Module `Biabduction.Predicates`

module F = Stdlib.Format

type offset = | Off_fld of IR.Fieldname.t * IR.Typ.t | Off_index of IR.Exp.t: Offset for an lvalue.

Components of Propositions

type atom = | Aeq of IR.Exp.t * IR.Exp.t equality | Aneq of IR.Exp.t * IR.Exp.t disequality | Apred of IR.PredSymb.t * IR.Exp.t list predicate symbol applied to exps | Anpred of IR.PredSymb.t * IR.Exp.t list negated predicate symbol applied to exps: an atom is a pure atomic formula

val compare_atom : atom -> atom -> int

val equal_atom : atom -> atom -> bool
val atom_has_local_addr : atom -> bool

type lseg_kind = | Lseg_NE nonempty (possibly circular) listseg | Lseg_PE possibly empty (possibly circular) listseg: kind of lseg or dllseg predicates

val compare_lseg_kind : lseg_kind -> lseg_kind -> int

val equal_lseg_kind : lseg_kind -> lseg_kind -> bool

type zero_flag = bool option: The boolean is true when the pointer was dereferenced without testing for zero.

type null_case_flag = bool: True when the value was obtained by doing case analysis on null in a procedure call.

type inst = | Iabstraction | Iactual_precondition | Ialloc | Iformal of zero_flag * null_case_flag | Iinitial | Ilookup | Inone | Inullify | Irearrange of zero_flag * null_case_flag * int * IR.PredSymb.path_pos | Itaint | Iupdate of zero_flag * null_case_flag * int * IR.PredSymb.path_pos | Ireturn_from_call of int: instrumentation of heap values

val compare_inst : inst -> inst -> int

val equal_inst : inst -> inst -> bool
val inst_actual_precondition : inst
val inst_formal : inst
val inst_initial : inst: for formal parameters and heap values at the beginning of the function

val inst_lookup : inst: for initial values

val inst_none : inst
val inst_nullify : inst
val inst_rearrange : bool -> IBase.Location.t -> IR.PredSymb.path_pos -> inst: the boolean indicates whether the pointer is known nonzero

val inst_update : IBase.Location.t -> IR.PredSymb.path_pos -> inst
val inst_set_null_case_flag : inst -> inst: Set the null case flag of the inst.

val inst_new_loc : IBase.Location.t -> inst -> inst: update the location of the instrumentation

val update_inst : inst -> inst -> inst: Update inst_old to inst_new preserving the zero flag

exception JoinFail

val inst_partial_join : inst -> inst -> inst: join of instrumentations, can raise JoinFail

val inst_partial_meet : inst -> inst -> inst: meet of instrumentations

type 'inst strexp0 = | Eexp of IR.Exp.t * 'inst Base case: expression with instrumentation | Estruct of (IR.Fieldname.t * 'inst strexp0) list * 'inst C structure | Earray of IR.Exp.t * (IR.Exp.t * 'inst strexp0) list * 'inst Array of given length There are two conditions imposed / used in the array case. First, if some index and value pair appears inside an array in a strexp, then the index is less than the length of the array. For instance, x |->[10 | e1: v1] implies that e1 <= 9. Second, if two indices appear in an array, they should be different. For instance, x |->[10 | e1: v1, e2: v2] implies that e1 != e2.: structured expressions represent a value of structured type, such as an array or a struct.

val compare_strexp0 : ('inst -> 'inst -> int) -> 'inst strexp0 -> 'inst strexp0 -> int

type strexp = inst strexp0

val compare_strexp : ?⁠inst:bool -> strexp -> strexp -> int: Comparison function for strexp. The inst:: parameter specifies whether instumentations should also be considered (false by default).

val equal_strexp : ?⁠inst:bool -> strexp -> strexp -> bool: Equality function for strexp. The inst:: parameter specifies whether instumentations should also be considered (false by default).

type 'inst hpred0 = | Hpointsto of IR.Exp.t * 'inst strexp0 * IR.Exp.t represents exp|->strexp:typexp where typexp is an expression representing a type, e.h. sizeof(t). | Hlseg of lseg_kind * 'inst hpara0 * IR.Exp.t * IR.Exp.t * IR.Exp.t list higher - order predicate for singly - linked lists. Should ensure that exp1!= exp2 implies that exp1 is allocated. This assumption is used in the rearrangement. The last exp list parameter is used to denote the shared links by all the nodes in the list. | Hdllseg of lseg_kind * 'inst hpara_dll0 * IR.Exp.t * IR.Exp.t * IR.Exp.t * IR.Exp.t * IR.Exp.t list higher-order predicate for doubly-linked lists. Parameter for the higher-order singly-linked list predicate. Means "lambda (root,next,svars). Exists evars. body". Assume that root, next, svars, evars are disjoint sets of primed identifiers, and include all the free primed identifiers in body. body should not contain any non - primed identifiers or program variables (i.e. pvars).: an atomic heap predicate

