Goblint_libMain library.
module Maingoblint : sig ... endMain external executable functionality: command-line, front-end and analysis execution.
module Control : sig ... endMain internal functionality: analysis of the program by abstract interpretation via constraint solving.
module Server : sig ... endInteractive server mode using JSON-RPC.
Control-flow graphs (CFGs) are used to represent each function.
module Node = Nodemodule Edge = Edgemodule MyCFG = MyCFGmodule CfgTools = CfgToolsAnalyses are specified by domains and transfer functions. A dynamic composition of analyses is combined with CFGs to produce a constraint system.
module Analyses : sig ... endAnalysis specification and constraint system signatures.
module ConstrSys = ConstrSysmodule Constraints : sig ... endConstruction of a constraint system from an analysis specification and CFGs. Transformatons of analysis specifications as functors.
module AnalysisState = AnalysisStatemodule AnalysisStateUtil = AnalysisStateUtilmodule ControlSpecC = ControlSpecCMaster control program (MCP) is the analysis specification for the dynamic product of activated analyses.
module MCP : sig ... endMCP analysis specification.
module MCPRegistry : sig ... endRegistry of dynamically activatable analyses. Analysis specification modules for the dynamic product.
module MCPAccess : sig ... endMemory access metadata module for MCP.
MCP allows activated analyses to query each other during the analysis. Query results from different analyses for the same query are met for precision.
module Queries : sig ... endQueries and their result lattices.
MCP allows activated analyses to emit events to each other during the analysis.
module Events : sig ... endEvents.
The following modules help query the constraint system solution using semantic information.
module AnalysisResult : sig ... endAnalysis result output.
module ResultQuery : sig ... endPerform queries on the constraint system solution.
module VarQuery = VarQueryRuntime configuration is represented as JSON. Options are specified and documented by the JSON schema src/config/options.schema.json.
module GobConfig = GobConfigmodule AfterConfig = AfterConfigmodule AutoTune : sig ... endAutotuning of the configuration based on syntactic heuristics.
module JsonSchema = JsonSchemamodule Options = OptionsAnalyses activatable under MCP.
Analyses related to values of program variables.
module Base : sig ... endNon-relational value analysis aka base analysis (base).
module RelationAnalysis : sig ... endAbstract relational integer value analysis.
module ApronAnalysis : sig ... endRelational integer value analysis using Apron domains (apron).
module AffineEqualityAnalysis : sig ... endRelational integer value analysis using an OCaml implementation of the affine equalities domain (affeq).
module LinearTwoVarEqualityAnalysis : sig ... endRelational integer value analysis using an OCaml implementation of the linear two-variable equalities domain (lin2vareq).
module VarEq : sig ... endSymbolic expression equalities analysis (var_eq).
module CondVars : sig ... endSymbolic variable - logical expression equalities analysis (condvars).
module TmpSpecial : sig ... endAnalysis that tracks which variables hold the results of calls to math library functions (tmpSpecial).
Analyses related to the heap.
module Region : sig ... endAnalysis of disjoint heap regions for dynamically allocated memory (region).
module MallocFresh : sig ... endAnalysis of unescaped (i.e. thread-local) heap locations (mallocFresh).
module Malloc_null : sig ... endPath-sensitive analysis of failed dynamic memory allocations (malloc_null).
module MemLeak : sig ... endAn analysis for the detection of memory leaks (memLeak).
module UseAfterFree : sig ... endAn analysis for the detection of use-after-free vulnerabilities (useAfterFree).
module MemOutOfBounds : sig ... endAn analysis for the detection of out-of-bounds memory accesses (memOutOfBounds).
Analyses related to concurrency.
