// instrumentation functions for buffer overflow detection
private void BufferInstrument(Procedure mallocProcedure)
{
var sizeFun = new Function(Token.NoToken, "Size",
new List <Variable>()
{
BoogieAstFactory.MkFormal("x", btype.Int, false)
},
BoogieAstFactory.MkFormal("r", btype.Int, false));
sizeFun.AddAttribute("buffer", new Object[] { "size" });
var baseFun = new Function(Token.NoToken, "Base",
new List <Variable>()
{
BoogieAstFactory.MkFormal("x", btype.Int, false)
},
BoogieAstFactory.MkFormal("r", btype.Int, false));
baseFun.AddAttribute("buffer", new Object[] { "base" });
var allocMap = BoogieAstFactory.MkGlobal("nonfree",
BoogieAstFactory.MkMapType(btype.Int, btype.Bool));
allocMap.AddAttribute("buffer", new Object[] { "free" });
prog.AddTopLevelDeclaration(sizeFun);
prog.AddTopLevelDeclaration(baseFun);
prog.AddTopLevelDeclaration(allocMap);
var mallocRet = Expr.Ident(mallocProcedure.OutParams[0]);
mallocProcedure.Ensures.Add(new Ensures(true, Expr.Eq(
new NAryExpr(Token.NoToken, new FunctionCall(baseFun),
new List <Expr>()
{
mallocRet
}), mallocRet)));
var mallocIn = Expr.Ident(mallocProcedure.InParams[0]);
mallocProcedure.Ensures.Add(new Ensures(true, Expr.Eq(
new NAryExpr(Token.NoToken, new FunctionCall(sizeFun),
new List <Expr>()
{
mallocRet
}), mallocIn)));
//mallocProcedure.Ensures.Add(new Ensures(true,
// BoogieAstFactory.MkMapAccessExpr(allocMap, mallocRet)));
}
public TypeUnify(Program program)
{
U = new GlobalVariable(Token.NoToken, new TypedIdent(Token.NoToken,
"Mem_T.All", BoogieAstFactory.MkMapType(Microsoft.Boogie.Type.Int, Microsoft.Boogie.Type.Int)));
this.program = program;
}