cbmc/wp_8cpp_source.html

/*******************************************************************\


Module: Weakest Preconditions


Author: Daniel Kroening, kroening@kroening.com


\*******************************************************************/


#include "wp.h"


// #include <langapi/language_util.h>


#include "goto_instruction_code.h"


#include <util/invariant.h>

#include <util/pointer_expr.h>

#include <util/std_code.h>


bool has_nondet(const exprt &dest)

{

  for(const auto &op : dest.operands())

  {

    if(has_nondet(op))

      return true;

  }


  if(dest.id()==ID_side_effect)

  {

    const side_effect_exprt &side_effect_expr=to_side_effect_expr(dest);

    const irep_idt &statement=side_effect_expr.get_statement();


    if(statement==ID_nondet)

      return true;

  }


  return false;

}


void approximate_nondet_rec(exprt &dest, unsigned &count)

{

  if(dest.id()==ID_side_effect &&

     to_side_effect_expr(dest).get_statement()==ID_nondet)

  {

    count++;

    dest.set(ID_identifier, "wp::nondet::"+std::to_string(count));

    dest.id(ID_nondet_symbol);

    return;

  }


  Forall_operands(it, dest)

    approximate_nondet_rec(*it, count);

}


void approximate_nondet(exprt &dest)

{

  static unsigned count=0; // not proper, should be quantified

  approximate_nondet_rec(dest, count);

}


enum class aliasingt { A_MAY, A_MUST, A_MUSTNOT };


aliasingt aliasing(

  const exprt &e1, const exprt &e2,

  const namespacet &ns)

{

  // deal with some dereferencing

  if(

    e1.id() == ID_dereference &&

    to_dereference_expr(e1).pointer().id() == ID_address_of)

  {

    return aliasing(

      to_address_of_expr(to_dereference_expr(e1).pointer()).object(), e2, ns);

  }


  if(

    e2.id() == ID_dereference &&

    to_dereference_expr(e2).pointer().id() == ID_address_of)

  {

    return aliasing(

      e1, to_address_of_expr(to_dereference_expr(e2).pointer()).object(), ns);

  }


  // fairly radical. Ignores struct prefixes and the like.

  if(e1.type() != e2.type())

    return aliasingt::A_MUSTNOT;


  // syntactically the same?

  if(e1==e2)

    return aliasingt::A_MUST;


  // the trivial case first

  if(e1.id()==ID_symbol && e2.id()==ID_symbol)

  {

    if(to_symbol_expr(e1).identifier() == to_symbol_expr(e2).identifier())

      return aliasingt::A_MUST;

    else

      return aliasingt::A_MUSTNOT;

  }


  // an array or struct will never alias with a variable,

  // nor will a struct alias with an array


  if(e1.id()==ID_index || e1.id()==ID_struct)

    if(e2.id()!=ID_dereference && e1.id()!=e2.id())

      return aliasingt::A_MUSTNOT;


  if(e2.id()==ID_index || e2.id()==ID_struct)

    if(e2.id()!=ID_dereference && e1.id()!=e2.id())

      return aliasingt::A_MUSTNOT;


  // we give up, and say it may

  // (could do much more here)


  return aliasingt::A_MAY;

}


void substitute_rec(

  exprt &dest,

  const exprt &what,

  const exprt &by,

  const namespacet &ns)

{

  if(dest.id()!=ID_address_of)

    Forall_operands(it, dest)

      substitute_rec(*it, what, by, ns);


  // possibly substitute?

  if(dest.id()==ID_member ||

     dest.id()==ID_index ||

     dest.id()==ID_dereference ||

     dest.id()==ID_symbol)

  {

    // could these be possible the same?

    switch(aliasing(dest, what, ns))

    {

    case aliasingt::A_MUST:

      dest=by; // they are always the same

      break;


    case aliasingt::A_MAY:

      {

        // consider possible aliasing between 'what' and 'dest'

        const address_of_exprt what_address(what);

        const address_of_exprt dest_address(dest);


        equal_exprt alias_cond=equal_exprt(what_address, dest_address);


        const if_exprt if_expr(alias_cond, by, dest, dest.type());


        dest=if_expr;

        return;

      }


    case aliasingt::A_MUSTNOT:

      // nothing to do

      break;