Analyses related to locking.
module MutexEventsAnalysis : sig ... endMutex locking and unlocking analysis (mutexEvents).
module LocksetAnalysis : sig ... endBasic lockset analyses.
module MutexTypeAnalysis : sig ... endAn analysis tracking the type of a mutex (pthreadMutexType).
module MutexAnalysis : sig ... endMust lockset and protecting lockset analysis (mutex).
module MayLocks : sig ... endMay lockset analysis and analysis of double locking (maylocks).
module SymbLocks : sig ... endSymbolic lockset analysis for per-element (field or index) locking patterns (symb_locks).
module Deadlock : sig ... endDeadlock analysis (deadlock).
Analyses related to threads.
module ThreadFlag : sig ... endMulti-threadedness analysis (threadflag).
module ThreadId : sig ... endCurrent thread ID analysis (threadid).
module ThreadAnalysis : sig ... endCreated threads and their uniqueness analysis (thread).
module ThreadJoins : sig ... endJoined threads analysis (threadJoins).
module MHPAnalysis : sig ... endMay-happen-in-parallel (MHP) analysis for memory accesses (mhp).
module ThreadReturn : sig ... endThread returning analysis which abstracts a thread's call stack by a boolean, indicating whether it is at the topmost call stack frame or not (threadreturn).
module RaceAnalysis : sig ... endData race analysis (race).
module RelationPriv : sig ... endRelational thread-modular value analyses for RelationAnalysis, i.e. ApronAnalysis and AffineEqualityAnalysis.
module ThreadEscape : sig ... endEscape analysis for thread-local variables (escape).
module PthreadSignals : sig ... endMust received signals analysis for Pthread condition variables (pthreadSignals).
module ExtractPthread : sig ... endPromela extraction analysis for Pthread programs (extract-pthread).
Analyses related to longjmp and setjmp.
module ActiveSetjmp : sig ... endAnalysis of active setjmp buffers (activeSetjmp).
module ModifiedSinceSetjmp : sig ... endAnalysis of variables modified since setjmp (modifiedSinceSetjmp).
module ActiveLongjmp : sig ... endAnalysis of active longjmp targets (activeLongjmp).
module PoisonVariables : sig ... endTaint analysis of variables that were modified between setjmp and longjmp and not yet overwritten. (poisonVariables).
module Vla : sig ... endAnalysis of variable-length arrays (VLAs) in scope (vla).
Analyses for didactic purposes.
module Constants : sig ... endSimple intraprocedural integer constants analysis example (constants).
module Signs : sig ... endSimple intraprocedural integer signs analysis template (signs).
module Taint : sig ... endSimple interprocedural taint analysis template (taint).
module UnitAnalysis : sig ... endSimplest possible analysis with unit domain (unit).
module Assert : sig ... endAnalysis of assert results (assert).
module LoopTermination : sig ... endTermination analysis for loops and goto statements (termination).
module Callstring : sig ... endCall String analysis call_string and/or Call Site analysis call_site. The call string limitation for both approaches can be adjusted with the "callString_length" option. By adding new implementations of the CallstringType, additional analyses can be added.
module LoopfreeCallstring : sig ... endmodule Uninit : sig ... endAnalysis of initialized local variables (uninit).
module Expsplit : sig ... endPath-sensitive analysis according to values of arbitrary given expressions (expsplit).
module StackTrace : sig ... endCall stack analyses (stack_trace, stack_trace_set, stack_loc).
Analyses which only support other analyses.
module AccessAnalysis : sig ... endAnalysis of memory accesses (access).
module WrapperFunctionAnalysis : sig ... endFamily of analyses which provide symbolic locations for special library functions. Provides symbolic heap locations for dynamic memory allocations and symbolic thread identifiers for thread creation (mallocWrapper, threadCreateWrapper).
module TaintPartialContexts : sig ... endTaint analysis of variables modified in a function (taintPartialContexts).
module UnassumeAnalysis : sig ... endUnassume analysis (unassume).
module ExpRelation : sig ... endStateless symbolic comparison expression analysis (expRelation).
module AbortUnless : sig ... endAnalysis of assume_abort_if_not-style functions (abortUnless).
module PtranalAnalysis : sig ... endCIL's GoblintCil.Ptranal for function pointer evaluation (ptranal).
