cbmc/safety__checker_8h_source.html

/*******************************************************************\


Module: Safety Checker Interface


Author: Daniel Kroening, kroening@kroening.com


\*******************************************************************/


#ifndef CPROVER_GOTO_PROGRAMS_SAFETY_CHECKER_H

#define CPROVER_GOTO_PROGRAMS_SAFETY_CHECKER_H


// this is just an interface -- it won't actually do any checking!


#include <util/invariant.h>

#include <util/message.h>


#include "goto_trace.h"


class goto_functionst;


class safety_checkert:public messaget

{

public:

  safety_checkert(const namespacet &_ns, message_handlert &_message_handler);


  enum class resultt

  {

    SAFE,

    UNSAFE,

    ERROR,

    PAUSED,

  };


  // check whether all assertions in goto_functions are safe

  // if UNSAFE, then a trace is returned


  virtual resultt operator()(

    const goto_functionst &goto_functions)=0;


  // this is the counterexample

  goto_tracet error_trace;


protected:

  // the namespace

  const namespacet &ns;

};


inline safety_checkert::resultt &


operator&=(safety_checkert::resultt &a, safety_checkert::resultt const &b)

{

  PRECONDITION(

    a != safety_checkert::resultt::PAUSED &&

    b != safety_checkert::resultt::PAUSED);

  switch(a)

  {

  case safety_checkert::resultt::ERROR:

    return a;

  case safety_checkert::resultt::SAFE:

    a = b;

    return a;

  case safety_checkert::resultt::UNSAFE:

    a = b == safety_checkert::resultt::ERROR ? b : a;

    return a;

  case safety_checkert::resultt::PAUSED:

    UNREACHABLE;

  }

  UNREACHABLE;

}


inline safety_checkert::resultt &


operator|=(safety_checkert::resultt &a, safety_checkert::resultt const &b)

{

  PRECONDITION(

    a != safety_checkert::resultt::PAUSED &&

    b != safety_checkert::resultt::PAUSED);

  switch(a)

  {

  case safety_checkert::resultt::SAFE:

    return a;

  case safety_checkert::resultt::ERROR:

    a = b;

    return a;

  case safety_checkert::resultt::UNSAFE:

    a = b == safety_checkert::resultt::SAFE ? b : a;

    return a;

  case safety_checkert::resultt::PAUSED:

    UNREACHABLE;

  }

  UNREACHABLE;

}


#endif // CPROVER_GOTO_PROGRAMS_SAFETY_CHECKER_H

ait
ait supplies three of the four components needed: an abstract interpreter (in this case handling func...
Definition ai.h:562

goto_functionst
A collection of goto functions.
Definition goto_functions.h:25

goto_tracet
Trace of a GOTO program.
Definition goto_trace.h:177

message_handlert
Definition message.h:27

messaget
Class that provides messages with a built-in verbosity 'level'.
Definition message.h:154

namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition namespace.h:91

safety_checkert
Definition safety_checker.h:25

safety_checkert::ns
const namespacet & ns
Definition safety_checker.h:54

safety_checkert::resultt
resultt
Definition safety_checker.h:30

safety_checkert::resultt::UNSAFE
@ UNSAFE
Some safety properties were violated.

safety_checkert::resultt::PAUSED
@ PAUSED
Symbolic execution has been suspended due to encountering a GOTO while doing path exploration; the sy...

safety_checkert::resultt::SAFE
@ SAFE
No safety properties were violated.

safety_checkert::resultt::ERROR
@ ERROR
Safety is unknown due to an error during safety checking.

safety_checkert::operator()
virtual resultt operator()(const goto_functionst &goto_functions)=0

safety_checkert::error_trace
goto_tracet error_trace
Definition safety_checker.h:50

goto_trace.h
Traces of GOTO Programs.

operator|=
safety_checkert::resultt & operator|=(safety_checkert::resultt &a, safety_checkert::resultt const &b)
The best of two results.
Definition safety_checker.h:92

operator&=
safety_checkert::resultt & operator&=(safety_checkert::resultt &a, safety_checkert::resultt const &b)
The worst of two results.
Definition safety_checker.h:64

invariant.h

UNREACHABLE
#define UNREACHABLE
This should be used to mark dead code.
Definition invariant.h:525

PRECONDITION
#define PRECONDITION(CONDITION)
Definition invariant.h:463

message.h