CHC: add outputparameter proof obligations insertion and checking

Author: sipma

CodeHawk/CHC/cchanalyze/cCHPOCheckLocallyInitialized.ml

@@ -0,0 +1,67 @@
+(* =============================================================================
+   CodeHawk C Analyzer
+   Author: Henny Sipma
+   ------------------------------------------------------------------------------
+   The MIT License (MIT)
+
+   Copyright (c) 2025  Aarno Labs LLC
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in all
+   copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+   SOFTWARE.
+   ============================================================================= *)
+
+(* cchlib *)
+open CCHBasicTypes
+
+(* cchpre *)
+open CCHPreTypes
+
+(* cchanalyze *)
+open CCHAnalysisTypes
+
+
+let x2p = XprToPretty.xpr_formatter#pr_expr
+let p2s = CHPrettyUtil.pretty_to_string
+let _x2s x = p2s (x2p x)
+let _e2s e = p2s (CCHTypesToPretty.exp_to_pretty e)
+
+
+let _fenv = CCHFileEnvironment.file_environment
+
+
+class locally_initialized_checker_t
+        (_poq: po_query_int)
+        (vinfo: varinfo)
+        (_lval: lval)
+        (_invs: invariant_int list) =
+object
+
+  method private vinfo = vinfo
+
+  method check_safe = false
+
+  method check_violation = false
+
+end
+
+
+let check_locally_initialized (poq:po_query_int) (vinfo: varinfo) (lval:lval) =
+  let invs = poq#get_invariants 1 in
+  let _ = poq#set_diagnostic_invariants 1 in
+  let checker = new locally_initialized_checker_t poq vinfo lval invs in
+  checker#check_safe || checker#check_violation

CodeHawk/CHC/cchanalyze/cCHPOCheckLocallyInitialized.mli

@@ -0,0 +1,47 @@
+(* =============================================================================
+   CodeHawk C Analyzer
+   Author: Henny Sipma
+   ------------------------------------------------------------------------------
+   The MIT License (MIT)
+
+   Copyright (c) 2025  Aarno Labs LLC
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in all
+   copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+   SOFTWARE.
+   ============================================================================= *)
+
+(* cchlib *)
+open CCHBasicTypes
+
+(* cchanalyze *)
+open CCHAnalysisTypes
+
+
+(** [check_locally_initialized poq lval] returns true if the invariants supplied by
+    [poq] imply the initialization of [lval] within the function.
+
+    An lval is guaranteed to be locally initialized if
+    - if it has been assigned within the function, or
+    - if the expression is the dereferencing of the address of a variable, and the
+      variable is initialized, or
+    - if the lval contains an embedded null dereference; null dereference is
+      checked for separately, or
+    - if the lval can be shown to be distinct from the memory region pointed to
+      by the vinfo (the targeted output parameter)
+ *)
+val check_locally_initialized: po_query_int -> varinfo -> lval -> bool

CodeHawk/CHC/cchanalyze/cCHPOCheckOutputParameterInitialized.ml

@@ -0,0 +1,66 @@
+(* =============================================================================
+   CodeHawk C Analyzer
+   Author: Henny Sipma
+   ------------------------------------------------------------------------------
+   The MIT License (MIT)
+
+   Copyright (c) 2025  Aarno Labs LLC
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in all
+   copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+   SOFTWARE.
+   ============================================================================= *)
+
+(* cchlib *)
+open CCHBasicTypes
+
+(* cchpre *)
+open CCHPreTypes
+
+(* cchanalyze *)
+open CCHAnalysisTypes
+
+
+let x2p = XprToPretty.xpr_formatter#pr_expr
+let p2s = CHPrettyUtil.pretty_to_string
+let _x2s x = p2s (x2p x)
+let _e2s e = p2s (CCHTypesToPretty.exp_to_pretty e)
+
+
+let _fenv = CCHFileEnvironment.file_environment
+
+
+class outputparameter_initialized_checker_t
+        (_poq: po_query_int)
+        (vinfo: varinfo)
+        (_invs: invariant_int list) =
+object
+
+  method private vinfo = vinfo
+
+  method check_safe = false
+
+  method check_violation = false
+
+end
+
+
+let check_outputparameter_initialized (poq:po_query_int) (vinfo: varinfo) =
+  let invs = poq#get_invariants 1 in
+  let _ = poq#set_diagnostic_invariants 1 in
+  let checker = new outputparameter_initialized_checker_t poq vinfo invs in
+  checker#check_safe || checker#check_violation

CodeHawk/CHC/cchanalyze/cCHPOCheckOutputParameterInitialized.mli

@@ -0,0 +1,35 @@
+(* =============================================================================
+   CodeHawk C Analyzer
+   Author: Henny Sipma
+   ------------------------------------------------------------------------------
+   The MIT License (MIT)
+
+   Copyright (c) 2025  Aarno Labs LLC
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in all
+   copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+   SOFTWARE.
+   ============================================================================= *)
+
+(* cchlib *)
+open CCHBasicTypes
+
+(* cchanalyze *)
+open CCHAnalysisTypes
+
+
+val check_outputparameter_initialized: po_query_int -> varinfo -> bool

