CBMC
string_constraint_generator_transformation.cpp
Go to the documentation of this file.
1 /*******************************************************************\
2 
3 Module: Generates string constraints for string transformations,
4  that is, functions taking one string and returning another
5 
6 Author: Romain Brenguier, romain.brenguier@diffblue.com
7 
8 \*******************************************************************/
9 
13 
14 #include "string_constraint_generator.h"
15 
16 #include <util/arith_tools.h>
17 #include <util/mathematical_expr.h>
18 
38 std::pair<exprt, string_constraintst>
39 string_constraint_generatort::add_axioms_for_set_length(
40  const function_application_exprt &f)
41 {
42  PRECONDITION(f.arguments().size() == 4);
43  string_constraintst constraints;
44  const array_string_exprt res =
45  array_pool.find(f.arguments()[1], f.arguments()[0]);
46  const array_string_exprt s1 = get_string_expr(array_pool, f.arguments()[2]);
47  const exprt &k = f.arguments()[3];
48  const typet &index_type = s1.length_type();
49  const typet &char_type = to_type_with_subtype(s1.content().type()).subtype();
50 
51  // We add axioms:
52  // a1 : |res|=max(k, 0)
53  // a2 : forall i< min(|s1|, k) .res[i] = s1[i]
54  // a3 : forall |s1| <= i < |res|. res[i] = 0
55 
56  constraints.existential.push_back(
57  equal_to(array_pool.get_or_create_length(res), zero_if_negative(k)));
58 
59  const symbol_exprt idx = fresh_symbol("QA_index_set_length", index_type);
60  const string_constraintt a2(
61  idx,
62  zero_if_negative(minimum(array_pool.get_or_create_length(s1), k)),
63  equal_exprt(s1[idx], res[idx]),
64  message_handler);
65  constraints.universal.push_back(a2);
66 
67  symbol_exprt idx2 = fresh_symbol("QA_index_set_length2", index_type);
68  string_constraintt a3(
69  idx2,
70  zero_if_negative(array_pool.get_or_create_length(s1)),
71  zero_if_negative(array_pool.get_or_create_length(res)),
72  equal_exprt(res[idx2], from_integer(0, char_type)),
73  message_handler);
74  constraints.universal.push_back(a3);
75 
76  return {from_integer(0, get_return_code_type()), std::move(constraints)};
77 }
78 
81 // NOLINTNEXTLINE
83 // NOLINTNEXTLINE
95 std::pair<exprt, string_constraintst>
96 string_constraint_generatort::add_axioms_for_substring(
97  const function_application_exprt &f)
98 {
99  const function_application_exprt::argumentst &args = f.arguments();
100  PRECONDITION(args.size() == 4 || args.size() == 5);
101  const array_string_exprt str = get_string_expr(array_pool, args[2]);
102  const array_string_exprt res = array_pool.find(args[1], args[0]);
103  const exprt &i = args[3];
104  const exprt j =
105  args.size() == 5 ? args[4] : array_pool.get_or_create_length(str);
106  return add_axioms_for_substring(res, str, i, j);
107 }
108 
123 std::pair<exprt, string_constraintst>
124 string_constraint_generatort::add_axioms_for_substring(
125  const array_string_exprt &res,
126  const array_string_exprt &str,
127  const exprt &start,
128  const exprt &end)
129 {
130  const typet &index_type = str.length_type();
131  PRECONDITION(start.type() == index_type);
132  PRECONDITION(end.type() == index_type);
133 
134  string_constraintst constraints;
135  const exprt start1 = maximum(start, from_integer(0, start.type()));
136  const exprt end1 =
137  maximum(minimum(end, array_pool.get_or_create_length(str)), start1);
138 
139  // Axiom 1.
140  constraints.existential.push_back(equal_exprt(
141  array_pool.get_or_create_length(res), minus_exprt(end1, start1)));
142 
143  // Axiom 2.
