Module Biabduction.Predicates

module F = Stdlib.Format
type offset =
  1. | Off_fld of IR.Fieldname.t * IR.Typ.t
  2. | Off_index of IR.Exp.t

Offset for an lvalue.

Components of Propositions

type atom =
  1. | Aeq of IR.Exp.t * IR.Exp.t
    (*

    equality

    *)
  2. | Aneq of IR.Exp.t * IR.Exp.t
    (*

    disequality

    *)
  3. | Apred of IR.PredSymb.t * IR.Exp.t list
    (*

    predicate symbol applied to exps

    *)
  4. | Anpred of IR.PredSymb.t * IR.Exp.t list
    (*

    negated predicate symbol applied to exps

    *)

an atom is a pure atomic formula

val compare_atom : atom -> atom -> int
val equal_atom : atom -> atom -> bool
val atom_has_local_addr : atom -> bool
type lseg_kind =
  1. | Lseg_NE
    (*

    nonempty (possibly circular) listseg

    *)
  2. | Lseg_PE
    (*

    possibly empty (possibly circular) listseg

    *)

kind of lseg or dllseg predicates

val compare_lseg_kind : lseg_kind -> lseg_kind -> int
val equal_lseg_kind : lseg_kind -> lseg_kind -> bool
type zero_flag = bool option

The boolean is true when the pointer was dereferenced without testing for zero.

type null_case_flag = bool

True when the value was obtained by doing case analysis on null in a procedure call.

type inst =
  1. | Iabstraction
  2. | Iactual_precondition
  3. | Ialloc
  4. | Iformal of zero_flag * null_case_flag
  5. | Iinitial
  6. | Ilookup
  7. | Inone
  8. | Inullify
  9. | Irearrange of zero_flag * null_case_flag * int * IR.PredSymb.path_pos
  10. | Itaint
  11. | Iupdate of zero_flag * null_case_flag * int * IR.PredSymb.path_pos
  12. | Ireturn_from_call of int

instrumentation of heap values

val compare_inst : inst -> inst -> int
val equal_inst : inst -> inst -> bool
val inst_actual_precondition : inst
val inst_formal : inst
val inst_initial : inst

for formal parameters and heap values at the beginning of the function

val inst_lookup : inst

for initial values

val inst_none : inst
val inst_nullify : inst
val inst_rearrange : bool -> IBase.Location.t -> IR.PredSymb.path_pos -> inst

the boolean indicates whether the pointer is known nonzero

val inst_set_null_case_flag : inst -> inst

Set the null case flag of the inst.

val inst_new_loc : IBase.Location.t -> inst -> inst

update the location of the instrumentation

val update_inst : inst -> inst -> inst

Update inst_old to inst_new preserving the zero flag

exception JoinFail
val inst_partial_join : inst -> inst -> inst

join of instrumentations, can raise JoinFail

val inst_partial_meet : inst -> inst -> inst

meet of instrumentations

type 'inst strexp0 =
  1. | Eexp of IR.Exp.t * 'inst
    (*

    Base case: expression with instrumentation

    *)
  2. | Estruct of (IR.Fieldname.t * 'inst strexp0) list * 'inst
    (*

    C structure

    *)
  3. | Earray of IR.Exp.t * (IR.Exp.t * 'inst strexp0) list * 'inst
    (*

    Array of given length There are two conditions imposed / used in the array case. First, if some index and value pair appears inside an array in a strexp, then the index is less than the length of the array. For instance, x |->[10 | e1: v1] implies that e1 <= 9. Second, if two indices appear in an array, they should be different. For instance, x |->[10 | e1: v1, e2: v2] implies that e1 != e2.

    *)

structured expressions represent a value of structured type, such as an array or a struct.

val compare_strexp0 : ('inst -> 'inst -> int) -> 'inst strexp0 -> 'inst strexp0 -> int
type strexp = inst strexp0
val compare_strexp : ?inst:bool -> strexp -> strexp -> int

Comparison function for strexp. The inst:: parameter specifies whether instumentations should also be considered (false by default).

val equal_strexp : ?inst:bool -> strexp -> strexp -> bool

Equality function for strexp. The inst:: parameter specifies whether instumentations should also be considered (false by default).

type 'inst hpred0 =
  1. | Hpointsto of IR.Exp.t * 'inst strexp0 * IR.Exp.t
    (*

    represents exp|->strexp:typexp where typexp is an expression representing a type, e.h. sizeof(t).

    *)
  2. | Hlseg of lseg_kind * 'inst hpara0 * IR.Exp.t * IR.Exp.t * IR.Exp.t list
    (*

    higher - order predicate for singly - linked lists. Should ensure that exp1!= exp2 implies that exp1 is allocated. This assumption is used in the rearrangement. The last exp list parameter is used to denote the shared links by all the nodes in the list.

    *)
  3. | Hdllseg of lseg_kind * 'inst hpara_dll0 * IR.Exp.t * IR.Exp.t * IR.Exp.t * IR.Exp.t * IR.Exp.t list
    (*

    higher-order predicate for doubly-linked lists. Parameter for the higher-order singly-linked list predicate. Means "lambda (root,next,svars). Exists evars. body". Assume that root, next, svars, evars are disjoint sets of primed identifiers, and include all the free primed identifiers in body. body should not contain any non - primed identifiers or program variables (i.e. pvars).

