private void TransformPow2Candidates(IRegion region, List <PredicateCmd> oldCandidateInvariants)
{
IdentifierExpr v = null;
do
{
foreach (var p in oldCandidateInvariants)
{
v = TryGetPow2VariableFromCandidate(p);
if (v != null)
{
break;
}
}
if (v != null)
{
oldCandidateInvariants.RemoveAll(item => TryGetPow2VariableFromCandidate(item)
!= null && TryGetPow2VariableFromCandidate(item).Name.Equals(v.Name));
Function pow2ExistentialFunction = CreateExistentialFunction(
new List <TypedIdent> {
new TypedIdent(Token.NoToken, "x", v.Type)
});
pow2ExistentialFunction.AddAttribute("absdomain", new object[] { "PowDomain" });
existentialFunctions.Add(pow2ExistentialFunction);
region.AddInvariant(new AssertCmd(
Token.NoToken,
new NAryExpr(Token.NoToken, new FunctionCall(pow2ExistentialFunction), new List <Expr> {
v
})));
}
}while (v != null);
}
private void TransformRemainingCandidates(IRegion region, List <PredicateCmd> oldCandidateInvariants)
{
if (oldCandidateInvariants.Count() > 0)
{
List <Variable> args = new List <Variable>();
for (int i = 0; i < oldCandidateInvariants.Count(); i++)
{
args.Add(new LocalVariable(Token.NoToken, new TypedIdent(Token.NoToken, "x" + i, Microsoft.Boogie.Type.Bool)));
}
Function existentialFunction = new Function(Token.NoToken, "_existential_func" + counter, args,
new LocalVariable(Token.NoToken, new TypedIdent(Token.NoToken, "", Microsoft.Boogie.Type.Bool)));
existentialFunctions.Add(existentialFunction);
existentialFunction.AddAttribute("existential", new object[] { Expr.True });
List <Expr> oldCandidateInvariantExprs = new List <Expr>();
foreach (var p in oldCandidateInvariants)
{
string c;
Expr e;
Houdini.GetCandidateWithoutConstant(p.Expr, candidates, out c, out e);
Debug.Assert(e != null);
oldCandidateInvariantExprs.Add(e);
}
region.AddInvariant(new AssertCmd(Token.NoToken, new NAryExpr(Token.NoToken, new FunctionCall(existentialFunction),
oldCandidateInvariantExprs)));
counter++;
}
}
public static Expr Extract(Expr expr, Program program, List <Axiom> axioms)
{
Contract.Requires(expr != null && program != null && !program.TopLevelDeclarationsAreFrozen && axioms != null);
if (expr is LiteralExpr)
{
return(expr);
}
var extractor = new FunctionExtractor();
var body = extractor.VisitExpr(expr);
var name = program.FreshExtractedFunctionName();
var originalVars = extractor.Substitutions.Keys.ToList();
var formalInArgs = originalVars.Select(v => new Formal(Token.NoToken, new TypedIdent(Token.NoToken, extractor.Substitutions[v].Name, extractor.Substitutions[v].TypedIdent.Type), true)).ToList <Variable>();
var formalOutArg = new Formal(Token.NoToken, new TypedIdent(Token.NoToken, name + "$result$", expr.Type), false);
var func = new Function(Token.NoToken, name, formalInArgs, formalOutArg);
func.AddAttribute("never_pattern");
var boundVars = originalVars.Select(k => extractor.Substitutions[k]);
var axiomCall = new NAryExpr(Token.NoToken, new FunctionCall(func), boundVars.Select(b => new IdentifierExpr(Token.NoToken, b)).ToList <Expr>());
axiomCall.Type = expr.Type;
axiomCall.TypeParameters = SimpleTypeParamInstantiation.EMPTY;
var eq = LiteralExpr.Eq(axiomCall, body);
eq.Type = body.Type;
eq.TypeParameters = SimpleTypeParamInstantiation.EMPTY;
if (0 < formalInArgs.Count)
{
var forallExpr = new ForallExpr(Token.NoToken, boundVars.ToList <Variable>(), new Trigger(Token.NoToken, true, new List <Expr> {
axiomCall
}), eq);
body = forallExpr;
forallExpr.Attributes = new QKeyValue(Token.NoToken, "weight", new List <object> {
new LiteralExpr(Token.NoToken, Basetypes.BigNum.FromInt(30))
}, null);
body.Type = Type.Bool;
}
else
{
body = eq;
}
var axiom = new Axiom(Token.NoToken, body);
