Fix cbmc crash on pointer checks of void pointer dereferences

[danpoe]

• Each commit message has a non-empty body, explaining why the change was made.
• n/a Methods or procedures I have added are documented, following the guidelines provided in CODING_STANDARD.md.
• n/a The feature or user visible behaviour I have added or modified has been documented in the User Guide in doc/cprover-manual/
• Regression or unit tests are included, or existing tests cover the modified code (in this case I have detailed which ones those are in the commit message).
• n/a My commit message includes data points confirming performance improvements (if claimed).
• My PR is restricted to a single feature or bugfix.
• n/a White-space or formatting changes outside the feature-related changed lines are in commits of their own.

[codecov]

Codecov Report

Merging #5427 into develop will decrease coverage by 1.88%.
The diff coverage is 100.00%.

@@             Coverage Diff             @@
##           develop    #5427      +/-   ##
===========================================
- Coverage    68.21%   66.32%   -1.89%     
===========================================
  Files         1178     1171       -7     
  Lines        97542    96461    -1081     
===========================================
- Hits         66537    63980    -2557     
- Misses       31005    32481    +1476     

Flag	Coverage Δ
#cproversmt2	42.76% <100.00%> (+<0.01%)	⬆️
#regression	65.38% <100.00%> (+<0.01%)	⬆️
#unit	?

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
src/analyses/goto_check.cpp	81.65% <100.00%> (+0.07%)	⬆️
src/util/freer.h	0.00% <0.00%> (-100.00%)	⬇️
src/solvers/bdd/bdd_miniBDD.h	0.00% <0.00%> (-100.00%)	⬇️
src/solvers/bdd/miniBDD/miniBDD.h	0.00% <0.00%> (-100.00%)	⬇️
src/solvers/bdd/miniBDD/miniBDD.inc	0.00% <0.00%> (-100.00%)	⬇️
src/goto-programs/restrict_function_pointers.h	0.00% <0.00%> (-100.00%)	⬇️
src/solvers/prop/bdd_expr.cpp	0.00% <0.00%> (-91.79%)	⬇️
src/util/invariant.h	3.12% <0.00%> (-74.02%)	⬇️
src/util/invariant.cpp	0.00% <0.00%> (-73.69%)	⬇️
src/solvers/floatbv/float_approximation.cpp	0.00% <0.00%> (-73.08%)	⬇️
... and 144 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 069db73...b8f6483. Read the comment docs.

[hannes-steffenhagen-diffblue]

Should we change size_of_expr to return 1 here instead?

[danpoe]

Not sure. There are quite a number of uses in the codebase that check that the return value of size_of_expr() is not empty, and if it is throw an exception or have some other handling. Probably we should review those at some point, though that's out of scope of this PR.

[peterschrammel]

Is the purpose of this to create an address check that fails?

[danpoe]

No the address check should succeed. Basically *p with p being a pointer to void is valid as long as p points to valid memory, though then using the value would be undefined behavior.

[peterschrammel]

Please explain the magic 1 in a comment.

[peterschrammel]

• verification failed?

[danpoe]

Not necessary I think as EXIT=10 already indicates that cbmc exited without error and verification failed.

[peterschrammel]

Is the purpose of this to create an address check that fails?

[peterschrammel]

Please explain the magic 1 in a comment.