CONTRACTS: Add dfcc_dsl_contract_handlert class

Remi Delmas · Remi Delmas · commit 0255aa258552 · 2022-10-14T20:44:41.000Z
This class implements the abstract `dfcc_contract_handlert`
interface for DSL-style contracts by delegating to the class
`dfcc_dsl_wrapper_programt`.
diff --git a/src/goto-instrument/Makefile b/src/goto-instrument/Makefile
@@ -25,6 +25,7 @@ SRC = accelerate/accelerate.cpp \
       contracts/dynamic-frames/dfcc_spec_functions.cpp \
       contracts/dynamic-frames/dfcc_dsl_contract_functions.cpp \
       contracts/dynamic-frames/dfcc_dsl_wrapper_program.cpp \
+      contracts/dynamic-frames/dfcc_dsl_contract_handler.cpp \
       contracts/havoc_assigns_clause_targets.cpp \
       contracts/instrument_spec_assigns.cpp \
       contracts/memory_predicates.cpp \
diff --git a/src/goto-instrument/contracts/dynamic-frames/dfcc_dsl_contract_handler.cpp b/src/goto-instrument/contracts/dynamic-frames/dfcc_dsl_contract_handler.cpp
@@ -0,0 +1,210 @@
+/*******************************************************************\
+
+Module: Dynamic frame condition checking for function contracts
+
+Author: Remi Delmas, delmasrd@amazon.com
+Date: August 2022
+
+\*******************************************************************/
+
+#include "dfcc_dsl_contract_handler.h"
+
+#include <util/arith_tools.h>
+#include <util/c_types.h>
+#include <util/expr_util.h>
+#include <util/format_expr.h>
+#include <util/format_type.h>
+#include <util/fresh_symbol.h>
+#include <util/invariant.h>
+#include <util/mathematical_expr.h>
+#include <util/namespace.h>
+#include <util/pointer_offset_size.h>
+#include <util/std_expr.h>
+
+#include <goto-programs/goto_model.h>
+#include <goto-programs/remove_function_pointers.h>
+
+#include <ansi-c/c_expr.h>
+#include <goto-instrument/contracts/contracts.h>
+#include <goto-instrument/contracts/utils.h>
+#include <langapi/language_util.h>
+
+#include "dfcc_dsl_wrapper_program.h"
+#include "dfcc_instrument.h"
+#include "dfcc_library.h"
+#include "dfcc_spec_functions.h"
+#include "dfcc_utils.h"
+
+std::map<irep_idt, dfcc_dsl_contract_functionst>
+  dfcc_dsl_contract_handlert::contract_cache;
+
+dfcc_dsl_contract_handlert::dfcc_dsl_contract_handlert(
+  goto_modelt &goto_model,
+  messaget &log,
+  dfcc_utilst &utils,
+  dfcc_libraryt &library,
+  dfcc_instrumentt &instrument,
+  dfcc_spec_functionst &spec_functions)
+  : goto_model(goto_model),
+    log(log),
+    message_handler(log.get_message_handler()),
+    utils(utils),
+    library(library),
+    instrument(instrument),
+    spec_functions(spec_functions),
+    ns(goto_model.symbol_table)
+{
+}
+
+const dfcc_dsl_contract_functionst &
+dfcc_dsl_contract_handlert::get_contract_functions(const irep_idt &contract_id)
+{
+  auto found = dfcc_dsl_contract_handlert::contract_cache.find(contract_id);
+  if(found == dfcc_dsl_contract_handlert::contract_cache.end())
+  {
+    dfcc_dsl_contract_handlert::contract_cache.insert(
+      {contract_id,
+       dfcc_dsl_contract_functionst(
+         get_pure_contract_symbol(contract_id),
+         goto_model,
+         log,
+         utils,
+         library,
+         spec_functions)});
+  }
+  return dfcc_dsl_contract_handlert::contract_cache.at(contract_id);
+}
+
+const int
+dfcc_dsl_contract_handlert::get_assigns_clause_size(const irep_idt &contract_id)
+{
+  return get_contract_functions(contract_id).get_nof_assigns_targets();
+}
+
+void dfcc_dsl_contract_handlert::add_contract_instructions(
