mm__io_8cpp_source.html

 /*******************************************************************\


 Module: Perform Memory-mapped I/O instrumentation


 Author: Daniel Kroening


 Date:   April 2017


 \*******************************************************************/


 #include "mm_io.h"


 #include <util/fresh_symbol.h>

 #include <util/message.h>

 #include <util/pointer_expr.h>

 #include <util/pointer_offset_size.h>

 #include <util/pointer_predicates.h>

 #include <util/replace_expr.h>


 #include "goto_model.h"


 #include <set>


 class mm_iot

 {

 public:

   explicit mm_iot(symbol_table_baset &symbol_table);


   void mm_io(goto_functionst::goto_functiont &goto_function);


   std::size_t reads_replaced = 0;

   std::size_t writes_replaced = 0;


 protected:

   const irep_idt id_r = CPROVER_PREFIX "mm_io_r";

   const irep_idt id_w = CPROVER_PREFIX "mm_io_w";


   const namespacet ns;

   exprt mm_io_r;

   exprt mm_io_r_value;

   exprt mm_io_w;

 };


 mm_iot::mm_iot(symbol_table_baset &symbol_table)

   : ns(symbol_table),

     mm_io_r(nil_exprt{}),

     mm_io_r_value(nil_exprt{}),

     mm_io_w(nil_exprt{})

 {

   if(const auto mm_io_r_symbol = symbol_table.lookup(id_r))

   {

     mm_io_r = mm_io_r_symbol->symbol_expr();


     const auto &value_symbol = get_fresh_aux_symbol(

       to_code_type(mm_io_r.type()).return_type(),

       id2string(id_r) + "$value",

       id2string(id_r) + "$value",

       mm_io_r_symbol->location,

       mm_io_r_symbol->mode,

       symbol_table);


     mm_io_r_value = value_symbol.symbol_expr();

   }


   if(const auto mm_io_w_symbol = symbol_table.lookup(id_w))

     mm_io_w = mm_io_w_symbol->symbol_expr();

 }


 static std::set<dereference_exprt> collect_deref_expr(const exprt &src)

 {

   std::set<dereference_exprt> collected;

   src.visit_pre([&collected](const exprt &e) {

     if(e.id() == ID_dereference)

       collected.insert(to_dereference_expr(e));

   });

   return collected;

 }


 void mm_iot::mm_io(goto_functionst::goto_functiont &goto_function)

 {

   // return early when there is nothing to be done

   if(mm_io_r.is_nil() && mm_io_w.is_nil())

     return;


   for(auto it = goto_function.body.instructions.begin();

       it != goto_function.body.instructions.end();

       it++)

   {

     if(!it->is_assign())

       continue;


     auto &a_lhs = it->assign_lhs();

     auto &a_rhs = it->assign_rhs_nonconst();

     const auto deref_expr_r = collect_deref_expr(a_rhs);


     if(mm_io_r.is_not_nil())

     {

       if(deref_expr_r.size() == 1)

       {

         const dereference_exprt &d = *deref_expr_r.begin();

         source_locationt source_location = it->source_location();

         const code_typet &ct = to_code_type(mm_io_r.type());


         if_exprt if_expr(

           integer_address(d.pointer()),

           typecast_exprt::conditional_cast(mm_io_r_value, d.type()),

           d);

         replace_expr(d, if_expr, a_rhs);


         const typet &pt = ct.parameters()[0].type();

         const typet &st = ct.parameters()[1].type();

         auto size_opt = size_of_expr(d.type(), ns);

         CHECK_RETURN(size_opt.has_value());

         auto call = goto_programt::make_function_call(

           mm_io_r_value,

           mm_io_r,

           {typecast_exprt(d.pointer(), pt),

            typecast_exprt(size_opt.value(), st)},

           source_location);

         goto_function.body.insert_before_swap(it, call);

         ++reads_replaced;

         it++;

       }

     }


     if(mm_io_w.is_not_nil())

     {

       if(a_lhs.id() == ID_dereference)

       {

         const dereference_exprt &d = to_dereference_expr(a_lhs);

         source_locationt source_location = it->source_location();

         const code_typet &ct = to_code_type(mm_io_w.type());

         const typet &pt = ct.parameters()[0].type();

         const typet &st = ct.parameters()[1].type();

         const typet &vt = ct.parameters()[2].type();

         auto size_opt = size_of_expr(d.type(), ns);

         CHECK_RETURN(size_opt.has_value());

         const code_function_callt fc(

           mm_io_w,

           {typecast_exprt(d.pointer(), pt),

            typecast_exprt(size_opt.value(), st),

            typecast_exprt(a_rhs, vt)});

         goto_function.body.insert_before_swap(it);

         *it = goto_programt::make_function_call(fc, source_location);

         ++writes_replaced;

         it++;

       }

     }

   }

 }


 void mm_io(

   symbol_tablet &symbol_table,

   goto_functionst &goto_functions,

   message_handlert &message_handler)

 {

   mm_iot rewrite{symbol_table};


   for(auto &f : goto_functions.function_map)

     rewrite.mm_io(f.second);


   if(rewrite.reads_replaced || rewrite.writes_replaced)

   {

     messaget log{message_handler};

     log.status() << "Replaced MMIO operations: " << rewrite.reads_replaced

                  << " read(s), " << rewrite.writes_replaced << " write(s)"

                  << messaget::eom;

   }

 }


 void mm_io(goto_modelt &model, message_handlert &message_handler)

 {

   mm_io(model.symbol_table, model.goto_functions, message_handler);

