cbmc/reaching__definitions_8cpp_source.html

 /*******************************************************************\


 Module: Range-based reaching definitions analysis (following Field-

         Sensitive Program Dependence Analysis, Litvak et al., FSE 2010)


 Author: Michael Tautschnig


 Date: February 2013


 \*******************************************************************/


 #include "reaching_definitions.h"


 #include <util/base_exceptions.h> // IWYU pragma: keep

 #include <util/pointer_offset_size.h>


 #include <pointer-analysis/value_set_analysis_fi.h>


 #include "dirty.h"

 #include "is_threaded.h"


 #include <memory>


 class rd_range_domain_factoryt : public ai_domain_factoryt<rd_range_domaint>

 {

 public:

   rd_range_domain_factoryt(

     sparse_bitvector_analysist<reaching_definitiont> *_bv_container,

     message_handlert &message_handler)

     : bv_container(_bv_container), message_handler(message_handler)

   {

     PRECONDITION(bv_container != nullptr);

   }


   std::unique_ptr<statet> make(locationt) const override

   {

     auto p = std::make_unique<rd_range_domaint>(bv_container, message_handler);

     CHECK_RETURN(p->is_bottom());

     return std::unique_ptr<statet>(p.release());

   }


 private:

   sparse_bitvector_analysist<reaching_definitiont> *const bv_container;

   message_handlert &message_handler;

 };


 reaching_definitions_analysist::reaching_definitions_analysist(

   const namespacet &_ns,

   message_handlert &message_handler)

   : concurrency_aware_ait<rd_range_domaint>(

       std::make_unique<rd_range_domain_factoryt>(this, message_handler)),

     ns(_ns)

 {

 }


 reaching_definitions_analysist::~reaching_definitions_analysist()=default;


 void rd_range_domaint::populate_cache(const irep_idt &identifier) const

 {

   PRECONDITION(bv_container);


   valuest::const_iterator v_entry=values.find(identifier);

   if(v_entry==values.end() ||

      v_entry->second.empty())

     return;


   ranges_at_loct &export_entry=export_cache[identifier];


   for(const auto &id : v_entry->second)

   {

     const reaching_definitiont &v=bv_container->get(id);


     export_entry[v.definition_at].insert(

       std::make_pair(v.bit_begin, v.bit_end));

   }

 }


 void rd_range_domaint::transform(

   const irep_idt &function_from,

   trace_ptrt trace_from,

   const irep_idt &function_to,

   trace_ptrt trace_to,

   ai_baset &ai,

   const namespacet &ns)

 {

   locationt from{trace_from->current_location()};

   locationt to{trace_to->current_location()};


   reaching_definitions_analysist *rd=

     dynamic_cast<reaching_definitions_analysist*>(&ai);

   INVARIANT_STRUCTURED(

     rd!=nullptr,

     bad_cast_exceptiont,

     "ai has type reaching_definitions_analysist");


   PRECONDITION(bv_container);


   // kill values

   if(from->is_dead())

     transform_dead(ns, from);

   // kill thread-local values

   else if(from->is_start_thread())

     transform_start_thread(ns, *rd);

   // do argument-to-parameter assignments

   else if(from->is_function_call())

     transform_function_call(ns, function_from, from, function_to, *rd);

   // cleanup parameters

   else if(from->is_end_function())

     transform_end_function(ns, function_from, from, function_to, to, *rd);

   // lhs assignments

   else if(from->is_assign())

     transform_assign(ns, from, function_from, from, *rd);

   // initial (non-deterministic) value

   else if(from->is_decl())

     transform_assign(ns, from, function_from, from, *rd);

   // array_set, array_copy, array_replace have side effects

   else if(from->is_other())

     transform_assign(ns, from, function_from, from, *rd);

 }


 void rd_range_domaint::transform_dead(

   const namespacet &,

   locationt from)

 {

   const irep_idt &identifier = from->dead_symbol().get_identifier();


   valuest::iterator entry=values.find(identifier);


   if(entry!=values.end())