and 'inst hpara0 = { root : IR.Ident.t; next : IR.Ident.t; svars : IR.Ident.t list; evars : IR.Ident.t list; body : 'inst hpred0 list; }
and 'inst hpara_dll0 = { cell : IR.Ident.t; address cell blink : IR.Ident.t; backward link flink : IR.Ident.t; forward link svars_dll : IR.Ident.t list; evars_dll : IR.Ident.t list; body_dll : 'inst hpred0 list; }: parameter for the higher-order doubly-linked list predicates. Assume that all the free identifiers in body_dll should belong to cell, blink, flink, svars_dll, evars_dll.

val compare_hpred0 : ('inst -> 'inst -> int) -> 'inst hpred0 -> 'inst hpred0 -> int
val compare_hpara0 : ('inst -> 'inst -> int) -> 'inst hpara0 -> 'inst hpara0 -> int
val compare_hpara_dll0 : ('inst -> 'inst -> int) -> 'inst hpara_dll0 -> 'inst hpara_dll0 -> int
val compare_hpred0 : ('inst -> 'inst -> int) -> 'inst hpred0 -> 'inst hpred0 -> int
val compare_hpara0 : ('inst -> 'inst -> int) -> 'inst hpara0 -> 'inst hpara0 -> int
val compare_hpara_dll0 : ('inst -> 'inst -> int) -> 'inst hpara_dll0 -> 'inst hpara_dll0 -> int
val compare_hpred0 : ('inst -> 'inst -> int) -> 'inst hpred0 -> 'inst hpred0 -> int
val compare_hpara0 : ('inst -> 'inst -> int) -> 'inst hpara0 -> 'inst hpara0 -> int
val compare_hpara_dll0 : ('inst -> 'inst -> int) -> 'inst hpara_dll0 -> 'inst hpara_dll0 -> int

type hpred = inst hpred0
type hpara = inst hpara0
type hpara_dll = inst hpara_dll0

val compare_hpred : ?⁠inst:bool -> hpred -> hpred -> int: Comparison function for hpred. The inst:: parameter specifies whether instumentations should also be considered (false by default).

val equal_hpred : ?⁠inst:bool -> hpred -> hpred -> bool: Equality function for hpred. The inst:: parameter specifies whether instumentations should also be considered (false by default).

module HpredSet : IStdlib.IStd.Caml.Set.S with type HpredSet.elt = hpred: Sets of heap predicates

Compaction

type sharing_env

val create_sharing_env : unit -> sharing_env: Create a sharing env to store canonical representations

val hpred_compact : sharing_env -> hpred -> hpred: Return a compact representation of the exp

val is_objc_object : hpred -> bool

Comparision And Inspection Functions

val pp_offset : IStdlib.Pp.env -> F.formatter -> offset -> unit
val d_offset_list : offset list -> unit: Dump a list of offsets

val pp_atom : IStdlib.Pp.env -> F.formatter -> atom -> unit: Pretty print an atom.

val d_atom : atom -> unit: Dump an atom.

val pp_inst : F.formatter -> inst -> unit: pretty-print an inst

val pp_sexp : IStdlib.Pp.env -> F.formatter -> strexp -> unit: Pretty print a strexp.

val d_sexp : strexp -> unit: Dump a strexp.

val pp_hpred : IStdlib.Pp.env -> F.formatter -> hpred -> unit: Pretty print a hpred.

val d_hpred : hpred -> unit: Dump a hpred.

val pp_hpara : IStdlib.Pp.env -> F.formatter -> hpara -> unit: Pretty print a hpara.

val pp_hpara_dll : IStdlib.Pp.env -> F.formatter -> hpara_dll -> unit: Pretty print a hpara_dll.

module Env : sig ... end: record the occurrences of predicates as parameters of (doubly -)linked lists and Epara. Provides unique numbering for predicates and an iterator.

val pp_hpred_env : IStdlib.Pp.env -> Env.t option -> F.formatter -> hpred -> unit: Pretty print a hpred with optional predicate env

Functions for traversing SIL data types

val strexp_expmap : ((IR.Exp.t * inst option) -> IR.Exp.t * inst option) -> strexp -> strexp: Change exps in strexp using f. WARNING: the result might not be normalized.

