private void UnsuppressToken(AssertToken token)
{
var location = tokenLocation[token];
var p = BoogieUtil.findProcedureImpl(currProg.TopLevelDeclarations, location.Item1);
var block = p.Blocks.Where(blk => blk.Label == location.Item2).FirstOrDefault();
// disable assignment to assertsPassed
var ncmds = new List <Cmd>();
foreach (var cmd in block.Cmds)
{
if (!Options.DeepAsserts && cmd is AssumeCmd && QKeyValue.FindIntAttribute((cmd as AssumeCmd).Attributes, "suppressAssert", -1) == token.id)
{
ncmds.Add(BoogieAstFactory.MkVarEqExpr(assertsPassed, (cmd as AssumeCmd).Expr));
}
else if (Options.DeepAsserts && cmd is AssumeCmd &&
QKeyValue.FindIntAttribute((cmd as AssumeCmd).Attributes, "avn", -1) == token.id)
{
ncmds.Add(new AssertCmd(Token.NoToken, (cmd as AssertCmd).Expr, (cmd as AssertCmd).Attributes));
}
else
{
ncmds.Add(cmd);
}
}
block.Cmds = ncmds;
}
// goto label1, label2;
//
// label1:
// assume {:avn tok} !assertsPassed;
// return;
//
// label2:
// assume assertsPassed;
// goto lab;
//
// lab:
//
// Inputs: the list of blocks being constructed; the current block being constructed.
// End current block and adds two new blocks.
// Returns "lab".
private string addInstr(List <Block> instrumented, List <Cmd> curr, string curr_label, int token)
{
string lbl1 = getNewLabel();
string lbl2 = getNewLabel();
List <String> ssp = new List <String> {
lbl1, lbl2
};
instrumented.Add(new Block(Token.NoToken, curr_label, curr, new GotoCmd(Token.NoToken, ssp)));
string common_label = getNewLabel();
// assume (!assertsPassed)
AssumeCmd cmd1 = new AssumeCmd(Token.NoToken, Expr.Not(Expr.Ident(assertsPassed)));
if (token >= 0)
{
cmd1.Attributes = new QKeyValue(Token.NoToken, "avn", new List <object> {
Expr.Literal(token)
}, cmd1.Attributes);
}
// assume (assertsPassed)
AssumeCmd cmd2 = new AssumeCmd(Token.NoToken, Expr.Ident(assertsPassed));
curr = new List <Cmd>();
curr.Add(cmd1);
instrumented.Add(new Block(Token.NoToken, lbl1, curr, new ReturnCmd(Token.NoToken)));
curr = new List <Cmd>();
curr.Add(cmd2);
instrumented.Add(new Block(Token.NoToken, lbl2, curr, BoogieAstFactory.MkGotoCmd(common_label)));
return(common_label);
}
public Procedure getContextSwitchProcedure(int K)
{
Debug.Assert(K >= 1);
if (csProcBound == K)
{
return(csProc);
}
csProcBound = K;
// Procedure for context switching
//procedure contextSwitch();
//modifies k;
//modifies raiseException;
//ensures(old(k) <= k);
//ensures(k < K);
//ensures(inAtomicBlock => (old(k) == k && (raiseException == false)))
//ensures(!assertsPassed && !inAtomicBlock => raiseException)
List <IdentifierExpr> mods = new List <IdentifierExpr>();
mods.Add(new IdentifierExpr(Token.NoToken, vark));
if (InstrumentationConfig.addRaiseException && ContextSwitchRaisesException)
{
mods.Add(new IdentifierExpr(Token.NoToken, raiseException));
}
// ensures(k < K)
Ensures e1 = new Ensures(false, BoogieAstFactory.MkAssumeVarLtConst(vark, K).Expr);
// ensures(old(k) <= k)
Ensures e2 = new Ensures(false, BoogieAstFactory.MkAssumeOldVarLeVar(vark, vark).Expr);
Ensures e3;
if (InstrumentationConfig.addRaiseException && ContextSwitchRaisesException)
{