Domains used by analysis specifications and constraint systems are lattices.
Besides lattice operations, their elements can also be compared and output (in various formats). Those operations are specified by Printable.S.
module Printable = Printablemodule Lattice = LatticeStandard general-purpose domains and domain functors.
module BoolDomain = BoolDomainmodule SetDomain = SetDomainmodule MapDomain = MapDomainmodule TrieDomain = TrieDomainmodule DisjointDomain = DisjointDomainmodule HoareDomain = HoareDomainmodule PartitionDomain = PartitionDomainmodule FlagHelper = FlagHelperDomains for specific analyses.
Domains for Base analysis.
module IntDomain = IntDomainmodule FloatDomain = FloatDomainMemory locations are identified by mvalues, which consist of a variable and an offset. Mvalues are used throughout Goblint, not just the Base analysis.
Addresses extend mvalues with NULL, unknown pointers and string literals.
module Mval = Mvalmodule Offset = Offsetmodule StringDomain = StringDomainmodule AddressDomain = AddressDomainmodule StructDomain = StructDomainmodule UnionDomain = UnionDomainmodule ArrayDomain = ArrayDomainmodule NullByteSet = NullByteSetmodule JmpBufDomain = JmpBufDomainThese combine the above domains together for Base analysis.
module BaseDomain : sig ... endFull domain of Base analysis.
module ValueDomain = ValueDomainmodule ValueDomainQueries = ValueDomainQueriesDomains for RelationAnalysis.
module RelationDomain : sig ... endSignatures for relational value domains.
module ApronDomain : sig ... endApron domains.
module AffineEqualityDomain : sig ... endOCaml implementation of the affine equalities domain.
module LinearTwoVarEqualityDomain : sig ... endOCaml implementation of the linear two-variable equality domain.
module MutexAttrDomain = MutexAttrDomainmodule LockDomain : sig ... endLockset domains.
module SymbLocksDomain : sig ... endSymbolic lockset domain.
module DeadlockDomain : sig ... endDeadlock domain.
module ThreadFlagDomain : sig ... endMulti-threadedness flag domains.
module ThreadIdDomain = ThreadIdDomainmodule ConcDomain = ConcDomainmodule MHP : sig ... endMay-happen-in-parallel (MHP) domain.
module EscapeDomain : sig ... endDomain for escaped thread-local variables.
module PthreadDomain : sig ... endDomains for extraction of Pthread programs.
module Basetype = Basetypemodule Lval = Lvalmodule Access : sig ... endMemory accesses and their manipulation.
module AccessDomain : sig ... endDomain for memory accesses.
module MusteqDomain : sig ... endSymbolic lvalue equalities domain.
module RegionDomain : sig ... endDomains for disjoint heap regions.
module StackDomain : sig ... endCall stack domains.
Modules related to (property-based) testing of domains.
module DomainProperties : sig ... endQCheck properties for lattice properties.
module AbstractionDomainProperties : sig ... endQCheck properties for abstract operations.
module IntDomainProperties : sig ... endQCheck properties for IntDomain.
Incremental analysis is for analyzing multiple versions of the same program and reusing as many results as possible.
module CompareCIL = CompareCILmodule CompareAST = CompareASTmodule CompareCFG = CompareCFGmodule UpdateCil = UpdateCilmodule MaxIdUtil = MaxIdUtilmodule Serialize = Serializemodule CilMaps = CilMapsVarious input/output interfaces and formats.
module Messages = Messagesmodule Logs = Goblint_logs.LogsThe following modules handle program input.
module Preprocessor : sig ... endDetection of suitable C preprocessor.
module CompilationDatabase : sig ... endInput program from a real-world project using a compilation database.
module MakefileUtil = MakefileUtilmodule TerminationPreprocessing : sig ... endWitnesses are an exchangeable format for analysis results.
module Svcomp : sig ... endSV-COMP tasks and results.
module SvcompSpec : sig ... endSV-COMP specification strings and files.
module Invariant = Invariantmodule InvariantCil = InvariantCilmodule WitnessUtil : sig ... endUtilities for witness generation and witness invariants.
