Symex Shadow Memory Instrumentation Utilities. More...
#include "shadow_memory_util.h"#include <util/arith_tools.h>#include <util/bitvector_expr.h>#include <util/byte_operators.h>#include <util/c_types.h>#include <util/config.h>#include <util/format_expr.h>#include <util/invariant.h>#include <util/namespace.h>#include <util/pointer_offset_size.h>#include <util/simplify_expr.h>#include <util/ssa_expr.h>#include <util/std_expr.h>#include <util/string_constant.h>#include <langapi/language_util.h>#include <pointer-analysis/value_set_dereference.h>#include <solvers/flattening/boolbv_width.h>Go to the source code of this file.
dereference_exprt unless it is an address_of_exprt in which case it just unboxes it and returns its content. expr_iterator with the following elements of the collection (or nil_exprt if none) and return a pair (condition, element) such that if the condition is true, then the element is the max of the collection in the interval denoted by expr_iterator and end. values pointer_type(array_type(element_type)) to pointer_type(element_type) and pointer_type(string_constant_type) to pointer_type(char). (condition, value) pairs for a certain pointer from the shadow memory, where each pair denotes the value of the pointer expression if the condition evaluates to true. NULL pointer expression of the same type of expr. Symex Shadow Memory Instrumentation Utilities.
Definition in file shadow_memory_util.cpp.
Flattens type of the form pointer_type(array_type(element_type)) to pointer_type(element_type) and pointer_type(string_constant_type) to pointer_type(char).
type will be changed. Definition at line 705 of file shadow_memory_util.cpp.
Checks given types (object type and shadow memory field type) for equality.
We're inspecting only pointer types here - if the two types given are not pointer types, then we assume it to be vacuously true.
Definition at line 659 of file shadow_memory_util.cpp.
Build an if-then-else chain from a vector containing pairs of expressions.
e1 is going to be used as an antecedent for an if_expr, and e2 is going to be used as the consequent. if e1 then e2 else if e3 then e4 else ... false. Definition at line 632 of file shadow_memory_util.cpp.
Checks if value_set contains only a NULL pointer expression of the same type of expr.
NULL pointer true if value_set contains only a NULL pointer expression Definition at line 1028 of file shadow_memory_util.cpp.
Clean the given pointer expression so that it has the right shape for being used for identifying shadow memory.
This handles some quirks regarding array sizes containing L2 symbols and string constants not having char-pointer type.
Definition at line 253 of file shadow_memory_util.cpp.
Simplify &string_constant[0] to &string_constant to facilitate expression equality for exact matching.
Definition at line 690 of file shadow_memory_util.cpp.
Combine each (condition, value) element in the input collection into a if-then-else expression such as (cond_1 ? val_1 : (cond_2 ? val_2 : ... : val_n))
Definition at line 557 of file shadow_memory_util.cpp.
Create an expression comparing the element at expr_iterator with the following elements of the collection (or nil_exprt if none) and return a pair (condition, element) such that if the condition is true, then the element is the max of the collection in the interval denoted by expr_iterator and end.
Definition at line 524 of file shadow_memory_util.cpp.
Performs aggregation of the shadow memory field value over multiple cells for fields whose type is a signed/unsigned bitvector (where the value is arbitrary up until the max represented by the bitvector size).
Definition at line 601 of file shadow_memory_util.cpp.
Performs aggregation of the shadow memory field value over multiple bytes for fields whose type is _Bool.
c_bool or bool) true if the expression expr is part of a union. or byte-sized value contained in expr Definition at line 440 of file shadow_memory_util.cpp.
Casts a given (float) bitvector expression to an unsigned bitvector.
id otherwise. Definition at line 348 of file shadow_memory_util.cpp.
Given a pointer expression check to see if it can be a null pointer or an invalid object within value_set.
Definition at line 319 of file shadow_memory_util.cpp.
Create an expression encoding the max operation over the collection values
exprt that encodes the max of values exprt encoding the max operation over the collection values Definition at line 587 of file shadow_memory_util.cpp.
