package mopsa
MOPSA: A Modular and Open Platform for Static Analysis using Abstract Interpretation
Install
dune-project
Dependency
Authors
Maintainers
Sources
mopsa-analyzer-v1.2.tar.gz
md5=37966e98ffeebcedc09bd6e9b2b81f69
sha512=40d4d826c25f680766c07eccbabdf5e8a4fa023016e8a164e4e4f6b3781c8484dc4df437055721dfd19b9db8fb7fe3b61236c4833186d346fc7204a68d01eaaa
doc/mopsa.mopsa_analyzer/Mopsa_analyzer/Languages/C/Memory/Smashing/Domain/index.html
Module Smashing.Domain
Domain header
*****************
val scalar : MopsaLib.routeSmashes
***********
Types of smashed elements
type smash = {base : Common.Base.base;(*smashed memory container
*)styp : styp;(*type of the smashed elements
*)
}Smashes
val pp_styp : Format.formatter -> styp -> unitval pp_smash : Format.formatter -> smash -> unitval styp_of_typ : MopsaLib.typ -> stypval typ_of_styp : styp -> MopsaLib.typval sizeof_styp : styp -> 'a Mopsa_analyzer.MopsaLib.Flow.flow -> Z.tval rangeof_styp : styp -> 'a Mopsa_analyzer.MopsaLib.Flow.flow -> Z.t * Z.tval mk_smash : Common.Base.base -> MopsaLib.typ -> smashAbstract state
******************
module STypeSet : sig ... endmodule Init : sig ... endInitialization state with shortcut states to avoid useless tests on `uninit`
module State : sig ... endtype t = State.tinclude sig ... end
val id : t Mopsa_analyzer__Framework__Core__Id.idval debug : ('a, Format.formatter, unit, unit) format4 -> 'aSmash variables
*******************
val mk_smash_var : smash -> MopsaLib.varCreate a variable from a smash
val mk_smash_expr :
smash ->
?typ:MopsaLib.typ option ->
?mode:Framework.Core.Ast.Var.mode option ->
Mopsa_utils.Core.Location.range ->
MopsaLib.exprval add_smash :
Common.Base.base ->
styp ->
Mopsa_utils.Core.Location.range ->
('a, 'b) MopsaLib.man ->
'a Core.Flow.flow ->
'a Core.Post.postFunctions for managing smash variables
val remove_smash :
Common.Base.base ->
styp ->
Mopsa_utils.Core.Location.range ->
('a, 'b) MopsaLib.man ->
'a Core.Flow.flow ->
'a Core.Post.postval rename_smash :
Common.Base.base ->
Common.Base.base ->
styp ->
Mopsa_utils.Core.Location.range ->
('a, 'b) MopsaLib.man ->
'a Core.Flow.flow ->
'a Core.Post.postval forget_smash :
Common.Base.base ->
styp ->
Mopsa_utils.Core.Location.range ->
('a, 'b) MopsaLib.man ->
'a Core.Flow.flow ->
'a Core.Post.postval expand_smash :
Common.Base.base ->
Common.Base.base list ->
styp ->
Mopsa_utils.Core.Location.range ->
('a, 'b) MopsaLib.man ->
'a Core.Flow.flow ->
'a Core.Post.postval fold_smash :
Common.Base.base ->
Common.Base.base list ->
styp ->
Mopsa_utils.Core.Location.range ->
('a, 'b) MopsaLib.man ->
'a Core.Flow.flow ->
'a Core.Post.postOffset of the first uninitialized element
*********************************************
val mk_uninit_var : Common.Base.base -> MopsaLib.varval mk_uninit_expr :
Common.Base.base ->
?mode:Framework.Core.Ast.Var.mode option ->
Mopsa_utils.Core.Location.range ->
MopsaLib.exprval add_uninit :