144  constraints.universal.push_back([&] {
145  const symbol_exprt idx = fresh_symbol("QA_index_substring", index_type);
146  return string_constraintt(
147  idx,
148  zero_if_negative(array_pool.get_or_create_length(res)),
149  equal_exprt(res[idx], str[plus_exprt(start1, idx)]),
150  message_handler);
151  }());
152 
153  return {from_integer(0, get_return_code_type()), std::move(constraints)};
154 }
155 
182 std::pair<exprt, string_constraintst>
183 string_constraint_generatort::add_axioms_for_trim(
184  const function_application_exprt &f)
185 {
186  PRECONDITION(f.arguments().size() == 3);
187  string_constraintst constraints;
188  const array_string_exprt &str = get_string_expr(array_pool, f.arguments()[2]);
189  const array_string_exprt &res =
190  array_pool.find(f.arguments()[1], f.arguments()[0]);
191  const typet &index_type = str.length_type();
192  const typet &char_type = to_type_with_subtype(str.content().type()).subtype();
193  const symbol_exprt idx = fresh_symbol("index_trim", index_type);
194  const exprt space_char = from_integer(' ', char_type);
195 
196  // Axiom 1.
197  constraints.existential.push_back(greater_or_equal_to(
198  array_pool.get_or_create_length(str),
199  plus_exprt(idx, array_pool.get_or_create_length(res))));
200 
201  binary_relation_exprt a2(idx, ID_ge, from_integer(0, index_type));
202  constraints.existential.push_back(a2);
203 
204  const exprt a3 =
205  greater_or_equal_to(array_pool.get_or_create_length(str), idx);
206  constraints.existential.push_back(a3);
207 
208  const exprt a4 = greater_or_equal_to(
209  array_pool.get_or_create_length(res), from_integer(0, index_type));
210  constraints.existential.push_back(a4);
211 
212  const exprt a5 = less_than_or_equal_to(
213  array_pool.get_or_create_length(res), array_pool.get_or_create_length(str));
214  constraints.existential.push_back(a5);
215 
216  symbol_exprt n = fresh_symbol("QA_index_trim", index_type);
217  binary_relation_exprt non_print(str[n], ID_le, space_char);
218  string_constraintt a6(n, zero_if_negative(idx), non_print, message_handler);
219  constraints.universal.push_back(a6);
220 
221  // Axiom 7.
222  constraints.universal.push_back([&] {
223  const symbol_exprt n2 = fresh_symbol("QA_index_trim2", index_type);
224  const minus_exprt bound(
225  minus_exprt(array_pool.get_or_create_length(str), idx),
226  array_pool.get_or_create_length(res));
227  const binary_relation_exprt eqn2(
228  str[plus_exprt(
229  idx, plus_exprt(array_pool.get_or_create_length(res), n2))],
230  ID_le,
231  space_char);
232  return string_constraintt(
233  n2, zero_if_negative(bound), eqn2, message_handler);
234  }());
235 
236  symbol_exprt n3 = fresh_symbol("QA_index_trim3", index_type);
237  equal_exprt eqn3(res[n3], str[plus_exprt(n3, idx)]);
238  string_constraintt a8(
239  n3,
240  zero_if_negative(array_pool.get_or_create_length(res)),
241  eqn3,
242  message_handler);
243  constraints.universal.push_back(a8);
244 
245  // Axiom 9.
