Annotate missed cases in the transform functions of various domains

There are a number of reasons why instruction types were left out of
these case statements :

1. Ignoring this instruction is generally a valid overapproximation.
2. Ignoring this instruction is a valid overapproximation for this
   domain.
3. The instruction is assumed to not be present due to preceding
   passes.
4. The instruction should never appear in any valid goto program.
5. The instruction is newer than the analysis code and was forgotten.

This patch tries to correctly document which of these apply.

Author: martin

src/analyses/custom_bitvector_analysis.cpp

@@ -538,18 +538,24 @@ void custom_bitvector_domaint::transform(
 
   case CATCH:
   case THROW:
+    DATA_INVARIANT(false, "Exceptions must be removed before analysis");
+    break;
   case RETURN:
-  case ATOMIC_BEGIN:
-  case ATOMIC_END:
-  case END_FUNCTION:
-  case LOCATION:
-  case START_THREAD:
-  case END_THREAD:
-  case SKIP:
-  case ASSERT:
-  case ASSUME:
+    DATA_INVARIANT(false, "Returns must be removed before analysis");
+    break;
+  case ATOMIC_BEGIN: // Ignoring is a valid over-approximation
+  case ATOMIC_END:   // Ignoring is a valid over-approximation
+  case END_FUNCTION: // No action required
+  case LOCATION:     // No action required
+  case START_THREAD: // Require a concurrent analysis at higher level
+  case END_THREAD:   // Require a concurrent analysis at higher level
+  case SKIP:         // No action required
+  case ASSERT:       // No action required
+  case ASSUME:       // Ignoring is a valid over-approximation
+    break;
   case INCOMPLETE_GOTO:
   case NO_INSTRUCTION_TYPE:
+    DATA_INVARIANT(false, "Only complete instructions can be analyzed");
     break;
   }
 }

src/analyses/escape_analysis.cpp

@@ -253,21 +253,30 @@ void escape_domaint::transform(
     // This is the edge to the call site.
     break;
 
-  case GOTO:
+  case GOTO: // Ignoring the guard is a valid over-approximation
+    break;
   case CATCH:
   case THROW:
+    DATA_INVARIANT(false, "Exceptions must be removed before analysis");
+    break;
   case RETURN:
-  case ATOMIC_BEGIN:
-  case ATOMIC_END:
-  case LOCATION:
-  case START_THREAD:
-  case END_THREAD:
-  case ASSERT:
-  case ASSUME:
-  case SKIP:
+    DATA_INVARIANT(false, "Returns must be removed before analysis");
+    break;
+  case ATOMIC_BEGIN: // Ignoring is a valid over-approximation
+  case ATOMIC_END:   // Ignoring is a valid over-approximation
+  case LOCATION:     // No action required
+  case START_THREAD: // Require a concurrent analysis at higher level
+  case END_THREAD:   // Require a concurrent analysis at higher level
+  case ASSERT:       // No action required
+  case ASSUME:       // Ignoring is a valid over-approximation
+  case SKIP:         // No action required
+    break;
   case OTHER:
+    DATA_INVARIANT(false, "Unclear what is a safe over-approximation of OTHER");
+    break;
   case INCOMPLETE_GOTO:
   case NO_INSTRUCTION_TYPE:
+    DATA_INVARIANT(false, "Only complete instructions can be analyzed");
     break;
   }
 }

src/analyses/global_may_alias.cpp

@@ -129,23 +129,32 @@ void global_may_alias_domaint::transform(
     break;
   }
 
-  case FUNCTION_CALL:
-  case GOTO:
+  case FUNCTION_CALL: // Probably safe
+  case GOTO:          // Ignoring the guard is a valid over-approximation
+    break;
   case CATCH:
   case THROW:
+    DATA_INVARIANT(false, "Exceptions must be removed before analysis");
+    break;
   case RETURN:
-  case ATOMIC_BEGIN:
-  case ATOMIC_END:
-  case LOCATION:
-  case START_THREAD:
-  case END_THREAD:
-  case ASSERT:
-  case ASSUME:
-  case SKIP:
-  case END_FUNCTION:
+    DATA_INVARIANT(false, "Returns must be removed before analysis");
+    break;
+  case ATOMIC_BEGIN: // Ignoring is a valid over-approximation
+  case ATOMIC_END:   // Ignoring is a valid over-approximation
+  case LOCATION:     // No action required
+  case START_THREAD: // Require a concurrent analysis at higher level
+  case END_THREAD:   // Require a concurrent analysis at higher level
+  case ASSERT:       // No action required
+  case ASSUME:       // Ignoring is a valid over-approximation
+  case SKIP:         // No action required
+  case END_FUNCTION: // No action required
+    break;
   case OTHER:
+    DATA_INVARIANT(false, "Unclear what is a safe over-approximation of OTHER");
+    break;
   case INCOMPLETE_GOTO:
   case NO_INSTRUCTION_TYPE:
+    DATA_INVARIANT(false, "Only complete instructions can be analyzed");
     break;
   }
 }

