private final PredicatePrecision computeNewPrecision() {
    // get previous precision
    UnmodifiableReachedSet unmodifiableReached = reached.asReachedSet();

    logger.log(Level.FINEST, "Removing everything below", refinementRoot, "from ARG.");

    // now create new precision
    precisionUpdate.start();
    PredicatePrecision basePrecision =
        findAllPredicatesFromSubgraph(refinementRoot, unmodifiableReached);

    logger.log(Level.ALL, "Old predicate map is", basePrecision);
    logger.log(Level.ALL, "New predicates are", newPredicates);

    PredicatePrecision newPrecision = basePrecision.addLocalPredicates(newPredicates.entries());

    logger.log(Level.ALL, "Predicate map now is", newPrecision);

    assert basePrecision.calculateDifferenceTo(newPrecision) == 0
        : "We forgot predicates during refinement!";

    precisionUpdate.stop();

    return newPrecision;
  }
コード例 #2
0
 private AlgorithmStatus run0(ReachedSet reached, Algorithm algorithm)
     throws InterruptedException, CPAException, CPAEnabledAnalysisPropertyViolationException {
   logger.log(Level.INFO, "Starting sub-analysis");
   shutdownNotifier.shutdownIfNecessary();
   AlgorithmStatus status = algorithm.run(reached);
   shutdownNotifier.shutdownIfNecessary();
   logger.log(Level.INFO, "Finished sub-analysis");
   return status;
 }
コード例 #3
0
  /**
   * Verify all the consistency properties related to CLangSMG
   *
   * @param pLogger Logger to log results
   * @param pSmg SMG to check
   * @return True if pSmg is consistent w.r.t. this criteria. False otherwise.
   */
  public static boolean verifyCLangSMG(LogManager pLogger, CLangSMG pSmg) {
    boolean toReturn = SMGConsistencyVerifier.verifySMG(pLogger, pSmg);

    pLogger.log(Level.FINEST, "Starting constistency check of a CLangSMG");

    toReturn =
        toReturn
            && verifyCLangSMGProperty(
                verifyDisjunctHeapAndGlobal(pLogger, pSmg),
                pLogger,
                "Checking CLangSMG consistency: heap and global object sets are disjunt");
    toReturn =
        toReturn
            && verifyCLangSMGProperty(
                verifyDisjunctHeapAndStack(pLogger, pSmg),
                pLogger,
                "Checking CLangSMG consistency: heap and stack objects are disjunct");
    toReturn =
        toReturn
            && verifyCLangSMGProperty(
                verifyDisjunctGlobalAndStack(pLogger, pSmg),
                pLogger,
                "Checking CLangSMG consistency: global and stack objects are disjunct");
    toReturn =
        toReturn
            && verifyCLangSMGProperty(
                verifyStackGlobalHeapUnion(pLogger, pSmg),
                pLogger,
                "Checking CLangSMG consistency: global, stack and heap object union contains all objects in SMG");
    toReturn =
        toReturn
            && verifyCLangSMGProperty(
                verifyNullObjectCLangProperties(pLogger, pSmg),
                pLogger,
                "Checking CLangSMG consistency: null object invariants hold");
    toReturn =
        toReturn
            && verifyCLangSMGProperty(
                verifyGlobalNamespace(pLogger, pSmg),
                pLogger,
                "Checking CLangSMG consistency: global namespace problem");
    toReturn =
        toReturn
            && verifyCLangSMGProperty(
                verifyStackNamespaces(pLogger, pSmg),
                pLogger,
                "Checking CLangSMG consistency: stack namespace");

    pLogger.log(Level.FINEST, "Ending consistency check of a CLangSMG");

    return toReturn;
  }
コード例 #4
0
 @SuppressWarnings("unused")
 private void reorderCallback(Integer pre, BDDFactory.ReorderStats stats) {
   if (logger.wouldBeLogged(LOG_LEVEL)) {
     switch (pre) {
       case 1:
         logger.log(LOG_LEVEL, "Starting BDD Reordering");
         break;
       case 0:
         logger.log(LOG_LEVEL, "Finished BDD Reordering:", stats);
         break;
       default:
         logger.log(LOG_LEVEL, stats);
     }
   }
 }
コード例 #5
0
 @SuppressWarnings("unused")
 private void gcCallback(Integer pre, BDDFactory.GCStats stats) {
   if (logger.wouldBeLogged(LOG_LEVEL)) {
     switch (pre) {
       case 1:
         logger.log(LOG_LEVEL, "Starting BDD Garbage Collection");
         break;
       case 0:
         logger.log(LOG_LEVEL, "Finished BDD", stats);
         break;
       default:
         logger.log(LOG_LEVEL, stats);
     }
   }
 }
コード例 #6
0
  /**
   * Verifies several NULL object-related properties
   *
   * @param pLogger Logger to log the message
   * @param pSmg SMG to check
   * @return True if pSmg is consistent w.r.t. this criteria. False otherwise.
   */
  private static boolean verifyNullObjectCLangProperties(LogManager pLogger, CLangSMG pSmg) {
    // Verify that there is no NULL object in global scope
    for (SMGObject obj : pSmg.getGlobalObjects().values()) {
      if (!obj.notNull()) {
        pLogger.log(
            Level.SEVERE, "CLangSMG inconsistent: null object in global object set [" + obj + "]");
        return false;
      }
    }

    // Verify there is no more than one NULL object in the heap object set
    SMGObject firstNull = null;
    for (SMGObject obj : pSmg.getHeapObjects()) {
      if (!obj.notNull()) {
        if (firstNull != null) {
          pLogger.log(
              Level.SEVERE,
              "CLangSMG inconsistent: second null object in heap object set [first="
                  + firstNull
                  + ", second="
                  + obj
                  + "]");
          return false;
        } else {
          firstNull = obj;
        }
      }
    }

