Skip to content

Commit 76634fe

Browse files
committed
Add support for dynamic object sizes in the old SMT backend
The old SMT backend simply ignored the sizes of dynamically sized objects instead of actually defining the size. This allowed the solver to just choose whichever size it liked in order to reach an outcome of SAT, rather than applying any bounds which had been applied to the size. Actually translating the size where the expression is non-constant should fix various observable behaviors related to object sizes and bounds.
1 parent ce831a0 commit 76634fe

File tree

1 file changed

+5
-6
lines changed

1 file changed

+5
-6
lines changed

src/solvers/smt2/smt2_conv.cpp

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -285,7 +285,6 @@ void smt2_convt::define_object_size(
285285
const object_size_exprt &expr)
286286
{
287287
const exprt &ptr = expr.pointer();
288-
std::size_t size_width = boolbv_width(expr.type());
289288
std::size_t pointer_width = boolbv_width(ptr.type());
290289
std::size_t number = 0;
291290
std::size_t h=pointer_width-1;
@@ -295,23 +294,23 @@ void smt2_convt::define_object_size(
295294
{
296295
const typet &type = o.type();
297296
auto size_expr = size_of_expr(type, ns);
298-
const auto object_size =
299-
numeric_cast<mp_integer>(size_expr.value_or(nil_exprt()));
300297

301298
if(
302299
(o.id() != ID_symbol && o.id() != ID_string_constant) ||
303-
!size_expr.has_value() || !object_size.has_value())
300+
!size_expr.has_value())
304301
{
305302
++number;
306303
continue;
307304
}
308305

306+
find_symbols(*size_expr);
309307
out << "(assert (=> (= "
310308
<< "((_ extract " << h << " " << l << ") ";
311309
convert_expr(ptr);
312310
out << ") (_ bv" << number << " " << config.bv_encoding.object_bits << "))"
313-
<< "(= " << id << " (_ bv" << *object_size << " " << size_width
314-
<< "))))\n";
311+
<< "(= " << id << " ";
312+
convert_expr(*size_expr);
313+
out << ")))\n";
315314

316315
++number;
317316
}

0 commit comments

Comments
 (0)