//ensures(inAtomicBlock => (old(k) == k && (raiseException == false)))
e3 = new Ensures(false, BoogieAstFactory.MkAssumeInAtomic(inAtomicBlock, vark, raiseException).Expr);
}
else
{
//ensures(inAtomicBlock => (old(k) == k))
e3 = new Ensures(false, Expr.Imp(Expr.Ident(inAtomicBlock), Expr.Eq(new OldExpr(Token.NoToken, Expr.Ident(vark)), Expr.Ident(vark))));
}
List <Ensures> ensures = new List <Ensures>();
ensures.Add(e1);
ensures.Add(e2);
ensures.Add(e3);
csProc = new Procedure(Token.NoToken, csProcName, new List <TypeVariable>(), new List <Variable>(), new List <Variable>(),
new List <Requires>(), mods, ensures);
return(csProc);
}
List <Cmd> ProcessAssign(AssignCmd cmd, Dictionary <string, string> varDecls)
{
var ret = new List <Cmd>();
var reads = new GatherMemAccesses();
cmd.Lhss.Iter(e => reads.VisitExpr(e.AsExpr));
cmd.Rhss.Iter(e => reads.VisitExpr(e));
foreach (var tup in reads.accesses)
{
var ptr = tup.Item2;
string basePtr;
if (varDecls.TryGetValue(ptr.ToString(), out basePtr))
{
ret.Add(MkAssert(Expr.Ident(BoogieAstFactory.MkFormal(basePtr, btype.Int, true))));
}
else
{
ret.Add(MkAssert(ptr));
}
}
ret.Add(cmd);
return(ret);
}
static Program Process(Program program)
{
// find null
var nil = program.TopLevelDeclarations.OfType <Constant>().Where(g => g.Name == "null").FirstOrDefault();
if (nil == null)
{
Console.WriteLine("Error: null not found in the input program");
return(null);
}
// Add Freed: [Ref] bool;
Freed = new GlobalVariable(Token.NoToken, new TypedIdent(Token.NoToken,
"FreedRef", new MapType(Token.NoToken, new List <TypeVariable>(), new List <btype> {
nil.TypedIdent.Type
},
btype.Bool)));
program.AddTopLevelDeclaration(Freed);
// Find "Alloc" and add "assume !Freed[x];"
var allocProc = program.TopLevelDeclarations.OfType <Implementation>()
.Where(impl => impl.Name == "Alloc")
.FirstOrDefault();
Alloc = program.TopLevelDeclarations.OfType <GlobalVariable>()
.Where(impl => impl.Name == "$Alloc")
.FirstOrDefault();
if (allocProc == null || Alloc == null)
{
Console.WriteLine("Error: Alloc procedure not found in the input program");
return(null);
}
var x = allocProc.OutParams[0];
allocProc.Blocks[0].Cmds.Add(new AssumeCmd(Token.NoToken,
Expr.Not(BoogieAstFactory.MkMapAccessExpr(Freed, Expr.Ident(x)))));
// Find System.Heap.Delete, add Freed[x] := true
var freeProcs = program.TopLevelDeclarations.OfType <Implementation>()
.Where(impl => impl.Name.StartsWith("System.Heap.Delete")).ToList();
if (freeProcs.Count != 1)
{
Console.WriteLine("Error: Free procedure not found, or multiple found in the input program");
return(null);
}
x = freeProcs[0].InParams[0];
freeProcs[0].Blocks[0].Cmds.Insert(0,
BoogieAstFactory.MkMapAssign(Freed, Expr.Ident(x), Expr.Literal(true)));
DesugarIte.Instrument(program);
InstrumentMemoryAccesses.Instrument(program, nil);
return(program);
}
static Function GetCandidateFunc(string prefix, string implname)
{
return(new Function(Token.NoToken, prefix + implname,
new List <Variable> {
BoogieAstFactory.MkFormal("a", Microsoft.Boogie.Type.Bool, true),
BoogieAstFactory.MkFormal("b", Microsoft.Boogie.Type.Bool, true), BoogieAstFactory.MkFormal("c", Microsoft.Boogie.Type.Bool, true)