    // Verify there is no NULL object in the stack object set
    for (CLangStackFrame frame : pSmg.getStackFrames()) {
      for (SMGObject obj : frame.getAllObjects()) {
        if (!obj.notNull()) {
          pLogger.log(
              Level.SEVERE, "CLangSMG inconsistent: null object in stack object set [" + obj + "]");
          return false;
        }
      }
    }

    // Verify there is at least one NULL object
    if (firstNull == null) {
      pLogger.log(Level.SEVERE, "CLangSMG inconsistent: no null object");
      return false;
    }

    return true;
  }
コード例 #7
0
  /**
   * Starts and execute the ImmediateChecksParser for parsing those Variables/functions that should
   * be checked for security violation at every state.
   *
   * @param pFile the file to be parsed.
   */
  @SuppressWarnings("resource")
  public ImmediateChecksParser(LogManager pLogger, Path pFile) {
    set = new TreeSet<>();

    List<String> contents = null;
    try {
      contents = Files.readAllLines(pFile, Charset.defaultCharset());
    } catch (IOException e) {
      pLogger.logUserException(
          Level.WARNING, e, "Could not read intial security mapping from file named " + pFile);
      return;
    }

    for (String strLine : contents) {
      if (strLine.trim().isEmpty()) {
        continue;

      } else if (strLine.contains(";")) {
        int sem = strLine.indexOf(";");
        Variable var = new Variable(strLine.substring(0, sem));
        if (!set.contains(var)) {
          set.add(var);
        }
      }
    }
  }
  /**
   * Get the predicates out of an interpolant.
   *
   * @param pInterpolant The interpolant formula.
   * @return A set of predicates.
   */
  private final Collection<AbstractionPredicate> convertInterpolant(
      final BooleanFormula pInterpolant) {

    BooleanFormula interpolant = pInterpolant;

    if (bfmgr.isTrue(interpolant)) {
      return Collections.<AbstractionPredicate>emptySet();
    }

    Collection<AbstractionPredicate> preds;

    if (atomicPredicates) {
      preds = predAbsMgr.getPredicatesForAtomsOf(interpolant);

    } else {
      preds = ImmutableList.of(predAbsMgr.getPredicateFor(interpolant));
    }

    assert !preds.isEmpty()
        : "Interpolant without relevant predicates: "
            + pInterpolant
            + "; simplified to "
            + interpolant;

    logger.log(Level.FINEST, "Got predicates", preds);

    return preds;
  }
コード例 #9
0
  /**
   * This method exports the current representation in dot format to the given file.
   *
   * @param file file the file to write to
   */
  public void exportToDot(PathTemplate file, int refinementCounter) {
    StringBuilder result = new StringBuilder().append("digraph tree {" + "\n");
    for (Map.Entry<ARGState, ARGState> current : successorRelation.entries()) {
      if (interpolants.containsKey(current.getKey())) {
        StringBuilder sb = new StringBuilder();

        sb.append("itp is " + interpolants.get(current.getKey()));

        result.append(
            current.getKey().getStateId()
                + " [label=\""
                + (current.getKey().getStateId()
                    + " / "
                    + AbstractStates.extractLocation(current.getKey()))
                + " has itp "
                + (sb.toString())
                + "\"]"
                + "\n");
        result.append(
            current.getKey().getStateId()
                + " -> "
                + current.getValue().getStateId()
                + "\n"); // + " [label=\"" +
                         // current.getKey().getEdgeToChild(current.getValue()).getRawStatement().replace("\n", "") + "\"]\n");

      } else {
        result.append(
            current.getKey().getStateId()
                + " [label=\""
                + current.getKey().getStateId()
                + " has itp NA\"]"
                + "\n");
        result.append(
            current.getKey().getStateId()
                + " -> "
                + current.getValue().getStateId()
                + "\n"); // + " [label=\"" +
                         // current.getKey().getEdgeToChild(current.getValue()).getRawStatement().replace("\n", "") + "\"]\n");
      }

      if (current.getValue().isTarget()) {
        result.append(
            current.getValue().getStateId() + " [style=filled, fillcolor=\"red\"]" + "\n");
      }

      assert (!current.getKey().isTarget());
    }
    result.append("}");

    try {
      MoreFiles.writeFile(
          file.getPath(refinementCounter, interpolationCounter), Charset.defaultCharset(), result);
    } catch (IOException e) {
      logger.logUserException(Level.WARNING, e, "Could not write interpolation tree to file");
    }
  }
コード例 #10
0
  /**
   * Verifies that heap and global object sets are disjunct
   *
   * @param pLogger Logger to log the message
   * @param pSmg SMG to check
   * @return True if pSmg is consistent w.r.t. this criteria. False otherwise.
   */
  private static boolean verifyDisjunctHeapAndGlobal(LogManager pLogger, CLangSMG pSmg) {
    Map<String, SMGRegion> globals = pSmg.getGlobalObjects();
    Set<SMGObject> heap = pSmg.getHeapObjects();

    boolean toReturn = Collections.disjoint(globals.values(), heap);

    if (!toReturn) {
      pLogger.log(Level.SEVERE, "CLangSMG inconsistent, heap and global objects are not disjoint");
    }

    return toReturn;
  }
コード例 #11
0
  @SuppressWarnings("unchecked")
  @Override
  public void printStatistics(PrintStream out, Result result, ReachedSet reached) {
    StatisticsData statistics;
    if (cpa.isAnalysis()) {
      statistics = cpa.getFactory().getGlobalAnalysis();
    } else {
      StatisticsState lastState = (StatisticsState) reached.getLastState();
      if (lastState == null) {
        for (AbstractState abstractState : reached.asCollection()) {
          if (abstractState != null) {
            lastState = (StatisticsState) reached.getLastState();
          }
        }
      }

