cbmc/value__set__pointer__abstract__object_8cpp_source.html

/*******************************************************************\


 Module: analyses variable-sensitivity


 Author: Diffblue Ltd.


\*******************************************************************/


#include <util/pointer_expr.h>

#include <util/simplify_expr.h>


#include <analyses/variable-sensitivity/constant_pointer_abstract_object.h>

#include <analyses/variable-sensitivity/value_set_pointer_abstract_object.h>


#include "abstract_environment.h"

#include "context_abstract_object.h" // IWYU pragma: keep


#include <algorithm>

#include <numeric>


static abstract_object_sett

unwrap_and_extract_values(const abstract_object_sett &values);


static abstract_object_pointert

maybe_extract_single_value(const abstract_object_pointert &maybe_singleton);


value_set_pointer_abstract_objectt::value_set_pointer_abstract_objectt(

  const typet &new_type,

  bool top,

  bool bottom,

  const abstract_object_sett &new_values)

  : abstract_pointer_objectt(new_type, top, bottom), values(new_values)

{

}

value_set_pointer_abstract_objectt::value_set_pointer_abstract_objectt( {…}


value_set_pointer_abstract_objectt::value_set_pointer_abstract_objectt(

  const typet &type,

  bool top,

  bool bottom)

  : abstract_pointer_objectt(type, top, bottom)

{

  values.insert(

    std::make_shared<constant_pointer_abstract_objectt>(type, top, bottom));

}

value_set_pointer_abstract_objectt::value_set_pointer_abstract_objectt( {…}


value_set_pointer_abstract_objectt::value_set_pointer_abstract_objectt(

  const exprt &expr,

  const abstract_environmentt &environment,

  const namespacet &ns)

  : abstract_pointer_objectt(expr.type(), false, false)

{

  values.insert(

    std::make_shared<constant_pointer_abstract_objectt>(expr, environment, ns));

}

value_set_pointer_abstract_objectt::value_set_pointer_abstract_objectt( {…}


abstract_object_pointert value_set_pointer_abstract_objectt::read_dereference(

  const abstract_environmentt &env,

  const namespacet &ns) const

{

  if(is_top() || is_bottom())

  {

    return env.abstract_object_factory(

      to_pointer_type(type()).base_type(), ns, is_top(), !is_top());

  }


  abstract_object_sett results;

  for(auto value : values)

  {

    auto pointer =

      std::dynamic_pointer_cast<const abstract_pointer_objectt>(value);

    results.insert(pointer->read_dereference(env, ns));

  }


  return results.first();

}

abstract_object_pointert value_set_pointer_abstract_objectt::read_dereference( {…}


abstract_object_pointert value_set_pointer_abstract_objectt::write_dereference(

  abstract_environmentt &environment,

  const namespacet &ns,

  const std::stack<exprt> &stack,

  const abstract_object_pointert &new_value,

  bool merging_write) const

{

  if(is_top() || is_bottom())

  {

    environment.havoc("Writing to a 2value pointer");

    return shared_from_this();

  }


  for(auto value : values)

  {

    auto pointer =

      std::dynamic_pointer_cast<const abstract_pointer_objectt>(value);

    pointer->write_dereference(

      environment, ns, stack, new_value, merging_write);

  }


  return shared_from_this();

}

abstract_object_pointert value_set_pointer_abstract_objectt::write_dereference( {…}


abstract_object_pointert value_set_pointer_abstract_objectt::typecast(

  const typet &new_type,

  const abstract_environmentt &environment,

  const namespacet &ns) const

{

  INVARIANT(is_void_pointer(type()), "Only allow pointer casting from void*");

  abstract_object_sett new_values;

  for(auto value : values)

  {

    if(value->is_top()) // multiple mallocs in the same scope can cause spurious

      continue; // TOP values, which we can safely strip out during the cast


    auto pointer =

      std::dynamic_pointer_cast<const abstract_pointer_objectt>(value);

    new_values.insert(pointer->typecast(new_type, environment, ns));

  }

  return std::make_shared<value_set_pointer_abstract_objectt>(

    new_type, is_top(), is_bottom(), new_values);

