CONTRACTS: functions to compute root objects

Alternative implementation of `root_object`
supporting ternary operators in assignemtn or call
LHS expressions, and object slice expressions in
assigns clause targets.

Author: Remi Delmas

src/goto-instrument/Makefile

@@ -18,6 +18,7 @@ SRC = accelerate/accelerate.cpp \
       call_sequences.cpp \
       contracts/contracts.cpp \
       contracts/dynamic-frames/dfcc_utils.cpp \
+      contracts/dynamic-frames/dfcc_root_object.cpp \
       contracts/dynamic-frames/dfcc_library.cpp \
       contracts/dynamic-frames/dfcc_is_fresh.cpp \
       contracts/dynamic-frames/dfcc_pointer_in_range.cpp \

src/goto-instrument/contracts/dynamic-frames/dfcc_root_object.cpp

@@ -0,0 +1,170 @@
+/*******************************************************************\
+
+Module: Dynamic frame condition checking
+
+Author: Remi Delmas, [email protected]
+
+Date: March 2023
+
+\*******************************************************************/
+
+#include "dfcc_root_object.h"
+
+#include <util/byte_operators.h>
+#include <util/cprover_prefix.h>
+#include <util/expr.h>
+#include <util/expr_util.h>
+#include <util/message.h>
+#include <util/namespace.h>
+#include <util/pointer_expr.h>
+#include <util/std_code.h>
+
+#include <goto-programs/pointer_arithmetic.h>
+
+#include <langapi/language_util.h>
+
+/// Recursively computes a set of root object expressions for an assignment lhs.
+static void lhs_root_objects_rec(
+  const exprt &expr,
+  const namespacet &ns,
+  messaget log,
+  std::unordered_set<exprt, irep_hash> &dest)
+{
+  if(expr.id() == ID_symbol)
+  {
+    dest.insert(expr);
+  }
+  else if(expr.id() == ID_index)
+  {
+    lhs_root_objects_rec(to_index_expr(expr).array(), ns, log, dest);
+  }
+  else if(expr.id() == ID_member)
+  {
+    const typet &type = to_member_expr(expr).struct_op().type();
+    if(
+      type.id() == ID_struct || type.id() == ID_struct_tag ||
+      type.id() == ID_union || type.id() == ID_union_tag)
+    {
+      lhs_root_objects_rec(to_member_expr(expr).compound(), ns, log, dest);
+    }
+    else
+    {
+      throw unsupported_operation_exceptiont(
+        "unexpected assignment to member of '" + type.id_string() + "'");
+    }
+  }
+  else if(expr.id() == ID_if)
+  {
+    lhs_root_objects_rec(to_if_expr(expr).true_case(), ns, log, dest);
+    lhs_root_objects_rec(to_if_expr(expr).false_case(), ns, log, dest);
+  }
+  else if(expr.id() == ID_typecast)
+  {
+    lhs_root_objects_rec(to_typecast_expr(expr).op(), ns, log, dest);
+  }
+  else if(
+    expr.id() == ID_byte_extract_little_endian ||
+    expr.id() == ID_byte_extract_big_endian)
+  {
+    lhs_root_objects_rec(to_byte_extract_expr(expr).op(), ns, log, dest);
+  }
+  else if(expr.id() == ID_complex_real)
+  {
+    lhs_root_objects_rec(to_complex_real_expr(expr).op(), ns, log, dest);
+  }
+  else if(expr.id() == ID_complex_imag)
+  {
+    lhs_root_objects_rec(to_complex_imag_expr(expr).op(), ns, log, dest);
+  }
+  else if(
+    const auto &ptr =
+      expr_try_dynamic_cast<dereference_exprt>(skip_typecast(expr)))
+  {
+    // normalise into `pointer + offset` and pattern match on the pointer
+    const auto &base_ptr = pointer_arithmetict(*ptr).pointer;
+    if(const auto &if_expr = expr_try_dynamic_cast<if_exprt>(base_ptr))
+    {
+      // *(c ? true_case : false_case) => rec(*true_case); rec(*false_case)
+      lhs_root_objects_rec(
+        dereference_exprt(if_expr->true_case()), ns, log, dest);
+      lhs_root_objects_rec(
+        dereference_exprt(if_expr->false_case()), ns, log, dest);
+    }
+    else if(
+      const auto &address_of_expr =
+        expr_try_dynamic_cast<address_of_exprt>(base_ptr))
+    {
+      const exprt &object = skip_typecast(address_of_expr->object());
+      if(const auto &index = expr_try_dynamic_cast<index_exprt>(object))
+      {
+        // *(&arr[idx]) => rec(arr)
+        const exprt &arr = index->array();
+        if(arr.id() == ID_array)
+        {
+          lhs_root_objects_rec(arr, ns, log, dest);
+        }
+      }
+      else
+      {
+        // *(&object) => rec(object)
+        lhs_root_objects_rec(object, ns, log, dest);
+      }
+    }
+    else
+    {
+      // *(base_pointer) could not be simplified
+      dest.insert(expr);
+    }
+  }
+  else
+  {
+    // Stop here for anything else.
+    dest.insert(expr);
+  }
+}
+
+std::unordered_set<exprt, irep_hash> dfcc_assignment_lhs_root_objects(
+  const exprt &expr,
+  const namespacet &ns,
+  messaget &log)
+{
+  std::unordered_set<exprt, irep_hash> result;
+  lhs_root_objects_rec(expr, ns, log, result);
+  return result;
+}
+
+/// Translates object slice expressions found in assigns clause targets to
+/// dereference expressions, so that object_descriptor_exprt can be used to
+/// compute the base object expression.
+static exprt slice_op_to_deref(const exprt &expr)
+{
+  if(can_cast_expr<side_effect_expr_function_callt>(expr))
+  {
+    auto function_call_expr = to_side_effect_expr_function_call(expr);
+    auto function_expr = function_call_expr.function();
+    INVARIANT(
+      function_expr.id() == ID_symbol,
+      "no function pointer calls in loop assigns clause targets");
+    auto function_id = to_symbol_expr(function_expr).get_identifier();
+    INVARIANT(
+      function_id == CPROVER_PREFIX "assignable" ||
+        function_id == CPROVER_PREFIX "object_whole" ||
+        function_id == CPROVER_PREFIX "object_from" ||
+        function_id == CPROVER_PREFIX "object_upto",
+      "can only handle built-in function calls in assigns clause targets");
+    return dereference_exprt(
+      skip_typecast(function_call_expr.arguments().at(0)));
+  }
+  else
+  {
+    return expr;
+  }
+}
+
+std::unordered_set<exprt, irep_hash> dfcc_loop_assigns_target_root_object(
+  const exprt &expr,
+  const namespacet &ns,
+  messaget &log)
+{
+  return dfcc_assignment_lhs_root_objects(slice_op_to_deref(expr), ns, log);
+}

