Packages/c/cbmc-doc-6.9.0-1.fc45.x86_64.rpm

/*******************************************************************\


Module: Symbol Analyzer


Author: Malte Mues <mail.mues@gmail.com>

        Daniel Poetzl


\*******************************************************************/


#ifndef CPROVER_MEMORY_ANALYZER_ANALYZE_SYMBOL_H

#define CPROVER_MEMORY_ANALYZER_ANALYZE_SYMBOL_H


#include <ansi-c/expr2c_class.h>


#include <util/namespace.h>

#include <util/symbol_table.h>


#include <ansi-c/allocate_objects.h>


#include "gdb_api.h"


#include <map>

#include <string>


class pointer_typet;

class source_locationt;


class gdb_value_extractort

{

public:

  gdb_value_extractort(

    const symbol_table_baset &symbol_table,

    const std::vector<std::string> &args);


  void analyze_symbols(const std::list<std::string> &symbols);


  std::string get_snapshot_as_c_code();


  symbol_tablet get_snapshot_as_symbol_table();


  using pointer_valuet = gdb_apit::pointer_valuet;

  using memory_addresst = gdb_apit::memory_addresst;


  void create_gdb_process()

  {

    gdb_api.create_gdb_process();

  }


  bool run_gdb_to_breakpoint(const std::string &breakpoint)

  {

    return gdb_api.run_gdb_to_breakpoint(breakpoint);

  }


  void run_gdb_from_core(const std::string &corefile)

  {

    gdb_api.run_gdb_from_core(corefile);

  }


private:

  gdb_apit gdb_api;


  symbol_tablet symbol_table;

  const namespacet ns;

  expr2ct c_converter;

  allocate_objectst allocate_objects;


  std::map<exprt, exprt> assignments;


  std::map<exprt, memory_addresst> outstanding_assignments;


  std::map<memory_addresst, exprt> values;


  struct memory_scopet

  {

  private:

    size_t begin_int;

    mp_integer byte_size;

    irep_idt name;


    size_t address2size_t(const memory_addresst &point) const;


    bool check_containment(const size_t &point_int) const

    {

      return point_int >= begin_int && (begin_int + byte_size) > point_int;

    }


  public:

    memory_scopet(

      const memory_addresst &begin,

      const mp_integer &byte_size,

      const irep_idt &name);


    bool contains(const memory_addresst &point) const

    {

      return check_containment(address2size_t(point));

    }


    mp_integer

    distance(const memory_addresst &point, mp_integer member_size) const;


    irep_idt id() const

    {

      return name;

    }


    mp_integer size() const

    {

      return byte_size;

    }


  };


  std::vector<memory_scopet> dynamically_allocated;


  std::map<irep_idt, pointer_valuet> memory_map;


  bool has_known_memory_location(const irep_idt &id) const

  {

    return memory_map.count(id) != 0;

  }


  std::vector<memory_scopet>::iterator find_dynamic_allocation(irep_idt name);


  std::vector<memory_scopet>::iterator

  find_dynamic_allocation(const memory_addresst &point);


  mp_integer get_malloc_size(irep_idt name);


  std::optional<std::string>

  get_malloc_pointee(const memory_addresst &point, mp_integer member_size);


  mp_integer get_type_size(const typet &type) const;


  void analyze_symbol(const irep_idt &symbol_name);


  void add_assignment(const exprt &lhs, const exprt &value);


  exprt get_array_value(

    const exprt &expr,

    const exprt &array,

    const source_locationt &location);


  exprt get_expr_value(

    const exprt &expr,

    const exprt &zero_expr,

    const source_locationt &location);


  exprt get_struct_value(

    const exprt &expr,

    const exprt &zero_expr,

    const source_locationt &location);


  exprt get_union_value(

    const exprt &expr,

    const exprt &zero_expr,

    const source_locationt &location);


  exprt get_pointer_value(

    const exprt &expr,

    const exprt &zero_expr,

    const source_locationt &location);


  exprt get_pointer_to_member_value(

    const exprt &expr,

    const pointer_valuet &pointer_value,

    const source_locationt &location);


  exprt get_non_char_pointer_value(

    const exprt &expr,

    const pointer_valuet &value,

    const source_locationt &location);


  exprt get_pointer_to_function_value(

    const exprt &expr,

    const pointer_valuet &pointer_value,

    const source_locationt &location);


  exprt get_char_pointer_value(

    const exprt &expr,

    const memory_addresst &memory_location,

    const source_locationt &location);


  void process_outstanding_assignments();


  std::string get_gdb_value(const exprt &expr);


  bool points_to_member(

    pointer_valuet &pointer_value,

    const pointer_typet &expected_type);

};


