CBMC
Loading...
Searching...
No Matches
simplify_expr.cpp
Go to the documentation of this file.
1/*******************************************************************\
2
3Module:
4
5Author: Daniel Kroening, kroening@kroening.com
6
7\*******************************************************************/
8
9#include "simplify_expr.h"
10
11#include <algorithm>
12
13#include "bitvector_expr.h"
14#include "byte_operators.h"
15#include "c_types.h"
16#include "config.h"
17#include "expr_util.h"
18#include "fixedbv.h"
19#include "floatbv_expr.h"
20#include "invariant.h"
21#include "mathematical_expr.h"
22#include "namespace.h"
23#include "pointer_expr.h"
24#include "pointer_offset_size.h"
25#include "pointer_offset_sum.h"
26#include "rational.h"
27#include "rational_tools.h"
28#include "simplify_utils.h"
29#include "std_expr.h"
30#include "string_expr.h"
31
32// #define DEBUGX
33
34#ifdef DEBUGX
35#include "format_expr.h"
36#include <iostream>
37#endif
38
39#include "simplify_expr_class.h"
40
41// #define USE_CACHE
42
43#ifdef USE_CACHE
44struct simplify_expr_cachet
45{
46public:
47 #if 1
48 typedef std::unordered_map<
49 exprt, exprt, irep_full_hash, irep_full_eq> containert;
50 #else
51 typedef std::unordered_map<exprt, exprt, irep_hash> containert;
52 #endif
53
54 containert container_normal;
55
56 containert &container()
57 {
58 return container_normal;
59 }
60};
61
62simplify_expr_cachet simplify_expr_cache;
63#endif
64
65simplify_exprt::resultt<> simplify_exprt::simplify_abs(const abs_exprt &expr)
66{
67 if(expr.op().is_constant())
68 {
69 const typet &type = to_unary_expr(expr).op().type();
70
71 if(type.id()==ID_floatbv)
72 {
73 ieee_float_valuet value(to_constant_expr(to_unary_expr(expr).op()));
74 value.set_sign(false);
75 return value.to_expr();
76 }
77 else if(type.id()==ID_signedbv ||
78 type.id()==ID_unsignedbv)
79 {
80 auto value = numeric_cast<mp_integer>(to_unary_expr(expr).op());
81 if(value.has_value())
82 {
83 if(*value >= 0)
84 {
85 return to_unary_expr(expr).op();
86 }
87 else
88 {
89 value->negate();
90 return from_integer(*value, type);
91 }
92 }
93 }
94 }
95
96 return unchanged(expr);
97}
98
99simplify_exprt::resultt<> simplify_exprt::simplify_sign(const sign_exprt &expr)
100{
101 if(expr.op().is_constant())
102 {
103 const typet &type = expr.op().type();
104
105 if(type.id()==ID_floatbv)
106 {
107 ieee_float_valuet value(to_constant_expr(expr.op()));
108 return make_boolean_expr(value.get_sign());
109 }
110 else if(type.id()==ID_signedbv ||
111 type.id()==ID_unsignedbv)
112 {
113 const auto value = numeric_cast<mp_integer>(expr.op());
114 if(value.has_value())
115 {
116 return make_boolean_expr(*value >= 0);
117 }
118 }
119 }
120
121 return unchanged(expr);
122}
123
124simplify_exprt::resultt<>
125simplify_exprt::simplify_popcount(const popcount_exprt &expr)
126{
127 const exprt &op = expr.op();
128
129 if(op.is_constant())
130 {
131 const typet &op_type = op.type();
132
133 if(op_type.id() == ID_signedbv || op_type.id() == ID_unsignedbv)
134 {
135 const auto width = to_bitvector_type(op_type).get_width();
136 const auto &value = to_constant_expr(op).get_value();
137 std::size_t result = 0;
138
139 for(std::size_t i = 0; i < width; i++)
140 if(get_bvrep_bit(value, width, i))
141 result++;
142
143 return from_integer(result, expr.type());
144 }
145 }
146
147 return unchanged(expr);
148}
149
150simplify_exprt::resultt<>
151simplify_exprt::simplify_clz(const count_leading_zeros_exprt &expr)
152{
153 const bool is_little_endian =
154 config.ansi_c.endianness == configt::ansi_ct::endiannesst::IS_LITTLE_ENDIAN;
155
156 const auto const_bits_opt = expr2bits(expr.op(), is_little_endian, ns);
157
158 if(!const_bits_opt.has_value())
159 return unchanged(expr);
160
161 std::size_t n_leading_zeros =
162 is_little_endian ? const_bits_opt->rfind('1') : const_bits_opt->find('1');
163 if(n_leading_zeros == std::string::npos)
164 {
165 if(!expr.zero_permitted())
166 return unchanged(expr);
167
168 n_leading_zeros = const_bits_opt->size();
169 }
170 else if(is_little_endian)
171 n_leading_zeros = const_bits_opt->size() - n_leading_zeros - 1;
172
173 return from_integer(n_leading_zeros, expr.type());
174}
175
176simplify_exprt::resultt<>
177simplify_exprt::simplify_ctz(const count_trailing_zeros_exprt &expr)
178{
179 const bool is_little_endian =
180 config.ansi_c.endianness == configt::ansi_ct::endiannesst::IS_LITTLE_ENDIAN;
181
182 const auto const_bits_opt = expr2bits(expr.op(), is_little_endian, ns);
183
184 if(!const_bits_opt.has_value())
185 return unchanged(expr);
186
187 std::size_t n_trailing_zeros =
188 is_little_endian ? const_bits_opt->find('1') : const_bits_opt->rfind('1');
189 if(n_trailing_zeros == std::string::npos)
190 {
191 if(!expr.zero_permitted())
192 return unchanged(expr);
193
194 n_trailing_zeros = const_bits_opt->size();
195 }
196 else if(!is_little_endian)
197 n_trailing_zeros = const_bits_opt->size() - n_trailing_zeros - 1;
198
199 return from_integer(n_trailing_zeros, expr.type());
200}
201
202simplify_exprt::resultt<>
203simplify_exprt::simplify_ffs(const find_first_set_exprt &expr)
204{
205 const bool is_little_endian =
206 config.ansi_c.endianness == configt::ansi_ct::endiannesst::IS_LITTLE_ENDIAN;
207
208 const auto const_bits_opt = expr2bits(expr.op(), is_little_endian, ns);
209
210 if(!const_bits_opt.has_value())
211 return unchanged(expr);
212
213 std::size_t first_one_bit =
214 is_little_endian ? const_bits_opt->find('1') : const_bits_opt->rfind('1');
215 if(first_one_bit == std::string::npos)
216 first_one_bit = 0;
217 else if(is_little_endian)
218 ++first_one_bit;
219 else
220 first_one_bit = const_bits_opt->size() - first_one_bit;
221
222 return from_integer(first_one_bit, expr.type());
223}
224
229static simplify_exprt::resultt<> simplify_string_endswith(
230 const function_application_exprt &expr,
231 const namespacet &ns)
232{
233 const refined_string_exprt &s1 = to_string_expr(expr.arguments().at(0));
234 const auto s1_data_opt = try_get_string_data_array(s1.content(), ns);
235
236 if(!s1_data_opt)
237 return simplify_exprt::unchanged(expr);
238
239 const array_exprt &s1_data = s1_data_opt->get();
240 const refined_string_exprt &s2 = to_string_expr(expr.arguments().at(1));
241 const auto s2_data_opt = try_get_string_data_array(s2.content(), ns);
242
243 if(!s2_data_opt)
244 return simplify_exprt::unchanged(expr);
245
246 const array_exprt &s2_data = s2_data_opt->get();
247 const bool res = s2_data.operands().size() <= s1_data.operands().size() &&
248 std::equal(
249 s2_data.operands().rbegin(),
250 s2_data.operands().rend(),
251 s1_data.operands().rbegin());
252
253 return from_integer(res ? 1 : 0, expr.type());
254}
255
257static simplify_exprt::resultt<> simplify_string_contains(
258 const function_application_exprt &expr,
259 const namespacet &ns)
260{
261 // We want to get both arguments of any starts-with comparison, and
262 // trace them back to the actual string instance. All variables on the
263 // way must be constant for us to be sure this will work.
264 auto &first_argument = to_string_expr(expr.arguments().at(0));
265 auto &second_argument = to_string_expr(expr.arguments().at(1));
266
267 const auto first_value_opt =
268 try_get_string_data_array(first_argument.content(), ns);
269
270 if(!first_value_opt)
271 {
272 return simplify_exprt::unchanged(expr);
273 }
274
275 const array_exprt &first_value = first_value_opt->get();
276
277 const auto second_value_opt =
278 try_get_string_data_array(second_argument.content(), ns);
279
280 if(!second_value_opt)
281 {
282 return simplify_exprt::unchanged(expr);
283 }
284
285 const array_exprt &second_value = second_value_opt->get();
286
287 // Is our 'contains' array directly contained in our target.
288 const bool includes =
289 std::search(
290 first_value.operands().begin(),
291 first_value.operands().end(),
292 second_value.operands().begin(),
293 second_value.operands().end()) != first_value.operands().end();
294
295 return from_integer(includes ? 1 : 0, expr.type());
296}
297
302static simplify_exprt::resultt<> simplify_string_is_empty(
303 const function_application_exprt &expr,
304 const namespacet &ns)
305{
306 const function_application_exprt &function_app =
307 to_function_application_expr(expr);
308 const refined_string_exprt &s =
309 to_string_expr(function_app.arguments().at(0));
310
311 if(!s.length().is_constant())
312 return simplify_exprt::unchanged(expr);
313
314 const auto numeric_length =
315 numeric_cast_v<mp_integer>(to_constant_expr(s.length()));
316
317 return from_integer(numeric_length == 0 ? 1 : 0, expr.type());
318}
319
327static simplify_exprt::resultt<> simplify_string_compare_to(
328 const function_application_exprt &expr,
329 const namespacet &ns)
330{
331 const refined_string_exprt &s1 = to_string_expr(expr.arguments().at(0));
332 const auto s1_data_opt = try_get_string_data_array(s1.content(), ns);
333
334 if(!s1_data_opt)
335 return simplify_exprt::unchanged(expr);
336
337 const refined_string_exprt &s2 = to_string_expr(expr.arguments().at(1));
338 const auto s2_data_opt = try_get_string_data_array(s2.content(), ns);
339
340 if(!s2_data_opt)
341 return simplify_exprt::unchanged(expr);
342
343 const array_exprt &s1_data = s1_data_opt->get();
344 const array_exprt &s2_data = s2_data_opt->get();
345
346 if(s1_data.operands() == s2_data.operands())
347 return from_integer(0, expr.type());
348
349 const mp_integer s1_size = s1_data.operands().size();
350 const mp_integer s2_size = s2_data.operands().size();
351 const bool first_shorter = s1_size < s2_size;
352 const exprt::operandst &ops1 =
353 first_shorter ? s1_data.operands() : s2_data.operands();
354 const exprt::operandst &ops2 =
355 first_shorter ? s2_data.operands() : s1_data.operands();
356 auto it_pair = std::mismatch(ops1.begin(), ops1.end(), ops2.begin());
357
358 if(it_pair.first == ops1.end())
359 return from_integer(s1_size - s2_size, expr.type());
360
361 const mp_integer char1 =
362 numeric_cast_v<mp_integer>(to_constant_expr(*it_pair.first));
363 const mp_integer char2 =
364 numeric_cast_v<mp_integer>(to_constant_expr(*it_pair.second));
365
366 return from_integer(
367 first_shorter ? char1 - char2 : char2 - char1, expr.type());
368}
369
376static simplify_exprt::resultt<> simplify_string_index_of(
377 const function_application_exprt &expr,
378 const namespacet &ns,
379 const bool search_from_end)
380{
381 std::size_t starting_index = 0;
382
383 // Determine starting index for the comparison (if given)
384 if(expr.arguments().size() == 3)
385 {
386 auto &starting_index_expr = expr.arguments().at(2);
387
388 if(!starting_index_expr.is_constant())
389 {
390 return simplify_exprt::unchanged(expr);
391 }
392
393 const mp_integer idx =
394 numeric_cast_v<mp_integer>(to_constant_expr(starting_index_expr));
395
396 // Negative indices are treated like 0
397 if(idx > 0)
398 {
399 starting_index = numeric_cast_v<std::size_t>(idx);
400 }
401 }
402
403 const refined_string_exprt &s1 = to_string_expr(expr.arguments().at(0));
404
405 const auto s1_data_opt = try_get_string_data_array(s1.content(), ns);
406
407 if(!s1_data_opt)
408 {
409 return simplify_exprt::unchanged(expr);
410 }
411
412 const array_exprt &s1_data = s1_data_opt->get();
413
414 const auto search_string_size = s1_data.operands().size();
415 if(starting_index >= search_string_size)
416 {
417 return from_integer(-1, expr.type());
418 }
419
420 unsigned long starting_offset =
421 starting_index > 0 ? (search_string_size - 1) - starting_index : 0;
422 if(can_cast_expr<refined_string_exprt>(expr.arguments().at(1)))
423 {
424 // Second argument is a string
425
426 const refined_string_exprt &s2 = to_string_expr(expr.arguments().at(1));
427
428 const auto s2_data_opt = try_get_string_data_array(s2.content(), ns);
429
430 if(!s2_data_opt)
431 {
432 return simplify_exprt::unchanged(expr);
433 }
434
435 const array_exprt &s2_data = s2_data_opt->get();
436
437 // Searching for empty string is a special case and is simply the
438 // "always found at the first searched position. This needs to take into
439 // account starting position and if you're starting from the beginning or
440 // end.
441 if(s2_data.operands().empty())
442 return from_integer(
443 search_from_end
444 ? starting_index > 0 ? starting_index : search_string_size
445 : 0,
446 expr.type());
447
448 if(search_from_end)
449 {
450 auto end = std::prev(s1_data.operands().end(), starting_offset);
451 auto it = std::find_end(
452 s1_data.operands().begin(),
453 end,
454 s2_data.operands().begin(),
455 s2_data.operands().end());
456 if(it != end)
457 return from_integer(
458 std::distance(s1_data.operands().begin(), it), expr.type());
459 }
460 else
461 {
462 auto it = std::search(
463 std::next(s1_data.operands().begin(), starting_index),
464 s1_data.operands().end(),
465 s2_data.operands().begin(),
466 s2_data.operands().end());
467
468 if(it != s1_data.operands().end())
469 return from_integer(
470 std::distance(s1_data.operands().begin(), it), expr.type());
471 }
472 }
473 else if(expr.arguments().at(1).is_constant())
474 {
475 // Second argument is a constant character
476
477 const constant_exprt &c1 = to_constant_expr(expr.arguments().at(1));
478 const auto c1_val = numeric_cast_v<mp_integer>(c1);
479
480 auto pred = [&](const exprt &c2) {
481 const auto c2_val = numeric_cast_v<mp_integer>(to_constant_expr(c2));
482
483 return c1_val == c2_val;
484 };
485
486 if(search_from_end)
487 {
488 auto it = std::find_if(
489 std::next(s1_data.operands().rbegin(), starting_offset),
490 s1_data.operands().rend(),
491 pred);
492 if(it != s1_data.operands().rend())
493 return from_integer(
494 std::distance(s1_data.operands().begin(), it.base() - 1),
495 expr.type());
496 }
497 else
498 {
499 auto it = std::find_if(
500 std::next(s1_data.operands().begin(), starting_index),
501 s1_data.operands().end(),
502 pred);
503 if(it != s1_data.operands().end())
504 return from_integer(
505 std::distance(s1_data.operands().begin(), it), expr.type());
506 }
507 }
508 else
509 {
510 return simplify_exprt::unchanged(expr);
511 }
512
513 return from_integer(-1, expr.type());
514}
515
521static simplify_exprt::resultt<> simplify_string_char_at(
522 const function_application_exprt &expr,
523 const namespacet &ns)
524{
525 if(!expr.arguments().at(1).is_constant())
526 {
527 return simplify_exprt::unchanged(expr);
528 }
529
530 const auto &index = to_constant_expr(expr.arguments().at(1));
531
532 const refined_string_exprt &s = to_string_expr(expr.arguments().at(0));
533
534 const auto char_seq_opt = try_get_string_data_array(s.content(), ns);
535
536 if(!char_seq_opt)
537 {
538 return simplify_exprt::unchanged(expr);
539 }
540
541 const array_exprt &char_seq = char_seq_opt->get();
542
543 const auto i_opt = numeric_cast<std::size_t>(index);
544
545 if(!i_opt || *i_opt >= char_seq.operands().size())
546 {
547 return simplify_exprt::unchanged(expr);
548 }
549
550 const auto &c = to_constant_expr(char_seq.operands().at(*i_opt));
551
552 if(c.type() != expr.type())
553 {
554 return simplify_exprt::unchanged(expr);
555 }
556
557 return c;
558}
559
561static bool lower_case_string_expression(array_exprt &string_data)
562{
563 auto &operands = string_data.operands();
564 for(auto &operand : operands)
565 {
566 auto &constant_value = to_constant_expr(operand);
567 auto character = numeric_cast_v<unsigned int>(constant_value);
568
569 // Can't guarantee matches against non-ASCII characters.
570 if(character >= 128)
571 return false;
572
573 if(isalpha(character))
574 {
575 if(isupper(character))
576 constant_value =
577 from_integer(tolower(character), constant_value.type());
578 }
579 }
580
581 return true;
582}
583
589static simplify_exprt::resultt<> simplify_string_equals_ignore_case(
590 const function_application_exprt &expr,
591 const namespacet &ns)
592{
593 // We want to get both arguments of any starts-with comparison, and
594 // trace them back to the actual string instance. All variables on the
595 // way must be constant for us to be sure this will work.
596 auto &first_argument = to_string_expr(expr.arguments().at(0));
597 auto &second_argument = to_string_expr(expr.arguments().at(1));
598
599 const auto first_value_opt =
600 try_get_string_data_array(first_argument.content(), ns);
601
602 if(!first_value_opt)
603 {
604 return simplify_exprt::unchanged(expr);
605 }
606
607 array_exprt first_value = first_value_opt->get();
608
609 const auto second_value_opt =
610 try_get_string_data_array(second_argument.content(), ns);
611
612 if(!second_value_opt)
613 {
614 return simplify_exprt::unchanged(expr);
615 }
616
617 array_exprt second_value = second_value_opt->get();
618
619 // Just lower-case both expressions.
620 if(
621 !lower_case_string_expression(first_value) ||
622 !lower_case_string_expression(second_value))
623 return simplify_exprt::unchanged(expr);
624
625 bool is_equal = first_value == second_value;
626 return from_integer(is_equal ? 1 : 0, expr.type());
627}
628
634static simplify_exprt::resultt<> simplify_string_startswith(
635 const function_application_exprt &expr,
636 const namespacet &ns)
637{
638 // We want to get both arguments of any starts-with comparison, and
639 // trace them back to the actual string instance. All variables on the
640 // way must be constant for us to be sure this will work.
