#include <string_refinement.h>
+ Inheritance diagram for string_refinementt:
+ Collaboration diagram for string_refinementt:
Return a textual description of the decision procedure.
Record the constraints to ensure that the expression is true when the boolean is true and false otherwise.
- Public Member Functions inherited from
boolbvt
Convert expression to vector of literalts, using an internal cache to speed up conversion if available.
Print satisfying assignment to out.
Generate a handle, which is an expression that has the same value as the argument in any model that is generated; this offers an efficient way to refer to the expression in subsequent calls to
get or
set_to.
- Public Member Functions inherited from
arrayst
Record that symbol is equal to value for the purposes of the array theory.
- Public Member Functions inherited from
equalityt
Print satisfying assignment to out.
Return value of literal l from satisfying assignment.
Generate a handle, which is an expression that has the same value as the argument in any model that is generated; this offers an efficient way to refer to the expression in subsequent calls to
get or
set_to.
Convert a Boolean expression and return the corresponding literal.
Returns true if an expression is in the final conflict leading to UNSAT.
Push a new context on the stack This context becomes a child context nested in the current context.
Pop whatever is on top of the stack.
Set the limit for the solver to time out in seconds.
Return the number of incremental solver calls.
- Public Member Functions inherited from
prop_convt
For a Boolean expression expr, add the constraint 'expr'.
For a Boolean expression expr, add the constraint 'not expr'.
Run the decision procedure to solve the problem This corresponds to SMT-LIB's check-sat.
Run the decision procedure to solve the problem under the given assumption.
Protected Member Functions
Main decision procedure of the solver.
generate array constraints
Converts an expression into its gate-level representation and returns a vector of literals corresponding to the outputs of the Boolean circuit.
Create Boolean functions describing all dynamic and all not-dynamic object encodings over placeholders as input Boolean variables representing object bits.
Create Boolean functions describing all objects of each known object size over placeholders as input Boolean variables representing object bits.
Given a pointer encoded in bv, extract the literals identifying the object that the pointer points to.
Given a pointer encoded in bv, extract the literals representing the offset into an object that the pointer points to.
- Protected Member Functions inherited from
boolbvt
Print that the expression of x has failed conversion, then return a vector of x's width.
Flatten <, >, <= and >= expressions.
conversion from bitvector types to boolean
index operator with constant index
Flatten array.
Flatten arrays constructed from a single element.
Return the model value for expr.
create new, unique variables for the given binding
- Protected Member Functions inherited from
arrayst
adds array constraints (refine=true...lazily for the refinement loop)
merge the indices into the root
- Protected Member Functions inherited from
equalityt
Get a boolean value from the model if the formula is satisfiable.
Add the given lemma to the solver.
(Note that these are not member symbols.)
Instantiates a quantified formula representing not_contains by substituting the quantifiers and generating axioms.
Additional Inherited Members
- Public Types inherited from
boolbvt
- Public Types inherited from
arrayst
Result of running the decision procedure.
More...
- Public Attributes inherited from
boolbvt
- Protected Types inherited from
boolbvt
- Protected Types inherited from
arrayst
- Static Protected Member Functions inherited from
bv_pointerst
Construct a pointer encoding from given encodings of object and offset.
- Protected Attributes inherited from
boolbvt
- Protected Attributes inherited from
arrayst
- Protected Attributes inherited from
equalityt
Assumptions on the stack.
To generate unique literal names for contexts.
assumption_stack is segmented in contexts; Number of assumptions in each context on the stack
Detailed Description
Member Typedef Documentation
◆ supert
Constructor & Destructor Documentation
◆ string_refinementt() [1/2]
string_refinementt::string_refinementt
(
const infot &
info )
explicit
◆ string_refinementt() [2/2]
string_refinementt::string_refinementt
(
const infot &
info,
)
private
Member Function Documentation
◆ add_lemma()
Add the given lemma to the solver.
- Parameters
-
lemma a Boolean expression
simplify_lemma whether the lemma should be simplified before being given to the underlying solver.
Definition at line 908 of file string_refinement.cpp.
◆ dec_solve()
Main decision procedure of the solver.
Looks for a valuation of variables compatible with the constraints that have been given to set_to so far.