#endif // CPROVER_MEMORY_ANALYZER_ANALYZE_SYMBOL_H

allocate_objects.h

allocate_objectst
Definition allocate_objects.h:27

expr2ct
Definition expr2c_class.h:35

exprt
Base class for all expressions.
Definition expr.h:57

gdb_apit
Interface for running and querying GDB.
Definition gdb_api.h:30

gdb_value_extractort::get_gdb_value
std::string get_gdb_value(const exprt &expr)
Extract a stringified value from and c-converted expr.
Definition analyze_symbol.cpp:754

gdb_value_extractort::get_pointer_to_member_value
exprt get_pointer_to_member_value(const exprt &expr, const pointer_valuet &pointer_value, const source_locationt &location)
Call get_subexpression_at_offset to get the correct member expression.
Definition analyze_symbol.cpp:274

gdb_value_extractort::allocate_objects
allocate_objectst allocate_objects
Definition analyze_symbol.h:81

gdb_value_extractort::run_gdb_to_breakpoint
bool run_gdb_to_breakpoint(const std::string &breakpoint)
Definition analyze_symbol.h:64

gdb_value_extractort::memory_map
std::map< irep_idt, pointer_valuet > memory_map
Keep track of the memory location for the analyzed symbols.
Definition analyze_symbol.h:154

gdb_value_extractort::gdb_api
gdb_apit gdb_api
Definition analyze_symbol.h:74

gdb_value_extractort::outstanding_assignments
std::map< exprt, memory_addresst > outstanding_assignments
Mapping pointer expression for which get_non_char_pointer_value returned nil expression to memory loc...
Definition analyze_symbol.h:88

gdb_value_extractort::c_converter
expr2ct c_converter
Definition analyze_symbol.h:80

gdb_value_extractort::pointer_valuet
gdb_apit::pointer_valuet pointer_valuet
Definition analyze_symbol.h:57

gdb_value_extractort::analyze_symbol
void analyze_symbol(const irep_idt &symbol_name)
Assign the gdb-extracted value for symbol_name to its symbol expression and then process outstanding ...
Definition analyze_symbol.cpp:148

gdb_value_extractort::has_known_memory_location
bool has_known_memory_location(const irep_idt &id) const
Definition analyze_symbol.h:156

gdb_value_extractort::get_char_pointer_value
exprt get_char_pointer_value(const exprt &expr, const memory_addresst &memory_location, const source_locationt &location)
If memory_location is found among values then return the symbol expression associated with it.
Definition analyze_symbol.cpp:228

gdb_value_extractort::get_pointer_to_function_value
exprt get_pointer_to_function_value(const exprt &expr, const pointer_valuet &pointer_value, const source_locationt &location)
Extract the function name from pointer_value, check it has a symbol and return the associated symbol ...
Definition analyze_symbol.cpp:340

gdb_value_extractort::process_outstanding_assignments
void process_outstanding_assignments()
Call add_assignment for each pair in outstanding_assignments.
Definition analyze_symbol.cpp:745

gdb_value_extractort::get_array_value
exprt get_array_value(const exprt &expr, const exprt &array, const source_locationt &location)
Iterate over array and fill its operands with the results of calling get_expr_value on index expressi...
Definition analyze_symbol.cpp:580

gdb_value_extractort::add_assignment
void add_assignment(const exprt &lhs, const exprt &value)
Create assignment lhs := value (see analyze_symbol).
Definition analyze_symbol.cpp:222

gdb_value_extractort::dynamically_allocated
std::vector< memory_scopet > dynamically_allocated
Keep track of the dynamically allocated memory.
Definition analyze_symbol.h:151

gdb_value_extractort::run_gdb_from_core
void run_gdb_from_core(const std::string &corefile)
Definition analyze_symbol.h:68

gdb_value_extractort::assignments
std::map< exprt, exprt > assignments
Sequence of assignments collected during analyze_symbols.
Definition analyze_symbol.h:84

gdb_value_extractort::get_snapshot_as_c_code
std::string get_snapshot_as_c_code()
Get memory snapshot as C code.
Definition analyze_symbol.cpp:174

gdb_value_extractort::values
std::map< memory_addresst, exprt > values
Storing pairs <address, symbol> such that at address is stored the value of symbol.
Definition analyze_symbol.h:92

gdb_value_extractort::gdb_value_extractort
gdb_value_extractort(const symbol_table_baset &symbol_table, const std::vector< std::string > &args)
Definition analyze_symbol.cpp:24

gdb_value_extractort::get_expr_value
exprt get_expr_value(const exprt &expr, const exprt &zero_expr, const source_locationt &location)
Case analysis on the typet of expr 1) For integers, booleans, and enums: call gdb_apit::get_value dir...
Definition analyze_symbol.cpp:604

gdb_value_extractort::get_type_size
mp_integer get_type_size(const typet &type) const
Build the pointee string for address point assuming it points to a dynamic allocation of `n' elements...
Definition analyze_symbol.cpp:102

gdb_value_extractort::analyze_symbols
void analyze_symbols(const std::list< std::string > &symbols)
For each input symbol in symbols: map its value address to its symbol_exprt (via the values map) and ...
Definition analyze_symbol.cpp:109

