dfcct Class Reference
Entry point into the contracts transformation. More...
#include <dfcc.h>
Collaboration diagram for dfcct:Public Member Functions | |
| dfcct (const optionst &options, goto_modelt &goto_model, const irep_idt &harness_id, const std::optional< std::pair< irep_idt, irep_idt >> &to_check, const bool allow_recursive_calls, const std::map< irep_idt, irep_idt > &to_replace, const dfcc_loop_contract_modet loop_contract_mode, message_handlert &message_handler, const std::set< std::string > &to_exclude_from_nondet_static) | |
| Class constructor. More... | |
| void | transform_goto_model () |
| Applies function contracts and loop contracts transformation to GOTO model using the dynamic frame condition checking approach. More... | |
Protected Member Functions | |
| void | check_transform_goto_model_preconditions () |
| Checks preconditions on arguments of transform_goto_model. More... | |
| void | partition_function_symbols (std::set< irep_idt > &pure_contract_symbols, std::set< irep_idt > &other_symbols) |
| Partitions the function symbols of the symbol table into pure contracts and other function symbols symbols. More... | |
| void | link_model_and_load_dfcc_library () |
| void | instrument_harness_function () |
| void | lift_memory_predicates () |
| void | wrap_checked_function () |
| void | wrap_replaced_functions () |
| void | wrap_discovered_function_pointer_contracts () |
| void | instrument_other_functions () |
| void | reinitialize_model () |
| Re-initialise the GOTO model. More... | |
Detailed Description
Constructor & Destructor Documentation
◆ dfcct()
| dfcct::dfcct | ( | const optionst & | options, |
| goto_modelt & | goto_model, | ||
| const irep_idt & | harness_id, | ||
| const std::optional< std::pair< irep_idt, irep_idt >> & | to_check, | ||
| const bool | allow_recursive_calls, | ||
| const std::map< irep_idt, irep_idt > & | to_replace, | ||
| const dfcc_loop_contract_modet | loop_contract_mode, | ||
| message_handlert & | message_handler, | ||
| const std::set< std::string > & | to_exclude_from_nondet_static | ||
| ) |
Class constructor.
- Parameters
-
options CLI options (used to lookup options for language config when re-defining the model's entry point) goto_model GOTO model to transform harness_id Proof harness name, must be the entry point of the model to_check (function,contract) pair for contract checking allow_recursive_calls Allow the checked function to be recursive to_replace functions-to-contract mapping for replacement loop_contract_mode mode to use for loop contracts message_handler used for debug/warning/error messages to_exclude_from_nondet_static set of symbols to exclude when
Member Function Documentation
◆ check_transform_goto_model_preconditions()
|
protected |
Checks preconditions on arguments of transform_goto_model.
The preconditions are:
- The harness function exists in the model and has a body,
- The model's entry point is the harness function,
- The harness function is distinct from any checked or replaced function,
- The harness function is distinct from any contract,
- All function to check exist and have a body available,
- All function to replace exist (body is not necessary),
- All contracts to check or replace exist as pure contract symbols,
- The checked function cannot be also replaced,
- compiler built-ins or
__CPROVER_*functions cannot be checked against a contract (because they cannot be instrumented), - all symbols of
to_exclude_from_nondet_staticexist in the model.
◆ instrument_harness_function()
◆ instrument_other_functions()
◆ lift_memory_predicates()
◆ link_model_and_load_dfcc_library()
◆ partition_function_symbols()
◆ reinitialize_model()
|
protected |
Re-initialise the GOTO model.
The new entry point must be the proof harness function specified for instrumentation.
The "initialize" (aka INITIALIZE_FUNCTION) is the function that assigns initial values to all statics of the model;
The initialize function must do the following:
- assign a nondet value to all statics of the user program
- assign the specified initial value to all instrumentation statics
- add an entry in the static unbounded map of instrumented functions for each instrumented function
A call to nondet_static will re-generate the initialize function with nondet values. The instrumentation statics will not get nondet initialised by virtue of being tagged with ID_C_no_nondet_initialization.
However, nondet_static expects instructions to be either function calls or assignments with a symbol_exprt LHS. Since entries for the instrumented function maps are not symbol_exprts but index_exprts they need to be moved to the harness function.
The "start" function (aka goto_functionst::entry_point()) is the function from which SymEx starts.
The start function must do the following:
- call the initialize function,
- generate nondet values for the arguments of the proof harness function
- call the harness function with said nondet arguments
All of which can be done using a call to generate_ansi_c_start_function, assuming the initialize function is already available in the symbol table.
So we do the following:
- regenerate the "initialize" function
- call nondet_static
- add extra instructions at the end of the harness function for the instrumented functions map
- call generate_ansi_c_start_function Make all user-defined statics nondet. Other statics added by the instrumentation will be unaffected because they are tagged with ID_C_no_nondet_initialization when created Update statics and static function maps
◆ transform_goto_model()
| void dfcct::transform_goto_model | ( | ) |
Applies function contracts and loop contracts transformation to GOTO model using the dynamic frame condition checking approach.
Functions to check/replace are explicitly mapped to contracts. When checking function foo against contract bar, we require the actual contract symbol to exist as contract::bar in the symbol table.
Transformation steps:
- check preconditions on existence and absence of clash between harness, functions and contract symbols parameters.
- link the goto model to the standard library
- instrument the harness function.
- partition function symbols of the model into
contract::symbols- assigns/frees clause specification functions (not instrumented)
- all other functions (instrumented)
- swap-and-wrap/instrument functions to check with their contract
- swap-and-wrap/instrument functions to replace with their contract
- swap-and-wrap all discovered function pointer contracts with themselves (replacement mode)
- instrument all remaining functions GOTO model
- (this includes standard library functions).
- specialise the instrumentation functions by unwinding loops they contain to the maximum size of any assigns clause involved in the model.
◆ wrap_checked_function()
◆ wrap_discovered_function_pointer_contracts()
|
protected |
◆ wrap_replaced_functions()
Member Data Documentation
◆ allow_recursive_calls
◆ contract_clauses_codegen
|
protected |
◆ contract_handler
|
protected |
◆ function_pointer_contracts
|
protected |
◆ goto_model
|
protected |
◆ harness_id
◆ instrument
|
protected |
◆ library
|
protected |
◆ log
◆ loop_contract_mode
|
protected |
◆ max_assigns_clause_size
|
protected |
◆ memory_predicates
|
protected |
◆ message_handler
|
protected |
◆ ns
|
protected |
◆ options
◆ other_symbols
◆ pure_contract_symbols
◆ spec_functions
|
protected |
◆ swap_and_wrap
|
protected |
◆ to_check
◆ to_exclude_from_nondet_static
|
protected |
◆ to_replace
The documentation for this class was generated from the following files:
