cbmc/variable__sensitivity__domain_8h_source.html

/*******************************************************************\


 Module: analyses variable-sensitivity


 Author: Thomas Kiley, thomas.kiley@diffblue.com


\*******************************************************************/


#ifndef CPROVER_ANALYSES_VARIABLE_SENSITIVITY_VARIABLE_SENSITIVITY_DOMAIN_H

#define CPROVER_ANALYSES_VARIABLE_SENSITIVITY_VARIABLE_SENSITIVITY_DOMAIN_H


#include <iosfwd>

#include <memory>


#include <analyses/ai_domain.h>

#include <analyses/variable-sensitivity/abstract_environment.h>

#include <analyses/variable-sensitivity/variable_sensitivity_configuration.h>


#define OPT_VSD                                                                \

  "(vsd-values):"                                                              \

  "(vsd-structs):"                                                             \

  "(vsd-arrays):"                                                              \

  "(vsd-array-max-elements):"                                                  \

  "(vsd-pointers):"                                                            \

  "(vsd-unions):"                                                              \

  "(vsd-flow-insensitive)"                                                     \

  "(vsd-data-dependencies)"                                                    \

  "(vsd-liveness)"


#define HELP_VSD                                                               \

  " {y--vsd-values} [{yconstants}|{yintervals}|{yset-of-constants}] \t "       \

  "value tracking\n"                                                           \

  " {y--vsd-structs} [{ytop-bottom}|{yevery-field}] \t "                       \

  "struct field sensitive analysis\n"                                          \

  " {y--vsd-arrays} [{ytop-bottom}|{ysmash}|{yup-to-n-elements}|"              \

  "{yevery-element}] \t "                                                      \

  "array entry sensitive analysis\n"                                           \

  " {y--vsd-array-max-elements} {uN} \t "                                      \

  "set the {un} in {y--vsd-arrays} {yup-to-n-elements} (defaults to 10 if "    \

  "not given)\n"                                                               \

  " {y--vsd-pointers} [{ytop-bottom}|{yconstants}|{yvalue-set}] \t "           \

  "pointer sensitive analysis\n"                                               \

  " {y--vsd-unions} [{ytop-bottom}] \t union sensitive analysis\n"             \

  " {y--vsd-data-dependencies} \t track data dependencies\n"                   \

  " {y--vsd-liveness} \t track variable liveness\n"                            \

  " {y--vsd-flow-insensitive} \t disables flow sensitivity\n"


#define PARSE_OPTIONS_VSD(cmdline, options)                                    \

  options.set_option("values", cmdline.get_value("vsd-values"));               \

  options.set_option("pointers", cmdline.get_value("vsd-pointers"));           \

  options.set_option("arrays", cmdline.get_value("vsd-arrays"));               \

  options.set_option("array-max-elements", cmdline.get_value("vsd-array-max-elements")); /* NOLINT(whitespace/line_length) */ \

  options.set_option("structs", cmdline.get_value("vsd-structs"));             \

  options.set_option("unions", cmdline.get_value("vsd-unions"));               \

  options.set_option("flow-insensitive", cmdline.isset("vsd-flow-insensitive")); /* NOLINT(whitespace/line_length) */ \

  options.set_option("data-dependencies", cmdline.isset("vsd-data-dependencies")); /* NOLINT(whitespace/line_length) */ \

  options.set_option("liveness", cmdline.isset("vsd-liveness")); /* NOLINT(whitespace/line_length) */ \

  (void)0


class variable_sensitivity_domaint : public ai_domain_baset

{

public:


  explicit variable_sensitivity_domaint(

    variable_sensitivity_object_factory_ptrt _object_factory,

    const vsd_configt &_configuration)

    : abstract_state(_object_factory),

      flow_sensitivity(_configuration.flow_sensitivity)

  {

  }


  void transform(

    const irep_idt &function_from,

    trace_ptrt trace_from,

    const irep_idt &function_to,

    trace_ptrt trace_to,

    ai_baset &ai,

    const namespacet &ns) override;


  void make_bottom() override;


  void make_top() override;


  void output(std::ostream &out, const ai_baset &ai, const namespacet &ns)

    const override;


  exprt to_predicate() const override;


  exprt to_predicate(const exprt &expr, const namespacet &ns) const;

  exprt to_predicate(const exprt::operandst &exprs, const namespacet &ns) const;


  virtual bool

  merge(const variable_sensitivity_domaint &b, trace_ptrt from, trace_ptrt to);


  virtual void merge_three_way_function_return(

    const ai_domain_baset &function_start,

    const ai_domain_baset &function_end,

    const namespacet &ns);


  bool ai_simplify(exprt &condition, const namespacet &ns) const override;


  bool is_bottom() const override;


  bool is_top() const override;


  virtual abstract_object_pointert


  eval(const exprt &expr, const namespacet &ns) const

  {

    return abstract_state.eval(expr, ns);