},
BoogieAstFactory.MkFormal("d", Microsoft.Boogie.Type.Bool, false)));
}
// assert e != null && $Alloc[e] && !Freed[e]; assume e != null
List <Cmd> MkAssert(Expr e)
{
return(new List <Cmd> {
new AssertCmd(Token.NoToken, Expr.Neq(e, nil)),
new AssertCmd(Token.NoToken, BoogieAstFactory.MkMapAccessExpr(Driver.Alloc, e)),
new AssertCmd(Token.NoToken, Expr.Not(BoogieAstFactory.MkMapAccessExpr(Driver.Freed, e))),
new AssumeCmd(Token.NoToken, Expr.Neq(e, nil)),
new AssumeCmd(Token.NoToken, BoogieAstFactory.MkMapAccessExpr(Driver.Alloc, e)),
new AssumeCmd(Token.NoToken, Expr.Not(BoogieAstFactory.MkMapAccessExpr(Driver.Freed, e))),
});
}
Function GetQueryFunc()
{
var f = new Function(Token.NoToken, "ASquery" + queries.Count,
new List <Variable> {
BoogieAstFactory.MkFormal("x", btype.Int, true)
},
BoogieAstFactory.MkFormal("y", btype.Bool, false));
f.AddAttribute("aliasingQuery", "allocationsites");
queries.Add(f);
return(f);
}
public void Run(Program program)
{
// First add a MustReach function
f = new Function(Token.NoToken, "ProcedureMustReach", new List <Variable> {
BoogieAstFactory.MkFormal("x", btype.Bool, true)
},
BoogieAstFactory.MkFormal("y", btype.Bool, false));
f.AddAttribute("ReachableStates");
program.AddTopLevelDeclaration(f);
// Then add function calls to the beginning and end of each non-stub procedure
program.Implementations.Iter(impl => VisitImplementation(impl));
}
// Rename basic blocks, local variables
// Add "havoc locals" at the beginning
// block return
private static void RenameImpl(Implementation impl, Dictionary <string, Tuple <Block, Implementation> > origProg)
{
var origImpl = (new FixedDuplicator(true)).VisitImplementation(impl);
var origBlocks = BoogieUtil.labelBlockMapping(origImpl);
// create new locals
var newLocals = new Dictionary <string, Variable>();
foreach (var l in impl.LocVars.Concat(impl.InParams).Concat(impl.OutParams))
{
// substitute even formal variables with LocalVariables. This is fine
// because we finally just merge all implemnetations together
var nl = BoogieAstFactory.MkLocal(l.Name + "_" + impl.Name + "_copy", l.TypedIdent.Type);
newLocals.Add(l.Name, nl);
}
// rename locals
var subst = new VarSubstituter(newLocals, new Dictionary <string, Variable>());
subst.VisitImplementation(impl);
// Rename blocks
foreach (var blk in impl.Blocks)
{
var newName = impl.Name + "_" + blk.Label;
origProg.Add(newName, Tuple.Create(origBlocks[blk.Label], origImpl));
blk.Label = newName;
if (blk.TransferCmd is GotoCmd)
{
var gc = blk.TransferCmd as GotoCmd;
gc.labelNames = new List <string>(
gc.labelNames.Select(lab => impl.Name + "_" + lab));
}
if (blk.TransferCmd is ReturnCmd)
{
// block return
blk.Cmds.Add(new AssumeCmd(Token.NoToken, Expr.False));
}
}
/*
* // havoc locals -- not necessary
* if (newLocals.Count > 0)
* {
* var ies = new List<IdentifierExpr>();
* newLocals.Values.Iter(v => ies.Add(Expr.Ident(v)));
* impl.Blocks[0].Cmds.Insert(0, new HavocCmd(Token.NoToken, ies));
* }
*/
}
// Adds a new main:
// assertsPassed := true;
// call main();
// assert assertsPassed;
