Improvements to shadow memory util implementation

Enrico Steffinlongo · Enrico Steffinlongo · commit df12fce41640 · 2023-10-06T12:07:39.000+01:00
Improved typet and exprt conversion to use the more modern try_cast and
can_cast instead of using expr.id()

Added few INVARIANTS with meaningful messages  where necessary
diff --git a/src/goto-symex/shadow_memory.cpp b/src/goto-symex/shadow_memory.cpp
@@ -315,7 +315,8 @@ void shadow_memoryt::symex_get_field(
 #ifdef DEBUG_SHADOW_MEMORY
     log.debug() << "Shadow memory: RHS: " << format(rhs) << messaget::eom;
 #endif
-    // TODO: create the assignment of __CPROVER_shadow_memory_get_field
+
+    // create the assignment of __CPROVER_shadow_memory_get_field
     symex_assign(state, lhs, typecast_exprt::conditional_cast(rhs, lhs.type()));
   }
   else
diff --git a/src/goto-symex/shadow_memory_util.cpp b/src/goto-symex/shadow_memory_util.cpp
@@ -22,6 +22,7 @@ Author: Peter Schrammel
 #include <util/pointer_offset_size.h>
 #include <util/ssa_expr.h>
 #include <util/std_expr.h>
+#include <util/string_constant.h>
 
 #include <langapi/language_util.h>
 #include <solvers/flattening/boolbv_width.h>
@@ -34,12 +35,14 @@ irep_idt extract_field_name(const exprt &string_expr)
     return extract_field_name(to_address_of_expr(string_expr).object());
   else if(can_cast_expr<index_exprt>(string_expr))
     return extract_field_name(to_index_expr(string_expr).array());
-  else if(string_expr.id() == ID_string_constant)
+  else if(can_cast_expr<string_constantt>(string_expr))
   {
     return string_expr.get(ID_value);
   }
   else
-    UNREACHABLE;
+  {
+    UNREACHABLE_BECAUSE("Failed to extract shadow memory field name.");
+  }
 }
 
 /// If the given type is an array type, then remove the L2 level renaming
@@ -311,7 +314,11 @@ static void extract_bytes_of_bv(
   const typet &field_type,
   exprt::operandst &values)
 {
-  const size_t size = to_bitvector_type(type).get_width() / 8;
+  INVARIANT(
+    can_cast_type<bitvector_typet>(type),
+    "Cannot combine with *or* elements of a non-bitvector type.");
+  const size_t size =
+    to_bitvector_type(type).get_width() / config.ansi_c.char_width;
   values.push_back(typecast_exprt::conditional_cast(value, field_type));
   for(size_t i = 1; i < size; ++i)
   {
@@ -372,6 +379,10 @@ exprt compute_or_over_bytes(
   const messaget &log,
   const bool is_union)
 {
+  INVARIANT(
+    can_cast_type<c_bool_typet>(field_type) ||
+      can_cast_type<bool_typet>(field_type),
+    "Can aggregate bytes with *or* only if the shadow memory type is _Bool.");
   const typet type = ns.follow(expr.type());
 
   if(type.id() == ID_struct || type.id() == ID_union)
@@ -601,29 +612,32 @@ are_types_compatible(const typet &expr_type, const typet &shadow_type)
 /// equality for exact matching.
 static void clean_string_constant(exprt &expr)
 {
+  const auto *index_expr = expr_try_dynamic_cast<index_exprt>(expr);
   if(
-    expr.id() == ID_index && to_index_expr(expr).index().is_zero() &&
-    to_index_expr(expr).array().id() == ID_string_constant)
+    index_expr && index_expr->index().is_zero() &&
+    can_cast_expr<string_constantt>(index_expr->array()))
   {
-    expr = to_index_expr(expr).array();
+    expr = index_expr->array();
   }
 }
 
 // TODO: doxygen?
 static void adjust_array_types(typet &type)
 {
-  if(type.id() != ID_pointer)
+  auto *pointer_type = type_try_dynamic_cast<pointer_typet>(type);
+  if(!pointer_type)
   {
     return;
   }
-  const typet &subtype = to_pointer_type(type).base_type();
-  if(subtype.id() == ID_array)
+  if(
+    const auto *array_type =
+      type_try_dynamic_cast<array_typet>(pointer_type->base_type()))
   {
-    to_pointer_type(type).base_type() = to_array_type(subtype).element_type();
+    pointer_type->base_type() = array_type->element_type();
   }
-  if(subtype.id() == ID_string_constant)
+  if(pointer_type->base_type().id() == ID_string_constant)
   {
-    to_pointer_type(type).base_type() = char_type();
+    pointer_type->base_type() = char_type();
   }
 }
 
@@ -927,6 +941,10 @@ bool check_value_set_contains_only_null_ptr(
   const std::vector<exprt> &value_set,
   const exprt &expr)
 {
+  INVARIANT(
+    can_cast_type<pointer_typet>(expr.type()),
+    "Cannot check if value_set contains only NULL as `expr` type is not a "
+    "pointer.");
   const null_pointer_exprt null_pointer(to_pointer_type(expr.type()));
   if(value_set.size() == 1 && contains_null_or_invalid(value_set, null_pointer))
   {

Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,7 @@ Author: Peter Schrammel`
`22`	`22`	`#include <util/pointer_offset_size.h>`
`23`	`23`	`#include <util/ssa_expr.h>`
`24`	`24`	`#include <util/std_expr.h>`
	`25`	`+#include <util/string_constant.h>`
`25`	`26`
`26`	`27`	`#include <langapi/language_util.h>`
`27`	`28`	`#include <solvers/flattening/boolbv_width.h>`
`@@ -34,12 +35,14 @@ irep_idt extract_field_name(const exprt &string_expr)`
`34`	`35`	`return extract_field_name(to_address_of_expr(string_expr).object());`
`35`	`36`	`else if(can_cast_expr<index_exprt>(string_expr))`
`36`	`37`	`return extract_field_name(to_index_expr(string_expr).array());`
`37`		`- else if(string_expr.id() == ID_string_constant)`
	`38`	`+ else if(can_cast_expr<string_constantt>(string_expr))`
`38`	`39`	`{`
`39`	`40`	`return string_expr.get(ID_value);`
`40`	`41`	`}`
`41`	`42`	`else`
`42`		`- UNREACHABLE;`
	`43`	`+ {`
	`44`	`+ UNREACHABLE_BECAUSE("Failed to extract shadow memory field name.");`
	`45`	`+ }`
`43`	`46`	`}`
`44`	`47`
`45`	`48`	`/// If the given type is an array type, then remove the L2 level renaming`
`@@ -311,7 +314,11 @@ static void extract_bytes_of_bv(`
`311`	`314`	`const typet &field_type,`
`312`	`315`	`exprt::operandst &values)`
`313`	`316`	`{`
`314`		`- const size_t size = to_bitvector_type(type).get_width() / 8;`
	`317`	`+ INVARIANT(`
	`318`	`+ can_cast_type<bitvector_typet>(type),`
	`319`	`+ "Cannot combine with or elements of a non-bitvector type.");`
	`320`	`+ const size_t size =`
	`321`	`+ to_bitvector_type(type).get_width() / config.ansi_c.char_width;`
`315`	`322`	`values.push_back(typecast_exprt::conditional_cast(value, field_type));`
`316`	`323`	`for(size_t i = 1; i < size; ++i)`
`317`	`324`	`{`
`@@ -372,6 +379,10 @@ exprt compute_or_over_bytes(`
`372`	`379`	`const messaget &log,`
`373`	`380`	`const bool is_union)`
`374`	`381`	`{`
	`382`	`+ INVARIANT(`
	`383`	`+ can_cast_type<c_bool_typet>(field_type) \|\|`
	`384`	`+ can_cast_type<bool_typet>(field_type),`
	`385`	`+ "Can aggregate bytes with or only if the shadow memory type is _Bool.");`
`375`	`386`	`const typet type = ns.follow(expr.type());`
`376`	`387`
`377`	`388`	`if(type.id() == ID_struct \|\| type.id() == ID_union)`
`@@ -601,29 +612,32 @@ are_types_compatible(const typet &expr_type, const typet &shadow_type)`
`601`	`612`	`/// equality for exact matching.`
`602`	`613`	`static void clean_string_constant(exprt &expr)`
`603`	`614`	`{`
	`615`	`+ const auto *index_expr = expr_try_dynamic_cast<index_exprt>(expr);`
`604`	`616`	`if(`
`605`		`- expr.id() == ID_index && to_index_expr(expr).index().is_zero() &&`
`606`		`- to_index_expr(expr).array().id() == ID_string_constant)`
	`617`	`+ index_expr && index_expr->index().is_zero() &&`
	`618`	`+ can_cast_expr<string_constantt>(index_expr->array()))`
`607`	`619`	`{`
`608`		`- expr = to_index_expr(expr).array();`
	`620`	`+ expr = index_expr->array();`
`609`	`621`	`}`
`610`	`622`	`}`
`611`	`623`
`612`	`624`	`// TODO: doxygen?`
`613`	`625`	`static void adjust_array_types(typet &type)`
`614`	`626`	`{`
`615`		`- if(type.id() != ID_pointer)`
	`627`	`+ auto *pointer_type = type_try_dynamic_cast<pointer_typet>(type);`
	`628`	`+ if(!pointer_type)`
`616`	`629`	`{`
`617`	`630`	`return;`
`618`	`631`	`}`
`619`		`- const typet &subtype = to_pointer_type(type).base_type();`
`620`		`- if(subtype.id() == ID_array)`
	`632`	`+ if(`
	`633`	`+ const auto *array_type =`
	`634`	`+ type_try_dynamic_cast<array_typet>(pointer_type->base_type()))`
`621`	`635`	`{`
`622`		`- to_pointer_type(type).base_type() = to_array_type(subtype).element_type();`
	`636`	`+ pointer_type->base_type() = array_type->element_type();`
`623`	`637`	`}`
`624`		`- if(subtype.id() == ID_string_constant)`
	`638`	`+ if(pointer_type->base_type().id() == ID_string_constant)`
`625`	`639`	`{`
`626`		`- to_pointer_type(type).base_type() = char_type();`
	`640`	`+ pointer_type->base_type() = char_type();`
`627`	`641`	`}`
`628`	`642`	`}`
`629`	`643`
`@@ -927,6 +941,10 @@ bool check_value_set_contains_only_null_ptr(`
`927`	`941`	`const std::vector<exprt> &value_set,`
`928`	`942`	`const exprt &expr)`
`929`	`943`	`{`
	`944`	`+ INVARIANT(`
	`945`	`+ can_cast_type<pointer_typet>(expr.type()),`
	`946`	+ "Cannot check if value_set contains only NULL as `expr` type is not a "
	`947`	`+ "pointer.");`
`930`	`948`	`const null_pointer_exprt null_pointer(to_pointer_type(expr.type()));`
`931`	`949`	`if(value_set.size() == 1 && contains_null_or_invalid(value_set, null_pointer))`
`932`	`950`	`{`