641 auto &first_argument = to_string_expr(expr.arguments().at(0));
642 auto &second_argument = to_string_expr(expr.arguments().at(1));
643
644 const auto first_value_opt =
645 try_get_string_data_array(first_argument.content(), ns);
646
647 if(!first_value_opt)
648 {
649 return simplify_exprt::unchanged(expr);
650 }
651
652 const array_exprt &first_value = first_value_opt->get();
653
654 const auto second_value_opt =
655 try_get_string_data_array(second_argument.content(), ns);
656
657 if(!second_value_opt)
658 {
659 return simplify_exprt::unchanged(expr);
660 }
661
662 const array_exprt &second_value = second_value_opt->get();
663
664 mp_integer offset_int = 0;
665 if(expr.arguments().size() == 3)
666 {
667 auto &offset = expr.arguments()[2];
668 if(!offset.is_constant())
669 return simplify_exprt::unchanged(expr);
670 offset_int = numeric_cast_v<mp_integer>(to_constant_expr(offset));
671 }
672
673 // test whether second_value is a prefix of first_value
674 bool is_prefix =
675 offset_int >= 0 && mp_integer(first_value.operands().size()) >=
676 offset_int + second_value.operands().size();
677 if(is_prefix)
678 {
679 exprt::operandst::const_iterator second_it =
680 second_value.operands().begin();
681 for(const auto &first_op : first_value.operands())
682 {
683 if(offset_int > 0)
684 --offset_int;
685 else if(second_it == second_value.operands().end())
686 break;
687 else if(first_op != *second_it)
688 {
689 is_prefix = false;
690 break;
691 }
692 else
693 ++second_it;
694 }
695 }
696
697 return from_integer(is_prefix ? 1 : 0, expr.type());
698}
699
700simplify_exprt::resultt<> simplify_exprt::simplify_function_application(
701 const function_application_exprt &expr)
702{
703 if(expr.function().id() == ID_lambda)
704 {
705 // expand the function application
706 return to_lambda_expr(expr.function()).application(expr.arguments());
707 }
708
709 if(expr.function().id() != ID_symbol)
710 return unchanged(expr);
711
712 const irep_idt &func_id = to_symbol_expr(expr.function()).get_identifier();
713
714 // String.startsWith() is used to implement String.equals() in the models
715 // library
716 if(func_id == ID_cprover_string_startswith_func)
717 {
718 return simplify_string_startswith(expr, ns);
719 }
720 else if(func_id == ID_cprover_string_endswith_func)
721 {
722 return simplify_string_endswith(expr, ns);
723 }
724 else if(func_id == ID_cprover_string_is_empty_func)
725 {
726 return simplify_string_is_empty(expr, ns);
727 }
728 else if(func_id == ID_cprover_string_compare_to_func)
729 {
730 return simplify_string_compare_to(expr, ns);
731 }
732 else if(func_id == ID_cprover_string_index_of_func)
733 {
734 return simplify_string_index_of(expr, ns, false);
735 }
736 else if(func_id == ID_cprover_string_char_at_func)
737 {
738 return simplify_string_char_at(expr, ns);
739 }
740 else if(func_id == ID_cprover_string_contains_func)
741 {
742 return simplify_string_contains(expr, ns);
743 }
744 else if(func_id == ID_cprover_string_last_index_of_func)
745 {
746 return simplify_string_index_of(expr, ns, true);
747 }
748 else if(func_id == ID_cprover_string_equals_ignore_case_func)
749 {
750 return simplify_string_equals_ignore_case(expr, ns);
751 }
752
753 return unchanged(expr);
754}
755
756simplify_exprt::resultt<>
757simplify_exprt::simplify_typecast(const typecast_exprt &expr)
758{
759 const typet &expr_type = expr.type();
760 const typet &op_type = expr.op().type();
761
762 // eliminate casts of infinity
763 if(expr.op().id() == ID_infinity)
764 {
765 typet new_type=expr.type();
766 exprt tmp = expr.op();
767 tmp.type()=new_type;
768 return std::move(tmp);
769 }
770
771 // casts from NULL to any integer
772 if(
773 op_type.id() == ID_pointer && expr.op().is_constant() &&
774 to_constant_expr(expr.op()).get_value() == ID_NULL &&
775 (expr_type.id() == ID_unsignedbv || expr_type.id() == ID_signedbv) &&
776 config.ansi_c.NULL_is_zero)
777 {
778 return from_integer(0, expr_type);
779 }
780
781 // casts from pointer to integer
782 // where width of integer >= width of pointer
783 // (void*)(intX)expr -> (void*)expr
784 if(
785 expr_type.id() == ID_pointer && expr.op().id() == ID_typecast &&
786 (op_type.id() == ID_signedbv || op_type.id() == ID_unsignedbv ||
787 op_type.id() == ID_bv) &&
788 to_bitvector_type(op_type).get_width() >=
789 to_bitvector_type(expr_type).get_width())
790 {
791 auto new_expr = expr;
792 new_expr.op() = to_typecast_expr(expr.op()).op();
793 return changed(simplify_typecast(new_expr)); // rec. call
794 }
795
796 // eliminate redundant typecasts
797 if(expr.type() == expr.op().type())
798 {
799 return expr.op();
800 }
801
802 // eliminate casts to proper bool
803 if(expr_type.id()==ID_bool)
804 {
805 // rewrite (bool)x to x!=0
806 binary_relation_exprt inequality(
807 expr.op(),
808 op_type.id() == ID_floatbv ? ID_ieee_float_notequal : ID_notequal,
809 from_integer(0, op_type));
810 inequality.add_source_location()=expr.source_location();
811 return changed(simplify_node(inequality));
812 }
813
814 // eliminate casts from proper bool
815 if(
816 op_type.id() == ID_bool &&
817 (expr_type.id() == ID_signedbv || expr_type.id() == ID_unsignedbv ||
818 expr_type.id() == ID_c_bool || expr_type.id() == ID_c_bit_field))
819 {
820 // rewrite (T)(bool) to bool?1:0
821 auto one = from_integer(1, expr_type);
822 auto zero = from_integer(0, expr_type);
823 return changed(simplify_if_preorder(
824 if_exprt{expr.op(), std::move(one), std::move(zero)}));
825 }
826
827 // circular casts through types shorter than `int`
828 // we use fixed bit widths as this is specifically for the Java bytecode
829 // front-end
830 if(op_type == signedbv_typet(32) && expr.op().id() == ID_typecast)
831 {
832 if(expr_type==c_bool_typet(8) ||
833 expr_type==signedbv_typet(8) ||
834 expr_type==signedbv_typet(16) ||
835 expr_type==unsignedbv_typet(16))
836 {
837 // We checked that the id was ID_typecast in the enclosing `if`
838 const auto &typecast = expr_checked_cast<typecast_exprt>(expr.op());
839 if(typecast.op().type()==expr_type)
840 {
841 return typecast.op();
842 }
843 }
844 }
845
846 // eliminate casts to _Bool
847 if(expr_type.id()==ID_c_bool &&
848 op_type.id()!=ID_bool)
849 {
850 // rewrite (_Bool)x to (_Bool)(x!=0)
851 exprt inequality = is_not_zero(expr.op(), ns);
852 auto new_expr = expr;
853 new_expr.op() = simplify_node(std::move(inequality));
854 return changed(simplify_typecast(new_expr)); // recursive call
855 }
856
857 // eliminate typecasts from NULL
858 if(
859 expr_type.id() == ID_pointer && expr.op().is_constant() &&
860 (to_constant_expr(expr.op()).get_value() == ID_NULL ||
861 (expr.op().is_zero() && config.ansi_c.NULL_is_zero)))
862 {
863 exprt tmp = expr.op();
864 tmp.type()=expr.type();
865 to_constant_expr(tmp).set_value(ID_NULL);
866 return std::move(tmp);
867 }
868
869 // eliminate duplicate pointer typecasts
870 // (T1 *)(T2 *)x -> (T1 *)x
871 if(
872 expr_type.id() == ID_pointer && expr.op().id() == ID_typecast &&
873 op_type.id() == ID_pointer)
874 {
875 auto new_expr = expr;
876 new_expr.op() = to_typecast_expr(expr.op()).op();
877 return changed(simplify_typecast(new_expr)); // recursive call
878 }
879
880 // casts from integer to pointer and back:
881 // (int)(void *)int -> (int)(size_t)int
882 if(
883 (expr_type.id() == ID_signedbv || expr_type.id() == ID_unsignedbv) &&
884 expr.op().id() == ID_typecast && expr.op().operands().size() == 1 &&
885 op_type.id() == ID_pointer)
886 {
887 auto inner_cast = to_typecast_expr(expr.op());
888 inner_cast.type() = size_type();
889
890 auto outer_cast = expr;
891 outer_cast.op() = simplify_typecast(inner_cast); // rec. call
892 return changed(simplify_typecast(outer_cast)); // rec. call
893 }
894
895 // mildly more elaborate version of the above:
896 // (int)((T*)0 + int) -> (int)(sizeof(T)*(size_t)int) if NULL is zero
897 if(
898 config.ansi_c.NULL_is_zero &&
899 (expr_type.id() == ID_signedbv || expr_type.id() == ID_unsignedbv) &&
900 op_type.id() == ID_pointer && expr.op().id() == ID_plus &&
901 expr.op().operands().size() == 2)
902 {
903 const auto &op_plus_expr = to_plus_expr(expr.op());
904
905 if(
906 (op_plus_expr.op0().id() == ID_typecast &&
907 to_typecast_expr(op_plus_expr.op0()).op().is_zero()) ||
908 (op_plus_expr.op0().is_constant() &&
909 to_constant_expr(op_plus_expr.op0()).is_null_pointer()))
910 {
911 auto sub_size =
912 pointer_offset_size(to_pointer_type(op_type).base_type(), ns);
913 if(sub_size.has_value())
914 {
915 auto new_expr = expr;
916 exprt offset_expr =
917 simplify_typecast(typecast_exprt(op_plus_expr.op1(), size_type()));
918
919 // void*
920 if(*sub_size == 0 || *sub_size == 1)
921 new_expr.op() = offset_expr;
922 else
923 {
924 new_expr.op() = simplify_mult(
925 mult_exprt(from_integer(*sub_size, size_type()), offset_expr));
926 }
927
928 return changed(simplify_typecast(new_expr)); // rec. call
929 }
930 }
931 }
932
933 // Push a numerical typecast into various integer operations, i.e.,
934 // (T)(x OP y) ---> (T)x OP (T)y
935 //
936 // Doesn't work for many, e.g., pointer difference, floating-point,
937 // division, modulo.
938 // Many operations fail if the width of T
939 // is bigger than that of (x OP y). This includes ID_bitnot and
940 // anything that might overflow, e.g., ID_plus.
941 //
942 if((expr_type.id()==ID_signedbv || expr_type.id()==ID_unsignedbv) &&
943 (op_type.id()==ID_signedbv || op_type.id()==ID_unsignedbv))
944 {
945 bool enlarge=
946 to_bitvector_type(expr_type).get_width()>
947 to_bitvector_type(op_type).get_width();
948
949 if(!enlarge)
950 {
951 irep_idt op_id = expr.op().id();
952
953 if(
954 op_id == ID_plus || op_id == ID_minus || op_id == ID_mult ||
955 op_id == ID_unary_minus || op_id == ID_bitxor || op_id == ID_bitxnor ||
956 op_id == ID_bitor || op_id == ID_bitand)
957 {
958 exprt result = expr.op();
959
960 if(
961 result.operands().size() >= 1 &&
962 to_multi_ary_expr(result).op0().type() == result.type())
963 {
964 result.type()=expr.type();
965
966 Forall_operands(it, result)
967 {
968 auto new_operand = typecast_exprt(*it, expr.type());
969 *it = simplify_typecast(new_operand); // recursive call
970 }
971
972 return changed(simplify_node(result)); // possibly recursive call
973 }
974 }
975 else if(op_id==ID_ashr || op_id==ID_lshr || op_id==ID_shl)
976 {
977 }
978 }
979 }
980
981 // Push a numerical typecast into pointer arithmetic
982 // (T)(ptr + int) ---> (T)((size_t)ptr + sizeof(subtype)*(size_t)int)
983 //
984 if(
985 (expr_type.id() == ID_signedbv || expr_type.id() == ID_unsignedbv) &&
986 op_type.id() == ID_pointer && expr.op().id() == ID_plus)
987 {
988 const auto step =
989 pointer_offset_size(to_pointer_type(op_type).base_type(), ns);
990
991 if(step.has_value() && *step != 0)
992 {
993 const typet size_t_type(size_type());
994 auto new_expr = expr;
995
996 new_expr.op().type() = size_t_type;
997
998 for(auto &op : new_expr.op().operands())
999 {
1000 exprt new_op = simplify_typecast(typecast_exprt(op, size_t_type));
1001 if(op.type().id() != ID_pointer && *step > 1)
1002 {
1003 new_op =
1004 simplify_mult(mult_exprt(from_integer(*step, size_t_type), new_op));
1005 }
1006 op = std::move(new_op);
1007 }
1008
1009 new_expr.op() = simplify_plus(to_plus_expr(new_expr.op()));
1010
1011 return changed(simplify_typecast(new_expr)); // recursive call
1012 }
1013 }
1014
1015 const irep_idt &expr_type_id=expr_type.id();
1016 const exprt &operand = expr.op();
1017 const irep_idt &op_type_id=op_type.id();
1018
1019 if(operand.is_constant())
1020 {
1021 const irep_idt &value=to_constant_expr(operand).get_value();
1022
1023 // preserve the sizeof type annotation
1024 typet c_sizeof_type=
1025 static_cast<const typet &>(operand.find(ID_C_c_sizeof_type));
1026
1027 if(op_type_id==ID_integer ||
1028 op_type_id==ID_natural)
1029 {
1030 // from integer to ...
1031
1032 mp_integer int_value=string2integer(id2string(value));
1033
1034 if(expr_type_id==ID_bool)
1035 {
1036 return make_boolean_expr(int_value != 0);
1037 }
1038
1039 if(
1040 expr_type_id == ID_unsignedbv || expr_type_id == ID_signedbv ||
1041 expr_type_id == ID_c_enum || expr_type_id == ID_c_bit_field ||
1042 expr_type_id == ID_integer || expr_type_id == ID_natural ||
1043 expr_type_id == ID_rational || expr_type_id == ID_real)
1044 {
1045 return from_integer(int_value, expr_type);
1046 }
1047 else if(expr_type_id == ID_c_enum_tag)
1048 {
1049 const auto &c_enum_type = ns.follow_tag(to_c_enum_tag_type(expr_type));
1050 if(!c_enum_type.is_incomplete()) // possibly incomplete
1051 {
1052 exprt tmp = from_integer(int_value, c_enum_type);
1053 tmp.type() = expr_type; // we maintain the tag type
1054 return std::move(tmp);
1055 }
1056 }
1057 }
1058 else if(op_type_id==ID_rational)
1059 {
1060 }
1061 else if(op_type_id==ID_real)
1062 {
1063 }
1064 else if(op_type_id==ID_bool)
1065 {
1066 if(expr_type_id==ID_unsignedbv ||
1067 expr_type_id==ID_signedbv ||
1068 expr_type_id==ID_integer ||
1069 expr_type_id==ID_natural ||
1070 expr_type_id==ID_rational ||
1071 expr_type_id==ID_c_bool ||
1072 expr_type_id==ID_c_enum ||
1073 expr_type_id==ID_c_bit_field)
1074 {
1075 if(operand.is_true())
1076 {
1077 return from_integer(1, expr_type);
1078 }
1079 else if(operand.is_false())
1080 {
1081 return from_integer(0, expr_type);
1082 }
1083 }
1084 else if(expr_type_id==ID_c_enum_tag)
1085 {
1086 const auto &c_enum_type = ns.follow_tag(to_c_enum_tag_type(expr_type));
1087 if(!c_enum_type.is_incomplete()) // possibly incomplete
1088 {
1089 unsigned int_value = operand.is_true() ? 1u : 0u;
1090 exprt tmp=from_integer(int_value, c_enum_type);
1091 tmp.type()=expr_type; // we maintain the tag type
1092 return std::move(tmp);
1093 }
1094 }
1095 else if(expr_type_id==ID_pointer &&
1096 operand.is_false() &&
1097 config.ansi_c.NULL_is_zero)
1098 {
1099 return null_pointer_exprt(to_pointer_type(expr_type));
1100 }
1101 }
1102 else if(op_type_id==ID_unsignedbv ||
1103 op_type_id==ID_signedbv ||
1104 op_type_id==ID_c_bit_field ||
1105 op_type_id==ID_c_bool)
1106 {
1107 mp_integer int_value;
1108
1109 if(to_integer(to_constant_expr(operand), int_value))
1110 return unchanged(expr);
1111
1112 if(expr_type_id==ID_bool)
1113 {
1114 return make_boolean_expr(int_value != 0);
1115 }
1116
1117 if(expr_type_id==ID_c_bool)
1118 {
1119 return from_integer(int_value != 0, expr_type);
1120 }
1121
1122 if(expr_type_id==ID_integer)
1123 {
1124 return from_integer(int_value, expr_type);
1125 }
1126
1127 if(expr_type_id==ID_natural)
1128 {
1129 if(int_value>=0)
1130 {
1131 return from_integer(int_value, expr_type);
1132 }
1133 }
1134
1135 if(expr_type_id==ID_unsignedbv ||
1136 expr_type_id==ID_signedbv ||
1137 expr_type_id==ID_bv ||
1138 expr_type_id==ID_c_bit_field)
1139 {
1140 auto result = from_integer(int_value, expr_type);
1141
1142 if(c_sizeof_type.is_not_nil())
1143 result.set(ID_C_c_sizeof_type, c_sizeof_type);
1144
1145 return std::move(result);
1146 }
1147
1148 if(expr_type_id==ID_c_enum_tag)
1149 {
1150 const auto &c_enum_type = ns.follow_tag(to_c_enum_tag_type(expr_type));
1151 if(!c_enum_type.is_incomplete()) // possibly incomplete
1152 {
1153 exprt tmp=from_integer(int_value, c_enum_type);
1154 tmp.type()=expr_type; // we maintain the tag type
1155 return std::move(tmp);
1156 }
1157 }
1158
1159 if(expr_type_id==ID_c_enum)
1160 {
1161 return from_integer(int_value, expr_type);
1162 }
1163
1164 if(expr_type_id==ID_fixedbv)
1165 {
1166 // int to float
1167 const fixedbv_typet &f_expr_type=
1168 to_fixedbv_type(expr_type);
1169
1170 fixedbvt f;
1171 f.spec=fixedbv_spect(f_expr_type);
1172 f.from_integer(int_value);
1173 return f.to_expr();
1174 }
1175
1176 if(expr_type_id==ID_floatbv)
1177 {
1178 // int to float
1179 const floatbv_typet &f_expr_type=
1180 to_floatbv_type(expr_type);
1181
1182 auto rm = ieee_floatt::rounding_modet::ROUND_TO_EVEN;
1183 ieee_floatt f(f_expr_type, rm);
1184 f.from_integer(int_value);
1185
1186 return f.to_expr();
1187 }
1188
1189 if(expr_type_id==ID_rational)
1190 {
