CBMC
Loading...
Searching...
No Matches
rewrite_rw_ok.cpp
Go to the documentation of this file.
1/*******************************************************************\
2
3Module: Rewrite {r,w,rw}_ok expressions as required by symbolic execution
4
5Author: Michael Tautschnig
6
7\*******************************************************************/
8
9#include "rewrite_rw_ok.h"
10
11#include <util/expr_iterator.h>
12#include <util/pointer_expr.h>
13
14#include <goto-programs/goto_model.h>
15
16static std::optional<exprt> rewrite_rw_ok(exprt expr, const namespacet &ns)
17{
18 bool unchanged = true;
19
20 for(auto it = expr.depth_begin(), itend = expr.depth_end();
21 it != itend;) // no ++it
22 {
23 if(auto r_or_w_ok = expr_try_dynamic_cast<r_or_w_ok_exprt>(*it))
24 {
25 const auto &id = it->id();
26 exprt replacement =
27 prophecy_r_or_w_ok_exprt{
28 id == ID_r_ok ? ID_prophecy_r_ok
29 : id == ID_w_ok ? ID_prophecy_w_ok
30 : ID_prophecy_rw_ok,
31 r_or_w_ok->pointer(),
32 r_or_w_ok->size(),
33 ns.lookup(CPROVER_PREFIX "deallocated").symbol_expr(),
34 ns.lookup(CPROVER_PREFIX "dead_object").symbol_expr()}
35 .with_source_location(*it);
36
37 it.mutate() = std::move(replacement);
38 unchanged = false;
39 it.next_sibling_or_parent();
40 }
41 else if(
42 auto pointer_in_range =
43 expr_try_dynamic_cast<pointer_in_range_exprt>(*it))
44 {
45 exprt replacement =
46 prophecy_pointer_in_range_exprt{
47 pointer_in_range->lower_bound(),
48 pointer_in_range->pointer(),
49 pointer_in_range->upper_bound(),
50 ns.lookup(CPROVER_PREFIX "deallocated").symbol_expr(),
51 ns.lookup(CPROVER_PREFIX "dead_object").symbol_expr()}
52 .with_source_location(*it);
53
54 it.mutate() = std::move(replacement);
55 unchanged = false;
56 it.next_sibling_or_parent();
57 }
58 else
59 ++it;
60 }
61
62 if(unchanged)
63 return {};
64 else
65 return std::move(expr);
66}
67
68static void rewrite_rw_ok(
69 goto_functionst::goto_functiont &goto_function,
70 const namespacet &ns)
71{
72 for(auto &instruction : goto_function.body.instructions)
73 instruction.transform(
74 [&ns](exprt expr) { return rewrite_rw_ok(expr, ns); });
75}
76
77void rewrite_rw_ok(goto_modelt &goto_model)
78{
79 const namespacet ns(goto_model.symbol_table);
80
81 for(auto &gf_entry : goto_model.goto_functions.function_map)
82 rewrite_rw_ok(gf_entry.second, ns);
83}
ait
ait supplies three of the four components needed: an abstract interpreter (in this case handling func...
Definition ai.h:562
exprt
Base class for all expressions.
Definition expr.h:56
exprt::depth_end
depth_iteratort depth_end()
Definition expr.cpp:249
exprt::depth_begin
depth_iteratort depth_begin()
Definition expr.cpp:247
goto_functionst::function_map
function_mapt function_map
Definition goto_functions.h:29
goto_functionst::goto_functiont
::goto_functiont goto_functiont
Definition goto_functions.h:27
goto_modelt
Definition goto_model.h:27
goto_modelt::symbol_table
symbol_tablet symbol_table
Symbol table.
Definition goto_model.h:31
goto_modelt::goto_functions
goto_functionst goto_functions
GOTO functions.
Definition goto_model.h:34
namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition namespace.h:91
namespacet::lookup
bool lookup(const irep_idt &name, const symbolt *&symbol) const override
See documentation for namespace_baset::lookup().
Definition namespace.cpp:134
prophecy_pointer_in_range_exprt
pointer_in_range (see pointer_in_range_exprt) with prophecy expressions to encode whether a pointer r...
Definition pointer_expr.h:453
prophecy_r_or_w_ok_exprt
A base class for a predicate that indicates that an address range is ok to read or write or both.
Definition pointer_expr.h:1019
CPROVER_PREFIX
#define CPROVER_PREFIX
Definition cprover_prefix.h:14
expr_iterator.h
Forward depth-first search iterators These iterators' copy operations are expensive,...
goto_model.h
Symbol Table + CFG.
pointer_expr.h
API to expression classes for Pointers.
rewrite_rw_ok
static std::optional< exprt > rewrite_rw_ok(exprt expr, const namespacet &ns)
Definition rewrite_rw_ok.cpp:16
rewrite_rw_ok.h
Rewrite r/w/rw_ok expressions to ones including prophecy variables recording the state.