139 gcc_version.
get(
"gcc");
144 const bool validate_only =
cmdline.
isset(
"validate-goto-binary");
146 if(validate_only ||
cmdline.
isset(
"validate-goto-model"))
161 log.
status() <<
"Adding nondeterministic initialization "
162 "of matching static/global variables"
178 bool unwindset_file_given=
cmdline.
isset(
"unwindset-file");
180 if(unwindset_given && unwindset_file_given)
181 throw "only one of --unwindset and --unwindset-file supported at a "
184 if(unwind_given || unwindset_given || unwindset_file_given)
191 if(unwindset_file_given)
193 unwindset.parse_unwindset_file(
199 unwindset.parse_unwindset(
204 bool unwinding_assertions=
cmdline.
isset(
"unwinding-assertions");
206 bool continue_as_loops=
cmdline.
isset(
"continue-as-loops");
207 if(continue_as_loops)
209 if(unwinding_assertions)
211 throw "unwinding assertions cannot be used with "
212 "--continue-as-loops";
214 else if(partial_loops)
215 throw "partial loops cannot be used with --continue-as-loops";
221 if(unwinding_assertions)
228 else if(partial_loops)
232 else if(continue_as_loops)
238 goto_unwind(
goto_model, unwindset, unwind_strategy);
243 bool have_file=!filename.empty() && filename!=
"-";
252 throw "failed to open file "+filename;
259 std::cout << result <<
'\n';
277 std::cout <<
"////\n";
278 std::cout <<
"//// Function: " << gf_entry.first <<
'\n';
279 std::cout <<
"////\n\n";
285 i_it->output(std::cout);
286 std::cout <<
"Is threaded: " << (is_threaded(i_it)?
"True":
"False")
353 std::cout <<
">>>>\n";
354 std::cout <<
">>>> " << gf_entry.first <<
'\n';
355 std::cout <<
">>>>\n";
356 local_bitvector_analysis.
output(std::cout, gf_entry.second, ns);
374 local_safe_pointers(gf_entry.second.body);
375 std::cout <<
">>>>\n";
376 std::cout <<
">>>> " << gf_entry.first <<
'\n';
377 std::cout <<
">>>>\n";
379 local_safe_pointers.
output(std::cout, gf_entry.second.body, ns);
383 std::cout, gf_entry.second.body, ns);
401 sese_region_analysis(gf_entry.second.body);
402 std::cout <<
">>>>\n";
403 std::cout <<
">>>> " << gf_entry.first <<
'\n';
404 std::cout <<
">>>>\n";
405 sese_region_analysis.
output(std::cout, gf_entry.second.body, ns);
473 custom_bitvector_analysis.
check(
493 points_to.
output(std::cout);
681 for(
auto const &ins : pair.second.body.instructions)
683 if(ins.code().is_not_nil())
685 if(ins.has_condition())
687 log.
status() <<
"[guard] " << ins.condition().pretty()
727 const bool is_header =
cmdline.
isset(
"dump-c-type-header");
800 call_graph.
output(std::cout);
816 call_graph.
output(std::cout);
864 log.
status() <<
"Removing calls to functions without a body"
929 "Invalid number of positional arguments passed",
931 "goto-instrument needs one input and one output file, aside from other "
1010 if(!result.has_value())
1039 log.
status() <<
"Adding up to " << max_argc <<
" command line arguments"
1173 "Redundant options detected",
1184 std::set<irep_idt> to_replace(
1193 "Mutually exclusive options detected",
1203 bool allow_recursive_calls =
1206 std::set<std::string> to_exclude_from_nondet_static(
1220 log.
warning() <<
"**** WARNING: transformed loops will not be unwound "
1221 <<
"after applying loop contracts. Remember to unwind "
1222 <<
"them at least twice to pass unwinding-assertions."
1230 to_enforce.
empty() ? std::optional<irep_idt>{}
1231 : std::optional<irep_idt>{to_enforce.front()},
1232 allow_recursive_calls,
1236 to_exclude_from_nondet_static,
1248 std::set<std::string> to_replace(
1252 std::set<std::string> to_enforce(
1256 std::set<std::string> to_exclude_from_nondet_static(
1278 log.
warning() <<
"**** WARNING: transformed loops will not be unwound "
1279 <<
"after applying loop contracts. Remember to unwind "
1280 <<
"them at least twice to pass unwinding-assertions."