1191 rationalt r(int_value);
1192 return from_rational(r);
1193 }
1194
1195 if(expr_type_id == ID_real)
1196 {
1197 return from_integer(int_value, expr_type);
1198 }
1199 }
1200 else if(op_type_id==ID_fixedbv)
1201 {
1202 if(expr_type_id==ID_unsignedbv ||
1203 expr_type_id==ID_signedbv)
1204 {
1205 // cast from fixedbv to int
1206 fixedbvt f(to_constant_expr(expr.op()));
1207 return from_integer(f.to_integer(), expr_type);
1208 }
1209 else if(expr_type_id==ID_fixedbv)
1210 {
1211 // fixedbv to fixedbv
1212 fixedbvt f(to_constant_expr(expr.op()));
1213 f.round(fixedbv_spect(to_fixedbv_type(expr_type)));
1214 return f.to_expr();
1215 }
1216 else if(expr_type_id == ID_bv)
1217 {
1218 fixedbvt f{to_constant_expr(expr.op())};
1219 return from_integer(f.get_value(), expr_type);
1220 }
1221 }
1222 else if(op_type_id==ID_floatbv)
1223 {
1224 ieee_floatt f(
1225 to_constant_expr(expr.op()),
1226 ieee_floatt::rounding_modet::ROUND_TO_EVEN);
1227
1228 if(expr_type_id==ID_unsignedbv ||
1229 expr_type_id==ID_signedbv)
1230 {
1231 // cast from float to int
1232 return from_integer(f.to_integer(), expr_type);
1233 }
1234 else if(expr_type_id==ID_floatbv)
1235 {
1236 // float to double or double to float
1237 f.change_spec(ieee_float_spect(to_floatbv_type(expr_type)));
1238 return f.to_expr();
1239 }
1240 else if(expr_type_id==ID_fixedbv)
1241 {
1242 fixedbvt fixedbv;
1243 fixedbv.spec=fixedbv_spect(to_fixedbv_type(expr_type));
1244 ieee_floatt factor(f.spec, ieee_floatt::rounding_modet::ROUND_TO_EVEN);
1245 factor.from_integer(power(2, fixedbv.spec.get_fraction_bits()));
1246 f*=factor;
1247 fixedbv.set_value(f.to_integer());
1248 return fixedbv.to_expr();
1249 }
1250 else if(expr_type_id == ID_bv)
1251 {
1252 return from_integer(f.pack(), expr_type);
1253 }
1254 }
1255 else if(op_type_id==ID_bv)
1256 {
1257 if(
1258 expr_type_id == ID_unsignedbv || expr_type_id == ID_signedbv ||
1259 expr_type_id == ID_c_enum || expr_type_id == ID_c_enum_tag ||
1260 expr_type_id == ID_c_bit_field)
1261 {
1262 const auto width = to_bv_type(op_type).get_width();
1263 const auto int_value = bvrep2integer(value, width, false);
1264 if(expr_type_id != ID_c_enum_tag)
1265 return from_integer(int_value, expr_type);
1266 else
1267 {
1268 c_enum_tag_typet tag_type = to_c_enum_tag_type(expr_type);
1269 auto result = from_integer(int_value, ns.follow_tag(tag_type));
1270 result.type() = tag_type;
1271 return std::move(result);
1272 }
1273 }
1274 else if(expr_type_id == ID_floatbv)
1275 {
1276 const auto width = to_bv_type(op_type).get_width();
1277 const auto int_value = bvrep2integer(value, width, false);
1278 ieee_float_valuet ieee_float{to_floatbv_type(expr_type)};
1279 ieee_float.unpack(int_value);
1280 return ieee_float.to_expr();
1281 }
1282 else if(expr_type_id == ID_fixedbv)
1283 {
1284 const auto width = to_bv_type(op_type).get_width();
1285 const auto int_value = bvrep2integer(value, width, false);
1286 fixedbvt fixedbv{fixedbv_spect{to_fixedbv_type(expr_type)}};
1287 fixedbv.set_value(int_value);
1288 return fixedbv.to_expr();
1289 }
1290 }
1291 else if(op_type_id==ID_c_enum_tag) // enum to int
1292 {
1293 const typet &base_type =
1294 ns.follow_tag(to_c_enum_tag_type(op_type)).underlying_type();
1295 if(base_type.id()==ID_signedbv || base_type.id()==ID_unsignedbv)
1296 {
1297 // enum constants use the representation of their base type
1298 auto new_expr = expr;
1299 new_expr.op().type() = base_type;
1300 return changed(simplify_typecast(new_expr)); // recursive call
1301 }
1302 }
1303 else if(op_type_id==ID_c_enum) // enum to int
1304 {
1305 const typet &base_type = to_c_enum_type(op_type).underlying_type();
1306 if(base_type.id()==ID_signedbv || base_type.id()==ID_unsignedbv)
1307 {
1308 // enum constants use the representation of their base type
1309 auto new_expr = expr;
1310 new_expr.op().type() = base_type;
1311 return changed(simplify_typecast(new_expr)); // recursive call
1312 }
1313 }
1314 }
1315 else if(operand.id()==ID_typecast) // typecast of typecast
1316 {
1317 // (T1)(T2)x ---> (T1)
1318 // where T1 has fewer bits than T2
1319 if(
1320 op_type_id == expr_type_id &&
1321 (expr_type_id == ID_unsignedbv || expr_type_id == ID_signedbv ||
1322 expr_type_id == ID_bv) &&
1323 to_bitvector_type(expr_type).get_width() <=
1324 to_bitvector_type(operand.type()).get_width())
1325 {
1326 auto new_expr = expr;
1327 new_expr.op() = to_typecast_expr(operand).op();
1328 // might enable further simplification
1329 return changed(simplify_typecast(new_expr)); // recursive call
1330 }
1331 }
1332 else if(operand.id()==ID_address_of)
1333 {
1334 const exprt &o=to_address_of_expr(operand).object();
1335
1336 // turn &array into &array[0] when casting to pointer-to-element-type
1337 if(
1338 o.type().id() == ID_array &&
1339 expr_type == pointer_type(to_array_type(o.type()).element_type()))
1340 {
1341 auto result =
1342 address_of_exprt(index_exprt(o, from_integer(0, size_type())));
1343
1344 return changed(simplify_address_of(result)); // recursive call
1345 }
1346 }
1347 else if(auto extractbits = expr_try_dynamic_cast<extractbits_exprt>(operand))
1348 {
1349 if(
1350 expr_type_id != ID_floatbv && expr_type_id != ID_pointer &&
1351 can_cast_type<bitvector_typet>(expr_type) &&
1352 can_cast_type<bitvector_typet>(operand.type()) &&
1353 to_bitvector_type(expr_type).get_width() ==
1354 to_bitvector_type(operand.type()).get_width())
1355 {
1356 extractbits_exprt result = *extractbits;
1357 result.type() = expr_type;
1358 return changed(simplify_extractbits(result));
1359 }
1360 }
1361
1362 return unchanged(expr);
1363}
1364
1365simplify_exprt::resultt<>
1366simplify_exprt::simplify_typecast_preorder(const typecast_exprt &expr)
1367{
1368 const typet &expr_type = expr.type();
1369 const typet &op_type = expr.op().type();
1370
1371 // (T)(a?b:c) --> a?(T)b:(T)c; don't do this for floating-point type casts as
1372 // the type cast itself may be costly
1373 if(
1374 expr.op().id() == ID_if && expr_type.id() != ID_floatbv &&
1375 op_type.id() != ID_floatbv)
1376 {
1377 if_exprt if_expr = lift_if(expr, 0);
1378 return changed(simplify_if_preorder(if_expr));
1379 }
1380 else
1381 {
1382 auto r_it = simplify_rec(expr.op()); // recursive call
1383 if(r_it.has_changed())
1384 {
1385 auto tmp = expr;
1386 tmp.op() = r_it.expr;
1387 return tmp;
1388 }
1389 }
1390
1391 return unchanged(expr);
1392}
1393
1394simplify_exprt::resultt<>
1395simplify_exprt::simplify_dereference(const dereference_exprt &expr)
1396{
1397 const exprt &pointer = expr.pointer();
1398
1399 if(pointer.type().id()!=ID_pointer)
1400 return unchanged(expr);
1401
1402 if(pointer.id()==ID_address_of)
1403 {
1404 exprt tmp=to_address_of_expr(pointer).object();
1405 // one address_of is gone, try again
1406 return changed(simplify_rec(tmp));
1407 }
1408 // rewrite *(&a[0] + x) to a[x]
1409 else if(
1410 pointer.id() == ID_plus && pointer.operands().size() == 2 &&
1411 to_plus_expr(pointer).op0().id() == ID_address_of)
1412 {
1413 const auto &pointer_plus_expr = to_plus_expr(pointer);
1414
1415 const address_of_exprt &address_of =
1416 to_address_of_expr(pointer_plus_expr.op0());
1417
1418 if(address_of.object().id()==ID_index)
1419 {
1420 const index_exprt &old=to_index_expr(address_of.object());
1421 if(old.array().type().id() == ID_array)
1422 {
1423 index_exprt idx(
1424 old.array(),
1425 pointer_offset_sum(old.index(), pointer_plus_expr.op1()),
1426 to_array_type(old.array().type()).element_type());
1427 return changed(simplify_rec(idx));
1428 }
1429 }
1430 }
1431
1432 return unchanged(expr);
1433}
1434
1435simplify_exprt::resultt<>
1436simplify_exprt::simplify_dereference_preorder(const dereference_exprt &expr)
1437{
1438 const exprt &pointer = expr.pointer();
1439
1440 if(pointer.id() == ID_if)
1441 {
1442 if_exprt if_expr = lift_if(expr, 0);
1443 return changed(simplify_if_preorder(if_expr));
1444 }
1445 else
1446 {
1447 auto r_it = simplify_rec(pointer); // recursive call
1448 if(r_it.has_changed())
1449 {
1450 auto tmp = expr;
1451 tmp.pointer() = r_it.expr;
1452 return tmp;
1453 }
1454 }
1455
1456 return unchanged(expr);
1457}
1458
1459simplify_exprt::resultt<>
1460simplify_exprt::simplify_lambda(const lambda_exprt &expr)
1461{
1462 return unchanged(expr);
1463}
1464
1465simplify_exprt::resultt<> simplify_exprt::simplify_with(const with_exprt &expr)
1466{
1467 // now look at first operand
1468
1469 if(
1470 expr.old().type().id() == ID_struct ||
1471 expr.old().type().id() == ID_struct_tag)
1472 {
1473 if(expr.old().id() == ID_struct || expr.old().is_constant())
1474 {
1475 const irep_idt &component_name = expr.where().get(ID_component_name);
1476
1477 const struct_typet &old_type_followed =
1478 expr.old().type().id() == ID_struct_tag
1479 ? ns.follow_tag(to_struct_tag_type(expr.old().type()))
1480 : to_struct_type(expr.old().type());
1481 if(!old_type_followed.has_component(component_name))
1482 return unchanged(expr);
1483
1484 std::size_t number = old_type_followed.component_number(component_name);
1485
1486 if(number >= expr.old().operands().size())
1487 return unchanged(expr);
1488
1489 exprt result = expr.old();
1490 result.operands()[number] = expr.new_value();
1491 return result;
1492 }
1493 }
1494 else if(
1495 expr.old().type().id() == ID_array || expr.old().type().id() == ID_vector)
1496 {
1497 if(
1498 expr.old().id() == ID_array || expr.old().is_constant() ||
1499 expr.old().id() == ID_vector)
1500 {
1501 const auto i = numeric_cast<mp_integer>(expr.where());
1502
1503 if(i.has_value() && *i >= 0 && *i < expr.old().operands().size())
1504 {
1505 exprt result = expr.old();
1506 result.operands()[numeric_cast_v<std::size_t>(*i)] = expr.new_value();
1507 return result;
1508 }
1509 }
1510 }
1511
1512 return unchanged(expr);
1513}
1514
1515simplify_exprt::resultt<>
1516simplify_exprt::simplify_update(const update_exprt &expr)
1517{
1518 // this is to push updates into (possibly nested) constants
1519
1520 const exprt::operandst &designator = expr.designator();
1521
1522 exprt updated_value = expr.old();
1523 exprt *value_ptr=&updated_value;
1524
1525 for(const auto &e : designator)
1526 {
1527 if(e.id()==ID_index_designator &&
1528 value_ptr->id()==ID_array)
1529 {
1530 const auto i = numeric_cast<mp_integer>(to_index_designator(e).index());
1531
1532 if(!i.has_value())
1533 return unchanged(expr);
1534
1535 if(*i < 0 || *i >= value_ptr->operands().size())
1536 return unchanged(expr);
1537
1538 value_ptr = &value_ptr->operands()[numeric_cast_v<std::size_t>(*i)];
1539 }
1540 else if(e.id()==ID_member_designator &&
1541 value_ptr->id()==ID_struct)
1542 {
1543 const irep_idt &component_name=
1544 e.get(ID_component_name);
1545 const struct_typet &value_ptr_struct_type =
1546 value_ptr->type().id() == ID_struct_tag
1547 ? ns.follow_tag(to_struct_tag_type(value_ptr->type()))
1548 : to_struct_type(value_ptr->type());
1549 if(!value_ptr_struct_type.has_component(component_name))
1550 return unchanged(expr);
1551 auto &designator_as_struct_expr = to_struct_expr(*value_ptr);
1552 value_ptr = &designator_as_struct_expr.component(component_name, ns);
1553 CHECK_RETURN(value_ptr->is_not_nil());
1554 }
1555 else
1556 return unchanged(expr); // give up, unknown designator
1557 }
1558
1559 // found, done
1560 *value_ptr = expr.new_value();
1561 return updated_value;
1562}
1563
1564simplify_exprt::resultt<> simplify_exprt::simplify_object(const exprt &expr)
1565{
1566 if(expr.id()==ID_plus)
1567 {
1568 if(expr.type().id()==ID_pointer)
1569 {
1570 // kill integers from sum
1571 for(auto &op : expr.operands())
1572 if(op.type().id() == ID_pointer)
1573 return changed(simplify_object(op)); // recursive call
1574 }
1575 }
1576 else if(expr.id()==ID_typecast)
1577 {
1578 auto const &typecast_expr = to_typecast_expr(expr);
1579 const typet &op_type = typecast_expr.op().type();
1580
1581 if(op_type.id()==ID_pointer)
1582 {
1583 // cast from pointer to pointer
1584 return changed(simplify_object(typecast_expr.op())); // recursive call
1585 }
1586 else if(op_type.id()==ID_signedbv || op_type.id()==ID_unsignedbv)
1587 {
1588 // cast from integer to pointer
1589
1590 // We do a bit of special treatment for (TYPE *)(a+(int)&o) and
1591 // (TYPE *)(a+(int)((T*)&o+x)), which are re-written to '&o'.
1592
1593 const exprt &casted_expr = typecast_expr.op();
1594 if(casted_expr.id() == ID_plus && casted_expr.operands().size() == 2)
1595 {
1596 const auto &plus_expr = to_plus_expr(casted_expr);
1597
1598 const exprt &cand = plus_expr.op0().id() == ID_typecast
1599 ? plus_expr.op0()
1600 : plus_expr.op1();
1601
1602 if(cand.id() == ID_typecast)
1603 {
1604 const auto &typecast_op = to_typecast_expr(cand).op();
1605
1606 if(typecast_op.id() == ID_address_of)
1607 {
1608 return typecast_op;
1609 }
1610 else if(
1611 typecast_op.id() == ID_plus && typecast_op.operands().size() == 2 &&
1612 to_plus_expr(typecast_op).op0().id() == ID_typecast &&
1613 to_typecast_expr(to_plus_expr(typecast_op).op0()).op().id() ==
1614 ID_address_of)
1615 {
1616 return to_typecast_expr(to_plus_expr(typecast_op).op0()).op();
1617 }
1618 }
1619 }
1620 }
1621 }
1622 else if(expr.id()==ID_address_of)
1623 {
1624 const auto &object = to_address_of_expr(expr).object();
1625
1626 if(object.id() == ID_index)
1627 {
1628 // &some[i] -> &some
1629 address_of_exprt new_expr(to_index_expr(object).array());
1630 return changed(simplify_object(new_expr)); // recursion
1631 }
1632 else if(object.id() == ID_member)
1633 {
1634 // &some.f -> &some
1635 address_of_exprt new_expr(to_member_expr(object).compound());
1636 return changed(simplify_object(new_expr)); // recursion
1637 }
1638 }
1639
1640 return unchanged(expr);
1641}
1642
1643simplify_exprt::resultt<>
1644simplify_exprt::simplify_byte_extract(const byte_extract_exprt &expr)
1645{
1646 // lift up any ID_if on the object
1647 if(expr.op().id() == ID_if)
1648 {
1649 if_exprt if_expr = lift_if(expr, 0);
1650 if_expr.true_case() =
1651 simplify_byte_extract(to_byte_extract_expr(if_expr.true_case()));
1652 if_expr.false_case() =
1653 simplify_byte_extract(to_byte_extract_expr(if_expr.false_case()));
1654 return changed(simplify_if(if_expr));
1655 }
1656
1657 const auto el_size = pointer_offset_bits(expr.type(), ns);
1658 if(el_size.has_value() && *el_size < 0)
1659 return unchanged(expr);
1660
1661 // byte_extract(byte_extract(root, offset1), offset2) =>
1662 // byte_extract(root, offset1+offset2)
1663 if(expr.op().id()==expr.id())
1664 {
1665 auto tmp = expr;
1666
1667 tmp.offset() = simplify_rec(plus_exprt(
1668 typecast_exprt::conditional_cast(
1669 to_byte_extract_expr(expr.op()).offset(), expr.offset().type()),
1670 expr.offset()));
1671 tmp.op() = to_byte_extract_expr(expr.op()).op();
1672
1673 return changed(simplify_byte_extract(tmp)); // recursive call
1674 }
1675
1676 // byte_extract(byte_update(root, offset, value), offset) =>
1677 // value
1678 if(
1679 ((expr.id() == ID_byte_extract_big_endian &&
1680 expr.op().id() == ID_byte_update_big_endian) ||
1681 (expr.id() == ID_byte_extract_little_endian &&
1682 expr.op().id() == ID_byte_update_little_endian)) &&
1683 expr.offset() == to_byte_update_expr(as_const(expr).op()).offset())
1684 {
1685 const auto &op_byte_update = to_byte_update_expr(expr.op());
1686
1687 if(expr.type() == op_byte_update.value().type())
1688 {
1689 return op_byte_update.value();
1690 }
1691 else if(el_size.has_value())
1692 {
1693 const auto update_bits_opt =
1694 pointer_offset_bits(op_byte_update.value().type(), ns);
1695
1696 if(update_bits_opt.has_value() && *el_size <= *update_bits_opt)
1697 {
1698 auto tmp = expr;
1699 tmp.op() = op_byte_update.value();
1700 tmp.offset() = from_integer(0, expr.offset().type());
1701
1702 return changed(simplify_byte_extract(tmp)); // recursive call
1703 }
1704 }
1705 }
1706
1707 auto offset = numeric_cast<mp_integer>(expr.offset());
1708 if(offset.has_value() && *offset < 0)
1709 return unchanged(expr);
1710
1711 // try to simplify byte_extract(byte_update(...))
