cbmc/overflow__instrumenter_8cpp_source.html

/*******************************************************************\


Module: Loop Acceleration


Author: Matt Lewis


\*******************************************************************/


#include "overflow_instrumenter.h"


#include <util/arith_tools.h>

#include <util/bitvector_expr.h>


#include <goto-programs/goto_program.h>


#include "util.h"


/*

 * This code is copied wholesale from analyses/goto_check.cpp.

 */


void overflow_instrumentert::add_overflow_checks()

{

  program.insert_before(

    program.instructions.begin(),

    goto_programt::make_assignment(code_assignt(overflow_var, false_exprt())));


  program.compute_location_numbers();

  checked.clear();


  Forall_goto_program_instructions(it, program)

  {

    add_overflow_checks(it);

  }

}


void overflow_instrumentert::add_overflow_checks(

  goto_programt::targett t,

  goto_programt::targetst &added)

{

  if(checked.find(t->location_number)!=checked.end())

  {

    return;

  }


  if(t->is_assign())

  {

    if(t->assign_lhs() == overflow_var)

    {

      return;

    }


    add_overflow_checks(t, t->assign_lhs_nonconst(), added);

    add_overflow_checks(t, t->assign_rhs_nonconst(), added);

  }


  if(t->has_condition())

    add_overflow_checks(t, t->condition(), added);


  checked.insert(t->location_number);

}


void overflow_instrumentert::add_overflow_checks(

  goto_programt::targett t)

{

  goto_programt::targetst ignore;

  add_overflow_checks(t, ignore);

}


void overflow_instrumentert::add_overflow_checks(

  goto_programt::targett t,

  const exprt &expr,

  goto_programt::targetst &added)

{

  exprt overflow;

  overflow_expr(expr, overflow);


  if(overflow!=false_exprt())

  {

    accumulate_overflow(t, overflow, added);

  }

}


void overflow_instrumentert::overflow_expr(

  const exprt &expr,

  expr_sett &cases)

{

  for(const auto &op : expr.operands())

  {

    overflow_expr(op, cases);

  }


  const typet &type = expr.type();


  if(expr.id()==ID_typecast)

  {

    const auto &typecast_expr = to_typecast_expr(expr);


    if(typecast_expr.op().is_constant())

      return;


    const typet &old_type = typecast_expr.op().type();

    const std::size_t new_width = to_bitvector_type(expr.type()).get_width();

    const std::size_t old_width = to_bitvector_type(old_type).get_width();


    if(type.id()==ID_signedbv)

    {

      if(old_type.id()==ID_signedbv)

      {

        // signed -> signed

        if(new_width >= old_width)

        {

          // Always safe.

          return;

        }


        cases.insert(binary_relation_exprt(

          typecast_expr.op(),

          ID_gt,

          from_integer(power(2, new_width - 1) - 1, old_type)));


        cases.insert(binary_relation_exprt(

          typecast_expr.op(),

          ID_lt,

          from_integer(-power(2, new_width - 1), old_type)));

      }

      else if(old_type.id()==ID_unsignedbv)

      {

        // unsigned -> signed

        if(new_width >= old_width + 1)

        {

          // Always safe.

          return;

        }


        cases.insert(binary_relation_exprt(

          typecast_expr.op(),

          ID_gt,

          from_integer(power(2, new_width - 1) - 1, old_type)));

      }

    }

    else if(type.id()==ID_unsignedbv)

    {

      if(old_type.id()==ID_signedbv)

      {

        // signed -> unsigned

        cases.insert(binary_relation_exprt(

          typecast_expr.op(), ID_lt, from_integer(0, old_type)));

        if(new_width < old_width - 1)

        {

          // Need to check for overflow as well as signedness.

          cases.insert(binary_relation_exprt(

            typecast_expr.op(),

            ID_gt,

            from_integer(power(2, new_width - 1) - 1, old_type)));

        }

      }

      else if(old_type.id()==ID_unsignedbv)

      {

        // unsigned -> unsigned

        if(new_width>=old_width)

