cbmc/shadow__memory__util_8h_source.html

/*******************************************************************\


Module: Symex Shadow Memory Instrumentation


Author: Peter Schrammel


\*******************************************************************/


#ifndef CPROVER_GOTO_SYMEX_SHADOW_MEMORY_UTIL_H

#define CPROVER_GOTO_SYMEX_SHADOW_MEMORY_UTIL_H


#include <util/irep.h>

#include <util/message.h> // IWYU pragma: keep


#include "goto_symex_state.h" // IWYU pragma: keep


// To enable logging of Shadow Memory functions define DEBUG_SHADOW_MEMORY


class exprt;

class typet;


void shadow_memory_log_set_field(

  const namespacet &ns,

  const messaget &log,

  const irep_idt &field_name,

  const exprt &expr,

  const exprt &value);


void shadow_memory_log_value_set(

  const namespacet &ns,

  const messaget &log,

  const std::vector<exprt> &value_set);


void shadow_memory_log_get_field(

  const namespacet &ns,

  const messaget &log,

  const irep_idt &field_name,

  const exprt &expr);


void shadow_memory_log_value_set_match(

  const namespacet &ns,

  const messaget &log,

  const exprt &address,

  const exprt &expr);


void shadow_memory_log_text_and_expr(

  const namespacet &ns,

  const messaget &log,

  const char *text,

  const exprt &expr);


irep_idt extract_field_name(const exprt &string_expr);


void clean_pointer_expr(exprt &expr);


exprt deref_expr(const exprt &expr);


void replace_invalid_object_by_null(exprt &expr);


const exprt &

get_field_init_expr(const irep_idt &field_name, const goto_symex_statet &state);


std::vector<std::pair<exprt, exprt>> get_shadow_dereference_candidates(

  const namespacet &ns,

  const messaget &log,

  const exprt &matched_object,

  const std::vector<shadow_memory_statet::shadowed_addresst> &addresses,

  const typet &field_type,

  const exprt &expr,

  const typet &lhs_type,

  bool &exact_match);


const typet &

get_field_init_type(const irep_idt &field_name, const goto_symex_statet &state);


bool contains_null_or_invalid(

  const std::vector<exprt> &value_set,

  const exprt &address);


exprt compute_or_over_bytes(

  const exprt &expr,

  const typet &field_type,

  const namespacet &ns,

  const messaget &log,

  const bool is_union);


exprt compute_max_over_bytes(

  const exprt &expr,

  const typet &field_type,

  const namespacet &ns);


exprt build_if_else_expr(

  const std::vector<std::pair<exprt, exprt>> &conds_values);


bool check_value_set_contains_only_null_ptr(

  const namespacet &ns,

  const messaget &log,

  const std::vector<exprt> &value_set,

  const exprt &expr);


std::optional<exprt> get_shadow_memory(

  const exprt &expr,

  const std::vector<exprt> &value_set,

  const std::vector<shadow_memory_statet::shadowed_addresst> &addresses,

  const namespacet &ns,

  const messaget &log,

  size_t &mux_size);


#endif // CPROVER_GOTO_SYMEX_SHADOW_MEMORY_UTIL_H

ait
ait supplies three of the four components needed: an abstract interpreter (in this case handling func...
Definition ai.h:562

dstringt
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Definition dstring.h:38

exprt
Base class for all expressions.
Definition expr.h:56

goto_symex_statet
Central data structure: state.
Definition goto_symex_state.h:43

messaget
Class that provides messages with a built-in verbosity 'level'.
Definition message.h:154

namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition namespace.h:91

typet
The type of an expression, extends irept.
Definition type.h:29

goto_symex_state.h
Symbolic Execution.

