CBMC
convert_expr_to_smt.cpp
Go to the documentation of this file.
1 // Author: Diffblue Ltd.
2 #include <util/arith_tools.h>
3 #include <util/bitvector_expr.h>
4 #include <util/byte_operators.h>
5 #include <util/c_types.h>
6 #include <util/config.h>
7 #include <util/expr.h>
8 #include <util/expr_cast.h>
9 #include <util/floatbv_expr.h>
10 #include <util/mathematical_expr.h>
11 #include <util/pointer_expr.h>
12 #include <util/pointer_predicates.h>
13 #include <util/range.h>
14 #include <util/std_expr.h>
15 #include <util/string_constant.h>
16 
17 #include <solvers/prop/literal_expr.h>
18 #include <solvers/smt2_incremental/convert_expr_to_smt.h>
19 #include <solvers/smt2_incremental/theories/smt_array_theory.h>
20 #include <solvers/smt2_incremental/theories/smt_bit_vector_theory.h>
21 #include <solvers/smt2_incremental/theories/smt_core_theory.h>
22 
23 #include <algorithm>
24 #include <functional>
25 #include <numeric>
26 #include <stack>
27 
37 using sub_expression_mapt = std::unordered_map<exprt, smt_termt, irep_hash>;
38 
51 template <typename factoryt>
52 static smt_termt convert_multiary_operator_to_terms(
53  const multi_ary_exprt &expr,
54  const sub_expression_mapt &converted,
55  const factoryt &factory)
56 {
57  PRECONDITION(expr.operands().size() >= 2);
58  const auto operand_terms =
59  make_range(expr.operands()).map([&](const exprt &expr) {
60  return converted.at(expr);
61  });
62  return std::accumulate(
63  ++operand_terms.begin(),
64  operand_terms.end(),
65  *operand_terms.begin(),
66  factory);
67 }
68 
73 template <typename target_typet>
74 static bool operands_are_of_type(const exprt &expr)
75 {
76  return std::all_of(
77  expr.operands().cbegin(), expr.operands().cend(), [](const exprt &operand) {
78  return can_cast_type<target_typet>(operand.type());
79  });
80 }
81 
82 static smt_sortt convert_type_to_smt_sort(const bool_typet &type)
83 {
84  return smt_bool_sortt{};
85 }
86 
87 static smt_sortt convert_type_to_smt_sort(const bitvector_typet &type)
88 {
89  return smt_bit_vector_sortt{type.get_width()};
90 }
91 
92 static smt_sortt convert_type_to_smt_sort(const array_typet &type)
93 {
94  return smt_array_sortt{
95  convert_type_to_smt_sort(type.index_type()),
96  convert_type_to_smt_sort(type.element_type())};
97 }
98 
99 smt_sortt convert_type_to_smt_sort(const typet &type)
100 {
101  if(const auto bool_type = type_try_dynamic_cast<bool_typet>(type))
102  {
103  return convert_type_to_smt_sort(*bool_type);
104  }
105  if(const auto bitvector_type = type_try_dynamic_cast<bitvector_typet>(type))
106  {
107  return convert_type_to_smt_sort(*bitvector_type);
108  }
109  if(const auto array_type = type_try_dynamic_cast<array_typet>(type))
110  {
111  return convert_type_to_smt_sort(*array_type);
112  }
113  UNIMPLEMENTED_FEATURE("Generation of SMT formula for type: " + type.pretty());
114 }
115 
116 static smt_termt convert_expr_to_smt(const symbol_exprt &symbol_expr)
117 {
118  return smt_identifier_termt{symbol_expr.get_identifier(),
119  convert_type_to_smt_sort(symbol_expr.type())};
120 }
121 
122 static smt_termt convert_expr_to_smt(
123  const nondet_symbol_exprt &nondet_symbol,
124  const sub_expression_mapt &converted)
125 {
126  // A nondet_symbol is a reference to an unconstrained function. This function
127  // will already have been added as a dependency.
128  return smt_identifier_termt{
129  nondet_symbol.get_identifier(),
130  convert_type_to_smt_sort(nondet_symbol.type())};
131 }
132 
134 static smt_termt make_not_zero(const smt_termt &input, const typet &source_type)
135 {
136  if(input.get_sort().cast<smt_bool_sortt>())
137  return input;
138  if(const auto bit_vector_sort = input.get_sort().cast<smt_bit_vector_sortt>())
139  {
140  return smt_core_theoryt::distinct(
141  input, smt_bit_vector_constant_termt{0, *bit_vector_sort});
142  }
143  UNREACHABLE;
144 }
145 
147 static smt_termt convert_c_bool_cast(
148  const smt_termt &from_term,
149  const typet &from_type,
150  const bitvector_typet &to_type)
151 {
152  const std::size_t c_bool_width = to_type.get_width();
153  return smt_core_theoryt::if_then_else(
154  make_not_zero(from_term, from_type),
155  smt_bit_vector_constant_termt{1, c_bool_width},
156  smt_bit_vector_constant_termt{0, c_bool_width});
157 }
158 
159 static std::function<std::function<smt_termt(smt_termt)>(std::size_t)>
160 extension_for_type(const typet &type)
161 {
162  if(can_cast_type<signedbv_typet>(type))
163  return smt_bit_vector_theoryt::sign_extend;
164  if(can_cast_type<unsignedbv_typet>(type))
165  return smt_bit_vector_theoryt::zero_extend;
166  if(can_cast_type<bv_typet>(type))
167  return smt_bit_vector_theoryt::zero_extend;
168  if(can_cast_type<pointer_typet>(type))
169  return smt_bit_vector_theoryt::zero_extend;
170  UNREACHABLE;
171 }
172 
173 static smt_termt make_bitvector_resize_cast(
174  const smt_termt &from_term,
175  const bitvector_typet &from_type,
176  const bitvector_typet &to_type)
177 {
178  if(const auto to_fixedbv_type = type_try_dynamic_cast<fixedbv_typet>(to_type))
179  {
180  UNIMPLEMENTED_FEATURE(
181  "Generation of SMT formula for type cast to fixed-point bitvector "
182  "type: " +
183  to_type.pretty());
184  }
185  if(const auto to_floatbv_type = type_try_dynamic_cast<floatbv_typet>(to_type))
186  {
187  UNIMPLEMENTED_FEATURE(
188  "Generation of SMT formula for type cast to floating-point bitvector "
189  "type: " +
190  to_type.pretty());
191  }
192  const std::size_t from_width = from_type.get_width();
193  const std::size_t to_width = to_type.get_width();
194  if(to_width == from_width)
195  return from_term;
196  if(to_width < from_width)
197  return smt_bit_vector_theoryt::extract(to_width - 1, 0)(from_term);
198  const std::size_t extension_size = to_width - from_width;
199  return extension_for_type(from_type)(extension_size)(from_term);
200 }
201 
202 struct sort_based_cast_to_bit_vector_convertert final
203  : public smt_sort_const_downcast_visitort
204 {
205  const smt_termt &from_term;
206  const typet &from_type;
207  const bitvector_typet &to_type;
208  std::optional<smt_termt> result;
209 
210  sort_based_cast_to_bit_vector_convertert(
211  const smt_termt &from_term,
212  const typet &from_type,
213  const bitvector_typet &to_type)
214  : from_term{from_term}, from_type{from_type}, to_type{to_type}
215  {
216  }
217 
218  void visit(const smt_bool_sortt &) override
219  {
220  result = convert_c_bool_cast(
221  from_term, from_type, c_bool_typet{to_type.get_width()});
222  }
223 
224  void visit(const smt_bit_vector_sortt &) override
225  {
226  if(const auto bitvector = type_try_dynamic_cast<bitvector_typet>(from_type))
227  result = make_bitvector_resize_cast(from_term, *bitvector, to_type);
228  else
229  UNIMPLEMENTED_FEATURE(
230  "Generation of SMT formula for type cast to bit vector from type: " +
231  from_type.pretty());
232  }
233 
234  void visit(const smt_array_sortt &) override
235  {
236  UNIMPLEMENTED_FEATURE(
237  "Generation of SMT formula for type cast to bit vector from type: " +
238  from_type.pretty());
239  }
240 };
241 
242 static smt_termt convert_bit_vector_cast(
243  const smt_termt &from_term,
244  const typet &from_type,
245  const bitvector_typet &to_type)
246 {
247  sort_based_cast_to_bit_vector_convertert converter{
248  from_term, from_type, to_type};
249  from_term.get_sort().accept(converter);
250  POSTCONDITION(converter.result);
251  return *converter.result;
252 }
253 
254 static smt_termt convert_expr_to_smt(
255  const typecast_exprt &cast,
256  const sub_expression_mapt &converted)
257 {
258  const auto &from_term = converted.at(cast.op());
259  const typet &from_type = cast.op().type();
260  const typet &to_type = cast.type();
261  if(const auto bool_type = type_try_dynamic_cast<bool_typet>(to_type))
262  return make_not_zero(from_term, cast.op().type());
263  if(const auto c_bool_type = type_try_dynamic_cast<c_bool_typet>(to_type))
264  return convert_c_bool_cast(from_term, from_type, *c_bool_type);
265  if(const auto bit_vector = type_try_dynamic_cast<bitvector_typet>(to_type))
266  return convert_bit_vector_cast(from_term, from_type, *bit_vector);
267  UNIMPLEMENTED_FEATURE(
268  "Generation of SMT formula for type cast expression: " + cast.pretty());
269 }
270 
271 static smt_termt convert_expr_to_smt(
272  const floatbv_typecast_exprt &float_cast,
273  const sub_expression_mapt &converted)
274 {
275  UNIMPLEMENTED_FEATURE(
276  "Generation of SMT formula for floating point type cast expression: " +
277  float_cast.pretty());
278 }
279 
280 static smt_termt convert_expr_to_smt(
281  const struct_exprt &struct_construction,
282  const sub_expression_mapt &converted)
283 {
284  UNIMPLEMENTED_FEATURE(
285  "Generation of SMT formula for struct construction expression: " +
286  struct_construction.pretty());
287 }
288 
289 static smt_termt convert_expr_to_smt(
290  const union_exprt &union_construction,
291  const sub_expression_mapt &converted)
292 {
293  UNIMPLEMENTED_FEATURE(
294  "Generation of SMT formula for union construction expression: " +
295  union_construction.pretty());
296 }
297 
298 struct sort_based_literal_convertert : public smt_sort_const_downcast_visitort
299 {
300  const constant_exprt &member_input;
301  std::optional<smt_termt> result;
302 
303  explicit sort_based_literal_convertert(const constant_exprt &input)
304  : member_input{input}
305  {
306  }
307 
308  void visit(const smt_bool_sortt &) override
309  {
310  result = smt_bool_literal_termt{member_input.is_true()};
311  }
312 
313  void visit(const smt_bit_vector_sortt &bit_vector_sort) override
314  {
315  const auto &width = bit_vector_sort.bit_width();
316  // We get the value using a non-signed interpretation, as smt bit vector
317  // terms do not carry signedness.
318  const auto value = bvrep2integer(member_input.get_value(), width, false);
319  result = smt_bit_vector_constant_termt{value, bit_vector_sort};
320  }
321 
322  void visit(const smt_array_sortt &array_sort) override
323  {
324  UNIMPLEMENTED_FEATURE(
325  "Conversion of array SMT literal " + array_sort.pretty());
326  }
327 };
328 
329 static smt_termt convert_expr_to_smt(const constant_exprt &constant_literal)
330 {
331  if(constant_literal.is_null_pointer())
332  {
333  const size_t bit_width =
334  type_checked_cast<pointer_typet>(constant_literal.type()).get_width();
335  // An address of 0 encodes an object identifier of 0 for the NULL object
336  // and an offset of 0 into the object.
337  const auto address = 0;
338  return smt_bit_vector_constant_termt{address, bit_width};
339  }
340  if(constant_literal.type() == integer_typet{})
341  {
342  // This is converting integer constants into bit vectors for use with
343  // bit vector based smt logics. As bit vector widths are not specified for
344  // non bit vector types, this chooses a width based on the minimum needed
345  // to hold the integer constant value.