Common.Base.base ->
Mopsa_utils.Core.Location.range ->
('a, 'b) MopsaLib.man ->
'a Core.Flow.flow ->
'a Core.Post.postFunctions for managing uninit variables
val set_uninit_to_base_size :
Common.Base.base ->
Mopsa_utils.Core.Location.range ->
('a, 'b) MopsaLib.man ->
'a Core.Flow.flow ->
('a, unit) Mopsa_analyzer.MopsaLib.Cases.casesval remove_uninit :
Common.Base.base ->
Mopsa_utils.Core.Location.range ->
('a, 'b) MopsaLib.man ->
'a Core.Flow.flow ->
'a Core.Post.postval rename_uninit :
Common.Base.base ->
Common.Base.base ->
Mopsa_utils.Core.Location.range ->
('a, 'b) MopsaLib.man ->
'a Core.Flow.flow ->
'a Core.Post.postval forget_uninit :
Common.Base.base ->
Mopsa_utils.Core.Location.range ->
('a, 'b) MopsaLib.man ->
'a Core.Flow.flow ->
'a Core.Post.postval expand_uninit :
Common.Base.base ->
Common.Base.base list ->
Mopsa_utils.Core.Location.range ->
('a, 'b) MopsaLib.man ->
'a Core.Flow.flow ->
'a Core.Post.postval fold_uninit :
Common.Base.base ->
Common.Base.base list ->
Mopsa_utils.Core.Location.range ->
('a, 'b) MopsaLib.man ->
'a Core.Flow.flow ->
'a Core.Post.postUnification
***************
val phi_int :
smash ->
Init.t ->
Mopsa_utils.Core.Location.range ->
('a, 'b) MopsaLib.man ->
'a Mopsa_analyzer.MopsaLib.Flow.flow ->
'a Mopsa_analyzer.MopsaLib.Post.postSynthesis function of integer smashes
val phi_nullptr :
smash ->
Init.t ->
Mopsa_utils.Core.Location.range ->
('a, 'b) MopsaLib.man ->
'a Mopsa_analyzer.MopsaLib.Flow.flow ->
'a Mopsa_analyzer.MopsaLib.Post.postval phi :
smash ->
Mopsa_utils.Core.Location.range ->
('a, State.t) Framework.Core.Manager.man ->
'a Core.Flow.flow ->
('a, unit) Mopsa_analyzer.MopsaLib.Cases.casesphi s r m f synthesizes the value of smash s when existing smashes in the same base exist
val unify_range : MopsaLib.rangeSingleton unification range
val unify :
('s, State.t) MopsaLib.man ->
's Framework.Core.Context.ctx ->
(t * 's) ->
(t * 's) ->
's * 'sLattice operators
*********************
val bottom : State.tval top : State.tval subset :
('a, State.t) MopsaLib.man ->
'a Framework.Core.Context.ctx ->
(t * 'a) ->
(t * 'a) ->
bool * 'a * 'aval join :
('a, State.t) MopsaLib.man ->
'a Framework.Core.Context.ctx ->
(t * 'a) ->
(t * 'a) ->
State.t * 'a * 'aval meet :
('a, State.t) MopsaLib.man ->
'a Framework.Core.Context.ctx ->
(t * 'a) ->
(t * 'a) ->
State.t * 'a * 'aval widen :
('a, State.t) MopsaLib.man ->
'a Framework.Core.Context.ctx ->
(t * 'a) ->
(t * 'a) ->
State.t * 'a * 'a * boolPretty printer
******************
val print_state : MopsaLib.printer -> t -> unitInitialization procedure
****************************
val init :
'a ->
('b, State.t) Framework.Core.Manager.man ->
'b Core.Flow.flow ->
'b Core.Post.post optionUtility functions
*********************
val eval_pointed_base_offset :
MopsaLib.expr ->
'a ->
('b, 'c) MopsaLib.man ->
'b Core.Flow.flow ->
('b, Common.Base.base * MopsaLib.expr * MopsaLib.mode option)