246  constraints.existential.push_back([&] {
247  const plus_exprt index_before(
248  idx,
249  minus_exprt(
250  array_pool.get_or_create_length(res), from_integer(1, index_type)));
251  const binary_relation_exprt no_space_before(
252  str[index_before], ID_gt, space_char);
253  return or_exprt(
254  equal_exprt(idx, array_pool.get_or_create_length(str)),
255  and_exprt(
256  binary_relation_exprt(str[idx], ID_gt, space_char), no_space_before));
257  }());
258  return {from_integer(0, f.type()), constraints};
259 }
260 
272 static std::optional<std::pair<exprt, exprt>> to_char_pair(
273  exprt expr1,
274  exprt expr2,
275  std::function<array_string_exprt(const exprt &)> get_string_expr,
276  array_poolt &array_pool)
277 {
278  if(
279  (expr1.type().id() == ID_unsignedbv || expr1.type().id() == ID_char) &&
280  (expr2.type().id() == ID_char || expr2.type().id() == ID_unsignedbv))
281  return std::make_pair(expr1, expr2);
282  const auto expr1_str = get_string_expr(expr1);
283  const auto expr2_str = get_string_expr(expr2);
284  const auto expr1_length =
285  numeric_cast<std::size_t>(array_pool.get_or_create_length(expr1_str));
286  const auto expr2_length =
287  numeric_cast<std::size_t>(array_pool.get_or_create_length(expr2_str));
288  if(expr1_length && expr2_length && *expr1_length == 1 && *expr2_length == 1)
289  return std::make_pair(exprt(expr1_str[0]), exprt(expr2_str[0]));
290  return {};
291 }
292 
312 std::pair<exprt, string_constraintst>
313 string_constraint_generatort::add_axioms_for_replace(
314  const function_application_exprt &f)
315 {
316  PRECONDITION(f.arguments().size() == 5);
317  string_constraintst constraints;
318  array_string_exprt str = get_string_expr(array_pool, f.arguments()[2]);
319  array_string_exprt res = array_pool.find(f.arguments()[1], f.arguments()[0]);
320  if(
321  const auto maybe_chars = to_char_pair(
322  f.arguments()[3],
323  f.arguments()[4],
324  [&](const exprt &e) { return get_string_expr(array_pool, e); },
325  array_pool))
326  {
327  const auto old_char = maybe_chars->first;
328  const auto new_char = maybe_chars->second;
329 
330  constraints.existential.push_back(equal_exprt(
331  array_pool.get_or_create_length(res),
332  array_pool.get_or_create_length(str)));
333 
334  symbol_exprt qvar = fresh_symbol("QA_replace", str.length_type());
335  implies_exprt case1(
336  equal_exprt(str[qvar], old_char), equal_exprt(res[qvar], new_char));
337  implies_exprt case2(
338  not_exprt(equal_exprt(str[qvar], old_char)),
339  equal_exprt(res[qvar], str[qvar]));
340  string_constraintt a2(
341  qvar,
342  zero_if_negative(array_pool.get_or_create_length(res)),
343  and_exprt(case1, case2),
344  message_handler);
345  constraints.universal.push_back(a2);
346  return {from_integer(0, f.type()), std::move(constraints)};
347  }
348  return {from_integer(1, f.type()), std::move(constraints)};
349 }
350 
355 std::pair<exprt, string_constraintst>
356 string_constraint_generatort::add_axioms_for_delete_char_at(
357  const function_application_exprt &f)
358 {
359  PRECONDITION(f.arguments().size() == 4);
360  const array_string_exprt res =
361  array_pool.find(f.arguments()[1], f.arguments()[0]);
362  const array_string_exprt str = get_string_expr(array_pool, f.arguments()[2]);
363  exprt index_one = from_integer(1, str.length_type());
364  return add_axioms_for_delete(
365  res, str, f.arguments()[3], plus_exprt(f.arguments()[3], index_one));
366 }
367 
382 std::pair<exprt, string_constraintst>
383 string_constraint_generatort::add_axioms_for_delete(
384  const array_string_exprt &res,
385  const array_string_exprt &str,
386  const exprt &start,
387  const exprt &end)
388 {
389  PRECONDITION(start.type() == str.length_type());
390  PRECONDITION(end.type() == str.length_type());
391  const typet &index_type = str.length_type();
392  const typet &char_type = to_type_with_subtype(str.content().type()).subtype();
393  const array_string_exprt sub1 =
394  array_pool.fresh_string(index_type, char_type);
395  const array_string_exprt sub2 =
396  array_pool.fresh_string(index_type, char_type);
397  return combine_results(
398  add_axioms_for_substring(
399  sub1, str, from_integer(0, str.length_type()), start),
400  combine_results(
401  add_axioms_for_substring(
402  sub2, str, end, array_pool.get_or_create_length(str)),
403  add_axioms_for_concat(res, sub1, sub2)));
404 }
405 
408 // NOLINTNEXTLINE
410 // NOLINTNEXTLINE
417 std::pair<exprt, string_constraintst>
418 string_constraint_generatort::add_axioms_for_delete(
419  const function_application_exprt &f)
420 {
421  PRECONDITION(f.arguments().size() == 5);
422  const array_string_exprt res =
423  array_pool.find(f.arguments()[1], f.arguments()[0]);
424  const array_string_exprt arg = get_string_expr(array_pool, f.arguments()[2]);
425  return add_axioms_for_delete(res, arg, f.arguments()[3], f.arguments()[4]);
426 }
from_integer
constant_exprt from_integer(const mp_integer &int_value, const typet &type)
Definition: arith_tools.cpp:100
arith_tools.h
get_string_expr
array_string_exprt get_string_expr(array_poolt &array_pool, const exprt &expr)
Fetch the string_exprt corresponding to the given refined_string_exprt.
