bool value_set_dereferencet::memory_model_conversion(
exprt &value,
const typet &to_type,
const guardt &guard,
const exprt &offset)
{
// only doing type conversion
// just do the typecast
value.make_typecast(to_type);
// also assert that offset is zero
if(options.get_bool_option("pointer-check"))
{
equal_exprt offset_not_zero(offset, from_integer(0, offset.type()));
offset_not_zero.make_not();
guardt tmp_guard(guard);
tmp_guard.add(offset_not_zero);
dereference_callback.dereference_failure(
"word bounds",
"offset not zero", tmp_guard);
}
return true;
}
void c_typecastt::do_typecast(exprt &expr, const typet &type)
{
// special case: array -> pointer is actually
// something like address_of
const typet &expr_type=ns.follow(expr.type());
if(expr_type.id()==ID_array)
{
index_exprt index;
index.array()=expr;
index.index()=gen_zero(index_type());
index.type()=expr_type.subtype();
expr=address_of_exprt(index);
if(ns.follow(expr.type())!=ns.follow(type))
expr.make_typecast(type);
return;
}
if(expr_type!=type)
{
// C booleans are special: we compile to ?0:1
if(type.get(ID_C_c_type)==ID_bool)
{
if(expr_type.id()==ID_bool) // bool -> _Bool
{
exprt result=if_exprt(expr, gen_one(type), gen_zero(type));
expr.swap(result);
}
else // * -> _Bool
{
equal_exprt equal_zero(expr, gen_zero(expr_type));
exprt result=if_exprt(equal_zero, gen_zero(type), gen_one(type));
expr.swap(result);
}
}
else
{
expr.make_typecast(type);
}
}
}
void c_typecastt::do_typecast(exprt &expr, const typet &dest_type)
{
// special case: array -> pointer is actually
// something like address_of
const typet &src_type=ns.follow(expr.type());
if(src_type.id()==ID_array)
{
index_exprt index;
index.array()=expr;
index.index()=gen_zero(index_type());
index.type()=src_type.subtype();
expr=address_of_exprt(index);
if(ns.follow(expr.type())!=ns.follow(dest_type))
expr.make_typecast(dest_type);
return;
}
if(src_type!=dest_type)
{
// C booleans are special; we produce the
// explicit comparision with zero.
// Note that this requires ieee_float_notequal
// in case of floating-point numbers.
if(dest_type.get(ID_C_c_type)==ID_bool)
{
expr=is_not_zero(expr, ns);
expr.make_typecast(dest_type);
}
else if(dest_type.id()==ID_bool)
{
expr=is_not_zero(expr, ns);
}
else
{
expr.make_typecast(dest_type);
}
}
}
void make_type(exprt &dest, const typet &type)
{
if(ns.follow(dest.type())!=ns.follow(type))
dest.make_typecast(type);
}
bool simplify_exprt::simplify_pointer_offset(exprt &expr)
{
if(expr.operands().size()!=1) return true;
exprt &ptr=expr.op0();
if(ptr.id()==ID_if && ptr.operands().size()==3)
{
if_exprt if_expr=lift_if(expr, 0);
simplify_pointer_offset(if_expr.true_case());
simplify_pointer_offset(if_expr.false_case());
simplify_if(if_expr);
expr.swap(if_expr);
return false;
}
if(ptr.type().id()!=ID_pointer) return true;
if(ptr.id()==ID_address_of)
{
if(ptr.operands().size()!=1) return true;
mp_integer offset=compute_pointer_offset(ptr.op0(), ns);
if(offset!=-1)
{
expr=from_integer(offset, expr.type());
return false;
}
}
else if(ptr.id()==ID_typecast) // pointer typecast
{
if(ptr.operands().size()!=1) return true;
const typet &op_type=ns.follow(ptr.op0().type());
if(op_type.id()==ID_pointer)
{
// Cast from pointer to pointer.
// This just passes through, remove typecast.
exprt tmp=ptr.op0();
ptr=tmp;
// recursive call
simplify_node(expr);
return false;
}
else if(op_type.id()==ID_signedbv ||
op_type.id()==ID_unsignedbv)
{
// Cast from integer to pointer, say (int *)x.
if(ptr.op0().is_constant())
{
// (T *)0x1234 -> 0x1234
exprt tmp=ptr.op0();
tmp.make_typecast(expr.type());
simplify_node(tmp);
expr.swap(tmp);
return false;
}
else
{
// We do a bit of special treatment for (TYPE *)(a+(int)&o),
// which is re-written to 'a'.
typet type=ns.follow(expr.type());
exprt tmp=ptr.op0();
if(tmp.id()==ID_plus && tmp.operands().size()==2)
{
if(tmp.op0().id()==ID_typecast &&
tmp.op0().operands().size()==1 &&
tmp.op0().op0().id()==ID_address_of)
{
expr=tmp.op1();
if(type!=expr.type())
expr.make_typecast(type);
simplify_node(expr);
return false;
}
else if(tmp.op1().id()==ID_typecast &&
tmp.op1().operands().size()==1 &&
tmp.op1().op0().id()==ID_address_of)
{
expr=tmp.op0();
if(type!=expr.type())
expr.make_typecast(type);
simplify_node(expr);
return false;
}
}
}
}
}
else if(ptr.id()==ID_plus) // pointer arithmetic
{
exprt::operandst ptr_expr;
exprt::operandst int_expr;
for(const auto & op : ptr.operands())
{
if(op.type().id()==ID_pointer)
ptr_expr.push_back(op);
else if(!op.is_zero())
{
exprt tmp=op;
if(tmp.type()!=expr.type())
{
tmp.make_typecast(expr.type());
simplify_node(tmp);
}
int_expr.push_back(tmp);
}
}
if(ptr_expr.size()!=1 || int_expr.empty())
return true;
typet pointer_type=ptr_expr.front().type();
mp_integer element_size=
pointer_offset_size(pointer_type.subtype(), ns);
if(element_size==0) return true;
// this might change the type of the pointer!
exprt pointer_offset(ID_pointer_offset, expr.type());
pointer_offset.copy_to_operands(ptr_expr.front());
simplify_node(pointer_offset);
exprt sum;
if(int_expr.size()==1)
sum=int_expr.front();
else
{
sum=exprt(ID_plus, expr.type());
sum.operands()=int_expr;
}
simplify_node(sum);
exprt size_expr=
from_integer(element_size, expr.type());
binary_exprt product(sum, ID_mult, size_expr, expr.type());
simplify_node(product);
expr=binary_exprt(pointer_offset, ID_plus, product, expr.type());
simplify_node(expr);
return false;
}
else if(ptr.id()==ID_constant &&
ptr.get(ID_value)==ID_NULL)
{
expr=gen_zero(expr.type());
simplify_node(expr);
return false;
}
return true;
}