Ensure goto_symex_statet::source is always set

Daniel Kroening · tautschnig · commit 1bc6d87f0611 · 2019-02-05T20:16:00.000Z
sourcet contains an interator, and the interface explicitly allows it to be
uninitialised.  However, most parts of the code base access source.pc
without checking.
diff --git a/src/goto-instrument/accelerate/scratch_program.cpp b/src/goto-instrument/accelerate/scratch_program.cpp
@@ -35,7 +35,9 @@ bool scratch_programt::check_sat(bool do_slice)
   output(ns, "scratch", std::cout);
 #endif
 
-  symex.symex_with_state(symex_state, functions, symex_symbol_table);
+  symex_state = util_make_unique<goto_symex_statet>(
+    symex_targett::sourcet(goto_functionst::entry_point(), *this));
+  symex.symex_with_state(*symex_state, functions, symex_symbol_table);
 
   if(do_slice)
   {
@@ -64,7 +66,7 @@ exprt scratch_programt::eval(const exprt &e)
 {
   exprt ssa=e;
 
-  symex_state.rename(ssa, ns);
+  symex_state->rename(ssa, ns);
 
   return checker->get(ssa);
 }
diff --git a/src/goto-instrument/accelerate/scratch_program.h b/src/goto-instrument/accelerate/scratch_program.h
@@ -74,7 +74,7 @@ class scratch_programt:public goto_programt
   bool constant_propagation;
 
 protected:
-  goto_symex_statet symex_state;
+  std::unique_ptr<goto_symex_statet> symex_state;
   goto_functionst functions;
   symbol_tablet &symbol_table;
   symbol_tablet symex_symbol_table;
diff --git a/src/goto-symex/goto_symex_state.cpp b/src/goto-symex/goto_symex_state.cpp
@@ -27,8 +27,8 @@ Author: Daniel Kroening, kroening@kroening.com
 
 static void get_l1_name(exprt &expr);
 
-goto_symex_statet::goto_symex_statet()
-  : symex_target(nullptr), record_events(true), dirty()
+goto_symex_statet::goto_symex_statet(const symex_targett::sourcet &_source)
+  : goto_statet(_source), symex_target(nullptr), record_events(true), dirty()
 {
   threads.resize(1);
   new_frame();
@@ -724,11 +724,8 @@ void goto_symex_statet::print_backtrace(std::ostream &out) const
       ++stackit)
   {
     const auto &frame = *stackit;
-    if(frame.calling_location.is_set)
-    {
-      out << frame.calling_location.function_id << " "
-          << frame.calling_location.pc->location_number << "\n";
-    }
+    out << frame.calling_location.function_id << " "
+        << frame.calling_location.pc->location_number << "\n";
   }
 }
 
diff --git a/src/goto-symex/goto_symex_state.h b/src/goto-symex/goto_symex_state.h
@@ -72,8 +72,11 @@ class goto_statet
   unsigned total_vccs = 0;
   unsigned remaining_vccs = 0;
 
+  /// Constructors
   explicit goto_statet(const class goto_symex_statet &s);
-  goto_statet() = default;
+  explicit goto_statet(const symex_targett::sourcet &_source) : source(_source)
+  {
+  }
 };
 
 // stack frames -- these are used for function calls and
@@ -124,7 +127,7 @@ struct framet
 class goto_symex_statet final : public goto_statet
 {
 public:
-  goto_symex_statet();
+  explicit goto_symex_statet(const symex_targett::sourcet &);
   ~goto_symex_statet();
 
   /// \brief Fake "copy constructor" that initializes the `symex_target` member
@@ -141,7 +144,6 @@ class goto_symex_statet final : public goto_statet
   /// for error traces even after symbolic execution has finished.
   symbol_tablet symbol_table;
 
-  symex_targett::sourcet source;
   symex_target_equationt *symex_target;
 
   // we remember all L1 renamings
diff --git a/src/goto-symex/symex_function_call.cpp b/src/goto-symex/symex_function_call.cpp
@@ -321,7 +321,6 @@ void goto_symext::symex_function_call_code(
   frame.loop_iterations[identifier].is_recursion=true;
   frame.loop_iterations[identifier].count++;
 
-  state.source.is_set=true;
   state.source.function_id = identifier;
   symex_transition(state, goto_function.body.instructions.begin(), false);
 }
diff --git a/src/goto-symex/symex_main.cpp b/src/goto-symex/symex_main.cpp
@@ -339,7 +339,8 @@ void goto_symext::symex_from_entry_point_of(
     throw unsupported_operation_exceptiont("the program has no entry point");
   }
 
-  statet state;
+  statet state(symex_targett::sourcet(
+    goto_functionst::entry_point(), start_function->body));
 
   state.run_validation_checks = symex_config.run_validation_checks;
 
diff --git a/src/goto-symex/symex_target_equation.cpp b/src/goto-symex/symex_target_equation.cpp
@@ -697,15 +697,12 @@ void symex_target_equationt::SSA_stept::output(
   const namespacet &ns,
   std::ostream &out) const
 {
-  if(source.is_set)
-  {
-    out << "Thread " << source.thread_nr;
+  out << "Thread " << source.thread_nr;
 