    }

  }

}


void rewrite_assignment(exprt &lhs, exprt &rhs)

{

  if(lhs.id()==ID_member) // turn s.x:=e into s:=(s with .x=e)

  {

    const member_exprt member_expr=to_member_expr(lhs);

    irep_idt component_name=member_expr.get_component_name();

    exprt new_lhs=member_expr.struct_op();


    with_exprt new_rhs(new_lhs, exprt(ID_member_name), rhs);

    new_rhs.where().set(ID_component_name, component_name);


    lhs=new_lhs;

    rhs=new_rhs;


    rewrite_assignment(lhs, rhs); // rec. call

  }

  else if(lhs.id()==ID_index) // turn s[i]:=e into s:=(s with [i]=e)

  {

    const index_exprt index_expr=to_index_expr(lhs);

    exprt new_lhs=index_expr.array();


    with_exprt new_rhs(new_lhs, index_expr.index(), rhs);


    lhs=new_lhs;

    rhs=new_rhs;


    rewrite_assignment(lhs, rhs); // rec. call

  }

}


exprt wp_assign(

  const code_assignt &code,

  const exprt &post,

  const namespacet &ns)

{

  exprt pre=post;


  exprt lhs=code.lhs(),

        rhs=code.rhs();


  // take care of non-determinism in the RHS

  approximate_nondet(rhs);


  rewrite_assignment(lhs, rhs);


  // replace lhs by rhs in pre

  substitute_rec(pre, lhs, rhs, ns);


  return pre;

}


exprt wp_assume(

  const code_assumet &code,

  const exprt &post,

  const namespacet &)

{

  return implies_exprt(code.assumption(), post);

}


exprt wp_decl(

  const code_declt &code,

  const exprt &post,

  const namespacet &ns)

{

  // Model decl(var) as var = nondet()

  const exprt &var = code.symbol();

  side_effect_expr_nondett nondet(var.type(), source_locationt());

  code_assignt assignment(var, nondet);


  return wp_assign(assignment, post, ns);

}


exprt wp(

  const codet &code,

  const exprt &post,

  const namespacet &ns)

{

  const irep_idt &statement=code.get_statement();


  if(statement==ID_assign)

    return wp_assign(to_code_assign(code), post, ns);

  else if(statement==ID_assume)

    return wp_assume(to_code_assume(code), post, ns);

  else if(statement==ID_skip)

    return post;

  else if(statement==ID_decl)

    return wp_decl(to_code_decl(code), post, ns);

  else if(statement==ID_assert)

    return post;

  else if(statement==ID_expression)

    return post;

  else if(statement==ID_printf)

    return post; // ignored

  else if(statement==ID_asm)

    return post; // ignored

  else if(statement==ID_fence)

    return post; // ignored

  INVARIANT_WITH_DIAGNOSTICS(

    false, "sorry, wp(", id2string(statement), "...) is not implemented");

}


address_of_exprt
Operator to return the address of an object.
Definition pointer_expr.h:540

ait
ait supplies three of the four components needed: an abstract interpreter (in this case handling func...
Definition ai.h:566

code_assignt
A goto_instruction_codet representing an assignment in the program.
Definition goto_instruction_code.h:22

code_assignt::rhs
exprt & rhs()
Definition goto_instruction_code.h:47

code_assignt::lhs
exprt & lhs()
Definition goto_instruction_code.h:42

code_assumet
An assumption, which must hold in subsequent code.
Definition std_code.h:217

code_assumet::assumption
const exprt & assumption() const
Definition std_code.h:223

code_declt
A goto_instruction_codet representing the declaration of a local variable.
Definition goto_instruction_code.h:204

code_declt::symbol
symbol_exprt & symbol()
Definition goto_instruction_code.h:211

codet
Data structure for representing an arbitrary statement in a program.
Definition std_code_base.h:29

codet::get_statement
const irep_idt & get_statement() const
Definition std_code_base.h:65

dstringt
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Definition dstring.h:38

equal_exprt
Equality.
Definition std_expr.h:1339

exprt
Base class for all expressions.
Definition expr.h:57

exprt::type
typet & type()
Return the type of the expression.
Definition expr.h:85

