45 if(expr.
id()==ID_symbol)
51 std::string identifier=
54 std::string::size_type l0_l1=identifier.find_first_of(
"!@");
55 if(l0_l1!=std::string::npos)
57 identifier.resize(l0_l1);
64 else if(expr.
id() == ID_string_constant)
80 if(cit !=
cache.end())
85 if(assign.
rhs().
id() == ID_array_list)
88 const auto &ops = array_list.
operands();
90 for(std::size_t listidx = 0; listidx != ops.size(); listidx += 2)
99 else if(assign.
rhs().
id() == ID_array)
113 else if(assign.
rhs().
id()==ID_struct ||
114 assign.
rhs().
id()==ID_union)
119 assign.
lhs().
id() == ID_member &&
127 else if(assign.
lhs().
id()==ID_byte_extract_little_endian ||
128 assign.
lhs().
id()==ID_byte_extract_big_endian)
138 (lhs_type.
id() == ID_struct_tag || lhs_type.
id() == ID_union_tag)
142 exprt::operandst::const_iterator it=
144 for(
const auto &comp : components)
147 comp.type().id() != ID_code,
"struct member must not be of code type");
149 comp.get_is_padding() ||
151 comp.get_name().starts_with(
"$pad"))
155 it != assign.
rhs().
operands().end(),
"expression must have operands");
167 if(assign.
rhs().
id()==ID_union)
171 else if(assign.
rhs().
id() == ID_with)
178 if(with_expr.
where().
id() == ID_member_name)
182 with_expr.
where().
get(ID_component_name),
204 lhs.find(
"#return_value") != std::string::npos ||
205 (lhs.find(
'$') != std::string::npos &&
206 has_prefix(lhs,
"return_value___VERIFIER_nondet_")))
220 const goto_tracet::stepst::const_iterator &prev_it,
221 goto_tracet::stepst::const_iterator &it)
225 (!it->pc->is_assign() || it->pc->assign_rhs().id() != ID_side_effect ||
226 it->pc->assign_rhs().get(ID_statement) != ID_nondet))
229 if(!it->is_assignment() && !it->is_goto() && !it->is_assert())
236 prev_it != goto_trace.
steps.end() &&
237 prev_it->pc->source_location() == it->pc->source_location())
240 if(it->is_goto() && it->pc->condition() ==
true)
245 if(source_location.
is_nil() ||
264 expr.
id() == ID_symbol &&
270 for(
const auto &op : expr.
operands())
284 const symbolt *symbol_ptr =
nullptr;
285 if(ns.
lookup(function_id, symbol_ptr))
288 if(symbol_ptr->
type.
id() != ID_code)
309 for(
const auto &symbol_id : symbols)
314 std::string symbol_str =
id2string(symbol_id);
315 auto scope_sep = symbol_str.find(
"::");
317 if(scope_sep != std::string::npos)
319 if(symbol_str.substr(0, scope_sep) !=
id2string(function_id))
330 unsigned int max_thread_idx = 0;
331 bool trace_has_violation =
false;
332 for(goto_tracet::stepst::const_iterator it = goto_trace.
steps.begin();
333 it != goto_trace.
steps.end();
336 if(it->thread_nr > max_thread_idx)
337 max_thread_idx = it->thread_nr;
338 if(it->is_assert() && !it->cond_value)
339 trace_has_violation =
true;
342 graphml.key_values[
"sourcecodelang"]=
"C";
345 graphml[sink].node_name=
"sink";
346 graphml[sink].is_violation=
false;
347 graphml[sink].has_invariant=
false;
349 if(max_thread_idx > 0 && trace_has_violation)
351 std::vector<graphmlt::node_indext> nodes;
353 for(
unsigned int i = 0; i <= max_thread_idx + 1; ++i)
355 nodes.push_back(
graphml.add_node());
356 graphml[nodes.back()].node_name =
"N" + std::to_string(i);
357 graphml[nodes.back()].is_violation = i == max_thread_idx + 1;
358 graphml[nodes.back()].has_invariant =
false;
361 for(
auto it = nodes.cbegin(); std::next(it) != nodes.cend(); ++it)
366 const auto thread_id = std::distance(nodes.cbegin(), it);
368 data.set_attribute(
"key",
"createThread");
373 data.set_attribute(
"key",
"enterFunction");
376 graphml[*std::next(it)].in[*it].xml_node = edge;
377 graphml[*it].out[*std::next(it)].xml_node = edge;
386 std::vector<std::size_t> step_to_node(goto_trace.
steps.size()+1, 0);
388 goto_tracet::stepst::const_iterator prev_it=goto_trace.
steps.end();
389 for(goto_tracet::stepst::const_iterator
390 it=goto_trace.
steps.begin();
391 it!=goto_trace.