  }


private:

  void transform_function_call(

    locationt from,

    locationt to,

    ai_baset &ai,

    const namespacet &ns);


  bool ignore_function_call_transform(const irep_idt &function_id) const;


  void assume(exprt expr, namespacet ns);


  abstract_environmentt abstract_state;

  flow_sensitivityt flow_sensitivity;


#ifdef ENABLE_STATS

public:

  abstract_object_statisticst gather_statistics(const namespacet &ns) const;

#endif

};


class variable_sensitivity_domain_factoryt

  : public ai_domain_factoryt<variable_sensitivity_domaint>

{

public:


  explicit variable_sensitivity_domain_factoryt(

    variable_sensitivity_object_factory_ptrt _object_factory,

    const vsd_configt &_configuration)

    : object_factory(_object_factory), configuration(_configuration)

  {

  }


  std::unique_ptr<statet> make(locationt l) const override

  {

    auto d = std::make_unique<variable_sensitivity_domaint>(

      object_factory, configuration);

    CHECK_RETURN(d->is_bottom());

    return std::unique_ptr<statet>(d.release());

  }


private:

  variable_sensitivity_object_factory_ptrt object_factory;

  const vsd_configt configuration;

};


#ifdef ENABLE_STATS

template <>

struct get_domain_statisticst<variable_sensitivity_domaint>

{

  abstract_object_statisticst total_statistics = {};

  void

  add_entry(const variable_sensitivity_domaint &domain, const namespacet &ns)

  {

    auto statistics = domain.gather_statistics(ns);

    total_statistics.number_of_interval_abstract_objects +=

      statistics.number_of_interval_abstract_objects;

    total_statistics.number_of_globals += statistics.number_of_globals;

    total_statistics.number_of_single_value_intervals +=

      statistics.number_of_single_value_intervals;

    total_statistics.number_of_constants += statistics.number_of_constants;

    total_statistics.number_of_pointers += statistics.number_of_constants;

    total_statistics.number_of_arrays += statistics.number_of_arrays;

    total_statistics.number_of_structs += statistics.number_of_arrays;

    total_statistics.objects_memory_usage += statistics.objects_memory_usage;

  }


  void print(std::ostream &out) const

  {

    out << "<< Begin Variable Sensitivity Domain Statistics >>\n"

        << "  Memory Usage: "

        << total_statistics.objects_memory_usage.to_string() << '\n'

        << "  Number of structs: " << total_statistics.number_of_structs << '\n'

        << "  Number of arrays: " << total_statistics.number_of_arrays << '\n'

        << "  Number of pointers: " << total_statistics.number_of_pointers

        << '\n'

        << "  Number of constants: " << total_statistics.number_of_constants

        << '\n'

        << "  Number of intervals: "

        << total_statistics.number_of_interval_abstract_objects << '\n'

        << "  Number of single value intervals: "

        << total_statistics.number_of_single_value_intervals << '\n'

        << "  Number of globals: " << total_statistics.number_of_globals << '\n'

        << "<< End Variable Sensitivity Domain Statistics >>\n";

  }

};

#endif


#endif // CPROVER_ANALYSES_VARIABLE_SENSITIVITY_VARIABLE_SENSITIVITY_DOMAIN_H

abstract_environment.h
An abstract version of a program environment.

variable_sensitivity_object_factory_ptrt
std::shared_ptr< variable_sensitivity_object_factoryt > variable_sensitivity_object_factory_ptrt
Definition abstract_environment.h:28

abstract_object_pointert
sharing_ptrt< class abstract_objectt > abstract_object_pointert
Definition abstract_object.h:69

ai_domain.h
Abstract Interpretation Domain.

abstract_environmentt
Definition abstract_environment.h:39

abstract_environmentt::eval
virtual abstract_object_pointert eval(const exprt &expr, const namespacet &ns) const
These three are really the heart of the method.
Definition abstract_environment.cpp:101

ai_baset
This is the basic interface of the abstract interpreter with default implementations of the core func...
Definition ai.h:117

ai_domain_baset
The interface offered by a domain, allows code to manipulate domains without knowing their exact type...
Definition ai_domain.h:54

ai_domain_baset::trace_ptrt
ai_history_baset::trace_ptrt trace_ptrt
Definition ai_domain.h:73

ai_domain_baset::locationt
goto_programt::const_targett locationt
Definition ai_domain.h:72

ai_domain_factoryt
Definition ai_domain.h:200

ai_domain_factoryt< variable_sensitivity_domaint >::locationt
ai_domain_factory_baset::locationt locationt
Definition ai_domain.h:203

ait
ait supplies three of the four components needed: an abstract interpreter (in this case handling func...
Definition ai.h:562

ait::ait
ait()
Definition ai.h:565

dstringt
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Definition dstring.h:38

