cbmc/symex__bmc__incremental__one__loop_8cpp_source.html

/*******************************************************************\


Module: Incremental Bounded Model Checking for ANSI-C


Author: Peter Schrammel, Daniel Kroening, kroening@kroening.com


\*******************************************************************/


#include <limits>


#include "symex_bmc_incremental_one_loop.h"


#include <util/structured_data.h>


#include <goto-instrument/unwindset.h>


symex_bmc_incremental_one_loopt::symex_bmc_incremental_one_loopt(

  message_handlert &message_handler,

  const symbol_tablet &outer_symbol_table,

  symex_target_equationt &target,

  const optionst &options,

  path_storaget &path_storage,

  guard_managert &guard_manager,

  unwindsett &unwindset,

  ui_message_handlert::uit output_ui)

  : symex_bmct(

      message_handler,

      outer_symbol_table,

      target,

      options,

      path_storage,

      guard_manager,

      unwindset),

    incr_loop_id(options.get_option("incremental-loop")),

    incr_max_unwind(

      options.is_set("unwind-max") ? options.get_signed_int_option("unwind-max")

                                   : std::numeric_limits<unsigned>::max()),

    incr_min_unwind(

      options.is_set("unwind-min") ? options.get_signed_int_option("unwind-min")

                                   : 0),

    output_ui(output_ui)

{

  // the intended behaviour is to stop asserts that are violated before the

  // unwind

  // therefore if the min-unwind is 1, then we do one unwind and immediately

  // start checking for properties

  ignore_assertions =

    incr_min_unwind > 1 &&

    options.get_bool_option("ignore-properties-before-unwind-min");

}

symex_bmc_incremental_one_loopt::symex_bmc_incremental_one_loopt( {…}


bool symex_bmc_incremental_one_loopt::should_stop_unwind(

  const symex_targett::sourcet &source,

  const call_stackt &context,

  unsigned unwind)

{

  const irep_idt id = goto_programt::loop_id(source.function_id, *source.pc);


  tvt abort_unwind_decision;

  unsigned this_loop_limit = std::numeric_limits<unsigned>::max();


  // use the incremental limits if it is the specified incremental loop

  if(id == incr_loop_id)

  {

    this_loop_limit = incr_max_unwind;

    if(unwind + 1 >= incr_min_unwind)

      ignore_assertions = false;


    abort_unwind_decision = tvt(unwind >= this_loop_limit);

  }

  else

  {

    for(auto handler : loop_unwind_handlers)

    {

      abort_unwind_decision =

        handler(context, source.pc->loop_number, unwind, this_loop_limit);

      if(abort_unwind_decision.is_known())

        break;

    }


    // If no handler gave an opinion, use standard command-line --unwindset

    // / --unwind options to decide:

    if(abort_unwind_decision.is_unknown())

    {

      auto limit = unwindset.get_limit(id, source.thread_nr);


      if(!limit.has_value())

        abort_unwind_decision = tvt(false);

      else

        abort_unwind_decision = tvt(unwind >= *limit);

    }

  }


  INVARIANT(

    abort_unwind_decision.is_known(), "unwind decision should be taken by now");

  bool abort = abort_unwind_decision.is_true();


  log_unwinding(unwind);

  log.statistics() << (abort ? "Not unwinding" : "Unwinding") << " loop " << id

                   << " iteration " << unwind;


  if(this_loop_limit != std::numeric_limits<unsigned>::max())

    log.statistics() << " (" << this_loop_limit << " max)";


  log.statistics() << " " << source.pc->source_location() << " thread "

                   << source.thread_nr << log.eom;


  return abort;

}

bool symex_bmc_incremental_one_loopt::should_stop_unwind( {…}


bool symex_bmc_incremental_one_loopt::check_break(

  const irep_idt &loop_id,

  unsigned unwind)

{

  if(unwind < incr_min_unwind)

    return false;


  // loop specified by incremental-loop

  return (loop_id == incr_loop_id);

}

bool symex_bmc_incremental_one_loopt::check_break( {…}


bool symex_bmc_incremental_one_loopt::from_entry_point_of(

  const get_goto_functiont &get_goto_function,

  symbol_tablet &new_symbol_table)

{

  state = initialize_entry_point_state(get_goto_function);


  new_symbol_table = symex_with_state(*state, get_goto_function);


  return should_pause_symex;

}

bool symex_bmc_incremental_one_loopt::from_entry_point_of( {…}


bool symex_bmc_incremental_one_loopt::resume(

  const get_goto_functiont &get_goto_function)

{

  should_pause_symex = false;


  state->symbol_table = symex_with_state(*state, get_goto_function);


  return should_pause_symex;

}

bool symex_bmc_incremental_one_loopt::resume( {…}


void symex_bmc_incremental_one_loopt::log_unwinding(unsigned unwind)

{

  structured_datat data{{{labelt({"current", "unwinding"}),

                          structured_data_entryt::data_node(

                            json_numbert{std::to_string(unwind)})}}};

  log.statistics() << data;