Wraps a given expression into a dereference_exprt unless it is an address_of_exprt in which case it just unboxes it and returns its content.
Definition at line 243 of file shadow_memory_util.cpp.
Extract byte-sized elements from the input bitvector-typed expression value and places them into the array values.
Definition at line 367 of file shadow_memory_util.cpp.
Extract the components from the input expression value and places them into the array values.
Definition at line 396 of file shadow_memory_util.cpp.
Extracts the field name identifier from a string expression, e.g.
as passed as argument to a __CPROVER_field_decl_local call.
Definition at line 213 of file shadow_memory_util.cpp.
Retrieve the expression that a field was initialised with within a given symex state.
Definition at line 300 of file shadow_memory_util.cpp.
Retrieves the type of the shadow memory by returning the type of the shadow memory initializer value.
Definition at line 313 of file shadow_memory_util.cpp.
Function that compares the two arguments shadowed_address and matched_base_address, simplifies the comparison expression and if the lhs and rhs are structurally identical returns true, otherwise returns the comparison.
Definition at line 730 of file shadow_memory_util.cpp.
Function that compares the two arguments dereference_pointer and expr, simplifies the comparison expression and if the lhs and rhs are structurally identical returns true, otherwise returns the comparison.
Definition at line 769 of file shadow_memory_util.cpp.
Retrieve the shadow value a pointer expression may point to.
valuet object denoting the dereferenced object within shadow memory, guarded by a appropriate condition (of the form pointer == &shadow_object). Definition at line 812 of file shadow_memory_util.cpp.
Get a list of (condition, value) pairs for a certain pointer from the shadow memory, where each pair denotes the value of the pointer expression if the condition evaluates to true.
Definition at line 851 of file shadow_memory_util.cpp.
Get shadow memory values for a given expression within a specified value set.
if e1 then e2 else (if e3 else e4... expression, where e1, e3, ... are guards (conditions) and e2, e4, etc are the possible values of the object within the value set. Definition at line 1141 of file shadow_memory_util.cpp.
Used for set_field and shadow memory copy.
Definition at line 1049 of file shadow_memory_util.cpp.
Definition at line 168 of file shadow_memory_util.cpp.
Definition at line 199 of file shadow_memory_util.cpp.
Generic logging function to log a text if DEBUG_SHADOW_MEMORY is defined.
Definition at line 161 of file shadow_memory_util.cpp.
Log trying out a match between an object and a (target) shadow address.
Definition at line 146 of file shadow_memory_util.cpp.
Definition at line 182 of file shadow_memory_util.cpp.
Log a match between an address and the value set.
This version of the function reports more details, including the base address, the pointer and the shadow value.
Definition at line 114 of file shadow_memory_util.cpp.
Definition at line 979 of file shadow_memory_util.cpp.
Translate a list of values into an or expression.
Used here in the implementation of aggregation of boolean-typed fields.
Definition at line 431 of file shadow_memory_util.cpp.
If the given type is an array type, then remove the L2 level renaming from its size.
Definition at line 234 of file shadow_memory_util.cpp.
Replace an invalid object by a null pointer.
Works recursively on the operands (child nodes) of the expression, as well.
Definition at line 281 of file shadow_memory_util.cpp.
Logs getting a value corresponding to a shadow memory field.
Mainly used for debugging purposes.
Definition at line 49 of file shadow_memory_util.cpp.
Logs setting a value to a given shadow field.
Mainly for use for debugging purposes.
Definition at line 32 of file shadow_memory_util.cpp.
Generic logging function that will log depending on the configured verbosity.
The log will be a specific message given to it, along with an expression passed along to it.
Definition at line 96 of file shadow_memory_util.cpp.
Logs the retrieval of the value associated with a given shadow memory field.
Mainly for use for debugging purposes. Dual to shadow_memory_log_get_field.
Definition at line 64 of file shadow_memory_util.cpp.