cbmc/postcondition_8cpp_source.html

/*******************************************************************\


Module: Symbolic Execution


Author: Daniel Kroening, kroening@kroening.com


\*******************************************************************/


#include "postcondition.h"


#include <util/find_symbols.h>

#include <util/pointer_expr.h>

#include <util/std_expr.h>


#include <pointer-analysis/value_set.h>


#include "renaming_level.h"

#include "symex_target_equation.h"


class postconditiont

{

public:


  postconditiont(

    const namespacet &_ns,

    const value_sett &_value_set,

    const SSA_stept &_SSA_step,

    const goto_symex_statet &_s)

    : ns(_ns), value_set(_value_set), SSA_step(_SSA_step), s(_s)

  {

  }

  postconditiont( {…}


protected:

  const namespacet &ns;

  const value_sett &value_set;

  const SSA_stept &SSA_step;

  const goto_symex_statet &s;


public:

  void compute(exprt &dest);


protected:

  void strengthen(exprt &dest);

  void weaken(exprt &dest);

  bool is_used_address_of(const exprt &expr, const irep_idt &identifier);

  bool is_used(const exprt &expr, const irep_idt &identifier);

};

class postconditiont {…};


void postcondition(

  const namespacet &ns,

  const value_sett &value_set,

  const symex_target_equationt &equation,

  const goto_symex_statet &s,

  exprt &dest)

{

  for(symex_target_equationt::SSA_stepst::const_iterator

      it=equation.SSA_steps.begin();

      it!=equation.SSA_steps.end();

      it++)

  {

    postconditiont postcondition(ns, value_set, *it, s);

    postcondition.compute(dest);

    if(dest.is_false())

      return;

  }

}

void postcondition( {…}


bool postconditiont::is_used_address_of(

  const exprt &expr,

  const irep_idt &identifier)

{

  if(expr.id()==ID_symbol)

  {

    // leave alone

  }

  else if(expr.id()==ID_index)

  {

    return is_used_address_of(to_index_expr(expr).array(), identifier) ||

           is_used(to_index_expr(expr).index(), identifier);

  }

  else if(expr.id()==ID_member)

  {

    return is_used_address_of(to_member_expr(expr).compound(), identifier);

  }

  else if(expr.id()==ID_dereference)

  {

    return is_used(to_dereference_expr(expr).pointer(), identifier);

  }


  return false;

}

bool postconditiont::is_used_address_of( {…}


void postconditiont::compute(exprt &dest)

{

  // weaken due to assignment

  weaken(dest);


  // strengthen due to assignment

  strengthen(dest);

}

void postconditiont::compute(exprt &dest) {…}


void postconditiont::weaken(exprt &dest)

{

  if(dest.id()==ID_and &&

     dest.type()==bool_typet()) // this distributes over "and"

  {

    Forall_operands(it, dest)

      weaken(*it);


    return;

  }


  // we are lazy:

  // if lhs is mentioned in dest, we use "true".


  const irep_idt &lhs_identifier=SSA_step.ssa_lhs.get_object_name();


  if(is_used(dest, lhs_identifier))

    dest=true_exprt();


  // otherwise, no weakening needed

}

void postconditiont::weaken(exprt &dest) {…}


void postconditiont::strengthen(exprt &dest)

{

  const irep_idt &lhs_identifier=SSA_step.ssa_lhs.get_object_name();


  if(!is_used(SSA_step.ssa_rhs, lhs_identifier))

  {

    // we don't do arrays or structs

    if(SSA_step.ssa_lhs.type().id()==ID_array ||

       SSA_step.ssa_lhs.type().id()==ID_struct)

      return;


    exprt equality =

      get_original_name(equal_exprt{SSA_step.ssa_lhs, SSA_step.ssa_rhs});


    if(dest.is_true())

      dest.swap(equality);

    else

      dest=and_exprt(dest, equality);

  }

}

void postconditiont::strengthen(exprt &dest) {…}


bool postconditiont::is_used(

  const exprt &expr,

  const irep_idt &identifier)

{

  if(expr.id()==ID_address_of)

  {

    return is_used_address_of(to_address_of_expr(expr).object(), identifier);

  }

  else if(is_ssa_expr(expr))

  {

    return to_ssa_expr(expr).get_object_name()==identifier;

  }

  else if(expr.id()==ID_symbol)

  {

    return to_symbol_expr(expr).get_identifier() == identifier;

  }

  else if(expr.id()==ID_dereference)

  {

    // aliasing may happen here

    for(const exprt &e :

        value_set.get_value_set(to_dereference_expr(expr).pointer(), ns))

    {

      if(has_symbol_expr(get_original_name(e), identifier, false))

        return true;

    }


    return false;

  }

  else

  {

    for(const auto &op : expr.operands())

    {

      if(is_used(op, identifier))

        return true;

