CBMC
symex_start_thread.cpp
Go to the documentation of this file.
1 /*******************************************************************\
2 
3 Module: Symbolic Execution
4 
5 Author: Daniel Kroening, kroening@kroening.com
6 
7 \*******************************************************************/
8 
11 
12 #include "goto_symex.h"
13 
14 #include <util/exception_utils.h>
15 #include <util/expr_initializer.h>
16 
17 #include "expr_skeleton.h"
18 #include "path_storage.h"
19 #include "symex_assign.h"
20 
21 void goto_symext::symex_start_thread(statet &state)
22 {
23  if(!state.reachable)
24  return;
25 
26  if(state.atomic_section_id != 0)
27  throw incorrect_goto_program_exceptiont(
28  "spawning threads out of atomic sections is not allowed; "
29  "this would require amendments to ordering constraints",
30  state.source.pc->source_location());
31 
32  // record this
33  target.spawn(state.guard.as_expr(), state.source);
34 
35  const goto_programt::instructiont &instruction=*state.source.pc;
36 
37  INVARIANT(instruction.targets.size() == 1, "start_thread expects one target");
38 
39  goto_programt::const_targett thread_target=
40  instruction.get_target();
41 
42  // put into thread vector
43  const std::size_t new_thread_nr = state.threads.size();
44  state.threads.push_back(statet::threadt(guard_manager));
45  // statet::threadt &cur_thread=state.threads[state.source.thread_nr];
46  statet::threadt &new_thread=state.threads.back();
47  new_thread.pc=thread_target;
48  new_thread.function_id = state.source.function_id;
49  new_thread.guard=state.guard;
50  new_thread.call_stack.push_back(state.call_stack().top());
51  new_thread.call_stack.back().local_objects.clear();
52  new_thread.call_stack.back().goto_state_map.clear();
53  #if 0
54  new_thread.abstract_events=&(target.new_thread(cur_thread.abstract_events));
55  #endif
56 
57  const std::size_t current_thread_nr = state.source.thread_nr;
58 
59  // create a copy of the local variables for the new thread
60  framet &frame = state.call_stack().top();
61 
62  symex_renaming_levelt::viewt view;
63  state.get_level2().current_names.get_view(view);
64 
65  for(const auto &pair : view)
66  {
67  const irep_idt l1_o_id = pair.second.first.get_l1_object_identifier();
68 
69  // could use iteration over local_objects as l1_o_id is prefix
70  if(frame.local_objects.find(l1_o_id)==frame.local_objects.end())
71  continue;
72 
73  // get original name
74  ssa_exprt lhs(pair.second.first.get_original_expr());
75 
76  // get L0 name for current thread
77  const renamedt<ssa_exprt, L0> l0_lhs =
78  symex_level0(std::move(lhs), ns, new_thread_nr);
79  const irep_idt &l0_name = l0_lhs.get().get_identifier();
80  std::size_t l1_index = path_storage.get_unique_l1_index(l0_name, 0);
81  CHECK_RETURN(l1_index == 0);
82 
83  // set up L1 name
84  state.level1.insert(l0_lhs, 0);
85 
86  const ssa_exprt lhs_l1 = state.rename_ssa<L1>(l0_lhs.get(), ns).get();
87  const irep_idt l1_name = lhs_l1.get_l1_object_identifier();
88  // store it
89  new_thread.call_stack.back().local_objects.insert(l1_name);
90 
91  // make copy
92  ssa_exprt rhs = pair.second.first;
93 
94  exprt::operandst lhs_conditions;
95  state.record_events.push(false);
96  symex_assignt{
97  shadow_memory,
98  state,
99  symex_targett::assignment_typet::HIDDEN,
100  ns,
101  symex_config,
102  target}
103  .assign_symbol(lhs_l1, expr_skeletont{}, rhs, lhs_conditions);
104  const exprt l2_lhs = state.rename(lhs_l1, ns).get();
105  state.record_events.pop();
106 
107  // record a shared write in the new thread
108  if(
109  state.write_is_shared(lhs_l1, ns) ==
110  goto_symex_statet::write_is_shared_resultt::SHARED &&
111  is_ssa_expr(l2_lhs))
112  {
113  state.source.thread_nr = new_thread_nr;
114  target.shared_write(
115  state.guard.as_expr(), to_ssa_expr(l2_lhs), 0, state.source);
116  state.source.thread_nr = current_thread_nr;
117  }
118  }
119 
120  // initialize all variables marked thread-local
121  const symbol_tablet &symbol_table=ns.get_symbol_table();
122 
123  for(const auto &symbol_pair : symbol_table.symbols)
124  {
125  const symbolt &symbol = symbol_pair.second;
126 
127  if(!symbol.is_thread_local ||
128  !symbol.is_static_lifetime ||
129  (symbol.is_extern && symbol.value.is_nil()))
130  continue;
131 
132  // get original name
133  ssa_exprt lhs(symbol.symbol_expr());
134 
135  // get L0 name for current thread
136  lhs.set_level_0(new_thread_nr);
137 
138  exprt rhs=symbol.value;
139  if(rhs.is_nil())
140  {
141  const auto zero = zero_initializer(symbol.type, symbol.location, ns);
142  CHECK_RETURN(zero.has_value());
143  rhs = *zero;
144  }
145 
146  exprt::operandst lhs_conditions;
147  symex_assignt{
148  shadow_memory,
149  state,
150  symex_targett::assignment_typet::HIDDEN,
151  ns,
152  symex_config,
153  target}
154  .assign_symbol(lhs, expr_skeletont{}, rhs, lhs_conditions);
155  }
156 }
call_stackt::top
framet & top()
Definition: call_stack.h:17
dstringt
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Definition: dstring.h:38
expr_skeletont
Expression in which some part is missing and can be substituted for another expression.
