void goto_inlinet::replace_return(
goto_programt &dest,
const exprt &lhs,
const exprt &constrain)
{
for(goto_programt::instructionst::iterator
it=dest.instructions.begin();
it!=dest.instructions.end();
it++)
{
if(it->is_return())
{
if(lhs.is_not_nil())
{
goto_programt tmp;
goto_programt::targett assignment=tmp.add_instruction(ASSIGN);
const code_return2t &ret = to_code_return2t(it->code);
code_assignt code_assign(lhs, migrate_expr_back(ret.operand));
// this may happen if the declared return type at the call site
// differs from the defined return type
if(code_assign.lhs().type()!=
code_assign.rhs().type())
code_assign.rhs().make_typecast(code_assign.lhs().type());
migrate_expr(code_assign, assignment->code);
assignment->location=it->location;
assignment->local_variables=it->local_variables;
assignment->function=it->location.get_function();
assert(constrain.is_nil()); // bp_constrain gumpf reomved
dest.insert_swap(it, *assignment);
it++;
}
else if(!is_nil_expr(it->code))
{
// Encode evaluation of return expr, so that returns with pointer
// derefs in them still get dereferenced, even when the result is
// discarded.
goto_programt tmp;
goto_programt::targett expression=tmp.add_instruction(OTHER);
expression->make_other();
expression->location=it->location;
expression->function=it->location.get_function();
expression->local_variables=it->local_variables;
const code_return2t &ret = to_code_return2t(it->code);
expression->code = code_expression2tc(ret.operand);
dest.insert_swap(it, *expression);
it++;
}
it->make_goto(--dest.instructions.end());
}
}
}
void goto_checkt::add_guarded_claim(const exprt &_expr,
const std::string &comment, const std::string &property,
const locationt &location, const guardt &guard)
{
bool all_claims = options.get_bool_option("all-claims");
exprt expr(_expr);
// first try simplifier on it
if (!options.get_bool_option("no-simplify"))
{
expr2tc tmpexpr;
migrate_expr(expr, tmpexpr);
base_type(tmpexpr, ns);
expr = migrate_expr_back(tmpexpr);
simplify(expr);
}
if (!all_claims && expr.is_true())
return;
// add the guard
exprt guard_expr = migrate_expr_back(guard.as_expr());
exprt new_expr;
if (guard_expr.is_true())
new_expr.swap(expr);
else
{
new_expr = exprt("=>", bool_typet());
new_expr.move_to_operands(guard_expr, expr);
}
if (assertions.insert(new_expr).second)
{
goto_programt::targett t = new_code.add_instruction(ASSERT);
migrate_expr(new_expr, t->guard);
t->location = location;
t->location.comment(comment);
t->location.property(property);
}
}
expr2tc
goto_symext::symex_mem(
const bool is_malloc,
const expr2tc &lhs,
const sideeffect2t &code)
{
if (is_nil_expr(lhs))
return expr2tc(); // ignore
// size
type2tc type = code.alloctype;
expr2tc size = code.size;
bool size_is_one = false;
if (is_nil_expr(size))
size_is_one=true;
else
{
cur_state->rename(size);
mp_integer i;
if (is_constant_int2t(size) && to_constant_int2t(size).as_ulong() == 1)
size_is_one = true;
}
if (is_nil_type(type))
type = char_type2();
else if (is_union_type(type)) {
// Filter out creation of instantiated unions. They're now all byte arrays.
size_is_one = false;
type = char_type2();
}
unsigned int &dynamic_counter = get_dynamic_counter();
dynamic_counter++;
// value
symbolt symbol;
symbol.base_name = "dynamic_" + i2string(dynamic_counter) +
(size_is_one ? "_value" : "_array");
symbol.name = "symex_dynamic::" + id2string(symbol.base_name);
symbol.lvalue = true;
typet renamedtype = ns.follow(migrate_type_back(type));
if(size_is_one)
symbol.type=renamedtype;
else
{
symbol.type=typet(typet::t_array);
symbol.type.subtype()=renamedtype;
symbol.type.size(migrate_expr_back(size));
}
symbol.type.dynamic(true);
symbol.mode="C";
new_context.add(symbol);
type2tc new_type;
migrate_type(symbol.type, new_type);
address_of2tc rhs_addrof(get_empty_type(), expr2tc());
if(size_is_one)
{
rhs_addrof.get()->type = get_pointer_type(pointer_typet(symbol.type));
rhs_addrof.get()->ptr_obj = symbol2tc(new_type, symbol.name);
}
else
{
type2tc subtype;
migrate_type(symbol.type.subtype(), subtype);
expr2tc sym = symbol2tc(new_type, symbol.name);
expr2tc idx_val = zero_ulong;
expr2tc idx = index2tc(subtype, sym, idx_val);
rhs_addrof.get()->type =
get_pointer_type(pointer_typet(symbol.type.subtype()));
rhs_addrof.get()->ptr_obj = idx;
}
expr2tc rhs = rhs_addrof;
expr2tc ptr_rhs = rhs;
if (!options.get_bool_option("force-malloc-success")) {
symbol2tc null_sym(rhs->type, "NULL");
sideeffect2tc choice(get_bool_type(), expr2tc(), expr2tc(), std::vector<expr2tc>(), type2tc(), sideeffect2t::nondet);
rhs = if2tc(rhs->type, choice, rhs, null_sym);
replace_nondet(rhs);
ptr_rhs = rhs;
}
if (rhs->type != lhs->type)
rhs = typecast2tc(lhs->type, rhs);
cur_state->rename(rhs);
expr2tc rhs_copy(rhs);
guardt guard;
symex_assign_rec(lhs, rhs, guard);
pointer_object2tc ptr_obj(pointer_type2(), ptr_rhs);
track_new_pointer(ptr_obj, new_type);
