|
6 | 6 |
|
7 | 7 | \section string_solver_interface String solver interface |
8 | 8 |
|
| 9 | +The basic role of the solver is to answer whether the set of equations given |
| 10 | +is satisfiable. One example usage, is to determine whether an assertion in a |
| 11 | +program can be violated. |
| 12 | +For instance, CBMC and JBMC, convert a input program and property to check |
| 13 | +about this program to a set of equations. These equations are fed to a solver, |
| 14 | +which is one of the last step in CBMC and JBMC, as it tells us whether the |
| 15 | +property holds or can fail. |
| 16 | + |
| 17 | +The secondary role of the solver is to provide a satisfying assignment of |
| 18 | +the variables of the equations, this can for instance be used to construct |
| 19 | +a trace. |
| 20 | + |
| 21 | +The string solver is particularly aimed at string logic, but since it inherits |
| 22 | +from \ref bv_refinementt it is also capable of handling arithmetic, array logic, |
| 23 | +floating point operations etc. |
| 24 | +The backend uses the flattening of \ref boolbvt to convert expressions to boolean formula. |
| 25 | + |
| 26 | +An example of a problem given to string solver could look like this: |
| 27 | + |
| 28 | +~~~~~ |
| 29 | +return_code == cprover_string_concat_func( |
| 30 | + length1, array1, |
| 31 | + { .length=length2, .content=content2 }, |
| 32 | + { .length=length3, .content=content3 }) |
| 33 | +length3 == length2 |
| 34 | +content3 == content2 |
| 35 | +is_equal == cprover_string_equals_func(length1, array1, 2, {'a', 'a'}) |
| 36 | +is_equal == 1 |
| 37 | +~~~~~ |
| 38 | + |
| 39 | +Details about the meaning of the primitives `cprover_string_concat_func` and |
| 40 | +`cprover_string_equals_func` are given in section \ref primitives "String Primitives". |
| 41 | + |
| 42 | +The first equality means that the string represented by `{length1, array1}` is |
| 43 | +the concatanation of the string represented by `{length2, array2}` and |
| 44 | +`{length3, array3}`. The second and third mean that `{length2, array2}` and |
| 45 | +`{length3, array3}` represent the same string. The fourth means that `is_equal` |
| 46 | +is 1 if and only if `{length1, array1}` is the string "aa". The last equation |
| 47 | +ensures that `is_equal` has to be equal to 1 in the solution. |
| 48 | + |
| 49 | +For this system of equations the string solver should answer that it is |
| 50 | +satisfiable. It is then possible to recover which assignments make all |
| 51 | +equation true, in that case `length2 = length3 = 1` and |
| 52 | +`content2 = content3 = {'a'}`. |
| 53 | + |
| 54 | + |
9 | 55 | \subsection general_interface General interface |
10 | 56 |
|
11 | 57 | The common interface for solvers in CProver is inherited from |
|
0 commit comments