cbmc/object__tracking_8cpp_source.html

// Author: Diffblue Ltd.


#include "object_tracking.h"


#include <util/arith_tools.h>

#include <util/c_types.h>

#include <util/pointer_offset_size.h>

#include <util/pointer_predicates.h>

#include <util/std_code.h>

#include <util/std_expr.h>

#include <util/string_constant.h>


exprt make_invalid_pointer_expr()

{

  return constant_exprt(ID_invalid, pointer_type(void_type()));

}

exprt make_invalid_pointer_expr() {…}


exprt find_object_base_expression(const address_of_exprt &address_of)

{

  auto current = std::ref(address_of.object());

  while(

    !(can_cast_expr<symbol_exprt>(current) ||

      can_cast_expr<constant_exprt>(current) ||

      can_cast_expr<string_constantt>(current) ||

      can_cast_expr<code_labelt>(current)))

  {

    if(const auto index = expr_try_dynamic_cast<index_exprt>(current.get()))

    {

      // For the case `my_array[bar]` the base expression is `my_array`.

      current = index->array();

      continue;

    }

    if(const auto member = expr_try_dynamic_cast<member_exprt>(current.get()))

    {

      // For the case `my_struct.field_name` the base expression is `my_struct`.

      current = member->compound();

      continue;

    }

    INVARIANT(

      false,

      "Unable to find base object of expression: " +

        current.get().pretty(1, 0));

  }

  return current.get();

}

exprt find_object_base_expression(const address_of_exprt &address_of) {…}


static decision_procedure_objectt make_null_object()

{

  decision_procedure_objectt null_object;

  null_object.unique_id = 0;

  null_object.base_expression = null_pointer_exprt{pointer_type(void_type())};

  null_object.size = from_integer(0, size_type());

  null_object.is_dynamic = false;

  return null_object;

}

static decision_procedure_objectt make_null_object() {…}


static decision_procedure_objectt make_invalid_pointer_object()

{

  decision_procedure_objectt invalid_pointer_object;

  // Using unique_id = 1, so 0 is the NULL object, 1 is the invalid object and

  // other valid objects have unique_id > 1.

  invalid_pointer_object.unique_id = 1;

  invalid_pointer_object.base_expression = make_invalid_pointer_expr();

  invalid_pointer_object.size = from_integer(0, size_type());

  invalid_pointer_object.is_dynamic = false;

  return invalid_pointer_object;

}

static decision_procedure_objectt make_invalid_pointer_object() {…}


smt_object_mapt initial_smt_object_map()

{

  smt_object_mapt object_map;

  decision_procedure_objectt null_object = make_null_object();

  exprt null_object_base = null_object.base_expression;

  object_map.emplace(std::move(null_object_base), std::move(null_object));

  decision_procedure_objectt invalid_pointer_object =

    make_invalid_pointer_object();

  exprt invalid_pointer_object_base = invalid_pointer_object.base_expression;

  object_map.emplace(

    std::move(invalid_pointer_object_base), std::move(invalid_pointer_object));

  return object_map;

}

smt_object_mapt initial_smt_object_map() {…}


static bool is_dynamic(const exprt &object)

{

  // This check corresponds to the symbols created in

  // `goto_symext::symex_allocate`, which implements the `__CPROVER_allocate`

  // intrinsic function used by the standard library models.

  const bool dynamic_type = object.type().get_bool(ID_C_dynamic);

  if(dynamic_type)

    return true;

  const auto symbol = expr_try_dynamic_cast<symbol_exprt>(object);

  bool symbol_is_dynamic =

    symbol && symbol->get_identifier().starts_with(SYMEX_DYNAMIC_PREFIX);

  return symbol_is_dynamic;

}

static bool is_dynamic(const exprt &object) {…}


void track_expression_objects(

  const exprt &expression,

  const namespacet &ns,

  smt_object_mapt &object_map)

{

  find_object_base_expressions(

    expression, [&](const exprt &object_base) -> void {

      const auto find_result = object_map.find(object_base);

      if(find_result != object_map.cend())

        return;

      const auto size = size_of_expr(object_base.type(), ns);

      INVARIANT(size, "Objects are expected to have well defined size");

      decision_procedure_objectt object;

      object.base_expression = object_base;

      object.unique_id = object_map.size();

      object.size = *size;

      object.is_dynamic = is_dynamic(object_base);

      object_map.emplace_hint(find_result, object_base, std::move(object));