dynamic_memory.push_back(allocated_obj(rhs_copy, cur_state->guard, !is_malloc));
return rhs_addrof->ptr_obj;
}
const exprt &constrain __attribute__((unused)) /* ndebug */)
{
for(goto_programt::instructionst::iterator
it=dest.instructions.begin();
it!=dest.instructions.end();
it++)
{
if(it->is_return())
{
if(lhs.is_not_nil())
{
goto_programt tmp;
goto_programt::targett assignment=tmp.add_instruction(ASSIGN);
const code_return2t &ret = to_code_return2t(it->code);
code_assignt code_assign(lhs, migrate_expr_back(ret.operand));
// this may happen if the declared return type at the call site
// differs from the defined return type
if(code_assign.lhs().type()!=
code_assign.rhs().type())
code_assign.rhs().make_typecast(code_assign.lhs().type());
migrate_expr(code_assign, assignment->code);
assignment->location=it->location;
assignment->local_variables=it->local_variables;
assignment->function=it->location.get_function();
assert(constrain.is_nil()); // bp_constrain gumpf reomved
void goto_checkt::goto_check(goto_programt &goto_program)
{
for (goto_programt::instructionst::iterator it =
goto_program.instructions.begin(); it != goto_program.instructions.end();
it++)
{
goto_programt::instructiont &i = *it;
new_code.clear();
assertions.clear();
check(migrate_expr_back(i.guard));
if (i.is_other())
{
if (is_code_expression2t(i.code))
{
check(migrate_expr_back(i.code));
}
else if (is_code_printf2t(i.code))
{
i.code->foreach_operand([this] (const expr2tc &e) {
check(migrate_expr_back(e));
}
);
}
}
else if (i.is_assign())
{
const code_assign2t &assign = to_code_assign2t(i.code);
check(migrate_expr_back(assign.target));
check(migrate_expr_back(assign.source));
}
else if (i.is_function_call())
{
i.code->foreach_operand([this] (const expr2tc &e) {
check(migrate_expr_back(e));
}
);
}
else if (i.is_return())
{
const code_return2t &ret = to_code_return2t(i.code);
check(migrate_expr_back(ret.operand));
}
for (goto_programt::instructionst::iterator i_it =
new_code.instructions.begin(); i_it != new_code.instructions.end();
i_it++)
{
i_it->local_variables = it->local_variables;
if (i_it->location.is_nil())
{
if (!i_it->location.comment().as_string().empty())
it->location.comment(i_it->location.comment());
if (!i_it->location.property().as_string().empty())
it->location.property(i_it->location.property());
i_it->location = it->location;
}
if (i_it->function == "")
i_it->function = it->function;
if (i_it->function == "")
i_it->function = it->function;
}
// insert new instructions -- make sure targets are not moved
while (!new_code.instructions.empty())
{
goto_program.insert_swap(it, new_code.instructions.front());
new_code.instructions.pop_front();
it++;
}
}
}
void rw_sett::read_write_rec(
const exprt &expr,
bool r, bool w,
const std::string &suffix,
const guardt &guard)
{
if(expr.id()=="symbol" && !expr.has_operands())
{
const symbol_exprt &symbol_expr=to_symbol_expr(expr);
const symbolt *symbol;
if(!ns.lookup(symbol_expr.get_identifier(), symbol))
{
if(!symbol->static_lifetime /*&& expr.type().id()=="pointer"*/)
{
return; // ignore for now
}
if(symbol->name=="c::__ESBMC_alloc" ||
symbol->name=="c::__ESBMC_alloc_size" ||
symbol->name=="c::stdin" ||
symbol->name=="c::stdout" ||
symbol->name=="c::stderr" ||
symbol->name=="c::sys_nerr")
{
return; // ignore for now
}
}
irep_idt object=id2string(symbol_expr.get_identifier())+suffix;
entryt &entry=entries[object];
entry.object=object;
entry.r=entry.r || r;
entry.w=entry.w || w;
entry.guard = migrate_expr_back(guard.as_expr());
}
else if(expr.id()=="member")
{
assert(expr.operands().size()==1);
const std::string &component_name=expr.component_name().as_string();
read_write_rec(expr.op0(), r, w, "."+component_name+suffix, guard);
}
else if(expr.id()=="index")
{
// we don't distinguish the array elements for now
assert(expr.operands().size()==2);
std::string tmp;
tmp = integer2string(binary2integer(expr.op1().value().as_string(), true),10);
read_write_rec(expr.op0(), r, w, "["+suffix+tmp+"]", guard);
read(expr.op1(), guard);
}
else if(expr.id()=="dereference")
{
assert(expr.operands().size()==1);
read(expr.op0(), guard);
exprt tmp(expr.op0());
expr2tc tmp_expr;
migrate_expr(tmp, tmp_expr);
dereference(target, tmp_expr, ns, value_sets);
tmp = migrate_expr_back(tmp_expr);
read_write_rec(tmp, r, w, suffix, guard);
}
else if(expr.is_address_of() ||
expr.id()=="implicit_address_of")
{
assert(expr.operands().size()==1);
}
else if(expr.id()=="if")
{
assert(expr.operands().size()==3);
read(expr.op0(), guard);
guardt true_guard(guard);
expr2tc tmp_expr;
migrate_expr(expr.op0(), tmp_expr);
true_guard.add(tmp_expr);
read_write_rec(expr.op1(), r, w, suffix, true_guard);
guardt false_guard(guard);
migrate_expr(gen_not(expr.op0()), tmp_expr);
false_guard.add(tmp_expr);
read_write_rec(expr.op2(), r, w, suffix, false_guard);
}
else
{
forall_operands(it, expr)
read_write_rec(*it, r, w, suffix, guard);
}
}
