cbmc/string__refinement_8h_source.html

/*******************************************************************\


Module: String support via creating string constraints and progressively

        instantiating the universal constraints as needed.

        The procedure is described in the PASS paper at HVC'13:

        "PASS: String Solving with Parameterized Array and Interval Automaton"

        by Guodong Li and Indradeep Ghosh


Author: Alberto Griggio, alberto.griggio@gmail.com


\*******************************************************************/


#ifndef CPROVER_SOLVERS_REFINEMENT_STRING_REFINEMENT_H

#define CPROVER_SOLVERS_REFINEMENT_STRING_REFINEMENT_H


#include <util/union_find_replace.h>


#include <solvers/refinement/bv_refinement.h>


#include "string_constraint_generator.h"

#include "string_dependencies.h"

#include "string_refinement_util.h"


#define OPT_STRING_REFINEMENT \

  "(no-refine-strings)" \

  "(string-printable)" \

  "(string-input-value):" \

  "(string-non-empty)" \

  "(max-nondet-string-length):"

#define OPT_STRING_REFINEMENT \ …


#define HELP_STRING_REFINEMENT                                                 \

  " {y--no-refine-strings} \t turn off string refinement\n"                    \

  " {y--string-printable} \t restrict to printable strings and characters\n"   \

  " {y--string-non-empty} \t restrict to non-empty strings (experimental)\n"   \

  " {y--string-input-value} {ust} \t "                                         \

  "restrict non-null strings to a fixed value {ust}; the switch can be used "  \

  "multiple times to give several strings\n"                                   \

  " {y--max-nondet-string-length} {un} \t "                                    \

  "bound the length of nondet (e.g. input) strings. Default is " +             \

    std::to_string(MAX_CONCRETE_STRING_SIZE - 1) +                             \

    "; note that setting the value higher than this does not work "            \

    "with {y--trace} or {y--validate-trace}.\n"

#define HELP_STRING_REFINEMENT                                                 \ …


// The integration of the string solver into CBMC is incomplete. Therefore,

// it is not turned on by default and not all options are available.


#define OPT_STRING_REFINEMENT_CBMC \

  "(refine-strings)" \

  "(string-printable)"

#define OPT_STRING_REFINEMENT_CBMC \ …


#define HELP_STRING_REFINEMENT_CBMC                                            \

  " {y--refine-strings} \t use string refinement (experimental)\n"             \

  " {y--string-printable} \t restrict to printable strings (experimental)\n"

#define HELP_STRING_REFINEMENT_CBMC                                            \ …


#define DEFAULT_MAX_NB_REFINEMENT std::numeric_limits<size_t>::max()


class string_refinementt final : public bv_refinementt

{

private:


  struct configt

  {

    std::size_t refinement_bound = 0;

    bool use_counter_example = true;

  };

  struct configt {…};


public:


  struct infot : public bv_refinementt::infot, public configt

  {

  };

  struct infot : public bv_refinementt::infot, public configt {…};


  explicit string_refinementt(const infot &);


  std::string decision_procedure_text() const override

  {

    return "string refinement loop with " + prop.solver_text();

  }

  std::string decision_procedure_text() const override {…}


  exprt get(const exprt &expr) const override;

  void set_to(const exprt &expr, bool value) override;


protected:

  decision_proceduret::resultt dec_solve(const exprt &) override;


private:

  // Base class

  typedef bv_refinementt supert;


  string_refinementt(const infot &, bool);


  const configt config_;

  std::size_t loop_bound_;

  string_constraint_generatort generator;


  // Simple constraints that have been given to the solver

  std::set<exprt> seen_instances;


  string_axiomst axioms;


  // Unquantified lemmas that have newly been added

  std::vector<exprt> current_constraints;


  // See the definition in the PASS article

  // Warning: this is indexed by array_expressions and not string expressions


  index_set_pairt index_sets;

  union_find_replacet symbol_resolve;


  std::vector<exprt> equations;


  string_dependenciest dependencies;


  void add_lemma(const exprt &lemma, bool simplify_lemma = true);

};

class string_refinementt final : public bv_refinementt {…};


exprt substitute_array_lists(exprt expr, std::size_t string_max_length);


// Declaration required for unit-test:

union_find_replacet string_identifiers_resolution_from_equations(

  const std::vector<equal_exprt> &equations,

  const namespacet &ns,

  messaget::mstreamt &stream);