346  const auto value = numeric_cast_v<mp_integer>(constant_literal);
347  return smt_bit_vector_constant_termt{value, address_bits(value + 1)};
348  }
349  const auto sort = convert_type_to_smt_sort(constant_literal.type());
350  sort_based_literal_convertert converter(constant_literal);
351  sort.accept(converter);
352  return *converter.result;
353 }
354 
355 static smt_termt convert_expr_to_smt(
356  const concatenation_exprt &concatenation,
357  const sub_expression_mapt &converted)
358 {
359  if(operands_are_of_type<bitvector_typet>(concatenation))
360  {
361  return convert_multiary_operator_to_terms(
362  concatenation, converted, smt_bit_vector_theoryt::concat);
363  }
364  UNIMPLEMENTED_FEATURE(
365  "Generation of SMT formula for concatenation expression: " +
366  concatenation.pretty());
367 }
368 
369 static smt_termt convert_expr_to_smt(
370  const bitand_exprt &bitwise_and_expr,
371  const sub_expression_mapt &converted)
372 {
373  if(operands_are_of_type<bitvector_typet>(bitwise_and_expr))
374  {
375  return convert_multiary_operator_to_terms(
376  bitwise_and_expr, converted, smt_bit_vector_theoryt::make_and);
377  }
378  else
379  {
380  UNIMPLEMENTED_FEATURE(
381  "Generation of SMT formula for bitwise and expression: " +
382  bitwise_and_expr.pretty());
383  }
384 }
385 
386 static smt_termt convert_expr_to_smt(
387  const bitor_exprt &bitwise_or_expr,
388  const sub_expression_mapt &converted)
389 {
390  if(operands_are_of_type<bitvector_typet>(bitwise_or_expr))
391  {
392  return convert_multiary_operator_to_terms(
393  bitwise_or_expr, converted, smt_bit_vector_theoryt::make_or);
394  }
395  else
396  {
397  UNIMPLEMENTED_FEATURE(
398  "Generation of SMT formula for bitwise or expression: " +
399  bitwise_or_expr.pretty());
400  }
401 }
402 
403 static smt_termt convert_expr_to_smt(
404  const bitxor_exprt &bitwise_xor,
405  const sub_expression_mapt &converted)
406 {
407  if(operands_are_of_type<bitvector_typet>(bitwise_xor))
408  {
409  return convert_multiary_operator_to_terms(
410  bitwise_xor, converted, smt_bit_vector_theoryt::make_xor);
411  }
412  else
413  {
414  UNIMPLEMENTED_FEATURE(
415  "Generation of SMT formula for bitwise xor expression: " +
416  bitwise_xor.pretty());
417  }
418 }
419 
420 static smt_termt convert_expr_to_smt(
421  const bitnot_exprt &bitwise_not,
422  const sub_expression_mapt &converted)
423 {
424  if(can_cast_type<bitvector_typet>(bitwise_not.op().type()))
425  {
426  return smt_bit_vector_theoryt::make_not(converted.at(bitwise_not.op()));
427  }
428  else
429  {
430  UNIMPLEMENTED_FEATURE(
431  "Generation of SMT formula for bitnot_exprt: " + bitwise_not.pretty());
432  }
433 }
434 
435 static smt_termt convert_expr_to_smt(
436  const unary_minus_exprt &unary_minus,
437  const sub_expression_mapt &converted)
438 {
439  if(can_cast_type<integer_bitvector_typet>(unary_minus.op().type()))
440  {
441  return smt_bit_vector_theoryt::negate(converted.at(unary_minus.op()));
442  }
443  else
444  {
445  UNIMPLEMENTED_FEATURE(
446  "Generation of SMT formula for unary minus expression: " +
447  unary_minus.pretty());
448  }
449 }
450 
451 static smt_termt convert_expr_to_smt(
452  const unary_plus_exprt &unary_plus,
453  const sub_expression_mapt &converted)
454 {
455  UNIMPLEMENTED_FEATURE(
456  "Generation of SMT formula for unary plus expression: " +
457  unary_plus.pretty());
458 }
459 
460 static smt_termt convert_expr_to_smt(
461  const sign_exprt &is_negative,
462  const sub_expression_mapt &converted)
463 {
464  UNIMPLEMENTED_FEATURE(
465  "Generation of SMT formula for \"is negative\" expression: " +
466  is_negative.pretty());
467 }
468 
469 static smt_termt convert_expr_to_smt(
470  const if_exprt &if_expression,
471  const sub_expression_mapt &converted)
472 {
473  return smt_core_theoryt::if_then_else(
474  converted.at(if_expression.cond()),
475  converted.at(if_expression.true_case()),
476  converted.at(if_expression.false_case()));
477 }
478 
479 static smt_termt convert_expr_to_smt(
480  const and_exprt &and_expression,
481  const sub_expression_mapt &converted)
482 {
483  return convert_multiary_operator_to_terms(
484  and_expression, converted, smt_core_theoryt::make_and);
485 }
486 
487 static smt_termt convert_expr_to_smt(
488  const or_exprt &or_expression,
489  const sub_expression_mapt &converted)
490 {
491  return convert_multiary_operator_to_terms(
492  or_expression, converted, smt_core_theoryt::make_or);
493 }
494 
495 static smt_termt convert_expr_to_smt(
496  const xor_exprt &xor_expression,
497  const sub_expression_mapt &converted)
498 {
499  return convert_multiary_operator_to_terms(
500  xor_expression, converted, smt_core_theoryt::make_xor);
501 }
502 
503 static smt_termt convert_expr_to_smt(
504  const implies_exprt &implies,
505  const sub_expression_mapt &converted)
506 {
507  return smt_core_theoryt::implies(
508  converted.at(implies.op0()), converted.at(implies.op1()));
509 }
510 
511 static smt_termt convert_expr_to_smt(
512  const not_exprt &logical_not,
513  const sub_expression_mapt &converted)
514 {
515  return smt_core_theoryt::make_not(converted.at(logical_not.op()));
516 }
517 
518 static smt_termt convert_expr_to_smt(
519  const equal_exprt &equal,
520  const sub_expression_mapt &converted)
521 {
522  return smt_core_theoryt::equal(
523  converted.at(equal.op0()), converted.at(equal.op1()));
524 }
525 
526 static smt_termt convert_expr_to_smt(
527  const notequal_exprt &not_equal,
528  const sub_expression_mapt &converted)
529 {
530  return smt_core_theoryt::distinct(
531  converted.at(not_equal.op0()), converted.at(not_equal.op1()));
532 }
533 
534 static smt_termt convert_expr_to_smt(
535  const ieee_float_equal_exprt &float_equal,
536  const sub_expression_mapt &converted)
537 {
538  UNIMPLEMENTED_FEATURE(
539  "Generation of SMT formula for floating point equality expression: " +
540  float_equal.pretty());
541 }
542 
543 static smt_termt convert_expr_to_smt(
544  const ieee_float_notequal_exprt &float_not_equal,
545  const sub_expression_mapt &converted)
546 {
547  UNIMPLEMENTED_FEATURE(
548  "Generation of SMT formula for floating point not equal expression: " +
549  float_not_equal.pretty());
550 }
551 
552 template <typename unsigned_factory_typet, typename signed_factory_typet>
553 static smt_termt convert_relational_to_smt(
554  const binary_relation_exprt &binary_relation,
555  const unsigned_factory_typet &unsigned_factory,
556  const signed_factory_typet &signed_factory,
557  const sub_expression_mapt &converted)
558 {
559  PRECONDITION(binary_relation.lhs().type() == binary_relation.rhs().type());
560  const auto &lhs = converted.at(binary_relation.lhs());
561  const auto &rhs = converted.at(binary_relation.rhs());
562  const typet operand_type = binary_relation.lhs().type();
563  if(can_cast_type<pointer_typet>(operand_type))
564  {
565  // The code here is operating under the assumption that the comparison
566  // operands have types for which the comparison makes sense.
567 
568  // We already know this is the case given that we have followed
569  // the if statement branch, but including the same check here
570  // for consistency (it's cheap).
571  const auto lhs_type_is_pointer =
572  can_cast_type<pointer_typet>(binary_relation.lhs().type());
573  const auto rhs_type_is_pointer =
574  can_cast_type<pointer_typet>(binary_relation.rhs().type());
575  INVARIANT(
576  lhs_type_is_pointer && rhs_type_is_pointer,
577  "pointer comparison requires that both operand types are pointers.");
578  return unsigned_factory(lhs, rhs);
579  }
580  else if(lhs.get_sort().cast<smt_bit_vector_sortt>())
581  {
582  if(can_cast_type<unsignedbv_typet>(operand_type))
583  return unsigned_factory(lhs, rhs);
584  if(can_cast_type<signedbv_typet>(operand_type))
585  return signed_factory(lhs, rhs);
586  }
587 
588  UNIMPLEMENTED_FEATURE(
589  "Generation of SMT formula for relational expression: " +
590  binary_relation.pretty());
591 }
592 
593 static std::optional<smt_termt> try_relational_conversion(
594  const exprt &expr,
595  const sub_expression_mapt &converted)
596 {
597  if(const auto greater_than = expr_try_dynamic_cast<greater_than_exprt>(expr))
598  {
599  return convert_relational_to_smt(
600  *greater_than,
601  smt_bit_vector_theoryt::unsigned_greater_than,
602  smt_bit_vector_theoryt::signed_greater_than,
603  converted);
604  }
605  if(
606  const auto greater_than_or_equal =
607  expr_try_dynamic_cast<greater_than_or_equal_exprt>(expr))
608  {
609  return convert_relational_to_smt(
610  *greater_than_or_equal,
611  smt_bit_vector_theoryt::unsigned_greater_than_or_equal,
612  smt_bit_vector_theoryt::signed_greater_than_or_equal,
613  converted);
614  }
615  if(const auto less_than = expr_try_dynamic_cast<less_than_exprt>(expr))
616  {
617  return convert_relational_to_smt(
618  *less_than,
619  smt_bit_vector_theoryt::unsigned_less_than,
620  smt_bit_vector_theoryt::signed_less_than,
621  converted);
622  }
623  if(
624  const auto less_than_or_equal =
625  expr_try_dynamic_cast<less_than_or_equal_exprt>(expr))
626  {
627  return convert_relational_to_smt(
628  *less_than_or_equal,
629  smt_bit_vector_theoryt::unsigned_less_than_or_equal,
630  smt_bit_vector_theoryt::signed_less_than_or_equal,
631  converted);
632  }
633  return {};
634 }
635 
636 static smt_termt convert_expr_to_smt(
637  const plus_exprt &plus,
638  const sub_expression_mapt &converted,
639  const type_size_mapt &pointer_sizes)
640 {
641  if(std::all_of(
642  plus.operands().cbegin(), plus.operands().cend(), [](exprt operand) {
643  return can_cast_type<integer_bitvector_typet>(operand.type());
644  }))
645  {
646  return convert_multiary_operator_to_terms(
647  plus, converted, smt_bit_vector_theoryt::add);
648  }
649  else if(can_cast_type<pointer_typet>(plus.type()))
650  {
651  INVARIANT(
652  plus.operands().size() == 2,
653  "We are only handling a binary version of plus when it has a pointer "
654  "operand");
655 
656  exprt pointer;
657  exprt scalar;
658  for(auto &operand : plus.operands())
659  {
660  if(can_cast_type<pointer_typet>(operand.type()))
661  {
662  pointer = operand;
663  }
664  else
665  {
666  scalar = operand;
667  }
668  }
669 
670  // We need to ensure that we follow this code path only if the expression
671  // our assumptions about the structure of the addition expression hold.
672  INVARIANT(
673  !can_cast_type<pointer_typet>(scalar.type()),
674  "An addition expression with both operands being pointers when they are "
675  "not dereferenced is malformed");
676 
677  const pointer_typet pointer_type =
678  *type_try_dynamic_cast<pointer_typet>(pointer.type());
679  const auto base_type = pointer_type.base_type();
680  const auto pointer_size = pointer_sizes.at(base_type);
681 
682  return smt_bit_vector_theoryt::add(
683  converted.at(pointer),
684  smt_bit_vector_theoryt::multiply(converted.at(scalar), pointer_size));
685  }
686  else
687  {
688  UNIMPLEMENTED_FEATURE(
689  "Generation of SMT formula for plus expression: " + plus.pretty());
690  }
691 }
692 
693 static smt_termt convert_expr_to_smt(
694  const minus_exprt &minus,
695  const sub_expression_mapt &converted,
696  const type_size_mapt &pointer_sizes)
697 {
698  const bool both_operands_bitvector =
699  can_cast_type<integer_bitvector_typet>(minus.lhs().type()) &&
700  can_cast_type<integer_bitvector_typet>(minus.rhs().type());
701 
702  const bool lhs_is_pointer = can_cast_type<pointer_typet>(minus.lhs().type());
703  const bool rhs_is_pointer = can_cast_type<pointer_typet>(minus.rhs().type());
704 
705  const bool both_operands_pointers = lhs_is_pointer && rhs_is_pointer;
706 
707  // We don't really handle this - we just compute this to fall
708  // into an if-else branch that gives proper error handling information.
709  const bool one_operand_pointer = lhs_is_pointer || rhs_is_pointer;
710 
711  if(both_operands_bitvector)
712  {
713  return smt_bit_vector_theoryt::subtract(
714  converted.at(minus.lhs()), converted.at(minus.rhs()));
715  }
716  else if(both_operands_pointers)
717  {
718  const auto lhs_base_type = to_pointer_type(minus.lhs().type()).base_type();
719  const auto rhs_base_type = to_pointer_type(minus.rhs().type()).base_type();
720  INVARIANT(
721  lhs_base_type == rhs_base_type,
722  "only pointers of the same object type can be subtracted.");
723  return smt_bit_vector_theoryt::signed_divide(
724  smt_bit_vector_theoryt::subtract(
725  converted.at(minus.lhs()), converted.at(minus.rhs())),
726  pointer_sizes.at(lhs_base_type));
727  }
728  else if(one_operand_pointer)
729  {
730  // It's semantically void to have an expression `3 - a` where `a`
731  // is a pointer.
