CBMC
Loading...
Searching...
No Matches
simplify_expr.cpp
Go to the documentation of this file.
1/*******************************************************************\
2
3Module:
4
5Author: Daniel Kroening, kroening@kroening.com
6
7\*******************************************************************/
8
9#include "simplify_expr.h"
10
11#include <algorithm>
12
13#include "bitvector_expr.h"
14#include "byte_operators.h"
15#include "c_types.h"
16#include "config.h"
17#include "expr_util.h"
18#include "fixedbv.h"
19#include "floatbv_expr.h"
20#include "invariant.h"
21#include "mathematical_expr.h"
22#include "namespace.h"
23#include "pointer_expr.h"
24#include "pointer_offset_size.h"
25#include "pointer_offset_sum.h"
26#include "rational.h"
27#include "rational_tools.h"
28#include "simplify_utils.h"
29#include "std_expr.h"
30#include "string_expr.h"
31
32// #define DEBUGX
33
34#ifdef DEBUGX
35#include "format_expr.h"
36#include <iostream>
37#endif
38
39#include "simplify_expr_class.h"
40
41// #define USE_CACHE
42
43#ifdef USE_CACHE
44struct simplify_expr_cachet
45{
46public:
47 #if 1
48 typedef std::unordered_map<
49 exprt, exprt, irep_full_hash, irep_full_eq> containert;
50 #else
51 typedef std::unordered_map<exprt, exprt, irep_hash> containert;
52 #endif
53
54 containert container_normal;
55
56 containert &container()
57 {
58 return container_normal;
59 }
60};
61
62simplify_expr_cachet simplify_expr_cache;
63#endif
64
65simplify_exprt::resultt<> simplify_exprt::simplify_abs(const abs_exprt &expr)
66{
67 if(expr.op().is_constant())
68 {
69 const typet &type = to_unary_expr(expr).op().type();
70
71 if(type.id()==ID_floatbv)
72 {
73 ieee_float_valuet value(to_constant_expr(to_unary_expr(expr).op()));
74 value.set_sign(false);
75 return value.to_expr();
76 }
77 else if(type.id()==ID_signedbv ||
78 type.id()==ID_unsignedbv)
79 {
80 auto value = numeric_cast<mp_integer>(to_unary_expr(expr).op());
81 if(value.has_value())
82 {
83 if(*value >= 0)
84 {
85 return to_unary_expr(expr).op();
86 }
87 else
88 {
89 value->negate();
90 return from_integer(*value, type);
91 }
92 }
93 }
94 }
95
96 return unchanged(expr);
97}
98
99simplify_exprt::resultt<> simplify_exprt::simplify_sign(const sign_exprt &expr)
100{
101 if(expr.op().is_constant())
102 {
103 const typet &type = expr.op().type();
104
105 if(type.id()==ID_floatbv)
106 {
107 ieee_float_valuet value(to_constant_expr(expr.op()));
108 return make_boolean_expr(value.get_sign());
109 }
110 else if(type.id()==ID_signedbv ||
111 type.id()==ID_unsignedbv)
112 {
113 const auto value = numeric_cast<mp_integer>(expr.op());
114 if(value.has_value())
115 {
116 return make_boolean_expr(*value >= 0);
117 }
118 }
119 }
120
121 return unchanged(expr);
122}
123
124simplify_exprt::resultt<>
125simplify_exprt::simplify_popcount(const popcount_exprt &expr)
126{
127 const exprt &op = expr.op();
128
129 if(op.is_constant())
130 {
131 const typet &op_type = op.type();
132
133 if(op_type.id() == ID_signedbv || op_type.id() == ID_unsignedbv)
134 {
135 const auto width = to_bitvector_type(op_type).get_width();
136 const auto &value = to_constant_expr(op).get_value();
137 std::size_t result = 0;
138
139 for(std::size_t i = 0; i < width; i++)
140 if(get_bvrep_bit(value, width, i))
141 result++;
142
143 return from_integer(result, expr.type());
144 }
145 }
146
147 return unchanged(expr);
148}
149
150simplify_exprt::resultt<>
151simplify_exprt::simplify_clz(const count_leading_zeros_exprt &expr)
152{
153 const bool is_little_endian =
154 config.ansi_c.endianness == configt::ansi_ct::endiannesst::IS_LITTLE_ENDIAN;
155
156 const auto const_bits_opt = expr2bits(expr.op(), is_little_endian, ns);
157
158 if(!const_bits_opt.has_value())
159 return unchanged(expr);
160
161 std::size_t n_leading_zeros =
162 is_little_endian ? const_bits_opt->rfind('1') : const_bits_opt->find('1');
163 if(n_leading_zeros == std::string::npos)
164 {
165 if(!expr.zero_permitted())
166 return unchanged(expr);
167
168 n_leading_zeros = const_bits_opt->size();
169 }
170 else if(is_little_endian)
171 n_leading_zeros = const_bits_opt->size() - n_leading_zeros - 1;
172
173 return from_integer(n_leading_zeros, expr.type());
174}
175
176simplify_exprt::resultt<>
177simplify_exprt::simplify_ctz(const count_trailing_zeros_exprt &expr)
178{
179 const bool is_little_endian =
180 config.ansi_c.endianness == configt::ansi_ct::endiannesst::IS_LITTLE_ENDIAN;
181
182 const auto const_bits_opt = expr2bits(expr.op(), is_little_endian, ns);
183
184 if(!const_bits_opt.has_value())
185 return unchanged(expr);
186
187 std::size_t n_trailing_zeros =
188 is_little_endian ? const_bits_opt->find('1') : const_bits_opt->rfind('1');
189 if(n_trailing_zeros == std::string::npos)
190 {
191 if(!expr.zero_permitted())
192 return unchanged(expr);
193
194 n_trailing_zeros = const_bits_opt->size();
195 }
196 else if(!is_little_endian)
197 n_trailing_zeros = const_bits_opt->size() - n_trailing_zeros - 1;
198
199 return from_integer(n_trailing_zeros, expr.type());
200}
201
202simplify_exprt::resultt<>
203simplify_exprt::simplify_ffs(const find_first_set_exprt &expr)
204{
205 const bool is_little_endian =
206 config.ansi_c.endianness == configt::ansi_ct::endiannesst::IS_LITTLE_ENDIAN;
207
208 const auto const_bits_opt = expr2bits(expr.op(), is_little_endian, ns);
209
210 if(!const_bits_opt.has_value())
211 return unchanged(expr);
212
213 std::size_t first_one_bit =
214 is_little_endian ? const_bits_opt->find('1') : const_bits_opt->rfind('1');
215 if(first_one_bit == std::string::npos)
216 first_one_bit = 0;
217 else if(is_little_endian)
218 ++first_one_bit;
219 else
220 first_one_bit = const_bits_opt->size() - first_one_bit;
221
222 return from_integer(first_one_bit, expr.type());
223}
224
229static simplify_exprt::resultt<> simplify_string_endswith(
230 const function_application_exprt &expr,
231 const namespacet &ns)
232{
233 const refined_string_exprt &s1 = to_string_expr(expr.arguments().at(0));
234 const auto s1_data_opt = try_get_string_data_array(s1.content(), ns);
235
236 if(!s1_data_opt)
237 return simplify_exprt::unchanged(expr);
238
239 const array_exprt &s1_data = s1_data_opt->get();
240 const refined_string_exprt &s2 = to_string_expr(expr.arguments().at(1));
241 const auto s2_data_opt = try_get_string_data_array(s2.content(), ns);
242
243 if(!s2_data_opt)
244 return simplify_exprt::unchanged(expr);
245
246 const array_exprt &s2_data = s2_data_opt->get();
247 const bool res = s2_data.operands().size() <= s1_data.operands().size() &&
248 std::equal(
249 s2_data.operands().rbegin(),
250 s2_data.operands().rend(),
251 s1_data.operands().rbegin());
252
253 return from_integer(res ? 1 : 0, expr.type());
254}
255
257static simplify_exprt::resultt<> simplify_string_contains(
258 const function_application_exprt &expr,
259 const namespacet &ns)
260{
261 // We want to get both arguments of any starts-with comparison, and
262 // trace them back to the actual string instance. All variables on the
263 // way must be constant for us to be sure this will work.
264 auto &first_argument = to_string_expr(expr.arguments().at(0));
265 auto &second_argument = to_string_expr(expr.arguments().at(1));
266
267 const auto first_value_opt =
268 try_get_string_data_array(first_argument.content(), ns);
269
270 if(!first_value_opt)
271 {
272 return simplify_exprt::unchanged(expr);
273 }
274
275 const array_exprt &first_value = first_value_opt->get();
276
277 const auto second_value_opt =
278 try_get_string_data_array(second_argument.content(), ns);
279
280 if(!second_value_opt)
281 {
282 return simplify_exprt::unchanged(expr);
283 }
284
285 const array_exprt &second_value = second_value_opt->get();
286
287 // Is our 'contains' array directly contained in our target.
288 const bool includes =
289 std::search(
290 first_value.operands().begin(),
291 first_value.operands().end(),
292 second_value.operands().begin(),
293 second_value.operands().end()) != first_value.operands().end();
294
295 return from_integer(includes ? 1 : 0, expr.type());
296}
297
302static simplify_exprt::resultt<> simplify_string_is_empty(
303 const function_application_exprt &expr,
304 const namespacet &ns)
305{
306 const function_application_exprt &function_app =
307 to_function_application_expr(expr);
308 const refined_string_exprt &s =
309 to_string_expr(function_app.arguments().at(0));
310
311 if(!s.length().is_constant())
312 return simplify_exprt::unchanged(expr);
313
314 const auto numeric_length =
315 numeric_cast_v<mp_integer>(to_constant_expr(s.length()));
316
317 return from_integer(numeric_length == 0 ? 1 : 0, expr.type());
318}
319
327static simplify_exprt::resultt<> simplify_string_compare_to(
328 const function_application_exprt &expr,
329 const namespacet &ns)
330{
331 const refined_string_exprt &s1 = to_string_expr(expr.arguments().at(0));
332 const auto s1_data_opt = try_get_string_data_array(s1.content(), ns);
333
334 if(!s1_data_opt)
335 return simplify_exprt::unchanged(expr);
336
337 const refined_string_exprt &s2 = to_string_expr(expr.arguments().at(1));
338 const auto s2_data_opt = try_get_string_data_array(s2.content(), ns);
339
340 if(!s2_data_opt)
341 return simplify_exprt::unchanged(expr);
342
343 const array_exprt &s1_data = s1_data_opt->get();
344 const array_exprt &s2_data = s2_data_opt->get();
345
346 if(s1_data.operands() == s2_data.operands())
347 return from_integer(0, expr.type());
348
349 const mp_integer s1_size = s1_data.operands().size();
350 const mp_integer s2_size = s2_data.operands().size();
351 const bool first_shorter = s1_size < s2_size;
352 const exprt::operandst &ops1 =
353 first_shorter ? s1_data.operands() : s2_data.operands();
354 const exprt::operandst &ops2 =
355 first_shorter ? s2_data.operands() : s1_data.operands();
356 auto it_pair = std::mismatch(ops1.begin(), ops1.end(), ops2.begin());
357
358 if(it_pair.first == ops1.end())
359 return from_integer(s1_size - s2_size, expr.type());
360
361 const mp_integer char1 =
362 numeric_cast_v<mp_integer>(to_constant_expr(*it_pair.first));
363 const mp_integer char2 =
364 numeric_cast_v<mp_integer>(to_constant_expr(*it_pair.second));
365
366 return from_integer(
367 first_shorter ? char1 - char2 : char2 - char1, expr.type());
368}
369
376static simplify_exprt::resultt<> simplify_string_index_of(
377 const function_application_exprt &expr,
378 const namespacet &ns,
379 const bool search_from_end)
380{
381 std::size_t starting_index = 0;
382
383 // Determine starting index for the comparison (if given)
384 if(expr.arguments().size() == 3)
385 {
386 auto &starting_index_expr = expr.arguments().at(2);
387
388 if(!starting_index_expr.is_constant())
389 {
390 return simplify_exprt::unchanged(expr);
391 }
392
393 const mp_integer idx =
394 numeric_cast_v<mp_integer>(to_constant_expr(starting_index_expr));
395
396 // Negative indices are treated like 0
397 if(idx > 0)
398 {
399 starting_index = numeric_cast_v<std::size_t>(idx);
400 }
401 }
402
403 const refined_string_exprt &s1 = to_string_expr(expr.arguments().at(0));
404
405 const auto s1_data_opt = try_get_string_data_array(s1.content(), ns);
406
407 if(!s1_data_opt)
408 {
409 return simplify_exprt::unchanged(expr);
410 }
411
412 const array_exprt &s1_data = s1_data_opt->get();
413
414 const auto search_string_size = s1_data.operands().size();
415 if(starting_index >= search_string_size)
416 {
417 return from_integer(-1, expr.type());
418 }
419
420 unsigned long starting_offset =
421 starting_index > 0 ? (search_string_size - 1) - starting_index : 0;
422 if(can_cast_expr<refined_string_exprt>(expr.arguments().at(1)))
423 {
424 // Second argument is a string
425
426 const refined_string_exprt &s2 = to_string_expr(expr.arguments().at(1));
427
428 const auto s2_data_opt = try_get_string_data_array(s2.content(), ns);
429
430 if(!s2_data_opt)
431 {
432 return simplify_exprt::unchanged(expr);
433 }
434
435 const array_exprt &s2_data = s2_data_opt->get();
436
437 // Searching for empty string is a special case and is simply the
438 // "always found at the first searched position. This needs to take into
439 // account starting position and if you're starting from the beginning or
440 // end.
441 if(s2_data.operands().empty())
442 return from_integer(
443 search_from_end
444 ? starting_index > 0 ? starting_index : search_string_size
445 : 0,
446 expr.type());
447
448 if(search_from_end)
449 {
450 auto end = std::prev(s1_data.operands().end(), starting_offset);
451 auto it = std::find_end(
452 s1_data.operands().begin(),
453 end,
454 s2_data.operands().begin(),
455 s2_data.operands().end());
456 if(it != end)
457 return from_integer(
458 std::distance(s1_data.operands().begin(), it), expr.type());
459 }
460 else
461 {
462 auto it = std::search(
463 std::next(s1_data.operands().begin(), starting_index),
464 s1_data.operands().end(),
465 s2_data.operands().begin(),
466 s2_data.operands().end());
467
468 if(it != s1_data.operands().end())
469 return from_integer(
470 std::distance(s1_data.operands().begin(), it), expr.type());
471 }
472 }
473 else if(expr.arguments().at(1).is_constant())
474 {
475 // Second argument is a constant character
476
477 const constant_exprt &c1 = to_constant_expr(expr.arguments().at(1));
478 const auto c1_val = numeric_cast_v<mp_integer>(c1);
479
480 auto pred = [&](const exprt &c2) {
481 const auto c2_val = numeric_cast_v<mp_integer>(to_constant_expr(c2));
482
483 return c1_val == c2_val;
484 };
485
486 if(search_from_end)
487 {
488 auto it = std::find_if(
489 std::next(s1_data.operands().rbegin(), starting_offset),
490 s1_data.operands().rend(),
491 pred);
492 if(it != s1_data.operands().rend())
493 return from_integer(
494 std::distance(s1_data.operands().begin(), it.base() - 1),
495 expr.type());
496 }
497 else
498 {
499 auto it = std::find_if(
500 std::next(s1_data.operands().begin(), starting_index),
501 s1_data.operands().end(),
502 pred);
503 if(it != s1_data.operands().end())
504 return from_integer(
505 std::distance(s1_data.operands().begin(), it), expr.type());
506 }
507 }
508 else
509 {
510 return simplify_exprt::unchanged(expr);
511 }
512
513 return from_integer(-1, expr.type());
514}
515
521static simplify_exprt::resultt<> simplify_string_char_at(
522 const function_application_exprt &expr,
523 const namespacet &ns)
524{
525 if(!expr.arguments().at(1).is_constant())
526 {
527 return simplify_exprt::unchanged(expr);
528 }
529
530 const auto &index = to_constant_expr(expr.arguments().at(1));
531
532 const refined_string_exprt &s = to_string_expr(expr.arguments().at(0));
533
534 const auto char_seq_opt = try_get_string_data_array(s.content(), ns);
535
536 if(!char_seq_opt)
537 {
538 return simplify_exprt::unchanged(expr);
539 }
540
541 const array_exprt &char_seq = char_seq_opt->get();
542
543 const auto i_opt = numeric_cast<std::size_t>(index);
544
545 if(!i_opt || *i_opt >= char_seq.operands().size())
546 {
547 return simplify_exprt::unchanged(expr);
548 }
549
550 const auto &c = to_constant_expr(char_seq.operands().at(*i_opt));
551
552 if(c.type() != expr.type())
553 {
554 return simplify_exprt::unchanged(expr);
555 }
556
557 return c;
558}
559
561static bool lower_case_string_expression(array_exprt &string_data)
562{
563 auto &operands = string_data.operands();
564 for(auto &operand : operands)
565 {
566 auto &constant_value = to_constant_expr(operand);
567 auto character = numeric_cast_v<unsigned int>(constant_value);
568
569 // Can't guarantee matches against non-ASCII characters.
570 if(character >= 128)
571 return false;
572
573 if(isalpha(character))
574 {
575 if(isupper(character))
576 constant_value =
577 from_integer(tolower(character), constant_value.type());
578 }
579 }
580
581 return true;
582}
583
589static simplify_exprt::resultt<> simplify_string_equals_ignore_case(
590 const function_application_exprt &expr,
591 const namespacet &ns)
592{
593 // We want to get both arguments of any starts-with comparison, and
594 // trace them back to the actual string instance. All variables on the
595 // way must be constant for us to be sure this will work.
596 auto &first_argument = to_string_expr(expr.arguments().at(0));
597 auto &second_argument = to_string_expr(expr.arguments().at(1));
598
599 const auto first_value_opt =
600 try_get_string_data_array(first_argument.content(), ns);
601
602 if(!first_value_opt)
603 {
604 return simplify_exprt::unchanged(expr);
605 }
606
607 array_exprt first_value = first_value_opt->get();
608
609 const auto second_value_opt =
610 try_get_string_data_array(second_argument.content(), ns);
611
612 if(!second_value_opt)
613 {
614 return simplify_exprt::unchanged(expr);
615 }
616
617 array_exprt second_value = second_value_opt->get();
618
619 // Just lower-case both expressions.
620 if(
621 !lower_case_string_expression(first_value) ||
622 !lower_case_string_expression(second_value))
623 return simplify_exprt::unchanged(expr);
624
625 bool is_equal = first_value == second_value;
626 return from_integer(is_equal ? 1 : 0, expr.type());
627}
628
634static simplify_exprt::resultt<> simplify_string_startswith(
635 const function_application_exprt &expr,
636 const namespacet &ns)
637{
638 // We want to get both arguments of any starts-with comparison, and
639 // trace them back to the actual string instance. All variables on the
640 // way must be constant for us to be sure this will work.
