cbmc/value__set__pointer__abstract__object_8cpp_source.html

 /*******************************************************************\


  Module: analyses variable-sensitivity


  Author: Diffblue Ltd.


 \*******************************************************************/


 #include <util/pointer_expr.h>

 #include <util/simplify_expr.h>


 #include <analyses/variable-sensitivity/constant_pointer_abstract_object.h>

 #include <analyses/variable-sensitivity/value_set_pointer_abstract_object.h>


 #include "abstract_environment.h"

 #include "context_abstract_object.h" // IWYU pragma: keep


 #include <algorithm>

 #include <numeric>


 static abstract_object_sett

 unwrap_and_extract_values(const abstract_object_sett &values);


 static abstract_object_pointert

 maybe_extract_single_value(const abstract_object_pointert &maybe_singleton);


 value_set_pointer_abstract_objectt::value_set_pointer_abstract_objectt(

   const typet &new_type,

   bool top,

   bool bottom,

   const abstract_object_sett &new_values)

   : abstract_pointer_objectt(new_type, top, bottom), values(new_values)

 {

 }


 value_set_pointer_abstract_objectt::value_set_pointer_abstract_objectt(

   const typet &type,

   bool top,

   bool bottom)

   : abstract_pointer_objectt(type, top, bottom)

 {

   values.insert(

     std::make_shared<constant_pointer_abstract_objectt>(type, top, bottom));

 }


 value_set_pointer_abstract_objectt::value_set_pointer_abstract_objectt(

   const exprt &expr,

   const abstract_environmentt &environment,

   const namespacet &ns)

   : abstract_pointer_objectt(expr.type(), false, false)

 {

   values.insert(

     std::make_shared<constant_pointer_abstract_objectt>(expr, environment, ns));

 }


 abstract_object_pointert value_set_pointer_abstract_objectt::read_dereference(

   const abstract_environmentt &env,

   const namespacet &ns) const

 {

   if(is_top() || is_bottom())

   {

     return env.abstract_object_factory(

       to_pointer_type(type()).base_type(), ns, is_top(), !is_top());

   }


   abstract_object_sett results;

   for(auto value : values)

   {

     auto pointer =

       std::dynamic_pointer_cast<const abstract_pointer_objectt>(value);

     results.insert(pointer->read_dereference(env, ns));

   }


   return results.first();

 }


 abstract_object_pointert value_set_pointer_abstract_objectt::write_dereference(

   abstract_environmentt &environment,

   const namespacet &ns,

   const std::stack<exprt> &stack,

   const abstract_object_pointert &new_value,

   bool merging_write) const

 {

   if(is_top() || is_bottom())

   {

     environment.havoc("Writing to a 2value pointer");

     return shared_from_this();

   }


   for(auto value : values)

   {

     auto pointer =

       std::dynamic_pointer_cast<const abstract_pointer_objectt>(value);

     pointer->write_dereference(

       environment, ns, stack, new_value, merging_write);

   }


   return shared_from_this();

 }


 abstract_object_pointert value_set_pointer_abstract_objectt::typecast(

   const typet &new_type,

   const abstract_environmentt &environment,

   const namespacet &ns) const

 {

   INVARIANT(is_void_pointer(type()), "Only allow pointer casting from void*");

   abstract_object_sett new_values;

   for(auto value : values)

   {

     if(value->is_top()) // multiple mallocs in the same scope can cause spurious

       continue; // TOP values, which we can safely strip out during the cast


     auto pointer =

       std::dynamic_pointer_cast<const abstract_pointer_objectt>(value);

     new_values.insert(pointer->typecast(new_type, environment, ns));

   }

   return std::make_shared<value_set_pointer_abstract_objectt>(

     new_type, is_top(), is_bottom(), new_values);

 }


 abstract_object_pointert value_set_pointer_abstract_objectt::ptr_diff(

   const exprt &expr,

   const std::vector<abstract_object_pointert> &operands,

   const abstract_environmentt &environment,

   const namespacet &ns) const

 {

   auto rhs =

     std::dynamic_pointer_cast<const value_set_pointer_abstract_objectt>(

       operands.back());


   auto differences = std::vector<abstract_object_pointert>{};


   for(auto &lhsv : values)