      statistics = lastState.getStatistics();
    }

    Map<String, Object> jsonMap = new HashMap<>();
    for (Entry<StatisticsProvider, StatisticsDataProvider> entry : statistics) {
      StatisticsProvider provider = entry.getKey();
      StatisticsDataProvider data = entry.getValue();
      String propName = provider.getPropertyName();
      Object value = data.getPropertyValue();
      String mergeInfo = "";
      if (!cpa.isAnalysis()) {
        String mergeType = provider.getMergeType();
        mergeInfo = "_" + mergeType;
        // Save in json with merge type
        Map<String, Object> innerJsonMap;
        if (jsonMap.containsKey(propName)) {
          innerJsonMap = (Map<String, Object>) jsonMap.get(propName);
        } else {
          innerJsonMap = new HashMap<>();
          jsonMap.put(propName, innerJsonMap);
        }
        innerJsonMap.put(mergeType, value);
      } else {
        // Save in json without merge type
        jsonMap.put(propName, value);
      }
      out.println("\t" + propName + mergeInfo + ": " + value);
    }

    if (statisticsCPAFile != null) {
      try {
        JSON.writeJSONString(jsonMap, statisticsCPAFile);
      } catch (IOException e) {
        logger.logUserException(Level.WARNING, e, "Could not write statistics to file");
      }
    }
  }
コード例 #12
0
 @Test
 public void parse() throws InvalidConfigurationException {
   List<Automaton> automata =
       AutomatonParser.parseAutomatonFile(
           automatonFile,
           TestDataTools.configurationForTest().build(),
           LogManager.createTestLogManager(),
           MachineModel.LINUX32,
           CProgramScope.empty(),
           Language.C);
   assertThat(automata).named("automata from file " + automatonFile).isNotEmpty();
 }
コード例 #13
0
  private Algorithm getAlgorithm(
      ShutdownNotifier singleShutdownNotifier,
      Configuration singleConfig,
      LogManager singleLogger,
      ConfigurableProgramAnalysis cpa)
      throws InvalidConfigurationException, CPAException {
    singleLogger.log(Level.FINE, "Creating algorithms");
    Algorithm algorithm =
        CPAAlgorithm.create(cpa, singleLogger, singleConfig, singleShutdownNotifier);

    CEGARAlgorithm cegarAlgorithm = new CEGARAlgorithm(algorithm, cpa, singleConfig, singleLogger);
    cegarAlgorithm.collectStatistics(stats.getSubStatistics());

    return cegarAlgorithm;
  }
コード例 #14
0
  /**
   * Verifies that global and stack object sets are disjunct
   *
   * @param pLogger Logger to log the message
   * @param pSmg SMG to check
   * @return True if pSmg is consistent w.r.t. this criteria. False otherwise.
   */
  private static boolean verifyDisjunctGlobalAndStack(LogManager pLogger, CLangSMG pSmg) {
    Deque<CLangStackFrame> stack_frames = pSmg.getStackFrames();
    Set<SMGObject> stack = new HashSet<>();

    for (CLangStackFrame frame : stack_frames) {
      stack.addAll(frame.getAllObjects());
    }
    Map<String, SMGRegion> globals = pSmg.getGlobalObjects();

    boolean toReturn = Collections.disjoint(stack, globals.values());

    if (!toReturn) {
      pLogger.log(Level.SEVERE, "CLangSMG inconsistent, global and stack objects are not disjoint");
    }

    return toReturn;
  }
コード例 #15
0
  @Before
  public void setUp() throws Exception {
    requireArrays();
    requireQuantifiers();
    requireRationals();

    FormulaManagerView mgrv =
        new FormulaManagerView(mgr, config, LogManager.createTestLogManager());
    this.qfm = mgrv.getQuantifiedFormulaManager();
    imgr = mgrv.getIntegerFormulaManager();

    _x = imgr.makeVariable("x");
    _b = amgr.makeArray("b", FormulaType.IntegerType, FormulaType.IntegerType);

    _b_at_x_eq_1 = imgr.equal(amgr.select(_b, _x), imgr.makeNumber(1));
    _b_at_x_eq_0 = imgr.equal(amgr.select(_b, _x), imgr.makeNumber(0));
  }
コード例 #16
0
  /**
   * Verify the stack name space: each record points to an appropriately labeled object
   *
   * @param pLogger Logger to log the message
   * @param pSmg the current smg
   * @return True if pSmg is consistent w.r.t. this criteria. False otherwise.
   */
  private static boolean verifyStackNamespaces(LogManager pLogger, CLangSMG pSmg) {
    HashSet<SMGObject> stack_objects = new HashSet<>();

    for (CLangStackFrame frame : pSmg.getStackFrames()) {
      for (SMGObject object : frame.getAllObjects()) {
        if (stack_objects.contains(object)) {
          pLogger.log(
              Level.SEVERE,
              "CLangSMG inconsistent: object [" + object + "] present multiple times in the stack");
          return false;
        }
        stack_objects.add(object);
      }
    }

    return true;
  }
コード例 #17
0
  private ReachedSet createInitialReachedSetForRestart(
      ConfigurableProgramAnalysis cpa,
      CFANode mainFunction,
      Configuration singleConfig,
      LogManager singleLogger)
      throws InvalidConfigurationException, InterruptedException {
    singleLogger.log(Level.FINE, "Creating initial reached set");

    ReachedSetFactory reachedSetFactory = new ReachedSetFactory(singleConfig);
    AbstractState initialState =
        cpa.getInitialState(mainFunction, StateSpacePartition.getDefaultPartition());
    Precision initialPrecision =
        cpa.getInitialPrecision(mainFunction, StateSpacePartition.getDefaultPartition());