    });

}

void track_expression_objects( {…}


bool objects_are_already_tracked(

  const exprt &expression,

  const smt_object_mapt &object_map)

{

  bool all_objects_tracked = true;

  find_object_base_expressions(

    expression, [&](const exprt &object_base) -> void {

      const auto find_result = object_map.find(object_base);

      if(find_result != object_map.cend())

        return;

      all_objects_tracked = false;

    });

  return all_objects_tracked;

}

bool objects_are_already_tracked( {…}

from_integer
constant_exprt from_integer(const mp_integer &int_value, const typet &type)
Definition arith_tools.cpp:99

arith_tools.h

void_type
empty_typet void_type()
Definition c_types.cpp:245

pointer_type
pointer_typet pointer_type(const typet &subtype)
Definition c_types.cpp:235

c_types.h

address_of_exprt
Operator to return the address of an object.
Definition pointer_expr.h:540

ait
ait supplies three of the four components needed: an abstract interpreter (in this case handling func...
Definition ai.h:562

constant_exprt
A constant literal expression.
Definition std_expr.h:3117

exprt
Base class for all expressions.
Definition expr.h:56

namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition namespace.h:91

null_pointer_exprt
The null pointer constant.
Definition pointer_expr.h:909

make_invalid_pointer_expr
exprt make_invalid_pointer_expr()
Create the invalid pointer constant.
Definition object_tracking.cpp:13

find_object_base_expression
exprt find_object_base_expression(const address_of_exprt &address_of)
The model of addresses we use consists of a unique object identifier and an offset.
Definition object_tracking.cpp:18

track_expression_objects
void track_expression_objects(const exprt &expression, const namespacet &ns, smt_object_mapt &object_map)
Finds all the object expressions in the given expression and adds them to the object map for cases wh...
Definition object_tracking.cpp:99

objects_are_already_tracked
bool objects_are_already_tracked(const exprt &expression, const smt_object_mapt &object_map)
Finds whether all base object expressions in the given expression are already tracked in the given ob...
Definition object_tracking.cpp:120

make_invalid_pointer_object
static decision_procedure_objectt make_invalid_pointer_object()
Definition object_tracking.cpp:57

initial_smt_object_map
smt_object_mapt initial_smt_object_map()
Constructs an initial object map containing the null object.
Definition object_tracking.cpp:69

make_null_object
static decision_procedure_objectt make_null_object()
Definition object_tracking.cpp:47

is_dynamic
static bool is_dynamic(const exprt &object)
This function returns true for heap allocated objects or false for stack allocated objects.
Definition object_tracking.cpp:85

object_tracking.h
Data structures and algorithms used by smt2_incremental_decision_proceduret to track data about the o...

find_object_base_expressions
void find_object_base_expressions(const exprt &expression, const output_object_functiont &output_object)
Arbitrary expressions passed to the decision procedure may have multiple address of operations as its...
Definition object_tracking.h:76

smt_object_mapt
std::unordered_map< exprt, decision_procedure_objectt, irep_hash > smt_object_mapt
Mapping from an object's base expression to the set of information about it which we track.
Definition object_tracking.h:91

size_of_expr
std::optional< exprt > size_of_expr(const typet &type, const namespacet &ns)
Definition pointer_offset_size.cpp:287

pointer_offset_size.h
Pointer Logic.

null_object
exprt null_object(const exprt &pointer)
Definition pointer_predicates.cpp:59

pointer_predicates.h
Various predicates over pointers in programs.

SYMEX_DYNAMIC_PREFIX
#define SYMEX_DYNAMIC_PREFIX
Definition pointer_predicates.h:17

INVARIANT
#define INVARIANT(CONDITION, REASON)
This macro uses the wrapper function 'invariant_violated_string'.
Definition invariant.h:423

std_code.h

std_expr.h
API to expression classes.

string_constant.h

decision_procedure_objectt
Information the decision procedure holds about each object.
Definition object_tracking.h:41

decision_procedure_objectt::base_expression
exprt base_expression
The expression for the root of the object.
Definition object_tracking.h:44

size_type
#define size_type
Definition unistd.c:186