cbmc/wp_8cpp_source.html

 /*******************************************************************\


 Module: Weakest Preconditions


 Author: Daniel Kroening, kroening@kroening.com


 \*******************************************************************/


 #include "wp.h"


 // #include <langapi/language_util.h>


 #include "goto_instruction_code.h"


 #include <util/invariant.h>

 #include <util/pointer_expr.h>

 #include <util/std_code.h>


 bool has_nondet(const exprt &dest)

 {

   for(const auto &op : dest.operands())

   {

     if(has_nondet(op))

       return true;

   }


   if(dest.id()==ID_side_effect)

   {

     const side_effect_exprt &side_effect_expr=to_side_effect_expr(dest);

     const irep_idt &statement=side_effect_expr.get_statement();


     if(statement==ID_nondet)

       return true;

   }


   return false;

 }


 void approximate_nondet_rec(exprt &dest, unsigned &count)

 {

   if(dest.id()==ID_side_effect &&

      to_side_effect_expr(dest).get_statement()==ID_nondet)

   {

     count++;

     dest.set(ID_identifier, "wp::nondet::"+std::to_string(count));

     dest.id(ID_nondet_symbol);

     return;

   }


   Forall_operands(it, dest)

     approximate_nondet_rec(*it, count);

 }


 void approximate_nondet(exprt &dest)

 {

   static unsigned count=0; // not proper, should be quantified

   approximate_nondet_rec(dest, count);

 }


 enum class aliasingt { A_MAY, A_MUST, A_MUSTNOT };


 aliasingt aliasing(

   const exprt &e1, const exprt &e2,

   const namespacet &ns)

 {

   // deal with some dereferencing

   if(

     e1.id() == ID_dereference &&

     to_dereference_expr(e1).pointer().id() == ID_address_of)

   {

     return aliasing(

       to_address_of_expr(to_dereference_expr(e1).pointer()).object(), e2, ns);

   }


   if(

     e2.id() == ID_dereference &&

     to_dereference_expr(e2).pointer().id() == ID_address_of)

   {

     return aliasing(

       e1, to_address_of_expr(to_dereference_expr(e2).pointer()).object(), ns);

   }


   // fairly radical. Ignores struct prefixes and the like.

   if(e1.type() != e2.type())

     return aliasingt::A_MUSTNOT;


   // syntactically the same?

   if(e1==e2)

     return aliasingt::A_MUST;


   // the trivial case first

   if(e1.id()==ID_symbol && e2.id()==ID_symbol)

   {

     if(to_symbol_expr(e1).get_identifier()==

        to_symbol_expr(e2).get_identifier())

       return aliasingt::A_MUST;

     else

       return aliasingt::A_MUSTNOT;

   }


   // an array or struct will never alias with a variable,

   // nor will a struct alias with an array


   if(e1.id()==ID_index || e1.id()==ID_struct)

     if(e2.id()!=ID_dereference && e1.id()!=e2.id())

       return aliasingt::A_MUSTNOT;


   if(e2.id()==ID_index || e2.id()==ID_struct)

     if(e2.id()!=ID_dereference && e1.id()!=e2.id())

       return aliasingt::A_MUSTNOT;


   // we give up, and say it may

   // (could do much more here)


   return aliasingt::A_MAY;

 }


 void substitute_rec(

   exprt &dest,

   const exprt &what,

   const exprt &by,

   const namespacet &ns)

 {

   if(dest.id()!=ID_address_of)

     Forall_operands(it, dest)

       substitute_rec(*it, what, by, ns);


   // possibly substitute?

   if(dest.id()==ID_member ||

      dest.id()==ID_index ||

      dest.id()==ID_dereference ||

      dest.id()==ID_symbol)

   {

     // could these be possible the same?

     switch(aliasing(dest, what, ns))

     {

     case aliasingt::A_MUST:

       dest=by; // they are always the same

       break;


     case aliasingt::A_MAY:

       {

         // consider possible aliasing between 'what' and 'dest'

         const address_of_exprt what_address(what);

         const address_of_exprt dest_address(dest);


         equal_exprt alias_cond=equal_exprt(what_address, dest_address);


         const if_exprt if_expr(alias_cond, by, dest, dest.type());


         dest=if_expr;

         return;

       }


     case aliasingt::A_MUSTNOT:

       // nothing to do

       break;

     }

   }

 }


 void rewrite_assignment(exprt &lhs, exprt &rhs)

 {

   if(lhs.id()==ID_member) // turn s.x:=e into s:=(s with .x=e)