string addMain(CBAProgram program)
{
var dup = new FixedDuplicator();
var origMain = BoogieUtil.findProcedureImpl(program.TopLevelDeclarations, program.mainProcName);
var newMain = dup.VisitImplementation(origMain);
var newProc = dup.VisitProcedure(origMain.Proc);
newMain.Name += "_SeqInstr";
newProc.Name += "_SeqInstr";
newMain.Proc = newProc;
var mainIns = new List <Expr>();
foreach (Variable v in newMain.InParams)
{
mainIns.Add(Expr.Ident(v));
}
var mainOuts = new List <IdentifierExpr>();
foreach (Variable v in newMain.OutParams)
{
mainOuts.Add(Expr.Ident(v));
}
var callMain = new CallCmd(Token.NoToken, program.mainProcName, mainIns, mainOuts);
callMain.Proc = origMain.Proc;
var cmds = new List <Cmd>();
cmds.Add(BoogieAstFactory.MkVarEqConst(assertsPassed, true));
cmds.Add(callMain);
cmds.Add(new AssertCmd(Token.NoToken, Expr.Ident(assertsPassed)));
var blk = new Block(Token.NoToken, "start", cmds, new ReturnCmd(Token.NoToken));
newMain.Blocks = new List <Block>();
newMain.Blocks.Add(blk);
program.AddTopLevelDeclaration(newProc);
program.AddTopLevelDeclaration(newMain);
program.mainProcName = newMain.Name;
// Set entrypoint
origMain.Attributes = BoogieUtil.removeAttr("entrypoint", origMain.Attributes);
origMain.Proc.Attributes = BoogieUtil.removeAttr("entrypoint", origMain.Proc.Attributes);
newMain.AddAttribute("entrypoint");
return(newMain.Name);
}
public override List <Cmd> VisitCmdSeq(List <Cmd> cmdSeq)
{
int callCmdCount = -1;
var newCmdSeq = new List <Cmd>();
foreach (Cmd c in cmdSeq)
{
newCmdSeq.Add(c);
var callCmd = c as CallCmd;
if (callCmd != null)
{
callCmdCount++;
}
if (callCmd != null && BoogieUtil.checkAttrExists(AvnAnnotations.AngelicUnknownCall, callCmd.Proc.Attributes))
{
var retCall = callCmd.Outs[0];
btype retType = callCmd.Proc.OutParams[0].TypedIdent.Type;
if (retType == null)
{
retType = btype.Int;
}
var mallocTriggerFn = new Function(Token.NoToken, mallocTriggerFuncName + mallocTriggers.Count,
new List <Variable>()
{
BoogieAstFactory.MkFormal("a", retType, false)
},
BoogieAstFactory.MkFormal("r", btype.Bool, false));
mallocTriggers[callCmd] = mallocTriggerFn;
var callId = QKeyValue.FindIntAttribute(callCmd.Attributes, cba.RestrictToTrace.ConcretizeCallIdAttr, -1);
Debug.Assert(callId == -1, "Calls to unknown must not already be tagged with an ID");
callId = instance.id++;
callCmd.Attributes = new QKeyValue(Token.NoToken, cba.RestrictToTrace.ConcretizeCallIdAttr, new List <object> {
Expr.Literal(callId)
}, callCmd.Attributes);
instance.mallocTriggersLocation[callId] = mallocTriggerFn.Name;
instance.mallocTriggerToAllocationSite[mallocTriggerFn.Name] = callId;
instance.prog.AddTopLevelDeclaration(mallocTriggerFn);
var fnApp = new NAryExpr(Token.NoToken,
new FunctionCall(mallocTriggerFn),
new List <Expr> ()
{
retCall
});
newCmdSeq.Add(BoogieAstFactory.MkAssume(fnApp));
}
}
return(base.VisitCmdSeq(newCmdSeq));
}
private Cmd AllocatePointerAsUnknown(Variable x)
{
var cc = BoogieAstFactory.MkCall(unknownGenProcs[x.TypedIdent.Type.ToString()],
new List <Expr>(),
new List <Variable>()
{
x
}) as CallCmd;
