CBMC
safety_checker.h
Go to the documentation of this file.
1 /*******************************************************************\
2 
3 Module: Safety Checker Interface
4 
5 Author: Daniel Kroening, kroening@kroening.com
6 
7 \*******************************************************************/
8 
11 
12 #ifndef CPROVER_GOTO_PROGRAMS_SAFETY_CHECKER_H
13 #define CPROVER_GOTO_PROGRAMS_SAFETY_CHECKER_H
14 
15 // this is just an interface -- it won't actually do any checking!
16 
17 #include <util/invariant.h>
18 #include <util/message.h>
19 
20 #include "goto_trace.h"
21 
22 class goto_functionst;
23 
24 class safety_checkert:public messaget
25 {
26 public:
27  safety_checkert(const namespacet &_ns, message_handlert &_message_handler);
28 
29  enum class resultt
30  {
32  SAFE,
34  UNSAFE,
36  ERROR,
40  PAUSED,
41  };
42 
43  // check whether all assertions in goto_functions are safe
44  // if UNSAFE, then a trace is returned
45 
46  virtual resultt operator()(
47  const goto_functionst &goto_functions)=0;
48 
49  // this is the counterexample
50  goto_tracet error_trace;
51 
52 protected:
53  // the namespace
54  const namespacet &ns;
55 };
56 
63 inline safety_checkert::resultt &
64 operator&=(safety_checkert::resultt &a, safety_checkert::resultt const &b)
65 {
66  PRECONDITION(
67  a != safety_checkert::resultt::PAUSED &&
68  b != safety_checkert::resultt::PAUSED);
69  switch(a)
70  {
71  case safety_checkert::resultt::ERROR:
72  return a;
73  case safety_checkert::resultt::SAFE:
74  a = b;
75  return a;
76  case safety_checkert::resultt::UNSAFE:
77  a = b == safety_checkert::resultt::ERROR ? b : a;
78  return a;
79  case safety_checkert::resultt::PAUSED:
80  UNREACHABLE;
81  }
82  UNREACHABLE;
83 }
84 
91 inline safety_checkert::resultt &
92 operator|=(safety_checkert::resultt &a, safety_checkert::resultt const &b)
93 {
94  PRECONDITION(
95  a != safety_checkert::resultt::PAUSED &&
96  b != safety_checkert::resultt::PAUSED);
97  switch(a)
98  {
99  case safety_checkert::resultt::SAFE:
100  return a;
101  case safety_checkert::resultt::ERROR:
102  a = b;
103  return a;
104  case safety_checkert::resultt::UNSAFE:
105  a = b == safety_checkert::resultt::SAFE ? b : a;
106  return a;
107  case safety_checkert::resultt::PAUSED:
108  UNREACHABLE;
109  }
110  UNREACHABLE;
111 }
112 #endif // CPROVER_GOTO_PROGRAMS_SAFETY_CHECKER_H
goto_functionst
A collection of goto functions.
Definition: goto_functions.h:25
goto_tracet
Trace of a GOTO program.
Definition: goto_trace.h:177
message_handlert
Definition: message.h:28
messaget
Class that provides messages with a built-in verbosity 'level'.
Definition: message.h:155
namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition: namespace.h:94
safety_checkert
Definition: safety_checker.h:25
safety_checkert::ns
const namespacet & ns
Definition: safety_checker.h:54
safety_checkert::safety_checkert
safety_checkert(const namespacet &_ns, message_handlert &_message_handler)
Definition: safety_checker.cpp:14
safety_checkert::resultt
resultt
Definition: safety_checker.h:30
safety_checkert::resultt::UNSAFE
@ UNSAFE
Some safety properties were violated.
safety_checkert::resultt::PAUSED
@ PAUSED
Symbolic execution has been suspended due to encountering a GOTO while doing path exploration; the sy...
safety_checkert::resultt::SAFE
@ SAFE
No safety properties were violated.
safety_checkert::resultt::ERROR
@ ERROR
Safety is unknown due to an error during safety checking.
safety_checkert::operator()
virtual resultt operator()(const goto_functionst &goto_functions)=0
safety_checkert::error_trace
goto_tracet error_trace
Definition: safety_checker.h:50
goto_trace.h
Traces of GOTO Programs.
operator&=
safety_checkert::resultt & operator&=(safety_checkert::resultt &a, safety_checkert::resultt const &b)
The worst of two results.
Definition: safety_checker.h:64
operator|=
safety_checkert::resultt & operator|=(safety_checkert::resultt &a, safety_checkert::resultt const &b)
The best of two results.
Definition: safety_checker.h:92
UNREACHABLE
#define UNREACHABLE
This should be used to mark dead code.
Definition: invariant.h:525
PRECONDITION
#define PRECONDITION(CONDITION)
Definition: invariant.h:463