Replace asserts and throws under goto-symex

src/goto-symex/build_goto_trace.cpp

@@ -91,8 +91,10 @@ exprt build_full_lhs_rec(
   else if(id==ID_byte_extract_little_endian ||
           id==ID_byte_extract_big_endian)
   {
+  	DATA_INVARIANT(
+    	src_original.operands().size() == 2,
+    	"byte extract expressions require two operands");
     exprt tmp=src_original;
-    assert(tmp.operands().size()==2);
     tmp.op0()=build_full_lhs_rec(prop_conv, ns, tmp.op0(), src_ssa.op0());
 
     // re-write into big case-split
@@ -222,7 +224,7 @@ void build_goto_trace(
       else if(it->is_atomic_end() && current_time<0)
         current_time*=-1;
 
-      assert(current_time>=0);
+      INVARIANT(current_time>=0, "time keeping inconsistency");
       // move any steps gathered in an atomic section
 
       if(time_before<0)

src/goto-symex/goto_symex_state.cpp

@@ -51,8 +51,7 @@ void goto_symex_statet::level0t::operator()(
 
   const symbolt *s;
   const bool found_l0 = !ns.lookup(obj_identifier, s);
-  DATA_INVARIANT(
-    found_l0, "level0: failed to find " + id2string(obj_identifier));
+  INVARIANT(found_l0, "level0: failed to find " + id2string(obj_identifier));
 
   // don't rename shared variables or functions
   if(s->type.id()==ID_code ||
@@ -187,8 +186,9 @@ bool goto_symex_statet::constant_propagation_reference(const exprt &expr) const
   }
   else if(expr.id()==ID_member)
   {
-    if(expr.operands().size()!=1)
-      throw "member expects one operand";
+    DATA_INVARIANT(
+    	expr.operands().size() == 1,
+    	"member expression expects one operand");
 
     return constant_propagation_reference(expr.op0());
   }
@@ -496,11 +496,12 @@ void goto_symex_statet::rename(
   else if(expr.id()==ID_address_of)
   {
     DATA_INVARIANT(
-      expr.operands().size() == 1, "address_of should have a single operand");
-    rename_address(expr.op0(), ns, level);
+    	expr.type().id() == ID_pointer,
+    	"type of expression required to be pointer");
     DATA_INVARIANT(
-      expr.type().id() == ID_pointer,
-      "type of address_of should be ID_pointer");
+    	expr.operands().size() == 1,
+    	"address_of should have a single operand");
+    rename_address(expr.op0(), ns, level);
     expr.type().subtype()=expr.op0().type();
   }
   else

src/goto-symex/memory_model_pso.cpp

@@ -30,8 +30,8 @@ bool memory_model_psot::program_order_is_relaxed(
   partial_order_concurrencyt::event_it e1,
   partial_order_concurrencyt::event_it e2) const
 {
-  assert(e1->is_shared_read() || e1->is_shared_write());
-  assert(e2->is_shared_read() || e2->is_shared_write());
+  PRECONDITION(e1->is_shared_read() || e1->is_shared_write());
+  PRECONDITION(e2->is_shared_read() || e2->is_shared_write());
 
   // no po relaxation within atomic sections
   if(e1->atomic_section_id!=0 &&

src/goto-symex/memory_model_sc.cpp

@@ -36,8 +36,8 @@ bool memory_model_sct::program_order_is_relaxed(
   partial_order_concurrencyt::event_it e1,
   partial_order_concurrencyt::event_it e2) const
 {
-  assert(e1->is_shared_read() || e1->is_shared_write());
-  assert(e2->is_shared_read() || e2->is_shared_write());
+  PRECONDITION(e1->is_shared_read() || e1->is_shared_write());
+  PRECONDITION(e2->is_shared_read() || e2->is_shared_write());
 
   return false;
 }

src/goto-symex/memory_model_tso.cpp

@@ -39,8 +39,8 @@ bool memory_model_tsot::program_order_is_relaxed(
   partial_order_concurrencyt::event_it e1,
   partial_order_concurrencyt::event_it e2) const
 {
-  assert(e1->is_shared_read() || e1->is_shared_write());
-  assert(e2->is_shared_read() || e2->is_shared_write());
+  PRECONDITION(e1->is_shared_read() || e1->is_shared_write());
+  PRECONDITION(e2->is_shared_read() || e2->is_shared_write());
 
   // no po relaxation within atomic sections
   if(e1->atomic_section_id!=0 &&

src/goto-symex/partial_order_concurrency.cpp

@@ -142,8 +142,8 @@ symbol_exprt partial_order_concurrencyt::clock(
   event_it event,
   axiomt axiom)
 {
+	PRECONDITION(!numbering.empty());
   irep_idt identifier;
-  assert(!numbering.empty());
 
   if(event->is_shared_write())
     identifier=rw_clock_id(event, axiom);
@@ -163,7 +163,7 @@ symbol_exprt partial_order_concurrencyt::clock(
 
 void partial_order_concurrencyt::build_clock_type()
 {
-  assert(!numbering.empty());
+  PRECONDITION(!numbering.empty());
 
   std::size_t width = address_bits(numbering.size());
   clock_type = unsignedbv_typet(width);
@@ -198,7 +198,7 @@ exprt partial_order_concurrencyt::before(
         binary_relation_exprt(clock(e1, ax), ID_lt, clock(e2, ax)));
   }
 