    }

  }


  return false;

}

bool postconditiont::is_used( {…}

SSA_stept
Single SSA step in the equation.
Definition ssa_step.h:47

ait
ait supplies three of the four components needed: an abstract interpreter (in this case handling func...
Definition ai.h:562

and_exprt
Boolean AND.
Definition std_expr.h:2125

bool_typet
The Boolean type.
Definition std_types.h:36

dstringt
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Definition dstring.h:38

equal_exprt
Equality.
Definition std_expr.h:1366

exprt
Base class for all expressions.
Definition expr.h:56

exprt::is_true
bool is_true() const
Return whether the expression is a constant representing true.
Definition expr.cpp:27

exprt::is_false
bool is_false() const
Return whether the expression is a constant representing false.
Definition expr.cpp:34

exprt::type
typet & type()
Return the type of the expression.
Definition expr.h:84

exprt::operands
operandst & operands()
Definition expr.h:94

goto_symex_statet
Central data structure: state.
Definition goto_symex_state.h:42

irept::swap
void swap(irept &irep)
Definition irep.h:434

irept::id
const irep_idt & id() const
Definition irep.h:388

namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition namespace.h:91

postconditiont
Definition postcondition.cpp:24

postconditiont::SSA_step
const SSA_stept & SSA_step
Definition postcondition.cpp:38

postconditiont::ns
const namespacet & ns
Definition postcondition.cpp:36

postconditiont::is_used
bool is_used(const exprt &expr, const irep_idt &identifier)
Definition postcondition.cpp:147

postconditiont::strengthen
void strengthen(exprt &dest)
Definition postcondition.cpp:126

postconditiont::value_set
const value_sett & value_set
Definition postcondition.cpp:37

postconditiont::s
const goto_symex_statet & s
Definition postcondition.cpp:39

postconditiont::weaken
void weaken(exprt &dest)
Definition postcondition.cpp:104

postconditiont::is_used_address_of
bool is_used_address_of(const exprt &expr, const irep_idt &identifier)
Definition postcondition.cpp:70

postconditiont::postconditiont
postconditiont(const namespacet &_ns, const value_sett &_value_set, const SSA_stept &_SSA_step, const goto_symex_statet &_s)
Definition postcondition.cpp:26

postconditiont::compute
void compute(exprt &dest)
Definition postcondition.cpp:95

symex_target_equationt
Inheriting the interface of symex_targett this class represents the SSA form of the input program as ...
Definition symex_target_equation.h:34

symex_target_equationt::SSA_steps
SSA_stepst SSA_steps
Definition symex_target_equation.h:251

true_exprt
The Boolean constant true.
Definition std_expr.h:3190

value_sett
State type in value_set_domaint, used in value-set analysis and goto-symex.
Definition value_set.h:44

Forall_operands
#define Forall_operands(it, expr)
Definition expr.h:27

has_symbol_expr
bool has_symbol_expr(const exprt &src, const irep_idt &identifier, bool include_bound_symbols)
Returns true if one of the symbol expressions in src has identifier identifier; if include_bound_symb...
Definition find_symbols.cpp:267

find_symbols.h

pointer_expr.h
API to expression classes for Pointers.

to_address_of_expr
const address_of_exprt & to_address_of_expr(const exprt &expr)
Cast an exprt to an address_of_exprt.
Definition pointer_expr.h:577

to_dereference_expr
const dereference_exprt & to_dereference_expr(const exprt &expr)
Cast an exprt to a dereference_exprt.
Definition pointer_expr.h:890

postcondition
void postcondition(const namespacet &ns, const value_sett &value_set, const symex_target_equationt &equation, const goto_symex_statet &s, exprt &dest)
Definition postcondition.cpp:51

postcondition.h
Generate Equation using Symbolic Execution.

get_original_name
exprt get_original_name(exprt expr)
Undo all levels of renaming.
Definition renaming_level.cpp:158

renaming_level.h
Renaming levels.

is_ssa_expr
bool is_ssa_expr(const exprt &expr)
Definition ssa_expr.h:125

to_ssa_expr
const ssa_exprt & to_ssa_expr(const exprt &expr)
Cast a generic exprt to an ssa_exprt.
Definition ssa_expr.h:145

std_expr.h
API to expression classes.

to_index_expr
const index_exprt & to_index_expr(const exprt &expr)
Cast an exprt to an index_exprt.
Definition std_expr.h:1538

to_member_expr
const member_exprt & to_member_expr(const exprt &expr)
Cast an exprt to a member_exprt.
Definition std_expr.h:3063

to_symbol_expr
const symbol_exprt & to_symbol_expr(const exprt &expr)
Cast an exprt to a symbol_exprt.
Definition std_expr.h:272

symex_target_equation.h
Generate Equation using Symbolic Execution.

value_set.h
Value Set.