1298 else if(
cmdline.
isset(
"remove-const-function-pointers"))
1320 log.
status() <<
"Inlining calls of function '" <<
function <<
"'"
1331 bool have_file=!filename.empty() && filename!=
"-";
1341 throw "failed to open file "+filename;
1348 std::cout << result <<
'\n';
1369 log.
status() <<
"Removing calls to functions without a body"
1385 log.
warning() <<
"**** WARNING: Constant propagation as performed by "
1386 "goto-instrument is not expected to be sound. Do not use "
1387 "--constant-propagator if soundness is important for your "
1400 c_object_factory_options);
1404 object_factory_parameters,
1409 *generate_implementation,
1419 c_object_factory_options);
1421 auto options_split =
1423 if(options_split.size() < 2)
1425 "not enough arguments for this option",
"--generate-havocing-body"};
1427 if(options_split.size() == 2)
1430 std::string{
"havoc,"} + options_split.back(),
1431 object_factory_parameters,
1435 std::regex(options_split[0]),
1436 *generate_implementation,
1443 for(
size_t i = 1; i + 1 < options_split.size(); i += 2)
1446 std::string{
"havoc,"} + options_split[i + 1],
1447 object_factory_parameters,
1453 *generate_implementation,
1467 log.
status() <<
"Adding checks for uninitialized local variables"
1486 log.
status() <<
"Adding nondeterministic initialization "
1487 "of static/global variables except for "
1488 "the specified ones."
1490 std::set<std::string> to_exclude(
1497 log.
status() <<
"Adding nondeterministic initialization "
1498 "of static/global variables"
1507 log.
status() <<
"Slicing away initializations of unused global variables"
1570 const unsigned max_var=
1573 const unsigned max_po_trans=
1579 log.
status() <<
"Adding weak memory (TSO) Instrumentation"
1585 log.
status() <<
"Adding weak memory (PSO) Instrumentation"
1591 log.
status() <<
"Adding weak memory (RMO) Instrumentation"
1595 else if(mm==
"power")
1597 log.
status() <<
"Adding weak memory (Power) Instrumentation"
1603 log.
error() <<
"Unknown weak memory model '" << mm <<
"'"
1678 if(step_case && base_case)
1679 throw "please specify only one of --step-case and --base-case";
1680 else if(!step_case && !base_case)
1681 throw "please specify one of --step-case and --base-case";
1686 throw "please give k>=1";
1688 log.
status() <<
"Instrumenting k-induction for k=" << k <<
", "
1689 << (base_case ?
"base case" :
"step case") <<
messaget::eom;
1755 log.
status() <<
"Performing a function pointer reachability slice"
1772 log.
warning() <<
"**** WARNING: Experimental option --full-slice, "
1773 <<
"analysis results may be unsound. See "
1774 <<
"https://github.com/diffblue/cbmc/issues/260"
1807 log.
status() <<
"Slicing away initializations of unused global variables"
1818 if(
cmdline.
isset(
"aggressive-slice-preserve-function"))
1826 if(
cmdline.
isset(
"aggressive-slice-preserve-functions-containing"))
1831 cmdline.
isset(
"aggressive-slice-preserve-all-direct-paths");
1833 aggressive_slicer.
doit();
1869 "Usage: \tPurpose:\n"
1871 " {bgoto-instrument} [{y-?}] [{y-h}] [{y--help}] \t show this help\n"
1872 " {bgoto-instrument} {y--version} \t show version and exit\n"
1873 " {bgoto-instrument} [options] {uin} [{uout}] \t perform analysis or"
1874 " instrumentation\n"
1878 " {y--horn} \t print program as constrained horn clauses\n"
1883 " {y--show-symbol-table} \t show loaded symbol table\n"
1884 " {y--list-symbols} \t list symbols with type information\n"
1887 " {y--show-locations} \t show all source locations\n"
1888 " {y--dot} \t generate CFG graph in DOT format\n"
1889 " {y--print-internal-representation} \t show verbose internal"
1890 " representation of the program\n"
1891 " {y--list-undefined-functions} \t list functions without body\n"
1892 " {y--list-calls-args} \t list all function calls with their arguments\n"
1893 " {y--call-graph} \t show graph of function calls\n"
1894 " {y--reachable-call-graph} \t show graph of function calls potentially"
1895 " reachable from main function\n"
1898 " {y--validate-goto-binary} \t check the well-formedness of the passed in"
1899 " goto binary and then exit\n"
1900 " {y--interpreter} \t do concrete execution\n"
1902 "Data-flow analyses:\n"
1903 " {y--show-struct-alignment} \t show struct members that might be"
1904 " concurrently accessed\n"
1905 " {y--show-threaded} \t show instructions that may be executed by more than"
1907 " {y--show-local-safe-pointers} \t show pointer expressions that are"
1908 " trivially dominated by a not-null check\n"
1909 " {y--show-safe-dereferences} \t show pointer expressions that are"
1910 " trivially dominated by a not-null check *and* used as a dereference"
1912 " {y--show-value-sets} \t show points-to information (using value sets)\n"
1913 " {y--show-global-may-alias} \t show may-alias information over globals\n"
