cbmc/value__set__domain_8h_source.html

/*******************************************************************\


Module: Value Set


Author: Daniel Kroening, kroening@kroening.com


\*******************************************************************/


#ifndef CPROVER_POINTER_ANALYSIS_VALUE_SET_DOMAIN_H

#define CPROVER_POINTER_ANALYSIS_VALUE_SET_DOMAIN_H


#include <util/invariant.h>


#include <analyses/ai.h>


#include "value_set.h"


template <class VST>


class value_set_domain_templatet : public ai_domain_baset

{

protected:

  bool reachable;


public:

  VST value_set;


  explicit value_set_domain_templatet(locationt l) : reachable(false)

  {

    value_set.clear();

    value_set.location_number = l->location_number;

  }

  explicit value_set_domain_templatet(locationt l) : reachable(false) {…}


  void make_bottom() override

  {

    reachable = false;

    value_set.clear(); //???

  }

  void make_bottom() override {…}


  void make_top() override

  {

    UNREACHABLE;

  }

  void make_top() override {…}


  void make_entry() override

  {

    reachable = true;

  }

  void make_entry() override {…}


  bool is_bottom() const override

  {

    return reachable == false && value_set.values.size() == 0;

  }

  bool is_bottom() const override {…}


  bool is_top() const override

  {

    return false;

  }

  bool is_top() const override {…}


  // overloading


  bool


  merge(const value_set_domain_templatet<VST> &other, trace_ptrt, trace_ptrt)

  {

    reachable |= other.reachable;

    return value_set.make_union(other.value_set);

  }

  merge(const value_set_domain_templatet<VST> &other, trace_ptrt, trace_ptrt) {…}


  void


  output(std::ostream &out, const ai_baset &, const namespacet &) const override

  {

    value_set.output(out);

  }

  output(std::ostream &out, const ai_baset &, const namespacet &) const override {…}


  void transform(

    const irep_idt &function_from,

    trace_ptrt from,

    const irep_idt &function_to,

    trace_ptrt to,

    ai_baset &ai,

    const namespacet &ns) override;


  void get_reference_set(

    const namespacet &ns,

    const exprt &expr,

    value_setst::valuest &dest)

  {

    value_set.get_reference_set(expr, dest, ns);

  }

  void get_reference_set( {…}


  exprt get_return_lhs(locationt to) const

  {

    // get predecessor of "to"

    to--;


    if(to->is_end_function())

      return static_cast<const exprt &>(get_nil_irep());


    INVARIANT(to->is_function_call(), "must be the function call");


    return to->call_lhs();

  }

  exprt get_return_lhs(locationt to) const {…}


  xmlt output_xml(const ai_baset &ai, const namespacet &ns) const override

  {

    return value_set.output_xml();

  }

  xmlt output_xml(const ai_baset &ai, const namespacet &ns) const override {…}

};

class value_set_domain_templatet : public ai_domain_baset {…};


typedef value_set_domain_templatet<value_sett> value_set_domaint;


template <class VST>


void value_set_domain_templatet<VST>::transform(

  const irep_idt &,

  trace_ptrt from,

  const irep_idt &function_to,

  trace_ptrt to,

  ai_baset &,

  const namespacet &ns)

{

  if(!reachable)

    return;


  locationt from_l{from->current_location()};

  locationt to_l{to->current_location()};


  switch(from_l->type())

  {

  case GOTO:

    // ignore for now

    break;


  case END_FUNCTION:

  {

    value_set.do_end_function(get_return_lhs(to_l), ns);

    break;

  }


  // Note intentional fall-through here:

  case SET_RETURN_VALUE:

  case OTHER:

  case ASSIGN:

  case DECL:

  case DEAD:

    value_set.apply_code(from_l->code(), ns);

    break;


  case ASSUME:

    value_set.guard(from_l->condition(), ns);

    break;


  case FUNCTION_CALL:

    value_set.do_function_call(function_to, from_l->call_arguments(), ns);

    break;


  case ASSERT:

  case SKIP:

  case START_THREAD:

  case END_THREAD:

  case LOCATION:

  case ATOMIC_BEGIN:

  case ATOMIC_END:

  case THROW:

  case CATCH:

  case INCOMPLETE_GOTO:

  case NO_INSTRUCTION_TYPE:

  {

    // do nothing

  }

  }

}

void value_set_domain_templatet<VST>::transform( {…}


// To pass the correct location to the constructor we need a factory

typedef ai_domain_factory_location_constructort<value_set_domaint>

  value_set_domain_factoryt;


#endif // CPROVER_POINTER_ANALYSIS_VALUE_SET_DOMAIN_H

ai.h
Abstract Interpretation.

