CBMC
simple_method_stubbing.cpp
Go to the documentation of this file.
1 /*******************************************************************\
2 
3 Module: Simple Java method stubbing
4 
5 Author: Diffblue Ltd.
6 
7 \*******************************************************************/
8 
11 
12 #include "simple_method_stubbing.h"
13 
14 #include <java_bytecode/java_object_factory.h>
15 #include <java_bytecode/java_object_factory_parameters.h>
16 #include <java_bytecode/java_pointer_casts.h>
17 #include <java_bytecode/java_types.h>
18 
19 #include "java_utils.h"
20 #include <util/invariant_utils.h>
21 #include <util/namespace.h>
22 #include <util/std_code.h>
23 #include <util/symbol_table_base.h>
24 
25 class java_simple_method_stubst
26 {
27 public:
28  java_simple_method_stubst(
29  symbol_table_baset &_symbol_table,
30  bool _assume_non_null,
31  const java_object_factory_parameterst &_object_factory_parameters,
32  message_handlert &_message_handler)
33  : symbol_table(_symbol_table),
34  assume_non_null(_assume_non_null),
35  object_factory_parameters(_object_factory_parameters),
36  message_handler(_message_handler)
37  {
38  }
39 
40  void create_method_stub_at(
41  const typet &expected_type,
42  const exprt &ptr,
43  const source_locationt &loc,
44  const irep_idt &function_id,
45  code_blockt &parent_block,
46  unsigned insert_before_index,
47  bool is_constructor,
48  bool update_in_place);
49 
50  void create_method_stub(symbolt &symbol);
51 
52  void check_method_stub(const irep_idt &);
53 
54 protected:
55  symbol_table_baset &symbol_table;
56  bool assume_non_null;
57  const java_object_factory_parameterst &object_factory_parameters;
58  message_handlert &message_handler;
59 };
60 
81 void java_simple_method_stubst::create_method_stub_at(
82  const typet &expected_type,
83  const exprt &ptr,
84  const source_locationt &loc,
85  const irep_idt &function_id,
86  code_blockt &parent_block,
87  const unsigned insert_before_index,
88  const bool is_constructor,
89  const bool update_in_place)
90 {
91  // At this point we know 'ptr' points to an opaque-typed object.
92  // We should nondet-initialize it and insert the instructions *after*
93  // the offending call at (*parent_block)[insert_before_index].
94 
95  INVARIANT_WITH_IREP(
96  expected_type.id() == ID_pointer,
97  "Nondet initializer result type: expected a pointer",
98  expected_type);
99 
100  if(to_pointer_type(expected_type).base_type().id() != ID_struct_tag)
101  return;
102 
103  namespacet ns(symbol_table);
104  const exprt cast_ptr =
105  make_clean_pointer_cast(ptr, to_pointer_type(expected_type), ns);
106 
107  exprt to_init = cast_ptr;
108  // If it's a constructor the thing we're constructing has already
109  // been allocated by this point.
110  if(is_constructor)
111  to_init = dereference_exprt(to_init);
112 
113  java_object_factory_parameterst parameters = object_factory_parameters;
114  if(assume_non_null)
115  parameters.min_null_tree_depth = 1;
116 
117  // Generate new instructions.
118  code_blockt new_instructions;
119  parameters.function_id = function_id;
120  gen_nondet_init(
121  to_init,
122  new_instructions,
123  symbol_table,
124  loc,
125  is_constructor,
126  lifetimet::DYNAMIC,
127  parameters,
128  update_in_place ? update_in_placet::MUST_UPDATE_IN_PLACE
129  : update_in_placet::NO_UPDATE_IN_PLACE,
130  message_handler);
131 
132  // Insert new_instructions into parent block.
133  if(!new_instructions.statements().empty())
134  {
135  auto insert_position = parent_block.statements().begin();
136  std::advance(insert_position, insert_before_index);
137  parent_block.statements().insert(
138  insert_position,
139  new_instructions.statements().begin(),
140  new_instructions.statements().end());
141  }
142 }
143 
148 void java_simple_method_stubst::create_method_stub(symbolt &symbol)
149 {
150  code_blockt new_instructions;
151  java_method_typet &required_type = to_java_method_type(symbol.type);
152 
153  // synthetic source location that contains the opaque function name only
154  source_locationt synthesized_source_location;
155  synthesized_source_location.set_function(symbol.name);
156 
157  // make sure all parameters are named
158  for(auto &parameter : required_type.parameters())
159  {
160  if(parameter.get_identifier().empty())
161  {
162  symbolt &parameter_symbol = fresh_java_symbol(
163  parameter.type(),
164  "#anon",
165  synthesized_source_location,
166  symbol.name,
167  symbol_table);
168  parameter_symbol.is_parameter = true;
169  parameter.set_base_name(parameter_symbol.base_name);
170  parameter.set_identifier(parameter_symbol.name);
171  }
172  }
173 
174  // Initialize the return value or `this` parameter under construction.