1914 " {y--show-local-bitvector-analysis} \t show procedure-local pointer"
1916 " {y--escape-analysis} \t perform escape analysis\n"
1917 " {y--show-escape-analysis} \t show results of escape analysis\n"
1918 " {y--custom-bitvector-analysis} \t perform configurable bitvector"
1920 " {y--show-custom-bitvector-analysis} \t show results of configurable"
1921 " bitvector analysis\n"
1922 " {y--interval-analysis} \t perform interval analysis\n"
1923 " {y--show-intervals} \t show results of interval analysis\n"
1924 " {y--show-uninitialized} \t show maybe-uninitialized variables\n"
1925 " {y--show-points-to} \t show points-to information\n"
1926 " {y--show-rw-set} \t show read-write sets\n"
1927 " {y--show-call-sequences} \t show function call sequences\n"
1928 " {y--show-reaching-definitions} \t show reaching definitions\n"
1929 " {y--show-dependence-graph} \t show program-dependence graph\n"
1930 " {y--show-sese-regions} \t show single-entry-single-exit regions\n"
1933 " {y--no-assertions} \t ignore user assertions\n"
1936 " {y--stack-depth} {un} \t add check that call stack size of non-inlined"
1937 " functions never exceeds {un}\n"
1938 " {y--race-check} \t add floating-point data race checks\n"
1940 "Semantic transformations:\n"
1942 " {y--isr} {ufunction} \t instruments an interrupt service routine\n"
1943 " {y--mmio} \t instruments memory-mapped I/O\n"
1944 " {y--nondet-static} \t add nondeterministic initialization of variables"
1945 " with static lifetime\n"
1946 " {y--nondet-static-exclude} {ue} \t same as nondet-static except for the"
1947 " variable {ue} (use multiple times if required)\n"
1948 " {y--nondet-static-matching} {ur} \t add nondeterministic initialization"
1949 " of variables with static lifetime matching regex {ur}\n"
1950 " {y--function-enter} {uf}, {y--function-exit} {uf}, {y--branch} {uf} \t"
1951 " instruments a call to {uf} at the beginning, the exit, or a branch point,"
1953 " {y--splice-call} {ucaller},{ucallee} \t prepends a call to {ucallee} in"
1954 " the body of {ucaller}\n"
1955 " {y--check-call-sequence} {useq} \t instruments checks to assert that all"
1956 " call sequences match {useq}\n"
1957 " {y--undefined-function-is-assume-false} \t convert each call to an"
1958 " undefined function to assume(false)\n"
1963 " {y--add-library} \t add models of C library functions\n"
1965 " {y--model-argc-argv} {un} \t model up to {un} command line arguments\n"
1966 " {y--remove-function-body} {uf} remove the implementation of function {uf}"
1967 " (may be repeated)\n"
1971 "Semantics-preserving transformations:\n"
1972 " {y--ensure-one-backedge-per-target} \t transform loop bodies such that"
1973 " there is a single edge back to the loop head\n"
1974 " {y--drop-unused-functions} \t drop functions trivially unreachable from"
1977 " {y--constant-propagator} \t propagate constants and simplify"
1979 " {y--inline} \t perform full inlining\n"
1980 " {y--partial-inline} \t perform partial inlining\n"
1981 " {y--function-inline} {ufunction} \t transitively inline all calls"
1982 " {ufunction} makes\n"
1983 " {y--no-caching} \t disable caching of intermediate results during"
1984 " transitive function inlining\n"
1985 " {y--log} {ufile} \t log in JSON format which code segments were inlined,"
1986 " use with {y--function-inline}\n"
1987 " {y--remove-function-pointers} \t replace function pointers by case"
1988 " statement over function calls\n"
1990 " {y--value-set-fi-fp-removal} \t build flow-insensitive value set and"
1991 " replace function pointers by a case statement over the possible"
1992 " assignments. If the set of possible assignments is empty the function"
1993 " pointer is removed using the standard remove-function-pointers pass.\n"
1995 "Loop information and transformations:\n"
1997 " {y--unwindset-file_<file>} \t read unwindset from file\n"
1998 " {y--partial-loops} \t permit paths with partial loops\n"
1999 " {y--unwinding-assertions} \t generate unwinding assertions\n"
2000 " {y--continue-as-loops} \t add loop for remaining iterations after"
2002 " {y--k-induction} {uk} \t check loops with k-induction\n"
2003 " {y--step-case} \t k-induction: do step-case\n"
2004 " {y--base-case} \t k-induction: do base-case\n"
2005 " {y--havoc-loops} \t over-approximate all loops\n"
2006 " {y--accelerate} \t add loop accelerators\n"
2007 " {y--z3} \t use Z3 when computing loop accelerators\n"
2008 " {y--skip-loops {uloop-ids} \t add gotos to skip selected loops during"
2010 " {y--show-lexical-loops} \t show single-entry-single-back-edge loops\n"
2011 " {y--show-natural-loops} \t show natural loop heads\n"
2013 "Memory model instrumentations:\n"
2019 " {y--full-slice} \t slice away instructions that don't affect assertions\n"
2020 " {y--property} {uid} \t slice with respect to specific property only\n"
