CBMC
uninitialized_domain.cpp
Go to the documentation of this file.
1 /*******************************************************************\
2 
3 Module: Detection for Uninitialized Local Variables
4 
5 Author: Daniel Kroening
6 
7 Date: January 2010
8 
9 \*******************************************************************/
10 
13 
14 #include "uninitialized_domain.h"
15 
16 #include <util/std_expr.h>
17 
18 #include <list>
19 
20 void uninitialized_domaint::transform(
21  const irep_idt &,
22  trace_ptrt trace_from,
23  const irep_idt &,
24  trace_ptrt,
25  ai_baset &,
26  const namespacet &ns)
27 {
28  locationt from{trace_from->current_location()};
29 
30  if(has_values.is_false())
31  return;
32 
33  if(from->is_decl())
34  {
35  const irep_idt &identifier = from->decl_symbol().get_identifier();
36  const symbolt &symbol = ns.lookup(identifier);
37 
38  if(!symbol.is_static_lifetime)
39  uninitialized.insert(identifier);
40  }
41  else
42  {
43  std::list<exprt> read = expressions_read(*from);
44  std::list<exprt> written = expressions_written(*from);
45 
46  for(const auto &expr : written)
47  assign(expr);
48 
49  // we only care about the *first* uninitalized use
50  for(const auto &expr : read)
51  assign(expr);
52  }
53 }
54 
55 void uninitialized_domaint::assign(const exprt &lhs)
56 {
57  if(lhs.id()==ID_index)
58  assign(to_index_expr(lhs).array());
59  else if(lhs.id()==ID_member)
60  assign(to_member_expr(lhs).struct_op());
61  else if(lhs.id()==ID_symbol)
62  uninitialized.erase(to_symbol_expr(lhs).get_identifier());
63 }
64 
65 void uninitialized_domaint::output(
66  std::ostream &out,
67  const ai_baset &,
68  const namespacet &) const
69 {
70  if(has_values.is_known())
71  out << has_values.to_string() << '\n';
72  else
73  {
74  for(const auto &id : uninitialized)
75  out << id << '\n';
76  }
77 }
78 
80 bool uninitialized_domaint::merge(
81  const uninitialized_domaint &other,
82  trace_ptrt,
83  trace_ptrt)
84 {
85  auto old_uninitialized=uninitialized.size();
86 
87  uninitialized.insert(
88  other.uninitialized.begin(),
89  other.uninitialized.end());
90 
91  bool changed=
92  (has_values.is_false() && !other.has_values.is_false()) ||
93  old_uninitialized!=uninitialized.size();
94  has_values=tvt::unknown();
95 
96  return changed;
97 }
ai_baset
This is the basic interface of the abstract interpreter with default implementations of the core func...
Definition: ai.h:117
ai_domain_baset::trace_ptrt
ai_history_baset::trace_ptrt trace_ptrt
Definition: ai_domain.h:73
ai_domain_baset::locationt
goto_programt::const_targett locationt
Definition: ai_domain.h:72
dstringt
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Definition: dstring.h:38
exprt
Base class for all expressions.
Definition: expr.h:56
irept::id
const irep_idt & id() const
Definition: irep.h:388
namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition: namespace.h:94
namespacet::lookup
bool lookup(const irep_idt &name, const symbolt *&symbol) const override
See documentation for namespace_baset::lookup().
Definition: namespace.cpp:148
symbolt
Symbol table entry.
Definition: symbol.h:28
symbolt::is_static_lifetime
bool is_static_lifetime
Definition: symbol.h:70
tvt::is_known
bool is_known() const
Definition: threeval.h:28
tvt::to_string
const char * to_string() const
Definition: threeval.cpp:13
tvt::is_false
bool is_false() const
Definition: threeval.h:26
tvt::unknown
static tvt unknown()
Definition: threeval.h:33
uninitialized_domaint
Definition: uninitialized_domain.h:22
uninitialized_domaint::uninitialized
uninitializedt uninitialized
Definition: uninitialized_domain.h:30
uninitialized_domaint::assign
void assign(const exprt &lhs)
Definition: uninitialized_domain.cpp:55
uninitialized_domaint::transform
void transform(const irep_idt &function_from, trace_ptrt trace_from, const irep_idt &function_to, trace_ptrt trace_to, ai_baset &ai, const namespacet &ns) final override
how function calls are treated: a) there is an edge from each call site to the function head b) there...
Definition: uninitialized_domain.cpp:20
uninitialized_domaint::merge
bool merge(const uninitialized_domaint &other, trace_ptrt from, trace_ptrt to)
Definition: uninitialized_domain.cpp:80
uninitialized_domaint::output
void output(std::ostream &out, const ai_baset &ai, const namespacet &ns) const final
Definition: uninitialized_domain.cpp:65
uninitialized_domaint::has_values
tvt has_values
Definition: uninitialized_domain.h:76
expressions_written
std::list< exprt > expressions_written(const goto_programt::instructiont &instruction)
Definition: goto_program.cpp:411
expressions_read
std::list< exprt > expressions_read(const goto_programt::instructiont &instruction)
Definition: goto_program.cpp:362
read
int __CPROVER_ID java::java io InputStream read
Definition: java.io.c:5
std_expr.h
API to expression classes.
to_symbol_expr
const symbol_exprt & to_symbol_expr(const exprt &expr)
Cast an exprt to a symbol_exprt.
Definition: std_expr.h:272
to_member_expr
const member_exprt & to_member_expr(const exprt &expr)
Cast an exprt to a member_exprt.
Definition: std_expr.h:2941
to_index_expr
const index_exprt & to_index_expr(const exprt &expr)
Cast an exprt to an index_exprt.
Definition: std_expr.h:1538
uninitialized_domain.h
Detection for Uninitialized Local Variables.