introduce protected_exprt #3855
Conversation
kroening
requested review from
allredj,
cesaro,
chrisr-diffblue,
cristina-david,
martin-cs,
NathanJPhillips,
peterschrammel,
pkesseli,
romainbrenguier,
smowton,
tautschnig and
thk123
as code owners
kroening
force-pushed
the
protected_exprt
branch
2 times, most recently
from
cd7d05d to
6947aaa
Compare
There was a problem hiding this comment.
🚫
This PR failed Diffblue compatibility checks (cbmc commit: cd7d05d).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/97934741
Status will be re-evaluated on next push.
Please contact @peterschrammel, @thk123, or @allredj for support.
Common spurious failures:
- the cbmc commit has disappeared in the mean time (e.g. in a force-push)
- the author is not in the list of contributors (e.g. first-time contributors).
The incompatibility may have been introduced by an earlier PR. In that case merging this
PR should be avoided unless it fixes the current incompatibility.
| @@ -870,8 +870,8 @@ void value_set_fit::get_reference_set_sharing_rec( | |||
| insert(dest, exprt(ID_unknown, expr.type())); | |||
| else | |||
| { | |||
| index_exprt index_expr( | |||
| object, from_integer(0, index_type()), expr.type()); | |||
| exprt index_expr = | |||
There was a problem hiding this comment.
❓ Why remove the type from lhs? Because we call make_typecast which makes this not an index_exprt 😱 -> ⛏️ don't change the type, instead create a typecast from the index_exprt
| /// This API will eventually replace exprt. | ||
| class protected_exprt : public exprt | ||
| { | ||
| protected: |
There was a problem hiding this comment.
❓ Would it make more sense to use protected inheritance? I assume the answer is no as there remains calls to other methods, that have not been removed, but perhaps given this direction of travel it would making more sense to using them into the public section? (I think you can do this, but I have not actually tried).
There was a problem hiding this comment.
This would circumvent the need for this class entirely and just update the classes that inherit from exprt to protected extend it and in fact allow for explicitly identifying the classes that use the wrong interface.
There was a problem hiding this comment.
There are a lot of classes inheriting from exprt; furthermore, the interface of exprt should change as well, once we are there.
src/util/expr.h
Outdated
| @@ -318,6 +318,40 @@ class exprt:public irept | |||
| const_unique_depth_iteratort unique_depth_cend() const; | |||
| }; | |||
|
|
|||
| /// Protected class for all expressions. | |||
| /// This API will eventually replace exprt. | |||
| class protected_exprt : public exprt | |||
There was a problem hiding this comment.
⛏️ I slightly worry about the name, in general, X_exprt means an expression representing an AST node of type X. I guess protected is never a node of a C/C++/Java AST, but perhaps this should be called expr_protected or expr_api_protected to indicate that this is an internal fudge rather than an actual GOTO thing.
|
Ah this doesn't yet compile on CBMC - will hold off on the bump front for now. |
kroening
force-pushed
the
protected_exprt
branch
3 times, most recently
from
5d451cc to
a9a44af
Compare
There was a problem hiding this comment.
🚫
This PR failed Diffblue compatibility checks (cbmc commit: 5d451cc).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/98429525
Status will be re-evaluated on next push.
Please contact @peterschrammel, @thk123, or @allredj for support.
Common spurious failures:
- the cbmc commit has disappeared in the mean time (e.g. in a force-push)
- the author is not in the list of contributors (e.g. first-time contributors).
The incompatibility may have been introduced by an earlier PR. In that case merging this
PR should be avoided unless it fixes the current incompatibility.
|
@kroening This still isn't compiling on cbmc yet: So will hold off on the bump for now. |
src/util/expr.h
Outdated
| @@ -319,6 +319,40 @@ class exprt:public irept | |||
| const_unique_depth_iteratort unique_depth_cend() const; | |||
| }; | |||
|
|
|||
| /// Protected class for all expressions. | |||
There was a problem hiding this comment.
What is a "protected" class? Who is being protected? From what risks are they being shielded? When should anyone use it? I think this comment needs to be reworded.
There was a problem hiding this comment.
I'm a bit confused, an intermittent version had more elaborate documentation. Do a git reflog to look at those?
src/util/expr.h
Outdated
| DEPRECATED("use protected_exprt(id, type) instead") | ||
| explicit protected_exprt(const irep_idt &_id) : exprt(_id) | ||
| { | ||
| } |
There was a problem hiding this comment.
It seems rather weird that newly introduced code would be deprecated? Can we just not have these?
src/util/expr.h
Outdated
| using exprt::op3; | ||
| // using exprt::find; | ||
| // using exprt::get; | ||
| // using exprt::set; |
There was a problem hiding this comment.
Adding commented-out code without comments is just raising questions, but not providing answers.
src/util/pointer_offset_size.cpp
Outdated
| const typet &type= | ||
| static_cast<const typet &>(expr.find(ID_C_c_sizeof_type)); | ||
| // need to cast down to access 'find' | ||
| const auto &expr_as_irep = static_cast<const irept &>(expr); |
There was a problem hiding this comment.
I don't think that's an improvement?
kroening
force-pushed
the
protected_exprt
branch
2 times, most recently
from
768c17e to
f9368aa
Compare
There was a problem hiding this comment.