exprt::operands
operandst & operands()
Definition expr.h:95

if_exprt
The trinary if-then-else operator.
Definition std_expr.h:2426

implies_exprt
Boolean implication.
Definition std_expr.h:2154

index_exprt
Array index operator.
Definition std_expr.h:1431

irept::set
void set(const irep_idt &name, const irep_idt &value)
Definition irep.h:412

irept::id
const irep_idt & id() const
Definition irep.h:388

member_exprt
Extract member of struct or union.
Definition std_expr.h:2866

namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition namespace.h:91

side_effect_expr_nondett
A side_effect_exprt that returns a non-deterministically chosen value.
Definition std_code.h:1520

side_effect_exprt
An expression containing a side effect.
Definition std_code.h:1450

source_locationt
Definition source_location.h:20

with_exprt
Operator to update elements in structs and arrays.
Definition std_expr.h:2520

Forall_operands
#define Forall_operands(it, expr)
Definition expr.h:28

goto_instruction_code.h

to_code_assign
const code_assignt & to_code_assign(const goto_instruction_codet &code)
Definition goto_instruction_code.h:114

to_code_decl
const code_declt & to_code_decl(const goto_instruction_codet &code)
Definition goto_instruction_code.h:251

id2string
const std::string & id2string(const irep_idt &d)
Definition irep.h:44

pointer_expr.h
API to expression classes for Pointers.

to_address_of_expr
const address_of_exprt & to_address_of_expr(const exprt &expr)
Cast an exprt to an address_of_exprt.
Definition pointer_expr.h:577

to_dereference_expr
const dereference_exprt & to_dereference_expr(const exprt &expr)
Cast an exprt to a dereference_exprt.
Definition pointer_expr.h:890

invariant.h

INVARIANT_WITH_DIAGNOSTICS
#define INVARIANT_WITH_DIAGNOSTICS(CONDITION, REASON,...)
Same as invariant, with one or more diagnostics attached Diagnostics can be of any type that has a sp...
Definition invariant.h:437

std_code.h

to_side_effect_expr
side_effect_exprt & to_side_effect_expr(exprt &expr)
Definition std_code.h:1506

to_code_assume
const code_assumet & to_code_assume(const codet &code)
Definition std_code.h:251

to_index_expr
const index_exprt & to_index_expr(const exprt &expr)
Cast an exprt to an index_exprt.
Definition std_expr.h:1494

to_member_expr
const member_exprt & to_member_expr(const exprt &expr)
Cast an exprt to a member_exprt.
Definition std_expr.h:2953

to_symbol_expr
const symbol_exprt & to_symbol_expr(const exprt &expr)
Cast an exprt to a symbol_exprt.
Definition std_expr.h:221

wp_assign
exprt wp_assign(const code_assignt &code, const exprt &post, const namespacet &ns)
Definition wp.cpp:196

approximate_nondet_rec
void approximate_nondet_rec(exprt &dest, unsigned &count)
Definition wp.cpp:42

wp_assume
exprt wp_assume(const code_assumet &code, const exprt &post, const namespacet &)
Definition wp.cpp:217

approximate_nondet
void approximate_nondet(exprt &dest)
Approximate the non-deterministic choice in a way cheaper than by (proper) quantification.
Definition wp.cpp:57

wp_decl
exprt wp_decl(const code_declt &code, const exprt &post, const namespacet &ns)
Definition wp.cpp:225

wp
exprt wp(const codet &code, const exprt &post, const namespacet &ns)
Compute the weakest precondition of the given program piece code with respect to the expression post.
Definition wp.cpp:238

substitute_rec
void substitute_rec(exprt &dest, const exprt &what, const exprt &by, const namespacet &ns)
replace 'what' by 'by' in 'dest', considering possible aliasing
Definition wp.cpp:122

aliasingt
aliasingt
consider possible aliasing
Definition wp.cpp:64

aliasingt::A_MUSTNOT
@ A_MUSTNOT

aliasingt::A_MUST
@ A_MUST

aliasingt::A_MAY
@ A_MAY

aliasing
aliasingt aliasing(const exprt &e1, const exprt &e2, const namespacet &ns)
Definition wp.cpp:66

has_nondet
bool has_nondet(const exprt &dest)
Definition wp.cpp:22

rewrite_assignment
void rewrite_assignment(exprt &lhs, exprt &rhs)
Definition wp.cpp:166

wp.h
Weakest Preconditions.