Definition: expr_skeleton.h:26
exprt
Base class for all expressions.
Definition: expr.h:56
exprt::operandst
std::vector< exprt > operandst
Definition: expr.h:58
framet
Stack frames – these are used for function calls and for exceptions.
Definition: solver_types.h:41
framet::local_objects
std::set< irep_idt > local_objects
Definition: frame.h:44
goto_programt::instructiont
This class represents an instruction in the GOTO intermediate representation.
Definition: goto_program.h:181
goto_programt::instructiont::targets
targetst targets
The list of successor instructions.
Definition: goto_program.h:414
goto_programt::instructiont::get_target
const_targett get_target() const
Returns the first (and only) successor for the usual case of a single target.
Definition: goto_program.h:418
goto_programt::const_targett
instructionst::const_iterator const_targett
Definition: goto_program.h:615
goto_statet::guard
guardt guard
Definition: goto_state.h:58
goto_statet::reachable
bool reachable
Is this code reachable? If not we can take shortcuts such as not entering function calls,...
Definition: goto_state.h:62
goto_statet::atomic_section_id
unsigned atomic_section_id
Threads.
Definition: goto_state.h:76
goto_statet::get_level2
const symex_level2t & get_level2() const
Definition: goto_state.h:45
goto_symex_statet
Central data structure: state.
Definition: goto_symex_state.h:43
goto_symex_statet::record_events
std::stack< bool > record_events
Definition: goto_symex_state.h:213
goto_symex_statet::call_stack
call_stackt & call_stack()
Definition: goto_symex_state.h:147
goto_symex_statet::write_is_shared_resultt::SHARED
@ SHARED
goto_symex_statet::level1
symex_level1t level1
Definition: goto_symex_state.h:73
goto_symex_statet::rename
renamedt< exprt, level > rename(exprt expr, const namespacet &ns)
Rewrites symbol expressions in exprt, applying a suffix to each symbol reflecting its most recent ver...
Definition: goto_symex_state.cpp:171
goto_symex_statet::write_is_shared
write_is_shared_resultt write_is_shared(const ssa_exprt &expr, const namespacet &ns) const
Definition: goto_symex_state.cpp:522
goto_symex_statet::source
symex_targett::sourcet source
Definition: goto_symex_state.h:62
goto_symex_statet::rename_ssa
renamedt< ssa_exprt, level > rename_ssa(ssa_exprt ssa, const namespacet &ns)
Version of rename which is specialized for SSA exprt.
Definition: goto_symex_state.cpp:152
goto_symex_statet::threads
std::vector< threadt > threads
Definition: goto_symex_state.h:199
goto_symext::path_storage
path_storaget & path_storage
Symbolic execution paths to be resumed later.
Definition: goto_symex.h:810
goto_symext::target
symex_target_equationt & target
The equation that this execution is building up.
Definition: goto_symex.h:266
goto_symext::guard_manager
guard_managert & guard_manager
Used to create guards.
Definition: goto_symex.h:263
goto_symext::shadow_memory
shadow_memoryt shadow_memory
Shadow memory instrumentation API.
Definition: goto_symex.h:839
goto_symext::symex_start_thread
virtual void symex_start_thread(statet &state)
Symbolically execute a START_THREAD instruction.
Definition: symex_start_thread.cpp:21
goto_symext::ns
namespacet ns
Initialized just before symbolic execution begins, to point to both outer_symbol_table and the symbol...
Definition: goto_symex.h:258
goto_symext::symex_config
const symex_configt symex_config
The configuration to use for this symbolic execution.
Definition: goto_symex.h:185
guard_exprt::as_expr
exprt as_expr() const
Definition: guard_expr.h:46
incorrect_goto_program_exceptiont
Thrown when a goto program that's being processed is in an invalid format, for example passing the wr...
Definition: exception_utils.h:92
irept::is_nil
bool is_nil() const
Definition: irep.h:368
namespacet::get_symbol_table
const symbol_table_baset & get_symbol_table() const
Return first symbol table registered with the namespace.
