Merge pull request #4963 from diffblue/analyses-opX

Daniel Kroening · web-flow · commit b20cf69e6b6e · 2019-08-04T08:19:42.000+01:00
fix exprt::opX accesses in analyses
diff --git a/src/analyses/custom_bitvector_analysis.cpp b/src/analyses/custom_bitvector_analysis.cpp
@@ -704,10 +704,10 @@ exprt custom_bitvector_domaint::eval(
   {
     if(src.operands().size()==2)
     {
-      unsigned bit_nr=
-        custom_bitvector_analysis.get_bit_nr(src.op1());
+      unsigned bit_nr =
+        custom_bitvector_analysis.get_bit_nr(to_binary_expr(src).op1());
 
-      exprt pointer=src.op0();
+      exprt pointer = to_binary_expr(src).op0();
 
       if(pointer.type().id()!=ID_pointer)
         return src;
diff --git a/src/analyses/goto_check.cpp b/src/analyses/goto_check.cpp
@@ -790,7 +790,7 @@ void goto_checkt::integer_overflow_check(
       exprt tmp;
 
       if(i==1)
-        tmp=expr.op0();
+        tmp = to_multi_ary_expr(expr).op0();
       else
       {
         tmp=expr;
@@ -1732,7 +1732,8 @@ optionalt<exprt> goto_checkt::rw_ok_check(exprt expr)
     DATA_INVARIANT(
       expr.operands().size() == 2, "r/w_ok must have two operands");
 
-    const auto conditions = address_check(expr.op0(), expr.op1());
+    const auto conditions =
+      address_check(to_binary_expr(expr).op0(), to_binary_expr(expr).op1());
 
     exprt::operandst conjuncts;
 
@@ -1964,7 +1965,7 @@ void goto_checkt::goto_check(
       {
         // must not throw NULL
 
-        exprt pointer=i.code.op0().op0();
+        exprt pointer = to_unary_expr(i.code.op0()).op();
 
         const notequal_exprt not_eq_null(
           pointer, null_pointer_exprt(to_pointer_type(pointer.type())));
diff --git a/src/analyses/local_bitvector_analysis.cpp b/src/analyses/local_bitvector_analysis.cpp
@@ -176,23 +176,26 @@ local_bitvector_analysist::flagst local_bitvector_analysist::get_rec(
   }
   else if(rhs.id()==ID_plus)
   {
-    if(rhs.operands().size()>=3)
+    const auto &plus_expr = to_plus_expr(rhs);
+
+    if(plus_expr.operands().size() >= 3)
     {
-      assert(rhs.op0().type().id()==ID_pointer);
-      return get_rec(rhs.op0(), loc_info_src) |
-             flagst::mk_uses_offset();
+      DATA_INVARIANT(
+        plus_expr.op0().type().id() == ID_pointer,
+        "pointer in pointer-typed sum must be op0");
+      return get_rec(plus_expr.op0(), loc_info_src) | flagst::mk_uses_offset();
     }
-    else if(rhs.operands().size()==2)
+    else if(plus_expr.operands().size() == 2)
     {
       // one must be pointer, one an integer
-      if(rhs.op0().type().id()==ID_pointer)
+      if(plus_expr.op0().type().id() == ID_pointer)
       {
-        return get_rec(rhs.op0(), loc_info_src) |
+        return get_rec(plus_expr.op0(), loc_info_src) |
                flagst::mk_uses_offset();
       }
-      else if(rhs.op1().type().id()==ID_pointer)
+      else if(plus_expr.op1().type().id() == ID_pointer)
       {
-        return get_rec(rhs.op1(), loc_info_src) |
+        return get_rec(plus_expr.op1(), loc_info_src) |
                flagst::mk_uses_offset();
       }
       else
@@ -203,10 +206,11 @@ local_bitvector_analysist::flagst local_bitvector_analysist::get_rec(
   }
   else if(rhs.id()==ID_minus)
   {
-    if(rhs.op0().type().id()==ID_pointer)
+    const auto &op0 = to_minus_expr(rhs).op0();
+
+    if(op0.type().id() == ID_pointer)
     {
-      return get_rec(rhs.op0(), loc_info_src) |
-             flagst::mk_uses_offset();
+      return get_rec(op0, loc_info_src) | flagst::mk_uses_offset();
     }
     else
       return flagst::mk_unknown();
diff --git a/src/analyses/local_may_alias.cpp b/src/analyses/local_may_alias.cpp
@@ -250,21 +250,25 @@ void local_may_aliast::get_rec(
   }
   else if(rhs.id()==ID_plus)
   {
-    if(rhs.operands().size()>=3)
+    const auto &plus_expr = to_plus_expr(rhs);
+
+    if(plus_expr.operands().size() >= 3)
     {
-      assert(rhs.op0().type().id()==ID_pointer);
-      get_rec(dest, rhs.op0(), loc_info_src);
+      DATA_INVARIANT(
+        plus_expr.op0().type().id() == ID_pointer,
+        "pointer in pointer-typed sum must be op0");
+      get_rec(dest, plus_expr.op0(), loc_info_src);
     }
-    else if(rhs.operands().size()==2)
+    else if(plus_expr.operands().size() == 2)
     {
       // one must be pointer, one an integer
-      if(rhs.op0().type().id()==ID_pointer)
+      if(plus_expr.op0().type().id() == ID_pointer)
       {
-        get_rec(dest, rhs.op0(), loc_info_src);
+        get_rec(dest, plus_expr.op0(), loc_info_src);
       }
-      else if(rhs.op1().type().id()==ID_pointer)
+      else if(plus_expr.op1().type().id() == ID_pointer)
       {
-        get_rec(dest, rhs.op1(), loc_info_src);
+        get_rec(dest, plus_expr.op1(), loc_info_src);
       }
       else
         dest.insert(unknown_object);
@@ -274,9 +278,11 @@ void local_may_aliast::get_rec(
   }
   else if(rhs.id()==ID_minus)
   {
-    if(rhs.op0().type().id()==ID_pointer)
+    const auto &op0 = to_minus_expr(rhs).op0();
+
+    if(op0.type().id() == ID_pointer)
     {
-      get_rec(dest, rhs.op0(), loc_info_src);
+      get_rec(dest, op0, loc_info_src);
     }
     else
       dest.insert(unknown_object);
diff --git a/src/analyses/local_safe_pointers.cpp b/src/analyses/local_safe_pointers.cpp
@@ -43,7 +43,7 @@ static optionalt<goto_null_checkt> get_null_checked_expr(const exprt &expr)
   // Reduce some roundabout ways of saying "x != null", e.g. "!(x == null)".
   while(normalized_expr.id() == ID_not)
   {
-    normalized_expr = normalized_expr.op0();
+    normalized_expr = to_not_expr(normalized_expr).op();
     checked_when_taken = !checked_when_taken;
   }
 