src/goto-instrument/contracts/dynamic-frames/dfcc_root_object.h

@@ -0,0 +1,38 @@
+/*******************************************************************\
+
+Module: Dynamic frame condition checking
+
+Author: Remi Delmas, [email protected]
+
+Date: March 2023
+
+\*******************************************************************/
+
+/// \file
+/// Utility functions that compute root object expressions for assigns clause
+/// targets and LHS expressions.
+
+#ifndef CPROVER_GOTO_INSTRUMENT_CONTRACTS_DYNAMIC_FRAMES_DFCC_ROOT_OBJECT_H
+#define CPROVER_GOTO_INSTRUMENT_CONTRACTS_DYNAMIC_FRAMES_DFCC_ROOT_OBJECT_H
+
+#include <util/irep.h>
+
+#include <unordered_set>
+
+class exprt;
+class namespacet;
+class messaget;
+
+/// Computes a set of root object expressions for an assignment lhs expression.
+std::unordered_set<exprt, irep_hash> dfcc_assignment_lhs_root_objects(
+  const exprt &lhs,
+  const namespacet &ns,
+  messaget &log);
+
+/// Computes a set of root object expressions for a loop assigns clause target
+/// expression.
+std::unordered_set<exprt, irep_hash> dfcc_loop_assigns_target_root_object(
+  const exprt &expr,
+  const namespacet &ns,
+  messaget &log);
+#endif