Some memory model simplifications #768
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Unchecked reads are done directly as array accesses (as documented for MemoryHandler::getReadUnchecked) hence there do not exist corresponding procedures.
…ssion Hence, there is no need to wrap it into an ExpressionResult.
Perform instanceof-check inside the method for safe casting, instead of leaving it to the caller. Simplify the implementations and the calling code.
The appropriate accounting for CheckMode, the correct Spec, etc. should not have to be implemented anew for every addressing mode.
It is not clear why this method should be part of this interface, and the only usage of this method was on a concrete implementation anyway.
…ForFreeCall The appropriate accounting for settings, the correct Spec, etc. should not have to be implemented anew for every addressing mode.
…ForPointerExpression The logic implemented in this method was essentially the same as in the two already existing methods ::constructPointerValidityCheckExpr and ::constructPointerTargetFullyAllocatedCheckExpr. There is a slight edge case where the functionality differs: the old code checked "offset < length", whereas the new code (in ::constructPointerTargetFullyAllocatedCheckExpr) checks only "offset <= length". However, I suspect this difference is unintentional (I have added a TODO to clarify the correct behaviour).
…lityCheckExpr The old method was only used for this purpose, but did not make sense for all memory models. Hence, this is now handled analogously to the methods for pointer validity checks.
This method was overly specific and can easily be implemented by the single caller, using existing methods. Furthermore, the implementation in MemoryAddressing1D was incorrect: it simply returned "len-1" as a pointer.
Instead of encoding the specifications of malloc, dealloc and allocInit as lists of tuples containing expressions (which are used in "ensures" resp. "free ensures" clauses) and sets of variables (which are used in the "modifies" clause), they are now encoded using a specialized record.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Since the dedicated work by @jankoerner in #756, our C translation uses general interfaces to encapsulate different memory model implementations, rather than hardcoding a single memory model all throughout the translation (thanks again for this work!).
This PR collects some simplifications and refactorings of the code for which there was not enough time in the project / before SV-COMP; with the goal to improve maintainability and make it easier to implement further memory models in the future.
To review the changes in this PR, it might be a good idea to view them commit-by-commit.
In addition to the changes already here, the following items could also be improved (some of them may simply require more documentation):
IMemoryAddressing::constructMallocSpecificationExpressionsIMemoryAddressing::constructDeallocSpecificationExpressionsIMemoryAddressing::constructAllocInitSpecificationExpressionsIMemoryAddressing::constructUltimateInitStatements(what do these statements do?)IMemoryAddressing::getFixedAddressCounterCountingStepIMemoryAddressing::constructRhsAssignmentStatementHda::doPointerArithmetic,::addExpressionToPointer,addIntegerConstantToPointerand::doPointerSubtractiononIMemoryAdressing? Can some of them be implemented in terms of the others?IMemoryAddressing::constructAddressForStructField(perhaps implementable using::addIntegerConstantToPointer?)IMemoryAddressing::getLastCharOfStringIMemoryAddressing::constructStrChrAssumeStatement(if not, improve documentation and let it return an expression)IMemoryAddressing::checksForStringCopyOverlapping(otherwise, document parameters and return an expression)IMemoryAddressing::constructReallocBodyStatementsIMemoryAddressing::constructPointerValidityCheckExprand::constructPointerTargetFullyAllocatedCheckExprseems specific to the 2-dimensional model. Can they be merged into a single method? (that perhaps returns a list of expressions; and callers would need to take care of the)sizeparameter separately e.g. through a call to::addExpressionToPointerIMemoryAddressing::getChecksForFreeCallshould return expressions (orExpressionResults) rather than assert statementsIMemoryAddressing::constructMemSafeStatementsForPointerExpressionbe implemented in terms of::constructPointerValidityCheckExprand::constructPointerTargetFullyAllocatedCheckExpr?IMemoryAddressing::constructInitialPointerFromPointeronly makes sense for the 2-dimensional model. It is used for variadic arguments; they must be implemented in another way.IMemoryAddressing::getValidArrayonly makes sense for the 2-dimensional model. It is used only for memory neutrality checks; these should be implemented like::constructPointerValidityCheckExpretc.IMemoryPointeris not actually a pointer. Can we rename the interface?LocalLValueILocationPairneeded? (if we keep it, make it a record, possibly private, and improve field names)MemoryAddressingFactoryviolates the open-closed principle (for every newIMemoryPointerimplementation, we would need to change this class). Can this functionality become a method onIMemoryPointer?MemoryAddressingBaseviolates the open-closed principle (for every newIMemoryPointerimplementation, we would need to change this class). Can this functionality become a method onIMemoryPointer?MemoryHandler::getWriteCallMemoryHandler::constructMemsafetyChecksForPointerExpressionMemoryStructureMultiBitpreciseSimpleIncreasingStrategymentions a type parameter that does not existNonBijectiveMapping1Dtalks about base and offset (copy-pasted from 2D case). Is the mapping even non-bijective in the 1-dimensional case?SFO.MEMCPYandSFO.MEMSETare not used and can be deletedFakePointer1Dtalks about base and offset