@@ -55,8 +55,8 @@ static optionalt<goto_null_checkt> get_null_checked_expr(const exprt &expr)
 
   if(normalized_expr.id() == ID_notequal)
   {
-    const exprt &op0 = skip_typecast(normalized_expr.op0());
-    const exprt &op1 = skip_typecast(normalized_expr.op1());
+    const exprt &op0 = skip_typecast(to_notequal_expr(normalized_expr).op0());
+    const exprt &op1 = skip_typecast(to_notequal_expr(normalized_expr).op1());
 
     if(op0.type().id() == ID_pointer &&
        op0 == null_pointer_exprt(to_pointer_type(op0.type())))
diff --git a/src/analyses/static_analysis.cpp b/src/analyses/static_analysis.cpp
@@ -370,7 +370,7 @@ void static_analysis_baset::do_function_call_rec(
       calling_function,
       l_call,
       l_return,
-      function.op1(),
+      to_if_expr(function).true_case(),
       arguments,
       new_state,
       goto_functions);
@@ -379,7 +379,7 @@ void static_analysis_baset::do_function_call_rec(
       calling_function,
       l_call,
       l_return,
-      function.op2(),
+      to_if_expr(function).false_case(),
       arguments,
       *n2,
       goto_functions);
diff --git a/src/analyses/uncaught_exceptions_analysis.cpp b/src/analyses/uncaught_exceptions_analysis.cpp
@@ -28,8 +28,8 @@ irep_idt uncaught_exceptions_domaint::get_exception_type(const typet &type)
 /// Returns the symbol corresponding to an exception
 exprt uncaught_exceptions_domaint::get_exception_symbol(const exprt &expr)
 {
-  if(expr.id()!=ID_symbol && expr.has_operands())
-    return get_exception_symbol(expr.op0());
+  if(expr.id() != ID_symbol && expr.operands().size() >= 1)
+    return get_exception_symbol(to_multi_ary_expr(expr).op0());
 