641 auto &first_argument = to_string_expr(expr.arguments().at(0));
642 auto &second_argument = to_string_expr(expr.arguments().at(1));
643
644 const auto first_value_opt =
645 try_get_string_data_array(first_argument.content(), ns);
646
647 if(!first_value_opt)
648 {
649 return simplify_exprt::unchanged(expr);
650 }
651
652 const array_exprt &first_value = first_value_opt->get();
653
654 const auto second_value_opt =
655 try_get_string_data_array(second_argument.content(), ns);
656
657 if(!second_value_opt)
658 {
659 return simplify_exprt::unchanged(expr);
660 }
661
662 const array_exprt &second_value = second_value_opt->get();
663
664 mp_integer offset_int = 0;
665 if(expr.arguments().size() == 3)
666 {
667 auto &offset = expr.arguments()[2];
668 if(!offset.is_constant())
669 return simplify_exprt::unchanged(expr);
670 offset_int = numeric_cast_v<mp_integer>(to_constant_expr(offset));
671 }
672
673 // test whether second_value is a prefix of first_value
674 bool is_prefix =
675 offset_int >= 0 && mp_integer(first_value.operands().size()) >=
676 offset_int + second_value.operands().size();
677 if(is_prefix)
678 {
679 exprt::operandst::const_iterator second_it =
680 second_value.operands().begin();
681 for(const auto &first_op : first_value.operands())
682 {
683 if(offset_int > 0)
684 --offset_int;
685 else if(second_it == second_value.operands().end())
686 break;
687 else if(first_op != *second_it)
688 {
689 is_prefix = false;
690 break;
691 }
692 else
693 ++second_it;
694 }
695 }
696
697 return from_integer(is_prefix ? 1 : 0, expr.type());
698}
699
700simplify_exprt::resultt<> simplify_exprt::simplify_function_application(
701 const function_application_exprt &expr)
702{
703 if(expr.function().id() == ID_lambda)
704 {
705 // expand the function application
706 return to_lambda_expr(expr.function()).application(expr.arguments());
707 }
708
709 if(expr.function().id() != ID_symbol)
710 return unchanged(expr);
711
712 const irep_idt &func_id = to_symbol_expr(expr.function()).get_identifier();
713
714 // String.startsWith() is used to implement String.equals() in the models
715 // library
716 if(func_id == ID_cprover_string_startswith_func)
717 {
718 return simplify_string_startswith(expr, ns);
719 }
720 else if(func_id == ID_cprover_string_endswith_func)
721 {
722 return simplify_string_endswith(expr, ns);
723 }
724 else if(func_id == ID_cprover_string_is_empty_func)
725 {
726 return simplify_string_is_empty(expr, ns);
727 }
728 else if(func_id == ID_cprover_string_compare_to_func)
729 {
730 return simplify_string_compare_to(expr, ns);
731 }
732 else if(func_id == ID_cprover_string_index_of_func)
733 {
734 return simplify_string_index_of(expr, ns, false);
735 }
736 else if(func_id == ID_cprover_string_char_at_func)
737 {
738 return simplify_string_char_at(expr, ns);
739 }
740 else if(func_id == ID_cprover_string_contains_func)
741 {
742 return simplify_string_contains(expr, ns);
743 }
744 else if(func_id == ID_cprover_string_last_index_of_func)
745 {
746 return simplify_string_index_of(expr, ns, true);
747 }
748 else if(func_id == ID_cprover_string_equals_ignore_case_func)
749 {
750 return simplify_string_equals_ignore_case(expr, ns);
751 }
752
753 return unchanged(expr);
754}
755
756simplify_exprt::resultt<>
757simplify_exprt::simplify_typecast(const typecast_exprt &expr)
758{
759 const typet &expr_type = expr.type();
760 const typet &op_type = expr.op().type();
761
762 // eliminate casts of infinity
763 if(expr.op().id() == ID_infinity)
764 {
765 typet new_type=expr.type();
766 exprt tmp = expr.op();
767 tmp.type()=new_type;
768 return std::move(tmp);
769 }
770
771 // casts from NULL to any integer
772 if(
773 op_type.id() == ID_pointer && expr.op().is_constant() &&
774 to_constant_expr(expr.op()).get_value() == ID_NULL &&
775 (expr_type.id() == ID_unsignedbv || expr_type.id() == ID_signedbv) &&
776 config.ansi_c.NULL_is_zero)
777 {
778 return from_integer(0, expr_type);
779 }
780
781 // casts from pointer to integer
782 // where width of integer >= width of pointer
783 // (void*)(intX)expr -> (void*)expr
784 if(
785 expr_type.id() == ID_pointer && expr.op().id() == ID_typecast &&
786 (op_type.id() == ID_signedbv || op_type.id() == ID_unsignedbv ||
787 op_type.id() == ID_bv) &&
788 to_bitvector_type(op_type).get_width() >=
789 to_bitvector_type(expr_type).get_width())
790 {
791 auto new_expr = expr;
792 new_expr.op() = to_typecast_expr(expr.op()).op();
793 return changed(simplify_typecast(new_expr)); // rec. call
794 }
795
796 // eliminate redundant typecasts
797 if(expr.type() == expr.op().type())
798 {
799 return expr.op();
800 }
801
802 // eliminate casts to proper bool
803 if(expr_type.id()==ID_bool)
804 {
805 // rewrite (bool)x to x!=0
806 binary_relation_exprt inequality(
807 expr.op(),
808 op_type.id() == ID_floatbv ? ID_ieee_float_notequal : ID_notequal,
809 from_integer(0, op_type));
810 inequality.add_source_location()=expr.source_location();
811 return changed(simplify_node(inequality));
812 }
813
814 // eliminate casts from proper bool
815 if(
816 op_type.id() == ID_bool &&
817 (expr_type.id() == ID_signedbv || expr_type.id() == ID_unsignedbv ||
818 expr_type.id() == ID_c_bool || expr_type.id() == ID_c_bit_field))
819 {
820 // rewrite (T)(bool) to bool?1:0
821 auto one = from_integer(1, expr_type);
822 auto zero = from_integer(0, expr_type);
823 return changed(simplify_if_preorder(
824 if_exprt{expr.op(), std::move(one), std::move(zero)}));
825 }
826
827 // circular casts through types shorter than `int`
828 // we use fixed bit widths as this is specifically for the Java bytecode
829 // front-end
830 if(op_type == signedbv_typet(32) && expr.op().id() == ID_typecast)
831 {
832 if(expr_type==c_bool_typet(8) ||
833 expr_type==signedbv_typet(8) ||
834 expr_type==signedbv_typet(16) ||
835 expr_type==unsignedbv_typet(16))
836 {
837 // We checked that the id was ID_typecast in the enclosing `if`
838 const auto &typecast = expr_checked_cast<typecast_exprt>(expr.op());
839 if(typecast.op().type()==expr_type)
840 {
841 return typecast.op();
842 }
843 }
844 }
845
846 // eliminate casts to _Bool
847 if(expr_type.id()==ID_c_bool &&
848 op_type.id()!=ID_bool)
849 {
850 // rewrite (_Bool)x to (_Bool)(x!=0)
851 exprt inequality = is_not_zero(expr.op(), ns);
852 auto new_expr = expr;
853 new_expr.op() = simplify_node(std::move(inequality));
854 return changed(simplify_typecast(new_expr)); // recursive call
855 }
856
857 // eliminate typecasts from NULL
858 if(
859 expr_type.id() == ID_pointer && expr.op().is_constant() &&
860 (to_constant_expr(expr.op()).get_value() == ID_NULL ||
861 (expr.op() == 0 && config.ansi_c.NULL_is_zero)))
862 {
863 exprt tmp = expr.op();
864 tmp.type()=expr.type();
865 to_constant_expr(tmp).set_value(ID_NULL);
866 return std::move(tmp);
867 }
868
869 // eliminate duplicate pointer typecasts
870 // (T1 *)(T2 *)x -> (T1 *)x
871 if(
872 expr_type.id() == ID_pointer && expr.op().id() == ID_typecast &&
873 op_type.id() == ID_pointer)
874 {
875 auto new_expr = expr;
876 new_expr.op() = to_typecast_expr(expr.op()).op();
877 return changed(simplify_typecast(new_expr)); // recursive call
878 }
879
880 // casts from integer to pointer and back:
881 // (int)(void *)int -> (int)(size_t)int
882 if(
883 (expr_type.id() == ID_signedbv || expr_type.id() == ID_unsignedbv) &&
884 expr.op().id() == ID_typecast && expr.op().operands().size() == 1 &&
885 op_type.id() == ID_pointer)
886 {
887 auto inner_cast = to_typecast_expr(expr.op());
888 inner_cast.type() = size_type();
889
890 auto outer_cast = expr;
891 outer_cast.op() = simplify_typecast(inner_cast); // rec. call
892 return changed(simplify_typecast(outer_cast)); // rec. call
893 }
894
895 // mildly more elaborate version of the above:
896 // (int)((T*)0 + int) -> (int)(sizeof(T)*(size_t)int) if NULL is zero
897 if(
898 config.ansi_c.NULL_is_zero &&
899 (expr_type.id() == ID_signedbv || expr_type.id() == ID_unsignedbv) &&
900 op_type.id() == ID_pointer && expr.op().id() == ID_plus &&
901 expr.op().operands().size() == 2)
902 {
903 const auto &op_plus_expr = to_plus_expr(expr.op());
904
905 if(
906 (op_plus_expr.op0().id() == ID_typecast &&
907 to_typecast_expr(op_plus_expr.op0()).op() == 0) ||
908 (op_plus_expr.op0().is_constant() &&
909 to_constant_expr(op_plus_expr.op0()).is_null_pointer()))
910 {
911 auto sub_size =
912 pointer_offset_size(to_pointer_type(op_type).base_type(), ns);
913 if(sub_size.has_value())
914 {
915 auto new_expr = expr;
916 exprt offset_expr =
917 simplify_typecast(typecast_exprt(op_plus_expr.op1(), size_type()));
918
919 // void*
920 if(*sub_size == 0 || *sub_size == 1)
921 new_expr.op() = offset_expr;
922 else
923 {
924 new_expr.op() = simplify_mult(
925 mult_exprt(from_integer(*sub_size, size_type()), offset_expr));
926 }
927
928 return changed(simplify_typecast(new_expr)); // rec. call
929 }
930 }
931 }
932
933 // Push a numerical typecast into various integer operations, i.e.,
934 // (T)(x OP y) ---> (T)x OP (T)y
935 //
936 // Doesn't work for many, e.g., pointer difference, floating-point,
937 // division, modulo.
938 // Many operations fail if the width of T
939 // is bigger than that of (x OP y). This includes ID_bitnot and
940 // anything that might overflow, e.g., ID_plus.
941 //
942 if((expr_type.id()==ID_signedbv || expr_type.id()==ID_unsignedbv) &&
943 (op_type.id()==ID_signedbv || op_type.id()==ID_unsignedbv))
944 {
945 bool enlarge=
946 to_bitvector_type(expr_type).get_width()>
947 to_bitvector_type(op_type).get_width();
948
949 if(!enlarge)
950 {
951 irep_idt op_id = expr.op().id();
952
953 if(
954 op_id == ID_plus || op_id == ID_minus || op_id == ID_mult ||
955 op_id == ID_unary_minus || op_id == ID_bitxor || op_id == ID_bitxnor ||
956 op_id == ID_bitor || op_id == ID_bitand)
957 {
958 exprt result = expr.op();
959
960 if(
961 result.operands().size() >= 1 &&
962 to_multi_ary_expr(result).op0().type() == result.type())
963 {
964 result.type()=expr.type();
965
966 Forall_operands(it, result)
967 {
968 auto new_operand = typecast_exprt(*it, expr.type());
969 *it = simplify_typecast(new_operand); // recursive call
970 }
971
972 return changed(simplify_node(result)); // possibly recursive call
973 }
974 }
975 else if(op_id==ID_ashr || op_id==ID_lshr || op_id==ID_shl)
976 {
977 }
978 }
979 }
980
981 // Push a numerical typecast into pointer arithmetic
982 // (T)(ptr + int) ---> (T)((size_t)ptr + sizeof(subtype)*(size_t)int)
983 //
984 if(
985 (expr_type.id() == ID_signedbv || expr_type.id() == ID_unsignedbv) &&
986 op_type.id() == ID_pointer && expr.op().id() == ID_plus)
987 {
988 const auto step =
989 pointer_offset_size(to_pointer_type(op_type).base_type(), ns);
990
991 if(step.has_value() && *step != 0)
992 {
993 const typet size_t_type(size_type());
994 auto new_expr = expr;
995
996 new_expr.op().type() = size_t_type;
997
998 for(auto &op : new_expr.op().operands())
999 {
1000 exprt new_op = simplify_typecast(typecast_exprt(op, size_t_type));
1001 if(op.type().id() != ID_pointer && *step > 1)
1002 {
1003 new_op =
1004 simplify_mult(mult_exprt(from_integer(*step, size_t_type), new_op));
1005 }
1006 op = std::move(new_op);
1007 }
1008
1009 new_expr.op() = simplify_plus(to_plus_expr(new_expr.op()));
1010
1011 return changed(simplify_typecast(new_expr)); // recursive call
1012 }
1013 }
1014
1015 const irep_idt &expr_type_id=expr_type.id();
1016 const exprt &operand = expr.op();
1017 const irep_idt &op_type_id=op_type.id();
1018
1019 if(operand.is_constant())
1020 {
1021 const irep_idt &value=to_constant_expr(operand).get_value();
1022
1023 // preserve the sizeof type annotation
1024 typet c_sizeof_type=
1025 static_cast<const typet &>(operand.find(ID_C_c_sizeof_type));
1026
1027 if(op_type_id==ID_integer ||
1028 op_type_id==ID_natural)
1029 {
1030 // from integer to ...
1031
1032 mp_integer int_value=string2integer(id2string(value));
1033
1034 if(expr_type_id==ID_bool)
1035 {
1036 return make_boolean_expr(int_value != 0);
1037 }
1038
1039 if(
1040 expr_type_id == ID_unsignedbv || expr_type_id == ID_signedbv ||
1041 expr_type_id == ID_c_enum || expr_type_id == ID_c_bit_field ||
1042 expr_type_id == ID_integer || expr_type_id == ID_natural ||
1043 expr_type_id == ID_rational || expr_type_id == ID_real)
1044 {
1045 return from_integer(int_value, expr_type);
1046 }
1047 else if(expr_type_id == ID_c_enum_tag)
1048 {
1049 const auto &c_enum_type = ns.follow_tag(to_c_enum_tag_type(expr_type));
1050 if(!c_enum_type.is_incomplete()) // possibly incomplete
1051 {
1052 exprt tmp = from_integer(int_value, c_enum_type);
1053 tmp.type() = expr_type; // we maintain the tag type
1054 return std::move(tmp);
1055 }
1056 }
1057 }
1058 else if(op_type_id==ID_rational)
1059 {
1060 }
1061 else if(op_type_id==ID_real)
1062 {
1063 }
1064 else if(op_type_id==ID_bool)
1065 {
1066 if(expr_type_id==ID_unsignedbv ||
1067 expr_type_id==ID_signedbv ||
1068 expr_type_id==ID_integer ||
1069 expr_type_id==ID_natural ||
1070 expr_type_id==ID_rational ||
1071 expr_type_id==ID_c_bool ||
1072 expr_type_id==ID_c_enum ||
1073 expr_type_id==ID_c_bit_field)
1074 {
1075 if(operand == true)
1076 {
1077 return from_integer(1, expr_type);
1078 }
1079 else if(operand == false)
1080 {
1081 return from_integer(0, expr_type);
1082 }
1083 }
1084 else if(expr_type_id==ID_c_enum_tag)
1085 {
1086 const auto &c_enum_type = ns.follow_tag(to_c_enum_tag_type(expr_type));
1087 if(!c_enum_type.is_incomplete()) // possibly incomplete
1088 {
1089 unsigned int_value = operand == true ? 1u : 0u;
1090 exprt tmp=from_integer(int_value, c_enum_type);
1091 tmp.type()=expr_type; // we maintain the tag type
1092 return std::move(tmp);
1093 }
1094 }
1095 else if(
1096 expr_type_id == ID_pointer && operand == false &&
1097 config.ansi_c.NULL_is_zero)
1098 {
1099 return null_pointer_exprt(to_pointer_type(expr_type));
1100 }
1101 }
1102 else if(op_type_id==ID_unsignedbv ||
1103 op_type_id==ID_signedbv ||
1104 op_type_id==ID_c_bit_field ||
1105 op_type_id==ID_c_bool)
1106 {
1107 mp_integer int_value;
1108
1109 if(to_integer(to_constant_expr(operand), int_value))
1110 return unchanged(expr);
1111
1112 if(expr_type_id==ID_bool)
1113 {
1114 return make_boolean_expr(int_value != 0);
1115 }
1116
1117 if(expr_type_id==ID_c_bool)
1118 {
1119 return from_integer(int_value != 0, expr_type);
1120 }
1121
1122 if(expr_type_id==ID_integer)
1123 {
1124 return from_integer(int_value, expr_type);
1125 }
1126
1127 if(expr_type_id==ID_natural)
1128 {
1129 if(int_value>=0)
1130 {
1131 return from_integer(int_value, expr_type);
1132 }
1133 }
1134
1135 if(expr_type_id==ID_unsignedbv ||
1136 expr_type_id==ID_signedbv ||
1137 expr_type_id==ID_bv ||
1138 expr_type_id==ID_c_bit_field)
1139 {
1140 auto result = from_integer(int_value, expr_type);
1141
1142 if(c_sizeof_type.is_not_nil())
1143 result.set(ID_C_c_sizeof_type, c_sizeof_type);
1144
1145 return std::move(result);
1146 }
1147
1148 if(expr_type_id==ID_c_enum_tag)
1149 {
1150 const auto &c_enum_type = ns.follow_tag(to_c_enum_tag_type(expr_type));
1151 if(!c_enum_type.is_incomplete()) // possibly incomplete
1152 {
1153 exprt tmp=from_integer(int_value, c_enum_type);
1154 tmp.type()=expr_type; // we maintain the tag type
1155 return std::move(tmp);
1156 }
1157 }
1158
1159 if(expr_type_id==ID_c_enum)
1160 {
1161 return from_integer(int_value, expr_type);
1162 }
1163
1164 if(expr_type_id==ID_fixedbv)
1165 {
1166 // int to float
1167 const fixedbv_typet &f_expr_type=
1168 to_fixedbv_type(expr_type);
1169
1170 fixedbvt f;
1171 f.spec=fixedbv_spect(f_expr_type);
1172 f.from_integer(int_value);
1173 return f.to_expr();
1174 }
1175
1176 if(expr_type_id==ID_floatbv)
1177 {
1178 // int to float
1179 const floatbv_typet &f_expr_type=
1180 to_floatbv_type(expr_type);
1181
1182 auto rm = ieee_floatt::rounding_modet::ROUND_TO_EVEN;
1183 ieee_floatt f(f_expr_type, rm);
1184 f.from_integer(int_value);
1185
1186 return f.to_expr();
1187 }
1188
1189 if(expr_type_id==ID_rational)
1190 {
1191 rationalt r(int_value);
1192 return from_rational(r);
1193 }
1194
1195 if(expr_type_id == ID_real)
1196 {