2021 " {y--slice-global-inits} \t slice away initializations of unused global"
2023 " {y--aggressive-slice} \t remove bodies of any functions not on the"
2024 " shortest path between the start function and the function containing the"
2025 " property/properties\n"
2026 " {y--aggressive-slice-call-depth} {un} \t used with aggressive-slice,"
2027 " preserves all functions within {un} function calls of the functions on"
2028 " the shortest path\n"
2029 " {y--aggressive-slice-preserve-function} {uf} \t force the aggressive"
2030 " slicer to preserve function {uf}\n"
2031 " {y--aggressive-slice-preserve-functions-containing} {uf} \t force the"
2032 " aggressive slicer to preserve all functions with names containing {uf}\n"
2033 " {y--aggressive-slice-preserve-all-direct-paths} \t force aggressive"
2034 " slicer to preserve all direct paths\n"
2045 "User-interface options:\n"
2047 " {y--xml} \t output files in XML where supported\n"
2048 " {y--xml-ui} \t use XML-formatted output\n"
2049 " {y--json-ui} \t use JSON-formatted output\n"
2050 " {y--verbosity} {u#} \t verbosity level\n"
void accelerate_functions(goto_modelt &goto_model, message_handlert &message_handler, bool use_z3, guard_managert &guard_manager)
void add_failed_symbols(symbol_table_baset &symbol_table)
Create a failed-dereference symbol for all symbols in the given table that need one (i....
void print_struct_alignment_problems(const symbol_table_baset &symbol_table, std::ostream &out)
void cprover_c_library_factory(const std::set< irep_idt > &functions, const symbol_table_baset &symbol_table, symbol_table_baset &dest_symbol_table, message_handlert &message_handler)
#define HELP_ANSI_C_LANGUAGE
void branch(goto_modelt &goto_model, const irep_idt &id)
void parse_c_object_factory_options(const cmdlinet &cmdline, optionst &options)
Parse the c object factory parameters from a given command line.
static void list_calls_and_arguments(const namespacet &ns, const goto_programt &goto_program)
void check_call_sequence(const goto_modelt &goto_model)
void show_call_sequences(const irep_idt &caller, const goto_programt &goto_program)
Memory-mapped I/O Instrumentation for Goto Programs.
void show_class_hierarchy(const class_hierarchyt &hierarchy, ui_message_handlert &message_handler, bool children_only)
Output the class hierarchy.
#define HELP_SHOW_CLASS_HIERARCHY
The aggressive slicer removes the body of all the functions except those on the shortest path,...
std::list< std::string > user_specified_properties
void doit()
Removes the body of all functions except those on the shortest path or functions that are reachable f...
std::list< std::string > name_snippets
void preserve_functions(const std::list< std::string > &function_list)
Adds a list of functions to the set of functions for the aggressive slicer to preserve.
bool preserve_all_direct_paths
virtual void output(const namespacet &ns, const irep_idt &function_id, const goto_programt &goto_program, std::ostream &out) const
Output the abstract states for a single function.
ait supplies three of the four components needed: an abstract interpreter (in this case handling func...
A call graph (https://en.wikipedia.org/wiki/Call_graph) for a GOTO model or GOTO functions collection...
void output_dot(std::ostream &out) const
void output(std::ostream &out) const
static call_grapht create_from_root_function(const goto_modelt &model, const irep_idt &root, bool collect_callsites)
void output_xml(std::ostream &out) const
Non-graph-based representation of the class hierarchy.
void output_dot(std::ostream &) const
Output class hierarchy in Graphviz DOT format.
std::string get_value(char option) const
virtual bool isset(char option) const
std::list< std::string > get_comma_separated_values(const char *option) const
Collect all occurrences of option option and split their values on each comma, merging them into a si...
const std::list< std::string > & get_values(const std::string &option) const
void apply_loop_contracts(const std::set< std::string > &to_exclude_from_nondet_init={})
Applies loop contract transformations.
void enforce_contracts(const std::set< std::string > &to_enforce, const std::set< std::string > &to_exclude_from_nondet_init={})
Turn requires & ensures into assumptions and assertions for each of the named functions.
void replace_calls(const std::set< std::string > &to_replace)
Replace all calls to each function in the to_replace set with that function's contract.
bool unwind_transformed_loops
bool set(const cmdlinet &cmdline)
void set_from_symbol_table(const symbol_table_baset &)
struct configt::ansi_ct ansi_c
void check(const goto_modelt &, bool xml, std::ostream &)
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
void instrument(goto_modelt &)
void get(const std::string &executable)
This is a may analysis (i.e.