CodeHawk/CHC/cchanalyze/cCHPOCheckOutputParameterUnaltered.ml

@@ -0,0 +1,66 @@
+(* =============================================================================
+   CodeHawk C Analyzer
+   Author: Henny Sipma
+   ------------------------------------------------------------------------------
+   The MIT License (MIT)
+
+   Copyright (c) 2025  Aarno Labs LLC
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in all
+   copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+   SOFTWARE.
+   ============================================================================= *)
+
+(* cchlib *)
+open CCHBasicTypes
+
+(* cchpre *)
+open CCHPreTypes
+
+(* cchanalyze *)
+open CCHAnalysisTypes
+
+
+let x2p = XprToPretty.xpr_formatter#pr_expr
+let p2s = CHPrettyUtil.pretty_to_string
+let _x2s x = p2s (x2p x)
+let _e2s e = p2s (CCHTypesToPretty.exp_to_pretty e)
+
+
+let _fenv = CCHFileEnvironment.file_environment
+
+
+class outputparameter_unaltered_checker_t
+        (_poq: po_query_int)
+        (vinfo: varinfo)
+        (_invs: invariant_int list) =
+object
+
+  method private vinfo = vinfo
+
+  method check_safe = false
+
+  method check_violation = false
+
+end
+
+
+let check_outputparameter_unaltered (poq:po_query_int) (vinfo: varinfo) =
+  let invs = poq#get_invariants 1 in
+  let _ = poq#set_diagnostic_invariants 1 in
+  let checker = new outputparameter_unaltered_checker_t poq vinfo invs in
+  checker#check_safe || checker#check_violation

CodeHawk/CHC/cchanalyze/cCHPOCheckOutputParameterUnaltered.mli

@@ -0,0 +1,35 @@
+(* =============================================================================
+   CodeHawk C Analyzer
+   Author: Henny Sipma
+   ------------------------------------------------------------------------------
+   The MIT License (MIT)
+
+   Copyright (c) 2025  Aarno Labs LLC
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in all
+   copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+   SOFTWARE.
+   ============================================================================= *)
+
+(* cchlib *)
+open CCHBasicTypes
+
+(* cchanalyze *)
+open CCHAnalysisTypes
+
+
+val check_outputparameter_unaltered: po_query_int -> varinfo -> bool

CodeHawk/CHC/cchanalyze/cCHPOChecker.ml

@@ -59,6 +59,7 @@ open CCHPOCheckStackAddressEscape
 open CCHPOCheckIndexLowerBound
 open CCHPOCheckIndexUpperBound
 open CCHPOCheckInitialized
+open CCHPOCheckLocallyInitialized
 open CCHPOCheckInitializedRange
 open CCHPOCheckIntOverflow
 open CCHPOCheckIntUnderflow
@@ -71,6 +72,8 @@ open CCHPOCheckNotZero
 open CCHPOCheckNonNegative
 open CCHPOCheckWidthOverflow
 open CCHPOCheckNullTerminated
+open CCHPOCheckOutputParameterInitialized
+open CCHPOCheckOutputParameterUnaltered
 open CCHPOCheckPointerCast
 open CCHPOCheckPreservedAllMemory
 open CCHPOCheckPtrLowerBound
@@ -148,6 +151,7 @@ object
     | PIndexLowerBound e -> check_index_lower_bound poq e
     | PIndexUpperBound (e1,e2) -> check_index_upper_bound poq e1 e2
     | PInitialized lval -> check_initialized poq lval
+    | PLocallyInitialized (vinfo, lval) -> check_locally_initialized poq vinfo lval
     | PInitializedRange (e1,e2) -> check_initialized_range poq e1 e2
     | PIntOverflow (op,e1,e2,k) -> check_signed_int_overflow poq op e1 e2 k
     | PUIntOverflow (op,e1,e2,k) -> check_unsigned_int_overflow poq op e1 e2 k
@@ -182,6 +186,8 @@ object
     | PValueConstraint e -> check_value_constraint poq e
     | PValuePreserved e -> check_value_preserved poq e
     | PPreservedAllMemory -> check_preserved_all_memory poq
+    | POutputParameterInitialized v -> check_outputparameter_initialized poq v
+    | POutputParameterUnaltered v -> check_outputparameter_unaltered poq v
     | _ -> false
 
 end

CodeHawk/CHC/cchcmdline/cCHVersion.ml

@@ -62,5 +62,5 @@ object (self)
 end
 
 let version = new version_info_t
-  ~version:"0.2.0"
-  ~date:"May 20, 2024"
+  ~version:"0.3.0"
+  ~date:"2025-10-28"

CodeHawk/CHC/cchcmdline/cCHXCAnalyzer.ml

@@ -61,8 +61,8 @@ let _ = CHPretty.set_trace_level 0
 let cmds = [
     "version";
     "gc";
-    "primary";
-    "secondary";
+    "undefined-behavior-primary";
+    "outputparameters-primary";
     "localinvs";
     "globalinvs";
     "check";
@@ -176,7 +176,7 @@ let main () =
 	exit 0
       end
 
-    else if !cmd = "primary" then
+    else if !cmd = "undefined-behavior-primary" then
       begin
 	primary_process_file ();
         log_info "primary proof obligations generated [%s:%d]" __FILE__ __LINE__;
@@ -185,6 +185,15 @@ let main () =
           "primary proof obligations log files saved [%s:%d]" __FILE__ __LINE__
       end
 
+    else if !cmd = "outputparameters-primary" then
+      begin
+	CCHCreateOutputParameterPOs.output_parameter_po_process_file ();
+        log_info "primary proof obligations generated [%s:%d]" __FILE__ __LINE__;
+	save_log_files "primary";
+        log_info
+          "primary proof obligations log files saved [%s:%d]" __FILE__ __LINE__
+      end
+
     else if !cmd = "localinvs" then
       begin
 	invariants_process_file (List.rev !domains);