1197 return from_integer(int_value, expr_type);
1198 }
1199 }
1200 else if(op_type_id==ID_fixedbv)
1201 {
1202 if(expr_type_id==ID_unsignedbv ||
1203 expr_type_id==ID_signedbv)
1204 {
1205 // cast from fixedbv to int
1206 fixedbvt f(to_constant_expr(expr.op()));
1207 return from_integer(f.to_integer(), expr_type);
1208 }
1209 else if(expr_type_id==ID_fixedbv)
1210 {
1211 // fixedbv to fixedbv
1212 fixedbvt f(to_constant_expr(expr.op()));
1213 f.round(fixedbv_spect(to_fixedbv_type(expr_type)));
1214 return f.to_expr();
1215 }
1216 else if(expr_type_id == ID_bv)
1217 {
1218 fixedbvt f{to_constant_expr(expr.op())};
1219 return from_integer(f.get_value(), expr_type);
1220 }
1221 }
1222 else if(op_type_id==ID_floatbv)
1223 {
1224 ieee_floatt f(
1225 to_constant_expr(expr.op()),
1226 ieee_floatt::rounding_modet::ROUND_TO_EVEN);
1227
1228 if(expr_type_id==ID_unsignedbv ||
1229 expr_type_id==ID_signedbv)
1230 {
1231 // cast from float to int
1232 return from_integer(f.to_integer(), expr_type);
1233 }
1234 else if(expr_type_id==ID_floatbv)
1235 {
1236 // float to double or double to float
1237 f.change_spec(ieee_float_spect(to_floatbv_type(expr_type)));
1238 return f.to_expr();
1239 }
1240 else if(expr_type_id==ID_fixedbv)
1241 {
1242 fixedbvt fixedbv;
1243 fixedbv.spec=fixedbv_spect(to_fixedbv_type(expr_type));
1244 ieee_floatt factor(f.spec, ieee_floatt::rounding_modet::ROUND_TO_EVEN);
1245 factor.from_integer(power(2, fixedbv.spec.get_fraction_bits()));
1246 f*=factor;
1247 fixedbv.set_value(f.to_integer());
1248 return fixedbv.to_expr();
1249 }
1250 else if(expr_type_id == ID_bv)
1251 {
1252 return from_integer(f.pack(), expr_type);
1253 }
1254 }
1255 else if(op_type_id==ID_bv)
1256 {
1257 if(
1258 expr_type_id == ID_unsignedbv || expr_type_id == ID_signedbv ||
1259 expr_type_id == ID_c_enum || expr_type_id == ID_c_enum_tag ||
1260 expr_type_id == ID_c_bit_field)
1261 {
1262 const auto width = to_bv_type(op_type).get_width();
1263 const auto int_value = bvrep2integer(value, width, false);
1264 if(expr_type_id != ID_c_enum_tag)
1265 return from_integer(int_value, expr_type);
1266 else
1267 {
1268 c_enum_tag_typet tag_type = to_c_enum_tag_type(expr_type);
1269 auto result = from_integer(int_value, ns.follow_tag(tag_type));
1270 result.type() = tag_type;
1271 return std::move(result);
1272 }
1273 }
1274 else if(expr_type_id == ID_floatbv)
1275 {
1276 const auto width = to_bv_type(op_type).get_width();
1277 const auto int_value = bvrep2integer(value, width, false);
1278 ieee_float_valuet ieee_float{to_floatbv_type(expr_type)};
1279 ieee_float.unpack(int_value);
1280 return ieee_float.to_expr();
1281 }
1282 else if(expr_type_id == ID_fixedbv)
1283 {
1284 const auto width = to_bv_type(op_type).get_width();
1285 const auto int_value = bvrep2integer(value, width, false);
1286 fixedbvt fixedbv{fixedbv_spect{to_fixedbv_type(expr_type)}};
1287 fixedbv.set_value(int_value);
1288 return fixedbv.to_expr();
1289 }
1290 }
1291 else if(op_type_id==ID_c_enum_tag) // enum to int
1292 {
1293 const typet &base_type =
1294 ns.follow_tag(to_c_enum_tag_type(op_type)).underlying_type();
1295 if(base_type.id()==ID_signedbv || base_type.id()==ID_unsignedbv)
1296 {
1297 // enum constants use the representation of their base type
1298 auto new_expr = expr;
1299 new_expr.op().type() = base_type;
1300 return changed(simplify_typecast(new_expr)); // recursive call
1301 }
1302 }
1303 else if(op_type_id==ID_c_enum) // enum to int
1304 {
1305 const typet &base_type = to_c_enum_type(op_type).underlying_type();
1306 if(base_type.id()==ID_signedbv || base_type.id()==ID_unsignedbv)
1307 {
1308 // enum constants use the representation of their base type
1309 auto new_expr = expr;
1310 new_expr.op().type() = base_type;
1311 return changed(simplify_typecast(new_expr)); // recursive call
1312 }
1313 }
1314 }
1315 else if(operand.id()==ID_typecast) // typecast of typecast
1316 {
1317 // (T1)(T2)x ---> (T1)
1318 // where T1 has fewer bits than T2
1319 if(
1320 op_type_id == expr_type_id &&
1321 (expr_type_id == ID_unsignedbv || expr_type_id == ID_signedbv ||
1322 expr_type_id == ID_bv) &&
1323 to_bitvector_type(expr_type).get_width() <=
1324 to_bitvector_type(operand.type()).get_width())
1325 {
1326 auto new_expr = expr;
1327 new_expr.op() = to_typecast_expr(operand).op();
1328 // might enable further simplification
1329 return changed(simplify_typecast(new_expr)); // recursive call
1330 }
1331 }
1332 else if(operand.id()==ID_address_of)
1333 {
1334 const exprt &o=to_address_of_expr(operand).object();
1335
1336 // turn &array into &array[0] when casting to pointer-to-element-type
1337 if(
1338 o.type().id() == ID_array &&
1339 expr_type == pointer_type(to_array_type(o.type()).element_type()))
1340 {
1341 auto result =
1342 address_of_exprt(index_exprt(o, from_integer(0, size_type())));
1343
1344 return changed(simplify_address_of(result)); // recursive call
1345 }
1346 }
1347 else if(auto extractbits = expr_try_dynamic_cast<extractbits_exprt>(operand))
1348 {
1349 if(
1350 expr_type_id != ID_floatbv && expr_type_id != ID_pointer &&
1351 can_cast_type<bitvector_typet>(expr_type) &&
1352 can_cast_type<bitvector_typet>(operand.type()) &&
1353 to_bitvector_type(expr_type).get_width() ==
1354 to_bitvector_type(operand.type()).get_width())
1355 {
1356 extractbits_exprt result = *extractbits;
1357 result.type() = expr_type;
1358 return changed(simplify_extractbits(result));
1359 }
1360 }
1361
1362 return unchanged(expr);
1363}
1364
1365simplify_exprt::resultt<>
1366simplify_exprt::simplify_typecast_preorder(const typecast_exprt &expr)
1367{
1368 const typet &expr_type = expr.type();
1369 const typet &op_type = expr.op().type();
1370
1371 // (T)(a?b:c) --> a?(T)b:(T)c; don't do this for floating-point type casts as
1372 // the type cast itself may be costly
1373 if(
1374 expr.op().id() == ID_if && expr_type.id() != ID_floatbv &&
1375 op_type.id() != ID_floatbv)
1376 {
1377 if_exprt if_expr = lift_if(expr, 0);
1378 return changed(simplify_if_preorder(if_expr));
1379 }
1380 else
1381 {
1382 auto r_it = simplify_rec(expr.op()); // recursive call
1383 if(r_it.has_changed())
1384 {
1385 auto tmp = expr;
1386 tmp.op() = r_it.expr;
1387 return tmp;
1388 }
1389 }
1390
1391 return unchanged(expr);
1392}
1393
1394simplify_exprt::resultt<>
1395simplify_exprt::simplify_dereference(const dereference_exprt &expr)
1396{
1397 const exprt &pointer = expr.pointer();
1398
1399 if(pointer.type().id()!=ID_pointer)
1400 return unchanged(expr);
1401
1402 if(pointer.id()==ID_address_of)
1403 {
1404 exprt tmp=to_address_of_expr(pointer).object();
1405 // one address_of is gone, try again
1406 return changed(simplify_rec(tmp));
1407 }
1408 // rewrite *(&a[0] + x) to a[x]
1409 else if(
1410 pointer.id() == ID_plus && pointer.operands().size() == 2 &&
1411 to_plus_expr(pointer).op0().id() == ID_address_of)
1412 {
1413 const auto &pointer_plus_expr = to_plus_expr(pointer);
1414
1415 const address_of_exprt &address_of =
1416 to_address_of_expr(pointer_plus_expr.op0());
1417
1418 if(address_of.object().id()==ID_index)
1419 {
1420 const index_exprt &old=to_index_expr(address_of.object());
1421 if(old.array().type().id() == ID_array)
1422 {
1423 index_exprt idx(
1424 old.array(),
1425 pointer_offset_sum(old.index(), pointer_plus_expr.op1()),
1426 to_array_type(old.array().type()).element_type());
1427 return changed(simplify_rec(idx));
1428 }
1429 }
1430 }
1431
1432 return unchanged(expr);
1433}
1434
1435simplify_exprt::resultt<>
1436simplify_exprt::simplify_dereference_preorder(const dereference_exprt &expr)
1437{
1438 const exprt &pointer = expr.pointer();
1439
1440 if(pointer.id() == ID_if)
1441 {
1442 if_exprt if_expr = lift_if(expr, 0);
1443 return changed(simplify_if_preorder(if_expr));
1444 }
1445 else
1446 {
1447 auto r_it = simplify_rec(pointer); // recursive call
1448 if(r_it.has_changed())
1449 {
1450 auto tmp = expr;
1451 tmp.pointer() = r_it.expr;
1452 return tmp;
1453 }
1454 }
1455
1456 return unchanged(expr);
1457}
1458
1459simplify_exprt::resultt<>
1460simplify_exprt::simplify_lambda(const lambda_exprt &expr)
1461{
1462 return unchanged(expr);
1463}
1464
1465simplify_exprt::resultt<> simplify_exprt::simplify_with(const with_exprt &expr)
1466{
1467 // now look at first operand
1468
1469 if(
1470 expr.old().type().id() == ID_struct ||
1471 expr.old().type().id() == ID_struct_tag)
1472 {
1473 const struct_typet &old_type_followed =
1474 expr.old().type().id() == ID_struct_tag
1475 ? ns.follow_tag(to_struct_tag_type(expr.old().type()))
1476 : to_struct_type(expr.old().type());
1477 const irep_idt &component_name = expr.where().get(ID_component_name);
1478
1479 if(expr.old().id() == ID_struct || expr.old().is_constant())
1480 {
1481 if(!old_type_followed.has_component(component_name))
1482 return unchanged(expr);
1483
1484 std::size_t number = old_type_followed.component_number(component_name);
1485
1486 if(number >= expr.old().operands().size())
1487 return unchanged(expr);
1488
1489 exprt result = expr.old();
1490 result.operands()[number] = expr.new_value();
1491 return result;
1492 }
1493 else if(
1494 old_type_followed.components().size() == 1 &&
1495 old_type_followed.has_component(component_name))
1496 {
1497 return struct_exprt{{expr.new_value()}, expr.type()};
1498 }
1499 }
1500 else if(
1501 expr.old().type().id() == ID_array || expr.old().type().id() == ID_vector)
1502 {
1503 if(
1504 expr.old().id() == ID_array || expr.old().is_constant() ||
1505 expr.old().id() == ID_vector)
1506 {
1507 const auto i = numeric_cast<mp_integer>(expr.where());
1508
1509 if(i.has_value() && *i >= 0 && *i < expr.old().operands().size())
1510 {
1511 exprt result = expr.old();
1512 result.operands()[numeric_cast_v<std::size_t>(*i)] = expr.new_value();
1513 return result;
1514 }
1515 }
1516 }
1517
1518 return unchanged(expr);
1519}
1520
1521simplify_exprt::resultt<>
1522simplify_exprt::simplify_update(const update_exprt &expr)
1523{
1524 // this is to push updates into (possibly nested) constants
1525
1526 const exprt::operandst &designator = expr.designator();
1527
1528 exprt updated_value = expr.old();
1529 exprt *value_ptr=&updated_value;
1530
1531 for(const auto &e : designator)
1532 {
1533 if(e.id()==ID_index_designator &&
1534 value_ptr->id()==ID_array)
1535 {
1536 const auto i = numeric_cast<mp_integer>(to_index_designator(e).index());
1537
1538 if(!i.has_value())
1539 return unchanged(expr);
1540
1541 if(*i < 0 || *i >= value_ptr->operands().size())
1542 return unchanged(expr);
1543
1544 value_ptr = &value_ptr->operands()[numeric_cast_v<std::size_t>(*i)];
1545 }
1546 else if(e.id()==ID_member_designator &&
1547 value_ptr->id()==ID_struct)
1548 {
1549 const irep_idt &component_name=
1550 e.get(ID_component_name);
1551 const struct_typet &value_ptr_struct_type =
1552 value_ptr->type().id() == ID_struct_tag
1553 ? ns.follow_tag(to_struct_tag_type(value_ptr->type()))
1554 : to_struct_type(value_ptr->type());
1555 if(!value_ptr_struct_type.has_component(component_name))
1556 return unchanged(expr);
1557 auto &designator_as_struct_expr = to_struct_expr(*value_ptr);
1558 value_ptr = &designator_as_struct_expr.component(component_name, ns);
1559 CHECK_RETURN(value_ptr->is_not_nil());
1560 }
1561 else
1562 return unchanged(expr); // give up, unknown designator
1563 }
1564
1565 // found, done
1566 *value_ptr = expr.new_value();
1567 return updated_value;
1568}
1569
1570simplify_exprt::resultt<> simplify_exprt::simplify_object(const exprt &expr)
1571{
1572 if(expr.id()==ID_plus)
1573 {
1574 if(expr.type().id()==ID_pointer)
1575 {
1576 // kill integers from sum
1577 for(auto &op : expr.operands())
1578 if(op.type().id() == ID_pointer)
1579 return changed(simplify_object(op)); // recursive call
1580 }
1581 }
1582 else if(expr.id()==ID_typecast)
1583 {
1584 auto const &typecast_expr = to_typecast_expr(expr);
1585 const typet &op_type = typecast_expr.op().type();
1586
1587 if(op_type.id()==ID_pointer)
1588 {
1589 // cast from pointer to pointer
1590 return changed(simplify_object(typecast_expr.op())); // recursive call
1591 }
1592 else if(op_type.id()==ID_signedbv || op_type.id()==ID_unsignedbv)
1593 {
1594 // cast from integer to pointer
1595
1596 // We do a bit of special treatment for (TYPE *)(a+(int)&o) and
1597 // (TYPE *)(a+(int)((T*)&o+x)), which are re-written to '&o'.
1598
1599 const exprt &casted_expr = typecast_expr.op();
1600 if(casted_expr.id() == ID_plus && casted_expr.operands().size() == 2)
1601 {
1602 const auto &plus_expr = to_plus_expr(casted_expr);
1603
1604 const exprt &cand = plus_expr.op0().id() == ID_typecast
1605 ? plus_expr.op0()
1606 : plus_expr.op1();
1607
1608 if(cand.id() == ID_typecast)
1609 {
1610 const auto &typecast_op = to_typecast_expr(cand).op();
1611
1612 if(typecast_op.id() == ID_address_of)
1613 {
1614 return typecast_op;
1615 }
1616 else if(
1617 typecast_op.id() == ID_plus && typecast_op.operands().size() == 2 &&
1618 to_plus_expr(typecast_op).op0().id() == ID_typecast &&
1619 to_typecast_expr(to_plus_expr(typecast_op).op0()).op().id() ==
1620 ID_address_of)
1621 {
1622 return to_typecast_expr(to_plus_expr(typecast_op).op0()).op();
1623 }
1624 }
1625 }
1626 }
1627 }
1628 else if(expr.id()==ID_address_of)
1629 {
1630 const auto &object = to_address_of_expr(expr).object();
1631
1632 if(object.id() == ID_index)
1633 {
1634 // &some[i] -> &some
1635 address_of_exprt new_expr(to_index_expr(object).array());
1636 return changed(simplify_object(new_expr)); // recursion
1637 }
1638 else if(object.id() == ID_member)
1639 {
1640 // &some.f -> &some
1641 address_of_exprt new_expr(to_member_expr(object).compound());
1642 return changed(simplify_object(new_expr)); // recursion
1643 }
1644 }
1645
1646 return unchanged(expr);
1647}
1648
1649simplify_exprt::resultt<>
1650simplify_exprt::simplify_byte_extract(const byte_extract_exprt &expr)
1651{
1652 // lift up any ID_if on the object
1653 if(expr.op().id() == ID_if)
1654 {
1655 if_exprt if_expr = lift_if(expr, 0);
1656 if_expr.true_case() =
1657 simplify_byte_extract(to_byte_extract_expr(if_expr.true_case()));
1658 if_expr.false_case() =
1659 simplify_byte_extract(to_byte_extract_expr(if_expr.false_case()));
1660 return changed(simplify_if(if_expr));
1661 }
1662
1663 const auto el_size = pointer_offset_bits(expr.type(), ns);
1664 if(el_size.has_value() && *el_size < 0)
1665 return unchanged(expr);
1666
1667 // byte_extract(byte_extract(root, offset1), offset2) =>
1668 // byte_extract(root, offset1+offset2)
1669 if(expr.op().id()==expr.id())
1670 {
1671 auto tmp = expr;
1672
1673 tmp.offset() = simplify_rec(plus_exprt(
1674 typecast_exprt::conditional_cast(
1675 to_byte_extract_expr(expr.op()).offset(), expr.offset().type()),
1676 expr.offset()));
1677 tmp.op() = to_byte_extract_expr(expr.op()).op();
1678
1679 return changed(simplify_byte_extract(tmp)); // recursive call
1680 }
1681
1682 // byte_extract(byte_update(root, offset, value), offset) =>
1683 // value
1684 if(
1685 ((expr.id() == ID_byte_extract_big_endian &&
1686 expr.op().id() == ID_byte_update_big_endian) ||
1687 (expr.id() == ID_byte_extract_little_endian &&
1688 expr.op().id() == ID_byte_update_little_endian)) &&
1689 expr.offset() == to_byte_update_expr(as_const(expr).op()).offset())
1690 {
1691 const auto &op_byte_update = to_byte_update_expr(expr.op());
1692
1693 if(expr.type() == op_byte_update.value().type())
1694 {
1695 return op_byte_update.value();
1696 }
1697 else if(el_size.has_value())
1698 {
1699 const auto update_bits_opt =
1700 pointer_offset_bits(op_byte_update.value().type(), ns);
1701
1702 if(update_bits_opt.has_value() && *el_size <= *update_bits_opt)
1703 {
1704 auto tmp = expr;
1705 tmp.op() = op_byte_update.value();
1706 tmp.offset() = from_integer(0, expr.offset().type());
1707
1708 return changed(simplify_byte_extract(tmp)); // recursive call
1709 }
1710 }
1711 }
1712
1713 auto offset = numeric_cast<mp_integer>(expr.offset());
1714 if(offset.has_value() && *offset < 0)
1715 return unchanged(expr);
1716
1717 // try to simplify byte_extract(byte_update(...))