1712 auto const bu = expr_try_dynamic_cast<byte_update_exprt>(expr.op());
1713 std::optional<mp_integer> update_offset;
1714 if(bu)
1715 update_offset = numeric_cast<mp_integer>(bu->offset());
1716 if(
1717 offset.has_value() && bu && el_size.has_value() &&
1718 update_offset.has_value())
1719 {
1720 // byte_extract(byte_update(root, offset_u, value), offset_e) so that the
1721 // update does not affect what is being extracted simplifies to
1722 // byte_extract(root, offset_e)
1723 //
1724 // byte_extract(byte_update(root, offset_u, value), offset_e) so that the
1725 // extracted range fully lies within the update value simplifies to
1726 // byte_extract(value, offset_e - offset_u)
1727 if(
1728 *offset * expr.get_bits_per_byte() + *el_size <=
1729 *update_offset * bu->get_bits_per_byte())
1730 {
1731 // extracting before the update
1732 auto tmp = expr;
1733 tmp.op() = bu->op();
1734 return changed(simplify_byte_extract(tmp)); // recursive call
1735 }
1736 else if(
1737 const auto update_size = pointer_offset_bits(bu->value().type(), ns))
1738 {
1739 if(
1740 *offset * expr.get_bits_per_byte() >=
1741 *update_offset * bu->get_bits_per_byte() + *update_size)
1742 {
1743 // extracting after the update
1744 auto tmp = expr;
1745 tmp.op() = bu->op();
1746 return changed(simplify_byte_extract(tmp)); // recursive call
1747 }
1748 else if(
1749 *offset >= *update_offset &&
1750 *offset * expr.get_bits_per_byte() + *el_size <=
1751 *update_offset * bu->get_bits_per_byte() + *update_size)
1752 {
1753 // extracting from the update
1754 auto tmp = expr;
1755 tmp.op() = bu->value();
1756 tmp.offset() =
1757 from_integer(*offset - *update_offset, expr.offset().type());
1758 return changed(simplify_byte_extract(tmp)); // recursive call
1759 }
1760 }
1761 }
1762
1763 // don't do any of the following if endianness doesn't match, as
1764 // bytes need to be swapped
1765 if(
1766 offset.has_value() && *offset == 0 &&
1767 ((expr.id() == ID_byte_extract_little_endian &&
1768 config.ansi_c.endianness ==
1769 configt::ansi_ct::endiannesst::IS_LITTLE_ENDIAN) ||
1770 (expr.id() == ID_byte_extract_big_endian &&
1771 config.ansi_c.endianness ==
1772 configt::ansi_ct::endiannesst::IS_BIG_ENDIAN)))
1773 {
1774 // byte extract of full object is object
1775 if(expr.type() == expr.op().type())
1776 {
1777 return expr.op();
1778 }
1779 else if(
1780 expr.type().id() == ID_pointer && expr.op().type().id() == ID_pointer)
1781 {
1782 return typecast_exprt(expr.op(), expr.type());
1783 }
1784 }
1785
1786 if(
1787 (expr.type().id() == ID_union &&
1788 to_union_type(expr.type()).components().empty()) ||
1789 (expr.type().id() == ID_union_tag &&
1790 ns.follow_tag(to_union_tag_type(expr.type())).components().empty()))
1791 {
1792 return empty_union_exprt{expr.type()};
1793 }
1794 else if(
1795 (expr.type().id() == ID_struct &&
1796 to_struct_type(expr.type()).components().empty()) ||
1797 (expr.type().id() == ID_struct_tag &&
1798 ns.follow_tag(to_struct_tag_type(expr.type())).components().empty()))
1799 {
1800 return struct_exprt{{}, expr.type()};
1801 }
1802
1803 // no proper simplification for expr.type()==void
1804 // or types of unknown size
1805 if(!el_size.has_value() || *el_size == 0)
1806 return unchanged(expr);
1807
1808 if(
1809 offset.has_value() && expr.op().id() == ID_array_of &&
1810 to_array_of_expr(expr.op()).op().is_constant())
1811 {
1812 const auto const_bits_opt = expr2bits(
1813 to_array_of_expr(expr.op()).op(),
1814 config.ansi_c.endianness ==
1815 configt::ansi_ct::endiannesst::IS_LITTLE_ENDIAN,
1816 ns);
1817
1818 if(!const_bits_opt.has_value())
1819 return unchanged(expr);
1820
1821 std::string const_bits=const_bits_opt.value();
1822
1823 DATA_INVARIANT(!const_bits.empty(), "bit representation must be non-empty");
1824
1825 // double the string until we have sufficiently many bits
1826 while(mp_integer(const_bits.size()) <
1827 *offset * expr.get_bits_per_byte() + *el_size)
1828 {
1829 const_bits+=const_bits;
1830 }
1831
1832 std::string el_bits = std::string(
1833 const_bits,
1834 numeric_cast_v<std::size_t>(*offset * expr.get_bits_per_byte()),
1835 numeric_cast_v<std::size_t>(*el_size));
1836
1837 auto tmp = bits2expr(
1838 el_bits, expr.type(), expr.id() == ID_byte_extract_little_endian, ns);
1839
1840 if(tmp.has_value())
1841 return std::move(*tmp);
1842 }
1843
1844 // in some cases we even handle non-const array_of
1845 if(
1846 offset.has_value() && expr.op().id() == ID_array_of &&
1847 (*offset * expr.get_bits_per_byte()) % (*el_size) == 0 &&
1848 *el_size <=
1849 pointer_offset_bits(to_array_of_expr(expr.op()).what().type(), ns))
1850 {
1851 auto tmp = expr;
1852 tmp.op() = simplify_index(index_exprt(expr.op(), expr.offset()));
1853 tmp.offset() = from_integer(0, expr.offset().type());
1854 return changed(simplify_byte_extract(tmp));
1855 }
1856
1857 // extract bits of a constant
1858 const auto bits =
1859 expr2bits(expr.op(), expr.id() == ID_byte_extract_little_endian, ns);
1860
1861 if(
1862 offset.has_value() && bits.has_value() &&
1863 mp_integer(bits->size()) >= *el_size + *offset * expr.get_bits_per_byte())
1864 {
1865 // make sure we don't lose bits with structs containing flexible array
1866 // members
1867 const bool struct_has_flexible_array_member = has_subtype(
1868 expr.type(),
1869 [&](const typet &type) {
1870 if(type.id() != ID_struct && type.id() != ID_struct_tag)
1871 return false;
1872
1873 const struct_typet &st = type.id() == ID_struct_tag
1874 ? ns.follow_tag(to_struct_tag_type(type))
1875 : to_struct_type(type);
1876 const auto &comps = st.components();
1877 if(comps.empty() || comps.back().type().id() != ID_array)
1878 return false;
1879
1880 if(comps.back().type().get_bool(ID_C_flexible_array_member))
1881 return true;
1882
1883 const auto size =
1884 numeric_cast<mp_integer>(to_array_type(comps.back().type()).size());
1885 return !size.has_value() || *size <= 1;
1886 },
1887 ns);
1888 if(!struct_has_flexible_array_member)
1889 {
1890 std::string bits_cut = std::string(
1891 bits.value(),
1892 numeric_cast_v<std::size_t>(*offset * expr.get_bits_per_byte()),
1893 numeric_cast_v<std::size_t>(*el_size));
1894
1895 auto tmp = bits2expr(
1896 bits_cut, expr.type(), expr.id() == ID_byte_extract_little_endian, ns);
1897
1898 if(tmp.has_value())
1899 return std::move(*tmp);
1900 }
1901 }
1902
1903 // push byte extracts into struct or union expressions, just like
1904 // lower_byte_extract does (this is the same code, except recursive calls use
1905 // simplify rather than lower_byte_extract)
1906 if(expr.op().id() == ID_struct || expr.op().id() == ID_union)
1907 {
1908 if(expr.type().id() == ID_struct || expr.type().id() == ID_struct_tag)
1909 {
1910 const struct_typet &struct_type =
1911 expr.type().id() == ID_struct_tag
1912 ? ns.follow_tag(to_struct_tag_type(expr.type()))
1913 : to_struct_type(expr.type());
1914 const struct_typet::componentst &components = struct_type.components();
1915
1916 bool failed = false;
1917 struct_exprt s({}, expr.type());
1918
1919 for(const auto &comp : components)
1920 {
1921 auto component_bits = pointer_offset_bits(comp.type(), ns);
1922
1923 // the next member would be misaligned, abort
1924 if(
1925 !component_bits.has_value() || *component_bits == 0 ||
1926 *component_bits % expr.get_bits_per_byte() != 0)
1927 {
1928 failed = true;
1929 break;
1930 }
1931
1932 auto member_offset_opt =
1933 member_offset_expr(struct_type, comp.get_name(), ns);
1934
1935 if(!member_offset_opt.has_value())
1936 {
1937 failed = true;
1938 break;
1939 }
1940
1941 exprt new_offset = simplify_rec(
1942 plus_exprt{expr.offset(),
1943 typecast_exprt::conditional_cast(
1944 member_offset_opt.value(), expr.offset().type())});
1945
1946 byte_extract_exprt tmp = expr;
1947 tmp.type() = comp.type();
1948 tmp.offset() = new_offset;
1949
1950 s.add_to_operands(simplify_byte_extract(tmp));
1951 }
1952
1953 if(!failed)
1954 return s;
1955 }
1956 else if(expr.type().id() == ID_union || expr.type().id() == ID_union_tag)
1957 {
1958 const union_typet &union_type =
1959 expr.type().id() == ID_union_tag
1960 ? ns.follow_tag(to_union_tag_type(expr.type()))
1961 : to_union_type(expr.type());
1962 auto widest_member_opt = union_type.find_widest_union_component(ns);
1963 if(widest_member_opt.has_value())
1964 {
1965 byte_extract_exprt be = expr;
1966 be.type() = widest_member_opt->first.type();
1967 return union_exprt{widest_member_opt->first.get_name(),
1968 simplify_byte_extract(be),
1969 expr.type()};
1970 }
1971 }
1972 }
1973 else if(expr.op().id() == ID_array)
1974 {
1975 const array_typet &array_type = to_array_type(expr.op().type());
1976 const auto &element_bit_width =
1977 pointer_offset_bits(array_type.element_type(), ns);
1978 if(
1979 offset.has_value() && element_bit_width.has_value() &&
1980 *element_bit_width > 0)
1981 {
1982 if(
1983 *offset > 0 &&
1984 *offset * expr.get_bits_per_byte() % *element_bit_width == 0)
1985 {
1986 const auto elements_to_erase = numeric_cast_v<std::size_t>(
1987 (*offset * expr.get_bits_per_byte()) / *element_bit_width);
1988 array_exprt slice = to_array_expr(expr.op());
1989 slice.operands().erase(
1990 slice.operands().begin(),
1991 slice.operands().begin() +
1992 std::min(elements_to_erase, slice.operands().size()));
1993 slice.type().size() =
1994 from_integer(slice.operands().size(), slice.type().size().type());
1995 byte_extract_exprt be = expr;
1996 be.op() = slice;
1997 be.offset() = from_integer(0, expr.offset().type());
1998 return changed(simplify_byte_extract(be));
1999 }
2000 else if(*offset == 0 && *el_size % *element_bit_width == 0)
2001 {
2002 const auto elements_to_keep =
2003 numeric_cast_v<std::size_t>(*el_size / *element_bit_width);
2004 array_exprt slice = to_array_expr(expr.op());
2005 if(slice.operands().size() > elements_to_keep)
2006 {
2007 slice.operands().resize(elements_to_keep);
2008 slice.type().size() =
2009 from_integer(slice.operands().size(), slice.type().size().type());
2010 byte_extract_exprt be = expr;
2011 be.op() = slice;
2012 return changed(simplify_byte_extract(be));
2013 }
2014 }
2015 }
2016 }
2017
2018 // try to refine it down to extracting from a member or an index in an array
2019 auto subexpr =
2020 get_subexpression_at_offset(expr.op(), expr.offset(), expr.type(), ns);
2021 if(subexpr.has_value() && subexpr.value() != expr)
2022 return changed(simplify_rec(subexpr.value())); // recursive call
2023
2024 if(can_forward_propagatet(ns)(expr))
2025 return changed(simplify_rec(lower_byte_extract(expr, ns)));
2026
2027 return unchanged(expr);
2028}
2029
2030simplify_exprt::resultt<>
2031simplify_exprt::simplify_byte_extract_preorder(const byte_extract_exprt &expr)
2032{
2033 // lift up any ID_if on the object
2034 if(expr.op().id() == ID_if)
2035 {
2036 if_exprt if_expr = lift_if(expr, 0);
2037 return changed(simplify_if_preorder(if_expr));
2038 }
2039 else
2040 {
2041 std::optional<exprt::operandst> new_operands;
2042
2043 for(std::size_t i = 0; i < expr.operands().size(); ++i)
2044 {
2045 auto r_it = simplify_rec(expr.operands()[i]); // recursive call
2046 if(r_it.has_changed())
2047 {
2048 if(!new_operands.has_value())
2049 new_operands = expr.operands();
2050 (*new_operands)[i] = std::move(r_it.expr);
2051 }
2052 }
2053
2054 if(new_operands.has_value())
2055 {
2056 exprt result = expr;
2057 std::swap(result.operands(), *new_operands);
2058 return result;
2059 }
2060 }
2061
2062 return unchanged(expr);
2063}
2064
2065simplify_exprt::resultt<>
2066simplify_exprt::simplify_byte_update(const byte_update_exprt &expr)
2067{
2068 // byte_update(byte_update(root, offset, value), offset, value2) =>
2069 // byte_update(root, offset, value2)
2070 if(
2071 expr.id() == expr.op().id() &&
2072 expr.offset() == to_byte_update_expr(expr.op()).offset() &&
2073 expr.value().type() == to_byte_update_expr(expr.op()).value().type())
2074 {
2075 auto tmp = expr;
2076 tmp.set_op(to_byte_update_expr(expr.op()).op());
2077 return std::move(tmp);
2078 }
2079
2080 const exprt &root = expr.op();
2081 const exprt &offset = expr.offset();
2082 const exprt &value = expr.value();
2083 const auto val_size = pointer_offset_bits(value.type(), ns);
2084 const auto root_size = pointer_offset_bits(root.type(), ns);
2085
2086 const auto matching_byte_extract_id =
2087 expr.id() == ID_byte_update_little_endian ? ID_byte_extract_little_endian
2088 : ID_byte_extract_big_endian;
2089
2090 // byte update of full object is byte_extract(new value)
2091 if(
2092 offset.is_zero() && val_size.has_value() && *val_size > 0 &&
2093 root_size.has_value() && *root_size > 0 && *val_size >= *root_size)
2094 {
2095 byte_extract_exprt be(
2096 matching_byte_extract_id,
2097 value,
2098 offset,
2099 expr.get_bits_per_byte(),
2100 expr.type());
2101
2102 return changed(simplify_byte_extract(be));
2103 }
2104
2105 // update bits in a constant
2106 const auto offset_int = numeric_cast<mp_integer>(offset);
2107 if(
2108 root_size.has_value() && *root_size >= 0 && val_size.has_value() &&
2109 *val_size >= 0 && offset_int.has_value() && *offset_int >= 0 &&
2110 *offset_int * expr.get_bits_per_byte() + *val_size <= *root_size)
2111 {
2112 auto root_bits =
2113 expr2bits(root, expr.id() == ID_byte_update_little_endian, ns);
2114
2115 if(root_bits.has_value())
2116 {
2117 const auto val_bits =
2118 expr2bits(value, expr.id() == ID_byte_update_little_endian, ns);
2119
2120 if(val_bits.has_value())
2121 {
2122 root_bits->replace(
2123 numeric_cast_v<std::size_t>(*offset_int * expr.get_bits_per_byte()),
2124 numeric_cast_v<std::size_t>(*val_size),
2125 *val_bits);
2126
2127 auto tmp = bits2expr(
2128 *root_bits,
2129 expr.type(),
2130 expr.id() == ID_byte_update_little_endian,
2131 ns);
2132
2133 if(tmp.has_value())
2134 return std::move(*tmp);
2135 }
2136 }
2137 }
2138
2139 /*
2140 * byte_update(root, offset,
2141 * extract(root, offset) WITH component:=value)
2142 * =>
2143 * byte_update(root, offset + component offset,
2144 * value)
2145 */
2146
2147 if(value.id()==ID_with)
2148 {
2149 const with_exprt &with=to_with_expr(value);
2150
2151 if(with.old().id() == matching_byte_extract_id)
2152 {
2153 const byte_extract_exprt &extract=to_byte_extract_expr(with.old());
2154
2155 /* the simplification can be used only if
2156 root and offset of update and extract
2157 are the same */
2158 if(!(root==extract.op()))
2159 return unchanged(expr);
2160 if(!(offset==extract.offset()))
2161 return unchanged(expr);
2162
2163 if(with.type().id() == ID_struct || with.type().id() == ID_struct_tag)
2164 {
2165 const struct_typet &struct_type =
2166 with.type().id() == ID_struct_tag
2167 ? ns.follow_tag(to_struct_tag_type(with.type()))
2168 : to_struct_type(with.type());
2169 const irep_idt &component_name=with.where().get(ID_component_name);
2170 const typet &c_type = struct_type.get_component(component_name).type();
2171
2172 // is this a bit field?
2173 if(c_type.id() == ID_c_bit_field || c_type.id() == ID_bool)
2174 {
2175 // don't touch -- might not be byte-aligned
2176 }
2177 else
2178 {
2179 // new offset = offset + component offset
2180 auto i = member_offset(struct_type, component_name, ns);
2181 if(i.has_value())
2182 {
2183 exprt compo_offset = from_integer(*i, offset.type());
2184 plus_exprt new_offset(offset, compo_offset);
2185 exprt new_value(with.new_value());
2186 auto tmp = expr;
2187 tmp.set_offset(simplify_node(std::move(new_offset)));
2188 tmp.set_value(std::move(new_value));
2189 return changed(simplify_byte_update(tmp)); // recursive call
2190 }
2191 }
2192 }
2193 else if(with.type().id() == ID_array)
2194 {
2195 auto i =
2196 pointer_offset_size(to_array_type(with.type()).element_type(), ns);
2197 if(i.has_value())
2198 {
2199 const exprt &index=with.where();
2200 exprt index_offset =
2201 simplify_mult(mult_exprt(index, from_integer(*i, index.type())));
2202
2203 // index_offset may need a typecast
2204 if(offset.type() != index.type())
2205 {
2206 index_offset =
2207 simplify_typecast(typecast_exprt(index_offset, offset.type()));
2208 }
2209
2210 plus_exprt new_offset(offset, index_offset);
2211 exprt new_value(with.new_value());
2212 auto tmp = expr;
2213 tmp.set_offset(simplify_plus(std::move(new_offset)));
2214 tmp.set_value(std::move(new_value));
2215 return changed(simplify_byte_update(tmp)); // recursive call
2216 }
2217 }
2218 }
2219 }
2220
2221 // size must be known
2222 if(!val_size.has_value() || *val_size == 0)
2223 return unchanged(expr);
2224
2225 // byte_update(root, offset, value) is with(root, index, value) when root is
2226 // array-typed, the size of value matches the array-element width, and offset
2227 // is guaranteed to be a multiple of the array-element width
2228 if(auto array_type = type_try_dynamic_cast<array_typet>(root.type()))
2229 {
2230 auto el_size = pointer_offset_bits(array_type->element_type(), ns);
2231
2232 if(el_size.has_value() && *el_size > 0 && *val_size % *el_size == 0)
2233 {
2234 if(
2235 offset_int.has_value() &&
2236 (*offset_int * expr.get_bits_per_byte()) % *el_size == 0)
2237 {
2238 mp_integer base_offset =
2239 (*offset_int * expr.get_bits_per_byte()) / *el_size;
2240 with_exprt result_expr{
2241 root,
2242 from_integer(base_offset, array_type->index_type()),
2243 byte_extract_exprt{
2244 matching_byte_extract_id,
2245 value,
2246 from_integer(0, offset.type()),
2247 expr.get_bits_per_byte(),
2248 array_type->element_type()}};
2249 mp_integer n_elements = *val_size / *el_size;
2250
2251 for(mp_integer i = 1; i < n_elements; ++i)
2252 {
2253 result_expr = with_exprt{
2254 result_expr,
2255 from_integer(base_offset + i, array_type->index_type()),
2256 byte_extract_exprt{
2257 matching_byte_extract_id,
2258 value,
2259 from_integer(
2260 i * (*el_size / expr.get_bits_per_byte()), offset.type()),
2261 expr.get_bits_per_byte(),
2262 array_type->element_type()}};
2263 }
2264
2265 return changed(simplify_rec(result_expr));
2266 }
2267 // if we have an offset C + x (where C is a constant) we can try to
2268 // recurse by first looking at the member at offset C
2269 else if(
2270 offset.id() == ID_plus && offset.operands().size() == 2 &&
2271 (to_multi_ary_expr(offset).op0().is_constant() ||
2272 to_multi_ary_expr(offset).op1().is_constant()))
2273 {
2274 const plus_exprt &offset_plus = to_plus_expr(offset);
2275 const auto &const_factor = offset_plus.op0().is_constant()
2276 ? offset_plus.op0()
2277 : offset_plus.op1();
2278 const exprt &other_factor = offset_plus.op0().is_constant()
2279 ? offset_plus.op1()
2280 : offset_plus.op0();
2281
2282 auto tmp = expr;
2283 tmp.set_offset(const_factor);
2284 exprt expr_at_offset_C = simplify_byte_update(tmp);
2285
2286 if(
2287 expr_at_offset_C.id() == ID_with &&
2288 to_with_expr(expr_at_offset_C).where().is_zero())
2289 {
2290 tmp.set_op(to_with_expr(expr_at_offset_C).old());
2291 tmp.set_offset(other_factor);
2292 return changed(simplify_byte_update(tmp));
2293 }
2294 }
2295 else if(
2296 offset.id() == ID_mult && offset.operands().size() == 2 &&
2297 (to_multi_ary_expr(offset).op0().is_constant() ||
2298 to_multi_ary_expr(offset).op1().is_constant()))
2299 {
2300 const mult_exprt &offset_mult = to_mult_expr(offset);
2301 const auto &const_factor = numeric_cast_v<mp_integer>(to_constant_expr(
2302 offset_mult.op0().is_constant() ? offset_mult.op0()
2303 : offset_mult.op1()));
2304 const exprt &other_factor = offset_mult.op0().is_constant()
2305 ? offset_mult.op1()
2306 : offset_mult.op0();
2307
2308 if((const_factor * expr.get_bits_per_byte()) % *el_size == 0)
2309 {
2310 exprt base_offset = mult_exprt{
2311 other_factor,
2312 from_integer(
2313 (const_factor * expr.get_bits_per_byte()) / *el_size,
2314 other_factor.type())};
2315 with_exprt result_expr{
2316 root,
2317 typecast_exprt::conditional_cast(
2318 base_offset, array_type->index_type()),
2319 byte_extract_exprt{
2320 matching_byte_extract_id,
2321 value,
2322 from_integer(0, offset.type()),
2323 expr.get_bits_per_byte(),
2324 array_type->element_type()}};
2325 mp_integer n_elements = *val_size / *el_size;
2326 for(mp_integer i = 1; i < n_elements; ++i)
2327 {
2328 result_expr = with_exprt{
2329 result_expr,
2330 typecast_exprt::conditional_cast(
2331 plus_exprt{base_offset, from_integer(i, base_offset.type())},
2332 array_type->index_type()),
2333 byte_extract_exprt{
2334 matching_byte_extract_id,
2335 value,
2336 from_integer(
2337 i * (*el_size / expr.get_bits_per_byte()), offset.type()),
2338 expr.get_bits_per_byte(),
2339 array_type->element_type()}};
2340 }
2341 return changed(simplify_rec(result_expr));
2342 }
2343 }
2344 }
2345 }
2346
2347 // the following require a constant offset
2348 if(!offset_int.has_value() || *offset_int < 0)
2349 return unchanged(expr);
2350
2351 // Are we updating (parts of) a struct? Do individual member updates
2352 // instead, unless there are non-byte-sized bit fields
2353 if(root.type().id() == ID_struct || root.type().id() == ID_struct_tag)
2354 {
2355 exprt result_expr;
2356 result_expr.make_nil();
2357
2358 auto update_size = pointer_offset_size(value.type(), ns);
2359
2360 const struct_typet &struct_type =
2361 root.type().id() == ID_struct_tag
2362 ? ns.follow_tag(to_struct_tag_type(root.type()))
2363 : to_struct_type(root.type());
2364 const struct_typet::componentst &components=
2365 struct_type.components();
2366
2367 for(const auto &component : components)
2368 {
2369 auto m_offset = member_offset(struct_type, component.get_name(), ns);
2370
2371 auto m_size_bits = pointer_offset_bits(component.type(), ns);
2372
2373 // can we determine the current offset?
