Merge pull request #6801 from diffblue/pointer_expr

NlightNFotis · web-flow · commit 95b734041285 · 2022-04-14T10:33:43.000+01:00
Two pointer expression classes
diff --git a/src/goto-instrument/accelerate/acceleration_utils.cpp b/src/goto-instrument/accelerate/acceleration_utils.cpp
@@ -1057,7 +1057,7 @@ bool acceleration_utilst::assign_array(
   {
     if(idx.id()==ID_pointer_offset)
     {
-      poly.from_expr(to_unary_expr(idx).op());
+      poly.from_expr(to_pointer_offset_expr(idx).pointer());
     }
     else
     {
diff --git a/src/goto-instrument/contracts/instrument_spec_assigns.cpp b/src/goto-instrument/contracts/instrument_spec_assigns.cpp
@@ -468,7 +468,7 @@ car_exprt instrument_spec_assignst::create_car_expr(
 
   if(target.id() == ID_pointer_object)
   {
-    const auto &arg = to_unary_expr(target).op();
+    const auto &arg = to_pointer_object_expr(target).pointer();
     return {
       condition,
       target,
diff --git a/src/goto-instrument/contracts/utils.cpp b/src/goto-instrument/contracts/utils.cpp
@@ -69,7 +69,8 @@ void havoc_assigns_targetst::append_havoc_code_for_expr(
 {
   if(expr.id() == ID_pointer_object)
   {
-    append_object_havoc_code_for_expr(location, expr.operands().front(), dest);
+    append_object_havoc_code_for_expr(
+      location, to_pointer_object_expr(expr).pointer(), dest);
     return;
   }
 
diff --git a/src/goto-programs/interpreter_evaluate.cpp b/src/goto-programs/interpreter_evaluate.cpp
@@ -779,13 +779,10 @@ interpretert::mp_vectort interpretert::evaluate(const exprt &expr)
   }
   else if(expr.id()==ID_pointer_offset)
   {
-    if(expr.operands().size()!=1)
-      throw "pointer_offset expects one operand";
-
-    if(to_unary_expr(expr).op().type().id() != ID_pointer)
+    if(to_pointer_offset_expr(expr).op().type().id() != ID_pointer)
       throw "pointer_offset expects a pointer operand";
 
-    mp_vectort result = evaluate(to_unary_expr(expr).op());
+    mp_vectort result = evaluate(to_pointer_offset_expr(expr).op());
 
     if(result.size()==1)
     {
diff --git a/src/pointer-analysis/value_set.cpp b/src/pointer-analysis/value_set.cpp
@@ -309,7 +309,7 @@ bool value_sett::eval_pointer_offset(
   if(expr.id()==ID_pointer_offset)
   {
     const object_mapt reference_set =
-      get_value_set(to_unary_expr(expr).op(), ns, true);
+      get_value_set(to_pointer_offset_expr(expr).pointer(), ns, true);
 
     exprt new_expr;
     mp_integer previous_offset=0;
diff --git a/src/solvers/flattening/bv_pointers.cpp b/src/solvers/flattening/bv_pointers.cpp
@@ -683,17 +683,18 @@ bvt bv_pointerst::convert_bitvector(const exprt &expr)
   }
   else if(
     expr.id() == ID_pointer_offset &&
-    to_unary_expr(expr).op().type().id() == ID_pointer)
+    to_pointer_offset_expr(expr).pointer().type().id() == ID_pointer)
   {
     std::size_t width=boolbv_width(expr.type());
 
     if(width==0)
       return conversion_failed(expr);
 
-    const exprt &op0 = to_unary_expr(expr).op();
-    const bvt &op0_bv = convert_bv(op0);
+    const exprt &pointer = to_pointer_offset_expr(expr).pointer();
+    const bvt &pointer_bv = convert_bv(pointer);
 
-    bvt offset_bv = offset_literals(op0_bv, to_pointer_type(op0.type()));
+    bvt offset_bv =
+      offset_literals(pointer_bv, to_pointer_type(pointer.type()));
 
     // we do a sign extension to permit negative offsets
     return bv_utils.sign_extension(offset_bv, width);
@@ -712,17 +713,18 @@ bvt bv_pointerst::convert_bitvector(const exprt &expr)
   }
   else if(
     expr.id() == ID_pointer_object &&
-    to_unary_expr(expr).op().type().id() == ID_pointer)
+    to_pointer_object_expr(expr).pointer().type().id() == ID_pointer)
   {
     std::size_t width=boolbv_width(expr.type());
 
     if(width==0)
       return conversion_failed(expr);
 