Mopsa_analyzer.MopsaLib.Cases.casesGet the base and offset pointed by ptr
val is_interesting_base : Common.Base.base -> boolPredicate defining interesting bases to smash
val fold_stypes :
(styp ->
MopsaLib.range ->
('b, 'c) MopsaLib.man ->
'a MopsaLib.flow ->
'a MopsaLib.post) ->
STypeSet.t ->
MopsaLib.range ->
('b, 'c) MopsaLib.man ->
'a Core.Flow.flow ->
'a Mopsa_analyzer.MopsaLib.Post.postFold an exec transfer function over a set of stypes
val exec_smashes :
(styp ->
MopsaLib.range ->
('b, 'c) MopsaLib.man ->
'a MopsaLib.flow ->
'a MopsaLib.post) ->
Common.Base.Base.t ->
State.t ->
MopsaLib.range ->
('b, 'c) MopsaLib.man ->
'a Core.Flow.flow ->
'a Mopsa_analyzer.MopsaLib.Post.postFold an exec transfer function smashes of a base
val exec_uninit :
(MopsaLib.range ->
('b, 'c) MopsaLib.man ->
'a MopsaLib.flow ->
'a MopsaLib.post) ->
Common.Base.Base.t ->
State.t ->
MopsaLib.range ->
('b, 'c) MopsaLib.man ->
'a Core.Flow.flow ->
'a Mopsa_analyzer.MopsaLib.Post.postExecute a transfer when a uninit variable exists
Environment transfer functions
**********************************
val exec_add_base :
Common.Base.base ->
'a ->
('b, State.t) Framework.Core.Manager.man ->
'b Core.Flow.flow ->
'b Mopsa_analyzer.MopsaLib.Post.post𝕊⟦ add(base); ⟧
val exec_declare_variable :
MopsaLib.var ->
'a ->
'b ->
('c, State.t) Framework.Core.Manager.man ->
'c Core.Flow.flow ->
'c Mopsa_analyzer.MopsaLib.Post.post𝕊⟦ type v; ⟧
val exec_remove_base :
Common.Base.base ->
MopsaLib.range ->
('a, State.t) Framework.Core.Manager.man ->
'a Core.Flow.flow ->
'a Mopsa_analyzer.MopsaLib.Post.post𝕊⟦ remove(base); ⟧
val exec_rename_base :
Common.Base.base ->
Common.Base.base ->
MopsaLib.range ->
('a, State.t) Framework.Core.Manager.man ->
'a Core.Flow.flow ->
'a Mopsa_analyzer.MopsaLib.Post.post𝕊⟦ rename(base1,base2);
val exec_expand_base :
Common.Base.base ->
Common.Base.base list ->
MopsaLib.range ->
('a, State.t) Framework.Core.Manager.man ->
'a Core.Flow.flow ->
'a Mopsa_analyzer.MopsaLib.Post.post𝕊⟦ expand(base, bases); ⟧
val exec_fold_bases :
Common.Base.base ->
Common.Base.base list ->
Mopsa_utils.Core.Location.range ->
('a, State.t) Framework.Core.Manager.man ->
'a Core.Flow.flow ->
'a Mopsa_analyzer.MopsaLib.Post.post𝕊⟦ fold(base, bases); ⟧
val exec_forget :
MopsaLib.expr ->
Mopsa_utils.Core.Location.range ->
('a, State.t) MopsaLib.man ->
'a Core.Flow.flow ->
('a, unit) Mopsa_analyzer.MopsaLib.Cases.cases𝕊⟦ forget(lval) ⟧
val exec_forget_quant :
(Stubs.Ast.quant * MopsaLib.var * Stubs.Ast.set) list ->
MopsaLib.expr ->
Mopsa_utils.Core.Location.range ->
('a, State.t) MopsaLib.man ->
'a Core.Flow.flow ->
('a, unit) Mopsa_analyzer.MopsaLib.Cases.cases𝕊⟦ ∀i ∈ lo,hi: forget( *(p + i) ) ⟧
Assignment transfer function
********************************
val exec_assign :
MopsaLib.expr ->
Framework.Core.Ast.Expr.expr ->
Mopsa_utils.Core.Location.range ->
('a, State.t) MopsaLib.man ->
