|
| 1 | +/*******************************************************************\ |
| 2 | +
|
| 3 | +Module: Symex Shadow Memory Instrumentation |
| 4 | +
|
| 5 | +Author: Peter Schrammel |
| 6 | +
|
| 7 | +\*******************************************************************/ |
| 8 | + |
| 9 | +/// \file |
| 10 | +/// Symex Shadow Memory Instrumentation |
| 11 | + |
| 12 | +#ifndef CPROVER_GOTO_SYMEX_SHADOW_MEMORY_H |
| 13 | +#define CPROVER_GOTO_SYMEX_SHADOW_MEMORY_H |
| 14 | + |
| 15 | +#include <util/expr.h> |
| 16 | +#include <util/message.h> |
| 17 | +#include <util/std_expr.h> |
| 18 | + |
| 19 | +#include "shadow_memory_field_definitions.h" |
| 20 | + |
| 21 | +#define SHADOW_MEMORY_PREFIX "SM__" |
| 22 | +#define SHADOW_MEMORY_FIELD_DECL "field_decl" |
| 23 | +#define SHADOW_MEMORY_GLOBAL_SCOPE "_global" |
| 24 | +#define SHADOW_MEMORY_LOCAL_SCOPE "_local" |
| 25 | +#define SHADOW_MEMORY_GET_FIELD "get_field" |
| 26 | +#define SHADOW_MEMORY_SET_FIELD "set_field" |
| 27 | + |
| 28 | +class code_function_callt; |
| 29 | +class abstract_goto_modelt; |
| 30 | +class goto_symex_statet; |
| 31 | +class side_effect_exprt; |
| 32 | +class ssa_exprt; |
| 33 | + |
| 34 | +/// \brief The shadow memory instrumentation performed during symbolic execution |
| 35 | +class shadow_memoryt |
| 36 | +{ |
| 37 | +public: |
| 38 | + shadow_memoryt( |
| 39 | + const std::function<void(goto_symex_statet &, const exprt &, const exprt &)> |
| 40 | + symex_assign, |
| 41 | + const namespacet &ns, |
| 42 | + message_handlert &message_handler) |
| 43 | + : symex_assign(symex_assign), ns(ns), log(message_handler) |
| 44 | + { |
| 45 | + } |
| 46 | + |
| 47 | + /// Gathers the available shadow memory field definitions |
| 48 | + /// (__CPROVER_field_decl calls) from the goto model. |
| 49 | + /// \param goto_model The goto model |
| 50 | + /// \param message_handler For logging |
| 51 | + /// \return The field definitions |
| 52 | + static shadow_memory_field_definitionst gather_field_declarations( |
| 53 | + abstract_goto_modelt &goto_model, |
| 54 | + message_handlert &message_handler); |
| 55 | + |
| 56 | + /// Initialize global-scope shadow memory for global/static variables. |
| 57 | + /// \param state The symex state |
| 58 | + /// \param lhs The LHS expression of the initializer assignment |
| 59 | + void symex_field_static_init(goto_symex_statet &state, const ssa_exprt &lhs); |
| 60 | + |
| 61 | + /// Initialize global-scope shadow memory for string constants. |
| 62 | + /// \param state The symex state |
| 63 | + /// \param expr The defined symbol expression |
| 64 | + /// \param rhs The RHS expression of the initializer assignment |
| 65 | + void symex_field_static_init_string_constant( |
| 66 | + goto_symex_statet &state, |
| 67 | + const ssa_exprt &expr, |
| 68 | + const exprt &rhs); |
| 69 | + |
| 70 | + /// Initialize local-scope shadow memory for local variables and parameters. |
| 71 | + /// \param state The symex state |
| 72 | + /// \param expr The declared symbol expression |
| 73 | + void symex_field_local_init(goto_symex_statet &state, const ssa_exprt &expr); |
| 74 | + |
| 75 | + /// Initialize global-scope shadow memory for dynamically allocated memory. |
| 76 | + /// \param state The symex state |
| 77 | + /// \param expr The dynamic object symbol expression |
| 78 | + /// \param code The allocation side effect code |
| 79 | + void symex_field_dynamic_init( |
| 80 | + goto_symex_statet &state, |
| 81 | + const exprt &expr, |
| 82 | + const side_effect_exprt &code); |
| 83 | + |
| 84 | + /// Symbolically executes a __CPROVER_get_field call |
| 85 | + /// \param state The symex state |
| 86 | + /// \param lhs The LHS of the call |
| 87 | + /// \param arguments The call arguments |
| 88 | + void symex_get_field( |
| 89 | + goto_symex_statet &state, |
| 90 | + const exprt &lhs, |
| 91 | + const exprt::operandst &arguments); |
| 92 | + |
| 93 | + /// Symbolically executes a __CPROVER_set_field call |
| 94 | + /// \param state The symex state |
| 95 | + /// \param arguments The call arguments |
| 96 | + void |
| 97 | + symex_set_field(goto_symex_statet &state, const exprt::operandst &arguments); |
| 98 | + |
| 99 | +private: |
| 100 | + /// Converts a field declaration |
| 101 | + /// \param code_function_call The __CPROVER_field_decl_* call |
| 102 | + /// \param fields The field declaration to be extended |
| 103 | + void convert_field_declaration( |
| 104 | + const code_function_callt &code_function_call, |
| 105 | + shadow_memory_field_definitionst::field_definitiont &fields); |
| 106 | + |
| 107 | + /// Allocates and initializes a shadow memory field for the given original |
| 108 | + /// memory. |
| 109 | + /// \param state The symex state |
| 110 | + /// \param expr The expression for which shadow memory should be allocated |
| 111 | + /// \param fields The field definition to be used |
| 112 | + void initialize_shadow_memory( |
| 113 | + goto_symex_statet &state, |
| 114 | + const exprt &expr, |
| 115 | + const shadow_memory_field_definitionst::field_definitiont &fields); |
| 116 | + |
| 117 | + /// Registers a shadow memory field for the given original memory |
| 118 | + /// \param state The symex state |
| 119 | + /// \param expr The expression for which shadow memory should be allocated |
| 120 | + /// \param field_name The field name |
| 121 | + /// \param field_type The field type |
| 122 | + /// \return The resulting shadow memory symbol expression |
| 123 | + symbol_exprt add_field( |
| 124 | + goto_symex_statet &state, |
| 125 | + const exprt &expr, |
| 126 | + const irep_idt &field_name, |
| 127 | + const typet &field_type); |
| 128 | + |
| 129 | +private: |
| 130 | + const std::function<void(goto_symex_statet &, const exprt &, const exprt)> |
| 131 | + symex_assign; |
| 132 | + const namespacet &ns; |
| 133 | + messaget log; |
| 134 | +}; |
| 135 | + |
| 136 | +#endif // CPROVER_GOTO_SYMEX_SHADOW_MEMORY_H |
0 commit comments