732  INVARIANT(
733  lhs_is_pointer,
734  "minus expressions of pointer and integer expect lhs to be the pointer");
735  const auto lhs_base_type = to_pointer_type(minus.lhs().type()).base_type();
736 
737  return smt_bit_vector_theoryt::subtract(
738  converted.at(minus.lhs()),
739  smt_bit_vector_theoryt::multiply(
740  converted.at(minus.rhs()), pointer_sizes.at(lhs_base_type)));
741  }
742  else
743  {
744  UNIMPLEMENTED_FEATURE(
745  "Generation of SMT formula for minus expression: " + minus.pretty());
746  }
747 }
748 
749 static smt_termt convert_expr_to_smt(
750  const div_exprt &divide,
751  const sub_expression_mapt &converted)
752 {
753  const smt_termt &lhs = converted.at(divide.lhs());
754  const smt_termt &rhs = converted.at(divide.rhs());
755 
756  const bool both_operands_bitvector =
757  can_cast_type<integer_bitvector_typet>(divide.lhs().type()) &&
758  can_cast_type<integer_bitvector_typet>(divide.rhs().type());
759 
760  const bool both_operands_unsigned =
761  can_cast_type<unsignedbv_typet>(divide.lhs().type()) &&
762  can_cast_type<unsignedbv_typet>(divide.rhs().type());
763 
764  if(both_operands_bitvector)
765  {
766  if(both_operands_unsigned)
767  {
768  return smt_bit_vector_theoryt::unsigned_divide(lhs, rhs);
769  }
770  else
771  {
772  return smt_bit_vector_theoryt::signed_divide(lhs, rhs);
773  }
774  }
775  else
776  {
777  UNIMPLEMENTED_FEATURE(
778  "Generation of SMT formula for divide expression: " + divide.pretty());
779  }
780 }
781 
782 static smt_termt convert_expr_to_smt(
783  const ieee_float_op_exprt &float_operation,
784  const sub_expression_mapt &converted)
785 {
786  // This case includes the floating point plus, minus, division and
787  // multiplication operations.
788  UNIMPLEMENTED_FEATURE(
789  "Generation of SMT formula for floating point operation expression: " +
790  float_operation.pretty());
791 }
792 
793 static smt_termt convert_expr_to_smt(
794  const mod_exprt &truncation_modulo,
795  const sub_expression_mapt &converted)
796 {
797  const smt_termt &lhs = converted.at(truncation_modulo.lhs());
798  const smt_termt &rhs = converted.at(truncation_modulo.rhs());
799 
800  const bool both_operands_bitvector =
801  can_cast_type<integer_bitvector_typet>(truncation_modulo.lhs().type()) &&
802  can_cast_type<integer_bitvector_typet>(truncation_modulo.rhs().type());
803 
804  const bool both_operands_unsigned =
805  can_cast_type<unsignedbv_typet>(truncation_modulo.lhs().type()) &&
806  can_cast_type<unsignedbv_typet>(truncation_modulo.rhs().type());
807 
808  if(both_operands_bitvector)
809  {
810  if(both_operands_unsigned)
811  {
812  return smt_bit_vector_theoryt::unsigned_remainder(lhs, rhs);
813  }
814  else
815  {
816  return smt_bit_vector_theoryt::signed_remainder(lhs, rhs);
817  }
818  }
819  else
820  {
821  UNIMPLEMENTED_FEATURE(
822  "Generation of SMT formula for remainder (modulus) expression: " +
823  truncation_modulo.pretty());
824  }
825 }
826 
827 static smt_termt convert_expr_to_smt(
828  const euclidean_mod_exprt &euclidean_modulo,
829  const sub_expression_mapt &converted)
830 {
831  UNIMPLEMENTED_FEATURE(
832  "Generation of SMT formula for euclidean modulo expression: " +
833  euclidean_modulo.pretty());
834 }
835 
836 static smt_termt convert_expr_to_smt(
837  const mult_exprt &multiply,
838  const sub_expression_mapt &converted)
839 {
840  if(std::all_of(
841  multiply.operands().cbegin(),
842  multiply.operands().cend(),
843  [](exprt operand) {
844  return can_cast_type<integer_bitvector_typet>(operand.type());
845  }))
846  {
847  return convert_multiary_operator_to_terms(
848  multiply, converted, smt_bit_vector_theoryt::multiply);
849  }
850  else
851  {
852  UNIMPLEMENTED_FEATURE(
853  "Generation of SMT formula for multiply expression: " +
854  multiply.pretty());
855  }
856 }
857 
865 static smt_termt convert_expr_to_smt(
866  const address_of_exprt &address_of,
867  const sub_expression_mapt &converted,
868  const smt_object_mapt &object_map)
869 {
870  const auto type = type_try_dynamic_cast<pointer_typet>(address_of.type());
871  INVARIANT(
872  type, "Result of the address_of operator should have pointer type.");
873  const auto base = find_object_base_expression(address_of);
874  const auto object = object_map.find(base);
875  INVARIANT(
876  object != object_map.end(),
877  "Objects should be tracked before converting their address to SMT terms");
878  const std::size_t object_id = object->second.unique_id;
879  const std::size_t object_bits = config.bv_encoding.object_bits;
880  const std::size_t max_objects = std::size_t(1) << object_bits;
881  if(object_id >= max_objects)
882  {
883  throw analysis_exceptiont{
884  "too many addressed objects: maximum number of objects is set to 2^n=" +
885  std::to_string(max_objects) + " (with n=" + std::to_string(object_bits) +
886  "); " +
887  "use the `--object-bits n` option to increase the maximum number"};
888  }
889  const smt_termt object_bit_vector =
890  smt_bit_vector_constant_termt{object_id, object_bits};
891  INVARIANT(
892  type->get_width() > object_bits,
893  "Pointer should be wider than object_bits in order to allow for offset "
894  "encoding.");
895  const size_t offset_bits = type->get_width() - object_bits;
896  if(
897  const auto symbol =
898  expr_try_dynamic_cast<symbol_exprt>(address_of.object()))
899  {
900  const smt_bit_vector_constant_termt offset{0, offset_bits};
901  return smt_bit_vector_theoryt::concat(object_bit_vector, offset);
902  }
903  UNIMPLEMENTED_FEATURE(
904  "Generation of SMT formula for address of expression: " +
905  address_of.pretty());
906 }
907 
908 static smt_termt convert_expr_to_smt(
909  const array_of_exprt &array_of,
910  const sub_expression_mapt &converted)
911 {
912  // This function is unreachable as the `array_of_exprt` nodes are already
913  // fully converted by the incremental decision procedure functions
914  // (smt2_incremental_decision_proceduret::define_array_function).
915  UNHANDLED_CASE;
916 }
917 
918 static smt_termt convert_expr_to_smt(
919  const array_comprehension_exprt &array_comprehension,
920  const sub_expression_mapt &converted)
921 {
922  UNIMPLEMENTED_FEATURE(
923  "Generation of SMT formula for array comprehension expression: " +
924  array_comprehension.pretty());
925 }
926 
927 static smt_termt convert_expr_to_smt(
928  const index_exprt &index_of,
929  const sub_expression_mapt &converted)
930 {
931  const smt_termt &array = converted.at(index_of.array());
932  const smt_termt &index = converted.at(index_of.index());
933  return smt_array_theoryt::select(array, index);
934 }
935 
936 template <typename factoryt, typename shiftt>
937 static smt_termt convert_to_smt_shift(
938  const factoryt &factory,
939  const shiftt &shift,
940  const sub_expression_mapt &converted)
941 {
942  const smt_termt &first_operand = converted.at(shift.op0());
943  const smt_termt &second_operand = converted.at(shift.op1());
944  const auto first_bit_vector_sort =
945  first_operand.get_sort().cast<smt_bit_vector_sortt>();
946  const auto second_bit_vector_sort =
947  second_operand.get_sort().cast<smt_bit_vector_sortt>();
948  INVARIANT(
949  first_bit_vector_sort && second_bit_vector_sort,
950  "Shift expressions are expected to have bit vector operands.");
951  INVARIANT(
952  shift.type() == shift.op0().type(),
953  "Shift expression type must be equals to first operand type.");
954  const std::size_t first_width = first_bit_vector_sort->bit_width();
955  const std::size_t second_width = second_bit_vector_sort->bit_width();
956  if(first_width > second_width)
957  {
958  return factory(
959  first_operand,
960  extension_for_type(shift.op1().type())(first_width - second_width)(
961  second_operand));
962  }
963  else if(first_width < second_width)
964  {
965  const auto result = factory(
966  extension_for_type(shift.op0().type())(second_width - first_width)(
967  first_operand),
968  second_operand);
969  return smt_bit_vector_theoryt::extract(first_width - 1, 0)(result);
970  }
971  else
972  {
973  return factory(first_operand, second_operand);
974  }
975 }
976 
977 static smt_termt convert_expr_to_smt(
978  const shift_exprt &shift,
979  const sub_expression_mapt &converted)
980 {
981  // TODO: Dispatch for rotation expressions. A `shift_exprt` can be a rotation.
982  if(const auto left_shift = expr_try_dynamic_cast<shl_exprt>(shift))
983  {
984  return convert_to_smt_shift(
985  smt_bit_vector_theoryt::shift_left, *left_shift, converted);
986  }
987  if(const auto right_logical_shift = expr_try_dynamic_cast<lshr_exprt>(shift))
988  {
989  return convert_to_smt_shift(
990  smt_bit_vector_theoryt::logical_shift_right,
991  *right_logical_shift,
992  converted);
993  }
994  if(const auto right_arith_shift = expr_try_dynamic_cast<ashr_exprt>(shift))
995  {
996  return convert_to_smt_shift(
997  smt_bit_vector_theoryt::arithmetic_shift_right,
998  *right_arith_shift,
999  converted);
1000  }
1001  UNIMPLEMENTED_FEATURE(
1002  "Generation of SMT formula for shift expression: " + shift.pretty());
1003 }
1004 
1005 static smt_termt convert_array_update_to_smt(
1006  const with_exprt &with,
1007  const sub_expression_mapt &converted)
1008 {
1009  smt_termt array = converted.at(with.old());
1010  for(auto it = ++with.operands().begin(); it != with.operands().end(); it += 2)
1011  {
1012  const smt_termt &index_term = converted.at(it[0]);
1013  const smt_termt &value_term = converted.at(it[1]);
1014  array = smt_array_theoryt::store(array, index_term, value_term);
1015  }
1016  return array;
1017 }
1018 
1019 static smt_termt convert_expr_to_smt(
1020  const with_exprt &with,
1021  const sub_expression_mapt &converted)
1022 {
1023  if(can_cast_type<array_typet>(with.type()))
1024  return convert_array_update_to_smt(with, converted);
1025  // 'with' expression is also used to update struct fields, but for now we do
1026  // not support them, so we fail.