   {

     const member_exprt member_expr=to_member_expr(lhs);

     irep_idt component_name=member_expr.get_component_name();

     exprt new_lhs=member_expr.struct_op();


     with_exprt new_rhs(new_lhs, exprt(ID_member_name), rhs);

     new_rhs.where().set(ID_component_name, component_name);


     lhs=new_lhs;

     rhs=new_rhs;


     rewrite_assignment(lhs, rhs); // rec. call

   }

   else if(lhs.id()==ID_index) // turn s[i]:=e into s:=(s with [i]=e)

   {

     const index_exprt index_expr=to_index_expr(lhs);

     exprt new_lhs=index_expr.array();


     with_exprt new_rhs(new_lhs, index_expr.index(), rhs);


     lhs=new_lhs;

     rhs=new_rhs;


     rewrite_assignment(lhs, rhs); // rec. call

   }

 }


 exprt wp_assign(

   const code_assignt &code,

   const exprt &post,

   const namespacet &ns)

 {

   exprt pre=post;


   exprt lhs=code.lhs(),

         rhs=code.rhs();


   // take care of non-determinism in the RHS

   approximate_nondet(rhs);


   rewrite_assignment(lhs, rhs);


   // replace lhs by rhs in pre

   substitute_rec(pre, lhs, rhs, ns);


   return pre;

 }


 exprt wp_assume(

   const code_assumet &code,

   const exprt &post,

   const namespacet &)

 {

   return implies_exprt(code.assumption(), post);

 }


 exprt wp_decl(

   const code_declt &code,

   const exprt &post,

   const namespacet &ns)

 {

   // Model decl(var) as var = nondet()

   const exprt &var = code.symbol();

   side_effect_expr_nondett nondet(var.type(), source_locationt());

   code_assignt assignment(var, nondet);


   return wp_assign(assignment, post, ns);

 }


 exprt wp(

   const codet &code,

   const exprt &post,

   const namespacet &ns)

 {

   const irep_idt &statement=code.get_statement();


   if(statement==ID_assign)

     return wp_assign(to_code_assign(code), post, ns);

   else if(statement==ID_assume)

     return wp_assume(to_code_assume(code), post, ns);

   else if(statement==ID_skip)

     return post;

   else if(statement==ID_decl)

     return wp_decl(to_code_decl(code), post, ns);

   else if(statement==ID_assert)

     return post;

   else if(statement==ID_expression)

     return post;

   else if(statement==ID_printf)

     return post; // ignored

   else if(statement==ID_asm)

     return post; // ignored

   else if(statement==ID_fence)

     return post; // ignored

   INVARIANT_WITH_DIAGNOSTICS(

     false, "sorry, wp(", id2string(statement), "...) is not implemented");

 }

address_of_exprt
Operator to return the address of an object.
Definition: pointer_expr.h:540

code_assignt
A goto_instruction_codet representing an assignment in the program.
Definition: goto_instruction_code.h:22

code_assignt::rhs
exprt & rhs()
Definition: goto_instruction_code.h:47

code_assignt::lhs
exprt & lhs()
Definition: goto_instruction_code.h:42

code_assumet
An assumption, which must hold in subsequent code.
Definition: std_code.h:217

code_assumet::assumption
const exprt & assumption() const
Definition: std_code.h:223

code_declt
A goto_instruction_codet representing the declaration of a local variable.
Definition: goto_instruction_code.h:204

code_declt::symbol
symbol_exprt & symbol()
Definition: goto_instruction_code.h:211

codet
Data structure for representing an arbitrary statement in a program.
Definition: std_code_base.h:29

codet::get_statement
const irep_idt & get_statement() const
Definition: std_code_base.h:65

dstringt
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Definition: dstring.h:38

equal_exprt
Equality.
Definition: std_expr.h:1366

exprt
Base class for all expressions.
Definition: expr.h:56

exprt::type
typet & type()
Return the type of the expression.
Definition: expr.h:84

exprt::operands
operandst & operands()
Definition: expr.h:94

if_exprt
The trinary if-then-else operator.
Definition: std_expr.h:2375

implies_exprt
Boolean implication.
Definition: std_expr.h:2188

index_exprt
Array index operator.
Definition: std_expr.h:1470

index_exprt::array
exprt & array()
Definition: std_expr.h:1500

index_exprt::index
exprt & index()
Definition: std_expr.h:1510

irept::set
void set(const irep_idt &name, const irep_idt &value)
Definition: irep.h:412