2374 if(!m_offset.has_value())
2375 {
2376 result_expr.make_nil();
2377 break;
2378 }
2379
2380 // is it a byte-sized member?
2381 if(
2382 !m_size_bits.has_value() || *m_size_bits == 0 ||
2383 (*m_size_bits) % expr.get_bits_per_byte() != 0)
2384 {
2385 result_expr.make_nil();
2386 break;
2387 }
2388
2389 mp_integer m_size_bytes = (*m_size_bits) / expr.get_bits_per_byte();
2390
2391 // is that member part of the update?
2392 if(*m_offset + m_size_bytes <= *offset_int)
2393 continue;
2394 // are we done updating?
2395 else if(
2396 update_size.has_value() && *update_size > 0 &&
2397 *m_offset >= *offset_int + *update_size)
2398 {
2399 break;
2400 }
2401
2402 if(result_expr.is_nil())
2403 result_expr = as_const(expr).op();
2404
2405 exprt member_name(ID_member_name);
2406 member_name.set(ID_component_name, component.get_name());
2407 result_expr=with_exprt(result_expr, member_name, nil_exprt());
2408
2409 // are we updating on member boundaries?
2410 if(
2411 *m_offset < *offset_int ||
2412 (*m_offset == *offset_int && update_size.has_value() &&
2413 *update_size > 0 && m_size_bytes > *update_size))
2414 {
2415 byte_update_exprt v(
2416 expr.id(),
2417 member_exprt(root, component.get_name(), component.type()),
2418 from_integer(*offset_int - *m_offset, offset.type()),
2419 value,
2420 expr.get_bits_per_byte());
2421
2422 to_with_expr(result_expr).new_value().swap(v);
2423 }
2424 else if(
2425 update_size.has_value() && *update_size > 0 &&
2426 *m_offset + m_size_bytes > *offset_int + *update_size)
2427 {
2428 // we don't handle this for the moment
2429 result_expr.make_nil();
2430 break;
2431 }
2432 else
2433 {
2434 byte_extract_exprt v(
2435 matching_byte_extract_id,
2436 value,
2437 from_integer(*m_offset - *offset_int, offset.type()),
2438 expr.get_bits_per_byte(),
2439 component.type());
2440
2441 to_with_expr(result_expr).new_value().swap(v);
2442 }
2443 }
2444
2445 if(result_expr.is_not_nil())
2446 return changed(simplify_rec(result_expr));
2447 }
2448
2449 // replace elements of array or struct expressions, possibly using
2450 // byte_extract
2451 if(root.id()==ID_array)
2452 {
2453 auto el_size =
2454 pointer_offset_bits(to_type_with_subtype(root.type()).subtype(), ns);
2455
2456 if(
2457 !el_size.has_value() || *el_size == 0 ||
2458 (*el_size) % expr.get_bits_per_byte() != 0 ||
2459 (*val_size) % expr.get_bits_per_byte() != 0)
2460 {
2461 return unchanged(expr);
2462 }
2463
2464 exprt result=root;
2465
2466 mp_integer m_offset_bits=0, val_offset=0;
2467 Forall_operands(it, result)
2468 {
2469 if(*offset_int * expr.get_bits_per_byte() + (*val_size) <= m_offset_bits)
2470 break;
2471
2472 if(*offset_int * expr.get_bits_per_byte() < m_offset_bits + *el_size)
2473 {
2474 mp_integer bytes_req =
2475 (m_offset_bits + *el_size) / expr.get_bits_per_byte() - *offset_int;
2476 bytes_req-=val_offset;
2477 if(val_offset + bytes_req > (*val_size) / expr.get_bits_per_byte())
2478 bytes_req = (*val_size) / expr.get_bits_per_byte() - val_offset;
2479
2480 byte_extract_exprt new_val(
2481 matching_byte_extract_id,
2482 value,
2483 from_integer(val_offset, offset.type()),
2484 expr.get_bits_per_byte(),
2485 array_typet(
2486 unsignedbv_typet(expr.get_bits_per_byte()),
2487 from_integer(bytes_req, offset.type())));
2488
2489 *it = byte_update_exprt(
2490 expr.id(),
2491 *it,
2492 from_integer(
2493 *offset_int + val_offset - m_offset_bits / expr.get_bits_per_byte(),
2494 offset.type()),
2495 new_val,
2496 expr.get_bits_per_byte());
2497
2498 *it = simplify_rec(*it); // recursive call
2499
2500 val_offset+=bytes_req;
2501 }
2502
2503 m_offset_bits += *el_size;
2504 }
2505
2506 return std::move(result);
2507 }
2508
2509 return unchanged(expr);
2510}
2511
2512simplify_exprt::resultt<>
2513simplify_exprt::simplify_complex(const unary_exprt &expr)
2514{
2515 if(expr.id() == ID_complex_real)
2516 {
2517 auto &complex_real_expr = to_complex_real_expr(expr);
2518
2519 if(complex_real_expr.op().id() == ID_complex)
2520 return to_complex_expr(complex_real_expr.op()).real();
2521 }
2522 else if(expr.id() == ID_complex_imag)
2523 {
2524 auto &complex_imag_expr = to_complex_imag_expr(expr);
2525
2526 if(complex_imag_expr.op().id() == ID_complex)
2527 return to_complex_expr(complex_imag_expr.op()).imag();
2528 }
2529
2530 return unchanged(expr);
2531}
2532
2533simplify_exprt::resultt<>
2534simplify_exprt::simplify_overflow_binary(const binary_overflow_exprt &expr)
2535{
2536 // When one operand is zero, an overflow can only occur for a subtraction from
2537 // zero.
2538 if(
2539 expr.op1().is_zero() ||
2540 (expr.op0().is_zero() && !can_cast_expr<minus_overflow_exprt>(expr)))
2541 {
2542 return false_exprt{};
2543 }
2544
2545 // One is neutral element for multiplication
2546 if(
2547 can_cast_expr<mult_overflow_exprt>(expr) &&
2548 (expr.op0().is_one() || expr.op1().is_one()))
2549 {
2550 return false_exprt{};
2551 }
2552
2553 // we only handle the case of same operand types
2554 if(expr.op0().type() != expr.op1().type())
2555 return unchanged(expr);
2556
2557 // catch some cases over mathematical types
2558 const irep_idt &op_type_id = expr.op0().type().id();
2559 if(
2560 op_type_id == ID_integer || op_type_id == ID_rational ||
2561 op_type_id == ID_real)
2562 {
2563 return false_exprt{};
2564 }
2565
2566 if(op_type_id == ID_natural && !can_cast_expr<minus_overflow_exprt>(expr))
2567 return false_exprt{};
2568
2569 // we only handle constants over signedbv/unsignedbv for the remaining cases
2570 if(op_type_id != ID_signedbv && op_type_id != ID_unsignedbv)
2571 return unchanged(expr);
2572
2573 if(!expr.op0().is_constant() || !expr.op1().is_constant())
2574 return unchanged(expr);
2575
2576 const auto op0_value = numeric_cast<mp_integer>(expr.op0());
2577 const auto op1_value = numeric_cast<mp_integer>(expr.op1());
2578 if(!op0_value.has_value() || !op1_value.has_value())
2579 return unchanged(expr);
2580
2581 mp_integer no_overflow_result;
2582 if(can_cast_expr<plus_overflow_exprt>(expr))
2583 no_overflow_result = *op0_value + *op1_value;
2584 else if(can_cast_expr<minus_overflow_exprt>(expr))
2585 no_overflow_result = *op0_value - *op1_value;
2586 else if(can_cast_expr<mult_overflow_exprt>(expr))
2587 no_overflow_result = *op0_value * *op1_value;
2588 else if(can_cast_expr<shl_overflow_exprt>(expr))
2589 no_overflow_result = *op0_value << *op1_value;
2590 else
2591 UNREACHABLE;
2592
2593 const std::size_t width = to_bitvector_type(expr.op0().type()).get_width();
2594 const integer_bitvector_typet bv_type{op_type_id, width};
2595 if(
2596 no_overflow_result < bv_type.smallest() ||
2597 no_overflow_result > bv_type.largest())
2598 {
2599 return true_exprt{};
2600 }
2601 else
2602 return false_exprt{};
2603}
2604
2605simplify_exprt::resultt<>
2606simplify_exprt::simplify_overflow_unary(const unary_overflow_exprt &expr)
2607{
2608 // zero is a neutral element for all operations supported here
2609 if(expr.op().is_zero())
2610 return false_exprt{};
2611
2612 // catch some cases over mathematical types
2613 const irep_idt &op_type_id = expr.op().type().id();
2614 if(
2615 op_type_id == ID_integer || op_type_id == ID_rational ||
2616 op_type_id == ID_real)
2617 {
2618 return false_exprt{};
2619 }
2620
2621 if(op_type_id == ID_natural)
2622 return true_exprt{};
2623
2624 // we only handle constants over signedbv/unsignedbv for the remaining cases
2625 if(op_type_id != ID_signedbv && op_type_id != ID_unsignedbv)
2626 return unchanged(expr);
2627
2628 if(!expr.op().is_constant())
2629 return unchanged(expr);
2630
2631 const auto op_value = numeric_cast<mp_integer>(expr.op());
2632 if(!op_value.has_value())
2633 return unchanged(expr);
2634
2635 mp_integer no_overflow_result;
2636 if(can_cast_expr<unary_minus_overflow_exprt>(expr))
2637 no_overflow_result = -*op_value;
2638 else
2639 UNREACHABLE;
2640
2641 const std::size_t width = to_bitvector_type(expr.op().type()).get_width();
2642 const integer_bitvector_typet bv_type{op_type_id, width};
2643 if(
2644 no_overflow_result < bv_type.smallest() ||
2645 no_overflow_result > bv_type.largest())
2646 {
2647 return true_exprt{};
2648 }
2649 else
2650 return false_exprt{};
2651}
2652
2653simplify_exprt::resultt<>
2654simplify_exprt::simplify_overflow_result(const overflow_result_exprt &expr)
2655{
2656 if(expr.id() == ID_overflow_result_unary_minus)
2657 {
2658 // zero is a neutral element
2659 if(expr.op0().is_zero())
2660 return struct_exprt{{expr.op0(), false_exprt{}}, expr.type()};
2661
2662 // catch some cases over mathematical types
2663 const irep_idt &op_type_id = expr.op0().type().id();
2664 if(
2665 op_type_id == ID_integer || op_type_id == ID_rational ||
2666 op_type_id == ID_real)
2667 {
2668 return struct_exprt{{expr.op0(), false_exprt{}}, expr.type()};
2669 }
2670
2671 // always an overflow for natural numbers, but the result is not
2672 // representable
2673 if(op_type_id == ID_natural)
2674 return unchanged(expr);
2675
2676 // we only handle constants over signedbv/unsignedbv for the remaining cases
2677 if(op_type_id != ID_signedbv && op_type_id != ID_unsignedbv)
2678 return unchanged(expr);
2679
2680 if(!expr.op0().is_constant())
2681 return unchanged(expr);
2682
2683 const auto op_value = numeric_cast<mp_integer>(expr.op0());
2684 if(!op_value.has_value())
2685 return unchanged(expr);
2686
2687 mp_integer no_overflow_result = -*op_value;
2688
2689 const std::size_t width = to_bitvector_type(expr.op0().type()).get_width();
2690 const integer_bitvector_typet bv_type{op_type_id, width};
2691 if(
2692 no_overflow_result < bv_type.smallest() ||
2693 no_overflow_result > bv_type.largest())
2694 {
2695 return struct_exprt{
2696 {from_integer(no_overflow_result, expr.op0().type()), true_exprt{}},
2697 expr.type()};
2698 }
2699 else
2700 {
2701 return struct_exprt{
2702 {from_integer(no_overflow_result, expr.op0().type()), false_exprt{}},
2703 expr.type()};
2704 }
2705 }
2706 else
2707 {
2708 // When one operand is zero, an overflow can only occur for a subtraction
2709 // from zero.