-    const exprt &op0 = to_unary_expr(expr).op();
-    const bvt &op0_bv = convert_bv(op0);
+    const exprt &pointer = to_pointer_object_expr(expr).pointer();
+    const bvt &pointer_bv = convert_bv(pointer);
 
-    bvt object_bv = object_literals(op0_bv, to_pointer_type(op0.type()));
+    bvt object_bv =
+      object_literals(pointer_bv, to_pointer_type(pointer.type()));
 
     return bv_utils.zero_extension(object_bv, width);
   }
diff --git a/src/solvers/smt2/smt2_conv.cpp b/src/solvers/smt2/smt2_conv.cpp
@@ -1562,7 +1562,7 @@ void smt2_convt::convert_expr(const exprt &expr)
   }
   else if(expr.id()==ID_pointer_offset)
   {
-    const auto &op = to_unary_expr(expr).op();
+    const auto &op = to_pointer_offset_expr(expr).pointer();
 
     DATA_INVARIANT(
       op.type().id() == ID_pointer,
@@ -1589,7 +1589,7 @@ void smt2_convt::convert_expr(const exprt &expr)
   }
   else if(expr.id()==ID_pointer_object)
   {
-    const auto &op = to_unary_expr(expr).op();
+    const auto &op = to_pointer_object_expr(expr).pointer();
 
     DATA_INVARIANT(
       op.type().id() == ID_pointer,
diff --git a/src/util/pointer_expr.h b/src/util/pointer_expr.h
@@ -873,4 +873,120 @@ to_annotated_pointer_constant_expr(exprt &expr)
   return ret;
 }
 
+/// The offset (in bytes) of a pointer relative to the object
+class pointer_offset_exprt : public unary_exprt
+{
+public:
+  explicit pointer_offset_exprt(exprt pointer, typet type)
+    : unary_exprt(ID_pointer_offset, std::move(pointer), std::move(type))
+  {
+  }
+
+  exprt &pointer()
+  {
+    return op0();
+  }
+
+  const exprt &pointer() const
+  {
+    return op0();
+  }
+};
+
+template <>
+inline bool can_cast_expr<pointer_offset_exprt>(const exprt &base)
+{
+  return base.id() == ID_pointer_offset;
+}
+
+inline void validate_expr(const pointer_offset_exprt &value)
+{
+  validate_operands(value, 1, "pointer_offset must have one operand");
+  DATA_INVARIANT(
+    value.pointer().type().id() == ID_pointer,
+    "pointer_offset must have pointer-typed operand");
+}
+
+/// \brief Cast an exprt to a \ref pointer_offset_exprt
+///
+/// \a expr must be known to be \ref pointer_offset_exprt.
+///
+/// \param expr: Source expression
+/// \return Object of type \ref pointer_offset_exprt
+inline const pointer_offset_exprt &to_pointer_offset_expr(const exprt &expr)
+{
+  PRECONDITION(expr.id() == ID_pointer_offset);
+  const pointer_offset_exprt &ret =
+    static_cast<const pointer_offset_exprt &>(expr);
+  validate_expr(ret);
+  return ret;
+}
+
+/// \copydoc to_pointer_offset_expr(const exprt &)
+inline pointer_offset_exprt &to_pointer_offset_expr(exprt &expr)
+{
+  PRECONDITION(expr.id() == ID_pointer_offset);
+  pointer_offset_exprt &ret = static_cast<pointer_offset_exprt &>(expr);
+  validate_expr(ret);
+  return ret;
+}
+
+/// A numerical identifier for the object a pointer points to
+class pointer_object_exprt : public unary_exprt
+{
+public:
+  explicit pointer_object_exprt(exprt pointer, typet type)
+    : unary_exprt(ID_pointer_object, std::move(pointer), std::move(type))
+  {
+  }
+
+  exprt &pointer()
+  {
+    return op0();
+  }
+
+  const exprt &pointer() const
+  {
+    return op0();
+  }
+};
+
+template <>
+inline bool can_cast_expr<pointer_object_exprt>(const exprt &base)
+{
+  return base.id() == ID_pointer_object;
+}
+
+inline void validate_expr(const pointer_object_exprt &value)
+{
+  validate_operands(value, 1, "pointer_object must have one operand");
+  DATA_INVARIANT(
+    value.pointer().type().id() == ID_pointer,
+    "pointer_object must have pointer-typed operand");
+}
+
+/// \brief Cast an exprt to a \ref pointer_object_exprt
+///
+/// \a expr must be known to be \ref pointer_object_exprt.
+///
+/// \param expr: Source expression
+/// \return Object of type \ref pointer_object_exprt
+inline const pointer_object_exprt &to_pointer_object_expr(const exprt &expr)
+{
+  PRECONDITION(expr.id() == ID_pointer_object);
+  const pointer_object_exprt &ret =
+    static_cast<const pointer_object_exprt &>(expr);
+  validate_expr(ret);
+  return ret;
+}
+
+/// \copydoc to_pointer_object_expr(const exprt &)
+inline pointer_object_exprt &to_pointer_object_expr(exprt &expr)
+{
+  PRECONDITION(expr.id() == ID_pointer_object);
+  pointer_object_exprt &ret = static_cast<pointer_object_exprt &>(expr);
+  validate_expr(ret);
+  return ret;
+}
+
 #endif // CPROVER_UTIL_POINTER_EXPR_H
diff --git a/src/util/pointer_predicates.cpp b/src/util/pointer_predicates.cpp
@@ -22,7 +22,7 @@ Author: Daniel Kroening, kroening@kroening.com
 
