CBMC
Loading...
Searching...
No Matches
Classes | Public Member Functions | Protected Member Functions | Private Types | Private Member Functions | Private Attributes | Related Symbols | List of all members
string_refinementt Class Referencefinal

#include <string_refinement.h>

+ Inheritance diagram for string_refinementt:
+ Collaboration diagram for string_refinementt:

Classes

struct   configt
 
struct   infot
  string_refinementt constructor arguments More...
 

Public Member Functions

 
  Return a textual description of the decision procedure.
 
  Evaluates the given expression in the valuation found by string_refinementt::dec_solve.
 
void  set_to (const exprt &expr, bool value) override
  Record the constraints to ensure that the expression is true when the boolean is true and false otherwise.
 
- Public Member Functions inherited from bv_refinementt
 
- Public Member Functions inherited from bv_pointerst
 
 
 
- Public Member Functions inherited from boolbvt
 
virtual const bvtconvert_bv (const exprt &expr, const std::optional< std::size_t > expected_width={})
  Convert expression to vector of literalts, using an internal cache to speed up conversion if available.
 
void  print_assignment (std::ostream &out) const override
  Print satisfying assignment to out.
 
  Generate a handle, which is an expression that has the same value as the argument in any model that is generated; this offers an efficient way to refer to the expression in subsequent calls to get or set_to.
 
 
 
mp_integer  get_value (const bvt &bv, std::size_t offset, std::size_t width)
 
 
virtual std::size_t  boolbv_width (const typet &type) const
 
 
- Public Member Functions inherited from arrayst
 
 
 
  Record that symbol is equal to value for the purposes of the array theory.
 
- Public Member Functions inherited from equalityt
  equalityt (propt &_prop, message_handlert &message_handler)
 
 
 
- Public Member Functions inherited from prop_conv_solvert
 
 
void  print_assignment (std::ostream &out) const override
  Print satisfying assignment to out.
 
  Return value of literal l from satisfying assignment.
 
  Generate a handle, which is an expression that has the same value as the argument in any model that is generated; this offers an efficient way to refer to the expression in subsequent calls to get or set_to.
 
 
 
 
  Convert a Boolean expression and return the corresponding literal.
 
  Returns true if an expression is in the final conflict leading to UNSAT.
 
  Push a new context on the stack This context becomes a child context nested in the current context.
 
void  push (const std::vector< exprt > &assumptions) override
  Push assumptions in form of literal_exprt
 
  Pop whatever is on top of the stack.
 
 
 
  Set the limit for the solver to time out in seconds.
 
  Return the number of incremental solver calls.
 
 
- Public Member Functions inherited from conflict_providert
 
- Public Member Functions inherited from prop_convt
 
- Public Member Functions inherited from stack_decision_proceduret
 
- Public Member Functions inherited from decision_proceduret
  For a Boolean expression expr, add the constraint 'expr'.
 
  For a Boolean expression expr, add the constraint 'not expr'.
 
  Run the decision procedure to solve the problem This corresponds to SMT-LIB's check-sat.
 
resultt  operator() (const exprt &assumption)
  Run the decision procedure to solve the problem under the given assumption.
 
 
- Public Member Functions inherited from solver_resource_limitst
 

Protected Member Functions

  Main decision procedure of the solver.
 
- Protected Member Functions inherited from bv_refinementt
  generate array constraints
 
 
 
 
 
- Protected Member Functions inherited from bv_pointerst
 
 
 
 
 
 
 
  Converts an expression into its gate-level representation and returns a vector of literals corresponding to the outputs of the Boolean circuit.
 
exprt  bv_get_rec (const exprt &, const bvt &, std::size_t offset) const override
 
std::optional< bvtconvert_address_of_rec (const exprt &)
 
 
 
 
 
  Create Boolean functions describing all dynamic and all not-dynamic object encodings over placeholders as input Boolean variables representing object bits.
 
std::unordered_map< exprt, exprt, irep_hashprepare_postponed_object_size (std::vector< symbol_exprt > &placeholders) const
  Create Boolean functions describing all objects of each known object size over placeholders as input Boolean variables representing object bits.
 
  Given a pointer encoded in bv, extract the literals identifying the object that the pointer points to.
 
  Given a pointer encoded in bv, extract the literals representing the offset into an object that the pointer points to.
 
- Protected Member Functions inherited from boolbvt
 
  Print that the expression of x has failed conversion, then return a vector of x's width.
 
 
  Flatten <, >, <= and >= expressions.
 
  conversion from bitvector types to boolean
 
 
 
 
 
 
 
 
 
 
  index operator with constant index
 
 
 
 
 
 
 
 
  Flatten array.
 
 
 
 
 
 
  Flatten arrays constructed from a single element.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
bvt  convert_update_bits (bvt src, const exprt &index, const bvt &new_value)
 
 
 
 
 
 
void  convert_update_rec (const exprt::operandst &designator, std::size_t d, const typet &type, std::size_t offset, const exprt &new_value, bvt &bv)
 
 
exprt  bv_get (const bvt &bv, const typet &type) const
 
 
  Return the model value for expr.
 
