1616#include < util/arith_tools.h>
1717#include < util/pointer_offset_size.h>
1818#include < util/msgstream.h>
19+ #include < util/std_expr.h>
20+
21+ const c_bool_typet &get_shadow_variable_type ()
22+ {
23+ static c_bool_typet type (8 );
24+ return type;
25+ }
26+
27+ const irep_idt &get_shadow_variable_type_id ()
28+ {
29+ return ID_c_bool;
30+ }
31+
32+ const constant_exprt &get_shadow_variable_value_true ()
33+ {
34+ static constant_exprt value = from_integer (1 , get_shadow_variable_type ());
35+ return value;
36+ }
37+
38+ const constant_exprt &get_shadow_variable_value_false ()
39+ {
40+ static constant_exprt value = from_integer (0 , get_shadow_variable_type ());
41+ return value;
42+ }
1943
2044const std::string &taint_prefix_of_instrumented_variable ()
2145{
@@ -132,10 +156,10 @@ exprt make_or_update_initialiser(
132156 {
133157 if (names_of_shadow_variables.count (as_string (component.get_name ()))!=0UL )
134158 {
135- INVARIANT (component.type ().id ()==ID_bool,
159+ INVARIANT (
160+ component.type ().id ()==get_shadow_variable_type_id (),
136161 " Shadow variables must be bool-typed."
137- fixed_initialiser.copy_to_operands (
138- constant_exprt (ID_false, bool_typet ()));
162+ fixed_initialiser.copy_to_operands (get_shadow_variable_value_false ());
139163 }
140164 else
141165 {
@@ -188,14 +212,12 @@ static void get_access_paths_to_shadow_vars(
188212 const struct_typet struc=to_struct_type (expr.type ());
189213 for (const struct_union_typet::componentt &member : struc.components ())
190214 {
191- if (member.type ().id ()==ID_bool )
215+ if (member.type ().id () == get_shadow_variable_type_id () )
192216 {
193217 if (names_of_shadow_variables.count (as_string (member.get_name ()))!=0UL )
194218 {
195- access_paths.insert (member_exprt (
196- expr,
197- member.get_name (),
198- bool_typet ()));
219+ access_paths.insert (
220+ member_exprt (expr, member.get_name (), get_shadow_variable_type ()));
199221 }
200222 }
201223 else if (member.type ().id ()==ID_struct)
@@ -438,13 +460,15 @@ exprt taint_instrumentert::drive_access_path_through_super_classes(
438460 component.get_name ())
439461 )
440462 {
441- struct_expr.operands ().push_back (member_exprt (
442- uncast_access_path, component.get_name (), bool_typet ()));
463+ struct_expr.operands ().push_back (
464+ member_exprt (
465+ uncast_access_path,
466+ component.get_name (),
467+ get_shadow_variable_type ()));
443468 }
444469 else
445470 {
446- struct_expr.operands ().push_back (
447- constant_exprt (ID_false, bool_typet ()));
471+ struct_expr.operands ().push_back (get_shadow_variable_value_false ());
448472 }
449473 }
450474 }
@@ -573,9 +597,8 @@ void taint_instrumentert::instrument_instructions_with_shadow_variables(
573597 for (const exprt &access_path : access_paths)
574598 {
575599 auto iit=instrumentation_code.add_instruction (ASSIGN);
576- iit->code =code_assignt (
577- access_path,
578- constant_exprt (ID_false, typet (ID_bool)));
600+ iit->code =
601+ code_assignt (access_path, get_shadow_variable_value_false ());
579602 iit->function =instr_it->function ;
580603 }
581604
@@ -667,7 +690,8 @@ void taint_instrumentert::instrument_instructions_with_shadow_variables(
667690 if (shadows.count (as_string (component.get_name ())))
668691 {
669692 member_exprt shadow_member (code_decl.symbol (), component);
670- code_assignt init_member (shadow_member, false_exprt ());