// Declaration required for unit-test:

exprt substitute_array_access(

  exprt expr,

  symbol_generatort &symbol_generator,

  const bool left_propagate);


#endif

bv_refinement.h
Abstraction Refinement Loop.

ait
ait supplies three of the four components needed: an abstract interpreter (in this case handling func...
Definition ai.h:562

bv_refinementt
Definition bv_refinement.h:20

decision_proceduret::resultt
resultt
Result of running the decision procedure.
Definition decision_procedure.h:45

exprt
Base class for all expressions.
Definition expr.h:56

messaget::mstreamt
Definition message.h:216

namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition namespace.h:91

prop_conv_solvert::prop
propt & prop
Definition prop_conv_solver.h:130

propt::solver_text
virtual std::string solver_text() const =0

string_constraint_generatort
Definition string_constraint_generator.h:48

string_dependenciest
Keep track of dependencies between strings.
Definition string_dependencies.h:23

string_refinementt
Definition string_refinement.h:64

string_refinementt::generator
string_constraint_generatort generator
Definition string_refinement.h:99

string_refinementt::decision_procedure_text
std::string decision_procedure_text() const override
Return a textual description of the decision procedure.
Definition string_refinement.h:80

string_refinementt::symbol_resolve
union_find_replacet symbol_resolve
Definition string_refinement.h:113

string_refinementt::supert
bv_refinementt supert
Definition string_refinement.h:93

string_refinementt::equations
std::vector< exprt > equations
Definition string_refinement.h:115

string_refinementt::axioms
string_axiomst axioms
Definition string_refinement.h:104

string_refinementt::dec_solve
decision_proceduret::resultt dec_solve(const exprt &) override
Main decision procedure of the solver.
Definition string_refinement.cpp:615

string_refinementt::config_
const configt config_
Definition string_refinement.h:97

string_refinementt::seen_instances
std::set< exprt > seen_instances
Definition string_refinement.h:102

string_refinementt::set_to
void set_to(const exprt &expr, bool value) override
Record the constraints to ensure that the expression is true when the boolean is true and false other...
Definition string_refinement.cpp:283

string_refinementt::dependencies
string_dependenciest dependencies
Definition string_refinement.h:117

string_refinementt::index_sets
index_set_pairt index_sets
Definition string_refinement.h:112

string_refinementt::loop_bound_
std::size_t loop_bound_
Definition string_refinement.h:98

string_refinementt::get
exprt get(const exprt &expr) const override
Evaluates the given expression in the valuation found by string_refinementt::dec_solve.
Definition string_refinement.cpp:1829

string_refinementt::current_constraints
std::vector< exprt > current_constraints
Definition string_refinement.h:107

string_refinementt::add_lemma
void add_lemma(const exprt &lemma, bool simplify_lemma=true)
Add the given lemma to the solver.
Definition string_refinement.cpp:908

symbol_generatort
Generation of fresh symbols of a given type.
Definition array_pool.h:22

union_find_replacet
Similar interface to union-find for expressions, with a function for replacing sub-expressions by the...
Definition union_find_replace.h:17

string_constraint_generator.h
Generates string constraints to link results from string functions with their arguments.

string_dependencies.h
Keeps track of dependencies between strings.

substitute_array_access
exprt substitute_array_access(exprt expr, symbol_generatort &symbol_generator, const bool left_propagate)
Create an equivalent expression where array accesses and 'with' expressions are replaced by 'if' expr...
Definition string_refinement.cpp:1281

substitute_array_lists
exprt substitute_array_lists(exprt expr, std::size_t string_max_length)

string_identifiers_resolution_from_equations
union_find_replacet string_identifiers_resolution_from_equations(const std::vector< equal_exprt > &equations, const namespacet &ns, messaget::mstreamt &stream)
Symbol resolution for expressions of type string typet.
Definition string_refinement.cpp:470

string_refinement_util.h

bv_refinementt::infot
Definition bv_refinement.h:34

index_set_pairt
Definition string_refinement_util.h:60

string_axiomst
Definition string_refinement_util.h:66

string_refinementt::configt
Definition string_refinement.h:67

string_refinementt::configt::use_counter_example
bool use_counter_example
Definition string_refinement.h:69

string_refinementt::configt::refinement_bound
std::size_t refinement_bound
Definition string_refinement.h:68

string_refinementt::infot
string_refinementt constructor arguments
Definition string_refinement.h:75

union_find_replace.h