}

abstract_object_pointert value_set_pointer_abstract_objectt::typecast( {…}


abstract_object_pointert value_set_pointer_abstract_objectt::ptr_diff(

  const exprt &expr,

  const std::vector<abstract_object_pointert> &operands,

  const abstract_environmentt &environment,

  const namespacet &ns) const

{

  auto rhs =

    std::dynamic_pointer_cast<const value_set_pointer_abstract_objectt>(

      operands.back());


  auto differences = std::vector<abstract_object_pointert>{};


  for(auto &lhsv : values)

  {

    auto lhsp = std::dynamic_pointer_cast<const abstract_pointer_objectt>(lhsv);

    for(auto const &rhsp : rhs->values)

    {

      auto ops = std::vector<abstract_object_pointert>{lhsp, rhsp};

      differences.push_back(lhsp->ptr_diff(expr, ops, environment, ns));

    }

  }


  return std::accumulate(

    differences.cbegin(),

    differences.cend(),

    differences.front(),

    [](

      const abstract_object_pointert &lhs,

      const abstract_object_pointert &rhs) {

      return abstract_objectt::merge(lhs, rhs, widen_modet::no).object;

    });

}

abstract_object_pointert value_set_pointer_abstract_objectt::ptr_diff( {…}


exprt value_set_pointer_abstract_objectt::ptr_comparison_expr(

  const exprt &expr,

  const std::vector<abstract_object_pointert> &operands,

  const abstract_environmentt &environment,

  const namespacet &ns) const

{

  auto rhs =

    std::dynamic_pointer_cast<const value_set_pointer_abstract_objectt>(

      operands.back());


  auto comparisons = std::set<exprt>{};


  for(auto &lhsv : values)

  {

    auto lhsp = std::dynamic_pointer_cast<const abstract_pointer_objectt>(lhsv);

    for(auto const &rhsp : rhs->values)

    {

      auto ops = std::vector<abstract_object_pointert>{lhsp, rhsp};

      auto comparison = lhsp->ptr_comparison_expr(expr, ops, environment, ns);

      auto result = simplify_expr(comparison, ns);

      comparisons.insert(result);

    }

  }


  if(comparisons.size() > 1)

    return nil_exprt();

  return *comparisons.cbegin();

}

exprt value_set_pointer_abstract_objectt::ptr_comparison_expr( {…}


abstract_object_pointert value_set_pointer_abstract_objectt::resolve_values(

  const abstract_object_sett &new_values) const

{

  PRECONDITION(!new_values.empty());


  if(new_values == values)

    return shared_from_this();


  auto unwrapped_values = unwrap_and_extract_values(new_values);


  auto result = std::dynamic_pointer_cast<value_set_pointer_abstract_objectt>(

    mutable_clone());


  if(unwrapped_values.size() > max_value_set_size)

  {

    result->set_top();

  }

  else

  {

    result->set_values(unwrapped_values);

  }

  return result;

}

abstract_object_pointert value_set_pointer_abstract_objectt::resolve_values( {…}


abstract_object_pointert value_set_pointer_abstract_objectt::merge(

  const abstract_object_pointert &other,

  const widen_modet &widen_mode) const

{

  auto cast_other = std::dynamic_pointer_cast<const value_set_tag>(other);

  if(cast_other)

  {

    auto union_values = values;

    union_values.insert(cast_other->get_values());

    return resolve_values(union_values);

  }


  return abstract_objectt::merge(other, widen_mode);

}

abstract_object_pointert value_set_pointer_abstract_objectt::merge( {…}


exprt value_set_pointer_abstract_objectt::to_predicate_internal(

  const exprt &name) const

{

  if(values.size() == 1)

    return values.first()->to_predicate(name);


  auto all_predicates = exprt::operandst{};

  std::transform(

    values.begin(),

    values.end(),

    std::back_inserter(all_predicates),

    [&name](const abstract_object_pointert &value) {

      return value->to_predicate(name);

    });

  std::sort(all_predicates.begin(), all_predicates.end());


  return or_exprt(all_predicates);

}

exprt value_set_pointer_abstract_objectt::to_predicate_internal( {…}


void value_set_pointer_abstract_objectt::set_values(

  const abstract_object_sett &other_values)

{

  PRECONDITION(!other_values.empty());

  set_not_top();

  values = other_values;

}

void value_set_pointer_abstract_objectt::set_values( {…}


void value_set_pointer_abstract_objectt::output(

  std::ostream &out,

  const ai_baset &ai,

  const namespacet &ns) const

{

  if(is_top())

  {

    out << "TOP";

  }

  else if(is_bottom())