Definition: array_pool.cpp:199
s1
int8_t s1
Definition: bytecode_info.h:59
char_type
bitvector_typet char_type()
Definition: c_types.cpp:106
and_exprt
Boolean AND.
Definition: std_expr.h:2120
array_poolt
Correspondance between arrays and pointers string representations.
Definition: array_pool.h:42
array_poolt::get_or_create_length
exprt get_or_create_length(const array_string_exprt &s)
Get the length of an array_string_exprt from the array_pool.
Definition: array_pool.cpp:26
array_poolt::fresh_string
array_string_exprt fresh_string(const typet &index_type, const typet &char_type)
Construct a string expression whose length and content are new variables.
Definition: array_pool.cpp:57
array_poolt::find
array_string_exprt find(const exprt &pointer, const exprt &length)
Creates a new array if the pointer is not pointing to an array.
Definition: array_pool.cpp:184
array_string_exprt
Definition: string_expr.h:68
array_string_exprt::length_type
const typet & length_type() const
Definition: string_expr.h:70
array_string_exprt::content
exprt & content()
Definition: string_expr.h:75
binary_relation_exprt
A base class for relations, i.e., binary predicates whose two operands have the same type.
Definition: std_expr.h:762
equal_exprt
Equality.
Definition: std_expr.h:1361
exprt
Base class for all expressions.
Definition: expr.h:56
exprt::type
typet & type()
Return the type of the expression.
Definition: expr.h:84
function_application_exprt
Application of (mathematical) function.
Definition: mathematical_expr.h:197
function_application_exprt::argumentst
exprt::operandst argumentst
Definition: mathematical_expr.h:199
function_application_exprt::arguments
argumentst & arguments()
Definition: mathematical_expr.h:218
implies_exprt
Boolean implication.
Definition: std_expr.h:2183
irept::id
const irep_idt & id() const
Definition: irep.h:388
minus_exprt
Binary minus.
Definition: std_expr.h:1061
not_exprt
Boolean negation.
Definition: std_expr.h:2327
or_exprt
Boolean OR.
Definition: std_expr.h:2228
plus_exprt
The plus expression Associativity is not specified.
Definition: std_expr.h:1002
string_constraint_generatort::add_axioms_for_delete
std::pair< exprt, string_constraintst > add_axioms_for_delete(const array_string_exprt &res, const array_string_exprt &str, const exprt &start, const exprt &end)
Add axioms stating that res corresponds to the input str where we removed characters between the posi...
Definition: string_constraint_generator_transformation.cpp:383
string_constraint_generatort::add_axioms_for_substring
std::pair< exprt, string_constraintst > add_axioms_for_substring(const array_string_exprt &res, const array_string_exprt &str, const exprt &start, const exprt &end)
Add axioms ensuring that res corresponds to the substring of str between indexes ‘start’ = max(start,...
Definition: string_constraint_generator_transformation.cpp:124
string_constraint_generatort::add_axioms_for_concat
std::pair< exprt, string_constraintst > add_axioms_for_concat(const array_string_exprt &res, const array_string_exprt &s1, const array_string_exprt &s2)
Add axioms enforcing that res is equal to the concatenation of s1 and s2.
