Skip to content

Commit 38bbc27

Browse files
thomasspriggsNlightNFotis
thomasspriggs
authored and
NlightNFotis
committed
Bug fix - place into the pointer-sizes map types that belong to subexpressions.
Before this change, we would be able to handle an expression like (*a + 2) but not one like (&a - &b) + (&c - &d), because we wouldn't iterate through each subexpression of the original one.
1 parent 743128d commit 38bbc27

File tree

1 file changed

+24
-36
lines changed

1 file changed

+24
-36
lines changed

src/solvers/smt2_incremental/pointer_size_mapping.cpp

Lines changed: 24 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -17,44 +17,32 @@ void associate_pointer_sizes(
1717
const smt_object_mapt &object_map,
1818
const smt_object_sizet::make_applicationt &object_size)
1919
{
20-
if(std::any_of(
21-
expression.operands().cbegin(),
22-
expression.operands().cend(),
23-
[](exprt operand)
24-
{ return can_cast_type<pointer_typet>(operand.type()); }))
25-
{
26-
exprt pointer;
27-
for(auto &operand : expression.operands())
20+
expression.visit_pre([&](const exprt &sub_expression) {
21+
if(
22+
const auto &pointer_type =
23+
type_try_dynamic_cast<pointer_typet>(sub_expression.type()))
2824
{
29-
if(can_cast_type<pointer_typet>(operand.type()))
25+
const auto find_result = pointer_size_map.find(pointer_type->base_type());
26+
if(find_result != pointer_size_map.cend())
27+
return;
28+
exprt pointer_size_expr;
29+
// There's a special case for a pointer subtype here: the case where the pointer is `void *`. This means
30+
// that we don't know the underlying base type, so we're just assigning a size expression value of 1 (given
31+
// that this is going to be used in a multiplication and 1 is the identity value for multiplcation)
32+
if(is_void_pointer(*pointer_type))
3033
{
31-
pointer = operand;
34+
pointer_size_expr = from_integer(1, size_type());
3235
}
36+
else
37+
{
38+
auto pointer_size_opt = size_of_expr(pointer_type->base_type(), ns);
39+
PRECONDITION(pointer_size_opt.has_value());
40+
pointer_size_expr = pointer_size_opt.value();
41+
}
42+
auto pointer_size_term = convert_expr_to_smt(
43+
pointer_size_expr, object_map, pointer_size_map, object_size);
44+
pointer_size_map.emplace_hint(
45+
find_result, pointer_type->base_type(), pointer_size_term);
3346
}
34-
35-
auto pointer_type = to_pointer_type(pointer.type());
36-
auto pointer_base_type = pointer_type.base_type();
37-
exprt pointer_size_expr;
38-
// There's a special case for a pointer subtype here: the case where the pointer is `void *`. This means
39-
// that we don't know the underlying base type, so we're just assigning a size expression value of 1 (given
40-
// that this is going to be used in a multiplication and 1 is the identity value for multiplcation)
41-
if(is_void_pointer(pointer_type))
42-
{
43-
pointer_size_expr = from_integer(1, size_type());
44-
}
45-
else
46-
{
47-
auto pointer_size_opt = size_of_expr(pointer_base_type, ns);
48-
PRECONDITION(pointer_size_opt.has_value());
49-
pointer_size_expr = pointer_size_opt.value();
50-
}
51-
auto pointer_size_term = convert_expr_to_smt(
52-
pointer_size_expr, object_map, pointer_size_map, object_size);
53-
54-
const auto find_result = pointer_size_map.find(pointer_base_type);
55-
if(find_result != pointer_size_map.cend())
56-
return;
57-
pointer_size_map.emplace_hint(
58-
find_result, pointer_base_type, pointer_size_term);
59-
}
47+
});
6048
}

0 commit comments

Comments
 (0)