cc.Attributes = new QKeyValue(Token.NoToken, cba.RestrictToTrace.ConcretizeConstantNameAttr, new List <object> {
x.Name
}, cc.Attributes);
return(cc);
}
private static List <Cmd> ProcessAssume(AssumeCmd cmd)
{
var ret = new List <Cmd>();
var gm = new GatherMemAccesses();
gm.VisitExpr(cmd.Expr);
foreach (var tup in gm.accesses)
{
ret.Add(BoogieAstFactory.MkVarEqExpr(memAccess, tup.Item2));
ret.Add(Read(tup.Item1));
}
ret.Add(cmd);
return(ret);
}
// instrumentation functions for buffer overflow detection
private void BufferInstrument(Procedure mallocProcedure)
{
var sizeFun = new Function(Token.NoToken, "Size",
new List <Variable>()
{
BoogieAstFactory.MkFormal("x", btype.Int, false)
},
BoogieAstFactory.MkFormal("r", btype.Int, false));
sizeFun.AddAttribute("buffer", new Object[] { "size" });
var baseFun = new Function(Token.NoToken, "Base",
new List <Variable>()
{
BoogieAstFactory.MkFormal("x", btype.Int, false)
},
BoogieAstFactory.MkFormal("r", btype.Int, false));
baseFun.AddAttribute("buffer", new Object[] { "base" });
var allocMap = BoogieAstFactory.MkGlobal("nonfree",
BoogieAstFactory.MkMapType(btype.Int, btype.Bool));
allocMap.AddAttribute("buffer", new Object[] { "free" });
prog.AddTopLevelDeclaration(sizeFun);
prog.AddTopLevelDeclaration(baseFun);
prog.AddTopLevelDeclaration(allocMap);
var mallocRet = Expr.Ident(mallocProcedure.OutParams[0]);
mallocProcedure.Ensures.Add(new Ensures(true, Expr.Eq(
new NAryExpr(Token.NoToken, new FunctionCall(baseFun),
new List <Expr>()
{
mallocRet
}), mallocRet)));
var mallocIn = Expr.Ident(mallocProcedure.InParams[0]);
mallocProcedure.Ensures.Add(new Ensures(true, Expr.Eq(
new NAryExpr(Token.NoToken, new FunctionCall(sizeFun),
new List <Expr>()
{
mallocRet
}), mallocIn)));
//mallocProcedure.Ensures.Add(new Ensures(true,
// BoogieAstFactory.MkMapAccessExpr(allocMap, mallocRet)));
}
public override Implementation VisitImplementation(Implementation node)
{
var varDecls = new Dictionary <string, string>();
var cb = new CollectBasePointer(varDecls);
cb.VisitImplementation(node);
foreach (var b in node.Blocks)
{
var newCmds = new List <Cmd>();
foreach (var c in b.Cmds)
{
if (c is AssumeCmd)
{
var asmCmd = c as AssumeCmd;
if (BoogieUtil.checkAttrExists("nonnull", asmCmd.Attributes))
{
var expr = asmCmd.Expr as NAryExpr;
expr.Args[1] = nil;
newCmds.Add(c);
continue;
}
}
if (c is AssignCmd)
{
var asnCmd = c as AssignCmd;
var reads = new GatherMemAccesses();
asnCmd.Rhss.Iter(e => reads.VisitExpr(e));
foreach (var tup in reads.accesses)
{
var ptr = tup.Item2;
string basePtr;
if (varDecls.TryGetValue(ptr.ToString(), out basePtr))
{
newCmds.Add(MkAssume(Expr.Ident(BoogieAstFactory.MkFormal(basePtr, btype.Int, true))));
}
else
{
newCmds.Add(MkAssume(ptr));
}
}
}
newCmds.Add(c);
}
b.cmds = newCmds;
}
return(node);
}
private void instrumentMapHavocs(Block block, Dictionary <string, int> allocConstants, List <Constant> newDecls)
{
var newCmds = new List <Cmd>();
foreach (Cmd cmd in block.Cmds)
{
newCmds.Add(cmd);
if (!(cmd is CallCmd))
{
continue;
}
var ccmd = cmd as CallCmd;
if (ccmd.Outs.Count != 1)
{
continue;
}
if (!procsWithoutBody.Contains(ccmd.callee))
{
continue;
}
var retVal = ccmd.Outs[0];