693+ code_assignt init_member (
694+ shadow_member, get_shadow_variable_value_false ());
671695 auto new_instruction=
672696 program_to_be_instrumented.insert_after (instr_it);
673697 new_instruction->make_assignment (init_member);
@@ -843,8 +867,8 @@ void taint_instrumentert::run()
843867 for (const auto &tid_var : from_tokens_to_vars)
844868 {
845869 symbolt symbol;
846- symbol.type = typet (ID_bool );
847- symbol.value = constant_exprt (ID_false, typet (ID_bool) );
870+ symbol.type = get_shadow_variable_type ( );
871+ symbol.value = get_shadow_variable_value_false ( );
848872 symbol.location =source_locationt ();
849873 symbol.name =tid_var.second ;
850874 symbol.module =" "
@@ -936,7 +960,7 @@ void taint_instrumentert::instrument_data_types(
936960 components.push_back (base_component);
937961 for (const auto &var : vars)
938962 {
939- struct_typet::componentt component (var, bool_typet ());
963+ struct_typet::componentt component (var, get_shadow_variable_type ());
940964 component.set_base_name (var);
941965 component.set_pretty_name (var);
942966 components.push_back (component);
@@ -981,7 +1005,8 @@ void taint_instrumentert::instrument_data_types(
9811005 {
9821006 if (!struct_type.has_component (var))
9831007 {
984- components.push_back (struct_typet::componentt{var, bool_typet ()});
1008+ components.push_back (
1009+ struct_typet::componentt{var, get_shadow_variable_type ()});
9851010 components.back ().set_pretty_name (var);
9861011 components.back ().set_access (ID_public);
9871012 }
@@ -1061,8 +1086,8 @@ static exprt make_accessor_expression_to_shadow_variable(
10611086 const struct_typet &struct_type = to_struct_type (type);
10621087 if (struct_type.has_component (shadow_variable_name))
10631088 {
1064- access_path =
1065- member_exprt ( access_path, shadow_variable_name, bool_typet ());
1089+ access_path = member_exprt (
1090+ access_path, shadow_variable_name, get_shadow_variable_type ());
10661091 break ;
10671092 }
10681093 const struct_typet::componentst &components = struct_type.components ();
@@ -1126,10 +1151,12 @@ void taint_instrumentert::instrument_location(
11261151 fn_call,
11271152 assumption.get_argidx (),
11281153 instrumented_symbol_table);
1129- const exprt proposition = make_accessor_expression_to_shadow_variable (
1130- acc_path,
1131- from_tokens_to_vars.at (assumption.get_token_name ()),
1132- instrumented_symbol_table);
1154+ const exprt proposition = equal_exprt (
1155+ make_accessor_expression_to_shadow_variable (
1156+ acc_path,
1157+ from_tokens_to_vars.at (assumption.get_token_name ()),
1158+ instrumented_symbol_table),
1159+ get_shadow_variable_value_true ());
11331160 conjuncts.push_back (proposition);
11341161 }
11351162 auto iit=instrumentation_code.add_instruction ();
@@ -1143,10 +1170,10 @@ void taint_instrumentert::instrument_location(
11431170 {
11441171 static void make_assignments_to_shadow_variables (
11451172 const std::vector<argidx_and_tokennamet> &args_and_tokens,
1146- const irep_idt bool_state_name ,
1173+ const constant_exprt &bool_value ,
11471174 const symbol_tablet &symbol_table,
1148- const std::map<taint_tokent::namet, automaton_variable_idt> &
1149- from_tokens_to_vars,
1175+ const std::map<taint_tokent::namet, automaton_variable_idt>
1176+ & from_tokens_to_vars,
11501177 const code_function_callt &fn_call,
11511178 const irep_idt function_id,