Automaton-based GraphML witnesses used in SV-COMP.
module MyARG : sig ... endAbstract reachability graph.
module WitnessConstraints : sig ... endAnalysis specification transformation for ARG construction.
module Witness : sig ... endOutput of ARG as GraphML.
module Graphml : sig ... endStreaming GraphML output.
Entry-based YAML witnesses to be used in SV-COMP.
module YamlWitness : sig ... endYAML witness generation and validation.
module YamlWitnessType : sig ... endYAML witness format types.
module WideningTokens : sig ... endWidening tokens are a generic and dynamic mechanism for delaying widening.
Experimental generation of violation witness automata or refinement with observer automata.
module Violation : sig ... endViolation checking in an ARG.
module ViolationZ3 : sig ... endARG path feasibility checking using weakest precondition and Z3 (not installed!).
module ObserverAutomaton : sig ... endFinite automaton for matching an infeasible ARG path.
module ObserverAnalysis : sig ... endPath-sensitive analysis using an ObserverAutomaton.
module Refinement : sig ... endExperimental analysis refinement.
module SarifType : sig ... endSARIF format types.
module SarifRules : sig ... endSARIF rule definitions for Goblint.
Transformations can be activated to transform the program using analysis results.
module Transform : sig ... endSignatures and registry for transformations.
module DeadCode : sig ... endDead code elimination transformation (remove_dead_code).
module EvalAssert : sig ... endTransformation for instrumenting the program with computed invariants as assertions (assert).
module ExpressionEvaluation : sig ... endTransformation for evaluating expressions on the analysis results (expeval). Hack for Gobview.
module Timing = Timingmodule GoblintDir : sig ... endIntermediate data directory.
module IntOps = IntOpsmodule FloatOps = FloatOpsmodule LazyEval = LazyEvalmodule ResettableLazy = ResettableLazymodule ProcessPool : sig ... endProcess pool for running processes in parallel.
module Timeout : sig ... endTimeout utilities.
module TimeUtil : sig ... endDate and time utilities.
module MessageUtil = MessageUtilmodule AnsiColors = Goblint_logs.AnsiColorsmodule XmlUtil = XmlUtilmodule GobExn : sig ... endException utilities.
module CilType = CilTypemodule Cilfacade = Cilfacademodule CilLocation = CilLocationmodule RichVarinfo = RichVarinfomodule CilCfg : sig ... endCreation of CIL CFGs.
module LoopUnrolling : sig ... endSyntactic loop unrolling.
For more precise analysis of C standard library, etc functions, whose definitions are not available, custom specifications can be added.
module AccessKind = AccessKindmodule LibraryDesc = LibraryDescmodule LibraryDsl = LibraryDslmodule LibraryFunctions = LibraryFunctionsmodule BaseUtil : sig ... endBasic analysis utilities.
module PrecisionUtil = PrecisionUtilmodule ContextUtil = ContextUtilmodule ReturnUtil : sig ... endSpecial variable for return value.
module BaseInvariant : sig ... endAnalyses.Spec.branch refinement for Base analysis.
module CommonPriv : sig ... endThread-modular value analysis utilities for BasePriv and RelationPriv.
module WideningThresholds = WideningThresholdsmodule VectorMatrix : sig ... endOCaml implementations of vectors and matrices.
module GobApron : sig ... endmodule PrecCompare : sig ... endPrecision comparison.
module PrecCompareUtil : sig ... endSignatures for precision comparison.
module PrivPrecCompareUtil : sig ... endBasePriv precision comparison.
module RelationPrecCompareUtil : sig ... endRelationPriv precision comparison.
module ApronPrecCompareUtil : sig ... endApronDomain precision comparison.
OCaml library extensions which are completely independent of Goblint.
See Goblint_std.
OCaml standard library extensions which are not provided by Batteries.
module GobFormat = GobFormat