   {

     values.erase(entry);

     export_cache.erase(identifier);

   }

 }


 void rd_range_domaint::transform_start_thread(

   const namespacet &ns,

   reaching_definitions_analysist &rd)

 {

   for(valuest::iterator it=values.begin();

       it!=values.end();

       ) // no ++it

   {

     const irep_idt &identifier=it->first;


     if(!ns.lookup(identifier).is_shared() &&

        !rd.get_is_dirty()(identifier))

     {

       export_cache.erase(identifier);


       valuest::iterator next=it;

       ++next;

       values.erase(it);

       it=next;

     }

     else

       ++it;

   }

 }


 void rd_range_domaint::transform_function_call(

   const namespacet &ns,

   const irep_idt &function_from,

   locationt from,

   const irep_idt &function_to,

   reaching_definitions_analysist &rd)

 {

   // only if there is an actual call, i.e., we have a body

   const symbol_exprt &fn_symbol_expr = to_symbol_expr(from->call_function());

   if(function_to == fn_symbol_expr.get_identifier())

   {

     for(valuest::iterator it=values.begin();

         it!=values.end();

        ) // no ++it

     {

       const irep_idt &identifier=it->first;


       // dereferencing may introduce extra symbols

       const symbolt *sym;

       if((ns.lookup(identifier, sym) ||

           !sym->is_shared()) &&

          !rd.get_is_dirty()(identifier))

       {

         export_cache.erase(identifier);


         valuest::iterator next=it;

         ++next;

         values.erase(it);

         it=next;

       }

       else

         ++it;

     }


     const code_typet &code_type=

       to_code_type(ns.lookup(fn_symbol_expr.get_identifier()).type);


     for(const auto &param : code_type.parameters())

     {

       const irep_idt &identifier=param.get_identifier();


       if(identifier.empty())

         continue;


       auto param_bits = pointer_offset_bits(param.type(), ns);

       if(param_bits.has_value())

       {

         gen(

           from,

           identifier,

           range_spect{0},

           range_spect::to_range_spect(*param_bits));

       }

       else

         gen(from, identifier, range_spect{0}, range_spect::unknown());

     }

   }

   else

   {

     // handle return values of undefined functions

     if(from->call_lhs().is_not_nil())

       transform_assign(ns, from, function_from, from, rd);

   }

 }


 void rd_range_domaint::transform_end_function(

   const namespacet &ns,

   const irep_idt &function_from,

   locationt from,

   const irep_idt &function_to,

   locationt to,

   reaching_definitions_analysist &rd)

 {

   locationt call = to;

   --call;


   valuest new_values;

   new_values.swap(values);

   values=rd[call].values;


   for(const auto &new_value : new_values)

   {

     const irep_idt &identifier=new_value.first;


     if(!rd.get_is_threaded()(call) ||

        (!ns.lookup(identifier).is_shared() &&

         !rd.get_is_dirty()(identifier)))

     {

       for(const auto &id : new_value.second)

       {

         const reaching_definitiont &v=bv_container->get(id);

         kill(v.identifier, v.bit_begin, v.bit_end);

       }

     }


     for(const auto &id : new_value.second)

     {

       const reaching_definitiont &v=bv_container->get(id);

       gen(v.definition_at, v.identifier, v.bit_begin, v.bit_end);

     }

   }


   const code_typet &code_type = to_code_type(ns.lookup(function_from).type);


   for(const auto &param : code_type.parameters())

   {

     const irep_idt &identifier=param.get_identifier();


     if(identifier.empty())

       continue;


     valuest::iterator entry=values.find(identifier);


     if(entry!=values.end())

     {

       values.erase(entry);

       export_cache.erase(identifier);

     }

   }


   // handle return values

   if(call->call_lhs().is_not_nil())

   {

     transform_assign(ns, from, function_to, call, rd);