void compute_loop_numbers()
function_mapt function_map
static irep_idt entry_point()
Get the identifier of the entry point to a goto model.
void register_languages() override
void help() override
display command line help
void instrument_goto_program()
void do_indirect_call_and_rtti_removal(bool force=false)
bool partial_inlining_done
bool function_pointer_removal_done
void do_partial_inlining()
void do_remove_const_function_pointers_only()
Remove function pointers that can be resolved by analysing const variables (i.e.
int doit() override
invoke main modules
void validate(const validation_modet vm=validation_modet::INVARIANT, const goto_model_validation_optionst &goto_model_validation_options=goto_model_validation_optionst{}) const override
Check that the goto model is well-formed.
symbol_tablet symbol_table
Symbol table.
goto_functionst goto_functions
GOTO functions.
A generic container class for the GOTO intermediate representation of one function.
jsont output_log_json() const
void output_dot(std::ostream &out) const
Thrown when users pass incorrect command line arguments, for example passing no files to analysis or ...
void output(std::ostream &out, const goto_functiont &goto_function, const namespacet &ns) const
A very simple, cheap analysis to determine when dereference operations are trivially guarded by a che...
void output_safe_dereferences(std::ostream &stream, const goto_programt &program, const namespacet &ns)
Output safely dereferenced expressions per instruction in human-readable format.
void output(std::ostream &stream, const goto_programt &program, const namespacet &ns)
Output non-null expressions per instruction in human-readable format.
static unsigned eval_verbosity(const std::string &user_input, const message_levelt default_verbosity, message_handlert &dest)
Parse a (user-)provided string as a verbosity level and set it as the verbosity of dest.
mstreamt & warning() const
mstreamt & status() const
message_handlert & get_message_handler()
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
bool lookup(const irep_idt &name, const symbolt *&symbol) const override
See documentation for namespace_baset::lookup().
bool is_set(const std::string &option) const
N.B. opts.is_set("foo") does not imply opts.get_bool_option("foo")
void set_option(const std::string &option, const bool value)
ui_message_handlert ui_message_handler
void output(std::ostream &out) const
void output(std::ostream &out, const goto_programt &goto_program, const namespacet &ns) const
Expression to hold a symbol (variable)
typet type
Type of symbol.
irep_idt name
The unique identifier.
virtual uit get_ui() const
This template class implements a data-flow analysis which keeps track of what values different variab...
void concurrency(value_setst &value_sets, goto_modelt &goto_model)
Encoding for Threaded Goto Programs.
#define HELP_CONFIG_LIBRARY
#define HELP_REPLACE_CALL
#define FLAG_REPLACE_CALL
#define FLAG_ENFORCE_CONTRACT
#define HELP_LOOP_CONTRACTS
#define FLAG_LOOP_CONTRACTS
#define HELP_LOOP_CONTRACTS_NO_UNWIND
#define HELP_ENFORCE_CONTRACT
#define HELP_LOOP_CONTRACTS_FILE
#define FLAG_LOOP_CONTRACTS_NO_UNWIND
void count_eloc(const goto_modelt &goto_model)
void print_global_state_size(const goto_modelt &goto_model)
void print_path_lengths(const goto_modelt &goto_model)
void list_eloc(const goto_modelt &goto_model)
#define HELP_GOTO_PROGRAM_STATS
void cprover_cpp_library_factory(const std::set< irep_idt > &functions, const symbol_table_baset &symbol_table, symbol_table_baset &dest_symbol_table, message_handlert &message_handler)
static void show_goto_functions(const goto_modelt &goto_model)
Field-insensitive, location-sensitive bitvector analysis.
Field-Sensitive Program Dependence Analysis, Litvak et al., FSE 2010.
#define FLAG_ENFORCE_CONTRACT_REC
#define HELP_ENFORCE_CONTRACT_REC
void document_properties_latex(const goto_modelt &goto_model, std::ostream &out)
void document_properties_html(const goto_modelt &goto_model, std::ostream &out)
#define HELP_DOCUMENT_PROPERTIES
void dot(const goto_modelt &src, std::ostream &out)
Dump Goto-Program as DOT Graph.
void dump_cpp(const goto_functionst &src, const bool use_system_headers, const bool use_all_headers, const bool include_harness, const namespacet &ns, std::ostream &out)
void dump_c(const goto_functionst &src, const bool use_system_headers, const bool use_all_headers, const bool include_harness, const namespacet &ns, std::ostream &out)
void dump_c_type_header(const goto_functionst &src, const bool use_system_headers, const bool use_all_headers, const bool include_harness, const namespacet &ns, const std::string module, std::ostream &out)
bool ensure_one_backedge_per_target(goto_programt::targett &it, goto_programt &goto_program)
Ensure one backedge per target.