-  assert(!ops.empty());
+  POSTCONDITION(!ops.empty());
 
   return conjunction(ops);
 }

src/goto-symex/postcondition.cpp

@@ -76,20 +76,22 @@ bool postconditiont::is_used_address_of(
   }
   else if(expr.id()==ID_index)
   {
-    assert(expr.operands().size()==2);
-
+    DATA_INVARIANT(
+    	expr.operands().size() == 2, "index expression should have two operands");
     return
       is_used_address_of(expr.op0(), identifier) ||
       is_used(expr.op1(), identifier);
   }
   else if(expr.id()==ID_member)
   {
-    assert(expr.operands().size()==1);
+    DATA_INVARIANT(
+    	expr.operands().size() == 1, "member expression should only have one operand");
     return is_used_address_of(expr.op0(), identifier);
   }
   else if(expr.id()==ID_dereference)
   {
-    assert(expr.operands().size()==1);
+    DATA_INVARIANT(
+    	expr.operands().size() == 1, "dereference expression should only have one operand");
     return is_used(expr.op0(), identifier);
   }
 
@@ -155,7 +157,9 @@ bool postconditiont::is_used(
   if(expr.id()==ID_address_of)
   {
     // only do index!
-    assert(expr.operands().size()==1);
+    DATA_INVARIANT(
+    	expr.operands().size() == 1,
+    	"address_of expression expected to have one operand at this point");
     return is_used_address_of(expr.op0(), identifier);
   }
   else if(expr.id()==ID_symbol &&
@@ -169,7 +173,9 @@ bool postconditiont::is_used(
   }
   else if(expr.id()==ID_dereference)
   {
-    assert(expr.operands().size()==1);
+    DATA_INVARIANT(
+    	expr.operands().size() == 1,
+    	"dereference expression expected to have one operand");
 
     // aliasing may happen here
 

src/goto-symex/precondition.cpp

@@ -78,18 +78,21 @@ void preconditiont::compute_address_of(exprt &dest)
   }
   else if(dest.id()==ID_index)
   {
-    assert(dest.operands().size()==2);
+    DATA_INVARIANT(
+    	dest.operands().size() == 2, "index expression expected to have two operands");
     compute_address_of(dest.op0());
     compute(dest.op1());
   }
   else if(dest.id()==ID_member)
   {
-    assert(dest.operands().size()==1);
+    DATA_INVARIANT(
+    	dest.operands().size() == 1, "member expression expected to have one operand");
     compute_address_of(dest.op0());
   }
   else if(dest.id()==ID_dereference)
   {
-    assert(dest.operands().size()==1);
+    DATA_INVARIANT(
+    	dest.operands().size() == 1, "dereference expression expected to have 1 operand");
     compute(dest.op0());
   }
 }
@@ -104,12 +107,16 @@ void preconditiont::compute_rec(exprt &dest)
   if(dest.id()==ID_address_of)
   {
     // only do index!
-    assert(dest.operands().size()==1);
+    DATA_INVARIANT(
+    	dest.operands().size() == 1,
+    	"address_of expression expected to have one operand at this point");
     compute_address_of(dest.op0());
   }
   else if(dest.id()==ID_dereference)
   {
-    assert(dest.operands().size()==1);
+    DATA_INVARIANT(
+    	dest.operands().size() == 1,
+    	"dereference expression expected to have one operand at this point");
 
     const irep_idt &lhs_identifier=SSA_step.ssa_lhs.get_object_name();
 

src/goto-symex/slice.cpp

@@ -112,7 +112,7 @@ void symex_slicet::slice(symex_target_equationt::SSA_stept &SSA_step)
 void symex_slicet::slice_assignment(
   symex_target_equationt::SSA_stept &SSA_step)
 {
-  assert(SSA_step.ssa_lhs.id()==ID_symbol);
+  PRECONDITION(SSA_step.ssa_lhs.id() == ID_symbol);
   const irep_idt &id=SSA_step.ssa_lhs.get_identifier();
 
   if(depends.find(id)==depends.end())
@@ -127,7 +127,7 @@ void symex_slicet::slice_assignment(
 void symex_slicet::slice_decl(
   symex_target_equationt::SSA_stept &SSA_step)
 {
-  assert(SSA_step.ssa_lhs.id()==ID_symbol);
+  PRECONDITION(SSA_step.ssa_lhs.id() == ID_symbol);
   const irep_idt &id=SSA_step.ssa_lhs.get_identifier();
 
   if(depends.find(id)==depends.end())

src/goto-symex/slice_by_trace.cpp

@@ -79,6 +79,13 @@ void symex_slice_by_tracet::slice_by_trace(
   {
     exprt g_copy(*i);
 
+    DATA_INVARIANT(
+    	g_copy.id() == ID_symbol || 
+    	g_copy.id() == ID_not ||
+    	g_copy.id() == ID_and ||
+    	g_copy.id() == ID_constant,
+    	"guards should only be and, symbol, constant, or `not'");
+
     if(g_copy.id()==ID_symbol || g_copy.id() == ID_not)
     {
       g_copy.make_not();
@@ -92,10 +99,6 @@ void symex_slice_by_tracet::slice_by_trace(
       simplify(copy_last, ns);
       implications.insert(copy_last);
     }
-    else if(!(g_copy.id()==ID_constant))
-    {
-      throw "guards should only be and, symbol, constant, or `not'";
-    }
   }
 
   slice_SSA_steps(equation, implications); // Slice based on implications
@@ -219,9 +222,9 @@ void symex_slice_by_tracet::parse_events(std::string read_line)
     const std::string::size_type vnext=read_line.find(",", vidx);
     std::string event=read_line.substr(vidx, vnext - vidx);
     eis.insert(event);
-    if((!alphabet.empty()) &&
-       ((alphabet.count(event)!=0)!=alphabet_parity))
-      throw "trace uses symbol not in alphabet: "+event;
+    PRECONDITION(!alphabet.empty());
+    INVARIANT((alphabet.count(event) != 0) == alphabet_parity, 
+    	"trace uses symbol not in alphabet: " + event);
     if(vnext==std::string::npos)
       break;
     vidx=vnext;