cbmc/pointer__expr_8cpp_source.html

/*******************************************************************\


Module: API to expression classes for Pointers


Author: Daniel Kroening, kroening@kroening.com


\*******************************************************************/


#include "pointer_expr.h"


#include "arith_tools.h"

#include "byte_operators.h"

#include "c_types.h"

#include "expr_util.h"

#include "pointer_offset_size.h"

#include "pointer_predicates.h"

#include "simplify_expr.h"


void dynamic_object_exprt::set_instance(unsigned int instance)

{

  op0() = from_integer(instance, typet(ID_natural));

}


unsigned int dynamic_object_exprt::get_instance() const

{

  return std::stoul(id2string(to_constant_expr(op0()).get_value()));

}


static void build_object_descriptor_rec(

  const namespacet &ns,

  const exprt &expr,

  object_descriptor_exprt &dest)

{

  if(expr.id() == ID_index)

  {

    const index_exprt &index = to_index_expr(expr);


    build_object_descriptor_rec(ns, index.array(), dest);


    auto sub_size = size_of_expr(expr.type(), ns);


    if(sub_size.has_value())

    {

      dest.offset() = plus_exprt(

        dest.offset(),

        mult_exprt(

          typecast_exprt::conditional_cast(index.index(), c_index_type()),

          typecast_exprt::conditional_cast(sub_size.value(), c_index_type())));

    }

    else

    {

      dest.offset() = exprt(ID_unknown);

    }

  }

  else if(expr.id() == ID_member)

  {

    const member_exprt &member = to_member_expr(expr);

    const exprt &struct_op = member.struct_op();


    build_object_descriptor_rec(ns, struct_op, dest);


    auto offset = member_offset_expr(member, ns);

    CHECK_RETURN(offset.has_value());


    dest.offset() = plus_exprt(

      dest.offset(),

      typecast_exprt::conditional_cast(offset.value(), c_index_type()));

  }

  else if(

    expr.id() == ID_byte_extract_little_endian ||

    expr.id() == ID_byte_extract_big_endian)

  {

    const byte_extract_exprt &be = to_byte_extract_expr(expr);


    dest.object() = be.op();


    build_object_descriptor_rec(ns, be.op(), dest);


    dest.offset() = plus_exprt(

      dest.offset(),

      typecast_exprt::conditional_cast(

        to_byte_extract_expr(expr).offset(), c_index_type()));

  }

  else if(expr.id() == ID_typecast)

  {

    const typecast_exprt &tc = to_typecast_expr(expr);


    dest.object() = tc.op();


    build_object_descriptor_rec(ns, tc.op(), dest);

  }

  else if(const auto deref = expr_try_dynamic_cast<dereference_exprt>(expr))

  {

    const exprt &pointer = skip_typecast(deref->pointer());

    if(const auto address_of = expr_try_dynamic_cast<address_of_exprt>(pointer))

    {

      dest.object() = address_of->object();

      build_object_descriptor_rec(ns, address_of->object(), dest);

    }

  }

  else if(const auto address_of = expr_try_dynamic_cast<address_of_exprt>(expr))

  {

    const exprt &object = skip_typecast(address_of->object());

    if(const auto deref = expr_try_dynamic_cast<dereference_exprt>(object))

    {

      dest.object() = deref->pointer();

      build_object_descriptor_rec(ns, deref->pointer(), dest);

    }

  }

}


void object_descriptor_exprt::build(const exprt &expr, const namespacet &ns)

{

  PRECONDITION(object().id() == ID_unknown);

  object() = expr;


  if(offset().id() == ID_unknown)

    offset() = from_integer(0, c_index_type());


  build_object_descriptor_rec(ns, expr, *this);

  simplify(offset(), ns);

}


address_of_exprt::address_of_exprt(const exprt &_op)

  : unary_exprt(ID_address_of, _op, pointer_type(_op.type()))

{

}


object_address_exprt::object_address_exprt(const symbol_exprt &object)

  : object_address_exprt(object, pointer_type(object.type()))

{

}


object_address_exprt::object_address_exprt(

  const symbol_exprt &object,

  pointer_typet type)

  : nullary_exprt(ID_object_address, std::move(type))

{

  set(ID_identifier, object.get_identifier());

}


symbol_exprt object_address_exprt::object_expr() const

{

  return symbol_exprt(object_identifier(), to_pointer_type(type()).base_type());

}


field_address_exprt::field_address_exprt(

  exprt compound_ptr,

  const irep_idt &component_name,

  pointer_typet _type)

  : unary_exprt(ID_field_address, std::move(compound_ptr), std::move(_type))

{

  const auto &base_type = field_address_exprt::base().type();