1718 auto const bu = expr_try_dynamic_cast<byte_update_exprt>(expr.op());
1719 std::optional<mp_integer> update_offset;
1720 if(bu)
1721 update_offset = numeric_cast<mp_integer>(bu->offset());
1722 if(
1723 offset.has_value() && bu && el_size.has_value() &&
1724 update_offset.has_value())
1725 {
1726 // byte_extract(byte_update(root, offset_u, value), offset_e) so that the
1727 // update does not affect what is being extracted simplifies to
1728 // byte_extract(root, offset_e)
1729 //
1730 // byte_extract(byte_update(root, offset_u, value), offset_e) so that the
1731 // extracted range fully lies within the update value simplifies to
1732 // byte_extract(value, offset_e - offset_u)
1733 if(
1734 *offset * expr.get_bits_per_byte() + *el_size <=
1735 *update_offset * bu->get_bits_per_byte())
1736 {
1737 // extracting before the update
1738 auto tmp = expr;
1739 tmp.op() = bu->op();
1740 return changed(simplify_byte_extract(tmp)); // recursive call
1741 }
1742 else if(
1743 const auto update_size = pointer_offset_bits(bu->value().type(), ns))
1744 {
1745 if(
1746 *offset * expr.get_bits_per_byte() >=
1747 *update_offset * bu->get_bits_per_byte() + *update_size)
1748 {
1749 // extracting after the update
1750 auto tmp = expr;
1751 tmp.op() = bu->op();
1752 return changed(simplify_byte_extract(tmp)); // recursive call
1753 }
1754 else if(
1755 *offset >= *update_offset &&
1756 *offset * expr.get_bits_per_byte() + *el_size <=
1757 *update_offset * bu->get_bits_per_byte() + *update_size)
1758 {
1759 // extracting from the update
1760 auto tmp = expr;
1761 tmp.op() = bu->value();
1762 tmp.offset() =
1763 from_integer(*offset - *update_offset, expr.offset().type());
1764 return changed(simplify_byte_extract(tmp)); // recursive call
1765 }
1766 }
1767 }
1768
1769 // don't do any of the following if endianness doesn't match, as
1770 // bytes need to be swapped
1771 if(
1772 offset.has_value() && *offset == 0 &&
1773 ((expr.id() == ID_byte_extract_little_endian &&
1774 config.ansi_c.endianness ==
1775 configt::ansi_ct::endiannesst::IS_LITTLE_ENDIAN) ||
1776 (expr.id() == ID_byte_extract_big_endian &&
1777 config.ansi_c.endianness ==
1778 configt::ansi_ct::endiannesst::IS_BIG_ENDIAN)))
1779 {
1780 // byte extract of full object is object
1781 if(expr.type() == expr.op().type())
1782 {
1783 return expr.op();
1784 }
1785 else if(
1786 expr.type().id() == ID_pointer && expr.op().type().id() == ID_pointer)
1787 {
1788 return typecast_exprt(expr.op(), expr.type());
1789 }
1790 }
1791
1792 if(
1793 (expr.type().id() == ID_union &&
1794 to_union_type(expr.type()).components().empty()) ||
1795 (expr.type().id() == ID_union_tag &&
1796 ns.follow_tag(to_union_tag_type(expr.type())).components().empty()))
1797 {
1798 return empty_union_exprt{expr.type()};
1799 }
1800 else if(
1801 (expr.type().id() == ID_struct &&
1802 to_struct_type(expr.type()).components().empty()) ||
1803 (expr.type().id() == ID_struct_tag &&
1804 ns.follow_tag(to_struct_tag_type(expr.type())).components().empty()))
1805 {
1806 return struct_exprt{{}, expr.type()};
1807 }
1808
1809 // no proper simplification for expr.type()==void
1810 // or types of unknown size
1811 if(!el_size.has_value() || *el_size == 0)
1812 return unchanged(expr);
1813
1814 if(
1815 offset.has_value() && expr.op().id() == ID_array_of &&
1816 to_array_of_expr(expr.op()).op().is_constant())
1817 {
1818 const auto const_bits_opt = expr2bits(
1819 to_array_of_expr(expr.op()).op(),
1820 config.ansi_c.endianness ==
1821 configt::ansi_ct::endiannesst::IS_LITTLE_ENDIAN,
1822 ns);
1823
1824 if(!const_bits_opt.has_value())
1825 return unchanged(expr);
1826
1827 std::string const_bits=const_bits_opt.value();
1828
1829 DATA_INVARIANT(!const_bits.empty(), "bit representation must be non-empty");
1830
1831 // double the string until we have sufficiently many bits
1832 while(mp_integer(const_bits.size()) <
1833 *offset * expr.get_bits_per_byte() + *el_size)
1834 {
1835 const_bits+=const_bits;
1836 }
1837
1838 std::string el_bits = std::string(
1839 const_bits,
1840 numeric_cast_v<std::size_t>(*offset * expr.get_bits_per_byte()),
1841 numeric_cast_v<std::size_t>(*el_size));
1842
1843 auto tmp = bits2expr(
1844 el_bits, expr.type(), expr.id() == ID_byte_extract_little_endian, ns);
1845
1846 if(tmp.has_value())
1847 return std::move(*tmp);
1848 }
1849
1850 // in some cases we even handle non-const array_of
1851 if(
1852 offset.has_value() && expr.op().id() == ID_array_of &&
1853 (*offset * expr.get_bits_per_byte()) % (*el_size) == 0 &&
1854 *el_size <=
1855 pointer_offset_bits(to_array_of_expr(expr.op()).what().type(), ns))
1856 {
1857 auto tmp = expr;
1858 tmp.op() = simplify_index(index_exprt(expr.op(), expr.offset()));
1859 tmp.offset() = from_integer(0, expr.offset().type());
1860 return changed(simplify_byte_extract(tmp));
1861 }
1862
1863 // extract bits of a constant
1864 const auto bits =
1865 expr2bits(expr.op(), expr.id() == ID_byte_extract_little_endian, ns);
1866
1867 if(
1868 offset.has_value() && bits.has_value() &&
1869 mp_integer(bits->size()) >= *el_size + *offset * expr.get_bits_per_byte())
1870 {
1871 // make sure we don't lose bits with structs containing flexible array
1872 // members
1873 const bool struct_has_flexible_array_member = has_subtype(
1874 expr.type(),
1875 [&](const typet &type) {
1876 if(type.id() != ID_struct && type.id() != ID_struct_tag)
1877 return false;
1878
1879 const struct_typet &st = type.id() == ID_struct_tag
1880 ? ns.follow_tag(to_struct_tag_type(type))
1881 : to_struct_type(type);
1882 const auto &comps = st.components();
1883 if(comps.empty() || comps.back().type().id() != ID_array)
1884 return false;
1885
1886 if(comps.back().type().get_bool(ID_C_flexible_array_member))
1887 return true;
1888
1889 const auto size =
1890 numeric_cast<mp_integer>(to_array_type(comps.back().type()).size());
1891 return !size.has_value() || *size <= 1;
1892 },
1893 ns);
1894 if(!struct_has_flexible_array_member)
1895 {
1896 std::string bits_cut = std::string(
1897 bits.value(),
1898 numeric_cast_v<std::size_t>(*offset * expr.get_bits_per_byte()),
1899 numeric_cast_v<std::size_t>(*el_size));
1900
1901 auto tmp = bits2expr(
1902 bits_cut, expr.type(), expr.id() == ID_byte_extract_little_endian, ns);
1903
1904 if(tmp.has_value())
1905 return std::move(*tmp);
1906 }
1907 }
1908
1909 // push byte extracts into struct or union expressions, just like
1910 // lower_byte_extract does (this is the same code, except recursive calls use
1911 // simplify rather than lower_byte_extract)
1912 if(expr.op().id() == ID_struct || expr.op().id() == ID_union)
1913 {
1914 if(expr.type().id() == ID_struct || expr.type().id() == ID_struct_tag)
1915 {
1916 const struct_typet &struct_type =
1917 expr.type().id() == ID_struct_tag
1918 ? ns.follow_tag(to_struct_tag_type(expr.type()))
1919 : to_struct_type(expr.type());
1920 const struct_typet::componentst &components = struct_type.components();
1921
1922 bool failed = false;
1923 struct_exprt s({}, expr.type());
1924
1925 for(const auto &comp : components)
1926 {
1927 auto component_bits = pointer_offset_bits(comp.type(), ns);
1928
1929 // the next member would be misaligned, abort
1930 if(
1931 !component_bits.has_value() || *component_bits == 0 ||
1932 *component_bits % expr.get_bits_per_byte() != 0)
1933 {
1934 failed = true;
1935 break;
1936 }
1937
1938 auto member_offset_opt =
1939 member_offset_expr(struct_type, comp.get_name(), ns);
1940
1941 if(!member_offset_opt.has_value())
1942 {
1943 failed = true;
1944 break;
1945 }
1946
1947 exprt new_offset = simplify_rec(
1948 plus_exprt{expr.offset(),
1949 typecast_exprt::conditional_cast(
1950 member_offset_opt.value(), expr.offset().type())});
1951
1952 byte_extract_exprt tmp = expr;
1953 tmp.type() = comp.type();
1954 tmp.offset() = new_offset;
1955
1956 s.add_to_operands(simplify_byte_extract(tmp));
1957 }
1958
1959 if(!failed)
1960 return s;
1961 }
1962 else if(expr.type().id() == ID_union || expr.type().id() == ID_union_tag)
1963 {
1964 const union_typet &union_type =
1965 expr.type().id() == ID_union_tag
1966 ? ns.follow_tag(to_union_tag_type(expr.type()))
1967 : to_union_type(expr.type());
1968 auto widest_member_opt = union_type.find_widest_union_component(ns);
1969 if(widest_member_opt.has_value())
1970 {
1971 byte_extract_exprt be = expr;
1972 be.type() = widest_member_opt->first.type();
1973 return union_exprt{widest_member_opt->first.get_name(),
1974 simplify_byte_extract(be),
1975 expr.type()};
1976 }
1977 }
1978 }
1979 else if(expr.op().id() == ID_array)
1980 {
1981 const array_typet &array_type = to_array_type(expr.op().type());
1982 const auto &element_bit_width =
1983 pointer_offset_bits(array_type.element_type(), ns);
1984 if(
1985 offset.has_value() && element_bit_width.has_value() &&
1986 *element_bit_width > 0)
1987 {
1988 if(
1989 *offset > 0 &&
1990 *offset * expr.get_bits_per_byte() % *element_bit_width == 0)
1991 {
1992 const auto elements_to_erase = numeric_cast_v<std::size_t>(
1993 (*offset * expr.get_bits_per_byte()) / *element_bit_width);
1994 array_exprt slice = to_array_expr(expr.op());
1995 slice.operands().erase(
1996 slice.operands().begin(),
1997 slice.operands().begin() +
1998 std::min(elements_to_erase, slice.operands().size()));
1999 slice.type().size() =
2000 from_integer(slice.operands().size(), slice.type().size().type());
2001 byte_extract_exprt be = expr;
2002 be.op() = slice;
2003 be.offset() = from_integer(0, expr.offset().type());
2004 return changed(simplify_byte_extract(be));
2005 }
2006 else if(*offset == 0 && *el_size % *element_bit_width == 0)
2007 {
2008 const auto elements_to_keep =
2009 numeric_cast_v<std::size_t>(*el_size / *element_bit_width);
2010 array_exprt slice = to_array_expr(expr.op());
2011 if(slice.operands().size() > elements_to_keep)
2012 {
2013 slice.operands().resize(elements_to_keep);
2014 slice.type().size() =
2015 from_integer(slice.operands().size(), slice.type().size().type());
2016 byte_extract_exprt be = expr;
2017 be.op() = slice;
2018 return changed(simplify_byte_extract(be));
2019 }
2020 }
2021 }
2022 }
2023
2024 // try to refine it down to extracting from a member or an index in an array
2025 auto subexpr =
2026 get_subexpression_at_offset(expr.op(), expr.offset(), expr.type(), ns);
2027 if(subexpr.has_value() && subexpr.value() != expr)
2028 return changed(simplify_rec(subexpr.value())); // recursive call
2029
2030 if(can_forward_propagatet(ns)(expr))
2031 return changed(simplify_rec(lower_byte_extract(expr, ns)));
2032
2033 return unchanged(expr);
2034}
2035
2036simplify_exprt::resultt<>
2037simplify_exprt::simplify_byte_extract_preorder(const byte_extract_exprt &expr)
2038{
2039 // lift up any ID_if on the object
2040 if(expr.op().id() == ID_if)
2041 {
2042 if_exprt if_expr = lift_if(expr, 0);
2043 return changed(simplify_if_preorder(if_expr));
2044 }
2045 else
2046 {
2047 std::optional<exprt::operandst> new_operands;
2048
2049 for(std::size_t i = 0; i < expr.operands().size(); ++i)
2050 {
2051 auto r_it = simplify_rec(expr.operands()[i]); // recursive call
2052 if(r_it.has_changed())
2053 {
2054 if(!new_operands.has_value())
2055 new_operands = expr.operands();
2056 (*new_operands)[i] = std::move(r_it.expr);
2057 }
2058 }
2059
2060 if(new_operands.has_value())
2061 {
2062 exprt result = expr;
2063 std::swap(result.operands(), *new_operands);
2064 return result;
2065 }
2066 }
2067
2068 return unchanged(expr);
2069}
2070
2071simplify_exprt::resultt<>
2072simplify_exprt::simplify_byte_update(const byte_update_exprt &expr)
2073{
2074 // byte_update(byte_update(root, offset, value), offset, value2) =>
2075 // byte_update(root, offset, value2)
2076 if(
2077 expr.id() == expr.op().id() &&
2078 expr.offset() == to_byte_update_expr(expr.op()).offset() &&
2079 expr.value().type() == to_byte_update_expr(expr.op()).value().type())
2080 {
2081 auto tmp = expr;
2082 tmp.set_op(to_byte_update_expr(expr.op()).op());
2083 return std::move(tmp);
2084 }
2085
2086 const exprt &root = expr.op();
2087 const exprt &offset = expr.offset();
2088 const exprt &value = expr.value();
2089 const auto val_size = pointer_offset_bits(value.type(), ns);
2090 const auto root_size = pointer_offset_bits(root.type(), ns);
2091
2092 const auto matching_byte_extract_id =
2093 expr.id() == ID_byte_update_little_endian ? ID_byte_extract_little_endian
2094 : ID_byte_extract_big_endian;
2095
2096 // byte update of full object is byte_extract(new value)
2097 if(
2098 offset == 0 && val_size.has_value() && *val_size > 0 &&
2099 root_size.has_value() && *root_size > 0 && *val_size >= *root_size)
2100 {
2101 byte_extract_exprt be(
2102 matching_byte_extract_id,
2103 value,
2104 offset,
2105 expr.get_bits_per_byte(),
2106 expr.type());
2107
2108 return changed(simplify_byte_extract(be));
2109 }
2110
2111 // update bits in a constant
2112 const auto offset_int = numeric_cast<mp_integer>(offset);
2113 if(
2114 root_size.has_value() && *root_size >= 0 && val_size.has_value() &&
2115 *val_size >= 0 && offset_int.has_value() && *offset_int >= 0 &&
2116 *offset_int * expr.get_bits_per_byte() + *val_size <= *root_size)
2117 {
2118 auto root_bits =
2119 expr2bits(root, expr.id() == ID_byte_update_little_endian, ns);
2120
2121 if(root_bits.has_value())
2122 {
2123 const auto val_bits =
2124 expr2bits(value, expr.id() == ID_byte_update_little_endian, ns);
2125
2126 if(val_bits.has_value())
2127 {
2128 root_bits->replace(
2129 numeric_cast_v<std::size_t>(*offset_int * expr.get_bits_per_byte()),
2130 numeric_cast_v<std::size_t>(*val_size),
2131 *val_bits);
2132
2133 auto tmp = bits2expr(
2134 *root_bits,
2135 expr.type(),
2136 expr.id() == ID_byte_update_little_endian,
2137 ns);
2138
2139 if(tmp.has_value())
2140 return std::move(*tmp);
2141 }
2142 }
2143 }
2144
2145 /*
2146 * byte_update(root, offset,
2147 * extract(root, offset) WITH component:=value)
2148 * =>
2149 * byte_update(root, offset + component offset,
2150 * value)
2151 */
2152
2153 if(value.id()==ID_with)
2154 {
2155 const with_exprt &with=to_with_expr(value);
2156
2157 if(with.old().id() == matching_byte_extract_id)
2158 {
2159 const byte_extract_exprt &extract=to_byte_extract_expr(with.old());
2160
2161 /* the simplification can be used only if
2162 root and offset of update and extract
2163 are the same */
2164 if(!(root==extract.op()))
2165 return unchanged(expr);
2166 if(!(offset==extract.offset()))
2167 return unchanged(expr);
2168
2169 if(with.type().id() == ID_struct || with.type().id() == ID_struct_tag)
2170 {
2171 const struct_typet &struct_type =
2172 with.type().id() == ID_struct_tag
2173 ? ns.follow_tag(to_struct_tag_type(with.type()))
2174 : to_struct_type(with.type());
2175 const irep_idt &component_name=with.where().get(ID_component_name);
2176 const typet &c_type = struct_type.get_component(component_name).type();
2177
2178 // is this a bit field?
2179 if(c_type.id() == ID_c_bit_field || c_type.id() == ID_bool)
2180 {
2181 // don't touch -- might not be byte-aligned
2182 }
2183 else
2184 {
2185 // new offset = offset + component offset
2186 auto i = member_offset(struct_type, component_name, ns);
2187 if(i.has_value())
2188 {
2189 exprt compo_offset = from_integer(*i, offset.type());
2190 plus_exprt new_offset(offset, compo_offset);
2191 exprt new_value(with.new_value());
2192 auto tmp = expr;
2193 tmp.set_offset(simplify_node(std::move(new_offset)));
2194 tmp.set_value(std::move(new_value));
2195 return changed(simplify_byte_update(tmp)); // recursive call
2196 }
2197 }
2198 }
2199 else if(with.type().id() == ID_array)
2200 {
2201 auto i =
2202 pointer_offset_size(to_array_type(with.type()).element_type(), ns);
2203 if(i.has_value())
2204 {
2205 const exprt &index=with.where();
2206 exprt index_offset =
2207 simplify_mult(mult_exprt(index, from_integer(*i, index.type())));
2208
2209 // index_offset may need a typecast
2210 if(offset.type() != index.type())
2211 {
2212 index_offset =
2213 simplify_typecast(typecast_exprt(index_offset, offset.type()));
2214 }
2215
2216 plus_exprt new_offset(offset, index_offset);
2217 exprt new_value(with.new_value());
2218 auto tmp = expr;
2219 tmp.set_offset(simplify_plus(std::move(new_offset)));
2220 tmp.set_value(std::move(new_value));
2221 return changed(simplify_byte_update(tmp)); // recursive call
2222 }
2223 }
2224 }
2225 }
2226
2227 // size must be known
2228 if(!val_size.has_value() || *val_size == 0)
2229 return unchanged(expr);
2230
2231 // byte_update(root, offset, value) is with(root, index, value) when root is
2232 // array-typed, the size of value matches the array-element width, and offset
2233 // is guaranteed to be a multiple of the array-element width
2234 if(auto array_type = type_try_dynamic_cast<array_typet>(root.type()))
2235 {
2236 auto el_size = pointer_offset_bits(array_type->element_type(), ns);
2237
2238 if(el_size.has_value() && *el_size > 0 && *val_size % *el_size == 0)
2239 {
2240 if(
2241 offset_int.has_value() &&
2242 (*offset_int * expr.get_bits_per_byte()) % *el_size == 0)
2243 {
2244 mp_integer base_offset =
2245 (*offset_int * expr.get_bits_per_byte()) / *el_size;
2246 with_exprt result_expr{
2247 root,
2248 from_integer(base_offset, array_type->index_type()),
2249 byte_extract_exprt{
2250 matching_byte_extract_id,
2251 value,
2252 from_integer(0, offset.type()),
2253 expr.get_bits_per_byte(),
2254 array_type->element_type()}};
2255 mp_integer n_elements = *val_size / *el_size;
2256
2257 for(mp_integer i = 1; i < n_elements; ++i)
2258 {
2259 result_expr = with_exprt{
2260 result_expr,
2261 from_integer(base_offset + i, array_type->index_type()),
2262 byte_extract_exprt{
2263 matching_byte_extract_id,
2264 value,
2265 from_integer(
2266 i * (*el_size / expr.get_bits_per_byte()), offset.type()),
2267 expr.get_bits_per_byte(),
2268 array_type->element_type()}};
2269 }
2270
2271 return changed(simplify_rec(result_expr));
2272 }
2273 // if we have an offset C + x (where C is a constant) we can try to
2274 // recurse by first looking at the member at offset C
2275 else if(
2276 offset.id() == ID_plus && offset.operands().size() == 2 &&
2277 (to_multi_ary_expr(offset).op0().is_constant() ||
2278 to_multi_ary_expr(offset).op1().is_constant()))
2279 {
2280 const plus_exprt &offset_plus = to_plus_expr(offset);
2281 const auto &const_factor = offset_plus.op0().is_constant()
2282 ? offset_plus.op0()
2283 : offset_plus.op1();
2284 const exprt &other_factor = offset_plus.op0().is_constant()
2285 ? offset_plus.op1()
2286 : offset_plus.op0();
2287
2288 auto tmp = expr;
2289 tmp.set_offset(const_factor);
2290 exprt expr_at_offset_C = simplify_byte_update(tmp);
2291
2292 if(
2293 expr_at_offset_C.id() == ID_with &&
2294 to_with_expr(expr_at_offset_C).where() == 0)
2295 {
2296 tmp.set_op(to_with_expr(expr_at_offset_C).old());
2297 tmp.set_offset(other_factor);
2298 return changed(simplify_byte_update(tmp));
2299 }
2300 }
2301 else if(
2302 offset.id() == ID_mult && offset.operands().size() == 2 &&
2303 (to_multi_ary_expr(offset).op0().is_constant() ||
2304 to_multi_ary_expr(offset).op1().is_constant()))
2305 {
2306 const mult_exprt &offset_mult = to_mult_expr(offset);
2307 const auto &const_factor = numeric_cast_v<mp_integer>(to_constant_expr(
2308 offset_mult.op0().is_constant() ? offset_mult.op0()
2309 : offset_mult.op1()));
2310 const exprt &other_factor = offset_mult.op0().is_constant()
2311 ? offset_mult.op1()
2312 : offset_mult.op0();
2313
2314 if((const_factor * expr.get_bits_per_byte()) % *el_size == 0)
2315 {
2316 exprt base_offset = mult_exprt{
2317 other_factor,
2318 from_integer(
2319 (const_factor * expr.get_bits_per_byte()) / *el_size,
2320 other_factor.type())};
2321 with_exprt result_expr{
2322 root,
2323 typecast_exprt::conditional_cast(
2324 base_offset, array_type->index_type()),
2325 byte_extract_exprt{
2326 matching_byte_extract_id,
2327 value,
2328 from_integer(0, offset.type()),
2329 expr.get_bits_per_byte(),
2330 array_type->element_type()}};
2331 mp_integer n_elements = *val_size / *el_size;
2332 for(mp_integer i = 1; i < n_elements; ++i)
2333 {
2334 result_expr = with_exprt{
2335 result_expr,
2336 typecast_exprt::conditional_cast(
2337 plus_exprt{base_offset, from_integer(i, base_offset.type())},
2338 array_type->index_type()),
2339 byte_extract_exprt{
2340 matching_byte_extract_id,
2341 value,
2342 from_integer(
2343 i * (*el_size / expr.get_bits_per_byte()), offset.type()),
2344 expr.get_bits_per_byte(),
2345 array_type->element_type()}};
2346 }
2347 return changed(simplify_rec(result_expr));
2348 }
2349 }
2350 }
2351 }
2352
2353 // the following require a constant offset
2354 if(!offset_int.has_value() || *offset_int < 0)
2355 return unchanged(expr);
2356
2357 // Are we updating (parts of) a struct? Do individual member updates
2358 // instead, unless there are non-byte-sized bit fields
2359 if(root.type().id() == ID_struct || root.type().id() == ID_struct_tag)
2360 {
2361 exprt result_expr;
2362 result_expr.make_nil();
2363
2364 auto update_size = pointer_offset_size(value.type(), ns);
2365
2366 const struct_typet &struct_type =
2367 root.type().id() == ID_struct_tag
2368 ? ns.follow_tag(to_struct_tag_type(root.type()))
2369 : to_struct_type(root.type());
2370 const struct_typet::componentst &components=
2371 struct_type.components();
2372
2373 for(const auto &component : components)
2374 {
2375 auto m_offset = member_offset(struct_type, component.get_name(), ns);
2376
2377 auto m_size_bits = pointer_offset_bits(component.type(), ns);
2378
2379 // can we determine the current offset?