Field-insensitive, location-sensitive, over-approximative escape analysis.
Document and give macros for the exit codes of CPROVER binaries.
#define CPROVER_EXIT_CONVERSION_FAILED
Failure to convert / write to another format.
#define CPROVER_EXIT_INTERNAL_ERROR
An error has been encountered during processing the requested analysis.
#define CPROVER_EXIT_USAGE_ERROR
A usage error is returned when the command line is invalid or conflicting.
#define CPROVER_EXIT_SUCCESS
Success indicates the required analysis has been performed without error.
void property_slicer(goto_functionst &goto_functions, const namespacet &ns, const std::list< std::string > &properties, message_handlert &message_handler)
void full_slicer(goto_functionst &goto_functions, const namespacet &ns, const slicing_criteriont &criterion, message_handlert &message_handler)
void function_exit(goto_modelt &goto_model, const irep_idt &id)
void function_enter(goto_modelt &goto_model, const irep_idt &id)
Function Entering and Exiting.
void configure_gcc(const gcc_versiont &gcc_version)
std::unique_ptr< generate_function_bodiest > generate_function_bodies_factory(const std::string &options, const c_object_factory_parameterst &object_factory_parameters, const symbol_tablet &symbol_table, message_handlert &message_handler)
Create the type that actually generates the functions.
void generate_function_bodies(const std::regex &functions_regex, const generate_function_bodiest &generate_function_body, goto_modelt &model, message_handlert &message_handler)
Generate function bodies with some default behavior: assert-false, assume-false, assert-false-assume-...
#define HELP_REPLACE_FUNCTION_BODY
Field-insensitive, location-sensitive, over-approximative escape analysis.
static void transform_assertions_assumptions(goto_programt &goto_program, bool enable_assertions, bool enable_built_in_assertions, bool enable_assumptions)
Checks for Errors in C and Java Programs.
void goto_check_c(const irep_idt &function_identifier, goto_functionst::goto_functiont &goto_function, const namespacet &ns, const optionst &options, message_handlert &message_handler)
#define PARSE_OPTIONS_GOTO_CHECK(cmdline, options)
void goto_inline(goto_modelt &goto_model, message_handlert &message_handler, bool adjust_function)
Inline every function call into the entry_point() function.
void goto_function_inline(goto_modelt &goto_model, const irep_idt function, message_handlert &message_handler, bool adjust_function, bool caching)
Transitively inline all function calls made from a particular function.
void goto_partial_inline(goto_modelt &goto_model, message_handlert &message_handler, unsigned smallfunc_limit, bool adjust_function)
Inline all function calls to functions either marked as "inlined" or smaller than smallfunc_limit (by...
jsont goto_function_inline_and_log(goto_modelt &goto_model, const irep_idt function, message_handlert &message_handler, bool adjust_function, bool caching)
Function Inlining This gives a number of different interfaces to the function inlining functionality ...
#define forall_goto_program_instructions(it, program)
void remove_pointers(goto_modelt &goto_model, value_setst &value_sets, message_handlert &message_handler)
Remove dereferences in all expressions contained in the program goto_model.
#define HELP_REMOVE_POINTERS
void dfcc(const optionst &options, goto_modelt &goto_model, const irep_idt &harness_id, const std::optional< irep_idt > &to_check, const bool allow_recursive_calls, const std::set< irep_idt > &to_replace, const bool apply_loop_contracts, const bool unwind_transformed_loops, const std::set< std::string > &to_exclude_from_nondet_static, message_handlert &message_handler)
Applies function contracts transformation to GOTO model, using the dynamic frame condition checking a...
void havoc_loops(goto_modelt &goto_model)
void horn_encoding(const goto_modelt &goto_model, std::ostream &out)
bool insert_final_assert_false(goto_modelt &goto_model, const std::string &function_to_instrument, message_handlert &message_handler)
Transform a goto program by inserting assert(false) at the end of a given function function_to_instru...
Insert final assert false into a function.
#define HELP_INSERT_FINAL_ASSERT_FALSE
void interpreter(const goto_modelt &goto_model, message_handlert &message_handler)
Interpreter for GOTO Programs.
static void interrupt(value_setst &value_sets, const symbol_tablet &symbol_table, const irep_idt &function_id, goto_programt &goto_program, const symbol_exprt &interrupt_handler, const rw_set_baset &isr_rw_set, message_handlert &message_handler)
Interrupt Instrumentation for Goto Programs.
void interval_analysis(goto_modelt &goto_model)
Initialises the abstract interpretation over interval domain and instruments instructions using inter...
