void string_instrumentationt::do_strtok(
goto_programt &dest,
goto_programt::targett target,
code_function_callt &call)
{
const code_function_callt::argumentst &arguments=call.arguments();
if(arguments.size()!=2)
{
err_location(target->location);
throw "strtok expected to have two arguments";
}
goto_programt tmp;
goto_programt::targett assertion0=tmp.add_instruction();
assertion0->make_assertion(is_zero_string(arguments[0]));
assertion0->location=target->location;
assertion0->location.set("property", "string");
assertion0->location.set("comment", "zero-termination of 1st string argument of strtok");
goto_programt::targett assertion1=tmp.add_instruction();
assertion1->make_assertion(is_zero_string(arguments[1]));
assertion1->location=target->location;
assertion1->location.set("property", "string");
assertion1->location.set("comment", "zero-termination of 2nd string argument of strtok");
target->make_skip();
dest.insert_before_swap(target, tmp);
}
void string_instrumentationt::do_fscanf(
goto_programt &dest,
goto_programt::targett target,
code_function_callt &call)
{
const code_function_callt::argumentst &arguments=call.arguments();
if(arguments.size()<2)
{
err_location(target->location);
throw "fscanf expected to have two or more arguments";
}
goto_programt tmp;
do_format_string_write(tmp, target, arguments, 1, 2, "fscanf");
if(call.lhs().is_not_nil())
{
goto_programt::targett return_assignment=tmp.add_instruction(ASSIGN);
return_assignment->location=target->location;
exprt rhs=side_effect_expr_nondett(call.lhs().type());
rhs.location()=target->location;
return_assignment->code=code_assignt(call.lhs(), rhs);
}
target->make_skip();
dest.insert_before_swap(target, tmp);
}
void string_instrumentationt::do_strstr(
goto_programt &dest,
goto_programt::targett target,
code_function_callt &call)
{
const code_function_callt::argumentst &arguments=call.arguments();
if(arguments.size()!=2)
{
error().source_location=target->source_location;
error() << "strstr expected to have two arguments" << eom;
throw 0;
}
goto_programt tmp;
goto_programt::targett assertion0=tmp.add_instruction();
assertion0->make_assertion(is_zero_string(arguments[0]));
assertion0->source_location=target->source_location;
assertion0->source_location.set_property_class("string");
assertion0->source_location.set_comment("zero-termination of 1st string argument of strstr");
goto_programt::targett assertion1=tmp.add_instruction();
assertion1->make_assertion(is_zero_string(arguments[1]));
assertion1->source_location=target->source_location;
assertion1->source_location.set_property_class("string");
assertion1->source_location.set_comment("zero-termination of 2nd string argument of strstr");
target->make_skip();
dest.insert_before_swap(target, tmp);
}
void goto_convertt::convert_function_call(
const code_function_callt &function_call,
goto_programt &dest)
{
do_function_call(
function_call.lhs(),
function_call.function(),
function_call.arguments(),
dest);
}
void string_instrumentationt::do_snprintf(
goto_programt &dest,
goto_programt::targett target,
code_function_callt &call)
{
const code_function_callt::argumentst &arguments=call.arguments();
if(arguments.size()<3)
{
error().source_location=target->source_location;
error() << "snprintf expected to have three or more arguments"
<< eom;
throw 0;
}
goto_programt tmp;
goto_programt::targett assertion=tmp.add_instruction();
assertion->source_location=target->source_location;
assertion->source_location.set_property_class("string");
assertion->source_location.set_comment("snprintf buffer overflow");
exprt bufsize=buffer_size(arguments[0]);
assertion->make_assertion(
binary_relation_exprt(bufsize, ID_ge, arguments[1]));
do_format_string_read(tmp, target, arguments, 2, 3, "snprintf");
if(call.lhs().is_not_nil())
{
goto_programt::targett return_assignment=tmp.add_instruction(ASSIGN);
return_assignment->source_location=target->source_location;
exprt rhs=side_effect_expr_nondett(call.lhs().type());
rhs.add_source_location()=target->source_location;
return_assignment->code=code_assignt(call.lhs(), rhs);
}
target->make_skip();
dest.insert_before_swap(target, tmp);
}
void string_instrumentationt::do_sprintf(
goto_programt &dest,
goto_programt::targett target,
code_function_callt &call)
{
const code_function_callt::argumentst &arguments=call.arguments();
if(arguments.size()<2)
{
error().source_location=target->source_location;
error() << "sprintf expected to have two or more arguments" << eom;
throw 0;
}
goto_programt tmp;
goto_programt::targett assertion=tmp.add_instruction();