        {

          // Always safe.

          return;

        }


        cases.insert(binary_relation_exprt(

          typecast_expr.op(),

          ID_gt,

          from_integer(power(2, new_width - 1) - 1, old_type)));

      }

    }

  }

  else if(expr.id()==ID_div)

  {

    const auto &div_expr = to_div_expr(expr);


    // Undefined for signed INT_MIN / -1

    if(type.id()==ID_signedbv)

    {

      equal_exprt int_min_eq(

        div_expr.dividend(), to_signedbv_type(type).smallest_expr());

      equal_exprt minus_one_eq(div_expr.divisor(), from_integer(-1, type));


      cases.insert(and_exprt(int_min_eq, minus_one_eq));

    }

  }

  else if(expr.id()==ID_unary_minus)

  {

    if(type.id()==ID_signedbv)

    {

      // Overflow on unary- can only happen with the smallest

      // representable number.

      cases.insert(equal_exprt(

        to_unary_minus_expr(expr).op(),

        to_signedbv_type(type).smallest_expr()));

    }

  }

  else if(expr.id()==ID_plus ||

          expr.id()==ID_minus ||

          expr.id()==ID_mult)

  {

    // A generic arithmetic operation.

    // The overflow checks are binary.

    for(std::size_t i = 1; i < expr.operands().size(); i++)

    {

      exprt tmp;


      if(i == 1)

      {

        tmp = to_multi_ary_expr(expr).op0();

      }

      else

      {

        tmp = expr;

        tmp.operands().resize(i);

      }


      binary_overflow_exprt overflow{tmp, expr.id(), expr.operands()[i]};


      fix_types(overflow);


      cases.insert(overflow);

    }

  }

}


void overflow_instrumentert::overflow_expr(const exprt &expr, exprt &overflow)

{

  expr_sett cases;


  overflow_expr(expr, cases);


  overflow=false_exprt();


  for(expr_sett::iterator it=cases.begin();

      it!=cases.end();

      ++it)

  {

    if(overflow==false_exprt())

    {

      overflow=*it;

    }

    else

    {

      overflow=or_exprt(overflow, *it);

    }

  }

}


void overflow_instrumentert::fix_types(binary_exprt &overflow)

{

  typet &t1=overflow.op0().type();

  typet &t2=overflow.op1().type();

  const typet &t=join_types(t1, t2);


  if(t1!=t)

  {

    overflow.op0()=typecast_exprt(overflow.op0(), t);

  }


  if(t2!=t)

  {

    overflow.op1()=typecast_exprt(overflow.op1(), t);

  }

}


void overflow_instrumentert::accumulate_overflow(

  goto_programt::targett t,

  const exprt &expr,

  goto_programt::targetst &added)

{

  goto_programt::targett assignment = program.insert_after(

    t,

    goto_programt::make_assignment(overflow_var, or_exprt(overflow_var, expr)));

  assignment->swap(*t);


  added.push_back(assignment);

}


from_integer
constant_exprt from_integer(const mp_integer &int_value, const typet &type)
Definition arith_tools.cpp:99

power
mp_integer power(const mp_integer &base, const mp_integer &exponent)
A multi-precision implementation of the power operator.
Definition arith_tools.cpp:203

arith_tools.h

bitvector_expr.h
API to expression classes for bitvectors.

to_bitvector_type
const bitvector_typet & to_bitvector_type(const typet &type)
Cast a typet to a bitvector_typet.
Definition bitvector_types.h:32

to_signedbv_type
const signedbv_typet & to_signedbv_type(const typet &type)
Cast a typet to a signedbv_typet.
Definition bitvector_types.h:260

ai_baset::clear
virtual void clear()
Reset the abstract state.
Definition ai.h:265

ait
ait supplies three of the four components needed: an abstract interpreter (in this case handling func...
Definition ai.h:562

and_exprt
Boolean AND.
Definition std_expr.h:2125

binary_exprt
A base class for binary expressions.
Definition std_expr.h:638

binary_overflow_exprt
A Boolean expression returning true, iff operation kind would result in an overflow when applied to o...
Definition bitvector_expr.h:1013