 }

code_function_callt
goto_instruction_codet representation of a function call statement.
Definition: goto_instruction_code.h:271

code_typet
Base type of functions.
Definition: std_types.h:583

code_typet::return_type
const typet & return_type() const
Definition: std_types.h:689

code_typet::parameters
const parameterst & parameters() const
Definition: std_types.h:699

dereference_exprt
Operator to dereference a pointer.
Definition: pointer_expr.h:834

dereference_exprt::pointer
exprt & pointer()
Definition: pointer_expr.h:847

dstringt
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Definition: dstring.h:38

exprt
Base class for all expressions.
Definition: expr.h:56

exprt::visit_pre
void visit_pre(std::function< void(exprt &)>)
Definition: expr.cpp:227

exprt::type
typet & type()
Return the type of the expression.
Definition: expr.h:84

goto_functionst
A collection of goto functions.
Definition: goto_functions.h:25

goto_functionst::function_map
function_mapt function_map
Definition: goto_functions.h:29

goto_functionst::goto_functiont
::goto_functiont goto_functiont
Definition: goto_functions.h:27

goto_modelt
Definition: goto_model.h:27

goto_modelt::symbol_table
symbol_tablet symbol_table
Symbol table.
Definition: goto_model.h:31

goto_modelt::goto_functions
goto_functionst goto_functions
GOTO functions.
Definition: goto_model.h:34

goto_programt::make_function_call
static instructiont make_function_call(const code_function_callt &_code, const source_locationt &l=source_locationt::nil())
Create a function call instruction.
Definition: goto_program.h:1090

if_exprt
The trinary if-then-else operator.
Definition: std_expr.h:2370

irept::is_not_nil
bool is_not_nil() const
Definition: irep.h:368

irept::id
const irep_idt & id() const
Definition: irep.h:384

irept::is_nil
bool is_nil() const
Definition: irep.h:364

message_handlert
Definition: message.h:28

messaget
Class that provides messages with a built-in verbosity 'level'.
Definition: message.h:155

messaget::eom
static eomt eom
Definition: message.h:297

mm_iot
Definition: mm_io.cpp:28

mm_iot::id_r
const irep_idt id_r
Definition: mm_io.cpp:38

mm_iot::id_w
const irep_idt id_w
Definition: mm_io.cpp:39

mm_iot::reads_replaced
std::size_t reads_replaced
Definition: mm_io.cpp:34

mm_iot::mm_io_r
exprt mm_io_r
Definition: mm_io.cpp:42

mm_iot::mm_iot
mm_iot(symbol_table_baset &symbol_table)
Definition: mm_io.cpp:47

mm_iot::writes_replaced
std::size_t writes_replaced
Definition: mm_io.cpp:35

mm_iot::mm_io_r_value
exprt mm_io_r_value
Definition: mm_io.cpp:43

mm_iot::mm_io
void mm_io(goto_functionst::goto_functiont &goto_function)
Definition: mm_io.cpp:82

mm_iot::mm_io_w
exprt mm_io_w
Definition: mm_io.cpp:44

mm_iot::ns
const namespacet ns
Definition: mm_io.cpp:41

namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition: namespace.h:94

nil_exprt
The NIL expression.
Definition: std_expr.h:3073

source_locationt
Definition: source_location.h:20

symbol_table_baset
The symbol table base class interface.
Definition: symbol_table_base.h:23

symbol_table_baset::lookup
const symbolt * lookup(const irep_idt &name) const
Find a symbol in the symbol table for read-only access.
Definition: symbol_table_base.h:96

symbol_tablet
The symbol table.
Definition: symbol_table.h:14

typecast_exprt
Semantic type conversion.
Definition: std_expr.h:2068

typecast_exprt::conditional_cast
static exprt conditional_cast(const exprt &expr, const typet &type)
Definition: std_expr.h:2076

typet
The type of an expression, extends irept.
Definition: type.h:29

CPROVER_PREFIX
#define CPROVER_PREFIX
Definition: cprover_prefix.h:14

get_fresh_aux_symbol
symbolt & get_fresh_aux_symbol(const typet &type, const std::string &name_prefix, const std::string &basename_prefix, const source_locationt &source_location, const irep_idt &symbol_mode, const namespacet &ns, symbol_table_baset &symbol_table)
Installs a fresh-named symbol with respect to the given namespace ns with the requested name pattern ...
Definition: fresh_symbol.cpp:32

fresh_symbol.h
Fresh auxiliary symbol creation.

goto_model.h
Symbol Table + CFG.

id2string
const std::string & id2string(const irep_idt &d)
Definition: irep.h:40

log
double log(double x)
Definition: math.c:2776

mm_io
void mm_io(symbol_tablet &symbol_table, goto_functionst &goto_functions, message_handlert &message_handler)
Definition: mm_io.cpp:155

collect_deref_expr
static std::set< dereference_exprt > collect_deref_expr(const exprt &src)
Definition: mm_io.cpp:72

mm_io.h
Perform Memory-mapped I/O instrumentation.

pointer_expr.h
API to expression classes for Pointers.

to_dereference_expr
const dereference_exprt & to_dereference_expr(const exprt &expr)
Cast an exprt to a dereference_exprt.
Definition: pointer_expr.h:890

size_of_expr
std::optional< exprt > size_of_expr(const typet &type, const namespacet &ns)
Definition: pointer_offset_size.cpp:287

pointer_offset_size.h
Pointer Logic.

integer_address
exprt integer_address(const exprt &pointer)
Definition: pointer_predicates.cpp:65

pointer_predicates.h
Various predicates over pointers in programs.

replace_expr
bool replace_expr(const exprt &what, const exprt &by, exprt &dest)
Definition: replace_expr.cpp:12

replace_expr.h

CHECK_RETURN
#define CHECK_RETURN(CONDITION)
Definition: invariant.h:495

message.h

to_code_type
const code_typet & to_code_type(const typet &type)
Cast a typet to a code_typet.
Definition: std_types.h:788