2710 if(expr.op0().is_zero())
2711 {
2712 if(
2713 expr.id() == ID_overflow_result_plus ||
2714 expr.id() == ID_overflow_result_shl)
2715 {
2716 return struct_exprt{{expr.op1(), false_exprt{}}, expr.type()};
2717 }
2718 else if(expr.id() == ID_overflow_result_mult)
2719 {
2720 return struct_exprt{
2721 {from_integer(0, expr.op0().type()), false_exprt{}}, expr.type()};
2722 }
2723 }
2724 else if(expr.op1().is_zero())
2725 {
2726 if(
2727 expr.id() == ID_overflow_result_plus ||
2728 expr.id() == ID_overflow_result_minus ||
2729 expr.id() == ID_overflow_result_shl)
2730 {
2731 return struct_exprt{{expr.op0(), false_exprt{}}, expr.type()};
2732 }
2733 else
2734 {
2735 return struct_exprt{
2736 {from_integer(0, expr.op0().type()), false_exprt{}}, expr.type()};
2737 }
2738 }
2739
2740 // One is neutral element for multiplication
2741 if(
2742 expr.id() == ID_overflow_result_mult &&
2743 (expr.op0().is_one() || expr.op1().is_one()))
2744 {
2745 return struct_exprt{
2746 {expr.op0().is_one() ? expr.op1() : expr.op0(), false_exprt{}},
2747 expr.type()};
2748 }
2749
2750 // we only handle the case of same operand types
2751 if(
2752 expr.id() != ID_overflow_result_shl &&
2753 expr.op0().type() != expr.op1().type())
2754 {
2755 return unchanged(expr);
2756 }
2757
2758 // catch some cases over mathematical types
2759 const irep_idt &op_type_id = expr.op0().type().id();
2760 if(
2761 expr.id() != ID_overflow_result_shl &&
2762 (op_type_id == ID_integer || op_type_id == ID_rational ||
2763 op_type_id == ID_real))
2764 {
2765 irep_idt id =
2766 expr.id() == ID_overflow_result_plus
2767 ? ID_plus
2768 : expr.id() == ID_overflow_result_minus ? ID_minus : ID_mult;
2769 return struct_exprt{
2770 {simplify_node(binary_exprt{expr.op0(), id, expr.op1()}),
2771 false_exprt{}},
2772 expr.type()};
2773 }
2774
2775 if(
2776 (expr.id() == ID_overflow_result_plus ||
2777 expr.id() == ID_overflow_result_mult) &&
2778 op_type_id == ID_natural)
2779 {
2780 return struct_exprt{
2781 {simplify_node(binary_exprt{
2782 expr.op0(),
2783 expr.id() == ID_overflow_result_plus ? ID_plus : ID_mult,
2784 expr.op1()}),
2785 false_exprt{}},
2786 expr.type()};
2787 }
2788
2789 // we only handle constants over signedbv/unsignedbv for the remaining cases
2790 if(op_type_id != ID_signedbv && op_type_id != ID_unsignedbv)
2791 return unchanged(expr);
2792
2793 // a special case of overflow-minus checking with operands (X + n) and X
2794 if(expr.id() == ID_overflow_result_minus)
2795 {
2796 const exprt &tc_op0 = skip_typecast(expr.op0());
2797 const exprt &tc_op1 = skip_typecast(expr.op1());
2798
2799 if(auto sum = expr_try_dynamic_cast<plus_exprt>(tc_op0))
2800 {
2801 if(skip_typecast(sum->op0()) == tc_op1 && sum->operands().size() == 2)
2802 {
2803 std::optional<exprt> offset;
2804 if(sum->type().id() == ID_pointer)
2805 {
2806 offset = std::move(simplify_pointer_offset(
2807 pointer_offset_exprt{*sum, expr.op0().type()})
2808 .expr);
2809 if(offset->id() == ID_pointer_offset)
2810 return unchanged(expr);
2811 }
2812 else
2813 offset = std::move(
2814 simplify_typecast(typecast_exprt{sum->op1(), expr.op0().type()})
2815 .expr);
2816
2817 exprt offset_op = skip_typecast(*offset);
2818 if(
2819 offset_op.type().id() != ID_signedbv &&
2820 offset_op.type().id() != ID_unsignedbv)
2821 {
2822 return unchanged(expr);
2823 }
2824
2825 const std::size_t width =
2826 to_bitvector_type(expr.op0().type()).get_width();
2827 const integer_bitvector_typet bv_type{op_type_id, width};
2828
2829 or_exprt not_representable{
2830 binary_relation_exprt{
2831 offset_op,
2832 ID_lt,
2833 from_integer(bv_type.smallest(), offset_op.type())},
2834 binary_relation_exprt{
2835 offset_op,
2836 ID_gt,
2837 from_integer(bv_type.largest(), offset_op.type())}};
2838
2839 return struct_exprt{
2840 {*offset, simplify_rec(not_representable)}, expr.type()};
2841 }
2842 }
2843 }
2844
2845 if(!expr.op0().is_constant() || !expr.op1().is_constant())
2846 return unchanged(expr);
2847
2848 // preserve the sizeof type annotation
2849 std::optional<typet> c_sizeof_type;
2850 for(const auto &op : expr.operands())
2851 {
2852 const typet &sizeof_type =
2853 static_cast<const typet &>(op.find(ID_C_c_sizeof_type));
2854 if(sizeof_type.is_not_nil())
2855 {
2856 c_sizeof_type = sizeof_type;
2857 break;
2858 }
2859 }
2860
2861 const auto op0_value = numeric_cast<mp_integer>(expr.op0());
2862 const auto op1_value = numeric_cast<mp_integer>(expr.op1());
2863 if(!op0_value.has_value() || !op1_value.has_value())
2864 return unchanged(expr);
2865
2866 mp_integer no_overflow_result;
2867 if(expr.id() == ID_overflow_result_plus)
2868 no_overflow_result = *op0_value + *op1_value;
2869 else if(expr.id() == ID_overflow_result_minus)
2870 no_overflow_result = *op0_value - *op1_value;
2871 else if(expr.id() == ID_overflow_result_mult)
2872 no_overflow_result = *op0_value * *op1_value;
2873 else if(expr.id() == ID_overflow_result_shl)
2874 no_overflow_result = *op0_value << *op1_value;
2875 else
2876 UNREACHABLE;
2877
2878 exprt no_overflow_result_expr =
2879 from_integer(no_overflow_result, expr.op0().type());
2880 if(c_sizeof_type.has_value())
2881 no_overflow_result_expr.set(ID_C_c_sizeof_type, *c_sizeof_type);
2882
2883 const std::size_t width = to_bitvector_type(expr.op0().type()).get_width();
2884 const integer_bitvector_typet bv_type{op_type_id, width};
2885 if(
2886 no_overflow_result < bv_type.smallest() ||
2887 no_overflow_result > bv_type.largest())
2888 {
2889 return struct_exprt{
2890 {std::move(no_overflow_result_expr), true_exprt{}}, expr.type()};
2891 }
2892 else
2893 {
2894 return struct_exprt{
2895 {std::move(no_overflow_result_expr), false_exprt{}}, expr.type()};
2896 }
2897 }
2898}
2899
2900simplify_exprt::resultt<>
2901simplify_exprt::simplify_node_preorder(const exprt &expr)
2902{
2903 auto result = unchanged(expr);
2904
2905 // The ifs below could one day be replaced by a switch()
2906
2907 if(expr.id()==ID_address_of)
2908 {
2909 // the argument of this expression needs special treatment
2910 }
2911 else if(expr.id()==ID_if)
2912 {
2913 result = simplify_if_preorder(to_if_expr(expr));
2914 }
2915 else if(expr.id() == ID_typecast)
2916 {
2917 result = simplify_typecast_preorder(to_typecast_expr(expr));
2918 }
2919 else if(
2920 expr.id() == ID_byte_extract_little_endian ||
2921 expr.id() == ID_byte_extract_big_endian)
2922 {
2923 result = simplify_byte_extract_preorder(to_byte_extract_expr(expr));
2924 }
2925 else if(expr.id() == ID_dereference)
2926 {
2927 result = simplify_dereference_preorder(to_dereference_expr(expr));
2928 }
2929 else if(expr.id() == ID_index)
2930 {
2931 result = simplify_index_preorder(to_index_expr(expr));
2932 }
2933 else if(expr.id() == ID_member)
2934 {
2935 result = simplify_member_preorder(to_member_expr(expr));
2936 }
2937 else if(
2938 expr.id() == ID_is_dynamic_object || expr.id() == ID_is_invalid_pointer ||
2939 expr.id() == ID_object_size || expr.id() == ID_pointer_object ||
2940 expr.id() == ID_pointer_offset)
2941 {
2942 result = simplify_unary_pointer_predicate_preorder(to_unary_expr(expr));
2943 }
2944 else if(expr.has_operands())
2945 {
2946 std::optional<exprt::operandst> new_operands;
2947
2948 for(std::size_t i = 0; i < expr.operands().size(); ++i)
2949 {
2950 auto r_it = simplify_rec(expr.operands()[i]); // recursive call
2951 if(r_it.has_changed())
2952 {
2953 if(!new_operands.has_value())
2954 new_operands = expr.operands();
2955 (*new_operands)[i] = std::move(r_it.expr);
2956 }
2957 }
2958
2959 if(new_operands.has_value())
2960 {
2961 std::swap(result.expr.operands(), *new_operands);
2962 result.expr_changed = resultt<>::CHANGED;
2963 }
2964 }
2965
2966 if(as_const(result.expr).type().id() == ID_array)
2967 {
2968 const array_typet &array_type = to_array_type(as_const(result.expr).type());
2969 resultt<> simp_size = simplify_rec(array_type.size());
2970 if(simp_size.has_changed())
2971 {
2972 to_array_type(result.expr.type()).size() = simp_size.expr;
2973 result.expr_changed = resultt<>::CHANGED;
2974 }
2975 }
2976
2977 return result;
2978}
2979
2980simplify_exprt::resultt<> simplify_exprt::simplify_node(const exprt &node)
2981{
2982 if(!node.has_operands())
2983 return unchanged(node); // no change
2984
2985 // #define DEBUGX
2986
2987#ifdef DEBUGX
2988 exprt old(node);
2989#endif
2990
2991 exprt expr = node;
2992 bool no_change_join_operands = join_operands(expr);
2993
2994 resultt<> r = unchanged(expr);
2995
2996 if(expr.id()==ID_typecast)
2997 {
2998 r = simplify_typecast(to_typecast_expr(expr));
2999 }
3000 else if(expr.id()==ID_equal || expr.id()==ID_notequal ||
3001 expr.id()==ID_gt || expr.id()==ID_lt ||
3002 expr.id()==ID_ge || expr.id()==ID_le)
3003 {
3004 r = simplify_inequality(to_binary_relation_expr(expr));
3005 }
3006 else if(expr.id()==ID_if)
3007 {
3008 r = simplify_if(to_if_expr(expr));
3009 }
3010 else if(expr.id()==ID_lambda)
3011 {
3012 r = simplify_lambda(to_lambda_expr(expr));
3013 }
3014 else if(expr.id()==ID_with)
3015 {
3016 r = simplify_with(to_with_expr(expr));
3017 }
3018 else if(expr.id()==ID_update)
3019 {
3020 r = simplify_update(to_update_expr(expr));
3021 }
3022 else if(expr.id()==ID_index)
3023 {
3024 r = simplify_index(to_index_expr(expr));
3025 }
3026 else if(expr.id()==ID_member)
3027 {
3028 r = simplify_member(to_member_expr(expr));
3029 }
3030 else if(expr.id()==ID_byte_update_little_endian ||
3031 expr.id()==ID_byte_update_big_endian)
3032 {
3033 r = simplify_byte_update(to_byte_update_expr(expr));
3034 }
3035 else if(expr.id()==ID_byte_extract_little_endian ||
3036 expr.id()==ID_byte_extract_big_endian)
3037 {
3038 r = simplify_byte_extract(to_byte_extract_expr(expr));
3039 }
3040 else if(expr.id()==ID_pointer_object)
3041 {
3042 r = simplify_pointer_object(to_pointer_object_expr(expr));
3043 }
3044 else if(expr.id() == ID_is_dynamic_object)
3045 {
3046 r = simplify_is_dynamic_object(to_unary_expr(expr));
3047 }
3048 else if(expr.id() == ID_is_invalid_pointer)
3049 {
3050 r = simplify_is_invalid_pointer(to_unary_expr(expr));
3051 }
3052 else if(
3053 const auto object_size = expr_try_dynamic_cast<object_size_exprt>(expr))
3054 {
3055 r = simplify_object_size(*object_size);
3056 }
3057 else if(expr.id()==ID_div)
3058 {
3059 r = simplify_div(to_div_expr(expr));
3060 }
3061 else if(expr.id()==ID_mod)
3062 {
3063 r = simplify_mod(to_mod_expr(expr));
3064 }
3065 else if(expr.id()==ID_bitnot)
3066 {
3067 r = simplify_bitnot(to_bitnot_expr(expr));
3068 }
3069 else if(
3070 expr.id() == ID_bitand || expr.id() == ID_bitor || expr.id() == ID_bitxor ||
3071 expr.id() == ID_bitxnor)
3072 {
3073 r = simplify_bitwise(to_multi_ary_expr(expr));
3074 }
3075 else if(expr.id()==ID_ashr || expr.id()==ID_lshr || expr.id()==ID_shl)
3076 {
3077 r = simplify_shifts(to_shift_expr(expr));
3078 }
3079 else if(expr.id()==ID_power)
3080 {
3081 r = simplify_power(to_power_expr(expr));
3082 }
3083 else if(expr.id()==ID_plus)
3084 {
3085 r = simplify_plus(to_plus_expr(expr));
3086 }
3087 else if(expr.id()==ID_minus)
3088 {
3089 r = simplify_minus(to_minus_expr(expr));
3090 }
3091 else if(expr.id()==ID_mult)
3092 {
3093 r = simplify_mult(to_mult_expr(expr));
3094 }
3095 else if(expr.id()==ID_floatbv_plus ||
3096 expr.id()==ID_floatbv_minus ||
3097 expr.id()==ID_floatbv_mult ||
3098 expr.id()==ID_floatbv_div)
3099 {
3100 r = simplify_floatbv_op(to_ieee_float_op_expr(expr));
3101 }
3102 else if(expr.id() == ID_floatbv_round_to_integral)
3103 {
3104 r = simplify_floatbv_round_to_integral(
3105 to_floatbv_round_to_integral_expr(expr));
3106 }
3107 else if(expr.id()==ID_floatbv_typecast)
3108 {
3109 r = simplify_floatbv_typecast(to_floatbv_typecast_expr(expr));
3110 }
3111 else if(expr.id()==ID_unary_minus)
3112 {
3113 r = simplify_unary_minus(to_unary_minus_expr(expr));
3114 }
3115 else if(expr.id()==ID_unary_plus)
3116 {
3117 r = simplify_unary_plus(to_unary_plus_expr(expr));
3118 }
3119 else if(expr.id()==ID_not)
3120 {
3121 r = simplify_not(to_not_expr(expr));
3122 }
3123 else if(expr.id()==ID_implies ||
3124 expr.id()==ID_or || expr.id()==ID_xor ||
3125 expr.id()==ID_and)
3126 {
3127 r = simplify_boolean(expr);
3128 }
3129 else if(expr.id()==ID_dereference)
3130 {
3131 r = simplify_dereference(to_dereference_expr(expr));
3132 }
3133 else if(expr.id()==ID_address_of)
3134 {
3135 r = simplify_address_of(to_address_of_expr(expr));
3136 }
3137 else if(expr.id()==ID_pointer_offset)
3138 {
3139 r = simplify_pointer_offset(to_pointer_offset_expr(expr));
3140 }
3141 else if(expr.id()==ID_extractbit)
3142 {
3143 r = simplify_extractbit(to_extractbit_expr(expr));
3144 }
3145 else if(expr.id()==ID_concatenation)
3146 {
3147 r = simplify_concatenation(to_concatenation_expr(expr));
3148 }
3149 else if(expr.id()==ID_extractbits)
3150 {
3151 r = simplify_extractbits(to_extractbits_expr(expr));
3152 }
3153 else if(expr.id() == ID_zero_extend)
3154 {
3155 r = simplify_zero_extend(to_zero_extend_expr(expr));
3156 }
3157 else if(expr.id()==ID_ieee_float_equal ||
3158 expr.id()==ID_ieee_float_notequal)
3159 {
3160 r = simplify_ieee_float_relation(to_binary_relation_expr(expr));
3161 }
3162 else if(expr.id() == ID_bswap)
3163 {
3164 r = simplify_bswap(to_bswap_expr(expr));
3165 }
3166 else if(expr.id()==ID_isinf)
3167 {
3168 r = simplify_isinf(to_unary_expr(expr));
3169 }
3170 else if(expr.id()==ID_isnan)
3171 {
3172 r = simplify_isnan(to_unary_expr(expr));
3173 }
3174 else if(expr.id()==ID_isnormal)
3175 {
3176 r = simplify_isnormal(to_unary_expr(expr));
3177 }
3178 else if(expr.id()==ID_abs)
3179 {
3180 r = simplify_abs(to_abs_expr(expr));
3181 }
3182 else if(expr.id()==ID_sign)
3183 {
3184 r = simplify_sign(to_sign_expr(expr));
3185 }
3186 else if(expr.id() == ID_popcount)
3187 {
3188 r = simplify_popcount(to_popcount_expr(expr));
3189 }
3190 else if(expr.id() == ID_count_leading_zeros)
3191 {
3192 r = simplify_clz(to_count_leading_zeros_expr(expr));
3193 }
3194 else if(expr.id() == ID_count_trailing_zeros)
3195 {
3196 r = simplify_ctz(to_count_trailing_zeros_expr(expr));
3197 }
3198 else if(expr.id() == ID_find_first_set)
3199 {
3200 r = simplify_ffs(to_find_first_set_expr(expr));
3201 }
3202 else if(expr.id() == ID_function_application)
3203 {
3204 r = simplify_function_application(to_function_application_expr(expr));
3205 }
3206 else if(expr.id() == ID_complex_real || expr.id() == ID_complex_imag)
3207 {
3208 r = simplify_complex(to_unary_expr(expr));
3209 }
3210 else if(
3211 const auto binary_overflow =
3212 expr_try_dynamic_cast<binary_overflow_exprt>(expr))
3213 {
3214 r = simplify_overflow_binary(*binary_overflow);
3215 }
3216 else if(
3217 const auto unary_overflow =
3218 expr_try_dynamic_cast<unary_overflow_exprt>(expr))
3219 {
3220 r = simplify_overflow_unary(*unary_overflow);
3221 }
3222 else if(
3223 const auto overflow_result =
3224 expr_try_dynamic_cast<overflow_result_exprt>(expr))
3225 {
3226 r = simplify_overflow_result(*overflow_result);
3227 }
3228 else if(expr.id() == ID_bitreverse)
3229 {
3230 r = simplify_bitreverse(to_bitreverse_expr(expr));
3231 }
3232 else if(
3233 const auto prophecy_r_or_w_ok =
3234 expr_try_dynamic_cast<prophecy_r_or_w_ok_exprt>(expr))
3235 {
3236 r = simplify_prophecy_r_or_w_ok(*prophecy_r_or_w_ok);
3237 }
3238 else if(
3239 const auto prophecy_pointer_in_range =
3240 expr_try_dynamic_cast<prophecy_pointer_in_range_exprt>(expr))
3241 {
3242 r = simplify_prophecy_pointer_in_range(*prophecy_pointer_in_range);
3243 }
3244 else if(expr.id() == ID_exists || expr.id() == ID_forall)
3245 {
3246 r = simplify_quantifier_expr(to_quantifier_expr(expr));
3247 }
3248
3249 if(!no_change_join_operands)
3250 r = changed(r);
3251
3252#ifdef DEBUGX
3253 if(
3254 r.has_changed()
3255# ifdef DEBUG_ON_DEMAND
3256 && debug_on
3257# endif
3258 )
3259 {
3260 std::cout << "===== " << node.id() << ": " << format(node) << '\n'
3261 << " ---> " << format(r.expr) << '\n';
3262 }
3263#endif
3264
3265 return r;
3266}
3267
3268simplify_exprt::resultt<> simplify_exprt::simplify_rec(const exprt &expr)
3269{
3270 // look up in cache
3271
3272 #ifdef USE_CACHE
3273 std::pair<simplify_expr_cachet::containert::iterator, bool>
3274 cache_result=simplify_expr_cache.container().
3275 insert(std::pair<exprt, exprt>(expr, exprt()));
3276
3277 if(!cache_result.second) // found!
3278 {
3279 const exprt &new_expr=cache_result.first->second;
3280
3281 if(new_expr.id().empty())
3282 return true; // no change
3283
3284 expr=new_expr;
3285 return false;
3286 }
3287 #endif
3288
3289 // We work on a copy to prevent unnecessary destruction of sharing.
3290 auto simplify_node_preorder_result = simplify_node_preorder(expr);
3291
3292 auto simplify_node_result = simplify_node(simplify_node_preorder_result.expr);
3293
3294 if(
3295 !simplify_node_result.has_changed() &&
3296 simplify_node_preorder_result.has_changed())
3297 {
3298 simplify_node_result.expr_changed =
3299 simplify_node_preorder_result.expr_changed;
3300 }
3301
3302#ifdef USE_LOCAL_REPLACE_MAP
3303 exprt tmp = simplify_node_result.expr;
3304# if 1
3305 replace_mapt::const_iterator it =
3306 local_replace_map.find(simplify_node_result.expr);
3307 if(it!=local_replace_map.end())
3308 simplify_node_result = changed(it->second);
3309# else
3310 if(
3311 !local_replace_map.empty() &&
3312 !replace_expr(local_replace_map, simplify_node_result.expr))
3313 {
3314 simplify_node_result = changed(simplify_rec(simplify_node_result.expr));
3315 }
3316# endif
3317#endif
3318
3319 if(!simplify_node_result.has_changed())
3320 {
3321 return unchanged(expr);
3322 }
3323 else
3324 {
3325 POSTCONDITION_WITH_DIAGNOSTICS(
3326 (as_const(simplify_node_result.expr).type().id() == ID_array &&
3327 expr.type().id() == ID_array) ||
3328 as_const(simplify_node_result.expr).type() == expr.type(),
3329 simplify_node_result.expr.pretty(),
3330 expr.pretty());
3331
3332#ifdef USE_CACHE
3333 // save in cache
3334 cache_result.first->second = simplify_node_result.expr;
3335#endif
3336
3337 return simplify_node_result;
3338 }
3339}
3340
3342bool simplify_exprt::simplify(exprt &expr)
3343{
3344#ifdef DEBUG_ON_DEMAND
3345 if(debug_on)
3346 std::cout << "TO-SIMP " << format(expr) << "\n";
3347#endif
3348 auto result = simplify_rec(expr);
3349#ifdef DEBUG_ON_DEMAND
3350 if(debug_on)
3351 std::cout << "FULLSIMP " << format(result.expr) << "\n";
3352#endif
3353 if(result.has_changed())
3354 {
3355 expr = result.expr;
3356 return false; // change
3357 }
3358 else
3359 return true; // no change
3360}
3361
3363bool simplify(exprt &expr, const namespacet &ns)
3364{
3365 return simplify_exprt(ns).simplify(expr);
3366}
3367
3368exprt simplify_expr(exprt src, const namespacet &ns)
3369{
3370 simplify_exprt(ns).simplify(src);
3371 return src;
3372}
config
configt config
Definition config.cpp:25
bvrep2integer
mp_integer bvrep2integer(const irep_idt &src, std::size_t width, bool is_signed)
convert a bit-vector representation (possibly signed) to integer
Definition arith_tools.cpp:414
from_integer
constant_exprt from_integer(const mp_integer &int_value, const typet &type)
Definition arith_tools.cpp:99
to_integer
bool to_integer(const constant_exprt &expr, mp_integer &int_value)
Convert a constant expression expr to an arbitrary-precision integer.
Definition arith_tools.cpp:20
get_bvrep_bit
bool get_bvrep_bit(const irep_idt &src, std::size_t width, std::size_t bit_index)
Get a bit with given index from bit-vector representation.
Definition arith_tools.cpp:274
power
mp_integer power(const mp_integer &base, const mp_integer &exponent)
A multi-precision implementation of the power operator.
Definition arith_tools.cpp:207
as_const
const T & as_const(T &value)
Return a reference to the same object but ensures the type is const.
Definition as_const.h:14
bitvector_expr.h
API to expression classes for bitvectors.
to_shift_expr
const shift_exprt & to_shift_expr(const exprt &expr)
Cast an exprt to a shift_exprt.
Definition bitvector_expr.h:427
to_popcount_expr
const popcount_exprt & to_popcount_expr(const exprt &expr)
Cast an exprt to a popcount_exprt.
Definition bitvector_expr.h:993
to_extractbits_expr
const extractbits_exprt & to_extractbits_expr(const exprt &expr)
Cast an exprt to an extractbits_exprt.
Definition bitvector_expr.h:652
to_find_first_set_expr
const find_first_set_exprt & to_find_first_set_expr(const exprt &expr)
Cast an exprt to a find_first_set_exprt.
Definition bitvector_expr.h:1797
to_bitnot_expr
const bitnot_exprt & to_bitnot_expr(const exprt &expr)
Cast an exprt to a bitnot_exprt.
