Restore conditional bounds-checking of count_{leading,trailing}_zeros

tautschnig · tautschnig · commit e334f8b0c781 · 2022-03-04T22:24:15.000Z
The cleanup of 4d4f9e7 (PR #6684) made bounds checking of these bit count expressions unconditional. This did not affect any input coming from the C front-end, but became apparent with the Rust front-end as documented in model-checking/kani#886. This commit restores conditional bounds checking, but now actually uses the proper expression API rather than the low-level hack.
diff --git a/src/analyses/goto_check_c.cpp b/src/analyses/goto_check_c.cpp
@@ -1508,7 +1508,10 @@ void goto_check_ct::bounds_check(const exprt &expr, const guardt &guard)
   if(expr.id() == ID_index)
     bounds_check_index(to_index_expr(expr), guard);
   else if(
-    expr.id() == ID_count_leading_zeros || expr.id() == ID_count_trailing_zeros)
+    (expr.id() == ID_count_leading_zeros &&
+     !to_count_leading_zeros_expr(expr).zero_permitted()) ||
+    (expr.id() == ID_count_trailing_zeros &&
+     !to_count_trailing_zeros_expr(expr).zero_permitted()))
   {
     bounds_check_bit_count(to_unary_expr(expr), guard);
   }

Original file line number	Diff line number	Diff line change
`@@ -1508,7 +1508,10 @@ void goto_check_ct::bounds_check(const exprt &expr, const guardt &guard)`
`1508`	`1508`	`if(expr.id() == ID_index)`
`1509`	`1509`	`bounds_check_index(to_index_expr(expr), guard);`
`1510`	`1510`	`else if(`
`1511`		`- expr.id() == ID_count_leading_zeros \|\| expr.id() == ID_count_trailing_zeros)`
	`1511`	`+ (expr.id() == ID_count_leading_zeros &&`
	`1512`	`+ !to_count_leading_zeros_expr(expr).zero_permitted()) \|\|`
	`1513`	`+ (expr.id() == ID_count_trailing_zeros &&`
	`1514`	`+ !to_count_trailing_zeros_expr(expr).zero_permitted()))`
`1512`	`1515`	`{`
`1513`	`1516`	`bounds_check_bit_count(to_unary_expr(expr), guard);`
`1514`	`1517`	`}`