175  // Note symbol.type is required_type, but with write access
176  // Probably required_type should not be const
177  const bool is_constructor = required_type.get_is_constructor();
178  if(is_constructor)
179  {
180  const auto &this_argument = required_type.parameters()[0];
181  const typet &this_type = this_argument.type();
182  symbolt &init_symbol = fresh_java_symbol(
183  this_type,
184  "to_construct",
185  synthesized_source_location,
186  symbol.name,
187  symbol_table);
188  const symbol_exprt &init_symbol_expression = init_symbol.symbol_expr();
189  code_frontend_assignt get_argument(
190  init_symbol_expression,
191  symbol_exprt(this_argument.get_identifier(), this_type));
192  get_argument.add_source_location() = synthesized_source_location;
193  new_instructions.add(get_argument);
194  create_method_stub_at(
195  this_type,
196  init_symbol_expression,
197  synthesized_source_location,
198  symbol.name,
199  new_instructions,
200  1,
201  true,
202  false);
203  }
204  else
205  {
206  const typet &required_return_type = required_type.return_type();
207  if(required_return_type != java_void_type())
208  {
209  symbolt &to_return_symbol = fresh_java_symbol(
210  required_return_type,
211  "to_return",
212  synthesized_source_location,
213  symbol.name,
214  symbol_table);
215  const exprt &to_return = to_return_symbol.symbol_expr();
216  if(to_return_symbol.type.id() != ID_pointer)
217  {
218  java_object_factory_parameterst parameters = object_factory_parameters;
219  if(assume_non_null)
220  parameters.min_null_tree_depth = 1;
221 
222  gen_nondet_init(
223  to_return,
224  new_instructions,
225  symbol_table,
226  source_locationt(),
227  false,
228  lifetimet::AUTOMATIC_LOCAL, // Irrelevant as type is primitive
229  parameters,
230  update_in_placet::NO_UPDATE_IN_PLACE,
231  message_handler);
232  }
233  else
234  create_method_stub_at(
235  required_return_type,
236  to_return,
237  synthesized_source_location,
238  symbol.name,
239  new_instructions,
240  0,
241  false,
242  false);
243  new_instructions.add(code_frontend_returnt(to_return));
244  }
245  }
246 
247  symbol.value = new_instructions;
248 }
249 
253 void java_simple_method_stubst::check_method_stub(const irep_idt &symname)
254 {
255  const symbolt &sym = symbol_table.lookup_ref(symname);
256  if(!sym.is_type && sym.value.id() == ID_nil &&
257  sym.type.id() == ID_code &&
258  // do not stub internal locking calls as 'create_method_stub' does not
259  // automatically create the appropriate symbols for the formal parameters.
260  // This means that symex will (rightfully) crash when it encounters the
261  // function call as it will not be able to find symbols for the fromal
262  // parameters.
263  sym.name !=
264  "java::java.lang.Object.monitorenter:(Ljava/lang/Object;)V" &&
265  sym.name !=
266  "java::java.lang.Object.monitorexit:(Ljava/lang/Object;)V")
267  {
268  create_method_stub(symbol_table.get_writeable_ref(symname));
269  }
270 }
271 
272 void java_generate_simple_method_stub(
273  const irep_idt &function_name,
274  symbol_table_baset &symbol_table,
275  bool assume_non_null,
276  const java_object_factory_parameterst &object_factory_parameters,
277  message_handlert &message_handler)
278 {
279  java_simple_method_stubst stub_generator(
280  symbol_table, assume_non_null, object_factory_parameters, message_handler);
281 
282  stub_generator.check_method_stub(function_name);
283 }
284 
294 void java_generate_simple_method_stubs(
295  symbol_table_baset &symbol_table,
296  bool assume_non_null,
297  const java_object_factory_parameterst &object_factory_parameters,
298  message_handlert &message_handler)
299 {
300  // The intent here is to apply stub_generator.check_method_stub() to
301  // all the identifiers in the symbol table. However this method may alter the
302  // symbol table and iterating over a container which is being modified has
303  // undefined behaviour. Therefore in order for this to work reliably, we must
304  // take a copy of the identifiers in the symbol table and iterate over that,
305  // instead of iterating over the symbol table itself.
