1/*******************************************************************\
5Author: Martin Brain, martin.brain@cs.ox.ac.uk
7\*******************************************************************/
30 return "FAILURE (if reachable)";
32 return "SUCCESS (unreachable)";
52 {
"unknownHistories", unknown_json},
63 // DEPRECATED(SINCE(2020, 12, 2, "Remove and use the structured version"));
64 // Unstructured partial output of source location is not great...
71 // ( get_comment is not output as part of xml(source_location) )
120 // If there are multiple, distinct histories that reach the same location
121 // we can get better results by checking with each individually rather
122 // than merging all of them and doing one check.
127 if(
trace_set.size() == 0)
// i.e. unreachable
147 // Multiple traces, verify against each one
182 // If any trace is unknown, the final result must be unknown
189 // Definitely true; the only question is how
192 // Definitely not reachable
195 "All traces must not reach the assertion");
200 // At least one trace (may) reach it.
201 // All traces that reach it are safe.
207 // At lease one trace (may) reach it and it is false on that trace
210 // All traces that (may) reach it are false
215 // The awkward case, there are traces that (may) reach it and
216 // some are true, some are false. It is not entirely fair to say
217 // "FAILURE (if reachable)" because it's a bit more complex than
218 // that, and so the best we can say is UNKNOWN.
235 // this is mutable because we want to change the property status
247 // if the condition simplifies to true the assertion always succeeds
251 // if the condition simplifies to false the assertion always fails
255 // if the domain state is bottom then the assertion is definitely
260 // if the condition isn't definitely true, false or unreachable
261 // we don't know whether or not it may fail
271 const std::vector<static_verifier_resultt> &
results,
284 const std::vector<static_verifier_resultt> &
results,
291 for(
const auto &result :
results)
298 const std::vector<static_verifier_resultt> &
results,
304 for(
const auto &result :
results)
312 out <<
"******** Function " << symbol.display_name() <<
'\n';
315 out <<
'[' << result.source_location.get_property_id() <<
']' <<
' ';
317 out << result.source_location;
319 if(!result.source_location.get_comment().empty())
320 out <<
", " << result.source_location.get_comment();
322 out <<
": " <<
as_string(result.status) <<
'\n';
327 const std::vector<static_verifier_resultt> &
results,
334 for(
const auto &result :
results)
346 if(!symbol.location.get_line().empty())
347 m.
status() <<
':' << symbol.location.get_line();
352 << result.source_location.get_property_id() <<
']'
356 !result.source_location.get_file().empty() &&
362 if(!result.source_location.get_line().empty())
365 if(!result.source_location.get_comment().empty())
370 switch(result.status)
410 std::size_t
pass = 0,
fail = 0, unknown = 0;
417 std::vector<static_verifier_resultt>
results;
421 const auto &symbol = ns.
lookup(f.first);
425 if(!f.second.body.has_assertion())
430 if(!
i_it->is_assert())
473 <<
" fail if reachable, " << unknown <<
" unknown" << m.
reset
Abstract interface to eager or lazy GOTO models.
This is the basic interface of the abstract interpreter with default implementations of the core func...
virtual ctrace_set_ptrt abstract_traces_before(locationt l) const
Returns all of the histories that have reached the start of the instruction.
virtual cstate_ptrt abstract_state_before(locationt l) const
Get a copy of the abstract state before the given instruction, without needing to know what kind of d...
virtual xmlt output_xml(const namespacet &ns, const irep_idt &function_id, const goto_programt &goto_program) const
Output the abstract states for a single function as XML.
virtual jsont output_json(const namespacet &ns, const irep_idt &function_id, const goto_programt &goto_program) const
Output the abstract states for a single function as JSON.
The interface offered by a domain, allows code to manipulate domains without knowing their exact type...
virtual bool is_bottom() const =0
virtual bool ai_simplify(exprt &condition, const namespacet &) const
also add
ait supplies three of the four components needed: an abstract interpreter (in this case handling func...
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Base class for all expressions.
function_mapt function_map
symbol_tablet symbol_table
Symbol table.
goto_functionst goto_functions
GOTO functions.
instructionst::const_iterator const_targett
jsont & push_back(const jsont &json)
source_locationt source_location
Class that provides messages with a built-in verbosity 'level'.
static const commandt yellow
render text with yellow foreground color
static const commandt reset
return to default formatting, as defined by the terminal
static const commandt green
render text with green foreground color
static const commandt faint
render text with faint font
mstreamt & progress() const
static const commandt bold
render text with bold font
static const commandt underline
render underlined text
mstreamt & result() const
static const commandt red
render text with red foreground color
mstreamt & status() const
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
bool lookup(const irep_idt &name, const symbolt *&symbol) const override
See documentation for namespace_baset::lookup().
bool get_bool_option(const std::string &option) const
const irep_idt & get_file() const
const irep_idt & get_line() const
const irep_idt & get_comment() const
The result of verifying a single assertion As well as the status of the assertion (see above),...
ai_verifier_statust status
static_verifier_resultt(const ai_baset &ai, goto_programt::const_targett assert_location, irep_idt func_id, const namespacet &ns)
jsont output_json(void) const
source_locationt source_location
ai_history_baset::trace_sett unknown_histories
ai_history_baset::trace_sett false_histories
xmlt output_xml(void) const
xmlt & new_element(const std::string &key)
void set_attribute(const std::string &attribute, unsigned value)
#define forall_goto_program_instructions(it, program)
const std::string & id2string(const irep_idt &d)
static void json(json_objectT &result, const irep_idt &property_id, const property_infot &property_info)
xmlt xml(const irep_idt &property_id, const property_infot &property_info)
@ UNKNOWN
The checker was unable to determine the status of the property.
@ NOT_REACHABLE
The property was proven to be unreachable.
@ PASS
The property was not violated.
@ FAIL
The property was violated.
std::map< irep_idt, property_infot > propertiest
A map of property IDs to property infos.
Ranges: pair of begin and end iterators, which can be initialized from containers,...
ranget< iteratort > make_range(iteratort begin, iteratort end)
#define UNREACHABLE
This should be used to mark dead code.
#define PRECONDITION(CONDITION)
#define INVARIANT(CONDITION, REASON)
This macro uses the wrapper function 'invariant_violated_string'.
std::string as_string(const ai_verifier_statust &status)
Makes a status message string from a status.
static void static_verifier_console(const std::vector< static_verifier_resultt > &results, const namespacet &ns, messaget &m)
static void static_verifier_xml(const std::vector< static_verifier_resultt > &results, messaget &m, std::ostream &out)
static ai_verifier_statust check_assertion(const ai_domain_baset &domain, exprt e, const namespacet &ns)
void static_verifier(const abstract_goto_modelt &abstract_goto_model, const ai_baset &ai, propertiest &properties)
Use the information from the abstract interpreter to fill out the statuses of the passed properties.
static void static_verifier_text(const std::vector< static_verifier_resultt > &results, const namespacet &ns, std::ostream &out)
static void static_verifier_json(const std::vector< static_verifier_resultt > &results, messaget &m, std::ostream &out)
std::string as_string(const ai_verifier_statust &)
Makes a status message string from a status.
ai_verifier_statust
An ai_baset contains zero or more histories that reach a location.