   }

 }


 void rd_range_domaint::transform_assign(

   const namespacet &ns,

   locationt from,

   const irep_idt &function_to,

   locationt to,

   reaching_definitions_analysist &rd)

 {

   rw_range_set_value_sett rw_set(ns, rd.get_value_sets(), message_handler);

   goto_rw(function_to, to, rw_set);

   const bool is_must_alias=rw_set.get_w_set().size()==1;


   for(const auto &written_object_entry : rw_set.get_w_set())

   {

     const irep_idt &identifier = written_object_entry.first;

     // ignore symex::invalid_object

     const symbolt *symbol_ptr;

     if(ns.lookup(identifier, symbol_ptr))

       continue;

     INVARIANT_STRUCTURED(

       symbol_ptr!=nullptr,

       nullptr_exceptiont,

       "Symbol is in symbol table");


     const range_domaint &ranges =

       rw_set.get_ranges(written_object_entry.second);


     if(is_must_alias &&

        (!rd.get_is_threaded()(from) ||

         (!symbol_ptr->is_shared() &&

          !rd.get_is_dirty()(identifier))))

       for(const auto &range : ranges)

         kill(identifier, range.first, range.second);


     for(const auto &range : ranges)

       gen(from, identifier, range.first, range.second);

   }

 }


 void rd_range_domaint::kill(

   const irep_idt &identifier,

   const range_spect &range_start,

   const range_spect &range_end)

 {

   PRECONDITION(range_start >= range_spect{0});


   if(range_end.is_unknown())

   {

     kill_inf(identifier, range_start);

     return;

   }


   PRECONDITION(range_end > range_start);


   valuest::iterator entry=values.find(identifier);

   if(entry==values.end())

     return;


   bool clear_export_cache=false;

   values_innert new_values;


   for(values_innert::iterator

       it=entry->second.begin();

       it!=entry->second.end();

      ) // no ++it

   {

     const reaching_definitiont &v=bv_container->get(*it);


     if(v.bit_begin >= range_end)

       ++it;

     else if(!v.bit_end.is_unknown() && v.bit_end <= range_start)

     {

       ++it;

     }

     else if(

       v.bit_begin >= range_start && !v.bit_end.is_unknown() &&

       v.bit_end <= range_end) // rs <= a < b <= re

     {

       clear_export_cache=true;


       entry->second.erase(it++);

     }

     else if(v.bit_begin >= range_start) // rs <= a <= re < b

     {

       clear_export_cache=true;


       reaching_definitiont v_new=v;

       v_new.bit_begin=range_end;

       new_values.insert(bv_container->add(v_new));


       entry->second.erase(it++);

     }

     else if(v.bit_end.is_unknown() || v.bit_end > range_end) // a <= rs < re < b

     {

       clear_export_cache=true;


       reaching_definitiont v_new=v;

       v_new.bit_end=range_start;


       reaching_definitiont v_new2=v;

       v_new2.bit_begin=range_end;


       new_values.insert(bv_container->add(v_new));

       new_values.insert(bv_container->add(v_new2));


       entry->second.erase(it++);

     }

     else // a <= rs < b <= re

     {

       clear_export_cache=true;


       reaching_definitiont v_new=v;

       v_new.bit_end=range_start;

       new_values.insert(bv_container->add(v_new));


       entry->second.erase(it++);

     }

   }


   if(clear_export_cache)

     export_cache.erase(identifier);


   values_innert::iterator it=entry->second.begin();

   for(const auto &id : new_values)

   {

     while(it!=entry->second.end() && *it<id)

       ++it;

     if(it==entry->second.end() || id<*it)

     {

       entry->second.insert(it, id);

     }

     else if(it!=entry->second.end())

     {

       DATA_INVARIANT(*it == id, "entries must match");

       ++it;

     }

   }

 }


 void rd_range_domaint::kill_inf(

   const irep_idt &,

   const range_spect &range_start)

 {

   PRECONDITION(range_start >= range_spect{0});