ai_baset
This is the basic interface of the abstract interpreter with default implementations of the core func...
Definition ai.h:117

ai_baset::output
virtual void output(const namespacet &ns, const irep_idt &function_id, const goto_programt &goto_program, std::ostream &out) const
Output the abstract states for a single function.
Definition ai.cpp:39

ai_baset::clear
virtual void clear()
Reset the abstract state.
Definition ai.h:265

ai_baset::output_xml
virtual xmlt output_xml(const namespacet &ns, const irep_idt &function_id, const goto_programt &goto_program) const
Output the abstract states for a single function as XML.
Definition ai.cpp:136

ai_domain_baset
The interface offered by a domain, allows code to manipulate domains without knowing their exact type...
Definition ai_domain.h:54

ai_domain_baset::trace_ptrt
ai_history_baset::trace_ptrt trace_ptrt
Definition ai_domain.h:73

ai_domain_baset::locationt
goto_programt::const_targett locationt
Definition ai_domain.h:72

ait
ait supplies three of the four components needed: an abstract interpreter (in this case handling func...
Definition ai.h:562

dstringt
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Definition dstring.h:38

exprt
Base class for all expressions.
Definition expr.h:56

namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition namespace.h:91

value_set_domain_templatet
This is the domain for a value set analysis.
Definition value_set_domain.h:26

value_set_domain_templatet::output_xml
xmlt output_xml(const ai_baset &ai, const namespacet &ns) const override
Definition value_set_domain.h:111

value_set_domain_templatet::get_return_lhs
exprt get_return_lhs(locationt to) const
Definition value_set_domain.h:98

value_set_domain_templatet::get_reference_set
void get_reference_set(const namespacet &ns, const exprt &expr, value_setst::valuest &dest)
Definition value_set_domain.h:90

value_set_domain_templatet::merge
bool merge(const value_set_domain_templatet< VST > &other, trace_ptrt, trace_ptrt)
Definition value_set_domain.h:70

value_set_domain_templatet::reachable
bool reachable
ait checks whether domains are bottom to increase speed and accuracy.
Definition value_set_domain.h:30

value_set_domain_templatet::make_entry
void make_entry() override
Make this domain a reasonable entry-point state For most domains top is sufficient.
Definition value_set_domain.h:52

value_set_domain_templatet::make_bottom
void make_bottom() override
no states
Definition value_set_domain.h:41

value_set_domain_templatet::is_top
bool is_top() const override
Definition value_set_domain.h:62

value_set_domain_templatet::value_set_domain_templatet
value_set_domain_templatet(locationt l)
Definition value_set_domain.h:35

value_set_domain_templatet::value_set
VST value_set
Definition value_set_domain.h:33

value_set_domain_templatet::transform
void transform(const irep_idt &function_from, trace_ptrt from, const irep_idt &function_to, trace_ptrt to, ai_baset &ai, const namespacet &ns) override
how function calls are treated: a) there is an edge from each call site to the function head b) there...
Definition value_set_domain.h:120

value_set_domain_templatet::is_bottom
bool is_bottom() const override
Definition value_set_domain.h:57

value_set_domain_templatet::output
void output(std::ostream &out, const ai_baset &, const namespacet &) const override
Definition value_set_domain.h:77

value_set_domain_templatet::make_top
void make_top() override
all states – the analysis doesn't use this directly (see make_entry) and domains may refuse to implem...
Definition value_set_domain.h:47

value_setst::valuest
std::list< exprt > valuest
Definition value_sets.h:28

xmlt
Definition xml.h:21

FUNCTION_CALL
@ FUNCTION_CALL
Definition goto_program.h:49

ATOMIC_END
@ ATOMIC_END
Definition goto_program.h:44

DEAD
@ DEAD
Definition goto_program.h:48

LOCATION
@ LOCATION
Definition goto_program.h:41

END_FUNCTION
@ END_FUNCTION
Definition goto_program.h:42

ASSIGN
@ ASSIGN
Definition goto_program.h:46

ASSERT
@ ASSERT
Definition goto_program.h:36

SET_RETURN_VALUE
@ SET_RETURN_VALUE
Definition goto_program.h:45

ATOMIC_BEGIN
@ ATOMIC_BEGIN
Definition goto_program.h:43

CATCH
@ CATCH
Definition goto_program.h:51

END_THREAD
@ END_THREAD
Definition goto_program.h:40

SKIP
@ SKIP
Definition goto_program.h:38

NO_INSTRUCTION_TYPE
@ NO_INSTRUCTION_TYPE
Definition goto_program.h:33

START_THREAD
@ START_THREAD
Definition goto_program.h:39

THROW
@ THROW
Definition goto_program.h:50

DECL
@ DECL
Definition goto_program.h:47

OTHER
@ OTHER
Definition goto_program.h:37

GOTO
@ GOTO
Definition goto_program.h:34

INCOMPLETE_GOTO
@ INCOMPLETE_GOTO
Definition goto_program.h:52

ASSUME
@ ASSUME
Definition goto_program.h:35

get_nil_irep
const irept & get_nil_irep()
Definition irep.cpp:19

invariant.h

UNREACHABLE
#define UNREACHABLE
This should be used to mark dead code.
Definition invariant.h:525

INVARIANT
#define INVARIANT(CONDITION, REASON)
This macro uses the wrapper function 'invariant_violated_string'.
Definition invariant.h:423

value_set.h
Value Set.

value_set_domain_factoryt
ai_domain_factory_location_constructort< value_set_domaint > value_set_domain_factoryt
Definition value_set_domain.h:182

value_set_domaint
value_set_domain_templatet< value_sett > value_set_domaint
Definition value_set_domain.h:117