cbmc/value__set__fi__fp__removal_8cpp_source.html

/*******************************************************************\


Module: value_set_fi_Fp_removal


Author: Daniel Kroening, kroening@kroening.com


\*******************************************************************/


#include "value_set_fi_fp_removal.h"


#include <util/message.h>

#include <util/namespace.h>

#include <util/pointer_expr.h>


#include <goto-programs/goto_model.h>

#include <goto-programs/remove_function_pointers.h>


#include <pointer-analysis/value_set_analysis_fi.h>


void value_set_fi_fp_removal(

  goto_modelt &goto_model,

  message_handlert &message_handler)

{

  messaget message(message_handler);

  message.status() << "Doing FI value set analysis" << messaget::eom;


  const namespacet ns(goto_model.symbol_table);

  value_set_analysis_fit value_sets(ns);

  value_sets(goto_model.goto_functions);


  message.status() << "Instrumenting" << messaget::eom;


  // now replace aliases by addresses

  for(auto &f : goto_model.goto_functions.function_map)

  {

    for(auto target = f.second.body.instructions.begin();

        target != f.second.body.instructions.end();

        target++)

    {

      if(target->is_function_call())

      {

        const auto &function = as_const(*target).call_function();

        if(function.id() == ID_dereference)

        {

          message.status() << "CALL at " << target->source_location() << ":"

                           << messaget::eom;


          const auto &pointer = to_dereference_expr(function).pointer();

          auto addresses = value_sets.get_values(f.first, target, pointer);


          std::unordered_set<symbol_exprt, irep_hash> functions;


          for(const auto &address : addresses)

          {

            // is this a plain function address?

            // strip leading '&'

            if(address.id() == ID_object_descriptor)

            {

              const auto &od = to_object_descriptor_expr(address);

              const auto &object = od.object();

              if(object.type().id() == ID_code && object.id() == ID_symbol)

                functions.insert(to_symbol_expr(object));

            }

          }


          for(const auto &f : functions)

            message.status()

              << "  function: " << f.get_identifier() << messaget::eom;


          if(functions.size() > 0)

          {

            remove_function_pointer(

              message_handler,

              goto_model.symbol_table,

              f.second.body,

              f.first,

              target,

              functions);

          }

        }

      }

    }

  }

  goto_model.goto_functions.update();

}

void value_set_fi_fp_removal( {…}

as_const
const T & as_const(T &value)
Return a reference to the same object but ensures the type is const.
Definition as_const.h:14

ait
ait supplies three of the four components needed: an abstract interpreter (in this case handling func...
Definition ai.h:562

goto_functionst::function_map
function_mapt function_map
Definition goto_functions.h:29

goto_functionst::update
void update()
Definition goto_functions.h:88

goto_modelt
Definition goto_model.h:27

goto_modelt::symbol_table
symbol_tablet symbol_table
Symbol table.
Definition goto_model.h:31

goto_modelt::goto_functions
goto_functionst goto_functions
GOTO functions.
Definition goto_model.h:34

message_handlert
Definition message.h:27

messaget::mstreamt::source_location
source_locationt source_location
Definition message.h:239

messaget
Class that provides messages with a built-in verbosity 'level'.
Definition message.h:154

messaget::eom
static eomt eom
Definition message.h:289

messaget::status
mstreamt & status() const
Definition message.h:406

namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition namespace.h:91

value_set_analysis_fit
Definition value_set_analysis_fi.h:25

value_set_analysis_fit::get_values
std::vector< exprt > get_values(const irep_idt &function_id, locationt l, const exprt &expr) override
Definition value_set_analysis_fi.cpp:209

goto_model.h
Symbol Table + CFG.

namespace.h

pointer_expr.h
API to expression classes for Pointers.

to_object_descriptor_expr
const object_descriptor_exprt & to_object_descriptor_expr(const exprt &expr)
Cast an exprt to an object_descriptor_exprt.
Definition pointer_expr.h:252

to_dereference_expr
const dereference_exprt & to_dereference_expr(const exprt &expr)
Cast an exprt to a dereference_exprt.
Definition pointer_expr.h:890

remove_function_pointer
void remove_function_pointer(message_handlert &message_handler, symbol_tablet &symbol_table, goto_programt &goto_program, const irep_idt &function_id, goto_programt::targett target, const std::unordered_set< symbol_exprt, irep_hash > &functions)
Replace a call to a dynamic function at location target in the given goto-program by a case-split ove...
Definition remove_function_pointers.cpp:379

remove_function_pointers.h
Remove Indirect Function Calls.

message.h

to_symbol_expr
const symbol_exprt & to_symbol_expr(const exprt &expr)
Cast an exprt to a symbol_exprt.
Definition std_expr.h:272

value_set_analysis_fi.h
Value Set Propagation (flow insensitive)

value_set_fi_fp_removal
void value_set_fi_fp_removal(goto_modelt &goto_model, message_handlert &message_handler)
Builds the flow-insensitive value set for all function pointers and replaces function pointers with a...
Definition value_set_fi_fp_removal.cpp:20

value_set_fi_fp_removal.h
flow insensitive value set function pointer removal