Assert type consistency in the simplifier #2064
Conversation
tautschnig
requested review from
chrisr-diffblue,
martin-cs,
peterschrammel,
smowton and
thk123
as code owners
tautschnig
force-pushed
the
pointer-overflow-check
branch
from
6ea9073 to
4ad5c54
Compare
src/analyses/goto_check.cpp
Outdated
| { | ||
| exprt overflow("overflow-"+expr.id_string(), bool_typet()); | ||
| overflow.operands()=expr.operands(); | ||
| exprt tmp; |
src/analyses/goto_check.cpp
Outdated
| { | ||
| if(expr.operands().size()==2) | ||
| // The overflow checks are binary! | ||
| // We break these up. |
There was a problem hiding this comment.
... e.g. for "a + b + c + d" we check "a + b", "(a + b) + c", "(a + b + c) + d"
src/analyses/goto_check.cpp
Outdated
| tmp.operands().resize(i); | ||
| } | ||
|
|
||
| exprt tmp2 = expr; |
src/analyses/goto_check.cpp
Outdated
| exprt overflow("overflow-" + expr.id_string(), bool_typet()); | ||
| overflow.operands() = expr.operands(); | ||
|
|
||
| // this is overflow over integers |
There was a problem hiding this comment.
How about // check for address space overflow, since I guess the point is we're checking whether we wrap the VAS?
|
Why not simply use make_binary()? |
|
Ok, that has type checks that will fail -- I would add a separate function make_pointer_arithmetic_binary, which relaxes the check, and then call that. |
|
I will overhaul this PR completely as I have in parts been solving the wrong problem. Notably, the expressions passed to |
tautschnig
force-pushed
the
pointer-overflow-check
branch
from
4ad5c54 to
bdd71ab
Compare
tautschnig
changed the title
tautschnig
force-pushed
the
pointer-overflow-check
branch
from
bdd71ab to
4ea6c4c
Compare
|
This turned into a surprisingly widespread bug-fixing session. Can @romainbrenguier please take a look at the changes I had to make in the string refinement, @kroening please comment on fixes in the simplifier. |
tautschnig
force-pushed
the
pointer-overflow-check
branch
from
4ea6c4c to
18c6c1f
Compare
| while(s.id() == ID_if) | ||
| { | ||
| if_exprt s_if = to_if_expr(s); | ||
| simplify(s_if.cond(), ns); |
There was a problem hiding this comment.
this copies the whole s exprt, would it be better to just copy the condition?
There was a problem hiding this comment.
and why is this not part of simplify_expr?
There was a problem hiding this comment.
I will change this to exprt simp_cond = simplify_expr(to_if_expr(s).cond(), ns); with another to_if_expr(s).{true,false}_case() below.
src/util/simplify_expr_int.cpp
Outdated
| @@ -894,7 +895,9 @@ bool simplify_exprt::simplify_concatenation(exprt &expr) | |||
| if(op.is_true() || op.is_false()) | |||
| { | |||
| bool value=op.is_true(); | |||
| op=constant_exprt(value?ID_1:ID_0, unsignedbv_typet(1)); | |||
| op = constant_exprt( | |||
| value ? ID_1 : ID_0, bitvector_typet(expr.type().id(), 1)); | |||
There was a problem hiding this comment.
value should be const, or could be inlined here
There was a problem hiding this comment.
True, but unrelated to the fix here? Let me know if you insist, though. I have made the change.
tautschnig
force-pushed
the
pointer-overflow-check
branch
2 times, most recently
from
37fbecb to
ba7ce39
Compare
tautschnig
changed the title
tautschnig
force-pushed
the
pointer-overflow-check
branch
from
93b83cf to
5ceaec0
Compare
tautschnig
changed the title
tautschnig
force-pushed
the
pointer-overflow-check
branch
from
5ceaec0 to
6a4d11d
Compare
tautschnig
requested review from
allredj,
danpoe,
hannes-steffenhagen-diffblue and
owen-mc-diffblue
as code owners
tautschnig
force-pushed
the
pointer-overflow-check
branch
from
6a4d11d to
151babd
Compare
array_poolt::make_char_array_for_char_pointer generates conditional expressions denoting possible array sizes. This results in types without a fixed size, and is used to construct ifthenelse expressions that may have multiple types. This is not permitted, and thus must be filtered out before passing to further processing, such as simplification or flattening.
If the simplifier receives an expression that isn't type-consistent it might produce a type-inconsistent result, but we will now fail an invariant in that case.
tautschnig
force-pushed
the
pointer-overflow-check
branch
from
151babd to
8616586
Compare
tautschnig
changed the title
tautschnig
assigned peterschrammel, martin-cs and romainbrenguier and unassigned tautschnig
|
This is now ready for review - @romainbrenguier in particular, but maybe also @martin-cs and @peterschrammel. |
| @@ -869,7 +912,10 @@ void string_refinementt::add_lemma( | |||
|
|
|||
| exprt simple_lemma = lemma; | |||
| if(simplify_lemma) | |||
| { | |||
| simple_lemma = adjust_if_recursive(std::move(simple_lemma), ns); | |||
There was a problem hiding this comment.
This will probably not get rid of all the inconsistencies, so I'm not sure about how useful it is. Ideally we should get rid of the introduction of type inconsistencies, but I'm not sure about the best way to do that.
There was a problem hiding this comment.
I recall having tried removing them completely (which would be done by using type casts), but that did not seem to work very well. It's the long-term solution, and maybe that's what we should actually invest in instead of this hack. Not sure though, I'm certainly curious about the results with TG!
There was a problem hiding this comment.
Everything is green on our side, so nothing blocking merging it.
romainbrenguier
added
the
Needs TG approval 🦉
There was a problem hiding this comment.
✔️
Passed Diffblue compatibility checks (cbmc commit: 8616586).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/103493328
romainbrenguier
removed
the
Needs TG approval 🦉
No description provided.