Evaluate any non-trivial switch condition just once

[tautschnig]

goto-program conversion should not turn switch(E) { case 1:... case 2:
...} into if(E == 1 || E == 2 || ...) for a non-trivial expression E.
Instead, the value of E must be copied into a temporary to avoid
repeated evaluation of E. We would already do this when E had side
effects, but even side-effect-free expression could result in expensive
assertions being generated when those expressions themselves would
trigger them with goto_check.

This change reduces verification time of a proof of
s2n_stuffer_skip_whitespace from several minutes down to seconds.

• Each commit message has a non-empty body, explaining why the change was made.
• n/a Methods or procedures I have added are documented, following the guidelines provided in CODING_STANDARD.md.
• n/a The feature or user visible behaviour I have added or modified has been documented in the User Guide in doc/cprover-manual/
• Regression or unit tests are included, or existing tests cover the modified code (in this case I have detailed which ones those are in the commit message).
• My commit message includes data points confirming performance improvements (if claimed).
• My PR is restricted to a single feature or bugfix.
• n/a White-space or formatting changes outside the feature-related changed lines are in commits of their own.

[martin-cs]

Why does expression caching in the solver not catch this?

[codecov]

Codecov Report

Merging #6521 (52d7e3c) into develop (8834dc5) will increase coverage by 0.00%.
The diff coverage is 93.61%.

@@           Coverage Diff            @@
##           develop    #6521   +/-   ##
========================================
  Coverage    75.98%   75.98%           
========================================
  Files         1578     1578           
  Lines       180919   180938   +19     
========================================
+ Hits        137476   137494   +18     
- Misses       43443    43444    +1     

Impacted Files	Coverage Δ
src/analyses/goto_check_c.cpp	90.29% <92.30%> (-0.10%)	⬇️
src/goto-programs/goto_convert.cpp	92.03% <100.00%> (+0.07%)	⬆️
src/solvers/smt2/smt2_dec.cpp	76.52% <0.00%> (+0.86%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 47c1c7e...52d7e3c. Read the comment docs.

[tautschnig]

Why does expression caching in the solver not catch this?

If you're asking about the performance numbers I indicated: for the regression test included in this PR, goto_check_ct will find an expression along the lines of IF (*p == 1 || *p == 2 || *p == 3) ... and will build a chain of assertions along the lines of:

ASSERT p is not NULL
ASSERT *p != 1 ==> p is not NULL
ASSERT *p != 1 && *p != 2 ==> p is not NULL

and similarly for the various other pointer checks. Various sub-expressions will be cached, but those assertions overall have expressions never seen before.