cbmc/pointer__logic_8cpp_source.html

 /*******************************************************************\


 Module: Pointer Logic


 Author: Daniel Kroening, kroening@kroening.com


 \*******************************************************************/


 #include "pointer_logic.h"


 #include <util/arith_tools.h>

 #include <util/byte_operators.h>

 #include <util/c_types.h>

 #include <util/invariant.h>

 #include <util/pointer_expr.h>

 #include <util/pointer_offset_size.h>

 #include <util/pointer_predicates.h>

 #include <util/prefix.h>

 #include <util/simplify_expr.h>

 #include <util/std_expr.h>


 bool pointer_logict::is_dynamic_object(const exprt &expr) const

 {

   return expr.type().get_bool(ID_C_dynamic) ||

          (expr.id() == ID_symbol &&

           has_prefix(

             id2string(to_symbol_expr(expr).get_identifier()),

             SYMEX_DYNAMIC_PREFIX "::"));

 }


 void pointer_logict::get_dynamic_objects(std::vector<mp_integer> &o) const

 {

   o.clear();

   mp_integer nr = 0;


   for(auto it = objects.cbegin(); it != objects.cend(); ++it, ++nr)

     if(is_dynamic_object(*it))

       o.push_back(nr);

 }


 mp_integer pointer_logict::add_object(const exprt &expr)

 {

   // remove any index/member


   if(expr.id()==ID_index)

   {

     return add_object(to_index_expr(expr).array());

   }

   else if(expr.id()==ID_member)

   {

     return add_object(to_member_expr(expr).compound());

   }


   return objects.number(expr);

 }


 exprt pointer_logict::pointer_expr(

   const mp_integer &object,

   const pointer_typet &type) const

 {

   return pointer_expr({object, 0}, type);

 }


 exprt pointer_logict::pointer_expr(

   const pointert &pointer,

   const pointer_typet &type) const

 {

   if(pointer.object==null_object) // NULL?

   {

     if(pointer.offset==0)

     {

       return null_pointer_exprt(type);

     }

     else

     {

       null_pointer_exprt null(type);

       return plus_exprt(null,

         from_integer(pointer.offset, pointer_diff_type()));

     }

   }

   else if(pointer.object==invalid_object) // INVALID?

   {

     return constant_exprt("INVALID", type);

   }


   if(pointer.object>=objects.size())

   {

     return constant_exprt("INVALID-" + integer2string(pointer.object), type);

   }


   const exprt &object_expr =

     objects[numeric_cast_v<std::size_t>(pointer.object)];


   typet subtype = type.base_type();

   // In a counterexample we may up with void pointers with an offset; handle

   // this just like GCC does and treat them as char pointers:

   // https://gcc.gnu.org/onlinedocs/gcc-4.8.0/gcc/Pointer-Arith.html

   if(subtype.id() == ID_empty)

     subtype = char_type();

   if(object_expr.id() == ID_string_constant)

   {

     subtype = object_expr.type();


     // a string constant must be array-typed with fixed size

     const array_typet &array_type = to_array_type(object_expr.type());

     mp_integer array_size =

       numeric_cast_v<mp_integer>(to_constant_expr(array_type.size()));

     if(array_size > pointer.offset)

     {

       to_array_type(subtype).size() =

         from_integer(array_size - pointer.offset, array_type.size().type());

     }

   }

   auto deep_object_opt =

     get_subexpression_at_offset(object_expr, pointer.offset, subtype, ns);

   CHECK_RETURN(deep_object_opt.has_value());

   exprt deep_object = deep_object_opt.value();

   simplify(deep_object, ns);

   if(

     deep_object.id() != ID_byte_extract_little_endian &&

     deep_object.id() != ID_byte_extract_big_endian)

   {

     return typecast_exprt::conditional_cast(

       address_of_exprt(deep_object), type);

