CHC: add checker implementations for proof-obligation predicates

Author: sipma

CodeHawk/CHC/cchanalyze/cCHAnalysisTypes.mli

@@ -517,6 +517,10 @@ class type po_query_int =
         all values that variable [vinfo] may have in this PO.*)
     method set_vinfo_diagnostic_invariants: varinfo -> unit
 
+    method set_all_diagnostic_invariants: unit
+
+    method set_init_vinfo_mem_diagnostic_invariants: varinfo -> offset -> unit
+
     method add_local_spo: location -> program_context_int -> po_predicate_t -> unit
 
     (** {1 Checks} *)
@@ -666,6 +670,8 @@ class type po_query_int =
         returns None.*)
     method get_gv_upperbound: string -> int option
 
+    method get_init_vinfo_mem_invariants: varinfo -> offset -> invariant_int list
+
 
     (** {2 Function summary} *)
 

CodeHawk/CHC/cchanalyze/cCHGenerateAndCheck.ml

@@ -160,6 +160,15 @@ let make_invariant_generation_spec t =
 			    STR " not recognized"]))
 
 
+let analysis_is_active (fname: string): bool =
+  match proof_scaffolding#get_analysis_info fname with
+  | UndefinedBehaviorInfo -> true
+  | OutputParameterInfo vinfos ->
+     let proof_obligations = proof_scaffolding#get_proof_obligations fname in
+     CCHCreateOutputParameterPOs.output_parameter_analysis_is_active
+       fname vinfos proof_obligations
+
+
 let process_function gspecs fname =
   let cfilename = system_settings#get_cfilename in
   try
@@ -181,7 +190,7 @@ let process_function gspecs fname =
           (List.length proofObligations)
           (List.length openpos)
           __FILE__ __LINE__ in
-      if (List.length openpos) > 0 then
+      if (List.length openpos) > 0 && (analysis_is_active fname) then
         let _ =
           pr_timing [
               STR cfilename; STR ": ===analyze function=== "; STR fname;
@@ -304,7 +313,9 @@ let process_function gspecs fname =
         save_api fname;
       end
     else
-      ()
+      pr_timing [
+          STR cfilename; STR ":"; STR fname;
+          STR ": Skip analysis; analysis is not active"]
   with
   | CCHFailure p ->
      begin

CodeHawk/CHC/cchanalyze/cCHPOCheckInitialized.ml

@@ -6,7 +6,7 @@
 
    Copyright (c) 2005-2019 Kestrel Technology LLC
    Copyright (c) 2020-2024 Henny B. Sipma
-   Copyright (c) 2024      Aarno Labs LLC
+   Copyright (c) 2024-2025 Aarno Labs LLC
 
    Permission is hereby granted, free of charge, to any person obtaining a copy
    of this software and associated documentation files (the "Software"), to deal
@@ -532,7 +532,7 @@ object (self)
          let msg =
            "condition "
            ^ (p2s (po_predicate_to_pretty pred))
-           ^ " delegated to the api" in
+           ^ " delegated to the api (xpr)" in
          Some (deps,msg)
       | _ -> None
     else
@@ -617,7 +617,7 @@ object (self)
               let msg =
                 "condition "
                 ^ (p2s (po_predicate_to_pretty pred))
-                ^ " delegated to the api" in
+                ^ " delegated to the api (vinv)" in
               Some (deps,msg)
             else
               self#var_memoffset_deref_delegation inv#index lval memoffset

CodeHawk/CHC/cchanalyze/cCHPOCheckLocallyInitialized.ml

@@ -25,8 +25,18 @@
    SOFTWARE.
    ============================================================================= *)
 
+(* chlib *)
+open CHLanguage
+
+(* chutil *)
+
+(* xprlib *)
+open XprTypes
+
 (* cchlib *)
 open CCHBasicTypes
+open CCHTypesToPretty
+open CCHTypesUtil
 
 (* cchpre *)
 open CCHPreTypes
@@ -38,7 +48,7 @@ open CCHAnalysisTypes
 let x2p = XprToPretty.xpr_formatter#pr_expr
 let p2s = CHPrettyUtil.pretty_to_string
 let _x2s x = p2s (x2p x)
-let _e2s e = p2s (CCHTypesToPretty.exp_to_pretty e)
+let e2s e = p2s (CCHTypesToPretty.exp_to_pretty e)
 
 
 let _fenv = CCHFileEnvironment.file_environment
@@ -47,23 +57,171 @@ let _fenv = CCHFileEnvironment.file_environment
 class locally_initialized_checker_t
         (poq: po_query_int)
         (vinfo: varinfo)
-        (_lval: lval)
-        (_invs: invariant_int list) =
+        (lval: lval)
+        (invs: invariant_int list) =
 object (self)
 