steps.end();
396 step_to_node[it->step_nr]=sink;
402 goto_tracet::stepst::const_iterator next=it;
405 next != goto_trace.
steps.end() &&
407 it->full_lhs == next->full_lhs &&
408 it->pc->source_location() == next->pc->source_location())
410 step_to_node[it->step_nr]=sink;
421 std::to_string(it->pc->location_number)+
"."+std::to_string(it->step_nr);
426 graphml[node].has_invariant=
false;
428 step_to_node[it->step_nr]=node;
434 for(goto_tracet::stepst::const_iterator
435 it=goto_trace.
steps.begin();
436 it!=goto_trace.
steps.end();
439 const std::size_t from=step_to_node[it->step_nr];
442 if(from == sink ||
graphml[from].is_violation)
448 auto next = std::next(it);
449 for(; next != goto_trace.
steps.end() &&
450 (step_to_node[next->step_nr] == sink ||
456 const std::size_t to=
457 next==goto_trace.
steps.end()?
458 sink:step_to_node[next->step_nr];
469 {{
"source",
graphml[from].node_name},
470 {
"target",
graphml[to].node_name}},
484 data_t.
data = std::to_string(it->thread_nr);
487 const auto lhs_object = it->get_lhs_object();
490 lhs_object.has_value())
492 const std::string &lhs_id =
id2string(lhs_object->get_identifier());
493 if(lhs_id.find(
"pthread_create::thread") != std::string::npos)
504 lhs_id.find(
"thread") == std::string::npos &&
505 lhs_id.find(
"mutex") == std::string::npos &&
506 (!it->full_lhs_value.is_constant() ||
507 !it->full_lhs_value.has_operands() ||
516 irep_idt scope_function = it->function_id;
517 auto sep = lhs_id.find(
"::");
518 if(sep != std::string::npos)
519 scope_function = lhs_id.substr(0, sep);
535 if(!scope_function.
empty())
555 graphml[to].in[from].xml_node = edge;
556 graphml[from].out[to].xml_node = edge;
587 graphml.key_values[
"sourcecodelang"]=
"C";
590 graphml[sink].node_name=
"sink";
591 graphml[sink].is_violation=
false;
592 graphml[sink].has_invariant=
false;
595 std::vector<std::size_t> step_to_node(equation.
SSA_steps.size()+1, 0);
597 std::size_t step_nr=1;
598 for(symex_target_equationt::SSA_stepst::const_iterator
607 (!it->is_assignment() && !it->is_goto() && !it->is_assert()) ||
608 (it->is_goto() && it->source.pc->condition() ==
true) ||
612 step_to_node[step_nr]=sink;
618 symex_target_equationt::SSA_stepst::const_iterator next=it;
621 next != equation.
SSA_steps.end() && next->is_assignment() &&
622 it->ssa_full_lhs == next->ssa_full_lhs &&
623 it->source.pc->source_location() == next->source.pc->source_location())
625 step_to_node[step_nr]=sink;
632 std::to_string(it->source.pc->location_number)+
"."+
633 std::to_string(step_nr);
636 graphml[node].is_violation=
false;
637 graphml[node].has_invariant=
false;
639 step_to_node[step_nr]=node;
644 for(symex_target_equationt::SSA_stepst::const_iterator
649 const std::size_t from=step_to_node[step_nr];
658 symex_target_equationt::SSA_stepst::const_iterator next=it;
659 std::size_t next_step_nr=step_nr;
660 for(++next, ++next_step_nr;
662 (step_to_node[next_step_nr]==sink || it->source.pc==next->source.pc);
663 ++next, ++next_step_nr)
667 const std::size_t to=
669 sink:step_to_node[next_step_nr];
680 {{
"source",
graphml[from].node_name},
681 {
"target",
graphml[to].node_name}},
695 (it->is_assignment() || it->is_decl()) && it->ssa_rhs.is_not_nil() &&
696 it->ssa_full_lhs.is_not_nil())
698 irep_idt identifier = it->ssa_lhs.get_object_name();
703 irep_idt scope_function = it->source.function_id;
704 std::string id_str =
id2string(identifier);
705 auto sep = id_str.find(
"::");
706 if(sep != std::string::npos)
707 scope_function = id_str.substr(0, sep);
716 graphml[to].has_invariant =
true;
719 if(!scope_function.
empty())
726 graphml[to].in[from].xml_node = edge;
727 graphml[from].out[to].xml_node = edge;
752 step_nr=next_step_nr;
Expression classes for byte-level operators.
const byte_extract_exprt & to_byte_extract_expr(const exprt &expr)
bitvector_typet c_index_type()
Array constructor from a list of index-element pairs Operands are index/value pairs,...
const typet & element_type() const
The type of the elements of the array.