+  const dfcc_contract_modet contract_mode,
+  const irep_idt &wrapper_id,
+  const irep_idt &wrapped_id,
+  const irep_idt &contract_id,
+  const symbolt &wrapper_write_set_symbol,
+  goto_programt &dest,
+  std::set<irep_idt> &function_pointer_contracts)
+{
+  dfcc_dsl_wrapper_programt(
+    contract_mode,
+    utils.get_function_symbol(wrapper_id),
+    utils.get_function_symbol(wrapped_id),
+    get_contract_functions(contract_id),
+    wrapper_write_set_symbol,
+    goto_model,
+    log,
+    utils,
+    library,
+    instrument)
+    .add_to_dest(dest, function_pointer_contracts);
+}
+
+const symbolt *dfcc_dsl_contract_handlert::get_pure_contract_symbol_ptr(
+  const irep_idt &contract_id)
+{
+  const auto &contract_symbol = utils.get_function_symbol(contract_id);
+  const symbolt *pure_contract_symbol = nullptr;
+  auto pure_contract_id = "contract::" + id2string(contract_id);
+  if(!ns.lookup(pure_contract_id, pure_contract_symbol))
+  {
+    log.debug() << "contract_symbol: " << contract_symbol.name << messaget::eom;
+    log.debug() << contract_symbol.type.pretty() << messaget::eom;
+    log.debug() << "pure_contract_symbol: " << pure_contract_id
+                << messaget::eom;
+    log.debug() << pure_contract_symbol->type.pretty() << messaget::eom;
+
+    check_signature_compat(
+      contract_id,
+      to_code_type(contract_symbol.type),
+      pure_contract_id,
+      to_code_type(pure_contract_symbol->type));
+  }
+  else
+  {
+    // The contract symbol might not have been created if the function had
+    // no contract or a contract with all empty clauses (which is equivalent).
+    // in that case we create a fresh symbol again with empty clauses
+    symbolt new_symbol;
+    new_symbol.name = pure_contract_id;
+    new_symbol.base_name = pure_contract_id;
+    new_symbol.pretty_name = pure_contract_id;
+    new_symbol.is_property = true;
+    new_symbol.type = contract_symbol.type;
+    new_symbol.mode = contract_symbol.mode;
+    new_symbol.module = contract_symbol.module;
+    new_symbol.location = contract_symbol.location;
+    auto entry = goto_model.symbol_table.insert(std::move(new_symbol));
+    if(!entry.second)
+    {
+      log.error().source_location = contract_symbol.location;
+      log.error() << "contract '" << contract_symbol.display_name()
+                  << "' already set at " << entry.first.location.as_string()
+                  << messaget::eom;
+      throw 0;
+    }
+    // this lookup must work, and no need to check for signature compatibility
+    ns.lookup(pure_contract_id, pure_contract_symbol);
+  }
+  return pure_contract_symbol;
+}
+
+const symbolt &dfcc_dsl_contract_handlert::get_pure_contract_symbol(
+  const irep_idt &contract_id)
+{
+  auto result = get_pure_contract_symbol_ptr(contract_id);
+  if(result != nullptr)
+    return *result;
+
+  log.error() << "dfcc_dsl_contract_handlert: pure contract symbol for "
+              << contract_id << " was not found, aborting" << messaget::eom;
+  throw 0;
+}
+
+const bool dfcc_dsl_contract_handlert::pure_contract_symbol_exists(
+  const irep_idt &contract_id)
+{
+  auto result = get_pure_contract_symbol_ptr(contract_id);
+  return result != nullptr;
+}
+
+void dfcc_dsl_contract_handlert::check_signature_compat(
+  const irep_idt &contract_id,
+  const code_typet &contract_type,
+  const irep_idt &pure_contract_id,
+  const code_typet &pure_contract_type)
+{
+  // can we turn a call to `contract` into a call to `pure_contract` ?