  PRECONDITION(base_type.id() == ID_pointer);

  const auto &compound_type = to_pointer_type(base_type).base_type();

  PRECONDITION(

    compound_type.id() == ID_struct || compound_type.id() == ID_struct_tag ||

    compound_type.id() == ID_union || compound_type.id() == ID_union_tag);

  set(ID_component_name, component_name);

}


element_address_exprt::element_address_exprt(const exprt &base, exprt index)

  : element_address_exprt(

      base,

      std::move(index),

      pointer_typet(

        to_pointer_type(base.type()).base_type(),

        to_pointer_type(base.type()).get_width()))

{

}


element_address_exprt::element_address_exprt(

  exprt base,

  exprt index,

  pointer_typet type)

  : binary_exprt(

      std::move(base),

      ID_element_address,

      std::move(index),

      std::move(type))

{

}


const exprt &object_descriptor_exprt::root_object(const exprt &expr)

{

  const exprt *p = &expr;


  while(true)

  {

    if(p->id() == ID_member)

      p = &to_member_expr(*p).compound();

    else if(p->id() == ID_index)

      p = &to_index_expr(*p).array();

    else

      break;

  }


  return *p;

}


void dereference_exprt::validate(

  const exprt &expr,

  const namespacet &ns,

  const validation_modet vm)

{

  check(expr, vm);


  const auto &dereference_expr = to_dereference_expr(expr);


  const typet &type_of_operand = dereference_expr.pointer().type();


  const pointer_typet *pointer_type =

    type_try_dynamic_cast<pointer_typet>(type_of_operand);


  DATA_CHECK(

    vm,

    pointer_type,

    "dereference expression's operand must have a pointer type");


  DATA_CHECK(

    vm,

    dereference_expr.type() == pointer_type->base_type(),

    "dereference expression's type must match the base type of the type of its "

    "operand");

}


exprt pointer_in_range_exprt::lower() const

{

  return and_exprt(

    {same_object(op0(), op1()),

     same_object(op1(), op2()),

     r_ok_exprt(

       op0(), minus_exprt(pointer_offset(op2()), pointer_offset(op0()))),

     binary_relation_exprt(pointer_offset(op0()), ID_le, pointer_offset(op1())),

     binary_relation_exprt(

       pointer_offset(op1()), ID_le, pointer_offset(op2()))});

}


exprt prophecy_r_or_w_ok_exprt::lower(const namespacet &ns) const

{

  return and_exprt{

    {not_exprt{null_object(pointer())},

     not_exprt{is_invalid_pointer_exprt{pointer()}},

     not_exprt{same_object(pointer(), deallocated_ptr())},

     not_exprt{same_object(pointer(), dead_ptr())},

     not_exprt{object_lower_bound(pointer(), nil_exprt())},

     not_exprt{object_upper_bound(pointer(), size())}}};

}


exprt prophecy_pointer_in_range_exprt::lower(const namespacet &ns) const

{

  return and_exprt{

    {same_object(op0(), op1()),

     same_object(op1(), op2()),

     prophecy_r_ok_exprt(

       op0(),

       minus_exprt(pointer_offset(op2()), pointer_offset(op0())),

       deallocated_ptr(),

       dead_ptr())

       .lower(ns),

     binary_relation_exprt(pointer_offset(op0()), ID_le, pointer_offset(op1())),

     binary_relation_exprt(

       pointer_offset(op1()), ID_le, pointer_offset(op2()))}};

}


from_integer
constant_exprt from_integer(const mp_integer &int_value, const typet &type)
Definition arith_tools.cpp:99

arith_tools.h

byte_operators.h
Expression classes for byte-level operators.

to_byte_extract_expr
const byte_extract_exprt & to_byte_extract_expr(const exprt &expr)
Definition byte_operators.h:70

pointer_type
pointer_typet pointer_type(const typet &subtype)
Definition c_types.cpp:235

c_index_type
bitvector_typet c_index_type()
Definition c_types.cpp:16

c_types.h

address_of_exprt::address_of_exprt
address_of_exprt(const exprt &op)
Definition pointer_expr.cpp:126

ait
ait supplies three of the four components needed: an abstract interpreter (in this case handling func...
Definition ai.h:562

and_exprt
Boolean AND.
Definition std_expr.h:2125

binary_exprt
A base class for binary expressions.
Definition std_expr.h:638

binary_exprt::op0
exprt & op0()
Definition expr.h:133

binary_relation_exprt
A base class for relations, i.e., binary predicates whose two operands have the same type.
Definition std_expr.h:762

byte_extract_exprt
Expression of type type extracted from some object op starting at position offset (given in number of...
Definition byte_operators.h:29