src/analyses/interval_domain.cpp

@@ -110,18 +110,26 @@ void interval_domaint::transform(
 
   case CATCH:
   case THROW:
+    DATA_INVARIANT(false, "Exceptions must be removed before analysis");
+    break;
   case RETURN:
-  case ATOMIC_BEGIN:
-  case ATOMIC_END:
-  case END_FUNCTION:
-  case START_THREAD:
-  case END_THREAD:
-  case ASSERT:
-  case LOCATION:
-  case SKIP:
+    DATA_INVARIANT(false, "Returns must be removed before analysis");
+    break;
+  case ATOMIC_BEGIN: // Ignoring is a valid over-approximation
+  case ATOMIC_END:   // Ignoring is a valid over-approximation
+  case END_FUNCTION: // No action required
+  case START_THREAD: // Require a concurrent analysis at higher level
+  case END_THREAD:   // Require a concurrent analysis at higher level
+  case ASSERT:       // No action required
+  case LOCATION:     // No action required
+  case SKIP:         // No action required
+    break;
   case OTHER:
+    DATA_INVARIANT(false, "Unclear what is a safe over-approximation of OTHER");
+    break;
   case INCOMPLETE_GOTO:
   case NO_INSTRUCTION_TYPE:
+    DATA_INVARIANT(false, "Only complete instructions can be analyzed");
     break;
   }
 }

src/analyses/invariant_set_domain.cpp

@@ -77,16 +77,19 @@ void invariant_set_domaint::transform(
 
   case CATCH:
   case THROW:
-  case DEAD:
-  case ATOMIC_BEGIN:
-  case ATOMIC_END:
-  case END_FUNCTION:
-  case LOCATION:
-  case END_THREAD:
-  case SKIP:
+    DATA_INVARIANT(false, "Exceptions must be removed before analysis");
+    break;
+  case DEAD:         // No action required
+  case ATOMIC_BEGIN: // Ignoring is a valid over-approximation
+  case ATOMIC_END:   // Ignoring is a valid over-approximation
+  case END_FUNCTION: // No action required
+  case LOCATION:     // No action required
+  case END_THREAD:   // Require a concurrent analysis at higher level
+  case SKIP:         // No action required
+    break;
   case INCOMPLETE_GOTO:
   case NO_INSTRUCTION_TYPE:
-    // do nothing
+    DATA_INVARIANT(false, "Only complete instructions can be analyzed");
     break;
   }
 }

src/analyses/local_bitvector_analysis.cpp

@@ -310,20 +310,29 @@ void local_bitvector_analysist::build()
 
     case CATCH:
     case THROW:
+      DATA_INVARIANT(false, "Exceptions must be removed before analysis");
+      break;
     case RETURN:
-    case ATOMIC_BEGIN:
-    case ATOMIC_END:
-    case LOCATION:
-    case START_THREAD:
-    case END_THREAD:
-    case SKIP:
+      DATA_INVARIANT(false, "Returns must be removed before analysis");
+      break;
+    case ATOMIC_BEGIN: // Ignoring is a valid over-approximation
+    case ATOMIC_END:   // Ignoring is a valid over-approximation
+    case LOCATION:     // No action required
+    case START_THREAD: // Require a concurrent analysis at higher level
+    case END_THREAD:   // Require a concurrent analysis at higher level
+    case SKIP:         // No action required
+    case ASSERT:       // No action required
+    case ASSUME:       // Ignoring is a valid over-approximation
+    case GOTO:         // Ignoring the guard is a valid over-approximation
+    case END_FUNCTION: // No action required
+      break;
     case OTHER:
-    case ASSERT:
-    case ASSUME:
-    case GOTO:
-    case END_FUNCTION:
+      DATA_INVARIANT(
+        false, "Unclear what is a safe over-approximation of OTHER");
+      break;
     case INCOMPLETE_GOTO:
     case NO_INSTRUCTION_TYPE:
+      DATA_INVARIANT(false, "Only complete instructions can be analyzed");
       break;
     }
 