'a Core.Flow.flow ->
('a, unit) Mopsa_analyzer.MopsaLib.Cases.cases𝕊⟦ lval = rval; ⟧
Exec entry point
********************
val exec :
MopsaLib.stmt ->
('a, State.t) Framework.Core.Manager.man ->
'a Core.Flow.flow ->
'a Mopsa_analyzer.MopsaLib.Post.post optionAbstract evaluations
************************
val eval_deref :
MopsaLib.expr ->
Mopsa_utils.Core.Location.range ->
('a, State.t) MopsaLib.man ->
'a Core.Flow.flow ->
('a, Framework.Core.Ast.Expr.expr) Mopsa_analyzer.MopsaLib.Cases.casesAbstract evaluation of a dereference
Quantified tests transfer functions
***************************************
val assume_forall_compare :
MopsaLib.var ->
MopsaLib.expr ->
MopsaLib.expr ->
Framework.Core.Ast.Operator.operator ->
Common.Base.base ->
MopsaLib.expr ->
Framework.Core.Ast.Var.mode option ->
MopsaLib.typ ->
MopsaLib.expr ->
Mopsa_utils.Core.Location.range ->
('a, State.t) Framework.Core.Manager.man ->
'a Core.Flow.flow ->
('a, unit) Mopsa_analyzer.MopsaLib.Cases.cases𝕊⟦ ∀i ∈ lo,hi : *(p + i) ? e ⟧
val assume_forall_eq2 :
MopsaLib.var ->
MopsaLib.expr ->
MopsaLib.expr ->
Common.Base.Base.t ->
MopsaLib.expr ->
'a ->
MopsaLib.typ ->
MopsaLib.typ ->
Common.Base.Base.t ->
MopsaLib.expr ->
'b ->
MopsaLib.typ ->
MopsaLib.typ ->
Mopsa_utils.Core.Location.range ->
('c, State.t) Framework.Core.Manager.man ->
'c Core.Flow.flow ->
('c, unit) Mopsa_analyzer.MopsaLib.Cases.cases𝕊⟦ ∀i ∈ lo,hi : *(p + i) == *(q + i) ⟧
val assume_exists_compare :
'a ->
'b ->
'c ->
'd ->
'e ->
'f ->
'g ->
'h ->
'i ->
'j ->
'k ->
'l Core.Flow.flow ->
'l Mopsa_analyzer.MopsaLib.Post.postval assume_exists_ne2 :
'a ->
'b ->
'c ->
'd ->
'e ->
'f ->
'g ->
'h ->
'i ->
'j ->
'k ->
'l ->
'm ->
'n ->
'o ->
'p Core.Flow.flow ->
'p Mopsa_analyzer.MopsaLib.Post.postval eval_forall_compare :
MopsaLib.var ->
MopsaLib.expr ->
MopsaLib.expr ->
Framework.Core.Ast.Operator.operator ->
MopsaLib.expr ->
MopsaLib.expr ->
Mopsa_utils.Core.Location.range ->
('a, State.t) MopsaLib.man ->
'a Core.Flow.flow ->
('a, Framework.Core.Ast.Expr.expr) Mopsa_analyzer.MopsaLib.Cases.casesval eval_forall_eq2 :
MopsaLib.var ->
MopsaLib.expr ->
MopsaLib.expr ->
MopsaLib.expr ->
MopsaLib.expr ->
Mopsa_utils.Core.Location.range ->
('a, State.t) MopsaLib.man ->
'a Core.Flow.flow ->
('a, Framework.Core.Ast.Expr.expr) Mopsa_analyzer.MopsaLib.Cases.casesval eval :
MopsaLib.expr ->
('a, State.t) MopsaLib.man ->
'a Core.Flow.flow ->
('a, Framework.Core.Ast.Expr.expr) Mopsa_analyzer.MopsaLib.Cases.cases optionEvaluations entry point
Query handler
*****************
On This Page
- Domain header
- Smashes
- Abstract state
- Smash variables
- Offset of the first uninitialized element
- Unification
- Lattice operators
- Pretty printer
- Initialization procedure
- Utility functions
- Environment transfer functions
- Assignment transfer function
- Exec entry point
- Abstract evaluations
- Quantified tests transfer functions
- Query handler