func.DefinitionAxiom = axiom;
program.AddTopLevelDeclaration(func);
program.AddTopLevelDeclaration(axiom);
axioms.Add(axiom);
var call = new NAryExpr(Token.NoToken, new FunctionCall(func), originalVars.Select(v => new IdentifierExpr(Token.NoToken, v)).ToList <Expr>());
call.Type = expr.Type;
call.TypeParameters = SimpleTypeParamInstantiation.EMPTY;
return(call);
}
private void TransformImplicationCandidates(IRegion region, List <PredicateCmd> oldCandidateInvariants)
{
IdentifierExpr antecedent = null;
HashSet <IdentifierExpr> visited = new HashSet <IdentifierExpr>();
do
{
PredicateCmd current = null;
foreach (var p in oldCandidateInvariants)
{
antecedent = TryGetNegatedBooleanFromCandidate(p, visited);
if (antecedent != null)
{
visited.Add(antecedent);
current = p;
break;
}
}
if (antecedent != null)
{
Debug.Assert(current != null);
HashSet <PredicateCmd> toRemove = new HashSet <PredicateCmd>();
foreach (var p in oldCandidateInvariants)
{
string c;
Expr e;
Houdini.GetCandidateWithoutConstant(p.Expr, candidates, out c, out e);
Debug.Assert(e != null);
NAryExpr ne = e as NAryExpr;
if (ne != null && ne.Fun is BinaryOperator && ((BinaryOperator)ne.Fun).Op == BinaryOperator.Opcode.Imp &&
ne.Args[0] is IdentifierExpr && ((IdentifierExpr)ne.Args[0]).Name.Equals(antecedent.Name))
{
Expr consequent = ne.Args[1];
toRemove.Add(current);
toRemove.Add(p);
Function implicationExistentialFunction = CreateExistentialFunction(
new List <TypedIdent> {
new TypedIdent(Token.NoToken, "x", Type.Bool), new TypedIdent(Token.NoToken, "y", Type.Bool)
});
implicationExistentialFunction.AddAttribute("absdomain", new object[] { "ImplicationDomain" });
existentialFunctions.Add(implicationExistentialFunction);
region.AddInvariant(new AssertCmd(
Token.NoToken,
new NAryExpr(Token.NoToken, new FunctionCall(implicationExistentialFunction), new List <Expr> {
antecedent, consequent
})));
}
}
oldCandidateInvariants.RemoveAll(item => toRemove.Contains(item));
}
}while (antecedent != null);
}
// assert !aliasQ(e, NULL)
AssertCmd MkAssert(Expr e)
{
var a = BoogieAstFactory.MkFormal("a", btype.Int, true);
var b = BoogieAstFactory.MkFormal("b", btype.Int, true);
var f = new Function(Token.NoToken, "aliasQ" + (counter++),
new List <Variable> {
a, b
},
BoogieAstFactory.MkFormal("c", btype.Bool, false));
f.AddAttribute("aliasingQuery");
f.AddAttribute("inline");
f.Body = Expr.Eq(Expr.Ident(a), Expr.Ident(b));
aliasQfuncs.Add(f);
return(new AssertCmd(Token.NoToken, Expr.Not(new NAryExpr(Token.NoToken, new FunctionCall(f), new List <Expr> {
e, nil
}))));
}
Function GetQueryFunc()
{
var f = new Function(Token.NoToken, "ASquery" + queries.Count,
new List <Variable> {
BoogieAstFactory.MkFormal("x", btype.Int, true)
},
BoogieAstFactory.MkFormal("y", btype.Bool, false));
f.AddAttribute("aliasingQuery", "allocationsites");
queries.Add(f);
return(f);
}
public void Run(Program program)
{
// First add a MustReach function
f = new Function(Token.NoToken, "ProcedureMustReach", new List <Variable> {
BoogieAstFactory.MkFormal("x", btype.Bool, true)
},
BoogieAstFactory.MkFormal("y", btype.Bool, false));
f.AddAttribute("ReachableStates");
program.AddTopLevelDeclaration(f);
// Then add function calls to the beginning and end of each non-stub procedure
program.Implementations.Iter(impl => VisitImplementation(impl));
}
private Function CreateExistentialFunction(List <TypedIdent> idents)
{
List <Variable> args = idents.Select(item => (Variable) new LocalVariable(Token.NoToken, item)).ToList();
Variable result = new LocalVariable(Token.NoToken, new TypedIdent(Token.NoToken, string.Empty, Type.Bool));
Function existentialFunction = new Function(Token.NoToken, "_existential_func" + counter, args, result);