    *)

an atomic heap predicate

and 'inst hpara0 = {
  1. root : IR.Ident.t;
  2. next : IR.Ident.t;
  3. svars : IR.Ident.t list;
  4. evars : IR.Ident.t list;
  5. body : 'inst hpred0 list;
}
and 'inst hpara_dll0 = {
  1. cell : IR.Ident.t;
    (*

    address cell

    *)
  2. svars_dll : IR.Ident.t list;
  3. evars_dll : IR.Ident.t list;
  4. body_dll : 'inst hpred0 list;
}

parameter for the higher-order doubly-linked list predicates. Assume that all the free identifiers in body_dll should belong to cell, blink, flink, svars_dll, evars_dll.

val compare_hpred0 : ('inst -> 'inst -> int) -> 'inst hpred0 -> 'inst hpred0 -> int
val compare_hpara0 : ('inst -> 'inst -> int) -> 'inst hpara0 -> 'inst hpara0 -> int
val compare_hpara_dll0 : ('inst -> 'inst -> int) -> 'inst hpara_dll0 -> 'inst hpara_dll0 -> int
type hpred = inst hpred0
type hpara = inst hpara0
type hpara_dll = inst hpara_dll0
val compare_hpred : ?inst:bool -> hpred -> hpred -> int

Comparison function for hpred. The inst:: parameter specifies whether instumentations should also be considered (false by default).

val equal_hpred : ?inst:bool -> hpred -> hpred -> bool

Equality function for hpred. The inst:: parameter specifies whether instumentations should also be considered (false by default).

module HpredSet : IStdlib.IStd.Caml.Set.S with type elt = hpred

Sets of heap predicates

Compaction

type sharing_env
val create_sharing_env : unit -> sharing_env

Create a sharing env to store canonical representations

val hpred_compact : sharing_env -> hpred -> hpred

Return a compact representation of the exp

val is_objc_object : hpred -> bool

Comparision And Inspection Functions

val pp_offset : IStdlib.Pp.env -> F.formatter -> offset -> unit
val d_offset_list : offset list -> unit

Dump a list of offsets

val pp_atom : IStdlib.Pp.env -> F.formatter -> atom -> unit

Pretty print an atom.

val d_atom : atom -> unit

Dump an atom.

val pp_inst : F.formatter -> inst -> unit

pretty-print an inst

val pp_sexp : IStdlib.Pp.env -> F.formatter -> strexp -> unit

Pretty print a strexp.

val d_sexp : strexp -> unit

Dump a strexp.

val pp_hpred : IStdlib.Pp.env -> F.formatter -> hpred -> unit

Pretty print a hpred.

val d_hpred : hpred -> unit

Dump a hpred.

val pp_hpara : IStdlib.Pp.env -> F.formatter -> hpara -> unit

Pretty print a hpara.

val pp_hpara_dll : IStdlib.Pp.env -> F.formatter -> hpara_dll -> unit

Pretty print a hpara_dll.

module Env : sig ... end

record the occurrences of predicates as parameters of (doubly -)linked lists and Epara. Provides unique numbering for predicates and an iterator.

val pp_hpred_env : IStdlib.Pp.env -> Env.t option -> F.formatter -> hpred -> unit

Pretty print a hpred with optional predicate env

Functions for traversing SIL data types

val strexp_expmap : ((IR.Exp.t * inst option) -> IR.Exp.t * inst option) -> strexp -> strexp

Change exps in strexp using f. WARNING: the result might not be normalized.

val hpred_expmap : ((IR.Exp.t * inst option) -> IR.Exp.t * inst option) -> hpred -> hpred

Change exps in hpred by f. WARNING: the result might not be normalized.

val hpred_instmap : (inst -> inst) -> hpred -> hpred

Change instrumentations in hpred using f.

val hpred_list_expmap : ((IR.Exp.t * inst option) -> IR.Exp.t * inst option) -> hpred list -> hpred list

Change exps in hpred list by f. WARNING: the result might not be normalized.

val atom_expmap : (IR.Exp.t -> IR.Exp.t) -> atom -> atom

Change exps in atom by f. WARNING: the result might not be normalized.

val hpred_list_get_lexps : (IR.Exp.t -> bool) -> hpred list -> IR.Exp.t list
val hpred_entries : hpred -> IR.Exp.t list
val atom_free_vars : atom -> IR.Ident.t IStdlib.IStd.Sequence.t
val atom_gen_free_vars : atom -> (unit, IR.Ident.t) IStdlib.IStd.Sequence.Generator.t
val hpred_free_vars : hpred -> IR.Ident.t IStdlib.IStd.Sequence.t
val hpred_gen_free_vars : hpred -> (unit, IR.Ident.t) IStdlib.IStd.Sequence.Generator.t
val hpara_shallow_free_vars : hpara -> IR.Ident.t IStdlib.IStd.Sequence.t
val hpara_dll_shallow_free_vars : hpara_dll -> IR.Ident.t IStdlib.IStd.Sequence.t

