cbmc/value__set__fi__fp__removal_8cpp_source.html

 /*******************************************************************\


 Module: value_set_fi_Fp_removal


 Author: Daniel Kroening, kroening@kroening.com


 \*******************************************************************/


 #include "value_set_fi_fp_removal.h"


 #include <util/message.h>

 #include <util/namespace.h>

 #include <util/pointer_expr.h>


 #include <goto-programs/goto_model.h>

 #include <goto-programs/remove_function_pointers.h>


 #include <pointer-analysis/value_set_analysis_fi.h>


 void value_set_fi_fp_removal(

   goto_modelt &goto_model,

   message_handlert &message_handler)

 {

   messaget message(message_handler);

   message.status() << "Doing FI value set analysis" << messaget::eom;


   const namespacet ns(goto_model.symbol_table);

   value_set_analysis_fit value_sets(ns);

   value_sets(goto_model.goto_functions);


   message.status() << "Instrumenting" << messaget::eom;


   // now replace aliases by addresses

   for(auto &f : goto_model.goto_functions.function_map)

   {

     for(auto target = f.second.body.instructions.begin();

         target != f.second.body.instructions.end();

         target++)

     {

       if(target->is_function_call())

       {

         const auto &function = as_const(*target).call_function();

         if(function.id() == ID_dereference)

         {

           message.status() << "CALL at " << target->source_location() << ":"

                            << messaget::eom;


           const auto &pointer = to_dereference_expr(function).pointer();

           auto addresses = value_sets.get_values(f.first, target, pointer);


           std::unordered_set<symbol_exprt, irep_hash> functions;


           for(const auto &address : addresses)

           {

             // is this a plain function address?

             // strip leading '&'

             if(address.id() == ID_object_descriptor)

             {

               const auto &od = to_object_descriptor_expr(address);

               const auto &object = od.object();

               if(object.type().id() == ID_code && object.id() == ID_symbol)

                 functions.insert(to_symbol_expr(object));

             }

           }


           for(const auto &f : functions)

             message.status()

               << "  function: " << f.get_identifier() << messaget::eom;


           if(functions.size() > 0)

           {

             remove_function_pointer(

               message_handler,

               goto_model.symbol_table,

               f.second.body,

               f.first,

               target,

               functions);

           }

         }

       }

     }

   }

   goto_model.goto_functions.update();

 }

as_const
const T & as_const(T &value)
Return a reference to the same object but ensures the type is const.
Definition: as_const.h:14

dereference_exprt::pointer
exprt & pointer()
Definition: pointer_expr.h:847

goto_functionst::function_map
function_mapt function_map
Definition: goto_functions.h:29

goto_functionst::update
void update()
Definition: goto_functions.h:88

goto_modelt
Definition: goto_model.h:27

goto_modelt::symbol_table
symbol_tablet symbol_table
Symbol table.
Definition: goto_model.h:31

goto_modelt::goto_functions
goto_functionst goto_functions
GOTO functions.
Definition: goto_model.h:34

message_handlert
Definition: message.h:27

messaget::mstreamt::source_location
source_locationt source_location
Definition: message.h:239

messaget
Class that provides messages with a built-in verbosity 'level'.
Definition: message.h:154

messaget::status
mstreamt & status() const
Definition: message.h:406

messaget::eom
static eomt eom
Definition: message.h:289

namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition: namespace.h:94

value_set_analysis_fit
Definition: value_set_analysis_fi.h:25

value_set_analysis_fit::get_values
std::vector< exprt > get_values(const irep_idt &function_id, locationt l, const exprt &expr) override
Definition: value_set_analysis_fi.cpp:209

goto_model.h
Symbol Table + CFG.

namespace.h

pointer_expr.h
API to expression classes for Pointers.

to_dereference_expr
const dereference_exprt & to_dereference_expr(const exprt &expr)
Cast an exprt to a dereference_exprt.
Definition: pointer_expr.h:890

to_object_descriptor_expr
const object_descriptor_exprt & to_object_descriptor_expr(const exprt &expr)
Cast an exprt to an object_descriptor_exprt.
Definition: pointer_expr.h:252

remove_function_pointer
void remove_function_pointer(message_handlert &message_handler, symbol_tablet &symbol_table, goto_programt &goto_program, const irep_idt &function_id, goto_programt::targett target, const std::unordered_set< symbol_exprt, irep_hash > &functions)
Replace a call to a dynamic function at location target in the given goto-program by a case-split ove...
Definition: remove_function_pointers.cpp:379

remove_function_pointers.h
Remove Indirect Function Calls.

message.h

to_symbol_expr
const symbol_exprt & to_symbol_expr(const exprt &expr)
Cast an exprt to a symbol_exprt.
Definition: std_expr.h:272

value_set_analysis_fi.h
Value Set Propagation (flow insensitive)

value_set_fi_fp_removal
void value_set_fi_fp_removal(goto_modelt &goto_model, message_handlert &message_handler)
Builds the flow-insensitive value set for all function pointers and replaces function pointers with a...
Definition: value_set_fi_fp_removal.cpp:20

value_set_fi_fp_removal.h
flow insensitive value set function pointer removal