+  bool compatible =
+    function_is_type_compatible(true, contract_type, pure_contract_type, ns);
+
+  if(!compatible)
+  {
+    log.error() << "dfcc_dsl_contract_handlert: function '" << contract_id
+                << "' and the corresponding pure contract symbol '"
+                << pure_contract_id
+                << "' have incompatible type signatures:" << messaget::eom;
+    log.error() << "- contract return type "
+                << format(contract_type.return_type()) << messaget::eom;
+    for(const auto &param : contract_type.parameters())
+    {
+      log.error() << "- contract param type " << format(param.type())
+                  << messaget::eom;
+    }
+
+    log.error() << "- pure contract return type "
+                << format(pure_contract_type.return_type()) << messaget::eom;
+    for(const auto &param : pure_contract_type.parameters())
+    {
+      log.error() << "- pure contract param type " << format(param.type())
+                  << messaget::eom;
+    }
+
+    log.error() << "aborting." << messaget::eom;
+    throw 0;
+  }
+}
diff --git a/src/goto-instrument/contracts/dynamic-frames/dfcc_dsl_contract_handler.h b/src/goto-instrument/contracts/dynamic-frames/dfcc_dsl_contract_handler.h
@@ -0,0 +1,166 @@
+/*******************************************************************\
+
+Module: Dynamic frame condition checking for function contracts
+
+Author: Remi Delmas, delmasrd@amazon.com
+Date: August 2022
+
+\*******************************************************************/
+
+/// \file
+/// Specialisation of \ref dfcc_contract_handlert for DSL-style contracts
+
+#ifndef CPROVER_GOTO_INSTRUMENT_CONTRACTS_DYNAMIC_FRAMES_DFCC_DSL_CONTRACT_HANDLER_H
+#define CPROVER_GOTO_INSTRUMENT_CONTRACTS_DYNAMIC_FRAMES_DFCC_DSL_CONTRACT_HANDLER_H
+
+#include <goto-programs/goto_convert_class.h>
+
+#include <util/namespace.h>
+#include <util/optional.h>
+#include <util/std_expr.h>
+
+#include "dfcc_contract_handler.h"
+#include "dfcc_dsl_contract_functions.h"
+
+#include <set>
+
+class goto_modelt;
+class messaget;
+class message_handlert;
+class dfcc_libraryt;
+class dfcc_utilst;
+class dfcc_instrumentt;
+class dfcc_spec_functionst;
+class code_with_contract_typet;
+class conditional_target_group_exprt;
+class function_pointer_obeys_contract_exprt;
+
+/// A DSL-style contract is represented by a function declaration or definition
+/// with contract clauses attached to its signature:
+///
+/// ```
+/// ret_t foo(foo_params)
+/// __CPROVER_requires(R)
+/// __CPROVER_requires_contract(ptr, contract)
+/// __CPROVER_assigns(A)
+/// __CPROVER_frees(F)
+/// __CPROVER_ensures(E)
+/// __CPROVER_ensures_contract(ptr, contract)
+/// { foo_body; } [optional]
+/// ```
+///
+/// In the symbol table, this declaration creates two symbols:
+/// - `ret_t foo(foo_params)` which represents the function (with optional body)
+/// - `ret_t contract::foo(foo_params)` which represents the pure contract part
+/// and carries the contract clauses in its `.type` attribute.
+///
+/// This class allows, given a contract name `foo`, to lookup the symbol
+/// `contract::foo` and translate its assigns and frees clauses into GOTO
+/// functions that build dynamic frames at runtime (stored in an object of
+/// type \ref dfcc_dsl_contract_functionst).
+///
+/// Translation results are cached so it is safe to call
+/// `get_contract_functions` several times.
+class dfcc_dsl_contract_handlert : public dfcc_contract_handlert
+{
+public:
+  dfcc_dsl_contract_handlert(
+    goto_modelt &goto_model,
+    messaget &log,
+    dfcc_utilst &utils,
+    dfcc_libraryt &library,
+    dfcc_instrumentt &instrument,
+    dfcc_spec_functionst &spec_functions);
+
+  /// Adds instructions in `dest` modeling contract checking, assuming
+  /// that `ret_t wrapper_id(params)` is the function receiving
+  /// the instructions.
+  ///
+  /// \param[in] contract_mode checking or replacement mode
+  /// \param[in] wrapper_id name of function receiving the instructions
+  /// \param[in] wrapped_id name of function that is being checked/replaced
+  /// \param[in] contract_id name of the contract to check
+  /// \param[in] wrapper_write_set_symbol write_set parameter of the wrapper
+  /// \param[out] dest destination program where instructions are added
+  /// (should eventually become the body of wrapper_id)
+  /// \param[out] function_pointer_contracts list of contracts found in either
+  /// pre or post conditions of the processed contract. These contracts need to
+  /// be swapped_and_wrapped in replacement mode if they are not already.