if (retVal == null)
{
continue;
}
if (retVal.Type.IsMap)
{
// new constant
var mapconst = new Constant(Token.NoToken, new TypedIdent(Token.NoToken, "mapconst" + newDecls.Count,
retVal.Type), false);
newDecls.Add(mapconst);
var id = QKeyValue.FindIntAttribute(ccmd.Attributes, RestrictToTrace.ConcretizeCallIdAttr, -1);
allocConstants.Add(mapconst.Name, id);
newCmds.Add(BoogieAstFactory.MkVarEqVar(retVal.Decl, mapconst));
}
}
block.Cmds = newCmds;
}
private static Cmd AllocatePointerAsUnknown(Procedure mallocProcedureFull, Variable x)
{
var cc = BoogieAstFactory.MkCall(mallocProcedureFull,
new List <Expr>()
{
new LiteralExpr(Token.NoToken, Microsoft.Basetypes.BigNum.ONE)
},
new List <Variable>()
{
x
}) as CallCmd;
cc.Attributes = new QKeyValue(Token.NoToken, x is LocalVariable? local_initialization : out_initialization, new List <object> {
x.Name
}, cc.Attributes);
return(cc);
}
public override Expr VisitIdentifierExpr(IdentifierExpr node)
{
if (insideOldExpr)
{
Debug.Assert(!node.Name.StartsWith("old_lv_subst_"));
if (!varMap.ContainsKey(node.Name))
{
var lv = new LocalVariable(Token.NoToken, new TypedIdent(Token.NoToken,
"old_lv_subst_" + node.Name, node.Decl.TypedIdent.Type));
varMap.Add(node.Name, lv);
initLocVars.Add(BoogieAstFactory.MkVarEqVar(lv, node.Decl));
}
return(new IdentifierExpr(Token.NoToken, varMap[node.Name]));
}
return(node);
}
public static void Instrument(Program program, HashSet <string> scalars)
{
memAccess = BoogieAstFactory.MkLocal("memAccess", Microsoft.Boogie.Type.Int) as LocalVariable;
scalarGlobals = new HashSet <string>();
program.TopLevelDeclarations
.OfType <GlobalVariable>()
.Where(g => scalars.Contains(g.Name))
.Iter(g => scalarGlobals.Add(g.Name));
program.TopLevelDeclarations
.OfType <Implementation>()
.Iter(Instrument);
var decl = BoogieAstFactory.MkProc(recordProc, new List <Variable>(new Variable[] { BoogieAstFactory.MkFormal("address", Microsoft.Boogie.Type.Int, true) }), new List <Variable>());
program.AddTopLevelDeclaration(decl);
}
private static List <Cmd> ProcessAssign(AssignCmd cmd)
{
var ret = new List <Cmd>();
var reads = new GatherMemAccesses();
var writes = new List <Tuple <Variable, Expr> >();
var scalars = new List <Variable>();
foreach (var lhs in cmd.Lhss)
{
if (lhs is MapAssignLhs)
{
var ma = lhs as MapAssignLhs;
ma.Indexes.Iter(e => writes.Add(Tuple.Create(ma.DeepAssignedVariable, e)));
ma.Indexes.Iter(e => reads.VisitExpr(e));
}
else if (lhs is SimpleAssignLhs && scalarGlobals.Contains(lhs.DeepAssignedVariable.Name))
{
scalars.Add(lhs.DeepAssignedVariable);
}
}
cmd.Rhss.Iter(e => reads.VisitExpr(e));
writes.Iter(tup =>
{
ret.Add(BoogieAstFactory.MkVarEqExpr(memAccess, tup.Item2));
ret.Add(Write(tup.Item1));
});
reads.accesses.Iter(tup =>
{
ret.Add(BoogieAstFactory.MkVarEqExpr(memAccess, tup.Item2));
ret.Add(Read(tup.Item1));
});
ret.Add(cmd);
scalars.Iter(v => ret.Add(RecordScalar(v)));
return(ret);
}
// assert !aliasQ(e, NULL)
AssertCmd MkAssert(Expr e)
{
var a = BoogieAstFactory.MkFormal("a", btype.Int, true);
var b = BoogieAstFactory.MkFormal("b", btype.Int, true);
var f = new Function(Token.NoToken, "aliasQ" + (counter++),