irep.h

log
double log(double x)
Definition math.c:2449

replace_invalid_object_by_null
void replace_invalid_object_by_null(exprt &expr)
Replace an invalid object by a null pointer.
Definition shadow_memory_util.cpp:280

shadow_memory_log_value_set_match
void shadow_memory_log_value_set_match(const namespacet &ns, const messaget &log, const exprt &address, const exprt &expr)
Logs a successful match between an address and a value within the value set.
Definition shadow_memory_util.cpp:79

get_shadow_memory
std::optional< exprt > get_shadow_memory(const exprt &expr, const std::vector< exprt > &value_set, const std::vector< shadow_memory_statet::shadowed_addresst > &addresses, const namespacet &ns, const messaget &log, size_t &mux_size)
Get shadow memory values for a given expression within a specified value set.
Definition shadow_memory_util.cpp:1140

deref_expr
exprt deref_expr(const exprt &expr)
Wraps a given expression into a dereference_exprt unless it is an address_of_exprt in which case it j...
Definition shadow_memory_util.cpp:242

contains_null_or_invalid
bool contains_null_or_invalid(const std::vector< exprt > &value_set, const exprt &address)
Given a pointer expression check to see if it can be a null pointer or an invalid object within value...
Definition shadow_memory_util.cpp:318

get_field_init_expr
const exprt & get_field_init_expr(const irep_idt &field_name, const goto_symex_statet &state)
Retrieve the expression that a field was initialised with within a given symex state.
Definition shadow_memory_util.cpp:299

compute_or_over_bytes
exprt compute_or_over_bytes(const exprt &expr, const typet &field_type, const namespacet &ns, const messaget &log, const bool is_union)
Performs aggregation of the shadow memory field value over multiple bytes for fields whose type is _B...
Definition shadow_memory_util.cpp:439

check_value_set_contains_only_null_ptr
bool check_value_set_contains_only_null_ptr(const namespacet &ns, const messaget &log, const std::vector< exprt > &value_set, const exprt &expr)
Checks if value_set contains only a NULL pointer expression of the same type of expr.
Definition shadow_memory_util.cpp:1027

get_field_init_type
const typet & get_field_init_type(const irep_idt &field_name, const goto_symex_statet &state)
Retrieves the type of the shadow memory by returning the type of the shadow memory initializer value.
Definition shadow_memory_util.cpp:312

shadow_memory_log_set_field
void shadow_memory_log_set_field(const namespacet &ns, const messaget &log, const irep_idt &field_name, const exprt &expr, const exprt &value)
Logs setting a value to a given shadow field.
Definition shadow_memory_util.cpp:31

clean_pointer_expr
void clean_pointer_expr(exprt &expr)
Clean the given pointer expression so that it has the right shape for being used for identifying shad...
Definition shadow_memory_util.cpp:252

get_shadow_dereference_candidates
std::vector< std::pair< exprt, exprt > > get_shadow_dereference_candidates(const namespacet &ns, const messaget &log, const exprt &matched_object, const std::vector< shadow_memory_statet::shadowed_addresst > &addresses, const typet &field_type, const exprt &expr, const typet &lhs_type, bool &exact_match)
Get a list of (condition, value) pairs for a certain pointer from the shadow memory,...
Definition shadow_memory_util.cpp:850

compute_max_over_bytes
exprt compute_max_over_bytes(const exprt &expr, const typet &field_type, const namespacet &ns)
Performs aggregation of the shadow memory field value over multiple cells for fields whose type is a ...
Definition shadow_memory_util.cpp:600

build_if_else_expr
exprt build_if_else_expr(const std::vector< std::pair< exprt, exprt > > &conds_values)
Build an if-then-else chain from a vector containing pairs of expressions.
Definition shadow_memory_util.cpp:631

shadow_memory_log_get_field
void shadow_memory_log_get_field(const namespacet &ns, const messaget &log, const irep_idt &field_name, const exprt &expr)
Logs getting a value corresponding to a shadow memory field.
Definition shadow_memory_util.cpp:48

extract_field_name
irep_idt extract_field_name(const exprt &string_expr)
Extracts the field name identifier from a string expression, e.g.
Definition shadow_memory_util.cpp:212

shadow_memory_log_value_set
void shadow_memory_log_value_set(const namespacet &ns, const messaget &log, const std::vector< exprt > &value_set)
Logs the retrieval of the value associated with a given shadow memory field.
Definition shadow_memory_util.cpp:63

shadow_memory_log_text_and_expr
void shadow_memory_log_text_and_expr(const namespacet &ns, const messaget &log, const char *text, const exprt &expr)
Generic logging function that will log depending on the configured verbosity.
Definition shadow_memory_util.cpp:95

message.h