val hpred_expmap : ((IR.Exp.t * inst option) -> IR.Exp.t * inst option) -> hpred -> hpred: Change exps in hpred by f. WARNING: the result might not be normalized.

val hpred_instmap : (inst -> inst) -> hpred -> hpred: Change instrumentations in hpred using f.

val hpred_list_expmap : ((IR.Exp.t * inst option) -> IR.Exp.t * inst option) -> hpred list -> hpred list: Change exps in hpred list by f. WARNING: the result might not be normalized.

val atom_expmap : (IR.Exp.t -> IR.Exp.t) -> atom -> atom: Change exps in atom by f. WARNING: the result might not be normalized.

val hpred_list_get_lexps : (IR.Exp.t -> bool) -> hpred list -> IR.Exp.t list
val hpred_entries : hpred -> IR.Exp.t list
val atom_free_vars : atom -> IR.Ident.t IStdlib.IStd.Sequence.t
val atom_gen_free_vars : atom -> (unit, IR.Ident.t) IStdlib.IStd.Sequence.Generator.t
val hpred_free_vars : hpred -> IR.Ident.t IStdlib.IStd.Sequence.t
val hpred_gen_free_vars : hpred -> (unit, IR.Ident.t) IStdlib.IStd.Sequence.Generator.t
val hpara_shallow_free_vars : hpara -> IR.Ident.t IStdlib.IStd.Sequence.t
val hpara_dll_shallow_free_vars : hpara_dll -> IR.Ident.t IStdlib.IStd.Sequence.t: Variables in hpara_dll, excluding bound vars in the body

Substitution

type subst = private (IR.Ident.t * IR.Exp.t) list

val compare_subst : subst -> subst -> int

val equal_subst : subst -> subst -> bool: Equality for substitutions.

val subst_of_list : (IR.Ident.t * IR.Exp.t) list -> subst: Create a substitution from a list of pairs. For all (id1, e1), (id2, e2) in the input list, if id1 = id2, then e1 = e2.

val subst_of_list_duplicates : (IR.Ident.t * IR.Exp.t) list -> subst: like subst_of_list, but allow duplicate ids and only keep the first occurrence

val sub_to_list : subst -> (IR.Ident.t * IR.Exp.t) list: Convert a subst to a list of pairs.

val sub_empty : subst: The empty substitution.

val is_sub_empty : subst -> bool
val sub_join : subst -> subst -> subst: Compute the common id-exp part of two inputs subst1 and subst2. The first component of the output is this common part. The second and third components are the remainder of subst1 and subst2, respectively.

val sub_symmetric_difference : subst -> subst -> subst * subst * subst: Compute the common id-exp part of two inputs subst1 and subst2. The first component of the output is this common part. The second and third components are the remainder of subst1 and subst2, respectively.

val sub_find : (IR.Ident.t -> bool) -> subst -> IR.Exp.t: sub_find filter sub returns the expression associated to the first identifier that satisfies filter. Raise Not_found_s/Caml.Not_found if there isn't one.

val sub_filter : (IR.Ident.t -> bool) -> subst -> subst: sub_filter filter sub restricts the domain of sub to the identifiers satisfying filter.

val sub_filter_pair : subst -> f:((IR.Ident.t * IR.Exp.t) -> bool) -> subst: sub_filter_exp filter sub restricts the domain of sub to the identifiers satisfying filter(id, sub(id)).

val sub_range_partition : (IR.Exp.t -> bool) -> subst -> subst * subst: sub_range_partition filter sub partitions sub according to whether range expressions satisfy filter.

val sub_domain_partition : (IR.Ident.t -> bool) -> subst -> subst * subst: sub_domain_partition filter sub partitions sub according to whether domain identifiers satisfy filter.

val sub_domain : subst -> IR.Ident.t list: Return the list of identifiers in the domain of the substitution.

val sub_range : subst -> IR.Exp.t list: Return the list of expressions in the range of the substitution.

val sub_range_map : (IR.Exp.t -> IR.Exp.t) -> subst -> subst: sub_range_map f sub applies f to the expressions in the range of sub.

val sub_map : (IR.Ident.t -> IR.Ident.t) -> (IR.Exp.t -> IR.Exp.t) -> subst -> subst: sub_map f g sub applies the renaming f to identifiers in the domain of sub and the substitution g to the expressions in the range of sub.

val extend_sub : subst -> IR.Ident.t -> IR.Exp.t -> subst option: Extend substitution and return None if not possible.

