Disambiguates two exprts with the same ID.

klaas · Owen · commit fc6120c8f4b1 · 2019-04-02T21:59:53.000+01:00
This commit resolves an issue where ID_dynamic_object was used to
label two semantically distinct exprts.

One, with a single operand, was a boolean expression meaning that
the operand is a pointer to a dynamic object. This has been renamed
to ID_is_dynamic_object.

The second, with two operands, is an exprt representing a dynamic
object itself. This has stayed ID_dynamic_object.

Disambiguating which meaning was intended in each case was relatively
easy, as uses of these exprts frequently come with assertions
about the number of operands, and so this was used to inform which
instances of ID_dynamic_object should be changed and which should
be left the same.
diff --git a/regression/goto-instrument/slice19/test.desc b/regression/goto-instrument/slice19/test.desc
@@ -1,4 +1,4 @@
-KNOWNBUG
+CORE
 main.c
 --full-slice
 ^EXIT=0$
diff --git a/src/ansi-c/c_typecheck_expr.cpp b/src/ansi-c/c_typecheck_expr.cpp
@@ -2165,11 +2165,10 @@ exprt c_typecheck_baset::do_special_functions(
       throw 0;
     }
 
-    exprt dynamic_object_expr=exprt(ID_dynamic_object, expr.type());
-    dynamic_object_expr.operands()=expr.arguments();
-    dynamic_object_expr.add_source_location()=source_location;
+    exprt is_dynamic_object_expr = is_dynamic_object_exprt(expr.arguments()[0]);
+    is_dynamic_object_expr.add_source_location() = source_location;
 
-    return dynamic_object_expr;
+    return is_dynamic_object_expr;
   }
   else if(identifier==CPROVER_PREFIX "POINTER_OFFSET")
   {
diff --git a/src/ansi-c/expr2c.cpp b/src/ansi-c/expr2c.cpp
@@ -3486,8 +3486,8 @@ std::string expr2ct::convert_with_precedence(
     return convert_function(
       src, CPROVER_PREFIX "invalid_pointer", precedence = 16);
 
-  else if(src.id()==ID_dynamic_object)
-    return convert_function(src, "DYNAMIC_OBJECT", precedence=16);
+  else if(src.id() == ID_is_dynamic_object)
+    return convert_function(src, "IS_DYNAMIC_OBJECT", precedence = 16);
 
   else if(src.id()=="is_zero_string")
     return convert_function(src, "IS_ZERO_STRING", precedence=16);
diff --git a/src/solvers/flattening/bv_pointers.cpp b/src/solvers/flattening/bv_pointers.cpp
@@ -45,7 +45,7 @@ literalt bv_pointerst::convert_rest(const exprt &expr)
       }
     }
   }
-  else if(expr.id()==ID_dynamic_object)
+  else if(expr.id() == ID_is_dynamic_object)
   {
     if(operands.size()==1 &&
        operands[0].type().id()==ID_pointer)
@@ -728,7 +728,7 @@ void bv_pointerst::add_addr(const exprt &expr, bvt &bv)
 void bv_pointerst::do_postponed(
   const postponedt &postponed)
 {
-  if(postponed.expr.id() == ID_dynamic_object)
+  if(postponed.expr.id() == ID_is_dynamic_object)
   {
     const pointer_logict::objectst &objects=
       pointer_logic.objects;
diff --git a/src/solvers/smt2/smt2_conv.cpp b/src/solvers/smt2/smt2_conv.cpp
@@ -1316,7 +1316,7 @@ void smt2_convt::convert_expr(const exprt &expr)
     if(ext>0)
       out << ")"; // zero_extend
   }
-  else if(expr.id() == ID_dynamic_object)
+  else if(expr.id() == ID_is_dynamic_object)
   {
     convert_is_dynamic_object(expr);
   }
diff --git a/src/util/irep_ids.def b/src/util/irep_ids.def
@@ -446,6 +446,7 @@ IREP_ID_TWO(overflow_minus, overflow--)
 IREP_ID_TWO(overflow_mult, overflow-*)
 IREP_ID_TWO(overflow_unary_minus, overflow-unary-)
 IREP_ID_ONE(object_descriptor)
+IREP_ID_ONE(is_dynamic_object)
 IREP_ID_ONE(dynamic_object)
 IREP_ID_TWO(C_dynamic, #dynamic)
 IREP_ID_ONE(object_size)
diff --git a/src/util/pointer_predicates.cpp b/src/util/pointer_predicates.cpp
@@ -70,7 +70,7 @@ exprt dynamic_size(const namespacet &ns)
 