 exprt pointer_object(const exprt &p)
 {
-  return unary_exprt(ID_pointer_object, p, size_type());
+  return pointer_object_exprt(p, size_type());
 }
 
 exprt same_object(const exprt &p1, const exprt &p2)
@@ -37,7 +37,7 @@ exprt object_size(const exprt &pointer)
 
 exprt pointer_offset(const exprt &pointer)
 {
-  return unary_exprt(ID_pointer_offset, pointer, signed_size_type());
+  return pointer_offset_exprt(pointer, signed_size_type());
 }
 
 exprt deallocated(const exprt &pointer, const namespacet &ns)
diff --git a/src/util/simplify_expr.cpp b/src/util/simplify_expr.cpp
@@ -2388,7 +2388,7 @@ simplify_exprt::resultt<> simplify_exprt::simplify_node(exprt node)
   }
   else if(expr.id()==ID_pointer_object)
   {
-    r = simplify_pointer_object(to_unary_expr(expr));
+    r = simplify_pointer_object(to_pointer_object_expr(expr));
   }
   else if(expr.id() == ID_is_dynamic_object)
   {
@@ -2483,7 +2483,7 @@ simplify_exprt::resultt<> simplify_exprt::simplify_node(exprt node)
   }
   else if(expr.id()==ID_pointer_offset)
   {
-    r = simplify_pointer_offset(to_unary_expr(expr));
+    r = simplify_pointer_offset(to_pointer_offset_expr(expr));
   }
   else if(expr.id()==ID_extractbit)
   {
diff --git a/src/util/simplify_expr_class.h b/src/util/simplify_expr_class.h
@@ -59,6 +59,8 @@ class mult_exprt;
 class namespacet;
 class not_exprt;
 class plus_exprt;
+class pointer_object_exprt;
+class pointer_offset_exprt;
 class popcount_exprt;
 class refined_string_exprt;
 class shift_exprt;
@@ -170,7 +172,7 @@ class simplify_exprt
   NODISCARD resultt<> simplify_member(const member_exprt &);
   NODISCARD resultt<> simplify_byte_update(const byte_update_exprt &);
   NODISCARD resultt<> simplify_byte_extract(const byte_extract_exprt &);
-  NODISCARD resultt<> simplify_pointer_object(const unary_exprt &);
+  NODISCARD resultt<> simplify_pointer_object(const pointer_object_exprt &);
   NODISCARD resultt<> simplify_object_size(const unary_exprt &);
   NODISCARD resultt<> simplify_is_dynamic_object(const unary_exprt &);
   NODISCARD resultt<> simplify_is_invalid_pointer(const unary_exprt &);
@@ -180,7 +182,7 @@ class simplify_exprt
   NODISCARD resultt<> simplify_unary_plus(const unary_plus_exprt &);
   NODISCARD resultt<> simplify_dereference(const dereference_exprt &);
   NODISCARD resultt<> simplify_address_of(const address_of_exprt &);
-  NODISCARD resultt<> simplify_pointer_offset(const unary_exprt &);
+  NODISCARD resultt<> simplify_pointer_offset(const pointer_offset_exprt &);
   NODISCARD resultt<> simplify_bswap(const bswap_exprt &);
   NODISCARD resultt<> simplify_isinf(const unary_exprt &);
   NODISCARD resultt<> simplify_isnan(const unary_exprt &);
diff --git a/src/util/simplify_expr_pointer.cpp b/src/util/simplify_expr_pointer.cpp
@@ -245,17 +245,17 @@ simplify_exprt::simplify_address_of(const address_of_exprt &expr)
 }
 
