Value-set-dereference: generate let expressions for complex pointers

smowton · smowton · commit a5321d6241be · 2019-05-07T17:30:06.000+01:00
For the time being symex always lifts these immediately, to avoid having to teach all elements
of cbmc about the let expression.
diff --git a/src/goto-symex/symex_clean_expr.cpp b/src/goto-symex/symex_clean_expr.cpp
@@ -128,6 +128,7 @@ void goto_symext::process_array_expr(statet &state, exprt &expr)
     ns, state.symbol_table, symex_dereference_state, language_mode, false);
 
   expr = dereference.dereference(expr);
+  lift_lets(state, expr, symex_targett::assignment_typet::STATE);
 
   ::process_array_expr(expr, symex_config.simplify_opt, ns);
 }
@@ -222,6 +223,7 @@ void goto_symext::clean_expr(
 {
   replace_nondet(expr, path_storage.build_symex_nondet);
   dereference(expr, state, write);
+  lift_lets(state, expr, symex_targett::assignment_typet::STATE);
 
   // make sure all remaining byte extract operations use the root
   // object to avoid nesting of with/update and byte_update when on
diff --git a/src/pointer-analysis/value_set_dereference.cpp b/src/pointer-analysis/value_set_dereference.cpp
@@ -76,9 +76,24 @@ exprt value_set_dereferencet::dereference(const exprt &pointer)
 
   std::list<valuet> values;
 
+  exprt compare_against_pointer = pointer;
+
+  if(pointer.id() != ID_symbol && retained_values.size() >= 2)
+  {
+    symbolt fresh_binder = get_fresh_aux_symbol(
+      pointer.type(),
+      "derefd_pointer",
+      "derefd_pointer",
+      source_locationt(),
+      language_mode,
+      new_symbol_table);
+
+    compare_against_pointer = fresh_binder.symbol_expr();
+  }
+
   for(const auto &value : retained_values)
   {
-    values.push_back(build_reference_to(value, pointer, ns));
+    values.push_back(build_reference_to(value, compare_against_pointer, ns));
 #if 0
     std::cout << "V: " << format(value.pointer_guard) << " --> ";
     std::cout << format(value.value);
@@ -160,9 +175,12 @@ exprt value_set_dereferencet::dereference(const exprt &pointer)
     }
   }
 
-  #if 0
+  if(compare_against_pointer != pointer)
+    value = let_exprt(to_symbol_expr(compare_against_pointer), pointer, value);
+
+#if 0
   std::cout << "R: " << format(value) << "\n\n";
-  #endif
+#endif
 
   return value;
 }

Original file line number	Diff line number	Diff line change
`@@ -128,6 +128,7 @@ void goto_symext::process_array_expr(statet &state, exprt &expr)`
`128`	`128`	`ns, state.symbol_table, symex_dereference_state, language_mode, false);`
`129`	`129`
`130`	`130`	`expr = dereference.dereference(expr);`
	`131`	`+ lift_lets(state, expr, symex_targett::assignment_typet::STATE);`
`131`	`132`
`132`	`133`	`::process_array_expr(expr, symex_config.simplify_opt, ns);`
`133`	`134`	`}`
`@@ -222,6 +223,7 @@ void goto_symext::clean_expr(`
`222`	`223`	`{`
`223`	`224`	`replace_nondet(expr, path_storage.build_symex_nondet);`
`224`	`225`	`dereference(expr, state, write);`
	`226`	`+ lift_lets(state, expr, symex_targett::assignment_typet::STATE);`
`225`	`227`
`226`	`228`	`// make sure all remaining byte extract operations use the root`
`227`	`229`	`// object to avoid nesting of with/update and byte_update when on`