306  std::vector<irep_idt> identifiers;
307  identifiers.reserve(symbol_table.symbols.size());
308  for(const auto &symbol : symbol_table)
309  identifiers.push_back(symbol.first);
310 
311  java_simple_method_stubst stub_generator(
312  symbol_table, assume_non_null, object_factory_parameters, message_handler);
313 
314  for(const auto &identifier : identifiers)
315  {
316  stub_generator.check_method_stub(identifier);
317  }
318 }
lifetimet::DYNAMIC
@ DYNAMIC
Allocate dynamic objects (using ALLOCATE)
lifetimet::AUTOMATIC_LOCAL
@ AUTOMATIC_LOCAL
Allocate local objects with automatic lifetime.
code_blockt
A codet representing sequential composition of program statements.
Definition: std_code.h:130
code_blockt::add
void add(const codet &code)
Definition: std_code.h:168
code_blockt::statements
code_operandst & statements()
Definition: std_code.h:138
code_frontend_assignt
A codet representing an assignment in the program.
Definition: std_code.h:24
code_frontend_returnt
codet representation of a "return from a function" statement.
Definition: std_code.h:893
code_typet::return_type
const typet & return_type() const
Definition: std_types.h:689
code_typet::get_is_constructor
bool get_is_constructor() const
Definition: std_types.h:729
code_typet::parameters
const parameterst & parameters() const
Definition: std_types.h:699
dereference_exprt
Operator to dereference a pointer.
Definition: pointer_expr.h:834
dstringt
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Definition: dstring.h:38
exprt
Base class for all expressions.
Definition: expr.h:56
exprt::add_source_location
source_locationt & add_source_location()
Definition: expr.h:236
irept::id
const irep_idt & id() const
Definition: irep.h:388
java_method_typet
Definition: java_types.h:100
java_simple_method_stubst
Definition: simple_method_stubbing.cpp:26
java_simple_method_stubst::check_method_stub
void check_method_stub(const irep_idt &)
Replaces sym with a function stub per the function above if it is of suitable type.
Definition: simple_method_stubbing.cpp:253
java_simple_method_stubst::message_handler
message_handlert & message_handler
Definition: simple_method_stubbing.cpp:58
java_simple_method_stubst::object_factory_parameters
const java_object_factory_parameterst & object_factory_parameters
Definition: simple_method_stubbing.cpp:57
java_simple_method_stubst::symbol_table
symbol_table_baset & symbol_table
Definition: simple_method_stubbing.cpp:55
java_simple_method_stubst::java_simple_method_stubst
java_simple_method_stubst(symbol_table_baset &_symbol_table, bool _assume_non_null, const java_object_factory_parameterst &_object_factory_parameters, message_handlert &_message_handler)
Definition: simple_method_stubbing.cpp:28
java_simple_method_stubst::create_method_stub_at
void create_method_stub_at(const typet &expected_type, const exprt &ptr, const source_locationt &loc, const irep_idt &function_id, code_blockt &parent_block, unsigned insert_before_index, bool is_constructor, bool update_in_place)
Nondet-initialize an object, including allocating referees for reference fields and nondet-initialisi...
Definition: simple_method_stubbing.cpp:81
java_simple_method_stubst::assume_non_null
bool assume_non_null
Definition: simple_method_stubbing.cpp:56
java_simple_method_stubst::create_method_stub
void create_method_stub(symbolt &symbol)
Replaces sym's value with an opaque method stub.
Definition: simple_method_stubbing.cpp:148
message_handlert
Definition: message.h:27
namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition: namespace.h:94
source_locationt
Definition: source_location.h:20
source_locationt::set_function
void set_function(const irep_idt &function)
Definition: source_location.h:135
symbol_exprt
Expression to hold a symbol (variable)
Definition: std_expr.h:131
symbol_table_baset
The symbol table base class interface.
Definition: symbol_table_base.h:23
symbol_table_baset::get_writeable_ref
symbolt & get_writeable_ref(const irep_idt &name)
Find a symbol in the symbol table for read-write access.
Definition: symbol_table_base.h:149
symbol_table_baset::symbols
const symbolst & symbols
Read-only field, used to look up symbols given their names.
Definition: symbol_table_base.h:31
symbol_table_baset::lookup_ref
const symbolt & lookup_ref(const irep_idt &name) const
Find a symbol in the symbol table for read-only access.
Definition: symbol_table_base.h:105
symbolt
Symbol table entry.