2380 if(!m_offset.has_value())
2381 {
2382 result_expr.make_nil();
2383 break;
2384 }
2385
2386 // is it a byte-sized member?
2387 if(
2388 !m_size_bits.has_value() || *m_size_bits == 0 ||
2389 (*m_size_bits) % expr.get_bits_per_byte() != 0)
2390 {
2391 result_expr.make_nil();
2392 break;
2393 }
2394
2395 mp_integer m_size_bytes = (*m_size_bits) / expr.get_bits_per_byte();
2396
2397 // is that member part of the update?
2398 if(*m_offset + m_size_bytes <= *offset_int)
2399 continue;
2400 // are we done updating?
2401 else if(
2402 update_size.has_value() && *update_size > 0 &&
2403 *m_offset >= *offset_int + *update_size)
2404 {
2405 break;
2406 }
2407
2408 if(result_expr.is_nil())
2409 result_expr = as_const(expr).op();
2410
2411 exprt member_name(ID_member_name);
2412 member_name.set(ID_component_name, component.get_name());
2413 result_expr=with_exprt(result_expr, member_name, nil_exprt());
2414
2415 // are we updating on member boundaries?
2416 if(
2417 *m_offset < *offset_int ||
2418 (*m_offset == *offset_int && update_size.has_value() &&
2419 *update_size > 0 && m_size_bytes > *update_size))
2420 {
2421 byte_update_exprt v(
2422 expr.id(),
2423 member_exprt(root, component.get_name(), component.type()),
2424 from_integer(*offset_int - *m_offset, offset.type()),
2425 value,
2426 expr.get_bits_per_byte());
2427
2428 to_with_expr(result_expr).new_value().swap(v);
2429 }
2430 else if(
2431 update_size.has_value() && *update_size > 0 &&
2432 *m_offset + m_size_bytes > *offset_int + *update_size)
2433 {
2434 // we don't handle this for the moment
2435 result_expr.make_nil();
2436 break;
2437 }
2438 else
2439 {
2440 byte_extract_exprt v(
2441 matching_byte_extract_id,
2442 value,
2443 from_integer(*m_offset - *offset_int, offset.type()),
2444 expr.get_bits_per_byte(),
2445 component.type());
2446
2447 to_with_expr(result_expr).new_value().swap(v);
2448 }
2449 }
2450
2451 if(result_expr.is_not_nil())
2452 return changed(simplify_rec(result_expr));
2453 }
2454
2455 // replace elements of array or struct expressions, possibly using
2456 // byte_extract
2457 if(root.id()==ID_array)
2458 {
2459 auto el_size =
2460 pointer_offset_bits(to_type_with_subtype(root.type()).subtype(), ns);
2461
2462 if(
2463 !el_size.has_value() || *el_size == 0 ||
2464 (*el_size) % expr.get_bits_per_byte() != 0 ||
2465 (*val_size) % expr.get_bits_per_byte() != 0)
2466 {
2467 return unchanged(expr);
2468 }
2469
2470 exprt result=root;
2471
2472 mp_integer m_offset_bits=0, val_offset=0;
2473 Forall_operands(it, result)
2474 {
2475 if(*offset_int * expr.get_bits_per_byte() + (*val_size) <= m_offset_bits)
2476 break;
2477
2478 if(*offset_int * expr.get_bits_per_byte() < m_offset_bits + *el_size)
2479 {
2480 mp_integer bytes_req =
2481 (m_offset_bits + *el_size) / expr.get_bits_per_byte() - *offset_int;
2482 bytes_req-=val_offset;
2483 if(val_offset + bytes_req > (*val_size) / expr.get_bits_per_byte())
2484 bytes_req = (*val_size) / expr.get_bits_per_byte() - val_offset;
2485
2486 byte_extract_exprt new_val(
2487 matching_byte_extract_id,
2488 value,
2489 from_integer(val_offset, offset.type()),
2490 expr.get_bits_per_byte(),
2491 array_typet(
2492 unsignedbv_typet(expr.get_bits_per_byte()),
2493 from_integer(bytes_req, offset.type())));
2494
2495 *it = byte_update_exprt(
2496 expr.id(),
2497 *it,
2498 from_integer(
2499 *offset_int + val_offset - m_offset_bits / expr.get_bits_per_byte(),
2500 offset.type()),
2501 new_val,
2502 expr.get_bits_per_byte());
2503
2504 *it = simplify_rec(*it); // recursive call
2505
2506 val_offset+=bytes_req;
2507 }
2508
2509 m_offset_bits += *el_size;
2510 }
2511
2512 return std::move(result);
2513 }
2514
2515 return unchanged(expr);
2516}
2517
2518simplify_exprt::resultt<>
2519simplify_exprt::simplify_complex(const unary_exprt &expr)
2520{
2521 if(expr.id() == ID_complex_real)
2522 {
2523 auto &complex_real_expr = to_complex_real_expr(expr);
2524
2525 if(complex_real_expr.op().id() == ID_complex)
2526 return to_complex_expr(complex_real_expr.op()).real();
2527 }
2528 else if(expr.id() == ID_complex_imag)
2529 {
2530 auto &complex_imag_expr = to_complex_imag_expr(expr);
2531
2532 if(complex_imag_expr.op().id() == ID_complex)
2533 return to_complex_expr(complex_imag_expr.op()).imag();
2534 }
2535
2536 return unchanged(expr);
2537}
2538
2539simplify_exprt::resultt<>
2540simplify_exprt::simplify_overflow_binary(const binary_overflow_exprt &expr)
2541{
2542 // When one operand is zero, an overflow can only occur for a subtraction from
2543 // zero.
2544 if(
2545 expr.op1() == 0 ||
2546 (expr.op0() == 0 && !can_cast_expr<minus_overflow_exprt>(expr)))
2547 {
2548 return false_exprt{};
2549 }
2550
2551 // One is neutral element for multiplication
2552 if(
2553 can_cast_expr<mult_overflow_exprt>(expr) &&
2554 (expr.op0() == 1 || expr.op1() == 1))
2555 {
2556 return false_exprt{};
2557 }
2558
2559 // we only handle the case of same operand types
2560 if(expr.op0().type() != expr.op1().type())
2561 return unchanged(expr);
2562
2563 // catch some cases over mathematical types
2564 const irep_idt &op_type_id = expr.op0().type().id();
2565 if(
2566 op_type_id == ID_integer || op_type_id == ID_rational ||
2567 op_type_id == ID_real)
2568 {
2569 return false_exprt{};
2570 }
2571
2572 if(op_type_id == ID_natural && !can_cast_expr<minus_overflow_exprt>(expr))
2573 return false_exprt{};
2574
2575 // we only handle constants over signedbv/unsignedbv for the remaining cases
2576 if(op_type_id != ID_signedbv && op_type_id != ID_unsignedbv)
2577 return unchanged(expr);
2578
2579 if(!expr.op0().is_constant() || !expr.op1().is_constant())
2580 return unchanged(expr);
2581
2582 const auto op0_value = numeric_cast<mp_integer>(expr.op0());
2583 const auto op1_value = numeric_cast<mp_integer>(expr.op1());
2584 if(!op0_value.has_value() || !op1_value.has_value())
2585 return unchanged(expr);
2586
2587 mp_integer no_overflow_result;
2588 if(can_cast_expr<plus_overflow_exprt>(expr))
2589 no_overflow_result = *op0_value + *op1_value;
2590 else if(can_cast_expr<minus_overflow_exprt>(expr))
2591 no_overflow_result = *op0_value - *op1_value;
2592 else if(can_cast_expr<mult_overflow_exprt>(expr))
2593 no_overflow_result = *op0_value * *op1_value;
2594 else if(can_cast_expr<shl_overflow_exprt>(expr))
2595 no_overflow_result = *op0_value << *op1_value;
2596 else
2597 UNREACHABLE;
2598
2599 const std::size_t width = to_bitvector_type(expr.op0().type()).get_width();
2600 const integer_bitvector_typet bv_type{op_type_id, width};
2601 if(
2602 no_overflow_result < bv_type.smallest() ||
2603 no_overflow_result > bv_type.largest())
2604 {
2605 return true_exprt{};
2606 }
2607 else
2608 return false_exprt{};
2609}
2610
2611simplify_exprt::resultt<>
2612simplify_exprt::simplify_overflow_unary(const unary_overflow_exprt &expr)
2613{
2614 // zero is a neutral element for all operations supported here
2615 if(expr.op() == 0)
2616 return false_exprt{};
2617
2618 // catch some cases over mathematical types
2619 const irep_idt &op_type_id = expr.op().type().id();
2620 if(
2621 op_type_id == ID_integer || op_type_id == ID_rational ||
2622 op_type_id == ID_real)
2623 {
2624 return false_exprt{};
2625 }
2626
2627 if(op_type_id == ID_natural)
2628 return true_exprt{};
2629
2630 // we only handle constants over signedbv/unsignedbv for the remaining cases
2631 if(op_type_id != ID_signedbv && op_type_id != ID_unsignedbv)
2632 return unchanged(expr);
2633
2634 if(!expr.op().is_constant())
2635 return unchanged(expr);
2636
2637 const auto op_value = numeric_cast<mp_integer>(expr.op());
2638 if(!op_value.has_value())
2639 return unchanged(expr);
2640
2641 mp_integer no_overflow_result;
2642 if(can_cast_expr<unary_minus_overflow_exprt>(expr))
2643 no_overflow_result = -*op_value;
2644 else
2645 UNREACHABLE;
2646
2647 const std::size_t width = to_bitvector_type(expr.op().type()).get_width();
2648 const integer_bitvector_typet bv_type{op_type_id, width};
2649 if(
2650 no_overflow_result < bv_type.smallest() ||
2651 no_overflow_result > bv_type.largest())
2652 {
2653 return true_exprt{};
2654 }
2655 else
2656 return false_exprt{};
2657}
2658
2659simplify_exprt::resultt<>
2660simplify_exprt::simplify_overflow_result(const overflow_result_exprt &expr)
2661{
2662 if(expr.id() == ID_overflow_result_unary_minus)
2663 {
2664 // zero is a neutral element
2665 if(expr.op0() == 0)
2666 return struct_exprt{{expr.op0(), false_exprt{}}, expr.type()};
2667
2668 // catch some cases over mathematical types
2669 const irep_idt &op_type_id = expr.op0().type().id();
2670 if(
2671 op_type_id == ID_integer || op_type_id == ID_rational ||
2672 op_type_id == ID_real)
2673 {
2674 return struct_exprt{{expr.op0(), false_exprt{}}, expr.type()};
2675 }
2676
2677 // always an overflow for natural numbers, but the result is not
2678 // representable
2679 if(op_type_id == ID_natural)
2680 return unchanged(expr);
2681
2682 // we only handle constants over signedbv/unsignedbv for the remaining cases
2683 if(op_type_id != ID_signedbv && op_type_id != ID_unsignedbv)
2684 return unchanged(expr);
2685
2686 if(!expr.op0().is_constant())
2687 return unchanged(expr);
2688
2689 const auto op_value = numeric_cast<mp_integer>(expr.op0());
2690 if(!op_value.has_value())
2691 return unchanged(expr);
2692
2693 mp_integer no_overflow_result = -*op_value;
2694
2695 const std::size_t width = to_bitvector_type(expr.op0().type()).get_width();
2696 const integer_bitvector_typet bv_type{op_type_id, width};
2697 if(
2698 no_overflow_result < bv_type.smallest() ||
2699 no_overflow_result > bv_type.largest())
2700 {
2701 return struct_exprt{
2702 {from_integer(no_overflow_result, expr.op0().type()), true_exprt{}},
2703 expr.type()};
2704 }
2705 else
2706 {
2707 return struct_exprt{
2708 {from_integer(no_overflow_result, expr.op0().type()), false_exprt{}},
2709 expr.type()};
2710 }
2711 }
2712 else
2713 {
2714 // When one operand is zero, an overflow can only occur for a subtraction
2715 // from zero.