 
 
 
  create new, unique variables for the given binding
 
- Protected Member Functions inherited from arrayst
  adds array constraints (refine=true...lazily for the refinement loop)
 
 
 
 
 
 
 
 
 
 
 
 
 
 
void  update_index_map (std::size_t i)
  merge the indices into the root
 
 
 
 
- Protected Member Functions inherited from equalityt
 
 
 
- Protected Member Functions inherited from prop_conv_solvert
virtual std::optional< boolget_bool (const exprt &expr) const
  Get a boolean value from the model if the formula is satisfiable.
 
 
 
 
 

Private Types

 

Private Member Functions

 
  Add the given lemma to the solver.
 

Private Attributes

 
std::size_t  loop_bound_
 
 
std::set< exprtseen_instances
 
 
std::vector< exprtcurrent_constraints
 
 
 
std::vector< exprtequations
 
 

Related Symbols

(Note that these are not member symbols.)

  Instantiates a quantified formula representing not_contains by substituting the quantifiers and generating axioms.
 

Additional Inherited Members

- Public Types inherited from boolbvt
enum class   unbounded_arrayt { U_NONE , U_ALL , U_AUTO }
 
- Public Types inherited from arrayst
 
- Public Types inherited from equalityt
 
- Public Types inherited from prop_conv_solvert
 
typedef std::unordered_map< exprt, literalt, irep_hashcachet
 
- Public Types inherited from decision_proceduret
  Result of running the decision procedure. More...
 
- Public Attributes inherited from boolbvt
 
- Public Attributes inherited from prop_conv_solvert
 
 
 
- Protected Types inherited from bv_pointerst
 
 
- Protected Types inherited from boolbvt
 
typedef std::unordered_map< const exprt, bvt, irep_hashbv_cachet
 
 
typedef std::vector< std::size_t >  offset_mapt
 
- Protected Types inherited from arrayst
 
 
 
typedef std::set< exprtindex_sett
 
typedef std::map< std::size_t, index_settindex_mapt
 
 
- Protected Types inherited from equalityt
typedef std::unordered_map< const exprt, unsigned, irep_hashelementst
 
typedef std::map< std::pair< unsigned, unsigned >, literaltequalitiest
 
 
typedef std::unordered_map< const typet, typestructt, irep_hashtypemapt
 
- Static Protected Member Functions inherited from bv_pointerst
  Construct a pointer encoding from given encodings of object and offset.
 
- Protected Attributes inherited from bv_refinementt
 
- Protected Attributes inherited from bv_pointerst
 
 
- Protected Attributes inherited from boolbvt
 
 
 
 
 
 
 
std::size_t  scope_counter = 0
 
- Protected Attributes inherited from arrayst
 
 
 
 
 
 
 
 
 
 
std::map< exprt, boolexpr_map
 
 
std::set< std::size_t >  update_indices
 
std::unordered_set< irep_idtarray_comprehension_args
 
- Protected Attributes inherited from equalityt
 
- Protected Attributes inherited from prop_conv_solvert
 
 
 
proptprop
 
 
  Assumptions on the stack.
 
std::size_t  context_literal_counter = 0
  To generate unique literal names for contexts.
 
std::vector< size_tcontext_size_stack
  assumption_stack is segmented in contexts; Number of assumptions in each context on the stack
 
- Static Protected Attributes inherited from prop_conv_solvert
static const charcontext_prefix = "prop_conv::context$"
 

Detailed Description

Definition at line 63 of file string_refinement.h.

Member Typedef Documentation

◆  supert

Definition at line 93 of file string_refinement.h.

Constructor & Destructor Documentation

◆  string_refinementt() [1/2]

string_refinementt::string_refinementt ( const infotinfo )
explicit

Definition at line 165 of file string_refinement.cpp.

◆  string_refinementt() [2/2]

string_refinementt::string_refinementt ( const infotinfo,
bool   
)
private

Definition at line 157 of file string_refinement.cpp.

Member Function Documentation

◆  add_lemma()

void string_refinementt::add_lemma ( const exprtlemma,
bool  simplify_lemma = true  
)
private

Add the given lemma to the solver.

Parameters
lemma a Boolean expression
simplify_lemma whether the lemma should be simplified before being given to the underlying solver.

Definition at line 908 of file string_refinement.cpp.

◆  dec_solve()

decision_proceduret::resultt string_refinementt::dec_solve ( const exprtassumption )
overrideprotectedvirtual

Main decision procedure of the solver.

Looks for a valuation of variables compatible with the constraints that have been given to set_to so far.

The decision procedure initiated by string_refinementt::dec_solve is composed of several steps detailed below.

Symbol resolution

Pointer symbols which are set to be equal by constraints, are replaced by an single symbol in the solver. The symbol_solvert object used for this substitution is constructed by generate_symbol_resolution_from_equations(const std::vector<equal_exprt>&,const namespacet&,messaget::mstreamt&). All these symbols are then replaced using replace_symbols_in_equations(const union_find_replacet &, std::vector<equal_exprt> &).