   method private vinfo = vinfo
 
+  method private get_symbol_name (s: symbol_t) =
+    s#getBaseName
+    ^ (match s#getAttributes with
+       | [] -> ""
+       | l  -> "(" ^ (String.concat "" l) ^ ")")
+
+  method private xpr_implies_safe (invindex: int) (x: xpr_t) =
+    if poq#is_api_expression x then
+      let _ =
+        poq#set_diagnostic_arg
+          2 ("api expression: " ^ (e2s (poq#get_api_expression x))) in
+      match poq#get_api_expression x with
+      | Lval (Mem (Lval (Var vpar, NoOffset)), NoOffset)
+           when not ((fst vpar) = vinfo.vname) ->
+         let deps = DLocal ([invindex]) in
+         let msg =
+           ("value of " ^ (p2s (lval_to_pretty lval))
+            ^ " is not obtained from dereferencing parameter "
+            ^ vinfo.vname
+            ^ ", but from a different parameter: "
+            ^ (fst vpar)) in
+         Some (deps, msg)
+      | _ -> None
+    else
+      None
+
+  method private inv_implies_safe (inv: invariant_int) =
+    match inv#expr with
+    | Some x -> self#xpr_implies_safe inv#index x
+    | _ ->
+       match inv#get_fact with
+       | NonRelationalFact (_, FInitializedSet l) ->
+          let localAssigns =
+            List.filter (fun s -> not (s#getBaseName = "parameter")) l in
+          (match localAssigns with
+           | [] -> None
+           | _ ->
+              let deps = DLocal [inv#index] in
+              let msg =
+                "local assignment(s): "
+                ^ (String.concat
+                     "_xx_" (List.map self#get_symbol_name localAssigns)) in
+              Some (deps, msg))
+       | _ -> None
+
+  method private check_invs_safe =
+    match invs with
+    | [] -> false
+    | _ ->
+       List.fold_left (fun acc inv ->
+           acc ||
+             match self#inv_implies_safe inv with
+             | Some (deps, msg) ->
+                begin
+                  poq#record_safe_result deps msg;
+                  true
+                end
+             | _ -> false) false invs
+
+  method private xpr_implies_violation (invindex: int) (x: xpr_t) =
+    if poq#is_api_expression x then
+      let _ =
+        poq#set_diagnostic_arg
+          2 ("api expression: " ^ (e2s (poq#get_api_expression x))) in
+      match poq#get_api_expression x with
+      | Lval (Mem (Lval (Var vpar, NoOffset)), NoOffset)
+           when (fst vpar) = vinfo.vname ->
+         let deps = DLocal ([invindex]) in
+         let msg =
+           ("value of " ^ (p2s (lval_to_pretty lval))
+            ^ " is obtained from dereferencing parameter "
+            ^ (fst vpar)) in
+         Some (deps, msg)
+
+      | _ -> None
+    else
+      None
+
+  method private inv_implies_violation (inv: invariant_int) =
+    match inv#expr with
+    | Some x -> self#xpr_implies_violation inv#index x
+    | _ -> None
+
+  method private vinv_implies_deref_offset_violation
+                   (inv: invariant_int) (memoffset: offset) =
+    match inv#expr with
+    | Some x when poq#is_api_expression x ->
+       begin
+         match poq#get_api_expression x with
+         | Lval lval ->
+            if is_constant_offset memoffset then
+              let memlval = (Mem (Lval lval), memoffset) in
+              let deps = DLocal ([inv#index]) in
+              let msg =
+                "initialized from parameter "
+                ^ (p2s (lval_to_pretty memlval))
+                ^ " with offset "
+                ^ (p2s (offset_to_pretty memoffset)) in
+              Some (deps, msg)
+            else
+              None
+         | _ ->
+            None
+       end
+    | _ -> None
+
+  method private check_lval_deref_violation (memlval: lval) (memoffset: offset) =
+    match memlval with
+    | (Var (vname, vid), NoOffset) when vid > 0 && vinfo.vname = vname ->
+       let vinfovalues = poq#get_vinfo_offset_values vinfo in
+       List.fold_left (fun acc (inv, offset) ->
+           acc
+           || match offset with
+              | NoOffset ->
+                 begin
+                   match self#vinv_implies_deref_offset_violation
+                           inv memoffset with
+                   | Some (deps, msg) ->
+                      begin
+                        poq#record_violation_result deps msg;
+                        true
+                      end
+                   | _ -> false
+                 end
+              | _ -> false) false vinfovalues
+    | _ -> false
+
+  method private check_lval_violation =
+    match lval with
+    | (Mem (Lval memlval), memoffset) ->
+       self#check_lval_deref_violation memlval memoffset
+    | _ -> false
+
+  method private check_invs_violation =
+    match invs with
+    | [] -> false
+    | _ ->
+       List.fold_left (fun acc inv ->
+           acc ||
+             match self#inv_implies_violation inv with
+             | Some (deps, msg) ->
+                begin
+                  poq#record_violation_result deps msg;
+                  true
+                end
+             | _ -> false) false invs
+
   method check_safe =
-    let _ = poq#set_vinfo_diagnostic_invariants self#vinfo in
-    false
+    self#check_invs_safe
 
-  method check_violation = false
+  method check_violation =
+    self#check_invs_violation || self#check_lval_violation
 
 end
 
 
 let check_locally_initialized (poq:po_query_int) (vinfo: varinfo) (lval:lval) =
-  let invs = poq#get_invariants 1 in
-  let _ = poq#set_diagnostic_invariants 1 in
+  let invs = poq#get_invariants 2 in
+  let _ = poq#set_diagnostic_invariants 2 in
+  let _ = poq#set_init_vinfo_mem_diagnostic_invariants vinfo (snd lval) in
   let checker = new locally_initialized_checker_t poq vinfo lval invs in
   checker#check_safe || checker#check_violation