   {

     auto lhsp = std::dynamic_pointer_cast<const abstract_pointer_objectt>(lhsv);

     for(auto const &rhsp : rhs->values)

     {

       auto ops = std::vector<abstract_object_pointert>{lhsp, rhsp};

       differences.push_back(lhsp->ptr_diff(expr, ops, environment, ns));

     }

   }


   return std::accumulate(

     differences.cbegin(),

     differences.cend(),

     differences.front(),

     [](

       const abstract_object_pointert &lhs,

       const abstract_object_pointert &rhs) {

       return abstract_objectt::merge(lhs, rhs, widen_modet::no).object;

     });

 }


 exprt value_set_pointer_abstract_objectt::ptr_comparison_expr(

   const exprt &expr,

   const std::vector<abstract_object_pointert> &operands,

   const abstract_environmentt &environment,

   const namespacet &ns) const

 {

   auto rhs =

     std::dynamic_pointer_cast<const value_set_pointer_abstract_objectt>(

       operands.back());


   auto comparisons = std::set<exprt>{};


   for(auto &lhsv : values)

   {

     auto lhsp = std::dynamic_pointer_cast<const abstract_pointer_objectt>(lhsv);

     for(auto const &rhsp : rhs->values)

     {

       auto ops = std::vector<abstract_object_pointert>{lhsp, rhsp};

       auto comparison = lhsp->ptr_comparison_expr(expr, ops, environment, ns);

       auto result = simplify_expr(comparison, ns);

       comparisons.insert(result);

     }

   }


   if(comparisons.size() > 1)

     return nil_exprt();

   return *comparisons.cbegin();

 }


 abstract_object_pointert value_set_pointer_abstract_objectt::resolve_values(

   const abstract_object_sett &new_values) const

 {

   PRECONDITION(!new_values.empty());


   if(new_values == values)

     return shared_from_this();


   auto unwrapped_values = unwrap_and_extract_values(new_values);


   auto result = std::dynamic_pointer_cast<value_set_pointer_abstract_objectt>(

     mutable_clone());


   if(unwrapped_values.size() > max_value_set_size)

   {

     result->set_top();

   }

   else

   {

     result->set_values(unwrapped_values);

   }

   return result;

 }


 abstract_object_pointert value_set_pointer_abstract_objectt::merge(

   const abstract_object_pointert &other,

   const widen_modet &widen_mode) const

 {

   auto cast_other = std::dynamic_pointer_cast<const value_set_tag>(other);

   if(cast_other)

   {

     auto union_values = values;

     union_values.insert(cast_other->get_values());

     return resolve_values(union_values);

   }


   return abstract_objectt::merge(other, widen_mode);

 }


 exprt value_set_pointer_abstract_objectt::to_predicate_internal(

   const exprt &name) const

 {

   if(values.size() == 1)

     return values.first()->to_predicate(name);


   auto all_predicates = exprt::operandst{};

   std::transform(

     values.begin(),

     values.end(),

     std::back_inserter(all_predicates),

     [&name](const abstract_object_pointert &value) {

       return value->to_predicate(name);

     });

   std::sort(all_predicates.begin(), all_predicates.end());


   return or_exprt(all_predicates);

 }


 void value_set_pointer_abstract_objectt::set_values(

   const abstract_object_sett &other_values)

 {

   PRECONDITION(!other_values.empty());

   set_not_top();

   values = other_values;

 }


 void value_set_pointer_abstract_objectt::output(

   std::ostream &out,

   const ai_baset &ai,

   const namespacet &ns) const

 {

   if(is_top())

   {

     out << "TOP";

   }

   else if(is_bottom())

   {

     out << "BOTTOM";

   }

   else

   {

     out << "value-set-begin: ";


     values.output(out, ai, ns);


     out << " :value-set-end";

   }

 }


 abstract_object_sett

 unwrap_and_extract_values(const abstract_object_sett &values)

 {

   abstract_object_sett unwrapped_values;

   for(auto const &value : values)

   {

     unwrapped_values.insert(maybe_extract_single_value(value));

   }


   return unwrapped_values;