gdb_value_extractort::points_to_member
bool points_to_member(pointer_valuet &pointer_value, const pointer_typet &expected_type)
Analyzes the pointer_value to decide if it point to a struct or a union (or array).
Definition analyze_symbol.cpp:465

gdb_value_extractort::get_malloc_size
mp_integer get_malloc_size(irep_idt name)
Search for the size of the allocated memory for name.
Definition analyze_symbol.cpp:80

gdb_value_extractort::create_gdb_process
void create_gdb_process()
Definition analyze_symbol.h:60

gdb_value_extractort::get_pointer_value
exprt get_pointer_value(const exprt &expr, const exprt &zero_expr, const source_locationt &location)
Call gdb_apit::get_memory on expr then split based on the points-to type being char type or not.
Definition analyze_symbol.cpp:491

gdb_value_extractort::symbol_table
symbol_tablet symbol_table
External symbol table – extracted from read_goto_binary We only expect to analyse symbols located the...
Definition analyze_symbol.h:78

gdb_value_extractort::get_struct_value
exprt get_struct_value(const exprt &expr, const exprt &zero_expr, const source_locationt &location)
For each of the members of the struct: call get_expr_value.
Definition analyze_symbol.cpp:687

gdb_value_extractort::find_dynamic_allocation
std::vector< memory_scopet >::iterator find_dynamic_allocation(irep_idt name)
Search for a memory scope allocated under name.
Definition analyze_symbol.cpp:61

gdb_value_extractort::get_union_value
exprt get_union_value(const exprt &expr, const exprt &zero_expr, const source_locationt &location)
For each of the members of the struct: call get_expr_value.
Definition analyze_symbol.cpp:723

gdb_value_extractort::get_snapshot_as_symbol_table
symbol_tablet get_snapshot_as_symbol_table()
Get memory snapshot as symbol table Build a new symbol_tablet and for each lhs symbol from collected ...
Definition analyze_symbol.cpp:189

gdb_value_extractort::get_non_char_pointer_value
exprt get_non_char_pointer_value(const exprt &expr, const pointer_valuet &value, const source_locationt &location)
Similar to get_char_pointer_value.
Definition analyze_symbol.cpp:361

gdb_value_extractort::memory_addresst
gdb_apit::memory_addresst memory_addresst
Definition analyze_symbol.h:58

gdb_value_extractort::ns
const namespacet ns
Definition analyze_symbol.h:79

namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition namespace.h:91

pointer_typet
The pointer type These are both 'bitvector_typet' (they have a width) and 'type_with_subtypet' (they ...
Definition pointer_expr.h:24

source_locationt
Definition source_location.h:20

symbol_table_baset
The symbol table base class interface.
Definition symbol_table_base.h:23

symbol_tablet
The symbol table.
Definition symbol_table.h:14

typet
The type of an expression, extends irept.
Definition type.h:29

expr2c_class.h

gdb_api.h
Low-level interface to gdb.

namespace.h

mp_integer
BigInt mp_integer
Definition smt_terms.h:17

gdb_apit::memory_addresst
Memory address imbued with the explicit boolean data indicating if the address is null or not.
Definition gdb_api.h:37

gdb_apit::pointer_valuet
Data associated with the value of a pointer, i.e.
Definition gdb_api.h:77

gdb_value_extractort::memory_scopet::begin_int
size_t begin_int
Definition analyze_symbol.h:97

gdb_value_extractort::memory_scopet::byte_size
mp_integer byte_size
Definition analyze_symbol.h:98

gdb_value_extractort::memory_scopet::check_containment
bool check_containment(const size_t &point_int) const
Helper function that check if a point in memory points inside this scope.
Definition analyze_symbol.h:109

gdb_value_extractort::memory_scopet::name
irep_idt name
Definition analyze_symbol.h:99

gdb_value_extractort::memory_scopet::memory_scopet
memory_scopet(const memory_addresst &begin, const mp_integer &byte_size, const irep_idt &name)
Definition analyze_symbol.cpp:35

gdb_value_extractort::memory_scopet::size
mp_integer size() const
Getter for the allocation size of this memory scope.
Definition analyze_symbol.h:144

gdb_value_extractort::memory_scopet::contains
bool contains(const memory_addresst &point) const
Check if point points somewhere in this memory scope.
Definition analyze_symbol.h:123

gdb_value_extractort::memory_scopet::address2size_t
size_t address2size_t(const memory_addresst &point) const
Convert base-16 memory address to a natural number.
Definition analyze_symbol.cpp:45

gdb_value_extractort::memory_scopet::id
irep_idt id() const
Compute the distance of point from the beginning of this scope.
Definition analyze_symbol.h:137

symbol_table.h
Author: Diffblue Ltd.

irep_idt
dstringt irep_idt
Definition verification_result.h:16