cbmc/postcondition_8cpp_source.html

 /*******************************************************************\


 Module: Symbolic Execution


 Author: Daniel Kroening, kroening@kroening.com


 \*******************************************************************/


 #include "postcondition.h"


 #include <util/find_symbols.h>

 #include <util/pointer_expr.h>

 #include <util/std_expr.h>


 #include <pointer-analysis/value_set.h>


 #include "renaming_level.h"

 #include "symex_target_equation.h"


 class postconditiont

 {

 public:

   postconditiont(

     const namespacet &_ns,

     const value_sett &_value_set,

     const SSA_stept &_SSA_step,

     const goto_symex_statet &_s)

     : ns(_ns), value_set(_value_set), SSA_step(_SSA_step), s(_s)

   {

   }


 protected:

   const namespacet &ns;

   const value_sett &value_set;

   const SSA_stept &SSA_step;

   const goto_symex_statet &s;


 public:

   void compute(exprt &dest);


 protected:

   void strengthen(exprt &dest);

   void weaken(exprt &dest);

   bool is_used_address_of(const exprt &expr, const irep_idt &identifier);

   bool is_used(const exprt &expr, const irep_idt &identifier);

 };


 void postcondition(

   const namespacet &ns,

   const value_sett &value_set,

   const symex_target_equationt &equation,

   const goto_symex_statet &s,

   exprt &dest)

 {

   for(symex_target_equationt::SSA_stepst::const_iterator

       it=equation.SSA_steps.begin();

       it!=equation.SSA_steps.end();

       it++)

   {

     postconditiont postcondition(ns, value_set, *it, s);

     postcondition.compute(dest);

     if(dest.is_false())

       return;

   }

 }


 bool postconditiont::is_used_address_of(

   const exprt &expr,

   const irep_idt &identifier)

 {

   if(expr.id()==ID_symbol)

   {

     // leave alone

   }

   else if(expr.id()==ID_index)

   {

     return is_used_address_of(to_index_expr(expr).array(), identifier) ||

            is_used(to_index_expr(expr).index(), identifier);

   }

   else if(expr.id()==ID_member)

   {

     return is_used_address_of(to_member_expr(expr).compound(), identifier);

   }

   else if(expr.id()==ID_dereference)

   {

     return is_used(to_dereference_expr(expr).pointer(), identifier);

   }


   return false;

 }


 void postconditiont::compute(exprt &dest)

 {

   // weaken due to assignment

   weaken(dest);


   // strengthen due to assignment

   strengthen(dest);

 }


 void postconditiont::weaken(exprt &dest)

 {

   if(dest.id()==ID_and &&

      dest.type()==bool_typet()) // this distributes over "and"

   {

     Forall_operands(it, dest)

       weaken(*it);


     return;

   }


   // we are lazy:

   // if lhs is mentioned in dest, we use "true".


   const irep_idt &lhs_identifier=SSA_step.ssa_lhs.get_object_name();


   if(is_used(dest, lhs_identifier))

     dest=true_exprt();


   // otherwise, no weakening needed

 }


 void postconditiont::strengthen(exprt &dest)

 {

   const irep_idt &lhs_identifier=SSA_step.ssa_lhs.get_object_name();


   if(!is_used(SSA_step.ssa_rhs, lhs_identifier))

   {

     // we don't do arrays or structs

     if(SSA_step.ssa_lhs.type().id()==ID_array ||

        SSA_step.ssa_lhs.type().id()==ID_struct)

       return;


     exprt equality =

       get_original_name(equal_exprt{SSA_step.ssa_lhs, SSA_step.ssa_rhs});


     if(dest.is_true())

       dest.swap(equality);

     else

       dest=and_exprt(dest, equality);

   }

 }


 bool postconditiont::is_used(

   const exprt &expr,

   const irep_idt &identifier)

 {

   if(expr.id()==ID_address_of)

   {

     return is_used_address_of(to_address_of_expr(expr).object(), identifier);

   }

   else if(is_ssa_expr(expr))

   {

     return to_ssa_expr(expr).get_object_name()==identifier;

   }

   else if(expr.id()==ID_symbol)

   {

     return to_symbol_expr(expr).get_identifier() == identifier;

   }

   else if(expr.id()==ID_dereference)

   {

     // aliasing may happen here

     for(const exprt &e :

         value_set.get_value_set(to_dereference_expr(expr).pointer(), ns))

     {

       if(has_symbol_expr(get_original_name(e), identifier, false))

         return true;

     }


     return false;

   }

   else

   {

     for(const auto &op : expr.operands())

     {

       if(is_used(op, identifier))

         return true;

     }

   }


   return false;