   return expr;
 }

Original file line number	Diff line number	Diff line change
`@@ -704,10 +704,10 @@ exprt custom_bitvector_domaint::eval(`
`704`	`704`	`{`
`705`	`705`	`if(src.operands().size()==2)`
`706`	`706`	`{`
`707`		`- unsigned bit_nr=`
`708`		`- custom_bitvector_analysis.get_bit_nr(src.op1());`
	`707`	`+ unsigned bit_nr =`
	`708`	`+ custom_bitvector_analysis.get_bit_nr(to_binary_expr(src).op1());`
`709`	`709`
`710`		`- exprt pointer=src.op0();`
	`710`	`+ exprt pointer = to_binary_expr(src).op0();`
`711`	`711`
`712`	`712`	`if(pointer.type().id()!=ID_pointer)`
`713`	`713`	`return src;`
Original file line number	Diff line number	Diff line change
`@@ -176,23 +176,26 @@ local_bitvector_analysist::flagst local_bitvector_analysist::get_rec(`
`176`	`176`	`}`
`177`	`177`	`else if(rhs.id()==ID_plus)`
`178`	`178`	`{`
`179`		`- if(rhs.operands().size()>=3)`
	`179`	`+ const auto &plus_expr = to_plus_expr(rhs);`
	`180`	`+`
	`181`	`+ if(plus_expr.operands().size() >= 3)`
`180`	`182`	`{`
`181`		`- assert(rhs.op0().type().id()==ID_pointer);`
`182`		`- return get_rec(rhs.op0(), loc_info_src) \|`
`183`		`- flagst::mk_uses_offset();`
	`183`	`+ DATA_INVARIANT(`
	`184`	`+ plus_expr.op0().type().id() == ID_pointer,`
	`185`	`+ "pointer in pointer-typed sum must be op0");`
	`186`	`+ return get_rec(plus_expr.op0(), loc_info_src) \| flagst::mk_uses_offset();`
`184`	`187`	`}`
`185`		`- else if(rhs.operands().size()==2)`
	`188`	`+ else if(plus_expr.operands().size() == 2)`
`186`	`189`	`{`
`187`	`190`	`// one must be pointer, one an integer`
`188`		`- if(rhs.op0().type().id()==ID_pointer)`
	`191`	`+ if(plus_expr.op0().type().id() == ID_pointer)`
`189`	`192`	`{`
`190`		`- return get_rec(rhs.op0(), loc_info_src) \|`
	`193`	`+ return get_rec(plus_expr.op0(), loc_info_src) \|`
`191`	`194`	`flagst::mk_uses_offset();`
`192`	`195`	`}`
`193`		`- else if(rhs.op1().type().id()==ID_pointer)`
	`196`	`+ else if(plus_expr.op1().type().id() == ID_pointer)`
`194`	`197`	`{`
`195`		`- return get_rec(rhs.op1(), loc_info_src) \|`
	`198`	`+ return get_rec(plus_expr.op1(), loc_info_src) \|`
`196`	`199`	`flagst::mk_uses_offset();`
`197`	`200`	`}`
`198`	`201`	`else`
`@@ -203,10 +206,11 @@ local_bitvector_analysist::flagst local_bitvector_analysist::get_rec(`
`203`	`206`	`}`
`204`	`207`	`else if(rhs.id()==ID_minus)`
`205`	`208`	`{`
`206`		`- if(rhs.op0().type().id()==ID_pointer)`
	`209`	`+ const auto &op0 = to_minus_expr(rhs).op0();`
	`210`	`+`
	`211`	`+ if(op0.type().id() == ID_pointer)`
`207`	`212`	`{`
`208`		`- return get_rec(rhs.op0(), loc_info_src) \|`
`209`		`- flagst::mk_uses_offset();`
	`213`	`+ return get_rec(op0, loc_info_src) \| flagst::mk_uses_offset();`
`210`	`214`	`}`
`211`	`215`	`else`
`212`	`216`	`return flagst::mk_unknown();`
Original file line number	Diff line number	Diff line change
`@@ -250,21 +250,25 @@ void local_may_aliast::get_rec(`
`250`	`250`	`}`
`251`	`251`	`else if(rhs.id()==ID_plus)`
`252`	`252`	`{`
`253`		`- if(rhs.operands().size()>=3)`
	`253`	`+ const auto &plus_expr = to_plus_expr(rhs);`
	`254`	`+`
	`255`	`+ if(plus_expr.operands().size() >= 3)`
`254`	`256`	`{`
`255`		`- assert(rhs.op0().type().id()==ID_pointer);`