Definition: symbol.h:28
symbolt::base_name
irep_idt base_name
Base (non-scoped) name.
Definition: symbol.h:46
symbolt::is_parameter
bool is_parameter
Definition: symbol.h:76
symbolt::is_type
bool is_type
Definition: symbol.h:61
symbolt::symbol_expr
class symbol_exprt symbol_expr() const
Produces a symbol_exprt for a symbol.
Definition: symbol.cpp:121
symbolt::type
typet type
Type of symbol.
Definition: symbol.h:31
symbolt::name
irep_idt name
The unique identifier.
Definition: symbol.h:40
symbolt::value
exprt value
Initial value of symbol.
Definition: symbol.h:34
typet
The type of an expression, extends irept.
Definition: type.h:29
invariant_utils.h
INVARIANT_WITH_IREP
#define INVARIANT_WITH_IREP(CONDITION, DESCRIPTION, IREP)
Equivalent to INVARIANT_STRUCTURED(CONDITION, invariant_failedt, pretty_print_invariant_with_irep(IRE...
Definition: invariant_utils.h:30
is_constructor
static bool is_constructor(const irep_idt &method_name)
Definition: java_bytecode_convert_method.cpp:119
init_symbol
static std::unordered_set< irep_idt > init_symbol(const symbolt &sym, code_blockt &code_block, symbol_table_baset &symbol_table, const source_locationt &source_location, bool assume_init_pointers_not_null, const java_object_factory_parameterst &object_factory_parameters, const select_pointer_typet &pointer_type_selector, bool string_refinement_enabled, message_handlert &message_handler)
Definition: java_entry_point.cpp:108
gen_nondet_init
void gen_nondet_init(const exprt &expr, code_blockt &init_code, symbol_table_baset &symbol_table, const source_locationt &loc, bool skip_classid, lifetimet lifetime, const java_object_factory_parameterst &object_factory_parameters, const select_pointer_typet &pointer_type_selector, update_in_placet update_in_place, message_handlert &log)
Initializes a primitive-typed or reference-typed object tree rooted at expr, allocating child objects...
Definition: java_object_factory.cpp:1621
java_object_factory.h
This module is responsible for the synthesis of code (in the form of a sequence of codet statements) ...
update_in_placet::NO_UPDATE_IN_PLACE
@ NO_UPDATE_IN_PLACE
update_in_placet::MUST_UPDATE_IN_PLACE
@ MUST_UPDATE_IN_PLACE
java_object_factory_parameters.h
make_clean_pointer_cast
exprt make_clean_pointer_cast(const exprt &rawptr, const pointer_typet &target_type, const namespacet &ns)
Definition: java_pointer_casts.cpp:75
java_pointer_casts.h
JAVA Pointer Casts.
java_void_type
empty_typet java_void_type()
Definition: java_types.cpp:37
java_types.h
to_java_method_type
const java_method_typet & to_java_method_type(const typet &type)
Definition: java_types.h:183
fresh_java_symbol
symbolt & fresh_java_symbol(const typet &type, const std::string &basename_prefix, const source_locationt &source_location, const irep_idt &function_name, symbol_table_baset &symbol_table)
Definition: java_utils.cpp:555
java_utils.h
to_pointer_type
const pointer_typet & to_pointer_type(const typet &type)
Cast a typet to a pointer_typet.
Definition: pointer_expr.h:93
java_generate_simple_method_stub
void java_generate_simple_method_stub(const irep_idt &function_name, symbol_table_baset &symbol_table, bool assume_non_null, const java_object_factory_parameterst &object_factory_parameters, message_handlert &message_handler)
Definition: simple_method_stubbing.cpp:272
java_generate_simple_method_stubs
void java_generate_simple_method_stubs(symbol_table_baset &symbol_table, bool assume_non_null, const java_object_factory_parameterst &object_factory_parameters, message_handlert &message_handler)
Generates function stubs for most undefined functions in the symbol table, except as forbidden in jav...
Definition: simple_method_stubbing.cpp:294
simple_method_stubbing.h
Java simple opaque stub generation.
std_code.h
java_object_factory_parameterst
Definition: java_object_factory_parameters.h:16
object_factory_parameterst::function_id
irep_idt function_id
Function id, used as a prefix for identifiers of temporaries.
Definition: object_factory_parameters.h:79
object_factory_parameterst::min_null_tree_depth
size_t min_null_tree_depth
To force a certain depth of non-null objects.
Definition: object_factory_parameters.h:70
symbol_table_base.h
Author: Diffblue Ltd.