val subst_free_vars : subst -> IR.Ident.t IStdlib.IStd.Sequence.t
val subst_gen_free_vars : subst -> (unit, IR.Ident.t) IStdlib.IStd.Sequence.Generator.t

val exp_sub : subst -> IR.Exp.t -> IR.Exp.t
val atom_sub : subst -> atom -> atom
val instr_sub : subst -> IR.Sil.instr -> IR.Sil.instr: apply subst to all id's in instr, including LHS id's

val hpred_sub : subst -> hpred -> hpred

Functions for replacing occurrences of expressions.

val atom_replace_exp : (IR.Exp.t * IR.Exp.t) list -> atom -> atom
val hpred_replace_exp : (IR.Exp.t * IR.Exp.t) list -> hpred -> hpred

Functions for constructing or destructing entities in this module

val exp_get_offsets : IR.Exp.t -> offset list: Compute the offset list of an expression

val exp_add_offsets : IR.Exp.t -> offset list -> IR.Exp.t: Add the offset list to an expression

val sigma_to_sigma_ne : hpred list -> (atom list * hpred list) list
val hpara_instantiate : hpara -> IR.Exp.t -> IR.Exp.t -> IR.Exp.t list -> IR.Ident.t list * hpred list: hpara_instantiate para e1 e2 elist instantiates para with e1, e2 and elist. If para = lambda (x, y, xs). exists zs. b, then the result of the instantiation is b[e1 / x, e2 / y, elist / xs, _zs'/ zs] for some fresh _zs'.

val hpara_dll_instantiate : hpara_dll -> IR.Exp.t -> IR.Exp.t -> IR.Exp.t -> IR.Exp.t list -> IR.Ident.t list * hpred list: hpara_dll_instantiate para cell blink flink elist instantiates para with cell, blink, flink, and elist. If para = lambda (x, y, z, xs). exists zs. b, then the result of the instantiation is b[cell / x, blink / y, flink / z, elist / xs, _zs'/ zs] for some fresh _zs'.

val custom_error : IR.Pvar.t

`\|` `Aeq of IR.Exp.t * IR.Exp.t`	equality
`\|` `Aneq of IR.Exp.t * IR.Exp.t`	disequality
`\|` `Apred of IR.PredSymb.t * IR.Exp.t list`	predicate symbol applied to exps
`\|` `Anpred of IR.PredSymb.t * IR.Exp.t list`	negated predicate symbol applied to exps

`\|` `Lseg_NE`	nonempty (possibly circular) listseg
`\|` `Lseg_PE`	possibly empty (possibly circular) listseg

`\|` `Eexp of IR.Exp.t * 'inst`	Base case: expression with instrumentation
`\|` `Estruct of (IR.Fieldname.t * 'inst strexp0) list * 'inst`	C structure
`\|` `Earray of IR.Exp.t * (IR.Exp.t * 'inst strexp0) list * 'inst`	Array of given length There are two conditions imposed / used in the array case. First, if some index and value pair appears inside an array in a strexp, then the index is less than the length of the array. For instance, `x \|->[10 \| e1: v1]` implies that `e1 <= 9`. Second, if two indices appear in an array, they should be different. For instance, `x \|->[10 \| e1: v1, e2: v2]` implies that `e1 != e2`.

`\|` `Hpointsto of IR.Exp.t * 'inst strexp0 * IR.Exp.t`	represents `exp\|->strexp:typexp` where `typexp` is an expression representing a type, e.h. `sizeof(t)`.
`\|` `Hlseg of lseg_kind * 'inst hpara0 * IR.Exp.t * IR.Exp.t * IR.Exp.t list`	higher - order predicate for singly - linked lists. Should ensure that exp1!= exp2 implies that exp1 is allocated. This assumption is used in the rearrangement. The last `exp list` parameter is used to denote the shared links by all the nodes in the list.
`\|` `Hdllseg of lseg_kind * 'inst hpara_dll0 * IR.Exp.t * IR.Exp.t * IR.Exp.t * IR.Exp.t * IR.Exp.t list`	higher-order predicate for doubly-linked lists. Parameter for the higher-order singly-linked list predicate. Means "lambda (root,next,svars). Exists evars. body". Assume that root, next, svars, evars are disjoint sets of primed identifiers, and include all the free primed identifiers in body. body should not contain any non - primed identifiers or program variables (i.e. pvars).

`cell : IR.Ident.t;`	address cell
`blink : IR.Ident.t;`	backward link
`flink : IR.Ident.t;`	forward link
`svars_dll : IR.Ident.t list;`
`evars_dll : IR.Ident.t list;`
`body_dll : 'inst hpred0 list;`