    ReachedSet reached = reachedSetFactory.create();
    reached.add(initialState, initialPrecision);
    return reached;
  }
コード例 #18
0
  /**
   * Verify the global scope is consistent: each record points to an appropriately labeled object
   *
   * @param pLogger Logger to log the message
   * @param pSmg SMG to check
   * @return True if pSmg is consistent w.r.t. this criteria. False otherwise.
   */
  private static boolean verifyGlobalNamespace(LogManager pLogger, CLangSMG pSmg) {
    Map<String, SMGRegion> globals = pSmg.getGlobalObjects();

    for (String label : pSmg.getGlobalObjects().keySet()) {
      String globalLabel = globals.get(label).getLabel();
      if (!globalLabel.equals(label)) {
        pLogger.log(
            Level.SEVERE,
            "CLangSMG inconsistent: label ["
                + label
                + "] points to an object with label ["
                + pSmg.getGlobalObjects().get(label).getLabel()
                + "]");
        return false;
      }
    }

    return true;
  }
コード例 #19
0
  public AbstractState widening(OctagonState successorOct, OctagonState reachedOct) {
    Pair<OctagonState, OctagonState> shrinkedStates = getShrinkedStates(successorOct, reachedOct);
    successorOct = shrinkedStates.getFirst();
    reachedOct = shrinkedStates.getSecond();

    Octagon newOctagon =
        reachedOct
            .getOctagon()
            .getManager()
            .widening(reachedOct.getOctagon(), successorOct.getOctagon());

    // TODO this should not be necessary however it occurs that a widened state is bottom
    if (reachedOct.getOctagon().getManager().isEmpty(newOctagon)) {
      newOctagon =
          reachedOct
              .getOctagon()
              .getManager()
              .union(reachedOct.getOctagon(), successorOct.getOctagon());
      logger.log(
          Level.WARNING,
          "bottom state occured where it should not be, using union instead of widening as a fallback");
      if (reachedOct.getOctagon().getManager().isEmpty(newOctagon)) {
        throw new AssertionError("bottom state occured where it should not be");
      }
    }

    OctagonState newState =
        new OctagonState(
            newOctagon,
            successorOct.getVariableToIndexMap(),
            successorOct.getVariableToTypeMap(),
            logger);
    if (reachedOct.isLoopHead()) {
      newState = newState.asLoopHead();
    }
    if (newState.equals(successorOct)) {
      return successorOct;
    } else if (newState.equals(reachedOct)) {
      return reachedOct;
    } else {
      return newState;
    }
  }
コード例 #20
0
  /**
   * Verifies that heap and stack object sets are disjunct
   *
   * @param pLogger Logger to log the message
   * @param pSmg SMG to check
   * @return True if pSmg is consistent w.r.t. this criteria. False otherwise.
   */
  private static boolean verifyDisjunctHeapAndStack(LogManager pLogger, CLangSMG pSmg) {
    Deque<CLangStackFrame> stack_frames = pSmg.getStackFrames();
    Set<SMGObject> stack = new HashSet<>();

    for (CLangStackFrame frame : stack_frames) {
      stack.addAll(frame.getAllObjects());
    }
    Set<SMGObject> heap = pSmg.getHeapObjects();

    boolean toReturn = Collections.disjoint(stack, heap);

    if (!toReturn) {
      pLogger.log(
          Level.SEVERE,
          "CLangSMG inconsistent, heap and stack objects are not disjoint: "
              + Sets.intersection(stack, heap));
    }

    return toReturn;
  }
コード例 #21
0
  /**
   * Verifies that heap, global and stack union is equal to the set of all objects
   *
   * @param pLogger Logger to log the message
   * @param pSmg SMG to check
   * @return True if pSmg is consistent w.r.t. this criteria. False otherwise.
   */
  private static boolean verifyStackGlobalHeapUnion(LogManager pLogger, CLangSMG pSmg) {
    HashSet<SMGObject> object_union = new HashSet<>();

    object_union.addAll(pSmg.getHeapObjects());
    object_union.addAll(pSmg.getGlobalObjects().values());

    for (CLangStackFrame frame : pSmg.getStackFrames()) {
      object_union.addAll(frame.getAllObjects());
    }

    boolean toReturn =
        object_union.containsAll(pSmg.getObjects()) && pSmg.getObjects().containsAll(object_union);

    if (!toReturn) {
      pLogger.log(
          Level.SEVERE,
          "CLangSMG inconsistent: union of stack, heap and global object is not the same set as the set of SMG objects");
    }

    return toReturn;
  }
コード例 #22
0
 /**
  * Return the current size of the cache of the BDD library. Returns -1 if value cannot be read.
  */
 private int readCacheSize() {
   if (factory instanceof JFactory) {
     // Unfortunately JFactory does not update its reported size on cache resizes.
     try {
       Field cacheField = JFactory.class.getDeclaredField("applycache");
       cacheField.setAccessible(true);
       Object cache = cacheField.get(factory);
       if (cache != null) {
         Field tableField = cache.getClass().getDeclaredField("table");
         tableField.setAccessible(true);
         Object table = tableField.get(cache);
         if (table instanceof Object[]) {
           return ((Object[]) table).length;
         }
       }
     } catch (ReflectiveOperationException | SecurityException e) {
       logger.logDebugException(e, "Could not access cache field of JFactory for statistics");
     }
     return -1;
   }
   return factory.getCacheSize();
 }
コード例 #23
0
  public ConfigurableProgramAnalysis createCPA(
      final CFA cfa,
      @Nullable final MainCPAStatistics stats,
      SpecAutomatonCompositionType composeWithSpecificationCPAs)
      throws InvalidConfigurationException, CPAException {
    logger.log(Level.FINE, "Creating CPAs");
    if (stats != null) {
      stats.cpaCreationTime.start();
    }
    try {

      if (useRestartingAlgorithm) {
        // hard-coded dummy CPA
        return LocationCPA.factory().set(cfa, CFA.class).setConfiguration(config).createInstance();
      }

      final ConfigurableProgramAnalysis cpa;
      switch (composeWithSpecificationCPAs) {
        case TARGET_SPEC:
          cpa = cpaFactory.buildCPAWithSpecAutomatas(cfa);
          break;
        case BACKWARD_TO_ENTRY_SPEC:
          cpa = cpaFactory.buildCPAWithBackwardSpecAutomatas(cfa);
          break;
        default:
          cpa = cpaFactory.buildCPAs(cfa, null);
      }

      if (stats != null && cpa instanceof StatisticsProvider) {
        ((StatisticsProvider) cpa).collectStatistics(stats.getSubStatistics());
      }
      return cpa;