}

void symex_bmc_incremental_one_loopt::log_unwinding(unsigned unwind) {…}

ait
ait supplies three of the four components needed: an abstract interpreter (in this case handling func...
Definition ai.h:562

call_stackt
Definition call_stack.h:15

dstringt
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Definition dstring.h:38

goto_programt::loop_id
static irep_idt loop_id(const irep_idt &function_id, const instructiont &instruction)
Human-readable loop name.
Definition goto_program.h:792

goto_symext::symex_with_state
virtual symbol_tablet symex_with_state(statet &state, const get_goto_functiont &get_goto_functions)
Symbolically execute the entire program starting from entry point.
Definition symex_main.cpp:323

goto_symext::ignore_assertions
bool ignore_assertions
If this flag is set to true then assertions will be temporarily ignored by the symbolic executions.
Definition goto_symex.h:171

goto_symext::get_goto_function
static get_goto_functiont get_goto_function(abstract_goto_modelt &goto_model)
Return a function to get/load a goto function from the given goto model Create a default delegate to ...
Definition symex_main.cpp:492

goto_symext::initialize_entry_point_state
std::unique_ptr< statet > initialize_entry_point_state(const get_goto_functiont &get_goto_function)
Initialize the symbolic execution and the given state with the beginning of the entry point function.
Definition symex_main.cpp:397

goto_symext::get_goto_functiont
std::function< const goto_functionst::goto_functiont &(const irep_idt &)> get_goto_functiont
The type of delegate functions that retrieve a goto_functiont for a particular function identifier.
Definition goto_symex.h:93

goto_symext::log
messaget log
The messaget to write log messages to.
Definition goto_symex.h:278

goto_symext::should_pause_symex
bool should_pause_symex
Set when states are pushed onto the workqueue If this flag is set at the end of a symbolic execution ...
Definition goto_symex.h:167

json_numbert
Definition json.h:289

message_handlert
Definition message.h:27

messaget::statistics
mstreamt & statistics() const
Definition message.h:411

messaget::eom
static eomt eom
Definition message.h:289

optionst
Definition options.h:23

optionst::get_bool_option
bool get_bool_option(const std::string &option) const
Definition options.cpp:44

path_storaget
Storage for symbolic execution paths to be resumed later.
Definition path_storage.h:38

structured_datat
A way of representing nested key/value data.
Definition structured_data.h:74

symbol_tablet
The symbol table.
Definition symbol_table.h:14

symex_bmc_incremental_one_loopt::incr_min_unwind
const unsigned incr_min_unwind
Definition symex_bmc_incremental_one_loop.h:39

symex_bmc_incremental_one_loopt::resume
bool resume(const get_goto_functiont &get_goto_function)
Return true if symex can be resumed.
Definition symex_bmc_incremental_one_loop.cpp:136

symex_bmc_incremental_one_loopt::symex_bmc_incremental_one_loopt
symex_bmc_incremental_one_loopt(message_handlert &, const symbol_tablet &outer_symbol_table, symex_target_equationt &, const optionst &, path_storaget &, guard_managert &, unwindsett &, ui_message_handlert::uit output_ui)
Definition symex_bmc_incremental_one_loop.cpp:17

symex_bmc_incremental_one_loopt::from_entry_point_of
bool from_entry_point_of(const get_goto_functiont &get_goto_function, symbol_tablet &new_symbol_table)
Return true if symex can be resumed.
Definition symex_bmc_incremental_one_loop.cpp:125

symex_bmc_incremental_one_loopt::incr_max_unwind
const unsigned incr_max_unwind
Definition symex_bmc_incremental_one_loop.h:38

symex_bmc_incremental_one_loopt::incr_loop_id
const irep_idt incr_loop_id
Definition symex_bmc_incremental_one_loop.h:37

symex_bmc_incremental_one_loopt::log_unwinding
void log_unwinding(unsigned unwind)
Definition symex_bmc_incremental_one_loop.cpp:145

symex_bmc_incremental_one_loopt::check_break
bool check_break(const irep_idt &loop_id, unsigned unwind) override
Defines condition for interrupting symbolic execution for incremental BMC.
Definition symex_bmc_incremental_one_loop.cpp:114

symex_bmc_incremental_one_loopt::state
std::unique_ptr< goto_symext::statet > state
Definition symex_bmc_incremental_one_loop.h:41

symex_bmc_incremental_one_loopt::should_stop_unwind
bool should_stop_unwind(const symex_targett::sourcet &source, const call_stackt &context, unsigned unwind) override
Determine whether to unwind a loop.
Definition symex_bmc_incremental_one_loop.cpp:52

symex_bmct
Definition symex_bmc.h:24

symex_bmct::loop_unwind_handlers
std::vector< loop_unwind_handlert > loop_unwind_handlers
Callbacks that may provide an unwind/do-not-unwind decision for a loop.
Definition symex_bmc.h:88

symex_bmct::unwindset
unwindsett & unwindset
Definition symex_bmc.h:84

symex_target_equationt
Inheriting the interface of symex_targett this class represents the SSA form of the input program as ...
Definition symex_target_equation.h:34

tvt
Definition threeval.h:20

ui_message_handlert::uit
uit
Definition ui_message.h:24

unwindsett
Definition unwindset.h:26

unwindsett::get_limit
std::optional< unsigned > get_limit(const irep_idt &loop, unsigned thread_id) const
Definition unwindset.cpp:191

std
STL namespace.

INVARIANT
#define INVARIANT(CONDITION, REASON)
This macro uses the wrapper function 'invariant_violated_string'.
Definition invariant.h:423

abort
void abort(void)
Definition stdlib.c:128

guard_expr_managert
This is unused by this implementation of guards, but can be used by other implementations of the same...
Definition guard_expr.h:20

labelt
Definition structured_data.h:17

structured_data_entryt::data_node
static structured_data_entryt data_node(const jsont &data)
Definition structured_data.cpp:64

symex_targett::sourcet
Identifies source in the context of symbolic execution.
Definition symex_target.h:37

symex_targett::sourcet::thread_nr
unsigned thread_nr
Definition symex_target.h:38

symex_targett::sourcet::pc
goto_programt::const_targett pc
Definition symex_target.h:42

symex_targett::sourcet::function_id
irep_idt function_id
Definition symex_target.h:39

structured_data.h

symex_bmc_incremental_one_loop.h

unwindset.h
Loop unwinding.