exprt path_symex_statet::read(const exprt &src, bool propagate)
{
#ifdef DEBUG
//std::cout << "path_symex_statet::read " << src.pretty() << std::endl;
#endif
// This has four phases!
// 1. Floating-point expression adjustment (rounding mode)
// 2. Dereferencing, including propagation of pointers.
// 3. Rewriting to SSA symbols
// 4. Simplifier
exprt tmp1=src;
adjust_float_expressions(tmp1, var_map.ns);
// we force propagation for dereferencing
exprt tmp2=dereference_rec(tmp1, true);
exprt tmp3=instantiate_rec(tmp2, propagate);
exprt tmp4=simplify_expr(tmp3, var_map.ns);
#ifdef DEBUG
//std::cout << " ==> " << tmp.pretty() << std::endl;
#endif
return tmp4;
}
exprt path_symex_statet::read(const exprt &src, bool propagate)
{
#ifdef DEBUG
// std::cout << "path_symex_statet::read " << src.pretty() << '\n';
#endif
// This has three phases!
// 1. Dereferencing, including propagation of pointers.
// 2. Rewriting to SSA symbols
// 3. Simplifier
// we force propagation for dereferencing
exprt tmp3=dereference_rec(src, true);
exprt tmp4=instantiate_rec(tmp3, propagate);
exprt tmp5=simplify_expr(tmp4, var_map.ns);
#ifdef DEBUG
// std::cout << " ==> " << tmp.pretty() << '\n';
#endif
return tmp5;
}
exprt path_symex_statet::instantiate_rec(
const exprt &src,
bool propagate)
{
#ifdef DEBUG
std::cout << "instantiate_rec: "
<< from_expr(var_map.ns, "", src) << '\n';
#endif
// check whether this is a symbol(.member|[index])*
if(is_symbol_member_index(src))
{
exprt tmp_symbol_member_index=
read_symbol_member_index(src, propagate);
assert(tmp_symbol_member_index.is_not_nil());
return tmp_symbol_member_index; // yes!
}
if(src.id()==ID_address_of)
{
assert(src.operands().size()==1);
exprt tmp=src;
tmp.op0()=instantiate_rec_address(tmp.op0(), propagate);
return tmp;
}
else if(src.id()==ID_side_effect)
{
// could be done separately
const irep_idt &statement=to_side_effect_expr(src).get_statement();
if(statement==ID_nondet)
{
irep_idt id="symex::nondet"+std::to_string(var_map.nondet_count);
var_map.nondet_count++;
return symbol_exprt(id, src.type());
}
else
throw "instantiate_rec: unexpected side effect "+id2string(statement);
}
else if(src.id()==ID_dereference)
{
// dereferencet has run already, so we should only be left with
// integer addresses. Will transform into __CPROVER_memory[]
// eventually.
}
else if(src.id()==ID_member)
{
const typet &compound_type=
var_map.ns.follow(to_member_expr(src).struct_op().type());
if(compound_type.id()==ID_struct)
{
// do nothing
}
else if(compound_type.id()==ID_union)
{
// should already have been rewritten to byte_extract
throw "unexpected union member";
}
else
{
throw "member expects struct or union type"+src.pretty();
}
}
else if(src.id()==ID_byte_extract_little_endian ||
src.id()==ID_byte_extract_big_endian)
{
}
else if(src.id()==ID_symbol)
{
// must be SSA already, or code
assert(src.type().id()==ID_code ||
src.get_bool(ID_C_SSA_symbol));
}
if(!src.has_operands())
return src;
exprt src2=src;
// recursive calls on structure of 'src'
Forall_operands(it, src2)
{
exprt tmp_op=instantiate_rec(*it, propagate);
*it=tmp_op;
}
exprt path_symex_statet::instantiate_rec(
const exprt &src,
bool propagate)
{
#ifdef DEBUG
std::cout << "instantiate_rec: "
<< from_expr(var_map.ns, "", src) << std::endl;
#endif
const typet &src_type=var_map.ns.follow(src.type());
if(src_type.id()==ID_struct) // src is a struct
{
const struct_typet &struct_type=to_struct_type(src_type);
const struct_typet::componentst &components=struct_type.components();
struct_exprt result(src.type());
result.operands().resize(components.size());
// split it up into components
for(unsigned i=0; i<components.size(); i++)
{
const typet &subtype=components[i].type();
const irep_idt &component_name=components[i].get_name();
exprt new_src;
if(src.id()==ID_struct) // struct constructor?