  {

    out << "BOTTOM";

  }

  else

  {

    out << "value-set-begin: ";


    values.output(out, ai, ns);


    out << " :value-set-end";

  }

}

void value_set_pointer_abstract_objectt::output( {…}


abstract_object_sett


unwrap_and_extract_values(const abstract_object_sett &values)

{

  abstract_object_sett unwrapped_values;

  for(auto const &value : values)

  {

    unwrapped_values.insert(maybe_extract_single_value(value));

  }


  return unwrapped_values;

}

unwrap_and_extract_values(const abstract_object_sett &values) {…}


abstract_object_pointert


maybe_extract_single_value(const abstract_object_pointert &maybe_singleton)

{

  auto const &value_as_set = std::dynamic_pointer_cast<const value_set_tag>(

    maybe_singleton->unwrap_context());

  if(value_as_set)

  {

    PRECONDITION(value_as_set->get_values().size() == 1);

    PRECONDITION(!std::dynamic_pointer_cast<const context_abstract_objectt>(

      value_as_set->get_values().first()));


    return value_as_set->get_values().first();

  }

  else

    return maybe_singleton;

}

maybe_extract_single_value(const abstract_object_pointert &maybe_singleton) {…}

abstract_environment.h
An abstract version of a program environment.

widen_modet
widen_modet
Definition abstract_environment.h:31

abstract_object_pointert
sharing_ptrt< class abstract_objectt > abstract_object_pointert
Definition abstract_object.h:69

abstract_environmentt
Definition abstract_environment.h:39

abstract_environmentt::havoc
virtual void havoc(const std::string &havoc_string)
This should be used as a default case / everything else has failed The string is so that I can easily...
Definition abstract_environment.cpp:378

abstract_object_sett
Definition abstract_object_set.h:19

abstract_object_sett::begin
const_iterator begin() const
Definition abstract_object_set.h:58

abstract_object_sett::size
value_sett::size_type size() const
Definition abstract_object_set.h:67

abstract_object_sett::output
void output(std::ostream &out, const ai_baset &ai, const namespacet &ns) const
Definition abstract_object_set.cpp:25

abstract_object_sett::insert
void insert(const abstract_object_pointert &o)
Definition abstract_object_set.h:29

abstract_object_sett::first
abstract_object_pointert first() const
Definition abstract_object_set.h:53

abstract_object_sett::end
const_iterator end() const
Definition abstract_object_set.h:62

abstract_objectt::is_top
virtual bool is_top() const
Find out if the abstract object is top.
Definition abstract_object.cpp:141

abstract_objectt::is_bottom
virtual bool is_bottom() const
Find out if the abstract object is bottom.
Definition abstract_object.cpp:146

abstract_objectt::top
bool top
Definition abstract_object.h:371

abstract_objectt::set_not_top
void set_not_top()
Definition abstract_object.h:465

abstract_objectt::merge
static combine_result merge(const abstract_object_pointert &op1, const abstract_object_pointert &op2, const locationt &merge_location, const widen_modet &widen_mode)
Definition abstract_object.cpp:195

abstract_objectt::bottom
bool bottom
Definition abstract_object.h:370

abstract_objectt::type
virtual const typet & type() const
Get the real type of the variable this abstract object is representing.
Definition abstract_object.cpp:33

abstract_pointer_objectt
Definition abstract_pointer_object.h:22

ai_baset
This is the basic interface of the abstract interpreter with default implementations of the core func...
Definition ai.h:117

ait
ait supplies three of the four components needed: an abstract interpreter (in this case handling func...
Definition ai.h:562

exprt
Base class for all expressions.
Definition expr.h:56

exprt::operandst
std::vector< exprt > operandst
Definition expr.h:58

namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition namespace.h:91

nil_exprt
The NIL expression.
Definition std_expr.h:3208

or_exprt
Boolean OR.
Definition std_expr.h:2270

typet
The type of an expression, extends irept.
Definition type.h:29

value_set_pointer_abstract_objectt::values
abstract_object_sett values
Definition value_set_pointer_abstract_object.h:110

value_set_pointer_abstract_objectt::resolve_values
abstract_object_pointert resolve_values(const abstract_object_sett &new_values) const
Update the set of stored values to new_values.
Definition value_set_pointer_abstract_object.cpp:189

