goto-analyser simplify generates binary that can't be analyzed with goto-instrument

[polgreen]

I am using this Xen binary (which is a goto-cc build of this branch: https://github.com/nmanthey/xen/tree/gotocc):
https://drive.google.com/file/d/1Vco57D_iMhQ6N1EXqLTmF1wC9WiSN3mZ/view?usp=sharing
To rebuild this binary, use the docker file in this PR:
#2504

I am running the following commands:

goto-analyzer --simplify output.binary xen-syms.binary
goto-instrument --call-graph output.binary

The error message is:

goto-instrument: local_bitvector_analysis.cpp:185: local_bitvector_analysist::flagst local_bitvector_analysist::get_rec(const exprt&, local_bitvector_analysist::points_tot&): Assertion `rhs.op0().type().id()==ID_pointer' failed.

I am running on develop + this PR: #2642.
I get the same error when I try develop + these patches:https://github.com/tautschnig/cbmc/tree/extend-simplifier.

[martin-cs]

Hmmm... that's not good. It's not entirely unprecedented though.

[polgreen]

I wonder if the root cause is related to either of these issues though, or if CBMC's handling of this style of low-level C code has just generally degraded a bit over the last 6 months?
#2653
#2663

[martin-cs]

Simplify can produce code that is outside of the range of things normally produced by the C front-end so it can sometimes turn up bug in other tools based on mistaken assumptions about what can and can't happen ( #751 as ever ).