 #if 0

   valuest::iterator entry=values.find(identifier);

   if(entry==values.end())

     return;


   XXX export_cache_available=false;


   // makes the analysis underapproximating

   rangest &ranges=entry->second;


   for(rangest::iterator it=ranges.begin();

       it!=ranges.end();

      ) // no ++it

     if(it->second.first!=-1 &&

        it->second.first <= range_start)

       ++it;

     else if(it->first >= range_start) // rs <= a < b <= re

     {

       ranges.erase(it++);

     }

     else // a <= rs < b < re

     {

       it->second.first=range_start;

       ++it;

     }

 #endif

 }


 bool rd_range_domaint::gen(

   locationt from,

   const irep_idt &identifier,

   const range_spect &range_start,

   const range_spect &range_end)

 {

   // objects of size 0 like union U { signed : 0; };

   if(range_start == range_spect{0} && range_end == range_spect{0})

     return false;


   PRECONDITION(range_start >= range_spect{0});

   PRECONDITION(range_end == range_spect::unknown() || range_end > range_start);


   reaching_definitiont v{identifier, from, range_start, range_end};

   if(!values[identifier].insert(bv_container->add(v)).second)

     return false;


   export_cache.erase(identifier);


 #if 0

   range_spect merged_range_end=range_end;


   std::pair<valuest::iterator, bool> entry=

     values.insert(std::make_pair(identifier, rangest()));

   rangest &ranges=entry.first->second;


   if(!entry.second)

   {

     for(rangest::iterator it=ranges.begin();

         it!=ranges.end();

         ) // no ++it

     {

       if(it->second.second!=from ||

          (it->second.first!=-1 && it->second.first <= range_start) ||

          (range_end!=-1 && it->first >= range_end))

         ++it;

       else if(it->first > range_start) // rs < a < b,re

       {

         if(range_end!=-1)

           merged_range_end=std::max(range_end, it->second.first);

         ranges.erase(it++);

       }

       else if(it->second.first==-1 ||

               (range_end!=-1 &&

                it->second.first >= range_end)) // a <= rs < re <= b

       {

         // nothing to do

         return false;

       }

       else // a <= rs < b < re

       {

         it->second.first=range_end;

         return true;

       }

     }

   }


   ranges.insert(std::make_pair(

       range_start,

       std::make_pair(merged_range_end, from)));

 #endif


   return true;

 }


 void rd_range_domaint::output(std::ostream &out) const

 {

   out << "Reaching definitions:\n";


   if(has_values.is_known())

   {

     out << has_values.to_string() << '\n';

     return;

   }


   for(const auto &value : values)

   {

     const irep_idt &identifier=value.first;


     const ranges_at_loct &ranges=get(identifier);


     out << "  " << identifier << "[";


     for(ranges_at_loct::const_iterator itl=ranges.begin();

         itl!=ranges.end();

         ++itl)

       for(rangest::const_iterator itr=itl->second.begin();

           itr!=itl->second.end();

           ++itr)

       {

         if(itr!=itl->second.begin() ||

            itl!=ranges.begin())

           out << ";";


         out << itr->first << ":" << itr->second;

         out << "@" << itl->first->location_number;

       }


     out << "]\n";


     clear_cache(identifier);

   }

 }


 bool rd_range_domaint::merge_inner(

   values_innert &dest,

   const values_innert &other)

 {

   bool more=false;


 #if 0

   ranges_at_loct::iterator itr=it->second.begin();

   for(const auto &o : ito->second)

   {

     while(itr!=it->second.end() && itr->first<o.first)

       ++itr;

     if(itr==it->second.end() || o.first<itr->first)

     {

       it->second.insert(o);

       more=true;

     }

     else if(itr!=it->second.end())

     {

       assert(itr->first==o.first);


       for(const auto &o_range : o.second)

         more=gen(itr->second, o_range.first, o_range.second) ||

           more;


       ++itr;

     }

   }

 #else

   values_innert::iterator itr=dest.begin();

   for(const auto &id : other)