binary_relation_exprt
A base class for relations, i.e., binary predicates whose two operands have the same type.
Definition std_expr.h:762

code_assignt
A goto_instruction_codet representing an assignment in the program.
Definition goto_instruction_code.h:22

equal_exprt
Equality.
Definition std_expr.h:1366

exprt
Base class for all expressions.
Definition expr.h:56

exprt::type
typet & type()
Return the type of the expression.
Definition expr.h:84

exprt::operands
operandst & operands()
Definition expr.h:94

false_exprt
The Boolean constant false.
Definition std_expr.h:3200

goto_programt::instructions
instructionst instructions
The list of instructions in the goto program.
Definition goto_program.h:621

goto_programt::targett
instructionst::iterator targett
Definition goto_program.h:613

goto_programt::make_assignment
static instructiont make_assignment(const code_assignt &_code, const source_locationt &l=source_locationt::nil())
Create an assignment instruction.
Definition goto_program.h:1064

goto_programt::insert_after
targett insert_after(const_targett target)
Insertion after the instruction pointed-to by the given instruction iterator target.
Definition goto_program.h:707

goto_programt::compute_location_numbers
void compute_location_numbers(unsigned &nr)
Compute location numbers.
Definition goto_program.h:765

goto_programt::insert_before
targett insert_before(const_targett target)
Insertion before the instruction pointed-to by the given instruction iterator target.
Definition goto_program.h:691

goto_programt::targetst
std::list< targett > targetst
Definition goto_program.h:615

irept::id
const irep_idt & id() const
Definition irep.h:388

or_exprt
Boolean OR.
Definition std_expr.h:2275

overflow_instrumentert::add_overflow_checks
void add_overflow_checks()
Definition overflow_instrumenter.cpp:26

overflow_instrumentert::checked
std::set< unsigned > checked
Definition overflow_instrumenter.h:63

overflow_instrumentert::fix_types
void fix_types(binary_exprt &overflow)
Definition overflow_instrumenter.cpp:255

overflow_instrumentert::accumulate_overflow
void accumulate_overflow(goto_programt::targett t, const exprt &expr, goto_programt::targetst &added)
Definition overflow_instrumenter.cpp:272

overflow_instrumentert::program
goto_programt & program
Definition overflow_instrumenter.h:58

overflow_instrumentert::overflow_var
const exprt & overflow_var
Definition overflow_instrumenter.h:60

overflow_instrumentert::overflow_expr
void overflow_expr(const exprt &expr, expr_sett &cases)
Definition overflow_instrumenter.cpp:88

typecast_exprt
Semantic type conversion.
Definition std_expr.h:2073

typet
The type of an expression, extends irept.
Definition type.h:29

expr_sett
std::unordered_set< exprt, irep_hash > expr_sett
Definition cone_of_influence.h:21

goto_program.h
Concrete Goto Program.

Forall_goto_program_instructions
#define Forall_goto_program_instructions(it, program)
Definition goto_program.h:1233

overflow_instrumenter.h
Loop Acceleration.

to_typecast_expr
const typecast_exprt & to_typecast_expr(const exprt &expr)
Cast an exprt to a typecast_exprt.
Definition std_expr.h:2107

to_div_expr
const div_exprt & to_div_expr(const exprt &expr)
Cast an exprt to a div_exprt.
Definition std_expr.h:1206

to_multi_ary_expr
const multi_ary_exprt & to_multi_ary_expr(const exprt &expr)
Cast an exprt to a multi_ary_exprt.
Definition std_expr.h:987

to_unary_minus_expr
const unary_minus_exprt & to_unary_minus_expr(const exprt &expr)
Cast an exprt to a unary_minus_exprt.
Definition std_expr.h:514

join_types
typet join_types(const typet &t1, const typet &t2)
Return the smallest type that both t1 and t2 can be cast to without losing information.
Definition util.cpp:70

util.h
Loop Acceleration.