cbmc/symex__dead_8cpp_source.html

 /*******************************************************************\


 Module: Symbolic Execution


 Author: Daniel Kroening, kroening@kroening.com


 \*******************************************************************/


 #include "goto_symex.h"


 #include <util/std_expr.h>


 void goto_symext::symex_dead(statet &state)

 {

   const goto_programt::instructiont &instruction=*state.source.pc;

   symex_dead(state, instruction.dead_symbol());

 }


 static void remove_l1_object_rec(

   goto_symext::statet &state,

   const exprt &l1_expr,

   const namespacet &ns)

 {

   if(is_ssa_expr(l1_expr))

   {

     const ssa_exprt &l1_ssa = to_ssa_expr(l1_expr);

     const irep_idt &l1_identifier = l1_ssa.get_identifier();


     // We cannot remove the object from the L1 renaming map, because L1 renaming

     // information is not local to a path, but removing it from the propagation

     // map and value-set is safe as 1) it is local to a path and 2) this

     // instance can no longer appear (unless shared across threads).

     if(

       state.threads.size() <= 1 ||

       state.write_is_shared(l1_ssa, ns) ==

         goto_symex_statet::write_is_shared_resultt::NOT_SHARED)

     {

       state.value_set.values.erase_if_exists(l1_identifier);

     }

     state.propagation.erase_if_exists(l1_identifier);

     // Remove from the local L2 renaming map; this means any reads from the dead

     // identifier will use generation 0 (e.g. x!N@M#0, where N and M are

     // positive integers), which is never defined by any write, and will be

     // dropped by `goto_symext::merge_goto` on merging with branches where the

     // identifier is still live.

     state.drop_l1_name(l1_identifier);

   }

   else if(

     l1_expr.type().id() == ID_array || l1_expr.type().id() == ID_struct ||

     l1_expr.type().id() == ID_struct_tag || l1_expr.type().id() == ID_union ||

     l1_expr.type().id() == ID_union_tag)

   {

     for(const auto &op : l1_expr.operands())

       remove_l1_object_rec(state, op, ns);

   }

   else

     UNREACHABLE;

 }


 void goto_symext::symex_dead(statet &state, const symbol_exprt &symbol_expr)

 {

   ssa_exprt to_rename = is_ssa_expr(symbol_expr) ? to_ssa_expr(symbol_expr)

                                                  : ssa_exprt{symbol_expr};

   ssa_exprt ssa = state.rename_ssa<L1>(to_rename, ns).get();


   const exprt fields =

     state.field_sensitivity.get_fields(ns, state, ssa, false);

   remove_l1_object_rec(state, fields, ns);

 }

dstringt
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Definition: dstring.h:38

exprt
Base class for all expressions.
Definition: expr.h:56

exprt::type
typet & type()
Return the type of the expression.
Definition: expr.h:84

exprt::operands
operandst & operands()
Definition: expr.h:94

field_sensitivityt::get_fields
exprt get_fields(const namespacet &ns, goto_symex_statet &state, const ssa_exprt &ssa_expr, bool disjoined_fields_only) const
Compute an expression representing the individual components of a field-sensitive SSA representation ...
Definition: field_sensitivity.cpp:215

goto_programt::instructiont
This class represents an instruction in the GOTO intermediate representation.
Definition: goto_program.h:181

goto_programt::instructiont::dead_symbol
const symbol_exprt & dead_symbol() const
Get the symbol for DEAD.
Definition: goto_program.h:244

goto_statet::propagation
sharing_mapt< irep_idt, exprt > propagation
Definition: goto_state.h:71

goto_statet::value_set
value_sett value_set
Uses level 1 names, and is used to do dereferencing.
Definition: goto_state.h:51

goto_symex_statet
Central data structure: state.
Definition: goto_symex_state.h:43

goto_symex_statet::write_is_shared_resultt::NOT_SHARED
@ NOT_SHARED

goto_symex_statet::drop_l1_name
void drop_l1_name(const irep_idt &l1_identifier)
Drops an L1 name from the local L2 map.
Definition: goto_symex_state.h:239

goto_symex_statet::field_sensitivity
field_sensitivityt field_sensitivity
Definition: goto_symex_state.h:122

goto_symex_statet::write_is_shared
write_is_shared_resultt write_is_shared(const ssa_exprt &expr, const namespacet &ns) const
Definition: goto_symex_state.cpp:522

goto_symex_statet::source
symex_targett::sourcet source
Definition: goto_symex_state.h:62

goto_symex_statet::rename_ssa
renamedt< ssa_exprt, level > rename_ssa(ssa_exprt ssa, const namespacet &ns)
Version of rename which is specialized for SSA exprt.
Definition: goto_symex_state.cpp:152

goto_symex_statet::threads
std::vector< threadt > threads
Definition: goto_symex_state.h:199

goto_symext::symex_dead
virtual void symex_dead(statet &state)
Symbolically execute a DEAD instruction.
Definition: symex_dead.cpp:16

goto_symext::ns
namespacet ns
Initialized just before symbolic execution begins, to point to both outer_symbol_table and the symbol...
Definition: goto_symex.h:258

irept::id
const irep_idt & id() const
Definition: irep.h:388

namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition: namespace.h:94

sharing_mapt::erase_if_exists
void erase_if_exists(const key_type &k)
Erase element if it exists.
Definition: sharing_map.h:274

ssa_exprt
Expression providing an SSA-renamed symbol of expressions.
Definition: ssa_expr.h:17

symbol_exprt
Expression to hold a symbol (variable)
Definition: std_expr.h:131

symbol_exprt::get_identifier
const irep_idt & get_identifier() const
Definition: std_expr.h:160

value_sett::values
valuest values
Stores the LHS ID -> RHS expression set map.
Definition: value_set.h:296

goto_symex.h
Symbolic Execution.

L1
@ L1
Definition: renamed.h:24

UNREACHABLE
#define UNREACHABLE
This should be used to mark dead code.
Definition: invariant.h:525

to_ssa_expr
const ssa_exprt & to_ssa_expr(const exprt &expr)
Cast a generic exprt to an ssa_exprt.
Definition: ssa_expr.h:145

is_ssa_expr
bool is_ssa_expr(const exprt &expr)
Definition: ssa_expr.h:125

std_expr.h
API to expression classes.

symex_targett::sourcet::pc
goto_programt::const_targett pc
Definition: symex_target.h:42

remove_l1_object_rec
static void remove_l1_object_rec(goto_symext::statet &state, const exprt &l1_expr, const namespacet &ns)
Definition: symex_dead.cpp:22