    } finally {
      if (stats != null) {
        stats.cpaCreationTime.stop();
      }
    }
  }
コード例 #24
0
 /**
  * Records a result of a single check to a logger along with a message
  *
  * @param pResult Result of the check
  * @param pLogger Logger to log the message
  * @param pMessage Message to be logged
  * @return The result of the check, i.e. equivalent to pResult
  */
 private static boolean verifyCLangSMGProperty(
     boolean pResult, LogManager pLogger, String pMessage) {
   pLogger.log(Level.FINEST, pMessage, ":", pResult);
   return pResult;
 }
コード例 #25
0
  /**
   * Returns the <code>AutomatonStates</code> that follow this State in the ControlAutomatonCPA. If
   * the passed <code>AutomatonExpressionArguments</code> are not sufficient to determine the
   * following state this method returns a <code>AutomatonUnknownState</code> that contains this as
   * previous State. The strengthen method of the <code>AutomatonUnknownState</code> should be used
   * once enough Information is available to determine the correct following State.
   *
   * <p>If the state is a NonDet-State multiple following states may be returned. If the only
   * following state is BOTTOM an empty set is returned.
   *
   * @throws CPATransferException
   */
  private Collection<AutomatonState> getFollowStates(
      AutomatonState state,
      List<AbstractState> otherElements,
      CFAEdge edge,
      boolean failOnUnknownMatch)
      throws CPATransferException {
    Preconditions.checkArgument(!(state instanceof AutomatonUnknownState));
    if (state == cpa.getBottomState()) {
      return Collections.emptySet();
    }

    if (collectTokenInformation) {
      SourceLocationMapper.getKnownToEdge(edge);
    }

    if (state.getInternalState().getTransitions().isEmpty()) {
      // shortcut
      return Collections.singleton(state);
    }

    Collection<AutomatonState> lSuccessors = Sets.newHashSetWithExpectedSize(2);
    AutomatonExpressionArguments exprArgs =
        new AutomatonExpressionArguments(state, state.getVars(), otherElements, edge, logger);
    boolean edgeMatched = false;
    int failedMatches = 0;
    boolean nonDetState = state.getInternalState().isNonDetState();

    // these transitions cannot be evaluated until last, because they might have sideeffects on
    // other CPAs (dont want to execute them twice)
    // the transitionVariables have to be cached (produced during the match operation)
    // the list holds a Transition and the TransitionVariables generated during its match
    List<Pair<AutomatonTransition, Map<Integer, String>>> transitionsToBeTaken = new ArrayList<>(2);

    for (AutomatonTransition t : state.getInternalState().getTransitions()) {
      exprArgs.clearTransitionVariables();

      matchTime.start();
      ResultValue<Boolean> match = t.match(exprArgs);
      matchTime.stop();

      //      System.out.println("----------------------");
      //      System.out.println(t.getTrigger());
      //      System.out.println(t.getFollowState().getName());
      //      System.out.println(edge.getPredecessor().getNodeNumber());
      //      System.out.println(edge.getCode());
      //      System.out.println(match.getValue());

      if (match.canNotEvaluate()) {
        if (failOnUnknownMatch) {
          throw new CPATransferException(
              "Automaton transition condition could not be evaluated: "
                  + match.getFailureMessage());
        }
        // if one transition cannot be evaluated the evaluation must be postponed until enough
        // information is available
        return Collections.<AutomatonState>singleton(new AutomatonUnknownState(state));
      } else {
        if (match.getValue()) {
          edgeMatched = true;
          assertionsTime.start();
          ResultValue<Boolean> assertionsHold = t.assertionsHold(exprArgs);
          assertionsTime.stop();

          if (assertionsHold.canNotEvaluate()) {
            if (failOnUnknownMatch) {
              throw new CPATransferException(
                  "Automaton transition assertions could not be evaluated: "
                      + assertionsHold.getFailureMessage());
            }
            // cannot yet be evaluated
            return Collections.<AutomatonState>singleton(new AutomatonUnknownState(state));

          } else if (assertionsHold.getValue()) {
            if (!t.canExecuteActionsOn(exprArgs)) {
              if (failOnUnknownMatch) {
                throw new CPATransferException("Automaton transition action could not be executed");
              }
              // cannot yet execute, goto UnknownState
              return Collections.<AutomatonState>singleton(new AutomatonUnknownState(state));
            }

            // delay execution as described above
            Map<Integer, String> transitionVariables =
                ImmutableMap.copyOf(exprArgs.getTransitionVariables());
            transitionsToBeTaken.add(Pair.of(t, transitionVariables));