Definition bitvector_expr.h:106
to_bswap_expr
const bswap_exprt & to_bswap_expr(const exprt &expr)
Cast an exprt to a bswap_exprt.
Definition bitvector_expr.h:63
to_count_leading_zeros_expr
const count_leading_zeros_exprt & to_count_leading_zeros_expr(const exprt &expr)
Cast an exprt to a count_leading_zeros_exprt.
Definition bitvector_expr.h:1351
to_bitreverse_expr
const bitreverse_exprt & to_bitreverse_expr(const exprt &expr)
Cast an exprt to a bitreverse_exprt.
Definition bitvector_expr.h:1494
to_extractbit_expr
const extractbit_exprt & to_extractbit_expr(const exprt &expr)
Cast an exprt to an extractbit_exprt.
Definition bitvector_expr.h:578
to_concatenation_expr
const concatenation_exprt & to_concatenation_expr(const exprt &expr)
Cast an exprt to a concatenation_exprt.
Definition bitvector_expr.h:944
to_zero_extend_expr
const zero_extend_exprt & to_zero_extend_expr(const exprt &expr)
Cast an exprt to a zero_extend_exprt.
Definition bitvector_expr.h:1844
to_count_trailing_zeros_expr
const count_trailing_zeros_exprt & to_count_trailing_zeros_expr(const exprt &expr)
Cast an exprt to a count_trailing_zeros_exprt.
Definition bitvector_expr.h:1444
to_bv_type
const bv_typet & to_bv_type(const typet &type)
Cast a typet to a bv_typet.
Definition bitvector_types.h:86
to_fixedbv_type
const fixedbv_typet & to_fixedbv_type(const typet &type)
Cast a typet to a fixedbv_typet.
Definition bitvector_types.h:324
to_bitvector_type
const bitvector_typet & to_bitvector_type(const typet &type)
Cast a typet to a bitvector_typet.
Definition bitvector_types.h:32
to_floatbv_type
const floatbv_typet & to_floatbv_type(const typet &type)
Cast a typet to a floatbv_typet.
Definition bitvector_types.h:386
slice
void slice(symex_bmct &symex, symex_target_equationt &symex_target_equation, const namespacet &ns, const optionst &options, ui_message_handlert &ui_message_handler)
Definition bmc_util.cpp:175
byte_operators.h
Expression classes for byte-level operators.
to_byte_update_expr
const byte_update_exprt & to_byte_update_expr(const exprt &expr)
Definition byte_operators.h:143
lower_byte_extract
exprt lower_byte_extract(const byte_extract_exprt &src, const namespacet &ns)
Rewrite a byte extract expression to more fundamental operations.
Definition lower_byte_operators.cpp:1215
to_byte_extract_expr
const byte_extract_exprt & to_byte_extract_expr(const exprt &expr)
Definition byte_operators.h:70
pointer_type
pointer_typet pointer_type(const typet &subtype)
Definition c_types.cpp:235
c_types.h
to_c_enum_type
const c_enum_typet & to_c_enum_type(const typet &type)
Cast a typet to a c_enum_typet.
Definition c_types.h:335
to_c_enum_tag_type
const c_enum_tag_typet & to_c_enum_tag_type(const typet &type)
Cast a typet to a c_enum_tag_typet.
Definition c_types.h:377
to_union_type
const union_typet & to_union_type(const typet &type)
Cast a typet to a union_typet.
Definition c_types.h:184
to_union_tag_type
const union_tag_typet & to_union_tag_type(const typet &type)
Cast a typet to a union_tag_typet.
Definition c_types.h:224
abs_exprt
Absolute value.
Definition std_expr.h:442
address_of_exprt
Operator to return the address of an object.
Definition pointer_expr.h:540
ait
ait supplies three of the four components needed: an abstract interpreter (in this case handling func...
Definition ai.h:562
ait::ait
ait()
Definition ai.h:565
array_exprt
Array constructor from list of elements.
Definition std_expr.h:1621
array_typet
Arrays with given size.
Definition std_types.h:807
binary_exprt
A base class for binary expressions.
Definition std_expr.h:638
binary_exprt::op0
exprt & op0()
Definition expr.h:133
binary_exprt::op1
exprt & op1()
Definition expr.h:136
binary_overflow_exprt
A Boolean expression returning true, iff operation kind would result in an overflow when applied to o...
Definition bitvector_expr.h:1013
binary_relation_exprt
A base class for relations, i.e., binary predicates whose two operands have the same type.
Definition std_expr.h:762
byte_extract_exprt
Expression of type type extracted from some object op starting at position offset (given in number of...
Definition byte_operators.h:29
byte_extract_exprt::offset
exprt & offset()
Definition byte_operators.h:47
byte_extract_exprt::op
exprt & op()
Definition byte_operators.h:46
byte_extract_exprt::get_bits_per_byte
std::size_t get_bits_per_byte() const
Definition byte_operators.h:52
byte_update_exprt
Expression corresponding to op() where the bytes starting at position offset (given in number of byte...
Definition byte_operators.h:91
byte_update_exprt::offset
const exprt & offset() const
Definition byte_operators.h:122
byte_update_exprt::op
const exprt & op() const
Definition byte_operators.h:121
byte_update_exprt::get_bits_per_byte
std::size_t get_bits_per_byte() const
Definition byte_operators.h:125
byte_update_exprt::value
const exprt & value() const
Definition byte_operators.h:123
c_bool_typet
The C/C++ Booleans.
Definition c_types.h:97
c_enum_tag_typet
C enum tag type, i.e., c_enum_typet with an identifier.
Definition c_types.h:352
can_forward_propagatet
Determine whether an expression is constant.
Definition expr_util.h:87
configt::ansi_c
struct configt::ansi_ct ansi_c
constant_exprt
A constant literal expression.
Definition std_expr.h:3118
count_leading_zeros_exprt
The count leading zeros (counting the number of zero bits starting from the most-significant bit) exp...
Definition bitvector_expr.h:1283
count_leading_zeros_exprt::zero_permitted
bool zero_permitted() const
Definition bitvector_expr.h:1296
count_trailing_zeros_exprt
The count trailing zeros (counting the number of zero bits starting from the least-significant bit) e...
Definition bitvector_expr.h:1376
count_trailing_zeros_exprt::zero_permitted
bool zero_permitted() const
Definition bitvector_expr.h:1389
dereference_exprt
Operator to dereference a pointer.
Definition pointer_expr.h:834
dereference_exprt::pointer
exprt & pointer()
Definition pointer_expr.h:847
dstringt
dstringt has one field, an unsigned integer no which is an index into a static table of strings.
Definition dstring.h:38
empty_union_exprt
Union constructor to support unions without any member (a GCC/Clang feature).
Definition std_expr.h:1834
exprt
Base class for all expressions.
Definition expr.h:56
exprt::operandst
std::vector< exprt > operandst
Definition expr.h:58
exprt::is_one
bool is_one() const
Return whether the expression is a constant representing 1.
Definition expr.cpp:96
exprt::has_operands
bool has_operands() const
Return true if there is at least one operand.
Definition expr.h:91
exprt::is_zero
bool is_zero() const
Return whether the expression is a constant representing 0.
Definition expr.cpp:47
exprt::is_constant
bool is_constant() const
Return whether the expression is a constant.
Definition expr.h:212
exprt::type
typet & type()
Return the type of the expression.
Definition expr.h:84
exprt::operands
operandst & operands()
Definition expr.h:94
exprt::source_location
const source_locationt & source_location() const
Definition expr.h:231
exprt::add_to_operands
void add_to_operands(const exprt &expr)
Add the given argument to the end of exprt's operands.
Definition expr.h:170
extractbits_exprt
Extracts a sub-range of a bit-vector operand.
Definition bitvector_expr.h:597
false_exprt
The Boolean constant false.
Definition std_expr.h:3200
find_first_set_exprt
Returns one plus the index of the least-significant one bit, or zero if the operand is zero.
Definition bitvector_expr.h:1741
fixedbv_spect
Definition fixedbv.h:20
fixedbv_typet
Fixed-width bit-vector with signed fixed-point interpretation.
Definition bitvector_types.h:280
fixedbvt::spec
fixedbv_spect spec
Definition fixedbv.h:44
fixedbvt::from_integer
void from_integer(const mp_integer &i)
Definition fixedbv.cpp:32
fixedbvt::to_integer
mp_integer to_integer() const
Definition fixedbv.cpp:37
fixedbvt::round
void round(const fixedbv_spect &dest_spec)
Definition fixedbv.cpp:52
fixedbvt::to_expr
constant_exprt to_expr() const
Definition fixedbv.cpp:43
floatbv_typet
Fixed-width bit-vector with IEEE floating-point interpretation.
Definition bitvector_types.h:341
function_application_exprt
Application of (mathematical) function.
Definition mathematical_expr.h:213
function_application_exprt::arguments
argumentst & arguments()
Definition mathematical_expr.h:234
function_application_exprt::function
exprt & function()
Definition mathematical_expr.h:221
ieee_float_spect
Definition ieee_float.h:22
ieee_float_valuet
An IEEE 754 floating-point value, including specificiation.
Definition ieee_float.h:117
ieee_float_valuet::set_sign
void set_sign(bool _sign)
Definition ieee_float.h:160
ieee_float_valuet::spec
ieee_float_spect spec
Definition ieee_float.h:119
ieee_float_valuet::to_expr
constant_exprt to_expr() const
Definition ieee_float.cpp:579
ieee_float_valuet::pack
mp_integer pack() const
Definition ieee_float.cpp:377
ieee_float_valuet::get_sign
bool get_sign() const
Definition ieee_float.h:254
ieee_floatt
An IEEE 754 value plus a rounding mode, enabling operations with rounding on values.
Definition ieee_float.h:338
ieee_floatt::to_integer
mp_integer to_integer() const
Definition ieee_float.cpp:1256
ieee_floatt::from_integer
void from_integer(const mp_integer &i)
Definition ieee_float.cpp:813
ieee_floatt::ROUND_TO_EVEN
@ ROUND_TO_EVEN
Definition ieee_float.h:348
ieee_floatt::change_spec
void change_spec(const ieee_float_spect &dest_spec)
Definition ieee_float.cpp:1231
if_exprt
The trinary if-then-else operator.
Definition std_expr.h:2502
index_exprt
Array index operator.
Definition std_expr.h:1470
index_exprt::index
exprt & index()
Definition std_expr.h:1510
index_exprt::array
exprt & array()
Definition std_expr.h:1500
integer_bitvector_typet
Fixed-width bit-vector representing a signed or unsigned integer.
Definition bitvector_types.h:103
irept::pretty
std::string pretty(unsigned indent=0, unsigned max_indent=0) const
Definition irep.cpp:482
irept::get
const irep_idt & get(const irep_idt &name) const
Definition irep.cpp:44
irept::id
const irep_idt & id() const
Definition irep.h:388
lambda_exprt
A (mathematical) lambda expression.
Definition mathematical_expr.h:438
member_exprt
Extract member of struct or union.
Definition std_expr.h:2972
mult_exprt
Binary multiplication Associativity is not specified.
Definition std_expr.h:1107
namespacet
A namespacet is essentially one or two symbol tables bound together, to allow for symbol lookups in t...
Definition namespace.h:91
nil_exprt
The NIL expression.
Definition std_expr.h:3209
null_pointer_exprt
The null pointer constant.
Definition pointer_expr.h:909
or_exprt
Boolean OR.
Definition std_expr.h:2275
overflow_result_exprt
An expression returning both the result of the arithmetic operation under wrap-around semantics as we...
Definition bitvector_expr.h:1613
overflow_result_exprt::op0
exprt & op0()
Definition expr.h:133
overflow_result_exprt::op1
exprt & op1()
Definition expr.h:136
plus_exprt
The plus expression Associativity is not specified.
Definition std_expr.h:1002
pointer_offset_exprt
The offset (in bytes) of a pointer relative to the object.
Definition pointer_expr.h:1282
popcount_exprt
The popcount (counting the number of bits set to 1) expression.
Definition bitvector_expr.h:959
refined_string_exprt
Definition string_expr.h:110
refined_string_exprt::length
const exprt & length() const
Definition string_expr.h:129
refined_string_exprt::content
const exprt & content() const
Definition string_expr.h:139
sign_exprt
Sign of an expression Predicate is true if _op is negative, false otherwise.
Definition std_expr.h:596
signedbv_typet
Fixed-width bit-vector with two's complement interpretation.
Definition bitvector_types.h:222
simplify_exprt
Definition simplify_expr_class.h:85
simplify_exprt::simplify_isnan
resultt simplify_isnan(const unary_exprt &)
Definition simplify_expr_floatbv.cpp:37
simplify_exprt::simplify_bitwise
resultt simplify_bitwise(const multi_ary_exprt &)
Definition simplify_expr_int.cpp:666
simplify_exprt::ns
const namespacet & ns
Definition simplify_expr_class.h:291
simplify_exprt::simplify_quantifier_expr
resultt simplify_quantifier_expr(const quantifier_exprt &)
Try to simplify exists/forall to a constant expression.
Definition simplify_expr_boolean.cpp:382
simplify_exprt::simplify_div
resultt simplify_div(const div_exprt &)
Definition simplify_expr_int.cpp:277
simplify_exprt::simplify_byte_extract
resultt simplify_byte_extract(const byte_extract_exprt &)
Definition simplify_expr.cpp:1644
simplify_exprt::simplify_bitreverse
resultt simplify_bitreverse(const bitreverse_exprt &)
Try to simplify bit-reversing to a constant expression.
Definition simplify_expr_int.cpp:2081
simplify_exprt::simplify_abs
resultt simplify_abs(const abs_exprt &)
Definition simplify_expr.cpp:65
simplify_exprt::simplify_isnormal
resultt simplify_isnormal(const unary_exprt &)
Definition simplify_expr_floatbv.cpp:51
simplify_exprt::simplify_dereference
resultt simplify_dereference(const dereference_exprt &)
Definition simplify_expr.cpp:1395
simplify_exprt::simplify_bitnot
resultt simplify_bitnot(const bitnot_exprt &)
Definition simplify_expr_int.cpp:1324
simplify_exprt::simplify_zero_extend
resultt simplify_zero_extend(const zero_extend_exprt &)
Definition simplify_expr_int.cpp:1013
simplify_exprt::simplify_prophecy_r_or_w_ok
resultt simplify_prophecy_r_or_w_ok(const prophecy_r_or_w_ok_exprt &)
Try to simplify prophecy_{r,w,rw}_ok to a constant expression.
Definition simplify_expr_pointer.cpp:687
simplify_exprt::simplify_member_preorder
resultt simplify_member_preorder(const member_exprt &)
Definition simplify_expr_struct.cpp:279
simplify_exprt::simplify_popcount
resultt simplify_popcount(const popcount_exprt &)
Definition simplify_expr.cpp:125
simplify_exprt::changed
static resultt changed(resultt<> result)
Definition simplify_expr_class.h:146
simplify_exprt::simplify_dereference_preorder
resultt simplify_dereference_preorder(const dereference_exprt &)
Definition simplify_expr.cpp:1436
simplify_exprt::simplify_unary_pointer_predicate_preorder
resultt simplify_unary_pointer_predicate_preorder(const unary_exprt &)
Definition simplify_expr_pointer.cpp:55
simplify_exprt::simplify_address_of
resultt simplify_address_of(const address_of_exprt &)
Definition simplify_expr_pointer.cpp:238
simplify_exprt::simplify_if
resultt simplify_if(const if_exprt &)
Definition simplify_expr_if.cpp:336
simplify_exprt::simplify_node
resultt simplify_node(const exprt &)
Definition simplify_expr.cpp:2980
simplify_exprt::simplify_node_preorder
resultt simplify_node_preorder(const exprt &)
Definition simplify_expr.cpp:2901
simplify_exprt::simplify_prophecy_pointer_in_range
resultt simplify_prophecy_pointer_in_range(const prophecy_pointer_in_range_exprt &)
Try to simplify prophecy_pointer_in_range to a constant expression.
Definition simplify_expr_pointer.cpp:697
simplify_exprt::simplify_overflow_unary
resultt simplify_overflow_unary(const unary_overflow_exprt &)
Try to simplify overflow-unary-.
Definition simplify_expr.cpp:2606
simplify_exprt::simplify_minus
resultt simplify_minus(const minus_exprt &)
Definition simplify_expr_int.cpp:574
simplify_exprt::simplify_extractbit
resultt simplify_extractbit(const extractbit_exprt &)
Definition simplify_expr_int.cpp:844
simplify_exprt::simplify_rec
resultt simplify_rec(const exprt &)
Definition simplify_expr.cpp:3268
simplify_exprt::simplify_shifts
resultt simplify_shifts(const shift_exprt &)
Definition simplify_expr_int.cpp:1025
simplify_exprt::simplify_index_preorder
resultt simplify_index_preorder(const index_exprt &)
Definition simplify_expr_array.cpp:208
simplify_exprt::simplify_typecast
resultt simplify_typecast(const typecast_exprt &)
Definition simplify_expr.cpp:757
simplify_exprt::simplify_pointer_object
resultt simplify_pointer_object(const pointer_object_exprt &)
Definition simplify_expr_pointer.cpp:526
simplify_exprt::simplify_boolean
resultt simplify_boolean(const exprt &)
Definition simplify_expr_boolean.cpp:20
simplify_exprt::simplify_object
resultt simplify_object(const exprt &)
Definition simplify_expr.cpp:1564
simplify_exprt::simplify_mult
resultt simplify_mult(const mult_exprt &)
Definition simplify_expr_int.cpp:165
simplify_exprt::simplify_floatbv_typecast
resultt simplify_floatbv_typecast(const floatbv_typecast_exprt &)
Definition simplify_expr_floatbv.cpp:161
simplify_exprt::simplify_with
resultt simplify_with(const with_exprt &)
Definition simplify_expr.cpp:1465
simplify_exprt::simplify_inequality
virtual resultt simplify_inequality(const binary_relation_exprt &)
simplifies inequalities !=, <=, <, >=, >, and also ==
Definition simplify_expr_int.cpp:1355
simplify_exprt::simplify_not
resultt simplify_not(const not_exprt &)
Definition simplify_expr_boolean.cpp:324
simplify_exprt::simplify_isinf
resultt simplify_isinf(const unary_exprt &)
Definition simplify_expr_floatbv.cpp:23
simplify_exprt::simplify_overflow_binary
resultt simplify_overflow_binary(const binary_overflow_exprt &)
Try to simplify overflow-+, overflow-*, overflow–, overflow-shl.
Definition simplify_expr.cpp:2534
simplify_exprt::simplify_function_application
resultt simplify_function_application(const function_application_exprt &)
Attempt to simplify mathematical function applications if we have enough information to do so.
Definition simplify_expr.cpp:700
simplify_exprt::simplify_index
resultt simplify_index(const index_exprt &)
Definition simplify_expr_array.cpp:20
simplify_exprt::simplify_bswap
resultt simplify_bswap(const bswap_exprt &)
Definition simplify_expr_int.cpp:33
simplify_exprt::simplify_member
resultt simplify_member(const member_exprt &)
Definition simplify_expr_struct.cpp:23
simplify_exprt::unchanged
static resultt unchanged(exprt expr)
Definition simplify_expr_class.h:141
simplify_exprt::simplify_byte_update
resultt simplify_byte_update(const byte_update_exprt &)
Definition simplify_expr.cpp:2066
simplify_exprt::simplify_extractbits
resultt simplify_extractbits(const extractbits_exprt &)
Simplifies extracting of bits from a constant.