value_set_pointer_abstract_objectt::ptr_diff
abstract_object_pointert ptr_diff(const exprt &expr, const std::vector< abstract_object_pointert > &operands, const abstract_environmentt &environment, const namespacet &ns) const override
Definition value_set_pointer_abstract_object.cpp:127

value_set_pointer_abstract_objectt::mutable_clone
internal_abstract_object_pointert mutable_clone() const override
Definition value_set_pointer_abstract_object.h:91

value_set_pointer_abstract_objectt::to_predicate_internal
exprt to_predicate_internal(const exprt &name) const override
to_predicate implementation - derived classes will override
Definition value_set_pointer_abstract_object.cpp:228

value_set_pointer_abstract_objectt::merge
abstract_object_pointert merge(const abstract_object_pointert &other, const widen_modet &widen_mode) const override
Definition value_set_pointer_abstract_object.cpp:213

value_set_pointer_abstract_objectt::max_value_set_size
static const size_t max_value_set_size
The threshold size for value-sets: past this threshold the object is either converted to interval or ...
Definition value_set_pointer_abstract_object.h:57

value_set_pointer_abstract_objectt::set_values
void set_values(const abstract_object_sett &other_values)
Setter for updating the stored values.
Definition value_set_pointer_abstract_object.cpp:247

value_set_pointer_abstract_objectt::output
void output(std::ostream &out, const ai_baset &ai, const namespacet &ns) const override
Definition value_set_pointer_abstract_object.cpp:255

value_set_pointer_abstract_objectt::read_dereference
abstract_object_pointert read_dereference(const abstract_environmentt &env, const namespacet &ns) const override
A helper function to read elements from an array.
Definition value_set_pointer_abstract_object.cpp:62

value_set_pointer_abstract_objectt::typecast
abstract_object_pointert typecast(const typet &new_type, const abstract_environmentt &environment, const namespacet &ns) const override
Definition value_set_pointer_abstract_object.cpp:107

value_set_pointer_abstract_objectt::value_set_pointer_abstract_objectt
value_set_pointer_abstract_objectt(const typet &new_type, bool top, bool bottom, const abstract_object_sett &new_values)
Definition value_set_pointer_abstract_object.cpp:33

value_set_pointer_abstract_objectt::write_dereference
abstract_object_pointert write_dereference(abstract_environmentt &environment, const namespacet &ns, const std::stack< exprt > &stack, const abstract_object_pointert &new_value, bool merging_write) const override
Evaluate writing to a pointer's value.
Definition value_set_pointer_abstract_object.cpp:83

value_set_pointer_abstract_objectt::ptr_comparison_expr
exprt ptr_comparison_expr(const exprt &expr, const std::vector< abstract_object_pointert > &operands, const abstract_environmentt &environment, const namespacet &ns) const override
Definition value_set_pointer_abstract_object.cpp:160

constant_pointer_abstract_object.h
An abstraction of a pointer that tracks a single pointer.

context_abstract_object.h
General implementation of a an abstract_objectt which can track side information in the form of a 'co...

pointer_expr.h
API to expression classes for Pointers.

is_void_pointer
bool is_void_pointer(const typet &type)
This method tests, if the given typet is a pointer of type void.
Definition pointer_expr.h:110

to_pointer_type
const pointer_typet & to_pointer_type(const typet &type)
Cast a typet to a pointer_typet.
Definition pointer_expr.h:93

simplify_expr
exprt simplify_expr(exprt src, const namespacet &ns)
Definition simplify_expr.cpp:3251

simplify_expr.h

PRECONDITION
#define PRECONDITION(CONDITION)
Definition invariant.h:463

INVARIANT
#define INVARIANT(CONDITION, REASON)
This macro uses the wrapper function 'invariant_violated_string'.
Definition invariant.h:423

unwrap_and_extract_values
static abstract_object_sett unwrap_and_extract_values(const abstract_object_sett &values)
Definition value_set_abstract_object.cpp:376

maybe_extract_single_value
static abstract_object_pointert maybe_extract_single_value(const abstract_object_pointert &maybe_singleton)
Helper for converting singleton value sets into its only value.
Definition value_set_pointer_abstract_object.cpp:291

unwrap_and_extract_values
static abstract_object_sett unwrap_and_extract_values(const abstract_object_sett &values)
Definition value_set_pointer_abstract_object.cpp:279

value_set_pointer_abstract_object.h
Value Set of Pointer Abstract Object.