Definition: namespace.h:126
path_storaget::get_unique_l1_index
std::size_t get_unique_l1_index(const irep_idt &id, std::size_t minimum_index)
Provide a unique L1 index for a given id, starting from minimum_index.
Definition: path_storage.h:104
renamedt
Wrapper for expressions or types which have been renamed up to a given level.
Definition: renamed.h:33
renamedt::get
const underlyingt & get() const
Definition: renamed.h:40
sharing_mapt< irep_idt, std::pair< ssa_exprt, std::size_t > >::viewt
std::vector< view_itemt > viewt
View of the key-value pairs in the map.
Definition: sharing_map.h:388
sharing_mapt::get_view
void get_view(V &view) const
Get a view of the elements in the map A view is a list of pairs with the components being const refer...
ssa_exprt
Expression providing an SSA-renamed symbol of expressions.
Definition: ssa_expr.h:17
ssa_exprt::get_l1_object_identifier
const irep_idt get_l1_object_identifier() const
ssa_exprt::set_level_0
void set_level_0(std::size_t i)
symbol_table_baset::symbols
const symbolst & symbols
Read-only field, used to look up symbols given their names.
Definition: symbol_table_base.h:31
symbol_tablet
The symbol table.
Definition: symbol_table.h:14
symbolt
Symbol table entry.
Definition: symbol.h:28
symbolt::is_extern
bool is_extern
Definition: symbol.h:74
symbolt::is_static_lifetime
bool is_static_lifetime
Definition: symbol.h:70
symbolt::is_thread_local
bool is_thread_local
Definition: symbol.h:71
symbolt::location
source_locationt location
Source code location of definition of symbol.
Definition: symbol.h:37
symbolt::symbol_expr
class symbol_exprt symbol_expr() const
Produces a symbol_exprt for a symbol.
Definition: symbol.cpp:121
symbolt::type
typet type
Type of symbol.
Definition: symbol.h:31
symbolt::value
exprt value
Initial value of symbol.
Definition: symbol.h:34
symex_assignt
Functor for symex assignment.
Definition: symex_assign.h:28
symex_target_equationt::spawn
virtual void spawn(const exprt &guard, const sourcet &source)
Record spawning a new thread.
Definition: symex_target_equation.cpp:63
symex_target_equationt::shared_write
virtual void shared_write(const exprt &guard, const ssa_exprt &ssa_object, unsigned atomic_section_id, const sourcet &source)
Write to a shared variable ssa_object: we effectively assign a value from this thread to be visible b...
Definition: symex_target_equation.cpp:46
symex_targett::assignment_typet::HIDDEN
@ HIDDEN
exception_utils.h
zero_initializer
std::optional< exprt > zero_initializer(const typet &type, const source_locationt &source_location, const namespacet &ns)
Create the equivalent of zero for type type.
Definition: expr_initializer.cpp:308
expr_initializer.h
Expression Initialization.
expr_skeleton.h
Expression skeleton.
goto_symex.h
Symbolic Execution.
path_storage.h
Storage of symbolic execution paths to resume.
L1
@ L1
Definition: renamed.h:24
symex_level0
renamedt< ssa_exprt, L0 > symex_level0(ssa_exprt ssa_expr, const namespacet &ns, std::size_t thread_nr)
Set the level 0 renaming of SSA expressions.
Definition: renaming_level.cpp:22
CHECK_RETURN
#define CHECK_RETURN(CONDITION)
Definition: invariant.h:495
to_ssa_expr
const ssa_exprt & to_ssa_expr(const exprt &expr)
Cast a generic exprt to an ssa_exprt.
Definition: ssa_expr.h:145
is_ssa_expr
bool is_ssa_expr(const exprt &expr)
Definition: ssa_expr.h:125
goto_symex_statet::threadt
Definition: goto_symex_state.h:186
goto_symex_statet::threadt::call_stack
call_stackt call_stack
Definition: goto_symex_state.h:190
goto_symex_statet::threadt::function_id
irep_idt function_id
Definition: goto_symex_state.h:188
goto_symex_statet::threadt::pc
goto_programt::const_targett pc
Definition: goto_symex_state.h:187
goto_symex_statet::threadt::guard
guardt guard
Definition: goto_symex_state.h:189
symex_level1t::insert
void insert(const renamedt< ssa_exprt, L0 > &ssa, std::size_t index)
Assume ssa is not already known.
Definition: renaming_level.cpp:47
symex_level2t::current_names
symex_renaming_levelt current_names
Definition: renaming_level.h:70
symex_targett::sourcet::thread_nr
unsigned thread_nr
Definition: symex_target.h:38
symex_targett::sourcet::pc
goto_programt::const_targett pc
Definition: symex_target.h:42
symex_targett::sourcet::function_id
irep_idt function_id
Definition: symex_target.h:39
symex_assign.h
Symbolic Execution of assignments.
validation_modet::INVARIANT
@ INVARIANT