Over-approximate Concurrency for Threaded Goto Programs.
void k_induction(goto_modelt &goto_model, bool base_case, bool step_case, unsigned k)
void label_function_pointer_call_sites(goto_modelt &goto_model)
This ensures that call instructions can be only one of two things:
Label function pointer call sites across a goto model.
Compute lexical loops in a goto_function.
void show_lexical_loops(const goto_modelt &goto_model, std::ostream &out)
void link_to_library(goto_modelt &goto_model, message_handlert &message_handler, const std::function< void(const std::set< irep_idt > &, const symbol_tablet &, symbol_tablet &, message_handlert &)> &library)
Complete missing function definitions using the library.
Field-insensitive, location-sensitive bitvector analysis.
Local safe pointer analysis.
void show_loop_ids(ui_message_handlert::uit ui, const goto_modelt &goto_model)
void mm_io(symbol_tablet &symbol_table, goto_functionst &goto_functions, message_handlert &message_handler)
Perform Memory-mapped I/O instrumentation.
static void mmio(value_setst &value_sets, const symbol_tablet &symbol_table, const irep_idt &function_id, goto_programt &goto_program, message_handlert &message_handler)
Memory-mapped I/O Instrumentation for Goto Programs.
bool model_argc_argv(goto_modelt &goto_model, unsigned max_argc, message_handlert &message_handler)
Set up argv with up to max_argc pointers into an array of 4096 bytes.
Initialize command line arguments.
Compute natural loops in a goto_function.
void show_natural_loops(const goto_modelt &goto_model, std::ostream &out)
void nondet_static_matching(goto_modelt &goto_model, const std::string ®ex)
Nondeterministically initializes global scope variables that match the given regex.
static void nondet_static(const namespacet &ns, goto_functionst &goto_functions, const irep_idt &fct_name)
Nondeterministically initializes global scope variables in a goto-function.
Nondeterministically initializes global scope variables, except for constants (such as string literal...
void parse_nondet_volatile_options(const cmdlinet &cmdline, optionst &options)
void nondet_volatile(goto_modelt &goto_model, const optionst &options)
Havoc reads from volatile expressions, if enabled in the options.
#define HELP_NONDET_VOLATILE
void parameter_assignments(symbol_table_baset &symbol_table, goto_functionst &goto_functions)
removes returns
Add parameter assignments.
std::string align_center_with_border(const std::string &text)
Utility for displaying help centered messages borderered by "* *".
std::string banner_string(const std::string &front_end, const std::string &version)
Field-sensitive, location-insensitive points-to analysis.
static void race_check(value_setst &value_sets, symbol_table_baset &symbol_table, const irep_idt &function_id, goto_programt &goto_program, w_guardst &w_guards, message_handlert &message_handler)
Race Detection for Threaded Goto Programs.
void reachability_slicer(goto_modelt &goto_model, const bool include_forward_reachability, message_handlert &message_handler)
Perform reachability slicing on goto_model, with respect to the criterion given by all properties.
void function_path_reachability_slicer(goto_modelt &goto_model, const std::list< std::string > &functions_list, message_handlert &message_handler)
Perform reachability slicing on goto_model for selected functions.
#define HELP_FP_REACHABILITY_SLICER
#define HELP_REACHABILITY_SLICER
Range-based reaching definitions analysis (following Field- Sensitive Program Dependence Analysis,...
static bool read_goto_binary(const std::string &filename, symbol_tablet &, goto_functionst &, message_handlert &)
Read a goto binary from a file, but do not update config.
void remove_asm(goto_functionst &goto_functions, symbol_tablet &symbol_table, message_handlert &message_handler)
Replaces inline assembly instructions in the goto program (i.e., instructions of kind OTHER with a co...
bool has_asm(const goto_functionst &goto_functions)
returns true iff the given goto functions use asm instructions
Remove 'asm' statements by compiling them into suitable standard goto program instructions.
Remove calls to functions without a body.
#define HELP_REMOVE_CALLS_NO_BODY
#define HELP_REMOVE_CONST_FUNCTION_POINTERS
void remove_functions(goto_modelt &goto_model, const std::list< std::string > &names, message_handlert &message_handler)
Remove the body of all functions listed in "names" such that an analysis will treat it as a side-effe...
Remove function definition.
void remove_function_pointers(message_handlert &_message_handler, goto_modelt &goto_model, bool only_remove_const_fps)
Remove Indirect Function Calls.
void restore_returns(goto_modelt &goto_model)
restores return statements
void remove_returns(symbol_table_baset &symbol_table, goto_functionst &goto_functions)
removes returns
Replace function returns by assignments to global variables.
void remove_skip(goto_programt &goto_program, goto_programt::targett begin, goto_programt::targett end)
remove unnecessary skip statements
void remove_unused_functions(goto_modelt &goto_model, message_handlert &message_handler)
void remove_virtual_functions(symbol_table_baset &symbol_table, goto_functionst &goto_functions)
Remove virtual function calls from all functions in the specified list and replace them with their mo...
