eom
Definition message.h:289
nil_exprt
The NIL expression.
Definition std_expr.h:3208
source_locationt
Definition source_location.h:20
symbol_table_baset::has_symbol
bool has_symbol(const irep_idt &name) const
Check whether a symbol exists in the symbol table.
Definition symbol_table_base.h:88
symbol_table_baset::add
bool add(const symbolt &symbol)
Add a new symbol to the symbol table.
Definition symbol_table_base.cpp:18
symbol_table_baset::lookup_ref
const symbolt & lookup_ref(const irep_idt &name) const
Find a symbol in the symbol table for read-only access.
Definition symbol_table_base.h:105
symbol_tablet
The symbol table.
Definition symbol_table.h:14
symbol_tablet::insert
virtual std::pair< symbolt &, bool > insert(symbolt symbol) override
Author: Diffblue Ltd.
Definition symbol_table.cpp:17
symbolt::symbol_expr
class symbol_exprt symbol_expr() const
Produces a symbol_exprt for a symbol.
Definition symbol.cpp:121
has_prefix
bool has_prefix(const std::string &s, const std::string &prefix)
Definition converter.cpp:13
CPROVER_PREFIX
#define CPROVER_PREFIX
Definition cprover_prefix.h:14
get_fresh_aux_symbol
symbolt & get_fresh_aux_symbol(const typet &type, const std::string &name_prefix, const std::string &basename_prefix, const source_locationt &source_location, const irep_idt &symbol_mode, const namespacet &ns, symbol_table_baset &symbol_table)
Installs a fresh-named symbol with respect to the given namespace ns with the requested name pattern ...
Definition fresh_symbol.cpp:32
fresh_symbol.h
Fresh auxiliary symbol creation.
goto_convert_functions.h
Goto Programs with Functions.
forall_goto_program_instructions
#define forall_goto_program_instructions(it, program)
Definition goto_program.h:1228
Forall_goto_program_instructions
#define Forall_goto_program_instructions(it, program)
Definition goto_program.h:1233
add_pragma_disable_assigns_check
void add_pragma_disable_assigns_check(source_locationt &location)
Adds a pragma on a source_locationt to disable inclusion checking.
Definition instrument_spec_assigns.cpp:73
instrument_spec_assigns.h
Specify write set in function contracts.
id2string
const std::string & id2string(const irep_idt &d)
Definition irep.h:44
log
double log(double x)
Definition math.c:2449
memory_predicates.h
Predicates to specify memory footprint in function contracts.
UNREACHABLE
#define UNREACHABLE
This should be used to mark dead code.
Definition invariant.h:525
INVARIANT
#define INVARIANT(CONDITION, REASON)
This macro uses the wrapper function 'invariant_violated_string'.
Definition invariant.h:423
recreate_initialize_function
void recreate_initialize_function(goto_modelt &goto_model, message_handlert &message_handler)
Regenerates the CPROVER_INITIALIZE function, which initializes all non-function symbols of the goto m...
Definition static_lifetime_init.cpp:165
static_lifetime_init.h
INITIALIZE_FUNCTION
#define INITIALIZE_FUNCTION
Definition static_lifetime_init.h:24
to_symbol_expr
const symbol_exprt & to_symbol_expr(const exprt &expr)
Cast an exprt to a symbol_exprt.
Definition std_expr.h:272
configt::ansi_ct::preprocessort
preprocessort
Definition config.h:283
configt::ansi_ct::preprocessort::NONE
@ NONE
size_type
#define size_type
Definition unistd.c:186