   {

     while(itr!=dest.end() && *itr<id)

       ++itr;

     if(itr==dest.end() || id<*itr)

     {

       dest.insert(itr, id);

       more=true;

     }

     else if(itr!=dest.end())

     {

       DATA_INVARIANT(*itr == id, "entries must match");

       ++itr;

     }

   }

 #endif


   return more;

 }


 bool rd_range_domaint::merge(

   const rd_range_domaint &other,

   trace_ptrt,

   trace_ptrt)

 {

   bool changed=has_values.is_false();

   has_values=tvt::unknown();


   valuest::iterator it=values.begin();

   for(const auto &value : other.values)

   {

     while(it!=values.end() && it->first<value.first)

       ++it;

     if(it==values.end() || value.first<it->first)

     {

       values.insert(value);

       changed=true;

     }

     else if(it!=values.end())

     {

       DATA_INVARIANT(it->first == value.first, "entries must match");


       if(merge_inner(it->second, value.second))

       {

         changed=true;

         export_cache.erase(it->first);

       }


       ++it;

     }

   }


   return changed;

 }


 bool rd_range_domaint::merge_shared(

   const rd_range_domaint &other,

   locationt,

   locationt,

   const namespacet &ns)

 {

   // TODO: dirty vars

 #if 0

   reaching_definitions_analysist *rd=

     dynamic_cast<reaching_definitions_analysist*>(&ai);

   assert(rd!=0);

 #endif


   bool changed=has_values.is_false();

   has_values=tvt::unknown();


   valuest::iterator it=values.begin();

   for(const auto &value : other.values)

   {

     const irep_idt &identifier=value.first;


     if(!ns.lookup(identifier).is_shared()

        /*&& !rd.get_is_dirty()(identifier)*/)

       continue;


     while(it!=values.end() && it->first<value.first)

       ++it;

     if(it==values.end() || value.first<it->first)

     {

       values.insert(value);

       changed=true;

     }

     else if(it!=values.end())

     {

       DATA_INVARIANT(it->first == value.first, "entries must match");


       if(merge_inner(it->second, value.second))

       {

         changed=true;

         export_cache.erase(it->first);

       }


       ++it;

     }

   }


   return changed;

 }


 const rd_range_domaint::ranges_at_loct &rd_range_domaint::get(

   const irep_idt &identifier) const

 {

   populate_cache(identifier);


   static ranges_at_loct empty;


   export_cachet::const_iterator entry=export_cache.find(identifier);


   if(entry==export_cache.end())

     return empty;

   else

     return entry->second;

 }


 void reaching_definitions_analysist::initialize(

   const goto_functionst &goto_functions)

 {

   auto value_sets_ = std::make_unique<value_set_analysis_fit>(ns);

   (*value_sets_)(goto_functions);

   value_sets=std::move(value_sets_);


   is_threaded = std::make_unique<is_threadedt>(goto_functions);


   is_dirty = std::make_unique<dirtyt>(goto_functions);


   concurrency_aware_ait<rd_range_domaint>::initialize(goto_functions);

 }

base_exceptions.h
Generic exception types primarily designed for use with invariants.

ai_baset
This is the basic interface of the abstract interpreter with default implementations of the core func...
Definition: ai.h:117

ai_baset::initialize
virtual void initialize(const irep_idt &function_id, const goto_programt &goto_program)
Initialize all the abstract states for a single function.
Definition: ai.cpp:194

ai_domain_baset::trace_ptrt
ai_history_baset::trace_ptrt trace_ptrt
Definition: ai_domain.h:73

ai_domain_baset::locationt
goto_programt::const_targett locationt
Definition: ai_domain.h:72

ai_domain_factory_baset::locationt
ai_domain_baset::locationt locationt
Definition: ai_domain.h:174

ai_domain_factoryt
Definition: ai_domain.h:200

bad_cast_exceptiont
Definition: base_exceptions.h:18

code_typet
Base type of functions.
Definition: std_types.h:583

code_typet::parameters
const parameterst & parameters() const
Definition: std_types.h:699