 simplify_exprt::resultt<>
-simplify_exprt::simplify_pointer_offset(const unary_exprt &expr)
+simplify_exprt::simplify_pointer_offset(const pointer_offset_exprt &expr)
 {
-  const exprt &ptr = expr.op();
+  const exprt &ptr = expr.pointer();
 
   if(ptr.id()==ID_if && ptr.operands().size()==3)
   {
     if_exprt if_expr=lift_if(expr, 0);
     if_expr.true_case() =
-      simplify_pointer_offset(to_unary_expr(if_expr.true_case()));
+      simplify_pointer_offset(to_pointer_offset_expr(if_expr.true_case()));
     if_expr.false_case() =
-      simplify_pointer_offset(to_unary_expr(if_expr.false_case()));
+      simplify_pointer_offset(to_pointer_offset_expr(if_expr.false_case()));
     return changed(simplify_if(if_expr));
   }
 
@@ -358,8 +358,8 @@ simplify_exprt::simplify_pointer_offset(const unary_exprt &expr)
       return unchanged(expr);
 
     // this might change the type of the pointer!
-    exprt pointer_offset_expr =
-      simplify_pointer_offset(to_unary_expr(pointer_offset(ptr_expr.front())));
+    exprt pointer_offset_expr = simplify_pointer_offset(
+      to_pointer_offset_expr(pointer_offset(ptr_expr.front())));
 
     exprt sum;
 
@@ -481,7 +481,7 @@ simplify_exprt::resultt<> simplify_exprt::simplify_inequality_pointer_object(
   forall_operands(it, expr)
   {
     PRECONDITION(it->id() == ID_pointer_object);
-    const exprt &op = to_unary_expr(*it).op();
+    const exprt &op = to_pointer_object_expr(*it).pointer();
 
     if(op.id()==ID_address_of)
     {
@@ -516,9 +516,9 @@ simplify_exprt::resultt<> simplify_exprt::simplify_inequality_pointer_object(
 }
 
 simplify_exprt::resultt<>
-simplify_exprt::simplify_pointer_object(const unary_exprt &expr)
+simplify_exprt::simplify_pointer_object(const pointer_object_exprt &expr)
 {
-  const exprt &op = expr.op();
+  const exprt &op = expr.pointer();
 
   auto op_result = simplify_object(op);
 

