void string_instrumentationt::do_strtok( goto_programt &dest, goto_programt::targett target, code_function_callt &call) { const code_function_callt::argumentst &arguments=call.arguments(); if(arguments.size()!=2) { err_location(target->location); throw "strtok expected to have two arguments"; } goto_programt tmp; goto_programt::targett assertion0=tmp.add_instruction(); assertion0->make_assertion(is_zero_string(arguments[0])); assertion0->location=target->location; assertion0->location.set("property", "string"); assertion0->location.set("comment", "zero-termination of 1st string argument of strtok"); goto_programt::targett assertion1=tmp.add_instruction(); assertion1->make_assertion(is_zero_string(arguments[1])); assertion1->location=target->location; assertion1->location.set("property", "string"); assertion1->location.set("comment", "zero-termination of 2nd string argument of strtok"); target->make_skip(); dest.insert_before_swap(target, tmp); }
void string_instrumentationt::do_fscanf( goto_programt &dest, goto_programt::targett target, code_function_callt &call) { const code_function_callt::argumentst &arguments=call.arguments(); if(arguments.size()<2) { err_location(target->location); throw "fscanf expected to have two or more arguments"; } goto_programt tmp; do_format_string_write(tmp, target, arguments, 1, 2, "fscanf"); if(call.lhs().is_not_nil()) { goto_programt::targett return_assignment=tmp.add_instruction(ASSIGN); return_assignment->location=target->location; exprt rhs=side_effect_expr_nondett(call.lhs().type()); rhs.location()=target->location; return_assignment->code=code_assignt(call.lhs(), rhs); } target->make_skip(); dest.insert_before_swap(target, tmp); }
void string_instrumentationt::do_strstr( goto_programt &dest, goto_programt::targett target, code_function_callt &call) { const code_function_callt::argumentst &arguments=call.arguments(); if(arguments.size()!=2) { error().source_location=target->source_location; error() << "strstr expected to have two arguments" << eom; throw 0; } goto_programt tmp; goto_programt::targett assertion0=tmp.add_instruction(); assertion0->make_assertion(is_zero_string(arguments[0])); assertion0->source_location=target->source_location; assertion0->source_location.set_property_class("string"); assertion0->source_location.set_comment("zero-termination of 1st string argument of strstr"); goto_programt::targett assertion1=tmp.add_instruction(); assertion1->make_assertion(is_zero_string(arguments[1])); assertion1->source_location=target->source_location; assertion1->source_location.set_property_class("string"); assertion1->source_location.set_comment("zero-termination of 2nd string argument of strstr"); target->make_skip(); dest.insert_before_swap(target, tmp); }
void goto_convertt::convert_function_call( const code_function_callt &function_call, goto_programt &dest) { do_function_call( function_call.lhs(), function_call.function(), function_call.arguments(), dest); }
void string_instrumentationt::do_snprintf( goto_programt &dest, goto_programt::targett target, code_function_callt &call) { const code_function_callt::argumentst &arguments=call.arguments(); if(arguments.size()<3) { error().source_location=target->source_location; error() << "snprintf expected to have three or more arguments" << eom; throw 0; } goto_programt tmp; goto_programt::targett assertion=tmp.add_instruction(); assertion->source_location=target->source_location; assertion->source_location.set_property_class("string"); assertion->source_location.set_comment("snprintf buffer overflow"); exprt bufsize=buffer_size(arguments[0]); assertion->make_assertion( binary_relation_exprt(bufsize, ID_ge, arguments[1])); do_format_string_read(tmp, target, arguments, 2, 3, "snprintf"); if(call.lhs().is_not_nil()) { goto_programt::targett return_assignment=tmp.add_instruction(ASSIGN); return_assignment->source_location=target->source_location; exprt rhs=side_effect_expr_nondett(call.lhs().type()); rhs.add_source_location()=target->source_location; return_assignment->code=code_assignt(call.lhs(), rhs); } target->make_skip(); dest.insert_before_swap(target, tmp); }
void string_instrumentationt::do_sprintf( goto_programt &dest, goto_programt::targett target, code_function_callt &call) { const code_function_callt::argumentst &arguments=call.arguments(); if(arguments.size()<2) { error().source_location=target->source_location; error() << "sprintf expected to have two or more arguments" << eom; throw 0; } goto_programt tmp; goto_programt::targett assertion=tmp.add_instruction(); assertion->source_location=target->source_location; assertion->source_location.set_property_class("string"); assertion->source_location.set_comment("sprintf buffer overflow"); // in the abstract model, we have to report a // (possibly false) positive here assertion->make_assertion(false_exprt()); do_format_string_read(tmp, target, arguments, 1, 2, "sprintf"); if(call.lhs().is_not_nil()) { goto_programt::targett return_assignment=tmp.add_instruction(ASSIGN); return_assignment->source_location=target->source_location; exprt rhs=side_effect_expr_nondett(call.lhs().type()); rhs.add_source_location()=target->source_location; return_assignment->code=code_assignt(call.lhs(), rhs); } target->make_skip(); dest.insert_before_swap(target, tmp); }
void remove_function_pointerst::fix_argument_types( code_function_callt &function_call) { const code_typet &code_type= to_code_type(ns.follow(function_call.function().type())); const code_typet::parameterst &function_parameters= code_type.parameters(); code_function_callt::argumentst &call_arguments= function_call.arguments(); for(unsigned i=0; i<function_parameters.size(); i++) { if(i<call_arguments.size()) { if(!type_eq(call_arguments[i].type(), function_parameters[i].type(), ns)) { call_arguments[i].make_typecast(function_parameters[i].type()); } } } }
std::string expr2javat::convert_code_function_call( const code_function_callt &src, unsigned indent) { if(src.operands().size()!=3) { unsigned precedence; return convert_norep(src, precedence); } std::string dest=indent_str(indent); if(src.lhs().is_not_nil()) { unsigned p; std::string lhs_str=convert(src.lhs(), p); // TODO: ggf. Klammern je nach p dest+=lhs_str; dest+='='; } const code_typet &code_type= to_code_type(src.function().type()); bool has_this=code_type.has_this() && !src.arguments().empty(); if(has_this) { unsigned p; std::string this_str=convert(src.arguments()[0], p); dest+=this_str; dest+=" . "; // extra spaces for readability } { unsigned p; std::string function_str=convert(src.function(), p); dest+=function_str; } dest+='('; const exprt::operandst &arguments=src.arguments(); bool first=true; forall_expr(it, arguments) { if(has_this && it==arguments.begin()) { } else { unsigned p; std::string arg_str=convert(*it, p); if(first) first=false; else dest+=", "; // TODO: ggf. Klammern je nach p dest+=arg_str; } } dest+=");"; return dest; }
void jsil_typecheckt::typecheck_function_call( code_function_callt &call) { if(call.operands().size()!=3) throw "function call expected to have three operands"; exprt &lhs=call.lhs(); typecheck_expr(lhs); exprt &f=call.function(); typecheck_expr(f); for(auto &arg : call.arguments()) typecheck_expr(arg); // Look for a function declaration symbol in the symbol table if(f.id()==ID_symbol) { const irep_idt &id=to_symbol_expr(f).get_identifier(); if(symbol_table.has_symbol(id)) { symbolt &s=symbol_table.lookup(id); if(s.type.id()==ID_code) { code_typet &codet=to_code_type(s.type); for(std::size_t i=0; i<codet.parameters().size(); i++) { if(i>=call.arguments().size()) break; const typet ¶m_type=codet.parameters()[i].type(); if(!param_type.id().empty() && param_type.is_not_nil()) { // check argument's type if parameter's type is given make_type_compatible(call.arguments()[i], param_type, true); } } // if there are too few arguments, add undefined if(codet.parameters().size()>call.arguments().size()) { for(std::size_t i=call.arguments().size(); i<codet.parameters().size(); ++i) call.arguments().push_back( exprt("undefined", jsil_undefined_type())); } // if there are too many arguments, remove while(codet.parameters().size()<call.arguments().size()) call.arguments().pop_back(); // check return type if exists if(!codet.return_type().id().empty() && codet.return_type().is_not_nil()) make_type_compatible(lhs, codet.return_type(), true); else make_type_compatible(lhs, jsil_any_type(), true); } else { // TODO: a symbol can be a variable evaluating to a string // which corresponds to a function identifier make_type_compatible(lhs, jsil_any_type(), true); } } else { // Should be function, declaration not found yet symbolt new_symbol; new_symbol.name=id; new_symbol.type=code_typet(); new_symbol.mode="jsil"; new_symbol.is_type=false; new_symbol.value=exprt("no-body-just-yet"); make_type_compatible(lhs, jsil_any_type(), true); if(symbol_table.add(new_symbol)) throw "failed to add expression symbol to symbol table"; } } else { // TODO: this might be a string literal // which corresponds to a function identifier make_type_compatible(lhs, jsil_any_type(), true); } }