2716 if(expr.op0() == 0)
2717 {
2718 if(
2719 expr.id() == ID_overflow_result_plus ||
2720 expr.id() == ID_overflow_result_shl)
2721 {
2722 return struct_exprt{{expr.op1(), false_exprt{}}, expr.type()};
2723 }
2724 else if(expr.id() == ID_overflow_result_mult)
2725 {
2726 return struct_exprt{
2727 {from_integer(0, expr.op0().type()), false_exprt{}}, expr.type()};
2728 }
2729 }
2730 else if(expr.op1() == 0)
2731 {
2732 if(
2733 expr.id() == ID_overflow_result_plus ||
2734 expr.id() == ID_overflow_result_minus ||
2735 expr.id() == ID_overflow_result_shl)
2736 {
2737 return struct_exprt{{expr.op0(), false_exprt{}}, expr.type()};
2738 }
2739 else
2740 {
2741 return struct_exprt{
2742 {from_integer(0, expr.op0().type()), false_exprt{}}, expr.type()};
2743 }
2744 }
2745
2746 // One is neutral element for multiplication
2747 if(
2748 expr.id() == ID_overflow_result_mult &&
2749 (expr.op0() == 1 || expr.op1() == 1))
2750 {
2751 return struct_exprt{
2752 {expr.op0() == 1 ? expr.op1() : expr.op0(), false_exprt{}},
2753 expr.type()};
2754 }
2755
2756 // we only handle the case of same operand types
2757 if(
2758 expr.id() != ID_overflow_result_shl &&
2759 expr.op0().type() != expr.op1().type())
2760 {
2761 return unchanged(expr);
2762 }
2763
2764 // catch some cases over mathematical types
2765 const irep_idt &op_type_id = expr.op0().type().id();
2766 if(
2767 expr.id() != ID_overflow_result_shl &&
2768 (op_type_id == ID_integer || op_type_id == ID_rational ||
2769 op_type_id == ID_real))
2770 {
2771 irep_idt id =
2772 expr.id() == ID_overflow_result_plus
2773 ? ID_plus
2774 : expr.id() == ID_overflow_result_minus ? ID_minus : ID_mult;
2775 return struct_exprt{
2776 {simplify_node(binary_exprt{expr.op0(), id, expr.op1()}),
2777 false_exprt{}},
2778 expr.type()};
2779 }
2780
2781 if(
2782 (expr.id() == ID_overflow_result_plus ||
2783 expr.id() == ID_overflow_result_mult) &&
2784 op_type_id == ID_natural)
2785 {
2786 return struct_exprt{
2787 {simplify_node(binary_exprt{
2788 expr.op0(),
2789 expr.id() == ID_overflow_result_plus ? ID_plus : ID_mult,
2790 expr.op1()}),
2791 false_exprt{}},
2792 expr.type()};
2793 }
2794
2795 // we only handle constants over signedbv/unsignedbv for the remaining cases
2796 if(op_type_id != ID_signedbv && op_type_id != ID_unsignedbv)
2797 return unchanged(expr);
2798
2799 // a special case of overflow-minus checking with operands (X + n) and X
2800 if(expr.id() == ID_overflow_result_minus)
2801 {
2802 const exprt &tc_op0 = skip_typecast(expr.op0());
2803 const exprt &tc_op1 = skip_typecast(expr.op1());
2804
2805 if(auto sum = expr_try_dynamic_cast<plus_exprt>(tc_op0))
2806 {
2807 if(skip_typecast(sum->op0()) == tc_op1 && sum->operands().size() == 2)
2808 {
2809 std::optional<exprt> offset;
2810 if(sum->type().id() == ID_pointer)
2811 {
2812 offset = std::move(simplify_pointer_offset(
2813 pointer_offset_exprt{*sum, expr.op0().type()})
2814 .expr);
2815 if(offset->id() == ID_pointer_offset)
2816 return unchanged(expr);
2817 }
2818 else
2819 offset = std::move(
2820 simplify_typecast(typecast_exprt{sum->op1(), expr.op0().type()})
2821 .expr);
2822
2823 exprt offset_op = skip_typecast(*offset);
2824 if(
2825 offset_op.type().id() != ID_signedbv &&
2826 offset_op.type().id() != ID_unsignedbv)
2827 {
2828 return unchanged(expr);
2829 }
2830
2831 const std::size_t width =
2832 to_bitvector_type(expr.op0().type()).get_width();
2833 const integer_bitvector_typet bv_type{op_type_id, width};
2834
2835 or_exprt not_representable{
2836 binary_relation_exprt{
2837 offset_op,
2838 ID_lt,
2839 from_integer(bv_type.smallest(), offset_op.type())},
2840 binary_relation_exprt{
2841 offset_op,
2842 ID_gt,
2843 from_integer(bv_type.largest(), offset_op.type())}};
2844
2845 return struct_exprt{
2846 {*offset, simplify_rec(not_representable)}, expr.type()};
2847 }
2848 }
2849 }
2850
2851 if(!expr.op0().is_constant() || !expr.op1().is_constant())
2852 return unchanged(expr);
2853
2854 // preserve the sizeof type annotation
2855 std::optional<typet> c_sizeof_type;
2856 for(const auto &op : expr.operands())
2857 {
2858 const typet &sizeof_type =
2859 static_cast<const typet &>(op.find(ID_C_c_sizeof_type));
2860 if(sizeof_type.is_not_nil())
2861 {
2862 c_sizeof_type = sizeof_type;
2863 break;
2864 }
2865 }
2866
2867 const auto op0_value = numeric_cast<mp_integer>(expr.op0());
2868 const auto op1_value = numeric_cast<mp_integer>(expr.op1());
2869 if(!op0_value.has_value() || !op1_value.has_value())
2870 return unchanged(expr);
2871
2872 mp_integer no_overflow_result;
2873 if(expr.id() == ID_overflow_result_plus)
2874 no_overflow_result = *op0_value + *op1_value;
2875 else if(expr.id() == ID_overflow_result_minus)
2876 no_overflow_result = *op0_value - *op1_value;
2877 else if(expr.id() == ID_overflow_result_mult)
2878 no_overflow_result = *op0_value * *op1_value;
2879 else if(expr.id() == ID_overflow_result_shl)
2880 no_overflow_result = *op0_value << *op1_value;
2881 else
2882 UNREACHABLE;
2883
2884 exprt no_overflow_result_expr =
2885 from_integer(no_overflow_result, expr.op0().type());
2886 if(c_sizeof_type.has_value())
2887 no_overflow_result_expr.set(ID_C_c_sizeof_type, *c_sizeof_type);
2888
2889 const std::size_t width = to_bitvector_type(expr.op0().type()).get_width();
2890 const integer_bitvector_typet bv_type{op_type_id, width};
2891 if(
2892 no_overflow_result < bv_type.smallest() ||
2893 no_overflow_result > bv_type.largest())
2894 {
2895 return struct_exprt{
2896 {std::move(no_overflow_result_expr), true_exprt{}}, expr.type()};
2897 }
2898 else
2899 {
2900 return struct_exprt{
2901 {std::move(no_overflow_result_expr), false_exprt{}}, expr.type()};
2902 }
2903 }
2904}
2905
2906simplify_exprt::resultt<>
2907simplify_exprt::simplify_node_preorder(const exprt &expr)
2908{
2909 auto result = unchanged(expr);
2910
2911 // The ifs below could one day be replaced by a switch()
2912
2913 if(expr.id()==ID_address_of)
2914 {
2915 // the argument of this expression needs special treatment
2916 }
2917 else if(expr.id()==ID_if)
2918 {
2919 result = simplify_if_preorder(to_if_expr(expr));
2920 }
2921 else if(expr.id() == ID_typecast)
2922 {
2923 result = simplify_typecast_preorder(to_typecast_expr(expr));
2924 }
2925 else if(
2926 expr.id() == ID_byte_extract_little_endian ||
2927 expr.id() == ID_byte_extract_big_endian)
2928 {
2929 result = simplify_byte_extract_preorder(to_byte_extract_expr(expr));
2930 }
2931 else if(expr.id() == ID_dereference)
2932 {
2933 result = simplify_dereference_preorder(to_dereference_expr(expr));
2934 }
2935 else if(expr.id() == ID_index)
2936 {
2937 result = simplify_index_preorder(to_index_expr(expr));
2938 }
2939 else if(expr.id() == ID_member)
2940 {
2941 result = simplify_member_preorder(to_member_expr(expr));
2942 }
2943 else if(
2944 expr.id() == ID_is_dynamic_object || expr.id() == ID_is_invalid_pointer ||
2945 expr.id() == ID_object_size || expr.id() == ID_pointer_object ||
2946 expr.id() == ID_pointer_offset)
2947 {
2948 result = simplify_unary_pointer_predicate_preorder(to_unary_expr(expr));
2949 }
2950 else if(expr.has_operands())
2951 {
2952 std::optional<exprt::operandst> new_operands;
2953
2954 for(std::size_t i = 0; i < expr.operands().size(); ++i)
2955 {
2956 auto r_it = simplify_rec(expr.operands()[i]); // recursive call
2957 if(r_it.has_changed())
2958 {
2959 if(!new_operands.has_value())
2960 new_operands = expr.operands();
2961 (*new_operands)[i] = std::move(r_it.expr);
2962 }
2963 }
2964
2965 if(new_operands.has_value())
2966 {
2967 std::swap(result.expr.operands(), *new_operands);
2968 result.expr_changed = resultt<>::CHANGED;
2969 }
2970 }
2971
2972 if(as_const(result.expr).type().id() == ID_array)
2973 {
2974 const array_typet &array_type = to_array_type(as_const(result.expr).type());
2975 resultt<> simp_size = simplify_rec(array_type.size());
2976 if(simp_size.has_changed())
2977 {
2978 to_array_type(result.expr.type()).size() = simp_size.expr;
2979 result.expr_changed = resultt<>::CHANGED;
2980 }
2981 }
2982
2983 return result;
2984}
2985
2986simplify_exprt::resultt<> simplify_exprt::simplify_node(const exprt &node)
2987{
2988 if(!node.has_operands())
2989 return unchanged(node); // no change
2990
2991 // #define DEBUGX
2992
2993#ifdef DEBUGX
2994 exprt old(node);
2995#endif
2996
2997 exprt expr = node;
2998 bool no_change_join_operands = join_operands(expr);
2999
3000 resultt<> r = unchanged(expr);
3001
3002 if(expr.id()==ID_typecast)
3003 {
3004 r = simplify_typecast(to_typecast_expr(expr));
3005 }
3006 else if(expr.id()==ID_equal || expr.id()==ID_notequal ||
3007 expr.id()==ID_gt || expr.id()==ID_lt ||
3008 expr.id()==ID_ge || expr.id()==ID_le)
3009 {
3010 r = simplify_inequality(to_binary_relation_expr(expr));
3011 }
3012 else if(expr.id()==ID_if)
3013 {
3014 r = simplify_if(to_if_expr(expr));
3015 }
3016 else if(expr.id()==ID_lambda)
3017 {
3018 r = simplify_lambda(to_lambda_expr(expr));
3019 }
3020 else if(expr.id()==ID_with)
3021 {
3022 r = simplify_with(to_with_expr(expr));
3023 }
3024 else if(expr.id()==ID_update)
3025 {
3026 r = simplify_update(to_update_expr(expr));
3027 }
3028 else if(expr.id()==ID_index)
3029 {
3030 r = simplify_index(to_index_expr(expr));
3031 }
3032 else if(expr.id()==ID_member)
3033 {
3034 r = simplify_member(to_member_expr(expr));
3035 }
3036 else if(expr.id()==ID_byte_update_little_endian ||
3037 expr.id()==ID_byte_update_big_endian)
3038 {
3039 r = simplify_byte_update(to_byte_update_expr(expr));
3040 }
3041 else if(expr.id()==ID_byte_extract_little_endian ||
3042 expr.id()==ID_byte_extract_big_endian)
3043 {
3044 r = simplify_byte_extract(to_byte_extract_expr(expr));
3045 }
3046 else if(expr.id()==ID_pointer_object)
3047 {
3048 r = simplify_pointer_object(to_pointer_object_expr(expr));
3049 }
3050 else if(expr.id() == ID_is_dynamic_object)
3051 {
3052 r = simplify_is_dynamic_object(to_unary_expr(expr));
3053 }
3054 else if(expr.id() == ID_is_invalid_pointer)
3055 {
3056 r = simplify_is_invalid_pointer(to_unary_expr(expr));
3057 }
3058 else if(
3059 const auto object_size = expr_try_dynamic_cast<object_size_exprt>(expr))
3060 {
3061 r = simplify_object_size(*object_size);
3062 }
3063 else if(expr.id()==ID_div)
3064 {
3065 r = simplify_div(to_div_expr(expr));
3066 }
3067 else if(expr.id()==ID_mod)
3068 {
3069 r = simplify_mod(to_mod_expr(expr));
3070 }
3071 else if(expr.id()==ID_bitnot)
3072 {
3073 r = simplify_bitnot(to_bitnot_expr(expr));
3074 }
3075 else if(
3076 expr.id() == ID_bitand || expr.id() == ID_bitor || expr.id() == ID_bitxor ||
3077 expr.id() == ID_bitxnor)
3078 {
3079 r = simplify_bitwise(to_multi_ary_expr(expr));
3080 }
3081 else if(expr.id()==ID_ashr || expr.id()==ID_lshr || expr.id()==ID_shl)
3082 {
3083 r = simplify_shifts(to_shift_expr(expr));
3084 }
3085 else if(expr.id()==ID_power)
3086 {
3087 r = simplify_power(to_power_expr(expr));
3088 }
3089 else if(expr.id()==ID_plus)
3090 {
3091 r = simplify_plus(to_plus_expr(expr));
3092 }
3093 else if(expr.id()==ID_minus)
3094 {
3095 r = simplify_minus(to_minus_expr(expr));
3096 }
3097 else if(expr.id()==ID_mult)
3098 {
3099 r = simplify_mult(to_mult_expr(expr));
3100 }
3101 else if(expr.id()==ID_floatbv_plus ||
3102 expr.id()==ID_floatbv_minus ||
3103 expr.id()==ID_floatbv_mult ||
3104 expr.id()==ID_floatbv_div)
3105 {
3106 r = simplify_floatbv_op(to_ieee_float_op_expr(expr));
3107 }
3108 else if(expr.id() == ID_floatbv_round_to_integral)
3109 {
3110 r = simplify_floatbv_round_to_integral(
3111 to_floatbv_round_to_integral_expr(expr));
3112 }
3113 else if(expr.id()==ID_floatbv_typecast)
3114 {
3115 r = simplify_floatbv_typecast(to_floatbv_typecast_expr(expr));
3116 }
3117 else if(expr.id()==ID_unary_minus)
3118 {
3119 r = simplify_unary_minus(to_unary_minus_expr(expr));
3120 }
3121 else if(expr.id()==ID_unary_plus)
3122 {
3123 r = simplify_unary_plus(to_unary_plus_expr(expr));
3124 }
3125 else if(expr.id()==ID_not)
3126 {
3127 r = simplify_not(to_not_expr(expr));
3128 }
3129 else if(expr.id()==ID_implies ||
3130 expr.id()==ID_or || expr.id()==ID_xor ||
3131 expr.id()==ID_and)
3132 {
3133 r = simplify_boolean(expr);
3134 }
3135 else if(expr.id()==ID_dereference)
3136 {
3137 r = simplify_dereference(to_dereference_expr(expr));
3138 }
3139 else if(expr.id()==ID_address_of)
3140 {
3141 r = simplify_address_of(to_address_of_expr(expr));
3142 }
3143 else if(expr.id()==ID_pointer_offset)
3144 {
3145 r = simplify_pointer_offset(to_pointer_offset_expr(expr));
3146 }
3147 else if(expr.id()==ID_extractbit)
3148 {
3149 r = simplify_extractbit(to_extractbit_expr(expr));
3150 }
3151 else if(expr.id()==ID_concatenation)
3152 {
3153 r = simplify_concatenation(to_concatenation_expr(expr));
3154 }
3155 else if(expr.id()==ID_extractbits)
3156 {
3157 r = simplify_extractbits(to_extractbits_expr(expr));
3158 }
3159 else if(expr.id() == ID_zero_extend)
3160 {
3161 r = simplify_zero_extend(to_zero_extend_expr(expr));
3162 }
3163 else if(expr.id()==ID_ieee_float_equal ||
3164 expr.id()==ID_ieee_float_notequal)
3165 {
3166 r = simplify_ieee_float_relation(to_binary_relation_expr(expr));
3167 }
3168 else if(expr.id() == ID_bswap)
3169 {
3170 r = simplify_bswap(to_bswap_expr(expr));
3171 }
3172 else if(expr.id()==ID_isinf)
3173 {
3174 r = simplify_isinf(to_unary_expr(expr));
3175 }
3176 else if(expr.id()==ID_isnan)
3177 {
3178 r = simplify_isnan(to_unary_expr(expr));
3179 }
3180 else if(expr.id()==ID_isnormal)
3181 {
3182 r = simplify_isnormal(to_unary_expr(expr));
3183 }
3184 else if(expr.id()==ID_abs)
3185 {
3186 r = simplify_abs(to_abs_expr(expr));
3187 }
3188 else if(expr.id()==ID_sign)
3189 {
3190 r = simplify_sign(to_sign_expr(expr));
3191 }
3192 else if(expr.id() == ID_popcount)
3193 {
3194 r = simplify_popcount(to_popcount_expr(expr));
3195 }
3196 else if(expr.id() == ID_count_leading_zeros)
3197 {
3198 r = simplify_clz(to_count_leading_zeros_expr(expr));
3199 }
3200 else if(expr.id() == ID_count_trailing_zeros)
3201 {
3202 r = simplify_ctz(to_count_trailing_zeros_expr(expr));
3203 }
3204 else if(expr.id() == ID_find_first_set)
3205 {
3206 r = simplify_ffs(to_find_first_set_expr(expr));
3207 }
3208 else if(expr.id() == ID_function_application)
3209 {
3210 r = simplify_function_application(to_function_application_expr(expr));
3211 }
3212 else if(expr.id() == ID_complex_real || expr.id() == ID_complex_imag)
3213 {
3214 r = simplify_complex(to_unary_expr(expr));
3215 }
3216 else if(
3217 const auto binary_overflow =
3218 expr_try_dynamic_cast<binary_overflow_exprt>(expr))
3219 {
3220 r = simplify_overflow_binary(*binary_overflow);
3221 }
3222 else if(
3223 const auto unary_overflow =
3224 expr_try_dynamic_cast<unary_overflow_exprt>(expr))
3225 {
3226 r = simplify_overflow_unary(*unary_overflow);
3227 }
3228 else if(
3229 const auto overflow_result =
3230 expr_try_dynamic_cast<overflow_result_exprt>(expr))
3231 {
3232 r = simplify_overflow_result(*overflow_result);
3233 }
3234 else if(expr.id() == ID_bitreverse)
3235 {
3236 r = simplify_bitreverse(to_bitreverse_expr(expr));
3237 }
3238 else if(
3239 const auto prophecy_r_or_w_ok =
3240 expr_try_dynamic_cast<prophecy_r_or_w_ok_exprt>(expr))
3241 {
3242 r = simplify_prophecy_r_or_w_ok(*prophecy_r_or_w_ok);
3243 }
3244 else if(
3245 const auto prophecy_pointer_in_range =
3246 expr_try_dynamic_cast<prophecy_pointer_in_range_exprt>(expr))
3247 {
3248 r = simplify_prophecy_pointer_in_range(*prophecy_pointer_in_range);
3249 }
3250 else if(expr.id() == ID_exists || expr.id() == ID_forall)
3251 {
3252 r = simplify_quantifier_expr(to_quantifier_expr(expr));
3253 }
3254
3255 if(!no_change_join_operands)
3256 r = changed(r);
3257
3258#ifdef DEBUGX
3259 if(
3260 r.has_changed()
3261# ifdef DEBUG_ON_DEMAND
3262 && debug_on
3263# endif
3264 )
3265 {
3266 std::cout << "===== " << node.id() << ": " << format(node) << '\n'
3267 << " ---> " << format(r.expr) << '\n';
3268 }
3269#endif
3270
3271 return r;
3272}
3273
3274simplify_exprt::resultt<> simplify_exprt::simplify_rec(const exprt &expr)
3275{
3276 // look up in cache
3277
3278 #ifdef USE_CACHE
3279 std::pair<simplify_expr_cachet::containert::iterator, bool>
3280 cache_result=simplify_expr_cache.container().
3281 insert(std::pair<exprt, exprt>(expr, exprt()));
3282
3283 if(!cache_result.second) // found!
3284 {
3285 const exprt &new_expr=cache_result.first->second;
3286
3287 if(new_expr.id().empty())
3288 return true; // no change
3289
3290 expr=new_expr;
3291 return false;
3292 }
3293 #endif
3294
3295 // We work on a copy to prevent unnecessary destruction of sharing.
3296 auto simplify_node_preorder_result = simplify_node_preorder(expr);
3297
3298 auto simplify_node_result = simplify_node(simplify_node_preorder_result.expr);
3299
3300 if(
3301 !simplify_node_result.has_changed() &&
3302 simplify_node_preorder_result.has_changed())
3303 {
3304 simplify_node_result.expr_changed =
3305 simplify_node_preorder_result.expr_changed;
3306 }
3307
3308#ifdef USE_LOCAL_REPLACE_MAP
3309 exprt tmp = simplify_node_result.expr;
3310# if 1
3311 replace_mapt::const_iterator it =
3312 local_replace_map.find(simplify_node_result.expr);
3313 if(it!=local_replace_map.end())
3314 simplify_node_result = changed(it->second);
3315# else
3316 if(
3317 !local_replace_map.empty() &&
3318 !replace_expr(local_replace_map, simplify_node_result.expr))
3319 {
3320 simplify_node_result = changed(simplify_rec(simplify_node_result.expr));
3321 }
3322# endif
3323#endif
3324
3325 if(!simplify_node_result.has_changed())
3326 {
3327 return unchanged(expr);
3328 }
3329 else
3330 {
3331 POSTCONDITION_WITH_DIAGNOSTICS(
3332 (as_const(simplify_node_result.expr).type().id() == ID_array &&
3333 expr.type().id() == ID_array) ||
3334 as_const(simplify_node_result.expr).type() == expr.type(),
3335 simplify_node_result.expr.pretty(),
3336 expr.pretty());
3337
3338#ifdef USE_CACHE
3339 // save in cache
3340 cache_result.first->second = simplify_node_result.expr;
3341#endif
3342
3343 return simplify_node_result;
3344 }
3345}
3346
3348bool simplify_exprt::simplify(exprt &expr)
3349{
3350#ifdef DEBUG_ON_DEMAND
3351 if(debug_on)
3352 std::cout << "TO-SIMP " << format(expr) << "\n";
3353#endif
3354 auto result = simplify_rec(expr);
3355#ifdef DEBUG_ON_DEMAND
3356 if(debug_on)
3357 std::cout << "FULLSIMP " << format(result.expr) << "\n";
3358#endif
3359 if(result.has_changed())
3360 {
3361 expr = result.expr;
3362 return false; // change
3363 }
3364 else
3365 return true; // no change
3366}
3367
3369bool simplify(exprt &expr, const namespacet &ns)
3370{
3371 return simplify_exprt(ns).simplify(expr);
3372}
3373
3374exprt simplify_expr(exprt src, const namespacet &ns)
3375{
3376 simplify_exprt(ns).simplify(src);
3377 return src;
3378}
config
configt config
Definition config.cpp:25
bvrep2integer
mp_integer bvrep2integer(const irep_idt &src, std::size_t width, bool is_signed)
convert a bit-vector representation (possibly signed) to integer
Definition arith_tools.cpp:414
from_integer
constant_exprt from_integer(const mp_integer &int_value, const typet &type)
Definition arith_tools.cpp:99
to_integer
bool to_integer(const constant_exprt &expr, mp_integer &int_value)
Convert a constant expression expr to an arbitrary-precision integer.
Definition arith_tools.cpp:20
get_bvrep_bit
bool get_bvrep_bit(const irep_idt &src, std::size_t width, std::size_t bit_index)
Get a bit with given index from bit-vector representation.
Definition arith_tools.cpp:274
power
mp_integer power(const mp_integer &base, const mp_integer &exponent)
A multi-precision implementation of the power operator.
Definition arith_tools.cpp:207
as_const
const T & as_const(T &value)
Return a reference to the same object but ensures the type is const.
Definition as_const.h:14
bitvector_expr.h
API to expression classes for bitvectors.
to_shift_expr
const shift_exprt & to_shift_expr(const exprt &expr)
Cast an exprt to a shift_exprt.
Definition bitvector_expr.h:427
to_popcount_expr
const popcount_exprt & to_popcount_expr(const exprt &expr)
Cast an exprt to a popcount_exprt.
Definition bitvector_expr.h:993
to_extractbits_expr
const extractbits_exprt & to_extractbits_expr(const exprt &expr)
Cast an exprt to an extractbits_exprt.
Definition bitvector_expr.h:652
to_find_first_set_expr
const find_first_set_exprt & to_find_first_set_expr(const exprt &expr)
Cast an exprt to a find_first_set_exprt.
