Extensible constants

compare_constant c1 c2 provides a total order between any pair c1 and c2 of registered constants

pp_constant fmt c pretty-prints a registered constant c with formatter fmt

register_constant info registers a new constant with a comparison function info.compare and a pretty-printer info.print

register_constant_compare compare registers a new comparison function for constants

register_constant_compare compare registers a new pretty-printer for constants

Extensible type of expression kinds

Expressions

compare_expr e1 e2 implements a total order between expressions

pp_expr fmt e pretty-prints expression e with format fmt

Get the kind of an expression

Get the type of an expression

Get the location of an expression

Get the translation map of an expression

Get the evaluation history of an expression

Construct an expression

Add a translation of an expression

Get all translations of an expression

Get the translation of an expression into a given semantic

Get the evaluation history of an expression

Get the original form of an expression

Get the ancestor expression verifying a predicate

register_expr info registers new expressions with their comparison function info.compare and pretty-printer info.print

register_expr_compare compare registers a new expression comparison

register_expr_compare compare registers a new expression printer

Variables

Create a variable expression

Change the access mode of a variable expression to WEAK

Change the access mode of a variable expression to STRONG

Get the overloaded access mode of a variable

Heap addresses

Create an address expression

Create an allocation expression

Change the access mode of an address expression to WEAK

Change the access mode of an address expression to STRONG

Constants

Create a constant expression

Create ⊤ expression of a given type

Unary operator expressions

Create a unary operator expression

mk_not e range returns the negation of expression e using the operator Operator.O_log_not

Binary operator expressions

Create a binary operator expression

Return the negation of an expression

Sets of expression

Maps of expressions

Extensible kinds of statements

Statements

Create a statement

Get the kind of a statement

Get the location range of a statement

Total order between statements

Pretty-printer of statements

register_stmt info registers a new statement by registering its compare function info.compare and pretty-printer info.print

Register a comparison function for statements

Register a pretty-printer function for statements

Blocks are sequences of statements

Pretty-printer for blocks

Programs

Assignments

mk_assign lhs rhs range creates the assignment lhs = rhs;

Tests

Create a test statement

Dimensions

Utility functions to create various statements for dimension management

Sets of statements

Maps of statements

Extensible types

Compare two types

Pretty-print a type

Register a new type

Register a new type comparison

Register a new type pretty-printer

Extensible type of program kinds

Programs

Total order between programs

Pretty-printer for programs

register_program info registers a new program kind by registering its comparison function info.compare and pretty-printer info.print

Register a comparison function between programs

Register a pretty-printer for programs

Frontends

Register a new frontend

Find the frontend of a given language

Extensible type of operators

Total order between operators

Pretty-printer of operators

register_operator info registers a new operator by registering its compare function info.compare and pretty-printer info.print

Register a comparison function for operators

Register a pretty-printer for operators

Common operators

Test whether an operator is a comparison operator

Test whether an is a logical operator

Return the negation of a comparison operator

Return the negation of a logical operator

Extensible kind of variables

Access mode of a variable

Pretty-print an access mode

Compare two access modes

Variables

Accessor function to the fields of a variable

Create a variable with a unique name, a kind, a type and an access mode (STRONG if not given)

Pretty-print a variable

Total order between variables

Register a new kind of variables

Register a new variable comparison

Register a new variable pretty-printer

Create a unique variable

Create a fresh variable with a fresh ID

Create a fresh temporary variable

mk_attr_var v a t creates a variable representing an attribute a of another variable v

mk_range_attr_var r a t creates a variable representing an attribute a of a program location r

Sets of variables

Maps of variables

Kind of heap addresses, used to store extra information.

Addresses are grouped by static criteria to make them finite

Command line option to use hashes as address format

Print a partitioning policy. Flag full overloads the option opt_hash_addr and displays the full partitioning string (not its hash, which is useful for creating unique names of addresses)

Heap addresses.

Get the unique name of an address. This is safer and faster than calling Format.asprintf "%s" pp_addr a when opt_hash_addr is set.

Address variables

Parts of a statement/expression

builder function

Get the structure of an expression

Get the structure of a statement

Visitor for leaf statements/expressions that have no sub-elements

Registration descriptor for visitors

Register an expression with its visitor

Register a visitor of an expression

Register a statement with its visitor

Register a visitor of a statement

Actions of a visiting iterator

map_expr fe fs e transforms the expression e into a new one by applying visitor action fe and fs on its sub-expression and sub-statements respectively

Similar to map_expr but on statements

fold_expr fe fs e folds the accumulated result of visitors fe and fs on the structure of expression e

Similar to fold_expr but on statements

Combination of map and fold for expressions

Combination of map and fold for statements

Test whether an expression is a leaf expression

Test whether an expression has no sub-statement

Test whether a statement has no sub-statement

Get all variables present in an expression

Get all variables present in a statement

Check whether a variable appears in an expression

Check whether a variable appears in a statement

Print a check

Register a check with its printer

Create an alarm

Return the check associate to an alarm

Return the range of an alarm

Return the callstack of an alarm

Compare two alarms

Print an alarm

Compare two kinds of alarms

Print an alarm kind

Join two alarm kinds by merging the static information attached to them

Register a comparison function for alarms

Register a print function for alarms

Register a function giving the check of an alarm

Register a join function for alarms

Registration record for a new kind of alarms

Register a new kind of alarms

Set of alarms

Kind of a diagnostic

Create a diagnostic that says that a check is safe

Create a diagnostic that says that a check is unsafe

Create a diagnostic that says that a check maybe unsafe

Create a diagnostic that says that a check is unreachable

Print a diagnostic kind

Print a diagnostic

Check whether a diagnostic is covered by another

Compute the union of two diagnostics

Compute the intersection of two diagnostics

Add an alarm to a diagnostic

Compare two diagnostics

Scope of an assumption

Domains can add new kinds of assumptions by extending the type assumption_kind

Generic assumptions for specifying potential unsoundness due to unsupported statements/expressions

Register a new kind of assumptions

Print an assumption kind

Print an assumption

Compare two assumption kinds

Compare two assumptions

Create a global assumption

Create a local assumption

Return an empty report

Checks whether a report is empty

Checks whether a report is safe, i.e. it doesn't contain an error or a warning

Checks whether a report is sound

Print a report

subset_report r1 r2 checks whether report r1 is included in r2

Compute the union of two reports

Compute the intersection of two reports

filter_report p r keeps only diagnostics in report r that verify predicate p

Create a report with a single true alarm

add_alarm a r adds alarm a to a report r. If a diagnostic exists for the same range and the same check as a, join_diagnostic is used to join it with an error diagnostic containing a.

set_diagnostic d r adds diagnostic d to r. Any existing diagnostic for the same range and the same check as d is removed.

add_diagnostic d r adds diagnostic d to r. If a diagnostic exists for the same range and the same check as d, join_diagnostic is used to join it with d.

Remove a diagnostic from a report

find_diagnostic range chk r finds the diagnostic of check chk at location range in report r

Check whether any diagnostic verifies a predicate

Check whether all diagnostics verify a predicate

Count the number of alarms and warnings in a report

Set of callstacks

Group diagnostics by their range and diagnostic kind

Add an assumption to a report

Add a global assumption to a report

Add a local assumption to a report

Key to access an element in the context

The context

Empty context

Context with one element

mem_ctx k ctx returns true when an element at key k is in the context ctx.

find_ctx k ctx returns the element at key k in the context ctx. Raises Not_found if no element is found.

find_ctx k ctx returns the element of the key k in the context ctx. Returns None if no element is found.

add_ctx k v ctx add element v at key k in the context ctx. The previous element is overwritten if present.

add_ctx k v ctx removes the element at key k in the context ctx. If key k was not in ctx, ctx is returned unchanged.

Get the most recent context between two

Print a context

Pool registered keys

Registration information for a new key

Register a new key

Generate a new key

Key for storing the callstack

Print a effect

Compare two effects

Empty effect

Check whether a effect is empty

Compute the union of two effects

Compute the intersection of two effects

Fold over the statements in the effect

Effects are presented as binary trees. Each node of the tree is associated to a domain in the abstraction and stores the statements executed by the domain when computing a post-condition.

Note that this representation is also useful when we have an abstraction DAG (i.e. when there are shared domains) thanks to the compose (stack) operator:

A x B \___/ | C

is represented as:

o / \ x C / \ A B

Create an empty effects tree

mk_teffect effect left right creates an effect tree with a root containing effect and having left and right as the two sub-trees

Print an effects tree

Compare two effects trees

Check whether an effects tree is empty

get_left_teffect te returns the left sub-tree of te

get_right_teffect te returns the right sub-tree of te

get_log_stmts te returns the effect at the root node of te

get_left_teffect left te sets left as the left sub-tree of te

get_right_teffect right te sets right as the right sub-tree of te

map_left_teffect f te is equivalent to set_left_teffect (f (get_left_teffect te)) te

map_right_teffect f te is equivalent to set_right_teffect (f (get_right_teffect te)) te

add_stmt_to_teffect stmt teffect adds stmt to the the effects of the root no of te

merge_teffect f1 f2 f te1 te2 combines te1 and te2

concat_teffect old recent puts effects in old before those in recent

merge_teffect te1 te2 computes the effects of two intersected post-states

merge_teffect te1 te2 computes the effects of two joined post-states

Fold over the statements in the effects tree

Effect of a statement in terms of modified and removed variables

Generic merge operator. generic_merge ~add ~find ~remove ~custom (a1,e1) (a2,e2) applies a generic merge of states a1 and a2:

• It searches for modified variables in one state's effects, gets their value using find and adds them to the other state using add.
• It searches for removed variables in one state's effects and remove them from the other state using remove. This function handles common statements (assign,assume,add,remove,fold,expand and rename). Other statements can be handled using the custom function that returns the var_effect of a given statement.

Extensible type of queries

Join two queries

Meet two queries

Pool of registered queries

Registraction info for new queries

Register a new query

Pool of registered lattice queries. Lattice queries are queries that return elements of the global abstract state lattice. Join/meet operators are enriched with the lattice and the context so that we can compute join/meet over the abstract elements.

Registration info for new lattice queries

Register a new lattice query

Flow tokens are used to distinguish between different control flows

Register a new token with its compare and print functions

Compare two tokens with a total order

Pretty printer of tokens