11521179 goto_programt &instrumentation_code)
@@ -1162,22 +1189,22 @@ void taint_instrumentert::instrument_location(
11621189 acc_path,
11631190 from_tokens_to_vars.at (arg_token.get_token_name ()),
11641191 symbol_table),
1165- constant_exprt (bool_state_name, typet (ID_bool)) );
1192+ bool_value );
11661193 iit->function =function_id;
11671194 }
11681195 }
11691196 };
11701197 localt::make_assignments_to_shadow_variables (
11711198 loc.get_turn_on (),
1172- ID_true ,
1199+ get_shadow_variable_value_true () ,
11731200 get_instrumented_symbol_table (),
11741201 get_from_tokens_to_vars (),
11751202 fn_call,
11761203 loc.get_function_id (),
11771204 instrumentation_code);
11781205 localt::make_assignments_to_shadow_variables (
11791206 loc.get_turn_off (),
1180- ID_false ,
1207+ get_shadow_variable_value_false () ,
11811208 get_instrumented_symbol_table (),
11821209 get_from_tokens_to_vars (),
11831210 fn_call,
@@ -1216,15 +1243,20 @@ void taint_instrumentert::instrument_location_data_flow_insensitive(
12161243 // Here we build GOTO instruction guarded by a negated conjunction of
12171244 // state variables, forming propositions of the assumption.
12181245 exprt cond=
1219- symbol_exprt (
1220- from_tokens_to_vars.at (loc.get_assumption ().front ().get_token_name ()),
1221- typet (ID_bool));
1246+ equal_exprt (
1247+ symbol_exprt (
1248+ from_tokens_to_vars.at (loc.get_assumption ().front ().get_token_name ()),
1249+ get_shadow_variable_type ()),
1250+ get_shadow_variable_value_true ());
12221251 for (auto it=std::next (loc.get_assumption ().cbegin ());
12231252 it!=loc.get_assumption ().cend ();
12241253 ++it)
1225- cond=and_exprt (cond,
1226- symbol_exprt (from_tokens_to_vars.at (it->get_token_name ()),
1227- typet (ID_bool)));
1254+ cond = and_exprt (
1255+ cond,
1256+ equal_exprt (
1257+ symbol_exprt (from_tokens_to_vars.at (it->get_token_name ()),
1258+ get_shadow_variable_type ()),
1259+ get_shadow_variable_value_true ()));
12281260 auto iit=instrumentation_code.add_instruction ();
12291261 iit->make_goto (instrumention_tail_instruction, not_exprt (cond));
12301262 iit->function =loc.get_function_id ();
@@ -1233,22 +1265,22 @@ void taint_instrumentert::instrument_location_data_flow_insensitive(
12331265 for (const auto &arg_token : loc.get_turn_on ())
12341266 {
12351267 auto iit=instrumentation_code.add_instruction (ASSIGN);
1236- iit->code = code_assignt (
1268+ iit->code = code_assignt (
12371269 symbol_exprt (
12381270 from_tokens_to_vars.at (arg_token.get_token_name ()),
1239- typet (ID_bool )),
1240- constant_exprt (ID_true, typet (ID_bool) ));
1271+ get_shadow_variable_type ( )),
1272+ get_shadow_variable_value_true ( ));
12411273 iit->function =loc.get_function_id ();
12421274 }
12431275 // Now we instrument "turn off" assignments of state variables.
12441276 for (const auto &arg_token : loc.get_turn_off ())
12451277 {
12461278 auto iit=instrumentation_code.add_instruction (ASSIGN);
1247- iit->code = code_assignt (
1279+ iit->code = code_assignt (
12481280 symbol_exprt (
12491281 from_tokens_to_vars.at (arg_token.get_token_name ()),
1250- typet (ID_bool )),
1251- constant_exprt (ID_false, typet (ID_bool) ));
1282+ get_shadow_variable_type ( )),
1283+ get_shadow_variable_value_false ( ));
12521284 iit->function =loc.get_function_id ();
12531285 }
12541286 if (props.get_sinks ().count (lid))
0 commit comments