exprt
Base class for all expressions.
Definition expr.h:56

exprt::operandst
std::vector< exprt > operandst
Definition expr.h:58

namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition namespace.h:91

variable_sensitivity_domain_factoryt
Definition variable_sensitivity_domain.h:256

variable_sensitivity_domain_factoryt::configuration
const vsd_configt configuration
Definition variable_sensitivity_domain.h:275

variable_sensitivity_domain_factoryt::object_factory
variable_sensitivity_object_factory_ptrt object_factory
Definition variable_sensitivity_domain.h:274

variable_sensitivity_domain_factoryt::variable_sensitivity_domain_factoryt
variable_sensitivity_domain_factoryt(variable_sensitivity_object_factory_ptrt _object_factory, const vsd_configt &_configuration)
Definition variable_sensitivity_domain.h:258

variable_sensitivity_domain_factoryt::make
std::unique_ptr< statet > make(locationt l) const override
Definition variable_sensitivity_domain.h:265

variable_sensitivity_domaint
Definition variable_sensitivity_domain.h:116

variable_sensitivity_domaint::ai_simplify
bool ai_simplify(exprt &condition, const namespacet &ns) const override
Use the information in the domain to simplify the expression with respect to the current location.
Definition variable_sensitivity_domain.cpp:241

variable_sensitivity_domaint::to_predicate
exprt to_predicate() const override
Gives a Boolean condition that is true for all values represented by the domain.
Definition variable_sensitivity_domain.cpp:179

variable_sensitivity_domaint::make_bottom
void make_bottom() override
Sets the domain to bottom (no states / unreachable).
Definition variable_sensitivity_domain.cpp:210

variable_sensitivity_domaint::output
void output(std::ostream &out, const ai_baset &ai, const namespacet &ns) const override
Basic text output of the abstract domain.
Definition variable_sensitivity_domain.cpp:171

variable_sensitivity_domaint::make_top
void make_top() override
Sets the domain to top (all states).
Definition variable_sensitivity_domain.cpp:216

variable_sensitivity_domaint::variable_sensitivity_domaint
variable_sensitivity_domaint(variable_sensitivity_object_factory_ptrt _object_factory, const vsd_configt &_configuration)
Definition variable_sensitivity_domain.h:118

variable_sensitivity_domaint::transform
void transform(const irep_idt &function_from, trace_ptrt trace_from, const irep_idt &function_to, trace_ptrt trace_to, ai_baset &ai, const namespacet &ns) override
Compute the abstract transformer for a single instruction.
Definition variable_sensitivity_domain.cpp:24

variable_sensitivity_domaint::abstract_state
abstract_environmentt abstract_state
Definition variable_sensitivity_domain.h:245

variable_sensitivity_domaint::merge_three_way_function_return
virtual void merge_three_way_function_return(const ai_domain_baset &function_start, const ai_domain_baset &function_end, const namespacet &ns)
Merges just the things that have changes between "function_start" and "function_end" into "this".
Definition variable_sensitivity_domain.cpp:419

variable_sensitivity_domaint::eval
virtual abstract_object_pointert eval(const exprt &expr, const namespacet &ns) const
Definition variable_sensitivity_domain.h:211

variable_sensitivity_domaint::is_bottom
bool is_bottom() const override
Find out if the domain is currently unreachable.
Definition variable_sensitivity_domain.cpp:268

variable_sensitivity_domaint::transform_function_call
void transform_function_call(locationt from, locationt to, ai_baset &ai, const namespacet &ns)
Used by variable_sensitivity_domaint::transform to handle FUNCTION_CALL transforms.
Definition variable_sensitivity_domain.cpp:278

variable_sensitivity_domaint::merge
virtual bool merge(const variable_sensitivity_domaint &b, trace_ptrt from, trace_ptrt to)
Computes the join between "this" and "b".
Definition variable_sensitivity_domain.cpp:221

variable_sensitivity_domaint::flow_sensitivity
flow_sensitivityt flow_sensitivity
Definition variable_sensitivity_domain.h:246

variable_sensitivity_domaint::assume
void assume(exprt expr, namespacet ns)
Definition variable_sensitivity_domain.cpp:452

variable_sensitivity_domaint::is_top
bool is_top() const override
Is the domain completely top at this state.
Definition variable_sensitivity_domain.cpp:273

variable_sensitivity_domaint::ignore_function_call_transform
bool ignore_function_call_transform(const irep_idt &function_id) const
Used to specify which CPROVER internal functions should be skipped over when doing function call tran...
Definition variable_sensitivity_domain.cpp:403

CHECK_RETURN
#define CHECK_RETURN(CONDITION)
Definition invariant.h:495

abstract_object_statisticst
Definition abstract_object_statistics.h:19

vsd_configt
Definition variable_sensitivity_configuration.h:44

variable_sensitivity_configuration.h
Captures the user-supplied configuration for VSD, determining which domain abstractions are used,...

flow_sensitivityt
flow_sensitivityt
Definition variable_sensitivity_configuration.h:38