Back-end support for {r,w,rw}_ok and pointer_in_range

tautschnig · tautschnig · commit a13bee2683b2 · 2022-12-09T15:59:17.000Z
There is no longer a need to rewrite these early on during program
instrumentation. Instead, let the back-end handle them. For now, they
are just handled by lowering the expressions (in the SAT and SMT
back-end; there is no current support in the incremental SMT back-end
just yet). We may, in future, decide to have back-end specific (and
possibly more efficient) handling of these.
diff --git a/regression/cbmc-primitives/r_w_ok_inconsistent_invalid/test-no-cp.desc b/regression/cbmc-primitives/r_w_ok_inconsistent_invalid/test-no-cp.desc
@@ -1,4 +1,4 @@
-CORE new-smt-backend
+CORE
 main.c
 --pointer-check --no-simplify --no-propagation
 ^EXIT=0$
diff --git a/regression/cbmc-primitives/r_w_ok_inconsistent_invalid/test.desc b/regression/cbmc-primitives/r_w_ok_inconsistent_invalid/test.desc
@@ -1,4 +1,4 @@
-CORE new-smt-backend
+CORE
 main.c
 --pointer-check
 ^EXIT=0$
diff --git a/regression/cbmc-primitives/r_w_ok_null/test-no-cp.desc b/regression/cbmc-primitives/r_w_ok_null/test-no-cp.desc
@@ -1,4 +1,4 @@
-CORE new-smt-backend
+CORE
 main.c
 --pointer-check --no-simplify --no-propagation
 ^EXIT=0$
diff --git a/regression/cbmc-primitives/r_w_ok_valid/test-no-cp.desc b/regression/cbmc-primitives/r_w_ok_valid/test-no-cp.desc
@@ -1,4 +1,4 @@
-CORE new-smt-backend
+CORE
 main.c
 --pointer-check --no-simplify --no-propagation
 ^EXIT=0$
diff --git a/src/solvers/flattening/bv_pointers.cpp b/src/solvers/flattening/bv_pointers.cpp
@@ -18,6 +18,7 @@ Author: Daniel Kroening, kroening@kroening.com
 #include <util/pointer_expr.h>
 #include <util/pointer_offset_size.h>
 #include <util/pointer_predicates.h>
+#include <util/simplify_expr.h>
 
 /// Map bytes according to the configured endianness. The key difference to
 /// endianness_mapt is that bv_endianness_mapt is aware of the bit-level
@@ -203,6 +204,10 @@ literalt bv_pointerst::convert_rest(const exprt &expr)
           bv_utilst::representationt::SIGNED));
     }
   }
+  else if(expr.id() == ID_r_ok || expr.id() == ID_w_ok || expr.id() == ID_rw_ok)
+    return convert(simplify_expr(to_r_or_w_ok_expr(expr).lower(ns), ns));
+  else if(expr.id() == ID_pointer_in_range)
+    return convert(simplify_expr(to_pointer_in_range_expr(expr).lower(ns), ns));
 
   return SUB::convert_rest(expr);
 }
diff --git a/src/solvers/smt2/smt2_conv.cpp b/src/solvers/smt2/smt2_conv.cpp
@@ -5030,6 +5030,28 @@ exprt smt2_convt::prepare_for_convert_expr(const exprt &expr)
     !has_byte_operator(lowered_expr),
     "lower_byte_operators should remove all byte operators");
 
+  // Perform rewrites that may introduce new symbols
+  for(auto it = lowered_expr.depth_begin(), itend = lowered_expr.depth_end();
+      it != itend;) // no ++it
+  {
+    if(auto r_or_w_ok = expr_try_dynamic_cast<r_or_w_ok_exprt>(*it))
+    {
+      exprt lowered = simplify_expr(r_or_w_ok->lower(ns), ns);
+      it.mutate() = lowered;
+      it.next_sibling_or_parent();
+    }
+    else if(
+      auto pointer_in_range =
+        expr_try_dynamic_cast<pointer_in_range_exprt>(*it))
+    {
+      exprt lowered = simplify_expr(pointer_in_range->lower(ns), ns);
+      it.mutate() = lowered;
+      it.next_sibling_or_parent();
+    }
+    else
+      ++it;
+  }
+
   // Now create symbols for all composite expressions present in lowered_expr:
   find_symbols(lowered_expr);
 
diff --git a/src/solvers/smt2_incremental/convert_expr_to_smt.cpp b/src/solvers/smt2_incremental/convert_expr_to_smt.cpp
@@ -1466,6 +1466,24 @@ static smt_termt convert_expr_to_smt(
     count_trailing_zeros.pretty());
 }
 
+static smt_termt convert_expr_to_smt(
+  const r_or_w_ok_exprt &r_or_w_ok,
+  const sub_expression_mapt &converted)
+{
+  UNIMPLEMENTED_FEATURE(
+    "Generation of SMT formula for r/w/rw ok expression: " +
+    r_or_w_ok.pretty());
+}
+
+static smt_termt convert_expr_to_smt(
+  const pointer_in_range_exprt &pointer_in_range,
+  const sub_expression_mapt &converted)
+{
+  UNIMPLEMENTED_FEATURE(
+    "Generation of SMT formula for pointer-in-range expression: " +
+    pointer_in_range.pretty());
+}
+
 static smt_termt dispatch_expr_to_smt_conversion(
   const exprt &expr,
   const sub_expression_mapt &converted,
@@ -1801,6 +1819,16 @@ static smt_termt dispatch_expr_to_smt_conversion(
   {
     return convert_expr_to_smt(*count_trailing_zeros, converted);
   }
+  if(const auto r_or_w_ok = expr_try_dynamic_cast<r_or_w_ok_exprt>(expr))
+  {
+    return convert_expr_to_smt(*r_or_w_ok, converted);
+  }
+  if(
+    const auto pointer_in_range =
+      expr_try_dynamic_cast<pointer_in_range_exprt>(expr))
+  {
+    return convert_expr_to_smt(*pointer_in_range, converted);
+  }
 
   UNIMPLEMENTED_FEATURE(
     "Generation of SMT formula for unknown kind of expression: " +

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-CORE new-smt-backend`
	`1`	`+CORE`
`2`	`2`	`main.c`
`3`	`3`	`--pointer-check --no-simplify --no-propagation`
`4`	`4`	`^EXIT=0$`
Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,7 @@ Author: Daniel Kroening, [email protected]`
`18`	`18`	`#include <util/pointer_expr.h>`
`19`	`19`	`#include <util/pointer_offset_size.h>`
`20`	`20`	`#include <util/pointer_predicates.h>`
	`21`	`+#include <util/simplify_expr.h>`
`21`	`22`
`22`	`23`	`/// Map bytes according to the configured endianness. The key difference to`
`23`	`24`	`/// endianness_mapt is that bv_endianness_mapt is aware of the bit-level`
`@@ -203,6 +204,10 @@ literalt bv_pointerst::convert_rest(const exprt &expr)`
`203`	`204`	`bv_utilst::representationt::SIGNED));`
`204`	`205`	`}`
`205`	`206`	`}`
	`207`	`+ else if(expr.id() == ID_r_ok \|\| expr.id() == ID_w_ok \|\| expr.id() == ID_rw_ok)`
	`208`	`+ return convert(simplify_expr(to_r_or_w_ok_expr(expr).lower(ns), ns));`
	`209`	`+ else if(expr.id() == ID_pointer_in_range)`
	`210`	`+ return convert(simplify_expr(to_pointer_in_range_expr(expr).lower(ns), ns));`
`206`	`211`
`207`	`212`	`return SUB::convert_rest(expr);`
`208`	`213`	`}`