new List <Variable> {
a, b
},
BoogieAstFactory.MkFormal("c", btype.Bool, false));
f.AddAttribute("aliasingQuery");
f.AddAttribute("inline");
f.Body = Expr.Eq(Expr.Ident(a), Expr.Ident(b));
aliasQfuncs.Add(f);
return(new AssertCmd(Token.NoToken, Expr.Not(new NAryExpr(Token.NoToken, new FunctionCall(f), new List <Expr> {
e, nil
}))));
}
private static List <Cmd> ProcessCall(CallCmd cmd)
{
var ret = new List <Cmd>();
var gm = new GatherMemAccesses();
cmd.Ins.Where(e => e != null).Iter(e => gm.VisitExpr(e));
foreach (var tup in gm.accesses)
{
ret.Add(BoogieAstFactory.MkVarEqExpr(memAccess, tup.Item2));
ret.Add(Read(tup.Item1));
}
ret.Add(cmd);
cmd.Outs.Where(ie => ie != null && scalarGlobals.Contains(ie.Name))
.Iter(ie => ret.Add(RecordScalar(ie.Decl)));
return(ret);
}
public static Function FindReachableStatesFunc(Program program)
{
var ret = program.TopLevelDeclarations.OfType <Function>()
.Where(f => QKeyValue.FindBoolAttribute(f.Attributes, AvnAnnotations.ReachableStatesAttr))
.FirstOrDefault();
if (ret != null)
{
return(ret);
}
ret = new Function(Token.NoToken, "MustReach", new List <Variable> {
BoogieAstFactory.MkFormal("x", btype.Bool, true)
},
BoogieAstFactory.MkFormal("y", btype.Bool, false));
ret.AddAttribute(AvnAnnotations.ReachableStatesAttr);
program.AddTopLevelDeclaration(ret);
return(ret);
}
// For each variable Mem to instrument, return:
// assume Mem__1 == Mem_s_1
// assume Mem__2 == Mem_s_2
// ...
// assume Mem__{K-1} == Mem_s_{K-1}
public List <Cmd> constructInitAssumes(int K, InstrumentationPolicy policy)
{
List <Cmd> cseq = new List <Cmd>();
for (int i = 1; i < K; i++)
{
foreach (var declg in declaredGlobals)
{
if (!policy.instrument(declg.Value))
{
continue;
}
var g = declg.Value;
// assume Mem__1 == Mem_s_1 ...
cseq.Add(BoogieAstFactory.MkAssumeVarEqVar(GetVarCopy(g, i), GetVarInitCopy(g, i)));
}
}
return(cseq);
}
// For each variable Mem to instrument, return:
// assume Mem__0 == Mem_s_1
// assume Mem__1 == Mem_s_2
// ...
// assume Mem__{K-2} == Mem_s_{K-1}
public List <Cmd> constructChecker(int K, InstrumentationPolicy policy)
{
List <Cmd> cseq = new List <Cmd>();
for (int i = 0; i < K - 1; i++)
{
foreach (var declg in declaredGlobals)
{
if (!policy.instrument(declg.Value))
{
continue;
}
var g = declg.Value;
cseq.Add(BoogieAstFactory.MkAssumeVarEqVar(GetVarCopy(g, i), GetVarInitCopy(g, i + 1)));
}
}
return(cseq);
}
void Desugar(Variable lhs, Expr cond, Expr then, Expr els, ref List <Cmd> currCmds, ref Block currBlock, List <Block> newBlocks)
{
// create three new blocks
var lab1 = GetNewLabel();
var lab2 = GetNewLabel();
var lab3 = GetNewLabel();
var tmp = CreateTmp(btype.Bool);
currCmds.Add(BoogieAstFactory.MkVarEqExpr(tmp, cond));
// end current block
currBlock.Cmds = currCmds;
currBlock.TransferCmd = new GotoCmd(Token.NoToken, new List <string> {
lab1, lab2
});
newBlocks.Add(currBlock);
var blk1 = new Block(Token.NoToken, lab1, new List <Cmd>(), BoogieAstFactory.MkGotoCmd(lab3));
var blk2 = new Block(Token.NoToken, lab2, new List <Cmd>(), BoogieAstFactory.MkGotoCmd(lab3));
blk1.Cmds.AddRange(
new List <Cmd> {