 exprt dynamic_object(const exprt &pointer)
 {
-  exprt dynamic_expr(ID_dynamic_object, bool_typet());
+  exprt dynamic_expr(ID_is_dynamic_object, bool_typet());
   dynamic_expr.copy_to_operands(pointer);
   return dynamic_expr;
 }
diff --git a/src/util/simplify_expr.cpp b/src/util/simplify_expr.cpp
@@ -2403,9 +2403,9 @@ bool simplify_exprt::simplify_node(exprt &expr)
     result=simplify_byte_extract(to_byte_extract_expr(expr)) && result;
   else if(expr.id()==ID_pointer_object)
     result=simplify_pointer_object(expr) && result;
-  else if(expr.id() == ID_dynamic_object)
+  else if(expr.id() == ID_is_dynamic_object)
   {
-    result = simplify_dynamic_object(expr) && result;
+    result = simplify_is_dynamic_object(expr) && result;
   }
   else if(expr.id()==ID_invalid_pointer)
     result=simplify_invalid_pointer(expr) && result;
diff --git a/src/util/simplify_expr_class.h b/src/util/simplify_expr_class.h
@@ -96,7 +96,7 @@ class simplify_exprt
   bool simplify_pointer_object(exprt &expr);
   bool simplify_object_size(exprt &expr);
   bool simplify_dynamic_size(exprt &expr);
-  bool simplify_dynamic_object(exprt &expr);
+  bool simplify_is_dynamic_object(exprt &expr);
   bool simplify_invalid_pointer(exprt &expr);
   bool simplify_same_object(exprt &expr);
   bool simplify_good_pointer(exprt &expr);
diff --git a/src/util/simplify_expr_int.cpp b/src/util/simplify_expr_int.cpp
@@ -1686,7 +1686,7 @@ bool simplify_exprt::simplify_inequality_constant(exprt &expr)
       {
         if(
           expr.op0().op0().id() == ID_symbol ||
-          expr.op0().op0().id() == ID_dynamic_object ||
+          expr.op0().op0().id() == ID_is_dynamic_object ||
           expr.op0().op0().id() == ID_member ||
           expr.op0().op0().id() == ID_index ||
           expr.op0().op0().id() == ID_string_constant)
@@ -1701,11 +1701,12 @@ bool simplify_exprt::simplify_inequality_constant(exprt &expr)
               expr.op0().op0().id()==ID_address_of &&
               expr.op0().op0().operands().size()==1)
       {
-        if(expr.op0().op0().op0().id()==ID_symbol ||
-           expr.op0().op0().op0().id()==ID_dynamic_object ||
-           expr.op0().op0().op0().id()==ID_member ||
-           expr.op0().op0().op0().id()==ID_index ||
-           expr.op0().op0().op0().id()==ID_string_constant)
+        if(
+          expr.op0().op0().op0().id() == ID_symbol ||
+          expr.op0().op0().op0().id() == ID_is_dynamic_object ||
+          expr.op0().op0().op0().id() == ID_member ||
+          expr.op0().op0().op0().id() == ID_index ||
+          expr.op0().op0().op0().id() == ID_string_constant)
         {
           expr=false_exprt();
           return false;
diff --git a/src/util/simplify_expr_pointer.cpp b/src/util/simplify_expr_pointer.cpp
@@ -468,7 +468,7 @@ bool simplify_exprt::simplify_inequality_pointer_object(exprt &expr)
     {
       if(
         op.operands().size() != 1 ||
-        (op.op0().id() != ID_symbol && op.op0().id() != ID_dynamic_object &&
+        (op.op0().id() != ID_symbol && op.op0().id() != ID_is_dynamic_object &&
          op.op0().id() != ID_string_constant))
       {
         return true;
@@ -515,18 +515,18 @@ bool simplify_exprt::simplify_pointer_object(exprt &expr)
   return result;
 }
 
-bool simplify_exprt::simplify_dynamic_object(exprt &expr)
+bool simplify_exprt::simplify_is_dynamic_object(exprt &expr)
 {
-  if(expr.operands().size()!=1)
-    return true;
+  // This should hold as a result of the expr ID being is_dynamic_object.
+  PRECONDITION(expr.operands().size() == 1);
 
   exprt &op=expr.op0();
 
   if(op.id()==ID_if && op.operands().size()==3)
   {
     if_exprt if_expr=lift_if(expr, 0);
-    simplify_dynamic_object(if_expr.true_case());
-    simplify_dynamic_object(if_expr.false_case());
+    simplify_is_dynamic_object(if_expr.true_case());
+    simplify_is_dynamic_object(if_expr.false_case());
     simplify_if(if_expr);
     expr.swap(if_expr);
 
diff --git a/src/util/std_expr.h b/src/util/std_expr.h
@@ -2103,6 +2103,38 @@ inline dynamic_object_exprt &to_dynamic_object_expr(exprt &expr)
   return ret;
 }
 
+/// Evaluates to true if the operand is a pointer to a dynamic object.
+class is_dynamic_object_exprt : public unary_predicate_exprt
+{
+public:
+  is_dynamic_object_exprt() : unary_predicate_exprt(ID_is_dynamic_object)
+  {
+  }
+
+  explicit is_dynamic_object_exprt(const exprt &op)
+    : unary_predicate_exprt(ID_is_dynamic_object, op)
+  {
+  }
+};
+
+inline const is_dynamic_object_exprt &
+to_is_dynamic_object_expr(const exprt &expr)
+{
+  PRECONDITION(expr.id() == ID_is_dynamic_object);
+  DATA_INVARIANT(
+    expr.operands().size() == 1, "is_dynamic_object must have one operand");
+  return static_cast<const is_dynamic_object_exprt &>(expr);
+}
+
+/// \copydoc to_is_dynamic_object_expr(const exprt &)
+/// \ingroup gr_std_expr
+inline is_dynamic_object_exprt &to_is_dynamic_object_expr(exprt &expr)
+{
+  PRECONDITION(expr.id() == ID_is_dynamic_object);
+  DATA_INVARIANT(
+    expr.operands().size() == 1, "is_dynamic_object must have one operand");
+  return static_cast<is_dynamic_object_exprt &>(expr);
+}
 
