static Program Process(Program program) { // Get rid of Synonyms RemoveTypeSynonyms.Remove(program); //BoogieUtil.PrintProgram(program, "tt.bpl"); program = BoogieUtil.ReResolve(program); // add "allocator" to malloc program.TopLevelDeclarations.OfType <Procedure>() .Where(p => MallocNames.Contains(p.Name)) .Iter(p => p.AddAttribute("allocator")); // Create "null" var nil = new Constant(Token.NoToken, new TypedIdent(Token.NoToken, "NULL", btype.Int), false); nil.AddAttribute("allocated"); // axiom NULL == 0; var ax = new Axiom(Token.NoToken, Expr.Eq(Expr.Ident(nil), Expr.Literal(0))); // Convert 0 to NULL in the program ConvertToNull.Convert(program, nil); program.AddTopLevelDeclaration(nil); program.AddTopLevelDeclaration(ax); // Add "assert !aliasQ(e, NULL)" for each expression M[e] appearing in the program InstrumentMemoryAccesses.Instrument(program, nil); // Put {:scalar} {:AllocatorVar} on $CurrAddr var alloc = program.TopLevelDeclarations.OfType <GlobalVariable>().Where(g => g.Name == allocVar) .FirstOrDefault(); if (alloc != null) { alloc.AddAttribute("scalar"); alloc.AddAttribute(AvUtil.AvnAnnotations.AllocatorVarAttr); } else { Console.WriteLine("Warning: Global variable $CurrAddr not found"); } if (initMem) { InitMemory(program); } return(program); }
static Program Process(Program program) { // Get rid of Synonyms RemoveTypeSynonyms.Remove(program); //BoogieUtil.PrintProgram(program, "tt.bpl"); program = BoogieUtil.ReResolveInMem(program, false); // Create "null" var nil = new Constant(Token.NoToken, new TypedIdent(Token.NoToken, "NULL", btype.Int), false); nil.AddAttribute("allocated"); // axiom NULL == 0; //var ax = new Axiom(Token.NoToken, Expr.Eq(Expr.Ident(nil), Expr.Literal(0))); program.AddTopLevelDeclaration(nil); //program.AddTopLevelDeclaration(ax); // add "allocator" to malloc program.TopLevelDeclarations.OfType <Procedure>() .Where(p => MallocNames.Contains(p.Name)) .Iter(p => p.AddAttribute("allocator")); // inline functions InlineFunctions(program); // Add attribute {:fpcondition} to assume cmds in charge of branching in function pointer dispatch procs var fpAt = new AnnotateFPDispatchProcVisitor(); fpAt.Run(program); // Add MustReach function calls to the begining of each procedure and upon returns if (detectDeadCode) { var ddc = new SimpleDeadcodeDectectionVisitor(); ddc.Run(program); } // if we don't check NULL, stop here if (!checkNULL && !checkUAF) { return(program); } if (checkUAF) { var iu = new InstrumentUAF(); iu.Instrument(program, nil); program.AddTopLevelDeclaration(new Axiom(Token.NoToken, Expr.Eq(Expr.Ident(nil), Expr.Literal(0)))); return(program); } // Remove literal constants var CE = new ConstantElimination(); CE.Run(program); // Convert 0 to NULL in the program ConvertToNull.Convert(program, nil); // Add NULL axiom here such that ConvertToNULL doesn't lead to dumb axiom var ax = new Axiom(Token.NoToken, Expr.Eq(Expr.Ident(nil), Expr.Literal(0))); program.AddTopLevelDeclaration(ax); // Add "assert !aliasQ(e, NULL)" for each expression M[e] appearing in the program InstrumentMemoryAccesses.Instrument(program, nil); // Put {:scalar} {:AllocatorVar} on $CurrAddr var alloc = program.TopLevelDeclarations.OfType <GlobalVariable>().Where(g => g.Name == allocVar) .FirstOrDefault(); if (alloc != null) { //alloc.AddAttribute("scalar"); alloc.AddAttribute(AvUtil.AvnAnnotations.AllocatorVarAttr); } else { Console.WriteLine("Warning: Global variable $CurrAddr not found"); } if (initMem) { InitMemory(program); } return(program); }