Definition simplify_expr_int.cpp:1160
simplify_exprt::simplify_update
resultt simplify_update(const update_exprt &)
Definition simplify_expr.cpp:1516
simplify_exprt::simplify_is_invalid_pointer
resultt simplify_is_invalid_pointer(const unary_exprt &)
Definition simplify_expr_pointer.cpp:607
simplify_exprt::simplify_mod
resultt simplify_mod(const mod_exprt &)
Definition simplify_expr_int.cpp:371
simplify_exprt::simplify_complex
resultt simplify_complex(const unary_exprt &)
Definition simplify_expr.cpp:2513
simplify_exprt::simplify_pointer_offset
virtual resultt simplify_pointer_offset(const pointer_offset_exprt &)
Definition simplify_expr_pointer.cpp:276
simplify_exprt::simplify_plus
resultt simplify_plus(const plus_exprt &)
Definition simplify_expr_int.cpp:408
simplify_exprt::simplify
virtual bool simplify(exprt &expr)
Definition simplify_expr.cpp:3342
simplify_exprt::simplify_unary_plus
resultt simplify_unary_plus(const unary_plus_exprt &)
Definition simplify_expr_int.cpp:1257
simplify_exprt::simplify_overflow_result
resultt simplify_overflow_result(const overflow_result_exprt &)
Try to simplify overflow_result-+, overflow_result-*, overflow_result–, overflow_result-shl,...
Definition simplify_expr.cpp:2654
simplify_exprt::simplify_ffs
resultt simplify_ffs(const find_first_set_exprt &)
Try to simplify find-first-set to a constant expression.
Definition simplify_expr.cpp:203
simplify_exprt::simplify_if_preorder
resultt simplify_if_preorder(const if_exprt &expr)
Definition simplify_expr_if.cpp:241
simplify_exprt::simplify_byte_extract_preorder
resultt simplify_byte_extract_preorder(const byte_extract_exprt &)
Definition simplify_expr.cpp:2031
simplify_exprt::simplify_is_dynamic_object
resultt simplify_is_dynamic_object(const unary_exprt &)
Definition simplify_expr_pointer.cpp:558
simplify_exprt::simplify_power
resultt simplify_power(const power_exprt &)
Definition simplify_expr_int.cpp:1133
simplify_exprt::simplify_object_size
resultt simplify_object_size(const object_size_exprt &)
Definition simplify_expr_pointer.cpp:640
simplify_exprt::simplify_lambda
resultt simplify_lambda(const lambda_exprt &)
Definition simplify_expr.cpp:1460
simplify_exprt::simplify_concatenation
resultt simplify_concatenation(const concatenation_exprt &)
Definition simplify_expr_int.cpp:873
simplify_exprt::simplify_floatbv_op
resultt simplify_floatbv_op(const ieee_float_op_exprt &)
Definition simplify_expr_floatbv.cpp:295
simplify_exprt::simplify_ctz
resultt simplify_ctz(const count_trailing_zeros_exprt &)
Try to simplify count-trailing-zeros to a constant expression.
Definition simplify_expr.cpp:177
simplify_exprt::simplify_clz
resultt simplify_clz(const count_leading_zeros_exprt &)
Try to simplify count-leading-zeros to a constant expression.
Definition simplify_expr.cpp:151
simplify_exprt::simplify_ieee_float_relation
resultt simplify_ieee_float_relation(const binary_relation_exprt &)
Definition simplify_expr_floatbv.cpp:360
simplify_exprt::simplify_typecast_preorder
resultt simplify_typecast_preorder(const typecast_exprt &)
Definition simplify_expr.cpp:1366
simplify_exprt::simplify_sign
resultt simplify_sign(const sign_exprt &)
Definition simplify_expr.cpp:99
simplify_exprt::simplify_unary_minus
resultt simplify_unary_minus(const unary_minus_exprt &)
Definition simplify_expr_int.cpp:1264
simplify_exprt::simplify_floatbv_round_to_integral
resultt simplify_floatbv_round_to_integral(const floatbv_round_to_integral_exprt &)
Definition simplify_expr_floatbv.cpp:138
struct_exprt
Struct constructor from list of elements.
Definition std_expr.h:1877
struct_typet
Structure type, corresponds to C style structs.
Definition std_types.h:231
struct_union_typet::componentst
std::vector< componentt > componentst
Definition std_types.h:140
true_exprt
The Boolean constant true.
Definition std_expr.h:3191
typecast_exprt
Semantic type conversion.
Definition std_expr.h:2073
typecast_exprt::conditional_cast
static exprt conditional_cast(const exprt &expr, const typet &type)
Definition std_expr.h:2081
typet
The type of an expression, extends irept.
Definition type.h:29
unary_exprt
Generic base class for unary expressions.
Definition std_expr.h:361
unary_exprt::op
const exprt & op() const
Definition std_expr.h:391
unary_overflow_exprt
A Boolean expression returning true, iff operation kind would result in an overflow when applied to t...
Definition bitvector_expr.h:1180
union_exprt
Union constructor from single element.
Definition std_expr.h:1770
union_typet
The union type.
Definition c_types.h:147
unsignedbv_typet
Fixed-width bit-vector with unsigned binary interpretation.
Definition bitvector_types.h:168
update_exprt
Operator to update elements in structs and arrays.
Definition std_expr.h:2783
update_exprt::old
exprt & old()
Definition std_expr.h:2795
update_exprt::designator
exprt::operandst & designator()
Definition std_expr.h:2809
update_exprt::new_value
exprt & new_value()
Definition std_expr.h:2819
with_exprt
Operator to update elements in structs and arrays.
Definition std_expr.h:2603
with_exprt::new_value
exprt & new_value()
Definition std_expr.h:2633
with_exprt::where
exprt & where()
Definition std_expr.h:2623
with_exprt::old
exprt & old()
Definition std_expr.h:2613
isalpha
int isalpha(int c)
Definition ctype.c:9
tolower
int tolower(int c)
Definition ctype.c:109
isupper
int isupper(int c)
Definition ctype.c:90
Forall_operands
#define Forall_operands(it, expr)
Definition expr.h:27
make_boolean_expr
constant_exprt make_boolean_expr(bool value)
returns true_exprt if given true and false_exprt otherwise
Definition expr_util.cpp:308
is_not_zero
exprt is_not_zero(const exprt &src, const namespacet &ns)
converts a scalar/float expression to C/C++ Booleans
Definition expr_util.cpp:69
skip_typecast
const exprt & skip_typecast(const exprt &expr)
find the expression nested inside typecasts, if any
Definition expr_util.cpp:188
lift_if
if_exprt lift_if(const exprt &src, std::size_t operand_number)
lift up an if_exprt one level
Definition expr_util.cpp:172
has_subtype
bool has_subtype(const typet &type, const std::function< bool(const typet &)> &pred, const namespacet &ns)
returns true if any of the contained types satisfies pred
Definition expr_util.cpp:124
expr_util.h
Deprecated expression utility functions.
floatbv_expr.h
API to expression classes for floating-point arithmetic.
to_ieee_float_op_expr
const ieee_float_op_exprt & to_ieee_float_op_expr(const exprt &expr)
Cast an exprt to an ieee_float_op_exprt.
Definition floatbv_expr.h:489
to_floatbv_round_to_integral_expr
const floatbv_round_to_integral_exprt & to_floatbv_round_to_integral_expr(const exprt &expr)
Cast an exprt to a floatbv_round_to_integral_exprt.
Definition floatbv_expr.h:134
to_floatbv_typecast_expr
const floatbv_typecast_exprt & to_floatbv_typecast_expr(const exprt &expr)
Cast an exprt to a floatbv_typecast_exprt.
Definition floatbv_expr.h:68
format
static format_containert< T > format(const T &o)
Definition format.h:37
format_expr.h
id2string
const std::string & id2string(const irep_idt &d)
Definition irep.h:44
r
static int8_t r
Definition irep_hash.h:60
mathematical_expr.h
API to expression classes for 'mathematical' expressions.
to_quantifier_expr
const quantifier_exprt & to_quantifier_expr(const exprt &expr)
Cast an exprt to a quantifier_exprt.
Definition mathematical_expr.h:335
to_power_expr
const power_exprt & to_power_expr(const exprt &expr)
Cast an exprt to a power_exprt.
Definition mathematical_expr.h:137
to_function_application_expr
const function_application_exprt & to_function_application_expr(const exprt &expr)
Cast an exprt to a function_application_exprt.
Definition mathematical_expr.h:263
to_lambda_expr
const lambda_exprt & to_lambda_expr(const exprt &expr)
Cast an exprt to a lambda_exprt.
Definition mathematical_expr.h:477
string2integer
const mp_integer string2integer(const std::string &n, unsigned base)
Definition mp_arith.cpp:54
pointer_expr.h
API to expression classes for Pointers.
to_address_of_expr
const address_of_exprt & to_address_of_expr(const exprt &expr)
Cast an exprt to an address_of_exprt.
Definition pointer_expr.h:577
to_pointer_type
const pointer_typet & to_pointer_type(const typet &type)
Cast a typet to a pointer_typet.
Definition pointer_expr.h:93
to_dereference_expr
const dereference_exprt & to_dereference_expr(const exprt &expr)
Cast an exprt to a dereference_exprt.
Definition pointer_expr.h:890
to_pointer_offset_expr
const pointer_offset_exprt & to_pointer_offset_expr(const exprt &expr)
Cast an exprt to a pointer_offset_exprt.
Definition pointer_expr.h:1320
to_pointer_object_expr
const pointer_object_exprt & to_pointer_object_expr(const exprt &expr)
Cast an exprt to a pointer_object_exprt.
Definition pointer_expr.h:1378
pointer_offset_size
std::optional< mp_integer > pointer_offset_size(const typet &type, const namespacet &ns)
Compute the size of a type in bytes, rounding up to full bytes.
Definition pointer_offset_size.cpp:91
get_subexpression_at_offset
std::optional< exprt > get_subexpression_at_offset(const exprt &expr, const mp_integer &offset_bytes, const typet &target_type_raw, const namespacet &ns)
Definition pointer_offset_size.cpp:565
pointer_offset_bits
std::optional< mp_integer > pointer_offset_bits(const typet &type, const namespacet &ns)
Definition pointer_offset_size.cpp:102
member_offset
std::optional< mp_integer > member_offset(const struct_typet &type, const irep_idt &member, const namespacet &ns)
Definition pointer_offset_size.cpp:25
member_offset_expr
std::optional< exprt > member_offset_expr(const member_exprt &member_expr, const namespacet &ns)
Definition pointer_offset_size.cpp:222
pointer_offset_size.h
Pointer Logic.
pointer_offset_sum
exprt pointer_offset_sum(const exprt &a, const exprt &b)
Definition pointer_offset_sum.cpp:16
pointer_offset_sum.h
Pointer Dereferencing.
object_size
exprt object_size(const exprt &pointer)
Definition pointer_predicates.cpp:33
from_rational
constant_exprt from_rational(const rationalt &a)
Definition rational_tools.cpp:89
rational_tools.h
replace_expr
bool replace_expr(const exprt &what, const exprt &by, exprt &dest)
Definition replace_expr.cpp:12
simplify
bool simplify(exprt &expr, const namespacet &ns)
Definition simplify_expr.cpp:3363
simplify_string_compare_to
static simplify_exprt::resultt simplify_string_compare_to(const function_application_exprt &expr, const namespacet &ns)
Simplify String.compareTo function when arguments are constant.
Definition simplify_expr.cpp:327
simplify_string_contains
static simplify_exprt::resultt simplify_string_contains(const function_application_exprt &expr, const namespacet &ns)
Simplify String.contains function when arguments are constant.
Definition simplify_expr.cpp:257
simplify_string_endswith
static simplify_exprt::resultt simplify_string_endswith(const function_application_exprt &expr, const namespacet &ns)
Simplify String.endsWith function when arguments are constant.
Definition simplify_expr.cpp:229
simplify_string_char_at
static simplify_exprt::resultt simplify_string_char_at(const function_application_exprt &expr, const namespacet &ns)
Simplify String.charAt function when arguments are constant.
Definition simplify_expr.cpp:521
simplify_string_startswith
static simplify_exprt::resultt simplify_string_startswith(const function_application_exprt &expr, const namespacet &ns)
Simplify String.startsWith function when arguments are constant.
Definition simplify_expr.cpp:634
simplify_string_is_empty
static simplify_exprt::resultt simplify_string_is_empty(const function_application_exprt &expr, const namespacet &ns)
Simplify String.isEmpty function when arguments are constant.
Definition simplify_expr.cpp:302
lower_case_string_expression
static bool lower_case_string_expression(array_exprt &string_data)
Take the passed-in constant string array and lower-case every character.
Definition simplify_expr.cpp:561
simplify_string_index_of
static simplify_exprt::resultt simplify_string_index_of(const function_application_exprt &expr, const namespacet &ns, const bool search_from_end)
Simplify String.indexOf function when arguments are constant.
Definition simplify_expr.cpp:376
simplify_string_equals_ignore_case
static simplify_exprt::resultt simplify_string_equals_ignore_case(const function_application_exprt &expr, const namespacet &ns)
Simplify String.equalsIgnorecase function when arguments are constant.
Definition simplify_expr.cpp:589
simplify_expr
exprt simplify_expr(exprt src, const namespacet &ns)
Definition simplify_expr.cpp:3368
simplify_expr.h
simplify_expr_class.h
bits2expr
std::optional< exprt > bits2expr(const std::string &bits, const typet &type, bool little_endian, const namespacet &ns)
Definition simplify_utils.cpp:196
expr2bits
std::optional< std::string > expr2bits(const exprt &expr, bool little_endian, const namespacet &ns)
Definition simplify_utils.cpp:414
try_get_string_data_array
std::optional< std::reference_wrapper< const array_exprt > > try_get_string_data_array(const exprt &content, const namespacet &ns)
Get char sequence from content field of a refined string expression.
Definition simplify_utils.cpp:489
join_operands
bool join_operands(exprt &expr)
Definition simplify_utils.cpp:191
simplify_utils.h
mp_integer
BigInt mp_integer
Definition smt_terms.h:17
CHECK_RETURN
#define CHECK_RETURN(CONDITION)
Definition invariant.h:495
UNREACHABLE
#define UNREACHABLE
This should be used to mark dead code.
Definition invariant.h:525
DATA_INVARIANT
#define DATA_INVARIANT(CONDITION, REASON)
This condition should be used to document that assumptions that are made on goto_functions,...
Definition invariant.h:534
POSTCONDITION_WITH_DIAGNOSTICS
#define POSTCONDITION_WITH_DIAGNOSTICS(CONDITION,...)
Definition invariant.h:480
component
auto component(T &struct_expr, const irep_idt &name, const namespacet &ns) -> decltype(struct_expr.op0())
Definition std_expr.cpp:122
std_expr.h
API to expression classes.
to_struct_expr
const struct_exprt & to_struct_expr(const exprt &expr)
Cast an exprt to a struct_exprt.
Definition std_expr.h:1900
to_array_of_expr
const array_of_exprt & to_array_of_expr(const exprt &expr)
Cast an exprt to an array_of_exprt.
Definition std_expr.h:1603
to_binary_relation_expr
const binary_relation_exprt & to_binary_relation_expr(const exprt &expr)
Cast an exprt to a binary_relation_exprt.
Definition std_expr.h:895
to_unary_plus_expr
const unary_plus_exprt & to_unary_plus_expr(const exprt &expr)
Cast an exprt to a unary_plus_exprt.
Definition std_expr.h:556
to_index_expr
const index_exprt & to_index_expr(const exprt &expr)
Cast an exprt to an index_exprt.
Definition std_expr.h:1538
to_mod_expr
const mod_exprt & to_mod_expr(const exprt &expr)
Cast an exprt to a mod_exprt.
Definition std_expr.h:1277
to_mult_expr
const mult_exprt & to_mult_expr(const exprt &expr)
Cast an exprt to a mult_exprt.
Definition std_expr.h:1137
to_array_expr
const array_exprt & to_array_expr(const exprt &expr)
Cast an exprt to an array_exprt.
Definition std_expr.h:1665
to_typecast_expr
const typecast_exprt & to_typecast_expr(const exprt &expr)
Cast an exprt to a typecast_exprt.
Definition std_expr.h:2107
to_div_expr
const div_exprt & to_div_expr(const exprt &expr)
Cast an exprt to a div_exprt.
Definition std_expr.h:1206
to_plus_expr
const plus_exprt & to_plus_expr(const exprt &expr)
Cast an exprt to a plus_exprt.
Definition std_expr.h:1041
to_unary_expr
const unary_exprt & to_unary_expr(const exprt &expr)
Cast an exprt to a unary_exprt.
Definition std_expr.h:426
to_multi_ary_expr
const multi_ary_exprt & to_multi_ary_expr(const exprt &expr)
Cast an exprt to a multi_ary_exprt.
Definition std_expr.h:987
to_abs_expr
const abs_exprt & to_abs_expr(const exprt &expr)
Cast an exprt to a abs_exprt.
Definition std_expr.h:466
to_if_expr
const if_exprt & to_if_expr(const exprt &expr)
Cast an exprt to an if_exprt.
Definition std_expr.h:2582
to_member_expr
const member_exprt & to_member_expr(const exprt &expr)
Cast an exprt to a member_exprt.
Definition std_expr.h:3064
to_minus_expr
const minus_exprt & to_minus_expr(const exprt &expr)
Cast an exprt to a minus_exprt.
Definition std_expr.h:1086
to_complex_imag_expr
const complex_imag_exprt & to_complex_imag_expr(const exprt &expr)
Cast an exprt to a complex_imag_exprt.
Definition std_expr.h:2053
to_index_designator
const index_designatort & to_index_designator(const exprt &expr)
Cast an exprt to an index_designatort.
Definition std_expr.h:2714
to_complex_real_expr
const complex_real_exprt & to_complex_real_expr(const exprt &expr)
Cast an exprt to a complex_real_exprt.
Definition std_expr.h:2010
to_constant_expr
const constant_exprt & to_constant_expr(const exprt &expr)
Cast an exprt to a constant_exprt.
Definition std_expr.h:3173
to_not_expr
const not_exprt & to_not_expr(const exprt &expr)
Cast an exprt to an not_exprt.
Definition std_expr.h:2484
to_symbol_expr
const symbol_exprt & to_symbol_expr(const exprt &expr)
Cast an exprt to a symbol_exprt.
Definition std_expr.h:272
to_with_expr
const with_exprt & to_with_expr(const exprt &expr)
Cast an exprt to a with_exprt.
Definition std_expr.h:2661
to_complex_expr
const complex_exprt & to_complex_expr(const exprt &expr)
Cast an exprt to a complex_exprt.
Definition std_expr.h:1965
to_update_expr
const update_exprt & to_update_expr(const exprt &expr)
Cast an exprt to an update_exprt.
Definition std_expr.h:2866
to_unary_minus_expr
const unary_minus_exprt & to_unary_minus_expr(const exprt &expr)
Cast an exprt to a unary_minus_exprt.
Definition std_expr.h:514
to_sign_expr
const sign_exprt & to_sign_expr(const exprt &expr)
Cast an exprt to a sign_exprt.
Definition std_expr.h:621
is_constant
bool is_constant(const typet &type)
This method tests, if the given typet is a constant.
Definition std_types.h:29
to_struct_type
const struct_typet & to_struct_type(const typet &type)
Cast a typet to a struct_typet.
Definition std_types.h:308
to_struct_tag_type
const struct_tag_typet & to_struct_tag_type(const typet &type)
Cast a typet to a struct_tag_typet.
Definition std_types.h:518
to_array_type
const array_typet & to_array_type(const typet &type)
Cast a typet to an array_typet.
Definition std_types.h:888
string_expr.h
String expressions for the string solver.
to_string_expr
refined_string_exprt & to_string_expr(exprt &expr)
Definition string_expr.h:151
configt::ansi_ct::endiannesst::IS_BIG_ENDIAN
@ IS_BIG_ENDIAN
configt::ansi_ct::endiannesst::IS_LITTLE_ENDIAN
@ IS_LITTLE_ENDIAN
irep_full_eq
Definition irep.h:487
irep_full_hash
Definition irep.h:478
simplify_exprt::resultt
Definition simplify_expr_class.h:108
failed
static bool failed(bool error_indicator)
Definition symtab2gb_parse_options.cpp:41
to_type_with_subtype
const type_with_subtypet & to_type_with_subtype(const typet &type)
Definition type.h:208
size_type
#define size_type
Definition unistd.c:186