          } else {
            // matching transitions, but unfulfilled assertions: goto error state
            AutomatonState errorState =
                AutomatonState.automatonStateFactory(
                    Collections.<String, AutomatonVariable>emptyMap(),
                    AutomatonInternalState.ERROR,
                    cpa,
                    0,
                    0,
                    "");
            logger.log(
                Level.INFO,
                "Automaton going to ErrorState on edge \"" + edge.getDescription() + "\"");
            lSuccessors.add(errorState);
          }

          if (!nonDetState) {
            // not a nondet State, break on the first matching edge
            break;
          }
        } else {
          // do nothing if the edge did not match
          failedMatches++;
        }
      }
    }

    if (edgeMatched) {
      // execute Transitions
      for (Pair<AutomatonTransition, Map<Integer, String>> pair : transitionsToBeTaken) {
        // this transition will be taken. copy the variables
        AutomatonTransition t = pair.getFirst();
        Map<Integer, String> transitionVariables = pair.getSecond();
        actionTime.start();
        Map<String, AutomatonVariable> newVars = deepCloneVars(state.getVars());
        exprArgs.setAutomatonVariables(newVars);
        exprArgs.putTransitionVariables(transitionVariables);
        t.executeActions(exprArgs);
        actionTime.stop();
        String violatedPropertyDescription = null;
        if (t.getFollowState().isTarget()) {
          violatedPropertyDescription = t.getViolatedPropertyDescription(exprArgs);
        }
        AutomatonState lSuccessor =
            AutomatonState.automatonStateFactory(
                newVars,
                t.getFollowState(),
                cpa,
                t.getAssumptions(),
                state.getMatches() + 1,
                state.getFailedMatches(),
                violatedPropertyDescription);
        if (!(lSuccessor instanceof AutomatonState.BOTTOM)) {
          lSuccessors.add(lSuccessor);
        } else {
          // add nothing
        }
      }
      return lSuccessors;
    } else {
      // stay in same state, no transitions to be executed here (no transition matched)
      AutomatonState stateNewCounters =
          AutomatonState.automatonStateFactory(
              state.getVars(),
              state.getInternalState(),
              cpa,
              state.getMatches(),
              state.getFailedMatches() + failedMatches,
              null);
      if (collectTokenInformation) {
        stateNewCounters.addNoMatchTokens(state.getTokensSinceLastMatch());
        if (edge.getEdgeType() != CFAEdgeType.DeclarationEdge) {
          stateNewCounters.addNoMatchTokens(
              SourceLocationMapper.getAbsoluteTokensFromCFAEdge(edge, true));
        }
      }
      return Collections.singleton(stateNewCounters);
    }
  }
コード例 #26
0
  @Override
  public AlgorithmStatus run(ReachedSet pReached) throws CPAException, InterruptedException {
    checkArgument(
        pReached instanceof ForwardingReachedSet, "RestartAlgorithm needs ForwardingReachedSet");
    ForwardingReachedSet reached = (ForwardingReachedSet) pReached;

    CFANode mainFunction = AbstractStates.extractLocation(pReached.getFirstState());
    assert mainFunction != null : "Location information needed";

    AlgorithmStatus status = AlgorithmStatus.UNSOUND_AND_PRECISE;

    try {
      ReachedSetFactory reachedSetFactory = new ReachedSetFactory(globalConfig);

      // predicate analysis
      logger.log(Level.FINE, "Creating CPA for PredicateAnalysis");
      Configuration singleConfig1 = getConfigFromFile(configFiles.get(0));
      ConfigurableProgramAnalysis cpa1 = getCPA(reachedSetFactory, singleConfig1);
      Algorithm algorithm1 = getAlgorithm(shutdownNotifier, singleConfig1, logger, cpa1);
      ReachedSet reached1 =
          createInitialReachedSetForRestart(cpa1, mainFunction, singleConfig1, logger);

      reached.setDelegate(reached1);

      stats.noOfAlgorithmsUsed++;
      stats.totalTime.start();

      status = run0(reached1, algorithm1);

      // stats.printIntermediateStatistics(System.out, Result.UNKNOWN, reached); // disabled,
      // because table-generator can not distinguish 1st and 2nd statistics.
      stats.resetSubStatistics();

      // predicate bit-precise analysis
      logger.log(Level.FINE, "Creating CPA for PredicateAnalysis-Bitprecise");
      Configuration singleConfig2 = getConfigFromFile(configFiles.get(1));
      ConfigurableProgramAnalysis cpa2 = getCPA(reachedSetFactory, singleConfig2);

      {
        // this is the important step: re-use the reached-set
        ARGReplayCPA argReplay = CPAs.retrieveCPA(cpa2, ARGReplayCPA.class);
        checkNotNull(argReplay, "ARGReplay-CPA is needed for second analysis");
        argReplay.setARGAndCPA(reached1, cpa1);
      }

      Algorithm algorithm2 = getAlgorithm(shutdownNotifier, singleConfig2, logger, cpa2);
      ReachedSet reached2 =
          createInitialReachedSetForRestart(cpa2, mainFunction, singleConfig2, logger);

      reached.setDelegate(reached2);

      stats.noOfAlgorithmsUsed++;
      stats.totalTime.start();

      status = run0(reached2, algorithm2);

      stats.printIntermediateStatistics(System.out, Result.UNKNOWN, reached);
      stats.resetSubStatistics();

    } catch (InvalidConfigurationException e) {
      logger.logUserException(
          Level.WARNING, e, "Exiting analysis because the configuration file is invalid");
    } catch (IOException e) {
      logger.logUserException(
          Level.WARNING, e, "Exiting analysis because the configuration file could not be read");
    } finally {
      // TODO close CPAs and algorithms
    }

    return status;
  }
コード例 #27
0
  @Override
  public AbstractState rebuildStateAfterFunctionCall(
      AbstractState pRootState,
      AbstractState pEntryState,
      AbstractState pExpandedState,
      FunctionExitNode exitLocation) {
    final PredicateAbstractState rootState = (PredicateAbstractState) pRootState;
    final PredicateAbstractState entryState = (PredicateAbstractState) pEntryState;
    final PredicateAbstractState expandedState = (PredicateAbstractState) pExpandedState;
    final PersistentMap<CFANode, Integer> abstractionLocations =
        expandedState.getAbstractionLocationsOnPath();