Functions for replacing virtual function call with a static function calls in functions,...
#define HELP_REPLACE_CALLS
void parse_function_pointer_restriction_options_from_cmdline(const cmdlinet &cmdline, optionst &options)
void restrict_function_pointers(message_handlert &message_handler, goto_modelt &goto_model, const optionst &options)
Apply function pointer restrictions to a goto_model.
Given goto functions and a list of function parameters or globals that are function pointers with lis...
#define RESTRICT_FUNCTION_POINTER_OPT
#define RESTRICT_FUNCTION_POINTER_FROM_FILE_OPT
#define HELP_RESTRICT_FUNCTION_POINTER
#define RESTRICT_FUNCTION_POINTER_BY_NAME_OPT
static std::optional< exprt > rewrite_rw_ok(exprt expr, const namespacet &ns)
Rewrite r/w/rw_ok expressions to ones including prophecy variables recording the state.
void rewrite_union(exprt &expr)
We rewrite u.c for unions u into byte_extract(u, 0), and { .c = v } into byte_update(NIL,...
Race Detection for Threaded Goto Programs.
Single-entry, single-exit region analysis.
void label_properties(goto_modelt &goto_model)
Set the properties to check.
#define HELP_SHOW_GOTO_FUNCTIONS
void show_locations(ui_message_handlert::uit ui, const irep_idt function_id, const goto_programt &goto_program)
void show_properties(const namespacet &ns, const irep_idt &identifier, message_handlert &message_handler, ui_message_handlert::uit ui, const goto_programt &goto_program)
#define HELP_SHOW_PROPERTIES
void show_symbol_table(const symbol_table_baset &symbol_table, ui_message_handlert &ui)
void show_symbol_table_brief(const symbol_table_baset &symbol_table, ui_message_handlert &ui)
void show_value_sets(ui_message_handlert::uit ui, const goto_modelt &goto_model, const value_set_analysist &value_set_analysis)
static bool skip_loops(goto_programt &goto_program, const loop_idst &loop_ids, messaget &message)
Skip over selected loops by adding gotos.
void slice_global_inits(goto_modelt &goto_model, message_handlert &message_handler)
Remove initialization of global variables that are not used in any function reachable from the entry ...
Remove initializations of unused global variables.
bool splice_call(goto_functionst &goto_functions, const std::string &callercallee, const symbol_table_baset &symbol_table, message_handlert &message_handler)
Harnessing for goto functions.
#define CHECK_RETURN(CONDITION)
#define PRECONDITION(CONDITION)
static void stack_depth(goto_programt &goto_program, const symbol_exprt &symbol, const std::size_t i_depth, const exprt &max_depth)
unsigned safe_string2unsigned(const std::string &str, int base)
unsigned unsafe_string2unsigned(const std::string &str, int base)
std::size_t safe_string2size_t(const std::string &str, int base)
void string_abstraction(goto_modelt &goto_model, message_handlert &message_handler)
void split_string(const std::string &s, char delim, std::vector< std::string > &result, bool strip, bool remove_empty)
std::list< std::string > defines
preprocessort preprocessor
This is unused by this implementation of guards, but can be used by other implementations of the same...
void thread_exit_instrumentation(goto_programt &goto_program)
void mutex_init_instrumentation(const symbol_tablet &symbol_table, goto_programt &goto_program, typet lock_type)
void list_undefined_functions(const goto_modelt &goto_model, std::ostream &os)
void undefined_function_abort_path(goto_modelt &goto_model)
Handling of functions without body.
#define widen_if_needed(s)
void add_uninitialized_locals_assertions(goto_modelt &goto_model)
void show_uninitialized(const goto_modelt &goto_model, std::ostream &out)
#define HELP_UNINITIALIZED_CHECK
void value_set_fi_fp_removal(goto_modelt &goto_model, message_handlert &message_handler)
Builds the flow-insensitive value set for all function pointers and replaces function pointers with a...
flow insensitive value set function pointer removal
const char * CBMC_VERSION
void weak_memory(memory_modelt model, value_setst &value_sets, goto_modelt &goto_model, bool SCC, instrumentation_strategyt event_strategy, bool no_cfg_kill, bool no_dependencies, loop_strategyt duplicate_body, unsigned input_max_var, unsigned input_max_po_trans, bool render_po, bool render_file, bool render_function, bool cav11_option, bool hide_internals, message_handlert &message_handler, bool ignore_arrays)
instrumentation_strategyt
static void write_goto_binary(std::ostream &out, const symbol_table_baset &symbol_table, const goto_functionst &goto_functions, irep_serializationt &irepconverter)
Writes a goto program to disc, using goto binary format.
1.9.1