   }


   const byte_extract_exprt &be = to_byte_extract_expr(deep_object);

   const address_of_exprt base(be.op());

   if(be.offset().is_zero())

     return typecast_exprt::conditional_cast(base, type);


   const auto object_size = pointer_offset_size(be.op().type(), ns);

   if(object_size.has_value() && *object_size <= 1)

   {

     return typecast_exprt::conditional_cast(

       plus_exprt(base, from_integer(pointer.offset, pointer_diff_type())),

       type);

   }

   else if(object_size.has_value() && pointer.offset % *object_size == 0)

   {

     return typecast_exprt::conditional_cast(

       plus_exprt(

         base, from_integer(pointer.offset / *object_size, pointer_diff_type())),

       type);

   }

   else

   {

     return typecast_exprt::conditional_cast(

       plus_exprt(

         typecast_exprt(base, pointer_type(char_type())),

         from_integer(pointer.offset, pointer_diff_type())),

       type);

   }

 }


 pointer_logict::pointer_logict(const namespacet &_ns):ns(_ns)

 {

   // add NULL

   null_object=objects.number(exprt(ID_NULL));

   CHECK_RETURN(null_object == 0);


   // add INVALID

   invalid_object=objects.number(exprt("INVALID"));

 }


 pointer_logict::~pointer_logict()

 {

 }

from_integer
constant_exprt from_integer(const mp_integer &int_value, const typet &type)
Definition: arith_tools.cpp:100

arith_tools.h

byte_operators.h
Expression classes for byte-level operators.

to_byte_extract_expr
const byte_extract_exprt & to_byte_extract_expr(const exprt &expr)
Definition: byte_operators.h:70

pointer_type
pointer_typet pointer_type(const typet &subtype)
Definition: c_types.cpp:235

pointer_diff_type
signedbv_typet pointer_diff_type()
Definition: c_types.cpp:220

char_type
bitvector_typet char_type()
Definition: c_types.cpp:106

c_types.h

address_of_exprt
Operator to return the address of an object.
Definition: pointer_expr.h:540

array_typet
Arrays with given size.
Definition: std_types.h:807

array_typet::size
const exprt & size() const
Definition: std_types.h:840

byte_extract_exprt
Expression of type type extracted from some object op starting at position offset (given in number of...
Definition: byte_operators.h:29

byte_extract_exprt::op
exprt & op()
Definition: byte_operators.h:46

byte_extract_exprt::offset
exprt & offset()
Definition: byte_operators.h:47

constant_exprt
A constant literal expression.
Definition: std_expr.h:2990

exprt
Base class for all expressions.
Definition: expr.h:56

exprt::is_zero
bool is_zero() const
Return whether the expression is a constant representing 0.
Definition: expr.cpp:47

exprt::type
typet & type()
Return the type of the expression.
Definition: expr.h:84

irept::get_bool
bool get_bool(const irep_idt &name) const
Definition: irep.cpp:57

irept::id
const irep_idt & id() const
Definition: irep.h:388

namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition: namespace.h:94

null_pointer_exprt
The null pointer constant.
Definition: pointer_expr.h:909

numberingt::number
number_type number(const key_type &a)
Definition: numbering.h:37

numberingt::cend
const_iterator cend() const
Definition: numbering.h:106

numberingt::size
size_type size() const
Definition: numbering.h:66

numberingt::cbegin
const_iterator cbegin() const
Definition: numbering.h:93

plus_exprt
The plus expression Associativity is not specified.
Definition: std_expr.h:1002

pointer_logict::invalid_object
mp_integer invalid_object
Definition: pointer_logic.h:69

pointer_logict::objects
numberingt< exprt, irep_hash > objects
Definition: pointer_logic.h:26

pointer_logict::pointer_expr
exprt pointer_expr(const pointert &pointer, const pointer_typet &type) const
Convert an (object,offset) pair to an expression.
Definition: pointer_logic.cpp:67

pointer_logict::null_object
mp_integer null_object
Definition: pointer_logic.h:69