Original file line number	Diff line number	Diff line change
`@@ -1057,7 +1057,7 @@ bool acceleration_utilst::assign_array(`
`1057`	`1057`	`{`
`1058`	`1058`	`if(idx.id()==ID_pointer_offset)`
`1059`	`1059`	`{`
`1060`		`- poly.from_expr(to_unary_expr(idx).op());`
	`1060`	`+ poly.from_expr(to_pointer_offset_expr(idx).pointer());`
`1061`	`1061`	`}`
`1062`	`1062`	`else`
`1063`	`1063`	`{`
Original file line number	Diff line number	Diff line change
`@@ -468,7 +468,7 @@ car_exprt instrument_spec_assignst::create_car_expr(`
`468`	`468`
`469`	`469`	`if(target.id() == ID_pointer_object)`
`470`	`470`	`{`
`471`		`- const auto &arg = to_unary_expr(target).op();`
	`471`	`+ const auto &arg = to_pointer_object_expr(target).pointer();`
`472`	`472`	`return {`
`473`	`473`	`condition,`
`474`	`474`	`target,`
Original file line number	Diff line number	Diff line change
`@@ -69,7 +69,8 @@ void havoc_assigns_targetst::append_havoc_code_for_expr(`
`69`	`69`	`{`
`70`	`70`	`if(expr.id() == ID_pointer_object)`
`71`	`71`	`{`
`72`		`- append_object_havoc_code_for_expr(location, expr.operands().front(), dest);`
	`72`	`+ append_object_havoc_code_for_expr(`
	`73`	`+ location, to_pointer_object_expr(expr).pointer(), dest);`
`73`	`74`	`return;`
`74`	`75`	`}`
`75`	`76`
Original file line number	Diff line number	Diff line change
`@@ -779,13 +779,10 @@ interpretert::mp_vectort interpretert::evaluate(const exprt &expr)`
`779`	`779`	`}`
`780`	`780`	`else if(expr.id()==ID_pointer_offset)`
`781`	`781`	`{`
`782`		`- if(expr.operands().size()!=1)`
`783`		`- throw "pointer_offset expects one operand";`
`784`		`-`
`785`		`- if(to_unary_expr(expr).op().type().id() != ID_pointer)`
	`782`	`+ if(to_pointer_offset_expr(expr).op().type().id() != ID_pointer)`
`786`	`783`	`throw "pointer_offset expects a pointer operand";`
`787`	`784`
`788`		`- mp_vectort result = evaluate(to_unary_expr(expr).op());`
	`785`	`+ mp_vectort result = evaluate(to_pointer_offset_expr(expr).op());`
`789`	`786`
`790`	`787`	`if(result.size()==1)`
`791`	`788`	`{`
Original file line number	Diff line number	Diff line change
`@@ -309,7 +309,7 @@ bool value_sett::eval_pointer_offset(`
`309`	`309`	`if(expr.id()==ID_pointer_offset)`
`310`	`310`	`{`
`311`	`311`	`const object_mapt reference_set =`
`312`		`- get_value_set(to_unary_expr(expr).op(), ns, true);`
	`312`	`+ get_value_set(to_pointer_offset_expr(expr).pointer(), ns, true);`
`313`	`313`
`314`	`314`	`exprt new_expr;`
`315`	`315`	`mp_integer previous_offset=0;`
Original file line number	Diff line number	Diff line change
`@@ -1562,7 +1562,7 @@ void smt2_convt::convert_expr(const exprt &expr)`
`1562`	`1562`	`}`
`1563`	`1563`	`else if(expr.id()==ID_pointer_offset)`
`1564`	`1564`	`{`
`1565`		`- const auto &op = to_unary_expr(expr).op();`
	`1565`	`+ const auto &op = to_pointer_offset_expr(expr).pointer();`
`1566`	`1566`
`1567`	`1567`	`DATA_INVARIANT(`
`1568`	`1568`	`op.type().id() == ID_pointer,`
`@@ -1589,7 +1589,7 @@ void smt2_convt::convert_expr(const exprt &expr)`
`1589`	`1589`	`}`
`1590`	`1590`	`else if(expr.id()==ID_pointer_object)`
`1591`	`1591`	`{`
`1592`		`- const auto &op = to_unary_expr(expr).op();`
	`1592`	`+ const auto &op = to_pointer_object_expr(expr).pointer();`
`1593`	`1593`
`1594`	`1594`	`DATA_INVARIANT(`
`1595`	`1595`	`op.type().id() == ID_pointer,`
Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,7 @@ Author: Daniel Kroening, [email protected]`
`22`	`22`
`23`	`23`	`exprt pointer_object(const exprt &p)`
`24`	`24`	`{`
`25`		`- return unary_exprt(ID_pointer_object, p, size_type());`
	`25`	`+ return pointer_object_exprt(p, size_type());`
`26`	`26`	`}`
`27`	`27`
`28`	`28`	`exprt same_object(const exprt &p1, const exprt &p2)`
`@@ -37,7 +37,7 @@ exprt object_size(const exprt &pointer)`
`37`	`37`
`38`	`38`	`exprt pointer_offset(const exprt &pointer)`
`39`	`39`	`{`
`40`		`- return unary_exprt(ID_pointer_offset, pointer, signed_size_type());`
	`40`	`+ return pointer_offset_exprt(pointer, signed_size_type());`
`41`	`41`	`}`
`42`	`42`
`43`	`43`	`exprt deallocated(const exprt &pointer, const namespacet &ns)`
Original file line number	Diff line number	Diff line change
`@@ -2388,7 +2388,7 @@ simplify_exprt::resultt<> simplify_exprt::simplify_node(exprt node)`
`2388`	`2388`	`}`
`2389`	`2389`	`else if(expr.id()==ID_pointer_object)`
`2390`	`2390`	`{`
`2391`		`- r = simplify_pointer_object(to_unary_expr(expr));`
	`2391`	`+ r = simplify_pointer_object(to_pointer_object_expr(expr));`
`2392`	`2392`	`}`
`2393`	`2393`	`else if(expr.id() == ID_is_dynamic_object)`
`2394`	`2394`	`{`
`@@ -2483,7 +2483,7 @@ simplify_exprt::resultt<> simplify_exprt::simplify_node(exprt node)`
`2483`	`2483`	`}`
`2484`	`2484`	`else if(expr.id()==ID_pointer_offset)`
`2485`	`2485`	`{`
`2486`		`- r = simplify_pointer_offset(to_unary_expr(expr));`
	`2486`	`+ r = simplify_pointer_offset(to_pointer_offset_expr(expr));`
`2487`	`2487`	`}`
`2488`	`2488`	`else if(expr.id()==ID_extractbit)`
`2489`	`2489`	`{`