 /// \brief Semantic type conversion
 class typecast_exprt:public unary_exprt

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-KNOWNBUG`
	`1`	`+CORE`
`2`	`2`	`main.c`
`3`	`3`	`--full-slice`
`4`	`4`	`^EXIT=0$`
Original file line number	Diff line number	Diff line change
`@@ -2165,11 +2165,10 @@ exprt c_typecheck_baset::do_special_functions(`
`2165`	`2165`	`throw 0;`
`2166`	`2166`	`}`
`2167`	`2167`
`2168`		`- exprt dynamic_object_expr=exprt(ID_dynamic_object, expr.type());`
`2169`		`- dynamic_object_expr.operands()=expr.arguments();`
`2170`		`- dynamic_object_expr.add_source_location()=source_location;`
	`2168`	`+ exprt is_dynamic_object_expr = is_dynamic_object_exprt(expr.arguments()[0]);`
	`2169`	`+ is_dynamic_object_expr.add_source_location() = source_location;`
`2171`	`2170`
`2172`		`- return dynamic_object_expr;`
	`2171`	`+ return is_dynamic_object_expr;`
`2173`	`2172`	`}`
`2174`	`2173`	`else if(identifier==CPROVER_PREFIX "POINTER_OFFSET")`
`2175`	`2174`	`{`
Original file line number	Diff line number	Diff line change
`@@ -45,7 +45,7 @@ literalt bv_pointerst::convert_rest(const exprt &expr)`
`45`	`45`	`}`
`46`	`46`	`}`
`47`	`47`	`}`
`48`		`- else if(expr.id()==ID_dynamic_object)`
	`48`	`+ else if(expr.id() == ID_is_dynamic_object)`
`49`	`49`	`{`
`50`	`50`	`if(operands.size()==1 &&`
`51`	`51`	`operands[0].type().id()==ID_pointer)`
`@@ -728,7 +728,7 @@ void bv_pointerst::add_addr(const exprt &expr, bvt &bv)`
`728`	`728`	`void bv_pointerst::do_postponed(`
`729`	`729`	`const postponedt &postponed)`
`730`	`730`	`{`
`731`		`- if(postponed.expr.id() == ID_dynamic_object)`
	`731`	`+ if(postponed.expr.id() == ID_is_dynamic_object)`
`732`	`732`	`{`
`733`	`733`	`const pointer_logict::objectst &objects=`
`734`	`734`	`pointer_logic.objects;`
Original file line number	Diff line number	Diff line change
`@@ -1316,7 +1316,7 @@ void smt2_convt::convert_expr(const exprt &expr)`
`1316`	`1316`	`if(ext>0)`
`1317`	`1317`	`out << ")"; // zero_extend`
`1318`	`1318`	`}`
`1319`		`- else if(expr.id() == ID_dynamic_object)`
	`1319`	`+ else if(expr.id() == ID_is_dynamic_object)`
`1320`	`1320`	`{`
`1321`	`1321`	`convert_is_dynamic_object(expr);`
`1322`	`1322`	`}`
Original file line number	Diff line number	Diff line change
`@@ -70,7 +70,7 @@ exprt dynamic_size(const namespacet &ns)`
`70`	`70`
`71`	`71`	`exprt dynamic_object(const exprt &pointer)`
`72`	`72`	`{`
`73`		`- exprt dynamic_expr(ID_dynamic_object, bool_typet());`
	`73`	`+ exprt dynamic_expr(ID_is_dynamic_object, bool_typet());`
`74`	`74`	`dynamic_expr.copy_to_operands(pointer);`
`75`	`75`	`return dynamic_expr;`
`76`	`76`	`}`
Original file line number	Diff line number	Diff line change
`@@ -2403,9 +2403,9 @@ bool simplify_exprt::simplify_node(exprt &expr)`
`2403`	`2403`	`result=simplify_byte_extract(to_byte_extract_expr(expr)) && result;`
`2404`	`2404`	`else if(expr.id()==ID_pointer_object)`
`2405`	`2405`	`result=simplify_pointer_object(expr) && result;`
`2406`		`- else if(expr.id() == ID_dynamic_object)`
	`2406`	`+ else if(expr.id() == ID_is_dynamic_object)`
`2407`	`2407`	`{`
`2408`		`- result = simplify_dynamic_object(expr) && result;`
	`2408`	`+ result = simplify_is_dynamic_object(expr) && result;`
`2409`	`2409`	`}`
`2410`	`2410`	`else if(expr.id()==ID_invalid_pointer)`
`2411`	`2411`	`result=simplify_invalid_pointer(expr) && result;`