Conversion to first order formulas:

Each string primitive is converted to a list of first order formulas by the function substitute_function_applications_in_equations(std::vector<equal_exprt>&,string_constraint_generatort&). These formulas should be unquantified or be either a string_constraintt or a string_not_contains_constraintt . The constraints corresponding to each primitive can be found by following the links in section String primitives.

Since only arrays appear in the string constraints, during the conversion to first order formulas, pointers are associated to arrays. The string_constraint_generatort object keeps track of this association. It can either be set manually using the primitives cprover_associate_array_to_pointer or a fresh array is created.

Refinement loop

We use super_dec_solve and super_get to denote the methods of the underlying solver (bv_refinementt by default). The refinement loop relies on functions string_refinementt::check_axioms which returns true when the set of quantified constraints q is satisfied by the valuation given bysuper_get and string_refinementt::instantiate which gives propositional formulas implied by a string constraint. If the following algorithm returns SAT or UNSAT, the given constraints are SAT or UNSAT respectively:

{
cur <- uq;
while(limit--) > 0
{
if(super_dec_solve(cur)==SAT)
{
else
for(axiom in q)
cur.add(instantiate(axiom));
return SAT;
}
else
return UNSAT;
}
return ERROR;
}
ait supplies three of the four components needed: an abstract interpreter (in this case handling func...
Definition ai.h:566
exprt instantiate(const string_constraintt &axiom, const exprt &str, const exprt &val)
Instantiates a string constraint by substituting the quantifiers.
static std::pair< bool, std::vector< exprt > > check_axioms(const string_axiomst &axioms, string_constraint_generatort &generator, const std::function< exprt(const exprt &)> &get, messaget::mstreamt &stream, const namespacet &ns, bool use_counter_example, const union_find_replacet &symbol_resolve, const std::unordered_map< string_not_contains_constraintt, symbol_exprt > &not_contain_witnesses)
Check axioms takes the model given by the underlying solver and answers whether it satisfies the stri...
Returns
resultt::D_SATISFIABLE if the constraints are satisfiable, resultt::D_UNSATISFIABLE if they are unsatisfiable, resultt::D_ERROR if the limit of iteration was reached.

Reimplemented from bv_refinementt.

Definition at line 615 of file string_refinement.cpp.

◆  decision_procedure_text()

std::string string_refinementt::decision_procedure_text ( ) const
inlineoverridevirtual

Return a textual description of the decision procedure.

Reimplemented from bv_refinementt.

Definition at line 80 of file string_refinement.h.

◆  get()

exprt string_refinementt::get ( const exprtexpr ) const
overridevirtual

Evaluates the given expression in the valuation found by string_refinementt::dec_solve.

Arrays of characters are interpreted differently from the result of supert::get: values are propagated to the left to fill unknown.

Parameters
expr an expression
Returns
evaluated expression

Reimplemented from boolbvt.

Definition at line 1830 of file string_refinement.cpp.

◆  set_to()

void string_refinementt::set_to ( const exprtexpr,
bool  value 
)
overridevirtual

Record the constraints to ensure that the expression is true when the boolean is true and false otherwise.

Parameters
expr an expression of type bool
value the boolean value to set it to

Reimplemented from boolbvt.

Definition at line 283 of file string_refinement.cpp.

Friends And Related Symbol Documentation

◆  instantiate_not_contains()

std::vector< exprt > instantiate_not_contains ( const string_not_contains_constrainttaxiom,
const std::set< std::pair< exprt, exprt > > &  index_pairs,
const std::unordered_map< string_not_contains_constraintt, symbol_exprt > &  witnesses 
)
related

Instantiates a quantified formula representing not_contains by substituting the quantifiers and generating axioms.

Parameters
[in] axiom the axiom to instantiate
[in] index_pairs pair of indexes for axiom.s0()and axiom.s1()
[in] witnesses axiom's witnesses for non containment
Returns
the lemmas produced through instantiation

Definition at line 203 of file string_constraint_instantiation.cpp.

Member Data Documentation

◆  axioms

string_axiomst string_refinementt::axioms
private

Definition at line 104 of file string_refinement.h.

◆  config_

const configt string_refinementt::config_
private

Definition at line 97 of file string_refinement.h.

◆  current_constraints

std::vector<exprt> string_refinementt::current_constraints
private

Definition at line 107 of file string_refinement.h.

◆  dependencies

string_dependenciest string_refinementt::dependencies
private

Definition at line 117 of file string_refinement.h.

◆  equations

std::vector<exprt> string_refinementt::equations
private

Definition at line 115 of file string_refinement.h.

◆  generator

string_constraint_generatort string_refinementt::generator
private

Definition at line 99 of file string_refinement.h.

◆  index_sets

index_set_pairt string_refinementt::index_sets
private

Definition at line 112 of file string_refinement.h.

◆  loop_bound_

std::size_t string_refinementt::loop_bound_
private

Definition at line 98 of file string_refinement.h.

◆  seen_instances

std::set<exprt> string_refinementt::seen_instances
private

Definition at line 102 of file string_refinement.h.

◆  symbol_resolve

union_find_replacet string_refinementt::symbol_resolve
private

Definition at line 113 of file string_refinement.h.


The documentation for this class was generated from the following files:

AltStyle によって変換されたページ (->オリジナル) /