    // TODO why did I copy the next if-statement? when is it used?
    if (!expandedState.isAbstractionState()) {
      return expandedState;
    }

    // we have:
    // - abstraction of rootState with ssa                --> use as it is
    // - callEdge-pathFormula with ssa (from rootState)   --> use as it is, with updated SSAMap
    // - abstraction of functioncall (expandedSSA)        --> instantiate, with updated SSAMap, so
    // that:
    //           - only param and return-var overlap to callEdge
    //           - all other vars are distinct
    final String calledFunction = exitLocation.getFunctionName();
    final PathFormula functionCall = entryState.getAbstractionFormula().getBlockFormula();
    final SSAMap entrySsaWithRet = functionCall.getSsa();
    final SSAMapBuilder entrySsaWithRetBuilder = entrySsaWithRet.builder();
    final SSAMapBuilder summSsa =
        rootState.getAbstractionFormula().getBlockFormula().getSsa().builder();

    final SSAMap expandedSSA = expandedState.getAbstractionFormula().getBlockFormula().getSsa();
    for (String var : expandedSSA.allVariables()) {
      final CType type = expandedSSA.getType(var);
      if (var.startsWith(calledFunction + "::") && var.endsWith(PARAM_VARIABLE_NAME)) {
        int newIndex = entrySsaWithRet.getIndex(var);
        assert entrySsaWithRet.containsVariable(var)
            : "param for function is not used in functioncall";
        entrySsaWithRetBuilder.setIndex(var, type, newIndex);
        setFreshValueBasis(summSsa, var, newIndex);

      } else if (exitLocation.getEntryNode().getReturnVariable().isPresent()
          && exitLocation.getEntryNode().getReturnVariable().get().getQualifiedName().equals(var)) {
        // var.startsWith(calledFunction + "::") && var.endsWith(RETURN_VARIABLE_NAME)
        final int newIndex =
            Math.max(expandedSSA.getIndex(var), entrySsaWithRetBuilder.getFreshIndex(var));
        entrySsaWithRetBuilder.setIndex(var, type, newIndex);
        summSsa.setIndex(var, type, newIndex);

      } else if (!entrySsaWithRet.containsVariable(var)) {
        // non-existent index for variable only used in functioncall, just copy
        final int newIndex = expandedSSA.getIndex(var);
        entrySsaWithRetBuilder.setIndex(var, type, newIndex);
        summSsa.setIndex(var, type, newIndex);

      } else {
        final int newIndex = entrySsaWithRetBuilder.getFreshIndex(var);
        entrySsaWithRetBuilder.setIndex(var, type, newIndex);
        setFreshValueBasis(summSsa, var, newIndex);
      }
    }

    final SSAMap newEntrySsaWithRet = entrySsaWithRetBuilder.build();
    final SSAMap newSummSsa = summSsa.build();

    // function-call needs have new retvars-indices.
    PathFormula functionCallWithSSA =
        new PathFormula(
            functionCall.getFormula(),
            newEntrySsaWithRet,
            functionCall.getPointerTargetSet(),
            functionCall.getLength());

    // concat function-call with function-summary,
    // function-summary will be instantiated with indices for params and retvars.
    PathFormula executedFunction =
        pmgr.makeAnd(functionCallWithSSA, expandedState.getAbstractionFormula().asFormula());

    // after function-execution we have to re-use the previous indices (fromouter scope),
    // thus lets change the SSAmap.
    PathFormula executedFunctionWithSSA =
        new PathFormula(
            executedFunction.getFormula(),
            newSummSsa,
            executedFunction.getPointerTargetSet(),
            executedFunction.getLength());

    // everything is prepared, so build a new AbstractionState.
    // we do this as 'future abstraction', because we do not have enough information
    // (necessary classes and managers) for the abstraction-process at this place.
    PredicateAbstractState rebuildState =
        new PredicateAbstractState.ComputeAbstractionState(
            executedFunctionWithSSA,
            rootState.getAbstractionFormula(),
            exitLocation,
            abstractionLocations);

    logger.log(
        Level.ALL,
        "\noldAbs: ",
        rootState.getAbstractionFormula().asInstantiatedFormula(),
        "\ncall: ",
        functionCallWithSSA,
        "\nsumm: ",
        expandedState.getAbstractionFormula().asFormula(),
        "\nexe: ",
        executedFunction,
        "\nentrySsaRet",
        newEntrySsaWithRet,
        "\nsummSsaRet",
        newSummSsa);

    return rebuildState;
  }
コード例 #28
0
 @SuppressWarnings("unused")
 private void resizeCallback(Integer oldSize, Integer newSize) {
   logger.log(LOG_LEVEL, "BDD node table resized from", oldSize, "to", newSize);
 }
コード例 #29
0
  public Algorithm createAlgorithm(
      final ConfigurableProgramAnalysis cpa,
      final String programDenotation,
      final CFA cfa,
      @Nullable final MainCPAStatistics stats)
      throws InvalidConfigurationException, CPAException {
    logger.log(Level.FINE, "Creating algorithms");

    Algorithm algorithm;

    if (useProofCheckAlgorithm) {
      logger.log(Level.INFO, "Using Proof Check Algorithm");
      algorithm = new ProofCheckAlgorithm(cpa, config, logger, shutdownNotifier, cfa);
    } else if (useRestartingAlgorithm) {
      logger.log(Level.INFO, "Using Restarting Algorithm");
      algorithm = new RestartAlgorithm(config, logger, shutdownNotifier, programDenotation, cfa);

      if (useARGCombiningAlgorithm) {
        algorithm = new PartialARGsCombiner(algorithm, config, logger, shutdownNotifier, cfa);
      }
    } else if (useImpactAlgorithm) {
      algorithm = new ImpactAlgorithm(config, logger, shutdownNotifier, cpa, cfa);