 }


 abstract_object_pointert

 maybe_extract_single_value(const abstract_object_pointert &maybe_singleton)

 {

   auto const &value_as_set = std::dynamic_pointer_cast<const value_set_tag>(

     maybe_singleton->unwrap_context());

   if(value_as_set)

   {

     PRECONDITION(value_as_set->get_values().size() == 1);

     PRECONDITION(!std::dynamic_pointer_cast<const context_abstract_objectt>(

       value_as_set->get_values().first()));


     return value_as_set->get_values().first();

   }

   else

     return maybe_singleton;

 }

abstract_environment.h
An abstract version of a program environment.

widen_modet
widen_modet
Definition: abstract_environment.h:31

abstract_object_pointert
sharing_ptrt< class abstract_objectt > abstract_object_pointert
Definition: abstract_object.h:69

transform
static abstract_object_pointert transform(const exprt &expr, const std::vector< abstract_object_pointert > &operands, const abstract_environmentt &environment, const namespacet &ns)
Definition: abstract_value_object.cpp:159

abstract_environmentt
Definition: abstract_environment.h:39

abstract_environmentt::havoc
virtual void havoc(const std::string &havoc_string)
This should be used as a default case / everything else has failed The string is so that I can easily...
Definition: abstract_environment.cpp:378

abstract_environmentt::abstract_object_factory
virtual abstract_object_pointert abstract_object_factory(const typet &type, const namespacet &ns, bool top, bool bottom) const
Look at the configuration for the sensitivity and create an appropriate abstract_object.
Definition: abstract_environment.cpp:311

abstract_object_sett
Definition: abstract_object_set.h:19

abstract_object_sett::begin
const_iterator begin() const
Definition: abstract_object_set.h:58

abstract_object_sett::size
value_sett::size_type size() const
Definition: abstract_object_set.h:67

abstract_object_sett::output
void output(std::ostream &out, const ai_baset &ai, const namespacet &ns) const
Definition: abstract_object_set.cpp:25

abstract_object_sett::insert
void insert(const abstract_object_pointert &o)
Definition: abstract_object_set.h:29

abstract_object_sett::first
abstract_object_pointert first() const
Definition: abstract_object_set.h:53

abstract_object_sett::empty
bool empty() const
Definition: abstract_object_set.h:71

abstract_object_sett::end
const_iterator end() const
Definition: abstract_object_set.h:62

abstract_objectt::is_top
virtual bool is_top() const
Find out if the abstract object is top.
Definition: abstract_object.cpp:141

abstract_objectt::is_bottom
virtual bool is_bottom() const
Find out if the abstract object is bottom.
Definition: abstract_object.cpp:146

abstract_objectt::top
bool top
Definition: abstract_object.h:371

abstract_objectt::set_not_top
void set_not_top()
Definition: abstract_object.h:465

abstract_objectt::merge
static combine_result merge(const abstract_object_pointert &op1, const abstract_object_pointert &op2, const locationt &merge_location, const widen_modet &widen_mode)
Definition: abstract_object.cpp:195

abstract_objectt::bottom
bool bottom
Definition: abstract_object.h:370

abstract_objectt::type
virtual const typet & type() const
Get the real type of the variable this abstract object is representing.
Definition: abstract_object.cpp:33

abstract_pointer_objectt
Definition: abstract_pointer_object.h:22

ai_baset
This is the basic interface of the abstract interpreter with default implementations of the core func...
Definition: ai.h:117

exprt
Base class for all expressions.
Definition: expr.h:56

exprt::operandst
std::vector< exprt > operandst
Definition: expr.h:58

namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition: namespace.h:94

nil_exprt
The NIL expression.
Definition: std_expr.h:3081

or_exprt
Boolean OR.
Definition: std_expr.h:2228

typet
The type of an expression, extends irept.
Definition: type.h:29

value_set_pointer_abstract_objectt::values
abstract_object_sett values
Definition: value_set_pointer_abstract_object.h:110

value_set_pointer_abstract_objectt::resolve_values
abstract_object_pointert resolve_values(const abstract_object_sett &new_values) const
Update the set of stored values to new_values.
Definition: value_set_pointer_abstract_object.cpp:189

