cbmc/shadow__memory__util_8h_source.html

 /*******************************************************************\


 Module: Symex Shadow Memory Instrumentation


 Author: Peter Schrammel


 \*******************************************************************/


 #ifndef CPROVER_GOTO_SYMEX_SHADOW_MEMORY_UTIL_H

 #define CPROVER_GOTO_SYMEX_SHADOW_MEMORY_UTIL_H


 #include <util/irep.h>

 #include <util/message.h> // IWYU pragma: keep


 #include "goto_symex_state.h" // IWYU pragma: keep


 // To enable logging of Shadow Memory functions define DEBUG_SHADOW_MEMORY


 class exprt;

 class typet;


 void shadow_memory_log_set_field(

   const namespacet &ns,

   const messaget &log,

   const irep_idt &field_name,

   const exprt &expr,

   const exprt &value);


 void shadow_memory_log_value_set(

   const namespacet &ns,

   const messaget &log,

   const std::vector<exprt> &value_set);


 void shadow_memory_log_get_field(

   const namespacet &ns,

   const messaget &log,

   const irep_idt &field_name,

   const exprt &expr);


 void shadow_memory_log_value_set_match(

   const namespacet &ns,

   const messaget &log,

   const exprt &address,

   const exprt &expr);


 void shadow_memory_log_text_and_expr(

   const namespacet &ns,

   const messaget &log,

   const char *text,

   const exprt &expr);


 irep_idt extract_field_name(const exprt &string_expr);


 void clean_pointer_expr(exprt &expr);


 exprt deref_expr(const exprt &expr);


 void replace_invalid_object_by_null(exprt &expr);


 const exprt &

 get_field_init_expr(const irep_idt &field_name, const goto_symex_statet &state);


 std::vector<std::pair<exprt, exprt>> get_shadow_dereference_candidates(

   const namespacet &ns,

   const messaget &log,

   const exprt &matched_object,

   const std::vector<shadow_memory_statet::shadowed_addresst> &addresses,

   const typet &field_type,

   const exprt &expr,

   const typet &lhs_type,

   bool &exact_match);


 const typet &

 get_field_init_type(const irep_idt &field_name, const goto_symex_statet &state);


 bool contains_null_or_invalid(

   const std::vector<exprt> &value_set,

   const exprt &address);


 exprt compute_or_over_bytes(

   const exprt &expr,

   const typet &field_type,

   const namespacet &ns,

   const messaget &log,

   const bool is_union);


 exprt compute_max_over_bytes(

   const exprt &expr,

   const typet &field_type,

   const namespacet &ns);


 exprt build_if_else_expr(

   const std::vector<std::pair<exprt, exprt>> &conds_values);


 bool check_value_set_contains_only_null_ptr(

   const namespacet &ns,

   const messaget &log,

   const std::vector<exprt> &value_set,

   const exprt &expr);


 std::optional<exprt> get_shadow_memory(

   const exprt &expr,

   const std::vector<exprt> &value_set,

   const std::vector<shadow_memory_statet::shadowed_addresst> &addresses,

   const namespacet &ns,

   const messaget &log,

   size_t &mux_size);


 #endif // CPROVER_GOTO_SYMEX_SHADOW_MEMORY_UTIL_H

dstringt
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Definition: dstring.h:38

exprt
Base class for all expressions.
Definition: expr.h:56

goto_symex_statet
Central data structure: state.
Definition: goto_symex_state.h:43

messaget
Class that provides messages with a built-in verbosity 'level'.
Definition: message.h:154

namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition: namespace.h:94

typet
The type of an expression, extends irept.
Definition: type.h:29

goto_symex_state.h
Symbolic Execution.