Definition: string_concatenation_builtin_function.cpp:160
string_constraint_generatort::message_handler
message_handlert & message_handler
Definition: string_constraint_generator.h:75
string_constraint_generatort::add_axioms_for_set_length
std::pair< exprt, string_constraintst > add_axioms_for_set_length(const function_application_exprt &f)
Reduce or extend a string to have the given length.
Definition: string_constraint_generator_transformation.cpp:39
string_constraint_generatort::add_axioms_for_trim
std::pair< exprt, string_constraintst > add_axioms_for_trim(const function_application_exprt &f)
Remove leading and trailing whitespaces.
Definition: string_constraint_generator_transformation.cpp:183
string_constraint_generatort::add_axioms_for_replace
std::pair< exprt, string_constraintst > add_axioms_for_replace(const function_application_exprt &f)
Replace a character by another in a string.
Definition: string_constraint_generator_transformation.cpp:313
string_constraint_generatort::fresh_symbol
symbol_generatort fresh_symbol
Definition: string_constraint_generator.h:61
string_constraint_generatort::array_pool
array_poolt array_pool
Definition: string_constraint_generator.h:63
string_constraint_generatort::add_axioms_for_delete_char_at
std::pair< exprt, string_constraintst > add_axioms_for_delete_char_at(const function_application_exprt &expr)
add axioms corresponding to the StringBuilder.deleteCharAt java function
Definition: string_constraint_generator_transformation.cpp:356
string_constraint_generatort::combine_results
std::pair< exprt, string_constraintst > combine_results(std::pair< exprt, string_constraintst > result1, std::pair< exprt, string_constraintst > result2)
Combine the results of two add_axioms function by taking the maximum of the return codes and merging ...
Definition: string_constraint_generator_main.cpp:420
string_constraintt
Definition: string_constraint.h:56
symbol_exprt
Expression to hold a symbol (variable)
Definition: std_expr.h:131
type_with_subtypet::subtype
const typet & subtype() const
Definition: type.h:187
typet
The type of an expression, extends irept.
Definition: type.h:29
mathematical_expr.h
API to expression classes for 'mathematical' expressions.
PRECONDITION
#define PRECONDITION(CONDITION)
Definition: invariant.h:463
string_constraint_generator.h
Generates string constraints to link results from string functions with their arguments.
maximum
exprt maximum(const exprt &a, const exprt &b)
Definition: string_constraint_generator_main.cpp:404
minimum
exprt minimum(const exprt &a, const exprt &b)
Definition: string_constraint_generator_main.cpp:399
zero_if_negative
exprt zero_if_negative(const exprt &expr)
Returns a non-negative version of the argument.
Definition: string_constraint_generator_main.cpp:412
get_return_code_type
signedbv_typet get_return_code_type()
Definition: string_constraint_generator_main.cpp:182
to_char_pair
static std::optional< std::pair< exprt, exprt > > to_char_pair(exprt expr1, exprt expr2, std::function< array_string_exprt(const exprt &)> get_string_expr, array_poolt &array_pool)
Convert two expressions to pair of chars If both expressions are characters, return pair of them If b...
Definition: string_constraint_generator_transformation.cpp:272
less_than_or_equal_to
binary_relation_exprt less_than_or_equal_to(exprt lhs, exprt rhs)
Definition: string_expr.h:37
greater_or_equal_to
binary_relation_exprt greater_or_equal_to(exprt lhs, exprt rhs)
Definition: string_expr.h:20
equal_to
equal_exprt equal_to(exprt lhs, exprt rhs)
Definition: string_expr.h:55
string_constraintst
Collection of constraints of different types: existential formulas, universal formulas,...
Definition: string_constraint_generator.h:39
string_constraintst::existential
std::vector< exprt > existential
Definition: string_constraint_generator.h:40
string_constraintst::universal
std::vector< string_constraintt > universal
Definition: string_constraint_generator.h:41
to_type_with_subtype
const type_with_subtypet & to_type_with_subtype(const typet &type)
Definition: type.h:208