{
assert(src.operands().size()==components.size());
new_src=src.operands()[i];
}
else
new_src=member_exprt(src, component_name, subtype);
// recursive call
result.operands()[i]=instantiate_rec(new_src, propagate);
}
return result; // done
}
else if(src_type.id()==ID_array) // src is an array
{
const array_typet &array_type=to_array_type(src_type);
const typet &subtype=array_type.subtype();
if(array_type.size().is_constant())
{
mp_integer size;
if(to_integer(array_type.size(), size))
throw "failed to convert array size";
unsigned long long size_int=integer2unsigned(size);
array_exprt result(array_type);
result.operands().resize(size_int);
// split it up into elements
for(unsigned long long i=0; i<size_int; ++i)
{
exprt index=from_integer(i, array_type.size().type());
exprt new_src=index_exprt(src, index, subtype);
// array constructor?
if(src.id()==ID_array)
new_src=simplify_expr(new_src, var_map.ns);
// recursive call
result.operands()[i]=instantiate_rec(new_src, propagate);
}
return result; // done
}
else
{
// TODO
}
}
else if(src_type.id()==ID_vector) // src is a vector
{
const vector_typet &vector_type=to_vector_type(src_type);
const typet &subtype=vector_type.subtype();
if(!vector_type.size().is_constant())
throw "vector with non-constant size";
mp_integer size;
if(to_integer(vector_type.size(), size))
throw "failed to convert vector size";
unsigned long long int size_int=integer2unsigned(size);
vector_exprt result(vector_type);
exprt::operandst &operands=result.operands();
operands.resize(size_int);
// split it up into elements
for(unsigned long long i=0; i<size_int; ++i)
{
exprt index=from_integer(i, vector_type.size().type());
exprt new_src=index_exprt(src, index, subtype);
// vector constructor?
if(src.id()==ID_vector)
new_src=simplify_expr(new_src, var_map.ns);
// recursive call
operands[i]=instantiate_rec(new_src, propagate);
}
return result; // done
}
// check whether this is a symbol(.member|[index])*
{
exprt tmp_symbol_member_index=
read_symbol_member_index(src, propagate);
if(tmp_symbol_member_index.is_not_nil())
return tmp_symbol_member_index; // yes!
}
if(src.id()==ID_address_of)
{
assert(src.operands().size()==1);
exprt tmp=src;
tmp.op0()=instantiate_rec_address(tmp.op0(), propagate);
return tmp;
}
else if(src.id()==ID_sideeffect)
{
// could be done separately
const irep_idt &statement=to_side_effect_expr(src).get_statement();
if(statement==ID_nondet)
{
irep_idt id="symex::nondet"+i2string(var_map.nondet_count);
var_map.nondet_count++;
return symbol_exprt(id, src.type());
}
else
throw "instantiate_rec: unexpected side effect "+id2string(statement);
}
else if(src.id()==ID_dereference)
{
// dereferencet has run already, so we should only be left with
// integer addresses. Will transform into __CPROVER_memory[]
// eventually.
}
else if(src.id()==ID_index)
{
// avoids indefinite recursion above
return src;
}
else if(src.id()==ID_member)
{
const typet &compound_type=
var_map.ns.follow(to_member_expr(src).struct_op().type());
if(compound_type.id()==ID_struct)
{
// avoids indefinite recursion above
return src;
}
else if(compound_type.id()==ID_union)
{
member_exprt tmp=to_member_expr(src);
tmp.struct_op()=instantiate_rec(tmp.struct_op(), propagate);
return tmp;
}
else
{
throw "member expects struct or union type"+src.pretty();
}
}
if(!src.has_operands())
return src;
exprt src2=src;
// recursive calls on structure of 'src'
Forall_operands(it, src2)
{
exprt tmp_op=instantiate_rec(*it, propagate);
*it=tmp_op;
}