1027  UNIMPLEMENTED_FEATURE(
1028  "Generation of SMT formula for with expression: " + with.pretty());
1029 }
1030 
1031 static smt_termt convert_expr_to_smt(
1032  const update_exprt &update,
1033  const sub_expression_mapt &converted)
1034 {
1035  UNIMPLEMENTED_FEATURE(
1036  "Generation of SMT formula for update expression: " + update.pretty());
1037 }
1038 
1039 static smt_termt convert_expr_to_smt(
1040  const member_exprt &member_extraction,
1041  const sub_expression_mapt &converted)
1042 {
1043  UNIMPLEMENTED_FEATURE(
1044  "Generation of SMT formula for member extraction expression: " +
1045  member_extraction.pretty());
1046 }
1047 
1048 static smt_termt convert_expr_to_smt(
1049  const is_dynamic_object_exprt &is_dynamic_object,
1050  const sub_expression_mapt &converted,
1051  const smt_is_dynamic_objectt::make_applicationt &apply_is_dynamic_object)
1052 {
1053  const smt_termt &pointer = converted.at(is_dynamic_object.address());
1054  const auto pointer_sort = pointer.get_sort().cast<smt_bit_vector_sortt>();
1055  INVARIANT(
1056  pointer_sort, "Pointers should be encoded as bit vector sorted terms.");
1057  const std::size_t pointer_width = pointer_sort->bit_width();
1058  return apply_is_dynamic_object(
1059  std::vector<smt_termt>{smt_bit_vector_theoryt::extract(
1060  pointer_width - 1,
1061  pointer_width - config.bv_encoding.object_bits)(pointer)});
1062 }
1063 
1064 static smt_termt convert_expr_to_smt(
1065  const is_invalid_pointer_exprt &is_invalid_pointer,
1066  const smt_object_mapt &object_map,
1067  const sub_expression_mapt &converted)
1068 {
1069  const exprt &pointer_expr(to_unary_expr(is_invalid_pointer).op());
1070  const bitvector_typet *pointer_type =
1071  type_try_dynamic_cast<bitvector_typet>(pointer_expr.type());
1072  INVARIANT(pointer_type, "Pointer object should have a bitvector-based type.");
1073  const std::size_t object_bits = config.bv_encoding.object_bits;
1074  const std::size_t width = pointer_type->get_width();
1075  INVARIANT(
1076  width >= object_bits,
1077  "Width should be at least as big as the number of object bits.");
1078 
1079  const auto extract_op = smt_bit_vector_theoryt::extract(
1080  width - 1, width - object_bits)(converted.at(pointer_expr));
1081 
1082  const auto &invalid_pointer = object_map.at(make_invalid_pointer_expr());
1083 
1084  const smt_termt invalid_pointer_address = smt_bit_vector_constant_termt(
1085  invalid_pointer.unique_id, config.bv_encoding.object_bits);
1086 
1087  return smt_core_theoryt::equal(invalid_pointer_address, extract_op);
1088 }
1089 
1090 static smt_termt convert_expr_to_smt(
1091  const string_constantt &string_constant,
1092  const sub_expression_mapt &converted)
1093 {
1094  UNIMPLEMENTED_FEATURE(
1095  "Generation of SMT formula for string constant expression: " +
1096  string_constant.pretty());
1097 }
1098 
1099 static smt_termt convert_expr_to_smt(
1100  const extractbit_exprt &extract_bit,
1101  const sub_expression_mapt &converted)
1102 {
1103  UNIMPLEMENTED_FEATURE(
1104  "Generation of SMT formula for extract bit expression: " +
1105  extract_bit.pretty());
1106 }
1107 
1108 static smt_termt convert_expr_to_smt(
1109  const extractbits_exprt &extract_bits,
1110  const sub_expression_mapt &converted)
1111 {
1112  const smt_termt &from = converted.at(extract_bits.src());
1113  const auto bit_vector_sort =
1114  convert_type_to_smt_sort(extract_bits.type()).cast<smt_bit_vector_sortt>();
1115  INVARIANT(
1116  bit_vector_sort, "Extract can only be applied to bit vector terms.");
1117  const auto index_value = numeric_cast<std::size_t>(extract_bits.index());
1118  if(index_value)
1119  return smt_bit_vector_theoryt::extract(
1120  *index_value + bit_vector_sort->bit_width() - 1, *index_value)(from);
1121  UNIMPLEMENTED_FEATURE(
1122  "Generation of SMT formula for extract bits expression: " +
1123  extract_bits.pretty());
1124 }
1125 
1126 static smt_termt convert_expr_to_smt(
1127  const replication_exprt &replication,
1128  const sub_expression_mapt &converted)
1129 {
1130  UNIMPLEMENTED_FEATURE(
1131  "Generation of SMT formula for bit vector replication expression: " +
1132  replication.pretty());
1133 }
1134 
1135 static smt_termt convert_expr_to_smt(
1136  const byte_extract_exprt &byte_extraction,
1137  const sub_expression_mapt &converted)
1138 {
1139  UNIMPLEMENTED_FEATURE(
1140  "Generation of SMT formula for byte extract expression: " +
1141  byte_extraction.pretty());
1142 }
1143 
1144 static smt_termt convert_expr_to_smt(
1145  const byte_update_exprt &byte_update,
1146  const sub_expression_mapt &converted)
1147 {
1148  UNIMPLEMENTED_FEATURE(
1149  "Generation of SMT formula for byte update expression: " +
1150  byte_update.pretty());
1151 }
1152 
1153 static smt_termt convert_expr_to_smt(
1154  const abs_exprt &absolute_value_of,
1155  const sub_expression_mapt &converted)
1156 {
1157  UNIMPLEMENTED_FEATURE(
1158  "Generation of SMT formula for absolute value of expression: " +
1159  absolute_value_of.pretty());
1160 }
1161 
1162 static smt_termt convert_expr_to_smt(
1163  const isnan_exprt &is_nan_expr,
1164  const sub_expression_mapt &converted)
1165 {
1166  UNIMPLEMENTED_FEATURE(
1167  "Generation of SMT formula for is not a number expression: " +
1168  is_nan_expr.pretty());
1169 }
1170 
1171 static smt_termt convert_expr_to_smt(
1172  const isfinite_exprt &is_finite_expr,
1173  const sub_expression_mapt &converted)
1174 {
1175  UNIMPLEMENTED_FEATURE(
1176  "Generation of SMT formula for is finite expression: " +
1177  is_finite_expr.pretty());
1178 }
1179 
1180 static smt_termt convert_expr_to_smt(
1181  const isinf_exprt &is_infinite_expr,
1182  const sub_expression_mapt &converted)
1183 {
1184  UNIMPLEMENTED_FEATURE(
1185  "Generation of SMT formula for is infinite expression: " +
1186  is_infinite_expr.pretty());
1187 }
1188 
1189 static smt_termt convert_expr_to_smt(
1190  const isnormal_exprt &is_normal_expr,
1191  const sub_expression_mapt &converted)
1192 {
1193  UNIMPLEMENTED_FEATURE(
1194  "Generation of SMT formula for is infinite expression: " +
1195  is_normal_expr.pretty());
1196 }
1197 
1201 static smt_termt most_significant_bit_is_set(const smt_termt &input)
1202 {
1203  const auto bit_vector_sort = input.get_sort().cast<smt_bit_vector_sortt>();
1204  INVARIANT(
1205  bit_vector_sort,
1206  "Most significant bit can only be extracted from bit vector terms.");
1207  const size_t most_significant_bit_index = bit_vector_sort->bit_width() - 1;
1208  const auto extract_most_significant_bit = smt_bit_vector_theoryt::extract(
1209  most_significant_bit_index, most_significant_bit_index);
1210  return smt_core_theoryt::equal(
1211  extract_most_significant_bit(input), smt_bit_vector_constant_termt{1, 1});
1212 }
1213 
1214 static smt_termt convert_expr_to_smt(
1215  const plus_overflow_exprt &plus_overflow,
1216  const sub_expression_mapt &converted)
1217 {
1218  const smt_termt &left = converted.at(plus_overflow.lhs());
1219  const smt_termt &right = converted.at(plus_overflow.rhs());
1220  if(operands_are_of_type<unsignedbv_typet>(plus_overflow))
1221  {
1222  const auto add_carry_bit = smt_bit_vector_theoryt::zero_extend(1);
1223  return most_significant_bit_is_set(
1224  smt_bit_vector_theoryt::add(add_carry_bit(left), add_carry_bit(right)));
1225  }
1226  if(operands_are_of_type<signedbv_typet>(plus_overflow))
1227  {
1228  // Overflow has occurred if the operands have the same sign and adding them
1229  // gives a result of the opposite sign.
1230  const smt_termt msb_left = most_significant_bit_is_set(left);
1231  const smt_termt msb_right = most_significant_bit_is_set(right);
1232  return smt_core_theoryt::make_and(
1233  smt_core_theoryt::equal(msb_left, msb_right),
1234  smt_core_theoryt::distinct(
1235  msb_left,
1236  most_significant_bit_is_set(smt_bit_vector_theoryt::add(left, right))));
1237  }
1238  UNIMPLEMENTED_FEATURE(
1239  "Generation of SMT formula for plus overflow expression: " +
1240  plus_overflow.pretty());
1241 }
1242 
1243 static smt_termt convert_expr_to_smt(
1244  const minus_overflow_exprt &minus_overflow,
1245  const sub_expression_mapt &converted)
1246 {
1247  const smt_termt &left = converted.at(minus_overflow.lhs());
1248  const smt_termt &right = converted.at(minus_overflow.rhs());
1249  if(operands_are_of_type<unsignedbv_typet>(minus_overflow))
1250  {
1251  return smt_bit_vector_theoryt::unsigned_less_than(left, right);
1252  }
1253  if(operands_are_of_type<signedbv_typet>(minus_overflow))
1254  {
1255  // Overflow has occurred if the operands have the opposing signs and
1256  // subtracting them gives a result having the same signedness as the
1257  // right-hand operand. For example the following would be overflow for cases
1258  // for 8 bit wide bit vectors -
1259  // -128 - 1 == 127
1260  // 127 - (-1) == -128
1261  const smt_termt msb_left = most_significant_bit_is_set(left);
1262  const smt_termt msb_right = most_significant_bit_is_set(right);
1263  return smt_core_theoryt::make_and(
1264  smt_core_theoryt::distinct(msb_left, msb_right),
1265  smt_core_theoryt::equal(
1266  msb_right,
1267  most_significant_bit_is_set(
1268  smt_bit_vector_theoryt::subtract(left, right))));
1269  }
1270  UNIMPLEMENTED_FEATURE(
1271  "Generation of SMT formula for minus overflow expression: " +
1272  minus_overflow.pretty());
1273 }
1274 
1275 static smt_termt convert_expr_to_smt(
1276  const mult_overflow_exprt &mult_overflow,
1277  const sub_expression_mapt &converted)
1278 {
1279  PRECONDITION(mult_overflow.lhs().type() == mult_overflow.rhs().type());
1280  const auto &operand_type = mult_overflow.lhs().type();
1281  const smt_termt &left = converted.at(mult_overflow.lhs());
1282  const smt_termt &right = converted.at(mult_overflow.rhs());
1283  if(
1284  const auto unsigned_type =
1285  type_try_dynamic_cast<unsignedbv_typet>(operand_type))
1286  {
1287  const std::size_t width = unsigned_type->get_width();
1288  const auto extend = smt_bit_vector_theoryt::zero_extend(width);
1289  return smt_bit_vector_theoryt::unsigned_greater_than_or_equal(
1290  smt_bit_vector_theoryt::multiply(extend(left), extend(right)),
1291  smt_bit_vector_constant_termt{power(2, width), width * 2});
1292  }
1293  if(
1294  const auto signed_type =
1295  type_try_dynamic_cast<signedbv_typet>(operand_type))
1296  {
1297  const smt_termt msb_left = most_significant_bit_is_set(left);
1298  const smt_termt msb_right = most_significant_bit_is_set(right);
1299  const std::size_t width = signed_type->get_width();
1300  const auto extend = smt_bit_vector_theoryt::sign_extend(width);
1301  const auto multiplication =
1302  smt_bit_vector_theoryt::multiply(extend(left), extend(right));
1303  const auto too_large = smt_bit_vector_theoryt::signed_greater_than_or_equal(
1304  multiplication,
1305  smt_bit_vector_constant_termt{power(2, width - 1), width * 2});
1306  const auto too_small = smt_bit_vector_theoryt::signed_less_than(
1307  multiplication,
1308  smt_bit_vector_theoryt::negate(
1309  smt_bit_vector_constant_termt{power(2, width - 1), width * 2}));
1310  return smt_core_theoryt::if_then_else(
1311  smt_core_theoryt::equal(msb_left, msb_right), too_large, too_small);
1312  }
1313  UNIMPLEMENTED_FEATURE(
1314  "Generation of SMT formula for multiply overflow expression: " +
1315  mult_overflow.pretty());
1316 }
1317 
1318 static smt_termt convert_expr_to_smt(
1319  const pointer_object_exprt &pointer_object,
1320  const sub_expression_mapt &converted)
1321 {
1322  const auto type =
1323  type_try_dynamic_cast<bitvector_typet>(pointer_object.type());
1324  INVARIANT(type, "Pointer object should have a bitvector-based type.");
1325  const auto converted_expr = converted.at(pointer_object.pointer());
1326  const std::size_t width = type->get_width();
1327  const std::size_t object_bits = config.bv_encoding.object_bits;
1328  INVARIANT(
1329  width >= object_bits,
1330  "Width should be at least as big as the number of object bits.");
1331  const std::size_t ext = width - object_bits;
1332  const auto extract_op = smt_bit_vector_theoryt::extract(
1333  width - 1, width - object_bits)(converted_expr);
1334  if(ext > 0)
1335  {
1336  return smt_bit_vector_theoryt::zero_extend(ext)(extract_op);
1337  }
1338  return extract_op;
1339 }
1340 
1341 static smt_termt convert_expr_to_smt(
1342  const pointer_offset_exprt &pointer_offset,
1343  const sub_expression_mapt &converted)
1344 {
1345  const auto type =
1346  type_try_dynamic_cast<bitvector_typet>(pointer_offset.type());
1347  INVARIANT(type, "Pointer offset should have a bitvector-based type.");
1348  const auto converted_expr = converted.at(pointer_offset.pointer());
1349  const std::size_t width = type->get_width();
1350  std::size_t offset_bits = width - config.bv_encoding.object_bits;
1351  if(offset_bits > width)
1352  offset_bits = width;
1353  const auto extract_op =
1354  smt_bit_vector_theoryt::extract(offset_bits - 1, 0)(converted_expr);
1355  if(width > offset_bits)
1356  {
1357  return smt_bit_vector_theoryt::sign_extend(width - offset_bits)(extract_op);
1358  }
1359  return extract_op;
1360 }
1361 
1362 static smt_termt convert_expr_to_smt(
1363  const shl_overflow_exprt &shl_overflow,
1364  const sub_expression_mapt &converted)
1365 {
1366  UNIMPLEMENTED_FEATURE(
1367  "Generation of SMT formula for shift left overflow expression: " +
1368  shl_overflow.pretty());
1369 }
1370 
1371 static smt_termt convert_expr_to_smt(
1372  const array_exprt &array_construction,
1373  const sub_expression_mapt &converted)
1374 {
1375  // This function is unreachable as the `array_exprt` nodes are already fully
1376  // converted by the incremental decision procedure functions
1377  // (smt2_incremental_decision_proceduret::define_array_function).
1378  UNHANDLED_CASE;
1379 }
1380 
1381 static smt_termt convert_expr_to_smt(
1382  const literal_exprt &literal,
1383  const sub_expression_mapt &converted)
1384 {
1385  UNIMPLEMENTED_FEATURE(
1386  "Generation of SMT formula for literal expression: " + literal.pretty());
1387 }
1388 
1389 static smt_termt convert_expr_to_smt(
1390  const forall_exprt &for_all,
1391  const sub_expression_mapt &converted)
1392 {
1393  UNIMPLEMENTED_FEATURE(
1394  "Generation of SMT formula for for all expression: " + for_all.pretty());
1395 }
1396 
1397 static smt_termt convert_expr_to_smt(
1398  const exists_exprt &exists,
1399  const sub_expression_mapt &converted)
1400 {
1401  UNIMPLEMENTED_FEATURE(
1402  "Generation of SMT formula for exists expression: " + exists.pretty());
1403 }
1404 
1405 static smt_termt convert_expr_to_smt(
1406  const vector_exprt &vector,
1407  const sub_expression_mapt &converted)
1408 {
1409  UNIMPLEMENTED_FEATURE(
1410  "Generation of SMT formula for vector expression: " + vector.pretty());
1411 }
1412 
1413 static smt_termt convert_expr_to_smt(
1414  const object_size_exprt &object_size,
1415  const sub_expression_mapt &converted,
1416  const smt_object_sizet::make_applicationt &call_object_size)
1417 {
1418  const smt_termt &pointer = converted.at(object_size.pointer());
1419  const auto pointer_sort = pointer.get_sort().cast<smt_bit_vector_sortt>();
1420  INVARIANT(
1421  pointer_sort, "Pointers should be encoded as bit vector sorted terms.");
1422  const std::size_t pointer_width = pointer_sort->bit_width();
1423  return call_object_size(
1424  std::vector<smt_termt>{smt_bit_vector_theoryt::extract(
1425  pointer_width - 1,
1426  pointer_width - config.bv_encoding.object_bits)(pointer)});
1427 }
1428 
1429 static smt_termt
1430 convert_expr_to_smt(const let_exprt &let, const sub_expression_mapt &converted)
1431 {
1432  UNIMPLEMENTED_FEATURE(
1433  "Generation of SMT formula for let expression: " + let.pretty());
1434 }
1435 
1436 static smt_termt convert_expr_to_smt(
1437  const bswap_exprt &byte_swap,
1438  const sub_expression_mapt &converted)
1439 {
1440  UNIMPLEMENTED_FEATURE(
1441  "Generation of SMT formula for byte swap expression: " +
1442  byte_swap.pretty());
1443 }
1444 
1445 static smt_termt convert_expr_to_smt(
1446  const popcount_exprt &population_count,
1447  const sub_expression_mapt &converted)
1448 {
1449  UNIMPLEMENTED_FEATURE(
1450  "Generation of SMT formula for population count expression: " +
1451  population_count.pretty());
1452 }
1453 
1454 static smt_termt convert_expr_to_smt(
1455  const count_leading_zeros_exprt &count_leading_zeros,
1456  const sub_expression_mapt &converted)
1457 {
1458  UNIMPLEMENTED_FEATURE(
1459  "Generation of SMT formula for count leading zeros expression: " +
1460  count_leading_zeros.pretty());
1461 }
1462 
1463 static smt_termt convert_expr_to_smt(
1464  const count_trailing_zeros_exprt &count_trailing_zeros,
1465  const sub_expression_mapt &converted)
1466 {
1467  UNIMPLEMENTED_FEATURE(
1468  "Generation of SMT formula for count trailing zeros expression: " +
1469  count_trailing_zeros.pretty());
1470 }
1471 
1472 static smt_termt convert_expr_to_smt(
1473  const zero_extend_exprt &zero_extend,
1474  const sub_expression_mapt &converted)
1475 {
1476  UNREACHABLE_BECAUSE(
1477  "zero_extend expression should have been lowered by the decision "
1478  "procedure before conversion to smt terms");
1479 }
1480 
1481 static smt_termt convert_expr_to_smt(
1482  const prophecy_r_or_w_ok_exprt &prophecy_r_or_w_ok,
1483  const sub_expression_mapt &converted)
1484 {
1485  UNREACHABLE_BECAUSE(
1486  "prophecy_r_or_w_ok expression should have been lowered by the decision "
1487  "procedure before conversion to smt terms");
1488 }
1489 
1490 static smt_termt convert_expr_to_smt(
1491  const prophecy_pointer_in_range_exprt &prophecy_pointer_in_range,
1492  const sub_expression_mapt &converted)
1493 {
1494  UNREACHABLE_BECAUSE(
1495  "prophecy_pointer_in_range expression should have been lowered by the "
1496  "decision procedure before conversion to smt terms");
1497 }
1498 
1499 static smt_termt dispatch_expr_to_smt_conversion(
1500  const exprt &expr,
1501  const sub_expression_mapt &converted,
1502  const smt_object_mapt &object_map,
1503  const type_size_mapt &pointer_sizes,
1504  const smt_object_sizet::make_applicationt &call_object_size,
1505  const smt_is_dynamic_objectt::make_applicationt &apply_is_dynamic_object)
1506 {
1507  if(const auto symbol = expr_try_dynamic_cast<symbol_exprt>(expr))
1508  {
1509  return convert_expr_to_smt(*symbol);
1510  }
1511  if(const auto nondet = expr_try_dynamic_cast<nondet_symbol_exprt>(expr))
1512  {
1513  return convert_expr_to_smt(*nondet, converted);
1514  }
1515  if(const auto cast = expr_try_dynamic_cast<typecast_exprt>(expr))
1516  {
1517  return convert_expr_to_smt(*cast, converted);
1518  }
1519  if(
1520  const auto float_cast = expr_try_dynamic_cast<floatbv_typecast_exprt>(expr))
1521  {
1522  return convert_expr_to_smt(*float_cast, converted);
1523  }
1524  if(const auto struct_construction = expr_try_dynamic_cast<struct_exprt>(expr))
1525  {
1526  return convert_expr_to_smt(*struct_construction, converted);
1527  }
1528  if(const auto union_construction = expr_try_dynamic_cast<union_exprt>(expr))
1529  {
1530  return convert_expr_to_smt(*union_construction, converted);
1531  }
1532  if(const auto constant_literal = expr_try_dynamic_cast<constant_exprt>(expr))
1533  {
1534  return convert_expr_to_smt(*constant_literal);
1535  }
1536  if(
1537  const auto concatenation = expr_try_dynamic_cast<concatenation_exprt>(expr))
1538  {
1539  return convert_expr_to_smt(*concatenation, converted);
1540  }
1541  if(const auto bitwise_and_expr = expr_try_dynamic_cast<bitand_exprt>(expr))
1542  {
1543  return convert_expr_to_smt(*bitwise_and_expr, converted);
1544  }
1545  if(const auto bitwise_or_expr = expr_try_dynamic_cast<bitor_exprt>(expr))
1546  {
1547  return convert_expr_to_smt(*bitwise_or_expr, converted);
1548  }
1549  if(const auto bitwise_xor = expr_try_dynamic_cast<bitxor_exprt>(expr))
1550  {
1551  return convert_expr_to_smt(*bitwise_xor, converted);
1552  }
1553  if(const auto bitwise_not = expr_try_dynamic_cast<bitnot_exprt>(expr))
1554  {
1555  return convert_expr_to_smt(*bitwise_not, converted);
1556  }
1557  if(const auto unary_minus = expr_try_dynamic_cast<unary_minus_exprt>(expr))
1558  {
1559  return convert_expr_to_smt(*unary_minus, converted);
1560  }
1561  if(const auto unary_plus = expr_try_dynamic_cast<unary_plus_exprt>(expr))
1562  {
1563  return convert_expr_to_smt(*unary_plus, converted);
1564  }
1565  if(const auto is_negative = expr_try_dynamic_cast<sign_exprt>(expr))
1566  {
1567  return convert_expr_to_smt(*is_negative, converted);
1568  }
1569  if(const auto if_expression = expr_try_dynamic_cast<if_exprt>(expr))
1570  {
1571  return convert_expr_to_smt(*if_expression, converted);
1572  }
1573  if(const auto and_expression = expr_try_dynamic_cast<and_exprt>(expr))
1574  {
1575  return convert_expr_to_smt(*and_expression, converted);
1576  }
1577  if(const auto or_expression = expr_try_dynamic_cast<or_exprt>(expr))
1578  {
1579  return convert_expr_to_smt(*or_expression, converted);
1580  }
1581  if(const auto xor_expression = expr_try_dynamic_cast<xor_exprt>(expr))
1582  {
1583  return convert_expr_to_smt(*xor_expression, converted);
1584  }
1585  if(const auto implies = expr_try_dynamic_cast<implies_exprt>(expr))
1586  {
1587  return convert_expr_to_smt(*implies, converted);
1588  }
1589  if(const auto logical_not = expr_try_dynamic_cast<not_exprt>(expr))
1590  {
1591  return convert_expr_to_smt(*logical_not, converted);
1592  }
1593  if(const auto equal = expr_try_dynamic_cast<equal_exprt>(expr))
1594  {
1595  return convert_expr_to_smt(*equal, converted);
1596  }
1597  if(const auto not_equal = expr_try_dynamic_cast<notequal_exprt>(expr))
1598  {
1599  return convert_expr_to_smt(*not_equal, converted);
1600  }
1601  if(
1602  const auto float_equal =
1603  expr_try_dynamic_cast<ieee_float_equal_exprt>(expr))
1604  {
1605  return convert_expr_to_smt(*float_equal, converted);
1606  }
1607  if(
1608  const auto float_not_equal =
1609  expr_try_dynamic_cast<ieee_float_notequal_exprt>(expr))
1610  {
1611  return convert_expr_to_smt(*float_not_equal, converted);
1612  }
1613  if(
1614  const auto converted_relational =
1615  try_relational_conversion(expr, converted))
1616  {
1617  return *converted_relational;
1618  }
1619  if(const auto plus = expr_try_dynamic_cast<plus_exprt>(expr))
1620  {
1621  return convert_expr_to_smt(*plus, converted, pointer_sizes);
1622  }
1623  if(const auto minus = expr_try_dynamic_cast<minus_exprt>(expr))
1624  {
1625  return convert_expr_to_smt(*minus, converted, pointer_sizes);
1626  }
1627  if(const auto divide = expr_try_dynamic_cast<div_exprt>(expr))
1628  {
1629  return convert_expr_to_smt(*divide, converted);
1630  }
1631  if(
1632  const auto float_operation =
1633  expr_try_dynamic_cast<ieee_float_op_exprt>(expr))
1634  {
1635  return convert_expr_to_smt(*float_operation, converted);
1636  }
1637  if(const auto truncation_modulo = expr_try_dynamic_cast<mod_exprt>(expr))
1638  {
1639  return convert_expr_to_smt(*truncation_modulo, converted);
1640  }
1641  if(
1642  const auto euclidean_modulo =
1643  expr_try_dynamic_cast<euclidean_mod_exprt>(expr))
1644  {
1645  return convert_expr_to_smt(*euclidean_modulo, converted);
1646  }
1647  if(const auto multiply = expr_try_dynamic_cast<mult_exprt>(expr))
1648  {
1649  return convert_expr_to_smt(*multiply, converted);
1650  }
1651 #if 0
1652  else if(expr.id() == ID_floatbv_rem)
1653  {
1654  convert_floatbv_rem(to_binary_expr(expr));
1655  }
1656 #endif
1657  if(const auto address_of = expr_try_dynamic_cast<address_of_exprt>(expr))
1658  {
1659  return convert_expr_to_smt(*address_of, converted, object_map);
1660  }
1661  if(const auto array_of = expr_try_dynamic_cast<array_of_exprt>(expr))
1662  {
1663  return convert_expr_to_smt(*array_of, converted);
1664  }
1665  if(
1666  const auto array_comprehension =
1667  expr_try_dynamic_cast<array_comprehension_exprt>(expr))
1668  {
1669  return convert_expr_to_smt(*array_comprehension, converted);
1670  }
1671  if(const auto index = expr_try_dynamic_cast<index_exprt>(expr))
1672  {
1673  return convert_expr_to_smt(*index, converted);
1674  }
1675  if(const auto shift = expr_try_dynamic_cast<shift_exprt>(expr))
1676  {
1677  return convert_expr_to_smt(*shift, converted);
1678  }
1679  if(const auto with = expr_try_dynamic_cast<with_exprt>(expr))
1680  {
1681  return convert_expr_to_smt(*with, converted);
1682  }
1683  if(const auto update = expr_try_dynamic_cast<update_exprt>(expr))
1684  {
1685  return convert_expr_to_smt(*update, converted);
1686  }
1687  if(const auto member_extraction = expr_try_dynamic_cast<member_exprt>(expr))
1688  {
1689  return convert_expr_to_smt(*member_extraction, converted);
1690  }
1691  else if(
1692  const auto pointer_offset =
1693  expr_try_dynamic_cast<pointer_offset_exprt>(expr))
1694  {
1695  return convert_expr_to_smt(*pointer_offset, converted);
1696  }
1697  else if(
1698  const auto pointer_object =
1699  expr_try_dynamic_cast<pointer_object_exprt>(expr))
1700  {
1701  return convert_expr_to_smt(*pointer_object, converted);
1702  }
1703  if(
1704  const auto is_dynamic_object =
1705  expr_try_dynamic_cast<is_dynamic_object_exprt>(expr))
1706  {
1707  return convert_expr_to_smt(
1708  *is_dynamic_object, converted, apply_is_dynamic_object);
1709  }
1710  if(
1711  const auto is_invalid_pointer =
1712  expr_try_dynamic_cast<is_invalid_pointer_exprt>(expr))
1713  {
1714  return convert_expr_to_smt(*is_invalid_pointer, object_map, converted);
1715  }
1716  if(const auto string_constant = expr_try_dynamic_cast<string_constantt>(expr))
1717  {
1718  return convert_expr_to_smt(*string_constant, converted);
1719  }
1720  if(const auto extract_bit = expr_try_dynamic_cast<extractbit_exprt>(expr))
1721  {
1722  return convert_expr_to_smt(*extract_bit, converted);
1723  }
1724  if(const auto extract_bits = expr_try_dynamic_cast<extractbits_exprt>(expr))
1725  {
1726  return convert_expr_to_smt(*extract_bits, converted);
1727  }
1728  if(const auto replication = expr_try_dynamic_cast<replication_exprt>(expr))
1729  {
1730  return convert_expr_to_smt(*replication, converted);
1731  }
1732  if(
1733  const auto byte_extraction =
1734  expr_try_dynamic_cast<byte_extract_exprt>(expr))
1735  {
1736  return convert_expr_to_smt(*byte_extraction, converted);
1737  }
1738  if(const auto byte_update = expr_try_dynamic_cast<byte_update_exprt>(expr))
1739  {
1740  return convert_expr_to_smt(*byte_update, converted);
1741  }
1742  if(const auto absolute_value_of = expr_try_dynamic_cast<abs_exprt>(expr))
1743  {
1744  return convert_expr_to_smt(*absolute_value_of, converted);
1745  }
1746  if(const auto is_nan_expr = expr_try_dynamic_cast<isnan_exprt>(expr))
1747  {
1748  return convert_expr_to_smt(*is_nan_expr, converted);
1749  }
1750  if(const auto is_finite_expr = expr_try_dynamic_cast<isfinite_exprt>(expr))
1751  {
1752  return convert_expr_to_smt(*is_finite_expr, converted);
1753  }
1754  if(const auto is_infinite_expr = expr_try_dynamic_cast<isinf_exprt>(expr))
1755  {
1756  return convert_expr_to_smt(*is_infinite_expr, converted);
1757  }
1758  if(const auto is_normal_expr = expr_try_dynamic_cast<isnormal_exprt>(expr))
1759  {
1760  return convert_expr_to_smt(*is_normal_expr, converted);
1761  }
1762  if(
1763  const auto plus_overflow = expr_try_dynamic_cast<plus_overflow_exprt>(expr))
1764  {
1765  return convert_expr_to_smt(*plus_overflow, converted);
1766  }
1767  if(
1768  const auto minus_overflow =
1769  expr_try_dynamic_cast<minus_overflow_exprt>(expr))
1770  {
1771  return convert_expr_to_smt(*minus_overflow, converted);
1772  }
1773  if(
1774  const auto mult_overflow = expr_try_dynamic_cast<mult_overflow_exprt>(expr))
1775  {
1776  return convert_expr_to_smt(*mult_overflow, converted);
1777  }
1778  if(const auto shl_overflow = expr_try_dynamic_cast<shl_overflow_exprt>(expr))
1779  {
1780  return convert_expr_to_smt(*shl_overflow, converted);
1781  }
1782  if(const auto array_construction = expr_try_dynamic_cast<array_exprt>(expr))
1783  {
1784  return convert_expr_to_smt(*array_construction, converted);
1785  }
1786  if(const auto literal = expr_try_dynamic_cast<literal_exprt>(expr))
1787  {
1788  return convert_expr_to_smt(*literal, converted);
1789  }
1790  if(const auto for_all = expr_try_dynamic_cast<forall_exprt>(expr))
1791  {
1792  return convert_expr_to_smt(*for_all, converted);
1793  }
1794  if(const auto exists = expr_try_dynamic_cast<exists_exprt>(expr))
1795  {
1796  return convert_expr_to_smt(*exists, converted);
1797  }
1798  if(const auto vector = expr_try_dynamic_cast<vector_exprt>(expr))
1799  {
1800  return convert_expr_to_smt(*vector, converted);
1801  }
1802  if(const auto object_size = expr_try_dynamic_cast<object_size_exprt>(expr))
1803  {
1804  return convert_expr_to_smt(*object_size, converted, call_object_size);
1805  }
1806  if(const auto let = expr_try_dynamic_cast<let_exprt>(expr))
1807  {
1808  return convert_expr_to_smt(*let, converted);
1809  }
1810  INVARIANT(
1811  expr.id() != ID_constraint_select_one,
1812  "constraint_select_one is not expected in smt conversion: " +
1813  expr.pretty());
1814  if(const auto byte_swap = expr_try_dynamic_cast<bswap_exprt>(expr))
1815  {
1816  return convert_expr_to_smt(*byte_swap, converted);
1817  }
1818  if(const auto population_count = expr_try_dynamic_cast<popcount_exprt>(expr))
1819  {
1820  return convert_expr_to_smt(*population_count, converted);
1821  }
1822  if(
1823  const auto count_leading_zeros =
1824  expr_try_dynamic_cast<count_leading_zeros_exprt>(expr))
1825  {
1826  return convert_expr_to_smt(*count_leading_zeros, converted);
1827  }
1828  if(
1829  const auto count_trailing_zeros =
1830  expr_try_dynamic_cast<count_trailing_zeros_exprt>(expr))
1831  {
1832  return convert_expr_to_smt(*count_trailing_zeros, converted);
1833  }
1834  if(const auto zero_extend = expr_try_dynamic_cast<zero_extend_exprt>(expr))
1835  {
1836  return convert_expr_to_smt(*zero_extend, converted);
1837  }
1838  if(
1839  const auto prophecy_r_or_w_ok =
1840  expr_try_dynamic_cast<prophecy_r_or_w_ok_exprt>(expr))
1841  {
1842  return convert_expr_to_smt(*prophecy_r_or_w_ok, converted);
1843  }
1844  if(
1845  const auto prophecy_pointer_in_range =
1846  expr_try_dynamic_cast<prophecy_pointer_in_range_exprt>(expr))
1847  {
1848  return convert_expr_to_smt(*prophecy_pointer_in_range, converted);
1849  }
1850 
1851  UNIMPLEMENTED_FEATURE(
1852  "Generation of SMT formula for unknown kind of expression: " +
1853  expr.pretty());
1854 }
1855 
1856 #ifndef CPROVER_INVARIANT_DO_NOT_CHECK
1857 template <typename functiont>
1858 struct at_scope_exitt
1859 {
1860  explicit at_scope_exitt(functiont exit_function)
1861  : exit_function(exit_function)
1862  {
1863  }
1864  ~at_scope_exitt()
1865  {
1866  exit_function();
1867  }
1868  functiont exit_function;
1869 };
1870 
1871 template <typename functiont>
1872 at_scope_exitt<functiont> at_scope_exit(functiont exit_function)
1873 {
1874  return at_scope_exitt<functiont>(exit_function);
1875 }
1876 #endif
1877 
1878 exprt lower_address_of_array_index(exprt expr)
1879 {
1880  expr.visit_pre([](exprt &expr) {
1881  const auto address_of_expr = expr_try_dynamic_cast<address_of_exprt>(expr);
1882  if(!address_of_expr)
1883  return;
1884  const auto array_index_expr =
1885  expr_try_dynamic_cast<index_exprt>(address_of_expr->object());
1886  if(!array_index_expr)
1887  return;
1888  expr = plus_exprt{
1889  address_of_exprt{
1890  array_index_expr->array(),
1891  type_checked_cast<pointer_typet>(address_of_expr->type())},
1892  array_index_expr->index()};
1893  });
1894  return expr;
1895 }
1896 
1900 void filtered_visit_post(
1901  const exprt &_expr,
1902  std::function<bool(const exprt &)> filter,
1903  std::function<void(const exprt &)> visitor)
1904 {
1905  struct stack_entryt
1906  {
1907  const exprt *e;
1908  bool operands_pushed;
1909  explicit stack_entryt(const exprt *_e) : e(_e), operands_pushed(false)
1910  {
1911  }
1912  };
1913 
1914  std::stack<stack_entryt> stack;
1915 
1916  stack.emplace(&_expr);
1917 
1918  while(!stack.empty())
1919  {
1920  auto &top = stack.top();
1921  if(top.operands_pushed)
1922  {
1923  visitor(*top.e);
1924  stack.pop();
1925  }
1926  else
1927  {
1928  // do modification of 'top' before pushing in case 'top' isn't stable
1929  top.operands_pushed = true;
1930  if(filter(*top.e))
1931  for(auto &op : top.e->operands())
1932  stack.emplace(&op);
1933  }
1934  }
1935 }
1936 
1937 smt_termt convert_expr_to_smt(
1938  const exprt &expr,
1939  const smt_object_mapt &object_map,
1940  const type_size_mapt &pointer_sizes,
1941  const smt_object_sizet::make_applicationt &object_size,
1942  const smt_is_dynamic_objectt::make_applicationt &is_dynamic_object)
1943 {
1944 #ifndef CPROVER_INVARIANT_DO_NOT_CHECK
1945  static bool in_conversion = false;
1946  INVARIANT(
1947  !in_conversion,
1948  "Conversion of expr to smt should be non-recursive. "
1949  "Re-entrance found in conversion of " +
1950  expr.pretty(1, 0));
1951  in_conversion = true;
1952  const auto end_conversion = at_scope_exit([&]() { in_conversion = false; });
1953 #endif
1954  sub_expression_mapt sub_expression_map;
1955  const auto lowered_expr = lower_address_of_array_index(expr);
1956  filtered_visit_post(
1957  lowered_expr,
1958  [](const exprt &expr) {
1959  // Code values inside "address of" expressions do not need to be converted
1960  // as the "address of" conversion only depends on the object identifier.
1961  // Avoiding the conversion side steps a need to convert arbitrary code to
1962  // SMT terms.
1963  const auto address_of = expr_try_dynamic_cast<address_of_exprt>(expr);
1964  if(!address_of)
1965  return true;
1966  return !can_cast_type<code_typet>(address_of->object().type());
1967  },
1968  [&](const exprt &expr) {
1969  const auto find_result = sub_expression_map.find(expr);
1970  if(find_result != sub_expression_map.cend())
1971  return;
1972  smt_termt term = dispatch_expr_to_smt_conversion(
1973  expr,
1974  sub_expression_map,
1975  object_map,
1976  pointer_sizes,
1977  object_size,
1978  is_dynamic_object);
1979  sub_expression_map.emplace_hint(find_result, expr, std::move(term));
1980  });
1981  return std::move(sub_expression_map.at(lowered_expr));
1982 }
config
configt config
Definition: config.cpp:25
bvrep2integer
mp_integer bvrep2integer(const irep_idt &src, std::size_t width, bool is_signed)
convert a bit-vector representation (possibly signed) to integer
Definition: arith_tools.cpp:402
address_bits
std::size_t address_bits(const mp_integer &size)
ceil(log2(size))
Definition: arith_tools.cpp:177
power
mp_integer power(const mp_integer &base, const mp_integer &exponent)
A multi-precision implementation of the power operator.
Definition: arith_tools.cpp:195
arith_tools.h
bitvector_expr.h
API to expression classes for bitvectors.
to_floatbv_type
const floatbv_typet & to_floatbv_type(const typet &type)
Cast a typet to a floatbv_typet.
Definition: bitvector_types.h:371
can_cast_type< signedbv_typet >
bool can_cast_type< signedbv_typet >(const typet &type)
Check whether a reference to a typet is a signedbv_typet.
Definition: bitvector_types.h:232
can_cast_type< integer_bitvector_typet >
bool can_cast_type< integer_bitvector_typet >(const typet &type)
Check whether a reference to a typet is an integer_bitvector_typet.
Definition: bitvector_types.h:132
can_cast_type< bv_typet >
bool can_cast_type< bv_typet >(const typet &type)
Check whether a reference to a typet is a bv_typet.
Definition: bitvector_types.h:73
to_fixedbv_type
const fixedbv_typet & to_fixedbv_type(const typet &type)
Cast a typet to a fixedbv_typet.
Definition: bitvector_types.h:309
can_cast_type< unsignedbv_typet >
bool can_cast_type< unsignedbv_typet >(const typet &type)
Check whether a reference to a typet is a unsignedbv_typet.
Definition: bitvector_types.h:182
byte_operators.h
Expression classes for byte-level operators.
pointer_type
pointer_typet pointer_type(const typet &subtype)
Definition: c_types.cpp:235
c_bool_type
typet c_bool_type()
Definition: c_types.cpp:100
c_types.h
abs_exprt
Absolute value.
Definition: std_expr.h:442
address_of_exprt
Operator to return the address of an object.
Definition: pointer_expr.h:540
address_of_exprt::object
exprt & object()
Definition: pointer_expr.h:549
analysis_exceptiont
Thrown when an unexpected error occurs during the analysis (e.g., when the SAT solver returns an erro...
Definition: exception_utils.h:154
and_exprt
Boolean AND.
Definition: std_expr.h:2120
array_comprehension_exprt
Expression to define a mapping from an argument (index) to elements.
Definition: std_expr.h:3413
array_exprt
Array constructor from list of elements.
Definition: std_expr.h:1616
array_of_exprt
Array constructor from single element.
Definition: std_expr.h:1553
array_typet
Arrays with given size.
Definition: std_types.h:807
array_typet::index_type
typet index_type() const
The type of the index expressions into any instance of this type.
Definition: std_types.cpp:34
array_typet::element_type
const typet & element_type() const
The type of the elements of the array.
Definition: std_types.h:827
binary_exprt::op1
exprt & op1()
Definition: expr.h:136
binary_exprt::lhs
exprt & lhs()
Definition: std_expr.h:668
binary_exprt::op0
exprt & op0()
Definition: expr.h:133
binary_exprt::rhs
exprt & rhs()
Definition: std_expr.h:678
binary_relation_exprt
A base class for relations, i.e., binary predicates whose two operands have the same type.
Definition: std_expr.h:762
bitand_exprt
Bit-wise AND.
Definition: bitvector_expr.h:195
bitnot_exprt
Bit-wise negation of bit-vectors.
Definition: bitvector_expr.h:82
bitor_exprt
Bit-wise OR.
Definition: bitvector_expr.h:125
bitvector_typet
Base class of fixed-width bit-vector types.
Definition: std_types.h:909
bitvector_typet::get_width
std::size_t get_width() const
Definition: std_types.h:925
bitxor_exprt
Bit-wise XOR.
Definition: bitvector_expr.h:160
bool_typet
The Boolean type.
Definition: std_types.h:36
bswap_exprt
The byte swap expression.
Definition: bitvector_expr.h:19
byte_extract_exprt
Expression of type type extracted from some object op starting at position offset (given in number of...
Definition: byte_operators.h:29
byte_update_exprt
Expression corresponding to op() where the bytes starting at position offset (given in number of byte...
Definition: byte_operators.h:91
c_bool_typet
The C/C++ Booleans.
Definition: c_types.h:97
concatenation_exprt
Concatenation of bit-vector operands.
Definition: bitvector_expr.h:767
configt::bv_encoding
struct configt::bv_encodingt bv_encoding
constant_exprt
A constant literal expression.
Definition: std_expr.h:2990
constant_exprt::get_value
const irep_idt & get_value() const
Definition: std_expr.h:2998
constant_exprt::is_null_pointer
bool is_null_pointer() const
Returns true if expr has a pointer type and a value NULL; it also returns true when expr has value ze...
Definition: std_expr.cpp:25
count_leading_zeros_exprt
The count leading zeros (counting the number of zero bits starting from the most-significant bit) exp...
Definition: bitvector_expr.h:1134
count_trailing_zeros_exprt
The count trailing zeros (counting the number of zero bits starting from the least-significant bit) e...
Definition: bitvector_expr.h:1227
div_exprt
Division.
Definition: std_expr.h:1152
equal_exprt
Equality.
Definition: std_expr.h:1361
euclidean_mod_exprt
Boute's Euclidean definition of Modulo – to match SMT-LIB2.
Definition: std_expr.h:1291
exists_exprt
An exists expression.
Definition: mathematical_expr.h:380
exprt
Base class for all expressions.
Definition: expr.h:56
exprt::is_true
bool is_true() const
Return whether the expression is a constant representing true.
Definition: expr.cpp:27
exprt::visit_pre
void visit_pre(std::function< void(exprt &)>)
Definition: expr.cpp:227
exprt::type
typet & type()
Return the type of the expression.
Definition: expr.h:84
exprt::operands
operandst & operands()
Definition: expr.h:94
extractbit_exprt
Extracts a single bit of a bit-vector operand.
Definition: bitvector_expr.h:381
extractbits_exprt
Extracts a sub-range of a bit-vector operand.
Definition: bitvector_expr.h:448
extractbits_exprt::index
exprt & index()
Definition: bitvector_expr.h:470
extractbits_exprt::src
exprt & src()
Definition: bitvector_expr.h:465
floatbv_typecast_exprt
Semantic type conversion from/to floating-point formats.
Definition: floatbv_expr.h:19
forall_exprt
A forall expression.
Definition: mathematical_expr.h:338
ieee_float_equal_exprt
IEEE-floating-point equality.
Definition: floatbv_expr.h:264
ieee_float_notequal_exprt
IEEE floating-point disequality.
Definition: floatbv_expr.h:312
ieee_float_op_exprt
IEEE floating-point operations These have two data operands (op0 and op1) and one rounding mode (op2)...
Definition: floatbv_expr.h:364
if_exprt
The trinary if-then-else operator.
Definition: std_expr.h:2370
if_exprt::true_case
exprt & true_case()
Definition: std_expr.h:2397
if_exprt::false_case
exprt & false_case()
Definition: std_expr.h:2407
if_exprt::cond
exprt & cond()
Definition: std_expr.h:2387
implies_exprt
Boolean implication.
Definition: std_expr.h:2183
index_exprt
Array index operator.
Definition: std_expr.h:1465
index_exprt::array
exprt & array()
Definition: std_expr.h:1495
index_exprt::index
exprt & index()
Definition: std_expr.h:1505
integer_typet
Unbounded, signed integers (mathematical integers, not bitvectors)
Definition: mathematical_types.h:24
irept::pretty
std::string pretty(unsigned indent=0, unsigned max_indent=0) const
Definition: irep.cpp:482
irept::id
const irep_idt & id() const
Definition: irep.h:388
is_dynamic_object_exprt
Evaluates to true if the operand is a pointer to a dynamic object.
Definition: pointer_expr.h:335
is_dynamic_object_exprt::address
exprt & address()
Definition: pointer_expr.h:342
is_invalid_pointer_exprt
Definition: pointer_predicates.h:36
isfinite_exprt
Evaluates to true if the operand is finite.
Definition: floatbv_expr.h:176
isinf_exprt
Evaluates to true if the operand is infinite.
Definition: floatbv_expr.h:132
isnan_exprt
Evaluates to true if the operand is NaN.
Definition: floatbv_expr.h:88
isnormal_exprt
Evaluates to true if the operand is a normal number.
Definition: floatbv_expr.h:220
let_exprt
A let expression.
Definition: std_expr.h:3204
literal_exprt
Definition: literal_expr.h:18
member_exprt
Extract member of struct or union.
Definition: std_expr.h:2844
minus_exprt
Binary minus.
Definition: std_expr.h:1061
minus_overflow_exprt
Definition: bitvector_expr.h:976
mod_exprt
Modulo defined as lhs-(rhs * truncate(lhs/rhs)).
Definition: std_expr.h:1223
mult_exprt
Binary multiplication Associativity is not specified.
Definition: std_expr.h:1107
mult_overflow_exprt
Definition: bitvector_expr.h:995
multi_ary_exprt
A base class for multi-ary expressions Associativity is not specified.
Definition: std_expr.h:912
nondet_symbol_exprt
Expression to hold a nondeterministic choice.
Definition: std_expr.h:292
nondet_symbol_exprt::get_identifier
const irep_idt & get_identifier() const
Definition: std_expr.h:320
not_exprt
Boolean negation.
Definition: std_expr.h:2327
notequal_exprt
Disequality.
Definition: std_expr.h:1420
object_size_exprt
Expression for finding the size (in bytes) of the object a pointer points to.
Definition: pointer_expr.h:1399
or_exprt
Boolean OR.
Definition: std_expr.h:2228
plus_exprt
The plus expression Associativity is not specified.
Definition: std_expr.h:1002
plus_overflow_exprt
Definition: bitvector_expr.h:957
pointer_object_exprt
A numerical identifier for the object a pointer points to.
Definition: pointer_expr.h:1340
pointer_offset_exprt
The offset (in bytes) of a pointer relative to the object.
Definition: pointer_expr.h:1282
pointer_typet
The pointer type These are both 'bitvector_typet' (they have a width) and 'type_with_subtypet' (they ...
Definition: pointer_expr.h:24
pointer_typet::base_type
const typet & base_type() const
The type of the data what we point to.
Definition: pointer_expr.h:35
popcount_exprt
The popcount (counting the number of bits set to 1) expression.
Definition: bitvector_expr.h:810
prophecy_pointer_in_range_exprt
pointer_in_range (see pointer_in_range_exprt) with prophecy expressions to encode whether a pointer r...
Definition: pointer_expr.h:453
prophecy_r_or_w_ok_exprt
A base class for a predicate that indicates that an address range is ok to read or write or both.
Definition: pointer_expr.h:1019
replication_exprt
Bit-vector replication.
Definition: bitvector_expr.h:695
shift_exprt
A base class for shift and rotate operators.
Definition: bitvector_expr.h:230
shl_overflow_exprt
Definition: bitvector_expr.h:1014
sign_exprt
Sign of an expression Predicate is true if _op is negative, false otherwise.
Definition: std_expr.h:596
smt_array_sortt
Definition: smt_sorts.h:91
smt_array_theoryt::store
static const smt_function_application_termt::factoryt< storet > store
Definition: smt_array_theory.h:34
smt_array_theoryt::select
static const smt_function_application_termt::factoryt< selectt > select
Definition: smt_array_theory.h:20
smt_bit_vector_constant_termt
Definition: smt_terms.h:117
smt_bit_vector_sortt
Definition: smt_sorts.h:84
smt_bit_vector_sortt::bit_width
std::size_t bit_width() const
Definition: smt_sorts.cpp:62
smt_bit_vector_theoryt::make_or
static const smt_function_application_termt::factoryt< ort > make_or
Definition: smt_bit_vector_theory.h:63
smt_bit_vector_theoryt::unsigned_less_than_or_equal
static const smt_function_application_termt::factoryt< unsigned_less_than_or_equalt > unsigned_less_than_or_equal
Definition: smt_bit_vector_theory.h:123
smt_bit_vector_theoryt::signed_less_than_or_equal
static const smt_function_application_termt::factoryt< signed_less_than_or_equalt > signed_less_than_or_equal
Definition: smt_bit_vector_theory.h:161
smt_bit_vector_theoryt::add
static const smt_function_application_termt::factoryt< addt > add
Definition: smt_bit_vector_theory.h:188
smt_bit_vector_theoryt::arithmetic_shift_right
static const smt_function_application_termt::factoryt< arithmetic_shift_rightt > arithmetic_shift_right
Definition: smt_bit_vector_theory.h:276
smt_bit_vector_theoryt::signed_greater_than_or_equal
static const smt_function_application_termt::factoryt< signed_greater_than_or_equalt > signed_greater_than_or_equal
Definition: smt_bit_vector_theory.h:180
smt_bit_vector_theoryt::unsigned_greater_than
static const smt_function_application_termt::factoryt< unsigned_greater_thant > unsigned_greater_than
Definition: smt_bit_vector_theory.h:132
smt_bit_vector_theoryt::unsigned_remainder
static const smt_function_application_termt::factoryt< unsigned_remaindert > unsigned_remainder
Definition: smt_bit_vector_theory.h:231
smt_bit_vector_theoryt::unsigned_greater_than_or_equal
static const smt_function_application_termt::factoryt< unsigned_greater_than_or_equalt > unsigned_greater_than_or_equal
Definition: smt_bit_vector_theory.h:142
smt_bit_vector_theoryt::make_xor
static const smt_function_application_termt::factoryt< xort > make_xor
Definition: smt_bit_vector_theory.h:87
smt_bit_vector_theoryt::make_not
static const smt_function_application_termt::factoryt< nott > make_not
Definition: smt_bit_vector_theory.h:47
smt_bit_vector_theoryt::shift_left
static const smt_function_application_termt::factoryt< shift_leftt > shift_left
Definition: smt_bit_vector_theory.h:258
smt_bit_vector_theoryt::multiply
static const smt_function_application_termt::factoryt< multiplyt > multiply
Definition: smt_bit_vector_theory.h:204
smt_bit_vector_theoryt::sign_extend
static smt_function_application_termt::factoryt< sign_extendt > sign_extend(std::size_t i)
Definition: smt_bit_vector_theory.cpp:788
smt_bit_vector_theoryt::signed_less_than
static const smt_function_application_termt::factoryt< signed_less_thant > signed_less_than
Definition: smt_bit_vector_theory.h:151
smt_bit_vector_theoryt::zero_extend
static smt_function_application_termt::factoryt< zero_extendt > zero_extend(std::size_t i)
Definition: smt_bit_vector_theory.cpp:759
smt_bit_vector_theoryt::extract
static smt_function_application_termt::factoryt< extractt > extract(std::size_t i, std::size_t j)
Makes a factory for extract function applications.
Definition: smt_bit_vector_theory.cpp:79
smt_bit_vector_theoryt::signed_greater_than
static const smt_function_application_termt::factoryt< signed_greater_thant > signed_greater_than
Definition: smt_bit_vector_theory.h:170
smt_bit_vector_theoryt::logical_shift_right
static const smt_function_application_termt::factoryt< logical_shift_rightt > logical_shift_right
Definition: smt_bit_vector_theory.h:267
smt_bit_vector_theoryt::negate
static const smt_function_application_termt::factoryt< negatet > negate
Arithmetic negation in two's complement.
Definition: smt_bit_vector_theory.h:249
smt_bit_vector_theoryt::concat
static const smt_function_application_termt::factoryt< concatt > concat
Definition: smt_bit_vector_theory.h:17
smt_bit_vector_theoryt::unsigned_divide
static const smt_function_application_termt::factoryt< unsigned_dividet > unsigned_divide
Definition: smt_bit_vector_theory.h:213
smt_bit_vector_theoryt::unsigned_less_than
static const smt_function_application_termt::factoryt< unsigned_less_thant > unsigned_less_than
Definition: smt_bit_vector_theory.h:113
smt_bit_vector_theoryt::signed_divide
static const smt_function_application_termt::factoryt< signed_dividet > signed_divide
Definition: smt_bit_vector_theory.h:222
smt_bit_vector_theoryt::signed_remainder
static const smt_function_application_termt::factoryt< signed_remaindert > signed_remainder
Definition: smt_bit_vector_theory.h:240
smt_bit_vector_theoryt::subtract
static const smt_function_application_termt::factoryt< subtractt > subtract
Definition: smt_bit_vector_theory.h:196
smt_bit_vector_theoryt::make_and
static const smt_function_application_termt::factoryt< andt > make_and
Definition: smt_bit_vector_theory.h:55
smt_bool_literal_termt
Definition: smt_terms.h:77
smt_bool_sortt
Definition: smt_sorts.h:78
smt_core_theoryt::distinct
static const smt_function_application_termt::factoryt< distinctt > distinct
Makes applications of the function which returns true iff its two arguments are not identical.
Definition: smt_core_theory.h:67
smt_core_theoryt::if_then_else
static const smt_function_application_termt::factoryt< if_then_elset > if_then_else
Definition: smt_core_theory.h:82
smt_core_theoryt::implies
static const smt_function_application_termt::factoryt< impliest > implies
Definition: smt_core_theory.h:25
smt_core_theoryt::make_or
static const smt_function_application_termt::factoryt< ort > make_or
Definition: smt_core_theory.h:41
smt_core_theoryt::equal
static const smt_function_application_termt::factoryt< equalt > equal
Definition: smt_core_theory.h:57
smt_core_theoryt::make_and
static const smt_function_application_termt::factoryt< andt > make_and
Definition: smt_core_theory.h:33
smt_core_theoryt::make_xor
static const smt_function_application_termt::factoryt< xort > make_xor
Definition: smt_core_theory.h:49
smt_core_theoryt::make_not
static const smt_function_application_termt::factoryt< nott > make_not
Definition: smt_core_theory.h:17
smt_function_application_termt::factoryt< smt_command_functiont >
smt_identifier_termt
Stores identifiers in unescaped and unquoted form.