value_set_pointer_abstract_objectt::ptr_diff
abstract_object_pointert ptr_diff(const exprt &expr, const std::vector< abstract_object_pointert > &operands, const abstract_environmentt &environment, const namespacet &ns) const override
Definition: value_set_pointer_abstract_object.cpp:127

value_set_pointer_abstract_objectt::mutable_clone
internal_abstract_object_pointert mutable_clone() const override
Definition: value_set_pointer_abstract_object.h:91

value_set_pointer_abstract_objectt::to_predicate_internal
exprt to_predicate_internal(const exprt &name) const override
to_predicate implementation - derived classes will override
Definition: value_set_pointer_abstract_object.cpp:228

value_set_pointer_abstract_objectt::merge
abstract_object_pointert merge(const abstract_object_pointert &other, const widen_modet &widen_mode) const override
Definition: value_set_pointer_abstract_object.cpp:213

value_set_pointer_abstract_objectt::max_value_set_size
static const size_t max_value_set_size
The threshold size for value-sets: past this threshold the object is either converted to interval or ...
Definition: value_set_pointer_abstract_object.h:57

value_set_pointer_abstract_objectt::set_values
void set_values(const abstract_object_sett &other_values)
Setter for updating the stored values.
Definition: value_set_pointer_abstract_object.cpp:247

value_set_pointer_abstract_objectt::output
void output(std::ostream &out, const ai_baset &ai, const namespacet &ns) const override
Definition: value_set_pointer_abstract_object.cpp:255

value_set_pointer_abstract_objectt::read_dereference
abstract_object_pointert read_dereference(const abstract_environmentt &env, const namespacet &ns) const override
A helper function to read elements from an array.
Definition: value_set_pointer_abstract_object.cpp:62

value_set_pointer_abstract_objectt::typecast
abstract_object_pointert typecast(const typet &new_type, const abstract_environmentt &environment, const namespacet &ns) const override
Definition: value_set_pointer_abstract_object.cpp:107

value_set_pointer_abstract_objectt::value_set_pointer_abstract_objectt
value_set_pointer_abstract_objectt(const typet &new_type, bool top, bool bottom, const abstract_object_sett &new_values)
Definition: value_set_pointer_abstract_object.cpp:33

value_set_pointer_abstract_objectt::write_dereference
abstract_object_pointert write_dereference(abstract_environmentt &environment, const namespacet &ns, const std::stack< exprt > &stack, const abstract_object_pointert &new_value, bool merging_write) const override
Evaluate writing to a pointer's value.
Definition: value_set_pointer_abstract_object.cpp:83

value_set_pointer_abstract_objectt::ptr_comparison_expr
exprt ptr_comparison_expr(const exprt &expr, const std::vector< abstract_object_pointert > &operands, const abstract_environmentt &environment, const namespacet &ns) const override
Definition: value_set_pointer_abstract_object.cpp:160

constant_pointer_abstract_object.h
An abstraction of a pointer that tracks a single pointer.

context_abstract_object.h
General implementation of a an abstract_objectt which can track side information in the form of a 'co...

pointer_expr.h
API to expression classes for Pointers.

is_void_pointer
bool is_void_pointer(const typet &type)
This method tests, if the given typet is a pointer of type void.
Definition: pointer_expr.h:110

to_pointer_type
const pointer_typet & to_pointer_type(const typet &type)
Cast a typet to a pointer_typet.
Definition: pointer_expr.h:93

simplify_expr
exprt simplify_expr(exprt src, const namespacet &ns)
Definition: simplify_expr.cpp:3242

simplify_expr.h

PRECONDITION
#define PRECONDITION(CONDITION)
Definition: invariant.h:463

validation_modet::INVARIANT
@ INVARIANT

maybe_extract_single_value
static abstract_object_pointert maybe_extract_single_value(const abstract_object_pointert &maybe_singleton)
Helper for converting singleton value sets into its only value.
Definition: value_set_pointer_abstract_object.cpp:291

unwrap_and_extract_values
static abstract_object_sett unwrap_and_extract_values(const abstract_object_sett &values)
Definition: value_set_pointer_abstract_object.cpp:279

value_set_pointer_abstract_object.h
Value Set of Pointer Abstract Object.