The decision procedure initiated by string_refinementt::dec_solve is composed of several steps detailed below.
Symbol resolution
Pointer symbols which are set to be equal by constraints, are replaced by an single symbol in the solver. The symbol_solvert object used for this substitution is constructed by generate_symbol_resolution_from_equations(const std::vector<equal_exprt>&,const namespacet&,messaget::mstreamt&). All these symbols are then replaced using replace_symbols_in_equations(const union_find_replacet &, std::vector<equal_exprt> &).
Conversion to first order formulas:
Each string primitive is converted to a list of first order formulas by the function substitute_function_applications_in_equations(std::vector<equal_exprt>&,string_constraint_generatort&). These formulas should be unquantified or be either a string_constraintt or a string_not_contains_constraintt . The constraints corresponding to each primitive can be found by following the links in section String primitives.
Since only arrays appear in the string constraints, during the conversion to first order formulas, pointers are associated to arrays. The string_constraint_generatort object keeps track of this association. It can either be set manually using the primitives cprover_associate_array_to_pointer or a fresh array is created.
Refinement loop
We use super_dec_solve and super_get to denote the methods of the underlying solver (bv_refinementt by default). The refinement loop relies on functions string_refinementt::check_axioms which returns true when the set of quantified constraints q is satisfied by the valuation given bysuper_get and string_refinementt::instantiate which gives propositional formulas implied by a string constraint. If the following algorithm returns SAT or UNSAT, the given constraints are SAT or UNSAT respectively:
{
{
{
else
return SAT;
}
else
return UNSAT;
}
}
ait supplies three of the four components needed: an abstract interpreter (in this case handling func...
exprt instantiate(const string_constraintt &axiom, const exprt &str, const exprt &val)
Instantiates a string constraint by substituting the quantifiers.
static std::pair< bool, std::vector< exprt > > check_axioms(const string_axiomst &axioms, string_constraint_generatort &generator, const std::function< exprt(const exprt &)> &get, messaget::mstreamt &stream, const namespacet &ns, bool use_counter_example, const union_find_replacet &symbol_resolve, const std::unordered_map< string_not_contains_constraintt, symbol_exprt > ¬_contain_witnesses)
Check axioms takes the model given by the underlying solver and answers whether it satisfies the stri...
- Returns
resultt::D_SATISFIABLE if the constraints are satisfiable, resultt::D_UNSATISFIABLE if they are unsatisfiable, resultt::D_ERROR if the limit of iteration was reached.
Reimplemented from bv_refinementt.
Definition at line 615 of file string_refinement.cpp.
◆ decision_procedure_text()
std::string string_refinementt::decision_procedure_text
(
)
const
inlineoverridevirtual
◆ get()
Evaluates the given expression in the valuation found by string_refinementt::dec_solve.
Arrays of characters are interpreted differently from the result of supert::get: values are propagated to the left to fill unknown.
- Parameters
-
expr an expression
- Returns
- evaluated expression
Reimplemented from boolbvt.
Definition at line 1830 of file string_refinement.cpp.
◆ set_to()
Record the constraints to ensure that the expression is true when the boolean is true and false otherwise.
- Parameters
-
expr an expression of type bool
value the boolean value to set it to
Reimplemented from boolbvt.
Definition at line 283 of file string_refinement.cpp.
Friends And Related Symbol Documentation
◆ instantiate_not_contains()
Instantiates a quantified formula representing not_contains by substituting the quantifiers and generating axioms.
- Parameters
-
[in] axiom the axiom to instantiate
[in] index_pairs pair of indexes for axiom.s0()and axiom.s1()
[in] witnesses axiom's witnesses for non containment
- Returns
- the lemmas produced through instantiation
Definition at line 203 of file string_constraint_instantiation.cpp.
Member Data Documentation
◆ axioms
◆ config_
◆ current_constraints
std::vector<
exprt> string_refinementt::current_constraints
private
◆ dependencies
◆ equations
std::vector<
exprt> string_refinementt::equations
private
◆ generator
◆ index_sets
◆ loop_bound_
std::size_t string_refinementt::loop_bound_
private
◆ seen_instances
std::set<
exprt> string_refinementt::seen_instances
private
◆ symbol_resolve
The documentation for this class was generated from the following files: