-
Notifications
You must be signed in to change notification settings - Fork 273
/
Copy pathsymex_target.h
311 lines (275 loc) · 10.8 KB
/
symex_target.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
/*******************************************************************\
Module: Generate Equation using Symbolic Execution
Author: Daniel Kroening, [email protected]
\*******************************************************************/
/// \file
/// Generate Equation using Symbolic Execution
#ifndef CPROVER_GOTO_SYMEX_SYMEX_TARGET_H
#define CPROVER_GOTO_SYMEX_SYMEX_TARGET_H
#include <goto-programs/goto_program.h>
class ssa_exprt;
/// The interface of the target _container_ for symbolic execution to record its
/// symbolic steps into. Presently, \ref symex_target_equationt is the only
/// implementation of this interface.
class symex_targett
{
public:
symex_targett()
{
}
virtual ~symex_targett() { }
/// Identifies source in the context of symbolic execution. Thread number
/// `thread_nr` is zero by default and the program counter `pc` points to the
/// first instruction of the input GOTO program.
struct sourcet
{
unsigned thread_nr;
irep_idt function_id;
// The program counter is an iterator which indicates where the execution
// is in its program sequence
goto_programt::const_targett pc;
sourcet(const irep_idt &_function_id, goto_programt::const_targett _pc)
: thread_nr(0), function_id(_function_id), pc(_pc)
{
}
explicit sourcet(
const irep_idt &_function_id,
const goto_programt &_goto_program)
: thread_nr(0),
function_id(_function_id),
pc(_goto_program.instructions.begin())
{
}
sourcet(sourcet &&other) noexcept
: thread_nr(other.thread_nr), function_id(other.function_id), pc(other.pc)
{
}
sourcet(const sourcet &other) = default;
sourcet &operator=(const sourcet &other) = default;
sourcet &operator=(sourcet &&other) = default;
};
enum class assignment_typet
{
STATE,
HIDDEN,
VISIBLE_ACTUAL_PARAMETER,
HIDDEN_ACTUAL_PARAMETER,
PHI,
GUARD,
};
/// Read from a shared variable \p ssa_object (which is both the left- and the
/// right--hand side of assignment): we effectively assign the value stored in
/// \p ssa_object by another thread to \p ssa_object in the memory scope of
/// this thread.
/// \param guard: Precondition for this read event
/// \param ssa_object: Variable to be read from
/// \param atomic_section_id: ID of the atomic section in which this read
/// takes place (if any)
/// \param source: Pointer to location in the input GOTO program of this read
virtual void shared_read(
const exprt &guard,
const ssa_exprt &ssa_object,
unsigned atomic_section_id,
const sourcet &source) = 0;
/// Write to a shared variable \p ssa_object: we effectively assign a value
/// from this thread to be visible by other threads.
/// \param guard: Precondition for this write event
/// \param ssa_object: Variable to be written to
/// \param atomic_section_id: ID of the atomic section in which this write
/// takes place (if any)
/// \param source: Pointer to location in the input GOTO program of this write
virtual void shared_write(
const exprt &guard,
const ssa_exprt &ssa_object,
unsigned atomic_section_id,
const sourcet &source) = 0;
/// Write to a local variable. The `cond_expr` is _lhs==rhs_.
/// \param guard: Precondition for this read event
/// \param ssa_lhs: Variable to be written to, must be a symbol (and not nil)
/// \param ssa_full_lhs: Full left-hand side with symex level annotations
/// \param original_full_lhs: Full left-hand side without symex level
/// annotations
/// \param ssa_rhs: Right-hand side of the assignment
/// \param source: Pointer to location in the input GOTO program of this
/// assignment
/// \param assignment_type: To distinguish between different types of
/// assignments (some may be hidden for the further analysis)
virtual void assignment(
const exprt &guard,
const ssa_exprt &ssa_lhs,
const exprt &ssa_full_lhs,
const exprt &original_full_lhs,
const exprt &ssa_rhs,
const sourcet &source,
assignment_typet assignment_type)=0;
/// Declare a fresh variable. The `cond_expr` is _lhs==lhs_.
/// \param guard: Precondition for a declaration of this variable
/// \param ssa_lhs: Variable to be declared, must be symbol (and not nil)
/// \param initializer: Initial value
/// \param source: Pointer to location in the input GOTO program of this
/// declaration
/// \param assignment_type: To distinguish between different types of
/// assignments (some may be hidden for the further analysis)
virtual void decl(
const exprt &guard,
const ssa_exprt &ssa_lhs,
const exprt &initializer,
const sourcet &source,
assignment_typet assignment_type) = 0;
/// Remove a variable from the scope.
/// \param guard: Precondition for removal of this variable
/// \param ssa_lhs: Variable to be removed, must be symbol
/// \param source: Pointer to location in the input GOTO program of this
/// removal
virtual void dead(
const exprt &guard,
const ssa_exprt &ssa_lhs,
const sourcet &source)=0;
/// Record a function call.
/// \param guard: Precondition for calling a function
/// \param function_id: Name of the function
/// \param ssa_function_arguments: Vector of arguments in SSA form
/// \param source: To location in the input GOTO program of this
/// \param hidden: Should this step be recorded as hidden?
/// function call
virtual void function_call(
const exprt &guard,
const irep_idt &function_id,
const std::vector<exprt> &ssa_function_arguments,
const sourcet &source,
bool hidden) = 0;
/// Record return from a function.
/// \param guard: Precondition for returning from a function
/// \param function_id: Name of the function from which we return
/// \param source: Pointer to location in the input GOTO program of this
/// \param hidden: Should this step be recorded as hidden?
/// function return
virtual void function_return(
const exprt &guard,
const irep_idt &function_id,
const sourcet &source,
bool hidden) = 0;
/// Record a location.
/// \param guard: Precondition for reaching this location
/// \param source: Pointer to location in the input GOTO program to be
/// recorded
virtual void location(
const exprt &guard,
const sourcet &source)=0;
/// Record an output.
/// \param guard: Precondition for writing to the output
/// \param source: Pointer to location in the input GOTO program of this
/// output
/// \param output_id: Name of the output
/// \param args: A list of IO arguments
virtual void output(
const exprt &guard,
const sourcet &source,
const irep_idt &output_id,
const std::list<exprt> &args) = 0;
/// Record formatted output.
/// \param guard: Precondition for writing to the output
/// \param source: Pointer to location in the input GOTO program of this
/// output
/// \param output_id: Name of the output
/// \param fmt: Formatting string
/// \param args: A list of IO arguments
virtual void output_fmt(
const exprt &guard,
const sourcet &source,
const irep_idt &output_id,
const irep_idt &fmt,
const std::list<exprt> &args)=0;
/// Record an input.
/// \param guard: Precondition for reading from the input
/// \param source: Pointer to location in the input GOTO program of this
/// input
/// \param input_id: Name of the input
/// \param args: A list of IO arguments
virtual void input(
const exprt &guard,
const sourcet &source,
const irep_idt &input_id,
const std::list<exprt> &args)=0;
/// Record an assumption.
/// \param guard: Precondition for reaching this assumption
/// \param cond: Condition this assumption represents
/// \param source: Pointer to location in the input GOTO program of this
/// assumption
virtual void assumption(
const exprt &guard,
const exprt &cond,
const sourcet &source)=0;
/// Record an assertion.
/// \param guard: Precondition for reaching this assertion
/// \param cond: Condition this assertion represents
/// \param property_id: Unique property identifier of this assertion
/// \param msg: The message associated with this assertion
/// \param source: Pointer to location in the input GOTO program of this
/// assertion
virtual void assertion(
const exprt &guard,
const exprt &cond,
const irep_idt &property_id,
const std::string &msg,
const sourcet &source) = 0;
/// Record a goto instruction.
/// \param guard: Precondition for reaching this goto instruction
/// \param cond: Condition under which this goto should be taken
/// \param source: Pointer to location in the input GOTO program of this
/// goto instruction
virtual void goto_instruction(
const exprt &guard,
const exprt &cond,
const sourcet &source) = 0;
/// Record a _global_ constraint: there is no guard limiting its scope.
/// \param cond: Condition represented by this constraint
/// \param msg: The message associated with this constraint
/// \param source: Pointer to location in the input GOTO program of this
/// constraint
virtual void constraint(
const exprt &cond,
const std::string &msg,
const sourcet &source)=0;
/// Record spawning a new thread
/// \param guard: Precondition for reaching spawning a new thread
/// \param source: Pointer to location in the input GOTO program where a new
/// thread is to be spawned
virtual void spawn(
const exprt &guard,
const sourcet &source)=0;
/// Record creating a memory barrier
/// \param guard: Precondition for reaching this barrier
/// \param source: Pointer to location in the input GOTO program where a new
/// barrier is created
virtual void memory_barrier(
const exprt &guard,
const sourcet &source)=0;
/// Record a beginning of an atomic section
/// \param guard: Precondition for reaching this atomic section
/// \param atomic_section_id: Identifier for this atomic section
/// \param source: Pointer to location in the input GOTO program where an
/// atomic section begins
virtual void atomic_begin(
const exprt &guard,
unsigned atomic_section_id,
const sourcet &source)=0;
/// Record ending an atomic section
/// \param guard: Precondition for reaching the end of this atomic section
/// \param atomic_section_id: Identifier for this atomic section
/// \param source: Pointer to location in the input GOTO program where an
/// atomic section ends
virtual void atomic_end(
const exprt &guard,
unsigned atomic_section_id,
const sourcet &source)=0;
};
/// Base class comparison operator for symbolic execution targets. Order first
/// by thread numbers and then by program counters.
/// \param a: Left-hand target
/// \param b: Right-hand target
/// \return _True_ if `a` precedes `b`.
bool operator < (
const symex_targett::sourcet &a,
const symex_targett::sourcet &b);
#endif // CPROVER_GOTO_SYMEX_SYMEX_TARGET_H