 }

SSA_stept
Single SSA step in the equation.
Definition: ssa_step.h:47

SSA_stept::ssa_rhs
exprt ssa_rhs
Definition: ssa_step.h:141

SSA_stept::ssa_lhs
ssa_exprt ssa_lhs
Definition: ssa_step.h:139

and_exprt
Boolean AND.
Definition: std_expr.h:2120

bool_typet
The Boolean type.
Definition: std_types.h:36

dstringt
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Definition: dstring.h:38

equal_exprt
Equality.
Definition: std_expr.h:1361

exprt
Base class for all expressions.
Definition: expr.h:56

exprt::is_true
bool is_true() const
Return whether the expression is a constant representing true.
Definition: expr.cpp:27

exprt::is_false
bool is_false() const
Return whether the expression is a constant representing false.
Definition: expr.cpp:34

exprt::type
typet & type()
Return the type of the expression.
Definition: expr.h:84

exprt::operands
operandst & operands()
Definition: expr.h:94

goto_symex_statet
Central data structure: state.
Definition: goto_symex_state.h:43

irept::id
const irep_idt & id() const
Definition: irep.h:388

irept::swap
void swap(irept &irep)
Definition: irep.h:434

namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition: namespace.h:94

postconditiont
Definition: postcondition.cpp:24

postconditiont::SSA_step
const SSA_stept & SSA_step
Definition: postcondition.cpp:38

postconditiont::ns
const namespacet & ns
Definition: postcondition.cpp:36

postconditiont::is_used
bool is_used(const exprt &expr, const irep_idt &identifier)
Definition: postcondition.cpp:147

postconditiont::strengthen
void strengthen(exprt &dest)
Definition: postcondition.cpp:126

postconditiont::value_set
const value_sett & value_set
Definition: postcondition.cpp:37

postconditiont::s
const goto_symex_statet & s
Definition: postcondition.cpp:39

postconditiont::weaken
void weaken(exprt &dest)
Definition: postcondition.cpp:104

postconditiont::is_used_address_of
bool is_used_address_of(const exprt &expr, const irep_idt &identifier)
Definition: postcondition.cpp:70

postconditiont::postconditiont
postconditiont(const namespacet &_ns, const value_sett &_value_set, const SSA_stept &_SSA_step, const goto_symex_statet &_s)
Definition: postcondition.cpp:26

postconditiont::compute
void compute(exprt &dest)
Definition: postcondition.cpp:95

ssa_exprt::get_object_name
irep_idt get_object_name() const

symbol_exprt::get_identifier
const irep_idt & get_identifier() const
Definition: std_expr.h:160

symex_target_equationt
Inheriting the interface of symex_targett this class represents the SSA form of the input program as ...
Definition: symex_target_equation.h:34

symex_target_equationt::SSA_steps
SSA_stepst SSA_steps
Definition: symex_target_equation.h:251

true_exprt
The Boolean constant true.
Definition: std_expr.h:3063

value_sett
State type in value_set_domaint, used in value-set analysis and goto-symex.
Definition: value_set.h:44

value_sett::get_value_set
std::vector< exprt > get_value_set(exprt expr, const namespacet &ns) const
Gets values pointed to by expr, including following dereference operators (i.e.
Definition: value_set.cpp:390

Forall_operands
#define Forall_operands(it, expr)
Definition: expr.h:27

has_symbol_expr
bool has_symbol_expr(const exprt &src, const irep_idt &identifier, bool include_bound_symbols)
Returns true if one of the symbol expressions in src has identifier identifier; if include_bound_symb...
Definition: find_symbols.cpp:267

find_symbols.h

pointer_expr.h
API to expression classes for Pointers.

to_dereference_expr
const dereference_exprt & to_dereference_expr(const exprt &expr)
Cast an exprt to a dereference_exprt.
Definition: pointer_expr.h:890

to_address_of_expr
const address_of_exprt & to_address_of_expr(const exprt &expr)
Cast an exprt to an address_of_exprt.
Definition: pointer_expr.h:577

postcondition
void postcondition(const namespacet &ns, const value_sett &value_set, const symex_target_equationt &equation, const goto_symex_statet &s, exprt &dest)
Definition: postcondition.cpp:51

postcondition.h
Generate Equation using Symbolic Execution.

get_original_name
exprt get_original_name(exprt expr)
Undo all levels of renaming.
Definition: renaming_level.cpp:158

renaming_level.h
Renaming levels.

to_ssa_expr
const ssa_exprt & to_ssa_expr(const exprt &expr)
Cast a generic exprt to an ssa_exprt.
Definition: ssa_expr.h:145

is_ssa_expr
bool is_ssa_expr(const exprt &expr)
Definition: ssa_expr.h:125

std_expr.h
API to expression classes.

to_symbol_expr
const symbol_exprt & to_symbol_expr(const exprt &expr)
Cast an exprt to a symbol_exprt.
Definition: std_expr.h:272

to_member_expr
const member_exprt & to_member_expr(const exprt &expr)
Cast an exprt to a member_exprt.
Definition: std_expr.h:2936

to_index_expr
const index_exprt & to_index_expr(const exprt &expr)
Cast an exprt to an index_exprt.
Definition: std_expr.h:1533

symex_target_equation.h
Generate Equation using Symbolic Execution.

value_set.h
Value Set.