-    if(source.pc->source_location.is_not_nil())
-      out << " " << source.pc->source_location << '\n';
-    else
-      out << '\n';
-  }
+  if(source.pc->source_location.is_not_nil())
+    out << " " << source.pc->source_location << '\n';
+  else
+    out << '\n';
 
   switch(type)
   {
@@ -798,15 +795,12 @@ void symex_target_equationt::SSA_stept::output(
 
 void symex_target_equationt::SSA_stept::output(std::ostream &out) const
 {
-  if(source.is_set)
-  {
-    out << "Thread " << source.thread_nr;
+  out << "Thread " << source.thread_nr;
 
-    if(source.pc->source_location.is_not_nil())
-      out << " " << source.pc->source_location << '\n';
-    else
-      out << '\n';
-  }
+  if(source.pc->source_location.is_not_nil())
+    out << " " << source.pc->source_location << '\n';
+  else
+    out << '\n';
 
   switch(type)
   {

Original file line number	Diff line number	Diff line change
`@@ -35,7 +35,9 @@ bool scratch_programt::check_sat(bool do_slice)`
`35`	`35`	`output(ns, "scratch", std::cout);`
`36`	`36`	`#endif`
`37`	`37`
`38`		`- symex.symex_with_state(symex_state, functions, symex_symbol_table);`
	`38`	`+ symex_state = util_make_unique<goto_symex_statet>(`
	`39`	`+ symex_targett::sourcet(goto_functionst::entry_point(), *this));`
	`40`	`+ symex.symex_with_state(*symex_state, functions, symex_symbol_table);`
`39`	`41`
`40`	`42`	`if(do_slice)`
`41`	`43`	`{`
`@@ -64,7 +66,7 @@ exprt scratch_programt::eval(const exprt &e)`
`64`	`66`	`{`
`65`	`67`	`exprt ssa=e;`
`66`	`68`
`67`		`- symex_state.rename(ssa, ns);`
	`69`	`+ symex_state->rename(ssa, ns);`
`68`	`70`
`69`	`71`	`return checker->get(ssa);`
`70`	`72`	`}`
Original file line number	Diff line number	Diff line change
`@@ -27,8 +27,8 @@ Author: Daniel Kroening, [email protected]`
`27`	`27`
`28`	`28`	`static void get_l1_name(exprt &expr);`
`29`	`29`
`30`		`-goto_symex_statet::goto_symex_statet()`
`31`		`- : symex_target(nullptr), record_events(true), dirty()`
	`30`	`+goto_symex_statet::goto_symex_statet(const symex_targett::sourcet &_source)`
	`31`	`+ : goto_statet(_source), symex_target(nullptr), record_events(true), dirty()`
`32`	`32`	`{`
`33`	`33`	`threads.resize(1);`
`34`	`34`	`new_frame();`
`@@ -724,11 +724,8 @@ void goto_symex_statet::print_backtrace(std::ostream &out) const`
`724`	`724`	`++stackit)`
`725`	`725`	`{`
`726`	`726`	`const auto &frame = *stackit;`
`727`		`- if(frame.calling_location.is_set)`
`728`		`- {`
`729`		`- out << frame.calling_location.function_id << " "`
`730`		`- << frame.calling_location.pc->location_number << "\n";`
`731`		`- }`
	`727`	`+ out << frame.calling_location.function_id << " "`
	`728`	`+ << frame.calling_location.pc->location_number << "\n";`
`732`	`729`	`}`
`733`	`730`	`}`
`734`	`731`
Original file line number	Diff line number	Diff line change
`@@ -321,7 +321,6 @@ void goto_symext::symex_function_call_code(`
`321`	`321`	`frame.loop_iterations[identifier].is_recursion=true;`
`322`	`322`	`frame.loop_iterations[identifier].count++;`
`323`	`323`
`324`		`- state.source.is_set=true;`
`325`	`324`	`state.source.function_id = identifier;`
`326`	`325`	`symex_transition(state, goto_function.body.instructions.begin(), false);`
`327`	`326`	`}`
Original file line number	Diff line number	Diff line change
`@@ -339,7 +339,8 @@ void goto_symext::symex_from_entry_point_of(`
`339`	`339`	`throw unsupported_operation_exceptiont("the program has no entry point");`
`340`	`340`	`}`
`341`	`341`
`342`		`- statet state;`
	`342`	`+ statet state(symex_targett::sourcet(`
	`343`	`+ goto_functionst::entry_point(), start_function->body));`
`343`	`344`
`344`	`345`	`state.run_validation_checks = symex_config.run_validation_checks;`
`345`	`346`