pointer_logict::get_dynamic_objects
void get_dynamic_objects(std::vector< mp_integer > &objects) const
Definition: pointer_logic.cpp:34

pointer_logict::add_object
mp_integer add_object(const exprt &expr)
Definition: pointer_logic.cpp:44

pointer_logict::ns
const namespacet & ns
Definition: pointer_logic.h:68

pointer_logict::is_dynamic_object
bool is_dynamic_object(const exprt &expr) const
Definition: pointer_logic.cpp:25

pointer_logict::pointer_logict
pointer_logict(const namespacet &_ns)
Definition: pointer_logic.cpp:159

pointer_logict::~pointer_logict
~pointer_logict()
Definition: pointer_logic.cpp:169

pointer_typet
The pointer type These are both 'bitvector_typet' (they have a width) and 'type_with_subtypet' (they ...
Definition: pointer_expr.h:24

pointer_typet::base_type
const typet & base_type() const
The type of the data what we point to.
Definition: pointer_expr.h:35

typecast_exprt
Semantic type conversion.
Definition: std_expr.h:2068

typecast_exprt::conditional_cast
static exprt conditional_cast(const exprt &expr, const typet &type)
Definition: std_expr.h:2076

typet
The type of an expression, extends irept.
Definition: type.h:29

has_prefix
bool has_prefix(const std::string &s, const std::string &prefix)
Definition: converter.cpp:13

id2string
const std::string & id2string(const irep_idt &d)
Definition: irep.h:44

integer2string
const std::string integer2string(const mp_integer &n, unsigned base)
Definition: mp_arith.cpp:103

pointer_expr.h
API to expression classes for Pointers.

pointer_logic.h
Pointer Logic.

get_subexpression_at_offset
std::optional< exprt > get_subexpression_at_offset(const exprt &expr, const mp_integer &offset_bytes, const typet &target_type_raw, const namespacet &ns)
Definition: pointer_offset_size.cpp:560

pointer_offset_size
std::optional< mp_integer > pointer_offset_size(const typet &type, const namespacet &ns)
Compute the size of a type in bytes, rounding up to full bytes.
Definition: pointer_offset_size.cpp:91

pointer_offset_size.h
Pointer Logic.

object_size
exprt object_size(const exprt &pointer)
Definition: pointer_predicates.cpp:33

pointer_predicates.h
Various predicates over pointers in programs.

SYMEX_DYNAMIC_PREFIX
#define SYMEX_DYNAMIC_PREFIX
Definition: pointer_predicates.h:17

prefix.h

simplify
bool simplify(exprt &expr, const namespacet &ns)
Definition: simplify_expr.cpp:3237

simplify_expr.h

mp_integer
BigInt mp_integer
Definition: smt_terms.h:17

invariant.h

CHECK_RETURN
#define CHECK_RETURN(CONDITION)
Definition: invariant.h:495

std_expr.h
API to expression classes.

to_constant_expr
const constant_exprt & to_constant_expr(const exprt &expr)
Cast an exprt to a constant_exprt.
Definition: std_expr.h:3045

to_symbol_expr
const symbol_exprt & to_symbol_expr(const exprt &expr)
Cast an exprt to a symbol_exprt.
Definition: std_expr.h:272

to_member_expr
const member_exprt & to_member_expr(const exprt &expr)
Cast an exprt to a member_exprt.
Definition: std_expr.h:2936

to_index_expr
const index_exprt & to_index_expr(const exprt &expr)
Cast an exprt to an index_exprt.
Definition: std_expr.h:1533

to_array_type
const array_typet & to_array_type(const typet &type)
Cast a typet to an array_typet.
Definition: std_types.h:888

pointer_logict::pointert
Definition: pointer_logic.h:29

pointer_logict::pointert::offset
mp_integer offset
Definition: pointer_logic.h:30

pointer_logict::pointert::object
mp_integer object
Definition: pointer_logic.h:30