existentialFunction.AddAttribute("existential", new object[] { Expr.True });
counter++;
return(existentialFunction);
}
// instrumentation functions for buffer overflow detection
private void BufferInstrument(Procedure mallocProcedure)
{
var sizeFun = new Function(Token.NoToken, "Size",
new List <Variable>()
{
BoogieAstFactory.MkFormal("x", btype.Int, false)
},
BoogieAstFactory.MkFormal("r", btype.Int, false));
sizeFun.AddAttribute("buffer", new Object[] { "size" });
var baseFun = new Function(Token.NoToken, "Base",
new List <Variable>()
{
BoogieAstFactory.MkFormal("x", btype.Int, false)
},
BoogieAstFactory.MkFormal("r", btype.Int, false));
baseFun.AddAttribute("buffer", new Object[] { "base" });
var allocMap = BoogieAstFactory.MkGlobal("nonfree",
BoogieAstFactory.MkMapType(btype.Int, btype.Bool));
allocMap.AddAttribute("buffer", new Object[] { "free" });
prog.AddTopLevelDeclaration(sizeFun);
prog.AddTopLevelDeclaration(baseFun);
prog.AddTopLevelDeclaration(allocMap);
var mallocRet = Expr.Ident(mallocProcedure.OutParams[0]);
mallocProcedure.Ensures.Add(new Ensures(true, Expr.Eq(
new NAryExpr(Token.NoToken, new FunctionCall(baseFun),
new List <Expr>()
{
mallocRet
}), mallocRet)));
var mallocIn = Expr.Ident(mallocProcedure.InParams[0]);
mallocProcedure.Ensures.Add(new Ensures(true, Expr.Eq(
new NAryExpr(Token.NoToken, new FunctionCall(sizeFun),
new List <Expr>()
{
mallocRet
}), mallocIn)));
//mallocProcedure.Ensures.Add(new Ensures(true,
// BoogieAstFactory.MkMapAccessExpr(allocMap, mallocRet)));
}
public override Block VisitBlock(Block node)
{
lookupExprsPerCmd = new Dictionary <Cmd, HashSet <Tuple <Expr, Expr> > >();
var b = base.VisitBlock(node); //recurse down to find the lookups for all cmds
var newCmds = new List <Cmd>();
node.Cmds
.Iter(x =>
{
if (lookupExprsPerCmd.ContainsKey(x))
{
var lookupExprs = lookupExprsPerCmd[x];
lookupExprs
.Iter(y =>
{
var fnName = SplitConsts.allocSiteFnName + "_" + aliasFnCount++;
Function aliasingFunc =
Utils.DeclUtils.MkOrGetFunc(
prog,
fnName,
Microsoft.Boogie.Type.Bool,
new List <Microsoft.Boogie.Type>()
{
y.Item2.Type
});
aliasingFunc.AddAttribute(SplitConsts.aliasQueryAttr, new object[] { SplitConsts.allocSiteStr });
var expr = Utils.DeclUtils.MkFuncApp(aliasingFunc, new List <Expr>()
{
y.Item2
});
AssumeCmd aCmd = new AssumeCmd(Token.NoToken, expr);
aCmd.Attributes = new QKeyValue(Token.NoToken,
SplitConsts.allocAssumeAttr, new List <object>()
{
y.Item2.ToString()
}, aCmd.Attributes);
newCmds.Add(aCmd);
});
}
newCmds.Add(x);
});
node.Cmds = newCmds;
return(base.VisitBlock(node));
}
public static Function FindReachableStatesFunc(Program program)
{
var ret = program.TopLevelDeclarations.OfType <Function>()
.Where(f => QKeyValue.FindBoolAttribute(f.Attributes, AvnAnnotations.ReachableStatesAttr))
.FirstOrDefault();
if (ret != null)
{
return(ret);
}
ret = new Function(Token.NoToken, "MustReach", new List <Variable> {
BoogieAstFactory.MkFormal("x", btype.Bool, true)
},
BoogieAstFactory.MkFormal("y", btype.Bool, false));
ret.AddAttribute(AvnAnnotations.ReachableStatesAttr);
program.AddTopLevelDeclaration(ret);
return(ret);
}
public static Expr Extract(Expr expr, Program program, List<Axiom> axioms)
{
Contract.Requires(expr != null && program != null && !program.TopLevelDeclarationsAreFrozen && axioms != null);
if (expr is LiteralExpr)
{
return expr;
}
var extractor = new FunctionExtractor();
var body = extractor.VisitExpr(expr);
var name = program.FreshExtractedFunctionName();
var originalVars = extractor.Substitutions.Keys.ToList();
var formalInArgs = originalVars.Select(v => new Formal(Token.NoToken, new TypedIdent(Token.NoToken, extractor.Substitutions[v].Name, extractor.Substitutions[v].TypedIdent.Type), true)).ToList<Variable>();