src/analyses/local_cfg.cpp

@@ -86,9 +86,12 @@ void local_cfgt::build(const goto_programt &goto_program)
     case DECL:
     case DEAD:
     case ASSIGN:
+      node.successors.push_back(loc_nr + 1);
+      break;
+
     case INCOMPLETE_GOTO:
     case NO_INSTRUCTION_TYPE:
-      node.successors.push_back(loc_nr+1);
+      DATA_INVARIANT(false, "Only complete instructions can be analyzed");
       break;
     }
   }

src/analyses/local_may_alias.cpp

@@ -419,20 +419,29 @@ void local_may_aliast::build(const goto_functiont &goto_function)
 
     case CATCH:
     case THROW:
+      DATA_INVARIANT(false, "Exceptions must be removed before analysis");
+      break;
     case RETURN:
-    case GOTO:
-    case START_THREAD:
-    case END_THREAD:
-    case ATOMIC_BEGIN:
-    case ATOMIC_END:
-    case LOCATION:
-    case SKIP:
-    case END_FUNCTION:
+      DATA_INVARIANT(false, "Returns must be removed before analysis");
+      break;
+    case GOTO:         // Ignoring the guard is a valid over-approximation
+    case START_THREAD: // Require a concurrent analysis at higher level
+    case END_THREAD:   // Require a concurrent analysis at higher level
+    case ATOMIC_BEGIN: // Ignoring is a valid over-approximation
+    case ATOMIC_END:   // Ignoring is a valid over-approximation
+    case LOCATION:     // No action required
+    case SKIP:         // No action required
+    case END_FUNCTION: // No action required
+    case ASSERT:       // No action required
+    case ASSUME:       // Ignoring is a valid over-approximation
+      break;
     case OTHER:
-    case ASSERT:
-    case ASSUME:
+      DATA_INVARIANT(
+        false, "Unclear what is a safe over-approximation of OTHER");
+      break;
     case INCOMPLETE_GOTO:
     case NO_INSTRUCTION_TYPE:
+      DATA_INVARIANT(false, "Only complete instructions can be analyzed");
       break;
     }
 

src/analyses/uncaught_exceptions_analysis.cpp

@@ -125,23 +125,30 @@ void uncaught_exceptions_domaint::transform(
     join(uea.exceptions_map[function_name]);
     break;
   }
-  case DECL:
-  case DEAD:
-  case ASSIGN:
+  case DECL:   // Safe to ignore in this context
+  case DEAD:   // Safe to ignore in this context
+  case ASSIGN: // Safe to ignore in this context
+    break;
   case RETURN:
-  case GOTO:
-  case ATOMIC_BEGIN:
-  case ATOMIC_END:
-  case START_THREAD:
-  case END_THREAD:
-  case END_FUNCTION:
-  case ASSERT:
-  case ASSUME:
-  case LOCATION:
-  case SKIP:
+    DATA_INVARIANT(false, "Returns must be removed before analysis");
+    break;
+  case GOTO:         // Ignoring the guard is a valid over-approximation
+  case ATOMIC_BEGIN: // Ignoring is a valid over-approximation
+  case ATOMIC_END:   // Ignoring is a valid over-approximation
+  case START_THREAD: // Require a concurrent analysis at higher level
+  case END_THREAD:   // Require a concurrent analysis at higher level
+  case END_FUNCTION: // No action required
+  case ASSERT:       // No action required
+  case ASSUME:       // Ignoring is a valid over-approximation
+  case LOCATION:     // No action required
+  case SKIP:         // No action required
+    break;
   case OTHER:
+    DATA_INVARIANT(false, "Unclear what is a safe over-approximation of OTHER");
+    break;
   case INCOMPLETE_GOTO:
   case NO_INSTRUCTION_TYPE:
+    DATA_INVARIANT(false, "Only complete instructions can be analyzed");
     break;
   }
 }