Definition: smt_terms.h:93
smt_sort_const_downcast_visitort
Definition: smt_sorts.h:101
smt_sortt
Definition: smt_sorts.h:18
smt_sortt::pretty
std::string pretty(unsigned indent=0, unsigned max_indent=0) const
Definition: irep.cpp:482
smt_sortt::cast
const sub_classt * cast() const &
smt_sortt::accept
void accept(smt_sort_const_downcast_visitort &) const
Definition: smt_sorts.cpp:97
smt_termt
Definition: smt_terms.h:21
smt_termt::get_sort
const smt_sortt & get_sort() const
Definition: smt_terms.cpp:36
string_constantt
Definition: string_constant.h:15
struct_exprt
Struct constructor from list of elements.
Definition: std_expr.h:1872
symbol_exprt
Expression to hold a symbol (variable)
Definition: std_expr.h:131
symbol_exprt::get_identifier
const irep_idt & get_identifier() const
Definition: std_expr.h:160
typecast_exprt
Semantic type conversion.
Definition: std_expr.h:2068
typet
The type of an expression, extends irept.
Definition: type.h:29
unary_exprt::op
const exprt & op() const
Definition: std_expr.h:391
unary_minus_exprt
The unary minus expression.
Definition: std_expr.h:484
unary_plus_exprt
The unary plus expression.
Definition: std_expr.h:531
union_exprt
Union constructor from single element.
Definition: std_expr.h:1765
update_exprt
Operator to update elements in structs and arrays.
Definition: std_expr.h:2655
vector_exprt
Vector constructor from list of elements.
Definition: std_expr.h:1729
with_exprt
Operator to update elements in structs and arrays.
Definition: std_expr.h:2471
with_exprt::old
exprt & old()
Definition: std_expr.h:2481
xor_exprt
Boolean XOR.
Definition: std_expr.h:2291
zero_extend_exprt
zero extension The operand is converted to the given type by either a) truncating if the new type is ...
Definition: bitvector_expr.h:1672
extension_for_type
static std::function< std::function< smt_termt(smt_termt)>std::size_t)> extension_for_type(const typet &type)
Definition: convert_expr_to_smt.cpp:160
filtered_visit_post
void filtered_visit_post(const exprt &_expr, std::function< bool(const exprt &)> filter, std::function< void(const exprt &)> visitor)
Post order traversal where the children of a node are only visited if applying the filter function to...
Definition: convert_expr_to_smt.cpp:1900
lower_address_of_array_index
exprt lower_address_of_array_index(exprt expr)
Lower the address_of(array[idx]) sub expressions in expr to idx + address_of(array),...
Definition: convert_expr_to_smt.cpp:1878
convert_bit_vector_cast
static smt_termt convert_bit_vector_cast(const smt_termt &from_term, const typet &from_type, const bitvector_typet &to_type)
Definition: convert_expr_to_smt.cpp:242
most_significant_bit_is_set
static smt_termt most_significant_bit_is_set(const smt_termt &input)
Constructs a term which is true if the most significant bit of input is set.
Definition: convert_expr_to_smt.cpp:1201
convert_array_update_to_smt
static smt_termt convert_array_update_to_smt(const with_exprt &with, const sub_expression_mapt &converted)
Definition: convert_expr_to_smt.cpp:1005
make_bitvector_resize_cast
static smt_termt make_bitvector_resize_cast(const smt_termt &from_term, const bitvector_typet &from_type, const bitvector_typet &to_type)
Definition: convert_expr_to_smt.cpp:173
try_relational_conversion
static std::optional< smt_termt > try_relational_conversion(const exprt &expr, const sub_expression_mapt &converted)
Definition: convert_expr_to_smt.cpp:593
convert_multiary_operator_to_terms
static smt_termt convert_multiary_operator_to_terms(const multi_ary_exprt &expr, const sub_expression_mapt &converted, const factoryt &factory)
Converts operator expressions with 2 or more operands to terms expressed as binary operator applicati...
Definition: convert_expr_to_smt.cpp:52
sub_expression_mapt
std::unordered_map< exprt, smt_termt, irep_hash > sub_expression_mapt
Post order visitation is used in order to construct the the smt terms bottom upwards without using re...
Definition: convert_expr_to_smt.cpp:37
make_not_zero
static smt_termt make_not_zero(const smt_termt &input, const typet &source_type)
Makes a term which is true if input is not 0 / false.
Definition: convert_expr_to_smt.cpp:134
convert_relational_to_smt
static smt_termt convert_relational_to_smt(const binary_relation_exprt &binary_relation, const unsigned_factory_typet &unsigned_factory, const signed_factory_typet &signed_factory, const sub_expression_mapt &converted)
Definition: convert_expr_to_smt.cpp:553
dispatch_expr_to_smt_conversion
static smt_termt dispatch_expr_to_smt_conversion(const exprt &expr, const sub_expression_mapt &converted, const smt_object_mapt &object_map, const type_size_mapt &pointer_sizes, const smt_object_sizet::make_applicationt &call_object_size, const smt_is_dynamic_objectt::make_applicationt &apply_is_dynamic_object)
Definition: convert_expr_to_smt.cpp:1499
convert_to_smt_shift
static smt_termt convert_to_smt_shift(const factoryt &factory, const shiftt &shift, const sub_expression_mapt &converted)
Definition: convert_expr_to_smt.cpp:937
convert_type_to_smt_sort
static smt_sortt convert_type_to_smt_sort(const bool_typet &type)
Definition: convert_expr_to_smt.cpp:82
at_scope_exit
at_scope_exitt< functiont > at_scope_exit(functiont exit_function)
Definition: convert_expr_to_smt.cpp:1872
convert_c_bool_cast
static smt_termt convert_c_bool_cast(const smt_termt &from_term, const typet &from_type, const bitvector_typet &to_type)
Returns a cast to C bool expressed in smt terms.
Definition: convert_expr_to_smt.cpp:147
operands_are_of_type
static bool operands_are_of_type(const exprt &expr)
Ensures that all operands of the argument expression have related types.
Definition: convert_expr_to_smt.cpp:74
convert_expr_to_smt
static smt_termt convert_expr_to_smt(const symbol_exprt &symbol_expr)
Definition: convert_expr_to_smt.cpp:116
convert_expr_to_smt.h
expr_cast.h
Templated functions to cast to specific exprt-derived classes.
floatbv_expr.h
API to expression classes for floating-point arithmetic.
from_type
std::string from_type(const namespacet &ns, const irep_idt &identifier, const typet &type)
Definition: language_util.cpp:52
literal_expr.h
mathematical_expr.h
API to expression classes for 'mathematical' expressions.
exists
mini_bddt exists(const mini_bddt &u, const unsigned var)
Definition: miniBDD.cpp:556
bitwise_xor
mp_integer bitwise_xor(const mp_integer &a, const mp_integer &b)
bitwise 'xor' of two nonnegative integers
Definition: mp_arith.cpp:239
make_invalid_pointer_expr
exprt make_invalid_pointer_expr()
Create the invalid pointer constant.
Definition: object_tracking.cpp:13
find_object_base_expression
exprt find_object_base_expression(const address_of_exprt &address_of)
The model of addresses we use consists of a unique object identifier and an offset.
Definition: object_tracking.cpp:18
smt_object_mapt
std::unordered_map< exprt, decision_procedure_objectt, irep_hash > smt_object_mapt
Mapping from an object's base expression to the set of information about it which we track.
Definition: object_tracking.h:91
pointer_expr.h
API to expression classes for Pointers.
can_cast_type< pointer_typet >
bool can_cast_type< pointer_typet >(const typet &type)
Check whether a reference to a typet is a pointer_typet.
Definition: pointer_expr.h:80
to_pointer_type
const pointer_typet & to_pointer_type(const typet &type)
Cast a typet to a pointer_typet.
Definition: pointer_expr.h:93
pointer_offset
exprt pointer_offset(const exprt &pointer)
Definition: pointer_predicates.cpp:38
object_size
exprt object_size(const exprt &pointer)
Definition: pointer_predicates.cpp:33
pointer_object
exprt pointer_object(const exprt &p)
Definition: pointer_predicates.cpp:23
pointer_predicates.h
Various predicates over pointers in programs.
range.h
Ranges: pair of begin and end iterators, which can be initialized from containers,...
make_range
ranget< iteratort > make_range(iteratort begin, iteratort end)
Definition: range.h:522
smt_array_theory.h
smt_bit_vector_theory.h
smt_core_theory.h
UNIMPLEMENTED_FEATURE
#define UNIMPLEMENTED_FEATURE(FEATURE)
Definition: invariant.h:549
UNREACHABLE
#define UNREACHABLE
This should be used to mark dead code.
Definition: invariant.h:525
PRECONDITION
#define PRECONDITION(CONDITION)
Definition: invariant.h:463
INVARIANT
#define INVARIANT(CONDITION, REASON)
This macro uses the wrapper function 'invariant_violated_string'.
Definition: invariant.h:423
UNHANDLED_CASE
#define UNHANDLED_CASE
Definition: invariant.h:559
POSTCONDITION
#define POSTCONDITION(CONDITION)
Definition: invariant.h:479
UNREACHABLE_BECAUSE
#define UNREACHABLE_BECAUSE(REASON)
Definition: invariant.h:526
std_expr.h
API to expression classes.
to_binary_expr
const binary_exprt & to_binary_expr(const exprt &expr)
Cast an exprt to a binary_exprt.
Definition: std_expr.h:715
to_unary_expr
const unary_exprt & to_unary_expr(const exprt &expr)
Cast an exprt to a unary_exprt.
Definition: std_expr.h:426
can_cast_type< array_typet >
bool can_cast_type< array_typet >(const typet &type)
Check whether a reference to a typet is a array_typet.
Definition: std_types.h:875
can_cast_type< code_typet >
bool can_cast_type< code_typet >(const typet &type)
Check whether a reference to a typet is a code_typet.
Definition: std_types.h:775
can_cast_type< bitvector_typet >
bool can_cast_type< bitvector_typet >(const typet &type)
Check whether a reference to a typet is a bitvector_typet.
Definition: std_types.h:952
string_constant.h
to_string
std::string to_string(const string_not_contains_constraintt &expr)
Used for debug printing.
Definition: string_constraint.cpp:58
less_than
binary_relation_exprt less_than(exprt lhs, exprt rhs)
Definition: string_expr.h:49
greater_than
binary_relation_exprt greater_than(exprt lhs, exprt rhs)
Definition: string_expr.h:26
at_scope_exitt
Definition: convert_expr_to_smt.cpp:1859
at_scope_exitt::exit_function
functiont exit_function
Definition: convert_expr_to_smt.cpp:1868
at_scope_exitt::~at_scope_exitt
~at_scope_exitt()
Definition: convert_expr_to_smt.cpp:1864
at_scope_exitt::at_scope_exitt
at_scope_exitt(functiont exit_function)
Definition: convert_expr_to_smt.cpp:1860
configt::bv_encodingt::object_bits
std::size_t object_bits
Definition: config.h:355
sort_based_cast_to_bit_vector_convertert
Definition: convert_expr_to_smt.cpp:204
sort_based_cast_to_bit_vector_convertert::visit
void visit(const smt_array_sortt &) override
Definition: convert_expr_to_smt.cpp:234
sort_based_cast_to_bit_vector_convertert::from_term
const smt_termt & from_term
Definition: convert_expr_to_smt.cpp:205
sort_based_cast_to_bit_vector_convertert::sort_based_cast_to_bit_vector_convertert
sort_based_cast_to_bit_vector_convertert(const smt_termt &from_term, const typet &from_type, const bitvector_typet &to_type)
Definition: convert_expr_to_smt.cpp:210
sort_based_cast_to_bit_vector_convertert::visit
void visit(const smt_bool_sortt &) override
Definition: convert_expr_to_smt.cpp:218
sort_based_cast_to_bit_vector_convertert::to_type
const bitvector_typet & to_type
Definition: convert_expr_to_smt.cpp:207
sort_based_cast_to_bit_vector_convertert::from_type
const typet & from_type
Definition: convert_expr_to_smt.cpp:206
sort_based_cast_to_bit_vector_convertert::visit
void visit(const smt_bit_vector_sortt &) override
Definition: convert_expr_to_smt.cpp:224
sort_based_cast_to_bit_vector_convertert::result
std::optional< smt_termt > result
Definition: convert_expr_to_smt.cpp:208
sort_based_literal_convertert
Definition: convert_expr_to_smt.cpp:299
sort_based_literal_convertert::visit
void visit(const smt_array_sortt &array_sort) override
Definition: convert_expr_to_smt.cpp:322
sort_based_literal_convertert::visit
void visit(const smt_bit_vector_sortt &bit_vector_sort) override
Definition: convert_expr_to_smt.cpp:313
sort_based_literal_convertert::result
std::optional< smt_termt > result
Definition: convert_expr_to_smt.cpp:301
sort_based_literal_convertert::member_input
const constant_exprt & member_input
Definition: convert_expr_to_smt.cpp:300
sort_based_literal_convertert::visit
void visit(const smt_bool_sortt &) override
Definition: convert_expr_to_smt.cpp:308
sort_based_literal_convertert::sort_based_literal_convertert
sort_based_literal_convertert(const constant_exprt &input)
Definition: convert_expr_to_smt.cpp:303
type_size_mapt
std::unordered_map< typet, smt_termt, irep_hash > type_size_mapt
Definition: type_size_mapping.h:18