Definition bitvector_expr.h:1797
to_bitnot_expr
const bitnot_exprt & to_bitnot_expr(const exprt &expr)
Cast an exprt to a bitnot_exprt.
Definition bitvector_expr.h:106
to_bswap_expr
const bswap_exprt & to_bswap_expr(const exprt &expr)
Cast an exprt to a bswap_exprt.
Definition bitvector_expr.h:63
to_count_leading_zeros_expr
const count_leading_zeros_exprt & to_count_leading_zeros_expr(const exprt &expr)
Cast an exprt to a count_leading_zeros_exprt.
Definition bitvector_expr.h:1351
to_bitreverse_expr
const bitreverse_exprt & to_bitreverse_expr(const exprt &expr)
Cast an exprt to a bitreverse_exprt.
Definition bitvector_expr.h:1494
to_extractbit_expr
const extractbit_exprt & to_extractbit_expr(const exprt &expr)
Cast an exprt to an extractbit_exprt.
Definition bitvector_expr.h:578
to_concatenation_expr
const concatenation_exprt & to_concatenation_expr(const exprt &expr)
Cast an exprt to a concatenation_exprt.
Definition bitvector_expr.h:944
to_zero_extend_expr
const zero_extend_exprt & to_zero_extend_expr(const exprt &expr)
Cast an exprt to a zero_extend_exprt.
Definition bitvector_expr.h:1844
to_count_trailing_zeros_expr
const count_trailing_zeros_exprt & to_count_trailing_zeros_expr(const exprt &expr)
Cast an exprt to a count_trailing_zeros_exprt.
Definition bitvector_expr.h:1444
to_bv_type
const bv_typet & to_bv_type(const typet &type)
Cast a typet to a bv_typet.
Definition bitvector_types.h:86
to_fixedbv_type
const fixedbv_typet & to_fixedbv_type(const typet &type)
Cast a typet to a fixedbv_typet.
Definition bitvector_types.h:324
to_bitvector_type
const bitvector_typet & to_bitvector_type(const typet &type)
Cast a typet to a bitvector_typet.
Definition bitvector_types.h:32
to_floatbv_type
const floatbv_typet & to_floatbv_type(const typet &type)
Cast a typet to a floatbv_typet.
Definition bitvector_types.h:386
slice
void slice(symex_bmct &symex, symex_target_equationt &symex_target_equation, const namespacet &ns, const optionst &options, ui_message_handlert &ui_message_handler)
Definition bmc_util.cpp:176
byte_operators.h
Expression classes for byte-level operators.
to_byte_update_expr
const byte_update_exprt & to_byte_update_expr(const exprt &expr)
Definition byte_operators.h:143
lower_byte_extract
exprt lower_byte_extract(const byte_extract_exprt &src, const namespacet &ns)
Rewrite a byte extract expression to more fundamental operations.
Definition lower_byte_operators.cpp:1215
to_byte_extract_expr
const byte_extract_exprt & to_byte_extract_expr(const exprt &expr)
Definition byte_operators.h:70
pointer_type
pointer_typet pointer_type(const typet &subtype)
Definition c_types.cpp:235
c_types.h
to_c_enum_type
const c_enum_typet & to_c_enum_type(const typet &type)
Cast a typet to a c_enum_typet.
Definition c_types.h:335
to_c_enum_tag_type
const c_enum_tag_typet & to_c_enum_tag_type(const typet &type)
Cast a typet to a c_enum_tag_typet.
Definition c_types.h:377
to_union_type
const union_typet & to_union_type(const typet &type)
Cast a typet to a union_typet.
Definition c_types.h:184
to_union_tag_type
const union_tag_typet & to_union_tag_type(const typet &type)
Cast a typet to a union_tag_typet.
Definition c_types.h:224
abs_exprt
Absolute value.
Definition std_expr.h:442
address_of_exprt
Operator to return the address of an object.
Definition pointer_expr.h:540
ait
ait supplies three of the four components needed: an abstract interpreter (in this case handling func...
Definition ai.h:562
ait::ait
ait()
Definition ai.h:565
array_exprt
Array constructor from list of elements.
Definition std_expr.h:1621
array_typet
Arrays with given size.
Definition std_types.h:807
binary_exprt
A base class for binary expressions.
Definition std_expr.h:638
binary_exprt::op0
exprt & op0()
Definition expr.h:134
binary_exprt::op1
exprt & op1()
Definition expr.h:137
binary_overflow_exprt
A Boolean expression returning true, iff operation kind would result in an overflow when applied to o...
Definition bitvector_expr.h:1013
binary_relation_exprt
A base class for relations, i.e., binary predicates whose two operands have the same type.
Definition std_expr.h:762
byte_extract_exprt
Expression of type type extracted from some object op starting at position offset (given in number of...
Definition byte_operators.h:29
byte_extract_exprt::offset
exprt & offset()
Definition byte_operators.h:47
byte_extract_exprt::op
exprt & op()
Definition byte_operators.h:46
byte_extract_exprt::get_bits_per_byte
std::size_t get_bits_per_byte() const
Definition byte_operators.h:52
byte_update_exprt
Expression corresponding to op() where the bytes starting at position offset (given in number of byte...
Definition byte_operators.h:91
byte_update_exprt::offset
const exprt & offset() const
Definition byte_operators.h:122
byte_update_exprt::op
const exprt & op() const
Definition byte_operators.h:121
byte_update_exprt::get_bits_per_byte
std::size_t get_bits_per_byte() const
Definition byte_operators.h:125
byte_update_exprt::value
const exprt & value() const
Definition byte_operators.h:123
c_bool_typet
The C/C++ Booleans.
Definition c_types.h:97
c_enum_tag_typet
C enum tag type, i.e., c_enum_typet with an identifier.
Definition c_types.h:352
can_forward_propagatet
Determine whether an expression is constant.
Definition expr_util.h:87
configt::ansi_c
struct configt::ansi_ct ansi_c
constant_exprt
A constant literal expression.
Definition std_expr.h:3118
count_leading_zeros_exprt
The count leading zeros (counting the number of zero bits starting from the most-significant bit) exp...
Definition bitvector_expr.h:1283
count_leading_zeros_exprt::zero_permitted
bool zero_permitted() const
Definition bitvector_expr.h:1296
count_trailing_zeros_exprt
The count trailing zeros (counting the number of zero bits starting from the least-significant bit) e...
Definition bitvector_expr.h:1376
count_trailing_zeros_exprt::zero_permitted
bool zero_permitted() const
Definition bitvector_expr.h:1389
dereference_exprt
Operator to dereference a pointer.
Definition pointer_expr.h:834
dereference_exprt::pointer
exprt & pointer()
Definition pointer_expr.h:847
dstringt
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Definition dstring.h:38
empty_union_exprt
Union constructor to support unions without any member (a GCC/Clang feature).
Definition std_expr.h:1834
exprt
Base class for all expressions.
Definition expr.h:57
exprt::operandst
std::vector< exprt > operandst
Definition expr.h:59
exprt::has_operands
bool has_operands() const
Return true if there is at least one operand.
Definition expr.h:92
exprt::is_constant
bool is_constant() const
Return whether the expression is a constant.
Definition expr.h:213
exprt::type
typet & type()
Return the type of the expression.
Definition expr.h:85
exprt::operands
operandst & operands()
Definition expr.h:95
exprt::source_location
const source_locationt & source_location() const
Definition expr.h:236
exprt::add_to_operands
void add_to_operands(const exprt &expr)
Add the given argument to the end of exprt's operands.
Definition expr.h:171
extractbits_exprt
Extracts a sub-range of a bit-vector operand.
Definition bitvector_expr.h:597
false_exprt
The Boolean constant false.
Definition std_expr.h:3246
find_first_set_exprt
Returns one plus the index of the least-significant one bit, or zero if the operand is zero.
Definition bitvector_expr.h:1741
fixedbv_spect
Definition fixedbv.h:20
fixedbv_typet
Fixed-width bit-vector with signed fixed-point interpretation.
Definition bitvector_types.h:280
fixedbvt::spec
fixedbv_spect spec
Definition fixedbv.h:44
fixedbvt::from_integer
void from_integer(const mp_integer &i)
Definition fixedbv.cpp:32
fixedbvt::to_integer
mp_integer to_integer() const
Definition fixedbv.cpp:37
fixedbvt::round
void round(const fixedbv_spect &dest_spec)
Definition fixedbv.cpp:52
fixedbvt::to_expr
constant_exprt to_expr() const
Definition fixedbv.cpp:43
floatbv_typet
Fixed-width bit-vector with IEEE floating-point interpretation.
Definition bitvector_types.h:341
function_application_exprt
Application of (mathematical) function.
Definition mathematical_expr.h:213
function_application_exprt::arguments
argumentst & arguments()
Definition mathematical_expr.h:234
function_application_exprt::function
exprt & function()
Definition mathematical_expr.h:221
ieee_float_spect
Definition ieee_float.h:22
ieee_float_valuet
An IEEE 754 floating-point value, including specificiation.
Definition ieee_float.h:117
ieee_float_valuet::set_sign
void set_sign(bool _sign)
Definition ieee_float.h:160
ieee_float_valuet::spec
ieee_float_spect spec
Definition ieee_float.h:119
ieee_float_valuet::to_expr
constant_exprt to_expr() const
Definition ieee_float.cpp:579
ieee_float_valuet::pack
mp_integer pack() const
Definition ieee_float.cpp:377
ieee_float_valuet::get_sign
bool get_sign() const
Definition ieee_float.h:254
ieee_floatt
An IEEE 754 value plus a rounding mode, enabling operations with rounding on values.
Definition ieee_float.h:338
ieee_floatt::to_integer
mp_integer to_integer() const
Definition ieee_float.cpp:1256
ieee_floatt::from_integer
void from_integer(const mp_integer &i)
Definition ieee_float.cpp:813
ieee_floatt::ROUND_TO_EVEN
@ ROUND_TO_EVEN
Definition ieee_float.h:348
ieee_floatt::change_spec
void change_spec(const ieee_float_spect &dest_spec)
Definition ieee_float.cpp:1231
if_exprt
The trinary if-then-else operator.
Definition std_expr.h:2502
index_exprt
Array index operator.
Definition std_expr.h:1470
index_exprt::index
exprt & index()
Definition std_expr.h:1510
index_exprt::array
exprt & array()
Definition std_expr.h:1500
integer_bitvector_typet
Fixed-width bit-vector representing a signed or unsigned integer.
Definition bitvector_types.h:103
irept::pretty
std::string pretty(unsigned indent=0, unsigned max_indent=0) const
Definition irep.cpp:482
irept::get
const irep_idt & get(const irep_idt &name) const
Definition irep.cpp:44
irept::id
const irep_idt & id() const
Definition irep.h:388
lambda_exprt
A (mathematical) lambda expression.
Definition mathematical_expr.h:438
member_exprt
Extract member of struct or union.
Definition std_expr.h:2972
mult_exprt
Binary multiplication Associativity is not specified.
Definition std_expr.h:1107
namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition namespace.h:91
nil_exprt
The NIL expression.
Definition std_expr.h:3255
null_pointer_exprt
The null pointer constant.
Definition pointer_expr.h:909
or_exprt
Boolean OR.
Definition std_expr.h:2275
overflow_result_exprt
An expression returning both the result of the arithmetic operation under wrap-around semantics as we...
Definition bitvector_expr.h:1613
overflow_result_exprt::op0
exprt & op0()
Definition expr.h:134
overflow_result_exprt::op1
exprt & op1()
Definition expr.h:137
plus_exprt
The plus expression Associativity is not specified.
Definition std_expr.h:1002
pointer_offset_exprt
The offset (in bytes) of a pointer relative to the object.
Definition pointer_expr.h:1282
popcount_exprt
The popcount (counting the number of bits set to 1) expression.
Definition bitvector_expr.h:959
refined_string_exprt
Definition string_expr.h:110
refined_string_exprt::length
const exprt & length() const
Definition string_expr.h:129
refined_string_exprt::content
const exprt & content() const
Definition string_expr.h:139
sign_exprt
Sign of an expression Predicate is true if _op is negative, false otherwise.
Definition std_expr.h:596
signedbv_typet
Fixed-width bit-vector with two's complement interpretation.
Definition bitvector_types.h:222
simplify_exprt
Definition simplify_expr_class.h:85
simplify_exprt::simplify_isnan
resultt simplify_isnan(const unary_exprt &)
Definition simplify_expr_floatbv.cpp:37
simplify_exprt::simplify_bitwise
resultt simplify_bitwise(const multi_ary_exprt &)
Definition simplify_expr_int.cpp:664
simplify_exprt::ns
const namespacet & ns
Definition simplify_expr_class.h:291
simplify_exprt::simplify_quantifier_expr
resultt simplify_quantifier_expr(const quantifier_exprt &)
Try to simplify exists/forall to a constant expression.
Definition simplify_expr_boolean.cpp:382
simplify_exprt::simplify_div
resultt simplify_div(const div_exprt &)
Definition simplify_expr_int.cpp:276
simplify_exprt::simplify_byte_extract
resultt simplify_byte_extract(const byte_extract_exprt &)
Definition simplify_expr.cpp:1650
simplify_exprt::simplify_bitreverse
resultt simplify_bitreverse(const bitreverse_exprt &)
Try to simplify bit-reversing to a constant expression.
Definition simplify_expr_int.cpp:2078
simplify_exprt::simplify_abs
resultt simplify_abs(const abs_exprt &)
Definition simplify_expr.cpp:65
simplify_exprt::simplify_isnormal
resultt simplify_isnormal(const unary_exprt &)
Definition simplify_expr_floatbv.cpp:51
simplify_exprt::simplify_dereference
resultt simplify_dereference(const dereference_exprt &)
Definition simplify_expr.cpp:1395
simplify_exprt::simplify_bitnot
resultt simplify_bitnot(const bitnot_exprt &)
Definition simplify_expr_int.cpp:1322
simplify_exprt::simplify_zero_extend
resultt simplify_zero_extend(const zero_extend_exprt &)
Definition simplify_expr_int.cpp:1011
simplify_exprt::simplify_prophecy_r_or_w_ok
resultt simplify_prophecy_r_or_w_ok(const prophecy_r_or_w_ok_exprt &)
Try to simplify prophecy_{r,w,rw}_ok to a constant expression.
Definition simplify_expr_pointer.cpp:687
simplify_exprt::simplify_member_preorder
resultt simplify_member_preorder(const member_exprt &)
Definition simplify_expr_struct.cpp:279
simplify_exprt::simplify_popcount
resultt simplify_popcount(const popcount_exprt &)
Definition simplify_expr.cpp:125
simplify_exprt::changed
static resultt changed(resultt<> result)
Definition simplify_expr_class.h:146
simplify_exprt::simplify_dereference_preorder
resultt simplify_dereference_preorder(const dereference_exprt &)
Definition simplify_expr.cpp:1436
simplify_exprt::simplify_unary_pointer_predicate_preorder
resultt simplify_unary_pointer_predicate_preorder(const unary_exprt &)
Definition simplify_expr_pointer.cpp:55
simplify_exprt::simplify_address_of
resultt simplify_address_of(const address_of_exprt &)
Definition simplify_expr_pointer.cpp:238
simplify_exprt::simplify_if
resultt simplify_if(const if_exprt &)
Definition simplify_expr_if.cpp:335
simplify_exprt::simplify_node
resultt simplify_node(const exprt &)
Definition simplify_expr.cpp:2986
simplify_exprt::simplify_node_preorder
resultt simplify_node_preorder(const exprt &)
Definition simplify_expr.cpp:2907
simplify_exprt::simplify_prophecy_pointer_in_range
resultt simplify_prophecy_pointer_in_range(const prophecy_pointer_in_range_exprt &)
Try to simplify prophecy_pointer_in_range to a constant expression.
Definition simplify_expr_pointer.cpp:697
simplify_exprt::simplify_overflow_unary
resultt simplify_overflow_unary(const unary_overflow_exprt &)
Try to simplify overflow-unary-.
Definition simplify_expr.cpp:2612
simplify_exprt::simplify_minus
resultt simplify_minus(const minus_exprt &)
Definition simplify_expr_int.cpp:572
simplify_exprt::simplify_extractbit
resultt simplify_extractbit(const extractbit_exprt &)
Definition simplify_expr_int.cpp:842
simplify_exprt::simplify_rec
resultt simplify_rec(const exprt &)
Definition simplify_expr.cpp:3274
simplify_exprt::simplify_shifts
resultt simplify_shifts(const shift_exprt &)
Definition simplify_expr_int.cpp:1023
simplify_exprt::simplify_index_preorder
resultt simplify_index_preorder(const index_exprt &)
Definition simplify_expr_array.cpp:208
simplify_exprt::simplify_typecast
resultt simplify_typecast(const typecast_exprt &)
Definition simplify_expr.cpp:757
simplify_exprt::simplify_pointer_object
resultt simplify_pointer_object(const pointer_object_exprt &)
Definition simplify_expr_pointer.cpp:526
simplify_exprt::simplify_boolean
resultt simplify_boolean(const exprt &)
Definition simplify_expr_boolean.cpp:20
simplify_exprt::simplify_object
resultt simplify_object(const exprt &)
Definition simplify_expr.cpp:1570
simplify_exprt::simplify_mult
resultt simplify_mult(const mult_exprt &)
Definition simplify_expr_int.cpp:165
simplify_exprt::simplify_floatbv_typecast
resultt simplify_floatbv_typecast(const floatbv_typecast_exprt &)
Definition simplify_expr_floatbv.cpp:161
simplify_exprt::simplify_with
resultt simplify_with(const with_exprt &)
Definition simplify_expr.cpp:1465
simplify_exprt::simplify_inequality
virtual resultt simplify_inequality(const binary_relation_exprt &)
simplifies inequalities !=, <=, <, >=, >, and also ==
Definition simplify_expr_int.cpp:1353
simplify_exprt::simplify_not
resultt simplify_not(const not_exprt &)
Definition simplify_expr_boolean.cpp:324
simplify_exprt::simplify_isinf
resultt simplify_isinf(const unary_exprt &)
Definition simplify_expr_floatbv.cpp:23
simplify_exprt::simplify_overflow_binary
resultt simplify_overflow_binary(const binary_overflow_exprt &)
Try to simplify overflow-+, overflow-*, overflow–, overflow-shl.
Definition simplify_expr.cpp:2540
simplify_exprt::simplify_function_application
resultt simplify_function_application(const function_application_exprt &)
Attempt to simplify mathematical function applications if we have enough information to do so.
Definition simplify_expr.cpp:700
simplify_exprt::simplify_index
resultt simplify_index(const index_exprt &)
Definition simplify_expr_array.cpp:20
simplify_exprt::simplify_bswap
resultt simplify_bswap(const bswap_exprt &)
Definition simplify_expr_int.cpp:33
simplify_exprt::simplify_member
resultt simplify_member(const member_exprt &)
Definition simplify_expr_struct.cpp:23
simplify_exprt::unchanged
static resultt unchanged(exprt expr)
Definition simplify_expr_class.h:141
simplify_exprt::simplify_byte_update
resultt simplify_byte_update(const byte_update_exprt &)
Definition simplify_expr.cpp:2072
simplify_exprt::simplify_extractbits
resultt simplify_extractbits(const extractbits_exprt &)
Simplifies extracting of bits from a constant.