concurrency_aware_ait
Base class for concurrency-aware abstract interpretation.
Definition: ai.h:651

dstringt
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Definition: dstring.h:38

dstringt::empty
bool empty() const
Definition: dstring.h:89

goto_functionst
A collection of goto functions.
Definition: goto_functions.h:25

message_handlert
Definition: message.h:27

namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition: namespace.h:94

namespacet::lookup
bool lookup(const irep_idt &name, const symbolt *&symbol) const override
See documentation for namespace_baset::lookup().
Definition: namespace.cpp:148

nullptr_exceptiont
Definition: base_exceptions.h:30

range_domaint
Definition: goto_rw.h:175

range_spect
Data type to describe upper and lower bounds of the range of bits that a read or write access may aff...
Definition: goto_rw.h:61

range_spect::unknown
static range_spect unknown()
Definition: goto_rw.h:69

range_spect::to_range_spect
static range_spect to_range_spect(const mp_integer &size)
Definition: goto_rw.h:79

range_spect::is_unknown
bool is_unknown() const
Definition: goto_rw.h:74

rd_range_domain_factoryt
This ensures that all domains are constructed with the appropriate pointer back to the analysis engin...
Definition: reaching_definitions.cpp:32

rd_range_domain_factoryt::rd_range_domain_factoryt
rd_range_domain_factoryt(sparse_bitvector_analysist< reaching_definitiont > *_bv_container, message_handlert &message_handler)
Definition: reaching_definitions.cpp:34

rd_range_domain_factoryt::message_handler
message_handlert & message_handler
Definition: reaching_definitions.cpp:51

rd_range_domain_factoryt::bv_container
sparse_bitvector_analysist< reaching_definitiont > *const bv_container
Definition: reaching_definitions.cpp:50

rd_range_domain_factoryt::make
std::unique_ptr< statet > make(locationt) const override
Definition: reaching_definitions.cpp:42

rd_range_domaint
Because the class is inherited from ai_domain_baset, its instance represents an element of a domain o...
Definition: reaching_definitions.h:159

rd_range_domaint::populate_cache
void populate_cache(const irep_idt &identifier) const
Given the passed variable name identifier it collects data from bv_container for each ID in values[id...
Definition: reaching_definitions.cpp:73

rd_range_domaint::export_cache
export_cachet export_cache
It is a helper data structure.
Definition: reaching_definitions.h:297

rd_range_domaint::output
void output(std::ostream &out, const ai_baset &, const namespacet &) const final override
Definition: reaching_definitions.h:192

rd_range_domaint::kill_inf
void kill_inf(const irep_idt &identifier, const range_spect &range_start)
Definition: reaching_definitions.cpp:443

rd_range_domaint::transform_dead
void transform_dead(const namespacet &ns, locationt from)
Computes an instance obtained from a *this by transformation over DEAD v GOTO instruction.
Definition: reaching_definitions.cpp:138

rd_range_domaint::transform_start_thread
void transform_start_thread(const namespacet &ns, reaching_definitions_analysist &rd)
Definition: reaching_definitions.cpp:153

rd_range_domaint::get
const ranges_at_loct & get(const irep_idt &identifier) const
Definition: reaching_definitions.cpp:721

rd_range_domaint::clear_cache
void clear_cache(const irep_idt &identifier) const
Definition: reaching_definitions.h:256

rd_range_domaint::bv_container
sparse_bitvector_analysist< reaching_definitiont > *const bv_container
It points to the actual reaching definitions data of individual program variables.
Definition: reaching_definitions.h:274

rd_range_domaint::transform_function_call
void transform_function_call(const namespacet &ns, const irep_idt &function_from, locationt from, const irep_idt &function_to, reaching_definitions_analysist &rd)
Definition: reaching_definitions.cpp:178