irept::id
const irep_idt & id() const
Definition: irep.h:388

member_exprt
Extract member of struct or union.
Definition: std_expr.h:2849

member_exprt::struct_op
const exprt & struct_op() const
Definition: std_expr.h:2887

member_exprt::get_component_name
irep_idt get_component_name() const
Definition: std_expr.h:2871

namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition: namespace.h:94

side_effect_expr_nondett
A side_effect_exprt that returns a non-deterministically chosen value.
Definition: std_code.h:1520

side_effect_exprt
An expression containing a side effect.
Definition: std_code.h:1450

side_effect_exprt::get_statement
const irep_idt & get_statement() const
Definition: std_code.h:1472

source_locationt
Definition: source_location.h:20

with_exprt
Operator to update elements in structs and arrays.
Definition: std_expr.h:2476

with_exprt::where
exprt & where()
Definition: std_expr.h:2496

Forall_operands
#define Forall_operands(it, expr)
Definition: expr.h:27

goto_instruction_code.h

to_code_assign
const code_assignt & to_code_assign(const goto_instruction_codet &code)
Definition: goto_instruction_code.h:114

to_code_decl
const code_declt & to_code_decl(const goto_instruction_codet &code)
Definition: goto_instruction_code.h:251

id2string
const std::string & id2string(const irep_idt &d)
Definition: irep.h:44

pointer_expr.h
API to expression classes for Pointers.

to_dereference_expr
const dereference_exprt & to_dereference_expr(const exprt &expr)
Cast an exprt to a dereference_exprt.
Definition: pointer_expr.h:890

to_address_of_expr
const address_of_exprt & to_address_of_expr(const exprt &expr)
Cast an exprt to an address_of_exprt.
Definition: pointer_expr.h:577

invariant.h

INVARIANT_WITH_DIAGNOSTICS
#define INVARIANT_WITH_DIAGNOSTICS(CONDITION, REASON,...)
Same as invariant, with one or more diagnostics attached Diagnostics can be of any type that has a sp...
Definition: invariant.h:437

std_code.h

to_side_effect_expr
side_effect_exprt & to_side_effect_expr(exprt &expr)
Definition: std_code.h:1506

to_code_assume
const code_assumet & to_code_assume(const codet &code)
Definition: std_code.h:251

to_symbol_expr
const symbol_exprt & to_symbol_expr(const exprt &expr)
Cast an exprt to a symbol_exprt.
Definition: std_expr.h:272

to_member_expr
const member_exprt & to_member_expr(const exprt &expr)
Cast an exprt to a member_exprt.
Definition: std_expr.h:2941

to_index_expr
const index_exprt & to_index_expr(const exprt &expr)
Cast an exprt to an index_exprt.
Definition: std_expr.h:1538

to_string
std::string to_string(const string_not_contains_constraintt &expr)
Used for debug printing.
Definition: string_constraint.cpp:58

wp_assign
exprt wp_assign(const code_assignt &code, const exprt &post, const namespacet &ns)
Definition: wp.cpp:197

approximate_nondet_rec
void approximate_nondet_rec(exprt &dest, unsigned &count)
Definition: wp.cpp:42

wp_assume
exprt wp_assume(const code_assumet &code, const exprt &post, const namespacet &)
Definition: wp.cpp:218

approximate_nondet
void approximate_nondet(exprt &dest)
Approximate the non-deterministic choice in a way cheaper than by (proper) quantification.
Definition: wp.cpp:57

wp_decl
exprt wp_decl(const code_declt &code, const exprt &post, const namespacet &ns)
Definition: wp.cpp:226

wp
exprt wp(const codet &code, const exprt &post, const namespacet &ns)
Compute the weakest precondition of the given program piece code with respect to the expression post.
Definition: wp.cpp:239

substitute_rec
void substitute_rec(exprt &dest, const exprt &what, const exprt &by, const namespacet &ns)
replace 'what' by 'by' in 'dest', considering possible aliasing
Definition: wp.cpp:123

aliasingt
aliasingt
consider possible aliasing
Definition: wp.cpp:64

aliasingt::A_MUSTNOT
@ A_MUSTNOT

aliasingt::A_MUST
@ A_MUST

aliasingt::A_MAY
@ A_MAY

aliasing
aliasingt aliasing(const exprt &e1, const exprt &e2, const namespacet &ns)
Definition: wp.cpp:66

has_nondet
bool has_nondet(const exprt &dest)
Definition: wp.cpp:22

rewrite_assignment
void rewrite_assignment(exprt &lhs, exprt &rhs)
Definition: wp.cpp:167

wp.h
Weakest Preconditions.