`256`		`- get_rec(dest, rhs.op0(), loc_info_src);`
	`257`	`+ DATA_INVARIANT(`
	`258`	`+ plus_expr.op0().type().id() == ID_pointer,`
	`259`	`+ "pointer in pointer-typed sum must be op0");`
	`260`	`+ get_rec(dest, plus_expr.op0(), loc_info_src);`
`257`	`261`	`}`
`258`		`- else if(rhs.operands().size()==2)`
	`262`	`+ else if(plus_expr.operands().size() == 2)`
`259`	`263`	`{`
`260`	`264`	`// one must be pointer, one an integer`
`261`		`- if(rhs.op0().type().id()==ID_pointer)`
	`265`	`+ if(plus_expr.op0().type().id() == ID_pointer)`
`262`	`266`	`{`
`263`		`- get_rec(dest, rhs.op0(), loc_info_src);`
	`267`	`+ get_rec(dest, plus_expr.op0(), loc_info_src);`
`264`	`268`	`}`
`265`		`- else if(rhs.op1().type().id()==ID_pointer)`
	`269`	`+ else if(plus_expr.op1().type().id() == ID_pointer)`
`266`	`270`	`{`
`267`		`- get_rec(dest, rhs.op1(), loc_info_src);`
	`271`	`+ get_rec(dest, plus_expr.op1(), loc_info_src);`
`268`	`272`	`}`
`269`	`273`	`else`
`270`	`274`	`dest.insert(unknown_object);`
`@@ -274,9 +278,11 @@ void local_may_aliast::get_rec(`
`274`	`278`	`}`
`275`	`279`	`else if(rhs.id()==ID_minus)`
`276`	`280`	`{`
`277`		`- if(rhs.op0().type().id()==ID_pointer)`
	`281`	`+ const auto &op0 = to_minus_expr(rhs).op0();`
	`282`	`+`
	`283`	`+ if(op0.type().id() == ID_pointer)`
`278`	`284`	`{`
`279`		`- get_rec(dest, rhs.op0(), loc_info_src);`
	`285`	`+ get_rec(dest, op0, loc_info_src);`
`280`	`286`	`}`
`281`	`287`	`else`
`282`	`288`	`dest.insert(unknown_object);`
Original file line number	Diff line number	Diff line change
`@@ -43,7 +43,7 @@ static optionalt<goto_null_checkt> get_null_checked_expr(const exprt &expr)`
`43`	`43`	`// Reduce some roundabout ways of saying "x != null", e.g. "!(x == null)".`
`44`	`44`	`while(normalized_expr.id() == ID_not)`
`45`	`45`	`{`
`46`		`- normalized_expr = normalized_expr.op0();`
	`46`	`+ normalized_expr = to_not_expr(normalized_expr).op();`
`47`	`47`	`checked_when_taken = !checked_when_taken;`
`48`	`48`	`}`
`49`	`49`
`@@ -55,8 +55,8 @@ static optionalt<goto_null_checkt> get_null_checked_expr(const exprt &expr)`
`55`	`55`
`56`	`56`	`if(normalized_expr.id() == ID_notequal)`
`57`	`57`	`{`
`58`		`- const exprt &op0 = skip_typecast(normalized_expr.op0());`
`59`		`- const exprt &op1 = skip_typecast(normalized_expr.op1());`
	`58`	`+ const exprt &op0 = skip_typecast(to_notequal_expr(normalized_expr).op0());`
	`59`	`+ const exprt &op1 = skip_typecast(to_notequal_expr(normalized_expr).op1());`
`60`	`60`
`61`	`61`	`if(op0.type().id() == ID_pointer &&`
`62`	`62`	`op0 == null_pointer_exprt(to_pointer_type(op0.type())))`
Original file line number	Diff line number	Diff line change
`@@ -28,8 +28,8 @@ irep_idt uncaught_exceptions_domaint::get_exception_type(const typet &type)`
`28`	`28`	`/// Returns the symbol corresponding to an exception`
`29`	`29`	`exprt uncaught_exceptions_domaint::get_exception_symbol(const exprt &expr)`
`30`	`30`	`{`
`31`		`- if(expr.id()!=ID_symbol && expr.has_operands())`
`32`		`- return get_exception_symbol(expr.op0());`
	`31`	`+ if(expr.id() != ID_symbol && expr.operands().size() >= 1)`
	`32`	`+ return get_exception_symbol(to_multi_ary_expr(expr).op0());`
`33`	`33`
`34`	`34`	`return expr;`
`35`	`35`	`}`