Definition simplify_expr_int.cpp:1158
simplify_exprt::simplify_update
resultt simplify_update(const update_exprt &)
Definition simplify_expr.cpp:1522
simplify_exprt::simplify_is_invalid_pointer
resultt simplify_is_invalid_pointer(const unary_exprt &)
Definition simplify_expr_pointer.cpp:607
simplify_exprt::simplify_mod
resultt simplify_mod(const mod_exprt &)
Definition simplify_expr_int.cpp:369
simplify_exprt::simplify_complex
resultt simplify_complex(const unary_exprt &)
Definition simplify_expr.cpp:2519
simplify_exprt::simplify_pointer_offset
virtual resultt simplify_pointer_offset(const pointer_offset_exprt &)
Definition simplify_expr_pointer.cpp:276
simplify_exprt::simplify_plus
resultt simplify_plus(const plus_exprt &)
Definition simplify_expr_int.cpp:406
simplify_exprt::simplify
virtual bool simplify(exprt &expr)
Definition simplify_expr.cpp:3348
simplify_exprt::simplify_unary_plus
resultt simplify_unary_plus(const unary_plus_exprt &)
Definition simplify_expr_int.cpp:1255
simplify_exprt::simplify_overflow_result
resultt simplify_overflow_result(const overflow_result_exprt &)
Try to simplify overflow_result-+, overflow_result-*, overflow_result–, overflow_result-shl,...
Definition simplify_expr.cpp:2660
simplify_exprt::simplify_ffs
resultt simplify_ffs(const find_first_set_exprt &)
Try to simplify find-first-set to a constant expression.
Definition simplify_expr.cpp:203
simplify_exprt::simplify_if_preorder
resultt simplify_if_preorder(const if_exprt &expr)
Definition simplify_expr_if.cpp:241
simplify_exprt::simplify_byte_extract_preorder
resultt simplify_byte_extract_preorder(const byte_extract_exprt &)
Definition simplify_expr.cpp:2037
simplify_exprt::simplify_is_dynamic_object
resultt simplify_is_dynamic_object(const unary_exprt &)
Definition simplify_expr_pointer.cpp:558
simplify_exprt::simplify_power
resultt simplify_power(const power_exprt &)
Definition simplify_expr_int.cpp:1131
simplify_exprt::simplify_object_size
resultt simplify_object_size(const object_size_exprt &)
Definition simplify_expr_pointer.cpp:640
simplify_exprt::simplify_lambda
resultt simplify_lambda(const lambda_exprt &)
Definition simplify_expr.cpp:1460
simplify_exprt::simplify_concatenation
resultt simplify_concatenation(const concatenation_exprt &)
Definition simplify_expr_int.cpp:871
simplify_exprt::simplify_floatbv_op
resultt simplify_floatbv_op(const ieee_float_op_exprt &)
Definition simplify_expr_floatbv.cpp:295
simplify_exprt::simplify_ctz
resultt simplify_ctz(const count_trailing_zeros_exprt &)
Try to simplify count-trailing-zeros to a constant expression.
Definition simplify_expr.cpp:177
simplify_exprt::simplify_clz
resultt simplify_clz(const count_leading_zeros_exprt &)
Try to simplify count-leading-zeros to a constant expression.
Definition simplify_expr.cpp:151
simplify_exprt::simplify_ieee_float_relation
resultt simplify_ieee_float_relation(const binary_relation_exprt &)
Definition simplify_expr_floatbv.cpp:361
simplify_exprt::simplify_typecast_preorder
resultt simplify_typecast_preorder(const typecast_exprt &)
Definition simplify_expr.cpp:1366
simplify_exprt::simplify_sign
resultt simplify_sign(const sign_exprt &)
Definition simplify_expr.cpp:99
simplify_exprt::simplify_unary_minus
resultt simplify_unary_minus(const unary_minus_exprt &)
Definition simplify_expr_int.cpp:1262
simplify_exprt::simplify_floatbv_round_to_integral
resultt simplify_floatbv_round_to_integral(const floatbv_round_to_integral_exprt &)
Definition simplify_expr_floatbv.cpp:138
struct_exprt
Struct constructor from list of elements.
Definition std_expr.h:1877
struct_typet
Structure type, corresponds to C style structs.
Definition std_types.h:231
struct_union_typet::componentst
std::vector< componentt > componentst
Definition std_types.h:140
true_exprt
The Boolean constant true.
Definition std_expr.h:3237
typecast_exprt
Semantic type conversion.
Definition std_expr.h:2073
typecast_exprt::conditional_cast
static exprt conditional_cast(const exprt &expr, const typet &type)
Definition std_expr.h:2081
typet
The type of an expression, extends irept.
Definition type.h:29
unary_exprt
Generic base class for unary expressions.
Definition std_expr.h:361
unary_exprt::op
const exprt & op() const
Definition std_expr.h:391
unary_overflow_exprt
A Boolean expression returning true, iff operation kind would result in an overflow when applied to t...
Definition bitvector_expr.h:1180
union_exprt
Union constructor from single element.
Definition std_expr.h:1770
union_typet
The union type.
Definition c_types.h:147
unsignedbv_typet
Fixed-width bit-vector with unsigned binary interpretation.
Definition bitvector_types.h:168
update_exprt
Operator to update elements in structs and arrays.
Definition std_expr.h:2783
update_exprt::old
exprt & old()
Definition std_expr.h:2795
update_exprt::designator
exprt::operandst & designator()
Definition std_expr.h:2809
update_exprt::new_value
exprt & new_value()
Definition std_expr.h:2819
with_exprt
Operator to update elements in structs and arrays.
Definition std_expr.h:2603
with_exprt::new_value
exprt & new_value()
Definition std_expr.h:2633
with_exprt::where
exprt & where()
Definition std_expr.h:2623
with_exprt::old
exprt & old()
Definition std_expr.h:2613
isalpha
int isalpha(int c)
Definition ctype.c:9
tolower
int tolower(int c)
Definition ctype.c:109
isupper
int isupper(int c)
Definition ctype.c:90
Forall_operands
#define Forall_operands(it, expr)
Definition expr.h:28
make_boolean_expr
constant_exprt make_boolean_expr(bool value)
returns true_exprt if given true and false_exprt otherwise
Definition expr_util.cpp:308
is_not_zero
exprt is_not_zero(const exprt &src, const namespacet &ns)
converts a scalar/float expression to C/C++ Booleans
Definition expr_util.cpp:69
skip_typecast
const exprt & skip_typecast(const exprt &expr)
find the expression nested inside typecasts, if any
Definition expr_util.cpp:188
lift_if
if_exprt lift_if(const exprt &src, std::size_t operand_number)
lift up an if_exprt one level
Definition expr_util.cpp:172
has_subtype
bool has_subtype(const typet &type, const std::function< bool(const typet &)> &pred, const namespacet &ns)
returns true if any of the contained types satisfies pred
Definition expr_util.cpp:124
expr_util.h
Deprecated expression utility functions.
floatbv_expr.h
API to expression classes for floating-point arithmetic.
to_ieee_float_op_expr
const ieee_float_op_exprt & to_ieee_float_op_expr(const exprt &expr)
Cast an exprt to an ieee_float_op_exprt.
Definition floatbv_expr.h:489
to_floatbv_round_to_integral_expr
const floatbv_round_to_integral_exprt & to_floatbv_round_to_integral_expr(const exprt &expr)
Cast an exprt to a floatbv_round_to_integral_exprt.
Definition floatbv_expr.h:134
to_floatbv_typecast_expr
const floatbv_typecast_exprt & to_floatbv_typecast_expr(const exprt &expr)
Cast an exprt to a floatbv_typecast_exprt.
Definition floatbv_expr.h:68
format
static format_containert< T > format(const T &o)
Definition format.h:37
format_expr.h
id2string
const std::string & id2string(const irep_idt &d)
Definition irep.h:44
r
static int8_t r
Definition irep_hash.h:60
mathematical_expr.h
API to expression classes for 'mathematical' expressions.
to_quantifier_expr
const quantifier_exprt & to_quantifier_expr(const exprt &expr)
Cast an exprt to a quantifier_exprt.
Definition mathematical_expr.h:335
to_power_expr
const power_exprt & to_power_expr(const exprt &expr)
Cast an exprt to a power_exprt.
Definition mathematical_expr.h:137
to_function_application_expr
const function_application_exprt & to_function_application_expr(const exprt &expr)
Cast an exprt to a function_application_exprt.
Definition mathematical_expr.h:263
to_lambda_expr
const lambda_exprt & to_lambda_expr(const exprt &expr)
Cast an exprt to a lambda_exprt.
Definition mathematical_expr.h:477
string2integer
const mp_integer string2integer(const std::string &n, unsigned base)
Definition mp_arith.cpp:54
pointer_expr.h
API to expression classes for Pointers.
to_address_of_expr
const address_of_exprt & to_address_of_expr(const exprt &expr)
Cast an exprt to an address_of_exprt.
Definition pointer_expr.h:577
to_pointer_type
const pointer_typet & to_pointer_type(const typet &type)
Cast a typet to a pointer_typet.
Definition pointer_expr.h:93
to_dereference_expr
const dereference_exprt & to_dereference_expr(const exprt &expr)
Cast an exprt to a dereference_exprt.
Definition pointer_expr.h:890
to_pointer_offset_expr
const pointer_offset_exprt & to_pointer_offset_expr(const exprt &expr)
Cast an exprt to a pointer_offset_exprt.
Definition pointer_expr.h:1320
to_pointer_object_expr
const pointer_object_exprt & to_pointer_object_expr(const exprt &expr)
Cast an exprt to a pointer_object_exprt.
Definition pointer_expr.h:1378
pointer_offset_size
std::optional< mp_integer > pointer_offset_size(const typet &type, const namespacet &ns)
Compute the size of a type in bytes, rounding up to full bytes.
Definition pointer_offset_size.cpp:91
get_subexpression_at_offset
std::optional< exprt > get_subexpression_at_offset(const exprt &expr, const mp_integer &offset_bytes, const typet &target_type_raw, const namespacet &ns)
Definition pointer_offset_size.cpp:565
pointer_offset_bits
std::optional< mp_integer > pointer_offset_bits(const typet &type, const namespacet &ns)
Definition pointer_offset_size.cpp:102
member_offset
std::optional< mp_integer > member_offset(const struct_typet &type, const irep_idt &member, const namespacet &ns)
Definition pointer_offset_size.cpp:25
member_offset_expr
std::optional< exprt > member_offset_expr(const member_exprt &member_expr, const namespacet &ns)
Definition pointer_offset_size.cpp:222
pointer_offset_size.h
Pointer Logic.
pointer_offset_sum
exprt pointer_offset_sum(const exprt &a, const exprt &b)
Definition pointer_offset_sum.cpp:16
pointer_offset_sum.h
Pointer Dereferencing.
object_size
exprt object_size(const exprt &pointer)
Definition pointer_predicates.cpp:33
from_rational
constant_exprt from_rational(const rationalt &a)
Definition rational_tools.cpp:89
rational_tools.h
replace_expr
bool replace_expr(const exprt &what, const exprt &by, exprt &dest)
Definition replace_expr.cpp:12
simplify
bool simplify(exprt &expr, const namespacet &ns)
Definition simplify_expr.cpp:3369
simplify_string_compare_to
static simplify_exprt::resultt simplify_string_compare_to(const function_application_exprt &expr, const namespacet &ns)
Simplify String.compareTo function when arguments are constant.
Definition simplify_expr.cpp:327
simplify_string_contains
static simplify_exprt::resultt simplify_string_contains(const function_application_exprt &expr, const namespacet &ns)
Simplify String.contains function when arguments are constant.
Definition simplify_expr.cpp:257
simplify_string_endswith
static simplify_exprt::resultt simplify_string_endswith(const function_application_exprt &expr, const namespacet &ns)
Simplify String.endsWith function when arguments are constant.
Definition simplify_expr.cpp:229
simplify_string_char_at
static simplify_exprt::resultt simplify_string_char_at(const function_application_exprt &expr, const namespacet &ns)
Simplify String.charAt function when arguments are constant.
Definition simplify_expr.cpp:521
simplify_string_startswith
static simplify_exprt::resultt simplify_string_startswith(const function_application_exprt &expr, const namespacet &ns)
Simplify String.startsWith function when arguments are constant.
Definition simplify_expr.cpp:634
simplify_string_is_empty
static simplify_exprt::resultt simplify_string_is_empty(const function_application_exprt &expr, const namespacet &ns)
Simplify String.isEmpty function when arguments are constant.
Definition simplify_expr.cpp:302
lower_case_string_expression
static bool lower_case_string_expression(array_exprt &string_data)
Take the passed-in constant string array and lower-case every character.
Definition simplify_expr.cpp:561
simplify_string_index_of
static simplify_exprt::resultt simplify_string_index_of(const function_application_exprt &expr, const namespacet &ns, const bool search_from_end)
Simplify String.indexOf function when arguments are constant.
Definition simplify_expr.cpp:376
simplify_string_equals_ignore_case
static simplify_exprt::resultt simplify_string_equals_ignore_case(const function_application_exprt &expr, const namespacet &ns)
Simplify String.equalsIgnorecase function when arguments are constant.
Definition simplify_expr.cpp:589
simplify_expr
exprt simplify_expr(exprt src, const namespacet &ns)
Definition simplify_expr.cpp:3374
simplify_expr.h
simplify_expr_class.h
bits2expr
std::optional< exprt > bits2expr(const std::string &bits, const typet &type, bool little_endian, const namespacet &ns)
Definition simplify_utils.cpp:196
expr2bits
std::optional< std::string > expr2bits(const exprt &expr, bool little_endian, const namespacet &ns)
Definition simplify_utils.cpp:414
try_get_string_data_array
std::optional< std::reference_wrapper< const array_exprt > > try_get_string_data_array(const exprt &content, const namespacet &ns)
Get char sequence from content field of a refined string expression.
Definition simplify_utils.cpp:489
join_operands
bool join_operands(exprt &expr)
Definition simplify_utils.cpp:191
simplify_utils.h
mp_integer
BigInt mp_integer
Definition smt_terms.h:17
CHECK_RETURN
#define CHECK_RETURN(CONDITION)
Definition invariant.h:495
UNREACHABLE
#define UNREACHABLE
This should be used to mark dead code.
Definition invariant.h:525
DATA_INVARIANT
#define DATA_INVARIANT(CONDITION, REASON)
This condition should be used to document that assumptions that are made on goto_functions,...
Definition invariant.h:534
POSTCONDITION_WITH_DIAGNOSTICS
#define POSTCONDITION_WITH_DIAGNOSTICS(CONDITION,...)
Definition invariant.h:480
component
auto component(T &struct_expr, const irep_idt &name, const namespacet &ns) -> decltype(struct_expr.op0())
Definition std_expr.cpp:291
std_expr.h
API to expression classes.
to_struct_expr
const struct_exprt & to_struct_expr(const exprt &expr)
Cast an exprt to a struct_exprt.
Definition std_expr.h:1900
to_array_of_expr
const array_of_exprt & to_array_of_expr(const exprt &expr)
Cast an exprt to an array_of_exprt.
Definition std_expr.h:1603
to_binary_relation_expr
const binary_relation_exprt & to_binary_relation_expr(const exprt &expr)
Cast an exprt to a binary_relation_exprt.
Definition std_expr.h:895
to_unary_plus_expr
const unary_plus_exprt & to_unary_plus_expr(const exprt &expr)
Cast an exprt to a unary_plus_exprt.
Definition std_expr.h:556
to_index_expr
const index_exprt & to_index_expr(const exprt &expr)
Cast an exprt to an index_exprt.
Definition std_expr.h:1538
to_mod_expr
const mod_exprt & to_mod_expr(const exprt &expr)
Cast an exprt to a mod_exprt.
Definition std_expr.h:1277
to_mult_expr
const mult_exprt & to_mult_expr(const exprt &expr)
Cast an exprt to a mult_exprt.
Definition std_expr.h:1137
to_array_expr
const array_exprt & to_array_expr(const exprt &expr)
Cast an exprt to an array_exprt.
Definition std_expr.h:1665
to_typecast_expr
const typecast_exprt & to_typecast_expr(const exprt &expr)
Cast an exprt to a typecast_exprt.
Definition std_expr.h:2107
to_div_expr
const div_exprt & to_div_expr(const exprt &expr)
Cast an exprt to a div_exprt.
Definition std_expr.h:1206
to_plus_expr
const plus_exprt & to_plus_expr(const exprt &expr)
Cast an exprt to a plus_exprt.
Definition std_expr.h:1041
to_unary_expr
const unary_exprt & to_unary_expr(const exprt &expr)
Cast an exprt to a unary_exprt.
Definition std_expr.h:426
to_multi_ary_expr
const multi_ary_exprt & to_multi_ary_expr(const exprt &expr)
Cast an exprt to a multi_ary_exprt.
Definition std_expr.h:987
to_abs_expr
const abs_exprt & to_abs_expr(const exprt &expr)
Cast an exprt to a abs_exprt.
Definition std_expr.h:466
to_if_expr
const if_exprt & to_if_expr(const exprt &expr)
Cast an exprt to an if_exprt.
Definition std_expr.h:2582
to_member_expr
const member_exprt & to_member_expr(const exprt &expr)
Cast an exprt to a member_exprt.
Definition std_expr.h:3064
to_minus_expr
const minus_exprt & to_minus_expr(const exprt &expr)
Cast an exprt to a minus_exprt.
Definition std_expr.h:1086
to_complex_imag_expr
const complex_imag_exprt & to_complex_imag_expr(const exprt &expr)
Cast an exprt to a complex_imag_exprt.
Definition std_expr.h:2053
to_index_designator
const index_designatort & to_index_designator(const exprt &expr)
Cast an exprt to an index_designatort.
Definition std_expr.h:2714
to_complex_real_expr
const complex_real_exprt & to_complex_real_expr(const exprt &expr)
Cast an exprt to a complex_real_exprt.
Definition std_expr.h:2010
to_constant_expr
const constant_exprt & to_constant_expr(const exprt &expr)
Cast an exprt to a constant_exprt.
Definition std_expr.h:3189
to_not_expr
const not_exprt & to_not_expr(const exprt &expr)
Cast an exprt to an not_exprt.
Definition std_expr.h:2484
to_symbol_expr
const symbol_exprt & to_symbol_expr(const exprt &expr)
Cast an exprt to a symbol_exprt.
Definition std_expr.h:272
to_with_expr
const with_exprt & to_with_expr(const exprt &expr)
Cast an exprt to a with_exprt.
Definition std_expr.h:2661
to_complex_expr
const complex_exprt & to_complex_expr(const exprt &expr)
Cast an exprt to a complex_exprt.
Definition std_expr.h:1965
to_update_expr
const update_exprt & to_update_expr(const exprt &expr)
Cast an exprt to an update_exprt.
Definition std_expr.h:2866
to_unary_minus_expr
const unary_minus_exprt & to_unary_minus_expr(const exprt &expr)
Cast an exprt to a unary_minus_exprt.
Definition std_expr.h:514
to_sign_expr
const sign_exprt & to_sign_expr(const exprt &expr)
Cast an exprt to a sign_exprt.
Definition std_expr.h:621
is_constant
bool is_constant(const typet &type)
This method tests, if the given typet is a constant.
Definition std_types.h:29
to_struct_type
const struct_typet & to_struct_type(const typet &type)
Cast a typet to a struct_typet.
Definition std_types.h:308
to_struct_tag_type
const struct_tag_typet & to_struct_tag_type(const typet &type)
Cast a typet to a struct_tag_typet.
Definition std_types.h:518
to_array_type
const array_typet & to_array_type(const typet &type)
Cast a typet to an array_typet.
Definition std_types.h:888
string_expr.h
String expressions for the string solver.
to_string_expr
refined_string_exprt & to_string_expr(exprt &expr)
Definition string_expr.h:151
configt::ansi_ct::endiannesst::IS_BIG_ENDIAN
@ IS_BIG_ENDIAN
configt::ansi_ct::endiannesst::IS_LITTLE_ENDIAN
@ IS_LITTLE_ENDIAN
irep_full_eq
Definition irep.h:487
irep_full_hash
Definition irep.h:478
simplify_exprt::resultt
Definition simplify_expr_class.h:108
failed
static bool failed(bool error_indicator)
Definition symtab2gb_parse_options.cpp:41
to_type_with_subtype
const type_with_subtypet & to_type_with_subtype(const typet &type)
Definition type.h:208
size_type
#define size_type
Definition unistd.c:186