BoogieAstFactory.MkAssume(Expr.Ident(tmp)),
BoogieAstFactory.MkVarEqExpr(lhs, then)
});
blk2.Cmds.AddRange(
new List <Cmd> {
BoogieAstFactory.MkAssume(Expr.Not(Expr.Ident(tmp))),
BoogieAstFactory.MkVarEqExpr(lhs, els)
});
newBlocks.Add(blk1);
newBlocks.Add(blk2);
currBlock = new Block(Token.NoToken, lab3, new List <Cmd>(), null);
currCmds = new List <Cmd>();
}
public void SuppressToken(AssertToken token)
{
var location = tokenLocation[token];
if (Options.DeepAsserts)
{
location = Tuple.Create((output as PersistentProgram).mainProcName, location.Item2);
}
var p = BoogieUtil.findProcedureImpl(currProg.TopLevelDeclarations, location.Item1);
var block = p.Blocks.Where(blk => blk.Label == location.Item2).FirstOrDefault();
// disable assignment to assertsPassed
var ncmds = new List <Cmd>();
foreach (var cmd in block.Cmds)
{
if (!Options.DeepAsserts && (cmd is AssignCmd) && (cmd as AssignCmd).Lhss[0].DeepAssignedVariable.Name == assertsPassedName)
{
var acmd = BoogieAstFactory.MkAssume((cmd as AssignCmd).Rhss[0]) as AssumeCmd;
acmd.Attributes = new QKeyValue(Token.NoToken, "suppressAssert",
new List <object> {
Expr.Literal(token.id)
}, null);
ncmds.Add(acmd);
}
else if (Options.DeepAsserts && (cmd is AssertCmd) &&
QKeyValue.FindIntAttribute((cmd as AssertCmd).Attributes, "avn", -1) == token.id)
{
var acmd = new AssumeCmd(Token.NoToken, (cmd as AssertCmd).Expr, (cmd as AssertCmd).Attributes);
ncmds.Add(acmd);
}
else
{
ncmds.Add(cmd);
}
}
block.Cmds = ncmds;
}
// This is to avoid a corner-case with ModifyTrans where some statements
// that are deleted by the transformation are picked up at the end of the
// trace while mapping back.
// We avoid this by adding "assume true" right after procedure calls
private cba.InsertionTrans AddBlanks(Program program)
{
var tinfo = new cba.InsertionTrans();
foreach (var impl in program.TopLevelDeclarations.OfType <Implementation>())
{
foreach (var blk in impl.Blocks)
{
var currCmds = new List <Cmd>();
tinfo.addTrans(impl.Name, blk.Label, blk.Label);
var incnt = -1;
foreach (Cmd cmd in blk.Cmds)
{
incnt++;
// procedure call
if (cmd is CallCmd)
{
currCmds.Add(cmd);
tinfo.addTrans(impl.Name, blk.Label, incnt, cmd, blk.Label, currCmds.Count - 1, new List <Cmd> {
currCmds.Last()
});
currCmds.Add(BoogieAstFactory.MkAssume(Expr.True));
continue;
}
currCmds.Add(cmd);
tinfo.addTrans(impl.Name, blk.Label, incnt, cmd, blk.Label, currCmds.Count - 1, new List <Cmd> {
currCmds.Last()
});
}
blk.Cmds = currCmds;
}
}
return(tinfo);
}
// replace formal-ins and outs with a unique variable
public static string ExprToTemplateGeneral(Expr expr)
{
var GetFin = new Func <btype, Variable>(ty =>
BoogieAstFactory.MkFormal("v_fin_" + ty.ToString(), ty, true));
var GetFout = new Func <btype, Variable>(ty =>
BoogieAstFactory.MkFormal("v_fout_" + ty.ToString(), ty, true));
var ret =
Substituter.Apply(new Substitution(v =>
{
if (v is Formal && (v as Formal).InComing)
{
return(Expr.Ident(GetFin(v.TypedIdent.Type)));
}
if (v is Formal && !(v as Formal).InComing)
{
return(Expr.Ident(GetFout(v.TypedIdent.Type)));
}
return(Expr.Ident(v));
}), expr);
return(ret.ToString());
}