rd_range_domaint::merge
bool merge(const rd_range_domaint &other, trace_ptrt from, trace_ptrt to)
Implements the "join" operation of two instances *this and other.
Definition: reaching_definitions.cpp:636

rd_range_domaint::transform_end_function
void transform_end_function(const namespacet &ns, const irep_idt &function_from, locationt from, const irep_idt &function_to, locationt to, reaching_definitions_analysist &rd)
Definition: reaching_definitions.cpp:243

rd_range_domaint::transform_assign
void transform_assign(const namespacet &ns, locationt from, const irep_idt &function_to, locationt to, reaching_definitions_analysist &rd)
Definition: reaching_definitions.cpp:305

rd_range_domaint::merge_inner
bool merge_inner(values_innert &dest, const values_innert &other)
Definition: reaching_definitions.cpp:586

rd_range_domaint::rangest
std::multimap< range_spect, range_spect > rangest
Definition: reaching_definitions.h:251

rd_range_domaint::gen
bool gen(locationt from, const irep_idt &identifier, const range_spect &range_start, const range_spect &range_end)
A utility function which updates internal data structures by inserting a new reaching definition reco...
Definition: reaching_definitions.cpp:481

rd_range_domaint::kill
void kill(const irep_idt &identifier, const range_spect &range_start, const range_spect &range_end)
Definition: reaching_definitions.cpp:343

rd_range_domaint::ranges_at_loct
std::map< locationt, rangest, goto_programt::target_less_than > ranges_at_loct
Definition: reaching_definitions.h:253

rd_range_domaint::has_values
tvt has_values
This (three value logic) flag determines, whether the instance represents top, bottom,...
Definition: reaching_definitions.h:265

rd_range_domaint::transform
void transform(const irep_idt &function_from, trace_ptrt trace_from, const irep_idt &function_to, trace_ptrt trace_to, ai_baset &ai, const namespacet &ns) final override
Computes an instance obtained from the instance *this by transformation over a GOTO instruction refer...
Definition: reaching_definitions.cpp:93

rd_range_domaint::valuest
std::map< irep_idt, values_innert > valuest
Definition: reaching_definitions.h:277

rd_range_domaint::values
valuest values
It is an ordered map from program variable names to IDs of reaching_definitiont instances stored in m...
Definition: reaching_definitions.h:283

rd_range_domaint::merge_shared
bool merge_shared(const rd_range_domaint &other, locationt from, locationt to, const namespacet &ns)
Definition: reaching_definitions.cpp:672

rd_range_domaint::values_innert
std::set< std::size_t > values_innert
Definition: reaching_definitions.h:276

rd_range_domaint::message_handler
message_handlert & message_handler
Definition: reaching_definitions.h:346

reaching_definitions_analysist
Definition: reaching_definitions.h:352

reaching_definitions_analysist::get_is_threaded
const is_threadedt & get_is_threaded() const
Definition: reaching_definitions.h:367

reaching_definitions_analysist::~reaching_definitions_analysist
virtual ~reaching_definitions_analysist()

reaching_definitions_analysist::is_threaded
std::unique_ptr< is_threadedt > is_threaded
Definition: reaching_definitions.h:382

reaching_definitions_analysist::is_dirty
std::unique_ptr< dirtyt > is_dirty
Definition: reaching_definitions.h:383

reaching_definitions_analysist::value_sets
std::unique_ptr< value_setst > value_sets
Definition: reaching_definitions.h:381

reaching_definitions_analysist::ns
const namespacet & ns
Definition: reaching_definitions.h:380

reaching_definitions_analysist::get_value_sets
value_setst & get_value_sets() const
Definition: reaching_definitions.h:361

reaching_definitions_analysist::reaching_definitions_analysist
reaching_definitions_analysist(const namespacet &_ns, message_handlert &)
Definition: reaching_definitions.cpp:54

reaching_definitions_analysist::get_is_dirty
const dirtyt & get_is_dirty() const
Definition: reaching_definitions.h:373

