introduce expr_protectedt

This will serve as the interface that we aspire exprt to offer; in
particular, access to opX is protected.

Author: Daniel Kroening

src/util/expr.h

@@ -319,6 +319,29 @@ class exprt:public irept
   const_unique_depth_iteratort unique_depth_cend() const;
 };
 
+/// Class for expressions that offers a restriction of the API
+/// offered by exprt. Notably, access to non-type-safe methods such
+/// as opX() is protected.
+/// This API will eventually replace exprt.
+class expr_protectedt : public exprt
+{
+protected:
+  // constructor
+  expr_protectedt(const irep_idt &_id, const typet &_type) : exprt(_id, _type)
+  {
+  }
+
+  // protect these low-level methods
+  using exprt::make_bool;
+  using exprt::make_typecast;
+  using exprt::op0;
+  using exprt::op1;
+  using exprt::op2;
+  using exprt::op3;
+  using exprt::add;
+  using exprt::remove;
+};
+
 class expr_visitort
 {
 public:

src/util/pointer_offset_size.cpp

@@ -593,8 +593,11 @@ exprt build_sizeof_expr(
   const constant_exprt &expr,
   const namespacet &ns)
 {
-  const typet &type=
-    static_cast<const typet &>(expr.find(ID_C_c_sizeof_type));
+  // need to cast down to access 'find'
+  const auto &expr_as_irep = static_cast<const irept &>(expr);
+
+  const typet &type =
+    static_cast<const typet &>(expr_as_irep.find(ID_C_c_sizeof_type));
 
   if(type.is_nil())
     return nil_exprt();

src/util/std_expr.cpp

@@ -150,8 +150,8 @@ extractbits_exprt::extractbits_exprt(
   const exprt &_src,
   const std::size_t _upper,
   const std::size_t _lower,
-  const typet &_type):
-  exprt(ID_extractbits, _type)
+  const typet &_type)
+  : protected_exprt(ID_extractbits, _type)
 {
   PRECONDITION(_upper >= _lower);
   operands().resize(3);