assertion->source_location=target->source_location;
assertion->source_location.set_property_class("string");
assertion->source_location.set_comment("sprintf buffer overflow");
// in the abstract model, we have to report a
// (possibly false) positive here
assertion->make_assertion(false_exprt());
do_format_string_read(tmp, target, arguments, 1, 2, "sprintf");
if(call.lhs().is_not_nil())
{
goto_programt::targett return_assignment=tmp.add_instruction(ASSIGN);
return_assignment->source_location=target->source_location;
exprt rhs=side_effect_expr_nondett(call.lhs().type());
rhs.add_source_location()=target->source_location;
return_assignment->code=code_assignt(call.lhs(), rhs);
}
target->make_skip();
dest.insert_before_swap(target, tmp);
}
void remove_function_pointerst::fix_argument_types(
code_function_callt &function_call)
{
const code_typet &code_type=
to_code_type(ns.follow(function_call.function().type()));
const code_typet::parameterst &function_parameters=
code_type.parameters();
code_function_callt::argumentst &call_arguments=
function_call.arguments();
for(unsigned i=0; i<function_parameters.size(); i++)
{
if(i<call_arguments.size())
{
if(!type_eq(call_arguments[i].type(),
function_parameters[i].type(), ns))
{
call_arguments[i].make_typecast(function_parameters[i].type());
}
}
}
}
std::string expr2javat::convert_code_function_call(
const code_function_callt &src,
unsigned indent)
{
if(src.operands().size()!=3)
{
unsigned precedence;
return convert_norep(src, precedence);
}
std::string dest=indent_str(indent);
if(src.lhs().is_not_nil())
{
unsigned p;
std::string lhs_str=convert(src.lhs(), p);
// TODO: ggf. Klammern je nach p
dest+=lhs_str;
dest+='=';
}
const code_typet &code_type=
to_code_type(src.function().type());
bool has_this=code_type.has_this() &&
!src.arguments().empty();
if(has_this)
{
unsigned p;
std::string this_str=convert(src.arguments()[0], p);
dest+=this_str;
dest+=" . "; // extra spaces for readability
}
{
unsigned p;
std::string function_str=convert(src.function(), p);
dest+=function_str;
}
dest+='(';
const exprt::operandst &arguments=src.arguments();
bool first=true;
forall_expr(it, arguments)
{
if(has_this && it==arguments.begin())
{
}
else
{
unsigned p;
std::string arg_str=convert(*it, p);
if(first) first=false; else dest+=", ";
// TODO: ggf. Klammern je nach p
dest+=arg_str;
}
}
dest+=");";
return dest;
}
void jsil_typecheckt::typecheck_function_call(
code_function_callt &call)
{
if(call.operands().size()!=3)
throw "function call expected to have three operands";
exprt &lhs=call.lhs();
typecheck_expr(lhs);
exprt &f=call.function();
typecheck_expr(f);
for(auto &arg : call.arguments())
typecheck_expr(arg);
// Look for a function declaration symbol in the symbol table
if(f.id()==ID_symbol)
{
const irep_idt &id=to_symbol_expr(f).get_identifier();
if(symbol_table.has_symbol(id))
{
symbolt &s=symbol_table.lookup(id);
if(s.type.id()==ID_code)
{
code_typet &codet=to_code_type(s.type);
for(std::size_t i=0; i<codet.parameters().size(); i++)
{
if(i>=call.arguments().size()) break;
const typet ¶m_type=codet.parameters()[i].type();
if(!param_type.id().empty() && param_type.is_not_nil())
{
// check argument's type if parameter's type is given
make_type_compatible(call.arguments()[i], param_type, true);
}
}
// if there are too few arguments, add undefined
if(codet.parameters().size()>call.arguments().size())
{
for(std::size_t i=call.arguments().size();
i<codet.parameters().size();
++i)
call.arguments().push_back(
exprt("undefined", jsil_undefined_type()));
}
// if there are too many arguments, remove
while(codet.parameters().size()<call.arguments().size())
call.arguments().pop_back();
// check return type if exists
if(!codet.return_type().id().empty() &&
codet.return_type().is_not_nil())
make_type_compatible(lhs, codet.return_type(), true);
else make_type_compatible(lhs, jsil_any_type(), true);
}
else
{
// TODO: a symbol can be a variable evaluating to a string
// which corresponds to a function identifier
make_type_compatible(lhs, jsil_any_type(), true);
}
}
else
{
// Should be function, declaration not found yet
symbolt new_symbol;
new_symbol.name=id;
new_symbol.type=code_typet();
new_symbol.mode="jsil";
new_symbol.is_type=false;
new_symbol.value=exprt("no-body-just-yet");
make_type_compatible(lhs, jsil_any_type(), true);
if(symbol_table.add(new_symbol))
throw "failed to add expression symbol to symbol table";
}
}
else
{
// TODO: this might be a string literal
// which corresponds to a function identifier
make_type_compatible(lhs, jsil_any_type(), true);
}
}