dereference_exprt::check
static void check(const exprt &expr, const validation_modet vm=validation_modet::INVARIANT)
Definition pointer_expr.h:857

dereference_exprt::validate
static void validate(const exprt &expr, const namespacet &ns, const validation_modet vm=validation_modet::INVARIANT)
Check that the dereference expression has the right number of operands, refers to something with a po...
Definition pointer_expr.cpp:210

dstringt
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Definition dstring.h:38

dynamic_object_exprt::get_instance
unsigned int get_instance() const
Definition pointer_expr.cpp:24

dynamic_object_exprt::set_instance
void set_instance(unsigned int instance)
Definition pointer_expr.cpp:19

element_address_exprt
Operator to return the address of an array element relative to a base address.
Definition pointer_expr.h:748

element_address_exprt::element_address_exprt
element_address_exprt(const exprt &base, exprt index)
constructor for element addresses.
Definition pointer_expr.cpp:164

expr_protectedt::op0
exprt & op0()
Definition expr.h:133

expr_protectedt::op1
exprt & op1()
Definition expr.h:136

expr_protectedt::op2
exprt & op2()
Definition expr.h:139

exprt
Base class for all expressions.
Definition expr.h:56

exprt::type
typet & type()
Return the type of the expression.
Definition expr.h:84

field_address_exprt::component_name
const irep_idt & component_name() const
Definition pointer_expr.h:704

field_address_exprt::compound_type
const typet & compound_type() const
Definition pointer_expr.h:699

field_address_exprt::base
exprt & base()
Definition pointer_expr.h:673

field_address_exprt::field_address_exprt
field_address_exprt(exprt base, const irep_idt &component_name, pointer_typet type)
constructor for field addresses.
Definition pointer_expr.cpp:149

index_exprt
Array index operator.
Definition std_expr.h:1470

index_exprt::index
exprt & index()
Definition std_expr.h:1510

index_exprt::array
exprt & array()
Definition std_expr.h:1500

irept::set
void set(const irep_idt &name, const irep_idt &value)
Definition irep.h:412

irept::id
const irep_idt & id() const
Definition irep.h:388

is_invalid_pointer_exprt
Definition pointer_predicates.h:36

member_exprt
Extract member of struct or union.
Definition std_expr.h:2971

member_exprt::struct_op
const exprt & struct_op() const
Definition std_expr.h:3009

minus_exprt
Binary minus.
Definition std_expr.h:1061

mult_exprt
Binary multiplication Associativity is not specified.
Definition std_expr.h:1107

namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition namespace.h:91

nil_exprt
The NIL expression.
Definition std_expr.h:3208

not_exprt
Boolean negation.
Definition std_expr.h:2454

nullary_exprt
An expression without operands.
Definition std_expr.h:22

object_address_exprt
Operator to return the address of an object.
Definition pointer_expr.h:596

object_address_exprt::type
const pointer_typet & type() const
Definition pointer_expr.h:607

object_address_exprt::object_expr
symbol_exprt object_expr() const
Definition pointer_expr.cpp:144

object_address_exprt::object_identifier
irep_idt object_identifier() const
Definition pointer_expr.h:602

object_address_exprt::object_address_exprt
object_address_exprt(const symbol_exprt &)
Definition pointer_expr.cpp:131

object_descriptor_exprt
Split an expression into a base object and a (byte) offset.
Definition pointer_expr.h:181

object_descriptor_exprt::offset
exprt & offset()
Definition pointer_expr.h:223

object_descriptor_exprt::root_object
const exprt & root_object() const
Definition pointer_expr.h:218

object_descriptor_exprt::build
void build(const exprt &expr, const namespacet &ns)
Given an expression expr, attempt to find the underlying object it represents by skipping over type c...
Definition pointer_expr.cpp:114

object_descriptor_exprt::object
exprt & object()
Definition pointer_expr.h:207

plus_exprt
The plus expression Associativity is not specified.
Definition std_expr.h:1002

pointer_in_range_exprt::lower
exprt lower() const
Definition pointer_expr.cpp:236

pointer_typet
The pointer type These are both 'bitvector_typet' (they have a width) and 'type_with_subtypet' (they ...
Definition pointer_expr.h:24

pointer_typet::base_type
const typet & base_type() const
The type of the data what we point to.
Definition pointer_expr.h:35

prophecy_pointer_in_range_exprt::dead_ptr
const exprt & dead_ptr() const
Definition pointer_expr.h:495

prophecy_pointer_in_range_exprt::deallocated_ptr
const exprt & deallocated_ptr() const
Definition pointer_expr.h:490

prophecy_pointer_in_range_exprt::lower
exprt lower(const namespacet &ns) const
Definition pointer_expr.cpp:259