    } else if (useRestartAlgorithmWithARGReplay) {
      algorithm = new RestartAlgorithmWithARGReplay(config, logger, shutdownNotifier, cfa);

    } else {
      algorithm = CPAAlgorithm.create(cpa, logger, config, shutdownNotifier, stats);

      if (useAnalysisWithEnablerCPAAlgorithm) {
        algorithm =
            new AnalysisWithRefinableEnablerCPAAlgorithm(
                algorithm, cpa, cfa, logger, config, shutdownNotifier);
      }

      if (useCEGAR) {
        algorithm = new CEGARAlgorithm(algorithm, cpa, config, logger);
      }

      if (useBMC) {
        algorithm =
            new BMCAlgorithm(
                algorithm, cpa, config, logger, reachedSetFactory, shutdownNotifier, cfa);
      }

      if (checkCounterexamples) {
        algorithm =
            new CounterexampleCheckAlgorithm(
                algorithm, cpa, config, logger, shutdownNotifier, cfa, programDenotation);
      }

      if (useBDDCPARestriction) {
        algorithm =
            new BDDCPARestrictionAlgorithm(
                algorithm, cpa, config, logger, shutdownNotifier, cfa, programDenotation);
      }

      if (collectAssumptions) {
        algorithm =
            new AssumptionCollectorAlgorithm(algorithm, cpa, cfa, shutdownNotifier, config, logger);
      }

      if (useAdjustableConditions) {
        algorithm = new RestartWithConditionsAlgorithm(algorithm, cpa, config, logger);
      }

      if (useTestGenAlgorithm) {
        algorithm = new TestGenAlgorithm(algorithm, cpa, shutdownNotifier, cfa, config, logger);
      }

      if (usePropertyCheckingAlgorithm) {
        if (!(cpa instanceof PropertyCheckerCPA)) {
          throw new InvalidConfigurationException(
              "Property checking algorithm requires CPAWithPropertyChecker as Top CPA");
        }
        algorithm = new AlgorithmWithPropertyCheck(algorithm, logger, (PropertyCheckerCPA) cpa);
      }

      if (useResultCheckAlgorithm) {
        algorithm = new ResultCheckAlgorithm(algorithm, cpa, cfa, config, logger, shutdownNotifier);
      }

      if (useCustomInstructionRequirementExtraction) {
        algorithm =
            new CustomInstructionRequirementsExtractingAlgorithm(
                algorithm, cpa, config, logger, shutdownNotifier, cfa);
      }

      if (usePreconditionRefinementAlgorithm) {
        algorithm =
            new PreconditionRefinerAlgorithm(algorithm, cpa, cfa, config, logger, shutdownNotifier);
      }
    }

    if (stats != null && algorithm instanceof StatisticsProvider) {
      ((StatisticsProvider) algorithm).collectStatistics(stats.getSubStatistics());
    }
    return algorithm;
  }
コード例 #30
0
  JavaBDDRegionManager(String bddPackage, Configuration config, LogManager pLogger)
      throws InvalidConfigurationException {
    config.inject(this);
    logger = pLogger;
    if (initTableRatio <= 0 || initTableRatio >= 1) {
      throw new InvalidConfigurationException(
          "Invalid value "
              + initTableRatio
              + " for option bdd.javabdd.initTableRatio, needs to be between 0 and 1.");
    }
    if (initTableSize == 0) {
      // JFactory uses 5 ints of 4 byte sizes for each entry in the BDD table
      double size = Runtime.getRuntime().maxMemory() * initTableRatio / 5 / 4;
      initTableSize = (size > Integer.MAX_VALUE) ? Integer.MAX_VALUE : (int) size;
      logger.log(Level.CONFIG, "Setting value of bdd.javabdd.initTableSize to", initTableSize);
    }

    if (cacheRatio < 0) {
      throw new InvalidConfigurationException(
          "Invalid value "
              + cacheRatio
              + " for option bdd.javabdd.cacheRatio, cannot be negative.");
    }
    if (cacheSize == 0) {
      cacheSize = (int) (initTableSize * cacheRatio);
    }
    factory = BDDFactory.init(bddPackage.toLowerCase(), initTableSize, cacheSize);

    // register callbacks for logging
    try {
      Method gcCallback =
          JavaBDDRegionManager.class.getDeclaredMethod(
              "gcCallback", Integer.class, BDDFactory.GCStats.class);
      gcCallback.setAccessible(true);
      factory.registerGCCallback(this, gcCallback);

      Method resizeCallback =
          JavaBDDRegionManager.class.getDeclaredMethod(
              "resizeCallback", Integer.class, Integer.class);
      resizeCallback.setAccessible(true);
      factory.registerResizeCallback(this, resizeCallback);

      Method reorderCallback =
          JavaBDDRegionManager.class.getDeclaredMethod(
              "reorderCallback", Integer.class, BDDFactory.ReorderStats.class);
      reorderCallback.setAccessible(true);
      factory.registerReorderCallback(this, reorderCallback);

      // If we do not log, unregister the handlers to avoid the cost of
      // calling them with reflection.
      // Registering and immediately unregistering prevents the library
      // from printing stuff to stdout.
      if (!logger.wouldBeLogged(LOG_LEVEL)) {
        factory.unregisterGCCallback(this, gcCallback);
        factory.unregisterResizeCallback(this, resizeCallback);
        factory.unregisterReorderCallback(this, reorderCallback);
      }

    } catch (NoSuchMethodException e) {
      throw new AssertionError(e);
    }

    factory.setVarNum(varcount);
    factory.setCacheRatio(cacheRatio);

    trueFormula = new JavaBDDRegion(factory.one());
    falseFormula = new JavaBDDRegion(factory.zero());
  }