State type in value_set_domaint, used in value-set analysis and goto-symex. More...
#include <value_set.h>
!offset. exprt instances) with corresponding offsets (offsett instances). object_map_dt, such that multiple instructions' value_sett instances can share them. object_map_dt element object_number -> offset into an object_descriptor_exprt with .object() == object_numbering.at(object_number) and .offset() == offset. dest to match an existing element it from a different map. n was inserted into map dest with offset offset – the possibilities being, nothing (the entry is already present), a new entry would be inserted (no existing entry with number n was found), or an existing entry's offset would be reset (indicating there is already an entry with number n, but with differing offset). expr, including following dereference operators (i.e. lhs := rhs against it. expr may refer to, according to this value set. pointer_offset_exprt expressions in expr to constant integers using this value-set's information. index by erasing any values listed in values_to_erase. expr, including making recursive lookups for dereference operations etc. get_reference_set. dest to src with any wrapping typecasts removed. State type in value_set_domaint, used in value-set analysis and goto-symex.
Represents a mapping from expressions to the addresses that may be stored there; for example, a global that is either null or points to a heap-allocated object, which itself has two fields, one pointing to another heap object and the other having unknown target, would be represented:
global_x -> { null, <dynamic_object1, 0> }
dynamic_object1.field1 -> { <dynamic_object2, 0> }
dynamic_object1.field2 -> { * (unknown) }
LHS expressions can be either symbols or fields thereof, and are stored as strings; RHS expressions may be symbols, dynamic objects, integer addresses (as in (int*)0x1234) or unknown (printed as *), and are stored as pairs of an exprt and an optional offset if known (0 for both dynamic objects in the example given above). RHS expressions are represented using numbering to avoid storing redundant duplicate expressions.
Definition at line 42 of file value_set.h.
Represents a set of expressions (exprt instances) with corresponding offsets (offsett instances).
This is the RHS set of a single row of the enclosing value_sett , such as { null, dynamic_object1 }. The set is represented as a map from numbered exprts to offsett instead of a set of pairs to make lookup by exprt easier.
Definition at line 87 of file value_set.h.
Reference-counts instances of object_map_dt, such that multiple instructions' value_sett instances can share them.
For example, if we have a pair of instructions with value-sets:
x = new A;
x -> { dynamic_object1 }
y = new B;
x -> { dynamic_object1 }
y -> { dynamic_object2 }
Then the set { dynamic_object1 }, represented by an object_map_dt, can be shared between the two value_sett instances.
Definition at line 109 of file value_set.h.
Represents the offset into an object: either some (possibly constant) expression, or an unknown value, represented by !offset.
Definition at line 80 of file value_set.h.
Map representing the entire value set, mapping from string LHS IDs to RHS expression sets.
Note this data structure is somewhat denormalized, for example mapping
dynamic_object1.field2 ->
entryt {
.identifier = dynamic_object1,
.suffix = .field2,
.object_map = ...
}
The components of the ID are thus duplicated in the valuest key and in entryt fields.
Definition at line 230 of file value_set.h.
| Enumerator | |
|---|---|
| INSERT | |
| RESET_OFFSET | |
| NONE | |
Definition at line 154 of file value_set.h.
Definition at line 45 of file value_set.h.
Definition at line 49 of file value_set.h.
Subclass customisation point to filter or otherwise alter the value-set returned from get_value_set before it is passed into assign.
For example, this is used in one subclass to tag and thus differentiate values that originated in a particular place, vs. those that have been copied.
Definition at line 499 of file value_set.h.
Subclass customisation point to apply global side-effects to this domain, after RHS values are read but before they are written.
For example, this is used in a recency-analysis plugin to demote existing most-recent objects to general case ones.
Definition at line 513 of file value_set.h.
Transforms this value-set by executing a given statement against it.
For example, assignment statements will update valuest by reading the value-set corresponding to their right-hand side and assigning it to their LHS.
Definition at line 323 of file value_set.h.
Subclass customisation point for applying code to this domain:
Definition at line 1845 of file value_set.cpp.
Transforms this value-set by executing executing the assignment lhs := rhs against it.
simplify will be used to simplify RHS and LHS before execution. If you know they are already simplified, set this to save a little time. lhs may internally prevent a strong assignment, as in x == y ? z : w := a, where either y or z MAY, but not MUST, be overwritten. Definition at line 1499 of file value_set.cpp.
Subclass customisation point for recursion over LHS expression:
Do not take a reference to object_numbering's storage as we may call object_numbering.number(), which may reallocate it.
Definition at line 1654 of file value_set.cpp.
Definition at line 240 of file value_set.h.
Sets dest to src with any wrapping typecasts removed.
Definition at line 1307 of file value_set.cpp.
Transforms this value-set by assigning this function's return value to a given LHS expression.
Note this has no effect if remove_returns has been run, in which case returns are explicitly passed via global variables named function_name#return_value and are handled via the usual apply_code path.
Definition at line 1833 of file value_set.cpp.
Transforms this value-set by executing the actual -> formal parameter assignments for a particular callee.
For example, for function f(int* x, void* y) and call f(&g, &h) this would execute assignments x := &g and y := &h.
Definition at line 1787 of file value_set.cpp.
Definition at line 2032 of file value_set.cpp.
