Value set dereferencing: do not treat struct prefixes as equal

tautschnig · tautschnig · commit f14572bdcad8 · 2021-03-01T13:40:07.000Z
Two distinct struct types cannot be cast between, even when one is a
prefix of the other. Value set dereferencing taking this approach just
resulted in propositional encoding producing a warning about invalid
type casts.
diff --git a/jbmc/regression/jbmc/simplify-classid-of-interface/test_no_simplify_vccs.desc b/jbmc/regression/jbmc/simplify-classid-of-interface/test_no_simplify_vccs.desc
diff --git a/regression/cbmc/struct2/main.c b/regression/cbmc/struct2/main.c
@@ -0,0 +1,24 @@
+struct T
+{
+  // intentionally empty to trigger is_prefix_of code (empty structs, however,
+  // are a GCC-only feature)
+};
+
+struct S
+{
+  struct T t;
+  int other;
+};
+
+void foo(struct S s2)
+{
+  struct T *p = &s2.t;
+  struct T t2 = *p;
+  __CPROVER_assert(0, "");
+}
+
+int main()
+{
+  struct S s;
+  foo(s);
+}
diff --git a/regression/cbmc/struct2/test.desc b/regression/cbmc/struct2/test.desc
@@ -0,0 +1,11 @@
+CORE gcc-only broken-smt-backend
+main.c
+
+^VERIFICATION FAILED$
+^EXIT=10$
+^SIGNAL=0$
+--
+^warning: ignoring
+--
+This test must not generate a warning about typecasts (between different struct
+types) being ignored.
diff --git a/src/pointer-analysis/value_set_dereference.cpp b/src/pointer-analysis/value_set_dereference.cpp
@@ -359,19 +359,6 @@ bool value_set_dereferencet::dereference_type_compare(
   if(object_type == dereference_type)
     return true; // ok, they just match
 
-  // check for struct prefixes
-
-  const typet ot_base=ns.follow(object_type),
-              dt_base=ns.follow(dereference_type);
-
-  if(ot_base.id()==ID_struct &&
-     dt_base.id()==ID_struct)
-  {
-    if(to_struct_type(dt_base).is_prefix_of(
-         to_struct_type(ot_base)))
-      return true; // ok, dt is a prefix of ot
-  }
-
   // we are generous about code pointers
   if(dereference_type.id()==ID_code &&
      object_type.id()==ID_code)
diff --git a/src/util/std_types.cpp b/src/util/std_types.cpp
@@ -114,35 +114,6 @@ optionalt<struct_typet::baset> struct_typet::get_base(const irep_idt &id) const
   return {};
 }
 
-/// Returns true if the struct is a prefix of \a other, i.e., if this struct
-/// has n components then the component types and names of this struct must
-/// match the first n components of \a other struct.
-/// \param other: Struct type to compare with.
-bool struct_typet::is_prefix_of(const struct_typet &other) const
-{
-  const componentst &ot_components=other.components();
-  const componentst &tt_components=components();
-
-  if(ot_components.size()<
-     tt_components.size())
-    return false;
-
-  componentst::const_iterator
-    ot_it=ot_components.begin();
-
-  for(const auto &tt_c : tt_components)
-  {
-    if(ot_it->type() != tt_c.type() || ot_it->get_name() != tt_c.get_name())
-    {
-      return false; // they just don't match
-    }
-
-    ot_it++;
-  }
-
-  return true; // ok, *this is a prefix of ot
-}
-
 /// Returns true if the type is a reference.
 bool is_reference(const typet &type)
 {
diff --git a/src/util/std_types.h b/src/util/std_types.h
@@ -234,8 +234,6 @@ class struct_typet:public struct_union_typet
   {
   }
 
-  bool is_prefix_of(const struct_typet &other) const;
-
   /// A struct may be a class, where members may have access restrictions.
   bool is_class() const
   {

Original file line number	Diff line number	Diff line change
`@@ -234,8 +234,6 @@ class struct_typet:public struct_union_typet`
`234`	`234`	`{`
`235`	`235`	`}`
`236`	`236`
`237`		`- bool is_prefix_of(const struct_typet &other) const;`
`238`		`-`
`239`	`237`	`/// A struct may be a class, where members may have access restrictions.`
`240`	`238`	`bool is_class() const`
`241`	`239`	`{`