Variables in hpara_dll, excluding bound vars in the body

Substitution

type subst = private (IR.Ident.t * IR.Exp.t) list
val compare_subst : subst -> subst -> int
val equal_subst : subst -> subst -> bool

Equality for substitutions.

val subst_of_list : (IR.Ident.t * IR.Exp.t) list -> subst

Create a substitution from a list of pairs. For all (id1, e1), (id2, e2) in the input list, if id1 = id2, then e1 = e2.

val subst_of_list_duplicates : (IR.Ident.t * IR.Exp.t) list -> subst

like subst_of_list, but allow duplicate ids and only keep the first occurrence

val sub_to_list : subst -> (IR.Ident.t * IR.Exp.t) list

Convert a subst to a list of pairs.

val sub_empty : subst

The empty substitution.

val is_sub_empty : subst -> bool
val sub_join : subst -> subst -> subst

Compute the common id-exp part of two inputs subst1 and subst2. The first component of the output is this common part. The second and third components are the remainder of subst1 and subst2, respectively.

val sub_symmetric_difference : subst -> subst -> subst * subst * subst

Compute the common id-exp part of two inputs subst1 and subst2. The first component of the output is this common part. The second and third components are the remainder of subst1 and subst2, respectively.

val sub_find : (IR.Ident.t -> bool) -> subst -> IR.Exp.t

sub_find filter sub returns the expression associated to the first identifier that satisfies filter. Raise Not_found_s/Caml.Not_found if there isn't one.

val sub_filter : (IR.Ident.t -> bool) -> subst -> subst

sub_filter filter sub restricts the domain of sub to the identifiers satisfying filter.

val sub_filter_pair : subst -> f:((IR.Ident.t * IR.Exp.t) -> bool) -> subst

sub_filter_exp filter sub restricts the domain of sub to the identifiers satisfying filter(id, sub(id)).

val sub_range_partition : (IR.Exp.t -> bool) -> subst -> subst * subst

sub_range_partition filter sub partitions sub according to whether range expressions satisfy filter.

val sub_domain_partition : (IR.Ident.t -> bool) -> subst -> subst * subst

sub_domain_partition filter sub partitions sub according to whether domain identifiers satisfy filter.

val sub_domain : subst -> IR.Ident.t list

Return the list of identifiers in the domain of the substitution.

val sub_range : subst -> IR.Exp.t list

Return the list of expressions in the range of the substitution.

val sub_range_map : (IR.Exp.t -> IR.Exp.t) -> subst -> subst

sub_range_map f sub applies f to the expressions in the range of sub.

val sub_map : (IR.Ident.t -> IR.Ident.t) -> (IR.Exp.t -> IR.Exp.t) -> subst -> subst

sub_map f g sub applies the renaming f to identifiers in the domain of sub and the substitution g to the expressions in the range of sub.

val extend_sub : subst -> IR.Ident.t -> IR.Exp.t -> subst option

Extend substitution and return None if not possible.

val subst_free_vars : subst -> IR.Ident.t IStdlib.IStd.Sequence.t
val subst_gen_free_vars : subst -> (unit, IR.Ident.t) IStdlib.IStd.Sequence.Generator.t

substitution functions WARNING: these functions do not ensure that the results are normalized.

val exp_sub : subst -> IR.Exp.t -> IR.Exp.t
val atom_sub : subst -> atom -> atom
val hpred_sub : subst -> hpred -> hpred

Functions for replacing occurrences of expressions.

val atom_replace_exp : (IR.Exp.t * IR.Exp.t) list -> atom -> atom
val hpred_replace_exp : (IR.Exp.t * IR.Exp.t) list -> hpred -> hpred

Functions for constructing or destructing entities in this module

val exp_get_offsets : IR.Exp.t -> offset list

Compute the offset list of an expression

val exp_add_offsets : IR.Exp.t -> offset list -> IR.Exp.t

Add the offset list to an expression

val sigma_to_sigma_ne : hpred list -> (atom list * hpred list) list
val hpara_instantiate : hpara -> IR.Exp.t -> IR.Exp.t -> IR.Exp.t list -> IR.Ident.t list * hpred list

hpara_instantiate para e1 e2 elist instantiates para with e1, e2 and elist. If para = lambda (x, y, xs). exists zs. b, then the result of the instantiation is b[e1 / x, e2 / y, elist / xs, _zs'/ zs] for some fresh _zs'.

val hpara_dll_instantiate : hpara_dll -> IR.Exp.t -> IR.Exp.t -> IR.Exp.t -> IR.Exp.t list -> IR.Ident.t list * hpred list

hpara_dll_instantiate para cell blink flink elist instantiates para with cell, blink, flink, and elist. If para = lambda (x, y, z, xs). exists zs. b, then the result of the instantiation is b[cell / x, blink / y, flink / z, elist / xs, _zs'/ zs] for some fresh _zs'.

val custom_error : IR.Pvar.t