Definition at line 2070 of file value_set.cpp.
Definition at line 2052 of file value_set.cpp.
Update the entry stored at index by erasing any values listed in values_to_erase.
Definition at line 1997 of file value_set.cpp.
Tries to resolve any pointer_offset_exprt expressions in expr to constant integers using this value-set's information.
For example, if expr contained POINTER_OFFSET(y), and this value set indicates y points to object z offset 4, then the expression will be replaced by constant 4. If we don't know where y points, or it may point to multiple distinct offsets, then the expression will be left alone.
Definition at line 335 of file value_set.cpp.
Determines whether an identifier of a given type should have its fields distinguished.
Virtual so that subclasses can override this behaviour.
Definition at line 43 of file value_set.cpp.
Finds an entry in this value-set.
The interface differs from update_entry because get_value_set_rec wants to check for a struct's first component before stripping the suffix as is done in update_entry.
Definition at line 55 of file value_set.cpp.
Get the index of the symbol and suffix.
type if it is a struct tag type or a union tag type nullopt. Definition at line 451 of file value_set.cpp.
Determines what would happen if object number n was inserted into map dest with offset offset – the possibilities being, nothing (the entry is already present), a new entry would be inserted (no existing entry with number n was found), or an existing entry's offset would be reset (indicating there is already an entry with number n, but with differing offset).
Definition at line 100 of file value_set.cpp.
See the other overload of get_reference_set.
This one returns object numbers and offsets instead of expressions.
Definition at line 433 of file value_set.h.
Gets the set of expressions that expr may refer to, according to this value set.
Note the contrast with get_value_set: if x holds a pointer to y, then get_value_set(x) includes y while get_reference_set(x) returns { x }.
Definition at line 1322 of file value_set.cpp.
See get_reference_set.
Definition at line 1337 of file value_set.cpp.
Gets values pointed to by expr, including following dereference operators (i.e.
this is not a simple lookup in valuest).
expr may point to. These expressions are object_descriptor_exprt or have id ID_invalid or ID_unknown. Definition at line 390 of file value_set.cpp.
Reads the set of objects pointed to by expr, including making recursive lookups for dereference operations etc.
expr before reading. Definition at line 397 of file value_set.cpp.
Subclass customisation point for recursion over RHS expression.
expr. expr includes a non-deterministic value, and the caller may want to expand dest to reflect this. expr when starting the recursion. Do not take a reference to object_numbering's storage as we may call object_numbering.number(), which may reallocate it.
Definition at line 505 of file value_set.cpp.
Transforms this value-set by assuming an expression holds.
Currently this can only mark dynamic objects valid; all other assumptions are ignored.
Definition at line 1965 of file value_set.cpp.
Adds an expression and offset to an object map.
If the destination map has an existing element for the same expression with a differing offset its offset is marked unknown.
expr (may be unknown). Definition at line 178 of file value_set.h.
Adds an expression to an object map, with unknown offset.
If the destination map has an existing element for the same expression its offset is marked unknown.
Definition at line 137 of file value_set.h.
Merges an existing element into an object map.
If the destination map has an existing element for the same expression with a different offset its offset is marked unknown (so e.g. x -> 0 and x -> 1 merge into x -> ?).
Definition at line 127 of file value_set.h.
Adds a numbered expression and offset to an object map.
If the destination map has an existing element for the same expression with a differing offset its offset is marked unknown.
object_numbering. n (may be unknown). Definition at line 120 of file value_set.cpp.
Merges an entire existing value_sett's data into this one.
Definition at line 303 of file value_set.h.
Merges an entire existing value_sett's data into this one.
Definition at line 270 of file value_set.cpp.
Merges two RHS expression sets.
Definition at line 320 of file value_set.cpp.
Determines whether merging two RHS expression sets would cause any change.
Definition at line 302 of file value_set.cpp.
Definition at line 60 of file value_set.h.
Pretty-print this value-set.
Definition at line 138 of file value_set.cpp.
Output the value set formatted as XML.
Definition at line 217 of file value_set.cpp.
Sets an element in object map dest to match an existing element it from a different map.
Any existing element for the same exprt is overwritten.
Definition at line 116 of file value_set.h.
Converts an object_map_dt element object_number -> offset into an object_descriptor_exprt with .object() == object_numbering.at(object_number) and .offset() == offset.
Definition at line 250 of file value_set.cpp.
Adds or replaces an entry in this value-set.
id and suffix fields will be used to find a corresponding entry; if a fresh entry is created its object_map (RHS value set) will be merged with or replaced by new_values, depending on the value of add_to_sets. If an entry already exists, the object map of e is ignored. e.identifier, used to determine whether e's suffix should be used to find a field-sensitive value-set or whether a single entry should be shared by all of symbol e.identifier. new_values instead of replacing the existing values. Definition at line 61 of file value_set.cpp.
Definition at line 40 of file value_set.h.
Matches the location_number field of the instruction that corresponds to this value_sett instance in value_set_domaint's state map.
Definition at line 72 of file value_set.h.
Global shared object numbering, used to abbreviate expressions stored in value sets.
Definition at line 76 of file value_set.h.
Stores the LHS ID -> RHS expression set map.
See valuest documentation for more detail.
Definition at line 281 of file value_set.h.