prophecy_r_ok_exprt
A predicate that indicates that an address range is ok to read.
Definition pointer_expr.h:1107

prophecy_r_or_w_ok_exprt::deallocated_ptr
const exprt & deallocated_ptr() const
Definition pointer_expr.h:1057

prophecy_r_or_w_ok_exprt::lower
exprt lower(const namespacet &ns) const
Lower an r_or_w_ok_exprt to arithmetic and logic expressions.
Definition pointer_expr.cpp:248

prophecy_r_or_w_ok_exprt::dead_ptr
const exprt & dead_ptr() const
Definition pointer_expr.h:1067

prophecy_r_or_w_ok_exprt::pointer
const exprt & pointer() const
Definition pointer_expr.h:1047

prophecy_r_or_w_ok_exprt::size
const exprt & size() const
Definition pointer_expr.h:1052

r_ok_exprt
A predicate that indicates that an address range is ok to read.
Definition pointer_expr.h:960

symbol_exprt
Expression to hold a symbol (variable)
Definition std_expr.h:131

ternary_exprt::op0
exprt & op0()
Definition expr.h:133

ternary_exprt::op1
exprt & op1()
Definition expr.h:136

ternary_exprt::op2
exprt & op2()
Definition expr.h:139

typecast_exprt
Semantic type conversion.
Definition std_expr.h:2073

typecast_exprt::conditional_cast
static exprt conditional_cast(const exprt &expr, const typet &type)
Definition std_expr.h:2081

typet
The type of an expression, extends irept.
Definition type.h:29

unary_exprt
Generic base class for unary expressions.
Definition std_expr.h:361

skip_typecast
const exprt & skip_typecast(const exprt &expr)
find the expression nested inside typecasts, if any
Definition expr_util.cpp:193

expr_util.h
Deprecated expression utility functions.

id2string
const std::string & id2string(const irep_idt &d)
Definition irep.h:44

std
STL namespace.

build_object_descriptor_rec
static void build_object_descriptor_rec(const namespacet &ns, const exprt &expr, object_descriptor_exprt &dest)
Build an object_descriptor_exprt from a given expr.
Definition pointer_expr.cpp:30

pointer_expr.h
API to expression classes for Pointers.

to_pointer_type
const pointer_typet & to_pointer_type(const typet &type)
Cast a typet to a pointer_typet.
Definition pointer_expr.h:93

to_dereference_expr
const dereference_exprt & to_dereference_expr(const exprt &expr)
Cast an exprt to a dereference_exprt.
Definition pointer_expr.h:890

size_of_expr
std::optional< exprt > size_of_expr(const typet &type, const namespacet &ns)
Definition pointer_offset_size.cpp:287

member_offset_expr
std::optional< exprt > member_offset_expr(const member_exprt &member_expr, const namespacet &ns)
Definition pointer_offset_size.cpp:222

pointer_offset_size.h
Pointer Logic.

pointer_offset
exprt pointer_offset(const exprt &pointer)
Definition pointer_predicates.cpp:38

object_upper_bound
exprt object_upper_bound(const exprt &pointer, const exprt &access_size)
Definition pointer_predicates.cpp:72

same_object
exprt same_object(const exprt &p1, const exprt &p2)
Definition pointer_predicates.cpp:28

null_object
exprt null_object(const exprt &pointer)
Definition pointer_predicates.cpp:59

object_lower_bound
exprt object_lower_bound(const exprt &pointer, const exprt &offset)
Definition pointer_predicates.cpp:117

pointer_predicates.h
Various predicates over pointers in programs.

simplify
bool simplify(exprt &expr, const namespacet &ns)
Definition simplify_expr.cpp:3246

simplify_expr.h

CHECK_RETURN
#define CHECK_RETURN(CONDITION)
Definition invariant.h:495

PRECONDITION
#define PRECONDITION(CONDITION)
Definition invariant.h:463

to_index_expr
const index_exprt & to_index_expr(const exprt &expr)
Cast an exprt to an index_exprt.
Definition std_expr.h:1538

to_typecast_expr
const typecast_exprt & to_typecast_expr(const exprt &expr)
Cast an exprt to a typecast_exprt.
Definition std_expr.h:2107

to_member_expr
const member_exprt & to_member_expr(const exprt &expr)
Cast an exprt to a member_exprt.
Definition std_expr.h:3063

to_constant_expr
const constant_exprt & to_constant_expr(const exprt &expr)
Cast an exprt to a constant_exprt.
Definition std_expr.h:3172

DATA_CHECK
#define DATA_CHECK(vm, condition, message)
This macro takes a condition which denotes a well-formedness criterion on goto programs,...
Definition validate.h:22

validation_modet
validation_modet
Definition validation_mode.h:13