reaching_definitions_analysist::initialize
void initialize(const goto_functionst &goto_functions) override
Initialize all the abstract states for a whole program.
Definition: reaching_definitions.cpp:736

rw_range_set_value_sett
Definition: goto_rw.h:365

rw_range_sett::get_ranges
const range_domaint & get_ranges(const std::unique_ptr< range_domain_baset > &ranges) const
Definition: goto_rw.h:226

rw_range_sett::get_w_set
const objectst & get_w_set() const
Definition: goto_rw.h:220

sparse_bitvector_analysist< reaching_definitiont >

sparse_bitvector_analysist::get
const V & get(const std::size_t value_index) const
Definition: reaching_definitions.h:45

sparse_bitvector_analysist::values
std::vector< typename inner_mapt::const_iterator > values
It is a map from an ID to the corresponding reaching_definitiont instance inside the map value_map.
Definition: reaching_definitions.h:76

sparse_bitvector_analysist::add
std::size_t add(const V &value)
Definition: reaching_definitions.h:51

symbol_exprt
Expression to hold a symbol (variable)
Definition: std_expr.h:131

symbol_exprt::get_identifier
const irep_idt & get_identifier() const
Definition: std_expr.h:160

symbolt
Symbol table entry.
Definition: symbol.h:28

symbolt::is_shared
bool is_shared() const
Definition: symbol.h:101

tvt::is_known
bool is_known() const
Definition: threeval.h:28

tvt::to_string
const char * to_string() const
Definition: threeval.cpp:13

tvt::is_false
bool is_false() const
Definition: threeval.h:26

tvt::unknown
static tvt unknown()
Definition: threeval.h:33

dirty.h
Variables whose address is taken.

goto_rw
static void goto_rw(const irep_idt &function, goto_programt::const_targett target, const exprt &lhs, const exprt &function_expr, const exprt::operandst &arguments, rw_range_sett &rw_set)
Definition: goto_rw.cpp:845

is_threaded.h
Over-approximate Concurrency for Threaded Goto Programs.

pointer_offset_bits
std::optional< mp_integer > pointer_offset_bits(const typet &type, const namespacet &ns)
Definition: pointer_offset_size.cpp:102

pointer_offset_size.h
Pointer Logic.

reaching_definitions.h
Range-based reaching definitions analysis (following Field- Sensitive Program Dependence Analysis,...

INVARIANT_STRUCTURED
#define INVARIANT_STRUCTURED(CONDITION, TYPENAME,...)
Definition: invariant.h:407

CHECK_RETURN
#define CHECK_RETURN(CONDITION)
Definition: invariant.h:495

DATA_INVARIANT
#define DATA_INVARIANT(CONDITION, REASON)
This condition should be used to document that assumptions that are made on goto_functions,...
Definition: invariant.h:534

PRECONDITION
#define PRECONDITION(CONDITION)
Definition: invariant.h:463

to_symbol_expr
const symbol_exprt & to_symbol_expr(const exprt &expr)
Cast an exprt to a symbol_exprt.
Definition: std_expr.h:272

to_code_type
const code_typet & to_code_type(const typet &type)
Cast a typet to a code_typet.
Definition: std_types.h:788

reaching_definitiont
Identifies a GOTO instruction where a given variable is defined (i.e.
Definition: reaching_definitions.h:86

reaching_definitiont::bit_begin
range_spect bit_begin
The two integers below define a range of bits (i.e.
Definition: reaching_definitions.h:95

reaching_definitiont::definition_at
ai_domain_baset::locationt definition_at
The iterator to the GOTO instruction where the variable has been written to.
Definition: reaching_definitions.h:91

reaching_definitiont::identifier
irep_idt identifier
The name of the variable which was defined.
Definition: reaching_definitions.h:88

reaching_definitiont::bit_end
range_spect bit_end
Definition: reaching_definitions.h:96

value_set_analysis_fi.h
Value Set Propagation (flow insensitive)