irep.h

log
double log(double x)
Definition: math.c:2776

build_if_else_expr
exprt build_if_else_expr(const std::vector< std::pair< exprt, exprt >> &conds_values)
Build an if-then-else chain from a vector containing pairs of expressions.
Definition: shadow_memory_util.cpp:631

replace_invalid_object_by_null
void replace_invalid_object_by_null(exprt &expr)
Replace an invalid object by a null pointer.
Definition: shadow_memory_util.cpp:280

shadow_memory_log_value_set_match
void shadow_memory_log_value_set_match(const namespacet &ns, const messaget &log, const exprt &address, const exprt &expr)
Logs a successful match between an address and a value within the value set.
Definition: shadow_memory_util.cpp:79

deref_expr
exprt deref_expr(const exprt &expr)
Wraps a given expression into a dereference_exprt unless it is an address_of_exprt in which case it j...
Definition: shadow_memory_util.cpp:242

contains_null_or_invalid
bool contains_null_or_invalid(const std::vector< exprt > &value_set, const exprt &address)
Given a pointer expression check to see if it can be a null pointer or an invalid object within value...
Definition: shadow_memory_util.cpp:318

compute_or_over_bytes
exprt compute_or_over_bytes(const exprt &expr, const typet &field_type, const namespacet &ns, const messaget &log, const bool is_union)
Performs aggregation of the shadow memory field value over multiple bytes for fields whose type is _B...
Definition: shadow_memory_util.cpp:439

check_value_set_contains_only_null_ptr
bool check_value_set_contains_only_null_ptr(const namespacet &ns, const messaget &log, const std::vector< exprt > &value_set, const exprt &expr)
Checks if value_set contains only a NULL pointer expression of the same type of expr.
Definition: shadow_memory_util.cpp:1027

shadow_memory_log_set_field
void shadow_memory_log_set_field(const namespacet &ns, const messaget &log, const irep_idt &field_name, const exprt &expr, const exprt &value)
Logs setting a value to a given shadow field.
Definition: shadow_memory_util.cpp:31

get_field_init_type
const typet & get_field_init_type(const irep_idt &field_name, const goto_symex_statet &state)
Retrieves the type of the shadow memory by returning the type of the shadow memory initializer value.
Definition: shadow_memory_util.cpp:312

get_field_init_expr
const exprt & get_field_init_expr(const irep_idt &field_name, const goto_symex_statet &state)
Retrieve the expression that a field was initialised with within a given symex state.
Definition: shadow_memory_util.cpp:299

clean_pointer_expr
void clean_pointer_expr(exprt &expr)
Clean the given pointer expression so that it has the right shape for being used for identifying shad...
Definition: shadow_memory_util.cpp:252

get_shadow_dereference_candidates
std::vector< std::pair< exprt, exprt > > get_shadow_dereference_candidates(const namespacet &ns, const messaget &log, const exprt &matched_object, const std::vector< shadow_memory_statet::shadowed_addresst > &addresses, const typet &field_type, const exprt &expr, const typet &lhs_type, bool &exact_match)
Get a list of (condition, value) pairs for a certain pointer from the shadow memory,...
Definition: shadow_memory_util.cpp:850

compute_max_over_bytes
exprt compute_max_over_bytes(const exprt &expr, const typet &field_type, const namespacet &ns)
Performs aggregation of the shadow memory field value over multiple cells for fields whose type is a ...
Definition: shadow_memory_util.cpp:600

shadow_memory_log_get_field
void shadow_memory_log_get_field(const namespacet &ns, const messaget &log, const irep_idt &field_name, const exprt &expr)
Logs getting a value corresponding to a shadow memory field.
Definition: shadow_memory_util.cpp:48

extract_field_name
irep_idt extract_field_name(const exprt &string_expr)
Extracts the field name identifier from a string expression, e.g.
Definition: shadow_memory_util.cpp:212

shadow_memory_log_value_set
void shadow_memory_log_value_set(const namespacet &ns, const messaget &log, const std::vector< exprt > &value_set)
Logs the retrieval of the value associated with a given shadow memory field.
Definition: shadow_memory_util.cpp:63

shadow_memory_log_text_and_expr
void shadow_memory_log_text_and_expr(const namespacet &ns, const messaget &log, const char *text, const exprt &expr)
Generic logging function that will log depending on the configured verbosity.
Definition: shadow_memory_util.cpp:95

get_shadow_memory
std::optional< exprt > get_shadow_memory(const exprt &expr, const std::vector< exprt > &value_set, const std::vector< shadow_memory_statet::shadowed_addresst > &addresses, const namespacet &ns, const messaget &log, size_t &mux_size)
Get shadow memory values for a given expression within a specified value set.
Definition: shadow_memory_util.cpp:1140

message.h