A goto_instruction_codet representing an assignment in the program.
Base class for all expressions.
typet & type()
Return the type of the expression.
void operator()(const goto_tracet &goto_trace)
counterexample witness
std::unordered_map< std::pair< unsigned int, const irept::dt * >, std::string, pair_hash< unsigned int, const irept::dt * > > cache
void remove_l0_l1(exprt &expr)
std::string convert_assign_rec(const irep_idt &identifier, const code_assignt &assign)
nodet::node_indext node_indext
const irep_idt & get(const irep_idt &name) const
const irep_idt & id() const
Extract member of struct or union.
const exprt & struct_op() const
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
bool lookup(const irep_idt &name, const symbolt *&symbol) const override
See documentation for namespace_baset::lookup().
const irep_idt & get_function() const
const irep_idt & get_file() const
const irep_idt & get_line() const
static bool is_built_in(const std::string &s)
const exprt & get_original_expr() const
array_exprt to_array_expr() const
convert string into array constant
const componentst & components() const
std::vector< componentt > componentst
void set_identifier(const irep_idt &identifier)
source_locationt location
Source code location of definition of symbol.
typet type
Type of symbol.
exprt value
Initial value of symbol.
Inheriting the interface of symex_targett this class represents the SSA form of the input program as ...
The type of an expression, extends irept.
Operator to update elements in structs and arrays.
xmlt & new_element(const std::string &key)
void set_attribute(const std::string &attribute, unsigned value)
static bool is_printable_xml(const std::string &s)
Determine whether s does not contain any characters that cannot be escaped in XML 1....
bool has_prefix(const std::string &s, const std::string &prefix)
std::string expr2c(const exprt &expr, const namespacet &ns, const expr2c_configurationt &configuration)
#define Forall_operands(it, expr)
static bool find_symbols(symbol_kindt, const typet &, std::function< bool(const symbol_exprt &)>, std::unordered_set< irep_idt > &bindings, const std::vector< irep_idt > &subs_to_find)
Find identifiers with id ID_symbol of the sub expressions and the subs with ID in subs_to_find consid...
std::unordered_set< irep_idt > find_symbols_sett
static bool all_symbols_in_scope(const exprt &expr, const irep_idt &function_id)
Check if all symbols in an expression are in scope.
static std::string expr_to_string(const namespacet &ns, const irep_idt &id, const exprt &expr)
static bool is_function_built_in_or_extern(const namespacet &ns, const irep_idt &function_id)
Check if a function is built-in (CPROVER library), has no body, or does not exist in the symbol table...
static bool contains_symbol_prefix(const exprt &expr, const std::string &prefix)
static bool filter_out(const goto_tracet &goto_trace, const goto_tracet::stepst::const_iterator &prev_it, goto_tracet::stepst::const_iterator &it)
Witnesses for Traces and Proofs.
const std::string & id2string(const irep_idt &d)
const std::string thread_id
std::string from_expr(const namespacet &ns, const irep_idt &identifier, const exprt &expr)
const irep_idt & get_mode_from_identifier(const namespacet &ns, const irep_idt &identifier)
Get the mode of the given identifier's symbol.
Various predicates over pointers in programs.
#define SYMEX_DYNAMIC_PREFIX
#define DATA_INVARIANT(CONDITION, REASON)
This condition should be used to document that assumptions that are made on goto_functions,...
#define INVARIANT(CONDITION, REASON)
This macro uses the wrapper function 'invariant_violated_string'.
bool is_ssa_expr(const exprt &expr)
const ssa_exprt & to_ssa_expr(const exprt &expr)
Cast a generic exprt to an ssa_exprt.
const array_list_exprt & to_array_list_expr(const exprt &expr)
const multi_ary_exprt & to_multi_ary_expr(const exprt &expr)
Cast an exprt to a multi_ary_exprt.
const member_exprt & to_member_expr(const exprt &expr)
Cast an exprt to a member_exprt.
const symbol_exprt & to_symbol_expr(const exprt &expr)
Cast an exprt to a symbol_exprt.
const with_exprt & to_with_expr(const exprt &expr)
Cast an exprt to a with_exprt.
const struct_or_union_tag_typet & to_struct_or_union_tag_type(const typet &type)
Cast a typet to a struct_or_union_tag_typet.
const array_typet & to_array_type(const typet &type)
Cast a typet to an array_typet.
const struct_union_typet & to_struct_union_type(const typet &type)
Cast a typet to a struct_union_typet.
const string_constantt & to_string_constant(const exprt &expr)
static expr2c_configurationt clean_configuration
This prints compilable C that loses some of the internal details of the GOTO program.
Functor to check whether iterators from different collections point at the same object.
Generate Equation using Symbolic Execution.
1.17.0