+  void add_contract_instructions(
+    const dfcc_contract_modet contract_mode,
+    const irep_idt &wrapper_id,
+    const irep_idt &wrapped_id,
+    const irep_idt &contract_id,
+    const symbolt &wrapper_write_set_symbol,
+    goto_programt &dest,
+    std::set<irep_idt> &function_pointer_contracts) override;
+
+  /// Returns the size assigns clause of the given contract in number of targets
+  const int get_assigns_clause_size(const irep_idt &contract_id) override;
+
+  /// Searches for a symbol named "contract::contract_id" that has a type
+  /// signature compatible with that of "contract_id", or creates an empty one
+  /// if it does not exist.
+  /// Returns true if found or created, throws an exception if
+  /// "contract::contract_id" already exists but has signature incompatible
+  /// with that of "contract_id".
+  const bool pure_contract_symbol_exists(const irep_idt &contract_id);
+
+protected:
+  goto_modelt &goto_model;
+  messaget &log;
+  message_handlert &message_handler;
+  dfcc_utilst &utils;
+  dfcc_libraryt &library;
+  dfcc_instrumentt &instrument;
+  dfcc_spec_functionst &spec_functions;
+  namespacet ns;
+
+  // Caches the functions generated from DSL contracts
+  static std::map<irep_idt, dfcc_dsl_contract_functionst> contract_cache;
+
+  /// Searches for a symbol named "contract::contract_id" in the symbol table.
+  ///
+  /// If a symbol "contract::contract_id" was found and its type signature is
+  /// compatible with that of "contract_id" a pointer to the symbol is returned.
+  ///
+  /// If a symbol "contract::contract_id" was found but its type signature is
+  /// not compatible with that of "contract_id" an exception is thrown.
+  ///
+  /// If a symbol "contract::contract_id" was found, a fresh symbol representing
+  /// a contract with empty clauses is inserted in the symbol table and a
+  /// pointer to that symbol is returned.
+  const symbolt *get_pure_contract_symbol_ptr(const irep_idt &contract_id);
+
+  /// Searches for a symbol named "contract::contract_id" in the symbol table.
+  ///
+  /// If a symbol "contract::contract_id" was found and its type signature is
+  /// compatible with that of "contract_id" a reference to the symbol is
+  /// returned.
+  ///
+  /// If a symbol "contract::contract_id" was found but its type signature is
+  /// not compatible with that of "contract_id" an exception is thrown.
+  ///
+  /// If a symbol "contract::contract_id" was found, a fresh symbol representing
+  /// a contract with empty clauses is inserted in the symbol table and a
+  /// reference to that symbol is returned.
+  const symbolt &get_pure_contract_symbol(const irep_idt &contract_id);
+
+  /// Returns the `dfcc_dsl_contract_functionst` object for the given contract
+  /// from the cache, creates it if it does not exists.
+  const dfcc_dsl_contract_functionst &
+  get_contract_functions(const irep_idt &contract_id);
+
+  /// \brief Throws an error if the type signatures are not compatible
+  /// \param contract_id name of the function that carries the contract
+  /// \param contract_type code_type of contract_id
+  /// \param pure_contract_id name of the pure contract symbol for contract_id
+  /// \param pure_contract_type code_type of pure_contract_id
+  void check_signature_compat(
+    const irep_idt &contract_id,
+    const code_typet &contract_type,
+    const irep_idt &pure_contract_id,
+    const code_typet &pure_contract_type);
+};
+
+#endif
diff --git a/src/goto-instrument/contracts/dynamic-frames/dfcc_dsl_wrapper_program.h b/src/goto-instrument/contracts/dynamic-frames/dfcc_dsl_wrapper_program.h
@@ -10,8 +10,8 @@ Author: Remi Delmas, delmasrd@amazon.com
 /// Generates the body of a wrapper function from a DSL-style contract
 /// for contract checking or contract replacement
 
-#ifndef CPROVER_GOTO_INSTRUMENT_CONTRACTS_DFCC_DSL_WRAPPER_PROGRAM_H
-#define CPROVER_GOTO_INSTRUMENT_CONTRACTS_DFCC_DSL_WRAPPER_PROGRAM_H
+#ifndef CPROVER_GOTO_INSTRUMENT_CONTRACTS_DYNAMIC_FRAMES_DFCC_DSL_WRAPPER_PROGRAM_H
+#define CPROVER_GOTO_INSTRUMENT_CONTRACTS_DYNAMIC_FRAMES_DFCC_DSL_WRAPPER_PROGRAM_H
 
 #include <goto-programs/goto_convert_class.h>
 