var formalOutArg = new Formal(Token.NoToken, new TypedIdent(Token.NoToken, name + "$result$", expr.Type), false);
var func = new Function(Token.NoToken, name, formalInArgs, formalOutArg);
func.AddAttribute("never_pattern");
var boundVars = originalVars.Select(k => extractor.Substitutions[k]);
var axiomCall = new NAryExpr(Token.NoToken, new FunctionCall(func), boundVars.Select(b => new IdentifierExpr(Token.NoToken, b)).ToList<Expr>());
axiomCall.Type = expr.Type;
axiomCall.TypeParameters = SimpleTypeParamInstantiation.EMPTY;
var eq = LiteralExpr.Eq(axiomCall, body);
eq.Type = body.Type;
eq.TypeParameters = SimpleTypeParamInstantiation.EMPTY;
if (0 < formalInArgs.Count)
{
var forallExpr = new ForallExpr(Token.NoToken, boundVars.ToList<Variable>(), new Trigger(Token.NoToken, true, new List<Expr> { axiomCall }), eq);
body = forallExpr;
forallExpr.Attributes = new QKeyValue(Token.NoToken, "weight", new List<object> { new LiteralExpr(Token.NoToken, Basetypes.BigNum.FromInt(30)) }, null);
body.Type = Type.Bool;
}
else
{
body = eq;
}
var axiom = new Axiom(Token.NoToken, body);
func.DefinitionAxiom = axiom;
program.AddTopLevelDeclaration(func);
program.AddTopLevelDeclaration(axiom);
axioms.Add(axiom);
var call = new NAryExpr(Token.NoToken, new FunctionCall(func), originalVars.Select(v => new IdentifierExpr(Token.NoToken, v)).ToList<Expr>());
call.Type = expr.Type;
call.TypeParameters = SimpleTypeParamInstantiation.EMPTY;
return call;
}
////////////////////////////////////////////////////////////////////////////
protected override void GenSelectStoreFunctions(MapType abstractedType, TypeCtorDecl synonym,
out Function /*!*/ select, out Function /*!*/ store)
{
//Contract.Requires(synonym != null);
//Contract.Requires(abstractedType != null);
Contract.Ensures(Contract.ValueAtReturn(out select) != null);
Contract.Ensures(Contract.ValueAtReturn(out store) != null);
Contract.Assert(synonym.Name != null);
string /*!*/
baseName = synonym.Name;
int typeParamNum = abstractedType.FreeVariables.Count +
abstractedType.TypeParameters.Count;
int arity = typeParamNum + abstractedType.Arguments.Count;
Type /*!*/[] /*!*/
selectTypes = new Type /*!*/ [arity + 2];
Type /*!*/[] /*!*/
storeTypes = new Type /*!*/ [arity + 3];
int i = 0;
// Fill in the free variables and type parameters
for (; i < typeParamNum; i++)
{
selectTypes[i] = AxBuilder.T;
storeTypes[i] = AxBuilder.T;
}
// Fill in the map type
selectTypes[i] = AxBuilder.U;
storeTypes[i] = AxBuilder.U;
i++;
// Fill in the index types
foreach (Type /*!*/ type in abstractedType.Arguments)
{
Contract.Assert(type != null);
selectTypes[i] = AxBuilder.U;
storeTypes[i] = AxBuilder.U;
i++;
}
// Fill in the output type for select function which also happens
// to be the type of the last argument to the store function
selectTypes[i] = AxBuilder.U;
storeTypes[i] = AxBuilder.U;
i++;
// Fill in the map type which is the output of the store function
storeTypes[i] = AxBuilder.U;
Contract.Assert(cce.NonNullElements <Type>(selectTypes));
Contract.Assert(cce.NonNullElements <Type>(storeTypes));
select = HelperFuns.BoogieFunction(baseName + "Select", selectTypes);
store = HelperFuns.BoogieFunction(baseName + "Store", storeTypes);
if (CommandLineOptions.Clo.UseArrayTheory)
{
select.AddAttribute("builtin", "select");
store.AddAttribute("builtin", "store");
}
else
{
AxBuilder.AddTypeAxiom(GenMapAxiom0(select, store,
abstractedType.TypeParameters.Count, abstractedType.FreeVariables.Count));
AxBuilder.AddTypeAxiom(GenMapAxiom1(select, store,
abstractedType.TypeParameters.Count, abstractedType.FreeVariables.Count));
}
}