🚫
This PR failed Diffblue compatibility checks (cbmc commit: 7b6444a).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/98484788
Status will be re-evaluated on next push.
Please contact @peterschrammel, @thk123, or @allredj for support.
Common spurious failures:
- the cbmc commit has disappeared in the mean time (e.g. in a force-push)
- the author is not in the list of contributors (e.g. first-time contributors).
The incompatibility may have been introduced by an earlier PR. In that case merging this
PR should be avoided unless it fixes the current incompatibility.
kroening
force-pushed
the
protected_exprt
branch
from
f9368aa to
d9ae0f7
Compare
There was a problem hiding this comment.
🚫
This PR failed Diffblue compatibility checks (cbmc commit: d9ae0f7).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/98523776
Status will be re-evaluated on next push.
Please contact @peterschrammel, @thk123, or @allredj for support.
Common spurious failures:
- the cbmc commit has disappeared in the mean time (e.g. in a force-push)
- the author is not in the list of contributors (e.g. first-time contributors).
The incompatibility may have been introduced by an earlier PR. In that case merging this
PR should be avoided unless it fixes the current incompatibility.
src/util/pointer_offset_size.cpp
Outdated
| const auto &expr_as_irep = static_cast<const irept &>(expr); | ||
|
|
||
| const typet &type = | ||
| static_cast<const typet &>(expr_as_irep.find(ID_C_c_sizeof_type)); |
There was a problem hiding this comment.
Is this still necessary, given .find is no longer protected?
src/util/std_expr.h
Outdated
| using exprt::op0; | ||
| using exprt::op1; | ||
| using exprt::op2; | ||
| using exprt::op3; |
There was a problem hiding this comment.
Should this really be done? A multi_ary_exprt can, but need not have this many operands? For an unidentified multi_ary_exprt the caller should always use .operands() and just operate on that data structure.
There was a problem hiding this comment.
replaced by ranged-checked opX().
src/util/expr.h
Outdated
| @@ -319,6 +319,29 @@ class exprt:public irept | |||
| const_unique_depth_iteratort unique_depth_cend() const; | |||
| }; | |||
|
|
|||
| /// Class for expressions that offers a restriction of the API | |||
| /// offered by exprt. Notably, access to non-type-safe methods such | |||
| /// as opX() is protected. | |||
There was a problem hiding this comment.
Does that mean that exprt subclasses that so far only have these as their API will get updated (e.g. classes like typecast_exprt that only have op0 rather than a named accessor?).
Also, if we're already going to do an API do-over, why make the "new" expr inherit from irept at all, rather than have an irep as a protected field or something?
kroening
force-pushed
the
protected_exprt
branch
from
d9ae0f7 to
e8a1037
Compare
src/util/expr.h
Outdated
| @@ -319,6 +319,40 @@ class exprt:public irept | |||
| const_unique_depth_iteratort unique_depth_cend() const; | |||
| }; | |||
|
|
|||
| /// Protected class for all expressions. | |||
There was a problem hiding this comment.
I'm a bit confused, an intermittent version had more elaborate documentation. Do a git reflog to look at those?
src/util/expr.h
Outdated
| DEPRECATED("use protected_exprt(id, type) instead") | ||
| explicit protected_exprt(const irep_idt &_id) : exprt(_id) | ||
| { | ||
| } |
This will enable protecting exprt::opX()
make_typecast isn't type safe; typecast_exprt::conditional_cast is.
kroening
force-pushed
the
protected_exprt
branch
from
e8a1037 to
431eb3e
Compare
exprt::make_typecast() isn't type safe
This prevents out-of-bound accesses to operands().
This will serve as the interface that we aspire exprt to offer; in particular, access to opX is protected.
|
Back again! |
kroening
force-pushed
the
protected_exprt
branch
from
431eb3e to
a48f855
Compare
| // make op0 and op1 public | ||
| using exprt::op0; | ||
| using exprt::op1; | ||
|
|
||
| const exprt &op2() const = delete; | ||
| exprt &op2() = delete; | ||
| const exprt &op3() const = delete; |
There was a problem hiding this comment.
Yes, there are still too many users -- but I'd say that it makes sense to work towards removing these two lines.
There was a problem hiding this comment.
(But at least it's not dangerous to use them).
There was a problem hiding this comment.
I don't understand - these are being deleted, even though protected_exprt makes them unavailable anyway.
There was a problem hiding this comment.
Ah, ok, the "this" was unclear.
The deletion of op2() and op3() is indeed no longer needed.
There was a problem hiding this comment.
🚫
This PR failed Diffblue compatibility checks (cbmc commit: a48f855).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/98702385
Status will be re-evaluated on next push.
Please contact @peterschrammel, @thk123, or @allredj for support.
Common spurious failures:
- the cbmc commit has disappeared in the mean time (e.g. in a force-push)
- the author is not in the list of contributors (e.g. first-time contributors).
The incompatibility may have been introduced by an earlier PR. In that case merging this
PR should be avoided unless it fixes the current incompatibility.
| @@ -319,6 +319,28 @@ class exprt:public irept | |||
| const_unique_depth_iteratort unique_depth_cend() const; | |||
| }; | |||
|
|
|||
| /// Base class for all expressions. This protects low-level methods in | |||
| /// exprt that are not type safe. Depcrecated constructors are removed. | |||
This will serve as the interface that we aspire exprt to offer; in
particular, access to opX is protected.